public function run($engine)
{
//base path and 'only' is a list of files and dirs in the bast that are the only ones that should be processed. Everything else in base is ignored. If only is empty then everything is processed.
if ($this->totalForks > 1000) {
throw new Exception("Wordfence file scanner detected a possible infinite loop. Exiting on file: " . $this->stoppedOnFile);
}
$this->engine = $engine;
$files = scandir($this->path);
foreach ($files as $file) {
if ($file == '.' || $file == '..') {
continue;
}
if (sizeof($this->only) > 0 && !in_array($file, $this->only)) {
continue;
}
$file = $this->path . $file;
wordfence::status(4, 'info', "Hashing item in base dir: {$file}");
$this->_dirHash($file);
}
wordfence::status(2, 'info', "Analyzed " . $this->totalFiles . " files containing " . wfUtils::formatBytes($this->totalData) . " of data.");
if ($this->coreEnabled) {
wordfence::statusEnd($this->status['core'], $this->haveIssues['core']);
}
if ($this->themesEnabled) {
wordfence::statusEnd($this->status['themes'], $this->haveIssues['themes']);
}
if ($this->pluginsEnabled) {
wordfence::statusEnd($this->status['plugins'], $this->haveIssues['plugins']);
}
if (sizeof($this->possibleMalware) > 0) {
$malwareResp = $engine->api->binCall('check_possible_malware', json_encode($this->possibleMalware));
if ($malwareResp['code'] != 200) {
wordfence::statusEndErr();
throw new Exception("Invalid response from Wordfence API during check_possible_malware");
}
$malwareList = json_decode($malwareResp['data'], true);
if (is_array($malwareList) && sizeof($malwareList) > 0) {
for ($i = 0; $i < sizeof($malwareList); $i++) {
$file = $malwareList[$i][0];
$md5 = $malwareList[$i][1];
$name = $malwareList[$i][2];
$this->haveIssues['malware'] = true;
$this->engine->addIssue('file', 1, $this->path . $file, $md5, 'This file is suspected malware: ' . $file, "This file's signature matches a known malware file. The title of the malware is '" . $name . "'. Immediately inspect this file using the 'View' option below and consider deleting it from your server.", array('file' => $file, 'cType' => 'unknown', 'canDiff' => false, 'canFix' => false, 'canDelete' => true));
}
}
}
if ($this->malwareEnabled) {
wordfence::statusEnd($this->status['malware'], $this->haveIssues['malware']);
}
}
private function scan_comments_finish()
{
$hooverResults = $this->hoover->getBaddies();
if ($this->hoover->errorMsg) {
wordfence::statusEndErr();
throw new Exception($this->hoover->errorMsg);
}
$this->hoover->cleanup();
$haveIssues = false;
foreach ($hooverResults as $idString => $hresults) {
$arr = explode('-', $idString);
$blogID = $arr[0];
$commentID = $arr[1];
$uctype = ucfirst($this->scanData[$idString]['type']);
$type = $this->scanData[$idString]['type'];
foreach ($hresults as $result) {
if ($result['badList'] == 'goog-malware-shavar') {
$shortMsg = "{$uctype} with author " . $this->scanData[$idString]['author'] . " contains a suspected malware URL.";
$longMsg = "This {$type} contains a suspected malware URL listed on Google's list of malware sites. The URL is: " . $result['URL'] . " - More info available at <a href=\"http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=" . urlencode($result['URL']) . "&client=googlechrome&hl=en-US\" target=\"_blank\">Google Safe Browsing diagnostic page</a>.";
} else {
if ($result['badList'] == 'googpub-phish-shavar') {
$shortMsg = "{$uctype} contains a suspected phishing site URL.";
$longMsg = "This {$type} contains a URL that is a suspected phishing site that is currently listed on Google's list of known phishing sites. The URL is: " . $result['URL'];
} else {
//A list type that may be new and the plugin has not been upgraded yet.
continue;
}
}
if (is_multisite()) {
switch_to_blog($blogID);
}
$ignoreP = $idString;
$ignoreC = $idString . '-' . $this->scanData[$idString]['contentMD5'];
if ($this->addIssue('commentBadURL', 1, $ignoreP, $ignoreC, $shortMsg, $longMsg, array('commentID' => $commentID, 'badURL' => $result['URL'], 'author' => $this->scanData[$idString]['author'], 'type' => $type, 'uctype' => $uctype, 'editCommentLink' => get_edit_comment_link($commentID), 'commentDate' => $this->scanData[$idString]['date'], 'isMultisite' => $this->scanData[$idString]['isMultisite'], 'domain' => $this->scanData[$idString]['domain'], 'path' => $this->scanData[$idString]['path'], 'blog_id' => $blogID))) {
$haveIssues = true;
}
if (is_multisite()) {
restore_current_blog();
}
}
}
wordfence::statusEnd($this->statusIDX['comments'], $haveIssues);
}
