Diff
14 years ago
geshi
14 years ago
.htaccess
14 years ago
Diff.php
14 years ago
IPTraf.php
14 years ago
diffResult.php
14 years ago
dropAll.php
14 years ago
email_genericAlert.php
14 years ago
email_newIssues.php
14 years ago
geshi.php
14 years ago
menu_activity.php
14 years ago
menu_blockedIPs.php
14 years ago
menu_config.php
14 years ago
menu_options.php
14 years ago
menu_scan.php
14 years ago
sysinfo.php
14 years ago
wf503.php
14 years ago
wfAPI.php
14 years ago
wfAction.php
14 years ago
wfBrowscap.php
14 years ago
wfBrowscapCache.php
14 years ago
wfConfig.php
14 years ago
wfCrawl.php
14 years ago
wfDB.php
14 years ago
wfDict.php
14 years ago
wfIssues.php
14 years ago
wfLockedOut.php
14 years ago
wfLog.php
14 years ago
wfModTracker.php
14 years ago
wfRate.php
14 years ago
wfScanEngine.php
14 years ago
wfSchema.php
14 years ago
wfUtils.php
14 years ago
wfViewResult.php
14 years ago
wordfenceClass.php
14 years ago
wordfenceConstants.php
14 years ago
wordfenceHash.php
14 years ago
wordfenceScanner.php
14 years ago
wordfenceURLHoover.php
14 years ago
wordfenceHash.php
111 lines
| 1 | <?php |
| 2 | require_once('wordfenceClass.php'); |
| 3 | class wordfenceHash { |
| 4 | private $whitespace = array("\n","\r","\t"," "); |
| 5 | public $totalData = 0; //To do a sanity check, don't use 'du' because it gets sparse files wrong and reports blocks used on disk. Use : find . -type f -ls | awk '{total += $7} END {print total}' |
| 6 | public $totalFiles = 0; |
| 7 | public $totalDirs = 0; |
| 8 | public $linesOfPHP = 0; |
| 9 | public $linesOfJCH = 0; //lines of HTML, CSS and javascript |
| 10 | public $striplen = 0; |
| 11 | private $hashes = array(); |
| 12 | public function __construct($striplen){ |
| 13 | $this->striplen = $striplen; |
| 14 | } |
| 15 | public function hashPaths($path, $only = array()){ //base path and 'only' is a list of files and dirs in the bast that are the only ones that should be processed. Everything else in base is ignored. If only is empty then everything is processed. |
| 16 | if($path[strlen($path) - 1] != '/'){ |
| 17 | $path .= '/'; |
| 18 | } |
| 19 | $files = scandir($path); |
| 20 | foreach($files as $file){ |
| 21 | if(sizeof($only) > 0 && (! in_array($file, $only))){ |
| 22 | continue; |
| 23 | } |
| 24 | $file = $path . $file; |
| 25 | wordfence::status(2, 'info', "Hashing item in base dir: $file"); |
| 26 | $this->_dirHash($file); |
| 27 | } |
| 28 | return $this->hashes; |
| 29 | } |
| 30 | private function _dirHash($path){ |
| 31 | if(substr($path, -3, 3) == '/..' || substr($path, -2, 2) == '/.'){ |
| 32 | return; |
| 33 | } |
| 34 | if(is_dir($path)){ |
| 35 | $this->totalDirs++; |
| 36 | if($path[strlen($path) - 1] != '/'){ |
| 37 | $path .= '/'; |
| 38 | } |
| 39 | $cont = scandir($path); |
| 40 | for($i = 0; $i < sizeof($cont); $i++){ |
| 41 | if($cont[$i] == '.' || $cont[$i] == '..'){ continue; } |
| 42 | $file = $path . $cont[$i]; |
| 43 | if(is_file($file)){ |
| 44 | $this->processFile($file); |
| 45 | } else if(is_dir($file)) { |
| 46 | $this->_dirHash($file); |
| 47 | } |
| 48 | } |
| 49 | } else { |
| 50 | if(is_file($path)){ |
| 51 | $this->processFile($path); |
| 52 | } |
| 53 | } |
| 54 | } |
| 55 | private function processFile($file){ |
| 56 | $wfHash = $this->wfHash($file, true); |
| 57 | if($wfHash){ |
| 58 | wordfence::status(2, 'info', "Examined file: $file"); |
| 59 | $this->hashes[substr($file, $this->striplen)] = $wfHash; |
| 60 | //Now that we know we can open the file, lets update stats |
| 61 | if(preg_match('/\.(?:js|html|htm|css)$/i', $file)){ |
| 62 | $this->linesOfJCH += sizeof(file($file)); |
| 63 | } else if(preg_match('/\.php$/i', $file)){ |
| 64 | $this->linesOfPHP += sizeof(file($file)); |
| 65 | } |
| 66 | $this->totalFiles++; |
| 67 | $this->totalData += filesize($file); |
| 68 | } else { |
| 69 | wordfence::status(2, 'error', "Could not gen hash for file: $file"); |
| 70 | } |
| 71 | } |
| 72 | public function wfHash($file, $binary = true){ |
| 73 | $md5 = @md5_file($file, $binary); |
| 74 | if(! $md5){ return false; } |
| 75 | //$sha = @hash_file('sha256', $file, $binary); |
| 76 | //if(! $sha){ return false; } |
| 77 | $fp = @fopen($file, "rb"); |
| 78 | if(! $fp){ |
| 79 | return false; |
| 80 | } |
| 81 | $ctx = hash_init('sha256'); |
| 82 | while (!feof($fp)) { |
| 83 | hash_update($ctx, str_replace($this->whitespace,"",fread($fp, 65536))); |
| 84 | } |
| 85 | $shac = hash_final($ctx, $binary); |
| 86 | //Taking out $sha for now because we don't use it on the scanning server side |
| 87 | return array($md5, '', $shac, filesize($file) ); |
| 88 | } |
| 89 | public static function bin2hex($hashes){ |
| 90 | function wf_func1($elem){ |
| 91 | return array( |
| 92 | bin2hex($elem[0]), |
| 93 | bin2hex($elem[1]), |
| 94 | bin2hex($elem[2]) |
| 95 | ); |
| 96 | } |
| 97 | return array_map('wf_func1', $hashes); |
| 98 | } |
| 99 | public static function hex2bin($hashes){ |
| 100 | function wf_func2($elem){ |
| 101 | return array( |
| 102 | pack('H*', $elem[0]), |
| 103 | pack('H*', $elem[1]), |
| 104 | pack('H*', $elem[2]) |
| 105 | ); |
| 106 | } |
| 107 | return array_map('wf_func2', $hashes); |
| 108 | } |
| 109 | } |
| 110 | ?> |
| 111 |