Advertisement
Guest User

Untitled

a guest
Oct 13th, 2017
78
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 1.66 KB | None | 0 0
  1. #!/bin/bash
  2.  
  3. ### README
  4. #
  5. # CONST_PATH
  6. # CONST_PATH is also filename against witch Your check will be done,
  7. # so remember to proceed against each const file in particular beesite instance.
  8. # You can also collect all variables files into one (PHP syntax dosn't matter here)
  9. # and set such file as CONST_PATH
  10. #
  11. # VARS_LIST_PATH
  12. # Basicly run-time file but as a side effect You have distinctive vars list
  13. #
  14. # SUSPICIOUS_VARS_PATH
  15. # Script is still raw so basic action is just to get bad guys list
  16. #
  17. # DESPERATE_TRIGGER
  18. # If set to 1 script will try to comment down not used var in file against one (CONST_PATH) operation is proceeded
  19. #
  20. ### CONFIG
  21.  
  22. CONST_PATH='./wms/session/constants.inc.php';
  23. VARS_LIST_PATH='./vars_list';
  24. SUSPICIOUS_VARS_PATH='./suspicious_list';
  25. DESPERATE_TRIGGER=0;
  26.  
  27. ### CONFIG END
  28.  
  29. echo "Working here, please be patient:)";
  30.  
  31. ### SEARCHING UQ VARS DEFINITIONS
  32. cat $CONST_PATH | grep "\$_SESSION\[[A-Za-z0-9_'\"]*\]" | awk '{print $1}' | cut -f1 -d"=" | sort -u > $VARS_LIST_PATH;
  33.  
  34. ## cleanup
  35. echo '' > $SUSPICIOUS_VARS_PATH;
  36.  
  37.  
  38. while read VAR; do
  39.  
  40. # Make options with single or double quotes
  41. VAR_SINGLE=$(echo $VAR | sed s/\"/\'/g);
  42. VAR_DOUBLE=$(echo $VAR | sed s/\'/\"/g);
  43.  
  44. # Check against all variations excluding CONST_PATH file
  45. RES=$(grep -F -s -e "$VAR" -e "$VAR_SINGLE" -e "$VAR_DOUBLE" `find ./ -iname "*.php" | grep -v $CONST_PATH` | wc -l);
  46.  
  47.  
  48. # If var seems to be unused take action
  49. if [ $RES == "0" ]
  50. then
  51. echo $VAR >> $SUSPICIOUS_VARS_PATH;
  52. if [ $DESPERATE_TRIGGER == "1" ]
  53. then
  54. replace $VAR "///##///"$VAR -- $CONST_PATH;
  55. fi
  56. fi
  57.  
  58. done < $VARS_LIST_PATH
  59.  
  60. echo "Done, bad vars list in $SUSPICIOUS_VARS_PATH";
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement