/** * Process failures in the HTTP response. * * Log file not found: means that the API key used to execute the request is * not associated to the website, this may indicate that either the key was * invalidated by an administrator of the service or that the API key was * custom generated with invalid data. * * Wrong API key: means that the TLD of the origin of the request is not the * domain used to generate the API key in the first place, or that the email * address of the site administrator was changed so the data is not valid * anymore. * * Connection timeout: means that the API service is down either because the * hosting provider has connectivity issues or because the code is being * deployed. There is an option in the settings page that allows to temporarily * disable the communication with the API service while the server is down, this * allows the admins to keep the latency at zero and continue working in their * websites without interruptions. * * SSL issues: depending on the options used to compile the OpenSSL library * built by each hosting provider, the connection with the HTTPs version of the * API service may be rejected because of a failure in the SSL algorithm check. * There is an option in the settings page that allows to disable the SSL pair * verification, this option it disable automatically when the error is detected * for the first time. * * @param array $response HTTP response after API endpoint execution. * @param boolean $enqueue Add the log to the local queue on a failure. * @return boolean False if the API call failed, true otherwise. */ private static function handleErrorResponse($response = array(), $enqueue = true) { $action_message = 'Unknown error, there is no more information.'; // Check whether the message list is empty or not. if (isset($response['body']->messages[0])) { $action_message = $response['body']->messages[0] . '.'; } // Keep a copy of the original API response message. $raw_message = $action_message; // Special response for invalid API keys. if (stripos($raw_message, 'log file not found') !== false) { SucuriScanOption::delete_option(':api_key'); $action_message .= ' This generally happens when you add an invalid API key, the' . ' key will be deleted automatically to hide these warnings, if you want to' . ' recover it go to the settings page and use the recover button to send the' . ' key to your email address.'; } // Special response for invalid CloudProxy API keys. if (stripos($raw_message, 'wrong api key') !== false) { SucuriScanOption::delete_option(':cloudproxy_apikey'); SucuriScanOption::setRevProxy('disable'); SucuriScanOption::setAddrHeader('REMOTE_ADDR'); $action_message .= ' The CloudProxy API key does not seems to be valid.'; } // Special response for connection timeouts. if ($enqueue && @preg_match('/time(d\\s)?out/', $raw_message)) { $action_message = ''; /* Empty the error message. */ $cache = new SucuriScanCache('auditqueue'); $cache_key = md5($response['params']['time']); $cache_value = array('created_at' => $response['params']['time'], 'message' => $response['params']['m']); $cache->add($cache_key, $cache_value); } // Stop SSL peer verification on connection failures. if (stripos($raw_message, 'no alternative certificate') || stripos($raw_message, 'error setting certificate') || stripos($raw_message, 'SSL connect error')) { SucuriScanOption::update_option(':verify_ssl_cert', 'false'); $action_message .= 'There were some issues with the SSL certificate either in this' . ' server or with the remote API service. The automatic verification of the' . ' certificates has been deactivated to reduce the noise during the execution' . ' of the HTTP requests.'; } if (!empty($action_message)) { if ($enqueue) { SucuriScanInterface::error(sprintf('(%d) %s: %s', SucuriScan::local_time(), ucwords($response['body']->action), $action_message)); } return false; } return true; }
/** * Process failures in the HTTP response. * * Log file not found: means that the API key used to execute the request is * not associated to the website, this may indicate that either the key was * invalidated by an administrator of the service or that the API key was * custom generated with invalid data. * * Wrong API key: means that the TLD of the origin of the request is not the * domain used to generate the API key in the first place, or that the email * address of the site administrator was changed so the data is not valid * anymore. * * Connection timeout: means that the API service is down either because the * hosting provider has connectivity issues or because the code is being * deployed. There is an option in the settings page that allows to temporarily * disable the communication with the API service while the server is down, this * allows the admins to keep the latency at zero and continue working in their * websites without interruptions. * * SSL issues: depending on the options used to compile the OpenSSL library * built by each hosting provider, the connection with the HTTPs version of the * API service may be rejected because of a failure in the SSL algorithm check. * There is an option in the settings page that allows to disable the SSL pair * verification, this option it disable automatically when the error is detected * for the first time. * * @param array $response HTTP response after API endpoint execution. * @param boolean $enqueue Add the log to the local queue on a failure. * @return boolean False if the API call failed, true otherwise. */ private static function handleErrorResponse($response = array(), $enqueue = true) { $msg = 'Unknown error, there is no more information.'; if (is_array($response) && array_key_exists('messages', $response) && !empty($response['messages'])) { $msg = implode(". ", $response['messages']); $raw = $msg; /* Keep a copy of the original message. */ // Special response for invalid API keys. if (stripos($raw, 'log file not found') !== false) { $key = SucuriScanOption::get_option(':api_key'); $msg .= '; this generally happens when you add an invalid API ' . 'key, the key will be deleted automatically to hide these w' . 'arnings, if you want to recover it go to the settings page' . ' and use the recover button to send the key to your email ' . 'address: ' . SucuriScan::escape($key); SucuriScanOption::delete_option(':api_key'); } // Special response for invalid CloudProxy API keys. if (stripos($raw, 'wrong api key') !== false) { $key = SucuriScanOption::get_option(':cloudproxy_apikey'); $msg .= '; invalid CloudProxy API key: ' . SucuriScan::escape($key); SucuriScanInterface::error($msg); $msg = ''; /* Force premature error message. */ SucuriScanOption::delete_option(':cloudproxy_apikey'); SucuriScanOption::setAddrHeader('REMOTE_ADDR'); SucuriScanOption::setRevProxy('disable'); } // Stop SSL peer verification on connection failures. if (stripos($raw, 'no alternative certificate') || stripos($raw, 'error setting certificate') || stripos($raw, 'SSL connect error')) { SucuriScanOption::update_option(':verify_ssl_cert', 'false'); $msg .= 'There were some issues with the SSL certificate eith' . 'er in this server or with the remote API service. The auto' . 'matic verification of the certificates has been deactivate' . 'd to reduce the noise during the execution of the HTTP req' . 'uests.'; } // Check if the MX records as missing for API registration. if (strpos($raw, 'Invalid email') !== false) { $msg = 'Email has an invalid format, or the host ' . 'associated to the email has no MX records.'; } } if (!empty($msg) && $enqueue) { SucuriScanInterface::error($msg); } return false; }