#!/usr/bin/perl # Copyright Andrew Gavin 2009-2012 # # This file is part of OpenDLP. # # OpenDLP is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # OpenDLP is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # You should have received a copy of the GNU General Public License # along with OpenDLP. If not, see . use CGI qw/:standard/; use DBI; my $version = get_version(); my $db_admin_file = "../etc/db_admin"; my( $db_username, $db_password ) = ""; open( DB, $db_admin_file ); my $db_line = ; close( DB ); chomp $db_line; ($db_username, $db_password) = split( ":", $db_line ); my $query = CGI->new; my $old_profile = $query->param('edit'); my( $old_username, $old_domain, $old_exts, $old_ignore_exts, $old_dirs, $old_ignore_dirs ) = ""; my( $old_regex, $old_path, $old_phonehomeurl, $old_phonehomeuser, $old_delaytime ) = ""; my( $old_description, $old_debug, $old_concurrent, $old_creditcards, $old_zipfiles ) = ""; my( $old_memory, $old_mask ) = ""; my( $old_ignore_dbs, $old_dbs, $old_ignore_tables, $old_tables, $old_ignore_columns ) = ""; my( $old_columns, $old_rows, $old_scantype ) = ""; my $old_smbhash = ""; my $old_found = 0; if( $old_profile ne "" ) { my $dbh = DBI->connect("DBI:mysql:database=OpenDLP;host=localhost",$db_username,$db_password); my $string = "SELECT * from profiles where profile=?"; my $sth = $dbh->prepare( $string ); $sth->execute( $old_profile ); $results = $sth->fetchrow_arrayref(); $old_username = $$results[1]; $old_domain = $$results[3]; $old_exts = $$results[4]; $old_ignore_exts = $$results[5]; $old_dirs = $$results[6]; $old_ignore_dirs = $$results[7]; $old_regex = $$results[8]; $old_path = $$results[9]; $old_phonehomeurl = $$results[10]; $old_phonehomeuser = $$results[11]; $old_delaytime = $$results[13]; $old_description = $$results[14]; $old_debug = $$results[15]; $old_concurrent = $$results[17]; $old_creditcards = $$results[18]; $old_zipfiles = $$results[19]; $old_memory = $$results[20]; $old_mask = $$results[21]; $old_smbhash = $$results[22]; $old_ignore_dbs = $$results[23]; $old_dbs = $$results[24]; $old_ignore_tables = $$results[25]; $old_tables = $$results[26]; $old_ignore_columns = $$results[27]; $old_columns = $$results[28]; $old_rows = $$results[29]; $old_scantype = $$results[30]; $sth->finish; $dbh->disconnect; if( $$results[0] ne "" ) { $old_found = 1; } } header(); print qq { Create a new scan profile

}; print "\n"; if( $old_found == 0 ) { print "\n"; print "\n"; # username print "\n"; # password if( $old_found != 1 ) { print "\n"; } else { print "\n"; } print "
Profile Name
Scan Type
Scan Type
Mask Sensitive Data?
Username
Password
Password
\n"; print "
\n"; print "\n"; # domain print "\n"; print "
Windows Domain/Workgroup
(For Windows OS scans (except Windows Share scans): Required.
For MSSQL DB scans:
  • Specify if you are using OS account
  • Leave blank if using DB account
  • \n"; print "
    \n"; print "\n"; # databases if( $old_found == 0 ) { print "\n"; } else { print "\n"; } # tables if( $old_found == 0 ) { print "\n"; } else { print "\n"; } # columns if( $old_found == 0 ) { print "\n"; } else { print "\n"; } if( $old_found == 0 ) { print "\n"; } else { print "\n"; } print "
    Databases
    (Newline-delimit the database names in this list)
    \n"; print 'Scan all databases
    ' . "\n"; print 'Scan all databases except these
    ' . "\n"; print 'Only scan the following databases
    ' . "\n"; print "\n"; print "
    Databases
    (Newline-delimit the database names in this list)
    \n"; print 'Scan all databases
    \n"; print 'Scan all databases except these
    \n"; print 'Only scan the following databases
    \n"; print "
    Tables
    (Newline-delimit the table names in this list)
    \n"; print 'Scan all tables
    ' . "\n"; print 'Scan all tables except these
    ' . "\n"; print 'Only scan the following tables
    ' . "\n"; print "\n"; print "
    Tables
    (Newline-delimit the table names in this list)
    \n"; print 'Scan all tables
    \n"; print 'Scan all tables except these
    \n"; print 'Only scan the following tables
    \n"; print "
    Columns
    (Newline-delimit the column names in this list)
    \n"; print 'Scan all columns
    ' . "\n"; print 'Scan all columns except these
    ' . "\n"; print 'Only scan the following columns
    ' . "\n"; print "\n"; print "
    Columns
    (Newline-delimit the column names in this list)
    \n"; print 'Scan all columns
    \n"; print 'Scan all columns except these
    \n"; print 'Only scan the following columns
    \n"; print "
    Limit columns to X rows
    (Use \"0\" to get all rows)
    Limit columns to X rows
    (Use \"0\" to get all rows)
    \n"; print "\n\n"; print "
    \n"; ###################### # End of MSSQL
    # ###################### print "
    \n"; print "\n"; print "\n"; print "
    SMBHash
    \n"; print "\n\n"; print "
    \n"; print "
    \n"; print "\n"; if( $old_found == 0 ) { print "\n"; } else { print "\n"; } print "
    Installation Path
    (Must be new directory. Be aware temporary files may be readable by other users.)
    Installation Path
    (Must be new directory)
    \n"; print "\n"; print "
    \n"; print "\n"; if( $old_found == 0 ) { print qq { }; } else { print "\n"; print "\n"; } print "
    Memory Limit
    (as percent of target system's total RAM)
    Memory Limit
    (as percent of target system's total RAM)
    \n"; print "\n"; print "
    \n"; print "\n"; print qq { }; } else { print 'Scan all directories
    \n"; print 'Scan all directories except these (recursive)
    \n"; print 'Only scan the following directories (recursive)
    \n"; print "
    \n"; } print "}; } else { print 'Scan all files
    \n"; print 'Scan all files except files with the following extensions
    \n"; print 'Only scan files with the following file extensions
    \n"; print "
    \n"; } print "
    Directories
    (Newline-delimit the file extensions in this list)
    }; if( $old_found == 0 ) { print qq { Scan all directories
    Scan all directories except these (recursive)
    Only scan the following directories (recursive)

