if ($j > $to) {
$li = "key:'{$key}', page:'{$nextpage}', isFolder:true, isLazy:true, icon:'../../pixmaps/theme/net_group.png', title:'" . _("next") . " {$maxresults} " . _("net groups") . "'";
$buffer .= ",{ {$li} }\n";
}
}
$buffer .= "]";
if ($buffer == "" || $buffer == "[]") {
echo "[{title:'" . _("No Network groups Found") . "', noLink:true}]";
} else {
echo $buffer;
}
} else {
if (preg_match("/netgroup_(.*)/", $key, $found)) {
$html = "";
$k = 0;
$nets = Net_group::get_networks($conn, base64_decode($found[1]));
$buffer .= "[";
foreach ($nets as $net) {
if ($k >= $from && $k < $to) {
$net_name = $net->get_net_name();
$net_title = Util::htmlentities($net_name);
$net_key = utf8_encode($key . $k);
$ips_data = $net->get_net_ips($conn);
$ips = "<font style=\"font-size:80%\">(" . $ips_data . ")</font>";
$title = strlen($net_name) > $length_name ? substr($net_name, 0, $length_name) . "..." : $net_name;
$title = Util::htmlentities($title) . " " . $ips;
$tooltip = $net_title . " (" . $ips_data . ")";
$html .= "{ key:'{$net_key}', url:'{$ips_data}', icon:'../../pixmaps/theme/net.png', title:'{$title}', tooltip:'{$tooltip}' },\n";
}
$k++;
}
$conn->Execute($query, $params);
// BP ASSET
if ($rs->fields['type_name'] != '' && $rs->fields['type'] != '') {
$rs->fields['type'] = fix_type($rs->fields['type']);
$params = array($rs->fields['type_name'], $rs->fields['type']);
$sql = 'SELECT member, type FROM bp_asset_member WHERE member = UNHEX(?) AND type=?';
if ($ri =& $conn->Execute($sql, $params)) {
if ($ri && $ri->EOF) {
// check if asset exist
$sql = 'INSERT INTO bp_asset_member (member, type) VALUES (UNHEX(?), ?)';
$conn->Execute($sql, $params);
}
}
// For net_group insert all related networks
if ($rs->fields['type'] == 'net_group' || $rs->fields['type'] == 'netgroup') {
$networks = Net_group::get_networks($conn, $rs->fields['type_name']);
foreach ($networks as $network) {
$sql = 'SELECT member, type FROM bp_asset_member WHERE member = UNHEX(?) AND type=?';
$rn = $conn->Execute($sql, array($network->get_net_id(), 'net'));
if ($rn && $rn->EOF) {
$sql = 'INSERT INTO bp_asset_member (member, type) VALUES (UNHEX(?), ?)';
$conn->Execute($sql, array($network->get_net_id(), 'net'));
}
}
}
}
} else {
$delete_list[] = array($rs->fields['id'], $rs->fields['type'], $rs->fields['type_name']);
}
$rs->MoveNext();
}
$rs = $conn->Execute($sql, $params);
if (!$rs) {
Av_exception::write_log(Av_exception::DB_ERROR, $conn->ErrorMsg());
exit;
}
if ($rs->RecordCount() == "0") {
// check if asset exist
$sql = "INSERT INTO bp_asset_member (id, member, type) VALUES (0, UNHEX(?), ?)";
$rs = $conn->Execute($sql, $params);
if (!$rs) {
Av_exception::write_log(Av_exception::DB_ERROR, $conn->ErrorMsg());
exit;
}
// For net_group insert all related networks
if ($asset_type == 'net_group' || $asset_type == 'netgroup') {
$networks = Net_group::get_networks($conn, $asset_id);
foreach ($networks as $network) {
$net_id = $network->get_net_id();
$sql = "INSERT INTO bp_asset_member (id, member, type) VALUES (0, UNHEX(?), ?)";
$conn->Execute($sql, array($net_id, "net"));
}
}
}
}
// Random position to prevent overlaping
$x = rand(50, 250);
$y = rand(50, 150);
$params = array($alarm_name, $map, $url, $asset_type, $asset_id, $icon, $x, $y, $iconsize);
$sql = "INSERT INTO risk_indicators (name, map, url, type, type_name, icon, x, y, w, h, size) VALUES (?,UNHEX(?),?,?,?,?,?,?,80,70,?)";
$rs = $conn->Execute($sql, $params);
if (!$rs) {
$conn = $db->connect();
$id = GET('id');
$msg = GET('msg');
ossim_valid($id, OSS_ALPHA, OSS_NULLABLE, 'illegal:' . _('Network Group ID'));
if (ossim_error()) {
die(ossim_error());
}
$networks = array();
$descr = '';
if ($id != '') {
if ($net_group_list = Net_group::get_list($conn, " g.id = UNHEX('{$id}')")) {
$net_group = $net_group_list[0];
$ngname = $net_group->get_name();
$ctx = $net_group->get_ctx();
$descr = $net_group->get_descr();
$obj_networks = Net_group::get_networks($conn, $net_group->get_id());
foreach ($obj_networks as $net) {
$net_id = $net->get_net_id();
$filters = array('where' => "id = UNHEX('" . $net_id . "')");
$_aux_net_list = Asset_net::get_list($conn, '', $filters);
$networks[$net->get_net_id()] = $_aux_net_list[0][$net_id];
}
$rrd_profile = $net_group->get_rrd_profile();
if (!$rrd_profile) {
$rrd_profile = 'None';
}
}
}
if (GET('id') != '' || GET('clone') == 1) {
$action = 'modifynetgroup.php';
} else {
function show_form()
{
global $sensor_list;
global $net_group_list;
global $host_group_list;
global $hosts_list;
global $nets_list;
global $conn;
global $sensor_index;
global $net_group_index;
global $host_group_index;
global $hosts_index;
global $nets_index;
$global_i = 0;
$num = count($sensor_list);
if ($num > 20) {
$cols = 5;
} else {
$cols = 3;
}
$rows = intval($num / $cols) + 1;
$num_ng = count($net_group_list);
if ($num_ng > 20) {
$cols = 5;
} else {
$cols = 3;
}
$rows_ng = intval($num_ng / $cols) + 1;
$num_hg = count($host_group_list);
if ($num_hg > 20) {
$cols = 5;
} else {
$cols = 3;
}
$rows_hg = intval($num_hg / $cols) + 1;
$num_hs = count($hosts_list);
if ($num_hs > 20) {
$cols = 5;
} else {
$cols = 3;
}
$rows_hs = intval($num_hs / $cols) + 1;
$num_ns = count($nets_list);
if ($num_ns > 20) {
$cols = 5;
} else {
$cols = 3;
}
$rows_ns = intval($num_ns / $cols) + 1;
if ($num_ns + $num_hs + $num_hg + $num_ng > 20) {
$cols_full = 5;
} else {
$cols_full = 3;
}
?>
<h3><center> <?php
echo _("Select sensors for this scan");
?>
</center></h3>
<ul>
<?php
$group_scan_list = Net_group_scan::get_list($conn, "WHERE plugin_id = " . NESSUS);
foreach ($group_scan_list as $group_scan) {
$net_group_sensors = Net_group::get_sensors($conn, $group_scan->get_net_group_name());
echo "\n<script>\n";
echo "var " . $group_scan->get_net_group_name() . " = true;\n";
echo "</script>\n";
$sensor_string = "";
foreach ($net_group_sensors as $ng_sensor => $name) {
if ($sensor_string == "") {
$sensor_string .= $sensor_index[$name];
} else {
$sensor_string .= "," . $sensor_index[$name];
}
}
$nets_string = "";
$nets = Net_group::get_networks($conn, $group_scan->get_net_group_name(), NESSUS);
foreach ($nets as $net) {
$name = $net->get_net_name();
if ($nets_string == "") {
$nets_string .= $nets_index[$name];
} else {
$nets_string .= "," . $nets_index[$name];
}
}
print "<li><a href=\"#\" onClick=\"return selectSomeNets('" . $group_scan->get_net_group_name() . "','" . $sensor_string . "','" . $nets_string . "');\">" . $group_scan->get_net_group_name() . "</a>";
}
$group_scan_list = Host_group_scan::get_list($conn, "WHERE plugin_id = " . NESSUS);
foreach ($group_scan_list as $group_scan) {
$host_group_sensors = Host_group::get_sensors($conn, $group_scan->get_host_group_name());
echo "\n<script>\n";
echo "var " . $group_scan->get_host_group_name() . " = true;\n";
echo "</script>\n";
$sensor_string = "";
foreach ($host_group_sensors as $hg_sensor) {
$name = $hg_sensor->get_sensor_name();
