diff --git a/pandora_server/ChangeLog b/pandora_server/ChangeLog index 31efdfefb9..a25930c623 100644 --- a/pandora_server/ChangeLog +++ b/pandora_server/ChangeLog @@ -1,3 +1,13 @@ +2010-11-02 Sergio Martin + + * lib/PandoraFMS/DB.pm + lib/PandoraFMS/Core.pm + lib/PandoraFMS/ReconServer.pm + lib/PandoraFMS/DataServer.pm + lib/PandoraFMS/Tools.pm: Fixed insert db operations + in server to store the html entities. This improves + fix bug 3096436 + 2010-11-02 Sergio Martin * util/recon_scripts/snmpdevices.pl: Fixed a missed typo diff --git a/pandora_server/lib/PandoraFMS/Core.pm b/pandora_server/lib/PandoraFMS/Core.pm index 8bb3a8971e..cebb25521b 100644 --- a/pandora_server/lib/PandoraFMS/Core.pm +++ b/pandora_server/lib/PandoraFMS/Core.pm @@ -1090,7 +1090,7 @@ sub pandora_create_module ($$$$$$$$$$) { $post_process = 0 if ($post_process eq ''); my $module_id = db_insert($dbh, 'INSERT INTO tagente_modulo (`id_agente`, `id_tipo_modulo`, `nombre`, `max`, `min`, `post_process`, `descripcion`, `module_interval`, `id_modulo`) - VALUES (?, ?, ?, ?, ?, ?, ?, ?, 1)', $agent_id, $module_type_id, $module_name, $max, $min, $post_process, $description, $interval); + VALUES (?, ?, ?, ?, ?, ?, ?, ?, 1)', $agent_id, $module_type_id, safe_input($module_name), $max, $min, $post_process, $description, $interval); db_do ($dbh, 'INSERT INTO tagente_estado (`id_agente_modulo`, `id_agente`, `last_try`) VALUES (?, ?, \'0000-00-00 00:00:00\')', $module_id, $agent_id); return $module_id; } @@ -1134,12 +1134,12 @@ sub pandora_create_agent ($$$$$$$$$$;$$$$$) { # Test if the optional positional parameters are defined or GIS is disabled if (!defined ($timezone_offset) ) { $agent_id = db_insert ($dbh, 'INSERT INTO tagente (`nombre`, `direccion`, `comentarios`, `id_grupo`, `id_os`, `server_name`, `intervalo`, `id_parent`, `modo`) - VALUES (?, ?, ?, ?, ?, ?, ?, ?, 1)', $agent_name, $address, $description, $group_id, $os_id, $server_name, $interval, $parent_id); + VALUES (?, ?, ?, ?, ?, ?, ?, ?, 1)', safe_input($agent_name), $address, $description, $group_id, $os_id, safe_input($server_name), $interval, $parent_id); } else { $agent_id = db_insert ($dbh, 'INSERT INTO tagente (`nombre`, `direccion`, `comentarios`, `id_grupo`, `id_os`, `server_name`, `intervalo`, `id_parent`, - `timezone_offset`, `modo` ) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, 1)', $agent_name, $address, - $description, $group_id, $os_id, $server_name, $interval, $parent_id, $timezone_offset); + `timezone_offset`, `modo` ) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, 1)', safe_input($agent_name), $address, + $description, $group_id, $os_id, safe_input($server_name), $interval, $parent_id, $timezone_offset); } if (defined ($longitude) && defined ($latitude ) && $pa_config->{'activate_gis'} == 1 ) { if (!defined($altitude)) { diff --git a/pandora_server/lib/PandoraFMS/DB.pm b/pandora_server/lib/PandoraFMS/DB.pm index 258ee178c8..0a2621eaa2 100644 --- a/pandora_server/lib/PandoraFMS/DB.pm +++ b/pandora_server/lib/PandoraFMS/DB.pm @@ -20,6 +20,7 @@ package PandoraFMS::DB; use strict; use warnings; use DBI; +use PandoraFMS::Tools; require Exporter; @@ -101,7 +102,7 @@ sub get_action_id ($$) { sub get_agent_id ($$) { my ($dbh, $agent_name) = @_; - my $rc = get_db_value ($dbh, "SELECT id_agente FROM tagente WHERE nombre = ? OR direccion = ?", $agent_name, $agent_name); + my $rc = get_db_value ($dbh, "SELECT id_agente FROM tagente WHERE nombre = ? OR direccion = ?", safe_input($agent_name), $agent_name); return defined ($rc) ? $rc : -1; } @@ -113,7 +114,7 @@ sub get_server_id ($$$) { my $rc = get_db_value ($dbh, "SELECT id_server FROM tserver WHERE name = ? AND server_type = ?", - $server_name, $server_type); + safe_input($server_name), $server_type); return defined ($rc) ? $rc : -1; } @@ -123,7 +124,7 @@ sub get_server_id ($$$) { sub get_group_id ($$) { my ($dbh, $group_name) = @_; - my $rc = get_db_value ($dbh, "SELECT id_grupo FROM tgrupo WHERE nombre = ?", $group_name); + my $rc = get_db_value ($dbh, "SELECT id_grupo FROM tgrupo WHERE nombre = ?", safe_input($group_name)); return