908 lines
23 KiB
PHP
908 lines
23 KiB
PHP
<?php
|
|
|
|
namespace WPScan;
|
|
|
|
// Exit if accessed directly.
|
|
defined( 'ABSPATH' ) || exit;
|
|
|
|
/**
|
|
* Plugin.
|
|
*
|
|
* General WPScan plugin logic.
|
|
*
|
|
* @since 1.0.0
|
|
*/
|
|
class Plugin {
|
|
// Settings.
|
|
public $OPT_API_TOKEN = 'wpscan_api_token';
|
|
public $OPT_SCANNING_INTERVAL = 'wpscan_scanning_interval';
|
|
public $OPT_SCANNING_TIME = 'wpscan_scanning_time';
|
|
public $OPT_IGNORE_ITEMS = 'wpscan_ignore_items';
|
|
|
|
// Account.
|
|
public $OPT_ACCOUNT_STATUS = 'wpscan_account_status';
|
|
|
|
// Notifications.
|
|
public $OPT_EMAIL = 'wpscan_mail';
|
|
public $OPT_INTERVAL = 'wpscan_interval';
|
|
public $OPT_IGNORED = 'wpscan_ignored';
|
|
|
|
// Report.
|
|
public $OPT_REPORT = 'wpscan_report';
|
|
public $OPT_ERRORS = 'wpscan_errors';
|
|
|
|
// Schedule.
|
|
public $WPSCAN_SCHEDULE = 'wpscan_schedule';
|
|
|
|
// Run All schedule.
|
|
public $WPSCAN_RUN_ALL = 'wpscan_run_all';
|
|
|
|
// Run Security schedule.
|
|
public $WPSCAN_RUN_SECURITY = 'wpscan_events_inline';
|
|
|
|
// Dashboard.
|
|
public $WPSCAN_DASHBOARD = 'wpscan_dashboard';
|
|
|
|
// Transient.
|
|
public $WPSCAN_TRANSIENT_CRON = 'wpscan_doing_cron';
|
|
|
|
// Required minimal role.
|
|
public $WPSCAN_ROLE = 'manage_options';
|
|
|
|
// Plugin path.
|
|
public $plugin_dir = '';
|
|
|
|
// Plugin URI.
|
|
public $plugin_url = '';
|
|
|
|
// Page.
|
|
public $page_hook = 'toplevel_page_wpscan';
|
|
|
|
// Report.
|
|
public $report;
|
|
|
|
// Action fired when an issue is found
|
|
public $WPSCAN_ISSUE_FOUND = 'wpscan_issue_found';
|
|
|
|
/**
|
|
* Class constructor.
|
|
*
|
|
* @return void
|
|
* @since 1.0.0
|
|
* @access public
|
|
*/
|
|
public function __construct() {
|
|
$this->plugin_dir = trailingslashit( str_replace( '\\', '/', dirname( WPSCAN_PLUGIN_FILE ) ) );
|
|
$this->plugin_url = site_url( str_replace( str_replace( '\\', '/', ABSPATH ), '', $this->plugin_dir ) );
|
|
|
|
// Languages.
|
|
load_plugin_textdomain( 'wpscan', false, $this->plugin_dir . 'languages' );
|
|
|
|
// Cache values in memory.
|
|
$this->report = get_option( $this->OPT_REPORT, array() );
|
|
$this->ignored_vulnerabilities = get_option( $this->OPT_IGNORED, array() );
|
|
|
|
// Actions.
|
|
add_action( 'admin_menu', array( $this, 'menu' ) );
|
|
add_action( 'admin_enqueue_scripts', array( $this, 'admin_enqueue' ) );
|
|
add_action( 'admin_bar_menu', array( $this, 'admin_bar' ), 65 );
|
|
add_action( $this->WPSCAN_SCHEDULE, array( $this, 'check_now' ) );
|
|
add_action( $this->WPSCAN_RUN_ALL, array( $this, 'check_now' ) );
|
|
add_action( 'in_admin_header', array( $this, 'deactivate_screen' ) );
|
|
|
|
if ( defined( 'WPSCAN_API_TOKEN' ) ) {
|
|
add_action( 'admin_init', array( $this, 'api_token_from_constant' ) );
|
|
}
|
|
|
|
// Filters.
