Skip to content

Commit cb6ac47

Browse files
author
Marco Cesarato
committed
feat: add auto-whitelist
1 parent a0c70ae commit cb6ac47

File tree

4 files changed

+85
-43
lines changed

4 files changed

+85
-43
lines changed

README.md

+7-5
Original file line numberDiff line numberDiff line change
@@ -169,14 +169,16 @@ Flags:
169169
170170
--silent - No output and prompt
171171
172-
--auto-prompt="" - Set auto prompt command ex. --auto-prompt="1" (alias of auto-delete)
173-
174-
--auto-clean - Auto clean code (without confirmation, CARE could be DANGEROUS)
175-
--auto-clean-line - Auto clean line code (without confirmation, CARE could be DANGEROUS)
176-
--auto-delete - Auto delete infected (without confirmation, CARE could be DANGEROUS)
172+
--auto-clean - Auto clean code (without confirmation, use with caution)
173+
--auto-clean-line - Auto clean line code (without confirmation, use with caution)
174+
--auto-delete - Auto delete infected (without confirmation, use with caution)
177175
--auto-quarantine - Auto quarantine
176+
--auto-whitelist - Auto whitelist (if you sure that source isn't compromised)
178177
--auto-skip - Auto skip
179178
179+
--auto-prompt="" - Set auto prompt command
180+
ex. --auto-prompt="delete" or --auto-prompt="1" (alias of auto-delete)
181+
180182
Notes:
181183
For open files with nano or vim run the scripts with "-d disable_functions=''"
182184

TODO.md

+1-1
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@
55
* Output with EventSource + Offset mapping for continue scan
66
* Separate Actions from Application
77
* Whitelist with start and length
8-
* Checksum files of most popular platform for a whitelist (and implement the check with checksum) for no have more false positive
8+
* Checksum files of the most popular platform for a whitelist (and implement the check with checksum) for no have more false positive
99
1. Wordpress
1010
2. WooCommerce
1111
3. Magento

src/Application.php

+45-21
Original file line numberDiff line numberDiff line change
@@ -326,6 +326,7 @@ private function arguments($args = null)
326326
self::$argv->addFlag('auto-delete', array('default' => false));
327327
self::$argv->addFlag('auto-quarantine', array('default' => false));
328328
self::$argv->addFlag('auto-skip', array('default' => false));
329+
self::$argv->addFlag('auto-whitelist', array('default' => false));
329330
self::$argv->addFlag('auto-prompt', array('default' => null, 'has_value' => true));
330331
self::$argv->addArgument('path', array('var_args' => true, 'default' => ''));
331332
self::$argv->parse($args);
@@ -493,27 +494,32 @@ private function arguments($args = null)
493494
// Prompt
494495
if (isset(self::$argv['auto-clean']) && self::$argv['auto-clean']) {
495496
self::$settings['report'] = false;
496-
self::$prompt = '3';
497+
self::$prompt = 'clean';
497498
}
498499

499500
if (isset(self::$argv['auto-clean-line']) && self::$argv['auto-clean-line']) {
500501
self::$settings['report'] = false;
501-
self::$prompt = '4';
502+
self::$prompt = 'clean-line';
502503
}
503504

504505
if (isset(self::$argv['auto-delete']) && self::$argv['auto-delete']) {
505506
self::$settings['report'] = false;
506-
self::$prompt = '1';
507+
self::$prompt = 'delete';
507508
}
508509

509510
if (isset(self::$argv['auto-quarantine']) && self::$argv['auto-quarantine']) {
510511
self::$settings['report'] = false;
511-
self::$prompt = '2';
512+
self::$prompt = 'quarantine';
513+
}
514+
515+
if (isset(self::$argv['auto-whitelist']) && self::$argv['auto-whitelist']) {
516+
self::$settings['report'] = false;
517+
self::$prompt = 'whitelist';
512518
}
513519

514520
if (isset(self::$argv['auto-skip']) && self::$argv['auto-skip']) {
515521
self::$settings['report'] = false;
516-
self::$prompt = '-';
522+
self::$prompt = 'skip';
517523
}
518524

