External/php-malware-scanner
1
0
Fork 0
mirror of https://github.com/scr34m/php-malware-scanner.git synced 2026-06-16 12:30:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix double whitelist checks

Browse Source
This commit is contained in:
Gabor Gyorvari
2018-12-10 21:59:02 +01:00
parent ed5bc006e4
commit e61092bc24
1 changed files with 11 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
scan.php
View File

@@ -428,19 +428,20 @@ class MalwareScanner
* @param $comment * @param $comment
* @param $hash * @param $hash
* @param $lineNumber * @param $lineNumber
* @param bool $inWhitelist
*/ */
private function printPath($found, $path, $pattern, $comment, $hash, $lineNumber) private function printPath($found, $path, $pattern, $comment, $hash, $lineNumber, $inWhitelist = false)
{ {
$default_format = '%S '; $default_format = '%S ';
if (!$found) { if (!$found && !$inWhitelist) {
if ($this->flagHideOk) { if ($this->flagHideOk) {
return; return;
} }
$state = 'OK'; $state = 'OK';
$hash = ' '; $hash = ' ';
$state_color = $this->ANSI_GREEN; $state_color = $this->ANSI_GREEN;
} elseif ($this->inWhitelist($hash)) { } elseif ($inWhitelist) {
if ($this->flagHideWhitelist) { if ($this->flagHideWhitelist) {
return; return;
} }
@@ -588,11 +589,14 @@ class MalwareScanner
$this->stat['files_scanned']++; $this->stat['files_scanned']++;
$fileContent = file_get_contents($path); $fileContent = file_get_contents($path);
$found = false; $found = false;
$hash = ''; $inWhitelist = false;
$hash = md5($fileContent);
$toSearch = ''; $toSearch = '';
$comment = ''; $comment = '';
if (!$this->flagBase64) { if ($this->inWhitelist($hash)) {
$inWhitelist = true;
} elseif (!$this->flagBase64) {
$this->scanLoop('scanFunc_STR', $fileContent, $this->patterns_raw, $path, $found, $hash); $this->scanLoop('scanFunc_STR', $fileContent, $this->patterns_raw, $path, $found, $hash);
$this->scanLoop('scanFunc_STRI', $fileContent, $this->patterns_iraw, $path, $found, $hash); $this->scanLoop('scanFunc_STRI', $fileContent, $this->patterns_iraw, $path, $found, $hash);
$this->scanLoop('scanFunc_RE', $fileContent, $this->patterns_re, $path, $found, $hash); $this->scanLoop('scanFunc_RE', $fileContent, $this->patterns_re, $path, $found, $hash);
@@ -602,11 +606,7 @@ class MalwareScanner
} }
if (!$found) { if (!$found) {
$this->printPath($found, $path, $toSearch, $comment, $hash, 0); $this->printPath($found, $path, $toSearch, $comment, $hash, 0, $inWhitelist);
return false;
}
if ($found && $this->inWhitelist($hash)) {
return false; return false;
} }
@@ -647,7 +647,7 @@ class MalwareScanner
//Loops through all patterns in a file using the passed function name to determine a match. //Loops through all patterns in a file using the passed function name to determine a match.
//Variables passed by reference for performance and modification access. //Variables passed by reference for performance and modification access.
private function scanLoop($scanFunction, &$fileContent, &$patterns, &$path, &$found, &$hash) private function scanLoop($scanFunction, &$fileContent, &$patterns, &$path, &$found, $hash)
{ {
if (!$found || $this->flagNoStop) { if (!$found || $this->flagNoStop) {
foreach ($patterns as $pattern => $comment) { foreach ($patterns as $pattern => $comment) {
@@ -656,9 +656,6 @@ class MalwareScanner
$position = $this->$scanFunction($pattern, $fileContent); $position = $this->$scanFunction($pattern, $fileContent);
if ($position !== false) { if ($position !== false) {
$found = true; $found = true;
if ($hash === '') {
$hash = md5($fileContent);
}
$lineNumber = 0; $lineNumber = 0;
if ($this->flagLineNumber) { if ($this->flagLineNumber) {
if ($pos = strrpos(substr($fileContent, 0, $position), "\n")) { if ($pos = strrpos(substr($fileContent, 0, $position), "\n")) {