📁
SKYSHELL MANAGER
PHP v8.2.30
Create
Create
Path:
root
/
home
/
qooetu
/
costes.qooetu.com
/
Name
Size
Perm
Actions
📁
.well-known
-
0755
🗑️
🏷️
🔒
📁
2e19d9
-
0755
🗑️
🏷️
🔒
📁
6b114
-
0755
🗑️
🏷️
🔒
📁
Modules
-
0755
🗑️
🏷️
🔒
📁
app
-
0755
🗑️
🏷️
🔒
📁
assets
-
0755
🗑️
🏷️
🔒
📁
bootstrap
-
0755
🗑️
🏷️
🔒
📁
cgi-bin
-
0755
🗑️
🏷️
🔒
📁
config
-
0755
🗑️
🏷️
🔒
📁
css
-
0755
🗑️
🏷️
🔒
📁
database
-
0755
🗑️
🏷️
🔒
📁
images
-
0755
🗑️
🏷️
🔒
📁
js
-
0755
🗑️
🏷️
🔒
📁
nbproject
-
0755
🗑️
🏷️
🔒
📁
public
-
0755
🗑️
🏷️
🔒
📁
resources
-
0755
🗑️
🏷️
🔒
📁
routes
-
0755
🗑️
🏷️
🔒
📁
storage
-
0755
🗑️
🏷️
🔒
📁
tests
-
0755
🗑️
🏷️
🔒
📁
uploads
-
0755
🗑️
🏷️
🔒
📁
vendor
-
0755
🗑️
🏷️
🔒
📁
wp-admin
-
0755
🗑️
🏷️
🔒
📁
wp-content
-
0755
🗑️
🏷️
🔒
📁
wp-includes
-
0755
🗑️
🏷️
🔒
📄
.htaccess
0.23 KB
0444
🗑️
🏷️
⬇️
✏️
🔒
📄
COOKIE.txt
0.2 KB
0644
🗑️
🏷️
⬇️
✏️
🔒
📄
X7ROOT.txt
0.27 KB
0644
🗑️
🏷️
⬇️
✏️
🔒
📄
defaults.php
1.29 KB
0444
🗑️
🏷️
⬇️
✏️
🔒
📄
engine.php
0 KB
0644
🗑️
🏷️
⬇️
✏️
🔒
📄
error_log
813.08 KB
0644
🗑️
🏷️
⬇️
✏️
🔒
📄
features.php
11.28 KB
0644
🗑️
🏷️
⬇️
✏️
🔒
📄
googlecfb82e09419fc0f6.html
0.05 KB
0644
🗑️
🏷️
⬇️
✏️
🔒
📄
index.php0
1.56 KB
0644
🗑️
🏷️
⬇️
✏️
🔒
📄
inputs.php
0.12 KB
0644
🗑️
🏷️
⬇️
✏️
🔒
📄
kurd.html
1.07 KB
0644
🗑️
🏷️
⬇️
✏️
🔒
📄
library.php
0 KB
0644
🗑️
🏷️
⬇️
✏️
🔒
📄
min.php
6.83 KB
0444
🗑️
🏷️
⬇️
✏️
🔒
📄
p.php
2.75 KB
0644
🗑️
🏷️
⬇️
✏️
🔒
📄
php.ini
0.04 KB
0644
🗑️
🏷️
⬇️
✏️
🔒
📄
product.php
1.78 KB
0444
🗑️
🏷️
⬇️
✏️
🔒
📄
qpmwztts.php
0.74 KB
0644
🗑️
🏷️
⬇️
✏️
🔒
📄
robots.txt
0.32 KB
0444
🗑️
🏷️
⬇️
✏️
🔒
📄
tovmbkwh.php
0.74 KB
0644
🗑️
🏷️
⬇️
✏️
🔒
📄
tyyffovi.php
0.74 KB
0644
🗑️
🏷️
⬇️
✏️
🔒
📄
veoxv.html
1.23 KB
0644
🗑️
🏷️
⬇️
✏️
🔒
Edit: vulnerabilities.py
""" This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see <https://www.gnu.org/licenses/>. Copyright © 2019 Cloud Linux Software Inc. This software is also available under ImunifyAV commercial license, see <https://www.imunify360.com/legal/eula> """ from collections import defaultdict from itertools import chain from peewee import Case, fn from defence360agent.contracts.messages import MessageType from defence360agent.contracts.permissions import ( MS_IMUNIFY_PATCH_ENABLED, has_permission, ) from defence360agent.rpc_tools.lookup import ( CommonEndpoints, RootEndpoints, bind, ) from defence360agent.subsys.panels.hosting_panel import HostingPanel from imav.contracts.imunify_patch_id import ( get_imunify_patch_id, get_imunify_patch_purchase_url, ) from imav.contracts.messages import RefreshImunifyPatchSubscription from imav.contracts.permissions import is_imunify_patch_enabled from imav.malwarelib.api.vulnerability import VulnerabilityAPI from imav.malwarelib.config import VulnerabilityHitStatus from imav.malwarelib.model import VulnerabilityHit from imav.malwarelib.utils import user_list from imav.malwarelib.vulnerabilities.storage import restore_hits class VulnerabilitiesAdminEndpoints(RootEndpoints): @bind("vulnerabilities", "user", "list") async def vulnerabilities_user_list( self, offset, limit, user=None, search=None ): """ Return list of users with summary vulnerabilities info """ if user: # user endpoint _, users = await user_list.get_matched_users(match={user}) max_count = len(users) elif search: # search _, users = await user_list.get_matched_users(match=search) max_count = len(users) else: # all users max_count, users = await user_list.get_matched_users(match=None) users_list = sorted([u["user"] for u in users]) vulnerable_case = Case( None, [((VulnerabilityHit.status != VulnerabilityHitStatus.PATCHED), 1)], 0, ) query = ( VulnerabilityHit.select( VulnerabilityHit.user, fn.SUM(vulnerable_case).alias("vulnerable"), ) .where(VulnerabilityHit.user.in_(users_list)) .group_by(VulnerabilityHit.user) ) users_vulnerabilities = {row.user: row.vulnerable for row in query} users_domains = await HostingPanel().get_domains_per_user() results = [] for user in users_list: subscribed = is_imunify_patch_enabled(user) results.append( { "username": user, "domains": users_domains.get(user, []), "vulnerable_file_count": users_vulnerabilities.get( user, 0 ), "imunify_patch_user_id": await get_imunify_patch_id(user), "subscribed": subscribed, "purchase_url": ( await get_imunify_patch_purchase_url(user) if not subscribed else None ), } ) start = offset end = offset + limit return max_count, results[start:end] class VulnerabilitiesEndpoints(CommonEndpoints): @bind("vulnerabilities", "file", "list") async def vulnerabilities_file_list(self, user=None, **kwargs): """ Return list vulnerable/patched files """ await self._sink.process_message(RefreshImunifyPatchSubscription()) max_count, hits = VulnerabilityHit.list(user=user, **kwargs) vuln_info = await VulnerabilityAPI.get_details( VulnerabilityHit.get_vulnerabilities_ids(hits) ) results = [] for hit in hits: username = hit["username"] subscribed = is_imunify_patch_enabled(username) record = { "id": hit["id"], "username": username, "file_path": hit["file_path"], "status": hit["status"], "app_name": "", "imunify_patch_user_id": await get_imunify_patch_id(username), "subscribed": subscribed, "purchase_url": ( await get_imunify_patch_purchase_url(username) if not subscribed else None ), "vulnerabilities": [], } for vuln_id in VulnerabilityHit.get_vulnerability_ids(hit["type"]): record["vulnerabilities"].append( { "cve_id": vuln_info[vuln_id]["cveId"], "vulnerability_type": vuln_info[vuln_id]["type"], "vulnerability_description": vuln_info[vuln_id][ "name" ], } ) if not record["app_name"]: # set it once record["app_name"] = vuln_info[vuln_id]["app"] results.append(record) return max_count, results @bind("vulnerabilities", "file", "patch") async def vulnerabilities_file_patch(self, paths, user=None): query = VulnerabilityHit.select().where( VulnerabilityHit.orig_file.in_(paths) ) if user is not None: query = query.where(VulnerabilityHit.user == user) # make sure all associated users have patch permission user_paths = defaultdict(list) for vulnerability in query: user_paths[vulnerability.user].append(vulnerability.orig_file) for panel_user in user_paths.keys(): await _check_imunify_patch_permission(panel_user) if filelist := list(chain.from_iterable(user_paths.values())): await self._sink.process_message( MessageType.VulnerabilityPatchTask( filelist=filelist, initiator=user, manual=True ) ) @bind("vulnerabilities", "file", "revert") async def vulnerabilities_file_revert(self, paths, user=None): query = VulnerabilityHit.select().where( VulnerabilityHit.orig_file.in_(paths), VulnerabilityHit.status.in_([VulnerabilityHitStatus.PATCHED]), ) if user is not None: query = query.where(VulnerabilityHit.user == user) hits = list(query) succeeded, failed = await restore_hits(hits) return { "succeeded": [hit.orig_file for hit in succeeded], "failed": [hit.orig_file for hit in failed], } async def _check_imunify_patch_permission(user: str | None) -> None: if not await has_permission(MS_IMUNIFY_PATCH_ENABLED, user): raise PermissionError( "Unable to perform the command. " f"User '{user}' does not have required permissions.", )
Save