diff -Nru acidlab-0.9.6b20-12/acid_signature.inc.orig acidlab-0.9.6b20-13/acid_signature.inc.orig --- acidlab-0.9.6b20-12/acid_signature.inc.orig 2005-10-31 00:29:57.000000000 +0100 +++ acidlab-0.9.6b20-13/acid_signature.inc.orig 1970-01-01 01:00:00.000000000 +0100 @@ -1,276 +0,0 @@ -, - * - * Copyright (C) 2001 Carnegie Mellon University - * (see the file 'acid_main.php' for license details) - * - * Purpose: Handles signatures and references in the - * Snort signature language - */ - -function GetSignatureName($sig_id, $db) -{ - $name = ""; - - $temp_sql = "SELECT sig_name FROM signature WHERE sig_id='$sig_id'"; - $tmp_result = $db->acidExecute($temp_sql); - if ( $tmp_result ) - { - $myrow = $tmp_result->acidFetchRow(); - $name = $myrow[0]; - $tmp_result->acidFreeRows(); - } - else - $name = "[SigName unknown]"; - - return $name; -} - -function GetSignaturePriority($sig_id, $db) -{ - $priority = ""; - - $temp_sql = "SELECT sig_priority FROM signature WHERE sig_id='$sig_id'"; - $tmp_result = $db->acidExecute($temp_sql); - if ( $tmp_result ) - { - $myrow = $tmp_result->acidFetchRow(); - $priority = $myrow[0]; - - $tmp_result->acidFreeRows(); - } - else - $priority = "[SigPriority unknown]"; - - return $priority; -} - -function GetSignatureID($sig_id, $db) -{ - $id = ""; - - if ( $sig_id == "" ) - return $id; - - $temp_sql = "SELECT sig_id FROM signature WHERE sig_name='$sig_id'"; - if ($db->DB_type == "mssql") - $temp_sql = "SELECT sig_id FROM signature WHERE sig_name LIKE '".MssqlKludgeValue($sig_id)."' "; - - $tmp_result = $db->acidExecute($temp_sql); - if ( $tmp_result ) - { - $myrow = $tmp_result->acidFetchRow(); - $id = $myrow[0]; - $tmp_result->acidFreeRows(); - } - - return $id; -} - -function GetRefSystemName($ref_system_id, $db) -{ - if ( $ref_system_id == "" ) - return ""; - - $ref_system_name = ""; - - $tmp_sql = "SELECT ref_system_name FROM reference_system WHERE ref_system_id='".$ref_system_id."'"; - $tmp_result = $db->acidExecute($tmp_sql); - if ( $tmp_result ) - { - $myrow = $tmp_result->acidFetchRow(); - $ref_system_name = $myrow[0]; - $tmp_result->acidFreeRows(); - } - - return $ref_system_name; -} - -function GetSingleSignatureReference($ref_system, $ref_tag, $style) -{ - $tmp_ref_system_name = strtolower($ref_system); - if ( in_array($tmp_ref_system_name, array_keys($GLOBALS['external_sig_link'])) ) - { - if ( $style == 1 ) - return "[". - "".$ref_system."". - "]"; - else if ( $style == 2 ) - return "[".$ref_system."/$ref_tag] "; - } - else - { - return $ref_system; - } -} - -function GetSignatureReference($sig_id, $db, $style) -{ - $ref = ""; - - $temp_sql = "SELECT ref_seq, ref_id FROM sig_reference WHERE sig_id='".$sig_id."'"; - $tmp_sig_ref = $db->acidExecute($temp_sql); - - if ( $tmp_sig_ref ) - { - $num_references = $tmp_sig_ref->acidRecordCount(); - for ( $i = 0; $i < $num_references; $i++) - { - $mysig_ref = $tmp_sig_ref->acidFetchRow(); - - $temp_sql = "SELECT ref_system_id, ref_tag FROM reference WHERE ref_id='".