From e61092bc243e04773a9a2ea2191989b65091d210 Mon Sep 17 00:00:00 2001
From: Gabor Gyorvari <scr34m@gmail.com>
Date: Mon, 10 Dec 2018 21:59:02 +0100
Subject: [PATCH] Fix double whitelist checks

---
 scan.php | 25 +++++++++++--------------
 1 file changed, 11 insertions(+), 14 deletions(-)

diff --git a/scan.php b/scan.php
index 14e2144..bc82b0d 100644
--- a/scan.php
+++ b/scan.php
@@ -428,19 +428,20 @@ class MalwareScanner
      * @param $comment
      * @param $hash
      * @param $lineNumber
+     * @param bool $inWhitelist
      */
-    private function printPath($found, $path, $pattern, $comment, $hash, $lineNumber)
+    private function printPath($found, $path, $pattern, $comment, $hash, $lineNumber, $inWhitelist = false)
     {
         $default_format = '%S ';
 
-        if (!$found) {
+        if (!$found && !$inWhitelist) {
             if ($this->flagHideOk) {
                 return;
             }
             $state = 'OK';
             $hash = '                                ';
             $state_color = $this->ANSI_GREEN;
-        } elseif ($this->inWhitelist($hash)) {
+        } elseif ($inWhitelist) {
             if ($this->flagHideWhitelist) {
                 return;
             }
@@ -588,11 +589,14 @@ class MalwareScanner
         $this->stat['files_scanned']++;
         $fileContent = file_get_contents($path);
         $found = false;
-        $hash = '';
+        $inWhitelist = false;
+        $hash = md5($fileContent);
         $toSearch = '';
         $comment = '';
 
-        if (!$this->flagBase64) {
+        if ($this->inWhitelist($hash)) {
+            $inWhitelist = true;
+        } elseif (!$this->flagBase64) {
             $this->scanLoop('scanFunc_STR', $fileContent, $this->patterns_raw, $path, $found, $hash);
             $this->scanLoop('scanFunc_STRI', $fileContent, $this->patterns_iraw, $path, $found, $hash);
             $this->scanLoop('scanFunc_RE', $fileContent, $this->patterns_re, $path, $found, $hash);
@@ -602,11 +606,7 @@ class MalwareScanner
         }
 
         if (!$found) {
-            $this->printPath($found, $path, $toSearch, $comment, $hash, 0);
-            return false;
-        }
-
-        if ($found && $this->inWhitelist($hash)) {
+            $this->printPath($found, $path, $toSearch, $comment, $hash, 0, $inWhitelist);
             return false;
         }
 
@@ -647,7 +647,7 @@ class MalwareScanner
 
     //Loops through all patterns in a file using the passed function name to determine a match.
     //Variables passed by reference for performance and modification access.
-    private function scanLoop($scanFunction, &$fileContent, &$patterns, &$path, &$found, &$hash)
+    private function scanLoop($scanFunction, &$fileContent, &$patterns, &$path, &$found, $hash)
     {
         if (!$found || $this->flagNoStop) {
             foreach ($patterns as $pattern => $comment) {
@@ -656,9 +656,6 @@ class MalwareScanner
                 $position = $this->$scanFunction($pattern, $fileContent);
                 if ($position !== false) {
                     $found = true;
-                    if ($hash === '') {
-                        $hash = md5($fileContent);
-                    }
                     $lineNumber = 0;
                     if ($this->flagLineNumber) {
                         if ($pos = strrpos(substr($fileContent, 0, $position), "\n")) {