Fix for Catch the cookie and start the crawler

View
Fix

June 12, 2008 - 10:51am — Anonymous

  /**
   *  Implementation of the crawler page.
   */     
  function page_security_scanner() {
    //  Check if the auth session cookie value is already into the db, otherwise call
    //  the function that retrieve this (enable multithreading)
    if (variable_get('security_scanner_cookie','') == '')
      drupal_security_scanner_get_auth_cookie();
    $time = time() + 5;
    while (time() < $time) {
      // Initialize the crawler
      db_query('INSERT INTO {crawler} VALUES (default)');
      $crawler_id = db_last_insert_id('crawler', 'id');
      //Mark the extracted page as visited
      db_query("UPDATE {crawler_links} SET crawler_id = %d, status = 1 WHERE crawler_id = 0 LIMIT 1", $crawler_id);
      // Get the link from crawler_links table 
      $page_to_visit = db_fetch_array(db_query("SELECT id,path FROM {crawler_links} WHERE crawler_id = %d AND status = 1 LIMIT 1", $crawler_id));
      // Update the status field to sign as executed that link
      db_query("UPDATE {crawler_links} SET status = 1 WHERE crawler_id = %d and status = 1 LIMIT 1", $crawler_id);
      //Create a new object and parse the page
      $obj = new drupal_security_scanner_test();
      $obj->drupalGet($page_to_visit['path']);
      $obj->parse();
      $links = $obj->elements->xpath('//a');
      foreach($links as $link) {
        $absolute = getAbsoluteUrl($link['href']);
        // Checking if the link is inside the website
        if(!menu_path_is_external($absolute)) {
          // Here we use IGNORE to insert only one time a link into the table. ("path" is a unique index)
          db_query("INSERT IGNORE INTO crawler_links VALUES ('','%s','','','')", $absolute);
        }
      }
      db_query("UPDATE {crawler_links} SET status = 2 WHERE crawler_id = %d and status = 1 LIMIT 1", $crawler_id);
    }
    variable_del('security_scanner_cookie');
    return '<p>'. t('The quick brown fox jumps over the lazy dog.') .'</p>';
  }
  
  /**
   *  Get the cookie of the admin and insert the first link into the table crawler_links.
   */
   function drupal_security_scanner_get_auth_cookie() {
    $initial_path = user_pass_reset_url(user_load(1));
    //  Create a new object, set cURL options to call the function drupal_security_scanner_curl_headers that
    //  saves into the variable table the admin cookie. Then set the cookie.
    $obj = new drupal_security_scanner_test();
    $obj->curl_options = array(
      CURLOPT_HEADERFUNCTION => ('drupal_security_scanner_curl_headers'),
      CURLOPT_FOLLOWLOCATION => FALSE,
      );
    $obj->drupalGet($initial_path);
    $obj->drupalPost($initial_path,'',TRUE);
    curl_setopt($ch, CURLOPT_COOKIE, variable_get('security_scanner_cookie',''));
    //  Add the first url into the crawler_links table.
    db_query("INSERT INTO {crawler_links} VALUES ('','%s','','','')", url('admin', array('absolute' => TRUE)));
    return true;
  }
  
  /**
   *  This function will extract headers and return the lenght.
   */  
  function drupal_security_scanner_curl_headers($ch = NULL, $header = NULL) { 
    static $headers = array();
    if (!isset($ch)) {
      return $headers;
    }
    if(!strncmp($header, "Set-Cookie:", 11)) { 
      //  get the cookie
      $cookiestr = trim(substr($header, 11, -1));
      $cookie = explode(';', $cookiestr);
      $cookie = explode('=', $cookie[0]);
      $cookiename = trim(array_shift($cookie));
      $cookiearr[$cookiename] = trim(implode('=', $cookie));
      variable_set('security_scanner_cookie', $cookie);
    }
    return strlen($header);   
  }

Submit Fix

Summary:

Tags:

Any tags you'd like to associate with your code, delimitered by commas (example: Views, CCK, Module, etc).

Show summary in full view

/**
   *  Implementation of the crawler page.
   */     
  function page_security_scanner() {
    //  Check if the auth session cookie value is already into the db, otherwise call
    //  the function that retrieve this (enable multithreading)
    if (variable_get('security_scanner_cookie','') == '')
      drupal_security_scanner_get_auth_cookie();
    $time = time() + 5;
    while (time() < $time) {
      // Initialize the crawler
      db_query('INSERT INTO {crawler} VALUES (default)');
      $crawler_id = db_last_insert_id('crawler', 'id');
      //Mark the extracted page as visited
      db_query("UPDATE {crawler_links} SET crawler_id = %d, status = 1 WHERE crawler_id = 0 LIMIT 1", $crawler_id);
      // Get the link from crawler_links table 
      $page_to_visit = db_fetch_array(db_query("SELECT id,path FROM {crawler_links} WHERE crawler_id = %d AND status = 1 LIMIT 1", $crawler_id));
      // Update the status field to sign as executed that link
      db_query("UPDATE {crawler_links} SET status = 1 WHERE crawler_id = %d and status = 1 LIMIT 1", $crawler_id);
      //Create a new object and parse the page
      $obj = new drupal_security_scanner_test();
      $obj->drupalGet($page_to_visit['path']);
      $obj->parse();
      $links = $obj->elements->xpath('//a');
      foreach($links as $link) {
        $absolute = getAbsoluteUrl($link['href']);
        // Checking if the link is inside the website
        if(!menu_path_is_external($absolute)) {
          // Here we use IGNORE to insert only one time a link into the table. ("path" is a unique index)
          db_query("INSERT IGNORE INTO crawler_links VALUES ('','%s','','','')", $absolute);
        }
      }
      db_query("UPDATE {crawler_links} SET status = 2 WHERE crawler_id = %d and status = 1 LIMIT 1", $crawler_id);
    }
    variable_del('security_scanner_cookie');
    return '<p>'. t('The quick brown fox jumps over the lazy dog.') .'</p>';
  }
  
  /**
   *  Get the cookie of the admin and insert the first link into the table crawler_links.
   */
   function drupal_security_scanner_get_auth_cookie() {
    $initial_path = user_pass_reset_url(user_load(1));
    //  Create a new object, set cURL options to call the function drupal_security_scanner_curl_headers that
    //  saves into the variable table the admin cookie. Then set the cookie.
    $obj = new drupal_security_scanner_test();
    $obj->curl_options = array(
      CURLOPT_HEADERFUNCTION => ('drupal_security_scanner_curl_headers'),
      CURLOPT_FOLLOWLOCATION => FALSE,
      );
    $obj->drupalGet($initial_path);
    $obj->drupalPost($initial_path,'',TRUE);
    curl_setopt($ch, CURLOPT_COOKIE, variable_get('security_scanner_cookie',''));
    //  Add the first url into the crawler_links table.
    db_query("INSERT INTO {crawler_links} VALUES ('','%s','','','')", url('admin', array('absolute' => TRUE)));
    return true;
  }
  
  /**
   *  This function will extract headers and return the lenght.
   */  
  function drupal_security_scanner_curl_headers($ch = NULL, $header = NULL) { 
    static $headers = array();
    if (!isset($ch)) {
      return $headers;
    }
    if(!strncmp($header, "Set-Cookie:", 11)) { 
      //  get the cookie
      $cookiestr = trim(substr($header, 11, -1));
      $cookie = explode(';', $cookiestr);
      $cookie = explode('=', $cookie[0]);
      $cookiename = trim(array_shift($cookie));
      $cookiearr[$cookiename] = trim(implode('=', $cookie));
      variable_set('security_scanner_cookie', $cookie);
    }
    return strlen($header);   
  }

Syntax highlighting mode:

Select the syntax highlighting mode to use.

See Also:		Order
	Title: URL:
	Title: URL:

Any links you'd like to have associated with the post (Drupal.org issue, Wikipedia article, etc).

File attachments

Changes made to the attachments are not permanent until you save this post. The first "listed" file will be included in RSS feeds.

Attach new file:

The maximum upload size is 1 MB. Only files with the following extensions may be uploaded: jpg jpeg gif png txt doc xls pdf ppt pps odt ods odp phps.

DrupalBin

Recent Posts

User login

Tags

Fix for Catch the cookie and start the crawler

Submit Fix