Merge pull request #305 from moe-lk/PenTest

Pen test FIXES
moe-lk · Dec 3, 2020 · 2beb056 · 2beb056
2 parents 7b5f13a + 509b947
commit 2beb056
Show file tree

Hide file tree

Showing 5 changed files with 23 additions and 28 deletions.
diff --git a/.htaccess b/.htaccess
@@ -4,4 +4,7 @@
     RewriteRule    ^$    webroot/    [L]
     RewriteRule    (.*) webroot/$1    [L]
 </IfModule>
+<IfModule mod_php7.c>
+    php_flag session.use_trans_sid off
+</IfModule>
 
diff --git a/config/app.php b/config/app.php
@@ -336,7 +336,13 @@
      * To use database sessions, load the SQL file located at config/Schema/sessions.sql
      */
     'Session' => [
-        'defaults' => 'php',
+        'defaults' => 'cake',
+        'timeout' => 30,
+        'cookieTimeout' => 30,
+        'ini' => array(
+            'session.cookie_secure' => true,
+            'session.cookie_httponly' => true
+        )
 //         'defaults' => 'cache',
     ],
     'debug' => true

diff --git a/config/routes.php b/config/routes.php
@@ -67,8 +67,6 @@
      */
     $routes->connect('/pages/*', ['controller' => 'Pages', 'action' => 'display']);
 
-
-
     /**
      * Connect catchall routes for all controllers.
      *
@@ -203,16 +201,16 @@
 });
 
 // For restful session
-Router::scope('/session', ['plugin' => 'Restful'], function ($routes) {
-    $routes->scope('/', ['controller' => 'Session'], function ($routes) {
-        $routes->extensions(['json']);
-
-        $routes->connect('/:key', ['action' => 'check', '_method' => 'CHECK'], ['pass' => ['key']]);
-        $routes->connect('/:key', ['action' => 'read', '_method' => 'GET'], ['pass' => ['key']]);
-        $routes->connect('/', ['action' => 'write', '_method' => 'POST']);
-        $routes->connect('/:key', ['action' => 'delete', '_method' => 'DELETE'], ['pass' => ['key']]);
-    });
-});
+// Router::scope('/session', ['plugin' => 'Restful'], function ($routes) {
+//     $routes->scope('/', ['controller' => 'Session'], function ($routes) {
+//         $routes->extensions(['json']);
+
+//         $routes->connect('/:key', ['action' => 'check', '_method' => 'CHECK'], ['pass' => ['key']]);
+//         $routes->connect('/:key', ['action' => 'read', '_method' => 'GET'], ['pass' => ['key']]);
+//         $routes->connect('/', ['action' => 'write', '_method' => 'POST']);
+//         $routes->connect('/:key', ['action' => 'delete', '_method' => 'DELETE'], ['pass' => ['key']]);
+//     });
+// });
 
 /**
  * Load all plugin routes.  See the Plugin documentation on

diff --git a/plugins/ControllerAction/src/Model/Traits/SecurityTrait.php b/plugins/ControllerAction/src/Model/Traits/SecurityTrait.php
@@ -68,25 +68,11 @@ public function paramsDecode($params)
         $signature = $this->urlsafeB64Decode($signature);
 
         $payload = json_decode($payload, true);
-        $sessionId = Security::hash('session_id', 'sha256');
-        if (!isset($payload[$sessionId])) {
-            throw new SecurityException('No session id in payload');
-        } else {
-            $checkPayload = $payload;
-            $checkPayload[$sessionId] = session_id();
-            $checkSignature = Security::hash(json_encode($checkPayload), 'sha256', true);
-            if ($signature !== $checkSignature) {
-                throw new SecurityException('Query String has been tampered');
-            }
-        }
-        unset($payload[$sessionId]);
         return $payload;
     }
 
     public function paramsEncode($params = [])
     {
-        $sessionId = Security::hash('session_id', 'sha256');
-        $params[$sessionId] = session_id();
         $jsonParam = json_encode($params);
         $base64Param = $this->urlsafeB64Encode($jsonParam);
         $signature = Security::hash($jsonParam, 'sha256', true);

diff --git a/webroot/.htaccess b/webroot/.htaccess
@@ -4,4 +4,6 @@
     RewriteCond %{REQUEST_URI} !=/server-status	
     RewriteRule ^ index.php [L]
 </IfModule>
-
+<IfModule mod_php7.c>
+    php_flag session.use_trans_sid off
+</IfModule>