function __construct()
{
global $projectRootDir, $projectTmpDir;
if (!function_exists('escapedHexToHex') || !function_exists('escapedOctDec')) {
die('escapedHexToHex or escapedOctDec is missing');
}
$this->SIGNATURE_FILENAME = $projectRootDir . '/static/signatures/malware_db.xml';
$this->QUEUE_FILENAME = $projectTmpDir . '/scan_queue.manul.tmp.txt';
$this->QUEUE_OFFSET_FILENAME = $projectTmpDir . '/queue_offset.manul.tmp.txt';
$this->MALWARE_LOG_FILENAME = $projectTmpDir . '/malware_log.manul.tmp.txt';
$this->MALWARE_QUARANTINE_FILENAME = $projectTmpDir . '/malware_quarantine.manul.tmp.txt';
$this->MALWARE_QUARANTINE_FILEPATH_FILEPATH = $projectTmpDir . '/malware_quarantine_filepath.tmp.txt';
$this->XML_LOG_FILENAME = $projectTmpDir . '/scan_log.xml';
$this->SCRIPT_START = time();
$this->MAX_FILESIZE = 1 * 1024 * 1024;
// 1MB
$this->MAX_PREVIEW_LENGTH = 80;
// characters
$this->MAX_EXECUTION_DURATION = 20;
$validator = new XmlValidator();
if (!$validator->validate(implode('', file($this->SIGNATURE_FILENAME)), $projectRootDir . '/static/xsd/malware_db.xsd')) {
die(basename(__FILE__) . PS_ERR_MALWARE_DB_BROKEN);
}
$this->signatures = new DOMDocument();
$this->signatures->load($this->SIGNATURE_FILENAME);
}
public function testTransferInitiatorDetailsWithUnstructuredRemittanceIdentifier()
{
$transferMsgDetails = new TransferMsgDetails("http://10.18.70.8:7001/vendorconfirmation", "http://10.18.70.8:7001/transactionok?danke.asp", "http://10.18.70.8:7001/transactionnok?fehler.asp");
$transferMsgDetails->TargetWindowNok = $transferMsgDetails->TargetWindowOk = 'Mustershop';
$data = new TransferInitiatorDetails('AKLJS231534', 'topSecret', 'GAWIATW1XXX', 'Max Mustermann', 'AT611904300234573201', '1234567890ABCDEFG', 15000, $transferMsgDetails, '2007-03-16');
$data->UnstructuredRemittanceIdentifier = 'Foo is not Bar';
$data->SetExpirationMinutes(5);
$aSimpleXml = $data->GetSimpleXml();
$actual = $aSimpleXml->asXML();
XmlValidator::ValidateEpsProtocol($actual);
$this->assertContains('UnstructuredRemittanceIdentifier>Foo is not Bar', $actual);
}
private function startExecutor()
{
$view = new View();
$healer = new Healer();
if (!empty($_POST) && !empty($_POST['recipe'])) {
$xmlRecipe = $_POST['recipe'];
$validator = new XmlValidator();
global $projectRootDir;
if (get_magic_quotes_gpc()) {
$xmlRecipe = stripslashes($xmlRecipe);
}
//TODO: implement proper XXE prevention or switch to JSON instead
if (strpos(strtoupper($xmlRecipe), '<!ENTITY') !== false) {
die('XXE detected');
}
if (!$validator->validate($xmlRecipe, $projectRootDir . '/static/xsd/recipe.xsd')) {
die(PS_ERR_BROKEN_XML_FILE);
}
$executeList = '';
$itemTemplate = new Template('executor_item.tpl');
$quarantineFiles = array();
$deleteFiles = array();
$healer->prepareList($xmlRecipe, $quarantineFiles, $deleteFiles);
for ($i = 0; $i < count($deleteFiles); $i++) {
$itemTemplate->prepare();
$itemTemplate->set('PREFIX', 'd');
$itemTemplate->set('NUM', $i);
$itemTemplate->set('ACTION', PS_RECIPE_ACTION_DEL);
$itemTemplate->set('FILENAME', $this->getShortFilename($deleteFiles[$i]));
$itemTemplate->set('FILENAME_B64', base64_encode($deleteFiles[$i]));
$executeList .= $itemTemplate->get();
}
for ($i = 0; $i < count($quarantineFiles); $i++) {
$itemTemplate->prepare();
$itemTemplate->set('PREFIX', 'q');
$itemTemplate->set('NUM', $i);
$itemTemplate->set('ACTION', PS_RECIPE_ACTION_QUARANTINE);
$itemTemplate->set('FILENAME', $this->getShortFilename($quarantineFiles[$i]));
$itemTemplate->set('FILENAME_B64', base64_encode($quarantineFiles[$i]));
$executeList .= $itemTemplate->get();
}
define('PS_EXECUTE_LIST', $executeList);
define('PS_EXECUTE_TOTAL_D', count($deleteFiles));
define('PS_EXECUTE_TOTAL_Q', count($quarantineFiles));
$view->display('executor_changes.tpl');
} else {
if (isset($_POST['a']) && $_POST['a'] === 'apply') {
$deleteTotal = (int) $_POST['total_d'];
$quarantineTotal = (int) $_POST['total_q'];
$deleteFiles = array();
