PageRenderTime 53ms CodeModel.GetById 21ms app.highlight 24ms RepoModel.GetById 1ms app.codeStats 0ms

/src/ESAPI.php

http://owasp-esapi-php.googlecode.com/
PHP | 444 lines | 182 code | 41 blank | 221 comment | 13 complexity | 9c8cb5056c1f9e2d9ff25e61068b4507 MD5 | raw file
  1<?php
  2/**
  3 * OWASP Enterprise Security API (ESAPI)
  4 *
  5 * This file is part of the Open Web Application Security Project (OWASP)
  6 * Enterprise Security API (ESAPI) project.
  7 * 
  8 * PHP version 5.2
  9 *
 10 * LICENSE: This source file is subject to the New BSD license.  You should read
 11 * and accept the LICENSE before you use, modify, and/or redistribute this
 12 * software.
 13 *
 14 * @category  OWASP
 15 * @package   ESAPI
 16 * @author    Andrew van der Stock <vanderaj@owasp.org>
 17 * @author    Bipin Upadhyay <bipin.code@gmail.com>
 18 * @author    Mike Boberski <boberski_michael@bah.com>
 19 * @copyright 2009-2010 The OWASP Foundation
 20 * @license   http://www.opensource.org/licenses/bsd-license.php New BSD license
 21 * @version   SVN: $Id$
 22 * @link      http://www.owasp.org/index.php/ESAPI
 23 */
 24
 25/**
 26 * Use this class to get and set ESAPI security controls.
 27 * 
 28 * This class is also known as the "ESAPI locator class". Before you 
 29 * can use an ESAPI security control, you must first use this class to 
 30 * get an instance of the security control. You can use the set functions 
 31 * to override default security control implementations.
 32 *
 33 * @category  OWASP
 34 * @package   ESAPI
 35 * @author    Andrew van der Stock <vanderaj@owasp.org>
 36 * @author    Bipin Upadhyay <bipin.code@gmail.com>
 37 * @author    Mike Boberski <boberski_michael@bah.com>
 38 * @copyright 2009-2010 The OWASP Foundation
 39 * @license   http://www.opensource.org/licenses/bsd-license.php New BSD license
 40 * @version   Release: @package_version@
 41 * @link      http://www.owasp.org/index.php/ESAPI
 42 */
 43class ESAPI
 44{
 45    private static $_accessController = null;
 46    private static $_encoder = null;
 47    private static $_encryptor = null;
 48    private static $_executor = null;
 49    private static $_httpUtilities = null;
 50    private static $_intrusionDetector = null;
 51    private static $_defaultAuditor = null;
 52    private static $_auditorFactory= null;
 53    private static $_randomizer = null;
 54    private static $_securityConfiguration = null;
 55    private static $_validator = null;
 56    private static $_sanitizer = null;
 57        
 58    /**
 59     * This is the locator class' constructor, which prevents instantiation of this
 60     * class.
 61     * 
 62     * @param string $path the path of the ESAPI.xml configuration file.
 63     */
 64    public function __construct($path = '') 
 65    {
 66        self::getSecurityConfiguration($path);
 67
 68        self::getAuditor("ESAPI Startup");
 69        
 70        self::getIntrusionDetector();
 71    }
 72
 73    /**
 74     * Get the current HTTP Servlet Request being processed.
 75     * 
 76     * @return the current HTTP Servlet Request.
 77     */
 78    public static function currentRequest() 
 79    {
 80        return self::getHttpUtilities()->getCurrentRequest();
 81    }
 82
 83    /**
 84     * Get the current HTTP Servlet Response being generated.
 85     * 
 86     * @return the current HTTP Servlet Response.
 87     */
 88    public static function currentResponse() 
 89    {
 90        return self::getHttpUtilities()->getCurrentResponse();
 91    }
 92
 93    /**
 94     * Get the current ESAPI AccessController object being used to maintain the 
 95     * access control rules for this application.
 96     * 
 97     * @return the current ESAPI AccessController.
 98     */
 99    public static function getAccessController() 
100    {
101        if ( is_null(self::$_accessController) ) {
102            include_once dirname(__FILE__).
103              '/reference/FileBasedAccessController.php';
104            self::$_accessController = new FileBasedAccessController();
105        }
106
107        return self::$_accessController;
108    }
109
110    /**
111     * Set the current ESAPI AccessController object being used to maintain the 
112     * access control rules for this application.
113     * 
114     * @param AccessController $accessController the new ESAPI AccessController.
115     * 
116     * @return does not return a value.
