$message = $argv[2]; if ($job_id == '') { return FALSE; } $levels = array("1" => "Serious:", "2" => "High:", "3" => "Medium:", "6" => "Low:", "7" => "Info:"); $db = new ossim_db(); $dbconn = $db->connect(); // select data for specified job_id if (!($result = $dbconn->Execute(ossim_query("SELECT vj.report_id, vns.name as profile, vj.meth_VSET as profile_id, vj.name, vj.username, vj.fk_name, vj.scan_SUBMIT, vj.scan_START, vj.scan_END, TIMESTAMPDIFF(MINUTE, vj.scan_START, vj.scan_END) as duration, vj.meth_TARGET\n FROM vuln_jobs as vj, vuln_nessus_settings as vns WHERE vj.id={$job_id} and vj.meth_VSET=vns.id")))) { echo $dbconn->ErrorMsg() . "\n"; $dbconn->close(); } else { $report_id = $result->fields["report_id"]; $username = $result->fields["username"]; if (intval($report_id) != 0 || $message != "") { $data = Session::get_user_info($dbconn, 'admin', TRUE); // API Login to read email settings // $cc = new Alienvault_client(); $cc->auth()->login('admin', $data->get_pass()); $attachments = array(); $subject = _('Scan Job Notification: ') . $result->fields["name"]; $width = 115; $body = '<html> <head> <title>' . $subject . '</title> </head> <body>' . '<table width="100%" cellspacing="0" cellpadding="0" style="border:0px;">' . '<tr><td colspan="2" style="text-decoration: underline;">' . _('Email scan summary') . '</td></tr>' . '<tr><td colspan="2"> </td></tr>' . '<tr><td width="' . $width . '">' . _('Scan Title:') . '</td><td>' . $result->fields["name"] . '</td></tr>' . '<tr><td width="' . $width . '">' . _('Profile:') . '</td><td>' . $result->fields["profile"] . '</td></tr>'; $body .= '<tr><td width="' . $width . '">' . _('Submit Date:') . '</td><td>SCAN_SUBMIT</td></tr>' . '<tr><td width="' . $width . '">' . _('Start Date:') . '</td><td>SCAN_START</td></tr>'; $body .= '<tr><td width="' . $width . '">' . _('Duration:') . '</td><td>' . (intval($result->fields["duration"]) == 0 ? "< 1 min" : $result->fields["duration"] . " mins") . '</td></tr>' . '<tr><td colspan="2"> </td></tr>' . '<tr><td width="' . $width . '">' . _('Launched By:') . '</td><td>' . ($result->fields["fk_name"] != "" ? $result->fields["fk_name"] : _("Unknown")) . '</td></tr>'; if (valid_hex32($username)) {
$validation_errors['assets[]'] = _("Error in the 'Target selection' field (missing required field)"); } } if (is_array($validation_errors) && !empty($validation_errors)) { //Formatted message $error_msg = _('The following errors occurred') . ":\n" . implode("\n", $validation_errors); $error_msg = strip_tags($error_msg); die($error_msg); } try { //Autologin in UI and AlienVault API //Database connection list($db, $conn) = Ossim_db::get_conn_db(); $db = new Ossim_db(); $conn = $db->connect(); $user_obj = Session::get_user_info($conn, $user, TRUE, FALSE); $pass = $user_obj->get_pass(); $session = new Session($user, $pass, ''); $session->login(TRUE); $db->close(); $is_disabled = $session->is_user_disabled(); if ($is_disabled == TRUE) { $e_msg = _('Error! Scan cannot be completed: Scan owner is disabled'); Av_exception::throw_error(Av_exception::USER_ERROR, $e_msg); } $client = new Alienvault_client($user); $client->auth()->login($user, $pass); //Launching scan $autodetect = $autodetect == 1 ? 'true' : 'false'; $rdns = $rdns == 1 ? 'true' : 'false'; $timing_template = empty($timing_template) ? 'T3' : $timing_template;
function dateDiff_min($startDate, $endDate) { $to_time = strtotime($startDate); $from_time = strtotime($endDate); return floor(abs($to_time - $from_time) / 60); } Session::useractive('../session/login.php'); $conf = $GLOBALS['CONF']; /* Connect to db */ $db = new ossim_db(); $conn = $db->connect(); /* Version */ $pro = Session::is_pro(); $mode = empty($_SESSION['user_in_db']) ? 