�

B��2
�2W��Z�dZd
dl
Z
d
dlZd
dlZd
dlZd
dlmZ
d
dlmZmZ
d
dl	m
Z

d
dlmZ
d
dl
mZmZ
d
dlmZ
d
d	lmZ
d
d
lmZ
d
dlmZmZ
d
dlmZ
d
d
lmZ
d
dlm Z 
d
dl!m"Z"
d
dl#m$Z$
d
dl%m&Z&
dZ'dZ(e
j)e*�
�
Z+ed��
�
de,e-e.e-ffd���Z/de-de-de.fd�Z0e
d��
�
de1fd���Z2d�Z3de-d e.de.fd!�Z4de-d"e-de.e-fd#�Z5d$e"de-dee-fd%�Z6de-de.fd&�Z7de-de,fd'�Z8d(�Z9d)e:d*e:de-d$e"d+e,de,fd,�Z;d-e-d.e<d/e<ddfd0�Z=dS)1u

This program is free software: you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License,
or (at your option) any later version.


This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 
See the GNU General Public License for more details.


You should have received a copy of the GNU General Public License
 along with this program.  If not, see <https://www.gnu.org/licenses/>.

Copyright © 2019 Cloud Linux Software Inc.

This software is also available under ImunifyAV commercial license,
see <https://www.imunify360.com/legal/eula>
�N)
�defaultdict)�datetime�	timedelta)
�	lru_cache)
�Optional)�choose_value_from_config�MalwareScanScheduleInterval)
�
LicenseCLN)
�HostingPanel)
�Plesk)�async_lru_cache�atomic_rewrite)
�
MalwareHit)
�QueueSupervisorSync)
�	user_list)
�WPSite)
�WP_CLI_WRAPPER_PATH)
�PHPErrorz/usr/sbin/cagefs_enter_userz/usr/sbin/cagefsctl�<)
�ttl�returnc��K
�t
��}|�
���d
{V��}
tt�
�
}|
���D]%\}}|D]}||�|�
�

��&|S)zN
    Get a mapping of docroots to their associated domains, with caching.
    N)r�get_domain_pathsr�list�items�append)�
hosting_panel�panel_paths�docroot_map�domain�docroots�docroots      �I/opt/imunify360/venv/lib/python3.11/site-packages/imav/wordpress/utils.pyrr<s�����
!�N�N�M�%�6�6�8�8�8�8�8�8�8�8�K��d�#�#�K�'�-�-�/�/�0�0�����
	0�
	0�G��� �'�'��/�/�/�/�
	0����php_pathr"c�0�t
t�
�
||
gS)
zGet wp cli common command list)�strr)r%r"s  r#�
wp_wrapperr(Js���#�$�$�h��8�8r$�
)
�maxsizec�
�tj
�t�
�
r$t
jttj��st
��Stjtd
gdd���}|j	dkrt
��S|j
����d�
�
}
t
|
dd��
�
S)z)Get the list of users enabled for CageFS.z--list-enabledT)�capture_output�textr�

