dead

File manager - Edit - /opt/imunify360/venv/lib/python3.11/site-packages/imav/plugins/__pycache__/wordpress.cpython-311.opt-1.pyc

Back
� ��}si�G��d�Z�ddlZddlZddlZddlmZ�ddlmZ�ddlm Z m Z �ddlmZ�ddl mZ�ddlmZmZmZ�dd lmZ�dd lmZmZmZ�ddlmZmZ�ddlmZ�dd lmZ�ddl m!Z!�ddlm"Z"�ddl#m$Z$�ddl%m&Z&�ddl'm(Z(m)Z)�ddlm+Z+m,Z,�ddl-m.Z.m/Z/�ddl0m1Z1��ej2��e3��Z4�edej5��Z6�edej5��Z7�ed��Z8�ed��Z9e8dz��Z:e8dz��Z;�G�d��dee��Z<dS�)u �� This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see <https://www.gnu.org/licenses/>. Copyright © 2019 Cloud Linux Software Inc. This software is also available under ImunifyAV commercial license, see <https://www.imunify360.com/legal/eula> ��N)�Path)� Coroutine)�ANTIVIRUS_MODE�SystemConfig)� HookEvent)�MessageType)�MessageSink� MessageSource�expect)� hosting_panel)� load_state�register_lock_file� save_state)�Scope�recurring_check)� check_lock)�DAY)�plugin)� Wordpress)� MalwareHit��WPSite)�get_sites_by_path�get_installed_sites)�is_secret_expired� rotate_secret)�IncidentCollector�IncidentSender)�delete_old_wordpress_incidentszwp-gen-authzwp-incident-collectz-/etc/sysconfig/imunify360/imunify360.config.dzF/opt/imunify360/venv/share/imunify360/11_on_first_install_wp_av.configz 11_on_first_install_wp_av.configz.11_on_first_install_wp_av.flagc��e�Zd�Zej��Zd��Zd��Zd��Zd��Z d��Z d��Zddefd �Z d ��Z�eedee��d ��Z�eedde��d��Zd��Zd��Zd��Zd��Zd��Z�eej��d��Z�eej��d��Z �ee!j"��d��Z#�ee!j$��d��Z%dS�)�ImunifySecurityPluginc��d�\|�_��d�\|�_��t��d��d��\|�_��t��d��d��pt ��j��\|�_��d�\|�_��d�\|�_ ��d�\|�_ ��t��\|�_��t��\|�_��t��\|�_��d�\|�_��d�S�)Nr!�� installed�enabled)�_loop�_sinkr ��get�installation_completedr��SECURITY_PLUGIN_ENABLED�last_config_value�installation_task� deleting_task�install_and_update_task�set�freshly_installed_sitesr��incident_collectorr��incident_sender�_incident_collect_task��selfs�� K/opt/imunify360/venv/lib/python3.11/site-packages/imav/plugins/wordpress.py�__init__zImunifySecurityPlugin.__init__T��s�� &0�1H�&I�&I�&M�&M��' ��' ��#�� .�/�/�3�3�I�>�>�� 1��0�� 7;��26��<@��$�47�E�E��$��#4�"5�"5��-�/�/��;?��#�#�#��c�� K��d�S��N��)r4��loops�� r5��create_sinkz!ImunifySecurityPlugin.create_sinkh��s��r7��c��f��K��\|\|�_��\|\|�_��\|�j��\|��\|�_��\|�j��\|��\|�_��t��r\|��d�{V��d�S�t�� d��d�S�)NT)� missing_ok)r%��r&��create_task�refresh_auth_files�_update_auth_task�collect_wordpress_incidentsr2��r��_apply_first_install_config�FIRST_INSTALL_FLAG�unlink)r4��r;��sinks�� r5�� create_sourcez#ImunifySecurityPlugin.create_sourcek��s�� !%��!7�!7��#�#�%�%�" ��" ��'+�j�&<�&<��,�,�.�.