33
2
mirror of https://github.com/joomla-extensions/jedchecker.git synced 2025-01-05 15:32:10 +00:00

Merge PR #108 into develop

This commit is contained in:
Llewellyn van der Merwe 2021-09-01 10:13:19 +02:00
commit f37763ecc9
Signed by: Llewellyn
GPG Key ID: EFC0C720A240551C
2 changed files with 130 additions and 67 deletions

View File

@ -12,3 +12,5 @@
; The valid constants to search for ; The valid constants to search for
constants ="_JEXEC, JPATH_PLATFORM, JPATH_BASE, AKEEBAENGINE, WF_EDITOR" constants ="_JEXEC, JPATH_PLATFORM, JPATH_BASE, AKEEBAENGINE, WF_EDITOR"
libfolders="vendor,vendors,composer,libraries"
libfiles="LICENSE,LICENSE.txt,license.txt,composer.json"

View File

@ -53,6 +53,27 @@ class JedcheckerRulesJexec extends JEDcheckerRule
*/ */
public static $ordering = 600; public static $ordering = 600;
/**
* Regexp to match _JEXEC-like guard
*
* @var string
*/
protected $regex;
/**
* Regexp to match directories to skip
*
* @var string
*/
protected $regexExcludeFolders;
/**
* List of files related to libraries
*
* @var array
*/
protected $libFiles;
/** /**
* Initiates the file search and check * Initiates the file search and check
* *
@ -60,8 +81,10 @@ class JedcheckerRulesJexec extends JEDcheckerRule
*/ */
public function check() public function check()
{ {
$this->initJexec();
// Find all php files of the extension // Find all php files of the extension
$files = JFolder::files($this->basedir, '\.php$', true, true); $files = $this->files($this->basedir);
// Iterate through all files // Iterate through all files
foreach ($files as $file) foreach ($files as $file)
@ -84,79 +107,117 @@ class JedcheckerRulesJexec extends JEDcheckerRule
*/ */
protected function find($file) protected function find($file)
{ {
$content = (array) file($file); // Load file and strip comments
$content = php_strip_whitespace($file);
// Get the constants to look for // Strip BOM (it is checked separately)
$content = preg_replace('/^\xEF\xBB\xBF/', '', $content);
// Skip empty files
if ($content === '' || preg_match('#^<\?php\s+$#', $content))
{
return true;
}
// Check guards
if (preg_match($this->regex, $content))
{
return true;
}
return false;
}
/**
* Prepare regexps aforehand
*
* @return void
*/
protected function initJexec()
{
// Generate regular expression to match JEXEC quard
$defines = $this->params->get('constants'); $defines = $this->params->get('constants');
$defines = explode(',', $defines); $defines = explode(',', $defines);
$hascode = 0; foreach ($defines as $i => $define)
foreach ($content AS $line)
{ {
$tline = trim($line); $defines[$i] = preg_quote(trim($define), '#');
}
if ($tline == '' || $tline == '<?php' || $tline == '?>') $this->regex
= '#^' // at the beginning of the file
. '<\?php\s+' // there is an opening php tag
. '(?:declare ?\(strict_types ?= ?1 ?\) ?; ?)?' // optionally followed by declare(strict_types=1) directive
. '(?:namespace [0-9A-Za-z_\\\\]+ ?; ?)?' // optionally followed by namespace directive
. '(?:use [0-9A-Za-z_\\\\]+ ?(?:as [0-9A-Za-z_]+ ?)?; ?)*' // optionally followed by use directives
. 'defined ?\( ?' // followed by defined test
. '([\'"])(?:' . implode('|', $defines) . ')\1' // of any of given constant
. ' ?\) ?(?:or |\|\| ?)(?:die|exit)\b' // or exit
. '#i'; // (case insensitive)
// Generate regular expression to match excluded directories
$libfolders = $this->params->get('libfolders');
$libfolders = explode(',', $libfolders);
foreach ($libfolders as &$libfolder)
{ {
continue; $libfolder = preg_quote(trim($libfolder), '#');
} }
if ($tline['0'] != '/' && $tline['0'] != '*') // Prepend libFolders with default Joomla's exclude list
$this->regexExcludeFolders = '#^(?:\.svn|CVS|\.DS_Store|__MACOSX|' . implode('|', $libfolders) . ')$#';
// Generate list of libraries fingerprint files
$libFiles = $this->params->get('libfiles');
$this->libFiles = array_map('trim', explode(',', $libFiles));
}
/**
* Collect php files to check (excluding external library directories)
*
* @param string $path The path of the folder to read.
*
* @return array
* @since 3.0
*/
protected function files($path)
{ {
$hascode = 1; $arr = array();
}
// Search for "defined" // Read the source directory
$pos_1 = stripos($line, 'defined'); if ($handle = @opendir($path))
// Skip the line if "defined" is not found
if ($pos_1 === false)
{ {
continue; while (($file = readdir($handle)) !== false)
}
// Search for "die".
// "or" may not be present depending on syntax
$pos_3 = stripos($line, 'die');
// Check for "exit"
if ($pos_3 === false)
{ {
$pos_3 = stripos($line, 'exit'); // Skip excluded directories
if ($file !== '.' && $file !== '..' && !preg_match($this->regexExcludeFolders, $file))
// Skip the line if "die" or "exit" is not found
if ($pos_3 === false)
{ {
continue; $fullpath = $path . '/' . $file;
}
}
// Search for the constant name if (is_dir($fullpath))
foreach ($defines AS $define)
{ {
$define = trim($define); // Detect and skip external library directories
foreach ($this->libFiles as $libFile)
// Search for the define
$pos_2 = strpos($line, $define);
// Skip the line if the define is not found
if ($pos_2 === false)
{ {
continue; if (is_file($fullpath . '/' . $libFile))
}
// Check the position of the words
if ($pos_2 > $pos_1 && $pos_3 > $pos_2)
{ {
unset($content); // Skip processing of this directory
continue 2;
}
}
return true; $arr = array_merge($arr, $this->files($fullpath));
}
elseif (preg_match('/\.php$/', $file))
{
$arr[] = $fullpath;
} }
} }
} }
unset($content); closedir($handle);
}
return $hascode ? false : true; return $arr;
} }
} }