Also ignore function definitions

jvoisin · Mar 24, 2024 · 435977a · 435977a
1 parent 859d69a
commit 435977a
Showing 1 changed file with 35 additions and 6 deletions.
diff --git a/scripts/generate_rules.php b/scripts/generate_rules.php
@@ -40,9 +40,9 @@ function help($name) {
 		$hash = '.hash("' . hash('sha256', $file_content) . '")';
 	}
 
-	$prev_token = null;
+	$tokens = token_get_all($file_content);
 
-	foreach(token_get_all($file_content) as $token) {
+	foreach ($tokens as $pos => $token) {
 		if (!is_array($token)) {
 			continue;
 		}
@@ -51,13 +51,23 @@ function help($name) {
 			$token[1] = substr($token[1], 1);
 		}
 
-		$prev_token_str = $prev_token[1] ?? null;
+		if (!in_array($token[1], $functions_blacklist, true)) {
+			continue;
+		}
 
-		if (in_array($token[1], $functions_blacklist, true) && $prev_token_str !== '->' && $prev_token_str !== '::') {
-			$output[] = 'sp.disable_function.function("' . $token[1] . '").filename("' . $name . '")' . $hash . '.allow();' . "\n";
+		$prev_token = find_previous_token($tokens, $pos);
+
+		// Ignore function definitions and class calls
+		// function shell_exec() -> ignored
+		// $db->exec() -> ignored
+		// MyClass::assert() -> ignored
+		if ($prev_token === T_FUNCTION
+			|| $prev_token === T_DOUBLE_COLON
+			|| $prev_token === T_OBJECT_OPERATOR) {
+			continue;
 		}
 
-		$prev_token = $token;
+		$output[] = 'sp.disable_function.function("' . $token[1] . '").filename("' . $name . '")' . $hash . '.allow();' . "\n";
 	}
 }
 foreach($functions_blacklist as $fun) {
@@ -67,3 +77,22 @@ function help($name) {
 foreach (array_unique($output) as $line) {
  	echo $line;
 }
+
+function find_previous_token(array $tokens, int $pos): ?int
+{
+	for ($i = $pos - 1; $i >= 0; $i--) {
+		$token = $tokens[$i];
+
+		if ($token[0] === T_WHITESPACE) {
+			continue;
+		}
+
+		if (!is_array($token)) {
+			return null;
+		}
+
+		return $token[0];
+	}
+
+	return null;
+}