aboutsummaryrefslogtreecommitdiffstats
path: root/config/suricata/suricata_rules_edit.php
diff options
context:
space:
mode:
authorRenato Botelho <garga@pfSense.org>2014-03-19 10:28:24 -0300
committerRenato Botelho <garga@pfSense.org>2014-03-19 10:28:24 -0300
commitd50c07fd00ac203332e57a45532a265759922993 (patch)
treead427c579bcd5e731369f709d0307f9028fbc2d2 /config/suricata/suricata_rules_edit.php
parenta84a84bf31ed33c7e132b704186a56b77cc9148a (diff)
parent172270f302e2cdb0e0b6f7581152bc32befa99bc (diff)
downloadpfsense-packages-d50c07fd00ac203332e57a45532a265759922993.tar.gz
pfsense-packages-d50c07fd00ac203332e57a45532a265759922993.tar.bz2
pfsense-packages-d50c07fd00ac203332e57a45532a265759922993.zip
Merge pull request #622 from bmeeks8/master
Suricata 1.4.6 pkg. v0.2-BETA -- more bug fixes, no version bump
Diffstat (limited to 'config/suricata/suricata_rules_edit.php')
-rw-r--r--config/suricata/suricata_rules_edit.php41
1 files changed, 19 insertions, 22 deletions
diff --git a/config/suricata/suricata_rules_edit.php b/config/suricata/suricata_rules_edit.php
index ad6b2986..b61c2f3a 100644
--- a/config/suricata/suricata_rules_edit.php
+++ b/config/suricata/suricata_rules_edit.php
@@ -33,31 +33,28 @@ require_once("/usr/local/pkg/suricata/suricata.inc");
$flowbit_rules_file = FLOWBITS_FILENAME;
$suricatadir = SURICATADIR;
-if (!is_array($config['installedpackages']['suricata']['rule'])) {
- $config['installedpackages']['suricata']['rule'] = array();
-}
-$a_rule = &$config['installedpackages']['suricata']['rule'];
+if (isset($_GET['id']) && is_numericint($_GET['id']))
+ $id = htmlspecialchars($_GET['id']);
-$id = $_GET['id'];
+// If we were not passed a valid index ID, close the pop-up and exit
if (is_null($id)) {
- header("Location: /suricata/suricata_interfaces.php");
+ echo '<html><body link="#000000" vlink="#000000" alink="#000000">';
+ echo '<script language="javascript" type="text/javascript">';
+ echo 'window.close();</script>';
+ echo '</body></html>';
exit;
}
-if (isset($id) && $a_rule[$id]) {
- $pconfig['enable'] = $a_rule[$id]['enable'];
- $pconfig['interface'] = $a_rule[$id]['interface'];
- $pconfig['rulesets'] = $a_rule[$id]['rulesets'];
-}
-else {
- header("Location: /suricata/suricata_interfaces.php");
- exit;
+if (!is_array($config['installedpackages']['suricata']['rule'])) {
+ $config['installedpackages']['suricata']['rule'] = array();
}
-/* convert fake interfaces to real */
-$if_real = get_real_interface($pconfig['interface']);
+$a_rule = &$config['installedpackages']['suricata']['rule'];
+
+$if_real = get_real_interface($a_rule[$id]['interface']);
$suricata_uuid = $a_rule[$id]['uuid'];
-$suricatacfgdir = "{$suricatadir}suricata_{$suricata_uuid}_{$if_real}";
+$suricatacfgdir = "{$suricatadir}suricata_{$suricata_uuid}_{$if_real}/";
+
$file = htmlspecialchars($_GET['openruleset'], ENT_QUOTES | ENT_HTML401);
$contents = '';
$wrap_flag = "off";
@@ -73,13 +70,13 @@ else
// a standard rules file, or a complete file name.
// Test for the special case of an IPS Policy file.
if (substr($file, 0, 10) == "IPS Policy") {
- $rules_map = suricata_load_vrt_policy($a_rule[$id]['ips_policy']);
- if (isset($_GET['ids'])) {
- $contents = $rules_map[$_GET['gid']][trim($_GET['ids'])]['rule'];
+ $rules_map = suricata_load_vrt_policy(strtolower(trim(substr($file, strpos($file, "-")+1))));
+ if (isset($_GET['sid']) && is_numericint($_GET['sid']) && isset($_GET['gid']) && is_numericint($_GET['gid'])) {
+ $contents = $rules_map[$_GET['gid']][trim($_GET['sid'])]['rule'];
$wrap_flag = "soft";
}
else {
- $contents = "# Suricata IPS Policy - " . ucfirst($a_rule[$id]['ips_policy']) . "\n\n";
+ $contents = "# Suricata IPS Policy - " . ucfirst(trim(substr($file, strpos($file, "-")+1))) . "\n\n";
foreach (array_keys($rules_map) as $k1) {
foreach (array_keys($rules_map[$k1]) as $k2) {
$contents .= "# Category: " . $rules_map[$k1][$k2]['category'] . " SID: {$k2}\n";
@@ -90,7 +87,7 @@ if (substr($file, 0, 10) == "IPS Policy") {
unset($rules_map);
}
// Is it a SID to load the rule text from?
-elseif (isset($_GET['sid']) && is_numeric(trim($_GET['sid']))) {
+elseif (isset($_GET['sid']) && is_numericint($_GET['sid']) && isset($_GET['gid']) && is_numericint($_GET['gid'])) {
// If flowbit rule, point to interface-specific file
if ($file == "Auto-Flowbit Rules")
$rules_map = suricata_load_rules_map("{$suricatacfgdir}rules/" . FLOWBITS_FILENAME);