Changeset 1228166
- Timestamp:
- 08/22/2015 07:54:32 PM (11 years ago)
- Location:
- code-analyzer
- Files:
-
- 6 added
- 4 deleted
- 2 edited
- 6 copied
-
tags/0.2 (copied) (copied from code-analyzer/trunk)
-
tags/0.2/classes (copied) (copied from code-analyzer/trunk/classes)
-
tags/0.2/classes/class-analyzer.php (added)
-
tags/0.2/classes/class-database.php (added)
-
tags/0.2/classes/class-settings-page.php (added)
-
tags/0.2/classes/class.analyzer.php (deleted)
-
tags/0.2/classes/class.options.php (deleted)
-
tags/0.2/code-analyzer.php (copied) (copied from code-analyzer/trunk/code-analyzer.php) (4 diffs)
-
tags/0.2/includes (copied) (copied from code-analyzer/trunk/includes)
-
tags/0.2/readme.txt (copied) (copied from code-analyzer/trunk/readme.txt) (4 diffs)
-
tags/0.2/uninstall.php (copied) (copied from code-analyzer/trunk/uninstall.php)
-
trunk/classes/class-analyzer.php (added)
-
trunk/classes/class-database.php (added)
-
trunk/classes/class-settings-page.php (added)
-
trunk/classes/class.analyzer.php (deleted)
-
trunk/classes/class.options.php (deleted)
-
trunk/code-analyzer.php (modified) (4 diffs)
-
trunk/readme.txt (modified) (4 diffs)
Legend:
- Unmodified
- Added
- Removed
-
code-analyzer/tags/0.2/code-analyzer.php
r1224187 r1228166 4 4 Plugin URI: https://wordpress.org/plugins/code-analyzer/ 5 5 Description: Simple search tool using regular expressions to find unwanted code in plugins. 6 Version: 0. 16 Version: 0.2 7 7 Author: evilkitteh 8 8 Author URI: http://evilkitteh.cf … … 24 24 */ 25 25 26 27 26 if( ! defined( 'ABSPATH' ) ) { 28 27 exit; … … 33 32 class Code_Analyzer { 34 33 public function __construct() { 35 register_activation_hook( __FILE__, array( $this, 'plugin_activation' ) ); 36 register_deactivation_hook( __FILE__, array( $this, 'plugin_deactivation' ) ); 34 require_once( 'classes/class-database.php' ); 35 36 register_activation_hook( __FILE__, array( 'Database', 'plugin_activation' ) ); 37 register_deactivation_hook( __FILE__, array( 'Database', 'plugin_deactivation' ) ); 38 37 39 add_action( 'init', array( $this, 'plugin_loader' ) ); 38 40 } … … 42 44 define( 'PLUGIN_URL', plugin_dir_url( __FILE__ ) ); 43 45 44 require ( 'classes/class.options.php' );45 new Options;46 require_once( 'classes/class-settings-page.php' ); 47 require_once( 'classes/class-analyzer.php' ); 46 48 47 require( 'classes/class.analyzer.php' ); 49 new Database; 50 new Settings_Page; 48 51 new Analyzer; 49 52 } 50 53 } 51 52 public function plugin_activation() {53 if( get_option( 'code_analyzer_settings' ) === false ) {54 $default_filename_pattern = '/^.+\.(php|js|html|htm)$/i';55 56 $re_function_start = '/(?<=^|[^\"\'\w])';57 $re_function_end = '(?=\s*\()/i';58 $re_tag_start = '/<\s*';59 $re_method_start = '/\.';60 $regex_start = '/';61 $regex_end = '/i';62 63 $default_search_patterns = array(64 $re_function_start . '(assert|create_function|eval)' . $re_function_end => 'Code evaluation',65 $re_function_start . 'preg_replace\s*\(\s*(\"|\')([^a-z\s]).*\2[imsxadsuj]?e[imsxadsuj]?\1' . $regex_end => 'Code evaluation ("e" modifier)',66 $re_function_start . '(exec|passthru|pcntl_exec|popen|proc_open|shell_exec|show_source|system)' . $re_function_end => 'Command execution',67 $re_function_start . 'init_set' . $re_function_end => 'init_set()',68 $re_function_start . 