Nathanwoodburn.github.io/libraries/plugins/IDS/Log/Email.php

401 lines
11 KiB
PHP
Raw Normal View History

2021-08-30 15:06:36 +10:00
<?php
/**
* PHPIDS
*
* Requirements: PHP5, SimpleXML
*
* Copyright (c) 2008 PHPIDS group (https://phpids.org)
*
* PHPIDS is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, version 3 of the License, or
* (at your option) any later version.
*
* PHPIDS is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with PHPIDS. If not, see <http://www.gnu.org/licenses/>.
*
* PHP version 5.1.6+
*
* @category Security
* @package PHPIDS
* @author Mario Heiderich <mario.heiderich@gmail.com>
* @author Christian Matthies <ch0012@gmail.com>
* @author Lars Strojny <lars@strojny.net>
* @license http://www.gnu.org/licenses/lgpl.html LGPL
* @link http://php-ids.org/
*/
require_once 'IDS/Log/Interface.php';
/**
* Email logging wrapper
*
* The Email wrapper is designed to send reports via email. It implements the
* singleton pattern.
*
* @category Security
* @package PHPIDS
* @author Christian Matthies <ch0012@gmail.com>
* @author Mario Heiderich <mario.heiderich@gmail.com>
* @author Lars Strojny <lars@strojny.net>
* @copyright 2007-2009 The PHPIDS Group
* @license http://www.gnu.org/licenses/lgpl.html LGPL
* @version Release: $Id:Email.php 517 2007-09-15 15:04:13Z mario $
* @link http://php-ids.org/
*/
class IDS_Log_Email implements IDS_Log_Interface
{
/**
* Recipient container
*
* @var array
*/
protected $recipients = array();
/**
* Mail subject
*
* @var string
*/
protected $subject = null;
/**
* Additional mail headers
*
* @var string
*/
protected $headers = null;
/**
* Safemode switch
*
* Using this switch it is possible to enable safemode, which is a spam
* protection based on the alert frequency.
*
* @var boolean
*/
protected $safemode = true;
/**
* Urlencode for result strings
*
* This switch is true by default. Setting it to false removes
* the 'better safe than sorry' urlencoding for the result string in
* the report mails. Enhances readability but maybe XSSes email clients.
*
* @var boolean
*/
protected $urlencode = true;
/**
* Send rate
*
* If safemode is enabled, this property defines how often reports will be
* sent out. Default value is 15, which means that a mail will be sent on
* condition that the last email has not been sent earlier than 15 seconds ago.
*
* @var integer
*/
protected $allowed_rate = 15;
/**
* PHPIDS temp directory
*
* When safemod is enabled, a path to a temp directory is needed to
* store some information. Default is IDS/tmp/
*
* @var string
*/
protected $tmp_path = 'IDS/tmp/';
/**
* File prefix for tmp files
*
* @var string
*/
protected $file_prefix = 'PHPIDS_Log_Email_';
/**
* Holds current remote address
*
* @var string
*/
protected $ip = 'local/unknown';
/**
* Instance container
*
* @var array
*/
protected static $instance = array();
/**
* Constructor
*
* @param mixed $config IDS_Init instance | array
*
* @return void
*/
protected function __construct($config)
{
if ($config instanceof IDS_Init) {
$this->recipients = $config->config['Logging']['recipients'];
$this->subject = $config->config['Logging']['subject'];
$this->headers = $config->config['Logging']['header'];
$this->envelope = $config->config['Logging']['envelope'];
$this->safemode = $config->config['Logging']['safemode'];
$this->urlencode = $config->config['Logging']['urlencode'];
$this->allowed_rate = $config->config['Logging']['allowed_rate'];
$this->tmp_path = $config->getBasePath()
. $config->config['General']['tmp_path'];
} elseif (is_array($config)) {
$this->recipients[] = $config['recipients'];
$this->subject = $config['subject'];
$this->additionalHeaders = $config['header'];
}
// determine correct IP address and concat them if necessary
$this->ip = $_SERVER['REMOTE_ADDR'] .
(isset($_SERVER['HTTP_X_FORWARDED_FOR']) ?
' (' . $_SERVER['HTTP_X_FORWARDED_FOR'] . ')' : '');
}
/**
* Returns an instance of this class
*
* This method allows the passed argument to be either an instance of
* IDS_Init or an array.
*
* @param mixed $config IDS_Init | array
* @param string $classname the class name to use
*
* @return object $this
*/
public static function getInstance($config, $classname = 'IDS_Log_Email')
{
if (!self::$instance) {
self::$instance = new $classname($config);
}
return self::$instance;
}
/**
* Permitting to clone this object
*
* For the sake of correctness of a singleton pattern, this is necessary
*
* @return void
*/
private function __clone()
{
}
/**
* Detects spam attempts
*
* To avoid mail spam through this logging class this function is used
* to detect such attempts based on the alert frequency.
*
* @return boolean
*/
protected function isSpamAttempt()
{
/*
* loop through all files in the tmp directory and
* delete garbage files
*/
$dir = $this->tmp_path;
$numPrefixChars = strlen($this->file_prefix);
$files = scandir($dir);
foreach ($files as $file) {
if (is_file($dir . DIRECTORY_SEPARATOR . $file)) {
if (substr($file, 0, $numPrefixChars) == $this->file_prefix) {
$lastModified = filemtime($dir . DIRECTORY_SEPARATOR . $file);
if ((time() - $lastModified) > 3600) {
unlink($dir . DIRECTORY_SEPARATOR . $file);
}
}
}
}
/*
* end deleting garbage files
*/
$remoteAddr = $this->ip;
$userAgent = $_SERVER['HTTP_USER_AGENT'];
$filename = $this->file_prefix . md5($remoteAddr.$userAgent) . '.tmp';
$file = $dir . DIRECTORY_SEPARATOR . $filename;
if (!file_exists($file)) {
$handle = fopen($file, 'w');
fwrite($handle, time());
fclose($handle);
return false;
}
$lastAttack = file_get_contents($file);
$difference = time() - $lastAttack;
if ($difference > $this->allowed_rate) {
unlink($file);
} else {
return true;
}
return false;
}
/**
* Prepares data
*
* Converts given data into a format that can be read in an email.
* You might edit this method to your requirements.
*
* @param mixed $data the report data
*
* @return string
*/
protected function prepareData($data)
{
$format = "The following attack has been detected by PHPIDS\n\n";
$format .= "IP: %s \n";
$format .= "Date: %s \n";
$format .= "Impact: %d \n";
$format .= "Affected tags: %s \n";
$attackedParameters = '';
foreach ($data as $event) {
$attackedParameters .= $event->getName() . '=' .
((!isset($this->urlencode) ||$this->urlencode)
? urlencode($event->getValue())
: $event->getValue()) . ", ";
}
$format .= "Affected parameters: %s \n";
$format .= "Request URI: %s \n";
$format .= "Origin: %s \n";
return sprintf($format,
$this->ip,
date('c'),
$data->getImpact(),
join(' ', $data->getTags()),
trim($attackedParameters),
htmlspecialchars($_SERVER['REQUEST_URI'], ENT_QUOTES, 'UTF-8'),
$_SERVER['SERVER_ADDR']);
}
/**
* Sends the report to registered recipients
*
* @param object $data IDS_Report instance
*
* @throws Exception if data is no string
* @return boolean
*/
public function execute(IDS_Report $data)
{
if ($this->safemode) {
if ($this->isSpamAttempt()) {
return false;
}
}
/*
* In case the data has been modified before it might
* be necessary to convert it to string since it's pretty
* senseless to send array or object via e-mail
*/
$data = $this->prepareData($data);
if (is_string($data)) {
$data = trim($data);
// if headers are passed as array, we need to make a string of it
if (is_array($this->headers)) {
$headers = "";
foreach ($this->headers as $header) {
$headers .= $header . "\r\n";
}
} else {
$headers = $this->headers;
}
if (!empty($this->recipients)) {
if (is_array($this->recipients)) {
foreach ($this->recipients as $address) {
$this->send(
$address,
$data,
$headers,
$this->envelope
);
}
} else {
$this->send(
$this->recipients,
$data,
$headers,
$this->envelope
);
}
}
} else {
throw new Exception(
'Please make sure that data returned by
IDS_Log_Email::prepareData() is a string.'
);
}
return true;
}
/**
* Sends an email
*
* @param string $address email address
* @param string $data the report data
* @param string $headers the mail headers
* @param string $envelope the optional envelope string
*
* @return boolean
*/
protected function send($address, $data, $headers, $envelope = null)
{
if (!$envelope || strpos(ini_get('sendmail_path'),' -f') !== false) {
return mail($address,
$this->subject,
$data,
$headers);
} else {
return mail($address,
$this->subject,
$data,
$headers,
'-f' . $envelope);
}
}
}
/**
* Local variables:
* tab-width: 4
* c-basic-offset: 4
* End:
* vim600: sw=4 ts=4 expandtab
*/