Filesystem scan reports

CHANGELOG.md

@@ -1,7 +1,9 @@
 Changelog
 =========
 
-## 1.1.*
+## 1.2.0 (2020-10-06)
+ * Scan Reports process
+ * Scan Reports view
  * Added console commands
  * Translations and log activity
  * Added filesystem scan functionality

Module.php

@@ -6,7 +6,7 @@
  * Yii2 Guard
  *
  * @category        Module
- * @version         1.1.0
+ * @version         1.2.0
  * @author          Alexsander Vyshnyvetskyy <[email protected]>
  * @link            https://github.com/wdmg/yii2-guard
  * @copyright       Copyright (c) 2019 - 2020 W.D.M.Group, Ukraine
@@ -50,7 +50,7 @@ class Module extends BaseModule
     /**
      * @var string the module version
      */
-    private $version = "1.1.0";
+    private $version = "1.2.0";
 
     /**
      * @var integer, priority of initialization
@@ -181,7 +181,7 @@ class Module extends BaseModule
      * @var array, file system scan options
      */
     public $fileSystemScan = [
-        'scanInterval' => 21600, // seconds, null|false - for disable auto scan
+        'scanInterval' => null, // integer seconds, null|false - for disable auto scan
         'autoClear' => true, // deletes reports oldest a week
         'onlyTypes' => [
             "*.php",
@@ -192,7 +192,9 @@ class Module extends BaseModule
             "@runtime",
             "@tests",
             "@runtime/cache",
-            "@webroot/assets"
+            "@webroot/assets",
+            "/node_modules",
+            "/.git"
         ]
     ];
 

README.md

@@ -4,7 +4,7 @@
 ![Progress](https://img.shields.io/badge/progress-ready_to_use-green.svg)
 [![GitHub license](https://img.shields.io/github/license/wdmg/yii2-guard.svg)](https://github.com/wdmg/yii2-guard/blob/master/LICENSE)
 
-<img src="./docs/images/yii2-guard.png" width="100%" alt="Yii2 Composite Forms" />
+<img src="./docs/images/yii2-guard.png" width="100%" alt="Security system for Yii2" />
 
 # Yii2 Guard
 Security system for Yii2. The extension is able to detect and repel Overdrive attack, XSS attack, LFI / RFI / RCE attack, PHP / SQL injection attacks, and block by over rate limit.
@@ -117,7 +117,8 @@ Use the `Module::dashboardNavItems()` method of the module to generate a navigat
     ?>
 
 # Status and version [ready to use]
-* v.1.1.0 - Up to date dependencies
+* v.1.2.0 - Filesystem scan reports
+* v.1.1.0 - Added blocking by IP functionality
 * v.1.0.2 - Up to date dependencies
 * v.1.0.1 - Fixed deprecated class declaration
 * v.1.0.0 - Added base module and model, behaviors and filters

commands/InitController.php

@@ -42,7 +42,9 @@ public function actionIndex($params = null)
         echo "Select the operation you want to perform:\n";
         echo "  1) Apply all module migrations\n";
         echo "  2) Revert all module migrations\n";
-        echo "  3) Scan filesystem for modifications\n\n";
+        echo "  3) Scan filesystem for modifications\n";
+        echo "  4) Clear all filesystem scan reports\n";
+        echo "  5) Delete all filesystem scan reports\n\n";
         echo "Your choice: ";
 
         if(!is_null($this->choice))
@@ -51,10 +53,14 @@ public function actionIndex($params = null)
             $selected = trim(fgets(STDIN));
 
         if ($selected == "1") {
-            Yii::$app->runAction('migrate/up', ['migrationPath' => '@vendor/wdmg/yii2-guard/migrations', 'interactive' => true]);
+
+            Yii:: $app->runAction('migrate/up', ['migrationPath' => '@vendor/wdmg/yii2-guard/migrations', 'interactive' => true]);
+
         } else if($selected == "2") {
+
             Yii::$app->runAction('migrate/down', ['migrationPath' => '@vendor/wdmg/yii2-guard/migrations', 'interactive' => true]);
-        } else if($selected == "3") {
+
+        } else if ($selected == "3") {
 
             echo $this->ansiFormat("\nFilesystem scanning started...\n", Console::FG_YELLOW);
 
