tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'ent-4984-netflow-vulnerability' into 'develop' 

Fixed netflow command injection vulnerability

See merge request artica/pandorafms!2933
This commit is contained in:
Daniel Rodriguez 2019-12-10 16:43:29 +01:00
parent d033b7d95a 22cd129f71
commit 35298d754a
1 changed files with 86 additions and 87 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

173
pandora_console/include/functions_netflow.php
View File

@ -890,7 +890,7 @@ function netflow_get_command($filter)
} }
// Filter options. // Filter options.
$command .= netflow_get_filter_arguments($filter); $command .= ' '.netflow_get_filter_arguments($filter);
return $command; return $command;
} }
@ -909,114 +909,113 @@ function netflow_get_filter_arguments($filter)
$filter_args = ''; $filter_args = '';
if ($filter['advanced_filter'] != '') { if ($filter['advanced_filter'] != '') {
$filter_args = preg_replace('/["\r\n]/', '', io_safe_output($filter['advanced_filter'])); $filter_args = preg_replace('/["\r\n]/', '', io_safe_output($filter['advanced_filter']));
return ' "('.$filter_args.')"'; } else {
} if ($filter['router_ip'] != '') {
$filter_args .= ' (router ip '.$filter['router_ip'].')';
}
if ($filter['router_ip'] != '') { // Normal filter.
$filter_args .= ' "(router ip '.$filter['router_ip'].')'; if ($filter['ip_dst'] != '') {
} $filter_args .= ' (';
$val_ipdst = explode(',', io_safe_output($filter['ip_dst']));
for ($i = 0; $i < count($val_ipdst); $i++) {
if ($i > 0) {
$filter_args .= ' or ';
}
// Normal filter. if (netflow_is_net($val_ipdst[$i]) == 0) {
if ($filter['ip_dst'] != '') { $filter_args .= 'dst ip '.$val_ipdst[$i];
$filter_args .= ' "('; } else {
$val_ipdst = explode(',', io_safe_output($filter['ip_dst'])); $filter_args .= 'dst net '.$val_ipdst[$i];
for ($i = 0; $i < count($val_ipdst); $i++) { }
if ($i > 0) {
$filter_args .= ' or ';
} }
if (netflow_is_net($val_ipdst[$i]) == 0) { $filter_args .= ')';
$filter_args .= 'dst ip '.$val_ipdst[$i]; }
if ($filter['ip_src'] != '') {
if ($filter_args == '') {
$filter_args .= ' (';
} else { } else {
$filter_args .= 'dst net '.$val_ipdst[$i]; $filter_args .= ' and (';
}
}
$filter_args .= ')';
}
if ($filter['ip_src'] != '') {
if ($filter_args == '') {
$filter_args .= ' "(';
} else {
$filter_args .= ' and (';
}
$val_ipsrc = explode(',', io_safe_output($filter['ip_src']));
for ($i = 0; $i < count($val_ipsrc); $i++) {
if ($i > 0) {
$filter_args .= ' or ';
} }
if (netflow_is_net($val_ipsrc[$i]) == 0) { $val_ipsrc = explode(',', io_safe_output($filter['ip_src']));
$filter_args .= 'src ip '.$val_ipsrc[$i]; for ($i = 0; $i < count($val_ipsrc); $i++) {
if ($i > 0) {
$filter_args .= ' or ';
}
if (netflow_is_net($val_ipsrc[$i]) == 0) {
$filter_args .= 'src ip '.$val_ipsrc[$i];
} else {
$filter_args .= 'src net '.$val_ipsrc[$i];
}
}
$filter_args .= ')';
}
if ($filter['dst_port'] != '') {
if ($filter_args == '') {
$filter_args .= ' (';
} else { } else {
$filter_args .= 'src net '.$val_ipsrc[$i]; $filter_args .= ' and (';
}
}
$filter_args .= ')';
}
if ($filter['dst_port'] != '') {
if ($filter_args == '') {
$filter_args .= ' "(';
} else {
$filter_args .= ' and (';
}
$val_dstport = explode(',', io_safe_output($filter['dst_port']));
for ($i = 0; $i < count($val_dstport); $i++) {
if ($i > 0) {
$filter_args .= ' or ';
} }
$filter_args .= 'dst port '.$val_dstport[$i]; $val_dstport = explode(',', io_safe_output($filter['dst_port']));
} for ($i = 0; $i < count($val_dstport); $i++) {
if ($i > 0) {
$filter_args .= ' or ';
}
$filter_args .= ')'; $filter_args .= 'dst port '.$val_dstport[$i];
}
if ($filter['src_port'] != '') {
if ($filter_args == '') {
$filter_args .= ' "(';
} else {
$filter_args .= ' and (';
}
$val_srcport = explode(',', io_safe_output($filter['src_port']));
for ($i = 0; $i < count($val_srcport); $i++) {
if ($i > 0) {
$filter_args .= ' or ';
} }
$filter_args .= 'src port '.$val_srcport[$i]; $filter_args .= ')';
} }
$filter_args .= ')'; if ($filter['src_port'] != '') {
} if ($filter_args == '') {
$filter_args .= ' (';
if (isset($filter['proto']) && $filter['proto'] != '') { } else {
if ($filter_args == '') { $filter_args .= ' and (';
$filter_args .= ' "(';
} else {
$filter_args .= ' and (';
}
$val_proto = explode(',', io_safe_output($filter['proto']));
for ($i = 0; $i < count($val_proto); $i++) {
if ($i > 0) {
$filter_args .= ' or ';
} }
$filter_args .= 'proto '.$val_proto[$i]; $val_srcport = explode(',', io_safe_output($filter['src_port']));
for ($i = 0; $i < count($val_srcport); $i++) {
if ($i > 0) {
$filter_args .= ' or ';
}
$filter_args .= 'src port '.$val_srcport[$i];
}
$filter_args .= ')';
} }
$filter_args .= ')'; if (isset($filter['proto']) && $filter['proto'] != '') {
if ($filter_args == '') {
$filter_args .= ' (';
} else {
$filter_args .= ' and (';
}
$val_proto = explode(',', io_safe_output($filter['proto']));
for ($i = 0; $i < count($val_proto); $i++) {
if ($i > 0) {
$filter_args .= ' or ';
}
$filter_args .= 'proto '.$val_proto[$i];
}
$filter_args .= ')';
}
} }
if ($filter_args != '') { if ($filter_args != '') {
$filter_args .= '"'; $filter_args = escapeshellarg($filter_args);
} }
return $filter_args; return $filter_args;