Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found

Target

Select target project
  • ispconfig/ispconfig3
  • RealOpty/ispconfig3
  • Horfic/ispconfig3
  • kingcody/ispconfig3
  • mbethke/ispconfig3
  • harkman/ispconfig3
  • stefanheinen/ispconfig3
  • JanKraljic/ispconfig3
  • pulsweb/ispconfig3
  • kayyy/ispconfig3
  • mwacht/ispconfig3
  • schuetzm/ispconfig3
  • gbg/ispconfig3
  • jproxx/ispconfig3
  • Nilpo/ispconfig3
  • Cambra/ispconfig3
  • crackerizer/ispconfig3
  • simonswine/ispconfig3
  • zbuzanic/ispconfig3
  • alexalouit/ispconfig3
  • guilhermefilippo/ispconfig3
  • kotishe/ispconfig3
  • Rescue9/ispconfig3
  • DmitriyLyalyuev/ispconfig3
  • simon.levesque/ispconfig3
  • Viktor/ispconfig3
  • Dr4c0/ispconfig3
  • stefanmcds-mnt/ispconfig3
  • Konflikted/ispconfig3
  • Schoene/ispconfig3
  • stefan.eertwegh/ispconfig3
  • Quest/ispconfig3
  • bst2002/ispconfig3
  • jphustman/ispconfig3
  • lepirlouit/ispconfig3
  • lolo888/ispconfig3
  • Quetzal/ispconfig3
  • kolorafa/ispconfig3
  • jdsn/ispconfig3
  • mk/ispconfig3
  • jnorell/ispconfig3
  • madalin/ispconfig3
  • edspiner/ispconfig3
  • blu3bird/ispconfig3
  • ITManager/ispconfig3
  • virtualweb/ispconfig3
  • dirkd/ispconfig3
  • jcdirks/ispconfig3
  • bvbmedia/ispconfig3
  • CSoellinger/ispconfig3
  • lutacon/ispconfig3
  • armsby/ispconfig3
  • psantos/ispconfig3
  • pkdevbox_y/ispconfig3
  • tlanger/ispconfig3
  • Krauser/ispconfig3
  • ochorocho/ispconfig3
  • aisfrond/ispconfig3
  • ldrrp/ispconfig3
  • steglicd/ispconfig3
  • darkalex/ispconfig3
  • b.dokimakis/ispconfig3
  • MarioSteinitz/ispconfig3
  • bweston/ispconfig3
  • bob/ispconfig3
  • HHGAG/ispconfig3
  • ark74/ispconfig3
  • fuerni/ispconfig3
  • hexblot/ispconfig3
  • maxxer/ispconfig3
  • JustDevZero/ispconfig3
  • habeggerl/ispconfig3
  • phpexpert/ispconfig3
  • Questler/ispconfig3
  • JanThiel/ispconfig3
  • joni_1993/ispconfig3
  • MePha/ispconfig3
  • flies/ispconfig3
  • macjohnny/ispconfig3
  • csegarra/ispconfig3
  • Tibius/ispconfig3
  • wairuru/ispconfig3
  • pdreissen/ispconfig3
  • mgiworx/ispconfig3
  • michielp/ispconfig3
  • ZarToK/ispconfig3
  • x-f/ispconfig3
  • tomlankhorst/ispconfig3
  • olivier.br/ispconfig3
  • hajti/ispconfig3
  • JaviSabalete/ispconfig3
  • dharman/ispconfig3
  • Martin-enavn/ispconfig3
  • Fr3k4Life/ispconfig3
  • Caldeira/ispconfig3
  • enavn/ispconfig3
  • cybernet2u/ispconfig3
  • Denny/ispconfig3
  • jbbr/ispconfig3
  • kakohari/ispconfig3
  • almere/ispconfig3
  • Kyokata/ispconfig3
  • burn/ispconfig3
  • feldsam/ispconfig3
  • woutervddn/ispconfig3
  • tm/ispconfig3
  • blount/ispconfig3
  • pravdomil/ispconfig3
  • manyk/ispconfig3
  • Poppabear/ispconfig3
  • t1st3/ispconfig3
  • scrat14/ispconfig3
  • ncomputers.org/ispconfig3
  • wlisik/ispconfig3
  • CupOfTea696/ispconfig3
  • ogmelch/ispconfig3
  • techwolf12/ispconfig3
  • timo.boldt/ispconfig3
  • DemoFreak/ispconfig3
  • EndelWar/ispconfig3
  • maanus/ispconfig3
  • ms217/ispconfig3
  • luisvivasb/ispconfig3
  • Ismir/ispconfig3
  • truongld/ispconfig3
  • nhutphan/ispconfig3
  • ram/ispconfig3
  • josemorenoasix/ispconfig3
  • onestepp/ispconfig3
  • gguglielmetti/ispconfig3
  • andre/ispconfig3
  • omig/ispconfig3
  • liane/ispconfig3
  • PVasileff/ispconfig3
  • mattanja/ispconfig3
  • dnl-jst/ispconfig3
  • jkalousek/ispconfig3
  • lgg42/ispconfig3
  • ispcomm/ispconfig3
  • moglgasy/ispconfig3
  • natanfelles/ispconfig3
  • cristiandeluxe/ispconfig3
  • pete/ispconfig3
  • Sosha/ispconfig3
  • shr3k/ispconfig3
  • niceit/ispconfig3
  • dani/ispconfig3
  • Ongaro/ispconfig3
  • Djidel/ispconfig3
  • andre.ballensiefen/ispconfig3
  • qroac/ispconfig3
  • magenbrot/ispconfig3
  • doekia/ispconfig3
  • edersonmora/ispconfig3
  • zucha.imz/ispconfig3
  • ckc/ispconfig3
  • Sroka/ispconfig3
  • batgau/ispconfig3
  • isp/ispconfig3
  • oboumati/ispconfig3
  • mscholz/ispconfig3
  • katiak/ispconfig3
  • jamiroph/ispconfig3
  • buhlerax/ispconfig3
  • johan/ispconfig3
  • KordianBruck/ispconfig3
  • trs997/ispconfig3
  • Funclineal/ispconfig3
  • xals/ispconfig3
  • sververda/ispconfig3
  • presure/ispconfig3
  • vojtech.myslivec/ispconfig3
  • helmo/ispconfig3
  • brody/ispconfig3
  • GameO7er/ispconfig3
  • webslice/ispconfig3
  • ufoonline/ispconfig3
  • alwin/ispconfig3
  • t.heller/ispconfig3
  • philipp/ispconfig3
  • andrzejs/ispconfig3
  • pixcept/ispconfig3
  • tgmedia/ispconfig3
  • Nardol/ispconfig3
  • m42e/ispconfig3
  • condless/ispconfig3
  • alesak/ispconfig3
  • MasonChase/ispconfig3
  • brt/ispconfig3
  • Rusek/ispconfig3
  • credz/ispconfig3
  • fiftyz/ispconfig3
  • dciancu/ispconfig3
  • thom/ispconfig3
  • florian030/ispconfig3
  • Mixasik/ispconfig3
  • SimonSparks/ispconfig3
  • eurodomenii/ispconfig3
  • vitex/ispconfig3
  • mitho/ispconfig3
  • CaptainStarbuck/ispconfig3
  • renky/ispconfig3
  • d--j/ispconfig3
  • inetspec/ispconfig3
  • Christian/ispconfig3
  • lukav/ispconfig3
  • galgenjunge/ispconfig3
  • gody/ispconfig3
  • kpendic/ispconfig3
  • diciannove/ispconfig3
  • tbasler/ispconfig3
  • logifech/ispconfig3
  • maximaweb/ispconfig3
  • tommaso-perondi/ispconfig3
  • francoisPE/ispconfig3
  • elgeorge2k/ispconfig3
  • francoisgrizzlydev/ispconfig3
  • Chris_UK/ispconfig3
  • mrutkowski/ispconfig3
  • mladen074/ispconfig3
  • trogper/ispconfig3
  • Lokutos/ispconfig3
  • manoaratefy/ispconfig3
  • GwynethLlewelyn/ispconfig3
  • tim427/ispconfig3
  • mapreri/ispconfig3
  • gsubiron/ispconfig3
  • eriam/ispconfig3
  • Steveorevo/ispconfig3
  • Jens/ispconfig3
  • ebela/ispconfig3
  • typoworx/ispconfig3
  • teuto.net/ispconfig3
  • element/ispconfig3
  • Petar/ispconfig3
  • ewsp/ispconfig3
  • bicisteadm/ispconfig3
  • ivmm/ispconfig3
  • blinkenbox/ispconfig3
  • Samgarr/ispconfig3
  • B.Richard/ispconfig3
  • ahrasis/ispconfig3
  • nephi.aust/ispconfig3
  • lntrx/ispconfig3
  • luttje/ispconfig3
  • hairy/ispconfig3
  • styxtdo/ispconfig3
  • SGr33n/ispconfig3
  • mepstein/ispconfig3
  • kobuki/ispconfig3
  • dachris/ispconfig3
  • mina/ispconfig3
252 results
Show changes
Hide whitespace changes
Inline Side-by-side
Showing
with 3702 additions and 0 deletions
interface/lib/classes/IDS/Caching/CacheInterface.php 0 → 100644
View file @ bb37295b
<?php
/**
* PHPIDS
*
* Requirements: PHP5, SimpleXML
*
* Copyright (c) 2008 PHPIDS group (https://phpids.org)
*
* PHPIDS is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, version 3 of the License, or
* (at your option) any later version.
*
* PHPIDS is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with PHPIDS. If not, see <http://www.gnu.org/licenses/>.
*
* PHP version 5.1.6+
*
* @category Security
* @package PHPIDS
* @author Mario Heiderich <mario.heiderich@gmail.com>
* @author Christian Matthies <ch0012@gmail.com>
* @author Lars Strojny <lars@strojny.net>
* @license http://www.gnu.org/licenses/lgpl.html LGPL
* @link http://php-ids.org/
*/
namespace IDS\Caching;
/**
* Caching wrapper interface
*
* @category Security
* @package PHPIDS
* @author Christian Matthies <ch0012@gmail.com>
* @author Mario Heiderich <mario.heiderich@gmail.com>
* @author Lars Strojny <lars@strojny.net>
* @copyright 2007-2009 The PHPIDS Group
* @license http://www.gnu.org/licenses/lgpl.html LGPL
* @since Version 0.4
* @link http://php-ids.org/
*/
interface CacheInterface
{
/**
* Interface method
*
* @param array $data the cache data
*
* @return void
*/
public function setCache(array $data);
/**
* Interface method
*
* @return void
*/
public function getCache();
}
interface/lib/classes/IDS/Caching/DatabaseCache.php 0 → 100644
View file @ bb37295b
<?php
/**
* PHPIDS
*
* Requirements: PHP5, SimpleXML
*
* Copyright (c) 2008 PHPIDS group (https://phpids.org)
*
* PHPIDS is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, version 3 of the License, or
* (at your option) any later version.
*
* PHPIDS is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with PHPIDS. If not, see <http://www.gnu.org/licenses/>.
*
* PHP version 5.1.6+
*
* @category Security
* @package PHPIDS
* @author Mario Heiderich <mario.heiderich@gmail.com>
* @author Christian Matthies <ch0012@gmail.com>
* @author Lars Strojny <lars@strojny.net>
* @license http://www.gnu.org/licenses/lgpl.html LGPL
* @link http://php-ids.org/
*/
namespace IDS\Caching;
/**
*
*/
/**
* Database caching wrapper
*
* This class inhabits functionality to get and set cache via a database.
