/**
* tries to detect attacks via IDS monitor;
* If attack was detected, event 'mvc.ids.impact' will be run containing the Report object
*
* @access public
* @return void
*/
public function __construct()
{
Event::RUN('mvc.ids.before');
try {
$oRequest = Request::getInstance();
$aRequest = $oRequest->getQueryArray();
$oIdsInit = self::init();
$oIdsInit->config['General']['base_path'] = Registry::get('MVC_LIBRARY') . '/IDS/';
$oIdsInit->config['Caching']['path'] = Registry::get('MVC_CACHE_DIR');
// start monitoring on requests
$oIdsMonitor = new Monitor($oIdsInit);
$oIdsReport = $oIdsMonitor->run($aRequest);
// save to registry
Registry::set('MVC_IDS_INIT', $oIdsInit);
Registry::set('MVC_IDS_IMPACT', $oIdsReport);
// impact is given and threshold is reached
if (!$oIdsReport->isEmpty() && filter_var($oIdsReport->getImpact(), FILTER_VALIDATE_INT) >= $oIdsInit->config['General']['impactThreshold']) {
Event::RUN('mvc.ids.impact', $oIdsReport);
Event::RUN('mvc.ids.impact.warn', $oIdsReport);
} elseif (!$oIdsReport->isEmpty()) {
Event::RUN('mvc.ids.impact.info', $oIdsReport);
}
} catch (\Exception $oExc) {
Event::RUN('mvc.ids.execption', $oExc);
}
Event::RUN('mvc.ids.after', $this);
}
/**
* checks if env is develop, and if so:<br>
* - adds Event Listerner to 'mvc.view.render.before'<br>
* - starts collecting Infos and save it to Registry
*
* @access public
* @param \Smarty $oView
* @return void
*/
public function __construct(\Smarty $oView)
{
if ('develop' === \MVC\Registry::get('MVC_ENV')) {
// add toolbar at the right time
\MVC\Event::BIND('mvc.view.render.before', function ($oView) {
\InfoTool\Model\Index::injectToolbar($oView);
});
// get toolbar values and save them to registry
\MVC\Registry::set('aToolbar', $this->collectInfo($oView));
}
}
/**
* dispose affected Variables
*
* @param \IDS\Report $oIdsReport
* @access public
* @static
*/
public static function dispose(\IDS\Report $oIdsReport)
{
$aName = array();
$aDisposed = array();
// get Name of Variables
foreach ($oIdsReport->getIterator() as $oEvent) {
$aName[] = $oEvent->getName();
}
// iterate infected and dispose those
foreach ($aName as $sName) {
// get Type and Key
$aType = explode('.', $sName);
$sType = isset($aType[0]) ? $aType[0] : '';
$sKey = isset($aType[1]) ? $aType[1] : '';
$aAffected = isset($GLOBALS['_' . $sType][$sKey]) ? $GLOBALS['_' . $sType][$sKey] : array();
if (!empty($aAffected)) {
if ('GET' == $sType) {
if (isset($_GET[$sKey])) {
$_GET[$sKey] = null;
unset($_GET[$sKey]);
}
}
if ('POST' == $sType) {
if (isset($_POST[$sKey])) {
$_POST[$sKey] = null;
unset($_POST[$sKey]);
}
}
if ('COOKIE' == $sType) {
if (isset($_COOKIE[$sKey])) {
$_COOKIE[$sKey] = null;
unset($_COOKIE[$sKey]);
}
}
$aDisposed[] = $sType . '[' . $sKey . ']';
\MVC\Log::WRITE("INFO\tdisposed: " . $sType . '[' . $sKey . ']', 'ids.log');
// overwrite
$oRequest = Request::getInstance();
$oRequest->saveRequest();
}
}
\MVC\Registry::set('MVC_IDS_DISPOSED', $aDisposed);
}
