search

wordfence / wordfence-cli

Wordfence malware and vulnerability scanner command line utility.
https://www.wordfence.com/products/wordfence-cli/
GNU General Public License v3.0
102 stars 22 forks source link

Clarify error message in the event a scan does not complete due to IO error #226

Closed ewodrich closed 4 months ago

ewodrich commented 9 months ago

If a vuln-scan or malware-scan fail due to IO error, update the error message to make clear the scan has failed. This is especially pertinent if a scan begins to populate output and then fails, which may be unclear to a user that the scan did not complete.

Ideas for wording: Scan failed. Error: Unable to scan directory at <directory> Scan could not complete. Error: Unable to scan directory at <directory> Scan stopped before completing. Error: Unable to scan directory at <directory>

Example end results with --no-allow-io-errors and a file that fails due to permissions:

Processing file: /Users/Esthe/Sites/wordpress/random-test.php
/Users/Esthe/Sites/wordpress/eicar-test-file.php,5972,Safe:DOS/EICAR-Test-File.5972,Safe test file used to confirm anti-virus detection,b'X5O!P%@AP[4\\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*'
Error: Directory search of /Users/Esthe/Sites/wordpress/wp-test-permissions failed ([Errno 13] Permission denied: '/Users/Esthe/Sites/wordpress/wp-test-permissions')
davidnuzik commented 5 months ago

Question: Does running with the -d / --debug flag reveal more info? (Or do we want to reveal more info without this flag?)

ewodrich commented 5 months ago

Response to above re: using debug, still no note that explicitly states the scan stopped prior to completion, maybe more technical users will be able to infer that. 

/Users/Esthe/Sites/wordpress/eicar-test-file.php,5972,Safe:DOS/EICAR-Test-File.5972,Safe test file used to confirm anti-virus detection,b'X5O!P%@AP[4\\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*'
Traceback (most recent call last):
  File "/Library/Frameworks/Python.framework/Versions/3.11/lib/python3.11/site-packages/wordfence/scanning/scanner.py", line 222, in search_directory
    contents = os.scandir(path)
               ^^^^^^^^^^^^^^^^
PermissionError: [Errno 13] Permission denied: '/Users/Esthe/Sites/wordpress/wp-test-permissions'

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "/Library/Frameworks/Python.framework/Versions/3.11/lib/python3.11/site-packages/wordfence/scanning/scanner.py", line 352, in run
    locator.locate()
  File "/Library/Frameworks/Python.framework/Versions/3.11/lib/python3.11/site-packages/wordfence/scanning/scanner.py", line 264, in locate
    for path in self.search_directory(real_path):
  File "/Library/Frameworks/Python.framework/Versions/3.11/lib/python3.11/site-packages/wordfence/scanning/scanner.py", line 238, in search_directory
    yield from self.search_directory(
  File "/Library/Frameworks/Python.framework/Versions/3.11/lib/python3.11/site-packages/wordfence/scanning/scanner.py", line 224, in search_directory
    self._handle_io_error(os_error, path)
  File "/Library/Frameworks/Python.framework/Versions/3.11/lib/python3.11/site-packages/wordfence/scanning/scanner.py", line 213, in _handle_io_error
    raise ScanningIoException(
wordfence.scanning.exceptions.ScanningIoException: Directory search of /Users/Esthe/Sites/wordpress/wp-test-permissions failed ([Errno 13] Permission denied: '/Users/Esthe/Sites/wordpress/wp-test-permissions')
akenion commented 5 months ago

@ewodrich Just to clarify, the option is --no-allow-io-errors (with two leading hyphens). It looks like you may be testing with -no-allow-io-errors (one hypen), which isn't supported.

ewodrich commented 5 months ago

Corrected scan options and updated comments as per above from akenion.

davidnuzik commented 4 months ago

Discussed and typically users will be technical and probably check exit codes, etc closing