Debug mode + fixes

magespecialist · Sep 13, 2017 · 8da80e7 · 8da80e7
1 parent 286d7df
commit 8da80e7
Show file tree

Hide file tree

Showing 13 changed files with 107 additions and 17 deletions.
diff --git a/Api/IpsInterface.php b/Api/IpsInterface.php
@@ -22,6 +22,8 @@
 
 interface IpsInterface
 {
+
+
     /**
      * Check request
      * @param array $request

diff --git a/Api/ScanResultInterface.php b/Api/ScanResultInterface.php
@@ -28,6 +28,12 @@ interface ScanResultInterface
      */
     public function getScore();
 
+    /**
+     * Get description
+     * @return string
+     */
+    public function getDescription();
+
     /**
      * Get list of matched threats
      * @return ThreatInterface[]

diff --git a/Api/ThreatInterface.php b/Api/ThreatInterface.php
@@ -22,6 +22,8 @@
 
 interface ThreatInterface
 {
+    const XML_PATH_DEBUG = 'msp_securitysuite_shield/general/debug';
+
     /**
      * Get threat identification
      * @return string
@@ -58,6 +60,12 @@ public function getAdditional();
      */
     public function getDescription();
 
+    /**
+     * Get debug
+     * @return array
+     */
+    public function getDebug();
+
     /**
      * Set threat identification
      * @param string $value
@@ -92,4 +100,11 @@ public function setReason($value);
      * @return \MSP\Shield\Api\ThreatInterface
      */
     public function setAdditional(array $value);
+
+    /**
+     * Set debug information
+     * @param array $value
+     * @return \MSP\Shield\Api\ThreatInterface
+     */
+    public function setDebug(array $value);
 }
diff --git a/Model/Detector/SqlInjection.php b/Model/Detector/SqlInjection.php
@@ -342,7 +342,7 @@ protected function getNormalizedQueryScenarios($originalQuery, array &$scenarios
                 $threat
                     ->setDetector($this)
                     ->setId(static::RESCODE_SQLI_INJECTION)
-                    ->setAdditional(['query' => $modifiedQuery])
+                    ->setDebug(['query' => $modifiedQuery])
                     ->setReason(__('C comments detected'))
                     ->setScore(DetectorInterface::SCORE_CRITICAL_MATCH);
 
@@ -354,7 +354,7 @@ protected function getNormalizedQueryScenarios($originalQuery, array &$scenarios
                 $threat
                     ->setDetector($this)
                     ->setId(static::RESCODE_SQLI_INJECTION)
-                    ->setAdditional(['query' => $modifiedQuery])
+                    ->setDebug(['query' => $modifiedQuery])
                     ->setReason(__('Open C comment detected'))
                     ->setScore(DetectorInterface::SCORE_CRITICAL_MATCH);
 
@@ -372,7 +372,7 @@ protected function getNormalizedQueryScenarios($originalQuery, array &$scenarios
                 $threat
                     ->setDetector($this)
                     ->setId(static::RESCODE_SQLI_INJECTION)
-                    ->setAdditional(['query' => $modifiedQuery])
+                    ->setDebug(['query' => $modifiedQuery])
                     ->setReason(__('Comments detected'))
                     ->setScore($sqlCommentScore);
 
@@ -388,7 +388,7 @@ protected function getNormalizedQueryScenarios($originalQuery, array &$scenarios
                 $threat
                     ->setDetector($this)
                     ->setId(static::RESCODE_SQLI_INJECTION)
-                    ->setAdditional(['query' => $modifiedQuery])
+                    ->setDebug(['query' => $modifiedQuery])
                     ->setReason(__('Injection payload detected'))
                     ->setScore(DetectorInterface::SCORE_CRITICAL_MATCH);
 

diff --git a/Model/Detector/Xss.php b/Model/Detector/Xss.php
@@ -207,10 +207,11 @@ protected function getHtmlTagsList()
 
     /**
      * Evaluate an value threat level
+     * @param string $fieldName
      * @param $value
      * @param array $threats
      */
-    protected function evaluateQuery($value, array &$threats)
+    protected function evaluateQuery($fieldName, $value, array &$threats)
     {
         $htmlTags = $this->getHtmlTagsList();
 
@@ -228,7 +229,6 @@ protected function evaluateQuery($value, array &$threats)
                     $threat
                         ->setDetector($this)
                         ->setId(static::RESCODE_SCRIPT_INJECTION)
-                        ->setAdditional(['payload' => $value])
                         ->setReason(__('HTML tags detected'))
                         ->setScore(DetectorInterface::SCORE_CRITICAL_MATCH);
 
@@ -313,7 +313,7 @@ public function scanRequest($fieldName, $fieldValue)
         $threats = [];
 
         $encodedQuery = $this->normalizeValue($fieldValue, $threats);
-        $this->evaluateQuery($encodedQuery, $threats);
+        $this->evaluateQuery($fieldName, $encodedQuery, $threats);
 
         return $threats;
     }

diff --git a/Model/DetectorRegex.php b/Model/DetectorRegex.php
@@ -62,7 +62,6 @@ public function scanRegex($detector, array $regexList, $value, array &$threats)
                     ->setDetector($detector)
                     ->setId($regexGroup['id'])
                     ->setAdditional([
-                        'subject' => $value,
                         'regex' => $matchingRegex,
                     ])
                     ->setReason($regexGroup['reason'])

diff --git a/Model/Ips.php b/Model/Ips.php
@@ -107,13 +107,20 @@ protected function runDetectors($fieldName, $fieldValue, &$threats)
                         foreach ($scanThreats as $scanThreat) {
                             $additional = [
                                 'threat' => $scanThreat->getAdditional(),
-                                'input' => [
-                                    'value' => utf8_encode($fieldValue),
-                                    'name' => $fieldName,
-                                ],
+                                'field' => $fieldName,
                             ];
+
+                            if (count($scanThreat->getDebug())) {
+                                $additional['debug'] = [
+                                    'threat' => $scanThreat->getDebug(),
+                                    'value' => utf8_encode($fieldValue),
+                                    'field' => $fieldName,
+                                ];
+                            }
+
                             $scanThreat->setAdditional($additional);
                         }
+
                         $threats = array_merge($threats, $scanThreats);
                     }
                 }

diff --git a/Model/ScanResult.php b/Model/ScanResult.php
@@ -30,6 +30,11 @@ class ScanResult implements ScanResultInterface
      */
     protected $threats;
 
+    /**
+     * @var string[]
+     */
+    private $descriptions;
+
     protected $score;
 
     /**
@@ -40,8 +45,10 @@ public function __construct(array $threats)
     {
         $this->threats = $threats;
         $this->score = 0;
+        $this->descriptions = [];
         foreach ($this->threats as $threat) {
             $this->score += $threat->getScore();
+            $this->descriptions[] = $threat->getDescription();
         }
     }
 
@@ -54,6 +61,15 @@ public function getScore()
         return $this->score;
     }
 
+    /**
+     * Get score
+     * @return string
+     */
+    public function getDescription()
+    {
+        return implode("\n", $this->descriptions);
+    }
+
     /**
      * Get list of matched threats
      * @return ThreatInterface[]

diff --git a/Model/Threat.php b/Model/Threat.php
@@ -20,6 +20,7 @@
 
 namespace MSP\Shield\Model;
 
+use Magento\Framework\App\Config\ScopeConfigInterface;
 use MSP\Shield\Api\DetectorInterface;
 use MSP\Shield\Api\ThreatInterface;
 
@@ -30,6 +31,17 @@ class Threat implements ThreatInterface
     protected $detector = null;
     protected $reason = null;
     protected $additional = null;
+    protected $debug = null;
+
+    /**
+     * @var ScopeConfigInterface
+     */
+    private $scopeConfig;
+
+    public function __construct(ScopeConfigInterface $scopeConfig)
+    {
+        $this->scopeConfig = $scopeConfig;
+    }
 
     /**
      * Get threat identification
@@ -140,4 +152,31 @@ public function setAdditional(array $value)
         $this->additional = $value;
         return $this;
     }
+
+    /**
+     * Get debug
+     * @return array
+     */
+    public function getDebug()
+    {
+        if (!!$this->scopeConfig->getValue(ThreatInterface::XML_PATH_DEBUG)) {
+            return $this->debug;
+        }
+
+        return [];
+    }
+
+    /**
+     * Set debug information
+     * @param array $value
+     * @return \MSP\Shield\Api\ThreatInterface
+     */
+    public function setDebug(array $value)
+    {
+        if (!!$this->scopeConfig->getValue(ThreatInterface::XML_PATH_DEBUG)) {
+            $this->debug = $value;
+        }
+
+        return $this;
+    }
 }
diff --git a/Plugin/AppInterfacePlugin.php b/Plugin/AppInterfacePlugin.php
@@ -97,9 +97,9 @@ public function aroundLaunch(AppInterface $subject, \Closure $proceed)
                 if ($logAction) {
                     $this->event->dispatch(LogManagementInterface::EVENT_ACTIVITY, [
                         'module' => 'MSP_Shield',
-                        'message' => 'Impact ' . $res->getScore(),
+                        'message' => $res->getDescription(),
                         'action' => $stopAction ? 'stop' : 'log',
-                        'additional' => serialize($res->getAdditionalInfo()),
+                        'additional' => $res->getAdditionalInfo(),
                     ]);
                 }
 

diff --git a/etc/adminhtml/system.xml b/etc/adminhtml/system.xml
@@ -54,11 +54,16 @@
                     <label>Minimum impact score to activate lockdown protection</label>
                     <comment>0 to disable, suggested value: 50. WARNING: We strongly suggest to use "log mode" for a test period before enabling the automatic lockdown.</comment>
                 </field>
-                <field canRestore="1" id="params_whitelist" translate="label" type="textarea" sortOrder="60" showInDefault="1" showInWebsite="0" showInStore="0">
+                <field id="debug" translate="label" type="select" sortOrder="60" showInDefault="1" showInWebsite="0" showInStore="0">
+                    <label>Log debug information</label>
+                    <source_model>Magento\Config\Model\Config\Source\Yesno</source_model>
+                    <comment>BEWARE: Sensitive user's information may be stored. Use this option only while tuning.</comment>
+                </field>
+                <field canRestore="1" id="params_whitelist" translate="label" type="textarea" sortOrder="70" showInDefault="1" showInWebsite="0" showInStore="0">
                     <label>Parameters whitelist whitelist</label>
                     <comment>One param name per line (e.g.: GET.paramname, COOKIE.paramname, POST.paramname)</comment>
                 </field>
-                <field canRestore="1" id="uri_whitelist" translate="label" type="textarea" sortOrder="70" showInDefault="1" showInWebsite="0" showInStore="0">
+                <field canRestore="1" id="uri_whitelist" translate="label" type="textarea" sortOrder="80" showInDefault="1" showInWebsite="0" showInStore="0">
                     <label>URI Whitelist</label>
                     <comment>One URI per line</comment>
                 </field>

diff --git a/etc/config.xml b/etc/config.xml
@@ -25,6 +25,7 @@
         <msp_securitysuite_shield>
             <general>
                 <enabled>0</enabled>
+                <debug>0</debug>
                 <min_impact_log>10</min_impact_log>
                 <min_impact_stop>0</min_impact_stop>
                 <check_cookies>0</check_cookies>

diff --git a/etc/module.xml b/etc/module.xml
@@ -21,6 +21,6 @@
 -->
 <config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:noNamespaceSchemaLocation="urn:magento:framework:Module/etc/module.xsd">
-    <module name="MSP_Shield" setup_version="2.0.4">
+    <module name="MSP_Shield" setup_version="2.0.6">
     </module>
 </config>
-Original file line number
+Diff line change
@@ Expand Up / @@ -22,6 +22,8 @@ @@
     interface IpsInterface
     {
         /**
          * Check request
          * @param array $request
@@ Expand Down @@