Location: PHPKode > projects > WebSecurityTester > php-gtk/security/lib/WebAnalizer.cls.php
<?
/**
 * Class WebAnalizer
 * @author simone cosci
 * @version 1.0
 * @abstract This Class is borned to Analize a collection of WebResource objects passed as constructor argument
 * Structure of a WebAnalizer after Analize() method
 * 		responses[/path/to/resource]:
 * 						response: HttpResponse object
 *			 			params: array(
 *				 				name: value
 *				 				name: value
 *						)
 *			 			err: string
 *		warnings[/path/to/resource]:
 *						code: warn
 *						code: warn
 */

class WebAnalizer
{
	/** Associative configuration array
	 * @access public
	 * @var array
	 */
	var $conf;

	/** Associative resource=>Warning array
	 * @access public
	 * @var array
	 */
	var $warnings;
		
	/**
	 * Collection of array of WebResource data
	 * @access public
	 * @var array
	 */
	var $resources;
	
	/**
	 * Collection of HttpResponse classes
	 * @access public
	 * @var array
	 */
	var $responses;
	
	/** Handle to global $myHttpRequest
	 * @var HttpRequest class
	 * @access public
	 */
	var $request;
	
	function WebAnalizer($resources=array()){
		$this->resources = $resources;
	}
	
	function Analize(){
		$this->responses = array();
		$this->warnings = array();
		foreach ($this->resources as $res_index=>$resource){

			
			$myWebResource = new WebResource($resource);
			$myWebResource->protocol = $this->request->protocol;
			$myWebResource->host = $this->request->host;
			if(!$myWebResource->parse())
				$this->responses[$resource] = array('response' => null,
													'err' => $myWebResource->err
													);
			else{
				/* It's a Javascrip call so continue */
				$js_call = 'javascript:';
				if(substr(strtolower($myWebResource->pathinfo['path']),1,strlen($js_call))==$js_call) continue;

				/* Match conf directives and ifmatch continue */
				if($myWebResource->type == WST_RELATIVE_PATH){ 
					$myWebResource->host = $this->request->host;
				}else{
					$myWebResource->host = $myWebResource->pathinfo['host'];
				}
				$ip = gethostbyname($myWebResource->host);
				if($ip == $this->request->server && strtolower($this->conf['ANALIZE_IFMATCH_IP'][0]) != 'y') continue;
				if($ip != $this->request->server && strtolower($this->conf['ANALIZE_IFNOTMATCH_IP'][0]) != 'y') continue;
				if($myWebResource->host == $this->request->host && strtolower($this->conf['ANALIZE_IFMATCH_HOST'][0]) != 'y') continue;
				if($myWebResource->host != $this->request->host && strtolower($this->conf['ANALIZE_IFNOTMATCH_HOST'][0]) != 'y') continue;
				
				/* Detect file extension */
				$ext = explode('.',$myWebResource->pathinfo['path']);
				if(count($ext)>1) $ext = array_pop($ext);
				else $ext = '';
				
				/* HttpRequest->Send() included in myWebResource->get_response() */
				$response = $myWebResource->get_response($this->request);
				$this->responses[$resource] = array('response'  => $response,
													'params'	=> $myWebResource->params,
													'err' 		=> null,
													'ext'		=> $ext
													);
			}
			if($this->responses[$resource]['response']!=null){
				if(is_object($this->responses[$resource]['response']) && get_class($this->responses[$resource]['response'])=='httpresponse'){
					$this->responses[$resource]['code'] = (isset($this->responses[$resource]['response']->code)?$this->responses[$resource]['response']->code:0);
					$this->responses[$resource]['size'] = (isset($this->responses[$resource]['response']->headers['content-length'])?$this->responses[$resource]['response']->headers['content-length']:strlen($this->responses[$resource]['response']->body));
					$this->responses[$resource]['type'] = (isset($this->responses[$resource]['response']->headers['content-type'])?$this->responses[$resource]['response']->headers['content-type']:'');
					for($i=1; $i<4; $i++){
						if($this->responses[$resource]['size'] > $this->conf['MAX_FILE_SIZE_WARNING_LEVEL'.$i])
							$this->warnings[$resource]['DOS'] = $this->conf['MAX_FILE_SIZE_WARNING_LEVEL'.$i."_MSG"];
					}
					if(in_array($this->responses[$resource]['ext'],explode(',',$this->conf['KNOW_SCRIPT_EXTENSIONS']))){
						if(count($myWebResource->params)>0){
							if(isset($this->conf['TRASVERSAL_MSG'])) $this->warnings[$resource]['TRV'] = $this->conf['TRASVERSAL_MSG'];
							if(isset($this->conf['CROSS_SITE_SCRIPTING_MSG'])) $this->warnings[$resource]['XSS'] = $this->conf['CROSS_SITE_SCRIPTING_MSG'];
							if(isset($this->conf['SQL_INJECTION_MSG'])) $this->warnings[$resource]['SQL'] = $this->conf['SQL_INJECTION_MSG'];
							if(isset($this->conf['REMOTECODE_EXECUTION_MSG'])) $this->warnings[$resource]['RCX'] = $this->conf['REMOTECODE_EXECUTION_MSG'];
						}
					}
				}else{
					$this->responses[$resource]['err'] = $this->responses[$resource]['response'];
					$this->responses[$resource]['response'] = null;
				} 
			}
		}
	}
}




?>
Return current item: WebSecurityTester