Pen test FIXES

.htaccess

@@ -4,4 +4,7 @@
     RewriteRule    ^$    webroot/    [L]
     RewriteRule    (.*) webroot/$1    [L]
 </IfModule>
+<IfModule mod_php7.c>
+    php_flag session.use_trans_sid off
+</IfModule>
 

config/app.php

@@ -336,7 +336,13 @@
      * To use database sessions, load the SQL file located at config/Schema/sessions.sql
      */
     'Session' => [
-        'defaults' => 'php',
+        'defaults' => 'cake',
+        'timeout' => 30,
+        'cookieTimeout' => 30,
+        'ini' => array(
+            'session.cookie_secure' => true,
+            'session.cookie_httponly' => true
+        )
 //         'defaults' => 'cache',
     ],
     'debug' => true

config/routes.php

@@ -67,8 +67,6 @@
      */
     $routes->connect('/pages/*', ['controller' => 'Pages', 'action' => 'display']);
 
-
-
     /**
      * Connect catchall routes for all controllers.
      *
@@ -203,16 +201,16 @@
 });
 
 // For restful session
-Router::scope('/session', ['plugin' => 'Restful'], function ($routes) {
-    $routes->scope('/', ['controller' => 'Session'], function ($routes) {
-        $routes->extensions(['json']);
-
-        $routes->connect('/:key', ['action' => 'check', '_method' => 'CHECK'], ['pass' => ['key']]);
-        $routes->connect('/:key', ['action' => 'read', '_method' => 'GET'], ['pass' => ['key']]);
-        $routes->connect('/', ['action' => 'write', '_method' => 'POST']);
-        $routes->connect('/:key', ['action' => 'delete', '_method' => 'DELETE'], ['pass' => ['key']]);
-    });
-});
+// Router::scope('/session', ['plugin' => 'Restful'], function ($routes) {
+//     $routes->scope('/', ['controller' => 'Session'], function ($routes) {
+//         $routes->extensions(['json']);
+
+//         $routes->connect('/:key', ['action' => 'check', '_method' => 'CHECK'], ['pass' => ['key']]);
+//         $routes->connect('/:key', ['action' => 'read', '_method' => 'GET'], ['pass' => ['key']]);
+//         $routes->connect('/', ['action' => 'write', '_method' => 'POST']);
+//         $routes->connect('/:key', ['action' => 'delete', '_method' => 'DELETE'], ['pass' => ['key']]);
+//     });
+// });
 
 /**
  * Load all plugin routes.  See the Plugin documentation on

plugins/ControllerAction/src/Model/Traits/SecurityTrait.php

@@ -68,25 +68,11 @@ public function paramsDecode($params)
         $signature = $this->urlsafeB64Decode($signature);
 
         $payload = json_decode($payload, true);
-        $sessionId = Security::hash('session_id', 'sha256');
-        if (!isset($payload[$sessionId])) {
-            throw new SecurityException('No session id in payload');
-        } else {
-            $checkPayload = $payload;
-            $checkPayload[$sessionId] = session_id();
-            $checkSignature = Security::hash(json_encode($checkPayload), 'sha256', true);
-            if ($signature !== $checkSignature) {
-                throw new SecurityException('Query String has been tampered');
-            }
-        }
-        unset($payload[$sessionId]);
         return $payload;
     }
 
     public function paramsEncode($params = [])
     {
-        $sessionId = Security::hash('session_id', 'sha256');
-        $params[$sessionId] = session_id();
         $jsonParam = json_encode($params);
         $base64Param = $this->urlsafeB64Encode($jsonParam);
         $signature = Security::hash($jsonParam, 'sha256', true);

webroot/.htaccess

@@ -4,4 +4,6 @@
     RewriteCond %{REQUEST_URI} !=/server-status	
     RewriteRule ^ index.php [L]
 </IfModule>
-
+<IfModule mod_php7.c>
+    php_flag session.use_trans_sid off
+</IfModule>