NathanGibbs3 / BASE / 587

pending completion

Build # 587

Build Type

push

travis-ci-com

Committed by

NathanGibbs3

Commit Message

Merge branch 'devel'

Run Details

504 of 504 new or added lines in 21 files covered. (100.0%)

2594 of 16816 relevant lines covered (15.43%)

20.97 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

0.0

/base_stat_class.php

<?php
/*******************************************************************************
** Basic Analysis and Security Engine (BASE)
** Copyright (C) 2004 BASE Project Team
** Copyright (C) 2000 Carnegie Mellon University
**
** (see the file 'base_main.php' for license details)
**
** Project Leads: Kevin Johnson <kjohnson@secureideas.net>
**                Sean Muller <samwise_diver@users.sourceforge.net>
** Built upon work by Roman Danyliw <rdd@cert.org>, <roman@danyliw.com>
**
** Purpose: Displays statistics on the detected alerts   
**
** Input GET/POST variables
**   - caller
**   - submit:
********************************************************************************
** Authors:
********************************************************************************
** Kevin Johnson <kjohnson@secureideas.net
**
********************************************************************************
*/

include ("base_conf.php");
include_once ("$BASE_path/includes/base_constants.inc.php");
include ("$BASE_path/includes/base_include.inc.php");
include_once ("$BASE_path/base_db_common.php");
include_once ("$BASE_path/base_qry_common.php");
include_once ("$BASE_path/base_stat_common.php");

AuthorizedRole(10000);
$et = new EventTiming($debug_time_mode);
$cs = new CriteriaState("base_stat_class.php");
$cs->ReadState();
$qs = new QueryState();
$submit = ImportHTTPVar("submit", VAR_ALPHA | VAR_SPACE, array(_SELECTED, _ALLONSCREEN, _ENTIREQUERY));
$sort_order=ImportHTTPVar("sort_order", VAR_LETTER | VAR_USCORE);
$action = ImportHTTPVar("action", VAR_ALPHA); 
$qs->MoveView($submit);             /* increment the view if necessary */
$page_title = _CHRTCLASS;
if ( $qs->isCannedQuery() ){
        if ($action == '' ){
            PrintBASESubHeader($page_title.": ".$qs->GetCurrentCannedQueryDesc(),
                         $page_title.": ".$qs->GetCurrentCannedQueryDesc(), 
                                $cs->GetBackLink(), 1);
        }else{
                        PrintBASESubHeader($page_title.": ".$qs->GetCurrentCannedQueryDesc(),
                         $page_title.": ".$qs->GetCurrentCannedQueryDesc(), 
                                $cs->GetBackLink(), $refresh_all_pages);
        }
}else{
        if ($action == '' ){
                PrintBASESubHeader($page_title, $page_title, $cs->GetBackLink(), 1);
        }else{
                PrintBASESubHeader($page_title, $page_title, $cs->GetBackLink(), $refresh_all_pages);
        }
}
// Connect to the Alert DB.
$db = NewBASEDBConnection($DBlib_path, $DBtype);
$db->baseDBConnect(
        $db_connect_method, $alert_dbname, $alert_host, $alert_port, $alert_user,
        $alert_password
);
UpdateAlertCache($db);
$criteria_clauses = ProcessCriteria();
PrintCriteria('');
$from = " FROM acid_event ".$criteria_clauses[0];
$where = " WHERE ".$criteria_clauses[1];

  $qs->AddValidAction("ag_by_id");
  $qs->AddValidAction("ag_by_name");
  $qs->AddValidAction("add_new_ag");
  $qs->AddValidAction("del_alert");
  $qs->AddValidAction("email_alert");
  $qs->AddValidAction("email_alert2");
  $qs->AddValidAction("csv_alert");
  $qs->AddValidAction("archive_alert");
  $qs->AddValidAction("archive_alert2");

  $qs->AddValidActionOp(_SELECTED);
  $qs->AddValidActionOp(_ALLONSCREEN);

  $qs->SetActionSQL($from.$where);
  $et->Mark("Initialization");

