src/Normalizers/NormalizeConcatenated.php
<?php
/*
* NOTICE OF LICENSE
*
* Part of the Shieldfy Normaization Package.
*
* This source file is subject to The MIT License (MIT)
* that is bundled with this package in the LICENSE file.
*
* Package: Shieldfy Normaization Package
* License: The MIT License (MIT)
* Link: https://shieldfy.com
*/
namespace Shieldfy\Normalizer\Normalizers;
use Shieldfy\Normalizer\NormalizeInterface;
use Shieldfy\Normalizer\PreSearchTrait;
class NormalizeConcatenated implements NormalizeInterface
{
use PreSearchTrait;
protected $value;
/**
* Constructor.
*
* @param mixed $value
*/
public function __construct($value)
{
$this->value = $value;
$this->preSearch = null;
}
/**
* Run the Normalizer.
*
* @return mixed normalized $value
*/
public function run()
{
//normalize remaining backslashes
if ($this->value != preg_replace('/(\w)\\\/', '$1', $this->value)) {
$this->value .= preg_replace('/(\w)\\\/', '$1', $this->value);
}
$compare = stripslashes($this->value);
$pattern = [
'/(?:<\/\w+>\+<\w+>)/s',
'/(?:":\d+[^"[]+")/s',
'/(?:"?"\+\w+\+")/s',
'/(?:"\s*;[^"]+")|(?:";[^"]+:\s*")/s',
'/(?:"\s*(?:;|\+)[^"]{8,18}:\s*")/s',
'/(?:";\w+=)|(?:!""&&")|(?:~)/s',
'/(?:"?"\+""?\+?"?)|(?:;\w+=")|(?:"[|&]{2,})/s',
'/(?:"\s*\W+")/s',
'/(?:";\w\s*\+=\s*\w?\s*")/s',
'/(?:"[|&;]+\s*[^|&\n]*[|&]+\s*"?)/s',
'/(?:";\s*\w+\W+\w*\s*[|&]*")/s',
'/(?:"\s*"\s*\.)/s',
'/(?:\s*new\s+\w+\s*[+",])/',
'/(?:(?:^|\s+)(?:do|else)\s+)/',
'/(?:[{(]\s*new\s+\w+\s*[)}])/',
'/(?:(this|self)\.)/',
'/(?:undefined)/',
'/(?:in\s+)/',
];
// strip out concatenations
$converted = preg_replace($pattern, null, $compare);
//strip object traversal
$converted = preg_replace('/\w(\.\w\()/', '$1', $converted);
// normalize obfuscated method calls
$converted = preg_replace('/\)\s*\+/', ')', $converted);
//convert JS special numbers
$converted = preg_replace(
'/(?:\(*[.\d]e[+-]*[^a-z\W]+\)*)|(?:NaN|Infinity)\W/ims',
1,
$converted
);
if ($converted && ($compare != $converted)) {
$this->value .= "\n".$converted;
}
return $this->value;
}
}