From c8b7c369d1b391fc687e4ad09ee156dbec37043a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ermal=20Luc=CC=A7i?= Date: Tue, 2 Aug 2011 00:26:30 +0200 Subject: First pass of sanitizing this code. Some more QA is needed to make sure what is selected is actually applied behind --- config/snort/snort_interfaces_edit.php | 116 +++++++++++++-------------------- 1 file changed, 47 insertions(+), 69 deletions(-) (limited to 'config/snort/snort_interfaces_edit.php') diff --git a/config/snort/snort_interfaces_edit.php b/config/snort/snort_interfaces_edit.php index 5ac9c186..26aeb60f 100644 --- a/config/snort/snort_interfaces_edit.php +++ b/config/snort/snort_interfaces_edit.php @@ -36,15 +36,15 @@ require_once("/usr/local/pkg/snort/snort.inc"); global $g; -if (!is_array($config['installedpackages']['snortglobal']['rule'])) { +if (!is_array($config['installedpackages']['snortglobal']['rule'])) $config['installedpackages']['snortglobal']['rule'] = array(); -} -//nat_rules_sort(); $a_nat = &$config['installedpackages']['snortglobal']['rule']; $id = $_GET['id']; if (isset($_POST['id'])) -$id = $_POST['id']; + $id = $_POST['id']; +if (!is_numeric($id)) + $id = 0; /* XXX: Safety belt */ if (isset($_GET['dup'])) { $id = $_GET['dup']; @@ -65,7 +65,7 @@ if (isset($_GET['dup'])) { //} /* gen uuid for each iface !inportant */ - if ($config['installedpackages']['snortglobal']['rule'][$id]['uuid'] == '') { + if (!empty($config['installedpackages']['snortglobal']['rule'][$id]) && !empty($config['installedpackages']['snortglobal']['rule'][$id]['uuid'])) { //$snort_uuid = gen_snort_uuid(strrev(uniqid(true))); $snort_uuid = 0; while ($snort_uuid > 65535 || $snort_uuid == 0) { @@ -77,9 +77,8 @@ if (isset($_GET['dup'])) { /* convert fake interfaces to real */ $if_real = convert_friendly_interface_to_real_interface_name2($a_nat[$id]['interface']); - if ($config['installedpackages']['snortglobal']['rule'][$id]['uuid'] != '') { + if ($config['installedpackages']['snortglobal']['rule'][$id]['uuid'] != '') $snort_uuid = $config['installedpackages']['snortglobal']['rule'][$id]['uuid']; - } if (isset($id) && $a_nat[$id]) { @@ -169,34 +168,25 @@ if (isset($_GET['dup'])) { if (file_exists("/var/run/snort_conf_{$snort_uuid}_.dirty")) { - write_config(); - $if_real = convert_friendly_interface_to_real_interface_name2($a_nat[$id]['interface']); sync_snort_package_all($id, $if_real, $snort_uuid); sync_snort_package(); - + unlink("/var/run/snort_conf_{$snort_uuid}_.dirty"); - } if (file_exists($d_snortconfdirty_path)) { - - write_config(); - + sync_snort_package_all($id, $if_real, $snort_uuid); sync_snort_package(); unlink($d_snortconfdirty_path); - } - } if ($_POST["Submit"]) { - - // if ($config['installedpackages']['snortglobal']['rule']) { if ($_POST['descr'] == '' && $pconfig['descr'] == '') { $input_errors[] = "Please enter a description for your reference."; @@ -205,27 +195,25 @@ if (isset($_GET['dup'])) { if ($id == "" && $config['installedpackages']['snortglobal']['rule'][0]['interface'] != "") { $rule_array = $config['installedpackages']['snortglobal']['rule']; - $id_c = -1; - foreach ($rule_array as $value) { - - $id_c += 1; + foreach ($config['installedpackages']['snortglobal']['rule'] as $value) { - $result_lan = $config['installedpackages']['snortglobal']['rule'][$id_c]['interface']; + $result_lan = $value['interface']; $if_real = convert_friendly_interface_to_real_interface_name2($result_lan); - if ($_POST['interface'] == $result_lan) { + if ($_POST['interface'] == $result_lan) $input_errors[] = "Interface $result_lan is in use. Please select another interface."; - } } } - /* check for overlaps */ + /* XXX: Void code + * check for overlaps foreach ($a_nat as $natent) { if (isset($id) && ($a_nat[$id]) && ($a_nat[$id] === $natent)) - continue; + continue; if ($natent['interface'] != $_POST['interface']) - continue; + continue; } + */ /* if no errors write to conf */ if (!$input_errors) { @@ -233,22 +221,29 @@ if (isset($_GET['dup'])) { /* write to conf for 1st time or rewrite the answer */ $natent['interface'] = $_POST['interface'] ? $_POST['interface'] : $pconfig['interface']; + /* if post write to conf or rewite the answer */ - $natent['enable'] = $_POST['enable'] ? on : off; + $natent['enable'] = $_POST['enable'] ? 