NathanGibbs3 / BASE / 587

587

push

travis-ci-com

NathanGibbs3 
Merge branch 'devel'

504 of 504 new or added lines in 21 files covered. (100.0%)

2594 of 16816 relevant lines covered (15.43%)

20.97 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

25.42
/base_qry_common.php
1 
<?php
2 
// Basic Analysis and Security Engine (BASE)
3 
// Copyright (C) 2019-2023 Nathan Gibbs
4 
// Copyright (C) 2004 BASE Project Team
5 
// Copyright (C) 2000 Carnegie Mellon University
6 
//
7 
//   For license info: See the file 'base_main.php'
8 
//
9 
//       Project Lead: Nathan Gibbs
10 
// Built upon work by: Kevin Johnson & the BASE Project Team
11 
//                     Roman Danyliw <rdd@cert.org>, <roman@danyliw.com>
12 
//
13 
//            Purpose: support routines for processing criteria
14 
//
15 
//          Author(s): Nathan Gibbs
16 
//                     Kevin Johnson
17 









18



defined( '_BASE_INC' ) or die( 'Accessing this file directly is not allowed.' );










19



include_once("$BASE_path/includes/base_signature.inc.php");










20












21



function PrintCriteriaState(){










22



        GLOBAL $layer4, $new, $submit, $sort_order, $num_result_rows,










23



        $current_view, $caller, $action, $action_arg, $debug_mode;










24



        if ( $debug_mode >= 2 ){




×







25



      echo "<PRE>";




×







26



      echo "<B>"._SENSOR.":</B> ".$_SESSION['sensor']."<BR>\n".




×







27



           "<B>AG:</B> ".$_SESSION['ag']."<BR>\n".




×







28



           "<B>"._QCSIG."</B>\n";










29



                if ( isset($_SESSION['sig']) ){




×







30



                        print_r($_SESSION['sig']);




×







31



                }










32



      echo "<BR><B>time struct (".$_SESSION['time_cnt']."):</B><BR>";




×







33



      print_r($_SESSION['time']);




×







34



      echo "<BR><B>"._QCIPADDR." (".$_SESSION['ip_addr_cnt']."):</B><BR>";




×







35



      print_r($_SESSION['ip_addr']);




×







36



      echo "<BR><B>"._QCIPFIELDS." (".$_SESSION['ip_field_cnt']."):</B><BR>";




×







37



      print_r($_SESSION['ip_field']);




×







38



      echo "<BR><B>"._QCTCPPORTS." (".$_SESSION['tcp_port_cnt']."):</B><BR>";




×







39



      print_r($_SESSION['tcp_port']);




×







40



      echo "<BR><B>"._QCTCPFLAGS."</B><BR>";




×







41



      print_r($_SESSION['tcp_flags']);




×







42



      echo "<BR><B>"._QCTCPFIELD." (".$_SESSION['tcp_field_cnt']."):</B><BR>";




×







43



      print_r($_SESSION['tcp_field']);




×







44



      echo "<BR><B>"._QCUDPPORTS." (".$_SESSION['udp_port_cnt']."):</B><BR>";




×







45



      print_r($_SESSION['udp_port']);




×







46



      echo "<BR><B>"._QCUDPFIELDS." (".$_SESSION['udp_field_cnt']."):</B><BR>";




×







47



      print_r($_SESSION['udp_field']);




×







48



      echo "<BR><B>"._QCICMPFIELDS." (".$_SESSION['icmp_field_cnt']."):</B><BR>";




×







49



      print_r($_SESSION['icmp_field']);




×







50



      echo "<BR><B>RawIP field (".$_SESSION['rawip_field_cnt']."):</B><BR>";




×







51



      print_r($_SESSION['rawip_field']);




×







52



      echo "<BR><B>"._QCDATA." (".$_SESSION['data_cnt']."):</B><BR>";




×







53



      print_r($_SESSION['data']);




×







54



      echo "</PRE>";




×







55



   }










56



        if ( $debug_mode >= 1 ){




×







57



      echo "<PRE>










58



            <B>new:</B> '$new'   










59



            <B>submit:</B> '$submit'










60



            <B>sort_order:</B> '$sort_order'










61



            <B>num_result_rows:</B> '$num_result_rows'  <B>current_view:</B> '$current_view'










62



            <B>layer4:</B> '$layer4'  <B>caller:</B> '$caller'










63



            <B>action:</B> '$action'  <B>action_arg:</B> '$action_arg'










64



            </PRE>";










65



        }










66



}










67












68



function FieldRows2sql($field, $cnt, &$s_sql)










69



{










70



  $tmp2 = "";




×







71












72



  if (!is_array($field))




×







73



        $field = array();




×







74












75



  for ( $i = 0; $i < $cnt; $i++ )




×







76



  {










77



      $tmp = "";




×







78



      if ( $field[$i][3] != "" && $field[$i][1] != " ")




×







79



      {










80



         $tmp = $field[$i][0]." ".$field[$i][1]." ".$field[$i][2]." '".




×







81



                $field[$i][3]."' ".$field[$i][4]." ".$field[$i][5];




×







82



      }










83



      else










84



      {










85



         if ( $field[$i][3] != "" && $field[$i][1] == " ")




×







86



            ErrorMessage("<B>"._QCERRCRITWARN."</B> "._QCERRVALUE." '".$field[$i][3]."' "._QCERRSPECFIELD);




×







87



         if ( ($field[$i][1] != " " && $field[$i][1] != "") && $field[$i][3] == "" )




×







88



            ErrorMessage("<B>"._QCERRCRITWARN."</B> "._QCERRFIELD." '".$field[$i][1]."' "._QCERRSPECVALUE);




×







89



      }










90



      $tmp2 = $tmp2.$tmp;




×







91












92



      if ( $i > 0 && $field[$i-1][5] == ' ' )




×







93



         ErrorMessage("<B>"._QCERRCRITWARN."</B> "._QCERRBOOLEAN);




×







94



  }










95












96



  if ( $tmp2 != "" )




×







97



  {










98



     $s_sql = $s_sql." AND ( ".$tmp2." )";




×







99



     return 1;




×







100



  }










101












102



  return 0;




×







103



}










104












105



// Returns a two digit string representing part of a time format.










106



function FormatTimeDigit( $time_digit ){










107



        $Ret = '00'; // Default Return, if we are passed non-numeric input.




88





108



        $tmp = trim($time_digit);




88





109



        if ( is_numeric($tmp) ){




88





110



                if ( strlen($tmp) == 1 ){




66





111



                        $tmp = "0$tmp";




44





112



                }




16





113



                $Ret = $tmp;




66





114



        }




24





115



        return $Ret;




88





116



}










117












118



function addSQLItem(&$sstring, $what_to_add)










119



{










120



   $sstring = (strlen($sstring) == 0 ) ? "($what_to_add" : "$sstring AND $what_to_add";




×







121



}










122












123



// Adds valid date/time selection SQL to the 3rd param.










