public function setUp() { $this->init = Init::init(IDS_CONFIG); $this->init->config['General']['tmp_path'] = IDS_TEMP_DIR; $this->init->config['Caching']['path'] = IDS_FILTER_CACHE_FILE; $this->init->config['General']['filter_type'] = IDS_FILTER_TYPE; $this->init->config['General']['filter_path'] = IDS_FILTER_SET; }
private function getFilterSet($type) { $init = Init::init(IDS_CONFIG); $init->config['General']['filter_type'] = strtolower($type); $init->config['General']['filter_path'] = constant('IDS_FILTER_SET_' . strtoupper($type)); $init->config['Caching']['caching'] = 'none'; $storage = new Storage($init); return $storage->getFilterSet(); }
/** * Starts IDS with the Config * defined in /application/config/staging/{MVC_ENV}/ids.ini * * @return \IDS\Init $oIdsInit */ public static function init() { // By Binding to this Event you // could e.g. load a different config and save to Registry::set ('MVC_IDS_CONFIG', array([..])) Event::RUN('mvc.ids.init.before'); $oIdsInit = Init::init(Registry::get('MVC_IDS_CONFIG')); // By Binding to this Event you // could modify the loaded config; // The Config you could access by $oIdsInit->config Event::RUN('mvc.ids.init.after', $oIdsInit); return $oIdsInit; }
public function dispatchLoopStartup(Zend_Controller_Request_Abstract $request) { $tmpPath = substr($_SERVER['DOCUMENT_ROOT'], 0, stripos($_SERVER['DOCUMENT_ROOT'], 'public')); $init = Init::init($tmpPath . 'application/config/IdsConfig.ini'); $init->config['General']['base_path'] = $tmpPath . 'application/cache/ids/'; $ids = new Monitor($init); /* * Please keep in mind what array_merge does and how this might interfer * with your variables_order settings */ $params = array('REQUEST' => $_REQUEST, 'GET' => $_GET, 'POST' => $_POST, 'COOKIE' => $_COOKIE); $result = $ids->run($params); if (!$result->isEmpty()) { //TODO ab welcher Stufe wird es als Bedrohung eingestuft? $request->setActionName('intrusion'); $request->setControllerName('error'); $request->setModuleName('default'); } }
public function testInitConfigWrongPathException() { $this->setExpectedException('InvalidArgumentException'); Init::init('IDS/Config/Config.ini.wrong'); }
public function setUp() { $this->init = Init::init(IDS_CONFIG); }
public function testInstanciatingInitObjectWithoutPassingConfigFile() { $init = Init::init(); $this->assertInstanceOf('IDS\\Init', $init); }
/** * Protects against basic attempts of Cross-Site Scripting (XSS). * * @see http://technicalinfo.net/papers/CSS.html * * @return void * * @throws \Exception Thrown if there was a problem running ids detection */ public function idsInputFilter(Zikula_Event $event) { if ($event['stage'] & Zikula_Core::STAGE_MODS && System::getVar('useids') == 1) { // Run IDS if desired try { $request = array(); // build request array defining what to scan // @todo: change the order of the arrays to merge if ini_get('variables_order') != 'EGPCS' if (isset($_REQUEST)) { $request['REQUEST'] = $_REQUEST; } if (isset($_GET)) { $request['GET'] = $_GET; } if (isset($_POST)) { $request['POST'] = $_POST; } if (isset($_COOKIE)) { $request['COOKIE'] = $_COOKIE; } if (isset($_SERVER['HTTP_HOST'])) { $request['HOST'] = $_SERVER['HTTP_HOST']; } if (isset($_SERVER['HTTP_ACCEPT'])) { $request['ACCEPT'] = $_SERVER['HTTP_ACCEPT']; } if (isset($_SERVER['USER_AGENT'])) { $request['USER_AGENT'] = $_SERVER['USER_AGENT']; } // while i think that REQUEST_URI is unnecessary, // the REFERER would be important, but results in way too many false positives /* if (isset($_SERVER['REQUEST_URI'])) { $request['REQUEST_URI'] = $_SERVER['REQUEST_URI']; } if (isset($_SERVER['HTTP_REFERER'])) { $request['REFERER'] = $_SERVER['HTTP_REFERER']; } */ // initialise configuration object $init = \IDS\Init::init(); // set configuration options $init->config = $this->_getidsconfig(); // create new IDS instance $ids = new \IDS\Monitor($init); // run the request check and fetch the results $result = $ids->run($request); // analyze the results if (!$result->isEmpty()) { // process the \IDS\Report object $this->_processIdsResult($init, $result); } else { // no attack detected } } catch (\Exception $e) { // sth went wrong - maybe the filter rules weren't found throw new \Exception(__f('An error occured during executing PHPIDS: %s', $e->getMessage())); } } }
require_once $combined; return; } else { $file = strtolower(str_replace('_', DIRECTORY_SEPARATOR, trim($class, '\\'))) . '.php'; $combined = '.' . DIRECTORY_SEPARATOR . $file; if (file_exists($combined)) { require_once $combined; return; } } }); use IDS\Init; use IDS\Monitor; try { $request = array('GET' => $_GET, 'POST' => $_POST); $init = Init::init(APP_PATH . '/vendors/ids/config/config.ini'); $init->config['General']['base_path'] = APP_PATH . '/vendors/ids/'; $init->config['General']['use_base_path'] = true; $init->config['Caching']['caching'] = 'none'; $ids = new Monitor($init); $result = $ids->run($request); if (!$result->isEmpty()) { $compositeLog = new IDS_Log_Composite(); $compositeLog->addLogger(IDS_Log_File::getInstance($init)); /* $compositeLog->addLogger( IDS_Log_Email::getInstance($init) ); */ $compositeLog->execute($result); echo 'Data which you have sent contains dangerous chars. Please delete all cookies and try it again';
use IDS\Monitor; use IDS\Log\CompositeLogger; use IDS\Log\FileLogger; if (!session_id()) { session_start(); } try { /* * It's pretty easy to get the PHPIDS running * 1. Define what to scan * * Please keep in mind what array_merge does and how this might interfer * with your variables_order settings */ $request = array('REQUEST' => $_REQUEST, 'GET' => $_GET, 'POST' => $_POST, 'COOKIE' => $_COOKIE); $init = Init::init(dirname(__FILE__) . '/../../lib/IDS/Config/Config.ini.php'); /** * You can also reset the whole configuration * array or merge in own data * * This usage doesn't overwrite already existing values * $config->setConfig(array('General' => array('filter_type' => 'xml'))); * * This does (see 2nd parameter) * $config->setConfig(array('General' => array('filter_type' => 'xml')), true); * * or you can access the config directly like here: */ $init->config['General']['base_path'] = dirname(__FILE__) . '/../../lib/IDS/'; $init->config['General']['use_base_path'] = true; $init->config['Caching']['caching'] = 'none';