New argument to scan every file

This commit is contained in:
Gabor Gyorvari
2018-10-28 06:36:59 +01:00
parent 8dc6e7298d
commit f3c8758adf

View File

@@ -38,6 +38,7 @@ class MalwareScanner
private $flagExtraCheck = false; private $flagExtraCheck = false;
private $flagFollowSymlink = false; private $flagFollowSymlink = false;
private $flagLineNumber = false; private $flagLineNumber = false;
private $flagScanEverything = false;
private $outputFormat = ''; private $outputFormat = '';
private $whitelist = array(); private $whitelist = array();
private $ignore = array(); private $ignore = array();
@@ -178,19 +179,19 @@ class MalwareScanner
} }
} }
private function addWordpressChecksums($wp_version) { private function addWordpressChecksums($wp_version)
{
$apiurl = 'https://api.wordpress.org/core/checksums/1.0/?version=' . $wp_version; $apiurl = 'https://api.wordpress.org/core/checksums/1.0/?version=' . $wp_version;
$json = json_decode ( file_get_contents ( $apiurl ) ); $json = json_decode(file_get_contents($apiurl));
$checksums = $json->checksums; $checksums = $json->checksums;
if ($checksums->$wp_version == false) { #no checksum returned if ($checksums->$wp_version == false) { #no checksum returned
$this->error('Cannot load wordpress checksums from: '.$apiurl); $this->error('Cannot load wordpress checksums from: ' . $apiurl);
exit(-1); exit(-1);
} }
foreach( $checksums->$wp_version as $file => $checksum ) {
$this->whitelist[] = $checksum;
foreach ($checksums->$wp_version as $file => $checksum) {
$this->whitelist[] = $checksum;
} }
} }
@@ -199,7 +200,7 @@ class MalwareScanner
private function parseArgs() private function parseArgs()
{ {
$options = getopt( $options = getopt(
'd:e:i:o:abmcxlhkwnsptLj:', 'd:e:i:o:abmcxlhkwnsptLj:E',
array( array(
'directory:', 'directory:',
'extension:', 'extension:',
@@ -219,7 +220,8 @@ class MalwareScanner
'time', 'time',
'line-number', 'line-number',
'output-format:', 'output-format:',
'wordpress-version:' 'wordpress-version:',
'scan-everything'
) )
); );
@@ -288,7 +290,6 @@ class MalwareScanner
if (isset($options['line-number']) || isset($options['L'])) { if (isset($options['line-number']) || isset($options['L'])) {
$this->setFlagLineNumber(true); $this->setFlagLineNumber(true);
} }
if (isset($options['output-format']) || isset($options['o'])) { if (isset($options['output-format']) || isset($options['o'])) {
$tmp = isset($options['output-format']) ? $options['output-format'] : $options['o']; $tmp = isset($options['output-format']) ? $options['output-format'] : $options['o'];
$this->setOutputFormat(is_array($tmp) ? $tmp : array($tmp)); $this->setOutputFormat(is_array($tmp) ? $tmp : array($tmp));
@@ -296,7 +297,10 @@ class MalwareScanner
if (isset($options['wordpress-version']) || isset($options['j'])) { if (isset($options['wordpress-version']) || isset($options['j'])) {
$tmp = isset($options['wordpress-version']) ? $options['wordpress-version'] : $options['j']; $tmp = isset($options['wordpress-version']) ? $options['wordpress-version'] : $options['j'];
$this->addWordpressChecksums($tmp); $this->addWordpressChecksums($tmp);
} }
if (isset($options['scan-everything']) || isset($options['E'])) {
$this->setFlagScanEverything(true);
}
} }
public function setExtensions(array $a) public function setExtensions(array $a)
@@ -375,6 +379,11 @@ class MalwareScanner
$this->outputFormat = array_shift($format); $this->outputFormat = array_shift($format);
} }
public function setFlagScanEverything($b)
{
$this->flagScanEverything = $b;
}
// @see http://stackoverflow.com/a/13914119 // @see http://stackoverflow.com/a/13914119
private function pathMatches($path, $pattern, $ignoreCase = false) private function pathMatches($path, $pattern, $ignoreCase = false)
{ {
@@ -527,7 +536,7 @@ class MalwareScanner
$this->process($dir . $file . '/'); $this->process($dir . $file . '/');
} elseif (is_file($dir . $file)) { } elseif (is_file($dir . $file)) {
$ext = strtolower(substr($file, strrpos($file, '.'))); $ext = strtolower(substr($file, strrpos($file, '.')));
if (in_array($ext, $this->extension)) { if ($this->flagScanEverything || in_array($ext, $this->extension)) {
$this->scan($dir . $file); $this->scan($dir . $file);
} }
} }
@@ -672,6 +681,7 @@ class MalwareScanner
echo ' -h --help Show this help message' . PHP_EOL; echo ' -h --help Show this help message' . PHP_EOL;
echo ' -d <directory> --directory Directory for searching' . PHP_EOL; echo ' -d <directory> --directory Directory for searching' . PHP_EOL;
echo ' -e <file extension> --extension File Extension to Scan, can be used multiple times' . PHP_EOL; echo ' -e <file extension> --extension File Extension to Scan, can be used multiple times' . PHP_EOL;
echo ' -E --scan-everything Scan all files, with or without extensions' . PHP_EOL;
echo ' -i <directory|file> --ignore Directory of file to ignore' . PHP_EOL; echo ' -i <directory|file> --ignore Directory of file to ignore' . PHP_EOL;
echo ' -a --all-output Enables --checksum,--comment,--pattern,--time' . PHP_EOL; echo ' -a --all-output Enables --checksum,--comment,--pattern,--time' . PHP_EOL;
echo ' -b --base64 Scan for base64 encoded PHP keywords' . PHP_EOL; echo ' -b --base64 Scan for base64 encoded PHP keywords' . PHP_EOL;