-
Notifications
You must be signed in to change notification settings - Fork 11
/
prestascansecurity.php
720 lines (642 loc) · 29.9 KB
/
prestascansecurity.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
<?php
/**
* Copyright 2023 Profileo Group <[email protected]> (https://www.profileo.com/fr/)
*
* For questions or comments about this software, contact Maxime Morel-Bailly <[email protected]>
* List of required attribution notices and acknowledgements for third-party software can be found in the NOTICE file.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* @author Profileo Group - Complete list of authors and contributors to this software can be found in the AUTHORS file.
* @copyright Since 2023 Profileo Group <[email protected]> (https://www.profileo.com/fr/)
* @license https://www.apache.org/licenses/LICENSE-2.0 Apache License, Version 2.0
*/
if (!defined('_PS_VERSION_')) {
exit;
}
class Prestascansecurity extends Module
{
public $isLoggedIn = false;
public function __construct()
{
$this->name = 'prestascansecurity';
$this->tab = 'others';
$this->version = '1.1.9';
$this->author = 'PrestaScan';
$this->need_instance = false;
$this->bootstrap = true;
parent::__construct();
$this->displayName = $this->l('PrestaScan Security');
$this->description = $this->l('Scan your PrestaShop website to identify malwares and known vulnerabilities in PrestaShop core and modules');
$this->confirmUninstall = $this->l('Are you sure to uninstall this module?');
$this->ps_versions_compliancy = ['min' => '1.5.0', 'max' => _PS_VERSION_];
require_once __DIR__ . '/vendor/autoload.php';
}
public function install()
{
if (!parent::install() ||
!$this->createTabs() ||
!$this->generateModuleHash() ||
!$this->installDb() ||
!$this->registerHook('dashboardZoneOne')) {
return false;
}
Configuration::updateGlobalValue(
'PRESTASCAN_WEBCRON_TOKEN',
\PrestaScan\Tools::getHashByName('webcron', Configuration::get('PRESTASCAN_SEC_HASH'))
);
// Timeout, in minute, before suggesting job cancellation
Configuration::updateGlobalValue('PRESTASCAN_SCAN_MAX_RUN_TIME', 5);
// Update and Alert box in dashboard
$this->installAlertBox();
return true;
}
/**
* Install the database table(s) for this project
* We retrieve the sql instructions from sql_install.php
*/
public function installDb()
{
$sql = [];
$return = true;
include \PrestaScan\Tools::getModulePath() . 'install/sql_install.php';
if (empty($sql)) {
return true;
}
foreach ($sql as $s) {
$return &= Db::getInstance()->execute($s);
}
// Flag to check if the upgrade was correctly run (to fix an issue when upgrade is done for versions > 1.0.3)
\Configuration::updateGlobalValue('PRESTASCAN_FIX_1_0_4', true);
return $return;
}
public function uninstallDb()
{
include \PrestaScan\Tools::getModulePath() . 'install/sql_install.php';
foreach (array_keys($sql) as $name) {
Db::getInstance()->execute('DROP TABLE IF EXISTS ' . $name);
}
return true;
}
public function uninstall()
{
// Delete all configurations and cache files
\PrestaScan\Tools::resetModuleConfigurationAndCache(true);
return parent::uninstall() && $this->removeTabs() && $this->uninstallDb();
}
/**
* Install an alert box.
*
* Add an a section that will be visible in the dashbord of the shop.
* The section will be moved at the top of the dashboard to display security alerts.
*/
protected function installAlertBox()
{
// Add a alert box in the dashboard
$dashboardZoneOneHook = Hook::getIdByName('dashboardZoneOne');
$positions = $this->getPositionsDashboardZoneOne($dashboardZoneOneHook);
if (!empty($positions) && count($positions) > 0) {
// Increase the position of all other modules hooked in the dashboard
foreach ($positions as $module => $position) {
if ($module != $this->id) {
$this->updatePositionHookDashboardZoneOne($dashboardZoneOneHook, $module, $position + 1);
}
}
// Move our module at the first position
$this->updatePositionHookDashboardZoneOne($dashboardZoneOneHook, $this->id, 1);
}
}
/**
* Retrieve the positions of existing modules in the dashboard hook.
*
* @param int $idHook The ID of our DashBoard Hook.
*
* @return array List of all modules and positions hooked in the DashBoard.
