From 459d75d027a26ea590bfc7296449b7f1d5930cf1 Mon Sep 17 00:00:00 2001
From: Marco Cesarato <cesarato.developer@gmail.com>
Date: Sun, 10 Jan 2021 00:22:42 +0100
Subject: [PATCH] feat: add new encoded functions on list

---
 src/Functions.php | 135 ++++++++++++++++++++++++++++++++--------------
 src/Scanner.php   |   3 +-
 2 files changed, 97 insertions(+), 41 deletions(-)

diff --git a/src/Functions.php b/src/Functions.php
index 3b7aca4..9bb6403 100644
--- a/src/Functions.php
+++ b/src/Functions.php
@@ -29,44 +29,23 @@ class Functions
         'syslog',
         'passthru',
         'define_syslog_variables',
-        /*
-        "dl",
-        "debugger_off",
-        "debugger_on",
-        "parse_ini_file",
-        "show_source",
-        "symlink",
-        "popen",
-        */
         'posix_kill',
-        /*
-        "posix_getpwuid",
-        "posix_mkfifo",
-        "posix_setpgid",
-        "posix_setsid",
-        "posix_setuid",
-        */
+        'posix_getpwuid',
+        'posix_mkfifo',
+        'posix_setpgid',
+        'posix_setsid',
+        'posix_setuid',
         'posix_uname',
         'proc_close',
         'proc_get_status',
         'proc_nice',
         'proc_open',
         'proc_terminate',
-        /*
-        "ini_alter",
-        "ini_get_all",
-        "ini_restore",
-        "parse_ini_file",
-        */
+        'pcntl_exec',
         'inject_code',
         'apache_child_terminate',
         'apache_note',
         'define_syslog_variables',
-        /*
-        "apache_setenv",
-        "escapeshellarg",
-        "escapeshellcmd",
-        */
     ];
 
     /**
@@ -75,22 +54,56 @@ class Functions
      * @var array
      */
     public static $dangerous = [
+        // PHP Code Execution
         'il_exec',
         'shell_exec',
         'eval',
         'system',
         'create_function',
         'exec',
+        'pcntl_exec',
         'assert',
-        'syslog',
         'passthru',
+        'create_function',
+        'include',
+        'include_once',
+        'require',
+        'require_once',
+        'preg_replace',
+        // Files and configurations
+        'syslog',
         'define_syslog_variables',
         'debugger_off',
+        'get_meta_tags',
+        'highlight_file',
         'debugger_on',
         'parse_ini_file',
+        'php_strip_whitespace',
         'show_source',
         'symlink',
-        'popen',
+        'fopen',
+        'file_get_contents',
+        'file_put_contents',
+        'chmod',
+        'chown',
+        'copy',
+        'move',
+        'is_file',
+        'is_dir',
+        'ini_alter',
+        'ini_get_all',
+        'ini_restore',
+        'parse_ini_file',
+        'inject_code',
+        'apache_child_terminate',
+        'apache_setenv',
+        'apache_note',
+        'define_syslog_variables',
+        // Curl
+        'curl_init',
+        'curl_setopt',
+        'curl_exec',
+        // Posix
         'posix_kill',
         'posix_getpwuid',
         'posix_mkfifo',
@@ -98,20 +111,14 @@ class Functions
         'posix_setsid',
         'posix_setuid',
         'posix_uname',
+        // Processes
+        'popen',
         'proc_close',
         'proc_get_status',
         'proc_nice',
         'proc_open',
         'proc_terminate',
-        'ini_alter',
-        'ini_get_all',
-        'ini_restore',
-        'parse_ini_file',
-        'inject_code',
-        'apache_child_terminate',
-        'apache_setenv',
-        'apache_note',
-        'define_syslog_variables',
+        // Encoding
         'escapeshellarg',
         'escapeshellcmd',
         'base64_decode',
@@ -119,7 +126,57 @@ class Functions
         'rawurldecode',
         'str_rot13',
         'preg_replace',
-        'create_function',
+        // Information Disclosure
+        'phpinfo',
+        'posix_mkfifo',
+        'posix_getlogin',
+        'posix_ttyname',
+        'getenv',
+        'get_current_user',
+        'proc_get_status',
+        'get_cfg_var',
+        'disk_free_space',
+        'disk_total_space',
+        'diskfreespace',
+        'getcwd',
+        'getlastmo',
+        'getmygid',
+        'getmyinode',
+        'getmypid',
+        'getmyuid',
+        // Callback functions
+        'ob_start',
+        'array_diff_uassoc',
+        'array_diff_ukey',
+        'array_filter',
+        'array_intersect_uassoc',
+        'array_intersect_ukey',
+        'array_map',
+        'array_reduce',
+        'array_udiff_assoc',
+        'array_udiff_uassoc',
+        'array_udiff',
+        'array_uintersect_assoc',
+        'array_uintersect_uassoc',
+        'array_uintersect',
+        'array_walk_recursive',
+        'array_walk',
+        'assert_options',
+        'uasort',
+        'uksort',
+        'usort',
+        'preg_replace_callback',
+        'spl_autoload_register',
+        'iterator_apply',
+        'call_user_func',
+        'call_user_func_array',
+        'register_shutdown_function',
+        'register_tick_function',
+        'set_error_handler',
+        'set_exception_handler',
+        'session_set_save_handler',
+        'sqlite_create_aggregate',
+        'sqlite_create_function',
     ];
 
     /**
diff --git a/src/Scanner.php b/src/Scanner.php
index c678db7..c69729b 100644
--- a/src/Scanner.php
+++ b/src/Scanner.php
@@ -157,7 +157,6 @@ class Scanner
      */
     public static $functionsEncoded = [];
 
-    
     /**
      * Functions encoded values.
      *
@@ -1003,7 +1002,7 @@ public function scanFile($info)
                              */
                             foreach ($encoders as $encoder) {
                                 $key = $funcRaw . $encoder;
-                                if(isset(self::$functionsEncodedValues[$key])) {
+                                if (isset(self::$functionsEncodedValues[$key])) {
                                     $value = self::$functionsEncodedValues[$key];
                                 } else {
                                     $value = @$encoder($funcRaw);