tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'ent-4461-Configuracion-integracion-integria' of brutus.artica.lan:artica/pandorafms into ent-4461-Configuracion-integracion-integria

This commit is contained in:
Tatiana Llorente 2019-09-23 13:18:08 +02:00
parent f9a903319c 9bf2980f01
commit 51a1d7c0b7
12 changed files with 412 additions and 324 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
pandora_console/extras/mr/32.sql
View File

@ -4,4 +4,19 @@ UPDATE `tlayout_data` SET `height` = 70 , `width` = 70 WHERE `height` = 0 && `wi
(`type` = 10 && `image` IS NOT NULL && `image` != '' && `image` != 'none') ||
(`type` = 11 && `image` IS NOT NULL && `image` != '' && `image` != 'none' && `show_statistics` = 0));
INSERT INTO `tconfig` (`token`, `value`) VALUES ('integria_enabled', 0);
INSERT INTO `tconfig` (`token`, `value`) VALUES ('integria_user', '');
INSERT INTO `tconfig` (`token`, `value`) VALUES ('integria_pass', '');
INSERT INTO `tconfig` (`token`, `value`) VALUES ('integria_hostname', '');
INSERT INTO `tconfig` (`token`, `value`) VALUES ('integria_api_pass', '');
INSERT INTO `tconfig` (`token`, `value`) VALUES ('integria_req_timeout', 5);
INSERT INTO `tconfig` (`token`, `value`) VALUES ('default_group', '');
INSERT INTO `tconfig` (`token`, `value`) VALUES ('default_criticity', '');
INSERT INTO `tconfig` (`token`, `value`) VALUES ('default_creator', '');
INSERT INTO `tconfig` (`token`, `value`) VALUES ('default_owner', '');
INSERT INTO `tconfig` (`token`, `value`) VALUES ('incident_type', '');
INSERT INTO `tconfig` (`token`, `value`) VALUES ('incident_status', '');
INSERT INTO `tconfig` (`token`, `value`) VALUES ('incident_title', '');
INSERT INTO `tconfig` (`token`, `value`) VALUES ('incident_content', '');
COMMIT;

14
pandora_console/extras/pandoradb_migrate_6.0_to_7.0.mysql.sql
View File

@ -1252,10 +1252,22 @@ DELETE FROM `tconfig` WHERE `token` = 'current_package_enterprise';
INSERT INTO `tconfig` (`token`, `value`) VALUES ('current_package_enterprise', '737');
INSERT INTO `tconfig` (`token`, `value`) VALUES ('status_monitor_fields', 'policy,agent,data_type,module_name,server_type,interval,status,graph,warn,data,timestamp');
UPDATE `tconfig` SET `value` = 'mini_severity,evento,id_agente,estado,timestamp' WHERE `token` LIKE 'event_fields';
DELETE FROM `tconfig` WHERE `token` LIKE 'integria_enabled';
DELETE FROM `tconfig` WHERE `token` LIKE 'integria_api_password';
DELETE FROM `tconfig` WHERE `token` LIKE 'integria_inventory';
DELETE FROM `tconfig` WHERE `token` LIKE 'integria_url';
INSERT INTO `tconfig` (`token`, `value`) VALUES ('integria_user', '');
INSERT INTO `tconfig` (`token`, `value`) VALUES ('integria_pass', '');
INSERT INTO `tconfig` (`token`, `value`) VALUES ('integria_hostname', '');
INSERT INTO `tconfig` (`token`, `value`) VALUES ('integria_api_pass', '');
INSERT INTO `tconfig` (`token`, `value`) VALUES ('integria_req_timeout', 5);
INSERT INTO `tconfig` (`token`, `value`) VALUES ('default_group', '');
INSERT INTO `tconfig` (`token`, `value`) VALUES ('default_criticity', '');
INSERT INTO `tconfig` (`token`, `value`) VALUES ('default_creator', '');
INSERT INTO `tconfig` (`token`, `value`) VALUES ('default_owner', '');
INSERT INTO `tconfig` (`token`, `value`) VALUES ('incident_type', '');
INSERT INTO `tconfig` (`token`, `value`) VALUES ('incident_status', '');
INSERT INTO `tconfig` (`token`, `value`) VALUES ('incident_title', '');
INSERT INTO `tconfig` (`token`, `value`) VALUES ('incident_content', '');
-- ---------------------------------------------------------------------
-- Table `tconfig_os`

2
pandora_console/godmode/setup/setup.php
View File

@ -119,7 +119,7 @@ if (check_acl($config['id_user'], 0, 'AW')) {
$buttons['integria'] = [
'active' => false,
'text' => '<a href="'.ui_get_full_url('index.php?sec=gsetup&sec2=godmode/setup/setup&section=integria').'">'.html_print_image('images/ehorus/ehorus.png', true, ['title' => __('Integria IMS')]).'</a>',
'text' => '<a href="'.ui_get_full_url('index.php?sec=gsetup&sec2=godmode/setup/setup&section=integria').'">'.html_print_image('images/integria.png', true, ['title' => __('Integria IMS')]).'</a>',
];
$buttons['ehorus'] = [

31
pandora_console/godmode/setup/setup_integria.php
View File

@ -61,12 +61,37 @@ if (get_parameter('update_config', 0) == 1) {
if ($config['integria_enabled'] == 1) {
if ($event_response_exists === false) {
// Create 'Create incident in IntegriaIMS from event' event response only when user enables IntegriaIMS integration and it does not exist in database.
db_process_sql_insert('tevent_response', ['name' => io_safe_input('Create incident in IntegriaIMS from event'), 'description' => io_safe_input('Create an incident in Integria IMS from an event'), 'target' => io_safe_input('index.php?sec=incident&sec2=operation/incidents/configure_integriaims_incident&from_event=_event_id_'), 'type' => 'url', 'id_group' => '0', 'modal_width' => '0', 'modal_height' => '0', 'new_window' => '1', 'params' => '', 'server_to_exec' => '0']);
db_process_sql_insert(
'tevent_response',
[
'name' => io_safe_input('Create incident in IntegriaIMS from event'),
'description' => io_safe_input('Create an incident in Integria IMS from an event'),
'target' => io_safe_input('index.php?sec=incident&sec2=operation/incidents/configure_integriaims_incident&from_event=_event_id_'),
'type' => 'url',
'id_group' => '0',
'modal_width' => '0',
'modal_height' => '0',
'new_window' => '1',
'params' => '',
'server_to_exec' => '0',
]
);
}
if ($command_exists === false) {
// Create 'Integria IMS Ticket' command only when user enables IntegriaIMS integration and it does not exist in database.
$id_command_inserted = db_process_sql_insert('talert_commands', ['name' => io_safe_input('Integria IMS Ticket'), 'command' => io_safe_input('perl /usr/share/pandora_server/util/integria_rticket.pl -p '.$config['integria_hostname'].'/integria/include/api.php -u '.$config['integria_api_pass'].','.$config['integria_user'].','.$config['integria_pass'].' -create_ticket -name "_field1_" -desc "_field2_" -group _field3_ -priority _field4_ -owner _field5_ -type _field6_'), 'description' => io_safe_input('Create an incident in Integria IMS'), 'fields_descriptions' => '["'.io_safe_input('Ticket title').'","'.io_safe_input('Ticket description').'","'.io_safe_input('Ticket group ID').'","'.io_safe_input('Ticket priority').'","'.io_safe_input('Ticket owner').'","'.io_safe_input('Ticket type').'"]', 'fields_values' => '["'.io_safe_input($config['incident_title']).'", "'.io_safe_input($config['incident_content']).'", "'.io_safe_input($config['default_group']).'", "'.io_safe_input($config['default_criticity']).'", "'.io_safe_input($config['default_owner']).'", "'.io_safe_input($config['incident_type']).'"]', 'fields_hidden' => '["","","","","","","","","",""]']);
$id_command_inserted = db_process_sql_insert(
'talert_commands',
[
'name' => io_safe_input('Integria IMS Ticket'),
'command' => io_safe_input('perl /usr/share/pandora_server/util/integria_rticket.pl -p '.$config['integria_hostname'].'/integria/include/api.php -u '.$config['integria_api_pass'].','.$config['integria_user'].','.$config['integria_pass'].' -create_ticket -name "_field1_" -desc "_field2_" -group _field3_ -priority _field4_ -owner _field5_ -type _field6_'),
'internal' => 1,
'description' => io_safe_input('Create an incident in Integria IMS'),
'fields_descriptions' => '["'.io_safe_input('Ticket title').'","'.io_safe_input('Ticket description').'","'.io_safe_input('Ticket group ID').'","'.io_safe_input('Ticket priority').'","'.io_safe_input('Ticket owner').'","'.io_safe_input('Ticket type').'"]',
'fields_values' => '["'.io_safe_input($config['incident_title']).'", "'.io_safe_input($config['incident_content']).'", "'.io_safe_input($config['default_group']).'", "'.io_safe_input($config['default_criticity']).'", "'.io_safe_input($config['default_owner']).'", "'.io_safe_input($config['incident_type']).'"]',
'fields_hidden' => '["","","","","","","","","",""]',
]
);
// Create 'Create Integria IMS Ticket' action only when user enables IntegriaIMS integration and command exists in database.
$action_values = [
@ -269,7 +294,7 @@ $row['control'] = html_print_select(
'default_group',
$config['default_group'],
'',
__('Select'),
'',
0,
true,
false,

BIN
pandora_console/images/integria.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 895 B

BIN
pandora_console/images/integria_logo_gray.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 14 KiB

21
pandora_console/include/functions_html.php
View File

@ -3372,12 +3372,20 @@ function html_print_autocomplete_users_from_integria(
$name='users',
$default='',
$return=false,
$size='30'
$size='30',
$disable=false,
$required=false
) {
global $config;
ob_start();
$attrs = ['style' => 'background: url(images/user_green.png) no-repeat right;'];
if ($required) {
$attrs['required'] = 'required';
}
html_print_input_text_extended(
$name,
$default,
@ -3385,12 +3393,17 @@ function html_print_autocomplete_users_from_integria(
'',
$size,
100,
false,
$disable,
'',
['style' => 'background: url(images/user_green.png) no-repeat right;']
$attrs
);
html_print_input_hidden($name.'_hidden', $id_agent_module);
ui_print_help_tip(__('Type at least two characters to search the user.'), false);
if ($disable === true) {
ui_print_help_tip(__('This value cannot be updated.'), false);
} else {
ui_print_help_tip(__('Type at least two characters to search the user.'), false);
}
$javascript_ajax_page = ui_get_full_url('ajax.php', false, false, false, false);
?>

29
pandora_console/include/styles/integriaims.css
View File

@ -94,3 +94,32 @@ div.integria_details_description textarea {
border-left: none;
border-right: none;
}
/* Inputs type text shown as a black line */
.integria_incidents_options input[type="text"] {
background-color: transparent;
border: none;
border-radius: 0;
border-bottom: 1px solid #ccc;
font-family: "lato-bolder", "Open Sans", sans-serif;
font-size: 10pt;
padding: 2px 5px;
box-sizing: border-box;
background-repeat: no-repeat;
background-position: left bottom 2px;
margin-bottom: 4px;
}
.integria_incident_options input[readonly] {
color: #848484;
}
.comment_title {
padding: 5px 10px 5px 20px;
background-color: rgba(130, 185, 46, 0.16);
border-radius: 3px;
}
.comment_body {
padding: 15px 20px 15px 20px;
}

44
pandora_console/include/styles/pandora.css
View File

@ -5342,25 +5342,6 @@ table.info_table.policy_sub_table {
color: #848484;
}
/* Inputs type text shown as a black line */
.integria_incidents_options input[type="text"] {
background-color: transparent;
border: none;
border-radius: 0;
border-bottom: 1px solid #ccc;
font-family: "lato-bolder", "Open Sans", sans-serif;
font-size: 10pt;
padding: 2px 5px;
box-sizing: border-box;
background-repeat: no-repeat;
background-position: left bottom 2px;
margin-bottom: 4px;
}
.integria_incident_options input[readonly] {
color: #848484;
}
/*
* ---------------------------------------------------------------------
* - CLASSES FOR THE NEW TOGGLES -
@ -5903,28 +5884,3 @@ table.table_modal_alternate tr td:first-child {
.fullwidth {
width: 100%;
}
/*
* ---------------------------------------------------------------------
* - INTEGRIA INCIDENTS
* ---------------------------------------------------------------------
*/
div.priority {
width: 80px;
color: #fff;
text-align: center;
border-radius: 5px;
padding: 5px;
display: table-cell;
vertical-align: middle;
}
.comment_title {
padding: 5px 10px 5px 20px;
background-color: rgba(130, 185, 46, 0.16);
border-radius: 3px;
}
.comment_body {
padding: 15px 20px 15px 20px;
}

286
pandora_console/operation/incidents/configure_integriaims_incident.php
View File

@ -48,6 +48,9 @@ if ($has_connection === false) {
return;
}
// Styles.
ui_require_css_file('integriaims');
// If everything OK, get parameters from Integria IMS API in order to populate combos.
$integria_group_values = [];
$integria_criticity_values = [];
@ -106,7 +109,7 @@ if ($update) {
// Perform action.
if ($create_incident === true) {
// Call Integria IMS API method to create an incident.
$result_api_call = integria_api_call($config['integria_hostname'], $incident_creator, $config['integria_pass'], $config['integria_api_pass'], 'create_incident', [$incident_title, $incident_group_id, $incident_criticity_id, $incident_content, '', '0', '', $incident_owner, '0', $incident_status]);
$result_api_call = integria_api_call($config['integria_hostname'], $incident_creator, $config['integria_pass'], $config['integria_api_pass'], 'create_incident', [$incident_title, $incident_group_id, $incident_criticity_id, $incident_content, '', $incident_type, '', $incident_owner, '0', $incident_status]);
// Necessary to explicitly set true if not false because function returns api call result in case of success instead of true value.
$incident_created_ok = ($result_api_call != false) ? true : false;
@ -118,7 +121,7 @@ if ($create_incident === true) {
);
} else if ($update_incident === true) {
// Call Integria IMS API method to update an incident.
$result_api_call = integria_api_call($config['integria_hostname'], $config['integria_user'], $config['integria_pass'], $config['integria_api_pass'], 'update_incident', [$incident_id_edit, $incident_title, $incident_content, '', $incident_group_id, $incident_criticity_id, 0, $incident_status, $incident_owner]);
$result_api_call = integria_api_call($config['integria_hostname'], $config['integria_user'], $config['integria_pass'], $config['integria_api_pass'], 'update_incident', [$incident_id_edit, $incident_title, $incident_content, '', $incident_group_id, $incident_criticity_id, 0, $incident_status, $incident_owner, 0, $incident_type]);
// Necessary to explicitly set true if not false because function returns api call result in case of success instead of true value.
$incident_updated_ok = ($result_api_call != false) ? true : false;
@ -146,7 +149,9 @@ $table->style[2] = 'width: 33%; padding-right: 100px; padding-left: 50px;';
$table->colspan[0][0] = 2;
$table->colspan[3][0] = 3;
$table->data[0][0] = '<div class="label_select"><p class="input_label">'.__('Title').':&nbsp'.ui_print_help_icon('response_macros', true).'</p>';
$help_macros = isset($_GET['from_event']) ? ui_print_help_icon('response_macros', true) : '';
$table->data[0][0] = '<div class="label_select"><p class="input_label">'.__('Title').':&nbsp'.$help_macros.'</p>';
$table->data[0][0] .= '<div class="label_select_parent">'.html_print_input_text(
'incident_title',
$update ? $incident_details[3] : $config['incident_title'],
@ -160,6 +165,8 @@ $table->data[0][0] .= '<div class="label_select_parent">'.html_print_input_text(
'w100p'
).'</div>';
$table->data[0][2] = html_print_image('images/integria_logo_gray.png', true, ['style' => 'width: 70%; float: right;'], false);
$table->data[1][0] = '<div class="label_select"><p class="input_label">'.__('Type').': </p>';
$table->data[1][0] .= '<div class="label_select_parent">'.html_print_select(
$integria_types_values,
@ -198,7 +205,7 @@ $table->data[1][1] .= '<div class="label_select_parent">'.html_print_select(
'group',
$update ? $incident_details[8] : $config['default_group'],
'',
__('Select'),
'',
0,
true,
false,
@ -212,6 +219,9 @@ $table->data[2][1] = '<div class="label_select"><p class="input_label">'.__('Cre
$table->data[2][1] .= '<div class="label_select_parent">'.html_print_autocomplete_users_from_integria(
'creator',
$update ? $incident_details[10] : $config['default_creator'],
true,
'30',
$update,
true
).'</div>';
@ -235,11 +245,11 @@ $table->data[2][2] = '<div class="label_select"><p class="input_label">'.__('Own
$table->data[2][2] .= '<div class="label_select_parent">'.html_print_autocomplete_users_from_integria(
'owner',
$update ? $incident_details[10] : $config['default_owner'],
$update ? $incident_details[5] : $config['default_owner'],
true
).'</div>';
$table->data[3][0] = '<div class="label_select"><p class="input_label">'.__('Description').':&nbsp'.ui_print_help_icon('response_macros', true).'</p>';
$table->data[3][0] = '<div class="label_select"><p class="input_label">'.__('Description').':&nbsp'.$help_macros.'</p>';
$table->data[3][0] .= '<div class="label_select_parent">'.html_print_textarea(
'incident_content',
3,
@ -249,241 +259,6 @@ $table->data[3][0] .= '<div class="label_select_parent">'.html_print_textarea(
true
).'</div>';
if ($update) {
// Here starts incident file management.
$upload_file = get_parameter('upload_file');
$delete_file_id = get_parameter('delete_file');
$download_file_id = get_parameter('download_file');
$download_file_name = get_parameter('download_file_name');
// Files section table.
$table_files_section = new stdClass();
$table_files_section->width = '100%';
$table_files_section->id = 'files_section_table';
$table_files_section->class = 'databox filters';
$table_files_section->head = [];
$table_files_section->data = [];
$table_files_section->size = [];
$table_files_section->colspan[2][0] = 3;
// Files list table.
$table_files = new stdClass();
$table_files->width = '100%';
$table_files->class = 'info_table';
$table_files->head = [];
$table_files->head[0] = __('Filename');
$table_files->head[1] = __('Timestamp');
$table_files->head[2] = __('Description');
$table_files->head[3] = __('User');
$table_files->head[4] = __('Size');
$table_files->head[5] = __('Delete');
$table_files->data = [];
// Upload file.
if (check_acl($config['id_user'], 0, 'IW') && $upload_file && ($_FILES['userfile']['name'] != '')) {
$filedescription = get_parameter('file_description', __('No description available'));
$filename = io_safe_input($_FILES['userfile']['name']);
$filesize = io_safe_input($_FILES['userfile']['size']);
$extension = pathinfo($filename, PATHINFO_EXTENSION);
$invalid_extensions = '/^(bat|exe|cmd|sh|php|php1|php2|php3|php4|php5|pl|cgi|386|dll|com|torrent|js|app|jar|iso|
pif|vb|vbscript|wsf|asp|cer|csr|jsp|drv|sys|ade|adp|bas|chm|cpl|crt|csh|fxp|hlp|hta|inf|ins|isp|jse|htaccess|
htpasswd|ksh|lnk|mdb|mde|mdt|mdw|msc|msi|msp|mst|ops|pcd|prg|reg|scr|sct|shb|shs|url|vbe|vbs|wsc|wsf|wsh)$/i';
if (!preg_match($invalid_extensions, $extension)) {
// The following is if you have clamavlib installed.
// (php5-clamavlib) and enabled in php.ini
// http://www.howtoforge.com/scan_viruses_with_php_clamavlib
if (extension_loaded('clamav')) {
cl_setlimits(5, 1000, 200, 0, 10485760);
$malware = cl_scanfile($_FILES['file']['tmp_name']);
if ($malware) {
$error = 'Malware detected: '.$malware.'<br>ClamAV version: '.clam_get_version();
die($error);
// On malware, we die because it's not good to handle it
}
}
$filecontent = base64_encode(file_get_contents($_FILES['userfile']['tmp_name']));
$result_api_call = integria_api_call($config['integria_hostname'], $config['integria_user'], $config['integria_pass'], $config['integria_api_pass'], 'attach_file', [$incident_id_edit, $filename, $filesize, $filedescription, $filecontent]);
// API method returns '0' string if success.
$file_added = ($result_api_call === '0') ? true : false;
ui_print_result_message(
