2010-11-02 Sergio Martin <sergio.martin@artica.es>

* lib/PandoraFMS/DB.pm
	lib/PandoraFMS/Core.pm
	lib/PandoraFMS/ReconServer.pm
	lib/PandoraFMS/DataServer.pm
	lib/PandoraFMS/Tools.pm: Fixed insert db operations
	in server to store the html entities. This improves
	fix bug 3096436



git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@3499 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f

pandora_server/ChangeLog

@@ -1,3 +1,13 @@
+2010-11-02  Sergio Martin <sergio.martin@artica.es>
+
+	* lib/PandoraFMS/DB.pm
+	lib/PandoraFMS/Core.pm
+	lib/PandoraFMS/ReconServer.pm
+	lib/PandoraFMS/DataServer.pm
+	lib/PandoraFMS/Tools.pm: Fixed insert db operations
+	in server to store the html entities. This improves
+	fix bug 3096436
+
 2010-11-02  Sergio Martin <sergio.martin@artica.es>
 
 	* util/recon_scripts/snmpdevices.pl: Fixed a missed typo

pandora_server/lib/PandoraFMS/Core.pm

@@ -1090,7 +1090,7 @@ sub pandora_create_module ($$$$$$$$$$) {
 	$post_process = 0 if ($post_process eq '');
 
 	my $module_id = db_insert($dbh, 'INSERT INTO tagente_modulo (`id_agente`, `id_tipo_modulo`, `nombre`, `max`, `min`, `post_process`, `descripcion`, `module_interval`, `id_modulo`)
-			VALUES (?, ?, ?, ?, ?, ?, ?, ?, 1)', $agent_id, $module_type_id, $module_name, $max, $min, $post_process, $description, $interval);
+			VALUES (?, ?, ?, ?, ?, ?, ?, ?, 1)', $agent_id, $module_type_id, safe_input($module_name), $max, $min, $post_process, $description, $interval);
 	db_do ($dbh, 'INSERT INTO tagente_estado (`id_agente_modulo`, `id_agente`, `last_try`) VALUES (?, ?, \'0000-00-00 00:00:00\')', $module_id, $agent_id);
 	return $module_id;
 }
@@ -1134,12 +1134,12 @@ sub pandora_create_agent ($$$$$$$$$$;$$$$$) {
 	# Test if the optional positional parameters are defined or GIS is disabled
 	if (!defined ($timezone_offset) ) {
 		$agent_id = db_insert ($dbh, 'INSERT INTO tagente (`nombre`, `direccion`, `comentarios`, `id_grupo`, `id_os`, `server_name`, `intervalo`, `id_parent`, `modo`)
-				VALUES (?, ?, ?, ?, ?, ?, ?, ?, 1)', $agent_name, $address, $description, $group_id, $os_id, $server_name, $interval, $parent_id);
+				VALUES (?, ?, ?, ?, ?, ?, ?, ?, 1)', safe_input($agent_name), $address, $description, $group_id, $os_id, safe_input($server_name), $interval, $parent_id);
 	}
 	else {
 		 $agent_id = db_insert ($dbh, 'INSERT INTO tagente (`nombre`, `direccion`, `comentarios`, `id_grupo`, `id_os`, `server_name`, `intervalo`, `id_parent`, 
-				`timezone_offset`, `modo` ) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, 1)', $agent_name, $address, 
+				`timezone_offset`, `modo` ) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, 1)', safe_input($agent_name), $address, 
-				 $description, $group_id, $os_id, $server_name, $interval, $parent_id, $timezone_offset);	
+				 $description, $group_id, $os_id, safe_input($server_name), $interval, $parent_id, $timezone_offset);	
 	}
 	if (defined ($longitude) && defined ($latitude ) && $pa_config->{'activate_gis'} == 1 ) {
 		if (!defined($altitude)) {

pandora_server/lib/PandoraFMS/DB.pm

@@ -20,6 +20,7 @@ package PandoraFMS::DB;
 use strict;
 use warnings;
 use DBI;
+use PandoraFMS::Tools;	
 
 require Exporter;
 
@@ -101,7 +102,7 @@ sub get_action_id ($$) {
 sub get_agent_id ($$) {
 	my ($dbh, $agent_name) = @_;
 
-	my $rc = get_db_value ($dbh, "SELECT id_agente FROM tagente WHERE nombre = ? OR direccion = ?", $agent_name, $agent_name);
+	my $rc = get_db_value ($dbh, "SELECT id_agente FROM tagente WHERE nombre = ? OR direccion = ?", safe_input($agent_name), $agent_name);
 	return defined ($rc) ? $rc : -1;
 }
 
@@ -113,7 +114,7 @@ sub get_server_id ($$$) {
 
 	my $rc = get_db_value ($dbh, "SELECT id_server FROM tserver
 					WHERE name = ? AND server_type = ?",
-					$server_name, $server_type);
+					safe_input($server_name), $server_type);
 	return defined ($rc) ? $rc : -1;
 }
 
