function dvwaPhpIdsTrap() { global $_DVWA; try { /* * 1. Define what to scan * Please keep in mind what array_merge does and how this might interfer * with your variables_order settings */ $request = array('REQUEST' => $_REQUEST, 'GET' => $_GET, 'POST' => $_POST, 'COOKIE' => $_COOKIE); $init = IDS_Init::init(DVWA_WEB_PAGE_TO_PHPIDS . 'lib/IDS/Config/Config.ini'); $init->config['General']['base_path'] = DVWA_WEB_PAGE_TO_PHPIDS . 'lib/IDS/'; $init->config['General']['use_base_path'] = true; $init->config['Caching']['caching'] = 'none'; // 2. Initiate the PHPIDS and fetch the results $ids = new IDS_Monitor($request, $init); $result = $ids->run(); if (!$result->isEmpty()) { require_once 'IDS/Log/File.php'; require_once 'IDS/Log/Composite.php'; $compositeLog = new IDS_Log_Composite(); $compositeLog->addLogger(IDS_Log_File::getInstance($init)); $compositeLog->execute($result); echo 'Hacking attempt detected and logged.<br />Have a nice day.'; if ($_DVWA['default_phpids_verbose'] == 'true') { echo $result; } exit; } } catch (Exception $e) { // Something went terribly wrong - maybe the filter rules weren't found? printf('An error occured: %s', $e->getMessage()); } }
/** * Check function. * * This function includes the IDS vendor parts and runs the * detection routines on the request array. * * @param array $args * List of path parts. * * @return bool */ public function check($args) { // lets bypass a few civicrm urls from this check $skip = array('civicrm/admin/setting/updateConfigBackend', 'civicrm/admin/messageTemplates'); CRM_Utils_Hook::idsException($skip); $this->path = implode('/', $args); if (in_array($this->path, $skip)) { return NULL; } // Add request url and user agent. $_REQUEST['IDS_request_uri'] = $_SERVER['REQUEST_URI']; if (isset($_SERVER['HTTP_USER_AGENT'])) { $_REQUEST['IDS_user_agent'] = $_SERVER['HTTP_USER_AGENT']; } $configFile = self::createConfigFile(FALSE); // init the PHPIDS and pass the REQUEST array require_once 'IDS/Init.php'; try { $init = IDS_Init::init($configFile); $ids = new IDS_Monitor($_REQUEST, $init); } catch (Exception $e) { // might be an old stale copy of Config.IDS.ini // lets try to rebuild it again and see if it works $configFile = self::createConfigFile(TRUE); $init = IDS_Init::init($configFile); $ids = new IDS_Monitor($_REQUEST, $init); } $result = $ids->run(); if (!$result->isEmpty()) { $this->react($result); } return TRUE; }
function preDispatch(Zend_Controller_Request_Abstract $request) { try { require_once 'IDS/Init.php'; require_once 'IDS/Log/Composite.php'; require_once 'IDS/Log/Database.php'; #require_once 'IDS/Log/File.php'; $request = array('REQUEST' => $_REQUEST, 'GET' => $_GET, 'POST' => $_POST, 'COOKIE' => $_COOKIE); $init = IDS_Init::init(APPLICATION_PATH . '/../library/phpids/lib/IDS/Config/Config.ini.php'); $ids = new IDS_Monitor($request, $init); $result = $ids->run(); if (!$result->isEmpty()) { // This is where you should put some code that // deals with potential attacks, e.g. throwing // an exception, logging the attack, etc. $compositeLog = new IDS_Log_Composite(); $compositeLog->addLogger(IDS_Log_Database::getInstance($init)); #$compositeLog->addLogger(IDS_Log_File::getInstance($init)); $compositeLog->execute($result); echo $result; die('<h1>Go away!</h1>'); #$redirector = Zend_Controller_Action_HelperBroker::getStaticHelper('redirector'); #$redirector->gotoUrl('default/error/error/eh/ids')->redirectAndExit(); } return $request; } catch (Exception $e) { try { $writer = new Zend_Log_Writer_Stream(APPLICATION_LOG_PATH . 'plugin-ids.log'); $logger = new Zend_Log($writer); $logger->log($e->getMessage() . ' line ' . $e->getLine() . ' file ' . $e->getFile(), Zend_Log::ERR); } catch (Exception $e) { } } }