$mysig_ref[1]."'"; - $tmp_ref_tag = $db->acidExecute($temp_sql); - - if ( $tmp_ref_tag ) - { - $myrow = $tmp_ref_tag->acidFetchRow(); - $ref_tag = $myrow[1]; - $ref_system = GetRefSystemName($myrow[0], $db); - } - - $ref = $ref.GetSingleSignatureReference($ref_system, $ref_tag, $style); - - /* Automatically add an ICAT reference is a CVE reference exists */ - if ( $ref_system == "cve" ) - $ref = $ref.GetSingleSignatureReference("icat", $ref_tag, $style); - - $tmp_ref_tag->acidFreeRows(); - } - $tmp_sig_ref->acidFreeRows(); - } - - if ( $db->acidGetDBVersion() >= 103 ) - { - $tmp_sql = "SELECT sig_sid FROM signature WHERE sig_id='".$sig_id."'"; - $tmp_sig_sid = $db->acidExecute($tmp_sql); - - if ( $tmp_sig_sid ) - { - $myrow = $tmp_sig_sid->acidFetchRow(); - $sig_sid = $myrow[0]; - } - } - else - $sig_sid = ""; - - $href = ""; - - /* snort.org should be documenting all official signatures, - * so automatically add a link - */ - if ( $sig_sid != "") - $ref = $ref.GetSingleSignatureReference("snort", $sig_sid, $style); - - return $ref; -} - -function BuildSigLookup($signature, $style) -/* - Paul Harrington : reference URL links - * - Michael Bell : links for IP address in spp_portscan alerts - */ -{ - if ($style == 2) - return $signature; - - /* create hyperlinks for references */ - $pattern=array("/(IDS)(\d+)/", - "/(IDS)(0+)(\d+)/", - "/BUGTRAQ ID (\d+)/", - "/MCAFEE ID (\d+)/", - "/(CVE-\d+-\d+)/"); - - $replace=array("\\1\\2", - "\\1\\2\\3", - "BUGTRAQ ID \\1", - "MCAFEE ID \\1", - "\\1"); - - $msg = preg_replace($pattern, $replace, $signature); - - /* fixup portscan message strings */ - if ( stristr($msg, "spp_portscan") ) - { - /* replace "spp_portscan: portscan status" => "spp_portscan" */ - $msg = preg_replace("/spp_portscan: portscan status/", "spp_portscan", $msg); - - /* replace "spp_portscan: PORTSCAN DETECTED" => "spp_portscan detected" */ - $msg = preg_replace("/spp_portscan: PORTSCAN DETECTED/", "spp_portscan detected", $msg); - - /* create hyperlink for IP addresses in portscan alerts */ - $msg = preg_replace("/([0-9]*\.[0-9]*\.[0-9]*\.[0-9]*)/", - "\\1", - $msg); - } - - return $msg; -} - -function BuildSigByID($sig_id, $db, $style = 1) -/* - * sig_id: DB schema dependent - * - < v100: a text string of the signature - * - > v100: an ID (key) of a signature - * db : database handle - * style : how should the signature be returned? - * - 1: (default) HTML - * - 2: text - * - * RETURNS: a formatted signature and the associated references - */ -{ - if ( $db->acidGetDBVersion() >= 100 ) - { - /* Catch the odd circumstance where $sig_id is still an alert text string - * despite using normalized signature as of DB version 100. - */ - if ( !is_numeric($sig_id) ) - return $sig_id; - $sig_name = GetSignatureName($sig_id, $db); - if ( $sig_name != "" ) - return GetSignatureReference($sig_id, $db, $style)." ".BuildSigLookup($sig_name, $style); - else - { - if ( $style == 1 ) - return "($sig_id)Unknown Sig Name"; - else - return "($sig_id) Unknown