File System Journal

.gitignore

@@ -14,3 +14,5 @@ psalm.xml
 /lib/CleantalkSP/Common/Scanner/HeuristicAnalyser/tests/
 /lib/CleantalkSP/Common/Scanner/SignaturesAnalyser/tests/
 /lib/CleantalkSP/Common/Scanner/SignaturesAnalyser/.github/
+/lib/CleantalkSP/Common/FSWatcher/Storage/data/
+/lib/CleantalkSP/Common/FSWatcher/logs/

inc/spbc-settings.php

@@ -1,5 +1,6 @@
 <?php
 
+use CleantalkSP\Common\FSWatcher\View\View;
 use CleantalkSP\SpbctWP\Scanner\ScanningLog\ScanningLogFacade;
 use CleantalkSP\Variables\Post;
 use CleantalkSP\Variables\Server;
@@ -674,6 +675,11 @@ function spbc_settings__register()
                                 'title'            => __('Important File Monitoring', 'security-malware-firewall'),
                                 'description'      => __('Monitoring of the individual most important files of the site.', 'security-malware-firewall'),
                             ),
+                            'scanner__fs_watcher'                             => array(
+                                'type'             => 'field',
+                                'title'            => __('File System Journal', 'security-malware-firewall'),
+                                'description'      => View::getFSWatcherDescription(new \CleantalkSP\SpbctWP\FSWatcher\View\Phrases()),
+                            ),
                         ),
                     ),
 
@@ -898,6 +904,16 @@ function spbc_settings__register()
                 'ajax'         => false,
                 'callback'     => 'spbc_tab__summary',
             ),
+            // FSWatcher
+            'fswatcher'          => array(
+                'type'         => 'tab',
+                'title'        => __('FS journal', 'security-malware-firewall'),
+                'icon'         => 'spbc-icon-info',
+                'class_prefix' => 'spbc',
+                'ajax'         => true,
+                'callback'     => 'spbc_tab__fswatcher',
+                'display'      => $spbc->settings['scanner__fs_watcher']
+            ),
             // Debug
             'debug'            => array(
                 'type'         => 'tab',
@@ -1586,6 +1602,13 @@ function spbc_tab__summary()
     echo '<br>';
 }
 
+function spbc_tab__fswatcher()
+{
+    echo "<div class='spbc_wrapper_field'>";
+    echo \CleantalkSP\Common\FSWatcher\View\View::renderSelectors(new \CleantalkSP\SpbctWP\FSWatcher\View\Phrases());
+    echo '</div>';
+}
+
 /**
  * Admin callback function - Displays current statistics
  */
@@ -2460,7 +2483,7 @@ function spbc_field_scanner__prepare_data__files(&$table)
                             $ws_string .= '</p>';
                         }
                     }
-                    if ( ! empty($weak_spots['DENIED_HASH'])) {
+                    if ( !empty($weak_spots['DENIED_HASH']) ) {
                         // collecting all kinds of code
                         $all_unique_weak_spots = array();
                         foreach ($weak_spots['DENIED_HASH'] as $_string => $weak_spot_in_string) {

lib/CleantalkSP/Common/FSWatcher/Analyzer/Analyzer.php

@@ -0,0 +1,137 @@
+<?php
+
+namespace CleantalkSP\Common\FSWatcher\Analyzer;
+
+use CleantalkSP\Common\FSWatcher\Logger;
+use CleantalkSP\Common\FSWatcher\Controller;
+
+class Analyzer
+{
+    /**
+     * @return array|false
+     */
+    public static function getCompareResult()
+    {
+        $first = filter_var($_POST['fswatcher__first_date'], FILTER_VALIDATE_INT);
+        $second = filter_var($_POST['fswatcher__second_date'], FILTER_VALIDATE_INT);
+
+        if ($first > $second) {
+            $tmp = $first;
+            $first = $second;
+            $second = $tmp;
+        }
+
+        $first_journal = Controller::$storage::getJournal($first);
+        $second_journal = Controller::$storage::getJournal($second);
+
+        if (!$first_journal || !$second_journal) {
+            return false;
+        }
+
+        if (Controller::$debug) {
+            Logger::log('first journal ' . $first_journal);
+            Logger::log('second journal ' . $second_journal);
+        }
+
+        return self::compare($first_journal, $second_journal);
+    }
+
+    /**
+     * @param $first_journal
+     * @param $second_journal
+     * @return array|false
+     */
+    private static function compare($first_journal, $second_journal)
+    {
+        $result = array(
+            'added' => array(),
+            'deleted' => array(),
+            'changed' => array(),
+        );
+
+        //return no diff if csv names is equal
+        if ( $first_journal === $second_journal) {
+            return $result;
+        }
+
+        //return no diff if md5 sums is equal
+        if (md5(@file_get_contents($first_journal)) === md5(@file_get_contents($second_journal))) {
+            return $result;
+        }
+
+        $first_journal = self::uncompress($first_journal);
+        $second_journal = self::uncompress($second_journal);
+
+        if ( !$first_journal || !$second_journal) {
+            return false;
+        }
+
+        $first_array = [];
+        $second_array = [];
+
+        try {
+            $fp_first = fopen($first_journal, 'r');
+            while ($first = fgetcsv($fp_first)) {
+                $first_array[$first[0]] = $first[1];
+            }
+            fclose($fp_first);
+            @unlink($first_journal);
+
+            $fp_second = fopen($second_journal, 'r');
+            while ($second = fgetcsv($fp_second)) {
+                $second_array[$second[0]] = $second[1];
+            }
+            fclose($fp_second);
+            @unlink($second_journal);
+
+            foreach ($first_array as $path => $time) {
+                if ((isset($second_array[$path]) && $time !== $second_array[$path])) {
+                    $result['changed'][] = [$path, $second_array[$path]];
+                }
+            }
+
+            $keys_differ = array_merge(array_diff_key($first_array, $second_array), array_diff_key($second_array, $first_array));
+
+            foreach ($keys_differ as $path => $time) {
+                if ( in_array($path, array_keys($first_array)) && !in_array($path, array_keys($second_array))) {
+                    $result['deleted'][] = [$path,$time];
+                }
+
+                if ( !in_array($path, array_keys($first_array)) && in_array($path, array_keys($second_array))) {
+                    $result['added'][] = [$path,$time];
+                }
+            }
+
+            return $result;
+        } catch (\Exception $e) {
+            return false;
+        }
+    }
+
+    /**
+     * @param $file
+     * @return false|string
+     */
+    private static function uncompress($file)
+    {
+        if ( substr($file, -3) === '.gz' ) {
+            $content = @gzopen($file, 'r');
+            if ( false === $content ) {
+                return false;
+            }
+            $gz_result = @gzread($content, 1024 * 1024 * 10);
+            if ( !is_string($gz_result) ) {
+                @gzclose($content);
+                return false;
+            }
+            $write_result = @file_put_contents(substr($file, 0, -3), $gz_result);
+            gzclose($content);
+            if ( false === $write_result ) {
+                return false;
+            }
+            $file = substr($file, 0, -3);
+        }
+
+        return $file;
+    }
+}

