Skip to content

Commit

Permalink
20230702 Closes #217 Closes #218 Closes #222 Closes #223
Browse files Browse the repository at this point in the history 
         Closes #224 Closes #225 Closes #226
         Code Cleanup.

     File(s): base_ag_main.php
            : base_local_rules.php
            : includes/base_krnl.php
            : includes/base_net.inc.php
            : includes/base_state_citems.inc.php
            : includes/base_state_query.inc.php
              Code Cleanup.
     File(s): base_common.php
              Code Cleanup.
    Issue(s): #222
 Function(s): Removed: BuildIPFormVars(), BuildSrcIPFormVars(), &
              BuildDstIPFormVars().
 Function(s): BuildIPFormVar( ip, addr_type, criteria_instance )
              Returns HTTP Query String fragment containing IP
              Address search criteria; or empty string on invalid
              IP.
              Note: Curently the NULL_IP constant is also treated
              as valid foe backward compatibility reasons. This
              "feature" will be removed in the future, when code
              depending on NULL_IP being in the HTTP Query String
              is removed.
     File(s): base_db_common.php
            : includes/base_db.inc.php
              Code Cleanup.
    Issue(s): #226
     File(s): base_maintenance.php
            : composer.json
            : includes/base_auth.inc.php
            : includes/base_capabilities.php
              Code Cleanup.
    Issue(s): #225
     File(s): base_stat_ipaddr.php
    Issue(s): #217
              Code Cleanup.
     File(s): base_stat_uaddr.php
    Issue(s): #223
              Code Cleanup.
     File(s): includes/base_log_error.inc.php
    Issue(s): #226
 Function(s): returnBuildError( Desc, Opt, dll )
              Added dll paramater to provide more
              meaningful error reports for Windows
              installations.
     File(s): includes/base_rtl.php
              Code Cleanup.
              Bumped RTL Version to 0.0.12
    Issue(s): #224 #225
 Function(s): BCMi()
              Returns true if BCMath is installed, false otherwise.
            : GMPi()
              Returns true if GMP is installed, false otherwise.
            : IPv6i()
              Returns true if RTL can handle IPv6 on this installation.
              Sets New Constant BASE_RTL_IPv6 accordingly.
     File(s): includes/base_state_criteria.inc.php
    Issue(s): #218
Unit Test(s): Covers BuildIPFormVar(), the following in the
              CriteriaState Class, ReadState().
  • Loading branch information
@NathanGibbs3
NathanGibbs3 committed Jul 2, 2023
1 parent 9bfe278 commit 119d8c6
Show file tree
Hide file tree
Showing 26 changed files with 944 additions and 405 deletions.
2 changes: 1 addition & 1 deletion base_ag_main.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -102,7 +102,7 @@
$qs->AddValidAction("email_alert");
$qs->AddValidAction("email_alert2");
$qs->AddValidAction("clear_alert");

$qs->AddValidActionOp(_SELECTED);
$qs->AddValidActionOp(_ALLONSCREEN);
$qs->AddValidActionOp(_ENTIREQUERY);
Expand Down
68 changes: 41 additions & 27 deletions base_common.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -113,28 +113,45 @@ function PrintProtocolProfileGraphs( $db ){
PrintFramedBoxFooter(0,2);
}

function BuildIPFormVars( $ipaddr ){
return '' .
'&ip_addr%5B0%5D%5B0%5D=+&ip_addr%5B0%5D%5B1%5D=ip_src&ip_addr%5B0%5D%5B2%5D=%3D'.
'&ip_addr%5B0%5D%5B3%5D='.$ipaddr.
'&ip_addr%5B0%5D%5B8%5D=+&ip_addr%5B0%5D%5B9%5D=OR'.
'&ip_addr%5B1%5D%5B0%5D=+&ip_addr%5B1%5D%5B1%5D=ip_dst&ip_addr%5B1%5D%5B2%5D=%3D'.
'&ip_addr%5B1%5D%5B3%5D='.$ipaddr.
'&ip_addr%5B1%5D%5B8%5D=+&ip_addr%5B1%5D%5B9%5D=+';
}

function BuildSrcIPFormVars( $ipaddr ){
return '' .
'&ip_addr%5B0%5D%5B0%5D=+&ip_addr%5B0%5D%5B1%5D=ip_src&ip_addr%5B0%5D%5B2%5D=%3D'.
'&ip_addr%5B0%5D%5B3%5D='.$ipaddr.
'&ip_addr%5B0%5D%5B8%5D=+&ip_addr%5B0%5D%5B9%5D=+';
}

function BuildDstIPFormVars( $ipaddr ){
return '' .
'&ip_addr%5B0%5D%5B0%5D=+&ip_addr%5B0%5D%5B1%5D=ip_dst&ip_addr%5B0%5D%5B2%5D=%3D'.
'&ip_addr%5B0%5D%5B3%5D='.$ipaddr.
'&ip_addr%5B0%5D%5B8%5D=+&ip_addr%5B0%5D%5B9%5D=+';
function BuildIPFormVar( $ip = '', $type = 2, $idx = 0 ){
// Returns HTTP Query String fragment containing IP Address search
// criteria; or empty string on invalid IP.
//
// Note: Curently the NULL_IP constant is also returned as valid foe
// backward compatibility reasons. This "feature" will be removed in the
// future, once we untagle the code that depends on NULL_IP being present
// in the passed param.
$Ret = ''; // Default Return
if( is_ip($ip) || $ip == NULL_IP ){ // NULL_IP = Backwards Compat Hack.
$type = intval($type); // Type Lock this.
$idx = intval($idx); // Type Lock this.
if( $type < 1 || $type > 3 ){ // Input Validation.
$type = 2;
}
if( $idx < 0 || $idx > 1 ){ // Input Validation.
$idx = 0;
}
// Lock to PHP 8.1+ settings.
$Flag = ENT_QUOTES | ENT_SUBSTITUTE | ENT_HTML401;
$FPFX = htmlentities('&' . urlencode("ip_addr[$idx]["), $Flag);
$FSFX = urlencode(']') . '=';
$Pfx = $FPFX . "0$FSFX" . urlencode(' ') . $FPFX . "1$FSFX";
$Mfx = $FPFX . "2$FSFX" . urlencode('=') . $FPFX . "3$FSFX";
$Sfx = $FPFX . "8$FSFX" . urlencode(' ') . $FPFX . "9$FSFX";
if( $type == 1 ){ // Src
$tmp = 'ip_src';
}elseif( $type == 2 ){ // Dst
$tmp = 'ip_dst';
}else{ // Both
$tmp = BuildIPFormVar($ip, 1);
$Ret = substr($tmp, 0, -1) . 'OR' . BuildIPFormVar($ip, 2, 1);
$tmp = '';
}
if( LoadedString($tmp)){
$Ret = "$Pfx$tmp$Mfx" . urlencode($ip) . $Sfx . urlencode(' ');
}
}
return $Ret;
}

function BuildUniqueAddressLink( $addr_type, $raw = '' ){
Expand All @@ -150,10 +167,9 @@ function BuildAddressLink( $ipaddr, $netmask ){
. '&amp;netmask=' . $netmask . '">';
}

