h{' NdZddlZddlZddlZddlZddlmZddlmZmZddl m Z ddl m Z ddl mZddlmZmZmZdd lmZdd lmZdd lmZdd lmZdd lmZddlm Z ddl!m"Z"ddl#m$Z$ddl%m&Z&dZ'dZ(ej)e*Z+edde,e-e.e-ffdZ/de-de-de.fdZ0de"fdZ1e dde2fdZ3d Z4d!e-d"e.de.fd#Z5de-d$e-de.e-fd%Z6de"d!e-de e-fd&Z7d!e-de.fd'Z8d!e-de,fd(Z9d)Z:d*e;d+e;d!e-de"d,e,de,f d-Z. Copyright © 2019 Cloud Linux Software Inc. This software is also available under ImunifyAV commercial license, see N) defaultdict)datetime timedelta) lru_cache)Optional)Path)choose_value_from_configMalwareScanScheduleMalwareScanScheduleInterval) LicenseCLN) HostingPanel)async_lru_cache) MalwareHit)QueueSupervisorSync) user_list)WPSite)WP_CLI_WRAPPER_PATH)PHPErrorz/usr/sbin/cagefs_enter_userz/usr/sbin/cagefsctl<)ttlreturncKt}|d{V}tt}|D]%\}}|D]}|||&|S)zN Get a mapping of docroots to their associated domains, with caching. N)r get_domain_pathsrlistitemsappend) hosting_panel panel_paths docroot_mapdomaindocrootsdocroots I/opt/imunify360/venv/lib/python3.11/site-packages/imav/wordpress/utils.pyrr<s !NNM%6688888888Kd##K'--//00 0 0G  ' ' / / / / 0 php_pathr"c0tt||gS)zGet wp cli common command list)strr)r%r"s r# wp_wrapperr(Js # $ $h 88r$sitec6t|jdz dz S)Nz wp-contentzimunify-security)rr")r)s r# get_data_dirr+Os    ,/A AAr$)maxsizectjtr$tjttjst Stjtdgdd}|j dkrt S|j d}t |ddS)z)Get the list of users enabled for CageFS.z--list-enabledT)capture_outputtextr r,N) ospathisfileCAGEFS_CTL_PATHaccessX_OKset subprocessrun returncodestdoutstripsplit)resultliness r#get_cagefs_enabled_usersrASs 7>>/ * *")33uu ^ *+DtFAuu M   ! ! ' ' - -E uQRRy>>r$c8tdS)N)rA cache_clearr$r#$clear_get_cagefs_enabled_users_cacherEes((*****r$usernameargsc|tvrTtjtr0tjttjr td|g|Sddd|dtj|gS)zNBuild the necessary command to run the given cmdline args with specified user.z--no-io-and-memory-limitsuz-sz /bin/bashz-c) rAr2r3r4CAGEFS_ENTER_PATHr6r7shlexjoin)rFrGs r#build_command_for_userrMis+---- 7>>+ , ,  rw2 2  "*      4  r$domain_to_excludecxKtd{V}||g}fd|DS)z Get all domains associated with a given document root, excluding one domain. It's panel-agnostic and uses a cached mapping. Nc g|] }|k| SrDrD).0r rNs r# z+get_domains_for_docroot..s$ L L Lv:K0K0KF0K0K0Kr$)rget)r"rNr all_domainss ` r#get_domains_for_docrootrUsS)********K//'2..K L L L L L L LLr$cP Kddlm}m}|| dtdttf fd }||j}|r|St |j|jd{V}|D]}||}|r|cStd|jd ) z/Determine PHP binary path for the given WPSite.r)get_domains_php_infoget_installed_php_versionsr rc|}|r|dkrdS|d}|sdSD]2}|d|kr|dcS3dS)NrFdisplay_version identifierbin)rS)r domain_infophp_display_version php_versiondomains_php_infoinstalled_php_versionsrFs r#find_php_binary_for_domainz7get_php_binary_path..find_php_binary_for_domains&**622  kooj99XEE4)oo.?@@" 41 . .K|,,0CCC"u-----Dtr$)rNNz+PHP binary was not identified for docroot: z , username: ) clcommon.cpapirWrXr'rr rUr"r) r)rFrWrXrbphp_binary_pathdomainsr r`ras ` @@r#get_php_binary_pathrfsX ,+--7799 3 8C=        10==O,  G##44V<<  #" " " " #  dl       r$c6tj|\}}|S)z Get malware history for the specified user. This is an equivalent of calling `imunify360-agent malware history list --user {username}`. `` )user)rmalicious_list)rF max_counthitss r#get_malware_historyrls!#1x@@@Y Kr$cKt|}tj|j|hd{V\}}|siStj|dd}|dS)z Get the last scan for the specified user. This is an equivalent of calling `imunify360-agent malware user list --user {username}`. )matchN scan_dateT)descr) ScanQueuerfetch_user_listget_scans_from_pathssort)sinkrFqueue_userss r# get_last_scanrys dOOE. "8*HAu  N5+D 9 9 9E 8Or$c0tj}tjtjkrP|tjddd}||kr|tdz }| Stjtj krtj | dzdzz dzdz}|dkr|j tjkrd}|t|z}|tjddd Stjtjkr|tjtjddd}|jtjks*|jtjkrf|j tjkrQ|jdkr |jdznd}||}|dkr||jdz }| SdS) Nr)hourminutesecond microsecondr,)days)dayr{r|r}r~ )month)year)rutcnowr INTERVALIntervalDAYreplaceHOURr timestampWEEK DAY_OF_WEEKweekdayr{MONTH DAY_OF_MONTHrrr)today next_scan days_aheadnext_scan_date next_months r#calculate_next_scan_timestamprs O  E#x|33MM$) "  I   *** *I""$$$#x}44 +u}}/Ba.G G! K   ??uz-@-EEEJ !;!;!;;%%$)!A1&  )++ #x~55#0$) '   9*7 7 7 I,9 9 9 1666,1K",<,<q!J+33*3EENQ!/!7!7UZ!^!7!L!L'')))!65r$last_scan_timenext_scan_timemalware_by_sitecgd}i}|D]B\}}||vri||< t|||\} } n#t$rd} YnwxYw| |||<C|||||jg|t jdS)a8 Prepare scan data JSON for a WordPress site. Args: last_scan_time: Timestamp of the last scan next_scan_time: Timestamp of the next scheduled scan username: Username of the site owner site: WordPress site object malware_by_site: Dictionary mapping site docroots to their malware hits Returns: dict: JSON data ready to be written to scan_data.php. The response includes: - lastScanTimestamp: Timestamp of the last scan - nextScanTimestamp: Timestamp of the next scheduled scan - username: Username of the site owner - malware: List of malware hits for the site - config: Configuration items for the site - license: License information including status and eligibility for Imunify patch ))MALWARE_SCANNINGenable_scan_cpanel)rdefault_action)PROACTIVE_DEFENCEblamer)rFN)lastScanTimestampnextScanTimestamprFmalwareconfiglicense)r KeyErrorrSr"r license_info) rrrFr)rconfig_sections config_itemssectionoptionvaluerws r#prepare_scan_datars6OL* . . , & &$&L ! /!HE11    EEE (- Wf%%,+"&&t|R88*,,   s . ==)=__doc__loggingr2rKr9 collectionsrrr functoolsrtypingrpathlibr defence360agent.contracts.configr r r r!defence360agent.contracts.licenser +defence360agent.subsys.panels.hosting_panelr defence360agent.utilsrimav.malwarelib.modelr*imav.malwarelib.scan.queue_supervisor_syncrrqimav.malwarelib.utilsrimav.model.wordpressrimav.wordpressrimav.wordpress.exceptionrrJr5 getLogger__name__loggerdictr'rrr(r+r8rArErMrUrfrlryrfloatrrDr$r#rs* ######(((((((( 988888DDDDDD111111,,,,,,,+++++''''''.-----1'  8 $ $R S$s)^ 4    99s9t9999 BvBBBB 1#"+++S. M  M%( M #Y M M M M)F)c)hsm))))X#$$+*+*+*\8888  8  8  888888r$