NathanGibbs3 / BASE / 624

pending completion

Build # 624

Build Type

push

travis-ci-com

Committed by

NathanGibbs3

Commit Message

Merge branch 'devel'

Run Details

562 of 562 new or added lines in 28 files covered. (100.0%)

3145 of 17504 relevant lines covered (17.97%)

23.22 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

66.92

/includes/base_log_error.inc.php

<?php
/*******************************************************************************
** Basic Analysis and Security Engine (BASE)
** Copyright (C) 2004 BASE Project Team
** Copyright (C) 2000 Carnegie Mellon University
**
** (see the file 'base_main.php' for license details)
**
** Project Lead: Kevin Johnson <kjohnson@secureideas.net>
**                Sean Muller <samwise_diver@users.sourceforge.net>
** Built upon work by Roman Danyliw <rdd@cert.org>, <roman@danyliw.com>
**
** Purpose: debugging and logging routines   
********************************************************************************
** Authors:
********************************************************************************
** Kevin Johnson <kjohnson@secureideas.net
**
********************************************************************************
*/
// Ensure the conf file has been loaded. Prevent direct access to this file.
defined('_BASE_INC') or die('Accessing this file directly is not allowed.');

function DivErrorMessage ($message, $Count = 0 ){
        NLIO ("<div class='errorMsg' align='center'>$message</div>",$Count);
}

function returnBuildError( $Desc, $Opt ){ // Standardiazed PHP build error.
        if ( LoadedString($Desc) && LoadedString($Opt) ){
                $Desc = XSSPrintSafe($Desc);
                $Opt = XSSPrintSafe($Opt);
                $Ret = returnErrorMessage(_ERRPHPERROR.':',0,1);
                // TD this.
                $Ret .=
                NLI("<b>PHP build incomplete</b>: $Desc support required.<br/>")
                . NLI("Recompile PHP with $Desc support (<code>$Opt</code>) .<br/>");
                return $Ret;
        }
}

function BuildError ($message = '', $fmessage = '' ){
        if ( LoadedString($message) == true ){
                ErrorMessage(_ERRPHPERROR.':',0,1);
                ErrorMessage($message, 'black', 1);
                print '<br/>';
        }
        // @codeCoverageIgnoreStart
        if ( LoadedString($fmessage) == true ){
                FatalError($fmessage);
        }
        // @codeCoverageIgnoreEnd
}

function LibIncError (
                $Desc, $Loc, $Lib, $message = '', $LibName = '', $URL = '', $Fatal = 0,
                $Pear = 0
        ){
        // Translation data this msg when we get to _ERRSQLDBALLOAD1 on Issue#11
        $msg = "<b>Error loading the $Desc library:</b> ".
        XSSPrintSafe('from "'.$Loc.'".');
        if ( LoadedString($LibName) == true ){
                $msg .= '<br/>';
                // Translation data this msg when we get to _ERRSQLDBALLOAD2 on Issue#11
                $msg .= "The underlying $Desc library currently used is $LibName";
                if ( LoadedString($URL) == true ){
                        $URL = XSSPrintSafe($URL);
                        $msg .= ', that can be downloaded at ';
                        $msg .= "<a href='$URL'>$URL</a>";
                }
                $msg .= '.';
        }
        ErrorMessage($msg,'black',1);
        if ( LoadedString($message) == true ){
                ErrorMessage($message,'black',1);
        }
        $FLib = $Lib;
        if ($Pear == 1){
                $EMsg = "Check your Pear::$LibName installation!<br/>";
                $EMsg .= 'Make sure PEAR libraries can be found by PHP.';
                $EMsg .= '<pre>';
                $EMsg .= XSSPrintSafe('pear config-show | grep "PEAR directory"'."\n");
                $EMsg .= XSSPrintSafe('PEAR directory      php_dir     /usr/share/pear');
                $EMsg .= '</pre>';
                $EMsg .= 'This path must be part of the include path of php (cf. /etc/php.ini).';
                $EMsg .= '<pre>';
                $EMsg .= XSSPrintSafe('php -i | grep "include_path"');
                $EMsg .= XSSPrintSafe(
                        'include_path => .:/usr/share/pear:/usr/share/php => .:/usr/share/pear:/usr/share/php'
                );
                $EMsg .= '</pre>';
                if ( ini_get('safe_mode') ){
                        $EMsg .= XSSPrintSafe(
                                'In "safe_mode" it must also be part of safe_mode_include_dir in /etc/php.ini'
                        );
                }
                ErrorMessage($EMsg,'black',1);
                $FLib = $LibName;
        }
        $tmp = "PHP setup incomplete: $FLib required.";
        if ($Fatal == 0){
                ErrorMessage($tmp, 0,1);
        }else{
                // @codeCoverageIgnoreStart
                FatalError($tmp);
                // @codeCoverageIgnoreEnd
        }
}