'fopen' . $re_function_end => 'fopen()',69 $re_function_start . '(base64_decode|convert_uudecode|atob)' . $re_function_end => 'Deobfuscation',70 $re_function_start . '(str_rot13|strrev)' . $re_function_end => 'Obfuscation',71 $re_function_start . '(curl_exec|curl_init|fetch_feed|fsockopen|pfsockopen|stream_socket_client|trackback|weblog_ping|wp_get_http_headers|wp_remote_fopen|wp_remote_get|wp_remote_head|wp_remote_post|wp_remote_request|wp_remote_retrieve_body|wp_remote_retrieve_header|wp_remote_retrieve_headers|wp_remote_retrieve_response_code|wp_remote_retrieve_response_message|wp_safe_remote_get|wp_safe_remote_head|wp_safe_remote_post|wp_safe_remote_request)' . $re_function_end => 'Remote request',72 $re_function_start . '(XMLHttpRequest|HttpRequest|WP_Http)\s*(::|\(|;)' . $regex_end => 'Remote request (class/object)',73 $re_function_start . '(mail|wp_mail)' . $re_function_end => 'Remote request (mail sending)',74 $re_function_start . '(chgrp|chmod|chown|file_put_contents|fwrite|rmdir|touch|unlink|WP_Filesystem)' . $re_function_end => 'Filesystem modification',75 $re_function_start . '(\$(bbdb|db|wpdb)|(mssql|mysql|mysqli)(_[a-z]+_?)?)\s*(::|->|_)\s*query' . $re_function_end => 'Direct database query',76 $re_function_start . 'wp_enqueue_script' . $re_function_end => 'Script (enqueued)',77 $re_tag_start . 'script' . $regex_end => 'Script (inline)',78 $re_tag_start . '(iframe|frame)' . $regex_end => 'Iframe',79 $re_tag_start . '(embed|object)' . $regex_end => 'Embedded object',80 $re_tag_start . 'applet' . $regex_end => 'Java applet',81 $re_method_start . 'write(ln)?' . $re_function_end => '.write()',82 $re_method_start . 'fromCharCode' . $re_function_end => '.fromCharCode()',83 $re_method_start . 'fromCodePoint' . $re_function_end => '.fromCodePoint()',84 $re_method_start . 'createElement' . $re_function_end => '.createElement()',85 $regex_start . '(\\\\\d+|\\\\[ux][0-9a-f]+)' . $regex_end => 'Escaped character literal',86 $regex_start . '(?<=^|\W)(0((x[0-9a-f]+)|b[10]+|o\d+))' . $regex_end => 'Integer literal',87 $regex_start . '(?<=\"|\')(https?:)?\/\/[^\s\/$.?#].[^\s]*?(?=\"|\')'. $regex_end => 'URL',88 $regex_start . 'swf'. $regex_end => 'swf',89 $regex_start . '(?<=\"|\')UA-[0-9]+-[0-9]+(?=\"|\')'. $regex_end => 'Google Analytics ID',90 $regex_start . '(?<=\"|\')(ca-)?pub-[0-9]+(?=\"|\')'. $regex_end => 'Google AdSense publisher ID'91 );92 93 add_option( 'code_analyzer_settings', array( 'filename_pattern' => $default_filename_pattern, 'search_patterns' => $default_search_patterns, 'used_classes_functions' => '0' ), '', 'no' );94 }95 }96 97 public function plugin_deactivation(){98 unregister_setting( 'code_analyzer_settings_group', 'code_analyzer_settings' );99 }100 54 } -
code-analyzer/tags/0.2/readme.txt
r1224187 r1228166 4 4 Requires at least: 3.0 5 5 Tested up to: 4.3 6 Stable tag: 0. 16 Stable tag: 0.2 7 7 License: GPLv3 or later 8 8 License URI: https://www.gnu.org/licenses/gpl-3.0.html … … 12 12 == Description == 13 13 14 Scans plugin files for matches to custom regex patterns. Useful for checking whether your plugins don't do anything shady.14 Scans plugin files for matches to **custom regex patterns**. Useful for checking whether your plugins don't do anything shady. 