/**
* Update a profiles' settings in the database
*
* Updates all the settings in the database that have
* changed from their default values since the settings
* object was created.
*/
public function update()
{
$db = nessquikDB::getInstance();
$sql = "UPDATE profile_settings SET :1=':2' WHERE profile_id='" . $this->profile_id . "' AND setting_type='user'";
$stmt = $db->prepare($sql);
// Update all the fields in the database
$stmt->execute('setting_name', $this->scan_name);
}
private function api_key_ok($api_key)
{
$db = nessquikDB::getInstance();
$sql = "SELECT api_id FROM api_keys WHERE api_key=':1' LIMIT 1";
$stmt = $db->prepare($sql);
$stmt->execute($client_key);
if ($stmt->num_rows() < 1) {
$this->error = new IXR_Error(403, 'Bad API key.');
return false;
}
return true;
}
#!/usr/bin/php -q
<?php
set_time_limit(0);
if (!@$argc) {
die("<p>This script can only be run from command line");
}
define('_ABSPATH', dirname(dirname(__FILE__)));
require_once _ABSPATH . '/confs/config-inc.php';
require_once _ABSPATH . '/db/nessquikDB.php';
$db = nessquikDB::getInstance();
$nasl = array();
$sql = array('insert' => "\tINSERT INTO nasl_names (`pluginid`,\n\t\t\t\t`script_name`) \n\t\t\tVALUES (':1',':2') \n\t\t\tON DUPLICATE KEY UPDATE script_name=':3'");
$stmt = $db->prepare($sql['insert']);
// If the path sent is a directory...
if (is_dir(_NESSUS_PLUG_DIR)) {
// ...check to see if we can open it. If yes, store its resource in a variable
if ($handle = opendir(_NESSUS_PLUG_DIR)) {
// If we're capable of opening the directory, reading files in one at a time until no more
while (false !== ($file = readdir($handle))) {
// Check to see if the filename is either the current dir, or the parent dir.
// and skip it if it is.
if ($file != "." && $file != "..") {
$nasl[] = $file;
}
}
}
}
// Close the directory we were working with
closedir($handle);
/**
public static function getInstance()
{
if (empty(self::$instance)) {
switch (_RELEASE) {
case "fermi":
self::$instance = parent::db_factory(_SAVED_DBUSER, _SAVED_DBPASS, _SAVED_DBUSE, _SAVED_DBSERVER, _SAVED_DBPORT);
break;
case "general":
default:
self::$instance = nessquikDB::getInstance();
break;
}
}
return self::$instance;
}
/**
* Updates a help topic
*
* This method will save back to the database, the
* information that is associated with a topic.
*
* @param integer $help_id ID of the help topic that
* is being saved
* @param integer $category_id ID of the category that
* the particular topic will/does now reside in
* @param string $question Question that is posed by
* the topic
* @param string $answer Answer to the help topic question
* @return boolean True on successful update, false on failure
*/
public function edit_help_topic($help_id, $category_id, $question, $answer)
{
$db = nessquikDB::getInstance();
$sql = array('update' => "UPDATE help SET category_id=':1', question=':2', answer=':3' WHERE help_id=':4'");
$stmt = $db->prepare($sql['update']);
$stmt->execute($category_id, $question, $answer, $help_id);
if ($stmt->affected() < 0) {
return false;
} else {
return true;
}
}
private function delete_recurrence($profile_id)
{
$db = nessquikDB::getInstance();
$sql = "DELETE FROM recurrence WHERE profile_id=':1'";
$stmt = $db->prepare($sql);
$stmt->execute($profile_id);
}
/**
* Get a list of all plugins
*
* This function will query the plugins database and return
* an array that is indexed by plugin ID. The value of each
* entry in the array will be 'no'. The array that is returned
* can be looped through right away to create the plugin list
* for a nessusrc file.
*
* @return array Array of plugin IDs with the value of each entry set to 'no'
*/
public function getAllPlugins()
{
$db = nessquikDB::getInstance();
$set = array();
$sql = array('select' => "SELECT pluginid FROM plugins ORDER BY pluginid ASC;");
$stmt = $db->prepare($sql['select']);
$stmt->execute();
while ($row = $stmt->fetch_assoc()) {
$set[$row['pluginid']] = 'no';
}
return $set;
}
/**
* Removes dead metrics
*
* A dead metric is basically a metric that has been removed by the user
* by having its folder deleted from the metrics folder. This method takes
* care of clearing the database of these dead metrics.
*/
private function remove_dead_metrics()
{
$db = nessquikDB::getInstance();
/**
* For this walk, we only care about the installed metrics.
