tyler.durden/pandorafms
1
0
Fork 0
mirror of https://github.com/pandorafms/pandorafms.git synced 2025-07-29 16:55:05 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch '1752-Error_critico_de_seguridad_en_Consola_6.0' into 'pandora_6.0'

Browse Source 
fixed validate ip for create agent and network tools

See merge request artica/pandorafms!1235
This commit is contained in:
vgilc 2018-01-08 16:48:03 +01:00
commit 3caa5b8cf1
3 changed files with 147 additions and 94 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
pandora_console/extensions/net_tools.php
View File

@ -155,6 +155,10 @@ function main_net_tools () {
$community = get_parameter ("community", "public"); $community = get_parameter ("community", "public");
$ip = get_parameter("select_ips"); $ip = get_parameter("select_ips");
if(!validate_address($ip)){
ui_print_error_message(__('The ip or dns name entered cannot be resolved'));
}
else{
switch($operation) { switch($operation) {
case 1: case 1:
$traceroute = whereis_the_command ('traceroute'); $traceroute = whereis_the_command ('traceroute');
@ -249,6 +253,7 @@ function main_net_tools () {
} }
break; break;
} }
}
echo "</div>"; echo "</div>";
} }

26
pandora_console/godmode/agentes/configurar_agente.php
View File

@ -146,10 +146,20 @@ $module_macros = array ();
// Create agent // Create agent
if ($create_agent) { if ($create_agent) {
$mssg_warning = 0;
$nombre_agente = (string) get_parameter_post("agente",''); $nombre_agente = (string) get_parameter_post("agente",'');
$direccion_agente = (string) get_parameter_post("direccion",''); $direccion_agente = (string) get_parameter_post("direccion",'');
//safe_output only validate ip
$direccion_agente = trim(io_safe_output($direccion_agente)); $direccion_agente = trim(io_safe_output($direccion_agente));
if(!validate_address($direccion_agente)){
$mssg_warning = 1;
}
//safe-input before validate ip
$direccion_agente = io_safe_input($direccion_agente); $direccion_agente = io_safe_input($direccion_agente);
$grupo = (int) get_parameter_post ("grupo"); $grupo = (int) get_parameter_post ("grupo");
$intervalo = (string) get_parameter_post ("intervalo", SECONDS_5MINUTES); $intervalo = (string) get_parameter_post ("intervalo", SECONDS_5MINUTES);
$comentarios = (string) get_parameter_post ("comentarios", ''); $comentarios = (string) get_parameter_post ("comentarios", '');
@ -594,6 +604,10 @@ if ($create_agent) {
ui_print_result_message ($agent_created_ok, ui_print_result_message ($agent_created_ok,
__('Successfully created'), __('Successfully created'),
$agent_creation_error); $agent_creation_error);
if($mssg_warning){
ui_print_warning_message(__('The ip or dns name entered cannot be resolved'));
}
} }
// Fix / Normalize module data // Fix / Normalize module data
@ -635,10 +649,18 @@ $update_agent = (bool) get_parameter ('update_agent');
// Update AGENT // Update AGENT
if ($update_agent) { // if modified some agent paramenter if ($update_agent) { // if modified some agent paramenter
$mssg_warning = 0;
$id_agente = (int) get_parameter_post ("id_agente"); $id_agente = (int) get_parameter_post ("id_agente");
$nombre_agente = str_replace('`','&lsquo;',(string) get_parameter_post ("agente", "")); $nombre_agente = str_replace('`','&lsquo;',(string) get_parameter_post ("agente", ""));
$direccion_agente = (string) get_parameter_post ("direccion", ''); $direccion_agente = (string) get_parameter_post ("direccion", '');
//safe_output only validate ip
$direccion_agente = trim(io_safe_output($direccion_agente)); $direccion_agente = trim(io_safe_output($direccion_agente));
if(!validate_address($direccion_agente)){
$mssg_warning = 1;
}
//safe-input before validate ip
$direccion_agente = io_safe_input($direccion_agente); $direccion_agente = io_safe_input($direccion_agente);
$address_list = (string) get_parameter_post ("address_list", ''); $address_list = (string) get_parameter_post ("address_list", '');
@ -699,6 +721,10 @@ if ($update_agent) { // if modified some agent paramenter
} }
} }
if($mssg_warning){
ui_print_warning_message(__('The ip or dns name entered cannot be resolved'));
}
//Verify if there is another agent with the same name but different ID //Verify if there is another agent with the same name but different ID
if ($nombre_agente == "") { if ($nombre_agente == "") {
ui_print_error_message(__('No agent name specified')); ui_print_error_message(__('No agent name specified'));

22
pandora_console/include/functions.php
View File

@ -2699,4 +2699,26 @@ function remove_right_zeros ($value) {
return $value; return $value;
} }
} }
/**
* returns true or false if it is a valid ip
* checking ipv4 and ipv6 or resolves the name dns
* @param string address
*
*/
function validate_address($address){
if($address){
if(!filter_var($address, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) {
if(!filter_var($address, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
$ip_address_dns = gethostbyname($address);
if(!filter_var($ip_address_dns, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) {
if(!filter_var($ip_address_dns, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
return false;
}
}
}
}
}
return true;
}
?> ?>