124



// Returns 1 on SQL added.










125



// Returns 0 on no SQL added.










126



function DateTimeRows2sql( $field, $cnt, &$s_sql ){










127



        GLOBAL $db, $debug_mode;




238





128



        // $field is an array containing 2 arrays.










129



        // Each has 10 elements describing time criteria.










130



        // The first one is sarting, the second ending criteria.










131



        // The is based on TimeCriteria class as defined in:










132



        // ./includes/base_state_citems.inc.php










133



        // However $field is not necessarily a TimeCriteria class.










134



        //        [][0]        Empty or (










135



        //        [][1]        Logical Operators: =, !=, <, <=, >, >=










136



        //                        "" or " "        Empty or space on empty.










137



        //        2-7                ""                        Empty on empty.










138



        //        [][2]        month                [][6]        minute










139



        //        [][3]        day                        [][7]        second










140



        //        [][4]        year                [][8]        Empty, (, or )










141



        //        [][5]        hour










142



        //        [][9]        AND, OR










143



        //                        SQL Logical Operator in start array when second array is used.










144



        $Ret = 0; // Default Return Value.




340





145



        if ( is_array($field) && is_numeric($cnt) ){ // Input validation.




340





146



                // Setup










147



                $tmp2 = '';




300





148



                $allempty = false;




300





149



                $minsec = array( // Shim for ambiguous search criteria.




60





150



                        '>=' => '00', '<=' => '59', '>' => '00', '<' => '00', '!=' => '00'




210





151



                );




90





152



                $EPfx = '<b>'._QCERRCRITWARN.'</b> '; // Error Message Prefix




300





153



                for ( $i = 0; $i < $cnt; $i++ ){




300





154



                        $tmp = '';




300





155



                        if (










156



                                isset($field[$i]) && is_array($field[$i])




300





157



                                && count($field[$i]) == 10




300





158



                        ){ // Data Structure Validation.




90





159



                                // Set & sanitize Index Values










160



                                $fstart = CleanVariable($field[$i][0], VAR_OPAREN, array (''));




300





161



                                $op = CleanVariable(




300





162



                                        $field[$i][1], '',




300





163



                                        array('=', '!=', '<', '<=', '>', '>=')




300





164



                                );




90





165



                                $month = CleanVariable($field[$i][2], VAR_DIGIT);




300





166



                                $day = CleanVariable($field[$i][3], VAR_DIGIT);




300





167



                                $year = CleanVariable($field[$i][4], VAR_DIGIT);




300





168



                                $hour = CleanVariable($field[$i][5], VAR_DIGIT);




300





169



                                $minute = CleanVariable($field[$i][6], VAR_DIGIT);




300





170



                                $second = CleanVariable($field[$i][7], VAR_DIGIT);




300





171



                                $fstop = CleanVariable(




300





172



                                        $field[$i][8], VAR_OPAREN | VAR_CPAREN, array ('')




300





173



                                );




90





174



                                $SQLOP = CleanVariable($field[$i][9], '', array('AND', 'OR'));




300





175



                                // Catch error conditions.










176



                                // This could be a place to stop Issue #126 input from










177



                                // turning into invalid SQL.










178



//                                if ( $fstart != '' || $fstop != '' )










179



//                                if ( $fstart != '(' || ( $fstop != '(' && $fstop != ')' )










180



//                                ){ // Invalid Criteria










181



//                                        ErrorMessage($EPfx._ERRCRITELEM);










182



//                                        break;










183



//                                }










184



                                if (










185



                                        $cnt > 1 && $i % 2 == 0 && $SQLOP == '' && is_numeric($year)




300





186



                                ){ // Multi. Criteria with no SQL Op.




90





187



                                        ErrorMessage($EPfx._QCERRDATEBOOL);




20





188



                                        break;




20





189



                                }










190



                                if ( $op == '' && (




280





191



                                        is_numeric($month) || is_numeric($day) || is_numeric($year)




214





192



                                ) ){ // No logical op error.




84





193



                                        ErrorMessage(




20





194



                                                $EPfx._QCERRDATETIME." '".




16





195



                                                implode ('-',array($year, $month, $day)) .' '.




20





196



                                                implode (':',array($hour, $minute, $second))




20





197



                                                ."' "._QCERROPERSELECT




14





198



                                        );




6





199



                                        break;




20





200



                                }










201



                                if ( $op != '' ){




260





202



                                        if ( !is_numeric($year) && !is_numeric($hour)




220





203



                                        ){ // Not date or time.




66





204



                                                ErrorMessage(




40





205



                                                        $EPfx._QCERROPER." '$op' "._QCERRDATEVALUE




40





206



                                                );




12





207



                                                break;




40





208



                                        }










209



                                        if ( !is_numeric($year) && is_numeric($hour)




180





210



                                        ){ // Invlaid Hour




54





211



                                                ErrorMessage($EPfx._QCERRINVHOUR);




20





212



                                                break;




20





213



                                        }










214



                                        $t = '';




160





215



                                        //Build the SQL string when all ops but = are used.










216



                                        if ( $op != '=' ){




160





217



                                                if ( is_numeric($year) ){ // Year set.




160





218



                                                        // Create the date string. YYYY-MM-DD










219



                                                        // Catch 2 digit years, default to current century.










220



                                                        if ( strlen($year) <= 2 ){




160





221



                                                                $year = substr(date("Y"),0,2).




120





222



                                                                FormatTimeDigit($year);




120





223



                                                        }




36





224



                                                        if ( is_numeric($month) ){ // Month set.




160





225



                                                                $month = FormatTimeDigit($month);




140





226



                                                        }else{ // Month not set, default to January.




42





227



                                                                $month = '01';




20





228



                                                        }










229



                                                        if ( is_numeric($day) ){ // Day set.




160





230



                                                                $day = FormatTimeDigit($day);




60





231



                                                        }else{ // Day not set.




18





232



                                                                if ( $i == 0 ){ // Start criteria




100





233



                                                                        $day = '01'; // Default to 1st.




100





234



                                                                }else{ // Assume all months have 31 days.




30





235



                                                                        $day = '31';




20





236



                                                                        while (










237



                                                                                !checkdate( $month, $day, $year )




20





238



                                                                        ){ // Bring it into reality.




6





239



                                                                                --$day;




20





240



                                                                        }




6





241



                                                                }










242



                                                        }










243



                                                        $t = implode ('-',array($year, $month, $day));




160





244



                                                }




48





245



                                                // Time.










246



                                                $t .= ' ';




160





247



                                                if ( is_numeric($hour) ){ // Hour set.




160





248



                                                        $hour = FormatTimeDigit($hour);




60





249



                                                        if ( is_numeric($minute) ){ // Minute set.




