Issues in ApiBase.php (master) - Issues in master - kristuff/abuseipdb - Measure and Improve Code Quality continuously with Scrutinizer

Issues (5)

lib/ApiBase.php (1 issue)

Severity

Unknown 1

<?php declare(strict_types=1);

/**
 *       _                 ___ ___ ___  ___
 *  __ _| |__ _  _ ___ ___|_ _| _ \   \| _ )
 * / _` | '_ \ || (_-</ -_)| ||  _/ |) | _ \
 * \__,_|_.__/\_,_/__/\___|___|_| |___/|___/
 * 
 * This file is part of Kristuff\AbuseIPDB.
 *
 * (c) Kristuff <[email protected]>
 *
 * For the full copyright and license information, please view the LICENSE
 * file that was distributed with this source code.
 *
 * @version    1.1
 * @copyright  2020-2022 Kristuff
 */

namespace Kristuff\AbuseIPDB;

/**
 * Class ApiBase
 * 
 * Abstract base class for ApiHanlder
 * Contains main hard coded api settings
 */
abstract class ApiBase
{
    /**
     * AbuseIPDB API v2 Endpoint
     * @var string  
     */
    protected $aipdbApiEndpoint = 'https://api.abuseipdb.com/api/v2/'; 

    /**
     * AbuseIPDB API key
     *  
     * @access protected
     * @var string $aipdbApiKey  
     */
    protected $aipdbApiKey = null; 
  
    /**
     * AbuseIPDB API v2 categories
     * shortname, id (string), long name
     * last parameter is false when the category can't be used alone
     * 
     * @static
     * @var array
     */
    protected static $aipdbApiCategories = [
        
        // Altering DNS records resulting in improper redirection.        
        ['dns-c'           , '1', 'DNS Compromise', true],    
        
        // Falsifying domain server cache (cache poisoning).
        ['dns-p'           , '2', 'DNS Poisoning', true],     
        
        // Fraudulent orders.
        ['fraud-orders'    , '3', 'Fraud Orders', true],      

        // Participating in distributed denial-of-service (usually part of botnet).        
        ['ddos'            , '4', 'DDoS Attack', true],       
        
        // 
        ['ftp-bf'          , '5', 'FTP Brute-Force', true],   
        
        // Oversized IP packet.
        ['pingdeath'       , '6', 'Ping of Death', true],     

        // Phishing websites and/or email.
        ['phishing'        , '7', 'Phishing', true],          
        
        //
        ['fraudvoip'       , '8', 'Fraud VoIP', true],        

        // Open proxy, open relay, or Tor exit node.
        ['openproxy'       , '9', 'Open Proxy', true],        

         // Comment/forum spam, HTTP referer spam, or other CMS spam.
         ['webspam'         , '10', 'Web Spam', true],        

        // Spam email content, infected attachments, and phishing emails. Note: Limit comments to only relevent
        // information (instead of log dumps) and be sure to remove PII if you want to remain anonymous.
        ['emailspam'       , '11', 'Email Spam', true],                                                   
             
        // CMS blog comment spam.
        ['blogspam'        , '12', 'Blog Spam', true],      
        
        // Conjunctive category.
        ['vpnip'           , '13', 'VPN IP', false], // to check alone ??           

        // Scanning for open ports and vulnerable services.
        ['scan'            , '14', 'Port Scan', true],        
       
        // 
        ['hack'            , '15', 'Hacking', true],           

        // Attempts at SQL injection.
        ['sql'             , '16', 'SQL Injection', true],     
        
        // Email sender spoofing.
        ['spoof'           , '17', 'Spoofing', true],         

        // Credential brute-force attacks on webpage logins and services like SSH, FTP, SIP, SMTP, RDP, etc. 
        // This category is seperate from DDoS attacks.
        ['brute'           , '18', 'Brute-Force', true],     

        // Webpage scraping (for email addresses, content, etc) and crawlers that do not honor robots.txt.                                  
        // Excessive requests and user agent spoofing can also be reported here.                        
        ['badbot'          , '19', 'Bad Web Bot', true],      
                                                         
