Page 2 of 2

Re: Detecting Function Calls

Posted: Tue Apr 07, 2009 8:50 pm
by alex.barylski
If your on a shared host, your pretty much hosed...very little you can do...

Short of parsing any cusotm modules uploaded -- before they are processed by your framework/application/whatever and possibly removing or stubbing them out with wrapper functions.

Re: Detecting Function Calls

Posted: Wed Apr 08, 2009 7:00 am
by kaisellgren
PCSpectra wrote:Short of parsing any cusotm modules uploaded
Finally a noteworthy suggestion, thanks!

Re: Detecting Function Calls

Posted: Wed Apr 08, 2009 12:10 pm
by alex.barylski
I've built a few CMS in my time so I can only guess at what your trying to accomplish. :P

What I have done in the past (quite hackishly) was use token_get_all() and searched for restricted functions and replaced them with a funciton of the same name but prefixed with an 'underscore' -- the stubbed functions are invoked and calls can be logged, trigger alerts for a system admin, etc.

EDIT | Not sure about security of such an approach. If you dynamically construct the name of a function I think your pretty much screwed without runkit extension.

Re: Detecting Function Calls

Posted: Wed Apr 08, 2009 12:20 pm
by kaisellgren
PCSpectra wrote:I've built a few CMS in my time so I can only guess at what your trying to accomplish. :P
I see.
PCSpectra wrote:If you dynamically construct the name of a function I think your pretty much screwed without runkit extension.
Don't worry, I know what I am doing now :)

Btw, how would you go for tokenizing functions inside a file? First strip out comments, then replace \s+ with one space and then look for a function-like pattern?

Re: Detecting Function Calls

Posted: Wed Apr 08, 2009 1:25 pm
by josh
Doesnt smarty allow users to run whitelisted code? I believe it has a method for proxying function calls, actual PHP does not run within the template. You could also "embed" the PHP parser, I don't think regular expressions are going to cut it.

For instance how do you catch:

Code: Select all

 
$str = 'IeNxNeOcCent'; // ( "innocent" line of code )
$cmd = '';
for( $i =1; $i<=strlen(str);$i+=2)
   $cmd .= $str[$i]; // calls exec() thru 'reflective' syntax
$cmd();
 

Re: Detecting Function Calls

Posted: Wed Apr 08, 2009 2:42 pm
by alex.barylski
Btw, how would you go for tokenizing functions inside a file? First strip out comments, then replace \s+ with one space and then look for a function-like pattern?
No regex needed. You simply iterate the array of tokens until you find one that matches the function call you wish to stub/replace/rewrite. Re-assembling the code from the token list when complete.

Re: Detecting Function Calls

Posted: Wed Apr 08, 2009 2:50 pm
by kaisellgren
PCSpectra wrote:No regex needed. You simply iterate the array of tokens until you find one that matches the function call you wish to stub/replace/rewrite. Re-assembling the code from the token list when complete.
Hmm yeah I guess that will do.

@Josh: I am fighting against accidents, not cunning coders. :wink:

Re: Detecting Function Calls

Posted: Thu Apr 09, 2009 8:28 pm
by josh
PCSpectra wrote:No regex needed. You simply iterate the array of tokens until you find one that matches the function call you wish to stub/replace/rewrite. Re-assembling the code from the token list when complete.
Hmm that work but how do you get the tokens? Does PHP really have a feature like that without implementing as an extension? I guess a regex based solution would protected against "accidents" but you it wouldn't be sufficient for a "cunning programmer"

Re: Detecting Function Calls

Posted: Thu Apr 09, 2009 11:55 pm
by John Cartwright
josh wrote:
PCSpectra wrote:Does PHP really have a feature like that without implementing as an extension?
http://ca.php.net/token_get_all

Re: Detecting Function Calls

Posted: Fri Apr 10, 2009 2:04 pm
by josh
Interesting, thanks.