tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

#13478 fixed widget security hardening

This commit is contained in:
Daniel Cebrian 2024-04-22 19:01:16 +02:00
parent 167e6e4b81
commit 0b9f645b14
4 changed files with 32 additions and 109 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
pandora_console/include/functions_html.php
View File

@ -3535,7 +3535,8 @@ function html_print_input_text(
$disabled=false, $disabled=false,
$list='', $list='',
$placeholder=null, $placeholder=null,
$pattern=null $pattern=null,
$id=false
) { ) {
if ($maxlength == 0) { if ($maxlength == 0) {
$maxlength = 255; $maxlength = 255;
@ -3593,7 +3594,7 @@ function html_print_input_text(
return html_print_input_text_extended( return html_print_input_text_extended(
$name, $name,
$value, $value,
'text-'.$name, (($id === false) ? 'text-'.$name : $id),
$alt, $alt,
$size, $size,
$maxlength, $maxlength,
@ -7894,7 +7895,7 @@ function html_print_select_date_range(
$fields['chose_range'] = __('Chose start/end date period'); $fields['chose_range'] = __('Chose start/end date period');
$fields['none'] = __('None'); $fields['none'] = __('None');
$output = html_print_input_hidden('custom_date', $custom_date, true); $output = html_print_input_hidden('custom_date', $custom_date, true, false, false, 'hidden-custom_date_'.$name);
$output .= '<div id="'.$name.'_default" class="wauto inline_flex" '.$display_default.'>'; $output .= '<div id="'.$name.'_default" class="wauto inline_flex" '.$display_default.'>';
$output .= html_print_select( $output .= html_print_select(
$fields, $fields,
@ -7914,13 +7915,13 @@ function html_print_select_date_range(
$table->data = []; $table->data = [];
$table->class = 'table-adv-filter'; $table->class = 'table-adv-filter';
$table->data[0][0] = '<div><div><div><span class="font-title-font">'.__('From').':</span></div>'; $table->data[0][0] = '<div><div><div><span class="font-title-font">'.__('From').':</span></div>';
$table->data[0][0] .= html_print_input_text('date_init', $date_init, '', 12, 10, true).' '; $table->data[0][0] .= html_print_input_text('date_init', $date_init, '', 12, 10, true, false, false, '', '', '', 'off', false, '', '', '', false, '', null, null, 'date_init_'.$name).' ';
$table->data[0][0] .= html_print_input_text('time_init', $time_init, '', 10, 7, true).' '; $table->data[0][0] .= html_print_input_text('time_init', $time_init, '', 10, 7, true, false, false, '', '', '', 'off', false, '', '', '', false, '', null, null, 'time_init_'.$name).' ';
$table->data[0][0] .= '</div>'; $table->data[0][0] .= '</div>';
$table->data[0][0] .= '<div><div><span class="font-title-font">'.__('to').':</span></div>'; $table->data[0][0] .= '<div><div><span class="font-title-font">'.__('to').':</span></div>';
$table->data[0][0] .= html_print_input_text('date_end', $date_end, '', 12, 10, true).' '; $table->data[0][0] .= html_print_input_text('date_end', $date_end, '', 12, 10, true, false, false, '', '', '', 'off', false, '', '', '', false, '', null, null, 'date_end_'.$name).' ';
$table->data[0][0] .= '<div id="'.$name.'_manual" class="w100p inline_line">'; $table->data[0][0] .= '<div id="'.$name.'_manual" class="w100p inline_line">';
