import os
import requests
import re
classPop = []
funcPop = []
array = []
def deleteIfAndFor(f):
text = f.read()
s = re.findall("(if\((\d+)>(\d+)\){([\w\W]+?)})", text)
for i in s:
if int(i[1]) < int(i[2]):
text = text.replace(i[0], "")
else:
text = text.replace(i[0], i[3].strip())
s = re.findall("(for\(\$i = 0; \$i < (\d+); \$i \+\+\){([\w\W]+?)})", text)
for i in s:
if int(i[1]) == 0:
text = text.replace(i[0], "")
else:
text = text.replace(i[0], i[2].strip())
with open("result.txt", "w") as g:
g.write(text)
def search(key):
# func 入栈
funcPop.append(key)
for i in array:
if i.find("function " + key) != -1:
# class入栈
classPop.append(re.findall(r'class\s([a-zA-Z0-9_]{6})', i)[0])
tmp = fr'public\sfunction\s{key}' + '\(\$[a-zA-Z0-9]{5}\)\{[\w\W]*?\}\n'
# 提取调用方法
func = re.findall(tmp, i)
# 进行过滤,如果传入的参数被顶掉,直接返回
tmp2 = fr'public\sfunction\s{key}' + '\(\$([a-zA-Z0-9]{5})\)\{[\w\W]*?\}\n'
e = re.findall(tmp2, i)
tmp3 = fr'{e[0]}\s*?=\s*?'
if (re.findall(tmp3, func[0]).__len__() > 0) and (func[0].find(".") == -1):
classPop.pop()
return
# 检测是否存在eval,如果存在则打印classPop
if func[0].find('eval') != -1:
print(classPop)
# 提取调用链
nextFunc = re.findall(r'\$this->[a-zA-Z0-9]{7}->([a-zA-Z0-9]{6})\(\$[a-zA-Z0-9]{5}\);', func[0])
# 遍历所有func
for j in nextFunc:
search(j)
# func 出栈
funcPop.pop()
# class 出栈
classPop.pop()
if __name__ == "__main__":
# f = open("./class.php", "r+")
# deleteIfAndFor(f)
# f.close()
f = open("./result.txt", "r+")
content = f.read()
array = re.findall(r'class\s[a-zA-Z0-9_]+{[\w\W]*?}\n\n', content)
search("lgeDXz")