File indexing completed on 2024-12-15 03:45:00 

0001 /*
0002     SPDX-FileCopyrightText: 2017 Volker Krause <vkrause@kde.org>
0003 
0004     SPDX-License-Identifier: MIT
0005 */
0006 
0007 #include <kuserfeedback_version.h>
0008 
0009 #include "securityscanjob.h"
0010 
0011 #include <rest/restclient.h>
0012 
0013 #include <QDebug>
0014 #include <QNetworkAccessManager>
0015 #include <QNetworkReply>
0016 #include <QNetworkRequest>
0017 
0018 using namespace KUserFeedback::Console;
0019 
0020 SecurityScanJob::SecurityScanJob(RESTClient* restClient, QObject* parent)
0021     : Job(parent)
0022     , m_restClient(restClient)
0023     , m_pendingPaths({
0024         QString(),
0025         QStringLiteral(".htaccess"),
0026         QStringLiteral("admin"),
0027         QStringLiteral("admin/index.php"),
0028         QStringLiteral("analytics"),
0029         QStringLiteral("analytics/index.php"),
0030         QStringLiteral("analytics/products"),
0031         QStringLiteral("config"),
0032         QStringLiteral("config/localconfig.php"),
0033         QStringLiteral("data"),
0034         QStringLiteral("receiver"),
0035         QStringLiteral("receiver/index.php"),
0036         QStringLiteral("shared"),
0037         QStringLiteral("shared/config.php"),
0038         QStringLiteral("shared/schema.json")
0039     })
0040 {
0041     Q_ASSERT(m_restClient);
0042     Q_ASSERT(m_restClient->isConnected());
0043 
0044     processPending();
0045 }
0046 
0047 SecurityScanJob::~SecurityScanJob()
0048 {
0049 }
0050 
0051 void SecurityScanJob::processPending()
0052 {
0053     if (m_pendingPaths.isEmpty()) {
0054         Q_EMIT info(tr("No issues found."));
0055         emitFinished();
0056         return;
0057     }
0058 
0059     const auto command = m_pendingPaths.takeFirst();
0060 
0061     auto url = m_restClient->serverInfo().url();
0062     auto path = url.path();
0063     if (!path.endsWith(QLatin1Char('/')))
0064         path += QLatin1Char('/');
0065     path += command;
0066     url.setPath(path);
0067     QNetworkRequest request(url);
0068     request.setHeader(QNetworkRequest::UserAgentHeader, QString(QStringLiteral("UserFeedbackConsole/") + QStringLiteral(KUSERFEEDBACK_VERSION_STRING)));
0069 #if QT_VERSION < QT_VERSION_CHECK(6, 0, 0)
0070     request.setAttribute(QNetworkRequest::FollowRedirectsAttribute, true);
0071 #endif
0072 
0073     auto reply = m_restClient->networkAccessManager()->get(request);
0074     QObject::connect(reply, &QNetworkReply::finished, [this, reply]() {
0075         const auto httpCode = reply->attribute(QNetworkRequest::HttpStatusCodeAttribute).toInt();
0076         if (reply->error() == QNetworkReply::NoError && httpCode < 400) {
0077             qWarning() << reply->error() << reply->attribute(QNetworkRequest::HttpStatusCodeAttribute);
0078             emitError(tr("Access to %1 is not protected!").arg(reply->request().url().toString()));
0079             return;
0080         }
0081         Q_EMIT info(tr("Access to %1 is protected (%2).").arg(reply->request().url().toString()).arg(httpCode));
0082         processPending();
0083     });
0084 }
0085 
0086 #include "moc_securityscanjob.cpp"