*/
$diff = array_diff($this->installed_metrics, $this->metric_list);
$sql = array('delete' => "DELETE FROM metrics WHERE `name`=':1' AND type=':2'");
$stmt = $db->prepare($sql['delete']);
foreach ($diff as $key => $metric_class) {
require_once $this->metric_path . '/' . $metric_class . '.php';
$this->new_metrics = true;
$metric_class = new ReflectionClass($metric_class);
$metric = $metric_class->newInstance();
$metric->_remove();
$stmt->execute($metric_class, $this->type);
}
}
/**
* Re-schedule a scan
*
* This method will handle rescheduling the scan and updating
* it's date_scheduled field so that the scan maker can check
* the new field against the current time when it comes around
*
* @param string $profile_id ID of the profile to reschedule
* @param datetime $date_scheduled The new date and time to
* reschedule the scan. The format should be that of
* the MySQL DATETIME field format
* @return boolean True if successfully rescheduled. False otherwise
*/
private function reschedule_scan($profile_id, $date_scheduled)
{
$db = nessquikDB::getInstance();
$sql = array('update' => "\tUPDATE profile_list \n\t\t\t\t\tSET date_scheduled=':2' \n\t\t\t\t\tWHERE profile_id=':1'");
$stmt = $db->prepare($sql['update']);
$stmt->execute($profile_id, $date_scheduled);
if ($stmt->affected() > 0) {
return true;
} else {
return false;
}
}
public function get_division_id($division)
{
$db = nessquikDB::getInstance();
$sql = array('select' => "SELECT group_id FROM division_group_list WHERE group_name=':1';");
$stmt1 = $db->prepare($sql['select']);
$stmt1->execute($division);
if ($stmt1->num_rows() > 0) {
return $stmt1->result(0);
} else {
return false;
}
}
/**
* Remove all the plugins from a profile
*
* This method will remove the plugins from the profile
* table for the given profile. It's the equivalent of
* assigning an empty plugin set to the scan profile
*
* @param string $profile_id ID of the profile to remove
* all the plugins from
* @return True on successful removal, false otherwise
*/
public function delete_all_plugins($profile_id = '')
{
if ($profile_id == '') {
$profile_id = $this->profile_id;
}
$db = nessquikDB::getInstance();
$sql = "DELETE FROM profile_plugin_list WHERE profile_id=':1';";
$stmt = $db->prepare($sql);
$stmt->execute($profile_id);
if ($stmt->affected() < 0) {
return false;
} else {
return true;
}
}
/**
* Check if the version of nessquik is up-to-date
*
* Since a lot is likely to change between nessquik
* versions, I'm including this method here so that
* the system can be checked for a particular configuration
* that is specific to an install of nessquik and if
* that configuration does not exist, an error message
* will be displayed notifying the user that they
* are using a new version of nessquik with an old version
* of the database
*/
public function check_version()
{
$success = false;
$db = nessquikDB::getInstance();
$tpl = SmartyTemplate::getInstance();
$sql = array('tables' => "SHOW TABLES FROM " . _DBUSE);
$stmt1 = $db->prepare($sql['tables']);
$stmt1->execute();
if ($stmt1->num_rows() == 0) {
$tpl->assign("SUCCESS", "noper");
$tpl->assign("MESSAGE", "It seems you haven't created your database yet. Use the setup file to do this.<p>");
$tpl->assign("RETURN_LINK", "");
$tpl->display("actions_done.tpl");
exit;
}
while ($row = $stmt1->fetch_row()) {
$table = $row[0];
if ($table == "division_group_list") {
$success = true;
break;
}
}
if (!$success) {
$tpl->assign("SUCCESS", "noper");
$tpl->assign("MESSAGE", "You're trying to use the nessquik 2.5 code base with a nessquik 2.0 database.<p>" . "This isn't going to work. Please run the upgrade scripts before continuing.");
$tpl->assign("RETURN_LINK", "");
$tpl->display("actions_done.tpl");
exit;
}
}
/**
* Set a scan's finish date
*
* After a scan has finished running, you may want
* to set the date and time it finished running in
* the database. This method will set that value in
* the database. The date should be formatted according
* to the MySQL datetime format. This can be accomplished
* using the following strftime format.
*
* strftime("%Y-%m-%d %T", time());
*
* @param array $params Array of parameters sent to the function
* 0 - Client key of the scanner
* 1 - Profile ID to set the finished date of
* 2 - Date, in MySQL datetime format, of when
* the scan finished running
* @return True on successful progress update. IXR_Error
* on failure
*/
public function jobs_setFinishedDate($params)
{
$db = nessquikDB::getInstance();
$client_key = $params[0];
$profile_id = $params[1];
$date = $params[2];
$sql = "UPDATE profile_list SET date_finished=':1' WHERE profile_id=':2';";
$stmt = $db->prepare($sql);
if (!$this->client_key_ok($client_key)) {
return $this->error;
}
if (!$this->client_key_can_scan_profile($client_key, $profile_id)) {
return $this->error;
}
$stmt->execute($date, $profile_id);
return true;
}