function dvwaPhpIdsTrap() { try { $request = array('REQUEST' => $_REQUEST, 'GET' => $_GET, 'POST' => $_POST, 'COOKIE' => $_COOKIE); $init = IDS_Init::init(DVWA_WEB_PAGE_TO_PHPIDS . 'lib/IDS/Config/Config.ini'); $init->config['General']['base_path'] = DVWA_WEB_PAGE_TO_PHPIDS . 'lib/IDS/'; $init->config['General']['use_base_path'] = true; $init->config['Caching']['caching'] = 'none'; // 2. Initiate the PHPIDS and fetch the results $ids = new IDS_Monitor($request, $init); $result = $ids->run(); if (!$result->isEmpty()) { require_once 'IDS/Log/File.php'; require_once 'IDS/Log/Composite.php'; $compositeLog = new IDS_Log_Composite(); $compositeLog->addLogger(IDS_Log_File::getInstance($init)); $compositeLog->execute($result); echo 'Hacking attempt detected and logged.'; //echo $result; exit; } } catch (Exception $e) { /* * something went terribly wrong - maybe the * filter rules weren't found? */ printf('An error occured: %s', $e->getMessage()); } }
/** * Protects against basic attempts of Cross-Site Scripting (XSS). * * @see http://technicalinfo.net/papers/CSS.html * * @return void */ public function idsInputFilter(GenericEvent $event) { if ($event['stage'] & Core::STAGE_MODS && System::getVar('useids') == 1) { // Run IDS if desired try { // build request array defining what to scan // @todo: change the order of the arrays to merge if ini_get('variables_order') != 'EGPCS' if (isset($_REQUEST)) { $request['REQUEST'] = $_REQUEST; } if (isset($_GET)) { $request['GET'] = $_GET; } if (isset($_POST)) { $request['POST'] = $_POST; } if (isset($_COOKIE)) { $request['COOKIE'] = $_COOKIE; } if (isset($_SERVER['HTTP_HOST'])) { $request['HOST'] = $_SERVER['HTTP_HOST']; } if (isset($_SERVER['HTTP_ACCEPT'])) { $request['ACCEPT'] = $_SERVER['HTTP_ACCEPT']; } if (isset($_SERVER['USER_AGENT'])) { $request['USER_AGENT'] = $_SERVER['USER_AGENT']; } // while i think that REQUEST_URI is unnecessary, // the REFERER would be important, but results in way too many false positives /* if (isset($_SERVER['REQUEST_URI'])) { $request['REQUEST_URI'] = $_SERVER['REQUEST_URI']; } if (isset($_SERVER['HTTP_REFERER'])) { $request['REFERER'] = $_SERVER['HTTP_REFERER']; } */ // initialise configuration object $init = \IDS_Init::init(); // set configuration options $init->config = $this->_getidsconfig(); // create new IDS instance $ids = new \IDS_Monitor($request, $init); // run the request check and fetch the results $result = $ids->run(); // analyze the results if (!$result->isEmpty()) { // process the IDS_Report object $this->_processIdsResult($init, $result); } else { // no attack detected } } catch (\Exception $e) { // sth went wrong - maybe the filter rules weren't found z_exit(__f('An error occured during executing PHPIDS: %s', $e->getMessage())); } } }
public function preDispatch(Zend_Controller_Request_Abstract $request) { $req = array('GET' => $request->getQuery(), 'POST' => $request->getPost(), 'COOKIE' => $request->getCookie(), 'PARAMS' => $request->getUserParams()); $init = IDS_Init::init(APPLICATION_PATH . '/configs/phpids.ini'); $ids = new IDS_Monitor($req, $init); $result = $ids->run(); if (!$result->isEmpty()) { $compositeLog = new IDS_Log_Composite(); $compositeLog->addLogger(IDS_Log_File::getInstance($init)); $compositeLog->execute($result); } }
