From f3c8758adfe09701d2854cc994cab3eb567cf220 Mon Sep 17 00:00:00 2001 From: Gabor Gyorvari Date: Sun, 28 Oct 2018 06:36:59 +0100 Subject: [PATCH] New argument to scan every file --- scan.php | 34 ++++++++++++++++++++++------------ 1 file changed, 22 insertions(+), 12 deletions(-) diff --git a/scan.php b/scan.php index 061d7cf..14e2144 100644 --- a/scan.php +++ b/scan.php @@ -38,6 +38,7 @@ class MalwareScanner private $flagExtraCheck = false; private $flagFollowSymlink = false; private $flagLineNumber = false; + private $flagScanEverything = false; private $outputFormat = ''; private $whitelist = array(); private $ignore = array(); @@ -178,19 +179,19 @@ class MalwareScanner } } - private function addWordpressChecksums($wp_version) { + private function addWordpressChecksums($wp_version) + { $apiurl = 'https://api.wordpress.org/core/checksums/1.0/?version=' . $wp_version; - $json = json_decode ( file_get_contents ( $apiurl ) ); + $json = json_decode(file_get_contents($apiurl)); $checksums = $json->checksums; if ($checksums->$wp_version == false) { #no checksum returned - $this->error('Cannot load wordpress checksums from: '.$apiurl); - exit(-1); + $this->error('Cannot load wordpress checksums from: ' . $apiurl); + exit(-1); } - - foreach( $checksums->$wp_version as $file => $checksum ) { - $this->whitelist[] = $checksum; + foreach ($checksums->$wp_version as $file => $checksum) { + $this->whitelist[] = $checksum; } } @@ -199,7 +200,7 @@ class MalwareScanner private function parseArgs() { $options = getopt( - 'd:e:i:o:abmcxlhkwnsptLj:', + 'd:e:i:o:abmcxlhkwnsptLj:E', array( 'directory:', 'extension:', @@ -219,7 +220,8 @@ class MalwareScanner 'time', 'line-number', 'output-format:', - 'wordpress-version:' + 'wordpress-version:', + 'scan-everything' ) ); @@ -288,7 +290,6 @@ class MalwareScanner if (isset($options['line-number']) || isset($options['L'])) { $this->setFlagLineNumber(true); } - if (isset($options['output-format']) || isset($options['o'])) { $tmp = isset($options['output-format']) ? $options['output-format'] : $options['o']; $this->setOutputFormat(is_array($tmp) ? $tmp : array($tmp)); @@ -296,7 +297,10 @@ class MalwareScanner if (isset($options['wordpress-version']) || isset($options['j'])) { $tmp = isset($options['wordpress-version']) ? $options['wordpress-version'] : $options['j']; $this->addWordpressChecksums($tmp); - } + } + if (isset($options['scan-everything']) || isset($options['E'])) { + $this->setFlagScanEverything(true); + } } public function setExtensions(array $a) @@ -375,6 +379,11 @@ class MalwareScanner $this->outputFormat = array_shift($format); } + public function setFlagScanEverything($b) + { + $this->flagScanEverything = $b; + } + // @see http://stackoverflow.com/a/13914119 private function pathMatches($path, $pattern, $ignoreCase = false) { @@ -527,7 +536,7 @@ class MalwareScanner $this->process($dir . $file . '/'); } elseif (is_file($dir . $file)) { $ext = strtolower(substr($file, strrpos($file, '.'))); - if (in_array($ext, $this->extension)) { + if ($this->flagScanEverything || in_array($ext, $this->extension)) { $this->scan($dir . $file); } } @@ -672,6 +681,7 @@ class MalwareScanner echo ' -h --help Show this help message' . PHP_EOL; echo ' -d --directory Directory for searching' . PHP_EOL; echo ' -e --extension File Extension to Scan, can be used multiple times' . PHP_EOL; + echo ' -E --scan-everything Scan all files, with or without extensions' . PHP_EOL; echo ' -i --ignore Directory of file to ignore' . PHP_EOL; echo ' -a --all-output Enables --checksum,--comment,--pattern,--time' . PHP_EOL; echo ' -b --base64 Scan for base64 encoded PHP keywords' . PHP_EOL;