mirror of
https://github.com/scr34m/php-malware-scanner.git
synced 2026-06-16 12:30:35 +00:00
Added new argument to display matching pattern's line number in the file.
This commit is contained in:
@@ -30,6 +30,7 @@ Usage: php scan.php -d <directory>
|
|||||||
-s --no-stop Continue scanning file after first hit
|
-s --no-stop Continue scanning file after first hit
|
||||||
-p --pattern Show Patterns next to the file name
|
-p --pattern Show Patterns next to the file name
|
||||||
-t --time Show time of last file change
|
-t --time Show time of last file change
|
||||||
|
--line-number Display matching pattner line number in file
|
||||||
```
|
```
|
||||||
|
|
||||||
Ignore argument could be used multiple times and accept glob style matching ex.: "`cache*`", "`??-cache.php`" or "`/cache`" etc.
|
Ignore argument could be used multiple times and accept glob style matching ex.: "`cache*`", "`??-cache.php`" or "`/cache`" etc.
|
||||||
|
|||||||
48
scan.php
48
scan.php
@@ -37,6 +37,7 @@ class MalwareScanner
|
|||||||
private $flagTime = false;
|
private $flagTime = false;
|
||||||
private $flagExtraCheck = false;
|
private $flagExtraCheck = false;
|
||||||
private $flagFollowSymlink = false;
|
private $flagFollowSymlink = false;
|
||||||
|
private $flagLineNumber = false;
|
||||||
private $whitelist = array();
|
private $whitelist = array();
|
||||||
private $ignore = array();
|
private $ignore = array();
|
||||||
private $stat = array(
|
private $stat = array(
|
||||||
@@ -197,7 +198,8 @@ class MalwareScanner
|
|||||||
'no-color',
|
'no-color',
|
||||||
'no-stop',
|
'no-stop',
|
||||||
'pattern',
|
'pattern',
|
||||||
'time'
|
'time',
|
||||||
|
'line-number'
|
||||||
)
|
)
|
||||||
);
|
);
|
||||||
|
|
||||||
@@ -263,6 +265,9 @@ class MalwareScanner
|
|||||||
if (isset($options['time']) || isset($options['t'])) {
|
if (isset($options['time']) || isset($options['t'])) {
|
||||||
$this->setFlagTime(true);
|
$this->setFlagTime(true);
|
||||||
}
|
}
|
||||||
|
if (isset($options['line-number'])) {
|
||||||
|
$this->setFlagLineNumber(true);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
public function setExtensions(array $a)
|
public function setExtensions(array $a)
|
||||||
@@ -301,6 +306,11 @@ class MalwareScanner
|
|||||||
$this->flagTime = $b;
|
$this->flagTime = $b;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function setFlagLineNumber($b)
|
||||||
|
{
|
||||||
|
$this->flagLineNumber = $b;
|
||||||
|
}
|
||||||
|
|
||||||
public function setFlagBase64($b)
|
public function setFlagBase64($b)
|
||||||
{
|
{
|
||||||
$this->flagBase64 = $b;
|
$this->flagBase64 = $b;
|
||||||
@@ -367,7 +377,7 @@ class MalwareScanner
|
|||||||
-Pattern Matched
|
-Pattern Matched
|
||||||
-The last comment to appear in the pattern file before this pattern
|
-The last comment to appear in the pattern file before this pattern
|
||||||
*/
|
*/
|
||||||
private function printPath(&$found, &$path, &$pattern, &$comment, &$hash)
|
private function printPath($found, $path, $pattern, $comment, $hash, $lineNumber)
|
||||||
{
|
{
|
||||||
$output_string = '# ';
|
$output_string = '# ';
|
||||||
|
|
||||||
@@ -414,15 +424,18 @@ class MalwareScanner
|
|||||||
//'#' added again as code snippets have the potential to be valid shell commands
|
//'#' added again as code snippets have the potential to be valid shell commands
|
||||||
if ($found) {
|
if ($found) {
|
||||||
if ($this->flagPattern) {
|
if ($this->flagPattern) {
|
||||||
$opatt = "# $pattern ";
|
$opatt = "# $pattern";
|
||||||
$output_string = $output_string . $state_color . $opatt . $this->ANSI_OFF;
|
$output_string = $output_string . $state_color . $opatt . $this->ANSI_OFF . ' ';
|
||||||
}
|
}
|
||||||
if ($this->flagComments) {
|
if ($this->flagComments) {
|
||||||
$output_string = $output_string . $this->ANSI_BLUE . $comment . $this->ANSI_OFF;
|
$output_string = $output_string . $this->ANSI_BLUE . $comment . $this->ANSI_OFF . ' ';
|
||||||
|
}
|
||||||
|
if ($this->flagLineNumber) {
|
||||||
|
$output_string = $output_string . '# ' . $lineNumber;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
$output_string = $output_string . PHP_EOL;
|
$output_string = trim($output_string) . PHP_EOL;
|
||||||
|
|
||||||
echo $output_string;
|
echo $output_string;
|
||||||
}
|
}
|
||||||
@@ -516,7 +529,7 @@ class MalwareScanner
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (!$found) {
|
if (!$found) {
|
||||||
$this->printPath($found, $path, $toSearch, $comment, $hash);
|
$this->printPath($found, $path, $toSearch, $comment, $hash, -1);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -532,14 +545,14 @@ class MalwareScanner
|
|||||||
//Returns true if the raw string exists in the file contents.
|
//Returns true if the raw string exists in the file contents.
|
||||||
private function scanFunc_STR(&$pattern, &$content)
|
private function scanFunc_STR(&$pattern, &$content)
|
||||||
{
|
{
|
||||||
return (strpos($content, $pattern) !== false);
|
return strpos($content, $pattern);
|
||||||
}
|
}
|
||||||
|
|
||||||
//Performs raw string, case insensitive matching.
|
//Performs raw string, case insensitive matching.
|
||||||
//Returns true if the raw string exists in the file contents, ignoring case.
|
//Returns true if the raw string exists in the file contents, ignoring case.
|
||||||
private function scanFunc_STRI(&$pattern, &$content)
|
private function scanFunc_STRI(&$pattern, &$content)
|
||||||
{
|
{
|
||||||
return (stripos($content, $pattern) !== false);
|
return stripos($content, $pattern);
|
||||||
}
|
}
|
||||||
|
|
||||||
//Performs regular expression matching.
|
//Performs regular expression matching.
|
||||||
@@ -547,7 +560,11 @@ class MalwareScanner
|
|||||||
//Patterns will match multiple lines, though you can use ^$ to match the beginning and end of a line.
|
//Patterns will match multiple lines, though you can use ^$ to match the beginning and end of a line.
|
||||||
private function scanFunc_RE(&$pattern, &$content)
|
private function scanFunc_RE(&$pattern, &$content)
|
||||||
{
|
{
|
||||||
return preg_match('/' . $pattern . '/im', $content);
|
$ret = preg_match('/' . $pattern . '/im', $content, $match, PREG_OFFSET_CAPTURE);
|
||||||
|
if ($ret) {
|
||||||
|
return $match[0][1];
|
||||||
|
}
|
||||||
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
//First parameter '$scanFunction' is a defined function name passed as a string.
|
//First parameter '$scanFunction' is a defined function name passed as a string.
|
||||||
@@ -563,12 +580,19 @@ class MalwareScanner
|
|||||||
foreach ($patterns as $pattern => $comment) {
|
foreach ($patterns as $pattern => $comment) {
|
||||||
//Call the function that is named in $scanFunction
|
//Call the function that is named in $scanFunction
|
||||||
//This allows multiple search/match functions to be used without duplicating the loop code.
|
//This allows multiple search/match functions to be used without duplicating the loop code.
|
||||||
if ($this->$scanFunction($pattern, $fileContent)) {
|
$position = $this->$scanFunction($pattern, $fileContent);
|
||||||
|
if ($position !== false) {
|
||||||
$found = true;
|
$found = true;
|
||||||
if ($hash === '') {
|
if ($hash === '') {
|
||||||
$hash = md5($fileContent);
|
$hash = md5($fileContent);
|
||||||
}
|
}
|
||||||
$this->printPath($found, $path, $pattern, $comment, $hash);
|
$lineNumber = 1;
|
||||||
|
if ($this->flagLineNumber) {
|
||||||
|
if ($pos = strrpos(substr($fileContent, 0, $position), "\n")) {
|
||||||
|
$lineNumber = substr_count(substr($fileContent, 0, $pos + 1), "\n") + 1;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
$this->printPath($found, $path, $pattern, $comment, $hash, $lineNumber);
|
||||||
if (!$this->flagNoStop) {
|
if (!$this->flagNoStop) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user