diff --git a/.secrets.baseline b/.secrets.baseline index d7c7c892..2b250779 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -90,6 +90,10 @@ { "path": "detect_secrets.filters.allowlist.is_line_allowlisted" }, + { + "path": "detect_secrets.filters.common.is_baseline_file", + "filename": ".secrets.baseline" + }, { "path": "detect_secrets.filters.common.is_ignored_due_to_verification_policies", "min_level": 2 @@ -391,7 +395,7 @@ "filename": "src/set-up-database.php", "hashed_secret": "8fa8f4fcd1b98862f0a26551f87e01a95fcaa6a4", "is_verified": false, - "line_number": 1214 + "line_number": 1215 } ], "src/view-user-privilege-level.php": [ @@ -413,5 +417,5 @@ } ] }, - "generated_at": "2024-09-23T22:12:59Z" + "generated_at": "2024-09-29T22:16:02Z" } diff --git a/src/classes/SQLQueryHandler.php b/src/classes/SQLQueryHandler.php index 60ba7aee..80d401ce 100755 --- a/src/classes/SQLQueryHandler.php +++ b/src/classes/SQLQueryHandler.php @@ -5,9 +5,9 @@ if (!defined('__SITE_ROOT__')){if (!defined('__SITE_ROOT__')){define('__SITE_ROOT__', dirname(dirname(__FILE__)));}} class SQLQueryHandler { - protected $encodeOutput = FALSE; - protected $stopSQLInjection = FALSE; - protected $mLimitOutput = FALSE; + protected $encodeOutput = false; + protected $stopSQLInjection = false; + protected $mLimitOutput = false; protected $mSecurityLevel = 0; // private objects @@ -18,11 +18,12 @@ private function doSetSecurityLevel($pSecurityLevel){ $this->mSecurityLevel = $pSecurityLevel; switch ($this->mSecurityLevel){ + default: // Default case: This code is insecure, we are not encoding output case "0": // This code is insecure, we are not encoding output case "1": // This code is insecure, we are not encoding output - $this->encodeOutput = FALSE; - $this->stopSQLInjection = FALSE; - $this->mLimitOutput = FALSE; + $this->encodeOutput = false; + $this->stopSQLInjection = false; + $this->mLimitOutput = false; break; case "2": @@ -30,9 +31,9 @@ private function doSetSecurityLevel($pSecurityLevel){ case "4": case "5": // This code is fairly secure // If we are secure, then we encode all output. - $this->encodeOutput = TRUE; - $this->stopSQLInjection = TRUE; - $this->mLimitOutput = TRUE; + $this->encodeOutput = true; + $this->stopSQLInjection = true; + $this->mLimitOutput = true; break; }// end switch }// end function @@ -42,7 +43,7 @@ public function __construct($pSecurityLevel){ $this->doSetSecurityLevel($pSecurityLevel); //initialize encoder - require_once (__SITE_ROOT__.'/classes/EncodingHandler.php'); + require_once __SITE_ROOT__.'/classes/EncodingHandler.php'; $this->mEncoder = new EncodingHandler(); /* Initialize MySQL Connection handler */ @@ -74,7 +75,7 @@ public function escapeDangerousCharacters($pData){ public function getPageHelpTexts($pPageName){ - if ($this->stopSQLInjection == TRUE){ + if ($this->stopSQLInjection){ $pPageName = $this->mMySQLHandler->escapeDangerousCharacters($pPageName); }// end if @@ -96,7 +97,7 @@ public function getPageHelpTexts($pPageName){ public function getPageLevelOneHelpIncludeFiles($pPageName){ - if ($this->stopSQLInjection == TRUE){ + if ($this->stopSQLInjection){ $pPageName = $this->mMySQLHandler->escapeDangerousCharacters($pPageName); }// end if @@ -115,8 +116,8 @@ public function getPageLevelOneHelpIncludeFiles($pPageName){ public function getLevelOneHelpIncludeFile($pIncludeFileKey){ - if ($this->stopSQLInjection == TRUE){ - $pPageName = $this->mMySQLHandler->escapeDangerousCharacters($pIncludeFileKey); + if ($this->stopSQLInjection){ + $pIncludeFileKey = $this->mMySQLHandler->escapeDangerousCharacters($pIncludeFileKey); }// end if $lQueryString = " @@ -139,42 +140,42 @@ public function getCapturedData(){ FROM captured_data ORDER BY capture_date DESC"; - if ($this->mLimitOutput == TRUE){ + if ($this->mLimitOutput){ $lQueryString .= " LIMIT 20"; }// end if return $this->mMySQLHandler->executeQuery($lQueryString); }//end public function getCapturedData() - public function insertVoteIntoUserPoll(/*Text*/ $pToolName, /*Text*/ $pUserName){ - - if ($this->stopSQLInjection == TRUE){ - $pToolName = $this->mMySQLHandler->escapeDangerousCharacters($pToolName); + public function insertVoteIntoUserPoll(/*Text*/ $pToolName, /*Text*/ $pUserName){ + + if ($this->stopSQLInjection){ + $pToolName = $this->mMySQLHandler->escapeDangerousCharacters($pToolName); $pUserName = $this->mMySQLHandler->escapeDangerousCharacters($pUserName); - }// end if - - $lQueryString = " - INSERT INTO user_poll_results(tool_name, username, date) VALUES ('". + }// end if + + $lQueryString = " + INSERT INTO user_poll_results(tool_name, username, date) VALUES ('". $pToolName . "', '". $pUserName . "', " . - " now() );"; - - return $this->mMySQLHandler->executeQuery($lQueryString); - }//end public function insertVoteIntoUserPoll - - public function getUserPollVotes(){ - - $lQueryString = " + " now() );"; + + return $this->mMySQLHandler->executeQuery($lQueryString); + }//end public function insertVoteIntoUserPoll + + public function getUserPollVotes(){ + + $lQueryString = " SELECT tool_name, COUNT(tool_name) as tool_count FROM user_poll_results - GROUP BY tool_name"; - - return $this->mMySQLHandler->executeQuery($lQueryString); + GROUP BY tool_name"; + + return $this->mMySQLHandler->executeQuery($lQueryString); }//end public function insertVoteIntoUserPoll public function insertBlogRecord($pBloggerName, $pBlogEntry){ - if ($this->stopSQLInjection == TRUE){ + if ($this->stopSQLInjection){ $pBloggerName = $this->mMySQLHandler->escapeDangerousCharacters($pBloggerName); $pBlogEntry = $this->mMySQLHandler->escapeDangerousCharacters($pBlogEntry); }// end if @@ -190,7 +191,7 @@ public function insertBlogRecord($pBloggerName, $pBlogEntry){ public function getBlogRecord($pBloggerName){ - if ($this->stopSQLInjection == TRUE){ + if ($this->stopSQLInjection){ $pBloggerName = $this->mMySQLHandler->escapeDangerousCharacters($pBloggerName); }// end if @@ -208,7 +209,7 @@ public function getPenTestTool($pPostedToolID){ * Note: While escaping works ok in some case, it is not the best defense. * Using stored procedures is a much stronger defense. */ - if ($this->stopSQLInjection == TRUE){ + if ($this->stopSQLInjection){ $pPostedToolID = $this->mMySQLHandler->escapeDangerousCharacters($pPostedToolID); }// end if @@ -238,7 +239,7 @@ public function getHitLogEntries(){ * is static. */ $lLimitString = ""; - if ($this->mLimitOutput == TRUE){ + if ($this->mLimitOutput){ $lLimitString .= " LIMIT 20"; }// end if @@ -251,7 +252,7 @@ public function getYouTubeVideo($pRecordIdentifier){ * Note: While escaping works ok in some case, it is not the best defense. * Using stored procedures is a much stronger defense. */ - if ($this->stopSQLInjection == TRUE){ + if ($this->stopSQLInjection){ $pRecordIdentifier = $this->mMySQLHandler->escapeDangerousCharacters($pRecordIdentifier); }// end if @@ -269,7 +270,7 @@ public function getUsernames(){ public function accountExists($pUsername){ - if ($this->stopSQLInjection == TRUE){ + if ($this->stopSQLInjection){ $pUsername = $this->mMySQLHandler->escapeDangerousCharacters($pUsername); }// end if @@ -279,16 +280,16 @@ public function accountExists($pUsername){ $lQueryResult = $this->mMySQLHandler->executeQuery($lQueryString); if (isset($lQueryResult->num_rows)){ - return ($lQueryResult->num_rows > 0); + return $lQueryResult->num_rows > 0; }else{ - return FALSE; + return false; }// end if }//end public function getUsernames public function authenticateAccount($pUsername, $pPassword){ - if ($this->stopSQLInjection == TRUE){ + if ($this->stopSQLInjection){ $pUsername = $this->mMySQLHandler->escapeDangerousCharacters($pUsername); $pPassword = $this->mMySQLHandler->escapeDangerousCharacters($pPassword); }// end if @@ -302,9 +303,9 @@ public function authenticateAccount($pUsername, $pPassword){ $lQueryResult = $this->mMySQLHandler->executeQuery($lQueryString); if (isset($lQueryResult->num_rows)){ - return ($lQueryResult->num_rows > 0); + return $lQueryResult->num_rows > 0; }else{ - return FALSE; + return false; }// end if }//end public function getUsernames @@ -314,7 +315,7 @@ public function getNonSensitiveAccountInformation($pUsername){ * Note: While escaping works ok in some case, it is not the best defense. * Using stored procedures is a much stronger defense. */ - if ($this->stopSQLInjection == TRUE){ + if ($this->stopSQLInjection){ $pUsername = $this->mMySQLHandler->escapeDangerousCharacters($pUsername); }// end if @@ -326,16 +327,16 @@ public function getNonSensitiveAccountInformation($pUsername){ return $this->mMySQLHandler->executeQuery($lQueryString); }//end public function getNonSensitiveAccountInformation - public function getUserAccountByID($pUserID){ - - if ($this->stopSQLInjection == TRUE){ - $pUserID = $this->mMySQLHandler->escapeDangerousCharacters($pUserID); - }// end if - - $lQueryString = "SELECT * FROM accounts WHERE cid='" . $pUserID . "'"; - - return $this->mMySQLHandler->executeQuery($lQueryString); - }//end public function getUserAccountByID + public function getUserAccountByID($pUserID){ + + if ($this->stopSQLInjection){ + $pUserID = $this->mMySQLHandler->escapeDangerousCharacters($pUserID); + }// end if + + $lQueryString = "SELECT * FROM accounts WHERE cid='" . $pUserID . "'"; + + return $this->mMySQLHandler->executeQuery($lQueryString); + }//end public function getUserAccountByID public function getUserAccount($pUsername, $pPassword){ /* @@ -343,7 +344,7 @@ public function getUserAccount($pUsername, $pPassword){ * Using stored procedures is a much stronger defense. */ - if ($this->stopSQLInjection == TRUE){ + if ($this->stopSQLInjection){ $pUsername = $this->mMySQLHandler->escapeDangerousCharacters($pUsername); $pPassword = $this->mMySQLHandler->escapeDangerousCharacters($pPassword); }// end if @@ -359,21 +360,22 @@ public function getUserAccount($pUsername, $pPassword){ /* ----------------------------------------- * Insert Queries * ----------------------------------------- */ - public function insertNewUserAccount($pUsername, $pPassword, $pSignature){ + public function insertNewUserAccount($pUsername, $pPassword, $pSignature, $pAPIToken){ /* * Note: While escaping works ok in some case, it is not the best defense. * Using stored procedures is a much stronger defense. */ - if ($this->stopSQLInjection == TRUE){ + if ($this->stopSQLInjection){ $pUsername = $this->mMySQLHandler->escapeDangerousCharacters($pUsername); $pPassword = $this->mMySQLHandler->escapeDangerousCharacters($pPassword); $pSignature = $this->mMySQLHandler->escapeDangerousCharacters($pSignature); }// end if - $lQueryString = "INSERT INTO accounts (username, password, mysignature) VALUES ('" . + $lQueryString = "INSERT INTO accounts (username, password, mysignature, api_token) VALUES ('" . $pUsername ."', '" . $pPassword . "', '" . - $pSignature . + $pSignature . "', '" . + $pAPIToken . "')"; if ($this->mMySQLHandler->executeQuery($lQueryString)){ @@ -391,7 +393,7 @@ public function insertCapturedData( $pClientReferrer, $pCapturedData ){ - if ($this->stopSQLInjection == TRUE){ + if ($this->stopSQLInjection){ $pClientIP = $this->mMySQLHandler->escapeDangerousCharacters($pClientIP); $pClientHostname = $this->mMySQLHandler->escapeDangerousCharacters($pClientHostname); $pClientPort = $this->mMySQLHandler->escapeDangerousCharacters($pClientPort); @@ -426,7 +428,7 @@ public function updateUserAccount($pUsername, $pPassword, $pSignature){ * Note: While escaping works ok in some case, it is not the best defense. * Using stored procedures is a much stronger defense. */ - if ($this->stopSQLInjection == TRUE){ + if ($this->stopSQLInjection){ $pUsername = $this->mMySQLHandler->escapeDangerousCharacters($pUsername); $pPassword = $this->mMySQLHandler->escapeDangerousCharacters($pPassword); $pSignature = $this->mMySQLHandler->escapeDangerousCharacters($pSignature); @@ -452,7 +454,7 @@ public function updateUserAccount($pUsername, $pPassword, $pSignature){ * Delete Queries * ----------------------------------------- */ public function deleteUser($pUsername){ - if ($this->stopSQLInjection == TRUE){ + if ($this->stopSQLInjection){ $pUsername = $this->mMySQLHandler->escapeDangerousCharacters($pUsername); }// end if diff --git a/src/includes/constants.php b/src/includes/constants.php index 4458fce5..b55a7439 100755 --- a/src/includes/constants.php +++ b/src/includes/constants.php @@ -2,7 +2,7 @@ /* ------------------------------------------ * @VERSION * ------------------------------------------*/ - $C_VERSION = "2.11.18"; + $C_VERSION = "2.11.19"; $C_VERSION_STRING = "Version: " . $C_VERSION; $C_MAX_HINT_LEVEL = 1; diff --git a/src/includes/process-login-attempt.php b/src/includes/process-login-attempt.php index faefe92a..19ea8418 100755 --- a/src/includes/process-login-attempt.php +++ b/src/includes/process-login-attempt.php @@ -51,7 +51,7 @@ function logLoginAttempt($lMessage){ $lAuthenticationAttemptResult = $cUNSURE; $lAuthenticationAttemptResultFound = false; $lKeepGoing = true; - $lQueryResult=NULL; + $lQueryResult=null; logLoginAttempt("User {$lUsername} attempting to authenticate"); diff --git a/src/register.php b/src/register.php index 29246144..bc1c470a 100755 --- a/src/register.php +++ b/src/register.php @@ -1,22 +1,33 @@ -Register for an Account - - + + Username cannot be blank'; }// end if if ($lPassword != $lConfirmedPassword ) { - $lValidationFailed = TRUE; + $lValidationFailed = true; echo '

Passwords do not match

'; }// end if - if (!$lValidationFailed){ - $lRowsAffected = $SQLQueryHandler->insertNewUserAccount($lUsername, $lPassword, $lUserSignature); + if (!$lValidationFailed){ + $lAPIToken = generateApiToken(); + $lRowsAffected = $SQLQueryHandler->insertNewUserAccount($lUsername, $lPassword, $lUserSignature, $lAPIToken); echo '

Account created for ' . $lUsernameText .'. '.$lRowsAffected.' rows inserted.

'; $LogHandler->writeToLog("Added account for: " . $lUsername); }// end if (!$lValidationFailed) - + } catch (Exception $e) { echo $CustomErrorHandler->FormatError($e, "Failed to add account"); $LogHandler->writeToLog("Failed to add account for: " . $lUsername); @@ -107,7 +119,7 @@ echo "var lValidateInput = \"TRUE\"" . PHP_EOL; }else{ echo "var lValidateInput = \"FALSE\"" . PHP_EOL; - }// end if + }// end if ?> function onSubmitOfForm(/*HTMLFormElement*/ theForm){ @@ -136,7 +148,7 @@ function onSubmitOfForm(/*HTMLFormElement*/ theForm){ - + AJAX Switch to RESTful Web Service Version of this Page @@ -158,7 +170,7 @@ function onSubmitOfForm(/*HTMLFormElement*/ theForm){ /> @@ -168,11 +180,7 @@ function onSubmitOfForm(/*HTMLFormElement*/ theForm){ Password + />   Password Generator @@ -182,11 +190,7 @@ function onSubmitOfForm(/*HTMLFormElement*/ theForm){ Confirm Password + /> @@ -194,14 +198,10 @@ function onSubmitOfForm(/*HTMLFormElement*/ theForm){ Signature - +   diff --git a/src/set-up-database.php b/src/set-up-database.php index dfe43340..20a7140a 100755 --- a/src/set-up-database.php +++ b/src/set-up-database.php @@ -40,7 +40,7 @@ function format($pMessage, $pLevel ) {
 
-
Setting up the database...


+
Setting up the database...


If you see no error messages, it should be done.
 
Continue back to the frontpage.
@@ -98,18 +98,18 @@ function format($pMessage, $pLevel ) { echo format("Executed query 'USE DATABASE' " . MySQLHandler::$mMySQLDatabaseName . " with result ".$lQueryResult,"I"); }// end if - $lQueryString = 'CREATE TABLE user_poll_results( '. - 'cid INT NOT NULL AUTO_INCREMENT, '. + $lQueryString = 'CREATE TABLE user_poll_results( '. + 'cid INT NOT NULL AUTO_INCREMENT, '. 'tool_name TEXT, '. 'username TEXT, '. - 'date DATETIME, '. - 'PRIMARY KEY(cid))'; - $lQueryResult = $MySQLHandler->executeQuery($lQueryString); - if (!$lQueryResult) { - $lErrorDetected = TRUE; - }else{ - echo format("Executed query 'CREATE TABLE' with result ".$lQueryResult,"S"); - }// end if + 'date DATETIME, '. + 'PRIMARY KEY(cid))'; + $lQueryResult = $MySQLHandler->executeQuery($lQueryString); + if (!$lQueryResult) { + $lErrorDetected = TRUE; + }else{ + echo format("Executed query 'CREATE TABLE' with result ".$lQueryResult,"S"); + }// end if $lQueryString = 'CREATE TABLE blogs_table( '. 'cid INT NOT NULL AUTO_INCREMENT, '. @@ -132,6 +132,7 @@ function format($pMessage, $pLevel ) { 'is_admin VARCHAR(5),'. 'firstname TEXT, '. 'lastname TEXT, '. + 'api_token VARCHAR(64),' . 'PRIMARY KEY(cid))'; $lQueryResult = $MySQLHandler->executeQuery($lQueryString); if (!$lQueryResult) { @@ -756,7 +757,7 @@ function format($pMessage, $pLevel ) { ('xml-validator.php', 36, 2), ('xml-validator.php', 58, 1), ('xml-validator.php', 56, 1), - ('xml-validator.php', 59, 1), + ('xml-validator.php', 59, 1), ('jwt.php', 66, 1) ;"; @@ -840,7 +841,7 @@ function format($pMessage, $pLevel ) { (62, 'Set Up Local Hostnames', 'setting-up-local-hostnames-hint.inc'), (63, 'LDAP Injection', 'ldap-injection-hint.inc'), (64, 'Setting up LDAP Server', 'ldap-setup-hint.inc'), - (65, 'Content Security Policy (CSP)', 'content-security-policy-hint.inc'), + (65, 'Content Security Policy (CSP)', 'content-security-policy-hint.inc'), (66, 'JSON Web Tokens (JWT)', 'jwt-hint.inc'), (67, 'Cross-origin Resource Sharing (CORS)', 'cross-origin-resource-sharing-hint.inc'), (68, 'Lab 1', 'lab-1-hint.inc'), @@ -907,7 +908,7 @@ function format($pMessage, $pLevel ) { (129, 'Lab 62', 'lab-62-hint.inc'), (130, 'Lab 63', 'lab-63-hint.inc'), (131, 'Server-side Request Forgery (SSRF)', 'server-side-request-forgery-hint.inc'), - (999, 'Hints Not Found', 'hints-not-found.inc')"; + (999, 'Hints Not Found', 'hints-not-found.inc')"; $lQueryResult = $MySQLHandler->executeQuery($lQueryString); if (!$lQueryResult) { @@ -985,7 +986,7 @@ function format($pMessage, $pLevel ) { (49, 'XPath Injection: Some inputs on this page are vulnerable to XPath injection.'), (50, 'Path Relative Stylesheet Injection: Within this page is an iframe containing another page. The page being framed is vulnerable to path relative stylesheet injection.'), (51, 'Client-side Security Control Bypass: This page attempts to implement security using client-side security controls. Any page using such controls, including this page, is vulnerable to security control bypass.'), - (53, 'SQL Injection with SQLMap: This page contains an sql injection vulnerability. The SQLMap tool may be able to automate testing and confirming this vulnerability.'), + (53, 'SQL Injection with SQLMap: This page contains an sql injection vulnerability. The SQLMap tool may be able to automate testing and confirming this vulnerability.'), (54, 'Insufficent Transport Layer Protection: This page is vulnerable to interception with wireshark or tcpdump.'), (55, 'Cross-site Scripting with BeEF Framework: Some inputs on this page are vulnerable to Cross-site Scripting (XSS). The input may be hidden.'), (63, 'LDAP Injection: This page is vulnerable to LDAP injection.'), @@ -1211,12 +1212,12 @@ function format($pMessage, $pLevel ) { * Create accounts.xml password.txt file from MySQL accounts table * ************************************************************************************/ $lAccountXMLFilePath="data/accounts.xml"; - $lPasswordFilePath="passwords/accounts.txt"; + $lPasswordFilePath="passwords/accounts.txt"; echo format("Trying to build XML version of accounts table to update accounts XML ".$lAccountXMLFilePath,"I"); echo format("Do not worry. A default version of the file is included if this does not work.","I"); - echo format("Trying to build text version of accounts table to update password text file ".$lPasswordFilePath,"I"); + echo format("Trying to build text version of accounts table to update password text file ".$lPasswordFilePath,"I"); echo format("Do not worry. A default version of the file is included if this does not work.","I"); $lAccountsXML = ""; @@ -1324,6 +1325,6 @@ function format($pMessage, $pLevel ) { }// end if $CustomErrorHandler = null; -?> - +?> + \ No newline at end of file diff --git a/version b/version index ee2951a5..0865cff9 100644 --- a/version +++ b/version @@ -1 +1 @@ -2.11.18 +2.11.19