46 lines
1 KiB
PHP
46 lines
1 KiB
PHP
|
<?php
|
||
|
class PatternModule extends ScannerModule {
|
||
|
var $filters = array(
|
||
|
array(
|
||
|
'type' => PHPPARSER_EXPRESSION,
|
||
|
'desc' => 'Echoing Sql',
|
||
|
'level' => FAULT_MEDIUM,
|
||
|
'pattern' => '/echo[\(\s].*?\$sql/i'
|
||
|
),
|
||
|
array(
|
||
|
'type' => PHPPARSER_LANGUAGE_CONSTRUCT,
|
||
|
'desc' => 'Evil Eval',
|
||
|
'level' => FAULT_MEDIUM,
|
||
|
'pattern' => '/^eval$/i'
|
||
|
),
|
||
|
array(
|
||
|
'type' => PHPPARSER_FUNCTION_CALL,
|
||
|
'desc' => 'PRINT_R or VAR_DUMP',
|
||
|
'level' => FAULT_MEDIUM,
|
||
|
'pattern' => '/^(print_r|var_dump)$/i'
|
||
|
),
|
||
|
array(
|
||
|
'type' => PHPPARSER_EXPRESSION,
|
||
|
'desc' => 'Developer Email',
|
||
|
'level' => FAULT_MINOR,
|
||
|
'pattern' => '/(?<!dev|qa)@payquik\.com/'
|
||
|
),
|
||
|
);
|
||
|
|
||
|
function PatternModule() {
|
||
|
$this->ScannerModule();
|
||
|
}
|
||
|
function parserCallback( $object ) {
|
||
|
foreach( $this->filters as $filter ) {
|
||
|
if( $object['type'] == $filter['type'] ) {
|
||
|
if( preg_match( $filter['pattern'], $object['name'] ) > 0 ) {
|
||
|
$this->fault( $object, $filter['level'], "Triggered Filter '{$filter['desc']}'" );
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
|
||
|
$modules[] = new PatternModule();
|
||
|
?>
|