yiSގdZddlZddlZddlZddlZddlmZddlmZddl m Z m Z ddl m Z ddlmZddlmZmZdd lmZdd lmZmZdd lmZdd lmZmZdd lmZddlm Z ej!e"Z#de$de%e$fdZ&de$de%e$dzde%e$fdZ'de%e(de(dzde%e(fdZ) dde%e$dedzddfdZ*GddeZ+dS)z6RPC endpoints for WordPress disabled protection rules.N) MessageType) MessageSink)IndexWP_RULES)WPDisabledRule)ValidationError)CommonEndpointsbind) hosting_panel)Scopelog_future_errors)ChangelogProcessor)redeploy_wp_rulesupdate_disabled_rules_on_sites)get_installed_sites_by_domains)get_wp_rules_datauserreturncK tj}|d{V}||gS#t$r(}t d||gcYd}~Sd}~wwxYw)z Get domains for a user from the hosting panel. Returns: List of domains the user owns, or empty list on error. Nz%Failed to get domains for user %s: %s)r HostingPanelget_domains_per_userget Exceptionloggerwarning)rhpdomains_per_useres a/opt/imunify360/venv/lib/python3.11/site-packages/defence360agent/simple_rpc/wp_disabled_rules.py_get_user_domainsr s  ' ) )!#!8!8!:!:::::::##D"--- >aHHH sAA A9A4.A94A9domainscKt|d{V|sstdSfd|D}|std|S)a Validate and filter domains for a non-root user. If no domains specified, returns all user's domains. If domains specified, filters to only those the user owns. Args: user: Username to validate domains for domains: Requested domains, or None for all user's domains Returns: List of validated domains the user can access Raises: ValidationError: If user has no domains or no access to requested domains NzNo domains found for usercg|]}|v| Sr$.0d user_domainss r z*_validate_user_domains..Hs#BBB\0A0A!0A0A0Az5You don't have access to any of the specified domains)r r)rr!authorized_domainsr(s @r_validate_user_domainsr,/s&+400000000L  ?!"=>> >BBBBWBBB   C    r*disabled_rules wp_rules_datacg}|D]f}|d}|r||ini}|i||d|ddg|S)a9 Enrich disabled rules with metadata from wp-rules.yaml. Args: disabled_rules: List of disabled rule dicts from WPDisabledRule.fetch() wp_rules_data: Parsed wp-rules.yaml data, or None if unavailable Returns: List of enriched rule dicts with component and versions added rule_idtargetversions) componentr2)rappend)r-r.enrichedruler0metadatas r_enrich_with_metadatar8PsH   y/5BJ=$$Wb111  %\\(33$LL44        Or*sinkcK t|}|sdSt||d{VdS#t$r(}td|dYd}~dSd}~wwxYw)aProcess pending changelog files for the given domains before an API change. This "Just-in-Time" sync ensures the database reflects any WordPress-side changes before the agent applies its own disable/enable operation. File regeneration (disabled-rules.php) is intentionally skipped here because the calling API endpoint will regenerate files after its own DB mutation. N)r9zJIT changelog sync failed: %sT)exc_info)rrprocess_changelogs_for_sitesrrr)r!r9sitesrs r_jit_sync_changelogsr>msJ.w77  F ""?? @            JJJ6DIIIIIIIIIJsA)A A4 A//A4ceZdZdZejZeddd dded ed e e dzd e dzd e ee e ff d Z de de d e e dzd e dzd e f dZeddd dde d e e dzd e dzd e fdZeddd dde d e e dzd e dzd e fdZdS)WPDisabledRulesEndpointsz:Endpoints for listing disabled WordPress protection rules.zwordpress-pluginrulesz list-disabled2rNlimitoffsetr!rrc K|r.t|d{V |s }n fd|D}|sdgfStj||||du\}} ttd}t |}n4#t $r'} td| d}Yd} ~ nd} ~ wwxYwt||} || fS)a List disabled WordPress protection rules with metadata. When user is provided, returns rules for that user's domains. Otherwise, returns all disabled rules. Args: limit: Maximum number of rules to return offset: Number of rules to skip domains: Filter by specific domains (optional) user: Username (populated by middleware) Returns: Tuple of (total_count, list of enriched rule dicts) Ncg|]}|v| Sr$r$r%s rr)z@WPDisabledRulesEndpoints.list_disabled_rules..s#CCCl1B1B11B1B1Br*r)rCrDr(include_globalF)integrity_checkz Failed to load wp-rules data: %s) r rfetchrrrrrrr8) selfrCrDr!r total_countr-wp_rules_indexr.renriched_rulesr(s @rlist_disabled_rulesz,WPDisabledRulesEndpoints.list_disabled_ruless0  !!24!8!8888888L !&CCCCgCCC!b5L'5&: 4< ' ' ' # ^ !"8UCCCN-n==MM ! ! ! NN=q A A A MMMMMM ! /~}MMN**s%A88 B)B$$B)actionr6c fK|d}n< tj|j}n!#t$rt d|dwxYw|rt ||d{V}|rt ||jd{V|dkr/tj ||tj |tj }n"tj ||tj} |j|d||pgt!j|tj d{Vn4#t"$r'}t$d |||Yd}~nd}~wwxYw|r#t)jt-| }n t)jt/}|t2iS) z8Shared implementation for disable/enable rule endpoints.NrzUser 'z ' not founddisable)r0r!sourceuser_id)r0r! wordpress) plugin_idr6r! timestamprSrRz#Failed to report rule %s for %s: %s)r!)pwdgetpwnampw_uidKeyErrorrr,r>_sinkrstore SOURCE_AGENTrWPRuleDisabledremove WPRuleEnabledprocess_messagetimerrerrorasyncio create_taskrradd_done_callbackr ) rJrOr6r!rrS message_clsrtasks r _toggle_rulez%WPDisabledRulesEndpoints._toggle_rulesL <GG B,t,,3 B B B%&@t&@&@&@AAA B  B24AAAAAAAAG  <&w ;; ; ; ; ; ; ; ; Y    %2      &4KK  !$ @ @ @ @%3K *,, )#Mr"ikk#)6               LL5vtQ           <&.w???DD &'8':':;;D 0111 s"#AA D E(E  ErQcBK|d|||d{VS)av Disable a WordPress protection rule globally or for specific domains. Root users can disable globally (no domains) or for specific domains. Non-root users can disable for all their domains (by specifying no domains) or for specific domains. Non-root users can only disable for domains they own. Args: rule: The rule ID to disable (e.g., "CVE-2025-001") domains: List of domains to disable the rule for, or None for global user: Username (populated by middleware for non-root users) Returns: Empty dict on success. rQNrirJr6r!rs r disable_rulez%WPDisabledRulesEndpoints.disable_rules4.&&y$FFFFFFFFFr*enablecBK|d|||d{VS)a Re-enable a WordPress protection rule globally or for specific domains. Root users can enable globally (no domains) or for specific domains. Non-root users can enable for all their domains (no domains) or specific ones. Non-root users can only enable for domains they own. Note: Enabling at one scope doesn't affect the other scope. E.g., enabling globally leaves domain-specific disables intact. Args: rule: The rule ID to enable (e.g., "CVE-2025-001") domains: List of domains to enable the rule for, or None for global user: Username (populated by middleware for non-root users) Returns: Empty dict on success rnNrkrls r enable_rulez$WPDisabledRulesEndpoints.enable_rules44&&xwEEEEEEEEEr*)rBrNN)NN)__name__ __module__ __qualname____doc__r AV_IM360SCOPEr intliststrtupledictrNrirmrpr$r*rr@r@sDD NE T g77$( 6+6+6+6+cT! 6+ Dj 6+ sDJ  6+6+6+876+p???cT! ? Dj ?  ????B T gy11%) GGGcT!GDj G  GGG21G0 T gx00%) FFFcT!FDj F  FFF10FFFr*r@)N),rtrdloggingrWrb"defence360agent.contracts.messagesr!defence360agent.contracts.pluginsrdefence360agent.filesrr&defence360agent.model.wp_disabled_rulerdefence360agent.rpc_toolsr defence360agent.rpc_tools.lookupr r defence360agent.subsys.panelsr defence360agent.utilsr r -defence360agent.wordpress.changelog_processorr defence360agent.wordpress.pluginrr)defence360agent.wordpress.site_repositoryr"defence360agent.wordpress.wp_rulesr getLoggerrqrryrxr r,r{r8r>r@r$r*rrs<< ::::::99999911111111AAAAAA555555BBBBBBBB777777::::::::A@@@@@  8 $ $ # $s)      S D( #YBJ/3d{ $Z<48JJ #YJ)D0J JJJJ*rFrFrFrFrFrFrFrFrFrFr*