131 lines
3.7 KiB
PHP
131 lines
3.7 KiB
PHP
<?php
|
|
/**
|
|
* WEVADS Security Helper
|
|
* Fonctions de sécurisation des inputs
|
|
*/
|
|
|
|
class Security {
|
|
|
|
/**
|
|
* Sanitize string input
|
|
*/
|
|
public static function sanitizeString($input) {
|
|
if (is_null($input)) return '';
|
|
return htmlspecialchars(strip_tags(trim($input)), ENT_QUOTES, 'UTF-8');
|
|
}
|
|
|
|
/**
|
|
* Sanitize integer
|
|
*/
|
|
public static function sanitizeInt($input) {
|
|
return filter_var($input, FILTER_SANITIZE_NUMBER_INT);
|
|
}
|
|
|
|
/**
|
|
* Sanitize email
|
|
*/
|
|
public static function sanitizeEmail($input) {
|
|
return filter_var($input, FILTER_SANITIZE_EMAIL);
|
|
}
|
|
|
|
/**
|
|
* Validate and sanitize command parameters
|
|
* CRITICAL: Use this before any exec/shell_exec
|
|
*/
|
|
public static function sanitizeCommand($input) {
|
|
// Remove dangerous characters
|
|
$dangerous = [';', '|', '&', '$', '`', '>', '<', '(', ')', '{', '}', '[', ']', '!', "\n", "\r"];
|
|
$input = str_replace($dangerous, '', $input);
|
|
return escapeshellarg($input);
|
|
}
|
|
|
|
/**
|
|
* Validate IP address
|
|
*/
|
|
public static function validateIP($ip) {
|
|
return filter_var($ip, FILTER_VALIDATE_IP) !== false;
|
|
}
|
|
|
|
/**
|
|
* Validate hostname
|
|
*/
|
|
public static function validateHostname($hostname) {
|
|
return preg_match('/^[a-zA-Z0-9][a-zA-Z0-9\-\.]*[a-zA-Z0-9]$/', $hostname);
|
|
}
|
|
|
|
/**
|
|
* Generate CSRF token
|
|
*/
|
|
public static function generateCSRFToken() {
|
|
if (session_status() === PHP_SESSION_NONE) {
|
|
session_start();
|
|
}
|
|
if (empty($_SESSION['csrf_token'])) {
|
|
$_SESSION['csrf_token'] = bin2hex(random_bytes(32));
|
|
}
|
|
return $_SESSION['csrf_token'];
|
|
}
|
|
|
|
/**
|
|
* Verify CSRF token
|
|
*/
|
|
public static function verifyCSRFToken($token) {
|
|
if (session_status() === PHP_SESSION_NONE) {
|
|
session_start();
|
|
}
|
|
return isset($_SESSION['csrf_token']) && hash_equals($_SESSION['csrf_token'], $token);
|
|
}
|
|
|
|
/**
|
|
* Validate file upload
|
|
*/
|
|
public static function validateUpload($file, $allowedTypes = [], $maxSize = 5242880) {
|
|
$errors = [];
|
|
|
|
// Check if file exists
|
|
if (!isset($file['tmp_name']) || !is_uploaded_file($file['tmp_name'])) {
|
|
$errors[] = 'Invalid file upload';
|
|
return ['valid' => false, 'errors' => $errors];
|
|
}
|
|
|
|
// Check file size (default 5MB)
|
|
if ($file['size'] > $maxSize) {
|
|
$errors[] = 'File too large';
|
|
}
|
|
|
|
// Check MIME type
|
|
if (!empty($allowedTypes)) {
|
|
$finfo = new finfo(FILEINFO_MIME_TYPE);
|
|
$mimeType = $finfo->file($file['tmp_name']);
|
|
if (!in_array($mimeType, $allowedTypes)) {
|
|
$errors[] = 'Invalid file type: ' . $mimeType;
|
|
}
|
|
}
|
|
|
|
// Check for PHP in filename
|
|
if (preg_match('/\.php/i', $file['name'])) {
|
|
$errors[] = 'PHP files not allowed';
|
|
}
|
|
|
|
return ['valid' => empty($errors), 'errors' => $errors];
|
|
}
|
|
|
|
/**
|
|
* Log security event
|
|
*/
|
|
public static function logSecurityEvent($event, $details = []) {
|
|
$logFile = '/opt/wevads/logs/security.log';
|
|
$logDir = dirname($logFile);
|
|
|
|
if (!is_dir($logDir)) {
|
|
mkdir($logDir, 0755, true);
|
|
}
|
|
|
|
$logEntry = date('Y-m-d H:i:s') . ' | ' . $event . ' | ' .
|
|
json_encode($details) . ' | ' .
|
|
($_SERVER['REMOTE_ADDR'] ?? 'CLI') . "\n";
|
|
|
|
file_put_contents($logFile, $logEntry, FILE_APPEND | LOCK_EX);
|
|
}
|
|
}
|