// Debug Data Table
function DDT (
        $Items, $Desc = array(), $title = NULL, $tab = 3, $wd = 75, $vf = 0
){
        if ( is_array($Items) ){ // Input Validation
                if ( !is_array($Desc) ){
                        $Desc = array($Desc);
                }
                if ( !is_int($tab) ){
                        $tab = 3;
                }
                if ( !is_int($wd) ){
                        $wd = 75;
                }
                if ( !is_int($vf) ){
                        $vf = 0;
                }
                if ( !LoadedString($title) ){
                        $title = 'Debug Data Table';
                }
                $title = XSSPrintSafe($title);
                $Desc = XSSPrintSafe($Desc);
                $Items = XSSPrintSafe($Items);
                PrintFramedBoxHeader($title, 'red', 0, $tab, '', $wd);
                $icnt = count($Items);
                $DF = false;
                if ( $icnt <= count($Desc) ){ // Do we have Descriptions?
                        $DF = true;
                }
                if ( $icnt > 0 ){
                        $style = '';
                        if ( $vf == 1 && $DF ){ // Vertical Dsiplay
                                $style = " class='sectiontitle' style='text-align: right;".
                                " padding-right: 10px; width: 10%'";
                        }
                        NLIO("<td$style>", $tab + 2);
                        if ( $vf == 0 ){
                                if ( $DF ){
                                        for ( $i = 0; $i < $icnt; $i++){
                                                NLIO($Desc[$i], $tab + 3);
                                                if ( $i != $icnt - 1 ){
                                                        NLIO('</td><td>', $tab + 2);
                                                }
                                        }
                                        PrintTblNewRow( 1, '', $tab + 2 );
                                }
                        }
                        for ( $i = 0; $i < $icnt; $i++){
                                if ( $vf == 0 ){
                                        NLIO($Items[$i], $tab + 3);
                                        if ( $i != $icnt - 1 ){
                                                NLIO('</td><td>', $tab + 2);
                                        }
                                }else{
                                        if ( $DF ){
                                                NLIO($Desc[$i].': ', $tab + 3);
                                                NLIO("</td><td style='padding-left:10px;'>", $tab + 2);
                                        }
                                        NLIO($Items[$i], $tab + 3);
                                        if ( $i != $icnt -1 ){
                                                PrintTblNewRow( 0, '', $tab + 2 );
                                                NLIO("<td$style>", $tab + 2);
                                        }
                                }
                        }
                        NLIO('</td>', $tab + 2);
                }
                PrintFramedBoxFooter(0, $tab);
        }
}

// @codeCoverageIgnoreStart
function FatalError ($message){
        print returnErrorMessage('<b>'._ERRBASEFATAL.'</b>',0,1)."\n".$message;
        $message = preg_replace("/\//", '', $message);
        $message = preg_replace("/<br>/i", ' ', $message);
        $message = strip_tags($message)."\n";
        error_log($message);
        trigger_error($message, E_USER_ERROR);
}
// @codeCoverageIgnoreEnd

