<?php
require_once( ABSPATH . 'wp-admin/includes/file.php' );
require_once( dirname( __FILE__ ) . '/class-itsec-file-change.php' );
require_once( dirname( __FILE__ ) . '/lib/chunk-scanner.php' );
require_once( dirname( __FILE__ ) . '/lib/hash-comparator.php' );
require_once( dirname( __FILE__ ) . '/lib/hash-comparator-loadable.php' );
require_once( dirname( __FILE__ ) . '/lib/hash-comparator-chain.php' );
require_once( dirname( __FILE__ ) . '/lib/hash-comparator-managed-files.php' );
require_once( dirname( __FILE__ ) . '/lib/hash-loading-failed-exception.php' );
require_once( dirname( __FILE__ ) . '/lib/package.php' );
require_once( dirname( __FILE__ ) . '/lib/package-core.php' );
require_once( dirname( __FILE__ ) . '/lib/package-factory.php' );
require_once( dirname( __FILE__ ) . '/lib/package-plugin.php' );
require_once( dirname( __FILE__ ) . '/lib/package-system.php' );
require_once( dirname( __FILE__ ) . '/lib/package-theme.php' );
require_once( dirname( __FILE__ ) . '/lib/package-unknown.php' );
do_action( 'itsec_load_file_change_scanner' );
class ITSEC_File_Change_Scanner {
const DESTROYED = 'itsec_file_change_scan_destroyed';
const C_ADMIN = 'admin';
const C_INCLUDES = 'includes';
const C_CONTENT = 'content';
const C_UPLOADS = 'uploads';
const C_THEMES = 'themes';
const C_PLUGINS = 'plugins';
const C_OTHERS = 'others';
const S_NONE = 0;
const S_NORMAL = 1;
const S_BAD_CHANGE = 2;
const S_UNKNOWN_FILE = 3;
const T_ADDED = 'a';
const T_CHANGED = 'c';
const T_REMOVED = 'r';
/** @var ITSEC_File_Change_Hash_Comparator */
private $comparator;
/** @var ITSEC_File_Change_Package_Factory */
private $package_factory;
/** @var ITSEC_Lib_Distributed_Storage */
private $storage;
/** @var array */
private $settings;
/** @var array */
private $chunk_order;
/** @var ITSEC_File_Change_Chunk_Scanner */
private $chunk_scanner;
/**
* ITSEC_New_File_Change_Scanner constructor.
*
* @param ITSEC_File_Change_Chunk_Scanner $chunk_scanner
* @param ITSEC_File_Change_Hash_Comparator $comparator
* @param ITSEC_File_Change_Package_Factory $package_factory
* @param ITSEC_Lib_Distributed_Storage $storage
*/
public function __construct(
ITSEC_File_Change_Chunk_Scanner $chunk_scanner = null,
ITSEC_File_Change_Hash_Comparator $comparator = null,
ITSEC_File_Change_Package_Factory $package_factory = null,
ITSEC_Lib_Distributed_Storage $storage = null
) {
$this->chunk_scanner = $chunk_scanner;
$this->comparator = $comparator;
$this->package_factory = $package_factory;
$this->storage = $storage;
$this->settings = ITSEC_Modules::get_settings( 'file-change' );
$this->chunk_order = array(
self::C_ADMIN,
self::C_INCLUDES,
self::C_CONTENT,
self::C_UPLOADS,
self::C_THEMES,
self::C_PLUGINS,
self::C_OTHERS,
);
}
/**
* Schedule a scan to start.
*
* @param bool $user_initiated
* @param ITSEC_Scheduler $scheduler
*
* @return bool|WP_Error
*/
public static function schedule_start( $user_initiated = true, $scheduler = null ) {
$scheduler = $scheduler ? $scheduler : ITSEC_Core::get_scheduler();
if ( self::is_running( $scheduler, $user_initiated ) ) {
return new WP_Error( 'itsec-file-change-scan-already-running', __( 'A File Change scan is currently in progress.', 'better-wp-security' ) );
}
if ( $user_initiated ) {
$id = 'file-change-fast';
$opts = array( 'fire_at' => ITSEC_Core::get_current_time_gmt() );
} else {
$id = 'file-change';
$opts = array();
}
$scheduler->schedule_loop( $id, array(
'step' => 'get-files',
'chunk' => self::C_ADMIN,
), $opts );
return true;
}
/**
* Check if a scan is running.
