JED checker rules

jschmi · Post by **jschmi** » Thu Oct 06, 2022 2:17 pm

hi,

I get a warning by JAMSS - Joomla! Anti-Malware Scan Script when calling method:

$plugin=PluginHelper::getPlugin('type', 'name');
Reason: "Pattern found#23 - shell command execution from POST/GET variables"

I think this should be corrected, as this is a well known and valid PluginHelper method and not a POST/GET variable issue.

SharkyKZ · Post by **SharkyKZ** » Thu Oct 06, 2022 7:48 pm

What is the exact code on the line?

Post by **toivo** » Thu Oct 06, 2022 8:07 pm

The Joomla Anti Malware Scan Script (JAMSS) has not been updated for several years and "[t]his script is far from being 100% accurate". It detects patterns in ordinary code structures, for example Pattern found#17 - PHP: multiple encoded, most probably obfuscated code found #11 #27, but apparently it is only a warning and will be manually checked by the JED team.

jschmi · Post by **jschmi** » Fri Oct 07, 2022 9:11 am

hi,

still I suggest to correct this issue. Though it results only in a warning, it creates at least some unnecessary irritation and checks (which happened to me).

Physicist · Post by **Physicist** » Fri Oct 07, 2022 10:19 am

@jschmi Could you send me (denis.ryabov at community.joomla.org) the full text of that file? The rule #23 finds execution command (exec, passthru, shell_exec, system, popen, proc_...) followed by $_GET or $_POST. The mentioned line doesn't match it, so the actual problem should be a few lines above or below.

jschmi · Post by **jschmi** » Fri Oct 07, 2022 11:11 am

hi,

You are right... in my code I'm doing some cleanup of $_GET and $_POST variables. If I remove this code part - the JAMSS warning disappears. Can you explain/clarify, why JAMSS does not point to this part of code?

Physicist · Post by **Physicist** » Fri Oct 07, 2022 11:59 am

Hmm, do you use the latest version of JEDChecker (v.2.4.1)? I'm unable to reproduce the issue with your file (though I tested it using dev snapshot, maybe there is a difference).

jschmi · Post by **jschmi** » Fri Oct 07, 2022 12:53 pm

hi,

jed checker version is 2.4.1 - I get this using my code:

jschmi · Post by **jschmi** » Fri Oct 07, 2022 1:03 pm

hi,

I reinstalled jedchecker with code from github - this tells me same version (and date) but the warning disappeared with this version. Seems that the code from JED is different and causing the issue.

sozzled · Post by **sozzled** » Fri Oct 07, 2022 8:15 pm

Interesting discussion!

I agree that there are differences between the JED Checker v2.4.1 downloaded from the JED and the files under development in GitHub, e.g. ../administrator/components/com_jedchecker/libraries/rules/jamss.php. I cannot confirm that JAMMS checking accurately reports issues with extensions one tests with JED Checker v2.4.1.

I raised it as an issue for the JED Checker developers: https://github.com/joomla-extensions/je ... issues/193

The Joomla! Forum™

JED checker rules Topic is solved

JED checker rules

Re: JED checker rules

Re: JED checker rules

Re: JED checker rules

Re: JED checker rules

Re: JED checker rules

Re: JED checker rules

Re: JED checker rules

Re: JED checker rules

Re: JED checker rules