diff --git a/gulliver/system/class.codeScanner.php b/gulliver/system/class.codeScanner.php
index b47bcffe4..b87dcb976 100644
--- a/gulliver/system/class.codeScanner.php
+++ b/gulliver/system/class.codeScanner.php
@@ -12,7 +12,8 @@ if (!defined("T_ML_COMMENT")) {
class CodeScanner
{
- private $arrayDisabledCode = array();
+ private $arrayDisabledCode = [];
+ private $scope = [];
/**
* Constructor of the class
@@ -25,31 +26,47 @@ class CodeScanner
{
try {
$flag = false;
+ $scope = [];
+ $workspaceName = '';
- if (!is_null($option)) {
- switch (gettype($option)) {
- case 'string':
- $workspace = new WorkspaceTools($option);
-
- if ($workspace->workspaceExists()) {
- $arraySystemConfiguration = System::getSystemConfiguration('', '', $workspace->name);
- $flag = (int)($arraySystemConfiguration['enable_blacklist']) == 1;
- }
- break;
- case 'boolean':
- $flag = $option;
- break;
- }
+ switch (gettype($option)) {
+ case 'string':
+ $workspace = new WorkspaceTools($option);
+ if ($workspace->workspaceExists()) {
+ $workspaceName = $workspace->name;
+ }
+ // Note. Not exist the "break" statement because we need to continue with the next option immediately
+ case 'NULL':
+ $workspaceName = !empty($workspaceName) ? $workspaceName : (defined('SYS_SYS') ? SYS_SYS : '');
+ $arraySystemConfiguration = System::getSystemConfiguration('', '', $workspaceName);
+ $flag = (int)($arraySystemConfiguration['enable_blacklist']) == 1;
+ $scope = explode(',', str_replace(' ', '', $arraySystemConfiguration['code_scanner_scope']));
+ break;
+ case 'boolean':
+ $flag = $option;
+ break;
}
if ($flag) {
$this->setArrayDisabledCode();
}
+
+ $this->scope = $scope;
} catch (Exception $e) {
throw $e;
}
}
+ /**
+ * Get the scope
+ *
+ * @return array
+ */
+ public function getScope()
+ {
+ return $this->scope;
+ }
+
/**
* Set disabled code
*
@@ -173,21 +190,22 @@ class CodeScanner
/**
* Check disabled code
*
- * @param string $option Option (SOURCE, PATH, FILE)
- * @param string $data Data
+ * @param string $option, can be: (SOURCE, PATH, FILE)
+ * @param string $data
*
- * return array Returns an array with disabled code found, array empty otherwise
+ * @return array
+ * @throws Exception
*/
public function checkDisabledCode($option, $data)
{
try {
if (!$this->existsDisabledCode()) {
//Return
- return array();
+ return [];
}
//Search code
- $arrayFoundCode = array();
+ $arrayFoundCode = [];
switch ($option) {
case "SOURCE":
@@ -210,7 +228,8 @@ class CodeScanner
$f = $path . PATH_SEP . $file;
if (is_dir($f) || (is_file($f) && preg_match("/\.php$/", $f))) {
- $arrayFoundCode = array_merge($arrayFoundCode, $this->checkDisabledCode((is_dir($f))? "PATH" : "FILE", $f));
+ $arrayFoundCode = array_merge($arrayFoundCode,
+ $this->checkDisabledCode((is_dir($f)) ? "PATH" : "FILE", $f));
}
}
}
diff --git a/workflow/engine/bin/tasks/cliWorkspaces.php b/workflow/engine/bin/tasks/cliWorkspaces.php
index 14daabc23..80cb7ea90 100644
--- a/workflow/engine/bin/tasks/cliWorkspaces.php
+++ b/workflow/engine/bin/tasks/cliWorkspaces.php
@@ -968,6 +968,7 @@ function run_check_workspace_disabled_code($args, $opts)
/**
* This function is executed only by one workspace
* Code Security Scanner related to the custom blacklist
+ *
* @param array $args, the specific actions must be: upgrade|check
* @param array $opts, workspaceName for to apply the database-upgrade
*
diff --git a/workflow/engine/classes/Cases.php b/workflow/engine/classes/Cases.php
index 0f0fe232d..1620da177 100644
--- a/workflow/engine/classes/Cases.php
+++ b/workflow/engine/classes/Cases.php
@@ -3610,7 +3610,8 @@ class Cases
}
/**
- * Review the code in the trigger if the feature is enable
+ * If the feature is enable and the code_scanner_scope has the argument trigger the code scanner will check the code
+ * Review in the running cases
*
* @param CodeScanner $cs
* @param string $code
@@ -3618,12 +3619,14 @@ class Cases
*
* @return string
*
+ * @link https://wiki.processmaker.com/Plugin_Trigger_Code_Security_Scanner_v2
*/
private function codeScannerReview(CodeScanner $cs, $code, $triTitle)
{
$foundDisabledCode = "";
/*----------------------------------********---------------------------------*/
- if (PMLicensedFeatures::getSingleton()->verifyfeature("B0oWlBLY3hHdWY0YUNpZEtFQm5CeTJhQlIwN3IxMEkwaG4=")) {
+ if (PMLicensedFeatures::getSingleton()->verifyfeature("B0oWlBLY3hHdWY0YUNpZEtFQm5CeTJhQlIwN3IxMEkwaG4=") &&
+ in_array('trigger', $cs->getScope())) {
//Check disabled code
$arrayFoundDisabledCode = $cs->checkDisabledCode("SOURCE", $code);
diff --git a/workflow/engine/classes/Processes.php b/workflow/engine/classes/Processes.php
index 6811c6546..07d6bdd1c 100644
--- a/workflow/engine/classes/Processes.php
+++ b/workflow/engine/classes/Processes.php
@@ -6352,17 +6352,21 @@ class Processes
}
/**
- * Get disabled code
+ * If the feature is enable and the code_scanner_scope has the arguments for enable code scanner
+ * Review the triggers related to the process
*
* @param string $processUid Unique id of Process
* @param string $workspaceName Workspace name
*
- * @return array Returns an array with disabled code found, array empty otherwise
+ * @return array
+ * @throws Exception
+ *
+ * @link https://wiki.processmaker.com/Plugin_Trigger_Code_Security_Scanner_v2
*/
public function getDisabledCode($processUid = null, $workspaceName = null)
{
try {
- $arrayDisabledCode = array();
+ $arrayDisabledCode = [];
/*----------------------------------********---------------------------------*/
if (!PMLicensedFeatures::getSingleton()->verifyfeature("B0oWlBLY3hHdWY0YUNpZEtFQm5CeTJhQlIwN3IxMEkwaG4=")) {
@@ -6412,23 +6416,24 @@ class Processes
$triggerTitle = $row["TRI_TITLE"];
$triggerWebbot = $row["TRI_WEBBOT"];
- //Check disabled code
+ $arrayFoundDisabledCode = [];
+ // @todo: The PO's needs to define the behaviour when the command check-workspace-disabled-code was executed
$arrayFoundDisabledCode = $cs->checkDisabledCode("SOURCE", $triggerWebbot);
if (!empty($arrayFoundDisabledCode)) {
if (!isset($arrayDisabledCode[$processUid])) {
- $arrayDisabledCode[$processUid] = array(
+ $arrayDisabledCode[$processUid] = [
"processUid" => $processUid,
"processTitle" => $processTitle,
- "triggers" => array()
- );
+ "triggers" => []
+ ];
}
- $arrayDisabledCode[$processUid]["triggers"][] = array(
+ $arrayDisabledCode[$processUid]["triggers"][] = [
"triggerUid" => $triggerUid,
"triggerTitle" => $triggerTitle,
"disabledCode" => $arrayFoundDisabledCode["source"],
- );
+ ];
}
}
}
diff --git a/workflow/engine/classes/WorkspaceTools.php b/workflow/engine/classes/WorkspaceTools.php
index cfc477ce4..90c87b991 100644
--- a/workflow/engine/classes/WorkspaceTools.php
+++ b/workflow/engine/classes/WorkspaceTools.php
@@ -2464,9 +2464,14 @@ class WorkspaceTools
}
/**
- * Get disabled code
+ * If the feature is enable and the code_scanner_scope was enable will check in the command
+ * Review when the command check-workspace-disabled-code was executed
*
- * @return array Returns an array with disabled code found, array empty otherwise
+ * @return array
+ * @throws Exception
+ *
+ * @link https://wiki.processmaker.com/3.3/processmaker_command#check-workspace-disabled-code
+ * @uses cliWorkspaces.php
*/
public function getDisabledCode()
{
diff --git a/workflow/engine/methods/processes/processes_Import_Ajax.php b/workflow/engine/methods/processes/processes_Import_Ajax.php
index 8804289aa..1f93ad490 100644
--- a/workflow/engine/methods/processes/processes_Import_Ajax.php
+++ b/workflow/engine/methods/processes/processes_Import_Ajax.php
@@ -2,27 +2,13 @@
/**
* processes_ImportFile.php
*
- * ProcessMaker Open Source Edition
- * Copyright (C) 2004 - 2008 Colosa Inc.
+ * If the feature is enable and the code_scanner_scope was enable the argument import_process will check the code
+ * Review in a process import
*
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as
- * published by the Free Software Foundation, either version 3 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program. If not, see .
- *
- * For more information, contact Colosa Inc, 2566 Le Jeune Rd.,
- * Coral Gables, FL, 33134, USA, or email info@colosa.com.
+ * @link https://wiki.processmaker.com/3.1/Importing_and_Exporting_Projects#Importing_a_Project
*/
-use \ProcessMaker\Importer\XmlImporter;
+use ProcessMaker\Importer\XmlImporter;
use ProcessMaker\Validation\ValidationUploadedFiles;
ValidationUploadedFiles::getValidationUploadedFiles()->dispatch(function($validator) {
@@ -35,7 +21,7 @@ ValidationUploadedFiles::getValidationUploadedFiles()->dispatch(function($valida
});
ini_set("max_execution_time", 0);
-$affectedGroups = array();
+$affectedGroups = [];
$granularImport = false;
$objectImport = '';
$objectsToImport = '';
@@ -49,10 +35,10 @@ if (PMLicensedFeatures::getSingleton()->verifyfeature("B0oWlBLY3hHdWY0YUNpZEtFQm
preg_match("/^(?:pm|pmx|pmx2)$/", pathinfo($_FILES["PROCESS_FILENAME"]["name"], PATHINFO_EXTENSION))
) {
//Check disabled code
- $response = array();
+ $response = [];
try {
- $arrayTrigger = array();
+ $arrayTrigger = [];
$projectTitle = "";
switch (pathinfo($_FILES["PROCESS_FILENAME"]["name"], PATHINFO_EXTENSION)) {
@@ -87,7 +73,11 @@ if (PMLicensedFeatures::getSingleton()->verifyfeature("B0oWlBLY3hHdWY0YUNpZEtFQm
foreach ($arrayTrigger as $value) {
$arrayTriggerData = $value;
- $arrayFoundDisabledCode = $cs->checkDisabledCode("SOURCE", $arrayTriggerData["TRI_WEBBOT"]);
+ if (in_array('import_process', $cs->getScope())) {
+ $arrayFoundDisabledCode = $cs->checkDisabledCode("SOURCE", $arrayTriggerData["TRI_WEBBOT"]);
+ } else {
+ $arrayFoundDisabledCode = [];
+ }
if (!empty($arrayFoundDisabledCode)) {
$strCodeAndLine = "";
diff --git a/workflow/engine/methods/setup/pluginsChange.php b/workflow/engine/methods/setup/pluginsChange.php
index fae89fef1..26ef19e1a 100644
--- a/workflow/engine/methods/setup/pluginsChange.php
+++ b/workflow/engine/methods/setup/pluginsChange.php
@@ -1,25 +1,10 @@
.
- *
- * For more information, contact Colosa Inc, 2566 Le Jeune Rd.,
- * Coral Gables, FL, 33134, USA, or email info@colosa.com.
+ * @link https://wiki.processmaker.com/3.0/Plugins#Enable_and_Disable_a_Plugin
*/
// lets display the items
@@ -55,13 +40,14 @@ if ($handle = opendir(PATH_PLUGINS)) {
->verifyfeature('B0oWlBLY3hHdWY0YUNpZEtFQm5CeTJhQlIwN3IxMEkwaG4=')
) {
//Check disabled code
-
+ $arrayFoundDisabledCode = [];
$cs = new CodeScanner(config("system.workspace"));
-
- $arrayFoundDisabledCode = array_merge(
- $cs->checkDisabledCode("FILE", PATH_PLUGINS . $pluginName . ".php"),
- $cs->checkDisabledCode("PATH", PATH_PLUGINS . $pluginName)
- );
+ if (in_array('enable_plugin', $cs->getScope())) {
+ $arrayFoundDisabledCode = array_merge(
+ $cs->checkDisabledCode("FILE", PATH_PLUGINS . $pluginName . ".php"),
+ $cs->checkDisabledCode("PATH", PATH_PLUGINS . $pluginName)
+ );
+ }
if (!empty($arrayFoundDisabledCode)) {
$response = array();
diff --git a/workflow/engine/methods/setup/pluginsImportFile.php b/workflow/engine/methods/setup/pluginsImportFile.php
index 79a051d5f..bee1b524f 100644
--- a/workflow/engine/methods/setup/pluginsImportFile.php
+++ b/workflow/engine/methods/setup/pluginsImportFile.php
@@ -3,25 +3,10 @@
*
* processes_ImportFile.php
*
- * ProcessMaker Open Source Edition
- * Copyright (C) 2004 - 2008 Colosa Inc.23
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as
- * published by the Free Software Foundation, either version 3 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program. If not, see .
