function ErrorMessage($message, $color = "#FF0000") { $message = Util::htmlentities($message); $message = str_ireplace("<BR>", "<br>", $message); $message = str_ireplace("<B>", "<b>", $message); $message = str_ireplace("</B>", "</b>", $message); echo '<FONT COLOR="' . $color . '">' . $message . '</FONT><br>'; }
function PrintPcapDownload($db, $id) { if (is_array($db->DB->MetaColumnNames('data')) && (!in_array("pcap_header", $db->DB->MetaColumnNames('data')) || !in_array("data_header", $db->DB->MetaColumnNames('data')))) { $type = 3; } else { $type = 2; } $query = CleanVariable($_SERVER["QUERY_STRING"], VAR_PERIOD | VAR_DIGIT | VAR_PUNC | VAR_LETTER); if (isset($_GET['asciiclean']) && $_GET['asciiclean'] == 1 || isset($_COOKIE['asciiclean']) && $_COOKIE["asciiclean"] == "clean" && !isset($_GET['asciiclean'])) { $url = '<a href="base_payload.php?' . Util::htmlentities($query); $url .= '&download=' . urlencode($type) . '&id=' . urlencode($id) . '&asciiclean=1&minimal_view=' . urlencode($_GET['minimal_view']) . '"> [' . _("Download in pcap format") . ']</a>'; } else { $url = '<a href="base_payload.php?' . Util::htmlentities($query); $url .= '&download=' . urlencode($type) . '&id=' . urlencode($id) . '&asciiclean=0&minimal_view=' . urlencode($_GET['minimal_view']) . '"> [' . _("Download in pcap format") . ']</a>'; } return $url; }
function validate_post_params($conn, $name, $descr, $sids, $imported_sids, $group_id = NULL) { $vals = array('name' => array(OSS_INPUT, 'illegal:' . _("Name")), 'descr' => array(OSS_ALL, OSS_NULLABLE, 'illegal:' . _("Description")), 'group_id' => array(OSS_HEX, OSS_NULLABLE, 'illegal:' . _("Group ID"))); ossim_valid($group_id, $vals['group_id']); ossim_valid($name, $vals['name']); if (ossim_error() == FALSE && Plugin_group::is_valid_group_name($conn, $name, $group_id) == FALSE) { $name = Util::htmlentities($name); ossim_set_error(sprintf(_("DS group name '<strong>%s</strong>' already exists"), $name)); } ossim_valid($descr, $vals['descr']); $plugins = array(); $sids = is_array($sids) ? $sids : array(); $pluginid = intval(POST('pluginid')); if ($pluginid > 0) { $sids[$pluginid] = "0"; } foreach ($sids as $plugin => $sids_str) { if ($sids_str !== '') { list($valid, $data) = Plugin_sid::validate_sids_str($sids_str); if (!$valid) { ossim_set_error(_("Error for data source ") . $plugin . ': ' . $data); break; } if ($sids_str == "ANY") { $sids_str = "0"; } else { $aux = count(explode(',', $sids_str)); $total = Plugin_sid::get_sidscount_by_id($conn, $plugin); $sids_str = $aux == $total ? "0" : $sids_str; } $plugins[$plugin] = $sids_str; } } if (!count($plugins) && !count($imported_sids)) { ossim_set_error(_("No Data Sources or Event Types selected")); } return array($group_id, $name, $descr, $plugins, ossim_error()); }
function DisplayGraphs($type) { $self = Menu::get_menu_url('/ossim/nfsen/nfsen.php?tab=2', 'environment', 'netflow', 'details'); $profile = $_SESSION['profile']; $profilegroup = $_SESSION['profilegroup']; if ($profilegroup == '.') { print "<h2>Profile: " . Util::htmlentities($profile) . ", Group: (nogroup) - " . Util::htmlentities($type) . "</h2>\n"; } else { print "<h2>Profile: " . Util::htmlentities($profile) . ", Group: " . Util::htmlentities($profilegroup . " - " . $type) . "</h2>\n"; } if ($_SESSION['profileinfo']['graphs'] != 'ok') { print "<h2>No data available!</h2>\n"; return; } $profileswitch = "{$profilegroup}/{$profile}"; print "<center><a href='" . Util::htmlentities($self) . (preg_match("/\\?/", $self) ? "&" : "?") . "tab=2&win=day&type=" . urlencode($type) . "'> <IMG src='pic.php?profileswitch=" . urlencode($profileswitch) . "&file={$type}-day' width='669' height='281' border='0'></a>\n"; print "<br>"; print "<a href='" . Util::htmlentities($self) . (preg_match("/\\?/", $self) ? "&" : "?") . "tab=2&win=week&type=" . urlencode($type) . "'> <IMG src='pic.php?profileswitch=" . urlencode($profileswitch) . "&file={$type}-week' width='669' height='281' border='0'></a>\n"; print "<br>"; print "<a href='" . Util::htmlentities($self) . (preg_match("/\\?/", $self) ? "&" : "?") . "tab=2&win=month&type=" . urlencode($type) . "'> <IMG src='pic.php?profileswitch=" . urlencode($profileswitch) . "&file={$type}-month' width='669' height='281' border='0'></a>\n"; print "<br>"; print "<a href='" . Util::htmlentities($self) . (preg_match("/\\?/", $self) ? "&" : "?") . "tab=2&win=year&type=" . urlencode($type) . "'> <IMG src='pic.php?profileswitch=" . urlencode($profileswitch) . "&file={$type}-year' width='669' height='281' border='0'></a>\n"; print "<br></center>"; }
<script type="text/javascript" src="../js/messages.php"></script> <script type="text/javascript" src="../js/jquery.elastic.source.js" charset="utf-8"></script> <script type="text/javascript" src="../js/utils.js"></script> <script type="text/javascript" src="../js/jquery.tipTip.js"></script> <link rel="stylesheet" type="text/css" href="../style/av_common.css?t=<?php echo Util::get_css_id(); ?> "/> <link rel="stylesheet" type="text/css" href="../style/tipTip.css"/> <script type='text/javascript'> <?php $defaultcond = Util::htmlentities("RISK>=1"); ?> var item_focused = ''; function changecond(type) { $('#condition').hide(); if (type==1) { $('#cond').val("True"); $('#on_risk').attr('checked', false); } else if (type==2) { $('#cond').val("<?php
function PrintAsciiPacketPayload($encoded_payload, $output_type) { require_once 'classes/Util.inc'; return Util::htmlentities(wordwrap($encoded_payload, 70)); }
foreach ($property as $j => $v) { $cont_2++; $class = $v['anom'] == 1 ? "size12ig" : "size12n"; $to_delete = $v['source'] == $source_m ? "false" : "true"; $prop_value = $v['value']; $prop_title = Util::htmlentities($prop_value); $title = strlen($prop_value) > $length_name ? substr($prop_value, 0, $length_name) . "..." : $prop_value; $title = "<span class=\\'{$class}\\'>" . Util::htmlentities($title) . "</span>"; $tooltip = $prop_title; $json_properties .= "{ title: '{$title}', tooltip: '{$tooltip}', value:'" . utf8_encode($prop_value) . "', anom:'" . $v['anom'] . "', hideCheckbox: {$to_delete}, key:'item_prop_" . $p[1] . "_{$cont_2}###" . $v['id'] . "###" . $p[1] . "', isFolder:true, icon:'" . $image_url . getPropertyImage("OS=" . $v["value"]) . "', children:["; $json_properties .= "{ title: '<span class=\\'size12n\\'>" . _("Date") . ": </span><span class=\\'ml3 size12b\\'>" . $v['date'] . "</span>', date:'" . $v['date'] . "', hideCheckbox: true, key:'date_" . $v['id'] . "', isFolder:false, icon:'" . $image_url . getPropertyImage('property') . "'},"; $json_properties .= "{ title: '<span class=\\'size12n\\'>" . _("Source") . ": </span><span class=\\'ml3 size12b\\'> " . $v['source'] . "</span>', source:'" . $v['source'] . "', source_id:'" . $v['source_ref'] . "', hideCheckbox: true, key:'source_" . $v['id'] . "', isFolder:false, icon:'" . $image_url . getPropertyImage('property') . "'},"; $prop_extra = $v['extra']; $prop_title = Util::htmlentities($prop_extra); $title = strlen($prop_extra) > $length_name ? substr($prop_extra, 0, $length_name) . "..." : $prop_extra; $title = "<span class=\\'ml3 size12b\\'>" . Util::htmlentities($title) . "</span>"; $tooltip = $prop_title; $json_properties .= "{ title: '<span class=\\'size12n\\'>" . _("Version") . ": </span>{$title}', tooltip: '{$tooltip}', extra:'" . utf8_encode($prop_extra) . "', hideCheckbox: true, key:'extra_" . $v['id'] . "', isFolder:false,icon:'" . $image_url . getPropertyImage('property') . "'}"; $json_properties .= $num_p == $cont_2 ? "]}" : "]},"; } $json_properties .= $num_gp == $cont_1 ? "]}" : "]},"; } $json_properties .= $cont_1 > 0 ? "," : ""; if (!is_array($services_list)) { $services_list = array(); } $num_s = count($services_list); $cont_3 = 0; $is_folder = $num_s > 0 ? "true" : "false"; $json_properties .= "{title: '<span>" . _("Services") . "</span>', addClass:'size12', key:'property_8', isFolder:" . $is_folder . ", hideCheckbox: true, expand:true, icon:'" . $image_url . getPropertyImage('services') . "', children:["; foreach ($services_list as $k => $v) {
function Process_stat_tab($tab_changed, $profile_changed) { // the default display page - the profile stats $_SESSION['display'] = 'default'; // if it's a new profile, only admin tasks make sense // no refresh if ($_SESSION['profileinfo']['status'] == 'new') { $_SESSION['tablock'] = "A new profile needs to be completed first."; } else { unset($_SESSION['tablock']); } if (isset($_COOKIE['extended_channellist'])) { $_POST['extended_channellist'] = $_COOKIE['extended_channellist']; } $parse_opts = array("extended_channellist" => array("required" => 0, "default" => 1, "allow_null" => 0, "match" => array(0, 1), "validate" => NULL)); list($form_data, $has_errors) = ParseForm($parse_opts); $_COOKIE['extended_channellist'] = $form_data['extended_channellist']; // just display profile status if ($tab_changed || $profile_changed) { unset($_SESSION['form_data']); return; } // Delete this profile - process confirmed action if (array_key_exists('deleteprofile_x', $_POST)) { $parse_opts = array("switch" => array("required" => 1, "default" => NULL, "allow_null" => 0, "match" => "/^[A-Za-z0-9\\.][A-Za-z0-9\\-+_\\/]+\$/", "validate" => "profile_exists_validate", "must_exist" => 1)); list($form_data, $has_errors) = ParseForm($parse_opts); if ($has_errors > 0) { return; } if ($form_data['switch'] != $_SESSION['profileswitch']) { SetMessage('error', "Profile to delete is not current profile"); return; } // Do the work $cmd_opts['profile'] = $_SESSION['profileswitch']; if (array_key_exists('pid', $_SESSION)) { $cmd_opts['pid'] = $_SESSION['pid']; } $cmd_out = nfsend_query("delete-profile", $cmd_opts, 0); if (is_array($cmd_out)) { SetMessage('info', "Profile '" . $cmd_opts['profile'] . "' deleted"); unset($_SESSION['ProfileList']); $profiles = GetProfiles(); // as current profile no longer exists, switch to 'live' $_SESSION['profile'] = 'live'; $_SESSION['profilegroup'] = '.'; $_SESSION['profileswitch'] = './live'; $profileinfo = ReadProfile($_SESSION['profileswitch']); $_SESSION['profileinfo'] = $profileinfo; } // else errors are displayed anyway - nothing to do return; } // Cancel building the profile if (array_key_exists('cancelbuild_x', $_POST)) { $parse_opts = array("switch" => array("required" => 1, "default" => NULL, "allow_null" => 0, "match" => "/^[A-Za-z0-9\\.][A-Za-z0-9\\-+_\\/]+\$/", "validate" => "profile_exists_validate", "must_exist" => 1)); list($form_data, $has_errors) = ParseForm($parse_opts); if ($has_errors > 0) { return; } if ($form_data['switch'] != $_SESSION['profileswitch']) { SetMessage('error', "Profile to delete is not current profile"); return; } // Do the work $cmd_opts['profile'] = $_SESSION['profileswitch']; $cmd_out = nfsend_query("cancel-profile", $cmd_opts, 0); if (is_array($cmd_out)) { SetMessage('info', "Building profile '" . $cmd_opts['profile'] . "' canceled"); $profiles = GetProfiles(); $_SESSION['cancel-inprogress'] = 1; } // else errors are displayed anyway - nothing to do $_SESSION['refresh'] = 5; return; } // put profile into another group? if (array_key_exists('regroup', $_POST)) { if (!array_key_exists('groupselect', $_POST) || !array_key_exists('profilegroup', $_POST)) { SetMessage('error', "Missing parameters"); return; } $_group = Util::htmlentities($_POST['groupselect']); if ($_group == '(nogroup)') { $_group = '.'; } else { if ($_group == 'New group ...') { $_group = Util::htmlentities($_POST['profilegroup']); } } if ($_group != '.' && !preg_match("/^[A-Za-z0-9][A-Za-z0-9\\-+_]+\$/", $_group)) { SetMessage('error', "Illegal characters in group name '{$_group}'"); return; } else { $cmd_opts['profile'] = $_SESSION['profile']; $cmd_opts['profilegroup'] = $_SESSION['profilegroup']; $cmd_opts['newgroup'] = $_group; } if ($cmd_opts['profilegroup'] == $cmd_opts['newgroup']) { // nothing changed return; } // Do the work $cmd_out = nfsend_query("modify-profile", $cmd_opts, 0); if (is_array($cmd_out)) { // update new info in SESSION $_SESSION['profilegroup'] = $cmd_opts['newgroup']; $_SESSION['profileswitch'] = $cmd_opts['newgroup'] . '/' . $_SESSION['profile']; $profileinfo = ReadProfile($_SESSION['profileswitch']); $_SESSION['profileinfo'] = $profileinfo; unset($_SESSION['ProfileList']); $profiles = GetProfiles(); } // else errors are displayed anyway - nothing to do return; } // Edit a profile if (array_key_exists('edit', $_POST)) { $cmd_opts = array(); if (array_key_exists('profile_maxsize', $_POST)) { $_tmp = ParseMaxSize($_POST['profile_maxsize']); if (strlen($_tmp) > 0) { $cmd_opts['maxsize'] = $_tmp; } else { SetMessage('warning', "Invalid value for maxsize"); } } if (array_key_exists('profile_expire', $_POST)) { $_tmp = ParseExpire($_POST['profile_expire']); if ($_tmp >= 0) { $cmd_opts['expire'] = $_tmp; } else { SetMessage('warning', "Invalid value for expire"); } } if (array_key_exists('description', $_POST)) { $_tmp = preg_replace("/\r/", '', $_POST['description']); if (!get_magic_quotes_gpc()) { $description = addslashes($_tmp); } else { $description = $_tmp; } $cmd_opts['description'] = explode("\n", $description); } if (array_key_exists('profile_type', $_POST)) { $_tmp = $_POST['profile_type']; if (!is_numeric($_tmp) || $_tmp > 6) { SetMessage('warning', "Invalid value for profile_type"); } else { if ($_SESSION['profileinfo']['type'] != $_tmp) { $cmd_opts['profile_type'] = $_tmp; } } } if (count(array_keys($cmd_opts)) > 0) { $cmd_opts['profile'] = $_SESSION['profileswitch']; // Do the work $cmd_out = nfsend_query("modify-profile", $cmd_opts, 0); if (is_array($cmd_out)) { $profileinfo = ReadProfile($_SESSION['profileswitch']); $_SESSION['profileinfo'] = $profileinfo; } } return; } // Cancel an edit or add a channel dialog if (array_key_exists('edit_channel_cancel', $_POST) || array_key_exists('add_channel_cancel', $_POST)) { // nothing to do - default will do return; } // Add a new channel - provide add dialog if (array_key_exists('add_channel_x', $_POST)) { $_POST['add_channel'] = $_POST['add_channel_x']; } if (array_key_exists('add_channel', $_POST)) { $_SESSION['display'] = 'add_channel'; $_SESSION['refresh'] = 0; return; } // edit a channel - provide edit dialog if (array_key_exists('edit_channel', $_POST)) { $parse_opts = array("edit_channel" => array("required" => 1, "default" => NULL, "allow_null" => 0, "match" => "/^[A-Za-z0-9][A-Za-z0-9\\-+_]+\$/", "validate" => NULL)); list($form_data, $has_errors) = ParseForm($parse_opts); $form_data['profileswitch'] = $_SESSION['profileswitch']; if ($has_errors > 0) { return; } $_channel = $form_data['edit_channel']; if (!array_key_exists($_channel, $_SESSION['profileinfo']['channel'])) { SetMessage('error', "Channel '{$_channel}' does not exists in profile '" . $form_data['profile'] . "'"); return; } $_SESSION['form_data'] = $form_data; $_SESSION['refresh'] = 0; $_SESSION['display'] = 'edit_channel'; return; } // edit or add a channel? - process commited form entries if (array_key_exists('edit_channel_commit', $_POST) || array_key_exists('add_channel_commit', $_POST)) { if (array_key_exists('edit_channel_commit', $_POST)) { $_display = "edit_channel"; } else { $_display = "add_channel"; } $_SESSION['refresh'] = 0; $parse_opts = array("name" => array("required" => 1, "default" => NULL, "allow_null" => 0, "match" => "/^[A-Za-z0-9][A-Za-z0-9\\-+_]*\$/", "validate" => NULL), "colour" => array("required" => 1, "default" => NULL, "allow_null" => 0, "match" => "/^#[0-9a-f]{6}/i", "validate" => NULL), "sign" => array("required" => 1, "default" => '+', "allow_null" => 0, "match" => array('+', '-'), "validate" => NULL), "order" => array("required" => 1, "default" => 1, "allow_null" => 0, "match" => "/^[0-9]{1,2}/", "validate" => NULL), "filter" => array("required" => 1, "default" => NULL, "allow_null" => 0, "match" => "/^[\\s!-~]+\$/", "validate" => 'filter_validate'), "configured" => array("required" => 1, "default" => array(), "allow_null" => 0, "match" => NULL, "validate" => 'channel_validate')); list($form_data, $has_errors) = ParseForm($parse_opts); $form_data['profile'] = $_SESSION['profile']; $form_data['profilegroup'] = $_SESSION['profilegroup']; // additional checks if (!is_null($form_data['name'])) { $_channel = $form_data['name']; if ($_display == "edit_channel") { // verify channel in existing profile if (!array_key_exists($_channel, $_SESSION['profileinfo']['channel'])) { SetMessage('error', "Channel '{$_channel}' does not exist in profile '{$profile}'"); $has_errors = 1; } } else { // verify channel name for new channel if (array_key_exists($_channel, $_SESSION['profileinfo']['channel'])) { SetMessage('error', "Channel '{$_channel}' already exist in profile '" . $_SESSION['profile'] . "'"); $has_errors = 1; } } } // else error already reported by ParseForm // must not change the sourcelist or the filter of a channel in profile 'live' if ($form_data['profile'] == 'live') { unset($form_data['sourcelist']); unset($form_data['filter']); } else { $form_data['sourcelist'] = implode('|', $form_data['configured']); } unset($form_data['configured']); $_SESSION['form_data'] = $form_data; if ($has_errors > 0) { $_SESSION['display'] = $_display; return; } // Do the work $command = $_display == 'add_channel' ? 