tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

2010-08-18 Sancho Lerena <slerena@artica.es> 

* include/functions_io.php: safe_input() modified to detect SQL injection
    attacks using /**/ strings.

    * index.php: Prevent HTTP response splitting attacks.

    * pandora_console.spec: Updated some spec variables and description.

    * pandoradb.sql,
    extras/pandoradb_migrate_v3.1_to_v3.2.sql: Added a new field in trecon_task
    to store the snmp_community on detected hosts in a recon task.

    * extras/pandora_diag.php: Fixed security problem in relative path.

    * general/pandora_help.php, 
    general/footer.php: Fixed security problem in relative path/include.

    * general/login_page.php: Fixed security problem in URL parsing.

    * godmode/servers/manage_recontask_form.php, 
    manage_recontask.php: Implemented new feature to use a snmp comunity on all
    network modules added to a new detected host.

    * config_process.php: Updated build.

    * functions.php: New version of safe_url_extraclean() function (security fix)
    and modified also enterprise_include* functions to have a secure include.

    * functions_ui.php: Secured function get_include_contents().

    * operation/agentes/gis_view.php: Secured url extraction/parsing.



git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@3150 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
This commit is contained in:
slerena 2010-08-18 11:35:42 +00:00
parent c086cb42e9
commit 7a0fd1ae78
16 changed files with 103 additions and 163 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

