K6hIdZddlZddlZddlZddlZddlZddlZddlZddlm Z ddl m Z ddl Z ddl mZddlmZddlmZmZddlmZmZdd lmZmZdd lmZmZmZdd lm Z m!Z!m"Z"m#Z#m$Z$ej%e&Z'e d Z(d efdZ)de*de+fdZ,dej-fdZ.d&de/fdZ0de1e*fdZ2d efdZ3dZ4dZ5dZ6de/efdZ7d ede8fd Z9d!e1efd"Z:de+d!e/e*fd#Z;d$e*d!e/efd%Z. Copyright © 2019 Cloud Linux Software Inc. This software is also available under ImunifyAV commercial license, see N) defaultdict)Path)SqliteDatabase) inactivity)MalwareScanScheduleMalwareScanScheduleInterval)atomic_rewrite check_run) WordpressSiteWPSite)cli PLUGIN_SLUG telemetry)build_command_for_usercalculate_next_scan_timestamp$clear_get_cagefs_enabled_users_cache get_last_scanget_malware_historyzD/var/lib/cloudlinux-app-version-detector/components_versions.sqlite3sitec6t|jdz dz S)Nz wp-contentzimunify-security)rdocrootrs J/opt/imunify360/venv/lib/python3.11/site-packages/imav/wordpress/plugin.py get_data_dirr:s    ,/A AAusernameuidcKt||d{V}|dd}d}tjtjkrt }t|}t|}tt}|D]K} | ddkr=|D]:} | d | r||  | n;L|||fS)N scan_date resource_typefile) rgetrINTERVALIntervalNONErget_sites_for_userrrlist startswithappend) sinkrr last_scanlast_scan_timenext_scan_timeall_users_sitesmalware_historymalware_by_siteitem site_paths r_get_scan_data_for_userr3>s#D(33333333I]];55NN#x}44688)--O*(33O"$''O  F * *,   <**955#I.55d;;;E >? ::r semaphorecK|4d{V |d{Vn4#t$r'}td|Yd}~nd}~wwxYwdddd{VdS#1d{VswxYwYdS)NzTelemetry task failed: ) Exceptionloggererror)coror4es r_send_telemetry_taskr;\s+88888888 8JJJJJJJJ 8 8 8 LL6166 7 7 7 7 7 7 7 7 8888888888888888888888888888888s5AA AAAAA A'*A' coroutinescKtj|fd|D} tj|d{VdS#t$r(}td|Yd}~dSd}~wwxYw)NcTg|]$}tjt|%S)asyncio create_taskr;).0r9r4s r z+process_telemetry_tasks..fs?     0yAABB   rzSome telemetry tasks failed: )rA Semaphoregatherr6r7r8)r= concurrencytasksr:r4s @rprocess_telemetry_tasksrIds!+..I       E :ne$$$$$$$$$$ ::: 8Q88999999999:s= A/A**A/usersc (Ktdt}g}tjd5 t ttdtj Dz }|sS tj d|D t|d{VddddStt}|D]"}||j|#|D]\}} t%j|j} nP#t*$rC} t-jdt3||| d Yd} ~ id} ~ wwxYw| |vrvt5|| |d{V\} } } |D] } t7j|d{V}|s+t-jd | d K| | | |jgd }t?||d{Vt7j |d{V|!||tEj#|d |#t*$r'} t$d|| Yd} ~ d} ~ wwxYwtdt3|nf#tJj&$r+tdt3|Yn-t*$r!} t$d| d} ~ wwxYwtj d|D t|d{VnJ#tj d|D t|d{VwxYw ddddS#1swxYwYdS)zLInstall the imunify-security plugin for all sites where it is not installed.z%Installing imunify-security wp pluginzwp-plugin-installationc3VK|]$}t|j|j|jV%dSNr rdomainrrCrs r z$install_for_users..|sH;;qy!(AE22;;;;;;rc:g|]}|j|j|jddS)N)rOrrmanually_deleted_at)rOrr)rCrs rrDz%install_for_users..sC #'+#'<#x/3 rNzSkipping installation of WordPress plugin on {count} site(s) because they belong to user {user} and it is not possible to retrieve username for this user. Reason: {reason})countuserreasonwarning)levelz:WordPress site is not accessible using WP CLI. site={site}rlastScanTimestampnextScanTimestampmalwareinstalled_by_imunifyr*eventrz,Failed to install plugin to site=%s error=%sz0Installed imunify-security wp plugin on %d siteszXInstallation imunify-security wp plugin was cancelled. Plugin was installed for %d sitesz3Error occurred during plugin installation. error=%s)'r7infosetrtracktaskr_get_sites_without_pluginr select insert_manyexecuterIrr'rr)itemspwdgetpwuidpw_namer6 sentry_sdkcapture_messageformatlenr3r is_wordpress_installedr"rupdate_scan_data_fileplugin_installaddr send_eventr8rACancelledError)rJr* installedtelemetry_coros to_install sites_by_userrrsitesrr8r,r-r0rq json_datas rinstall_for_usersr}qs KK7888IO    7 8 8t;t;s ; 0 2 2 2244s;;&-//;;;88J  |  %!*  giii)/:: : : : : : : :it;t;t;t;t;t;t;t;(--M" 5 5dh'..t4444,1133D D  U"|C008HH   .DEKF"%e**!$#(EKEE (    HHHH 5(( 2$#FFFFFFFF ""#"))D(#&"EL F%"9F L F%%(LAJ$LBJ$#L$ K .K LK -LN/7M&:N/< M&M!!M&&N/)AP/AO66PP P cKt|}|r'tjtj|d{VdSdSrM)rexistsrA to_threadshutilrmtree)rdata_dirs rdelete_plugin_filesrs\D!!H9 x8888888888899rc Ktdg}d}tjd5 t jt j d}|D]} tj |d{Vt|d{V|t j t j|jkz }|t#j|d|#t&$r&}td||Yd}~d}~wwxYwnf#t*j$r+td t/|Yn-t&$r!}td |d}~wwxYwtd ||dkrt1|d{Vn<#td ||dkrt1|d{VwwxYwddddS#1swxYwYdS) zHRemove the imunify-security plugin from all sites where it is installed.z#Deleting imunify-security wp pluginrzwp-plugin-removalTNuninstalled_by_imunifyr_z"Failed to remove plugin from %s %szSDeleting imunify-security wp plugin was cancelled. Plugin was deleted from %d sitesz)Error occurred during plugin deleting. %sz0Removed imunify-security wp plugin from %s sites)r7rarrcrdr rfwhererTis_nullr plugin_deactivaterdeleterrhr)rrur6r8rArvrprI)r*rxaffected to_removerr8s rremove_all_installedrs KK5666OH    2 3 30?0?/ ?%,..44199$??I"  /555555555-d333333333%,..}4 DEE H$**!,!%":!%!LL>>>>>>>> KKB   !||-o>>>>>>>>>>]0?0?0?0?0?0?0?0?0?0?0?0?0?0?0?0?0?0?sI AE& B'D21E&2 E"<EE&E""E&%H&7G H G (GG  H 7I 9H<<I  IIcKtd||tj|tj|jkdS)Nz:Mark site %s as manually deleted at %s (WP-Plugin removed))rT)r7rar updaterrrh)rnows rmark_site_as_manually_deletedr.s\ KKDdC 555 }$ 4 5 5 rcfKg} ttdtjtjDz}|rXtj}|D]B}t||d{V| tj |d|Cn2#t$r%}td|Yd}~nd}~wwxYw|rt|d{VdSdS#|rt|d{VwwxYw)Nc3VK|]$}t|j|j|jV%dSrMrNrPs rrRz+tidy_up_manually_deleted..<sPH H  19ah . .H H H H H H rremoved_by_userr_z&Error occurred during site tidy up. %s)rerbr rfrrTrtimerr)rrur6r7r8rI)r*rxto_mark_as_manually_removedrrr8s rtidy_up_manually_deletedr9sO;&?&A&ACH H ")++11199;;H H H E E ' # ' )++C3  3D#>>>>>>>>> &&(!