|
|
add_filter( 'plugin_action_links_' . plugin_basename( WPSCAN_PLUGIN_FILE ), array( $this, 'add_action_links' ) );
|
|
|
|
// Micro apps (modules).
|
|
$this->classes['report'] = new Report( $this );
|
|
$this->classes['settings'] = new Settings( $this );
|
|
$this->classes['account'] = new Account( $this );
|
|
$this->classes['notification'] = new Notification( $this );
|
|
$this->classes['summary'] = new Summary( $this );
|
|
$this->classes['ignoreVulnerabilities'] = new ignoreVulnerabilities( $this );
|
|
$this->classes['dashboard'] = new Dashboard( $this );
|
|
$this->classes['sitehealth'] = new SiteHealth( $this );
|
|
$this->classes['checks/system'] = new Checks\System( $this );
|
|
}
|
|
|
|
/**
|
|
* Plugin Loaded
|
|
*
|
|
* @return void
|
|
* @since 1.0.0
|
|
* @access public
|
|
*/
|
|
public function loaded() {
|
|
load_plugin_textdomain( 'wpscan', false, $this->plugin_dir . 'languages' );
|
|
}
|
|
|
|
/**
|
|
* Activate actions. Runs when the plugin is activated.
|
|
*
|
|
* @return void
|
|
* @since 1.0.0
|
|
* @access public
|
|
*/
|
|
public function activate() {
|
|
$this->delete_doing_cron_transient();
|
|
}
|
|
|
|
/**
|
|
* Deactivate actions
|
|
*
|
|
* @return void
|
|
* @since 1.0.0
|
|
* @access public
|
|
*/
|
|
public function deactivate() {
|
|
delete_option( $this->OPT_SCANNING_INTERVAL );
|
|
|
|
delete_option( $this->OPT_SCANNING_TIME );
|
|
|
|
as_unschedule_all_actions( $this->WPSCAN_SCHEDULE );
|
|
}
|
|
|
|
/**
|
|
* Deactivate screen
|
|
*
|
|
* @return void
|
|
* @since 1.14.0
|
|
* @access public
|
|
*/
|
|
public function deactivate_screen() {
|
|
global $pagenow;
|
|
|
|
if ( 'plugins.php' === $pagenow ) {
|
|
include_once plugin_dir_path( WPSCAN_PLUGIN_FILE ) . 'views/deactivate.php';
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Use the global constant WPSCAN_API_TOKEN if defined.
|
|
*
|
|
* @return void
|
|
* @since 1.0.0
|
|
* @access public
|
|
* @example define('WPSCAN_API_TOKEN', 'xxx');
|
|
*
|
|
*/
|
|
public function api_token_from_constant() {
|
|
if ( get_option( $this->OPT_API_TOKEN ) !== WPSCAN_API_TOKEN ) {
|
|
$sanitize = $this->classes['settings']->sanitize_api_token( WPSCAN_API_TOKEN );
|
|
|
|
if ( $sanitize ) {
|
|
update_option( $this->OPT_API_TOKEN, WPSCAN_API_TOKEN );
|
|
} else {
|
|
delete_option( $this->OPT_API_TOKEN );
|
|
}
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Register Admin Scripts
|
|
*
|
|
* @return void
|
|
* @since 1.0.0
|
|
* @access public
|
|
*/
|
|
public function admin_enqueue( $hook ) {
|
|
global $pagenow;
|
|
$screen = get_current_screen();
|
|
|
|
if ( $hook === $this->page_hook || 'dashboard' === $screen->id ) {
|
|
wp_enqueue_style(
|
|
'wpscan',
|
|
plugins_url( 'assets/css/style.css', WPSCAN_PLUGIN_FILE ),
|
|
array(),
|
|
$this->wpscan_plugin_version()
|
|
);
|
|
}
|
|
|
|
if ( $hook === $this->page_hook ) {
|
|
wp_enqueue_script( 'common' );
|
|
wp_enqueue_script( 'wp-lists' );
|
|
wp_enqueue_script( 'postbox' );
|
|
|
|
wp_enqueue_script(
|
|
'wpscan',
|
|
plugins_url( 'assets/js/scripts.js', WPSCAN_PLUGIN_FILE ),
|
|
array( 'jquery' ),
|
|
$this->wpscan_plugin_version()
|
|
);
|
|
|
|
|
|
wp_enqueue_script(
|
|
'wpscan-download-report',
|
|
plugins_url( 'assets/js/download-report.js', WPSCAN_PLUGIN_FILE ),
|
|
array( 'pdfmake' ),
|
|
$this->wpscan_plugin_version()
|
|
);
|
|
|
|
|
|
wp_enqueue_script(
|
|
'pdfmake',
|
|
plugins_url( 'assets/vendor/pdfmake/pdfmake.min.js', WPSCAN_PLUGIN_FILE ),
|
|
array( 'wpscan' ),
|
|
$this->wpscan_plugin_version()
|
|
);
|
|
|
|
wp_enqueue_script(
|
|
'wpscan-download-report-fonts',
|
|
plugins_url( 'assets/vendor/pdfmake/vfs_fonts.js', WPSCAN_PLUGIN_FILE ),
|
|
array( 'wpscan' ),
|
|
$this->wpscan_plugin_version()
|
|
);
|
|
|
|
$localized = array(
|
|
'ajaxurl' => admin_url( 'admin-ajax.php' ),
|
|
'action_check' => 'wpscan_check_now',
|
|
'action_security_check' => 'wpscan_security_check_now',
|
|
'action_cron' => $this->WPSCAN_TRANSIENT_CRON,
|
|
'ajax_nonce' => wp_create_nonce( 'wpscan' ),
|
|
'doing_cron' => false !== as_next_scheduled_action( $this->WPSCAN_RUN_ALL ) ? 'YES' : 'NO',
|
|
'doing_security_cron' => get_option( $this->WPSCAN_RUN_SECURITY ),
|
|
'running' => esc_html__( 'Running', 'wpscan' ),
|
|
'not_running' => esc_html__( 'Run', 'wpscan' ),
|
|
);
|
|
|
|
wp_localize_script( 'wpscan', 'wpscan', $localized );
|
|
}
|
|
|
|
if ( 'plugins.php' === $pagenow ) {
|
|
wp_enqueue_style(
|
|
'wpscan-deactivate',
|
|
plugins_url( 'assets/css/deactivate.css', WPSCAN_PLUGIN_FILE ),
|
|
array(),
|
|
$this->wpscan_plugin_version()
|
|
);
|
|
|
|
wp_enqueue_script(
|
|
'wpscan-deactivate',
|
|
plugins_url( 'assets/js/deactivate.js', WPSCAN_PLUGIN_FILE ),
|
|
array( 'jquery' ),
|
|
$this->wpscan_plugin_version()
|
|
);
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Get the latest report
|
|
*
|
|
* @return array|bool
|
|
* @since 1.0.0
|
|
* @access public
|
|
*/
|
|
public function get_report() {
|
|
if ( ! empty( $this->report ) ) {
|
|
return ( $this->report );
|
|
}
|
|
|
|
return get_option( $this->OPT_REPORT, array() );
|
|
}
|
|
|
|
/**
|
|
* Get the latest report
|
|
*
|
|
* @return array|bool
|
|
* @since 1.0.0
|
|
* @access public
|
|
*/
|
|
public function get_ignored_vulnerabilities() {
|
|
if ( ! empty( $this->ignored_vulnerabilities ) ) {
|
|
return ( $this->ignored_vulnerabilities );
|
|
}
|
|
|
|
return get_option( $this->OPT_IGNORED, array() );
|
|
}
|
|
|
|
/**
|
|
* Return the total of vulnerabilities found or -1 if errors
|
|
*
|
|
* @return int
|
|
* @since 1.0.0
|
|
* @access public
|
|
*/
|
|
public function get_total() {
|
|
$report = get_option( $this->OPT_REPORT );
|
|
|
|
if ( empty( $report ) ) {
|
|
return 0;
|
|
}
|
|
|
|
$total = 0;
|
|
|
|
foreach ( array( 'wordpress', 'themes', 'plugins', 'security-checks' ) as $type ) {
|
|
if ( isset( $report[ $type ] ) ) {
|
|
if ( isset( $report[ $type ]['total'] ) ) {
|
|
unset( $report[ $type ]['total'] );
|
|
}
|
|
|
|
foreach ( $report[ $type ] as $slug => $item ) {
|
|
$p = $report[ $type ][ $slug ];
|
|
|
|
if ( isset( $p['vulnerabilities'] ) && is_array( $p['vulnerabilities'] ) ) {
|
|
$total += count( $p['vulnerabilities'] );
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
