improve security

callcenter-magnus · callcenter-magnus · commit 8bcf82aa5a4b · 2025-07-21T17:09:46.000-03:00
diff --git a/build/MagnusBilling-current.tar.gz b/build/MagnusBilling-current.tar.gz
diff --git a/protected/commands/FailtwobanipCommand.php b/protected/commands/FailtwobanipCommand.php
@@ -53,13 +53,19 @@ public function run($args)
         add the ~/.ssh/id_rsa.pub on /root/.ssh/authorized_keys of the proxy and slaves.
         */
 
+        $action = [
+            ['0', 'Temp ban'],
+            ['1', 'Permanent ban'],
+            ['3', 'Unban'],
+            ['5', 'Add to IgnoreIP']
+        ];
 
 
         if (isset($args[0])) {
             $this->ssh_port = $args[0];
         }
 
-
+        //only execute this script if the admin is logged on magnusbilling
         $sql = "SELECT count(id) as logged FROM pkg_log where id_log_actions = 1 AND date >= NOW() - INTERVAL (SELECT config_value FROM pkg_configuration WHERE config_key = 'session_timeout') SECOND AND id_user IN (SELECT id FROM pkg_user WHERE id_group IN (SELECT id FROM pkg_group_user WHERE id_user_type = 1))";
         $command = Yii::app()->db->createCommand($sql);
         $resultAdmins = $command->queryAll();
@@ -68,21 +74,24 @@ public function run($args)
             return;
         }
 
-
+        //get all ips that action is 3 (to unban)
         $sql     = 'SELECT ip FROM pkg_firewall WHERE action = 3';
         $command = Yii::app()->db->createCommand($sql);
         $this->resultUnBanIps = $command->queryAll();
 
+
+        //delete all that already added on $this->resultUnBanIps
         foreach ($this->resultUnBanIps as  $unbanIP) {
             $sql     = 'DELETE FROM pkg_firewall WHERE ip = "' . $unbanIP['ip'] . '"';
             Yii::app()->db->createCommand($sql)->execute();
         }
 
+        //get all ips that action is 1  (Permanent ban)
         $sql     = 'SELECT ip FROM pkg_firewall WHERE action = 1';
         $command = Yii::app()->db->createCommand($sql);
         $this->resultBanIps = $command->queryAll();
 
-
+        //get all ips that action is 5  (Add to IgnoreIP) and add it to $this->ignogeips
         $sql     = 'SELECT ip FROM pkg_firewall WHERE action = 5';
         $command = Yii::app()->db->createCommand($sql);
         $modelServersIgnoreIPs = $command->queryAll();
@@ -91,18 +100,19 @@ public function run($args)
             $this->ignogeips .= $server['ip'] . " ";
         }
 
-
+        //get all ips of the clients and add it to $this->ignogeips
         $sql     = 'SELECT host FROM pkg_sip JOIN pkg_user ON pkg_sip.id_user = pkg_user.id  WHERE pkg_user.active = 1 AND host !=  "dynamic"';
         $command = Yii::app()->db->createCommand($sql);
-        $modelServersIgnoreIPs = $command->queryAll();
+        $modelServersIgnoreIPsSips = $command->queryAll();
 
-        foreach ($modelServersIgnoreIPs as $key => $server) {
+        foreach ($modelServersIgnoreIPsSips as $key => $server) {
             $this->ignogeips .= $server['host'] . " ";
         }
 
+        //get all ips of the trunks and add it to $this->ignogeips
         $sql     = 'SELECT host FROM pkg_trunk WHERE status = 1 AND host !=  "dynamic"';
         $command = Yii::app()->db->createCommand($sql);
-        $modelServersIgnoreIPs = $command->queryAll();
+        $modelServersIgnoreIPstrunks = $command->queryAll();
 
         foreach ($modelServersIgnoreIPs as $key => $server) {
             $this->ignogeips .= $server['host'] . " ";
@@ -115,10 +125,12 @@ public function run($args)
         echo "\nresultBanIps";
         print_r($this->resultBanIps);
 
+        //truncate the table
         $sql = 'TRUNCATE TABLE pkg_firewall';
         Yii::app()->db->createCommand($sql)->execute();
 
 
+        //insert all the ips with status 5 (IgnoreIP) again to the table
         foreach ($modelServersIgnoreIPs as $key => $server) {
 
             if (strlen($server['ip']) > 5) {
@@ -134,6 +146,7 @@ public function run($args)
 
         $modelServers = Servers::model()->findAll('status IN (1,3,4)');
 
