import yaml import os import re def read_php_files(input, output): # Load the directory path from the YAML file search_list=['sec', 'code', 'id', 'post_key', 'pass', 'key'] # why is there so many? param_list=['POST','GET','DELETE','PUT'] # so far looks like only POST and GET, include the others just in case directory_path = input # Check if the directory exists if not os.path.isdir(directory_path): print(f"The directory {directory_path} does not exist.") return # List all .php files in the directory php_files = [f for f in os.listdir(directory_path) if f.endswith('.php')] if not php_files: print("No PHP files found in the directory.") return out = "" # Process each .php file for filename in php_files: file_path = os.path.join(directory_path, filename) with open(file_path, 'r', encoding='utf-8') as file: contents = file.read() add = filename found_params = [] for paramtype in param_list: for match in re.finditer("_" + paramtype, contents): start_line = contents.rfind('\n', 0, match.start()) + 1 end_line = contents.find('\n', match.end(), -1) line = contents[start_line:end_line] if "[" in line and "]" in line: quoted_strings = re.findall(r'["\'](.*?)["\']', line) if len(quoted_strings) == 1: found_params.append((quoted_strings[0], line[line.find("$")+1:line.find('=')].strip())) add += ",PARAM:," + quoted_strings[0] + "," + paramtype for codetype in search_list: for match in re.finditer("\$" + codetype, contents): # Extract the line containing the matched string start_line = contents.rfind('\n', 0, match.start()) + 1 end_line = contents.find('\n', match.end(), -1) line = contents[start_line:end_line] if '==' in line and not "POST" in line and not "GET" in line: #print(line) quoted_strings = re.findall(r'["\'](.*?)["\']', line) if len(quoted_strings) == 1: if codetype not in [x[0] for x in found_params]: # non-matching variable & key! found = False for val in found_params: if codetype == val[1]: found = True codetype2 = val[0] print("NOTE: Alternate parameter variable used!", codetype, "-->", codetype2, "in file", filename) add += ",KEY:," + codetype2 + "," + quoted_strings[0] break if not found: print("WARNING: No matching parameter variable found!" , codetype, "--> ??? in file", filename) add += ",KEY:," + codetype + "," + quoted_strings[0] else: add += ",KEY:," + codetype + "," + quoted_strings[0] if add == filename: out += add + ",null" else: out += add out += "\n" print(out) with open(output + "/apidetails.csv", 'w', encoding='utf-8') as file: # Write the string to the file file.write(out) # Example usage if __name__ == "__main__": with open('config.yml', 'r') as file: config = yaml.safe_load(file) directory_path = config['tool_directory'] output_path = config['app_config_directory'] read_php_files(directory_path, output_path)