'insert' : 'update'; $login = POST('login') != '' ? POST('login') : $_SESSION['user_in_db']; $myself = Session::get_user_info($conn); $am_i_admin = Session::am_i_admin(); $am_i_proadmin = $pro && Acl::am_i_proadmin() ? TRUE : FALSE; $is_my_profile = $login == $myself->get_login() ? TRUE : FALSE; $validate = array('uuid' => array('validation' => 'OSS_HEX, OSS_NULLABLE', 'e_message' => 'illegal:' . _('UUID')), 'login' => array('validation' => 'OSS_USER_2', 'e_message' => 'illegal:' . _('User login')), 'user_name' => array('validation' => 'OSS_ALPHA, OSS_PUNC, OSS_AT', 'e_message' => 'illegal:' . _('User name')), 'email' => array('validation' => 'OSS_MAIL_ADDR, OSS_NULLABLE', 'e_message' => 'illegal:' . _('User e-mail')), 'language' => array('validation' => 'OSS_ALPHA, OSS_PUNC, OSS_AT, OSS_NULLABLE', 'e_message' => 'illegal:' . _('Language')), 'tzone' => array('validation' => "OSS_ALPHA, OSS_SCORE, '\\/', '\\+'", 'e_message' => 'illegal:' . _('Timezone')), 'login_method' => array('validation' => 'ldap, pass', 'e_message' => 'illegal:' . _('Login method')), 'c_pass' => array('validation' => 'OSS_PASSWORD', 'e_message' => 'illegal:' . _('Current password')), 'pass1' => array('validation' => 'OSS_PASSWORD', 'e_message' => 'illegal:' . _('Password')), 'pass2' => array('validation' => 'OSS_PASSWORD', 'e_message' => 'illegal:' . _('Retype password')), 'last_pass_change' => array('validation' => 'OSS_DIGIT, OSS_PUNC_EXT', 'e_message' => 'illegal:' . _('Last pass change')), 'is_admin' => array('validation' => 'OSS_DIGIT, OSS_NULLABLE', 'e_message' => 'illegal:' . _('Global admin')), 'template_id' => array('validation' => 'OSS_HEX', 'e_message' => 'illegal:' . _('Menu template')), 'assets[]' => array('validation' => 'OSS_HEX, OSS_NULLABLE', 'e_message' => 'illegal:' . _('Assets')), 'sensors[]' => array('validation' => 'OSS_HEX, OSS_NULLABLE', 'e_message' => 'illegal:' . _('Sensors'))); if ($mode == 'update') { $validate['pass1']['validation'] = 'OSS_PASSWORD, OSS_NULLABLE'; $validate['pass2']['validation'] = 'OSS_PASSWORD, OSS_NULLABLE'; } if ($pro && !$is_my_profile) { $validate['entities[]'] = array('validation' => 'OSS_HEX', 'e_message' => 'illegal:' . _('Entities')); } else { $validate['company'] = array('validation' => 'OSS_ALPHA, OSS_PUNC, OSS_AT, OSS_NULLABLE', 'e_message' => 'illegal:' . _('Company')); $validate['department'] = array('validation' => 'OSS_ALPHA, OSS_PUNC, OSS_AT, OSS_NULLABLE', 'e_message' => 'illegal:' . _('Department')); } /* AJAX validation using GET method */
} // new incident from Vulnerabilities section if ($nessus_id != '' && $title == '') { $result = $conn->Execute("SELECT name FROM vuln_nessus_plugins WHERE id = ?", array($nessus_id)); $title = $result->fields["name"] == '' ? _("New Vulnerability ticket") : $result->fields["name"]; } if ($nessus_id != '' && $description == '') { $result = $conn->Execute("SELECT description FROM vuln_nessus_plugins WHERE id = ?", array($nessus_id)); $description = $result->fields["description"] == '' ? '' : $result->fields["description"]; $description = str_replace(";", "\n", $description); } $validate = array('ip' => array('validation' => 'OSS_IP_ADDRCIDR_0, OSS_NULLABLE', 'e_message' => 'illegal:' . _('Host')), 'port' => array('validation' => 'OSS_PORT, OSS_NULLABLE', 'e_message' => 'illegal:' . _('Port')), 'risk' => array('validation' => 'OSS_LETTER, OSS_DIGIT, OSS_PUNC, OSS_SPACE, OSS_NULLABLE', 'e_message' => 'illegal:' . _('Risk')), 'nessus_id' => array('validation' => 'OSS_LETTER, OSS_DIGIT, OSS_PUNC, OSS_SPACE, OSS_NULLABLE', 'e_message' => 'illegal:' . _('Plugin ID')), 'description' => array('validation' => 'OSS_NULLABLE, OSS_AT, OSS_TEXT, OSS_PUNC_EXT', 'e_message' => 'illegal:' . _('Description'))); } /* get default submitter info */ if (empty($submitter)) { $session_info = Session::get_user_info($conn); $submitter = $session_info->get_name() . '/' . $session_info->get_login(); } // Add common parameters validation rules $validate['title'] = array('validation' => "OSS_ALPHA, OSS_SPACE, OSS_PUNC_EXT, '\\>'", 'e_message' => 'illegal:' . _('Title')); $validate['priority'] = array('validation' => 'OSS_DIGIT', 'e_message' => 'illegal:' . _('Priority')); $validate['type'] = array('validation' => 'OSS_ALPHA, OSS_PUNC_EXT, OSS_SPACE, OSS_SCORE, OSS_NULLABLE', 'e_message' => 'illegal:' . _('Type')); $validate['submitter'] = array('validation' => 'OSS_USER, OSS_PUNC, OSS_NULLABLE', 'e_message' => 'illegal:' . _('Submitter')); } // ossim_valid $validation_errors = validate_form_fields('POST', $validate); if (is_array($validation_errors) && !empty($validation_errors)) { foreach ($validation_errors as $error) { echo ossim_error($error); } exit;