shell bypass 403
UnknownSec Shell
:
/
proc
/
self
/
root
/
opt
/
cloudlinux
/
venv
/
lib
/
python3.11
/
site-packages
/
clcommon
/ [
drwxr-xr-x
]
upload
mass deface
mass delete
console
info server
name :
clwpos_lib.py
# -*- coding: utf-8 -*- # Copyright © Cloud Linux GmbH & Cloud Linux Software, Inc 2010-2018 All Rights Reserved # # Licensed under CLOUD LINUX LICENSE AGREEMENT # http://cloudlinux.com/docs/LICENSE.TXT # import json import re import os import subprocess import logging from pathlib import Path from typing import Union, Iterable, Optional, Tuple, List from enum import Enum from clcommon.clpwd import ClPwd from clcommon.utils import get_rhn_systemid_value VENDOR_UI_CONFIG_PATH = '/opt/cpvendor/config/cl-manager-ui-settings.json' class PluginType(Enum): """ Plugin types that are currently detected """ OBJECT_CACHE = 'object-cache' ADVANCED_CACHE = 'advanced-cache' class WpPlugins(Enum): """ Static WP plugin names, that are not detected dynamically from drop-in files, dir names, etc """ UNKNOWN = 'Unknown' WP_ROCKET = 'WP Rocket' ACCELERATE_WP = 'AccelerateWP' def clean_comment(line: str, is_multiline_comment: bool) -> Tuple[str, bool]: """ Yep, this bicycle is needed to handle different comment types in .php file https://www.php.net/manual/en/language.basic-syntax.comments.php and ensure that needed line is not under comment """ if is_multiline_comment: if '*/' not in line: return '', True else: pos = line.find('*/') part1, _ = clean_comment(line[:pos], True) part2, is_multiline_comment = clean_comment(line[pos + 2:], False) return part1 + part2, is_multiline_comment if '//' in line: pos = line.find('//') return line[:pos], False if '#' in line: pos = line.find('#') return line[:pos], False if '/*' in line: pos = line.find('/*') part1, _ = clean_comment(line[:pos], False) part2, is_multiline_comment = clean_comment(line[pos + 2:], True) return part1 + part2, is_multiline_comment return line, False def _is_real_file(file: str) -> bool: realpath_file = os.path.realpath(file) return os.path.isfile(realpath_file) def _check_wp_config_php(abs_path: Union[str, Path]) -> bool: """ WordPress looks for wp-config.php file in the (1) WordPress root and (2) one directory above the root. Check that there is no wp-settings.php file in the second case. This check helps when there is a nested installation, e.g / is WordPress and /wp_path/ is WordPress. """ try: wp_config_php = os.path.join(abs_path, 'wp-config.php') if os.path.exists(wp_config_php) and _is_real_file(wp_config_php): return True except OSError: pass abs_path_level_up = os.path.join(abs_path, os.pardir) wp_config_php_level_up = os.path.join(abs_path_level_up, 'wp-config.php') wp_settings_php = os.path.join(abs_path_level_up, 'wp-settings.php') wp_settings_php_exists = os.path.exists(wp_settings_php) and _is_real_file(wp_settings_php) return os.path.exists(wp_config_php_level_up) and \ not wp_settings_php_exists and \ _is_real_file(wp_config_php_level_up) def _is_real_dir(dir: str) -> bool: realpath_dir = os.path.realpath(dir) return os.path.isdir(realpath_dir) def _check_wp_includes(abs_path: Union[str, Path]) -> bool: """ Check wp-includes exists and is dir. """ wp_includes = os.path.join(abs_path, 'wp-includes') return 'wp-includes' in os.listdir(abs_path) and _is_real_dir(wp_includes) def is_wp_path(abs_path: Union[str, Path]) -> bool: """ Checks whether passed directory is a wordpress directory by checking presence of wp-includes folder and wp-config.php file. """ try: if not os.path.exists(abs_path): return False # skip paths that can't be read (wrong permissions etc) except OSError: return False try: return _check_wp_config_php(abs_path) and _check_wp_includes(abs_path) except OSError: pass return False def find_wp_paths(doc_root: str, excludes: Optional[List[str]] = None) -> Iterable[str]: """ Returns folder with wordpress Empty string is wp is in docroot dir :param doc_root: root path to start search from :param excludes: list of paths that must be excluded from search, e.g. subdomains """ if not os.path.exists(doc_root): return if is_wp_path(doc_root): yield '' for path in Path(doc_root).iterdir(): if not path.is_dir(): continue if excludes and str(path) in excludes: continue if is_wp_path(path): yield path.name def _is_php_define_var_found(var, path): """ Looks for defined php variable with true value """ r = re.compile(fr'^\s*define\s*\(\s*((\'{var}\')|(\"{var}\"))\s*,\s*true\s*\)\s*;') # let`s find needed setting by reading line by line with open(path, encoding='utf-8', errors='ignore') as f: is_multiline_comment = False while True: line = f.readline() if not line: break cleaned_line, is_multiline_comment = clean_comment(line, is_multiline_comment) if r.match(cleaned_line): return True return False def is_advanced_cache_enabled(wordpress_path: Path): """ Detects whether plugin is really enabled, cause not all plugins are enabled 'on load' # https://kevdees.com/what-are-wordpress-drop-in-plugins/ """ wp_config = wordpress_path.joinpath('wp-config.php') # really strange when main wordpress config is absent if not os.path.exists(wp_config): return False return _is_php_define_var_found('WP_CACHE', wp_config) def wp_rocket_plugin(drop_in_path): """ They are advising to check whether WP_ROCKET_ADVANCED_CACHE is defined to ensure plugin is working https://docs.wp-rocket.me/article/134-advanced-cache-error-message """ if accelerate_wp_plugin(drop_in_path) is None and \ _is_php_define_var_found('WP_ROCKET_ADVANCED_CACHE', drop_in_path): return WpPlugins.WP_ROCKET.value return None def accelerate_wp_plugin(drop_in_path): """ Checking if the plugin folder name exists in the drop-in """ with open(drop_in_path, encoding='utf-8', errors='ignore') as f: if '/clsop' in f.read(): return WpPlugins.ACCELERATE_WP.value return None def get_wp_cache_plugin(wordpress_path: Path, plugin_type: str): """ Looking for object-cache.php or advanced-cache.php in wordpress folder If found - tries to find 'plugin-owner' of <-cache>.php by content comparison If cannot be found -> tries to read <-cache>.php headers looking for Plugin name: <Plugin> """ wp_content_dir = wordpress_path.joinpath("wp-content") activated_cache = wp_content_dir.joinpath(f'{plugin_type}.php') if not os.path.exists(activated_cache): return None if plugin_type == PluginType.ADVANCED_CACHE.value and not is_advanced_cache_enabled(wordpress_path): return None plugins_dir = wp_content_dir.joinpath("plugins") plugin_name = get_wp_cache_plugin_by_scanning_dirs(activated_cache, plugins_dir) \ or get_wp_cache_plugin_by_header(activated_cache) \ or accelerate_wp_plugin(activated_cache) \ or wp_rocket_plugin(activated_cache) \ or WpPlugins.UNKNOWN.value return plugin_name def get_wp_cache_plugin_by_scanning_dirs(activated_plugin: Path, plugins_dir: Path) -> Optional[str]: """ Scanning plugins/* dir and looking for similar <object/advanced_cache>.php """ if not activated_plugin.is_file(): return None if not plugins_dir.is_dir(): return None activated_plugin_bytes = activated_plugin.read_bytes() for plugin in plugins_dir.iterdir(): for root, dirs, files in os.walk(plugin): if activated_plugin.name in files: plugin_object_cache_path = Path(root) / activated_plugin.name if plugin_object_cache_path.read_bytes() == activated_plugin_bytes: return plugin.name return None def get_wp_cache_plugin_by_header(activated_plugin: Path) -> Optional[str]: """ Looking for Plugin name: <Some name> in <object/advanced.php> headers """ if not os.path.exists(activated_plugin): return None # must be enough to loop through headers max_top_lines_count = 30 r = re.compile(r'^.*plugin name:\s*(?P<plugin_name>[\w ]+)\s*$', re.IGNORECASE) with open(activated_plugin, encoding='utf-8', errors='ignore') as f: for _ in range(max_top_lines_count): line = f.readline() match = r.search(line) if match is not None: return match.group('plugin_name') return None def get_wp_paths_with_enabled_module(user, user_wp_paths, plugin='object_cache'): """ Filter user`s wp paths with paths with enabled module """ paths_with_enabled_module = [] try: home = ClPwd().get_homedir(user) except ClPwd.NoSuchUserException: return [] config = os.path.join(home, '.clwpos', 'clwpos_config.json') if not os.path.exists(config): return [] try: with open(config, encoding='utf-8', errors='ignore') as f: conf = f.read() data = json.loads(conf) except Exception: return [] modules_data = data.get('docroots', {}).get('public_html', {}) for wp_path in user_wp_paths: if wp_path in modules_data and plugin in modules_data[wp_path]: paths_with_enabled_module.append(wp_path) return paths_with_enabled_module def install_accelerate_wp(): packages = [] if not os.path.exists('/usr/bin/cloudlinux-awp-admin'): packages.append('accelerate-wp') if not os.path.exists('/usr/sbin/cloudlinux-ssa-manager'): packages.append('alt-php-ssa') if not os.path.exists('/usr/sbin/cloudlinux-xray-agent'): packages.append('alt-php-xray') if packages: install_command = ["yum", "install", "-y"] + packages proc = subprocess.run(install_command, capture_output=True, text=True, check=False) logging.debug('Installing AccelerateWP packages captured out: %s, err: %s', proc.stdout, proc.stderr) if not os.path.exists('/usr/share/clos_ssa/ssa_enabled'): proc = subprocess.run(['/usr/sbin/cloudlinux-ssa-manager', 'enable-ssa'], capture_output=True, text=True, check=False) logging.debug('Activation SSA captured out: %s, err: %s', proc.stdout, proc.stderr) proc = subprocess.run( ['/usr/sbin/cloudlinux-autotracing', 'enable', '--all'], capture_output=True, text=True, check=False, ) logging.debug('Activation autotracing captured out: %s, err: %s', proc.stdout, proc.stderr) system_id = get_rhn_systemid_value('system_id') if system_id: proc = subprocess.run( ['/usr/sbin/cloudlinux-xray-manager', 'enable-user-agent', '--system_id', system_id.replace('ID-', '')], capture_output=True, text=True, check=False, ) logging.debug('Activation xray manager captured out: %s, err: %s', proc.stdout, proc.stderr) def configure_accelerate_wp(async_set_suite: bool = False, source: str = None): """ 1. Installs needed packages 2. Enables autotracing 3. Allows AccelerateWP Free for all """ install_accelerate_wp() if os.path.exists('/var/clwpos/admin/allowed_for_all_site_optimization.flag'): return if os.path.exists(VENDOR_UI_CONFIG_PATH): with open(VENDOR_UI_CONFIG_PATH, 'r', encoding='utf-8') as f: vendor_config_content = json.load(f) if vendor_config_content.get('features_override', {}).get('accelerate_wp') is False: logging.debug('Activation AccelerateWP Free skipped: Vendor UI skip the enabling of Accelerate WP Free') return command = ['/usr/bin/cloudlinux-awp-admin', 'set-suite', '--allowed-for-all', '--suites', 'accelerate_wp'] if source == 'BILLING_OVERRIDE': command.extend(['--source', 'BILLING_OVERRIDE']) # For WHMCS command if async_set_suite: subprocess.Popen( # pylint: disable=consider-using-with command, stdout=subprocess.PIPE, stderr=subprocess.PIPE, ) else: proc = subprocess.run(command, check=True, capture_output=True, text=True) logging.debug('Activation AccelerateWP Free captured out: %s, err: %s', proc.stdout, proc.stderr) def configure_accelerate_wp_premium(source: str = None): install_accelerate_wp() # just in case server already allowed for all if os.path.exists('/var/clwpos/admin/allowed_for_all_object_cache.flag'): return command = ['/usr/bin/cloudlinux-awp-admin', 'set-suite', '--visible-for-all', '--suites', 'accelerate_wp_premium'] # If this is a request from WHMCS, we must pass --source to correctly save the suite status # and not overwrite the settings of users if source == 'BILLING_OVERRIDE': command.extend(['--source', 'BILLING_OVERRIDE', '--preserve-user-settings']) # set AccelerateWP visible for all users proc = subprocess.run(command, check=True, capture_output=True, text=True) logging.debug('Activation AccelerateWP Premium captured out: %s, err: %s', proc.stdout, proc.stderr) def configure_accelerate_wp_cdn(source: str = None): install_accelerate_wp() # just in case server already allowed for all if os.path.exists('/var/clwpos/admin/allowed_for_all_cdn.flag'): return # set AccelerateWP visible for all users command_cdn = ['/usr/bin/cloudlinux-awp-admin', 'set-suite', '--allowed-for-all', '--suites', 'accelerate_wp_cdn'] # If this is a request from WHMCS, we must pass --source to correctly save the suite status if source == 'BILLING_OVERRIDE': command_cdn.extend(['--source', 'BILLING_OVERRIDE']) proc = subprocess.run(command_cdn, check=True, capture_output=True, text=True) logging.debug('Activation AccelerateWP CDN captured out: %s, err: %s', proc.stdout, proc.stderr) # set AccelerateWP CDN PRO visible for all users command_cdn_pro = ['/usr/bin/cloudlinux-awp-admin', 'set-suite', '--visible-for-all', '--suites', 'accelerate_wp_cdn_pro'] # If this is a request from WHMCS, we must pass --source to correctly save the suite status # and not overwrite the settings of users if source == 'BILLING_OVERRIDE': command_cdn_pro.extend(['--source', 'BILLING_OVERRIDE', '--preserve-user-settings']) proc = subprocess.run(command_cdn_pro, check=True, capture_output=True, text=True) logging.debug('Activation AccelerateWP CDN PRO captured out: %s, err: %s', proc.stdout, proc.stderr) def configure_upgrade_url(upgrade_url): if not upgrade_url: return options_json = subprocess.run(['/usr/bin/cloudlinux-awp-admin', 'get-options'], check=True, capture_output=True, text=True).stdout options = json.loads(options_json) # nothing to do, upgrade url already set to same value if upgrade_url == options.get('upgrade_url'): return proc = subprocess.run(['/usr/bin/cloudlinux-awp-admin', 'set-options', '--upgrade-url', upgrade_url, '--suite', 'accelerate_wp_premium'], check=True, capture_output=True, text=True) logging.debug('Setting AccelerateWP Premium upgrade url captured out: %s, err: %s', proc.stdout, proc.stderr)
© 2025 UnknownSec