/**
* Process failures in the HTTP response.
*
* Log file not found: means that the API key used to execute the request is
* not associated to the website, this may indicate that either the key was
* invalidated by an administrator of the service or that the API key was
* custom generated with invalid data.
*
* Wrong API key: means that the TLD of the origin of the request is not the
* domain used to generate the API key in the first place, or that the email
* address of the site administrator was changed so the data is not valid
* anymore.
*
* Connection timeout: means that the API service is down either because the
* hosting provider has connectivity issues or because the code is being
* deployed. There is an option in the settings page that allows to temporarily
* disable the communication with the API service while the server is down, this
* allows the admins to keep the latency at zero and continue working in their
* websites without interruptions.
*
* SSL issues: depending on the options used to compile the OpenSSL library
* built by each hosting provider, the connection with the HTTPs version of the
* API service may be rejected because of a failure in the SSL algorithm check.
* There is an option in the settings page that allows to disable the SSL pair
* verification, this option it disable automatically when the error is detected
* for the first time.
*
* @param array $response HTTP response after API endpoint execution.
* @param boolean $enqueue Add the log to the local queue on a failure.
* @return boolean False if the API call failed, true otherwise.
*/
private static function handleErrorResponse($response = array(), $enqueue = true)
{
$action_message = 'Unknown error, there is no more information.';
// Check whether the message list is empty or not.
if (isset($response['body']->messages[0])) {
$action_message = $response['body']->messages[0] . '.';
}
// Keep a copy of the original API response message.
$raw_message = $action_message;
// Special response for invalid API keys.
if (stripos($raw_message, 'log file not found') !== false) {
SucuriScanOption::delete_option(':api_key');
$action_message .= ' This generally happens when you add an invalid API key, the' . ' key will be deleted automatically to hide these warnings, if you want to' . ' recover it go to the settings page and use the recover button to send the' . ' key to your email address.';
}
// Special response for invalid CloudProxy API keys.
if (stripos($raw_message, 'wrong api key') !== false) {
SucuriScanOption::delete_option(':cloudproxy_apikey');
SucuriScanOption::setRevProxy('disable');
SucuriScanOption::setAddrHeader('REMOTE_ADDR');
$action_message .= ' The CloudProxy API key does not seems to be valid.';
}
// Special response for connection timeouts.
if ($enqueue && @preg_match('/time(d\\s)?out/', $raw_message)) {
$action_message = '';
/* Empty the error message. */
$cache = new SucuriScanCache('auditqueue');
$cache_key = md5($response['params']['time']);
$cache_value = array('created_at' => $response['params']['time'], 'message' => $response['params']['m']);
$cache->add($cache_key, $cache_value);
}
// Stop SSL peer verification on connection failures.
if (stripos($raw_message, 'no alternative certificate') || stripos($raw_message, 'error setting certificate') || stripos($raw_message, 'SSL connect error')) {
SucuriScanOption::update_option(':verify_ssl_cert', 'false');
$action_message .= 'There were some issues with the SSL certificate either in this' . ' server or with the remote API service. The automatic verification of the' . ' certificates has been deactivated to reduce the noise during the execution' . ' of the HTTP requests.';
}
if (!empty($action_message)) {
if ($enqueue) {
SucuriScanInterface::error(sprintf('(%d) %s: %s', SucuriScan::local_time(), ucwords($response['body']->action), $action_message));
}
return false;
}
return true;
}
/**
* Process failures in the HTTP response.
*
* Log file not found: means that the API key used to execute the request is
* not associated to the website, this may indicate that either the key was
* invalidated by an administrator of the service or that the API key was
* custom generated with invalid data.
*
* Wrong API key: means that the TLD of the origin of the request is not the
* domain used to generate the API key in the first place, or that the email
* address of the site administrator was changed so the data is not valid
* anymore.
*
* Connection timeout: means that the API service is down either because the
* hosting provider has connectivity issues or because the code is being
* deployed. There is an option in the settings page that allows to temporarily
* disable the communication with the API service while the server is down, this
* allows the admins to keep the latency at zero and continue working in their
* websites without interruptions.
*
* SSL issues: depending on the options used to compile the OpenSSL library
* built by each hosting provider, the connection with the HTTPs version of the
* API service may be rejected because of a failure in the SSL algorithm check.
* There is an option in the settings page that allows to disable the SSL pair
* verification, this option it disable automatically when the error is detected
* for the first time.
*
* @param array $response HTTP response after API endpoint execution.
* @param boolean $enqueue Add the log to the local queue on a failure.
* @return boolean False if the API call failed, true otherwise.
*/
private static function handleErrorResponse($response = array(), $enqueue = true)
{
$msg = 'Unknown error, there is no more information.';
if (is_array($response) && array_key_exists('messages', $response) && !empty($response['messages'])) {
$msg = implode(". ", $response['messages']);
$raw = $msg;
/* Keep a copy of the original message. */
// Special response for invalid API keys.
if (stripos($raw, 'log file not found') !== false) {
$key = SucuriScanOption::get_option(':api_key');
$msg .= '; this generally happens when you add an invalid API ' . 'key, the key will be deleted automatically to hide these w' . 'arnings, if you want to recover it go to the settings page' . ' and use the recover button to send the key to your email ' . 'address: ' . SucuriScan::escape($key);
SucuriScanOption::delete_option(':api_key');
}
// Special response for invalid CloudProxy API keys.
if (stripos($raw, 'wrong api key') !== false) {
$key = SucuriScanOption::get_option(':cloudproxy_apikey');
$msg .= '; invalid CloudProxy API key: ' . SucuriScan::escape($key);
SucuriScanInterface::error($msg);
$msg = '';
/* Force premature error message. */
SucuriScanOption::delete_option(':cloudproxy_apikey');
SucuriScanOption::setAddrHeader('REMOTE_ADDR');
SucuriScanOption::setRevProxy('disable');
}
// Stop SSL peer verification on connection failures.
if (stripos($raw, 'no alternative certificate') || stripos($raw, 'error setting certificate') || stripos($raw, 'SSL connect error')) {
SucuriScanOption::update_option(':verify_ssl_cert', 'false');
$msg .= 'There were some issues with the SSL certificate eith' . 'er in this server or with the remote API service. The auto' . 'matic verification of the certificates has been deactivate' . 'd to reduce the noise during the execution of the HTTP req' . 'uests.';
}
// Check if the MX records as missing for API registration.
if (strpos($raw, 'Invalid email') !== false) {
$msg = 'Email has an invalid format, or the host ' . 'associated to the email has no MX records.';
}
}
if (!empty($msg) && $enqueue) {
SucuriScanInterface::error($msg);
}
return false;
}
