$message = $argv[2];
if ($job_id == '') {
return FALSE;
}
$levels = array("1" => "Serious:", "2" => "High:", "3" => "Medium:", "6" => "Low:", "7" => "Info:");
$db = new ossim_db();
$dbconn = $db->connect();
// select data for specified job_id
if (!($result = $dbconn->Execute(ossim_query("SELECT vj.report_id, vns.name as profile, vj.meth_VSET as profile_id, vj.name, vj.username, vj.fk_name, vj.scan_SUBMIT, vj.scan_START, vj.scan_END, TIMESTAMPDIFF(MINUTE, vj.scan_START, vj.scan_END) as duration, vj.meth_TARGET\n FROM vuln_jobs as vj, vuln_nessus_settings as vns WHERE vj.id={$job_id} and vj.meth_VSET=vns.id")))) {
echo $dbconn->ErrorMsg() . "\n";
$dbconn->close();
} else {
$report_id = $result->fields["report_id"];
$username = $result->fields["username"];
if (intval($report_id) != 0 || $message != "") {
$data = Session::get_user_info($dbconn, 'admin', TRUE);
// API Login to read email settings
//
$cc = new Alienvault_client();
$cc->auth()->login('admin', $data->get_pass());
$attachments = array();
$subject = _('Scan Job Notification: ') . $result->fields["name"];
$width = 115;
$body = '<html>
<head>
<title>' . $subject . '</title>
</head>
<body>' . '<table width="100%" cellspacing="0" cellpadding="0" style="border:0px;">' . '<tr><td colspan="2" style="text-decoration: underline;">' . _('Email scan summary') . '</td></tr>' . '<tr><td colspan="2"> </td></tr>' . '<tr><td width="' . $width . '">' . _('Scan Title:') . '</td><td>' . $result->fields["name"] . '</td></tr>' . '<tr><td width="' . $width . '">' . _('Profile:') . '</td><td>' . $result->fields["profile"] . '</td></tr>';
$body .= '<tr><td width="' . $width . '">' . _('Submit Date:') . '</td><td>SCAN_SUBMIT</td></tr>' . '<tr><td width="' . $width . '">' . _('Start Date:') . '</td><td>SCAN_START</td></tr>';
$body .= '<tr><td width="' . $width . '">' . _('Duration:') . '</td><td>' . (intval($result->fields["duration"]) == 0 ? "< 1 min" : $result->fields["duration"] . " mins") . '</td></tr>' . '<tr><td colspan="2"> </td></tr>' . '<tr><td width="' . $width . '">' . _('Launched By:') . '</td><td>' . ($result->fields["fk_name"] != "" ? $result->fields["fk_name"] : _("Unknown")) . '</td></tr>';
if (valid_hex32($username)) {
$validation_errors['assets[]'] = _("Error in the 'Target selection' field (missing required field)");
}
}
if (is_array($validation_errors) && !empty($validation_errors)) {
//Formatted message
$error_msg = _('The following errors occurred') . ":\n" . implode("\n", $validation_errors);
$error_msg = strip_tags($error_msg);
die($error_msg);
}
try {
//Autologin in UI and AlienVault API
//Database connection
list($db, $conn) = Ossim_db::get_conn_db();
$db = new Ossim_db();
$conn = $db->connect();
$user_obj = Session::get_user_info($conn, $user, TRUE, FALSE);
$pass = $user_obj->get_pass();
$session = new Session($user, $pass, '');
$session->login(TRUE);
$db->close();
$is_disabled = $session->is_user_disabled();
if ($is_disabled == TRUE) {
$e_msg = _('Error! Scan cannot be completed: Scan owner is disabled');
Av_exception::throw_error(Av_exception::USER_ERROR, $e_msg);
}
$client = new Alienvault_client($user);
$client->auth()->login($user, $pass);
//Launching scan
$autodetect = $autodetect == 1 ? 'true' : 'false';
$rdns = $rdns == 1 ? 'true' : 'false';
$timing_template = empty($timing_template) ? 'T3' : $timing_template;
function dateDiff_min($startDate, $endDate)
{
$to_time = strtotime($startDate);
$from_time = strtotime($endDate);
return floor(abs($to_time - $from_time) / 60);
}
Session::useractive('../session/login.php');
$conf = $GLOBALS['CONF'];
/* Connect to db */
$db = new ossim_db();
$conn = $db->connect();
/* Version */
$pro = Session::is_pro();
$mode = empty($_SESSION['user_in_db']) ? 'insert' : 'update';
$login = POST('login') != '' ? POST('login') : $_SESSION['user_in_db'];
$myself = Session::get_user_info($conn);
$am_i_admin = Session::am_i_admin();
$am_i_proadmin = $pro && Acl::am_i_proadmin() ? TRUE : FALSE;
$is_my_profile = $login == $myself->get_login() ? TRUE : FALSE;
