fix vulnerabilities events and api and fixed metaconsole responses pandora_enterprise#13728

This commit is contained in:
daniel 2024-05-16 18:10:19 +02:00
parent f00dc40f2d
commit 36c972c175
4 changed files with 118 additions and 138 deletions

View File

@ -1205,13 +1205,8 @@ if ($get_response === true) {
if (empty($event_id) === false) {
try {
$target_metaconsole = '';
if (is_metaconsole() === true
&& $server_id > 0
) {
$target_metaconsole = io_safe_output(db_get_value('target', 'tevent_response', 'id', $event_response['id']));
if (is_metaconsole() === true && $server_id > 0) {
$node = new Node($server_id);
$node->connect();
}
$event_response['target'] = events_get_response_target(
@ -1220,28 +1215,13 @@ if ($get_response === true) {
$response_parameters,
$server_id,
($server_id !== 0) ? $node->server_name() : 'Metaconsole',
$target_metaconsole
);
} catch (\Exception $e) {
// Unexistent agent.
if (is_metaconsole() === true
&& $server_id > 0
) {
$node->disconnect();
}
return;
} finally {
if (is_metaconsole() === true
&& $server_id > 0
) {
$node->disconnect();
}
}
}
echo json_encode($event_response);
return;
}
@ -1313,23 +1293,29 @@ if ($get_response_massive === true) {
if ($get_row_response_action === true) {
$response_id = get_parameter('response_id');
$response = json_decode(
io_safe_output(
get_parameter('response', '')
),
$server_id = get_parameter('server_id');
$event_id = get_parameter('event_id');
$response_parameters = (array) json_decode(
io_safe_output(get_parameter('response_parameters', '')),
true
);
$end = (bool) get_parameter('end', false);
$index = $response['event_id'];
$event_response = db_get_row(
'tevent_response',
'id',
$response_id
);
$index = $event_id;
if (is_metaconsole() === true) {
$index .= '-'.$response['server_id'];
$index .= '-'.$server_id;
}
echo get_row_response_action(
$response,
$response_id,
$end,
$event_response,
$event_id,
$server_id,
$response_parameters,
$index
);
@ -1344,34 +1330,31 @@ if ($perform_event_response === true) {
return;
}
$target = get_parameter('target', '');
$response_id = get_parameter('response_id');
$response_id = (int) get_parameter('response_id', 0);
$event_id = (int) get_parameter('event_id');
$server_id = (int) get_parameter('server_id', 0);
$response = json_decode(
io_safe_output(
get_parameter('response', '')
),
$response_parameters = (array) json_decode(
io_safe_output(get_parameter('response_parameters', '')),
true
);
$event_response = $response;
$event_response = db_get_row(
'tevent_response',
'id',
$response_id
);
if (empty($event_response) === true) {
echo __('No data');
return;
}
$command = $event_response['target'];
// Prevent OS command injection.
$prev_command = get_events_get_response_target($event_id, $event_response, $server_id);
if ($command !== $prev_command) {
echo __('unauthorized');
return;
}
$command_timeout = ($event_response !== false) ? $event_response['command_timeout'] : 90;
$command = get_events_get_response_target(
$event_id,
$event_response,
$server_id,
$response_parameters
);
$command_timeout = (empty($event_response['command_timeout']) === false) ? $event_response['command_timeout'] : 90;
if (enterprise_installed() === true) {
if ($event_response !== false
&& (int) $event_response['server_to_exec'] !== 0
@ -1470,21 +1453,33 @@ if ($dialogue_event_response) {
return;
}
$event_id = get_parameter('event_id');
$response_id = get_parameter('response_id');
$command = get_parameter('target');
$event_response = json_decode(
io_safe_output(
get_parameter('response', '')
),
$event_id = (int) get_parameter('event_id', 0);
$response_id = (int) get_parameter('response_id', 0);
$server_id = (int) get_parameter('server_id', 0);
$response_parameters = (array) json_decode(
io_safe_output(get_parameter('response_parameters', '')),
true
);
$event_response = db_get_row(
'tevent_response',
'id',
$response_id
);
$command = get_events_get_response_target(
$event_id,
$event_response,
$server_id,
$response_parameters
);
switch ($event_response['type']) {
case 'command':
echo get_row_response_action(
$event_response,
$response_id
$event_id,
$server_id,
$response_parameters
);
break;

View File

@ -83,7 +83,7 @@ $apiPassword = io_output_password(
$apiTokenValid = false;
// Try getting bearer token from header.
// TODO. Getting token from url will be removed.
$apiToken = (string) getBearerToken();
$apiToken = (string) io_safe_input(getBearerToken());
if (empty($apiToken) === true) {
// Legacy user/pass token.
// TODO. Revome in future.

View File

@ -631,7 +631,10 @@ function events_update_status($id_evento, $status, $filter=null)
break;
}
$result = db_process_sql($update_sql);
$result = false;
if (empty($update_sql) === false) {
$result = db_process_sql($update_sql);
}
if ($result !== false) {
switch ($status) {
@ -3827,8 +3830,7 @@ function events_get_response_target(
array $event_response,
?array $response_parameters=null,
?int $server_id=0,
?string $server_name='',
?string $target_metaconsole=''
?string $server_name=''
) {
global $config;
@ -3842,9 +3844,6 @@ function events_get_response_target(
$event = db_get_row('tevento', 'id_evento', $event_id);
$target = io_safe_output(db_get_value('target', 'tevent_response', 'id', $event_response['id']));
if (empty($target) === true && $target_metaconsole !== '') {
$target = io_safe_output($target_metaconsole);
}
// Replace parameters response.
if (isset($response_parameters) === true
@ -5994,9 +5993,10 @@ function events_get_criticity_class($criticity)
*/
function get_row_response_action(
array $event_response,
?int $response_id,
$end=false,
$index=null
?int $id_event,
?int $server_id,
?array $response_parameters=[],
?string $index=null
) {
$output = '<div class="container-massive-events-response-cell">';
$display_command = (bool) $event_response['display_command'];
@ -6005,7 +6005,7 @@ function get_row_response_action(
// String command.
$output .= '<div class="container-massive-events-response-command">';
$output .= '<b>';
$output .= __('Event # %d', $event_response['event_id']);
$output .= __('Event # %d', $id_event);
if (empty($command_str) === false) {
$output .= ' ';
$output .= __('Executing command: ');
@ -6028,11 +6028,18 @@ function get_row_response_action(
// Butom.
$output .= '<div id="re_exec_command'.$index.'" style="display:none" class="container-massive-events-response-execute">';
$info = [
'response_id' => $event_response['id'],
'server_id' => $server_id,
'event_id' => $id_event,
'response_parameters' => $response_parameters,
];
$output .= html_print_button(
__('Execute again'),
'btn_str',
false,
'perform_response("'.base64_encode(json_encode($event_response)).'",'.$response_id.',"'.trim($index).'")',
'perform_response("'.base64_encode(json_encode($info)).'","'.trim($index).'")',
[
'icon' => 'next',
'mode' => 'mini secondary',
@ -6063,13 +6070,8 @@ function get_events_get_response_target(
$response_parameters=[]
) {
try {
$target_metaconsole = '';
if (is_metaconsole() === true
&& $server_id > 0
) {
$target_metaconsole = io_safe_output(db_get_value('target', 'tevent_response', 'id', $event_response['id']));
if (is_metaconsole() === true && $server_id > 0) {
$node = new Node($server_id);
$node->connect();
}
return events_get_response_target(
@ -6077,24 +6079,10 @@ function get_events_get_response_target(
$event_response,
$response_parameters,
$server_id,
($server_id !== 0) ? $node->server_name() : 'Metaconsole',
$target_metaconsole
($server_id !== 0) ? $node->server_name() : 'Metaconsole'
);
} catch (\Exception $e) {
// Unexistent agent.
if (is_metaconsole() === true
&& $server_id > 0
) {
$node->disconnect();
}
return '';
} finally {
if (is_metaconsole() === true
&& $server_id > 0
) {
$node->disconnect();
}
}
}

