This commit is contained in:
2026-07-02 15:54:39 -06:00
commit 9883323161
17470 changed files with 4470592 additions and 0 deletions
@@ -0,0 +1,116 @@
<?php
/**
* Model class for extensions.
*
* @package automattic/jetpack-protect-models
*/
namespace Automattic\Jetpack\Protect_Models;
/**
* Model class for extension data.
*/
class Extension_Model {
/**
* The extension name.
*
* @var null|string
*/
public $name;
/**
* The extension slug.
*
* @var null|string
*/
public $slug;
/**
* The extension version.
*
* @var null|string
*/
public $version;
/**
* A collection of threats related to this version of the extension.
*
* @deprecated 0.4.0 This property is deprecated. Use Threat_Model::$extension instead.
*
* @var array<Threat_Model>
*/
public $threats = array();
/**
* Whether the extension has been checked for threats.
*
* @var null|bool
*/
public $checked;
/**
* The type of extension ("plugins", "themes", or "core").
*
* @var null|string
*/
public $type;
/**
* Extension Model Constructor
*
* @param array|object $extension Extension data to load into the model instance.
*/
public function __construct( $extension = array() ) {
if ( is_object( $extension ) ) {
$extension = (array) $extension;
}
foreach ( $extension as $property => $value ) {
if ( property_exists( $this, $property ) ) {
// use the property's setter method when possible
if ( method_exists( $this, "set_$property" ) ) {
$this->{ "set_$property" }( $value );
continue;
}
// otherwise, map the value directly into the class property
$this->$property = $value;
}
}
}
/**
* Set Threats
*
* @deprecated 0.4.0 This method is deprecated. Use Threat_Model::$extension instead.
*
* @param array<Threat_Model|array|object> $threats An array of threat data to add to the extension.
*/
public function set_threats( $threats ) {
if ( ! is_array( $threats ) ) {
// @phan-suppress-next-line PhanDeprecatedProperty -- Maintaining backwards compatibility.
$this->threats = array();
return;
}
// convert each provided threat item into an instance of Threat_Model
$threats = array_map(
function ( $threat ) {
if ( is_a( $threat, 'Threat_Model' ) ) {
return $threat;
}
if ( is_object( $threat ) ) {
$threat = (array) $threat;
}
return new Threat_Model( $threat );
},
$threats
);
// @phan-suppress-next-line PhanDeprecatedProperty -- Maintaining backwards compatibility.
$this->threats = $threats;
}
}
@@ -0,0 +1,144 @@
<?php
/**
* Model class for Protect history report data.
*
* @package automattic/jetpack-protect-models
*/
namespace Automattic\Jetpack\Protect_Models;
/**
* Model class for the Protect history report data.
*/
class History_Model {
/**
* The date and time when the history was generated.
*
* @var string
*/
public $last_checked;
/**
* Threats.
*
* @since 0.4.0
*
* @var array<Threat_Model>
*/
public $threats = array();
/**
* Whether there was an error loading the history.
*
* @var bool
*/
public $error = false;
/**
* The error code thrown when loading the history.
*
* @var string
*/
public $error_code;
/**
* The error message thrown when loading the history.
*
* @var string
*/
public $error_message;
/**
* The number of threats.
*
* @deprecated 0.4.0 This property is deprecated. Count History_Model::$threats instead.
*
* @var int
*/
public $num_threats;
/**
* The number of core threats.
*
* @deprecated 0.4.0 This property is deprecated. Filter and count History_Model::$threats instead.
*
* @var int
*/
public $num_core_threats;
/**
* The number of plugin threats.
*
* @deprecated 0.4.0 This property is deprecated. Filter and count History_Model::$threats instead.
*
* @var int
*/
public $num_plugins_threats;
/**
* The number of theme threats.
*
* @deprecated 0.4.0 This property is deprecated. Filter and count History_Model::$threats instead.
*
* @var int
*/
public $num_themes_threats;
/**
* WordPress core.
*
* @deprecated 0.4.0 This property is deprecated. Use History_Model::$threats instead.
*
* @var array<Extension_Model>
*/
public $core = array();
/**
* Status themes.
*
* @deprecated 0.4.0 This property is deprecated. Filter and use History_Model::$threats instead.
*
* @var array<Extension_Model>
*/
public $themes = array();
/**
* Status plugins.
*
* @deprecated 0.4.0 This property is deprecated. Filter and use History_Model::$threats instead.
*
* @var array<Extension_Model>
*/
public $plugins = array();
/**
* File threats.
*
* @deprecated 0.4.0 This property is deprecated. Filter and use History_Model::$threats instead.
*
* @var array<Extension_Model>
*/
public $files = array();
/**
* Database threats.
*
* @deprecated 0.4.0 This property is deprecated. Filter and use History_Model::$threats instead.
*
* @var array<Extension_Model>
*/
public $database = array();
/**
* Status constructor.
*
* @param array $history The history data to load into the class instance.
*/
public function __construct( $history = array() ) {
foreach ( $history as $property => $value ) {
if ( property_exists( $this, $property ) ) {
$this->$property = $value;
}
}
}
}
@@ -0,0 +1,16 @@
<?php
/**
* This package contains the models used in the Protect plugin.
*
* @package automattic/jetpack-protect-models
*/
namespace Automattic\Jetpack;
/**
* Class description.
*/
class Protect_Models {
const PACKAGE_VERSION = '0.6.5';
}
@@ -0,0 +1,174 @@
<?php
/**
* Model class for Protect status report data.
*
* @package automattic/jetpack-protect-models
*/
namespace Automattic\Jetpack\Protect_Models;
/**
* Model class for the Protect status report data.
*/
class Status_Model {
/**
* Data source.
*
* @var string protect_report|scan_api
*/
public $data_source;
/**
* The date and time when the status was generated.
*
* @var string
*/
public $last_checked;
/**
* The current report status.
*
* @var string in_progress|scheduled|idle|scanning|provisioning|unavailable
*/
public $status;
/**
* The current reported security threats.
*
* @since 0.4.0
*
* @var array<Threat_Model>
*/
public $threats = array();
/**
* List of fixable threat IDs.
*
* @var string[]
*/
public $fixable_threat_ids = array();
/**
* Whether the site includes items that have not been checked.
*
* @var boolean
*/
public $has_unchecked_items;
/**
* The estimated percentage of the current scan.
*
* @var int
*/
public $current_progress;
/**
* Whether there was an error loading the status.
*
* @var bool
*/
public $error = false;
/**
* The error code thrown when loading the status.
*
* @var string
*/
public $error_code;
/**
* The error message thrown when loading the status.
*
* @var string
*/
public $error_message;
/**
* The number of threats.
*
* @deprecated 0.4.0 This property is deprecated. Count Status_Model::$threats instead.
*
* @var int
*/
public $num_threats;
/**
* The number of plugin threats.
*
* @deprecated 0.4.0 This property is deprecated. Filter and count Status_Model::$threats instead.
*
* @var int
*/
public $num_plugins_threats;
/**
* The number of theme threats.
*
* @deprecated 0.4.0 This property is deprecated. Filter and count Status_Model::$threats instead.
*
* @var int
*/
public $num_themes_threats;
/**
* WordPress core status.
*
* @deprecated 0.4.0 This property is deprecated. Filter and use Status_Model::$threats instead.
*
* @var object
*/
public $core;
/**
* Status themes.
*
* @deprecated 0.4.0 This property is deprecated. Filter and use Status_Model::$threats instead.
*
* @var array<Extension_Model>
*/
public $themes = array();
/**
* Status plugins.
*
* @deprecated 0.4.0 This property is deprecated. Filter and use Status_Model::$threats instead.
*
* @var array<Extension_Model>
*/
public $plugins = array();
/**
* File threats.
*
* @deprecated 0.4.0 This property is deprecated. Filter and use Status_Model::$threats instead.
*
* @var array<Extension_Model>
*/
public $files = array();
/**
* Database threats.
*
* @deprecated 0.4.0 This property is deprecated. Filter and use Status_Model::$threats instead.
*
* @var array<Extension_Model>
*/
public $database = array();
/**
* Status constructor.
