PM-473 "Analisis de los resultados de escaneo de las..." SOLVED
Issue:
Analisis de los resultados de escaneo de las funciones en ProcessMaker. Plugin/trigger code scanner.
Cause:
Nueva solicitud de funciones
Solution:
Se ha implementado esta nueva funcionalidad, que consta de lo siguiente:
- Escaneo de codigo al importar un plugin (no se aplica a plugins enterprise)
- Escaneo de codigo al habilitar un plugin (si el plugin ya se encuentra fisicamente en el directorio de los plugins)
- Escaneo de codigo al importar un proceso
- Escaneo de codigo al crear/modificar codigo de un trigger
- Escaneo de codigo al ejecutar un caso que tenga seteados triggers en sus steps (si el trigger tiene codigo
no deseado, no se ejecuta el trigger)
- Se ha agregado la opcion "check-plugin-disabled-code" al comando "./gulliver", el mismo muestra
informacion sobre los plugins con codigo no deseado.
Ej: $ ./gulliver check-plugin-disabled-code [enterprise-plugin|custom-plugin|all|<plugin-name>]
- Se ha agregado la opcion "check-workspace-disabled-code" al comando "./processmaker", el mismo muestra
informacion sobre los workspaces con codigo no deseado en sus triggers.
Ej: $ ./processmaker check-workspace-disabled-code <myWorkspace>
- Por defecto ProcessMaker no realiza el escaneo de codigo, si se desea escanear codigo no deseado, se
debera definir el atributo "enable_blacklist = 1" en el archivo "env.ini", este atributo no se aplica
a las nuevas opciones creadas para los comandos "./gulliver" y "./processmaker"
- Para una configuracion personalizada de codigo no deseado (lista negra), se pueden definir las mismas en
el archivo "path/to/processmaker/workflow/engine/config/blacklist.ini" (si no existe el
archivo se puede crear), o tambien en el atributo "disable_functions" esto en el archivo "php.ini"
Ejemplo de "blacklist.ini":
;Classes
;=======
DashletInterface
;Functions
;=========
eval
exec
;date
;echo
strlen
This commit is contained in:
Victor Saisa Lopez
@@ -26,6 +26,63 @@ use ProcessMaker\Importer\XmlImporter;
|
||||
|
||||
ini_set("max_execution_time", 0);
|
||||
|
||||
if (isset($_FILES["PROCESS_FILENAME"]) &&
|
||||
pathinfo($_FILES["PROCESS_FILENAME"]["name"], PATHINFO_EXTENSION) == "pm" &&
|
||||
$_FILES["PROCESS_FILENAME"]["error"] == 0
|
||||
) {
|
||||
//Check disabled code
|
||||
$response = array();
|
||||
|
||||
try {
|
||||
$fh = fopen($_FILES["PROCESS_FILENAME"]["tmp_name"], "rb");
|
||||
$content = fread($fh, (int)(fread($fh, 9)));
|
||||
$data = unserialize($content);
|
||||
fclose($fh);
|
||||
|
||||
if (is_object($data) && isset($data->triggers) && is_array($data->triggers) && count($data->triggers) > 0) {
|
||||
G::LoadClass("codeScanner");
|
||||
|
||||
$arraySystemConfiguration = System::getSystemConfiguration(PATH_CONFIG . "env.ini");
|
||||
|
||||
$cs = new CodeScanner((isset($arraySystemConfiguration["enable_blacklist"]) && (int)($arraySystemConfiguration["enable_blacklist"]) == 1)? "DISABLED_CODE" : "");
|
||||
|
||||
$strFoundDisabledCode = "";
|
||||
|
||||
foreach ($data->triggers as $value) {
|
||||
$arrayTriggerData = $value;
|
||||
|
||||
$arrayFoundDisabledCode = $cs->checkDisabledCode("SOURCE", $arrayTriggerData["TRI_WEBBOT"]);
|
||||
|
||||
if (count($arrayFoundDisabledCode) > 0) {
|
||||
$strCodeAndLine = "";
|
||||
|
||||
foreach ($arrayFoundDisabledCode["source"] as $key2 => $value2) {
|
||||
$strCodeAndLine .= (($strCodeAndLine != "")? ", " : "") . G::LoadTranslation("ID_DISABLED_CODE_CODE_AND_LINE", array($key2, implode(", ", $value2)));
|
||||
}
|
||||
|
||||
$strFoundDisabledCode .= (($strFoundDisabledCode != "")? "\n" : "") . "- " . $arrayTriggerData["TRI_TITLE"] . ": " . $strCodeAndLine;
|
||||
}
|
||||
}
|
||||
|
||||
if ($strFoundDisabledCode != "") {
|
||||
$response["status"] = "DISABLED-CODE";
|
||||
$response["success"] = true;
|
||||
$response["message"] = G::LoadTranslation("ID_DISABLED_CODE_PROCESS", array($data->process["PRO_TITLE"], "\n" . $strFoundDisabledCode));
|
||||
|
||||
echo G::json_encode($response);
|
||||
exit(0);
|
||||
}
|
||||
}
|
||||
} catch (Exception $e) {
|
||||
$response["status"] = "ERROR";
|
||||
$response["success"] = true;
|
||||
$response["catchMessage"] = $e->getMessage();
|
||||
|
||||
echo G::json_encode($response);
|
||||
exit(0);
|
||||
}
|
||||
}
|
||||
|
||||
if (isset($_FILES["PROCESS_FILENAME"]) &&
|
||||
pathinfo($_FILES["PROCESS_FILENAME"]["name"], PATHINFO_EXTENSION) == "pmx"
|
||||
) {
|
||||
@@ -286,17 +343,17 @@ if ($action == "uploadFileNewProcessExist") {
|
||||
|
||||
$importer->throwExceptionIfExistsReservedWordsSql($oData);
|
||||
|
||||
//**cheking if the PRO_CREATE_USER exist**//
|
||||
$usrCrtr = $oData->process['PRO_CREATE_USER'];
|
||||
|
||||
$exist = new Users();
|
||||
if($exist->userExists($usrCrtr)){
|
||||
$usrInfo = $exist->getAllInformation($usrCrtr);
|
||||
if ($usrInfo['status'] == 'CLOSED'){
|
||||
$oData->process['PRO_CREATE_USER'] = $_SESSION['USER_LOGGED'];
|
||||
}
|
||||
} else {
|
||||
$oData->process['PRO_CREATE_USER'] = $_SESSION['USER_LOGGED'];
|
||||
//**cheking if the PRO_CREATE_USER exist**//
|
||||
$usrCrtr = $oData->process['PRO_CREATE_USER'];
|
||||
|
||||
$exist = new Users();
|
||||
if($exist->userExists($usrCrtr)){
|
||||
$usrInfo = $exist->getAllInformation($usrCrtr);
|
||||
if ($usrInfo['status'] == 'CLOSED'){
|
||||
$oData->process['PRO_CREATE_USER'] = $_SESSION['USER_LOGGED'];
|
||||
}
|
||||
} else {
|
||||
$oData->process['PRO_CREATE_USER'] = $_SESSION['USER_LOGGED'];
|
||||
}
|
||||
|
||||
$Fields['PRO_FILENAME'] = $filename;
|
||||
|
||||
@@ -43,16 +43,38 @@ if ($handle = opendir( PATH_PLUGINS )) {
|
||||
$oPluginRegistry->disablePlugin( $details->sNamespace );
|
||||
$size = file_put_contents( PATH_DATA_SITE . 'plugin.singleton', $oPluginRegistry->serializeInstance() );
|
||||
G::auditLog("DisablePlugin", "Plugin Name: ".$details->sNamespace);
|
||||
print "size saved : $size <br>";
|
||||
//print "size saved : $size <br>";
|
||||
} else {
|
||||
//print "change to ENABLED";
|
||||
require_once (PATH_PLUGINS . $pluginFile);
|
||||
$details = $oPluginRegistry->getPluginDetails( $pluginFile );
|
||||
$oPluginRegistry->enablePlugin( $details->sNamespace );
|
||||
$oPluginRegistry->setupPlugins(); //get and setup enabled plugins
|
||||
$size = file_put_contents( PATH_DATA_SITE . 'plugin.singleton', $oPluginRegistry->serializeInstance() );
|
||||
G::auditLog("EnablePlugin", "Plugin Name: ".$details->sNamespace);
|
||||
print "size saved : $size <br>";
|
||||
$pluginName = str_replace(".php", "", $pluginFile);
|
||||
|
||||
if (is_file(PATH_PLUGINS . $pluginName . ".php") && is_dir(PATH_PLUGINS . $pluginName)) {
|
||||
//Check disabled code
|
||||
G::LoadClass("codeScanner");
|
||||
|
||||
$arraySystemConfiguration = System::getSystemConfiguration(PATH_CONFIG . "env.ini");
|
||||
|
||||
$cs = new CodeScanner((isset($arraySystemConfiguration["enable_blacklist"]) && (int)($arraySystemConfiguration["enable_blacklist"]) == 1)? "DISABLED_CODE" : "");
|
||||
|
||||
$arrayFoundDisabledCode = array_merge($cs->checkDisabledCode("FILE", PATH_PLUGINS . $pluginName . ".php"), $cs->checkDisabledCode("PATH", PATH_PLUGINS . $pluginName));
|
||||
|
||||
if (count($arrayFoundDisabledCode) > 0) {
|
||||
$response = array();
|
||||
$response["status"] = "DISABLED-CODE";
|
||||
$response["message"] = G::LoadTranslation("ID_DISABLED_CODE_PLUGIN");
|
||||
|
||||
echo G::json_encode($response);
|
||||
exit(0);
|
||||
}
|
||||
|
||||
//print "change to ENABLED";
|
||||
require_once(PATH_PLUGINS . $pluginFile);
|
||||
$details = $oPluginRegistry->getPluginDetails($pluginFile);
|
||||
$oPluginRegistry->enablePlugin($details->sNamespace);
|
||||
$oPluginRegistry->setupPlugins(); //get and setup enabled plugins
|
||||
$size = file_put_contents(PATH_DATA_SITE . "plugin.singleton", $oPluginRegistry->serializeInstance());
|
||||
G::auditLog("EnablePlugin", "Plugin Name: " . $details->sNamespace);
|
||||
//print "size saved : $size <br>";
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -162,6 +162,20 @@ try {
|
||||
}
|
||||
$res = $tar->extract( $path );
|
||||
|
||||
//Check disabled code
|
||||
G::LoadClass("codeScanner");
|
||||
|
||||
$arraySystemConfiguration = System::getSystemConfiguration(PATH_CONFIG . "env.ini");
|
||||
|
||||
$cs = new CodeScanner((isset($arraySystemConfiguration["enable_blacklist"]) && (int)($arraySystemConfiguration["enable_blacklist"]) == 1)? "DISABLED_CODE" : "");
|
||||
|
||||
$arrayFoundDisabledCode = array_merge($cs->checkDisabledCode("FILE", $path . $pluginFile), $cs->checkDisabledCode("PATH", $path . $sClassName));
|
||||
|
||||
if (count($arrayFoundDisabledCode) > 0) {
|
||||
throw new Exception(G::LoadTranslation("ID_DISABLED_CODE_PLUGIN"));
|
||||
}
|
||||
|
||||
//Check if is enterprise plugin
|
||||
$sContent = file_get_contents( $path . $pluginFile );
|
||||
$chain = preg_quote( 'extends enterprisePlugin' );
|
||||
if (strpos( $sContent, $chain )) {
|
||||
@@ -237,14 +251,14 @@ try {
|
||||
|
||||
$oPluginRegistry->setupPlugins(); //get and setup enabled plugins
|
||||
$size = file_put_contents( PATH_DATA_SITE . "plugin.singleton", $oPluginRegistry->serializeInstance() );
|
||||
|
||||
|
||||
$response = $oPluginRegistry->verifyTranslation( $details->sNamespace);
|
||||
G::auditLog("InstallPlugin", "Plugin Name: ".$details->sNamespace );
|
||||
|
||||
//if ($response->recordsCountSuccess <= 0) {
|
||||
//throw (new Exception( 'The plugin ' . $details->sNamespace . ' couldn\'t verify any translation item. Verified Records:' . $response->recordsCountSuccess));
|
||||
//}
|
||||
|
||||
|
||||
G::header( "Location: pluginsMain" );
|
||||
die();
|
||||
} catch (Exception $e) {
|
||||
|
||||
@@ -63,13 +63,17 @@ if (isset( $sfunction ) && $sfunction == 'lookforNameTrigger') {
|
||||
}
|
||||
|
||||
}
|
||||
print $flag;
|
||||
//print'krlos';return ;
|
||||
|
||||
echo $flag;
|
||||
} else {
|
||||
G::LoadClass("processMap");
|
||||
G::LoadClass("codeScanner");
|
||||
|
||||
$response = array();
|
||||
|
||||
try {
|
||||
$oTrigger = new Triggers();
|
||||
|
||||
G::LoadClass( 'processMap' );
|
||||
$oProcessMap = new processMap( new DBConnection() );
|
||||
if (isset( $_POST['form'] )) {
|
||||
$value = $_POST['form'];
|
||||
@@ -77,6 +81,25 @@ if (isset( $sfunction ) && $sfunction == 'lookforNameTrigger') {
|
||||
$value = $_POST;
|
||||
}
|
||||
|
||||
if (isset($value["TRI_WEBBOT"])) {
|
||||
//Check disabled code
|
||||
$arraySystemConfiguration = System::getSystemConfiguration(PATH_CONFIG . "env.ini");
|
||||
|
||||
$cs = new CodeScanner((isset($arraySystemConfiguration["enable_blacklist"]) && (int)($arraySystemConfiguration["enable_blacklist"]) == 1)? "DISABLED_CODE" : "");
|
||||
|
||||
$arrayFoundDisabledCode = $cs->checkDisabledCode("SOURCE", $value["TRI_WEBBOT"]);
|
||||
|
||||
if (count($arrayFoundDisabledCode) > 0) {
|
||||
$strCodeAndLine = "";
|
||||
|
||||
foreach ($arrayFoundDisabledCode["source"] as $key => $value) {
|
||||
$strCodeAndLine .= (($strCodeAndLine != "")? ", " : "") . G::LoadTranslation("ID_DISABLED_CODE_CODE_AND_LINE", array($key, implode(", ", $value)));
|
||||
}
|
||||
|
||||
throw new Exception(G::LoadTranslation("ID_DISABLED_CODE_TRIGGER", array($strCodeAndLine)));
|
||||
}
|
||||
}
|
||||
|
||||
if ($value['TRI_UID'] != '') {
|
||||
$oTrigger->load( $value['TRI_UID'] );
|
||||
} else {
|
||||
@@ -86,15 +109,17 @@ if (isset( $sfunction ) && $sfunction == 'lookforNameTrigger') {
|
||||
//print_r($_POST['form']);die;
|
||||
$oTrigger->update( $value );
|
||||
|
||||
if (! isset( $_POST['mode'] )) {
|
||||
$oProcessMap->triggersList( $value['PRO_UID'] );
|
||||
}
|
||||
$result->success = true;
|
||||
$result->msg = G::LoadTranslation( 'ID_TRIGGERS_SAVED' );
|
||||
//if (! isset( $_POST['mode'] )) {
|
||||
// $oProcessMap->triggersList( $value['PRO_UID'] );
|
||||
//}
|
||||
|
||||
$response["success"] = true;
|
||||
$response["msg"] = G::LoadTranslation("ID_TRIGGERS_SAVED");
|
||||
} catch (Exception $e) {
|
||||
$result->success = false;
|
||||
$result->msg = $e->getMessage();
|
||||
$response["success"] = false;
|
||||
$response["msg"] = $e->getMessage();
|
||||
}
|
||||
print G::json_encode( $result );
|
||||
|
||||
echo G::json_encode($response);
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user