1<?php 2/******************************************************************************* 3** Basic Analysis and Security Engine (BASE) 4** Copyright (C) 2004 BASE Project Team 5** Copyright (C) 2000 Carnegie Mellon University 6** 7** (see the file 'base_main.php' for license details) 8** 9** Project Lead: Kevin Johnson <kjohnson@secureideas.net> 10** Built upon work by Roman Danyliw <rdd@cert.org>, <roman@danyliw.com> 11** 12** Purpose: individual criteria classes 13******************************************************************************** 14** Authors: 15******************************************************************************** 16** Kevin Johnson <kjohnson@secureideas.net 17** 18******************************************************************************** 19*/ 20/** The below check is to make sure that the conf file has been loaded before this one.... 21 ** This should prevent someone from accessing the page directly. -- Kevin 22 **/ 23defined( '_BASE_INC' ) or die( 'Accessing this file directly is not allowed.' ); 24 25class BaseCriteria 26{ 27 var $criteria; 28 var $export_name; 29 30 var $db; 31 var $cs; 32 33 function BaseCriteria(&$db, &$cs, $name) 34 { 35 $this->db =& $db; 36 $this->cs =& $cs; 37 38 $this->export_name = $name; 39 $this->criteria = NULL; 40 } 41 42 function Init() 43 { 44 } 45 46 function Import() 47 { 48 /* imports criteria from POST, GET, or the session */ 49 } 50 51 function Clear() 52 { 53 /* clears the criteria */ 54 } 55 56 function Sanitize() 57 { 58 /* clean/validate the criteria */ 59 } 60 61 function SanitizeElement() 62 { 63 /* clean/validate the criteria */ 64 } 65 66 function PrintForm() 67 { 68 /* prints the HTML form to input the criteria */ 69 } 70 71 function AddFormItem() 72 { 73 /* adding another item to the HTML form */ 74 } 75 76 function GetFormItemCnt() 77 { 78 /* returns the number of items in this form element */ 79 } 80 81 function SetFormItemCnt() 82 { 83 /* sets the number of items in this form element */ 84 } 85 86 function Set($value) 87 { 88 /* set the value of this criteria */ 89 } 90 91 function Get() 92 { 93 /* returns the value of this criteria */ 94 } 95 96 function ToSQL() 97 { 98 /* convert this criteria to SQL */ 99 } 100 101 function Description() 102 { 103 /* generate human-readable description of this criteria */ 104 } 105 106 function isEmpty() 107 { 108 /* returns if the criteria is empty */ 109 } 110}; 111 112class SingleElementCriteria extends BaseCriteria 113{ 114 function Import() 115 { 116 $this->criteria = SetSessionVar($this->export_name); 117 118 $_SESSION[$this->export_name] = &$this->criteria; 119 } 120 121 function Sanitize() 122 { 123 $this->SanitizeElement(); 124 } 125 126 function GetFormItemCnt() 127 { 128 return -1; 129 } 130 131 function Set($value) 132 { 133 $this->criteria = $value; 134 } 135 136 function Get() 137 { 138 return $this->criteria; 139 } 140 function isEmpty() 141 { 142 if ( $this->criteria == "" ) 143 return true; 144 else 145 return false; 146 } 147}; 148 149class MultipleElementCriteria extends BaseCriteria 150{ 151 var $element_cnt; 152 var $criteria_cnt; 153 var $valid_field_list = Array(); 154 155 function MultipleElementCriteria(&$db, &$cs, $export_name, $element_cnt, $field_list = Array() ) 156 { 157 $tdb =& $db; 158 $cs =& $cs; 159 160 $this->BaseCriteria($tdb, $cs, $export_name); 161 162 $this->element_cnt = $element_cnt; 163 $this->criteria_cnt = 0; 164 $this->valid_field_list = $field_list; 165 } 166 167 function Init() 168 { 169 InitArray($this->criteria, $GLOBALS['MAX_ROWS'], $this->element_cnt, ""); 170 $this->criteria_cnt = 1; 171 172 $_SESSION[$this->export_name."_cnt"] = &$this->criteria_cnt; 173 } 174 175 function Import() 176 { 177 $this->criteria = SetSessionVar($this->export_name); 178 $this->criteria_cnt = SetSessionVar($this->export_name."_cnt"); 179 180 $_SESSION[$this->export_name] = &$this->criteria; 181 $_SESSION[$this->export_name."_cnt"] = &$this->criteria_cnt; 182 } 183 184 function Sanitize() 185 { 186 if ( in_array("criteria", array_keys(get_object_vars($this))) ) 187 { 188 for($i=0; $i < $this->element_cnt; $i++) 189 { 190 if ( isset($this->criteria[$i]) ) 191 $this->SanitizeElement($i); 192 } 193 } 194 } 195 196 function SanitizeElement($i) 197 { 198 } 199 200 function GetFormItemCnt() 201 { 202 return $this->criteria_cnt; 203 } 204 205 function SetFormItemCnt($value) 206 { 207 $this->criteria_cnt = $value; 208 } 209 210 function AddFormItem(&$submit, $submit_value) 211 { 212 $this->criteria_cnt =& $this->criteria_cnt; 213 AddCriteriaFormRow($submit, $submit_value, $this->criteria_cnt, $this->criteria, $this->element_cnt); 214 } 215 216 function Set($value) 217 { 218 $this->criteria = $value; 219 } 220 221 function Get() 222 { 223 return $this->criteria; 224 } 225 226 function isEmpty() 227 { 228 if ( $this->criteria_cnt == 0 ) 229 return true; 230 else 231 return false; 232 } 233 234 function PrintForm($field_list, $blank_field_string, $add_button_string) 235 { 236 for ( $i = 0; $i < $this->criteria_cnt; $i++ ) 237 { 238 if (!is_array($this->criteria[$i])) 239 $this->criteria = array(); 240 241 echo ' <SELECT NAME="'.htmlspecialchars($this->export_name).'['.$i.'][0]">'; 242 echo ' <OPTION VALUE=" " '.chk_select($this->criteria[$i][0]," ").'>__</OPTION>'; 243 echo ' <OPTION VALUE="(" '.chk_select($this->criteria[$i][0],"(").'>(</OPTION>'; 244 echo ' </SELECT>'; 245 246 echo ' <SELECT NAME="'.htmlspecialchars($this->export_name).'['.$i.'][1]">'; 247 echo ' <OPTION VALUE=" " '.chk_select($this->criteria[$i][1]," ").'>'.$blank_field_string.'</OPTION>'; 248 249 reset($field_list); 250 foreach( $field_list as $field_name => $field_human_name ) 251 { 252 echo ' <OPTION VALUE="'.$field_name.'" '.chk_select($this->criteria[$i][1],$field_name).'>'.$field_human_name.'</OPTION>'; 253 } 254 echo ' </SELECT>'; 255 256 echo ' <SELECT NAME="'.htmlspecialchars($this->export_name).'['.$i.'][2]">'; 257 echo ' <OPTION VALUE="=" '.chk_select($this->criteria[$i][2],"="). '>=</OPTION>'; 258 echo ' <OPTION VALUE="!=" '.chk_select($this->criteria[$i][2],"!=").'>!=</OPTION>'; 259 echo ' <OPTION VALUE="<" '.chk_select($this->criteria[$i][2],"<"). '><</OPTION>'; 260 echo ' <OPTION VALUE="<=" '.chk_select($this->criteria[$i][2],"<=").'><=</OPTION>'; 261 echo ' <OPTION VALUE=">" '.chk_select($this->criteria[$i][2],">"). '>></OPTION>'; 262 echo ' <OPTION VALUE=">=" '.chk_select($this->criteria[$i][2],">=").'