403Webshell
Server IP : 172.67.158.161  /  Your IP : 3.133.115.47
Web Server : LiteSpeed
System : Linux business53.web-hosting.com 4.18.0-553.lve.el8.x86_64 #1 SMP Mon May 27 15:27:34 UTC 2024 x86_64
User : giankuin ( 1871)
PHP Version : 7.4.33
Disable Function : NONE
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : ON  |  Sudo : OFF  |  Pkexec : OFF
Directory :  /home/giankuin/dietcontrungnhanh.com/wp-content/plugins/ithemes-security-pro/core/modules/firewall/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /home/giankuin/dietcontrungnhanh.com/wp-content/plugins/ithemes-security-pro/core/modules/firewall/Ingestor.php
<?php

namespace iThemesSecurity\Modules\Firewall;

use iThemesSecurity\Contracts\Runnable;
use iThemesSecurity\Lib\Result;
use iThemesSecurity\Modules\Firewall\Rules\Repository;
use iThemesSecurity\Modules\Firewall\Rules\Rule;
use iThemesSecurity\Modules\Firewall\Rules\Rules_Options;
use iThemesSecurity\Site_Scanner\Vulnerability;
use iThemesSecurity\Site_Scanner\Vulnerability_Issue;

class Ingestor implements Runnable {

	/** @var Repository */
	private $repository;

	public function __construct( Repository $repository ) { $this->repository = $repository; }

	public function run() {
		add_action( 'itsec_vulnerability_was_seen', [ $this, 'vulnerability_was_seen' ], 10, 2 );
		add_action( 'itsec_vulnerability_not_seen', [ $this, 'vulnerability_not_seen' ] );
	}

	/**
	 * Whenever a vulnerability has been seen, add in
	 * any new firewall rules.
	 *
	 * @param Vulnerability       $vulnerability
	 * @param Vulnerability_Issue $issue
	 *
	 * @return void
	 */
	public function vulnerability_was_seen( Vulnerability $vulnerability, Vulnerability_Issue $issue ) {
		if ( ! $rules = $issue->get_firewall_rules() ) {
			// If patchstack is no longer providing rules for this vulnerability.
			// clear them out.
			$deleted = $this->repository->delete_rules(
				( new Rules_Options() )
					->set_vulnerabilities( [ $vulnerability->get_id() ] )
					->set_providers( [ 'patchstack' ] )
			);

			if ( $vulnerability->is_patched() ) {
				if ( $vulnerability->is_software_active() ) {
					$vulnerability->unresolve();
				} else {
					$vulnerability->deactivated();
				}
			}

			$this->log_cleanup( $vulnerability, $deleted );

			return;
		}

		$title = $vulnerability->get_details()['title'] ?? sprintf(
			__( 'Fix vulnerability in %s', 'it-l10n-ithemes-security-pro' ),
			$vulnerability->get_software_label()
		);

		$has_rule = false;

		foreach ( $rules as $rule ) {
			if (
				$rule['product_keys'] &&
				$vulnerability->get_software_type() === Vulnerability::T_PLUGIN &&
				! in_array( $vulnerability->get_plugin_file(), $rule['product_keys'], true )
			) {
				continue;
			}

			$rule_config = [
				'rules' => $rule['vpatch'],
				'type'  => 'BLOCK',
			];

			$existing = $this->repository->get_rules(
				( new Rules_Options() )
					->for_provider_ref( $rule['provider'], $rule['id'] )
			);

			if ( $existing->is_success() && count( $existing->get_data() ) === 1 ) {
				$rule_model = $existing->get_data()[0];

				if ( $rule_model->get_config() === $rule_config ) {
					$has_rule = true;
					continue;
				}

				$rule_model->set_config( $rule_config );
				$persisted = $this->repository->persist( $rule_model );
			} else {
				$persisted = $this->repository->persist( Rule::create(
					$rule['provider'],
					$rule['id'],
					$title,
					$vulnerability->get_id(),
					$rule_config
				) );
			}

			if ( $persisted->is_success() ) {
				$has_rule = true;
				\ITSEC_Log::add_action(
					'firewall',
					'auto-created-rule::' . $vulnerability->get_id()
				);
			} else {
				\ITSEC_Log::add_error(
					'firewall',
					'ingest-failed::' . $vulnerability->get_id(),
					[
						'error' => $persisted->get_error(),
					]
				);
			}
		}

		if ( $has_rule ) {
			$vulnerability->patched();
		}
	}

	/**
	 * If a vulnerability has not been seen in the latest
	 * Site Scan, and the vulnerability no longer affects
	 * their site, clean out those rules.
	 *
	 * @param Vulnerability $vulnerability
	 *
	 * @return void
	 */
	public function vulnerability_not_seen( Vulnerability $vulnerability ) {
		// Only clear out rules for vulnerabilities that have been resolved due
		// to the plugin/theme being updated or deleted.
		if ( ! $vulnerability->is_deleted() && ! $vulnerability->is_updated() ) {
			return;
		}

		$deleted = $this->repository->delete_rules(
			( new Rules_Options() )
				->set_vulnerabilities( [ $vulnerability->get_id() ] )
		);

		$this->log_cleanup( $vulnerability, $deleted );
	}

	private function log_cleanup( Vulnerability $vulnerability, Result $result ) {
		if ( ! $result->is_success() ) {
			\ITSEC_Log::add_error(
				'firewall',
				'rule-cleanup-failed::' . $vulnerability->get_id(),
				[
					'error' => $result->get_error(),
				]
			);
		} elseif ( $result->get_data() > 0 ) {
			\ITSEC_Log::add_debug(
				'firewall',
				'rule-cleaned::' . $vulnerability->get_id()
			);
		}
	}
}

Youez - 2016 - github.com/yon3zu
LinuXploit