519525
if (isset(self::$argv['auto-prompt']) && !empty(self::$argv['auto-prompt'])) {
@@ -892,15 +898,20 @@ private function scan($iterator)
892898
$preview = implode(Console::eol(1), array_slice($preview_lines, 0, 1000));
893899
if (!in_array($last_command, array('4', '5', '7'))) {
894900
Console::displayLine("$_FILE_PATH", 2, 'yellow');
895-
Console::display(Console::title(' PREVIEW ', '='), 'white', 'red');
901+
902+
$title = Console::title(' PREVIEW ', '=');
903+
Console::display($title, 'white', 'red');
896904
Console::newLine(2);
905+
897906
Console::code($preview, $pattern_found);
898907
if (count($preview_lines) > 1000) {
899908
Console::newLine(2);
900909
Console::display(' [ ' . (count($preview_lines) - 1000) . ' rows more ]');
901910
}
902911
Console::newLine(2);
903-
Console::display(Console::title('', '='), 'white', 'red');
912+
913+
$title = Console::title('', '=');
914+
Console::display($title, 'white', 'red');
904915
}
905916
Console::newLine(2);
906917
Console::writeLine('File path: ' . $_FILE_PATH, 1, 'yellow');
@@ -926,7 +937,7 @@ private function scan($iterator)
926937
$last_command = $confirmation;
927938
unset($preview_lines, $preview);
928939

929-
if (in_array($confirmation, array('1'))) {
940+
if (in_array($confirmation, array('1', 'delete'))) {
930941
// Remove file
931942
Console::writeLine('File path: ' . $_FILE_PATH, 1, 'yellow');
932943
$confirm2 = 'y';
@@ -940,7 +951,7 @@ private function scan($iterator)
940951
Console::writeLine("File '$_FILE_PATH' removed!", 2, 'green');
941952
$_WHILE = false;
942953
}
943-
} elseif (in_array($confirmation, array('2'))) {
954+
} elseif (in_array($confirmation, array('2', 'quarantine'))) {
944955
// Move to quarantine
945956
$quarantine = self::$pathQuarantine . str_replace(realpath(self::currentDirectory()), '', $_FILE_PATH);
946957

@@ -953,7 +964,7 @@ private function scan($iterator)
953964
self::$summaryQuarantine[] = $quarantine;
954965
Console::writeLine("File '$_FILE_PATH' moved to quarantine!", 2, 'green');
955966
$_WHILE = false;
956-
} elseif (in_array($confirmation, array('3')) && count($pattern_found) > 0) {
967+
} elseif (in_array($confirmation, array('3', 'clean')) && count($pattern_found) > 0) {
957968
// Remove evil code
958969
foreach ($pattern_found as $pattern) {
959970
preg_match('/(<\?php)(.*?)(' . preg_quote($pattern['match'], '/') . '[\s\r\n]*;?)/si', $fc, $match);
@@ -967,11 +978,15 @@ private function scan($iterator)
967978
$fc = preg_replace('/<\?php[\s\r\n]*\?\>/si', '', $fc);
968979
}
969980
Console::newLine();
970-
Console::display(Console::title(' SANITIZED ', '='), 'black', 'green');
981+
982+
$title = Console::title(' SANITIZED ', '=');
983+
Console::display($title, 'black', 'green');
971984
Console::newLine(2);
972985
Console::code($fc);
973986
Console::newLine(2);
974-
Console::display(Console::title('', '='), 'black', 'green');
987+
988+
$title = Console::title('', '=');
989+
Console::display($title, 'black', 'green');
975990
Console::newLine(2);
976991
Console::displayLine('File sanitized, now you must verify if has been fixed correctly.', 2, 'yellow');
977992
$confirm2 = 'y';
@@ -987,7 +1002,7 @@ private function scan($iterator)
9871002
} else {
9881003
self::$summaryIgnored[] = $_FILE_PATH;
9891004
}
990-
} elseif (in_array($confirmation, array('4')) && count($pattern_found) > 0) {
1005+
} elseif (in_array($confirmation, array('4', 'clean-line')) && count($pattern_found) > 0) {
9911006
// Remove evil line code
9921007
$fc_expl = explode(PHP_EOL, $fc);
9931008
foreach ($pattern_found as $pattern) {
@@ -996,11 +1011,15 @@ private function scan($iterator)
9961011
$fc = implode(PHP_EOL, $fc_expl);
9971012