@@ -77,6 +83,22 @@ public function actionIndex($params = null)
                 echo $this->ansiFormat("Error filesystem scanning.\n", Console::FG_RED);
             }
 
+        } else if ($selected == "4") {
+
+            $scanner = new Scanning();
+            if ($scanner->clearOldReports(true))
+                echo $this->ansiFormat("Filesystem scan reports cleared succesfull!\n", Console::FG_GREEN);
+            else
+                echo $this->ansiFormat("Error clearing filesystem scanning reports.\n", Console::FG_RED);
+
+        } else if ($selected == "5") {
+
+            $scanner = new Scanning();
+            if ($scanner->deleteAll())
+                echo $this->ansiFormat("Filesystem scan reports deleted succesfull!\n", Console::FG_GREEN);
+            else
+                echo $this->ansiFormat("Error deleting filesystem scanning reports.\n", Console::FG_RED);
+
         } else {
             echo $this->ansiFormat("Error! Your selection has not been recognized.\n\n", Console::FG_RED);
             return ExitCode::UNSPECIFIED_ERROR;

composer.json

@@ -4,7 +4,7 @@
   "keywords": ["yii2", "yii2-guard", "guard", "security", "wdmg"],
   "type": "yii2-extension",
   "license": "MIT",
-  "version": "1.1.0",
+  "version": "1.2.0",
   "homepage": "https://github.com/wdmg/yii2-guard",
   "support": {
     "source": "https://github.com/wdmg/yii2-guard",
@@ -22,8 +22,8 @@
   ],
   "require": {
     "yiisoft/yii2": "^2.0.35",
-    "wdmg/yii2-base": "^1.2.4",
-    "wdmg/yii2-helpers": "^1.3.6",
+    "wdmg/yii2-base": "^1.3.0",
+    "wdmg/yii2-helpers": "^1.4.0",
     "wdmg/yii2-validators": "^1.0.6"
   },
   "minimum-stability": "dev",
@@ -79,7 +79,7 @@
       "forbiddenLayout": "@wdmg/guard/views/layouts/default",
       "useFileSystemScan": true,
       "fileSystemScan": {
-        "scanInterval": 21600,
+        "scanInterval": null,
         "autoClear": true,
         "onlyTypes": [
           "*.php",
@@ -90,7 +90,9 @@
           "@runtime",
           "@tests",
           "@runtime/cache",
-          "@webroot/assets"
+          "@webroot/assets",
+          "/node_modules",
+          "/.git"
         ]
       },
       "scanReport": {

controllers/ScanController.php

@@ -5,6 +5,8 @@
 use Yii;
 use wdmg\guard\models\Scanning;
 use wdmg\guard\models\ScanningSearch;
+use yii\data\ActiveDataProvider;
+use yii\data\ArrayDataProvider;
 use yii\web\Controller;
 use yii\web\NotFoundHttpException;
 use yii\filters\VerbFilter;
@@ -54,7 +56,6 @@ public function behaviors()
         return $behaviors;
     }
 
-
     /**
      * Lists all Scanning reports.
      * @return mixed
@@ -78,7 +79,7 @@ public function actionIndex()
      * @return mixed
      * @throws NotFoundHttpException if the model cannot be found
      */
-    public function actionScan($id)
+    /*public function actionScan($id)
     {
         $model = new Scanning();
         $model->scan();
@@ -88,6 +89,27 @@ public function actionScan($id)
             'searchModel' => $searchModel,
             'dataProvider' => $dataProvider,
         ]);
+    }*/
+
+    public function actionScan($action = null)
+    {
+        if (Yii::$app->request->isAjax) {
+            if ($action == 'progress') {
+                $report = Yii::$app->getCache()->get('scan-report');
+                return $this->asJson([
+                    'progress' => ((isset($report['progress'])) ? $report['progress'] : 0),
+                    'status' => ((isset($report['status'])) ? $report['status'] : false),
+                    'log' => ((isset($report['runtime']['log'])) ? $report['runtime']['log'] : null)
+                ]);
+            } else if ($action == 'run') {
+                if ($module = Yii::$app->getModule('admin/guard'))
+                    return $this->asJson($module->runConsole('admin/guard --choice 3'));
+                elseif ($module = Yii::$app->getModule('guard'))
+                    return $this->asJson($module->runConsole('guard --choice 3'));
+            }
+            return $this->renderAjax('_scan');
+        }
+        return $this->redirect(['index']);
     }
 
     /**
@@ -102,26 +124,43 @@ public function actionView($id)
             $model = $this->findModel($id);
             if ($data = $model->compareReports($model->data, $id)) {
                 $report = $model->buildReport($data, false);
+                $dataProvider = new ArrayDataProvider([
+                    'allModels' => $report
+                ]);
                 return $this->renderAjax('_view', [
                     'model' => $model,
-                    'files' => $report,
+                    'report' => $dataProvider,
                 ]);
             }
         }
         return $this->redirect(['index']);
     }
 
     /**
-     * Deletes an existing Scanning report.
+     * Deletes an all Scanning reports.
      * If deletion is successful, the browser will be redirected to the 'index' page.
      * @param integer $id
      * @return mixed
      * @throws NotFoundHttpException if the model cannot be found
      */
-    public function actionDelete($id)
+    public function actionDelete()
     {
-        $this->findModel($id)->delete();
+        $model = new Scanning();
+        $model->deleteAll();
+        return $this->redirect(['index']);
+    }
 
+    /**
+     * Clear an all data of Scanning reports.
+     * If deletion is successful, the browser will be redirected to the 'index' page.
+     * @param integer $id
+     * @return mixed
+     * @throws NotFoundHttpException if the model cannot be found
+     */
+    public function actionClear()
+    {
+        $model = new Scanning();
+        $model->clearOldReports(true);
         return $this->redirect(['index']);
     }
 

messages/ru-RU/app/modules/guard.php

@@ -2,7 +2,7 @@
 
 return [
 
-    'It seems that you have not changed your access password for a long time. We recommend that you, periodically, change the password for access to the administrative interface of the site.' => "Похоже, что Вы давно не меняли пароль доступа. Рекомендуем переодически менять пароль доступа к административному интерфейсу сайта.",
+    'It seems that you have not changed your access password for a long time. We recommend that you, periodically, change the password for access to the administrative interface of the site.' => "Похоже, что Вы давно не меняли пароль доступа. Рекомендуем периодически менять пароль доступа к административному интерфейсу сайта.",
 
     'Security' => "Безопасность",
     'Banned List' => "Список блокировок",
@@ -54,6 +54,9 @@
     'Apply' => "Применить",
     'Go' => "Начать",
 
+    'Summary' => "Детали",
+    'Result' => "Результат",
+
     'Blocking period' => "Срок блокировки",
     'Default' => "По-умолчанию",
     '1 hour' => "1 час",
@@ -102,6 +105,9 @@
     'SQL-injection detected.' => "Обнаружена попытка SQL-инъекции.",
     'Access denied from security reason.' => "В доступе отказано по соображениям безопасности.",
 
+    'Clear Up' => "Очистка данных",
+    'Run Scan' => "Запуск сканирования",
+    'Delete all reports' => "Удалить все отчёты",
     'Scan Report' => "Отчёт сканирования",
     'Scan Reports' => "Отчёты сканирования",