Code Coverage - adamjakab/SuiteCRM - Measure and Improve Code Quality continuously with Scrutinizer

Code

SugarSecurity.php

< 40 %

40-60 %

> 60 %

<?PHP
/*********************************************************************************
 * SugarCRM Community Edition is a customer relationship management program developed by
 * SugarCRM, Inc. Copyright (C) 2004-2013 SugarCRM Inc.

 * SuiteCRM is an extension to SugarCRM Community Edition developed by Salesagility Ltd.
 * Copyright (C) 2011 - 2014 Salesagility Ltd.
 *
 * This program is free software; you can redistribute it and/or modify it under
 * the terms of the GNU Affero General Public License version 3 as published by the
 * Free Software Foundation with the addition of the following permission added
 * to Section 15 as permitted in Section 7(a): FOR ANY PART OF THE COVERED WORK
 * IN WHICH THE COPYRIGHT IS OWNED BY SUGARCRM, SUGARCRM DISCLAIMS THE WARRANTY
 * OF NON INFRINGEMENT OF THIRD PARTY RIGHTS.
 *
 * This program is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
 * FOR A PARTICULAR PURPOSE.  See the GNU Affero General Public License for more
 * details.
 *
 * You should have received a copy of the GNU Affero General Public License along with
 * this program; if not, see http://www.gnu.org/licenses or write to the Free
 * Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
 * 02110-1301 USA.
 *
 * You can contact SugarCRM, Inc. headquarters at 10050 North Wolfe Road,
 * SW2-130, Cupertino, CA 95014, USA. or at email address [email protected].
 *
 * The interactive user interfaces in modified source and object code versions
 * of this program must display Appropriate Legal Notices, as required under
 * Section 5 of the GNU Affero General Public License version 3.
 *
 * In accordance with Section 7(b) of the GNU Affero General Public License version 3,
 * these Appropriate Legal Notices must retain the display of the "Powered by
 * SugarCRM" logo and "Supercharged by SuiteCRM" logo. If the display of the logos is not
 * reasonably feasible for  technical reasons, the Appropriate Legal Notices must
 * display the words  "Powered by SugarCRM" and "Supercharged by SuiteCRM".
 ********************************************************************************/





class SugarSecure{
	var $results = array();
	function display(){
		echo '<table>';
		foreach($this->results as $result){
			echo '<tr><td>' . nl2br($result) . '</td></tr>';
		}
		echo '</table>';
	}
	
	function save($file=''){
		$fp = fopen($file, 'a');
		foreach($this->results as $result){
			fwrite($fp , $result);
		}
		fclose($fp);
	}
	
	function scan($path= '.', $ext = '.php'){
		$dir = dir($path);
		while($entry = $dir->read()){
			if(is_dir($path . '/' . $entry) && $entry != '.' && $entry != '..'){
				$this->scan($path .'/' . $entry);	
			}
			if(is_file($path . '/'. $entry) && substr($entry, strlen($entry) - strlen($ext), strlen($ext)) == $ext){
				$contents = file_get_contents($path .'/'. $entry);	
				$this->scanContents($contents, $path .'/'. $entry);
			}
		}
	}
	
	function scanContents($contents){
		return;	
	}
	
	
}

class ScanFileIncludes extends SugarSecure{
	function scanContents($contents, $file){
		$results = array();
		$found = '';
		/*preg_match_all("'(require_once\([^\)]*\\$[^\)]*\))'si", $contents, $results, PREG_SET_ORDER);
		foreach($results as $result){
			
