fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

PMC-1173

Browse Source
This commit is contained in:
Julio Cesar Laura Avendaño
2019-09-06 15:49:07 -04:00
committed by Paula Quispe
parent 1e4f663a53
commit bd16aeabfd
11 changed files with 143 additions and 149 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
gulliver/system/class.codeScanner.php
View File

@@ -12,7 +12,8 @@ if (!defined("T_ML_COMMENT")) {
class CodeScanner
{
private $arrayDisabledCode = array();
private $arrayDisabledCode = [];
private $scope = [];
/**
* Constructor of the class
@@ -25,31 +26,47 @@ class CodeScanner
{
try {
$flag = false;
$scope = [];
$workspaceName = '';
if (!is_null($option)) {
switch (gettype($option)) {
case 'string':
$workspace = new WorkspaceTools($option);
if ($workspace->workspaceExists()) {
$arraySystemConfiguration = System::getSystemConfiguration('', '', $workspace->name);
$flag = (int)($arraySystemConfiguration['enable_blacklist']) == 1;
$workspaceName = $workspace->name;
}
// Note. Not exist the "break" statement because we need to continue with the next option immediately
case 'NULL':
$workspaceName = !empty($workspaceName) ? $workspaceName : (defined('SYS_SYS') ? SYS_SYS : '');
$arraySystemConfiguration = System::getSystemConfiguration('', '', $workspaceName);
$flag = (int)($arraySystemConfiguration['enable_blacklist']) == 1;
$scope = explode(',', str_replace(' ', '', $arraySystemConfiguration['code_scanner_scope']));
break;
case 'boolean':
$flag = $option;
break;
}
}
if ($flag) {
$this->setArrayDisabledCode();
}
$this->scope = $scope;
} catch (Exception $e) {
throw $e;
}
}
/**
* Get the scope
*
* @return array
*/
public function getScope()
{
return $this->scope;
}
/**
* Set disabled code
*
@@ -173,21 +190,22 @@ class CodeScanner
/**
* Check disabled code
*
* @param string $option Option (SOURCE, PATH, FILE)
* @param string $data Data
* @param string $option, can be: (SOURCE, PATH, FILE)
* @param string $data
*
* return array Returns an array with disabled code found, array empty otherwise
* @return array
* @throws Exception
*/
public function checkDisabledCode($option, $data)
{
try {
if (!$this->existsDisabledCode()) {
//Return
return array();
return [];
}
//Search code
$arrayFoundCode = array();
$arrayFoundCode = [];
switch ($option) {
case "SOURCE":
@@ -210,7 +228,8 @@ class CodeScanner
$f = $path . PATH_SEP . $file;
if (is_dir($f) || (is_file($f) && preg_match("/\.php$/", $f))) {
$arrayFoundCode = array_merge($arrayFoundCode, $this->checkDisabledCode((is_dir($f))? "PATH" : "FILE", $f));
$arrayFoundCode = array_merge($arrayFoundCode,
$this->checkDisabledCode((is_dir($f)) ? "PATH" : "FILE", $f));
}
}
}

1
workflow/engine/bin/tasks/cliWorkspaces.php
View File

@@ -968,6 +968,7 @@ function run_check_workspace_disabled_code($args, $opts)
/**
* This function is executed only by one workspace
* Code Security Scanner related to the custom blacklist
*
* @param array $args, the specific actions must be: upgrade|check
* @param array $opts, workspaceName for to apply the database-upgrade
*

