Skip to content
Projects
Groups
Snippets
Help
Sign in / Register
Toggle navigation
Minds Backend - Engine
Project overview
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Locked Files
Issues
301
Merge Requests
39
CI / CD
Security & Compliance
Packages
Wiki
Snippets
Members
Collapse sidebar
Close sidebar
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Minds
Minds Backend - Engine
Compare Revisions
66b6430f7c69052dddbcede2eb76f22aa6bf93cb...4f014594409c2622b4f4f3f1da6b5700dacbdd2f
Source
4f014594409c2622b4f4f3f1da6b5700dacbdd2f
...
Target
66b6430f7c69052dddbcede2eb76f22aa6bf93cb
Compare
Commits (2)
Updated to meet feedback
· 03ca7b4d
Ben Hayward
authored
1 hour ago
03ca7b4d
Added in class for prohibited domains
· 4f014594
Ben Hayward
authored
1 hour ago
4f014594
Expand all
Hide whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
366 additions
and
668 deletions
+366
-668
Core/Security/Events.php
View file @
4f014594
...
...
@@ -7,6 +7,7 @@ use Minds\Core\Events\Dispatcher;
use
Minds\Core\Security\TwoFactor
;
use
Minds\Exceptions
;
use
Minds\Helpers\Text
;
use
Minds\Core\Security\ProhibitedDomains
;
class
Events
{
...
...
@@ -16,10 +17,13 @@ class Events
/** @var Config $config */
protected
$config
;
public
function
__construct
()
/** @var ProhibitedDomains */
protected
$prohibitedDomains
;
public
function
__construct
(
$prohibitedDomains
=
null
)
{
$this
->
sms
=
Di
::
_
()
->
get
(
'SMS'
);
$this
->
config
=
$config
?:
Di
::
_
()
->
get
(
'Config'
);
$this
->
prohibitedDomains
=
$prohibitedDomains
??
new
ProhibitedDomains
(
);
}
public
function
register
()
...
...
@@ -55,9 +59,9 @@ class Events
* @param $object - excepts fields description, briefdescription, message and title.
* @return boolean - true if prohibited domain found.
*/
public
function
containsProhibitedDomain
(
$object
)
public
function
containsProhibitedDomain
(
$object
)
:
string
{
$prohibitedDomains
=
$this
->
config
->
get
(
'prohibited_domains'
);
$prohibitedDomains
=
$this
->
prohibitedDomains
->
get
(
);
$bodies
=
[
$object
->
description
,
$object
->
briefdescription
,
...
...
@@ -70,7 +74,7 @@ class Events
return
$found
;
}
}
return
false
;
return
""
;
}
/**
...
...
This diff is collapsed.
Core/Security/ProhibitedDomains.php
0 → 100644
View file @
4f014594
<?php
namespace
Minds\Core\Security
;
/**
* @author Ben
* @desc holds the list of prohibited domains.
*/
class
ProhibitedDomains
{
public
function
__construct
()
{
}
/**
* getter for prohibitedDomains
*
* @return array an array of prohibited domains.
*/
public
function
get
()
:
array
{
return
$this
->
prohibitedDomains
;
}
private
$prohibitedDomains
=
[
//shorts
// 't.co', 'goo.gl', 'ow.ly', 'bitly.com', 'bit.ly','tinyurl.com','bit.do','go2.do',
// 'adf.ly', 'adcrun.ch', 'zpag.es','ity.im', 'q.gs', 'lnk.co', 'is.gd',
//full
'movieblog.tumblr.com'
,
'moviehdstream.wordpress.com'
,
'moviehq.tumblr.com'
,
'moviehq.webs.com'
,
'moviehq.wordpress.com'
,
'movieo.wordpress.com'
,
'movieonline.tumblr.com'
,
'movieonline.webs.com'
,
'movieonline.wordpress.com'
,
'movieonlinehd.tumblr.com'
,
'movieonlinehd.webs.com'
,
'movieonlinehd.wordpress.com'
,
'movies.tumblr.com'
,
'moviesf.tumblr.com'
,
'moviesgodetia.com'
,
'movieslinks4u'
,
'moviesmount.com'
,
'moviesmonster.biz'
,
'moviesondesktop'
,
'moviesonlinefree.biz'
,
'moviestream.wordpress.com'
,
'movieontop.com'
,
'afllivestreaming.com.au'
,
'londonolympiccorner'
,
'nrllivestreaming.com.au'
,
'24x7livestreamtvchannels.com'
,
'www.edogo.us'
,
'all4health.in'
,
'watches4a.co.uk'
,
'es.jennyjoseph.com'
,
'allsportslive24x7.blogspot.com'
,
'boxing-tv-2014-live-stream.blogspot.com'
,
'amarblogdalima.blogspot.com'
,
'www.officialtvstream.com.es'
,
'topsalor.com'
,
'busybo.org'
,
'www.nowvideo.sx'
,
'180upload.com'
,
'allmyvideos.net'
,
'busybo.org'
,
'hdmovieshouse.biz'
,
'sportblog.info'
,
'psport.space'
,
'discus.space'
,
'euro2016.it.ua'
,
'neymar.space'
,
'espnstream.space'
,
'2016.vn.u'
,
'blogstream.space'
,
'liveextratime.xyz'
,
'thebestlive.xyz'
,
'streamoffside.xyz'
,
'sportmaster2014.page.tl'
,
'bloggersdelight.dk'
,
'watchsportslive.space'
,
'freeforward.xyz'
,
'live4sports.xyz'
,
'streamfun.xyz'
,
'angelfire.com'
,
'streamtime.xyz'
,
'futebol2star.com'
,
'live2sport.com'
,
'newssports.space'
,
'onlineolympics.xyz'
,
'liveolympics.xyz'
,
'streamontv.xyz'
,
'londonschedule.com'
,
'onlineolympics.space'
,
'sportwinning.xyz'
,
'streamworld.xyz'
,
'streamtop.xyz'
,
'livechampion.xyz'
,
'playstreams.xyz'
,
'live4sport.xyz'
,
'streampage.xyz'
,
'calendarsport.space'
,
'fsport.space'
,
'euro2016.od.ua'
,
'streambig.xyz'
,
'sportprediction.xyz'
,
'streamwork.xyz'
,
'r041.donnael.com'
,
'2016.lt.ua'
,
'vipleague.se'
,
'liveonline.company'
,
'liveolympics.space'
,
'seoandvideomarketing.com.au'
,
'vipbox.sx'
,
'germanypolandlivestream.club'
,
'sportgoal.xyz'
,
'ggdbsale.com'
,
'gorillasteroids.eu'
,
'watchlivesports.space'
,
'penaltyshootout.xyz'
,
'streamgroup.xyz'
,
'streamnew.xyz'
,
'cottonsport.space'
,
'gosport.space'
,
'streambest.xyz'
,
'penaltyspot.xyz'
,
'streamthe.xyz'
,
'liveevents.name'
,
'londonblog.work'
,
'testcollections.com'
,
'alfagy.com'
,
'teravide1974.full-design.com'
,
'selfnarhasbllaq1980-blog.logdown.com'
,
'neipononchoi1984.suomiblog.com'
,
'gemttranlonthe1985.blogzet.com'
,
'pitchero.com'
,
'blogolize.com'
,
'lisbopholsven1974.thezenweb.com'
,
'blogocial.com'
,
'tinyblogging.com'
,
'share.pho.to'
,
'community.vietfun.com'
,
'ockuderla1985.full-design.com'
,
'unmosimla1978.total-blog.com'
,
'gemttranlonthe1985.blogzet.com'
,
'rapptubizboe1978.blogminds.com'
,
'descduclighgon1973.full-design.com'
,
'ricphosati1972.full-design.com'
,
'fuddbluslanmaa1975.blogdigy.com'
,
'smarforcute1976.blogdigy.com'
,
'xn--90aizihgi.xn--p1ai'
,
'tinyurl.com'
,
'bit.ly'
,
'bit.do'
,
'123football.space'
,
'bitly.com'
,
'j.mp'
,
'livestreaming.one'
,
'livestreaming.life'
,
'forbest.pw'
,
'olizev.tdska2ll.ru'
,
'tdska2ll.ru'
,
'tdska1ll.ru'
,
'tdska3ll.ru'
,
'tdska4ll.ru'
,
'ihmail.ru'
,
'tdska5ll.ru'
,
'tdska6ll.ru'
,
'll.ru'
,
'shorl.com'
,
'scorestream.space'
,
'bestsplayer.xyz'
,
'worldwideevents.space'
,
'worldseries.space'
,
'best247chemist.net'
,
'9tn.ru'
,
'futbolkin2013.ru'
,
'playnowstore.com'
,
'qr-url.tk'
,
'watchonlinerugby.net'
,
'esecuritys.com'
,
'rufile.no-ip.ca'
,
'imzonline.com'
,
'femeedia.com'
,
'mediomatic.com'
,
'savemoneyeasily.com'
,
'option1pro.com'
,
'perron07.nl'
,
'movieonrails.com'
,
'topmoviestoday.com'
,
'playnowstore.com'
,
'g-files.biz'
,
'dawnloadonline.com'
,
'thedirsite.com'
,
'siteslocate.com'
,
'mydrugdir.com'
,
'find24hs.com'
,
'veeble.org'
,
'movieonrails.com'
,
'bestmoviehd.net'
,
'putmovies.info'
,
'awarefinance.com'
,
'shurll.com'
,
'acceptsearch.com'
,
'signforcover.com'
,
'raisengine.com'
,
'rocketcarrental.com'
,
'godsearchs.com'
,
'listenhanced.com'
,
'find24hs.com'
,
'findinform.com'
,
'sitesworlds.com'
,
'rocketcarrental.com'
,
'thedirsite.com'
,
'getboook.com'
,
'pokerarena88.com'
,
'aquamelia.com'
,
'beautyskintalks.com'
,
'getmooovie.com'
,
'getdriversss.com'
,
'getsoooft.com'
,
'getgamesss.com'
,
'abrts.pro'
,
'leadbit.biz'
,
'efght.pro'
,
'qyresearcheurope.com'
,
'plusfreemaxfr.com'
,
'getappmac.com'
,
'getharlemhealthy.org'
,
'goo.gl'
,
'getmooovie.com'
,
'marketreportscenter.com'
,
'getsooft.com'
,
'myowndom.ru'
,
'print-mgn.ru'
,
'wiki-data.ru'
,
'velobog.ru'
,
'mobisony.ru'
,
'dzeroki.ru'
,
'slimkor.ru'
,
'kak-brosit-kyrit.ru'
,
'jinyurl.com'
,
'urlin.us'
,
'capillus.com'
,
'siteprofissional.com'
,
'mitersawjudge.com'
,
'mohajreen-jeeda.com'
,
'jobberies.com'
,
'bestfilms.site'
,
'baystudios.ch'
,
'elvenarhack.bid'
,
'essencephskincare.com'
,
'blog2learn.com'
,
'superrugbyonline.net'
,
'superrugby18.livejournal.com'
,
'expertairco.com'
,
'draesthetica.co.uk'
,
'sphere.social'
,
'saveabookmarks.xyz'
,
'/t.co'
,
'samuelsconstruction.build'
,
'pmwares.com'
,
'watchesofwales.co.uk'
,
//'.ru',
'zotero.org'
,
'speakerdeck.com'
,
'freesiteslike.com'
,
'pusha.se'
,
'vrootdownload.org'
,
'rubberwebshop.nl'
,
'restaurerlecorps.info'
,
'discretthemes.info'
,
'bride-forever.com'
,
'simplesmetamorphoses.info'
,
'mp3gain.com'
,
'mp4gain.com'
,
'ttlink.com'
,
'onepost.cf'
,
'getmefunds.com'
,
'vikinail.pl'
,
'typesofbeauty.info'
,
'joie6portia93.bloglove.cc'
,
'htgtea.com'
,
'tblogz.com'
,
'liveinternet.ru'
,
'.diowebhost.com'
,
'/yoursite.com'
,
'reworkedgames.eu'
,
'mp3gain.sourceforge.net'
,
'pages10.com'
,
'nudegirIs.info'
,
'aidagirls.com'
,
'alsoloves.com'
,
'hotswishes.com'
,
'instaphoto.club'
,
'intimspace.com'
,
'pornopoisk.info'
,
'localmodels.online'
,
'kaikki-mallit.com'
,
'hotswishes.com'
,
];
}
This diff is collapsed.