  $qs->RunAction($submit, PAGE_STAT_CLASS, $db);
  $et->Mark("Alert Action");

  /* Get total number of events */
  $event_cnt = EventCnt($db);

  /* create SQL to get Unique Alerts */
  $cnt_sql = "SELECT count(DISTINCT sig_class_id) ".$from.$where;

  /* Run the query to determine the number of rows (No LIMIT)*/
  $qs->GetNumResultRows($cnt_sql, $db);
  $et->Mark("Counting Result size");

  /* Setup the Query Results Table */
  $qro = new QueryResultsOutput("base_stat_class.php?caller=".$caller);
$qro->AddTitle('');
$qro->AddTitle(_CHRTCLASS,
        "class_a", " ", " ORDER BY sig_class_id ASC",
        "class_d", " ", " ORDER BY sig_class_id DESC"
);
$qro->AddTitle(_TOTAL,
        "occur_a", " ", " ORDER BY num_events ASC",
        "occur_d", " ", " ORDER BY num_events DESC", 'right'
);
  $qro->AddTitle(_SENSOR."&nbsp;#",
                 "sensor_a", " ",
                             " ORDER BY num_sensors ASC",
                 "sensor_d", " ",
                             " ORDER BY num_sensors DESC");
$qro->AddTitle(_SIGNATURE,
        "sig_a", " ", " ORDER BY num_sig ASC",
        "sig_d", " ", " ORDER BY num_sig DESC", 'right'
);
$qro->AddTitle(_NBSOURCEADDR,
        "saddr_a", ", count(ip_src) AS saddr_cnt ", " ORDER BY saddr_cnt ASC",
        "saddr_d", ", count(ip_src) AS saddr_cnt ", " ORDER BY saddr_cnt DESC",
        'right'
);
$qro->AddTitle(_NBDESTADDR,
        "daddr_a", ", count(ip_dst) AS daddr_cnt ", " ORDER BY daddr_cnt ASC",
        "daddr_d", ", count(ip_dst) AS daddr_cnt ", " ORDER BY daddr_cnt DESC",
        'right'
);
  $qro->AddTitle(_FIRST, 
                "first_a", ", min(timestamp) AS first_timestamp ",
                           " ORDER BY first_timestamp ASC",
                "first_d", ", min(timestamp) AS first_timestamp ",
                           " ORDER BY first_timestamp DESC");

  $qro->AddTitle(_LAST, 
                "last_a", ", max(timestamp) AS last_timestamp ",
                           " ORDER BY last_timestamp ASC",
                "last_d", ", max(timestamp) AS last_timestamp ",
                           " ORDER BY last_timestamp DESC");

// Issue #168
$sql = "SELECT DISTINCT sig_class_id, ".
                " COUNT(acid_event.cid) as num_events,".
                " COUNT( DISTINCT acid_event.sid) as num_sensors, ".
                " COUNT( DISTINCT signature ) as num_sig, ".
                " COUNT( DISTINCT ip_src ) as num_sip, ".
                " COUNT( DISTINCT ip_dst ) as num_dip, ".
                " min(timestamp) as first_timestamp, ".
                " max(timestamp) as last_timestamp ";
$sqlPFX = $from.$where." GROUP BY sig_class_id ";
$sort_sql = $qro->GetSortSQL($qs->GetCurrentSort(), $qs->GetCurrentCannedQuerySort());
if ( !is_null($sort_sql) ){
        $sqlPFX = $sort_sql[0].$sqlPFX.$sort_sql[1];
}
$sql .= $sqlPFX;
// Run the Query again for the actual data (with the LIMIT), if any.
$result = $qs->ExecuteOutputQuery($sql, $db);
$et->Mark("Retrieve Query Data");
if ( $debug_mode > 0 ){
        if ( $qs->isCannedQuery() ){
                $CCF = 'Yes';
                $qs->PrintCannedQueryList();
        }else{
                $CCF = 'No';
        }
        print "Canned Query: $CCF <br/>";
        $qs->DumpState();
        print "SQL Executed: $sql <br/>";
}
$qs->PrintResultCnt(); // Print current view number and # of rows.