�' ��' ��#�� 7��2�2�4�4�4�4�4�4�4�4�4�4�4��%�%��%�6�6�6�6�6r7��c��f��K��t��sd�S�t��j��d�{V��dk��rKt ��t��}t �� d��t�� d�S�)N��i��)rD��existsr��HostingPanel�users_count�FIRST_INSTALL_CONFIG_PATH� write_text�FIRST_INSTALL_CONFIG_FILE� read_text�chmodrE��)r4��_s�� r5��rC��z1ImunifySecurityPlugin._apply_first_install_config{��s��!�(�(���� F��+�-�-�9�9�;�;�;�;�;�;�;�;�q�@�@�)�4�4�)�3�3�5�5��A�� &�+�+�E�2�2�2��!�!�#�#�#�#�#r7��c��K��\|�j��\|�j��d�{V��\|�j��r(\|�j��\|�j��d�{V��d�S�d�S�r9��)rA��cancelr2��r3��s�� r5��shutdownzImunifySecurityPlugin.shutdown��s��%�%�'�'�'��$�$�$�$�$�$�$�$��&�� .��'�.�.�0�0�0��-�-�-�-�-�-�-�-�-�-� .�� .r7��c��t��\|�\|��st��d\|��dS�t��\|�\|��}\|d�uo)\|��o\|��S�)NzUnknown task '%s'F)�hasattr�logger�error�getattr�done� cancelled)r4��task_attr_name�tasks�� r5��_task_in_progressz'ImunifySecurityPlugin._task_in_progress��si��t�^�,�,�� L�L�,�n�=�=�=��5��t�^�,�,��4��L�� O�L�D�N�N�<L�<L�8L�Lr7��F�coroc��z��K��\|��d��rE\|r\|��d�S�\|�j��r&\|�j��\|�j��d�{V��\|��d��r0t��d��\|��d�S�t ��j��\|��\|�_��d�S�)Nr,��r+��zInstallation is already running) r_��closer,��rT��rX��warning�asyncior?��r+��)r4��r`�� for_new_sitess�� r5��process_installationzImunifySecurityPlugin.process_installation��s��!�!�/�2�2�� )�� !�� )��"�)�)�+�+�+��(�(�(�(�(�(�(�(��!�!�"5�6�6�� N�N�<�=�=�=��J�J�L�L�L��F�!(�!4�T�!:�!:��r7��c��"��K��\|��d��r-\|�j��r&\|�j��\|�j��d�{V��\|��d��rt��d��d�S�t��j��\|��\|�_��d�S�)Nr+��r,��zDeleting is already running)r_��r+��rT��rX��rc��rd��r?��r,��)r4��r`��s�� r5��process_deletingz&ImunifySecurityPlugin.process_deleting��s��!�!�"5�6�6�� -��%�� -��&�-�-�/�/�/��,�,�,�,�,�,�,�,��!�!�/�2�2�� N�N�8�9�9�9��F�$�0��6�6��r7��T)�check_period_first�check_lock_period� lock_filec��K��t��rt��d�{V��t��j��d�{V��d�S�r9��)r��r��r��update_auth_everywherer3��s�� r5��r@��z(ImunifySecurityPlugin.refresh_auth_files��sY�� "��/�/�!�!�!�!�!�!�!��+�-�-�-�-�-�-�-�-�-�-�-r7��<��c��K��t��d�� t��}\|st��d��dS�\|�j��\|d��d{V��}\|�j��\|�j��\|��d{V��t��d��dS�#�t��$�r&}t�� d\|��Y�d}~dS�d}~ww�xY�w) z� Collect WordPress CVE protection incidents from all sites. This task runs periodically to parse incident files written by the WordPress plugin and store them in the database. z-Collecting WordPress CVE protection incidentsz0No WordPress sites found for incident collectionNT)�delete_after_processing��)�daysz(Error collecting WordPress incidents: %s)rX��debugr��r0��collect_incidents_for_sitesr1��send_incidentsr&��r�� ExceptionrY��)r4��sites� incidents�es�� r5��rB��z1ImunifySecurityPlugin.collect_wordpress_incidents��s+�� D�E�E�E� H�'�)�)�E�� F��-�I�I��,0��J�� &�5�5�d�j�)�L�L�L�L�L�L�L�L�L���3�3�3�3�3�3�� H�� H�� H��L�L�C�Q�G�G�G�G�G�G�G�G�G�� H��s��B$�� AB$��$ C�.C�Cc��K��j��fd�}��\|��d��d{V��dS�)z&Install plugin on new WordPress sites.c��K��t��j��j��d�{V��}�\|�r�j��\|��\|�S�)N�rF��)r��install_everywherer&��r/��update)�installed_sitesr4��s�� r5��install_and_trackzFImunifySecurityPlugin._install_on_new_sites.