$file_added,
__('File successfully added'),
__('File could not be added')
);
}
}
// Delete file.
if (isset($_GET['delete_file'])) {
$result_api_call = integria_api_call($config['integria_hostname'], $config['integria_user'], $config['integria_pass'], $config['integria_api_pass'], 'delete_file', [$delete_file_id]);
header('Location: index.php?sec=incident&sec2=operation/incidents/configure_integriaims_incident&incident_id='.$incident_id_edit);
}
// Download file.
if (isset($_GET['download_file'])) {
$file_base64 = integria_api_call($config['integria_hostname'], $config['integria_user'], $config['integria_pass'], $config['integria_api_pass'], 'download_file', [$download_file_id]);
ob_end_clean();
$decoded = base64_decode($file_base64);
file_put_contents($download_file_name, $decoded);
ob_end_clean();
if (file_exists($download_file_name)) {
header('Content-Description: File Transfer');
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename="'.basename($download_file_name).'"');
header('Expires: 0');
header('Cache-Control: must-revalidate');
header('Pragma: public');
header('Content-Length: '.filesize($download_file_name));
ob_end_clean();
readfile($download_file_name);
exit;
}
header('Location: index.php?sec=incident&sec2=operation/incidents/configure_integriaims_incident&incident_id='.$incident_id_edit);
}
// Retrieve files belonging to incident and create list table.
$result_api_call = integria_api_call($config['integria_hostname'], $config['integria_user'], $config['integria_pass'], $config['integria_api_pass'], 'get_incident_files', [$incident_id_edit]);
if ($result_api_call != false && strlen($result_api_call) > 0) {
$files = [];
$csv_array = explode("\n", $result_api_call);
foreach ($csv_array as $csv_line) {
if (!empty($csv_line)) {
$files[] = explode(',', $csv_line);
}
}
}
$i = 0;
foreach ($files as $key => $value) {
$table_files->data[$i][0] = '<a id="link_delete_file" href="'.ui_get_full_url('index.php?sec=incident&sec2=operation/incidents/configure_integriaims_incident&incident_id='.$incident_id_edit.'&download_file='.$value[0]).'&download_file_name='.$value[11].'">'.$value[11].'</a>';
$table_files->data[$i][1] = $value[14];
$table_files->data[$i][2] = $value[12];
$table_files->data[$i][3] = $value[8];
$table_files->data[$i][4] = $value[13];
$table_files->data[$i][5] .= '<a id="link_delete_file" href="'.ui_get_full_url('index.php?sec=incident&sec2=operation/incidents/configure_integriaims_incident&incident_id='.$incident_id_edit.'&delete_file='.$value[0]).'"
onClick="javascript:if (!confirm(\''.__('Are you sure?').'\')) return false;">';
$table_files->data[$i][5] .= html_print_image('images/cross.png', true, ['title' => __('Delete')]);
$table_files->data[$i][5] .= '</a>';
$i++;
}
$table_files_section->data[0][0] = '<div class="label_select"><p class="input_label">'.__('File name').':</p>';
$table_files_section->data[0][0] .= html_print_input_file('userfile', true);
$table_files_section->data[1][0] = '<div class="label_select"><p class="input_label">'.__('Description').':</p>';
$table_files_section->data[1][0] .= html_print_input_text(
'file_description',
'',
__('Description'),
50,
100,
true,
false
);
$table_files_section->data[2][0] .= '<div style="width: 100%; text-align:right;">'.html_print_submit_button(__('Upload'), 'accion', false, 'class="sub wand"', true).'</div>';
$upload_file_form = '<div><form method="post" id="file_control" enctype="multipart/form-data">'.'<h4>'.__('Add attachment').'</h4>'.html_print_table($table_files_section, true).html_print_input_hidden('upload_file', 1, true).'<h4>'.__('Attached files').'</h4>'.html_print_table($table_files, true).'</form></div>';
}
// Here starts incident comments management.
if ($update) {
$upload_comment = get_parameter('upload_comment');
$comment_description = get_parameter('comment_description');
// Comments section table.
$table_comments_section = new stdClass();
$table_comments_section->width = '100%';
$table_comments_section->id = 'files_section_table';
$table_comments_section->class = 'databox filters';
$table_comments_section->head = [];
$table_comments_section->data = [];
$table_comments_section->size = [];
// Comments list table.
$table_comments = new stdClass();
$table_comments->width = '100%';
$table_comments->class = 'info_table';
$table_comments->head = [];
$table_comments->head[0] = __('Filename');
$table_comments->head[1] = __('Timestamp');
$table_comments->head[2] = __('Description');
$table_comments->head[3] = __('User');
$table_comments->head[4] = __('Size');
$table_comments->head[5] = __('Delete');
$table_comments->data = [];
$table_comments_section->data[0][0] = '<div class="label_select"><p class="input_label">'.__('Description').':</p>';
$table_comments_section->data[0][0] .= html_print_textarea(
'comment_description',
3,
20,
'',
'',
true
);
$table_comments_section->data[1][1] .= '<div style="width: 100%; text-align:right;">'.html_print_submit_button(__('Add'), 'accion', false, 'class="sub wand"', true).'</div>';
// Upload comment.
if ($upload_comment) {
$result_api_call = integria_api_call($config['integria_hostname'], $config['integria_user'], $config['integria_pass'], $config['integria_api_pass'], 'create_workunit', [$incident_id_edit, $comment_description, '0.00', 'no', 'no', '0']);
// API method returns id of new comment if success.
$comment_added = ($result_api_call >= '0') ? true : false;
ui_print_result_message(
$comment_added,
__('Comment successfully added'),
__('Comment could not be added')
);
}
// Retrieve comments belonging to incident and create comments table.
$result_api_call = integria_api_call($config['integria_hostname'], $config['integria_user'], $config['integria_pass'], $config['integria_api_pass'], 'get_incident_workunits', [$incident_id_edit]);
if ($result_api_call != false && strlen($result_api_call) > 0) {
$comments = [];
$csv_array = explode("\n", $result_api_call);
foreach ($csv_array as $csv_line) {
if (!empty($csv_line)) {
$comments[] = explode(',', $csv_line);
}
}
}
$upload_comment_form = '';
foreach ($comments as $key => $value) {
$upload_comment_form .= '<div class="comment_title">'.$value[3].'<span>&nbspsaid&nbsp</span>'.$value[1].'<span style="float: right;">'.$value[2].'&nbspHours</span></div>';
$upload_comment_form .= '<div class="comment_body">'.$value[4].'</div>';
}
$upload_comment_form = '<div><form method="post" id="comment_form" enctype="multipart/form-data"><h4>'.__('Add comment').'</h4>'.html_print_table($table_comments_section, true).html_print_input_hidden('upload_comment', 1, true).'</form>'.'<h4>'.__('Comments').'</h4>'.$upload_comment_form.'</div>';
}
// Print forms and stuff.
echo '<form id="create_integria_incident_form" name="create_integria_incident_form" method="POST">';
html_print_table($table);
@ -494,34 +269,7 @@ if (!$update) {
html_print_input_hidden('update_incident', 1);
}
if ($update) {
echo '</form>';
echo '<div class="ui_toggle">';
ui_toggle(
$upload_file_form,
__('Attached files'),
'',
'',
true,
false,
'white_box white_box_opened',
'no-border flex'
);
echo '</div>';
echo '<div class="ui_toggle">';
ui_toggle(
$upload_comment_form,
__('Comments'),
'',
'',
true,
false,
'white_box white_box_opened',
'no-border flex'
);
echo '</div>';
}
echo '</form>';
echo '<div style="width: 100%; text-align:right;">';
if ($update) {