*
* @param ITSEC_Scheduler
* @param bool $user_initiated Whether the user initiated run is running for the scheduled loop scan.
*
* @return bool
*/
public static function is_running( $scheduler = null, $user_initiated = null ) {
$storage = ITSEC_File_Change::make_progress_storage();
$id = $storage->get( 'id' );
$scheduler = $scheduler ? $scheduler : ITSEC_Core::get_scheduler();
$scheduled = self::is_scheduled( $scheduler, $user_initiated );
if ( null === $user_initiated ) {
if ( ! $storage->is_empty() ) {
return true;
}
return $scheduled === 'user';
}
if ( true === $user_initiated ) {
return 'user' === $scheduled || $id === 'file-change-fast';
}
if ( false === $user_initiated ) {
return 'scheduled' === $scheduled || $id === 'file-change';
}
return false;
}
/**
* Is there a scan scheduled.
*
* @param ITSEC_Scheduler $scheduler The scheduler to use.
* @param bool $user_initiated Whether the user initiated scan is running or the scheduled loop scan.
* Null to check either.
*
* @return bool Is it scheduled.
*/
private static function is_scheduled( $scheduler, $user_initiated = null ) {
if ( true === $user_initiated ) {
return $scheduler->is_single_scheduled( 'file-change-fast', null ) ? 'user' : false;
}
if ( false === $user_initiated ) {
return $scheduler->is_single_scheduled( 'file-change', null ) ? 'scheduled' : false;
}
if ( $scheduler->is_single_scheduled( 'file-change-fast', null ) ) {
return 'user';
}
if ( $scheduler->is_single_scheduled( 'file-change', null ) ) {
return 'scheduled';
}
return false;
}
/**
* Get the scan status.
*
* @param bool $is_running
*
* @return array
*/
public static function get_status( $is_running = true ) {
$scheduler = ITSEC_Core::get_scheduler();
$storage = ITSEC_File_Change::make_progress_storage();
if ( ! $storage->is_empty() ) {
switch ( $storage->get( 'step' ) ) {
case 'get-files':
switch ( $storage->get( 'chunk' ) ) {
case self::C_ADMIN:
$message = esc_html__( 'Scanning admin files...', 'better-wp-security' );
break;
case self::C_INCLUDES:
$message = esc_html__( 'Scanning includes files...', 'better-wp-security' );
break;
case self::C_THEMES:
$message = esc_html__( 'Scanning theme files...', 'better-wp-security' );
break;
case self::C_PLUGINS:
$message = esc_html__( 'Scanning plugin files...', 'better-wp-security' );
break;
case self::C_CONTENT:
$message = esc_html__( 'Scanning content files...', 'better-wp-security' );
break;
case self::C_UPLOADS:
$message = esc_html__( 'Scanning media files...', 'better-wp-security' );
break;
case self::C_OTHERS:
default:
$message = esc_html__( 'Scanning files...', 'better-wp-security' );
break;
}
break;
case 'compare-files':
$message = esc_html__( 'Comparing files...', 'better-wp-security' );
break;
case 'check-hashes':
$message = esc_html__( 'Verifying file changes...', 'better-wp-security' );
break;
case 'scan-files':
$message = esc_html__( 'Checking for malware...', 'better-wp-security' );
break;
case 'complete':
$message = esc_html__( 'Wrapping up...', 'better-wp-security' );
break;
default:
$message = esc_html__( 'Scanning...', 'better-wp-security' );
break;
}
$status = array(
'running' => true,
'step' => $storage->get( 'step' ),
'chunk' => $storage->get( 'chunk' ),
'health' => $storage->health_check(),
'message' => $message,
);
} elseif ( get_site_option( self::DESTROYED ) ) {
delete_site_option( self::DESTROYED );
$status = array(
'running' => false,
'aborted' => true,
'message' => esc_html__( 'Scan could not be completed. Please contact support if this error persists.', 'better-wp-security' ),
);
} elseif ( self::is_running( $scheduler ) ) {
$status = array(
'running' => true,
'message' => esc_html__( 'Preparing...', 'better-wp-security' ),
);
} elseif ( $is_running ) {
ITSEC_Storage::save();
ITSEC_Storage::reload();
ITSEC_Modules::get_settings_obj( 'file-change' )->load();
$status = array(
'running' => false,
'complete' => true,
'message' => esc_html__( 'Complete!', 'better-wp-security' ),
'found_changes' => ITSEC_Modules::get_setting( 'file-change', 'last_scan' ),
);
} else {
$status = array(
'running' => false,
'message' => '',
);
}
return $status;
}
/**
* Recover from a failed health check.