+        //if there no server, add the localhost
         if (! isset($modelServers[0])) {
 
             $modelServers = new Servers;
@@ -150,21 +163,16 @@ public function run($args)
             $modelServers->save();
             $modelServers = Servers::model()->findAll('status IN (1,3,4)');
         }
-
+        //include all the servers on $this->ignogeips
         foreach ($modelServers as $key => $server) {
             if ($server['host'] != 'localhost') {
                 $this->ignogeips .= $server['host'] . " ";
             }
         }
 
-
-
-        $modelServers = Servers::model()->findAll('status IN (1,3,4)');
-
+        //loop for all the servers to process the data
         foreach ($modelServers as $key => $server) {
 
-            echo "\n" . $server['host'] . "\n\n";
-
             if ($server['type'] == 'sipproxy') {
 
                 $this->getLinesCommand('ip-blacklist', 1, $server);
@@ -183,27 +191,36 @@ public function getLinesCommand($command, $action = 0, $server)
 
         echo "sed -i 's/^ignoreip = .*/" . $this->ignogeips . "/' /etc/fail2ban/jail.local\n";
 
+
+        //if is master server
         if ($server['type'] == 'mbilling') {
 
+            //add the ignore ips to jail.local and reload fail2ban
             shell_exec("sed -i 's/^ignoreip = .*/" . $this->ignogeips . "/' /etc/fail2ban/jail.local");
             shell_exec("systemctl reload fail2ban");
 
-
+            //unban all the ips of $this->resultUnBanIps
             foreach ($this->resultUnBanIps as  $unbanIP) {
                 echo "unbanip IP " .  $unbanIP['ip'] . " on MASTER\n";
                 @shell_exec("sudo fail2ban-client unban " .  $unbanIP['ip']);
             }
+
+            //if command is ip-blacklist 
             if ($command == 'ip-blacklist') {
 
                 foreach ($this->resultBanIps as  $blokedIP) {
+                    //ban the ip on ip-blacklist jail
                     $status = shell_exec("fail2ban-client set ip-blacklist banip " . $blokedIP['ip']);
 
+
+                    //check if exist on the table pkg_firewall
                     $sqlCheck = "SELECT COUNT(*) FROM pkg_firewall WHERE ip = '" . $blokedIP['ip'] . "' AND id_server = '" . $server['id'] . "'";
                     $exists = Yii::app()->db->createCommand($sqlCheck)->queryScalar();
                     if ($exists > 0) {
                         continue;
                     }
 
+                    //if not exist, add it
                     $sql = "INSERT INTO pkg_firewall (ip,action, date, description, jail, id_server) VALUES ('" . $blokedIP['ip'] . "',1, NOW(), '" . $server['name'] . "','$command','" . $server['id'] . "')";
                     echo $sql . "\n";
                     try {
@@ -212,28 +229,41 @@ public function getLinesCommand($command, $action = 0, $server)
                     }
                 }
             }
+            //get all ips banned on the jail
             $status = shell_exec("fail2ban-client status " . $command);
         } else {
 
+            //if is a Slave or proxy execute the commands via SSH
+
+
+            //add the ignore ips to jail.local and reload fail2ban
             @shell_exec('ssh -o StrictHostKeyChecking=no root@' . $server['host'] . ' -p ' . $this->ssh_port . ' "sed -i \'s/^ignoreip = .*/' . $this->ignogeips . '/\' /etc/fail2ban/jail.local" ');
             @shell_exec('ssh -o StrictHostKeyChecking=no root@' . $server['host'] . ' -p ' . $this->ssh_port . ' "systemctl reload fail2ban"');
 
             foreach ($this->resultUnBanIps as  $unbanIP) {
-
+                //unban all the ips of $this->resultUnBanIps
                 echo "unbanip IP " .  $unbanIP['ip'] . " on " . $server['host'] . "\n";
-
                 @shell_exec('ssh -o StrictHostKeyChecking=no root@' . $server['host'] . ' -p ' . $this->ssh_port . ' "fail2ban-client unban ' . $unbanIP['ip'] . '" ');
             }
 
+
+            //if command is ip-blacklist 
+
             if ($command == 'ip-blacklist') {
+
+
                 foreach ($this->resultBanIps as  $blokedIP) {
+
+                    //ban the ip on ip-blacklist jail
                     $status =  shell_exec('ssh -o StrictHostKeyChecking=no root@' . $server['host'] . ' -p ' . $this->ssh_port . ' "fail2ban-client set ip-blacklist banip ' . $blokedIP['ip'] . '" ');
 