/** * Do check */ function check() { include_once $this->BASE_PATH . 'IDS/Init.php'; $request = ['REQUEST' => $_REQUEST, 'GET' => $_GET, 'POST' => $_POST, 'COOKIE' => $_COOKIE]; // $init = IDS_Init::init(YF_PATH.'libs/phpids/'.'IDS/Config/Config.ini'); $init = IDS_Init::init(); $init->setConfig($this->config, true); $ids = new IDS_Monitor($request, $init); $result = $ids->run(); if (!$result->isEmpty()) { // Take a look at the result object // echo $result; trigger_error("IDS: Possible intrusion detected, result: " . $result, E_USER_WARNING); } return false; }
/** * Initialize phpIDS and run the IDS-Monitoring on all incomming arrays * * Smoke Example: * Apply to URL "index.php?theme=drahtgitter%3insert%00%00.'AND%XOR%XOR%.'DROP WHERE user_id='1';" */ public function runIDS() { // prevent redeclaration if (false === class_exists('IDS_Monitor', false)) { // load ids init include ROOT_LIBRARIES . 'IDS/Init.php'; // Setup the $_GLOBALS to monitor $request = array('GET' => $_GET, 'POST' => $_POST, 'COOKIE' => $_COOKIE); // We have to setup some defines here, which are used by parse_ini_file to replace values in config.ini define('IDS_FILTER_PATH', ROOT_LIBRARIES . 'IDS' . DIRECTORY_SEPARATOR . 'default_filter.xml'); define('IDS_TMP_PATH', ROOT_CACHE); define('IDS_LOG_PATH', ROOT_LOGS . 'phpids_log.txt'); define('IDS_CACHE_PATH', ROOT_CACHE . 'phpids_defaultfilter.cache'); // the following lines have to remain, till PHP_IDS team fixes their lib // in order to create the cache file automatically if (false === is_file(IDS_CACHE_PATH)) { if (false === file_put_contents(IDS_CACHE_PATH, '')) { throw new Koch_Exception('PHP IDS Cache file couldn\'t be created.', 11); } } // autoupdate #self::updateIDSFilterRules(); // Initialize the System with the configuration values $init = IDS_Init::init(ROOT_CONFIG . 'phpids_config.ini'); // Get IDS Monitor: and analyse the Request with Config applied $ids = new IDS_Monitor($request, $init); // Get Results $monitoring_result = $ids->run(); #var_dump($monitoring_result); // if no results, everything is fine if ($monitoring_result->isEmpty() === false or $monitoring_result->getImpact() > 1) { $access_block_message = 'Access Violation Detected by IDS! Execution stopped!'; if (DEBUG == true) { $access_block_message .= ' <br /> Monitor:' . $monitoring_result; } // Stop the execution of the application. exit($access_block_message); } } }
/** * This function includes the IDS vendor parts and runs the * detection routines on the request array. * * @param object cake controller object * @return boolean */ public function check(&$args) { // lets bypass a few civicrm urls from this check static $skip = array('civicrm/ajax', 'civicrm/admin/setting/updateConfigBackend', 'civicrm/admin/messageTemplates'); $path = implode('/', $args); if (in_array($path, $skip)) { return; } #add request url and user agent $_REQUEST['IDS_request_uri'] = $_SERVER['REQUEST_URI']; if (isset($_SERVER['HTTP_USER_AGENT'])) { $_REQUEST['IDS_user_agent'] = $_SERVER['HTTP_USER_AGENT']; } require_once 'IDS/Init.php'; // init the PHPIDS and pass the REQUEST array $config =& CRM_Core_Config::singleton(); $configFile = $config->configAndLogDir . 