FIXED wrong URL detection

magespecialist · Jun 1, 2017 · 26b1ca0 · 26b1ca0
1 parent 049c043
commit 26b1ca0
Show file tree

Hide file tree

Showing 4 changed files with 18 additions and 14 deletions.
diff --git a/Api/ShieldInterface.php b/Api/ShieldInterface.php
@@ -24,10 +24,9 @@ interface ShieldInterface
 {
     /**
      * Return true if should scan request
-     * @param \Magento\Framework\App\RequestInterface $request
      * @return bool
      */
-    public function shouldScan(\Magento\Framework\App\RequestInterface $request);
+    public function shouldScan();
 
     /**
      * Scan HTTP request and return false if no hack attempt has been detected

diff --git a/Model/Shield.php b/Model/Shield.php
@@ -24,6 +24,7 @@
 use Magento\Framework\App\Filesystem\DirectoryList;
 use Magento\Framework\Module\Dir\Reader;
 use Magento\Framework\App\DeploymentConfig\Reader as DeploymentConfigReader;
+use MSP\SecuritySuiteCommon\Api\UtilsInterface;
 use MSP\Shield\Api\ShieldInterface;
 
 class Shield implements ShieldInterface
@@ -59,42 +60,46 @@ class Shield implements ShieldInterface
      */
     private $configReader;
 
+    /**
+     * @var UtilsInterface
+     */
+    private $utils;
+
     public function __construct(
         ScopeConfigInterface $scopeConfig,
         Reader $reader,
         Cache $cache,
         DirectoryList $directoryList,
-        DeploymentConfigReader $configReader
+        UtilsInterface $utils
     ) {
         $this->scopeConfig = $scopeConfig;
         $this->directoryList = $directoryList;
         $this->reader = $reader;
         $this->cache = $cache;
-        $this->configReader = $configReader;
+        $this->utils = $utils;
     }
 
     /**
      * Return true if should scan request
-     * @param \Magento\Framework\App\RequestInterface $request
      * @return bool
      */
-    public function shouldScan(\Magento\Framework\App\RequestInterface $request)
+    public function shouldScan()
     {
-        $config = $this->configReader->load();
-        $adminPath = $config['backend']['frontName'];
-
         $enabledBackend = !! $this->scopeConfig->getValue(static::XML_PATH_ENABLED_BACKEND);
-        if ((strpos($request->getRequestUri(), "/$adminPath/") !== false) && !$enabledBackend) {
+        if ($this->utils->isBackendUri() && !$enabledBackend) {
             return false;
         }
 
+        $adminPath = $this->utils->getBackendPath();
+
         $whiteList = trim($this->scopeConfig->getValue(static::XML_PATH_URI_WHITELIST));
         $whiteList = str_replace('$admin', $adminPath, $whiteList);
         $whiteList = preg_split('/[\r\n\s,]+/', $whiteList);
         $whiteList[] = '/msp_security_suite/stop/index/';
 
+        $requestUri = $this->utils->getSanitizedUri();
         foreach ($whiteList as $uri) {
-            if (strpos($request->getRequestUri(), $uri) !== false) {
+            if (strpos($requestUri, $uri) === 0) {
                 return false;
             }
         }

diff --git a/composer.json b/composer.json
@@ -3,9 +3,9 @@
     "description": "Advanced Intrusion Prevention System for Magento2 - Member of MageSpecialist SecuritySuite",
     "require": {
         "php": "~7.0.0",
-        "msp/phpids": "*",
+        "msp/phpids": ">=1.0.1",
         "msp/common": "*",
-        "msp/security-suite-common": "*"
+        "msp/security-suite-common": ">=1.0.3"
     },
     "suggest": {
         "msp/security-suite": "Full MageSpecialist Security Suite"

diff --git a/etc/module.xml b/etc/module.xml
@@ -21,6 +21,6 @@
 -->
 <config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:noNamespaceSchemaLocation="urn:magento:framework:Module/etc/module.xsd">
-    <module name="MSP_Shield" setup_version="1.0.3">
+    <module name="MSP_Shield" setup_version="1.0.4">
     </module>
 </config>