278
pandora_console/operation/incidents/dashboard_detail_integriaims_incident.php
View File

@ -18,7 +18,7 @@ require_once 'include/functions_integriaims.php';
check_login();
if (! check_acl($config['id_user'], 0, 'IR') && ! check_acl($config['id_user'], 0, 'IW') && ! check_acl($config['id_user'], 0, 'IM')) {
if (!(check_acl($config['id_user'], 0, 'IW') && check_acl($config['id_user'], 0, 'IR'))) {
// Doesn't have access to this page.
db_pandora_audit('ACL Violation', 'Trying to access IntegriaIMS ticket creation');
include 'general/noaccess.php';
@ -96,6 +96,254 @@ $priority_text = integriaims_get_details('priority', $priority);
$resolution_text = integriaims_get_details('resolution', $resolution);
$type_text = integriaims_get_details('type', $type);
if (check_acl($config['id_user'], 0, 'IW')) {
// Incident file management.
$upload_file = get_parameter('upload_file');
$delete_file_id = get_parameter('delete_file');
$download_file_id = get_parameter('download_file');
$download_file_name = get_parameter('download_file_name');
// Files section table.
$table_files_section = new stdClass();
$table_files_section->width = '100%';
$table_files_section->id = 'files_section_table';
$table_files_section->class = 'databox filters';
$table_files_section->head = [];
$table_files_section->data = [];
$table_files_section->size = [];
$table_files_section->colspan[2][0] = 3;
// Files list table.
$table_files = new stdClass();
$table_files->width = '100%';
$table_files->class = 'info_table';
$table_files->head = [];
$table_files->head[0] = __('Filename');
$table_files->head[1] = __('Timestamp');
$table_files->head[2] = __('Description');
$table_files->head[3] = __('User');
$table_files->head[4] = __('Size');
$table_files->head[5] = __('Delete');
$table_files->data = [];
// Upload file.
if ($upload_file && ($_FILES['userfile']['name'] != '')) {
$filedescription = get_parameter('file_description', __('No description available'));
$filename = io_safe_input($_FILES['userfile']['name']);
$filesize = io_safe_input($_FILES['userfile']['size']);
$extension = pathinfo($filename, PATHINFO_EXTENSION);
$invalid_extensions = '/^(bat|exe|cmd|sh|php|php1|php2|php3|php4|php5|pl|cgi|386|dll|com|torrent|js|app|jar|iso|
pif|vb|vbscript|wsf|asp|cer|csr|jsp|drv|sys|ade|adp|bas|chm|cpl|crt|csh|fxp|hlp|hta|inf|ins|isp|jse|htaccess|
htpasswd|ksh|lnk|mdb|mde|mdt|mdw|msc|msi|msp|mst|ops|pcd|prg|reg|scr|sct|shb|shs|url|vbe|vbs|wsc|wsf|wsh)$/i';
if (!preg_match($invalid_extensions, $extension)) {
// The following is if you have clamavlib installed.
// (php5-clamavlib) and enabled in php.ini
// http://www.howtoforge.com/scan_viruses_with_php_clamavlib
if (extension_loaded('clamav')) {
cl_setlimits(5, 1000, 200, 0, 10485760);
$malware = cl_scanfile($_FILES['file']['tmp_name']);
if ($malware) {
$error = 'Malware detected: '.$malware.'<br>ClamAV version: '.clam_get_version();
die($error);
// On malware, we die because it's not good to handle it
}
}
$filecontent = base64_encode(file_get_contents($_FILES['userfile']['tmp_name']));
$result_api_call = integria_api_call($config['integria_hostname'], $config['integria_user'], $config['integria_pass'], $config['integria_api_pass'], 'attach_file', [$incident_id, $filename, $filesize, $filedescription, $filecontent]);
// API method returns '0' string if success.
$file_added = ($result_api_call === '0') ? true : false;
ui_print_result_message(
$file_added,
__('File successfully added'),
__('File could not be added')
);
}
}
// Delete file.
if (isset($_GET['delete_file'])) {
$result_api_call = integria_api_call($config['integria_hostname'], $config['integria_user'], $config['integria_pass'], $config['integria_api_pass'], 'delete_file', [$delete_file_id]);
$file_deleted = false;
if ($result_api_call === '0') {
$file_deleted = true;
}
ui_print_result_message(
$file_deleted,
__('File successfully deleted'),
__('File could not be deleted')
);
}
// Download file.
if (isset($_GET['download_file'])) {
$file_base64 = integria_api_call($config['integria_hostname'], $config['integria_user'], $config['integria_pass'], $config['integria_api_pass'], 'download_file', [$download_file_id]);
ob_end_clean();
$decoded = base64_decode($file_base64);
file_put_contents($download_file_name, $decoded);
ob_end_clean();
if (file_exists($download_file_name)) {
header('Content-Description: File Transfer');
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename="'.basename($download_file_name).'"');
header('Expires: 0');
header('Cache-Control: must-revalidate');
header('Pragma: public');
header('Content-Length: '.filesize($download_file_name));
ob_end_clean();
readfile($download_file_name);
exit;
}
header('Location: index.php?sec=incident&sec2=operation/incidents/dashboard_detail_integriaims_incident&incident_id='.$incident_id);
}
// Retrieve files belonging to incident and create list table.
$result_api_call = integria_api_call($config['integria_hostname'], $config['integria_user'], $config['integria_pass'], $config['integria_api_pass'], 'get_incident_files', [$incident_id]);
if ($result_api_call != false && strlen($result_api_call) > 0) {
$files = [];
$csv_array = explode("\n", $result_api_call);
foreach ($csv_array as $csv_line) {
if (!empty($csv_line)) {
$files[] = explode(',', $csv_line);
}
}
}
$i = 0;
foreach ($files as $key => $value) {
