A WordPress file diff python module.
The module requires the following packages to be installed:
- ftputil
- requests
- mysql-connector
- filetype
Use pip to install ftputil and requests.
pip install ftputil
pip install requests
The python MySQL connector can be downloaded here.
pip install filetype
The main module filename of the WordPress diff is ftp_wp_diff.py.
Sample usage
import ftp_wp_diff
ftp_wp_diff('localhost', 'admin', 'admin123', '/wordpress')The MySql database connection can be configured using the db_config.json file.
ftp_wp_diff('host', 'user', 'pwd', wp_path=None, search_depth=3);- host - Hostname of the FTP server.
- user - FTP username.
- pwd - FTP password.
- wp_path (Optional - Default is None) - WordPress directory location in the FTP server.
- search_depth (Optional - Default is 3) - A number indicating the search depth limit of the WordPress version.
The following python files are sub modules that is used in the WordPress file diff.
Returns the database config data located in db_config.json.
Creates a db_config.json file with default setting if db_config.json is not found.
# returns the decoded data in 'db_config.json'
read_config()
# Checks if the dictionary keys are valid.
check_config_keys(config)
# Creates a 'db_config.json; file if it doesn't exist.
create_default_config()
# Main database config module fetcher
get_config()Returns a ftputil connection instance of the FTP server.
# Connects to a FTP server
ftp_connect(host, user, pwd)ftp_connect(host, user, pwd)host- (String) Hostname of the FTP serveruser- (String) FTP Usernamepwd- (String) FTP Password
Connects to the MySQL DB and returns the MySQL connection instanace and cursor.
# Returns the MySQL connection and cursor
mysql_connect()Inserts the file and line diff result in the MySQL database.
# Returns the insert sql statement of a file diff based on its diff type.
get_diff_stmt(diff_type)
# Returns the diff values that will be inserted based on its diff type.
get_diff_data(scan_id, diff, line_diff)
# Inserts the diff data and the plugins in the MySQL DB
insert_scan(scan, file_diff, line_diff)get_diff_stmt(diff_type)diff_type- (String) A single character representing the diff type.
get_diff_data(scan_id, diff, line_diff)scan_id- (Integer) Last row ID of the inserted of the file diff (scan_data table)diff- (Dictionary) A single diff instance returned bywp_file_diff.pyline_diff- (Dictionary) Result of thewp_line_diff.pymodule
insert_scan(scan, file_diff, line_diff)scan- (Dictionary) Diff scan metadatafile_diff- (Dictionary) Result of thewp_file_diff.pymoduleline_diff- (Dictionary) Result of thewp_line_diff.pymodule
Finds the WordPress directory and its version in the FTP server.
# Changes the WP file directory of the Ftputil instance.
change_wp_dir(con, wp_path)
# Finds the WP file direcotry based on the directory list if the WP version.
find_wp_dir(con, clean_wp_path)
# Finds teh WP version in the FTP server
get_wp_ver(con, search_depth)
# Calls `change_wp_dir` and `get_wp_dir`
detect_wp(con, wp_path, search_depth)change_wp_dir(con, wp_path)con- (Object) FTPutil connection instancewp_path- (String) FTP WordPress Path
find_wp_dir(con, clean_wp_path)con- (Object) FTPutil connection instanceclean_wp_path- (String) Raw WordPress path
get_wp_ver(con, search_depth)con- (Object) FTPutil connection instancesearch_depth(Integer) Search depth limit of the file search traversal.
detect_wp(con, wp_path, search_depth)con- (Object) FTPutil connection instancewp_path- (String) FTP WordPress Pathsearch_depth- (Integer) Saerch depth limit of the file search traversal.
Downloads the raw WordPress file version and its md5 hash.
# Returns true if the zip file is not tampered
compare_zip_hash(ver)
# Extracts the given WP version in the \\wp-files dir.
extract(ver)
# Download the WP version and stores it in 'wp-files; directory
download(ver)compare_zip_hash(ver)ver- (String) WordPress version
extract(ver)ver- (String) WordPress version
download(ver)ver- (String) WordPress version
Returns a hash diff dictionary of two WordPress directories.
file_hash_diff(con, clean_path)file_hash_diff(con, clean_path)con- (Object) FTPutil connection instanceclean_path- (String) Raw WordPress path
Retrieves the WordPress file hashes inside the FTP server and the raw downloaded version.
# Returns the md5 hash string of a given file
md5(fname, r_mode='rb')
# Get the file hashes inside the FTP server
ftp_file_hash(con)
# Get the file hashes of the clean WP version
clean_file_hash(dpath)md5(fname, r_mode='rb')fname- (String) Path of the filer_mode- (String) Read mode. Default is 'rb'
ftp_file_hash(con)con- (Object) FTPutil connnection instance
clean_file_hash(dpath)dpath- (String) Raw WordPress path
Returns the line diff of two files.
# Returns line changes
diff_filter(diff)
# Returns an array of unified diff between two files
file_line_diff(con, fpath1, fpath2)diff_filter(diff)diff- (Object) - diff result of two files
file_line_diff(con, fpath, fpath2)`con- FTPutil connection instancefpath1- File path to be diffedfpath2- File path to be diffed
Uses the filetype package to determine and verify image filetypes
# Verifies the image type
verify_img_type(con)verify_img_type(con)con- FTPutil connection instance
Scans the plugin(s) of the WordPress in the FTP This module will flag all unverified plugins by checking if the module(s) is present in the WordPress plugin SVN.
# Reads the plugin directory names and .php file extension located in `wp-content/plugins`
scan_plugin_dir(con)
# Verifies the plugin by checking if it exists in the WordPress plugin SVN
verify_plugins(plugins)scan_plugin_dir(con)con- FTPutil connection instance
verify_plugins(plugins)plugins- (Object) - An object returned by the scan_plugin_dir() which contains the files and plugin name