├── modman
├── .travis.yml
├── app
    ├── etc
    │   └── modules
    │   │   └── Mpchadwick_MwscanUtils.xml
    └── code
    │   └── community
    │       └── Mpchadwick
    │           └── MwscanUtils
    │               ├── Model
    │                   └── Observer.php
    │               ├── controllers
    │                   └── ContentdumpController.php
    │               ├── etc
    │                   └── config.xml
    │               └── data
    │                   └── mpchadwick_mwscanutils_setup
    │                       └── data-install-0.1.0.php
├── LICENSE
└── README.md


/modman:
--------------------------------------------------------------------------------
1 | app/code/community/Mpchadwick/MwscanUtils
2 | app/etc/modules/Mpchadwick_MwscanUtils.xml
3 | 


--------------------------------------------------------------------------------
/.travis.yml:
--------------------------------------------------------------------------------
1 | language: php
2 | php:
3 |   - 5.6
4 | before_script:
5 |   - curl -OL https://squizlabs.github.io/PHP_CodeSniffer/phpcs.phar
6 |   - composer require magento-ecg/coding-standard
7 | script:
8 |   - php phpcs.phar --standard=vendor/magento-ecg/coding-standard/Ecg ./app
9 | 


--------------------------------------------------------------------------------
/app/etc/modules/Mpchadwick_MwscanUtils.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0"?>
 2 | <config>
 3 |     <modules>
 4 |         <Mpchadwick_MwscanUtils>
 5 |              <active>true</active>
 6 |              <codePool>community</codePool>
 7 |         </Mpchadwick_MwscanUtils>
 8 |     </modules>
 9 | </config>
10 | 


--------------------------------------------------------------------------------
/app/code/community/Mpchadwick/MwscanUtils/Model/Observer.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | class Mpchadwick_MwscanUtils_Model_Observer
 4 | {
 5 |     public function allowRendering()
 6 |     {
 7 |         if (!Mage::app()->getRequest()->getParam('mwscanutils_force')) {
 8 |             return;
 9 |         }
10 | 
11 |         $product = Mage::getModel('catalog/product')->loadByAttribute('sku', 'mwscanutils-test-product');
12 | 
13 |         /**
14 |          * loadByAttribute doesn't call _beforeLoad and _afterLoad which is required here
15 |          * so we now call load()
16 |          */
17 |         $product->load();
18 | 
19 |         Mage::getSingleton('checkout/cart')
20 |             ->addProduct($product, array('qty' => 1))
21 |             ->save();
22 |     }
23 | }
24 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | MIT License
 2 | 
 3 | Copyright (c) 2017 Max Chadwick
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 


--------------------------------------------------------------------------------
/app/code/community/Mpchadwick/MwscanUtils/controllers/ContentdumpController.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | class Mpchadwick_MwscanUtils_ContentdumpController extends Mage_Core_Controller_Front_Action
 4 | {
 5 |     const SEPARATOR = PHP_EOL . PHP_EOL . '----' . PHP_EOL . PHP_EOL;
 6 | 
 7 |     protected $configKeys = array(
 8 |         'design/head/includes',
 9 |         'design/footer/absolute_footer'
10 |     );
11 | 
12 |     public function indexAction()
13 |     {
14 |         $content = array_merge(
15 |             Mage::getModel('cms/page')
16 |                 ->getCollection()
17 |                 ->getColumnValues('content'),
18 |             Mage::getModel('cms/block')
19 |                 ->getCollection()
20 |                 ->getColumnValues('content'),
21 |             Mage::getModel('core/config_data')
22 |                 ->getCollection()
23 |                 ->addFieldToFilter('path', array('in' => $this->configKeys))
24 |                 ->getColumnValues('value')
25 |         );
26 | 
27 |         $container = new Varien_Object;
28 |         $container->setContent($content);
29 |         Mage::dispatchEvent(
30 |             'mpchadwick_mwscanutils_dump_content_before',
31 |             array('container' => $container)
32 |         );
33 | 
34 |         $response = $this->getResponse();
35 |         $response->setHeader('Content-Type', 'text/plain', true);
36 |         $response->appendBody(implode(self::SEPARATOR, $container->getContent()));
37 |     }
38 | }
39 | 


--------------------------------------------------------------------------------
/app/code/community/Mpchadwick/MwscanUtils/etc/config.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0"?>
 2 | <config>
 3 |     <modules>
 4 |         <Mpchadwick_MwscanUtils>
 5 |              <version>0.1.0</version>
 6 |         </Mpchadwick_MwscanUtils>
 7 |     </modules>
 8 |     <global>
 9 |         <models>
10 |             <mpchadwick_mwscanutils>
11 |                 <class>Mpchadwick_MwscanUtils_Model</class>
12 |             </mpchadwick_mwscanutils>
13 |         </models>
14 |         <resources>
15 |             <mpchadwick_mwscanutils_setup>
16 |                 <setup>
17 |                     <module>Mpchadwick_MwscanUtils</module>
18 |                 </setup>
19 |             </mpchadwick_mwscanutils_setup>
20 |         </resources>
21 |     </global>
22 |     <frontend>
23 |         <events>
24 |             <controller_action_predispatch_checkout_onepage_index>
25 |                 <observers>
26 |                     <mpchadwick_mwscanutils>
27 |                         <model>mpchadwick_mwscanutils/observer</model>
28 |                         <method>allowRendering</method>
29 |                     </mpchadwick_mwscanutils>
30 |                 </observers>
31 |             </controller_action_predispatch_checkout_onepage_index>
32 |         </events>
33 |         <routers>
34 |             <mpchadwick_mwscanutils>
35 |                 <use>standard</use>
36 |                 <args>
37 |                     <module>Mpchadwick_MwscanUtils</module>
38 |                     <frontName>mwscanutils</frontName>
39 |                 </args>
40 |             </mpchadwick_mwscanutils>
41 |         </routers>
42 |     </frontend>
43 | </config>
44 | 


