/**
  * Update a profiles' settings in the database
  *
  * Updates all the settings in the database that have
  * changed from their default values since the settings
  * object was created.
  */
 public function update()
 {
     $db = nessquikDB::getInstance();
     $sql = "UPDATE profile_settings SET :1=':2' WHERE profile_id='" . $this->profile_id . "' AND setting_type='user'";
     $stmt = $db->prepare($sql);
     // Update all the fields in the database
     $stmt->execute('setting_name', $this->scan_name);
 }
예제 #2
0
 private function api_key_ok($api_key)
 {
     $db = nessquikDB::getInstance();
     $sql = "SELECT api_id FROM api_keys WHERE api_key=':1' LIMIT 1";
     $stmt = $db->prepare($sql);
     $stmt->execute($client_key);
     if ($stmt->num_rows() < 1) {
         $this->error = new IXR_Error(403, 'Bad API key.');
         return false;
     }
     return true;
 }
예제 #3
0
#!/usr/bin/php -q

<?php 
set_time_limit(0);
if (!@$argc) {
    die("<p>This script can only be run from command line");
}
define('_ABSPATH', dirname(dirname(__FILE__)));
require_once _ABSPATH . '/confs/config-inc.php';
require_once _ABSPATH . '/db/nessquikDB.php';
$db = nessquikDB::getInstance();
$nasl = array();
$sql = array('insert' => "\tINSERT INTO nasl_names (`pluginid`,\n\t\t\t\t`script_name`) \n\t\t\tVALUES (':1',':2') \n\t\t\tON DUPLICATE KEY UPDATE script_name=':3'");
$stmt = $db->prepare($sql['insert']);
// If the path sent is a directory...
if (is_dir(_NESSUS_PLUG_DIR)) {
    // ...check to see if we can open it. If yes, store its resource in a variable
    if ($handle = opendir(_NESSUS_PLUG_DIR)) {
        // If we're capable of opening the directory, reading files in one at a time until no more
        while (false !== ($file = readdir($handle))) {
            // Check to see if the filename is either the current dir, or the parent dir.
            // and skip it if it is.
            if ($file != "." && $file != "..") {
                $nasl[] = $file;
            }
        }
    }
}
// Close the directory we were working with
closedir($handle);
/**
예제 #4
0
 public static function getInstance()
 {
     if (empty(self::$instance)) {
         switch (_RELEASE) {
             case "fermi":
                 self::$instance = parent::db_factory(_SAVED_DBUSER, _SAVED_DBPASS, _SAVED_DBUSE, _SAVED_DBSERVER, _SAVED_DBPORT);
                 break;
             case "general":
             default:
                 self::$instance = nessquikDB::getInstance();
                 break;
         }
     }
     return self::$instance;
 }
예제 #5
0
 /**
  * Updates a help topic
  *
  * This method will save back to the database, the
  * information that is associated with a topic.
  *
  * @param integer $help_id ID of the help topic that
  *	is being saved
  * @param integer $category_id ID of the category that
  *	the particular topic will/does now reside in
  * @param string $question Question that is posed by
  *	the topic
  * @param string $answer Answer to the help topic question
  * @return boolean True on successful update, false on failure
  */
 public function edit_help_topic($help_id, $category_id, $question, $answer)
 {
     $db = nessquikDB::getInstance();
     $sql = array('update' => "UPDATE help SET category_id=':1', question=':2', answer=':3' WHERE help_id=':4'");
     $stmt = $db->prepare($sql['update']);
     $stmt->execute($category_id, $question, $answer, $help_id);
     if ($stmt->affected() < 0) {
         return false;
     } else {
         return true;
     }
 }
예제 #6
0
 private function delete_recurrence($profile_id)
 {
     $db = nessquikDB::getInstance();
     $sql = "DELETE FROM recurrence WHERE profile_id=':1'";
     $stmt = $db->prepare($sql);
     $stmt->execute($profile_id);
 }
예제 #7
0
 /**
  * Get a list of all plugins
  *
  * This function will query the plugins database and return
  * an array that is indexed by plugin ID. The value of each
  * entry in the array will be 'no'. The array that is returned
  * can be looped through right away to create the plugin list
  * for a nessusrc file.
  *
  * @return array Array of plugin IDs with the value of each entry set to 'no'
  */
 public function getAllPlugins()
 {
     $db = nessquikDB::getInstance();
     $set = array();
     $sql = array('select' => "SELECT pluginid FROM plugins ORDER BY pluginid ASC;");
     $stmt = $db->prepare($sql['select']);
     $stmt->execute();
     while ($row = $stmt->fetch_assoc()) {
         $set[$row['pluginid']] = 'no';
     }
     return $set;
 }
예제 #8
0
 /**
  * Removes dead metrics
  *
  * A dead metric is basically a metric that has been removed by the user
  * by having its folder deleted from the metrics folder. This method takes
  * care of clearing the database of these dead metrics.
  */
 private function remove_dead_metrics()
 {
     $db = nessquikDB::getInstance();
     /**
      * For this walk, we only care about the installed metrics.
      */
     $diff = array_diff($this->installed_metrics, $this->metric_list);
     $sql = array('delete' => "DELETE FROM metrics WHERE `name`=':1' AND type=':2'");
     $stmt = $db->prepare($sql['delete']);
     foreach ($diff as $key => $metric_class) {
         require_once $this->metric_path . '/' . $metric_class . '.php';
         $this->new_metrics = true;
         $metric_class = new ReflectionClass($metric_class);
         $metric = $metric_class->newInstance();
         $metric->_remove();
         $stmt->execute($metric_class, $this->type);
     }
 }
예제 #9
0
 /**
  * Re-schedule a scan
  *
  * This method will handle rescheduling the scan and updating
  * it's date_scheduled field so that the scan maker can check
  * the new field against the current time when it comes around
  *
  * @param string $profile_id ID of the profile to reschedule
  * @param datetime $date_scheduled The new date and time to
  *	reschedule the scan. The format should be that of
  *	the MySQL DATETIME field format
  * @return boolean True if successfully rescheduled. False otherwise
  */
 private function reschedule_scan($profile_id, $date_scheduled)
 {
     $db = nessquikDB::getInstance();
     $sql = array('update' => "\tUPDATE profile_list \n\t\t\t\t\tSET date_scheduled=':2' \n\t\t\t\t\tWHERE profile_id=':1'");
     $stmt = $db->prepare($sql['update']);
     $stmt->execute($profile_id, $date_scheduled);
     if ($stmt->affected() > 0) {
         return true;
     } else {
         return false;
     }
 }
예제 #10
0
 public function get_division_id($division)
 {
     $db = nessquikDB::getInstance();
     $sql = array('select' => "SELECT group_id FROM division_group_list WHERE group_name=':1';");
     $stmt1 = $db->prepare($sql['select']);
     $stmt1->execute($division);
     if ($stmt1->num_rows() > 0) {
         return $stmt1->result(0);
     } else {
         return false;
     }
 }
예제 #11
0
 /**
  * Remove all the plugins from a profile
  *
  * This method will remove the plugins from the profile
  * table for the given profile. It's the equivalent of
  * assigning an empty plugin set to the scan profile
  *
  * @param string $profile_id ID of the profile to remove
  *	all the plugins from
  * @return True on successful removal, false otherwise
  */
 public function delete_all_plugins($profile_id = '')
 {
     if ($profile_id == '') {
         $profile_id = $this->profile_id;
     }
     $db = nessquikDB::getInstance();
     $sql = "DELETE FROM profile_plugin_list WHERE profile_id=':1';";
     $stmt = $db->prepare($sql);
     $stmt->execute($profile_id);
     if ($stmt->affected() < 0) {
         return false;
     } else {
         return true;
     }
 }
예제 #12
0
 /**
  * Check if the version of nessquik is up-to-date
  *
  * Since a lot is likely to change between nessquik
  * versions, I'm including this method here so that
  * the system can be checked for a particular configuration
  * that is specific to an install of nessquik and if
  * that configuration does not exist, an error message
  * will be displayed notifying the user that they
  * are using a new version of nessquik with an old version
  * of the database
  */
 public function check_version()
 {
     $success = false;
     $db = nessquikDB::getInstance();
     $tpl = SmartyTemplate::getInstance();
     $sql = array('tables' => "SHOW TABLES FROM " . _DBUSE);
     $stmt1 = $db->prepare($sql['tables']);
     $stmt1->execute();
     if ($stmt1->num_rows() == 0) {
         $tpl->assign("SUCCESS", "noper");
         $tpl->assign("MESSAGE", "It seems you haven't created your database yet. Use the setup file to do this.<p>");
         $tpl->assign("RETURN_LINK", "");
         $tpl->display("actions_done.tpl");
         exit;
     }
     while ($row = $stmt1->fetch_row()) {
         $table = $row[0];
         if ($table == "division_group_list") {
             $success = true;
             break;
         }
     }
     if (!$success) {
         $tpl->assign("SUCCESS", "noper");
         $tpl->assign("MESSAGE", "You're trying to use the nessquik 2.5 code base with a nessquik 2.0 database.<p>" . "This isn't going to work. Please run the upgrade scripts before continuing.");
         $tpl->assign("RETURN_LINK", "");
         $tpl->display("actions_done.tpl");
         exit;
     }
 }
예제 #13
0
 /**
  * Set a scan's finish date
  *
  * After a scan has finished running, you may want
  * to set the date and time it finished running in
  * the database. This method will set that value in
  * the database. The date should be formatted according
  * to the MySQL datetime format. This can be accomplished
  * using the following strftime format.
  *
  *	strftime("%Y-%m-%d %T", time());
  *
  * @param array $params Array of parameters sent to the function
  *	0 - Client key of the scanner
  *	1 - Profile ID to set the finished date of
  *	2 - Date, in MySQL datetime format, of when
  *	    the scan finished running
  * @return True on successful progress update. IXR_Error
  *	on failure
  */
 public function jobs_setFinishedDate($params)
 {
     $db = nessquikDB::getInstance();
     $client_key = $params[0];
     $profile_id = $params[1];
     $date = $params[2];
     $sql = "UPDATE profile_list SET date_finished=':1' WHERE profile_id=':2';";
     $stmt = $db->prepare($sql);
     if (!$this->client_key_ok($client_key)) {
         return $this->error;
     }
     if (!$this->client_key_can_scan_profile($client_key, $profile_id)) {
         return $this->error;
     }
     $stmt->execute($date, $profile_id);
     return true;
 }