MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

fix: [HttpTool] make linting happy

feature/3.x_HttpTool
Christophe Vandeplas 2024-02-10 10:18:45 +00:00
parent 6d5299cf73
commit 6d1fb2e401
1 changed files with 37 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

63
src/Lib/Tools/HttpTool.php
View File

@ -1,8 +1,8 @@
<?php <?php
declare(strict_types=1);
namespace App\Lib\Tools; namespace App\Lib\Tools;
use App\Lib\Tools\CurlAdvanced;
use Cake\Core\Configure; use Cake\Core\Configure;
use Cake\Core\Exception\CakeException; use Cake\Core\Exception\CakeException;
use Cake\Http\Client as CakeClient; use Cake\Http\Client as CakeClient;
@ -11,7 +11,6 @@ use Cake\Http\Client\Response;
use Cake\Http\Exception\NotImplementedException; use Cake\Http\Exception\NotImplementedException;
use Cake\I18n\FrozenTime; use Cake\I18n\FrozenTime;
class HttpTool extends CakeClient class HttpTool extends CakeClient
{ {
/** /**
@ -27,7 +26,8 @@ class HttpTool extends CakeClient
* - Proxy.host, port, user, pass, method * - Proxy.host, port, user, pass, method
* - Security.min_tls_version * - Security.min_tls_version
* *
* @param mixed $server Server array with custom settings for a specific server, cerebrate, ... * @param array $config configuration parameters of CakeClient
* @param array $server Server array with custom settings for a specific server, cerebrate, ...
*/ */
public function __construct(array $config = [], array $server = []) public function __construct(array $config = [], array $server = [])
{ {
@ -38,10 +38,10 @@ class HttpTool extends CakeClient
parent::__construct($config); parent::__construct($config);
} }
/** /**
* buildDefaultConfigFromSettings * buildDefaultConfigFromSettings
* *
* @return void
*/ */
public function buildDefaultConfigFromSettings() public function buildDefaultConfigFromSettings()
{ {
@ -74,7 +74,6 @@ class HttpTool extends CakeClient
- skip_proxy - - skip_proxy -
*/ */
// proxy settings // proxy settings
$proxy = Configure::read('Proxy'); $proxy = Configure::read('Proxy');
// proxy array as CakeClient likes it // proxy array as CakeClient likes it
@ -83,7 +82,7 @@ class HttpTool extends CakeClient
// 'proxy' => '127.0.0.1:8080'] // 'proxy' => '127.0.0.1:8080']
if (isset($proxy['host'])) { if (isset($proxy['host'])) {
$this->_defaultConfig['proxy'] = ['proxy' => $proxy['host'] . ":" . (empty($proxy['port']) ? 3128 : $proxy['port'])]; $this->_defaultConfig['proxy'] = ['proxy' => $proxy['host'] . ':' . (empty($proxy['port']) ? 3128 : $proxy['port'])];
if (isset($proxy['user']) && isset($proxy['password']) && !isset($proxy['method'])) { if (isset($proxy['user']) && isset($proxy['password']) && !isset($proxy['method'])) {
$proxy['method'] = 'basic'; $proxy['method'] = 'basic';
@ -109,7 +108,8 @@ class HttpTool extends CakeClient
} }
// min TLS version // min TLS version
if ($minTlsVersion = Configure::read('Security.min_tls_version')) { $minTlsVersion = Configure::read('Security.min_tls_version');
if ($minTlsVersion) {
$version = 0; $version = 0;
switch ($minTlsVersion) { switch ($minTlsVersion) {
case 'tlsv1_0': case 'tlsv1_0':
@ -124,8 +124,8 @@ class HttpTool extends CakeClient
case 'tlsv1_3': case 'tlsv1_3':
if (defined('STREAM_CRYPTO_METHOD_TLSv1_3_CLIENT')) { if (defined('STREAM_CRYPTO_METHOD_TLSv1_3_CLIENT')) {
$version |= STREAM_CRYPTO_METHOD_TLSv1_3_CLIENT; $version |= STREAM_CRYPTO_METHOD_TLSv1_3_CLIENT;
} else if ($minTlsVersion === 'tlsv1_3') { } elseif ($minTlsVersion === 'tlsv1_3') {
throw new CakeException("TLSv1.3 is not supported by PHP."); throw new CakeException('TLSv1.3 is not supported by PHP.');
} }
break; break;
default: default:
@ -135,7 +135,7 @@ class HttpTool extends CakeClient
} }
// Add user-agent // Add user-agent
$this->_defaultConfig['headers']['User-Agent'] = "MISP - Threat Intelligence & Sharing Platform"; $this->_defaultConfig['headers']['User-Agent'] = 'MISP - Threat Intelligence & Sharing Platform';
// TODO add MISP version? or only do it for server to server communication? (see configFromServer()) // TODO add MISP version? or only do it for server to server communication? (see configFromServer())
} }
@ -143,18 +143,19 @@ class HttpTool extends CakeClient
* Set HttpTool configuration from Server data, such as Certificate Authority and other * Set HttpTool configuration from Server data, such as Certificate Authority and other
* *
* @param array $server Server array * @param array $server Server array
* @return void
*/ */
public function configFromServer(array $server) public function configFromServer(array $server)
{ {
if (!empty($server)) { if (!empty($server)) {
if ($server['cert_file']) { if ($server['cert_file']) {
$this->_defaultConfig['ssl_cafile'] = APP . "files" . DS . "certs" . DS . $server['id'] . '.pem'; $this->_defaultConfig['ssl_cafile'] = APP . 'files' . DS . 'certs' . DS . $server['id'] . '.pem';
} }
if ($server['client_cert_file']) { if ($server['client_cert_file']) {
if (!isset($this->_defaultConfig['curl'])) { if (!isset($this->_defaultConfig['curl'])) {
$this->_defaultConfig['curl'] = []; $this->_defaultConfig['curl'] = [];
} }
$this->_defaultConfig['curl'][CURLOPT_SSLKEY] = APP . "files" . DS . "certs" . DS . $server['id'] . '_client.pem'; $this->_defaultConfig['curl'][CURLOPT_SSLKEY] = APP . 'files' . DS . 'certs' . DS . $server['id'] . '_client.pem';
} }
if ($server['self_signed']) { if ($server['self_signed']) {
$this->_defaultConfig['ssl_verify_peer_name'] = false; $this->_defaultConfig['ssl_verify_peer_name'] = false;
@ -179,10 +180,14 @@ class HttpTool extends CakeClient
* Set HttpTool configuration from Feed data * Set HttpTool configuration from Feed data
* *
* @param array|null $feed Feed array * @param array|null $feed Feed array
* @return void
*/ */
public function configFromFeed(array $feed = null) public function configFromFeed(array $feed = null)
{ {
$this->_defaultConfig['compress'] = 'true'; $this->_defaultConfig['compress'] = 'true';
if ($feed) {
throw new NotImplementedException('configFromFeed() is not implemented'); // FIXME chri write configFromFeed
}
} }
/** /**
@ -198,7 +203,6 @@ class HttpTool extends CakeClient
$this->_defaultConfig['headers']['MISP-uuid'] = Configure::read('MISP.uuid'); $this->_defaultConfig['headers']['MISP-uuid'] = Configure::read('MISP.uuid');
} }
/** /**
* Helper method for doing requests. This method is there to provide us a wrapper implementing custom MISP options. * Helper method for doing requests. This method is there to provide us a wrapper implementing custom MISP options.
* *
@ -215,31 +219,33 @@ class HttpTool extends CakeClient
$options, $options,
[ [
'ssl_verify_peer' => false, 'ssl_verify_peer' => false,
'ssl_verify_host' => false 'ssl_verify_host' => false,
] ]
); );
} }
if (isset($options['skip_proxy']) && $options['skip_proxy'] === true) { if (isset($options['skip_proxy']) && $options['skip_proxy'] === true) {
unset($options['proxy']); unset($options['proxy']);
} }
return parent::_doRequest($method, $url, $data, $options); return parent::_doRequest($method, $url, $data, $options);
} }
/** /**
* @deprecated createRequest - return an instance of HttpTool with automatic configuration * @deprecated createRequest - return an instance of HttpTool with automatic configuration
* @deprecated do not use this function, but use the HttpTool directly instead * @deprecated do not use this function, but use the HttpTool directly instead
* @param mixed $config * @param array $config HttpTool configuration
* @return HttpTool * @return self
*/ */
public function createRequest(array $config = []): HttpTool public function createRequest(array $config = []): HttpTool
{ {
return new HttpTool($config); return new HttpTool($config);
} }
/** /**
* fetchCertificate - download the SSL certificate from the remote server * fetchCertificate - download the SSL certificate from the remote server
* *
* @param string $url the url where the certificate is hosted
* @param array $options HttpTool options
* @return array the list of certificates including pem * @return array the list of certificates including pem
*/ */
public function fetchCertificates(string $url, array $options = []): array public function fetchCertificates(string $url, array $options = []): array
@ -259,14 +265,15 @@ class HttpTool extends CakeClient
); );
$curl = new CurlAdvanced(); $curl = new CurlAdvanced();
$certificates = $curl->getCertificateChain($request, $options); $certificates = $curl->getCertificateChain($request, $options);
return $certificates; return $certificates;
} }
/** /**
* getServerClientCertificateInfo - extract certificate info from a Client certificate from a $server. * getServerClientCertificateInfo - extract certificate info from a Client certificate from a $server.
* @param array $server *
* @param array $server the Server array from MISP datamodel
* @return array|void * @return array|void
* @throws Exception
*/ */
public static function getServerClientCertificateInfo(array $server): mixed public static function getServerClientCertificateInfo(array $server): mixed
{ {
@ -274,7 +281,7 @@ class HttpTool extends CakeClient
return null; return null;
} }
$fileAccessTool = new FileAccessTool(); $fileAccessTool = new FileAccessTool();
$path = APP . "files" . DS . "certs" . DS . $server['id'] . '_client.pem'; $path = APP . 'files' . DS . 'certs' . DS . $server['id'] . '_client.pem';
$clientCertificate = $fileAccessTool->readFromFile($path); //readFromFile throws an exception if the file is not found or could not be read, along with the reason. $clientCertificate = $fileAccessTool->readFromFile($path); //readFromFile throws an exception if the file is not found or could not be read, along with the reason.
return self::getClientCertificateInfo($clientCertificate); return self::getClientCertificateInfo($clientCertificate);
@ -282,9 +289,10 @@ class HttpTool extends CakeClient
/** /**
* getServerCaCertificateInfo - extract certificate info from a certificate from a $server. * getServerCaCertificateInfo - extract certificate info from a certificate from a $server.
* @param array $server *
* @param array $server the Server array from MISP datamodel
* @return array|void * @return array|void
* @throws Exception * @throws \Cake\Core\Exception\CakeException
*/ */
public static function getServerCaCertificateInfo(array $server): mixed public static function getServerCaCertificateInfo(array $server): mixed
{ {
@ -293,7 +301,7 @@ class HttpTool extends CakeClient
} }
$fileAccessTool = new FileAccessTool(); $fileAccessTool = new FileAccessTool();
$path = APP . "files" . DS . "certs" . DS . $server['Server']['id'] . '.pem'; $path = APP . 'files' . DS . 'certs' . DS . $server['Server']['id'] . '.pem';
$caCertificate = $fileAccessTool->readFromFile($path); //readFromFile throws an exception if the file is not found or could not be read, along with the reason. $caCertificate = $fileAccessTool->readFromFile($path); //readFromFile throws an exception if the file is not found or could not be read, along with the reason.
$certificate = openssl_x509_read($caCertificate); $certificate = openssl_x509_read($caCertificate);
if (!$certificate) { if (!$certificate) {
@ -305,9 +313,10 @@ class HttpTool extends CakeClient
/** /**
* getClientCertificateInfo - extract client certificate info from a PEM encoded cert + key, only if the cert+key are valid * getClientCertificateInfo - extract client certificate info from a PEM encoded cert + key, only if the cert+key are valid
*
* @param string $certificateContent PEM encoded certificate and private key. * @param string $certificateContent PEM encoded certificate and private key.
* @return array * @return array
* @throws Exception * @throws \Cake\Core\Exception\CakeException
*/ */
public static function getClientCertificateInfo(string $certificateContent): array public static function getClientCertificateInfo(string $certificateContent): array
{ {
@ -323,14 +332,16 @@ class HttpTool extends CakeClient
if (!$verify) { if (!$verify) {
throw new CakeException('Public and private key do not match.'); throw new CakeException('Public and private key do not match.');
} }
return self::parseCertificate($certificate); return self::parseCertificate($certificate);
} }
/** /**
* parseCertificate - extract certificate info from a PEM encoded certificate * parseCertificate - extract certificate info from a PEM encoded certificate
* @param mixed $certificate *
* @param mixed $certificate the certificate as returned by `openssl_x509_read()`
* @return array * @return array
* @throws Exception * @throws \Cake\Core\Exception\CakeException
*/ */
public static function parseCertificate(mixed $certificate): array public static function parseCertificate(mixed $certificate): array
{ {