function __construct() { global $projectRootDir, $projectTmpDir; if (!function_exists('escapedHexToHex') || !function_exists('escapedOctDec')) { die('escapedHexToHex or escapedOctDec is missing'); } $this->SIGNATURE_FILENAME = $projectRootDir . '/static/signatures/malware_db.xml'; $this->QUEUE_FILENAME = $projectTmpDir . '/scan_queue.manul.tmp.txt'; $this->QUEUE_OFFSET_FILENAME = $projectTmpDir . '/queue_offset.manul.tmp.txt'; $this->MALWARE_LOG_FILENAME = $projectTmpDir . '/malware_log.manul.tmp.txt'; $this->MALWARE_QUARANTINE_FILENAME = $projectTmpDir . '/malware_quarantine.manul.tmp.txt'; $this->MALWARE_QUARANTINE_FILEPATH_FILEPATH = $projectTmpDir . '/malware_quarantine_filepath.tmp.txt'; $this->XML_LOG_FILENAME = $projectTmpDir . '/scan_log.xml'; $this->SCRIPT_START = time(); $this->MAX_FILESIZE = 1 * 1024 * 1024; // 1MB $this->MAX_PREVIEW_LENGTH = 80; // characters $this->MAX_EXECUTION_DURATION = 20; $validator = new XmlValidator(); if (!$validator->validate(implode('', file($this->SIGNATURE_FILENAME)), $projectRootDir . '/static/xsd/malware_db.xsd')) { die(basename(__FILE__) . PS_ERR_MALWARE_DB_BROKEN); } $this->signatures = new DOMDocument(); $this->signatures->load($this->SIGNATURE_FILENAME); }
public function testTransferInitiatorDetailsWithUnstructuredRemittanceIdentifier() { $transferMsgDetails = new TransferMsgDetails("http://10.18.70.8:7001/vendorconfirmation", "http://10.18.70.8:7001/transactionok?danke.asp", "http://10.18.70.8:7001/transactionnok?fehler.asp"); $transferMsgDetails->TargetWindowNok = $transferMsgDetails->TargetWindowOk = 'Mustershop'; $data = new TransferInitiatorDetails('AKLJS231534', 'topSecret', 'GAWIATW1XXX', 'Max Mustermann', 'AT611904300234573201', '1234567890ABCDEFG', 15000, $transferMsgDetails, '2007-03-16'); $data->UnstructuredRemittanceIdentifier = 'Foo is not Bar'; $data->SetExpirationMinutes(5); $aSimpleXml = $data->GetSimpleXml(); $actual = $aSimpleXml->asXML(); XmlValidator::ValidateEpsProtocol($actual); $this->assertContains('UnstructuredRemittanceIdentifier>Foo is not Bar', $actual); }
private function startExecutor() { $view = new View(); $healer = new Healer(); if (!empty($_POST) && !empty($_POST['recipe'])) { $xmlRecipe = $_POST['recipe']; $validator = new XmlValidator(); global $projectRootDir; if (get_magic_quotes_gpc()) { $xmlRecipe = stripslashes($xmlRecipe); } //TODO: implement proper XXE prevention or switch to JSON instead if (strpos(strtoupper($xmlRecipe), '<!ENTITY') !== false) { die('XXE detected'); } if (!$validator->validate($xmlRecipe, $projectRootDir . '/static/xsd/recipe.xsd')) { die(PS_ERR_BROKEN_XML_FILE); } $executeList = ''; $itemTemplate = new Template('executor_item.tpl'); $quarantineFiles = array(); $deleteFiles = array(); $healer->prepareList($xmlRecipe, $quarantineFiles, $deleteFiles); for ($i = 0; $i < count($deleteFiles); $i++) { $itemTemplate->prepare(); $itemTemplate->set('PREFIX', 'd'); $itemTemplate->set('NUM', $i); $itemTemplate->set('ACTION', PS_RECIPE_ACTION_DEL); $itemTemplate->set('FILENAME', $this->getShortFilename($deleteFiles[$i])); $itemTemplate->set('FILENAME_B64', base64_encode($deleteFiles[$i])); $executeList .= $itemTemplate->get(); } for ($i = 0; $i < count($quarantineFiles); $i++) { $itemTemplate->prepare(); $itemTemplate->set('PREFIX', 'q'); $itemTemplate->set('NUM', $i); $itemTemplate->set('ACTION', PS_RECIPE_ACTION_QUARANTINE); $itemTemplate->set('FILENAME', $this->getShortFilename($quarantineFiles[$i])); $itemTemplate->set('FILENAME_B64', base64_encode($quarantineFiles[$i])); $executeList .