60





250



                                                                $minute = FormatTimeDigit($minute);




40





251



                                                        }else{ // Minute not set, set defaults.




12





252



                                                                $minute = $minsec[$op];




20





253



                                                        }










254



                                                        if ( is_numeric($second) ){ // Second set.




60





255



                                                                $second = FormatTimeDigit($second);




20





256



                                                        }else{ // Second not set, set defaults.




6





257



                                                                $second = $minsec[$op];




40





258



                                                        }










259



                                                        $t .= implode (




60





260



                                                                ':',array($hour, $minute, $second)




60





261



                                                        );




18





262



                                                }else{ // Hour not set, shim ambiguous search criteria.




18





263



                                                        if(










264



                                                                ( $op == ">" || $op == "<=" ) &&




80





265



                                                                is_numeric($year)




100





266



                                                        ){ // Fixup for > or <= operators, add an extra day.




30





267



                                                                $t .= '23:59:59';




100





268



                                                        }else{ // Default to start of day.




30





269



                                                                $t .= '00:00:00';




100





270



                                                        }










271



                                                }










272



                                                if( $db->DB_type == 'oci8' ){ // Oracle DB.




160





273



                                                        // @codeCoverageIgnoreStart










274



                                                        // We have no way of testing Oracle functionality.










275



                                                        $tmp = " timestamp " . $op .










276



                                                        "to_date( '$t', 'YYYY-MM-DD HH24MISS' )";










277



                                                        // @codeCoverageIgnoreEnd










278



                                                }else{










279



                                                        if ( count($field) > 1 ){




160





280



                                                                // Better fix for bug #1199128










281



                                                                $empty_count = 0; // Empty value count.




160





282



                                                                // Count empty values in array $field[$i].










283



                                                                foreach ( $field[$i] as $val ){




160





284



                                                                        if ( empty($val) ){




160





285



                                                                                $empty_count += 1;




160





286



                                                                        }




48





287



                                                                }




48





288



                                                                // Count all values in array $field[$i].










289



                                                                $array_count = count( $field[1] );




160





290



                                                                // If count of empty valuess > (impossible) or










291



                                                                // = (possible) count of all values, then all










292



                                                                // are empty.










293



                                                                if ( $empty_count >= $array_count ){




160





294



                                                                        $allempty = true;




×







295



                                                                }










296



                                                                if ( $allempty ){ // Empty, dont process line.




160





297



                                                                        continue;




×







298



                                                                }else{ // Process line.










299



                                                                        $tmp = " timestamp " . $op . "'$t'";




160





300



                                                                }










301



                                                        }else{ // We have one criteria line, process it.




48





302



                                                                $tmp = " timestamp " . $op . "'$t'";




112





303



                                                        }










304



                                                }










305



                                        }else{ // Build SQL string when = operator is used.




48





306



                                                // NPG Performance wise, this query takes more time.










307



                                                // Consider rewriting this at some point.










308



                                                // Date.










309



                                                if ( is_numeric($year) ){ // Year set.




160





310



                                                        addSQLItem( $tmp,




160





311



                                                                $db->baseSQL_YEAR("timestamp", "=", $year)




160





312



                                                        );




48





313



                                                }




48





314



                                                if ( is_numeric($month) ){ // Month set.




160





315



                                                        addSQLItem( $tmp,




140





316



                                                                $db->baseSQL_MONTH("timestamp", "=", $month)




140





317



                                                        );




42





318



                                                }




42





319



                                                if ( is_numeric($day) ){ // Day set.




160





320



                                                        addSQLItem( $tmp,




60





321



                                                                $db->baseSQL_DAY("timestamp", "=", $day)




60





322



                                                        );




18





323



                                                }




18





324



                                                // Time.










325



                                                if ( is_numeric($hour) ){ // Hour set.




160





326



                                                        addSQLItem( $tmp,




60





327



                                                                $db->baseSQL_HOUR("timestamp", "=", $hour)




60





328



                                                        );




18





329



                                                }




18





330



                                                if ( is_numeric($minute) ){ // Minute set.




160





331



                                                        addSQLItem( $tmp,




40





332



                                                                $db->baseSQL_MINUTE("timestamp", "=", $minute)




40





333



                                                        );




12





334



                                                }




12





335



                                                if ( is_numeric($second) ){ // Second set.




160





336



                                                        addSQLItem( $tmp,




20





337



                                                                $db->baseSQL_SECOND("timestamp", "=", $second)




20





338



                                                        );




6





339



                                                }




6





340



                                                if ( $tmp == '' ){ // Neither date or time.




160





341



                                                        ErrorMessage(




×







342



                                                                $EPfx._QCERROPER." '$op' "._QCERRDATECRIT




×







343



                                                        );










344



                                                }else{










345



                                                        $tmp .= ')';




160





346



                                                }










347



                                        }










348



                                }




48





349



                                if ( $tmp != '' ){




200





350



                                        $tmp2 .= $field[$i][0] . $tmp . $field[$i][8] . ' ';




160





351



                                        if ( $i != $cnt -1 ){ // Catch Issue #132




160





352



                                                $tmp2 .= $SQLOP;




20





353



                                        }




6





354



                                }




48





355



                        }




60





356



                }




60





357



                if ( $tmp2 != '' ){




300





358



                        $s_sql .= ' AND ('.$tmp2.') ';




160





359



                        if ( $debug_mode > 0 ){




160





360



                                var_dump($field);




×







361



                                ErrorMessage( __FUNCTION__ . "() Returned SQL: $s_sql");




×







362



                        }










363



                        $Ret = 1;




160





364



                }




48





365



        }




90





366



        return $Ret;




340





367



}










368












369



function FormatPayload($payload_str, $data_encode)










370



/* Accepts a payload string and decides whether any conversion is necessary










371



   to create a sql call into the DB.  Currently we only are concerned with










372



   hex <=> ascii. 










