NathanGibbs3 / BASE / 624

pending completion

Build # 624

Build Type

push

travis-ci-com

Committed by

NathanGibbs3

Commit Message

Merge branch 'devel'

Run Details

562 of 562 new or added lines in 28 files covered. (100.0%)

3145 of 17504 relevant lines covered (17.97%)

23.22 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

91.96

/includes/base_capabilities.php

<?php
// Basic Analysis and Security Engine (BASE)
// Copyright (C) 2019-2023 Nathan Gibbs
// Copyright (C) 2004 BASE Project Team
// Copyright (C) 2000 Carnegie Mellon University
//
//   For license info: See the file 'base_main.php'
//
//       Project Lead: Nathan Gibbs
// Built upon work by: Kevin Johnson & the BASE Project Team
//                     Roman Danyliw <rdd@cert.org>, <roman@danyliw.com>
//
//            Purpose: Capabilities registry to identify what functionality
//                     is available on the currently running PHP install.
//                     This will allow us to vary functionality on the fly.
//
//          Author(s): Nathan Gibbs
//                     Kevin Johnson
//                     Chris Shepherd
// Ensure the conf file has been loaded. Prevent direct access to this file.
defined('_BASE_INC') or die('Accessing this file directly is not allowed.');

class BaseCapsRegistry{ // Capabilities Registry class definition
        var $BCReg = array();  // Capabilities Registry.

        function __construct(){ // PHP 5+ constructor Shim.
                // Class/Method agnostic shim code.
                $SCname = get_class();
                if ( method_exists($this, $SCname) ){
                        $SCargs = func_get_args();
                        call_user_func_array(array($this, $SCname), $SCargs);
                }else{
                        // @codeCoverageIgnoreStart
                        // Should never execute.
                        trigger_error( // Will need to add this message to the TD.
                                "Class: $SCname No Legacy Constructor.\n",
                                E_USER_ERROR
                        );
                        // @codeCoverageIgnoreEnd
                }
        }

        function BaseCapsRegistry(){ // PHP 4x constructor.
                GLOBAL $Use_Auth_System, $BASE_Language, $event_cache_auto_update,
                $colored_alerts, $archive_exists, $BASE_VERSION, $BASE_installID,
                $debug_time_mode, $debug_mode;
                if( $debug_mode > 1 ){
                        KML('Init: Caps Registry', 2);
                }
                // Automatically detect capabilities.
                $this->BCReg['PHP'] = array(); // PHP Capabilities.
                $this->BCReg['BASE'] = array(); // BASE Capabilities.
                // PHP
                $this->AddCap('PHP_Ver', implode('.', GetPHPSV())); // PHP Version
                if( function_exists('mail') ){ // PHP Mail
                        $this->AddCap('PHP_Mail');
                }
                if( function_exists('imagecreate') ){ // PHP GD
                        $this->AddCap('PHP_GD');
                }
                if( defined('GMP_VERSION') ){
                        $this->AddCap('PHP_GMP', GMP_VERSION);
                }
                // BASE Kernel & RTL Registartion
                if ( SetConst('BASE_KERNEL', 'None') ){
                        $BKV = NULL;
                }else{
                        $BKV = BASE_KERNEL;
                }
                $this->AddCap('BASE_Kernel',$BKV);
                if ( SetConst('BASE_RTL', 'None') ){
                        $BRV = NULL;
                }else{
                        $BRV = BASE_RTL;
                }
                $this->AddCap('BASE_RTL',$BRV);
                // BASE Version Info, change on new release.
                $Ver = '1.4.5'; // Official Release
                $Lady = 'lilias'; // Official Release Name
                // Last Dev Merge to master branch, change on new merge.
                $LPM = '2023-05-12';
                // Switch this off and update the official release Unit Test when
                // pushing a new release to master.
                $Dev = true; // Is this a Development build?
                if ( $Dev ){
                        $BVer = "$Ver-0.0.1 (Jayme)+$LPM";
                }else{
                        $BVer = "$Ver ($Lady)";
                }
                // Example Version String Official 1.4.5 (lilias)
                // Example Version String Dev 1.4.5-0.0.1 (Jayme)
                $this->AddCap('BASE_Ver',$BVer);
                $this->AddCap('BASE_Lady',$Lady);
                $this->AddCap('BASE_LPM',$LPM);
                $this->AddCap('BASE_Dev',$Dev);
                // BASE Capabilities Info, loaded from config file.
                if( LoadedString($BASE_installID) ){ // BASE InstallID
                        $this->AddCap('BASE_InID', $BASE_installID);
                }
                if( intval($Use_Auth_System) != 0 ){ // Auth system On.
                        $this->AddCap('BASE_Auth');
                }
                if( intval($archive_exists) != 0 ){ // Archive DB On.
                        $this->AddCap('BASE_ADB');
                }
                if( $event_cache_auto_update != 0 ){ // Event Cache Update.
                        $this->AddCap('BASE_ECU');
                }
                // BASE UI Settings
                if( LoadedString($BASE_Language) ){ // UI Lang.
                        $this->AddCap('BASE_UILang', $BASE_Language);
                }
                if( $colored_alerts != 0 ){ // Colored Alerts
                        $this->AddCap('BASE_UICA');
                }
                if( $debug_mode != 0 ){ // Debug Mode
                        $this->AddCap('BASE_UIDiag', $debug_mode);
                }
                if( $debug_time_mode != 0 ){ // Debug Time Mode
                        $this->AddCap('BASE_UIDiagTime', $debug_time_mode);
                }
                $this->AddCap('UIMode', 'Knl');
                // Libs
                if ( PearInc('Mail', '', 'Mail') ){ // PEAR::MAIL
                        $this->AddCap('Mail');
                }
                if ( PearInc('Mime', 'Mail', 'mime') ){ // PEAR::MAIL_Mime
                        $this->AddCap('Mime');
                }
//                PEAR::DB
//    @include "DB.php";
//    if (class_exists("DB"))
//    {
//      $this->BCReg[CAPA_PEARDB] = true;
//    } else {
//      $this->BCReg[CAPA_PEARDB] = false;
//    }

                // @codeCoverageIgnoreStart
                if (
                        !getenv('TRAVIS')
                        && !(
                                $BASE_VERSION == '0.0.0 (Joette)'
                                && $BASE_installID == 'Test Runner'
                        )
                ){ // God awful hack to keep this code from running under test. As
                        // Image_Graph is not currently maintained and throws
                        //deprecation errors because of PHP 4x constructors.
                        if ( PearInc('Graphing', 'Image', 'Graph') ){ // PEAR::Image_Graph
                                $this->AddCap('Graph');
                        }
                }
                // @codeCoverageIgnoreEnd
                // Add checks here as needed.
        }

        // Caps Reg Management.
        function AddCap( $cap = '', $val = true ){
                $Ret = false;
                $EMPfx = 'BASE Security Alert ' . __FUNCTION__ . ': ';
                if( LoadedString($cap) ){
                        $SRF = false; // SubRegistry Flag
                        $SRegs = explode('_', $cap);
                        if( count($SRegs) > 1 ){ // SubReg?
                                $SRF = true;
                                $tmp = $SRegs[0];
                        }else{
                                $tmp = $cap;
                        }
                        if( is_key($tmp, $this->BCReg) ){ // Is Cap?
                                if( is_array($this->BCReg[$tmp]) ){ // Is SubReg?
                                        // This check also limits SubReg overwrites.
                                        if ( $SRF ){ // Are we using a SubReg Value?
                                                $Ret = true; // Set PHP & BASE Caps.
                                                // Write Lock
                                                if( !is_key($SRegs[1], $this->BCReg[$tmp]) ){
                                                        $this->BCReg[$tmp][$SRegs[1]] = $val;
                                                }else{
                                                        error_log(
                                                                $EMPfx . "SubReg: $cap tampering detected."
                                                        );
                                                }
                                        }else{
                                                error_log($EMPfx . "SubReg: $tmp tampering detected.");
                                        }
                                }else{ // Cap Overwrite
                                        $Ret = true;
                                        $this->BCReg[$cap] = $val;
                                }
                        }else{ // Cap Add
                                $Ret = true;
                                $this->BCReg[$cap] = $val;
                        }
                }
                return $Ret;
        }

        function DelCap( $cap = '' ){
                $Ret = false;
                $EMPfx = 'BASE Security Alert ' . __FUNCTION__ . ': ';
                if( LoadedString($cap) ){
                        $SRF = false; // SubRegistry Flag
                        $SRegs = explode('_', $cap);
                        if( count($SRegs) > 1 ){ // SubReg?
                                $SRF = true;
                                $tmp = $SRegs[0];
                        }else{
                                $tmp = $cap;
                        }
                        if( is_key($tmp, $this->BCReg) ){ // Is Cap?
                                if( is_array($this->BCReg[$tmp]) ){ // Is SubReg?
                                        $Ret = true; // Fake it. :-)
                                        error_log($EMPfx . "SubReg: $cap tampering detected.");
                                }else{ // Cap Delete.
                                        $Ret = true;
                                        unset($this->BCReg[$cap]);
                                }
                        }else{ // Delete non existant Cap.
                                $Ret = true; // Fake it. :-)
                                error_log($EMPfx . "Reg: $tmp tampering detected.");
                        }
                }
                return $Ret;
        }

        // Capability checking functions.
        function GetCap( $cap = '' ){
                $Ret = false;
                if( LoadedString($cap) ){
                        $SRF = false; // SubRegistry Flag
                        $SRegs = explode('_', $cap);
                        if( count($SRegs) > 1 ){ // SubReg?
                                $SRF = true;
                                $tmp = $SRegs[0];
                        }else{
                                $tmp = $cap;
                        }
                        if( is_key($tmp, $this->BCReg) ){ // Is Cap?
                                if( is_array($this->BCReg[$tmp]) ){ // Is SubReg?
                                        if ( $SRF ){ // Are we looking for a SubReg Value?
                                                // Check PHP & BASE Caps.
                                                if( is_key($SRegs[1], $this->BCReg[$tmp]) ){
                                                        $Ret = $this->BCReg[$tmp][$SRegs[1]];
                                                }
                                        }else{ // Return Entire SubReg.
                                                $Ret = $this->BCReg[$tmp];
                                        }
                                }else{
                                        $Ret = $this->BCReg[$cap];
                                }
                        }
                }
                return $Ret;
        }

        // @codeCoverageIgnoreStart
        // This output will be installation dependent.
        // Testing would be problematic.

        function DumpCaps(){
                $DI = array();
                $DD = array();
                $Libs = array();
                foreach( $this->BCReg as $key => $val ){
                        if( is_array($this->BCReg[$key]) ){
                                continue;
                        }
                        $Libs[$key] = $val;
                }
                foreach( $this->GetCap('PHP') as $key => $val ){
                        array_push($DD, $key);
                        array_push($DI, $val);
                }
                DDT($DI, $DD, 'PHP Caps', '', '', 1);
                $DI = array();
                $DD = array();
                foreach( $this->GetCap('BASE') as $key => $val ){
                        array_push($DD, $key);
                        array_push($DI, $val);
                }
                DDT($DI, $DD, 'BASE Caps', '', '', 1);
                $DI = array();
                $DD = array();
                foreach( $Libs as $key => $val ){
                        array_push($DD, $key);
                        array_push($DI, $val);
                }
                DDT($DI, $DD, 'PEAR Libs', '', '', 1);
        }

        // @codeCoverageIgnoreEnd

}
?>

1	<?php
2	// Basic Analysis and Security Engine (BASE)
3	// Copyright (C) 2019-2023 Nathan Gibbs
4	// Copyright (C) 2004 BASE Project Team
5	// Copyright (C) 2000 Carnegie Mellon University
6	//
7	// For license info: See the file 'base_main.php'
8	//
9	// Project Lead: Nathan Gibbs
10	// Built upon work by: Kevin Johnson & the BASE Project Team
11	// Roman Danyliw <rdd@cert.org>, <roman@danyliw.com>
12	//
13	// Purpose: Capabilities registry to identify what functionality
14	// is available on the currently running PHP install.
15	// This will allow us to vary functionality on the fly.
16	//
17	// Author(s): Nathan Gibbs
18	// Kevin Johnson
19	// Chris Shepherd
20	// Ensure the conf file has been loaded. Prevent direct access to this file.
21	defined('_BASE_INC') or die('Accessing this file directly is not allowed.');
22
23	class BaseCapsRegistry{ // Capabilities Registry class definition
24	var $BCReg = array(); // Capabilities Registry.
25
26	function __construct(){ // PHP 5+ constructor Shim.
27	// Class/Method agnostic shim code.
28	$SCname = get_class();	22✔
29	if ( method_exists($this, $SCname) ){	22✔
30	$SCargs = func_get_args();	22✔
31	call_user_func_array(array($this, $SCname), $SCargs);	22✔
32	}else{	8✔
33	// @codeCoverageIgnoreStart
34	// Should never execute.
35	trigger_error( // Will need to add this message to the TD.
36	"Class: $SCname No Legacy Constructor.\n",
37	E_USER_ERROR
38	);
39	// @codeCoverageIgnoreEnd
40	}
41	}	16✔
42
43	function BaseCapsRegistry(){ // PHP 4x constructor.
44	GLOBAL $Use_Auth_System, $BASE_Language, $event_cache_auto_update,	16✔
45	$colored_alerts, $archive_exists, $BASE_VERSION, $BASE_installID,	8✔
46	$debug_time_mode, $debug_mode;	8✔
47	if( $debug_mode > 1 ){	22✔
48	KML('Init: Caps Registry', 2);	×
49	}
50	// Automatically detect capabilities.
51	$this->BCReg['PHP'] = array(); // PHP Capabilities.	22✔
52	$this->BCReg['BASE'] = array(); // BASE Capabilities.	22✔
53	// PHP
54	$this->AddCap('PHP_Ver', implode('.', GetPHPSV())); // PHP Version	22✔
55	if( function_exists('mail') ){ // PHP Mail	22✔
56	$this->AddCap('PHP_Mail');	22✔
57	}	8✔
58	if( function_exists('imagecreate') ){ // PHP GD	22✔
59	$this->AddCap('PHP_GD');	22✔
60	}	8✔
61	if( defined('GMP_VERSION') ){	22✔
62	$this->AddCap('PHP_GMP', GMP_VERSION);	22✔
63	}	8✔
64	// BASE Kernel & RTL Registartion
65	if ( SetConst('BASE_KERNEL', 'None') ){	22✔
66	$BKV = NULL;	22✔
67	}else{	8✔
68	$BKV = BASE_KERNEL;	×
69	}
70	$this->AddCap('BASE_Kernel',$BKV);	22✔
71	if ( SetConst('BASE_RTL', 'None') ){	22✔
72	$BRV = NULL;	×
73	}else{
74	$BRV = BASE_RTL;	22✔
75	}
76	$this->AddCap('BASE_RTL',$BRV);	22✔
77	// BASE Version Info, change on new release.
78	$Ver = '1.4.5'; // Official Release	22✔
79	$Lady = 'lilias'; // Official Release Name	22✔
80	// Last Dev Merge to master branch, change on new merge.
81	$LPM = '2023-05-12';	22✔
82	// Switch this off and update the official release Unit Test when
83	// pushing a new release to master.
84	$Dev = true; // Is this a Development build?	22✔
85	if ( $Dev ){	22✔
86	$BVer = "$Ver-0.0.1 (Jayme)+$LPM";	22✔
87	}else{	8✔
88	$BVer = "$Ver ($Lady)";	×
89	}
90	// Example Version String Official 1.4.5 (lilias)
91	// Example Version String Dev 1.4.5-0.0.1 (Jayme)
92	$this->AddCap('BASE_Ver',$BVer);	22✔
93	$this->AddCap('BASE_Lady',$Lady);	22✔
94	$this->AddCap('BASE_LPM',$LPM);	22✔
95	$this->AddCap('BASE_Dev',$Dev);	22✔
96	// BASE Capabilities Info, loaded from config file.
97	if( LoadedString($BASE_installID) ){ // BASE InstallID	22✔
98	$this->AddCap('BASE_InID', $BASE_installID);	22✔
99	}	8✔
100	if( intval($Use_Auth_System) != 0 ){ // Auth system On.	22✔
101	$this->AddCap('BASE_Auth');	22✔
102	}	8✔
103	if( intval($archive_exists) != 0 ){ // Archive DB On.	22✔
104	$this->AddCap('BASE_ADB');	×
105	}
106	if( $event_cache_auto_update != 0 ){ // Event Cache Update.	22✔
107	$this->AddCap('BASE_ECU');	×
108	}
109	// BASE UI Settings
110	if( LoadedString($BASE_Language) ){ // UI Lang.	22✔
111	$this->AddCap('BASE_UILang', $BASE_Language);	×
112	}
113	if( $colored_alerts != 0 ){ // Colored Alerts	22✔
114	$this->AddCap('BASE_UICA');	×
115	}
116	if( $debug_mode != 0 ){ // Debug Mode	22✔
117	$this->AddCap('BASE_UIDiag', $debug_mode);	×
118	}
119	if( $debug_time_mode != 0 ){ // Debug Time Mode	22✔
120	$this->AddCap('BASE_UIDiagTime', $debug_time_mode);	22✔
121	}	8✔
122	$this->AddCap('UIMode', 'Knl');	22✔
123	// Libs
124	if ( PearInc('Mail', '', 'Mail') ){ // PEAR::MAIL	22✔
125	$this->AddCap('Mail');	22✔
126	}	8✔
127	if ( PearInc('Mime', 'Mail', 'mime') ){ // PEAR::MAIL_Mime	22✔
128	$this->AddCap('Mime');	22✔
129	}	8✔
130	// PEAR::DB
131	// @include "DB.php";
132	// if (class_exists("DB"))
133	// {
134	// $this->BCReg[CAPA_PEARDB] = true;
135	// } else {
136	// $this->BCReg[CAPA_PEARDB] = false;
137	// }
138
139	// @codeCoverageIgnoreStart
140	if (
141	!getenv('TRAVIS')
142	&& !(
143	$BASE_VERSION == '0.0.0 (Joette)'
144	&& $BASE_installID == 'Test Runner'
145	)
146	){ // God awful hack to keep this code from running under test. As
147	// Image_Graph is not currently maintained and throws
148	//deprecation errors because of PHP 4x constructors.
149	if ( PearInc('Graphing', 'Image', 'Graph') ){ // PEAR::Image_Graph
150	$this->AddCap('Graph');
151	}
152	}
153	// @codeCoverageIgnoreEnd
154	// Add checks here as needed.
155	}	16✔
156
157	// Caps Reg Management.
158	function AddCap( $cap = '', $val = true ){
159	$Ret = false;	110✔
160	$EMPfx = 'BASE Security Alert ' . __FUNCTION__ . ': ';	110✔
161	if( LoadedString($cap) ){	110✔
162	$SRF = false; // SubRegistry Flag	88✔
163	$SRegs = explode('_', $cap);	88✔
164	if( count($SRegs) > 1 ){ // SubReg?	88✔
165	$SRF = true;	44✔
166	$tmp = $SRegs[0];	44✔
167	}else{	16✔
168	$tmp = $cap;	66✔
169	}
170	if( is_key($tmp, $this->BCReg) ){ // Is Cap?	88✔
171	if( is_array($this->BCReg[$tmp]) ){ // Is SubReg?	66✔
172	// This check also limits SubReg overwrites.
173	if ( $SRF ){ // Are we using a SubReg Value?	44✔
174	$Ret = true; // Set PHP & BASE Caps.	44✔
175	// Write Lock
176	if( !is_key($SRegs[1], $this->BCReg[$tmp]) ){	44✔
177	$this->BCReg[$tmp][$SRegs[1]] = $val;	22✔
178	}else{	8✔
179	error_log(	22✔
180	$EMPfx . "SubReg: $cap tampering detected."	36✔
181	);	8✔
182	}
183	}else{	16✔
184	error_log($EMPfx . "SubReg: $tmp tampering detected.");	28✔
185	}
186	}else{ // Cap Overwrite	16✔
187	$Ret = true;	22✔
188	$this->BCReg[$cap] = $val;	50✔
189	}
190	}else{ // Cap Add	24✔
191	$Ret = true;	44✔
192	$this->BCReg[$cap] = $val;	44✔
193	}
194	}	32✔
195	return $Ret;	110✔
196	}
197
198	function DelCap( $cap = '' ){
199	$Ret = false;	88✔
200	$EMPfx = 'BASE Security Alert ' . __FUNCTION__ . ': ';	88✔
201	if( LoadedString($cap) ){	88✔
202	$SRF = false; // SubRegistry Flag	66✔
203	$SRegs = explode('_', $cap);	66✔
204	if( count($SRegs) > 1 ){ // SubReg?	66✔
205	$SRF = true;	22✔
206	$tmp = $SRegs[0];	22✔
207	}else{	8✔
208	$tmp = $cap;	44✔
209	}
210	if( is_key($tmp, $this->BCReg) ){ // Is Cap?	66✔
211	if( is_array($this->BCReg[$tmp]) ){ // Is SubReg?	44✔
212	$Ret = true; // Fake it. :-)	22✔
213	error_log($EMPfx . "SubReg: $cap tampering detected.");	22✔
214	}else{ // Cap Delete.	8✔
215	$Ret = true;	22✔
216	unset($this->BCReg[$cap]);	36✔
217	}
218	}else{ // Delete non existant Cap.	16✔
219	$Ret = true; // Fake it. :-)	22✔
220	error_log($EMPfx . "Reg: $tmp tampering detected.");	22✔
221	}
222	}	24✔
223	return $Ret;	88✔
224	}
225
226	// Capability checking functions.
227	function GetCap( $cap = '' ){
228	$Ret = false;	176✔
229	if( LoadedString($cap) ){	176✔
230	$SRF = false; // SubRegistry Flag	154✔
231	$SRegs = explode('_', $cap);	154✔
232	if( count($SRegs) > 1 ){ // SubReg?	154✔
233	$SRF = true;	44✔
234	$tmp = $SRegs[0];	44✔
235	}else{	16✔
236	$tmp = $cap;	110✔
237	}
238	if( is_key($tmp, $this->BCReg) ){ // Is Cap?	154✔
239	if( is_array($this->BCReg[$tmp]) ){ // Is SubReg?	132✔
240	if ( $SRF ){ // Are we looking for a SubReg Value?	66✔
241	// Check PHP & BASE Caps.
242	if( is_key($SRegs[1], $this->BCReg[$tmp]) ){	44✔
243	$Ret = $this->BCReg[$tmp][$SRegs[1]];	44✔
244	}	16✔
245	}else{ // Return Entire SubReg.	16✔
246	$Ret = $this->BCReg[$tmp];	50✔
247	}
248	}else{	24✔
249	$Ret = $this->BCReg[$cap];	66✔
250	}
251	}	48✔
252	}	56✔
253	return $Ret;	176✔
254	}
255
256	// @codeCoverageIgnoreStart
257	// This output will be installation dependent.
258	// Testing would be problematic.
259
260	function DumpCaps(){
261	$DI = array();
262	$DD = array();
263	$Libs = array();
264	foreach( $this->BCReg as $key => $val ){
265	if( is_array($this->BCReg[$key]) ){
266	continue;
267	}
268	$Libs[$key] = $val;
269	}
270	foreach( $this->GetCap('PHP') as $key => $val ){
271	array_push($DD, $key);
272	array_push($DI, $val);
273	}
274	DDT($DI, $DD, 'PHP Caps', '', '', 1);
275	$DI = array();
276	$DD = array();
277	foreach( $this->GetCap('BASE') as $key => $val ){
278	array_push($DD, $key);
279	array_push($DI, $val);
280	}
281	DDT($DI, $DD, 'BASE Caps', '', '', 1);
282	$DI = array();
283	$DD = array();
284	foreach( $Libs as $key => $val ){
285	array_push($DD, $key);
286	array_push($DI, $val);
287	}
288	DDT($DI, $DD, 'PEAR Libs', '', '', 1);
289	}
290
291	// @codeCoverageIgnoreEnd
292
293	}
294	?>

NathanGibbs3 / BASE / 624

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous