/**
* @param array $config
* @param null $name
* @param string $storageRole
* @return Context
* @throws \Exception
*/
public function buildContextFromArray(array $config, $name = null, $storageRole = Context::STORAGE_ROLE_CHILD)
{
$type = in_array($config['type'], Context::getTypes()) ? $config['type'] : Context::TYPE_STANDARD;
$technology = in_array($config['technology'], Context::getTechnologies()) ? $config['technology'] : Context::TECH_GENERIC;
$context = new Context($name, null, $type, $storageRole);
$context->setTechnology($technology);
$context->setMappedTo($config['mapped_to'] ?: '');
if (is_array($config['fields'])) {
$fields = $config['fields'];
// Iterate all fields and create a rule set
foreach ($fields as $fieldData) {
$vulnElement = $this->buildVulnerabilityElementFromArray($fieldData['vulnerabilities']);
$source = $fieldData['source'] ?: FieldDescriptor::SOURCE_ANY;
if (!in_array($source, FieldDescriptor::getSources())) {
throw new \InvalidArgumentException("Invalid source for field '{$fieldData['name']}': " . $source);
}
$field = new Field($fieldData['name'], $vulnElement, $source);
$context->addField($field);
}
}
if (is_array($config['children'])) {
foreach ($config['children'] as $contextName => $contextData) {
$child = $this->buildContextFromArray($contextData, $contextName);
$context->addChild($child);
}
}
if (is_array($config['vulnerabilities'])) {
$vulnElement = $this->buildVulnerabilityElementFromArray($config['vulnerabilities']);
$context->setVulnTree($vulnElement);
}
return $context;
}
/**
* @param array $config
* @param null $name
* @param string $storageRole
* @return Context
* @throws \Exception
*/
public function buildFromArray(array $config, $name = null, $storageRole = Context::STORAGE_ROLE_CHILD)
{
$context = new Context($name, null, Context::TYPE_STANDARD, $storageRole);
if (is_array($config['fields'])) {
$fields = $config['fields'];
// Iterate all fields and create a rule set
foreach ($fields as $fieldName => $fieldData) {
$vulnerabilities = $this->buildVulnerabilitySetFromArray($fieldData);
$vulnElement = new VulnerableElement($vulnerabilities);
// Add rule to the rule set
$field = new Field($fieldName, $vulnElement, FieldDescriptor::SOURCE_ANY);
$context->addField($field);
}
}
foreach (['actions', 'contexts'] as $subContextType) {
if (is_array($config[$subContextType])) {
foreach ($config[$subContextType] as $contextName => $contextData) {
$child = $this->buildFromArray($contextData, $contextName);
$type = $subContextType == 'actions' ? Context::TYPE_ACTION : Context::TYPE_STANDARD;
$child->setType($type);
$context->addChild($child);
}
}
}
if (is_array($config['vulnerabilities'])) {
$vulnerabilities = $this->buildVulnerabilitySetFromArray($config['vulnerabilities']);
$vulnElement = new VulnerableElement($vulnerabilities);
$context->setVulnTree($vulnElement);
}
return $context;
}
public function getRequest()
{
if ($this->request) {
return $this->request;
} else {
if ($this->parent) {
return $this->parent->getRequest();
} else {
return Pixifier::getInstance()->getPixie()->http_request();
}
}
}
public function renderContext(Context $context)
{
$children = '';
$fields = '';
$vulnerabilities = $this->renderVulnerabilityTree($context->getVulnerabilityElement());
if ($context->hasFields()) {
$fieldsHtml = [];
foreach ($context->getFields() as $field) {
$fieldsHtml[] = $this->renderField($field);
}
$fields = implode('', $fieldsHtml);
}
if ($context->hasChildren()) {
$childrenHtml = [];
foreach ($context->getChildrenArray() as $child) {
$childrenHtml[] = $this->renderContext($child);
}
$children = implode('', $childrenHtml);
}
$view = $this->pixie->view('admin/context/context');
$view->vulnerabilities = $vulnerabilities;
$view->children = $children;
$view->fields = $fields;
$view->contextName = $context->getName();
$view->type = $context->getType();
return $view->render();
}
public function buildForm(FormBuilderInterface $builder, array $options)
{
parent::buildForm($builder, $options);
$typeOptions = ['attr' => ['class' => 'form-control input-miniature'], 'error_bubbling' => true, 'constraints' => [new Choice(['message' => "Incorrect context type selected.", 'choices' => Context::getTypes(), 'multiple' => false]), new NotBlank(['message' => 'Context type is missing.'])]];
if ($options['edit_mode_enabled']) {
$typeOptions['choices'] = ArraysHelper::arrayFillEqualPairs(Context::getTypes());
$typeOptions['multiple'] = false;
}
$builder->add('type', $options['edit_mode_enabled'] ? 'choice' : 'hidden', $typeOptions);
$showTech = false;
//$options['edit_mode_enabled'];
$techOptions = ['attr' => ['class' => 'form-control input-miniature'], 'error_bubbling' => true, 'constraints' => [new Choice(['message' => "Incorrect technology selected.", 'choices' => Context::getTechnologies(), 'multiple' => false]), new NotBlank(['message' => 'Context technology missing.'])]];
if ($showTech) {
$techOptions['choices'] = Context::getTechnologiesLabels();
$techOptions['multiple'] = false;
}
$builder->add('technology', $showTech ? 'choice' : 'hidden', $techOptions);
$builder->add('fields', 'context_fields_collection', ['type' => 'field', 'allow_add' => true, 'allow_delete' => true, 'prototype' => false, 'by_reference' => false, 'options' => ['label' => false, 'edit_mode_enabled' => $options['edit_mode_enabled'], 'cascade_validation' => $options['cascade_validation']], 'cascade_validation' => $options['cascade_validation'], 'error_bubbling' => false, 'edit_mode_enabled' => $options['edit_mode_enabled'], 'attr' => ['class' => 'js-fields-container']]);
$vulnTree = $builder->get('vulnTree');
$builder->remove('vulnTree');
$builder->add($vulnTree);
$options['recursionLevel']--;
if ($options['recursionLevel'] > 0) {
$builder->add('children', 'context_collection', ['type' => 'context', 'allow_add' => true, 'allow_delete' => true, 'prototype' => false, 'options' => ['recursionLevel' => $options['recursionLevel'], 'label' => false, 'edit_mode_enabled' => $options['edit_mode_enabled'], 'cascade_validation' => $options['cascade_validation']], 'by_reference' => false, 'label' => false, 'cascade_validation' => $options['cascade_validation'], 'error_bubbling' => false, 'attr' => ['class' => 'js-child-contexts']]);
}
$builder->add('mappedTo', 'hidden');
}
/**
* @return array
*/
public function getSelfAndAllParentTypes()
{
$types = [$this->type];
if ($this->parent) {
$types = array_merge($types, [$this->parent->getType()]);
}
return array_unique($types);
}
/**
* @param string|Context $child
* @return bool
*/
public function has($child)
{
if ($child instanceof Context) {
return $this->currentContext->hasChild($child);
} else {
if (is_string($child)) {
return $this->currentContext->hasChildByName($child);
} else {
return false;
}
}
}
public function asArray(Context $context)
{
$children = [];
$fields = [];
$vulnerabilities = $this->vulnerabilityTreeAsArray($context->getVulnerabilityElement());
if ($context->hasFields()) {
$fieldsArr = [];
foreach ($context->getFields() as $field) {
$fieldsArr[] = $this->renderField($field);
}
$fields = $fieldsArr;
}
if ($context->hasChildren()) {
$childrenArr = [];
foreach ($context->getChildrenArray() as $child) {
$childrenArr[$child->getName()] = $this->asArray($child);
}
$children = $childrenArr;
}
$result = ['name' => $context->getName(), 'type' => $context->getType(), 'technology' => $context->getTechnology()];
if ($context->getMappedTo()) {
$result['mapped_to'] = $context->getMappedTo();
}
if ($context->getStorageRole() != Context::STORAGE_ROLE_CHILD) {
$result['storage_role'] = $context->getStorageRole();
}
if (count($fields)) {
$result['fields'] = $fields;
}
if (count($vulnerabilities)) {
$result['vulnerabilities'] = $vulnerabilities;
}
if (count($children)) {
$result['children'] = $children;
}
return $result;
}
/**
* @inheritdoc
*/
public function run($action)
{
$action = 'action_' . $action;
$forceHyphens = $this->request->param('force_hyphens');
if (!method_exists($this, $action)) {
// Try to change hyphens to underscores in action name
$underscoredAction = str_replace('-', '_', $action);
if (!$forceHyphens || !method_exists($this, $underscoredAction)) {
throw new NotFoundException("Method {$action} doesn't exist in " . get_class($this));
} else {
$action = $underscoredAction;
}
}
$this->execute = true;
$this->before();
$service = null;
$isControllerLevel = true;
if ($this->execute) {
// Check referrer vulnerabilities
$service = $this->pixie->getVulnService();
$config = $service->getConfig();
$isControllerLevel = $config->getLevel() <= 1;
$actionName = $this->request->param('action');
if ($isControllerLevel) {
if (!$config->has($actionName)) {
$context = $config->getCurrentContext();
$context->addContext(Context::createFromData($actionName, [], $context));
}
$service->goDown($actionName);
// Check referrer for action level
$this->vulninjection->checkReferrer();
}
}
if ($this->execute) {
$this->{$action}();
}
if ($this->execute) {
$this->after();
}
if ($this->execute && $isControllerLevel) {
$service->goUp();
}
}
/**
* Add controller context as a child of root.
* @param $name
* @return $this
*/
public function addControllerContext($name)
{
$this->controllerSettings = $this->pixie->config->get("vulninjection/{$name}");
if (!is_array($this->controllerSettings)) {
$this->controllerSettings = array();
}
$controllerContext = Context::createFromData($name, $this->controllerSettings, $this->config->getRootContext(), Context::TYPE_DEFAULT, $this->pixie);
$this->config->addControllerContext($controllerContext);
return $this;
}
public function getContextParams()
{
return $this->currentContext->getParams();
}
/**
* Adds context to the collection.
* @param Context $context
*/
public function addContext(Context $context)
{
$this->children[$context->getName()] = $context;
$context->parent = $this;
}
/**
* Add possibility to return data from actions as a response.
*
* @inheritdoc
* @throws \App\Exception\NotFoundException
*/
public function run($action, array $params = [])
{
$action = 'action_' . $action;
if (!method_exists($this, $action)) {
throw new NotFoundException("Method {$action} doesn't exist in " . get_class($this), 404, null, 'Not Found');
}
$this->execute = true;
$this->before();
if (!$this instanceof ErrorController) {
// Check referrer vulnerabilities
$service = $this->pixie->getVulnService();
$config = $service->getConfig();
$isControllerLevel = $config->getLevel() <= 1;
$actionName = $this->request->param('action');
if ($isControllerLevel) {
if (!$config->has($actionName)) {
$context = $config->getCurrentContext();
$context->addContext(Context::createFromData($actionName, [], $context));
}
$service->goDown($actionName);
}
}
if ($this->execute) {
$result = call_user_func_array([$this, $action], $params);
if (empty($this->response->body) && !is_numeric($this->response->body) && $result !== null) {
$this->response->body = $result;
}
}
if ($this->execute) {
$this->after();
}
}
