Fix double whitelist checks

2026-06-16 12:30:35 +00:00 · 2018-12-10 21:59:02 +01:00
parent ed5bc006e4
commit e61092bc24
1 changed files with 11 additions and 14 deletions
--- a/scan.php
+++ b/scan.php
@@ -428,19 +428,20 @@ class MalwareScanner
     * @param $comment
     * @param $hash
     * @param $lineNumber
+     * @param bool $inWhitelist
     */
-    private function printPath($found, $path, $pattern, $comment, $hash, $lineNumber)
+    private function printPath($found, $path, $pattern, $comment, $hash, $lineNumber, $inWhitelist = false)
    {
        $default_format = '%S ';

-        if (!$found) {
+        if (!$found && !$inWhitelist) {
            if ($this->flagHideOk) {
                return;
            }
            $state = 'OK';
            $hash = '                                ';
            $state_color = $this->ANSI_GREEN;
-        } elseif ($this->inWhitelist($hash)) {
+        } elseif ($inWhitelist) {
            if ($this->flagHideWhitelist) {
                return;
            }
@@ -588,11 +589,14 @@ class MalwareScanner
        $this->stat['files_scanned']++;
        $fileContent = file_get_contents($path);
        $found = false;
-        $hash = '';
+        $inWhitelist = false;
+        $hash = md5($fileContent);
        $toSearch = '';
        $comment = '';

-        if (!$this->flagBase64) {
+        if ($this->inWhitelist($hash)) {
+            $inWhitelist = true;
+        } elseif (!$this->flagBase64) {
            $this->scanLoop('scanFunc_STR', $fileContent, $this->patterns_raw, $path, $found, $hash);
            $this->scanLoop('scanFunc_STRI', $fileContent, $this->patterns_iraw, $path, $found, $hash);
            $this->scanLoop('scanFunc_RE', $fileContent, $this->patterns_re, $path, $found, $hash);
@@ -602,11 +606,7 @@ class MalwareScanner
        }

        if (!$found) {
-            $this->printPath($found, $path, $toSearch, $comment, $hash, 0);
-            return false;
-        }
-
-        if ($found && $this->inWhitelist($hash)) {
+            $this->printPath($found, $path, $toSearch, $comment, $hash, 0, $inWhitelist);
            return false;
        }

@@ -647,7 +647,7 @@ class MalwareScanner

    //Loops through all patterns in a file using the passed function name to determine a match.
    //Variables passed by reference for performance and modification access.
-    private function scanLoop($scanFunction, &$fileContent, &$patterns, &$path, &$found, &$hash)
+    private function scanLoop($scanFunction, &$fileContent, &$patterns, &$path, &$found, $hash)
    {
        if (!$found || $this->flagNoStop) {
            foreach ($patterns as $pattern => $comment) {
@@ -656,9 +656,6 @@ class MalwareScanner
                $position = $this->$scanFunction($pattern, $fileContent);
                if ($position !== false) {
                    $found = true;
-                    if ($hash === '') {
-                        $hash = md5($fileContent);
-                    }
                    $lineNumber = 0;
                    if ($this->flagLineNumber) {
                        if ($pos = strrpos(substr($fileContent, 0, $position), "\n")) {