yanis/html
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
Files
main
html/api/enrich-whitelist.php
Opus 487fdaa8d5
Some checks failed
WEVAL NonReg / nonreg (push) Has been cancelled
Details
auto-sync-20260423-1912
2026-04-23 21:12:35 +02:00

79 lines
2.4 KiB
PHP
Executable File
Raw Permalink Blame History

<?php
// Enrichissement whitelist autowire v2
// Doctrine 138 v2: ajouter bash -c, node, /opt/weval-nonreg/, /opt/weval-ops/, python3, timeout, sudo
// Préserve compatibilité + ajoute mode sandbox explicit
header('Content-Type: application/json');
$target = '/var/www/html/api/wevia-master-api.php';
$backup = '/var/www/html/vault-gold/opus/whitelist-enrich-' . date('Ymd-His') . '.bak';
if (!file_exists($target)) {
echo json_encode(['ok'=>false, 'err'=>'target not found']);
exit;
}
// Backup
@mkdir(dirname($backup), 0755, true);
copy($target, $backup);
$content = file_get_contents($target);
// Pattern actuel (line 158)
$old = "foreach (['/var/www/html/','/var/www/weval/','/opt/wevia-brain/','/opt/wevads/vault/','echo ','curl ','php8.4 ','git '] as \$__p)";
// Nouvelle liste enrichie : safe paths + safe commands
$new = "foreach (['/var/www/html/','/var/www/weval/','/opt/wevia-brain/','/opt/wevads/vault/','/opt/weval-nonreg/','/opt/weval-ops/','/opt/weval-l99/','/opt/wevia-brain/','echo ','curl ','php8.4 ','php ','git ','bash -c ','node ','python3 ','timeout ','sudo -u www-data '] as \$__p)";
if (strpos($content, $old) === false) {
echo json_encode([
'ok' => false,
'err' => 'pattern not found (deja enrichi ?)',
'search' => substr($old, 0, 80)
]);
exit;
}
$new_content = str_replace($old, $new, $content);
// Lint PHP avant écriture
$tmp = tempnam('/tmp', 'wma-enrich-');
file_put_contents($tmp, $new_content);
$lint = shell_exec("php -l $tmp 2>&1");
if (strpos($lint, 'No syntax errors') === false) {
unlink($tmp);
echo json_encode(['ok'=>false, 'err'=>'php lint failed', 'lint'=>$lint]);
exit;
}
// chattr -i si protégé
shell_exec("sudo chattr -i $target 2>/dev/null");
// Write
file_put_contents($target, $new_content);
shell_exec("sudo chown www-data:www-data $target");
// chattr +i restore (doctrine sacré)
shell_exec("sudo chattr +i $target 2>/dev/null");
unlink($tmp);
// Restart php-fpm ? non - ça coupe les sessions. Les nouveaux requêtes liront new code via opcache.reset
// Trigger opcache reset
@opcache_reset();
echo json_encode([
'ok' => true,
'backup' => $backup,
'patched_paths_added' => [
'/opt/weval-nonreg/',
'/opt/weval-ops/',
'/opt/weval-l99/',
'bash -c ',
'node ',
'python3 ',
'timeout ',
'sudo -u www-data ',
'php '
],
'opcache_reset' => 'done',
'ts' => date('c')
]);
Reference in New Issue View Git Blame Copy Permalink