[Secureideas-cvs] base-php4/includes base_signature.inc.php, 1.18, 1.19
Brought to you by:
secureideas,
sinukas
Menu
▾
▴
[Secureideas-cvs] base-php4/includes base_signature.inc.php, 1.18, 1.19
|
From: Juergen L. <jle...@us...> - 2008-05-01 14:47:44
|
Update of /cvsroot/secureideas/base-php4/includes In directory sc8-pr-cvs8.sourceforge.net:/tmp/cvs-serv12756/base-php4/includes Modified Files: base_signature.inc.php Log Message: It's debug time: Therefore I have added - sanity checks - more debug output Index: base_signature.inc.php =================================================================== RCS file: /cvsroot/secureideas/base-php4/includes/base_signature.inc.php,v retrieving revision 1.18 retrieving revision 1.19 diff -u -d -r1.18 -r1.19 --- base_signature.inc.php 20 Feb 2008 16:50:00 -0000 1.18 +++ base_signature.inc.php 1 May 2008 14:47:38 -0000 1.19 @@ -214,6 +214,25 @@ * - Michael Bell <mic...@we...> : links for IP address in spp_portscan alerts */ { + GLOBAL $debug_mode; + + if ( + !isset($signature) || + empty($signature) || + !is_string($signature) + ) + { + if ($debug_mode > 1) + { + SQLTraceLog(__FILE__ . ":" . __LINE__ . ":" . __FUNCTION__ . ": ERROR: \$signature == \"" . var_dump($signature) . "\". Returning with empty string."); + + } + + return ""; + } + + + if ($style == 2) return $signature; @@ -230,11 +249,44 @@ "<A HREF=\"".$GLOBALS['external_sig_link']['mcafee'][0]."\\1\" TARGET=\"_ACID_ALERT_DESC\">MCAFEE ID \\1</A>", "<A HREF=\"".$GLOBALS['external_sig_link']['cve'][0]."\\1\" TARGET=\"_ACID_ALERT_DESC\">\\1</A>"); - $msg = preg_replace($pattern, $replace, $signature); + try + { + $msg = preg_replace($pattern, $replace, $signature); + } + catch(Exception $e) + { + print "<BR><BR>\n\n" . __FILE__ . ":" . __LINE__ . ":" . __FUNCTION__ . ": ERROR: preg_replace has failed: \"" . $e ."\" with \$pattern = \"" . $pattern . "\", \$replace = \"" . $replace . "\" and \$signature = \"" . $signature . "\". Returning with empty string.<BR><BR>\n\n"; + + return ""; + } + + + if ( + !isset($msg) || + empty($msg) || + !is_string($msg) + ) + { + if ($debug_mode > 1) + { + SQLTraceLog(__FILE__ . ":" . __LINE__ . ":" . __FUNCTION__ . ": ERROR: \$msg == \"" . var_dump($msg) . "\". Returning with empty string."); + } + + return ""; + } + + + /* fixup portscan message strings */ if ( stristr($msg, "spp_portscan") ) { + if ($debug_mode > 1) + { + SQLTraceLog(__FILE__ . ":" . __LINE__ . ":" . __FUNCTION__ . ": Before fixup portscan message strings"); + } + + /* replace "spp_portscan: portscan status" => "spp_portscan" */ $msg = preg_replace("/spp_portscan: portscan status/", "spp_portscan", $msg); @@ -245,6 +297,11 @@ $msg = preg_replace("/([0-9]*\.[0-9]*\.[0-9]*\.[0-9]*)/", "<A HREF=\"base_stat_ipaddr.php?ip=\\1&netmask=32\">\\1</A>", $msg); + + if ($debug_mode > 1) + { + SQLTraceLog(__FILE__ . ":" . __LINE__ . ":" . __FUNCTION__ . ": After fixup portscan message strings"); + } } return $msg; @@ -284,14 +341,47 @@ SQLTraceLog(__FILE__ . ":" . __LINE__ . ":" . __FUNCTION__ . ": After GetSignatureName()"); } - if ( $sig_name != "" ) + if ( + isset($sig_name) && + !empty($sig_name) && + is_string($sig_name) && + ($sig_name != "") + ) { //return GetSignatureReference($sig_id, $db, $style)." ".BuildSigLookup($sig_name, $style); if ($debug_mode > 1) { - SQLTraceLog(__FILE__ . ":" . __LINE__ . ":" . __FUNCTION__ . ": Before BuildSigLookup()"); + SQLTraceLog(__FILE__ . ":" . __LINE__ . ":" . __FUNCTION__ . ": Before BuildSigLookup() with \$sig_name == \"" . $sig_name . "\""); + } + + try + { + $buf1 = BuildSigLookup($sig_name, $style); + } + catch(Exception $e) + { + $error_msg = __FILE__ . ":" . __LINE__ . ":" . __FUNCTION__ . ": ERROR: BuildSigLookup() has failed: \"" . $e . "\". Returning with empty string."; + if ($debug_mode > 1) + { + SQLTraceLog($error_msg); + } + + return "(" . $sig_id . ") (1) " . _ERRSIGNAMEUNK; + } + + if ( + !isset($buf1) || + empty($buf1) || + !is_string($buf1) + ) + { + $error_msg = var_dump($buf1); + if ($debug_mode > 1) + { + SQLTraceLog($error_msg); + } + return "(" . $sig_id . ") (2) " . _ERRSIGNAMEUNK; } - $buf1 = BuildSigLookup($sig_name, $style); if ($debug_mode > 1) { |