Michael Schiemer
9b74ade5b0
Resolved multiple critical discovery system issues: ## Discovery System Fixes - Fixed console commands not being discovered on first run - Implemented fallback discovery for empty caches - Added context-aware caching with separate cache keys - Fixed object serialization preventing __PHP_Incomplete_Class ## Cache System Improvements - Smart caching that only caches meaningful results - Separate caches for different execution contexts (console, web, test) - Proper array serialization/deserialization for cache compatibility - Cache hit logging for debugging and monitoring ## Object Serialization Fixes - Fixed DiscoveredAttribute serialization with proper string conversion - Sanitized additional data to prevent object reference issues - Added fallback for corrupted cache entries ## Performance & Reliability - All 69 console commands properly discovered and cached - 534 total discovery items successfully cached and restored - No more __PHP_Incomplete_Class cache corruption - Improved error handling and graceful fallbacks ## Testing & Quality - Fixed code style issues across discovery components - Enhanced logging for better debugging capabilities - Improved cache validation and error recovery Ready for production deployment with stable discovery system. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
62 lines
1.7 KiB
PHP
62 lines
1.7 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
namespace App\Application\Security\Events\Input;
|
|
|
|
use App\Application\Security\{OWASPSecurityEvent};
|
|
use App\Application\Security\ValueObjects\{MaskedEmail, OWASPEventIdentifier, OWASPLogLevel};
|
|
|
|
final class XssAttemptEvent implements OWASPSecurityEvent
|
|
{
|
|
private ?MaskedEmail $maskedEmail;
|
|
|
|
public function __construct(
|
|
public readonly string $attackPayload,
|
|
public readonly string $targetField,
|
|
public readonly string $xssType,
|
|
public readonly ?string $email = null
|
|
) {
|
|
$this->maskedEmail = $this->email ? MaskedEmail::fromString($this->email) : null;
|
|
}
|
|
|
|
public function getOWASPEventIdentifier(): OWASPEventIdentifier
|
|
{
|
|
return OWASPEventIdentifier::maliciousInput('xss_attempt');
|
|
}
|
|
|
|
public function getOWASPLogLevel(): OWASPLogLevel
|
|
{
|
|
return OWASPLogLevel::ERROR;
|
|
}
|
|
|
|
public function getDescription(): string
|
|
{
|
|
return "XSS attempt detected: {$this->xssType}";
|
|
}
|
|
|
|
/**
|
|
* @return array<string, mixed>
|
|
*/
|
|
public function getEventData(): array
|
|
{
|
|
return [
|
|
'attack_payload' => $this->sanitizePayload($this->attackPayload),
|
|
'target_field' => $this->targetField,
|
|
'xss_type' => $this->xssType,
|
|
'username' => $this->maskedEmail?->toString() ?? 'anonymous',
|
|
];
|
|
}
|
|
|
|
public function getMaskedEmail(): ?MaskedEmail
|
|
{
|
|
return $this->maskedEmail;
|
|
}
|
|
|
|
private function sanitizePayload(string $payload): string
|
|
{
|
|
// HTML-Tags entfernen aber Struktur beibehalten für Analyse
|
|
return substr(htmlspecialchars($payload, ENT_QUOTES, 'UTF-8'), 0, 200);
|
|
}
|
|
}
|