if (array_key_exists($order, $orders_by_columns)) { $order = $orders_by_columns[$order]; } else { $order = 'banner'; } // Property filter $filters = array('where' => "`cpe` LIKE 'cpe:/a%'", 'limit' => "{$from}, {$maxrows}", 'order_by' => "{$order} {$torder}"); if ($search_str != '') { $search_str = escape_sql($search_str, $conn); $filters['where'] .= ' AND (banner LIKE "%' . $search_str . '%" OR cpe LIKE "%' . $search_str . '%")'; } // Software data $data = array(); $sw_list = array(); $sw_total = 0; list($sw_list, $sw_total) = Asset_host_software::bulk_get_list($conn, $filters); foreach ($sw_list as $sw_cpe => $sw_values) { $r_key = strtolower(md5($sw_cpe)); $sw_name = $sw_values['banner']; $dt_sw_name = $sw_name; if (empty($sw_name)) { $sw_name = Util::wordwrap($sw_cpe, 80, '<br/>'); } $_sw_data = array("DT_RowId" => $r_key, "DT_RowData" => array('p_id' => 60, 'sw_cpe' => $sw_cpe, 'sw_name' => $dt_sw_name, 'source_id' => $sw_values['source']['id']), "", $sw_name, $sw_values['source']['name'], ""); $data[] = $_sw_data; } $response['sEcho'] = $sec; $response['iTotalRecords'] = $sw_total; $response['iTotalDisplayRecords'] = $sw_total; $response['aaData'] = $data; echo json_encode($response);
function end_upgrade($logfile) { $conn = new ossim_db(); $db = $conn->connect(); // // PROPERTIES // $properties = array(); $db->StartTrans(); $rs = $db->Execute("SELECT hex(host_id) as id,property_ref,last_modified,source_id,value,extra,tzone FROM alienvault.host_properties WHERE property_ref>0"); while (!$rs->EOF) { $properties[] = $rs->fields; $rs->MoveNext(); } $db->Execute("DELETE FROM alienvault.host_properties"); @file_put_contents($logfile, $db->ErrorMsg(), FILE_APPEND); foreach ($properties as $prop) { $values = json_decode($prop['value'], true); $sql = "INSERT IGNORE INTO alienvault.host_properties (host_id, property_ref, last_modified, source_id, value, extra, tzone) VALUES (UNHEX(?), ? ,? ,? ,? ,? ,?)"; if (json_last_error() === JSON_ERROR_NONE && is_array($values)) { foreach ($values as $value) { if ($prop['property_ref'] == 3) { $value = preg_replace("/\\b(\\w+)\\s+\\1\\b/i", "\$1", preg_replace("/(.*?):(.*)/", "\$1 \$2", $value)); } elseif ($prop['property_ref'] == 8) { $value = preg_replace("/\\|/", "@", $value); } $params = array($prop['id'], $prop['property_ref'], $prop['last_modified'], $prop['source_id'], $value, $prop['extra'], $prop['tzone']); $db->Execute($sql, $params); @file_put_contents($logfile, $db->ErrorMsg(), FILE_APPEND); if ($prop['property_ref'] == 3) { break; // Only the first OS } } } else { if ($prop['property_ref'] == 3) { $prop['value'] = preg_replace("/\\b(\\w+)\\s+\\1\\b/i", "\$1", preg_replace("/(.*?):(.*)/", "\$1 \$2", $prop['value'])); } elseif ($prop['property_ref'] == 8) { $prop['value'] = preg_replace("/\\|/", "@", $prop['value']); } $params = array($prop['id'], $prop['property_ref'], $prop['last_modified'], $prop['source_id'], $prop['value'], $prop['extra'], $prop['tzone']); $db->Execute($sql, $params); @file_put_contents($logfile, $db->ErrorMsg(), FILE_APPEND); } } if (!$db->CompleteTrans()) { @file_put_contents($logfile, $db->ErrorMsg(), FILE_APPEND); return 1; } $db->Execute("DELETE FROM alienvault.host_properties WHERE value like 'unknown%'"); @file_put_contents($logfile, $db->ErrorMsg(), FILE_APPEND); // HOST SOFTWARE CPE $cpes = array(); $db->StartTrans(); $rs = $db->Execute("SELECT DISTINCT cpe FROM host_software"); while (!$rs->EOF) { $cpes[] = $rs->fields['cpe']; $rs->MoveNext(); } foreach ($cpes as $cpe) { $params = array(Asset_host_software::get_software_name_by_cpe($db, $cpe), $cpe); $db->Execute("UPDATE host_software SET banner=? WHERE cpe=?", $params); @file_put_contents($logfile, $db->ErrorMsg(), FILE_APPEND); } if (!$db->CompleteTrans()) { @file_put_contents($logfile, $db->ErrorMsg(), FILE_APPEND); return 1; } // // VULN_JOB_ASSET // $jobs = array(); $db->StartTrans(); $rs = $db->Execute("SELECT id,meth_TARGET FROM alienvault.vuln_job_schedule"); while (!