From 19589b831189809befdb83229a358967929f402c Mon Sep 17 00:00:00 2001 From: nichogenius Date: Tue, 15 Aug 2017 12:03:19 -0600 Subject: [PATCH] Added long single line PHP code pattern One common tactic is to shove all of your PHP code into a single line, often contained within its own PHP tags, and drop it into any .php file that you want. This pattern should detect if more than 750 characters are contained within PHP tags on a single line. --- patterns_re.txt | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/patterns_re.txt b/patterns_re.txt index fffaf34..727881e 100644 --- a/patterns_re.txt +++ b/patterns_re.txt @@ -29,3 +29,7 @@ chr\s*\(\s*['"]?\s*((95)|(0[Xx]5[Ff]))\s*['"]?\s*\) #Detects generic base64 strings longer than 260 characters enclosed in quotes ending with 0-3 '=' chars. #260 was a threshold chosen because strings of 256 characters are common enough. Might increase later to reduce false positives. ['"][A-Za-z0-9+\/]{260,}={0,3}['"] + +#Detects long single lines contained within PHP tags. +#We can increase from 750 later if we need to. +^.*<\?php.{750,}\?>.*$