From b2ef0e336208ab51d35b61ec5f079d3f694679d2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Gonz=C3=A1lez?= Date: Tue, 3 May 2022 11:24:43 +0200 Subject: [PATCH 1/2] Added controls for avoid undefined vars --- pandora_server/lib/PandoraFMS/PluginTools.pm | 140 ++++++++++--------- 1 file changed, 76 insertions(+), 64 deletions(-) diff --git a/pandora_server/lib/PandoraFMS/PluginTools.pm b/pandora_server/lib/PandoraFMS/PluginTools.pm index b3d9ddbd3f..a7df76abf3 100644 --- a/pandora_server/lib/PandoraFMS/PluginTools.pm +++ b/pandora_server/lib/PandoraFMS/PluginTools.pm @@ -2206,73 +2206,85 @@ sub snmp_get { 'error' => 'snmpwalk not found' }; } - - $snmp->{extra} = '' unless defined $snmp->{extra}; - if ( defined ($snmp->{version} ) - && (($snmp->{version} eq "1") - || ($snmp->{version} eq "2") - || ($snmp->{version} eq "2c"))) { - - if (defined $snmp->{port}){ - $cmd = "snmpget -r $retries -t $timeout $snmp->{extra} -On -v $snmp->{version} -c $snmp->{community} $snmp->{host}:$snmp->{port} $snmp->{oid}"; - } - else { - $cmd = "snmpget -r $retries -t $timeout $snmp->{extra} -On -v $snmp->{version} -c $snmp->{community} $snmp->{host} $snmp->{oid}"; - } - - } - elsif ( defined ($snmp->{version} ) - && ($snmp->{version} eq "3") ) { # SNMP v3 - # Authentication required - - # $securityLevel = (noAuthNoPriv|authNoPriv|authPriv); - - # unauthenticated request - # Ex. snmpget -r $retries -t $timeout $snmp->{extra} -On -v 3 -n "" -u noAuthUser -l noAuthNoPriv test.net-snmp.org sysUpTime - - # authenticated request - # Ex. snmpget -r $retries -t $timeout $snmp->{extra} -On -v 3 -n "" -u MD5User -a MD5 -A "The Net-SNMP Demo Password" -l authNoPriv test.net-snmp.org sysUpTime - - # authenticated and encrypted request - # Ex. snmpget -r $retries -t $timeout $snmp->{extra} -On -v 3 -n "" -u MD5DESUser -a MD5 -A "The Net-SNMP Demo Password" -x DES -X "The Net-SNMP Demo Password" -l authPriv test.net-snmp.org system - - if ($snmp->{securityLevel} =~ /^noAuthNoPriv$/i){ - # Unauthenticated request - - if (defined $snmp->{port}){ - $cmd = "snmpget -r $retries -t $timeout $snmp->{extra} -On -v $snmp->{version} -n \"$snmp->{context}\" -l $snmp->{securityLevel} $snmp->{host}:$snmp->{port} $snmp->{oid}"; - } - else { - $cmd = "snmpget -r $retries -t $timeout $snmp->{extra} -On -v $snmp->{version} -n \"$snmp->{context}\" -l $snmp->{securityLevel} $snmp->{host} $snmp->{oid}"; - } - } - elsif ($snmp->{securityLevel} =~ /^authNoPriv$/i){ - # Authenticated request - - if (defined $snmp->{port}){ - $cmd = "snmpget -r $retries -t $timeout $snmp->{extra} -On -v $snmp->{version} -n \"$snmp->{context}\" -u $snmp->{securityName} -a $snmp->{authProtocol} -A $snmp->{authKey} -l $snmp->{securityLevel} $snmp->{host}:$snmp->{port} $snmp->{oid}"; - } - else { - $cmd = "snmpget -r $retries -t $timeout $snmp->{extra} -On -v $snmp->{version} -n \"$snmp->{context}\" -u $snmp->{securityName} -a $snmp->{authProtocol} -A $snmp->{authKey} -l $snmp->{securityLevel} $snmp->{host} $snmp->{oid}"; - } - } - elsif ($snmp->{securityLevel} =~ /^authPriv$/i){ - # Authenticated and encrypted request - - if (defined $snmp->{port}){ - $cmd = "snmpget -r $retries -t $timeout $snmp->{extra} -On -v $snmp->{version} -n \"$snmp->{context}\" -u $snmp->{securityName} -l $snmp->{securityLevel} -a $snmp->{authProtocol} -A $snmp->{authKey} -x $snmp->{privProtocol} -X $snmp->{privKey} $snmp->{host}:$snmp->{port} $snmp->{oid}"; - } - else { - $cmd = "snmpget -r $retries -t $timeout $snmp->{extra} -On -v $snmp->{version} -n \"$snmp->{context}\" -u $snmp->{securityName} -l $snmp->{securityLevel} -a $snmp->{authProtocol} -A $snmp->{authKey} -x $snmp->{privProtocol} -X $snmp->{privKey} $snmp->{host} $snmp->{oid}"; - } - } - } - else { + if (!defined $snmp->{version}) { return { - error => "Only SNMP 1 2 2c and 3 are supported." + 'error' => "Only SNMP 1 2 2c and 3 are supported." + }; + } else { + $snmp->{extra} = '' unless defined $snmp->{extra}; + $snmp->{context} = '' unless defined $snmp->{context}; + $snmp->{community} = 'public' unless defined $snmp->{community}; + + if (($snmp->{version} eq "1") + || ($snmp->{version} eq "2") + || ($snmp->{version} eq "2c")) { + + if (defined $snmp->{port}){ + $cmd = "snmpget -r $retries -t $timeout $snmp->{extra} -On -v $snmp->{version} -c $snmp->{community} $snmp->{host}:$snmp->{port} $snmp->{oid}"; + } + else { + $cmd = "snmpget -r $retries -t $timeout $snmp->{extra} -On -v $snmp->{version} -c $snmp->{community} $snmp->{host} $snmp->{oid}"; + } + + } + elsif ( defined ($snmp->{version} ) + && ($snmp->{version} eq "3") ) { + + $snmp->{securityLevel} = '' unless defined $snmp->{securityLevel}; + + # SNMP v3 + # Authentication required + + # $securityLevel = (noAuthNoPriv|authNoPriv|authPriv); + + # unauthenticated request + # Ex. snmpget -r $retries -t $timeout $snmp->{extra} -On -v 3 -n "" -u noAuthUser -l noAuthNoPriv test.net-snmp.org sysUpTime + + # authenticated request + # Ex. snmpget -r $retries -t $timeout $snmp->{extra} -On -v 3 -n "" -u MD5User -a MD5 -A "The Net-SNMP Demo Password" -l authNoPriv test.net-snmp.org sysUpTime + + # authenticated and encrypted request + # Ex. snmpget -r $retries -t $timeout $snmp->{extra} -On -v 3 -n "" -u MD5DESUser -a MD5 -A "The Net-SNMP Demo Password" -x DES -X "The Net-SNMP Demo Password" -l authPriv test.net-snmp.org system + + if ($snmp->{securityLevel} =~ /^noAuthNoPriv$/i){ + # Unauthenticated request + + if (defined $snmp->{port}){ + $cmd = "snmpget -r $retries -t $timeout $snmp->{extra} -On -v $snmp->{version} -n \"$snmp->{context}\" -l $snmp->{securityLevel} $snmp->{host}:$snmp->{port} $snmp->{oid}"; + } + else { + $cmd = "snmpget -r $retries -t $timeout $snmp->{extra} -On -v $snmp->{version} -n \"$snmp->{context}\" -l $snmp->{securityLevel} $snmp->{host} $snmp->{oid}"; + } + } + elsif ($snmp->{securityLevel} =~ /^authNoPriv$/i){ + # Authenticated request + + if (defined $snmp->{port}){ + $cmd = "snmpget -r $retries -t $timeout $snmp->{extra} -On -v $snmp->{version} -n \"$snmp->{context}\" -u $snmp->{securityName} -a $snmp->{authProtocol} -A $snmp->{authKey} -l $snmp->{securityLevel} $snmp->{host}:$snmp->{port} $snmp->{oid}"; + } + else { + $cmd = "snmpget -r $retries -t $timeout $snmp->{extra} -On -v $snmp->{version} -n \"$snmp->{context}\" -u $snmp->{securityName} -a $snmp->{authProtocol} -A $snmp->{authKey} -l $snmp->{securityLevel} $snmp->{host} $snmp->{oid}"; + } + } + elsif ($snmp->{securityLevel} =~ /^authPriv$/i){ + # Authenticated and encrypted request + + if (defined $snmp->{port}){ + $cmd = "snmpget -r $retries -t $timeout $snmp->{extra} -On -v $snmp->{version} -n \"$snmp->{context}\" -u $snmp->{securityName} -l $snmp->{securityLevel} -a $snmp->{authProtocol} -A $snmp->{authKey} -x $snmp->{privProtocol} -X $snmp->{privKey} $snmp->{host}:$snmp->{port} $snmp->{oid}"; + } + else { + $cmd = "snmpget -r $retries -t $timeout $snmp->{extra} -On -v $snmp->{version} -n \"$snmp->{context}\" -u $snmp->{securityName} -l $snmp->{securityLevel} -a $snmp->{authProtocol} -A $snmp->{authKey} -x $snmp->{privProtocol} -X $snmp->{privKey} $snmp->{host} $snmp->{oid}"; + } + } + else { + return { + 'error' => "Security Level not defined." + }; + } } } + #print STDERR "Launched: $cmd\n"; my $result = `$cmd`; if ($? != 0) { @@ -2293,7 +2305,7 @@ sub snmp_data_switcher { my $pure_data = trim($st_data[1]) or undef; $data{data} = $pure_data; - + if ( uc($st_data[0]) eq uc("INTEGER")) { $data{type} = "generic_data"; } From ec5e5058801fc70fb498fe10552d48fd2ce67e2f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Gonz=C3=A1lez?= Date: Tue, 3 May 2022 11:28:13 +0200 Subject: [PATCH 2/2] Added controls for avoid undefined vars --- pandora_server/lib/PandoraFMS/PluginTools.pm | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/pandora_server/lib/PandoraFMS/PluginTools.pm b/pandora_server/lib/PandoraFMS/PluginTools.pm index a7df76abf3..5ce5142a5d 100644 --- a/pandora_server/lib/PandoraFMS/PluginTools.pm +++ b/pandora_server/lib/PandoraFMS/PluginTools.pm @@ -2211,6 +2211,14 @@ sub snmp_get { return { 'error' => "Only SNMP 1 2 2c and 3 are supported." }; + } elsif (!defined $snmp->{host}) { + return { + 'error' => "Destination host must be defined." + }; + } elsif (!defined $snmp->{oid}) { + return { + 'error' => "OID must be defined" + }; } else { $snmp->{extra} = '' unless defined $snmp->{extra}; $snmp->{context} = '' unless defined $snmp->{context};