if (array_key_exists($order, $orders_by_columns)) {
$order = $orders_by_columns[$order];
} else {
$order = 'banner';
}
// Property filter
$filters = array('where' => "`cpe` LIKE 'cpe:/a%'", 'limit' => "{$from}, {$maxrows}", 'order_by' => "{$order} {$torder}");
if ($search_str != '') {
$search_str = escape_sql($search_str, $conn);
$filters['where'] .= ' AND (banner LIKE "%' . $search_str . '%" OR cpe LIKE "%' . $search_str . '%")';
}
// Software data
$data = array();
$sw_list = array();
$sw_total = 0;
list($sw_list, $sw_total) = Asset_host_software::bulk_get_list($conn, $filters);
foreach ($sw_list as $sw_cpe => $sw_values) {
$r_key = strtolower(md5($sw_cpe));
$sw_name = $sw_values['banner'];
$dt_sw_name = $sw_name;
if (empty($sw_name)) {
$sw_name = Util::wordwrap($sw_cpe, 80, '<br/>');
}
$_sw_data = array("DT_RowId" => $r_key, "DT_RowData" => array('p_id' => 60, 'sw_cpe' => $sw_cpe, 'sw_name' => $dt_sw_name, 'source_id' => $sw_values['source']['id']), "", $sw_name, $sw_values['source']['name'], "");
$data[] = $_sw_data;
}
$response['sEcho'] = $sec;
$response['iTotalRecords'] = $sw_total;
$response['iTotalDisplayRecords'] = $sw_total;
$response['aaData'] = $data;
echo json_encode($response);
function end_upgrade($logfile)
{
$conn = new ossim_db();
$db = $conn->connect();
//
// PROPERTIES
//
$properties = array();
$db->StartTrans();
$rs = $db->Execute("SELECT hex(host_id) as id,property_ref,last_modified,source_id,value,extra,tzone FROM alienvault.host_properties WHERE property_ref>0");
while (!$rs->EOF) {
$properties[] = $rs->fields;
$rs->MoveNext();
}
$db->Execute("DELETE FROM alienvault.host_properties");
@file_put_contents($logfile, $db->ErrorMsg(), FILE_APPEND);
foreach ($properties as $prop) {
$values = json_decode($prop['value'], true);
$sql = "INSERT IGNORE INTO alienvault.host_properties (host_id, property_ref, last_modified, source_id, value, extra, tzone) VALUES (UNHEX(?), ? ,? ,? ,? ,? ,?)";
if (json_last_error() === JSON_ERROR_NONE && is_array($values)) {
foreach ($values as $value) {
if ($prop['property_ref'] == 3) {
$value = preg_replace("/\\b(\\w+)\\s+\\1\\b/i", "\$1", preg_replace("/(.*?):(.*)/", "\$1 \$2", $value));
} elseif ($prop['property_ref'] == 8) {
$value = preg_replace("/\\|/", "@", $value);
}
$params = array($prop['id'], $prop['property_ref'], $prop['last_modified'], $prop['source_id'], $value, $prop['extra'], $prop['tzone']);
$db->Execute($sql, $params);
@file_put_contents($logfile, $db->ErrorMsg(), FILE_APPEND);
if ($prop['property_ref'] == 3) {
break;
// Only the first OS
}
}
} else {
if ($prop['property_ref'] == 3) {
$prop['value'] = preg_replace("/\\b(\\w+)\\s+\\1\\b/i", "\$1", preg_replace("/(.*?):(.*)/", "\$1 \$2", $prop['value']));
} elseif ($prop['property_ref'] == 8) {
$prop['value'] = preg_replace("/\\|/", "@", $prop['value']);
}
$params = array($prop['id'], $prop['property_ref'], $prop['last_modified'], $prop['source_id'], $prop['value'], $prop['extra'], $prop['tzone']);
$db->Execute($sql, $params);
@file_put_contents($logfile, $db->ErrorMsg(), FILE_APPEND);
}
}
if (!$db->CompleteTrans()) {
@file_put_contents($logfile, $db->ErrorMsg(), FILE_APPEND);
return 1;
}
$db->Execute("DELETE FROM alienvault.host_properties WHERE value like 'unknown%'");
@file_put_contents($logfile, $db->ErrorMsg(), FILE_APPEND);
// HOST SOFTWARE CPE
$cpes = array();
$db->StartTrans();
$rs = $db->Execute("SELECT DISTINCT cpe FROM host_software");
while (!$rs->EOF) {
$cpes[] = $rs->fields['cpe'];
$rs->MoveNext();
}
foreach ($cpes as $cpe) {
$params = array(Asset_host_software::get_software_name_by_cpe($db, $cpe), $cpe);
$db->Execute("UPDATE host_software SET banner=? WHERE cpe=?", $params);
@file_put_contents($logfile, $db->ErrorMsg(), FILE_APPEND);
}
if (!$db->CompleteTrans()) {
@file_put_contents($logfile, $db->ErrorMsg(), FILE_APPEND);
return 1;
}
//
// VULN_JOB_ASSET
//
$jobs = array();
$db->StartTrans();
$rs = $db->Execute("SELECT id,meth_TARGET FROM alienvault.vuln_job_schedule");
while (!$rs->EOF) {
$jobs[] = array('id' => $rs->fields['id'], 'targets' => explode("\n", $rs->fields['meth_TARGET']));
$rs->MoveNext();
}
foreach ($jobs as $job) {
$db->Execute("DELETE FROM alienvault.vuln_job_assets WHERE job_id=? AND job_type=0", array($job['id']));
@file_put_contents($logfile, $db->ErrorMsg(), FILE_APPEND);
foreach ($job['targets'] as $target) {
if (preg_match("/(.*)#(.*)/", $target, $matches)) {
// ADD ASSET_ID
$sql = "INSERT IGNORE INTO alienvault.vuln_job_assets (job_id, job_type, asset_id) VALUES (?, 0, UNHEX(?))";
$params = array($job['id'], $matches[1]);
$db->Execute($sql, $params);
@file_put_contents($logfile, $db->ErrorMsg(), FILE_APPEND);
if (preg_match("/\\/\\d+/", $matches[2])) {
// NETWORK MEMBERS
$sql = "INSERT IGNORE INTO alienvault.vuln_job_assets (job_id, job_type, asset_id) SELECT ?, 0, host_id FROM host_net_reference WHERE net_id=UNHEX(?)";
$params = array($job['id'], $matches[1]);
$db->Execute($sql, $params);
@file_put_contents($logfile, $db->ErrorMsg(), FILE_APPEND);
}
}
}
}
if (!$db->CompleteTrans()) {
@file_put_contents($logfile, $db->ErrorMsg(), FILE_APPEND);
return 1;
}
$conn->close();
return 0;
}
$error = Token::create_error_message();
Util::response_bad_request($error);
}
$data['status'] = 'success';
$data['data'] = _('Your changes have been saved');
if ($delete_all == TRUE) {
if (!valid_hex32($asset_id)) {
$db->close();
Util::response_bad_request(_('Error! Asset ID not allowed. Your changes could not be saved'));
} else {
try {
if ($action == 'delete_properties') {
Asset_host_ips::delete_all_from_db($conn, $asset_id, TRUE);
Asset_host_properties::delete_all_from_db($conn, $asset_id);
} elseif ($action == 'delete_software') {
Asset_host_software::delete_all_from_db($conn, $asset_id);
} else {
Asset_host_services::delete_all_from_db($conn, $asset_id, TRUE);
}
} catch (Exception $e) {
$db->close();
Util::response_bad_request($e->getMessage());
}
}
} else {
if (is_array($p_list) && !empty($p_list)) {
foreach ($p_list as $p_values) {
try {
//Clean last error
ossim_clean_error();
//Initialize property data
function software_list($conn, $page, $search)
{
$filters = array();
$filters['limit'] = get_query_limits($page);
if ($search != '') {
$search = utf8_decode($search);
$search = escape_sql($search, $conn);
$s_regexp = preg_replace('/\\s+/', '[_:]+', $search);
$filters['where'] = " hs.cpe REGEXP '.*{$s_regexp}.*' ";
}
try {
list($softwares, $total) = Asset_host_software::get_all($conn, $filters, TRUE);
} catch (Exception $e) {
$return['error'] = TRUE;
$return['msg'] = $e->getMessage();
return $return;
}
if ($total > 0) {
$selected = get_selected_values(9);
}
$list = array();
//Going through the list to format the elements properly:
foreach ($softwares as $cpe => $software) {
$_chk = $selected[$cpe] != '' ? TRUE : FALSE;
$name = empty($software['line']) ? $cpe : $software['line'];
$_soft = array('id' => $cpe, 'name' => $name, 'checked' => $_chk);
$list[$cpe] = $_soft;
}
$data['total'] = intval($total);
$data['list'] = $list;
$return['error'] = FALSE;
$return['data'] = $data;
return $return;
}
}
}
}
//Validate Form token
$token = POST('token');
if (Token::verify($tk_key, $token) == FALSE) {
$db->close();
$error = Token::create_error_message();
Util::response_bad_request($error);
}
if ($delete_all == TRUE) {
try {
if ($action == 'delete_properties') {
Asset_host_properties::bulk_delete_all_from_db($conn);
} else {
Asset_host_software::bulk_delete_all_from_db($conn);
}
} catch (Exception $e) {
$db->close();
Util::response_bad_request($e->getMessage());
}
} else {
if (is_array($p_list) && !empty($p_list)) {
foreach ($p_list as $p_values) {
try {
//Clean last error
ossim_clean_error();
//Initialize property data
$p_data = array();
//Common parameters
$p_id = $p_values['p_id'];