149
pandora_console/ChangeLog
View File

@ -1,145 +1,42 @@
2010-08-18 Sergio Martin <sergio.martin@artica.es>
2010-08-18 Sancho Lerena <slerena@artica.es>
* godmode/agentes/module_manager_editor_network.php: changed the
spinning snmp walk image from png to gif
* include/functions_io.php: safe_input() modified to detect SQL injection
attacks using /**/ strings.
2010-08-17 Raúl Mateos <raulofpandora@gmail.com>
* index.php: Prevent HTTP response splitting attacks.
* extensions/agents_modules.php, extensions/module_groups.php: Use
"status" instead "state". Change the order of colours, to maintain
coherence with other pages. Few cosmetic and gramatical changes.
* pandora_console.spec: Updated some spec variables and description.
2010-08-17 Sergio Martin <sergio.martin@artica.es>
* pandoradb.sql,
extras/pandoradb_migrate_v3.1_to_v3.2.sql: Added a new field in trecon_task
to store the snmp_community on detected hosts in a recon task.
* godmode/agentes/massive_operations.php: Fixed the default tab
of the massive operations section
* extras/pandora_diag.php: Fixed security problem in relative path.
2010-08-17 Sergio Martin <sergio.martin@artica.es>
* general/pandora_help.php,
general/footer.php: Fixed security problem in relative path/include.
* godmode/agentes/massive_copy_modules.php
godmode/agentes/massive_add_alerts.php
godmode/agentes/massive_delete_agents.php
godmode/agentes/massive_config.php
godmode/agentes/massive_delete_action_alerts.php
godmode/agentes/massive_delete_alerts.php
godmode/agentes/massive_edit_modules.php
godmode/agentes/massive_operations.php
godmode/agentes/massive_delete_modules.php
godmode/agentes/massive_add_action_alerts.php: Restructured the
tabs of masive operations. Now there are only four tabs: module,
agents, alerts and the enterprise policy masive operations. All
the operations are now classified under this hierarchy
* general/login_page.php: Fixed security problem in URL parsing.
2010-08-17 Sergio Martin <sergio.martin@artica.es>
* godmode/servers/manage_recontask_form.php,
manage_recontask.php: Implemented new feature to use a snmp comunity on all
network modules added to a new detected host.
* extensions/agents_modules.php: Added an agent group filter into
the agents/modules matrix and increased the size of the header to
read more letters from the module names
* config_process.php: Updated build.
2010-08-13 Miguel de Dios <miguel.dedios@artica.es>
* include/functions.php: erased deprecate function "entrada_limpia" for to
use only the english named "safe_input".
* godmode/setup/links.php: replaced the deprecate function "entrada_limpia"
for the english named "safe_input".
* functions.php: New version of safe_url_extraclean() function (security fix)
and modified also enterprise_include* functions to have a secure include.
2010-08-13 Sergio Martin <sergio.martin@artica.es>
* functions_ui.php: Secured function get_include_contents().
* include/functions_visual_map.php: Added the alerts fired status
to the visual maps drawing an orange edge around the static graph icon
* operation/agentes/gis_view.php: Secured url extraction/parsing.
2010-08-13 Miguel de Dios <miguel.dedios@artica.es>
* include/functions_reporting.php: fixed the loop of alerts when Pandora
haven't alerts.
Fixes: #3044246
2010-08-10 Sancho Lerena <slerena@artica.es>
2010-08-13 Sergio Martin <sergio.martin@artica.es>
* include/config_process.php: Updated build and development version.
* operation/snmpconsole/snmp_view.php: Fixed the pagination
block filter in the SNMP console
* pandora_console.spec: Updated some texts and version.
2010-08-13 Sergio Martin <sergio.martin@artica.es>
* extensions/agents_modules.php: Aligned vertically the modules
paginatiomn arrows in the agents/modules matrix
2010-08-13 Sergio Martin <sergio.martin@artica.es>
* include/functions.php: Fixed a bug to generate the image
in string2image whenn the string contains a sharp (#)
2010-08-12 Sergio Martin <sergio.martin@artica.es>
* extensions/agents_modules.php: Change the status of the agents (the first
column colors) to the status of the agent, not the worst module
2010-08-12 Sergio Martin <sergio.martin@artica.es>
* extensions/agents_modules.php: Improved the agents/modules matrix in
visual way and converting the horizontal module names in vertical images
2010-08-12 Sergio Martin <sergio.martin@artica.es>
* include/functions.php: Added the function string2image to obtain an image
from a string with parameters like text color, background color, rotation degrees...
2010-08-12 Sergio Martin <sergio.martin@artica.es>
* include/functions_ui.php: Improved the function print_status_image
to allow an additional parameter for send it image options like
style, width...
2010-08-12 Ramon Novoa <rnovoa@artica.es>
* include/functions_alerts.php,
godmode/alerts/configure_alert_template.php: Added support for
unknown status alerts.
* pandoradb.sql, godmode/menu.php,
extras/pandoradb_migrate_v3.1_to_v3.2.sql: Added support for SNMP
filters.
* godmode/snmpconsole/snmp_filters.php: Added to repository. SNMP
filter editor.
* operation/snmpconsole/snmp_view.php: Fixed header placement.
2010-08-12 Sergio Martin <sergio.martin@artica.es>
* include/functions_html.php: Added the function html2rgb for
convert a color string from format #FFFFFF to RGB values
2010-08-12 Sergio Martin <sergio.martin@artica.es>
* godmode/agentes/massive_operations.php: Added the massive operation
to add snmp modules to an agent
2010-08-11 Sergio Martin <sergio.martin@artica.es>
* godmode/agentes/module_manager_editor.php: Changed the old way of
get a snmpwalk to use the new function get_snmpwalk
2010-08-11 Sergio Martin <sergio.martin@artica.es>
* include/functions.php: Changed the newst function added name
2010-08-11 Sergio Martin <sergio.martin@artica.es>
* include/functions.php: Added a function to call snmpwalk
functions setting the version, ip address, community...
2010-08-11 Junichi Satoh <junichi@rworks.jp>
* include/help/ja/help_network_map.php,
include/help/ja/help_autocreate_blacklist.php: Added new help files
in Japanese.
2010-08-10 Miguel de Dios <miguel.dedios@artica.es>
* ajax.php: cleaned source code.
* godmode/agentes/massive_operations.php: cleaned source code, and added
hook to enterprise massive operations tab.
2010-08-10 Sergio Martin <sergio.martin@artica.es>
* pandoradb.sql

4
pandora_console/extras/pandora_diag.php
View File

@ -63,6 +63,10 @@ full path to Pandora FMS 'config.php' file.
";
exit;
}
if (preg_match ('/[^a-zA-Z0-9_\/\.]|(\/\/)|(\.\.)/', $argv[1])) {
echo "Invalid path: $argv[1]. Always use absolute paths.";
exit;
}
include $argv[1]."/include/config.php";
} else {

2
pandora_console/extras/pandoradb_migrate_v3.1_to_v3.2.sql
View File

@ -91,3 +91,5 @@ CREATE TABLE IF NOT EXISTS `tsnmp_filter` (
ALTER TABLE `talert_templates` MODIFY COLUMN `type` ENUM ('regex', 'max_min', 'max', 'min', 'equal', 'not_equal', 'warning', 'critica
l', 'onchange', 'unknown');
ALTER TABLE trecon_task ADD `snmp_community` varchar(64) NOT NULL default 'public';

8
pandora_console/general/footer.php
View File

@ -20,12 +20,12 @@ if (isset($_SERVER['REQUEST_TIME'])) {
$time = get_system_time ();
}
$license_file = 'general/license/pandora_info_'.$config["language"].'.html';
if (! file_exists ($license_file)) {
$license_file = 'general/license/pandora_info_en.html';
$license_file = '/general/license/pandora_info_'.$config["language"].'.html';
if (! file_exists ($config["homedir"] . $license_file)) {
$license_file = '/general/license/pandora_info_en.html';
}
echo '<a class="white_bold" target="_blank" href="' . $license_file. '">';
echo '<a class="white_bold" target="_blank" href="' . $config["homeurl"] . $license_file. '">';
echo 'Pandora FMS '.$pandora_version.' - Build '.$build_version;
echo '</a><br />';
echo '<a class="white">'. __('Page generated at') . ' '. print_timestamp ($time, true, array ("prominent" => "timestamp")); //Always use timestamp here

2
pandora_console/general/login_page.php
View File

@ -16,7 +16,7 @@ $url = '?login=1';
//These variables come from index.php
if (!empty ($page) && !empty ($sec)) {
foreach ($_GET as $key => $value) {
$url .= '&amp;'.$key.'='.$value;
$url .= '&amp;'.safe_url_extraclean($key).'='.safe_url_extraclean($value);
}
}

10
pandora_console/general/pandora_help.php
View File

@ -24,10 +24,12 @@ echo '<body style="background-color: #fff;">';
$id = get_parameter ('id');
/* Possible file locations */
$files = array ($config["homedir"]."/include/help/".$config["language"]."/help_".$id.".php",
$config["homedir"].ENTERPRISE_DIR."/include/help/".$config["language"]."/help_".$id.".php",
$config["homedir"].ENTERPRISE_DIR."/include/help/en/help_".$id.".php",
$config["homedir"]."/include/help/en/help_".$id.".php");
$safe_language = safe_url_extraclean ($config["language"], "en");
$safe_id = safe_url_extraclean ($id, "");
$files = array ($config["homedir"]."/include/help/".$safe_language."/help_".$safe_id.".php",
$config["homedir"].ENTERPRISE_DIR."/include/help/".$safe_language."/help_".$safe_id.".php",
$config["homedir"].ENTERPRISE_DIR."/include/help/en/help_".$safe_id.".php",
$config["homedir"]."/include/help/en/help_".$safe_id.".php");
$help_file = '';
foreach ($files as $file) {
if (file_exists ($file)) {

9
pandora_console/godmode/servers/manage_recontask.php
View File

@ -57,6 +57,7 @@ if ((isset ($_GET["update"])) OR ((isset ($_GET["create"])))) {
$id_network_profile = get_parameter_post ("id_network_profile");
$recon_ports = get_parameter_post ("recon_ports", "");
$id_os = get_parameter_post ("id_os", 10);
$snmp_community = get_parameter_post ("snmp_community", "public");
}
// --------------------------------
@ -64,9 +65,7 @@ if ((isset ($_GET["update"])) OR ((isset ($_GET["create"])))) {
// --------------------------------
if (isset($_GET["update"])) {
$id = get_parameter_get ("update");
$sql = sprintf ("UPDATE trecon_task SET id_os = %d, name = '%s', subnet = '%s',
description = '%s', id_recon_server = %d, create_incident = %b, id_group = %d, interval_sweep = %u,
id_network_profile = %d, recon_ports = '%s' WHERE id_rt = %u",$id_os,$name,$network,$description,$id_recon_server,$create_incident,$id_group,$interval,$id_network_profile,$recon_ports, $id);
$sql = sprintf ("UPDATE trecon_task SET snmp_community = '%s', id_os = %d, name = '%s', subnet = '%s', description = '%s', id_recon_server = %d, create_incident = %b, id_group = %d, interval_sweep = %u, id_network_profile = %d, recon_ports = '%s' WHERE id_rt = %u",$snmp_community, $id_os,$name,$network,$description,$id_recon_server,$create_incident,$id_group,$interval,$id_network_profile,$recon_ports, $id);
if($name != "" && preg_match("/[0-9]+.+[0-9]+.+[0-9]+.+[0-9]+\/+[0-9]/", $network))
$result = process_sql ($sql);
@ -85,8 +84,8 @@ if (isset($_GET["update"])) {
// --------------------------------
if (isset($_GET["create"])) {
$sql = sprintf ("INSERT INTO trecon_task
(name, subnet, description, id_recon_server, create_incident, id_group, id_network_profile, interval_sweep, id_os, recon_ports)
VALUES ( '%s', '%s', '%s', %u, %b, %d, %d, %u, %d, '%s')",$name,$network,$description,$id_recon_server,$create_incident,$id_group,$id_network_profile,$interval,$id_os, $recon_ports);
(name, subnet, description, id_recon_server, create_incident, id_group, id_network_profile, interval_sweep, id_os, recon_ports, snmp_community)
VALUES ( '%s', '%s', '%s', %u, %b, %d, %d, %u, %d, '%s', '%s')",$name,$network,$description,$id_recon_server,$create_incident,$id_group,$id_network_profile,$interval,$id_os, $recon_ports, $snmp_community);
if($name != "" && preg_match("/[0-9]+.+[0-9]+.+[0-9]+.+[0-9]+\/+[0-9]/", $network))
$result = process_sql ($sql);

12
pandora_console/godmode/servers/manage_recontask_form.php
View File

@ -39,6 +39,7 @@ if (isset ($_GET["update"])) { // Edit mode
$id_network_profile = $row["id_network_profile"];
$id_os = $row["id_os"];
$recon_ports = $row["recon_ports"];
$snmp_community = $row["snmp_community"];
} elseif (isset ($_GET["create"])) {
$id_rt = -1;
$name = "";
@ -48,6 +49,7 @@ if (isset ($_GET["update"])) { // Edit mode
$interval = 43200;
$id_group = 0;
$create_incident = 1;
$snmp_community = "public";
$id_network_profile = 1;
$id_os = -1; // Any
$recon_ports = ""; // Any
@ -116,9 +118,15 @@ $table->data[8][0] = "<b>".__('Incident');
$table->data[8][1] = print_select ($values, "create_incident", $create_incident,
'','','',true);
// SNMP default community
$table->data[9][0] = "<b>".__('SNMP Default community');
$table->data[9][1] = print_input_text ('snmp_community', $snmp_community, '', 35, 0, true);
// Comments
$table->data[9][0] = "<b>".__('Comments');
$table->data[9][1] = print_input_text ('description', $description, '', 45, 0, true);
$table->data[10][0] = "<b>".__('Comments');
$table->data[10][1] = print_input_text ('description', $description, '', 45, 0, true);
// Different Form url if it's a create or if it's a update form

4
pandora_console/include/config_process.php
View File

@ -22,8 +22,8 @@
/**
* Pandora build version and version
*/
$build_version = 'PC100608';
$pandora_version = 'v3.1';
$build_version = 'PC100810';
$pandora_version = 'v3.2dev';
/* Help to debug problems. Override global PHP configuration */
if (!isset($develop_bypass)) $develop_bypass = 0;