*
* @return bool Whether the scan was recovered. Will return false if aborted.
*/
public static function recover() {
if ( ! ITSEC_Lib::get_lock( 'file-change' ) ) {
ITSEC_Log::add_debug( 'file_change', 'skipping-recovery::no-lock' );
return false;
}
$storage = ITSEC_File_Change::make_progress_storage();
if ( $storage->is_empty() ) {
ITSEC_Lib::release_lock( 'file-change' );
ITSEC_Log::add_debug( 'file_change', 'skipping-recovery::empty-storage', array(
'backtrace' => wp_debug_backtrace_summary(),
) );
return false;
}
$scheduler = ITSEC_Core::get_scheduler();
$store = array(
'step' => $storage->get( 'step' ),
'chunk' => $storage->get( 'chunk' ),
'id' => $storage->get( 'id' ),
'data' => $storage->get( 'data' ),
'memory' => $storage->get( 'memory' ),
'memory_peak' => $storage->get( 'memory_peak' ),
'health_check' => $storage->health_check(),
);
ITSEC_Log::add_debug( 'file_change', 'attempting-recovery', array( 'storage' => $store ) );
if ( empty( $store['step'] ) ) {
ITSEC_Log::add_debug( 'file_change', 'recovery-failed-no-step' );
self::abort();
ITSEC_Lib::release_lock( 'file-change' );
return false;
}
$job_data = $store['data'];
$job_data['step'] = $store['step'];
$job_data['chunk'] = $store['chunk'];
if ( 1 === $job_data['loop_item'] || ( 'get-files' === $job_data['step'] && self::C_ADMIN === $job_data['chunk'] ) ) {
ITSEC_Log::add_debug( 'file_change', 'recovery-failed-first-loop' );
self::abort();
ITSEC_Lib::release_lock( 'file-change' );
return false;
}
$job = new ITSEC_Job( $scheduler, $store['id'], $job_data, array( 'single' => true ) );
if ( 5 < $job->is_retry() ) {
ITSEC_Log::add_debug( 'file_change', 'recovery-failed-too-many-retries' );
self::abort();
ITSEC_Lib::release_lock( 'file-change' );
return false;
}
$job->reschedule_in( 30 );
ITSEC_Log::add_debug( 'file_change', 'recovery-scheduled', compact( 'job' ) );
ITSEC_Lib::release_lock( 'file-change' );
return true;
}
/**
* Abort an in-progress scan.
*
* @param bool $user_initiated
*/
public static function abort( $user_initiated = false ) {
$storage = ITSEC_File_Change::make_progress_storage();
if ( 'file-change-fast' === $storage->get( 'id' ) ) {
ITSEC_Core::get_scheduler()->unschedule_single( 'file-change-fast', null );
} else {
ITSEC_Core::get_scheduler()->unschedule_single( 'file-change', null );
self::schedule_start( false );
}
if ( $process = $storage->get( 'process' ) ) {
ITSEC_Log::add_process_stop( $process, array( 'aborted' => true ) );
}
if ( $user_initiated ) {
$user = get_current_user_id();
ITSEC_Log::add_warning( 'file_change', "file-scan-aborted::{$user}", array(
'id' => $storage->get( 'id' ),
'step' => $storage->get( 'step' ),
'chunk' => $storage->get( 'chunk' ),
) );
} else {
ITSEC_Log::add_fatal_error( 'file_change', 'file-scan-aborted', array(
'id' => $storage->get( 'id' ),
'step' => $storage->get( 'step' ),
'chunk' => $storage->get( 'chunk' ),
) );
}
$storage->clear();
update_site_option( self::DESTROYED, ITSEC_Core::get_current_time_gmt() );
}
/**
* Handle a Job.
*
* @param ITSEC_Job $job
*/
public function run( ITSEC_Job $job ) {
$data = $job->get_data();
if ( empty( $data['step'] ) ) {
ITSEC_Log::add_debug( 'file_change', 'attempting-recovery::no-job-step', array( 'job' => $data ) );
self::recover();
return;
}
if ( ! ITSEC_Lib::get_lock( 'file-change', 5 * MINUTE_IN_SECONDS ) ) {
ITSEC_Log::add_debug( 'file_change', 'rescheduling::no-lock', array( 'job' => $data, 'id' => $job->get_id() ) );
$job->reschedule_in( 2 * MINUTE_IN_SECONDS );
return;
}
if ( ! $this->allow_to_run( $job ) ) {
ITSEC_Lib::release_lock( 'file-change' );
ITSEC_Log::add_debug( 'file_change', 'rescheduling', array( 'job' => $data, 'id' => $job->get_id() ) );
$job->reschedule_in( 10 * MINUTE_IN_SECONDS );
return;
}
ITSEC_Lib::set_minimum_memory_limit( '512M' );
@set_time_limit( 0 );
if ( ! defined( 'ITSEC_DOING_FILE_CHECK' ) ) {
define( 'ITSEC_DOING_FILE_CHECK', true );
}
if ( 1 === $data['loop_item'] ) {
$settings = $this->settings;
$process = ITSEC_Log::add_process_start( 'file_change', 'scan', array(
'settings' => $settings,
'scheduled_call' => 'file-change' === $job->get_id(),
) );
$this->get_storage()->set( 'process', $process );
$this->get_storage()->set( 'id', $job->get_id() );
delete_site_option( self::DESTROYED );
}
$this->get_storage()->set( 'data', $data );
$this->get_storage()->set( 'step', $data['step'] );
$memory_used = @memory_get_peak_usage();
switch ( $data['step'] ) {
case 'get-files':
$this->get_files( $job );
break;
case 'compare-files':
$this->compare_files( $job );
break;
case 'check-hashes':
$this->check_hashes( $job );
break;
case 'complete':
$this->complete( $job );
break;
}
if ( $this->get_storage()->is_empty() ) {
ITSEC_Lib::release_lock( 'file-change' );
return;
}
$check_memory = @memory_get_peak_usage();
if ( $check_memory > $memory_used ) {
$memory_used = $check_memory - $memory_used;
}
if ( $memory_used > $this->get_storage()->get( 'memory' ) ) {
$this->get_storage()->set( 'memory', $memory_used );
$this->get_storage()->set( 'memory_peak', $check_memory );
}
ITSEC_Lib::release_lock( 'file-change' );
}
/**
* Should we allow a scan to be run now.
*
* This is used to block a scheduled scan from running while a user initiated scan is currently processing.
*
* @param ITSEC_Job $job
*
* @return bool
*/
private function allow_to_run( ITSEC_Job $job ) {
if ( 'file-change' !== $job->get_id() ) {
return true;
}
if ( ITSEC_Core::get_scheduler()->is_single_scheduled( 'file-change-fast', null ) ) {
return false;
}
$data = $job->get_data();
// Don't allow starting a slow file change scan if one is already in progress and running.
if ( 1 === $data['loop_item'] && ! $this->get_storage()->is_empty() ) {
return false;
}
return true;
}
/**
* Get the hashes and date modify times for all files in the requested chunk.
*
* This will write the file list to step storage and schedule the next chunk.
* If last chunk, will schedule the compare-files step.
*
* @param ITSEC_Job $job
*/
private function get_files( ITSEC_Job $job ) {
$data = $job->get_data();
$this->get_storage()->set( 'chunk', $data['chunk'] );
$this->add_process_update( array(
'status' => 'get_chunk_files',
'chunk' => $data['chunk'],
) );
if ( self::C_PLUGINS === $data['chunk'] ) {
list( $file_list, $do_same_chunk ) = $this->get_files_plugins();
} else {
$file_list = $this->get_chunk_scanner()->scan( $data['chunk'] );
$do_same_chunk = false;
}
$this->get_storage()->append( 'file_list', $file_list );
$pos = array_search( $data['chunk'], $this->chunk_order, true );
if ( $do_same_chunk ) {
$job->schedule_next_in_loop( array( 'chunk' => $data['chunk'] ) );
} elseif ( isset( $this->chunk_order[ $pos + 1 ] ) ) {
$this->get_storage()->set( 'chunk', $this->chunk_order[ $pos + 1 ] );
$job->schedule_next_in_loop( array(
'chunk' => $this->chunk_order[ $pos + 1 ],
) );
} else {
$this->add_process_update( array( 'status' => 'file_scan_complete' ) );
$job->schedule_next_in_loop( array(
'step' => 'compare-files'
) );
}
}
/**
* Handler for plugins so we don't try to scan more than 10 plugins in a process.
*
* @return array
*/
private function get_files_plugins() {
$excludes = $this->get_storage()->get( 'done_plugins' );
$this->add_process_update( array( 'status' => 'get_chunk_files_plugins', 'excludes' => $excludes ) );
$file_list = $this->get_chunk_scanner()->scan( self::C_PLUGINS, 10, $excludes );
$scanned = array();
foreach ( $file_list as $file => $attr ) {
$trimmed = ITSEC_Lib::replace_prefix( $file, WP_PLUGIN_DIR . '/', '' );
list( $top_dir ) = explode( '/', $trimmed );
$scanned[ WP_PLUGIN_DIR . '/' . $top_dir ] = 1;
}
$this->add_process_update( array( 'status' => 'get_chunk_files_plugins_scanned', 'scanned' => $scanned ) );
$this->get_storage()->set( 'done_plugins', array_merge( $this->get_storage()->get( 'done_plugins' ), array_keys( $scanned ) ) );
return array( $file_list, count( $scanned ) >= 10 );
}
/**
* Compare the list of file hashes to determine what files have been added/changed/removed.
*
* If there are no file changes, the scan will be completed. Otherwise it will schedule a job
* to check the hashes.
*
* @param ITSEC_Job $job
*/
private function compare_files( ITSEC_Job $job ) {
$excludes = array();
foreach ( $this->settings['file_list'] as $file ) {
$cleaned = untrailingslashit( get_home_path() . ltrim( $file, '/' ) );
$excludes[ $cleaned ] = 1;
}
$types = array_flip( $this->settings['types'] );
$this->add_process_update( array( 'status' => 'file_comparisons_start', 'excludes' => $excludes, 'types' => $types ) );
$current_files = $this->get_storage()->get_cursor( 'file_list' );
$prev_files = self::get_file_list_to_compare();
$report = array();
foreach ( $current_files as $file => $attr ) {
if ( ! isset( $prev_files[ $file ] ) ) {
$attr['t'] = self::T_ADDED;
$report[ $file ] = $attr;
} elseif ( $prev_files[ $file ]['h'] !== $attr['h'] ) {
$attr['t'] = self::T_CHANGED;
$report[ $file ] = $attr;
}
unset( $prev_files[ $file ] );
}
foreach ( $prev_files as $file => $attr ) {
if ( isset( $excludes[ $file ] ) ) {
continue;
}
foreach ( $excludes as $exclude => $_ ) {
if ( 0 === strpos( $file, trailingslashit( $exclude ) ) ) {
continue 2;
}
}
$extension = '.' . pathinfo( $file, PATHINFO_EXTENSION );
if ( isset( $types[ $extension ] ) ) {
continue;
}
$attr['t'] = self::T_REMOVED;
$report[ $file ] = $attr;
}
$this->add_process_update( array( 'status' => 'file_comparisons_complete' ) );
if ( ! $report ) {
$this->add_process_update( array( 'status' => 'file_comparisons_complete_no_changes' ) );
$this->complete( $job );
return;
}
$this->get_storage()->set( 'files', $report );
$job->schedule_next_in_loop( array( 'step' => 'check-hashes' ) );
}
/**
* Check the file changes with each package's hashes to determine whether the change was expected or not.