        // Host is likely infected with malware and being used for other attacks or to host malicious content. 
        // The host owner may not be aware of the compromise. This category is often used in combination 
        // with other attack categories.
        ['explhost'        , '20', 'Exploited Host', true],
        
        // Attempts to probe for or exploit installed web applications such as a CMS 
        // like WordPress/Drupal, e-commerce solutions, forum software, phpMyAdmin and 
        // various other software plugins/solutions.                                                         
        ['webattack'       , '21', 'Web App Attack', true ],   
        
        // Secure Shell (SSH) abuse. Use this category in combination 
        // with more specific categories.
        ['ssh'             , '22', 'SSH', false],              

        // Abuse was targeted at an "Internet of Things" type device. Include 
        // information about what type of device was targeted in the comments.         
        ['iot'             , '23', 'IoT Targeted', true],     
    ];

    /**
     * Get the list of report categories
     * 
     * @access public
     * @static
     *  
     * @return array
     */
    public static function getCategories(): array
    {
        return self::$aipdbApiCategories;
    }

    /**
     * Get the category id corresponding to given name
     * 
     * @access public
     * @static
     * @param string $categoryName    The report category name
     * 
     * @return string|bool            The category id in string format if found, otherwise false
     */
    public static function getCategoryIdByName(string $categoryName)
    {
        foreach (self::$aipdbApiCategories as $cat){
            if ($cat[0] === $categoryName) {
                return $cat[1];
            }
         }

        // not found
        return false;
    }

    /**
     * Get the category name corresponding to given id
     * 
     * @access public
     * @static
     * @param string    $categoryId   The report category id
     * 
     * @return string|bool            The category name if found, otherwise false
     */
    public static function getCategoryNameById(string $categoryId)
    {
        foreach (self::$aipdbApiCategories as $cat){
           if ($cat[1] === $categoryId) {
               return $cat[0];
           }
        }

        // not found
        return false;
    }

    /**
     * Get the index of category corresponding to given value
     * 
     * @access protected
     * @static
     * @param string        $value          The report category id or name
     * @param string        $index          The index in value array 
     * 
     * @return int|bool     The category index if found, otherwise false
     */
    protected static function getCategoryIndex(string $value, int $index)
    {
        $i = 0;
        foreach (self::$aipdbApiCategories as $cat){
            if ($cat[$index] === $value) {
                return $i;
            }
            $i++;
         }

        // not found
        return false;
    }

    /**
     * Check if the category(ies) given is/are valid
     * Check for shortname or id, and categories that can't be used alone 
     * 
     * @access protected
     * @param array         $categories       The report categories list
     *
     * @return string       Formatted string id list ('18,2,3...')
     * @throws \InvalidArgumentException
     */
    protected function validateReportCategories(string $categories)
    {
        // the return categories string
        $catsString = ''; 

        // used when cat that can't be used alone
        $needAnother = null;

        // parse given categories
        $cats = explode(',', $categories);

        foreach ($cats as $cat) {

            // get index on our array of categories
            $catIndex    = is_numeric($cat) ? self::getCategoryIndex($cat, 1) : self::getCategoryIndex($cat, 0);

            // check if found
            if ($catIndex === false ){
                throw new \InvalidArgumentException('Invalid report category was given.');
            }

            // get Id
            $catId = self::$aipdbApiCategories[$catIndex][1];

            // need another ?
            if ($needAnother !== false){

                // is a standalone cat ?
                if (self::$aipdbApiCategories[$catIndex][3] === false) {
                    $needAnother = true;

                } else {
                    // ok, continue with other at least one given
                    // no need to reperform this check
                    $needAnother = false;
                }
            }

            // set or add to cats list 
            $catsString = ($catsString === '') ? $catId : $catsString .','.$catId;
        }

        if ($needAnother !== false){

            throw new \InvalidArgumentException('Invalid report category parameter given: this category can\'t be used alone.');
        }

        // if here that ok
        return $catsString;
    }
}

1			<?php declare(strict_types=1);
2
3			/**
4			* _ ___ ___ ___ ___
5			* __ _\| \|__ _ _ ___ ___\|_ _\| _ \ \\| _ )
6			* / _` \| '_ \ \|\| (_-</ -_)\| \|\| _/ \|) \| _ \
7			* \__,_\|_.__/\_,_/__/\___\|___\|_\| \|___/\|___/
8			*
9			* This file is part of Kristuff\AbuseIPDB.
10			*
11			* (c) Kristuff <[email protected]>
12			*
13			* For the full copyright and license information, please view the LICENSE
14			* file that was distributed with this source code.
15			*
16			* @version 1.1
17			* @copyright 2020-2022 Kristuff
18			*/
19
20			namespace Kristuff\AbuseIPDB;
21
22			/**
23			* Class ApiBase
24			*
25			* Abstract base class for ApiHanlder
26			* Contains main hard coded api settings
27			*/
28			abstract class ApiBase
29			{
30			/**
31			* AbuseIPDB API v2 Endpoint
32			* @var string
33			*/
34			protected $aipdbApiEndpoint = 'https://api.abuseipdb.com/api/v2/';
35
36			/**
37			* AbuseIPDB API key
38			*
39			* @access protected
40			* @var string $aipdbApiKey
41			*/
42			protected $aipdbApiKey = null;
43
44			/**
45			* AbuseIPDB API v2 categories
46			* shortname, id (string), long name
47			* last parameter is false when the category can't be used alone
48			*
49			* @static
50			* @var array
51			*/
52			protected static $aipdbApiCategories = [
53
54			// Altering DNS records resulting in improper redirection.
55			['dns-c' , '1', 'DNS Compromise', true],
56
57			// Falsifying domain server cache (cache poisoning).
58			['dns-p' , '2', 'DNS Poisoning', true],
59
60			// Fraudulent orders.
61			['fraud-orders' , '3', 'Fraud Orders', true],
62
63			// Participating in distributed denial-of-service (usually part of botnet).
64			['ddos' , '4', 'DDoS Attack', true],
65
66			//
67			['ftp-bf' , '5', 'FTP Brute-Force', true],
68
69			// Oversized IP packet.
70			['pingdeath' , '6', 'Ping of Death', true],
71
72			// Phishing websites and/or email.
73			['phishing' , '7', 'Phishing', true],
74
75			//
76			['fraudvoip' , '8', 'Fraud VoIP', true],
77
78			// Open proxy, open relay, or Tor exit node.
79			['openproxy' , '9', 'Open Proxy', true],
80
81			// Comment/forum spam, HTTP referer spam, or other CMS spam.
82			['webspam' , '10', 'Web Spam', true],
83
84			// Spam email content, infected attachments, and phishing emails. Note: Limit comments to only relevent
85			// information (instead of log dumps) and be sure to remove PII if you want to remain anonymous.
86			['emailspam' , '11', 'Email Spam', true],
87
88			// CMS blog comment spam.
89			['blogspam' , '12', 'Blog Spam', true],
90
91			// Conjunctive category.
92			['vpnip' , '13', 'VPN IP', false], // to check alone ??
93
94			// Scanning for open ports and vulnerable services.
95			['scan' , '14', 'Port Scan', true],
96
97			//
98			['hack' , '15', 'Hacking', true],
99
100			// Attempts at SQL injection.
101			['sql' , '16', 'SQL Injection', true],
102
103			// Email sender spoofing.
104			['spoof' , '17', 'Spoofing', true],
105
106			// Credential brute-force attacks on webpage logins and services like SSH, FTP, SIP, SMTP, RDP, etc.
107			// This category is seperate from DDoS attacks.
108			['brute' , '18', 'Brute-Force', true],
109
110			// Webpage scraping (for email addresses, content, etc) and crawlers that do not honor robots.txt.
111			// Excessive requests and user agent spoofing can also be reported here.
112			['badbot' , '19', 'Bad Web Bot', true],
113
114			// Host is likely infected with malware and being used for other attacks or to host malicious content.
115			// The host owner may not be aware of the compromise. This category is often used in combination
116			// with other attack categories.
117			['explhost' , '20', 'Exploited Host', true],
118
119			// Attempts to probe for or exploit installed web applications such as a CMS
120			// like WordPress/Drupal, e-commerce solutions, forum software, phpMyAdmin and
121			// various other software plugins/solutions.
122			['webattack' , '21', 'Web App Attack', true ],
123
124			// Secure Shell (SSH) abuse. Use this category in combination
125			// with more specific categories.
126			['ssh' , '22', 'SSH', false],
127
128			// Abuse was targeted at an "Internet of Things" type device. Include
129			// information about what type of device was targeted in the comments.
130			['iot' , '23', 'IoT Targeted', true],
131			];
132
133			/**
134			* Get the list of report categories
135			*
136			* @access public
137			* @static
138			*
139			* @return array
140			*/
141			public static function getCategories(): array
142			{
143			return self::$aipdbApiCategories;
144			}
145
146			/**
147			* Get the category id corresponding to given name
148			*
149			* @access public
150			* @static
151			* @param string $categoryName The report category name
152			*
153			* @return string\|bool The category id in string format if found, otherwise false
154			*/
155			public static function getCategoryIdByName(string $categoryName)
156			{
157			foreach (self::$aipdbApiCategories as $cat){
158			if ($cat[0] === $categoryName) {
159			return $cat[1];
160			}
161			}
162
163			// not found
164			return false;
165			}
166
167			/**
168			* Get the category name corresponding to given id
169			*
170			* @access public
171			* @static
172			* @param string $categoryId The report category id
173			*
174			* @return string\|bool The category name if found, otherwise false
175			*/
176			public static function getCategoryNameById(string $categoryId)
177			{
178			foreach (self::$aipdbApiCategories as $cat){
179			if ($cat[1] === $categoryId) {
180			return $cat[0];
181			}
182			}
183
184			// not found
185			return false;
186			}
187
188			/**
189			* Get the index of category corresponding to given value
190			*
191			* @access protected
192			* @static
193			* @param string $value The report category id or name
194			* @param string $index The index in value array
195			*
196			* @return int\|bool The category index if found, otherwise false
197			*/
198			protected static function getCategoryIndex(string $value, int $index)
199			{
200			$i = 0;
201			foreach (self::$aipdbApiCategories as $cat){
202			if ($cat[$index] === $value) {
203			return $i;
204			}
205			$i++;
206			}
207
208			// not found
209			return false;
210			}
211
212			/**
213			* Check if the category(ies) given is/are valid
214			* Check for shortname or id, and categories that can't be used alone
215			*
216			* @access protected
217			* @param array $categories The report categories list
218			*
219			* @return string Formatted string id list ('18,2,3...')
220			* @throws \InvalidArgumentException
221			*/
222			protected function validateReportCategories(string $categories)
223			{
224			// the return categories string
225			$catsString = '';
226
227			// used when cat that can't be used alone
228			$needAnother = null;
229
230			// parse given categories
231			$cats = explode(',', $categories);
232
233			foreach ($cats as $cat) {
234
235			// get index on our array of categories
236			$catIndex = is_numeric($cat) ? self::getCategoryIndex($cat, 1) : self::getCategoryIndex($cat, 0);
237
238			// check if found
239			if ($catIndex === false ){
240			throw new \InvalidArgumentException('Invalid report category was given.');
241			}
242
243			// get Id
244			$catId = self::$aipdbApiCategories[$catIndex][1];
245
246			// need another ?
247			if ($needAnother !== false){
248
249			// is a standalone cat ?
250			if (self::$aipdbApiCategories[$catIndex][3] === false) {
251			$needAnother = true;
252
253			} else {
254			// ok, continue with other at least one given
255			// no need to reperform this check
256			$needAnother = false;
257			}
258			}
259
260			// set or add to cats list
261			$catsString = ($catsString === '') ? $catId : $catsString .','.$catId;
262			}
263
264			if ($needAnother !== false){
			0 ignored issues – show introduced 2020-05-15 09:31 UTC by Report Bug Copy Issue Report Show Similar Issues like this The condition `$needAnother !== false` is always `true`. Loading history...
265			throw new \InvalidArgumentException('Invalid report category parameter given: this category can\'t be used alone.');
266			}
267
268			// if here that ok
269			return $catsString;
270			}
271			}

kristuff / abuseipdb

Issues (5)

lib/ApiBase.php (1 issue)

Severity

Introduced By

Duplication Side-by-Side

Filter issues like