public function validate(Response $response) { if ('https' === $response->getUri()->getScheme()) { $certInfo = $this->getCertifacateInformation($response->getUri()->getHost()); $this->doValidate($certInfo); } }
protected function doValidation(Response $response) { $body = $response->getBody(); // sitemapindex or urlset if (preg_match('/<sitemapindex/', $body)) { $this->validateBody($body, (string) $response->getUri()); } elseif (preg_match('/<urlset/', $body)) { $this->validateBody($body, (string) $response->getUri(), false); } }
protected function doValidation(Response $response) { $document = new Document($response->getBody()); $images = $document->getImages($response->getUri()); $foreignImages = array(); /* @var $currentUri Uri */ $currentUri = $response->getUri(); foreach ($images as $image) { /* @var $image Uri */ if ($currentUri->getHost($this->depth) !== $image->getHost($this->depth)) { $foreignImages[] = (string) $image; } } $this->assert(count($foreignImages) === 0, 'Images from a foreign domain where found (' . implode(', ', $foreignImages) . ')'); }
protected function doValidation(Response $response) { $data = json_decode($response->getBody()); if ($data === null) { throw new ValidationFailedException("The given JSON data can not be validated (last error: '" . $this->json_errors[json_last_error()] . "')."); } else { $error = false; $messageParts = array(); foreach ($this->jsonSchemaFiles as $jsonSchemaFile) { $factory = new Factory(null, null, Constraint::CHECK_MODE_TYPE_CAST | Constraint::CHECK_MODE_COERCE); $validator = new Validator($factory); $jsonSchemaObject = (object) json_decode(file_get_contents($jsonSchemaFile['jsonschemafileurl'])); $validator->check($data, $jsonSchemaObject); if (!$validator->isValid()) { $error = true; $errorMessage = ''; foreach ($validator->getErrors() as $error) { $errorMessage = $errorMessage . sprintf("[%s] %s\n", $error['property'], $error['message']); } $messageParts[] = $jsonSchemaFile['jsonschemafilename'] . ' - ' . $jsonSchemaFile['jsonschemafileurl'] . '(last error: ' . $errorMessage . ').'; } } if ($error == true) { $message = 'JSON file (' . (string) $response->getUri() . ') does not validate against the following JSON Schema files: ' . implode(", ", $messageParts); throw new ValidationFailedException($message); } } }
protected function doValidation(Response $response) { $crawler = new Crawler($response->getBody()); $actionNodes = $crawler->filterXPath('//form[//input[@type="password"]]'); $url = (string) $response->getUri(); foreach ($actionNodes as $node) { $action = $node->getAttribute('action'); if (strpos($action, 'https://') === 0) { continue; } $fullPath = $node->tagName; $parent = $node->parentNode; while ($parent = $parent->parentNode) { if (property_exists($parent, 'tagName')) { $fullPath = $parent->tagName . '/' . $fullPath; } else { break; } } if (in_array($fullPath, $this->knownIdentifier, true)) { continue; } $this->knownIdentifier[] = $fullPath; $this->assert(strpos($url, 'https://') !== false, 'Password is transferred insecure using HTTP.'); } }
protected function doValidation(Response $response) { if (strpos((string) $response->getUri(), 'favicon.ico') === false) { return; } $imageHash = md5($response->getBody()); $this->assert(!array_key_exists($imageHash, $this->favicons), 'Seems like you use the standard favicon of your framework (' . $this->favicons[$imageHash] . ').'); }
public function doValidation(Response $response) { $domDocument = new \DOMDocument(); $success = @$domDocument->loadXML((string) $response->getBody()); if (!$success) { $lastError = libxml_get_last_error(); throw new ValidationFailedException('The xml file ' . $response->getUri() . ' is not well formed (last error: ' . str_replace("\n", '', $lastError->message) . ').'); } }
/** * {@inheritdoc} */ protected function doValidation(Response $response) { $document = new Document($response->getBody(), false); $urls = $document->getDependencies($response->getUri()); $invalidUrls = array(); foreach ($urls as $url) { if (!filter_var(trim((string) $url), FILTER_VALIDATE_URL)) { $invalidUrls[] = (string) $url; } } $this->assert(count($invalidUrls) === 0, 'Invalid urls found (' . implode(', ', $invalidUrls) . ').'); }
public function validate(Response $response) { $url = $response->getUri()->getScheme() . '://' . $response->getUri()->getHost(); if (substr_count($url, '/') === 2) { $filename = $robotsUrl = $url . '/robots.txt'; } elseif (substr_count($url, '/') === 3) { $filename = $robotsUrl = $url . 'robots.txt'; } else { return; } $headers = @get_headers($filename); if (strpos($headers[0], '200') !== false) { $content = file_get_contents($filename); $normalizedContent = strtolower(str_replace(' ', '', $content)); if (strpos($normalizedContent, 'disallow:/' . PHP_EOL) !== false) { throw new ValidationFailedException('The robots.txt contains disallow all (Disallow: /)'); } if (strpos($normalizedContent, 'disallow:/') === strlen($normalizedContent) - 10) { throw new ValidationFailedException('The robots.txt contains disallow all (Disallow: /)'); } } }
/** * @Event("Scanner.CheckResponse.isFiltered") */ public function isFiltered(Event $event, $ruleName, Response $response) { $uri = (string) $this->retriever->getOriginUri($response->getUri()); if ($this->currentModus === self::MODUS_FILTER) { $isFiltered = $this->isFilteredByFilter($ruleName, $uri); } else { $isFiltered = $this->isFilteredByExclusives($ruleName, $uri); } if ($isFiltered) { $event->setProcessed(); return true; } else { return false; } }
protected function doValidation(Response $response) { $body = $response->getBody(); $dom = new \DOMDocument(); @$dom->loadXML($body); $filename = (string) $response->getUri(); $error = false; $messageParts = array(); foreach ($this->xsdFiles as $xsdFile) { $valid = @$dom->schemaValidate($xsdFile['xsdfileurl']); if (!$valid) { $error = true; $lastError = libxml_get_last_error(); $messageParts[] = $xsdFile['xsdfilename'] . ' - ' . $xsdFile['xsdfileurl'] . '(last error: ' . str_replace("\n", '', $lastError->message) . ').'; } } if ($error === true) { $message = 'XML file (' . $filename . ') does not validate against the following XSD files: ' . implode(", ", $messageParts); throw new ValidationFailedException($message); } }
protected function getFilesToCount(Document $document, Response $response) { return $document->getJsFiles($response->getUri()); }
public function validate(Response $response) { $url = (string) $response->getUri(); throw new ValidationFailedException("This function isn't implemented yet"); }