NathanGibbs3 / BASE / 590

pending completion

Build # 590

Build Type

push

travis-ci-com

Committed by

NathanGibbs3

Commit Message

20230420 Fix CI build breakage. 2

Run Details

2755 of 16977 relevant lines covered (16.23%)

21.61 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

66.92

/includes/base_log_error.inc.php

<?php
/*******************************************************************************
** Basic Analysis and Security Engine (BASE)
** Copyright (C) 2004 BASE Project Team
** Copyright (C) 2000 Carnegie Mellon University
**
** (see the file 'base_main.php' for license details)
**
** Project Lead: Kevin Johnson <kjohnson@secureideas.net>
**                Sean Muller <samwise_diver@users.sourceforge.net>
** Built upon work by Roman Danyliw <rdd@cert.org>, <roman@danyliw.com>
**
** Purpose: debugging and logging routines   
********************************************************************************
** Authors:
********************************************************************************
** Kevin Johnson <kjohnson@secureideas.net
**
********************************************************************************
*/
/** The below check is to make sure that the conf file has been loaded before this one....
 **  This should prevent someone from accessing the page directly. -- Kevin
 **/
defined( '_BASE_INC' ) or die( 'Accessing this file directly is not allowed.' );

function DivErrorMessage ($message, $Count = 0 ){
        NLIO ("<div class='errorMsg' align='center'>$message</div>",$Count);
}

function ErrorMessage ($message, $color = "#ff0000", $br = 0 ){
        print returnErrorMessage($message, $color, $br);
}

function returnErrorMessage ($message, $color = "#ff0000", $br = 0 ){
        if ( HtmlColor($color) == false ){
                // Default to Red if we are passed something odd.
                $color = "#ff0000";
        }
        $error = "<font color='$color'>$message</font>";
        if ( is_numeric($br) && $br == 1 ){ // Issue #160
                $error .= '<br/>';
        }
        return $error;
}

function BuildError ($message = '', $fmessage = '' ){
        if ( LoadedString($message) == true ){
                ErrorMessage(_ERRPHPERROR.':',0,1);
                ErrorMessage($message, 'black', 1);
                print '<br/>';
        }
        // @codeCoverageIgnoreStart
        if ( LoadedString($fmessage) == true ){
                FatalError($fmessage);
        }
        // @codeCoverageIgnoreEnd
}

function LibIncError (
                $Desc, $Loc, $Lib, $message = '', $LibName = '', $URL = '', $Fatal = 0,
                $Pear = 0
        ){
        // Translation data this msg when we get to _ERRSQLDBALLOAD1 on Issue#11
        $msg = "<b>Error loading the $Desc library:</b> ".
        XSSPrintSafe('from "'.$Loc.'".');
        if ( LoadedString($LibName) == true ){
                $msg .= '<br/>';
                // Translation data this msg when we get to _ERRSQLDBALLOAD2 on Issue#11
                $msg .= "The underlying $Desc library currently used is $LibName";
                if ( LoadedString($URL) == true ){
                        $URL = XSSPrintSafe($URL);
                        $msg .= ', that can be downloaded at ';
                        $msg .= "<a href='$URL'>$URL</a>";
                }
                $msg .= '.';
        }
        ErrorMessage($msg,'black',1);
        if ( LoadedString($message) == true ){
                ErrorMessage($message,'black',1);
        }
        $FLib = $Lib;
        if ($Pear == 1){
                $EMsg = "Check your Pear::$LibName installation!<br/>";
                $EMsg .= 'Make sure PEAR libraries can be found by PHP.';
                $EMsg .= '<pre>';
                $EMsg .= XSSPrintSafe('pear config-show | grep "PEAR directory"'."\n");
                $EMsg .= XSSPrintSafe('PEAR directory      php_dir     /usr/share/pear');
                $EMsg .= '</pre>';
                $EMsg .= 'This path must be part of the include path of php (cf. /etc/php.ini).';
                $EMsg .= '<pre>';
                $EMsg .= XSSPrintSafe('php -i | grep "include_path"');
                $EMsg .= XSSPrintSafe(
                        'include_path => .:/usr/share/pear:/usr/share/php => .:/usr/share/pear:/usr/share/php'
                );
                $EMsg .= '</pre>';
                if ( ini_get('safe_mode') ){
                        $EMsg .= XSSPrintSafe(
                                'In "safe_mode" it must also be part of safe_mode_include_dir in /etc/php.ini'
                        );
                }
                ErrorMessage($EMsg,'black',1);
                $FLib = $LibName;
        }
        $tmp = "PHP setup incomplete: $FLib required.";
        if ($Fatal == 0){
                ErrorMessage($tmp, 0,1);
        }else{
                // @codeCoverageIgnoreStart
                FatalError($tmp);
                // @codeCoverageIgnoreEnd
        }
}

// Debug Data Table
function DDT (
        $Items, $Desc = array(), $title = NULL, $tab = 3, $wd = 75, $vf = 0
){
        if ( is_array($Items) ){ // Input Validation
                if ( !is_array($Desc) ){
                        $Desc = array($Desc);
                }
                if ( !is_int($tab) ){
                        $tab = 3;
                }
                if ( !is_int($wd) ){
                        $wd = 75;
                }
                if ( !is_int($vf) ){
                        $vf = 0;
                }
                if ( !LoadedString($title) ){
                        $title = 'Debug Data Table';
                }
                $title = XSSPrintSafe($title);
                $Desc = XSSPrintSafe($Desc);
                $Items = XSSPrintSafe($Items);
                PrintFramedBoxHeader($title, 'red', 0, $tab, '', $wd);
                $icnt = count($Items);
                $DF = false;
                if ( $icnt <= count($Desc) ){ // Do we have Descriptions?
                        $DF = true;
                }
                if ( $icnt > 0 ){
                        $style = '';
                        if ( $vf == 1 && $DF ){ // Vertical Dsiplay
                                $style = " class='sectiontitle' style='text-align: right;".
                                " padding-right: 10px; width: 10%'";
                        }
                        NLIO("<td$style>", $tab + 2);
                        if ( $vf == 0 ){
                                if ( $DF ){
                                        for ( $i = 0; $i < $icnt; $i++){
                                                NLIO($Desc[$i], $tab + 3);
                                                if ( $i != $icnt - 1 ){
                                                        NLIO('</td><td>', $tab + 2);
                                                }
                                        }
                                        PrintTblNewRow( 1, '', $tab + 2 );
                                }
                        }
                        for ( $i = 0; $i < $icnt; $i++){
                                if ( $vf == 0 ){
                                        NLIO($Items[$i], $tab + 3);
                                        if ( $i != $icnt - 1 ){
                                                NLIO('</td><td>', $tab + 2);
                                        }
                                }else{
                                        if ( $DF ){
                                                NLIO($Desc[$i].': ', $tab + 3);
                                                NLIO("</td><td style='padding-left:10px;'>", $tab + 2);
                                        }
                                        NLIO($Items[$i], $tab + 3);
                                        if ( $i != $icnt -1 ){
                                                PrintTblNewRow( 0, '', $tab + 2 );
                                                NLIO("<td$style>", $tab + 2);
                                        }
                                }
                        }
                        NLIO('</td>', $tab + 2);
                }
                PrintFramedBoxFooter(0, $tab);
        }
}

// @codeCoverageIgnoreStart
function FatalError ($message){
        print returnErrorMessage('<b>'._ERRBASEFATAL.'</b>',0,1)."\n".$message;
        $message = preg_replace("/\//", '', $message);
        $message = preg_replace("/<br>/i", ' ', $message);
        $message = strip_tags($message)."\n";
        error_log($message);
        trigger_error($message, E_USER_ERROR);
}
// @codeCoverageIgnoreEnd

