NathanGibbs3 / BASE / 626

pending completion

Build # 626

Build Type

push

travis-ci-com

Committed by

NathanGibbs3

Commit Message

20230513 Closes #42 Closes #140 Closes #199
         Code Cleanup.

     File(s): base_common.php
            : base_conf.php.dist
            : includes/base_capabilities.php
            : setup/base_conf_contents.php
    Issue(s): #42
              New Config Var $AllowedClients.
              Does not need to be set on most configurations.
     File(s): base_qry_sqlcalls.php
            : includes/base_output_query.inc.php
              Code Cleanup.
     File(s): base_stat_alerts.php
            : base_stat_class.php
            : base_stat_iplink.php
            : base_stat_ports.php
            : base_stat_sensor.php
            : base_stat_uaddr.php
    Issue(s): #140 #199
     File(s): styles/base_common.css
              Set form margins to 0px.

Run Details

46 of 46 new or added lines in 9 files covered. (100.0%)

3148 of 17531 relevant lines covered (17.96%)

23.19 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

0.0

/base_stat_sensor.php

<?php
/*******************************************************************************
** Basic Analysis and Security Engine (BASE)
** Copyright (C) 2004 BASE Project Team
** Copyright (C) 2000 Carnegie Mellon University
**
** (see the file 'base_main.php' for license details)
**
** Project Leads: Kevin Johnson <kjohnson@secureideas.net>
**                Sean Muller <samwise_diver@users.sourceforge.net>
** Built upon work by Roman Danyliw <rdd@cert.org>, <roman@danyliw.com>
**
** Purpose: Sensor statistics
**
** Input GET/POST variables
**   - submit:
**   - caller:
********************************************************************************
** Authors:
********************************************************************************
** Kevin Johnson <kjohnson@secureideas.net
**
********************************************************************************
*/

$sc = DIRECTORY_SEPARATOR;
require_once("includes$sc" . 'base_krnl.php');
include_once("$BASE_path/includes/base_include.inc.php");
include_once("$BASE_path/base_db_common.php");
include_once("$BASE_path/base_stat_common.php");
include_once("$BASE_path/base_qry_common.php");
include_once("$BASE_path/base_ag_common.php");

AuthorizedRole(10000);
$db = NewBASEDBConnection($DBlib_path, $DBtype); // Connect to DB.
$db->baseDBConnect(
        $db_connect_method,$alert_dbname, $alert_host, $alert_port, $alert_user,
        $alert_password
);
UpdateAlertCache($db);
$cs = new CriteriaState("base_stat_sensor.php");
$cs->ReadState();
$qs = new QueryState();
$submit = ImportHTTPVar("submit", VAR_ALPHA | VAR_SPACE, array(_SELECTED, _ALLONSCREEN, _ENTIREQUERY));
$sort_order=ImportHTTPVar("sort_order", VAR_LETTER | VAR_USCORE);
$action = ImportHTTPVar("action", VAR_ALPHA);
$qs->MoveView($submit);             /* increment the view if necessary */
$page_title = SPSENSORLIST;
$tr = 1; // Page Refresh
if ($action != '' ){
        $tr = $refresh_all_pages;
}
PrintBASESubHeader( $page_title, $page_title, $cs->GetBackLink(), $tr );
$criteria_clauses = ProcessCriteria();
PrintCriteria('');

  $from = " FROM acid_event ".$criteria_clauses[0];
  $where = " WHERE ".$criteria_clauses[1];

  $qs->AddValidAction("ag_by_id");
  $qs->AddValidAction("ag_by_name");
  $qs->AddValidAction("add_new_ag");
  $qs->AddValidAction("del_alert");
  $qs->AddValidAction("email_alert");
  $qs->AddValidAction("email_alert2");
  $qs->AddValidAction("csv_alert");
  $qs->AddValidAction("archive_alert");
  $qs->AddValidAction("archive_alert2");

  $qs->AddValidActionOp(_SELECTED);
  $qs->AddValidActionOp(_ALLONSCREEN);

  $qs->SetActionSQL($from.$where);
  $et->Mark("Initialization");

  $qs->RunAction($submit, PAGE_STAT_SENSOR, $db);
  $et->Mark("Alert Action");

  /* create SQL to get Unique Alerts */
  $cnt_sql = "SELECT count(DISTINCT acid_event.sid) ".$from.$where;

  /* Run the query to determine the number of rows (No LIMIT)*/
  $qs->GetNumResultRows($cnt_sql, $db);
  $et->Mark("Counting Result size");
// Setup the Query Results Table.
// Common SQL Strings
$OB = ' ORDER BY';
$SNID = "CONCAT(CONCAT(sensor.hostname, ':'), sensor.interface)";
$qro = new QueryResultsOutput("base_stat_sensor.php?x=x");
$qro->AddTitle('');
$qro->AddTitle(_SENSOR,
        "sid_a", " ", "$OB acid_event.sid ASC",
        "sid_d", " ", "$OB acid_event.sid DESC"
);
$qro->AddTitle( _NAME,
        "sname_a", " ", "$OB $SNID ASC ",
        "sname_d", " ", "$OB $SNID DESC ", 'left'
);
$qro->AddTitle( _SIPLTOTALEVENTS,
        "occur_a", "", "$OB event_cnt ASC",
        "occur_d", "", "$OB event_cnt DESC", 'right'
);
$qro->AddTitle( _SIPLUNIEVENTS,
        "occur_a", "", "$OB sig_cnt ASC",
        "occur_d", "", "$OB sig_cnt DESC", 'right'
);
$qro->AddTitle( _SUASRCADD,
        "saddr_a", "", "$OB saddr_cnt ASC",
        "saddr_d", "", "$OB saddr_cnt DESC", 'right'
);
$qro->AddTitle( _SUADSTADD,
        "daddr_a", "", "$OB daddr_cnt ASC",
        "daddr_d", "", "$OB daddr_cnt DESC", 'right'
);
$qro->AddTitle(_FIRST,
        "first_a", "", "$OB first_timestamp ASC",
        "first_d", "", "$OB first_timestamp DESC"
);
$qro->AddTitle(_LAST,
        "last_a", "", "$OB last_timestamp ASC",
        "last_d", "", "$OB last_timestamp DESC"
);

// Issue #168
$sql = "SELECT DISTINCT acid_event.sid, count(acid_event.cid) as event_cnt,".
        " count(distinct(acid_event.signature)) as sig_cnt, ".
        " count(distinct(acid_event.ip_src)) as saddr_cnt, ".
        " count(distinct(acid_event.ip_dst)) as daddr_cnt, ".
        "min(timestamp) as first_timestamp, max(timestamp) as last_timestamp";
$sqlPFX = $from." JOIN sensor using (sid) ".$where. " GROUP BY acid_event.sid ";
$sort_sql = $qro->GetSortSQL($qs->GetCurrentSort(), $qs->GetCurrentCannedQuerySort());
if ( !is_null($sort_sql) ){
        $sqlPFX = $sort_sql[0].$sqlPFX.$sort_sql[1];
}
$sql .= $sqlPFX;
// Run the Query again for the actual data (with the LIMIT), if any.
$result = $qs->ExecuteOutputQuery($sql, $db);
$et->Mark("Retrieve Query Data");
if ( $debug_mode > 0 ){
        if ( $qs->isCannedQuery() ){
                $CCF = 'Yes';
                $qs->PrintCannedQueryList();
        }else{
                $CCF = 'No';
        }
        print "Canned Query: $CCF <br/>";
        $qs->DumpState();
        print "SQL Executed: $sql <br/>";
}
$qs->PrintResultCnt(); // Print current view number and # of rows.

  echo '<FORM METHOD="post" NAME="PacketForm" ACTION="base_stat_sensor.php">';
  $qro->PrintHeader();

  $i = 0;
  while ( ($myrow = $result->baseFetchRow()) && ($i < $qs->GetDisplayRowCnt()) )
  {
    $sensor_id = $myrow[0];
    $event_cnt = $myrow[1];
    $unique_event_cnt = $myrow[2];
    $num_src_ip = $myrow[3];
    $num_dst_ip = $myrow[4];
    $start_time = $myrow[5];
    $stop_time = $myrow[6];

