longfei
/
72crm-11.0-PHP
Sledovat 1
Oblíbit 0
Rozštěpit 0
Zdrojový kód Úkoly 0 Požadavky na natažení 0 Vydání 0 Wiki Activity
58 Revize
1 Větev
Větev: master
Větve Značky
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
72crm-11.0-PHP/extend/com/Scan.php

Scan.php 6.4KB
Trvalý odkaz Historie Surový

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138 
  1. <?php

  2. // +----------------------------------------------------------------------

  3. // | Author: Michael_xu <gengxiaoxu@5kcrm.com>

  4. // +----------------------------------------------------------------------

  5. 

  6. namespace com;

  7. 

  8. use think\Request;

  9. 

  10. class Scan {

  11. 	private $webscan_switch = 1;

  12. 	//提交方式拦截(1开启拦截,0关闭拦截,post,get,cookie,referre选择需要拦截的方式)

  13. 	private $webscan_post = 1;

  14. 	private $webscan_get = 1;

  15. 	private $webscan_cookie = 1;

  16. 	private $webscan_referre = 1;

  17. 	private $webscan_white_directory = 'admin';

  18. 	private $webscan_white_url = array('index.php' => 'm=admin');

  19. 

  20. 	//get拦截规则

  21. 	private $getfilter = "<[^>]*?=[^>]*?&#[^>]*?>|iframe|\\b(alert\\(|confirm\\(|expression\\(|prompt\\()|<[^>]*?\\b(onerror|onmousemove|ondblclick|onmousedown|onmouseup|onmouseout|onscroll|onfocus|onsubmit|onblur|onchange|onload|onclick|onmouseover)\\b[^>]*?>|^\\+\\/v(8|9)|\\b(and|or)\\b\\s*?([\\(\\)'\"\\d]+?=[\\(\\)'\"\\d]+?|[\\(\\)'\"a-zA-Z]+?=[\\(\\)'\"a-zA-Z]+?|>|<|\s+?[\\w]+?\\s+?\\bin\\b\\s*?\(|\\blike\\b\\s+?[\"'])|\\/\\*.+?\\*\\/|<\\s*script\\b|<\\s*object\\b|\\bEXEC\\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\\s+INTO.+?VALUES|INTO.+?FILE|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)";

  22. 

  23. 	//post拦截规则

  24. 	private $postfilter = "<[^>]*?=[^>]*?&#[^>]*?>|iframe|\\b(alert\\(|confirm\\(|expression\\(|prompt\\()|<[^>]*?\\b(onerror|onmousemove|ondblclick|onmousedown|onmouseup|onmouseout|onscroll|onfocus|onsubmit|onblur|onchange|onload|onclick|onmouseover)\\b[^>]*?>|\\b(and|or)\\b\\s*?([\\(\\)'\"\\d]+?=[\\(\\)'\"\\d]+?|[\\(\\)'\"a-zA-Z]+?=[\\(\\)'\"a-zA-Z]+?|>|<|\s+?[\\w]+?\\s+?\\bin\\b\\s*?\(|\\blike\\b\\s+?[\"'])|\\/\\*.+?\\*\\/|<\\s*script\\b|<\\s*object\\b|\\bEXEC\\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\\s+INTO.+?VALUES|INTO.+?FILE|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)";

  25. 

  26. 	//cookie拦截规则

  27. 	private $cookiefilter = "\\b(and|or)\\b\\s*?([\\(\\)'\"\\d]+?=[\\(\\)'\"\\d]+?|[\\(\\)'\"a-zA-Z]+?=[\\(\\)'\"a-zA-Z]+?|>|<|\s+?[\\w]+?\\s+?\\bin\\b\\s*?\(|\\blike\\b\\s+?[\"'])|\\/\\*.+?\\*\\/|<\\s*script\\b|<\\s*object\\b|\\bEXEC\\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\\s+INTO.+?VALUES|INTO.+?FILE|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)";

  28. 

  29. 	/**

  30. 	 *  记录日志

  31. 	 */

  32. 	public function webscan_slog($logs) {

  33. 		// var_dump(RUNTIME_PATH);die();

  34. 	    $string = "\r\n================\r\n".implode("\r\n", $logs);

  35. 	    file_put_contents(RUNTIME_PATH.'input_error.txt', $string, FILE_APPEND);

  36. 	}

  37. 

  38. 	/**

  39. 	 *  参数拆分

  40. 	 */

  41. 	public function webscan_arr_foreach($arr) {

  42. 		static $str;

  43. 		if (!is_array($arr)) {

  44. 			return $arr;

  45. 		}

  46. 		foreach ($arr as $key => $val ) {

  47. 			if (is_array($val)) {

  48. 				$this->webscan_arr_foreach($val);

  49. 			} else {

  50. 				$str[] = $val;

  51. 			}

  52. 		}

  53. 		return implode($str);

  54. 	}

  55. 

  56. 	/**

  57. 	 *  获取ip

  58. 	 */	

  59. 	public function get_client_ip($type = 0) {

  60. 		$_SERVER = input('server.');

  61. 	    $type = $type ? 1 : 0;

  62. 	    static $ip = NULL;

  63. 	    if ($ip !== NULL) return $ip[$type];

  64. 	    if ($_SERVER['HTTP_X_REAL_IP']) {//nginx 代理模式下,获取客户端真实IP

  65. 	        $ip=$_SERVER['HTTP_X_REAL_IP'];     

  66. 	    } elseif (isset($_SERVER['HTTP_CLIENT_IP'])) {//客户端的ip

  67. 	        $ip = $_SERVER['HTTP_CLIENT_IP'];

  68. 	    } elseif (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {//浏览当前页面的用户计算机的网关

  69. 	        $arr = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']);

  70. 	        $pos = array_search('unknown',$arr);

  71. 	        if(false !== $pos) unset($arr[$pos]);

  72. 	        $ip = trim($arr[0]);

  73. 	    } elseif (isset($_SERVER['REMOTE_ADDR'])) {

  74. 	        $ip = $_SERVER['REMOTE_ADDR'];//浏览当前页面的用户计算机的ip地址

  75. 	    } else {

  76. 	        $ip = $_SERVER['REMOTE_ADDR'];

  77. 	    }

  78. 	    // IP地址合法验证

  79. 	    $long = sprintf("%u",ip2long($ip));

  80. 	    $ip = $long ? array($ip, $long) : array('0.0.0.0', 0);

  81. 	    return $ip[$type];

  82. 	}

  83. 

  84. 	/**

  85. 	 *  攻击检查拦截

  86. 	 */

  87. 	public function webscan_StopAttack($StrFiltKey, $StrFiltValue, $ArrFiltReq, $method) {

  88. 		$_SERVER = input('server.');

  89. 	// var_dump($_SERVER) ;die();

  90. 	    $StrFiltValue = $this->webscan_arr_foreach($StrFiltValue);

  91. 	    if (preg_match("/".$ArrFiltReq."/is",$StrFiltValue) == 1){

  92. 	        $this->webscan_slog(array('ip' => $this->get_client_ip(),'time'=>strftime("%Y-%m-%d %H:%M:%S"),'page'=>$_SERVER["PHP_SELF"],'method'=>$method,'rkey'=>$StrFiltKey,'rdata'=>$StrFiltValue,'user_agent'=>$_SERVER['HTTP_USER_AGENT'],'request_url'=>$_SERVER["REQUEST_URI"]));

  93. 	        header('Content-Type:application/json; charset=utf-8');

  94. 	        exit(json_encode(['code'=>107,'error'=>'插入了被禁用的标签!']));

  95. 	    }

  96. 	    if (preg_match("/".$ArrFiltReq."/is",$StrFiltKey) == 1){

  97. 	        $this->webscan_slog(array('ip' => $this->get_client_ip(),'time'=>strftime("%Y-%m-%d %H:%M:%S"),'page'=>$_SERVER["PHP_SELF"],'method'=>$method,'rkey'=>$StrFiltKey,'rdata'=>$StrFiltKey,'user_agent'=>$_SERVER['HTTP_USER_AGENT'],'request_url'=>$_SERVER["REQUEST_URI"]));

  98. 	        header('Content-Type:application/json; charset=utf-8');

  99. 	        exit(json_encode(['code'=>107,'error'=>'插入了被禁用的标签!']));

  100. 	    }

  101. 	}

  102. 

  103. 	public function webscan_Check() {

  104. 		$request = Request::instance();

  105. 		//var_dump(input('server.HTTP_REFERER'));die();

  106. 		//referer获取

  107. 		//$webscan_referer = empty(input('server.HTTP_REFERER')) ? array() : array('HTTP_REFERER'=>input('server.HTTP_REFERER'));

  108. 		return ;

  109. 		if ($this->webscan_switch) {

  110. 		    if ($this->webscan_get) {

  111. 		        foreach($request->get() as $key=>$value) {

  112. 		            $this->webscan_StopAttack($key, $value, $this->getfilter, "GET");

  113. 		        }

  114. 		    }

  115. 		    if ($this->webscan_post) {

  116. 		        // $module = strtolower($request->module());

  117. 		        // $un_strip_arr = array('knowledge','template');

  118. 		        foreach ($request->post() as $key=>$value) {

  119. 		            //过滤post数据 html标签

  120. 		            // if (!in_array($module, $un_strip_arr)) {

  121. 		                $request->param($key,'','strip_tags,strtolower'); 

  122. 		            // }

  123. 		            $this->webscan_StopAttack($key, $value, $this->postfilter, "POST");

  124. 		        } 

  125. 		    }

  126. 		    if ($this->webscan_cookie) {

  127. 		        foreach($request->cookie() as $key=>$value) {

  128. 		            $this->webscan_StopAttack($key, $value, $this->cookiefilter, "COOKIE");

  129. 		        }

  130. 		    }

  131. 		    if ($this->webscan_referre) {

  132. 		        foreach($webscan_referer as $key=>$value) {

  133. 		            $this->webscan_StopAttack($key, $value, $this->postfilter, "REFERRER");

  134. 		        }

  135. 		    }

  136. 		}

  137. 	}

  138. }