function dbf_getEntryData($db_link, $entryName, $entryType, $config_nvdcache) { $query = "SELECT * FROM nvdData WHERE type = '{$entryType}' AND name = '{$entryName}'"; if (!($result = mysqli_query($db_link, $query))) { $xml = c_initiate_xml($config_nvdcache); $xml_error = $xml->addchild('error'); $xml_error->addchild('code', '500'); $xml_error->addchild('description', 'DB Error: ' . mysqli_error($db_link)); c_announce($xml); } if (mysqli_num_rows($result) == 0) { $xml = c_initiate_xml($config_nvdcache); $xml_error = $xml->addchild('error'); $xml_error->addchild('code', '400'); $xml_error->addchild('description', $entryType . ' entry ' . $entryName . ' was not found.'); c_announce($xml); } // start building the xml data string //$xml_parent_start = ''; $xml_parent_start = '<nvdCache version="' . $config_nvdcache[version] . '" cacheHost="' . $config_nvdcache[cacheHost] . '">'; $xml_parent_end = '</nvdCache>'; while ($row = mysqli_fetch_assoc($result)) { $xml_result = $xml_parent_start; $xml_result .= $row[entry]; $xml_result .= $xml_parent_end; } $xml = new SimpleXMLElement($xml_result); return $xml; }
function stream_load_xml($url, $db_link, $config_cve) { $start_delimiter = "<entry "; $end_delimiter = "</entry>"; $byte_chunk_size = 64; // see if any of the proxy options were selected and build a stream context if so if ($config_cve[proxy_url] && $config_cve[proxy_port]) { $opts = array('http' => array('proxy' => "tcp://" . $config_cve[proxy_url] . ":" . $config_cve[proxy_port], 'request_fulluri' => TRUE)); $context = stream_context_create($opts); $handle = fopen("{$url}", "r", false, $context); } else { $handle = fopen("{$url}", "r"); } if (!$handle) { $xml = c_initiate_xml($config_nvdcache); $xml_error = $xml->addchild('error'); $xml_error->addchild('code', '500'); $xml_error->addchild('description', 'Could not establish a read handle to ' . $url); c_announce($xml); } $in_entry = 0; while ($data = fread($handle, $byte_chunk_size)) { $read_data .= $data; // append the streaming data unto the variable // use the start_delimiter to detect the begginging of an xml entry $read_data_exploded_start = explode($start_delimiter, $read_data); // if the array has more than one item then we hit upon the entry. if (count($read_data_exploded_start) > 1 && !$in_entry) { $in_entry = 1; // what was infront of the delimieter is poo $poo = array_shift($read_data_exploded_start); // put the start delimieter back unto the string becasue it was removed // with the delimeter 'explode' call. $read_data = $start_delimiter; // making sure that all left delimited items get added back // to the read string foreach ($read_data_exploded_start as $value) { $read_data .= $value; } } // look for the end delimiter $read_data_exploded_end = explode($end_delimiter, $read_data); // look for the end delimieter to indicate that we've gotten to the end of the // entry if (count($read_data_exploded_end) > 1) { $in_entry = 0; $poo = array_shift($read_data_exploded_end); // we finaly have a full entry as string $xml_entry_as_string = $poo . $end_delimiter; // put it into the db. //echo $xml_entry_as_string; dbf_put_entry_in_db($xml_entry_as_string, $db_link); //$xml = new SimpleXMLElement($xml_entry_as_string); //echo $xml->asXML(); // reset the read_data variable $read_data = ''; // set the read_data variable with the end of the exploded // data as to allow it to make the next front end delimiter // check foreach ($read_data_exploded_end as $value) { $read_data .= $value; } } } }
//fta_logHit($_SERVER, $fta_config_data); /* parse the URL */ //echo $HTTP_SERVER_VARS["REQUEST_URI"]; $exp1 = explode("/", $HTTP_SERVER_VARS["REQUEST_URI"]); // $hash is the value passed to the script. this needs to be handled carefuly! $cve_id = $exp1[count($exp1) - 1]; //$cve_id = $_REQUEST['cve_id']; //$token = $_REQUEST['token']; if ($ini_array[security][token_required] == 1 && $ini_array[security][access_token] != $token) { // this is very rude unsafe security. $xml = c_initiate_xml($config_nvdcache); $xml_error = $xml->addchild('error'); $xml_error->addchild('code', '500'); $xml_error->addchild('description', 'Invalid token or no token given. A token is required to communicate with this system. Please see http://code.google.com/p/nvdcache/ for information.'); c_announce($xml); } $regex_status = eregi("^cve-[0-9]{4}-[0-9]{4}\$", $cve_id); if (!$regex_status || !$cve_id) { $xml = c_initiate_xml($config_nvdcache); $xml_error = $xml->addchild('error'); $xml_error->addchild('code', '400'); $xml_error->addchild('description', 'Bad Request. A CVE name was not given or was malformed. Looking for this format - CVE-XXXX-XXXX'); c_announce($xml); } // // everything looks good to this point. We will now pull together the data from the db and build an xml string to return. // $xml_cve = dbf_getEntryData($db_link, strtoupper($cve_id), 'CVE', $config_nvdcache); //echo $xml_cve; c_announce($xml_cve);
require 'common_functions.php'; $start_time_epoch = time(); $this_programs_version = "0.3"; $this_programs_name = "cacheStats"; // load config file if (file_exists("local_config.php")) { require 'local_config.php'; } else { require 'config.php'; } // gather data on connection call to db $start_db_con_call = time(); $db_link = dbf_connectDB($config_database); $end_db_con_call = time(); $seconds_to_make_con = $end_db_con_call - $start_db_con_call; // gather data on basic query call $start_db_query_call = time(); $cache_stats = dbf_cache_stats($db_link); $end_db_query_call = time(); $seconds_to_make_query = $end_db_query_call - $start_db_query_call; // get teh age of the cache since last update $nvdCache_age_seconds = time() - $cache_stats[last_db_update_epoch]; // Build the response $xml = c_initiate_xml($config_nvdcache); $xml_msg = $xml->addchild('status'); $xml_msg->addchild('code', '200'); $xml_msg->addchild('cache_age_seconds', $nvdCache_age_seconds); $xml_msg->addchild('seconds_to_make_db_connection', $seconds_to_make_con); $xml_msg->addchild('seconds_to_make_query', $seconds_to_make_query); c_announce($xml);