return $total;
|
|
}
|
|
|
|
/**
|
|
* Return the total of vulnerabilities found but not ignored
|
|
*
|
|
* @return int
|
|
* @since 1.0.0
|
|
* @access public
|
|
*/
|
|
public function get_total_not_ignored() {
|
|
$report = $this->get_report();
|
|
$ignored = get_option( $this->OPT_IGNORED, array() );
|
|
|
|
$total = $this->get_total();
|
|
|
|
$types = array( 'wordpress', 'plugins', 'themes', 'security-checks' );
|
|
|
|
foreach ( $types as $type ) {
|
|
if ( isset( $report[ $type ] ) ) {
|
|
foreach ( $report[ $type ] as $item ) {
|
|
if ( empty( $item['vulnerabilities'] ) ) {
|
|
continue;
|
|
}
|
|
|
|
foreach ( $item['vulnerabilities'] as $vuln ) {
|
|
$id = 'security-checks' === $type ? $vuln['id'] : $vuln->id;
|
|
|
|
if ( in_array( $id, $ignored, true ) ) {
|
|
-- $total;
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
return $total;
|
|
}
|
|
|
|
/**
|
|
* Create a menu on Tools section
|
|
*
|
|
* @return void
|
|
* @since 1.0.0
|
|
* @access public
|
|
*/
|
|
public function menu() {
|
|
$total = $this->get_total_not_ignored();
|
|
$count = $total > 0 ? ' <span class="update-plugins">' . $total . '</span>' : null;
|
|
|
|
add_menu_page(
|
|
'WPScan',
|
|
'WPScan' . $count,
|
|
$this->WPSCAN_ROLE,
|
|
'wpscan',
|
|
array( $this->classes['report'], 'page' ),
|
|
$this->plugin_url . 'assets/svg/menu-icon.svg',
|
|
null
|
|
);
|
|
}
|
|
|
|
/**
|
|
* Include a shortcut on Plugins Page
|
|
*
|
|
* @param array $links - Array of links provided by the filter
|
|
*
|
|
* @access public
|
|
* @return array
|
|
* @since 1.0.0
|
|
*/
|
|
public function add_action_links( $links ) {
|
|
$links[] = '<a href="' . admin_url( 'admin.php?page=wpscan' ) . '">' . __( 'View' ) . '</a>';
|
|
|
|
return $links;
|
|
}
|
|
|
|
/**
|
|
* Get the WPScan plugin version.
|
|
*
|
|
* @return string
|
|
* @since 1.0.0
|
|
* @access public
|
|
*/
|
|
public function wpscan_plugin_version() {
|
|
if ( ! function_exists( 'get_plugin_data' ) ) {
|
|
require_once ABSPATH . 'wp-admin/includes/plugin.php';
|
|
}
|
|
|
|
return get_plugin_data( $this->plugin_dir . 'wpscan.php' )['Version'];
|
|
}
|
|
|
|
/**
|
|
* Get information from the API
|
|
*
|
|
* @return object|int the JSON object or the response code.
|
|
* @since 1.0.0
|
|
* @access public
|
|
*/
|
|
public function api_get( $endpoint, $api_token = null ) {
|
|
if ( empty( $api_token ) ) {
|
|
$api_token = get_option( $this->OPT_API_TOKEN );
|
|
}
|
|
|
|
// Make sure endpoint starts with a slash.
|
|
if ( substr( $endpoint, 0, 1 ) !== '/' ) {
|
|
$endpoint = '/' . $endpoint;
|
|
}
|
|
|
|
$args = array(
|
|
'headers' => array(
|
|
'Authorization' => 'Token token=' . $api_token,
|
|
'user-agent' => 'WordPress/' . get_bloginfo( 'version' ) . '; ' . home_url() . ' WPScan/' . $this->wpscan_plugin_version(),
|
|
),
|
|
);
|
|
|
|
// Hook before the request.
|
|
//do_action( 'wpscan/api/get/before', $endpoint );
|
|
|
|
// Start the request.
|
|
$response = wp_remote_get( WPSCAN_API_URL . $endpoint, $args );
|
|
$code = wp_remote_retrieve_response_code( $response );
|
|
|
|
// Hook after the request.