*
* @param ITSEC_Job $job
*/
private function check_hashes( ITSEC_Job $job ) {
$this->add_process_update( array( 'status' => 'hash_comparisons_start' ) );
do_action( 'itsec-file-change-start-hash-comparisons' );
$factory = $this->get_package_factory();
$comparator = $this->get_comparator();
$packages = $factory->find_packages_for_files( $this->get_storage()->get_cursor( 'files' ) );
foreach ( $packages as $root => $group ) {
/** @var ITSEC_File_Change_Package $package */
$package = $group['package'];
$files = $group['files'];
if ( ! $comparator->supports_package( $package ) ) {
$packages[ $root ]['files'] = $this->set_default_severity( $files );
continue;
}
if ( $comparator instanceof ITSEC_File_Change_Hash_Comparator_Loadable ) {
try {
$comparator->load( $package );
} catch ( ITSEC_File_Change_Hash_Loading_Failed_Exception $e ) {
$packages[ $root ]['files'] = $this->set_default_severity( $files );
$this->add_process_update( array( 'status' => 'hash_load_failed', 'e' => (string) $e ) );
continue;
}
}
// $file is a relative path to the package.
// $attr contains 'h' for the hash, and 'd' for the date modified.
foreach ( $files as $file => $attr ) {
switch ( $attr['t'] ) {
case self::T_ADDED:
if ( ! $comparator->has_hash( $file, $package ) ) {
$attr['s'] = self::S_UNKNOWN_FILE;
break;
}
if ( ! $comparator->hash_matches( $attr['h'], $file, $package ) ) {
// This isn't exactly an unknown file, or a bad change, but it fits more with bad change,
// and is unlikely to occur so not worth a separate report type.
$attr['s'] = self::S_BAD_CHANGE;
break;
}
$attr['s'] = self::S_NONE;
break;
case self::T_CHANGED:
if ( ! $comparator->has_hash( $file, $package ) ) {
break;
}
if ( ! $comparator->hash_matches( $attr['h'], $file, $package ) ) {
$attr['s'] = self::S_BAD_CHANGE;
break;
}
$attr['s'] = self::S_NONE;
break;
case self::T_REMOVED:
if ( ! $comparator->has_hash( $file, $package ) ) {
$attr['s'] = self::S_NONE;
}
break;
}
if ( ! isset( $attr['s'] ) ) {
$attr['s'] = self::S_NORMAL;
}
$files[ $file ] = $attr;
}
$packages[ $root ]['files'] = $files;
}
do_action( 'itsec-file-change-end-hash-comparisons' );
$this->add_process_update( array( 'status' => 'hash_comparisons_complete' ) );
$this->storage->set( 'max_severity', $this->get_max_severity( $packages ) );
$this->storage->set( 'change_list', $this->build_change_list( $packages ) );
$job->schedule_next_in_loop( array( 'step' => 'complete' ) );
}
/**
* Run the completion routine.
*
* @param ITSEC_Job $job
*/
private function complete( ITSEC_Job $job ) {
$this->add_process_update( array( 'status' => 'start_complete' ) );
$storage = $this->get_storage();
self::record_file_list( $storage->get_cursor( 'file_list' ) );
$list = $storage->get( 'change_list' );
$list['memory'] = round( ( $storage->get( 'memory' ) / 1000000 ), 2 );
$list['memory_peak'] = round( ( $storage->get( 'memory_peak' ) / 1000000 ), 2 );
$c_added = count( $list['added'] );
$c_changed = count( $list['changed'] );
$c_removed = count( $list['removed'] );
$found_changes = $c_added || $c_changed || $c_removed;
if ( $found_changes ) {
$severity = $storage->get( 'max_severity' );
if ( $severity > self::S_UNKNOWN_FILE ) {
$method = 'add_critical_issue';
} else {
$method = 'add_warning';
}
$id = ITSEC_Log::$method( 'file_change', "changes-found::{$c_added},{$c_removed},{$c_changed}", $list );
} else {
$id = ITSEC_Log::add_notice( 'file_change', 'no-changes-found', $list );
}
ITSEC_Modules::set_setting( 'file-change', 'last_scan', $found_changes ? $id : 0 );
update_site_option( 'itsec_file_change_latest', $list );
if ( $process = $storage->get( 'process' ) ) {
ITSEC_Log::add_process_stop( $process );
}
$storage->clear();
if ( 'file-change' === $job->get_id() ) {
$job->schedule_new_loop( array(
'step' => 'get-files',
'chunk' => self::C_ADMIN,
) );
}
$this->send_notification_email( array( $c_added, $c_removed, $c_changed, $list ) );
}
/**
* Get the comparator to use to check if changes are expected.
