function submit_scan($SVRid, $job_name, $ssh_credential, $smb_credential, $schedule_type, $not_resolve, $user, $entity, $targets, $scheduled_status, $hosts_alive, $sid, $send_email, $timeout, $scan_locally, $dayofweek, $dayofmonth, $ROYEAR, $ROMONTH, $ROday, $time_hour, $time_min, $time_interval, $sched_id, $biyear, $bimonth, $biday, $nthdayofweek, $nthweekday, $tz, $daysMap, $ip_exceptions_list)
{
$db = new ossim_db();
$dbconn = $db->connect();
$credentials = $ssh_credential . '|' . $smb_credential;
$username = valid_hex32($entity) ? $entity : $user;
if (empty($username)) {
$username = Session::get_session_user();
}
$btime_hour = $time_hour;
// save local time
$btime_min = $time_min;
$bbiyear = $biyear;
$bbimonth = $bimonth;
$bbiday = $biday;
if ($schedule_type == 'O') {
// date and time for run once
if (empty($ROYEAR)) {
$ROYEAR = gmdate('Y');
}
if (empty($ROMONTH)) {
$ROMONTH = gmdate('m');
}
if (empty($ROday)) {
$ROday = gmdate('d');
}
list($_y, $_m, $_d, $_h, $_u, $_s, $_time) = Util::get_utc_from_date($dbconn, "{$ROYEAR}-{$ROMONTH}-{$ROday} {$time_hour}:{$time_min}:00", $tz);
$ROYEAR = $_y;
$ROMONTH = $_m;
$ROday = $_d;
$time_hour = $_h;
$time_min = $_u;
} else {
if (in_array($schedule_type, array('D', 'W', 'M', 'NW'))) {
// date and time for Daily, Day of Week, Day of month, Nth weekday of month
list($b_y, $b_m, $b_d, $b_h, $b_u, $b_s, $b_time) = Util::get_utc_from_date($dbconn, "{$biyear}-{$bimonth}-{$biday} {$time_hour}:{$time_min}:00", $tz);
$biyear = $b_y;
$bimonth = $b_m;
$biday = $b_d;
$time_hour = $b_h;
$time_min = $b_u;
}
}
$resolve_names = $not_resolve == '1' ? 0 : 1;
if ($schedule_type != 'N') {
// current datetime in UTC
$arrTime = explode(":", gmdate('Y:m:d:w:H:i:s'));
$year = $arrTime[0];
$mon = $arrTime[1];
$mday = $arrTime[2];
$wday = $arrTime[3];
$hour = $arrTime[4];
$min = $arrTime[5];
$sec = $arrTime[6];
$timenow = $hour . $min . $sec;
$run_wday = $daysMap[$dayofweek]['number'];
$run_time = sprintf('%02d%02d%02d', $time_hour, $time_min, '00');
$run_mday = $dayofmonth;
$time_value = "{$time_hour}:{$time_min}:00";
$ndays = array('Sunday', 'Monday', 'Tuesday', 'Wednesday', 'Thursday', 'Friday', 'Saturday');
$begin_in_seconds = Util::get_utc_unixtime("{$biyear}-{$bimonth}-{$biday} {$time_hour}:{$time_min}:00") - 3600 * $tz;
$current_in_seconds = gmdate('U');
// current datetime in UTC
if (strlen($bimonth) == 1) {
$bimonth = '0' . $bimonth;
}
if (strlen($biday) == 1) {
$biday = '0' . $biday;
}
}
switch ($schedule_type) {
case 'N':
$requested_run = gmdate('YmdHis');
break;
case 'O':
$requested_run = sprintf('%04d%02d%02d%06d', $ROYEAR, $ROMONTH, $ROday, $run_time);
break;
case 'D':
if ($begin_in_seconds > $current_in_seconds) {
$next_day = $biyear . $bimonth . $biday;
// selected date by user
} else {
if ($run_time > $timenow) {
$next_day = $year . $mon . $mday;
// today
} else {
$next_day = gmdate("Ymd", strtotime("+1 day GMT", gmdate("U")));
// next day
}
}
$requested_run = sprintf("%08d%06d", $next_day, $run_time);
break;
case 'W':
if ($begin_in_seconds > $current_in_seconds) {
// if it is a future date
$wday = date("w", mktime(0, 0, 0, $bimonth, $biday, $biyear));
// make week day for begin day
if ($run_wday == $wday) {
