public function setUp()
{
$this->init = Init::init(IDS_CONFIG);
$this->init->config['General']['tmp_path'] = IDS_TEMP_DIR;
$this->init->config['Caching']['path'] = IDS_FILTER_CACHE_FILE;
$this->init->config['General']['filter_type'] = IDS_FILTER_TYPE;
$this->init->config['General']['filter_path'] = IDS_FILTER_SET;
}
/**
* Constructor
*
* @param string $type caching type
* @param object $init the IDS_Init object
* @throws \Exception
*
* @return void
*/
public function __construct($type, Init $init)
{
$this->type = $type;
$this->config = $init->config['Caching'];
$this->path = $init->getBasePath() . $this->config['path'];
if (file_exists($this->path) && !is_writable($this->path)) {
throw new \Exception('Make sure all files in ' . htmlspecialchars($this->path, ENT_QUOTES, 'UTF-8') . 'are writeable!');
}
}
private function getFilterSet($type)
{
$init = Init::init(IDS_CONFIG);
$init->config['General']['filter_type'] = strtolower($type);
$init->config['General']['filter_path'] = constant('IDS_FILTER_SET_' . strtoupper($type));
$init->config['Caching']['caching'] = 'none';
$storage = new Storage($init);
return $storage->getFilterSet();
}
/**
* Starts IDS with the Config
* defined in /application/config/staging/{MVC_ENV}/ids.ini
*
* @return \IDS\Init $oIdsInit
*/
public static function init()
{
// By Binding to this Event you
// could e.g. load a different config and save to Registry::set ('MVC_IDS_CONFIG', array([..]))
Event::RUN('mvc.ids.init.before');
$oIdsInit = Init::init(Registry::get('MVC_IDS_CONFIG'));
// By Binding to this Event you
// could modify the loaded config;
// The Config you could access by $oIdsInit->config
Event::RUN('mvc.ids.init.after', $oIdsInit);
return $oIdsInit;
}
public function dispatchLoopStartup(Zend_Controller_Request_Abstract $request)
{
$tmpPath = substr($_SERVER['DOCUMENT_ROOT'], 0, stripos($_SERVER['DOCUMENT_ROOT'], 'public'));
$init = Init::init($tmpPath . 'application/config/IdsConfig.ini');
$init->config['General']['base_path'] = $tmpPath . 'application/cache/ids/';
$ids = new Monitor($init);
/*
* Please keep in mind what array_merge does and how this might interfer
* with your variables_order settings
*/
$params = array('REQUEST' => $_REQUEST, 'GET' => $_GET, 'POST' => $_POST, 'COOKIE' => $_COOKIE);
$result = $ids->run($params);
if (!$result->isEmpty()) {
//TODO ab welcher Stufe wird es als Bedrohung eingestuft?
$request->setActionName('intrusion');
$request->setControllerName('error');
$request->setModuleName('default');
}
}
/**
* Constructor
*
* Loads filters based on provided IDS_Init settings.
*
* @param object $init IDS_Init instance
*
* @throws \InvalidArgumentException if unsupported filter type is given
* @return void
*/
public final function __construct(Init $init)
{
if ($init->config) {
$caching = isset($init->config['Caching']['caching']) ? $init->config['Caching']['caching'] : 'none';
$type = $init->config['General']['filter_type'];
$this->source = $init->getBasePath() . $init->config['General']['filter_path'];
if ($caching && $caching !== 'none') {
$this->cacheSettings = $init->config['Caching'];
$this->cache = CacheFactory::factory($init, 'storage');
}
switch ($type) {
case 'xml':
return $this->getFilterFromXML();
case 'json':
return $this->getFilterFromJson();
default:
throw new \InvalidArgumentException('Unsupported filter type.');
}
}
}
/**
* Constructor
*
* @throws \InvalidArgumentException When PHP version is less than what the library supports
* @throws \Exception
* @param Init $init instance of IDS_Init
* @param array|null $tags list of tags to which filters should be applied
* @return Monitor
*/
public function __construct(Init $init, array $tags = null)
{
$this->storage = new Storage($init);
$this->tags = $tags;
$this->scanKeys = $init->config['General']['scan_keys'];
$this->exceptions = isset($init->config['General']['exceptions']) ? $init->config['General']['exceptions'] : array();
$this->html = isset($init->config['General']['html']) ? $init->config['General']['html'] : array();
$this->json = isset($init->config['General']['json']) ? $init->config['General']['json'] : array();
if (isset($init->config['General']['HTML_Purifier_Cache'])) {
$this->HTMLPurifierCache = $init->getBasePath() . $init->config['General']['HTML_Purifier_Cache'];
}
$tmpPath = $init->getBasePath() . $init->config['General']['tmp_path'];
if (!is_writeable($tmpPath)) {
throw new \InvalidArgumentException("Please make sure the folder '{$tmpPath}' is writable");
}
}
public function testInitConfigWrongPathException()
{
$this->setExpectedException('InvalidArgumentException');
Init::init('IDS/Config/Config.ini.wrong');
}
public function setUp()
{
$this->init = Init::init(IDS_CONFIG);
}
public function testInstanciatingInitObjectWithoutPassingConfigFile()
{
$init = Init::init();
$this->assertInstanceOf('IDS\\Init', $init);
}
/**
* Protects against basic attempts of Cross-Site Scripting (XSS).
*
* @see http://technicalinfo.net/papers/CSS.html
*
* @return void
*
* @throws \Exception Thrown if there was a problem running ids detection
*/
public function idsInputFilter(Zikula_Event $event)
{
if ($event['stage'] & Zikula_Core::STAGE_MODS && System::getVar('useids') == 1) {
// Run IDS if desired
try {
$request = array();
// build request array defining what to scan
// @todo: change the order of the arrays to merge if ini_get('variables_order') != 'EGPCS'
if (isset($_REQUEST)) {
$request['REQUEST'] = $_REQUEST;
}
if (isset($_GET)) {
$request['GET'] = $_GET;
}
if (isset($_POST)) {
$request['POST'] = $_POST;
}
if (isset($_COOKIE)) {
$request['COOKIE'] = $_COOKIE;
}
if (isset($_SERVER['HTTP_HOST'])) {
$request['HOST'] = $_SERVER['HTTP_HOST'];
}
if (isset($_SERVER['HTTP_ACCEPT'])) {
$request['ACCEPT'] = $_SERVER['HTTP_ACCEPT'];
}
if (isset($_SERVER['USER_AGENT'])) {
$request['USER_AGENT'] = $_SERVER['USER_AGENT'];
}
// while i think that REQUEST_URI is unnecessary,
// the REFERER would be important, but results in way too many false positives
/*
if (isset($_SERVER['REQUEST_URI'])) {
$request['REQUEST_URI'] = $_SERVER['REQUEST_URI'];
}
if (isset($_SERVER['HTTP_REFERER'])) {
$request['REFERER'] = $_SERVER['HTTP_REFERER'];
}
*/
// initialise configuration object
$init = \IDS\Init::init();
// set configuration options
$init->config = $this->_getidsconfig();
// create new IDS instance
$ids = new \IDS\Monitor($init);
// run the request check and fetch the results
$result = $ids->run($request);
// analyze the results
if (!$result->isEmpty()) {
// process the \IDS\Report object
$this->_processIdsResult($init, $result);
} else {
// no attack detected
}
} catch (\Exception $e) {
// sth went wrong - maybe the filter rules weren't found
throw new \Exception(__f('An error occured during executing PHPIDS: %s', $e->getMessage()));
}
}
}
require_once $combined;
return;
} else {
$file = strtolower(str_replace('_', DIRECTORY_SEPARATOR, trim($class, '\\'))) . '.php';
$combined = '.' . DIRECTORY_SEPARATOR . $file;
if (file_exists($combined)) {
require_once $combined;
return;
}
}
});
use IDS\Init;
use IDS\Monitor;
try {
$request = array('GET' => $_GET, 'POST' => $_POST);
$init = Init::init(APP_PATH . '/vendors/ids/config/config.ini');
$init->config['General']['base_path'] = APP_PATH . '/vendors/ids/';
$init->config['General']['use_base_path'] = true;
$init->config['Caching']['caching'] = 'none';
$ids = new Monitor($init);
$result = $ids->run($request);
if (!$result->isEmpty()) {
$compositeLog = new IDS_Log_Composite();
$compositeLog->addLogger(IDS_Log_File::getInstance($init));
/*
$compositeLog->addLogger(
IDS_Log_Email::getInstance($init)
);
*/
$compositeLog->execute($result);
echo 'Data which you have sent contains dangerous chars. Please delete all cookies and try it again';
use IDS\Monitor;
use IDS\Log\CompositeLogger;
use IDS\Log\FileLogger;
if (!session_id()) {
session_start();
}
try {
/*
* It's pretty easy to get the PHPIDS running
* 1. Define what to scan
*
* Please keep in mind what array_merge does and how this might interfer
* with your variables_order settings
*/
$request = array('REQUEST' => $_REQUEST, 'GET' => $_GET, 'POST' => $_POST, 'COOKIE' => $_COOKIE);
$init = Init::init(dirname(__FILE__) . '/../../lib/IDS/Config/Config.ini.php');
/**
* You can also reset the whole configuration
* array or merge in own data
*
* This usage doesn't overwrite already existing values
* $config->setConfig(array('General' => array('filter_type' => 'xml')));
*
* This does (see 2nd parameter)
* $config->setConfig(array('General' => array('filter_type' => 'xml')), true);
*
* or you can access the config directly like here:
*/
$init->config['General']['base_path'] = dirname(__FILE__) . '/../../lib/IDS/';
$init->config['General']['use_base_path'] = true;
$init->config['Caching']['caching'] = 'none';
