From 8c2620fcf383761d694250a0a1588025ae63acf9 Mon Sep 17 00:00:00 2001 From: alexandergull Date: Tue, 19 Sep 2023 00:15:32 +0500 Subject: [PATCH] Mod. Heuristic package update. System function shell_exec() now gains "critical" severity. --- .../Common/Scanner/HeuristicAnalyser/HeuristicAnalyser.php | 2 +- .../Common/Scanner/HeuristicAnalyser/Modules/Entropy.php | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/lib/CleantalkSP/Common/Scanner/HeuristicAnalyser/HeuristicAnalyser.php b/lib/CleantalkSP/Common/Scanner/HeuristicAnalyser/HeuristicAnalyser.php index 77685940e..f22bd9209 100644 --- a/lib/CleantalkSP/Common/Scanner/HeuristicAnalyser/HeuristicAnalyser.php +++ b/lib/CleantalkSP/Common/Scanner/HeuristicAnalyser/HeuristicAnalyser.php @@ -88,6 +88,7 @@ class HeuristicAnalyser 'eval', 'assert', 'create_function', + 'shell_exec', // 'unserialize', ), 'DANGER' => array( @@ -97,7 +98,6 @@ class HeuristicAnalyser 'exec', 'pcntl_exec', 'popen', - 'shell_exec', '`', ), 'SUSPICIOUS' => array( diff --git a/lib/CleantalkSP/Common/Scanner/HeuristicAnalyser/Modules/Entropy.php b/lib/CleantalkSP/Common/Scanner/HeuristicAnalyser/Modules/Entropy.php index 3a2800c82..acfc68b1a 100644 --- a/lib/CleantalkSP/Common/Scanner/HeuristicAnalyser/Modules/Entropy.php +++ b/lib/CleantalkSP/Common/Scanner/HeuristicAnalyser/Modules/Entropy.php @@ -47,7 +47,8 @@ public function analyse(Variables $variables) $encoder = new Encoder(); $detected_unreadable_variables = []; foreach ( $variable_names as $variable ) { - if ( ! isset($variables_obj[$variable][0]) ) { + // do not change empty state! this change is from heur package! + if ( empty($variables_obj[$variable]) ) { continue; } if ( strpos($variable, '_') === 0 || strlen($variable) < 5 ) {