added filter by input

denisdulici · denisdulici · commit 0b204ea74875 · 2019-09-23T09:36:29.000+03:00
diff --git a/src/Abstracts/Middleware.php b/src/Abstracts/Middleware.php
@@ -38,44 +38,44 @@ public function handle($request, Closure $next)
     public function skip($request)
     {
         $this->prepare($request);
-        
+
         if (!$this->isEnabled()) {
             return true;
         }
-        
+
         if ($this->isWhitelist()) {
             return true;
         }
-        
+
         if (!$this->isMethod()) {
             return true;
         }
 
         if ($this->isRoute()) {
             return true;
         }
-    
+
         return false;
     }
-    
+
     public function prepare($request)
     {
         $this->request = $request;
         $this->input = $request->input();
         $this->middleware = strtolower((new \ReflectionClass($this))->getShortName());
         $this->user_id = auth()->id() ?: 0;
     }
-    
+
     public function isEnabled()
     {
         return config('firewall.enabled');
     }
-    
+
     public function isWhitelist()
     {
         return in_array($this->ip(), config('firewall.whitelist'));
     }
-    
+
     public function isMethod()
     {
         if (!$methods = config('firewall.middleware.' . $this->middleware . '.methods')) {
@@ -85,7 +85,7 @@ public function isMethod()
         if (in_array('all', $methods)) {
             return true;
         }
-    
+
         return in_array(strtolower($this->request->method()), $methods);
     }
 
@@ -113,23 +113,36 @@ public function isRoute()
 
         return false;
     }
-    
+
+    public function isInput($name)
+    {
+        if (!$inputs = config('firewall.middleware.' . $this->middleware . '.inputs')) {
+            return true;
+        }
+
+        if (!empty($inputs['only']) && !in_array((string) $name, (array) $inputs['only'])) {
+            return false;
+        }
+
+        return !in_array((string) $name, (array) $inputs['except']);
+    }
+
     public function ip()
     {
         if ($cf_ip = $this->request->header('CF_CONNECTING_IP')) {
             $ip = $cf_ip;
         } else {
             $ip = $this->request->ip();
         }
-        
+
         return $ip;
     }
 
     public function getPatterns()
     {
         return config('firewall.middleware.' . $this->middleware . '.patterns', []);
     }
-    
+
     public function check($patterns)
     {
         $log = null;
@@ -149,10 +162,10 @@ public function check($patterns)
         if ($log) {
             return true;
         }
-        
+
         return false;
     }
-    
+
     public function match($pattern, $input)
     {
         $result = false;
@@ -174,6 +187,10 @@ public function match($pattern, $input)
                 break;
             }
 
+            if (!$this->isInput($key)) {
+                continue;
+            }
+
             if (!$result = preg_match($pattern, $value)) {
                 continue;
             }
@@ -183,7 +200,7 @@ public function match($pattern, $input)
 
         return $result;
     }
-    
+
     public function log()
     {
         $log = Log::create([
@@ -198,7 +215,7 @@ public function log()
 
         return $log;
     }
-    
+
     public function respond($response, $data = [])
     {
         if ($response['code'] == 200) {
@@ -208,7 +225,7 @@ public function respond($response, $data = [])
         if ($view = $response['view']) {
             return Response::view($view, $data);
         }
-        
+
         if ($redirect = $response['redirect']) {
             if (($this->middleware == 'ip') && $this->request->is($redirect)) {
                 abort($response['code'], trans('firewall::responses.block.message'));
@@ -220,7 +237,7 @@ public function respond($response, $data = [])
         if ($response['abort']) {
             abort($response['code'], trans('firewall::responses.block.message'));
         }
-        
+
         return Response::make(trans('firewall::responses.block.message'), $response['code']);
     }
 }
diff --git a/src/Config/firewall.php b/src/Config/firewall.php
@@ -169,6 +169,11 @@
                 'except' => [], // i.e. 'admin/*'
             ],
 
+            'inputs' => [
+                'only' => [], // i.e. 'first_name'
+                'except' => [], // i.e. 'password'
+            ],
+
             'patterns' => [
                 '#\.\/#is',
             ],
@@ -198,6 +203,11 @@
                 'except' => [], // i.e. 'admin/*'
             ],
 
+            'inputs' => [
+                'only' => [], // i.e. 'first_name'
+                'except' => [], // i.e. 'password'
+            ],
+
             'patterns' => [
                 'bzip2://',
                 'expect://',
@@ -243,6 +253,11 @@
                 'except' => [], // i.e. 'admin/*'
             ],
 
+            'inputs' => [
+                'only' => [], // i.e. 'first_name'
+                'except' => [], // i.e. 'password'
+            ],
+
             'patterns' => [
                 '#(http|ftp){1,1}(s){0,1}://.*#i',
             ],
@@ -264,6 +279,11 @@
                 'except' => [], // i.e. 'admin/*'
             ],
 