    File Extensions
    (Newline-delimit the file extensions in this list)
    \n"; if( $old_found == 0 ) { print qq { Scan all files
    Scan all files except files with the following extensions
    Only scan files with the following file extensions

    \n"; print "\n\n"; print "
    \n"; print "\n"; print "\n"; print "\n"; if( $old_found == 0 ) { print qq { }; } else { print "\n"; print "\n"; } print "
    Regular Expressions "; if( $old_found == 0 ) { my $dbh = DBI->connect("DBI:mysql:database=OpenDLP;host=localhost",$db_username,$db_password); my $string = "SELECT number,name,pattern from regexes"; my $sth = $dbh->prepare( $string ); $sth->execute(); while( my $results = $sth->fetchrow_arrayref() ) { print "$$results[1]
    \n"; } $sth->finish; $dbh->disconnect; } else { my @old_regexes = split( ",", $old_regex ); my $dbh = DBI->connect("DBI:mysql:database=OpenDLP;host=localhost",$db_username,$db_password); my $string = "SELECT number,name,pattern from regexes"; my $sth = $dbh->prepare( $string ); $sth->execute(); while( my $results = $sth->fetchrow_arrayref() ) { print "$$results[1]
    \n"; } $sth->finish; $dbh->disconnect; } print "
    Credit Cards
    (Newline-delimit the names of the regex aliases)
    Credit Cards
    (Newline-delimit the names of the regex aliases)
    \n"; print "\n\n"; print "
    \n"; if( $old_found == 0 ) { print qq { }; } else { print "\n"; print "\n"; } print "
    ZIP Extensions
    (Treat these extensions as ZIP files. Newline-delimit the names of file extensions.)
    ZIP Extensions
    (Treat these extensions as ZIP files. Newline-delimit the names of file extensions.)
    \n"; print "\n"; print "
    \n"; print "\n"; print "\n"; if( $old_found == 0 ) { my $results_url = url(-query_string=>1); $results_url =~ s/profiles\.html$/results\/results\.html/; print "\n"; } else { print "\n"; } if( $old_found == 0 ) { print "\n"; } else { print "\n"; } if( $old_found == 0 ) { print "\n"; } else { print "\n"; } if( $old_found == 0 ) { print "\n"; } else { print "\n"; } if( $old_found == 0 ) { print "\n"; } else { print "\n"; } if( $old_found == 0 ) { print "\n"; } else { print "\n"; } print qq {
    Upload URL
    (This is the URL on your web server)
    Upload URL username
    Upload URL username
    Upload URL password
    Upload URL password
    Time between uploads
    Time between uploads
    Description
    (will show as Windows Service description)
    Description
    (will show as Windows Service description)
    }; if( $old_found == 0 ) { print "\n"; } else { print "\n"; } if( $old_found == 0 ) { print qq { }; } else { print "\n"; print "\n"; } print qq {
    Concurrent deployments
    (Only for initial deployment, not running)
    Concurrent deployments
    (Only for initial deployment, not running)
    Log Verbosity
    Log Verbosity
    Submit



    }; footer(); sub header { print "Content-type: text/html\n\n"; print "\n\n"; print "OpenDLP $version\n"; print "\n"; print "\n"; print "\n"; print "\n"; print "\n"; print qq { \n"; print "\n"; print "\n"; print '
    ' . "\n"; } sub footer { print "
    \n"; } sub get_version { open( V, "<../etc/version" ); my $v = ; close( V ); chomp $v; return $v; }