1 files changed, 35 insertions, 6 deletions
diff --git a/scripts/generate_rules.php b/scripts/generate_rules.php
index 3152342..1824e3f 100644
--- a/scripts/generate_rules.php
+++ b/scripts/generate_rules.php
@@ -40,9 +40,9 @@ foreach($objects as $name => $object){
                $hash = '.hash("' . hash('sha256', $file_content) . '")';
        }
-        $prev_token = null;
+        $tokens = token_get_all($file_content);
-        foreach(token_get_all($file_content) as $token) {
+        foreach ($tokens as $pos => $token) {
                if (!is_array($token)) {
                        continue;
                }
@@ -51,13 +51,23 @@ foreach($objects as $name => $object){
                        $token[1] = substr($token[1], 1);
                }
-                $prev_token_str = $prev_token[1] ?? null;
+                if (!in_array($token[1], $functions_blacklist, true)) {
+                        continue;
+                }
-                if (in_array($token[1], $functions_blacklist, true) && $prev_token_str !== '->' && $prev_token_str !== '::') {
+                $prev_token = find_previous_token($tokens, $pos);
-                        $output[] = 'sp.disable_function.function("' . $token[1] . '").filename("' . $name . '")' . $hash . '.allow();' . "\n";
+                // Ignore function definitions and class calls
+                // function shell_exec() -> ignored
+                // $db->exec() -> ignored
+                // MyClass::assert() -> ignored
+                if ($prev_token === T_FUNCTION
+                        || $prev_token === T_DOUBLE_COLON
+                        || $prev_token === T_OBJECT_OPERATOR) {
+                        continue;
                }
-                $prev_token = $token;
+                $output[] = 'sp.disable_function.function("' . $token[1] . '").filename("' . $name . '")' . $hash . '.allow();' . "\n";
        }
 }
 foreach($functions_blacklist as $fun) {
@@ -67,3 +77,22 @@ foreach($functions_blacklist as $fun) {
 foreach (array_unique($output) as $line) {
        echo $line;
 }
+function find_previous_token(array $tokens, int $pos): ?int
+{
+        for ($i = $pos - 1; $i >= 0; $i--) {
+                $token = $tokens[$i];
+                if ($token[0] === T_WHITESPACE) {
+                        continue;
+                }
+                if (!is_array($token)) {
+                        return null;
+                }
+                return $token[0];
+        }
+        return null;
+}
+\ No newline at end of file

diff --git a/scripts/generate_rules.php b/scripts/generate_rules.php index 3152342..1824e3f 100644 --- a/scripts/generate_rules.php +++ b/scripts/generate_rules.php
@@ -40,9 +40,9 @@ foreach($objects as $name => $object){
40	$hash = '.hash("' . hash('sha256', $file_content) . '")';	40	$hash = '.hash("' . hash('sha256', $file_content) . '")';
41	}	41	}
42		42
43	$prev_token = null;	43	$tokens = token_get_all($file_content);
44		44
45	foreach(token_get_all($file_content) as $token) {	45	foreach ($tokens as $pos => $token) {
46	if (!is_array($token)) {	46	if (!is_array($token)) {
47	continue;	47	continue;
48	}	48	}
@@ -51,13 +51,23 @@ foreach($objects as $name => $object){
51	$token[1] = substr($token[1], 1);	51	$token[1] = substr($token[1], 1);
52	}	52	}
53		53
54	$prev_token_str = $prev_token[1] ?? null;	54	if (!in_array($token[1], $functions_blacklist, true)) {
		55	continue;
		56	}
55		57
56	if (in_array($token[1], $functions_blacklist, true) && $prev_token_str !== '->' && $prev_token_str !== '::') {	58	$prev_token = find_previous_token($tokens, $pos);
57	$output[] = 'sp.disable_function.function("' . $token[1] . '").filename("' . $name . '")' . $hash . '.allow();' . "\n";	59
		60	// Ignore function definitions and class calls
		61	// function shell_exec() -> ignored
		62	// $db->exec() -> ignored
		63	// MyClass::assert() -> ignored
		64	if ($prev_token === T_FUNCTION
		65	\|\| $prev_token === T_DOUBLE_COLON
		66	\|\| $prev_token === T_OBJECT_OPERATOR) {
		67	continue;
58	}	68	}
59		69
60	$prev_token = $token;	70	$output[] = 'sp.disable_function.function("' . $token[1] . '").filename("' . $name . '")' . $hash . '.allow();' . "\n";
61	}	71	}
62	}	72	}
63	foreach($functions_blacklist as $fun) {	73	foreach($functions_blacklist as $fun) {
@@ -67,3 +77,22 @@ foreach($functions_blacklist as $fun) {
67	foreach (array_unique($output) as $line) {	77	foreach (array_unique($output) as $line) {
68	echo $line;	78	echo $line;
69	}	79	}
		80
		81	function find_previous_token(array $tokens, int $pos): ?int
		82	{
		83	for ($i = $pos - 1; $i >= 0; $i--) {
		84	$token = $tokens[$i];
		85
		86	if ($token[0] === T_WHITESPACE) {
		87	continue;
		88	}
		89
		90	if (!is_array($token)) {
		91	return null;
		92	}
		93
		94	return $token[0];
		95	}
		96
		97	return null;
		98	} \ No newline at end of file