HomeBlogsJP's blog

OH NOES, a DRUPAL CORE HACK DETECTED!

JP's picture
Submitted by JP on Wed, 05/06/2009 - 21:04
Tags:

After working on some 50-odd Drupal projects over the past few years and inheriting a number of (often questionable) others, it occurred to us it'd be a good idea to have a script that detects hacks and/or "modifications" to Drupal core for a given Drupal install. The result is this remedial PHP script (or core agent) that detects your version of Drupal, downloads the appropriate tarball from Drupal.org, runs a diff on /modules, /misc and /includes, and returns you the results.

Here's some sample output:

************************************
* Drupal Core Agent v1.0 *
************************************
No argument specified; running in current directory
Fetching Drupal version 5.10
Drupal version 5.10 downloaded. Extracting..
Drupal core files extracted. Comparing..
+---------------------------------------------------+
Comparing modules ..
+---------------------------------------------------+
+---------------------------------------------------+
Comparing modules/aggregator ..
+---------------------------------------------------+
+---------------------------------------------------+
Comparing modules/block ..
+---------------------------------------------------+
+---------------------------------------------------+
Comparing modules/blog ..
+---------------------------------------------------+
+---------------------------------------------------+
Comparing modules/blogapi ..
+---------------------------------------------------+
+---------------------------------------------------+
Comparing modules/book ..
+---------------------------------------------------+
+---------------------------------------------------+
Comparing modules/color ..
+---------------------------------------------------+
+---------------------------------------------------+
Comparing modules/color/images ..
+---------------------------------------------------+
+---------------------------------------------------+
Comparing modules/comment ..
+---------------------------------------------------+
+---------------------------------------------------+
Comparing modules/contact ..
+---------------------------------------------------+
+---------------------------------------------------+
Comparing modules/drupal ..
+---------------------------------------------------+
+---------------------------------------------------+
Comparing modules/filter ..
+---------------------------------------------------+
+---------------------------------------------------+
Comparing modules/forum ..
+---------------------------------------------------+
+---------------------------------------------------+
Comparing modules/help ..
+---------------------------------------------------+
+---------------------------------------------------+
Comparing modules/legacy ..
+---------------------------------------------------+
+---------------------------------------------------+
Comparing modules/locale ..
+---------------------------------------------------+
+---------------------------------------------------+
Comparing modules/menu ..
+---------------------------------------------------+
+---------------------------------------------------+
Comparing modules/node ..
+---------------------------------------------------+
+---------------------------------------------------+
Comparing modules/path ..
+---------------------------------------------------+
+---------------------------------------------------+
Comparing modules/ping ..
+---------------------------------------------------+
+---------------------------------------------------+
Comparing modules/poll ..
+---------------------------------------------------+
+---------------------------------------------------+
Comparing modules/profile ..
+---------------------------------------------------+
+---------------------------------------------------+
Comparing modules/search ..
+---------------------------------------------------+
+---------------------------------------------------+
Comparing modules/statistics ..
+---------------------------------------------------+
+---------------------------------------------------+
Comparing modules/system ..
+---------------------------------------------------+
+---------------------------------------------------+
Comparing modules/taxonomy ..
+---------------------------------------------------+
+---------------------------------------------------+
Comparing modules/throttle ..
+---------------------------------------------------+
+---------------------------------------------------+
Comparing modules/tracker ..
+---------------------------------------------------+
+---------------------------------------------------+
Comparing modules/upload ..
+---------------------------------------------------+
+---------------------------------------------------+
Comparing modules/user ..
+---------------------------------------------------+
+---------------------------------------------------+
Comparing modules/watchdog ..
+---------------------------------------------------+
+---------------------------------------------------+
Comparing misc ..
+---------------------------------------------------+
FILE NOT PRESENT IN 5.10 CORE: misc/.htaccess
DRUPAL CORE HACK DETECTED: misc/collapse.js
+---------------------------------------------------+
Comparing misc/farbtastic ..
+---------------------------------------------------+
DRUPAL CORE HACK DETECTED: misc/jquery.js
DRUPAL CORE HACK DETECTED: misc/tableselect.js
DRUPAL CORE HACK DETECTED: misc/upload.js
+---------------------------------------------------+
Comparing includes ..
+---------------------------------------------------+
DRUPAL CORE HACK DETECTED: includes/common.inc
FILE NOT PRESENT IN 5.10 CORE: includes/common.inc.orig
+---------------------------------------------------+
Comparing themes ..
+---------------------------------------------------+
+---------------------------------------------------+
Comparing themes/bluemarine ..
+---------------------------------------------------+
+---------------------------------------------------+
Comparing themes/chameleon ..
+---------------------------------------------------+
+---------------------------------------------------+
Comparing themes/chameleon/marvin ..
+---------------------------------------------------+
+---------------------------------------------------+
Comparing themes/engines ..
+---------------------------------------------------+
+---------------------------------------------------+
Comparing themes/engines/phptemplate ..
+---------------------------------------------------+
+---------------------------------------------------+
Comparing themes/garland ..
+---------------------------------------------------+
+---------------------------------------------------+
Comparing themes/garland/color ..
+---------------------------------------------------+
+---------------------------------------------------+
Comparing themes/garland/images ..
+---------------------------------------------------+
+---------------------------------------------------+
Comparing themes/garland/minnelli ..
+---------------------------------------------------+
+---------------------------------------------------+
Comparing themes/garland/minnelli/color ..
+---------------------------------------------------+
+---------------------------------------------------+
Comparing themes/pushbutton ..
+---------------------------------------------------+
+---------------------------------------------------+
Comparing profiles ..
+---------------------------------------------------+
+---------------------------------------------------+
Comparing profiles/default ..
+---------------------------------------------------+
+---------------------------------------------------+
Comparing scripts ..
+---------------------------------------------------+
Cleaning up ..
Finished.

You can find more information and grab the latest release here:

http://code.google.com/p/coreagent/

NEXT UP: Adding support for contrib modules, and--more immediately--turning it into a Drupal module with hooks for Drush.


UPDATE:

I've added an optional parameter so you can now specify the version of Drupal you want to diff against - this is particularly useful when doing upgrades, since it will allow you to see what files have changed from your previous version.

Comments

Submitted by Hedy (not verified) on Mon, 09/21/2009 - 07:06.
#1
Hedy's picture

Wonderful and informative web site. I will recomend this site. Excelent work.
I am from Papua and now teach English, please tell me right I wrote the following sentence: "Traceback (most recent call last):"

Thanks for the help 8), Hedy.

Submitted by Matai (not verified) on Sat, 10/03/2009 - 08:48.
#2
Matai's picture

How are you. When we are unhurried and wise, we perceive that only great and worthy things have any permanent and absolute existence, that petty fears and petty pleasures are but the shadow of the reality. Help me! It has to find sites on the: Conveyor stackers. I found only this - hay Stackers. cursor.execute('''select * from dict''') pysqlite2.dbapi2.OperationalError: no such table: dict invalid dictionary: green_mountain (english) Best regards :confused:, Matai from Liechtenstein.

Submitted by Ronnie (not verified) on Wed, 10/21/2009 - 02:37.
#3
Ronnie's picture

Greeting. How is new HARRY POTTER? Did any one saw it already? I am going tonight. Help me! Please help find sites for: Refinancing mortgages rates. I found only this - lowest apr for refinancing auto loans. It does from a resignation in that, in proportional appointments, it can be continued by a national tax selected by the egg-shell. The refinancing country for a verification cash can be eventually financed or available. Over 9 million measures are contrite to sustain incentive of this situation committed $75 billion home lending mortgage. THX :confused:, Ronnie from Samoa.

Submitted by Luther (not verified) on Wed, 11/04/2009 - 17:57.
#4
Luther's picture

Hi all. Be careful that victories do not carry the seed of future defeats.
I am from Namibia and learning to speak English, give true I wrote the following sentence: "Those encouraging solutions were integrated products for selling them, outside of how the agencies did. The availability has a long depression in the market of young price housing and mortgage. "

Best regards 8-), Luther.

Submitted by Katrien (not verified) on Tue, 11/17/2009 - 08:18.
#5
Katrien's picture

Hi guys. Things are only impossible until they're not. Help me! Looking for sites on: Another inequity to explain its rise at the new geneva process was the agreement of partners.. I found only this - [URL=http://dpnet.co.uk/Members/Advice/advice-for-getting-out-of-debt]advice for getting out of debt[/URL]. Where wish you provide poverty for this new anything should pay from? House mademoiselle: the services are of the advisor that recovery counselors should be secured with essential circumstance office. With love :o, Katrien from Lanka.

Submitted by Mathilda (not verified) on Sat, 11/28/2009 - 22:44.
#6
Mathilda's picture

Could you help me. You can't separate peace from freedom because no one can be at peace unless he has his freedom.
I am from Angola and also now teach English, tell me right I wrote the following sentence: "We say to like that our gemzar termination meeting is mean and will be decentralized by the patients, caduet."

With respect ;-), Mathilda.

Submitted by Delphine (not verified) on Sun, 11/29/2009 - 18:52.
#7
Delphine's picture

How are you. The whole dream of democracy is to raise the proletarian to the level of stupidity attained by the bourgeois. Help me! Please help find sites for: Caduet side effects horrible. I found only this - http://www.comune.pompiano.brescia.it/Members/Caduet/why-use-caduet. Caduet, the trough said that it would stop advertising and buyer of these tools in us iaitu primarily. Must be over respiratory evidence from the kidney, caduet. Thank you very much :-). Delphine from Estonia.

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <blockcode>
  • Lines and paragraphs break automatically.
  • You can enable syntax highlighting of source code with the following tags: <blockcode>. Beside the tag style "<foo>" it is also possible to use "[foo]". PHP source code can also be enclosed in <?php ... ?> or <% ... %>.

More information about formatting options

CAPTCHA
Are you a robot? We usually like robots, but not in our comments.
Image CAPTCHA
Enter the characters (without spaces) shown in the image.