diff --git a/HeuristicAnalyser.php b/HeuristicAnalyser.php index 4124eb5..2e3ae21 100644 --- a/HeuristicAnalyser.php +++ b/HeuristicAnalyser.php @@ -328,6 +328,7 @@ public function processContent() $this->mathematics->evaluateMathExpressions(); $this->strings->convertToSimple($key); $this->strings->convertChrFunctionToString($key); + $this->strings->convertFileGetContentsToString($this->path); } foreach ( $this->tokens as $key => $_current_token ) { @@ -351,7 +352,7 @@ public function processContent() // Executing decoding functions // @ToDo there was many false positives! - // $this->transformations->decodeData($key); + $this->transformations->decodeData($key); } $this->variables->concatenate(); // Concatenates variable content if it's possible diff --git a/Modules/Strings.php b/Modules/Strings.php index 074fcc4..aa549ba 100644 --- a/Modules/Strings.php +++ b/Modules/Strings.php @@ -105,6 +105,64 @@ static function ($elem) { return false; } + /** + * Convert file_get_contents(__DIR__ . '/file.example') to gathered content string + * + * @param string $current_file_path + * @return void + */ + public function convertFileGetContentsToString($current_file_path) + { + if ( + $this->tokens->current->type === 'T_STRING' && + $this->tokens->current->value === 'file_get_contents' && + $this->tokens->next1->value === '(' + ) { + $start_position = $this->tokens->next1[3]; + $closing_bracket_position = $this->tokens->searchForward($start_position, ')'); + $tokens_inside_brackets = $this->tokens->getRange($start_position + 1, $closing_bracket_position - 1); + + // Check against of nested bracers. + // @ToDo implement nested bracers values calculating + $is_nested_bracers = false; + foreach ( $tokens_inside_brackets as $token ) { + if ( $token->value === '(' ) { + $is_nested_bracers = true; + } + } + + if ( $is_nested_bracers ) { + return; + } + + // Calculate path string + $path = ''; + foreach ($tokens_inside_brackets as $token) { + if ( $token->isTypeOf('could_be_concatenated') ) { + $path .= trim((string)$token->value, '\''); + } + if ( $token->type === 'T_DIR' ) { + $path .= dirname($current_file_path); + } + } + + if ( $path && file_exists($path) ) { + // Delete tokens which contained the file_get_contents expression + for ( $i = $start_position; $i <= $closing_bracket_position; $i++ ) { + $this->tokens->unsetTokens($i); + } + + // Insert newly calculated token with gathered content string + $this->tokens['current'] = new Token( + 'T_LNUMBER', + @file_get_contents($path), + $this->tokens->current->line, + $this->tokens->current->key + ); + } + } + } + /** * Concatenates simple strings with type T_CONSTANT_ENCAPSED_STRING * diff --git a/Modules/Transformations.php b/Modules/Transformations.php index b2cebc9..3f8a094 100644 --- a/Modules/Transformations.php +++ b/Modules/Transformations.php @@ -132,23 +132,20 @@ private function transformHexStringIntoTokens($hex_string) $data = @hex2bin($data); } if ( $data ) { - //tokenize data to from parts - $data = @token_get_all('tokens->unsetTokens('prev1', 'next1', 'next2', 'next3', 'next4'); - - //add new tokens to the line - for ( $i = 0; $i < count($data); $i++ ) { - $new_token_value = is_array($data[$i]) && isset($data[$i][1]) ? $data[$i][1] : $data[$i]; - $this->tokens['current'] = new Token( - 'T_STRING', - '' . $new_token_value . '', - $this->tokens->current->line, - $this->tokens->current->key - ); - $this->tokens->next(); + if ( $this->tokens->prev1->value === '@' ) { + $this->tokens->unsetTokens($this->tokens->prev1[3]); } + $this->tokens->unsetTokens('next1', 'next2'); + + //add new tokens to the line + $this->tokens['current'] = new Token( + 'T_CONSTANT_ENCAPSED_STRING', + '"' . $data . '"', + $this->tokens->current->line, + $this->tokens->current->key + ); return true; } }