*/
protected function getPositionsDashboardZoneOne($idHook)
{
$positions = [];
$result = Db::getInstance()->executeS('
SELECT `hm`.`id_module`, `hm`.`position`
FROM `' . _DB_PREFIX_ . 'hook_module` hm
WHERE `hm`.`id_hook` = '.(int) $idHook .'
ORDER BY `hm`.`position`
');
if ($result) {
foreach ($result as $row) {
$positions[$row['id_module']] = (int) $row['position'];
}
}
return $positions;
}
/**
* Update the position of a module for the DashBoard hook
*
* @param int $idHook The ID of our DashBoard Hook.
* @param int $idModule The ID of the module to update.
* @param int $position The new position
*
* @return bool
*/
protected function updatePositionHookDashboardZoneOne($idHook, $idModule, $position)
{
return Db::getInstance()->execute('
UPDATE `' . _DB_PREFIX_ . 'hook_module`
SET `position` = ' . (int) $position . '
WHERE `id_hook` = ' . (int) $idHook . '
AND `id_module` = ' . (int) $idModule
);
}
protected function createTabs()
{
$result = true;
$tab = new Tab();
$tab->active = 1;
$tab->class_name = 'AdminPrestascanSecurityReports';
$tab->name = [];
foreach (Language::getLanguages(true) as $lang) {
$tab->name[$lang['id_lang']] = $this->l('Ajax PrestaScan Security');
}
if (version_compare(_PS_VERSION_, '1.6.0', '<')) {
$tab->id_parent = 0;
} else {
$tab->id_parent = -1;
}
$tab->module = $this->name;
return $result ? (bool) $tab->add() : $result;
}
protected function removeTabs()
{
if ($tab_id = (int) Tab::getIdFromClassName('AdminPrestascanSecurityReports')) {
$tab = new Tab($tab_id);
$tab->delete();
}
return true;
}
public function hookDashboardZoneOne()
{
// Retrieve the alerts
$vulnAlertHandler = new \PrestaScan\VulnerabilityAlertHandler($this);
$alerts = $vulnAlertHandler->getNewVulnerabilityAlerts();
$updateAvailable = false;
if ($this->isUserLoggedIn()) {
// We check if updates are available
$updateObj = new \PrestaScan\Update($this->context, $this);
$updateObj->checkForModuleUpdate();
$updateAvailable = Configuration::get('PRESTASCAN_UPDATE_VERSION_AVAILABLE') ? true : false;
}
if (!$updateAvailable && !$alerts) {
return;
}
$this->context->smarty->assign('module_upgrade_available', $updateAvailable);
$link = $this->context->link->getAdminLink('AdminModules', false) .
'&configure=' . $this->name .
'&tab_module=' . $this->tab .
'&module_name=' . $this->name .
'&token=' . Tools::getAdminTokenLite('AdminModules');
$this->context->smarty->assign('module_link', $link);
$this->context->smarty->assign('alert_modules_vulnerability', $alerts);
$this->context->smarty->assign('urlmodule', $this->getPathUri());
$this->context->controller->addCSS($this->_path . 'views/css/dashboard.1.1.6.css');
return $this->display(__FILE__, 'dashboard_zone_two.tpl');
}
public function generateModuleHash()
{
// This hash is generated during the initial setup of the module
// It will later be combined with the Cookie Key to avoid guessable log path
// and to provide a token to communication with the OAuth2 FrontController from the BackOffice
if (version_compare(phpversion(), '7.0.0', '<')) {
// < PHP 7
// random_bytes was introduced in PHP 7
$randomHash = substr(md5(microtime()), rand(0,26), 10);
} else {
$randomHash = bin2hex(random_bytes(18));
}
Configuration::updateGlobalValue('PRESTASCAN_SEC_HASH', $randomHash);
return true;
}
public function getContent()
{
if ($this->isUserLoggedIn()) {
// check if selected url is correct on account
try {
$postBody = array(
'shop_urls' => implode(';', array_map('urlencode', $this->getShopUrls())),
);
$request = new \PrestaScan\Api\Request(
'prestascan-api/v2/check-url',
'POST',
$postBody
);
$response = $request->getResponse();
if (isset($response['error']) && $response['error']) { // disconnect
$this->logout();
}
} catch (Exception $e) {
if ($e->getMessage() == 'Not logged in') { //
