public function doValidation(Response $response)
{
$result = json_decode($response->getBody());
if ($result === null) {
throw new ValidationFailedException("The given JSON data can not be validated (last error: '" . $this->json_errors[json_last_error()] . "').");
}
}
protected function doValidation(Response $response)
{
$crawler = new Crawler($response->getBody());
$actionNodes = $crawler->filterXPath('//form[//input[@type="password"]]');
$url = (string) $response->getUri();
foreach ($actionNodes as $node) {
$action = $node->getAttribute('action');
if (strpos($action, 'https://') === 0) {
continue;
}
$fullPath = $node->tagName;
$parent = $node->parentNode;
while ($parent = $parent->parentNode) {
if (property_exists($parent, 'tagName')) {
$fullPath = $parent->tagName . '/' . $fullPath;
} else {
break;
}
}
if (in_array($fullPath, $this->knownIdentifier, true)) {
continue;
}
$this->knownIdentifier[] = $fullPath;
$this->assert(strpos($url, 'https://') !== false, 'Password is transferred insecure using HTTP.');
}
}
protected function doValidation(Response $response)
{
$data = json_decode($response->getBody());
if ($data === null) {
throw new ValidationFailedException("The given JSON data can not be validated (last error: '" . $this->json_errors[json_last_error()] . "').");
} else {
$error = false;
$messageParts = array();
foreach ($this->jsonSchemaFiles as $jsonSchemaFile) {
$factory = new Factory(null, null, Constraint::CHECK_MODE_TYPE_CAST | Constraint::CHECK_MODE_COERCE);
$validator = new Validator($factory);
$jsonSchemaObject = (object) json_decode(file_get_contents($jsonSchemaFile['jsonschemafileurl']));
$validator->check($data, $jsonSchemaObject);
if (!$validator->isValid()) {
$error = true;
$errorMessage = '';
foreach ($validator->getErrors() as $error) {
$errorMessage = $errorMessage . sprintf("[%s] %s\n", $error['property'], $error['message']);
}
$messageParts[] = $jsonSchemaFile['jsonschemafilename'] . ' - ' . $jsonSchemaFile['jsonschemafileurl'] . '(last error: ' . $errorMessage . ').';
}
}
if ($error == true) {
$message = 'JSON file (' . (string) $response->getUri() . ') does not validate against the following JSON Schema files: ' . implode(", ", $messageParts);
throw new ValidationFailedException($message);
}
}
}
public function doValidation(Response $response)
{
$body = (string) $response->getBody();
$json = json_decode($body);
if (!$json) {
throw new ValidationFailedException('The given json document is empty or not valid json.');
}
$store = new JsonStore($json);
$error = false;
$noCorrectJsonPaths = array();
foreach ($this->jsonPaths as $path) {
$jsonValue = $store->get($path['pattern']);
$count = count($jsonValue);
if ($jsonValue === FALSE || is_array($jsonValue) && empty($jsonValue)) {
$error = true;
$noCorrectJsonPaths[] = $path['pattern'] . ' (JSON Path not found)';
}
if ($this->checkRelation($path['relation'], $path['value'], $count) === false) {
$error = true;
$noCorrectJsonPaths[] = $path['pattern'] . ' (number of JSONPaths is not correct corresponding to the given relation/value)';
}
}
if ($error === true) {
$allNoCorrectJsonPaths = implode('", "', $noCorrectJsonPaths);
throw new ValidationFailedException('Disonances with JSON Paths "' . $allNoCorrectJsonPaths . '!');
}
}
public function validate(Response $response)
{
if ('https' === $response->getUri()->getScheme()) {
$certInfo = $this->getCertifacateInformation($response->getUri()->getHost());
$this->doValidate($certInfo);
}
}
public function validate(Response $response)
{
if (($response->getStatus() < 300 || $response->getStatus() >= 400) && $response->getContentType() === 'text/html') {
if (stripos($response->getBody(), '</html>') === false) {
throw new ValidationFailedException('Closing html tag is missing');
}
}
}
protected function doValidation(Response $response)
{
if (strpos((string) $response->getUri(), 'favicon.ico') === false) {
return;
}
$imageHash = md5($response->getBody());
$this->assert(!array_key_exists($imageHash, $this->favicons), 'Seems like you use the standard favicon of your framework (' . $this->favicons[$imageHash] . ').');