373



 */










374



{










375



  /* if the source is hex strip out any spaces and \n */










376



  if ( $data_encode == "hex" )




×







377



  {










378



     $payload_str = str_replace("\n", "", $payload_str);




×







379



     $payload_str = str_replace(" ", "", $payload_str);




×







380



  }










381












382



  /* If both the source type and conversion type are the same OR










383



        no conversion type is specified THEN return the plain string */










384



  if ( ($data_encode[0] == $data_encode[1]) ||




×







385



       $data_encode[1] == " " )




×







386



       return $payload_str;




×







387



  else










388



  {










389



     $tmp = "";




×







390












391



     /* hex => ascii */










392



     if ( $data_encode[0] == "hex" && $data_encode[1] == "ascii" )




×







393



        for ( $i = 0; $i < strlen($payload_str); $i += 2)




×







394



        {










395



            $t = hexdec($payload_str[$i].$payload_str[$i+1]);




×







396



                 










397



            if ( $t > 32 && $t < ord("z"))




×







398



                 $tmp = $tmp.chr($t);




×







399



            else










400



                 $tmp = $tmp.'.';




×







401



        }










402












403



     /* ascii => hex */










404



     else if ( $data_encode[0] == "ascii" && $data_encode[1] == "hex" )




×







405



        for ( $i = 0; $i < strlen($payload_str); $i++ )




×







406



            $tmp = $tmp.dechex(ord($payload_str[$i]));




×







407












408



     return strtoupper($tmp);




×







409



  }










410












411



  return "";    /* should be unreachable */










412



}










413












414



function DataRows2sql($field, $cnt, $data_encode, &$s_sql)










415



{










416



  $tmp2 = "";




×







417



  for ( $i = 0; $i < $cnt; $i++ )




×







418



  {










419



      $tmp = "";




×







420



      if ( $field[$i][2] != "" && $field[$i][1] != " ")




×







421



      {










422



         $tmp = $field[$i][0]." data_payload ".$field[$i][1]." '%".FormatPayload($field[$i][2], $data_encode).




×







423



                "%' ".$field[$i][3]."".$field[$i][4]." ".$field[$i][5];




×







424



      }










425



      else










426



      {










427



         if ( $field[$i][2] != "" && $field[$i][1] == " ")




×







428



            ErrorMessage("<B>"._QCERRCRITWARN."</B> "._QCERRPAYLOAD." '".$field[$i][2]."' "._QCERRPAYCRITOPER);




×







429



         if ( ($field[$i][1] != " " && $field[$i][1] != "") && $field[$i][2] == "" )




×







430



            ErrorMessage("<B>"._QCERRCRITWARN."</B> "._QCERROPER." '".$field[$i][1]."' "._QCERRPAYCRITVALUE);




×







431



      }










432



      $tmp2 = $tmp2.$tmp;




×







433












434



      if ( $i > 0 && $field[$i-1][4] == ' ' )




×







435



         ErrorMessage("<B>"._QCERRCRITWARN."</B> "._QCERRPAYBOOL);




×







436



  }










437












438



  if ( $tmp2 != "" )




×







439



  {










440



     $s_sql = $s_sql." AND ( ".$tmp2." )";




×







441



     return 1;




×







442



  }










443












444



  return 0;




×







445



}










446



function PrintCriteria( $caller ){










447



        GLOBAL $db, $cs, $last_num_alerts, $save_criteria, $debug_mode, $UIL;




56





448



        if ( !is_object($cs) ){ // Issue #5




80





449



                ErrorMessage('Invalid CriteriaState Object.', 0,1);




×







450



        }else{










451



                if ( $debug_mode > 0 ){




80





452



                        ErrorMessage(__FUNCTION__." CALLER: ($caller)", 'black', 1);




×







453



                }










454



                if ( class_exists('UILang') ){ // Issue 11 backport shim.




80





455



                        $CPLast = $UIL->CWA['Last'];




×







456



                        $CPAlert = $UIL->CWA['Alert'];




×







457



                }else{










458



                        $CPLast = _LAST;




80





459



                        $CPAlert = _ALERT;




80





460



                }










461



                // Generate the Criteria entered into a human readable form.










462



                // Search criteria Display










463



                // Table Title needs to be translated.










464



                $CS = 'width: 35%;'; // Common Style Hack




80





465



                $save_criteria =




16





466



                FramedBoxHeader('Search Criteria','black',0,2,'',30).




80





467



                NLI("<td class='metatitle' style='$CS'>"._QCMETACRIT.'</td>',4).




80





468



                NLI('<td>',4);




80





469



                // If printing any of the LAST-X stats then ignore all other criteria.










470



                if (










471



                        $caller == 'last_tcp' || $caller == 'last_udp'




64





472



                        || $caller == 'last_icmp' || $caller == 'last_any'




58





473



                ){




24





474



                        $save_criteria .= "&nbsp;&nbsp;$CPLast $last_num_alerts ";




80





475



                        if ( $caller == 'last_tcp' ){




80





476



                                $save_criteria .= 'TCP ';




20





477



                        }elseif ( $caller == 'last_udp' ){




66





478



                                $save_criteria .= 'UDP ';




20





479



                        }elseif ( $caller == 'last_icmp' ){




46





480



                                $save_criteria .= 'ICMP ';




20





481



                        }




6





482



                        $save_criteria .= $CPAlert.'&nbsp;&nbsp;'.




80





483



                        FramedBoxFooter(1,2);




80





484



                        print $save_criteria;




80





485



                        return;




80





486



                }










487



                // Meta Criteria










488



                $tmp_len = strlen($save_criteria);




×







489



                $save_criteria .= $cs->criteria['sensor']->Description('');




×







490



                $save_criteria .= $cs->criteria['sig']->Description('');




×







491



                $save_criteria .= $cs->criteria['sig_class']->Description('');




×







492



                $save_criteria .= $cs->criteria['sig_priority']->Description('');




×







493



                $save_criteria .= $cs->criteria['ag']->Description('');




×







494



                $save_criteria .= $cs->criteria['time']->Description('');




×







495



                // Common Text










496



                $APH = '<i>&nbsp;&nbsp;'._ANY.'&nbsp;&nbsp;</i>';




×







497



                $NTR = '</td>'.NLI('</tr><tr>',3); // New Table Row.




×







498



                if ( $tmp_len == strlen($save_criteria) ){




×







499



                        $save_criteria .= $APH;




×







500



                }










501



                $save_criteria .= $NTR;




×







502



                // IP Criteria










503



                $save_criteria .= NLI(




×







504



                        "<td class='iptitle' style='$CS'>"._QCIPCRIT.'</td>', 4




×







505



                ).NLI('<td>',3);




×







506



                if (










507



                        !$cs->criteria['ip_addr']->isEmpty() ||




×







508



                        !$cs->criteria['ip_field']->isEmpty()




×







509



                ){










510



                        $save_criteria .= $cs->criteria['ip_addr']->Description('');




×







511



                        $save_criteria .= $cs->criteria['ip_field']->Description('');




×







512



                }else{










513



                        $save_criteria .= $APH;




×







514



                }










515



                $save_criteria .= $NTR;




×







516



                // Layer 4 Criteria










517



                $save_criteria .= NLI("<td class='layer4title' style='$CS'>",4);




×







518



                $save_criteria .= $cs->criteria['layer4']->Description('');




×







519



                $save_criteria .= '</td>'.










520



                NLI('<td>',4);




×







521



                if ( $cs->criteria['layer4']->Get() == 'TCP' ){




×







522



                        if (










523



                                !$cs->criteria['tcp_port']->isEmpty()




×







524



                                || !$cs->criteria['tcp_flags']->isEmpty()




×







525



                                || !$cs->criteria['tcp_field']->isEmpty()




×







526



                        ){










527



                                $save_criteria .= $cs->criteria['tcp_port']->Description('');




×







528



                                $save_criteria .= $cs->criteria['tcp_flags']->Description('');




×







529



                                $save_criteria .= $cs->criteria['tcp_field']->Description('');




×







530



                        }else{










531



                                $save_criteria .= $APH;




×







532



                        }










533



                }elseif ( $cs->criteria['layer4']->Get() == 'UDP' ){




×







534



                        if (










535



                                !$cs->criteria['udp_port']->isEmpty()




×







536



                                || !$cs->criteria['udp_field']->isEmpty()




×







537



                        ){










538



                                $save_criteria .= $cs->criteria['udp_port']->Description('');




×







539



                                $save_criteria .= $cs->criteria['udp_field']->Description('');




×







540



                        }else{










541



                                $save_criteria .= $APH;




×







542



                        }










543



                }elseif ( $cs->criteria['layer4']->Get() == 'ICMP' ){




×







544



                        if ( !$cs->criteria['icmp_field']->isEmpty() ) {




×







545



                                $save_criteria .= $cs->criteria['icmp_field']->Description('');




×







546



                        }else{










547



                                $save_criteria .= $APH;




×







548



                        }










549



                }elseif ( $cs->criteria['layer4']->Get() == 'RawIP' ){




×







550



                        if ( !$cs->criteria['rawip_field']->isEmpty() ) {




×







551



                                $save_criteria .= $cs->criteria['rawip_field']->Description('');




×







552



                        }else{










553



                                $save_criteria .= $APH;




×







554



                        }










555



                }else{










556



                        $save_criteria .= '<i>&nbsp;&nbsp;'._NONE.'&nbsp;&nbsp;</i>';




×







557



                }










558



                $save_criteria .= $NTR;




×







559



                // Payload Criteria










560



                $save_criteria .= NLI(




×







561



                        "<td class='payloadtitle' style='$CS'>"._QCPAYCRIT.'</td>', 4




×







562



                ).NLI('<td>',4);




×







563



                if ( !$cs->criteria['data']->isEmpty() ){




×







564



                        $save_criteria .= $cs->criteria['data']->Description('');




×







565



                }else{










566



                        $save_criteria .= $APH;




×







567



                }










568



                $save_criteria .= FramedBoxFooter(1,2);




×







569



                if ( class_exists('UILang') ){ // Issue 11 backport shim.




×







570



                        $UIL->SetUILocale();




×







571



                }else{










572



                        if ( !setlocale (LC_TIME, _LOCALESTR1) ){




×







573



                                if ( !setlocale (LC_TIME, _LOCALESTR2) ){




×







574



                                        setlocale (LC_TIME, _LOCALESTR3);




×







575



                                }










576



                        }










577



                }










578



                $save_criteria = NLIO(




×








579



                        '<b>'._QUERIED.'</b>: '.date('D F d, Y H:i:s'),2




×







580



                        ).










581



                $save_criteria;










582



                print $save_criteria;




×







583



        }










584



}










585












586



/********************************************************************************************/










587



function ProcessCriteria(){










588



        GLOBAL $db, $join_sql, $where_sql, $criteria_sql, $sql, $debug_mode,










589



        $caller, $DBtype;










590



  /* the JOIN criteria */










591



  $ip_join_sql  = " LEFT JOIN iphdr ON acid_event.sid=iphdr.sid AND acid_event.cid=iphdr.cid ";




×







592



  $tcp_join_sql = " LEFT JOIN tcphdr ON acid_event.sid=tcphdr.sid AND acid_event.cid=tcphdr.cid ";




×







593



  $udp_join_sql = " LEFT JOIN udphdr ON acid_event.sid=udphdr.sid AND acid_event.cid=udphdr.cid ";




×







594



  $icmp_join_sql= " LEFT JOIN icmphdr ON acid_event.sid=icmphdr.sid AND acid_event.cid=icmphdr.cid ";




×







595



  $rawip_join_sql= " LEFT JOIN iphdr ON acid_event.sid=iphdr.sid AND acid_event.cid=iphdr.cid ";




×







596



  $data_join_sql= " LEFT JOIN data ON acid_event.sid=data.sid AND acid_event.cid=data.cid ";




×







597



  $ag_join_sql  = " LEFT JOIN acid_ag_alert ON acid_event.sid=acid_ag_alert.ag_sid AND acid_event.cid=acid_ag_alert.ag_cid "; 




×







598












599



  $sig_join_sql = "";




×







600












601



  $sql = "SELECT acid_event.sid, acid_event.cid, signature, timestamp, ".










602



         "acid_event.ip_src, acid_event.ip_dst, acid_event.ip_proto FROM acid_event";










603



 










604



  // This needs to be examined!!! -- Kevin










605



  $where_sql = " WHERE ";




×







606



  //$where_sql = "";










607



  // $criteria_sql = " acid_event.sid > 0";










608



  $criteria_sql = " 1 = 1 ";




×







609



  $join_sql = "";




×







610












611



  /* ********************** Meta Criteria ******************************************** */










612












613



  /* XXX-SEC */










614



  GLOBAL $cs;










615












616



        if (is_object($cs)){ // Issue #5




×







617



  $sig = $cs->criteria['sig']->criteria;




×







618



  $sig_type = $cs->criteria['sig']->sig_type;




×







619



  $sig_class = $cs->criteria['sig_class']->criteria;




×







620



  $sig_priority = $cs->criteria['sig_priority']->criteria;




×







621



  $ag = $cs->criteria['ag']->criteria;




×







622



  $sensor = $cs->criteria['sensor']->criteria;




×







623



  $time = $cs->criteria['time']->criteria;




×







624



  $time_cnt = $cs->criteria['time']->GetFormItemCnt();




×







625



  $ip_addr = $cs->criteria['ip_addr']->criteria;




×







626



  $ip_addr_cnt = $cs->criteria['ip_addr']->GetFormItemCnt();




×







627



  $layer4 = $cs->criteria['layer4']->criteria;




×







628



  $ip_field = $cs->criteria['ip_field']->criteria;




×







629



  $ip_field_cnt = $cs->criteria['ip_field']->GetFormItemCnt();




×







630



  $tcp_port = $cs->criteria['tcp_port']->criteria;




×







631



  $tcp_port_cnt = $cs->criteria['tcp_port']->GetFormItemCnt();




×







632



  $tcp_flags = $cs->criteria['tcp_flags']->criteria;




×







633



  $tcp_field = $cs->criteria['tcp_field']->criteria;




×







634



  $tcp_field_cnt = $cs->criteria['tcp_field']->GetFormItemCnt();




×







635



  $udp_port = $cs->criteria['udp_port']->criteria;




