Merge branch 'ent-4984-netflow-vulnerability' into 'develop'

Fixed netflow command injection vulnerability See merge request artica/pandorafms!2933
2019-12-10 16:43:29 +01:00 · 2019-12-10 16:43:29 +01:00 · 35298d754a
parent d033b7d95a 22cd129f71
commit 35298d754a
1 changed files with 86 additions and 87 deletions
--- a/pandora_console/include/functions_netflow.php
+++ b/pandora_console/include/functions_netflow.php
@ -890,7 +890,7 @@ function netflow_get_command($filter)
    }

    // Filter options.
-    $command .= netflow_get_filter_arguments($filter);
+    $command .= ' '.netflow_get_filter_arguments($filter);

    return $command;
 }
@ -909,16 +909,14 @@ function netflow_get_filter_arguments($filter)
    $filter_args = '';
    if ($filter['advanced_filter'] != '') {
        $filter_args = preg_replace('/["\r\n]/', '', io_safe_output($filter['advanced_filter']));
-        return ' "('.$filter_args.')"';
-    }
-
+    } else {
        if ($filter['router_ip'] != '') {
-        $filter_args .= ' "(router ip '.$filter['router_ip'].')';
+            $filter_args .= ' (router ip '.$filter['router_ip'].')';
        }

        // Normal filter.
        if ($filter['ip_dst'] != '') {
-        $filter_args .= ' "(';
+            $filter_args .= ' (';
            $val_ipdst = explode(',', io_safe_output($filter['ip_dst']));
            for ($i = 0; $i < count($val_ipdst); $i++) {
                if ($i > 0) {
@ -937,7 +935,7 @@ function netflow_get_filter_arguments($filter)

        if ($filter['ip_src'] != '') {
            if ($filter_args == '') {
-            $filter_args .= ' "(';
+                $filter_args .= ' (';
            } else {
                $filter_args .= ' and (';
            }
@ -960,7 +958,7 @@ function netflow_get_filter_arguments($filter)

        if ($filter['dst_port'] != '') {
            if ($filter_args == '') {
-            $filter_args .= ' "(';
+                $filter_args .= ' (';
            } else {
                $filter_args .= ' and (';
            }
@ -979,7 +977,7 @@ function netflow_get_filter_arguments($filter)

        if ($filter['src_port'] != '') {
            if ($filter_args == '') {
-            $filter_args .= ' "(';
+                $filter_args .= ' (';
            } else {
                $filter_args .= ' and (';
            }
@ -998,7 +996,7 @@ function netflow_get_filter_arguments($filter)

        if (isset($filter['proto']) && $filter['proto'] != '') {
            if ($filter_args == '') {
-            $filter_args .= ' "(';
+                $filter_args .= ' (';
            } else {
                $filter_args .= ' and (';
            }
@ -1014,9 +1012,10 @@ function netflow_get_filter_arguments($filter)

            $filter_args .= ')';
        }
+    }

    if ($filter_args != '') {
-        $filter_args .= '"';
+        $filter_args = escapeshellarg($filter_args);
    }

    return $filter_args;