*
* Needed SQL:
*
#create the database
CREATE DATABASE IF NOT EXISTS `phpids` DEFAULT CHARACTER
SET utf8 COLLATE utf8_general_ci;
DROP TABLE IF EXISTS `cache`;
#now select the created datbase and create the table
CREATE TABLE `cache` (
`type` VARCHAR( 32 ) NOT null ,
`data` TEXT NOT null ,
`created` DATETIME NOT null ,
`modified` DATETIME NOT null
) ENGINE = MYISAM ;
*
* @category Security
* @package PHPIDS
* @author Christian Matthies <ch0012@gmail.com>
* @author Mario Heiderich <mario.heiderich@gmail.com>
* @author Lars Strojny <lars@strojny.net>
* @copyright 2007-2009 The PHPIDS Groupup
* @license http://www.gnu.org/licenses/lgpl.html LGPL
* @link http://php-ids.org/
* @since Version 0.4
*/
class DatabaseCache implements CacheInterface
{
/**
* Caching type
*
* @var string
*/
private $type = null;
/**
* Cache configuration
*
* @var array
*/
private $config = null;
/**
* DBH
*
* @var object
*/
private $handle = null;
/**
* Holds an instance of this class
*
* @var object
*/
private static $cachingInstance = null;
/**
* Constructor
*
* Connects to database.
*
* @param string $type caching type
* @param object $init the IDS_Init object
*
* @return void
*/
public function __construct($type, $init)
{
$this->type = $type;
$this->config = $init->config['Caching'];
$this->handle = $this->connect();
}
/**
* Returns an instance of this class
*
* @static
* @param string $type caching type
* @param object $init the IDS_Init object
*
* @return object $this
*/
public static function getInstance($type, $init)
{
if (!self::$cachingInstance) {
self::$cachingInstance = new DatabaseCache($type, $init);
}
return self::$cachingInstance;
}
/**
* Writes cache data into the database
*
* @param array $data the caching data
*
* @throws PDOException if a db error occurred
* @return object $this
*/
public function setCache(array $data)
{
$handle = $this->handle;
$rows = $handle->query('SELECT created FROM `' . $this->config['table'].'`');
if (!$rows || $rows->rowCount() === 0) {
$this->write($handle, $data);
} else {
foreach ($rows as $row) {
if ((time()-strtotime($row['created'])) >
$this->config['expiration_time']) {
$this->write($handle, $data);
}
}
}
return $this;
}
/**
* Returns the cached data
*
* Note that this method returns false if either type or file cache is
* not set
*
* @throws PDOException if a db error occurred
* @return mixed cache data or false
*/
public function getCache()
{
try {
$handle = $this->handle;
$result = $handle->prepare(
'SELECT * FROM `' .
$this->config['table'] .
'` where type=?'
);
$result->execute(array($this->type));
foreach ($result as $row) {
return unserialize($row['data']);
}
} catch (\PDOException $e) {
throw new \PDOException('PDOException: ' . $e->getMessage());
}
return false;
}
/**
* Connect to database and return a handle
*
* @return object PDO
* @throws Exception if connection parameters are faulty
* @throws PDOException if a db error occurred
*/
private function connect()
{
// validate connection parameters
if (!$this->config['wrapper']
|| !$this->config['user']
|| !$this->config['password']
|| !$this->config['table']) {
throw new \Exception('Insufficient connection parameters');
}
// try to connect
try {
$handle = new \PDO(
$this->config['wrapper'],
$this->config['user'],
$this->config['password']
);
$handle->setAttribute(\PDO::MYSQL_ATTR_USE_BUFFERED_QUERY, true);
} catch (\PDOException $e) {
throw new \PDOException('PDOException: ' . $e->getMessage());
}
return $handle;
}
/**
* Write the cache data to the table
*
* @param object $handle the database handle
* @param array $data the caching data
*
* @return object PDO
* @throws PDOException if a db error occurred
*/
private function write($handle, $data)
{
try {
$handle->query('TRUNCATE ' . $this->config['table'].'');
$statement = $handle->prepare(
'INSERT INTO `' .
$this->config['table'].'` (
type,
data,
created,
modified
)
VALUES (
:type,
:data,
now(),
now()
)'
);
$statement->bindValue(
'type',
$handle->quote($this->type)
);
$statement->bindValue('data', serialize($data));
if (!$statement->execute()) {
throw new \PDOException($statement->errorCode());
}
} catch (\PDOException $e) {
throw new \PDOException('PDOException: ' . $e->getMessage());
}
}
}
interface/lib/classes/IDS/Caching/FileCache.php 0 → 100644
View file @ bb37295b
<?php
/**
* PHPIDS
*
* Requirements: PHP5, SimpleXML
*
* Copyright (c) 2008 PHPIDS group (https://phpids.org)
*
* PHPIDS is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, version 3 of the License, or
* (at your option) any later version.
*
* PHPIDS is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with PHPIDS. If not, see <http://www.gnu.org/licenses/>.
*
* PHP version 5.1.6+
*
* @category Security
* @package PHPIDS
* @author Mario Heiderich <mario.heiderich@gmail.com>
* @author Christian Matthies <ch0012@gmail.com>
* @author Lars Strojny <lars@strojny.net>
* @license http://www.gnu.org/licenses/lgpl.html LGPL
* @link http://php-ids.org/
*/
namespace IDS\Caching;
use IDS\Init;
/**
* File caching wrapper
*
* This class inhabits functionality to get and set cache via a static flatfile.
*
* @category Security
* @package PHPIDS
* @author Christian Matthies <ch0012@gmail.com>
* @author Mario Heiderich <mario.heiderich@gmail.com>
* @author Lars Strojny <lars@strojny.net>
* @copyright 2007-2009 The PHPIDS Group
* @license http://www.gnu.org/licenses/lgpl.html LGPL
* @link http://php-ids.org/
* @since Version 0.4
*/
class FileCache implements CacheInterface
{
/**
* Caching type
*
* @var string
*/
private $type;
/**
* Cache configuration
*
* @var array
*/
private $config;
/**
* Path to cache file
*
* @var string
*/
private $path;
/**
* Holds an instance of this class
*
* @var object
*/
private static $cachingInstance;
/**
* Constructor
*
* @param string $type caching type
* @param object $init the IDS_Init object
* @throws \Exception
*
* @return void
*/
public function __construct($type, Init $init)
{
$this->type = $type;
$this->config = $init->config['Caching'];
$this->path = $init->getBasePath() . $this->config['path'];
if (file_exists($this->path) && !is_writable($this->path)) {
throw new \Exception(
'Make sure all files in ' .
htmlspecialchars($this->path, ENT_QUOTES, 'UTF-8') .
'are writeable!'
);
}
}
/**
* Returns an instance of this class
*
* @param string $type caching type
* @param object $init the IDS_Init object
*
* @return object $this
*/
public static function getInstance($type, $init)
{
if (!self::$cachingInstance) {
self::$cachingInstance = new FileCache($type, $init);
}
return self::$cachingInstance;
}
/**
* Writes cache data into the file
*
* @param array $data the cache data
*
* @throws Exception if cache file couldn't be created
* @return object $this
*/
public function setCache(array $data)
{
if (!is_writable(preg_replace('/[\/][^\/]+\.[^\/]++$/', null, $this->path))) {
throw new \Exception(
'Temp directory ' .
htmlspecialchars($this->path, ENT_QUOTES, 'UTF-8') .
' seems not writable'
);
}
if (!$this->isValidFile($this->path)) {
$handle = @fopen($this->path, 'w+');
if (!$handle) {
throw new \Exception("Cache file couldn't be created");
}
$serialized = @serialize($data);
if (!$serialized) {
throw new \Exception("Cache data couldn't be serialized");
}
fwrite($handle, $serialized);
fclose($handle);
}
return $this;
}
/**
* Returns the cached data
*
* Note that this method returns false if either type or file cache is
* not set
*
* @return mixed cache data or false
*/
public function getCache()
{
// make sure filters are parsed again if cache expired
if (!$this->isValidFile($this->path)) {
return false;
}
$data = unserialize(file_get_contents($this->path));
return $data;
}
/**
* Returns true if the cache file is still valid
*
* @param string $file
* @return bool
*/
private function isValidFile($file)
{
return file_exists($file) && time() - filectime($file) <= $this->config['expiration_time'];
}
}
interface/lib/classes/IDS/Caching/MemcachedCache.php 0 → 100644
View file @ bb37295b
<?php
/**
* PHPIDS
*
* Requirements: PHP5, SimpleXML
*
* Copyright (c) 2008 PHPIDS group (https://phpids.org)
*
* PHPIDS is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, version 3 of the License, or
* (at your option) any later version.
*
* PHPIDS is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with PHPIDS. If not, see <http://www.gnu.org/licenses/>.
*
* PHP version 5.1.6+
*
* @category Security
* @package PHPIDS
* @author Mario Heiderich <mario.heiderich@gmail.com>
* @author Christian Matthies <ch0012@gmail.com>
* @author Lars Strojny <lars@strojny.net>
* @license http://www.gnu.org/licenses/lgpl.html LGPL
* @link http://php-ids.org/
*/
namespace IDS\Caching;
/**
* File caching wrapper
*
* This class inhabits functionality to get and set cache via memcached.
*
* @category Security
* @package PHPIDS
* @author Christian Matthies <ch0012@gmail.com>
* @author Mario Heiderich <mario.heiderich@gmail.com>
* @author Lars Strojny <lars@strojny.net>
* @copyright 2007-2009 The PHPIDS Groupoup
* @license http://www.gnu.org/licenses/lgpl.html LGPL
* @link http://php-ids.org/
* @since Version 0.4
*/
class MemcachedCache implements CacheInterface
{
/**
* Caching type
*
* @var string
*/
private $type = null;
/**
* Cache configuration
*
* @var array
*/
private $config = null;
/**
* Flag if the filter storage has been found in memcached
*
* @var boolean
*/
private $isCached = false;
/**
* Memcache object
*
* @var object
*/
private $memcache = null;
/**
* Holds an instance of this class
*
* @var object
*/
private static $cachingInstance = null;
/**
* Constructor
*
* @param string $type caching type
* @param array $init the IDS_Init object
*
* @return void
*/
public function __construct($type, $init)
{
$this->type = $type;
$this->config = $init->config['Caching'];
$this->connect();
}
/**
* Returns an instance of this class
*
* @param string $type caching type
* @param object $init the IDS_Init object
*
* @return object $this
*/
public static function getInstance($type, $init)
{
if (!self::$cachingInstance) {
self::$cachingInstance = new MemcachedCache($type, $init);
}
return self::$cachingInstance;
}
/**
* Writes cache data
*
* @param array $data the caching data
*
* @return object $this
*/
public function setCache(array $data)
{
if (!$this->isCached) {
$this->memcache->set(
$this->config['key_prefix'] . '.storage',
$data,
false,
$this->config['expiration_time']
);
}
return $this;
}
/**
* Returns the cached data
*
* Note that this method returns false if either type or file cache is
* not set
*
* @return mixed cache data or false
*/
public function getCache()
{
$data = $this->memcache->get(
$this->config['key_prefix'] .
'.storage'
);
$this->isCached = !empty($data);
return $data;
}
/**
* Connect to the memcached server
*
* @throws Exception if connection parameters are insufficient
* @return void
*/
private function connect()
{
if ($this->config['host'] && $this->config['port']) {
// establish the memcache connection
$this->memcache = new \Memcache;
$this->memcache->pconnect(
$this->config['host'],
$this->config['port']
);
} else {
throw new \Exception('Insufficient connection parameters');
}
}
}
interface/lib/classes/IDS/Caching/SessionCache.php 0 → 100644
View file @ bb37295b
<?php
/**
* PHPIDS
*
* Requirements: PHP5, SimpleXML
*
* Copyright (c) 2008 PHPIDS group (https://phpids.org)
*
* PHPIDS is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, version 3 of the License, or
* (at your option) any later version.
