You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
95 lines
4.0 KiB
Python
95 lines
4.0 KiB
Python
import yaml
|
|
import os
|
|
import re
|
|
|
|
def read_php_files(input, output):
|
|
# Load the directory path from the YAML file
|
|
|
|
search_list=['sec', 'code', 'id', 'post_key', 'pass', 'key'] # why is there so many?
|
|
param_list=['POST','GET','DELETE','PUT'] # so far looks like only POST and GET, include the others just in case
|
|
directory_path = input
|
|
|
|
# Check if the directory exists
|
|
if not os.path.isdir(directory_path):
|
|
print(f"The directory {directory_path} does not exist.")
|
|
return
|
|
|
|
# List all .php files in the directory
|
|
php_files = [f for f in os.listdir(directory_path) if f.endswith('.php')]
|
|
if not php_files:
|
|
print("No PHP files found in the directory.")
|
|
return
|
|
|
|
out = ""
|
|
# Process each .php file
|
|
for filename in php_files:
|
|
file_path = os.path.join(directory_path, filename)
|
|
with open(file_path, 'r', encoding='utf-8') as file:
|
|
contents = file.read()
|
|
add = filename
|
|
found_params = []
|
|
for paramtype in param_list:
|
|
for match in re.finditer("_" + paramtype, contents):
|
|
start_line = contents.rfind('\n', 0, match.start()) + 1
|
|
end_line = contents.find('\n', match.end(), -1)
|
|
line = contents[start_line:end_line]
|
|
if "[" in line and "]" in line:
|
|
quoted_strings = re.findall(r'["\'](.*?)["\']', line)
|
|
if len(quoted_strings) == 1:
|
|
found_params.append((quoted_strings[0], line[line.find("$")+1:line.find('=')].strip()))
|
|
add += ",PARAM:," + quoted_strings[0] + "," + paramtype
|
|
|
|
for codetype in search_list:
|
|
for match in re.finditer("\$" + codetype, contents):
|
|
# Extract the line containing the matched string
|
|
start_line = contents.rfind('\n', 0, match.start()) + 1
|
|
end_line = contents.find('\n', match.end(), -1)
|
|
line = contents[start_line:end_line]
|
|
|
|
if '==' in line and not "POST" in line and not "GET" in line:
|
|
#print(line)
|
|
quoted_strings = re.findall(r'["\'](.*?)["\']', line)
|
|
if len(quoted_strings) == 1:
|
|
if codetype not in [x[0] for x in found_params]:
|
|
# non-matching variable & key!
|
|
found = False
|
|
for val in found_params:
|
|
if codetype == val[1]:
|
|
found = True
|
|
codetype2 = val[0]
|
|
print("NOTE: Alternate parameter variable used!", codetype, "-->", codetype2, "in file", filename)
|
|
add += ",KEY:," + codetype2 + "," + quoted_strings[0]
|
|
break
|
|
if not found:
|
|
print("WARNING: No matching parameter variable found!" , codetype, "--> ??? in file", filename)
|
|
add += ",KEY:," + codetype + "," + quoted_strings[0]
|
|
|
|
else:
|
|
add += ",KEY:," + codetype + "," + quoted_strings[0]
|
|
|
|
|
|
|
|
if add == filename:
|
|
out += add + ",null"
|
|
else:
|
|
out += add
|
|
out += "\n"
|
|
|
|
print(out)
|
|
|
|
with open(output + "/apidetails.csv", 'w', encoding='utf-8') as file:
|
|
# Write the string to the file
|
|
file.write(out)
|
|
|
|
|
|
|
|
# Example usage
|
|
|
|
|
|
if __name__ == "__main__":
|
|
with open('config.yml', 'r') as file:
|
|
config = yaml.safe_load(file)
|
|
directory_path = config['tool_directory']
|
|
output_path = config['app_config_directory']
|
|
read_php_files(directory_path, output_path)
|