'Config.IDS.ini'; if (!file_exists($configFile)) { $tmpDir = empty($config->uploadDir) ? CIVICRM_TEMPLATE_COMPILEDIR : $config->uploadDir; // also clear the stat cache in case we are upgrading clearstatcache(); global $civicrm_root; $contents = "\n[General]\n filter_type = xml\n filter_path = {$civicrm_root}/packages/IDS/default_filter.xml\n tmp_path = {$tmpDir}\n HTML_Purifier_Path = IDS/vendors/htmlpurifier/HTMLPurifier.auto.php\n HTML_Purifier_Cache = {$tmpDir}\n scan_keys = false\n exceptions[] = __utmz\n exceptions[] = __utmc\n exceptions[] = widget_code\n exceptions[] = html_message\n exceptions[] = body_html\n exceptions[] = msg_html\n exceptions[] = msg_text\n exceptions[] = msg_subject\n exceptions[] = description\n html[] = intro\n html[] = thankyou_text\n html[] = intro_text\n html[] = body_text\n html[] = footer_text\n html[] = thankyou_text\n html[] = thankyou_footer\n html[] = thankyou_footer_text\n html[] = new_text\n html[] = renewal_text\n html[] = help_pre\n html[] = help_post\n html[] = confirm_title\n html[] = confirm_text\n html[] = confirm_footer_text\n html[] = confirm_email_text\n html[] = report_header\n html[] = report_footer\n html[] = data\n html[] = instructions\n"; if (file_put_contents($configFile, $contents) === false) { require_once 'CRM/Core/Error.php'; CRM_Core_Error::movedSiteError($configFile); } // also create the .htaccess file so we prevent the reading of the log and ini files // via a browser, CRM-3875 require_once 'CRM/Utils/File.php'; CRM_Utils_File::restrictAccess($config->configAndLogDir); } $init = IDS_Init::init($configFile); $ids = new IDS_Monitor($_REQUEST, $init); $result = $ids->run(); if (!$result->isEmpty()) { $this->react($result); } return true; }
/** * This method checks for the plain event of every single * exploit array item * * @access private * @param array $exploits */ private function _testForPlainEvent($exploits = array()) { foreach ($exploits as $exploit) { $test = new IDS_Monitor(array('test' => $exploit), $this->init); $result = $test->run(); if ($result->getImpact() === 0) { echo "\n\nNot detected: " . $exploit . "\n\n"; } $this->assertTrue($result->getImpact() > 0); } }
/** * This method checks for the plain event of every single * exploit array item * * @access private * @param array $exploits */ private function _testForPlainEvent($exploits = array()) { foreach ($exploits as $key => $value) { $test = new IDS_Monitor(array('test' => $value), $this->init); if (preg_match('/^html_/', $key)) { $this->init->config['General']['HTML_Purifier_Cache'] = dirname(__FILE__) . '/../../lib/IDS/tmp/'; $test->setHtml(array('test')); } $result = $test->run(); if ($result->getImpact() === 0) { echo "\n\nNot detected: " . $value . "\n\n"; } $this->assertTrue($result->getImpact() > 0); } }
/** * Run PHPIDS * * @return void */ public function run() { // Are we running in the WordPress admin? //if ( is_admin() AND $this->enable_admin == false ) { /// return; //} //hassan HMWP_MS $can_deactive = false; if (isset($_COOKIE['hmwp_can_deactivate']) && preg_replace("/[^a-zA-Z]/", "", substr(NONCE_SALT, 0, 8)) == preg_replace("/[^a-zA-Z]/", "", $_COOKIE['hmwp_can_deactivate'])) { $can_deactive = true; } if (!$this->opt('ids_admin_include') && $can_deactive) { return false; } if (is_admin() && !$this->opt('ids_level')) { // is 0 return false; } if ($this->opt('login_query')) { $login_query = preg_replace("/[^a-zA-Z]/", "", substr(NONCE_SALT, 0, 6)) . '_' . $this->opt('login_query'); } else { $login_query = preg_replace("/[^a-zA-Z]/", "", substr(NONCE_SALT, 0, 6)) . '_' . 'hide_my_wp'; } $request = array('REQUEST' => $_REQUEST, 'GET' => $_GET, 'POST' => $_POST, 'COOKIE' => '', 'SERVER' => ''); //Do not allow to cookies block login area! // if ($this->opt('ids_cookie') && strpos($_SERVER['PHP_SELF'], 'wp-login.php')===false) // $request['COOKIE'] = $_COOKIE; $request['SERVER'] = array('HTTP_REFERER' => '', 'REQUEST_URI' => isset($_SERVER['REQUEST_URI']) ? strtok($_SERVER["REQUEST_URI"], '?') : '', 'PHP_SELF' => isset($_SERVER['PHP_SELF']) ? $_SERVER['PHP_SELF'] : ''); if (isset($_GET['style_wrapper']) && $this->opt('admin_key') && isset($_GET[$login_query]) && $_GET[$login_query] == $this->opt('admin_key')) { $request['SERVER'] = ''; } else { $request['SERVER'] = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : ''; } if ($this->has_short_values($_GET, 5) && $this->has_short_values($_POST, 5) && $this->has_short_values($_REQUEST, 5) && $this->has_short_values($request['SERVER'], 12)) { return false; } $init = $this->init_ids(); $ids = new IDS_Monitor($request, $init); $this->result = $ids->run(); // Nothing more to do if ($this->result->isEmpty()) { return; } $max = 0; foreach ($this->result as $event) { $max = max($max, $event->getImpact()); } //echo '<br>count'.$this->result->count().'totalimpact'; //echo '<pre>';print_r($this->result->getImpact());echo '</pre>'; $compositeLog = new IDS_Log_Composite(); //if ( $this->enable_intrusion_logs ) { if ($this->opt('log_ids_min') && $this->opt('log_ids_min') <= $this->result->getImpact()) { $compositeLog = new IDS_Log_Composite(); $compositeLog->addLogger(new HMWP_MS_Log_Database()); // Update new intrusion count, log the event $this->update_intrusion_count(); } // Send alert email if ($this->opt('email_ids_min') && $this->opt('email_ids_min') <= $this->result->getImpact()) { require_once 'hmwp_ms/Log_Email.php'; $compositeLog->addLogger(HMWP_MS_Log_Email::getInstance($init, 'HMWP_MS_Log_Email')); } $compositeLog->execute($this->result); if ($this->opt('block_ids_min') && $this->opt('block_ids_min') <= $this->result->getImpact()) { $this->block_access(); // Load custom error page //add_action( 'template_redirect', array( $this, 'load_template' ) ); // Catch wp-login.php requests //add_action( 'hmwp_ms_wp_login', array( $this, 'load_template' ) ); } //$this->ban_user(); // Warning page runs last to allow for ban processing // $this->warning_page(); }
/** * Register ZIDS plugin in the pre-Dispatch phase. * @param Zend_Controller_Request_Abstract $request */ public function routeShutdown(Zend_Controller_Request_Abstract $request) { // should ZIDS ignore this request? if (isset($this->_config['ignore'])) { foreach ($this->_config['ignore']['requests']['module'] as $i => $module) { // if module, controller and action have been specified, all three parameters have to match if (isset($this->_config['ignore']['requests']['controller'][$i]) && isset($this->_config['ignore']['requests']['action'][$i])) { if ($request->getModuleName() == $module && $request->getControllerName() == $this->_config['ignore']['requests']['controller'][$i] && $request->getActionName() == $this->_config['ignore']['requests']['action'][$i]) { return $request; } // if only module and controller have been specified, both parameters have to match (action is being ignored) } else { if (isset($this->_config['ignore']['requests']['controller'][$i])) { if ($request->getModuleName() == $module && $request->getControllerName() == $this->_config['ignore']['requests']['controller'][$i]) { return $request; } // if only module has been specified, module has to match (controller & action are being ignored) } else { if ($request->getModuleName() == $module) { return $request; } } } } } // init and start PHP IDS require_once 'IDS/Init.php'; $input = array('REQUEST' => $_REQUEST, 'GET' => $_GET, 'POST' => $_POST, 'COOKIE' => $_COOKIE); $init = IDS_Init::init($this->_config['phpids']['config']); // set PHPIDS options if (isset($this->_config['phpids']['general']['base_path'])) { $init->config['General']['base_path'] = $this->_config['phpids']['general']['base_path']; } if (isset($this->_config['phpids']['general']['use_base_path'])) { $init->config['General']['use_base_path'] = $this->_config['phpids']['general']['use_base_path']; } if (isset($this->_config['phpids']['general']['tmp_path'])) { $init->config['General']['tmp_path'] = $this->_config['phpids']['general']['tmp_path']; } if (isset($this->_config['phpids']['general']['filter_path'])) { $init->config['General']['filter_path'] = $this->_config['phpids']['general']['filter_path']; } if (isset($this->_config['phpids']['logging']['path'])) { $init->config['Logging']['path'] = $this->_config['phpids']['logging']['path']; } if (isset($this->_config['phpids']['caching']['path'])) { $init->config['Caching']['path'] = $this->_config['phpids']['caching']['path']; } // html preparation if (isset($this->_config['phpids']['general']['html'])) { if (is_array($this->_config['phpids']['general']['html'])) { foreach ($this->_config['phpids']['general']['html'] as $html) { $init->config['General']['html'][] = $html; } } else { $init->config['General']['html'][] = $this->_config['phpids']['general']['html']; } } // json options if (isset($this->_config['phpids']['general']['json'])) { if (is_array($this->_config['phpids']['general']['json'])) { foreach ($this->_config['phpids']['general']['json'] as $json) { $init->config['General']['json'][] = $json; } } else { $init->config['General']['json'][] = $this->_config['phpids']['general']['json']; } } // exceptions (POST,GET,COOKIE) if (isset($this->_config['phpids']['general']['exceptions'])) { if (is_array($this->_config['phpids']['general']['exceptions'])) { foreach ($this->_config['phpids']['general']['exceptions'] as $exceptions) { $init->config['General']['exceptions'][] = $exceptions; } } else { $init->config['General']['exceptions'][] = $this->_config['phpids']['general']['exceptions']; } } $ids = new IDS_Monitor($input, $init); $result = $ids->run(); // deal with the result of PHP IDS if (!$result->isEmpty()) { // get PHP-IDS impact $impact = $result->getImpact(); // check, if ZIDS should aggregate all impacts in the session if ($this->_aggregate) { $session = new Zend_Session_Namespace('ZIDS'); $impact += $session->impact; $session->impact = $impact; } // find corresponding ZIDS level of attack foreach ($this->_levels as $lvlname => $currlevel) { if (!in_array(strtolower($lvlname), array('*', 'all'))) { if (isset($currlevel['upto'])) { if ($impact <= $currlevel['upto']) { $level = $lvlname; break; } } else { $level = $lvlname; break; } } } if (!isset($level)) { throw new Exception('ZIDS could not find a corresponding level for impact value ' . $impact . '! Please, check your ZIDS configuration in application.ini!'); } // which actions should ZIDS perform? $actions = $this->_levels[$level]['action']; // make sure to trim each action, e.g. ' email' => 'email' array_walk($actions, create_function('&$arr', '$arr=trim($arr);')); // do we have to ignore this (potential) attack? if (!in_array('ignore', $actions)) { // fire all defined actions foreach ($actions as $action) { $plugin = $this->getPlugin($action); if (!$plugin) { throw new Exception('ZIDS cannot find a plugin with name ' . $action); } $plugin->injectRequest($request)->fires($result, $impact, $level); } } } return $request; }
/** * This function includes the IDS vendor parts and runs the * detection routines on the request array. * * @param object cake controller object * @return boolean */ public function check(&$args) { // lets bypass a few civicrm urls from this check static $skip = array('civicrm/ajax', 'civicrm/admin/setting/updateConfigBackend'); $path = implode('/', $args); if (in_array($path, $skip)) { return; } #add request url and user agent $_REQUEST['IDS_request_uri'] = $_SERVER['REQUEST_URI']; if (isset($_SERVER['HTTP_USER_AGENT'])) { $_REQUEST['IDS_user_agent'] = $_SERVER['HTTP_USER_AGENT']; } require_once 'IDS/Init.php'; // init the PHPIDS and pass the REQUEST array $config =& CRM_Core_Config::singleton(); $configFile = $config->configAndLogDir . 'Config.IDS.ini'; if (!file_exists($configFile)) { global $civicrm_root; $contents = "\n[General]\n filter_type = xml\n filter_path = {$civicrm_root}/packages/IDS/default_filter.xml\n tmp_path = {$config->uploadDir}\n HTML_Purifier_Path = IDS/vendors/htmlpurifier/HTMLPurifier.auto.php\n HTML_Purifier_Cache = {$config->uploadDir}\n scan_keys = false\n exceptions[] = __utmz\n exceptions[] = __utmc\n exceptions[] = widget_code\n exceptions[] = html_message\n exceptions[] = body_html\n exceptions[] = msg_html\n html[] = description\n html[] = intro\n html[] = thankyou_text\n html[] = intro_text\n html[] = body_text\n html[] = footer_text\n html[] = thankyou_text\n html[] = thankyou_footer\n html[] = new_text\n html[] = renewal_text\n html[] = help_pre\n html[] = help_post\n html[] = msg_html\n html[] = confirm_title\n html[] = confirm_text\n html[] = confirm_footer_text\n html[] = confirm_email_text\n"; if (file_put_contents($configFile, $contents) === false) { require_once 'CRM/Core/Error.php'; CRM_Core_Error::movedSiteError($configFile); } // also create the .htaccess file so we prevent the reading of the log and ini files // via a browser, CRM-3875 $htaccessFile = $config->configAndLogDir . '.htaccess'; if (!file_exists($htaccessFile)) { $contents = ' # Protect files and directories from prying eyes. <FilesMatch "\\.(log|ini)$"> Order allow,deny </FilesMatch> '; if (file_put_contents($htaccessFile, $contents) === false) { require_once 'CRM/Core/Error.php'; CRM_Core_Error::movedSiteError($htaccessFile); } } } $init = IDS_Init::init($configFile); $ids = new IDS_Monitor($_REQUEST, $init); $result = $ids->run(); if (!$result->isEmpty()) { $this->react($result); } return true; }
* You can also reset the whole configuration * array or merge in own data * * This usage doesn't overwrite already existing values * $config->setConfig(array('General' => array('filter_type' => 'xml'))); * * This does (see 2nd parameter) * $config->setConfig(array('General' => array('filter_type' => 'xml')), true); * * or you can access the config directly like here: */ $init->config['General']['base_path'] = BASE_DIR . '/lib/IDS/'; $init->config['General']['use_base_path'] = true; $init->config['Caching']['caching'] = 'none'; // 2. Initiate the PHPIDS and fetch the results $ids = new IDS_Monitor($request, $init); $result = $ids->run(); /* * That's it - now you can analyze the results: * * In the result object you will find any suspicious * fields of the passed array enriched with additional info * * Note: it is moreover possible to dump this information by * simply echoing the result object, since IDS_Report implemented * a __toString method. */ if (!$result->isEmpty()) { // echo $result; /* * The following steps are optional to log the results
