From d0719e4d4a5eb885fda48bf0f2e9673fc922a4f4 Mon Sep 17 00:00:00 2001
From: Denis Ryabov <dryabov@yandex.ru>
Date: Tue, 16 Nov 2021 22:27:59 +0300
Subject: [PATCH] JAMSS: avoid partial match in rule#16

---
 .../components/com_jedchecker/libraries/rules/jamss.php         | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/administrator/components/com_jedchecker/libraries/rules/jamss.php b/administrator/components/com_jedchecker/libraries/rules/jamss.php
index a4e0d30..8ad63d6 100644
--- a/administrator/components/com_jedchecker/libraries/rules/jamss.php
+++ b/administrator/components/com_jedchecker/libraries/rules/jamss.php
@@ -198,7 +198,7 @@ class JedcheckerRulesJamss extends JEDcheckerRule
 						'Probably malicious PHP script that "calls home"',
 						'16',
 						'Detected script variations often used to inform the attackers about found vulnerable website.',),
-						array('(?:(?:eval|gzuncompress|gzinflate|base64_decode|str_rot13|strrev|strtr|rawurldecode|' .
+						array('(?:\b(?:eval|gzuncompress|gzinflate|base64_decode|str_rot13|strrev|strtr|rawurldecode|' .
 						'assert|unpack|urldecode)[\s/\*\w\W\(]*){2,}',
 						'PHP: multiple encoded, most probably obfuscated code found',
 						'17',