7
workflow/engine/classes/Cases.php
View File

@@ -3610,7 +3610,8 @@ class Cases
}
/**
* Review the code in the trigger if the feature is enable
* If the feature is enable and the code_scanner_scope has the argument trigger the code scanner will check the code
* Review in the running cases
*
* @param CodeScanner $cs
* @param string $code
@@ -3618,12 +3619,14 @@ class Cases
*
* @return string
*
* @link https://wiki.processmaker.com/Plugin_Trigger_Code_Security_Scanner_v2
*/
private function codeScannerReview(CodeScanner $cs, $code, $triTitle)
{
$foundDisabledCode = "";
/*----------------------------------********---------------------------------*/
if (PMLicensedFeatures::getSingleton()->verifyfeature("B0oWlBLY3hHdWY0YUNpZEtFQm5CeTJhQlIwN3IxMEkwaG4=")) {
if (PMLicensedFeatures::getSingleton()->verifyfeature("B0oWlBLY3hHdWY0YUNpZEtFQm5CeTJhQlIwN3IxMEkwaG4=") &&
in_array('trigger', $cs->getScope())) {
//Check disabled code
$arrayFoundDisabledCode = $cs->checkDisabledCode("SOURCE", $code);

23
workflow/engine/classes/Processes.php
View File

@@ -6352,17 +6352,21 @@ class Processes
}
/**
* Get disabled code
* If the feature is enable and the code_scanner_scope has the arguments for enable code scanner
* Review the triggers related to the process
*
* @param string $processUid Unique id of Process
* @param string $workspaceName Workspace name
*
* @return array Returns an array with disabled code found, array empty otherwise
* @return array
* @throws Exception
*
* @link https://wiki.processmaker.com/Plugin_Trigger_Code_Security_Scanner_v2
*/
public function getDisabledCode($processUid = null, $workspaceName = null)
{
try {
$arrayDisabledCode = array();
$arrayDisabledCode = [];
/*----------------------------------********---------------------------------*/
if (!PMLicensedFeatures::getSingleton()->verifyfeature("B0oWlBLY3hHdWY0YUNpZEtFQm5CeTJhQlIwN3IxMEkwaG4=")) {
@@ -6412,23 +6416,24 @@ class Processes
$triggerTitle = $row["TRI_TITLE"];
$triggerWebbot = $row["TRI_WEBBOT"];
//Check disabled code
$arrayFoundDisabledCode = [];
// @todo: The PO's needs to define the behaviour when the command check-workspace-disabled-code was executed
$arrayFoundDisabledCode = $cs->checkDisabledCode("SOURCE", $triggerWebbot);
if (!empty($arrayFoundDisabledCode)) {
if (!isset($arrayDisabledCode[$processUid])) {
$arrayDisabledCode[$processUid] = array(
$arrayDisabledCode[$processUid] = [
"processUid" => $processUid,
"processTitle" => $processTitle,
"triggers" => array()
);
"triggers" => []
];
}
$arrayDisabledCode[$processUid]["triggers"][] = array(
$arrayDisabledCode[$processUid]["triggers"][] = [
"triggerUid" => $triggerUid,
"triggerTitle" => $triggerTitle,
"disabledCode" => $arrayFoundDisabledCode["source"],
);
];
}
}
}

9
workflow/engine/classes/WorkspaceTools.php
View File

@@ -2464,9 +2464,14 @@ class WorkspaceTools
}
/**
* Get disabled code
* If the feature is enable and the code_scanner_scope was enable will check in the command
* Review when the command check-workspace-disabled-code was executed
*
* @return array Returns an array with disabled code found, array empty otherwise
* @return array
* @throws Exception
*
* @link https://wiki.processmaker.com/3.3/processmaker_command#check-workspace-disabled-code
* @uses cliWorkspaces.php
*/
public function getDisabledCode()
{