+            'inputs' => [
+                'only' => [], // i.e. 'first_name'
+                'except' => [], // i.e. 'password'
+            ],
+
             'patterns' => [
                 '@[\|:]O:\d{1,}:"[\w_][\w\d_]{0,}":\d{1,}:{@i',
                 '@[\|:]a:\d{1,}:{@i',
@@ -284,6 +304,11 @@
                 'except' => [], // i.e. 'admin/*'
             ],
 
+            'inputs' => [
+                'only' => [], // i.e. 'first_name'
+                'except' => [], // i.e. 'password'
+            ],
+
             'patterns' => [
                 '#[\d\W](union select|union join|union distinct)[\d\W]#is',
                 '#[\d\W](union|union select|insert|from|where|concat|into|cast|truncate|select|delete|having)[\d\W]#is',
@@ -304,6 +329,11 @@
                 'except' => [], // i.e. 'admin/*'
             ],
 
+            'inputs' => [
+                'only' => [], // i.e. 'first_name'
+                'except' => [], // i.e. 'password'
+            ],
+
             'words' => [],
 
             'auto_block' => [
@@ -342,6 +372,11 @@
                 'except' => [], // i.e. 'admin/*'
             ],
 
+            'inputs' => [
+                'only' => [], // i.e. 'first_name'
+                'except' => ['password', 'password_confirmation'], // i.e. 'password'
+            ],
+
             'patterns' => [
                 '#<[^>]*\w*\"?[^>]*>#is',
             ],
diff --git a/src/Middleware/Php.php b/src/Middleware/Php.php
@@ -27,6 +27,10 @@ public function match($pattern, $input)
                 break;
             }
 
+            if (!$this->isInput($key)) {
+                continue;
+            }
+
             if (!$result = (stripos($value, $pattern) === 0)) {
                 continue;
             }
diff --git a/src/Middleware/Rfi.php b/src/Middleware/Rfi.php
@@ -31,6 +31,10 @@ public function match($pattern, $input)
                 break;
             }
 
+            if (!$this->isInput($key)) {
+                continue;
+            }
+
             if (!$result = preg_match($pattern, $this->applyExceptions($value))) {
                 continue;
             }