  echo '<FORM METHOD="post" NAME="PacketForm" ACTION="base_stat_class.php">';
  
  $qro->PrintHeader();

  $i = 0;
  while ( ($myrow = $result->baseFetchRow()) && ($i < $qs->GetDisplayRowCnt()) )
  {
     $class_id = $myrow[0];
     if ( $class_id == "" )
        $class_id = 0;
     $total_occurances = $myrow[1];
     $sensor_num = $myrow[2];
     $sig_num = $myrow[3];
     $sip_num = $myrow[4];
     $dip_num = $myrow[5];
     $min_time = $myrow[6];
     $max_time = $myrow[7];

     /* Print out */ 
        if ( isset($colored_alerts) && $colored_alerts == 1 ){
                $tmp = 4; // Gray Default
                $SCP1 = array (6,7,9,13,16,17,22); // Red
                $SCP2 = array (2,3,4,5,8,10,14,15,20,21,23); // Yellow
                $SCP3 = array (1,11,19); // Orange
                $SCP4 = array (); // Gray
                $SCP5 = array (); // White
                $SCP6 = array (12); // Green
                for ( $i = 1; $i < 7; $i++){
                        $T = 'SCP'.$i;
                        if ( in_array($class_id, $$T) ){
                                $tmp = $i;
                        }
                }
                $tmp2 = $colored_alerts;
        }else{
                $tmp = $i;
                $tmp2 = 0;
        }
        qroPrintEntryHeader($tmp, $tmp2);

     $tmp_rowid = rawurlencode($class_id);
     echo '  <TD>&nbsp;&nbsp;
                 <INPUT TYPE="checkbox" NAME="action_chk_lst['.$i.']" VALUE="'.$tmp_rowid.'">
                 &nbsp;&nbsp;
             </TD>';
     echo '      <INPUT TYPE="hidden" NAME="action_lst['.$i.']" VALUE="'.$tmp_rowid.'">';
        qroPrintEntry(GetSigClassName($class_id, $db),'left');
        qroPrintEntry('<A HREF="base_qry_main.php?new=1&amp;sig_class='.$class_id.
                   '&amp;submit='._QUERYDBP.'&amp;num_result_rows=-1">'.$total_occurances.'</A> 
                   ('.(round($total_occurances/$event_cnt*100)).'%)',
                   'right'
        );
     qroPrintEntry('<FONT><A HREF="base_stat_sensor.php?sig_class='.$class_id.'">'.
                    $sensor_num.'</A>');
        qroPrintEntry('<A HREF="base_stat_alerts.php?sig_class='.$class_id.'">'.
                    $sig_num, 'right'
        );
        qroPrintEntry(
                BuildUniqueAddressLink( 1, '&amp;sig_class='.$class_id)."$sip_num</a>",
                'right'
        );
        qroPrintEntry(
                BuildUniqueAddressLink( 2, '&amp;sig_class='.$class_id)."$dip_num</a>",
                'right'
        );
     qroPrintEntry('<FONT>'.$min_time.'</FONT>');
     qroPrintEntry('<FONT>'.$max_time.'</FONT>');

     qroPrintEntryFooter();

     $i++;
     $prev_time = null;
  }

  $result->baseFreeRows();

  $qro->PrintFooter();

  $qs->PrintBrowseButtons();
  $qs->PrintAlertActionButtons();
  $qs->SaveState();
        ExportHTTPVar("sort_order", $sort_order);
  echo "\n</FORM>\n";
$et->Mark("Get Query Elements");
PrintBASESubFooter();
?>