$next_day = $biyear . $bimonth . $biday;
// selected date by user
} else {
$next_day = gmdate("Ymd", strtotime("next " . $ndays[$run_wday] . " GMT", mktime(0, 0, 0, $bimonth, $biday, $biyear)));
}
} else {
if ($run_wday == $wday && $run_time > $timenow) {
$next_day = $year . $mon . $mday;
// today
} else {
$next_day = gmdate("Ymd", strtotime("next " . $ndays[$run_wday] . " GMT", gmdate("U")));
// next week
}
}
preg_match("/(\\d{4})(\\d{2})(\\d{2})/", $next_day, $found);
list($b_y, $b_m, $b_d, $b_h, $b_u, $b_s, $b_time) = Util::get_utc_from_date($dbconn, $found[1] . "-" . $found[2] . "-" . $found[3] . " {$btime_hour}:{$btime_min}:00", $tz);
$requested_run = sprintf("%04d%02d%02d%02d%02d%02d", $b_y, $b_m, $b_d, $b_h, $b_u, "00");
break;
case 'M':
if ($begin_in_seconds > $current_in_seconds) {
// if it is a future date
if ($run_mday >= $biday) {
$next_day = $biyear . $bimonth . ($run_mday < 10 ? "0" : "") . $run_mday;
// this month
} else {
$next_day = sprintf("%06d%02d", gmdate("Ym", strtotime("next month GMT", mktime(0, 0, 0, $bimonth, $biday, $biyear))), $run_mday);
}
} else {
if ($run_mday > $mday || $run_mday == $mday && $run_time > $timenow) {
$next_day = $year . $mon . ($run_mday < 10 ? "0" : "") . $run_mday;
// this month
} else {
$next_day = sprintf("%06d%02d", gmdate("Ym", strtotime("next month GMT", gmdate("U"))), $run_mday);
}
}
preg_match("/(\\d{4})(\\d{2})(\\d{2})/", $next_day, $found);
list($b_y, $b_m, $b_d, $b_h, $b_u, $b_s, $b_time) = Util::get_utc_from_date($dbconn, $found[1] . "-" . $found[2] . "-" . $found[3] . " {$btime_hour}:{$btime_min}:00", $tz);
$requested_run = sprintf("%04d%02d%02d%02d%02d%02d", $b_y, $b_m, $b_d, $b_h, $b_u, "00");
break;
case 'NW':
if ($begin_in_seconds > $current_in_seconds) {
// if it is a future date
$array_time = array('month' => $bbimonth, 'day' => $bbiday, 'year' => $bbiyear);
$requested_run = weekday_month(strtolower($daysMap[$nthdayofweek]['text']), $nthweekday, $btime_hour, $btime_min, $array_time);
} else {
$requested_run = weekday_month(strtolower($daysMap[$nthdayofweek]['text']), $nthweekday, $btime_hour, $btime_min);
}
preg_match("/(\\d{4})(\\d{2})(\\d{2})(\\d{2})(\\d{2})(\\d{2})/", $requested_run, $found);
list($b_y, $b_m, $b_d, $b_h, $b_u, $b_s, $b_time) = Util::get_utc_from_date($dbconn, $found[1] . "-" . $found[2] . "-" . $found[3] . " " . $found[4] . ":" . $found[5] . ":00", $tz);
$requested_run = sprintf("%04d%02d%02d%02d%02d%02d", $b_y, $b_m, $b_d, $b_h, $b_u, "00");
$dayofmonth = $nthweekday;
$dayofweek = $nthdayofweek;
break;
default:
break;
}
$insert_time = gmdate('YmdHis');
if (!empty($_SESSION['_vuln_targets']) && count($_SESSION['_vuln_targets']) > 0) {
$arr_ctx = array();
$sgr = array();
foreach ($_SESSION['_vuln_targets'] as $target_selected => $server_id) {
$sgr[$server_id][] = $target_selected;
if (preg_match('/^\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\/\\d{1,2}$/i', $target_selected)) {
$related_nets = array_values(Asset_net::get_closest_nets($dbconn, $target_selected));
$firs_net = $related_nets[0];
$closetnet_id = $firs_net['id'];
if (valid_hex32($closetnet_id)) {
$arr_ctx[$target_selected] = Asset_net::get_ctx_by_id($dbconn, $closetnet_id);
