-
Notifications
You must be signed in to change notification settings - Fork 800
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
25fb234
commit bc50f3c
Showing
58 changed files
with
681 additions
and
3,588 deletions.
There are no files selected for viewing
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
Significance: minor | ||
Type: added | ||
|
||
Add threat TypeScript types |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1 +1,2 @@ | ||
export * from './types/index.js'; | ||
export * from './utils.js'; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,67 @@ | ||
export type ThreatStatus = 'fixed' | 'ignored' | 'current'; | ||
|
||
export type ThreatFixType = 'replace' | 'delete' | 'update' | string; | ||
|
||
export type Threat = { | ||
/** The threat's unique ID. */ | ||
id: number; | ||
|
||
/** The threat's signature. */ | ||
signature: string; | ||
|
||
/** The threat's title. */ | ||
title: string; | ||
|
||
/** The threat's description. */ | ||
description: string; | ||
|
||
/** The threat's current status. */ | ||
status: ThreatStatus; | ||
|
||
/** The threat's severity level (0-10). */ | ||
severity: number; | ||
|
||
/** The date the threat was first detected on the site, in YYYY-MM-DDTHH:MM:SS.000Z format. */ | ||
firstDetected: string; | ||
|
||
/** The version the threat is fixed in. */ | ||
fixedIn?: string | null; | ||
|
||
/** The date the threat was fixed, in YYYY-MM-DDTHH:MM:SS.000Z format. */ | ||
fixedOn?: string | null; | ||
|
||
/** The fixable details. */ | ||
fixable: | ||
| { | ||
fixer: ThreatFixType; | ||
target?: string | null; | ||
extensionStatus?: string | null; | ||
} | ||
| false; | ||
|
||
/** The threat's source. */ | ||
source?: string; | ||
|
||
/** The threat's context. */ | ||
context?: Record< string, unknown > | null; | ||
|
||
/** The name of the affected file. */ | ||
filename: string | null; | ||
|
||
/** The rows affected by the database threat. */ | ||
rows?: unknown; | ||
|
||
/** The table name of the database threat. */ | ||
table?: string; | ||
|
||
/** The diff showing the threat's modified file contents. */ | ||
diff?: string; | ||
|
||
/** The affected extension. */ | ||
extension?: { | ||
slug: string; | ||
name: string; | ||
version: string; | ||
type: 'plugin' | 'theme' | 'core'; | ||
}; | ||
}; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,77 @@ | ||
import { code, color, grid, plugins, shield, wordpress } from '@wordpress/icons'; | ||
import { ThreatFixStatus } from './types/fixers.js'; | ||
import { Threat } from './types/threat.js'; | ||
|
||
export const getThreatIcon = ( threat: Threat ) => { | ||
const type = getThreatType( threat ); | ||
|
||
switch ( type ) { | ||
case 'plugin': | ||
return plugins; | ||
case 'theme': | ||
return color; | ||
case 'core': | ||
return wordpress; | ||
case 'file': | ||
return code; | ||
case 'database': | ||
return grid; | ||
default: | ||
return shield; | ||
} | ||
}; | ||
|
||
export const getThreatType = ( threat: Threat ) => { | ||
if ( threat.signature === 'Vulnerable.WP.Core' ) { | ||
return 'core'; | ||
} | ||
if ( threat.extension ) { | ||
return threat.extension.type; | ||
} | ||
if ( threat.filename ) { | ||
return 'file'; | ||
} | ||
if ( threat.table ) { | ||
return 'database'; | ||
} | ||
|
||
return null; | ||
}; | ||
|
||
export const getThreatSubtitle = ( threat: Threat ) => { | ||
const type = getThreatType( threat ); | ||
|
||
switch ( type ) { | ||
case 'plugin': | ||
case 'theme': | ||
return `${ threat.extension?.name } (${ threat.extension?.version })`; | ||
case 'core': | ||
return 'WordPress Core'; | ||
case 'file': | ||
// Trim leading slash | ||
if ( threat.filename.startsWith( '/' ) ) { | ||
return threat.filename.slice( 1 ); | ||
} | ||
return threat.filename; | ||
case 'database': | ||
return threat.table; | ||
default: | ||
return ''; | ||
} | ||
}; | ||
|
||
const FIXER_IS_STALE_THRESHOLD = 1000 * 60 * 60 * 24; // 24 hours | ||
|
||
export const fixerTimestampIsStale = ( lastUpdatedTimestamp: string ) => { | ||
const now = new Date(); | ||
const lastUpdated = new Date( lastUpdatedTimestamp ); | ||
return now.getTime() - lastUpdated.getTime() >= FIXER_IS_STALE_THRESHOLD; | ||
}; | ||
|
||
export const fixerStatusIsStale = ( fixerStatus: ThreatFixStatus ) => { | ||
return ( | ||
'status' in fixerStatus && | ||
fixerStatus.status === 'in_progress' && | ||
fixerTimestampIsStale( fixerStatus.last_updated ) | ||
); | ||
}; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
Significance: patch | ||
Type: changed | ||
Comment: Package compatibility updates, no functional changes. | ||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
4 changes: 4 additions & 0 deletions
4
projects/packages/protect-models/changelog/update-protect-threats-data
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
Significance: major | ||
Type: changed | ||
|
||
Changed the formatting of threat data. |
Oops, something went wrong.