View File

@ -143,7 +143,14 @@ function execute_response(event_id, server_id) {
if (response["type"] == "url" && response["new_window"] == 1) {
window.open(response["target"], "_blank");
} else {
show_response_dialog(response_id, response);
var data = {};
data.response_id = response_id;
data.server_id = server_id;
data.event_id = event_id;
data.response_parameters = response_parameters;
data.modal_width = response["modal_width"];
data.modal_height = response["modal_height"];
show_response_dialog(data);
}
}
});
@ -173,12 +180,10 @@ function execute_response_massive(events, response_id, response_parameters) {
// Convert to array.
var array_data = Object.entries(data.event_response_targets);
var total_count = array_data.length;
// Each input checkeds.
array_data.forEach(function(element, index) {
var id = element[0];
var target = element[1].target;
var meta = $("#hidden-meta").val();
var event_id = id;
var server_id = 0;
@ -188,25 +193,22 @@ function execute_response_massive(events, response_id, response_parameters) {
server_id = split_id[1];
}
var end = 0;
if (total_count - 1 === index) {
end = 1;
}
var response = data.event_response;
response["event_id"] = event_id;
response["server_id"] = server_id;
response["target"] = target;
if (response["type"] == "url" && response["new_window"] == 1) {
window.open(response["target"], "_blank");
if (
data.event_response["type"] == "url" &&
data.event_response["new_window"] == 1
) {
window.open(data.event_response["target"], "_blank");
} else {
var params = [];
params.push({ name: "page", value: "include/ajax/events" });
params.push({ name: "get_row_response_action", value: 1 });
params.push({ name: "response_id", value: response_id });
params.push({ name: "server_id", value: response.server_id });
params.push({ name: "end", value: end });
params.push({ name: "response", value: JSON.stringify(response) });
params.push({ name: "server_id", value: server_id });
params.push({ name: "event_id", value: event_id });
params.push({
name: "response_parameters",
value: response_parameters
});
jQuery.ajax({
data: params,
@ -215,20 +217,17 @@ function execute_response_massive(events, response_id, response_parameters) {
dataType: "html",
success: function(data) {
$(".container-massive-events-response").append(data);
response["event_id"] = event_id;
response["server_id"] = server_id;
response["target"] = target;
var indexstr = event_id;
if (meta != 0) {
indexstr += "-" + server_id;
}
perform_response(
btoa(JSON.stringify(response)),
response_id,
indexstr
);
var info = {};
info.response_id = response_id;
info.server_id = server_id;
info.event_id = event_id;
info.response_parameters = JSON.parse(response_parameters);
perform_response(btoa(JSON.stringify(info)), indexstr);
}
});
}
@ -238,15 +237,17 @@ function execute_response_massive(events, response_id, response_parameters) {
}
//Show the modal window of an event response
function show_response_dialog(response_id, response) {
function show_response_dialog(info) {
var params = [];
params.push({ name: "page", value: "include/ajax/events" });
params.push({ name: "dialogue_event_response", value: 1 });
params.push({ name: "event_id", value: response.event_id });
params.push({ name: "target", value: response.target });
params.push({ name: "response_id", value: response_id });
params.push({ name: "server_id", value: response.server_id });
params.push({ name: "response", value: JSON.stringify(response) });
params.push({ name: "event_id", value: info.event_id });
params.push({ name: "response_id", value: info.response_id });
params.push({ name: "server_id", value: info.server_id });
params.push({
name: "response_parameters",
value: JSON.stringify(info.response_parameters)
});
var view = ``;
@ -272,10 +273,10 @@ function show_response_dialog(response_id, response) {
draggable: true,
modal: false,
open: function() {
perform_response(btoa(JSON.stringify(response)), response_id, "");
perform_response(btoa(JSON.stringify(info)));
},
width: response["modal_width"],
height: response["modal_height"],
width: info.modal_width,
height: info.modal_height,
buttons: []
})
.show();
@ -284,26 +285,22 @@ function show_response_dialog(response_id, response) {
}
// Perform a response and put the output into a div
function perform_response(response, response_id, index = "") {
function perform_response(info, index = "") {
info = JSON.parse(atob(info));
$("#re_exec_command" + index).hide();
$("#response_loading_command" + index).show();
$("#response_out" + index).html("");
try {
response = JSON.parse(atob(response));
} catch (e) {
console.error(e);
return;
}
var params = [];
params.push({ name: "page", value: "include/ajax/events" });
params.push({ name: "perform_event_response", value: 1 });
params.push({ name: "target", value: response["target"] });
params.push({ name: "response_id", value: response_id });
params.push({ name: "event_id", value: response["event_id"] });
params.push({ name: "server_id", value: response["server_id"] });
params.push({ name: "response", value: JSON.stringify(response) });
params.push({ name: "response_id", value: info.response_id });
params.push({ name: "event_id", value: info.event_id });
params.push({ name: "server_id", value: info.server_id });
params.push({
name: "response_parameters",
value: JSON.stringify(info.response_parameters)
});
jQuery.ajax({
data: params,