Changeset 3135233

Timestamp:

08/14/2024 03:37:17 AM (16 months ago)

Author:

njweller

Message:

New 1.16 version release

Location:

wpscan

Files:

• tags/1.16 (copied) (copied from wpscan/trunk)
• tags/1.16/app/Notification.php (modified) (8 diffs)
• tags/1.16/app/Plugin.php (modified) (1 diff)
• tags/1.16/assets/js/download-report.js (modified) (1 diff)
• tags/1.16/readme.txt (modified) (2 diffs)
• tags/1.16/views/report.php (modified) (1 diff)
• tags/1.16/wpscan.php (modified) (1 diff)
• trunk/app/Notification.php (modified) (8 diffs)
• trunk/app/Plugin.php (modified) (1 diff)
• trunk/assets/js/download-report.js (modified) (1 diff)
• trunk/readme.txt (modified) (2 diffs)
• trunk/views/report.php (modified) (1 diff)
• trunk/wpscan.php (modified) (1 diff)

wpscan/tags/1.16/app/Notification.php

@@ -17 +17 @@
     private $page;
 
+    /** @var Plugin $parent */
+    private $parent;
+
     /**
      * Class constructor.
@@ -43 +46 @@
         $total = $this->parent->get_total();
 
-        register_setting( $this->page, $this->parent->OPT_EMAIL, array( $this, 'sanitize_email' ) );
-        register_setting( $this->page, $this->parent->OPT_INTERVAL, array( $this, 'sanitize_interval' ) );
+        \register_setting( $this->page, $this->parent->OPT_EMAIL, array( $this, 'sanitize_email' ) );
+        \register_setting( $this->page, $this->parent->OPT_INTERVAL, array( $this, 'sanitize_interval' ) );
+        \register_setting( $this->page, $this->parent->OPT_WEBHOOK, array( $this, 'sanitize_url' ) );
+
 
         $section = $this->page . '_section';
@@ -63 +68 @@
         );
 
+        $webhook_section = $this->page . '_webhook_section';
+        add_settings_section( $webhook_section, null, array( $this, 'webhook_intro' ), $this->page );
         add_settings_field(
-            $this->parent->OPT_INTERVAL,
+            $this->parent->OPT_WEBHOOK,
             __( 'Send Alerts', 'wpscan' ),
-            array( $this, 'field_interval' ),
+            array( $this, 'field_webhook' ),
             $this->page,
-            $section
+            $webhook_section
         );
     }
@@ -117 +124 @@
      */
     public function introduction() {
-        echo '<p>' . __( 'Fill in the options below if you want to be notified by mail about new vulnerabilities. To add multiple e-mail addresses comma separate them.', 'wpscan' ) . '</p>';
+        echo '<p>' . __( 'Enter one or more email addresses (separated by a comma) to be notified by email about new vulnerabilities.', 'wpscan' ) . '</p>';
     }
 
@@ -161 +168 @@
 
     /**
+     * Instructions for the webhook setting field
+     *
+     * @since 1.0.0
+     * @access public
+     * @return string
+     */
+    public function webhook_intro() {
+        echo '<p>' . __( 'Enter a webhook URL to receive report data as JSON.', 'wpscan' ) . '</p>';
+    }
+
+    /**
+     * Email field
+     *
+     * @since 1.0.0
+     * @access public
+     * @return string
+     */
+    public function field_webhook() {
+        echo sprintf(
+            '<input type="text" name="%s" value="%s" class="regular-text" placeholder="https://example.com/wpscan-webhook-receiver">',
+            esc_attr( $this->parent->OPT_WEBHOOK ),
+            esc_attr( get_option( $this->parent->OPT_WEBHOOK, '' ) )
+        );
+    }
+
+    /**
      * Sanitize email
      *
@@ -201 +234 @@
 
     /**
+     * Sanitize URL
+     * @since 1.15.8
+     * @access public
+     * 
+     * @param string $value The URL to sanitize
+     * @return string
+     */
+     public function sanitize_url( $value ) {
+        if ( ! empty( $value ) ) {
+            if ( ! filter_var( $value, FILTER_VALIDATE_URL ) ) {
+                add_settings_error( $this->parent->OPT_WEBHOOK, 'invalid-url', __( 'You have entered an invalid webhook URL.', 'wpscan' ) );
+                $value = '';
+            }
+        }
+        return $value;
+    }
+
+    /**
      * Send the notification
      *
@@ -212 +263 @@
         }
 
-        $email    = get_option( $this->parent->OPT_EMAIL );
-        $interval = get_option( $this->parent->OPT_INTERVAL, 'd' );
+        $email       = get_option( $this->parent->OPT_EMAIL );
+        $interval    = get_option( $this->parent->OPT_INTERVAL, 'd' );
+        $report      = get_option( $this->parent->OPT_REPORT );
+        $webhook_url = get_option( $this->parent->OPT_WEBHOOK );
+
+        // Check if the webhook is set.
+        if ( ! empty( $webhook_url ) ) {
+            $this->send_webhook_notification( $webhook_url, $report );
+        }
 
         // Check email or if notifications are disabled.
@@ -302 +360 @@
         }
     }
+
+    /**
+     * Send the webhook notification
+     *
+     * @since 1.0.0
+     * @access public
+     * @return void
+     */
+    public function send_webhook_notification( $url, $report ) {
+        wp_safe_remote_post( $url, array(
+            'body'    => json_encode( $report ),
+            'headers' => array(
+                'Content-Type' => 'application/json',
+            ),
+        ) );
+    }
+
 
     /**

wpscan/tags/1.16/app/Plugin.php

@@ -28 +28 @@
     public $OPT_INTERVAL = 'wpscan_interval';
     public $OPT_IGNORED = 'wpscan_ignored';
+    public $OPT_WEBHOOK = 'wpscan_webhook';
 
     // Report.

wpscan/tags/1.16/assets/js/download-report.js

@@ -485 +485 @@
 
   // Download
-  $('.download-report').on('click', function () {
+  $('.download-pdf-report').on('click', function () {
     let dt = new Date().toJSON().slice(0, 10);
     // pdfMake.createPdf(wpscanReport).open();

wpscan/tags/1.16/readme.txt

@@ -3 +3 @@
 Tags: wpscan, wpvulndb, security, vulnerability, hack, scan, exploit, secure, alerts
 Requires at least: 3.4
-Tested up to: 6.3.2
-Stable tag: 1.15.7
+Tested up to: 6.6
+Stable tag: 1.16
 Requires PHP: 5.5
 License: GPLv3
@@ -92 +92 @@
 
 == Changelog ==
+
+= 1.16 =
+* Allow report to be POST-ed to webhook URL or downloaded as JSON.
 
 = 1.15.7 =

wpscan/tags/1.16/views/report.php

@@ -201 +201 @@
         
           <?php if ( get_option( $this->parent->OPT_API_TOKEN ) ) { ?>
-            <a href="#" class='button button-secondary download-report'><?php _e( 'Download as PDF', 'wpscan' ) ?></a>
+            <a href="#" class='button button-secondary download-report download-pdf-report'><?php _e( 'Download as PDF', 'wpscan' ) ?></a>
+          <?php } ?>
+
+          <?php if ( get_option( $this->parent->OPT_API_TOKEN ) ) { ?>
+            <a href="data:application/json,<?php echo esc_attr( urlencode( json_encode( get_option( $this->parent->OPT_REPORT ) ) ) ) ?>" download="report.json" class='button button-secondary download-report'><?php _e( 'Download as Json', 'wpscan' ) ?></a>
           <?php } ?>
         

wpscan/tags/1.16/wpscan.php

@@ -4 +4 @@
  * Plugin URI:    http://wordpress.org/plugins/wpscan/
  * Description:   WPScan WordPress Security Scanner. Scans your system for security vulnerabilities listed in the WPScan Vulnerability Database.
- * Version:       1.15.7
+ * Version:       1.16
  * Author:        WPScan Team
  * Author URI:    https://wpscan.com/

wpscan/trunk/app/Notification.php

@@ -17 +17 @@
     private $page;
 
+    /** @var Plugin $parent */
+    private $parent;
+
     /**
      * Class constructor.
@@ -43 +46 @@
         $total = $this->parent->get_total();
 
-        register_setting( $this->page, $this->parent->OPT_EMAIL, array( $this, 'sanitize_email' ) );
-        register_setting( $this->page, $this->parent->OPT_INTERVAL, array( $this, 'sanitize_interval' ) );
+        \register_setting( $this->page, $this->parent->OPT_EMAIL, array( $this, 'sanitize_email' ) );
+        \register_setting( $this->page, $this->parent->OPT_INTERVAL, array( $this, 'sanitize_interval' ) );
+        \register_setting( $this->page, $this->parent->OPT_WEBHOOK, array( $this, 'sanitize_url' ) );
+
 
         $section = $this->page . '_section';
@@ -63 +68 @@
         );
 
+        $webhook_section = $this->page . '_webhook_section';
+        add_settings_section( $webhook_section, null, array( $this, 'webhook_intro' ), $this->page );
         add_settings_field(
-            $this->parent->OPT_INTERVAL,
+            $this->parent->OPT_WEBHOOK,
             __( 'Send Alerts', 'wpscan' ),
-            array( $this, 'field_interval' ),
+            array( $this, 'field_webhook' ),
             $this->page,
-            $section
+            $webhook_section
         );
     }
@@ -117 +124 @@
      */
     public function introduction() {
-        echo '<p>' . __( 'Fill in the options below if you want to be notified by mail about new vulnerabilities. To add multiple e-mail addresses comma separate them.', 'wpscan' ) . '</p>';
+        echo '<p>' . __( 'Enter one or more email addresses (separated by a comma) to be notified by email about new vulnerabilities.', 'wpscan' ) . '</p>';
     }
 