r)N)
�os�path�isfile�CAGEFS_CTL_PATH�access�X_OK�set�
subprocess�run�
returncode�stdout�strip�split)�result�liness  r#�get_cagefs_enabled_usersr>Os����7�>�>�/�*�*��"�)����3�3���u�u��
�^�	�*�+�D�t����F���A����u�u���M���!�!�'�'��-�-�E��u�Q�R�R�y�>�>�r$c�8�t�
��
d
S)z-Clear the cache for get_cagefs_enabled_users.N)r>�cache_clear�r$r#�$clear_get_cagefs_enabled_users_cacherBas���(�(�*�*�*�*�*r$�username�argsc��|t
��vrTtj�t�
�
r0tjttj��rtd
|g|
�
Sddd|dtj|
�
�
gS)zNBuild the necessary command to run the given cmdline args with specified user.z--no-io-and-memory-limit�suz-sz	/bin/bashz-c)	r>r/r0r1�CAGEFS_ENTER_PATHr3r4�shlex�join)rCrDs  r#�build_command_for_userrJfs����+�-�-�-�-�
�7�>�>�+�,�,�	����r�w�2
�2
�	�"�*����	�
�	
�����
�
�4���
�r$�domain_to_excludec��x�
K
�t
���d
{V��}|�
|g��}�
f
d�|D��S)z�
    Get all domains associated with a given document root, excluding one domain.
    It's panel-agnostic and uses a cached mapping.
    Nc
� �
�g|]
}
|
�k�|
��SrArA)�.0r rKs  �r#�
<listcomp>z+get_domains_for_docroot.<locals>.<listcomp>�s$���L�L�L�v��:K�0K�0K�F�0K�0K�0Kr$)r�get)r"rKr�all_domainss `  r#�get_domains_for_docrootrR}sS�����)�*�*�*�*�*�*�*�*�K��/�/�'�2�.�.�K�L�L�L�L��L�L�L�Lr$�sitec��P
�
��	K
�d
dlm
}m}
|���|���	dtdttf��	�
fd�}||j�
�
}|r|St
|j|j����d{V��}|D]}||�
�
}|r|c
S�td|j�d	�
���
�
�
)
z/Determine PHP binary path for the given WPSite.r)�get_domains_php_info�get_installed_php_versionsr rc
�
����|�
�
}
|
r|
�d
�
�
�krdS|
�d�
�
}|sdS�D]2}|�d�
�
|kr|�d�
�
c
S�3dS)NrC�display_version�
identifier�bin)
rP)r �domain_info�php_display_version�php_version�domains_php_info�installed_php_versionsrCs    ���r#�find_php_binary_for_domainz7get_php_binary_path.<locals>.find_php_binary_for_domain�s����&�*�*�6�2�2���
	�k�o�o�j�9�9�X�E�E��4�)�o�o�.?�@�@��"�
	��4�1�	.�	.�K����|�,�,�0C�C�C�"���u�-�-�-�-�-�D
��tr$)
rKNz+PHP binary was not identified for docroot: z, username: )	�clcommon.cpapirUrVr'rr rRr"r)
rSrCrUrVr`�php_binary_path�domainsr r^r_s
 `      @@r#�get_php_binary_pathrd�sX
���������������
,�+�-�-��7�7�9�9���3��8�C�=���������1�0���=�=�O��
���,��������������G��#�#��4�4�V�<�<���
	#�"�"�"�"�
	#��
	�d�l�
	�
	��
	�
	���r$c
�6�t
j
|�
�
�
\}
}|S)z�
    Get malware history for the specified user.

    This is an equivalent of calling `imunify360-agent malware history list --user {username}`.
    ``
    )
�user)r�malicious_list)rC�	max_count�hitss   r#�get_malware_historyrj�s!��#�1�x�@�@�@��Y���Kr$c��K
�t
|�
�
}tj|j|
h
�
���d{V��\}}|siStj|dd���}|dS)z�
    Get the last scan for the specified user.

    This is an equivalent of calling `imunify360-agent malware user list --user {username}`.
    )
�matchN�	scan_dateT)
�descr)�	ScanQueuer�fetch_user_list�get_scans_from_paths�sort)�sinkrC�queue�
_�userss     r#�
get_last_scanrw�s�����
�d�O�O�E��.�
�"�8�*����������H�A�u��
��	��N�5�+�D�9�9�9�E���8�Or$c	�h��t
j
��}|tjkrF|�|
d
d
d
���}||kr|td��
�
z
}|���S|tjkrt||���dzdzz
dzdz}|d
kr
|j	|
krd}|t|��
�
z}|�|
d
d
d
������S|tj
kr�d
dlm�
�f
d�}|j
|kp5|j
|ko
|j	|
kp|�|j|j��dk}	|	r7||j|j|��\}
}|�|||
|
d
d
d
���}n|�||
d
d
d
�	��}|���Sd
S)a�

    Calculate the next scan timestamp based on schedule configuration.

    Args:
        interval: Scan interval (DAY, WEEK, MONTH, or NONE)
        hour: Hour of day to run scan (0-23)
        day_of_month: Day of month to run scan (1-31)
        day_of_week: Day of week to run scan (0-6, where 0=Sunday)

    Returns:
        Timestamp of next scan, or None if interval is NONE
    r)�hour�minute�second�microsecondr))
�days�)
�
monthrangec��
�||
}}|d
z
}|dkrd
}|d
z
}	�||��d
}||k
r||fS|d
z
}|dkrd
}|d
z
}�/)z;Find the next month that has at least given number of days.r)�rA)�year�monthr}�current_year�
current_month�
days_in_monthrs      �r#�find_next_suitable_monthz?calculate_next_scan_timestamp.<locals>.find_next_suitable_month�s����*.��-�L�
�Q��M��r�!�!� !�
��
�!��
&� *�
�<�� G� G�
� J�
��=�(�(�'��6�6���"�
� �2�%�%�$%�M� �A�%�L�
&r$)�dayr�r�ryrzr{r|)r�ryrzr{r|N)r�utcnow�Interval�DAY�replacer�	timestamp�WEEK�weekdayry�MONTH�calendarrr�r�r�)
�intervalry�day_of_month�day_of_week�today�	next_scan�
days_ahead�next_scan_dater��should_advance_month�	next_year�
next_monthrs
            @r#�calculate_next_scan_timestampr��s9���
�O���E��8�<����M�M�����	"�
�
�	��I�����
�*�*�*�*�I��"�"�$�$�$��8�=� � �"�U�]�]�_�_�q�%8�A�$=�=�
�A�Q�F�
���?�?�u�z�T�1�1��J���
�!;�!;�!;�;���%�%��a�
�q�&�
�
�
�)�+�+�	��8�>�!�!�'�'�'�'�'�'�	&�	&�	&�	&�	&�0
�I��$�
E
��	�\�)�@�e�j�D�.@�
E
��j�j���U�[�A�A�!�D�D�
	� �	�$<�$<��
�E�K��%�%�!�I�z�#�]�]� � ������+���N�N�#�]�]� �����+���N��'�'�)�)�)�w
"�!r$�last_scan_time�next_scan_time�malware_by_sitec��gd
�
}i}|D]B\}}||v
ri||<	t
|||���\}	}
n#t$r
d}	YnwxYw
|	|||<�C||
||�|jg��|t	j��d�S)a8
    Prepare scan data JSON for a WordPress site.

