totten/1-bad-input.md Secret

## 1-bad-input.md

      
    Raw
  

              1-bad-input.md
            
          
    This is an example of a bad input:
<script type="text/javascript">window.location=XMLHttpRequest(do-the-evil); for(var doMore="evil"; doMore++; doMore<everything) {}</script>

To trigger an IDS exception:

Login as demo or some other non-super-user
Navigate to civicrm/dashboard
In the URL bar, append ?foo= plus the bad input, e.g.

http://example.org/civicrm/dashboard?foo=%3Cscript%20type=%22text/javascript%22%3Ewindow.location=XMLHttpRequest(do-the-evil);%20for(var%20doMore=%22evil%22;%20doMore++;%20doMore%3Ceverything)%20{}%3C/script%3E


## 2-check-ids-value.php
<?php

// check-ids-value.php - Evaluate $data using PHPIDS, and report on the security impact rating.
//
// usage: cv scr /path/to/check-ids-value.php

$data = array(
  'innocent' => 'puppy',
  'i_am_suspicious' => '<script type="text/javascript">window.location=XMLHttpRequest(do-the-evil); for(var doMore="evil"; doMore++; doMore<everything) {} </script>',
  'me_too' => '<script type="text/javascript">window.location=XMLHttpRequest(do-the-evil); for(var doMore="evil"; doMore++; doMore<everything) {} </script>'
);

require_once 'IDS/Init.php';
require_once 'IDS/Monitor.php';
$init = \IDS_Init::init(NULL);
$init->setConfig(\CRM_Core_IDS::createStandardConfig(), TRUE);
$ids = new \IDS_Monitor($data, $init);
$result = $ids->run();

printf("\nImpact=%s\nClassification=%s\nResults=%d\n\n", $result->getImpact(), classifyImpact($result->getImpact()), count($result));

foreach ($result as $event) {
  print_r(array(
    'name' => $event->getName(),
    'value' => stripslashes($event->getValue()),
  ));
}

function classifyImpact($impact) {
  $threshold = array(
    'log' => 25,
    'warn' => 50,
    'kick' => 75,
  );
  if ($impact >= $threshold['kick']) {
    return 'kick';
  }
  elseif ($impact >= $threshold['warn']) {
    return 'warn';
  }
  elseif ($impact >= $threshold['log']) {
    return 'log';
  }
  else {
    return 'ok';
  }
}
	<?php

	// check-ids-value.php - Evaluate $data using PHPIDS, and report on the security impact rating.
	//
	// usage: cv scr /path/to/check-ids-value.php

	$data = array(
	'innocent' => 'puppy',
	'i_am_suspicious' => '<script type="text/javascript">window.location=XMLHttpRequest(do-the-evil); for(var doMore="evil"; doMore++; doMore<everything) {} </script>',
	'me_too' => '<script type="text/javascript">window.location=XMLHttpRequest(do-the-evil); for(var doMore="evil"; doMore++; doMore<everything) {} </script>'
	);

	require_once 'IDS/Init.php';
	require_once 'IDS/Monitor.php';
	$init = \IDS_Init::init(NULL);
	$init->setConfig(\CRM_Core_IDS::createStandardConfig(), TRUE);
	$ids = new \IDS_Monitor($data, $init);
	$result = $ids->run();

	printf("\nImpact=%s\nClassification=%s\nResults=%d\n\n", $result->getImpact(), classifyImpact($result->getImpact()), count($result));

	foreach ($result as $event) {
	print_r(array(
	'name' => $event->getName(),
	'value' => stripslashes($event->getValue()),
	));
	}

	function classifyImpact($impact) {
	$threshold = array(
	'log' => 25,
	'warn' => 50,
	'kick' => 75,
	);
	if ($impact >= $threshold['kick']) {
	return 'kick';
	}
	elseif ($impact >= $threshold['warn']) {
	return 'warn';
	}
	elseif ($impact >= $threshold['log']) {
	return 'log';
	}
	else {
	return 'ok';
	}
	}