@@ -161 +168 @@
 
     /**
+     * Instructions for the webhook setting field
+     *
+     * @since 1.0.0
+     * @access public
+     * @return string
+     */
+    public function webhook_intro() {
+        echo '<p>' . __( 'Enter a webhook URL to receive report data as JSON.', 'wpscan' ) . '</p>';
+    }
+
+    /**
+     * Email field
+     *
+     * @since 1.0.0
+     * @access public
+     * @return string
+     */
+    public function field_webhook() {
+        echo sprintf(
+            '<input type="text" name="%s" value="%s" class="regular-text" placeholder="https://example.com/wpscan-webhook-receiver">',
+            esc_attr( $this->parent->OPT_WEBHOOK ),
+            esc_attr( get_option( $this->parent->OPT_WEBHOOK, '' ) )
+        );
+    }
+
+    /**
      * Sanitize email
      *
@@ -201 +234 @@
 
     /**
+     * Sanitize URL
+     * @since 1.15.8
+     * @access public
+     * 
+     * @param string $value The URL to sanitize
+     * @return string
+     */
+     public function sanitize_url( $value ) {
+        if ( ! empty( $value ) ) {
+            if ( ! filter_var( $value, FILTER_VALIDATE_URL ) ) {
+                add_settings_error( $this->parent->OPT_WEBHOOK, 'invalid-url', __( 'You have entered an invalid webhook URL.', 'wpscan' ) );
+                $value = '';
+            }
+        }
+        return $value;
+    }
+
+    /**
      * Send the notification
      *
@@ -212 +263 @@
         }
 
-        $email    = get_option( $this->parent->OPT_EMAIL );
-        $interval = get_option( $this->parent->OPT_INTERVAL, 'd' );
+        $email       = get_option( $this->parent->OPT_EMAIL );
+        $interval    = get_option( $this->parent->OPT_INTERVAL, 'd' );
+        $report      = get_option( $this->parent->OPT_REPORT );
+        $webhook_url = get_option( $this->parent->OPT_WEBHOOK );
+
+        // Check if the webhook is set.
+        if ( ! empty( $webhook_url ) ) {
+            $this->send_webhook_notification( $webhook_url, $report );
+        }
 
         // Check email or if notifications are disabled.
@@ -302 +360 @@
         }
     }
+
+    /**
+     * Send the webhook notification
+     *
+     * @since 1.0.0
+     * @access public
+     * @return void
+     */
+    public function send_webhook_notification( $url, $report ) {
+        wp_safe_remote_post( $url, array(
+            'body'    => json_encode( $report ),
+            'headers' => array(
+                'Content-Type' => 'application/json',
+            ),
+        ) );
+    }
+
 
     /**

wpscan/trunk/app/Plugin.php

@@ -28 +28 @@
     public $OPT_INTERVAL = 'wpscan_interval';
     public $OPT_IGNORED = 'wpscan_ignored';
+    public $OPT_WEBHOOK = 'wpscan_webhook';
 
     // Report.

wpscan/trunk/assets/js/download-report.js

@@ -485 +485 @@
 
   // Download
-  $('.download-report').on('click', function () {
+  $('.download-pdf-report').on('click', function () {
     let dt = new Date().toJSON().slice(0, 10);
     // pdfMake.createPdf(wpscanReport).open();

wpscan/trunk/readme.txt

@@ -3 +3 @@
 Tags: wpscan, wpvulndb, security, vulnerability, hack, scan, exploit, secure, alerts
 Requires at least: 3.4
-Tested up to: 6.3.2
-Stable tag: 1.15.7
+Tested up to: 6.6
+Stable tag: 1.16
 Requires PHP: 5.5
 License: GPLv3
@@ -92 +92 @@
 
 == Changelog ==
+
+= 1.16 =
+* Allow report to be POST-ed to webhook URL or downloaded as JSON.
 
 = 1.15.7 =

wpscan/trunk/views/report.php

@@ -201 +201 @@
         
           <?php if ( get_option( $this->parent->OPT_API_TOKEN ) ) { ?>
-            <a href="#" class='button button-secondary download-report'><?php _e( 'Download as PDF', 'wpscan' ) ?></a>
+            <a href="#" class='button button-secondary download-report download-pdf-report'><?php _e( 'Download as PDF', 'wpscan' ) ?></a>
+          <?php } ?>
+
+          <?php if ( get_option( $this->parent->OPT_API_TOKEN ) ) { ?>
+            <a href="data:application/json,<?php echo esc_attr( urlencode( json_encode( get_option( $this->parent->OPT_REPORT ) ) ) ) ?>" download="report.json" class='button button-secondary download-report'><?php _e( 'Download as Json', 'wpscan' ) ?></a>
           <?php } ?>
         

wpscan/trunk/wpscan.php

@@ -4 +4 @@
  * Plugin URI:    http://wordpress.org/plugins/wpscan/
  * Description:   WPScan WordPress Security Scanner. Scans your system for security vulnerabilities listed in the WPScan Vulnerability Database.
- * Version:       1.15.7
+ * Version:       1.16
  * Author:        WPScan Team
  * Author URI:    https://wpscan.com/