#!/usr/bin/perl
# Copyright Andrew Gavin 2009-2012
#
# This file is part of OpenDLP.
#
# OpenDLP is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# OpenDLP is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
# You should have received a copy of the GNU General Public License
# along with OpenDLP. If not, see .
use CGI qw/:standard/;
use DBI;
my $version = get_version();
my $db_admin_file = "../etc/db_admin";
my $is_valid = 1;
my %systems = ();
open( DB, $db_admin_file );
my $db_line = ;
close( DB );
chomp $db_line;
my ($db_username, $db_password) = split( ":", $db_line );
header();
my $query = CGI->new;
my $scanname = $query->param('scanname');
if( $scanname ne "" && $scanname !~ /^[a-z0-9\ \,\.\-\_]+$/i )
{
$is_valid = 0;
print "Invalid scan name
\n";
}
my $system = $query->param('system');
if( $system ne "" && $system !~ /^[A-Z0-9]{32}$/ )
{
$is_valid = 0;
print "Invalid system tracker
\n";
# if no arguments are given
if( $system eq "" && $scanname eq "" )
{
my %scans = ();
print "On this screen, you can: \n";
print "
Select a scan to view the false positives associated with its systems
\n";
print "
After selecting a scan, reverse false positives so they display in results
\n";
print "\n";
}
# if scanname is given as an argument, but not system
elsif( $scanname ne "" && $system eq "" )
{
print "Select a system in scan \"$scanname\" to view its detailed false positives:
\n";
print "\n";
}
elsif( $scantype =~ /^(mssql_agentless|mysql_agentless|oracle_agentless)$/ )
{
print "Select a false positive to clear for database server $ip";
if( $hostname ne "" )
{
print " ($hostname)";
}
print " in scan \"$scanname\":
\n";
my $string = "SELECT type,pattern,db,tbl,col,row,number FROM results WHERE scan=? AND tracker=? AND is_false = \"1\"";
my $sth = $dbh->prepare( $string );
$sth->execute( $scanname, $system );
my $row_counter = 1;
print "\n";
}
}
}
footer();
sub header
{
print "Content-type: text/html\n\n";
print "\n\n";
print "OpenDLP $version\n";
print "\n";
print "\n";
print "\n";
print "\n";
print "\n";
print qq {
};
print "\n";
print "\n";
print '