Merge pull request #51 from dryabov/patch-1

Fix false-positive for JAMSS rule#23
joomla-extensions · May 17, 2019 · 510e0b1 · 510e0b1
2 parents 0e52aca + 2f7943f
commit 510e0b1
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/administrator/components/com_jedchecker/libraries/rules/jamss.php b/administrator/components/com_jedchecker/libraries/rules/jamss.php
@@ -222,7 +222,7 @@ private function init_jamss($deepscan = true)
 						'22',
 						'Found the SourceCop encoded code. It is often used for malicious code ' .
 						'hiding, so go and check the code with some online SourceCop decoders'),
-						array('(?:exec|passthru|shell_exec|system|proc_|popen)[\w\W\s/\*]*\([\s/\*\#\'\"\w\W\-\_]*(?:\$_GET|\$_POST)',
+						array('\b(?:exec|passthru|shell_exec|system|proc_\w+|popen)\b[\w\W\s/\*]*\([\s/\*\#\'\"\w\W\-\_]*(?:\$_GET|\$_POST)',
 						'shell command execution from POST/GET variables',
 						'23',
 						'Found direct shell command execution getting variables from POST/GET, ' .