if ($sensor_string == "") {
$sensor_string .= $sensor_index[$name];
} else {
$sensor_string .= "," . $sensor_index[$name];
}
}
$hosts_string = "";
$hosts = Host_group::get_hosts($conn, $group_scan->get_host_group_name(), NESSUS);
foreach ($hosts as $host) {
$name = $host->get_host_name($conn);
if ($hosts_string == "") {
$hosts_string .= $hosts_index[$name];
} else {
$hosts_string .= "," . $hosts_index[$name];
}
}
print "<li><a href=\"#\" onClick=\"return selectSomeHosts('" . $group_scan->get_host_group_name() . "','" . $sensor_string . "','" . $hosts_string . "');\">" . $group_scan->get_host_group_name() . "</a>";
}
?>
</ul>
<form action="<?php
echo $_SERVER["SCRIPT_NAME"];
?>
" method="POST">
<p>
<?php
echo _("Please adjust incident creation threshold, incidents will only be created for vulnerabilities whose risk level exceeds the threshold.");
?>
<br/>
<?php
echo _("It is recommended to set a high level at the beginning in order to concentrate on more critical vulnerabilities first, lowering it after having solved/tagged them as false positivies.");
?>
<br/>
<?php
echo _("Threshold configuration can be found at Configuration->Main, \"vulnerability_incident_threshold\".");
?>
<?php
echo _("Current risk threshold is:");
?>
<b>
<?php
require_once 'ossim_conf.inc';
$conf = $GLOBALS["CONF"];
print $conf->get_conf("vulnerability_incident_threshold");
?>
</b>
</p>
<h4><center> (<?php
echo _("Empty means all");
?>
) </center></h4>
<center><a href="#" onClick="return selectAll();"><?php
echo _("Select / Unselect all");
?>
</a></center>
<br/>
<table width="100%" border="0" align="center"><tr><td>
<input type="radio" name="groupType" value="sensor" checked onClick="selectGroup('sensor');"> Sensor
<input type="radio" name="groupType" value="host" onClick="selectGroup('host');"> NetGroup / Nets / HostGroup / Hosts
</td></tr>
<tr><td>
<div id="rowSensor">
<table width="100%" align="left" border="0"><tr>
<?php
for ($i = 1; $i <= $rows; $i++) {
?>
<?php
for ($a = 0; $a < $cols && $global_i < $num; $a++) {
$sensor = $sensor_list[$global_i];
echo "<td width=\"" . intval(100 / $cols) . "%\">";
$all['sensors'][] = "sensor" . $global_i;
?>
<div align="left">
<input align="left" type="checkbox" id="<?php
echo "sensor" . $global_i;
?>
" name="<?php
echo "sensor" . $global_i;
?>
"
value="<?php
echo $sensor->get_ip();
?>
" /><?php
echo $sensor->get_name();
?>
</div></td>
<?php
$global_i++;
}
echo "</tr>\n";
?>
<?php
}
echo "</table>\n";
?>
</div>
<div id="rowHost" style="display: none">
<table width="100%" align="left" border="0">
<tr>
<th colspan="3">NetGroups</th></tr><tr>
<?php
$global_ng = 0;
for ($i = 1; $i <= $rows_ng; $i++) {
?>
<?php
for ($a = 0; $a < $cols_full && $global_ng < $num_ng; $a++) {
$netgroup = $net_group_list[$global_ng];
echo "<td width=\"" . intval(100 / $cols_full) . "%\">";
$all['netgroups'][] = "netgroup" . $global_ng;
?>
<div align="left">
<input align="left" type="checkbox" id="<?php
echo "netgroup" . $global_ng;
?>
" name="netgroupList[]"
value="<?php
echo $netgroup->get_name();
?>
" /><?php
echo $netgroup->get_name($conn);
?>
</div></td>
<?php
$global_ng++;
}
echo "</tr>\n";
?>
<tr>
<?php
}
?>
<th colspan="3">HostGroups</th></tr><tr>
<?php
$global_hg = 0;
for ($i = 1; $i <= $rows_hg; $i++) {
for ($a = 0; $a < $cols_full && $global_hg < $num_hg; $a++) {
$hostgroup = $host_group_list[$global_hg];
echo "<td width=\"" . intval(100 / $cols_full) . "%\">";