32
workflow/engine/methods/processes/processes_Import_Ajax.php
View File

@@ -2,27 +2,13 @@
/**
* processes_ImportFile.php
*
* ProcessMaker Open Source Edition
* Copyright (C) 2004 - 2008 Colosa Inc.
* If the feature is enable and the code_scanner_scope was enable the argument import_process will check the code
* Review in a process import
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* For more information, contact Colosa Inc, 2566 Le Jeune Rd.,
* Coral Gables, FL, 33134, USA, or email info@colosa.com.
* @link https://wiki.processmaker.com/3.1/Importing_and_Exporting_Projects#Importing_a_Project
*/
use \ProcessMaker\Importer\XmlImporter;
use ProcessMaker\Importer\XmlImporter;
use ProcessMaker\Validation\ValidationUploadedFiles;
ValidationUploadedFiles::getValidationUploadedFiles()->dispatch(function($validator) {
@@ -35,7 +21,7 @@ ValidationUploadedFiles::getValidationUploadedFiles()->dispatch(function($valida
});
ini_set("max_execution_time", 0);
$affectedGroups = array();
$affectedGroups = [];
$granularImport = false;
$objectImport = '';
$objectsToImport = '';
@@ -49,10 +35,10 @@ if (PMLicensedFeatures::getSingleton()->verifyfeature("B0oWlBLY3hHdWY0YUNpZEtFQm
preg_match("/^(?:pm|pmx|pmx2)$/", pathinfo($_FILES["PROCESS_FILENAME"]["name"], PATHINFO_EXTENSION))
) {
//Check disabled code
$response = array();
$response = [];
try {
$arrayTrigger = array();
$arrayTrigger = [];
$projectTitle = "";
switch (pathinfo($_FILES["PROCESS_FILENAME"]["name"], PATHINFO_EXTENSION)) {
@@ -87,7 +73,11 @@ if (PMLicensedFeatures::getSingleton()->verifyfeature("B0oWlBLY3hHdWY0YUNpZEtFQm
foreach ($arrayTrigger as $value) {
$arrayTriggerData = $value;
if (in_array('import_process', $cs->getScope())) {
$arrayFoundDisabledCode = $cs->checkDisabledCode("SOURCE", $arrayTriggerData["TRI_WEBBOT"]);
} else {
$arrayFoundDisabledCode = [];
}
if (!empty($arrayFoundDisabledCode)) {
$strCodeAndLine = "";

26
workflow/engine/methods/setup/pluginsChange.php
View File

@@ -1,25 +1,10 @@
<?php
/**
* pluginsChange.php
* If the feature is enable and the code_scanner_scope was enable with the argument enable_plugin, will check the code
* Review when a plugin was enable
*
* ProcessMaker Open Source Edition
* Copyright (C) 2004 - 2008 Colosa Inc.23
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* For more information, contact Colosa Inc, 2566 Le Jeune Rd.,
* Coral Gables, FL, 33134, USA, or email info@colosa.com.
* @link https://wiki.processmaker.com/3.0/Plugins#Enable_and_Disable_a_Plugin
*/
// lets display the items
@@ -55,13 +40,14 @@ if ($handle = opendir(PATH_PLUGINS)) {
->verifyfeature('B0oWlBLY3hHdWY0YUNpZEtFQm5CeTJhQlIwN3IxMEkwaG4=')
) {
//Check disabled code
$arrayFoundDisabledCode = [];
$cs = new CodeScanner(config("system.workspace"));
if (in_array('enable_plugin', $cs->getScope())) {
$arrayFoundDisabledCode = array_merge(
$cs->checkDisabledCode("FILE", PATH_PLUGINS . $pluginName . ".php"),
$cs->checkDisabledCode("PATH", PATH_PLUGINS . $pluginName)
);
}
if (!empty($arrayFoundDisabledCode)) {
$response = array();

29
workflow/engine/methods/setup/pluginsImportFile.php
View File

@@ -3,25 +3,10 @@
*
* processes_ImportFile.php
*
* ProcessMaker Open Source Edition
* Copyright (C) 2004 - 2008 Colosa Inc.23
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* For more information, contact Colosa Inc, 2566 Le Jeune Rd.,
* Coral Gables, FL, 33134, USA, or email info@colosa.com.
* If the feature is enable and the code_scanner_scope was enable with the argument import_plugin, will check the code
* Review when a plugin was enable
*
* @link https://wiki.processmaker.com/3.0/Plugins#Import_a_Plugin
*/
use ProcessMaker\Core\System;
@@ -251,10 +236,12 @@ try {
/*----------------------------------********---------------------------------*/
if (PMLicensedFeatures::getSingleton()->verifyfeature("B0oWlBLY3hHdWY0YUNpZEtFQm5CeTJhQlIwN3IxMEkwaG4=")) {
//Check disabled code
$arrayFoundDisabledCode = [];
$cs = new CodeScanner(config("system.workspace"));
$arrayFoundDisabledCode = array_merge($cs->checkDisabledCode("FILE", $path . $pluginFile), $cs->checkDisabledCode("PATH", $path . $sClassName));
if (in_array('import_plugin', $cs->getScope())) {
$arrayFoundDisabledCode = array_merge($cs->checkDisabledCode("FILE", $path . $pluginFile),
$cs->checkDisabledCode("PATH", $path . $sClassName));
}
if (!empty($arrayFoundDisabledCode)) {
throw new Exception(G::LoadTranslation("ID_DISABLED_CODE_PLUGIN"));

25
workflow/engine/methods/triggers/triggers_Save.php
View File

@@ -2,24 +2,8 @@
/**
* triggers_Save.php
*
* ProcessMaker Open Source Edition
* Copyright (C) 2004 - 2008 Colosa Inc.23
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* For more information, contact Colosa Inc, 2566 Le Jeune Rd.,
* Coral Gables, FL, 33134, USA, or email info@colosa.com.
* If the feature is enable and the code_scanner_scope was enable with the argument trigger, will check the code
* Review when a trigger is save
*/
if (($RBAC_Response = $RBAC->userCanAccess( "PM_FACTORY" )) != 1) {
@@ -60,10 +44,11 @@ if (isset( $sfunction ) && $sfunction == 'lookforNameTrigger') {
isset($value["TRI_WEBBOT"])
) {
//Check disabled code
$arrayFoundDisabledCode = [];
$cs = new CodeScanner(config("system.workspace"));
if (in_array('trigger', $cs->getScope())) {
$arrayFoundDisabledCode = $cs->checkDisabledCode("SOURCE", $value["TRI_WEBBOT"]);
}
if (!empty($arrayFoundDisabledCode)) {
$strCodeAndLine = "";

64
workflow/engine/src/ProcessMaker/BusinessModel/Trigger.php
View File

@@ -1,6 +1,12 @@
<?php
namespace ProcessMaker\BusinessModel;
use CodeScanner;
use Exception;
use G;
use PMLicensedFeatures;
use Triggers as ModelTriggers;
class Trigger
{
/**
@@ -134,76 +140,82 @@ class Trigger
}
/**
* Save Data for Trigger
* @var string $sProcessUID. Uid for Process
* @var string $dataTrigger. Data for Trigger
* @var string $create. Create o Update Trigger
* @var string $sTriggerUid. Uid for Trigger
* If the feature is enable and the code_scanner_scope was enable with the argument trigger, will check the code
* Review when a trigger is save or update
*
* @author Brayan Pereyra (Cochalo) <brayan@colosa.com>
* @copyright Colosa - Bolivia
* @param string $proUid. Uid for Process
* @param array $dataTrigger. Data for Trigger
* @param boolean $create. Create o Update Trigger
* @param string $triggerUid. Uid for Trigger
*
* @return array
* @throws Exception
*
* @uses \ProcessMaker\Services\Api\Project\Trigger::doPostTrigger()
* @uses \ProcessMaker\Services\Api\Project\Trigger::doPutTrigger()
*/
public function saveTrigger($sProcessUID = '', $dataTrigger = array(), $create = false, $sTriggerUid = '')
public function saveTrigger($proUid = '', $dataTrigger = [], $create = false, $triggerUid = '')
{
if ( ($sProcessUID == '') || (count($dataTrigger) == 0) ) {
if ((empty($proUid)) || empty($dataTrigger)) {
return false;
}
$dataTrigger = array_change_key_case($dataTrigger, CASE_UPPER);
if ( $create && (isset($dataTrigger['TRI_UID'])) ) {
if ($create && (isset($dataTrigger['TRI_UID']))) {
unset($dataTrigger['TRI_UID']);
}
$dataTrigger= (array)$dataTrigger;
$dataTrigger = (array)$dataTrigger;
$dataTrigger['TRI_TYPE'] = 'SCRIPT';
if (isset($dataTrigger['TRI_TITLE'])) {
if (!$this->verifyNameTrigger($sProcessUID, $dataTrigger['TRI_TITLE'], $sTriggerUid)) {
throw new \Exception(\G::LoadTranslation("ID_CANT_SAVE_TRIGGER"));
if (!$this->verifyNameTrigger($proUid, $dataTrigger['TRI_TITLE'], $triggerUid)) {
throw new Exception(G::LoadTranslation("ID_CANT_SAVE_TRIGGER"));
}
}
/*----------------------------------********---------------------------------*/
if (\PMLicensedFeatures::getSingleton()->verifyfeature("B0oWlBLY3hHdWY0YUNpZEtFQm5CeTJhQlIwN3IxMEkwaG4=") &&
if (PMLicensedFeatures::getSingleton()->verifyfeature("B0oWlBLY3hHdWY0YUNpZEtFQm5CeTJhQlIwN3IxMEkwaG4=") &&
isset($dataTrigger["TRI_WEBBOT"])
) {
//Check disabled code
$cs = new \CodeScanner(config("system.workspace"));
$arrayFoundDisabledCode = [];
$cs = new CodeScanner(config("system.workspace"));
if (in_array('trigger', $cs->getScope())) {
$arrayFoundDisabledCode = $cs->checkDisabledCode("SOURCE", $dataTrigger["TRI_WEBBOT"]);
}
if (!empty($arrayFoundDisabledCode)) {
$strCodeAndLine = "";
foreach ($arrayFoundDisabledCode["source"] as $key => $value) {
$strCodeAndLine .= (($strCodeAndLine != "")? ", " : "") . \G::LoadTranslation("ID_DISABLED_CODE_CODE_AND_LINE", array($key, implode(", ", $value)));
$strCodeAndLine .= (($strCodeAndLine != "") ? ", " : "") . G::LoadTranslation("ID_DISABLED_CODE_CODE_AND_LINE",
[$key, implode(", ", $value)]);
}
throw new \Exception(\G::LoadTranslation("ID_DISABLED_CODE_TRIGGER", array($strCodeAndLine)));
throw new Exception(G::LoadTranslation("ID_DISABLED_CODE_TRIGGER", [$strCodeAndLine]));
}
}
/*----------------------------------********---------------------------------*/
$dataTrigger['PRO_UID'] = $sProcessUID;
$oTrigger = new \Triggers();
$dataTrigger['PRO_UID'] = $proUid;
$trigger = new ModelTriggers();
if ($create) {
$oTrigger->create( $dataTrigger );
$dataTrigger['TRI_UID'] = $oTrigger->getTriUid();
$trigger->create($dataTrigger);
$dataTrigger['TRI_UID'] = $trigger->getTriUid();
}
$oTrigger->update( $dataTrigger );
$trigger->update($dataTrigger);
if ($create) {
$dataResp = $oTrigger->load( $dataTrigger['TRI_UID'] );
$dataResp = $trigger->load($dataTrigger['TRI_UID']);
$dataResp = array_change_key_case($dataResp, CASE_LOWER);
if (isset($dataResp['pro_uid'])) {
unset($dataResp['pro_uid']);
}
return $dataResp;
}
return array();
return [];
}
/**

1
workflow/engine/src/ProcessMaker/Core/System.php
View File

@@ -54,6 +54,7 @@ class System
'error_reporting' => "",
'display_errors' => 'On',
'enable_blacklist' => 0,
'code_scanner_scope' => 'import_plugin,enable_plugin,import_process,trigger',
'system_utc_time_zone' => 0,
'server_protocol' => '',
'leave_case_warning' => 0,