// Add blank row to given criteria element.
function AddCriteriaFormRow(
&$submit, $submit_value, &$cnt, &$criteria_array, $max
){
){ // Add blank row to given criteria element.
$submit = $submit_value;
++$cnt;
InitArray($criteria_array[$cnt-1], $max, 0, '');
Expand Down Expand Up @@ -1059,9 +1075,7 @@ function ChkLib ( $path = '', $LibLoc = '', $LibFile = '' ){
}else{
$Msg .= 'not ';
}
if( $tmp == 0 ){
$Msg .= 'file';
}elseif( $tmp == -1 ){
if( $tmp == -1 ){
$Msg .= 'found';
}elseif( $tmp == -2 ){
$Msg .= 'readable';
Expand Down
29 changes: 21 additions & 8 deletions base_db_common.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -69,32 +69,45 @@ function verify_php_build( $DBtype ){
// On PHP 5.5+, use mysqli ADODB driver & gracefully deprecate the
// mysql, mysqlt & maxsql drivers.
if( $PHPVer[0] > 5 || ( $PHPVer[0] == 5 && $PHPVer[1] > 4) ){
if( !(function_exists('mysqli_connect')) ){
if( !extension_loaded('mysqli') ){
$Ret = returnBuildError('MySQLi', '--with-mysqli');
$Ret .= NLI('Unable to read ALERT DB.<br/>'); // TD This.
}
}else{
if( !(function_exists("mysql_connect")) ){
return _ERRPHPMYSQLSUP;
}
}
}elseif( $DBtype == "postgres" ){
}elseif( $DBtype == 'postgres' ){
if( !(function_exists("pg_connect")) ){
return _ERRPHPPOSTGRESSUP;
}
}elseif( $DBtype == "mssql" ){
if( !(function_exists("mssql_connect")) ){
return _ERRPHPMSSQLSUP;
// @codeCoverageIgnoreStart
}elseif( $DBtype == 'mssql' ){
// On PHP 5.3+, use mssqlnative ADODB driver & gracefully deprecate
// the mssql driver.
if( $PHPVer[0] > 5 || ( $PHPVer[0] == 5 && $PHPVer[1] > 2) ){
if( !extension_loaded('sqlsrv') ){
$Ret = returnBuildError(
'MS SQL Server', '--enable-sqlsrv', 'php_sqlsrv.dll'
);
}
}else{
if( !(function_exists("mssql_connect")) ){
return _ERRPHPMSSQLSUP;
}
}
}elseif( $DBtype == "oci8" ){
if( !(function_exists("ocilogon")) ){
return _ERRPHPORACLESUP;
}
// Additional DB Support would tie in here.
}else{
// @codeCoverageIgnoreEnd
}else{ // Additional DB Support would tie in here.
return '<b>' . _ERRSQLDBTYPE . '</b>: ' . _ERRSQLDBTYPEINFO1
. "'$DBtype'." . _ERRSQLDBTYPEINFO2;
}
if( LoadedString($Ret) ){
$Ret .= NLI('Unable to read ALERT DB.<br/>'); // TD This.
}
return $Ret;
}

Expand Down
2 changes: 1 addition & 1 deletion base_local_rules.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -156,7 +156,7 @@ function search_dir($dir, $sid){
############# main() ##############
AuthorizedRole(10000);
PrintBASESubHeader('Local Rule Lookup');
$tmp = ChkAccess($dir, 'd') > 0
$tmp = ChkAccess($dir, 'd');
if ( $tmp > 1 ){
echo "<H1>sid: $OSid</H1>\n";
if( $debug_mode > 0 ){
Expand Down
2 changes: 1 addition & 1 deletion base_maintenance.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -153,7 +153,7 @@
);
}
if( $AdminAuth ){ // Issue #146 Fix
$PF_lst = array('Mail', 'GD', 'GMP');
$PF_lst = array('Mail', 'GD', 'GMP', 'BCMath');
foreach( $PF_lst as $val ){
$PF_St[$val] = $BCR->GetCap("PHP_$val");
}
Expand Down
109 changes: 59 additions & 50 deletions base_stat_ipaddr.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -229,9 +229,8 @@ function PrintPortscanEvents($db, $ip)
</TABLE>';
}

function PrintEventsByIP($db, $ip)
{
GLOBAL $debug_mode;
function PrintEventsByIP( $db, $ip ){
GLOBAL $debug_mode;