$table_files->data[$i][0] = '<a id="link_delete_file" href="'.ui_get_full_url('index.php?sec=incident&sec2=operation/incidents/dashboard_detail_integriaims_incident&incident_id='.$incident_id.'&download_file='.$value[0]).'&download_file_name='.$value[11].'">'.$value[11].'</a>';
$table_files->data[$i][1] = $value[14];
$table_files->data[$i][2] = $value[12];
$table_files->data[$i][3] = $value[8];
$table_files->data[$i][4] = $value[13];
$table_files->data[$i][5] .= '<a id="link_delete_file" href="'.ui_get_full_url('index.php?sec=incident&sec2=operation/incidents/dashboard_detail_integriaims_incident&incident_id='.$incident_id.'&delete_file='.$value[0]).'"
onClick="javascript:if (!confirm(\''.__('Are you sure?').'\')) return false;">';
$table_files->data[$i][5] .= html_print_image('images/cross.png', true, ['title' => __('Delete')]);
$table_files->data[$i][5] .= '</a>';
$i++;
}
$table_files_section->data[0][0] = '<div class="label_select"><p class="input_label">'.__('File name').':</p>';
$table_files_section->data[0][0] .= html_print_input_file('userfile', true);
$table_files_section->data[1][0] = '<div class="label_select"><p class="input_label">'.__('Description').':</p>';
$table_files_section->data[1][0] .= html_print_input_text(
'file_description',
'',
__('Description'),
50,
100,
true,
false
);
$table_files_section->data[2][0] .= '<div style="width: 100%; text-align:right;">'.html_print_submit_button(__('Upload'), 'accion', false, 'class="sub wand"', true).'</div>';
$upload_file_form = '<div><form method="post" id="file_control" enctype="multipart/form-data">'.'<h4>'.__('Add attachment').'</h4>'.html_print_table($table_files_section, true).html_print_input_hidden('upload_file', 1, true).'<h4>'.__('Attached files').'</h4>'.html_print_table($table_files, true).'</form></div>';
// Incident comments management.
$upload_comment = get_parameter('upload_comment');
$comment_description = get_parameter('comment_description');
// Comments section table.
$table_comments_section = new stdClass();
$table_comments_section->width = '100%';
$table_comments_section->id = 'files_section_table';
$table_comments_section->class = 'databox filters';
$table_comments_section->head = [];
$table_comments_section->data = [];
$table_comments_section->size = [];
// Comments list table.
$table_comments = new stdClass();
$table_comments->width = '100%';
$table_comments->class = 'info_table';
$table_comments->head = [];
$table_comments->head[0] = __('Filename');
$table_comments->head[1] = __('Timestamp');
$table_comments->head[2] = __('Description');
$table_comments->head[3] = __('User');
$table_comments->head[4] = __('Size');
$table_comments->head[5] = __('Delete');
$table_comments->data = [];
$table_comments_section->data[0][0] = '<div class="label_select"><p class="input_label">'.__('Description').':</p>';
$table_comments_section->data[0][0] .= html_print_textarea(
'comment_description',
3,
20,
'',
'',
true
);
$table_comments_section->data[1][1] .= '<div style="width: 100%; text-align:right;">'.html_print_submit_button(__('Add'), 'accion', false, 'class="sub wand"', true).'</div>';
// Upload comment.
if ($upload_comment) {
$result_api_call = integria_api_call($config['integria_hostname'], $config['integria_user'], $config['integria_pass'], $config['integria_api_pass'], 'create_workunit', [$incident_id, $comment_description, '0.00', 'no', 'no', '0']);
// API method returns id of new comment if success.
$comment_added = ($result_api_call >= '0') ? true : false;
ui_print_result_message(
$comment_added,
__('Comment successfully added'),
__('Comment could not be added')
);
}
// Retrieve comments belonging to incident and create comments table.
$result_api_call = integria_api_call($config['integria_hostname'], $config['integria_user'], $config['integria_pass'], $config['integria_api_pass'], 'get_incident_workunits', [$incident_id]);
if ($result_api_call != false && strlen($result_api_call) > 0) {
$comments = [];
$csv_array = explode("\n", $result_api_call);
foreach ($csv_array as $csv_line) {
if (!empty($csv_line)) {
$comments[] = explode(',', $csv_line);
}
}
}
$upload_comment_form = '';
if (!empty($comments)) {
foreach ($comments as $key => $value) {
$upload_comment_form .= '<div class="comment_title">'.$value[3].'<span>&nbspsaid&nbsp</span>'.$value[1].'<span style="float: right;">'.$value[2].'&nbspHours</span></div>';
$upload_comment_form .= '<div class="comment_body">'.$value[4].'</div>';
}
} else {
$upload_comment_form = __('No comments found');
}
$upload_comment_form = '<div><form method="post" id="comment_form" enctype="multipart/form-data"><h4>'.__('Add comment').'</h4>'.html_print_table($table_comments_section, true).html_print_input_hidden('upload_comment', 1, true).'</form>'.'<h4>'.__('Comments').'</h4>'.$upload_comment_form.'</div>';
}
// Details box.
$details_box = '<div class="integriaims_details_box integriaims_details_box_five">';
@ -172,6 +420,34 @@ $description_box = '<div class="integria_details_description">'.html_print_texta
).'</div>';
ui_toggle($description_box, __('Description'), '', '', false);
if (check_acl($config['id_user'], 0, 'IW')) {
echo '<div class="ui_toggle">';
ui_toggle(
$upload_file_form,
__('Attached files'),
'',
'',
true,
false,
'white_box white_box_opened',
'no-border flex'
);
echo '</div>';
echo '<div class="ui_toggle">';
ui_toggle(
$upload_comment_form,
__('Comments'),
'',
'',
true,
false,
'white_box white_box_opened',
'no-border flex'
);
echo '</div>';
}
?>
<script type="text/javascript">
$(document).ready (function () {

16
pandora_console/pandoradb_data.sql
View File

@ -116,7 +116,21 @@ INSERT INTO `tconfig` (`token`, `value`) VALUES
('post_process_custom_values', '{"0.00000038580247":"Seconds&#x20;to&#x20;months","0.00000165343915":"Seconds&#x20;to&#x20;weeks","0.00001157407407":"Seconds&#x20;to&#x20;days","0.01666666666667":"Seconds&#x20;to&#x20;minutes","0.00000000093132":"Bytes&#x20;to&#x20;Gigabytes","0.00000095367432":"Bytes&#x20;to&#x20;Megabytes","0.0009765625":"Bytes&#x20;to&#x20;Kilobytes","0.00000001653439":"Timeticks&#x20;to&#x20;weeks","0.00000011574074":"Timeticks&#x20;to&#x20;days"}'),
('custom_docs_logo', 'default_docs.png'),
('custom_support_logo', 'default_support.png'),
('custom_logo_white_bg_preview', 'pandora_logo_head_white_bg.png');
('custom_logo_white_bg_preview', 'pandora_logo_head_white_bg.png'),
('integria_enabled', 0),
('integria_user', ''),
('integria_pass', ''),
('integria_hostname', ''),
('integria_api_pass', ''),
('integria_req_timeout', 5),
('default_group', ''),
('default_criticity', ''),
('default_creator', ''),
('default_owner', ''),
('incident_type', ''),
('incident_status', ''),
('incident_title', ''),
('incident_content', '');
UNLOCK TABLES;
--