@@ -123,7 +124,7 @@ sub get_server_id ($$$) {
 sub get_group_id ($$) {
 	my ($dbh, $group_name) = @_;
 
-	my $rc = get_db_value ($dbh, "SELECT id_grupo FROM tgrupo WHERE nombre = ?", $group_name);
+	my $rc = get_db_value ($dbh, "SELECT id_grupo FROM tgrupo WHERE nombre = ?", safe_input($group_name));
 	return defined ($rc) ? $rc : -1;
 }
 
@@ -163,7 +164,7 @@ sub get_module_name ($$) {
 sub get_agent_module_id ($$$) {
 	my ($dbh, $module_name, $agent_id) = @_;
 	
-	my $rc = get_db_value ($dbh, "SELECT id_agente_modulo FROM tagente_modulo WHERE nombre = ? AND id_agente = ?", $module_name, $agent_id);
+	my $rc = get_db_value ($dbh, "SELECT id_agente_modulo FROM tagente_modulo WHERE nombre = ? AND id_agente = ?", safe_input($module_name), $agent_id);
 	return defined ($rc) ? $rc : -1;
 }
 
@@ -173,7 +174,7 @@ sub get_agent_module_id ($$$) {
 sub get_template_id ($$) {
 	my ($dbh, $template_name) = @_;
 	
-	my $rc = get_db_value ($dbh, "SELECT id FROM talert_templates WHERE name = ?", $template_name);
+	my $rc = get_db_value ($dbh, "SELECT id FROM talert_templates WHERE name = ?", safe_input($template_name));
 	return defined ($rc) ? $rc : -1;
 }
 
@@ -202,7 +203,7 @@ sub is_group_disabled ($$) {
 sub get_module_id ($$) {
 	my ($dbh, $module_name) = @_;
 
-	my $rc = get_db_value ($dbh, "SELECT id_tipo FROM ttipo_modulo WHERE nombre = ?", $module_name);
+	my $rc = get_db_value ($dbh, "SELECT id_tipo FROM ttipo_modulo WHERE nombre = ?", safe_input($module_name));
 	return defined ($rc) ? $rc : -1;
 }
 
@@ -212,7 +213,7 @@ sub get_module_id ($$) {
 sub get_plugin_id ($$) {
 	my ($dbh, $plugin_name) = @_;
 
-	my $rc = get_db_value ($dbh, "SELECT id FROM tplugin WHERE name = ?", $plugin_name);
+	my $rc = get_db_value ($dbh, "SELECT id FROM tplugin WHERE name = ?", safe_input($plugin_name));
 	return defined ($rc) ? $rc : -1;
 }
 
@@ -226,7 +227,7 @@ sub get_module_group_id ($$) {
 		return 0;
 	}
 	
-	my $rc = get_db_value ($dbh, "SELECT id_mg FROM tmodule_group WHERE name = ?", $module_group_name);
+	my $rc = get_db_value ($dbh, "SELECT id_mg FROM tmodule_group WHERE name = ?", safe_input($module_group_name));
 	return defined ($rc) ? $rc : -1;
 }
 
@@ -245,7 +246,7 @@ sub get_nc_profile_name ($$) {
 sub get_profile_id ($$) {
 	my ($dbh, $profile_name) = @_;
 
-	my $rc = get_db_value ($dbh, "SELECT id_perfil FROM tperfil WHERE name = ?", $profile_name);
+	my $rc = get_db_value ($dbh, "SELECT id_perfil FROM tperfil WHERE name = ?", safe_input($profile_name));
 	return defined ($rc) ? $rc : -1;
 }
 

pandora_server/lib/PandoraFMS/DataServer.pm

@@ -403,7 +403,7 @@ sub process_module_data ($$$$$$$$$) {
 		$dbh) = @_;
 
 	# Get agent data
-	my $agent = get_db_single_row ($dbh, 'SELECT * FROM tagente WHERE nombre = ?', $agent_name);
+	my $agent = get_db_single_row ($dbh, 'SELECT * FROM tagente WHERE nombre = ?', safe_input($agent_name));
 	if (! defined ($agent)) {
 		logger($pa_config, "Invalid agent '$agent_name' for module '$module_name'.", 3);
 		return;
@@ -425,7 +425,7 @@ sub process_module_data ($$$$$$$$$) {
 
 	# Get module data or create it if it does not exist
 	$ModuleSem->down ();
-	my $module = get_db_single_row ($dbh, 'SELECT * FROM tagente_modulo WHERE id_agente = ? AND nombre = ?', $agent->{'id_agente'}, $module_name);
+	my $module = get_db_single_row ($dbh, 'SELECT * FROM tagente_modulo WHERE id_agente = ? AND nombre = ?', $agent->{'id_agente'}, safe_input($module_name));
 	if (! defined ($module)) {
 		# Do not auto create modules
 		if ($pa_config->{'autocreate'} ne '1') {
@@ -453,7 +453,7 @@ sub process_module_data ($$$$$$$$$) {
 		pandora_create_module ($pa_config, $agent->{'id_agente'}, $module_id, $module_name,
 			$module_conf->{'max'}, $module_conf->{'min'}, $module_conf->{'post_process'},
 			$module_conf->{'descripcion'}, $module_conf->{'module_interval'}, $dbh);
-		$module = get_db_single_row ($dbh, 'SELECT * FROM tagente_modulo WHERE id_agente = ? AND nombre = ?', $agent->{'id_agente'}, $module_name);
+		$module = get_db_single_row ($dbh, 'SELECT * FROM tagente_modulo WHERE id_agente = ? AND nombre = ?', $agent->{'id_agente'}, safe_input($module_name));
 		if (! defined ($module)) {
 			logger($pa_config, "Could not create module '$module_name' for agent '$agent_name'.", 3);
 			$ModuleSem->up ();

