-
Notifications
You must be signed in to change notification settings - Fork 109
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
PHP scanner crashes #95
Comments
@killmasta93 thank you for your report! could you please provide more details? does it crash due to the max memory limit? |
hi @esurov thanks for the reply, nope i just run it but after a while it crashes when you say memory limit do you mean of the VM? |
Hi @killmasta93 Does it produce any output upon the crash? With the memory limit I mean the PHP setting in your php.ini. You might want to change it to something like this:
|
HI @esurov Thank you for the reply im attaching picture, it starts running then after checksum it start i was checking logs didnt find anything with issue on memory limit as for the php.ini do you mean on the host or the docker container? im attaching the logs that shows
|
Hi @killmasta93 ! |
Hi all, I'm re-pasting my message here again. :) The problem is in the file: vendor/marcocesarato/amwscan/src/Deobfuscator.php private function calc($expr)
{
if (is_array($expr)) {
$expr = $expr[0];
}
preg_match('~(min|max)?\(([^\)]+)\)~mi', $expr, $exprArr);
if (!empty($exprArr[1]) && ($exprArr[1] === 'min' || $exprArr[1] === 'max')) {
return $exprArr[1](explode(',', $exprArr[2]));
}
preg_match_all('~([\d\.]+)([\*\/\-\+])?~', $expr, $exprArr);
if (!empty($exprArr[1]) && !empty($exprArr[2])) {
if (in_array('*', $exprArr[2], true)) {
$pos = array_search('*', $exprArr[2], true);
$res = @$exprArr[1][$pos] * @$exprArr[1][$pos + 1];
$expr = str_replace(@$exprArr[1][$pos] . '*' . @$exprArr[1][$pos + 1], $res, $expr);
$expr = $this->calc($expr);
} elseif (in_array('/', $exprArr[2], true)) {
$pos = array_search('/', $exprArr[2], true);
$res = $exprArr[1][$pos] / $exprArr[1][$pos + 1];
$expr = str_replace($exprArr[1][$pos] . '/' . $exprArr[1][$pos + 1], $res, $expr);
$expr = $this->calc($expr);
} elseif (in_array('-', $exprArr[2], true)) {
$pos = array_search('-', $exprArr[2], true);
$res = $exprArr[1][$pos] - $exprArr[1][$pos + 1];
$expr = str_replace($exprArr[1][$pos] . '-' . $exprArr[1][$pos + 1], $res, $expr);
$expr = $this->calc($expr);
} elseif (in_array('+', $exprArr[2], true)) {
$pos = array_search('+', $exprArr[2], true);
$res = $exprArr[1][$pos] + $exprArr[1][$pos + 1];
$expr = str_replace($exprArr[1][$pos] . '+' . $exprArr[1][$pos + 1], $res, $expr);
$expr = $this->calc($expr);
} else {
return $expr;
}
}
return $expr; As you can see, this is a recursive function that - for some reason - has an erroneous stop condition for the file you indicated and goes into very, very deep levels of recursion (in my case, about ~281000 - until the memory on the stack is exhausted). I haven't had time to disarm this function and analyze the stop condition, but it seems that a simple and sufficient workaround is to add an additional guard in the form: if($level>100000) return ""; This will interrupt further nesting if it goes too far :) So, all the correct function code will therefore look as follows: private function calc($expr, $level = 0)
{
if($level>100000) return "";
if (is_array($expr)) {
$expr = $expr[0];
}
preg_match('~(min|max)?\(([^\)]+)\)~mi', $expr, $exprArr);
if (!empty($exprArr[1]) && ($exprArr[1] === 'min' || $exprArr[1] === 'max')) {
return $exprArr[1](explode(',', $exprArr[2]));
}
preg_match_all('~([\d\.]+)([\*\/\-\+])?~', $expr, $exprArr);
if (!empty($exprArr[1]) && !empty($exprArr[2])) {
if (in_array('*', $exprArr[2], true)) {
$pos = array_search('*', $exprArr[2], true);
$res = @$exprArr[1][$pos] * @$exprArr[1][$pos + 1];
$expr = str_replace(@$exprArr[1][$pos] . '*' . @$exprArr[1][$pos + 1], $res, $expr);
$expr = $this->calc($expr, $level+1);
} elseif (in_array('/', $exprArr[2], true)) {
$pos = array_search('/', $exprArr[2], true);
$res = $exprArr[1][$pos] / $exprArr[1][$pos + 1];
$expr = str_replace($exprArr[1][$pos] . '/' . $exprArr[1][$pos + 1], $res, $expr);
$expr = $this->calc($expr, $level+1);
} elseif (in_array('-', $exprArr[2], true)) {
$pos = array_search('-', $exprArr[2], true);
$res = $exprArr[1][$pos] - $exprArr[1][$pos + 1];
$expr = str_replace($exprArr[1][$pos] . '-' . $exprArr[1][$pos + 1], $res, $expr);
$expr = $this->calc($expr,$level+1);
} elseif (in_array('+', $exprArr[2], true)) {
$pos = array_search('+', $exprArr[2], true);
$res = $exprArr[1][$pos] + $exprArr[1][$pos + 1];
$expr = str_replace($exprArr[1][$pos] . '+' . $exprArr[1][$pos + 1], $res, $expr);
$expr = $this->calc($expr,$level+1);
} else {
return $expr;
}
}
return $expr;
} This is completely sufficient (at least for my needs). I sincerely greet you and warm hugs for the file that helped me to solve this problem, |
@Borcejn thank you so much |
Hi
Currently trying to run it locally and on docker it starts scanning then crashes
The text was updated successfully, but these errors were encountered: