Skip to content

Instantly share code, notes, and snippets.

@tomtone

tomtone/Magereport Parser

Created April 27, 2016 05:30
Show Gist options
  • Save tomtone/2bf5cf3370a2762d447c671f6b585f2a to your computer and use it in GitHub Desktop.
Save tomtone/2bf5cf3370a2762d447c671f6b585f2a to your computer and use it in GitHub Desktop.
Download ZIP
Raw
Magereport Parser
<?php
namespace AppBundle\Services\MageReport;
class Parser
{
protected $header
= array(
'shop_properties' => 'Shop Prperties',
'security.openversioncontrol' => 'Unprotected version control',
'security.sslcheck' => 'SSL protection?',
'security.cacheleak' => 'Cacheleak vulnerability',
'security.magversion' => 'Outdated Magento version',
'security.supee6482' => 'Security patch 6482 (XSS)',
'security.defaultadminurl' => 'Admin/downloader unprotected',
'security.opendev' => 'Unprotected development files',
'security.openmagmi' => 'Unprotected Magmi',
'security.ransomware' => 'Ransomware detected',
'security.supee5994' => 'Security patch 5994 (admin disclosure)',
'security.supee6285' => 'Security patch 6285 (XSS, RSS)',
'security.supee5344' => 'Security patch 5344 (Shoplift)',
'security.supee6788' => 'Security patch 6788 (secrets leak)',
'security.supee7405' => 'Security patch 7405',
'security.outdatedserverversion' => 'Unmaintained server',
'security.guruincinfection' => 'GuruInc Javascript Hack',
'security.creditcardhijack' => 'Credit Card Hijack detected',
'security.exposedapi' => 'Exposed Magento 2 API'
);
const MAGE_REPORT_URL = "https://www.magereport.com/scan/?s=";
/**
* @var string|bool
*/
protected $hostname;
/**
* @var \Symfony\Component\DomCrawler\Crawler
*/
protected $crawler;
public function __construct($hostname = false)
{
if ($hostname === false) {
throw new \InvalidArgumentException("hostname must be set.");
}
$this->hostname = $hostname;
}
public function getResults($returnOnlyErrors = false)
{
$url = "https://www.magereport.com/scan/result/?s=http://" . $this->hostname . "/";
$agent = 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.0.3705; .NET CLR 1.1.4322)';
$ch = curl_init($url); // Initialising cURL session
// Setting cURL options
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); // Prevent cURL from verifying SSL certificate
curl_setopt($ch, CURLOPT_FAILONERROR, true); // Script should fail silently on error
curl_setopt($ch, CURLOPT_COOKIESESSION, true); // Use cookies
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); // Follow Location: headers
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); // Returning transfer as a string
curl_setopt($ch, CURLOPT_USERAGENT, $agent);
$results = curl_exec($ch); // Executing cURL session
$results = explode('}{', $results);
unset($results[0]);
$maxElements = count($results);
$errors = [];
foreach ($results as $key => $result) {
$resultData = '';
if ($key == $maxElements) {
$resultData = json_decode('{' . $result, true);
} else {
$resultData = json_decode('{' . $result . '}', true);
}
foreach ($resultData as $resultDataKey => $data) {
if (array_key_exists('loadtime_milliseconds', $data)) {
unset($results[$key]);
continue;
}
$data['title'] = $this->header[$resultDataKey];
if ($data['result'] == 'ok') {
$data['css'] = 'bs-callout-success';
} elseif ($data['result'] == 'fail') {
$data['css'] = 'bs-callout-danger';
} else {
$data['css'] = 'bs-callout-unknown';
}
$results[$key] = $data;
$errors[] = $data['result'];
}
}
curl_close($ch); // Closing cURL session
if($returnOnlyErrors){
$results = $errors;
}
return $results;
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment