From 4c1daf5f25c1a8e9250b13b711525b465041801a Mon Sep 17 00:00:00 2001
From: Ben Hagen <bhagen@barackobama.com>
Date: Wed, 21 Dec 2011 10:54:20 -0600
Subject: [PATCH] Revert 0852c62a66d149c09e60be210610a70ce5d4526b^..HEAD

---
 README.md | 2 +-
 neopi.py  | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/README.md b/README.md
index 1fe7145..f25a189 100644
--- a/README.md
+++ b/README.md
@@ -1,7 +1,7 @@
 #What is NeoPI?
 NeoPI is a Python script that uses a variety of statistical methods to detect obfuscated and encrypted content within text/script files. The intended purpose of NeoPI is to aid in the detection of hidden web shell code. The development focus of NeoPI was creating a tool that could be used in conjunction with other established detection methods such as Linux Malware Detect or traditional signature/keyword based searches.
 
-NeoPI recursively scans through the file system, from a base directory, and will rank files based on the results of  a number of tests. It also presents a “general” score derived from file rankings within the individual tests.
+NeoPI recursively scans through the file system from a base directory and will rank files based on the results of  a number of tests. It also presents a “general” score derived from file rankings within the individual tests.
 
 #Requirements
 NeoPI is platform independent and can be run on any system with Python 2.6 or greater installed installed. The user running the script should have read access to all of the files that will be scanned.
diff --git a/neopi.py b/neopi.py
index 6efc027..c8acf98 100644
--- a/neopi.py
+++ b/neopi.py
@@ -202,8 +202,8 @@ class UsesEval:
 
    def calculate(self, data, filename):
       if not data:
-         return "", 0
-      # Lots taken from the wonderful post at http://stackoverflow.com/questions/3115559/exploitable-php-functions
+               return "", 0
+           # Lots taken from the wonderful post at http://stackoverflow.com/questions/3115559/exploitable-php-functions
       valid_regex = re.compile('(eval\(\$(\w|\d))', re.I)
       matches = re.findall(valid_regex, data)
       self.results.append({"filename":filename, "value":len(matches)})
@@ -218,8 +218,8 @@ class UsesEval:
       """Print the files that use eval"""
       print "\n[[ Top %i eval match counts ]]" % (count)
       if (count > len(self.results)): count = len(self.results)
-      for x in range(count):
-         print ' {0:>7}          {1}'.format(self.results[x]["value"], self.results[x]["filename"])
+         for x in range(count):
+            print ' {0:>7}          {1}'.format(self.results[x]["value"], self.results[x]["filename"])
       return
 
 
-- 
2.11.4.GIT