Fixed #9511 - Validation For Encrypted Custom Fields

app/Models/Asset.php

@@ -224,7 +224,11 @@ public function customFieldValidationRules()
 
             foreach ($this->model->fieldset->fields as $field) {
 
-                if ($field->format == 'BOOLEAN') {
+                // this just casts booleans that may come through as strings to an actual boolean type
+                // adding !$field->field_encrypted because when the encrypted value comes through it
+                // screws things up for the encrypted validation rules (and the encrypted string
+                // is not a valid boolean type)
+                if ($field->format == 'BOOLEAN' && !$field->field_encrypted) {
                     $this->{$field->db_column} = filter_var($this->{$field->db_column}, FILTER_VALIDATE_BOOLEAN);
                 }
             }

app/Models/CustomField.php

@@ -16,6 +16,7 @@ class CustomField extends Model
         UniqueUndeletedTrait;
 
     /**
+     *
      * Custom field predfined formats
      *
      * @var array

app/Models/CustomFieldset.php

@@ -3,12 +3,19 @@
 namespace App\Models;
 
 use App\Rules\AlphaEncrypted;
+use App\Rules\BooleanEncrypted;
+use App\Rules\DateEncrypted;
+use App\Rules\EmailEncrypted;
+use App\Rules\IPEncrypted;
+use App\Rules\IPv4Encrypted;
+use App\Rules\IPv6Encrypted;
+use App\Rules\MacEncrypted;
 use App\Rules\NumericEncrypted;
+use App\Rules\RegexEncrypted;
+use App\Rules\UrlEncrypted;
 use Gate;
 use Illuminate\Database\Eloquent\Factories\HasFactory;
 use Illuminate\Database\Eloquent\Model;
-use Illuminate\Support\Facades\Log;
-use Illuminate\Validation\Rule;
 use Watson\Validating\ValidatingTrait;
 
 class CustomFieldset extends Model
@@ -99,7 +106,7 @@ public function displayAnyFieldsInForm($form_type = null)
      * @since  [v3.0]
      * @return array
      */
-    public function validation_rules()
+    public function validation_rules(): array
     {
         $rules = [];
         foreach ($this->fields as $field) {
@@ -121,19 +128,66 @@ public function validation_rules()
 
             $rules[$field->db_column_name()] = $rule;
 
