tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fixed that plugin module related APIs did not work properly in some cases.

This commit is contained in:
Junichi Satoh 2021-07-06 14:40:40 +09:00
parent dec62ffca4
commit b74beb76df
2 changed files with 131 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
pandora_console/include/functions_api.php
View File

@ -3958,7 +3958,7 @@ function api_set_create_plugin_module($id, $thrash1, $other, $thrash3)
'plugin_pass' => $other['data'][24],
'plugin_parameter' => $other['data'][25],
'disabled_types_event' => $disabled_types_event,
'macros' => base64_decode($other['data'][27]),
'macros' => base64_decode(str_replace('&#x20', '+', $other['data'][27])),
'module_macros' => $other['data'][28],
'each_ff' => $other['data'][29],
'min_ff_event_normal' => $other['data'][30],
@ -3969,6 +3969,22 @@ function api_set_create_plugin_module($id, $thrash1, $other, $thrash3)
'ff_type' => $other['data'][35],
];
$plugin = db_get_row('tplugin', 'id', $values['id_plugin']);
if (empty($plugin)) {
returnError('id_not_found');
return;
}
$plugin_command_macros = $plugin['macros'];
if (!empty($values['macros'])) {
$macros = io_safe_input_json($values['macros']);
if (empty($macros)) {
returnError('JSON string in macros is invalid.');
exit;
}
$values['macros'] = io_merge_json_value($plugin_command_macros, $macros);
}
if (! $values['descripcion']) {
$values['descripcion'] = '';
// Column 'descripcion' cannot be null.
@ -4119,13 +4135,29 @@ function api_set_update_plugin_module($id_module, $thrash1, $other, $thrash3)
$values[$field] = $other['data'][$cont];
if ($field === 'macros') {
$values[$field] = base64_decode($values[$field]);
$values[$field] = base64_decode(str_replace('&#x20', '+', $values[$field]));
}
}
$cont++;
}
$plugin = db_get_row('tplugin', 'id', $values['id_plugin']);
if (empty($plugin)) {
returnError('id_not_found');
return;
}
$plugin_command_macros = $plugin['macros'];
if (!empty($values['macros'])) {
$macros = io_safe_input_json($values['macros']);
if (empty($macros)) {
returnError('JSON string in macros is invalid.');
exit;
}
$values['macros'] = io_merge_json_value($plugin_command_macros, $macros);
}
$values['policy_linked'] = 0;
$result_update = modules_update_agent_module($id_module, $values);
@ -8205,7 +8237,7 @@ function api_set_add_plugin_module_policy($id, $thrash1, $other, $thrash3)
return;
}
if ($other['data'][22] == '') {
if ($other['data'][21] == '') {
returnError('The plugin module could not be added. Id_plugin cannot be left blank.');
return;
}
@ -8248,7 +8280,7 @@ function api_set_add_plugin_module_policy($id, $thrash1, $other, $thrash3)
$values['plugin_pass'] = $other['data'][23];
$values['plugin_parameter'] = $other['data'][24];
$values['disabled_types_event'] = $disabled_types_event;
$values['macros'] = base64_decode($other['data'][26]);
$values['macros'] = base64_decode(str_replace('&#x20', '+', $other['data'][26]));
$values['module_macros'] = $other['data'][27];
$values['each_ff'] = $other['data'][28];
$values['min_ff_event_normal'] = $other['data'][29];
@ -8263,6 +8295,22 @@ function api_set_add_plugin_module_policy($id, $thrash1, $other, $thrash3)
}
}
$plugin = db_get_row('tplugin', 'id', $values['id_plugin']);
if (empty($plugin)) {
returnError('id_not_found');
return;
}
$plugin_command_macros = $plugin['macros'];
if (!empty($values['macros'])) {
$macros = io_safe_input_json($values['macros']);
if (empty($macros)) {
returnError('JSON string in macros is invalid.');
exit;
}
$values['macros'] = io_merge_json_value($plugin_command_macros, $macros);
}
$success = enterprise_hook('policies_create_module', [$other['data'][0], $id, 4, $values, false]);
if ($success) {

79
pandora_console/include/functions_io.php
View File

@ -622,3 +622,82 @@ function io_safe_html_tags(string $string)
return $output;
}
/**
* Execute io_safe_input againt each values in JSON.
*
* @param string json
*
* @return string json where each value is encoded
*/
function io_safe_input_json($json)
{
$output_json = "";
if (empty($json)) {
return $output_json;
}
$array_json = json_decode($json, true);
if (json_last_error() != JSON_ERROR_NONE) {
return $output_json;
}
foreach ($array_json as $key => $value) {
if (is_array($value)) {
$value_json = json_encode($value, JSON_UNESCAPED_UNICODE);
$array_json[$key] = json_decode(io_safe_input_json($value_json), true);
} else {
$array_json[$key] = io_safe_input($value);
}
}
$output_json = json_encode($array_json, JSON_UNESCAPED_UNICODE);
return $output_json;
}
/**
* Merge json value in $json_merge to $json
*
* @param string json to be merged.
* @param string json containing the values to merge.
* @param boolean limit the values to be merged to those with a key of 'value', true by default.
*
* @retrun string merged json
*
* e.g.)
* arg1 json: {"1":{"macro":"_field1_","desc":"DESCRIPTION","help":"HELP","value":"","hide":""}}
* arg2 json: {"1":{"value":"xxxx"}}
* -> return json: {"1":{"macro":"_field1_","desc":"DESCRIPTION","help":"HELP","value":"xxxx","hide":""}}
*/
function io_merge_json_value($json, $json_merge, $value_key_only=true)
{
$output_json = "";
$array_json = json_decode($json, true);
if (json_last_error() != JSON_ERROR_NONE) {
return $output_json;
}
$array_json_merge = json_decode($json_merge, true);
if (json_last_error() != JSON_ERROR_NONE) {
return $output_json;
}
foreach ($array_json_merge as $key => $value) {
if (is_array($value) && !empty($array_json[$key])) {
$merged_json = io_merge_json_value(
json_encode($array_json[$key], JSON_UNESCAPED_UNICODE),
json_encode($value, JSON_UNESCAPED_UNICODE),
$value_key_only);
$array_json[$key] = json_decode($merged_json, true);
} else {
if (array_key_exists($key, $array_json) &&
($value_key_only == false || $key == 'value')) {
$array_json[$key] = $array_json_merge[$key];
}
}
}
$output_json = json_encode($array_json, JSON_UNESCAPED_UNICODE);
return $output_json;
}