'add-channel' : 'modify-channel'; // make sure parameters match for nfsend $form_data['channel'] = $form_data['name']; unset($form_data['name']); $cmd_out = nfsend_query($command, $form_data, 0); if (is_array($cmd_out)) { $profileinfo = ReadProfile($_SESSION['profileswitch']); $_SESSION['profileinfo'] = $profileinfo; unset($_SESSION['form_data']); } else { // fishy something went wrong $_SESSION['display'] = $_display; } return; } // delete a channel if (array_key_exists('delete_channel_commit_x', $_POST)) { if (!array_key_exists('name', $_POST)) { SetMessage('error', "Missing channel name"); return; } $profile = $_SESSION['profile']; $_channelname = $_POST['name']; if (!array_key_exists($_channelname, $_SESSION['profileinfo']['channel'])) { SetMessage('error', "Channel '{$_tmp}' does not exist in profile '{$profile}'"); return; } // do the work $cmd_opts['profile'] = $_SESSION['profileswitch']; $cmd_opts['channel'] = $_channelname; $cmd_out = nfsend_query("delete-channel", $cmd_opts, 0); if (is_array($cmd_out)) { $profileinfo = ReadProfile($_SESSION['profileswitch']); $_SESSION['profileinfo'] = $profileinfo; } return; } // Cancel a new profile dialog if (array_key_exists('new_profile_cancel', $_POST)) { if (array_key_exists("new_profile", $_SESSION)) { unset($_SESSION['new_profile']); } // default will do return; } // create a new profile - provide the new profile dialog // this input comes directly from the profile select menu if (array_key_exists('new_profile', $_SESSION)) { unset($_SESSION['new_profile']); $_SESSION['display'] = 'new_profile'; return; } // create a new profile - process commited form if (array_key_exists('new_profile_commit', $_POST)) { $parse_opts = array("newprofileswitch" => array("required" => 1, "default" => NULL, "allow_null" => 0, "match" => "/^[A-Za-z0-9\\.][A-Za-z0-9\\-+_\\/]+\$/", "validate" => "profile_exists_validate", "must_exist" => 0), "tstart" => array("required" => 1, "default" => NULL, "allow_null" => 1, "match" => "/^[0-9]+[0-9\\-]+[0-9]+\$/", "validate" => "date_time_validate"), "tend" => array("required" => 1, "default" => NULL, "allow_null" => 1, "match" => "/^[0-9]+[0-9\\-]+[0-9]+\$/", "validate" => "date_time_validate"), "channel_wizard" => array("required" => 1, "default" => NULL, "allow_null" => 0, "match" => array('classic', 'individual'), "validate" => NULL), "expire" => array("required" => 0, "default" => 0, "allow_null" => 0, "match" => "/^[\\s!-~]+\$/", "validate" => 'expire_validate'), "maxsize" => array("required" => 0, "default" => 0, "allow_null" => 0, "match" => "/^[\\s!-~]+\$/", "validate" => 'maxsize_validate'), "description" => array("required" => 0, "default" => NULL, "allow_null" => 1, "match" => "/^[\\s!-~]+\$/", "validate" => 'description_validate'), "filter" => array("required" => 0, "default" => NULL, "allow_null" => 1, "match" => "/^[\\s!-~]+\$/", "validate" => 'filter_validate'), "channel" => array("required" => 0, "default" => array(), "allow_null" => 1, "match" => NULL, "validate" => 'channel_validate'), "shadow" => array("required" => 1, "default" => 1, "allow_null" => 1, "match" => array(0, 1), "validate" => NULL), "num_channels" => array("required" => 0, "default" => 0, "allow_null" => 1, "match" => "/^[0-9]{1,3}\$/", "validate" => NULL)); list($form_data, $has_errors) = ParseForm($parse_opts); if (preg_match("/^(.+)\\/(.+)/", $form_data['newprofileswitch'], $matches)) { $_profilegroup = $matches[1]; $_profilename = $matches[2]; $form_data['profileswitch'] = $form_data['newprofileswitch']; $form_data['profile'] = $_profilename; $form_data['profilegroup'] = $_profilegroup; unset($form_data['newprofileswitch']); } else { $has_errors = 1; } // additional checks if (!is_null($form_data['tend']) && !is_null($form_data['tstart']) && $form_data['tend'] < $form_data['tstart']) { $ts = UNIX2DISPLAY($form_data['tstart']); $te = UNIX2DISPLAY($form_data['tend']); $form_data['tstart'] = NULL; $form_data['tend'] = NULL; SetMessage('error', "Profile end time '{$te}' earlier then Start time '{$ts}'"); $has_errors = 1; } if (!is_null($form_data['tend']) && is_null($form_data['tstart'])) { $te = UNIX2DISPLAY($form_data['tend']); SetMessage('error', "Profile has end time '{$te}', but no start time set"); $has_errors = 1; } if ($form_data['channel_wizard'] == 'classic') { if (is_null($form_data['filter']) || count($form_data['channel']) == 0) { SetMessage('error', "A classic profile needs a valid filter and at least one selected channel"); $has_errors = 1; } } if ($has_errors > 0) { $_SESSION['form_data'] = $form_data; $_SESSION['display'] = 'new_profile'; $_SESSION['refresh'] = 0; return; } // do the work if (array_key_exists('channel_wizard', $form_data)) { $type = $form_data['channel_wizard']; if (NewProfileCreate($form_data, $type) == TRUE) { // update NfSen to include the new profile unset($_SESSION['ProfileList']); $profiles = GetProfiles(); // switch to new profile $_SESSION['profileswitch'] = $form_data['profileswitch']; $_SESSION['profile'] = $form_data['profile']; $_SESSION['profilegroup'] = $form_data['profilegroup']; $_SESSION['profileinfo'] = ReadProfile($_SESSION['profileswitch']); SetMessage('info', "Profile '" . $form_data['profile'] . "' created"); // if ( $_SESSION['profileinfo']['type'] == 1 && $_SESSION['profileinfo']['status'] != 'new' ) if ($_SESSION['profileinfo']['tstart'] < $_SESSION['profileinfo']['tend']) { $_SESSION['refresh'] = 5; } } else { $_SESSION['form_data'] = $form_data; $_SESSION['display'] = 'new_profile'; } } return; } if (array_key_exists('commit_profile_x', $_POST)) { if ($_SESSION['profileinfo']['status'] != 'new' && $_SESSION['profileinfo']['status'] != 'stalled') { SetMessage('error', "Can not commit a profile, not in status 'new or stalled'"); return; } // Do the work // if it fails, the default will do if (NewProfileCommit($_SESSION['profileswitch'])) { $profileinfo = ReadProfile($_SESSION['profileswitch']); $_SESSION['profileinfo'] = $profileinfo; unset($_SESSION['tablock']); if ($_SESSION['profileinfo']['tstart'] < $_SESSION['profileinfo']['tend']) { $_SESSION['refresh'] = 5; } } return; } // refresh time if profile building in progress if (preg_match("/built/", $_SESSION['profileinfo']['status'])) { $_SESSION['refresh'] = 5; } }
<img id='export_selection' class='disabled tiptip' data-selection="avt_action" data-bind="export-selection" data-title="<?php echo _('Select assets to export'); ?> " src="/ossim/pixmaps/download-big.png"/> </div> <div id='as_tags'> <ul id='tags_filters'> <?php foreach ($filters as $f_id => $_filter) { if ($_filter->is_active()) { $tag_params = $_filter->get_tag_params($conn); foreach ($tag_params as $tag_id => $tag_name) { $tag_label = Util::htmlentities($tag_name); $tag_class = md5("label_{$tag_id}") . ' filter_' . $f_id; echo '<li class="' . $tag_class . '" data-info="' . $tag_id . '">' . $tag_label . '</li>'; } } } ?> </ul> <div id='result_search'> <div id='num_assets'>0</div> <span><?php echo _('Networks');
$alert_host = $_SESSION['server'][0]; $alert_port = $_SESSION['server'][1]; $alert_user = $_SESSION['server'][2]; $alert_password = $_SESSION['server'][3]; $alert_ext_dbname = $_SESSION['server'][4]; $alert_dbname = preg_match("/\\_restore/", $alert_ext_dbname) ? $alert_ext_dbname : 'alienvault_siem'; $db_connect_method = DB_PCONNECT; $dbo = new ossim_db(); error_reporting(E_ERROR | E_PARSE); // Try to connect try { $dbo->enable_cache(); $conn_aux = $dbo->custom_connect($alert_port == "" ? $alert_host : $alert_host . ":" . $alert_port, $alert_user, $alert_password); } catch (Exception $e) { unset($_SESSION['server']); $w_html = sprintf(_('Warning! Unable to connect to <strong>%s (%s)</strong>.'), Util::htmlentities($alert_ext_dbname), Util::htmlentities($alert_host)); //$w_html .= ' '._('Connection has been restored to')." <a style='color: #9f6000; font-weight: bold;' href='base_qry_main.php?clear_allcriteria=1&num_result_rows=-1&submit=Query+DB¤t_view=-1&sort_order=time_d'>"._('local')."</a>."; $w_html .= '<div style="padding: 3px 0px;">' . _('In order to connect to the selected database, go to the <i>External Databases</i> section and follow the instructions provided by the help icon.') . '</div>'; $warning = new Av_warning('<div style="padding: 2px;">' . $w_html . '</div>'); $warning->display(); exit; } $dbo->close(); unset($dbo); error_reporting(E_ALL ^ E_NOTICE ^ E_DEPRECATED); } $current_url = Util::get_ossim_url(); $events_report_type = 33; $graph_report_type = 34; $criteria_report_type = 35; $unique_events_report_type = 36;