defined ($rc) ? $rc : -1; } @@ -163,7 +164,7 @@ sub get_module_name ($$) { sub get_agent_module_id ($$$) { my ($dbh, $module_name, $agent_id) = @_; - my $rc = get_db_value ($dbh, "SELECT id_agente_modulo FROM tagente_modulo WHERE nombre = ? AND id_agente = ?", $module_name, $agent_id); + my $rc = get_db_value ($dbh, "SELECT id_agente_modulo FROM tagente_modulo WHERE nombre = ? AND id_agente = ?", safe_input($module_name), $agent_id); return defined ($rc) ? $rc : -1; } @@ -173,7 +174,7 @@ sub get_agent_module_id ($$$) { sub get_template_id ($$) { my ($dbh, $template_name) = @_; - my $rc = get_db_value ($dbh, "SELECT id FROM talert_templates WHERE name = ?", $template_name); + my $rc = get_db_value ($dbh, "SELECT id FROM talert_templates WHERE name = ?", safe_input($template_name)); return defined ($rc) ? $rc : -1; } @@ -202,7 +203,7 @@ sub is_group_disabled ($$) { sub get_module_id ($$) { my ($dbh, $module_name) = @_; - my $rc = get_db_value ($dbh, "SELECT id_tipo FROM ttipo_modulo WHERE nombre = ?", $module_name); + my $rc = get_db_value ($dbh, "SELECT id_tipo FROM ttipo_modulo WHERE nombre = ?", safe_input($module_name)); return defined ($rc) ? $rc : -1; } @@ -212,7 +213,7 @@ sub get_module_id ($$) { sub get_plugin_id ($$) { my ($dbh, $plugin_name) = @_; - my $rc = get_db_value ($dbh, "SELECT id FROM tplugin WHERE name = ?", $plugin_name); + my $rc = get_db_value ($dbh, "SELECT id FROM tplugin WHERE name = ?", safe_input($plugin_name)); return defined ($rc) ? $rc : -1; } @@ -226,7 +227,7 @@ sub get_module_group_id ($$) { return 0; } - my $rc = get_db_value ($dbh, "SELECT id_mg FROM tmodule_group WHERE name = ?", $module_group_name); + my $rc = get_db_value ($dbh, "SELECT id_mg FROM tmodule_group WHERE name = ?", safe_input($module_group_name)); return defined ($rc) ? $rc : -1; } @@ -245,7 +246,7 @@ sub get_nc_profile_name ($$) { sub get_profile_id ($$) { my ($dbh, $profile_name) = @_; - my $rc = get_db_value ($dbh, "SELECT id_perfil FROM tperfil WHERE name = ?", $profile_name); + my $rc = get_db_value ($dbh, "SELECT id_perfil FROM tperfil WHERE name = ?", safe_input($profile_name)); return defined ($rc) ? $rc : -1; } diff --git a/pandora_server/lib/PandoraFMS/DataServer.pm b/pandora_server/lib/PandoraFMS/DataServer.pm index 91c571d5f0..d96cbb4a64 100644 --- a/pandora_server/lib/PandoraFMS/DataServer.pm +++ b/pandora_server/lib/PandoraFMS/DataServer.pm @@ -403,7 +403,7 @@ sub process_module_data ($$$$$$$$$) { $dbh) = @_; # Get agent data - my $agent = get_db_single_row ($dbh, 'SELECT * FROM tagente WHERE nombre = ?', $agent_name); + my $agent = get_db_single_row ($dbh, 'SELECT * FROM tagente WHERE nombre = ?', safe_input($agent_name)); if (! defined ($agent)) { logger($pa_config, "Invalid agent '$agent_name' for module '$module_name'.", 3); return; @@ -425,7 +425,7 @@ sub process_module_data ($$$$$$$$$) { # Get module data or create it if it does not exist $ModuleSem->down (); - my $module = get_db_single_row ($dbh, 'SELECT * FROM tagente_modulo WHERE id_agente = ? AND nombre = ?', $agent->{'id_agente'}, $module_name); + my $module = get_db_single_row ($dbh, 'SELECT * FROM tagente_modulo WHERE id_agente = ? AND nombre = ?', $agent->{'id_agente'}, safe_input($module_name)); if (! defined ($module)) { # Do not auto create modules if ($pa_config->{'autocreate'} ne '1') { @@ -453,7 +453,7 @@ sub process_module_data ($$$$$$$$$) { pandora_create_module ($pa_config, $agent->{'id_agente'}, $module_id, $module_name, $module_conf->{'max'}, $module_conf->{'min'}, $module_conf->{'post_process'}, $module_conf->{'descripcion'}, $module_conf->{'module_interval'}, $dbh); - $module = get_db_single_row ($dbh, 'SELECT * FROM tagente_modulo WHERE id_agente = ? AND nombre = ?', $agent->{'id_agente'}, $module_name); + $module = get_db_single_row ($dbh, 'SELECT * FROM tagente_modulo WHERE id_agente = ? AND nombre = ?', $agent->{'id_agente'}, safe_input($module_name)); if (! defined ($module)) { logger($pa_config, "Could not create module '$module_name' for agent '$agent_name'.", 3); $ModuleSem->up (); diff --git a/pandora_server/lib/PandoraFMS/ReconServer.pm b/pandora_server/lib/PandoraFMS/ReconServer.pm index e383fa8d22..b1f1535c50 100644 --- a/pandora_server/lib/PandoraFMS/ReconServer.pm +++ b/pandora_server/lib/PandoraFMS/ReconServer.pm @@ -377,7 +377,7 @@ sub create_network_profile_modules { # Create the module my $module_id = db_insert ($dbh, 'INSERT INTO tagente_modulo (id_agente, id_tipo_modulo, descripcion, nombre, max, min, module_interval, tcp_port, tcp_send, tcp_rcv, snmp_community, snmp_oid, ip_target, id_module_group, flag, disabled, plugin_user, plugin_pass, plugin_parameter, max_timeout, id_modulo ) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, 1, 0, ?, ?, ?, ?, ?)', - $agent_id, $component->{'type'}, $component->{'description'}, $component->{'name'}, $component->{'max'}, $component->{'min'}, $component->{'module_interval'}, $component->{'tcp_port'}, $component->{'tcp_send'}, $component->{'tcp_rcv'}, $component->{'snmp_community'}, + $agent_id, $component->{'type'}, $component->{'description'}, safe_input($component->{'name'}), $component->{'max'}, $component->{'min'}, $component->{'module_interval'}, $component->{'tcp_port'}, $component->{'tcp_send'}, $component->{'tcp_rcv'}, $component->{'snmp_community'}, $component->{'snmp_oid'}, $addr, $component->{'id_module_group'}, $component->{'plugin_user'}, $component->{'plugin_pass'}, $component->{'plugin_parameter'}, $component->{'max_timeout'}, $component->{'id_modulo'}); # An entry in tagente_estado is necessary for the module to work diff --git a/pandora_server/lib/PandoraFMS/Tools.pm b/pandora_server/lib/PandoraFMS/Tools.pm index 0a42636df1..5f3ef8beb3 100644 --- a/pandora_server/lib/PandoraFMS/Tools.pm +++ b/pandora_server/lib/PandoraFMS/Tools.pm @@ -59,6 +59,8 @@ our @EXPORT = qw( pandora_ping pandora_ping_latency ticks_totime + safe_input + safe_output ); ########################################################################## @@ -77,6 +79,81 @@ sub pandora_trash_ascii { return $output } +########################################################################## +## Convert the $value encode in html entity to clear char string. +########################################################################## +sub safe_input($) { + my $value = shift; + + $value = encode_entities ($value); + + #//Replace the character '\' for the equivalent html entitie + $value =~ s/\\/\/gi; + + #// First attempt to avoid SQL Injection based on SQL comments + #// Specific for MySQL. + $value =~ s/\/\*//*/gi; + $value =~ s/\*\//*//gi; + + #//Replace ( for the html entitie + $value =~ s/\(/(/gi; + + #//Replace ( for the html entitie + $value =~ s/\)/)/gi; + + #//Replace some characteres for html entities + for (my $i=0;$i<33;$i++) { + my $pattern = chr($i); + my $hex = ascii_to_html($i); + $value =~ s/$pattern/$hex/gi; + } + + return $value; +} + +########################################################################## +## Convert the html entities to value encode to rebuild char string. +########################################################################## +sub safe_output($) { + my $value = shift; + + $value = decode_entities ($value); + + #//Replace the character '\' for the equivalent html entitie + $value =~ s/\/\\/gi; + + #// First attempt to avoid SQL Injection based on SQL comments + #// Specific for MySQL. + $value =~ s//*/\/\*/gi; + $value =~ s/*//\*\//gi; + + #//Replace ( for the html entitie + $value =~ s/(/\(/gi; + + #//Replace ( for the html entitie + $value =~ s/)/\)/gi; + + #//Replace some characteres for html entities + for (my $i=0;$i<33;$i++) { + my $pattern = chr($i); + my $hex = ascii_to_html($i); + $value =~ s/$hex/$pattern/gi; + } + + return $value; +} + +########################################################################## +# SUB ascii_to_html (string) +# Convert an ascii string to hexadecimal +########################################################################## + +sub ascii_to_html($) { + my $ascii = shift; + + return "&#x".substr(unpack("H*", pack("N", $ascii)),6,3).";"; +} + ########################################################################## # SUB pandora_get_os (string)