initial
This commit is contained in:
+109
@@ -0,0 +1,109 @@
|
||||
# Changelog
|
||||
|
||||
All notable changes to this project will be documented in this file.
|
||||
|
||||
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
|
||||
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
||||
|
||||
## [0.6.5] - 2026-06-08
|
||||
### Changed
|
||||
- Internal updates.
|
||||
|
||||
## [0.6.4] - 2026-06-05
|
||||
### Changed
|
||||
- Internal updates.
|
||||
|
||||
## [0.6.3] - 2026-05-19
|
||||
### Changed
|
||||
- Internal updates.
|
||||
|
||||
## [0.6.2] - 2026-05-04
|
||||
### Changed
|
||||
- Internal: No longer require automattic/jetpack-changelogger as a per-project dev dependency. [#48225]
|
||||
|
||||
## [0.6.1] - 2025-08-04
|
||||
### Changed
|
||||
- Internal updates.
|
||||
|
||||
## [0.6.0] - 2025-06-05
|
||||
### Added
|
||||
- Add functionality to correctly display database threats in the Protect UI. [#43663]
|
||||
|
||||
## [0.5.5] - 2025-04-28
|
||||
### Changed
|
||||
- Internal updates.
|
||||
|
||||
## [0.5.4] - 2025-03-21
|
||||
### Changed
|
||||
- Internal updates.
|
||||
|
||||
## [0.5.3] - 2025-03-12
|
||||
### Changed
|
||||
- Internal updates.
|
||||
|
||||
## [0.5.2] - 2025-03-05
|
||||
### Changed
|
||||
- Internal updates.
|
||||
|
||||
## [0.5.1] - 2025-02-24
|
||||
### Changed
|
||||
- Update dependencies.
|
||||
|
||||
## [0.5.0] - 2025-02-10
|
||||
### Changed
|
||||
- Combine vulnerabilities for the same extension into single vulnerable extension threats. [#40863]
|
||||
|
||||
## [0.4.2] - 2025-02-03
|
||||
### Changed
|
||||
- Internal updates.
|
||||
|
||||
## [0.4.1] - 2024-11-25
|
||||
### Changed
|
||||
- Updated dependencies. [#40286]
|
||||
|
||||
## [0.4.0] - 2024-11-14
|
||||
### Added
|
||||
- Added threats property to protect status. [#40097]
|
||||
|
||||
### Removed
|
||||
- General: Update minimum PHP version to 7.2. [#40147]
|
||||
|
||||
## [0.3.1] - 2024-11-04
|
||||
### Added
|
||||
- Enable test coverage. [#39961]
|
||||
|
||||
## [0.3.0] - 2024-09-23
|
||||
### Changed
|
||||
- Adds a fixable_threats status property [#39125]
|
||||
|
||||
## [0.2.1] - 2024-08-26
|
||||
### Changed
|
||||
- Updated package dependencies. [#39004]
|
||||
|
||||
## [0.2.0] - 2024-08-09
|
||||
### Added
|
||||
- Add Scan History model. [#38117]
|
||||
|
||||
## 0.1.0 - 2024-07-15
|
||||
### Added
|
||||
- Initial version. [#37864]
|
||||
|
||||
[0.6.5]: https://github.com/Automattic/jetpack-protect-models/compare/v0.6.4...v0.6.5
|
||||
[0.6.4]: https://github.com/Automattic/jetpack-protect-models/compare/v0.6.3...v0.6.4
|
||||
[0.6.3]: https://github.com/Automattic/jetpack-protect-models/compare/v0.6.2...v0.6.3
|
||||
[0.6.2]: https://github.com/Automattic/jetpack-protect-models/compare/v0.6.1...v0.6.2
|
||||
[0.6.1]: https://github.com/Automattic/jetpack-protect-models/compare/v0.6.0...v0.6.1
|
||||
[0.6.0]: https://github.com/Automattic/jetpack-protect-models/compare/v0.5.5...v0.6.0
|
||||
[0.5.5]: https://github.com/Automattic/jetpack-protect-models/compare/v0.5.4...v0.5.5
|
||||
[0.5.4]: https://github.com/Automattic/jetpack-protect-models/compare/v0.5.3...v0.5.4
