/**
* Adds a log entry to the #__admintools_scanalerts table, marking a modified, added or suspicious file.
*
* @param \stdClass $newFileRecord The record of the current version of the file
* @param \stdClass|null $oldFileRecord The record of the old version of the file (or null if it's an added file)
*
* @return void
*/
private function _logFileChange(&$newFileRecord, &$oldFileRecord = null)
{
// Initialise the new alert record
$alertRecord = array('path' => $newFileRecord->path, 'scan_id' => \Akeeba\Engine\Factory::getStatistics()->getId(), 'diff' => '', 'threat_score' => 0, 'acknowledged' => 0);
// Produce the diff if there is an old file
if (!is_null($oldFileRecord)) {
if ($this->generateDiff) {
// Modified file, generate diff
$newText = gzinflate($newFileRecord->data);
$newText = str_replace("\r\n", "\n", $newText);
$newText = str_replace("\r", "\n", $newText);
$newLines = explode("\n", $newText);
unset($newText);
$oldText = gzinflate($oldFileRecord->data);
$oldText = str_replace("\r\n", "\n", $oldText);
$oldText = str_replace("\r", "\n", $oldText);
$oldLines = explode("\n", $oldText);
unset($oldText);
$diffObject = new \Horde_Text_Diff('native', array($newLines, $oldLines));
$renderer = new \Horde_Text_Diff_Renderer();
$alertRecord['diff'] = $renderer->render($diffObject);
unset($renderer);
unset($diffObject);
unset($newLines);
unset($oldLines);
$alertRecord['threat_score'] = $this->_getThreatScore($alertRecord['diff']);
} else {
// Modified file, do not generate diff
$alertRecord['diff'] = "###MODIFIED FILE###\n";
$newText = @file_get_contents($newFileRecord->sourcePath);
$alertRecord['threat_score'] = $this->_getThreatScore($newText);
unset($newText);
}
} else {
// New file
$newText = @file_get_contents($newFileRecord->sourcePath);
$alertRecord['threat_score'] = $this->_getThreatScore($newText);
unset($newText);
}
// Do not create a record for non-threat files
if ($this->ignoreNonThreats && !$alertRecord['threat_score']) {
return;
}
$alertRecord = (object) $alertRecord;
$db = \JFactory::getDbo();
$db->insertObject('#__admintools_scanalerts', $alertRecord);
unset($alertRecord);
}