NathanGibbs3 / BASE / 584

pending completion

Build # 584

Build Type

push

travis-ci-com

Committed by

NathanGibbs3

Commit Message

20230412 Fix CI build breakage.
         Related Issue(s) #158

Run Details

2 of 2 new or added lines in 1 file covered. (100.0%)

2594 of 16816 relevant lines covered (15.43%)

20.97 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

0.0

/base_qry_main.php

<?php
/*******************************************************************************
** Basic Analysis and Security Engine (BASE)
** Copyright (C) 2004 BASE Project Team
** Copyright (C) 2000 Carnegie Mellon University
**
** (see the file 'base_main.php' for license details)
**
** Project Leads: Kevin Johnson <kjohnson@secureideas.net>
** Built upon work by Roman Danyliw <rdd@cert.org>, <roman@danyliw.com>
**
** Purpose: Input GET/POST variables
**   - caller: specifies the canned snapshot to run
**   - submit:
********************************************************************************
** Authors:
********************************************************************************
** Kevin Johnson <kjohnson@secureideas.net
** Chris Shepherd <chsh>
**
********************************************************************************
*/

/*
 * $caller: an auxiliary variable used to determine the how the search parameters were entered (i.e.
 *          whether through a form or through another mechanism
 *  - "stat_alerts" : display results based on the the Alert Listings
 *  - "top_tcp" :
 *  - "top_udp" :
 *  - "top_icmp" :
 *  - "last_tcp" :
 *  - "last_udp" :
 *  - "last_icmp" :
 *
 * $submit: used to determine the next action which should be taken when the form is submitted.
 *  - _QUERYDB         : triggers a query into the database
 *  - _ADDTIME         : adds another date/time row 
 *  - _ADDADDR         : adds another IP address row
 *  - _ADDIPFIELD      : adds another IP field row
 *  - _ADDTCPPORT      : adds another TCP port row
 *  - _ADDTCPFIELD     : adds another TCP field row
 *  - _ADDUDPPORT      : adds another UDP port row
 *  - _ADDUDPFIELD     : adds another UDP field row
 *  - _ADDICMPFIELD    : adds another ICMP field row
 *  - "#X-(X-X)"       : sid-cid keys for a packet lookup
 *  - _SELECTED
 *  - _ALLONSCREEN
 *  - _ENTIREQUERY
 *
 * $layer4: stores the layer 4 protocol used in query
 *
 * $save_sql: the current sql string generating the query
 *
 * $save_criteria: HTML-human readable criteria of the $save_sql string
 *
 * $num_result_rows: rows in the entire record set retried under the current 
 *                   query
 *
 * $current_view: current view of the result set
 *
 * $sort_order: how to sort the output
 *
 * ----- Search Result Variables ----
 * $action_chk_lst[]: array of check boxes to determine if an alert
 *                    was selected for action
 * $action_lst[]: array of (sid,cid) of all alerts on screen
 */

  include("base_conf.php");
include_once("$BASE_path/includes/base_constants.inc.php");
  include("$BASE_path/includes/base_include.inc.php");

  include_once("$BASE_path/includes/base_action.inc.php");
  include_once("$BASE_path/base_db_common.php");
  include_once("$BASE_path/base_common.php");
  include_once("$BASE_path/base_ag_common.php");
  include_once("$BASE_path/base_qry_common.php");

AuthorizedRole(10000);
$et = new EventTiming($debug_time_mode);
$db = NewBASEDBConnection($DBlib_path, $DBtype); // Connect to Alert DB.
$db->baseDBConnect(
        $db_connect_method,$alert_dbname, $alert_host, $alert_port, $alert_user,
        $alert_password
);
UpdateAlertCache($db);
if ( class_exists('UILang') ){ // Issue 11 backport shim.
        $CPSig = $UIL->CWA['Sig'];
        $CPSA = $UIL->CPA['SrcAddr'];
        $CPDA = $UIL->CPA['DstAddr'];
        $CPTs = $UIL->CWA['Ts'];
}else{
        $CPSig = _SIGNATURE;
        $CPSA = _NBSOURCEADDR;
        $CPDA = _NBDESTADDR;
        $CPTs = _TIMESTAMP;
}
if ( getenv('TRAVIS') && version_compare(PHP_VERSION, "5.3.0", "<") ){
        // Issue #5 Test Shim
        $new = 1;
        $submit = '';
}else{
        $new = ImportHTTPVar("new", VAR_DIGIT);
        // This call can include many values.
        $submit = ImportHTTPVar(
                "submit", VAR_DIGIT | VAR_PUNC | VAR_LETTER,
                array(
                        _SELECTED, _ALLONSCREEN, _ENTIREQUERY, _QUERYDB, _ADDTIME,
                        _ADDADDRESS, _ADDIPFIELD, _ADDTCPPORT, _ADDTCPFIELD, _ADDUDPPORT,
                        _ADDUDPFIELD, _ADDICMPFIELD
                )
        );
}

