NathanGibbs3 / BASE / 587

pending completion

Build # 587

Build Type

push

travis-ci-com

Committed by

NathanGibbs3

Commit Message

Merge branch 'devel'

Run Details

504 of 504 new or added lines in 21 files covered. (100.0%)

2594 of 16816 relevant lines covered (15.43%)

20.97 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

0.0

/base_stat_sensor.php

<?php
/*******************************************************************************
** Basic Analysis and Security Engine (BASE)
** Copyright (C) 2004 BASE Project Team
** Copyright (C) 2000 Carnegie Mellon University
**
** (see the file 'base_main.php' for license details)
**
** Project Leads: Kevin Johnson <kjohnson@secureideas.net>
**                Sean Muller <samwise_diver@users.sourceforge.net>
** Built upon work by Roman Danyliw <rdd@cert.org>, <roman@danyliw.com>
**
** Purpose: Sensor statistics
**
** Input GET/POST variables
**   - submit:
**   - caller:
********************************************************************************
** Authors:
********************************************************************************
** Kevin Johnson <kjohnson@secureideas.net
**
********************************************************************************
*/

include ("base_conf.php");
include_once ("$BASE_path/includes/base_constants.inc.php");
include ("$BASE_path/includes/base_include.inc.php");
include_once ("$BASE_path/base_db_common.php");
include_once ("$BASE_path/base_common.php");
include_once ("$BASE_path/base_stat_common.php");
include_once ("$BASE_path/base_qry_common.php");
include_once ("$BASE_path/base_ag_common.php");

AuthorizedRole(10000);
$et = new EventTiming($debug_time_mode);
$cs = new CriteriaState("base_stat_sensor.php");
$cs->ReadState();
$qs = new QueryState();
$submit = ImportHTTPVar("submit", VAR_ALPHA | VAR_SPACE, array(_SELECTED, _ALLONSCREEN, _ENTIREQUERY));
$sort_order=ImportHTTPVar("sort_order", VAR_LETTER | VAR_USCORE);
$action = ImportHTTPVar("action", VAR_ALPHA);
$qs->MoveView($submit);             /* increment the view if necessary */
$page_title = SPSENSORLIST;
if ( $action == '' ){
        PrintBASESubHeader($page_title, $page_title, $cs->GetBackLink(), 1);
}else{
        PrintBASESubHeader($page_title, $page_title, $cs->GetBackLink(), $refresh_all_pages);
}
$db = NewBASEDBConnection($DBlib_path, $DBtype); // Connect to Alert DB.
$db->baseDBConnect(
        $db_connect_method,$alert_dbname, $alert_host, $alert_port, $alert_user,
        $alert_password
);
UpdateAlertCache($db);
$criteria_clauses = ProcessCriteria();
PrintCriteria('');

  $from = " FROM acid_event ".$criteria_clauses[0];
  $where = " WHERE ".$criteria_clauses[1];

  $qs->AddValidAction("ag_by_id");
  $qs->AddValidAction("ag_by_name");
  $qs->AddValidAction("add_new_ag");
  $qs->AddValidAction("del_alert");
  $qs->AddValidAction("email_alert");
  $qs->AddValidAction("email_alert2");
  $qs->AddValidAction("csv_alert");
  $qs->AddValidAction("archive_alert");
  $qs->AddValidAction("archive_alert2");

  $qs->AddValidActionOp(_SELECTED);
  $qs->AddValidActionOp(_ALLONSCREEN);

  $qs->SetActionSQL($from.$where);
  $et->Mark("Initialization");

  $qs->RunAction($submit, PAGE_STAT_SENSOR, $db);
  $et->Mark("Alert Action");

  /* create SQL to get Unique Alerts */
  $cnt_sql = "SELECT count(DISTINCT acid_event.sid) ".$from.$where;

  /* Run the query to determine the number of rows (No LIMIT)*/
  $qs->GetNumResultRows($cnt_sql, $db);
  $et->Mark("Counting Result size");
// Setup the Query Results Table.
// Common SQL Strings
$OB = ' ORDER BY';
$SNID = "CONCAT(CONCAT(sensor.hostname, ':'), sensor.interface)";
$qro = new QueryResultsOutput("base_stat_sensor.php?x=x");
$qro->AddTitle('');
$qro->AddTitle(_SENSOR,
        "sid_a", " ", "$OB acid_event.sid ASC",
        "sid_d", " ", "$OB acid_event.sid DESC"
);
$qro->AddTitle( _NAME,
        "sname_a", " ", "$OB $SNID ASC ",
        "sname_d", " ", "$OB $SNID DESC ", 'left'
);
$qro->AddTitle( _SIPLTOTALEVENTS,
        "occur_a", "", "$OB event_cnt ASC",
        "occur_d", "", "$OB event_cnt DESC", 'right'
);
$qro->AddTitle( _SIPLUNIEVENTS,
        "occur_a", "", "$OB sig_cnt ASC",
        "occur_d", "", "$OB sig_cnt DESC", 'right'
);
$qro->AddTitle( _SUASRCADD,
        "saddr_a", "", "$OB saddr_cnt ASC",
        "saddr_d", "", "$OB saddr_cnt DESC", 'right'
);
$qro->AddTitle( _SUADSTADD,
        "daddr_a", "", "$OB daddr_cnt ASC",
        "daddr_d", "", "$OB daddr_cnt DESC", 'right'
);
$qro->AddTitle(_FIRST,
        "first_a", "", "$OB first_timestamp ASC",
        "first_d", "", "$OB first_timestamp DESC"
);
$qro->AddTitle(_LAST,
        "last_a", "", "$OB last_timestamp ASC",
        "last_d", "", "$OB last_timestamp DESC"
);

// Issue #168
$sql = "SELECT DISTINCT acid_event.sid, count(acid_event.cid) as event_cnt,".
        " count(distinct(acid_event.signature)) as sig_cnt, ".
        " count(distinct(acid_event.ip_src)) as saddr_cnt, ".
        " count(distinct(acid_event.ip_dst)) as daddr_cnt, ".
        "min(timestamp) as first_timestamp, max(timestamp) as last_timestamp";
$sqlPFX = $from." JOIN sensor using (sid) ".$where. " GROUP BY acid_event.sid ";
$sort_sql = $qro->GetSortSQL($qs->GetCurrentSort(), $qs->GetCurrentCannedQuerySort());
if ( !is_null($sort_sql) ){
        $sqlPFX = $sort_sql[0].$sqlPFX.$sort_sql[1];
}
$sql .= $sqlPFX;
// Run the Query again for the actual data (with the LIMIT), if any.
$result = $qs->ExecuteOutputQuery($sql, $db);
$et->Mark("Retrieve Query Data");
if ( $debug_mode > 0 ){
        if ( $qs->isCannedQuery() ){
                $CCF = 'Yes';
                $qs->PrintCannedQueryList();
        }else{
                $CCF = 'No';
        }
        print "Canned Query: $CCF <br/>";
        $qs->DumpState();
        print "SQL Executed: $sql <br/>";
}
$qs->PrintResultCnt(); // Print current view number and # of rows.

  echo '<FORM METHOD="post" NAME="PacketForm" ACTION="base_stat_sensor.php">';
  $qro->PrintHeader();

  $i = 0;
  while ( ($myrow = $result->baseFetchRow()) && ($i < $qs->GetDisplayRowCnt()) )
  {
    $sensor_id = $myrow[0];
    $event_cnt = $myrow[1];
    $unique_event_cnt = $myrow[2];
    $num_src_ip = $myrow[3];
    $num_dst_ip = $myrow[4];
    $start_time = $myrow[5];
    $stop_time = $myrow[6];

    /* Print out */ 
    qroPrintEntryHeader($i);    

    $tmp_rowid = $sensor_id;
    echo '    <TD><INPUT TYPE="checkbox" NAME="action_chk_lst['.$i.']" VALUE="'.$tmp_rowid.'">';
    echo '        <INPUT TYPE="hidden" NAME="action_lst['.$i.']" VALUE="'.$tmp_rowid.'"></TD>';

    qroPrintEntry($sensor_id);
        qroPrintEntry(GetSensorName($sensor_id, $db),'left');
        qroPrintEntry(
                "<a href='base_qry_main.php?new=1&amp;sensor=$sensor_id".
                "&amp;num_result_rows=-1&amp;submit="._QUERYDBP."'>$event_cnt</a>",
                'right'
        );
        qroPrintEntry(
                BuildUniqueAlertLink("?sensor=".$sensor_id)."$unique_event_cnt</a>",
                'right'
        );
        qroPrintEntry(
                BuildUniqueAddressLink(1, "&amp;sensor=".$sensor_id)."$num_src_ip</a>",
                'right'
        );
        qroPrintEntry(
                BuildUniqueAddressLink(2, "&amp;sensor=".$sensor_id)."$num_dst_ip</a>",
                'right'
        );
     qroPrintEntry($start_time);
     qroPrintEntry($stop_time);

     qroPrintEntryFooter();

     $i++;
  }

  $result->baseFreeRows();

  $qro->PrintFooter();

  $qs->PrintBrowseButtons();
  $qs->PrintAlertActionButtons();
  $qs->SaveState();
        ExportHTTPVar("sort_order", $sort_order);
  echo "\n</FORM>\n";
$et->Mark("Get Query Elements");
PrintBASESubFooter();
?>

1	<?php
2	/*******************************************************************************
3	** Basic Analysis and Security Engine (BASE)
4	** Copyright (C) 2004 BASE Project Team
5	** Copyright (C) 2000 Carnegie Mellon University
6	**
7	** (see the file 'base_main.php' for license details)
8	**
9	** Project Leads: Kevin Johnson <kjohnson@secureideas.net>
10	** Sean Muller <samwise_diver@users.sourceforge.net>
11	** Built upon work by Roman Danyliw <rdd@cert.org>, <roman@danyliw.com>
12	**
13	** Purpose: Sensor statistics
14	**
15	** Input GET/POST variables
16	** - submit:
17	** - caller:
18	********************************************************************************
19	** Authors:
20	********************************************************************************
21	** Kevin Johnson <kjohnson@secureideas.net
22	**
23	********************************************************************************
24	*/
25
26	include ("base_conf.php");	×
27	include_once ("$BASE_path/includes/base_constants.inc.php");	×
28	include ("$BASE_path/includes/base_include.inc.php");	×
29	include_once ("$BASE_path/base_db_common.php");	×
30	include_once ("$BASE_path/base_common.php");	×
31	include_once ("$BASE_path/base_stat_common.php");	×
32	include_once ("$BASE_path/base_qry_common.php");	×
33	include_once ("$BASE_path/base_ag_common.php");	×
34
35	AuthorizedRole(10000);	×
36	$et = new EventTiming($debug_time_mode);	×
37	$cs = new CriteriaState("base_stat_sensor.php");	×
38	$cs->ReadState();	×
39	$qs = new QueryState();	×
40	$submit = ImportHTTPVar("submit", VAR_ALPHA \| VAR_SPACE, array(_SELECTED, _ALLONSCREEN, _ENTIREQUERY));	×
41	$sort_order=ImportHTTPVar("sort_order", VAR_LETTER \| VAR_USCORE);	×
42	$action = ImportHTTPVar("action", VAR_ALPHA);	×
43	$qs->MoveView($submit); /* increment the view if necessary */	×
44	$page_title = SPSENSORLIST;	×
45	if ( $action == '' ){	×
46	PrintBASESubHeader($page_title, $page_title, $cs->GetBackLink(), 1);	×
47	}else{	×
48	PrintBASESubHeader($page_title, $page_title, $cs->GetBackLink(), $refresh_all_pages);	×
49	}
50	$db = NewBASEDBConnection($DBlib_path, $DBtype); // Connect to Alert DB.	×
51	$db->baseDBConnect(	×
52	$db_connect_method,$alert_dbname, $alert_host, $alert_port, $alert_user,
53	$alert_password
54	);
55	UpdateAlertCache($db);	×
56	$criteria_clauses = ProcessCriteria();	×
57	PrintCriteria('');	×
58
59	$from = " FROM acid_event ".$criteria_clauses[0];	×
60	$where = " WHERE ".$criteria_clauses[1];	×
61
62	$qs->AddValidAction("ag_by_id");	×
63	$qs->AddValidAction("ag_by_name");	×
64	$qs->AddValidAction("add_new_ag");	×
65	$qs->AddValidAction("del_alert");	×
66	$qs->AddValidAction("email_alert");	×
67	$qs->AddValidAction("email_alert2");	×
68	$qs->AddValidAction("csv_alert");	×
69	$qs->AddValidAction("archive_alert");	×
70	$qs->AddValidAction("archive_alert2");	×
71
72	$qs->AddValidActionOp(_SELECTED);	×
73	$qs->AddValidActionOp(_ALLONSCREEN);	×
74
75	$qs->SetActionSQL($from.$where);	×
76	$et->Mark("Initialization");	×
77
78	$qs->RunAction($submit, PAGE_STAT_SENSOR, $db);	×
79	$et->Mark("Alert Action");	×
80
81	/* create SQL to get Unique Alerts */
82	$cnt_sql = "SELECT count(DISTINCT acid_event.sid) ".$from.$where;	×
83
84	/* Run the query to determine the number of rows (No LIMIT)*/
85	$qs->GetNumResultRows($cnt_sql, $db);	×
86	$et->Mark("Counting Result size");	×
87	// Setup the Query Results Table.
88	// Common SQL Strings
89	$OB = ' ORDER BY';	×
90	$SNID = "CONCAT(CONCAT(sensor.hostname, ':'), sensor.interface)";	×
91	$qro = new QueryResultsOutput("base_stat_sensor.php?x=x");	×
92	$qro->AddTitle('');	×
93	$qro->AddTitle(_SENSOR,	×
94	"sid_a", " ", "$OB acid_event.sid ASC",	×
95	"sid_d", " ", "$OB acid_event.sid DESC"	×
96	);
97	$qro->AddTitle( _NAME,	×
98	"sname_a", " ", "$OB $SNID ASC ",	×
99	"sname_d", " ", "$OB $SNID DESC ", 'left'	×
100	);
101	$qro->AddTitle( _SIPLTOTALEVENTS,	×
102	"occur_a", "", "$OB event_cnt ASC",	×
103	"occur_d", "", "$OB event_cnt DESC", 'right'	×
104	);
105	$qro->AddTitle( _SIPLUNIEVENTS,	×
106	"occur_a", "", "$OB sig_cnt ASC",	×
107	"occur_d", "", "$OB sig_cnt DESC", 'right'	×
108	);
109	$qro->AddTitle( _SUASRCADD,	×
110	"saddr_a", "", "$OB saddr_cnt ASC",	×
111	"saddr_d", "", "$OB saddr_cnt DESC", 'right'	×
112	);
113	$qro->AddTitle( _SUADSTADD,	×
114	"daddr_a", "", "$OB daddr_cnt ASC",	×
115	"daddr_d", "", "$OB daddr_cnt DESC", 'right'	×
116	);
117	$qro->AddTitle(_FIRST,	×
118	"first_a", "", "$OB first_timestamp ASC",	×
119	"first_d", "", "$OB first_timestamp DESC"	×
120	);
121	$qro->AddTitle(_LAST,	×
122	"last_a", "", "$OB last_timestamp ASC",	×
123	"last_d", "", "$OB last_timestamp DESC"	×
124	);
125
126	// Issue #168
127	$sql = "SELECT DISTINCT acid_event.sid, count(acid_event.cid) as event_cnt,".	×
128	" count(distinct(acid_event.signature)) as sig_cnt, ".
129	" count(distinct(acid_event.ip_src)) as saddr_cnt, ".
130	" count(distinct(acid_event.ip_dst)) as daddr_cnt, ".
131	"min(timestamp) as first_timestamp, max(timestamp) as last_timestamp";
132	$sqlPFX = $from." JOIN sensor using (sid) ".$where. " GROUP BY acid_event.sid ";	×
133	$sort_sql = $qro->GetSortSQL($qs->GetCurrentSort(), $qs->GetCurrentCannedQuerySort());	×
134	if ( !is_null($sort_sql) ){	×
135	$sqlPFX = $sort_sql[0].$sqlPFX.$sort_sql[1];	×
136	}
137	$sql .= $sqlPFX;	×
138	// Run the Query again for the actual data (with the LIMIT), if any.
139	$result = $qs->ExecuteOutputQuery($sql, $db);	×
140	$et->Mark("Retrieve Query Data");	×
141	if ( $debug_mode > 0 ){	×
142	if ( $qs->isCannedQuery() ){	×
143	$CCF = 'Yes';	×
144	$qs->PrintCannedQueryList();	×
145	}else{	×
146	$CCF = 'No';	×
147	}
148	print "Canned Query: $CCF <br/>";	×
149	$qs->DumpState();	×
150	print "SQL Executed: $sql <br/>";	×
151	}
152	$qs->PrintResultCnt(); // Print current view number and # of rows.	×
153
154	echo '<FORM METHOD="post" NAME="PacketForm" ACTION="base_stat_sensor.php">';	×
155	$qro->PrintHeader();	×
156
157	$i = 0;	×
158	while ( ($myrow = $result->baseFetchRow()) && ($i < $qs->GetDisplayRowCnt()) )	×
159	{
160	$sensor_id = $myrow[0];	×
161	$event_cnt = $myrow[1];	×
162	$unique_event_cnt = $myrow[2];	×
163	$num_src_ip = $myrow[3];	×
164	$num_dst_ip = $myrow[4];	×
165	$start_time = $myrow[5];	×
166	$stop_time = $myrow[6];	×
167
168	/* Print out */
169	qroPrintEntryHeader($i);	×
170
171	$tmp_rowid = $sensor_id;	×
172	echo ' <TD><INPUT TYPE="checkbox" NAME="action_chk_lst['.$i.']" VALUE="'.$tmp_rowid.'">';	×
173	echo ' <INPUT TYPE="hidden" NAME="action_lst['.$i.']" VALUE="'.$tmp_rowid.'"></TD>';	×
174
175	qroPrintEntry($sensor_id);	×
176	qroPrintEntry(GetSensorName($sensor_id, $db),'left');	×
177	qroPrintEntry(	×
178	"<a href='base_qry_main.php?new=1&sensor=$sensor_id".	×
179	"&num_result_rows=-1&submit="._QUERYDBP."'>$event_cnt</a>",	×
180	'right'
181	);
182	qroPrintEntry(	×
183	BuildUniqueAlertLink("?sensor=".$sensor_id)."$unique_event_cnt</a>",	×
184	'right'
185	);
186	qroPrintEntry(	×
187	BuildUniqueAddressLink(1, "&sensor=".$sensor_id)."$num_src_ip</a>",	×
188	'right'
189	);
190	qroPrintEntry(	×
191	BuildUniqueAddressLink(2, "&sensor=".$sensor_id)."$num_dst_ip</a>",	×
192	'right'
193	);
194	qroPrintEntry($start_time);	×
195	qroPrintEntry($stop_time);	×
196
197	qroPrintEntryFooter();	×
198
199	$i++;	×
200	}
201
202	$result->baseFreeRows();	×
203
204	$qro->PrintFooter();	×
205
206	$qs->PrintBrowseButtons();	×
207	$qs->PrintAlertActionButtons();	×
208	$qs->SaveState();	×
209	ExportHTTPVar("sort_order", $sort_order);	×
210	echo "\n</FORM>\n";	×
211	$et->Mark("Get Query Elements");	×
212	PrintBASESubFooter();	×
213	?>

NathanGibbs3 / BASE / 587

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous