Julien Voisin

I'm not a big fan of bringing in a whole external dependency for our simple'n'stupid bash script tbh :/ But the shellcheck idea is great, I think that we ran...

Be my guest if you want to improve the script, I'll be happy to review your PR :)

After a quick glance there are some samples that we should detect in a better way.

Have you tried the verbose mode via `-v` ?

You can do this by combining `find` with `yara` :) Do you think that this deserves a dedicated flag/option in PMF?

Currently, there is this hackish function: ```bash needle_in_haystack() { needle=$(mktemp) egrep '(PasswordProtection|Websites|TooShort|NonPrintableChars)' $1 > $needle if [ ! "$(wc -l $needle | awk '{print $1}')" = "0" ]; then echo...

This should fail on startup, while is it failing on runtime? I'll try to work on this this month, but since I'm moving into a new flat, I don't have...

The following should work: ```python sp.disable_function.function("eval").filename_r("^/var/www/phpmyadmin/").allow(); sp.disable_function.function("eval").drop(); ``` it's even tested in the [testsuite]( https://github.com/jvoisin/snuffleupagus/blob/master/src/tests/disable_function/config/config_disabled_functions_eval_filename.ini ) You might also want to check out [eval white and blacklist]( https://snuffleupagus.readthedocs.io/config.html#eval-white-and-blacklist ).

@bef since you refactored the rules processing, can you take a look at this one?

Looks like it chokes on `register_shutdown_function`, which looks like an horrible edge-case that Snuffleupagus doesn't handle :'(