Merge pull request #678 from GDATASoftwareAG/php/http_api

Php/http_api

Author: lennartdohmann

.github/workflows/ci-php.yaml

@@ -29,7 +29,7 @@ on:
 env:
   CLIENT_ID: ${{ secrets.CLIENT_ID }}
   CLIENT_SECRET: ${{secrets.CLIENT_SECRET}}
-  VAAS_URL: "wss://gateway.production.vaas.gdatasecurity.de"
+  VAAS_URL: "https://gateway.production.vaas.gdatasecurity.de"
   TOKEN_URL: "https://account.gdata.de/realms/vaas-production/protocol/openid-connect/token"
   VAAS_CLIENT_ID: ${{ secrets.VAAS_CLIENT_ID }}
   VAAS_USER_NAME: ${{ secrets.VAAS_USER_NAME }}
@@ -41,7 +41,7 @@ jobs:
     runs-on: ubuntu-22.04
     strategy:
       matrix:
-        version: ["8.1", "8.2", "8.3"]
+        version: ["8.1", "8.2", "8.3", "8.4"]
     steps:
       - name: checkout
         uses: actions/checkout@v4
@@ -57,7 +57,7 @@ jobs:
         run: |
           echo "CLIENT_ID=${{ secrets.STAGING_CLIENT_ID }}" >> $GITHUB_ENV
           echo "CLIENT_SECRET=${{ secrets.STAGING_CLIENT_SECRET }}" >> $GITHUB_ENV
-          echo "VAAS_URL=wss://gateway.staging.vaas.gdatasecurity.de" >> $GITHUB_ENV
+          echo "VAAS_URL=https://gateway.staging.vaas.gdatasecurity.de" >> $GITHUB_ENV
           echo "TOKEN_URL=https://account-staging.gdata.de/realms/vaas-staging/protocol/openid-connect/token" >> $GITHUB_ENV
           echo "VAAS_CLIENT_ID=${{ secrets.STAGING_VAAS_CLIENT_ID }}" >> $GITHUB_ENV
           echo "VAAS_USER_NAME=${{ secrets.STAGING_VAAS_USER_NAME }}" >> $GITHUB_ENV
@@ -68,7 +68,7 @@ jobs:
         run: |
           echo "CLIENT_ID=${{ secrets.DEVELOP_CLIENT_ID }}" >> $GITHUB_ENV
           echo "CLIENT_SECRET=${{ secrets.DEVELOP_CLIENT_SECRET }}" >> $GITHUB_ENV
-          echo "VAAS_URL=wss://gateway.develop.vaas.gdatasecurity.de" >> $GITHUB_ENV
+          echo "VAAS_URL=https://gateway.develop.vaas.gdatasecurity.de" >> $GITHUB_ENV
           echo "TOKEN_URL=https://account-staging.gdata.de/realms/vaas-develop/protocol/openid-connect/token" >> $GITHUB_ENV
           echo "VAAS_CLIENT_ID=${{ secrets.DEVELOP_VAAS_CLIENT_ID }}" >> $GITHUB_ENV
           echo "VAAS_USER_NAME=${{ secrets.DEVELOP_VAAS_USER_NAME }}" >> $GITHUB_ENV
@@ -82,12 +82,12 @@ jobs:
       - name: install php dependencies
         uses: php-actions/composer@v6
         with:
-          working_dir: php/tests/vaas
+          working_dir: php/tests/VaasTesting
           php_version: ${{ matrix.version }}
 
       - name: run tests
-        run: ./vendor/bin/phpunit --colors --testdox
-        working-directory: php/tests/vaas
+        run: ./vendor/bin/phpunit --colors --testdox --exclude-group exclude
+        working-directory: php/tests/VaasTesting
 
       - name: install example requirements
         run: composer install

php/.gitignore

@@ -1,2 +1,2 @@
 *.lock
-package.xml
+package.xml

php/.vscode/settings.json

@@ -1,5 +1,5 @@
 {
-    "phpunit.phpunit": "/workspaces/vaas/php/tests/vaas/vendor/bin/phpunit",
+    "phpunit.phpunit": "/workspaces/vaas/php/tests/VaasTesting/vendor/bin/phpunit",
     "phpunit.php": "/usr/local/bin/php",
     "php.debug.ideKey": "vsc",
     "php.debug.executablePath": "/usr/local/bin/php",

php/examples/Readme.md

@@ -1,3 +1,3 @@
 # Examples
 
-You find some examples for *VaaS* interagtions in this folder. All examples or in a research or MVP state. None of them is production ready or intended to ever be.
+You find some examples for *VaaS* integrations in this folder. All examples or in a research or MVP state. None of them is production ready or intended to ever be.

php/examples/VaasExample/AuthenticationExamples.php

@@ -3,54 +3,33 @@
 namespace VaasExamples;
 
 use VaasSdk\Authentication\ClientCredentialsGrantAuthenticator;
-use VaasSdk\Exceptions\InvalidSha256Exception;
-use VaasSdk\Exceptions\TimeoutException;
-use VaasSdk\Exceptions\VaasAuthenticationException;
-use VaasSdk\ResourceOwnerPasswordGrantAuthenticator;
+use VaasSdk\Sha256;
 use VaasSdk\Vaas;
 
-$USE_RESOURCE_OWNER_PASSWORD_GRANT_AUTHENTICATOR = false;
-
 // If you got a username and password from us, you can use the ResourceOwnerPasswordAuthenticator like this
-if ($USE_RESOURCE_OWNER_PASSWORD_GRANT_AUTHENTICATOR){
-    $authenticator = new ResourceOwnerPasswordGrantAuthenticator(
-        "vaas-customer",
-        getenv("VAAS_USER_NAME"),
-        getenv("VAAS_PASSWORD"),
-        getenv("TOKEN_URL")
-    );
-}
+
+// $authenticator = new ResourceOwnerPasswordGrantAuthenticator(
+//     clientId: getenv("CLIENT_ID"),
+//     username: getenv("USERNAME"),
+//     password: getenv("PASSWORD"),
+//     tokenUrl: getenv("TOKEN_URL")
+// );
+    
 // You may use self registration and create a new username and password for the
-// ResourceOwnerPasswordAuthenticator by yourself like the example above on https://vaas.gdata.de/login
-
-// If you got a client id and client secret from us, you can use the ClientCredentialsGrantAuthenticator like this
-else{
-    $authenticator = new ClientCredentialsGrantAuthenticator(
-        getenv("CLIENT_ID"),
-        getenv("CLIENT_SECRET"),
-        getenv("TOKEN_URL")
-    );
-}
-
-$vaas = new Vaas(
-    getenv("VAAS_URL")
+// `Password` authentication method by yourself like the example above on https://vaas.gdata.de/login
+
+// If you got a client id and client secret from us, you can use the `Client Credentials` authentication method like this
+
+$authenticator = new ClientCredentialsGrantAuthenticator(
+    clientId: getenv("CLIENT_ID"),
+    clientSecret: getenv("CLIENT_SECRET"),
+    tokenUrl: getenv("TOKEN_URL")
 );
 
-try {
-    $vaas->Connect($authenticator->getToken());
-} catch (VaasAuthenticationException $e) {
-    fwrite(STDERR, "Authentication failed: " . $e->getMessage() . "\n");
-    exit(1);
-}
+$vaas = Vaas::builder()
+    ->withAuthenticator($authenticator)
+    ->build();
 
 // Get verdict for an eicar hash
-try {
-    $vaasVerdict = $vaas->ForSha256("000005c43196142f01d615a67b7da8a53cb0172f8e9317a2ec9a0a39a1da6fe8");
-} catch (InvalidSha256Exception $e) {
-    fwrite(STDERR, "Invalid sha256: " . $e->getMessage() . "\n");
-    exit(1);
-} catch (TimeoutException $e) {
-    fwrite(STDERR, "Timeout: " . $e->getMessage() . "\n");
-    exit(1);
-}
-fwrite(STDOUT, "Verdict for $vaasVerdict->Sha256 is $vaasVerdict->Verdict \n");
+$vaasVerdict = $vaas->forSha256Async(Sha256::TryFromString("000005c43196142f01d615a67b7da8a53cb0172f8e9317a2ec9a0a39a1da6fe8")->await())->await();
+fwrite(STDOUT, "Verdict for $vaasVerdict->sha256 is $vaasVerdict->verdict->value \n");

php/examples/VaasExample/GetVerdictByFile.php

@@ -7,18 +7,19 @@
 
 include_once("./vendor/autoload.php");
 
+
 $authenticator = new ClientCredentialsGrantAuthenticator(
-    getenv("CLIENT_ID"),
-    getenv("CLIENT_SECRET"),
-    getenv("TOKEN_URL") ?: "https://account.gdata.de/realms/vaas-production/protocol/openid-connect/token"
+    clientId: getenv("CLIENT_ID"),
+    clientSecret: getenv("CLIENT_SECRET"),
+    tokenUrl: getenv("TOKEN_URL")
 );
 
-$vaas = (new Vaas())
+$vaas = Vaas::builder()
     ->withAuthenticator($authenticator)
-    ->withUrl(getenv("VAAS_URL") ?? "wss://gateway.production.vaas.gdatasecurity.de")
     ->build();
 
+
 $scanPath = getenv("SCAN_PATH");
-$vaasVerdict = $vaas->ForFile($scanPath);
+$vaasVerdict = $vaas->forFileAsync($scanPath)->await();
 
-fwrite(STDOUT, "Verdict for $vaasVerdict->Sha256 is " . $vaasVerdict->Verdict->value . " \n");
+fwrite(STDOUT, "Verdict for $vaasVerdict->sha256 is " . $vaasVerdict->verdict->value . " \n");

php/examples/VaasExample/GetVerdictByHash.php

@@ -3,23 +3,28 @@
 namespace VaasExamples;
 
 use VaasSdk\Authentication\ClientCredentialsGrantAuthenticator;
+use VaasSdk\Sha256;
 use VaasSdk\Vaas;
 
 include_once("./vendor/autoload.php");
 
+
 $authenticator = new ClientCredentialsGrantAuthenticator(
-    getenv("CLIENT_ID"),
-    getenv("CLIENT_SECRET"),
-    getenv("TOKEN_URL") ?: "https://account.gdata.de/realms/vaas-production/protocol/openid-connect/token"
+    clientId: getenv("CLIENT_ID"),
+    clientSecret: getenv("CLIENT_SECRET"),
+    tokenUrl: getenv("TOKEN_URL")
 );
-$vaas = (new Vaas())
+
+$vaas = Vaas::builder()
     ->withAuthenticator($authenticator)
-    ->withUrl(getenv("VAAS_URL") ?? "wss://gateway.production.vaas.gdatasecurity.de")
     ->build();
 
-// EICAR
-$vaasVerdict = $vaas->ForSha256("000005c43196142f01d615a67b7da8a53cb0172f8e9317a2ec9a0a39a1da6fe8");
-fwrite(STDOUT, "Verdict for $vaasVerdict->Sha256 is " . $vaasVerdict->Verdict->value . " \n");
-// SOMEFILE
-$vaasVerdict = $vaas->ForSha256("70caea443deb0d0a890468f9ac0a9b1187676ba3e66eb60a722b187107eb1ea8");
-fwrite(STDOUT, "Verdict for $vaasVerdict->Sha256 is " . $vaasVerdict->Verdict->value . " \n");
+
+// Malicious hash
+$vaasVerdict = $vaas->forSha256Async(Sha256::TryFromString("000005c43196142f01d615a67b7da8a53cb0172f8e9317a2ec9a0a39a1da6fe8")->await())->await();
+fwrite(STDOUT, "Verdict for $vaasVerdict->sha256 is " . $vaasVerdict->verdict->value . " \n");
+
+
+// Some file
+$vaasVerdict = $vaas->forSha256Async(Sha256::TryFromString("70caea443deb0d0a890468f9ac0a9b1187676ba3e66eb60a722b187107eb1ea8")->await())->await();
+fwrite(STDOUT, "Verdict for $vaasVerdict->sha256 is " . $vaasVerdict->verdict->value . " \n");

php/examples/VaasExample/GetVerdictByUrl.php

@@ -7,19 +7,22 @@
 
 include_once("./vendor/autoload.php");
 