|
||||
[0.5.3]: https://github.com/Automattic/jetpack-protect-models/compare/v0.5.2...v0.5.3
|
||||
[0.5.2]: https://github.com/Automattic/jetpack-protect-models/compare/v0.5.1...v0.5.2
|
||||
[0.5.1]: https://github.com/Automattic/jetpack-protect-models/compare/v0.5.0...v0.5.1
|
||||
[0.5.0]: https://github.com/Automattic/jetpack-protect-models/compare/v0.4.2...v0.5.0
|
||||
[0.4.2]: https://github.com/Automattic/jetpack-protect-models/compare/v0.4.1...v0.4.2
|
||||
[0.4.1]: https://github.com/Automattic/jetpack-protect-models/compare/v0.4.0...v0.4.1
|
||||
[0.4.0]: https://github.com/Automattic/jetpack-protect-models/compare/v0.3.1...v0.4.0
|
||||
[0.3.1]: https://github.com/Automattic/jetpack-protect-models/compare/v0.3.0...v0.3.1
|
||||
[0.3.0]: https://github.com/Automattic/jetpack-protect-models/compare/v0.2.1...v0.3.0
|
||||
[0.2.1]: https://github.com/Automattic/jetpack-protect-models/compare/v0.2.0...v0.2.1
|
||||
[0.2.0]: https://github.com/Automattic/jetpack-protect-models/compare/v0.1.0...v0.2.0
|
||||
+116
@@ -0,0 +1,116 @@
|
||||
<?php
|
||||
/**
|
||||
* Model class for extensions.
|
||||
*
|
||||
* @package automattic/jetpack-protect-models
|
||||
*/
|
||||
|
||||
namespace Automattic\Jetpack\Protect_Models;
|
||||
|
||||
/**
|
||||
* Model class for extension data.
|
||||
*/
|
||||
class Extension_Model {
|
||||
|
||||
/**
|
||||
* The extension name.
|
||||
*
|
||||
* @var null|string
|
||||
*/
|
||||
public $name;
|
||||
|
||||
/**
|
||||
* The extension slug.
|
||||
*
|
||||
* @var null|string
|
||||
*/
|
||||
public $slug;
|
||||
|
||||
/**
|
||||
* The extension version.
|
||||
*
|
||||
* @var null|string
|
||||
*/
|
||||
public $version;
|
||||
|
||||
/**
|
||||
* A collection of threats related to this version of the extension.
|
||||
*
|
||||
* @deprecated 0.4.0 This property is deprecated. Use Threat_Model::$extension instead.
|
||||
*
|
||||
* @var array<Threat_Model>
|
||||
*/
|
||||
public $threats = array();
|
||||
|
||||
/**
|
||||
* Whether the extension has been checked for threats.
|
||||
*
|
||||
* @var null|bool
|
||||
*/
|
||||
public $checked;
|
||||
|
||||
/**
|
||||
* The type of extension ("plugins", "themes", or "core").
|
||||
*
|
||||
* @var null|string
|
||||
*/
|
||||
public $type;
|
||||
|
||||
/**
|
||||
* Extension Model Constructor
|
||||
*
|
||||
* @param array|object $extension Extension data to load into the model instance.
|
||||
*/
|
||||
public function __construct( $extension = array() ) {
|
||||
if ( is_object( $extension ) ) {
|
||||
$extension = (array) $extension;
|
||||
}
|
||||
|
||||
foreach ( $extension as $property => $value ) {
|
||||
if ( property_exists( $this, $property ) ) {
|
||||
// use the property's setter method when possible
|
||||
if ( method_exists( $this, "set_$property" ) ) {
|
||||
$this->{ "set_$property" }( $value );
|
||||
continue;
|
||||
}
|
||||
|
||||
// otherwise, map the value directly into the class property
|
||||
$this->$property = $value;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Set Threats
|
||||
*
|
||||
* @deprecated 0.4.0 This method is deprecated. Use Threat_Model::$extension instead.
