From 51ae9a5d39680acf1cd3e91e66c9daef657ba1a5 Mon Sep 17 00:00:00 2001 From: Glauber Silva Date: Mon, 6 Jan 2025 21:47:52 -0300 Subject: [PATCH] refactor: simplify logic --- src/Helpers/Utils.php | 43 +------------------------------- tests/Unit/Helpers/UtilsTest.php | 26 ++----------------- 2 files changed, 3 insertions(+), 66 deletions(-) diff --git a/src/Helpers/Utils.php b/src/Helpers/Utils.php index d64e86edba..d389843791 100644 --- a/src/Helpers/Utils.php +++ b/src/Helpers/Utils.php @@ -139,47 +139,6 @@ public static function recursiveUrlDecode($data) return $decoded === $data ? $data : self::recursiveUrlDecode($decoded); } - /** - * @unreleased - */ - public static function recursiveBase64Decode($data) - { - $decodedData = base64_decode($data); - if ($decodedData !== false && base64_encode($decodedData) === $data) { - // If the decoded string is a valid Base64 string, decode again - return self::recursiveBase64Decode($decodedData); - } - - return $data; - } - - /** - * @unreleased - */ - public static function recursiveHexDecode($data) - { - $decodedData = hex2bin($data); - if ($decodedData !== false && bin2hex($decodedData) === $data) { - // If the decoded string is a valid Hex string, decode again - return self::recursiveHexDecode($decodedData); - } - - return $data; - } - - /** - * @unreleased - */ - public static function decodeString(string $data): string - { - $data = self::recursiveBase64Decode($data); - $data = self::recursiveHexDecode($data); - $data = self::recursiveUrlDecode($data); - - return $data; - } - - /** * The regular expression attempts to capture the basic structure of all data types that can be serialized by PHP. * @@ -193,7 +152,7 @@ public static function containsSerializedDataRegex($data): bool return false; } - $data = self::decodeString($data); + $data = self::recursiveUrlDecode($data); /** * This regular expression removes any special character that is not: diff --git a/tests/Unit/Helpers/UtilsTest.php b/tests/Unit/Helpers/UtilsTest.php index 5e3915fa84..c05c771d3b 100644 --- a/tests/Unit/Helpers/UtilsTest.php +++ b/tests/Unit/Helpers/UtilsTest.php @@ -113,7 +113,7 @@ public function serializedDataProvider(): array 'O :8:"stdClass":1:{s :4:"name";s :5:"James";}', true, ], - // BYPASS WITH SIMPLE METHODS + // Bypass with simple methods [ // backslash '\\' . serialize('backslash-bypass'), @@ -124,7 +124,7 @@ public function serializedDataProvider(): array '\\\\' . serialize('double-backslash-bypass'), true, ], - // BYPASS WITH ENCODING STRING METHOD #1 - URL-encoded + // Bypass with encoding string method - URL-encoded [ // Single encode for O:8:"stdClass":1:{s:4:"name";s:5:"James";} 'O%3A8%3A%22stdClass%22%3A1%3A%7Bs%3A4%3A%22name%22%3Bs%3A5%3A%22James%22%3B%7D', @@ -135,28 +135,6 @@ public function serializedDataProvider(): array 'O%253A8%253A%2522stdClass%2522%253A1%253A%257Bs%253A4%253A%2522name%2522%253Bs%253A5%253A%2522James%2522%253B%257D', true, ], - // BYPASS WITH ENCODING STRING METHOD #2 - Base64 - [ - // Single encode for O:8:"stdClass":1:{s:4:"name";s:5:"James";} - 'Tzo4OiJzdGRDbGFzcyI6MTp7czo0OiJuYW1lIjtzOjU6IkphbWVzIjt9', - true, - ], - [ - // Double encode for O:8:"stdClass":1:{s:4:"name";s:5:"James";} - 'VHp6MDpPOmp6I3N0ZENsYXNzIjoxOntzOjQ6Im5hbWUiO3M6NToiSmFtZXMiO31z', - true, - ], - // BYPASS WITH ENCODING STRING METHOD #3 - Hex-encoded - [ - // Single encode for O:8:"stdClass":1:{s:4:"name";s:5:"James";} - '4f3a383a22737464436c617373223a313a7b733a343a226e616d65223b733a353a224a616d6573223b7d', - true, - ], - [ - // Double encode for O:8:"stdClass":1:{s:4:"name";s:5:"James";} - '346633613833613a323237333634343336643661373332223a313a376233343a313a3763363a373233333634353a343a66337a343a323233643634663a373236333a666537333a393a6666372e7a3a313b', - true, - ], // Real-world samples using multiple obfuscation techniques together [ // Double URL-encoded for O😼:5:"TCPDF":2:{s😼:12:" * imagekeys";a😼:1:{i😼:0;s😼:34:"/tmp/../var/www/html/wp-config.php";}s😼:10:" * file_id";s😼:32:"202cb962ac59075b964b07152d234b70";}