#!/usr/bin/perl # Copyright Andrew Gavin 2009-2012 # # This file is part of OpenDLP. # # OpenDLP is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # OpenDLP is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # You should have received a copy of the GNU General Public License # along with OpenDLP. If not, see . use CGI qw/:standard/; use DBI; my $version = get_version(); my $db_admin_file = "../etc/db_admin"; my $is_valid = 1; my %systems = (); open( DB, $db_admin_file ); my $db_line = ; close( DB ); chomp $db_line; my ($db_username, $db_password) = split( ":", $db_line ); header(); my $query = CGI->new; my $scanname = $query->param('scanname'); if( $scanname ne "" && $scanname !~ /^[a-z0-9\ \,\.\-\_]+$/i ) { $is_valid = 0; print "Invalid scan name

\n"; } my $system = $query->param('system'); if( $system ne "" && $system !~ /^[A-Z0-9]{32}$/ ) { $is_valid = 0; print "Invalid system tracker

\n"; } if( $is_valid ) { print "View False Positives

\n"; # if no arguments are given if( $system eq "" && $scanname eq "" ) { my %scans = (); print "On this screen, you can:
\n"; print "
  • Select a scan to view the false positives associated with its systems
  • \n"; print "
  • After selecting a scan, reverse false positives so they display in results

    \n"; print "
    \n"; print "\n"; print "\n"; my $dbh = DBI->connect("DBI:mysql:database=OpenDLP;host=localhost",$db_username,$db_password); my $string = "SELECT scan,is_false FROM results where is_false = 1"; my $sth = $dbh->prepare( $string ); $sth->execute(); while( my $results = $sth->fetchrow_arrayref() ) { $scans{$$results[0]}++; } foreach my $scankey( sort( keys( %scans ))) { print "\n"; print "\n"; print "\n"; } print "\n"; print "
    DetailsScan nameFalse Positives
    $scankey$scans{$scankey}
    \n"; } # if scanname is given as an argument, but not system elsif( $scanname ne "" && $system eq "" ) { print "Select a system in scan \"$scanname\" to view its detailed false positives:

    \n"; print "
    \n"; print "\n"; print "\n"; print "\n"; my $dbh = DBI->connect("DBI:mysql:database=OpenDLP;host=localhost",$db_username,$db_password); my $string = "SELECT results.tracker,results.system,systems.ip FROM results,systems WHERE results.is_false = 1 AND results.scan=? AND results.tracker = systems.tracker"; my $sth = $dbh->prepare( $string ); $sth->execute( $scanname ); while( my $results = $sth->fetchrow_arrayref() ) { $system{$$results[0]}{system} = $$results[1]; $system{$$results[0]}{ip} = $$results[2]; $system{$$results[0]}{false}++; } foreach my $tracking( sort( keys( %system ))) { print "\n\n"; my $printme_system = $system{$tracking}{system}; $printme_system = replacechars( $printme_system ); my $printme_ip = $system{$tracking}{ip}; $printme_ip = replacechars( $printme_ip ); print "\n"; print "\n"; print "\n"; print "\n"; } print "

    Network nameIP addressFalse Positives
    $printme_system$printme_ip$system{$tracking}{false}
    \n"; } # look at details of specific system elsif( $scanname ne "" && $system ne "" ) { my $dbh = DBI->connect("DBI:mysql:database=OpenDLP;host=localhost",$db_username,$db_password); my $string = "SELECT system,ip,scantype from systems where scan=? AND tracker=?"; my $sth = $dbh->prepare( $string ); $sth->execute( $scanname, $system ); my $results = $sth->fetchrow_arrayref(); my $hostname = $$results[0]; my $ip = $$results[1]; my $scantype = $$results[2]; if( $scantype eq "win_agent" || $scantype eq "win_agentless" || $scantype eq "unix_agentless" || $scantype eq "win_share" ) { print "Select a false positive to clear for system $ip"; if( $hostname ne "" ) { print " ($hostname)"; } print " in scan \"$scanname\":

    \n"; my $string = "SELECT type,pattern,file,offset,md5,number FROM results WHERE scan=? AND tracker=? AND is_false = \"1\""; my $sth = $dbh->prepare( $string ); $sth->execute( $scanname, $system ); my $row_counter = 1; print "\n"; print "\n"; print "\n"; print "\n"; print "\n"; print "\n"; print "\n"; print "\n"; print "\n"; print "\n"; while( my $results = $sth->fetchrow_arrayref() ) { my $type = $$results[0]; my $pattern = $$results[1]; my $file = $$results[2]; my $offset = $$results[3]; my $md5 = $$results[4]; my $number = $$results[5]; print "\n"; $row_counter++; print "\n"; my $pattern_copy = replacechars( $pattern ); print "\n"; my $file_printme = $file; $file_printme =~ s/\\\\/\\/g; $file_printme = replacechars( $file_printme ); print "\n"; print "\n"; print "\n\n"; } print "\n"; print "
    #RegexPatternFileByte offsetFalse?
    $row_counter$type$pattern_copy$file_printme$offset
    \n"; } elsif( $scantype =~ /^(mssql_agentless|mysql_agentless|oracle_agentless)$/ ) { print "Select a false positive to clear for database server $ip"; if( $hostname ne "" ) { print " ($hostname)"; } print " in scan \"$scanname\":

    \n"; my $string = "SELECT type,pattern,db,tbl,col,row,number FROM results WHERE scan=? AND tracker=? AND is_false = \"1\""; my $sth = $dbh->prepare( $string ); $sth->execute( $scanname, $system ); my $row_counter = 1; print "
    \n"; print "\n"; print "\n"; print "\n"; print "\n"; print "\n"; print "\n"; print "\n"; print "\n"; print "\n"; print "\n"; print "\n"; while( my $results = $sth->fetchrow_arrayref() ) { my $type = $$results[0]; my $pattern = $$results[1]; my $db = $$results[2]; my $tbl = $$results[3]; my $col = $$results[4]; my $row = $$results[5]; my $number = $$results[6]; print "\n"; $row_counter++; print "\n"; my $pattern_copy = replacechars( $pattern ); print "\n"; my $db_printme = replacechars( $db ); print "\n"; my $tbl_printme = replacechars( $tbl ); print "\n"; my $col_printme = replacechars( $col ); print "\n"; print "\n"; print "\n\n"; } print "\n"; print "
    #RegexPatternDatabaseTableColumnRowFalse?
    $row_counter$type$pattern_copy$db_printme$tbl_printme$col_printme$row
    \n"; } } } footer(); sub header { print "Content-type: text/html\n\n"; print "\n\n"; print "OpenDLP $version\n"; print "\n"; print "\n"; print "\n"; print "\n"; print "\n"; print qq { }; print "\n"; print "\n"; print '
    ' . "\n"; } sub footer { print "
    \n"; } sub replacechars { my $string = shift; $string =~ s/\&/\&/g; $string =~ s/\#/#/g; $string =~ s/"/"/g; $string =~ s/\%/%/g; $string =~ s/\'/'/g; $string =~ s/\////g; $string =~ s//>/g; $string =~ s/\[/[/g; $string =~ s/\\/\/g; $string =~ s/\]/]/g; $string =~ s/`/`/g; $string =~ s/{/{/g; $string =~ s/\|/|/g; $string =~ s/}/}/g; $string =~ s/\(/(/g; $string =~ s/\)/)/g; $string =~ s/\n/
    /g; $string =~ s/\ / /g; return $string; } sub get_version { open( V, "<../etc/version" ); my $v = ; close( V ); chomp $v; return $v; }