Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

PSC. Now show link to the research instead of PSC record. #469

Merged
merged 1 commit into from
Jan 28, 2025
Merged

PSC. Now show link to the research instead of PSC record. #469

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
30 changes: 27 additions & 3 deletions inc/spbc-admin.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,8 @@
use CleantalkSP\SpbctWP\Cron;
use CleantalkSP\SpbctWP\Escape;
use CleantalkSP\SpbctWP\SpbcEnqueue;
use CleantalkSP\SpbctWP\VulnerabilityAlarm\Dto\PluginReport;
use CleantalkSP\SpbctWP\VulnerabilityAlarm\Dto\ThemeReport;
use CleantalkSP\SpbctWP\VulnerabilityAlarm\VulnerabilityAlarmService;
use CleantalkSP\Variables\Post;
use CleantalkSP\Variables\Server;
Expand Down Expand Up @@ -281,8 +283,21 @@ function spbc_plugin_install_show_safety($res, $action, $_args)
add_filter('plugin_install_action_links', function ($action_links, $plugin) use ($safe_plugin_data) {
$plugin_slug = $safe_plugin_data['slug'];
$plugin_id = $safe_plugin_data['id'];
/**
* @var PluginReport $report_dto
*/
$report_dto = $safe_plugin_data['report_object'];
if ( $plugin['slug'] === $plugin_slug) {
$action_links[] = VulnerabilityAlarm::showSafeBadge('', $plugin['slug'], $plugin_id, $safe_plugin_data['psc']);
$badge = VulnerabilityAlarm::showSafeBadge(
'',
$plugin['slug'],
$plugin_id,
$safe_plugin_data['psc'],
$report_dto->research_url
);
if (!empty($badge)) {
$action_links[] = $badge;
}
}
return $action_links;
}, 10, 2);
Expand Down Expand Up @@ -339,7 +354,6 @@ function spbc_themes_install_show_safety()
if (isset($_POST['list'])) {
$list = $_POST['list'];
$safe_themes_reports = VulnerabilityAlarm::getSafeThemesViaApi($list);

$data = [
'success' => true,
'list' => [],
Expand All @@ -349,9 +363,19 @@ function spbc_themes_install_show_safety()
foreach ($safe_themes_reports as $report) {
if (isset($installed_theme['psc']) && isset($installed_theme['slug']) && $installed_theme['slug'] === $report->slug) {
$theme_id = !empty($installed_theme['slug']) ? $installed_theme['slug'] : '';
/**
* @var ThemeReport $report_dto
*/
$report_dto = $report['report_object'];
$safe_theme_data = array(
'slug' => $installed_theme['slug'],
'msg' => VulnerabilityAlarm::showSafeBadge('theme', $installed_theme['slug'], $theme_id, $installed_theme['psc'])
'msg' => VulnerabilityAlarm::showSafeBadge(
'theme',
$installed_theme['slug'],
$theme_id,
$installed_theme['psc'],
$report_dto->research_url
)
);
$data['list'][] = $safe_theme_data;
}
Expand Down
4 changes: 4 additions & 0 deletions lib/CleantalkSP/SpbctWP/VulnerabilityAlarm/Dto/ItemReport.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -55,4 +55,8 @@ class ItemReport
* @var string
*/
public $psc;
/**
* @var string
*/
public $research_url;
}
2 changes: 1 addition & 1 deletion lib/CleantalkSP/SpbctWP/VulnerabilityAlarm/ResearchApi.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ public static function method__research_list($modules_names) // phpcs:ignore PSR
$request = array(
'method_name' => '', // Dummy placeholder to prevent php notices
'app_names' => $modules_names,
'list_params' => 'id,CVE,date,slug,app_name,app_description,app_status,app_type,rs_app_version_min,rs_app_version_max,psc'
'list_params' => 'id,CVE,date,slug,app_name,app_description,app_status,app_type,rs_app_version_min,rs_app_version_max,psc,research_url'
);

return static::sendRequest($request);
Expand Down
13 changes: 11 additions & 2 deletions lib/CleantalkSP/SpbctWP/VulnerabilityAlarm/VulnerabilityAlarm.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,11 +43,20 @@ public static function sendReport()
{
}