×







636



  $udp_port_cnt = $cs->criteria['udp_port']->GetFormItemCnt();




×







637



  $udp_field = $cs->criteria['udp_field']->criteria;




×







638



  $udp_field_cnt = $cs->criteria['udp_field']->GetFormItemCnt();




×







639



  $icmp_field = $cs->criteria['icmp_field']->criteria;




×







640



  $icmp_field_cnt= $cs->criteria['icmp_field']->GetFormItemCnt();




×







641



  $rawip_field = $cs->criteria['rawip_field']->criteria;




×







642



  $rawip_field_cnt= $cs->criteria['rawip_field']->GetFormItemCnt();




×







643



  $data = $cs->criteria['data']->criteria;




×







644



  $data_cnt = $cs->criteria['data']->GetFormItemCnt();




×







645



  $data_encode = $cs->criteria['data']->data_encode;




×







646



        }










647



        $tmp_meta = "";




×







648



        // Sensor










649



        if ( isset($sensor) && $sensor != "" && $sensor != " " ){




×







650



     $tmp_meta = $tmp_meta." AND acid_event.sid='".$sensor."'";




×







651



        }else{










652



                if (is_object($cs)){ // Issue #5




×







653



     $cs->criteria['sensor']->Set("");




×







654



                }










655



        }










656



        // Alert Group










657



        if ( isset($ag) && $ag != "" && $ag != " " ){




×







658



     $tmp_meta = $tmp_meta." AND ag_id =".$ag;




×







659



     $join_sql = $join_sql.$ag_join_sql;




×







660



        }else{










661



                if (is_object($cs)){ // Issue #5




×







662



     $cs->criteria['ag']->Set("");




×







663



                }










664



        }










665



        // Signature










666



        // xxx jl










667



        if ($debug_mode > 0 ){




×







668



                if ( isset($_SESSION['sig']) ){




×







669



                        print "<BR>\n\$_SESSION['sig'] = <PRE>\n";




×







670



                        print_r($_SESSION['sig']);




×







671



                        print "</PRE>\n";




×







672



                }










673



    print "\$sig[0] = \"" . $sig[0] . "\"<BR>\n";




×







674



    print "\$sig[1] = \"" . $sig[1] . "\"<BR>\n";




×







675



    print "\$sig[2] = \"" . $sig[2] . "\"<BR>\n";




×







676



    print "\$sig[3] = \"" . $sig[3] . "\"<BR>\n";




×







677



    print "<BR>\n";




×







678



        }










679



        if (










680



       (isset($sig[0]) && $sig[0] != " " && $sig[0] != "") && 




×







681



       (










682



         (isset($sig[1]) && $sig[1] != "" && $sig[1] != NULL) ||




×







683



         (isset($sig[3]) && $sig[3] != "" && $sig[3] != NULL)




×







684



       )










685



     )










686



  {










687



     $sig_neg = "";




×







688



     if ( $sig[2] == "!=" )




×







689



        $sig_neg = " NOT ";




×







690












691



     if ( $db->baseGetDBversion() >= 100 )




×







692



     {










693



        /* If given a sig ID instead of a name */










694



        if ( ($sig_type == 1) && ($sig[0] == "=") )




×







695



        {










696



           $tmp_meta = $tmp_meta." AND (signature='".$sig[1]."') ";




×







697



        }










698



        else










699



        {










700



           if (isset($sig[3]) && !empty($sig[3]) && $sig[3] != "" &&  $sig[3] != " " && $sig[3] != "NULL" && $sig[3] != "null" && $sig[3] != NULL)




×







701



           {










702



             $sig_name = $sig[3];




×







703



           }










704



           else










705



           {










706



             $sig_name = $sig[1];




×







707



           }










708












709



           // xxx jl










710



           if ($debug_mode > 0)




×







711



           {










712



             print "\$sig[1]   = \"$sig[1]\"<BR>\n";




×







713



             print "\$sig[3]   = \"$sig[3]\"<BR>\n";




×







714



             print "\$sig_name = \"$sig_name\"<BR><BR>\n\n";




×







715



           }










716












717



           if ( $sig[0] == "=" )




×







718



           {










719



              if ($db->DB_type != "mssql")




×







720



              {










721



                $tmp_meta = $tmp_meta." AND ".$sig_neg." (sig_name='". $sig_name . "') ";




×







722



              }










723



              else 










724



              {










725



                $tmp_meta = $tmp_meta." AND ".$sig_neg." (sig_name LIKE '".MssqlKludgeValue($sig_name) . "') ";




×







726



              }










727



           }










728



           else if ($sig[0] == "LIKE" )




×







729



           {










730



              $tmp_meta = $tmp_meta." AND ".$sig_neg." (sig_name LIKE '%" . $sig_name . "%') ";




×







731



           }










732



        }










733



     }










734



     else










735



     {










736



       if ( $sig[0] == "=" )




×







737



         $tmp_meta = $tmp_meta." AND ".$sig_neg." (signature='" . $sig_name . "') ";




×







738



       else if ($sig[0] == "LIKE" )




×







739



         $tmp_meta = $tmp_meta." AND ".$sig_neg." (signature LIKE '%" . $sig_name . "%') ";




×







740



     }










741



        }else{










742



                if (is_object($cs)){ // Issue #5




×







743



     $cs->criteria['sig']->Set("");




×







744



                }










745



        }










746



        // Signature Classification










747



        if (isset($sig_class)){




×







748



                if ( $sig_class != " " && $sig_class != "" && $sig_class != "0" ){




×







749



     $tmp_meta = $tmp_meta." AND sig_class_id = '".$sig_class."'";




×







750



                }else if ($sig_class == "0"){




×







751



     $tmp_meta = $tmp_meta." AND (sig_class_id is null OR sig_class_id = '0')";




×







752



                }else{










753



                        if (is_object($cs)){ // Issue #5




×







754



     $cs->criteria['sig_class']->Set("");




×







755



                        }










756



                }










757



        }










758



        // Signature Priority










759



        if (










760



                isset($sig_priority[1]) && $sig_priority[1] != " "




×







761



                && $sig_priority[1] != "" && $sig_priority[1] != "0"




×







762



        ){










763



     if ($sig_priority[0] != "" && $sig_priority[0] != " ")




×







764



     {










765



       $tmp_meta = $tmp_meta." AND sig_priority ".$sig_priority[0]." '".$sig_priority[1]."'";




×







766



     }










767



     else










768



     {










769



       $tmp_meta = $tmp_meta." AND sig_priority = '".$sig_priority[1]."'";




×







770



     }










771



        }else if (isset($sig_priority[1]) && $sig_priority[1] == "0"){




×







772



     $tmp_meta = $tmp_meta." AND (sig_priority is null OR sig_priority = '0')";