*
* PHPIDS is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with PHPIDS. If not, see <http://www.gnu.org/licenses/>.
*
* PHP version 5.1.6+
*
* @category Security
* @package PHPIDS
* @author Mario Heiderich <mario.heiderich@gmail.com>
* @author Christian Matthies <ch0012@gmail.com>
* @author Lars Strojny <lars@strojny.net>
* @license http://www.gnu.org/licenses/lgpl.html LGPL
* @link http://php-ids.org/
*/
namespace IDS\Caching;
/**
* File caching wrapper
*
* This class inhabits functionality to get and set cache via session.
*
* @category Security
* @package PHPIDS
* @author Christian Matthies <ch0012@gmail.com>
* @author Mario Heiderich <mario.heiderich@gmail.com>
* @author Lars Strojny <lars@strojny.net>
* @copyright 2007-2009 The PHPIDS Group
* @license http://www.gnu.org/licenses/lgpl.html LGPL
* @link http://php-ids.org/
* @since Version 0.4
*/
class SessionCache implements CacheInterface
{
/**
* Caching type
*
* @var string
*/
private $type = null;
/**
* Cache configuration
*
* @var array
*/
private $config = null;
/**
* Holds an instance of this class
*
* @var object
*/
private static $cachingInstance = null;
/**
* Constructor
*
* @param string $type caching type
* @param object $init the IDS_Init object
*
* @return void
*/
public function __construct($type, $init)
{
$this->type = $type;
$this->config = $init->config['Caching'];
}
/**
* Returns an instance of this class
*
* @param string $type caching type
* @param object $init the IDS_Init object
*
* @return object $this
*/
public static function getInstance($type, $init)
{
if (!self::$cachingInstance) {
self::$cachingInstance = new SessionCache($type, $init);
}
return self::$cachingInstance;
}
/**
* Writes cache data into the session
*
* @param array $data the caching data
*
* @return object $this
*/
public function setCache(array $data)
{
$_SESSION['PHPIDS'][$this->type] = $data;
return $this;
}
/**
* Returns the cached data
*
* Note that this method returns false if either type or file cache is not set
*
* @return mixed cache data or false
*/
public function getCache()
{
if ($this->type && $_SESSION['PHPIDS'][$this->type]) {
return $_SESSION['PHPIDS'][$this->type];
}
return false;
}
}
interface/lib/classes/IDS/Config.ini.php 0 → 100644
View file @ bb37295b
; <?php die(); ?>
; PHPIDS Config.ini
; General configuration settings
[General]
; basic settings - customize to make the PHPIDS work at all
filter_type = xml
base_path = /full/path/to/IDS/
use_base_path = false
filter_path = default_filter.xml
tmp_path = tmp
scan_keys = false
; in case you want to use a different HTMLPurifier source, specify it here
; By default, those files are used that are being shipped with PHPIDS
HTML_Purifier_Cache = vendors/htmlpurifier/HTMLPurifier/DefinitionCache/Serializer
; define which fields contain html and need preparation before
; hitting the PHPIDS rules (new in PHPIDS 0.5)
;html[] = POST.__wysiwyg
; define which fields contain JSON data and should be treated as such
; for fewer false positives (new in PHPIDS 0.5.3)
;json[] = POST.__jsondata
; define which fields shouldn't be monitored (a[b]=c should be referenced via a.b)
exceptions[] = GET.__utmz
exceptions[] = GET.__utmc
exceptions[] = POST.maildir_path
; you can use regular expressions for wildcard exceptions - example: /.*foo/i
[Caching]
; caching: session|file|database|memcached|apc|none
caching = file
expiration_time = 600
; file cache
path = tmp/default_filter.cache
; database cache
wrapper = "mysql:host=localhost;port=3306;dbname=phpids"
user = phpids_user
password = 123456
table = cache
; memcached
;host = localhost
;port = 11211
;key_prefix = PHPIDS
; apc
;key_prefix = PHPIDS
interface/lib/classes/IDS/Config/Config.ini.php 0 → 100644
View file @ bb37295b
; <?php die(); ?>
; PHPIDS Config.ini
; General configuration settings
[General]
; basic settings - customize to make the PHPIDS work at all
filter_type = xml
base_path = /full/path/to/IDS/
use_base_path = false
filter_path = default_filter.xml
tmp_path = tmp
scan_keys = false
; in case you want to use a different HTMLPurifier source, specify it here
; By default, those files are used that are being shipped with PHPIDS
HTML_Purifier_Cache = vendors/htmlpurifier/HTMLPurifier/DefinitionCache/Serializer
; define which fields contain html and need preparation before
; hitting the PHPIDS rules (new in PHPIDS 0.5)
;html[] = POST.__wysiwyg
;html[] = POST.records
;html[] = REQUEST.records
; define which fields contain JSON data and should be treated as such
; for fewer false positives (new in PHPIDS 0.5.3)
;json[] = POST.__jsondata
; define which fields shouldn't be monitored (a[b]=c should be referenced via a.b)
; exceptions[] = GET.__utmz
; exceptions[] = GET.__utmc
; exceptions[] = POST.maildir_path
; exceptions[] = REQUEST.maildir_path
; exceptions[] = REQUEST.website_path
; exceptions[] = REQUEST.website_symlinks
; exceptions[] = REQUEST.vhost_conf_dir
; exceptions[] = REQUEST.vhost_conf_enabled_dir
; exceptions[] = REQUEST.nginx_vhost_conf_dir
; exceptions[] = REQUEST.nginx_vhost_conf_enabled_dir
; exceptions[] = REQUEST.php_open_basedir
; exceptions[] = REQUEST.awstats_pl
; exceptions[] = POST.website_path
; exceptions[] = POST.website_symlinks
; exceptions[] = POST.vhost_conf_dir
; exceptions[] = POST.vhost_conf_enabled_dir
; exceptions[] = POST.apache_init_script
; exceptions[] = POST.nginx_vhost_conf_dir
; exceptions[] = POST.nginx_vhost_conf_enabled_dir
; exceptions[] = POST.php_open_basedir
; exceptions[] = POST.awstats_pl
; exceptions[] = REQUEST.fastcgi_starter_path
; exceptions[] = REQUEST.fastcgi_bin
; exceptions[] = POST.fastcgi_starter_path
; exceptions[] = POST.fastcgi_bin
; exceptions[] = REQUEST.jailkit_chroot_home
; exceptions[] = POST.jailkit_chroot_home
; exceptions[] = REQUEST.phpmyadmin_url
; exceptions[] = REQUEST.phpmyadmin_url
; exceptions[] = REQUEST.records.weak_password_txt
; exceptions[] = POST.records.weak_password_txt
; you can use regular expressions for wildcard exceptions - example: /.*foo/i
[Caching]
; caching: session|file|database|memcached|apc|none
caching = file
expiration_time = 600
; file cache
path = tmp/default_filter.cache
; database cache
wrapper = "mysql:host=localhost;port=3306;dbname=phpids"
user = phpids_user
password = 123456
table = cache
; memcached
;host = localhost
;port = 11211
;key_prefix = PHPIDS
; apc
;key_prefix = PHPIDS
interface/lib/classes/IDS/Converter.php 0 → 100644
View file @ bb37295b
<?php
/**
* PHPIDS
*
* Requirements: PHP5, SimpleXML
*
* Copyright (c) 2008 PHPIDS group (https://phpids.org)
*
* PHPIDS is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, version 3 of the License, or
* (at your option) any later version.
*
* PHPIDS is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with PHPIDS. If not, see <http://www.gnu.org/licenses/>.
*
* PHP version 5.1.6+
*
* @category Security
* @package PHPIDS
* @author Mario Heiderich <mario.heiderich@gmail.com>
* @author Christian Matthies <ch0012@gmail.com>
* @author Lars Strojny <lars@strojny.net>
* @license http://www.gnu.org/licenses/lgpl.html LGPL
* @link http://php-ids.org/
*/
/**
* PHPIDS specific utility class to convert charsets manually
*
* Note that if you make use of IDS_Converter::runAll(), existing class
* methods will be executed in the same order as they are implemented in the
* class tree!
*
* @category Security
* @package PHPIDS
* @author Christian Matthies <ch0012@gmail.com>
* @author Mario Heiderich <mario.heiderich@gmail.com>
* @author Lars Strojny <lars@strojny.net>
* @copyright 2007-2009 The PHPIDS Group
* @license http://www.gnu.org/licenses/lgpl.html LGPL
* @link http://php-ids.org/
*/
namespace IDS;
class Converter
{
/**
* Runs all converter functions
*
* Note that if you make use of IDS_Converter::runAll(), existing class
* methods will be executed in the same order as they are implemented in the
* class tree!
*
* @param string $value the value to convert
*
* @static
* @return string
*/
public static function runAll($value)
{
foreach (get_class_methods(__CLASS__) as $method) {
if (strpos($method, 'run') !== 0) {
$value = self::$method($value);
}
}
return $value;
}
/**
* Check for comments and erases them if available
*
* @param string $value the value to convert
*
* @static
* @return string
*/
public static function convertFromCommented($value)
{
// check for existing comments
if (preg_match('/(?:\<!-|-->|\/\*|\*\/|\/\/\W*\w+\s*$)|(?:--[^-]*-)/ms', $value)) {
$pattern = array(
'/(?:(?:<!)(?:(?:--(?:[^-]*(?:-[^-]+)*)--\s*)*)(?:>))/ms',
'/(?:(?:\/\*\/*[^\/\*]*)+\*\/)/ms',
'/(?:--[^-]*-)/ms'
);
$converted = preg_replace($pattern, ';', $value);
$value .= "\n" . $converted;
}
//make sure inline comments are detected and converted correctly
$value = preg_replace('/(<\w+)\/+(\w+=?)/m', '$1/$2', $value);
$value = preg_replace('/[^\\\:]\/\/(.*)$/m', '/**/$1', $value);
$value = preg_replace('/([^\-&])#.*[\r\n\v\f]/m', '$1', $value);
$value = preg_replace('/([^&\-])#.*\n/m', '$1 ', $value);
$value = preg_replace('/^#.*\n/m', ' ', $value);
return $value;
}
/**
* Strip newlines
*
* @param string $value the value to convert
*
* @static
* @return string
*/
public static function convertFromWhiteSpace($value)
{
//check for inline linebreaks
$search = array('\r', '\n', '\f', '\t', '\v');
$value = str_replace($search, ';', $value);
// replace replacement characters regular spaces
$value = str_replace('�', ' ', $value);
//convert real linebreaks
return preg_replace('/(?:\n|\r|\v)/m', ' ', $value);
}
/**
* Checks for common charcode pattern and decodes them
*
* @param string $value the value to convert
*
* @static
* @return string
*/
public static function convertFromJSCharcode($value)
{
$matches = array();
// check if value matches typical charCode pattern
if (preg_match_all('/(?:[\d+-=\/\* ]+(?:\s?,\s?[\d+-=\/\* ]+)){4,}/ms', $value, $matches)) {
$converted = '';
$string = implode(',', $matches[0]);
$string = preg_replace('/\s/', '', $string);
$string = preg_replace('/\w+=/', '', $string);
$charcode = explode(',', $string);
foreach ($charcode as $char) {
$char = preg_replace('/\W0/s', '', $char);
if (preg_match_all('/\d*[+-\/\* ]\d+/', $char, $matches)) {
$match = preg_split('/(\W?\d+)/', implode('', $matches[0]), null, PREG_SPLIT_DELIM_CAPTURE);
if (array_sum($match) >= 20 && array_sum($match) <= 127) {
$converted .= chr(array_sum($match));
}
} elseif (!empty($char) && $char >= 20 && $char <= 127) {
$converted .= chr($char);
}
}
$value .= "\n" . $converted;
}
// check for octal charcode pattern
if (preg_match_all('/(?:(?:[\\\]+\d+[ \t]*){8,})/ims', $value, $matches)) {
$converted = '';
$charcode = explode('\\', preg_replace('/\s/', '', implode(',', $matches[0])));
foreach (array_map('octdec', array_filter($charcode)) as $char) {
if (20 <= $char && $char <= 127) {
$converted .= chr($char);
}
}
$value .= "\n" . $converted;
}
// check for hexadecimal charcode pattern
if (preg_match_all('/(?:(?:[\\\]+\w+\s*){8,})/ims', $value, $matches)) {
$converted = '';
$charcode = explode('\\', preg_replace('/[ux]/', '', implode(',', $matches[0])));
foreach (array_map('hexdec', array_filter($charcode)) as $char) {
if (20 <= $char && $char <= 127) {
$converted .= chr($char);
}
}
$value .= "\n" . $converted;
}
return $value;
}
/**
* Eliminate JS regex modifiers
*
* @param string $value the value to convert
*
* @static
* @return string
*/
public static function convertJSRegexModifiers($value)
{
return preg_replace('/\/[gim]+/', '/', $value);
}
/**
* Converts from hex/dec entities
*
* @param string $value the value to convert
*
* @static
* @return string
*/
public static function convertEntities($value)
{
$converted = null;
//deal with double encoded payload
$value = preg_replace('/&amp;/', '&', $value);
if (preg_match('/&#x?[\w]+/ms', $value)) {
$converted = preg_replace('/(&#x?[\w]{2}\d?);?/ms', '$1;', $value);
$converted = html_entity_decode($converted, ENT_QUOTES, 'UTF-8');
$value .= "\n" . str_replace(';;', ';', $converted);
}
// normalize obfuscated protocol handlers
$value = preg_replace(
'/(?:j\s*a\s*v\s*a\s*s\s*c\s*r\s*i\s*p\s*t\s*:)|(d\s*a\s*t\s*a\s*:)/ms',
'javascript:',
$value
);
return $value;
}
/**
* Normalize quotes
*
* @param string $value the value to convert
*
* @static
* @return string
*/
public static function convertQuotes($value)
{
// normalize different quotes to "
$pattern = array('\'', '`', '´', '’', '‘');
$value = str_replace($pattern, '"', $value);
//make sure harmless quoted strings don't generate false alerts
$value = preg_replace('/^"([^"=\\!><~]+)"$/', '$1', $value);
return $value;
}
/**
* Converts SQLHEX to plain text
*
* @param string $value the value to convert
*
* @static
* @return string
*/
public static function convertFromSQLHex($value)
{
$matches = array();
if (preg_match_all('/(?:(?:\A|[^\d])0x[a-f\d]{3,}[a-f\d]*)+/im', $value, $matches)) {
foreach ($matches[0] as $match) {
$converted = '';
foreach (str_split($match, 2) as $hex_index) {
if (preg_match('/[a-f\d]{2,3}/i', $hex_index)) {
$converted .= chr(hexdec($hex_index));
}
}
$value = str_replace($match, $converted, $value);
}
}
// take care of hex encoded ctrl chars
$value = preg_replace('/0x\d+/m', ' 1 ', $value);
return $value;
}
/**
* Converts basic SQL keywords and obfuscations
*
* @param string $value the value to convert
*
* @static
* @return string
*/
public static function convertFromSQLKeywords($value)
{
$pattern = array(
'/(?:is\s+null)|(like\s+null)|' .
'(?:(?:^|\W)in[+\s]*\([\s\d"]+[^()]*\))/ims'
);
$value = preg_replace($pattern, '"=0', $value);
$value = preg_replace('/[^\w\)]+\s*like\s*[^\w\s]+/ims', '1" OR "1"', $value);
$value = preg_replace('/null([,"\s])/ims', '0$1', $value);
$value = preg_replace('/\d+\./ims', ' 1', $value);
$value = preg_replace('/,null/ims', ',0', $value);
$value = preg_replace('/(?:between)/ims', 'or', $value);
$value = preg_replace('/(?:and\s+\d+\.?\d*)/ims', '', $value);
$value = preg_replace('/(?:\s+and\s+)/ims', ' or ', $value);
$pattern = array(
'/(?:not\s+between)|(?:is\s+not)|(?:not\s+in)|' .
'(?:xor|<>|rlike(?:\s+binary)?)|' .
'(?:regexp\s+binary)|' .
'(?:sounds\s+like)/ims'
);
$value = preg_replace($pattern, '!', $value);
$value = preg_replace('/"\s+\d/', '"', $value);
$value = preg_replace('/(\W)div(\W)/ims', '$1 OR $2', $value);
$value = preg_replace('/\/(?:\d+|null)/', null, $value);
return $value;
}
/**
* Detects nullbytes and controls chars via ord()
*
* @param string $value the value to convert
*
* @static
* @return string
*/
public static function convertFromControlChars($value)
{
// critical ctrl values
$search = array(
chr(0), chr(1), chr(2), chr(3), chr(4), chr(5),
chr(6), chr(7), chr(8), chr(11), chr(12), chr(14),
chr(15), chr(16), chr(17), chr(18), chr(19), chr(24),
chr(25), chr(192), chr(193), chr(238), chr(255), '\\0'
);
$value = str_replace($search, '%00', $value);
//take care for malicious unicode characters
$value = urldecode(
preg_replace(
'/(?:%E(?:2|3)%8(?:0|1)%(?:A|8|9)\w|%EF%BB%BF|%EF%BF%BD)|(?:&#(?:65|8)\d{3};?)/i',
null,
urlencode($value)
)
);
$value = urlencode($value);
$value = preg_replace('/(?:%F0%80%BE)/i', '>', $value);
$value = preg_replace('/(?:%F0%80%BC)/i', '<', $value);
$value = preg_replace('/(?:%F0%80%A2)/i', '"', $value);
$value = preg_replace('/(?:%F0%80%A7)/i', '\'', $value);
$value = urldecode($value);
$value = preg_replace('/(?:%ff1c)/', '<', $value);
$value = preg_replace('/(?:&[#x]*(200|820|200|820|zwn?j|lrm|rlm)\w?;?)/i', null, $value);
$value = preg_replace(
'/(?:&#(?:65|8)\d{3};?)|' .
'(?:&#(?:56|7)3\d{2};?)|' .
'(?:&#x(?:fe|20)\w{2};?)|' .
'(?:&#x(?:d[c-f])\w{2};?)/i',
null,
$value
);
$value = str_replace(
array(
'«',
'〈',
'<',
'‹',
'〈',
'⟨'
),
'<',
$value
);
$value = str_replace(
array(
'»',
'〉',
'>',
'›',
'〉',
'⟩'
),
'>',
$value
);
return $value;
}
/**
* This method matches and translates base64 strings and fragments
* used in data URIs
*
* @param string $value the value to convert
*
* @static
* @return string
*/
public static function convertFromNestedBase64($value)
{
$matches = array();
preg_match_all('/(?:^|[,&?])\s*([a-z0-9]{50,}=*)(?:\W|$)/im', $value, $matches);
foreach ($matches[1] as $item) {
if (isset($item) && !preg_match('/[a-f0-9]{32}/i', $item)) {
$base64_item = base64_decode($item);
$value = str_replace($item, $base64_item, $value);
}
}
return $value;
}
/**
* Detects nullbytes and controls chars via ord()
*
* @param string $value the value to convert
*
* @static
* @return string
*/
public static function convertFromOutOfRangeChars($value)
{
$values = str_split($value);
foreach ($values as $item) {
if (ord($item) >= 127) {
$value = str_replace($item, ' ', $value);
}
}
return $value;
}
/**
* Strip XML patterns
*
* @param string $value the value to convert
*
* @static
* @return string
*/
public static function convertFromXML($value)
{
$converted = strip_tags($value);
if (!$converted || $converted === $value) {
return $value;
} else {
return $value . "\n" . $converted;
}
}
/**
* This method converts JS unicode code points to
* regular characters
*
* @param string $value the value to convert
*
* @static
* @return string
*/
public static function convertFromJSUnicode($value)
{
$matches = array();
preg_match_all('/\\\u[0-9a-f]{4}/ims', $value, $matches);
if (!empty($matches[0])) {
foreach ($matches[0] as $match) {
$chr = chr(hexdec(substr($match, 2, 4)));
$value = str_replace($match, $chr, $value);
}
$value .= "\n\u0001";
}
return $value;
}
/**
* Converts relevant UTF-7 tags to UTF-8
*
* @param string $value the value to convert
*
* @static
* @return string
*/
public static function convertFromUTF7($value)
{
if (preg_match('/\+A\w+-?/m', $value)) {
if (function_exists('mb_convert_encoding')) {
if (version_compare(PHP_VERSION, '5.2.8', '<')) {
$tmp_chars = str_split($value);
$value = '';
foreach ($tmp_chars as $char) {
if (ord($char) <= 127) {
$value .= $char;
}
}
}
$value .= "\n" . mb_convert_encoding($value, 'UTF-8', 'UTF-7');
} else {
//list of all critical UTF7 codepoints
$schemes = array(
'+ACI-' => '"',
'+ADw-' => '<',
'+AD4-' => '>',
'+AFs-' => '[',
'+AF0-' => ']',
'+AHs-' => '{',
'+AH0-' => '}',
'+AFw-' => '\\',
'+ADs-' => ';',
'+ACM-' => '#',
'+ACY-' => '&',
'+ACU-' => '%',
'+ACQ-' => '$',
'+AD0-' => '=',
'+AGA-' => '`',
'+ALQ-' => '"',
'+IBg-' => '"',
'+IBk-' => '"',
'+AHw-' => '|',
'+ACo-' => '*',
'+AF4-' => '^',
'+ACIAPg-' => '">',
'+ACIAPgA8-' => '">'
);
$value = str_ireplace(
array_keys($schemes),
array_values($schemes),
$value
);
}
}
return $value;
}
/**
* Converts basic concatenations
*
* @param string $value the value to convert
*
* @static
* @return string
*/
public static function convertFromConcatenated($value)
{
//normalize remaining backslashes
if ($value != preg_replace('/(\w)\\\/', "$1", $value)) {
$value .= preg_replace('/(\w)\\\/', "$1", $value);
}
$compare = stripslashes($value);
$pattern = array(
'/(?:<\/\w+>\+<\w+>)/s',
'/(?:":\d+[^"[]+")/s',
'/(?:"?"\+\w+\+")/s',
'/(?:"\s*;[^"]+")|(?:";[^"]+:\s*")/s',
'/(?:"\s*(?:;|\+).{8,18}:\s*")/s',
'/(?:";\w+=)|(?:!""&&")|(?:~)/s',
'/(?:"?"\+""?\+?"?)|(?:;\w+=")|(?:"[|&]{2,})/s',
'/(?:"\s*\W+")/s',
'/(?:";\w\s*\+=\s*\w?\s*")/s',
'/(?:"[|&;]+\s*[^|&\n]*[|&]+\s*"?)/s',
'/(?:";\s*\w+\W+\w*\s*[|&]*")/s',
'/(?:"\s*"\s*\.)/s',
'/(?:\s*new\s+\w+\s*[+",])/',
'/(?:(?:^|\s+)(?:do|else)\s+)/',