function PrintServerInformation()
{
   echo '';
}

function PrintPageHeader(){
        GLOBAL $DBtype, $ADODB_vers, $Use_Auth_System, $BASE_VERSION;
        if ( !AuthorizedPage('(base_denied|index)') ){
                // Additional app info allowed everywhere but landing pages.
                $AdminAuth = AuthorizedRole(1); // Issue #146 Fix
                if ( $AdminAuth ){ // Issue #146 Fix
                        if ( base_array_key_exists('SERVER_SOFTWARE',$_SERVER) ){
                                $SW_Svr = $_SERVER['SERVER_SOFTWARE'];
                        }else{
                                $SW_Svr = 'unknown';
                        }
                        $tmp = session_encode();
                        $SW_Svr = XSSPrintSafe($SW_Svr);
                }
                $request_uri = XSSPrintSafe($_SERVER['REQUEST_URI']);
                if ( base_array_key_exists('HTTP_USER_AGENT',$_SERVER) ){
                        $SW_Cli = $_SERVER['HTTP_USER_AGENT'];
                }else{
                        $SW_Cli = 'unknown';
                }
                if ( base_array_key_exists('HTTP_REFERER', $_SERVER) ){
                        $http_referer = XSSPrintSafe($_SERVER['HTTP_REFERER']);
                }else{
                        $http_referer = '';
                }
                $SW_Cli = XSSPrintSafe($SW_Cli);
                $query_string = XSSPrintSafe($_SERVER['QUERY_STRING']);
                // TD these labels from Issue #11 at some point.
   echo "<PRE>
         <B>URL:</B> '".$request_uri."'
         (<B>referred by:</B> '".$http_referer."')
         <B>PARAMETERS:</B> '".$query_string."'
         <B>CLIENT:</B> ".$SW_Cli;
if ( $Use_Auth_System == 1 && AuthorizedRole(1) ){ // Issue #146 Fix
print "\n         <B>SERVER:</B> ".$SW_Svr."
         <B>SERVER HW:</B> ".php_uname();
print "\n         <B>PHP VERSION:</B> ".phpversion();
print "\n         <B>PHP API:</B> ".php_sapi_name();
print "\n         <B>DB TYPE:</B> ".$DBtype;
print "\n         <B>DB ABSTRACTION VERSION:</B> ".$ADODB_vers;
}
print "\n         <B>BASE VERSION:</B> ".$BASE_VERSION."
         <B>SESSION ID:</B> ".session_id()."( ".strlen($tmp)." bytes )
         <B>SCRIPT :</B> ".XSSPrintSafe($_SERVER['SCRIPT_NAME'])."
         </PRE>"; 
        }
}

function PrintHTTPPost()
{
   echo "<BR><B>HTTP POST Variables</B><PRE>";
   XSSPrintSafe($_POST);
   echo "</PRE>";
}

function SQLTraceLog($message)
{
  GLOBAL $sql_trace_mode, $sql_trace_file;


  if ($sql_trace_mode < 1)
  // then fallback to http server's error log:
  {
    error_log($message);
  }
  else
  // preferred
  {
    if (($sql_trace_file != "") && file_exists($sql_trace_file))
    {
      $fd = fopen($sql_trace_file, "a");
      if ($fd)
      {
        fputs($fd, $message);
        fputs($fd, "\n");
        fflush($fd);
        fclose($fd);
      }
      else
      {
        ErrorMessage("ERROR: Could not open " . $sql_trace_file);
      }
                }else{
                        error_log($message);
                }
        }
}
?>

1	<?php
2	/*******************************************************************************
3	** Basic Analysis and Security Engine (BASE)
4	** Copyright (C) 2004 BASE Project Team
5	** Copyright (C) 2000 Carnegie Mellon University
6	**
7	** (see the file 'base_main.php' for license details)
8	**
9	** Project Lead: Kevin Johnson <kjohnson@secureideas.net>
10	** Sean Muller <samwise_diver@users.sourceforge.net>
11	** Built upon work by Roman Danyliw <rdd@cert.org>, <roman@danyliw.com>
12	**
13	** Purpose: debugging and logging routines
14	********************************************************************************
15	** Authors:
16	********************************************************************************
17	** Kevin Johnson <kjohnson@secureideas.net
18	**
19	********************************************************************************
20	*/
21	/** The below check is to make sure that the conf file has been loaded before this one....
22	** This should prevent someone from accessing the page directly. -- Kevin
23	**/
24	defined( '_BASE_INC' ) or die( 'Accessing this file directly is not allowed.' );
25
26	function DivErrorMessage ($message, $Count = 0 ){
27	NLIO ("<div class='errorMsg' align='center'>$message</div>",$Count);	40✔
28	}	28✔
29
30	function ErrorMessage ($message, $color = "#ff0000", $br = 0 ){
31	print returnErrorMessage($message, $color, $br);	200✔
32	}	140✔
33
34	function returnErrorMessage ($message, $color = "#ff0000", $br = 0 ){
35	if ( HtmlColor($color) == false ){	300✔
36	// Default to Red if we are passed something odd.
37	$color = "#ff0000";	140✔
38	}	42✔
39	$error = "<font color='$color'>$message</font>";	300✔
40	if ( is_numeric($br) && $br == 1 ){ // Issue #160	300✔
41	$error .= '<br/>';	140✔
42	}	42✔
43	return $error;	300✔
44	}
45
46	function BuildError ($message = '', $fmessage = '' ){
47	if ( LoadedString($message) == true ){	20✔
48	ErrorMessage(_ERRPHPERROR.':',0,1);	20✔
49	ErrorMessage($message, 'black', 1);	20✔
50	print '<br/>';	20✔
51	}	6✔
52	// @codeCoverageIgnoreStart
53	if ( LoadedString($fmessage) == true ){
54	FatalError($fmessage);
55	}
56	// @codeCoverageIgnoreEnd
57	}	14✔
58
59	function LibIncError (
60	$Desc, $Loc, $Lib, $message = '', $LibName = '', $URL = '', $Fatal = 0,
61	$Pear = 0
62	){
63	// Translation data this msg when we get to _ERRSQLDBALLOAD1 on Issue#11
64	$msg = "<b>Error loading the $Desc library:</b> ".	100✔
65	XSSPrintSafe('from "'.$Loc.'".');	100✔
66	if ( LoadedString($LibName) == true ){	100✔
67	$msg .= '<br/>';	60✔
68	// Translation data this msg when we get to _ERRSQLDBALLOAD2 on Issue#11
69	$msg .= "The underlying $Desc library currently used is $LibName";	60✔
70	if ( LoadedString($URL) == true ){	60✔
71	$URL = XSSPrintSafe($URL);	20✔
72	$msg .= ', that can be downloaded at ';	20✔
73	$msg .= "<a href='$URL'>$URL</a>";	20✔
74	}	6✔
75	$msg .= '.';	60✔
76	}	18✔
77	ErrorMessage($msg,'black',1);	100✔
78	if ( LoadedString($message) == true ){	100✔
79	ErrorMessage($message,'black',1);	20✔
80	}	6✔
81	$FLib = $Lib;	100✔
82	if ($Pear == 1){	100✔
83	$EMsg = "Check your Pear::$LibName installation!<br/>";	20✔
84	$EMsg .= 'Make sure PEAR libraries can be found by PHP.';	20✔
85	$EMsg .= '<pre>';	20✔
86	$EMsg .= XSSPrintSafe('pear config-show \| grep "PEAR directory"'."\n");	20✔
87	$EMsg .= XSSPrintSafe('PEAR directory php_dir /usr/share/pear');	20✔
88	$EMsg .= '</pre>';	20✔
89	$EMsg .= 'This path must be part of the include path of php (cf. /etc/php.ini).';	20✔
90	$EMsg .= '<pre>';	20✔
91	$EMsg .= XSSPrintSafe('php -i \| grep "include_path"');	20✔
92	$EMsg .= XSSPrintSafe(	20✔
93	'include_path => .:/usr/share/pear:/usr/share/php => .:/usr/share/pear:/usr/share/php'	8✔
94	);	6✔
95	$EMsg .= '</pre>';	20✔
96	if ( ini_get('safe_mode') ){	20✔
97	$EMsg .= XSSPrintSafe(	×
98	'In "safe_mode" it must also be part of safe_mode_include_dir in /etc/php.ini'
99	);
100	}
101	ErrorMessage($EMsg,'black',1);	20✔
102	$FLib = $LibName;	20✔
103	}	6✔
104	$tmp = "PHP setup incomplete: $FLib required.";	100✔
105	if ($Fatal == 0){	100✔
106	ErrorMessage($tmp, 0,1);	100✔
107	}else{	30✔
108	// @codeCoverageIgnoreStart
109	FatalError($tmp);
110	// @codeCoverageIgnoreEnd
111	}
112	}	70✔
113
114	// Debug Data Table
115	function DDT (
116	$Items, $Desc = array(), $title = NULL, $tab = 3, $wd = 75, $vf = 0
117	){
118	if ( is_array($Items) ){ // Input Validation	160✔
119	if ( !is_array($Desc) ){	160✔
120	$Desc = array($Desc);	20✔
121	}	6✔
122	if ( !is_int($tab) ){	160✔
123	$tab = 3;	60✔
124	}	18✔
125	if ( !is_int($wd) ){	160✔
126	$wd = 75;	40✔
127	}	12✔
128	if ( !is_int($vf) ){	160✔
129	$vf = 0;	×
130	}
131	if ( !LoadedString($title) ){	160✔
132	$title = 'Debug Data Table';	140✔
133	}	42✔
134	$title = XSSPrintSafe($title);	160✔
135	$Desc = XSSPrintSafe($Desc);	160✔
136	$Items = XSSPrintSafe($Items);	160✔
137	PrintFramedBoxHeader($title, 'red', 0, $tab, '', $wd);	160✔
138	$icnt = count($Items);	160✔
139	$DF = false;	160✔
140	if ( $icnt <= count($Desc) ){ // Do we have Descriptions?	160✔
141	$DF = true;	120✔
142	}	36✔
143	if ( $icnt > 0 ){	160✔
144	$style = '';	80✔
145	if ( $vf == 1 && $DF ){ // Vertical Dsiplay	80✔
146	$style = " class='sectiontitle' style='text-align: right;".	4✔
147	" padding-right: 10px; width: 10%'";	14✔
148	}	6✔
149	NLIO("<td$style>", $tab + 2);	80✔
150	if ( $vf == 0 ){	80✔
151	if ( $DF ){	40✔
152	for ( $i = 0; $i < $icnt; $i++){	20✔
153	NLIO($Desc[$i], $tab + 3);	20✔
154	if ( $i != $icnt - 1 ){	20✔
155	NLIO('</td><td>', $tab + 2);	20✔
156	}	6✔
157	}	6✔
158	PrintTblNewRow( 1, '', $tab + 2 );	20✔
159	}	6✔
160	}	12✔
161	for ( $i = 0; $i < $icnt; $i++){	80✔
162	if ( $vf == 0 ){	80✔
163	NLIO($Items[$i], $tab + 3);	40✔
164	if ( $i != $icnt - 1 ){	40✔
165	NLIO('</td><td>', $tab + 2);	40✔
166	}	12✔
167	}else{	12✔
168	if ( $DF ){	40✔
169	NLIO($Desc[$i].': ', $tab + 3);	20✔
170	NLIO("</td><td style='padding-left:10px;'>", $tab + 2);	20✔
171	}	6✔
172	NLIO($Items[$i], $tab + 3);	40✔
173	if ( $i != $icnt -1 ){	40✔
174	PrintTblNewRow( 0, '', $tab + 2 );	40✔
175	NLIO("<td$style>", $tab + 2);	40✔
176	}	12✔
177	}
178	}	24✔
179	NLIO('</td>', $tab + 2);	80✔
180	}	24✔
181	PrintFramedBoxFooter(0, $tab);	160✔
182	}	48✔
183	}	112✔
184
185	// @codeCoverageIgnoreStart