|
||||
*
|
||||
* @param array<Threat_Model|array|object> $threats An array of threat data to add to the extension.
|
||||
*/
|
||||
public function set_threats( $threats ) {
|
||||
if ( ! is_array( $threats ) ) {
|
||||
// @phan-suppress-next-line PhanDeprecatedProperty -- Maintaining backwards compatibility.
|
||||
$this->threats = array();
|
||||
return;
|
||||
}
|
||||
|
||||
// convert each provided threat item into an instance of Threat_Model
|
||||
$threats = array_map(
|
||||
function ( $threat ) {
|
||||
if ( is_a( $threat, 'Threat_Model' ) ) {
|
||||
return $threat;
|
||||
}
|
||||
|
||||
if ( is_object( $threat ) ) {
|
||||
$threat = (array) $threat;
|
||||
}
|
||||
|
||||
return new Threat_Model( $threat );
|
||||
},
|
||||
$threats
|
||||
);
|
||||
|
||||
// @phan-suppress-next-line PhanDeprecatedProperty -- Maintaining backwards compatibility.
|
||||
$this->threats = $threats;
|
||||
}
|
||||
}
|
||||
+144
@@ -0,0 +1,144 @@
|
||||
<?php
|
||||
/**
|
||||
* Model class for Protect history report data.
|
||||
*
|
||||
* @package automattic/jetpack-protect-models
|
||||
*/
|
||||
|
||||
namespace Automattic\Jetpack\Protect_Models;
|
||||
|
||||
/**
|
||||
* Model class for the Protect history report data.
|
||||
*/
|
||||
class History_Model {
|
||||
/**
|
||||
* The date and time when the history was generated.
|
||||
*
|
||||
* @var string
|
||||
*/
|
||||
public $last_checked;
|
||||
|
||||
/**
|
||||
* Threats.
|
||||
*
|
||||
* @since 0.4.0
|
||||
*
|
||||
* @var array<Threat_Model>
|
||||
*/
|
||||
public $threats = array();
|
||||
|
||||
/**
|
||||
* Whether there was an error loading the history.
|
||||
*
|
||||
* @var bool
|
||||
*/
|
||||
public $error = false;
|
||||
|
||||
/**
|
||||
* The error code thrown when loading the history.
|
||||
*
|
||||
* @var string
|
||||
*/
|
||||
public $error_code;
|
||||
|
||||
/**
|
||||
* The error message thrown when loading the history.
|
||||
*
|
||||
* @var string
|
||||
*/
|
||||
public $error_message;
|
||||
|
||||
/**
|
||||
* The number of threats.
|
||||
*
|
||||
* @deprecated 0.4.0 This property is deprecated. Count History_Model::$threats instead.
|
||||
*
|
||||
* @var int
|
||||
*/
|
||||
public $num_threats;
|
||||
|
||||
/**
|
||||
* The number of core threats.
|
||||
*
|
||||
* @deprecated 0.4.0 This property is deprecated. Filter and count History_Model::$threats instead.
|
||||
*
|
||||
* @var int
|
||||
*/
|
||||
public $num_core_threats;
|
||||
|
||||
/**
|
||||
* The number of plugin threats.
|
||||
*
|
||||
* @deprecated 0.4.0 This property is deprecated. Filter and count History_Model::$threats instead.
|
||||
*
|
||||
* @var int
|
||||
*/
|
||||
public $num_plugins_threats;
|
||||
|
||||
/**
|
||||
* The number of theme threats.
|
||||
*
|
||||
* @deprecated 0.4.0 This property is deprecated. Filter and count History_Model::$threats instead.