Original file line number	Diff line number	Diff line change
`@@ -38,44 +38,44 @@ public function handle($request, Closure $next)`
`38`	`38`	`public function skip($request)`
`39`	`39`	`{`
`40`	`40`	`$this->prepare($request);`
`41`		`-`
	`41`	`+`
`42`	`42`	`if (!$this->isEnabled()) {`
`43`	`43`	`return true;`
`44`	`44`	`}`
`45`		`-`
	`45`	`+`
`46`	`46`	`if ($this->isWhitelist()) {`
`47`	`47`	`return true;`
`48`	`48`	`}`
`49`		`-`
	`49`	`+`
`50`	`50`	`if (!$this->isMethod()) {`
`51`	`51`	`return true;`
`52`	`52`	`}`
`53`	`53`
`54`	`54`	`if ($this->isRoute()) {`
`55`	`55`	`return true;`
`56`	`56`	`}`
`57`		`-`
	`57`	`+`
`58`	`58`	`return false;`
`59`	`59`	`}`
`60`		`-`
	`60`	`+`
`61`	`61`	`public function prepare($request)`
`62`	`62`	`{`
`63`	`63`	`$this->request = $request;`
`64`	`64`	`$this->input = $request->input();`
`65`	`65`	`$this->middleware = strtolower((new \ReflectionClass($this))->getShortName());`
`66`	`66`	`$this->user_id = auth()->id() ?: 0;`
`67`	`67`	`}`
`68`		`-`
	`68`	`+`
`69`	`69`	`public function isEnabled()`
`70`	`70`	`{`
`71`	`71`	`return config('firewall.enabled');`
`72`	`72`	`}`
`73`		`-`
	`73`	`+`
`74`	`74`	`public function isWhitelist()`
`75`	`75`	`{`
`76`	`76`	`return in_array($this->ip(), config('firewall.whitelist'));`
`77`	`77`	`}`
`78`		`-`
	`78`	`+`
`79`	`79`	`public function isMethod()`
`80`	`80`	`{`
`81`	`81`	`if (!$methods = config('firewall.middleware.' . $this->middleware . '.methods')) {`
`@@ -85,7 +85,7 @@ public function isMethod()`
`85`	`85`	`if (in_array('all', $methods)) {`
`86`	`86`	`return true;`
`87`	`87`	`}`
`88`		`-`
	`88`	`+`
`89`	`89`	`return in_array(strtolower($this->request->method()), $methods);`
`90`	`90`	`}`
`91`	`91`
`@@ -113,23 +113,36 @@ public function isRoute()`
`113`	`113`
`114`	`114`	`return false;`
`115`	`115`	`}`
`116`		`-`
	`116`	`+`
	`117`	`+ public function isInput($name)`
	`118`	`+ {`
	`119`	`+ if (!$inputs = config('firewall.middleware.' . $this->middleware . '.inputs')) {`
	`120`	`+ return true;`
	`121`	`+ }`
	`122`	`+`
	`123`	`+ if (!empty($inputs['only']) && !in_array((string) $name, (array) $inputs['only'])) {`
	`124`	`+ return false;`
	`125`	`+ }`
	`126`	`+`
	`127`	`+ return !in_array((string) $name, (array) $inputs['except']);`
	`128`	`+ }`
	`129`	`+`
`117`	`130`	`public function ip()`
`118`	`131`	`{`
`119`	`132`	`if ($cf_ip = $this->request->header('CF_CONNECTING_IP')) {`
`120`	`133`	`$ip = $cf_ip;`
`121`	`134`	`} else {`
`122`	`135`	`$ip = $this->request->ip();`
`123`	`136`	`}`
`124`		`-`
	`137`	`+`
`125`	`138`	`return $ip;`
`126`	`139`	`}`
`127`	`140`
`128`	`141`	`public function getPatterns()`
`129`	`142`	`{`
`130`	`143`	`return config('firewall.middleware.' . $this->middleware . '.patterns', []);`
`131`	`144`	`}`
`132`		`-`
	`145`	`+`
`133`	`146`	`public function check($patterns)`
`134`	`147`	`{`
`135`	`148`	`$log = null;`
`@@ -149,10 +162,10 @@ public function check($patterns)`
`149`	`162`	`if ($log) {`
`150`	`163`	`return true;`
`151`	`164`	`}`
`152`		`-`
	`165`	`+`
`153`	`166`	`return false;`
`154`	`167`	`}`
`155`		`-`
	`168`	`+`
`156`	`169`	`public function match($pattern, $input)`
`157`	`170`	`{`
`158`	`171`	`$result = false;`
`@@ -174,6 +187,10 @@ public function match($pattern, $input)`
`174`	`187`	`break;`
`175`	`188`	`}`
`176`	`189`
	`190`	`+ if (!$this->isInput($key)) {`
	`191`	`+ continue;`
	`192`	`+ }`
	`193`	`+`
`177`	`194`	`if (!$result = preg_match($pattern, $value)) {`
`178`	`195`	`continue;`
`179`	`196`	`}`
`@@ -183,7 +200,7 @@ public function match($pattern, $input)`
`183`	`200`
`184`	`201`	`return $result;`
`185`	`202`	`}`
`186`		`-`
	`203`	`+`
`187`	`204`	`public function log()`
`188`	`205`	`{`
`189`	`206`	`$log = Log::create([`
`@@ -198,7 +215,7 @@ public function log()`
`198`	`215`
`199`	`216`	`return $log;`
`200`	`217`	`}`
`201`		`-`
	`218`	`+`
`202`	`219`	`public function respond($response, $data = [])`
`203`	`220`	`{`
`204`	`221`	`if ($response['code'] == 200) {`
`@@ -208,7 +225,7 @@ public function respond($response, $data = [])`
`208`	`225`	`if ($view = $response['view']) {`
`209`	`226`	`return Response::view($view, $data);`
`210`	`227`	`}`
`211`		`-`
	`228`	`+`
`212`	`229`	`if ($redirect = $response['redirect']) {`
`213`	`230`	`if (($this->middleware == 'ip') && $this->request->is($redirect)) {`
`214`	`231`	`abort($response['code'], trans('firewall::responses.block.message'));`
`@@ -220,7 +237,7 @@ public function respond($response, $data = [])`
`220`	`237`	`if ($response['abort']) {`
`221`	`238`	`abort($response['code'], trans('firewall::responses.block.message'));`
`222`	`239`	`}`
`223`		`-`
	`240`	`+`
`224`	`241`	`return Response::make(trans('firewall::responses.block.message'), $response['code']);`
`225`	`242`	`}`
`226`	`243`	`}`
Original file line number	Diff line number	Diff line change
`@@ -27,6 +27,10 @@ public function match($pattern, $input)`
`27`	`27`	`break;`
`28`	`28`	`}`
`29`	`29`
	`30`	`+ if (!$this->isInput($key)) {`
	`31`	`+ continue;`
	`32`	`+ }`
	`33`	`+`
`30`	`34`	`if (!$result = (stripos($value, $pattern) === 0)) {`
`31`	`35`	`continue;`
`32`	`36`	`}`
Original file line number	Diff line number	Diff line change
`@@ -31,6 +31,10 @@ public function match($pattern, $input)`
`31`	`31`	`break;`
`32`	`32`	`}`
`33`	`33`
	`34`	`+ if (!$this->isInput($key)) {`
	`35`	`+ continue;`
	`36`	`+ }`
	`37`	`+`
`34`	`38`	`if (!$result = preg_match($pattern, $this->applyExceptions($value))) {`
`35`	`39`	`continue;`
`36`	`40`	`}`