ׇk/dZddlZddlZddlZddlmZddlmZddlm Z ddl m Z m Z ddl mZddlmZdd lmZdd lmZdd lmZejeZd Zd ZdZdZGddZdS)aProcessor for WordPress rule disable/enable changelog files. The PHP WordPress plugin writes rule change actions to changelog.php when a user disables or enables protection rules from the WordPress admin panel. This module reads, parses, and applies those actions to the agent database. The changelog.php file uses the same format as incident files: ||kr8t d |dd|j||||||rd }| ||||d{V#t$r%} t d | Yd} ~ d} ~ wt$r-} t d ||j| Yd} ~ 2d} ~ wwxYwt d |jt|||S)amParse and apply actions from a changelog file. The file is always deleted after reading, even on parse errors. Actions older than the last sync timestamp are skipped to prevent stale changelog files (e.g. from backup restores) from undoing more recent changes. Returns: True if any DB changes occurred. Ftsrz:Missing or invalid timestamp in changelog action for rule rule_id? on site NzPSkipping stale changelog action for rule %s on site %s (ts=%.0f <= sync_ts=%.0f)Tz$Skipping invalid changelog entry: %sz5Failed to process changelog action %s for site %s: %sz9Processed changelog for site %s: %d action(s), changed=%s)r4_get_last_sync_tsfloatgetr3r*rr_process_action_report_actionwarningr(r)r) rr,r!ractions last_sync_tschangedaction timestampr-s rr&z*ChangelogProcessor._process_changelog_files$ )).$?? 5--d33   F !&**T1"5"566 >>$3%+ZZ 3%?%?33$(L33  + \0I0IKK@ 9c22 !$ ''i@@#"G))&$iHHHHHHHHHH J J JEqIIIIIIII    KL    G L LL     s*BD 7D  E-D33 E-"E((E-rCrDcB|d}|d}|r|std||tkr||||S|tkr|||Std|d|d|j)aApply a single changelog action to the database. Args: action: Parsed action dict with keys: action, rule_id, ts. site: The WordPress site the action belongs to. timestamp: Pre-resolved Unix timestamp for this action. Returns: True if the database state was modified. Raises: ValueError: If the action is missing required fields or has an unknown action type. rCr7z.Missing action or rule_id in changelog entry: zUnknown changelog action 'z ' for rule r9)r<r3ACTION_DISABLE_apply_disable ACTION_ENABLE _apply_enabler*)rrCr!rD action_typer7s rr=z"ChangelogProcessor._process_actions"jj** **Y'' ' III  . ( (&&wi@@ @ M ) )%%gt44 4>[>>$>>/3|>> rcp tj|j}|jS#tj$rYdSwxYw)zGet the last disabled-rules sync timestamp for a site. Returns None if the site has no DB record or no sync timestamp, meaning all actions should be processed. N)r get_by_idr*disabled_rules_sync_ts DoesNotExist)r!db_sites rr:z$ChangelogProcessor._get_last_sync_tssG #-dl;;G1 1)   44 s "55r7cjtj||jgtj|j|}|dkS)zApply a disable action from the changelog. Returns: True if a new disable entry was created (not a no-op). )r7domainssourceuser_idrDr)rstoredomainSOURCE_WORDPRESSuid)r7r!rDcounts rrGz!ChangelogProcessor._apply_disables?$[M!2H    qyrcFtj||jg}|dkS)zvApply an enable action from the changelog. Returns: True if a disable entry was removed. )r7rQr)rremoverU)rr7r!rXs rrIz ChangelogProcessor._apply_enables1 %[M   qyrc K|dS|d}|d}|tkr tj}n|tkr tj}ndS ||d||jg||jtj d{VdS#t$r-}t d||j |Yd}~dSd}~wwxYw)zSend a rule change event to the correlation server. Must only be called for valid actions (after _process_action succeeds). NrCr7 wordpress) plugin_idrulerQrDrSrRzz!ChangelogProcessor._report_action"s, < FX& # . ( (%4KK M ) )%3KK F && ) ![M' H):                LLN            s ?B C"B==Cr+cb|tz } tt|5}tjtj|dd5}|}dddn #1swxYwYdddn #1swxYwYnU#t$rYdSt$r<}|j tj krt d||Yd}~dSd}~wwxYw t|}t|dd}n@#tt f$r,} td |j| Yd} ~ dSd} ~ wwxYw t'j|j} n#t&j$rYdSwxYw| j} | dupt/|| z d kS) aCheck if disabled-rules.php was modified externally. Reads the embedded timestamp from the file and compares it against the stored sync timestamp in the database. If they differ (e.g. file restored from backup), returns True to trigger regeneration. rzutf-8)encodingNFzCannot open %s: %sr6rz.Cannot read disabled-rules.php for site %s: %sg?)DISABLED_RULES_FILENAMEr strosfdopendupreadFileNotFoundErrorr2errnoELOOPrdebugr r;r<r3r?r*rrLrNrMabs) r!r+disabled_rules_pathfdfcontentexcdatafile_tsr-rOdb_tss rr'z0ChangelogProcessor._is_disabled_rules_file_staleMsV')@@ s#67788 'BYrvbzz3AAA'QffhhG''''''''''''''' ' ' ' ' ' ' ' ' ' ' ' ' ' ' '!   55   yEK'' 13FLLL55555  /88DDHHT1--..GG$    NN@     55555   #-dl;;GG)   55 .}:GeO 4 4s ::sB*B A3' B 3A7 7B :A7 ;B > B BBBB C(# C(,1C##C(,2DE0!EE E::F  F )rN)__name__ __module__ __qualname____doc__rlistrrr"boolrrdictr4r&r;r= staticmethodr:rgrGrIr>r'rrrr*so  ++++ F|D  f :$$D $  $$$$L"*0 d4===D =  ====~  "( 5:      D  54<   \   6 e    \  S  4    (((D ( (  (((\(T););); );););\);););rr)r|rmloggingrhpathlibr"defence360agent.contracts.messagesr!defence360agent.contracts.pluginsrdefence360agent.model.wordpressrr&defence360agent.model.wp_disabled_rulerdefence360agent.utils.fd_opsr defence360agent.wordpress.clir )defence360agent.wordpress.incident_parserr defence360agent.wordpress.utilsr getLoggerryrr%rfrFrHrrrrrs8$  ::::::999999AAAAAAAAAAAAAA666666666666HHHHHHHHHHHH  8 $ $$. M;M;M;M;M;M;M;M;M;M;r