From 072189bd8e22d0b3427082b344bc1e776f10a9c5 Mon Sep 17 00:00:00 2001 From: Gabor Gyorvari Date: Fri, 2 Mar 2018 19:28:03 +0100 Subject: [PATCH] Few improvements to make library like behaving to be composer friendly --- composer.json | 21 +++++++ scan.php | 148 +++++++++++++++++++++++++++++++++++++------------- 2 files changed, 131 insertions(+), 38 deletions(-) create mode 100644 composer.json diff --git a/composer.json b/composer.json new file mode 100644 index 0000000..d5c97d4 --- /dev/null +++ b/composer.json @@ -0,0 +1,21 @@ +{ + "name": "scr34m/php-malware-scanner", + "description": "Scans PHP files for malwares and known threats", + "license": "GPL-3.0", + "repositories": [ + { + "type": "package", + "package": { + "name": "scr34m/php-malware-scanner", + "version": "dev-master", + "source": { + "url": "git://github.com:scr34m/php-malware-scanner.git", + "type": "git", + "reference": "master" + }, + "autoload": { + } + } + } + ] +} \ No newline at end of file diff --git a/scan.php b/scan.php index 6d0a46f..55c27ea 100644 --- a/scan.php +++ b/scan.php @@ -26,7 +26,7 @@ class MalwareScanner private $ANSI_OFF = "\033[0m"; private $dir = ''; - private $extension = array ('.php'); + private $extension = array('.php'); private $flagBase64 = false; private $flagChecksum = false; private $flagComments = false; @@ -52,14 +52,28 @@ class MalwareScanner private $patterns_b64functions = array(); private $patterns_b64keywords = array(); - //Constructor - Likes to do as little as possible. - public function __construct() + /** + * MalwareScanner constructor. + * + * @param bool $cli defines its calling from commandline or using as a library, default is true + */ + public function __construct($cli = true) { - //Read Run Options - $this->parseArgs(); + if ($cli === true) { + //Read Run Options + $this->parseArgs(); - //Initiate Scan - $this->run($this->dir); + //Make sure a directory was specified. + if ($this->dir === '') { + $this->error('No directory specified'); + exit(-1); + } + + //Initiate Scan + if (!$this->run($this->dir)) { + exit(-1); + } + } } //Allows the -n/--no-color flag to easily remove color characters. @@ -79,7 +93,6 @@ class MalwareScanner echo $this->ANSI_RED . 'Error: ' . $msg . $this->ANSI_OFF . PHP_EOL; $this->showHelp(); echo PHP_EOL . $this->ANSI_RED . 'Quiting' . PHP_EOL; - exit(-1); } //Handles pattern loading and saving to the class object @@ -203,61 +216,121 @@ class MalwareScanner if (!is_array($a)) { $a = array($a); } - $this->extension = array(); - foreach ($a as $ext) { - if ($ext[0] != '.') { - $ext = '.' . $ext; - } - $this->extension[] = strtolower($ext); - } + $this->setExtensions($a); } if (isset($options['ignore']) || isset($options['i'])) { $tmp = isset($options['ignore']) ? $options['ignore'] : $options['i']; - $this->ignore = is_array($tmp) ? $tmp : array($tmp); + $this->setIgnore(is_array($tmp) ? $tmp : array($tmp)); } //Simple Flag Options if (isset($options['all-output']) || isset($options['a'])) { - $this->flagChecksum = true; - $this->flagComments = true; - $this->flagPattern = true; - $this->flagTime = true; + $this->setFlagChecksum(true); + $this->setFlagComments(true); + $this->setFlagPattern(true); + $this->setFlagTime(true); } if (isset($options['base64']) || isset($options['b'])) { - $this->flagBase64 = true; + $this->setFlagBase64(true); } if (isset($options['checksum']) || isset($options['m'])) { - $this->flagChecksum = true; + $this->setFlagChecksum(true); } if (isset($options['comment']) || isset($options['c'])) { - $this->flagComments = true; + $this->setFlagComments(true); } if (isset($options['extra-check']) || isset($options['x'])) { - $this->extraCheck = true; + $this->setFlagExtraCheck(true); } if (isset($options['follow-symlink']) || isset($options['l'])) { - $this->followSymlink = true; + $this->setFlagFollowSymlink(true); } if (isset($options['hide-ok']) || isset($options['k'])) { - $this->flagHideOk = true; + $this->setFlagHideOk(true); } if (isset($options['hide-whitelist']) || isset($options['w'])) { - $this->flagHideWhitelist = true; + $this->setFlagHideWhitelist(true); } if (isset($options['no-color']) || isset($options['n'])) { $this->disableColor(); } if (isset($options['no-stop']) || isset($options['s'])) { - $this->flagNoStop = true; + $this->setFlagNoStop(true); } if (isset($options['pattern']) || isset($options['p'])) { - $this->flagPattern = true; + $this->setFlagPattern(true); } if (isset($options['time']) || isset($options['t'])) { - $this->flagTime = true; + $this->setFlagTime(true); } } + public function setExtensions(array $a) + { + $this->extension = array(); + foreach ($a as $ext) { + if ($ext[0] != '.') { + $ext = '.' . $ext; + } + $this->extension[] = strtolower($ext); + } + } + + public function setIgnore(array $a) + { + $this->ignore = $a; + } + + public function setFlagChecksum($b) + { + $this->flagChecksum = $b; + } + + public function setFlagComments($b) + { + $this->flagComments = $b; + } + + public function setFlagPattern($b) + { + $this->flagPattern = $b; + } + + public function setFlagTime($b) + { + $this->flagTime = $b; + } + + public function setFlagBase64($b) + { + $this->flagBase64 = $b; + } + + public function setFlagExtraCheck($b) + { + $this->extraCheck = $b; + } + + public function setFlagFollowSymlink($b) + { + $this->followSymlink = $b; + } + + public function setFlagHideOk($b) + { + $this->flagHideOk = $b; + } + + public function setFlagHideWhitelist($b) + { + $this->flagHideWhitelist = $b; + } + + public function setFlagNoStop($b) + { + $this->flagNoStop = $b; + } + // @see http://stackoverflow.com/a/13914119 private function pathMatches($path, $pattern, $ignoreCase = false) { @@ -401,17 +474,13 @@ class MalwareScanner //Validates the input directory //Calls the load pattern and load whitelist functions //Calls the process and report functions. - private function run($dir) + public function run($dir) { - //Make sure a directory was specified. - if ($this->dir === '') { - $this->error('No directory specified'); - } - //Make sure the input is a valid directory path. $dir = rtrim($dir, '/'); if (!is_dir($dir)) { $this->error('Specified path is not a directory: ' . $dir); + return false; } //Load Patterns @@ -423,6 +492,7 @@ class MalwareScanner $start = time(); $this->process($dir . '/'); $this->report($start, $dir . '/'); + return true; } //Loads target file contents for scanning @@ -531,5 +601,7 @@ class MalwareScanner } -//Creates a new MalwareScanner object which does all the work. -new MalwareScanner(); \ No newline at end of file +// script it's self called and not included +if (isset($argv[0]) && realpath($argv[0]) == realpath(__FILE__)) { + new MalwareScanner(); +}