From 6bec233bfc9112e2b6b70130f2db2794aa5caf08 Mon Sep 17 00:00:00 2001
From: pharook <ph@rook.cz>
Date: Thu, 16 Aug 2012 16:11:38 +0200
Subject: [PATCH] Pokud "type" ve %VALID_STRINGS nebo samotny %VALID_STRINGS
 neni definovan, nevaliduj, prijmi cokoliv + uprava regularniho vyrazu v grepu
 na levnejsi "eq".

---
 src/warden-server/lib/Warden.pm | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/src/warden-server/lib/Warden.pm b/src/warden-server/lib/Warden.pm
index a42eb59..0fcc219 100755
--- a/src/warden-server/lib/Warden.pm
+++ b/src/warden-server/lib/Warden.pm
@@ -220,9 +220,8 @@ sub saveNewEvent
   my %client = authorizeClient($alt_names, $ip, $service, $client_type, $function_name);
   if(defined %client) {
 
-    # check validity of event attributes - TYPE
-    my $match = grep /$type/, @{$VALID_STRINGS{'type'}};
-    if ($match) {
+    # if validator is configured, check validity of event attributes - TYPE
+    if (!exists $VALID_STRINGS{'type'} or grep $type eq $_, @{$VALID_STRINGS{'type'}}) {
       $sth=$DBH->prepare("INSERT INTO events VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?);");
       if (!defined $sth) { die("Cannot do insert statement in $function_name: $DBI::errstr\n") }
       $sth->execute(undef, $client{'dns'}, $service, $detected, $received, $type, $source_type, $source, $target_proto, $target_port, $attack_scale, $note, $priority, $timeout, $valid);
-- 
GitLab