From 58f9db680930a597c147831fe907b3fe3efa230c Mon Sep 17 00:00:00 2001
From: alexandergull <alex.g@cleantalk.org>
Date: Thu, 26 Dec 2024 21:42:23 +0500
Subject: [PATCH] Upd. Scanner. Cure. Next cure single tries will rescan files
 before cure.

---
 inc/spbc-scanner.php                          | 27 +++++++
 .../SpbctWP/Scanner/CureLog/CureLog.php       | 76 +++++++++++++++++++
 .../SpbctWP/Scanner/Stages/CureStage.php      | 43 +----------
 3 files changed, 107 insertions(+), 39 deletions(-)

diff --git a/inc/spbc-scanner.php b/inc/spbc-scanner.php
index bf337ca14..44b460474 100644
--- a/inc/spbc-scanner.php
+++ b/inc/spbc-scanner.php
@@ -1,5 +1,6 @@
 <?php
 
+use CleantalkSP\Common\Scanner\SignaturesAnalyser\Structures\Verdict;
 use CleantalkSP\SpbctWP\DB;
 use CleantalkSP\SpbctWP\API as SpbcAPI;
 use CleantalkSP\SpbctWP\Helpers\CSV;
@@ -2068,7 +2069,33 @@ function spbc_cure_file($file_fast_hash)
         );
     }
 
+    // rescan file on a single run!
+    $rescan_results = spbc_scanner_rescan_single_file($file_data['path'], md5_file(spbc_get_root_path() . $file_data['path']), spbc_get_root_path());
+    $merged_result = $rescan_results['merged_result'];
+    $verdict = isset($rescan_results['signature_result']) && $rescan_results['signature_result'] instanceof Verdict
+        ? $rescan_results['signature_result']
+        : new Verdict();
+
     $cure_log = new CureLog();
+    if ( $verdict->status === 'OK') {
+        $cure_log->deleteCureLogRecord($file_data['fast_hash']);
+        // update file in the table
+        $wpdb->update(
+            SPBC_TBL_SCAN_FILES,
+            array(
+                'checked_signatures' => 1,
+                'checked_heuristic'  => 1,
+                'status'             => $file_data['status'] === 'MODIFIED' ? 'MODIFIED' : $merged_result['status'],
+                'severity'           => $merged_result['severity'],
+                'weak_spots'         => json_encode($merged_result['weak_spots']),
+                'full_hash'          => md5_file(spbc_get_root_path() . $file_data['path']),
+            ),
+            array('fast_hash' => $file_data['fast_hash']),
+            array('%s', '%s', '%s', '%s', '%s', '%s'),
+            array('%s')
+        );
+        return esc_html__('No threats detected for current file statement.', 'security-malware-firewall');
+    }
 
     $cure_stage = new CureStage(DB::getInstance());
     $cure_log_record = $cure_stage->processCure($file_data);
diff --git a/lib/CleantalkSP/SpbctWP/Scanner/CureLog/CureLog.php b/lib/CleantalkSP/SpbctWP/Scanner/CureLog/CureLog.php
index d93997029..cd671b36d 100644
--- a/lib/CleantalkSP/SpbctWP/Scanner/CureLog/CureLog.php
+++ b/lib/CleantalkSP/SpbctWP/Scanner/CureLog/CureLog.php
@@ -309,6 +309,7 @@ public function hasFailedCureTries()
     }
 
