[
MAINHACK
]
Mail Test
BC
Config Scan
HOME
Create...
New File
New Folder
Viewing / Editing File: incident_parser.py
File is not writable. Editing disabled.
"""Parser for WordPress plugin incident files.""" import base64 import json import logging from pathlib import Path logger = logging.getLogger(__name__) class IncidentFileParser: """ Parse incident files written by the WordPress plugin. These files have format: <?php __halt_compiler(); #{base64-encoded JSON data for incident} #{base64-encoded JSON data for incident} ... File pattern: wp-content/imunify-security/incidents/yyyy-mm-dd-hh.php """ @classmethod def parse_file(cls, file_path: Path) -> list[dict]: """ Parse an incident file and return list of incident dictionaries. The file format is: - First line: <?php __halt_compiler(); - Following lines: #{base64-encoded JSON} Args: file_path: Path to the incident file Returns: List of parsed incident dictionaries """ incidents = [] try: with open(file_path, "r", encoding="utf-8") as f: for line_num, line in enumerate(f, 1): line = line.strip() incident = cls._process_line(line, line_num, file_path) if incident is not None: incidents.append(incident) except Exception as e: logger.error( "Error reading incident file %s: %s", file_path, e, ) return [] return incidents @classmethod def _process_line( cls, line: str, line_num: int, file_path: Path ) -> dict | None: """ Process a single line from an incident file. Args: line: The line content (already stripped) line_num: Line number for logging file_path: Path to the file being processed Returns: Parsed incident dictionary or None if line should be skipped """ # Skip empty lines if not line: return None if line.startswith("<?php"): logger.debug( "Skipping PHP header line %d in %s", line_num, file_path.name, ) return None # Lines should start with # followed by base64-encoded JSON if not line.startswith("#"): logger.debug( "Line %d in %s doesn't start with #: %s", line_num, file_path.name, line[:50], ) return None # Remove the # prefix encoded_data = line[1:] return cls._process_encoded_line(encoded_data, line_num, file_path) @classmethod def _process_encoded_line( cls, encoded_data: str, line_num: int, file_path: Path ) -> dict | None: """ Decode base64-encoded JSON data from an incident line. Args: encoded_data: Base64-encoded JSON string line_num: Line number for logging file_path: Path to the file being processed Returns: Parsed incident dictionary or None if decoding/parsing fails """ try: decoded_bytes = base64.b64decode(encoded_data) decoded_str = decoded_bytes.decode("utf-8") incident = json.loads(decoded_str) if isinstance(incident, dict): return incident logger.warning( "Line %d in %s is not a JSON object: %s", line_num, file_path.name, decoded_str[:100], ) return None except (Exception, json.JSONDecodeError) as e: logger.error( "Failed to decode base64 on line %d in %s: %s", line_num, file_path.name, e, ) return None
Save Changes
Cancel / Back
Close ×
Server Info
Hostname: premium707.web-hosting.com
Server IP: 198.177.120.115
PHP Version: 8.1.34
Server Software: LiteSpeed
System: Linux premium707.web-hosting.com 4.18.0-553.45.1.lve.el8.x86_64 #1 SMP Wed Mar 26 12:08:09 UTC 2025 x86_64
HDD Total: 97.87 GB
HDD Free: 76.3 GB
Domains on IP: N/A (Requires external lookup)
System Features
Safe Mode:
Off
disable_functions:
None
allow_url_fopen:
On
allow_url_include:
Off
magic_quotes_gpc:
Off
register_globals:
Off
open_basedir:
None
cURL:
Enabled
ZipArchive:
Enabled
MySQLi:
Enabled
PDO:
Enabled
wget:
Yes
curl (cmd):
Yes
perl:
Yes
python:
Yes (py3)
gcc:
Yes
pkexec:
No
git:
Yes
User Info
Username: urbaoubp
User ID (UID): 1252
Group ID (GID): 1257
Script Owner UID: 1252
Current Dir Owner: N/A