/** * Init scan process. * Solution for realtime output find on: http://stackoverflow.com/questions/1281140/run-process-with-realtime-output-in-php * Maybe ugly, but sometimes at 3AM it's only what is getting out of head ;-) */ public function initScan() { $view = new Views('templates/head.tpl.php'); $view->set('class', 'scanner'); print $view->render(); set_time_limit(0); $handle = popen(PHP . " scanner.php " . $this->project_id, "r"); if (ob_get_level() == 0) { ob_start(); } while (!feof($handle)) { $buffer = fgets($handle); $buffer = trim(htmlspecialchars($buffer)); $data = explode(';', $buffer); switch ($data[0]) { case 'FOUND': print "<div class=\"infobox\"><h3>Found something</h3><p><strong>Time:</strong> " . $data[1] . "<br><strong>Filter name:</strong> " . $data[2] . "<br><strong>Line:</strong> " . $data[3] . "<br><strong>File:</strong> " . $data[4] . "</p><a href=\"/report/" . $data[5] . "\" target=\"_blank\"><span class=\"button warning_button\" style=\"\">Show report</span></a></div>"; break; case 'NOT_FOUND': print "<div class=\"infobox\"><h3>WOW!</h3><p>Scanner didn't found anything. So your project is sooo secure. You are security mastah, or the filters are too weak ;-) Anyway, I recommend to do a manual code review, to be 100% sure ;-)</p></div>"; break; case 'SCANNED': print "<div class=\"infobox\"><h3>Hmmmm...</h3><p>Your project has been scanned before. Please go to project to check your reports. <br><a href=\"/show/" . $this->project_id . "\" target=\"_parent\"><span class=\"button\">Go to project page</span></a></p></div>"; break; } ob_flush(); flush(); time_nanosleep(0, 10000000); } pclose($handle); ob_end_flush(); }
public function report($report_file_signature) { $reports = $this->db->getReports($report_file_signature); //Check if report exists if (!empty($reports)) { $project = $this->db->getProjectInfo($reports[0]['project_id']); $file_name = $reports[0]['report_file']; $reports_template = new Views('templates/reports.tpl.php'); $reports_template->set('header', $reports_template->addHeader()); $reports_template->set('footer', $reports_template->addFooter()); $reports_template->set('file_name', $file_name); foreach ($project as $key => $value) { $reports_template->set($key, $value); } foreach ($reports as $id => $reports_list) { $code = (array) json_decode($reports_list['report_code']); $reports_table = new Views('templates/report_info.tpl.php'); $reports_table->set('report_id', $reports_list['report_id']); $reports_table->set('report_language', $reports_list['report_language']); $reports_table->set('report_type', $reports_list['report_type']); $reports_table->set('report_line', $reports_list['report_line']); $reports_table->set('report_code', htmlentities(implode($code))); $reports_table->set('report_first_line', key($code)); $reports_table->set('report_ticket', $reports_list['report_ticket']); $reports_table->set('report_false', $reports_list['report_false'] == 0 ? 'false' : ''); $reports_data[$id] = $reports_table; } $reports_contest = Views::merge($reports_data); $reports_template->set('project_reports', $reports_contest); print $reports_template->render(); } //If not redirect to / header('Location: /'); die; }