|
||||
*
|
||||
* @var int
|
||||
*/
|
||||
public $num_themes_threats;
|
||||
|
||||
/**
|
||||
* WordPress core.
|
||||
*
|
||||
* @deprecated 0.4.0 This property is deprecated. Use History_Model::$threats instead.
|
||||
*
|
||||
* @var array<Extension_Model>
|
||||
*/
|
||||
public $core = array();
|
||||
|
||||
/**
|
||||
* Status themes.
|
||||
*
|
||||
* @deprecated 0.4.0 This property is deprecated. Filter and use History_Model::$threats instead.
|
||||
*
|
||||
* @var array<Extension_Model>
|
||||
*/
|
||||
public $themes = array();
|
||||
|
||||
/**
|
||||
* Status plugins.
|
||||
*
|
||||
* @deprecated 0.4.0 This property is deprecated. Filter and use History_Model::$threats instead.
|
||||
*
|
||||
* @var array<Extension_Model>
|
||||
*/
|
||||
public $plugins = array();
|
||||
|
||||
/**
|
||||
* File threats.
|
||||
*
|
||||
* @deprecated 0.4.0 This property is deprecated. Filter and use History_Model::$threats instead.
|
||||
*
|
||||
* @var array<Extension_Model>
|
||||
*/
|
||||
public $files = array();
|
||||
|
||||
/**
|
||||
* Database threats.
|
||||
*
|
||||
* @deprecated 0.4.0 This property is deprecated. Filter and use History_Model::$threats instead.
|
||||
*
|
||||
* @var array<Extension_Model>
|
||||
*/
|
||||
public $database = array();
|
||||
|
||||
/**
|
||||
* Status constructor.
|
||||
*
|
||||
* @param array $history The history data to load into the class instance.
|
||||
*/
|
||||
public function __construct( $history = array() ) {
|
||||
foreach ( $history as $property => $value ) {
|
||||
if ( property_exists( $this, $property ) ) {
|
||||
$this->$property = $value;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
+16
@@ -0,0 +1,16 @@
|
||||
<?php
|
||||
/**
|
||||
* This package contains the models used in the Protect plugin.
|
||||
*
|
||||
* @package automattic/jetpack-protect-models
|
||||
*/
|
||||
|
||||
namespace Automattic\Jetpack;
|
||||
|
||||
/**
|
||||
* Class description.
|
||||
*/
|
||||
class Protect_Models {
|
||||
|
||||
const PACKAGE_VERSION = '0.6.5';
|
||||
}
|
||||
+174
@@ -0,0 +1,174 @@
|
||||
<?php
|
||||
/**
|
||||
* Model class for Protect status report data.
|
||||
*
|
||||
* @package automattic/jetpack-protect-models
|
||||
*/
|
||||
|
||||
namespace Automattic\Jetpack\Protect_Models;
|
||||
|
||||
/**
|
||||
* Model class for the Protect status report data.
|
||||
*/
|
||||
class Status_Model {
|
||||
/**
|
||||
* Data source.
|
||||
*
|
||||
* @var string protect_report|scan_api
|
||||
*/
|
||||
public $data_source;
|
||||
|
||||
/**
|
||||
* The date and time when the status was generated.
|
||||
*
|
||||
* @var string
|
||||
*/
|
||||
public $last_checked;
|
||||
|
||||
/**
|
||||
* The current report status.
|
||||
*
|
||||
* @var string in_progress|scheduled|idle|scanning|provisioning|unavailable
|
||||
*/
|
||||
public $status;
|
||||
|
||||
/**
|
||||
* The current reported security threats.
|
||||
*
|
||||
* @since 0.4.0
|
||||
*
|
||||
* @var array<Threat_Model>
|
||||
*/
|
||||
public $threats = array();
|
||||
|
||||
/**
|
||||
* List of fixable threat IDs.
|
||||
*
|
||||
* @var string[]
|
||||
*/
|
||||
public $fixable_threat_ids = array();
|
||||
|
||||
/**
|
||||
* Whether the site includes items that have not been checked.
|
||||
*
|
||||
* @var boolean
|
||||
*/
|
||||
public $has_unchecked_items;
|
||||
|
||||
/**
|
||||
* The estimated percentage of the current scan.
|
||||
*
|
||||
* @var int
|
||||
*/
|
||||
public $current_progress;
|
||||
|
||||
/**
|
||||
* Whether there was an error loading the status.
|
||||
*
|
||||
* @var bool
|
||||
*/
|
||||
public $error = false;
|
||||
|
||||
/**
|
||||
* The error code thrown when loading the status.
|
||||
*
|
||||
* @var string
|
||||
*/
|
||||
public $error_code;
|
||||
|
||||
/**
|
||||
* The error message thrown when loading the status.
|
||||
*
|
||||
* @var string
|
||||
*/
|
||||
public $error_message;
|
||||
|
||||
/**
|
||||
* The number of threats.
|
||||
*
|
||||
* @deprecated 0.4.0 This property is deprecated. Count Status_Model::$threats instead.
|
||||
*
|
||||
* @var int
|
||||
*/
|
||||
public $num_threats;
|
||||
|
||||
/**
|
||||
* The number of plugin threats.
|
||||
*
|
||||
* @deprecated 0.4.0 This property is deprecated. Filter and count Status_Model::$threats instead.
|
||||
*
|
||||
* @var int
|
||||
*/
|
||||
public $num_plugins_threats;
|
||||
|
||||
/**
|
||||
* The number of theme threats.
|
||||
*
|
||||
* @deprecated 0.4.0 This property is deprecated. Filter and count Status_Model::$threats instead.
|
||||
*
|
||||
* @var int
|
||||
*/
|
||||
public $num_themes_threats;
|
||||
|
||||
/**
|
||||
* WordPress core status.
|
||||
*
|
||||
* @deprecated 0.4.0 This property is deprecated. Filter and use Status_Model::$threats instead.
|
||||
*
|
||||
* @var object
|
||||
*/
|
||||
public $core;
|
||||
|
||||
/**
|
||||
* Status themes.
|
||||
*
|
||||
* @deprecated 0.4.0 This property is deprecated. Filter and use Status_Model::$threats instead.
|
||||
*
|
||||
* @var array<Extension_Model>
|
||||
*/
|
||||
public $themes = array();
|
||||
|
||||
/**
|
||||
* Status plugins.
|
||||
*
|
||||
* @deprecated 0.4.0 This property is deprecated. Filter and use Status_Model::$threats instead.
|
||||
*
|
||||
* @var array<Extension_Model>
|
||||
*/
|
||||
public $plugins = array();
|
||||
|
||||
/**
|
||||
* File threats.
|
||||
*
|
||||
* @deprecated 0.4.0 This property is deprecated. Filter and use Status_Model::$threats instead.
|
||||
*
|
||||
* @var array<Extension_Model>
|
||||
*/
|
||||
public $files = array();
|
||||
|
||||
/**
|
||||
* Database threats.
|
||||
*
|
||||
* @deprecated 0.4.0 This property is deprecated. Filter and use Status_Model::$threats instead.
|
||||
*
|
||||
* @var array<Extension_Model>
|
||||
*/
|
||||
public $database = array();
|
||||
|
||||
/**
|
||||
* Status constructor.
|
||||
*
|
||||
* @param array $status The status data to load into the class instance.
|
||||
*/
|
||||
public function __construct( $status = array() ) {
|
||||
// set status defaults
|
||||
// @phan-suppress-next-line PhanDeprecatedProperty -- Maintaining backwards compatibility.
|
||||
$this->core = new \stdClass();
|
||||
|
||||
foreach ( $status as $property => $value ) {
|
||||
if ( property_exists( $this, $property ) ) {
|
||||
$this->$property = $value;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
+272
@@ -0,0 +1,272 @@
|
||||
<?php
|
||||
/**
|
||||
* Model class for threat data.