if (!isset($ip))
{
Expand Down Expand Up @@ -287,16 +286,16 @@ function PrintEventsByIP($db, $ip)
{
SQLTraceLog(__FILE__ . ":" . __LINE__ . ":" . __FUNCTION__ . ": After BuildSigByID()");
}
$tmp_iplookup = 'base_qry_main.php?new=1'.
'&amp;sig%5B0%5D=%3D&amp;sig%5B1%5D='.(rawurlencode(GetSignatureName($unique_events[$i], $db))).
'&amp;num_result_rows=-1'.
'&amp;submit='._QUERYDBP.'&amp;current_view=-1&amp;ip_addr_cnt=2'.
BuildIPFormVars($ip);

$tmp_sensor_lookup = 'base_stat_sensor.php?'.
'sig%5B0%5D=%3D&amp;sig%5B1%5D='.
(rawurlencode($unique_events[$i])).
'&amp;ip_addr_cnt=2'.BuildIPFormVars($ip);
$tmp_iplookup = 'base_qry_main.php?new=1'
. '&amp;sig%5B0%5D=%3D&amp;sig%5B1%5D='
. rawurlencode(GetSignatureName($unique_events[$i], $db))
. '&amp;num_result_rows=-1&amp;submit='
. _QUERYDBP . '&amp;current_view=-1&amp;ip_addr_cnt=2'
. BuildIPFormVar($ip, 3);
$tmp_sensor_lookup = 'base_stat_sensor.php?'
. 'sig%5B0%5D=%3D&amp;sig%5B1%5D='
. rawurlencode($unique_events[$i])
. '&amp;ip_addr_cnt=2' . BuildIPFormVar($ip, 3);

echo " <TD align='center'> <A HREF=\"$tmp_iplookup\">$total</A> ";
echo " <TD align='center'> <A HREF=\"$tmp_sensor_lookup\">$num_sensors</A> ";
Expand All @@ -305,33 +304,29 @@ function PrintEventsByIP($db, $ip)
echo '</TR>';
}

echo "</TABLE>\n";
PrintFramedBoxFooter(0,2);
}

$Sep = ' | '; // Separator.
if ( sizeof($sig) != 0 && strstr($sig[1], "spp_portscan") )
$sig[1] = "";

/* Build new link for criteria-based sensor page
* -- ALS <[email protected]>
*/
$tmp_sensor_lookup = 'base_stat_sensor.php?ip_addr_cnt=2'.
BuildIPFormVars($ip);
// Build new link for criteria-based sensor page - ALS <[email protected]>
$tmp_sensor_lookup = 'base_stat_sensor.php?ip_addr_cnt=2'
. BuildIPFormVar($ip, 3);

$tmp_srcdst_iplookup = 'base_qry_main.php?new=2&amp;num_result_rows=-1'
. '&amp;submit=' . _QUERYDBP . '&amp;current_view=-1&amp;ip_addr_cnt=2'
. BuildIPFormVar($ip, 3);

$tmp_srcdst_iplookup = 'base_qry_main.php?new=2'.
'&amp;num_result_rows=-1'.
'&amp;submit='._QUERYDBP.'&amp;current_view=-1&amp;ip_addr_cnt=2'.
BuildIPFormVars($ip);
$tmp_src_iplookup = 'base_qry_main.php?new=2&amp;num_result_rows=-1'
. '&amp;submit=' . _QUERYDBP . '&amp;current_view=-1&amp;ip_addr_cnt=1'
. BuildIPFormVar($ip, 1);

$tmp_src_iplookup = 'base_qry_main.php?new=2'.
'&amp;num_result_rows=-1'.
'&amp;submit='._QUERYDBP.'&amp;current_view=-1&amp;ip_addr_cnt=1'.
BuildSrcIPFormVars($ip);
$tmp_dst_iplookup = 'base_qry_main.php?new=2&amp;num_result_rows=-1'
. '&amp;submit=' . _QUERYDBP . '&amp;current_view=-1&amp;ip_addr_cnt=1'
. BuildIPFormVar($ip, 2);

