/**
* Create list of machines to scan
*
* This function will query the database for the list
* of all the machines that were specified when the
* scan was created
*
* @param string $profile_id ID of the profile to get machines of
* @return array Return array of machines listed in profile
*/
public function getMachines($profile_id)
{
require_once _ABSPATH . '/lib/Devices.php';
require_once _ABSPATH . '/lib/Clusters.php';
$db = nessquikDB::getInstance();
$_dev = Devices::getInstance();
$_clu = Clusters::getInstance();
$result = array();
$sql = array('select' => "SELECT machine FROM profile_machine_list WHERE profile_id=':1';");
$stmt = $db->prepare($sql['select']);
$stmt->execute($profile_id);
while ($row = $stmt->fetch_assoc()) {
$machine = $row['machine'];
$type = $_dev->determine_device_type($machine);
/**
* Clusters are special cases because they conflict with
* hostnames by not having any special defining characters
* in them. That's one of the reasons I do the cluster
* processing here.
*
* Another is because in the settings for a specific scan
* you can add and remove devices. Well, clusters are one
* of those things you can remove and to distinctly know
* which device is a cluster, I need to retain the :clu:
* prefix on the cluster name.
*/
if ($type == "cluster") {
$machine_list = array();
foreach ($cluster as $key => $cluster_id) {
$output = array();
$output = $_clu->get_cluster($cluster_id);
foreach ($output as $key2 => $val2) {
// Index 1 is the hostname as pulled from miscomp
$hostname = $val2[1];
$tmp = array();
$tmp = $_dev->get_mac_from_system($hostname);
// The first index will hold the IP address
array_push($machine_list, $tmp[0]);
}
}
$result = array_merge($result, $machine_list);
} else {
$item = $_dev->strip_device_type($machine);
if (is_ip($item)) {
$result[] = $item;
} else {
if (is_cidr($item)) {
$result[] = $item;
} else {
if (is_vhost($item)) {
$result[] = $item;
} else {
$item = gethostbyname($item);
if ($item != '') {
$result[] = $item;
}
}
}
}
}
}
return $result;
}
/**
* Deeper scan of the whitelist to match entries
*
* A deeper whitelist scan is needed if the user
* has specified a range, CIDR block, vhost, etc,
* because these particular types could be stored
* in the whitelist in a number of ways. This
* method performs the deeper interrogation of the
* whitelist to try to definitively proove that
* a specified machine is or is not in the whitelist
*
* @param array $wl Whitelist to check for machines in
* @param array $machine_list List of questionable
* machines that need to be checked for in the
* whitelist
* @param array $ok_computers List of computers that
* have been deemed "ok", aka the user is
* allowed to scan them
*/
function whitelist_dig_deep_verify_nodes(&$wl, &$machine_list, &$ok_computers)
{
$_nm = Netmask::getInstance();
foreach ($machine_list as $key3 => $val3) {
foreach ($wl as $key4 => $val4) {
// If the entry is a cidr and the whitelist is a cidr
if (is_cidr($val4) && is_cidr($val3)) {
if ($_nm->match_cidr($val4, $val3)) {
$ok_computers[] = ":whi:{$val3}";
$machine_list[$key3] = '';
}
// if the entry is an ip and the whitelist is a cidr
} else {
if (is_cidr($val4) && is_ip($val3)) {
if ($_nm->net_match($val4, $val3)) {
$ok_computers[] = ":whi:{$val3}";
$machine_list[$key3] = '';
}
// if the entry is a vhost and the whitelist is a cidr
} else {
if (is_cidr($val4) && is_vhost($val3)) {
$vhost = $val3;
$tmp = substr($val3, 1, -1);
$comp = gethostbyname($tmp);
if ($_nm->net_match($val4, $comp)) {
$ok_computers[] = ":vho:{$vhost}";
$machine_list[$key3] = '';
}
// if entry is a ?hostname? and whitelist is a cidr
} else {
if (is_cidr($val4) && $val3 != '') {
$val3 = gethostbyname($val3);
// Check if it's in the CIDR range and remove it
// if it is, because that means it's whitelisted
if ($_nm->net_match($val4, $val3)) {
// Not keeping the hostname because whitelist
// entries can only be IP based?
$ok_computers[] = ":whi:{$val3}";
$machine_list[$key3] = '';
}
}
}
}
}
}
}
}
