diff --git a/src/classes/logstreamdisk.class.php b/src/classes/logstreamdisk.class.php index f127a75..4fcc396 100644 --- a/src/classes/logstreamdisk.class.php +++ b/src/classes/logstreamdisk.class.php @@ -117,6 +117,29 @@ class LogStreamDisk extends LogStream { * @return integer Error state */ public function Verify() { + global $content; + + // --- Check if Filename is within allowed directories! + $szFileDirName = dirname($this->_logStreamConfigObj->FileName); + $bIsAllowedDir = false; + foreach($content['DiskAllowed'] as $szAllowedDir) + { + if ( strpos($szAllowedDir, $szFileDirName) !== FALSE ) + { + $bIsAllowedDir = true; + break; + } + } + if ( !$bIsAllowedDir ) + { + global $extraErrorDescription; + $extraErrorDescription = GetAndReplaceLangStr( $content['LN_ERROR_PATH_NOT_ALLOWED_EXTRA'], $this->_logStreamConfigObj->FileName, implode(", ", $content['DiskAllowed']) ); + + return ERROR_PATH_NOT_ALLOWED; + } + + + // --- // Check if file exists! if(!file_exists($this->_logStreamConfigObj->FileName)) { diff --git a/src/include/config.sample.php b/src/include/config.sample.php index 721fe3f..34a9b9b 100644 --- a/src/include/config.sample.php +++ b/src/include/config.sample.php @@ -125,6 +125,10 @@ $CFG['Charts'][] = array ( "DisplayName" => "Severity Occurences", "chart_type" $CFG['Charts'][] = array ( "DisplayName" => "Usage by Day", "chart_type" => CHART_CAKE, "chart_width" => 400, "chart_field" => SYSLOG_DATE, "maxrecords" => 10, "showpercent" => 1, "chart_enabled" => 1 ); // --- +// --- Configure allowed directories for File base logstream sources +$CFG['DiskAllowed'][] = "/var/log/"; +// --- + // --- Source Options /* Example for DiskType Source: $CFG['Sources']['Source1']['ID'] = "Source1"; diff --git a/src/include/constants_errors.php b/src/include/constants_errors.php index 2f6e7dc..4f9cdfb 100644 --- a/src/include/constants_errors.php +++ b/src/include/constants_errors.php @@ -78,5 +78,6 @@ define('ERROR_DB_TRIGGERFAILED', 29); define('ERROR_DB_CHECKSUMERROR', 30); define('ERROR_DB_CHECKSUMCHANGEFAILED', 31); define('ERROR_DB_ADDDBFIELDFAILED', 32); +define('ERROR_PATH_NOT_ALLOWED', 33); ?> \ No newline at end of file diff --git a/src/include/functions_common.php b/src/include/functions_common.php index b0a7fa0..c8616db 100644 --- a/src/include/functions_common.php +++ b/src/include/functions_common.php @@ -66,7 +66,7 @@ $LANG_EN = "en"; // Used for fallback $LANG = "en"; // Default language // Default Template vars -$content['BUILDNUMBER'] = "3.4.1"; +$content['BUILDNUMBER'] = "3.4.3"; $content['UPDATEURL'] = "http://loganalyzer.adiscon.com/files/version.txt"; $content['TITLE'] = "Adiscon LogAnalyzer :: Release " . $content['BUILDNUMBER']; // Default page title $content['BASEPATH'] = $gl_root_path; @@ -199,6 +199,10 @@ function InitPhpLogCon() InitPhpDebugMode(); // --- + // --- Init Allowed directories for DiskSources + InitDiskAllowedSources(); + // --- + // --- Check and Remove Magic Quotes! RemoveMagicQuotes(); // --- @@ -1911,16 +1915,16 @@ function GetErrorMessage($errorCode) return $content['LN_ERROR_DB_TABLENOTFOUND']; case ERROR_DB_DBFIELDNOTFOUND: return $content['LN_ERROR_DB_DBFIELDNOTFOUND']; - case ERROR_CHARTS_NOTCONFIGURED: return $content['LN_ERROR_CHARTS_NOTCONFIGURED']; case ERROR_FILE_NOMORETIME: return $content['LN_ERROR_FILE_NOMORETIME']; case ERROR_SOURCENOTFOUND: return $content['LN_GEN_ERROR_SOURCENOTFOUND']; - case ERROR_REPORT_NODATA: return $content['LN_GEN_ERROR_REPORT_NODATA']; + case ERROR_PATH_NOT_ALLOWED: + return $content['LN_ERROR_PATH_NOT_ALLOWED']; default: return GetAndReplaceLangStr( $content['LN_ERROR_UNKNOWN'], $errorCode ); diff --git a/src/include/functions_config.php b/src/include/functions_config.php index 8af0dfd..4e7470f 100644 --- a/src/include/functions_config.php +++ b/src/include/functions_config.php @@ -614,6 +614,27 @@ function InitPhpLogConConfigFile($bHandleMissing = true) } +/* +* Helper function to load configured dbmappings from the database +*/ +function InitDiskAllowedSources() +{ + global $CFG, $content; + + // Init Source Configs! + if ( isset($CFG['DiskAllowed']) ) + { + // Copy Array to content array + $content['DiskAllowed'] = $CFG['DiskAllowed']; + } + else + { + // Set default + $content['DiskAllowed'][] = "/var/log/"; + } +} + + /* * Helper function to load configured dbmappings from the database */ diff --git a/src/lang/en/main.php b/src/lang/en/main.php index 05f4dd5..2690808 100644 --- a/src/lang/en/main.php +++ b/src/lang/en/main.php @@ -355,6 +355,8 @@ $content['LN_REPORT_FILTERTYPE_STRING'] = "String"; $content['LN_GEN_SUCCESS_WHILEREPORTGEN'] = "Report was successfully generated"; $content['LN_GEN_ERROR_REPORTFAILEDTOGENERATE'] = "Failed to generate report, error details: %1"; $content['LN_GEN_SUCCESS_REPORTWASGENERATED_DETAILS'] = "Successfully generated report: %1"; +$content['LN_ERROR_PATH_NOT_ALLOWED'] = "The file is not located in the allowed directories list (By default /var/log is allowed only)."; +$content['LN_ERROR_PATH_NOT_ALLOWED_EXTRA'] = "The file '%1' is not located in one of these directories: '%2'"; $content['LN_CMD_RUNREPORT'] = "Generating saved report '%1'"; $content['LN_CMD_REPORTIDNOTFOUND'] = "Invalid Report ID '%1'";