Forwarded to devs WordPress Scan stumbles on files in folder ./private

[mr-wolf]

Username: mr-wolf

TITLE

WordPress Scan stumbles on files in folder ./private

PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE

Ubuntu 16.04 & Ubuntu 20
Plesk 18.0.30

PROBLEM DESCRIPTION

When I do a scan for WordPress instances with the new WP toolkit the scan stops after it stumbles on files that I have in the folder ./private

Those are files that are put there using FTP and have nothing to do with webhosting.

STEPS TO REPRODUCE

Scan and having a folder private with files in the folder private

• vhostmng-find failed: Fatal error: boost::filesystem::filesystem_error(boost::filesystem::status: Permission denied: "./private/28-08/ERWIN.galerie.7z")

Those files had the read and write attribute disabled for group and other, but after I enabled those it did the same.
I have no idea why it would scan there at all as no hosting is set to that folder

I have seen this for the first time, which is strange as the previous toolkit found wordpress instances in the strangest of places.

ACTUAL RESULT

spawns an error

EXPECTED RESULT

skip those folders

ANY ADDITIONAL INFORMATION

I would suggest to skip any folders that have their user/group not set to the website user and also skip files/folders that have limited read/write capabilities.

However... After changing all files/folders to website owner and r-attribute on all it still spawns this error.


YOUR EXPECTATIONS FROM PLESK SERVICE TEAM

Confirm bug

 

[IgorG]

From developer:

Cannot reproduce this issue. I have created user, group and folder ".private" in the domain docroot with 0600 permission (also I have put it to wp-includes and wp-content folders), and the WordPress website was scanned successfully. Could you please provide more details or access to the server for further investigation?

Product version: Plesk Obsidian 18.0.26.0
OS version: Debian 9.0 x86_64
WPT version: 5.0.0-4243