{"id":21817053,"url":"https://github.com/jmhobbs/wordpress-scanner","last_synced_at":"2025-04-14T01:21:03.480Z","repository":{"id":136381596,"uuid":"95803457","full_name":"jmhobbs/wordpress-scanner","owner":"jmhobbs","description":"CLI to scan plugin directories, and an HTTP server to scan zips from Wordpress.org","archived":false,"fork":false,"pushed_at":"2017-10-16T15:10:39.000Z","size":27,"stargazers_count":8,"open_issues_count":0,"forks_count":3,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-03-27T15:21:20.718Z","etag":null,"topics":["experimental","security","wordpress"],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jmhobbs.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-06-29T17:40:09.000Z","updated_at":"2024-09-26T15:42:30.000Z","dependencies_parsed_at":null,"dependency_job_id":"2bd857c8-fd67-4224-a7dd-91b367e15e1f","html_url":"https://github.com/jmhobbs/wordpress-scanner","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jmhobbs%2Fwordpress-scanner","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jmhobbs%2Fwordpress-scanner/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jmhobbs%2Fwordpress-scanner/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jmhobbs%2Fwordpress-scanner/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jmhobbs","download_url":"https://codeload.github.com/jmhobbs/wordpress-scanner/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248805335,"owners_count":21164289,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["experimental","security","wordpress"],"created_at":"2024-11-27T15:39:00.317Z","updated_at":"2025-04-14T01:21:03.470Z","avatar_url":"https://github.com/jmhobbs.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"[![Build Status](https://travis-ci.org/jmhobbs/wordpress-scanner.svg?branch=master)](https://travis-ci.org/jmhobbs/wordpress-scanner) [![codecov](https://codecov.io/gh/jmhobbs/wordpress-scanner/branch/master/graph/badge.svg)](https://codecov.io/gh/jmhobbs/wordpress-scanner)\n\nThis is an experimental server which downloads plugins from WordPress.org on demand, and hashes their contents.\n\nThe idea is that a client could check the hashes against their existing files to quickly check if the plugin has been hacked or otherwise corrupted.\n\n# Endpoints\n\n  * `GET /plugin/{name}/{version}` - Get hashes for a plugin from wordpress.org\n  * `POST /plugin/{name}/{version}/diff` - Compare a client hash against a wordpress.org hash\n  * `GET /plugin` - List of plugins we have hashed versions of\n  * `GET /plugin/{name}` - List of versions we have hashed\n\n# Binary Encoding\n\nI wrote a custom binary encoding of the Scan struct for storage and wire xfer.  A scan of bbpress 2.3 (PHP files only) compares as such:\n\n| Bytes   | JSON  | Binary |\n|---------|-------|--------|\n| Plain   | 11684 | 7973   |\n| gzipped | 2153  | 1985   |\n\nYou don't gain much after gzip, but it's still interesting, and decoding should be faster than JSON.\n\nIf we move to a prefix tree, I think we could easily go even smaller.\n\n# Ideas\n\n  * https://github.com/d4l3k/messagediff - Diff the output of client/server\n  * Optionally use protobufs\n  * Make sure gzip is on\n  * HTTP/2?\n  * TLS \u0026 Auth\n  * Use a tree structure (radix tree?) and binary encoding for xfer\n  * Hash at the directory level (sorted filenames + hashes)\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjmhobbs%2Fwordpress-scanner","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjmhobbs%2Fwordpress-scanner","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjmhobbs%2Fwordpress-scanner/lists"}