Host and port checking for curl.
More...
|
| get_blocked_url_string () |
| Returns a string message describing a blocked URL. More...
|
|
| is_enabled () |
| Convenience method to check whether we have any entries in the host blacklist or ports whitelist admin settings. More...
|
|
| url_is_blocked ($urlstring) |
| Checks whether the given URL is blacklisted by checking its address and port number against the black/white lists. More...
|
|
Host and port checking for curl.
This class provides a means to check URL/host/port against the system-level cURL security entries. It does not provide a means to add URLs, hosts or ports to the black/white lists; this is configured manually via the site admin section of Moodle (See: 'Site admin' > 'Security' > 'HTTP Security').
This class is currently used by the 'curl' wrapper class in lib/filelib.php. Depends on: core\ip_utils (several functions) moodlelib (clean_param)
- Copyright
- 2016 Jake Dallimore
- License
- http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
- Author
- Jake Dallimore jrhda.nosp@m.llim.nosp@m.ore@g.nosp@m.mail.nosp@m..com
◆ address_explicitly_blocked()
core\files\curl_security_helper::address_explicitly_blocked |
( |
|
$addr | ) |
|
|
protected |
Checks whether the input address is blocked by at any of the IPv4 or IPv6 address rules.
- Parameters
-
string | $addr | the ip address to check. |
- Return values
-
bool | true if the address is covered by an entry in the blacklist, false otherwise. |
◆ get_blacklisted_hosts()
core\files\curl_security_helper::get_blacklisted_hosts |
( |
| ) |
|
|
protected |
Helper that returns the blacklisted hosts, as defined in the 'curlsecurityblockedhosts' setting.
- Return values
-
array | the array of blacklisted host entries. |
◆ get_blacklisted_hosts_by_category()
core\files\curl_security_helper::get_blacklisted_hosts_by_category |
( |
| ) |
|
|
protected |
Helper to get all entries from the admin setting, as an array, sorted by classification.
Classifications include 'ipv4', 'ipv6', 'domain', 'domainwildcard'.
- Return values
-
array | of host/domain/ip entries from the 'curlsecurityblockedhosts' config. |
◆ get_blocked_url_string()
core\files\curl_security_helper::get_blocked_url_string |
( |
| ) |
|
◆ get_host_list_by_name()
core\files\curl_security_helper::get_host_list_by_name |
( |
|
$host | ) |
|
|
protected |
Retrieve all hosts for a domain name.
- Parameters
-
- Return values
-
array | An array of IPs associated with the host name. |
◆ get_whitelisted_ports()
core\files\curl_security_helper::get_whitelisted_ports |
( |
| ) |
|
|
protected |
Helper that returns the whitelisted ports, as defined in the 'curlsecurityallowedport' setting.
- Return values
-
array | the array of whitelisted ports. |
◆ host_explicitly_blocked()
core\files\curl_security_helper::host_explicitly_blocked |
( |
|
$host | ) |
|
|
protected |
Checks whether the input hostname is blocked by any of the domain/wildcard rules.
- Parameters
-
string | $host | the hostname to check |
- Return values
-
bool | true if the host is covered by an entry in the blacklist, false otherwise. |
◆ host_is_blocked()
core\files\curl_security_helper::host_is_blocked |
( |
|
$host | ) |
|
|
protected |
Checks whether the host portion of a url is blocked.
The host portion may be a FQDN, IPv4 address or a IPv6 address wrapped in square brackets, as per standard URL notation. E.g. images.example.com 127.0.0.1 [0.0.0.0.0.0.0.1] The method logic is as follows:
- Check the host component against the list of IPv4/IPv6 addresses and ranges.
- This will perform a DNS forward lookup if required.
- Check the host component against the list of domain names and wildcard domain names.
- This will perform a DNS reverse lookup if required.
The behaviour of this function can be classified as strict, as it returns true for hosts which are invalid or could not be parsed, as well as those valid URLs which were found in the blacklist.
- Parameters
-
string | $host | the host component of the URL to check against the blacklist. |
- Return values
-
bool | true if the host is both valid and blocked, false otherwise. |
◆ is_enabled()
core\files\curl_security_helper::is_enabled |
( |
| ) |
|
Convenience method to check whether we have any entries in the host blacklist or ports whitelist admin settings.
If no entries are found at all, the assumption is that the blacklist is disabled entirely.
- Return values
-
bool | true if one or more entries exist, false otherwise. |
◆ port_is_blocked()
core\files\curl_security_helper::port_is_blocked |
( |
|
$port | ) |
|
|
protected |
Checks whether the given port is blocked, as determined by its absence on the ports whitelist.
Ports are assumed to be blocked unless found in the whitelist.
- Parameters
-
integer | string | $port | the port to check against the ports whitelist. |
- Return values
-
bool | true if the port is blocked, false otherwise. |
◆ url_is_blocked()
core\files\curl_security_helper::url_is_blocked |
( |
|
$urlstring | ) |
|
Checks whether the given URL is blacklisted by checking its address and port number against the black/white lists.
The behaviour of this function can be classified as strict, as it returns true for URLs which are invalid or could not be parsed, as well as those valid URLs which were found in the blacklist.
- Parameters
-
string | $urlstring | the URL to check. |
- Return values
-
bool | true if the URL is blacklisted or invalid and false if the URL is not blacklisted. |
Reimplemented from core\files\curl_security_helper_base.
◆ $transportschemes
array core\files\curl_security_helper::$transportschemes |
|
protected |
Initial value:= [
'http' => 80,
'https' => 443
]
of supported transport schemes and their respective default ports.
The documentation for this class was generated from the following file: