/** * Create a new zip archive or open an existing one * * @param $pathToFile * @return $this * @static */ public static function zip($pathToFile) { return \Chumper\Zipper\Zipper::zip($pathToFile); }
/** * Parse attachments * @return array Returns array with failed or success data * (See parser-common/src/Parser.php) for more info. */ public function parse() { // Validate user based regex try { preg_match(config("{$this->configBase}.parser.file_regex"), '', $matches); } catch (\Exception $e) { $this->warningCount++; return $this->failed('Configuration error in the regular expression'); } foreach ($this->parsedMail->getAttachments() as $attachment) { if (strpos($attachment->filename, '.zip') !== false && $attachment->contentType == 'application/octet-stream') { $zip = new Zipper(); if (!$this->createWorkingDir()) { return $this->failed("Unable to create working directory"); } file_put_contents($this->tempPath . $attachment->filename, $attachment->getContent()); $zip->zip($this->tempPath . $attachment->filename); $zip->extractTo($this->tempPath); foreach ($zip->listFiles() as $index => $compressedFile) { if (strpos($compressedFile, '.csv') !== false) { // For each CSV file we find, we are going to do magic (however they usually only send 1 zip) if (preg_match(config("{$this->configBase}.parser.file_regex"), $compressedFile, $matches)) { $this->feedName = $matches[1]; // If feed is known and enabled, validate data and save report if ($this->isKnownFeed() && $this->isEnabledFeed()) { $csvReports = new Reader\CsvReader(new SplFileObject($this->tempPath . $compressedFile)); $csvReports->setHeaderRowNumber(0); foreach ($csvReports as $report) { // Handle field mappings first $aliasses = config("{$this->configBase}.feeds.{$this->feedName}.aliasses"); if (is_array($aliasses)) { foreach ($aliasses as $alias => $real) { if (array_key_exists($alias, $report)) { $report[$real] = $report[$alias]; unset($report[$alias]); } } } /* * Legacy 3.x fix for migrations. * * This resolves shadowserver errors where the CSV was send in duplicate resulting * in the header fields being used as data. If the header is detected the row can * be skipped safely */ if ($report['ip'] === 'ip') { continue; } // Sanity check if ($this->hasRequiredFields($report) === true) { // incident has all requirements met, filter and add! $report = $this->applyFilters($report); $incident = new Incident(); $incident->source = config("{$this->configBase}.parser.name"); $incident->source_id = false; $incident->ip = $report['ip']; $incident->domain = false; $incident->class = config("{$this->configBase}.feeds.{$this->feedName}.class"); $incident->type = config("{$this->configBase}.feeds.{$this->feedName}.type"); $incident->timestamp = strtotime($report['timestamp']); $incident->information = json_encode($report); // some rows have a domain, which is an optional column we want to register switch ($this->feedName) { case "spam_url": if (isset($report['url'])) { $incident->domain = getDomain($report['url']); } break; case "ssl_scan": if (isset($report['subject_common_name'])) { /* * Common name does not add http://, but that is required for * the domain helper check so lets add it manually */ $testurl = "http://{$report['subject_common_name']}"; $incident->domain = getDomain($testurl); } break; case "compromised_website": if (isset($report['http_host'])) { $incident->domain = getDomain($report['http_host']); } break; } $this->incidents[] = $incident; } //End hasRequired fields } // End foreach report loop } // End isKnown & isEnabled } else { // Pregmatch failed to get feedName from attachment $this->warningCount++; } } else { // Attached file is not a CSV within a ZIP file $this->warningCount++; } } // End each file in ZIP attachment loop } // End if not a ZIP attachment } // End foreach attachment loop return $this->success(); }