NathanGibbs3 / BASE / 627

627

push

travis-ci-com

NathanGibbs3 
Merge branch 'documentation' into devel

1766 of 6437 relevant lines covered (27.44%)

105.91 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

0.0
/base_stat_class.php
1 
<?php
2 
/*******************************************************************************
3 
** Basic Analysis and Security Engine (BASE)
4 
** Copyright (C) 2004 BASE Project Team
5 
** Copyright (C) 2000 Carnegie Mellon University
6 
**
7 
** (see the file 'base_main.php' for license details)
8 
**
9 
** Project Leads: Kevin Johnson <kjohnson@secureideas.net>
10 
**                Sean Muller <samwise_diver@users.sourceforge.net>
11 
** Built upon work by Roman Danyliw <rdd@cert.org>, <roman@danyliw.com>
12 
**
13 
** Purpose: Displays statistics on the detected alerts
14 
**
15 
** Input GET/POST variables
16 
**   - caller
17 
**   - submit:
18 
********************************************************************************
19 
** Authors:
20 
********************************************************************************
21 
** Kevin Johnson <kjohnson@secureideas.net
22 
**
23 
********************************************************************************
24 
*/
25 









26



$sc = DIRECTORY_SEPARATOR;




×







27



require_once("includes$sc" . 'base_krnl.php');




×







28



include_once("$BASE_path/includes/base_include.inc.php");




×







29



include_once("$BASE_path/base_db_common.php");




×







30



include_once("$BASE_path/base_qry_common.php");




×







31



include_once("$BASE_path/base_stat_common.php");




×







32












33



AuthorizedRole(10000);




×







34



$db = NewBASEDBConnection($DBlib_path, $DBtype); // Connect to DB.




×







35



$db->baseDBConnect(




×







36



        $db_connect_method, $alert_dbname, $alert_host, $alert_port, $alert_user,










37



        $alert_password










38



);










39



UpdateAlertCache($db);




×







40



$cs = new CriteriaState("base_stat_class.php");




×







41



$cs->ReadState();




×







42



$qs = new QueryState();




×







43



$submit = ImportHTTPVar("submit", VAR_ALPHA | VAR_SPACE, array(_SELECTED, _ALLONSCREEN, _ENTIREQUERY));




×







44



$sort_order=ImportHTTPVar("sort_order", VAR_LETTER | VAR_USCORE);




×







45



$action = ImportHTTPVar("action", VAR_ALPHA); 




×







46



$qs->MoveView($submit);             /* increment the view if necessary */




×







47



$page_title = _CHRTCLASS;




×







48



if ( $qs->isCannedQuery() ){




×







49



        $page_title . ': ' . $qs->GetCurrentCannedQueryDesc();




×







50



}










51



$tr = 1; // Page Refresh




×







52



if ($action != '' ){




×







53



        $tr = $refresh_all_pages;




×







54



}










55



PrintBASESubHeader( $page_title, $page_title, $cs->GetBackLink(), $tr );




×







56












57



$criteria_clauses = ProcessCriteria();




×







58



PrintCriteria('');




×







59



$from = " FROM acid_event ".$criteria_clauses[0];




×







60



$where = " WHERE ".$criteria_clauses[1];




×







61












62



  $qs->AddValidAction("ag_by_id");




×







63



  $qs->AddValidAction("ag_by_name");




×







64



  $qs->AddValidAction("add_new_ag");




×







65



  $qs->AddValidAction("del_alert");




×







66



  $qs->AddValidAction("email_alert");




×







67



  $qs->AddValidAction("email_alert2");




×







68



  $qs->AddValidAction("csv_alert");




×







69



  $qs->AddValidAction("archive_alert");




×







70



  $qs->AddValidAction("archive_alert2");




×







71












72



  $qs->AddValidActionOp(_SELECTED);




×







73



  $qs->AddValidActionOp(_ALLONSCREEN);




×







74












75



  $qs->SetActionSQL($from.$where);




×







76



  $et->Mark("Initialization");




×







77












78



  $qs->RunAction($submit, PAGE_STAT_CLASS, $db);




×







79



  $et->Mark("Alert Action");




×







80












81



  /* Get total number of events */










82



  $event_cnt = EventCnt($db);




×







83












84



  /* create SQL to get Unique Alerts */










85



  $cnt_sql = "SELECT count(DISTINCT sig_class_id) ".$from.$where;




×







86












87



  /* Run the query to determine the number of rows (No LIMIT)*/










88



  $qs->GetNumResultRows($cnt_sql, $db);




×







89



  $et->Mark("Counting Result size");




×







90












91



  /* Setup the Query Results Table */










92



  $qro = new QueryResultsOutput("base_stat_class.php?caller=".$caller);




×







93



$qro->AddTitle('');




×







94



$qro->AddTitle(_CHRTCLASS,




×







95



        "class_a", " ", " ORDER BY sig_class_id ASC",










96



        "class_d", " ", " ORDER BY sig_class_id DESC"










97



);










98



$qro->AddTitle(_TOTAL,




×







99



        "occur_a", " ", " ORDER BY num_events ASC",










100



        "occur_d", " ", " ORDER BY num_events DESC", 'right'










101



);










102



  $qro->AddTitle(_SENSOR."&nbsp;#",




×







103



                 "sensor_a", " ",










104



                             " ORDER BY num_sensors ASC",










105



                 "sensor_d", " ",










106



                             " ORDER BY num_sensors DESC");










107



$qro->AddTitle(_SIGNATURE,




×







108



        "sig_a", " ", " ORDER BY num_sig ASC",










109



        "sig_d", " ", " ORDER BY num_sig DESC", 'right'










110



);










111



$qro->AddTitle(_NBSOURCEADDR,




×







112



        "saddr_a", ", count(ip_src) AS saddr_cnt ", " ORDER BY saddr_cnt ASC",










113



        "saddr_d", ", count(ip_src) AS saddr_cnt ", " ORDER BY saddr_cnt DESC",










114



        'right'










115



);










116



$qro->AddTitle(_NBDESTADDR,




×







117



        "daddr_a", ", count(ip_dst) AS daddr_cnt ", " ORDER BY daddr_cnt ASC",










118



        "daddr_d", ", count(ip_dst) AS daddr_cnt ", " ORDER BY daddr_cnt DESC",










119



        'right'










120



);










121



  $qro->AddTitle(_FIRST, 




×







122



                "first_a", ", min(timestamp) AS first_timestamp ",










123



                           " ORDER BY first_timestamp ASC",










124



                "first_d", ", min(timestamp) AS first_timestamp ",










125



                           " ORDER BY first_timestamp DESC");










126












127



  $qro->AddTitle(_LAST, 




×







128



                "last_a", ", max(timestamp) AS last_timestamp ",










129



                           " ORDER BY last_timestamp ASC",










130



                "last_d", ", max(timestamp) AS last_timestamp ",










131



                           " ORDER BY last_timestamp DESC");










132












133



// Issue #168










134



$sql = "SELECT DISTINCT sig_class_id, ".




×







135



                " COUNT(acid_event.cid) as num_events,".










136



                " COUNT( DISTINCT acid_event.sid) as num_sensors, ".










137



                " COUNT( DISTINCT signature ) as num_sig, ".










138



                " COUNT( DISTINCT ip_src ) as num_sip, ".










139



                " COUNT( DISTINCT ip_dst ) as num_dip, ".










140



                " min(timestamp) as first_timestamp, ".










141



                " max(timestamp) as last_timestamp ";










142



$sqlPFX = $from.$where." GROUP BY sig_class_id ";




×







143



$sort_sql = $qro->GetSortSQL($qs->GetCurrentSort(), $qs->GetCurrentCannedQuerySort());




×







144



if ( !is_null($sort_sql) ){




×







145



        $sqlPFX = $sort_sql[0].$sqlPFX.$sort_sql[1];




×







146



}










147



$sql .= $sqlPFX;




×







148



// Run the Query again for the actual data (with the LIMIT), if any.










149



$result = $qs->ExecuteOutputQuery($sql, $db);




×







150



$et->Mark("Retrieve Query Data");




×







151



if ( $debug_mode > 0 ){




×







152



        if ( $qs->isCannedQuery() ){




×







153



                $CCF = 'Yes';




×







154



                $qs->PrintCannedQueryList();




×







155



        }else{




×







156



                $CCF = 'No';




×







157



        }










158



        print "Canned Query: $CCF <br/>";




×







159



        $qs->DumpState();




×







160



        print "SQL Executed: $sql <br/>";




×







161



}










162



$qs->PrintResultCnt(); // Print current view number and # of rows.




