mwscan should remember previously flagged files and show diff only
Closed this issue · 4 comments
Currently it has the --newonly option to scan new files, but for volatile rules files, you'd want to do a full scan often, but not be bothered with previous hits.
Persistent state management is the road to hell, though ;) .
But, seriously I agree this is definitely helpful, especially if you do want to keep an audit trail of without overwhelming every subsequent scan. I'm not running any active sites these days, so it's been a while since I've personally used MageReport but I seem to recall there being some kind of historical record of previous scans, though I don't think it behaved in the way you're describing right?
Indeed, MageReport doesn't keep history (and is for the rest completely isolated from this project).
Perhaps mwscan should write a state file with "last known set of flagged files" and not report any repeat hits. And then for audit purpose, it should keep a separate log file where all hits are logged with timestamp?
That's definitely pretty simple. My goal (with my tongue planted firmly in cheek) was to avoid a SQLlite backend...for as long as we can I guess 💯