diff options
Diffstat (limited to 'lib/Connector/Sabre/RequestPlugin.php')
-rw-r--r-- | lib/Connector/Sabre/RequestPlugin.php | 192 |
1 files changed, 192 insertions, 0 deletions
diff --git a/lib/Connector/Sabre/RequestPlugin.php b/lib/Connector/Sabre/RequestPlugin.php new file mode 100644 index 0000000..e4cc918 --- /dev/null +++ b/lib/Connector/Sabre/RequestPlugin.php @@ -0,0 +1,192 @@ +<?php + +/** + * @copyright Copyright (c) 2018 Matthias Held <matthias.held@uni-konstanz.de> + * @author Matthias Held <matthias.held@uni-konstanz.de> + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <https://www.gnu.org/licenses/>. + */ + +namespace OCA\RansomwareDetection\Connector\Sabre; + +use OCA\RansomwareDetection\Classifier; +use OCA\RansomwareDetection\AppInfo\Application; +use OCA\RansomwareDetection\Analyzer\SequenceAnalyzer; +use OCA\RansomwareDetection\Service\FileOperationService; +use OCP\Notification\IManager; +use OCP\IUserSession; +use OCP\ISession; +use OCP\ILogger; +use OCP\IConfig; +use Sabre\DAV\Server; +use Sabre\DAV\ServerPlugin; +use Sabre\HTTP\RequestInterface; +use Sabre\HTTP\ResponseInterface; + +class RequestPlugin extends ServerPlugin +{ + /** @var Server */ + protected $server; + + /** @var ILogger */ + protected $logger; + + /** @var IConfig */ + protected $config; + + /** @var IUserSession */ + protected $userSession; + + /** @var ISession */ + protected $session; + + /** @var FileOperationService */ + protected $service; + + /** @var IManager */ + protected $notifications; + + /** @var Classifier */ + protected $classifier; + + /** @var SequenceAnalyzer */ + protected $sequenceAnalyzer; + + const PROPFIND_COUNT = 6; + + /** + * @param ILogger $logger + * @param IConfig $config + * @param IUserSession $userSession + * @param ISession $session + * @param FileOperationService $service + * @param IManager $notifications + * @param Classifier $classifer + * @param SequenceAnalyzer $sequenceAnalyzer + */ + public function __construct( + ILogger $logger, + IConfig $config, + IUserSession $userSession, + ISession $session, + FileOperationService $service, + IManager $notifications, + Classifier $classifier, + SequenceAnalyzer $sequenceAnalyzer + ) { + $this->logger = $logger; + $this->config = $config; + $this->userSession = $userSession; + $this->session = $session; + $this->service = $service; + $this->notifications = $notifications; + $this->classifier = $classifier; + $this->sequenceAnalyzer = $sequenceAnalyzer; + } + + public function initialize(Server $server) + { + $this->server = $server; + $server->on('method:PROPFIND', [$this, 'beforeHttpPropFind'], 100); + $server->on('method:PUT', [$this, 'beforeHttpPut'], 100); + $server->on('method:DELETE', [$this, 'beforeHttpDelete'], 100); + $server->on('method:GET', [$this, 'beforeHttpGet'], 100); + $server->on('method:POST', [$this, 'beforeHttpPost'], 100); + } + + public function beforeHttpPropFind(RequestInterface $request, ResponseInterface $response) + { + $propfindCount = $this->config->getUserValue($this->userSession->getUser()->getUID(), Application::APP_ID, 'propfind_count:'.$this->session->getId(), 0); + if ($propfindCount + 1 < self::PROPFIND_COUNT) { + // less than PROPFIND_COUNT + 1 PROPFIND requests + $this->config->setUserValue($this->userSession->getUser()->getUID(), Application::APP_ID, 'propfind_count:'.$this->session->getId(), $propfindCount + 1); + } else { + // more than PROPFIND_COUNT PROPFIND requests and no file is uploading + $sequenceId = $this->config->getUserValue($this->userSession->getUser()->getUID(), Application::APP_ID, 'sequence_id', 0); + $sequence = $this->service->findSequenceById([$sequenceId]); + if (sizeof($sequence) > 0) { + // get old sequence id + // start a new sequence by increasing the sequence id + $this->config->setUserValue($this->userSession->getUser()->getUID(), Application::APP_ID, 'sequence_id', $sequenceId + 1); + $this->config->setUserValue($this->userSession->getUser()->getUID(), Application::APP_ID, 'propfind_count:'.$this->session->getId(), 0); + $this->classifySequence($sequence); + } + } + } + + public function beforeHttpPut(RequestInterface $request, ResponseInterface $response) + { + // extend if necessary + } + + public function beforeHttpDelete(RequestInterface $request, ResponseInterface $response) + { + // extend if necessary + } + + public function beforeHttpGet(RequestInterface $request, ResponseInterface $response) + { + // extend if necessary + } + + public function beforeHttpPost(RequestInterface $request, ResponseInterface $response) + { + // extend if necessary + } + + /** + * Triggers a notification. + */ + private function triggerNotification($notification) + { + $notification->setApp(Application::APP_ID); + $notification->setDateTime(new \DateTime()); + $notification->setObject('ransomware', 'ransomware'); + $notification->setSubject('ransomware_attack_detected', []); + $notification->setUser($this->userSession->getUser()->getUID()); + + $this->notifications->notify($notification); + } + + /** + * Classify sequence and if suspicion level is reached + * trigger a notification. + * + * @param array $sequence + */ + private function classifySequence($sequence) + { + $sequenceSuspicionLevel = $this->config->getAppValue(Application::APP_ID, 'suspicionLevel', 3); + + foreach ($sequence as $file) { + $this->classifier->classifyFile($file); + } + + // sequence suspicion level + if ($sequenceSuspicionLevel == 1) { + $level = 3; + } elseif ($sequenceSuspicionLevel == 2) { + $level = 5; + } elseif ($sequenceSuspicionLevel == 3) { + $level = 6; + } + + // sequence id is irrelevant so we use 0 + $sequenceResult = $this->sequenceAnalyzer->analyze(0, $sequence); + if ($sequenceResult->getSuspicionScore() >= $level) { + $this->triggerNotification($this->notifications->createNotification()); + } + } +} |