Page 2 of 2
Re: Detecting Function Calls
Posted: Tue Apr 07, 2009 8:50 pm
by alex.barylski
If your on a shared host, your pretty much hosed...very little you can do...
Short of parsing any cusotm modules uploaded -- before they are processed by your framework/application/whatever and possibly removing or stubbing them out with wrapper functions.
Re: Detecting Function Calls
Posted: Wed Apr 08, 2009 7:00 am
by kaisellgren
PCSpectra wrote:Short of parsing any cusotm modules uploaded
Finally a noteworthy suggestion, thanks!
Re: Detecting Function Calls
Posted: Wed Apr 08, 2009 12:10 pm
by alex.barylski
I've built a few CMS in my time so I can only guess at what your trying to accomplish.
What I have done in the past (quite hackishly) was use token_get_all() and searched for restricted functions and replaced them with a funciton of the same name but prefixed with an 'underscore' -- the stubbed functions are invoked and calls can be logged, trigger alerts for a system admin, etc.
EDIT | Not sure about security of such an approach. If you dynamically construct the name of a function I think your pretty much screwed without runkit extension.
Re: Detecting Function Calls
Posted: Wed Apr 08, 2009 12:20 pm
by kaisellgren
PCSpectra wrote:I've built a few CMS in my time so I can only guess at what your trying to accomplish.

I see.
PCSpectra wrote:If you dynamically construct the name of a function I think your pretty much screwed without runkit extension.
Don't worry, I know what I am doing now
Btw, how would you go for tokenizing functions inside a file? First strip out comments, then replace \s+ with one space and then look for a function-like pattern?
Re: Detecting Function Calls
Posted: Wed Apr 08, 2009 1:25 pm
by josh
Doesnt smarty allow users to run whitelisted code? I believe it has a method for proxying function calls, actual PHP does not run within the template. You could also "embed" the PHP parser, I don't think regular expressions are going to cut it.
For instance how do you catch:
Code: Select all
$str = 'IeNxNeOcCent'; // ( "innocent" line of code )
$cmd = '';
for( $i =1; $i<=strlen(str);$i+=2)
$cmd .= $str[$i]; // calls exec() thru 'reflective' syntax
$cmd();
Re: Detecting Function Calls
Posted: Wed Apr 08, 2009 2:42 pm
by alex.barylski
Btw, how would you go for tokenizing functions inside a file? First strip out comments, then replace \s+ with one space and then look for a function-like pattern?
No regex needed. You simply iterate the array of tokens until you find one that matches the function call you wish to stub/replace/rewrite. Re-assembling the code from the token list when complete.
Re: Detecting Function Calls
Posted: Wed Apr 08, 2009 2:50 pm
by kaisellgren
PCSpectra wrote:No regex needed. You simply iterate the array of tokens until you find one that matches the function call you wish to stub/replace/rewrite. Re-assembling the code from the token list when complete.
Hmm yeah I guess that will do.
@Josh: I am fighting against accidents, not cunning coders.

Re: Detecting Function Calls
Posted: Thu Apr 09, 2009 8:28 pm
by josh
PCSpectra wrote:No regex needed. You simply iterate the array of tokens until you find one that matches the function call you wish to stub/replace/rewrite. Re-assembling the code from the token list when complete.
Hmm that work but how do you get the tokens? Does PHP really have a feature like that without implementing as an extension? I guess a regex based solution would protected against "accidents" but you it wouldn't be sufficient for a "cunning programmer"
Re: Detecting Function Calls
Posted: Thu Apr 09, 2009 11:55 pm
by John Cartwright
josh wrote:PCSpectra wrote:Does PHP really have a feature like that without implementing as an extension?
http://ca.php.net/token_get_all
Re: Detecting Function Calls
Posted: Fri Apr 10, 2009 2:04 pm
by josh
Interesting, thanks.