33
2
mirror of https://github.com/joomla-extensions/jedchecker.git synced 2024-12-29 04:42:36 +00:00

Don't warn on str_replace and preg_replace

Both `str_replace` and `preg_replace` (deprecated /e modifier is checked in another rule) are widely used and shouldn't be considered as a marker of malicious code
This commit is contained in:
Denis Ryabov 2021-01-24 20:37:57 +03:00 committed by GitHub
parent 1f15a51f16
commit fa5eb52dd6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -188,8 +188,8 @@ class JedcheckerRulesJamss extends JEDcheckerRule
'Probably malicious PHP script that "calls home"',
'16',
'Detected script variations often used to inform the attackers about found vulnerable website.',),
array('(?:(?:eval|gzuncompress|gzinflate|base64_decode|str_rot13|strrev|strtr|preg_replace|rawurldecode|' .
'str_replace|assert|unpack|urldecode)[\s/\*\w\W\(]*){2,}',
array('(?:(?:eval|gzuncompress|gzinflate|base64_decode|str_rot13|strrev|strtr|rawurldecode|' .
'assert|unpack|urldecode)[\s/\*\w\W\(]*){2,}',
'PHP: multiple encoded, most probably obfuscated code found',
'17',
'This pattern could be used in highly encoded, malicious code hidden under a loop of code obfuscation function ' .