public static function showSafeBadge($module_type = 'plugin', $plugin_slug = '', $plugin_id = '', $psc_cert_name = '')
/**
* @param string $module_type
* @param string $plugin_slug
* @param string $plugin_id
* @param string $psc_cert_name
* @param string $research_url
* @return string|null
*/
public static function showSafeBadge($module_type = 'plugin', $plugin_slug = '', $plugin_id = '', $psc_cert_name = '', $research_url = '')
{
if ( ! empty($psc_cert_name) ) {
return VulnerabilityAlarmView::showSafeBadgePSC($module_type, $plugin_slug, $plugin_id, $psc_cert_name);
return VulnerabilityAlarmView::showSafeBadgePSC($module_type, $plugin_slug, $plugin_id, $psc_cert_name, $research_url);
}
return null;
}

/**
Expand Down
3 changes: 3 additions & 0 deletions lib/CleantalkSP/SpbctWP/VulnerabilityAlarm/VulnerabilityAlarmService.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -395,6 +395,9 @@ private static function mapApiResults($api_res)
if ( isset($res['psc']) ) {
$report->psc = $res['psc'];
}
if ( isset($res['research_url']) ) {
$report->research_url = $res['research_url'];
}

// generates `$results->plugins` or `$results->themes`
$res_type = $res['app_type'] . 's';
Expand Down
32 changes: 26 additions & 6 deletions lib/CleantalkSP/SpbctWP/VulnerabilityAlarm/VulnerabilityAlarmView.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -105,9 +105,16 @@ public static function showThemeAlarm($theme_report)
return '<p>' . $vulnerability_text . '</p>';
}

public static function showSafeBadgePSC($module_type, $plugin_slug, $plugin_id, $psc_cert_name)
/**
* @param string $module_type
* @param string $plugin_slug
* @param string $plugin_id
* @param string $psc_cert_name
* @param string $research_url
* @return string
*/
public static function showSafeBadgePSC($module_type, $plugin_slug, $plugin_id, $psc_cert_name, $research_url)
{

$badge_text = esc_html__('Plugin has received a PSC', 'security-malware-firewall');
$module_type_translated = esc_html__('plugin', 'security-malware-firewall');

Expand All @@ -121,10 +128,20 @@ public static function showSafeBadgePSC($module_type, $plugin_slug, $plugin_id,
if ( file_exists($layout_file) ) {
$replaces = [
'{{ASSETS_URL}}' => self::ASSETS_URL,
'{{DESCRIPTION}}' => static::getSafeReportChunkPSC($plugin_slug, $plugin_id, $psc_cert_name, $module_type_translated),
'{{DESCRIPTION}}' => static::getSafeReportChunkPSC(
$plugin_slug,
$plugin_id,
$psc_cert_name,
$module_type_translated,
$research_url
),
'{{MORE_DETAILS_LINK}}' => static::getVASupportChunk(),
];
$layout = file_get_contents($layout_file);
$layout = @file_get_contents($layout_file);

if (false === $layout) {
$layout = '';
}

foreach ($replaces as $place_holder => $replace) {
$layout = str_replace($place_holder, $replace, $layout);
Expand Down Expand Up @@ -188,12 +205,15 @@ private static function getFullReportChunk($module_slug, $module_id)
* @param $module_id
* @param $psc_cert_name
* @param $module_type_translated
* @param $research_url
* @return string
*/
private static function getSafeReportChunkPSC($module_slug, $module_id, $psc_cert_name, $module_type_translated)
private static function getSafeReportChunkPSC($module_slug, $module_id, $psc_cert_name, $module_type_translated, $research_url)
{
$details_link = static::RESEARCH_SITE_URL;
if ($module_slug && $module_id) {
if (!empty($research_url)) {
$details_link = esc_attr($research_url);
} else if ($module_slug && $module_id) {
$details_link = esc_attr($details_link . '/reports/app/' . $module_slug . '#' . $module_id);
}
$report_text = esc_html__('This version of the %s is security safe and certified as %s%s%s', 'security-malware-firewall');
Expand Down
Loading