Fix. Vulnerability alarm. New API method report_vulnerability_in_use implemented.

inc/spbc-admin.php

@@ -268,7 +268,7 @@ function spbc_theme_list_show_vulnerability()
                 $theme_slug = isset($installed_theme['slug']) ? $installed_theme['slug'] : '';
                 $theme_version = ! empty($installed_theme['version']) ? $installed_theme['version'] : '';
                 if ( isset($theme_slug, $theme_slug) ) {
-                    $theme_report = VulnerabilityAlarm::checkSingleThemeVulnerabilityStatic($theme_slug, $theme_version);
+                    $theme_report = VulnerabilityAlarm::checkThemeVulnerabilityStatic($theme_slug, $theme_version);
                     if ( $theme_report ) {
                         $vulnerable_theme_data = array(
                             'slug' => $installed_theme['slug'],

lib/CleantalkSP/Common/API.php

@@ -934,4 +934,16 @@ public static function methodUserDataUpdate($user_token, $user_data)
 
         return static::sendRequest($request);
     }
+
+    public static function methodReportVulnerabilityInUse($api_key, $service_id, $research_id)
+    {
+        $request = array(
+            'method_name' => 'report_vulnerability_in_use',
+            'auth_key'  => $api_key,
+            'service_id'  => $service_id,
+            'research_id'   => $research_id,
+        );
+
+        return static::sendRequest($request);
+    }
 }

lib/CleantalkSP/SpbctWP/VulnerabilityAlarm/VulnerabilityAlarm.php

@@ -313,7 +313,7 @@ public static function checkSinglePluginViaAPI($module, $version)
      *
      * @return Dto\PluginReport|ThemeReport|false|mixed
      */
-    public static function checkSingleThemeVulnerabilityStatic($theme_slug, $theme_version)
+    public static function checkThemeVulnerabilityStatic($theme_slug, $theme_version)
     {
         /** @var ApiResults|null $list */
         $list = get_option(self::VULNERABILITY_LIST);

lib/CleantalkSP/SpbctWP/VulnerabilityAlarm/VulnerabilityAlarmService.php

@@ -2,6 +2,7 @@
 
 namespace CleantalkSP\SpbctWP\VulnerabilityAlarm;
 
+use CleantalkSP\SpbctWP\API;
 use CleantalkSP\SpbctWP\VulnerabilityAlarm\Dto\ApiResults;
 use CleantalkSP\SpbctWP\VulnerabilityAlarm\Dto\ItemReport;
 use CleantalkSP\SpbctWP\VulnerabilityAlarm\Dto\PluginReport;
@@ -31,16 +32,26 @@ public static function setSummaryLogPluginsAndThemes($modules)
         if ($modules['themes'] && is_array($modules['themes'])) {
             $spbc->scan_themes_info['total_site_themes_count'] = count($modules['themes']);
 
-            $theme_is_vulnerable = self::checkVulnerableThemesViaAPI($modules['themes']);
-            $spbc->scan_themes_info['themes_info_requested'] = count($modules['themes']);
+            $number_of_vulnerable_themes = 0;
+            $themes_info_requested = 0;
+            $names_vulnerable_themes = array();
 
-            if ($theme_is_vulnerable && is_array($theme_is_vulnerable)) {
-                $theme_names = array_map(function ($report) {
-                    return $report->slug;
-                }, $theme_is_vulnerable);
-                $spbc->scan_themes_info['names_vulnerable_themes'] = $theme_names; //
-                $spbc->scan_themes_info['themes_found_with_known_vulnerabilities'] = count($theme_names);
+            foreach ($modules['themes'] as $theme) {
+                $theme_slug = $theme[0];
+                $theme_version = $theme[1];
+                $theme_is_vulnerable = VulnerabilityAlarm::checkthemeVulnerabilityStatic($theme_slug, $theme_version);
+
+                $themes_info_requested++;
+                if ($theme_is_vulnerable) {
+                    $names_vulnerable_themes[] = $theme_is_vulnerable;
+                    $number_of_vulnerable_themes++;
+                }
             }
+
+            $spbc->scan_themes_info['names_vulnerable_themes'] = $names_vulnerable_themes;
+            $spbc->scan_themes_info['themes_info_requested'] = $themes_info_requested;
+            $spbc->scan_themes_info['themes_found_with_known_vulnerabilities'] = $number_of_vulnerable_themes;
+
             $spbc->save('scan_themes_info');
         }
 
@@ -57,12 +68,12 @@ public static function setSummaryLogPluginsAndThemes($modules)
                 $plugin_is_vulnerable = VulnerabilityAlarm::checkPluginVulnerabilityStatic($plugin_slug, $plugin_version);
                 $plugins_info_requested++;
                 if ($plugin_is_vulnerable) {
-                    array_push($names_vulnerable_plugins, $plugin_is_vulnerable);
+                    $names_vulnerable_plugins[] = $plugin_is_vulnerable;
                     $number_of_vulnerable_plugins++;
                 }
             }
 
-            $spbc->scan_plugins_info['names_vulnerable_plugins'] = $names_vulnerable_plugins; //
+            $spbc->scan_plugins_info['names_vulnerable_plugins'] = $names_vulnerable_plugins;
             $spbc->scan_plugins_info['plugins_info_requested'] = $plugins_info_requested;
             $spbc->scan_plugins_info['plugins_found_with_known_vulnerabilities'] = $number_of_vulnerable_plugins;
 
@@ -226,31 +237,6 @@ public static function getThemeReportStatic($theme_slug, $theme_version)
         return static::getItemReportStatic($theme_slug, $theme_version, false, true);
     }
 
-    /**
-     * @param array $theme_slugs
-     *
-     * @return array
-     */
-    public static function checkVulnerableThemesViaAPI($theme_slugs)
-    {
-        try {
-            $report = self::getReport(['themes' => $theme_slugs]);
-        } catch (\Exception $_exception) {
-            return $theme_slugs;
-        }
-
-        $list_vulnerability_reports = array();
-        if (count($report->themes) > 0) {
-            foreach ($report->themes as $theme_report) {
-                if ($theme_report->app_status == 'vulnerable') {
-                    $list_vulnerability_reports[] = $theme_report;
-                }
-            }
-            return $list_vulnerability_reports;
-        }
-        return [];
-    }
-
     /**
      * @param array $theme_slug
      *
@@ -411,4 +397,51 @@ private static function mapApiResults($api_res)
         }
         return $results;
     }
+
+    public static function sendReport()
+    {
+        global $spbc;
+
+        if ( $spbc->settings['spbc_key'] === '' ) {
+            throw new \Exception(__('Access key is empty.', 'security-malware-firewall'));
+        }
+
+        if ( $spbc->data['service_id'] === '' ) {
+            throw new \Exception(__('Service ID is empty. Please, do cloud synchronization.', 'security-malware-firewall'));
+        }
+
+        $vulnerabilities = [];
+
+        // 1) Collect vulnerable plugins research IDs
+        if (
+            isset($spbc->scan_plugins_info['names_vulnerable_plugins']) &&
+            is_array($spbc->scan_plugins_info['names_vulnerable_plugins']) &&
+            count($spbc->scan_plugins_info['names_vulnerable_plugins']) > 0
+        ) {
+            /** @var \CleantalkSP\SpbctWP\VulnerabilityAlarm\Dto\PluginReport $plugin_report */
+            foreach ( $spbc->scan_plugins_info['names_vulnerable_plugins'] as $plugin_report ) {
+                $vulnerabilities[] = $plugin_report->id;
+            }
+        }
+
+        // 2) Collect vulnerable themes research IDs
+        if (
+            isset($spbc->scan_themes_info['names_vulnerable_themes']) &&
+            is_array($spbc->scan_themes_info['names_vulnerable_themes']) &&
+            count($spbc->scan_themes_info['names_vulnerable_themes']) > 0
+        ) {
+            /** @var \CleantalkSP\SpbctWP\VulnerabilityAlarm\Dto\ThemeReport $theme_report */
+            foreach ( $spbc->scan_themes_info['names_vulnerable_themes'] as $theme_report ) {
+                $vulnerabilities[] = $theme_report->id;
+            }
+        }
+
+        // 3) Send found vulnerable IDs
+        if ( count($vulnerabilities) > 0 ) {
+            // @ToDo make only one API request after it will be able to receive array of IDs as the input parameter https://doboard.com/1/task/11753
+            foreach ( $vulnerabilities as $research_id ) {
+                $_send_result = API::methodReportVulnerabilityInUse($spbc->settings['spbc_key'], $spbc->data['service_id'], $research_id);
+            }
+        }
+    }
 }

lib/CleantalkSP/SpbctWP/VulnerabilityAlarm/VulnerabilityAlarmView.php

@@ -425,7 +425,7 @@ private static function getVulnerableThemesStatic()
             foreach ( $themes as $theme_data ) {
                 $theme_slug = isset($theme_data['slug']) ? $theme_data['slug'] : sanitize_title($theme_data['Name']);
                 $theme_version = ! empty($theme_data['Version']) ? $theme_data['Version'] : '';
-                $theme_report = VulnerabilityAlarm::checkSingleThemeVulnerabilityStatic($theme_slug, $theme_version);
+                $theme_report = VulnerabilityAlarm::checkThemeVulnerabilityStatic($theme_slug, $theme_version);
                 if ( $theme_report ) {
                     $vulnerable_themes[] = $theme_report;
                 }

security-malware-firewall.php

@@ -28,6 +28,7 @@
 use CleantalkSP\SpbctWP\State;
 use CleantalkSP\SpbctWP\Transaction;
 use CleantalkSP\SpbctWP\Variables\Cookie;
+use CleantalkSP\SpbctWP\VulnerabilityAlarm\VulnerabilityAlarmService;
 use CleantalkSP\Updater\Updater;
 use CleantalkSP\Updater\UpdaterScripts;
 use CleantalkSP\Variables\Get;
@@ -269,6 +270,8 @@ function spbc_security_check_vulnerabilities()
         VulnerabilityAlarm::updateWPModulesVulnerabilities();
         $spbc->data['spbc_security_check_vulnerabilities_last_call'] = time();
         $spbc->save('data');
+        // Send found vulnerabilities to the cloud
+        VulnerabilityAlarmService::sendReport();
     } catch ( \Exception $exception ) {
         return ['error' => $exception->getMessage()];
     }