Esempio n. 1
0
 public function validate(Response $response)
 {
     if ('https' === $response->getUri()->getScheme()) {
         $certInfo = $this->getCertifacateInformation($response->getUri()->getHost());
         $this->doValidate($certInfo);
     }
 }
Esempio n. 2
0
 protected function doValidation(Response $response)
 {
     $body = $response->getBody();
     // sitemapindex or urlset
     if (preg_match('/<sitemapindex/', $body)) {
         $this->validateBody($body, (string) $response->getUri());
     } elseif (preg_match('/<urlset/', $body)) {
         $this->validateBody($body, (string) $response->getUri(), false);
     }
 }
Esempio n. 3
0
 protected function doValidation(Response $response)
 {
     $document = new Document($response->getBody());
     $images = $document->getImages($response->getUri());
     $foreignImages = array();
     /* @var $currentUri Uri */
     $currentUri = $response->getUri();
     foreach ($images as $image) {
         /* @var $image Uri */
         if ($currentUri->getHost($this->depth) !== $image->getHost($this->depth)) {
             $foreignImages[] = (string) $image;
         }
     }
     $this->assert(count($foreignImages) === 0, 'Images from a foreign domain where found (' . implode(', ', $foreignImages) . ')');
 }
Esempio n. 4
0
 protected function doValidation(Response $response)
 {
     $data = json_decode($response->getBody());
     if ($data === null) {
         throw new ValidationFailedException("The given JSON data can not be validated (last error: '" . $this->json_errors[json_last_error()] . "').");
     } else {
         $error = false;
         $messageParts = array();
         foreach ($this->jsonSchemaFiles as $jsonSchemaFile) {
             $factory = new Factory(null, null, Constraint::CHECK_MODE_TYPE_CAST | Constraint::CHECK_MODE_COERCE);
             $validator = new Validator($factory);
             $jsonSchemaObject = (object) json_decode(file_get_contents($jsonSchemaFile['jsonschemafileurl']));
             $validator->check($data, $jsonSchemaObject);
             if (!$validator->isValid()) {
                 $error = true;
                 $errorMessage = '';
                 foreach ($validator->getErrors() as $error) {
                     $errorMessage = $errorMessage . sprintf("[%s] %s\n", $error['property'], $error['message']);
                 }
                 $messageParts[] = $jsonSchemaFile['jsonschemafilename'] . ' - ' . $jsonSchemaFile['jsonschemafileurl'] . '(last error: ' . $errorMessage . ').';
             }
         }
         if ($error == true) {
             $message = 'JSON file (' . (string) $response->getUri() . ')  does not validate against the following JSON Schema files: ' . implode(", ", $messageParts);
             throw new ValidationFailedException($message);
         }
     }
 }
Esempio n. 5
0
 protected function doValidation(Response $response)
 {
     $crawler = new Crawler($response->getBody());
     $actionNodes = $crawler->filterXPath('//form[//input[@type="password"]]');
     $url = (string) $response->getUri();
     foreach ($actionNodes as $node) {
         $action = $node->getAttribute('action');
         if (strpos($action, 'https://') === 0) {
             continue;
         }
         $fullPath = $node->tagName;
         $parent = $node->parentNode;
         while ($parent = $parent->parentNode) {
             if (property_exists($parent, 'tagName')) {
                 $fullPath = $parent->tagName . '/' . $fullPath;
             } else {
                 break;
             }
         }
         if (in_array($fullPath, $this->knownIdentifier, true)) {
             continue;
         }
         $this->knownIdentifier[] = $fullPath;
         $this->assert(strpos($url, 'https://') !== false, 'Password is transferred insecure using HTTP.');
     }
 }
Esempio n. 6
0
 protected function doValidation(Response $response)
 {
     if (strpos((string) $response->getUri(), 'favicon.ico') === false) {
         return;
     }
     $imageHash = md5($response->getBody());
     $this->assert(!array_key_exists($imageHash, $this->favicons), 'Seems like you use the standard favicon of your framework (' . $this->favicons[$imageHash] . ').');
 }
Esempio n. 7
0
 public function doValidation(Response $response)
 {
     $domDocument = new \DOMDocument();
     $success = @$domDocument->loadXML((string) $response->getBody());
     if (!$success) {
         $lastError = libxml_get_last_error();
         throw new ValidationFailedException('The xml file ' . $response->getUri() . ' is not well formed (last error: ' . str_replace("\n", '', $lastError->message) . ').');
     }
 }
Esempio n. 8
0
 /**
  * {@inheritdoc}
  */
 protected function doValidation(Response $response)
 {
     $document = new Document($response->getBody(), false);
     $urls = $document->getDependencies($response->getUri());
     $invalidUrls = array();
     foreach ($urls as $url) {
         if (!filter_var(trim((string) $url), FILTER_VALIDATE_URL)) {
             $invalidUrls[] = (string) $url;
         }
     }
     $this->assert(count($invalidUrls) === 0, 'Invalid urls found (' . implode(', ', $invalidUrls) . ').');
 }
Esempio n. 9
0
 public function validate(Response $response)
 {
     $url = $response->getUri()->getScheme() . '://' . $response->getUri()->getHost();
     if (substr_count($url, '/') === 2) {
         $filename = $robotsUrl = $url . '/robots.txt';
     } elseif (substr_count($url, '/') === 3) {
         $filename = $robotsUrl = $url . 'robots.txt';
     } else {
         return;
     }
     $headers = @get_headers($filename);
     if (strpos($headers[0], '200') !== false) {
         $content = file_get_contents($filename);
         $normalizedContent = strtolower(str_replace(' ', '', $content));
         if (strpos($normalizedContent, 'disallow:/' . PHP_EOL) !== false) {
             throw new ValidationFailedException('The robots.txt contains disallow all (Disallow: /)');
         }
         if (strpos($normalizedContent, 'disallow:/') === strlen($normalizedContent) - 10) {
             throw new ValidationFailedException('The robots.txt contains disallow all (Disallow: /)');
         }
     }
 }
Esempio n. 10
0
 /**
  * @Event("Scanner.CheckResponse.isFiltered")
  */
 public function isFiltered(Event $event, $ruleName, Response $response)
 {
     $uri = (string) $this->retriever->getOriginUri($response->getUri());
     if ($this->currentModus === self::MODUS_FILTER) {
         $isFiltered = $this->isFilteredByFilter($ruleName, $uri);
     } else {
         $isFiltered = $this->isFilteredByExclusives($ruleName, $uri);
     }
     if ($isFiltered) {
         $event->setProcessed();
         return true;
     } else {
         return false;
     }
 }
Esempio n. 11
0
 protected function doValidation(Response $response)
 {
     $body = $response->getBody();
     $dom = new \DOMDocument();
     @$dom->loadXML($body);
     $filename = (string) $response->getUri();
     $error = false;
     $messageParts = array();
     foreach ($this->xsdFiles as $xsdFile) {
         $valid = @$dom->schemaValidate($xsdFile['xsdfileurl']);
         if (!$valid) {
             $error = true;
             $lastError = libxml_get_last_error();
             $messageParts[] = $xsdFile['xsdfilename'] . ' - ' . $xsdFile['xsdfileurl'] . '(last error: ' . str_replace("\n", '', $lastError->message) . ').';
         }
     }
     if ($error === true) {
         $message = 'XML file (' . $filename . ')  does not validate against the following XSD files: ' . implode(", ", $messageParts);
         throw new ValidationFailedException($message);
     }
 }
Esempio n. 12
0
 protected function getFilesToCount(Document $document, Response $response)
 {
     return $document->getJsFiles($response->getUri());
 }
Esempio n. 13
0
 public function validate(Response $response)
 {
     $url = (string) $response->getUri();
     throw new ValidationFailedException("This function isn't implemented yet");
 }