9981013
Console::newLine();
999-
Console::display(Console::title(' SANITIZED ', '='), 'black', 'green');
1014+
1015+
$title = Console::title(' SANITIZED ', '=');
1016+
Console::display($title, 'black', 'green');
10001017
Console::newLine(2);
10011018
Console::code($fc);
10021019
Console::newLine(2);
1003-
Console::display(Console::title('', '='), 'black', 'green');
1020+
1021+
$title = Console::title('', '=');
1022+
Console::display($title, 'black', 'green');
10041023
Console::newLine(2);
10051024
Console::displayLine('File sanitized, now you must verify if has been fixed correctly.', 2, 'yellow');
10061025
$confirm2 = 'y';
@@ -1016,7 +1035,7 @@ private function scan($iterator)
10161035
} else {
10171036
self::$summaryIgnored[] = $_FILE_PATH;
10181037
}
1019-
} elseif (in_array($confirmation, array('5'))) {
1038+
} elseif (in_array($confirmation, array('5', 'vim'))) {
10201039
// Edit with vim
10211040
$descriptors = array(
10221041
array('file', '/dev/tty', 'r'),
@@ -1033,7 +1052,7 @@ private function scan($iterator)
10331052
self::$summaryEdited[] = $_FILE_PATH;
10341053
Console::writeLine("File '$_FILE_PATH' edited with vim!", 2, 'green');
10351054
self::$summaryRemoved[] = $_FILE_PATH;
1036-
} elseif (in_array($confirmation, array('6'))) {
1055+
} elseif (in_array($confirmation, array('6', 'nano'))) {
10371056
// Edit with nano
10381057
$descriptors = array(
10391058
array('file', '/dev/tty', 'r'),
@@ -1050,7 +1069,7 @@ private function scan($iterator)
10501069
self::$summaryEdited[] = $_FILE_PATH;
10511070
Console::writeLine("File '$_FILE_PATH' edited with nano!", 2, 'green');
10521071
self::$summaryRemoved[] = $_FILE_PATH;
1053-
} elseif (in_array($confirmation, array('7'))) {
1072+
} elseif (in_array($confirmation, array('7', 'whitelist'))) {
10541073
// Add to whitelist
10551074
foreach ($pattern_found as $key => $pattern) {
10561075
//$exploit = preg_replace("/^(\S+) \[line [0-9]+\].*/si", "$1", $key);
@@ -1069,15 +1088,20 @@ private function scan($iterator)
10691088
} else {
10701089
Console::writeLine("Exploits of file '$_FILE_PATH' failed adding file to whitelist! Check write permission of '" . self::$pathWhitelist . "' file!", 2, 'red');
10711090
}
1072-
} elseif (in_array($confirmation, array('8'))) {
1091+
} elseif (in_array($confirmation, array('8', 'show'))) {
10731092
// Show source code
10741093
Console::newLine();
10751094
Console::displayLine("$_FILE_PATH", 2, 'yellow');
1076-
Console::display(Console::title(' SOURCE ', '='), 'white', 'red');
1095+
1096+
$title = Console::title(' SOURCE ', '=');
1097+
Console::display($title, 'white', 'red');
10771098
Console::newLine(2);
1099+
10781100
Console::code($fc, $pattern_found);
10791101
Console::newLine(2);
1080-
Console::display(Console::title('', '='), 'white', 'red');
1102+
1103+
$title = Console::title('', '=');
1104+
Console::display($title, 'white', 'red');
10811105
Console::newLine(2);
10821106
} else {
10831107
// None

