Did scan and saying eval functions in Snapshot PHP plugin code?

Hi there, I did a scan using Stop Spammers (latest Version 6.07) and it is saying there is eval functions in the Snapshot PHP plugin code.

It said “These are warnings, only. Some content and plugins might not be malicious, but still contain one or more of these indicators. Please investigate all indications of problems. The plugin may err on the side of caution.

Although there are legitimate reasons for using the eval function, and javascript uses it frequently, finding eval in PHP code is in the very least bad practice, and the worst is used to hide malicious code. If eval() comes up in a scan, try to get rid of it.”

So if it’s bad practice to use it in PHP, could you find a way to recode the PHP please.

Here is what the scan found:

/../wp-content/plugins/snapshot/lib/destinations/ftp/phpseclib0.2.2/Net/SSH2.php

1066: $this->exchange_hash = pack(‘H*’, $hash($this->exchange_hash));

1169: $iv = pack(‘H*’, $hash($keyBytes . $this->exchange_hash . ‘A’ . $this->session_id));

1171: $iv.= pack(‘H*’, $hash($keyBytes . $this->exchange_hash . $iv));

1175: $key = pack(‘H*’, $hash($keyBytes . $this->exchange_hash . ‘C’ . $this->session_id));

1177: $key.= pack(‘H*’, $hash($keyBytes . $this->exchange_hash . $key));

1186: $iv = pack(‘H*’, $hash($keyBytes . $this->exchange_hash . ‘B’ . $this->session_id));

1188: $iv.= pack(‘H*’, $hash($keyBytes . $this->exchange_hash . $iv));

1192: $key = pack(‘H*’, $hash($keyBytes . $this->exchange_hash . ‘D’ . $this->session_id));

1194: $key.= pack(‘H*’, $hash($keyBytes . $this->exchange_hash . $key));

1268: $key = pack(‘H*’, $hash($keyBytes . $this->exchange_hash . ‘E’ . $this->session_id));

1270: $key.= pack(‘H*’, $hash($keyBytes . $this->exchange_hash . $key));

1274: $key = pack(‘H*’, $hash($keyBytes . $this->exchange_hash . ‘F’ . $this->session_id));

1276: $key.= pack(‘H*’, $hash($keyBytes . $this->exchange_hash . $key));

/../wp-content/plugins/snapshot/lib/destinations/aws/AWSSDKforPHP/sdk.class.php

485: return new $self($options);

/../wp-content/plugins/snapshot/lib/destinations/aws/AWSSDKforPHP/lib/cachecore/cachecore.class.php

92: return new $self($name, $location, $expires, $gzip);

/../wp-content/plugins/snapshot/lib/destinations/aws/AWSSDKforPHP/utilities/array.class.php

72: return new $self($input, $flags, $iterator_class);

/../wp-content/plugins/snapshot/lib/destinations/aws/AWSSDKforPHP/utilities/stepconfig.class.php

68: return new $self($config);

/../wp-content/plugins/snapshot/lib/destinations/aws/AWSSDKforPHP/utilities/credential.class.php

41: * @return mixed The results of calling the function $name(), or the value of the key $object[$name].

/../wp-content/plugins/snapshot/lib/destinations/aws/AWSSDKforPHP/utilities/simplexml.class.php

115: return new $self($data, $options, $data_is_url, $ns, $is_prefix);

/../wp-content/plugins/snapshot/lib/destinations/aws/AWSSDKforPHP/utilities/policy.class.php

81: return new $self($auth, $policy);

/../wp-content/plugins/snapshot/lib/destinations/greenqloud/AWSSDKforPHP/sdk.class.php

485: return new $self($options);

/../wp-content/plugins/snapshot/lib/destinations/greenqloud/AWSSDKforPHP/lib/cachecore/cachecore.class.php

92: return new $self($name, $location, $expires, $gzip);

/../wp-content/plugins/snapshot/lib/destinations/greenqloud/AWSSDKforPHP/utilities/array.class.php

72: return new $self($input, $flags, $iterator_class);

/../wp-content/plugins/snapshot/lib/destinations/greenqloud/AWSSDKforPHP/utilities/stepconfig.class.php

68: return new $self($config);

/../wp-content/plugins/snapshot/lib/destinations/greenqloud/AWSSDKforPHP/utilities/credential.class.php

41: * @return mixed The results of calling the function $name(), or the value of the key $object[$name].

/../wp-content/plugins/snapshot/lib/destinations/greenqloud/AWSSDKforPHP/utilities/simplexml.class.php

115: return new $self($data, $options, $data_is_url, $ns, $is_prefix);

/../wp-content/plugins/snapshot/lib/destinations/greenqloud/AWSSDKforPHP/utilities/policy.class.php

81: return new $self($auth, $policy);

  • Vinod Dalvi
    • WP Unicorn

    Hi Ian,

    I hope you are well today and thanks for posting on the forum.

    I searched the files of latest version of Snapshot Pro plugin for eval() function but didn’t find it. Also it’s not there in your shared code in this topic.

    Please advise where you found it.

    Kind Regards,

    VInod Dalvi

  • Ian
    • The Incredible Code Injector

    Sorry, you are right, it was some other plugins using eval() function so I will let them know.

    However the scan picked up Snapshot for other functions highlighted in red in screenshot.

    Are these okay? Why would have have been marked in this scan?

    It’s all greek to me :slight_smile:

    Thanks for your time, cheers, Ian

    P.S. I changed the directory to example.com before creating to the screenshot for privacy reasons :slight_smile:

  • Vinod Dalvi
    • WP Unicorn

    Hi Ian,

    Thank you for your reply.

    There is nothing wrong with the Snapshot Pro plugin code and the threat scan performed by the stop spammer plugin only highlights these functions because most spammers use this type of code to hack the site so it just takes it to your attention to check whether the plugin containing that code is obtained from legal source and not from any spammers website which also provides it free of cost to do this type of activity.

    You can also see in your shred screenshot it has highlighted some code from the files of Wordfence plugin which is one of the popular security plugin :slight_smile:

    Cheers,

    Vinod Dalvi

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.