Merge pull request #532 from ernilambar/363-code-obfuscation

WordPress · Aug 5, 2024 · ea560bc · ea560bc
2 parents dcb73f0 + 5d1e267
commit ea560bc
Show file tree

Hide file tree

Showing 4 changed files with 77 additions and 45 deletions.
diff --git a/includes/Checker/Checks/Abstract_File_Check.php b/includes/Checker/Checks/Abstract_File_Check.php
@@ -187,15 +187,26 @@ final protected static function files_preg_match_all( $pattern, array $files ) {
 
 			if ( is_array( $matches ) && ! empty( $matches ) ) {
 				foreach ( $matches[0] as $match ) {
-					list( $before ) = str_split( $contents, $match[1] );
+					$line   = 0;
+					$column = 0;
 
-					$exploded  = explode( PHP_EOL, $before );
-					$last_item = end( $exploded );
+					if ( 0 === $match[1] ) {
+						$line   = 1;
+						$column = 1;
+					} else {
+						list( $before ) = str_split( $contents, $match[1] );
+
+						$exploded  = explode( PHP_EOL, $before );
+						$last_item = end( $exploded );
+
+						$line   = count( $exploded );
+						$column = strlen( $last_item ) + 1;
+					}
 
 					$matched_files[] = array(
 						'file'   => $file,
-						'line'   => count( $exploded ),
-						'column' => strlen( $last_item ) + 1,
+						'line'   => $line,
+						'column' => $column,
 					);
 				}
 			}

diff --git a/includes/Checker/Checks/Plugin_Repo/Code_Obfuscation_Check.php b/includes/Checker/Checks/Plugin_Repo/Code_Obfuscation_Check.php
@@ -95,18 +95,23 @@ protected function check_files( Check_Result $result, array $files ) {
 	 * @param array        $php_files List of absolute PHP file paths.
 	 */
 	protected function look_for_zendguard( Check_Result $result, array $php_files ) {
-		$obfuscated_file = self::file_preg_match( '/(<\?php \@Zend;)|(This file was encoded by)/', $php_files );
-		if ( $obfuscated_file ) {
-			$this->add_result_error_for_file(
-				$result,
-				sprintf(
-					/* translators: %s: tool name */
-					__( 'Code Obfuscation tools are not permitted. Detected: %s', 'plugin-check' ),
-					__( 'Zend Guard', 'plugin-check' )
-				),
-				'obfuscated_code_detected',
-				$obfuscated_file
-			);
+		$files = self::files_preg_match_all( '/(\<\?php \@Zend;)|(This file was encoded by)/', $php_files );
+
+		if ( ! empty( $files ) ) {
+			foreach ( $files as $file ) {
+				$this->add_result_error_for_file(
+					$result,
+					sprintf(
+						/* translators: %s: tool name */
+						__( 'Code Obfuscation tools are not permitted. Detected: %s', 'plugin-check' ),
+						__( 'Zend Guard', 'plugin-check' )
+					),
+					'obfuscated_code_detected',
+					$file['file'],
+					$file['line'],
+					$file['column']
+				);
+			}
 		}
 	}
 
@@ -119,18 +124,23 @@ protected function look_for_zendguard( Check_Result $result, array $php_files )
 	 * @param array        $php_files List of absolute PHP file paths.
 	 */
 	protected function look_for_sourceguardian( Check_Result $result, array $php_files ) {
-		$obfuscated_file = self::file_preg_match( "/(sourceguardian\.com)|(function_exists\('sg_load'\))|(\$__x=)/", $php_files );
-		if ( $obfuscated_file ) {
-			$this->add_result_error_for_file(
-				$result,
-				sprintf(
-					/* translators: %s: tool name */
-					__( 'Code Obfuscation tools are not permitted. Detected: %s', 'plugin-check' ),
-					__( 'Source Guardian', 'plugin-check' )
-				),
-				'obfuscated_code_detected',
-				$obfuscated_file
-			);
+		$files = self::files_preg_match_all( "/(sourceguardian\.com)|(function_exists\('sg_load'\))|(\$__x=)/", $php_files );
+
+		if ( ! empty( $files ) ) {
+			foreach ( $files as $file ) {
+				$this->add_result_error_for_file(
+					$result,
+					sprintf(
+						/* translators: %s: tool name */
+						__( 'Code Obfuscation tools are not permitted. Detected: %s', 'plugin-check' ),
+						__( 'Source Guardian', 'plugin-check' )
+					),
+					'obfuscated_code_detected',
+					$file['file'],
+					$file['line'],
+					$file['column']
+				);
+			}
 		}
 	}
 