if ($mode == 'insert') { unset($validate["template_id"]); } } $validation_errors = validate_form_fields('POST', $validate); //Extended validation if (empty($validation_errors['login'])) { //Checking permissions to create or modify users if ($mode == 'insert') { if (!$am_i_admin && !$am_i_proadmin) { $validation_errors['login'] = _("You don't have permission to create users"); } else { $s_login = escape_sql($login, $conn, FALSE); $u_list = Session::get_list($conn, "WHERE login='******'"); if (count($u_list) > 0) { $validation_errors['login'] = _('User login already exists') . '. <br/>' . _('Entered value') . ": '<strong>" . Util::htmlentities($login) . "</strong>'"; } } } else { $condition_1 = $am_i_admin && $login != AV_DEFAULT_ADMIN || $is_my_profile; $condition_2 = $am_i_proadmin && Session::userAllowed($login) == 2; if (!($condition_1 || $condition_2)) { $validation_errors['login'] = _("You don't have permission to modify this user"); } } } //Checking password field requirements if (empty($validation_errors['pass'])) { //Checking current password $admin_login_method = $myself->get_login_method(); if ($admin_login_method != 'ldap') {
* * On Debian GNU/Linux systems, the complete text of the GNU General * Public License can be found in `/usr/share/common-licenses/GPL-2'. * * Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt * */ require_once 'av_init.php'; require_once 'config.php'; Session::logcheck("environment-menu", "EventsVulnerabilities"); $getParams = array('schedid', 'sortby', 'sortdir', 'viewall', 'setstatus', 'enabled', 'job_id', 'rs_page', 'page'); switch ($_SERVER['REQUEST_METHOD']) { case "GET": foreach ($getParams as $gp) { if (isset($_GET[$gp])) { ${$gp} = Util::htmlentities(escape_sql(trim($_GET[$gp]), $dbconn)); } else { ${$gp} = ""; } } $range_start = ""; $range_end = ""; break; } $rs_page = intval($rs_page); $page = intval($page); # Handle $disp var separate due to a invalid return value with htmlentities $disp = GET('disp'); ossim_valid($disp, 'playTask', 'pauseTask', 'stopTask', 'resumeTask', 'deleteTask', OSS_NULLABLE, 'Illegal:' . _('Disp')); if (ossim_error()) { die(_('Invalid Disp Parameter'));
Token::show_error(_('Action not allowed')); exit; } } $sname = POST('sname'); $ip = POST('ip'); $priority = POST('priority'); $port = POST('port'); $tzone = POST('tzone'); $descr = POST('descr'); $location = POST('location'); $entities = POST('entities'); $validation_errors = validate_form_fields('POST', $validate); if (empty($validation_errors['ip'])) { if (preg_match('/,/', $ip)) { $validation_errors['ip'] = _('Invalid IP address. Format allowed') . ": nnn.nnn.nnn.nnn <br/>" . _('Entered IP') . ": '<strong>" . Util::htmlentities($ip) . "</strong>'"; } else { $db = new ossim_db(); $conn = $db->connect(); $aux_id = Av_sensor::get_id_by_ip($conn, $ip); $db->close(); if (!empty($aux_id)) { $validation_errors['ip'] = _('Error! IP address associated with another sensor'); } } } $data['status'] = 'OK'; $data['data'] = $validation_errors; if (POST('ajax_validation_all') == TRUE) { if (is_array($validation_errors) && !empty($validation_errors)) { $data['status'] = 'error';
function echochildrens($entities, $parent_id, $entities_admin) { /* Connect to db */ $db = new ossim_db(); $conn = $db->connect(); $users_by_entity = Acl::get_users_by_entity($conn, $parent_id); $me = Session::get_session_user(); $entities_types = Acl::get_entities_types($conn); $length_name = !empty($_GET['length_name']) ? GET('length_name') : 30; echo ",children:["; $is_editable = $parent_id != "" && (!empty($users_by_entity[$me]) || Session::am_i_admin() || !empty($entities_admin[$me])); if ($is_editable) { echo "{title:'<font style=\"font-weight:normal\">" . _("All Assets") . "</font>', url:'AllAssets', key:'e_" . $parent_id . "_allassets', icon:'../../pixmaps/menu/assets.gif', isFolder:false, expand:true,"; echo "children:[ "; echo "{ key:'e_" . $parent_id . "_net', isFolder:true, isLazy:true, icon:'../../pixmaps/theme/net.png', title:'" . _("Networks") . "'},"; echo "{ key:'e_" . $parent_id . "_sensor', isFolder:true, isLazy:true, icon:'../../pixmaps/theme/server.png', title:'" . _("Sensors") . "'}"; echo "]}"; } $children = Acl::get_entity_childs($conn, $parent_id); if (!empty($children)) { $flag = false; foreach ($children as $index => $child_id) { $icon = "../../pixmaps/theme/any.png"; $child = $entities[0][$child_id]; $entity_allowed = Acl::entityAllowed($child_id); $child_key = "e_" . $child_id; $child_sn = strlen($child['name']) > $length_name ? substr($child['name'], 0, $length_name) . "..." : $child['name']; $child_name = Util::htmlentities($child['name']); $chil_ent_admin = $entities_admin; $chil_ent_admin[$child['admin_user']] = $child_id; if ($child['parent_id'] == $parent_id) { $title = "<font style=\"font-weight:bold;\">" . Util::htmlentities($child_sn) . "</font> <font style=\"color:gray\">[" . $entities_types[$child['type']]['name'] . "]</font>"; $tooltip = Util::htmlentities($child['name']) . " [" . $entities_types[$child['type']]['name'] . "]"; if ($flag || $is_editable) { echo ","; } $flag = true; echo "{title:'" . $title . "', tooltip:'{$tooltip}', noLink: true, url:'" . $child_url . "', key:'" . $child_key . "', icon:'{$icon}', expand:true, name:'{$child_name}'"; echochildrens($entities, $child_id, $withusers, $entities_admin, $length_name); echo "}"; } } } echo "]"; }
foreach ($assets as $_id => $asset_data) { // Alarms $alarms = Asset_host::has_alarms($conn, $_id); $alarms_icon = $alarms ? '<img src="' . AV_PIXMAPS_DIR . '/assets_tick_gray.png"/>' : '-'; // Vulns $vulns = Asset_host::get_vulnerability_number($conn, $_id); $vulns_icon = $vulns > 0 ? '<img src="' . AV_PIXMAPS_DIR . '/assets_tick_gray.png"/>' : '-'; // Events $events = Asset_host::has_events($conn, $_id); $events_icon = $events ? '<img src="' . AV_PIXMAPS_DIR . '/assets_tick_gray.png"/>' : '-'; $fqdns = $asset_data['fqdns'] != '' ? Util::htmlentities($asset_data['fqdns']) : ''; // COLUMNS $_res = array(); $_res['DT_RowId'] = $_id; $_res[] = Util::htmlentities($asset_data['name']); $_res[] = Util::htmlentities(Asset::format_to_print($asset_data['ips'])); $_res[] = $fqdns; $_res[] = $alarms_icon; $_res[] = $vulns_icon; $_res[] = $events_icon; $_res[] = $detail; $results[] = $_res; } // datatables response json $response = array(); $response['sEcho'] = $sec; $response['iTotalRecords'] = $total; $response['iTotalDisplayRecords'] = $total; $response['aaData'] = $results; $response['iDisplayStart'] = 0; echo json_encode($response);
function ParseInput() { global $TabList; global $BookmarkVars; global $GraphTabs; global $Refresh; // Preset refresh value. Any Input pasring routing may reset refresh to 0, to disable refresh $_SESSION['refresh'] = $Refresh; /* * user input may come from forms or links (POST or GET data) due to normal * form processing. If a bookmark is specified in the URL, this overwrites other * input data. To simplify data input checks, the bookmark is handled as any other post request */ ReportLog("ParseInput:"); if (isset($_GET['bookmark'])) { // process bookmarkstring $_bookmark = Util::htmlentities(base64_decode(urldecode($_GET['bookmark']))); ReportLog("Bookmark: '{$_bookmark}'"); $_vars = explode('|', $_bookmark); if (count($BookmarkVars) == count($_vars)) { for ($i = 0; $i < count($BookmarkVars); $i++) { if ($_vars[$i] != '-') { $_varpath = explode('/', $BookmarkVars[$i]); $_varname = count($_varpath) == 2 ? $_varpath[1] : $_varpath[0]; ReportLog("Bookmark: Set {$_varname}"); $_POST[$_varname] = $_vars[$i]; } } } else { SetMessage('warning', "Bookmark processing error"); } } // process tab if (!array_key_exists('tab', $_SESSION)) { // first time in this session // initialize some more vars in the SESSION var InitSession(count($BookmarkVars)); } else { $_tab = $_SESSION['tab']; } // click on tab list if (array_key_exists('tab', $_GET)) { $_tab = $_GET['tab']; } // tab from bookmark overwrites other entries if (array_key_exists('tab', $_POST)) { $_tab = $_POST['tab']; } $tab_changed = 0; if ($_tab != $_SESSION['tab'] || $_SESSION['tab'] == NULL) { // _tab changed since last cycle if (array_key_exists('tablock', $_SESSION)) { // must not change tab right now SetMessage('error', $_SESSION['tablock']); } else { // Verify new tab if (!is_numeric($_tab) || ($_tab > count($TabList) || $_tab < 0)) { SetMessage('warning', "Requested Tab not available. Set default tab to " . $TabList[0]); $_tab = 0; } $_tab = (int) $_tab; $_SESSION['tab'] = $_tab; if (!isset($_GET['bookmark'])) { $tab_changed = 1; } ReportLog("Tab: Set tab to {$_tab}: " . $TabList[$_tab]); } } // rebuild profile list if ($tab_changed && $_SESSION['tab'] == 4) { unset($_SESSION['ProfileList']); unset($_SESSION['PluginList']); $profiles = GetProfiles(); GetPlugins(); } // process sub tab $_tab = -1; if (array_key_exists('sub_tab', $_GET)) { $_tab = strip_tags($_GET['sub_tab']); } if (array_key_exists('sub_tab', $_POST)) { $_tab = strip_tags($_POST['sub_tab']); } if ($_tab >= 0) { if (!is_numeric($_tab) || $_tab < 0) { $_tab = 0; } $_SESSION['sub_tab'] = $_tab; ReportLog("Subtab: Set tab to {$_tab}: " . $GraphTabs[$_tab]); } // process profileswitch if (!array_key_exists('profileswitch', $_SESSION)) { // this is fishy - InitSession should have set this SetMessage('error', "Missing session parameter 'profileswitch'"); $_SESSION['refresh'] = 0; return array(FALSE, 0, 0); } else { $_profileswitch = $_SESSION['profileswitch']; } if (array_key_exists('profileswitch', $_POST)) { $_profileswitch = Util::htmlentities($_POST['profileswitch']); } // the alerting module only accepts profile live for now if ($_SESSION['tab'] == 3) { $_profileswitch = './live'; } $profile_changed = 0; if ($_profileswitch != $_SESSION['profileswitch']) { if ($_profileswitch == "New Profile ...") { // make sure the profile admin page gets this request; $_SESSION['tab'] = 4; $_SESSION['new_profile'] = TRUE; $_SESSION['refresh'] = 0; } else { // process new profileswitch if (preg_match("/^(.+)\\/(.+)/", $_profileswitch, $matches)) { $_profilegroup = $matches[1]; $_profilename = $matches[2]; // Check if profilegroup/profilename exists $_found = FALSE; foreach ($_SESSION['ProfileList'] as $p) { if ($p == $_profileswitch) { $_found = TRUE; } } if (!$_found) { SetMessage('error', "Profile '{$_profilename}' does not exists in profile group '{$_profilegroup}'"); SetMessage('warning', "Fall back to profile live"); $_profilegroup = '.'; $_profilename = 'live'; } } else { SetMessage('error', "Can not parse profileswitch"); SetMessage('warning', "Fall back to profile live"); $_profilegroup = '.'; $_profilename = 'live'; } $profile_changed = 1; $_SESSION['profile'] = $_profilename; $_SESSION['profilegroup'] = $_profilegroup; $_SESSION['profileswitch'] = $_profileswitch; } } $profileinfo = ReadProfile($_SESSION['profileswitch']); if ($profileinfo == FALSE) { SetMessage('warning', "Fall back to profile live"); unset($_SESSION['ProfileList']); $profiles = GetProfiles(); $_SESSION['profileswitch'] = './live'; $_SESSION['profile'] = 'live'; $_SESSION['profilegroup'] = '.'; $profileinfo = ReadProfile('./live'); if ($profileinfo == FALSE) { // double failure SetMessage('error', "Can't read profile 'live'"); $_SESSION['refresh'] = 0; return array(FALSE, 0, 0); } } if ($profileinfo['status'] == 'new') { $_SESSION['tab'] = 4; $_SESSION['refresh'] = 0; $_SESSION['tablock'] = "A new profile needs to be completed first."; } else { unset($_SESSION['tablock']); } $_SESSION['profileinfo'] = $profileinfo; // no refresh for history profiles if (($profileinfo['type'] & 3) == 1) { $_SESSION['refresh'] = 0; } return array(TRUE, $tab_changed, $profile_changed); }
$font_size = 12; } else { if (count($list) <= 30) { $font_size = 10; } else { $font_size = 8; } } foreach ($list as $l) { $event = $l[0]; $occurrences = number_format($l[1], 0, ',', '.'); $link = "{$ossim_link}/alarm/alarm_console.php"; $bc = $c++ % 2 != 0 ? "class='par'" : ''; $htmlPdfReport->set(' <tr ' . $bc . '> <td style="text-align:left;width:60mm;font-size:' . $font_size . 'px">' . Util::wordwrap(Util::htmlentities(Util::signaturefilter($event)), 30, ' ', TRUE) . '</td> <td style="text-align:center;width:22mm;font-size:' . $font_size . 'px">' . $occurrences . '</td> </tr>'); } $htmlPdfReport->set(' </table> </td> <td valign="top" style="text-align:center;padding-top:15px;">'); if ($report_graph_type == 'applets') { jgraph_nbevents_graph(); } else { $htmlPdfReport->set('<img src="' . $htmlPdfReport->newImage('/report/graphs/events_received_graph.php?shared=' . urlencode($shared_file) . '&hosts=' . $num_hosts . '&type=' . $report_type . '&date_from=' . urlencode($date_from) . '&date_to=' . urlencode($date_to) . '&runorder=' . $runorder, 'png') . '" />'); } $htmlPdfReport->set(' </td> </tr>
function qroPrintEntryHeader($prio = 1, $color = 0, $more = "", $forced_color = "", $class = "trcell") { global $priority_colors; if ($color == 1) { echo '<TR class="' . $class . '" BGCOLOR="#' . Util::htmlentities($priority_colors[$prio]) . '" ' . $more . '>'; } else { $bgcolor = $forced_color != '' ? 'bgcolor="#' . $forced_color . '"' : ''; echo '<TR class="' . $class . '" ' . $bgcolor . ' ' . $more . '>'; } }
<tr class='<?php echo $class; ?> '> <td class='location' data-sensors='<?php echo count($sensors); ?> ' data-nets='<?php echo $total_n; ?> ' data-location='<?php echo $id; ?> '> <a href="javascript:;"><?php echo $icon . " " . Util::htmlentities($name); ?> </a> <small title='<?php echo $tooltip; ?> ' class='box_help'>(<?php echo "{$total_n}"; ?> )</small> <div class="fright"> <a href='javascript:;' class='ignore_loc'> <img src="/ossim/pixmaps/status/wrench.png" border="0" style="height:12px;" /> </a> <img src='/ossim/pixmaps/br_next.png' height='10px'> </div>
print 'Error: ' . $conn->ErrorMsg() . '<br/>'; exit; } $format_date = date("M d Y G:i:s") . " GMT"; $xml .= "<data>"; if ($rs->EOF) { $xml .= "<event start='{$format_date}' title='" . _("No events matching your search criteria have been found") . "' link='' icon=''>" . Util::htmlentities(_("No events matching your search criteria have been found")) . "</event>"; } while (!$rs->EOF) { $date = explode(" ", $rs->fields['dataV2']); $d = explode("-", $date[0]); $t = explode(":", $date[1]); $timestamp = mktime($t[0], $t[1], $t[2], $d[1], $d[2], $d[0]); $format_date = date("M d Y G:i:s", $timestamp) . " GMT"; $flag = preg_replace("/http\\:\\/\\/(.*?)\\//", "/", $rs->fields['dataV4']); $xml .= "<event start='" . $format_date . "' title='" . str_replace("'", "\"", Util::htmlentities($rs->fields['dataV1'])) . "' "; $xml .= "link='./base_qry_alert.php?submit=#" . $rs->fields['dataI1'] . "-(" . $rs->fields['dataI2'] . "-" . $rs->fields['dataI3'] . ")&sort_order=time_d'"; $flag = $flag == "" ? "/ossim/pixmaps/1x1.png" : $flag; $xml .= " icon='{$flag}'>"; $inside = "<div class='bubble_desc'>" . $rs->fields['dataV1'] . "<br/><br/><div class='txt_desc'>" . $rs->fields['dataV3']; if ($rs->fields['dataV4'] != "") { $inside .= " <img src='" . $rs->fields['dataV4'] . "'/>"; } $inside .= " -> " . $rs->fields['dataV5']; if ($rs->fields['dataV6'] != "") { $inside .= " <img src='" . $rs->fields['dataV6'] . "'/>"; } $inside .= "</div><div class='df'>" . $format_date . "</div></div>"; $xml .= htmlentities($inside) . "</event>"; $rs->MoveNext(); }
<?php } ?> </table> <div style='background:transparent;text-align:center;margin-top:35px;'> <form action="view_notes.php?type=<?php echo $type; ?> &id=<?php echo $id; ?> " method="post"> <textarea name="txt" rows="5"><?php if (!ossim_error()) { echo Util::htmlentities(POST('txt')); } ?> </textarea> <br/><br/> <input type="submit" value="<?php echo _("Add new"); ?> "/> <input type="hidden" name="action" value="new"/> </form> </div> </div>