$this->logout();
}
}
}
// Update the module if requested to do so
$this->updateModule();
// Check for error message to display
if ($error = $this->checkForErrorMessage()) {
// @todo : Errors needs to be beautiful. So make a beautiful popup for a beautiful error <3
return $error;
}
$vulnAlertHandler = new \PrestaScan\VulnerabilityAlertHandler($this);
$moduleNewVulnerabilitiesAlert = $vulnAlertHandler->getNewVulnerabilityAlerts($this->context->language->iso_code);
$this->includeAdminResources($moduleNewVulnerabilitiesAlert);
$this->assignAdminVariables($moduleNewVulnerabilitiesAlert);
$this->displayInitialScanAndScanProgress();
// Check if user is connected
$isLogged = $this->isUserLoggedIn();
$this->context->smarty->assign('prestascansecurity_isLoggedIn', $isLogged);
$this->context->smarty->assign('email_user', Configuration::get('PRESTASCAN_API_EMAIL'));
// check if module update is available
if ($isLogged) {
$updateObj = new \PrestaScan\Update($this->context, $this);
$updateObj->checkForModuleUpdate();
$updateAvailable = Configuration::get('PRESTASCAN_UPDATE_VERSION_AVAILABLE') ? true : false;
$this->context->smarty->assign('module_upgrade_available', $updateAvailable);
// check if banner is available
$bannerResponse = \PrestaScan\Banner::getBanner();
if (!empty($bannerResponse)) {
$this->context->smarty->assign('banner', $bannerResponse);
}
$subscription = \PrestaScan\Subscription::getSubscription();
$this->context->smarty->assign('subscription', $subscription);
}
return $this->display(__FILE__, 'views/templates/admin/layouts/main.tpl');
}
public function updateModule()
{
\PrestaScan\Tools::fixMissingUpgrade();
if (!Tools::getValue('upgrade_module')) {
return false;
}
try {
$update = new \PrestaScan\Update($this->context, $this);
$update->processUpdateModule();
Context::getContext()->cookie->__set('psscan_module_updated', true);
} catch (\Exception $exp) {
$error = $this->l('Error upgrading the module. Please refresh this page and try again.');
Context::getContext()->cookie->__set('psscan_module_error', $error);
}
// Remove the 'upgrade_module' parameter from the query string
$queryString = $_SERVER['QUERY_STRING'];
$params = [];
parse_str($queryString, $params);
unset($params['upgrade_module']);
$newQueryString = http_build_query($params);
// Reload the page without the 'upgrade_module' parameter
$url = $_SERVER['PHP_SELF'] . '?' . $newQueryString;
header('Location: ' . $url);
exit();
}
public function checkForErrorMessage()
{
$errorMessage = Context::getContext()->cookie->__get('psscan_module_error');
if ($errorMessage) {
Context::getContext()->cookie->__unset('psscan_module_error');
return $errorMessage;
}
return false;
}
/**
* Check if the user is logged in
*
* @return bool
*
*/
protected function isUserLoggedIn()
{
if ($this->isLoggedIn) {
// Already logged in in current object context
return true;
}
// Will throw an exception if token not a valid object
try {
$OAuth = new \PrestaScan\OAuth2\Oauth();
$this->isLoggedIn = $OAuth->getAccessTokenObj() ? true : false;
} catch (Exception $exp) {
$this->isLoggedIn = false;
}
return $this->isLoggedIn;
}
protected function displayInitialScanAndScanProgress()
{
$displayInitialScan = true;
$completedJobs = \PrestaScanQueue::getJobsByState(\PrestaScanQueue::$actionname['COMPLETED']);
if (!empty($completedJobs)) {
$displayInitialScan = false;
}
$progressScans = Configuration::get('PRESTASCAN_SCAN_PROGRESS');
$scansToRetrieve = array();
if (!empty($progressScans)) {
$progressScans = json_decode($progressScans, true);
foreach ($progressScans as $type => $scan) {
$scansToRetrieve[$type] = \PrestaScanQueue::isJobToRetrieve($type);
if ($scan) {
$displayInitialScan = false;
}
}
}
$this->context->smarty->assign('displayInitialScan', $displayInitialScan);
$this->context->smarty->assign('progressScans', $progressScans);
$this->context->smarty->assign('scansToRetrieve', $scansToRetrieve);
}
protected function assignAdminVariables($moduleNewVulnerabilitiesAlert)
{
$this->assignReportVariables();
$this->assignSmartyStaticVariables();
$this->assignSettingsPageUrl();
$this->assignRegistrationVariables();
$this->context->smarty->assign('alert_new_modules_vulnerability', $moduleNewVulnerabilitiesAlert);
}
protected function assignReportVariables()
{
// Load the reports
$reports = new \PrestaScan\Reports\Report();
foreach ($reports->getReports() as $reportName => $cacheFile) {
$data = [];
if (is_file($cacheFile)) {
$report = unserialize(file_get_contents($cacheFile));
// Override the results for the directory scan
if (stripos($cacheFile, 'directories_listing_') !== false) {
$report = \PrestaScan\Reports\DirectoriesProtectionReport::matchStatusText($this, $report);
}
if (isset($report['error']) && $report['error'] !== false) {
$data['error'] = $report['error'];
} else {
$results = $report['report']['results'];
// Check if there are dismissed results to update
$results = $reports->updateDismissedEntitiesStatus($results, $reportName);
$data = $results;
}
} else {
$data = false;
}
$this->smartyAssignReportVariables($data, $reportName);
}
}
protected function assignSmartyStaticVariables()
{
$this->context->smarty->assign([
'scanpath' => _PS_ROOT_DIR_,
'prestascansecurity_reports_ajax' => $this->context->link->getAdminLink('AdminPrestascanSecurityReports'),
'prestascansecurity_tpl_path' => _PS_MODULE_DIR_ . 'prestascansecurity/views/templates/admin/',
'urlmodule' => $this->getPathUri(),
'urlContact' => \PrestaScan\Tools::getCustomConfigValue('contact-us'),
]);
}
protected function assignSettingsPageUrl()
{
$settings_page_url = 'https://security.prestascan.com/login';
if (\Configuration::get('PRESTASCAN_DEV_OAUTH_DOMAIN_URL')) {
// Custom URL for developers
$settings_page_url = \Configuration::get('PRESTASCAN_DEV_OAUTH_DOMAIN_URL') . 'login';
}
if (!empty(Configuration::get('PRESTASCAN_API_EMAIL'))) {
$settings_page_url .= '?email=' . urlencode(Configuration::get('PRESTASCAN_API_EMAIL'));
}
$this->context->smarty->assign('settings_page_url', $settings_page_url);
}
protected function assignRegistrationVariables()
{
if ($this->isUserLoggedIn()) {
// Already registered, nothing to do
return true;
}
// If we are not logged in, we will display the data for the registration
// Token used to communicate with the OAuth2 FrontController
$moduleHash = Configuration::get('PRESTASCAN_SEC_HASH');
$tokenFC = \PrestaScan\Tools::getHashByName('FCOauth', $moduleHash);
$adminLink = $this->context->link->getAdminLink('AdminModules', false);
if (strpos($adminLink, 'http') === false) {
// Depending of the PS version, the getAdminLink behavior is not the same.
// In some version, it will return the full url, but on other version only
// the part after the shop URL.
$adminLink = \PrestaScan\Tools::getShopUrl() . basename(_PS_ADMIN_DIR_) . '/' . $adminLink;
}
$urlConfigBo = $adminLink . '&configure=' .
$this->name .'&tab_module=' .
$this->tab . '&module_name=' .
$this->name . '&token=' . Tools::getAdminTokenLite('AdminModules');
$this->context->smarty->assign([
'prestascansecurity_tokenfc' => $tokenFC,
'prestascansecurity_shopurl' => \PrestaScan\Tools::getShopUrl(),
'prestascansecurity_e_firstname' => Context::getContext()->employee->firstname,
'prestascansecurity_e_lastname' => Context::getContext()->employee->lastname,
'prestascansecurity_e_email' => $this->context->employee->email,
// For custom environments (dev)
'prestascansecurity_devdomainurl' => Tools::getValue('devdomainurl') ?
urlencode(Tools::getValue('devdomainurl')) : 0,
'prestascansecurity_devredirecturl' => Tools::getValue('devredirecturl') ?
