示例#1
0
 function __construct()
 {
     global $projectRootDir, $projectTmpDir;
     if (!function_exists('escapedHexToHex') || !function_exists('escapedOctDec')) {
         die('escapedHexToHex or escapedOctDec is missing');
     }
     $this->SIGNATURE_FILENAME = $projectRootDir . '/static/signatures/malware_db.xml';
     $this->QUEUE_FILENAME = $projectTmpDir . '/scan_queue.manul.tmp.txt';
     $this->QUEUE_OFFSET_FILENAME = $projectTmpDir . '/queue_offset.manul.tmp.txt';
     $this->MALWARE_LOG_FILENAME = $projectTmpDir . '/malware_log.manul.tmp.txt';
     $this->MALWARE_QUARANTINE_FILENAME = $projectTmpDir . '/malware_quarantine.manul.tmp.txt';
     $this->MALWARE_QUARANTINE_FILEPATH_FILEPATH = $projectTmpDir . '/malware_quarantine_filepath.tmp.txt';
     $this->XML_LOG_FILENAME = $projectTmpDir . '/scan_log.xml';
     $this->SCRIPT_START = time();
     $this->MAX_FILESIZE = 1 * 1024 * 1024;
     // 1MB
     $this->MAX_PREVIEW_LENGTH = 80;
     // characters
     $this->MAX_EXECUTION_DURATION = 20;
     $validator = new XmlValidator();
     if (!$validator->validate(implode('', file($this->SIGNATURE_FILENAME)), $projectRootDir . '/static/xsd/malware_db.xsd')) {
         die(basename(__FILE__) . PS_ERR_MALWARE_DB_BROKEN);
     }
     $this->signatures = new DOMDocument();
     $this->signatures->load($this->SIGNATURE_FILENAME);
 }
 public function testTransferInitiatorDetailsWithUnstructuredRemittanceIdentifier()
 {
     $transferMsgDetails = new TransferMsgDetails("http://10.18.70.8:7001/vendorconfirmation", "http://10.18.70.8:7001/transactionok?danke.asp", "http://10.18.70.8:7001/transactionnok?fehler.asp");
     $transferMsgDetails->TargetWindowNok = $transferMsgDetails->TargetWindowOk = 'Mustershop';
     $data = new TransferInitiatorDetails('AKLJS231534', 'topSecret', 'GAWIATW1XXX', 'Max Mustermann', 'AT611904300234573201', '1234567890ABCDEFG', 15000, $transferMsgDetails, '2007-03-16');
     $data->UnstructuredRemittanceIdentifier = 'Foo is not Bar';
     $data->SetExpirationMinutes(5);
     $aSimpleXml = $data->GetSimpleXml();
     $actual = $aSimpleXml->asXML();
     XmlValidator::ValidateEpsProtocol($actual);
     $this->assertContains('UnstructuredRemittanceIdentifier>Foo is not Bar', $actual);
 }
 private function startExecutor()
 {
     $view = new View();
     $healer = new Healer();
     if (!empty($_POST) && !empty($_POST['recipe'])) {
         $xmlRecipe = $_POST['recipe'];
         $validator = new XmlValidator();
         global $projectRootDir;
         if (get_magic_quotes_gpc()) {
             $xmlRecipe = stripslashes($xmlRecipe);
         }
         //TODO: implement proper XXE prevention or switch to JSON instead
         if (strpos(strtoupper($xmlRecipe), '<!ENTITY') !== false) {
             die('XXE detected');
         }
         if (!$validator->validate($xmlRecipe, $projectRootDir . '/static/xsd/recipe.xsd')) {
             die(PS_ERR_BROKEN_XML_FILE);
         }
         $executeList = '';
         $itemTemplate = new Template('executor_item.tpl');
         $quarantineFiles = array();
         $deleteFiles = array();
         $healer->prepareList($xmlRecipe, $quarantineFiles, $deleteFiles);
         for ($i = 0; $i < count($deleteFiles); $i++) {
             $itemTemplate->prepare();
             $itemTemplate->set('PREFIX', 'd');
             $itemTemplate->set('NUM', $i);
             $itemTemplate->set('ACTION', PS_RECIPE_ACTION_DEL);
             $itemTemplate->set('FILENAME', $this->getShortFilename($deleteFiles[$i]));
             $itemTemplate->set('FILENAME_B64', base64_encode($deleteFiles[$i]));
             $executeList .= $itemTemplate->get();
         }
         for ($i = 0; $i < count($quarantineFiles); $i++) {
             $itemTemplate->prepare();
             $itemTemplate->set('PREFIX', 'q');
             $itemTemplate->set('NUM', $i);
             $itemTemplate->set('ACTION', PS_RECIPE_ACTION_QUARANTINE);
             $itemTemplate->set('FILENAME', $this->getShortFilename($quarantineFiles[$i]));
             $itemTemplate->set('FILENAME_B64', base64_encode($quarantineFiles[$i]));
             $executeList .= $itemTemplate->get();
         }
         define('PS_EXECUTE_LIST', $executeList);
         define('PS_EXECUTE_TOTAL_D', count($deleteFiles));
         define('PS_EXECUTE_TOTAL_Q', count($quarantineFiles));
         $view->display('executor_changes.tpl');
     } else {
         if (isset($_POST['a']) && $_POST['a'] === 'apply') {
             $deleteTotal = (int) $_POST['total_d'];
             $quarantineTotal = (int) $_POST['total_q'];
             $deleteFiles = array();
             $quarantineFiles = array();
             for ($i = 0; $i < $deleteTotal; $i++) {
                 if (!empty($_POST['d_' . $i]) && $_POST['d_' . $i] === 'on') {
                     $deleteFiles[] = base64_decode($_POST['fn_d_' . $i]);
                 }
             }
             for ($i = 0; $i < $quarantineTotal; $i++) {
                 if (!empty($_POST['q_' . $i]) && $_POST['q_' . $i] === 'on') {
                     $quarantineFiles[] = base64_decode($_POST['fn_q_' . $i]);
                 }
             }
             $numQuarantined = 0;
             define('PS_EXECUTOR_LOG', $healer->executeXmlRecipe($deleteFiles, $quarantineFiles, $numQuarantined));
             $quarantineUrl = $_SERVER['PHP_SELF'] . '?controller=download&f=quarantine';
             define('PS_QUARANTINE_URL', $quarantineUrl);
             $view->display('executor_done.tpl');
         } else {
             if (isset($_REQUEST['a']) && $_REQUEST['a'] == 'selfDelete') {
                 global $projectRootDir, $projectTmpDir;
                 if ($projectTmpDir == sys_get_temp_dir()) {
                     @unlink($projectTmpDir . '/scan_log.xml');
                     array_map('unlink', glob($projectTmpDir . '/*.manul.tmp.txt'));
                     array_map('unlink', glob($projectTmpDir . '/*.manul.tmp'));
                     array_map('unlink', glob($projectTmpDir . '/config.php'));
                 }
                 $deleteResult = $healer->deleteDir($projectRootDir);
                 if ($deleteResult) {
                     print json_encode(array('result' => 'ok'));
                 } else {
                     print json_encode(array('result' => 'error', 'details' => $deleteResult));
                 }
             } else {
                 $view->display('executor.tpl');
             }
         }
     }
 }
 /**
  * Call this function when the confirmation URL is called by the Scheme Operator.
  * The function will write ShopResponseDetails to the $outputStream in case of
  * BankConfirmationDetails.
  * 
  * @param callable $confirmationCallback a callable to send BankConfirmationDetails to.
  * Will be called with the raw post data as first parameter and an Instance of
  * BankConfirmationDetails as second parameter. This callable must return TRUE.
  * @param callable $vitalityCheckCallback an optional callable for the vitalityCheck
  * @param string $rawPostStream will read from this stream or file with file_get_contents
  * @param string $outputStream will write to this stream the expected responses for the
  * Scheme Operator
  * @throws InvalidCallbackException when callback is not callable
  * @throws CallbackResponseException when callback does not return TRUE
  * @throws XmlValidationException when $rawInputStream does not validate against XSD
  * @throws \UnexpectedValueException when using security suffix without security seed
  * @throws UnknownRemittanceIdentifierException when security suffix does not match
  */
 public function HandleConfirmationUrl($confirmationCallback, $vitalityCheckCallback = null, $rawPostStream = 'php://input', $outputStream = 'php://output')
 {
     $shopResponseDetails = new ShopResponseDetails();
     try {
         $this->TestCallability($confirmationCallback, 'confirmationCallback');
         if ($vitalityCheckCallback != null) {
             $this->TestCallability($vitalityCheckCallback, 'vitalityCheckCallback');
         }
         $HTTP_RAW_POST_DATA = file_get_contents($rawPostStream);
         XmlValidator::ValidateEpsProtocol($HTTP_RAW_POST_DATA);
         $xml = new \SimpleXMLElement($HTTP_RAW_POST_DATA);
         $epspChildren = $xml->children(XMLNS_epsp);
         $firstChildName = $epspChildren[0]->getName();
         if ($firstChildName == 'VitalityCheckDetails') {
             $this->WriteLog('Vitality Check');
             if ($vitalityCheckCallback != null) {
                 $VitalityCheckDetails = new VitalityCheckDetails($xml);
                 $this->ConfirmationUrlCallback($vitalityCheckCallback, 'vitality check', array($HTTP_RAW_POST_DATA, $VitalityCheckDetails));
             }
             // 7.1.9 Schritt III-3: Bestätigung Vitality Check Händler-eps SO
             file_put_contents($outputStream, $HTTP_RAW_POST_DATA);
         } else {
             if ($firstChildName == 'BankConfirmationDetails') {
                 $this->WriteLog('Bank Confirmation');
                 $BankConfirmationDetails = new BankConfirmationDetails($xml);
                 // Strip security hash from remittance identifier
                 $BankConfirmationDetails->SetRemittanceIdentifier($this->StripHash($BankConfirmationDetails->GetRemittanceIdentifier()));
