uprava info hlasek a doplneni komentaru

59fa5883 · Tomáš Plesník · 2d1d429a · 59fa5883
Commit 59fa5883 authored 10 years ago by Tomáš Plesník
--- a/src/warden-server/lib/Warden.pm
+++ b/src/warden-server/lib/Warden.pm
@@ -206,7 +206,7 @@ sub saveNewEvent
  my $valid		= 't';			# registered sender has valid events
  my $received		= DateTime->now;	# time of event delivery (UTC)

-  # parse object (event) parameters
+  # parse object (event) item
  my $service		= $data->{'SERVICE'};
  my $detected		= $data->{'DETECTED'};
  my $type		= $data->{'TYPE'};
@@ -222,31 +222,33 @@ sub saveNewEvent
  # authorize incoming client
  my %client = authorizeClient($alt_names, $ip, $service, $client_type, $function_name);
  if (defined %client) {
+    # log incoming event
    sendMsg("debug",
            "Incoming event: [client_id: '$client{'client_id'}', service: '$service', detected: '$detected', type: '$type', source_type: '$source_type', source: '$source', target_proto: '$target_proto', target_port: '$target_port', attack_scale: '$attack_scale', note: '$note', priority: '$priority', timeout: '$timeout']",
             undef);

-    # check event entries 'event_type' and 'source_type' (based on VALIDATION HASH)
-    if (%WardenCommon::VALID_STRINGS) {	# check if hash is not empty - use VALIDATION HASH
+    # check event item: 'detected'
+    # http://my.safaribooksonline.com/book/programming/regular-expressions/9780596802837/4dot-validation-and-formatting/id2983571
+    if ($detected !~ /^((?:[1-9][0-9]*)?[0-9]{4})-(1[0-2]|0[1-9])-(3[0-1]|0[1-9]|[1-2][0-9])T(2[0-3]|[0-1][0-9]):([0-5][0-9]):([0-5][0-9])(\.[0-9]+)?(Z|[+-](?:2[0-3]|[0-1][0-9]):[0-5][0-9])?/) {
+      sendMsg("err",
+              "Unknown item 'detected' from client '$client{'client_id'}': '$detected'",
+              "Unknown detected time format: '$detected'");
+    }
+
+    # check event item: 'event_type' and 'source_type' (based on VALIDATION HASH)
+    if (%WardenCommon::VALID_STRINGS) {
      if (!(exists $WardenCommon::VALID_STRINGS{'type'} && grep $type eq $_, @{$WardenCommon::VALID_STRINGS{'type'}})) {
        sendMsg("err",
-                "Unknown event_type from client '$client{'client_id'}': '$type'",
+                "Unknown item 'event_type' from client '$client{'client_id'}': '$type'",
 	        "Unknown event type: '$type'");
      } elsif (!(exists $WardenCommon::VALID_STRINGS{'source_type'} && grep $source_type eq $_, @{$WardenCommon::VALID_STRINGS{'source_type'}})) {
        sendMsg("err",
-                "Unknown source_type from client '$client{'client_id'}': '$source_type'",
+                "Unknown item 'source_type' from client '$client{'client_id'}': '$source_type'",
                "Unknown source type: '$source_type'");
      }
    }

-    # http://my.safaribooksonline.com/book/programming/regular-expressions/9780596802837/4dot-validation-and-formatting/id2983571
-    if ($detected !~ /^((?:[1-9][0-9]*)?[0-9]{4})-(1[0-2]|0[1-9])-(3[0-1]|0[1-9]|[1-2][0-9])T(2[0-3]|[0-1][0-9]):([0-5][0-9]):([0-5][0-9])(\.[0-9]+)?(Z|[+-](?:2[0-3]|[0-1][0-9]):[0-5][0-9])?/) {
-      sendMsg("err",
-              "Unknown detected time format from client '$client{'client_id'}': '$detected'",
-              "Unknown detected time format: '$detected'");
-    }
-
-    # check other event entries
+    # check event items: target_port, attack_scale, priority, timeout
    my @change_list;
    if (defined $target_port && $target_port !~ /^\d+\z/) {
      push(@change_list, "target_port: '$target_port'");
@@ -271,7 +273,7 @@ sub saveNewEvent
    my $change_string = join(", ", @change_list);
    unless ($change_string eq "") {
      sendMsg("info",
-              "Unknown other event entries from client '$client{'client_id'}': ($change_string)",
+              "Unknown other event items from client '$client{'client_id'}': ($change_string)",
              undef);
    }