xscan_8php_source.html

<?php


namespace Bitrix\Security\Controller;


use Bitrix\Main\Engine\Action;

use Bitrix\Main\Engine\Controller;

use Bitrix\Main\Localization\Loc;

use Bitrix\Security\XScanResultTable;


class Xscan extends Controller

{


    public static function getFilter()

    {

        $filterOptions = new \Bitrix\Main\UI\Filter\Options('report_filter');

        $filters = $filterOptions->getFilter();


        $filter = [];

        foreach ($filters as $k => $v)

        {

            if (!$v)

            {

                continue;

            }


            switch ($k)

            {

                case 'mtime_from':

                    $filter['>=mtime'] = $v;

                    break;

                case 'mtime_to':

                    $filter['<=mtime'] = $v;

                    break;

                case 'ctime_from':

                    $filter['>=ctime'] = $v;

                    break;

                case 'ctime_to':

                    $filter['<=ctime'] = $v;

                    break;

                case 'tags':

                    foreach ($v as $t)

                    {

                        $filter[] = ['%tags' => $t];

                    }

                    break;


                case 'preset':

                    switch ($v){

                        case 'a':

                            $filter[] = ['%src' => '/bitrix/admin'];

                            break;

                        case 'm':

                            $filter[] = ['%src' => '/bitrix/modules'];

                            break;

                        case 'c':

                            $filter[] = ['%src' => '/bitrix/components'];

                            break;

                        case '!m':

                            $filter[] = ['!%src' => '/bitrix/modules'];

                            break;

                        case 'pop':

                            $filter[] = ['LOGIC' => 'OR',

                                ['%src' => '/prolog_after.php'], ['%src' => '/index.php'],

                                ['%src' => '/content.php'], ['%src' => '/main.php'], ['%src' => '/spread.php'],

                                ['%src' => '/bx_root.php'], ['%src' => '/.access.php'], ['%src' => '/radio.php']

                            ];

                            break;

                    }

                    break;


                case 'FIND':

                    if (strpos($v, '!') === 0)

                    {

                        $v = ltrim($v, '!');

                        $filter[] = ['LOGIC' => 'AND', ['!%src' => $v], ['!%message' => $v]];

                    }

                    else

                    {

                        $filter[] = ['LOGIC' => 'OR', ['%src' => $v], ['%message' => $v]];

                    }

                    break;

            }


        }


        return $filter;

    }


    protected function processBeforeAction(Action $action): bool

    {

        ini_set('display_errors', '0');

        Loc::loadMessages(__FILE__);


        if (!Controller::getCurrentUser()->isAdmin())

        {

            return false;

        }


        return parent::processBeforeAction($action);

    }


    public function prisonAction(string $file)

    {

        $file = '/' . trim($file, '/');


        if (!$file || !file_exists($file))

        {

            $msg = \CBitrixXscan::ShowMsg(Loc::getMessage("BITRIX_XSCAN_FILE_NOT_FOUND") . htmlspecialcharsbx($file), 'red');

        }

        else

        {

            $new_f = preg_replace('#\.php[578]?$#i', '.ph_', $file);

            if (rename($file, $new_f))

            {

                $msg = \CBitrixXscan::ShowMsg(Loc::getMessage("BITRIX_XSCAN_RENAMED") . htmlspecialcharsbx($new_f));

            }

            else

            {

                $msg = \CBitrixXscan::ShowMsg(Loc::getMessage("BITRIX_XSCAN_ERR_RENAME") . htmlspecialcharsbx($file), 'red');

            }

        }


        return $msg;

    }


    public function releaseAction(string $file)

    {

        $file = '/' . trim($file, '/');


        if (!$file || !file_exists($file))

        {

            $msg = \CBitrixXscan::ShowMsg(Loc::getMessage("BITRIX_XSCAN_FILE_NOT_FOUND") . htmlspecialcharsbx($file), 'red');

        }

        else

        {

            $new_f = preg_replace('#\.ph_$#', '.php', $file);

            if (rename($file, $new_f))

            {

                $msg = \CBitrixXscan::ShowMsg(Loc::getMessage("BITRIX_XSCAN_RENAMED") . htmlspecialcharsbx($new_f));

            }

            else

            {

                $msg = \CBitrixXscan::ShowMsg(Loc::getMessage("BITRIX_XSCAN_ERR_RENAME") . htmlspecialcharsbx($file), 'red');

            }

        }


        return $msg;

    }


    public function hideAction(string $file)

    {

        $file = '/' . trim($file, '/');

        $msg = '';


        $ent = XScanResultTable::getList(['select' => ['id'], 'filter' => ['src' => $file]])->fetch();


        if ($ent)

        {

            XScanResultTable::delete($ent['id']);

            $msg = \CBitrixXscan::ShowMsg(Loc::getMessage("BITRIX_XSCAN_HIDED") . htmlspecialcharsbx($file));

        }


        return $msg;

