wordfenceHash.php — Wordfence Security – Firewall, Malware Scan, and Login Security 3.0.3

wordfence / lib / wordfenceHash.php

wordfence / lib Last commit date

Diff 13 years ago .htaccess 14 years ago Diff.php 13 years ago IPTraf.php 13 years ago diffResult.php 13 years ago email_genericAlert.php 13 years ago email_newIssues.php 14 years ago email_unlockRequest.php 14 years ago menu_activity.php 14 years ago menu_blockedIPs.php 13 years ago menu_options.php 13 years ago menu_scan.php 13 years ago sysinfo.php 13 years ago viewFullActivityLog.php 13 years ago wf503.php 13 years ago wfAPI.php 13 years ago wfAction.php 14 years ago wfArray.php 13 years ago wfBrowscap.php 14 years ago wfBrowscapCache.php 14 years ago wfConfig.php 13 years ago wfCrawl.php 13 years ago wfDB.php 13 years ago wfDict.php 14 years ago wfIssues.php 13 years ago wfLockedOut.php 14 years ago wfLog.php 13 years ago wfModTracker.php 14 years ago wfRate.php 14 years ago wfScanEngine.php 13 years ago wfSchema.php 13 years ago wfUnlockMsg.php 14 years ago wfUtils.php 13 years ago wfViewResult.php 13 years ago wordfenceClass.php 13 years ago wordfenceConstants.php 13 years ago wordfenceHash.php 13 years ago wordfenceScanner.php 13 years ago wordfenceURLHoover.php 13 years ago