'/(?:[{(]\s*new\s+\w+\s*[)}])/',
'/(?:(this|self)\.)/',
'/(?:undefined)/',
'/(?:in\s+)/'
);
// strip out concatenations
$converted = preg_replace($pattern, null, $compare);
//strip object traversal
$converted = preg_replace('/\w(\.\w\()/', "$1", $converted);
// normalize obfuscated method calls
$converted = preg_replace('/\)\s*\+/', ")", $converted);
//convert JS special numbers
$converted = preg_replace(
'/(?:\(*[.\d]e[+-]*[^a-z\W]+\)*)|(?:NaN|Infinity)\W/ims',
1,
$converted
);
if ($converted && ($compare != $converted)) {
$value .= "\n" . $converted;
}
return $value;
}
/**
* This method collects and decodes proprietary encoding types
*
* @param string $value the value to convert
*
* @static
* @return string
*/
public static function convertFromProprietaryEncodings($value)
{
//Xajax error reportings
$value = preg_replace('/<!\[CDATA\[(\W+)\]\]>/im', '$1', $value);
//strip false alert triggering apostrophes
$value = preg_replace('/(\w)\"(s)/m', '$1$2', $value);
//strip quotes within typical search patterns
$value = preg_replace('/^"([^"=\\!><~]+)"$/', '$1', $value);
//OpenID login tokens
$value = preg_replace('/{[\w-]{8,9}\}(?:\{[\w=]{8}\}){2}/', null, $value);
//convert Content and \sdo\s to null
$value = preg_replace('/Content|\Wdo\s/', null, $value);
//strip emoticons
$value = preg_replace(
'/(?:\s[:;]-[)\/PD]+)|(?:\s;[)PD]+)|(?:\s:[)PD]+)|-\.-|\^\^/m',
null,
$value
);
//normalize separation char repetion
$value = preg_replace('/([.+~=*_\-;])\1{2,}/m', '$1', $value);
//normalize multiple single quotes
$value = preg_replace('/"{2,}/m', '"', $value);
//normalize quoted numerical values and asterisks
$value = preg_replace('/"(\d+)"/m', '$1', $value);
//normalize pipe separated request parameters
$value = preg_replace('/\|(\w+=\w+)/m', '&$1', $value);
//normalize ampersand listings
$value = preg_replace('/(\w\s)&\s(\w)/', '$1$2', $value);
//normalize escaped RegExp modifiers
$value = preg_replace('/\/\\\(\w)/', '/$1', $value);
return $value;
}
/**
* This method removes encoded sql # comments
*
* @param string $value the value to convert
*
* @static
* @return string
*/
public static function convertFromUrlencodeSqlComment($value)
{
if (preg_match_all('/(?:\%23.*?\%0a)/im',$value,$matches)){
$converted = $value;
foreach($matches[0] as $match){
$converted = str_replace($match,' ',$converted);
}
$value .= "\n" . $converted;
}
return $value;
}
/**
* This method is the centrifuge prototype
*
* @param string $value the value to convert
* @param Monitor $monitor the monitor object
*
* @static
* @return string
*/
public static function runCentrifuge($value, Monitor $monitor = null)
{
$threshold = 3.49;
if (strlen($value) > 25) {
//strip padding
$tmp_value = preg_replace('/\s{4}|==$/m', null, $value);
$tmp_value = preg_replace(
'/\s{4}|[\p{L}\d\+\-=,.%()]{8,}/m',
'aaa',
$tmp_value
);
// Check for the attack char ratio
$tmp_value = preg_replace('/([*.!?+-])\1{1,}/m', '$1', $tmp_value);
$tmp_value = preg_replace('/"[\p{L}\d\s]+"/m', null, $tmp_value);
$stripped_length = strlen(
preg_replace(
'/[\d\s\p{L}\.:,%&\/><\-)!|]+/m',
null,
$tmp_value
)
);
$overall_length = strlen(
preg_replace(
'/([\d\s\p{L}:,\.]{3,})+/m',
'aaa',
preg_replace('/\s{2,}/m', null, $tmp_value)
)
);
if ($stripped_length != 0 && $overall_length/$stripped_length <= $threshold) {
$monitor->centrifuge['ratio'] = $overall_length / $stripped_length;
$monitor->centrifuge['threshold'] =$threshold;
$value .= "\n$[!!!]";
}
}
if (strlen($value) > 40) {
// Replace all non-special chars
$converted = preg_replace('/[\w\s\p{L},.:!]/', null, $value);
// Split string into an array, unify and sort
$array = str_split($converted);
$array = array_unique($array);
asort($array);
// Normalize certain tokens
$schemes = array(
'~' => '+',
'^' => '+',
'|' => '+',
'*' => '+',
'%' => '+',
'&' => '+',
'/' => '+'
);
$converted = implode($array);
$_keys = array_keys($schemes);
$_values = array_values($schemes);
$converted = str_replace($_keys, $_values, $converted);
$converted = preg_replace('/[+-]\s*\d+/', '+', $converted);
$converted = preg_replace('/[()[\]{}]/', '(', $converted);
$converted = preg_replace('/[!?:=]/', ':', $converted);
$converted = preg_replace('/[^:(+]/', null, stripslashes($converted));
// Sort again and implode
$array = str_split($converted);
asort($array);
$converted = implode($array);
if (preg_match('/(?:\({2,}\+{2,}:{2,})|(?:\({2,}\+{2,}:+)|(?:\({3,}\++:{2,})/', $converted)) {
$monitor->centrifuge['converted'] = $converted;
return $value . "\n" . $converted;
}
}
return $value;
}
}
interface/lib/classes/IDS/Event.php 0 → 100644
View file @ bb37295b
<?php
/**
* PHPIDS
*
* Requirements: PHP5, SimpleXML
*
* Copyright (c) 2008 PHPIDS group (https://phpids.org)
*
* PHPIDS is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, version 3 of the License, or
* (at your option) any later version.
*
* PHPIDS is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with PHPIDS. If not, see <http://www.gnu.org/licenses/>.
*
* PHP version 5.1.6+
*
* @category Security
* @package PHPIDS
* @author Mario Heiderich <mario.heiderich@gmail.com>
* @author Christian Matthies <ch0012@gmail.com>
* @author Lars Strojny <lars@strojny.net>
* @license http://www.gnu.org/licenses/lgpl.html LGPL
* @link http://php-ids.org/
*/
namespace IDS;
/**
* PHPIDS event object
*
* This class represents a certain event that occured while applying the filters
* to the supplied data. It aggregates a bunch of IDS_Filter implementations and
* is a assembled in IDS_Report.
*
* Note that this class implements both Countable and IteratorAggregate
*
* @category Security
* @package PHPIDS
* @author Christian Matthies <ch0012@gmail.com>
* @author Mario Heiderich <mario.heiderich@gmail.com>
* @author Lars Strojny <lars@strojny.net>
* @copyright 2007-2009 The PHPIDS Group
* @license http://www.gnu.org/licenses/lgpl.html LGPL
* @link http://php-ids.org/
*/
class Event implements \Countable, \IteratorAggregate
{
/**
* Event name
*
* @var string
*/
protected $name = null;
/**
* Value of the event
*
* @var mixed
*/
protected $value = null;
/**
* List of filter objects
*
* Filter objects in this array are those that matched the events value
*
* @var Filter[]|array
*/
protected $filters = array();
/**
* Calculated impact
*
* Total impact of the event
*
* @var integer
*/
protected $impact = 0;
/**
* Affecte tags
*
* @var string[]|array
*/
protected $tags = array();
/**
* Constructor
*
* Fills event properties
*
* @param string $name the event name
* @param mixed $value the event value
* @param Filter[]|array $filters the corresponding filters
*
* @throws \InvalidArgumentException
* @return \IDS\Event
*/
public function __construct($name, $value, array $filters)
{
if (!is_scalar($name)) {
throw new \InvalidArgumentException(
'Expected $name to be a scalar,' . gettype($name) . ' given'
);
}
if (!is_scalar($value)) {
throw new \InvalidArgumentException(
'Expected $value to be a scalar,' . gettype($value) . ' given'
);
}
$this->name = $name;
$this->value = $value;
foreach ($filters as $filter) {
if (!$filter instanceof Filter) {
throw new \InvalidArgumentException(
'Filter must be derived from IDS_Filter'
);
}
$this->filters[] = $filter;
}
}
/**
* Returns event name
*
* The name of the event usually is the key of the variable that was
* considered to be malicious
*
* @return string
*/
public function getName()
{
return $this->name;
}
/**
* Returns event value
*
* @return mixed
*/
public function getValue()
{
return $this->value;
}
/**
* Returns calculated impact
*
* @return integer
*/
public function getImpact()
{
if (!$this->impact) {
$this->impact = 0;
foreach ($this->filters as $filter) {
$this->impact += $filter->getImpact();
}
}
return $this->impact;
}
/**
* Returns affected tags
*
* @return string[]|array
*/
public function getTags()
{
foreach ($this->getFilters() as $filter) {
$this->tags = array_merge($this->tags, $filter->getTags());
}
return $this->tags = array_values(array_unique($this->tags));
}
/**
* Returns list of filter objects
*
* @return Filter[]|array
*/
public function getFilters()
{
return $this->filters;
}
/**
* Returns number of filters
*
* To implement interface Countable this returns the number of filters
* appended.
*
* @return integer
*/
public function count()
{
return count($this->getFilters());
}
/**
* IteratorAggregate iterator getter
*
* Returns an iterator to iterate over the appended filters.
*
* @return \Iterator the filter collection
*/
public function getIterator()
{
return new \ArrayIterator($this->getFilters());
}
}
interface/lib/classes/IDS/Filter.php 0 → 100644
View file @ bb37295b
<?php
/**
* PHPIDS
*
* Requirements: PHP5, SimpleXML
*
* Copyright (c) 2008 PHPIDS group (https://phpids.org)
*
* PHPIDS is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, version 3 of the License, or
* (at your option) any later version.
*
* PHPIDS is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with PHPIDS. If not, see <http://www.gnu.org/licenses/>.
*
* PHP version 5.1.6+
*
* @category Security
* @package PHPIDS
* @author Mario Heiderich <mario.heiderich@gmail.com>
* @author Christian Matthies <ch0012@gmail.com>
* @author Lars Strojny <lars@strojny.net>
* @license http://www.gnu.org/licenses/lgpl.html LGPL
* @link http://php-ids.org/
*/
namespace IDS;
/**
* PHPIDS Filter object
*
* Each object of this class serves as a container for a specific filter. The
* object provides methods to get information about this particular filter and
* also to match an arbitrary string against it.
*
* @category Security
* @package PHPIDS
* @author Christian Matthies <ch0012@gmail.com>
* @author Mario Heiderich <mario.heiderich@gmail.com>
* @author Lars Strojny <lars@strojny.net>
* @copyright 2007-2009 The PHPIDS Group
* @license http://www.gnu.org/licenses/lgpl.html LGPL
* @link http://php-ids.org/
* @since Version 0.4
*/
class Filter
{
/**
* Filter rule
*
* @var string
*/
protected $rule;
/**
* List of tags of the filter
*
* @var string[]|array
*/
protected $tags = array();
/**
* Filter impact level
*
* @var integer
*/
protected $impact = 0;
/**
* Filter description
*
* @var string
*/
protected $description = '';
/**
* Constructor
*
* @param integer $id filter id
* @param string $rule filter rule
* @param string $description filter description
* @param string[]|array $tags list of tags
* @param integer $impact filter impact level
*
* @return \IDS\Filter
*/
public function __construct($id, $rule, $description, array $tags, $impact)
{
$this->id = $id;
$this->rule = $rule;
$this->tags = $tags;
$this->impact = $impact;
$this->description = $description;
}
/**
* Matches a string against current filter
*
* Matches given string against the filter rule the specific object of this
* class represents
*
* @param string $input the string input to match
*
* @throws \InvalidArgumentException if argument is no string
* @return boolean
*/
public function match($input)
{
if (!is_string($input)) {
throw new \InvalidArgumentException(
'Invalid argument. Expected a string, received ' . gettype($input)
);
}
return (bool) preg_match('/' . $this->getRule() . '/ms', strtolower($input));
}
/**
* Returns filter description
*
* @return string
*/
public function getDescription()
{
return $this->description;
}
/**
* Return list of affected tags
*
* Each filter rule is concerned with a certain kind of attack vectors.