|
|
//do_action( 'wpscan/api/get/after', $endpoint, $response );
|
|
|
|
if ( 200 === $code ) {
|
|
return json_decode( wp_remote_retrieve_body( $response ) );
|
|
} else {
|
|
$errors = get_option( $this->OPT_ERRORS, array() );
|
|
|
|
switch ( $code ) {
|
|
case 401:
|
|
array_push( $errors, __( 'Your API Token expired', 'wpscan' ) );
|
|
break;
|
|
case 403:
|
|
array_push( $errors, __( 'You have entered an invalid API Token', 'wpscan' ) );
|
|
break;
|
|
case 404:
|
|
// We don't have the plugin/theme, do nothing.
|
|
break;
|
|
case 429:
|
|
array_push( $errors, sprintf( '%s <a href="%s" target="_blank">%s</a>.', __( 'You hit our free API usage limit. To increase your daily API limit please upgrade to paid usage from your', 'wpscan' ), WPSCAN_PROFILE_URL, __( 'WPScan profile page', 'wpscan' ) ) );
|
|
break;
|
|
case 500:
|
|
array_push( $errors, sprintf( '%s <a href="%s" target="_blank">%s</a>', __( 'There seems to be a problem with the WPScan API. Status: 500. Check the ', 'wpscan' ), WPSCAN_STATUS_URL, __( 'API Status', 'wpscan' ) ) );
|
|
break;
|
|
case 502:
|
|
array_push( $errors, sprintf( '%s <a href="%s" target="_blank">%s</a>', __( 'There seems to be a problem with the WPScan API. Status: 502. Check the ', 'wpscan' ), WPSCAN_STATUS_URL, __( 'API Status', 'wpscan' ) ) );
|
|
break;
|
|
case '':
|
|
array_push( $errors, sprintf( '%s <a href="%s" target="_blank">%s</a>', __( 'We were unable to connect to the WPScan API. Check the ', 'wpscan' ), WPSCAN_STATUS_URL, __( 'API Status', 'wpscan' ) ) );
|
|
break;
|
|
default:
|
|
array_push( $errors, sprintf( '%s <a href="%s" target="_blank">%s</a>.', __( 'We received an unknown response from the API. Status: ' . esc_html( $code ), 'wpscan' ), WPSCAN_STATUS_URL, __( 'Check API Status', 'wpscan' ) ) );
|
|
break;
|
|
}
|
|
|
|
// Save the errors.
|
|
update_option( $this->OPT_ERRORS, array_unique( $errors ) );
|
|
}
|
|
|
|
return $code;
|
|
}
|
|
|
|
/**
|
|
* Function to start checking right now
|
|
*
|
|
* @return void
|
|
* @since 1.0.0
|
|
* @access public
|
|
*/
|
|
public function check_now() {
|
|
if ( get_transient( $this->WPSCAN_TRANSIENT_CRON ) || empty( get_option( $this->OPT_API_TOKEN ) ) ) {
|
|
return;
|
|
}
|
|
|
|
// Start cron job and set timeout.
|
|
set_transient( $this->WPSCAN_TRANSIENT_CRON, time(), 60 );
|
|
|
|
$this->verify();
|
|
|
|
delete_transient( $this->WPSCAN_TRANSIENT_CRON );
|
|
|
|
// Notify by mail when solicited.
|
|
$this->classes['notification']->notify();
|
|
}
|
|
|
|
/**
|
|
* Function to verify on WpScan Database for vulnerabilities
|
|
*
|
|
* @return void
|
|
* @since 1.0.0
|
|
* @access public
|
|
*/
|
|
public function verify() {
|
|
$ignored = get_option( $this->OPT_IGNORE_ITEMS );
|
|
|
|
$ignored = wp_parse_args(
|
|
$ignored,
|
|
array(
|
|
'plugins' => array(),
|
|
'themes' => array(),
|
|
)
|
|
);
|
|
|
|
// Reset errors.
|
|
update_option( $this->OPT_ERRORS, array() );
|
|
update_option( $this->classes['checks/system']->OPT_FATAL_ERRORS, array() );
|
|
|
|
// Plugins.
|
|
$this->report['plugins'] = $this->verify_plugins( $ignored['plugins'] );
|
|
|
|
// Themes.
|
|
$this->report['themes'] = $this->verify_themes( $ignored['themes'] );
|
|
|
|
// WordPress.
