SHARE
TWEET

Untitled

a guest Oct 13th, 2017 56 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #!/bin/bash
  2.  
  3. ### README
  4. #
  5. #   CONST_PATH
  6. #   CONST_PATH is also filename against witch Your check will be done,
  7. #   so remember to proceed against each const file in particular beesite instance.
  8. #   You can also collect all variables files into one (PHP syntax dosn't matter here)
  9. #   and set such file as CONST_PATH
  10. #  
  11. #   VARS_LIST_PATH
  12. #   Basicly run-time file but as a side effect You have distinctive vars list
  13. #
  14. #   SUSPICIOUS_VARS_PATH
  15. #   Script is still raw so basic action is just to get bad guys list
  16. #
  17. #   DESPERATE_TRIGGER
  18. #   If set to 1 script will try to comment down not used var in file against one (CONST_PATH) operation is proceeded
  19. #
  20. ### CONFIG
  21.  
  22. CONST_PATH='./wms/session/constants.inc.php';
  23. VARS_LIST_PATH='./vars_list';
  24. SUSPICIOUS_VARS_PATH='./suspicious_list';
  25. DESPERATE_TRIGGER=0;
  26.  
  27. ### CONFIG END
  28.  
  29. echo "Working here, please be patient:)";
  30.  
  31. ### SEARCHING UQ VARS DEFINITIONS
  32. cat $CONST_PATH | grep  "\$_SESSION\[[A-Za-z0-9_'\"]*\]" |  awk '{print $1}' | cut -f1 -d"=" |  sort -u  > $VARS_LIST_PATH;
  33.  
  34. ## cleanup
  35. echo '' > $SUSPICIOUS_VARS_PATH;
  36.  
  37.  
  38. while read VAR; do
  39.    
  40.     # Make options with single or double quotes
  41.     VAR_SINGLE=$(echo $VAR | sed s/\"/\'/g);
  42.     VAR_DOUBLE=$(echo $VAR | sed s/\'/\"/g);
  43.    
  44.     # Check against all variations excluding CONST_PATH file
  45.     RES=$(grep -F -s  -e "$VAR" -e "$VAR_SINGLE" -e "$VAR_DOUBLE" `find ./ -iname "*.php" | grep -v $CONST_PATH` | wc -l);
  46.    
  47.    
  48.     # If var seems to be unused take action
  49.     if [ $RES == "0" ]
  50.     then
  51.         echo $VAR >> $SUSPICIOUS_VARS_PATH;
  52.         if [ $DESPERATE_TRIGGER == "1" ]
  53.             then
  54.                 replace $VAR "///##///"$VAR --  $CONST_PATH;
  55.         fi 
  56.     fi
  57.      
  58. done < $VARS_LIST_PATH
  59.  
  60. echo "Done, bad vars list in $SUSPICIOUS_VARS_PATH";
RAW Paste Data
Top