joomla/jedchecker
31
2
Fork 0
mirror of https://github.com/joomla-extensions/jedchecker.git synced 2024-09-28 21:19:07 +00:00
Code Issues Releases Activity

Fix false-positive for JAMSS rule#23

Browse Source 
JAMSS rule#23 gives false-positive warning for files that starts with `defined('_JEXEC')` (because of partial `exec` match) and use `$_GET` or `$_POST`. This patch requires `exec` (and other function names in) to be checked explicitly using word boundaries (`\b`) in the regex.
This commit is contained in:
Denis Ryabov 2019-05-15 16:48:40 +03:00 committed by GitHub
parent 2ef0233058
commit 2f7943f6ac
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
administrator/components/com_jedchecker/libraries/rules/jamss.php
View File

@ -222,7 +222,7 @@ class JedcheckerRulesJamss extends JEDcheckerRule
'22',
'Found the SourceCop encoded code. It is often used for malicious code ' .
'hiding, so go and check the code with some online SourceCop decoders'),
array('(?:exec|passthru|shell_exec|system|proc_|popen)[\w\W\s/\*]*\([\s/\*\#\'\"\w\W\-\_]*(?:\$_GET|\$_POST)',
array('\b(?:exec|passthru|shell_exec|system|proc_\w+|popen)\b[\w\W\s/\*]*\([\s/\*\#\'\"\w\W\-\_]*(?:\$_GET|\$_POST)',
'shell command execution from POST/GET variables',
'23',
'Found direct shell command execution getting variables from POST/GET, ' .