- *
- * For more information, contact Colosa Inc, 2566 Le Jeune Rd.,
- * Coral Gables, FL, 33134, USA, or email info@colosa.com.
+ * If the feature is enable and the code_scanner_scope was enable with the argument import_plugin, will check the code
+ * Review when a plugin was enable
*
+ * @link https://wiki.processmaker.com/3.0/Plugins#Import_a_Plugin
*/
use ProcessMaker\Core\System;
@@ -251,10 +236,12 @@ try {
/*----------------------------------********---------------------------------*/
if (PMLicensedFeatures::getSingleton()->verifyfeature("B0oWlBLY3hHdWY0YUNpZEtFQm5CeTJhQlIwN3IxMEkwaG4=")) {
//Check disabled code
-
+ $arrayFoundDisabledCode = [];
$cs = new CodeScanner(config("system.workspace"));
-
- $arrayFoundDisabledCode = array_merge($cs->checkDisabledCode("FILE", $path . $pluginFile), $cs->checkDisabledCode("PATH", $path . $sClassName));
+ if (in_array('import_plugin', $cs->getScope())) {
+ $arrayFoundDisabledCode = array_merge($cs->checkDisabledCode("FILE", $path . $pluginFile),
+ $cs->checkDisabledCode("PATH", $path . $sClassName));
+ }
if (!empty($arrayFoundDisabledCode)) {
throw new Exception(G::LoadTranslation("ID_DISABLED_CODE_PLUGIN"));
diff --git a/workflow/engine/methods/triggers/triggers_Save.php b/workflow/engine/methods/triggers/triggers_Save.php
index a08dbbfa4..2e729cbaa 100644
--- a/workflow/engine/methods/triggers/triggers_Save.php
+++ b/workflow/engine/methods/triggers/triggers_Save.php
@@ -2,24 +2,8 @@
/**
* triggers_Save.php
*
- * ProcessMaker Open Source Edition
- * Copyright (C) 2004 - 2008 Colosa Inc.23
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as
- * published by the Free Software Foundation, either version 3 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program. If not, see .
- *
- * For more information, contact Colosa Inc, 2566 Le Jeune Rd.,
- * Coral Gables, FL, 33134, USA, or email info@colosa.com.
+ * If the feature is enable and the code_scanner_scope was enable with the argument trigger, will check the code
+ * Review when a trigger is save
*/
if (($RBAC_Response = $RBAC->userCanAccess( "PM_FACTORY" )) != 1) {
@@ -60,10 +44,11 @@ if (isset( $sfunction ) && $sfunction == 'lookforNameTrigger') {
isset($value["TRI_WEBBOT"])
) {
//Check disabled code
-
+ $arrayFoundDisabledCode = [];
$cs = new CodeScanner(config("system.workspace"));
-
- $arrayFoundDisabledCode = $cs->checkDisabledCode("SOURCE", $value["TRI_WEBBOT"]);
+ if (in_array('trigger', $cs->getScope())) {
+ $arrayFoundDisabledCode = $cs->checkDisabledCode("SOURCE", $value["TRI_WEBBOT"]);
+ }
if (!empty($arrayFoundDisabledCode)) {
$strCodeAndLine = "";
diff --git a/workflow/engine/src/ProcessMaker/BusinessModel/Trigger.php b/workflow/engine/src/ProcessMaker/BusinessModel/Trigger.php
index 1f54743fb..dae102a31 100644
--- a/workflow/engine/src/ProcessMaker/BusinessModel/Trigger.php
+++ b/workflow/engine/src/ProcessMaker/BusinessModel/Trigger.php
@@ -1,6 +1,12 @@
- * @copyright Colosa - Bolivia
+ * @param string $proUid. Uid for Process
+ * @param array $dataTrigger. Data for Trigger
+ * @param boolean $create. Create o Update Trigger
+ * @param string $triggerUid. Uid for Trigger
*
* @return array
+ * @throws Exception
+ *
+ * @uses \ProcessMaker\Services\Api\Project\Trigger::doPostTrigger()
+ * @uses \ProcessMaker\Services\Api\Project\Trigger::doPutTrigger()
*/
- public function saveTrigger($sProcessUID = '', $dataTrigger = array(), $create = false, $sTriggerUid = '')
+ public function saveTrigger($proUid = '', $dataTrigger = [], $create = false, $triggerUid = '')
{
- if ( ($sProcessUID == '') || (count($dataTrigger) == 0) ) {
+ if ((empty($proUid)) || empty($dataTrigger)) {
return false;
}
$dataTrigger = array_change_key_case($dataTrigger, CASE_UPPER);
- if ( $create && (isset($dataTrigger['TRI_UID'])) ) {
+ if ($create && (isset($dataTrigger['TRI_UID']))) {
unset($dataTrigger['TRI_UID']);
}
- $dataTrigger= (array)$dataTrigger;
+ $dataTrigger = (array)$dataTrigger;
$dataTrigger['TRI_TYPE'] = 'SCRIPT';
if (isset($dataTrigger['TRI_TITLE'])) {
- if (!$this->verifyNameTrigger($sProcessUID, $dataTrigger['TRI_TITLE'], $sTriggerUid)) {
- throw new \Exception(\G::LoadTranslation("ID_CANT_SAVE_TRIGGER"));
+ if (!$this->verifyNameTrigger($proUid, $dataTrigger['TRI_TITLE'], $triggerUid)) {
+ throw new Exception(G::LoadTranslation("ID_CANT_SAVE_TRIGGER"));
}
}
/*----------------------------------********---------------------------------*/
- if (\PMLicensedFeatures::getSingleton()->verifyfeature("B0oWlBLY3hHdWY0YUNpZEtFQm5CeTJhQlIwN3IxMEkwaG4=") &&
+ if (PMLicensedFeatures::getSingleton()->verifyfeature("B0oWlBLY3hHdWY0YUNpZEtFQm5CeTJhQlIwN3IxMEkwaG4=") &&
isset($dataTrigger["TRI_WEBBOT"])
) {
//Check disabled code
-
- $cs = new \CodeScanner(config("system.workspace"));
-
- $arrayFoundDisabledCode = $cs->checkDisabledCode("SOURCE", $dataTrigger["TRI_WEBBOT"]);
+ $arrayFoundDisabledCode = [];
+ $cs = new CodeScanner(config("system.workspace"));
+ if (in_array('trigger', $cs->getScope())) {
+ $arrayFoundDisabledCode = $cs->checkDisabledCode("SOURCE", $dataTrigger["TRI_WEBBOT"]);
+ }
if (!empty($arrayFoundDisabledCode)) {
$strCodeAndLine = "";
foreach ($arrayFoundDisabledCode["source"] as $key => $value) {
- $strCodeAndLine .= (($strCodeAndLine != "")? ", " : "") . \G::LoadTranslation("ID_DISABLED_CODE_CODE_AND_LINE", array($key, implode(", ", $value)));
+ $strCodeAndLine .= (($strCodeAndLine != "") ? ", " : "") . G::LoadTranslation("ID_DISABLED_CODE_CODE_AND_LINE",
+ [$key, implode(", ", $value)]);
}
- throw new \Exception(\G::LoadTranslation("ID_DISABLED_CODE_TRIGGER", array($strCodeAndLine)));
+ throw new Exception(G::LoadTranslation("ID_DISABLED_CODE_TRIGGER", [$strCodeAndLine]));
}
}
/*----------------------------------********---------------------------------*/
- $dataTrigger['PRO_UID'] = $sProcessUID;
- $oTrigger = new \Triggers();
+ $dataTrigger['PRO_UID'] = $proUid;
+ $trigger = new ModelTriggers();
if ($create) {
- $oTrigger->create( $dataTrigger );
- $dataTrigger['TRI_UID'] = $oTrigger->getTriUid();
+ $trigger->create($dataTrigger);
+ $dataTrigger['TRI_UID'] = $trigger->getTriUid();
}
- $oTrigger->update( $dataTrigger );
+ $trigger->update($dataTrigger);
if ($create) {
- $dataResp = $oTrigger->load( $dataTrigger['TRI_UID'] );
+ $dataResp = $trigger->load($dataTrigger['TRI_UID']);
$dataResp = array_change_key_case($dataResp, CASE_LOWER);
if (isset($dataResp['pro_uid'])) {
unset($dataResp['pro_uid']);
}
return $dataResp;
}
- return array();
+
+ return [];
}
/**
diff --git a/workflow/engine/src/ProcessMaker/Core/System.php b/workflow/engine/src/ProcessMaker/Core/System.php
index 37661ee38..1269689cb 100644
--- a/workflow/engine/src/ProcessMaker/Core/System.php
+++ b/workflow/engine/src/ProcessMaker/Core/System.php
@@ -54,6 +54,7 @@ class System
'error_reporting' => "",
'display_errors' => 'On',
'enable_blacklist' => 0,
+ 'code_scanner_scope' => 'import_plugin,enable_plugin,import_process,trigger',
'system_utc_time_zone' => 0,
'server_protocol' => '',
'leave_case_warning' => 0,