import os
def find_method(name):
i = 0
found_dic = { "$_GET":[], "$_POST":[], "include":[], "require":[], "mysql_query":[], "SELECT":[], "system":[], "exec":[], "passthru":[], "readfile":[], "fopen":[], "eval":[] }
for i, line in enumerate(file(name, "r")):
found = False
for key in found_dic:
if key in line.strip():
found_dic[key].append("LINE:"+str(i)+":" + key)
found = True
for key in found_dic:
if found_dic[key]:
print " ", "-"*10, key, "-"*10
for r in found_dic[key]:
print " ",r
def search(dirname):
flist = os.listdir(dirname)
for f in flist:
next = os.path.join(dirname, f)
if os.path.isdir(next):
search(next)
else:
doFileWork(next)
def doFileWork(filename):
ext = os.path.splitext(filename)[-1]
#if ext == '.html': print filename
if ext == '.php':
# print "target:" + filename
find_method(filename)
问题在这里 我需要我的结果需要显示
EX) === /var/www/html/zboard/zboard.php ==
---------- exec ----------
LINE:288:$a_setup="<a onfocus=blur() href='admin_setup.php?exec=view_board&no=$setup[no]&group_no=$setup[group_no]&exec2=modify' target=_blank>"; else $a_setup="<Zeroboard ";
但这只显示
---------- exec ----------
LINE:287:exec
---------- mysql_query ----------
LINE:43:mysql_query
LINE:95:mysql_query
LINE:120:mysql_query
如何使用此代码显示示例
答案 0 :(得分:0)
如果我理解你的问题,你就会问如何获得绝对文件路径。这个问题已在this stackoverflow问题中得到解答。
要重复你会在那里找到的答案:
>>> import os
>>> os.path.abspath("mydir/myfile.txt")
答案 1 :(得分:0)
看起来你有两个不同的问题。
首先,您显然希望在每批“查找”前加上找到它们的文件,如下所示:
EX)=== /var/www/html/zboard/zboard.php ==
我不确定该格式应该是什么,但是......你已经获得了doFileWork
所需的所有信息,而你只是不打印它。只需将此行添加到doFileWork
函数的顶部:
print "EX) === {} ==".format(filename)
如果你想保证它是绝对路径,即使你是以相对路径开始,只需:
print "EX) === {} ==".format(os.path.abspath(filename))
其次,您显然希望每个匹配都打印整个匹配行,而不仅仅是匹配的键。
同样,您也拥有所需的信息;问题是您明确使用key
而不是line.strip()
。只需替换它:
found_dic[key].append("LINE:"+str(i)+":" + key)
......用这个:
found_dic[key].append("LINE:"+str(i)+":" + line.strip())