function PrintServerInformation()
{
   echo '';
}

function PrintPageHeader(){
        GLOBAL $DBtype, $ADODB_vers, $Use_Auth_System, $BCR;
        if( !AuthorizedPage('(base_denied|index)') ){
                $BV = $BCR->GetCap('BASE_Ver');
                // Additional app info allowed everywhere but landing pages.
                $AdminAuth = AuthorizedRole(1); // Issue #146 Fix
                if( $AdminAuth ){ // Issue #146 Fix
                        if( is_key('SERVER_SOFTWARE', $_SERVER) ){
                                $SW_Svr = $_SERVER['SERVER_SOFTWARE'];
                        }else{
                                $SW_Svr = 'unknown';
                        }
                        $tmp = session_encode();
                        $SW_Svr = XSSPrintSafe($SW_Svr);
                }
                $request_uri = XSSPrintSafe($_SERVER['REQUEST_URI']);
                if( is_key('HTTP_USER_AGENT', $_SERVER) ){
                        $SW_Cli = $_SERVER['HTTP_USER_AGENT'];
                }else{
                        $SW_Cli = 'unknown';
                }
                if( is_key('HTTP_REFERER', $_SERVER) ){
                        $http_referer = XSSPrintSafe($_SERVER['HTTP_REFERER']);
                }else{
                        $http_referer = '';
                }
                $SW_Cli = XSSPrintSafe($SW_Cli);
                $query_string = XSSPrintSafe($_SERVER['QUERY_STRING']);
                // TD these labels from Issue #11 at some point.
   echo "<PRE>
         <B>URL:</B> '".$request_uri."'
         (<B>referred by:</B> '".$http_referer."')
         <B>PARAMETERS:</B> '".$query_string."'
         <B>CLIENT:</B> ".$SW_Cli;
if ( $Use_Auth_System == 1 && AuthorizedRole(1) ){ // Issue #146 Fix
print "\n         <B>SERVER:</B> ".$SW_Svr."
         <B>SERVER HW:</B> ".php_uname();
print "\n         <B>PHP VERSION:</B> ".phpversion();
print "\n         <B>PHP API:</B> ".php_sapi_name();
print "\n         <B>DB TYPE:</B> ".$DBtype;
print "\n         <B>DB ABSTRACTION VERSION:</B> ".$ADODB_vers;
}
print "\n         <B>BASE VERSION:</B> $BV
         <B>SESSION ID:</B> ".session_id()."( ".strlen($tmp)." bytes )
         <B>SCRIPT :</B> ".XSSPrintSafe($_SERVER['SCRIPT_NAME'])."
         </PRE>"; 
        }
}

function PrintHTTPPost()
{
   echo "<BR><B>HTTP POST Variables</B><PRE>";
   XSSPrintSafe($_POST);
   echo "</PRE>";
}

function SQLTraceLog($message)
{
  GLOBAL $sql_trace_mode, $sql_trace_file;


  if ($sql_trace_mode < 1)
  // then fallback to http server's error log:
  {
    error_log($message);
  }
  else
  // preferred
  {
    if (($sql_trace_file != "") && file_exists($sql_trace_file))
    {
      $fd = fopen($sql_trace_file, "a");
      if ($fd)
      {
        fputs($fd, $message);
        fputs($fd, "\n");
        fflush($fd);
        fclose($fd);
      }
      else
      {
        ErrorMessage("ERROR: Could not open " . $sql_trace_file);
      }
                }else{
                        error_log($message);
                }
        }
}
?>