  // Set the sort order to the new sort order if one has been selected
  $sort_order = ImportHTTPVar("sort_order", VAR_LETTER | VAR_USCORE);
  if ($sort_order == "" || !isset($sort_order)) 
  {
    // If one wasn't picked, try the prev_sort_order
    $sort_order = ImportHTTPVar("prev_sort_order", VAR_LETTER | VAR_USCORE);
    // If there was no previous sort order, default it to none.
    if ($sort_order == "" || !isset($sort_order))
    {
      // $sort_order = "none"; //default to none.
                        $sort_order = $CPTs .'_time_d'; // default set to "descending order"
    }
  }

$cs = new CriteriaState("base_qry_main.php", "&amp;new=1&amp;submit="._QUERYDBP);

/* Code to correct 'interesting' (read: unexplained) browser behavior */

/* Something with Netscape 4.75 such that the $submit variable is no recognized
 * under certain circumstances.  This one is a result of using HTTPS and 
 * clicking on TCP traffic profile from base_main.php 
 */
  if ( $cs->criteria['layer4']->Get() != "" && $submit == "" )
    $submit = _QUERYDB;

  /* End 'interesting' browser code fixes */
        if ( ($new == 1) && ($submit == "") ){ // Totally new Search
                if ( $debug_mode > 0 ){
                        print "Initializing Criteria State.\n";
                }
                $cs->InitState();
        }
        // Is this a new query, invoked from the SEARCH screen ?
        // If the query string if very long (> 700) then this must be from the
        // Search screen.
if ( isset($maintain_history) && $maintain_history == 1 ){
        $back = ImportHTTPVar("back", VAR_DIGIT);
        if ( $back != 1 && $submit == _QUERYDB && ChkGet ('search', 1) ){
    !empty($_SESSION['back_list_cnt']) ? $_SESSION['back_list_cnt']-- : $_SESSION['back_list_cnt'] = 0;    /* save on top of initial blank query screen   */
    $submit = "";          /*  save entered search criteria as if one hit Enter */
    $_POST['submit'] = $submit;
    $cs->ReadState();      /* save the search criteria       */
    $submit = _QUERYDB;    /* restore the real submit value  */
    $_POST['submit'] = $submit;
        }
}
$cs->ReadState();
$qs = new QueryState();
$qs->current_sort_order = $sort_order; // Issue #133 fix
$tmp = $CPTs . '_time_d';
$qs->AddCannedQuery("last_tcp", $last_num_alerts, _LASTTCP, $tmp);
$qs->AddCannedQuery("last_udp", $last_num_alerts, _LASTUDP, $tmp);
$qs->AddCannedQuery("last_icmp", $last_num_alerts, _LASTICMP, $tmp);
$qs->AddCannedQuery("last_any", $last_num_alerts, _LASTALERTS, $tmp);
$tmp = '';

$page_title = _QUERYRESULTS;
if ( $qs->isCannedQuery() ){
        $page_title.': '.$qs->GetCurrentCannedQueryDesc();
}
PrintBASESubHeader(
        $page_title, $page_title, $cs->GetBackLink(), $refresh_all_pages
);

$printing_ag = false;
?>

<FORM METHOD="GET" NAME="PacketForm" ACTION="base_qry_main.php">
<input type='hidden' name="search" value="1" />
<?php
/* Dump some debugging information on the shared state */
if ( $debug_mode > 0 ){
        PrintCriteriaState();
}

/* a browsing button was clicked -> increment view */
if ( is_numeric($submit) )
{
    if ( $debug_mode > 0 ) ErrorMessage("Browsing Clicked ($submit)");
    $qs->MoveView($submit);
    $submit = _QUERYDB;
}

/* Return the input form to get more criteria from user */
if (
     ($submit == _ADDTIME) ||
     ($submit == _ADDADDRESS) ||
     ($submit == _ADDIPFIELD) ||
     ($submit == _ADDTCPPORT) ||
     ($submit == _ADDUDPPORT) ||
     ($submit == _ADDICMPFIELD) ||
     ($submit == _ADDPAYLOAD) ||
     ($submit == "TCP") ||
     ($submit == "UDP") ||
     ($submit == "ICMP") ||
     ($submit == _NOLAYER4) 
   )
{
  include("$BASE_path/base_qry_form.php");
}elseif (
        $qs->isCannedQuery() || $new != 1 ||
        $submit == _QUERYDB || $submit == _QUERYDBP || $submit == _SELECTED ||
        $submit == _ALLONSCREEN || $submit == _ENTIREQUERY
){ // Run the SQL Query and get results.
  /* Init and run the action */
  $criteria_clauses = ProcessCriteria();  

  $from = "FROM acid_event ".$criteria_clauses[0];
  $where = "";
  if( $criteria_clauses[1] != "" )
    $where = "WHERE ".$criteria_clauses[1];

  $qs->AddValidAction("ag_by_id");
  $qs->AddValidAction("ag_by_name");
  $qs->AddValidAction("add_new_ag");
  $qs->AddValidAction("del_alert");
  $qs->AddValidAction("email_alert");
  $qs->AddValidAction("email_alert2");
  $qs->AddValidAction("csv_alert");
  $qs->AddValidAction("archive_alert");
  $qs->AddValidAction("archive_alert2");

  $qs->AddValidActionOp(_SELECTED);
  $qs->AddValidActionOp(_ALLONSCREEN);
  $qs->AddValidActionOp(_ENTIREQUERY);

  $qs->SetActionSQL("SELECT acid_event.sid, acid_event.cid $from $where");
  $et->Mark("Initialization");

  $qs->RunAction($submit, PAGE_QRY_ALERTS, $db);
  $et->Mark("Alert Action");

        if ( $debug_mode > 0 ){
                ErrorMessage("Initial/Canned Query or Sort Clicked");
        }
        include("$BASE_path/base_qry_sqlcalls.php");
}else{ // Return the input form to get more criteria from user.
        include("$BASE_path/base_qry_form.php");
}
$qs->SaveState();
NLIO('</form>');
$et->Mark("Get Query Elements");
PrintBASESubFooter();
?>

1	<?php
2	/*******************************************************************************
3	** Basic Analysis and Security Engine (BASE)
4	** Copyright (C) 2004 BASE Project Team
5	** Copyright (C) 2000 Carnegie Mellon University
6	**
7	** (see the file 'base_main.php' for license details)
8	**
9	** Project Leads: Kevin Johnson <kjohnson@secureideas.net>
10	** Built upon work by Roman Danyliw <rdd@cert.org>, <roman@danyliw.com>
11	**
12	** Purpose: Input GET/POST variables
13	** - caller: specifies the canned snapshot to run
14	** - submit:
15	********************************************************************************
16	** Authors:
17	********************************************************************************
18	** Kevin Johnson <kjohnson@secureideas.net
19	** Chris Shepherd <chsh>
20	**
21	********************************************************************************
22	*/
23
24	/*
25	* $caller: an auxiliary variable used to determine the how the search parameters were entered (i.e.
26	* whether through a form or through another mechanism
27	* - "stat_alerts" : display results based on the the Alert Listings
28	* - "top_tcp" :
29	* - "top_udp" :
30	* - "top_icmp" :
31	* - "last_tcp" :
32	* - "last_udp" :
33	* - "last_icmp" :
34	*
35	* $submit: used to determine the next action which should be taken when the form is submitted.
36	* - _QUERYDB : triggers a query into the database
37	* - _ADDTIME : adds another date/time row
38	* - _ADDADDR : adds another IP address row
39	* - _ADDIPFIELD : adds another IP field row
40	* - _ADDTCPPORT : adds another TCP port row
41	* - _ADDTCPFIELD : adds another TCP field row
42	* - _ADDUDPPORT : adds another UDP port row
43	* - _ADDUDPFIELD : adds another UDP field row
44	* - _ADDICMPFIELD : adds another ICMP field row
45	* - "#X-(X-X)" : sid-cid keys for a packet lookup
46	* - _SELECTED
47	* - _ALLONSCREEN
48	* - _ENTIREQUERY
49	*
50	* $layer4: stores the layer 4 protocol used in query
51	*
52	* $save_sql: the current sql string generating the query
53	*
54	* $save_criteria: HTML-human readable criteria of the $save_sql string
55	*
56	* $num_result_rows: rows in the entire record set retried under the current
57	* query
58	*
59	* $current_view: current view of the result set
60	*
61	* $sort_order: how to sort the output
62	*
63	* ----- Search Result Variables ----
64	* $action_chk_lst[]: array of check boxes to determine if an alert
65	* was selected for action
66	* $action_lst[]: array of (sid,cid) of all alerts on screen
67	*/
68
69	include("base_conf.php");	×
70	include_once("$BASE_path/includes/base_constants.inc.php");	×
71	include("$BASE_path/includes/base_include.inc.php");	×
72
73	include_once("$BASE_path/includes/base_action.inc.php");	×
74	include_once("$BASE_path/base_db_common.php");	×
75	include_once("$BASE_path/base_common.php");	×
76	include_once("$BASE_path/base_ag_common.php");	×
77	include_once("$BASE_path/base_qry_common.php");	×
78
79	AuthorizedRole(10000);	×
80	$et = new EventTiming($debug_time_mode);	×
81	$db = NewBASEDBConnection($DBlib_path, $DBtype); // Connect to Alert DB.	×
82	$db->baseDBConnect(	×
83	$db_connect_method,$alert_dbname, $alert_host, $alert_port, $alert_user,
84	$alert_password
85	);
86	UpdateAlertCache($db);	×
87	if ( class_exists('UILang') ){ // Issue 11 backport shim.	×
88	$CPSig = $UIL->CWA['Sig'];	×
89	$CPSA = $UIL->CPA['SrcAddr'];	×
90	$CPDA = $UIL->CPA['DstAddr'];	×
91	$CPTs = $UIL->CWA['Ts'];	×
92	}else{	×
93	$CPSig = _SIGNATURE;	×
94	$CPSA = _NBSOURCEADDR;	×
95	$CPDA = _NBDESTADDR;	×
96	$CPTs = _TIMESTAMP;	×
97	}
98	if ( getenv('TRAVIS') && version_compare(PHP_VERSION, "5.3.0", "<") ){	×
99	// Issue #5 Test Shim
100	$new = 1;	×
101	$submit = '';	×
102	}else{	×
103	$new = ImportHTTPVar("new", VAR_DIGIT);	×
104	// This call can include many values.
105	$submit = ImportHTTPVar(	×
106	"submit", VAR_DIGIT \| VAR_PUNC \| VAR_LETTER,	×
107	array(
108	_SELECTED, _ALLONSCREEN, _ENTIREQUERY, _QUERYDB, _ADDTIME,	×
109	_ADDADDRESS, _ADDIPFIELD, _ADDTCPPORT, _ADDTCPFIELD, _ADDUDPPORT,
110	_ADDUDPFIELD, _ADDICMPFIELD
111	)
112	);
113	}
114
115	// Set the sort order to the new sort order if one has been selected
116	$sort_order = ImportHTTPVar("sort_order", VAR_LETTER \| VAR_USCORE);	×
117	if ($sort_order == "" \|\| !isset($sort_order))	×
118	{
119	// If one wasn't picked, try the prev_sort_order
120	$sort_order = ImportHTTPVar("prev_sort_order", VAR_LETTER \| VAR_USCORE);	×
121	// If there was no previous sort order, default it to none.
122	if ($sort_order == "" \|\| !isset($sort_order))	×
123	{
124	// $sort_order = "none"; //default to none.
125	$sort_order = $CPTs .'_time_d'; // default set to "descending order"	×
126	}
127	}
128
129	$cs = new CriteriaState("base_qry_main.php", "&new=1&submit="._QUERYDBP);	×
130
131	/* Code to correct 'interesting' (read: unexplained) browser behavior */
132
133	/* Something with Netscape 4.75 such that the $submit variable is no recognized
134	* under certain circumstances. This one is a result of using HTTPS and
135	* clicking on TCP traffic profile from base_main.php
136	*/
137	if ( $cs->criteria['layer4']->Get() != "" && $submit == "" )	×
138	$submit = _QUERYDB;	×
139
140	/* End 'interesting' browser code fixes */
141	if ( ($new == 1) && ($submit == "") ){ // Totally new Search	×
142	if ( $debug_mode > 0 ){	×
143	print "Initializing Criteria State.\n";	×
144	}
145	$cs->InitState();	×
146	}
147	// Is this a new query, invoked from the SEARCH screen ?
148	// If the query string if very long (> 700) then this must be from the
149	// Search screen.
150	if ( isset($maintain_history) && $maintain_history == 1 ){	×
151	$back = ImportHTTPVar("back", VAR_DIGIT);	×
152	if ( $back != 1 && $submit == _QUERYDB && ChkGet ('search', 1) ){	×
153	!empty($_SESSION['back_list_cnt']) ? $_SESSION['back_list_cnt']-- : $_SESSION['back_list_cnt'] = 0; /* save on top of initial blank query screen */	×
154	$submit = ""; /* save entered search criteria as if one hit Enter */
155	$_POST['submit'] = $submit;	×
156	$cs->ReadState(); /* save the search criteria */	×
157	$submit = _QUERYDB; /* restore the real submit value */
158	$_POST['submit'] = $submit;	×
159	}
160	}
161	$cs->ReadState();	×
162	$qs = new QueryState();	×
163	$qs->current_sort_order = $sort_order; // Issue #133 fix	×
164	$tmp = $CPTs . '_time_d';	×
165	$qs->AddCannedQuery("last_tcp", $last_num_alerts, _LASTTCP, $tmp);	×
166	$qs->AddCannedQuery("last_udp", $last_num_alerts, _LASTUDP, $tmp);	×
167	$qs->AddCannedQuery("last_icmp", $last_num_alerts, _LASTICMP, $tmp);	×
168	$qs->AddCannedQuery("last_any", $last_num_alerts, _LASTALERTS, $tmp);	×
169	$tmp = '';	×
170
171	$page_title = _QUERYRESULTS;	×
172	if ( $qs->isCannedQuery() ){	×
173	$page_title.': '.$qs->GetCurrentCannedQueryDesc();	×
174	}
175	PrintBASESubHeader(	×
176	$page_title, $page_title, $cs->GetBackLink(), $refresh_all_pages	×
177	);
178
179	$printing_ag = false;	×
180	?>
181
182	<FORM METHOD="GET" NAME="PacketForm" ACTION="base_qry_main.php">
183	<input type='hidden' name="search" value="1" />
184	<?php
185	/* Dump some debugging information on the shared state */
186	if ( $debug_mode > 0 ){	×
187	PrintCriteriaState();	×
188	}
189
190	/* a browsing button was clicked -> increment view */
191	if ( is_numeric($submit) )	×
192	{
193	if ( $debug_mode > 0 ) ErrorMessage("Browsing Clicked ($submit)");	×
194	$qs->MoveView($submit);	×
195	$submit = _QUERYDB;	×
196	}
197
198	/* Return the input form to get more criteria from user */
199	if (	×
200	($submit == _ADDTIME) \|\|
201	($submit == _ADDADDRESS) \|\|
202	($submit == _ADDIPFIELD) \|\|
203	($submit == _ADDTCPPORT) \|\|
204	($submit == _ADDUDPPORT) \|\|
205	($submit == _ADDICMPFIELD) \|\|
206	($submit == _ADDPAYLOAD) \|\|
207	($submit == "TCP") \|\|
208	($submit == "UDP") \|\|
209	($submit == "ICMP") \|\|
210	($submit == _NOLAYER4)
211	)
212	{
213	include("$BASE_path/base_qry_form.php");	×
214	}elseif (	×
215	$qs->isCannedQuery() \|\| $new != 1 \|\|	×
216	$submit == _QUERYDB \|\| $submit == _QUERYDBP \|\| $submit == _SELECTED \|\|
217	$submit == _ALLONSCREEN \|\| $submit == _ENTIREQUERY
218	){ // Run the SQL Query and get results.
219	/* Init and run the action */
220	$criteria_clauses = ProcessCriteria();	×
221
222	$from = "FROM acid_event ".$criteria_clauses[0];	×
223	$where = "";	×
224	if( $criteria_clauses[1] != "" )	×
225	$where = "WHERE ".$criteria_clauses[1];	×
226
227	$qs->AddValidAction("ag_by_id");	×
228	$qs->AddValidAction("ag_by_name");	×
229	$qs->AddValidAction("add_new_ag");	×
230	$qs->AddValidAction("del_alert");	×
231	$qs->AddValidAction("email_alert");	×
232	$qs->AddValidAction("email_alert2");	×
233	$qs->AddValidAction("csv_alert");	×
234	$qs->AddValidAction("archive_alert");	×
235	$qs->AddValidAction("archive_alert2");	×
236
237	$qs->AddValidActionOp(_SELECTED);	×
238	$qs->AddValidActionOp(_ALLONSCREEN);	×
239	$qs->AddValidActionOp(_ENTIREQUERY);	×
240
241	$qs->SetActionSQL("SELECT acid_event.sid, acid_event.cid $from $where");	×
242	$et->Mark("Initialization");	×
243
244	$qs->RunAction($submit, PAGE_QRY_ALERTS, $db);	×
245	$et->Mark("Alert Action");	×
246
247	if ( $debug_mode > 0 ){	×
248	ErrorMessage("Initial/Canned Query or Sort Clicked");	×
249	}
250	include("$BASE_path/base_qry_sqlcalls.php");	×
251	}else{ // Return the input form to get more criteria from user.	×
252	include("$BASE_path/base_qry_form.php");	×
253	}
254	$qs->SaveState();	×
255	NLIO('</form>');	×
256	$et->Mark("Get Query Elements");	×
257	PrintBASESubFooter();	×
258	?>

NathanGibbs3 / BASE / 584

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous