/**
* tries to detect attacks via IDS monitor;
* If attack was detected, event 'mvc.ids.impact' will be run containing the Report object
*
* @access public
* @return void
*/
public function __construct()
{
Event::RUN('mvc.ids.before');
try {
$oRequest = Request::getInstance();
$aRequest = $oRequest->getQueryArray();
$oIdsInit = self::init();
$oIdsInit->config['General']['base_path'] = Registry::get('MVC_LIBRARY') . '/IDS/';
$oIdsInit->config['Caching']['path'] = Registry::get('MVC_CACHE_DIR');
// start monitoring on requests
$oIdsMonitor = new Monitor($oIdsInit);
$oIdsReport = $oIdsMonitor->run($aRequest);
// save to registry
Registry::set('MVC_IDS_INIT', $oIdsInit);
Registry::set('MVC_IDS_IMPACT', $oIdsReport);
// impact is given and threshold is reached
if (!$oIdsReport->isEmpty() && filter_var($oIdsReport->getImpact(), FILTER_VALIDATE_INT) >= $oIdsInit->config['General']['impactThreshold']) {
Event::RUN('mvc.ids.impact', $oIdsReport);
Event::RUN('mvc.ids.impact.warn', $oIdsReport);
} elseif (!$oIdsReport->isEmpty()) {
Event::RUN('mvc.ids.impact.info', $oIdsReport);
}
} catch (\Exception $oExc) {
Event::RUN('mvc.ids.execption', $oExc);
}
Event::RUN('mvc.ids.after', $this);
}
/** @dataProvider getPayloads */
public function testSingleRules($ruleId, $payload)
{
$monitor = new Monitor($this->init);
$result = $monitor->run(array('payload' => $payload));
$event = $result->getEvent('payload');
$this->assertInstanceOf('IDS\\Event', $event);
$filters = $event->getFilters();
$this->assertCount(1, $filters);
$this->assertEquals($ruleId, $filters[0]->getId());
}
public function dispatchLoopStartup(Zend_Controller_Request_Abstract $request)
{
$tmpPath = substr($_SERVER['DOCUMENT_ROOT'], 0, stripos($_SERVER['DOCUMENT_ROOT'], 'public'));
$init = Init::init($tmpPath . 'application/config/IdsConfig.ini');
$init->config['General']['base_path'] = $tmpPath . 'application/cache/ids/';
$ids = new Monitor($init);
/*
* Please keep in mind what array_merge does and how this might interfer
* with your variables_order settings
*/
$params = array('REQUEST' => $_REQUEST, 'GET' => $_GET, 'POST' => $_POST, 'COOKIE' => $_COOKIE);
$result = $ids->run($params);
if (!$result->isEmpty()) {
//TODO ab welcher Stufe wird es als Bedrohung eingestuft?
$request->setActionName('intrusion');
$request->setControllerName('error');
$request->setModuleName('default');
}
}
$combined = '.' . DIRECTORY_SEPARATOR . $file;
if (file_exists($combined)) {
require_once $combined;
return;
}
}
});
use IDS\Init;
use IDS\Monitor;
try {
$request = array('GET' => $_GET, 'POST' => $_POST);
$init = Init::init(APP_PATH . '/vendors/ids/config/config.ini');
$init->config['General']['base_path'] = APP_PATH . '/vendors/ids/';
$init->config['General']['use_base_path'] = true;
$init->config['Caching']['caching'] = 'none';
$ids = new Monitor($init);
$result = $ids->run($request);
if (!$result->isEmpty()) {
$compositeLog = new IDS_Log_Composite();
$compositeLog->addLogger(IDS_Log_File::getInstance($init));
/*
$compositeLog->addLogger(
IDS_Log_Email::getInstance($init)
);
*/
$compositeLog->execute($result);
echo 'Data which you have sent contains dangerous chars. Please delete all cookies and try it again';
die;
}
} catch (\Exception $e) {
echo 'An error occured';
/**
* This method checks for the plain event of every single
* exploit array item
*
* @access private
* @param array $exploits
*/
private function _testForPlainEvent($exploits = array())
{
foreach ($exploits as $key => $value) {
$test = new Monitor($this->init);
if (preg_match('/^html_/', $key)) {
$this->init->config['General']['HTML_Purifier_Cache'] = IDS_TEMP_DIR;
$test->setHtml(array('test'));
}
$result = $test->run(array('test' => $value));
if ($result->getImpact() === 0) {
echo "\n\nNot detected: " . $value . "\n\n";
}
$this->assertTrue($result->getImpact() > 0);
}
}