<locals>.install_and_track��sT��$�$=�4�:�$N�$N�$N�N�N�N�N�N�N�O�� E��,�3�3�O�D�D�D�"�"r7��T)re��N)r/��clearrf��)r4��r��s��` r5��_install_on_new_sitesz+ImunifySecurityPlugin._install_on_new_sites��s�� $���,�,�,� #�� #�� #�� #�� #��'�'��(�� r7��c��&��K��t��j��\|�j��\|�j��d{V��t��j��\|�j��d{V��t ��j��s<\|��t��j��\|�j��d{V��d\|�_ ��dS�dS�)zCTidy up sites from which the WordPress plugin was deleted manually.)rF��r/��Nr\|��F) r��tidy_up_manually_deletedr&��r/��$fix_data_file_permissions_everywherer��r)��rh��remove_all_installedr(��r3��s�� r5��_tidy_upzImunifySecurityPlugin._tidy_up��s��-��$(�$@� �� 9�t�z�J�J�J�J�J�J�J�J�J�J��0�� 0��'�'��+��<�<�<�� +0�D�'�'�'� 0�� 0r7��c��K��t��j��\|�j��d{V��}\|r\|�j��\|��dS�dS�)zFAdopt sites where plugin is installed but not tracked in our database.r\|��N)r��adopt_found_sitesr&��r/��r~��)r4�� adopted_sitess�� r5��_adopt_found_sitesz(ImunifySecurityPlugin._adopt_found_sites��s^��$�6�D�J�G�G�G�G�G�G�G�G�G� �� ?��(�/�/� �>�>�>�>�>� ?�� ?r7��c��J��K��t��j��\|�j��d{V��dS�)z1Update plugin on all sites where it is installed.r\|��N)r��update_everywherer&��r3��s�� r5��_update_existingz&ImunifySecurityPlugin._update_existing��s4��&�D�J�7�7�7�7�7�7�7�7�7�7�7�7r7��c��K��\|��d{V��\|�j��r \|�j��d{V��\|��d{V��\|��d{V��\|��d{V��dS�)z� Combined operation: install on new sites, adopt found sites, tidy up, and update existing plugins. This runs all operations sequentially to avoid race conditions. N)r��r+��r��r��r��r3��s�� r5��_run_install_and_updatez-ImunifySecurityPlugin._run_install_and_update��s��(�(�����������!�� )��(�(�(�(�(�(�(�(��%�%�'�'�'�'�'�'�'�'�'��m�m�o�o��#�#�%�%�%�%�%�%�%�%�%�%�%r7��c��R��K��t��d\|j��\|j��\|��d��r"t��d\|j��d�S�\|j��dk��r%\|�j��sd�S�\|��d�{V��d�S�\|��d��r"t��d\|j��d�S�\|��d��r"t��d\|j��d�S�\|j��d k��r\|��d�{V��d�S�\|j��d k��r\|�� d�{V��d�S�\|j��dk��rP\|�j��st��d��d�S�t��j��\|��\|�_ ��d�S�d�S�) Nz<ImunifySecurityPlugin received message action: %s method: %sr-��z7Install-and-update is still running, skipping action %s�install_on_new_sitesr+��z1Installation is still running, skipping action %sr,��z5Uninstallation is already running, skipping action %s�update_existing�tidy_up�install_and_updatez>Installation is not completed yet, skipping install_and_update)rX��info�action�methodr_��rc��r(��r��r��r��rd��r?��r��r-��)r4��messages�� r5��manage_plugin_actionzImunifySecurityPlugin.manage_plugin_action"��s��J��N��N� �� !�!�";�<�<�� N�N�I�� F��>�3�3�3��.�� ,�,�.�.�.�.�.�.�.�.�.��F��!�!�"5�6�6�� N�N�C�� F��!�!�/�2�2�� N�N�G�� F��>�.