        // Print out.
        qroPrintEntryHeader($i);
        $tmp_rowid = $sensor_id;
        $tmp = "_lst[$i]";
        qroPrintEntry(
                "<input type='checkbox' name='action_chk$tmp' "
                . "value='" . $tmp_rowid . "'>"
                . returnExportHTTPVar("action$tmp", $tmp_rowid, 4)
        );
        $tmp = '';
        qroPrintEntry($sensor_id);
        qroPrintEntry(GetSensorName($sensor_id, $db),'left');
        qroPrintEntry(
                "<a href='base_qry_main.php?new=1&amp;sensor=$sensor_id".
                "&amp;num_result_rows=-1&amp;submit="._QUERYDBP."'>$event_cnt</a>",
                'right'
        );
        qroPrintEntry(
                BuildUniqueAlertLink("?sensor=".$sensor_id)."$unique_event_cnt</a>",
                'right'
        );
        qroPrintEntry(
                BuildUniqueAddressLink(1, "&amp;sensor=".$sensor_id)."$num_src_ip</a>",
                'right'
        );
        qroPrintEntry(
                BuildUniqueAddressLink(2, "&amp;sensor=".$sensor_id)."$num_dst_ip</a>",
                'right'
        );
        qroPrintEntry($start_time);
        qroPrintEntry($stop_time);
        qroPrintEntryFooter();
        $i++;
}
$result->baseFreeRows();
$qro->PrintFooter();
$qs->PrintBrowseButtons();
$qs->PrintAlertActionButtons();
$qs->SaveState();
ExportHTTPVar("sort_order", $sort_order);
NLIO('</form>',2);
$et->Mark("Get Query Elements");
PrintBASESubFooter();
?>