|
||||
*
|
||||
* @package automattic/jetpack-protect-models
|
||||
*/
|
||||
|
||||
namespace Automattic\Jetpack\Protect_Models;
|
||||
|
||||
/**
|
||||
* Model class for threat data.
|
||||
*/
|
||||
class Threat_Model {
|
||||
|
||||
/**
|
||||
* Threat ID.
|
||||
*
|
||||
* @var null|string
|
||||
*/
|
||||
public $id;
|
||||
|
||||
/**
|
||||
* Threat Signature.
|
||||
*
|
||||
* @var null|string
|
||||
*/
|
||||
public $signature;
|
||||
|
||||
/**
|
||||
* Threat Title.
|
||||
*
|
||||
* @var null|string
|
||||
*/
|
||||
public $title;
|
||||
|
||||
/**
|
||||
* Threat Description.
|
||||
*
|
||||
* @var null|string
|
||||
*/
|
||||
public $description;
|
||||
|
||||
/**
|
||||
* The data the threat was first detected.
|
||||
*
|
||||
* @var null|string
|
||||
*/
|
||||
public $first_detected;
|
||||
|
||||
/**
|
||||
* The version the threat is fixed in.
|
||||
*
|
||||
* @var null|string
|
||||
*/
|
||||
public $fixed_in;
|
||||
|
||||
/**
|
||||
* The date the threat is fixed on.
|
||||
*
|
||||
* @var null|string
|
||||
*/
|
||||
public $fixed_on;
|
||||
|
||||
/**
|
||||
* The severity of the threat between 1-5.
|
||||
*
|
||||
* @var null|int
|
||||
*/
|
||||
public $severity;
|
||||
|
||||
/**
|
||||
* Information about the auto-fix available for this threat. False when not auto-fixable.
|
||||
*
|
||||
* @var null|bool|object
|
||||
*/
|
||||
public $fixable;
|
||||
|
||||
/**
|
||||
* The current status of the threat.
|
||||
*
|
||||
* @var null|string
|
||||
*/
|
||||
public $status;
|
||||
|
||||
/**
|
||||
* The filename of the threat.
|
||||
*
|
||||
* @var null|string
|
||||
*/
|
||||
public $filename;
|
||||
|
||||
/**
|
||||
* The context of the threat.
|
||||
*
|
||||
* @var null|object
|
||||
*/
|
||||
public $context;
|
||||
|
||||
/**
|
||||
* The database table of the threat.
|
||||
*
|
||||
* @var null|string
|
||||
*/
|
||||
public $table;
|
||||
|
||||
/**
|
||||
* Additional details about the database threat.
|
||||
*
|
||||
* @var null|object
|
||||
*/
|
||||
public $details;
|
||||
|
||||
/**
|
||||
* The source URL of the threat.
|
||||
*
|
||||
* @var null|string
|
||||
*/
|
||||
public $source;
|
||||
|
||||
/**
|
||||
* The threat's extension information.
|
||||
*
|
||||
* @since 0.4.0
|
||||
*
|
||||
* @var null|Extension_Model
|
||||
*/
|
||||
public $extension;
|
||||
|
||||
/**
|
||||
* The threat's related vulnerabilities.
|
||||
*
|
||||
* @since 0.5.0
|
||||
*
|
||||
* @var null|Vulnerability_Model[]
|
||||
*/
|
||||
public $vulnerabilities;
|
||||
|
||||
/**
|
||||
* Threat Constructor
|
||||
*
|
||||
* @param array|object $threat Threat data to load into the class instance.
|
||||
*/
|
||||
public function __construct( $threat ) {
|
||||
if ( is_object( $threat ) ) {
|
||||
$threat = (array) $threat;
|
||||
}
|
||||
|
||||
foreach ( $threat as $property => $value ) {
|
||||
if ( 'extension' === $property && ! empty( $value ) ) {
|
||||
$this->extension = new Extension_Model( $value );
|
||||
continue;
|
||||
}
|
||||
if ( property_exists( $this, $property ) ) {
|
||||
$this->$property = $value;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Get the ID value of the threat based on its related extension and vulnerabilities.
|
||||
*
|
||||
* @since 0.5.0
|
||||
*
|
||||
* @param Extension_Model $extension The extension to get the ID from.