ossim_valid($inctype_id, OSS_ALPHA, OSS_SPACE, OSS_PUNC, 'illegal:' . _("id")); ossim_valid($action, OSS_ALPHA, OSS_SCORE, 'illegal:' . _("action")); if (ossim_error()) { die(ossim_error()); } if (!Session::am_i_admin()) { require_once "ossim_error.inc"; $error = new OssimError(); $error->display("ONLY_ADMIN"); } require_once 'ossim_db.inc'; require_once 'classes/Incident_type.inc'; $db = new ossim_db(); $conn = $db->connect(); $custom_name = Util::htmlentities($custom_name, ENT_QUOTES); $custom_old_name = Util::htmlentities($custom_old_name, ENT_QUOTES); if ($action == "modify") { Incident_type::update($conn, $inctype_id, $inctype_descr, $custom == 1 ? "custom" : ""); $location = "incidenttype.php"; } elseif ($action == "modify_ct") { Incident_custom::update_custom($conn, $custom_name, $custom_type, $custom_options, $custom_required, $inctype_id, $custom_old_name); $location = "modifyincidenttypeform.php?id=" . urlencode($inctype_id); } elseif ($action == "modify_pos") { Incident_custom::update_ord($conn, $custom_oldpos, $custom_newpos, $inctype_id, $custom_old_name); $location = "modifyincidenttypeform.php?id=" . urlencode($inctype_id); } elseif ($action == "add" && trim($custom_name) != "" && trim($custom_type) != "") { if (in_array($custom_type, $options) && $custom_options != '' || !in_array($custom_type, $options)) { $next_ord = Incident_custom::get_next_ord($conn, $inctype_id); $params = array($inctype_id, $custom_name, $custom_type, $custom_options, $custom_required, $next_ord); Incident_custom::insert_custom($conn, $params); $location = "modifyincidenttypeform.php?id=" . urlencode($inctype_id);
function script_details($id, $op, $nid) { global $enableNotes, $username, $site_code, $user_sites, $dbconn; $dbconn->SetFetchMode(ADODB_FETCH_BOTH); if ($op == "delnote" and $nid != "") { if (!is_numeric($nid)) { require_once 'footer.php'; echo "Cannot access this page - nid is non numeric"; die; } logAccess("Security violation - Requested non numeric noteid " . $nid); $query = "delete from nessus_notes \n where id={$nid} and username='******'"; $result = $dbconn->execute($query); } $result = $dbconn->Execute("SELECT t1.id, t1.name, t2.name, t3.name, t1.copyright, t1.summary, t1.description, t1.version, \n\tt1.cve_id, t1.bugtraq_id FROM vuln_nessus_plugins t1\n\tLEFT JOIN vuln_nessus_family t2 on t1.family=t2.id\n\tLEFT JOIN vuln_nessus_category t3 on t1.category=t3.id\n\tWHERE t1.id='{$id}'"); list($pid, $pname, $pfamily, $pcategory, $pcopyright, $psummary, $pdescription, $pversion, $pcve_id, $pbugtraq_id) = $result->fields; $pdescription = Util::htmlentities($pdescription); echo "\n<center><B>Plugin details</B></center>\n<B>ID:</B> {$pid}<BR>\n<B>Name:</B> {$pname}<BR>\n<B>Family:</B> {$pfamily}<BR>\n<B>Category:</B> {$pcategory}<BR>\n<B>Copyright:</B> {$pcopyright}<BR>\n<B>Summary:</B> {$psummary}<BR>\n<B>Description:</B> " . preg_replace("/\n/", "<br>", $pdescription) . "<BR>\n<B>Version:</B> {$pversion}<BR>\n<B>CVE IDs: </B>"; $CVEs = preg_split("/[\\s,]+/", $pcve_id); foreach ($CVEs as $CVE) { echo "<a href=\"http://www.cvedetails.com/cve/{$CVE}/\" target=\"_blank\">{$CVE}</a> "; } $Bugtraqs = preg_split("/[\\s,]+/", $pbugtraq_id); echo "<br/><B>Bugtraq IDs: </B>"; foreach ($Bugtraqs as $Bugtraq) { echo "<a href=\"http://www.securityfocus.com/bid/{$Bugtraq}\">{$Bugtraq}</a> "; } $result->Close(); echo <<<EOT <BR/><BR/> EOT; if ($enableNotes) { echo '<font color="red"><B>Notes:</B></font><BR>'; $query = "select id, note \n from vuln_nessus_notes \n where username='******' and pid={$id}"; $result = $dbconn->execute($query); while (!$result->EOF) { list($nid, $note) = $result->fields; echo <<<EOT <hr><a href="lookup.php?op=delnote&nid={$nid}&id={$id}"> <img alt="Delete Note" src="images/false.png" border=0></a> {$note}<BR> EOT; $result->MoveNext(); } echo <<<EOT <BR> <a href="notes.php?op=add&pid={$id}&httpfrom=lookup"> <img alt="Add a Custom Note" src="images/note.png" border=0> Add a Custom Note</a></font> EOT; } }
if ($preview) { foreach ($labels as $k => $data) { $values[$k] = $data['sample']; } $subject = Incident_ticket::build_email_template($subject_tpl, $values); $body = Incident_ticket::build_email_template($body_tpl, $values); ?> <table align="center" width="80%"> <tr> <th valign="middle" width="10%" style="text-align: center;"><?php echo _("Subject"); ?> :</td> <td valign="top" style="text-align: left;"><pre><?php echo $subject; ?> </pre></td> </tr> <tr> <th valign="middle" width="10%" style="text-align: center;"><?php echo _("Body"); ?> :</td> <td valign="top" style="text-align: left; border-width: 0px;"><pre><?php echo Util::htmlentities($body, ENT_COMPAT, "UTF-8"); ?> </pre></td> </tr> </table> <?php }
function PrintEventsByIP($db, $ip) { $ip = Util::htmlentities($ip); global $debug_mode; $count = 0; /* Jeffs stuff */ /* Count total events for the given address */ $event_cnt = EventCntByAddr($db, $ip); /* Grab unique alerts and count them */ $unique_events = UniqueEventCntByAddr($db, $ip, $count); $unique_event_cnt = count($unique_events); printf("<B>" . gettext("%d unique events detected among %d events on %s") . "/32</B><BR>", $unique_event_cnt, $event_cnt, Util::htmlentities($ip)); /* Print the Statistics on Each of the Unique Alerts */ echo '<TABLE BORDER=0 class="table_list"> <TR> <TD CLASS="headerbasestat">' . gettext("TCP Flags") . '</TD> <TD CLASS="headerbasestat">' . gettext("Total<BR> Occurrences") . '</TD> <TD CLASS="headerbasestat">' . gettext("Num of Sensors") . '</TD> <TD CLASS="headerbasestat">' . gettext("First<BR> Occurrence") . '</TD> <TD CLASS="headerbasestat">' . gettext("Last<BR> Occurrence") . '</TD> </TR>'; for ($i = 0; $i < $unique_event_cnt; $i++) { $current_event = $unique_events[$i]; $total = UniqueEventTotalsByAddr($db, $ip, $current_event); $num_sensors = UniqueSensorCntByAddr($db, $ip, $current_event); $start_time = StartTimeForUniqueEventByAddr($db, $ip, $current_event); $stop_time = StopTimeForUniqueEventByAddr($db, $ip, $current_event); $cellcolor = $i % 2 != 0 ? "bgcolor='#f2f2f2'" : ""; /* Print out */ echo "<TR {$cellcolor}>"; // if ($debug_mode > 1) { // SQLTraceLog(__FILE__ . ":" . __LINE__ . ":" . __FUNCTION__ . ": Before BuildSigByID()"); // } $signame = BuildSigByPlugin($unique_events[$i][0], $unique_events[$i][1], $db); echo " <TD ALIGN='center'> " . str_replace("##", "", html_entity_decode($signame)); // if ($debug_mode > 1) { // SQLTraceLog(__FILE__ . ":" . __LINE__ . ":" . __FUNCTION__ . ": After BuildSigByID()"); // } $tmp_iplookup = 'base_qry_main.php?new=1&sig_type=1&sig%5B0%5D=%3D&sig%5B1%5D=' . urlencode($unique_events[$i][0] . ";" . $unique_events[$i][1]) . '&num_result_rows=-1&submit=' . gettext("Query DB") . '¤t_view=-1&ip_addr_cnt=2' . BuildIPFormVars(urlencode($ip)); $tmp_sensor_lookup = 'base_stat_sensor.php?sig_type=1&sig%5B0%5D=%3D&sig%5B1%5D=' . urlencode($unique_events[$i][0] . ";" . $unique_events[$i][1]) . '&ip_addr_cnt=2' . BuildIPFormVars(urlencode($ip)); echo " <TD align='center'> <A HREF=\"{$tmp_iplookup}\">" . Util::htmlentities($total) . "</A> "; echo " <TD align='center'> <A HREF=\"{$tmp_sensor_lookup}\">" . Util::htmlentities($num_sensors) . "</A> "; //echo " <TD align='center'> $num_sensors"; echo " <TD align='center'> {$start_time}"; echo " <TD align='center' valign='middle'> {$stop_time}"; echo '</TR>'; } echo "</TABLE>\n"; }
function list_results($type, $value, $ctx_filter, $sortby, $sortdir) { global $allres, $offset, $pageSize, $dbconn; global $user, $arruser; $dbconn->SetFetchMode(ADODB_FETCH_BOTH); $filteredView = FALSE; $selRadio = array("", "", "", ""); $query_onlyuser = ""; $url_filter = ""; // Deprecated filter //if(!empty($arruser)) {$query_onlyuser = "******";} $sortby = "t1.results_sent DESC, t1.hostIP DESC"; $sortdir = ""; $queryw = ""; $queryl = ""; $querys = "SELECT distinct t1.hostIP, HEX(t1.ctx) as ctx, t1.scantime, t1.username, t1.scantype, t1.report_key, t1.report_type as report_type, t1.sid, t3.name as profile\n FROM vuln_nessus_latest_reports AS t1 LEFT JOIN vuln_nessus_settings AS t3 ON t1.sid = t3.id, vuln_nessus_latest_results AS t5\n WHERE\n t1.hostIP = t5.hostIP\n AND t1.ctx = t5.ctx\n AND t1.deleted = '0' "; // set up the SQL query based on the search form input (if any) if ($type == "scantime" && $value != "") { $selRadio[0] = "CHECKED"; $q = $value; $queryw = " AND t1.scantime LIKE '%{$q}%' {$query_onlyuser} order by {$sortby} {$sortdir}"; $queryl = " limit {$offset},{$pageSize}"; $stext = "<b>" . _("Search for Date/Time") . "</b> = '*{$q}*'"; $url_filter = "&type={$type}&value={$value}"; } else { if ($type == "service" && $value != "") { $selRadio[5] = "CHECKED"; $q = $value; $queryw = " AND t5.service LIKE '%{$q}%' {$query_onlyuser} order by {$sortby} {$sortdir}"; $queryl = " limit {$offset},{$pageSize}"; $stext = "<b>" . _("Search for Service") . "</b> = '*" . html_entity_decode($q) . "*'"; $url_filter = "&type={$type}&value={$value}"; } else { if ($type == "freetext" && $value != "") { $selRadio[6] = "CHECKED"; $q = $value; $queryw = " AND t5.msg LIKE '%{$q}%' {$query_onlyuser} order by {$sortby} {$sortdir}"; $queryl = " limit {$offset},{$pageSize}"; $stext = "<b>" . _("Search