function dbf_getEntryData($db_link, $entryName, $entryType, $config_nvdcache)
{
$query = "SELECT * FROM nvdData WHERE type = '{$entryType}' AND name = '{$entryName}'";
if (!($result = mysqli_query($db_link, $query))) {
$xml = c_initiate_xml($config_nvdcache);
$xml_error = $xml->addchild('error');
$xml_error->addchild('code', '500');
$xml_error->addchild('description', 'DB Error: ' . mysqli_error($db_link));
c_announce($xml);
}
if (mysqli_num_rows($result) == 0) {
$xml = c_initiate_xml($config_nvdcache);
$xml_error = $xml->addchild('error');
$xml_error->addchild('code', '400');
$xml_error->addchild('description', $entryType . ' entry ' . $entryName . ' was not found.');
c_announce($xml);
}
// start building the xml data string
//$xml_parent_start = '';
$xml_parent_start = '<nvdCache version="' . $config_nvdcache[version] . '" cacheHost="' . $config_nvdcache[cacheHost] . '">';
$xml_parent_end = '</nvdCache>';
while ($row = mysqli_fetch_assoc($result)) {
$xml_result = $xml_parent_start;
$xml_result .= $row[entry];
$xml_result .= $xml_parent_end;
}
$xml = new SimpleXMLElement($xml_result);
return $xml;
}
function stream_load_xml($url, $db_link, $config_cve)
{
$start_delimiter = "<entry ";
$end_delimiter = "</entry>";
$byte_chunk_size = 64;
// see if any of the proxy options were selected and build a stream context if so
if ($config_cve[proxy_url] && $config_cve[proxy_port]) {
$opts = array('http' => array('proxy' => "tcp://" . $config_cve[proxy_url] . ":" . $config_cve[proxy_port], 'request_fulluri' => TRUE));
$context = stream_context_create($opts);
$handle = fopen("{$url}", "r", false, $context);
} else {
$handle = fopen("{$url}", "r");
}
if (!$handle) {
$xml = c_initiate_xml($config_nvdcache);
$xml_error = $xml->addchild('error');
$xml_error->addchild('code', '500');
$xml_error->addchild('description', 'Could not establish a read handle to ' . $url);
c_announce($xml);
}
$in_entry = 0;
while ($data = fread($handle, $byte_chunk_size)) {
$read_data .= $data;
// append the streaming data unto the variable
// use the start_delimiter to detect the begginging of an xml entry
$read_data_exploded_start = explode($start_delimiter, $read_data);
// if the array has more than one item then we hit upon the entry.
if (count($read_data_exploded_start) > 1 && !$in_entry) {
$in_entry = 1;
// what was infront of the delimieter is poo
$poo = array_shift($read_data_exploded_start);
// put the start delimieter back unto the string becasue it was removed
// with the delimeter 'explode' call.
$read_data = $start_delimiter;
// making sure that all left delimited items get added back
// to the read string
foreach ($read_data_exploded_start as $value) {
$read_data .= $value;
}
}
// look for the end delimiter
$read_data_exploded_end = explode($end_delimiter, $read_data);
// look for the end delimieter to indicate that we've gotten to the end of the
// entry
if (count($read_data_exploded_end) > 1) {
$in_entry = 0;
$poo = array_shift($read_data_exploded_end);
// we finaly have a full entry as string
$xml_entry_as_string = $poo . $end_delimiter;
// put it into the db.
//echo $xml_entry_as_string;
dbf_put_entry_in_db($xml_entry_as_string, $db_link);
//$xml = new SimpleXMLElement($xml_entry_as_string);
//echo $xml->asXML();
// reset the read_data variable
$read_data = '';
// set the read_data variable with the end of the exploded
// data as to allow it to make the next front end delimiter
// check
foreach ($read_data_exploded_end as $value) {
$read_data .= $value;
}
}
}
}
//fta_logHit($_SERVER, $fta_config_data);
/* parse the URL */
//echo $HTTP_SERVER_VARS["REQUEST_URI"];
$exp1 = explode("/", $HTTP_SERVER_VARS["REQUEST_URI"]);
// $hash is the value passed to the script. this needs to be handled carefuly!
$cve_id = $exp1[count($exp1) - 1];
//$cve_id = $_REQUEST['cve_id'];
//$token = $_REQUEST['token'];
if ($ini_array[security][token_required] == 1 && $ini_array[security][access_token] != $token) {
// this is very rude unsafe security.
$xml = c_initiate_xml($config_nvdcache);
$xml_error = $xml->addchild('error');
$xml_error->addchild('code', '500');
$xml_error->addchild('description', 'Invalid token or no token given. A token is required to communicate with this system. Please see http://code.google.com/p/nvdcache/ for information.');
c_announce($xml);
}
$regex_status = eregi("^cve-[0-9]{4}-[0-9]{4}\$", $cve_id);
if (!$regex_status || !$cve_id) {
$xml = c_initiate_xml($config_nvdcache);
$xml_error = $xml->addchild('error');
$xml_error->addchild('code', '400');
$xml_error->addchild('description', 'Bad Request. A CVE name was not given or was malformed. Looking for this format - CVE-XXXX-XXXX');
c_announce($xml);
}
//
// everything looks good to this point. We will now pull together the data from the db and build an xml string to return.
//
$xml_cve = dbf_getEntryData($db_link, strtoupper($cve_id), 'CVE', $config_nvdcache);
//echo $xml_cve;
c_announce($xml_cve);
require 'common_functions.php';
$start_time_epoch = time();
$this_programs_version = "0.3";
$this_programs_name = "cacheStats";
// load config file
if (file_exists("local_config.php")) {
require 'local_config.php';
} else {
require 'config.php';
}
// gather data on connection call to db
$start_db_con_call = time();
$db_link = dbf_connectDB($config_database);
$end_db_con_call = time();
$seconds_to_make_con = $end_db_con_call - $start_db_con_call;
// gather data on basic query call
$start_db_query_call = time();
$cache_stats = dbf_cache_stats($db_link);
$end_db_query_call = time();
$seconds_to_make_query = $end_db_query_call - $start_db_query_call;
// get teh age of the cache since last update
$nvdCache_age_seconds = time() - $cache_stats[last_db_update_epoch];
// Build the response
$xml = c_initiate_xml($config_nvdcache);
$xml_msg = $xml->addchild('status');
$xml_msg->addchild('code', '200');
$xml_msg->addchild('cache_age_seconds', $nvdCache_age_seconds);
$xml_msg->addchild('seconds_to_make_db_connection', $seconds_to_make_con);
$xml_msg->addchild('seconds_to_make_query', $seconds_to_make_query);
c_announce($xml);
