Skip to content

Commit

Permalink
NEW Filechecker can include custom dir and report added files.
Browse files Browse the repository at this point in the history
  • Loading branch information
@eldy
eldy committed Feb 6, 2017
1 parent a673afe commit 9220a63
Show file tree
Hide file tree
Showing 4 changed files with 173 additions and 67 deletions.
43 changes: 32 additions & 11 deletions build/generate_filelist_xml.php
View file
Expand Up @@ -42,35 +42,55 @@

if (empty($argv[1]))
{
print "Usage: ".$script_file." release=x.y.z\n";
print "Usage: ".$script_file." release=x.y.z[-...] [includecustom=1]\n";
exit -1;
}
parse_str($argv[1]);
if (! empty($argv[2])) parse_str($argv[2]);

if ($release != DOL_VERSION)
if (empty($includecustom))
{
print 'Error: release is not version declared into filefunc.in.php.'."\n";
exit -1;
$includecustom=0;

if (DOL_VERSION != $release)
{
print 'Error: When parameter "includecustom" is not set, version declared into filefunc.in.php ('.DOL_VERSION.') must be exact same value than "release" parmater.'."\n";
print "Usage: ".$script_file." release=x.y.z[-...] [includecustom=1]\n";
exit -1;
}
}
else
{
if (! preg_match('/'.preg_quote(DOL_VERSION,'/').'-/',$release))
{
print 'Error: When parameter "includecustom" is not set, version declared into ('.DOL_VERSION.') must be used with a suffix into "release" parmater (ex: '.DOL_VERSION.'-mydistrib).'."\n";
print "Usage: ".$script_file." release=x.y.z[-...] [includecustom=1]\n";
exit -1;
}
}

print "Version: ".$release."\n";
print "Include custom: ".$includecustom."\n";

//$outputfile=dirname(__FILE__).'/../htdocs/install/filelist-'.$release.'.xml';
$outputdir=dirname(__FILE__).'/../htdocs/install';
print 'Delete current files '.$outputdir.'/filelist*.xml'."\n";
dol_delete_file($outputdir.'/filelist*.xml',0,1,1);
print 'Delete current files '.$outputdir.'/filelist-'.$release.'.xml'."\n";
dol_delete_file($outputdir.'/filelist-'.$release.'.xml',0,1,1);

$outputfile=$outputdir.'/filelist-'.$release.'.xml';
$fp = fopen($outputfile,'w');
fputs($fp, '<?xml version="1.0" encoding="UTF-8" ?>'."\n");
fputs($fp, '<checksum_list version="'.$release.'">'."\n");

fputs($fp, '<dolibarr_htdocs_dir>'."\n");
fputs($fp, '<dolibarr_htdocs_dir includecustom="'.$includecustom.'">'."\n");

$checksumconcat=array();

// TODO Replace RecursiveDirectoryIterator with dol_dir_list
$dir_iterator1 = new RecursiveDirectoryIterator(dirname(__FILE__).'/../htdocs/');
$iterator1 = new RecursiveIteratorIterator($dir_iterator1);
// need to ignore document custom etc
$files = new RegexIterator($iterator1, '#^(?:[A-Z]:)?(?:/(?!(?:custom|documents|conf|install|nltechno))[^/]+)+/[^/]+\.(?:php|css|html|js|json|tpl|jpg|png|gif|sql|lang)$#i');
// Need to ignore document custom etc. Note: this also ignore natively symbolic links.
$files = new RegexIterator($iterator1, '#^(?:[A-Z]:)?(?:/(?!(?:'.($includecustom?'':'custom\/|').'documents\/|conf\/|install\/))[^/]+)+/[^/]+\.(?:php|css|html|js|json|tpl|jpg|png|gif|sql|lang)$#i');
$dir='';
$needtoclose=0;
foreach ($files as $file) {
Expand Down Expand Up @@ -102,10 +122,11 @@

fputs($fp, '<dolibarr_script_dir version="'.$release.'">'."\n");

// TODO Replace RecursiveDirectoryIterator with dol_dir_list
$dir_iterator2 = new RecursiveDirectoryIterator(dirname(__FILE__).'/../scripts/');
$iterator2 = new RecursiveIteratorIterator($dir_iterator2);
// need to ignore document custom etc
$files = new RegexIterator($iterator2, '#^(?:[A-Z]:)?(?:/(?!(?:custom|documents|conf|install|nltechno))[^/]+)+/[^/]+\.(?:php|css|html|js|json|tpl|jpg|png|gif|sql|lang)$#i');
// Need to ignore document custom etc. Note: this also ignore natively symbolic links.
$files = new RegexIterator($iterator2, '#^(?:[A-Z]:)?(?:/(?!(?:custom|documents|conf|install))[^/]+)+/[^/]+\.(?:php|css|html|js|json|tpl|jpg|png|gif|sql|lang)$#i');
$dir='';
$needtoclose=0;
foreach ($files as $file) {
Expand Down
184 changes: 133 additions & 51 deletions htdocs/admin/system/filecheck.php
View file
Expand Up @@ -90,19 +90,22 @@
print '<!-- for a local check target=local&xmlshortfile=... -->'."\n";
if (dol_is_file($xmlfile))
{
print '<input type="radio" name="target" value="local"'.((! GETPOST('target') || GETPOST('target') == 'local') ? 'checked="checked"':'').'"> '.$langs->trans("LocalSignature").' = '.$xmlshortfile.'<br>';
print '<input type="radio" name="target" value="local"'.((! GETPOST('target') || GETPOST('target') == 'local') ? 'checked="checked"':'').'"> '.$langs->trans("LocalSignature").' = ';
print '<input name="xmlshortfile" class="flat minwidth200" value="'.dol_escape_htmltag($xmlshortfile).'">';
print '<br>';
}
else
{
print '<input type="radio" name="target" value="local"> '.$langs->trans("LocalSignature").' = '.$xmlshortfile;
if (! GETPOST('xmlshortfile')) print ' <span class="warning">('.$langs->trans("AvailableOnlyOnPackagedVersions").')</span>';
print '<input type="radio" name="target" value="local"> '.$langs->trans("LocalSignature").' = ';
print '<input name="xmlshortfile" class="flat minwidth200" value="'.dol_escape_htmltag($xmlshortfile).'">';
print ' <span class="warning">('.$langs->trans("AvailableOnlyOnPackagedVersions").')</span>';
print '<br>';
}
print '<!-- for a remote target=remote&xmlremote=... -->'."\n";
if ($enableremotecheck)
{
print '<input type="radio" name="target" value="remote"'.(GETPOST('target') == 'remote' ? 'checked="checked"':'').'> '.$langs->trans("RemoteSignature").' = ';
print '<input name="xmlremote" class="flat quatrevingtpercent" value="'.$xmlremote.'"><br>';
print '<input name="xmlremote" class="flat quatrevingtpercent" value="'.dol_escape_htmltag($xmlremote).'"><br>';
}
else
{
Expand Down Expand Up @@ -150,21 +153,41 @@
if ($xml)
{
$checksumconcat = array();

$file_list = array();
$out = '';

// Scan htdocs
if (is_object($xml->dolibarr_htdocs_dir[0]))
{
$file_list = array();
$ret = getFilesUpdated($file_list, $xml->dolibarr_htdocs_dir[0], '', DOL_DOCUMENT_ROOT, $checksumconcat); // Fill array $file_list

print_fiche_titre($langs->trans("FilesMissing"));
//var_dump($xml->dolibarr_htdocs_dir[0]['includecustom']);exit;
$includecustom=(empty($xml->dolibarr_htdocs_dir[0]['includecustom'])?0:$xml->dolibarr_htdocs_dir[0]['includecustom']);

// Defined qualified files (must be same than into generate_filelist_xml.php)
$regextoinclude='\.(php|css|html|js|json|tpl|jpg|png|gif|sql|lang)$';
$regextoexclude='('.($includecustom?'':'custom|').'documents|conf|install)$'; // Exclude dirs
$scanfiles = dol_dir_list(DOL_DOCUMENT_ROOT, 'files', 1, $regextoinclude, $regextoexclude);

// Fill file_list with files in signature, new files, modified files
$ret = getFilesUpdated($file_list, $xml->dolibarr_htdocs_dir[0], '', DOL_DOCUMENT_ROOT, $checksumconcat, $scanfiles); // Fill array $file_list
// Complete with list of new files
foreach ($scanfiles as $keyfile => $valfile)
{
$tmprelativefilename=preg_replace('/^'.preg_quote(DOL_DOCUMENT_ROOT,'/').'/','', $valfile['fullname']);
if (! in_array($tmprelativefilename, $file_list['insignature']))
{
$md5newfile=@md5_file($valfile['fullname']); // Can fails if we don't have permission to open/read file
$file_list['added'][]=array('filename'=>$tmprelativefilename, 'md5'=>$md5newfile);
}
}

print '<table class="noborder">';
print '<tr class="liste_titre">';
print '<td>#</td>';
print '<td>' . $langs->trans("Filename") . '</td>';
print '<td align="center">' . $langs->trans("ExpectedChecksum") . '</td>';
print '</tr>'."\n";
$out.=load_fiche_titre($langs->trans("FilesMissing"));

$out.='<table class="noborder">';
$out.='<tr class="liste_titre">';
$out.='<td>#</td>';
$out.='<td>' . $langs->trans("Filename") . '</td>';
$out.='<td align="center">' . $langs->trans("ExpectedChecksum") . '</td>';
$out.='</tr>'."\n";
$var = true;
$tmpfilelist = dol_sort_array($file_list['missing'], 'filename');
if (is_array($tmpfilelist) && count($tmpfilelist))
Expand All @@ -174,32 +197,32 @@
{
$i++;
$var = !$var;
print '<tr ' . $bc[$var] . '>';
print '<td>'.$i.'</td>' . "\n";
print '<td>'.$file['filename'].'</td>' . "\n";
print '<td align="center">'.$file['expectedmd5'].'</td>' . "\n";
print "</tr>\n";
$out.='<tr ' . $bc[$var] . '>';
$out.='<td>'.$i.'</td>' . "\n";
$out.='<td>'.$file['filename'].'</td>' . "\n";
$out.='<td align="center">'.$file['expectedmd5'].'</td>' . "\n";
$out.="</tr>\n";
}
}
else
{
print '<tr ' . $bc[false] . '><td colspan="3" class="opacitymedium">'.$langs->trans("None").'</td></tr>';
$out.='<tr ' . $bc[false] . '><td colspan="3" class="opacitymedium">'.$langs->trans("None").'</td></tr>';
}
print '</table>';
$out.='</table>';

print '<br>';
$out.='<br>';

print_fiche_titre($langs->trans("FilesUpdated"));
$out.=load_fiche_titre($langs->trans("FilesModified"));

print '<table class="noborder">';
print '<tr class="liste_titre">';
print '<td>#</td>';
print '<td>' . $langs->trans("Filename") . '</td>';
print '<td align="center">' . $langs->trans("ExpectedChecksum") . '</td>';
print '<td align="center">' . $langs->trans("CurrentChecksum") . '</td>';
print '<td align="right">' . $langs->trans("Size") . '</td>';
print '<td align="right">' . $langs->trans("DateModification") . '</td>';
print '</tr>'."\n";
$out.='<table class="noborder">';
$out.='<tr class="liste_titre">';
$out.='<td>#</td>';
$out.='<td>' . $langs->trans("Filename") . '</td>';
$out.='<td align="center">' . $langs->trans("ExpectedChecksum") . '</td>';
$out.='<td align="center">' . $langs->trans("CurrentChecksum") . '</td>';
$out.='<td align="right">' . $langs->trans("Size") . '</td>';
$out.='<td align="right">' . $langs->trans("DateModification") . '</td>';
$out.='</tr>'."\n";
$var = true;
$tmpfilelist2 = dol_sort_array($file_list['updated'], 'filename');
if (is_array($tmpfilelist2) && count($tmpfilelist2))
Expand All @@ -209,30 +232,70 @@
{
$i++;
$var = !$var;
print '<tr ' . $bc[$var] . '>';
print '<td>'.$i.'</td>' . "\n";
print '<td>'.$file['filename'].'</td>' . "\n";
print '<td align="center">'.$file['expectedmd5'].'</td>' . "\n";
print '<td align="center">'.$file['md5'].'</td>' . "\n";
print '<td align="right">'.dol_print_size(dol_filesize(DOL_DOCUMENT_ROOT.'/'.$file['filename'])).'</td>' . "\n";
print '<td align="right">'.dol_print_date(dol_filemtime(DOL_DOCUMENT_ROOT.'/'.$file['filename']),'dayhour').'</td>' . "\n";
print "</tr>\n";
$out.='<tr ' . $bc[$var] . '>';
$out.='<td>'.$i.'</td>' . "\n";
$out.='<td>'.$file['filename'].'</td>' . "\n";
$out.='<td align="center">'.$file['expectedmd5'].'</td>' . "\n";
$out.='<td align="center">'.$file['md5'].'</td>' . "\n";
$out.='<td align="right">'.dol_print_size(dol_filesize(DOL_DOCUMENT_ROOT.'/'.$file['filename'])).'</td>' . "\n";
$out.='<td align="right">'.dol_print_date(dol_filemtime(DOL_DOCUMENT_ROOT.'/'.$file['filename']),'dayhour').'</td>' . "\n";
$out.="</tr>\n";
}
}
else
{
print '<tr ' . $bc[false] . '><td colspan="5" class="opacitymedium">'.$langs->trans("None").'</td></tr>';
$out.='<tr ' . $bc[false] . '><td colspan="5" class="opacitymedium">'.$langs->trans("None").'</td></tr>';
}
print '</table>';
$out.='</table>';

$out.='<br>';

if (empty($tmpfilelist) && empty($tmpfilelist2))
$out.=load_fiche_titre($langs->trans("FilesAdded"));

$out.='<table class="noborder">';
$out.='<tr class="liste_titre">';
$out.='<td>#</td>';
$out.='<td>' . $langs->trans("Filename") . '</td>';
$out.='<td align="center">' . $langs->trans("ExpectedChecksum") . '</td>';
$out.='<td align="center">' . $langs->trans("CurrentChecksum") . '</td>';
$out.='<td align="right">' . $langs->trans("Size") . '</td>';
$out.='<td align="right">' . $langs->trans("DateModification") . '</td>';
$out.='</tr>'."\n";
$var = true;
$tmpfilelist3 = dol_sort_array($file_list['added'], 'filename');
if (is_array($tmpfilelist3) && count($tmpfilelist3))
{
$i = 0;
foreach ($tmpfilelist3 as $file)
{
$i++;
$var = !$var;
$out.='<tr ' . $bc[$var] . '>';
$out.='<td>'.$i.'</td>' . "\n";
$out.='<td>'.$file['filename'].'</td>' . "\n";
$out.='<td align="center">'.$file['expectedmd5'].'</td>' . "\n";
$out.='<td align="center">'.$file['md5'].'</td>' . "\n";
$out.='<td align="right">'.dol_print_size(dol_filesize(DOL_DOCUMENT_ROOT.'/'.$file['filename'])).'</td>' . "\n";
$out.='<td align="right">'.dol_print_date(dol_filemtime(DOL_DOCUMENT_ROOT.'/'.$file['filename']),'dayhour').'</td>' . "\n";
$out.="</tr>\n";
}
}
else
{
$out.='<tr ' . $bc[false] . '><td colspan="5" class="opacitymedium">'.$langs->trans("None").'</td></tr>';
}
$out.='</table>';


// Show warning
if (empty($tmpfilelist) && empty($tmpfilelist2) && empty($tmpfilelist3))
{
setEventMessage($langs->trans("FileIntegrityIsStrictlyConformedWithReference"));
}
else
{
setEventMessage($langs->trans("FileIntegritySomeFilesWereRemovedOrModified"), 'warnings');
}
}
}
else
{
Expand All @@ -253,13 +316,30 @@
asort($checksumconcat); // Sort list of checksum
//var_dump($checksumconcat);
$checksumget = md5(join(',',$checksumconcat));
$checksumtoget = $xml->dolibarr_htdocs_dir_checksum;

print '<br>';
$checksumtoget = trim((string) $xml->dolibarr_htdocs_dir_checksum);

/*var_dump(count($file_list['added']));
var_dump($checksumget);
var_dump($checksumtoget);
var_dump($checksumget == $checksumtoget);*/
print_fiche_titre($langs->trans("GlobalChecksum")).'<br>';
print $langs->trans("ExpectedChecksum").' = '. ($checksumtoget ? $checksumtoget : $langs->trans("Unknown")) .'<br>';
print $langs->trans("CurrentChecksum").' = '.$checksumget;
print $langs->trans("CurrentChecksum").' = ';
if ($checksumget == $checksumtoget)
{
if (count($file_list['added'])) print $checksumget.' - <span class="warning">'.$langs->trans("FileIntegrityIsOkButFilesWereAdded").'</span>';
else print '<span class="ok">'.$checksumget.'</span>';
}
else
{
print '<span class="error">'.$checksumget.'</span>';
}

print '<br>';
print '<br>';

