Initial import

author: Sebastien Blot 2017-09-20 10:11:01 +0200
committer: Sebastien Blot 2017-09-20 10:11:01 +0200
commit: 868f96c759b6650d88ff9f4fbc5c048302134248 (patch)
tree: c0de0af318bf77a8959164ef11aeeeb2b7bab294 /scripts
1 files changed, 43 insertions, 0 deletions
diff --git a/scripts/generate_rules.php b/scripts/generate_rules.php
new file mode 100644
index 0000000..e286ef1
--- /dev/null
+++ b/scripts/generate_rules.php
@@ -0,0 +1,43 @@
+<?php
+if ($argc != 2) {
+        echo 'Please provide a folder as argument.';
+        die();
+}
+$functions_blacklist = ['shell_exec', 'exec', 'passthru', 'php_uname', 'popen',
+        'posix_kill', 'posix_mkfifo', 'posix_setpgid', 'posix_setsid', 'posix_setuid',
+        'posix_setgid', 'posix_uname', 'proc_close', 'proc_nice', 'proc_open',
+        'proc_terminate', 'proc_open', 'proc_get_status', 'dl', 'pnctl_exec',
+    'pnctl_fork', 'assert', 'system'];
+$extensions = ['php', 'php7', 'php5'];
+$path = realpath($argv[1]);
+$objects = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($path));
+foreach($objects as $name => $object){
+        if (FALSE === in_array (pathinfo($name, PATHINFO_EXTENSION), $extensions, true)) {
+                continue;
+        }
+        $hash = '';
+        $file_content = file_get_contents($name);
+        foreach(token_get_all($file_content) as $token) {
+                if ($token[0] != 319) {
+                        continue;
+                }
+                if (in_array($token[1], $functions_blacklist, true)) {
+                        if ('' === $hash) {
+                                $hash = hash('sha256', $file_content);
+                        }
+                        echo 'sp.disable_function.function("' . $token[1] . '").filename("' . $name . '").hash("' . $hash . '").allow();' . "\n";
+                }
+        }
+}
+foreach($functions_blacklist as $fun) {
+        echo 'sp.disable_function.function("' . $fun . '").drop();' . "\n";
+}
author	Sebastien Blot	2017-09-20 10:11:01 +0200
committer	Sebastien Blot	2017-09-20 10:11:01 +0200
commit	868f96c759b6650d88ff9f4fbc5c048302134248 (patch)
tree	c0de0af318bf77a8959164ef11aeeeb2b7bab294 /scripts

diff --git a/scripts/generate_rules.php b/scripts/generate_rules.php new file mode 100644 index 0000000..e286ef1 --- /dev/null +++ b/scripts/generate_rules.php
@@ -0,0 +1,43 @@
	1	<?php
	2
	3	if ($argc != 2) {
	4	echo 'Please provide a folder as argument.';
	5	die();
	6	}
	7
	8	$functions_blacklist = ['shell_exec', 'exec', 'passthru', 'php_uname', 'popen',
	9	'posix_kill', 'posix_mkfifo', 'posix_setpgid', 'posix_setsid', 'posix_setuid',
	10	'posix_setgid', 'posix_uname', 'proc_close', 'proc_nice', 'proc_open',
	11	'proc_terminate', 'proc_open', 'proc_get_status', 'dl', 'pnctl_exec',
	12	'pnctl_fork', 'assert', 'system'];
	13
	14	$extensions = ['php', 'php7', 'php5'];
	15
	16	$path = realpath($argv[1]);
	17
	18	$objects = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($path));
	19	foreach($objects as $name => $object){
	20	if (FALSE === in_array (pathinfo($name, PATHINFO_EXTENSION), $extensions, true)) {
	21	continue;
	22	}
	23
	24	$hash = '';
	25	$file_content = file_get_contents($name);
	26
	27	foreach(token_get_all($file_content) as $token) {
	28	if ($token[0] != 319) {
	29	continue;
	30	}
	31
	32	if (in_array($token[1], $functions_blacklist, true)) {
	33	if ('' === $hash) {
	34	$hash = hash('sha256', $file_content);
	35	}
	36	echo 'sp.disable_function.function("' . $token[1] . '").filename("' . $name . '").hash("' . $hash . '").allow();' . "\n";
	37	}
	38	}
	39	}
	40	foreach($functions_blacklist as $fun) {
	41	echo 'sp.disable_function.function("' . $fun . '").drop();' . "\n";
	42
	43	}