Protect: Add Threat History (#38117)

projects/packages/protect-models/changelog/add-protect-threat-history

@@ -0,0 +1,4 @@
+Significance: minor
+Type: added
+
+Add Scan History model.

projects/packages/protect-models/composer.json

@@ -42,7 +42,7 @@
 	"extra": {
 		"autotagger": true,
 		"branch-alias": {
-			"dev-trunk": "0.1.x-dev"
+			"dev-trunk": "0.2.x-dev"
 		},
 		"changelogger": {
 			"link-template": "https://github.com/Automattic/jetpack-protect-models/compare/v${old}...v${new}"

projects/packages/protect-models/package.json

@@ -1,7 +1,7 @@
 {
 	"private": true,
 	"name": "@automattic/jetpack-protect-models",
-	"version": "0.1.0",
+	"version": "0.2.0-alpha",
 	"description": "This package contains the models used in Protect. ",
 	"homepage": "https://github.com/Automattic/jetpack/tree/HEAD/projects/packages/protect-models/#readme",
 	"bugs": {

projects/packages/protect-models/src/class-history-model.php

@@ -0,0 +1,117 @@
+<?php
+/**
+ * Model class for Protect history report data.
+ *
+ * @package automattic/jetpack-protect-models
+ */
+
+namespace Automattic\Jetpack\Protect_Models;
+
+/**
+ * Model class for the Protect history report data.
+ */
+class History_Model {
+	/**
+	 * The date and time when the history was generated.
+	 *
+	 * @var string
+	 */
+	public $last_checked;
+
+	/**
+	 * The number of threats.
+	 *
+	 * @var int
+	 */
+	public $num_threats;
+
+	/**
+	 * The number of core threats.
+	 *
+	 * @var int
+	 */
+	public $num_core_threats;
+
+	/**
+	 * The number of plugin threats.
+	 *
+	 * @var int
+	 */
+	public $num_plugins_threats;
+
+	/**
+	 * The number of theme threats.
+	 *
+	 * @var int
+	 */
+	public $num_themes_threats;
+
+	/**
+	 * WordPress core.
+	 *
+	 * @var array<Extension_Model>
+	 */
+	public $core = array();
+
+	/**
+	 * Status themes.
+	 *
+	 * @var array<Extension_Model>
+	 */
+	public $themes = array();
+
+	/**
+	 * Status plugins.
+	 *
+	 * @var array<Extension_Model>
+	 */
+	public $plugins = array();
+
+	/**
+	 * File threats.
+	 *
+	 * @var array<Extension_Model>
+	 */
+	public $files = array();
+
+	/**
+	 * Database threats.
+	 *
+	 * @var array<Extension_Model>
+	 */
+	public $database = array();
+
+	/**
+	 * Whether there was an error loading the history.
+	 *
+	 * @var bool
+	 */
+	public $error = false;
+
+	/**
+	 * The error code thrown when loading the history.
+	 *
+	 * @var string
+	 */
+	public $error_code;
+
+	/**
+	 * The error message thrown when loading the history.
+	 *
+	 * @var string
+	 */
+	public $error_message;
+
+	/**
+	 * Status constructor.
+	 *
+	 * @param array $history The history data to load into the class instance.
+	 */
+	public function __construct( $history = array() ) {
+		foreach ( $history as $property => $value ) {
+			if ( property_exists( $this, $property ) ) {
+				$this->$property = $value;
+			}
+		}
+	}
+}

projects/packages/protect-models/src/class-protect-models.php

@@ -12,5 +12,5 @@
  */
 class Protect_Models {
 
-	const PACKAGE_VERSION = '0.1.0';
+	const PACKAGE_VERSION = '0.2.0-alpha';
 }

projects/packages/protect-models/src/class-threat-model.php

@@ -54,6 +54,13 @@ class Threat_Model {
 	 */
 	public $fixed_in;
 
