/** * tries to detect attacks via IDS monitor; * If attack was detected, event 'mvc.ids.impact' will be run containing the Report object * * @access public * @return void */ public function __construct() { Event::RUN('mvc.ids.before'); try { $oRequest = Request::getInstance(); $aRequest = $oRequest->getQueryArray(); $oIdsInit = self::init(); $oIdsInit->config['General']['base_path'] = Registry::get('MVC_LIBRARY') . '/IDS/'; $oIdsInit->config['Caching']['path'] = Registry::get('MVC_CACHE_DIR'); // start monitoring on requests $oIdsMonitor = new Monitor($oIdsInit); $oIdsReport = $oIdsMonitor->run($aRequest); // save to registry Registry::set('MVC_IDS_INIT', $oIdsInit); Registry::set('MVC_IDS_IMPACT', $oIdsReport); // impact is given and threshold is reached if (!$oIdsReport->isEmpty() && filter_var($oIdsReport->getImpact(), FILTER_VALIDATE_INT) >= $oIdsInit->config['General']['impactThreshold']) { Event::RUN('mvc.ids.impact', $oIdsReport); Event::RUN('mvc.ids.impact.warn', $oIdsReport); } elseif (!$oIdsReport->isEmpty()) { Event::RUN('mvc.ids.impact.info', $oIdsReport); } } catch (\Exception $oExc) { Event::RUN('mvc.ids.execption', $oExc); } Event::RUN('mvc.ids.after', $this); }
/** * checks if env is develop, and if so:<br> * - adds Event Listerner to 'mvc.view.render.before'<br> * - starts collecting Infos and save it to Registry * * @access public * @param \Smarty $oView * @return void */ public function __construct(\Smarty $oView) { if ('develop' === \MVC\Registry::get('MVC_ENV')) { // add toolbar at the right time \MVC\Event::BIND('mvc.view.render.before', function ($oView) { \InfoTool\Model\Index::injectToolbar($oView); }); // get toolbar values and save them to registry \MVC\Registry::set('aToolbar', $this->collectInfo($oView)); } }
/** * dispose affected Variables * * @param \IDS\Report $oIdsReport * @access public * @static */ public static function dispose(\IDS\Report $oIdsReport) { $aName = array(); $aDisposed = array(); // get Name of Variables foreach ($oIdsReport->getIterator() as $oEvent) { $aName[] = $oEvent->getName(); } // iterate infected and dispose those foreach ($aName as $sName) { // get Type and Key $aType = explode('.', $sName); $sType = isset($aType[0]) ? $aType[0] : ''; $sKey = isset($aType[1]) ? $aType[1] : ''; $aAffected = isset($GLOBALS['_' . $sType][$sKey]) ? $GLOBALS['_' . $sType][$sKey] : array(); if (!empty($aAffected)) { if ('GET' == $sType) { if (isset($_GET[$sKey])) { $_GET[$sKey] = null; unset($_GET[$sKey]); } } if ('POST' == $sType) { if (isset($_POST[$sKey])) { $_POST[$sKey] = null; unset($_POST[$sKey]); } } if ('COOKIE' == $sType) { if (isset($_COOKIE[$sKey])) { $_COOKIE[$sKey] = null; unset($_COOKIE[$sKey]); } } $aDisposed[] = $sType . '[' . $sKey . ']'; \MVC\Log::WRITE("INFO\tdisposed: " . $sType . '[' . $sKey . ']', 'ids.log'); // overwrite $oRequest = Request::getInstance(); $oRequest->saveRequest(); } } \MVC\Registry::set('MVC_IDS_DISPOSED', $aDisposed); }