/usr/local/lp/apps/malre/scripts/ Current File: //usr/local/lp/apps/malre/scripts/find.pl
#! /usr/bin/perl
### Given a directory or directories, output each directory that contains symlinks and the number they contain, each file that is word writable and world executable, each file with 000 permissions, and each file whose filename contains unprintable characters

use strict;
use warnings;

use Cwd 'abs_path';

my $d_progdir = __FILE__;
$d_progdir = ( readlink($d_progdir) || $d_progdir );
my @progdir = split( m/\//, $d_progdir );
pop( @progdir );
$d_progdir = join( "/", @progdir );

require( $d_progdir . '/escape.pm' );
require( $d_progdir . '/stats.pm' );
require( $d_progdir . '/lock_file.pm' );

my $v_max_depth = 20;
my $v_cur_depth = 0;
my $b_just_write;
my @v_dirs;
my @v_unknown;
my $f_links='/dev/stdout';
my $fh_links;
my $f_chars='/dev/stdout';
my $fh_chars;
my $f_wx='/dev/stdout';
my $fh_wx;
my $f_000='/dev/stdout';
my $fh_000;
my $f_all='/dev/stdout';
my $fh_all;
my $f_list='/dev/null';

sub fn_import_fold_print {
	if ( $d_progdir . '/fold_print.pm' ) {
		require( $d_progdir . '/fold_print.pm' );
		print fn_fold_print($_[0]);
	} else {
		print $_[0];
	}
}

sub fn_checks {
### Check files to see if they fall into any of the categories that we're concerned about
### Return 1 if they're a symlink (so other processing can be done in the main function)
	my $v_file = $_[0];
	my $b_out = ( $_[1] || 0 );
	my $v_escaped;
	### Check for filenames that have unprintable characters
	if ($f_chars) {
		my $v_name = (split( m/\//, $v_file ))[-1];
		if ( $v_name =~ m/[\001-\037\x7F\n]/ ) {
			$v_escaped = fn_escape_filename($v_file);
			if ( $f_chars ne $f_all ) {
				print $fh_chars $v_escaped . "\n";
			}
			print $fh_all "CHARS: " . $v_escaped . "\n";
			fn_report_file( $v_file, 'chars', undef, undef, $f_list );
		}
	}
	if ( ($f_wx || $f_000) && ! -l $v_file ) {
		my $mode = (stat($v_file))[2];
		$mode = sprintf "%04o", $mode & 07777;
		my $mode2 = $mode;
		if ( -d $v_file ) {
			$mode2 .= " (directory)";
		}
		if ($f_wx) {
			my $last = substr( $mode, -1 );
			if ( $last =~ /^[37]$/ || ( $b_just_write && $last =~ /^[2367]$/ ) ) {
				if ( ! $v_escaped ) {
					$v_escaped = fn_escape_filename($v_file);
				}
				if ( $f_wx ne $f_all ) {
					print $fh_wx $v_escaped . " - " . $mode2 . "\n";
				}
				print $fh_all "WX:    " . $v_escaped . " - " . $mode2 . "\n";
				fn_report_file( $v_file, 'wx', undef, undef, $f_list );
			}
		}
		if ($f_000) {
			my $last = substr( $mode, -3 );
			if ( $last eq "000" ) {
				if ( ! $v_escaped ) {
					$v_escaped = fn_escape_filename($v_file);
				}
				if ( $f_000 ne $f_all ) {
					print $fh_000 $v_escaped . " - " . $mode2 . "\n";
				}
				print $fh_all "000:   " . $v_escaped . " - " . $mode2 . "\n";
				##### ))) files really are not a threat - no need to put those into the list of issues
				# fn_report_file( $v_file, '000', undef, undef, $f_list );
			}
		}
	}
	if ( $f_links && -l $v_file ) {
		if ($b_out) {
			if ( ! $v_escaped ) {
				$v_escaped = fn_escape_filename($v_file);
			}
			if ( $f_links ne $f_all ) {
				print $fh_links "1 - " . $v_escaped . "\n";
			}
			print $fh_all "LINKS: 1 - " . $v_escaped . "\n";
			fn_report_file( $v_file, 'symlink', undef, undef, $f_list );
		} else { 
			return 1;
		}
	}
	return 0;
}

sub fn_file_crawl {
### Look at each file in each directory that we're presented with
	my $v_dir = $_[0];
	my $c_links = 0;
	my $c_files = 0;
	my $v_last_link;
	if ( -e $v_dir && ! -d $v_dir ) {
	### If we were given a file instead of a directory
		my $v_file = $v_dir;
		fn_checks($v_file, 1);
	} elsif ( -e $v_dir ) {
		### Open the directory and get a file list
		if ( opendir my $fh_dir, $v_dir ) {
			my @files = readdir $fh_dir;
			closedir $fh_dir;
			my @dirs;
			for my $_file (@files) {
				if ( $_file ne "." && $_file ne ".." ) {
					my $v_file = $v_dir . "/" . $_file;
					### Capture it if it's a directory
					if ( -d $v_file && ! -l $v_file ) {
						push( @dirs, $v_file );
					} else {
						### Count everything that is not a directory
						$c_files++;
					}
					### This if statement checks the file and only outputs true if it's a link
					if ( fn_checks($v_file) ) {
						$c_links++;
						$v_last_link = $v_file;
					}
				}
			}
			if ($c_links) {
				my $v_out = $v_dir;
				if ( $c_links == 1 ) {
					### If there was only one link, print the filename of the link instead of the directory
					$v_out = $v_last_link;
				}
				if ( $f_links ne $f_all ) {
					### Output the number of links vs. the total number of files
					print $fh_links $c_links . " " . $c_links . "/" . $c_files . " - " . fn_escape_filename($v_out) . "\n";
				}
				print $fh_all "LINKS: " . $c_links . " - " . fn_escape_filename($v_out) . "\n";
				fn_report_file( $v_out, 'symlink_dir', undef, $c_links, $f_list );
			}
			for my $_dir (@dirs) {
			### For each of the directories we found, go through RECURSIVELY!
				$v_cur_depth++;
				if ( $v_cur_depth <= $v_max_depth ) {
					fn_file_crawl( $_dir );
				}
				$v_cur_depth--;
			}
		}
	}
}