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
private static function get_id_from_vulnerable_extension( Extension_Model $extension ) {
|
||||
return "$extension->type-$extension->slug-$extension->version";
|
||||
}
|
||||
|
||||
/**
|
||||
* Get the title from a vulnerable extension.
|
||||
*
|
||||
* @since 0.5.0
|
||||
*
|
||||
* @param Extension_Model $extension The extension to get the title from.
|
||||
*
|
||||
* @return string|null
|
||||
*/
|
||||
private static function get_title_from_vulnerable_extension( Extension_Model $extension ) {
|
||||
$titles = array(
|
||||
'plugins' => sprintf(
|
||||
/* translators: placeholders are the theme name and version number. Example: "Vulnerable theme: Jetpack (version 1.2.3)" */
|
||||
__( 'Vulnerable plugin: %1$s (version %2$s)', 'jetpack-protect-models' ),
|
||||
$extension->name,
|
||||
$extension->version
|
||||
),
|
||||
'themes' => sprintf(
|
||||
/* translators: placeholders are the theme name and version number. Example: "Vulnerable theme: Jetpack (version 1.2.3)" */
|
||||
__( 'Vulnerable theme: %1$s (version %2$s)', 'jetpack-protect-models' ),
|
||||
$extension->name,
|
||||
$extension->version
|
||||
),
|
||||
'core' => sprintf(
|
||||
/* translators: placeholder is the version number. Example: "Vulnerable WordPress (version 1.2.3)" */
|
||||
__( 'Vulnerable WordPress (version %s)', 'jetpack-protect-models' ),
|
||||
$extension->version
|
||||
),
|
||||
);
|
||||
|
||||
return $titles[ $extension->type ] ?? null;
|
||||
}
|
||||
|
||||
/**
|
||||
* Get the description from a vulnerable extension.
|
||||
*
|
||||
* @since 0.5.0
|
||||
*
|
||||
* @param Extension_Model $extension The extension to get the description from.
|
||||
* @param array $vulnerabilities The vulnerabilities to get the description from.
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
private static function get_description_from_vulnerable_extension( Extension_Model $extension, array $vulnerabilities ) {
|
||||
return sprintf(
|
||||
/* translators: placeholders are the theme name and version number. Example: "The installed version of Jetpack (1.2.3) has a known security vulnerability." */
|
||||
_n( 'The installed version of %1$s (%2$s) has a known security vulnerability.', 'The installed version of %1$s (%2$s) has known security vulnerabilities.', count( $vulnerabilities ), 'jetpack-protect-models' ),
|
||||
$extension->name,
|
||||
$extension->version
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* Get the latest fixed_in version from a list of vulnerabilities.
|
||||
*
|
||||
* @since 0.5.0
|
||||
*
|
||||
* @param array $vulnerabilities The vulnerabilities to get the fixed_in version from.
|
||||
*
|
||||
* @return string|bool|null The latest fixed_in version, or false if any of the vulnerabilities are not fixed.
|
||||
*/
|
||||
private static function get_fixed_in_from_vulnerabilities( array $vulnerabilities ) {
|
||||
$fixed_in = null;
|
||||
|
||||
foreach ( $vulnerabilities as $vulnerability ) {
|
||||
// If any of the vulnerabilities are not fixed, the threat is not fixed.
|
||||
if ( ! $vulnerability->fixed_in ) {
|
||||
break;
|
||||
}
|
||||
|
||||
// Use the latest available fixed_in version.
