| [ Index ] |
|
Code source de SugarCRM 5.0.0beta1 |
1 <?PHP 2 /********************************************************************************* 3 * SugarCRM is a customer relationship management program developed by 4 * SugarCRM, Inc. Copyright (C) 2004 - 2007 SugarCRM Inc. 5 * 6 * This program is free software; you can redistribute it and/or modify it under 7 * the terms of the GNU General Public License version 3 as published by the 8 * Free Software Foundation. 9 * 10 * This program is distributed in the hope that it will be useful, but WITHOUT 11 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS 12 * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more 13 * details. 14 * 15 * You should have received a copy of the GNU General Public License along with 16 * this program; if not, see http://www.gnu.org/licenses or write to the Free 17 * Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 18 * 02110-1301 USA. 19 * 20 * You can contact SugarCRM, Inc. headquarters at 10050 North Wolfe Road, 21 * SW2-130, Cupertino, CA 95014, USA. or at email address contact@sugarcrm.com. 22 * 23 * The interactive user interfaces in modified source and object code versions 24 * of this program must display Appropriate Legal Notices, as required under 25 * Section 5 of the GNU General Public License version 3. 26 * 27 * In accordance with Section 7(b) of the GNU General Public License version 3, 28 * these Appropriate Legal Notices must retain the display of the "Powered by 29 * SugarCRM" logo. If the display of the logo is not reasonably feasible for 30 * technical reasons, the Appropriate Legal Notices must display the words 31 * "Powered by SugarCRM". 32 ********************************************************************************/ 33 34 35 36 37 class SugarSecure{ 38 var $results = array(); 39 function display(){ 40 echo '<table>'; 41 foreach($this->results as $result){ 42 echo '<tr><td>' . nl2br($result) . '</td></tr>'; 43 } 44 echo '</table>'; 45 } 46 47 function save($file=''){ 48 $fp = fopen($file, 'a'); 49 foreach($this->results as $result){ 50 fwrite($fp , $result); 51 } 52 fclose($fp); 53 } 54 55 function scan($path= '.', $ext = '.php'){ 56 $dir = dir($path); 57 while($entry = $dir->read()){ 58 if(is_dir($path . '/' . $entry) && $entry != '.' && $entry != '..'){ 59 $this->scan($path .'/' . $entry); 60 } 61 if(is_file($path . '/'. $entry) && substr($entry, strlen($entry) - strlen($ext), strlen($ext)) == $ext){ 62 $contents = file_get_contents($path .'/'. $entry); 63 $this->scanContents($contents, $path .'/'. $entry); 64 } 65 } 66 } 67 68 function scanContents($contents){ 69 return; 70 } 71 72 73 } 74 75 class ScanFileIncludes extends SugarSecure{ 76 function scanContents($contents, $file){ 77 $results = array(); 78 $found = ''; 79 /*preg_match_all("'(require_once\([^\)]*\\$[^\)]*\))'si", $contents, $results, PREG_SET_ORDER); 80 foreach($results as $result){ 81 82 $found .= "\n" . $result[0]; 83 } 84 $results = array(); 85 preg_match_all("'include_once\([^\)]*\\$[^\)]*\)'si", $contents, $results, PREG_SET_ORDER); 86 foreach($results as $result){ 87 $found .= "\n" . $result[0]; 88 } 89 */ 90 $results = array(); 91 preg_match_all("'require\([^\)]*\\$[^\)]*\)'si", $contents, $results, PREG_SET_ORDER); 92 foreach($results as $result){ 93 $found .= "\n" . $result[0]; 94 } 95 $results = array(); 96 preg_match_all("'include\([^\)]*\\$[^\)]*\)'si", $contents, $results, PREG_SET_ORDER); 97 foreach($results as $result){ 98 $found .= "\n" . $result[0]; 99 } 100 $results = array(); 101 preg_match_all("'require_once\([^\)]*\\$[^\)]*\)'si", $contents, $results, PREG_SET_ORDER); 102 foreach($results as $result){ 103 $found .= "\n" . $result[0]; 104 } 105 $results = array(); 106 preg_match_all("'fopen\([^\)]*\\$[^\)]*\)'si", $contents, $results, PREG_SET_ORDER); 107 foreach($results as $result){ 108 $found .= "\n" . $result[0]; 109 } 110 $results = array(); 111 preg_match_all("'file_get_contents\([^\)]*\\$[^\)]*\)'si", $contents, $results, PREG_SET_ORDER); 112 foreach($results as $result){ 113 $found .= "\n" . $result[0]; 114 } 115 if(!empty($found)){ 116 $this->results[] = $file . $found."\n\n"; 117 } 118 119 } 120 121 122 } 123 124 125 126 class SugarSecureManager{ 127 var $scanners = array(); 128 function registerScan($class){ 129 $this->scanners[] = new $class(); 130 } 131 132 function scan(){ 133 134 while($scanner = current($this->scanners)){ 135 $scanner->scan(); 136 $scanner = next($this->scanners); 137 } 138 reset($this->scanners); 139 } 140 141 function display(){ 142 143 while($scanner = current($this->scanners)){ 144 echo 'Scan Results: '; 145 $scanner->display(); 146 $scanner = next($this->scanners); 147 } 148 reset($this->scanners); 149 } 150 151 function save(){ 152 //reset($this->scanners); 153 $name = 'SugarSecure'. time() . '.txt'; 154 while($this->scanners = next($this->scanners)){ 155 $scanner->save($name); 156 } 157 } 158 159 } 160 $secure = new SugarSecureManager(); 161 $secure->registerScan('ScanFileIncludes'); 162 $secure->scan(); 163 $secure->display();
titre
Description
Corps
titre
Description
Corps
titre
Description
Corps
titre
Corps
| Généré le : Tue Sep 11 10:48:47 2007 | par Balluche grâce à PHPXref 0.7 |