|
|
if ( ! isset( $ignored['wordpress'] ) ) {
|
|
$this->report['wordpress'] = $this->verify_wordpress();
|
|
} else {
|
|
$this->report['wordpress'] = array();
|
|
}
|
|
|
|
// Security checks.
|
|
$this->report['security-checks'] = array();
|
|
|
|
foreach ( $this->classes['checks/system']->checks as $id => $data ) {
|
|
$data['instance']->perform();
|
|
$this->report['security-checks'][ $id ]['vulnerabilities'] = array();
|
|
|
|
if ( $data['instance']->vulnerabilities ) {
|
|
$this->report['security-checks'][ $id ]['vulnerabilities'] = $data['instance']->get_vulnerabilities();
|
|
|
|
$this->maybe_fire_issue_found_action( 'security-check', $id, $this->report['security-checks'][ $id ] );
|
|
}
|
|
}
|
|
|
|
// Caching.
|
|
$this->report['cache'] = strtotime( current_time( 'mysql' ) );
|
|
|
|
// Saving.
|
|
update_option( $this->OPT_REPORT, $this->report, true );
|
|
|
|
// Updates account status (API calls etc).
|
|
$this->classes['account']->update_account_status();
|
|
}
|
|
|
|
/**
|
|
* Fires the wpscan_issue_found action if needed
|
|
*
|
|
* @param string $type - The affected component type: plugin, theme, WordPress or security-check
|
|
* @param string $slug - The affected component slug.
|
|
* For WordPress, it will be the version (ie 5.5.3)
|
|
* For security-checks, it will be the id of the check, ie xmlrpc-enabled
|
|
* @param array $details - An array containing some keys, such as vulnerabilities
|
|
* @param array additional_details - An array with the plugin details, such as Version etc
|
|
**@since 1.14.0
|
|
*
|
|
*/
|
|
public function maybe_fire_issue_found_action( $type, $slug, $details, $additional_details = array() ) {
|
|
if ( ! count( $details['vulnerabilities'] ) > 0 ) {
|
|
return;
|
|
}
|
|
|
|
do_action( $this->WPSCAN_ISSUE_FOUND, $type, $slug, $details, $additional_details );
|
|
}
|
|
|
|
/**
|
|
* Check plugins for any known vulnerabilities
|
|
*
|
|
* @param array $ignored - An array of plugins slug to ignore
|
|
*
|
|
* @access public
|
|
* @return array
|
|
* @since 1.0.0
|
|
*
|
|
*/
|
|
public function verify_plugins( $ignored ) {
|
|
$plugins = array();
|
|
|
|
if ( ! function_exists( 'get_plugins' ) ) {
|
|
require_once ABSPATH . 'wp-admin/includes/plugin.php';
|
|
}
|
|
|
|
foreach ( get_plugins() as $name => $details ) {
|
|
$slug = $this->get_plugin_slug( $name, $details );
|
|
|
|
if ( isset( $ignored[ $slug ] ) ) {
|
|
continue;
|
|
}
|
|
|
|
$result = $this->api_get( '/plugins/' . $slug );
|
|
|
|
if ( is_object( $result ) ) {
|
|
$plugins[ $slug ]['vulnerabilities'] = $this->get_vulnerabilities( $result, $details['Version'] );
|
|
|
|
if ( isset( $result->$slug->closed ) ) {
|
|
$plugins[ $slug ]['closed'] = is_object( $result->$slug->closed ) ? true : false;
|
|
} else {
|
|
$plugins[ $slug ]['closed'] = false;
|
|
}
|
|
|
|
$this->maybe_fire_issue_found_action( 'plugin', $slug, $plugins[ $slug ], $details );
|
|
} else {
|
|
if ( 404 === $result ) {
|
|
$plugins[ $slug ]['not_found'] = true;
|
|
}
|
|
}
|
|
}
|
|
|
|
return $plugins;
|
|
}
|
|
|
|
/**
|
|
* Check themes for any known vulnerabilities
|
|
*
|
|
* @param array $ignored - An array of themes slug to ignore.