// Output detail
print $out;
}


Expand Down Expand Up @@ -287,10 +367,11 @@ function getFilesUpdated(&$file_list, SimpleXMLElement $dir, $path = '', $pathre
{
$exclude = 'install';

foreach ($dir->md5file as $file)
foreach ($dir->md5file as $file) // $file is a simpleXMLElement
{
$filename = $path.$file['name'];

$file_list['insignature'][] = $filename;

//if (preg_match('#'.$exclude.'#', $filename)) continue;

if (!file_exists($pathref.'/'.$filename))
Expand All @@ -309,3 +390,4 @@ function getFilesUpdated(&$file_list, SimpleXMLElement $dir, $path = '', $pathre

return $file_list;
}

8 changes: 4 additions & 4 deletions htdocs/core/lib/files.lib.php
View file
Expand Up @@ -44,8 +44,8 @@ function dol_basename($pathfile)
* @param string $path Starting path from which to search. This is a full path.
* @param string $types Can be "directories", "files", or "all"
* @param int $recursive Determines whether subdirectories are searched
* @param string $filter Regex filter to restrict list. This regex value must be escaped for '/', since this char is used for preg_match function
* @param array $excludefilter Array of Regex for exclude filter (example: array('(\.meta|_preview\.png)$','^\.'))
* @param string $filter Regex filter to restrict list. This regex value must be escaped for '/', since this char is used for preg_match function. Filter is checked into basename only.
* @param array $excludefilter Array of Regex for exclude filter (example: array('(\.meta|_preview\.png)$','^\.')). Exclude is checked into fullpath.
* @param string $sortcriteria Sort criteria ("","fullname","name","date","size")
* @param string $sortorder Sort order (SORT_ASC, SORT_DESC)
* @param int $mode 0=Return array minimum keys loaded (faster), 1=Force all keys like date and size to be loaded (slower), 2=Force load of date only, 3=Force load of size only
Expand Down Expand Up @@ -104,7 +104,7 @@ function dol_dir_list($path, $types="all", $recursive=0, $filter="", $excludefil
$filesize='';
$file_list = array();

while (false !== ($file = readdir($dir)))
while (false !== ($file = readdir($dir))) // $file is always a basename (into directory $newpath)
{
if (! utf8_check($file)) $file=utf8_encode($file); // To be sure data is stored in utf8 in memory

Expand Down Expand Up @@ -137,7 +137,7 @@ function dol_dir_list($path, $types="all", $recursive=0, $filter="", $excludefil
if ($loaddate || $sortcriteria == 'date') $filedate=dol_filemtime($path."/".$file);
if ($loadsize || $sortcriteria == 'size') $filesize=dol_filesize($path."/".$file);

if (! $filter || preg_match('/'.$filter.'/i',$file)) // We do not search key $filter into $path, only into $file
if (! $filter || preg_match('/'.$filter.'/i',$file)) // We do not search key $filter into all $path, only into $file part
{
preg_match('/([^\/]+)\/[^\/]+$/',$path.'/'.$file,$reg);
$level1name=(isset($reg[1])?$reg[1]:'');
Expand Down
5 changes: 4 additions & 1 deletion htdocs/langs/en_US/admin.lang
View file
Expand Up @@ -11,13 +11,16 @@ VersionRecommanded=Recommended
FileCheck=Files integrity checker
FileCheckDesc=This tool allows you to check the integrity of files of your application, comparing each files with the official ones. You can use this tool to detect if some files were modified by a hacker for example.
FileIntegrityIsStrictlyConformedWithReference=Files integrity is strictly conformed with the reference.
FileIntegritySomeFilesWereRemovedOrModified=Files integrity check has failed. Some files were modified of removed.
FileIntegrityIsOkButFilesWereAdded=Files integrity check has passed, however some new files were added.
FileIntegritySomeFilesWereRemovedOrModified=Files integrity check has failed. Some files were modified, removed or added.
GlobalChecksum=Global checksum
MakeIntegrityAnalysisFrom=Make integrity analysis of application files from
LocalSignature=Embedded local signature (less reliable)
RemoteSignature=Remote distant signature (more reliable)
FilesMissing=Missing Files
FilesUpdated=Updated Files
FilesModified=Modified Files
FilesAdded=Added Files
FileCheckDolibarr=Check integrity of application files
AvailableOnlyOnPackagedVersions=The local file for integrity checking is only available when application is installed from a certified package
XmlNotFound=Xml Integrity File of application not found
Expand Down

0 comments on commit 9220a63

Please sign in to comment.