webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-09 18:45:54 +02:00
Code Issues Packages Projects Releases Wiki Activity
21,709 Commits 2 Branches 1 Tag
61deed354b3efbb7918eaae8991f10232b07d164
Commit Graph

263 Commits

Author SHA1 Message Date
Vincent Li
13dfd638bf ids.cgi: Fixes bug 13878 
commit 61f447ff341d2f7720fb6c5b483cc9fb063e869c
Author: Michael Tremer <michael.tremer@ipfire.org>
Date:   Thu Sep 25 17:07:36 2025 +0200

    ids.cgi: Escape the remark before sending it back to the browser

    Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit f0015fefe6d2523c5bb9818fa6aeeb064f6e45db
Author: Adolf Belka <adolf.belka@ipfire.org>
Date:   Thu Sep 25 13:12:38 2025 +0200

    ids.cgi: Fixes bug 13878

    Fixes: bug 13878 - IGNORE_ENTRY_REMARK Stored Cross-Site Scripting
    Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
    Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org>
    Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
 2025-10-03 22:39:08 +00:00
Stefan Schantl
1a9e81ce7f ids.cgi: Remove etag data when deleting a provider. 
Otherwise the same provider could not be added again at a later
time if the stored etag is still valid.

In this case the server will not offer the rules and the provider
could not be added.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-04-26 05:24:47 +02:00
Stefan Schantl
1febad2ad4 ids.cgi: Avoid doubble locking the page when forcing a ruleset update. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-04-22 05:45:56 +02:00
Stefan Schantl
07dc722f61 ids.cgi: Make the page lock in oinkmaster_web() function optional. 
This allows to call and release the page lock manually.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-04-22 05:44:23 +02:00
Stefan Schantl
eaf5364413 ids.cgi: Disable manual update button if a provider is not longer 
supported.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-04-17 15:21:20 +02:00
Stefan Schantl
6bef05b9ed ids.cgi: Proper handle providers which are not longer supported. 
They will be shown with a different background colour to get the users
attention.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-04-17 15:03:56 +02:00
Stefan Schantl
da5c7c24f0 ids.cgi: Remove orphaned headline. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-04-16 16:02:28 +02:00
Stefan Schantl
5bad33e9a4 ids.cgi: Display return code on download error, when adding a new 
provider.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-04-16 15:32:27 +02:00
Stefan Schantl
00271ed769 ids.cgi: Handle "Not modified" when forcing an ruleset update. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-04-16 15:30:03 +02:00
Stefan Schantl
b645f7fc86 ids.cgi: Do not longer use hard-coded status messages in 
oinkmaster_web() function.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-04-16 15:12:58 +02:00
Stefan Schantl
a15c9b16b4 IDS: Move autoupdate logic to cron. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-04-15 05:59:33 +02:00
Stefan Schantl
2f154264a0 ids.cg: Regeneate ruleset if the ruleset action (mode) of a provider 
get changed.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-04-14 05:16:25 +02:00
Stefan Schantl
149a3291df ids.cgi: Do not double display a working notice when removing a ruleset 
provider.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-04-11 05:47:15 +02:00
Stefan Schantl
faa8c62f63 ids.cgi: Use new oinkmaster_web function instead the silent one from 
ids-functions.

This will print some nice status messages while the page is locked and
the IDS rules get regenerated/altered.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-04-10 11:25:36 +02:00
Stefan Schantl
44d41fd692 ids.cgi: Add oinkmaster_web () function. 
This function is used to regenerate the entire ruleset similar to the
one from ids-functions, but is enhanced to print additional status
messages.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-04-10 11:23:49 +02:00
Stefan Schantl
1aaa347774 ids.cgi: Allow to split working_notice function into two parts. 
This allows to open the notice and close it at a later time.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-04-10 11:19:41 +02:00
Stefan Schantl
25652a75d4 ids.cgi: Keep IDS/IPS mode settings when enabling/disabling a provider 
or autoupdate for it.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-04-10 11:17:05 +02:00
Stefan Schantl
30c4a9ff35 ids.cgi: Adjust code to use new used-rulesfiles backend. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-04-09 15:00:21 +02:00
Stefan Schantl
fa7663a1b5 ids.cgi: Remove newly added provider if the rules could not be 
downloaded.

When adding a new provider and in case the rules file or tarball can not
be downloaded, the provider remains as configured.

To avoid that, the provider needs to be removed again.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-03-26 12:26:35 +01:00
Stefan Schantl
432b8ed21e ids.cgi: Drop last fragments from old modify sids backend. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-03-26 11:54:19 +01:00
Stefan Schantl
443ad51d1c ids.cgi: Allow to configure IDS/IPS mode individually for each provider. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-03-26 11:37:21 +01:00
Stefan Schantl
4c98be8bd2 ids.cgi: Use new provider modifications backend. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-03-26 11:37:02 +01:00
Stefan Schantl
9f353f8518 ids.cgi: Use new backend to store the ruleset modifications of a 
provider.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-03-26 11:36:44 +01:00
Matthias Fischer
834227f2c8 ids.cgi: Added topic for ruleset actions 
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2022-03-14 15:15:39 +00:00
Matthias Fischer
800290ce2a ids.cgi: Fixed trivial typos in comment 
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2022-03-14 15:15:17 +00:00
Stefan Schantl
18f0991c35 ids.cgi: Only read-in ignored hosts, if the ignore file exists. 
Otherwise the CGI will crash.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2022-03-07 18:50:45 +00:00
Peter Müller
1b939d0ecc ids.cgi: Fix unmatched curly bracket and trailing whitespaces 
The former causes this CGI to crash with an HTTP error 500.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
 2022-01-29 17:07:34 +00:00
Stefan Schantl
0f1d0b9c3c ids.cgi: Use experimental smartmatch. 
This will prevent from spawning the http error log with warnings.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:23:45 +01:00
Stefan Schantl
4d438241c3 ids.cgi: Do not expect a space after the msg tag has been closed while 
processing rules.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:23:45 +01:00
Stefan Schantl
14696ced7e ids.cgi: Always write used providers rulefiles file. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:23:45 +01:00
Stefan Schantl
258924ee79 ids.cgi: Add the provider handle if the forced update of a provider 
fails.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:23:45 +01:00
Stefan Schantl
969983eba4 ids.cgi: Add some more sanity checks when adding a new provider. 
* Check if the system is online.
* Check if enough free disk space is available.
* Abort whith an error message if the ruleset could not be
  downloaded.

In error case the provider now will be removed again from the file which
keeps the configured providers. Sadly it needs to be added first because
otherwise the downloader could not read the required values from it.....

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:23:45 +01:00
Stefan Schantl
214f34ec4e ids.cgi: Use newly intruduced functions when removing a provider. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:23:45 +01:00
Stefan Schantl
63cf95af3f ids.cgi: Introduce remove_provider(). 
This function is used to remove a configured provider by it's ID.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:23:45 +01:00
Stefan Schantl
697787c930 ids.cgi: Introduce get_provider_handle(). 
This function is used to get the configured provider handle by a a given ID.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:23:45 +01:00
Stefan Schantl
1e52a25825 ids.cgi: Regenerate ruleset if a provider get re-enabled. 
Otherwise it could happen, that there are no rules files for this
specific provider.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:23:45 +01:00
Stefan Schantl
724f98c086 ids.cgi: Fix check when changing the IDS to monitor mode or drop mode. 
The test condition was wrong here and therefore oinkmaster never has
been executed when this setting has been changed.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:23:45 +01:00
Stefan Schantl
7131a7bd94 ids.cgi: Allow whitespaces when parsing the rules files. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:23:44 +01:00
Stefan Schantl
ded4348d0d ids.cgi: Do not expect a space before the sid when parsing rulefiles. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:23:44 +01:00
Stefan Schantl
4015d3f499 ids.cgi: Sort elements in providers dropdown menu. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:23:44 +01:00
Stefan Schantl
69b3156f74 IDS: Move read_enabled_disabled_sids_file() function to ids-functions.pl. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:23:44 +01:00
Stefan Schantl
515a694d1c ids.cgi: Add code to handle the reset of a provider to it's defaults. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:23:43 +01:00
Stefan Schantl
f3d421a3b1 ids.cgi: Make backend code for forced ruleset update working again. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:23:43 +01:00
Stefan Schantl
962e58cdd4 ids.cgi: Add section for additional provider actions. 
This section only will be displayed when an existing provider will be
edited and allows to reset a provider back to it's defaults or to force
a ruleset update.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:23:43 +01:00
Stefan Schantl
7e1a09f925 ids.cgi: Fix display issue with colum backgound colour in provider list. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:23:43 +01:00
Stefan Schantl
0c5b2f6da3 ids.cgi: Handle oinkmaster provider includes when deleting a provider. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:23:43 +01:00
Stefan Schantl
ce40fddefc ids.cgi: Fix function call of get_used_provider_rulesfile_file(). 
The function is locatated in the IDS module and therefore needs to be
called from there.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:23:43 +01:00
Stefan Schantl
eade546821 ids.cgi: Add/Remove provider file include in oinkmaster providers 
include file when toggeling a provider.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:23:43 +01:00
Stefan Schantl
5d523e4161 ids.cgi: Use get_oinkmaster_provider_modified_sids_file() function. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:23:43 +01:00
Stefan Schantl
15832b10c2 IDS: Redesign backend for enabled/disabled sids in rulefiles. 
The enabled or disabled sids now will be written to an own
provider exclusive configuration file which dynamically will
be included by oinkmaster if needed.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2021-12-19 13:23:43 +01:00