Skip to content

New. DBTriggerScan. #499

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
svfcode merged 20 commits into from
May 26, 2025
Merged

New. DBTriggerScan. #499

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
20 commits
Select commit Hold shift + click to select a range
14022a9
New. DBTriggerScan. Init.
svfcode Mar 21, 2025
5d1e146
fix phpcs
svfcode Mar 25, 2025
2a19728
Merge branch 'dev' into add-db-trigger-scan
alexandergull Apr 8, 2025
e2fe9e7
Mod. Scanner. DB Triggers. Classes refactored, description added, sig…
alexandergull Apr 10, 2025
d23c1c3
Fix. Code. Removed redundant enqueue function.
alexandergull Apr 10, 2025
9666409
Code. Scanner. DB triggers. Autotests.
alexandergull Apr 10, 2025
41c3e03
Code. PHPUnit. Fixed testDBTriggerService.
alexandergull Apr 11, 2025
b20c728
Fix. Disable OS Cron and DB trigger analysis if options disabled.
alexandergull Apr 11, 2025
2d7f890
Merge remote-tracking branch 'origin/dev' into add-db-trigger-scan
Glomberg Apr 15, 2025
6a45b40
Fix. Scanner. SQL triggers: text fixed.
Glomberg Apr 15, 2025
b568610
Fix. Scanner. SQL triggers: sending found signatures implemented.
AntonV1211 Mar 20, 2025
53c79db
Fix. Scanner. Clear `signatures_found` on scanner start.
Glomberg Apr 17, 2025
7622a6f
Fix. Triggers scanner. PHP Unit testing - using mock data.
Glomberg Apr 17, 2025
7cbbca4
Fix. Code. DB Triggers unit tests fixed.
Glomberg Apr 17, 2025
6b8d577
New. Scan. Add delete action.
svfcode May 8, 2025
63d4f0f
fix phpcs
svfcode May 8, 2025
27f909a
fix test
svfcode May 13, 2025
65974e3
fix test
svfcode May 13, 2025
dbc35f0
Upd. TriggersScanner. Improved triggers gathering.
svfcode May 22, 2025
4300de0
remove debug
svfcode May 22, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
277 changes: 6 additions & 271 deletions inc/spbc-admin.php
View file
Open in desktop

Large diffs are not rendered by default.

147 changes: 107 additions & 40 deletions inc/spbc-settings.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@
use CleantalkSP\SpbctWP\LinkConstructor;
use CleantalkSP\SpbctWP\ListTable;
use CleantalkSP\SpbctWP\Scanner;
use CleantalkSP\SpbctWP\Scanner\DBTrigger\DBTriggerView;
use CleantalkSP\SpbctWP\Scanner\OSCron\Storages\OsCronTasksStorage;
use CleantalkSP\SpbctWP\Scanner\OSCron\View\OSCronView;
use CleantalkSP\SpbctWP\Scanner\ScanningLog\ScanningLogFacade;
Expand All @@ -18,6 +19,7 @@
use CleantalkSP\SpbctWP\VulnerabilityAlarm\VulnerabilityAlarmView;
use CleantalkSP\Variables\Post;
use CleantalkSP\Variables\Server;
use CleantalkSP\SpbctWP\Scanner\DBTrigger\DBTriggerService;