×







163












164



  echo '<FORM METHOD="post" NAME="PacketForm" ACTION="base_stat_class.php">';




×







165



  










166



  $qro->PrintHeader();




×







167












168



  $i = 0;




×







169



  while ( ($myrow = $result->baseFetchRow()) && ($i < $qs->GetDisplayRowCnt()) )




×







170



  {










171



     $class_id = $myrow[0];




×







172



     if ( $class_id == "" )




×







173



        $class_id = 0;




×







174



     $total_occurances = $myrow[1];




×







175



     $sensor_num = $myrow[2];




×







176



     $sig_num = $myrow[3];




×







177



     $sip_num = $myrow[4];




×







178



     $dip_num = $myrow[5];




×







179



     $min_time = $myrow[6];




×







180



     $max_time = $myrow[7];




×







181












182



     /* Print out */ 










183



        if ( isset($colored_alerts) && $colored_alerts == 1 ){




×







184



                $tmp = 4; // Gray Default




×







185



                $SCP1 = array (6,7,9,13,16,17,22); // Red




×







186



                $SCP2 = array (2,3,4,5,8,10,14,15,20,21,23); // Yellow




×







187



                $SCP3 = array (1,11,19); // Orange




×







188



                $SCP4 = array (); // Gray




×







189



                $SCP5 = array (); // White




×







190



                $SCP6 = array (12); // Green




×







191



                for ( $i = 1; $i < 7; $i++){




×







192



                        $T = 'SCP'.$i;




×







193



                        if ( in_array($class_id, $$T) ){




×







194



                                $tmp = $i;




×







195



                        }










196



                }










197



                $tmp2 = $colored_alerts;




×







198



        }else{




×







199



                $tmp = $i;




×







200



                $tmp2 = 0;




×







201



        }










202



        qroPrintEntryHeader($tmp, $tmp2);




×







203



        $tmp_rowid = rawurlencode($class_id);




×







204



        $tmp = "_lst[$i]";




×







205



        qroPrintCheckBox($tmp, $tmp_rowid);




×







206



        $tmp = '';




×







207



        qroPrintEntry(GetSigClassName($class_id, $db),'left');




×







208



        qroPrintEntry('<A HREF="base_qry_main.php?new=1&amp;sig_class='.$class_id.




×







209



                   '&amp;submit='._QUERYDBP.'&amp;num_result_rows=-1">'.$total_occurances.'</A> 










210



                   ('.(round($total_occurances/$event_cnt*100)).'%)',




×







211



                   'right'










212



        );










213



     qroPrintEntry('<FONT><A HREF="base_stat_sensor.php?sig_class='.$class_id.'">'.




×







214



                    $sensor_num.'</A>');










215



        qroPrintEntry('<A HREF="base_stat_alerts.php?sig_class='.$class_id.'">'.




×







216



                    $sig_num, 'right'










217



        );










218



        qroPrintEntry(




×







219



                BuildUniqueAddressLink( 1, '&amp;sig_class='.$class_id)."$sip_num</a>",




×







220



                'right'










221



        );










222



        qroPrintEntry(




×







223



                BuildUniqueAddressLink( 2, '&amp;sig_class='.$class_id)."$dip_num</a>",




×







224



                'right'










225



        );










226



     qroPrintEntry('<FONT>'.$min_time.'</FONT>');




×







227



     qroPrintEntry('<FONT>'.$max_time.'</FONT>');




×







228












229



     qroPrintEntryFooter();




×







230












231



     $i++;




×







232



     $prev_time = null;




×







233



  }










234












235



$result->baseFreeRows();




×







236












237



$qro->PrintFooter();




×







238



$qs->PrintBrowseButtons();




×







239



$qs->PrintAlertActionButtons();




×







240



$qs->SaveState();




×







241



ExportHTTPVar("sort_order", $sort_order);




×







242



NLIO('</form>',2);




×







243



$et->Mark("Get Query Elements");




×







244



PrintBASESubFooter();




×







245



?>
























    

  • 

    •