×







773



        }else{










774



                if (is_object($cs)){ // Issue #5




×







775



     $cs->criteria['sig_priority']->Set("");




×







776



                }










777



        }










778



        // Date/Time










779



        if ( isset($time) && isset($time_cnt) ){




×







780



                if ( DateTimeRows2sql($time, $time_cnt, $tmp_meta) == 0 ){




×







781



                        if (is_object($cs)){ // Issue #5




×







782



     $cs->criteria['time']->SetFormItemCnt(0);




×







783



                        }










784



                }










785



        }










786



  $criteria_sql = $criteria_sql.$tmp_meta;




×







787



        // IP Criteria










788



                // IP Addresses










789



  $tmp2 = "";




×







790



        if (isset($ip_addr_cnt)){




×







791



  for ( $i = 0; $i < $ip_addr_cnt; $i++ )




×







792



  {










793



     $tmp = "";




×







794



     if ( isset($ip_addr[$i][3]) && $ip_addr[$i][1] != " ")




×







795



     {










796



        if ( ($ip_addr[$i][3] != "") && ($ip_addr[$i][4] != "") &&




×







797



             ($ip_addr[$i][5] != "") && ($ip_addr[$i][6] != "" ) )




×







798



        {










799



           /* if use illegal 256.256.256.256 address then










800



            *  this is the special case where need to search for portscans










801



            */










802



           if ( ($ip_addr[$i][3] == "256") && ($ip_addr[$i][4] == "256") &&




×







803



                ($ip_addr[$i][5] == "256") && ($ip_addr[$i][6] == "256" ) )




×







804



           {










805



             $tmp = $tmp." acid_event.".$ip_addr[$i][1]." IS NULL"." ";




×







806



           }










807



           else










808



           {










809



             if ( $ip_addr[$i][10] == "" )




×







810



             {










811



             $tmp = $tmp." acid_event.".$ip_addr[$i][1].$ip_addr[$i][2]."'".




×







812



                    baseIP2long($ip_addr[$i][3].".". 




×







813



                                $ip_addr[$i][4].".".




×







814



                                $ip_addr[$i][5].".".




×







815



                                $ip_addr[$i][6])."' ";




×







816



             }










817



             else










818



             {










819



                $mask = getIPMask($ip_addr[$i][3].".". 




×







820



                                  $ip_addr[$i][4].".".




×







821



                                  $ip_addr[$i][5].".".




×







822



                                  $ip_addr[$i][6], $ip_addr[$i][10]);




×







823



                if ( $ip_addr[$i][2] == "!=" )




×







824



                   $tmp_op = " NOT ";




×







825



                else 










826



                   $tmp_op = "";




×







827












828



                $tmp = $tmp.$tmp_op." (acid_event.".$ip_addr[$i][1].">= '".




×







829



                               baseIP2long($mask[0])."' AND ".




×







830



                               "acid_event.".$ip_addr[$i][1]."<= '".




×







831



                               baseIP2long($mask[1])."')"; 




×







832



             }       










833



           }










834



        }










835



        /* if have chosen the address type to be both source and destination */










836



                if ( preg_match("/ip_both/", $tmp) )




×







837



                {










838



                        $tmp_src = preg_replace("/ip_both/","ip_src",$tmp);




×







839



                        $tmp_dst = preg_replace("/ip_both/","ip_dst",$tmp);




×







840



           










841



           if ( $ip_addr[$i][2] == '=' )




×







842



             $tmp = "(".$tmp_src.') OR ('.$tmp_dst.')';




×







843



           else










844



             $tmp = "(".$tmp_src.') AND ('.$tmp_dst.')';




×







845



        }










846



    










847



        if ( $tmp != "" )       




×







848



           $tmp = $ip_addr[$i][0]."(".$tmp.")".$ip_addr[$i][8].$ip_addr[$i][9];




×







849



     }










850



     else if ( (isset($ip_addr[$i][3]) && $ip_addr[$i][3] != "" ) || $ip_addr[$i][1] != " " )




×







851



     {










852



        /* IP_addr_type, but MALFORMED IP address */










853



        if ( $ip_addr[$i][1] != " " && $ip_addr[$i][3] == "" && 




×







854



             ($ip_addr[$i][4] != "" || $ip_addr[$i][5] != "" || $ip_addr[$i][6] != "" ) )




×







855



            ErrorMessage("<B>"._QCERRCRITWARN."</B> "._QCERRINVIPCRIT." ' *.".




×







856



                         $ip_addr[$i][4].".".$ip_addr[$i][5].".".$ip_addr[$i][6]." '");




×







857












858



        /* ADDRESS, but NO IP_addr_type was given */










859



        if ( isset($ip_addr[$i][3]) && $ip_addr[$i][1] == " ")




×







860



           ErrorMessage("<B>"._QCERRCRITWARN."</B> "._QCERRIP." '".




×







861



                        $ip_addr[$i][3].".".$ip_addr[$i][4].".".




×







862



                        $ip_addr[$i][5].".".$ip_addr[$i][6]."' "._QCERRCRITADDRESSTYPE);




×







863












864



        /* IP_addr_type IS FILLED, but no ADDRESS */










865



        if ( ($ip_addr[$i][1] != " " && $ip_addr[$i][1] != "") && $ip_addr[$i][3] == "" )




×







866



           ErrorMessage("<B>"._QCERRCRITWARN."</B> "._QCERRIPTYPE." '".




×







867



                        $ip_addr[$i][1]."' "._QCERRCRITIPADDRESSNONE1.$i.") "._QCERRCRITIPADDRESSNONE);




×







868



     }










869



     $tmp2 = $tmp2.$tmp;




×







870












871



     if ( ($i > 0 && $ip_addr[$i-1][9] == ' ' && $ip_addr[$i-1][3] != "") )




×







872



        ErrorMessage("<B>"._QCERRCRITWARN."</B> "._QCERRCRITIPIPBOOL." #$i and #".($i+1).".");




×







873



  }










874



        }










875



        if ( $tmp2 != "" ){




×







876



     $criteria_sql = $criteria_sql." AND ( ".$tmp2." )";  




×







877



        }else{










878



                if (is_object($cs)){ // Issue #5




×







879



     $cs->criteria['ip_addr']->SetFormItemCnt(0);




×







880



                }










881



        }










882



                // IP Fields










883



        if (isset($ip_field) && isset($ip_field_cnt)){




×







884



                if ( FieldRows2sql($ip_field, $ip_field_cnt, $criteria_sql) == 0 ){




×







885



                        if (is_object($cs)){ // Issue #5




×







886



     $cs->criteria['ip_field']->SetFormItemCnt(0);




×







887



                        }










888



                }










889



        }










890



        // Layer-4 encapsulation










891



        if (isset($layer4)){




×







892



  if ( $layer4 == "TCP" )




×







893



     $criteria_sql = $criteria_sql." AND acid_event.ip_proto= '6'";  




×







894



  else if ( $layer4 == "UDP" )




×







895



     $criteria_sql = $criteria_sql." AND acid_event.ip_proto= '17'";




×







896



  else if ( $layer4 == "ICMP" )




×







897



     $criteria_sql = $criteria_sql." AND acid_event.ip_proto= '1'";




×







898



  else if ( $layer4 == "RawIP" )




×







899



     $criteria_sql = $criteria_sql." AND acid_event.ip_proto= '255'";




×







900



  else{










901



                        if (is_object($cs)){ // Issue #5




×







902



     $cs->criteria['layer4']->Set("");




×







903



                        }










904



                }










905



        // Join the iphdr table if necessary










906



                if (is_object($cs)){ // Issue #5




×







907



  if ( !$cs->criteria['ip_field']->isEmpty() )




×







908



     $join_sql = $ip_join_sql.$join_sql;




×







909



                }










910



        // TCP Criteria










911



if ( $layer4 == "TCP" ){




×







912



  $proto_tmp = "";




×







913



                // TCP Ports










914



                if ( FieldRows2sql($tcp_port, $tcp_port_cnt, $proto_tmp) == 0 ){




×







915



                        if (is_object($cs)){ // Issue #5




×







916



     $cs->criteria['tcp_port']->SetFormItemCnt(0);




×







917



                        }










918



                }










919



  $criteria_sql = $criteria_sql.$proto_tmp;




×







920



  










921



  $proto_tmp = "";




×







922



  /* TCP Flags */










923



  if ( isset($tcp_flags) && sizeof($tcp_flags) == 8)




×







924



  {










925



    if ( $tcp_flags[0] == "contains" || $tcp_flags[0] == "is" )




×







926



    {










927



      $flag_tmp = $tcp_flags[1]+$tcp_flags[2]+$tcp_flags[3]+$tcp_flags[4]+




×







928



                  $tcp_flags[5]+$tcp_flags[6]+$tcp_flags[7]+$tcp_flags[8];




×







929



      if ( $tcp_flags[0] == "is" )




×







930



        $proto_tmp = $proto_tmp.' AND tcp_flags='.$flag_tmp;




×







931



      else if ( $tcp_flags[0] == "contains" )




×







932



        $proto_tmp = $proto_tmp.' AND (tcp_flags & '.$flag_tmp.' = '.$flag_tmp." )";




×







933



      else 










934



        $proto_tmp = "";




×







935



    }










936



  }










937



                // TCP Fields










938



                if (is_object($cs)){ // Issue #5




×







939



                        if ( FieldRows2sql($tcp_field, $tcp_field_cnt, $proto_tmp) == 0 ){




×







940



     $cs->criteria['tcp_field']->SetFormItemCnt(0);




×







941



                        }










942



                // TCP Options - not implemented










943



  if ( !$cs->criteria['tcp_port']->isEmpty() || !$cs->criteria['tcp_flags']->isEmpty() || !$cs->criteria['tcp_field']->isEmpty() )




×







944



  {










945



     $criteria_sql = $criteria_sql.$proto_tmp;




×







946



     if ( !$cs->criteria['tcp_flags']->isEmpty() || !$cs->criteria['tcp_field']->isEmpty() )




×







947



        $join_sql = $tcp_join_sql.$join_sql;




×







948



  }










949



                }










950



}










951



        // UDP Criteria










952



if ( $layer4 == "UDP" ){




×







953



  $proto_tmp = "";




×







954



                // UDP Ports










955



                if ( FieldRows2sql($udp_port, $udp_port_cnt, $proto_tmp) == 0 ){




×







956



                        if (is_object($cs)){ // Issue #5




×







957



     $cs->criteria['udp_port']->SetFormItemCnt(0);




×







958



                        }










959



                }










960



  $criteria_sql = $criteria_sql.$proto_tmp;




×







961



  $proto_tmp = "";




×







962



                // UDP Fields










963



                if (is_object($cs)){ // Issue #5




×







964



                        if ( FieldRows2sql($udp_field, $udp_field_cnt, $proto_tmp) == 0 ){




×







965



     $cs->criteria['udp_field']->SetFormItemCnt(0);




×







966



                        }










967



  if ( !$cs->criteria['udp_port']->isEmpty() || !$cs->criteria['udp_field']->isEmpty() )




×







968



  {










969



     $criteria_sql = $criteria_sql.$proto_tmp;




×







970



     if ( !$cs->criteria['udp_field']->isEmpty() )




×







971



        $join_sql = $udp_join_sql.$join_sql;




×







972



  }










973



                }










974



}










975



        // ICMP Criteria










976



if ( $layer4 == "ICMP" ){




×







977



  $proto_tmp = "";




×







978



                // ICMP Fields










979



                if (is_object($cs)){ // Issue #5




×







980



                        if ( FieldRows2sql($icmp_field, $icmp_field_cnt, $proto_tmp) == 0 ){




×







981



     $cs->criteria['icmp_field']->SetFormItemCnt(0);




×







982



                        }










983



  if ( !$cs->criteria['icmp_field']->isEmpty() )




×







984



  {










985



     $criteria_sql = $criteria_sql.$proto_tmp;




×







986



     $join_sql = $icmp_join_sql.$join_sql;




×







987



  }










988



                }










989



}










990



        // Packet Scan Criteria










991



if ( $layer4 == "RawIP" ){




×







992



  $proto_tmp = "";




×







993



                // RawIP Fields










994



                if (is_object($cs)){ // Issue #5




×







995



  if ( FieldRows2sql($rawip_field, $rawip_field_cnt, $proto_tmp) == 0 )




×







996



     $cs->criteria['rawip_field']->SetFormItemCnt(0);




×







997












998



  if ( !$cs->criteria['rawip_field']->isEmpty() )




×







999



  {










1000



     $criteria_sql = $criteria_sql.$proto_tmp;




×







1001



     $join_sql = $rawip_join_sql.$join_sql;




×







1002



  }










1003



                }










1004



        }










1005



}










1006



        // Payload Criteria










1007



  $tmp_payload = "";




×







1008



        if (is_object($cs)){ // Issue #5




×







1009



  if ( DataRows2sql($data, $data_cnt, $data_encode, $tmp_payload) == 0 )




×







1010



     $cs->criteria['data']->SetFormItemCnt(0);




×







1011












1012



  if ( !$cs->criteria['data']->isEmpty() )




×







1013



  {










1014



     $criteria_sql = $criteria_sql.$tmp_payload;




×







1015



     $join_sql = $data_join_sql.$join_sql;




×







1016



  }










1017



        }










1018



  $csql[0] = $join_sql;




×







1019



  $csql[1] = $criteria_sql;




×







1020



        return $csql;




×







1021



}










1022



?>
























    

  • 

    •