1	<?php
2	/*******************************************************************************
3	** Basic Analysis and Security Engine (BASE)
4	** Copyright (C) 2004 BASE Project Team
5	** Copyright (C) 2000 Carnegie Mellon University
6	**
7	** (see the file 'base_main.php' for license details)
8	**
9	** Project Leads: Kevin Johnson <kjohnson@secureideas.net>
10	** Sean Muller <samwise_diver@users.sourceforge.net>
11	** Built upon work by Roman Danyliw <rdd@cert.org>, <roman@danyliw.com>
12	**
13	** Purpose: Sensor statistics
14	**
15	** Input GET/POST variables
16	** - submit:
17	** - caller:
18	********************************************************************************
19	** Authors:
20	********************************************************************************
21	** Kevin Johnson <kjohnson@secureideas.net
22	**
23	********************************************************************************
24	*/
25
26	$sc = DIRECTORY_SEPARATOR;	×
27	require_once("includes$sc" . 'base_krnl.php');	×
28	include_once("$BASE_path/includes/base_include.inc.php");	×
29	include_once("$BASE_path/base_db_common.php");	×
30	include_once("$BASE_path/base_stat_common.php");	×
31	include_once("$BASE_path/base_qry_common.php");	×
32	include_once("$BASE_path/base_ag_common.php");	×
33
34	AuthorizedRole(10000);	×
35	$db = NewBASEDBConnection($DBlib_path, $DBtype); // Connect to DB.	×
36	$db->baseDBConnect(	×
37	$db_connect_method,$alert_dbname, $alert_host, $alert_port, $alert_user,
38	$alert_password
39	);
40	UpdateAlertCache($db);	×
41	$cs = new CriteriaState("base_stat_sensor.php");	×
42	$cs->ReadState();	×
43	$qs = new QueryState();	×
44	$submit = ImportHTTPVar("submit", VAR_ALPHA \| VAR_SPACE, array(_SELECTED, _ALLONSCREEN, _ENTIREQUERY));	×
45	$sort_order=ImportHTTPVar("sort_order", VAR_LETTER \| VAR_USCORE);	×
46	$action = ImportHTTPVar("action", VAR_ALPHA);	×
47	$qs->MoveView($submit); /* increment the view if necessary */	×
48	$page_title = SPSENSORLIST;	×
49	$tr = 1; // Page Refresh	×
50	if ($action != '' ){	×
51	$tr = $refresh_all_pages;	×
52	}
53	PrintBASESubHeader( $page_title, $page_title, $cs->GetBackLink(), $tr );	×
54	$criteria_clauses = ProcessCriteria();	×
55	PrintCriteria('');	×
56
57	$from = " FROM acid_event ".$criteria_clauses[0];	×
58	$where = " WHERE ".$criteria_clauses[1];	×
59
60	$qs->AddValidAction("ag_by_id");	×
61	$qs->AddValidAction("ag_by_name");	×
62	$qs->AddValidAction("add_new_ag");	×
63	$qs->AddValidAction("del_alert");	×
64	$qs->AddValidAction("email_alert");	×
65	$qs->AddValidAction("email_alert2");	×
66	$qs->AddValidAction("csv_alert");	×
67	$qs->AddValidAction("archive_alert");	×
68	$qs->AddValidAction("archive_alert2");	×
69
70	$qs->AddValidActionOp(_SELECTED);	×
71	$qs->AddValidActionOp(_ALLONSCREEN);	×
72
73	$qs->SetActionSQL($from.$where);	×
74	$et->Mark("Initialization");	×
75
76	$qs->RunAction($submit, PAGE_STAT_SENSOR, $db);	×
77	$et->Mark("Alert Action");	×
78
79	/* create SQL to get Unique Alerts */
80	$cnt_sql = "SELECT count(DISTINCT acid_event.sid) ".$from.$where;	×
81
82	/* Run the query to determine the number of rows (No LIMIT)*/
83	$qs->GetNumResultRows($cnt_sql, $db);	×
84	$et->Mark("Counting Result size");	×
85	// Setup the Query Results Table.
86	// Common SQL Strings
87	$OB = ' ORDER BY';	×
88	$SNID = "CONCAT(CONCAT(sensor.hostname, ':'), sensor.interface)";	×
89	$qro = new QueryResultsOutput("base_stat_sensor.php?x=x");	×
90	$qro->AddTitle('');	×
91	$qro->AddTitle(_SENSOR,	×
92	"sid_a", " ", "$OB acid_event.sid ASC",	×
93	"sid_d", " ", "$OB acid_event.sid DESC"	×
94	);
95	$qro->AddTitle( _NAME,	×
96	"sname_a", " ", "$OB $SNID ASC ",	×
97	"sname_d", " ", "$OB $SNID DESC ", 'left'	×
98	);
99	$qro->AddTitle( _SIPLTOTALEVENTS,	×