1	<?php
2	/*******************************************************************************
3	** Basic Analysis and Security Engine (BASE)
4	** Copyright (C) 2004 BASE Project Team
5	** Copyright (C) 2000 Carnegie Mellon University
6	**
7	** (see the file 'base_main.php' for license details)
8	**
9	** Project Lead: Kevin Johnson <kjohnson@secureideas.net>
10	** Sean Muller <samwise_diver@users.sourceforge.net>
11	** Built upon work by Roman Danyliw <rdd@cert.org>, <roman@danyliw.com>
12	**
13	** Purpose: debugging and logging routines
14	********************************************************************************
15	** Authors:
16	********************************************************************************
17	** Kevin Johnson <kjohnson@secureideas.net
18	**
19	********************************************************************************
20	*/
21	// Ensure the conf file has been loaded. Prevent direct access to this file.
22	defined('_BASE_INC') or die('Accessing this file directly is not allowed.');
23
24	function DivErrorMessage ($message, $Count = 0 ){
25	NLIO ("<div class='errorMsg' align='center'>$message</div>",$Count);	44✔
26	}	32✔
27
28	function returnBuildError( $Desc, $Opt ){ // Standardiazed PHP build error.
29	if ( LoadedString($Desc) && LoadedString($Opt) ){	20✔
30	$Desc = XSSPrintSafe($Desc);	20✔
31	$Opt = XSSPrintSafe($Opt);	20✔
32	$Ret = returnErrorMessage(_ERRPHPERROR.':',0,1);	20✔
33	// TD this.
34	$Ret .=
35	NLI("<b>PHP build incomplete</b>: $Desc support required.<br/>")	20✔
36	. NLI("Recompile PHP with $Desc support (<code>$Opt</code>) .<br/>");	20✔
37	return $Ret;	20✔
38	}
39	}
40
41	function BuildError ($message = '', $fmessage = '' ){
42	if ( LoadedString($message) == true ){	20✔
43	ErrorMessage(_ERRPHPERROR.':',0,1);	20✔
44	ErrorMessage($message, 'black', 1);	20✔
45	print '<br/>';	20✔
46	}	6✔
47	// @codeCoverageIgnoreStart
48	if ( LoadedString($fmessage) == true ){
49	FatalError($fmessage);
50	}
51	// @codeCoverageIgnoreEnd
52	}	14✔
53
54	function LibIncError (
55	$Desc, $Loc, $Lib, $message = '', $LibName = '', $URL = '', $Fatal = 0,
56	$Pear = 0
57	){
58	// Translation data this msg when we get to _ERRSQLDBALLOAD1 on Issue#11
59	$msg = "<b>Error loading the $Desc library:</b> ".	110✔
60	XSSPrintSafe('from "'.$Loc.'".');	110✔
61	if ( LoadedString($LibName) == true ){	110✔
62	$msg .= '<br/>';	66✔
63	// Translation data this msg when we get to _ERRSQLDBALLOAD2 on Issue#11
64	$msg .= "The underlying $Desc library currently used is $LibName";	66✔
65	if ( LoadedString($URL) == true ){	66✔
66	$URL = XSSPrintSafe($URL);	22✔
67	$msg .= ', that can be downloaded at ';	22✔
68	$msg .= "<a href='$URL'>$URL</a>";	22✔
69	}	8✔
70	$msg .= '.';	66✔
71	}	24✔
72	ErrorMessage($msg,'black',1);	110✔
73	if ( LoadedString($message) == true ){	110✔
74	ErrorMessage($message,'black',1);	22✔
75	}	8✔
76	$FLib = $Lib;	110✔
77	if ($Pear == 1){	110✔
78	$EMsg = "Check your Pear::$LibName installation!<br/>";	22✔
79	$EMsg .= 'Make sure PEAR libraries can be found by PHP.';	22✔