}
public function validate(Response $response)
{
if ($response->getStatus() <= $this->maxStatusCode) {
if ($response->hasHeader('Cache-Control') && false !== strpos($response->getHeader('Cache-Control')[0], 'max-age=0')) {
throw new ValidationFailedException('max-age=0 was found');
}
}
}
public function doValidation(Response $response)
{
$domDocument = new \DOMDocument();
$success = @$domDocument->loadXML((string) $response->getBody());
if (!$success) {
$lastError = libxml_get_last_error();
throw new ValidationFailedException('The xml file ' . $response->getUri() . ' is not well formed (last error: ' . str_replace("\n", '', $lastError->message) . ').');
}
}
protected function doValidation(Response $response)
{
$body = $response->getBody();
// sitemapindex or urlset
if (preg_match('/<sitemapindex/', $body)) {
$this->validateBody($body, (string) $response->getUri());
} elseif (preg_match('/<urlset/', $body)) {
$this->validateBody($body, (string) $response->getUri(), false);
}
}
protected function doValidation(Response $response)
{
if ($response->getStatus() >= 300) {
return;
}
$crawler = new Crawler($response->getBody());
$metaTags = $crawler->filterXPath("//meta[@name='robots']/@content");
foreach ($metaTags as $metaTag) {
$this->assert(strpos($metaTag->nodeValue, 'no-index') === false, 'A meta tag "robots" with the value "no-index" was found');
}
}
/**
* {@inheritdoc}
*/
protected function doValidation(Response $response)
{
$document = new Document($response->getBody(), false);
$urls = $document->getDependencies($response->getUri());
$invalidUrls = array();
foreach ($urls as $url) {
if (!filter_var(trim((string) $url), FILTER_VALIDATE_URL)) {
$invalidUrls[] = (string) $url;
}
}
$this->assert(count($invalidUrls) === 0, 'Invalid urls found (' . implode(', ', $invalidUrls) . ').');
}
public function doValidation(Response $response)
{
// @todo the test should not fail with the first not found header
foreach ($this->checkedHeaders as $headerConfig) {
if (!$response->hasHeader($headerConfig['key'])) {
throw new ValidationFailedException('Header not found (' . $headerConfig['key'] . ')');
}
$currentValue = $response->getHeader($headerConfig['key'])[0];
if (!preg_match('^' . $headerConfig['value'] . '^', $currentValue, $matches)) {
throw new ValidationFailedException('Header "' . $headerConfig['key'] . '" does not match "' . $headerConfig['value'] . '". Current value is "' . $currentValue . '"');
}
}
}
public function validate(Response $response)
{
$request = $response->getRequest();
if ('https' !== $request->getUri()->getScheme()) {
return;
}
$htmlDocument = new Document($response->getBody());
$resources = $htmlDocument->getDependencies($response->getRequest()->getUri(), false);
foreach ($resources as $resource) {
if ($resource->getScheme() && 'https' !== $resource->getScheme()) {
throw new ValidationFailedException('At least one dependency was found on a secure url, that was transfered insecure (' . (string) $resource . ')');
}
}
}
public function validate(Response $response)
{
if ($response->getStatus() <= $this->maxStatusCode) {
if ($response->hasHeader('Expires')) {
$expireRaw = preg_replace('/[^A-Za-z0-9\\-\\/,]/', '', $response->getHeader('Expires')[0]);
if ($expireRaw !== '') {
$expires = strtotime($response->getHeader('Expires')[0]);
if ($expires < time()) {
throw new ValidationFailedException('expires in the past');
}
}
}
}
}
protected function doValidation(Response $response)
{
$document = new Document($response->getBody());
$images = $document->getImages($response->getUri());
$foreignImages = array();
/* @var $currentUri Uri */
$currentUri = $response->getUri();
foreach ($images as $image) {
/* @var $image Uri */
if ($currentUri->getHost($this->depth) !== $image->getHost($this->depth)) {
$foreignImages[] = (string) $image;
}
}
$this->assert(count($foreignImages) === 0, 'Images from a foreign domain where found (' . implode(', ', $foreignImages) . ')');
}
/**
* @Event("Scanner.CheckResponse.isFiltered")
*/
public function isFiltered(Event $event, $ruleName, Response $response)
{
$uri = (string) $this->retriever->getOriginUri($response->getUri());
if ($this->currentModus === self::MODUS_FILTER) {
$isFiltered = $this->isFilteredByFilter($ruleName, $uri);
} else {
$isFiltered = $this->isFilteredByExclusives($ruleName, $uri);
}
if ($isFiltered) {
$event->setProcessed();
return true;
} else {
return false;
}
}
public function validate(Response $response)
{
if ($response->getContentType() !== 'application/javascript') {
return;
}
$filename = $this->tmpDir . DIRECTORY_SEPARATOR . md5($response->getBody()) . '.js';
file_put_contents($filename, $response->getBody());
$conf = __DIR__ . DIRECTORY_SEPARATOR . 'jsHint.conf';
$command = $this->jsHintExecutable . ' --config ' . $conf . ' --verbose ' . $filename . ' | grep -E E[0-9]+.$';
$validationResult = shell_exec($command);
unlink($filename);
if (!is_null($validationResult)) {
$errorMsg = str_replace($filename . ':', '', $validationResult);
throw new ValidationFailedException('JavaScript error found: ' . $errorMsg);
}
}
public function validate(Response $response)
{
if (count($this->contentTypes) > 0) {
$valid = false;
foreach ($this->contentTypes as $validContentType) {
if (strpos($response->getContentType(), $validContentType) !== false) {
$valid = true;
break;
}
}
if (!$valid) {
return;
}
}
$this->doValidation($response);
}
public function doValidation(Response $response)
{
$domDocument = new \DOMDocument();
@$domDocument->loadHTML((string) $response->getBody());
$domXPath = new \DOMXPath($domDocument);
$error = false;
$snotFoundSelectors = array();
foreach ($this->cssSelectors as $selector) {
$converter = new CssSelectorConverter();
$selectorAsXPath = $converter->toXPath($selector['pattern']);
$count = $domXPath->query($selectorAsXPath)->length;
if ($count === 0) {
$error = true;
$snotFoundSelectors[] = $selector['pattern'];
}
}
if ($error === true) {
$allNotFoundSelectors = implode('", "', $snotFoundSelectors);
throw new ValidationFailedException('CSS Selector "' . $allNotFoundSelectors . '" not found in DOM.');
}
}
protected function doValidation(Response $response)
{
$body = $response->getBody();
$dom = new \DOMDocument();
@$dom->loadXML($body);
$filename = (string) $response->getUri();
$error = false;
$messageParts = array();
foreach ($this->xsdFiles as $xsdFile) {
$valid = @$dom->schemaValidate($xsdFile['xsdfileurl']);
if (!$valid) {
$error = true;
$lastError = libxml_get_last_error();
$messageParts[] = $xsdFile['xsdfilename'] . ' - ' . $xsdFile['xsdfileurl'] . '(last error: ' . str_replace("\n", '', $lastError->message) . ').';
}
}
if ($error === true) {
$message = 'XML file (' . $filename . ') does not validate against the following XSD files: ' . implode(", ", $messageParts);
throw new ValidationFailedException($message);
}
}
public function validate(Response $response)
{
if ($response->getContentType() !== 'text/html') {
return;
}
$crawler = new Crawler($response->getBody());
$idList = $crawler->filterXPath('//*[@id!=""]');
$foundIds = array();
$duplicatedIds = array();
foreach ($idList as $idElement) {
$id = $idElement->getAttribute('id');
if (array_key_exists($id, $foundIds)) {
$duplicatedIds[$id] = true;
} else {
$foundIds[$id] = true;
}
}
if (count($duplicatedIds) > 0) {
unset($duplicatedIds['']);
throw new ValidationFailedException('Duplicate ids found (' . implode(', ', array_keys($duplicatedIds)) . ')');
}
}
public function doValidation(Response $response)
{
$domDocument = new \DOMDocument();
@$domDocument->loadHTML((string) $response->getBody());
$domXPath = new \DOMXPath($domDocument);
foreach ($this->xPaths as $xpath) {
$count = $domXPath->query($xpath['pattern'])->length;
if ($xpath['relation'] === 'equals') {
$result = $count === (int) $xpath['value'];
$message = 'The xpath "' . $xpath['pattern'] . '" was found ' . $count . ' times. Expected were exact ' . $xpath['value'] . ' occurencies.';
} elseif ($xpath['relation'] === 'less than') {
$result = $count < (int) $xpath['value'];
$message = 'The xpath "' . $xpath['pattern'] . '" was found ' . $count . ' times. Expected were less than ' . $xpath['value'] . '.';
} elseif ($xpath['relation'] === 'greater than') {
$result = $count > (int) $xpath['value'];
$message = 'The xpath "' . $xpath['pattern'] . '" was found ' . $count . ' times. Expected were more than ' . $xpath['value'] . '.';
} else {
throw new \RuntimeException('Relation not defined. Given "' . $xpath['relation'] . '" expected [equals, greater than, less than]');
}
$this->assert($result, $message);
}
}
public function validate(Response $response)
{
$url = $response->getUri()->getScheme() . '://' . $response->getUri()->getHost();
if (substr_count($url, '/') === 2) {
$filename = $robotsUrl = $url . '/robots.txt';
} elseif (substr_count($url, '/') === 3) {
$filename = $robotsUrl = $url . 'robots.txt';
} else {
return;
}
$headers = @get_headers($filename);
if (strpos($headers[0], '200') !== false) {
$content = file_get_contents($filename);
$normalizedContent = strtolower(str_replace(' ', '', $content));
if (strpos($normalizedContent, 'disallow:/' . PHP_EOL) !== false) {
throw new ValidationFailedException('The robots.txt contains disallow all (Disallow: /)');
}
if (strpos($normalizedContent, 'disallow:/') === strlen($normalizedContent) - 10) {
throw new ValidationFailedException('The robots.txt contains disallow all (Disallow: /)');
}
}
}
public function validate(Response $response)
{
if ($response->getContentType() !== 'text/xml') {
return;
}
$body = $response->getBody();
if (preg_match('/<rss/', $body)) {
libxml_clear_errors();
$dom = new \DOMDocument();
@$dom->loadXML($body);
$lastError = libxml_get_last_error();
if ($lastError) {
throw new ValidationFailedException('The given xml file is not well formed (last error: ' . str_replace("\n", '', $lastError->message) . ').');
}
$valid = @$dom->schemaValidate($this->getSchema());
if (!$valid) {
$lastError = libxml_get_last_error();
$lastErrorMessage = str_replace("\n", '', $lastError->message);
throw new ValidationFailedException('The given xml file did not Validate vs. ' . $this->getSchema() . ' (last error: ' . $lastErrorMessage . ').');
}
}
}
public function doValidation(Response $response)
{
if (strpos($response->getContentType(), 'image') === false && strpos($response->getContentType(), 'pdf') === false && strlen((string) $response->getBody()) >= $this->minFileSize) {
if (!$response->hasHeader('Content-Encoding') || $response->getHeader('Content-Encoding')[0] !== 'gzip') {
throw new ValidationFailedException('gzip compression not active');
}
}
}
public function validate(Response $response)
{
if ($response->getStatus() <= $this->maxStatusCode) {
if ($response->hasHeader('Pragma') && 'no-cache' === $response->getHeader('Pragma')[0]) {
throw new ValidationFailedException('pragma:no-cache was found');
}
if ($response->hasHeader('Cache-Control') && false !== strpos($response->getHeader('Cache-Control')[0], 'no-cache')) {
throw new ValidationFailedException('cache-control:no-cache was found');
}
}
}
public function testResponse()
{
$testBody = 'TestBodyWith<strong>special</strong>Chäräctörs';
$testHeader = HeadersParser::parse(['Header1' => 'Test Header']);
$testStatus = 200;
$testUri = new Uri('http://smoke.phmlabs.com');
$testRequest = new Request($testUri);
$stream = fopen('data://text/plain,' . $testBody, 'r');
$response = new Response($stream, $testStatus, array(), ['request' => $testRequest]);
$this->assertEquals($testBody, $response->getBody());
$this->assertEquals([], $response->getHeader('Test Header'));
$this->assertEquals($testStatus, $response->getStatus());
$this->assertEmpty($response->getContentType());
$this->assertEquals($testRequest, $response->getRequest());
}
public function validate(Response $response)
{
if ($response->getDuration() > $this->maxDuration) {
throw new ValidationFailedException('the http request lasted ' . $response->getDuration() . ' milliseconds.');
}
}
protected function doValidation(Response $response)
{
foreach ($this->regExs as $regEx) {
$this->assert(preg_match('^' . $regEx . '^', (string) $response->getBody()) > 0, 'The given regular expression (' . $regEx . ') was not found in this document.');
}
}