$table->data[0][0] .= html_print_input_text('time_end', $time_end, '', 10, 7, true).' '; $table->data[0][0] .= html_print_input_text('time_end', $time_end, '', 10, 7, true, false, false, '', '', '', 'off', false, '', '', '', false, '', null, null, 'time_end_'.$name).' ';
$table->data[0][0] .= ' <a href="javascript:">'.html_print_image( $table->data[0][0] .= ' <a href="javascript:">'.html_print_image(
'images/logs@svg.svg', 'images/logs@svg.svg',
true, true,
@ -7991,13 +7992,13 @@ function html_print_select_date_range(
$('#".$name."_range').show(); $('#".$name."_range').show();
$('#".$name."_default').hide(); $('#".$name."_default').hide();
$('#".$name."_extend').hide(); $('#".$name."_extend').hide();
$('#hidden-custom_date').val('1'); $('#hidden-custom_date_".$name."').val('1');
$('.filter_label_position_before').addClass('filter_label_position_after'); $('.filter_label_position_before').addClass('filter_label_position_after');
} else if ($(this).val() === 'custom') { } else if ($(this).val() === 'custom') {
$('#".$name."_range').hide(); $('#".$name."_range').hide();
$('#".$name."_default').hide(); $('#".$name."_default').hide();
$('#".$name."_extend').show(); $('#".$name."_extend').show();
$('#hidden-custom_date').val('2'); $('#hidden-custom_date_".$name."').val('2');
$('.filter_label_position_before').removeClass('filter_label_position_after'); $('.filter_label_position_before').removeClass('filter_label_position_after');
} else { } else {
$('.filter_label_position_before').removeClass('filter_label_position_after'); $('.filter_label_position_before').removeClass('filter_label_position_after');
@ -8015,8 +8016,8 @@ function html_print_select_date_range(
$('#".$name."_range').show(); $('#".$name."_range').show();
$('#".$name."_default').hide(); $('#".$name."_default').hide();
$('#".$name."_extend').hide(); $('#".$name."_extend').hide();
position_top_init = $('#text-date_init').offset().top + $('#text-date_init').outerHeight(); position_top_init = $('[id^=date_init_".$name."]').offset().top + $('[id^=date_init_".$name."]').outerHeight();
position_top_end = $('#text-date_end').offset().top + $('#text-date_end').outerHeight(); position_top_end = $('[id^=date_end_".$name."]').offset().top + $('[id^=date_end_".$name."]').outerHeight();
if(def_state_range){ if(def_state_range){
$('#".$name."_range').show(); $('#".$name."_range').show();
} else { } else {
@ -8042,7 +8043,7 @@ function html_print_select_date_range(
$('#".$name."_range').hide(); $('#".$name."_range').hide();
$('#".$name."_extend').hide(); $('#".$name."_extend').hide();
$('#".$name."').val('".SECONDS_1DAY."').trigger('change'); $('#".$name."').val('".SECONDS_1DAY."').trigger('change');
$('#hidden-custom_date').val('0'); $('#hidden-custom_date_".$name."').val('0');
} }
$('#text-date').datepicker({ $('#text-date').datepicker({
@ -8052,7 +8053,7 @@ function html_print_select_date_range(
showAnim: 'slideDown' showAnim: 'slideDown'
}); });
$('[id^=text-time_init]').timepicker({ $('[id^=time_init_".$name."]').timepicker({
showSecond: true, showSecond: true,
timeFormat: '".$time_format_js."', timeFormat: '".$time_format_js."',
timeOnlyTitle: '".__('Choose time')."', timeOnlyTitle: '".__('Choose time')."',
@ -8064,7 +8065,7 @@ function html_print_select_date_range(
closeText: '".__('Close')."' closeText: '".__('Close')."'