186	function FatalError ($message){
187	print returnErrorMessage('<b>'._ERRBASEFATAL.'</b>',0,1)."\n".$message;
188	$message = preg_replace("/\//", '', $message);
189	$message = preg_replace("/<br>/i", ' ', $message);
190	$message = strip_tags($message)."\n";
191	error_log($message);
192	trigger_error($message, E_USER_ERROR);
193	}
194	// @codeCoverageIgnoreEnd
195
196	function PrintServerInformation()
197	{
198	echo '';	×
199	}
200
201	function PrintPageHeader(){
202	GLOBAL $DBtype, $ADODB_vers, $Use_Auth_System, $BASE_VERSION;
203	if ( !AuthorizedPage('(base_denied\|index)') ){	×
204	// Additional app info allowed everywhere but landing pages.
205	$AdminAuth = AuthorizedRole(1); // Issue #146 Fix	×
206	if ( $AdminAuth ){ // Issue #146 Fix	×
207	if ( base_array_key_exists('SERVER_SOFTWARE',$_SERVER) ){	×
208	$SW_Svr = $_SERVER['SERVER_SOFTWARE'];	×
209	}else{
210	$SW_Svr = 'unknown';	×
211	}
212	$tmp = session_encode();	×
213	$SW_Svr = XSSPrintSafe($SW_Svr);	×
214	}
215	$request_uri = XSSPrintSafe($_SERVER['REQUEST_URI']);	×
216	if ( base_array_key_exists('HTTP_USER_AGENT',$_SERVER) ){	×
217	$SW_Cli = $_SERVER['HTTP_USER_AGENT'];	×
218	}else{
219	$SW_Cli = 'unknown';	×
220	}
221	if ( base_array_key_exists('HTTP_REFERER', $_SERVER) ){	×
222	$http_referer = XSSPrintSafe($_SERVER['HTTP_REFERER']);	×
223	}else{
224	$http_referer = '';	×
225	}
226	$SW_Cli = XSSPrintSafe($SW_Cli);	×
227	$query_string = XSSPrintSafe($_SERVER['QUERY_STRING']);	×
228	// TD these labels from Issue #11 at some point.
229	echo "<PRE>
230	<B>URL:</B> '".$request_uri."'
231	(<B>referred by:</B> '".$http_referer."')
232	<B>PARAMETERS:</B> '".$query_string."'
233	<B>CLIENT:</B> ".$SW_Cli;
234	if ( $Use_Auth_System == 1 && AuthorizedRole(1) ){ // Issue #146 Fix	×
235	print "\n <B>SERVER:</B> ".$SW_Svr."	×
236	<B>SERVER HW:</B> ".php_uname();	×
237	print "\n <B>PHP VERSION:</B> ".phpversion();	×
238	print "\n <B>PHP API:</B> ".php_sapi_name();	×
239	print "\n <B>DB TYPE:</B> ".$DBtype;	×
240	print "\n <B>DB ABSTRACTION VERSION:</B> ".$ADODB_vers;	×
241	}
242	print "\n <B>BASE VERSION:</B> ".$BASE_VERSION."	×
243	<B>SESSION ID:</B> ".session_id()."( ".strlen($tmp)." bytes )	×
244	<B>SCRIPT :</B> ".XSSPrintSafe($_SERVER['SCRIPT_NAME'])."	×
245	</PRE>";
246	}
247	}
248
249	function PrintHTTPPost()
250	{
251	echo "<BR><B>HTTP POST Variables</B><PRE>";	×
252	XSSPrintSafe($_POST);	×
253	echo "</PRE>";	×
254	}
255
256	function SQLTraceLog($message)
257	{
258	GLOBAL $sql_trace_mode, $sql_trace_file;
259
260
261	if ($sql_trace_mode < 1)	×
262	// then fallback to http server's error log:
263	{
264	error_log($message);	×
265	}
266	else
267	// preferred
268	{
269	if (($sql_trace_file != "") && file_exists($sql_trace_file))	×
270	{
271	$fd = fopen($sql_trace_file, "a");	×
272	if ($fd)
273	{
274	fputs($fd, $message);	×
275	fputs($fd, "\n");	×
276	fflush($fd);	×
277	fclose($fd);	×
278	}
279	else
280	{
281	ErrorMessage("ERROR: Could not open " . $sql_trace_file);	×
282	}
283	}else{
284	error_log($message);	×
285	}
286	}
287	}
288	?>

NathanGibbs3 / BASE / 590

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous