myaidev-method 0.0.7 → 0.1.0

package/src/scripts/wordpress-security-scan.js

@@ -0,0 +1,221 @@
+#!/usr/bin/env node
+
+/**
+ * WordPress Security Scan Script
+ * Scriptable security scan with JSON output for agent processing
+ *
+ * Usage:
+ *   npx myaidev-method wordpress:security-scan [options]
+ *   node src/scripts/wordpress-security-scan.js [options]
+ */
+
+import { WordPressAdminUtils } from '../lib/wordpress-admin-utils.js';
+import { writeFileSync } from 'fs';
+import { resolve } from 'path';
+
+const args = process.argv.slice(2);
+
+const options = {
+  format: 'json', // json or text
+  output: null, // file path for output
+  verbose: false,
+  detailed: false
+};
+
+// Parse arguments
+for (let i = 0; i < args.length; i++) {
+  switch (args[i]) {
+    case '--format':
+      options.format = args[++i] || 'json';
+      break;
+    case '--output':
+    case '-o':
+      options.output = args[++i];
+      break;
+    case '--verbose':
+    case '-v':
+      options.verbose = true;
+      break;
+    case '--detailed':
+    case '-d':
+      options.detailed = true;
+      break;
+    case '--help':
+    case '-h':
+      printHelp();
+      process.exit(0);
+  }
+}
+
+function printHelp() {
+  console.log(`
+WordPress Security Scan Script
+
+Usage:
+  npx myaidev-method wordpress:security-scan [options]
+
+Options:
+  --format <type>     Output format: json or text (default: json)
+  --output <file>     Write output to file
+  -o <file>           Alias for --output
+  --verbose           Show detailed progress information
+  -v                  Alias for --verbose
+  --detailed          Include detailed vulnerability information
+  -d                  Alias for --detailed
+  --help              Show this help message
+  -h                  Alias for --help
+
+Environment Variables (from .env):
+  WORDPRESS_URL            WordPress site URL
+  WORDPRESS_USERNAME       Admin username
+  WORDPRESS_APP_PASSWORD   Application password
+
+Security Checks:
+  ✓ User account security audit
+  ✓ Plugin vulnerability detection
+  ✓ Outdated software detection
+  ✓ Common security misconfigurations
+  ✓ Weak password patterns
+
+Examples:
+  # Run security scan with JSON output
+  npx myaidev-method wordpress:security-scan
+
+  # Save detailed scan to file
+  npx myaidev-method wordpress:security-scan --detailed --output security-report.json
+
+  # Display human-readable text report
+  npx myaidev-method wordpress:security-scan --format text
+
+  # Verbose mode with progress information
+  npx myaidev-method wordpress:security-scan --verbose
+
+Output Structure (JSON):
+  {
+    "success": true,
+    "timestamp": "2025-10-01T12:00:00.000Z",
+    "site": { "name": "...", "url": "..." },
+    "security_score": 85,
+    "vulnerabilities": [],
+    "warnings": [...],
+    "summary": {
+      "critical_issues": 0,
+      "warnings": 2,
+      "status": "warning"
+    },
+    "recommendations": [...]
+  }
+
+Exit Codes:
+  0 - No security issues found
+  1 - Scan error occurred
+  2 - Security warnings found
+  3 - Critical vulnerabilities found
+`);
+}
+
+async function runSecurityScan() {
+  try {
+    if (options.verbose) {
+      console.error('Initializing WordPress connection...');
+    }
+
+    const wpUtils = new WordPressAdminUtils();
+
+    if (options.verbose) {
+      console.error('Running security scan...');
+      console.error('  - Auditing user accounts...');
+    }
+
+    const securityData = await wpUtils.runSecurityScan();
+
+    if (options.verbose) {
+      console.error('  - Checking plugin vulnerabilities...');
+      console.error('  - Analyzing security configuration...');
+      console.error('Security scan completed.');
+    }
+
+    // Remove detailed info if not requested
+    if (!options.detailed && securityData.success) {
+      // Truncate detailed information for cleaner output
+      if (securityData.warnings) {
+        securityData.warnings.forEach(warning => {
+          if (warning.details && warning.details.length > 5) {
+            warning.details = [
+              ...warning.details.slice(0, 5),
+              `... and ${warning.details.length - 5} more`
+            ];
+          }
+        });
+      }
+    }
+
+    // Format output
+    let output;
+    if (options.format === 'text') {
+      output = wpUtils.formatSecurityReport(securityData);
+    } else {
+      output = JSON.stringify(securityData, null, 2);
+    }
+
+    // Write to file or stdout
+    if (options.output) {
+      const outputPath = resolve(options.output);
+      writeFileSync(outputPath, output, 'utf8');
+
+      if (options.verbose) {
+        console.error(`Report written to: ${outputPath}`);
+      }
+
+      // Also output summary to stdout for piping
+      console.log(JSON.stringify({
+        success: true,
+        output_file: outputPath,
+        security_score: securityData.security_score,
+        critical_issues: securityData.summary?.critical_issues || 0,
+        warnings: securityData.summary?.warnings || 0
+      }));
+    } else {
+      console.log(output);
+    }
+
+    // Exit with appropriate code
+    if (!securityData.success) {
+      process.exit(1);
+    }
+
+    const criticalIssues = securityData.vulnerabilities?.length || 0;
+    const warnings = securityData.warnings?.length || 0;
+
+    if (criticalIssues > 0) {
+      process.exit(3); // Critical vulnerabilities found
+    }
+
+    if (warnings > 0) {
+      process.exit(2); // Warnings found
+    }
+
+    process.exit(0); // All clear
+  } catch (error) {
+    const errorOutput = {
+      success: false,
+      error: error.message,
+      timestamp: new Date().toISOString()
+    };
+
+    if (options.format === 'json') {
+      console.log(JSON.stringify(errorOutput, null, 2));
+    } else {
+      console.error(`ERROR: ${error.message}`);
+    }
+
+    process.exit(1);
+  }
+}
+
+// Run if called directly
+if (import.meta.url === `file://${process.argv[1]}`) {
+  runSecurityScan();
+}
+
+export { runSecurityScan };