}); });
$('[id^=text-date_init]').datepicker ({ $('[id^=date_init_".$name."]').datepicker ({
dateFormat: '".$date_format_js."', dateFormat: '".$date_format_js."',
changeMonth: true, changeMonth: true,
changeYear: true, changeYear: true,
@ -8073,9 +8074,9 @@ function html_print_select_date_range(
beforeShowDay: function (date) { beforeShowDay: function (date) {
show_datepicker = 'date_init'; show_datepicker = 'date_init';
var date_now = date.getTime(); var date_now = date.getTime();
var date_ini_split = $('[id^=text-date_init]').val().split('/'); var date_ini_split = $('[id^=date_init_".$name."]').val().split('/');
var date_ini = new Date(date_ini_split[1]+'/'+date_ini_split[2]+'/'+date_ini_split[0]).getTime(); var date_ini = new Date(date_ini_split[1]+'/'+date_ini_split[2]+'/'+date_ini_split[0]).getTime();
var date_end_split = $('[id^=text-date_end]').val().split('/'); var date_end_split = $('[id^=date_end_".$name."]').val().split('/');
var date_end = new Date(date_end_split[1]+'/'+date_end_split[2]+'/'+date_end_split[0]).getTime(); var date_end = new Date(date_end_split[1]+'/'+date_end_split[2]+'/'+date_end_split[0]).getTime();
if (date_now > date_ini && date_now < date_end) { if (date_now > date_ini && date_now < date_end) {
return [true, 'ui-date-range-in', 'prueba']; return [true, 'ui-date-range-in', 'prueba'];
@ -8086,7 +8087,7 @@ function html_print_select_date_range(
} }
}); });
$('[id^=text-date_end]').datepicker ({ $('[id^=date_end_".$name."]').datepicker ({
dateFormat: '".$date_format_js."', dateFormat: '".$date_format_js."',
changeMonth: true, changeMonth: true,
changeYear: true, changeYear: true,
@ -8095,9 +8096,9 @@ function html_print_select_date_range(
beforeShowDay: function (date) { beforeShowDay: function (date) {
show_datepicker = 'date_end'; show_datepicker = 'date_end';
var date_now = date.getTime(); var date_now = date.getTime();
var date_ini_split = $('[id^=text-date_init]').val().split('/'); var date_ini_split = $('[id^=date_init_".$name."]').val().split('/');
var date_ini = new Date(date_ini_split[1]+'/'+date_ini_split[2]+'/'+date_ini_split[0]).getTime(); var date_ini = new Date(date_ini_split[1]+'/'+date_ini_split[2]+'/'+date_ini_split[0]).getTime();
var date_end_split = $('[id^=text-date_end]').val().split('/'); var date_end_split = $('[id^=date_end_".$name."]').val().split('/');
var date_end = new Date(date_end_split[1]+'/'+date_end_split[2]+'/'+date_end_split[0]).getTime(); var date_end = new Date(date_end_split[1]+'/'+date_end_split[2]+'/'+date_end_split[0]).getTime();
if (date_now > date_ini && date_now < date_end) { if (date_now > date_ini && date_now < date_end) {
return [true, 'ui-date-range-in', 'prueba']; return [true, 'ui-date-range-in', 'prueba'];
@ -8105,10 +8106,10 @@ function html_print_select_date_range(
return [true, 'ui-datepicker-current-day', '']; return [true, 'ui-datepicker-current-day', ''];
} }
return [true, '', '']; return [true, '', ''];
} },
}); });
$('[id^=text-time_end]').timepicker({ $('[id^=time_end_".$name."]').timepicker({
showSecond: true, showSecond: true,
timeFormat: '".$time_format_js."', timeFormat: '".$time_format_js."',
timeOnlyTitle: '".__('Choose time')."', timeOnlyTitle: '".__('Choose time')."',