sub fn_open_out {
	if ($f_links) {
		open( $fh_links, '>>', $f_links ) || print STDERR "cannot output links\n" && $f_links = undef;
	}
	if ($f_chars) {
		open( $fh_chars, '>>', $f_chars ) || print STDERR "cannot output chars\n" && $f_chars = undef;
	}
	if ($f_wx) {
		open( $fh_wx, '>>', $f_wx ) || print STDERR "cannot output wx\n" && $f_wx = undef;
	}
	if ($f_000) {
		open( $fh_000, '>>', $f_000 ) || print STDERR "cannot output wx\n" && $f_000 = undef;
	}
	if ($f_all) {
		open( $fh_all, '>>', $f_all ) || print STDERR "cannot output all\n" && $f_all = undef;
	}
}

sub fn_report_unknown {
### Given an array of arguments that didn't match known arguments, report those arguments as unknown
	print STDERR "The following arguments were not recognized:\n";
	for my $_arg (@_) {
		print STDERR "  '" . $_arg . "'\n";
	}
	print STDERR "\n";
	sleep( 2 );
}

sub fn_next {
	if ( defined $ARGV[0] && substr( $ARGV[0], 0, 1 ) ne "-" ) {
		return shift(@ARGV);
	}
	return '';
}

sub fn_help {
my $v_message = <<'EOF';

USAGE

Given one or more directories, output
    - each directory that contains symlinks and the number they contain
    - each file that is word writable and world executable
    - each file that has 000 permissions
    - each file whose filename contains unprintable characters


FLAGS

--000 [FILE]
    - Allows the user to specify the file to which information on files with 000 permissions should be output
    - If the argument following this is an empty string, or the argument following this begins with a dash, or there is no argument following this, don't output information on files with 000 permissions

--all [FILE]
    - A file to which ALL selected file types should be output to

--chars [FILE]
    - Allows the user to specify the file to which information on files with non-printable characters in their names should be output
    - If the argument following this is an empty string, or the argument following this begins with a dash, or there is no argument following this, don't output information on files with non-printable characters in their names

--help
    - Outputs this text

--links [FILE]
    - Allows the user to specify the file to which information on symlinks should be output
    - If the argument following this is an empty string, or the argument following this begins with a dash, or there is no argument following this, don't output information on symlinks

--list [FILE]
    - Specifies a file to which information on found files can be output in a null character separated format

--write
    - Instead of searching for anything that's both word writeable and executable, just search for world writable

--wx [FILE]
    - Allows the user to specify the file to which information on files that are both world writable and world executable should be output
    - If the argument following this is an empty string, or the argument following this begins with a dash, or there is no argument following this, don't output information on files that are both world writable and world executable

EOF

fn_import_fold_print($v_message);

exit 0;
}

while ( defined $ARGV[0] ) {
	my $v_arg = shift( @ARGV );
	if ( $v_arg eq "--links" ) {
		$f_links = fn_next();
	} elsif ( $v_arg eq "--chars" ) {
		$f_chars = fn_next();
	} elsif ( $v_arg eq "--wx" ) {
		$f_wx = fn_next();
	} elsif ( $v_arg eq "--000" ) {
		$f_000 = fn_next();
	} elsif ( $v_arg eq "--all" ) {
		$f_all = fn_next();
	} elsif ( $v_arg eq "--list" ) {
		$f_list = fn_next();
	} elsif ( $v_arg eq "--help" || $v_arg eq "-h" ) {
		fn_help();
	} elsif ( $v_arg eq "--write" ) {
		$b_just_write = 1;
	} elsif ( -e $v_arg ) {
		my $v_dir = (abs_path($v_arg) || $v_arg );
		push( @v_dirs, $v_dir );
	} else {
		push ( @v_unknown, $v_arg );
	}
}
if (@v_unknown) {
	fn_report_unknown(@v_unknown);
}
if ( ! @v_dirs ) {
	print STDERR "No directories selected\n";
	exit 1;
}
### Expand and sort the directories; sort the ignore lists
for my $_dir (@v_dirs) {
	$_dir =~ s/\/\/+/\//g;
	$_dir =~ s/\/$//;
}
### open the output files
fn_open_out();
### Process those directories
for my $_dir ( @v_dirs ) {
	fn_file_crawl( $_dir );
}