From 071d50ce65a568e17f8f5d20eaf44ba566672edf Mon Sep 17 00:00:00 2001
From: Denis Ryabov <dryabov@yandex.ru>
Date: Tue, 23 Feb 2021 23:25:41 +0300
Subject: [PATCH] clean PHP code (by removing comments only) in the jamss rules
 to avoid false-positives

---
 .../com_jedchecker/libraries/rules/jamss.php  | 80 +++++++++++++++++++
 1 file changed, 80 insertions(+)

diff --git a/administrator/components/com_jedchecker/libraries/rules/jamss.php b/administrator/components/com_jedchecker/libraries/rules/jamss.php
index 0f88d92..2573b2f 100644
--- a/administrator/components/com_jedchecker/libraries/rules/jamss.php
+++ b/administrator/components/com_jedchecker/libraries/rules/jamss.php
@@ -306,6 +306,8 @@ class JedcheckerRulesJamss extends JEDcheckerRule
 			}
 			else
 			{
+				$content = $this->cleanComments($content);
+
 				// Do a search for fingerprints
 				foreach ($patterns As $pattern)
 				{
@@ -431,4 +433,82 @@ class JedcheckerRulesJamss extends JEDcheckerRule
 		$info = !empty($info)?sprintf($this->params->get('info'), htmlentities($info, ENT_QUOTES)):"";
 		$this->report->addWarning($path, $info . $title, $line, $code);
 	}
+
+	/**
+	 * @param   string $content
+	 *
+	 * @return  string
+	 */
+	private function cleanComments($content)
+	{
+		if (!preg_match('/<\?php\s/i', $content, $match, PREG_OFFSET_CAPTURE))
+		{
+			// No PHP code found
+			return $content;
+		}
+
+		$pos = $match[0][1];
+		$cleanContent = substr($content, 0, $pos);
+
+		while (preg_match('/(?:[\'"]|\/\*|\/\/|\?>)/', $content, $match, PREG_OFFSET_CAPTURE, $pos))
+		{
+			$foundPos = $match[0][1];
+			$cleanContent .= substr($content, $pos, $foundPos - $pos);
+			$pos = $foundPos;
+
+			switch ($match[0][0])
+			{
+				case '"':
+				case "'":
+					$q = $match[0][0];
+
+					if (!preg_match("/$q(?>[^$q\\\\]+|\\\\.)*$q/As", $content, $match, 0, $pos))
+					{
+						return $cleanContent . substr($content, $pos);
+					}
+
+					$cleanContent .= $match[0];
+					$pos += strlen($match[0]);
+					break;
+
+				case '/*':
+					$cleanContent .= '/*';
+					$pos += 2;
+
+					$endPos = strpos($content, '*/', $pos);
+
+					if ($endPos === false)
+					{
+						return $cleanContent;
+					}
+
+					$cleanContent .= str_repeat("\n", substr_count(substr($content, $pos, $endPos - $pos), "\n")) . '*/';
+					$pos = $endPos + 2;
+
+					break;
+
+				case '//':
+					$pos += strcspn($content, "\r\n", $pos);
+					break;
+
+				case '?>':
+					$cleanContent .= '?>';
+					$pos += 2;
+
+					if (!preg_match('/<\?php\s/i', $content, $match, PREG_OFFSET_CAPTURE, $pos))
+					{
+						// No PHP code found (up to the end of the file)
+						return $cleanContent . substr($content, $pos);
+					}
+
+					$foundPos = $match[0][1];
+					$cleanContent .= substr($content, $pos, $foundPos - $pos) . $match[0][0];
+					$pos = $foundPos + strlen($match[0][0]);
+
+					break;
+			}
+		}
+
+		return $cleanContent;
+	}
 }