>>=</OPTION>'; 263 echo ' </SELECT>'; 264 265 echo ' <INPUT TYPE="text" NAME="'.htmlspecialchars($this->export_name).'['.$i.'][3]" SIZE=5 VALUE="'.htmlspecialchars($this->criteria[$i][3]).'">'; 266 267 echo ' <SELECT NAME="'.htmlspecialchars($this->export_name).'['.$i.'][4]">'; 268 echo ' <OPTION VALUE=" " '.chk_select($this->criteria[$i][4]," ").'>__</OPTION'; 269 echo ' <OPTION VALUE="(" '.chk_select($this->criteria[$i][4],"(").'>(</OPTION>'; 270 echo ' <OPTION VALUE=")" '.chk_select($this->criteria[$i][4],")").'>)</OPTION>'; 271 echo ' </SELECT>'; 272 273 echo ' <SELECT NAME="'.htmlspecialchars($this->export_name).'['.$i.'][5]">'; 274 echo ' <OPTION VALUE=" " '.chk_select($this->criteria[$i][5]," "). '>__</OPTION>'; 275 echo ' <OPTION VALUE="OR" '.chk_select($this->criteria[$i][5],"OR"). '>'._OR.'</OPTION>'; 276 echo ' <OPTION VALUE="AND" '.chk_select($this->criteria[$i][5],"AND").'>'._AND.'</OPTION>'; 277 echo ' </SELECT>'; 278 if ( $i == $this->criteria_cnt-1 ) 279 echo ' <INPUT TYPE="submit" NAME="submit" VALUE="'.htmlspecialchars($add_button_string).'">'; 280 echo '<BR>'; 281 } 282 } 283 284 function Compact() 285 { 286 if ( $this->isEmpty() ) 287 { 288 $this->criteria = ""; 289 $_SESSION[$this->export_name] = &$this->criteria; 290 } 291 } 292}; 293 294class ProtocolFieldCriteria extends MultipleElementCriteria 295{ 296 function ProtocolFieldCriteria(&$db, &$cs, $export_name, $element_cnt, $field_list = Array() ) 297 { 298 $tdb =& $db; 299 $cs =& $cs; 300 301 $this->MultipleElementCriteria($tdb, $cs, $export_name, $element_cnt, $field_list); 302 303 } 304 305 306 307 function SanitizeElement($i) 308 { 309 // Make a copy of the element array 310 $curArr = $this->criteria[$i]; 311 // Sanitize the element 312 $this->criteria[$i][0] = @CleanVariable($curArr[0], VAR_OPAREN); 313 $this->criteria[$i][1] = @CleanVariable($curArr[1], "", array_keys($this->valid_field_list)); 314 $this->criteria[$i][2] = @CleanVariable($curArr[2], "", array("=", "!=", "<", "<=", ">", ">=")); 315 $this->criteria[$i][3] = @CleanVariable($curArr[3], VAR_DIGIT); 316 $this->criteria[$i][4] = @CleanVariable($curArr[4], VAR_OPAREN | VAR_CPAREN); 317 $this->criteria[$i][5] = @CleanVariable($curArr[5], "", array("AND", "OR")); 318 // Destroy the copy 319 unset($curArr); 320 } 321 322 function Description($human_fields) 323 { 324 $tmp = ""; 325 for ( $i = 0; $i < $this->criteria_cnt; $i++ ) 326 { 327 if (is_array($this->criteria[$i])) 328 if ($this->criteria[$i][1] != " " && $this->criteria[$i][3] != "" ) 329 $tmp = $tmp.$this->criteria[$i][0].$human_fields[($this->criteria[$i][1])].' '. 330 $this->criteria[$i][2].' '.$this->criteria[$i][3].$this->criteria[$i][4].' '.$this->criteria[$i][5]; 331 } 332 if ( $tmp != "" ) 333 $tmp = $tmp.$this->cs->GetClearCriteriaString($this->export_name); 334 335 return $tmp; 336 } 337} 338 339 340 341 342class SignatureCriteria extends SingleElementCriteria 343{ 344/* 345 * $sig[4]: stores signature 346 * - [0] : exactly, roughly 347 * - [1] : signature 348 * - [2] : =, != 349 * - [3] : signature from signature list 350 */ 351 352 var $sig_type; 353 var $criteria = array(0 => '', 1 => ''); 354 355 function SignatureCriteria(&$db, &$cs, $export_name) 356 { 357 $tdb =& $db; 358 $cs =& $cs; 359 360 $this->BaseCriteria($tdb, $cs, $export_name); 361 362 $this->sig_type = ""; 363 } 364 365 function Init() 366 { 367 InitArray($this->criteria, 4, 0, ""); 368 $this->sig_type = ""; 369 } 370 371 function Import() 372 { 373 parent::Import(); 374 375 $this->sig_type = SetSessionVar("sig_type"); 376 377 $_SESSION['sig_type'] = &$this->sig_type; 378 } 379 380 function Clear() 381 { 382 } 383 384 function SanitizeElement() 385 { 386 if (!isset($this->criteria[0]) || !isset($this->criteria[1])) { 387 $this->criteria = array(0 => '', 1 => ''); 388 } 389 390 $this->criteria[0] = CleanVariable(@$this->criteria[0], "", array(" ", "=", "LIKE")); 391 $this->criteria[1] = filterSql(@$this->criteria[1]); /* signature name */ 392 $this->criteria[2] = CleanVariable(@$this->criteria[2], "", array("=", "!=")); 393 $this->criteria[3] = filterSql(@$this->criteria[3]); /* signature name from the signature list */ 394 } 395 396 function PrintForm() 397 { 398 if (!@is_array($this->criteria)) 399 $this->criteria = array(); 400 401 echo '<SELECT NAME="sig[0]"><OPTION VALUE=" " '.chk_select(@$this->criteria[0]," "). '>'._DISPSIG; 402 echo ' <OPTION VALUE="=" '.chk_select(@$this->criteria[0],"="). '>'._SIGEXACTLY; 403 echo ' <OPTION VALUE="LIKE" '.chk_select(@$this->criteria[0],"LIKE").'>'._SIGROUGHLY.'</SELECT>'; 404 405 echo '<SELECT NAME="sig[2]"><OPTION VALUE="=" '.chk_select(@$this->criteria[2],"="). '>='; 406 echo ' <OPTION VALUE="!=" '.chk_select(@$this->criteria[2],"!="). '>!='; 407 echo '</SELECT>'; 408 409 echo '<INPUT TYPE="text" NAME="sig[1]" SIZE=40 VALUE="'.htmlspecialchars(@$this->criteria[1]).'"><BR>'; 410 411 if ( $GLOBALS['use_sig_list'] > 0) 412 { 413 $temp_sql = "SELECT DISTINCT sig_name FROM signature"; 414 if ($GLOBALS['use_sig_list'] == 1) 415 { 416 $temp_sql = $temp_sql." WHERE sig_name NOT LIKE '%SPP\_%'"; 417 } 418 419 $temp_sql = $temp_sql." ORDER BY sig_name"; 420 $tmp_result = $this->db->baseExecute($temp_sql); 421 echo '<SELECT NAME="sig[3]" 422 onChange=\'PacketForm.elements[4].value = 423 this.options[this.selectedIndex].value;return true;\'> 424 <OPTION VALUE="null" SELECTED>{ Select Signature from List }'; 425 426 if ($tmp_result) 427 { 428 while ( $myrow = $tmp_result->baseFetchRow() ) 429 echo '<OPTION VALUE="'.$myrow[0].'">'.$myrow[0]; 430 $tmp_result->baseFreeRows(); 431 } 432 echo '</SELECT><BR>'; 433 } 434 435 } 436 437 function ToSQL() 438 { 439 } 440 441 function Description() 442 { 443 $tmp = $tmp_human = ""; 444 445 446 // First alternative: signature name is taken from the 447 // signature list. The user has clicked at a drop down menu for this 448 if ( 449 (isset($this->criteria[0])) && ($this->criteria[0] != " ") && 450 (isset($this->criteria[3])) && ($this->criteria[3] != "" ) && 451 ($this->criteria[3] != "null") && ($this->criteria[3] != "NULL") && 452 ($this->criteria[3] != NULL) 453 ) 454 { 455 if ( $this->criteria[0] == '=' && $this->criteria[2] == '!=' ) 456 $tmp_human = '!='; 457 else if ( $this->criteria[0] == '=' && $this->criteria[2] == '=' ) 458 $tmp_human = '='; 459 else if ( $this->criteria[0] == 'LIKE' && $this->criteria[2] == '!=' ) 460 $tmp_human = ' '._DOESNTCONTAIN.' '; 461 else if ( $this->criteria[0] == 'LIKE' && $this->criteria[2] == '=' ) 462 $tmp_human = ' '._CONTAINS.' '; 463 464 $tmp = $tmp._SIGNATURE.' '.