src/Console.php

+32-16
Original file line numberDiff line numberDiff line change
@@ -94,15 +94,24 @@ public static function header()
9494
Github: https://github.com/marcocesarato/PHP-Antimalware-Scanner
9595
EOD;
9696
self::displayLine($header, 2, 'green');
97-
self::display(self::title('version ' . $version), 'green');
97+
$title = self::title('version ' . $version);
98+
self::display($title, 'green');
9899
self::newLine(2);
99-
self::display(self::title(''), 'black', 'green');
100+
101+
$title = self::title('');
102+
self::display($title, 'black', 'green');
100103
self::newLine();
101-
self::display(self::title('PHP Antimalware Scanner'), 'black', 'green');
104+
105+
$title = self::title('PHP Antimalware Scanner' . $version);
106+
self::display($title, 'black', 'green');
102107
self::newLine();
103-
self::display(self::title('Created by Marco Cesarato'), 'black', 'green');
108+
109+
$title = self::title('Created by Marco Cesarato');
110+
self::display($title, 'black', 'green');
104111
self::newLine();
105-
self::display(self::title(''), 'black', 'green');
112+
113+
$title = self::title('');
114+
self::display($title, 'black', 'green');
106115
self::newLine(2);
107116
}
108117

@@ -208,11 +217,16 @@ public static function progress($done, $total, $size = 30)
208217
*/
209218
public static function displayTitle($string, $foreground_color, $background_color)
210219
{
211-
self::display(self::title(''), $foreground_color, $background_color);
220+
$title = self::title('');
221+
self::display($title, $foreground_color, $background_color);
212222
self::newLine();
213-
self::display(self::title(strtoupper($string)), $foreground_color, $background_color);
223+
224+
$title = self::title(strtoupper($string));
225+
self::display($title, $foreground_color, $background_color);
214226
self::newLine();
215-
self::display(self::title(''), $foreground_color, $background_color);
227+
228+
$title = self::title('');
229+
self::display($title, $foreground_color, $background_color);
216230
self::newLine();
217231
}
218232

@@ -528,10 +542,10 @@ public static function helper()
528542
-v --version - Get version number
529543
530544
--max-filesize="" - Set max filesize to scan (default: -1)
531-
--ignore-path/s="" - Ignore path/s, for multiple value separate with comma
532-
Wildcards are enabled ex. /path/*/cache or /path/*.log
545+
--ignore-path/s="" - Ignore path/s, for multiple value separate with comma
546+
Wildcards are enabled ex. /path/*/cache or /path/*.log
533547
--filter-path/s="" - Filter path/s, for multiple value separate with comma
534-
Wildcards are enabled ex. /path/*/htdocs or /path/*.php
548+
Wildcards are enabled ex. /path/*/htdocs or /path/*.php
535549
536550
--exploits="" - Filter exploits
537551
--functions="" - Define functions to search
@@ -543,13 +557,15 @@ public static function helper()
543557
544558
--silent - No output and prompt
545559
546-
--auto-prompt="" - Set auto prompt command ex. --auto-prompt="1" (alias of auto-delete)
547-
548-
--auto-clean - Auto clean code (without confirmation, CARE could be DANGEROUS)
549-
--auto-clean-line - Auto clean line code (without confirmation, CARE could be DANGEROUS)
550-
--auto-delete - Auto delete infected (without confirmation, CARE could be DANGEROUS)
560+
--auto-clean - Auto clean code (without confirmation, use with caution)
561+
--auto-clean-line - Auto clean line code (without confirmation, use with caution)
562+
--auto-delete - Auto delete infected (without confirmation, use with caution)
551563
--auto-quarantine - Auto quarantine
564+
--auto-whitelist - Auto whitelist (if you sure that source isn't compromised)
552565
--auto-skip - Auto skip
566+
567+
--auto-prompt="" - Set auto prompt command
568+
ex. --auto-prompt="delete" or --auto-prompt="1" (alias of auto-delete)
553569
554570
Notes:
555571
For open files with nano or vim run the scripts with "-d disable_functions=''"

0 commit comments

Comments
 (0)