1	<?php
2	/*******************************************************************************
3	** Basic Analysis and Security Engine (BASE)
4	** Copyright (C) 2004 BASE Project Team
5	** Copyright (C) 2000 Carnegie Mellon University
6	**
7	** (see the file 'base_main.php' for license details)
8	**
9	** Project Leads: Kevin Johnson <kjohnson@secureideas.net>
10	** Sean Muller <samwise_diver@users.sourceforge.net>
11	** Built upon work by Roman Danyliw <rdd@cert.org>, <roman@danyliw.com>
12	**
13	** Purpose: Displays statistics on the detected alerts
14	**
15	** Input GET/POST variables
16	** - caller
17	** - submit:
18	********************************************************************************
19	** Authors:
20	********************************************************************************
21	** Kevin Johnson <kjohnson@secureideas.net
22	**
23	********************************************************************************
24	*/
25
26	include ("base_conf.php");	×
27	include_once ("$BASE_path/includes/base_constants.inc.php");	×
28	include ("$BASE_path/includes/base_include.inc.php");	×
29	include_once ("$BASE_path/base_db_common.php");	×
30	include_once ("$BASE_path/base_qry_common.php");	×
31	include_once ("$BASE_path/base_stat_common.php");	×
32
33	AuthorizedRole(10000);	×
34	$et = new EventTiming($debug_time_mode);	×
35	$cs = new CriteriaState("base_stat_class.php");	×
36	$cs->ReadState();	×
37	$qs = new QueryState();	×
38	$submit = ImportHTTPVar("submit", VAR_ALPHA \| VAR_SPACE, array(_SELECTED, _ALLONSCREEN, _ENTIREQUERY));	×
39	$sort_order=ImportHTTPVar("sort_order", VAR_LETTER \| VAR_USCORE);	×
40	$action = ImportHTTPVar("action", VAR_ALPHA);	×
41	$qs->MoveView($submit); /* increment the view if necessary */	×
42	$page_title = _CHRTCLASS;	×
43	if ( $qs->isCannedQuery() ){	×
44	if ($action == '' ){	×
45	PrintBASESubHeader($page_title.": ".$qs->GetCurrentCannedQueryDesc(),	×
46	$page_title.": ".$qs->GetCurrentCannedQueryDesc(),	×
47	$cs->GetBackLink(), 1);	×
48	}else{	×
49	PrintBASESubHeader($page_title.": ".$qs->GetCurrentCannedQueryDesc(),	×
50	$page_title.": ".$qs->GetCurrentCannedQueryDesc(),	×
51	$cs->GetBackLink(), $refresh_all_pages);	×
52	}
53	}else{	×
54	if ($action == '' ){	×
55	PrintBASESubHeader($page_title, $page_title, $cs->GetBackLink(), 1);	×
56	}else{	×
57	PrintBASESubHeader($page_title, $page_title, $cs->GetBackLink(), $refresh_all_pages);	×
58	}
59	}
60	// Connect to the Alert DB.
61	$db = NewBASEDBConnection($DBlib_path, $DBtype);	×
62	$db->baseDBConnect(	×
63	$db_connect_method, $alert_dbname, $alert_host, $alert_port, $alert_user,
64	$alert_password
65	);
66	UpdateAlertCache($db);	×
67	$criteria_clauses = ProcessCriteria();	×
68	PrintCriteria('');	×
69	$from = " FROM acid_event ".$criteria_clauses[0];	×
70	$where = " WHERE ".$criteria_clauses[1];	×
71
72	$qs->AddValidAction("ag_by_id");	×
73	$qs->AddValidAction("ag_by_name");	×
74	$qs->AddValidAction("add_new_ag");	×
75	$qs->AddValidAction("del_alert");	×
76	$qs->AddValidAction("email_alert");	×
77	$qs->AddValidAction("email_alert2");	×
78	$qs->AddValidAction("csv_alert");	×
79	$qs->AddValidAction("archive_alert");	×
80	$qs->AddValidAction("archive_alert2");	×
81
82	$qs->AddValidActionOp(_SELECTED);	×
83	$qs->AddValidActionOp(_ALLONSCREEN);	×
84
85	$qs->SetActionSQL($from.$where);	×
86	$et->Mark("Initialization");	×
87
88	$qs->RunAction($submit, PAGE_STAT_CLASS, $db);	×
89	$et->Mark("Alert Action");	×
90
91	/* Get total number of events */
92	$event_cnt = EventCnt($db);	×
93
94	/* create SQL to get Unique Alerts */
95	$cnt_sql = "SELECT count(DISTINCT sig_class_id) ".$from.$where;	×
96
97	/* Run the query to determine the number of rows (No LIMIT)*/
98	$qs->GetNumResultRows($cnt_sql, $db);	×
99	$et->Mark("Counting Result size");	×
100
101	/* Setup the Query Results Table */
102	$qro = new QueryResultsOutput("base_stat_class.php?caller=".$caller);	×
103	$qro->AddTitle('');	×
104	$qro->AddTitle(_CHRTCLASS,	×
105	"class_a", " ", " ORDER BY sig_class_id ASC",
106	"class_d", " ", " ORDER BY sig_class_id DESC"
107	);
108	$qro->AddTitle(_TOTAL,	×
109	"occur_a", " ", " ORDER BY num_events ASC",
110	"occur_d", " ", " ORDER BY num_events DESC", 'right'
111	);
112	$qro->AddTitle(_SENSOR." #",	×
113	"sensor_a", " ",
114	" ORDER BY num_sensors ASC",
115	"sensor_d", " ",
116	" ORDER BY num_sensors DESC");
117	$qro->AddTitle(_SIGNATURE,	×
118	"sig_a", " ", " ORDER BY num_sig ASC",
119	"sig_d", " ", " ORDER BY num_sig DESC", 'right'
120	);
121	$qro->AddTitle(_NBSOURCEADDR,	×
122	"saddr_a", ", count(ip_src) AS saddr_cnt ", " ORDER BY saddr_cnt ASC",
123	"saddr_d", ", count(ip_src) AS saddr_cnt ", " ORDER BY saddr_cnt DESC",
124	'right'
125	);
126	$qro->AddTitle(_NBDESTADDR,	×
127	"daddr_a", ", count(ip_dst) AS daddr_cnt ", " ORDER BY daddr_cnt ASC",
128	"daddr_d", ", count(ip_dst) AS daddr_cnt ", " ORDER BY daddr_cnt DESC",
129	'right'
130	);
131	$qro->AddTitle(_FIRST,	×
132	"first_a", ", min(timestamp) AS first_timestamp ",
133	" ORDER BY first_timestamp ASC",
134	"first_d", ", min(timestamp) AS first_timestamp ",
135	" ORDER BY first_timestamp DESC");
136
137	$qro->AddTitle(_LAST,	×
138	"last_a", ", max(timestamp) AS last_timestamp ",
139	" ORDER BY last_timestamp ASC",
140	"last_d", ", max(timestamp) AS last_timestamp ",
141	" ORDER BY last_timestamp DESC");
142
143	// Issue #168
144	$sql = "SELECT DISTINCT sig_class_id, ".	×
145	" COUNT(acid_event.cid) as num_events,".
146	" COUNT( DISTINCT acid_event.sid) as num_sensors, ".
147	" COUNT( DISTINCT signature ) as num_sig, ".
148	" COUNT( DISTINCT ip_src ) as num_sip, ".
149	" COUNT( DISTINCT ip_dst ) as num_dip, ".
150	" min(timestamp) as first_timestamp, ".
151	" max(timestamp) as last_timestamp ";
152	$sqlPFX = $from.$where." GROUP BY sig_class_id ";	×
153	$sort_sql = $qro->GetSortSQL($qs->GetCurrentSort(), $qs->GetCurrentCannedQuerySort());	×
154	if ( !is_null($sort_sql) ){	×
155	$sqlPFX = $sort_sql[0].$sqlPFX.$sort_sql[1];	×
156	}
157	$sql .= $sqlPFX;	×
158	// Run the Query again for the actual data (with the LIMIT), if any.
159	$result = $qs->ExecuteOutputQuery($sql, $db);	×
160	$et->Mark("Retrieve Query Data");	×
161	if ( $debug_mode > 0 ){	×
162	if ( $qs->isCannedQuery() ){	×
163	$CCF = 'Yes';	×
164	$qs->PrintCannedQueryList();	×
165	}else{	×
166	$CCF = 'No';	×
167	}
168	print "Canned Query: $CCF <br/>";	×
169	$qs->DumpState();	×
170	print "SQL Executed: $sql <br/>";	×
171	}
172	$qs->PrintResultCnt(); // Print current view number and # of rows.	×
173
174	echo '<FORM METHOD="post" NAME="PacketForm" ACTION="base_stat_class.php">';	×
175
176	$qro->PrintHeader();	×
177
178	$i = 0;	×
179	while ( ($myrow = $result->baseFetchRow()) && ($i < $qs->GetDisplayRowCnt()) )	×
180	{
181	$class_id = $myrow[0];	×
182	if ( $class_id == "" )	×
183	$class_id = 0;	×
184	$total_occurances = $myrow[1];	×
185	$sensor_num = $myrow[2];	×
186	$sig_num = $myrow[3];	×
187	$sip_num = $myrow[4];	×
188	$dip_num = $myrow[5];	×
189	$min_time = $myrow[6];	×
190	$max_time = $myrow[7];	×
191
192	/* Print out */
193	if ( isset($colored_alerts) && $colored_alerts == 1 ){	×
194	$tmp = 4; // Gray Default	×
195	$SCP1 = array (6,7,9,13,16,17,22); // Red	×
196	$SCP2 = array (2,3,4,5,8,10,14,15,20,21,23); // Yellow	×
197	$SCP3 = array (1,11,19); // Orange	×
198	$SCP4 = array (); // Gray	×
199	$SCP5 = array (); // White	×
200	$SCP6 = array (12); // Green	×
201	for ( $i = 1; $i < 7; $i++){	×
202	$T = 'SCP'.$i;	×
203	if ( in_array($class_id, $$T) ){	×
204	$tmp = $i;	×
205	}
206	}
207	$tmp2 = $colored_alerts;	×
208	}else{	×
209	$tmp = $i;	×
210	$tmp2 = 0;	×
211	}
212	qroPrintEntryHeader($tmp, $tmp2);	×
213
214	$tmp_rowid = rawurlencode($class_id);	×
215	echo ' <TD>	×
216	<INPUT TYPE="checkbox" NAME="action_chk_lst['.$i.']" VALUE="'.$tmp_rowid.'">
217
218	</TD>';
219	echo ' <INPUT TYPE="hidden" NAME="action_lst['.$i.']" VALUE="'.$tmp_rowid.'">';	×
220	qroPrintEntry(GetSigClassName($class_id, $db),'left');	×
221	qroPrintEntry('<A HREF="base_qry_main.php?new=1&sig_class='.$class_id.	×
222	'&submit='._QUERYDBP.'&num_result_rows=-1">'.$total_occurances.'</A>
223	('.(round($total_occurances/$event_cnt*100)).'%)',	×
224	'right'
225	);
226	qroPrintEntry('<FONT><A HREF="base_stat_sensor.php?sig_class='.$class_id.'">'.	×
227	$sensor_num.'</A>');
228	qroPrintEntry('<A HREF="base_stat_alerts.php?sig_class='.$class_id.'">'.	×
229	$sig_num, 'right'
230	);
231	qroPrintEntry(	×
232	BuildUniqueAddressLink( 1, '&sig_class='.$class_id)."$sip_num</a>",	×
233	'right'
234	);
235	qroPrintEntry(	×
236	BuildUniqueAddressLink( 2, '&sig_class='.$class_id)."$dip_num</a>",	×
237	'right'
238	);
239	qroPrintEntry('<FONT>'.$min_time.'</FONT>');	×
240	qroPrintEntry('<FONT>'.$max_time.'</FONT>');	×
241
242	qroPrintEntryFooter();	×
243
244	$i++;	×
245	$prev_time = null;	×
246	}
247
248	$result->baseFreeRows();	×
249
250	$qro->PrintFooter();	×
251
252	$qs->PrintBrowseButtons();	×
253	$qs->PrintAlertActionButtons();	×
254	$qs->SaveState();	×
255	ExportHTTPVar("sort_order", $sort_order);	×
256	echo "\n</FORM>\n";	×
257	$et->Mark("Get Query Elements");	×
258	PrintBASESubFooter();	×
259	?>

NathanGibbs3 / BASE / 587

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous