php-errata/code_check.py at master · muzlightbeer/php-errata · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
#!/usr/bin/env python3

import os
import glob
import re

security_functions = []
deprecat_functions = []
unsafe_functions = []
warning_functions = []
pop_the_champagne_functions = []
danger_functions = []

def create_lists():
    global security_functions
    global deprecat_functions
    global unsafe_functions
    global warning_functions
    global pop_the_champagne_functions
    global danger_functions

    fd = open("security.txt", "r")
    temp = fd.readlines()
    security_functions = [x.strip() for x in temp] #https://stackoverflow.com/questions/3277503/how-do-i-read-a-file-line-by-line-into-a-list
    fd.close()

    fd = open("deprecated.txt", "r")
    temp = fd.readlines()
    deprecat_functions = [x.strip() for x in temp]
    fd.close()

    fd = open("unsafe.txt", "r")
    temp = fd.readlines()
    unsafe_functions = [x.strip() for x in temp]
    fd.close()

    fd = open("warning.txt", "r")
    temp = fd.readlines()
    warning_functions = [x.strip() for x in temp]
    fd.close

    fd = open("code-exec.txt", "r")
    temp = fd.readlines()
    pop_the_champagne_functions = [x.strip() for x in temp]
    fd.close()

    fd = open("danger.txt", "r")
    temp = fd.readlines()
    danger_functions = [x.strip() for x in temp]
    fd.close()

def check_code():
    try:
        os.stat("output")
    except:
        os.mkdir("output")
    security_found_fd = open("output/security_found.txt", "a")
    deprecated_found_fd = open("output/deprecated_found.txt", "a")
    unsafe_found_fd = open("output/unsafe_found.txt", "a")
    warning_found_fd = open("output/warning_found.txt", "a")
    code_exec_found_fd = open("output/code_exec_found.txt", "a")
    danger_found_fd = open("output/danger_found.txt", "a")
    for filename in glob.iglob("SOURCE/**/*.php*", recursive=True):
        fd = open(filename, "r")
        current_file = fd.read()

        for item in security_functions:
            temp = re.search(item, current_file, re.IGNORECASE)
            if temp:
                security_found_fd.write("%s in %s\n" % (item, filename))

        for item in deprecat_functions:
            temp = re.search(item, current_file, re.IGNORECASE)
            if temp:
                deprecated_found_fd.write("%s in %s\n" % (item, filename))

        for item in unsafe_functions:
            temp = re.search(item, current_file, re.IGNORECASE)
            if temp:
                unsafe_found_fd.write("%s in %s\n" % (item, filename))

        for item in warning_functions:
            temp = re.search(item, current_file, re.IGNORECASE)
            if temp:
                warning_found_fd.write("%s in %s\n" % (item, filename))

        for item in pop_the_champagne_functions:
            temp = re.search(item, current_file, re.IGNORECASE)
            if temp:
                code_exec_found_fd.write("%s in %s\n" % (item, filename))

        for item in danger_functions:
            temp = re.search(item, current_file, re.IGNORECASE)
            if temp:
                danger_found_fd.write("%s in %s\n" % (item, filename))

        fd.close()

    security_found_fd.close()
    deprecated_found_fd.close()
    unsafe_found_fd.close()
    warning_found_fd.close()
    code_exec_found_fd.close()
    danger_found_fd.close()

def main():
    create_lists()
    check_code()

if __name__ == "__main__":
    main()