*
* @param array $status The status data to load into the class instance.
*/
public function __construct( $status = array() ) {
// set status defaults
// @phan-suppress-next-line PhanDeprecatedProperty -- Maintaining backwards compatibility.
$this->core = new \stdClass();
foreach ( $status as $property => $value ) {
if ( property_exists( $this, $property ) ) {
$this->$property = $value;
}
}
}
}
@@ -0,0 +1,272 @@
<?php
/**
* Model class for threat data.
*
* @package automattic/jetpack-protect-models
*/
namespace Automattic\Jetpack\Protect_Models;
/**
* Model class for threat data.
*/
class Threat_Model {
/**
* Threat ID.
*
* @var null|string
*/
public $id;
/**
* Threat Signature.
*
* @var null|string
*/
public $signature;
/**
* Threat Title.
*
* @var null|string
*/
public $title;
/**
* Threat Description.
*
* @var null|string
*/
public $description;
/**
* The data the threat was first detected.
*
* @var null|string
*/
public $first_detected;
/**
* The version the threat is fixed in.
*
* @var null|string
*/
public $fixed_in;
/**
* The date the threat is fixed on.
*
* @var null|string
*/
public $fixed_on;
/**
* The severity of the threat between 1-5.
*
* @var null|int
*/
public $severity;
/**
* Information about the auto-fix available for this threat. False when not auto-fixable.
*
* @var null|bool|object
*/
public $fixable;
/**
* The current status of the threat.
*
* @var null|string
*/
public $status;
/**
* The filename of the threat.
*
* @var null|string
*/
public $filename;
/**
* The context of the threat.
*
* @var null|object
*/
public $context;
/**
* The database table of the threat.
*
* @var null|string
*/
public $table;
/**
* Additional details about the database threat.
*
* @var null|object
*/
public $details;
/**
* The source URL of the threat.
*
* @var null|string
*/
public $source;
/**
* The threat's extension information.
*
* @since 0.4.0
*
* @var null|Extension_Model
*/
public $extension;
/**
* The threat's related vulnerabilities.
*
* @since 0.5.0
*
* @var null|Vulnerability_Model[]
*/
public $vulnerabilities;
/**
* Threat Constructor
*
* @param array|object $threat Threat data to load into the class instance.
*/
public function __construct( $threat ) {
if ( is_object( $threat ) ) {
$threat = (array) $threat;
}
foreach ( $threat as $property => $value ) {
if ( 'extension' === $property && ! empty( $value ) ) {
$this->extension = new Extension_Model( $value );
continue;
}
if ( property_exists( $this, $property ) ) {
$this->$property = $value;
}
}
}
/**
* Get the ID value of the threat based on its related extension and vulnerabilities.
*
* @since 0.5.0
*
* @param Extension_Model $extension The extension to get the ID from.
*
* @return string
*/
private static function get_id_from_vulnerable_extension( Extension_Model $extension ) {
return "$extension->type-$extension->slug-$extension->version";
}
/**
* Get the title from a vulnerable extension.
*
* @since 0.5.0
*
* @param Extension_Model $extension The extension to get the title from.
*
* @return string|null
*/
private static function get_title_from_vulnerable_extension( Extension_Model $extension ) {
$titles = array(
'plugins' => sprintf(
/* translators: placeholders are the theme name and version number. Example: "Vulnerable theme: Jetpack (version 1.2.3)" */
__( 'Vulnerable plugin: %1$s (version %2$s)', 'jetpack-protect-models' ),
$extension->name,
$extension->version
),
'themes' => sprintf(
/* translators: placeholders are the theme name and version number. Example: "Vulnerable theme: Jetpack (version 1.2.3)" */
__( 'Vulnerable theme: %1$s (version %2$s)', 'jetpack-protect-models' ),
$extension->name,
$extension->version
),
'core' => sprintf(
/* translators: placeholder is the version number. Example: "Vulnerable WordPress (version 1.2.3)" */
__( 'Vulnerable WordPress (version %s)', 'jetpack-protect-models' ),
$extension->version
),
);
return $titles[ $extension->type ] ?? null;
}
/**
* Get the description from a vulnerable extension.