    Args:
        last_scan_time: Timestamp of the last scan
        next_scan_time: Timestamp of the next scheduled scan
        username: Username of the site owner
        site: WordPress site object
        malware_by_site: Dictionary mapping site docroots to their malware hits

    Returns:
        dict: JSON data ready to be written to scan_data.php. The response includes:
            - lastScanTimestamp: Timestamp of the last scan
            - nextScanTimestamp: Timestamp of the next scheduled scan
            - username: Username of the site owner
            - malware: List of malware hits for the site
            - config: Configuration items for the site
            - license: License information including status and eligibility for Imunify patch
    ))�MALWARE_SCANNING�enable_scan_cpanel)r��default_action)�PROACTIVE_DEFENCE�blamer)
rCN)�lastScanTimestamp�nextScanTimestamprC�malware�config�license)r�KeyErrorrPr"r
�license_info)r�r�rCrSr��config_sections�config_items�section�option�valuerus           r#�prepare_scan_datar�6
s���6���O��L�*�.�.�����,�&�&�$&�L��!�	�/���!����H�E�1�1��
�
	�
	�
	��E�E�E�
	����(-��W��f�%�%�,�+��"�&�&�t�|�R�8�8���*�,�,�
��s�.�=�
=�content�uid�gidc���|���s|�
��
t��jtjkrd
n
d}t||
d|||���
dS)a

    Helper function to write a plugin data file atomically with optional touch.

    Args:
        file_path: Path to the file to write
        content: Content to write to the file
        uid: User ID for file ownership
        gid: Group ID for file ownership
    i 
�
F)�backupr�r��permissionsN)�exists�touchr�NAMErr)�	file_pathr�r�r�r�s     r#�!write_plugin_data_file_atomicallyr�q
sy�������
�������(�>�>�.�%�*�<�<�%�%�%�K��������
�����r$)>�__doc__�loggingr/rHr6�collectionsrrr�	functoolsr�typingr� defence360agent.contracts.configrr	r��!defence360agent.contracts.licenser
�+defence360agent.subsys.panels.hosting_panelr�#defence360agent.subsys.panels.pleskr�defence360agent.utilsr
r�imav.malwarelib.modelr�*imav.malwarelib.scan.queue_supervisor_syncrro�imav.malwarelib.utilsr�imav.model.wordpressr�imav.wordpressr�imav.wordpress.exceptionrrGr2�	getLogger�__name__�logger�dictr'rrr(r5r>rBrJrRrdrjrwr��floatr��intr�rAr$r#�<module>r�
s��


�
�
�*
����	�	�	�	���������#�#�#�#�#�#�(�(�(�(�(�(�(�(�������������
�
�
�
�
�
�
�
�
9�8�8�8�8�8�D�D�D�D�D�D�5�5�5�5�5�5�A�A�A�A�A�A�A�A�,�,�,�,�,�,�
�
�
�
�
�
�
,�+�+�+�+�+�'�'�'�'�'�'�
�
�
�
�
�
�
.�-�-�-�-�-�1��'��	��	�8�	$�	$����R�
�
�
�

��S�$�s�)�^� 4�

�

�

��
�

�
9��
9�s�
9�t�
9�
9�
9�
9�
��1�
�
�
�
�#�
�
�
��
�
�"
+�
+�
+�

�S�
��
��
�
�
�
�.	
M
�
�	
M
�%(�	
M
�	�#�Y�	
M
�	
M
�	
M
�	
M
�)
�F�)
�c�)
�h�s�m�)
�)
�)
�)
�X

�#�
�$�
�
�
�
�
��
��
�
�
�
�$a

*�a

*�a

*�H8
��8
��8
��8
��	8
�
�8
�
�
8
�8
�8
�8
�v

��
�"%�
�,/�
�	�
�
�
�
�
�
r$