10
pandora_console/include/javascript/pandora_dashboards.js
View File

@ -24,12 +24,6 @@ function show_option_dialog(settings) {
method: "updateDashboard", method: "updateDashboard",
dataType: "json" dataType: "json"
}, },
oncancel: {
reload: true
},
onclose: {
reload: true
},
ajax_callback: update_dashboard ajax_callback: update_dashboard
}); });
} }
@ -483,10 +477,6 @@ function initialiceLayout(data) {
function configurationWidget(cellId, widgetId, size) { function configurationWidget(cellId, widgetId, size) {
var reload = 0; var reload = 0;
var overlay = false; var overlay = false;
if (widgetId == 46) {
reload = 1;
overlay = true;
}
title = $("#hidden-widget_name_" + cellId).val(); title = $("#hidden-widget_name_" + cellId).val();
load_modal({ load_modal({
target: $("#modal-config-widget"), target: $("#modal-config-widget"),

5
pandora_console/include/javascript/pandora_events.js
View File

@ -1338,7 +1338,6 @@ function listen_event_sound(settings) {
); );
} }
let sound_listener;
function check_event_sound(settings) { function check_event_sound(settings) {
// Update elements time. // Update elements time.
$(".elements-discovered-alerts ul li").each(function() { $(".elements-discovered-alerts ul li").each(function() {
@ -1382,7 +1381,7 @@ function check_event_sound(settings) {
}, },
function(data) { function(data) {
if (data != false) { if (data != false) {
clearTimeout(sound_listener); clearTimeout(window.sound_listener);
// Hide empty. // Hide empty.
$("#tabs-sound-modal .empty-discovered-alerts").addClass( $("#tabs-sound-modal .empty-discovered-alerts").addClass(
"invisible_important" "invisible_important"
@ -1434,7 +1433,7 @@ function check_event_sound(settings) {
}); });
// -100 delay sound. // -100 delay sound.
sound_listener = setTimeout( window.sound_listener = setTimeout(
remove_audio, remove_audio,
parseInt($("#tabs-sound-modal #time_sound").val()) * 1000 - 100 parseInt($("#tabs-sound-modal #time_sound").val()) * 1000 - 100
); );

83
pandora_console/include/lib/Dashboard/Widgets/security_hardening.php
View File

