Skip to content

Commit

Permalink
Merge pull request #101 from mebjas/master-fixes
Browse files Browse the repository at this point in the history 
Added support for custom loggers and more changes
  • Loading branch information
@mebjas
mebjas authored Mar 17, 2018
2 parents 9eebbe3 + fa2789a commit 3374255
Show file tree
Hide file tree
Showing 8 changed files with 923 additions and 672 deletions.
26 changes: 26 additions & 0 deletions libs/csrf/LoggerInterface.php
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
<?php
/**
* This file has implementation for LoggerInterface interface
*/

if (!defined('__CSRF_PROTECTOR_loggerInterface__')) {
// to avoid multiple declaration errors
define('__CSRF_PROTECTOR_loggerInterface__', true);

/**
* Interface for logger class
*/
interface LoggerInterface {
/**
* logging method
*
* Parameters:
* $message - the log message
* $context - context array
*
* Return:
* void
*/
public function log($message, $context = array());
}
}
49 changes: 49 additions & 0 deletions libs/csrf/csrfpAction.php
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
<?php
/**
* This file has implementation for csrfpAction class
*/

if (!defined('__CSRF_PROTECTOR_csrfpAction__')) {
// to avoid multiple declaration errors
define('__CSRF_PROTECTOR_csrfpAction__', true);

/**
* Enumerator for actions
*/
abstract class csrfpAction {
/**
* Variable: ForbiddenResponseAction
* Action of sending back 403 response code
* @var int
*/
const ForbiddenResponseAction = 0;

/**
* Variable: ClearParametersAction
* Action of clearning all request parameters
* @var int
*/
const ClearParametersAction = 1;

/**
* Variable: RedirectAction
* Action of redirecting users to another location
* @var int
*/
const RedirectAction = 2;

/**
* Variable: CustomErrorMessageAction
* Action of sending back a custom message
* @var int
*/
const CustomErrorMessageAction = 3;

/**
* Variable: InternalServerErrorResponseAction
* Action of sending back 5XX response code
* @var int
*/
const InternalServerErrorResponseAction = 4;
}
}
58 changes: 58 additions & 0 deletions libs/csrf/csrfpCookieConfig.php
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,58 @@
<?php
/**
* This file has implementation for csrfpCookieConfig class
*/

if (!defined('__CSRF_PROTECTOR_csrfpCookieConfig__')) {
// to avoid multiple declaration errors
define('__CSRF_PROTECTOR_csrfpCookieConfig__', true);

/**
* Cookie config class
*/
class csrfpCookieConfig
{
/**
* Variable: $path
* path parameter for setcookie method
* @var string
*/
public $path = '';

/**
* Variable: $domain
* domain parameter for setcookie method
* @var string
*/
public $domain = '';

/**
* Variable: $secure
* secure parameter for setcookie method
* @var bool
*/
public $secure = false;

/**
* Variable: $expire
* expiry parameter in seconds from now for setcookie method, default is 30 minutes
* @var int
*/
public $expire = 1800;

/**
* Function: constructor
*
* Parameters:
* @param $cfg - config array loaded from config file;
*/
function __construct($cfg) {
if ($cfg !== null) {
if (isset($cfg['path'])) $this->path = $cfg['path'];
if (isset($cfg['domain'])) $this->domain = $cfg['domain'];
if (isset($cfg['secure'])) $this->secure = (bool) $cfg['secure'];
if (isset($cfg['expire']) && $cfg['expire']) $this->expire = (int)$cfg['expire'];
}
}
}
}
88 changes: 88 additions & 0 deletions libs/csrf/csrfpDefaultLogger.php
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,88 @@
<?php
/**
* This file has implementation for csrfpDefaultLogger class
*/
include __DIR__ ."/LoggerInterface.php";

if (!defined('__CSRF_PROTECTOR_csrfpDefaultLogger_')) {
// to avoid multiple declaration errors
define('__CSRF_PROTECTOR_csrfpDefaultLogger_', true);

class logDirectoryNotFoundException extends \exception {};
class logFileWriteError extends \exception {};

/**
* Default logger class for CSRF Protector
* This is a file based logger class
*/
class csrfpDefaultLogger implements LoggerInterface {
/**
* Variable: $logDirectory
* directory for file based logging
*/
private $logDirectory;

/**
* Constructor
*
* Parameters:
* $path - the path for logs to be stored (relative or absolute)
*
* Returns:
* void
*
* Throws:
* logDirectoryNotFoundException - if log directory is not found
*/
function __construct($path) {
//// Check for relative path
$this->logDirectory = __DIR__ . "/../" . $path;


//// If the relative log directory path does not
//// exist try as an absolute path
if (!is_dir($this->logDirectory)) {
$this->logDirectory = $path;
}

if (!is_dir($this->logDirectory)) {
throw new logDirectoryNotFoundException("OWASP CSRFProtector: Log Directory Not Found!");
}
}

/**
* logging method
*
* Parameters:
* $message - the log message
* $context - context array
*
* Return:
* void
*
* Throws:
* logFileWriteError - if unable to log an attack
*/
public function log($message, $context = array()) {
// Append to the log file, or create it if it does not exist create
$logFile = fopen($this->logDirectory ."/" . date("m-20y") . ".log", "a+");

//throw exception if above fopen fails
if (!$logFile) {
throw new logFileWriteError("OWASP CSRFProtector: Unable to write to the log file");
}

$context['timestamp'] = time();
$context['message'] = $message;

//convert log array to JSON format to be logged
$context = json_encode($context) .PHP_EOL;

//append log to the file
fwrite($logFile, $context);

//close the file handler
fclose($logFile);
}
}
}
Loading

0 comments on commit 3374255

Please sign in to comment.