     /**
+     * Get totally failed files fast hashes. If nothing was cured at all.
      * @return array
      */
     public function getTotallyFailedFilesFastHashes()
@@ -320,4 +321,79 @@ public function getTotallyFailedFilesFastHashes()
         }
         return $result;
     }
+
+    /**
+     * Delete a cure log record by fast hash
+     * @param $fast_hash
+     * @return void
+     */
+    public function deleteCureLogRecord($fast_hash)
+    {
+        $query = 'DELETE FROM ' . SPBC_TBL_CURE_LOG . ' WHERE fast_hash = %s';
+        $this->db->prepare($query, array($fast_hash))->execute();
+    }
+
+    /**
+     * Deletes cure log record if status is not cured but file has no signatures treatment
+     * @return void
+     */
+    public function removeIrrelevantFailedFiles()
+    {
+        $query = 'DELETE FROM ' . SPBC_TBL_CURE_LOG .
+                 ' WHERE cure_status = 0 and fast_hash IN
+                    (
+            		    SELECT fast_hash FROM ' . SPBC_TBL_SCAN_FILES . '
+            		    WHERE weak_spots IS NULL OR weak_spots NOT LIKE "%SIGNATURES%"
+				    );';
+        $this->db->execute($query);
+    }
+
+    /**
+     * Remove irrelevant restored files from cure log.
+     * Deletes all the files that has current md5 differ from cured or full hash.
+     * @return void
+     */
+    public function removeIrrelevantRestoredFiles()
+    {
+        $restored_files = $this->getRestoredFiles();
+        if (empty($restored_files)) {
+            return;
+        }
+        $to_remove = array();
+        foreach ($restored_files as $restored_file) {
+            if (
+                !empty($restored_file['real_path']) &&
+                !empty($restored_file['fast_hash']) &&
+                !empty($restored_file['cured_hash']) &&
+                !empty($restored_file['full_hash'])
+            ) {
+                $current_md5 = @md5_file(spbc_get_root_path() . $restored_file['real_path']);
+                if ($current_md5 !== $restored_file['cured_hash'] && $current_md5 !== $restored_file['full_hash']) {
+                    $to_remove[] = $restored_file['fast_hash'];
+                }
+            }
+        }
+        $this->db->execute(
+            'DELETE FROM ' . SPBC_TBL_CURE_LOG . ' WHERE fast_hash IN ("' . implode('","', $to_remove) . '");'
+        );
+    }
+
+    /**
+     * @return array
+     */
+    public function getCureLogData()
+    {
+        // get cure log data
+        $query = '
+                    SELECT fast_hash, full_hash, cured_hash, cure_status, last_cure_date, is_restored
+                    FROM ' . SPBC_TBL_CURE_LOG . '
+                    GROUP BY fast_hash;
+                    ';
+        $result =  $this->db->fetchAll($query, OBJECT_K);
+
+        if (is_null($result) || is_object($result)) {
+            $result = array();
+        }
+        return $result;
+    }
 }
diff --git a/lib/CleantalkSP/SpbctWP/Scanner/Stages/CureStage.php b/lib/CleantalkSP/SpbctWP/Scanner/Stages/CureStage.php
index e8c26027b..a86b5e545 100644
--- a/lib/CleantalkSP/SpbctWP/Scanner/Stages/CureStage.php
+++ b/lib/CleantalkSP/SpbctWP/Scanner/Stages/CureStage.php
@@ -58,8 +58,8 @@ public function runStage($offset, $amount)
         //count first offset counter for total file
         //todo fix this (int) cast, if false - this is error
         if ( $offset === 0 ) {
-            //$cure_log->clearLogDataFromFailedCures();
-            $this->removeIrrelevantRestoredFiles();
+            $cure_log->removeIrrelevantRestoredFiles();
+            $cure_log->removeIrrelevantFailedFiles();
             $this->total_files_to_cure_at_first_run = count($this->getFilesToCure());
             //to facade log
             $stage_data_obj->increase('count_files', $this->total_files_to_cure_at_first_run);
@@ -112,12 +112,8 @@ public function getFilesToCure($limit = null)
         $files_with_signatures = $this->db->fetchAll($files_with_signatures, OBJECT_K);
 
         // get cure log data
-        $cure_log_data = '
-                    SELECT fast_hash, full_hash, cured_hash, cure_status, last_cure_date, is_restored
-                    FROM ' . SPBC_TBL_CURE_LOG . '
-                    GROUP BY fast_hash;
-                    ';
-        $cure_log_data = $this->db->fetchAll($cure_log_data, OBJECT_K);
+        $cure_log = new CureLog();
+        $cure_log_data = $cure_log->getCureLogData();
 
         $to_cure_fast_hashes = array();
         foreach ($files_with_signatures as $key => $value) {
@@ -465,35 +461,4 @@ public function getStageResult()
     {
         return $this->stage_result;
     }
-
-    /**
-     * Remove irrelevant restored files from cure log.
-     * Deletes all the files that has current md5 differ from cured or full hash.
-     * @return void
-     */
-    private function removeIrrelevantRestoredFiles()
-    {
-        $cure_log = new CureLog();
-        $restored_files = $cure_log->getRestoredFiles();
-        if (empty($restored_files)) {
-            return;
-        }
-        $to_remove = array();
-        foreach ($restored_files as $restored_file) {
-            if (
-                !empty($restored_file['real_path']) &&
-                !empty($restored_file['fast_hash']) &&
-                !empty($restored_file['cured_hash']) &&
-                !empty($restored_file['full_hash'])
-            ) {
-                $current_md5 = @md5_file(spbc_get_root_path() . $restored_file['real_path']);
-                if ($current_md5 !== $restored_file['cured_hash'] && $current_md5 !== $restored_file['full_hash']) {
-                    $to_remove[] = $restored_file['fast_hash'];
-                }
-            }
-        }
-        $this->db->execute(
-            'DELETE FROM ' . SPBC_TBL_CURE_LOG . ' WHERE fast_hash IN ("' . implode('","', $to_remove) . '");'
-        );
-    }
 }