for Free Text") . "</b> = '*" . html_entity_decode($q) . "*'"; $url_filter = "&type={$type}&value={$value}"; } else { if ($type == "hostip" && $value != "") { $selRadio[1] = "CHECKED"; $q = strtolower($value); $queryw = " t1.hostIP LIKE '%{$q}%' {$query_onlyuser} order by {$sortby} {$sortdir}"; $queryl = " limit {$offset},{$pageSize}"; $stext = "<b>" . _("Search for Host-IP") . "</b> = '*{$q}*'"; $url_filter = "&type={$type}&value={$value}"; } else { if ($type == "fk_name" && $value != "") { $selRadio[2] = "CHECKED"; $q = strtolower($value); $queryw = " AND t1.fk_name LIKE '%{$q}%' {$query_onlyuser} order by {$sortby} {$sortdir}"; $queryl = " limit {$offset},{$pageSize}"; $stext = _("Search for Subnet/CIDR") . " = '*{$q}*'"; $url_filter = "&type={$type}&value={$value}"; } else { if ($type == "username" && $value != "") { $selRadio[3] = "CHECKED"; $q = strtolower($value); $queryw = " AND t1.username LIKE '%{$q}%' {$query_onlyuser} order by {$sortby} {$sortdir}"; $queryl = " limit {$offset},{$pageSize}"; $stext = "<b>" . _("Search for user") . "</b> = '*{$q}*'"; $url_filter = "&type={$type}&value={$value}"; } else { if ($type == "hn" && $value != "") { if (!empty($ctx_filter)) { $queryw = " AND t1.ctx=UNHEX('{$ctx_filter}')"; } $selRadio[4] = "CHECKED"; if (preg_match("/\\//", $value)) { $ip_range = array(); $ip_range = Cidr::expand_CIDR($value, "SHORT"); $queryw .= " AND (inet_aton(t1.hostIP) >= '" . $ip_range[0] . "' AND inet_aton(t1.hostIP) <='" . $ip_range[1] . "') {$query_onlyuser} order by {$sortby} {$sortdir}"; } elseif (preg_match("/\\,/", $value)) { $q = implode("','", explode(",", $value)); $queryw .= " AND t1.hostIP in ('{$q}') {$query_onlyuser} order by {$sortby} {$sortdir}"; $q = "Others"; } else { $q = $value; $queryw .= " AND t1.hostIP LIKE '{$q}' {$query_onlyuser} order by {$sortby} {$sortdir}"; } $queryl = " limit {$offset},{$pageSize}"; if (!preg_match("/\\//", $value)) { $stext = "<b>" . _("Search for Host") . "</b> = '" . html_entity_decode($q) . "'"; } else { $stext = "<b>" . _("Search for Subnet/CIDR") . "</b> = '{$value}'"; } $url_filter = "&type={$type}&value={$value}"; } else { $selRadio[4] = "CHECKED"; $viewAll = FALSE; $queryw = "{$query_onlyuser} order by {$sortby} {$sortdir}"; $queryl = " limit {$offset},{$pageSize}"; $stext = ""; } } } } } } } // set up the pager and search fields if viewing all hosts $reportCount = 0; if (!$filteredView) { $dbconn->Execute(str_replace("SELECT distinct", "SELECT SQL_CALC_FOUND_ROWS distinct", $querys) . $queryw); $reportCount = $dbconn->GetOne("SELECT FOUND_ROWS() as total"); $previous = $offset - $pageSize; if ($previous < 0) { $previous = 0; } $last = intval($reportCount / $pageSize) * $pageSize; if ($last < 0) { $last = 0; } $next = $offset + $pageSize; $pageEnd = $offset + $pageSize; $value = html_entity_decode($value); //echo "<center><table cellspacing='0' cellpadding='0' border='0' width='100%'><tr><td class='headerpr' style='border:0;'>"._("Current Vulnerablities")."</td></tr></table>"; // output the search form echo "<table class='w100 transparent'>"; echo "<tr><td class='sec_title'>" . _("Asset Vulnerability Details") . "</td></tr>"; echo "<tr><td style='padding:12px 0px 0px 0px;' class='transparent'>"; ?> <div id='cvleftdiv'> <a id="new_scan_button" class="button" href="<?php echo Menu::get_menu_url(AV_MAIN_PATH . '/vulnmeter/sched.php?action=create_scan&hosts_alive=1&scan_locally=1', 'environment', 'vulnerabilities', 'scan_jobs'); ?> " style="text-decoration:none;"> <?php echo _("New Scan Job"); ?> </a> </div> <div id='cvrightdiv'> <?php echo '<form name="hostSearch" id="hostSearch" action="index.php" method="GET"> <input type="text" length="25" name="value" id="assets" class="assets" style="margin:0px !important;" value="' . Util::htmlentities($value) . '">'; // cvfiltertype -> current vulnerabilities filter type echo "\n<input type=\"radio\" name=\"type\" value=\"service\" {$selRadio['5']}>" . _("Service") . "\n<input type=\"radio\" name=\"type\" value=\"freetext\" {$selRadio['6']}>" . _("Free text") . "\n<input type=\"radio\" name=\"type\" value=\"hn\" {$selRadio['4']}>" . _("Host/Net") . "\n"; echo "<input type=\"submit\" name=\"submit\" value=\"" . _("Find") . "\" id=\"current_vulns_find_button\" class=\"av_b_secondary small\" style=\"margin-left:15px;\">"; echo <<<EOT </form> </p> EOT; } else { // get the search result count $queryc = "SELECT count( report_id ) FROM vuln_nessus_latest_reports WHERE t1.deleted = '0' "; $scount = $dbconn->GetOne($queryc . $queryw); echo "<p>{$scount} report"; if ($scount != 1) { echo "s"; } else { } echo " " . _("found matching search criteria") . " | "; echo " <a href='index.php' alt='" . _("View All Reports") . "'>" . _("View All Reports") . "</a></p>"; } echo "<p>"; echo $stext; echo "</p>"; echo "</div></td></tr></table>"; $result = array(); // get the hosts to display $result = $dbconn->GetArray($querys . $queryw . $queryl); // main query //echo $querys.$queryw.$queryl; $delete_ids = array(); if (count($result) > 0) { foreach ($result as $rpt) { $delete_ids[] = $dreport_id = $rpt["report_id"]; } } $_SESSION["_dreport_ids"] = implode(",", $delete_ids); //echo "$querys$queryw$queryl"; if ($result === false) { $errMsg[] = _("Error getting results") . ": " . $dbconn->ErrorMsg(); $error++; dispSQLError($errMsg, $error); } else { $data['vInfo'] = 0; $data['vLow'] = 0; $data['vMed'] = 0; $data['vHigh'] = 0; $data['vSerious'] = 0; $perms_where = Asset_host::get_perms_where('host.', TRUE); if (!empty($perms_where)) { $queryt = "SELECT count(lr.result_id) AS total, lr.risk, lr.hostIP, HEX(lr.ctx) AS ctx\n FROM vuln_nessus_latest_results lr, host, host_ip hi\n WHERE host.id=hi.host_id AND inet6_ntoa(hi.ip)=lr.hostIP {$perms_where} AND falsepositive='N'\n GROUP BY risk, hostIP, ctx"; } else { $queryt = "SELECT count(lr.result_id) AS total, risk, lr.hostIP, HEX(lr.ctx) AS ctx\n FROM vuln_nessus_latest_results lr\n WHERE falsepositive='N'\n GROUP BY risk, hostIP, ctx"; } //echo "$queryt<br>"; $resultt = $dbconn->Execute($queryt); while (!$resultt->EOF) { $riskcount = $resultt->fields['total']; $risk = $resultt->fields['risk']; if ($risk == 7) { $data['vInfo'] += $riskcount; } else { if ($risk == 6) { $data['vLow'] += $riskcount; } else { if ($risk == 3) { $data['vMed'] += $riskcount; } else { if ($risk == 2) { $data['vHigh'] += $riskcount; } else { if ($risk == 1) { $data['vSerious'] += $riskcount; } } } } } $resultt->MoveNext(); } if ($data['vInfo'] == 0 && $data['vLow'] == 0 && $data['vMed'] == 0 && $data['vHigh'] == 0 && $data['vSerious'] == 0) { $tdata[] = array("report_id" => "All", "host_name" => "", "scantime" => "", "username" => "", "scantype" => "", "report_key" => "", "report_type" => "", "sid" => "", "profile" => "", "hlink" => "", "plink" => "", "xlink" => "", "vSerious" => $data['vSerious'], "vHigh" => $data['vHigh'], "vMed" => $data['vMed'], "vLow" => $data['vLow'], "vInfo" => $data['vInfo']); } else { $tdata[] = array("report_id" => "All", "host_name" => "", "scantime" => "", "username" => "", "scantype" => "", "report_key" => "", "report_type" => "", "sid" => "", "profile" => "", "hlink" => "lr_reshtml.php?ipl=all&disp=html&output=full&scantype=M", "plink" => "lr_respdf.php?ipl=all&scantype=M", "xlink" => "lr_rescsv.php?ipl=all&scantype=M", "dlink" => "", "vSerious" => $data['vSerious'], "vHigh" => $data['vHigh'], "vMed" => $data['vMed'], "vLow" => $data['vLow'], "vInfo" => $data['vInfo']); } foreach ($result as $data) { if (!Session::hostAllowed_by_ip_ctx($dbconn, $data["hostIP"], $data["ctx"])) { continue; } $host_id = key(Asset_host::get_id_by_ips($dbconn, $data["hostIP"], $data["ctx"])); if (valid_hex32($host_id)) { $data['host_name'] = Asset_host::get_name_by_id($dbconn, $host_id); } $data['vSerious'] = 0; $data['vHigh'] = 0; $data['vMed'] = 0; $data['vLow'] = 0; $data['vInfo'] = 0; // query for reports for each IP $query_risk = "SELECT distinct risk, port, protocol, app, scriptid, msg, hostIP FROM vuln_nessus_latest_results WHERE hostIP = '" . $data['hostIP']; $query_risk .= "' AND username = '******'username'] . "' AND sid =" . $data['sid'] . " AND ctx = UNHEX('" . $data['ctx'] . "') AND falsepositive='N'"; $result_risk = $dbconn->Execute($query_risk); while (!