/// List of exceptions that aren't errors (function declarations, comments, adodb usage from adodb drivers and harcoded strings). Non reportable false positives
$excludes = '/(function |^\\s*\\*|^\\s*\\/\\/|\\$this-\\>adodb-\\>(Execute|Connect|PConnect|ErrorMsg|MetaTables|MetaIndexes|MetaColumns|MetaColumnNames|MetaPrimaryKeys|)|protected \\$[a-zA-Z]*db|Incorrect |check find_index_name|not available anymore|output|Replace it with the correct use of|where order of parameters is|_moodle_database|invaliddbtype|has been deprecated in Moodle 2\\.0\\. Will be out in Moodle 2\\.1|Potential SQL injection detected|requires at least two parameters|hint_database = install_db_val|Current database \\(|admin_setting_configselect|(if|while|for|return).*\\>get_recordset(_list|_select|_sql)?.*\\>valid\\(\\)|NEWNAMEGOESHERE.*XMLDB_LINEFEED)/';
/// Getting current dir
$dir = dirname(__FILE__);
/// Check if the dir seems to be moodle root (with some random shots)
$is_moodle_root = false;
if (file_exists($dir . '/lang/en') && file_exists($dir . '/lib/db') && file_exists($dir . '/install/lang/en')) {
$is_moodle_root = true;
}
/// Calculating megarules
$newapi_megarule = calculate_megarule($newapi, array('[ =@.]'), array('( )?\\('), 'i');
$obsoleteconstants_megarule = calculate_megarule($obsoleteconstants);
$pixlinks_megarule = calculate_megarule($pixlinks);
$errorfunc_megarule = calculate_megarule($errorfunc, array('[ =@.]'), array('( )?\\('));
$fileapi_megarule = calculate_megarule($fileapi, array('[ =@.]'), array('( )?\\('));
$htmlapi_megarule = calculate_megarule($htmlapi);
/// All rules
$all_megarules = array('NEW_API' => $newapi_megarule, 'OBSOLETE_CONSTANTS' => $obsoleteconstants_megarule, 'PIX_LINKS' => $pixlinks_megarule, 'ERROR_FUNC' => $errorfunc_megarule, 'NEW_FILEAPI' => $fileapi_megarule, 'HTMLAPI' => $htmlapi_megarule);
/// To store errors found
$errors = array();
$counterrors = 0;
/// To store known false positives
$falsepositives = array();
$countfalsepositives = 0;
/// Process starts here
echo "Checking the {$dir} directory recursively" . LINEFEED;
if ($is_moodle_root) {
echo "(detected Moodle root directory - false positive detection enabled)" . LINEFEED;
} else {
echo "(executed from custom directory - false positive detection DISABLED!)" . LINEFEED;
}
// Getting current dir.
$dir = dirname(__FILE__);
// Check if the dir seems to be moodle root (with some random shots).
$is_moodle_root = false;
if (file_exists($dir . '/lang/en') && file_exists($dir . '/lib/db') && file_exists($dir . '/install/lang/en')) {
$is_moodle_root = true;
}
// Calculating megarules.
$dml_megarule = calculate_megarule($dml, array('[ =@.]'), array('( )?\\('), 'i');
$helper_megarule = calculate_megarule($helper, array('[ =@.]'), array('( )?\\('), 'i');
$ddl_megarule = calculate_megarule($ddl, array('[ =@.]'), array('( )?\\('), 'i');
$coreonly_megarule = calculate_megarule($coreonly, array('[ =@.]'), array('( )?\\('), 'i');
$enum_megarule = calculate_megarule($enum);
$internal_megarule = calculate_megarule($internal, array('[ =@.]'), array('( )?\\('), 'i');
$unsupported_megarule = calculate_megarule($unsupported, array('[ \\>=@,.]'), array('( )?\\('));
$other_megarule = calculate_megarule($other);
// All rules.
$all_megarules = array('DML' => $dml_megarule, 'HELPER' => $helper_megarule, 'DDL' => $ddl_megarule, 'COREONLY' => $coreonly_megarule, 'ENUM' => $enum_megarule, 'INTERNAL' => $internal_megarule, 'UNSUPPORTED' => $unsupported_megarule, 'OTHER' => $other_megarule);
// To store errors found.
$errors = array();
$counterrors = 0;
// To store known false positives.
$falsepositives = array();
$countfalsepositives = 0;
// Process starts here.