@ -270,8 +270,8 @@ class SecurityHardening extends Widget
'id' => 'row_date', 'id' => 'row_date',
'class' => 'row_input', 'class' => 'row_input',
'arguments' => [ 'arguments' => [
'id' => 'range', 'id' => 'range_vulnerability',
'name' => 'range', 'name' => 'range_vulnerability',
'type' => 'date_range', 'type' => 'date_range',
'selected' => 'chose_range', 'selected' => 'chose_range',
'date_init' => date('Y/m/d', $values['date_init']), 'date_init' => date('Y/m/d', $values['date_init']),
@ -301,7 +301,7 @@ class SecurityHardening extends Widget
$values['limit'] = \get_parameter('limit', 10); $values['limit'] = \get_parameter('limit', 10);
$values['category'] = \get_parameter('category', 6); $values['category'] = \get_parameter('category', 6);
$values['ignore_skipped'] = \get_parameter_switch('ignore_skipped', 0); $values['ignore_skipped'] = \get_parameter_switch('ignore_skipped', 0);
$date = $this->getDateParameter(); $date = \get_parameter_date('range_vulnerability', '', 'U');
$values['date_init'] = $date['date_init']; $values['date_init'] = $date['date_init'];
$values['date_end'] = $date['date_end']; $values['date_end'] = $date['date_end'];
return $values; return $values;
@ -366,75 +366,6 @@ class SecurityHardening extends Widget
} }
/**
* Returns the date in an object obtained by parameter.
*
* @return object Object with date_init, date_end and period.
*/
private function getDateParameter()
{
$date_end = get_parameter('date_end', 0);
$time_end = get_parameter('time_end');
$datetime_end = strtotime($date_end.' '.$time_end);
$custom_date = get_parameter('custom_date', 0);
$range = get_parameter('range', SECONDS_1DAY);
$date_text = get_parameter('range_text', SECONDS_1DAY);
$date_init_less = (strtotime(date('Y/m/d')) - SECONDS_1DAY);
$date_init = get_parameter('date_init', date(DATE_FORMAT, $date_init_less));
$time_init = get_parameter('time_init', date(TIME_FORMAT, $date_init_less));
$datetime_init = strtotime($date_init.' '.$time_init);
if ($custom_date === '1') {
if ($datetime_init >= $datetime_end) {
$datetime_init = $date_init_less;
}
$date_init = date('Y/m/d H:i:s', $datetime_init);
$date_end = date('Y/m/d H:i:s', $datetime_end);
$period = ($datetime_end - $datetime_init);
} else if ($custom_date === '2') {
$date_units = get_parameter('range_units');
$date_end = date('Y/m/d H:i:s');
$date_init = date('Y/m/d H:i:s', (strtotime($date_end) - ((int) $date_text * (int) $date_units)));
$period = (strtotime($date_end) - strtotime($date_init));
} else if (in_array($range, ['this_week', 'this_month', 'past_week', 'past_month'])) {
if ($range === 'this_week') {
$monday = date('Y/m/d', strtotime('last monday'));
$sunday = date('Y/m/d', strtotime($monday.' +6 days'));
$period = (strtotime($sunday) - strtotime($monday));
$date_init = $monday;
$date_end = $sunday;
} else if ($range === 'this_month') {
$date_end = date('Y/m/d', strtotime('last day of this month'));
$first_of_month = date('Y/m/d', strtotime('first day of this month'));
$date_init = $first_of_month;
$period = (strtotime($date_end) - strtotime($first_of_month));
} else if ($range === 'past_month') {
$date_end = date('Y/m/d', strtotime('last day of previous month'));
$first_of_month = date('Y/m/d', strtotime('first day of previous month'));
$date_init = $first_of_month;
$period = (strtotime($date_end) - strtotime($first_of_month));
} else if ($range === 'past_week') {
$date_end = date('Y/m/d', strtotime('sunday', strtotime('last week')));
$first_of_week = date('Y/m/d', strtotime('monday', strtotime('last week')));
$date_init = $first_of_week;
$period = (strtotime($date_end) - strtotime($first_of_week));
}
} else {
$date_end = date('Y/m/d H:i:s');
$date_init = date('Y/m/d H:i:s', (strtotime($date_end) - $range));
$period = (strtotime($date_end) - strtotime($date_init));
}
return [
'date_init' => strtotime($date_init),
'date_end' => strtotime($date_end),
'period' => $period,
];
}
/** /**
* Check user's acl using group. * Check user's acl using group.
* *
@ -692,6 +623,7 @@ class SecurityHardening extends Widget
*/ */
private function vulnerabilitiesByCategory($group, $category, $ignore_skipped=true) private function vulnerabilitiesByCategory($group, $category, $ignore_skipped=true)
{ {
global $config;
$labels = [ $labels = [
__('Passed'), __('Passed'),
__('Failed'), __('Failed'),
@ -749,7 +681,7 @@ class SecurityHardening extends Widget
$total = (count($vulnerabilities['pass']) + count($vulnerabilities['fail'])); $total = (count($vulnerabilities['pass']) + count($vulnerabilities['fail']));
if ($ignore_skipped === false) { if ($ignore_skipped === false && isset($vulnerabilities['skipped']) === true) {
$data[] = count($vulnerabilities['skipped']); $data[] = count($vulnerabilities['skipped']);
$total += count($vulnerabilities['skipped']); $total += count($vulnerabilities['skipped']);
$labels[] = __('Skipped'); $labels[] = __('Skipped');
@ -763,18 +695,19 @@ class SecurityHardening extends Widget
'display' => true, 'display' => true,
'position' => 'right', 'position' => 'right',
'align' => 'center', 'align' => 'center',
'fonts' => [ 'size' => '12' ],
], ],
'elements' => [ 'elements' => [
'center' => [ 'center' => [
'text' => $total, 'text' => $total,
'color' => '#2c3e50', 'color' => ($config['style'] === 'pandora_black') ? '#ffffff' : '#2c3e50',
], ],
], ],
'labels' => $labels, 'labels' => $labels,
'colors' => [ 'colors' => [
'#82b92e', '#82b92e',
'#e63c52', '#e63c52',
'#E4E4E4', ($config['style'] === 'pandora_black') ? '#666' : '#E4E4E4',
], ],
] ]
); );