*
* @since 0.5.0
*
* @param Extension_Model $extension The extension to get the description from.
* @param array $vulnerabilities The vulnerabilities to get the description from.
*
* @return string
*/
private static function get_description_from_vulnerable_extension( Extension_Model $extension, array $vulnerabilities ) {
return sprintf(
/* translators: placeholders are the theme name and version number. Example: "The installed version of Jetpack (1.2.3) has a known security vulnerability." */
_n( 'The installed version of %1$s (%2$s) has a known security vulnerability.', 'The installed version of %1$s (%2$s) has known security vulnerabilities.', count( $vulnerabilities ), 'jetpack-protect-models' ),
$extension->name,
$extension->version
);
}
/**
* Get the latest fixed_in version from a list of vulnerabilities.
*
* @since 0.5.0
*
* @param array $vulnerabilities The vulnerabilities to get the fixed_in version from.
*
* @return string|bool|null The latest fixed_in version, or false if any of the vulnerabilities are not fixed.
*/
private static function get_fixed_in_from_vulnerabilities( array $vulnerabilities ) {
$fixed_in = null;
foreach ( $vulnerabilities as $vulnerability ) {
// If any of the vulnerabilities are not fixed, the threat is not fixed.
if ( ! $vulnerability->fixed_in ) {
break;
}
// Use the latest available fixed_in version.
if ( ! $fixed_in || ( $fixed_in && version_compare( $vulnerability->fixed_in, $fixed_in, '>' ) ) ) {
$fixed_in = $vulnerability->fixed_in;
}
}
return $fixed_in;
}
/**
* Generate a threat from extension vulnerabilities.
*
* @since 0.5.0
*
* @param Extension_Model $extension The extension to generate the threat for.
* @param Vulnerability_Model[] $vulnerabilities The vulnerabilities to generate the threat from.
*
* @return Threat_Model
*/
public static function generate_from_extension_vulnerabilities( Extension_Model $extension, array $vulnerabilities ) {
return new Threat_Model(
array(
'id' => self::get_id_from_vulnerable_extension( $extension ),
'title' => self::get_title_from_vulnerable_extension( $extension ),
'description' => self::get_description_from_vulnerable_extension( $extension, $vulnerabilities ),
'fixed_in' => self::get_fixed_in_from_vulnerabilities( $vulnerabilities ),
'vulnerabilities' => $vulnerabilities,
)
);
}
}
@@ -0,0 +1,94 @@
<?php
/**
* Model class for vulnerability data.
*
* @package automattic/jetpack-protect-models
*/
namespace Automattic\Jetpack\Protect_Models;
use Automattic\Jetpack\Redirect;
/**
* Model class for vulnerability data.
*/
class Vulnerability_Model {
/**
* Vulnerability ID.
*
* @var null|string
*/
public $id;
/**
* Vulnerability Title.
*
* @var null|string
*/
public $title;
/**
* Vulnerability Description.
*
* @var null|string
*/
public $description;
/**
* The version the vulnerability is fixed in.
*
* @var null|string
*/
public $fixed_in;
/**
* The version the vulnerability was introduced.
*
* @var null|string
*/
public $introduced_in;
/**
* The type of vulnerability.
*
* @var null|string
*/
public $type;
/**
* The source URL for the vulnerability.
*
* @var null|string
*/
public $source;
/**
* Vulnerability Constructor
*
* @param array|object $vulnerability Vulnerability data to load into the class instance.
*/
public function __construct( $vulnerability ) {
// Initialize the vulnerability data.
foreach ( $vulnerability as $property => $value ) {
if ( property_exists( $this, $property ) ) {
$this->$property = $value;
}
}
// Ensure the source URL is set.
$this->get_source();
}
/**
* Get the source URL for the vulnerability.
*
* @return string
*/
public function get_source() {
if ( empty( $this->source ) && $this->id ) {
$this->source = Redirect::get_url( 'jetpack-protect-vul-info', array( 'path' => $this->id ) );
}
return $this->source;
}
}