From 566f2b4bdd4672f0e97d07423dd33df28b862c9c Mon Sep 17 00:00:00 2001 From: Ad Schellevis Date: Fri, 26 Jun 2015 10:11:43 +0200 Subject: [PATCH] (ids) sanitize query strings --- .../OPNsense/IDS/Api/ServiceController.php | 7 ++++++- .../OPNsense/IDS/Api/SettingsController.php | 15 ++++++++++++--- 2 files changed, 18 insertions(+), 4 deletions(-) diff --git a/src/opnsense/mvc/app/controllers/OPNsense/IDS/Api/ServiceController.php b/src/opnsense/mvc/app/controllers/OPNsense/IDS/Api/ServiceController.php index 5bfa98476..1f72c8754 100644 --- a/src/opnsense/mvc/app/controllers/OPNsense/IDS/Api/ServiceController.php +++ b/src/opnsense/mvc/app/controllers/OPNsense/IDS/Api/ServiceController.php @@ -29,6 +29,7 @@ namespace OPNsense\IDS\Api; use \Phalcon\Filter; +use \OPNsense\Base\Filters\QueryFilter; use \OPNsense\Base\ApiControllerBase; use \OPNsense\Core\Backend; use \OPNsense\IDS\IDS; @@ -162,13 +163,17 @@ class ServiceController extends ApiControllerBase { if ($this->request->isPost()) { $this->sessionClose(); + // create filter to sanitize input data + $filter = new Filter(); + $filter->add('query', new QueryFilter()); // fetch query parameters $itemsPerPage = $this->request->getPost('rowCount', 'int', 9999); $currentPage = $this->request->getPost('current', 'int', 1); if ($this->request->getPost('searchPhrase', 'string', '') != "") { - $searchPhrase = 'alert,src_ip/"*'.$this->request->getPost('searchPhrase', 'string', '').'*"'; + $filterTag = $filter->sanitize($this->request->getPost('searchPhrase'), "query"); + $searchPhrase = 'alert,src_ip/"*'.$filterTag .'*"'; } else { $searchPhrase = ''; } diff --git a/src/opnsense/mvc/app/controllers/OPNsense/IDS/Api/SettingsController.php b/src/opnsense/mvc/app/controllers/OPNsense/IDS/Api/SettingsController.php index ca71abd6d..7f83baa4b 100644 --- a/src/opnsense/mvc/app/controllers/OPNsense/IDS/Api/SettingsController.php +++ b/src/opnsense/mvc/app/controllers/OPNsense/IDS/Api/SettingsController.php @@ -28,7 +28,9 @@ */ namespace OPNsense\IDS\Api; +use \Phalcon\Filter; use \OPNsense\Base\ApiControllerBase; +use \OPNsense\Base\Filters\QueryFilter; use \OPNsense\Core\Backend; use \OPNsense\IDS\IDS; use \OPNsense\Core\Config; @@ -62,6 +64,10 @@ class SettingsController extends ApiControllerBase { if ($this->request->isPost()) { $this->sessionClose(); + // create filter to sanitize input data + $filter = new Filter(); + $filter->add('query', new QueryFilter()); + // fetch query parameters $itemsPerPage = $this->request->getPost('rowCount', 'int', 9999); @@ -80,20 +86,22 @@ class SettingsController extends ApiControllerBase if ($sortStr != '') { $sortStr .= ','; } - $sortStr .= $sortKey . ' '. $sortOrd . ' '; + $sortStr .= $filter->sanitize($sortKey, "query") . ' '. $sortOrd . ' '; } } else { $sortStr = 'sid'; } if ($this->request->getPost('searchPhrase', 'string', '') != "") { - $searchPhrase = 'msg,classtype,source,sid/"%'.$this->request->getPost('searchPhrase', 'string', '').'"'; + $searchTag = $filter->sanitize($this->request->getPost('searchPhrase'), "query"); + $searchPhrase = 'msg,classtype,source,sid/"*'.$searchTag.'"'; } else { $searchPhrase = ''; } // add filter for classtype if ($this->request->getPost("classtype", "string", '') != "") { - $searchPhrase .= "classtype/".$this->request->getPost("classtype", "string", '').' '; + $searchTag = $filter->sanitize($this->request->getPost('classtype'), "query"); + $searchPhrase .= "classtype/".$searchTag.' '; } // request list of installed rules @@ -114,6 +122,7 @@ class SettingsController extends ApiControllerBase $result['rowCount'] = count($result['rows']); $result['total'] = $data['total_rows']; + $result['parameters'] = $data['parameters']; $result['current'] = (int)$currentPage; return $result; } else {