Event improvement

pascalbaljet · pascalbaljet · commit b275c472317b · 2022-02-02T18:16:05.000+01:00
diff --git a/README.md b/README.md
@@ -81,7 +81,18 @@ Instead of transforming malicious input, you may configure the middleware to ter
 
 ### Dispatch event
 
-You may configure the middleware to dispatch an event whenever malicious input has been found. Setting the `middleware.dispatch_event_on_malicious_input` to `true` will dispatch an `ProtoneMedia\LaravelXssProtection\Events\MaliciousInputFound` event with the malicious keys and full request.
+You may configure the middleware to dispatch an event whenever malicious input has been found. Setting the `middleware.dispatch_event_on_malicious_input` to `true` will dispatch an `ProtoneMedia\LaravelXssProtection\Events\MaliciousInputFound` event with the sanitized keys, the original request and the sanitized request.
+
+```php
+use Illuminate\Support\Facades\Event;
+use ProtoneMedia\LaravelXssProtection\Events\MaliciousInputFound;
+
+Event::listen(function (MaliciousInputFound $event) {
+    $event->sanitizedKeys;
+    $event->originalRequest;
+    $event->sanitizedRequest;
+});
+```
 
 ## Changelog
 
diff --git a/src/Events/MaliciousInputFound.php b/src/Events/MaliciousInputFound.php
@@ -6,7 +6,11 @@
 
 class MaliciousInputFound
 {
-    public function __construct(public array $keys, public Request $request)
+    public function __construct(
+        public array $sanitizedKeys,
+        public Request $originalRequest,
+        public Request $sanitizedRequest
+    )
     {
     }
 }
diff --git a/src/Middleware/XssCleanInput.php b/src/Middleware/XssCleanInput.php
@@ -79,14 +79,16 @@ public function handle($request, Closure $next)
             }
         }
 
+        $originalRequest = clone $request;
+
         $this->clean($request);
 
         if (count($this->sanitizedKeys) === 0) {
             return $next($request);
         }
 
         if ($this->enabledInConfig('dispatch_event_on_malicious_input')) {
-            event(new MaliciousInputFound($this->sanitizedKeys, $request));
+            event(new MaliciousInputFound($this->sanitizedKeys, $originalRequest, $request));
         }
 
         if ($this->enabledInConfig('terminate_request_on_malicious_input')) {
diff --git a/tests/MiddlewareTest.php b/tests/MiddlewareTest.php
@@ -35,7 +35,9 @@
     $middleware->handle($request, fn ($request) => $request);
 
     Event::assertDispatched(function (MaliciousInputFound $event) use ($request) {
-        return $event->request === $request && $event->keys === ['key'];
+        return $event->sanitizedRequest === $request
+            && $event->originalRequest->input('key') === 'test<script>script</script>'
+            && $event->sanitizedKeys === ['key'];
     });
 });
 

Original file line number	Diff line number	Diff line change
`@@ -6,7 +6,11 @@`
`6`	`6`
`7`	`7`	`class MaliciousInputFound`
`8`	`8`	`{`
`9`		`- public function __construct(public array $keys, public Request $request)`
	`9`	`+ public function __construct(`
	`10`	`+ public array $sanitizedKeys,`
	`11`	`+ public Request $originalRequest,`
	`12`	`+ public Request $sanitizedRequest`
	`13`	`+ )`
`10`	`14`	`{`
`11`	`15`	`}`
`12`	`16`	`}`
Original file line number	Diff line number	Diff line change
`@@ -79,14 +79,16 @@ public function handle($request, Closure $next)`
`79`	`79`	`}`
`80`	`80`	`}`
`81`	`81`
	`82`	`+ $originalRequest = clone $request;`
	`83`	`+`
`82`	`84`	`$this->clean($request);`
`83`	`85`
`84`	`86`	`if (count($this->sanitizedKeys) === 0) {`
`85`	`87`	`return $next($request);`
`86`	`88`	`}`
`87`	`89`
`88`	`90`	`if ($this->enabledInConfig('dispatch_event_on_malicious_input')) {`
`89`		`- event(new MaliciousInputFound($this->sanitizedKeys, $request));`
	`91`	`+ event(new MaliciousInputFound($this->sanitizedKeys, $originalRequest, $request));`
`90`	`92`	`}`
`91`	`93`
`92`	`94`	`if ($this->enabledInConfig('terminate_request_on_malicious_input')) {`