			$found .= "\n" . $result[0];	
		}
		$results = array();
		preg_match_all("'include_once\([^\)]*\\$[^\)]*\)'si", $contents, $results, PREG_SET_ORDER);
		foreach($results as $result){
			$found .= "\n" . $result[0];	
		}
		*/
		$results = array();
		preg_match_all("'require\([^\)]*\\$[^\)]*\)'si", $contents, $results, PREG_SET_ORDER);
		foreach($results as $result){
			$found .= "\n" . $result[0];	
		}
		$results = array();
		preg_match_all("'include\([^\)]*\\$[^\)]*\)'si", $contents, $results, PREG_SET_ORDER);
		foreach($results as $result){
			$found .= "\n" . $result[0];	
		}
		$results = array();
		preg_match_all("'require_once\([^\)]*\\$[^\)]*\)'si", $contents, $results, PREG_SET_ORDER);
		foreach($results as $result){
			$found .= "\n" . $result[0];	
		}
		$results = array();
		preg_match_all("'fopen\([^\)]*\\$[^\)]*\)'si", $contents, $results, PREG_SET_ORDER);
		foreach($results as $result){
			$found .= "\n" . $result[0];	
		}
		$results = array();
		preg_match_all("'file_get_contents\([^\)]*\\$[^\)]*\)'si", $contents, $results, PREG_SET_ORDER);
		foreach($results as $result){
			$found .= "\n" . $result[0];	
		}
		if(!empty($found)){
			$this->results[] = $file . $found."\n\n";	
		}
		
	}
	
	
}
	


class SugarSecureManager{
	var $scanners = array();
	function registerScan($class){
		$this->scanners[] = new $class();
	}
	
	function scan(){
		
		while($scanner = current($this->scanners)){
			$scanner->scan();
			$scanner = next($this->scanners);
		}
		reset($this->scanners);	
	}
	
	function display(){
		
		while($scanner = current($this->scanners)){
			echo 'Scan Results: ';
			$scanner->display();
			$scanner = next($this->scanners);
		}
		reset($this->scanners);	
	}
	
	function save(){
		//reset($this->scanners);	
		$name = 'SugarSecure'. time() . '.txt';
		while($this->scanners  = next($this->scanners)){
			$scanner->save($name);
		}
	}
	
}
$secure = new SugarSecureManager();
$secure->registerScan('ScanFileIncludes');
$secure->scan();
$secure->display();

