joomla/jedchecker
33
2
Fork 0
mirror of https://github.com/joomla-extensions/jedchecker.git synced 2025-01-03 22:57:21 +00:00
Code Issues Releases Activity

Don't warn on str_replace and preg_replace

Browse Source 
Both `str_replace` and `preg_replace` (deprecated /e modifier is checked in another rule) are widely used and shouldn't be considered as a marker of malicious code
This commit is contained in:
Denis Ryabov 2021-01-24 20:37:57 +03:00 committed by GitHub
parent 1f15a51f16
commit fa5eb52dd6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
administrator/components/com_jedchecker/libraries/rules/jamss.php
View File

@ -188,8 +188,8 @@ class JedcheckerRulesJamss extends JEDcheckerRule
'Probably malicious PHP script that "calls home"', 'Probably malicious PHP script that "calls home"',
'16', '16',
'Detected script variations often used to inform the attackers about found vulnerable website.',), 'Detected script variations often used to inform the attackers about found vulnerable website.',),
array('(?:(?:eval|gzuncompress|gzinflate|base64_decode|str_rot13|strrev|strtr|preg_replace|rawurldecode|' . array('(?:(?:eval|gzuncompress|gzinflate|base64_decode|str_rot13|strrev|strtr|rawurldecode|' .
'str_replace|assert|unpack|urldecode)[\s/\*\w\W\(]*){2,}', 'assert|unpack|urldecode)[\s/\*\w\W\(]*){2,}',
'PHP: multiple encoded, most probably obfuscated code found', 'PHP: multiple encoded, most probably obfuscated code found',
'17', '17',
'This pattern could be used in highly encoded, malicious code hidden under a loop of code obfuscation function ' . 'This pattern could be used in highly encoded, malicious code hidden under a loop of code obfuscation function ' .