117     */
118    public static function setAccessController($accessController) 
119    {
120        self::$_accessController = $accessController;
121    }
122
123    /**
124     * Get the current ESAPI Encoder object being used to encode and decode data for
125     * this application
126     * 
127     * @return the current ESAPI Encoder.
128     */
129    public static function getEncoder() 
130    {
131        if ( is_null(self::$_encoder) ) {
132            include_once dirname(__FILE__).
133              '/reference/DefaultEncoder.php';
134            self::$_encoder = new DefaultEncoder();
135        }
136
137        return self::$_encoder;
138    }
139
140    /**
141     * Set the current ESAPI Encoder object being used to encode and decode data
142     * for this application.
143     * 
144     * @param Encoder $encoder the new ESAPI AccessController.
145     * 
146     * @return does not return a value.
147     */
148    public static function setEncoder($encoder) 
149    {
150        self::$_encoder = $encoder;
151    }
152
153    /**
154     * Get the current ESAPI Encryptor object being used to encrypt and decrypt data
155     * for this application.
156     *
157     * @return the current ESAPI Encryptor.
158     */
159    public static function getEncryptor() 
160    {
161       throw new EnterpriseSecurityException(
162            'Method Not implemented',
163            'Encryptor not implemented'
164        );
165    }
166
167    /**
168     * Set the current ESAPI Encryptor object being used to encrypt and decrypt 
169     * data for this application.
170     * 
171     * @param Encryptor $encryptor the new ESAPI Encryptor.
172     * 
173     * @return does not return a value.
174     */
175    public static function setEncryptor($encryptor) 
176    {
177       throw new EnterpriseSecurityException(
178            'Method Not implemented',
179            'Encryptor not implemented'
180        );
181    }
182
183    /**
184     * Get the current ESAPI Executor object being used to safely execute OS 
185     * commands for this application.
186     * 
187     * @return the current ESAPI Executor.
188     */
189    public static function getExecutor() 
190    {
191        if ( is_null(self::$_executor) ) {
192            include_once dirname(__FILE__).
193              '/reference/DefaultExecutor.php';
194            self::$_executor = new DefaultExecutor();
195        }
196
197        return self::$_executor;
198    }
199
200    /**
201     * Set the current ESAPI Executor object being used to safely execute OS 
202     * commands for this application.
203     * 
204     * @param Executor $executor the new ESAPI Executor.
205     * 
206     * @return does not return a value.
207     */
208    public static function setExecutor($executor) 
209    {
210        self::$_executor = $executor;
211    }
212
213    /**
214     * Get the current ESAPI HTTPUtilities object being used to safely access HTTP 
215     * requests and responses for this application.
216     * 
217     * @return the current ESAPI HTTPUtilities.
218     */
219    public static function getHttpUtilities() 
220    {
221        if ( is_null(self::$_httpUtilities) ) {
222            include_once dirname(__FILE__).
223              '/reference/DefaultHTTPUtilities.php';
224            self::$_httpUtilities = new DefaultHTTPUtilities();
225        }
226
227        return self::$_httpUtilities;
228    }
229
230    /**
231     * Set the current ESAPI HttpUtilities object being used to safely access HTTP 
232     * requests and responses for this application.
233     * 
234     * @param HttpUtilities $httpUtilities the new ESAPI HttpUtilities.
235     * 
236     * @return does not return a value.
237     */
238    public static function setHttpUtilities($httpUtilities) 
239    {
240        self::$_httpUtilities = $httpUtilities;
241    }
242
243    /**
244     * Get the current ESAPI IntrusionDetector object being used to monitor for 
245     * intrusions in this application.
246     * 
247     * @return the current ESAPI IntrusionDetector.
248     */
249    public static function getIntrusionDetector() 
250    {
251        if ( is_null(self::$_intrusionDetector) ) {
252            include_once dirname(__FILE__).
253              '/reference/DefaultIntrusionDetector.php';
254            self::$_intrusionDetector = new DefaultIntrusionDetector();
255        }
256        return self::$_intrusionDetector;
257    }
258
259    /**
260     * Set the current ESAPI AccessController object being used to to monitor for 
261     * intrusions in this application.
262     * 
263     * @param IntrusionDetector $intrusionDetector the new ESAPI IntrusionDetector.
264     * 
265     * @return does not return a value.
266     */
267    public static function setIntrusionDetector($intrusionDetector) 
268    {
269        self::$_intrusionDetector = $intrusionDetector;
270    }
271
272    
273    /**
274     * Set then get the current ESAPI Logger factory object being used to create
275     * the ESAPI Logger for this application.
276     * 
277     * @param string $logger the new ESAPI Auditor factory name.
278     * 
279     * @return the current ESAPI Logger.
280     */
281    public static function getAuditor($logger) 
282    {
283        if (self::$_auditorFactory == null) {
284            include_once dirname(__FILE__).
285              '/reference/DefaultAuditorFactory.php';
286            self::setAuditorFactory(new DefaultAuditorFactory());
287        }
288        return self::$_auditorFactory->getLogger($logger);
289    }
290
291    /**
292     * Get the current ESAPI Auditor object being used to to audit security-relevant
293     * events for this application.
294     * 
295     * @return the current ESAPI Logger.
296     */
297    public static function log() 
298    {
299        if (self::$_defaultAuditor == null) {
300            self::$_defaultAuditor = self::$_auditorFactory->getLogger("DefaultLogger");
301        }
302        return self::$_defaultAuditor;
303    }
304
305    /**
306     * Set the current ESAPI Logger factory object being used to create
307     * the ESAPI Logger for this application.
308     * 
309     * @param string $factory the new ESAPI Logger factory.
310     * 
311     * @return does not return a value.
312     */
313    public static function setAuditorFactory($factory) 
314    {
315        self::$_auditorFactory = $factory;
316    }
317
318
319    /**
320     * Get the current ESAPI Randomizer object being used to generate random numbers
321     * for this application.
322     * 
323     * @return the current ESAPI Randomizer.
324     */
325    public static function getRandomizer() 
326    {
327        if ( is_null(self::$_randomizer) ) {
328            include_once dirname(__FILE__).
329              '/reference/DefaultRandomizer.php';
330            self::$_randomizer = new DefaultRandomizer();
331        }
332
333        return self::$_randomizer;
334    }
335
336    /**
337     * Set the current ESAPI Randomizer object being used to generate random numbers
338     * for this application.
339     * 
340     * @param Randomizer $randomizer the new ESAPI Randomizer.
341     * 
342     * @return does not return a value.
343     */
344    public static function setRandomizer($randomizer) 
345    {
346        self::$_randomizer = $randomizer;
347    }
348
349    /**
350     * Get the current ESAPI SecurityConfiguration object being used to manage the 
351     * security configuration for this application.
352     *  
353     * @param string $path the path of the ESAPI.xml configuration file.
354     * 
355     * @return the current ESAPI SecurityConfiguration.
356     */
357    public static function getSecurityConfiguration($path = '') 
358    {
359        if ( is_null(self::$_securityConfiguration) ) {
360            include_once dirname(__FILE__).
361              '/reference/DefaultSecurityConfiguration.php';
362            self::$_securityConfiguration = new DefaultSecurityConfiguration($path);
363        }
364
365        return self::$_securityConfiguration;
366    }
367
368    /**
369     * Set the current ESAPI SecurityConfiguration object being used to manage the 
370     * security configuration for this application.
371     * 
372     * @param SecurityConfiguration $securityConfiguration the new ESAPI 
373     * SecurityConfiguration.
374     * 
375     * @return does not return a value.
376     */
377    public static function setSecurityConfiguration($securityConfiguration) 
378    {
379        self::$_securityConfiguration = $securityConfiguration;
380    }
381
382    /**
383     * Get the current ESAPI Validator object being used to validate data for this 
384     * application.
385     * 
386     * @return the current ESAPI Validator.
387     */
388    public static function getValidator() 
389    {
390        if ( is_null(self::$_validator) ) {
391            include_once dirname(__FILE__).
392              '/reference/DefaultValidator.php';
393            self::$_validator = new DefaultValidator();
394        }
395
396        return self::$_validator;
397    }
398
399    /**
400     * Set the current ESAPI Validator object being used to validate data for
401     * this application.
402     * 
403     * @param Validator $validator the new ESAPI Validator.
404     * 
405     * @return does not return a value.
406     */
407    public static function setValidator($validator) 
408    {
409        self::$_validator = $validator;
410    }
411
412    /**
413     * Get the current ESAPI Sanitizer object being used to sanitize data for
414     * this application.
415     * 
416     * @return the current ESAPI Sanitizer.
417     */
418    public static function getSanitizer() 
419    {
420        if ( is_null(self::$_sanitizer) ) {
421            include_once dirname(__FILE__).
422              '/reference/DefaultSanitizer.php';
423            self::$_sanitizer = new DefaultSanitizer();
424        }
425
426        return self::$_sanitizer;
427    }
428
429    /**
430     * Set the current ESAPI Sanitizer object being used to sanitize data for
431     * this application.
432     * 
433     * @param Sanitizer $sanitizer the new ESAPI Sanitizer.
434     * 
435     * @return does not return a value.
436     */
437    public static function setSanitizer($sanitizer) 
438    {
439        self::$_sanitizer = $sanitizer;
440    }
441        
442 
443}
444?>