$tmp_human.' "'; 465 if ( ($this->db->baseGetDBversion() >= 100) && $this->sig_type == 1 ) 466 $tmp = $tmp.BuildSigByID($this->criteria[3], $this->db).'" '.$this->cs->GetClearCriteriaString($this->export_name); 467 else 468 $tmp = $tmp.htmlentities($this->criteria[3]).'"'.$this->cs->GetClearCriteriaString($this->export_name); 469 470 $tmp = $tmp.'<BR>'; 471 } 472 else 473 // Second alternative: Signature is taken from a string that 474 // has been typed in manually by the user: 475 if ( (isset($this->criteria[0])) && ($this->criteria[0] != " ") && 476 (isset($this->criteria[1])) && ($this->criteria[1] != "") ) 477 { 478 if ( $this->criteria[0] == '=' && $this->criteria[2] == '!=' ) 479 $tmp_human = '!='; 480 else if ( $this->criteria[0] == '=' && $this->criteria[2] == '=' ) 481 $tmp_human = '='; 482 else if ( $this->criteria[0] == 'LIKE' && $this->criteria[2] == '!=' ) 483 $tmp_human = ' '._DOESNTCONTAIN.' '; 484 else if ( $this->criteria[0] == 'LIKE' && $this->criteria[2] == '=' ) 485 $tmp_human = ' '._CONTAINS.' '; 486 487 $tmp = $tmp._SIGNATURE.' '.$tmp_human.' "'; 488 if ( ($this->db->baseGetDBversion() >= 100) && $this->sig_type == 1 ) 489 $tmp = $tmp.BuildSigByID($this->criteria[1], $this->db).'" '.$this->cs->GetClearCriteriaString($this->export_name); 490 else 491 $tmp = $tmp.htmlentities($this->criteria[1]).'"'.$this->cs->GetClearCriteriaString($this->export_name); 492 493 $tmp = $tmp.'<BR>'; 494 } 495 496 return $tmp; 497 } 498}; /* SignatureCriteria */ 499 500 501 502class SignatureClassificationCriteria extends SingleElementCriteria 503{ 504 function Init() 505 { 506 $this->criteria = ""; 507 } 508 509 function Clear() 510 { 511 /* clears the criteria */ 512 } 513 514 function SanitizeElement() 515 { 516 $this->criteria = CleanVariable($this->criteria, VAR_DIGIT); 517 } 518 519 function PrintForm() 520 { 521 if ( $this->db->baseGetDBversion() >= 103 ) 522 { 523 524 echo '<SELECT NAME="sig_class"> 525 <OPTION VALUE=" " '.chk_select($this->criteria, " ").'>'._DISPANYCLASS.' 526 <OPTION VALUE="null" '.chk_select($this->criteria, "null").'>-'._UNCLASS.'-'; 527 528 $temp_sql = "SELECT sig_class_id, sig_class_name FROM sig_class"; 529 $tmp_result = $this->db->baseExecute($temp_sql); 530 if ( $tmp_result ) 531 { 532 while ( $myrow = $tmp_result->baseFetchRow() ) 533 echo '<OPTION VALUE="'.$myrow[0].'" '.chk_select($this->criteria, $myrow[0]).'>'. 534 $myrow[1]; 535 536 $tmp_result->baseFreeRows(); 537 } 538 echo '</SELECT>  '; 539 } 540 } 541 542 function ToSQL() 543 { 544 /* convert this criteria to SQL */ 545 } 546 547 function Description() 548 { 549 $tmp = ""; 550 551 if ( $this->db->baseGetDBversion() >= 103 ) 552 { 553 if ( $this->criteria != " " && $this->criteria != "" ) 554 { 555 if ( $this->criteria == "null") 556 $tmp = $tmp._SIGCLASS.' = '. 557 '<I>'._UNCLASS.'</I><BR>'; 558 else 559 $tmp = $tmp._SIGCLASS.' = '. 560 htmlentities(GetSigClassName($this->criteria, $this->db)). 561 $this->cs->GetClearCriteriaString($this->export_name).'<BR>'; 562 } 563 } 564 565 return $tmp; 566 } 567}; /* SignatureClassificationCriteria */ 568 569class SignaturePriorityCriteria extends SingleElementCriteria 570{ 571 var $criteria = array(); 572 function Init() 573 { 574 $this->criteria = ""; 575 } 576 577 function Clear() 578 { 579 /* clears the criteria */ 580 } 581 582 function SanitizeElement() 583 { 584 if (!isset($this->criteria[0]) || !isset($this->criteria[1])) { 585 $this->criteria = array(0 => '', 1 => ''); 586 } 587 588 $this->criteria[0] = CleanVariable(@$this->criteria[0], "", array("=", "!=", "<", "<=", ">", ">=")); 589 $this->criteria[1] = CleanVariable(@$this->criteria[1], VAR_DIGIT); 590 } 591 592 function PrintForm() 593 { 594 if ( $this->db->baseGetDBversion() >= 103 ) 595 { 596 if (!@is_array($this->criteria)) 597 $this->criteria = array(); 598 599 echo '<SELECT NAME="sig_priority[0]"> 600 <OPTION VALUE=" " '.@chk_select($this->criteria[0],"="). '>__</OPTION> 601 <OPTION VALUE="=" '.@chk_select($this->criteria[0],"=").'>==</OPTION> 602 <OPTION VALUE="!=" '.@chk_select($this->criteria[0],"!=").'>!=</OPTION> 603 <OPTION VALUE="<" '.@chk_select($this->criteria[0],"<"). '><</OPTION> 604 <OPTION VALUE=">" '.@chk_select($this->criteria[0],">").'>></OPTION> 605 <OPTION VALUE="<=" '.@chk_select($this->criteria[0],"><="). '><=</OPTION> 606 <OPTION VALUE=">=" '.@chk_select($this->criteria[0],">=").'>>=</SELECT>'; 607 608 echo '<SELECT NAME="sig_priority[1]"> 609 <OPTION VALUE="" '.@chk_select($this->criteria[1], " ").'>'._DISPANYPRIO.'</OPTION> 610 <OPTION VALUE="null" '.@chk_select($this->criteria[1], "null").'>-'._UNCLASS.'-</OPTION>'; 611 $temp_sql = "select DISTINCT sig_priority from signature ORDER BY sig_priority ASC "; 612 $tmp_result = $this->db->baseExecute($temp_sql); 613 if ( $tmp_result ) 614 { 615 while ( $myrow = $tmp_result->baseFetchRow() ) 616 echo '<OPTION VALUE="'.$myrow[0].'" '.chk_select(@$this->criteria[1], $myrow[0]).'>'. 617 $myrow[0]; 618 619 $tmp_result->baseFreeRows(); 620 } 621 echo '</SELECT>  '; 622 } 623 } 624 625 function ToSQL() 626 { 627 /* convert this criteria to SQL */ 628 } 629 630 function Description() 631 { 632 $tmp = ""; 633 if (!isset($this->criteria[1])) { 634 $this->criteria = array(0 => '', 1 => ''); 635 } 636 637 if ( $this->db->baseGetDBversion() >= 103 ) 638 { 639 if ( $this->criteria[1] != " " && $this->criteria[1] != "" ) 640 { 641 if ( $this->criteria[1] == null) 642 $tmp = $tmp._SIGPRIO.' = '. 643 '<I>'._NONE.'</I><BR>'; 644 else 645 $tmp = $tmp._SIGPRIO.' '.htmlentities($this->criteria[0])." ".htmlentities($this->criteria[1]). 646 $this->cs->GetClearCriteriaString($this->export_name).'<BR>'; 647 } 648 } 649 650 return $tmp; 651 } 652 }; /* SignaturePriorityCriteria */ 653 654class AlertGroupCriteria extends SingleElementCriteria 655{ 656 function Init() 657 { 658 $this->criteria = ""; 659 } 660 661 function Clear() 662 { 663 /* clears the criteria */ 664 } 665 666 function SanitizeElement() 667 { 668 $this->criteria = CleanVariable($this->criteria, VAR_DIGIT); 669 } 670 671 function PrintForm() 672 { 673 674 echo '<SELECT NAME="ag"> 675 <OPTION VALUE=" " '.chk_select($this->criteria, " ").'>'._DISPANYAG; 676 677 $temp_sql = "SELECT ag_id, ag_name FROM acid_ag"; 678 $tmp_result = $this->db->baseExecute($temp_sql); 679 if ( $tmp_result ) 680 { 681 while ( $myrow = $tmp_result->baseFetchRow() ) 682 echo '<OPTION VALUE="'.$myrow[0].'" '.chk_select($this->criteria, $myrow[0]).'>'. 683 '['.$myrow[0].'] '.htmlspecialchars($myrow[1]); 684 685 $tmp_result->baseFreeRows(); 686 } 687 echo '</SELECT> '; 688 } 689 690 function ToSQL() 691 { 692 /* convert this criteria to SQL */ 693 } 694 695 function Description() 696 { 697 $tmp = ""; 698 699 if ( $this->criteria != " " && $this->criteria != "" ) 700 $tmp = $tmp._ALERTGROUP.' = ['.htmlentities($this->criteria).'] '.GetAGNameByID($this->criteria, $this->db). 701 $this->cs->GetClearCriteriaString($this->export_name).'<BR>'; 702 703 return $tmp; 704 } 705}; /* AlertGroupCriteria */ 706 707class SensorCriteria extends SingleElementCriteria 708{ 709 function Init() 710 { 711 $this->criteria = ""; 712 } 713 714 function Clear() 715 { 716 /* clears the criteria */ 717 } 718 719 function SanitizeElement() 720 { 721 $this->criteria = CleanVariable($this->criteria, VAR_DIGIT); 722 } 723 724 function PrintForm() 725 { 726 GLOBAL $debug_mode; 727 728 729 // How many sensors do we have? 730 $number_sensors = 0; 731 $number_sensors_lst = $this->db->baseExecute("SELECT count(*) FROM sensor"); 732 $number_sensors_array = $number_sensors_lst->baseFetchRow(); 733 $number_sensors_lst->baseFreeRows(); 734 if (!isset($number_sensors_array)) 735 { 736 $mystr = '<BR>' . __FILE__ . '' . __LINE__ . ": \$ERROR: number_sensors_array has not been set at all!<BR>"; 737 ErrorMessage($mystr); 738 $number_sensors = 0; 739 } 740 741 if ($number_sensors_array == NULL || $number_sensors_array == "") 742 { 743 $number_sensors = 0; 744 } 745 else 746 { 747 $number_sensors = $number_sensors_array[0]; 748 } 749 750 if ($debug_mode > 1) 751 { 752 echo '$number_sensors = ' . $number_sensors . '<BR><BR>'; 753 } 754 755 756 echo '<SELECT NAME="sensor"> 757 <OPTION VALUE=" " '.chk_select($this->criteria, " ").'>'._DISPANYSENSOR; 758 759 $temp_sql = "SELECT sid, hostname, interface, filter FROM sensor"; 760 $tmp_result = $this->db->baseExecute($temp_sql); 761 762 763 for ($n = 0; $n < $number_sensors; $n++) 764 { 765 $myrow = $tmp_result->baseFetchRow(); 766 767 if (!isset($myrow) || $myrow == "" || $myrow == NULL) 768 { 769 if ($n >= $number_sensors) 770 { 771 break; 772 } 773 else 774 { 775 next; 776 } 777 } 778 779 echo '<OPTION VALUE="' . $myrow[0] . '" ' . 780 chk_select($this->criteria, $myrow[0]) . '>' . 781 '[' . $myrow[0] . '] ' . 782 GetSensorName($myrow[0], $this->db); 783 } 784 $tmp_result->baseFreeRows(); 785 786 echo '</SELECT>  '; 787 } 788 789 function ToSQL() 790 { 791 /* convert this criteria to SQL */ 792 } 793 794 function Description() 795 { 796 $tmp = ""; 797 798 if ( $this->criteria != " " && $this->criteria != "" ) 799 $tmp = $tmp._SENSOR.' = ['.htmlentities($this->criteria).'] '. 800 GetSensorName($this->criteria, $this->db). 801 $this->cs->GetClearCriteriaString($this->export_name).'<BR>'; 802 803 return $tmp; 804 } 805}; /* SensorCriteria */ 806 807class TimeCriteria extends MultipleElementCriteria 808{ 809/* 810 * $time[MAX][10]: stores the date/time of the packet detection 811 * - [][0] : ( [][5] : hour 812 * - [][1] : =, !=, <, <=, >, >= [][6] : minute 813 * - [][2] : month [][7] : second 814 * - [][3] : day [][8] : (, ) 815 * - [][4] : year [][9] : AND, OR 816 * 817 * $time_cnt : number of rows in the $time[][] structure 818 */ 819 820 function Clear() 821 { 822 /* clears the criteria */ 823 } 824 825 function SanitizeElement($i) 826 { 827 // Make copy of element array. 828 $curArr = $this->criteria[$i]; 829 // Sanitize the element 830 $this->criteria[$i][0] = @CleanVariable($curArr[0], VAR_OPAREN); 831 $this->criteria[$i][1] = @CleanVariable($curArr[1], "", array("=", "!=", "<", "<=", ">", ">=")); 832 $this->criteria[$i][2] = @CleanVariable($curArr[2], VAR_DIGIT); 833 $this->criteria[$i][3] = @CleanVariable($curArr[3], VAR_DIGIT); 834 $this->criteria[$i][4] = @CleanVariable($curArr[4], VAR_DIGIT); 835 $this->criteria[$i][5] = @CleanVariable($curArr[5], VAR_DIGIT); 836 $this->criteria[$i][6] = @CleanVariable($curArr[6], VAR_DIGIT); 837 $this->criteria[$i][7] = @CleanVariable($curArr[7], VAR_DIGIT); 838 $this->criteria[$i][8] = @CleanVariable($curArr[8], VAR_OPAREN | VAR_CPAREN); 839 $this->criteria[$i][9] = @CleanVariable($curArr[9], "", array("AND", "OR")); 840 // Destroy the old copy 841 unset($curArr); 842 } 843 844 function PrintForm() 845 { 846 for ( $i = 0; $i < $this->criteria_cnt; $i++ ) 847 { 848 if (!@is_array($this->criteria[$i])) 849 $this->criteria = array(); 850 851 echo '<SELECT NAME="time['.$i.'][0]"><OPTION VALUE=" " '.chk_select(@$this->criteria[$i][0]," ").'>__'; 852 echo ' <OPTION VALUE="(" '.chk_select(@$this->criteria[$i][0],"(").'>(</SELECT>'; 853 echo '<SELECT NAME="time['.$i.'][1]"><OPTION VALUE=" " '.chk_select(@$this->criteria[$i][1]," "). '>'._DISPTIME; 854 echo ' <OPTION VALUE="=" '.chk_select(@$this->criteria[$i][1],"="). '>='; 855 echo ' <OPTION VALUE="!=" '.chk_select(@$this->criteria[$i][1],"!=").'>!='; 856 echo ' <OPTION VALUE="<" '.chk_select(@$this->criteria[$i][1],"<"). '><'; 857 echo ' <OPTION VALUE="<=" '.chk_select(@$this->criteria[$i][1],"<=").'><='; 858 echo ' <OPTION VALUE=">" '.chk_select(@$this->criteria[$i][1],">"). '>>'; 859 echo ' <OPTION VALUE=">=" '.chk_select(@$this->criteria[$i][1],">=").'>>=</SELECT>'; 860 861 echo '<SELECT NAME="time['.$i.'][2]"><OPTION VALUE=" " '.chk_select(@$this->criteria[$i][2]," " ).'>'._DISPMONTH; 862 echo ' <OPTION VALUE="01" '.chk_select(@$this->criteria[$i][2],"01").'>'._SHORTJAN; 863 echo ' <OPTION VALUE="02" '.chk_select(@$this->criteria[$i][2],"02").'>'._SHORTFEB; 864 echo ' <OPTION VALUE="03" '.chk_select(@$this->criteria[$i][2],"03").'>'._SHORTMAR; 865 echo ' <OPTION VALUE="04" '.chk_select(@$this->criteria[$i][2],"04").'>'._SHORTAPR; 866 echo ' <OPTION VALUE="05" '.chk_select(@$this->criteria[$i][2],"05").'>'._SHORTMAY; 867 echo ' <OPTION VALUE="06" '.chk_select(@$this->criteria[$i][2],"06").'>'._SHORTJUN; 868 echo ' <OPTION VALUE="07" '.chk_select(@$this->criteria[$i][2],"07").'>'._SHORTJLY; 869 echo ' <OPTION VALUE="08" '.chk_select(@$this->criteria[$i][2],"08").'>'._SHORTAUG; 870 echo ' <OPTION VALUE="09" '.chk_select(@$this->criteria[$i][2],"09").'>'._SHORTSEP; 871 echo ' <OPTION VALUE="10" '.chk_select(@$this->criteria[$i][2],"10").'>'._SHORTOCT; 872 echo ' <OPTION VALUE="11" '.chk_select(@$this->criteria[$i][2],"11").'>'._SHORTNOV; 873 echo ' <OPTION VALUE="12" '.chk_select(@$this->criteria[$i][2],"12").'>'._SHORTDEC.'</SELECT>'; 874 echo '<INPUT TYPE="text" NAME="time['.