joomla/jedchecker
31
2
Fork 0
mirror of https://github.com/joomla-extensions/jedchecker.git synced 2024-05-29 03:40:47 +00:00
Code Issues Releases Activity

adding encoding rule - checks base64 usage

Browse Source
This commit is contained in:
Daniel Dimitrov 2012-08-04 20:48:04 +02:00
parent b9faf62422
commit 58834503e6
3 changed files with 110 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
source/administrator/components/com_jedchecker/libraries/rules/encoding.ini Normal file
View File

@ -0,0 +1,10 @@
; This is the configuration file of the encoding rule.
;
; @author Daniel Dimitrov
; @date 07/06/2012
; @copyright Copyright (C) 2008 - 2012 compojoom.com . All rights reserved.
; @license GNU General Public License version 2 or later; see LICENSE
; The valid constants to search for
encodings ="base64"

96
source/administrator/components/com_jedchecker/libraries/rules/encoding.php Normal file
View File

@ -0,0 +1,96 @@
<?php
/**
* @author Daniel Dimitrov
* @date 04/08/2012
* @copyright Copyright (C) 2008 - 2012 compojoom.com . All rights reserved.
* @license GNU General Public License version 2 or later; see LICENSE
*/
defined('_JEXEC') or die('Restricted access');
// Include the rule base class
require_once(JPATH_COMPONENT_ADMINISTRATOR.'/models/rule.php');
/**
* This class searches all files for the _JEXEC check
* which prevents direct file access.
*
*/
class jedcheckerRulesEncoding extends JEDcheckerRule
{
/**
* The formal ID of this rule. For example: SE1.
*
* @var string
*/
protected $id = 'encoding';
/**
* The title or caption of this rule.
*
* @var string
*/
protected $title = 'COM_JEDCHECKER_RULE_ENCODING';
/**
* The description of this rule.
*
* @var string
*/
protected $description = 'COM_JEDCHECKER_RULE_ENCODING_DESC';
/**
* Initiates the file search and check
*
* @return void
*/
public function check()
{
// Find all php files of the extension
$files = JFolder::files($this->basedir, '.php$', true, true);
// Iterate through all files
foreach($files as $file)
{
// Try to find the base64 use in the file
if($this->find($file)) {
// Add as error to the report if it was not found
$this->report->addError($file, 'COM_JEDCHECKER_ERROR_ENCODING');
}
}
}
/**
* Reads a file and searches for any encoding function defined in the params
* Not a very clever way of doing this, but it should be fine for now
*
* @param string $file The path to the file
* @return boolean True if the statement was found, otherwise False.
*/
protected function find($file)
{
$content = (array) file($file);
// Get the functions to look for
$encodings = explode(',', $this->params->get('encodings'));
foreach($encodings as $encoding) {
$encoding = trim($encoding);
foreach ($content AS $line)
{
// Search for "base64"
$pos_1 = stripos($line, $encoding);
if ($pos_1 !== false) {
return true;
}
}
}
return false;
}
}

5
source/administrator/language/en-GB/en-GB.com_jedchecker.ini
View File

@ -27,4 +27,7 @@ COM_JEDCHECKER_ERROR_XML_LICENSE_NOT_GPL="Please check if the license in this fi
COM_JEDCHECKER_RULE="Rule"
COM_JEDCHECKER_ERRORS="Errors"
COM_JEDCHECKER_COMPAT_ISSUES="Compatibility Issues"
COM_JEDCHECKER_IN_LINE="in line"
COM_JEDCHECKER_IN_LINE="in line"
COM_JEDCHECKER_ERROR_ENCODING="You've used encoding in this file? This is not an error, but an editor will have to review this file!"
COM_JEDCHECKER_RULE_ENCODING="Base64 or other type of encoding in the files"
COM_JEDCHECKER_RULE_ENCODING_DESC="As developers we are fully aware that the base64 and similar functions have a valid place in each extensions(like URL redirects or data storage). However if you use those to make it harder for users to read your code or to mask backlinks the JED might not accept your listing submission (this is not in the spirit of GPL anyway!). An editor will review your code and determine if the way you use the base64 matches the rules of the JED. This might slow your listing review time. So the rule of thumb is - don't do fishy stuff and avoid encoding your code if possible!"