wordfenceHash.php

218 lines

1	<?php
2	require_once('wordfenceClass.php');
3	class wordfenceHash {
4	private $apiKey = false;
5	private $wp_version = false;
6	private $api = false;
7	private $db = false;
8	private $table = false;
9	private $fileQ = array();
10
11	//Begin serialized vars
12	private $whitespace = array("\n","\r","\t"," ");
13	public $totalData = 0; //To do a sanity check, don't use 'du' because it gets sparse files wrong and reports blocks used on disk. Use : find . -type f -ls \| awk '{total += $7} END {print total}'
14	public $totalFiles = 0;
15	public $totalDirs = 0;
16	public $linesOfPHP = 0;
17	public $linesOfJCH = 0; //lines of HTML, CSS and javascript
18	public $striplen = 0;
19	private $hashPacket = "";
20	public $hashStorageID = false;
21	private $hashingStartTime = false;
22	private $lastStatusTime = false;
23	public function __sleep(){ //same order as above
24	if(sizeof($this->fileQ) > 0){
25	throw new Exception("Sanity fail. fileQ is not empty. Has: " . sizeof($this->fileQ));
26	}
27	return array('whitespace', 'totalData', 'totalFiles', 'totalDirs', 'linesOfPHP', 'linesOfJCH', 'striplen', 'hashPacket', 'hashStorageID', 'hashingStartTime', 'lastStatusTime');
28	}
29	public function __construct($striplen){
30	$this->striplen = $striplen;
31	$this->db = new wfDB();
32	$this->table = $this->db->prefix() . 'wfFileQueue';
33	$this->apiKey = wfConfig::get('apiKey');
34	$this->wp_version = wfUtils::getWPVersion();
35	$this->api = new wfAPI($this->apiKey, $this->wp_version);
36	}
37	public function __wakeup(){
38	$this->db = new wfDB();
39	$this->table = $this->db->prefix() . 'wfFileQueue';
40	$this->apiKey = wfConfig::get('apiKey');
41	$this->wp_version = wfUtils::getWPVersion();
42	$this->api = new wfAPI($this->apiKey, $this->wp_version);
43	}
44	public function buildFileQueue($path, $only = array()){ //base path and 'only' is a list of files and dirs in the bast that are the only ones that should be processed. Everything else in base is ignored. If only is empty then everything is processed.
45	$this->db->query("truncate table " . $this->table);
46	if($path[strlen($path) - 1] != '/'){
47	$path .= '/';
48	}
49	if(! is_readable($path)){
50	throw new Exception("Could not read directory $path to do scan.");
51	exit();
52	}
53	$files = scandir($path);
54	foreach($files as $file){
55	if(sizeof($only) > 0 && (! in_array($file, $only))){
56	continue;
57	}
58	$file = $path . $file;
59	wordfence::status(4, 'info', "Hashing item in base dir: $file");
60	$this->_dirHash($file);
61	}
62	$this->writeFileQueue(); //Final write to DB
63
64	}
65	public function genHashes($forkObj){
66	if(! $this->hashingStartTime){
67	$this->hashingStartTime = microtime(true);
68	}
69	if(! $this->lastStatusTime){
70	$this->lastStatusTime = microtime(true);
71	}
72	$haveMoreInDB = true;
73	while($haveMoreInDB){
74	$haveMoreInDB = false;
75	$res = $this->db->query("select id, filename from " . $this->table . " limit 1000");
76	$ids = array();
77	while($rec = mysql_fetch_row($res)){
78	$this->processFile($rec[1]);
79	array_push($ids, $rec[0]);
80	$haveMoreInDB = true;
81	}
82	if(sizeof($ids) > 0){
83	$this->db->query("delete from " . $this->table . " where id IN (" . implode(',', $ids) . ")");
84	}
85	$forkObj->forkIfNeeded();
86	}
87	//Will only reach here if we empty file queue. fork may cause exit
88	$this->sendHashPacket();
89	$this->db->query("truncate table " . $this->table); //Also resets id autoincrement to 1
90	$this->writeHashingStatus();
91	}
92	private function writeHashingStatus(){
93	$this->lastStatusTime = microtime(true);
94	wordfence::status(2, 'info', "Scanned " . $this->totalFiles . " files at a rate of " . sprintf('%.2f', ($this->totalFiles / (microtime(true) - $this->hashingStartTime))) . " files per second.");
95	}
96	private function _dirHash($path){
97	if(substr($path, -3, 3) == '/..' \|\| substr($path, -2, 2) == '/.'){
98	return;
99	}
100	if(! is_readable($path)){ return; } //Applies to files and dirs
101	if(is_dir($path)){
102	$this->totalDirs++;
103	if($path[strlen($path) - 1] != '/'){
104	$path .= '/';
105	}
106	$cont = scandir($path);
107	for($i = 0; $i < sizeof($cont); $i++){
108	if($cont[$i] == '.' \|\| $cont[$i] == '..'){ continue; }
109	$file = $path . $cont[$i];
110	if(is_file($file)){
111	$this->qFile($file);
112	} else if(is_dir($file)) {
113	$this->_dirHash($file);
114	}
115	}
116	} else {
117	if(is_file($path)){
118	$this->qFile($path);
119	}
120	}
121	}
122	private function qFile($file){
123	$this->fileQ[] = $file;
124	if(sizeof($this->fileQ) > 1000){
125	$this->writeFileQueue();
126	}
127	}
128	private function writeFileQueue(){
129	$sql = "insert into " . $this->table . " (filename) values ";
130	$added = false;
131	foreach($this->fileQ as $val){
132	$added = true;
133	$sql .= "('" . mysql_real_escape_string($val) . "'),";
134	}
135	if($added){
136	$sql = rtrim($sql, ',');
137	$this->db->query($sql);
138	}
139	$this->fileQ = array();
140	}
141	private function processFile($file){
142	if(@filesize($file) > WORDFENCE_MAX_FILE_SIZE_TO_PROCESS){
143	wordfence::status(2, 'info', "Skipping file larger than 50 megs: $file");
144	return;
145	}
146
147	if(function_exists('memory_get_usage')){
148	wordfence::status(4, 'info', "Scanning: $file (Mem:" . sprintf('%.1f', memory_get_usage(true) / (1024 * 1024)) . "M)");
149	} else {
150	wordfence::status(4, 'info', "Scanning: $file");
151	}
152	$wfHash = $this->wfHash($file);
153	if($wfHash){
154	$packetFile = substr($file, $this->striplen);
155	$this->hashPacket .= $wfHash[0] . $wfHash[1] . pack('n', strlen($packetFile)) . $packetFile;
156	if(strlen($this->hashPacket) > 500000){ //roughly 2 megs in string mem space
157	$this->writeHashingStatus();
158	$this->sendHashPacket();
159	}
160
161	//Now that we know we can open the file, lets update stats
162	if(preg_match('/\.(?:js\|html\|htm\|css)$/i', $file)){
163	$this->linesOfJCH += sizeof(file($file));
164	} else if(preg_match('/\.php$/i', $file)){
165	$this->linesOfPHP += sizeof(file($file));
166	}
167	$this->totalFiles++;
168	$this->totalData += filesize($file);
169	if(microtime(true) - $this->lastStatusTime > 1){
170	$this->writeHashingStatus();
171	}
172	} else {
173	wordfence::status(2, 'error', "Could not gen hash for file: $file");
174	}
175	}
176	private function sendHashPacket(){
177	wordfence::status(4, 'info', "Sending packet of hash data to Wordfence scanning servers");
178	if(strlen($this->hashPacket) < 1){
179	return;
180	}
181	if($this->hashStorageID){
182	$dataArr = $this->api->binCall('add_hash_chunk', "WFID:" . pack('N', $this->hashStorageID) . $this->hashPacket);
183	$this->hashPacket = "";
184	if(is_array($dataArr) && isset($dataArr['data']) && $dataArr['data'] == $this->hashStorageID){
185	//keep going
186	} else {
187	throw new Exception("Could not store an additional chunk of hash data on Wordfence servers with ID: " . $this->hashStorageID);
188	}
189	} else {
190	$dataArr = $this->api->binCall('add_hash_chunk', "WFST:" . $this->hashPacket);
191	$this->hashPacket = "";
192	if(is_array($dataArr) && isset($dataArr['data']) && preg_match('/^\d+$/', $dataArr['data'])){
193	$this->hashStorageID = $dataArr['data'];
194	} else {
195	throw new Exception("Could not store hash data on Wordfence servers. Got response: " . var_export($dataArr, true));
196	}
197	}
198	}
199	public function getHashStorageID(){
200	return $this->hashStorageID;
201	}
202	public function wfHash($file){
203	$md5 = @md5_file($file, false);
204	if(! $md5){ return false; }
205	$fp = @fopen($file, "rb");
206	if(! $fp){
207	return false;
208	}
209	$ctx = hash_init('sha256');
210	while (!feof($fp)) {
211	hash_update($ctx, str_replace($this->whitespace,"",fread($fp, 65536)));
212	}
213	$shac = hash_final($ctx, false);
214	return array($md5, $shac);
215	}
216	}
217	?>
218