* This method returns those affected kinds.
*
* @return string[]|array
*/
public function getTags()
{
return $this->tags;
}
/**
* Returns filter rule
*
* @return string
*/
public function getRule()
{
return $this->rule;
}
/**
* Get filter impact level
*
* @return integer
*/
public function getImpact()
{
return $this->impact;
}
/**
* Get filter ID
*
* @return integer
*/
public function getId()
{
return $this->id;
}
}
interface/lib/classes/IDS/Filter/Storage.php 0 → 100644
View file @ bb37295b
<?php
/**
* PHPIDS
*
* Requirements: PHP5, SimpleXML
*
* Copyright (c) 2008 PHPIDS group (https://phpids.org)
*
* PHPIDS is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, version 3 of the License, or
* (at your option) any later version.
*
* PHPIDS is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with PHPIDS. If not, see <http://www.gnu.org/licenses/>.
*
* PHP version 5.1.6+
*
* @category Security
* @package PHPIDS
* @author Mario Heiderich <mario.heiderich@gmail.com>
* @author Christian Matthies <ch0012@gmail.com>
* @author Lars Strojny <lars@strojny.net>
* @license http://www.gnu.org/licenses/lgpl.html LGPL
* @link http://php-ids.org/
*/
namespace IDS\Filter;
use IDS\Init;
use IDS\Caching\CacheFactory;
/**
* Filter Storage
*
* This class provides various default functions for gathering filter patterns
* to be used later on by the detection mechanism. You might extend this class
* to your requirements.
*
* @category Security
* @package PHPIDS
* @author Christian Matthies <ch0012@gmail.com>
* @author Mario Heiderich <mario.heiderich@gmail.com>
* @author Lars Strojny <lars@strojny.net>
* @copyright 2007-2009 The PHPIDS Group
* @license http://www.gnu.org/licenses/lgpl.html LGPL
* @link http://php-ids.org/
*/
class Storage
{
/**
* Filter source file
*
* @var string
*/
protected $source = null;
/**
* Holds caching settings
*
* @var array
*/
protected $cacheSettings = null;
/**
* Cache container
*
* @var object IDS_Caching wrapper
*/
protected $cache = null;
/**
* Filter container
*
* @var array
*/
protected $filterSet = array();
/**
* Constructor
*
* Loads filters based on provided IDS_Init settings.
*
* @param object $init IDS_Init instance
*
* @throws \InvalidArgumentException if unsupported filter type is given
* @return void
*/
final public function __construct(Init $init)
{
if ($init->config) {
$caching = isset($init->config['Caching']['caching']) ? $init->config['Caching']['caching'] : 'none';
$type = $init->config['General']['filter_type'];
$this->source = $init->getBasePath(). $init->config['General']['filter_path'];
if ($caching && $caching !== 'none') {
$this->cacheSettings = $init->config['Caching'];
$this->cache = CacheFactory::factory($init, 'storage');
}
switch ($type) {
case 'xml':
return $this->getFilterFromXML();
case 'json':
return $this->getFilterFromJson();
default:
throw new \InvalidArgumentException('Unsupported filter type.');
}
}
}
/**
* Sets the filter array
*
* @param array $filterSet array containing multiple IDS_Filter instances
*
* @return object $this
*/
final public function setFilterSet($filterSet)
{
foreach ($filterSet as $filter) {
$this->addFilter($filter);
}
return $this;
}
/**
* Returns registered filters
*
* @return array
*/
final public function getFilterSet()
{
return $this->filterSet;
}
/**
* Adds a filter
*
* @param object $filter IDS_Filter instance
*
* @return object $this
*/
final public function addFilter(\IDS\Filter $filter)
{
$this->filterSet[] = $filter;
return $this;
}
/**
* Checks if any filters are cached
*
* @return mixed $filters cached filters or false
*/
private function isCached()
{
$filters = false;
if ($this->cacheSettings) {
if ($this->cache) {
$filters = $this->cache->getCache();
}
}
return $filters;
}
/**
* Loads filters from XML using SimpleXML
*
* This function parses the provided source file and stores the result.
* If caching mode is enabled the result will be cached to increase
* the performance.
*
* @throws \InvalidArgumentException if source file doesn't exist
* @throws \RuntimeException if problems with fetching the XML data occur
* @return object $this
*/
public function getFilterFromXML()
{
if (extension_loaded('SimpleXML')) {
/*
* See if filters are already available in the cache
*/
$filters = $this->isCached();
/*
* If they aren't, parse the source file
*/
if (!$filters) {
if (!file_exists($this->source)) {
throw new \InvalidArgumentException(
sprintf('Invalid config: %s doesn\'t exist.', $this->source)
);
}
if (LIBXML_VERSION >= 20621) {
$filters = simplexml_load_file($this->source, null, LIBXML_COMPACT);
} else {
$filters = simplexml_load_file($this->source);
}
}
/*
* In case we still don't have any filters loaded and exception
* will be thrown
*/
if (empty($filters)) {
throw new \RuntimeException(
'XML data could not be loaded.' .
' Make sure you specified the correct path.'
);
}
/*
* Now the storage will be filled with IDS_Filter objects
*/
$nocache = $filters instanceof \SimpleXMLElement;
if ($nocache)
{
// build filters and cache them for re-use on next run
$data = array();
$filters = $filters->filter;
foreach ($filters as $filter) {
$id = (string) $filter->id;
$rule = (string) $filter->rule;
$impact = (string) $filter->impact;
$tags = array_values((array) $filter->tags);
$description = (string) $filter->description;
$this->addFilter(
new \IDS\Filter(
$id,
$rule,
$description,
(array) $tags[0],
(int) $impact
)
);
$data[] = array(
'id' => $id,
'rule' => $rule,
'impact' => $impact,
'tags' => $tags,
'description' => $description
);
}
/*
* If caching is enabled, the fetched data will be cached
*/
if ($this->cacheSettings) {
$this->cache->setCache($data);
}
} else {
// build filters from cached content
$this->addFiltersFromArray($filters);
}
return $this;
}
throw new \RuntimeException('SimpleXML is not loaded.');
}
/**
* Loads filters from Json file using ext/Json
*
* This function parses the provided source file and stores the result.
* If caching mode is enabled the result will be cached to increase
* the performance.
*
* @throws \RuntimeException if problems with fetching the JSON data occur
* @return object $this
*/
public function getFilterFromJson()
{
if (extension_loaded('Json')) {
/*
* See if filters are already available in the cache
*/
$filters = $this->isCached();
/*
* If they aren't, parse the source file
*/
if (!$filters) {
if (!file_exists($this->source)) {
throw new \InvalidArgumentException(
sprintf('Invalid config: %s doesn\'t exist.', $this->source)
);
}
$filters = json_decode(file_get_contents($this->source));
}
if (!$filters) {
throw new \RuntimeException('JSON data could not be loaded. Make sure you specified the correct path.');
}
/*
* Now the storage will be filled with IDS_Filter objects
*/
$nocache = !is_array($filters);
if ($nocache) {
// build filters and cache them for re-use on next run
$data = array();
$filters = $filters->filters->filter;
foreach ($filters as $filter) {
$id = (string) $filter->id;
$rule = (string) $filter->rule;
$impact = (string) $filter->impact;
$tags = array_values((array) $filter->tags);
$description = (string) $filter->description;
$this->addFilter(
new \IDS\Filter(
$id,
$rule,
$description,
(array) $tags[0],
(int) $impact
)
);
$data[] = array(
'id' => $id,
'rule' => $rule,
'impact' => $impact,
'tags' => $tags,
'description' => $description
);
}
/*
* If caching is enabled, the fetched data will be cached
*/
if ($this->cacheSettings) {
$this->cache->setCache($data);
}
} else {
// build filters from cached content
$this->addFiltersFromArray($filters);
}
return $this;
}
throw new \RuntimeException('json extension is not loaded.');
}
/**
* This functions adds an array of filters to the IDS_Storage object.
* Each entry within the array is expected to be an simple array containing all parts of the filter.
*
* @param array $filters
*/
private function addFiltersFromArray(array $filters)
{
foreach ($filters as $filter) {
$id = $filter['id'];
$rule = $filter['rule'];
$impact = $filter['impact'];
$tags = $filter['tags'];
$description = $filter['description'];
$this->addFilter(
new \IDS\Filter(
$id,
$rule,
$description,
(array) $tags[0],
(int) $impact
)
);
}
}
}
interface/lib/classes/IDS/Init.php 0 → 100644
View file @ bb37295b
<?php
/**
* PHPIDS
*
* Requirements: PHP5, SimpleXML
*
* Copyright (c) 2008 PHPIDS group (https://phpids.org)
*
* PHPIDS is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, version 3 of the License, or
* (at your option) any later version.
*
* PHPIDS is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with PHPIDS. If not, see <http://www.gnu.org/licenses/>.
*
* PHP version 5.1.6+
*
* @category Security
* @package PHPIDS
* @author Mario Heiderich <mario.heiderich@gmail.com>
* @author Christian Matthies <ch0012@gmail.com>
* @author Lars Strojny <lars@strojny.net>
* @license http://www.gnu.org/licenses/lgpl.html LGPL
* @link http://php-ids.org/
*/
namespace IDS;
/**
* Framework initiation
*
* This class is used for the purpose to initiate the framework and inhabits
* functionality to parse the needed configuration file.
*
* @category Security
* @package PHPIDS
* @author Christian Matthies <ch0012@gmail.com>
* @author Mario Heiderich <mario.heiderich@gmail.com>
* @author Lars Strojny <lars@strojny.net>
* @copyright 2007-2009 The PHPIDS Groupup
* @license http://www.gnu.org/licenses/lgpl.html LGPL
* @link http://php-ids.org/
* @since Version 0.4
*/
class Init
{
/**
* Holds config settings
*
* @var array
*/
public $config = array();
/**
* Instance of this class depending on the supplied config file
*
* @var Init[]|array
* @static
*/
private static $instances = array();
/**
* Constructor
*
* Includes needed classes and parses the configuration file
*
* @param array $config
*
* @return \IDS\Init $this
*/
public function __construct(array $config = array())
{
$this->config = $config;
}
/**
* Returns an instance of this class. Also a PHP version check
* is being performed to avoid compatibility problems with PHP < 5.1.6
*
* @param string|null $configPath the path to the config file
*
* @throws \InvalidArgumentException
* @return self
*/
public static function init($configPath = null)
{
if (!$configPath) {
return new self();
}
if (!isset(self::$instances[$configPath])) {
if (!file_exists($configPath) || !is_readable($configPath)) {
throw new \InvalidArgumentException("Invalid config path '$configPath'");
}
self::$instances[$configPath] = new static(parse_ini_file($configPath, true));
}
return self::$instances[$configPath];
}
/**
* This method checks if a base path is given and usage is set to true.
* If all that tests succeed the base path will be returned as a string -
* else null will be returned.