|
|
*
|
|
* @access public
|
|
* @return array
|
|
* @since 1.0.0
|
|
*
|
|
*/
|
|
public function verify_themes( $ignored ) {
|
|
$themes = array();
|
|
|
|
if ( ! function_exists( 'wp_get_themes' ) ) {
|
|
require_once ABSPATH . 'wp-admin/includes/theme.php';
|
|
}
|
|
|
|
$filter = array(
|
|
'errors' => null,
|
|
'allowed' => null,
|
|
'blog_id' => 0,
|
|
);
|
|
|
|
foreach ( wp_get_themes( $filter ) as $name => $details ) {
|
|
$slug = $this->get_theme_slug( $name, $details );
|
|
|
|
if ( isset( $ignored[ $slug ] ) ) {
|
|
continue;
|
|
}
|
|
|
|
$result = $this->api_get( '/themes/' . $slug );
|
|
|
|
if ( is_object( $result ) ) {
|
|
$themes[ $slug ]['vulnerabilities'] = $this->get_vulnerabilities( $result, $details['Version'] );
|
|
|
|
if ( isset( $result->$slug->closed ) ) {
|
|
$themes[ $slug ]['closed'] = is_object( $result->$slug->closed ) ? true : false;
|
|
} else {
|
|
$themes[ $slug ]['closed'] = false;
|
|
}
|
|
|
|
$this->maybe_fire_issue_found_action( 'theme', $slug, $themes[ $slug ], $details );
|
|
} else {
|
|
if ( 404 === $result ) {
|
|
$themes[ $slug ]['not_found'] = true;
|
|
}
|
|
}
|
|
}
|
|
|
|
return $themes;
|
|
}
|
|
|
|
/**
|
|
* Check WordPress for any known vulnerabilities.
|
|
*
|
|
* @return array
|
|
* @since 1.0.0
|
|
* @access public
|
|
*/
|
|
public function verify_wordpress() {
|
|
$wordpress = array();
|
|
|
|
$version = get_bloginfo( 'version' );
|
|
$result = $this->api_get( '/wordpresses/' . str_replace( '.', '', $version ) );
|
|
|
|
if ( is_object( $result ) ) {
|
|
$wordpress[ $version ]['vulnerabilities'] = $this->get_vulnerabilities( $result, $version );
|
|
|
|
$this->maybe_fire_issue_found_action( 'WordPress', $version, $wordpress[ $version ] );
|
|
}
|
|
|
|
return $wordpress;
|
|
}
|
|
|
|
/**
|
|
* Filter vulnerability list from WPScan
|
|
*
|
|
* @param array $data - Report data for the element to check.
|
|
* @param string $version - Installed version.
|
|
*
|
|
* @access public
|
|
* @return string
|
|
* @since 1.0.0
|
|
*
|
|
*/
|
|
public function get_vulnerabilities( $data, $version ) {
|
|
$list = array();
|
|
$key = key( $data );
|
|
|
|
if ( empty( $data->$key->vulnerabilities ) ) {
|
|
return $list;
|
|
}
|
|
|
|
// Trim and remove potential leading 'v'.
|
|
$version = ltrim( trim( $version ), 'v' );
|
|
|
|
foreach ( $data->$key->vulnerabilities as $item ) {
|
|
if ( $item->fixed_in ) {
|
|
if ( version_compare( $version, $item->fixed_in, '<' ) ) {
|
|
$list[] = $item;
|
|
}
|
|
} else {
|
|
$list[] = $item;
|
|
}
|
|
}
|
|
|
|
return $list;
|
|
}
|
|
|
|
/**
|
|
* Get vulnerability title.
|
|
*
|
|
* @param string $vulnerability - element array.
|
|
*
|
|
* @access public
|
|
* @return string
|
|
* @since 1.0.0
|
|
*
|
|
*/
|
|
public function get_sanitized_vulnerability_title( $vulnerability ) {
|
|
$title = esc_html( $vulnerability->title ) . ' - ';
|
|
|
|
$title .= empty( $vulnerability->fixed_in )
|
|
? __( 'Not fixed', 'wpscan' )
|
|
: sprintf( __( 'Fixed in version %s', 'wpscan' ), esc_html( $vulnerability->fixed_in ) );
|
|
|
|
return $title;
|
|
}
|
|
|
|
/**
|
|
* Get the plugin slug for the given name
|
|
*
|
|
* @param string $name - plugin name "folder/file.php" or "hello.php".
|
|
* @param string $details details.
|
|
*
|
|
* @access public
|
|
* @return string
|
|
* @since 1.0.0
|
|
*
|
|
*/
|
|
public function get_plugin_slug( $name, $details ) {
|
|
$name = $this->get_name( $name );
|
|
$name = $this->get_real_slug( $name, $details['PluginURI'] );
|
|
|
|
return sanitize_title( $name );
|
|
}
|
|
|
|
|
|
/**
|
|
* Get the theme slug for the given name.
|
|
*
|
|
* @param string $name - plugin name "folder/file.php" or "hello.php".
|
|
* @param string $details details.
|
|
*
|
|
* @access public
|
|
* @return string
|
|
* @since 1.0.0
|
|
*
|
|
*/
|
|
public function get_theme_slug( $name, $details ) {
|
|
$name = $this->get_name( $name );
|
|
$name = $this->get_real_slug( $name, $details['ThemeURI'] );
|
|
|
|
return sanitize_title( $name );
|
|
}
|
|
|
|
/**
|
|
* Get the plugin/theme name
|
|
*
|
|
* @param string $name - plugin name "folder/file.php" or "hello.php".
|
|
*
|
|
* @access public
|
|
* @return string
|
|
* @since 1.0.0
|
|
*
|
|
*/
|
|
private function get_name( $name ) {
|
|
return strstr( $name, '/' ) ? dirname( $name ) : $name;
|
|
}
|
|
|
|
/**
|
|
* Get plugin/theme slug.
|
|
*
|
|
* The name returned by get_plugins or get_themes is not always the real slug.
|
|
* If the pluginURI is a WordPress url, we take the slug from there.
|
|
* this also fixes folder renames on plugins if the readme is correct.
|
|
*
|
|
* @param string $name - asset name from get_plugins or wp_get_themes.
|
|
* @param string $url - either the value or ThemeURI or PluginURI.
|
|
*
|
|
* @access public
|
|
* @return string
|
|
* @since 1.0.0
|
|
*
|
|
*/
|
|
private function get_real_slug( $name, $url ) {
|
|
$slug = $name;
|
|
$match = preg_match( '/https?:\/\/wordpress\.org\/(?:extend\/)?(?:plugins|themes)\/([^\/]+)\/?/', $url, $matches );
|
|
|
|
if ( 1 === $match ) {
|
|
$slug = $matches[1];
|
|
}
|
|
|
|
return sanitize_title( $slug );
|
|
}
|
|
|
|
/**
|
|
* Create a shortcut on Admin Bar to show the total of vulnerabilities found.
|
|
*
|
|
* @return void
|
|
* @since 1.0.0
|
|
* @access public
|
|
*/
|
|
public function admin_bar( $wp_admin_bar ) {
|
|
if ( ! current_user_can( $this->WPSCAN_ROLE ) ) {
|
|
return;
|
|
}
|
|
|
|
$total = $this->get_total_not_ignored();
|
|
|
|
if ( $total > 0 ) {
|
|
$args = array(
|
|
'id' => 'wpscan',
|
|
'title' => '<span class="ab-icon dashicons-shield"></span><span class="ab-label">' . $total . '</span>',
|
|
'href' => admin_url( 'admin.php?page=wpscan' ),
|
|
'meta' => array(
|
|
'title' => sprintf( _n( '%d vulnerability found', '%d vulnerabilities found', $total, 'wpscan' ), $total ),
|
|
),
|
|
);
|
|
|
|
$wp_admin_bar->add_node( $args );
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Check if interval scanning is disabled
|
|
*
|
|
* @return bool
|
|
* @since 1.0.0
|
|
* @access public
|
|
* @example define('WPSCAN_DISABLE_SCANNING_INTERVAL', true);
|
|
*
|
|
*/
|
|
public function is_interval_scanning_disabled() {
|
|
if ( defined( 'WPSCAN_DISABLE_SCANNING_INTERVAL' ) ) {
|
|
return WPSCAN_DISABLE_SCANNING_INTERVAL;
|
|
} else {
|
|
return false;
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Delete doing_cron transient, as they could hang in older versions
|
|
*
|
|
* @return void
|
|
* @since 1.12.2
|
|
* @access public
|
|
*/
|
|
public function delete_doing_cron_transient() {
|
|
delete_transient( $this->WPSCAN_TRANSIENT_CRON );
|
|
}
|
|
}
|