public static function startScan()
{
wssLog(__METHOD__ . '() triggered ' . PHP_EOL . str_repeat('=', 50));
$settings = WsdWPScanSettings::getSettings();
$scanID = $settings['SCAN_ID'];
$scanState = $settings['SCAN_STATE'];
$scanProgress = $settings['SCAN_PROGRESS'];
$scanResult = $settings['SCAN_RESULT'];
$scanType = $settings['SCAN_TYPE'];
self::$_scanID = $scanID;
wssLog('SCAN DATA', array('$scanID' => $scanID, '$scanState' => $scanState, '$scanProgress' => $scanProgress, '$scanResult' => $scanResult, '$scanType' => $scanType));
// if scan id == 0 there is no scan registered
if (empty($scanID)) {
$failReason = "Internal Error: No scan ID provided.";
wssLog('No scan ID. Ignoring the scan start request.');
self::stopScan(false, $failReason);
return false;
}
//#! if scan state is none
if ($scanState == WsdWPScanSettings::SCAN_STATE_NONE) {
wssLog('Invalid scan state. Ignoring the scan start request.', array('state' => 'SCAN_STATE_NONE'));
return false;
}
//#! if scan in progress
if ($scanState == WsdWPScanSettings::SCAN_STATE_IN_PROGRESS) {
wssLog('Scan is running. Ignoring the scan start request.', array('state' => 'SCAN_STATE_IN_PROGRESS', 'progress' => $scanProgress));
return false;
}
//#! Start scan
//=============================
global $wp_version;
wssLog('WordPress version installed:', array('version' => $wp_version));
if (empty($wp_version)) {
$failReason = __("Could not retrieve the WordPress version.", WpsSettings::TEXT_DOMAIN);
wssLog('Invalid WordPress version detected.');
self::stopScan(false, $failReason);
return false;
}
wssLog('Starting scan.', array('ID' => self::$_scanID));
@ignore_user_abort(true);
@set_time_limit(WpsSettings::WPS_MAX_TIME_EXEC_LIMIT);
//#! update scan state
WsdWPScanSettings::updateSetting('SCAN_STATE', WsdWPScanSettings::SCAN_STATE_IN_PROGRESS);
//#! Request the json file from server depending on the current WP version
$json = null;
$url = WpsSettings::getJsonRepoUrl() . "{$wp_version}.json";
wssLog('Retrieving json file.', array('path' => $url));
$c = @file_get_contents($url);
if (empty($c)) {
$reason = sprintf(__("Error retrieving the json file from server for the detected WordPress version: %s. Scan aborted.", WpsSettings::TEXT_DOMAIN), $wp_version);
wssLog($reason);
self::stopScan(false, $reason);
return false;
} else {
$data = json_decode($c);
wssLog('Json file retrieved from path: ' . $url);
if (is_null($data)) {
$failReason = __('Error decoding the json file. The file might be empty or corrupted.', WpsSettings::TEXT_DOMAIN);
wssLog($failReason, array('path' => $url));
self::stopScan(false, $failReason);
return false;
}
//#! Ensure file is valid
if (isset($data->root) && isset($data->wp_admin) && isset($data->wp_content) && isset($data->wp_includes)) {
$rootFiles = $data->root;
$wpAdminFiles = $data->wp_admin;
$wpContentFiles = $data->wp_content;
$wpIncludesFiles = $data->wp_includes;
if (empty($rootFiles) || empty($wpAdminFiles) || empty($wpContentFiles) || empty($wpIncludesFiles)) {
$failReason = __('Invalid json file retrieved from server.', WpsSettings::TEXT_DOMAIN);
wssLog($failReason, array('path' => $url));
self::stopScan(false, $failReason);
return false;
}
//#! mark as ok for GC
$data = null;
$now = time();
$h24 = 24 * 60 * 60;
$since = 0;
if ($scanType == 0) {
$since = strtotime('midnight');
} elseif ($scanType == 1) {
$since = $now - $h24;
} elseif ($scanType == 2) {
$since = $now - 2 * $h24;
} elseif ($scanType == 3) {
$since = $now - 3 * $h24;
} elseif ($scanType == 4) {
$since = $now - 4 * $h24;
} elseif ($scanType == 5) {
$since = $now - 5 * $h24;
} elseif ($scanType == 6) {
$since = $now - 6 * $h24;
} elseif ($scanType == 7) {
$since = $now - 7 * $h24;
} elseif ($scanType == 8) {
$since = strtotime("-1 months") - $h24 - $now;
}
WsdWPScanSettings::updateSetting('SCAN_PROGRESS', WsdWPScanSettings::SCAN_PROGRESS_ROOT, true);
self::_checkFiles(ABSPATH, $rootFiles, $since, true);
wssLog("root directory scan complete");
WsdWPScanSettings::updateSetting('SCAN_PROGRESS', WsdWPScanSettings::SCAN_PROGRESS_ADMIN);
self::_checkFiles(ABSPATH . 'wp-admin/', $wpAdminFiles, $since, false, false, true);
wssLog("wp-admin directory scan complete");
WsdWPScanSettings::updateSetting('SCAN_PROGRESS', WsdWPScanSettings::SCAN_PROGRESS_CONTENT);
self::_checkFiles(ABSPATH . 'wp-content/', $wpContentFiles, $since, false, true);
wssLog("wp-content directory scan complete");
WsdWPScanSettings::updateSetting('SCAN_PROGRESS', WsdWPScanSettings::SCAN_PROGRESS_INCLUDES);
self::_checkFiles(ABSPATH . 'wp-includes/', $wpIncludesFiles, $since);
wssLog("wp-includes directory scan complete");
//#! Mark scan as completed
self::stopScan(true);
return true;
} else {
$failReason = __('Invalid json file retrieved from server.', WpsSettings::TEXT_DOMAIN);
wssLog($failReason, array('path' => $url));
self::stopScan(false, $failReason);
return false;
}
}
}
function wssPlugin_shutdown()
{
$error = error_get_last();
if (!empty($error)) {
// Only fatal errors, otherwise it will kill every scan
if ($error['type'] === E_ERROR) {
if (!empty($error['message'])) {
$data = array('type' => $error["type"], 'file' => empty($error["file"]) ? '' : $error["file"], 'line' => empty($error["line"]) ? '' : $error["line"], 'message' => $error["message"]);
wssLog(__FUNCTION__ . '() triggered.');
wssLog('Shutdown function called by system.', $data);
WpScan::stopScan(false, $data['message']);
}
}
}
}