urlencode(Tools::getValue('devredirecturl')) : 0,
'webcron_token' => Configuration::get('PRESTASCAN_WEBCRON_TOKEN'),
'ps_shop_urls' => implode(';', array_map('urlencode', $this->getShopUrls())),
// We retrive the module configuration URL in order to redirect into it after email verification
// This URL will be kept localy in a cookie during registration
'psscan_urlconfigbo' => urlencode(\PrestaScan\Tools::enforeHttpsIfAvailable($urlConfigBo)),
]);
}
protected function getShopUrls()
{
// Retrieve the list of shop urls
// We will need to send those to the the server during the registration process
$shopUrls = [];
$http = Tools::usingSecureMode() ? 'https://' : 'http://';
foreach (Shop::getShops(true) as $shopId) {
$shop = new Shop($shopId['id_shop']);
foreach ($shop->getUrls() as $u) {
$shopUrls[] = \PrestaScan\Tools::enforeHttpsIfAvailable($http . $u['domain_ssl'] . $u['physical_uri'] . $u['virtual_uri']);
}
}
return $shopUrls;
}
protected function includeAdminResources($moduleNewVulnerabilitiesAlert)
{
$vulnAlertHandler = new \PrestaScan\VulnerabilityAlertHandler($this);
$mediaJsDef = array(
'question_to_this_action' => $this->l('Removing or uninstalling modules in PrestaShop may pose risks if not done carefully, potentially causing system instability or data loss. Make sure to do this action first in a development environment. Contact your agency or our experts if required.'),
'checkbox_risk_label' => $this->l('I understand the risks associated with removing or uninstalling modules in PrestaShop and agree to proceed with caution, prioritizing a development environment.'),
'question_to_logout' => $this->l('Are you sure to log out?'),
'js_error_occured' => $this->l('An error occured while generating the report. This may be due to a timeout. Please try again.'),
'js_ps_nodebug_error_occured' => $this->l('A error occured. Enable debug for more information and please try again.'),
'js_ps_error_occured' => $this->l('A error occured. Please try again.'),
'question_to_logout' => $this->l('Are you sure to log out?'),
'js_description' => $this->l('Description'),
'text_confirm_log_me_out' => $this->l('Yes, log me out'),
'text_reload' => $this->l('Click here to refresh the page'),
'text_yes' => $this->l('Yes'),
'text_cancel' => $this->l('Cancel'),
'text_yes_dismiss' => $this->l('dismiss'),
'question_to_this_dismiss_action' => $this->l('You are about to remove this alert. You will need to redo a scan to get additional details. Are you sure to dismiss this alert?'),
'banner_vulnerability_more_action' => $this->l('This alert is triggered because a new vulnerability was discovered in PrestaShop for this module. Your shop may be vulnerable if the module is not patched yet. Please contact your agency or our team of experts to fix the issue. Please redo a full scan of your module to get more details about the vulnerability.'),
'banner_vulnerability_more_details' => $this->l('More details about this issue:'),
'alert_new_modules_vulnerability' => !empty($moduleNewVulnerabilitiesAlert) ? true : false,
'text_close' => $this->l('Close'),
'text_refresh_status' => $this->l('Refresh status'),
'text_refresh_module_status_required' => $this->l('It\'s requested to update the module in order to run a new scan.') . ' ' . $this->l('If you updated your module manually and still get this message, try refreshing the status of your module by clicking on the bouton "Refresh status" bellow.'),
'text_error_not_logged_in' => $this->l('To launch a scan please log in or create an account. Having an account allows us to securely perform scans on your behalf and deliver accurate results.'),
'text_login_btn' => $this->l('Log in or create an account'),
'banner_vulnerability_core_more_action' => $this->l('This alert is triggered because a new vulnerability has been discovered in the native codes of PrestaShop. Your store may be vulnerable if a patch is not yet in place. Please contact your agency or our expert team to resolve the issue. An update of PrestaShop is also recommended. Please perform a full PrestaShop vulnerability scan again to get more details.'),
);
// Check cookie if update module is running
$isModuleUpdated = Context::getContext()->cookie->__get('psscan_module_updated');
if ($isModuleUpdated == true) {
Context::getContext()->cookie->__unset('psscan_module_updated');
$mediaJsDef['module_updated_confirmation_message'] = $this->l('Your module has been successfully updated.');
}
if (version_compare(_PS_VERSION_, '1.7.0', '>=')) {
// We have some issues escaping strings with PS 1.6.X, so as from 1.7.0 only?