100	"occur_a", "", "$OB event_cnt ASC",	×
101	"occur_d", "", "$OB event_cnt DESC", 'right'	×
102	);
103	$qro->AddTitle( _SIPLUNIEVENTS,	×
104	"occur_a", "", "$OB sig_cnt ASC",	×
105	"occur_d", "", "$OB sig_cnt DESC", 'right'	×
106	);
107	$qro->AddTitle( _SUASRCADD,	×
108	"saddr_a", "", "$OB saddr_cnt ASC",	×
109	"saddr_d", "", "$OB saddr_cnt DESC", 'right'	×
110	);
111	$qro->AddTitle( _SUADSTADD,	×
112	"daddr_a", "", "$OB daddr_cnt ASC",	×
113	"daddr_d", "", "$OB daddr_cnt DESC", 'right'	×
114	);
115	$qro->AddTitle(_FIRST,	×
116	"first_a", "", "$OB first_timestamp ASC",	×
117	"first_d", "", "$OB first_timestamp DESC"	×
118	);
119	$qro->AddTitle(_LAST,	×
120	"last_a", "", "$OB last_timestamp ASC",	×
121	"last_d", "", "$OB last_timestamp DESC"	×
122	);
123
124	// Issue #168
125	$sql = "SELECT DISTINCT acid_event.sid, count(acid_event.cid) as event_cnt,".	×
126	" count(distinct(acid_event.signature)) as sig_cnt, ".
127	" count(distinct(acid_event.ip_src)) as saddr_cnt, ".
128	" count(distinct(acid_event.ip_dst)) as daddr_cnt, ".
129	"min(timestamp) as first_timestamp, max(timestamp) as last_timestamp";
130	$sqlPFX = $from." JOIN sensor using (sid) ".$where. " GROUP BY acid_event.sid ";	×
131	$sort_sql = $qro->GetSortSQL($qs->GetCurrentSort(), $qs->GetCurrentCannedQuerySort());	×
132	if ( !is_null($sort_sql) ){	×
133	$sqlPFX = $sort_sql[0].$sqlPFX.$sort_sql[1];	×
134	}
135	$sql .= $sqlPFX;	×
136	// Run the Query again for the actual data (with the LIMIT), if any.
137	$result = $qs->ExecuteOutputQuery($sql, $db);	×
138	$et->Mark("Retrieve Query Data");	×
139	if ( $debug_mode > 0 ){	×
140	if ( $qs->isCannedQuery() ){	×
141	$CCF = 'Yes';	×
142	$qs->PrintCannedQueryList();	×
143	}else{	×
144	$CCF = 'No';	×
145	}
146	print "Canned Query: $CCF <br/>";	×
147	$qs->DumpState();	×
148	print "SQL Executed: $sql <br/>";	×
149	}
150	$qs->PrintResultCnt(); // Print current view number and # of rows.	×
151
152	echo '<FORM METHOD="post" NAME="PacketForm" ACTION="base_stat_sensor.php">';	×
153	$qro->PrintHeader();	×
154
155	$i = 0;	×
156	while ( ($myrow = $result->baseFetchRow()) && ($i < $qs->GetDisplayRowCnt()) )	×
157	{
158	$sensor_id = $myrow[0];	×
159	$event_cnt = $myrow[1];	×
160	$unique_event_cnt = $myrow[2];	×
161	$num_src_ip = $myrow[3];	×
162	$num_dst_ip = $myrow[4];	×
163	$start_time = $myrow[5];	×
164	$stop_time = $myrow[6];	×
165
166	// Print out.
167	qroPrintEntryHeader($i);	×
168	$tmp_rowid = $sensor_id;	×
169	$tmp = "_lst[$i]";	×
170	qroPrintEntry(	×
171	"<input type='checkbox' name='action_chk$tmp' "	×
172	. "value='" . $tmp_rowid . "'>"
173	. returnExportHTTPVar("action$tmp", $tmp_rowid, 4)	×
174	);
175	$tmp = '';	×
176	qroPrintEntry($sensor_id);	×
177	qroPrintEntry(GetSensorName($sensor_id, $db),'left');	×
178	qroPrintEntry(	×
179	"<a href='base_qry_main.php?new=1&sensor=$sensor_id".	×
180	"&num_result_rows=-1&submit="._QUERYDBP."'>$event_cnt</a>",	×
181	'right'
182	);
183	qroPrintEntry(	×
184	BuildUniqueAlertLink("?sensor=".$sensor_id)."$unique_event_cnt</a>",	×
185	'right'
186	);
187	qroPrintEntry(	×
188	BuildUniqueAddressLink(1, "&sensor=".$sensor_id)."$num_src_ip</a>",	×
189	'right'
190	);
191	qroPrintEntry(	×
192	BuildUniqueAddressLink(2, "&sensor=".$sensor_id)."$num_dst_ip</a>",	×
193	'right'
194	);
195	qroPrintEntry($start_time);	×
196	qroPrintEntry($stop_time);	×
197	qroPrintEntryFooter();	×
198	$i++;	×
199	}
200	$result->baseFreeRows();	×
201	$qro->PrintFooter();	×
202	$qs->PrintBrowseButtons();	×
203	$qs->PrintAlertActionButtons();	×
204	$qs->SaveState();	×
205	ExportHTTPVar("sort_order", $sort_order);	×
206	NLIO('</form>',2);	×
207	$et->Mark("Get Query Elements");	×
208	PrintBASESubFooter();	×
209	?>

NathanGibbs3 / BASE / 626

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous