feat(cloudron): add tirreno package artifacts
- Add CloudronStack/output/CloudronPackages-Artifacts/tirreno/ directory and its contents - Includes package manifest, Dockerfile, source code, documentation, and build artifacts - Add tirreno-1761840148.tar.gz as a build artifact - Add tirreno-cloudron-package-1761841304.tar.gz as the Cloudron package - Include all necessary files for the tirreno Cloudron package This adds the complete tirreno Cloudron package artifacts to the repository.
This commit is contained in:
@@ -0,0 +1,45 @@
|
||||
<?php
|
||||
|
||||
namespace Controllers\Admin\Rules\Set;
|
||||
|
||||
class A01 extends BaseRule {
|
||||
public const NAME = 'Multiple login fail';
|
||||
public const DESCRIPTION = 'User failed to login multiple times in a short term, which can be a sign of account takeover.';
|
||||
public const ATTRIBUTES = [];
|
||||
|
||||
protected function prepareParams(array $params): array {
|
||||
$maximumAttempts = \Utils\Constants::get('RULE_MAXIMUM_NUMBER_OF_LOGIN_ATTEMPTS');
|
||||
$loginFail = \Utils\Constants::get('ACCOUNT_LOGIN_FAIL_EVENT_TYPE_ID');
|
||||
$windowSize = \Utils\Constants::get('RULE_LOGIN_ATTEMPTS_WINDOW');
|
||||
$tooManyLoginAttempts = false;
|
||||
$cnt = 0;
|
||||
$start = 0;
|
||||
$iters = count($params['event_type']);
|
||||
|
||||
for ($end = 0; $end < $iters; ++$end) {
|
||||
if ($params['event_type'][$end] === $loginFail) {
|
||||
++$cnt;
|
||||
}
|
||||
if ($end >= $windowSize - 1) {
|
||||
if ($cnt > $maximumAttempts) {
|
||||
$tooManyLoginAttempts = true;
|
||||
break;
|
||||
}
|
||||
if ($params['event_type'][$start] === $loginFail) {
|
||||
--$cnt;
|
||||
}
|
||||
++$start;
|
||||
}
|
||||
}
|
||||
|
||||
$params['event_many_failed_login_attempts'] = $tooManyLoginAttempts;
|
||||
|
||||
return $params;
|
||||
}
|
||||
|
||||
protected function defineCondition() {
|
||||
return $this->rb->logicalAnd(
|
||||
$this->rb['event_many_failed_login_attempts']->equalTo(true),
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,31 @@
|
||||
<?php
|
||||
|
||||
namespace Controllers\Admin\Rules\Set;
|
||||
|
||||
class A02 extends BaseRule {
|
||||
public const NAME = 'Login failed on new device';
|
||||
public const DESCRIPTION = 'User failed to login with new device, which can be a sign of account takeover.';
|
||||
public const ATTRIBUTES = [];
|
||||
|
||||
protected function prepareParams(array $params): array {
|
||||
$suspiciousLoginFailed = false;
|
||||
$loginFail = \Utils\Constants::get('ACCOUNT_LOGIN_FAIL_EVENT_TYPE_ID');
|
||||
|
||||
foreach ($params['event_type'] as $idx => $event) {
|
||||
if ($event === $loginFail && \Utils\Rules::eventDeviceIsNew($params, $idx)) {
|
||||
$suspiciousLoginFailed = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
$params['event_failed_login_on_new_device'] = $suspiciousLoginFailed;
|
||||
|
||||
return $params;
|
||||
}
|
||||
|
||||
protected function defineCondition() {
|
||||
return $this->rb->logicalAnd(
|
||||
$this->rb['event_failed_login_on_new_device']->equalTo(true),
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,31 @@
|
||||
<?php
|
||||
|
||||
namespace Controllers\Admin\Rules\Set;
|
||||
|
||||
class A03 extends BaseRule {
|
||||
public const NAME = 'New device and new country';
|
||||
public const DESCRIPTION = 'User logged in with new device from new location, which can be a sign of account takeover.';
|
||||
public const ATTRIBUTES = ['ip'];
|
||||
|
||||
protected function prepareParams(array $params): array {
|
||||
$eventNewDeviceNewCountry = false;
|
||||
if ($params['eup_device_count'] > 1 && count(array_unique($params['eip_country_id'])) > 1) {
|
||||
foreach (array_keys($params['event_device']) as $idx) {
|
||||
if (\Utils\Rules::eventDeviceIsNew($params, $idx) && \Utils\Rules::countryIsNewByIpId($params, $params['event_ip'][$idx])) {
|
||||
$eventNewDeviceNewCountry = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
$params['event_new_device_and_new_country'] = $eventNewDeviceNewCountry;
|
||||
|
||||
return $params;
|
||||
}
|
||||
|
||||
protected function defineCondition() {
|
||||
return $this->rb->logicalAnd(
|
||||
$this->rb['event_new_device_and_new_country']->equalTo(true),
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,31 @@
|
||||
<?php
|
||||
|
||||
namespace Controllers\Admin\Rules\Set;
|
||||
|
||||
class A04 extends BaseRule {
|
||||
public const NAME = 'New device and new subnet';
|
||||
public const DESCRIPTION = 'User logged in with new device from new subnet, which can be a sign of account takeover.';
|
||||
public const ATTRIBUTES = ['ip'];
|
||||
|
||||
protected function prepareParams(array $params): array {
|
||||
$eventNewDeviceNewCidr = false;
|
||||
if ($params['eup_device_count'] > 1 && $params['eip_unique_cidrs'] > 1) {
|
||||
foreach (array_keys($params['event_device']) as $idx) {
|
||||
if (\Utils\Rules::eventDeviceIsNew($params, $idx) && \Utils\Rules::cidrIsNewByIpId($params, $params['event_ip'][$idx])) {
|
||||
$eventNewDeviceNewCidr = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
$params['event_new_device_and_new_cidr'] = $eventNewDeviceNewCidr;
|
||||
|
||||
return $params;
|
||||
}
|
||||
|
||||
protected function defineCondition() {
|
||||
return $this->rb->logicalAnd(
|
||||
$this->rb['event_new_device_and_new_cidr']->equalTo(true),
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,33 @@
|
||||
<?php
|
||||
|
||||
namespace Controllers\Admin\Rules\Set;
|
||||
|
||||
class A05 extends BaseRule {
|
||||
public const NAME = 'Password change on new device';
|
||||
public const DESCRIPTION = 'User changed their password on new device, which can be a sign of account takeover.';
|
||||
public const ATTRIBUTES = [];
|
||||
|
||||
protected function prepareParams(array $params): array {
|
||||
$passwordChangeOnNewDevice = false;
|
||||
$passwordChange = \Utils\Constants::get('ACCOUNT_PASSWORD_CHANGE_EVENT_TYPE_ID');
|
||||
|
||||
if ($params['eup_device_count'] > 1) {
|
||||
foreach (array_keys($params['event_device']) as $idx) {
|
||||
if ($params['event_type'][$idx] === $passwordChange && \Utils\Rules::eventDeviceIsNew($params, $idx)) {
|
||||
$passwordChangeOnNewDevice = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
$params['event_password_change_on_new_device'] = $passwordChangeOnNewDevice;
|
||||
|
||||
return $params;
|
||||
}
|
||||
|
||||
protected function defineCondition() {
|
||||
return $this->rb->logicalAnd(
|
||||
$this->rb['event_password_change_on_new_device']->equalTo(true),
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,35 @@
|
||||
<?php
|
||||
|
||||
namespace Controllers\Admin\Rules\Set;
|
||||
|
||||
class A06 extends BaseRule {
|
||||
public const NAME = 'Password change in new country';
|
||||
public const DESCRIPTION = 'User changed their password in new country, which can be a sign of account takeover.';
|
||||
public const ATTRIBUTES = ['ip'];
|
||||
|
||||
protected function prepareParams(array $params): array {
|
||||
$pwdChangeInNewCountry = false;
|
||||
$pwdChange = \Utils\Constants::get('ACCOUNT_PASSWORD_CHANGE_EVENT_TYPE_ID');
|
||||
|
||||
if (count(array_unique($params['eip_country_id'])) > 1) {
|
||||
foreach ($params['event_type'] as $idx => $event) {
|
||||
if ($event === $pwdChange) {
|
||||
if (\Utils\Rules::countryIsNewByIpId($params, $params['event_ip'][$idx])) {
|
||||
$pwdChangeInNewCountry = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
$params['event_password_change_in_new_country'] = $pwdChangeInNewCountry;
|
||||
|
||||
return $params;
|
||||
}
|
||||
|
||||
protected function defineCondition() {
|
||||
return $this->rb->logicalAnd(
|
||||
$this->rb['event_password_change_in_new_country']->equalTo(true),
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,33 @@
|
||||
<?php
|
||||
|
||||
namespace Controllers\Admin\Rules\Set;
|
||||
|
||||
class A07 extends BaseRule {
|
||||
public const NAME = 'Password change in new subnet';
|
||||
public const DESCRIPTION = 'User changed their password in new subnet, which can be a sign of account takeover.';
|
||||
public const ATTRIBUTES = ['ip'];
|
||||
|
||||
protected function prepareParams(array $params): array {
|
||||
$passwordChangeInNewCidr = false;
|
||||
$passwordChange = \Utils\Constants::get('ACCOUNT_PASSWORD_CHANGE_EVENT_TYPE_ID');
|
||||
|
||||
if ($params['eip_unique_cidrs'] > 1) {
|
||||
foreach ($params['event_type'] as $idx => $event) {
|
||||
if ($event === $passwordChange && \Utils\Rules::cidrIsNewByIpId($params, $params['event_ip'][$idx])) {
|
||||
$passwordChangeInNewCidr = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
$params['event_password_change_in_new_cidr'] = $passwordChangeInNewCidr;
|
||||
|
||||
return $params;
|
||||
}
|
||||
|
||||
protected function defineCondition() {
|
||||
return $this->rb->logicalAnd(
|
||||
$this->rb['event_password_change_in_new_cidr']->equalTo(true),
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,42 @@
|
||||
<?php
|
||||
|
||||
namespace Controllers\Admin\Rules\Set;
|
||||
|
||||
class A08 extends BaseRule {
|
||||
public const NAME = 'Browser language changed';
|
||||
public const DESCRIPTION = 'User accessed the account with new browser language, which can be a sign of account takeover.';
|
||||
public const ATTRIBUTES = [];
|
||||
|
||||
protected function prepareParams(array $params): array {
|
||||
$newBrowserLanguage = false;
|
||||
// $item ?? '' because `lang` can be null, which we should process as an empty string
|
||||
$langs = array_map(function ($item) {
|
||||
return strtoupper(explode('-', preg_replace('/;.*$/', '', trim(explode(',', $item ?? '')[0])))[0]);
|
||||
}, $params['eup_lang']);
|
||||
|
||||
$langCount = array_count_values($langs);
|
||||
|
||||
if ($params['eup_device_count'] > 1 && count($langCount) > 1) {
|
||||
foreach ($params['event_device'] as $idx => $deviceId) {
|
||||
if (\Utils\Rules::eventDeviceIsNew($params, $idx)) {
|
||||
$innerId = array_search($deviceId, $params['eup_device_id']);
|
||||
$lang = strtoupper(explode('-', preg_replace('/;.*$/', '', trim(explode(',', $params['eup_lang'][$innerId] ?? '')[0])))[0]);
|
||||
if ($langCount[$lang] === 1) {
|
||||
$newBrowserLanguage = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
$params['event_new_browser_language'] = $newBrowserLanguage;
|
||||
|
||||
return $params;
|
||||
}
|
||||
|
||||
protected function defineCondition() {
|
||||
return $this->rb->logicalAnd(
|
||||
$this->rb['event_new_browser_language']->equalTo(true),
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,15 @@
|
||||
<?php
|
||||
|
||||
namespace Controllers\Admin\Rules\Set;
|
||||
|
||||
class B01 extends BaseRule {
|
||||
public const NAME = 'Multiple countries';
|
||||
public const DESCRIPTION = 'IP addresses are located in diverse countries, which is a rare behaviour for regular users.';
|
||||
public const ATTRIBUTES = ['ip'];
|
||||
|
||||
protected function defineCondition() {
|
||||
return $this->rb->logicalAnd(
|
||||
$this->rb['ea_total_country']->greaterThan(3),
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,15 @@
|
||||
<?php
|
||||
|
||||
namespace Controllers\Admin\Rules\Set;
|
||||
|
||||
class B02 extends BaseRule {
|
||||
public const NAME = 'User has changed a password';
|
||||
public const DESCRIPTION = 'The user has changed their password.';
|
||||
public const ATTRIBUTES = [];
|
||||
|
||||
protected function defineCondition() {
|
||||
return $this->rb->logicalAnd(
|
||||
$this->rb['event_password_changed']->equalTo(true),
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,15 @@
|
||||
<?php
|
||||
|
||||
namespace Controllers\Admin\Rules\Set;
|
||||
|
||||
class B03 extends BaseRule {
|
||||
public const NAME = 'User has changed an email';
|
||||
public const DESCRIPTION = 'The user has changed their email.';
|
||||
public const ATTRIBUTES = [];
|
||||
|
||||
protected function defineCondition() {
|
||||
return $this->rb->logicalAnd(
|
||||
$this->rb['event_email_changed']->equalTo(true),
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,15 @@
|
||||
<?php
|
||||
|
||||
namespace Controllers\Admin\Rules\Set;
|
||||
|
||||
class B04 extends BaseRule {
|
||||
public const NAME = 'Multiple 5xx errors';
|
||||
public const DESCRIPTION = 'The user made multiple requests which evoked internal server error.';
|
||||
public const ATTRIBUTES = [];
|
||||
|
||||
protected function defineCondition() {
|
||||
return $this->rb->logicalAnd(
|
||||
$this->rb['event_multiple_5xx_http']->greaterThan(\Utils\Constants::get('RULE_MAXIMUM_NUMBER_OF_500_CODES')),
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,15 @@
|
||||
<?php
|
||||
|
||||
namespace Controllers\Admin\Rules\Set;
|
||||
|
||||
class B05 extends BaseRule {
|
||||
public const NAME = 'Multiple 4xx errors';
|
||||
public const DESCRIPTION = 'The user made multiple requests which cannot be fulfilled.';
|
||||
public const ATTRIBUTES = [];
|
||||
|
||||
protected function defineCondition() {
|
||||
return $this->rb->logicalAnd(
|
||||
$this->rb['event_multiple_4xx_http']->greaterThanOrEqualTo(\Utils\Constants::get('RULE_MAXIMUM_NUMBER_OF_404_CODES')),
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,15 @@
|
||||
<?php
|
||||
|
||||
namespace Controllers\Admin\Rules\Set;
|
||||
|
||||
class B06 extends BaseRule {
|
||||
public const NAME = 'Potentially vulnerable URL';
|
||||
public const DESCRIPTION = 'The user made a request to suspicious URL.';
|
||||
public const ATTRIBUTES = [];
|
||||
|
||||
protected function defineCondition() {
|
||||
return $this->rb->logicalAnd(
|
||||
$this->rb['event_vulnerable_url']->equalTo(true),
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,15 @@
|
||||
<?php
|
||||
|
||||
namespace Controllers\Admin\Rules\Set;
|
||||
|
||||
class B07 extends BaseRule {
|
||||
public const NAME = 'User\'s full name contains digits';
|
||||
public const DESCRIPTION = 'Full name contains digits, which is a rare behaviour for regular users.';
|
||||
public const ATTRIBUTES = [];
|
||||
|
||||
protected function defineCondition() {
|
||||
return $this->rb->logicalAnd(
|
||||
$this->rb['ea_fullname_has_numbers']->equalTo(true),
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,15 @@
|
||||
<?php
|
||||
|
||||
namespace Controllers\Admin\Rules\Set;
|
||||
|
||||
class B08 extends BaseRule {
|
||||
public const NAME = 'Dormant account (30 days)';
|
||||
public const DESCRIPTION = 'The account has been inactive for 30 days.';
|
||||
public const ATTRIBUTES = [];
|
||||
|
||||
protected function defineCondition() {
|
||||
return $this->rb->logicalAnd(
|
||||
$this->rb['ea_days_since_last_visit']->greaterThan(30),
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,15 @@
|
||||
<?php
|
||||
|
||||
namespace Controllers\Admin\Rules\Set;
|
||||
|
||||
class B09 extends BaseRule {
|
||||
public const NAME = 'Dormant account (90 days)';
|
||||
public const DESCRIPTION = 'The account has been inactive for 90 days.';
|
||||
public const ATTRIBUTES = [];
|
||||
|
||||
protected function defineCondition() {
|
||||
return $this->rb->logicalAnd(
|
||||
$this->rb['ea_days_since_last_visit']->greaterThan(90),
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,15 @@
|
||||
<?php
|
||||
|
||||
namespace Controllers\Admin\Rules\Set;
|
||||
|
||||
class B10 extends BaseRule {
|
||||
public const NAME = 'Dormant account (1 year)';
|
||||
public const DESCRIPTION = 'The account has been inactive for a year.';
|
||||
public const ATTRIBUTES = [];
|
||||
|
||||
protected function defineCondition() {
|
||||
return $this->rb->logicalAnd(
|
||||
$this->rb['ea_days_since_last_visit']->greaterThan(365),
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,16 @@
|
||||
<?php
|
||||
|
||||
namespace Controllers\Admin\Rules\Set;
|
||||
|
||||
class B11 extends BaseRule {
|
||||
public const NAME = 'New account (1 day)';
|
||||
public const DESCRIPTION = 'The account has been created today.';
|
||||
public const ATTRIBUTES = [];
|
||||
|
||||
protected function defineCondition() {
|
||||
return $this->rb->logicalAnd(
|
||||
$this->rb['ea_days_since_account_creation']->notEqualTo(-1),
|
||||
$this->rb['ea_days_since_account_creation']->lessThan(1),
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,17 @@
|
||||
<?php
|
||||
|
||||
namespace Controllers\Admin\Rules\Set;
|
||||
|
||||
class B12 extends BaseRule {
|
||||
public const NAME = 'New account (1 week)';
|
||||
public const DESCRIPTION = 'The account has been created this week.';
|
||||
public const ATTRIBUTES = [];
|
||||
|
||||
protected function defineCondition() {
|
||||
return $this->rb->logicalAnd(
|
||||
$this->rb['ea_days_since_account_creation']->notEqualTo(-1),
|
||||
$this->rb['ea_days_since_account_creation']->lessThan(7),
|
||||
$this->rb['ea_days_since_account_creation']->greaterThanOrEqualTo(1),
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,17 @@
|
||||
<?php
|
||||
|
||||
namespace Controllers\Admin\Rules\Set;
|
||||
|
||||
class B13 extends BaseRule {
|
||||
public const NAME = 'New account (1 month)';
|
||||
public const DESCRIPTION = 'The account has been created this month.';
|
||||
public const ATTRIBUTES = [];
|
||||
|
||||
protected function defineCondition() {
|
||||
return $this->rb->logicalAnd(
|
||||
$this->rb['ea_days_since_account_creation']->notEqualTo(-1),
|
||||
$this->rb['ea_days_since_account_creation']->lessThan(30),
|
||||
$this->rb['ea_days_since_account_creation']->greaterThanOrEqualTo(7),
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,17 @@
|
||||
<?php
|
||||
|
||||
namespace Controllers\Admin\Rules\Set;
|
||||
|
||||
class B14 extends BaseRule {
|
||||
public const NAME = 'Aged account (>30 days)';
|
||||
public const DESCRIPTION = 'The account has been created over 30 days ago.';
|
||||
public const ATTRIBUTES = [];
|
||||
|
||||
protected function defineCondition() {
|
||||
return $this->rb->logicalAnd(
|
||||
$this->rb['ea_days_since_account_creation']->notEqualTo(-1),
|
||||
$this->rb['ea_days_since_account_creation']->lessThan(90),
|
||||
$this->rb['ea_days_since_account_creation']->greaterThanOrEqualTo(30),
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,17 @@
|
||||
<?php
|
||||
|
||||
namespace Controllers\Admin\Rules\Set;
|
||||
|
||||
class B15 extends BaseRule {
|
||||
public const NAME = 'Aged account (>90 days)';
|
||||
public const DESCRIPTION = 'The account has been created over 90 days ago.';
|
||||
public const ATTRIBUTES = [];
|
||||
|
||||
protected function defineCondition() {
|
||||
return $this->rb->logicalAnd(
|
||||
$this->rb['ea_days_since_account_creation']->notEqualTo(-1),
|
||||
$this->rb['ea_days_since_account_creation']->lessThan(180),
|
||||
$this->rb['ea_days_since_account_creation']->greaterThanOrEqualTo(90),
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,16 @@
|
||||
<?php
|
||||
|
||||
namespace Controllers\Admin\Rules\Set;
|
||||
|
||||
class B16 extends BaseRule {
|
||||
public const NAME = 'Aged account (>180 days)';
|
||||
public const DESCRIPTION = 'The account has been created over 180 days ago.';
|
||||
public const ATTRIBUTES = [];
|
||||
|
||||
protected function defineCondition() {
|
||||
return $this->rb->logicalAnd(
|
||||
$this->rb['ea_days_since_account_creation']->notEqualTo(-1),
|
||||
$this->rb['ea_days_since_account_creation']->greaterThanOrEqualTo(180),
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,15 @@
|
||||
<?php
|
||||
|
||||
namespace Controllers\Admin\Rules\Set;
|
||||
|
||||
class B17 extends BaseRule {
|
||||
public const NAME = 'Single country';
|
||||
public const DESCRIPTION = 'IP addresses are located in a single country.';
|
||||
public const ATTRIBUTES = ['ip'];
|
||||
|
||||
protected function defineCondition() {
|
||||
return $this->rb->logicalAnd(
|
||||
$this->rb['ea_total_country']->equalTo(1),
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,15 @@
|
||||
<?php
|
||||
|
||||
namespace Controllers\Admin\Rules\Set;
|
||||
|
||||
class B18 extends BaseRule {
|
||||
public const NAME = 'HEAD request';
|
||||
public const DESCRIPTION = 'HTTP request HEAD method is oftenly used by bots.';
|
||||
public const ATTRIBUTES = [];
|
||||
|
||||
protected function defineCondition() {
|
||||
return $this->rb->logicalAnd(
|
||||
$this->rb['event_http_method_head']->equalTo(true),
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,15 @@
|
||||
<?php
|
||||
|
||||
namespace Controllers\Admin\Rules\Set;
|
||||
|
||||
class B19 extends BaseRule {
|
||||
public const NAME = 'Night time requests';
|
||||
public const DESCRIPTION = 'User was active from midnight till 5 a. m.';
|
||||
public const ATTRIBUTES = [];
|
||||
|
||||
protected function defineCondition() {
|
||||
return $this->rb->logicalAnd(
|
||||
$this->rb['event_session_night_time']->equalTo(true),
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,15 @@
|
||||
<?php
|
||||
|
||||
namespace Controllers\Admin\Rules\Set;
|
||||
|
||||
class B20 extends BaseRule {
|
||||
public const NAME = 'Multiple countries in one session';
|
||||
public const DESCRIPTION = 'User\'s country was changed in less than 30 minutes.';
|
||||
public const ATTRIBUTES = ['ip'];
|
||||
|
||||
protected function defineCondition() {
|
||||
return $this->rb->logicalAnd(
|
||||
$this->rb['event_session_multiple_country']->equalTo(true),
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,15 @@
|
||||
<?php
|
||||
|
||||
namespace Controllers\Admin\Rules\Set;
|
||||
|
||||
class B21 extends BaseRule {
|
||||
public const NAME = 'Multiple devices in one session';
|
||||
public const DESCRIPTION = 'User\'s device was changed in less than 30 minutes.';
|
||||
public const ATTRIBUTES = [];
|
||||
|
||||
protected function defineCondition() {
|
||||
return $this->rb->logicalAnd(
|
||||
$this->rb['event_session_multiple_device']->equalTo(true),
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,15 @@
|
||||
<?php
|
||||
|
||||
namespace Controllers\Admin\Rules\Set;
|
||||
|
||||
class B22 extends BaseRule {
|
||||
public const NAME = 'Multiple IP addresses in one session';
|
||||
public const DESCRIPTION = 'User\'s IP address was changed in less than 30 minutes.';
|
||||
public const ATTRIBUTES = [];
|
||||
|
||||
protected function defineCondition() {
|
||||
return $this->rb->logicalAnd(
|
||||
$this->rb['event_session_multiple_ip']->equalTo(true),
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,15 @@
|
||||
<?php
|
||||
|
||||
namespace Controllers\Admin\Rules\Set;
|
||||
|
||||
class B23 extends BaseRule {
|
||||
public const NAME = 'User\'s full name contains space or hyphen';
|
||||
public const DESCRIPTION = 'Full name contains space or hyphen, which is a rare behaviour for regular users.';
|
||||
public const ATTRIBUTES = [];
|
||||
|
||||
protected function defineCondition() {
|
||||
return $this->rb->logicalAnd(
|
||||
$this->rb['ea_fullname_has_spaces_hyphens']->equalTo(true),
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,15 @@
|
||||
<?php
|
||||
|
||||
namespace Controllers\Admin\Rules\Set;
|
||||
|
||||
class B24 extends BaseRule {
|
||||
public const NAME = 'Empty referer';
|
||||
public const DESCRIPTION = 'The user made a request without a referer.';
|
||||
public const ATTRIBUTES = [];
|
||||
|
||||
protected function defineCondition() {
|
||||
return $this->rb->logicalAnd(
|
||||
$this->rb['event_empty_referer']->equalTo(true),
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,16 @@
|
||||
<?php
|
||||
|
||||
namespace Controllers\Admin\Rules\Set;
|
||||
|
||||
class B25 extends BaseRule {
|
||||
public const NAME = 'Unauthorized request';
|
||||
public const DESCRIPTION = 'The user made a successful request without authorization.';
|
||||
public const ATTRIBUTES = [];
|
||||
|
||||
protected function defineCondition() {
|
||||
return $this->rb->logicalAnd(
|
||||
$this->rb['ea_userid']->equalTo(\Utils\Constants::get('UNAUTHORIZED_USERID')),
|
||||
$this->rb['event_2xx_http']->equalTo(true),
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,51 @@
|
||||
<?php
|
||||
|
||||
/**
|
||||
* Tirreno ~ Open source user analytics
|
||||
* Copyright (c) Tirreno Technologies Sàrl (https://www.tirreno.com)
|
||||
*
|
||||
* Licensed under GNU Affero General Public License version 3 of the or any later version.
|
||||
* For full copyright and license information, please see the LICENSE
|
||||
* Redistributions of files must retain the above copyright notice.
|
||||
*
|
||||
* @copyright Copyright (c) Tirreno Technologies Sàrl (https://www.tirreno.com)
|
||||
* @license https://opensource.org/licenses/AGPL-3.0 AGPL License
|
||||
* @link https://www.tirreno.com Tirreno(tm)
|
||||
*/
|
||||
|
||||
namespace Controllers\Admin\Rules\Set;
|
||||
|
||||
abstract class BaseRule {
|
||||
protected $rb;
|
||||
protected $context;
|
||||
protected $params;
|
||||
protected $condition;
|
||||
|
||||
public $uid;
|
||||
|
||||
public function __construct(?\Ruler\RuleBuilder $rb = null, array $params = []) {
|
||||
$this->uid = end(explode('\\', get_class($this)));
|
||||
$this->rb = $rb ? $rb : (new \Ruler\RuleBuilder());
|
||||
$this->params = $params;
|
||||
}
|
||||
|
||||
abstract protected function defineCondition();
|
||||
|
||||
protected function prepareParams(array $params): array {
|
||||
return $params;
|
||||
}
|
||||
|
||||
public function execute(): bool {
|
||||
$this->context = $this->buildContext();
|
||||
$this->condition = $this->defineCondition();
|
||||
return $this->rb->create($this->condition)->evaluate($this->context);
|
||||
}
|
||||
|
||||
private function buildContext(): \Ruler\Context {
|
||||
return new \Ruler\Context($this->prepareParams($this->params));
|
||||
}
|
||||
|
||||
public function updateParams(array $params): void {
|
||||
$this->params = $params;
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,21 @@
|
||||
<?php
|
||||
|
||||
namespace Controllers\Admin\Rules\Set;
|
||||
|
||||
class C01 extends BaseRule {
|
||||
public const NAME = 'Nigeria IP address';
|
||||
public const DESCRIPTION = 'IP address located in Nigeria. This region is associated with a higher risk.';
|
||||
public const ATTRIBUTES = ['ip'];
|
||||
|
||||
protected function prepareParams(array $params): array {
|
||||
$params['eip_has_specific_country'] = in_array(\Utils\Constants::get('COUNTRY_CODE_NIGERIA'), $params['eip_country_id']);
|
||||
|
||||
return $params;
|
||||
}
|
||||
|
||||
protected function defineCondition() {
|
||||
return $this->rb->logicalAnd(
|
||||
$this->rb['eip_has_specific_country']->equalTo(true),
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,21 @@
|
||||
<?php
|
||||
|
||||
namespace Controllers\Admin\Rules\Set;
|
||||
|
||||
class C02 extends BaseRule {
|
||||
public const NAME = 'India IP address';
|
||||
public const DESCRIPTION = 'IP address located in India. This region is associated with a higher risk.';
|
||||
public const ATTRIBUTES = ['ip'];
|
||||
|
||||
protected function prepareParams(array $params): array {
|
||||
$params['eip_has_specific_country'] = in_array(\Utils\Constants::get('COUNTRY_CODE_INDIA'), $params['eip_country_id']);
|
||||
|
||||
return $params;
|
||||
}
|
||||
|
||||
protected function defineCondition() {
|
||||
return $this->rb->logicalAnd(
|
||||
$this->rb['eip_has_specific_country']->equalTo(true),
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,21 @@
|
||||
<?php
|
||||
|
||||
namespace Controllers\Admin\Rules\Set;
|
||||
|
||||
class C03 extends BaseRule {
|
||||
public const NAME = 'China IP address';
|
||||
public const DESCRIPTION = 'IP address located in China. This region is associated with a higher risk.';
|
||||
public const ATTRIBUTES = ['ip'];
|
||||
|
||||
protected function prepareParams(array $params): array {
|
||||
$params['eip_has_specific_country'] = in_array(\Utils\Constants::get('COUNTRY_CODE_CHINA'), $params['eip_country_id']);
|
||||
|
||||
return $params;
|
||||
}
|
||||
|
||||
protected function defineCondition() {
|
||||
return $this->rb->logicalAnd(
|
||||
$this->rb['eip_has_specific_country']->equalTo(true),
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,21 @@
|
||||
<?php
|
||||
|
||||
namespace Controllers\Admin\Rules\Set;
|
||||
|
||||
class C04 extends BaseRule {
|
||||
public const NAME = 'Brazil IP address';
|
||||
public const DESCRIPTION = 'IP address located in Brazil. This region is associated with a higher risk.';
|
||||
public const ATTRIBUTES = ['ip'];
|
||||
|
||||
protected function prepareParams(array $params): array {
|
||||
$params['eip_has_specific_country'] = in_array(\Utils\Constants::get('COUNTRY_CODE_BRAZIL'), $params['eip_country_id']);
|
||||
|
||||
return $params;
|
||||
}
|
||||
|
||||
protected function defineCondition() {
|
||||
return $this->rb->logicalAnd(
|
||||
$this->rb['eip_has_specific_country']->equalTo(true),
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,21 @@
|
||||
<?php
|
||||
|
||||
namespace Controllers\Admin\Rules\Set;
|
||||
|
||||
class C05 extends BaseRule {
|
||||
public const NAME = 'Pakistan IP address';
|
||||
public const DESCRIPTION = 'IP address located in Pakistan. This region is associated with a higher risk.';
|
||||
public const ATTRIBUTES = ['ip'];
|
||||
|
||||
protected function prepareParams(array $params): array {
|
||||
$params['eip_has_specific_country'] = in_array(\Utils\Constants::get('COUNTRY_CODE_PAKISTAN'), $params['eip_country_id']);
|
||||
|
||||
return $params;
|
||||
}
|
||||
|
||||
protected function defineCondition() {
|
||||
return $this->rb->logicalAnd(
|
||||
$this->rb['eip_has_specific_country']->equalTo(true),
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,21 @@
|
||||
<?php
|
||||
|
||||
namespace Controllers\Admin\Rules\Set;
|
||||
|
||||
class C06 extends BaseRule {
|
||||
public const NAME = 'Indonesia IP address';
|
||||
public const DESCRIPTION = 'IP address located in Indonesia. This region is associated with a higher risk.';
|
||||
public const ATTRIBUTES = ['ip'];
|
||||
|
||||
protected function prepareParams(array $params): array {
|
||||
$params['eip_has_specific_country'] = in_array(\Utils\Constants::get('COUNTRY_CODE_INDONESIA'), $params['eip_country_id']);
|
||||
|
||||
return $params;
|
||||
}
|
||||
|
||||
protected function defineCondition() {
|
||||
return $this->rb->logicalAnd(
|
||||
$this->rb['eip_has_specific_country']->equalTo(true),
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,21 @@
|
||||
<?php
|
||||
|
||||
namespace Controllers\Admin\Rules\Set;
|
||||
|
||||
class C07 extends BaseRule {
|
||||
public const NAME = 'Venezuela IP address';
|
||||
public const DESCRIPTION = 'IP address located in Venezuela. This region is associated with a higher risk.';
|
||||
public const ATTRIBUTES = ['ip'];
|
||||
|
||||
protected function prepareParams(array $params): array {
|
||||
$params['eip_has_specific_country'] = in_array(\Utils\Constants::get('COUNTRY_CODE_VENEZUELA'), $params['eip_country_id']);
|
||||
|
||||
return $params;
|
||||
}
|
||||
|
||||
protected function defineCondition() {
|
||||
return $this->rb->logicalAnd(
|
||||
$this->rb['eip_has_specific_country']->equalTo(true),
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,21 @@
|
||||
<?php
|
||||
|
||||
namespace Controllers\Admin\Rules\Set;
|
||||
|
||||
class C08 extends BaseRule {
|
||||
public const NAME = 'South Africa IP address';
|
||||
public const DESCRIPTION = 'IP address located in South Africa. This region is associated with a higher risk.';
|
||||
public const ATTRIBUTES = ['ip'];
|
||||
|
||||
protected function prepareParams(array $params): array {
|
||||
$params['eip_has_specific_country'] = in_array(\Utils\Constants::get('COUNTRY_CODE_SOUTH_AFRICA'), $params['eip_country_id']);
|
||||
|
||||
return $params;
|
||||
}
|
||||
|
||||
protected function defineCondition() {
|
||||
return $this->rb->logicalAnd(
|
||||
$this->rb['eip_has_specific_country']->equalTo(true),
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,21 @@
|
||||
<?php
|
||||
|
||||
namespace Controllers\Admin\Rules\Set;
|
||||
|
||||
class C09 extends BaseRule {
|
||||
public const NAME = 'Philippines IP address';
|
||||
public const DESCRIPTION = 'IP address located in Philippines. This region is associated with a higher risk.';
|
||||
public const ATTRIBUTES = ['ip'];
|
||||
|
||||
protected function prepareParams(array $params): array {
|
||||
$params['eip_has_specific_country'] = in_array(\Utils\Constants::get('COUNTRY_CODE_PHILIPPINES'), $params['eip_country_id']);
|
||||
|
||||
return $params;
|
||||
}
|
||||
|
||||
protected function defineCondition() {
|
||||
return $this->rb->logicalAnd(
|
||||
$this->rb['eip_has_specific_country']->equalTo(true),
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,21 @@
|
||||
<?php
|
||||
|
||||
namespace Controllers\Admin\Rules\Set;
|
||||
|
||||
class C10 extends BaseRule {
|
||||
public const NAME = 'Romania IP address';
|
||||
public const DESCRIPTION = 'IP address located in Romania. This region is associated with a higher risk.';
|
||||
public const ATTRIBUTES = ['ip'];
|
||||
|
||||
protected function prepareParams(array $params): array {
|
||||
$params['eip_has_specific_country'] = in_array(\Utils\Constants::get('COUNTRY_CODE_ROMANIA'), $params['eip_country_id']);
|
||||
|
||||
return $params;
|
||||
}
|
||||
|
||||
protected function defineCondition() {
|
||||
return $this->rb->logicalAnd(
|
||||
$this->rb['eip_has_specific_country']->equalTo(true),
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,21 @@
|
||||
<?php
|
||||
|
||||
namespace Controllers\Admin\Rules\Set;
|
||||
|
||||
class C11 extends BaseRule {
|
||||
public const NAME = 'Russia IP address';
|
||||
public const DESCRIPTION = 'IP address located in Russia. This region is associated with a higher risk.';
|
||||
public const ATTRIBUTES = ['ip'];
|
||||
|
||||
protected function prepareParams(array $params): array {
|
||||
$params['eip_has_specific_country'] = in_array(\Utils\Constants::get('COUNTRY_CODE_RUSSIA'), $params['eip_country_id']);
|
||||
|
||||
return $params;
|
||||
}
|
||||
|
||||
protected function defineCondition() {
|
||||
return $this->rb->logicalAnd(
|
||||
$this->rb['eip_has_specific_country']->equalTo(true),
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,22 @@
|
||||
<?php
|
||||
|
||||
namespace Controllers\Admin\Rules\Set;
|
||||
|
||||
class C12 extends BaseRule {
|
||||
public const NAME = 'European IP address';
|
||||
public const DESCRIPTION = 'IP address located in Europe Union.';
|
||||
public const ATTRIBUTES = ['ip'];
|
||||
|
||||
protected function prepareParams(array $params): array {
|
||||
$common = array_intersect(\Utils\Constants::get('COUNTRY_CODES_EUROPE'), $params['eip_country_id']);
|
||||
$params['eip_has_specific_country'] = (bool) count($common);
|
||||
|
||||
return $params;
|
||||
}
|
||||
|
||||
protected function defineCondition() {
|
||||
return $this->rb->logicalAnd(
|
||||
$this->rb['eip_has_specific_country']->equalTo(true),
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,22 @@
|
||||
<?php
|
||||
|
||||
namespace Controllers\Admin\Rules\Set;
|
||||
|
||||
class C13 extends BaseRule {
|
||||
public const NAME = 'North America IP address';
|
||||
public const DESCRIPTION = 'IP address located in Canada or USA.';
|
||||
public const ATTRIBUTES = ['ip'];
|
||||
|
||||
protected function prepareParams(array $params): array {
|
||||
$common = array_intersect(\Utils\Constants::get('COUNTRY_CODES_NORTH_AMERICA'), $params['eip_country_id']);
|
||||
$params['eip_has_specific_country'] = (bool) count($common);
|
||||
|
||||
return $params;
|
||||
}
|
||||
|
||||
protected function defineCondition() {
|
||||
return $this->rb->logicalAnd(
|
||||
$this->rb['eip_has_specific_country']->equalTo(true),
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,21 @@
|
||||
<?php
|
||||
|
||||
namespace Controllers\Admin\Rules\Set;
|
||||
|
||||
class C14 extends BaseRule {
|
||||
public const NAME = 'Australia IP address';
|
||||
public const DESCRIPTION = 'IP address located in Australia.';
|
||||
public const ATTRIBUTES = ['ip'];
|
||||
|
||||
protected function prepareParams(array $params): array {
|
||||
$params['eip_has_specific_country'] = in_array(\Utils\Constants::get('COUNTRY_CODE_AUSTRALIA'), $params['eip_country_id']);
|
||||
|
||||
return $params;
|
||||
}
|
||||
|
||||
protected function defineCondition() {
|
||||
return $this->rb->logicalAnd(
|
||||
$this->rb['eip_has_specific_country']->equalTo(true),
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,21 @@
|
||||
<?php
|
||||
|
||||
namespace Controllers\Admin\Rules\Set;
|
||||
|
||||
class C15 extends BaseRule {
|
||||
public const NAME = 'UAE IP address';
|
||||
public const DESCRIPTION = 'IP address located in United Arab Emirates.';
|
||||
public const ATTRIBUTES = ['ip'];
|
||||
|
||||
protected function prepareParams(array $params): array {
|
||||
$params['eip_has_specific_country'] = in_array(\Utils\Constants::get('COUNTRY_CODE_UAE'), $params['eip_country_id']);
|
||||
|
||||
return $params;
|
||||
}
|
||||
|
||||
protected function defineCondition() {
|
||||
return $this->rb->logicalAnd(
|
||||
$this->rb['eip_has_specific_country']->equalTo(true),
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,21 @@
|
||||
<?php
|
||||
|
||||
namespace Controllers\Admin\Rules\Set;
|
||||
|
||||
class C16 extends BaseRule {
|
||||
public const NAME = 'Japan IP address';
|
||||
public const DESCRIPTION = 'IP address located in Japan.';
|
||||
public const ATTRIBUTES = ['ip'];
|
||||
|
||||
protected function prepareParams(array $params): array {
|
||||
$params['eip_has_specific_country'] = in_array(\Utils\Constants::get('COUNTRY_CODE_JAPAN'), $params['eip_country_id']);
|
||||
|
||||
return $params;
|
||||
}
|
||||
|
||||
protected function defineCondition() {
|
||||
return $this->rb->logicalAnd(
|
||||
$this->rb['eip_has_specific_country']->equalTo(true),
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,21 @@
|
||||
<?php
|
||||
|
||||
namespace Controllers\Admin\Rules\Set;
|
||||
|
||||
class D01 extends BaseRule {
|
||||
public const NAME = 'Device is unknown';
|
||||
public const DESCRIPTION = 'User has manipulated the device information, so it is not recognized.';
|
||||
public const ATTRIBUTES = [];
|
||||
|
||||
protected function prepareParams(array $params): array {
|
||||
$params['eup_has_unknown_devices'] = in_array(null, $params['eup_device']);
|
||||
|
||||
return $params;
|
||||
}
|
||||
|
||||
protected function defineCondition() {
|
||||
return $this->rb->logicalAnd(
|
||||
$this->rb['eup_has_unknown_devices']->equalTo(true),
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,21 @@
|
||||
<?php
|
||||
|
||||
namespace Controllers\Admin\Rules\Set;
|
||||
|
||||
class D02 extends BaseRule {
|
||||
public const NAME = 'Device is Linux';
|
||||
public const DESCRIPTION = 'Linux OS is not used by avarage users, increased risk of crawler bot.';
|
||||
public const ATTRIBUTES = [];
|
||||
|
||||
protected function prepareParams(array $params): array {
|
||||
$params['eup_has_linux_system'] = in_array('GNU/Linux', $params['eup_os_name']);
|
||||
|
||||
return $params;
|
||||
}
|
||||
|
||||
protected function defineCondition() {
|
||||
return $this->rb->logicalAnd(
|
||||
$this->rb['eup_has_linux_system']->equalTo(true),
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,21 @@
|
||||
<?php
|
||||
|
||||
namespace Controllers\Admin\Rules\Set;
|
||||
|
||||
class D03 extends BaseRule {
|
||||
public const NAME = 'Device is bot';
|
||||
public const DESCRIPTION = 'The user may be using a device with a user agent that is identified as a bot.';
|
||||
public const ATTRIBUTES = [];
|
||||
|
||||
protected function prepareParams(array $params): array {
|
||||
$params['eup_has_bot_devices'] = in_array('bot', $params['eup_device']);
|
||||
|
||||
return $params;
|
||||
}
|
||||
|
||||
protected function defineCondition() {
|
||||
return $this->rb->logicalAnd(
|
||||
$this->rb['eup_has_bot_devices']->equalTo(true),
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,15 @@
|
||||
<?php
|
||||
|
||||
namespace Controllers\Admin\Rules\Set;
|
||||
|
||||
class D04 extends BaseRule {
|
||||
public const NAME = 'Rare browser device';
|
||||
public const DESCRIPTION = 'User operates device with uncommon browser.';
|
||||
public const ATTRIBUTES = [];
|
||||
|
||||
protected function defineCondition() {
|
||||
return $this->rb->logicalAnd(
|
||||
$this->rb['eup_has_rare_browser']->equalTo(true),
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,15 @@
|
||||
<?php
|
||||
|
||||
namespace Controllers\Admin\Rules\Set;
|
||||
|
||||
class D05 extends BaseRule {
|
||||
public const NAME = 'Rare OS device';
|
||||
public const DESCRIPTION = 'User operates device with uncommon OS.';
|
||||
public const ATTRIBUTES = [];
|
||||
|
||||
protected function defineCondition() {
|
||||
return $this->rb->logicalAnd(
|
||||
$this->rb['eup_has_rare_os']->equalTo(true),
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,15 @@
|
||||
<?php
|
||||
|
||||
namespace Controllers\Admin\Rules\Set;
|
||||
|
||||
class D06 extends BaseRule {
|
||||
public const NAME = 'Multiple devices per user';
|
||||
public const DESCRIPTION = 'User accesses the account using multiple devices. Account may be used by different people.';
|
||||
public const ATTRIBUTES = [];
|
||||
|
||||
protected function defineCondition() {
|
||||
return $this->rb->logicalAnd(
|
||||
$this->rb['ea_total_device']->greaterThan(4),
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,34 @@
|
||||
<?php
|
||||
|
||||
namespace Controllers\Admin\Rules\Set;
|
||||
|
||||
class D07 extends BaseRule {
|
||||
public const NAME = 'Several desktop devices';
|
||||
public const DESCRIPTION = 'User accesses the account using different OS desktop devices. Account may be shared between different people.';
|
||||
public const ATTRIBUTES = [];
|
||||
|
||||
protected function prepareParams(array $params): array {
|
||||
$desktopDevicesWithDifferentOS = false;
|
||||
$firstDesktopOS = '';
|
||||
for ($i = 0; $i < $params['eup_device_count']; ++$i) {
|
||||
if ($params['eup_device'][$i] === 'desktop') {
|
||||
if ($firstDesktopOS === '') {
|
||||
$firstDesktopOS = $params['eup_os_name'][$i];
|
||||
} elseif ($firstDesktopOS !== $params['eup_os_name'][$i]) {
|
||||
$desktopDevicesWithDifferentOS = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
$params['eup_desktop_devices_with_different_os'] = $desktopDevicesWithDifferentOS;
|
||||
|
||||
return $params;
|
||||
}
|
||||
|
||||
protected function defineCondition() {
|
||||
return $this->rb->logicalAnd(
|
||||
$this->rb['eup_desktop_devices_with_different_os']->equalTo(true),
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,28 @@
|
||||
<?php
|
||||
|
||||
namespace Controllers\Admin\Rules\Set;
|
||||
|
||||
class D08 extends BaseRule {
|
||||
public const NAME = 'Two or more phone devices';
|
||||
public const DESCRIPTION = 'User accesses the account using numerous phone devices, which is not standard behaviour for regular users. Account may be shared between different people.';
|
||||
public const ATTRIBUTES = [];
|
||||
|
||||
protected function prepareParams(array $params): array {