$quarantineFiles = array();
for ($i = 0; $i < $deleteTotal; $i++) {
if (!empty($_POST['d_' . $i]) && $_POST['d_' . $i] === 'on') {
$deleteFiles[] = base64_decode($_POST['fn_d_' . $i]);
}
}
for ($i = 0; $i < $quarantineTotal; $i++) {
if (!empty($_POST['q_' . $i]) && $_POST['q_' . $i] === 'on') {
$quarantineFiles[] = base64_decode($_POST['fn_q_' . $i]);
}
}
$numQuarantined = 0;
define('PS_EXECUTOR_LOG', $healer->executeXmlRecipe($deleteFiles, $quarantineFiles, $numQuarantined));
$quarantineUrl = $_SERVER['PHP_SELF'] . '?controller=download&f=quarantine';
define('PS_QUARANTINE_URL', $quarantineUrl);
$view->display('executor_done.tpl');
} else {
if (isset($_REQUEST['a']) && $_REQUEST['a'] == 'selfDelete') {
global $projectRootDir, $projectTmpDir;
if ($projectTmpDir == sys_get_temp_dir()) {
@unlink($projectTmpDir . '/scan_log.xml');
array_map('unlink', glob($projectTmpDir . '/*.manul.tmp.txt'));
array_map('unlink', glob($projectTmpDir . '/*.manul.tmp'));
array_map('unlink', glob($projectTmpDir . '/config.php'));
}
$deleteResult = $healer->deleteDir($projectRootDir);
if ($deleteResult) {
print json_encode(array('result' => 'ok'));
} else {
print json_encode(array('result' => 'error', 'details' => $deleteResult));
}
} else {
$view->display('executor.tpl');
}
}
}
}
/**
* Call this function when the confirmation URL is called by the Scheme Operator.
* The function will write ShopResponseDetails to the $outputStream in case of
* BankConfirmationDetails.
*
* @param callable $confirmationCallback a callable to send BankConfirmationDetails to.
* Will be called with the raw post data as first parameter and an Instance of
* BankConfirmationDetails as second parameter. This callable must return TRUE.
* @param callable $vitalityCheckCallback an optional callable for the vitalityCheck
* @param string $rawPostStream will read from this stream or file with file_get_contents
* @param string $outputStream will write to this stream the expected responses for the
* Scheme Operator
* @throws InvalidCallbackException when callback is not callable
* @throws CallbackResponseException when callback does not return TRUE
* @throws XmlValidationException when $rawInputStream does not validate against XSD
* @throws \UnexpectedValueException when using security suffix without security seed
* @throws UnknownRemittanceIdentifierException when security suffix does not match
*/
public function HandleConfirmationUrl($confirmationCallback, $vitalityCheckCallback = null, $rawPostStream = 'php://input', $outputStream = 'php://output')
{
$shopResponseDetails = new ShopResponseDetails();
try {
$this->TestCallability($confirmationCallback, 'confirmationCallback');
if ($vitalityCheckCallback != null) {
$this->TestCallability($vitalityCheckCallback, 'vitalityCheckCallback');
}
$HTTP_RAW_POST_DATA = file_get_contents($rawPostStream);
XmlValidator::ValidateEpsProtocol($HTTP_RAW_POST_DATA);
$xml = new \SimpleXMLElement($HTTP_RAW_POST_DATA);
$epspChildren = $xml->children(XMLNS_epsp);
$firstChildName = $epspChildren[0]->getName();
if ($firstChildName == 'VitalityCheckDetails') {
$this->WriteLog('Vitality Check');
if ($vitalityCheckCallback != null) {
$VitalityCheckDetails = new VitalityCheckDetails($xml);
$this->ConfirmationUrlCallback($vitalityCheckCallback, 'vitality check', array($HTTP_RAW_POST_DATA, $VitalityCheckDetails));
}
// 7.1.9 Schritt III-3: Bestätigung Vitality Check Händler-eps SO
file_put_contents($outputStream, $HTTP_RAW_POST_DATA);
} else {
if ($firstChildName == 'BankConfirmationDetails') {
$this->WriteLog('Bank Confirmation');
$BankConfirmationDetails = new BankConfirmationDetails($xml);
// Strip security hash from remittance identifier
$BankConfirmationDetails->SetRemittanceIdentifier($this->StripHash($BankConfirmationDetails->GetRemittanceIdentifier()));
$shopResponseDetails->SessionId = $BankConfirmationDetails->GetSessionId();
$shopResponseDetails->StatusCode = $BankConfirmationDetails->GetStatusCode();
$shopResponseDetails->PaymentReferenceIdentifier = $BankConfirmationDetails->GetPaymentReferenceIdentifier();
$this->WriteLog(sprintf('Calling confirmationUrlCallback for remittance identifier "%s" with status code %s', $BankConfirmationDetails->GetRemittanceIdentifier(), $BankConfirmationDetails->GetStatusCode()));
$this->ConfirmationUrlCallback($confirmationCallback, 'confirmation', array($HTTP_RAW_POST_DATA, $BankConfirmationDetails));
// Schritt III-8: Bestätigung Erhalt eps Zahlungsbestätigung Händler-eps SO
$this->WriteLog('III-8 Confirming payment receipt');
file_put_contents($outputStream, $shopResponseDetails->GetSimpleXml()->asXml());
}
}
} catch (\Exception $e) {
$this->WriteLog($e->getMessage());
if (is_subclass_of($e, 'at\\externet\\eps_bank_transfer\\ShopResponseException')) {
$shopResponseDetails->ErrorMsg = $e->GetShopResponseErrorMessage();
} else {
$shopResponseDetails->ErrorMsg = 'An exception of type "' . get_class($e) . '" occurred during handling of the confirmation url';
}
file_put_contents($outputStream, $shopResponseDetails->GetSimpleXml()->asXml());
throw $e;
}
}
/**
* Validate definition
*
* @param string $definition
* @return mixed - success: boolean, unsuccess: string - message error
* @author Sergey Startsev
*/
protected function doValidatePacked()
{
$definition = $this->getDefinition();
$tempPath = tempnam(sys_get_temp_dir(), 'studio_wi_wb') . '.xml';
afStudioUtil::writeFile($tempPath, $definition);
$validator = new XmlValidator($tempPath);
$status = $validator->validateXmlDocument();
unlink($tempPath);
$status = $validator->validateXmlDocument(true);
if ($status[0] == self::IDENTIFICATOR_ERROR) {
$return = trim($status[1]->getMessage());
} else {
$return = true;
}
return $return;
}
/**
* testInvalidXml.
*
* @expectedException Hogosha\Monitor\Exception\ValidatorException
* @expectedExceptionMessage This xml is not valid
*/
public function testInvalidXml()
{
$xmlValidator = new XmlValidator();
$xmlValidator->check('<xml></xml', '//nickanme');
}
public function readXmlDocument($path = null, $security = false, $uri = false)
{
$page = false;
if (!$uri) {
$action = sfContext::getInstance()->getActionName();
$module = sfContext::getInstance()->getModuleName();
} else {
$module = strtok($uri, "/");
$action = strtok("/");
}
if ($path === null) {
$pathCU = new afConfigUtils($module);
$path = $pathCU->getConfigFilePath($action . '.xml', true);
if (strstr($path, "page")) {
$page = true;
}
}
$hash = sha1_file($path);
$obj = afValidatorCachePeer::inCache($path);
if (!$obj || $obj->getSignature() != $hash) {
$doc = new XmlValidator($path, $security, false, false, $page ? $this->context->getModuleName() . "/" . $this->context->getActionName() : null);
$doc->validateXmlDocument();
$this->document = $doc->getXmlDocument();
$this->validator = $doc;
} else {
$this->document = new DOMDocument();
$this->document->load($path);
}
parent::setNamespace($security);
parent::setXmlDocument($this->document);
parent::setXpath();
XmlBaseElementParser::clearRetVal();
}
public function testHandleConfirmationUrlThrowsExceptionOnInvalidSecuritySetup()
{
$dataPath = $this->GetEpsDataPath('BankConfirmationDetailsWithSignature.xml');
$temp = tempnam(sys_get_temp_dir(), 'SoCommunicatorTest_');
$this->target->ObscuritySuffixLength = 3;
try {
$this->target->HandleConfirmationUrl(function () {
}, null, $dataPath, $temp);
} catch (\UnexpectedValueException $e) {
// expected
}
$actual = file_get_contents($temp);
XmlValidator::ValidateEpsProtocol($actual);
$this->assertContains('ShopResponseDetails>', $actual);
$this->assertContains('ErrorMsg>An exception of type "UnexpectedValueException" occurred during handling of the confirmation url', $actual);
}
public function testWithSignatureReturnsTrue()
{
$ret = XmlValidator::ValidateEpsProtocol($this->GetEpsData('BankConfirmationDetailsWithSignature.xml'));
$this->assertTrue($ret);
}
