From cf8f39d7a9c8a5802fc196b45f31b36074bdde6a Mon Sep 17 00:00:00 2001 From: Viktor Date: Thu, 7 Dec 2023 14:42:37 +0300 Subject: [PATCH] Fix. SecFW. FW results priority fixed. (#279) --- lib/CleantalkSP/Security/Firewall.php | 51 ++++++++++++++------------- 1 file changed, 26 insertions(+), 25 deletions(-) diff --git a/lib/CleantalkSP/Security/Firewall.php b/lib/CleantalkSP/Security/Firewall.php index 75cd400cf..562290d09 100644 --- a/lib/CleantalkSP/Security/Firewall.php +++ b/lib/CleantalkSP/Security/Firewall.php @@ -174,12 +174,11 @@ private function reduceFirewallResultsByPriority(array $firewall_results) ) ); - foreach ( $firewall_results as $firewall_result__current ) { - if ($this->excludeResultFromCalculation($firewall_result__current, $firewall_result__final)) { - continue; - } + // 1) Select only personal listed results + $priority_firewall_results = $this->filterResultsByLists($firewall_results); - // if ip is passed as SKIPPED_NETWORK (status 99) set this result as final and proceed next db result + foreach ( $priority_firewall_results as $firewall_result__current ) { + // 2) If ip is passed as SKIPPED_NETWORK (status 99) set this result as final and proceed next db result if ( $firewall_result__current->status === 'PASS_AS_SKIPPED_NETWORK' ) { //set status to passed to let other modules check this ip $firewall_result__current->status = 'PASSED'; @@ -187,6 +186,7 @@ private function reduceFirewallResultsByPriority(array $firewall_results) continue; } + // 3) Calculate priority by masks and statuses $priority_current = $this->calculatePriorityForFirewallResult($firewall_result__current); if ( $priority_current >= $priority_final ) { @@ -198,6 +198,24 @@ private function reduceFirewallResultsByPriority(array $firewall_results) return $firewall_result__final; } + /** + * Selected only personal listed results its are provided in the results array. + * + * @param Result[] $firewall_results + * + * @return Result[] + */ + private function filterResultsByLists(array $firewall_results) + { + $priority_results = []; + foreach ( $firewall_results as $firewall_result__current ) { + if ( (int) $firewall_result__current->is_personal === 1 ) { + $priority_results[] = $firewall_result__current; + } + } + return count($priority_results) ? $priority_results : $firewall_results; + } + /** * Calculates the priority of the passed Firewall Result * @@ -208,13 +226,13 @@ private function reduceFirewallResultsByPriority(array $firewall_results) private function calculatePriorityForFirewallResult(Result $firewall_result) { $point_for_status = array_search($firewall_result->status, $this->statuses_priority, true); - $points_for_personal_list = $firewall_result->is_personal ? 113 : 0; $points_for_trusted_network = $firewall_result->status === 'PASS_BY_TRUSTED_NETWORK' ? 100 : 0; + $points_for_mask = $firewall_result->mask; return $point_for_status + - $points_for_personal_list + - $points_for_trusted_network; + $points_for_trusted_network + + $points_for_mask; } /** @@ -255,21 +273,4 @@ private function isWhitelisted($results) public function updateLog(Result $fw_result) { } - - /** - * Pick the result with the smallest network. - * Don't count priority if fires. - * - * @param $firewall_result__current - * @param $firewall_result__final - * - * @return bool - */ - private function excludeResultFromCalculation($firewall_result__current, $firewall_result__final) - { - return ! empty($firewall_result__current->mask) && ! empty($firewall_result__final->mask) && // The mask are not empty - $firewall_result__current->mask !== $firewall_result__final->mask && // The masks are not equal - $firewall_result__current->mask < $firewall_result__final->mask && - $firewall_result__current->is_personal === 0; - } }