*
* @return string|null the base path or null
*/
public function getBasePath()
{
return (!empty($this->config['General']['base_path'])
&& !empty($this->config['General']['use_base_path']))
? $this->config['General']['base_path'] : null;
}
/**
* Merges new settings into the exsiting ones or overwrites them
*
* @param array $config the config array
* @param boolean $overwrite config overwrite flag
*
* @return void
*/
public function setConfig(array $config, $overwrite = false)
{
if ($overwrite) {
$this->config = $this->mergeConfig($this->config, $config);
} else {
$this->config = $this->mergeConfig($config, $this->config);
}
}
/**
* Merge config hashes recursivly
*
* The algorithm merges configuration arrays recursively. If an element is
* an array in both, the values will be appended. If it is a scalar in both,
* the value will be replaced.
*
* @param array $current The legacy hash
* @param array $successor The hash which values count more when in doubt
* @return array Merged hash
*/
protected function mergeConfig($current, $successor)
{
if (is_array($current) and is_array($successor)) {
foreach ($successor as $key => $value) {
if (isset($current[$key])
and is_array($value)
and is_array($current[$key])) {
$current[$key] = $this->mergeConfig($current[$key], $value);
} else {
$current[$key] = $successor[$key];
}
}
}
return $current;
}
/**
* Returns the config array
*
* @return array the config array
*/
public function getConfig()
{
return $this->config;
}
}
interface/lib/classes/IDS/Monitor.php 0 → 100644
View file @ bb37295b
<?php
/**
* PHPIDS
*
* Requirements: PHP5, SimpleXML
*
* Copyright (c) 2008 PHPIDS group (https://phpids.org)
*
* PHPIDS is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, version 3 of the License, or
* (at your option) any later version.
*
* PHPIDS is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with PHPIDS. If not, see <http://www.gnu.org/licenses/>.
*
* PHP version 5.1.6+
*
* @category Security
* @package PHPIDS
* @author Mario Heiderich <mario.heiderich@gmail.com>
* @author Christian Matthies <ch0012@gmail.com>
* @author Lars Strojny <lars@strojny.net>
* @license http://www.gnu.org/licenses/lgpl.html LGPL
* @link http://php-ids.org/
*/
namespace IDS;
use IDS\Filter\Storage;
/**
* Monitoring engine
*
* This class represents the core of the frameworks attack detection mechanism
* and provides functions to scan incoming data for malicious appearing script
* fragments.
*
* @category Security
* @package PHPIDS
* @author Christian Matthies <ch0012@gmail.com>
* @author Mario Heiderich <mario.heiderich@gmail.com>
* @author Lars Strojny <lars@strojny.net>
* @copyright 2007-2009 The PHPIDS Group
* @license http://www.gnu.org/licenses/lgpl.html LGPL
* @link http://php-ids.org/
*/
class Monitor
{
/**
* Tags to define what to search for
*
* Accepted values are xss, csrf, sqli, dt, id, lfi, rfe, spam, dos
*
* @var array
*/
private $tags = null;
/**
* Container for filter rules
*
* Holds an instance of Storage
*
* @var Storage
*/
private $storage = null;
/**
* Scan keys switch
*
* Enabling this property will cause the monitor to scan both the key and
* the value of variables
*
* @var boolean
*/
public $scanKeys = false;
/**
* Exception container
*
* Using this array it is possible to define variables that must not be
* scanned. Per default, utmz google analytics parameters are permitted.
*
* @var array
*/
private $exceptions = array();
/**
* Html container
*
* Using this array it is possible to define variables that legally
* contain html and have to be prepared before hitting the rules to
* avoid too many false alerts
*
* @var array
*/
private $html = array();
/**
* JSON container
*
* Using this array it is possible to define variables that contain
* JSON data - and should be treated as such
*
* @var array
*/
private $json = array();
/**
* Holds HTMLPurifier object
*
* @var \HTMLPurifier
*/
private $htmlPurifier = null;
/**
* HTMLPurifier cache directory
*
* @var string
*/
private $HTMLPurifierCache = '';
/**
* This property holds the tmp JSON string from the _jsonDecodeValues() callback
*
* @var string
*/
private $tmpJsonString = '';
/**
* Constructor
*
* @throws \InvalidArgumentException When PHP version is less than what the library supports
* @throws \Exception
* @param Init $init instance of IDS_Init
* @param array|null $tags list of tags to which filters should be applied
* @return Monitor
*/
public function __construct(Init $init, array $tags = null)
{
$this->storage = new Storage($init);
$this->tags = $tags;
$this->scanKeys = $init->config['General']['scan_keys'];
$this->exceptions = isset($init->config['General']['exceptions']) ? $init->config['General']['exceptions'] : array();
$this->html = isset($init->config['General']['html']) ? $init->config['General']['html'] : array();
$this->json = isset($init->config['General']['json']) ? $init->config['General']['json'] : array();
if (isset($init->config['General']['HTML_Purifier_Cache'])) {
$this->HTMLPurifierCache = $init->getBasePath() . $init->config['General']['HTML_Purifier_Cache'];
}
$tmpPath = $init->getBasePath() . $init->config['General']['tmp_path'];
if (!is_writeable($tmpPath)) {
throw new \InvalidArgumentException("Please make sure the folder '$tmpPath' is writable");
}
}
/**
* Starts the scan mechanism
*
* @param array $request
* @return Report
*/
public function run(array $request)
{
$report = new Report;
foreach ($request as $key => $value) {
$report = $this->iterate($key, $value, $report);
}
return $report;
}
/**
* Iterates through given data and delegates it to IDS_Monitor::_detect() in
* order to check for malicious appearing fragments
*
* @param string $key the former array key
* @param array|string $value the former array value
* @param Report $report
* @return Report
*/
private function iterate($key, $value, Report $report)
{
if (is_array($value)) {
foreach ($value as $subKey => $subValue) {
$this->iterate("$key.$subKey", $subValue, $report);
}
} elseif (is_string($value)) {
if ($filter = $this->detect($key, $value)) {
$report->addEvent(new Event($key, $value, $filter));
}
}
return $report;
}
/**
* Checks whether given value matches any of the supplied filter patterns
*
* @param mixed $key the key of the value to scan
* @param mixed $value the value to scan
*
* @return Filter[] array of filter(s) that matched the value
*/
private function detect($key, $value)
{
// define the pre-filter
$preFilter = '([^\w\s/@!?\.]+|(?:\./)|(?:@@\w+)|(?:\+ADw)|(?:union\s+select))i';
// to increase performance, only start detection if value isn't alphanumeric
if ((!$this->scanKeys || !$key || !preg_match($preFilter, $key)) && (!$value || !preg_match($preFilter, $value))) {
return array();
}
// check if this field is part of the exceptions
foreach ($this->exceptions as $exception) {
$matches = array();
if (($exception === $key) || preg_match('((/.*/[^eE]*)$)', $exception, $matches) && isset($matches[1]) && preg_match($matches[1], $key)) {
return array();
}
}
// check for magic quotes and remove them if necessary
if (function_exists('get_magic_quotes_gpc') && !get_magic_quotes_gpc()) {
$value = preg_replace('(\\\(["\'/]))im', '$1', $value);
}
// if html monitoring is enabled for this field - then do it!
if (is_array($this->html) && in_array($key, $this->html, true)) {
list($key, $value) = $this->purifyValues($key, $value);
}
// check if json monitoring is enabled for this field
if (is_array($this->json) && in_array($key, $this->json, true)) {
list($key, $value) = $this->jsonDecodeValues($key, $value);
}
// use the converter
$value = Converter::runAll($value);
$value = Converter::runCentrifuge($value, $this);
// scan keys if activated via config
$key = $this->scanKeys ? Converter::runAll($key) : $key;
$key = $this->scanKeys ? Converter::runCentrifuge($key, $this) : $key;
$filterSet = $this->storage->getFilterSet();
if ($tags = $this->tags) {
$filterSet = @array_filter(
$filterSet,
function (Filter $filter) use ($tags) {
return (bool) array_intersect($tags, $filter->getTags());
}
);
}
$scanKeys = $this->scanKeys;
$filterSet = @array_filter(
$filterSet,
function (Filter $filter) use ($key, $value, $scanKeys) {
return $filter->match($value) || $scanKeys && $filter->match($key);
}
);
return $filterSet;
}
/**
* Purifies given key and value variables using HTMLPurifier
*
* This function is needed whenever there is variables for which HTML
* might be allowed like e.g. WYSIWYG post bodies. It will detect malicious
* code fragments and leaves harmless parts untouched.
*
* @param mixed $key
* @param mixed $value
* @since 0.5
* @throws \Exception
*
* @return array tuple [key,value]
*/
private function purifyValues($key, $value)
{
/*
* Perform a pre-check if string is valid for purification
*/
if ($this->purifierPreCheck($key, $value)) {
if (!is_writeable($this->HTMLPurifierCache)) {
throw new \Exception($this->HTMLPurifierCache . ' must be writeable');
}
/** @var $config \HTMLPurifier_Config */
$config = \HTMLPurifier_Config::createDefault();
$config->set('Attr.EnableID', true);
$config->set('Cache.SerializerPath', $this->HTMLPurifierCache);
$config->set('Output.Newline', "\n");
$this->htmlPurifier = new \HTMLPurifier($config);
$value = preg_replace('([\x0b-\x0c])', ' ', $value);
$key = preg_replace('([\x0b-\x0c])', ' ', $key);
$purifiedValue = $this->htmlPurifier->purify($value);
$purifiedKey = $this->htmlPurifier->purify($key);
$plainValue = strip_tags($value);
$plainKey = strip_tags($key);
$value = $value != $purifiedValue || $plainValue ? $this->diff($value, $purifiedValue, $plainValue) : null;
$key = $key != $purifiedKey ? $this->diff($key, $purifiedKey, $plainKey) : null;
}
return array($key, $value);
}
/**
* This method makes sure no dangerous markup can be smuggled in
* attributes when HTML mode is switched on.
*
* If the precheck considers the string too dangerous for
* purification false is being returned.
*
* @param string $key
* @param string $value
* @since 0.6
*
* @return boolean
*/
private function purifierPreCheck($key = '', $value = '')
{
/*
* Remove control chars before pre-check
*/
$tmpValue = preg_replace('/\p{C}/', null, $value);
$tmpKey = preg_replace('/\p{C}/', null, $key);
$preCheck = '/<(script|iframe|applet|object)\W/i';
return !(preg_match($preCheck, $tmpKey) || preg_match($preCheck, $tmpValue));
}
/**
* This method calculates the difference between the original
* and the purified markup strings.
*
* @param string $original the original markup
* @param string $purified the purified markup
* @param string $plain the string without html
* @since 0.5
*
* @return string the difference between the strings
*/
private function diff($original, $purified, $plain)
{
/*
* deal with over-sensitive alt-attribute addition of the purifier
* and other common html formatting problems
*/
$purified = preg_replace('/\s+alt="[^"]*"/m', null, $purified);
$purified = preg_replace('/=?\s*"\s*"/m', null, $purified);
$original = preg_replace('/\s+alt="[^"]*"/m', null, $original);
$original = preg_replace('/=?\s*"\s*"/m', null, $original);
$original = preg_replace('/style\s*=\s*([^"])/m', 'style = "$1', $original);
# deal with oversensitive CSS normalization
$original = preg_replace('/(?:([\w\-]+:)+\s*([^;]+;\s*))/m', '$1$2', $original);
# strip whitespace between tags
$original = trim(preg_replace('/>\s*</m', '><', $original));
$purified = trim(preg_replace('/>\s*</m', '><', $purified));
$original = preg_replace('/(=\s*(["\'`])[^>"\'`]*>[^>"\'`]*["\'`])/m', 'alt$1', $original);
// no purified html is left
if (!$purified) {
return $original;
}
// calculate the diff length
$length = mb_strlen($original) - mb_strlen($purified);
/*
* Calculate the difference between the original html input
* and the purified string.
*/
$array1 = preg_split('/(?<!^)(?!$)/u', html_entity_decode(urldecode($original)));
$array2 = preg_split('/(?<!^)(?!$)/u', $purified);
// create an array containing the single character differences
$differences = array_diff_assoc($array1, $array2);
// return the diff - ready to hit the converter and the rules
$differences = trim(implode('', $differences));
$diff = $length <= 10 ? $differences : mb_substr($differences, 0, strlen($original));
// clean up spaces between tag delimiters
$diff = preg_replace('/>\s*</m', '><', $diff);
// correct over-sensitively stripped bad html elements
$diff = preg_replace('/[^<](iframe|script|embed|object|applet|base|img|style)/m', '<$1', $diff );
return mb_strlen($diff) >= 4 ? $diff . $plain : null;
}
/**
* This method prepares incoming JSON data for the PHPIDS detection
* process. It utilizes _jsonConcatContents() as callback and returns a
* string version of the JSON data structures.
*
* @param string $key
* @param string $value
* @since 0.5.3
*
* @return array tuple [key,value]
*/
private function jsonDecodeValues($key, $value)
{
$decodedKey = json_decode($key);
$decodedValue = json_decode($value);
if ($decodedValue && is_array($decodedValue) || is_object($decodedValue)) {
array_walk_recursive($decodedValue, array($this, 'jsonConcatContents'));
$value = $this->tmpJsonString;
} else {
$this->tmpJsonString .= " " . $decodedValue . "\n";
}
if ($decodedKey && is_array($decodedKey) || is_object($decodedKey)) {
array_walk_recursive($decodedKey, array($this, 'jsonConcatContents'));
$key = $this->tmpJsonString;
} else {
$this->tmpJsonString .= " " . $decodedKey . "\n";
}
return array($key, $value);
}
/**
* This is the callback used in _jsonDecodeValues(). The method
* concatenates key and value and stores them in $this->tmpJsonString.
*
* @param mixed $key
* @param mixed $value
* @since 0.5.3
*
* @return void
*/
private function jsonConcatContents($key, $value)
{
if (is_string($key) && is_string($value)) {
$this->tmpJsonString .= $key . " " . $value . "\n";
} else {
$this->jsonDecodeValues(json_encode($key), json_encode($value));
}
}
/**
* Sets exception array
*
* @param string[]|string $exceptions the thrown exceptions
*
* @return void
*/
public function setExceptions($exceptions)
{
$this->exceptions = (array) $exceptions;
}
/**
* Returns exception array
*
* @return array
*/
public function getExceptions()
{
return $this->exceptions;
}
/**
* Sets html array
*
* @param string[]|string $html the fields containing html
* @since 0.5
*
* @return void
*/
public function setHtml($html)
{
$this->html = (array) $html;
}
/**
* Adds a value to the html array
*
* @since 0.5
*
* @param mixed $value
* @return void
*/
public function addHtml($value)
{
$this->html[] = $value;
}
/**
* Returns html array
*
* @since 0.5
*
* @return array the fields that contain allowed html
*/
public function getHtml()
{
return $this->html;
}
/**
* Sets json array
*
* @param string[]|string $json the fields containing json
* @since 0.5.3
*
* @return void
*/
public function setJson($json)
{
$this->json = (array) $json;
}
/**
* Adds a value to the json array
*
* @param string $value the value containing JSON data
* @since 0.5.3
*
* @return void
*/
public function addJson($value)
{
$this->json[] = $value;
}
/**
* Returns json array
*
* @since 0.5.3
*
* @return array the fields that contain json
*/
public function getJson()
{
return $this->json;
}
/**
* Returns storage container
*
* @return array
*/
public function getStorage()
{
return $this->storage;
}
}
interface/lib/classes/IDS/Report.php 0 → 100644
View file @ bb37295b
<?php
/**
* PHPIDS
*
* Requirements: PHP5, SimpleXML
*
* Copyright (c) 2008 PHPIDS group (https://phpids.org)
*
* PHPIDS is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, version 3 of the License, or
* (at your option) any later version.
*
* PHPIDS is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with PHPIDS. If not, see <http://www.gnu.org/licenses/>.
*
* PHP version 5.1.6+
*
* @category Security
* @package PHPIDS
* @author Mario Heiderich <mario.heiderich@gmail.com>
* @author Christian Matthies <ch0012@gmail.com>
* @author Lars Strojny <lars@strojny.net>
* @license http://www.gnu.org/licenses/lgpl.html LGPL
* @link http://php-ids.org/
*/
namespace IDS;
/**
* PHPIDS report object
*
* The report objects collects a number of events and thereby presents the
* detected results. It provides a convenient API to work with the results.
*
* Note that this class implements Countable, IteratorAggregate and
* a __toString() method
*
* @category Security
* @package PHPIDS
* @author Christian Matthies <ch0012@gmail.com>
* @author Mario Heiderich <mario.heiderich@gmail.com>
* @author Lars Strojny <lars@strojny.net>
* @copyright 2007-2009 The PHPIDS Group
* @license http://www.gnu.org/licenses/lgpl.html LGPL
* @link http://php-ids.org/
*/
class Report implements \Countable, \IteratorAggregate
{
/**
* Event container
*
* @var Event[]|array
*/
protected $events = array();
/**
* List of affected tags
*
* This list of tags is collected from the collected event objects on
* demand when IDS_Report->getTags() is called
*
* @var string[]|array
*/
protected $tags = array();
/**
* Impact level
*
* The impact level is calculated on demand by adding the results of the
* event objects on IDS\Report->getImpact()
*
* @var integer
*/
protected $impact = 0;
/**
* Centrifuge data
*
* This variable - initiated as an empty array - carries all information
* about the centrifuge data if available
*
* @var array
*/
protected $centrifuge = array();
/**
* Constructor
*
* @param array $events the events the report should include
*
* @return Report
*/
public function __construct(array $events = null)
{
foreach ((array) $events as $event) {
$this->addEvent($event);
}
}
/**
* Adds an IDS_Event object to the report
*
* @param Event $event IDS_Event
*
* @return self $this
*/
public function addEvent(Event $event)
{
$this->clear();
$this->events[$event->getName()] = $event;
return $this;
}
/**
* Get event by name
*
* In most cases an event is identified by the key of the variable that
* contained maliciously appearing content
*
* @param string|integer $name the event name
*
* @throws \InvalidArgumentException if argument is invalid
* @return Event|null IDS_Event object or false if the event does not exist
*/
public function getEvent($name)
{
if (!is_scalar($name)) {
throw new \InvalidArgumentException('Invalid argument type given');
}
return $this->hasEvent($name) ? $this->events[$name] : null;
}
/**
* Returns list of events
*
* @return string[]|array
*/
public function getEvents()
{
return $this->events;
}
/**
* Returns list of affected tags
*
* @return string[]|array
*/
public function getTags()
{
if (!$this->tags) {
$this->tags = array();
foreach ($this->events as $event) {
$this->tags = array_merge($this->tags, $event->getTags());
}
$this->tags = array_values(array_unique($this->tags));
}
return $this->tags;
}
/**
* Returns total impact
*
* Each stored IDS_Event object and its IDS_Filter sub-object are called
* to calculate the overall impact level of this request
*
* @return integer
*/
public function getImpact()
{
if (!$this->impact) {
$this->impact = 0;
foreach ($this->events as $event) {
$this->impact += $event->getImpact();
}
}
return $this->impact;
}
/**
* Checks if a specific event with given name exists
*
* @param string|integer $name the event name
*
* @throws \InvalidArgumentException if argument is illegal
* @return boolean
*/
public function hasEvent($name)
{
if (!is_scalar($name)) {
throw new \InvalidArgumentException('Invalid argument given');
}
return isset($this->events[$name]);
}
/**
* Returns total amount of events
*
* @return integer
*/
public function count()
{
return count($this->events);
}
/**
* Return iterator object
*
* In order to provide the possibility to directly iterate over the
* IDS_Event object the IteratorAggregate is implemented. One can easily
* use foreach() to iterate through all stored IDS_Event objects.
*
* @return \Iterator the event collection
*/
public function getIterator()
{
return new \ArrayIterator($this->events);
}
/**
* Checks if any events are registered
*
* @return boolean
*/
public function isEmpty()
{
return empty($this->events);
}
/**
* Clears calculated/collected values
*
* @return void
*/
protected function clear()
{
$this->impact = 0;
$this->tags = array();
}
/**
* This method returns the centrifuge property or null if not
* filled with data
*
* @return array
*/
public function getCentrifuge()
{
return $this->centrifuge;
}
/**
* This method sets the centrifuge property
*
* @param array $centrifuge the centrifuge data
*
* @throws \InvalidArgumentException if argument is illegal
* @return void
*/
public function setCentrifuge(array $centrifuge = array())
{
if (!$centrifuge) {
throw new \InvalidArgumentException('Empty centrifuge given');
}
$this->centrifuge = $centrifuge;
}
/**
* Directly outputs all available information
*
* @return string
*/
public function __toString()
{
$output = '';
if (!$this->isEmpty()) {
$output .= vsprintf(
"Total impact: %d<br/>\nAffected tags: %s<br/>\n",
array(
$this->getImpact(),
implode(', ', $this->getTags())
)
);
foreach ($this->events as $event) {
$output .= vsprintf(
"<br/>\nVariable: %s | Value: %s<br/>\nImpact: %d | Tags: %s<br/>\n",
array(
htmlspecialchars($event->getName()),
htmlspecialchars($event->getValue()),
$event->getImpact(),
implode(', ', $event->getTags())
)
);
foreach ($event as $filter) {
$output .= vsprintf(
"Description: %s | Tags: %s | ID %s<br/>\n",
array(
$filter->getDescription(),
implode(', ', $filter->getTags()),
$filter->getId()
)
);
}
}
$output .= '<br/>';
if ($centrifuge = $this->getCentrifuge()) {
$output .= vsprintf(
"Centrifuge detection data<br/> Threshold: %s<br/> Ratio: %s",
array(
isset($centrifuge['threshold']) && $centrifuge['threshold'] ? $centrifuge['threshold'] : '---',
isset($centrifuge['ratio']) && $centrifuge['ratio'] ? $centrifuge['ratio'] : '---'
)
);
if (isset($centrifuge['converted'])) {
$output .= '<br/> Converted: ' . $centrifuge['converted'];
}
$output .= "<br/><br/>\n";
}
}
return $output;
}
}
interface/lib/classes/IDS/Version.php 0 → 100644
View file @ bb37295b
<?php
/**
* PHPIDS
*
* Requirements: PHP5, SimpleXML
*
* Copyright (c) 2008 PHPIDS group (https://phpids.org)
*
* PHPIDS is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, version 3 of the License, or
* (at your option) any later version.
*
* PHPIDS is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with PHPIDS. If not, see <http://www.gnu.org/licenses/>.
*
* PHP version 5.1.6+
*
* @category Security
* @package PHPIDS
* @author Mario Heiderich <mario.heiderich@gmail.com>
* @author Christian Matthies <ch0012@gmail.com>
* @author Lars Strojny <lars@strojny.net>
* @license http://www.gnu.org/licenses/lgpl.html LGPL
* @link http://php-ids.org/
*/
namespace IDS;
/**
* PHPIDS version class
*
* @category Security
* @package PHPIDS
* @author Christian Matthies <ch0012@gmail.com>
* @author Mario Heiderich <mario.heiderich@gmail.com>
* @author Lars Strojny <lars@strojny.net>
* @copyright 2007-2009 The PHPIDS Group
* @license http://www.gnu.org/licenses/lgpl.html LGPL
* @link http://php-ids.org/
*/
abstract class Version
{
const VERSION = 'master';
}