File "qtrPatternsDb.php"

Full Path: /home/rrterraplen/public_html/wp-includes/wp-includes/wp-content/plugins/quttera-web-malware-scanner/qtrPatternsDb.php
File size: 3.83 KB
MIME-type: text/x-php
Charset: utf-8

<?php
/**
 *       @file  qtrPatternsDb.php
 *      @brief  This function contain patterns database implementation
 *
 *
 *     @author  Quttera (qtr), [email protected]
 *
 *   @internal
 *     Created  01/15/2016
 *    Compiler  gcc/g++
 *     Company  Quttera
 *   Copyright  Copyright (c) 2016, Quttera
 *
 * This source code is released for free distribution under the terms of the
 * GNU General Public License as published by the Free Software Foundation.
 * =====================================================================================
 */

if(!defined("CLEANUP_OPERATION_UNDEF")){
    define("CLEANUP_OPERATION_UNDEF",0);
    define("CLEANUP_OPERATION_CURE",1);
    define("CLEANUP_OPERATION_QUARANTINE",2);
}

class CQtrPattern
{
    protected $_severity;
    protected $_pattern;
    protected $_details;
    protected $_name;
    protected $_curable;

    public function __construct($severity,$pattern,$details,$name, $curable=0){
        $this->_severity = $severity;
        $this->_pattern  = $pattern;
        $this->_details  = $details;
        $this->_name     = $name;
        $this->_curable  = $curable;
    }

    public function severity(){
        return $this->_severity;
    }

    public function pattern(){
        return $this->_pattern;
    }

    public function details(){
        return $this->_details;
    }

    public function name(){
        return $this->_name;
    }

    public function is_curable(){
        return ($this->_curable > 0)?(true):(false);
    }

    public function find_match($str)
    {
        $matches = array();
        try 
        {
            $match = preg_match("/" . $this->_pattern . "/m", $str, $group);

            if ($match > 0) 
            {
                array_push($matches, array($this,$group[0]));
            }
        }
        catch (Exception $e) 
        {
            //print "Error in" . $e->getMessage();
        }

        if( count($matches) == 0 )
        {
            return NULL;
        }

        return $matches;
    }
}



class CQtrPatternsDatabase
{
    protected $_database;

    public function __construct()
    {
        $this->_database = array();
    }

    public function Load($path)
    {
        if(!is_file($path)){
            return FALSE;
        }
        $file = fopen($path,"r");
        if( !$file ){
            return FALSE;
        }
        $body   = fread($file,filesize($path));
        fclose($file);
        $step1  = base64_decode($body);
        $step2  = str_rot13($step1);
        $patterns = json_decode($step2);
        foreach($patterns  as $entry ){
            $pattern = new CQtrPattern( 
                $entry[0],  /* severity */
                $entry[1],  /* pattern  */
                $entry[2],  /* details  */
                $entry[3],  /* name     */
                $entry[4]   /* curable  */
            );
        
            array_push($this->_database, $pattern );
        }

        return TRUE;
    }

    public function Scan($file_path, $heuristic=false)
    {
        $matches = array();

        if( !is_file($file_path)){
            return NULL;
        }

        $file = fopen($file_path,"r");
        if( !$file ){
            return NULL;
        }

        if( filesize( $file_path ) <= 0 ){
            return NULL;
        }

        $body = fread($file,filesize($file_path));
        fclose($file);
        foreach( $this->_database as $pattern ){

            if($heuristic == false and $pattern->is_curable() == false ){
                /*
                 * this is heuristic pattern, skipping 
                 */
                continue;
            }

            $match = $pattern->find_match($body);
            if( $match != NULL ){
                $matches = array_merge($matches, $match);
            }
        }

        if( count($matches) == 0 ){
            return NULL;
        }

        return $matches;
    }
}


?>