+
 $authenticator = new ClientCredentialsGrantAuthenticator(
-    getenv("CLIENT_ID"),
-    getenv("CLIENT_SECRET"),
-    getenv("TOKEN_URL") ?: "https://account.gdata.de/realms/vaas-production/protocol/openid-connect/token"
+    clientId: getenv("CLIENT_ID"),
+    clientSecret: getenv("CLIENT_SECRET"),
+    tokenUrl: getenv("TOKEN_URL")
 );
-$vaas = (new Vaas())
+
+$vaas = Vaas::builder()
     ->withAuthenticator($authenticator)
-    ->withUrl(getenv("VAAS_URL") ?? "wss://gateway.production.vaas.gdatasecurity.de")
     ->build();
 
+
 // EICAR
-$vaasVerdict = $vaas->ForUrl("https://secure.eicar.org/eicar.com");
-fwrite(STDOUT, "Verdict for $vaasVerdict->Sha256 is " . $vaasVerdict->Verdict->value . " \n");
-// SOMEFILE
-$vaasVerdict = $vaas->ForUrl("https://www.gdatasoftware.com/oem/verdict-as-a-service");
-fwrite(STDOUT, "Verdict for $vaasVerdict->Sha256 is " . $vaasVerdict->Verdict->value . " \n");
+$vaasVerdict = $vaas->forUrlAsync("https://secure.eicar.org/eicar.com")->await();
+fwrite(STDOUT, "Verdict for $vaasVerdict->sha256 is " . $vaasVerdict->verdict->value . " \n");
+
+// Some file
+$vaasVerdict = $vaas->forUrlAsync("https://www.gdatasoftware.com/oem/verdict-as-a-service")->await();
+fwrite(STDOUT, "Verdict for $vaasVerdict->sha256 is " . $vaasVerdict->verdict->value . " \n");