-
-            // these are to replace the standard 'numeric' and 'alpha' rules if the custom field is also encrypted.
-            // the values need to be decrypted first, because encrypted strings are alphanumeric
-            if ($field->format === 'NUMERIC' && $field->field_encrypted) {
+            // this is to switch the rules to rules specially made for encrypted custom fields that decrypt the value before validating
+            if ($field->field_encrypted) {
                 $numericKey = array_search('numeric', $rules[$field->db_column_name()]);
-                $rules[$field->db_column_name()][$numericKey] = new NumericEncrypted;
-            }
-
-            if ($field->format === 'ALPHA' && $field->field_encrypted) {
                 $alphaKey = array_search('alpha', $rules[$field->db_column_name()]);
-                $rules[$field->db_column_name()][$alphaKey] = new AlphaEncrypted;
+                $emailKey = array_search('email', $rules[$field->db_column_name()]);
+                $dateKey = array_search('date', $rules[$field->db_column_name()]);
+                $urlKey = array_search('url', $rules[$field->db_column_name()]);
+                $ipKey = array_search('ip', $rules[$field->db_column_name()]);
+                $ipv4Key = array_search('ipv4', $rules[$field->db_column_name()]);
+                $ipv6Key = array_search('ipv6', $rules[$field->db_column_name()]);
+                $macKey = array_search('regex:/^[a-fA-F0-9]{2}:[a-fA-F0-9]{2}:[a-fA-F0-9]{2}:[a-fA-F0-9]{2}:[a-fA-F0-9]{2}:[a-fA-F0-9]{2}$/', $rules[$field->db_column_name()]);
+                $booleanKey = array_search('boolean', $rules[$field->db_column_name()]);
+                // find objects in array that start with "regex:"
+                // collect because i couldn't figure how to do this
+                // with array filter and get keys out of it
+                $regexCollect = collect($rules[$field->db_column_name()]);
+                $regexKeys = $regexCollect->filter(function ($value, $key) {
+                    return starts_with($value, 'regex:');
+                })->keys()->values()->toArray();
+
+                switch ($field->format) {
+                    case 'NUMERIC':
+                        $rules[$field->db_column_name()][$numericKey] = new NumericEncrypted;
+                        break;
+                    case 'ALPHA':
+                        $rules[$field->db_column_name()][$alphaKey] = new AlphaEncrypted;
+                        break;
+                    case 'EMAIL':
+                        $rules[$field->db_column_name()][$emailKey] = new EmailEncrypted;
+                        break;
+                    case 'DATE':
+                        $rules[$field->db_column_name()][$dateKey] = new DateEncrypted;
+                        break;
+                    case 'URL':
+                        $rules[$field->db_column_name()][$urlKey] = new UrlEncrypted;
+                        break;
+                    case 'IP':
+                        $rules[$field->db_column_name()][$ipKey] = new IPEncrypted;
+                        break;
+                    case 'IPV4':
+                        $rules[$field->db_column_name()][$ipv4Key] = new IPv4Encrypted;
+                        break;
+                    case 'IPV6':
+                        $rules[$field->db_column_name()][$ipv6Key] = new IPv6Encrypted;
+                        break;
+                    case 'MAC':
+                        $rules[$field->db_column_name()][$macKey] = new MacEncrypted;
+                        break;
+                    case 'BOOLEAN':
+                        $rules[$field->db_column_name()][$booleanKey] = new BooleanEncrypted;
+                        break;
+                    case starts_with($field->format, 'regex'):
+                        foreach ($regexKeys as $regexKey) {
+                            $rules[$field->db_column_name()][$regexKey] = new RegexEncrypted;
+                        }
+                        break;
+                }
             }
 
+
             // add not_array to rules for all fields but checkboxes
             if ($field->element != 'checkbox') {
                 $rules[$field->db_column_name()][] = 'not_array';

app/Rules/AlphaEncrypted.php

@@ -5,9 +5,11 @@
 use Closure;
 use Illuminate\Contracts\Validation\ValidationRule;
 use Illuminate\Support\Facades\Crypt;
+use Illuminate\Validation\Concerns\ValidatesAttributes;
 
 class AlphaEncrypted implements ValidationRule
 {
+    use ValidatesAttributes;
     /**
      * Run the validation rule.
      *
@@ -18,7 +20,7 @@ public function validate(string $attribute, mixed $value, Closure $fail): void
         try {
             $attributeName = trim(preg_replace('/_+|snipeit|\d+/', ' ', $attribute));
             $decrypted = Crypt::decrypt($value);
-            if (!ctype_alpha($decrypted) && !is_null($decrypted)) {
+            if (!$this->validateAlpha($attributeName, $decrypted, 'ascii') && !is_null($decrypted)) {
                 $fail(trans('validation.alpha', ['attribute' => $attributeName]));
             }
         } catch (\Exception $e) {

app/Rules/BooleanEncrypted.php

@@ -0,0 +1,33 @@
+<?php
+
+namespace App\Rules;
+
+use Closure;
+use Illuminate\Contracts\Validation\ValidationRule;
+use Illuminate\Support\Facades\Crypt;
+use Illuminate\Validation\Concerns\ValidatesAttributes;
+
+class BooleanEncrypted implements ValidationRule
+{
+    use ValidatesAttributes;
+
+    /**
+     * Run the validation rule.
+     *
+     * @param  \Closure(string, ?string=): \Illuminate\Translation\PotentiallyTranslatedString  $fail
+     */
+    public function validate(string $attribute, mixed $value, Closure $fail): void
+    {
+        try {
+            $attributeName = trim(preg_replace('/_+|snipeit|\d+/', ' ', $attribute));
+            $decrypted = Crypt::decrypt($value);
+
+            if (!$this->validateBoolean($attributeName, $decrypted) && !is_null($decrypted)) {
+                $fail(trans('validation.ipv6', ['attribute' => $attributeName]));
+            }
+        } catch (\Exception $e) {
+            report($e);
+            $fail(trans('general.something_went_wrong'));
+        }
+    }
+}

app/Rules/DateEncrypted.php

@@ -0,0 +1,32 @@
+<?php
+
+namespace App\Rules;
+
+use Closure;
+use Illuminate\Contracts\Validation\ValidationRule;
+use Illuminate\Support\Facades\Crypt;
+use Illuminate\Validation\Concerns\ValidatesAttributes;
+
+class DateEncrypted implements ValidationRule
+{
+    use ValidatesAttributes;
+
+    /**
+     * Run the validation rule.
+     *
+     * @param  \Closure(string): \Illuminate\Translation\PotentiallyTranslatedString  $fail
+     */
+    public function validate(string $attribute, mixed $value, Closure $fail): void
+    {
+        try {
+            $attributeName = trim(preg_replace('/_+|snipeit|\d+/', ' ', $attribute));
+            $decrypted = Crypt::decrypt($value);
+            if (!$this->validateDate($attributeName, $decrypted) && !is_null($decrypted)) {
+                $fail(trans('validation.date', ['attribute' => $attributeName]));
+            }
+        } catch (\Exception $e) {
+            report($e);
+            $fail(trans('general.something_went_wrong'));
+        }
+    }
+}

app/Rules/EmailEncrypted.php

@@ -0,0 +1,32 @@
+<?php
+
+namespace App\Rules;
+
+use Closure;
+use Illuminate\Contracts\Validation\ValidationRule;
+use Illuminate\Support\Facades\Crypt;
+use Illuminate\Validation\Concerns\ValidatesAttributes;
+
+class EmailEncrypted implements ValidationRule
+{
+    use ValidatesAttributes;
+
+    /**
+     * Run the validation rule.
+     *
+     * @param  \Closure(string, ?string=): \Illuminate\Translation\PotentiallyTranslatedString  $fail
+     */
+    public function validate(string $attribute, mixed $value, Closure $fail): void
+    {
+        try {
+            $attributeName = trim(preg_replace('/_+|snipeit|\d+/', ' ', $attribute));
+            $decrypted = Crypt::decrypt($value);
+            if (!$this->validateEmail($attribute, $decrypted, []) && !is_null($decrypted)) {
+                $fail(trans('validation.email', ['attribute' => $attributeName]));
+            }
+        } catch (\Exception $e) {
+            report($e);
+            $fail(trans('general.something_went_wrong'));
+        }
+    }
+}

app/Rules/IPEncrypted.php

@@ -0,0 +1,32 @@
+<?php
+
+namespace App\Rules;
+
+use Closure;
+use Illuminate\Contracts\Validation\ValidationRule;
+use Illuminate\Support\Facades\Crypt;
+use Illuminate\Validation\Concerns\ValidatesAttributes;
+
+class IPEncrypted implements ValidationRule
+{
+    use ValidatesAttributes;
+
+    /**
+     * Run the validation rule.
+     *
+     * @param  \Closure(string): \Illuminate\Translation\PotentiallyTranslatedString  $fail
+     */
+    public function validate(string $attribute, mixed $value, Closure $fail): void
+    {
+        try {
+            $attributeName = trim(preg_replace('/_+|snipeit|\d+/', ' ', $attribute));
+            $decrypted = Crypt::decrypt($value);
+            if (!$this->validateIp($attributeName, $decrypted) && !is_null($decrypted)) {
+                $fail(trans('validation.ip', ['attribute' => $attributeName]));
+            }
+        } catch (\Exception $e) {
+            report($e);
+            $fail(trans('general.something_went_wrong'));
+        }
+    }
+}

app/Rules/IPv4Encrypted.php

@@ -0,0 +1,32 @@
+<?php
+
+namespace App\Rules;
+
+use Closure;
+use Illuminate\Contracts\Validation\ValidationRule;
+use Illuminate\Support\Facades\Crypt;
+use Illuminate\Validation\Concerns\ValidatesAttributes;
+
+class IPv4Encrypted implements ValidationRule
+{
+    use ValidatesAttributes;
+
+    /**
+     * Run the validation rule.
+     *
+     * @param  \Closure(string): \Illuminate\Translation\PotentiallyTranslatedString  $fail
+     */
+    public function validate(string $attribute, mixed $value, Closure $fail): void
+    {
+        try {
+            $attributeName = trim(preg_replace('/_+|snipeit|\d+/', ' ', $attribute));
+            $decrypted = Crypt::decrypt($value);
+            if (!$this->validateIpv4($attributeName, $decrypted) && !is_null($decrypted)) {
+                $fail(trans('validation.ipv4', ['attribute' => $attributeName]));
+            }
+        } catch (\Exception $e) {
+            report($e);
+            $fail(trans('general.something_went_wrong'));
+        }
+    }
+}

app/Rules/IPv6Encrypted.php

@@ -0,0 +1,32 @@
+<?php
+
+namespace App\Rules;
+
+use Closure;
+use Illuminate\Contracts\Validation\ValidationRule;
+use Illuminate\Support\Facades\Crypt;
+use Illuminate\Validation\Concerns\ValidatesAttributes;
+
+class IPv6Encrypted implements ValidationRule
+{
+    use ValidatesAttributes;
+
+    /**
+     * Run the validation rule.
+     *
+     * @param  \Closure(string): \Illuminate\Translation\PotentiallyTranslatedString  $fail
+     */
+    public function validate(string $attribute, mixed $value, Closure $fail): void
+    {
+        try {
+            $attributeName = trim(preg_replace('/_+|snipeit|\d+/', ' ', $attribute));
+            $decrypted = Crypt::decrypt($value);
+            if (!$this->validateIpv6($attributeName, $decrypted) && !is_null($decrypted)) {
+                $fail(trans('validation.ipv6', ['attribute' => $attributeName]));
+            }
+        } catch (\Exception $e) {
+            report($e);
+            $fail(trans('general.something_went_wrong'));
+        }
+    }
+}

app/Rules/MacEncrypted.php

@@ -0,0 +1,33 @@
+<?php
+
+namespace App\Rules;
+
+use App\Models\CustomField;
+use Closure;
+use Illuminate\Contracts\Validation\ValidationRule;
+use Illuminate\Support\Facades\Crypt;
+use Illuminate\Validation\Concerns\ValidatesAttributes;
+
+class MacEncrypted implements ValidationRule
+{
+    use ValidatesAttributes;
+
+    /**
+     * Run the validation rule.
+     *
+     * @param  \Closure(string): \Illuminate\Translation\PotentiallyTranslatedString  $fail
+     */
+    public function validate(string $attribute, mixed $value, Closure $fail): void
+    {
+        try {
+            $attributeName = trim(preg_replace('/_+|snipeit|\d+/', ' ', $attribute));
+            $decrypted = Crypt::decrypt($value);
+            if (!$this->validateRegex($attributeName, $decrypted, ['/^[a-fA-F0-9]{2}:[a-fA-F0-9]{2}:[a-fA-F0-9]{2}:[a-fA-F0-9]{2}:[a-fA-F0-9]{2}:[a-fA-F0-9]{2}$/']) && !is_null($decrypted)) {
+                $fail(trans('validation.mac_address', ['attribute' => $attributeName]));
+            }
+        } catch (\Exception $e) {
+            report($e);
+            $fail(trans('general.something_went_wrong'));
+        }
+    }
+}