    }


    public function hideFilesAction(array $files, string $all='false')

    {

        \Bitrix\Main\Type\Collection::normalizeArrayValuesByInt($files);


        $filter = $all === 'true' ? self::getFilter(): ['@id' => $files];


        XScanResultTable::deleteList($filter);


        return '';

    }


    public function addErrorAction(string $file)

    {

        $file = '/' . trim($file, '/');


        if ($file)

        {

            XScanResultTable::add(['type' => 'file', 'src' => $file, 'message' => 'error', 'score' => 0.5]);

        }


        return '';

    }


    public function scanAction(string $start_path, string $break_point = '', string $clean = 'N', int $progress = 0, int $total = 0)

    {

        $start_path = $start_path ? $start_path : $_SERVER['DOCUMENT_ROOT'];

        $start_path = rtrim($start_path, '/');


        $scaner = new \CBitrixXscan($progress, $total);

        $scaner->skip_path = $break_point;


        $session = \Bitrix\Main\Application::getInstance()->getSession();


        if (!is_dir($start_path))

        {

            $msg = Loc::getMessage("BITRIX_XSCAN_NACALQNYY_PUTQ_NE_NA");

            return ['error' => $msg];

        }


        if ($clean == 'Y')

        {

            $session['xscan_page'] = 1;

            $session->save();


            $scaner->clean();

            $scaner->CheckEvents();

            $scaner->CheckAgents();

            $scaner->Search($start_path, 'count');

        }

        else

        {

            $session->save();

        }


        $scaner->Search($start_path);

        $scaner->SavetoDB();


        $prc = $scaner->total == 0 ? min(75, (int)($scaner->progress / 1000)) : (int)($scaner->progress * 100 / $scaner->total);


        return [

            'progress' => $scaner->progress,

            'total' => $scaner->total,

            'break_point' => $scaner->break_point,

            'prc' => $prc,

        ];

    }


    public function findHtaccessAction(string $break_point = '')

    {

        $localStorage = \Bitrix\Main\Application::getInstance()->getLocalSession('xscan_htaccess');


        if (!$break_point)

        {

            $localStorage->clear();

            $localStorage->set('timestamp', time());

            $localStorage->set('status', 'pending');

        }


        $path = rtrim($_SERVER['DOCUMENT_ROOT'], '/');


        $searcher = new \CBitrixXscanHtaccess();

        $searcher->skip_path = $break_point;

        $searcher->Search($path);


        $files = $localStorage['files'] ?? [];


        if($searcher->result)

        {

            $files = array_merge($files, $searcher->result);

            $localStorage->set('files', $files);

        }


        if (!$searcher->break_point)

        {

            $localStorage->set('status', 'done');

        }


        return [

            'count' => count($files),

            'break_point' => $searcher->break_point

        ];


    }


}


Bitrix\Main\Engine\Action
Definition action.php:17

Bitrix\Main\Engine\Controller
Definition controller.php:32

Bitrix\Main\Engine\Controller\getCurrentUser
getCurrentUser()
Definition controller.php:264

Bitrix\Main\Localization\Loc
Definition loc.php:11

Bitrix\Main\Localization\Loc\loadMessages
static loadMessages($file)
Definition loc.php:64

Bitrix\Main\Localization\Loc\getMessage
static getMessage($code, $replace=null, $language=null)
Definition loc.php:29

Bitrix\Security\Controller\Xscan
Definition xscan.php:11

Bitrix\Security\Controller\Xscan\findHtaccessAction
findHtaccessAction(string $break_point='')
Definition xscan.php:234

Bitrix\Security\Controller\Xscan\hideAction
hideAction(string $file)
Definition xscan.php:150

Bitrix\Security\Controller\Xscan\prisonAction
prisonAction(string $file)
Definition xscan.php:102

Bitrix\Security\Controller\Xscan\processBeforeAction
processBeforeAction(Action $action)
Definition xscan.php:89

Bitrix\Security\Controller\Xscan\addErrorAction
addErrorAction(string $file)
Definition xscan.php:177

Bitrix\Security\Controller\Xscan\getFilter
static getFilter()
Definition xscan.php:12

Bitrix\Security\Controller\Xscan\scanAction
scanAction(string $start_path, string $break_point='', string $clean='N', int $progress=0, int $total=0)
Definition xscan.php:189

Bitrix\Security\Controller\Xscan\hideFilesAction
hideFilesAction(array $files, string $all='false')
Definition xscan.php:166

Bitrix\Security\Controller\Xscan\releaseAction
releaseAction(string $file)
Definition xscan.php:126

Bitrix\Security\XScanResultTable
Definition xscanresulttable.php:24

Bitrix\Security\XScanResultTable\deleteList
static deleteList(array $filter)
Definition xscanresulttable.php:57

Bitrix\Security\Controller
Definition xscan.php:3

Bitrix\Sender\Internals\QueryController
Definition action.php:8