OXIESEC PANEL

Name	Size	Modified	Perms
📁 ..	-	08/14/2024 10:55:35 AM	rwxr-xr-x
📄 AmbiguousSuccessParser.php	2.3 KB	08/14/2024 10:52:22 AM	rw-r--r--
📄 ApplyChecksumMiddleware.php	4.98 KB	08/14/2024 10:52:23 AM	rw-r--r--
📄 BatchDelete.php	7.73 KB	08/14/2024 10:52:23 AM	rw-r--r--
📄 BucketEndpointArnMiddleware.php	14.04 KB	08/14/2024 10:52:23 AM	rw-r--r--
📄 BucketEndpointMiddleware.php	3.44 KB	08/14/2024 10:52:23 AM	rw-r--r--
📄 CalculatesChecksumTrait.php	1.84 KB	08/14/2024 10:52:23 AM	rw-r--r--
📁 Crypto	-	08/14/2024 10:55:34 AM	rwxr-xr-x
📄 EndpointRegionHelperTrait.php	3.26 KB	08/14/2024 10:52:23 AM	rw-r--r--
📁 Exception	-	08/14/2024 10:55:34 AM	rwxr-xr-x
📄 GetBucketLocationParser.php	1.34 KB	08/14/2024 10:52:23 AM	rw-r--r--
📄 MultipartCopy.php	9.06 KB	08/14/2024 10:52:23 AM	rw-r--r--
📄 MultipartUploader.php	6.3 KB	08/14/2024 10:52:23 AM	rw-r--r--
📄 MultipartUploadingTrait.php	4.24 KB	08/14/2024 10:52:23 AM	rw-r--r--
📄 ObjectCopier.php	5.99 KB	08/14/2024 10:52:23 AM	rw-r--r--
📄 ObjectUploader.php	5.52 KB	08/14/2024 10:52:23 AM	rw-r--r--
📄 PermanentRedirectMiddleware.php	1.76 KB	08/14/2024 10:52:23 AM	rw-r--r--
📄 PostObject.php	3.99 KB	08/14/2024 10:52:23 AM	rw-r--r--
📄 PostObjectV4.php	5.49 KB	08/14/2024 10:52:23 AM	rw-r--r--
📄 PutObjectUrlMiddleware.php	1.61 KB	08/14/2024 10:52:23 AM	rw-r--r--
📁 RegionalEndpoint	-	08/14/2024 11:03:10 AM	rwxr-xr-x
📄 RetryableMalformedResponseParser.php	1.47 KB	08/14/2024 10:52:23 AM	rw-r--r--
📄 S3Client.php	52.19 KB	08/14/2024 10:52:23 AM	rw-r--r--
📄 S3ClientInterface.php	14.47 KB	08/14/2024 10:52:23 AM	rw-r--r--
📄 S3ClientTrait.php	10.56 KB	08/14/2024 10:52:23 AM	rw-r--r--
📄 S3EndpointMiddleware.php	11.39 KB	08/14/2024 10:52:24 AM	rw-r--r--
📄 S3MultiRegionClient.php	19.96 KB	08/14/2024 10:52:24 AM	rw-r--r--
📄 S3UriParser.php	5.07 KB	08/14/2024 10:52:24 AM	rw-r--r--
📄 SSECMiddleware.php	2.31 KB	08/14/2024 10:52:24 AM	rw-r--r--
📄 StreamWrapper.php	31.65 KB	08/14/2024 10:52:24 AM	rw-r--r--
📄 Transfer.php	15.58 KB	08/14/2024 10:52:24 AM	rw-r--r--
📁 UseArnRegion	-	08/14/2024 11:03:10 AM	rwxr-xr-x
📄 ValidateResponseChecksumParser.php	5.23 KB	08/14/2024 10:52:24 AM	rw-r--r--

Editing: ValidateResponseChecksumParser.php

<?php
namespace Aws\S3;

use Aws\Api\Parser\AbstractParser;
use Aws\Api\Service;
use Aws\Api\StructureShape;
use Aws\CommandInterface;
use Aws\S3\Exception\S3Exception;
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\StreamInterface;