= $itemTemplate->get(); } define('PS_EXECUTE_LIST', $executeList); define('PS_EXECUTE_TOTAL_D', count($deleteFiles)); define('PS_EXECUTE_TOTAL_Q', count($quarantineFiles)); $view->display('executor_changes.tpl'); } else { if (isset($_POST['a']) && $_POST['a'] === 'apply') { $deleteTotal = (int) $_POST['total_d']; $quarantineTotal = (int) $_POST['total_q']; $deleteFiles = array(); $quarantineFiles = array(); for ($i = 0; $i < $deleteTotal; $i++) { if (!empty($_POST['d_' . $i]) && $_POST['d_' . $i] === 'on') { $deleteFiles[] = base64_decode($_POST['fn_d_' . $i]); } } for ($i = 0; $i < $quarantineTotal; $i++) { if (!empty($_POST['q_' . $i]) && $_POST['q_' . $i] === 'on') { $quarantineFiles[] = base64_decode($_POST['fn_q_' . $i]); } } $numQuarantined = 0; define('PS_EXECUTOR_LOG', $healer->executeXmlRecipe($deleteFiles, $quarantineFiles, $numQuarantined)); $quarantineUrl = $_SERVER['PHP_SELF'] . '?controller=download&f=quarantine'; define('PS_QUARANTINE_URL', $quarantineUrl); $view->display('executor_done.tpl'); } else { if (isset($_REQUEST['a']) && $_REQUEST['a'] == 'selfDelete') { global $projectRootDir, $projectTmpDir; if ($projectTmpDir == sys_get_temp_dir()) { @unlink($projectTmpDir . '/scan_log.xml'); array_map('unlink', glob($projectTmpDir . '/*.manul.tmp.txt')); array_map('unlink', glob($projectTmpDir . '/*.manul.tmp')); array_map('unlink', glob($projectTmpDir . '/config.php')); } $deleteResult = $healer->deleteDir($projectRootDir); if ($deleteResult) { print json_encode(array('result' => 'ok')); } else { print json_encode(array('result' => 'error', 'details' => $deleteResult)); } } else { $view->display('executor.tpl'); } } } }
/** * Call this function when the confirmation URL is called by the Scheme Operator. * The function will write ShopResponseDetails to the $outputStream in case of * BankConfirmationDetails. * * @param callable $confirmationCallback a callable to send BankConfirmationDetails to. * Will be called with the raw post data as first parameter and an Instance of * BankConfirmationDetails as second parameter. This callable must return TRUE. * @param callable $vitalityCheckCallback an optional callable for the vitalityCheck * @param string $rawPostStream will read from this stream or file with file_get_contents * @param string $outputStream will write to this stream the expected responses for the * Scheme Operator * @throws InvalidCallbackException when callback is not callable * @throws CallbackResponseException when callback does not return TRUE * @throws XmlValidationException when $rawInputStream does not validate against XSD * @throws \UnexpectedValueException when using security suffix without security seed * @throws UnknownRemittanceIdentifierException when security suffix does not match */ public function HandleConfirmationUrl($confirmationCallback, $vitalityCheckCallback = null, $rawPostStream = 'php://input', $outputStream = 'php://output') { $shopResponseDetails = new ShopResponseDetails(); try { $this->TestCallability($confirmationCallback, 'confirmationCallback'); if ($vitalityCheckCallback != null) { $this->TestCallability($vitalityCheckCallback, 'vitalityCheckCallback'); } $HTTP_RAW_POST_DATA = file_get_contents($rawPostStream); XmlValidator::ValidateEpsProtocol($HTTP_RAW_POST_DATA); $xml = new \SimpleXMLElement($HTTP_RAW_POST_DATA); $epspChildren = $xml->children(XMLNS_epsp); $firstChildName = $epspChildren[0]->getName(); if ($firstChildName == 'VitalityCheckDetails') { $this->WriteLog('Vitality Check'); if ($vitalityCheckCallback != null) { $VitalityCheckDetails = new VitalityCheckDetails($xml); $this->ConfirmationUrlCallback($vitalityCheckCallback, 'vitality check', array($HTTP_RAW_POST_DATA, $VitalityCheckDetails)); } // 7.1.9 Schritt III-3: Bestätigung Vitality Check Händler-eps SO file_put_contents($outputStream, $HTTP_RAW_POST_DATA); } else { if ($firstChildName == 'BankConfirmationDetails') { $this->WriteLog('Bank Confirmation'); $BankConfirmationDetails = new BankConfirmationDetails($xml); // Strip security hash from remittance identifier $BankConfirmationDetails->SetRemittanceIdentifier($this->StripHash($BankConfirmationDetails->GetRemittanceIdentifier())); $shopResponseDetails->SessionId = $BankConfirmationDetails->GetSessionId(); $shopResponseDetails->StatusCode = $BankConfirmationDetails->GetStatusCode(); $shopResponseDetails->PaymentReferenceIdentifier = $BankConfirmationDetails->GetPaymentReferenceIdentifier(); $this->WriteLog(sprintf('Calling confirmationUrlCallback for remittance identifier "%s" with status code %s', $BankConfirmationDetails->GetRemittanceIdentifier(), $BankConfirmationDetails->GetStatusCode())); $this->ConfirmationUrlCallback($confirmationCallback, 'confirmation', array($HTTP_RAW_POST_DATA, $BankConfirmationDetails)); // Schritt III-8: Bestätigung Erhalt eps Zahlungsbestätigung Händler-eps SO $this->WriteLog('III-8 Confirming payment receipt'); file_put_contents($outputStream, $shopResponseDetails->GetSimpleXml()->asXml()); } } } catch (\Exception $e) { $this->WriteLog($e->getMessage()); if (is_subclass_of($e, 'at\\externet\\eps_bank_transfer\\ShopResponseException')) { $shopResponseDetails->ErrorMsg = $e->GetShopResponseErrorMessage(); } else { $shopResponseDetails->ErrorMsg = 'An exception of type "' . get_class($e) . '" occurred during handling of the confirmation url'; } file_put_contents($outputStream, $shopResponseDetails->GetSimpleXml()->asXml()); throw $e; } }
/** * Validate definition * * @param string $definition * @return mixed - success: boolean, unsuccess: string - message error * @author Sergey Startsev */ protected function doValidatePacked() { $definition = $this->getDefinition(); $tempPath = tempnam(sys_get_temp_dir(), 'studio_wi_wb') . '.xml'; afStudioUtil::writeFile($tempPath, $definition); $validator = new XmlValidator($tempPath); $status = $validator->validateXmlDocument(); unlink($tempPath); $status = $validator->validateXmlDocument(true); if ($status[0] == self::IDENTIFICATOR_ERROR) { $return = trim($status[1]->getMessage()); } else { $return = true; } return $return; }
/** * testInvalidXml. * * @expectedException Hogosha\Monitor\Exception\ValidatorException * @expectedExceptionMessage This xml is not valid */ public function testInvalidXml() { $xmlValidator = new XmlValidator(); $xmlValidator->check('<xml></xml', '//nickanme'); }
public function readXmlDocument($path = null, $security = false, $uri = false) { $page = false; if (!$uri) { $action = sfContext::getInstance()->getActionName(); $module = sfContext::getInstance()->getModuleName(); } else { $module = strtok($uri, "/"); $action = strtok("/"); } if ($path === null) { $pathCU = new afConfigUtils($module); $path = $pathCU->getConfigFilePath($action . '.xml', true); if (strstr($path, "page")) { $page = true; } } $hash = sha1_file($path); $obj = afValidatorCachePeer::inCache($path); if (!$obj || $obj->getSignature() != $hash) { $doc = new XmlValidator($path, $security, false, false, $page ? $this->context->getModuleName() . "/" . $this->context->getActionName() : null); $doc->validateXmlDocument(); $this->document = $doc->getXmlDocument(); $this->validator = $doc; } else { $this->document = new DOMDocument(); $this->document->load($path); } parent::setNamespace($security); parent::setXmlDocument($this->document); parent::setXpath(); XmlBaseElementParser::clearRetVal(); }
public function testHandleConfirmationUrlThrowsExceptionOnInvalidSecuritySetup() { $dataPath = $this->GetEpsDataPath('BankConfirmationDetailsWithSignature.xml'); $temp = tempnam(sys_get_temp_dir(), 'SoCommunicatorTest_'); $this->target->ObscuritySuffixLength = 3; try { $this->target->HandleConfirmationUrl(function () { }, null, $dataPath, $temp); } catch (\UnexpectedValueException $e) { // expected } $actual = file_get_contents($temp); XmlValidator::ValidateEpsProtocol($actual); $this->assertContains('ShopResponseDetails>', $actual); $this->assertContains('ErrorMsg>An exception of type "UnexpectedValueException" occurred during handling of the confirmation url', $actual); }
public function testWithSignatureReturnsTrue() { $ret = XmlValidator::ValidateEpsProtocol($this->GetEpsData('BankConfirmationDetailsWithSignature.xml')); $this->assertTrue($ret); }