joomla/jedchecker
31
2
Fork 0
mirror of https://github.com/joomla-extensions/jedchecker.git synced 2024-06-13 10:22:21 +00:00
Code Issues Releases Activity

Don't warn on str_replace and preg_replace

Browse Source 
Both `str_replace` and `preg_replace` (deprecated /e modifier is checked in another rule) are widely used and shouldn't be considered as a marker of malicious code
This commit is contained in:
Denis Ryabov 2021-01-24 20:37:57 +03:00 committed by GitHub
parent 1f15a51f16
commit fa5eb52dd6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
administrator/components/com_jedchecker/libraries/rules/jamss.php
View File

@ -188,8 +188,8 @@ class JedcheckerRulesJamss extends JEDcheckerRule
'Probably malicious PHP script that "calls home"',
'16',
'Detected script variations often used to inform the attackers about found vulnerable website.',),
array('(?:(?:eval|gzuncompress|gzinflate|base64_decode|str_rot13|strrev|strtr|preg_replace|rawurldecode|' .
'str_replace|assert|unpack|urldecode)[\s/\*\w\W\(]*){2,}',
array('(?:(?:eval|gzuncompress|gzinflate|base64_decode|str_rot13|strrev|strtr|rawurldecode|' .
'assert|unpack|urldecode)[\s/\*\w\W\(]*){2,}',
'PHP: multiple encoded, most probably obfuscated code found',
'17',
'This pattern could be used in highly encoded, malicious code hidden under a loop of code obfuscation function ' .