php/examples/VaasExample/ScanS3Bucket.php

@@ -0,0 +1,141 @@
+<?php
+
+namespace VaasExamples;
+
+use Aws\Credentials\Credentials;
+use Aws\Signature\SignatureV4;
+use Dotenv\Dotenv;
+use Exception;
+use GuzzleHttp\Client;
+use GuzzleHttp\Exception\GuzzleException;
+use GuzzleHttp\Psr7\Request;
+use SimpleXMLElement;
+use VaasSdk\Authentication\ClientCredentialsGrantAuthenticator;
+use VaasSdk\Exceptions\VaasClientException;
+use VaasSdk\Options\VaasOptions;
+use VaasSdk\Vaas;
+
+include_once("./vendor/autoload.php");
+
+$dotenv = Dotenv::createImmutable(__DIR__);
+$dotenv->load();
+
+$CLIENT_ID = getenv("CLIENT_ID");
+$CLIENT_SECRET = getenv("CLIENT_SECRET");
+$VAAS_URL = getenv("VAAS_URL");
+$TOKEN_URL = getenv("TOKEN_URL");
+$S3_ACCESS_KEY = getenv("S3_ACCESS_KEY");
+$S3_SECRET_KEY = getenv("S3_SECRET_KEY");
+$S3_URL = getenv("S3_URL");
+$S3_BUCKET = getenv("S3_BUCKET");
+$S3_REGION = getenv("S3_REGION");
+
+// Build VaaS
+$authenticator = new ClientCredentialsGrantAuthenticator(
+    clientId: $CLIENT_ID,
+    clientSecret: $CLIENT_SECRET,
+    tokenUrl: $TOKEN_URL
+);
+$vaasOptions = new VaasOptions(
+    useHashLookup: true,
+    useCache: false,
+    vaasUrl: $VAAS_URL,
+    timeout: 300
+);
+try {
+    $vaas = Vaas::builder()
+        ->withOptions($vaasOptions)
+        ->withAuthenticator($authenticator)
+        ->build();
+} catch (VaasClientException $e) {
+    fwrite(STDERR, "Error: " . $e->getMessage() . "\n");
+    exit(1);
+}
+
+// List S3 bucket
+$client = new Client();
+$request = new Request("GET", "$S3_URL/$S3_BUCKET?list-type=2");
+$credentials = new Credentials($S3_ACCESS_KEY, $S3_SECRET_KEY);
+$signer = new SignatureV4("s3", $S3_REGION);
+$signedRequest = $signer->signRequest($request, $credentials);
+$keys = [];
+try {
+    $response = $client->send($signedRequest);
+    $xml = new SimpleXMLElement($response->getBody()->getContents());
+    foreach ($xml->Contents as $content) {
+        $keys[] = (string)$content->Key;
+    }
+} catch (GuzzleException $e) {
+    fwrite(STDERR, "Error: " . $e->getMessage() . "\n");
+    exit(1);
+} catch (Exception $e) {
+    fwrite(STDERR, "Error: " . $e->getMessage() . "\n");
+    exit(1);
+}
+
+// Iterate over everything in S3 bucket and scan with VaaS
+$results = [];
+$progress = 0;
+$count = count($keys);
+$startTimeTotal = microtime(true);
+foreach ($keys as $key){
+    // Pretty print progress
+    $progress++;
+    $percentageDone = number_format($progress / $count * 100, 1) . "%";
+    echo chr(27).chr(91).'H'.chr(27).chr(91).'J';
+    echo "\nProgress: $percentageDone [";
+    $done = $progress / $count * 30;
+    for ($i = 0; $i < 30; $i++) {
+        echo $i < $done ? "=" : " ";
+    }
+    echo "]\n";
+    echo "Execution time: " . number_format(microtime(true) - $startTimeTotal, 3) . "s\n";
+    echo "Current key: $key\n\n";
+
+    // Download file from S3 to temp file
+    $request = new Request("GET", "$S3_URL/$S3_BUCKET/$key");
+    $request->withHeader("Accept", "application/octet-stream");
+    $credentials = new Credentials($S3_ACCESS_KEY, $S3_SECRET_KEY);
+    $signer = new SignatureV4("s3", $S3_REGION);
+    $signedRequest = $signer->signRequest($request, $credentials);
+    try {
+        $response = $client->send($signedRequest);
+    } catch (GuzzleException $e) {
+        fwrite(STDERR, "Error: " . $e->getMessage() . "\n");
+        exit(1);
+    }
+    $sample = tempnam(sys_get_temp_dir(), "vaas-sample-");
+    $handle = fopen($sample, "w");
+    fwrite($handle, $response->getBody());
+    fclose($handle);
+
+    // Scan file with VaaS and track time
+    $startTime = microtime(true);
+    $vaasVerdict = $vaas->forFileAsync($sample)->await();
+    $endTime = microtime(true);
+    $executionTime = ($endTime - $startTime) * 1000;
+
+    // Save VaaS verdict and execution time
+    $results[] = [
+        "key" => $key,
+        "executionTimeInMs" => number_format($executionTime, 3),
+        "verdict" => [
+            "sha256" => $vaasVerdict->sha256,
+            "verdict" => $vaasVerdict->verdict->value,
+            "detection" => $vaasVerdict->detection,
+            "fileType" => $vaasVerdict->fileType,
+            "mimeType" => $vaasVerdict->mimeType
+        ]
+    ];
+
+    // Delete temp file
+    unlink($sample);
+}
+
+$endTimeTotal = microtime(true);
+$executionTime = number_format($endTimeTotal - $startTimeTotal, 3);
+
+file_put_contents("results-$S3_BUCKET.json", json_encode($results, JSON_PRETTY_PRINT));
+
+echo "Results written to results.json\n";
+echo "Total execution time: " . $executionTime . "s\n";