15 15 16 Default search patterns match the following: 17 16 = Default search patterns match the following: = 18 17 * Exploitable PHP and JS functions and HTML tags 19 18 * Code (de)obfuscation … … 21 20 * Filesystem modification 22 21 * Direct database queries 22 * User creation 23 23 * Inline and enqueued scripts 24 24 * Unicode and ASCII character literals, integer literals … … 37 37 1. Configuration page 38 38 2. Example code analysis: Akismet 39 40 == Changelog == 41 42 = 0.2 = 43 44 * Results are now sorted alphabetically 45 * New option "Results display mode" 46 * New search pattern "User creation" -
code-analyzer/trunk/code-analyzer.php
r1224187 r1228166 4 4 Plugin URI: https://wordpress.org/plugins/code-analyzer/ 5 5 Description: Simple search tool using regular expressions to find unwanted code in plugins. 6 Version: 0. 16 Version: 0.2 7 7 Author: evilkitteh 8 8 Author URI: http://evilkitteh.cf … … 24 24 */ 25 25 26 27 26 if( ! defined( 'ABSPATH' ) ) { 28 27 exit; … … 33 32 class Code_Analyzer { 34 33 public function __construct() { 35 register_activation_hook( __FILE__, array( $this, 'plugin_activation' ) ); 36 register_deactivation_hook( __FILE__, array( $this, 'plugin_deactivation' ) ); 34 require_once( 'classes/class-database.php' ); 35 36 register_activation_hook( __FILE__, array( 'Database', 'plugin_activation' ) ); 37 register_deactivation_hook( __FILE__, array( 'Database', 'plugin_deactivation' ) ); 38 37 39 add_action( 'init', array( $this, 'plugin_loader' ) ); 38 40 } … … 42 44 define( 'PLUGIN_URL', plugin_dir_url( __FILE__ ) ); 43 45 44 require ( 'classes/class.options.php' );45 new Options;46 require_once( 'classes/class-settings-page.php' ); 47 require_once( 'classes/class-analyzer.php' ); 46 48 47 require( 'classes/class.analyzer.php' ); 49 new Database; 50 new Settings_Page; 48 51 new Analyzer; 49 52 } 50 53 } 51 52 public function plugin_activation() {53 if( get_option( 'code_analyzer_settings' ) === false ) {54 $default_filename_pattern = '/^.+\.(php|js|html|htm)$/i';55 56 $re_function_start = '/(?<=^|[^\"\'\w])';57 $re_function_end = '(?=\s*\()/i';58 $re_tag_start = '/<\s*';59 $re_method_start = '/\.';60 $regex_start = '/';61 $regex_end = '/i';62 63 $default_search_patterns = array(64 $re_function_start . '(assert|create_function|eval)' . $re_function_end => 'Code evaluation',65 $re_function_start . 'preg_replace\s*\(\s*(\"|\')([^a-z\s]).*\2[imsxadsuj]?e[imsxadsuj]?\1' . $regex_end => 'Code evaluation ("e" modifier)',66 $re_function_start . '(exec|passthru|pcntl_exec|popen|proc_open|shell_exec|show_source|system)' . $re_function_end => 'Command execution',67 $re_function_start . 'init_set' . $re_function_end => 'init_set()',68 $re_function_start . 'fopen' . $re_function_end => 'fopen()',69 $re_function_start . '(base64_decode|convert_uudecode|atob)' . $re_function_end => 'Deobfuscation',70 $re_function_start . '(str_rot13|strrev)' . $re_function_end => 'Obfuscation',71 $re_function_start . '(curl_exec|curl_init|fetch_feed|fsockopen|pfsockopen|stream_socket_client|trackback|weblog_ping|wp_get_http_headers|wp_remote_fopen|wp_remote_get|wp_remote_head|wp_remote_post|wp_remote_request|wp_remote_retrieve_body|wp_remote_retrieve_header|wp_remote_retrieve_headers|wp_remote_retrieve_response_code|wp_remote_retrieve_response_message|wp_safe_remote_get|wp_safe_remote_head|wp_safe_remote_post|wp_safe_remote_request)' . $re_function_end => 'Remote request',72 $re_function_start . '(XMLHttpRequest|HttpRequest|WP_Http)\s*(::|\(|;)' . $regex_end => 'Remote request (class/object)',73 $re_function_start . '(mail|wp_mail)' . $re_function_end => 'Remote request (mail sending)',74 $re_function_start . '(chgrp|chmod|chown|file_put_contents|fwrite|rmdir|touch|unlink|WP_Filesystem)' . $re_function_end => 'Filesystem modification',75 $re_function_start . '(\$(bbdb|db|wpdb)|(mssql|mysql|mysqli)(_[a-z]+_?)?)\s*(::|->|_)\s*query' . $re_function_end => 'Direct database query',76 $re_function_start . 'wp_enqueue_script' . $re_function_end => 'Script (enqueued)',77 $re_tag_start . 'script' . $regex_end => 'Script (inline)',78 $re_tag_start . '(iframe|frame)' . $regex_end => 'Iframe',79 $re_tag_start . '(embed|object)' . $regex_end => 'Embedded object',80 $re_tag_start . 'applet' . $regex_end => 'Java applet',81 $re_method_start . 'write(ln)?' . $re_function_end => '.write()',82 $re_method_start . 'fromCharCode' . $re_function_end => '.fromCharCode()',83 $re_method_start . 'fromCodePoint' . $re_function_end => '.fromCodePoint()',84 $re_method_start . 'createElement' . $re_function_end => '.createElement()',85 $regex_start . '(\\\\\d+|\\\\[ux][0-9a-f]+)' . $regex_end => 'Escaped character literal',86 $regex_start . '(?<=^|\W)(0((x[0-9a-f]+)|b[10]+|o\d+))' . $regex_end => 'Integer literal',87 $regex_start . '(?<=\"|\')(https?:)?\/\/[^\s\/$.?#].[^\s]*?(?=\"|\')'. $regex_end => 'URL',88 $regex_start . 'swf'. $regex_end => 'swf',89 $regex_start . '(?<=\"|\')UA-[0-9]+-[0-9]+(?=\"|\')'. $regex_end => 'Google Analytics ID',90 $regex_start . '(?<=\"|\')(ca-)?pub-[0-9]+(?=\"|\')'. $regex_end => 'Google AdSense publisher ID'91 );92 93 add_option( 'code_analyzer_settings', array( 'filename_pattern' => $default_filename_pattern, 'search_patterns' => $default_search_patterns, 'used_classes_functions' => '0' ), '', 'no' );94 }95 }96 97 public function plugin_deactivation(){98 unregister_setting( 'code_analyzer_settings_group', 'code_analyzer_settings' );99 }100 54 } -
code-analyzer/trunk/readme.txt
r1224187 r1228166 4 4 Requires at least: 3.0 5 5 Tested up to: 4.3 6 Stable tag: 0. 16 Stable tag: 0.2 7 7 License: GPLv3 or later 8 8 License URI: https://www.gnu.org/licenses/gpl-3.0.html … … 12 12 == Description == 13 13 14 Scans plugin files for matches to custom regex patterns. Useful for checking whether your plugins don't do anything shady.14 Scans plugin files for matches to **custom regex patterns**. Useful for checking whether your plugins don't do anything shady. 15 15 16 Default search patterns match the following: 17 16 = Default search patterns match the following: = 18 17 * Exploitable PHP and JS functions and HTML tags 19 18 * Code (de)obfuscation … … 21 20 * Filesystem modification 22 21 * Direct database queries 22 * User creation 23 23 * Inline and enqueued scripts 24 24 * Unicode and ASCII character literals, integer literals … … 37 37 1. Configuration page 38 38 2. Example code analysis: Akismet 39 40 == Changelog == 41 42 = 0.2 = 43 44 * Results are now sorted alphabetically 45 * New option "Results display mode" 46 * New search pattern "User creation"
Note: See TracChangeset
for help on using the changeset viewer.