|
||||
if ( ! $fixed_in || ( $fixed_in && version_compare( $vulnerability->fixed_in, $fixed_in, '>' ) ) ) {
|
||||
$fixed_in = $vulnerability->fixed_in;
|
||||
}
|
||||
}
|
||||
|
||||
return $fixed_in;
|
||||
}
|
||||
|
||||
/**
|
||||
* Generate a threat from extension vulnerabilities.
|
||||
*
|
||||
* @since 0.5.0
|
||||
*
|
||||
* @param Extension_Model $extension The extension to generate the threat for.
|
||||
* @param Vulnerability_Model[] $vulnerabilities The vulnerabilities to generate the threat from.
|
||||
*
|
||||
* @return Threat_Model
|
||||
*/
|
||||
public static function generate_from_extension_vulnerabilities( Extension_Model $extension, array $vulnerabilities ) {
|
||||
return new Threat_Model(
|
||||
array(
|
||||
'id' => self::get_id_from_vulnerable_extension( $extension ),
|
||||
'title' => self::get_title_from_vulnerable_extension( $extension ),
|
||||
'description' => self::get_description_from_vulnerable_extension( $extension, $vulnerabilities ),
|
||||
'fixed_in' => self::get_fixed_in_from_vulnerabilities( $vulnerabilities ),
|
||||
'vulnerabilities' => $vulnerabilities,
|
||||
)
|
||||
);
|
||||
}
|
||||
}
|
||||
+94
@@ -0,0 +1,94 @@
|
||||
<?php
|
||||
/**
|
||||
* Model class for vulnerability data.
|
||||
*
|
||||
* @package automattic/jetpack-protect-models
|
||||
*/
|
||||
|
||||
namespace Automattic\Jetpack\Protect_Models;
|
||||
|
||||
use Automattic\Jetpack\Redirect;
|
||||
|
||||
/**
|
||||
* Model class for vulnerability data.
|
||||
*/
|
||||
class Vulnerability_Model {
|
||||
/**
|
||||
* Vulnerability ID.
|
||||
*
|
||||
* @var null|string
|
||||
*/
|
||||
public $id;
|
||||
|
||||
/**
|
||||
* Vulnerability Title.
|
||||
*
|
||||
* @var null|string
|
||||
*/
|
||||
public $title;
|
||||
|
||||
/**
|
||||
* Vulnerability Description.
|
||||
*
|
||||
* @var null|string
|
||||
*/
|
||||
public $description;
|
||||
|
||||
/**
|
||||
* The version the vulnerability is fixed in.
|
||||
*
|
||||
* @var null|string
|
||||
*/
|
||||
public $fixed_in;
|
||||
|
||||
/**
|
||||
* The version the vulnerability was introduced.
|
||||
*
|
||||
* @var null|string
|
||||
*/
|
||||
public $introduced_in;
|
||||
|
||||
/**
|
||||
* The type of vulnerability.
|
||||
*
|
||||
* @var null|string
|
||||
*/
|
||||
public $type;
|
||||
|
||||
/**
|
||||
* The source URL for the vulnerability.
|
||||
*
|
||||
* @var null|string
|
||||
*/
|
||||
public $source;
|
||||
|
||||
/**
|
||||
* Vulnerability Constructor
|
||||
*
|
||||
* @param array|object $vulnerability Vulnerability data to load into the class instance.
|
||||
*/
|
||||
public function __construct( $vulnerability ) {
|
||||
// Initialize the vulnerability data.
|
||||
foreach ( $vulnerability as $property => $value ) {
|
||||
if ( property_exists( $this, $property ) ) {
|
||||
$this->$property = $value;
|
||||
}
|
||||
}
|
||||
|
||||
// Ensure the source URL is set.
|
||||
$this->get_source();
|
||||
}
|
||||
|
||||
/**
|
||||
* Get the source URL for the vulnerability.
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
public function get_source() {
|
||||
if ( empty( $this->source ) && $this->id ) {
|
||||
$this->source = Redirect::get_url( 'jetpack-protect-vul-info', array( 'path' => $this->id ) );
|
||||
}
|
||||
|
||||
return $this->source;
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user