function file_exists(name) local f=io.open(name,"r") if f~=nil then io.close(f) return true else return false end end function check_scan_enabled() local f = io.open("/etc/sysconfig/imunify360/imunify360-merged.config","rb") -- new config path if f == nil then -- fallback to the old config path f = io.open("/etc/sysconfig/imunify360/imunify360.config","rb") if f == nil then -- no config found, exit as before this change return false end end if f ~= nil then local content = f:read("*all") io.close(f) if string.match(content, 'enable_scan_modsec:%strue') then return true end else return false end return false end function write_tmp(input_str) -- Write the contents of input_str (string) to a temporary file -- Try multiple approaches for creating a temporary file input_str = string.gsub(input_str, "^raw_code:", "") local tmpname = nil local tmpfile = nil -- Method 1: Try Lua's built-in tmpname() function tmpname = os.tmpname() tmpfile = io.open(tmpname, "w") -- Method 2: If that fails, try /var/tmp with a unique name if not tmpfile then tmpname = "/var/tmp/imunify360_modsec_" .. tostring(os.time()) .. "_" .. tostring(math.random(10000, 99999)) .. ".tmp" tmpfile = io.open(tmpname, "w") end -- Method 3: If that fails, try /tmp with a unique name if not tmpfile then tmpname = "/tmp/imunify360_modsec_" .. tostring(os.time()) .. "_" .. tostring(math.random(10000, 99999)) .. ".tmp" tmpfile = io.open(tmpname, "w") end -- Method 4: Last resort - try current directory if not tmpfile then tmpname = "imunify360_modsec_" .. tostring(os.time()) .. "_" .. tostring(math.random(10000, 99999)) .. ".tmp" tmpfile = io.open(tmpname, "w") end if not tmpfile then return nil end tmpfile:write(input_str) tmpfile:close() return tmpname end function main(filename) local scan_script local logf -- Check if modsec scan enabled in config file if not check_scan_enabled() then return nil end -- cover use-case where we send raw php code for scanning if string.sub(filename, 1, 9) == "raw_code:" then -- save content to tmp file filename = write_tmp(filename) if not filename then return nil end local cleanup_tmp = filename end -- Check if scan script exist, if not - do nothing if file_exists("/usr/share/imunify360/scripts/modsec_scan_real.py") then scan_script = "/usr/share/imunify360/scripts/modsec_scan_real.py" elseif file_exists("/opt/alt/python35/share/imunify360/scripts/modsec_scan_real.py") then scan_script = "/opt/alt/python35/share/imunify360/scripts/modsec_scan_real.py" else return nil end -- Execute scan script and get a output as a result local handle = io.popen(scan_script .. " " .. filename) local scan_result = handle:read("*a") handle:close() -- cleanup temporary file, if created if cleanup_tmp then local cleanup_success = os.remove(cleanup_tmp) end -- Check if scan script return something useful -- 1 OK - means OK, no malware found -- 0 Attempt to upload malware - means harmful file -- empty string or any other output means error or execution failure, and do nothing if string.match(scan_result, '0 Attempt to upload malware') then return 1 elseif string.match(scan_result, '1 OK') then return nil end return nil end