// Scanner AJAX actions
require_once(SPBC_PLUGIN_DIR . 'inc/spbc-scanner.php');
Expand Down Expand Up @@ -689,6 +691,12 @@ function spbc_settings__register()
'description' => Scanner\OSCron\View\OSCronLocale::getInstance()->settings__option_description,
'long_description' => false,
),
'scanner__db_trigger_analysis' => array(
'type' => 'field',
'title' => __('DB Trigger analysis', 'security-malware-firewall'),
'description' => __('Will search for known malicious signatures in database triggers.', 'security-malware-firewall'),
'long_description' => false,
),
'scanner__dir_exclusions_view' => array(
'type' => 'field',
'input_type' => 'textarea',
Expand Down Expand Up @@ -1350,7 +1358,7 @@ function spbc_settings__draw_elements($elems_to_draw = null, $direct_call = fals
echo '</div>';
break;
case 'section_banner':
spbc_settings__create_notice_on_tab('found_critical_files');
spbc_settings__create_notice_on_tab();
break;
case 'field':
call_user_func($elem['callback'], $elem);
Expand Down Expand Up @@ -2607,52 +2615,49 @@ function spbc_field_traffic_control_logs__prepare_data(&$table)

/**
* Creates a banner with a notification
* @param string $flag_text_banner which banner text to show
* @return void
*/
function spbc_settings__create_notice_on_tab($flag_text_banner)
function spbc_settings__create_notice_on_tab()
{
global $spbc;

switch ($flag_text_banner) {
case 'found_critical_files': // Creates a banner with a notification if important files are found and if the banner has not already been closed
if ($spbc->data['display_scanner_warnings']['critical'] > 0 &&
Cookie::getString('spbct_notice-found_critical_files') != '1') {
$email = spbc_get_admin_email();
$website = get_home_url();
$text = __("There's a high probability that your website has been compromised, as critical files show signs of infection. Take action now by ordering malware removal from our experienced security specialists.", 'security-malware-firewall');
//generate button
$landing_page_link = LinkConstructor::buildCleanTalkLink(
'banner_link_for_treatment',
'website-malware-removal',
array(
'email' => esc_attr($email),
'website' => esc_attr($website),
),
$domain = 'https://l.cleantalk.org'
);
$button_text = __('Request Malware removal', 'security-malware-firewall');
$button_div = '<div style="align-content: center;margin: 0 30px;">';
$button_div .= '
<a class="spbc_manual_link" target="_blank" href="' . $landing_page_link . '">'
. '<i class="spbc-icon-link-ext"></i>&nbsp;&nbsp;'
. $button_text
. '</a>
';
$button_div .= '</div>';
$text .= $button_div;
} else {
return;
}
$flag_text_banner = '';

break;
if ($spbc->data['display_scanner_warnings']['critical'] > 0 &&
Cookie::getString('spbct_notice-found_critical_files') != '1') {
$flag_text_banner = 'found_critical_files';
$text = __("There's a high probability that your website has been compromised, as critical files show signs of infection. Take action now by ordering malware removal from our experienced security specialists.", 'security-malware-firewall');
}

default:
$text = false;
break;
if ( $spbc->data['display_scanner_warnings']['db_triggers'] > 0 &&
Cookie::getString('spbct_notice-found_db_triggers') != '1') {
$flag_text_banner = 'found_db_triggers';
$text = DBTriggerView::getWarningTextForMalwareRemovalBanner();
}

if ($text != false) {
if (!empty($text)) {
$email = spbc_get_admin_email();
$website = get_home_url();
$button_text = __('Request Malware removal', 'security-malware-firewall');
$landing_page_link = LinkConstructor::buildCleanTalkLink(
'banner_link_for_treatment',
'website-malware-removal',
array(
'email' => esc_attr($email),
'website' => esc_attr($website),
),
$domain = 'https://l.cleantalk.org'
);
$button_div = '<div style="align-content: center;margin: 0 30px;">';
$button_div .= '
<a class="spbc_manual_link" target="_blank" href="' . $landing_page_link . '">'
. '<i class="spbc-icon-link-ext"></i>&nbsp;&nbsp;'
. $button_text
. '</a>
';
$button_div .= '</div>';
$text .= $button_div;

$template = '
<div class="spbc_tab_fields_group">
<div class="spbc_group_header"></div>
Expand All @@ -2665,8 +2670,6 @@ function spbc_settings__create_notice_on_tab($flag_text_banner)
</div>
';
printf($template, $flag_text_banner, $flag_text_banner, $text);
} else {
return;
}
}

Expand Down Expand Up @@ -3090,6 +3093,33 @@ function spbc_scanner_oscron_prepare_data(&$table)
$table = OSCronView::prepareTableData($table);
}

/**
* Settings function wrapper. Get count found in db trigger.
* @return int
*/
function spbc_scanner_db_trigger_count_found()
{
return DBTriggerService::countTriggersStorage();
}

/**
* Settings function wrapper. Get data for db trigger.
* @return array
*/
function spbc_scanner_db_trigger_get_scanned()
{
return DBTriggerService::loadTriggersStorage();
}

/**
* Settings function wrapper. Modify data in triggers table.
* @param $table
*/
function spbc_scanner_db_trigger_prepare_data(&$table)
{
$table = DBTriggerView::prepareTableData($table);
}

function spbc_field_scanner__prepare_data__files_quarantine(&$table)
{
global $spbc;
Expand Down Expand Up @@ -3437,6 +3467,10 @@ function spbc_field_scanner()
echo '<span class="spbc_overall_scan_status_os_cron_analysis">' . __('OS Cron Analysis', 'security-malware-firewall') . '</span> -> ';
}

if ($spbc->settings['scanner__db_trigger_analysis']) {
echo '<span class="spbc_overall_scan_status_db_trigger_analysis">' . __('DB Trigger Analysis', 'security-malware-firewall') . '</span> -> ';
}

echo
'<span class="spbc_overall_scan_status_get_denied_hashes">' . __('Updating statuses for the denied files', 'security-malware-firewall') . '</span> -> '
. '<span class="spbc_overall_scan_status_get_approved_hashes">' . __('Updating statuses for the approved files', 'security-malware-firewall') . '</span> -> ';
Expand Down Expand Up @@ -3678,6 +3712,7 @@ function spbc_field_scanner__show_accordion($direct_call = false)
'quarantined' => __('Punished files.', 'security-malware-firewall'),
'analysis_log' => $analysis_log_description,
'cure_log' => $cure_log_description,
'db_trigger' => DBTriggerView::getScannerTabDescription(),
'skipped' => __('List of files that were not checked by the scanner.', 'security-malware-firewall'),
);

Expand Down Expand Up @@ -3750,6 +3785,13 @@ function spbc_field_scanner__show_accordion($direct_call = false)
),
'display' => (bool) $spbc->settings['scanner__os_cron_analysis']
),
'db_trigger_analysis' => array(
'category_description' => __('DB Trigger Analysis', 'security-malware-firewall'),
'types' => array(
'db_trigger',
),
'display' => (bool) $spbc->settings['scanner__db_trigger_analysis']
),
'pages' => array(
'category_description' => __('Pages scan results', 'security-malware-firewall'),
'types' => array(
Expand Down Expand Up @@ -3793,6 +3835,7 @@ function spbc_field_scanner__show_accordion($direct_call = false)
|| ($type_name === 'frontend_malware' && $spbc->data['display_scanner_warnings']['frontend'])
|| ($type_name === 'analysis_log' && $spbc->data['display_scanner_warnings']['analysis'])
|| ($type_name === 'oscron' && $spbc->data['display_scanner_warnings']['oscron'])
|| ($type_name === 'db_trigger' && $spbc->data['display_scanner_warnings']['db_triggers'])
) {
$danger_dot = '<span class="red_dot"></span>';
}
Expand Down Expand Up @@ -4243,6 +4286,30 @@ function spbc_list_table__get_args_by_type($table_type)
);
break;