$validate = array('uuid' => array('validation' => 'OSS_HEX, OSS_NULLABLE', 'e_message' => 'illegal:' . _('UUID')), 'login' => array('validation' => 'OSS_USER_2', 'e_message' => 'illegal:' . _('User login')), 'user_name' => array('validation' => 'OSS_ALPHA, OSS_PUNC, OSS_AT', 'e_message' => 'illegal:' . _('User name')), 'email' => array('validation' => 'OSS_MAIL_ADDR, OSS_NULLABLE', 'e_message' => 'illegal:' . _('User e-mail')), 'language' => array('validation' => 'OSS_ALPHA, OSS_PUNC, OSS_AT, OSS_NULLABLE', 'e_message' => 'illegal:' . _('Language')), 'tzone' => array('validation' => "OSS_ALPHA, OSS_SCORE, '\\/', '\\+'", 'e_message' => 'illegal:' . _('Timezone')), 'login_method' => array('validation' => 'ldap, pass', 'e_message' => 'illegal:' . _('Login method')), 'c_pass' => array('validation' => 'OSS_PASSWORD', 'e_message' => 'illegal:' . _('Current password')), 'pass1' => array('validation' => 'OSS_PASSWORD', 'e_message' => 'illegal:' . _('Password')), 'pass2' => array('validation' => 'OSS_PASSWORD', 'e_message' => 'illegal:' . _('Retype password')), 'last_pass_change' => array('validation' => 'OSS_DIGIT, OSS_PUNC_EXT', 'e_message' => 'illegal:' . _('Last pass change')), 'is_admin' => array('validation' => 'OSS_DIGIT, OSS_NULLABLE', 'e_message' => 'illegal:' . _('Global admin')), 'template_id' => array('validation' => 'OSS_HEX', 'e_message' => 'illegal:' . _('Menu template')), 'assets[]' => array('validation' => 'OSS_HEX, OSS_NULLABLE', 'e_message' => 'illegal:' . _('Assets')), 'sensors[]' => array('validation' => 'OSS_HEX, OSS_NULLABLE', 'e_message' => 'illegal:' . _('Sensors')));
if ($mode == 'update') {
$validate['pass1']['validation'] = 'OSS_PASSWORD, OSS_NULLABLE';
$validate['pass2']['validation'] = 'OSS_PASSWORD, OSS_NULLABLE';
}
if ($pro && !$is_my_profile) {
$validate['entities[]'] = array('validation' => 'OSS_HEX', 'e_message' => 'illegal:' . _('Entities'));
} else {
$validate['company'] = array('validation' => 'OSS_ALPHA, OSS_PUNC, OSS_AT, OSS_NULLABLE', 'e_message' => 'illegal:' . _('Company'));
$validate['department'] = array('validation' => 'OSS_ALPHA, OSS_PUNC, OSS_AT, OSS_NULLABLE', 'e_message' => 'illegal:' . _('Department'));
}
/* AJAX validation using GET method */
}
// new incident from Vulnerabilities section
if ($nessus_id != '' && $title == '') {
$result = $conn->Execute("SELECT name FROM vuln_nessus_plugins WHERE id = ?", array($nessus_id));
$title = $result->fields["name"] == '' ? _("New Vulnerability ticket") : $result->fields["name"];
}
if ($nessus_id != '' && $description == '') {
$result = $conn->Execute("SELECT description FROM vuln_nessus_plugins WHERE id = ?", array($nessus_id));
$description = $result->fields["description"] == '' ? '' : $result->fields["description"];
$description = str_replace(";", "\n", $description);
}
$validate = array('ip' => array('validation' => 'OSS_IP_ADDRCIDR_0, OSS_NULLABLE', 'e_message' => 'illegal:' . _('Host')), 'port' => array('validation' => 'OSS_PORT, OSS_NULLABLE', 'e_message' => 'illegal:' . _('Port')), 'risk' => array('validation' => 'OSS_LETTER, OSS_DIGIT, OSS_PUNC, OSS_SPACE, OSS_NULLABLE', 'e_message' => 'illegal:' . _('Risk')), 'nessus_id' => array('validation' => 'OSS_LETTER, OSS_DIGIT, OSS_PUNC, OSS_SPACE, OSS_NULLABLE', 'e_message' => 'illegal:' . _('Plugin ID')), 'description' => array('validation' => 'OSS_NULLABLE, OSS_AT, OSS_TEXT, OSS_PUNC_EXT', 'e_message' => 'illegal:' . _('Description')));
}
/* get default submitter info */
if (empty($submitter)) {
$session_info = Session::get_user_info($conn);
$submitter = $session_info->get_name() . '/' . $session_info->get_login();
}
// Add common parameters validation rules
$validate['title'] = array('validation' => "OSS_ALPHA, OSS_SPACE, OSS_PUNC_EXT, '\\>'", 'e_message' => 'illegal:' . _('Title'));
$validate['priority'] = array('validation' => 'OSS_DIGIT', 'e_message' => 'illegal:' . _('Priority'));
$validate['type'] = array('validation' => 'OSS_ALPHA, OSS_PUNC_EXT, OSS_SPACE, OSS_SCORE, OSS_NULLABLE', 'e_message' => 'illegal:' . _('Type'));
$validate['submitter'] = array('validation' => 'OSS_USER, OSS_PUNC, OSS_NULLABLE', 'e_message' => 'illegal:' . _('Submitter'));
}
// ossim_valid
$validation_errors = validate_form_fields('POST', $validate);
if (is_array($validation_errors) && !empty($validation_errors)) {
foreach ($validation_errors as $error) {
echo ossim_error($error);
}
exit;