28
pandora_console/include/functions.php
View File

@ -77,22 +77,21 @@ function output_clean_strict ($string) {
* TODO: Make this multibyte safe (I don't know if there is an attack vector there)
*
* @param string String to clean
* @param default_string String that will be returned if invalid characters are found.
*
* @return string Cleaned string
*/
function safe_url_extraclean ($string) {
/* Clean "://" from the strings
See: http://seclists.org/lists/incidents/2004/Jul/0034.html
*/
$pos = strpos ($string, "://");
if ($pos != 0) {
//Strip the string from (protocol[://] to protocol[://] + 125 chars)
$string = substr ($string, $pos + 3, $pos + 128);
} else {
$string = substr ($string, 0, 125);
}
function safe_url_extraclean ($string, $default_string = '') {
/* Strip the string to 125 characters */
return preg_replace ('/[^a-z0-9_\/\.]/i', '', $string);
$string = substr ($string, 0, 125);
/* Search for unwanted characters */
if (preg_match ('/[^a-zA-Z0-9_\/\.]|(\/\/)|(\.\.)/', $string)) {
return $default_string;
}
return $string;
}
/**
@ -862,6 +861,9 @@ function enterprise_include ($filename) {
$filepath = realpath ($config["homedir"].'/'.ENTERPRISE_DIR.'/'.$filename);
if ($filepath === false)
return ENTERPRISE_NOT_HOOK;
if (strncmp ($config["homedir"], $filepath, strlen ($config["homedir"])) != 0){
return ENTERPRISE_NOT_HOOK;
}
if (file_exists ($filepath)) {
include ($filepath);
return true;
@ -875,6 +877,8 @@ function enterprise_include_once ($filename) {
$filepath = realpath ($config["homedir"].'/'.ENTERPRISE_DIR.'/'.$filename);
if ($filepath === false)
return ENTERPRISE_NOT_HOOK;
if (strncmp ($config["homedir"], $filepath, strlen ($config["homedir"])) != 0)
return ENTERPRISE_NOT_HOOK;
if (file_exists ($filepath)) {
require_once ($filepath);
return true;

7
pandora_console/include/functions_io.php
View File

@ -32,7 +32,12 @@ function safe_input($value) {
//Replace the character '\' for the equivalent html entitie
$valueHtmlEncode = str_replace('\\', "&#92;", $valueHtmlEncode);
// First attempt to avoid SQL Injection based on SQL comments
// Specific for MySQL.
$valueHtmlEncode = str_replace('/*', "&#47;&#42;", $valueHtmlEncode);
$valueHtmlEncode = str_replace('*/', "&#42;&#47;", $valueHtmlEncode);
return $valueHtmlEncode;
}

7
pandora_console/include/functions_ui.php
View File

@ -1286,12 +1286,19 @@ function print_ui_agents_list ($options = false, $filter = false, $return = fals
* could not be included.
*/
function get_include_contents ($filename, $params = false) {
global $config;
ob_start ();
if (is_array ($params)) {
extract ($params);
}
$filename = realpath ($filename);
if (strncmp ($config["homedir"], $filename, strlen ($config["homedir"])) != 0) {
return false;
}
$result = include ($filename);
if ($result === false) {
ob_end_clean ();

7
pandora_console/index.php
View File

@ -86,6 +86,11 @@ if (!empty ($config["https"]) && empty ($_SERVER['HTTPS'])) {
foreach ($_POST as $key => $value) {
$query .= '&'.$key.'='.$value;
}
// Prevent HTTP response splitting attacks
// http://en.wikipedia.org/wiki/HTTP_response_splitting
$query = str_replace ("\n", "", $query);
header ('Location: '.$query);
exit; //Always exit after sending location headers
}
@ -138,7 +143,7 @@ if (! isset ($config['id_user']) && isset ($_GET["loginhash"])) {
$loginhash_data = get_parameter("loginhash_data", "");
$loginhash_user = get_parameter("loginhash_user", "");
if ($loginhash_data == md5($loginhash_user.$config["loginhash_pwd"])) {
if ($config["loginhash_pwd"] != "" && $loginhash_data == md5($loginhash_user.$config["loginhash_pwd"])) {
logon_db ($loginhash_user, $_SERVER['REMOTE_ADDR']);
$_SESSION['id_usuario'] = $loginhash_user;
$config["id_user"] = $loginhash_user;

