51 lines
1.2 KiB
PHP
51 lines
1.2 KiB
PHP
<?php
|
|
class PatternModule extends ScannerModule {
|
|
var $filters = array(
|
|
array(
|
|
'type' => PHPPARSER_EXPRESSION,
|
|
'desc' => 'Echoing Sql',
|
|
'level' => FAULT_MEDIUM,
|
|
'pattern' => '/echo[\(\s].*?\$sql/i'
|
|
),
|
|
array(
|
|
'type' => PHPPARSER_LANGUAGE_CONSTRUCT,
|
|
'desc' => 'Evil Eval',
|
|
'level' => FAULT_MEDIUM,
|
|
'pattern' => '/^eval$/i'
|
|
),
|
|
array(
|
|
'type' => PHPPARSER_FUNCTION_CALL,
|
|
'desc' => 'PRINT_R or VAR_DUMP',
|
|
'level' => FAULT_MEDIUM,
|
|
'pattern' => '/^(print_r|var_dump)$/i'
|
|
),
|
|
array(
|
|
'type' => PHPPARSER_EXPRESSION,
|
|
'desc' => 'Developer Email',
|
|
'level' => FAULT_MINOR,
|
|
'pattern' => '/(?<!dev|qa)@payquik\.com/'
|
|
),
|
|
array(
|
|
'type' => PHPPARSER_FUNCTION_CALL,
|
|
'desc' => 'Deprecated Function',
|
|
'level' => FAULT_MINOR,
|
|
'pattern' => '/^(error_to_log)$/i'
|
|
),
|
|
);
|
|
|
|
function PatternModule() {
|
|
$this->ScannerModule();
|
|
}
|
|
function parserCallback( $object ) {
|
|
foreach( $this->filters as $filter ) {
|
|
if( $object['type'] == $filter['type'] ) {
|
|
if( preg_match( $filter['pattern'], $object['name'] ) > 0 ) {
|
|
$this->fault( $object, $filter['level'], "Triggered Filter '{$filter['desc']}'" );
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
addModule( new PatternModule() );
|
|
?>
|