+	/**
+	 * The date the threat is fixed on.
+	 *
+	 * @var null|string
+	 */
+	public $fixed_on;
+
 	/**
 	 * The severity of the threat between 1-5.
 	 *

projects/plugins/backup/changelog/add-protect-threat-history

@@ -0,0 +1,5 @@
+Significance: patch
+Type: changed
+Comment: Updated composer.lock.
+
+

projects/plugins/boost/changelog/add-protect-threat-history

@@ -0,0 +1,5 @@
+Significance: patch
+Type: changed
+Comment: Updated composer.lock.
+
+

projects/plugins/jetpack/changelog/add-protect-threat-history

@@ -0,0 +1,5 @@
+Significance: patch
+Type: other
+Comment: Updated composer.lock.
+
+

projects/plugins/migration/changelog/add-protect-threat-history

@@ -0,0 +1,5 @@
+Significance: patch
+Type: changed
+Comment: Updated composer.lock.
+
+

projects/plugins/protect/changelog/add-protect-scan-history

@@ -0,0 +1,4 @@
+Significance: minor
+Type: added
+
+Security Scanning: add threats history view

projects/plugins/protect/src/class-jetpack-protect.php

@@ -21,6 +21,7 @@
 use Automattic\Jetpack\Plugins_Installer;
 use Automattic\Jetpack\Protect\Onboarding;
 use Automattic\Jetpack\Protect\REST_Controller;
+use Automattic\Jetpack\Protect\Scan_History;
 use Automattic\Jetpack\Protect\Site_Health;
 use Automattic\Jetpack\Protect_Status\Plan;
 use Automattic\Jetpack\Protect_Status\Status;
@@ -211,6 +212,7 @@ public function initial_state() {
 			'apiNonce'           => wp_create_nonce( 'wp_rest' ),
 			'registrationNonce'  => wp_create_nonce( 'jetpack-registration-nonce' ),
 			'status'             => Status::get_status( $refresh_status_from_wpcom ),
+			'scanHistory'        => Scan_History::get_scan_history( $refresh_status_from_wpcom ),
 			'installedPlugins'   => Plugins_Installer::get_plugins(),
 			'installedThemes'    => Sync_Functions::get_themes(),
 			'wpVersion'          => $wp_version,

projects/plugins/protect/src/class-rest-controller.php

@@ -55,6 +55,18 @@ public static function register_rest_endpoints() {
 			)
 		);
 
+		register_rest_route(
+			'jetpack-protect/v1',
+			'unignore-threat',
+			array(
+				'methods'             => \WP_REST_Server::EDITABLE,
+				'callback'            => __CLASS__ . '::api_unignore_threat',
+				'permission_callback' => function () {
+					return current_user_can( 'manage_options' );
+				},
+			)
+		);
+
 		register_rest_route(
 			'jetpack-protect/v1',
 			'fix-threats',
@@ -198,6 +210,18 @@ public static function register_rest_endpoints() {
 				},
 			)
 		);
+
+		register_rest_route(
+			'jetpack-protect/v1',
+			'scan-history',
+			array(
+				'methods'             => \WP_REST_Server::READABLE,
+				'callback'            => __CLASS__ . '::api_get_scan_history',
+				'permission_callback' => function () {
+					return current_user_can( 'manage_options' );
+				},
+			)
+		);
 	}
 
 	/**
@@ -221,6 +245,27 @@ public static function api_ignore_threat( $request ) {
 		return new WP_REST_Response( 'Threat ignored.' );
 	}
 
+	/**
+	 * Unignores a threat for the API endpoint
+	 *
+	 * @param WP_REST_Request $request The request object.
+	 *
+	 * @return WP_REST_Response
+	 */
+	public static function api_unignore_threat( $request ) {
+		if ( ! $request['threat_id'] ) {
+			return new WP_REST_Response( 'Missing threat ID.', 400 );
+		}
+
+		$threat_ignored = Threats::unignore_threat( $request['threat_id'] );
+
+		if ( ! $threat_ignored ) {
+			return new WP_REST_Response( 'An error occured while attempting to unignore the threat.', 500 );
+		}
+
+		return new WP_REST_Response( 'Threat unignored.' );
+	}
+
 	/**
 	 * Fixes threats for the API endpoint
 	 *
@@ -409,4 +454,14 @@ public static function api_complete_onboarding_steps( $request ) {
 
 		return new WP_REST_Response( 'Onboarding step(s) completed.' );
 	}
+
+	/**
+	 * Return Scan History for the API endpoint
+	 *
+	 * @return WP_REST_Response
+	 */
+	public static function api_get_scan_history() {
+		$scan_history = Scan_History::get_scan_history( false );
+		return rest_ensure_response( $scan_history, 200 );
+	}
 }