|
|
iTx Technologies offre gratuitement
|
||
[Vue sommaire] [Imprimer] [Vue textuelle]
1 <?PHP 2 /********************************************************************************* 3 * SugarCRM is a customer relationship management program developed by 4 * SugarCRM, Inc. Copyright (C) 2004 - 2009 SugarCRM Inc. 5 * 6 * This program is free software; you can redistribute it and/or modify it under 7 * the terms of the GNU General Public License version 3 as published by the 8 * Free Software Foundation with the addition of the following permission added 9 * to Section 15 as permitted in Section 7(a): FOR ANY PART OF THE COVERED WORK 10 * IN WHICH THE COPYRIGHT IS OWNED BY SUGARCRM, SUGARCRM DISCLAIMS THE WARRANTY 11 * OF NON INFRINGEMENT OF THIRD PARTY RIGHTS. 12 * 13 * This program is distributed in the hope that it will be useful, but WITHOUT 14 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS 15 * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more 16 * details. 17 * 18 * You should have received a copy of the GNU General Public License along with 19 * this program; if not, see http://www.gnu.org/licenses or write to the Free 20 * Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 21 * 02110-1301 USA. 22 * 23 * You can contact SugarCRM, Inc. headquarters at 10050 North Wolfe Road, 24 * SW2-130, Cupertino, CA 95014, USA. or at email address contact@sugarcrm.com. 25 * 26 * The interactive user interfaces in modified source and object code versions 27 * of this program must display Appropriate Legal Notices, as required under 28 * Section 5 of the GNU General Public License version 3. 29 * 30 * In accordance with Section 7(b) of the GNU General Public License version 3, 31 * these Appropriate Legal Notices must retain the display of the "Powered by 32 * SugarCRM" logo. If the display of the logo is not reasonably feasible for 33 * technical reasons, the Appropriate Legal Notices must display the words 34 * "Powered by SugarCRM". 35 ********************************************************************************/ 36 37 38 39 40 class SugarSecure{ 41 var $results = array(); 42 function display(){ 43 echo '<table>'; 44 foreach($this->results as $result){ 45 echo '<tr><td>' . nl2br($result) . '</td></tr>'; 46 } 47 echo '</table>'; 48 } 49 50 function save($file=''){ 51 $fp = fopen($file, 'a'); 52 foreach($this->results as $result){ 53 fwrite($fp , $result); 54 } 55 fclose($fp); 56 } 57 58 function scan($path= '.', $ext = '.php'){ 59 $dir = dir($path); 60 while($entry = $dir->read()){ 61 if(is_dir($path . '/' . $entry) && $entry != '.' && $entry != '..'){ 62 $this->scan($path .'/' . $entry); 63 } 64 if(is_file($path . '/'. $entry) && substr($entry, strlen($entry) - strlen($ext), strlen($ext)) == $ext){ 65 $contents = file_get_contents($path .'/'. $entry); 66 $this->scanContents($contents, $path .'/'. $entry); 67 } 68 } 69 } 70 71 function scanContents($contents){ 72 return; 73 } 74 75 76 } 77 78 class ScanFileIncludes extends SugarSecure{ 79 function scanContents($contents, $file){ 80 $results = array(); 81 $found = ''; 82 /*preg_match_all("'(require_once\([^\)]*\\$[^\)]*\))'si", $contents, $results, PREG_SET_ORDER); 83 foreach($results as $result){ 84 85 $found .= "\n" . $result[0]; 86 } 87 $results = array(); 88 preg_match_all("'include_once\([^\)]*\\$[^\)]*\)'si", $contents, $results, PREG_SET_ORDER); 89 foreach($results as $result){ 90 $found .= "\n" . $result[0]; 91 } 92 */ 93 $results = array(); 94 preg_match_all("'require\([^\)]*\\$[^\)]*\)'si", $contents, $results, PREG_SET_ORDER); 95 foreach($results as $result){ 96 $found .= "\n" . $result[0]; 97 } 98 $results = array(); 99 preg_match_all("'include\([^\)]*\\$[^\)]*\)'si", $contents, $results, PREG_SET_ORDER); 100 foreach($results as $result){ 101 $found .= "\n" . $result[0]; 102 } 103 $results = array(); 104 preg_match_all("'require_once\([^\)]*\\$[^\)]*\)'si", $contents, $results, PREG_SET_ORDER); 105 foreach($results as $result){ 106 $found .= "\n" . $result[0]; 107 } 108 $results = array(); 109 preg_match_all("'fopen\([^\)]*\\$[^\)]*\)'si", $contents, $results, PREG_SET_ORDER); 110 foreach($results as $result){ 111 $found .= "\n" . $result[0]; 112 } 113 $results = array(); 114 preg_match_all("'file_get_contents\([^\)]*\\$[^\)]*\)'si", $contents, $results, PREG_SET_ORDER); 115 foreach($results as $result){ 116 $found .= "\n" . $result[0]; 117 } 118 if(!empty($found)){ 119 $this->results[] = $file . $found."\n\n"; 120 } 121 122 } 123 124 125 } 126 127 128 129 class SugarSecureManager{ 130 var $scanners = array(); 131 function registerScan($class){ 132 $this->scanners[] = new $class(); 133 } 134 135 function scan(){ 136 137 while($scanner = current($this->scanners)){ 138 $scanner->scan(); 139 $scanner = next($this->scanners); 140 } 141 reset($this->scanners); 142 } 143 144 function display(){ 145 146 while($scanner = current($this->scanners)){ 147 echo 'Scan Results: '; 148 $scanner->display(); 149 $scanner = next($this->scanners); 150 } 151 reset($this->scanners); 152 } 153 154 function save(){ 155 //reset($this->scanners); 156 $name = 'SugarSecure'. time() . '.txt'; 157 while($this->scanners = next($this->scanners)){ 158 $scanner->save($name); 159 } 160 } 161 162 } 163 $secure = new SugarSecureManager(); 164 $secure->registerScan('ScanFileIncludes'); 165 $secure->scan(); 166 $secure->display();
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
|
|
|
|