80	$EMsg .= '<pre>';	22✔
81	$EMsg .= XSSPrintSafe('pear config-show \| grep "PEAR directory"'."\n");	22✔
82	$EMsg .= XSSPrintSafe('PEAR directory php_dir /usr/share/pear');	22✔
83	$EMsg .= '</pre>';	22✔
84	$EMsg .= 'This path must be part of the include path of php (cf. /etc/php.ini).';	22✔
85	$EMsg .= '<pre>';	22✔
86	$EMsg .= XSSPrintSafe('php -i \| grep "include_path"');	22✔
87	$EMsg .= XSSPrintSafe(	22✔
88	'include_path => .:/usr/share/pear:/usr/share/php => .:/usr/share/pear:/usr/share/php'	8✔
89	);	8✔
90	$EMsg .= '</pre>';	22✔
91	if ( ini_get('safe_mode') ){	22✔
92	$EMsg .= XSSPrintSafe(	×
93	'In "safe_mode" it must also be part of safe_mode_include_dir in /etc/php.ini'
94	);
95	}
96	ErrorMessage($EMsg,'black',1);	22✔
97	$FLib = $LibName;	22✔
98	}	8✔
99	$tmp = "PHP setup incomplete: $FLib required.";	110✔
100	if ($Fatal == 0){	110✔
101	ErrorMessage($tmp, 0,1);	110✔
102	}else{	40✔
103	// @codeCoverageIgnoreStart
104	FatalError($tmp);
105	// @codeCoverageIgnoreEnd
106	}
107	}	80✔
108
109	// Debug Data Table
110	function DDT (
111	$Items, $Desc = array(), $title = NULL, $tab = 3, $wd = 75, $vf = 0
112	){
113	if ( is_array($Items) ){ // Input Validation	176✔
114	if ( !is_array($Desc) ){	176✔
115	$Desc = array($Desc);	22✔
116	}	8✔
117	if ( !is_int($tab) ){	176✔
118	$tab = 3;	66✔
119	}	24✔
120	if ( !is_int($wd) ){	176✔
121	$wd = 75;	44✔
122	}	16✔
123	if ( !is_int($vf) ){	176✔
124	$vf = 0;	×
125	}
126	if ( !LoadedString($title) ){	176✔
127	$title = 'Debug Data Table';	154✔
128	}	56✔
129	$title = XSSPrintSafe($title);	176✔
130	$Desc = XSSPrintSafe($Desc);	176✔
131	$Items = XSSPrintSafe($Items);	176✔
132	PrintFramedBoxHeader($title, 'red', 0, $tab, '', $wd);	176✔
133	$icnt = count($Items);	176✔
134	$DF = false;	176✔
135	if ( $icnt <= count($Desc) ){ // Do we have Descriptions?	176✔
136	$DF = true;	132✔
137	}	48✔
138	if ( $icnt > 0 ){	176✔
139	$style = '';	88✔
140	if ( $vf == 1 && $DF ){ // Vertical Dsiplay	88✔
141	$style = " class='sectiontitle' style='text-align: right;".	4✔
142	" padding-right: 10px; width: 10%'";	16✔
143	}	8✔
144	NLIO("<td$style>", $tab + 2);	88✔
145	if ( $vf == 0 ){	88✔
146	if ( $DF ){	44✔
147	for ( $i = 0; $i < $icnt; $i++){	22✔
148	NLIO($Desc[$i], $tab + 3);	22✔
149	if ( $i != $icnt - 1 ){	22✔
150	NLIO('</td><td>', $tab + 2);	22✔
151	}	8✔
152	}	8✔
153	PrintTblNewRow( 1, '', $tab + 2 );	22✔
154	}	8✔
155	}	16✔
156	for ( $i = 0; $i < $icnt; $i++){	88✔
157	if ( $vf == 0 ){	88✔
158	NLIO($Items[$i], $tab + 3);	44✔
159	if ( $i != $icnt - 1 ){	44✔
160	NLIO('</td><td>', $tab + 2);	44✔
161	}	16✔
162	}else{	16✔
163	if ( $DF ){	44✔
164	NLIO($Desc[$i].': ', $tab + 3);	22✔
165	NLIO("</td><td style='padding-left:10px;'>", $tab + 2);	22✔
166	}	8✔
167	NLIO($Items[$i], $tab + 3);	44✔
168	if ( $i != $icnt -1 ){	44✔
169	PrintTblNewRow( 0, '', $tab + 2 );	44✔
170	NLIO("<td$style>", $tab + 2);	44✔
171	}	16✔
172	}
173	}	32✔
174	NLIO('</td>', $tab + 2);	88✔
175	}	32✔
176	PrintFramedBoxFooter(0, $tab);	176✔
177	}	64✔
178	}	128✔
179
180	// @codeCoverageIgnoreStart
181	function FatalError ($message){