/**
 * @internal Decorates a parser for the S3 service to validate the response checksum.
 */
class ValidateResponseChecksumParser extends AbstractParser
{
    use CalculatesChecksumTrait;
    /**
     * @param callable $parser Parser to wrap.
     */
    public function __construct(callable $parser, Service $api)
    {
        $this->api = $api;
        $this->parser = $parser;
    }

public function __invoke(
        CommandInterface $command,
        ResponseInterface $response
    ) {
        $fn = $this->parser;
        $result = $fn($command, $response);

//Skip this middleware if the operation doesn't have an httpChecksum
        $op = $this->api->getOperation($command->getName());
        $checksumInfo = isset($op['httpChecksum'])
            ? $op['httpChecksum']
            : [];
        if (empty($checksumInfo)) {
            return $result;
        }

//Skip this middleware if the operation doesn't send back a checksum, or the user doesn't opt in
        $checksumModeEnabledMember = isset($checksumInfo['requestValidationModeMember'])
            ? $checksumInfo['requestValidationModeMember']
            : "";
        $checksumModeEnabled = isset($command[$checksumModeEnabledMember])
            ? $command[$checksumModeEnabledMember]
            : "";
        $responseAlgorithms = isset($checksumInfo['responseAlgorithms'])
            ? $checksumInfo['responseAlgorithms']
            : [];
        if (empty($responseAlgorithms)
            || strtolower($checksumModeEnabled) !== "enabled"
        ) {
            return $result;
        }

if (extension_loaded('awscrt')) {
            $checksumPriority = ['CRC32C', 'CRC32', 'SHA1', 'SHA256'];
        } else {
            $checksumPriority = ['CRC32', 'SHA1', 'SHA256'];
        }
        $checksumsToCheck = array_intersect($responseAlgorithms, $checksumPriority);
        $checksumValidationInfo = $this->validateChecksum($checksumsToCheck, $response);

if ($checksumValidationInfo['status'] == "SUCCEEDED") {
            $result['ChecksumValidated'] = $checksumValidationInfo['checksum'];
        } else if ($checksumValidationInfo['status'] == "FAILED"){
            //Ignore failed validations on GetObject if it's a multipart get which returned a full multipart object
            if ($command->getName() == "GetObject"
                && !empty($checksumValidationInfo['checksumHeaderValue'])
            ) {
                $headerValue = $checksumValidationInfo['checksumHeaderValue'];
                $lastDashPos = strrpos($headerValue, '-');
                $endOfChecksum = substr($headerValue, $lastDashPos + 1);
                if (is_numeric($endOfChecksum)
                    && intval($endOfChecksum) > 1
                    && intval($endOfChecksum) < 10000) {
                    return $result;
                }
            }
            throw new S3Exception(
                "Calculated response checksum did not match the expected value",
                $command
            );
        }
        return $result;
    }

public function parseMemberFromStream(
        StreamInterface $stream,
        StructureShape $member,
        $response
    ) {
        return $this->parser->parseMemberFromStream($stream, $member, $response);
    }

/**
     * @param $checksumPriority
     * @param ResponseInterface $response
     */
    public function validateChecksum($checksumPriority, ResponseInterface $response)
    {
        $checksumToValidate = $this->chooseChecksumHeaderToValidate(
            $checksumPriority,
            $response
        );
        $validationStatus = "SKIPPED";
        $checksumHeaderValue = null;
        if (!empty($checksumToValidate)) {
            $checksumHeaderValue = $response->getHeader(
                'x-amz-checksum-' . $checksumToValidate
            );
            if (isset($checksumHeaderValue)) {
                $checksumHeaderValue = $checksumHeaderValue[0];
                $calculatedChecksumValue = $this->getEncodedValue(
                    $checksumToValidate,
                    $response->getBody()
                );
                $validationStatus = $checksumHeaderValue == $calculatedChecksumValue
                    ? "SUCCEEDED"
                    : "FAILED";
            }
        }
        return [
            "status" => $validationStatus,
            "checksum" => $checksumToValidate,
            "checksumHeaderValue" => $checksumHeaderValue,
        ];
    }

/**
     * @param $checksumPriority
     * @param ResponseInterface $response
     */
    public function chooseChecksumHeaderToValidate(
        $checksumPriority,
        ResponseInterface $response
    ) {
        foreach ($checksumPriority as $checksum) {
            $checksumHeader = 'x-amz-checksum-' . $checksum;
            if ($response->hasHeader($checksumHeader)) {
                return $checksum;
            }
        }
        return null;
    }
}