8
pandora_console/operation/agentes/gis_view.php
View File

@ -35,6 +35,12 @@ $agentId = get_parameter('id_agente');
$agent_name = get_agent_name($agentId);
$agentData = getDataLastPositionAgent($id_agente);
$url = '';
//These variables come from index.php
foreach ($_GET as $key => $value) {
$url .= '&amp;'.safe_url_extraclean($key).'='.safe_url_extraclean($value);
}
echo "<div style='margin-bottom: 30px;'></div>";
/* Map with the current position */
@ -72,7 +78,7 @@ if ($dataLastPosition !== false) {
$dataLastPosition['stored_longitude'] . ", " . $dataLastPosition['stored_latitude'] . ", " . $dataLastPosition['stored_altitude'];
}
echo "<br />";
echo "<form action='index.php?" . $_SERVER['QUERY_STRING'] . "' method='POST'>";
echo "<form action='index.php?" . $url . "' method='POST'>";
echo __("Period to show data as path") . ": ";
print_extended_select_for_time ($intervals, 'period', $period, '', '', '0', 10);
echo __(" seconds.") . "&nbsp;";

8
pandora_console/pandora_console.spec
View File

@ -2,7 +2,7 @@
# Pandora FMS Console
#
%define name pandorafms_console
%define version 3.1
%define version 3.2
%define release 1
%define httpd_name httpd
# User and Group under which Apache is running
@ -22,7 +22,7 @@ Vendor: Artica ST <info@artica.es>
Source0: %{name}-%{version}.tar.gz
URL: http://www.pandorafms.com
Group: Productivity/Networking/Web/Utilities
Packager: Manuel Arostegui <manuel@todo-linux.com>
Packager: Sancho Lerena <slerena@artica.es>
Prefix: /srv/www/htdocs
BuildRoot: %{_tmppath}/%{name}
BuildArchitectures: noarch
@ -30,13 +30,13 @@ AutoReq: 0
Requires: apache2
Requires: php >= 4.3.0
Requires: php5-gd, php5-snmp, php5-pear, php5-json, php5-gettext
Requires: php5-mysql, php5-ldap, php5-mbstring, php5
Requires: php5-mysql, php5-ldap, php5-mbstring, php5
Requires: graphviz, xorg-x11-fonts-core
Requires: php5-pear-db, php-pear-xml_rpc
Provides: %{name}-%{version}
%description
The Web Console is a web application that allows to see graphical reports, state of every agent, also to access to the information sent by the agent, to see every monitored parameter and to see its evolution throughout the time, to form the different nodes, groups and users of the system. It is the part that interacts with the final user, and that will allows you to administer the system.
Pandora FMS Console is a web application to manage Pandora FMS. Console allows to see graphical reports, state of every agent, also to access to the information sent by the agent, to see every monitored parameter and to see its evolution throughout the time, to form the different nodes, groups and users of the system. It is the part that interacts with the final user, and that will allows you to administer the system.
%prep
rm -rf $RPM_BUILD_ROOT

1
pandora_console/pandoradb.sql
View File

@ -594,6 +594,7 @@ CREATE TABLE IF NOT EXISTS `trecon_task` (
`id_recon_server` int(10) unsigned NOT NULL default '0',
`id_os` tinyint(4) NOT NULL default '0',
`recon_ports` varchar(250) NOT NULL default '',
`snmp_community` varchar(64) NOT NULL default 'public',
PRIMARY KEY (`id_rt`),
KEY `recon_task_daemon` (`id_recon_server`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;