echo "Checking the {$dir} directory recursively" . LINEFEED;
if ($is_moodle_root) {
echo "(detected Moodle root directory - false positive detection enabled)" . LINEFEED;
} else {
echo "(executed from custom directory - false positive detection DISABLED!)" . LINEFEED;
}
$reservedlist[$key] = '(?: AS\\s+|:)' . trim($word);
}
/// Define some known false positives to take them out from errors report (nested array of => file => regular expressions considered false positives)
$fp = array('install.php' => array('empty\\(\\$distro-\\>dbtype\\)', '= trim\\(\\$_POST\\[\'dbtype\'\\]', 'get_driver_instance\\(\\$config-|>dbtype'), 'admin/blocks.php' => array('drop_plugin_tables.*\\/blocks'), 'admin/health.php' => array('\\. \\$CFG-\\>prefix \\.'), 'admin/modules.php' => array('drop_plugin_tables.*\\/mod'), 'admin/qtypes.php' => array('drop_plugin_tables.*\\$QTYPES\\[\\$delete\\]-\\>'), 'admin/xmldb/actions/check_bigints/check_bigints.class.php' => array('this->dbfamily'), 'auth/cas/CAS/CAS/client.php' => array('this->setAttributes'), 'backup/util/dbops/backup_structure_dbops.class.php' => array('element->get_source_.*convert_params_to_values'), 'backup/util/helper/restore_decode_content.class.php' => array('return.*get_recordset_sql'), 'blocks/html/backup/moodle2/restore_html_block_task.class.php' => array('return.*get_recordset_sql'), 'lib/adminlib.php' => array('drop_plugin_tables\\(\\$pluginname', 'used_tables = get_used_table_names', 'dbdirs = get_db_directories'), 'lib/ddl/database_manager.php' => array('dbdirs = get_db_directories'), 'lib/ddl/simpletest/testddl.php' => array('DB2 = moodle_database::get_driver_instance'), 'lib/dml/moodle_database.php' => array('cfg-\\>dbtype = \\$this-\\>get_dbtype', 'cfg-\\>dblibrary = \\$this-\\>get_dblibrary', 'return \\$this-\\>get_recordset_select\\(\\$table, \\$select, \\$params', 'return \\$this-\\>get_recordset_sql\\(\\$sql, \\$params, \\$limitfrom'), 'lib/dml/simpletest/testdml.php' => array('DB2 = moodle_database::get_driver_instance'), 'lib/form/recaptcha.php' => array('this->setAttributes'), 'mod/assignment/lib.php' => array('mform->setAttributes'), 'mod/scorm/datamodels/scorm_13.js.php' => array('max.*delimiter.*(unique|duplicate).*(:true|:false)', 'cmi\\.objectives\\.n\\..*defaultvalue.*:null'), 'mod/workshop/form/accumulative/lib.php' => array('return \\$DB-\\>get_recordset_sql\\('), 'mod/workshop/form/comments/lib.php' => array('return \\$DB-\\>get_recordset_sql\\('), 'mod/workshop/form/numerrors/lib.php' => array('return \\$DB-\\>get_recordset_sql\\('), 'mod/workshop/form/rubric/lib.php' => array('return \\$DB-\\>get_recordset_sql\\('), 'admin/xmldb/actions/generate_all_documentation/generate_all_documentation.class.php' => array('dbdirs = get_db_directories'), 'admin/xmldb/actions/get_db_directories/get_db_directories.class.php' => array('db_directories = get_db_directories'));
/// List of exceptions that aren't errors (function declarations, comments, adodb usage from adodb drivers and harcoded strings). Non reportable false positives
$excludes = '/(function |^\\s*\\*|^\\s*\\/\\/|\\$this-\\>adodb-\\>(Execute|Connect|PConnect|ErrorMsg|MetaTables|MetaIndexes|MetaColumns|MetaColumnNames|MetaPrimaryKeys|)|protected \\$[a-zA-Z]*db|Incorrect |check find_index_name|not available anymore|output|Replace it with the correct use of|where order of parameters is|_moodle_database|invaliddbtype|has been deprecated in Moodle 2\\.0\\. Will be out in Moodle 2\\.1|Potential SQL injection detected|requires at least two parameters|hint_database = install_db_val|Current database \\(|admin_setting_configselect|(if|while|for|return).*\\>get_recordset(_list|_select|_sql)?.*\\>valid\\(\\)|NEWNAMEGOESHERE.*XMLDB_LINEFEED|has_capability\\(.*:view.*context)|die(.*result.*:null.*errstr)|CAST\\(.+AS\\s+(INT|FLOAT|DECIMAL|NUM|REAL)/';
/// Calculating megarules
$dml_megarule = calculate_megarule($dml, array('[ =@.]'), array('( )?\\('), 'i');
$helper_megarule = calculate_megarule($helper, array('[ =@.]'), array('( )?\\('), 'i');
$ddl_megarule = calculate_megarule($ddl, array('[ =@.]'), array('( )?\\('), 'i');
$coreonly_megarule = calculate_megarule($coreonly, array('[ =@.]'), array('( )?\\('), 'i');
$enum_megarule = calculate_megarule($enum);
$internal_megarule = calculate_megarule($internal, array('[ =@.]'), array('( )?\\('), 'i');
$unsupported_megarule = calculate_megarule($unsupported, array('[ \\>=@,.]'), array('( )?\\('));
$other_megarule = calculate_megarule($other);
$reserved_megarule = calculate_megarule($reservedlist, array("[ =('\"]"), array("[ ,)'\"]"), 'i');
/// All rules
$all_megarules = array('DML' => $dml_megarule, 'HELPER' => $helper_megarule, 'DDL' => $ddl_megarule, 'COREONLY' => $coreonly_megarule, 'ENUM' => $enum_megarule, 'INTERNAL' => $internal_megarule, 'UNSUPPORTED' => $unsupported_megarule, 'OTHER' => $other_megarule, 'RESERVED_WORD' => $reserved_megarule);
/// To store errors found
$errors = array();
$counterrors = 0;
/// To store known false positives
$falsepositives = array();
$countfalsepositives = 0;
/// Process starts here
echo "Checking the {$dir} directory recursively" . LINEFEED;
if ($is_moodle_root) {
echo "(detected Moodle root directory - false positive detection enabled)" . LINEFEED;
} else {
echo "(executed from custom directory - false positive detection DISABLED!)" . LINEFEED;
}