lib/CleantalkSP/Common/FSWatcher/Controller.php

@@ -0,0 +1,136 @@
+<?php
+
+namespace CleantalkSP\Common\FSWatcher;
+
+use CleantalkSP\Common\FSWatcher\Analyzer\Analyzer;
+use CleantalkSP\Common\FSWatcher\Scan\Scan;
+
+class Controller
+{
+    /**
+     * @var bool
+     */
+    public static $debug;
+
+    const STATUS_STOPPED = 'stopped';
+
+    const STATUS_RUNNING = 'running';
+
+    const EXECUTION_MIN_INTERVAL = 6000; // 1,66 hours
+
+    /**
+     * @var \CleantalkSP\Common\FSWatcher\Storage\Storage
+     */
+    public static $storage;
+
+    /**
+     * @var \CleantalkSP\Common\FSWatcher\Repository\Repository
+     */
+    public static $repository;
+
+    private static $status = self::STATUS_STOPPED;
+
+    /**
+     * Initialize the `$debug` property false|true
+     *
+     * @return void
+     */
+    private static function getDebugState()
+    {
+        if ( defined('SPBC_FSWATCHER_DEBUG') ) {
+            self::$debug = (bool) SPBC_FSWATCHER_DEBUG;
+        }
+    }
+
+    /**
+     * This is the init method.
+     *
+     * Making initialize the `$debug` property
+     *
+     * Contains Ajax handler for requests:
+     * 1) Comparing logs
+     * 2) Scanning file system
+     * 3) Automatically making ajax requests for 2)
+     *
+     * @param $params
+     * @return void
+     */
+    public static function work($params)
+    {
+        self::getDebugState();
+
+        if (self::$debug) {
+            Logger::log('check remote call = ' . (int)Service::isRC());
+        }
+
+        Service::setStorage(isset($params['storage']) ? $params['storage'] : 'file');
+
+        if (self::status() === self::STATUS_STOPPED && Service::isRC() && Service::isCompareRequest()) {
+            if (self::$debug) {
+                Logger::log('run compare file system');
+            }
+            $compare_result = Analyzer::getCompareResult();
+            if (false === $compare_result) {
+                Logger::log('Can not compare logs');
+                echo json_encode(array('error' => 'Can not compare logs'));
+            } else {
+                echo json_encode($compare_result);
+            }
+            die();
+        }
+
+        if (self::status() === self::STATUS_STOPPED && ( Service::isRC() || ( Service::isRC() && Service::isCreateSnapshotRequest() ))) {
+            if (self::$debug) {
+                Logger::log('run scan file system');
+            }
+            self::run($params);
+            die(json_encode('OK'));
+        }
+
+        if (self::status() === self::STATUS_STOPPED && Service::isMinIntervalPassed(self::EXECUTION_MIN_INTERVAL)) {
+            if (self::$debug) {
+                Logger::log('attach js to make remote request');
+            }
+            ob_start(['CleantalkSP\Common\FSWatcher\Service', 'attachJS']);
+        }
+    }
+
+    /**
+     * Scanning file system handler
+     *
+     * @param $params
+     * @return void
+     */
+    private static function run($params)
+    {
+        self::$status = self::STATUS_RUNNING;
+        Scan::run($params);
+        self::stop();
+    }
+
+    /**
+     * Scanning file system stop trigger
+     *
+     * @return void
+     */
+    private static function stop()
+    {
+        self::$status = self::STATUS_STOPPED;
+        Service::setAllJournalsAsCompleted();
+    }
+
+    /**
+     * Checking status of the scanning process
+     *
+     * @return string
+     */
+    private static function status()
+    {
+        $is_exist = Service::getProcessingJournal();
+        if (!is_null($is_exist)) {
+            self::$status = self::STATUS_RUNNING;
+        }
+
+        return self::$status;
+    }
+}