/** * This function includes the IDS vendor parts and runs the * detection routines on the request array. * * @param object cake controller object * @return boolean */ public function detect(&$controller) { $this->controller =& $controller; $this->name = Inflector::singularize($this->controller->name); #set include path for IDS and store old one $path = get_include_path(); set_include_path(VENDORS . 'phpids/'); #require the needed files vendor('phpids/IDS/Init'); #add request url and user agent $_REQUEST['IDS_request_uri'] = $_SERVER['REQUEST_URI']; if (isset($_SERVER['HTTP_USER_AGENT'])) { $_REQUEST['IDS_user_agent'] = $_SERVER['HTTP_USER_AGENT']; } #init the PHPIDS and pass the REQUEST array $this->init = IDS_Init::init(); $ids = new IDS_Monitor($this->init, $_REQUEST); $result = $ids->run(); // Re-set include path set_include_path($path); if (!$result->isEmpty()) { $this->react($result); } return true; }
public function processIDS() { /** * PHPIDS * Requirements: PHP5, SimpleXML * * Copyright (c) 2010 PHPIDS group (http://php-ids.org) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; version 2 of the license. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. */ // set the include path properly for PHPIDS set_include_path(get_include_path() . PATH_SEPARATOR . 'IDS/lib/'); if (!session_id()) { session_start(); } require_once 'IDS/Init.php'; try { /* * It's pretty easy to get the PHPIDS running * 1. Define what to scan * * Please keep in mind what array_merge does and how this might interfer * with your variables_order settings */ $request = array('REQUEST' => $_REQUEST, 'GET' => $_GET, 'POST' => $_POST, 'COOKIE' => $_COOKIE); $init = IDS_Init::init(dirname(__FILE__) . '/IDS/Config/Config.ini.php'); /** * You can also reset the whole configuration * array or merge in own data * * This usage doesn't overwrite already existing values * $config->setConfig(array('General' => array('filter_type' => 'xml'))); * * This does (see 2nd parameter) * $config->setConfig(array('General' => array('filter_type' => 'xml')), true); * * or you can access the config directly like here: */ $init->config['General']['base_path'] = dirname(__FILE__) . '/IDS/'; $init->config['General']['use_base_path'] = true; $init->config['Caching']['caching'] = 'none'; // 2. Initiate the PHPIDS and fetch the results $ids = new IDS_Monitor($request, $init); $result = $ids->run(); /* * That's it - now you can analyze the results: * * In the result object you will find any suspicious * fields of the passed array enriched with additional info * * Note: it is moreover possible to dump this information by * simply echoing the result object, since IDS_Report implemented * a __toString method. */ if (!$result->isEmpty()) { // echo $result; Yii::log($result, 'warning', 'application.components.ids'); /* * The following steps are optional to log the results */ require_once 'IDS/Log/File.php'; require_once 'IDS/Log/Composite.php'; $compositeLog = new IDS_Log_Composite(); $compositeLog->addLogger(IDS_Log_File::getInstance($init)); /* * Note that you might also use different logging facilities * such as IDS_Log_Email or IDS_Log_Database * * Just uncomment the following lines to test the wrappers */ /* * require_once 'IDS/Log/Email.php'; require_once 'IDS/Log/Database.php'; $compositeLog->addLogger( IDS_Log_Email::getInstance($init), IDS_Log_Database::getInstance($init) ); */ $compositeLog->execute($result); if ($this->callback !== NULL) { call_user_func($this->callback); } else { throw new CHttpException(500, $this->genericMessage); } } else { // echo '<a href="?test=%22><script>eval(window.name)</script>">No attack detected - click for an example attack</a>'; } } catch (Exception $e) { /* * sth went terribly wrong - maybe the * filter rules weren't found? */ /*printf( 'An error occured: %s', $e->getMessage() );*/ Yii::log($e->getMessage(), 'warning', 'application.components.ids'); throw new CHttpException(500, $this->genericMessage); } }