@@ -143,18 +153,23 @@ protected function look_for_sourceguardian( Check_Result $result, array $php_fil
 	 * @param array        $php_files List of absolute PHP file paths.
 	 */
 	protected function look_for_ioncube( Check_Result $result, array $php_files ) {
-		$obfuscated_file = self::file_str_contains( $php_files, 'ionCube' );
-		if ( $obfuscated_file ) {
-			$this->add_result_error_for_file(
-				$result,
-				sprintf(
-					/* translators: %s: tool name */
-					__( 'Code Obfuscation tools are not permitted. Detected: %s', 'plugin-check' ),
-					__( 'ionCube', 'plugin-check' )
-				),
-				'obfuscated_code_detected',
-				$obfuscated_file
-			);
+		$files = self::files_preg_match_all( '/ionCube/', $php_files );
+
+		if ( ! empty( $files ) ) {
+			foreach ( $files as $file ) {
+				$this->add_result_error_for_file(
+					$result,
+					sprintf(
+						/* translators: %s: tool name */
+						__( 'Code Obfuscation tools are not permitted. Detected: %s', 'plugin-check' ),
+						__( 'ionCube', 'plugin-check' )
+					),
+					'obfuscated_code_detected',
+					$file['file'],
+					$file['line'],
+					$file['column']
+				);
+			}
 		}
 	}
 	/**

diff --git a/tests/phpunit/testdata/plugins/test-plugin-code-obfuscation-ioncube-errors/load.php b/tests/phpunit/testdata/plugins/test-plugin-code-obfuscation-ioncube-errors/load.php
@@ -1,6 +1,6 @@
 <?php
 /**
- * Plugin Name: Test Plugin Code Obfuscation ionCube Errors
+ * Plugin Name: Test Plugin Code Obfuscation IonCube Errors
  * Plugin URI: https://github.com/WordPress/plugin-check
  * Description: Some plugin description.
  * Author: WordPress Performance Team

diff --git a/tests/phpunit/tests/Checker/Checks/Code_Obfuscation_Check_Tests.php b/tests/phpunit/tests/Checker/Checks/Code_Obfuscation_Check_Tests.php
@@ -14,7 +14,7 @@ class Code_Obfuscation_Check_Tests extends WP_UnitTestCase {
 	/**
 	 * @dataProvider data_obfuscation_services
 	 */
-	public function test_run_with_obfuscation_errors( $type_flag, $plugin_basename, $expected_file ) {
+	public function test_run_with_obfuscation_errors( $type_flag, $plugin_basename, $expected_file, $line, $column ) {
 		// Test given plugin with relevant obfuscation.
 		$check_context = new Check_Context( UNIT_TESTS_PLUGIN_DIR . $plugin_basename );
 		$check_result  = new Check_Result( $check_context );
@@ -28,8 +28,8 @@ public function test_run_with_obfuscation_errors( $type_flag, $plugin_basename,
 		$this->assertArrayHasKey( $expected_file, $errors );
 		$this->assertSame( 1, $check_result->get_error_count() );
 
-		$this->assertTrue( isset( $errors[ $expected_file ][0][0][0] ) );
-		$this->assertSame( 'obfuscated_code_detected', $errors[ $expected_file ][0][0][0]['code'] );
+		$this->assertTrue( isset( $errors[ $expected_file ][ $line ][ $column ][0] ) );
+		$this->assertSame( 'obfuscated_code_detected', $errors[ $expected_file ][ $line ][ $column ][0]['code'] );
 	}
 
 	public function data_obfuscation_services() {
@@ -38,16 +38,22 @@ public function data_obfuscation_services() {
 				Code_Obfuscation_Check::TYPE_ZEND,
 				'test-plugin-code-obfuscation-zendguard-errors/load.php',
 				'obfuscated.php',
+				1,
+				1,
 			),
 			'Source Guardian' => array(
 				Code_Obfuscation_Check::TYPE_SOURCEGUARDIAN,
 				'test-plugin-code-obfuscation-sourceguardian-errors/load.php',
 				'obfuscated.php',
+				2,
+				4,
 			),
 			'ionCube'         => array(
 				Code_Obfuscation_Check::TYPE_IONCUBE,
 				'test-plugin-code-obfuscation-ioncube-errors/load.php',
 				'load.php',
+				16,
+				19,
 			),
 		);
 	}