Core/Security/Spam.php
View file @
4f014594
...
...
@@ -2,12 +2,9 @@
namespace
Minds\Core\Security
;
use
Minds\Core\Di\Di
;
use
Minds\Core\Events\Dispatcher
;
use
Minds\Core\Security\TwoFactor
;
use
Minds\Exceptions
;
use
Minds\Helpers\Text
;
use
Minds\Core\Config
;
use
Minds\Core\Security\ProhibitedDomains
;
class
Spam
{
...
...
@@ -15,14 +12,14 @@ class Spam
protected
$config
;
public
function
__construct
(
$
config
=
null
$
prohibitedDomains
=
null
)
{
$this
->
config
=
$config
?:
Di
::
_
()
->
get
(
'Config'
);
$this
->
prohibitedDomains
=
$prohibitedDomains
??
new
ProhibitedDomains
(
);
}
public
function
check
(
$entity
)
{
$prohibitedDomains
=
$this
->
config
->
get
(
'prohibited_domains'
);
$prohibitedDomains
=
$this
->
prohibitedDomains
->
get
(
);
$foundSpam
=
false
;
switch
(
$entity
->
getType
())
{
...
...
This diff is collapsed.
Spec/Core/Security/SpamSpec.php
View file @
4f014594
...
...
@@ -10,6 +10,7 @@ use Minds\Core\Comments\Comment;
use
Minds\Entities\User
;
use
Minds\Entities\Group
;
use
Minds\Entities\Entity
;
use
Minds\Core\Security\ProhibitedDomains
;
class
SpamSpec
extends
ObjectBehavior
{
...
...
@@ -18,13 +19,16 @@ class SpamSpec extends ObjectBehavior
$this
->
shouldHaveType
(
'Minds\Core\Security\Spam'
);
}
public
function
it_should_detect_spam_in_a_blog
(
Blog
$blog
,
Config
$config
)
public
function
it_should_detect_spam_in_a_blog
(
Blog
$blog
,
ProhibitedDomains
$prohibitedDomains
)
{
$
config
->
get
(
'prohibited_domains'
)
$
prohibitedDomains
->
get
(
)
->
shouldBeCalled
()
->
willReturn
([
'bit.ly'
]);
$this
->
beConstructedWith
(
$
config
);
$this
->
beConstructedWith
(
$
prohibitedDomains
);
$blog
->
getBody
()
->
shouldBeCalled
()
->
willReturn
(
'test bit.ly test'
);
$blog
->
getType
()
->
shouldBeCalled
()
->
willReturn
(
'object'
);
...
...
@@ -34,13 +38,16 @@ class SpamSpec extends ObjectBehavior
->
duringCheck
(
$blog
);
}
public
function
it_should_detect_spam_in_a_comment
(
Comment
$comment
,
Config
$config
)
public
function
it_should_detect_spam_in_a_comment
(
Comment
$comment
,
ProhibitedDomains
$prohibitedDomains
)
{
$
config
->
get
(
'prohibited_domains'
)
$
prohibitedDomains
->
get
(
)
->
shouldBeCalled
()
->
willReturn
([
'bit.ly'
]);
$this
->
beConstructedWith
(
$
config
);
$this
->
beConstructedWith
(
$
prohibitedDomains
);
$comment
=
new
Comment
();
$comment
->
setBody
(
'test bit.ly test'
);
...
...
@@ -50,13 +57,16 @@ class SpamSpec extends ObjectBehavior
->
duringCheck
(
$comment
);
}
public
function
it_should_detect_spam_in_a_user
(
User
$user
,
Config
$config
)
public
function
it_should_detect_spam_in_a_user
(
User
$user
,
ProhibitedDomains
$prohibitedDomains
)
{
$
config
->
get
(
'prohibited_domains'
)
$
prohibitedDomains
->
get
(
)
->
shouldBeCalled
()
->
willReturn
([
'bit.ly'
]);
$this
->
beConstructedWith
(
$
config
);
$this
->
beConstructedWith
(
$
prohibitedDomains
);
$user
=
new
User
(
'123'
);
$user
[
'briefdescription'
]
=
'test bit.ly test'
;
...
...
@@ -66,13 +76,16 @@ class SpamSpec extends ObjectBehavior
->
duringCheck
(
$user
);
}
public
function
it_should_detect_spam_in_a_group
(
Group
$group
,
Config
$config
)
public
function
it_should_detect_spam_in_a_group
(
Group
$group
,
ProhibitedDomains
$prohibitedDomains
)
{
$
config
->
get
(
'prohibited_domains'
)
$
prohibitedDomains
->
get
(
)
->
shouldBeCalled
()
->
willReturn
([
'bit.ly'
]);
$this
->
beConstructedWith
(
$
config
);
$this
->
beConstructedWith
(
$
prohibitedDomains
);
$group
=
new
Group
();
$group
->
setBriefdescription
(
'test bit.ly test'
);
...
...
@@ -82,13 +95,16 @@ class SpamSpec extends ObjectBehavior
->
duringCheck
(
$group
);
}
public
function
it_should_detect_NO_spam_in_a_blog
(
Blog
$blog
,
Config
$config
)
public
function
it_should_detect_NO_spam_in_a_blog
(
Blog
$blog
,
ProhibitedDomains
$prohibitedDomains
)
{
$
config
->
get
(
'prohibited_domains'
)
$
prohibitedDomains
->
get
(
)
->
shouldBeCalled
()
->
willReturn
([
'bit.ly'
]);
$this
->
beConstructedWith
(
$
config
);
$this
->
beConstructedWith
(
$
prohibitedDomains
);
$blog
->
getBody
()
->
shouldBeCalled
()
->
willReturn
(
'test bit.nospam test'
);
$blog
->
getType
()
->
shouldBeCalled
()
->
willReturn
(
'object'
);
...
...
@@ -97,13 +113,16 @@ class SpamSpec extends ObjectBehavior
$this
->
check
(
$blog
)
->
shouldReturn
(
false
);
}
public
function
it_should_detect_NO_spam_in_a_comment
(
Comment
$comment
,
Config
$config
)
public
function
it_should_detect_NO_spam_in_a_comment
(
Comment
$comment
,
ProhibitedDomains
$prohibitedDomains
)
{
$
config
->
get
(
'prohibited_domains'
)
$
prohibitedDomains
->
get
(
)
->
shouldBeCalled
()
->
willReturn
([
'bit.ly'
]);
$this
->
beConstructedWith
(
$
config
);
$this
->
beConstructedWith
(
$
prohibitedDomains
);
$comment
=
new
Comment
();
$comment
->
setBody
(
'test bit.nospam test'
);
...
...
@@ -112,13 +131,16 @@ class SpamSpec extends ObjectBehavior
$this
->
check
(
$comment
)
->
shouldReturn
(
false
);
}
public
function
it_should_detect_NO_spam_in_a_user
(
User
$user
,
Config
$config
)
public
function
it_should_detect_NO_spam_in_a_user
(
User
$user
,
ProhibitedDomains
$prohibitedDomains
)
{
$
config
->
get
(
'prohibited_domains'
)
$
prohibitedDomains
->
get
(
)
->
shouldBeCalled
()
->
willReturn
([
'bit.ly'
]);
$this
->
beConstructedWith
(
$
config
);
$this
->
beConstructedWith
(
$
prohibitedDomains
);
$user
=
new
User
(
'123'
);
$user
[
'briefdescription'
]
=
'test bit.nospam test'
;
...
...
@@ -127,13 +149,16 @@ class SpamSpec extends ObjectBehavior
$this
->
check
(
$user
)
->
shouldReturn
(
false
);
}
public
function
it_should_detect_NO_spam_in_a_group
(
Group
$group
,
Config
$config
)
public
function
it_should_detect_NO_spam_in_a_group
(
Group
$group
,
ProhibitedDomains
$prohibitedDomains
)
{
$
config
->
get
(
'prohibited_domains'
)
$
prohibitedDomains
->
get
(
)
->
shouldBeCalled
()
->
willReturn
([
'bit.ly'
]);
$this
->
beConstructedWith
(
$
config
);
$this
->
beConstructedWith
(
$
prohibitedDomains
);
$group
=
new
Group
();
$group
->
setBriefdescription
(
'test bit.nospam test'
);
...
...
This diff is collapsed.
settings.example.php
View file @
4f014594
This diff is collapsed.
Click to expand it.