}
} else {
if (preg_match('/^\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}$/i', $target_selected)) {
$closetnet_id = key(Asset_host::get_closest_net($dbconn, $target_selected));
if (valid_hex32($closetnet_id)) {
$arr_ctx[$target_selected] = Asset_net::get_ctx_by_id($dbconn, $closetnet_id);
}
} else {
if (valid_hostname($target_selected) || valid_fqdns($target_selected)) {
$filters = array('where' => "hostname like '{$target_selected}' OR fqdns like '{$target_selected}'");
$_hosts_data = Asset_host::get_basic_list($dbconn, $filters);
$host_list = $_hosts_data[1];
if (count($host_list) > 0) {
$first_host = array_shift($host_list);
$hips = explode(",", $first_host['ips']);
foreach ($hips as $hip) {
$hip = trim($hip);
$arr_ctx[$hip] = $first_host['ctx'];
}
}
}
}
}
}
ossim_clean_error();
unset($_SESSION['_vuln_targets']);
// clean scan targets
$resolve_names = $not_resolve == '1' ? 0 : 1;
$queries = array();
$IP_ctx = array();
foreach ($arr_ctx as $aip => $actx) {
$IP_ctx[] = $actx . '#' . $aip;
}
$bbimonth = strlen($bbimonth) == 1 ? '0' . $bbimonth : $bbimonth;
$bbiday = strlen($bbiday) == 1 ? '0' . $bbiday : $bbiday;
// Delete scheduled jobs if "Inmeditely" scheduled method is selected
if (isset($sched_id) && $sched_id > 0 && $schedule_type == 'N') {
$query = 'DELETE FROM vuln_job_schedule WHERE id = ?';
$params = array($sched_id);
$rs = $dbconn->Execute($query, $params);
if (!$rs) {
Av_exception::throw_error(Av_exception::DB_ERROR, $conn->ErrorMsg());
}
}
$qc = 0;
if ($schedule_type == 'N') {
foreach ($sgr as $notify_sensor => $target_list) {
$target_list = !empty($ip_exceptions_list) ? implode("\n", $target_list) . "\n" . implode("\n", $ip_exceptions_list) : implode("\n", $target_list);
$params = array($job_name, $username, Session::get_session_user(), $schedule_type, $target_list, $hosts_alive, $sid, $send_email, $timeout, $SVRid, $insert_time, $requested_run, '3', 'S', $notify_sensor, $scan_locally, implode("\n", $IP_ctx), $resolve_names, $credentials);
$queries[$qc]['query'] = 'INSERT INTO vuln_jobs ( name, username, fk_name, meth_SCHED, meth_TARGET, meth_CRED,
meth_VSET, meth_Wfile, meth_TIMEOUT, scan_ASSIGNED,
scan_SUBMIT, scan_next, scan_PRIORITY, status, notify, authorized, author_uname, resolve_names, credentials )
VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)';
$queries[$qc]['params'] = $params;
$qc++;
}
} else {
$params = array($bbiyear . $bbimonth . $bbiday, $job_name, $username, Session::get_session_user(), $schedule_type, $dayofweek, $dayofmonth, $time_value, implode("\n", $targets), $hosts_alive, $sid, $send_email, $scan_locally, $timeout, $requested_run, $insert_time, strval($scheduled_status), $resolve_names, $time_interval, implode("\n", $IP_ctx), $credentials, $SVRid);
if (isset($sched_id) && $sched_id > 0) {
$queries[$qc]['query'] = 'UPDATE vuln_job_schedule SET begin = ?, name = ?, username = ?, fk_name = ?, schedule_type = ?, day_of_week = ?, day_of_month = ?,
time = ?, meth_TARGET = ?, meth_CRED = ?, meth_VSET = ?, meth_Wfile = ?,
meth_Ucheck = ?, meth_TIMEOUT = ?, next_CHECK = ?, createdate = ?, enabled = ?, resolve_names = ?, time_interval = ?, IP_ctx = ?, credentials = ?, email = ?