$all['hostgroups'][] = "hostgroup" . $global_hg;
?>
<div align="left">
<input align="left" type="checkbox" id="<?php
echo "hostgroup" . $global_hg;
?>
" name="hostgroupList[]"
value="<?php
echo $hostgroup->get_name();
?>
" /><?php
echo $hostgroup->get_name($conn);
?>
</div></td>
<?php
$global_hg++;
}
echo "</tr>\n";
?>
<tr>
<?php
}
?>
<th colspan="3">Nets</th></tr><tr>
<?php
$global_ns = 0;
for ($i = 1; $i <= $rows_ns; $i++) {
?>
<?php
for ($a = 0; $a < $cols_full && $global_ns < $num_ns; $a++) {
$nets = $nets_list[$global_ns];
echo "<td width=\"" . intval(100 / $cols_full) . "%\">";
$all['nets'][] = "net" . $global_ns;
?>
<div align="left">
<input align="left" type="checkbox" id="<?php
echo "net" . $global_ns;
?>
" name="netList[]"
value="<?php
echo $nets->get_name();
?>
" /><?php
echo $nets->get_name($conn);
?>
</div></td>
<?php
$global_ns++;
}
echo "</tr>\n";
?>
<tr>
<?php
}
?>
<th colspan="3">Hosts</th></tr><tr>
<?php
$global_hs = 0;
for ($i = 1; $i <= $rows_hs; $i++) {
?>
<?php
for ($a = 0; $a < $cols_full && $global_hs < $num_hs; $a++) {
$hosts = $hosts_list[$global_hs];
echo "<td width=\"" . intval(100 / $cols_full) . "%\">";
$all['hosts'][] = "host" . $global_hs;
?>
<div align="left">
<input align="left" type="checkbox" id="<?php
echo "host" . $global_hs;
?>
" name="hostList[]"
value="<?php
echo $hosts->get_host_ip();
?>
" /><?php
echo $hosts->get_name($conn);
?>
</div></td>
<?php
$global_hs++;
}
echo "</tr>\n";
?>
<?php
}
echo "</table>\n";
?>
</div>
</td></tr></table>
<br>
<center>
<input type="hidden" name="nsensors" value="<?php
echo $global_i;
?>
" />
<input type="Submit" class="button" value="<?php
echo _("Submit");
?>
">
</center>
</form>
<center><a href="index.php"> <?php
echo gettext("Back");
?>
</a></center>
<script>
var check_sensors = true;
var check_nethost = true;
var scanType = 'sensor';
function selectAll()
{
if (scanType == 'sensor') {
<?php
if (count($all['sensors']) != 0) {
foreach ($all['sensors'] as $id) {
?>
document.getElementById('<?php
echo $id;
?>
').checked = check_sensors;
<?php
}
}
?>
check_sensors = check_sensors == false ? true : false;
}
else {
<?php
if (count($all['netgroups']) != 0) {
foreach ($all['netgroups'] as $id) {
?>
document.getElementById('<?php
echo $id;
?>
').checked = check_nethost;
<?php
}
}
?>
<?php
if (count($all['hostgroups']) != 0) {
foreach ($all['hostgroups'] as $id) {
?>
document.getElementById('<?php
echo $id;
?>
').checked = check_nethost;
<?php
}
}
?>
<?php
if (count($all['nets']) != 0) {
foreach ($all['nets'] as $id) {
?>
document.getElementById('<?php
echo $id;
?>
').checked = check_nethost;
<?php
}
}
?>
<?php
if (count($all['hosts']) != 0) {
foreach ($all['hosts'] as $id) {
?>
document.getElementById('<?php
echo $id;
?>
').checked = check_nethost;
<?php
}
}
?>
check_nethost = check_nethost == false ? true : false;
}
return false;
}
function selectSomeNets(name, identifiersSensors, identifiersNets)
{
if (identifiersSensors.length != 0) {
arrayOfStringsSensor = identifiersSensors.split(",");
for (var i=0; i < arrayOfStringsSensor.length; i++) {
document.getElementById("sensor" + arrayOfStringsSensor[i]).checked = window[name];
}
}
if (identifiersNets.length != 0) {
arrayOfStringsNets = identifiersNets.split(",");
for (var i=0; i < arrayOfStringsNets.length; i++) {
document.getElementById("net" + arrayOfStringsNets[i]).checked = window[name];
}
}
window[name] = window[name] == false ? true : false;
return false;
}
function selectSomeHosts(name, identifiersSensors, identifiersHosts)
{
if (identifiersSensors.length != 0) {
arrayOfStringsSensor = identifiersSensors.split(",");
for (var i=0; i < arrayOfStringsSensor.length; i++) {
document.getElementById("sensor" + arrayOfStringsSensor[i]).checked = window[name];
}
}
if (identifiersHosts.length != 0) {
arrayOfStringsHosts = identifiersHosts.split(",");
for (var i=0; i < arrayOfStringsHosts.length; i++) {
document.getElementById("host" + arrayOfStringsHosts[i]).checked = window[name];
}
}
window[name] = window[name] == false ? true : false;
return false;
}
function selectGroup(category)
{
if (category == 'sensor') {
document.getElementById("rowHost").style.display = 'none';
document.getElementById("rowSensor").style.display = 'block';
} else {
document.getElementById("rowHost").style.display = 'block';
document.getElementById("rowSensor").style.display = 'none';
}
scanType = category;
}
</script>
</body>
</html>
<?php
}
$group_scan_list = Net_group_scan::get_list($conn, "WHERE plugin_id = " . NESSUS);
foreach ($group_scan_list as $group_scan) {
$net_group_sensors = Net_group::get_sensors($conn, $group_scan->get_net_group_name());
echo "\n<script>\n";
echo "var " . $group_scan->get_net_group_name() . " = true;\n";
echo "</script>\n";
$sensor_string = "";
foreach ($net_group_sensors as $ng_sensor => $name) {
if ($sensor_string == "") {
$sensor_string .= $sensor_index[$name];
} else {
$sensor_string .= "," . $sensor_index[$name];
}
}
$nets_string = "";
$nets = Net_group::get_networks($conn, $group_scan->get_net_group_name(), NESSUS);
foreach ($nets as $net) {
$name = $net->get_net_name();
if ($nets_string == "") {
$nets_string .= $nets_index[$name];
} else {
$nets_string .= "," . $nets_index[$name];
}
}
print "<li><a href=\"#\" onClick=\"return selectSomeNets('" . $group_scan->get_net_group_name() . "','" . $sensor_string . "','" . $nets_string . "');\">" . $group_scan->get_net_group_name() . "</a>";
}
$group_scan_list = Host_group_scan::get_list($conn, "WHERE plugin_id = " . NESSUS);
foreach ($group_scan_list as $group_scan) {
$host_group_sensors = Host_group::get_sensors($conn, $group_scan->get_host_group_name());
echo "\n<script>\n";
echo "var " . $group_scan->get_host_group_name() . " = true;\n";
$total = count($net_group_list);
}
} else {
$total = 0;
}
$xml .= "<rows>\n";
$xml .= "<page>{$page}</page>\n";
$xml .= "<total>{$total}</total>\n";
foreach ($net_group_list as $net_group) {
$name = $net_group->get_name();
$id = $net_group->get_id();
$xml .= "<row id='" . $id . "'>";
$link_modify = "<a class='a_name' style='font-weight:bold;' href=\"./netgroup_form.php?id=" . $id . "\">" . Util::htmlentities($name) . "</a>";
$xml .= "<cell><![CDATA[" . $link_modify . "]]></cell>";
$nets = "";
if ($network_list = Net_group::get_networks($conn, $net_group->get_id())) {
foreach ($network_list as $network) {
$net_id = $network->get_net_id();
$filters = array('where' => "id = UNHEX('" . $net_id . "')");
$_aux_net_list = Asset_net::get_list($conn, '', $filters);
$aux_net_list = $_aux_net_list[0];
$nets .= ($nets == '' ? '' : ', ') . Util::htmlentities($aux_net_list[$net_id]['name']);
}
}
$xml .= "<cell><![CDATA[" . $nets . "]]></cell>";
/* Nessus
if ($scan_list = Net_group_scan::get_list($conn, "WHERE net_group_name = '$name' AND plugin_id = 3001")) {
$scan_types = "<img src='../pixmaps/tables/tick.png'>";
} else {
$scan_types = "<img src='../pixmaps/tables/cross.png'>";
}