1			<?PHP
2			/*********************************************************************************
3			* SugarCRM Community Edition is a customer relationship management program developed by
4			* SugarCRM, Inc. Copyright (C) 2004-2013 SugarCRM Inc.
5
6			* SuiteCRM is an extension to SugarCRM Community Edition developed by Salesagility Ltd.
7			* Copyright (C) 2011 - 2014 Salesagility Ltd.
8			*
9			* This program is free software; you can redistribute it and/or modify it under
10			* the terms of the GNU Affero General Public License version 3 as published by the
11			* Free Software Foundation with the addition of the following permission added
12			* to Section 15 as permitted in Section 7(a): FOR ANY PART OF THE COVERED WORK
13			* IN WHICH THE COPYRIGHT IS OWNED BY SUGARCRM, SUGARCRM DISCLAIMS THE WARRANTY
14			* OF NON INFRINGEMENT OF THIRD PARTY RIGHTS.
15			*
16			* This program is distributed in the hope that it will be useful, but WITHOUT
17			* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
18			* FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
19			* details.
20			*
21			* You should have received a copy of the GNU Affero General Public License along with
22			* this program; if not, see http://www.gnu.org/licenses or write to the Free
23			* Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
24			* 02110-1301 USA.
25			*
26			* You can contact SugarCRM, Inc. headquarters at 10050 North Wolfe Road,
27			* SW2-130, Cupertino, CA 95014, USA. or at email address [email protected].
28			*
29			* The interactive user interfaces in modified source and object code versions
30			* of this program must display Appropriate Legal Notices, as required under
31			* Section 5 of the GNU Affero General Public License version 3.
32			*
33			* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
34			* these Appropriate Legal Notices must retain the display of the "Powered by
35			* SugarCRM" logo and "Supercharged by SuiteCRM" logo. If the display of the logos is not
36			* reasonably feasible for technical reasons, the Appropriate Legal Notices must
37			* display the words "Powered by SugarCRM" and "Supercharged by SuiteCRM".
38			********************************************************************************/
39
40
41
42
43
44			class SugarSecure{
45			var $results = array();
46			function display(){
47			echo '<table>';
48			foreach($this->results as $result){
49			echo '<tr><td>' . nl2br($result) . '</td></tr>';
50			}
51			echo '</table>';
52			}
53
54			function save($file=''){
55			$fp = fopen($file, 'a');
56			foreach($this->results as $result){
57			fwrite($fp , $result);
58			}
59			fclose($fp);
60			}
61
62			function scan($path= '.', $ext = '.php'){
63			$dir = dir($path);
64			while($entry = $dir->read()){
65			if(is_dir($path . '/' . $entry) && $entry != '.' && $entry != '..'){
66			$this->scan($path .'/' . $entry);
67			}
68			if(is_file($path . '/'. $entry) && substr($entry, strlen($entry) - strlen($ext), strlen($ext)) == $ext){
69			$contents = file_get_contents($path .'/'. $entry);
70			$this->scanContents($contents, $path .'/'. $entry);
71			}
72			}
73			}
74
75			function scanContents($contents){
76			return;
77			}
78
79
80			}
81
82			class ScanFileIncludes extends SugarSecure{
83			function scanContents($contents, $file){
84			$results = array();
85			$found = '';
86			/preg_match_all("'(require_once\([^\)]\\$[^\)]*\))'si", $contents, $results, PREG_SET_ORDER);
87			foreach($results as $result){
88
89			$found .= "\n" . $result[0];
90			}
91			$results = array();
92			preg_match_all("'include_once\([^\)]\\$[^\)]\)'si", $contents, $results, PREG_SET_ORDER);
93			foreach($results as $result){
94			$found .= "\n" . $result[0];
95			}
96			*/
97			$results = array();
98			preg_match_all("'require\([^\)]\\$[^\)]\)'si", $contents, $results, PREG_SET_ORDER);
99			foreach($results as $result){
100			$found .= "\n" . $result[0];
101			}
102			$results = array();
103			preg_match_all("'include\([^\)]\\$[^\)]\)'si", $contents, $results, PREG_SET_ORDER);
104			foreach($results as $result){
105			$found .= "\n" . $result[0];
106			}
107			$results = array();
108			preg_match_all("'require_once\([^\)]\\$[^\)]\)'si", $contents, $results, PREG_SET_ORDER);
109			foreach($results as $result){
110			$found .= "\n" . $result[0];
111			}
112			$results = array();
113			preg_match_all("'fopen\([^\)]\\$[^\)]\)'si", $contents, $results, PREG_SET_ORDER);
114			foreach($results as $result){
115			$found .= "\n" . $result[0];
116			}
117			$results = array();
118			preg_match_all("'file_get_contents\([^\)]\\$[^\)]\)'si", $contents, $results, PREG_SET_ORDER);
119			foreach($results as $result){
120			$found .= "\n" . $result[0];
121			}
122			if(!empty($found)){
123			$this->results[] = $file . $found."\n\n";
124			}
125
126			}
127
128
129			}
130
131
132
133			class SugarSecureManager{
134			var $scanners = array();
135			function registerScan($class){
136			$this->scanners[] = new $class();
137			}
138
139			function scan(){
140
141			while($scanner = current($this->scanners)){
142			$scanner->scan();
143			$scanner = next($this->scanners);
144			}
145			reset($this->scanners);
146			}
147
148			function display(){
149
150			while($scanner = current($this->scanners)){
151			echo 'Scan Results: ';
152			$scanner->display();
153			$scanner = next($this->scanners);
154			}
155			reset($this->scanners);
156			}
157
158			function save(){
159			//reset($this->scanners);
160			$name = 'SugarSecure'. time() . '.txt';
161			while($this->scanners = next($this->scanners)){
162			$scanner->save($name);
163			}
164			}
165
166			}
167			$secure = new SugarSecureManager();
168			$secure->registerScan('ScanFileIncludes');
169			$secure->scan();
170			$secure->display();

adamjakab / SuiteCRM

Code