                 $shopResponseDetails->SessionId = $BankConfirmationDetails->GetSessionId();
                 $shopResponseDetails->StatusCode = $BankConfirmationDetails->GetStatusCode();
                 $shopResponseDetails->PaymentReferenceIdentifier = $BankConfirmationDetails->GetPaymentReferenceIdentifier();
                 $this->WriteLog(sprintf('Calling confirmationUrlCallback for remittance identifier "%s" with status code %s', $BankConfirmationDetails->GetRemittanceIdentifier(), $BankConfirmationDetails->GetStatusCode()));
                 $this->ConfirmationUrlCallback($confirmationCallback, 'confirmation', array($HTTP_RAW_POST_DATA, $BankConfirmationDetails));
                 // Schritt III-8: Bestätigung Erhalt eps Zahlungsbestätigung Händler-eps SO
                 $this->WriteLog('III-8 Confirming payment receipt');
                 file_put_contents($outputStream, $shopResponseDetails->GetSimpleXml()->asXml());
             }
         }
     } catch (\Exception $e) {
         $this->WriteLog($e->getMessage());
         if (is_subclass_of($e, 'at\\externet\\eps_bank_transfer\\ShopResponseException')) {
             $shopResponseDetails->ErrorMsg = $e->GetShopResponseErrorMessage();
         } else {
             $shopResponseDetails->ErrorMsg = 'An exception of type "' . get_class($e) . '" occurred during handling of the confirmation url';
         }
         file_put_contents($outputStream, $shopResponseDetails->GetSimpleXml()->asXml());
         throw $e;
     }
 }
 /**
  * Validate definition
  *
  * @param string $definition 
  * @return mixed - success: boolean, unsuccess: string - message error
  * @author Sergey Startsev
  */
 protected function doValidatePacked()
 {
     $definition = $this->getDefinition();
     $tempPath = tempnam(sys_get_temp_dir(), 'studio_wi_wb') . '.xml';
     afStudioUtil::writeFile($tempPath, $definition);
     $validator = new XmlValidator($tempPath);
     $status = $validator->validateXmlDocument();
     unlink($tempPath);
     $status = $validator->validateXmlDocument(true);
     if ($status[0] == self::IDENTIFICATOR_ERROR) {
         $return = trim($status[1]->getMessage());
     } else {
         $return = true;
     }
     return $return;
 }
示例#6
0
 /**
  * testInvalidXml.
  *
  * @expectedException Hogosha\Monitor\Exception\ValidatorException
  * @expectedExceptionMessage This xml is not valid
  */
 public function testInvalidXml()
 {
     $xmlValidator = new XmlValidator();
     $xmlValidator->check('<xml></xml', '//nickanme');
 }
 public function readXmlDocument($path = null, $security = false, $uri = false)
 {
     $page = false;
     if (!$uri) {
         $action = sfContext::getInstance()->getActionName();
         $module = sfContext::getInstance()->getModuleName();
     } else {
         $module = strtok($uri, "/");
         $action = strtok("/");
     }
     if ($path === null) {
         $pathCU = new afConfigUtils($module);
         $path = $pathCU->getConfigFilePath($action . '.xml', true);
         if (strstr($path, "page")) {
             $page = true;
         }
     }
     $hash = sha1_file($path);
     $obj = afValidatorCachePeer::inCache($path);
     if (!$obj || $obj->getSignature() != $hash) {
         $doc = new XmlValidator($path, $security, false, false, $page ? $this->context->getModuleName() . "/" . $this->context->getActionName() : null);
         $doc->validateXmlDocument();
         $this->document = $doc->getXmlDocument();
         $this->validator = $doc;
     } else {
         $this->document = new DOMDocument();
         $this->document->load($path);
     }
     parent::setNamespace($security);
     parent::setXmlDocument($this->document);
     parent::setXpath();
     XmlBaseElementParser::clearRetVal();
 }
 public function testHandleConfirmationUrlThrowsExceptionOnInvalidSecuritySetup()
 {
     $dataPath = $this->GetEpsDataPath('BankConfirmationDetailsWithSignature.xml');
     $temp = tempnam(sys_get_temp_dir(), 'SoCommunicatorTest_');
     $this->target->ObscuritySuffixLength = 3;
     try {
         $this->target->HandleConfirmationUrl(function () {
         }, null, $dataPath, $temp);
     } catch (\UnexpectedValueException $e) {
         // expected
     }
     $actual = file_get_contents($temp);
     XmlValidator::ValidateEpsProtocol($actual);
     $this->assertContains('ShopResponseDetails>', $actual);
     $this->assertContains('ErrorMsg>An exception of type "UnexpectedValueException" occurred during handling of the confirmation url', $actual);
 }
 public function testWithSignatureReturnsTrue()
 {
     $ret = XmlValidator::ValidateEpsProtocol($this->GetEpsData('BankConfirmationDetailsWithSignature.xml'));
     $this->assertTrue($ret);
 }