summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLee Rowlands2018-03-27 09:55:03 (GMT)
committerLee Rowlands2018-03-27 09:55:03 (GMT)
commit19b69fe8af55d8fac34a50563a238911b75f08f7 (patch)
tree81da9a6d2acb9c91e0e7e81500827c31c6918797
parent3f70e7013228eaad3657a946c5f474da65239ef5 (diff)
SA-CORE-2018-002 by Jasu_M, samuel.mortenson, David_Rothstein, xjm, mlhess, larowlan, pwolanin, alexpott, dsnopek, Pere Orga, cashwilliams, dawehner, tim.plunkett, drumm
-rw-r--r--core/lib/Drupal/Core/DrupalKernel.php7
-rw-r--r--core/lib/Drupal/Core/Security/RequestSanitizer.php99
2 files changed, 106 insertions, 0 deletions
diff --git a/core/lib/Drupal/Core/DrupalKernel.php b/core/lib/Drupal/Core/DrupalKernel.php
index 37ed0e9..fec1be9 100644
--- a/core/lib/Drupal/Core/DrupalKernel.php
+++ b/core/lib/Drupal/Core/DrupalKernel.php
@@ -20,6 +20,7 @@ use Drupal\Core\File\MimeType\MimeTypeGuesser;
use Drupal\Core\Http\TrustedHostsRequestFactory;
use Drupal\Core\Installer\InstallerRedirectTrait;
use Drupal\Core\Language\Language;
+use Drupal\Core\Security\RequestSanitizer;
use Drupal\Core\Site\Settings;
use Drupal\Core\Test\TestDatabase;
use Symfony\Cmf\Component\Routing\RouteObjectInterface;
@@ -542,6 +543,12 @@ class DrupalKernel implements DrupalKernelInterface, TerminableInterface {
* {@inheritdoc}
*/
public function preHandle(Request $request) {
+ // Sanitize the request.
+ $request = RequestSanitizer::sanitize(
+ $request,
+ (array) Settings::get(RequestSanitizer::SANITIZE_WHITELIST, []),
+ (bool) Settings::get(RequestSanitizer::SANITIZE_LOG, FALSE)
+ );
$this->loadLegacyIncludes();
diff --git a/core/lib/Drupal/Core/Security/RequestSanitizer.php b/core/lib/Drupal/Core/Security/RequestSanitizer.php
new file mode 100644
index 0000000..8ba17b9
--- /dev/null
+++ b/core/lib/Drupal/Core/Security/RequestSanitizer.php
@@ -0,0 +1,99 @@
+<?php
+
+namespace Drupal\Core\Security;
+
+use Symfony\Component\HttpFoundation\Request;
+
+/**
+ * Sanitizes user input.
+ */
+class RequestSanitizer {
+
+ /**
+ * Request attribute to mark the request as sanitized.
+ */
+ const SANITIZED = '_drupal_request_sanitized';
+
+ /**
+ * The name of the setting that configures the whitelist.
+ */
+ const SANITIZE_WHITELIST = 'sanitize_input_whitelist';
+
+ /**
+ * The name of the setting that determines if sanitized keys are logged.
+ */
+ const SANITIZE_LOG = 'sanitize_input_logging';
+
+ /**
+ * Strips dangerous keys from user input.
+ *
+ * @param \Symfony\Component\HttpFoundation\Request $request
+ * The incoming request to sanitize.
+ * @param string[] $whitelist
+ * An array of keys to whitelist as safe. See default.settings.php.
+ * @param bool $log_sanitized_keys
+ * (optional) Set to TRUE to log an keys that are sanitized.
+ *
+ * @return \Symfony\Component\HttpFoundation\Request
+ * The sanitized request.
+ */
+ public static function sanitize(Request $request, $whitelist, $log_sanitized_keys = FALSE) {
+ if (!$request->attributes->get(self::SANITIZED, FALSE)) {
+ // Process query string parameters.
+ $get_sanitized_keys = [];
+ $request->query->replace(static::stripDangerousValues($request->query->all(), $whitelist, $get_sanitized_keys));
+ if ($log_sanitized_keys && !empty($get_sanitized_keys)) {
+ trigger_error(sprintf('Potentially unsafe keys removed from query string parameters (GET): %s', implode(', ', $get_sanitized_keys)));
+ }
+
+ // Request body parameters.
+ $post_sanitized_keys = [];
+ $request->request->replace(static::stripDangerousValues($request->request->all(), $whitelist, $post_sanitized_keys));
+ if ($log_sanitized_keys && !empty($post_sanitized_keys)) {
+ trigger_error(sprintf('Potentially unsafe keys removed from request body parameters (POST): %s', implode(', ', $post_sanitized_keys)));
+ }
+
+ // Cookie parameters.
+ $cookie_sanitized_keys = [];
+ $request->cookies->replace(static::stripDangerousValues($request->cookies->all(), $whitelist, $cookie_sanitized_keys));
+ if ($log_sanitized_keys && !empty($cookie_sanitized_keys)) {
+ trigger_error(sprintf('Potentially unsafe keys removed from cookie parameters: %s', implode(', ', $cookie_sanitized_keys)));
+ }
+
+ if (!empty($get_sanitized_keys) || !empty($post_sanitized_keys) || !empty($cookie_sanitized_keys)) {
+ $request->overrideGlobals();
+ }
+ $request->attributes->set(self::SANITIZED, TRUE);
+ }
+ return $request;
+ }
+
+ /**
+ * Strips dangerous keys from $input.
+ *
+ * @param mixed $input
+ * The input to sanitize.
+ * @param string[] $whitelist
+ * An array of keys to whitelist as safe.
+ * @param string[] $sanitized_keys
+ * An array of keys that have been removed.
+ *
+ * @return mixed
+ * The sanitized input.
+ */
+ protected static function stripDangerousValues($input, array $whitelist, array &$sanitized_keys) {
+ if (is_array($input)) {
+ foreach ($input as $key => $value) {
+ if ($key !== '' && $key[0] === '#' && !in_array($key, $whitelist, TRUE)) {
+ unset($input[$key]);
+ $sanitized_keys[] = $key;
+ }
+ else {
+ $input[$key] = static::stripDangerousValues($input[$key], $whitelist, $sanitized_keys);
+ }
+ }
+ }
+ return $input;
+ }
+
+}