Skip to content

Commit

Permalink
Fix. SecFW. FW results priority fixed. (#279)
Browse files Browse the repository at this point in the history
  • Loading branch information
Glomberg authored Dec 7, 2023
1 parent 083f970 commit cf8f39d
Showing 1 changed file with 26 additions and 25 deletions.
51 changes: 26 additions & 25 deletions lib/CleantalkSP/Security/Firewall.php
Original file line number Diff line number Diff line change
Expand Up @@ -174,19 +174,19 @@ private function reduceFirewallResultsByPriority(array $firewall_results)
)
);

foreach ( $firewall_results as $firewall_result__current ) {
if ($this->excludeResultFromCalculation($firewall_result__current, $firewall_result__final)) {
continue;
}
// 1) Select only personal listed results
$priority_firewall_results = $this->filterResultsByLists($firewall_results);

// if ip is passed as SKIPPED_NETWORK (status 99) set this result as final and proceed next db result
foreach ( $priority_firewall_results as $firewall_result__current ) {
// 2) If ip is passed as SKIPPED_NETWORK (status 99) set this result as final and proceed next db result
if ( $firewall_result__current->status === 'PASS_AS_SKIPPED_NETWORK' ) {
//set status to passed to let other modules check this ip
$firewall_result__current->status = 'PASSED';
$firewall_result__final = $firewall_result__current;
continue;
}

// 3) Calculate priority by masks and statuses
$priority_current = $this->calculatePriorityForFirewallResult($firewall_result__current);

if ( $priority_current >= $priority_final ) {
Expand All @@ -198,6 +198,24 @@ private function reduceFirewallResultsByPriority(array $firewall_results)
return $firewall_result__final;
}

/**
* Selected only personal listed results its are provided in the results array.
*
* @param Result[] $firewall_results
*
* @return Result[]
*/
private function filterResultsByLists(array $firewall_results)
{
$priority_results = [];
foreach ( $firewall_results as $firewall_result__current ) {
if ( (int) $firewall_result__current->is_personal === 1 ) {
$priority_results[] = $firewall_result__current;
}
}
return count($priority_results) ? $priority_results : $firewall_results;
}

/**
* Calculates the priority of the passed Firewall Result
*
Expand All @@ -208,13 +226,13 @@ private function reduceFirewallResultsByPriority(array $firewall_results)
private function calculatePriorityForFirewallResult(Result $firewall_result)
{
$point_for_status = array_search($firewall_result->status, $this->statuses_priority, true);
$points_for_personal_list = $firewall_result->is_personal ? 113 : 0;
$points_for_trusted_network = $firewall_result->status === 'PASS_BY_TRUSTED_NETWORK' ? 100 : 0;
$points_for_mask = $firewall_result->mask;

return
$point_for_status +
$points_for_personal_list +
$points_for_trusted_network;
$points_for_trusted_network +
$points_for_mask;
}

/**
Expand Down Expand Up @@ -255,21 +273,4 @@ private function isWhitelisted($results)
public function updateLog(Result $fw_result)
{
}

/**
* Pick the result with the smallest network.
* Don't count priority if fires.
*
* @param $firewall_result__current
* @param $firewall_result__final
*
* @return bool
*/
private function excludeResultFromCalculation($firewall_result__current, $firewall_result__final)
{
return ! empty($firewall_result__current->mask) && ! empty($firewall_result__final->mask) && // The mask are not empty
$firewall_result__current->mask !== $firewall_result__final->mask && // The masks are not equal
$firewall_result__current->mask < $firewall_result__final->mask &&
$firewall_result__current->is_personal === 0;
}
}

0 comments on commit cf8f39d

Please sign in to comment.