$i.'][3]" SIZE=2 VALUE="'.htmlspecialchars(@$this->criteria[$i][3]).'">'; 875 echo '<SELECT NAME="time['.$i.'][4]">'.dispYearOptions(@$this->criteria[$i][4]).'</SELECT>'; 876 877 echo '<INPUT TYPE="text" NAME="time['.$i.'][5]" SIZE=2 VALUE="'.htmlspecialchars(@$this->criteria[$i][5]).'"><B>:</B>'; 878 echo '<INPUT TYPE="text" NAME="time['.$i.'][6]" SIZE=2 VALUE="'.htmlspecialchars(@$this->criteria[$i][6]).'"><B>:</B>'; 879 echo '<INPUT TYPE="text" NAME="time['.$i.'][7]" SIZE=2 VALUE="'.htmlspecialchars(@$this->criteria[$i][7]).'">'; 880 881 echo '<SELECT NAME="time['.$i.'][8]"><OPTION VALUE=" " '.chk_select(@$this->criteria[$i][8]," ").'>__'; 882 echo ' <OPTION VALUE="(" '.chk_select(@$this->criteria[$i][8],"(").'>('; 883 echo ' <OPTION VALUE=")" '.chk_select(@$this->criteria[$i][8],")").'>)</SELECT>'; 884 echo '<SELECT NAME="time['.$i.'][9]"><OPTION VALUE=" " '.chk_select(@$this->criteria[$i][9]," "). '>__'; 885 echo ' <OPTION VALUE="OR" '.chk_select(@$this->criteria[$i][9],"OR"). '>'._OR; 886 echo ' <OPTION VALUE="AND" '.chk_select(@$this->criteria[$i][9],"AND").'>'._AND.'</SELECT>'; 887 888 if ( $i == $this->criteria_cnt-1 ) 889 echo ' <INPUT TYPE="submit" NAME="submit" VALUE="'._ADDTIME.'">'; 890 echo '<BR>'; 891 } 892 } 893 894 function ToSQL() 895 { 896 /* convert this criteria to SQL */ 897 } 898 899 function Description() 900 { 901 $tmp = ""; 902 for ($i = 0; $i < $this->criteria_cnt; $i++) 903 { 904 if ( isset($this->criteria[$i][1]) && $this->criteria[$i][1] != " " ) 905 { 906 $tmp = $tmp.'<CODE>'.htmlspecialchars($this->criteria[$i][0]).' time '.htmlspecialchars($this->criteria[$i][1]).' [ '; 907 908 /* date */ 909 if ( $this->criteria[$i][2] == " " && $this->criteria[$i][3] == "" && $this->criteria[$i][4] == " " ) 910 $tmp = $tmp." </CODE><I>any date</I><CODE>"; 911 else 912 $tmp = $tmp.(($this->criteria[$i][2] == " ") ? "* / " : $this->criteria[$i][2]." / "). 913 (($this->criteria[$i][3] == "" ) ? "* / " : $this->criteria[$i][3]." / "). 914 (($this->criteria[$i][4] == " ") ? "* " : $this->criteria[$i][4]." "); 915 $tmp = $tmp.'] [ '; 916 /* time */ 917 if ( $this->criteria[$i][5] == "" && $this->criteria[$i][6] == "" && $this->criteria[$i][7] == "" ) 918 $tmp = $tmp."</CODE><I>any time</I><CODE>"; 919 else 920 $tmp = $tmp.(($this->criteria[$i][5] == "") ? "* : " : $this->criteria[$i][5]." : "). 921 (($this->criteria[$i][6] == "") ? "* : " : $this->criteria[$i][6]." : "). 922 (($this->criteria[$i][7] == "") ? "* " : $this->criteria[$i][7]." "); 923 $tmp = $tmp.$this->criteria[$i][8].'] '.$this->criteria[$i][9]; 924 $tmp = $tmp.'</CODE><BR>'; 925 } 926 } 927 if ( $tmp != "" ) 928 $tmp = $tmp.$this->cs->GetClearCriteriaString($this->export_name); 929 930 return $tmp; 931 } 932}; /* TimeCriteria */ 933 934class IPAddressCriteria extends MultipleElementCriteria 935{ 936/* 937 * $ip_addr[MAX][10]: stores an ip address parameters/operators row 938 * - [][0] : ( [][5] : octet3 of address 939 * - [][1] : source, dest [][6] : octet4 of address 940 * - [][2] : =, != [][7] : network mask 941 * - [][3] : octet1 of address [][8] : (, ) 942 * - [][4] : octet2 of address [][9] : AND, OR 943 * 944 * $ip_addr_cnt: number of rows in the $ip_addr[][] structure 945 */ 946 947 function IPAddressCriteria(&$db, &$cs, $export_name, $element_cnt) 948 { 949 $tdb =& $db; 950 $cs =& $cs; 951 952 parent::MultipleElementCriteria($tdb, $cs, $export_name, $element_cnt, 953 array ("ip_src" => _SOURCE, 954 "ip_dst" => _DEST, 955 "ip_both" => _SORD)); 956 } 957 958 function Import() 959 { 960 parent::Import(); 961 962 /* expand IP into octets */ 963 for ( $i = 0; $i < $this->criteria_cnt; $i++ ) 964 { 965 if ( (isset ($this->criteria[$i][3])) && 966 (preg_match("/([0-9]*)\.([0-9]*)\.([0-9]*)\.([0-9]*)/", $this->criteria[$i][3])) ) 967 { 968 $tmp_ip_str = $this->criteria[$i][7] = $this->criteria[$i][3]; 969 $this->criteria[$i][3] = strtok($tmp_ip_str, "."); 970 $this->criteria[$i][4] = strtok("."); 971 $this->criteria[$i][5] = strtok("."); 972 $this->criteria[$i][6] = strtok("/"); 973 $this->criteria[$i][10] = strtok(""); 974 } 975 } 976 977 $_SESSION['ip_addr'] = &$this->criteria; 978 $_SESSION['ip_addr_cnt'] = &$this->criteria_cnt; 979 } 980 981 function Clear() 982 { 983 /* clears the criteria */ 984 } 985 986 function SanitizeElement() 987 { 988 $i = 0; 989 // Make copy of old element array 990 $curArr = $this->criteria[$i]; 991 // Sanitize element 992 $this->criteria[$i][0] = @CleanVariable($curArr[0], VAR_OPAREN); 993 $this->criteria[$i][1] = @CleanVariable($curArr[1], "", array_keys($this->valid_field_list)); 994 $this->criteria[$i][2] = @CleanVariable($curArr[2], "", array("=", "!=", "<", "<=", ">", ">=")); 995 $this->criteria[$i][3] = @CleanVariable($curArr[3], VAR_DIGIT); 996 $this->criteria[$i][4] = @CleanVariable($curArr[4], VAR_DIGIT); 997 $this->criteria[$i][5] = @CleanVariable($curArr[5], VAR_DIGIT); 998 $this->criteria[$i][6] = @CleanVariable($curArr[6], VAR_DIGIT); 999 $this->criteria[$i][7] = @CleanVariable($curArr[7], VAR_DIGIT | VAR_PERIOD | VAR_FSLASH); 1000 $this->criteria[$i][8] = @CleanVariable($curArr[8], VAR_OPAREN | VAR_CPAREN); 1001 $this->criteria[$i][9] = @CleanVariable($curArr[9], "", array("AND", "OR")); 1002 // Destroy copy 1003 unset($curArr); 1004 } 1005 1006 function PrintForm() 1007 { 1008 for ( $i = 0; $i < $this->criteria_cnt; $i++ ) 1009 { 1010 if (!is_array(@$this->criteria[$i])) 1011 $this->criteria = array(); 1012 1013 echo ' <SELECT NAME="ip_addr['.$i.'][0]"><OPTION VALUE=" " '.chk_select(@$this->criteria[$i][0]," ").'>__'; 1014 echo ' <OPTION VALUE="(" '.chk_select(@$this->criteria[$i][0],"(").'>(</SELECT>'; 1015 echo ' <SELECT NAME="ip_addr['.$i.'][1]"> 1016 <OPTION VALUE=" " '.chk_select(@$this->criteria[$i][1]," " ).'>'._DISPADDRESS.' 1017 <OPTION VALUE="ip_src" '.chk_select(@$this->criteria[$i][1],"ip_src").'>'._SHORTSOURCE.' 1018 <OPTION VALUE="ip_dst" '.chk_select(@$this->criteria[$i][1],"ip_dst").'>'._SHORTDEST.' 1019 <OPTION VALUE="ip_both" '.chk_select(@$this->criteria[$i][1],"ip_both").'>'._SHORTSOURCEORDEST.' 1020 </SELECT>'; 1021 echo ' <SELECT NAME="ip_addr['.$i.'][2]"> 1022 <OPTION VALUE="=" '.chk_select(@$this->criteria[$i][2],"="). '>= 1023 <OPTION VALUE="!=" '.chk_select(@$this->criteria[$i][2],"!=").'>!= 1024 </SELECT>'; 1025 1026 if ( $GLOBALS['ip_address_input'] == 2 ) 1027 echo ' <INPUT TYPE="text" NAME="ip_addr['.$i.'][3]" SIZE=16 VALUE="'.htmlspecialchars(@$this->criteria[$i][7]).'">'; 1028 else 1029 { 1030 echo ' <INPUT TYPE="text" NAME="ip_addr['.