*
* Handles lazily setting the comparator since it is not needed for all stages of the file change scan.
*
* @return ITSEC_File_Change_Hash_Comparator
*/
private function get_comparator() {
if ( ! $this->comparator ) {
$comparators = array(
new ITSEC_File_Change_Hash_Comparator_Managed_Files(),
);
/**
* Filter the list of comparators to use.
*/
$comparators = apply_filters( 'itsec_file_change_comparators', $comparators );
$this->comparator = new ITSEC_File_Change_Hash_Comparator_Chain( $comparators );
}
return $this->comparator;
}
/**
* Get the Package factory.
*
* @return ITSEC_File_Change_Package_Factory
*/
private function get_package_factory() {
if ( ! $this->package_factory ) {
$this->package_factory = new ITSEC_File_Change_Package_Factory();
}
return $this->package_factory;
}
/**
* Get the Chunk Scanner.
*
* @return ITSEC_File_Change_Chunk_Scanner
*/
private function get_chunk_scanner() {
if ( ! $this->chunk_scanner ) {
$this->chunk_scanner = new ITSEC_File_Change_Chunk_Scanner( $this->settings );
}
return $this->chunk_scanner;
}
/**
* Get the main storage mechanism.
*
* @return ITSEC_Lib_Distributed_Storage
*/
private function get_storage() {
if ( null === $this->storage ) {
$this->storage = ITSEC_File_Change::make_progress_storage();
}
return $this->storage;
}
/**
* Set the default severity for a list of files.
*
* @param array $files
*
* @return array
*/
private function set_default_severity( $files ) {
foreach ( $files as $file => $attr ) {
$files[ $file ]['s'] = self::S_NORMAL;
}
return $files;
}
/**
* Get the maximum severity level of a file change.
*
* @param array $packaged
*
* @return int
*/
private function get_max_severity( $packaged ) {
$severity = self::S_NONE;
foreach ( $packaged as $root => $group ) {
foreach ( $group['files'] as $attr ) {
if ( $attr['s'] > $severity ) {
$severity = $attr['s'];
}
}
}
return $severity;
}
/**
* Convert a list of packages and their files to a list of the file change types.
*
* @param array $packaged
*
* @return array
*/
private function build_change_list( $packaged ) {
require_once( ABSPATH . 'wp-admin/includes/file.php' );
$home = get_home_path();
$list = array(
'added' => array(),
'removed' => array(),
'changed' => array(),
);
foreach ( $packaged as $root => $group ) {
/** @var ITSEC_File_Change_Package $package */
$package = $group['package'];
foreach ( $group['files'] as $file => $attr ) {
if ( $attr['s'] > self::S_NONE && ! empty( $attr['t'] ) ) {
$path = $package->get_root_path() . $file;
if ( 0 === strpos( $path, $home ) ) {
$path = substr( $path, strlen( $home ) );
}
$attr['p'] = (string) $package;
switch ( $attr['t'] ) {
case self::T_ADDED:
$list['added'][ $path ] = $attr;
break;
case self::T_CHANGED:
$list['changed'][ $path ] = $attr;
break;
case self::T_REMOVED:
$list['removed'][ $path ] = $attr;
}
}
}
}
return $list;
}
private function add_process_update( $data = false ) {
if ( $process = $this->get_storage()->get( 'process' ) ) {
ITSEC_Log::add_process_update( $process, $data );
}
}
/**
* Make the storage for recording the static list of files and their hashes.
*
* @return ITSEC_Lib_Distributed_Storage
*/
public static function make_file_list_storage() {
return new ITSEC_Lib_Distributed_Storage( 'file-list', array(
'home' => array(),
'files' => array(
'split' => true,
'chunk' => 2500,
'serialize' => 'wp_json_encode',
'unserialize' => 'ITSEC_File_Change::_json_decode_associative',
),
) );
}
/**
* Record a list of file hashes and change times.
*
* This should not be done until the whole scan process is complete.
*
* @param iterable $file_list
*
* @return bool
*/
public static function record_file_list( $file_list ) {
$storage = self::make_file_list_storage();
$storage->set( 'home', get_home_path() );
if ( is_array( $file_list ) ) {
return $storage->set( 'files', $file_list );
}
return $storage->set_from_iterator( 'files', $file_list );
}
/**
* Get the file list we want to compare our newly compared files to.
*
* This is in effect the last change list recorded.
*
* @return array
*/
public static function get_file_list_to_compare() {
$storage = self::make_file_list_storage();
$files = $storage->get( 'files' );
if ( ! $files ) {
return array();
}
$home = $storage->get( 'home' );
if ( $home === get_home_path() ) {
return $files;
}
$new_home = get_home_path();
$updated = array();
foreach ( $files as $file => $attr ) {
$updated[ ITSEC_Lib::replace_prefix( $file, $home, $new_home ) ] = $attr;
}
$storage->set( 'files', $updated );
$storage->set( 'home', $new_home );
return $updated;
}
/**
* Builds and sends notification email
*
* Sends the notication email too all applicable administrative users notifying them
* that file changes have been detected
*
* @since 4.0.0
*
* @access private
*
* @param array $email_details array of details for the email messge
*
* @return void
*/
private function send_notification_email( $email_details ) {
$changed = $email_details[0] + $email_details[1] + $email_details[2];
if ( ! $changed ) {
return;
}
$nc = ITSEC_Core::get_notification_center();
if ( $nc->is_notification_enabled( 'digest' ) ) {
$nc->enqueue_data( 'digest', array( 'type' => 'file-change' ) );
}
if ( $nc->is_notification_enabled( 'file-change' ) ) {
$mail = $this->generate_notification_email( $email_details );
$nc->send( 'file-change', $mail );
}
}
/**
* Generate the notification email.
*
* @param array $email_details
*
* @return ITSEC_Mail
*/
private function generate_notification_email( $email_details ) {
$mail = ITSEC_Core::get_notification_center()->mail();
$mail->add_header(
esc_html__( 'File Change Warning', 'better-wp-security' ),
sprintf( esc_html__( 'File Scan Report for %s', 'better-wp-security' ), '<b>' . date_i18n( get_option( 'date_format' ) ) . '</b>' ),
false,
esc_html__( 'Files on your site have changed since the last scan. Please review the report below to verify the changes are expected.', 'better-wp-security' ),
);
$mail->add_section_heading( esc_html__( 'Scan Summary', 'better-wp-security' ) );
$mail->add_file_change_summary( $email_details[0], $email_details[1], $email_details[2] );
if ( $email_details[0] ) {
$mail->add_large_text( esc_html__( 'Added Files', 'better-wp-security' ) );
$mail->add_file_change_table( $this->generate_email_rows( $email_details[3]['added'] ) );
}
if ( $email_details[1] ) {
$mail->add_large_text( esc_html__( 'Removed Files', 'better-wp-security' ) );
$mail->add_file_change_table( $this->generate_email_rows( $email_details[3]['removed'] ) );
}
if ( $email_details[2] ) {
$mail->add_large_text( esc_html__( 'Changed Files', 'better-wp-security' ) );
$mail->add_file_change_table( $this->generate_email_rows( $email_details[3]['changed'] ) );
}
$mail->add_footer();
return $mail;
}
/**
* Generate email report rows for a series of files.
*
* @param array $files
*
* @return array
*/
private function generate_email_rows( $files ) {
$rows = array();
foreach ( $files as $item => $attr ) {
$time = isset( $attr['mod_date'] ) ? $attr['mod_date'] : $attr['d'];
$rows[] = array(
$item,
ITSEC_Lib::date_format_i18n_and_local_timezone( $time ),
isset( $attr['hash'] ) ? $attr['hash'] : $attr['h']
);
}
return $rows;
}
}