�.�.��'�'�)�)�)�)�)�)�)�)�)��F��>�Y�&�&��-�-�/�/�!�!�!�!�!�!�!��F��>�1�1�1��.�� �� ,3�+>��,�,�.�.�,��,�D�(�(�(��2�1r7��c��K��t��\|d��t��sd�S�t��j��}\|\|�j��k��rd�S�\|\|�_��\|rB\|�j��s;\|��t��j��\|�j ��d�{V��d\|�_��nC\|sA\|�j��r:\|�� t��j��\|�j ��d�{V��d\|�_��t��d\|�j��\|d��d�S�)N�confr\|��TFr!��)r#��r$��) � isinstancer��r��r)��r��r(��rf��r��r}��r&��rh��r��r��)r4��r��current_config_values�� r5��manage_plugin_installationz0ImunifySecurityPlugin.manage_plugin_installation`��sF��'�&�/�<�8�8�� F�(�@��4�#9�9�9��F��"6�� 0��(C�� 0��+�+��)�t�z�:�:�:�� +/�D�'�'�%�� 0�$�E�� 0��'�'��+��<�<�<�� +0�D�'��#�!�8�/� �� r7��c��$��K��\|�j��sdS�\|��d��dk��s\|��d��sdS�t��j��\|d��}t ��}\|D�]�}\|j��dk��r� �t ��j��\|j��}t��j ��\|��}\|r\|j��nd}\|D�]5}\|j�� \|��r\|��\|\|f��n�6�#�t��$�r�Y��w�xY�w��\|st ��d��dS�t ��dt'��\|��d��\|D��} t��j��\|�j��\| ��d{V��t ��d t'��\| ��dS�) a�� INFO [2025-02-24 12:00:20,384] imav.plugins.wordpress: Malware cleanup finished: HookEvent.MalwareCleanupFinished( { 'cleanup_id': 'fa4fe7e48dbf45588f53b24366cd8893', 'started': 1740398411.786418, 'error': None, 'total_files': 3, 'total_cleaned': 3, 'status': 'ok' } ) N�status�ok�started�filez3Cleanup finished => no sites found for cleaned hitsz1Cleanup finished => %s site(s) need to be updatedc��8��g�\|�]\��}}t��\|d�\|��S�)��)�docroot�domain�uidr��)�.0� site_pathr��s�� r5�� <listcomp>zIImunifySecurityPlugin.handle_malware_cleanup_finished.<locals>.<listcomp>��s;�� 3�� 9�R�S�9�9�9� �� r7��z"%s site(s) updated after a cleanup)r��r'��r�� cleaned_sincer.�� resource_type�pwd�getpwnam�userr��get_sites_for_user�pw_uid� orig_file� startswith�add�KeyErrorrX��rs��r��len�update_data_on_sitesr&��) r4��r��hits� site_paths�hit� user_info� user_sitesr��r��wordpress_sitess �� r5��handle_malware_cleanup_finishedz5ImunifySecurityPlugin.handle_malware_cleanup_finished��s�� %�� F��;�;�x� � �D�(�(��I�0F�0F�(��F��'�� (:�;�;��U�U� �� C�� F���� #��S�X� 6� 6�I�!'�!:�9�!E�!E�J�,5�?� �(�(�4��&0��"��"� ��=�3�3�I�>�>��"�&�N�N�I�s�+;�<�<�<�!�E�"�� D��+�� L�L�N�O�O�O��F��?�� O�O� �� ",� �� )�$��o�F�F�F�F�F�F�F�F�F��8�#�o�:N�:N�O�O�O�O�Os��4A0C%�% C2�1C2c��K��\|�j��sdS�\|��d��dk��s\|��d��r\|��d��sdS�\|d��}t��\|��}\|st��d\|��dS�t��dt ��\|��t��j��\|�j ��\|��d{V��t��dt ��\|��dS�) a�� INFO [2025-02-24 11:57:17,968] imav.plugins.wordpress: Malware scan finished: HookEvent.MalwareScanningFinished( { 'scan_id': 'b9bd136aff0a4d87a248c859cfe41c47', 'scan_type': 'user', 'path': '/home/user1' } ) INFO [2025-02-24 12:00:10,740] imav.plugins.wordpress: Malware scan finished: HookEvent.MalwareScanningFinished( { 'scan_id': 'a74271d2cdd04e0c9bd49ef6de23e0d8', 'scan_type': 'user', 'path': '/home/user4', 'started': 1740398383, 'total_files': 39229, 'total_malicious': 3, 'error': None, 'status': 'ok', 'scan_params': {'intensity_cpu': 2, 'intensity_io': 2, 'intensity_ram': 2048, 'initiator': None, 'file_patterns': None, 'exclude_patterns': None, 'follow_symlinks': False, 'detect_elf': True}, 'stats': {'scan_time': 27, 'mem_peak': 28217344, 'smart_time_hs': 0.004, 'scan_time_hs': 1.1751, 'smart_time_preg': 0, 'scan_time_preg': 2.7391, 'finder_time': 13.5896, 'cas_time': 0.7562, 'deobfuscate_time': 0.8998, 'total_files': 39229} } ) Nr��r��path�statsz+Scan finished => no sites found for path=%sz.Scan finished => %s site(s) need to be updatedz%s site(s) updated after a scan) r��r'��r��rX��rs��r��r��r��r��r&��)r4��r��r��rw��s�� r5��handle_malware_scan_finishedz2ImunifySecurityPlugin.handle_malware_scan_finished��s��8��%�� F�� K�K��!�!�T�)�)��;�;�v�&�&�� ��;�;�w�'�'�� �� F��v��!�$�'�'�� L�L�F��M�M�M��F�� <�c�%�j�j� �� )�$��e�<�<�<�<�<�<�<�<�<��5�s�5�z�z�B�B�B�B�Br7��N)F)&�__name__� __module__�__qualname__r��AV_IM360�SCOPEr6��r<��rG��rC��rU��r_��r��rf��rh��r��r��r�� LOCK_FILEr@��INCIDENT_COLLECT_LOCK_FILErB��r��r��r��r��r��r��r��WordpressPluginActionr��ConfigUpdater��r��MalwareCleanupFinishedr��MalwareScanningFinishedr��r:��r7��r5��r!��r!��Q��s��N�E�@��@��@�( �� 7��7��7� $��$��$�.��.��.�M��M��M�;��;�y��;��;��;��;�" 7�� 7�� 7��_�� .��.� ��.� ��_�� ,� ��H��H� ��H�> �� 0�� 0�� 0�?��?��?�8��8��8�&��&��&�&��V�K�-�.�.�;��;��/�.�;�z��V�K�$�%�%�! ��! ��&�%�! �F��V�I�,�-�-�>P��>P��.�-�>P�@��V�I�-�.�.�4C��4C��/�.�4C��4C��4Cr7��r!��)=�__doc__rd��loggingr��pathlibr��typingr�� defence360agent.contracts.configr��r��%defence360agent.contracts.hook_eventsr��"defence360agent.contracts.messagesr��!defence360agent.contracts.pluginsr ��r ��r��defence360agent.subsys.panelsr��'defence360agent.subsys.persistent_stater ��r��r��defence360agent.utilsr��r�� defence360agent.utils.check_lockr��defence360agent.utils.commonr��imav.wordpressr��r��imav.malwarelib.modelr��imav.model.wordpressr��imav.wordpress.site_repositoryr��r��imav.wordpress.proxy_authr��r��defence360agent.wordpressr��r��(defence360agent.model.wordpress_incidentr�� getLoggerr��rX��r��r��r�� CONFIG_DIRrO��rM��rD��r!��r:��r7��r5��<module>r��s���� I��I��I��I��I��I��I��I��;��;��;��;��;��;��:��:��:��:��:��:�� 8��7��7��7��7��7�� 9��8��8��8��8��8��8��8��7��7��7��7��7��7��,��,��,��,��,��,��!��!��!��!��!��!��6��6��6��6��6��6��,��,��,��,��,��,��'��'��'��'��'��'��G��F��F��F��F��F��F��F�� 8� $� $��}�e�n�=�=� �/�/��5�>��T�A� B� B� � �D�L��'�)K�K��"C�C��iC��iC��iC��iC��iC�K��iC��iC��iC��iC��iCr7��

| ver. 1.4 | Github | . | PHP 8.2.30 | Generation time: 0 | proxy | phpinfo | Settings