'on' : 'off'; $natent['uuid'] = $pconfig['uuid']; $natent['descr'] = $_POST['descr'] ? $_POST['descr'] : $pconfig['descr']; $natent['performance'] = $_POST['performance'] ? $_POST['performance'] : $pconfig['performance']; /* if post = on use on off or rewrite the conf */ - if ($_POST['blockoffenders7'] == "on") { $natent['blockoffenders7'] = on; }else{ $natent['blockoffenders7'] = off; } if ($_POST['enable'] == "") { $natent['blockoffenders7'] = $pconfig['blockoffenders7']; } + if ($_POST['blockoffenders7'] == "on") + $natent['blockoffenders7'] = 'on'; + else + $natent['blockoffenders7'] = 'off'; + if ($_POST['enable'] == "") + $natent['blockoffenders7'] = $pconfig['blockoffenders7']; $natent['whitelistname'] = $_POST['whitelistname'] ? $_POST['whitelistname'] : $pconfig['whitelistname']; $natent['homelistname'] = $_POST['homelistname'] ? $_POST['homelistname'] : $pconfig['homelistname']; $natent['externallistname'] = $_POST['externallistname'] ? $_POST['externallistname'] : $pconfig['externallistname']; $natent['suppresslistname'] = $_POST['suppresslistname'] ? $_POST['suppresslistname'] : $pconfig['suppresslistname']; $natent['snortalertlogtype'] = $_POST['snortalertlogtype'] ? $_POST['snortalertlogtype'] : $pconfig['snortalertlogtype']; - if ($_POST['alertsystemlog'] == "on") { $natent['alertsystemlog'] = on; }else{ $natent['alertsystemlog'] = off; } if ($_POST['enable'] == "") { $natent['alertsystemlog'] = $pconfig['alertsystemlog']; } - if ($_POST['tcpdumplog'] == "on") { $natent['tcpdumplog'] = on; }else{ $natent['tcpdumplog'] = off; } if ($_POST['enable'] == "") { $natent['tcpdumplog'] = $pconfig['tcpdumplog']; } - if ($_POST['snortunifiedlog'] == "on") { $natent['snortunifiedlog'] = on; }else{ $natent['snortunifiedlog'] = off; } if ($_POST['enable'] == "") { $natent['snortunifiedlog'] = $pconfig['snortunifiedlog']; } - $natent['configpassthru'] = base64_encode($_POST['configpassthru']) ? base64_encode($_POST['configpassthru']) : $pconfig['configpassthru']; + if ($_POST['alertsystemlog'] == "on") { $natent['alertsystemlog'] = 'on'; }else{ $natent['alertsystemlog'] = 'off'; } + if ($_POST['enable']) { $natent['alertsystemlog'] = 'on'; } else unset($natent['alertsystemlog']); + if ($_POST['tcpdumplog'] == "on") { $natent['tcpdumplog'] = 'on'; }else{ $natent['tcpdumplog'] = 'off'; } + if ($_POST['snortunifiedlog'] == "on") { $natent['snortunifiedlog'] = 'on'; }else{ $natent['snortunifiedlog'] = 'off'; } + $natent['configpassthru'] = $_POST['configpassthru'] ? base64_encode($_POST['configpassthru']) : $pconfig['configpassthru']; /* if optiion = 0 then the old descr way will not work */ /* rewrite the options that are not in post */ @@ -327,7 +322,6 @@ if (isset($_GET['dup'])) { header( 'Cache-Control: no-store, no-cache, must-revalidate' ); header( 'Cache-Control: post-check=0, pre-check=0', false ); header( 'Pragma: no-cache' ); - sleep(2); header("Location: /snort/snort_interfaces_edit.php?id=$id"); exit; @@ -347,8 +341,8 @@ if (isset($_GET['dup'])) { header( 'Cache-Control: no-store, no-cache, must-revalidate' ); header( 'Cache-Control: post-check=0, pre-check=0', false ); header( 'Pragma: no-cache' ); - sleep(2); header("Location: /snort/snort_interfaces_edit.php?id=$id"); + exit; } if ($_POST["Submit3"]) @@ -361,8 +355,8 @@ if (isset($_GET['dup'])) { header( 'Cache-Control: no-store, no-cache, must-revalidate' ); header( 'Cache-Control: post-check=0, pre-check=0', false ); header( 'Pragma: no-cache' ); - sleep(2); header("Location: /snort/snort_interfaces_edit.php?id=$id"); + exit; } @@ -372,21 +366,17 @@ if (isset($_GET['dup'])) { $snort_up_ck2_info = Running_Ck($snort_uuid, $if_real, $id); - if ($snort_up_ck2_info == 'no') { + if ($snort_up_ck2_info == 'no') $snort_up_ck = ''; - }else{ + else $snort_up_ck = ''; - } - - }else{ + } else $snort_up_ck = ''; - } - $pgtitle = "Snort: Interface Edit: $id $snort_uuid $if_real"; include("/usr/local/pkg/snort/snort_head.inc"); - ?> +?> Home net
Choose the home net you will like this rule to use.  Note: Default home @@ -633,7 +611,7 @@ echo " External net
Choose the external net you will like this rule to use.  Note: Default @@ -676,7 +654,7 @@ echo " Whitelist
Choose the whitelist you will like this rule to use.  Note: Default @@ -710,7 +688,7 @@ echo " filtering
Choose the suppression or filtering file you will like this rule to use.  Note: Default -- cgit v1.2.3