WHERE id = ?';
$params[] = $sched_id;
$queries[$qc]['params'] = $params;
$qc++;
} else {
$queries[$qc]['query'] = 'INSERT INTO vuln_job_schedule ( begin, name, username, fk_name, schedule_type, day_of_week, day_of_month, time, meth_TARGET, meth_CRED, meth_VSET, meth_Wfile, meth_Ucheck, meth_TIMEOUT, next_CHECK, createdate, enabled, resolve_names, time_interval, IP_ctx, credentials, email)
VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?) ';
$queries[$qc]['params'] = $params;
$qc++;
}
}
$execute_errors = array();
foreach ($queries as $id => $sql_data) {
$rs = $dbconn->execute($sql_data['query'], $sql_data['params']);
if ($rs === FALSE) {
$execute_errors[] = $dbconn->ErrorMsg();
}
}
if (empty($execute_errors) && $schedule_type != 'N') {
// We have to update the vuln_job_assets
if (intval($sched_id) == 0) {
$query = ossim_query('SELECT LAST_INSERT_ID() as sched_id');
$rs = $dbconn->Execute($query);
if (!$rs) {
Av_exception::throw_error(Av_exception::DB_ERROR, $dbconn->ErrorMsg());
} else {
$sched_id = $rs->fields['sched_id'];
}
}
Vulnerabilities::update_vuln_job_assets($dbconn, 'insert', $sched_id, 0);
}
$config_nt = array('content' => '', 'options' => array('type' => 'nf_success', 'cancel_button' => FALSE), 'style' => 'width: 40%; margin: 20px auto; text-align: center;');
$config_nt['content'] = empty($execute_errors) ? _('Successfully Submitted Job') : _('Error creating scan job:') . implode('<br>', $execute_errors);
$nt = new Notification('nt_1', $config_nt);
$nt->show();
$dbconn->close($conn);
}
}
require_once 'av_init.php';
$option = $argv[1];
$asset = $argv[2];
$result = '';
$db = new ossim_db();
$dbconn = $db->connect();
$_SESSION['_user'] = '******';
switch ($option) {
case 'get_ctx':
if (preg_match("/^([a-f\\d]{32})#\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\$/i", $asset, $found)) {
// host_id#IP
$result = Asset_host::get_ctx_by_id($dbconn, $found[1]);
} else {
if (preg_match("/^([a-f\\d]{32})#\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\/\\d{1,2}\$/i", $asset, $found)) {
// net_id#CIDR
$result = Asset_net::get_ctx_by_id($dbconn, $found[1]);
} else {
$filters = array('where' => 'hostname = "' . $asset . '" OR fqdns LIKE "%' . $asset . '%"');
$_hosts_data = Asset_host::get_basic_list($dbconn, $filters);
$hosts_list = $_hosts_data[1];
$total = count($hosts_list);
if ($total > 0) {
$host_id = key($hosts_list);
$result = $hosts_list[$host_id]['ctx'];
} else {
$result = '';
}
}
}
break;
case 'get_sensor_ip':
