From 59fa5883b4cd636d78aad8c30caeff493123b571 Mon Sep 17 00:00:00 2001
From: Tomas Plesnik <plesnik@ics.muni.cz>
Date: Wed, 18 Mar 2015 16:59:06 +0100
Subject: [PATCH] uprava info hlasek a doplneni komentaru
---
src/warden-server/lib/Warden.pm | 30 ++++++++++++++++--------------
1 file changed, 16 insertions(+), 14 deletions(-)
diff --git a/src/warden-server/lib/Warden.pm b/src/warden-server/lib/Warden.pm
index 84da266..c7d1b71 100755
--- a/src/warden-server/lib/Warden.pm
+++ b/src/warden-server/lib/Warden.pm
@@ -206,7 +206,7 @@ sub saveNewEvent
my $valid = 't'; # registered sender has valid events
my $received = DateTime->now; # time of event delivery (UTC)
- # parse object (event) parameters
+ # parse object (event) item
my $service = $data->{'SERVICE'};
my $detected = $data->{'DETECTED'};
my $type = $data->{'TYPE'};
@@ -222,31 +222,33 @@ sub saveNewEvent
# authorize incoming client
my %client = authorizeClient($alt_names, $ip, $service, $client_type, $function_name);
if (defined %client) {
+ # log incoming event
sendMsg("debug",
"Incoming event: [client_id: '$client{'client_id'}', service: '$service', detected: '$detected', type: '$type', source_type: '$source_type', source: '$source', target_proto: '$target_proto', target_port: '$target_port', attack_scale: '$attack_scale', note: '$note', priority: '$priority', timeout: '$timeout']",
undef);
- # check event entries 'event_type' and 'source_type' (based on VALIDATION HASH)
- if (%WardenCommon::VALID_STRINGS) { # check if hash is not empty - use VALIDATION HASH
+ # check event item: 'detected'
+ # http://my.safaribooksonline.com/book/programming/regular-expressions/9780596802837/4dot-validation-and-formatting/id2983571
+ if ($detected !~ /^((?:[1-9][0-9]*)?[0-9]{4})-(1[0-2]|0[1-9])-(3[0-1]|0[1-9]|[1-2][0-9])T(2[0-3]|[0-1][0-9]):([0-5][0-9]):([0-5][0-9])(\.[0-9]+)?(Z|[+-](?:2[0-3]|[0-1][0-9]):[0-5][0-9])?/) {
+ sendMsg("err",
+ "Unknown item 'detected' from client '$client{'client_id'}': '$detected'",
+ "Unknown detected time format: '$detected'");
+ }
+
+ # check event item: 'event_type' and 'source_type' (based on VALIDATION HASH)
+ if (%WardenCommon::VALID_STRINGS) {
if (!(exists $WardenCommon::VALID_STRINGS{'type'} && grep $type eq $_, @{$WardenCommon::VALID_STRINGS{'type'}})) {
sendMsg("err",
- "Unknown event_type from client '$client{'client_id'}': '$type'",
+ "Unknown item 'event_type' from client '$client{'client_id'}': '$type'",
"Unknown event type: '$type'");
} elsif (!(exists $WardenCommon::VALID_STRINGS{'source_type'} && grep $source_type eq $_, @{$WardenCommon::VALID_STRINGS{'source_type'}})) {
sendMsg("err",
- "Unknown source_type from client '$client{'client_id'}': '$source_type'",
+ "Unknown item 'source_type' from client '$client{'client_id'}': '$source_type'",
"Unknown source type: '$source_type'");
}
}
- # http://my.safaribooksonline.com/book/programming/regular-expressions/9780596802837/4dot-validation-and-formatting/id2983571
- if ($detected !~ /^((?:[1-9][0-9]*)?[0-9]{4})-(1[0-2]|0[1-9])-(3[0-1]|0[1-9]|[1-2][0-9])T(2[0-3]|[0-1][0-9]):([0-5][0-9]):([0-5][0-9])(\.[0-9]+)?(Z|[+-](?:2[0-3]|[0-1][0-9]):[0-5][0-9])?/) {
- sendMsg("err",
- "Unknown detected time format from client '$client{'client_id'}': '$detected'",
- "Unknown detected time format: '$detected'");
- }
-
- # check other event entries
+ # check event items: target_port, attack_scale, priority, timeout
my @change_list;
if (defined $target_port && $target_port !~ /^\d+\z/) {
push(@change_list, "target_port: '$target_port'");
@@ -271,7 +273,7 @@ sub saveNewEvent
my $change_string = join(", ", @change_list);
unless ($change_string eq "") {
sendMsg("info",
- "Unknown other event entries from client '$client{'client_id'}': ($change_string)",
+ "Unknown other event items from client '$client{'client_id'}': ($change_string)",
undef);
}
--
GitLab