mathiasreker / blmvuln Goto Github PK

Hi,

I have' just used your BLM Module. All has gone well but there is one file it says maybe infected but when running clean it does not fix it.

The file is .............
The following files looks infected. They will be restored or removed by running the cleaning process:
docker-compose.yml

Is this something i can fix or need to be worried about ?

Many thanks in advance.

cypr00

HeyMathiasReker, thanks for the module. I've installed it got two issues:

1. It shows me the volnurability of the files which I cannot find on FTP. For example - themes/default/img/process-icon-save-and-stay.png while I don't have a degault theme in the themes folder.

2. When I hit the 'run the cleaning process' button - nothing happens.

Thanks!

Problem:
After uninstalling the module on PrestaShop 1.6, it is still present in the menu.

Work around:
Go to: Administration -> Menus -> remove blmvuln from the list

Hello @MathiasReker

Thank you for this module.

And after installation, I can't find the "Run the cleaning process" button, so I can't run it.

PS 1.7.8.9
PHP 7.3

ContextErrorException
in modules/blmvuln/src/domain/service/scanner/FilePermissions.php (line 105)

        if (empty($this->insecurePermissionFiles)) {
            return false;
        }
        foreach ($this->insecurePermissionFiles as $path) {
            chmod($path, is_dir($path) ? Config::DEFAULT_MODE_FOLDER : Config::DEFAULT_MODE_FILES);
        }
        return true;
    }

it cannot change the file or folder permission

stack trace

ContextErrorException

Symfony\Component\Debug\Exception\ContextErrorException: Warning: chmod(): Operation not permitted at modules/blmvuln/src/domain/service/scanner/FilePermissions.php:105 at PrestaShop\Module\BlmVuln\domain\service\scanner\FilePermissions->fix() (modules/blmvuln/controllers/admin/AdminBlmVulnController.php:74) at AdminBlmVulnController->fixVulnerabilities() (modules/blmvuln/controllers/admin/AdminBlmVulnController.php:41) at AdminBlmVulnController->renderList() (classes/controller/AdminController.php:2211) at AdminControllerCore->initContent() (classes/controller/Controller.php:306) at ControllerCore->run() (classes/Dispatcher.php:525) at DispatcherCore->dispatch() (zadmin/index.php:93)

The module left multiple entries in side admin menu. Take a look on the screenshot (one per module installation).
Presta 1.6.1.24

Thanks for the module, i have installed it in 1.6.1.17 and after opening the module i got error msg.

Controller has not been found...

Error log is clean.

[PrestaShop] Fatal error in module file :/modules/blmvuln/blmvuln.php:
syntax error, unexpected ':', expecting ';' or '{'

Hello, is it possible to set up a CRON task?
thank you

Hi first thanks a lot it seems to have fixed the vulnerability but it keeps showing this message :

The following filepermissions are insecure. They will be fixed by running the cleaning process:
themes/default/postcss.config.js
[...]

with a long list of files

But when I launch the cleaning it keep showing this after it ran.

What can I do ?

Thanks

Issue:
I couldn`t run nor configure the module and now I can't uninstall nor delete the module files. The hiperlink to the BLM vulnerability module at the administration left panel is still there.

Steps:

1. I've downloaded the module at https://github.com/MathiasReker/blmvuln/releases/tag/2.2.1, and installed in my prestashop 8.0.2 version.
2. Got an "incompatibility error" message and a "500 internal error" response from the server when I tried to configure the module using the left panel hiperlink.
3. Went to the "module manager" and tried to uninstall and delete the files, but got the following response: "The uninstall action is not available for the blmvuln module. Ignored."

I've checked the comment and the Issue #4, but it seems that the version 2.2.1 isn't deleting the menu entry. I tought it would be interesting to record the issue appearance on the newer version.

Anyway, I couldnt' remove the menu entry using the method above.
:-(

Buenos dias

Me gustaria saber si dispone de alguna versión mejorada, de este plugin, o versión de pago que tenga más protecciones.

Muchas gracias