$rs->EOF) { $jobs[] = array('id' => $rs->fields['id'], 'targets' => explode("\n", $rs->fields['meth_TARGET'])); $rs->MoveNext(); } foreach ($jobs as $job) { $db->Execute("DELETE FROM alienvault.vuln_job_assets WHERE job_id=? AND job_type=0", array($job['id'])); @file_put_contents($logfile, $db->ErrorMsg(), FILE_APPEND); foreach ($job['targets'] as $target) { if (preg_match("/(.*)#(.*)/", $target, $matches)) { // ADD ASSET_ID $sql = "INSERT IGNORE INTO alienvault.vuln_job_assets (job_id, job_type, asset_id) VALUES (?, 0, UNHEX(?))"; $params = array($job['id'], $matches[1]); $db->Execute($sql, $params); @file_put_contents($logfile, $db->ErrorMsg(), FILE_APPEND); if (preg_match("/\\/\\d+/", $matches[2])) { // NETWORK MEMBERS $sql = "INSERT IGNORE INTO alienvault.vuln_job_assets (job_id, job_type, asset_id) SELECT ?, 0, host_id FROM host_net_reference WHERE net_id=UNHEX(?)"; $params = array($job['id'], $matches[1]); $db->Execute($sql, $params); @file_put_contents($logfile, $db->ErrorMsg(), FILE_APPEND); } } } } if (!$db->CompleteTrans()) { @file_put_contents($logfile, $db->ErrorMsg(), FILE_APPEND); return 1; } $conn->close(); return 0; }
$error = Token::create_error_message(); Util::response_bad_request($error); } $data['status'] = 'success'; $data['data'] = _('Your changes have been saved'); if ($delete_all == TRUE) { if (!valid_hex32($asset_id)) { $db->close(); Util::response_bad_request(_('Error! Asset ID not allowed. Your changes could not be saved')); } else { try { if ($action == 'delete_properties') { Asset_host_ips::delete_all_from_db($conn, $asset_id, TRUE); Asset_host_properties::delete_all_from_db($conn, $asset_id); } elseif ($action == 'delete_software') { Asset_host_software::delete_all_from_db($conn, $asset_id); } else { Asset_host_services::delete_all_from_db($conn, $asset_id, TRUE); } } catch (Exception $e) { $db->close(); Util::response_bad_request($e->getMessage()); } } } else { if (is_array($p_list) && !empty($p_list)) { foreach ($p_list as $p_values) { try { //Clean last error ossim_clean_error(); //Initialize property data
function software_list($conn, $page, $search) { $filters = array(); $filters['limit'] = get_query_limits($page); if ($search != '') { $search = utf8_decode($search); $search = escape_sql($search, $conn); $s_regexp = preg_replace('/\\s+/', '[_:]+', $search); $filters['where'] = " hs.cpe REGEXP '.*{$s_regexp}.*' "; } try { list($softwares, $total) = Asset_host_software::get_all($conn, $filters, TRUE); } catch (Exception $e) { $return['error'] = TRUE; $return['msg'] = $e->getMessage(); return $return; } if ($total > 0) { $selected = get_selected_values(9); } $list = array(); //Going through the list to format the elements properly: foreach ($softwares as $cpe => $software) { $_chk = $selected[$cpe] != '' ? TRUE : FALSE; $name = empty($software['line']) ? $cpe : $software['line']; $_soft = array('id' => $cpe, 'name' => $name, 'checked' => $_chk); $list[$cpe] = $_soft; } $data['total'] = intval($total); $data['list'] = $list; $return['error'] = FALSE; $return['data'] = $data; return $return; }
} } } //Validate Form token $token = POST('token'); if (Token::verify($tk_key, $token) == FALSE) { $db->close(); $error = Token::create_error_message(); Util::response_bad_request($error); } if ($delete_all == TRUE) { try { if ($action == 'delete_properties') { Asset_host_properties::bulk_delete_all_from_db($conn); } else { Asset_host_software::bulk_delete_all_from_db($conn); } } catch (Exception $e) { $db->close(); Util::response_bad_request($e->getMessage()); } } else { if (is_array($p_list) && !empty($p_list)) { foreach ($p_list as $p_values) { try { //Clean last error ossim_clean_error(); //Initialize property data $p_data = array(); //Common parameters $p_id = $p_values['p_id'];