+                    //check if exist on the table pkg_firewall
                     $sqlCheck = "SELECT COUNT(*) FROM pkg_firewall WHERE ip = '" . $blokedIP['ip'] . "' AND id_server = '" . $server['id'] . "'";
                     $exists = Yii::app()->db->createCommand($sqlCheck)->queryScalar();
                     if ($exists > 0) {
                         continue;
                     }
+                    //if not exist, add it
                     $sql = "INSERT INTO pkg_firewall (ip,action, date, description, jail, id_server) VALUES ('" . $blokedIP['ip'] . "',1, NOW(), '" . $server['name'] . "','$command','" . $server['id'] . "')";
                     echo $sql . "\n";
                     try {
@@ -242,12 +272,14 @@ public function getLinesCommand($command, $action = 0, $server)
                     }
                 }
             }
-
+            //get all ips banned on the jail
             $status =  shell_exec('ssh -o StrictHostKeyChecking=no root@' . $server['host'] . ' -p ' . $this->ssh_port . ' "fail2ban-client status ' . $command . '" ');
         }
 
+        //get all the ips banned
         preg_match('/Banned IP list:\s*(.*)/', $status, $ipMatches);
 
+        //if there no ips, return
         if (!isset($ipMatches[1]) || empty($ipMatches[1])) {
             return;
         }
@@ -256,6 +288,7 @@ public function getLinesCommand($command, $action = 0, $server)
 
 
         foreach ($ips as $ip) {
+            //insert the ips on the table.
             $sql = "INSERT INTO pkg_firewall (ip,action, date, description, jail, id_server) VALUES ('$ip',$action, NOW(), '" . $server['name'] . "','$command','" . $server['id'] . "')";
 
             echo $sql . "\n";
diff --git a/protected/components/LinuxAccess.php b/protected/components/LinuxAccess.php
@@ -1,4 +1,5 @@
 <?php
+
 /**
  * Classe de com funcionalidades globais
  *
@@ -13,20 +14,21 @@ public static function exec($command)
     {
 
         Yii::log('LinuxAccess::exec -> ' . $command, 'error');
-        exec($command, $output);
+        $sanitized = escapeshellcmd($command);
+        exec($sanitized, $output);
         return $output;
     }
 
     public static function getDirectoryDiskSpaceUsed($filter = '*', $directory = '/var/spool/asterisk/monitor/')
     {
-        $command = 'ls -lR  ' . $directory . $filter . ' | grep -v \'^d\' | awk \'{total += $5} END {print total}\'';
-        return @LinuxAccess::exec($command);
+
+        $command = 'ls -lR  ' . escapeshellarg($directory) . escapeshellarg($filter) . ' | grep -v \'^d\' | awk \'{total += $5} END {print total}\'';
+        return @self::exec($command);
     }
 
     public static function getLastFileInDirectory($filter = '*', $directory = '/var/spool/asterisk/monitor/')
     {
-        $command = 'ls -tr ' . $directory . $filter . ' | head -n 1';
-        return @LinuxAccess::exec($command);
+        $command = 'ls -tr ' . escapeshellarg($directory) . escapeshellarg($filter) . ' | head -n 1';
+        return @self::exec($command);
     }
-
 }
diff --git a/protected/components/SLUserSave.php b/protected/components/SLUserSave.php
@@ -1,4 +1,5 @@
 <?php
+
 /**
  * =======================================
  * ###################################
@@ -23,7 +24,8 @@ class SLUserSave
     public static function saveUserSLCurl($modelUser, $SLAppToken, $SLAccessToken, $showError = true)
     {
         $url    = "http://api.superlogica.net:80/v2/financeiro/clientes";
-        $params = ["ST_NOME_SAC" => $modelUser->firstname . ' ' . $modelUser->lastname,
+        $params = [
+            "ST_NOME_SAC" => $modelUser->firstname . ' ' . $modelUser->lastname,
             "ST_NOMEREF_SAC"         => $modelUser->username,
             "ST_DIAVENCIMENTO_SAC"   => date('d'),
             "ST_CGC_SAC "            => $modelUser->doc,
@@ -46,12 +48,13 @@ public static function saveUserSLCurl($modelUser, $SLAppToken, $SLAccessToken, $
         curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
         curl_setopt($ch, CURLOPT_CUSTOMREQUEST, $modelUser->getIsNewRecord() ? "POST" : "PUT");
 
-        curl_setopt($ch, CURLOPT_HTTPHEADER, ["Content-Type: application/x-www-form-urlencoded",
+        curl_setopt($ch, CURLOPT_HTTPHEADER, [
+            "Content-Type: application/x-www-form-urlencoded",
             "app_token: " . $SLAppToken,
             "access_token:" . $SLAccessToken,
         ]);
 
-        if ( ! $modelUser->getIsNewRecord()) {
+        if (! $modelUser->getIsNewRecord()) {
             $params['ID_SACADO_SAC'] = $modelUser->id_sacado_sac;
         }
 
@@ -76,6 +79,12 @@ public static function saveUserSLCurl($modelUser, $SLAppToken, $SLAccessToken, $
 
     public static function criarBoleto($methodPay, $modelUser)
     {
+
+        $amount = isset($_GET['amount']) ? floatval($_GET['amount']) : 0.0;
+        if ($amount <= 0) {
+            throw new Exception('Valor inválido');
+        }
+
         $url = "http://api.superlogica.net:80/v2/financeiro/cobranca";
         $ch  = curl_init();
         curl_setopt($ch, CURLOPT_URL, $url);
@@ -84,26 +93,27 @@ public static function criarBoleto($methodPay, $modelUser)
         curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
         curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
         curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST");
-        curl_setopt($ch, CURLOPT_HTTPHEADER, ["Content-Type: application/x-www-form-urlencoded",
+        curl_setopt($ch, CURLOPT_HTTPHEADER, [
+            "Content-Type: application/x-www-form-urlencoded",
             "app_token: " . $methodPay->SLAppToken,
             "access_token:" . $methodPay->SLAccessToken,
         ]);
 
-        $SLparams = ["ID_SACADO_SAC" => $modelUser->id_sacado_sac,
+        $SLparams = [
+            "ID_SACADO_SAC" => $modelUser->id_sacado_sac,
             "ST_NOMEREF_SAC"             => $modelUser->username,
             "COMPO_RECEBIMENTO"          => [[
                 'ID_PRODUTO_PRD'     => $methodPay->SLIdProduto,
-                "VL_UNITARIO_PRD"    => $_GET['amount'],
+                "VL_UNITARIO_PRD"    => $amount,
                 "NM_QUANTIDADE_COMP" => 1,
             ]],
-            "VL_EMITIDO_RECB"            => $_GET['amount'],
+            "VL_EMITIDO_RECB"            => $amount,
             "DT_VENCIMENTO_RECB"         => date("m/d/Y", mktime(0, 0, 0, date("m"), date("d") + 7, date("Y"))),
 
         ];
 
         curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($SLparams));
         $response = (array) json_decode(curl_exec($ch));
         curl_close($ch);
-
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,5 @@`
`1`	`1`	`<?php`
	`2`	`+`
`2`	`3`	`/**`
`3`	`4`	`* Classe de com funcionalidades globais`
`4`	`5`	`*`
`@@ -13,20 +14,21 @@ public static function exec($command)`
`13`	`14`	`{`
`14`	`15`
`15`	`16`	`Yii::log('LinuxAccess::exec -> ' . $command, 'error');`
`16`		`- exec($command, $output);`
	`17`	`+ $sanitized = escapeshellcmd($command);`
	`18`	`+ exec($sanitized, $output);`
`17`	`19`	`return $output;`
`18`	`20`	`}`
`19`	`21`
`20`	`22`	`public static function getDirectoryDiskSpaceUsed($filter = '*', $directory = '/var/spool/asterisk/monitor/')`
`21`	`23`	`{`
`22`		`- $command = 'ls -lR ' . $directory . $filter . ' \| grep -v \'^d\' \| awk \'{total += $5} END {print total}\'';`
`23`		`- return @LinuxAccess::exec($command);`
	`24`	`+`
	`25`	`+ $command = 'ls -lR ' . escapeshellarg($directory) . escapeshellarg($filter) . ' \| grep -v \'^d\' \| awk \'{total += $5} END {print total}\'';`
	`26`	`+ return @self::exec($command);`
`24`	`27`	`}`
`25`	`28`
`26`	`29`	`public static function getLastFileInDirectory($filter = '*', $directory = '/var/spool/asterisk/monitor/')`
`27`	`30`	`{`
`28`		`- $command = 'ls -tr ' . $directory . $filter . ' \| head -n 1';`
`29`		`- return @LinuxAccess::exec($command);`
	`31`	`+ $command = 'ls -tr ' . escapeshellarg($directory) . escapeshellarg($filter) . ' \| head -n 1';`
	`32`	`+ return @self::exec($command);`
`30`	`33`	`}`
`31`		`-`
`32`	`34`	`}`