$result_risk->EOF) { if ($result_risk->fields["risk"] == 7) { $data['vInfo']++; } else { if ($result_risk->fields["risk"] == 6) { $data['vLow']++; } else { if ($result_risk->fields["risk"] == 3) { $data['vMed']++; } else { if ($result_risk->fields["risk"] == 2) { $data['vHigh']++; } else { if ($result_risk->fields["risk"] == 1) { $data['vSerious']++; } } } } } $result_risk->MoveNext(); } $data['plink'] = "lr_respdf.php?treport=latest&ipl=" . urlencode($data['hostIP']) . "&ctx=" . $data['ctx'] . "&scantype=" . $data['scantype']; $data['hlink'] = "lr_reshtml.php?treport=latest&ipl=" . urlencode($data['hostIP']) . "&ctx=" . $data['ctx'] . "&scantype=" . $data['scantype']; $data['xlink'] = "lr_rescsv.php?treport=latest&ipl=" . urlencode($data['hostIP']) . "&ctx=" . $data['ctx'] . "&scantype=" . $data['scantype']; if (Session::am_i_admin()) { $data['dlink'] = "index.php?delete=" . $data['report_key'] . "&scantime=" . $data['scantime']; } $list = explode("\n", trim($data['meth_target'])); if (count($list) == 1) { $list[0] = trim($list[0]); $data['target'] = resolve_asset($dbconn, $list[0]); } elseif (count($list) == 2) { $list[0] = trim($list[0]); $list[0] = resolve_asset($dbconn, $list[0]); $list[1] = trim($list[1]); $list[1] = resolve_asset($dbconn, $list[1]); $data['target'] = $list[0] . ' ' . $list[1]; } else { $list[0] = trim($list[0]); $list[0] = resolve_asset($dbconn, $list[0]); $list[count($list) - 1] = trim($list[count($list) - 1]); $list[count($list) - 1] = resolve_asset($dbconn, $list[count($list) - 1]); $data['target'] = $list[0] . " ... " . $list[count($list) - 1]; } $tdata[] = $data; } if ($sortdir == "ASC") { $sortdir = "DESC"; } else { $sortdir = "ASC"; } $url = $_SERVER['SCRIPT_NAME'] . "?offset={$offset}&sortby=%var%&sortdir={$sortdir}" . $url_filter; $fieldMapLinks = array(); $fieldMapLinks = array(gettext("HTML Results") => array('url' => '%param%', 'param' => 'hlink', 'target' => 'main', 'icon' => 'images/html.png'), gettext("PDF Results") => array('url' => '%param%', 'param' => 'plink', 'target' => '_blank', 'icon' => 'images/pdf.png'), gettext("EXCEL Results") => array('url' => '%param%', 'param' => 'xlink', 'target' => '_blank', 'icon' => 'images/page_white_excel.png')); if (Session::am_i_admin()) { $fieldMapLinks["DELETE Results"] = array('url' => '%param%', 'param' => 'dlink', 'target' => 'main', 'icon' => 'images/delete.gif'); } $fieldMap = array("Host - IP" => array('var' => 'hostip'), "Date/Time" => array('var' => 'scantime'), "Profile" => array('var' => 'profile'), "Serious" => array('var' => 'vSerious'), "High" => array('var' => 'vHigh'), "Medium" => array('var' => 'vMed'), "Low" => array('var' => 'vLow'), "Info" => array('var' => 'vInfo'), "Links" => $fieldMapLinks); // echo "<pre>"; // var_dump($tdata); // echo "</pre>"; if (count($tdata) > 1) { drawTableLatest($fieldMap, $tdata, "Hosts"); } elseif (Session::menu_perms("environment-menu", "EventsVulnerabilitiesScan")) { echo "<br><span class='gray'>" . _("No results found: ") . "</span><a href='" . Menu::get_menu_url(AV_MAIN_PATH . '/vulnmeter/sched.php?action=create_scan&hosts_alive=1&scan_locally=1', 'environment', 'vulnerabilities', 'scan_jobs') . "'>" . _("Click here to run a Vulnerability Scan now") . "</a><br><br>"; } } // draw the pager again, if viewing all hosts if (!$filteredView && $reportCount > 10) { ?> <div class="fright tmargin"> <?php if ($next > $pageSize) { ?> <a href="index.php?<?php echo "offset={$previous}{$url_filter}"; ?> " class="pager">< <?php echo _("PREVIOUS"); ?> </a> <?php } else { ?> <a class='link_paginate_disabled' href="" onclick='return false'>< <?php echo _("PREVIOUS"); ?> </a> <?php } if ($next <= $last) { ?> <a class='lmargin' href="index.php?<?php echo "offset={$next}{$url_filter}"; ?> "> <?php echo _("NEXT"); ?> ></a> <?php } else { ?> <a class='link_paginate_disabled lmargin' href="" onclick='return false'><?php echo _("NEXT"); ?> ></a> <?php } ?> </div> <?php } else { echo "<p> </p>"; } }
echo "</div>"; } ?> </div> </div> <div id="tabs-5"> <div class="accordion"> <?php $labels_sections = is_array($labels_sections) ? $labels_sections : array(); foreach ($labels_sections as $ins => $label) { echo "<h3><a href='#'>" . Util::htmlentities($ins) . "</a></h3>"; echo "<div>"; //Description echo "<div class='help_title'>{$title_desc}</div>"; echo "<div class='help_container'>" . $label['help'] . "</div>"; //Example echo "<div class='help_title'>{$title_example}</div>"; echo "<div class='help_container'>" . $label['sample'] . "</div>"; echo "</div>"; } ?> </div> </div>
function clean_string($string) { $char_list = "\t\n\r\v"; $string = trim($string, $char_list); $string = Util::htmlentities($string, ENT_QUOTES, "UTF-8"); return $string; }
function update_profile($sid, $sname, $sdescription, $stype, $sautoenable, $auto_cat_status, $auto_fam_status, $tracker) { global $uroles, $dbconn, $conf; $username = $stype; // Owner Profile $host_tracker = 0; // $result = $dbconn->execute("select owner // from vuln_nessus_settings // where id = $sid"); // list ($myowner)=$result->fields; // if ($myowner <> $username && !$uroles[admin]) { // echo "Access denied: You do not own this profile and are not an admin // - (owner = $myowner)\n"; // //require_once('footer.php'); // die (); // } // "G" is global, blank is a private scan profile if ($stype == TRUE) { $stype = "G"; } else { $stype = ""; } if ($tracker == "on") { $host_tracker = 1; } $query = "update vuln_nessus_settings \n set name='{$sname}', description='{$sdescription}', \n type='{$stype}', autoenable='{$sautoenable}',\n auto_cat_status = {$auto_cat_status},\n auto_fam_status = {$auto_fam_status},\n update_host_tracker='{$host_tracker}',\n owner = '{$username}'\n where id={$sid}"; $result = $dbconn->execute($query); reset($_POST); // if form method="post" while (list($key, $value) = each($_POST)) { $value = Util::htmlentities(mysql_real_escape_string(trim($value)), ENT_QUOTES); if (substr($key, 0, 2) == "f_") { $type = substr($key, 0, 1); $key = substr($key, 2); $query = "update vuln_nessus_settings_family \n set status={$value} \n where sid={$sid} and fid={$key}"; $results = $dbconn->Execute($query); } elseif (substr($key, 0, 2) == "c_") { $type = substr($key, 0, 1); $key = substr($key, 2); $query = "update vuln_nessus_settings_category set status={$value} where sid={$sid} and cid={$key}"; $results = $dbconn->Execute($query); } } if ($sautoenable == "C") { $query = "select t1.cid, t1.status from vuln_nessus_settings_category as t1, vuln_nessus_category as t2 where sid={$sid}"; $result = $dbconn->execute($query); while (!$result->EOF) { list($cid, $catstatus) = $result->fields; if ($catstatus == 4) { $query1 = "update vuln_nessus_settings_plugins set enabled='N' where category={$cid} and sid={$sid}"; $result1 = $dbconn->execute($query1); } elseif ($catstatus == 1) { $query1 = "update vuln_nessus_settings_plugins set enabled='Y' where category={$cid} and sid={$sid}"; $result1 = $dbconn->execute($query1); } $result->MoveNext(); } } elseif ($sautoenable == "F") { $query = "select t1.fid, t1.status from vuln_nessus_settings_family as t1, vuln_nessus_family as t2 where sid={$sid}"; $result = $dbconn->execute($query); while (!$result->EOF) { list($fid, $catstatus) = $result->fields; if ($catstatus == 4) { $query1 = "update vuln_nessus_settings_plugins set enabled='N' where family={$fid} and sid={$sid}"; $result1 = $dbconn->execute($query1); } elseif ($catstatus == 1) { $query1 = "update vuln_nessus_settings_plugins set enabled='Y' where family={$fid} and sid={$sid}"; $result1 = $dbconn->execute($query1); } $result->MoveNext(); } } //echo "Profile Updated<BR>"; ?> <script type="text/javascript"> //<![CDATA[ document.location.href='settings.php?hmenu=Vulnerabilities&smenu=ScanProfiles'; //]]> </script><?php //logAccess( "Updated Autoenable Settings for Profile $sid" ); if (preg_match("/omp\\s*\$/i", $nessus_path)) { $omp = new OMP(); $omp->set_plugins_by_family($sid); } edit_profile($sid); }
</head> <body class='ne1'> <?php //Local menu include_once '../local_menu.php'; ?> <div id='mapmap'> <?php $ri_indicators = get_indicators_from_map($conn, $map); foreach ($ri_indicators as $ri_indicator) { echo draw_indicator($conn, $ri_indicator); } ?> <img id='map_img' onload='initDiv();' src='maps/map<?php echo Util::htmlentities($map); ?> .jpg'/> </div> <div id='cont_options'> <div class='rb_right btn_info'> <a href='<?php echo Menu::get_menu_url('view.php?map=' . $_SESSION['default_riskmap'], 'dashboard', 'riskmaps', 'overview'); ?> '> <img src='../pixmaps/risk_home.png' alt='<?php echo _('Home'); ?> ' title='<?php echo _("Go to default map");