|
||||
$smartphoneCount = 0;
|
||||
foreach ($params['eup_device'] as $device) {
|
||||
if ($device === 'smartphone') {
|
||||
++$smartphoneCount;
|
||||
}
|
||||
}
|
||||
|
||||
$params['eup_phone_devices_count'] = $smartphoneCount;
|
||||
|
||||
return $params;
|
||||
}
|
||||
|
||||
protected function defineCondition() {
|
||||
return $this->rb->logicalAnd(
|
||||
$this->rb['eup_phone_devices_count']->greaterThan(1),
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,37 @@
|
||||
<?php
|
||||
|
||||
namespace Controllers\Admin\Rules\Set;
|
||||
|
||||
class D09 extends BaseRule {
|
||||
public const NAME = 'Old browser';
|
||||
public const DESCRIPTION = 'User accesses the account using an old versioned browser.';
|
||||
public const ATTRIBUTES = [];
|
||||
|
||||
protected function prepareParams(array $params): array {
|
||||
$minVersion = null;
|
||||
$browserVersion = '';
|
||||
$oldBrowser = false;
|
||||
$iters = count($params['eup_browser_name']);
|
||||
|
||||
for ($i = 0; $i < $iters; ++$i) {
|
||||
$minVersion = \Utils\Constants::get('RULE_REGULAR_BROWSER_NAMES')[$params['eup_browser_name'][$i]] ?? null;
|
||||
if ($minVersion !== null) {
|
||||
$browserVersion = explode('.', $params['eup_browser_version'][$i] ?? '')[0];
|
||||
if (ctype_digit($browserVersion) && intval($browserVersion) < $minVersion) {
|
||||
$oldBrowser = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
$params['eup_old_browser'] = $oldBrowser;
|
||||
|
||||
return $params;
|
||||
}
|
||||
|
||||
protected function defineCondition() {
|
||||
return $this->rb->logicalAnd(
|
||||
$this->rb['eup_old_browser']->equalTo(true),
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,15 @@
|
||||
<?php
|
||||
|
||||
namespace Controllers\Admin\Rules\Set;
|
||||
|
||||
class D10 extends BaseRule {
|
||||
public const NAME = 'Potentially vulnerable User-Agent';
|
||||
public const DESCRIPTION = 'The user made a request with potentially vulnerable User-Agent.';
|
||||
public const ATTRIBUTES = [];
|
||||
|
||||
protected function defineCondition() {
|
||||
return $this->rb->logicalAnd(
|
||||
$this->rb['eup_vulnerable_ua']->equalTo(true),
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,15 @@
|
||||
<?php
|
||||
|
||||
namespace Controllers\Admin\Rules\Set;
|
||||
|
||||
class E01 extends BaseRule {
|
||||
public const NAME = 'Invalid email format';
|
||||
public const DESCRIPTION = 'Invalid email format. Should be \'username@domain.com\'.';
|
||||
public const ATTRIBUTES = [];
|
||||
|
||||
protected function defineCondition() {
|
||||
return $this->rb->logicalAnd(
|
||||
$this->rb['le_is_invalid']->equalTo(true),
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,19 @@
|
||||
<?php
|
||||
|
||||
namespace Controllers\Admin\Rules\Set;
|
||||
|
||||
class E02 extends BaseRule {
|
||||
public const NAME = 'New domain and no breaches';
|
||||
public const DESCRIPTION = 'Email belongs to recently created domain name and it doesn\'t appear in data breaches. Increased risk due to lack of authenticity.';
|
||||
public const ATTRIBUTES = ['email', 'domain'];
|
||||
|
||||
protected function defineCondition() {
|
||||
return $this->rb->logicalAnd(
|
||||
$this->rb['ld_days_since_domain_creation']->notEqualTo(-1),
|
||||
$this->rb['ld_days_since_domain_creation']->lessThan(30),
|
||||
//$this->rb['le_has_no_profiles']->equalTo(true),
|
||||
$this->rb['le_has_no_data_breaches']->equalTo(true),
|
||||
$this->rb['le_local_part_len']->greaterThan(0),
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,16 @@
|
||||
<?php
|
||||
|
||||
namespace Controllers\Admin\Rules\Set;
|
||||
|
||||
class E03 extends BaseRule {
|
||||
public const NAME = 'Suspicious words in email';
|
||||
public const DESCRIPTION = 'Email contains word parts that usually found in automatically generated mailboxes.';
|
||||
public const ATTRIBUTES = [];
|
||||
|
||||
protected function defineCondition() {
|
||||
return $this->rb->logicalAnd(
|
||||
$this->rb['le_has_suspicious_str']->equalTo(true),
|
||||
$this->rb['le_local_part_len']->greaterThan(0),
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,16 @@
|
||||
<?php
|
||||
|
||||
namespace Controllers\Admin\Rules\Set;
|
||||
|
||||
class E04 extends BaseRule {
|
||||
public const NAME = 'Numeric email name';
|
||||
public const DESCRIPTION = 'The email\'s username consists entirely of numbers, which is uncommon for typical email addresses.';
|
||||
public const ATTRIBUTES = [];
|
||||
|
||||
protected function defineCondition() {
|
||||
return $this->rb->logicalAnd(
|
||||
$this->rb['le_has_numeric_only_local_part']->equalTo(true),
|
||||
$this->rb['le_local_part_len']->greaterThan(0),
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,16 @@
|
||||
<?php
|
||||
|
||||
namespace Controllers\Admin\Rules\Set;
|
||||
|
||||
class E05 extends BaseRule {
|
||||
public const NAME = 'Special characters in email';
|
||||
public const DESCRIPTION = 'The email address features an unusually high number of special characters, which is atypical for standard email addresses.';
|
||||
public const ATTRIBUTES = [];
|
||||
|
||||
protected function defineCondition() {
|
||||
return $this->rb->logicalAnd(
|
||||
$this->rb['le_email_has_consec_s_chars']->equalTo(true),
|
||||
$this->rb['le_local_part_len']->greaterThan(0),
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,16 @@
|
||||
<?php
|
||||
|
||||
namespace Controllers\Admin\Rules\Set;
|
||||
|
||||
class E06 extends BaseRule {
|
||||
public const NAME = 'Consecutive digits in email';
|
||||
public const DESCRIPTION = 'The email address includes at least two consecutive digits, which is a characteristic sometimes associated with temporary or fake email accounts.';
|
||||
public const ATTRIBUTES = [];
|
||||
|
||||
protected function defineCondition() {
|
||||
return $this->rb->logicalAnd(
|
||||
$this->rb['le_email_has_consec_nums']->equalTo(true),
|
||||
$this->rb['le_local_part_len']->greaterThan(0),
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,15 @@
|
||||
<?php
|
||||
|
||||
namespace Controllers\Admin\Rules\Set;
|
||||
|
||||
class E07 extends BaseRule {
|
||||
public const NAME = 'Long email username';
|
||||
public const DESCRIPTION = 'The email\'s username exceeds the average length, which could suggest it\'s a temporary email address.';
|
||||
public const ATTRIBUTES = [];
|
||||
|
||||
protected function defineCondition() {
|
||||
return $this->rb->logicalAnd(
|
||||
$this->rb['le_with_long_local_part_length']->equalTo(true),
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,15 @@
|
||||
<?php
|
||||
|
||||
namespace Controllers\Admin\Rules\Set;
|
||||
|
||||
class E08 extends BaseRule {
|
||||
public const NAME = 'Long domain name';
|
||||
public const DESCRIPTION = 'Email\'s domain name is too long. Long domain names are cheaply registered and rarely used for email addresses by regular users.';
|
||||
public const ATTRIBUTES = [];
|
||||
|
||||
protected function defineCondition() {
|
||||
return $this->rb->logicalAnd(
|
||||
$this->rb['le_with_long_domain_length']->equalTo(true),
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,15 @@
|
||||
<?php
|
||||
|
||||
namespace Controllers\Admin\Rules\Set;
|
||||
|
||||
class E09 extends BaseRule {
|
||||
public const NAME = 'Free email provider';
|
||||
public const DESCRIPTION = 'Email belongs to free provider. These mailboxes are the easiest to create.';
|
||||
public const ATTRIBUTES = ['domain'];
|
||||
|
||||
protected function defineCondition() {
|
||||
return $this->rb->logicalAnd(
|
||||
$this->rb['ld_domain_free_email_provider']->equalTo(true),
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,16 @@
|
||||
<?php
|
||||
|
||||
namespace Controllers\Admin\Rules\Set;
|
||||
|
||||
class E10 extends BaseRule {
|
||||
public const NAME = 'The website is unavailable';
|
||||
public const DESCRIPTION = 'Domain\'s website seems to be inactive, which could be a sign of fake mailbox.';
|
||||
public const ATTRIBUTES = ['domain'];
|
||||
|
||||
protected function defineCondition() {
|
||||
return $this->rb->logicalAnd(
|
||||
$this->rb['ld_website_is_disabled']->equalTo(true),
|
||||
$this->rb['ld_domain_free_email_provider']->notEqualTo(true),
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,15 @@
|
||||
<?php
|
||||
|
||||
namespace Controllers\Admin\Rules\Set;
|
||||
|
||||
class E11 extends BaseRule {
|
||||
public const NAME = 'Disposable email';
|
||||
public const DESCRIPTION = 'Disposable email addresses are temporary email addresses that users can create and use for a short period. They might use create fake accounts.';
|
||||
public const ATTRIBUTES = ['email'];
|
||||
|
||||
protected function defineCondition() {
|
||||
return $this->rb->logicalAnd(
|
||||
$this->rb['ld_is_disposable']->equalTo(true),
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,17 @@
|
||||
<?php
|
||||
|
||||
namespace Controllers\Admin\Rules\Set;
|
||||
|
||||
class E12 extends BaseRule {
|
||||
public const NAME = 'Free email and no breaches';
|
||||
public const DESCRIPTION = 'Email belongs to free provider and it doesn\'t appear in data breaches. It may be a sign of a throwaway mailbox.';
|
||||
public const ATTRIBUTES = ['email'];
|
||||
|
||||
protected function defineCondition() {
|
||||
return $this->rb->logicalAnd(
|
||||
$this->rb['ld_domain_free_email_provider']->equalTo(true),
|
||||
//$this->rb['le_has_no_profiles']->equalTo(true),
|
||||
$this->rb['le_has_no_data_breaches']->equalTo(true),
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,16 @@
|
||||
<?php
|
||||
|
||||
namespace Controllers\Admin\Rules\Set;
|
||||
|
||||
class E13 extends BaseRule {
|
||||
public const NAME = 'New domain';
|
||||
public const DESCRIPTION = 'Domain name was registered recently, which is rare for average users.';
|
||||
public const ATTRIBUTES = ['domain'];
|
||||
|
||||
protected function defineCondition() {
|
||||
return $this->rb->logicalAnd(
|
||||
$this->rb['ld_days_since_domain_creation']->notEqualTo(-1),
|
||||
$this->rb['ld_days_since_domain_creation']->lessThan(90),
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,15 @@
|
||||
<?php
|
||||
|
||||
namespace Controllers\Admin\Rules\Set;
|
||||
|
||||
class E14 extends BaseRule {
|
||||
public const NAME = 'No MX record';
|
||||
public const DESCRIPTION = 'Email\'s domain name has no MX record, so domain is not able to have any mailboxes. It is a sign of fake mailbox.';
|
||||
public const ATTRIBUTES = ['domain'];
|
||||
|
||||
protected function defineCondition() {
|
||||
return $this->rb->logicalAnd(
|
||||
$this->rb['ld_domain_without_mx_record']->equalTo(true),
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,16 @@
|
||||
<?php
|
||||
|
||||
namespace Controllers\Admin\Rules\Set;
|
||||
|
||||
class E15 extends BaseRule {
|
||||
public const NAME = 'No breaches for email';
|
||||
public const DESCRIPTION = 'The email was not involved in any data breaches, which could suggest it\'s a newly created or less frequently used mailbox.';
|
||||
public const ATTRIBUTES = ['email'];
|
||||
|
||||
protected function defineCondition() {
|
||||
return $this->rb->logicalAnd(
|
||||
$this->rb['le_has_no_data_breaches']->equalTo(true),
|
||||
$this->rb['le_local_part_len']->greaterThan(0),
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,15 @@
|
||||
<?php
|
||||
|
||||
namespace Controllers\Admin\Rules\Set;
|
||||
|
||||
class E16 extends BaseRule {
|
||||
public const NAME = 'Domain appears in spam lists';
|
||||
public const DESCRIPTION = 'Email appears in spam lists, so the user may have spammed before.';
|
||||
public const ATTRIBUTES = ['domain'];
|
||||
|
||||
protected function defineCondition() {
|
||||
return $this->rb->logicalAnd(
|
||||
$this->rb['ld_from_blockdomains']->equalTo(true),
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,16 @@
|
||||
<?php
|
||||
|
||||
namespace Controllers\Admin\Rules\Set;
|
||||
|
||||
class E17 extends BaseRule {
|
||||
public const NAME = 'Free email and spam';
|
||||
public const DESCRIPTION = 'Email appears in spam lists and registered by free provider. Increased risk of spamming.';
|
||||
public const ATTRIBUTES = ['email', 'domain'];
|
||||
|
||||
protected function defineCondition() {
|
||||
return $this->rb->logicalAnd(
|
||||
$this->rb['ld_domain_free_email_provider']->equalTo(true),
|
||||
$this->rb['le_email_in_blockemails']->equalTo(true),
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,21 @@
|
||||
<?php
|
||||
|
||||
namespace Controllers\Admin\Rules\Set;
|
||||
|
||||
class E19 extends BaseRule {
|
||||
public const NAME = 'Multiple emails changed';
|
||||
public const DESCRIPTION = 'User has changed their email.';
|
||||
public const ATTRIBUTES = [];
|
||||
|
||||
protected function prepareParams(array $params): array {
|
||||
$params['ee_email_count'] = count($params['ee_email']);
|
||||
|
||||
return $params;
|
||||
}
|
||||
|
||||
protected function defineCondition() {
|
||||
return $this->rb->logicalAnd(
|
||||
$this->rb['ee_email_count']->greaterThan(1),
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,18 @@
|
||||
<?php
|
||||
|
||||
namespace Controllers\Admin\Rules\Set;
|
||||
|
||||
class E20 extends BaseRule {
|
||||
public const NAME = 'Established domain (> 3 year old)';
|
||||
public const DESCRIPTION = 'Email belongs to long-established domain name registered at least 3 years ago.';
|
||||
public const ATTRIBUTES = ['domain'];
|
||||
|
||||
protected function defineCondition() {
|
||||
return $this->rb->logicalAnd(
|
||||
$this->rb['ld_days_since_domain_creation']->notEqualTo(-1),
|
||||
$this->rb['ld_days_since_domain_creation']->greaterThan(365 * 3),
|
||||
$this->rb['ld_disposable_domains']->notEqualTo(true),
|
||||
$this->rb['ld_free_email_provider']->notEqualTo(true),
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,16 @@
|
||||
<?php
|
||||
|
||||
namespace Controllers\Admin\Rules\Set;
|
||||
|
||||
class E21 extends BaseRule {
|
||||
public const NAME = 'No vowels in email';
|
||||
public const DESCRIPTION = 'Email username does not contain any vowels.';
|
||||
public const ATTRIBUTES = [];
|
||||
|
||||
protected function defineCondition() {
|
||||
return $this->rb->logicalAnd(
|
||||
$this->rb['le_email_has_vowels']->equalTo(false),
|
||||
$this->rb['le_local_part_len']->greaterThan(0),
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,16 @@
|
||||
<?php
|
||||
|
||||
namespace Controllers\Admin\Rules\Set;
|
||||
|
||||
class E22 extends BaseRule {
|
||||
public const NAME = 'No consonants in email';
|
||||
public const DESCRIPTION = 'Email username does not contain any consonants.';
|
||||
public const ATTRIBUTES = [];
|
||||
|
||||
protected function defineCondition() {
|
||||
return $this->rb->logicalAnd(
|
||||
$this->rb['le_email_has_consonants']->equalTo(false),
|
||||
$this->rb['le_local_part_len']->greaterThan(0),
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,29 @@
|
||||
<?php
|
||||
|
||||
namespace Controllers\Admin\Rules\Set;
|
||||
|
||||
class E23 extends BaseRule {
|
||||
public const NAME = 'Educational domain (.edu)';
|
||||
public const DESCRIPTION = 'Email belongs to educational domain.';
|
||||
public const ATTRIBUTES = [];
|
||||
|
||||
protected function prepareParams(array $params): array {
|
||||
$emailHasEdu = false;
|
||||
foreach ($params['ee_email'] as $email) {
|
||||
if (str_ends_with($email, '.edu')) {
|
||||
$emailHasEdu = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
$params['ee_has_edu'] = $emailHasEdu;
|
||||
|
||||
return $params;
|
||||
}
|
||||
|
||||
protected function defineCondition() {
|
||||
return $this->rb->logicalAnd(
|
||||
$this->rb['ee_has_edu']->equalTo(true),
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,29 @@
|
||||
<?php
|
||||
|
||||
namespace Controllers\Admin\Rules\Set;
|
||||
|
||||
class E24 extends BaseRule {
|
||||
public const NAME = 'Government domain (.gov)';
|
||||
public const DESCRIPTION = 'Email belongs to government domain.';
|
||||
public const ATTRIBUTES = [];
|
||||
|
||||
protected function prepareParams(array $params): array {
|
||||
$emailHasGov = false;
|
||||
foreach ($params['ee_email'] as $email) {
|
||||
if (str_ends_with($email, '.gov')) {
|
||||
$emailHasGov = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
$params['ee_has_gov'] = $emailHasGov;
|
||||
|
||||
return $params;
|
||||
}
|
||||
|
||||
protected function defineCondition() {
|
||||
return $this->rb->logicalAnd(
|
||||
$this->rb['ee_has_gov']->equalTo(true),
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,29 @@
|
||||
<?php
|
||||
|
||||
namespace Controllers\Admin\Rules\Set;
|
||||
|
||||
class E25 extends BaseRule {
|
||||
public const NAME = 'Military domain (.mil)';
|
||||
public const DESCRIPTION = 'Email belongs to military domain.';
|
||||
public const ATTRIBUTES = [];
|
||||
|
||||
protected function prepareParams(array $params): array {
|
||||
$emailHasMil = false;
|
||||
foreach ($params['ee_email'] as $email) {
|
||||
if (str_ends_with($email, '.mil')) {
|
||||
$emailHasMil = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
$params['ee_has_mil'] = $emailHasMil;
|
||||
|
||||
return $params;
|
||||
}
|
||||
|
||||
protected function defineCondition() {
|
||||
return $this->rb->logicalAnd(
|
||||
$this->rb['ee_has_mil']->equalTo(true),
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,29 @@
|
||||
<?php
|
||||
|
||||
namespace Controllers\Admin\Rules\Set;
|
||||
|
||||
class E26 extends BaseRule {
|
||||
public const NAME = 'iCloud mailbox';
|
||||
public const DESCRIPTION = 'Email belongs to Apple domains icloud.com, me.com or mac.com.';
|
||||
public const ATTRIBUTES = [];
|
||||
|
||||
protected function prepareParams(array $params): array {
|
||||
$emailHasApple = false;
|
||||
foreach ($params['ee_email'] as $email) {
|
||||
if (str_ends_with($email, '@icloud.com') || str_ends_with($email, '@me.com') || str_ends_with($email, '@mac.com')) {
|
||||
$emailHasApple = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
$params['ee_has_apple'] = $emailHasApple;
|
||||
|
||||
return $params;
|
||||
}
|
||||
|
||||
protected function defineCondition() {
|
||||
return $this->rb->logicalAnd(
|
||||
$this->rb['ee_has_apple']->equalTo(true),
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,17 @@
|
||||
<?php
|
||||
|
||||
namespace Controllers\Admin\Rules\Set;
|
||||
|
||||
class E27 extends BaseRule {
|
||||
public const NAME = 'Email breaches';
|
||||
public const DESCRIPTION = 'Email appears in data breaches.';
|
||||
public const ATTRIBUTES = ['email'];
|
||||
|
||||
protected function defineCondition() {
|
||||
return $this->rb->logicalAnd(
|
||||
//$this->rb['le_has_no_profiles']->equalTo(false),
|
||||
// do not trigger if le_data_breach is null,
|
||||
$this->rb['le_data_breach']->equalTo(true),
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,16 @@
|
||||
<?php
|
||||
|
||||
namespace Controllers\Admin\Rules\Set;
|
||||
|
||||
class E28 extends BaseRule {
|
||||
public const NAME = 'No digits in email';
|
||||
public const DESCRIPTION = 'The email address does not include digits.';
|
||||
public const ATTRIBUTES = [];
|
||||
|
||||
protected function defineCondition() {
|
||||
return $this->rb->logicalAnd(
|
||||
$this->rb['le_email_has_no_digits']->equalTo(true),
|
||||
$this->rb['le_local_part_len']->greaterThan(0),
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,15 @@
|
||||
<?php
|
||||
|
||||
namespace Controllers\Admin\Rules\Set;
|
||||
|
||||
class E29 extends BaseRule {
|
||||
public const NAME = 'Old breach (>3 years)';
|
||||
public const DESCRIPTION = 'The earliest data breach associated with the email appeared more than 3 years ago. Can be used as sign of aged email.';
|
||||
public const ATTRIBUTES = ['email'];
|
||||
|
||||
protected function defineCondition() {
|
||||
return $this->rb->logicalAnd(
|
||||
$this->rb['ee_days_since_first_breach']->greaterThan(365 * 3),
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,17 @@
|
||||
<?php
|
||||
|
||||
namespace Controllers\Admin\Rules\Set;
|
||||
|
||||
class E30 extends BaseRule {
|
||||
public const NAME = 'Domain with average rank';
|
||||
public const DESCRIPTION = 'Email domain has tranco rank between 100.000 and 4.000.000';
|
||||
public const ATTRIBUTES = ['domain'];
|
||||
|
||||
protected function defineCondition() {
|
||||
return $this->rb->logicalAnd(
|
||||
$this->rb['ld_tranco_rank']->greaterThan(100000),
|
||||
$this->rb['ld_tranco_rank']->lessThan(4000000),
|
||||
$this->rb['ld_domain_free_email_provider']->notEqualTo(true),
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,21 @@
|
||||
<?php
|
||||
|
||||
namespace Controllers\Admin\Rules\Set;
|
||||
|
||||
class I01 extends BaseRule {
|
||||
public const NAME = 'IP belongs to TOR';
|
||||
public const DESCRIPTION = 'IP address is assigned to The Onion Router network. Very few people use TOR, mainly used for anonymization and accessing censored resources.';
|
||||
public const ATTRIBUTES = ['ip'];
|
||||
|
||||
protected function prepareParams(array $params): array {
|
||||
$params['eip_tor'] = in_array(true, $params['eip_tor']);
|
||||
|
||||
return $params;
|
||||
}
|
||||
|
||||
protected function defineCondition() {
|
||||
return $this->rb->logicalAnd(
|
||||
$this->rb['eip_tor']->equalTo(true),
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,25 @@
|
||||
<?php
|
||||
|
||||
namespace Controllers\Admin\Rules\Set;
|
||||
|
||||
class I02 extends BaseRule {
|
||||
public const NAME = 'IP hosting domain';
|
||||
public const DESCRIPTION = 'Higher risk of crawler bot. Such IP addresses are used only for hosting and are not provided to regular users by ISP.';
|
||||
public const ATTRIBUTES = ['ip'];
|
||||
|
||||
protected function prepareParams(array $params): array {
|
||||
$arrWithPositiveDomainsCounts = array_filter($params['eip_domains_count_len'], static function ($value): bool {
|
||||
return $value > 0;
|
||||
});
|
||||
|
||||
$params['eip_domains_count_len'] = count($arrWithPositiveDomainsCounts) > 0;
|
||||
|
||||
return $params;
|
||||
}
|
||||
|
||||
protected function defineCondition() {
|
||||
return $this->rb->logicalAnd(
|
||||
$this->rb['eip_domains_count_len']->greaterThan(0),
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,21 @@
|
||||
<?php
|
||||
|
||||
namespace Controllers\Admin\Rules\Set;
|
||||
|
||||
class I03 extends BaseRule {
|
||||
public const NAME = 'IP appears in spam list';
|
||||
public const DESCRIPTION = 'User may have exhibited unwanted activity before at other web services.';
|
||||
public const ATTRIBUTES = ['ip'];
|
||||
|
||||
protected function prepareParams(array $params): array {
|
||||
$params['eip_blocklist'] = in_array(true, $params['eip_blocklist']);
|
||||
|
||||
return $params;
|
||||
}
|
||||
|
||||
protected function defineCondition() {
|
||||
return $this->rb->logicalAnd(
|
||||
$this->rb['eip_blocklist']->equalTo(true),
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,25 @@
|
||||
<?php
|
||||
|
||||
namespace Controllers\Admin\Rules\Set;
|
||||
|
||||
class I04 extends BaseRule {
|
||||
public const NAME = 'Shared IP';
|
||||
public const DESCRIPTION = 'Multiple users detected on the same IP address. High risk of multi-accounting.';
|
||||
public const ATTRIBUTES = [];
|
||||
|
||||
protected function prepareParams(array $params): array {
|
||||
$arrWithPositiveSharedIps = array_filter($params['eip_shared'], function ($item) {
|
||||
return $item > 1;
|
||||
});
|
||||
|
||||
$params['eip_shared'] = count($arrWithPositiveSharedIps) > 0;
|
||||
|
||||
return $params;
|
||||
}
|
||||
|
||||
protected function defineCondition() {
|
||||
return $this->rb->logicalAnd(
|
||||
$this->rb['eip_shared']->equalTo(true),
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,21 @@
|
||||
<?php
|
||||
|
||||
namespace Controllers\Admin\Rules\Set;
|
||||
|
||||
class I05 extends BaseRule {
|
||||
public const NAME = 'IP belongs to commercial VPN';
|
||||
public const DESCRIPTION = 'User tries to hide their real location or bypass regional blocking.';
|
||||
public const ATTRIBUTES = ['ip'];
|
||||
|
||||
protected function prepareParams(array $params): array {
|
||||
$params['eip_vpn'] = in_array(true, $params['eip_vpn']);
|
||||
|
||||
return $params;
|
||||
}
|
||||
|
||||
protected function defineCondition() {
|
||||
return $this->rb->logicalAnd(
|
||||
$this->rb['eip_vpn']->equalTo(true),
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,21 @@
|
||||
<?php
|
||||
|
||||
namespace Controllers\Admin\Rules\Set;
|
||||
|
||||
class I06 extends BaseRule {
|
||||
public const NAME = 'IP belongs to datacenter';
|
||||
public const DESCRIPTION = 'The user is utilizing an ISP datacenter, which highly suggests the use of a VPN, script, or privacy software.';
|
||||
public const ATTRIBUTES = ['ip'];
|
||||
|
||||
protected function prepareParams(array $params): array {
|
||||
$params['eip_data_center'] = in_array(true, $params['eip_data_center']);
|
||||
|
||||
return $params;
|
||||
}
|
||||
|
||||
protected function defineCondition() {
|
||||
return $this->rb->logicalAnd(
|
||||
$this->rb['eip_data_center']->equalTo(true),
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,21 @@
|
||||
<?php
|
||||
|
||||
namespace Controllers\Admin\Rules\Set;
|
||||
|
||||
class I07 extends BaseRule {
|
||||
public const NAME = 'IP belongs to Apple Relay';
|
||||
public const DESCRIPTION = 'IP address belongs to iCloud Private Relay, part of an iCloud+ subscription.';
|
||||
public const ATTRIBUTES = ['ip'];
|
||||
|
||||
protected function prepareParams(array $params): array {
|
||||
$params['eip_relay'] = in_array(true, $params['eip_relay']);
|
||||
|
||||
return $params;
|
||||
}
|
||||
|
||||
protected function defineCondition() {
|
||||
return $this->rb->logicalAnd(
|
||||
$this->rb['eip_relay']->equalTo(true),
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,21 @@
|
||||
<?php
|
||||
|
||||
namespace Controllers\Admin\Rules\Set;
|
||||
|
||||
class I08 extends BaseRule {
|
||||
public const NAME = 'IP belongs to Starlink';
|
||||
public const DESCRIPTION = 'IP address belongs to SpaceX satellite network.';
|
||||
public const ATTRIBUTES = ['ip'];
|
||||
|
||||
protected function prepareParams(array $params): array {
|
||||
$params['eip_starlink'] = in_array(true, $params['eip_starlink']);
|
||||
|
||||
return $params;
|
||||
}
|
||||
|
||||
protected function defineCondition() {
|
||||
return $this->rb->logicalAnd(
|
||||
$this->rb['eip_starlink']->equalTo(true),
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,15 @@
|
||||
<?php
|
||||
|
||||
namespace Controllers\Admin\Rules\Set;
|
||||
|
||||
class I09 extends BaseRule {
|
||||
public const NAME = 'Numerous IPs';
|
||||
public const DESCRIPTION = 'User accesses the account with numerous IP addresses. This behaviour occurs in less than one percent of desktop users.';
|
||||
public const ATTRIBUTES = [];
|
||||
|
||||
protected function defineCondition() {
|
||||
return $this->rb->logicalAnd(
|
||||
$this->rb['ea_total_ip']->greaterThan(9),
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,15 @@
|
||||
<?php
|
||||
|
||||
namespace Controllers\Admin\Rules\Set;
|
||||
|
||||
class I10 extends BaseRule {
|
||||
public const NAME = 'Only residential IPs';
|
||||
public const DESCRIPTION = 'User uses only residential IP addresses.';
|
||||
public const ATTRIBUTES = ['ip'];
|
||||
|
||||
protected function defineCondition() {
|
||||
return $this->rb->logicalAnd(
|
||||
$this->rb['eip_only_residential']->equalTo(true),
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,15 @@
|
||||
<?php
|
||||
|
||||
namespace Controllers\Admin\Rules\Set;
|
||||
|
||||
class I11 extends BaseRule {
|
||||
public const NAME = 'Single network';
|
||||
public const DESCRIPTION = 'IP addresses belong to one network.';
|
||||
public const ATTRIBUTES = ['ip'];
|
||||
|
||||
protected function defineCondition() {
|
||||
return $this->rb->logicalAnd(
|
||||
$this->rb['eip_unique_cidrs']->equalTo(1),
|
||||
);
|
||||
}
|
||||
}
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user