/! FFF =uEEEEEEEEF  ;)/:: : : : : : : : : : ; ;? ;)/:: : : : : : : : : ;s0CC D C8C3.D3C88DD0r{cfK|sdStt}|D]"}||j|#|D]\}} t j|j}n3#t$r&}t d||Yd}~Kd}~wwxYwt|||d{V\}}} |D]k} ||| |j gd} t|| d{V9#t$r&}t d||Yd}~dd}~wwxYwdS)Nz+Failed to get username for uid=%d. error=%srZz.Failed to update scan data on site=%s error=%s)rr'rr)rirjrkrlr6r7r8r3r"rrr) r*r{rzrrrr8r,r-r0r|s rupdate_data_on_sitesrXs  %%M--dh&&t,,,,$))++!! U |C((0HH    LL=    HHHH  *$#>> > > > > > >      D *8)7.224<DD ,D)<<<<<<<<<<    D  #!!s0A44 B$>BB$5C== D-D((D-r|cKtj|j}|j}t |}t j|rtdt|| st|j ddt|g}t|d{V| s#tdt||j |d|dz }dtj|dd zd z}| s|t'||d |j|d dS)Nz)Data directory %s is a symlink, skipping.mkdirz-pz)Failed to create directory %s for user %siz scan_data.phpzBz,_get_sites_without_plugin..I     s1vc!f#c!f++>>>   r) COMPONENTS_DB_PATHrr7r8rrbr execute_sqlrrfetchall)cursors rreres  $ $ & & ; " # #   uu . / / ; ; ,0;/B3/L/L-   F6  ??$$   rc<ts;tdt tt St td|d}d|DS)z Get a set of paths to WordPress sites belonging to a particular user. Paths are sorted by their length to make sure that the main site is the last one in the list. The data is pulled from the app-version-detector database. rz WITH latest_reports AS ( SELECT MAX(id) as id FROM report WHERE uid = a] GROUP BY dir ) SELECT wp.real_path FROM apps AS wp INNER JOIN latest_reports AS lr ON wp.report_id = lr.id WHERE wp.title = 'wp_core' AND wp.parent_id IS NULL GROUP BY wp.real_path ORDER BY length(wp.real_path) DESC cg|] }|d S)rr@rs rrDz&get_sites_for_user..s 0 0 0sCF 0 0 0r) rrr7r8rr'rrr)rrs rr&r&s  $ $ & & ; " # #   vv . / / ; ; !    F$ 1 0foo// 0 0 00rrcpts;tdt tt S|ds|dz }ttd|d}d| DS)zn Get a set of wp sites by given path. The data is pulled from the app-version-detector database. r*z/*ak WITH latest_reports AS ( SELECT id, uid, domain FROM report WHERE id IN ( SELECT MAX(id) FROM report WHERE domain IS NOT NULL AND domain != '' GROUP BY dir ) ) SELECT wp.real_path, lr.domain, lr.uid FROM apps AS wp INNER JOIN latest_reports AS lr ON wp.report_id = lr.id WHERE wp.title = 'wp_core' AND wp.parent_id IS NULL AND wp.real_path GLOB 'z ' c pg|]3}t|d|dt|d4Srrrs rrDz%get_sites_by_path..>rr) rrr7r8rr'endswithrrr)rrs rget_sites_by_pathrs  $ $ & & ; " # #   vv  ==     . / / ; ; $%)%   F,  ??$$   r)r<)=__doc__rArloggingrrjrr collectionsrpathlibrrmpeeweerdefence360agent.apir defence360agent.contracts.configrrr$defence360agent.utilsr r imav.model.wordpressr r imav.wordpressr rrimav.wordpress.utilsrrrrr getLogger__name__r7rrrrr3rEr;r'rIrbr}rrrrrdictrrrer&rr@rrrs3*  ######!!!!!!******<;;;;;;;666666666666666666  8 $ $TJ BvBBBB;#;C;;;;<80A8888 : :d : : : :{;3s8{;{;{;{;|9F9999 6?6?6?r;;;>+DL++++\=f=====@+3v;++++\ 1C 1DI 1 1 1 1F*C*DL******r