pandora_server/lib/PandoraFMS/ReconServer.pm

@@ -377,7 +377,7 @@ sub create_network_profile_modules {
 		# Create the module
 		my $module_id = db_insert ($dbh, 'INSERT INTO tagente_modulo (id_agente, id_tipo_modulo, descripcion, nombre, max, min, module_interval, tcp_port, tcp_send, tcp_rcv, snmp_community, snmp_oid, ip_target, id_module_group, flag, disabled, plugin_user, plugin_pass, plugin_parameter, max_timeout, id_modulo )
 		                                              VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, 1, 0, ?, ?, ?, ?, ?)',
-		                                             $agent_id, $component->{'type'}, $component->{'description'}, $component->{'name'}, $component->{'max'}, $component->{'min'}, $component->{'module_interval'}, $component->{'tcp_port'}, $component->{'tcp_send'}, $component->{'tcp_rcv'}, $component->{'snmp_community'},
+		                                             $agent_id, $component->{'type'}, $component->{'description'}, safe_input($component->{'name'}), $component->{'max'}, $component->{'min'}, $component->{'module_interval'}, $component->{'tcp_port'}, $component->{'tcp_send'}, $component->{'tcp_rcv'}, $component->{'snmp_community'},
 		                                             $component->{'snmp_oid'}, $addr, $component->{'id_module_group'}, $component->{'plugin_user'}, $component->{'plugin_pass'}, $component->{'plugin_parameter'}, $component->{'max_timeout'}, $component->{'id_modulo'});
 
 		# An entry in tagente_estado is necessary for the module to work

pandora_server/lib/PandoraFMS/Tools.pm

@@ -59,6 +59,8 @@ our @EXPORT = qw(
 	pandora_ping
 	pandora_ping_latency
     ticks_totime
+    safe_input
+    safe_output
 );
 
 ##########################################################################
@@ -77,6 +79,81 @@ sub pandora_trash_ascii {
 	return $output
 }
 
+##########################################################################
+## Convert the $value encode in html entity to clear char string.
+##########################################################################
+sub safe_input($) {
+	my $value = shift;
+
+	$value = encode_entities ($value);
+		
+	#//Replace the character '\' for the equivalent html entitie
+	$value =~ s/\\/\/gi;
+
+    #// First attempt to avoid SQL Injection based on SQL comments
+    #// Specific for MySQL.
+	$value =~ s/\/\*//*/gi;
+	$value =~ s/\*\//*//gi;
+	
+	#//Replace ( for the html entitie
+	$value =~ s/\(/(/gi;
+	
+	#//Replace ( for the html entitie
+	$value =~ s/\)/)/gi;	
+	
+	#//Replace some characteres for html entities
+	for (my $i=0;$i<33;$i++) {
+		my $pattern = chr($i);
+		my $hex = ascii_to_html($i);
+		$value =~ s/$pattern/$hex/gi;		
+	}
+	
+	return $value;
+}
+
+##########################################################################
+## Convert the html entities to value encode to rebuild char string.
+##########################################################################
+sub safe_output($) {
+	my $value = shift;
+
+	$value = decode_entities ($value);
+		
+	#//Replace the character '\' for the equivalent html entitie
+	$value =~ s/&#92;/\\/gi;
+
+    #// First attempt to avoid SQL Injection based on SQL comments
+    #// Specific for MySQL.
+	$value =~ s/&#47;&#42;/\/\*/gi;
+	$value =~ s/&#42;&#47;/\*\//gi;
+	
+	#//Replace ( for the html entitie
+	$value =~ s/&#40;/\(/gi;
+	
+	#//Replace ( for the html entitie
+	$value =~ s/&#41;/\)/gi;	
+	
+	#//Replace some characteres for html entities
+	for (my $i=0;$i<33;$i++) {
+		my $pattern = chr($i);
+		my $hex = ascii_to_html($i);
+		$value =~ s/$hex/$pattern/gi;		
+	}
+	
+	return $value;
+}
+
+##########################################################################
+# SUB ascii_to_html (string)
+# Convert an ascii string to hexadecimal
+##########################################################################
+
+sub ascii_to_html($) {
+	my $ascii = shift;
+	
+	return "&#x".substr(unpack("H*", pack("N", $ascii)),6,3).";";
+}
+
 
 ##########################################################################
 # SUB pandora_get_os (string)