$i.'][3]" SIZE=3 VALUE="'.htmlspecialchars(@$this->criteria[$i][3]).'"><B>.</B>'; 1031 echo ' <INPUT TYPE="text" NAME="ip_addr['.$i.'][4]" SIZE=3 VALUE="'.htmlspecialchars(@$this->criteria[$i][4]).'"><B>.</B>'; 1032 echo ' <INPUT TYPE="text" NAME="ip_addr['.$i.'][5]" SIZE=3 VALUE="'.htmlspecialchars(@$this->criteria[$i][5]).'"><B>.</B>'; 1033 echo ' <INPUT TYPE="text" NAME="ip_addr['.$i.'][6]" SIZE=3 VALUE="'.htmlspecialchars(@$this->criteria[$i][6]).'"><!--<B>/</B>'; 1034 echo ' <INPUT TYPE="text" NAME="ip_addr['.$i.'][7]" SIZE=3 VALUE="'.htmlspecialchars(@$this->criteria[$i][7]).'">-->'; 1035 } 1036 echo ' <SELECT NAME="ip_addr['.$i.'][8]"><OPTION VALUE=" " '.chk_select(@$this->criteria[$i][8]," ").'>__'; 1037 echo ' <OPTION VALUE="(" '.chk_select(@$this->criteria[$i][8],"(").'>('; 1038 echo ' <OPTION VALUE=")" '.chk_select(@$this->criteria[$i][8],")").'>)</SELECT>'; 1039 echo ' <SELECT NAME="ip_addr['.$i.'][9]"><OPTION VALUE=" " '.chk_select(@$this->criteria[$i][9]," "). '>__'; 1040 echo ' <OPTION VALUE="OR" '.chk_select(@$this->criteria[$i][9],"OR"). '>'._OR; 1041 echo ' <OPTION VALUE="AND" '.chk_select(@$this->criteria[$i][9],"AND").'>'._AND.'</SELECT>'; 1042 if ( $i == $this->criteria_cnt-1 ) 1043 echo ' <INPUT TYPE="submit" NAME="submit" VALUE="'._ADDADDRESS.'">'; 1044 echo '<BR>'; 1045 } 1046 } 1047 1048 function ToSQL() 1049 { 1050 /* convert this criteria to SQL */ 1051 } 1052 1053 function Description() 1054 { 1055 $human_fields["ip_src"] = _SOURCE; 1056 $human_fields["ip_dst"] = _DEST; 1057 $human_fields["ip_both"] = _SORD; 1058 $human_fields[""] = ""; 1059 $human_fields["LIKE"] = _CONTAINS; 1060 $human_fields["="] = "="; 1061 1062 $tmp2 = ""; 1063 1064 for ( $i = 0; $i < $this->criteria_cnt; $i++ ) 1065 { 1066 $tmp = ""; 1067 if ( isset($this->criteria[$i][3]) && $this->criteria[$i][3] != "" ) 1068 { 1069 $tmp = $tmp.$this->criteria[$i][3]; 1070 if ( $this->criteria[$i][4] != "" ) 1071 { 1072 $tmp = $tmp.".".$this->criteria[$i][4]; 1073 if ( $this->criteria[$i][5] != "" ) 1074 { 1075 $tmp = $tmp.".".$this->criteria[$i][5]; 1076 if ( $this->criteria[$i][6] != "" ) 1077 { 1078 if ( ($this->criteria[$i][3].".".$this->criteria[$i][4].".". 1079 $this->criteria[$i][5].".".$this->criteria[$i][6]) == NULL_IP) 1080 $tmp = " unknown "; 1081 else 1082 $tmp = $tmp.".".$this->criteria[$i][6]; 1083 } 1084 else 1085 $tmp = $tmp.'.*'; 1086 } 1087 else 1088 $tmp = $tmp.'.*.*'; 1089 } 1090 else 1091 $tmp = $tmp.'.*.*.*'; 1092 } 1093 /* Make sure that the IP isn't blank */ 1094 if ( $tmp != "" ) 1095 { 1096 $mask = ""; 1097 if ( $this->criteria[$i][10] != "" ) 1098 $mask = "/".$this->criteria[$i][10]; 1099 1100 $tmp2 = $tmp2.$this->criteria[$i][0]. 1101 $human_fields[($this->criteria[$i][1])].' '.$this->criteria[$i][2]. 1102 ' '.$tmp.' '.$this->criteria[$i][8].' '.$this->criteria[$i][9].$mask. 1103 $this->cs->GetClearCriteriaString($this->export_name)."<BR>"; 1104 } 1105 } 1106 1107 return $tmp2; 1108 } 1109}; /* IPAddressCriteria */ 1110 1111class IPFieldCriteria extends ProtocolFieldCriteria 1112{ 1113/* 1114 * $ip_field[MAX][6]: stores all other ip fields parameters/operators row 1115 * - [][0] : ( [][3] : field value 1116 * - [][1] : TOS, TTL, ID, offset, length [][4] : (, ) 1117 * - [][2] : =, !=, <, <=, >, >= [][5] : AND, OR 1118 * 1119 * $ip_field_cnt: number of rows in the $ip_field[][] structure 1120 */ 1121 1122 function IPFieldCriteria(&$db, &$cs, $export_name, $element_cnt) 1123 { 1124 $tdb =& $db; 1125 $cs =& $cs; 1126 1127 parent::ProtocolFieldCriteria($tdb, $cs, $export_name, $element_cnt, 1128 array("ip_tos" => "TOS", 1129 "ip_ttl" => "TTL", 1130 "ip_id" => "ID", 1131 "ip_off" => "offset", 1132 "ip_csum" => "chksum", 1133 "ip_len" => "length")); 1134 } 1135 1136 function PrintForm() 1137 { 1138 parent::PrintForm($this->valid_field_list, _DISPFIELD, _ADDIPFIELD); 1139 } 1140 1141 function ToSQL() 1142 { 1143 /* convert this criteria to SQL */ 1144 } 1145 1146 function Description() 1147 { 1148 return parent::Description( array_merge( array ( "" => "", 1149 "LIKE" => _CONTAINS, 1150 "=" => "="), $this->valid_field_list ) ); 1151 } 1152}; 1153 1154class TCPPortCriteria extends ProtocolFieldCriteria 1155{ 1156/* 1157 * $tcp_port[MAX][6]: stores all port parameters/operators row 1158 * - [][0] : ( [][3] : port value 1159 * - [][1] : Source Port, Dest Port [][4] : (, ) 1160 * - [][2] : =, !=, <, <=, >, >= [][5] : AND, OR 1161 * 1162 * $tcp_port_cnt: number of rows in the $tcp_port[][] structure 1163 */ 1164 1165 function TCPPortCriteria(&$db, &$cs, $export_name, $element_cnt) 1166 { 1167 $tdb =& $db; 1168 $cs =& $cs; 1169 1170 parent::ProtocolFieldCriteria($tdb, $cs, $export_name, $element_cnt, 1171 array ("layer4_sport" => _SOURCEPORT, 1172 "layer4_dport" => _DESTPORT)); 1173 } 1174 1175 function PrintForm() 1176 { 1177 parent::PrintForm($this->valid_field_list, _DISPPORT, _ADDTCPPORT); 1178 } 1179 1180 function ToSQL() 1181 { 1182 /* convert this criteria to SQL */ 1183 } 1184 1185 function Description() 1186 { 1187 return parent::Description(array_merge( array("" => "", 1188 "=" => "="), $this->valid_field_list) ); 1189 } 1190}; /* TCPPortCriteria */ 1191 1192class TCPFieldCriteria extends ProtocolFieldCriteria 1193{ 1194/* 1195 * TCP Variables 1196 * ============= 1197 * $tcp_field[MAX][6]: stores all other tcp fields parameters/operators row 1198 * - [][0] : ( [][3] : field value 1199 * - [][1] : windows, URP [][4] : (, ) 1200 * - [][2] : =, !=, <, <=, >, >= [][5] : AND, OR 1201 * 1202 * $tcp_field_cnt: number of rows in the $tcp_field[][] structure 1203 */ 1204 1205 function TCPFieldCriteria(&$db, &$cs, $export_name, $element_cnt) 1206 { 1207 $tdb =& $db; 1208 $cs =& $cs; 1209 1210 parent::ProtocolFieldCriteria($tdb, $cs, $export_name, $element_cnt, 1211 array ("tcp_win" => "window", 1212 "tcp_urp" => "urp", 1213 "tcp_seq" => "seq #", 1214 "tcp_ack" => "ack", 1215 "tcp_off" => "offset", 1216 "tcp_res" => "res", 1217 "tcp_csum" => "chksum")); 1218 } 1219 1220 function PrintForm() 1221 { 1222 parent::PrintForm($this->valid_field_list, _DISPFIELD, _ADDTCPFIELD); 1223 } 1224 1225 function ToSQL() 1226 { 1227 /* convert this criteria to SQL */ 1228 } 1229 1230 function Description() 1231 { 1232 return parent::Description(array_merge ( array("" => ""), $this->valid_field_list) ); 1233 } 1234}; /* TCPFieldCriteria */ 1235 1236class TCPFlagsCriteria extends SingleElementCriteria 1237{ 1238/* 1239 * $tcp_flags[7]: stores all other tcp flags parameters/operators row 1240 * - [0] : is, contains [4] : 8 (RST) 1241 * - [1] : 1 (FIN) [5] : 16 (ACK) 1242 * - [2] : 2 (SYN) [6] : 32 (URG) 1243 * - [3] : 4 (PUSH) 1244 */ 1245 1246 function Init() 1247 { 1248 InitArray($this->criteria, $GLOBALS['MAX_ROWS'], TCPFLAGS_CFCNT, ""); 1249 } 1250 1251 function Clear() 1252 { 1253 /* clears the criteria */ 1254 } 1255 1256 function SanitizeElement() 1257 { 1258 $this->criteria = CleanVariable($this->criteria, VAR_DIGIT); 1259 } 1260 1261 function PrintForm() 1262 { 1263 if (!is_array($this->criteria[0])) 1264 $this->criteria = array(); 1265 1266 echo '<TD><SELECT NAME="tcp_flags[0]"><OPTION VALUE=" " '.chk_select($this->criteria[0]," ").'>'._DISPFLAGS; 1267 echo ' <OPTION VALUE="is" '.chk_select($this->criteria[0],"is").'>'._IS; 1268 echo ' <OPTION VALUE="contains" '.chk_select($this->criteria[0],"contains").'>'._CONTAINS.'</SELECT>'; 1269 echo ' <FONT>'; 1270 echo ' <INPUT TYPE="checkbox" NAME="tcp_flags[8]" VALUE="128" '.chk_check($this->criteria[8],"128").'> [RSV1]  '; 1271 echo ' <INPUT TYPE="checkbox" NAME="tcp_flags[7]" VALUE="64" '.chk_check($this->criteria[7],"64").'> [RSV0]  '; 1272 echo ' <INPUT TYPE="checkbox" NAME="tcp_flags[6]" VALUE="32" '.chk_check($this->criteria[6],"32").'> [URG]  '; 1273 echo ' <INPUT TYPE="checkbox" NAME="tcp_flags[5]" VALUE="16" '.chk_check($this->criteria[5],"16").'> [ACK]  '; 1274 echo ' <INPUT TYPE="checkbox" NAME="tcp_flags[3]" VALUE="8" '.chk_check($this->criteria[4],"8").'> [PSH]  '; 1275 echo ' <INPUT TYPE="checkbox" NAME="tcp_flags[4]" VALUE="4" '.chk_check($this->criteria[3],"4").'> [RST]  '; 1276 echo ' <INPUT TYPE="checkbox" NAME="tcp_flags[2]" VALUE="2" '.chk_check($this->criteria[2],"2").'> [SYN]  '; 1277 echo ' <INPUT TYPE="checkbox" NAME="tcp_flags[1]" VALUE="1" '.chk_check($this->criteria[1],"1").'> [FIN]  '; 1278 echo ' </FONT>'; 1279 } 1280 1281 function ToSQL() 1282 { 1283 /* convert this criteria to SQL */ 1284 } 1285 1286 function Description() 1287 { 1288 $human_fields["1"] = "F"; 1289 $human_fields["2"] = "S"; 1290 $human_fields["4"] = "R"; 1291 $human_fields["8"] = "P"; 1292 $human_fields["16"] = "A"; 1293 $human_fields["32"] = "U"; 1294 $human_fields["64"] = "[R0]"; 1295 $human_fields["128"] = "[R1]"; 1296 $human_fields["LIKE"] = _CONTAINS; 1297 $human_fields["="] = "="; 1298 1299 $tmp = ""; 1300 1301 if ( isset($this->criteria[0]) && ($this->criteria[0] != " ") && ($this->criteria[0] != "") ) 1302 { 1303 $tmp = $tmp.'flags '.$this->criteria[0].' '; 1304 for ( $i = 8; $i >=1; $i-- ) 1305 if ( $this->criteria[$i] == "" ) 1306 $tmp = $tmp.'-'; 1307 else 1308 $tmp = $tmp.$human_fields[($this->criteria[$i])]; 1309 1310 $tmp = $tmp.$this->cs->GetClearCriteriaString("tcp_flags").'<BR>'; 1311 } 1312 1313 return $tmp; 1314 } 1315 1316 function isEmpty() 1317 { 1318 if ( strlen($this->criteria) != 0 && ($this->criteria[0] != "") && ($this->criteria[0] != " ") ) 1319 return false; 1320 else 1321 return true; 1322 } 1323}; /* TCPFlagCriteria */ 1324 1325class UDPPortCriteria extends ProtocolFieldCriteria 1326{ 1327/* 1328 * $udp_port[MAX][6]: stores all port parameters/operators row 1329 * - [][0] : ( [][3] : port value 1330 * - [][1] : Source Port, Dest Port [][4] : (, ) 1331 * - [][2] : =, !=, <, <=, >, >= [][5] : AND, OR 1332 * 1333 * $udp_port_cnt: number of rows in the $udp_port[][] structure 1334 */ 1335 1336 function UDPPortCriteria(&$db, &$cs, $export_name, $element_cnt) 1337 { 1338 $tdb =& $db; 1339 $cs =& $cs; 1340 1341 parent::ProtocolFieldCriteria($tdb, $cs, $export_name, $element_cnt, 1342 array ("layer4_sport" => _SOURCEPORT, 1343 "layer4_dport" => _DESTPORT)); 1344 } 1345 1346 function PrintForm() 1347 { 1348 parent::PrintForm($this->valid_field_list, _DISPPORT, _ADDUDPPORT); 1349 } 1350 1351 function ToSQL() 1352 { 1353 /* convert this criteria to SQL */ 1354 } 1355 1356 function Description() 1357 { 1358 return parent::Description(array_merge( array("" => "", 1359 "=" => "="), $this->valid_field_list) ); 1360 } 1361}; /* UDPPortCriteria */ 1362 1363class UDPFieldCriteria extends ProtocolFieldCriteria 1364{ 1365/* 1366 * $udp_field[MAX][6]: stores all other udp fields parameters/operators row 1367 * - [][0] : ( [][3] : field value 1368 * - [][1] : length [][4] : (, ) 1369 * - [][2] : =, !=, <, <=, >, >= [][5] : AND, OR 1370 * 1371 * $udp_field_cnt: number of rows in the $udp_field[][] structure 1372 */ 1373 1374 function UDPFieldCriteria(&$db, &$cs, $export_name, $element_cnt) 1375 { 1376 $tdb =& $db; 1377 $cs =& $cs; 1378 1379 parent::ProtocolFieldCriteria($tdb, $cs, $export_name, $element_cnt, 1380 array ("udp_len" => "length", 1381 "udp_csum" => "chksum")); 1382 } 1383 1384 function PrintForm() 1385 { 1386 parent::PrintForm($this->valid_field_list, _DISPFIELD, _ADDUDPFIELD); 1387 } 1388 1389 function ToSQL() 1390 { 1391 /* convert this criteria to SQL */ 1392 } 1393 1394 function Description() 1395 { 1396 return parent::Description(array_merge ( array("" => ""), $this->valid_field_list) ); 1397 } 1398}; /* UDPFieldCriteria */ 1399 1400class ICMPFieldCriteria extends ProtocolFieldCriteria 1401{ 1402/* 1403 * $icmp_field[MAX][6]: stores all other icmp fields parameters/operators row 1404 * - [][0] : ( [][3] : field value 1405 * - [][1] : code, length [][4] : (, ) 1406 * - [][2] : =, !=, <, <=, >, >= [][5] : AND, OR 1407 * 1408 * $icmp_field_cnt: number of rows in the $icmp_field[][] structure 1409 */ 1410 1411 function ICMPFieldCriteria(&$db, &$cs, $export_name, $element_cnt) 1412 { 1413 $tdb =& $db; 1414 $cs =& $cs; 1415 1416 parent::ProtocolFieldCriteria($tdb, $cs, $export_name, $element_cnt, 1417 array ("icmp_type" => "type", 1418 "icmp_code" => "code", 1419 "icmp_id" => "id", 1420 "icmp_seq" => "seq #", 1421 "icmp_csum" => "chksum")); 1422 } 1423 1424 function PrintForm() 1425 { 1426 parent::PrintForm($this->valid_field_list, _DISPFIELD, _ADDICMPFIELD); 1427 } 1428 1429 function ToSQL() 1430 { 1431 /* convert this criteria to SQL */ 1432 } 1433 1434 function Description() 1435 { 1436 return parent::Description(array_merge ( array("" => ""), $this->valid_field_list) ); 1437 } 1438}; /* ICMPFieldCriteria */ 1439 1440class Layer4Criteria extends SingleElementCriteria 1441{ 1442 function Init() 1443 { 1444 $this->criteria = ""; 1445 } 1446 1447 function Clear() 1448 { 1449 /* clears the criteria */ 1450 } 1451 1452 function SanitizeElement() 1453 { 1454 $this->criteria = CleanVariable($this->criteria, "", array("UDP", "TCP", "ICMP", "RawIP")); 1455 } 1456 1457 function PrintForm() 1458 { 1459 if ( $this->criteria != "" ) 1460 echo '<INPUT TYPE="submit" NAME="submit" VALUE="'._NOLAYER4.'">  '; 1461 if ( $this->criteria == "TCP" ) 1462 echo ' 1463 <INPUT TYPE="submit" NAME="submit" VALUE="UDP">   1464 <INPUT TYPE="submit" NAME="submit" VALUE="ICMP">'; 1465 else if ( $this->criteria == "UDP" ) 1466 echo ' 1467 <INPUT TYPE="submit" NAME="submit" VALUE="TCP">   1468 <INPUT TYPE="submit" NAME="submit" VALUE="ICMP">'; 1469 else if ( $this->criteria == "ICMP" ) 1470 echo ' 1471 <INPUT TYPE="submit" NAME="submit" VALUE="TCP">   1472 <INPUT TYPE="submit" NAME="submit" VALUE="UDP">'; 1473 else 1474 echo ' 1475 <INPUT TYPE="submit" NAME="submit" VALUE="TCP">   1476 <INPUT TYPE="submit" NAME="submit" VALUE="UDP"> 1477 <INPUT TYPE="submit" NAME="submit" VALUE="ICMP">'; 1478 } 1479 1480 function ToSQL() 1481 { 1482 /* convert this criteria to SQL */ 1483 } 1484 1485 function Description() 1486 { 1487 if ( $this->criteria == "TCP" ) 1488 return _QCTCPCRIT; 1489 else if ( $this->criteria == "UDP" ) 1490 return _QCUDPCRIT; 1491 else if ( $this->criteria == "ICMP" ) 1492 return _QCICMPCRIT ; 1493 else 1494 return _QCLAYER4CRIT; 1495 } 1496}; /* Layer4Criteria */ 1497 1498class DataCriteria extends MultipleElementCriteria 1499{ 1500/* 1501 * $data_encode[2]: how the payload should be interpreted and converted 1502 * - [0] : encoding type (hex, ascii) 1503 * - [1] : conversion type (hex, ascii) 1504 * 1505 * $data[MAX][5]: stores all the payload related parameters/operators row 1506 * - [][0] : ( [][3] : (, ) 1507 * - [][1] : =, != [][4] : AND, OR 1508 * - [][2] : field value 1509 * 1510 * $data_cnt: number of rows in the $data[][] structure 1511 */ 1512 1513 var $data_encode; 1514 1515 function DataCriteria(&$db, &$cs, $export_name, $element_cnt) 1516 { 1517 $tdb =& $db; 1518 $cs =& $cs; 1519 1520 parent::MultipleElementCriteria($tdb, $cs, $export_name, $element_cnt, 1521 array ("LIKE" => _HAS, 1522 "NOT LIKE" => _HASNOT )); 1523 $this->data_encode = array(); 1524 } 1525 1526 function Init() 1527 { 1528 parent::Init(); 1529 InitArray($this->data_encode, 2, 0, ""); 1530 } 1531 1532 function Import() 1533 { 1534 parent::Import(); 1535 1536 $this->data_encode = SetSessionVar("data_encode"); 1537 1538 $_SESSION['data_encode'] = &$this->data_encode; 1539 } 1540 1541 function Clear() 1542 { 1543 /* clears the criteria */ 1544 } 1545 1546 function SanitizeElement($i) 1547 { 1548 $this->data_encode[0] = CleanVariable($this->data_encode[0], "", array("hex", "ascii")); 1549 $this->data_encode[1] = CleanVariable($this->data_encode[1], "", array("hex", "ascii")); 1550 // Make a copy of the element array 1551 $curArr = $this->criteria[$i]; 1552 // Sanitize the array 1553 $this->criteria[$i][0] = CleanVariable($curArr[0], VAR_OPAREN); 1554 $this->criteria[$i][1] = CleanVariable($curArr[1], "", array_keys($this->valid_field_list)); 1555 $this->criteria[$i][2] = CleanVariable($curArr[2], VAR_FSLASH | VAR_PERIOD | VAR_DIGIT | VAR_PUNC | VAR_LETTER ); 1556 $this->criteria[$i][3] = CleanVariable($curArr[3], VAR_OPAREN | VAR_CPAREN); 1557 $this->criteria[$i][4] = CleanVariable($curArr[4], "", array("AND", "OR")); 1558 // Destroy the copy 1559 unset($curArr); 1560 } 1561 1562 function PrintForm() 1563 { 1564 if (!is_array(@$this->criteria[0])) 1565 $this->criteria = array(); 1566 1567 echo '<B>'._INPUTCRTENC.':</B>'; 1568 echo '<SELECT NAME="data_encode[0]"><OPTION VALUE=" " '.@chk_select($this->data_encode[0]," ").'>'._DISPENCODING; 1569 echo ' <OPTION VALUE="hex" '.@chk_select($this->data_encode[0],"hex").'>hex'; 1570 echo ' <OPTION VALUE="ascii"'.@chk_select($this->data_encode[0],"ascii").'>ascii</SELECT>'; 1571 echo '<B>'._CONVERT2WS.':</B>'; 1572 echo '<SELECT NAME="data_encode[1]"><OPTION VALUE=" " '.@chk_select(@$this->data_encode[1]," ").'>'._DISPCONVERT2; 1573 echo ' <OPTION VALUE="hex" '.@chk_select(@$this->data_encode[1],"hex").'>hex'; 1574 echo ' <OPTION VALUE="ascii"'.@chk_select(@$this->data_encode[1],"ascii").'>ascii</SELECT>'; 1575 echo '<BR>'; 1576 1577 for ( $i = 0; $i < $this->criteria_cnt; $i++ ) 1578 { 1579 echo '<SELECT NAME="data['.$i.'][0]"><OPTION VALUE=" " '.chk_select(@$this->criteria[$i][0]," ").'>__'; 1580 echo ' <OPTION VALUE="(" '.chk_select(@$this->criteria[$i][0],"(").'>(</SELECT>'; 1581 echo '<SELECT NAME="data['.$i.'][1]"><OPTION VALUE=" " '.chk_select(@$this->criteria[$i][1]," "). '>'._DISPPAYLOAD; 1582 echo ' <OPTION VALUE="LIKE" '.chk_select(@$this->criteria[$i][1],"LIKE"). '>'._HAS; 1583 echo ' <OPTION VALUE="NOT LIKE" '.chk_select(@$this->criteria[$i][1],"NOT LIKE").'>'._HASNOT.'</SELECT>'; 1584 1585 echo '<INPUT TYPE="text" NAME="data['.$i.'][2]" SIZE=45 VALUE="'.htmlspecialchars(@$this->criteria[$i][2]).'">'; 1586 1587 echo '<SELECT NAME="data['.$i.'][3]"><OPTION VALUE=" " '.chk_select(@$this->criteria[$i][3]," ").'>__'; 1588 echo ' <OPTION VALUE="(" '.chk_select(@$this->criteria[$i][3],"(").'>('; 1589 echo ' <OPTION VALUE=")" '.chk_select(@$this->criteria[$i][3],")").'>)</SELECT>'; 1590 echo '<SELECT NAME="data['.$i.'][4]"><OPTION VALUE=" " '.chk_select(@$this->criteria[$i][4]," "). '>__'; 1591 echo ' <OPTION VALUE="OR" '.chk_select(@$this->criteria[$i][4],"OR"). '>'._OR; 1592 echo ' <OPTION VALUE="AND" '.chk_select(@$this->criteria[$i][4],"AND").'>'._AND.'</SELECT>'; 1593 1594 if ( $i == $this->criteria_cnt-1 ) 1595 echo ' <INPUT TYPE="submit" NAME="submit" VALUE="'._ADDPAYLOAD.'">'; 1596 echo '<BR>'; 1597 } 1598 } 1599 1600 function ToSQL() 1601 { 1602 /* convert this criteria to SQL */ 1603 } 1604 1605 function Description() 1606 { 1607 $human_fields["LIKE"] = _CONTAINS; 1608 $human_fields["NOT LIKE"] = _DOESNTCONTAIN; 1609 $human_fields[""] = ""; 1610 1611 $tmp = ""; 1612 1613 if ( $this->data_encode[0] != " " && $this->data_encode[1] != " ") 1614 { 1615 $tmp = $tmp.' ('._DENCODED.' '.$this->data_encode[0]; 1616 $tmp = $tmp.' => '.$this->data_encode[1]; 1617 $tmp = $tmp.')<BR>'; 1618 } 1619 else 1620 $tmp = $tmp.' '._NODENCODED.'<BR>'; 1621 1622 for ( $i = 0; $i < $this->criteria_cnt; $i++ ) 1623 { 1624 if ($this->criteria[$i][1] != " " && $this->criteria[$i][2] != "" ) 1625 $tmp = $tmp.$this->criteria[$i][0].$human_fields[$this->criteria[$i][1]].' "'.$this->criteria[$i][2]. 1626 '" '.$this->criteria[$i][3].' '.$this->criteria[$i][4]; 1627 } 1628 1629 if ( $tmp != "" ) 1630 $tmp = $tmp.$this->cs->GetClearCriteriaString($this->export_name); 1631 1632 return $tmp; 1633 } 1634}; 1635 1636?> 1637