public static function startScan() { wssLog(__METHOD__ . '() triggered ' . PHP_EOL . str_repeat('=', 50)); $settings = WsdWPScanSettings::getSettings(); $scanID = $settings['SCAN_ID']; $scanState = $settings['SCAN_STATE']; $scanProgress = $settings['SCAN_PROGRESS']; $scanResult = $settings['SCAN_RESULT']; $scanType = $settings['SCAN_TYPE']; self::$_scanID = $scanID; wssLog('SCAN DATA', array('$scanID' => $scanID, '$scanState' => $scanState, '$scanProgress' => $scanProgress, '$scanResult' => $scanResult, '$scanType' => $scanType)); // if scan id == 0 there is no scan registered if (empty($scanID)) { $failReason = "Internal Error: No scan ID provided."; wssLog('No scan ID. Ignoring the scan start request.'); self::stopScan(false, $failReason); return false; } //#! if scan state is none if ($scanState == WsdWPScanSettings::SCAN_STATE_NONE) { wssLog('Invalid scan state. Ignoring the scan start request.', array('state' => 'SCAN_STATE_NONE')); return false; } //#! if scan in progress if ($scanState == WsdWPScanSettings::SCAN_STATE_IN_PROGRESS) { wssLog('Scan is running. Ignoring the scan start request.', array('state' => 'SCAN_STATE_IN_PROGRESS', 'progress' => $scanProgress)); return false; } //#! Start scan //============================= global $wp_version; wssLog('WordPress version installed:', array('version' => $wp_version)); if (empty($wp_version)) { $failReason = __("Could not retrieve the WordPress version.", WpsSettings::TEXT_DOMAIN); wssLog('Invalid WordPress version detected.'); self::stopScan(false, $failReason); return false; } wssLog('Starting scan.', array('ID' => self::$_scanID)); @ignore_user_abort(true); @set_time_limit(WpsSettings::WPS_MAX_TIME_EXEC_LIMIT); //#! update scan state WsdWPScanSettings::updateSetting('SCAN_STATE', WsdWPScanSettings::SCAN_STATE_IN_PROGRESS); //#! Request the json file from server depending on the current WP version $json = null; $url = WpsSettings::getJsonRepoUrl() . "{$wp_version}.json"; wssLog('Retrieving json file.', array('path' => $url)); $c = @file_get_contents($url); if (empty($c)) { $reason = sprintf(__("Error retrieving the json file from server for the detected WordPress version: %s. Scan aborted.", WpsSettings::TEXT_DOMAIN), $wp_version); wssLog($reason); self::stopScan(false, $reason); return false; } else { $data = json_decode($c); wssLog('Json file retrieved from path: ' . $url); if (is_null($data)) { $failReason = __('Error decoding the json file. The file might be empty or corrupted.', WpsSettings::TEXT_DOMAIN); wssLog($failReason, array('path' => $url)); self::stopScan(false, $failReason); return false; } //#! Ensure file is valid if (isset($data->root) && isset($data->wp_admin) && isset($data->wp_content) && isset($data->wp_includes)) { $rootFiles = $data->root; $wpAdminFiles = $data->wp_admin; $wpContentFiles = $data->wp_content; $wpIncludesFiles = $data->wp_includes; if (empty($rootFiles) || empty($wpAdminFiles) || empty($wpContentFiles) || empty($wpIncludesFiles)) { $failReason = __('Invalid json file retrieved from server.', WpsSettings::TEXT_DOMAIN); wssLog($failReason, array('path' => $url)); self::stopScan(false, $failReason); return false; } //#! mark as ok for GC $data = null; $now = time(); $h24 = 24 * 60 * 60; $since = 0; if ($scanType == 0) { $since = strtotime('midnight'); } elseif ($scanType == 1) { $since = $now - $h24; } elseif ($scanType == 2) { $since = $now - 2 * $h24; } elseif ($scanType == 3) { $since = $now - 3 * $h24; } elseif ($scanType == 4) { $since = $now - 4 * $h24; } elseif ($scanType == 5) { $since = $now - 5 * $h24; } elseif ($scanType == 6) { $since = $now - 6 * $h24; } elseif ($scanType == 7) { $since = $now - 7 * $h24; } elseif ($scanType == 8) { $since = strtotime("-1 months") - $h24 - $now; } WsdWPScanSettings::updateSetting('SCAN_PROGRESS', WsdWPScanSettings::SCAN_PROGRESS_ROOT, true); self::_checkFiles(ABSPATH, $rootFiles, $since, true); wssLog("root directory scan complete"); WsdWPScanSettings::updateSetting('SCAN_PROGRESS', WsdWPScanSettings::SCAN_PROGRESS_ADMIN); self::_checkFiles(ABSPATH . 'wp-admin/', $wpAdminFiles, $since, false, false, true); wssLog("wp-admin directory scan complete"); WsdWPScanSettings::updateSetting('SCAN_PROGRESS', WsdWPScanSettings::SCAN_PROGRESS_CONTENT); self::_checkFiles(ABSPATH . 'wp-content/', $wpContentFiles, $since, false, true); wssLog("wp-content directory scan complete"); WsdWPScanSettings::updateSetting('SCAN_PROGRESS', WsdWPScanSettings::SCAN_PROGRESS_INCLUDES); self::_checkFiles(ABSPATH . 'wp-includes/', $wpIncludesFiles, $since); wssLog("wp-includes directory scan complete"); //#! Mark scan as completed self::stopScan(true); return true; } else { $failReason = __('Invalid json file retrieved from server.', WpsSettings::TEXT_DOMAIN); wssLog($failReason, array('path' => $url)); self::stopScan(false, $failReason); return false; } } }
function wssPlugin_shutdown() { $error = error_get_last(); if (!empty($error)) { // Only fatal errors, otherwise it will kill every scan if ($error['type'] === E_ERROR) { if (!empty($error['message'])) { $data = array('type' => $error["type"], 'file' => empty($error["file"]) ? '' : $error["file"], 'line' => empty($error["line"]) ? '' : $error["line"], 'message' => $error["message"]); wssLog(__FUNCTION__ . '() triggered.'); wssLog('Shutdown function called by system.', $data); WpScan::stopScan(false, $data['message']); } } } }