Media::addJsDef($mediaJsDef);
} else {
$this->context->smarty->assign('mediaJsDef', $mediaJsDef);
}
$jsFiles = [
'views/js/reports.js?v=' . $this->version,
'views/js/authentication.js?v=' . $this->version,
'views/js/modal.js?v=' . $this->version,
'views/js/datatables.1.10.25.js',
'views/js/dataTables.buttons.min.js',
'views/js/file-size.js',
'views/js/buttons.html5.min.js',
'views/js/buttons.print.min.js',
'views/js/jquery-ui.min.js',
];
$cssFiles = [
'views/css/datatables.1.10.25.css',
'views/css/buttons.dataTables.min.css',
'views/css/jquery-ui.min.css',
'views/css/jquery-ui.structure.min.css',
'views/css/jquery-ui.theme.min.css',
'views/css/modal.1.1.6.css',
];
foreach ($jsFiles as $jsFile) {
$this->context->controller->addJS($this->_path . $jsFile, false);
}
foreach ($cssFiles as $cssFile) {
$this->context->controller->addCSS($this->_path . $cssFile);
}
$this->context->controller->addCSS($this->_path . 'views/css/admin.1.1.6.css');
if (version_compare(_PS_VERSION_, '1.6', '<')) {
// Add custom CSS for PS 1.5
$this->context->controller->addCSS($this->_path . 'views/css/admin.1.1.6_1.5.css');
}
}
protected function smartyAssignReportVariables($data, $reportName)
{
if (isset($data['error']) && $data['error']) {
$this->context->smarty->assign($reportName . '_error', $data['error']);
} else {
$this->context->smarty->assign($reportName . '_results', $data);
if (is_array($data) && isset($data['date_report'])) {
$this->context->smarty->assign($reportName . '_date_report', date('F d, Y \a\t H:i', $data['date_report']));
}
}
}
/**
* Retrieve the translated vulnerability name
* This function has been place here instead of in an utility class un oder to be
* able to use the translation system.
*/
public function getVulnerabilityExtendedNameTranslated($shortName)
{
$vulnerabilityTypes = array(
'xss' => $this->l('Cross-Site Scripting (XSS)'),
'sql_injection' => $this->l('SQL Injection'),
'code_injection' => $this->l('Code Injection'),
'xss_stored' => $this->l('Stored Cross-Site Scripting (XSS)'),
'spam' => $this->l('Spam'),
'data_breach' => $this->l('Data Breach'),
'improper_access_control' => $this->l('Improper Access Control'),
'unknown' => $this->l('Unknown Vulnerability'),
'data_deletion' => $this->l('Data Deletion'),
'unsecure_token' => $this->l('Unsecure Token'),
'path_traversal' => $this->l('Path Traversal'),
'token_bypass' => $this->l('Token Bypass'),
'classification_missing' => $this->l('Classification Missing'),
'data_exposure' => $this->l('Data exposure'),
'xss_reflected' => $this->l('XSS reflected'),
// Add more vulnerability types here if needed
);
if (array_key_exists($shortName, $vulnerabilityTypes)) {
return $vulnerabilityTypes[$shortName];
}
return ucfirst($shortName); // Return the input value if the short name is not found
}
/**
* Versions of prestashop 1.6, don't support namespaces in Smarty templates
* This function is designed to bypass this limitation, by moving the namespaced call on the PHP side
*/
public static function redirectTools($functionName, $param)
{
return PrestaScan\Tools::{$functionName}($param);
}
/**
* Retrieve the translated severity/criticity name
* This function has been place here instead of in an utility class un oder to be
* able to use the translation system.
*/
public function getCriticityTranslated($criticity)
{
$criticities = array(
'High' => $this->l('High'),
'Critical' => $this->l('Critical'),
'Medium' => $this->l('Medium'),
'Low' => $this->l('Low'),
);
if (array_key_exists(ucfirst($criticity), $criticities)) {
return $criticities[ucFirst($criticity)];
}
return ucfirst($criticity);
}
/**
* Retrieve the translated word
* This function has been place here instead of in an utility class un oder to be
* able to use the translation system.
*/
public function getWordTranslated($word)
{
$words = array(
'Yes' => $this->l('Yes'),
'No' => $this->l('No'),
);
if (array_key_exists($word, $words)) {
return $words[$word];
}
return ucfirst($criticity);
}
protected function logout()
{
// Remove the data in the database
\PrestaScanQueue::truncate();
\PrestaScanVulnAlerts::truncate();
// Delete cache files and configuration
\PrestaScan\Tools::resetModuleConfigurationAndCache();
$this->isLoggedIn = false;
}
public function handleSiteMonitoredChanged()
{
if (Context::getContext()->cookie->__isset('psscan_urlconfigbo')) {
$urlBackOffice = Context::getContext()->cookie->__get('psscan_urlconfigbo');
Context::getContext()->cookie->__unset('psscan_urlconfigbo');
Tools::redirectAdmin($urlBackOffice . '&site_changed=1');
} else {
die($this->display(__FILE__, 'views/templates/front/sitemonitored_changed.tpl'));
}
}
}