--------------------------------------------------------------------------------
/app/code/community/Mpchadwick/MwscanUtils/data/mpchadwick_mwscanutils_setup/data-install-0.1.0.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | // https://magento.stackexchange.com/questions/43370/adding-a-product-by-upgrade-script#answer-43372
 4 | 
 5 | $websiteIds = Mage::getModel('core/website')->getCollection()
 6 |     ->addFieldToFilter('website_id', array('neq'=>0))
 7 |     ->getAllIds();
 8 | 
 9 | 
10 | $product = Mage::getModel('catalog/product');
11 | $product->setStoreId(0);
12 | $product->setWebsiteIds($websiteIds);
13 | $product->setTypeId('simple');
14 | $product->addData(array(
15 |     'name' => 'Mwscanutils Test Product',
16 |     'attribute_set_id' => $product->getDefaultAttributeSetId(), //use the default attribute set or an other id if needed.
17 |     'status' => Mage_Catalog_Model_Product_Status::STATUS_ENABLED, //set product as enabled
18 |     'visibility' => Mage_Catalog_Model_Product_Visibility::VISIBILITY_NOT_VISIBLE, //set visibility in catalog and search
19 |     'meta_title' => 'Meta title here',
20 |     'weight' => 1,
21 |     'sku' => 'mwscanutils-test-product',
22 |     'price' => 10.00,
23 |     'tax_class_id' => 2, //could not find a non-hardcoded value for this
24 |     'description' => 'Description here',
25 |     'short_description' => 'Short description here',
26 |     'stock_data' => array( //set stock data
27 |         'manage_stock' => 1,
28 |         'qty' => 999, //set the qty
29 |         'use_config_manage_stock' => 1,
30 |         'use_config_min_sale_qty' => 1,
31 |         'use_config_max_sale_qty' => 1,
32 |         'use_config_enable_qty_increments' => 1,
33 |         'is_in_stock' => 1
34 |     ),
35 | 
36 | ));
37 | $product->save();
38 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # Mpchadwick_MwscanUtils
 2 | 
 3 | [![Build Status](https://travis-ci.org/mpchadwick/Mpchadwick_MwscanUtils.svg?branch=master)](https://travis-ci.org/mpchadwick/Mpchadwick_MwscanUtils)
 4 | 
 5 | A set of utilities for use in tandem with [magento-malware-scanner](https://github.com/gwillem/magento-malware-scanner) for Magento 1.
 6 | 
 7 | Magento 2 version available [here](https://github.com/mpchadwick/Mpchadwick_MwscanUtils2).
 8 | 
 9 | ## Features
10 | 
11 | ### Content Dump Endpoint
12 | 
13 | Adds an endpoint at `/mwscanutils/contentdump` which returns a `text/plain` response including...
14 | 
15 | - Content from ALL CMS pages
16 | - Content from ALL CMS blocks
17 | - Miscellaneous Scripts
18 | - Miscellaneous HTML
19 | 
20 | From a scanning location, you should send the output of this to mwscan.
21 | 
22 | ```
23 | curl --silent https://example.com/mwscanutils/contentdump > content && grep -Erlf mwscan.txt content
24 | ```
25 | 
26 | Additional content can be appended as needed by observing the `mpchadwick_mwscanutils_dump_content_before` event
27 | 
28 | **config.xml**
29 | 
30 | ```xml
31 | <mpchadwick_mwscanutils_dump_content_before>
32 |     <observers>
33 |         <example>
34 |             <model>example/observer</model>
35 |             <method>appendContent</method>
36 |         </example>
37 |     </observers>
38 | </mpchadwick_mwscanutils_dump_content_before>
39 | ```
40 | 
41 | **Observer.php**
42 | 
43 | ```php
44 | public function appendContent(Varien_Event_Observer $observer)
45 | {
46 |     $container = $observer->getContainer();
47 |     $content = $container->getContent();
48 |     $content[] = 'Dump this too.';
49 |     $container->setContent($content);
50 | }
51 | ```
52 | 
53 | ### /checkout/onepage HTML
54 | 
55 | Adds the ability to fetch the HTML for `/checkout/onepage` programmatically. Pass the `mwscanutils_force` param as follows...
56 | 
57 | ```
58 | curl --silent https://example.com/checkout/onepage/index/mwscanutils_force/1 > content && grep -Erlf mwscan.txt content
59 | ```
60 | 
61 | A dummy product will be added to the quote to allow the page to render.
62 | 
63 | Helpful for catching cases where the malware is only present on the checkout page.
64 | 


--------------------------------------------------------------------------------