182	print returnErrorMessage('<b>'._ERRBASEFATAL.'</b>',0,1)."\n".$message;
183	$message = preg_replace("/\//", '', $message);
184	$message = preg_replace("/<br>/i", ' ', $message);
185	$message = strip_tags($message)."\n";
186	error_log($message);
187	trigger_error($message, E_USER_ERROR);
188	}
189	// @codeCoverageIgnoreEnd
190
191	function PrintServerInformation()
192	{
193	echo '';	×
194	}
195
196	function PrintPageHeader(){
197	GLOBAL $DBtype, $ADODB_vers, $Use_Auth_System, $BCR;
198	if( !AuthorizedPage('(base_denied\|index)') ){	×
199	$BV = $BCR->GetCap('BASE_Ver');	×
200	// Additional app info allowed everywhere but landing pages.
201	$AdminAuth = AuthorizedRole(1); // Issue #146 Fix	×
202	if( $AdminAuth ){ // Issue #146 Fix	×
203	if( is_key('SERVER_SOFTWARE', $_SERVER) ){	×
204	$SW_Svr = $_SERVER['SERVER_SOFTWARE'];	×
205	}else{
206	$SW_Svr = 'unknown';	×
207	}
208	$tmp = session_encode();	×
209	$SW_Svr = XSSPrintSafe($SW_Svr);	×
210	}
211	$request_uri = XSSPrintSafe($_SERVER['REQUEST_URI']);	×
212	if( is_key('HTTP_USER_AGENT', $_SERVER) ){	×
213	$SW_Cli = $_SERVER['HTTP_USER_AGENT'];	×
214	}else{
215	$SW_Cli = 'unknown';	×
216	}
217	if( is_key('HTTP_REFERER', $_SERVER) ){	×
218	$http_referer = XSSPrintSafe($_SERVER['HTTP_REFERER']);	×
219	}else{
220	$http_referer = '';	×
221	}
222	$SW_Cli = XSSPrintSafe($SW_Cli);	×
223	$query_string = XSSPrintSafe($_SERVER['QUERY_STRING']);	×
224	// TD these labels from Issue #11 at some point.
225	echo "<PRE>
226	<B>URL:</B> '".$request_uri."'
227	(<B>referred by:</B> '".$http_referer."')
228	<B>PARAMETERS:</B> '".$query_string."'
229	<B>CLIENT:</B> ".$SW_Cli;
230	if ( $Use_Auth_System == 1 && AuthorizedRole(1) ){ // Issue #146 Fix	×
231	print "\n <B>SERVER:</B> ".$SW_Svr."	×
232	<B>SERVER HW:</B> ".php_uname();	×
233	print "\n <B>PHP VERSION:</B> ".phpversion();	×
234	print "\n <B>PHP API:</B> ".php_sapi_name();	×
235	print "\n <B>DB TYPE:</B> ".$DBtype;	×
236	print "\n <B>DB ABSTRACTION VERSION:</B> ".$ADODB_vers;	×
237	}
238	print "\n <B>BASE VERSION:</B> $BV
239	<B>SESSION ID:</B> ".session_id()."( ".strlen($tmp)." bytes )	×
240	<B>SCRIPT :</B> ".XSSPrintSafe($_SERVER['SCRIPT_NAME'])."	×
241	</PRE>";
242	}
243	}
244
245	function PrintHTTPPost()
246	{
247	echo "<BR><B>HTTP POST Variables</B><PRE>";	×
248	XSSPrintSafe($_POST);	×
249	echo "</PRE>";	×
250	}
251
252	function SQLTraceLog($message)
253	{
254	GLOBAL $sql_trace_mode, $sql_trace_file;
255
256
257	if ($sql_trace_mode < 1)	×
258	// then fallback to http server's error log:
259	{
260	error_log($message);	×
261	}
262	else
263	// preferred
264	{
265	if (($sql_trace_file != "") && file_exists($sql_trace_file))	×
266	{
267	$fd = fopen($sql_trace_file, "a");	×
268	if ($fd)
269	{
270	fputs($fd, $message);	×
271	fputs($fd, "\n");	×
272	fflush($fd);	×
273	fclose($fd);	×
274	}
275	else
276	{
277	ErrorMessage("ERROR: Could not open " . $sql_trace_file);	×
278	}
279	}else{
280	error_log($message);	×
281	}
282	}
283	}
284	?>

NathanGibbs3 / BASE / 624

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous