Fix false-positive for JAMSS rule#23

JAMSS rule#23 gives false-positive warning for files that starts with `defined('_JEXEC')` (because of partial `exec` match) and use `$_GET` or `$_POST`. This patch requires `exec` (and other function names in) to be checked explicitly using word boundaries (`\b`) in the regex.
joomla-extensions · May 15, 2019 · 2f7943f · 2f7943f
1 parent 2ef0233
commit 2f7943f
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/administrator/components/com_jedchecker/libraries/rules/jamss.php b/administrator/components/com_jedchecker/libraries/rules/jamss.php
@@ -222,7 +222,7 @@ private function init_jamss($deepscan = true)
 						'22',
 						'Found the SourceCop encoded code. It is often used for malicious code ' .
 						'hiding, so go and check the code with some online SourceCop decoders'),
-						array('(?:exec|passthru|shell_exec|system|proc_|popen)[\w\W\s/\*]*\([\s/\*\#\'\"\w\W\-\_]*(?:\$_GET|\$_POST)',
+						array('\b(?:exec|passthru|shell_exec|system|proc_\w+|popen)\b[\w\W\s/\*]*\([\s/\*\#\'\"\w\W\-\_]*(?:\$_GET|\$_POST)',
 						'shell command execution from POST/GET variables',
 						'23',
 						'Found direct shell command execution getting variables from POST/GET, ' .