case 'db_trigger':
$args = array(
'func_data_total' => 'spbc_scanner_db_trigger_count_found',
'func_data_get' => 'spbc_scanner_db_trigger_get_scanned',
'func_data_prepare' => 'spbc_scanner_db_trigger_prepare_data',
'if_empty_items' => '<div class="notice notice-info spbc-icon-info" style="padding: 10px; margin: 10px 0px;">'
. __('DB Trigger not found in the server environment or is unavailable to read/write.', 'security-malware-firewall')
. '</div>',
'columns' => array(
'cb' => array('heading' => '<input type=checkbox>', 'class' => 'check-column', 'width_percent' => 2),
'about_trigger' => array( 'heading' => 'About trigger', 'width_percent' => 30 ), // name, table, time, action
'code' => array( 'heading' => 'Code', 'width_percent' => 43 ),
'signature' => array( 'heading' => 'Signature', 'width_percent' => 10 ),
'analysis_status' => array( 'heading' => 'Verdict', 'width_percent' => 15 ),
),
'actions' => array(
'delete' => array('name' => 'Delete',),
),
'bulk_actions' => array(
'delete' => array('name' => 'Delete',),
),
);
break;

case 'approved':
$args = array_replace_recursive(
$accordion_default_args,
Expand Down
2 changes: 1 addition & 1 deletion js/spbc-scanner-plugin.min.js
View file
Open in desktop

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion js/spbc-scanner-plugin.min.js.map
View file
Open in desktop

Large diffs are not rendered by default.

1 change: 1 addition & 0 deletions js/src/spbc-scanner-plugin.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ class SpbcMalwareScanner {/* eslint-disable-line no-unused-vars */
'auto_cure_backup',
'auto_cure',
'os_cron_analysis',
'db_trigger_analysis',
'outbound_links',
'frontend_analysis',
'important_files_listing',
Expand Down
25 changes: 24 additions & 1 deletion lib/CleantalkSP/SpbctWP/ListTable.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
namespace CleantalkSP\SpbctWP;

use CleantalkSP\SpbctWP\Scanner\Cure;
use CleantalkSP\SpbctWP\Scanner\DBTrigger\DBTriggerService;
use CleantalkSP\SpbctWP\Scanner\OSCron\OSCronController;
use CleantalkSP\SpbctWP\Scanner\OSCron\View\OSCronLocale;
use CleantalkSP\Variables\Post;
Expand Down Expand Up @@ -652,7 +653,10 @@ public static function ajaxRowActionHandler()
$action = Post::getString('add_action');
$is_frontend_malware_action = $action === 'disapprove_page' || $action === 'approve_page';

if ( $action !== 'restore' && ! $is_frontend_malware_action && strpos($action, 'oscron_task') === false ) {
if ( $action !== 'restore' && ! $is_frontend_malware_action &&
strpos($action, 'oscron_task') === false &&
strpos($action, 'delete-trigger') === false
) {
$check_file_exist_result = self::spbcCheckFileExist();

if (isset($check_file_exist_result['error'])) {
Expand Down Expand Up @@ -713,6 +717,9 @@ public static function ajaxRowActionHandler()
case 'enable_oscron_task':
self::ajaxRowActionHandlerApproveOSCronTask();
break;
case 'delete-trigger':
self::ajaxRowActionHandlerDeleteTrigger();
break;
default:
wp_send_json(array('temp_html' => '<div class="spbc-popup-msg popup--red">UNKNOWN ACTION</div>'));
}
Expand Down Expand Up @@ -740,6 +747,22 @@ public static function ajaxRowActionHandlerApproveOSCronTask()
}
}

public static function ajaxRowActionHandlerDeleteTrigger()
{
global $spbc;
$result = DBTriggerService::deleteTrigger(Post::get('id', null, 'word'));
if ($result) {
$out = array(
'html' => '<div class="spbc-popup-msg popup--red">'
. __('Trigger has been deleted.', 'security-malware-firewall')
. '</div>',
);
wp_send_json($out);
} else {
wp_send_json_error(esc_html((string)$result));
}
}

public static function ajaxRowActionHandlerDisableOSCronTask()
{
global $spbc;
Expand Down
Loading