$tmp_dst_iplookup = 'base_qry_main.php?new=2'.
'&amp;num_result_rows=-1'.
'&amp;submit='._QUERYDBP.'&amp;current_view=-1&amp;ip_addr_cnt=1'.
BuildDstIPFormVars($ip);
echo '<CENTER>';
printf ("<FONT>"._PSALLALERTSAS.":</FONT>",$ip,$netmask);
echo '
Expand All @@ -351,25 +346,39 @@ function PrintEventsByIP($db, $ip)
<A HREF="http://www.db.ripe.net/whois?query='.$ip.'" target="_NEW">RIPE</A> |
<A HREF="http://wq.apnic.net/apnic-bin/whois.pl?do_search=Search&amp;searchtext='.$ip.'" target="_NEW">APNIC</A> |
<A HREF="http://lacnic.net/cgi-bin/lacnic/whois?lg=EN&amp;query='.$ip.'" target="_NEW">LACNIC</A><BR></FONT>';
// Have no idea why this code is here.
// Commenting it out as it was ccontributing to Issue #5
// $octet=preg_split("/\./", $ip);
// $classc=sprintf("%03s.%03s.%03s",$octet[0],$octet[1],$octet[2]);
print '<FONT>'._PSEXTERNAL.': ';
if (isset($external_dns_link)){
print '<A HREF="'.$external_dns_link.$ip.'" target="_NEW">DNS</A>';
}
if (isset($external_whois_link)){
print ' | <A HREF="'.$external_whois_link.$ip.'" target="_NEW">whois</A>';
}
if (isset($external_all_link)){
print ' | <A HREF="'.$external_all_link.$ip.'" target="_NEW">Extended whois</A>';
}
print ' | <A HREF="http://www.dshield.org/ipinfo.php?ip='.$ip.'&amp;Submit=Submit" target="_NEW">DShield.org IP Info</A> | '.
'<A HREF="http://www.trustedsource.org/query.php?q='.$ip.'" target="_NEW">TrustedSource.org IP Info</A> | '.
'<A HREF="http://isc.sans.org/ipinfo.html?ip='.$ip.'" target="_NEW">ISC Source/Subnet Report</A><BR> </FONT>';
// Have no idea why this code is here.
// Commenting it out as it was ccontributing to Issue #5
// $octet=preg_split("/\./", $ip);
// $classc=sprintf("%03s.%03s.%03s",$octet[0],$octet[1],$octet[2]);
print _PSEXTERNAL . ': ';
if( isset($external_dns_link) ){
NLIO(
"<a href='" . $external_dns_link . $ip
. "' target='_NEW'>DNS</a>$Sep", 2
);
}
if( isset($external_whois_link) ){
NLIO(
"<a href='" . $external_whois_link . $ip
. "' target='_NEW'>whois</a>$Sep", 2
);
}
if( isset($external_all_link) ){
NLIO(
"<a href='" . $external_all_link . $ip
. "' target='_NEW'>Extended whois</a>$Sep", 2
);
}
NLIO(
"<a href='" . 'https://www.dshield.org/ipinfo.html?ip=' . $ip
. "' target='_NEW'>DShield.org IP Info</a>$Sep", 2
);
NLIO(
"<a href='" . 'https://isc.sans.edu/ipinfo.html?ip=' . $ip
. "' target='_NEW'>ISC Source/Subnet Report</a>", 2
);
NLIO('<br/>');


echo '</CENTER>';
echo '<HR>';

Expand Down Expand Up @@ -472,6 +481,6 @@ function PrintEventsByIP($db, $ip)
PrintPortscanEvents($db, $ip);
echo ' </CENTER>';
}
NLIO('</form>',2);
NLIO('</form>', 2);
PrintBASESubFooter();
?>
Loading

0 comments on commit 119d8c6

Please sign in to comment.