Sig Name"; - } - } - else - return BuildSigLookup($sig_id, $style); -} - -function GetSigClassID($sig_id, $db) -{ - $sql = "SELECT sig_class_id FROM signature ". - "WHERE sig_id = '$sig_id'"; - - $result = $db->acidExecute($sql); - $row = $result->acidFetchRow(); - - return $row[0]; -} - -function GetSigClassName ($class_id, $db) -{ - if ( $class_id == "" ) - return "unclassified"; - - $sql = "SELECT sig_class_name FROM sig_class ". - "WHERE sig_class_id = '$class_id'"; - $result = $db->acidExecute($sql); - - $row = $result->acidFetchRow(); - if ( $row == "" ) - return "unclassified"; - else - return $row[0]; -} - -?> diff -Nru acidlab-0.9.6b20-12/debian/acidlab.010.diff acidlab-0.9.6b20-13/debian/acidlab.010.diff --- acidlab-0.9.6b20-12/debian/acidlab.010.diff 2005-10-31 00:29:57.000000000 +0100 +++ acidlab-0.9.6b20-13/debian/acidlab.010.diff 2006-05-02 13:11:25.000000000 +0200 @@ -4,7 +4,7 @@ $external_sig_link = array("bugtraq" => array("http://www.securityfocus.com/bid/", ""), "snort" => array("http://www.snort.org/snort-db/sid.html?sid=", ""), "cve" => array("http://cve.mitre.org/cgi-bin/cvename.cgi?name=", ""), -+ "nessus" => array("http://cgi.nessus.org/plugins/dump.php3?id=", ""), ++ "nessus" => array("http://www.nessus.org/plugins/index.php?view=single&id=", ""), "arachnids" => array("http://www.whitehats.com/info/ids", ""), "mcafee" => array("http://vil.nai.com/vil/content/v_", ".htm"), "icat" => array("http://icat.nist.gov/icat.cfm?cvename=", "")); diff -Nru acidlab-0.9.6b20-12/debian/acidlab.013.diff acidlab-0.9.6b20-13/debian/acidlab.013.diff --- acidlab-0.9.6b20-12/debian/acidlab.013.diff 1970-01-01 01:00:00.000000000 +0100 +++ acidlab-0.9.6b20-13/debian/acidlab.013.diff 2006-05-02 13:11:25.000000000 +0200 @@ -0,0 +1,291 @@ +diff -Nru acidlab-0.9.6b20.orig/acid_ag_main.php acidlab-0.9.6b20/acid_ag_main.php +--- acidlab-0.9.6b20.orig/acid_ag_main.php 2005-10-31 00:29:57.000000000 +0100 ++++ acidlab-0.9.6b20/acid_ag_main.php 2005-10-31 00:25:33.000000000 +0100 +@@ -31,12 +31,11 @@ + + + $qs = new QueryState(); +- $submit = ImportHTTPVar("submit"); +- $ag_action = ImportHTTPVar("ag_action"); +- $ag_id = ImportHTTPVar("ag_id"); +- $ag_name = ImportHTTPVar("ag_name"); +- $ag_desc = ImportHTTPVar("ag_desc"); +- ++ $submit = ImportHTTPVar("submit", VAR_ALPHA | VAR_SPACE); ++ $ag_action = ImportHTTPVar("ag_action", VAR_ALPHA); ++ $ag_id = ImportHTTPVar("ag_id", VAR_DIGIT); ++ $ag_name = filterSql(ImportHTTPVar("ag_name")); ++ $ag_desc = filterSql(ImportHTTPVar("ag_desc")); + + //$qs->MoveView($submit); /* increment the view if neccessary */ + +diff -Nru acidlab-0.9.6b20.orig/acid_common.php acidlab-0.9.6b20/acid_common.php +--- acidlab-0.9.6b20.orig/acid_common.php 2005-10-31 00:29:57.000000000 +0100 ++++ acidlab-0.9.6b20/acid_common.php 2005-10-30 23:37:21.000000000 +0100 +@@ -564,9 +564,10 @@ + $submit = str_replace("(", "", $submit); + $submit = str_replace(")", "", $submit); + $tmp = explode("-", $submit); +- $seq = $tmp[0]; +- $sid = $tmp[1]; +- $cid = $tmp[2]; ++ /* Since the submit variable is not cleaned do so here: */ ++ $seq = CleanVariable($tmp[0], VAR_DIGIT); ++ $sid = CleanVariable($tmp[1], VAR_DIGIT); ++ $cid = CleanVariable($tmp[2], VAR_DIGIT); + } + + function ExportPacket($sid, $cid, $db) +diff -Nru acidlab-0.9.6b20.orig/acid_db_setup.php acidlab-0.9.6b20/acid_db_setup.php +--- acidlab-0.9.6b20.orig/acid_db_setup.php 2005-10-31 00:31:43.000000000 +0100 ++++ acidlab-0.9.6b20/acid_db_setup.php 2005-10-31 00:29:25.000000000 +0100 +@@ -31,7 +31,7 @@ + ACTION="acid_db_setup.php"> + + GetBackLink()); +diff -Nru acidlab-0.9.6b20.orig/acid_maintenance.php acidlab-0.9.6b20/acid_maintenance.php +--- acidlab-0.9.6b20.orig/acid_maintenance.php 2005-10-31 00:29:57.000000000 +0100 ++++ acidlab-0.9.6b20/acid_maintenance.php 2005-10-30 23:54:05.000000000 +0100 +@@ -25,7 +25,7 @@ + $page_title = "Maintenance"; + PrintACIDSubHeader($page_title, $page_title, $cs->GetBackLink()); + +- $submit = ImportHTTPVar("submit"); ++ $submit = ImportHTTPVar("submit", VAR_ALPHA | VAR_SPACE); + + ?> +

+diff -Nru acidlab-0.9.6b20.orig/acid_qry_alert.php acidlab-0.9.6b20/acid_qry_alert.php +--- acidlab-0.9.6b20.orig/acid_qry_alert.php 2005-10-31 00:29:57.000000000 +0100 ++++ acidlab-0.9.6b20/acid_qry_alert.php 2005-10-31 00:29:08.000000000 +0100 +@@ -100,7 +100,7 @@ + * get the (sid,cid) back from $caller + */ + if ( $submit == "Selected" ) +- $submit = ImportHTTPVar("caller"); ++ $submit = ImportHTTPVar("caller"); /* Do not filter this call, will get filtered in GetQueryResultID */ + else + $caller = $submit; + +diff -Nru acidlab-0.9.6b20.orig/acid_qry_main.php acidlab-0.9.6b20/acid_qry_main.php +--- acidlab-0.9.6b20.orig/acid_qry_main.php 2005-10-31 00:29:57.000000000 +0100 ++++ acidlab-0.9.6b20/acid_qry_main.php 2005-10-30 23:54:25.000000000 +0100 +@@ -71,7 +71,7 @@ + $cs = new CriteriaState("acid_qry_main.php", "&new=1&submit=Query+DB"); + + $new = ImportHTTPVar("new", VAR_DIGIT); +- $submit = ImportHTTPVar("submit"); ++ $submit = ImportHTTPVar("submit", VAR_ALPHA | VAR_SPACE); + + /* Code to correct 'interesting' (read: unexplained) browser behavior */ + +diff -Nru acidlab-0.9.6b20.orig/acid_state_common.inc acidlab-0.9.6b20/acid_state_common.inc +--- acidlab-0.9.6b20.orig/acid_state_common.inc 2005-10-31 00:29:57.000000000 +0100 ++++ acidlab-0.9.6b20/acid_state_common.inc 2005-10-31 00:04:00.000000000 +0100 +@@ -102,8 +102,6 @@ + ************************************************************************/ + function CleanVariable($item, $valid_data, $exception = "") + { +- return $item; +- + /* Check the exception value list first */ + if ( $exception != "" ) + { +@@ -279,4 +277,73 @@ + echo "\n"; + } + ++/* *********************************************************************** ++ * Function: checkAlpha() ++ * ++ * @doc Checks that all characteres are alphanumeric. Returns ERROR if they ++ * are not and the values themselves if they are. ++ * ++ * @param $var_value value of the variable to test ++ * ++ * ++ ************************************************************************/ ++function checkAlpha ($var_value) ++{ ++ if (ereg('[^a-zA-z0-9]', $var_value)) { ++ return "ERROR"; ++ } ++ return $var_value; ++} ++ ++/* *********************************************************************** ++ * Function: checkNum() ++ * ++ * @doc Checks that all characteres are numeric. Returns ERROR if they ++ * are not and the values themselves if they are. ++ * ++ * @param $var_value value of the variable to test ++ * ++ * ++ ************************************************************************/ ++function checkNum ($var_value) ++{ ++ if (ereg('[^0-9]', $var_value)) { ++ return "ERROR"; ++ } ++ return $var_value; ++} ++ ++/* *********************************************************************** ++ * Function: filterSql() ++ * ++ * @doc Filters the input string so that it can be safely used in SQL queries. ++ * ++ * @param $var_value value of the variable to filter ++ * ++ * ++ ************************************************************************/ ++function filterSql ($var_value) ++{ ++ /* This is the default, so strip slashes in case the server is configured with this ++ to prevent double quoting */ ++ if (get_magic_quotes_gpc()) { ++ $var_value = stripslashes($var_value); ++ } ++ if (!is_numeric($var_value)) { ++ if ($db->DB_type == "mysql") { ++ if(version_compare(phpversion(),"4.3.0")=="-1") { ++ $var_value = mysql_escape_string($var_value); ++ } else { ++ $var_value = mysql_real_escape_string($var_value); ++ } ++ } else { ++ /* In other databases, strip the following: \ _ % () {} - ; others are quoted */ ++ $var_value = ereg_replace ("[\\_%\(\){}-;,]", "", $var_value); ++ $var_value = addslashes ($var_value); ++ } ++ } ++ return $var_value; ++} ++ ++ + ?> +diff -Nru acidlab-0.9.6b20.orig/acid_stat_ipaddr.php acidlab-0.9.6b20/acid_stat_ipaddr.php +--- acidlab-0.9.6b20.orig/acid_stat_ipaddr.php 2005-10-31 00:29:57.000000000 +0100 ++++ acidlab-0.9.6b20/acid_stat_ipaddr.php 2005-10-31 00:09:48.000000000 +0100 +@@ -28,10 +28,10 @@ + $cs = new CriteriaState("acid_stat_ipaddr.php"); + $cs->ReadState(); + +- $ip = ImportHTTPVar("ip"); +- $netmask = ImportHTTPVar("netmask"); +- $action = ImportHTTPVar("action"); +- $submit = ImportHTTPVar("submit"); ++ $ip = ImportHTTPVar("ip", VAR_DIGIT | VAR_PERIOD); ++ $netmask = ImportHTTPVar("netmask", VAR_DIGIT); ++ $action = ImportHTTPVar("action", VAR_ALPHA); ++ $submit = ImportHTTPVar("submit", VAR_ALPHA | VAR_SPACE); + + $page_title = $ip.'/'.$netmask; + PrintACIDSubHeader($page_title, $page_title, $cs->GetBackLink()); +diff -Nru acidlab-0.9.6b20.orig/acid_stat_iplink.php acidlab-0.9.6b20/acid_stat_iplink.php +--- acidlab-0.9.6b20.orig/acid_stat_iplink.php 2005-10-31 00:29:57.000000000 +0100 ++++ acidlab-0.9.6b20/acid_stat_iplink.php 2005-10-31 00:13:10.000000000 +0100 +@@ -30,7 +30,7 @@ + $qs->AddCannedQuery("most_frequent", $freq_num_alerts, "Most Frequent Alerts", "occur_d"); + $qs->AddCannedQuery("last_alerts", $last_num_ualerts, "Last Alerts", "last_d"); + +- $submit = ImportHTTPVar("submit"); ++ $submit = ImportHTTPVar("submit", VAR_ALPHA | VAR_SPACE); + $qs->MoveView($submit); /* increment the view if necessary */ + + $page_title = "IP Links"; +diff -Nru acidlab-0.9.6b20.orig/acid_stat_ports.php acidlab-0.9.6b20/acid_stat_ports.php +--- acidlab-0.9.6b20.orig/acid_stat_ports.php 2002-02-05 20:55:56.000000000 +0100 ++++ acidlab-0.9.6b20/acid_stat_ports.php 2005-10-31 00:15:56.000000000 +0100 +@@ -39,9 +39,9 @@ + $qs->AddCannedQuery("most_frequent", $freq_num_uports, "Most Frequent Ports", "occur_d"); + $qs->AddCannedQuery("last_ports", $last_num_uports, "Last Ports", "last_d"); + +- $submit = ImportHTTPVar("submit"); +- $port_type = ImportHTTPVar("port_type"); +- $proto = ImportHTTPVar("proto"); ++ $submit = ImportHTTPVar("submit", VAR_ALPHA | VAR_SPACE); ++ $port_type = ImportHTTPVar("port_type", VAR_DIGIT); ++ $proto = ImportHTTPVar("proto", VAR_DIGIT); + + $qs->MoveView($submit); /* increment the view if necessary */ + +diff -Nru acidlab-0.9.6b20.orig/acid_stat_time.php acidlab-0.9.6b20/acid_stat_time.php +--- acidlab-0.9.6b20.orig/acid_stat_time.php 2005-10-31 00:29:57.000000000 +0100 ++++ acidlab-0.9.6b20/acid_stat_time.php 2005-10-31 00:21:31.000000000 +0100 +@@ -114,9 +114,9 @@ + include_once ("acid_stat_common.php"); + include_once ("acid_qry_common.php"); + +- $time_sep = ImportHTTPVar("time_sep"); +- $time = ImportHTTPVar("time"); +- $submit = ImportHTTPVar("submit"); ++ $time_sep = ImportHTTPVar("time_sep", VAR_ALPHA); ++ $time = ImportHTTPVar("time", VAR_DIGIT); ++ $submit = ImportHTTPVar("submit", VAR_ALPHA | VAR_SPACE); + + $cs = new CriteriaState("acid_stat_alerts.php"); + $cs->ReadState(); +diff -Nru acidlab-0.9.6b20.orig/acid_stat_uaddr.php acidlab-0.9.6b20/acid_stat_uaddr.php +--- acidlab-0.9.6b20.orig/acid_stat_uaddr.php 2005-10-31 00:29:57.000000000 +0100 ++++ acidlab-0.9.6b20/acid_stat_uaddr.php 2005-10-31 00:24:17.000000000 +0100 +@@ -28,8 +28,8 @@ + include_once("acid_common.php"); + include_once("acid_qry_common.php"); + +- $addr_type = ImportHTTPVar("addr_type"); +- $submit = ImportHTTPVar("submit"); ++ $addr_type = ImportHTTPVar("addr_type", VAR_DIGIT); ++ $submit = ImportHTTPVar("submit", VAR_ALPHA | VAR_SPACE); + + $et = new EventTiming($debug_time_mode); + $cs = new CriteriaState("acid_stat_uaddr.php", "&addr_type=$addr_type"); diff -Nru acidlab-0.9.6b20-12/debian/acidlab.014.diff acidlab-0.9.6b20-13/debian/acidlab.014.diff --- acidlab-0.9.6b20-12/debian/acidlab.014.diff 1970-01-01 01:00:00.000000000 +0100 +++ acidlab-0.9.6b20-13/debian/acidlab.014.diff 2006-05-02 13:11:25.000000000 +0200 @@ -0,0 +1,30 @@ +diff -Nru acidlab-0.9.6b20-12/acid_state_citems.inc acidlab-0.9.6b20/acid_state_citems.inc +--- acidlab-0.9.6b20-12/acid_state_citems.inc 2005-10-31 00:29:57.000000000 +0100 ++++ acidlab-0.9.6b20/acid_state_citems.inc 2005-10-31 17:36:12.000000000 +0100 +@@ -737,7 +737,10 @@ + echo '