twb
/
neatoDeploy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
PHP Deployment Scripts
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
20 Commits
1 Branch
0 Tags
1.2 MiB
 
 
Tag: Branch: Tree: 073f135b5e
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '073f135b5e'
${ noResults }
neatoDeploy/app/neato_danger_checker.php

217 lines
5.1 KiB
Raw Blame History

<?php
if (! function_exists('readline') ) {
function readline($question)
{
$fh = fopen('php://stdin', 'r');
echo $question;
$userInput = trim(fgets($fh));
fclose($fh);
return $userInput;
}
}
function is_file_dangerious($file_name) : bool {
$match_on = [ 'reflectionfunction', '`' ];
$dangerious = [
'exec',
'passthru',
'system',
'shell_exec',
'eval',
'assert',
'preg_replace',
'create_function',
'include',
'include_once',
'require',
'require_once',
'popen',
'proc_open',
'pcntl_exec',
'ob_start',
'array_diff_uassoc',
'array_diff_ukey',
'array_filter',
'array_intersect_uassoc',
'array_intersect_ukey',
'array_map',
'array_reduce',
'array_udiff_assoc',
'array_udiff_uassoc',
'array_udiff',
'array_uintersect_assoc',
'array_uintersect_uassoc',
'array_uintersect',
'array_walk_recursive',
'array_walk',
'assert_options',
'uasort',
'uksort',
'usort',
'preg_replace_callback',
'spl_autoload_register',
'iterator_apply',
'call_user_func',
'call_user_func_array',
'register_shutdown_function',
'register_tick_function',
'set_error_handler',
'set_exception_handler',
'session_set_save_handler',
'sqlite_create_aggregate',
'sqlite_create_function',
'phpinfo',
'posix_mkfifo',
'posix_getlogin',
'posix_ttyname',
'getenv',
'get_current_user',
'proc_get_status',
'get_cfg_var',
'disk_free_space',
'disk_total_space',
'diskfreespace',
'getcwd',
'getlastmo',
'getmygid',
'getmyinode',
'getmypid',
'getmyuid',
'extract',
'parse_str',
'putenv',
'ini_set',
'mail',
'header',
'proc_nice',
'proc_terminate',
'proc_close',
'pfsockopen',
'fsockopen',
'apache_child_terminate',
'posix_kill',
'posix_mkfifo',
'posix_setpgid',
'posix_setsid',
'posix_setuid',
'fopen',
'tmpfile',
'bzopen',
'gzopen',
'SplFileObject',
'chgrp',
'chmod',
'chown',
'copy',
'file_put_contents',
'lchgrp',
'lchown',
'link',
'mkdir',
'move_uploaded_file',
'rename',
'rmdir',
'symlink',
'tempnam',
'touch',
'unlink',
'imagepng',
'imagewbmp',
'image2wbmp',
'imagejpeg',
'imagexbm',
'imagegif',
'imagegd',
'imagegd2',
'iptcembed',
'ftp_get',
'ftp_nb_get',
'file_exists',
'file_get_contents',
'file',
'fileatime',
'filectime',
'filegroup',
'fileinode',
'filemtime',
'fileowner',
'fileperms',
'filesize',
'filetype',
'glob',
'is_dir',
'is_executable',
'is_file',
'is_link',
'is_readable',
'is_uploaded_file',
'is_writable',
'is_writeable',
'linkinfo',
'lstat',
'parse_ini_file',
'pathinfo',
'readfile',
'readlink',
'realpath',
'stat',
'gzfile',
'readgzfile',
'getimagesize',
'imagecreatefromgif',
'imagecreatefromjpeg',
'imagecreatefrompng',
'imagecreatefromwbmp',
'imagecreatefromxbm',
'imagecreatefromxpm',
'ftp_put',
'ftp_nb_put',
'exif_read_data',
'read_exif_data',
'exif_thumbnail',
'exif_imagetype',
'hash_file',
'hash_hmac_file',
'hash_update_file',
'md5_file',
'sha1_file',
'highlight_file',
'show_source',
'php_strip_whitespace',
'get_meta_tags',
];
$handle = fopen($file_name, "r");
$found = false;
if ($handle) {
while ( ($line = fgets($handle) ) !== false ) {
$line = strtolower( $line ); // make sure it matches
$line = str_replace( ' ', '', $line ); // remove white-spaces!
foreach( $dangerious as $danger ) {
if ( is_string_found( $line, $danger . "(" ) ) {
echo PHP_EOL . "Warning: Found method: {$danger} in : " . $line . PHP_EOL;
$found = true;
}
}
foreach( $match_on as $whole_match ) {
if ( is_string_found($line, $whole_match) ) {
echo PHP_EOL . "Warning: Found method: {$whole_match} in : " . $line . PHP_EOL;
$found = true;
}
}
}
fclose($handle);
} else {
echo "Unable to read Script!" . PHP_EOL;
exit(1);
}
return $found;
}