From ef99a280fdcb8f2129c5ceae18115212cf05ff8d Mon Sep 17 00:00:00 2001
From: Ad Schellevis <ad@opnsense.org>
Date: Fri, 29 Jan 2016 17:43:19 +0100
Subject: [PATCH] (ids) add download filter action to model/ui and cleanup some
 code - change api method listInstallableRuleset to listRulesets - add api
 method getRuleset - add api method setRuleset - change api method
 toggleInstalledRuleset to toggleRuleset - fix reload action on multiselect

---
 .../OPNsense/IDS/Api/ServiceController.php    |   2 +-
 .../OPNsense/IDS/Api/SettingsController.php   | 125 ++++++++++++------
 .../OPNsense/IDS/IndexController.php          |   2 +
 .../OPNsense/IDS/forms/dialogRuleset.xml      |  19 +++
 .../mvc/app/models/OPNsense/IDS/IDS.xml       |   6 +
 .../mvc/app/views/OPNsense/IDS/index.volt     |  23 ++--
 6 files changed, 130 insertions(+), 47 deletions(-)
 create mode 100644 src/opnsense/mvc/app/controllers/OPNsense/IDS/forms/dialogRuleset.xml

diff --git a/src/opnsense/mvc/app/controllers/OPNsense/IDS/Api/ServiceController.php b/src/opnsense/mvc/app/controllers/OPNsense/IDS/Api/ServiceController.php
index f098f72eb..5aac3835b 100644
--- a/src/opnsense/mvc/app/controllers/OPNsense/IDS/Api/ServiceController.php
+++ b/src/opnsense/mvc/app/controllers/OPNsense/IDS/Api/ServiceController.php
@@ -237,7 +237,7 @@ class ServiceController extends ApiControllerBase
 
             $backend = new Backend();
             $response = $backend->configdpRun("ids query alerts", array($itemsPerPage,
-                ($currentPage-1)*$itemsPerPage, $searchPhrase,$fileid));
+                ($currentPage-1)*$itemsPerPage, $searchPhrase, $fileid));
             $result = json_decode($response, true);
             if ($result != null) {
                 $result['rowCount'] = count($result['rows']);
diff --git a/src/opnsense/mvc/app/controllers/OPNsense/IDS/Api/SettingsController.php b/src/opnsense/mvc/app/controllers/OPNsense/IDS/Api/SettingsController.php
index 1662fbd55..a827a1e4a 100644
--- a/src/opnsense/mvc/app/controllers/OPNsense/IDS/Api/SettingsController.php
+++ b/src/opnsense/mvc/app/controllers/OPNsense/IDS/Api/SettingsController.php
@@ -219,17 +219,16 @@ class SettingsController extends ApiControllerBase
     }
 
     /**
-     * list all installable rules including current status
-     * @return array|mixed
-     * @throws \Exception
+     * list all installable rules including configuration additions
+     * @return array
      */
-    public function listInstallableRulesetsAction()
+    private function listInstallableRules()
     {
+        $result = array();
         $backend = new Backend();
         $response = $backend->configdRun("ids list installablerulesets");
         $data = json_decode($response, true);
         if ($data != null && array_key_exists("items", $data)) {
-            $result = array("items"=>array());
             ksort($data['items']);
             foreach ($data['items'] as $filename => $fileinfo) {
                 $item = array();
@@ -238,21 +237,86 @@ class SettingsController extends ApiControllerBase
 
                 // format timestamps
                 if ($fileinfo['modified_local'] == null) {
-                    $item['modified_local'] = null ;
+                    $item['modified_local'] = null;
                 } else {
-                    $item['modified_local'] = date('Y/m/d G:i', $fileinfo['modified_local']) ;
+                    $item['modified_local'] = date('Y/m/d G:i', $fileinfo['modified_local']);
                 }
                 // retrieve status from model
-                $item['enabled'] = (string)$this->getModel()->getFileNode($fileinfo['filename'])->enabled;
-                $result['rows'][] = $item;
+                $fileNode = $this->getModel()->getFileNode($fileinfo['filename']);
+                $item['enabled'] = (string)$fileNode->enabled;
+                $item['filter'] = $fileNode->filter->getNodeData(); // filter (option list)
+                $item['filter_str'] = (string)$fileNode->filter; // filter current value
+                $result[] = $item;
             }
-            $result['rowCount'] = count($result['rows']);
-            $result['total'] = count($result['rows']);
-            $result['current'] = 1;
-            return $result;
-        } else {
-            return array();
         }
+        return $result;
+
+    }
+
+    /**
+     * list all installable rules including current status
+     * @return array|mixed list of items when $id is null otherwise the selected item is returned
+     * @throws \Exception
+     */
+    public function listRulesetsAction()
+    {
+        $result = array();
+        $result['rows'] = $this->listInstallableRules();
+        $result['rowCount'] = count($result['rows']);
+        $result['total'] = count($result['rows']);
+        $result['current'] = 1;
+        return $result;
+    }
+
+    /**
+     * get ruleset list info (file)
+     * @param string $id list filename
+     * @return array|mixed list details
+     */
+    public function getRulesetAction($id)
+    {
+        $rules = $this->listInstallableRules();
+        foreach ($rules as $rule) {
+            if ($rule['filename'] == $id) {
+                return $rule;
+            }
+        }
+        return array();
+    }
+
+    /**
+     * set ruleset attributes
+     * @param $filename rule filename (key)
+     * @return array
+     */
+    public function setRulesetAction($filename)
+    {
+        $result = array("result" => "failed");
+        if ($this->request->isPost()) {
+            // we're only allowed to edit filenames which have an install ruleset, request valid ones from configd
+            $backend = new Backend();
+            $response = $backend->configdRun("ids list installablerulesets");
+            $data = json_decode($response, true);
+            if ($data != null && array_key_exists("items", $data) && array_key_exists($filename, $data['items'])) {
+                // filename exists, input ruleset data
+                $mdlIDS = $this->getModel();
+                $node = $mdlIDS->getFileNode($filename);
+
+                // send post attributes to model
+                $node->setNodes($_POST);
+
+                $validations = $mdlIDS->validate($node->__reference . ".", "");
+                if (count($validations)) {
+                    $result['validations'] = $validations;
+                } else {
+                    // serialize model to config and save
+                    $mdlIDS->serializeToConfig();
+                    Config::getInstance()->save();
+                    $result["result"] = "saved";
+                }
+            }
+        }
+        return $result;
     }
 
     /**
@@ -263,7 +327,7 @@ class SettingsController extends ApiControllerBase
      * @throws \Exception
      * @throws \Phalcon\Validation\Exception
      */
-    public function toggleInstalledRulesetAction($filenames, $enabled = null)
+    public function toggleRulesetAction($filenames, $enabled = null)
     {
         $update_count = 0;
         $result = array("status" => "none");
@@ -367,17 +431,11 @@ class SettingsController extends ApiControllerBase
                 } else {
                     $mdlIDS->setAction($sid, $newAction);
                 }
-                // perform validation
-                $valMsgs = $mdlIDS->performValidation();
-                foreach ($valMsgs as $field => $msg) {
-                    if (!array_key_exists("validations", $result)) {
-                        $result["validations"] = array();
-                    }
-                    $result["validations"]["ids.".$msg->getField()] = $msg->getMessage();
-                }
 
-                // serialize model to config and save
-                if ($valMsgs->count() == 0) {
+                $validations = $mdlIDS->validate();
+                if (count($validations)) {
+                    $result['validations'] = $validations;
+                } else {
                     $mdlIDS->serializeToConfig();
                     Config::getInstance()->save();
                     $result["result"] = "saved";
@@ -418,17 +476,10 @@ class SettingsController extends ApiControllerBase
             $mdlIDS = $this->getModel();
             $mdlIDS->setNodes($this->request->getPost("ids"));
 
-            // perform validation
-            $valMsgs = $mdlIDS->performValidation();
-            foreach ($valMsgs as $field => $msg) {
-                if (!array_key_exists("validations", $result)) {
-                    $result["validations"] = array();
-                }
-                $result["validations"]["ids.".$msg->getField()] = $msg->getMessage();
-            }
-
-            // serialize model to config and save
-            if ($valMsgs->count() == 0) {
+            $validations = $mdlIDS->validate(null, "ids.");
+            if (count($validations)) {
+                $result['validations'] = $validations;
+            } else {
                 $mdlIDS->serializeToConfig();
                 Config::getInstance()->save();
                 $result["result"] = "saved";
diff --git a/src/opnsense/mvc/app/controllers/OPNsense/IDS/IndexController.php b/src/opnsense/mvc/app/controllers/OPNsense/IDS/IndexController.php
index 309b70846..9c4a99bac 100644
--- a/src/opnsense/mvc/app/controllers/OPNsense/IDS/IndexController.php
+++ b/src/opnsense/mvc/app/controllers/OPNsense/IDS/IndexController.php
@@ -47,6 +47,8 @@ class IndexController extends \OPNsense\Base\IndexController
         $this->view->formDialogAlert = $this->getForm("dialogAlert");
         // link IDS general settings
         $this->view->formGeneralSettings = $this->getForm("generalSettings");
+        // link alert list dialog
+        $this->view->formDialogRuleset = $this->getForm("dialogRuleset");
         // choose template
         $this->view->pick('OPNsense/IDS/index');
     }
diff --git a/src/opnsense/mvc/app/controllers/OPNsense/IDS/forms/dialogRuleset.xml b/src/opnsense/mvc/app/controllers/OPNsense/IDS/forms/dialogRuleset.xml
new file mode 100644
index 000000000..8fe7fc497
--- /dev/null
+++ b/src/opnsense/mvc/app/controllers/OPNsense/IDS/forms/dialogRuleset.xml
@@ -0,0 +1,19 @@
+<form>
+    <field>
+        <id>enabled</id>
+        <label>enabled</label>
+        <type>checkbox</type>
+        <help>enable ruleset</help>
+    </field>
+    <field>
+        <id>filename</id>
+        <label>filename</label>
+        <type>info</type>
+    </field>
+    <field>
+        <id>filter</id>
+        <label>Input Filter</label>
+        <type>dropdown</type>
+        <help>Filter to use when downloading this ruleset, applies this action to all incoming lines</help>
+    </field>
+</form>
diff --git a/src/opnsense/mvc/app/models/OPNsense/IDS/IDS.xml b/src/opnsense/mvc/app/models/OPNsense/IDS/IDS.xml
index a00c95ed8..50bdd3ec6 100644
--- a/src/opnsense/mvc/app/models/OPNsense/IDS/IDS.xml
+++ b/src/opnsense/mvc/app/models/OPNsense/IDS/IDS.xml
@@ -30,6 +30,12 @@
                     <Required>Y</Required>
                     <mask>/^([\t\n\v\f\r\- 0-9a-zA-Z.,_\x{00A0}-\x{FFFF}]){1,255}$/u</mask>
                 </filename>
+                <filter type="OptionField">
+                    <Required>N</Required>
+                    <OptionValues>
+                        <drop>Change all alerts to drop actions</drop>
+                    </OptionValues>
+                </filter>
                 <enabled type="BooleanField">
                     <default>0</default>
                     <Required>Y</Required>
diff --git a/src/opnsense/mvc/app/views/OPNsense/IDS/index.volt b/src/opnsense/mvc/app/views/OPNsense/IDS/index.volt
index 73f437559..c474d803b 100644
--- a/src/opnsense/mvc/app/views/OPNsense/IDS/index.volt
+++ b/src/opnsense/mvc/app/views/OPNsense/IDS/index.volt
@@ -182,7 +182,7 @@ POSSIBILITY OF SUCH DAMAGE.
 
                 // refresh when all toggles are executed
                 $.when.apply(null, deferreds).done(function(){
-                    $("#"+gridId).bootgrid("refresh");
+                    $("#"+gridId).bootgrid("reload");
                 });
             }
         }
@@ -261,16 +261,19 @@ POSSIBILITY OF SUCH DAMAGE.
          * grid for installable rule files
          */
         $("#grid-rule-files").UIBootgrid(
-                {   search:'/api/ids/settings/listInstallableRulesets',
-                    toggle:'/api/ids/settings/toggleInstalledRuleset/',
+                {   search:'/api/ids/settings/listRulesets',
+                    get:'/api/ids/settings/getRuleset/',
+                    set:'/api/ids/settings/setRuleset/',
+                    toggle:'/api/ids/settings/toggleRuleset/',
                     options:{
                         navigation:0,
                         formatters:{
                             rowtoggle: function (column, row) {
+                                var toggle = " <button type=\"button\" class=\"btn btn-xs btn-default command-edit\" data-row-id=\"" + row.filename + "\"><span class=\"fa fa-info-circle\"></span></button> ";
                                 if (parseInt(row[column.id], 2) == 1) {
-                                    var toggle = "<span style=\"cursor: pointer;\" class=\"fa fa-check-square-o command-toggle\" data-value=\"1\" data-row-id=\"" + row.filename + "\"></span>";
+                                    toggle += "<span style=\"cursor: pointer;\" class=\"fa fa-check-square-o command-toggle\" data-value=\"1\" data-row-id=\"" + row.filename + "\"></span>";
                                 } else {
-                                    var toggle = "<span style=\"cursor: pointer;\" class=\"fa fa-square-o command-toggle\" data-value=\"0\" data-row-id=\"" + row.filename + "\"></span>";
+                                    toggle += "<span style=\"cursor: pointer;\" class=\"fa fa-square-o command-toggle\" data-value=\"0\" data-row-id=\"" + row.filename + "\"></span>";
                                 }
                                 return toggle;
                             }
@@ -329,7 +332,7 @@ POSSIBILITY OF SUCH DAMAGE.
          */
         $("#disableSelectedRuleSets").click(function(){
             var gridId = 'grid-rule-files';
-            var url = '/api/ids/settings/toggleInstalledRuleset/';
+            var url = '/api/ids/settings/toggleRuleset/';
             actionToggleSelected(gridId, url, 0, 20);
         });
 
@@ -338,7 +341,7 @@ POSSIBILITY OF SUCH DAMAGE.
          */
         $("#enableSelectedRuleSets").click(function(){
             var gridId = 'grid-rule-files';
-            var url = '/api/ids/settings/toggleInstalledRuleset/';
+            var url = '/api/ids/settings/toggleRuleset/';
             actionToggleSelected(gridId, url, 1, 20);
         });
 
@@ -401,12 +404,13 @@ POSSIBILITY OF SUCH DAMAGE.
                     </div>
                 </td>
                 <td>
-                <table id="grid-rule-files" class="table table-condensed table-hover table-striped table-responsive" data-editDialog="DialogRule">
+                <table id="grid-rule-files" class="table table-condensed table-hover table-striped table-responsive" data-editDialog="DialogRuleset">
                     <thead>
                     <tr>
                         <th data-column-id="filename" data-type="string" data-visible="false" data-identifier="true">filename</th>
                         <th data-column-id="description" data-type="string" data-sortable="false"  data-visible="true">{{ lang._('Description') }}</th>
-                        <th data-column-id="modified_local" data-type="string" data-sortable="false"  data-visible="true">{{ lang._('Last updated') }}</th>
+                        <th data-column-id="modified_local" data-type="string" data-sortable="false" data-visible="true">{{ lang._('Last updated') }}</th>
+                        <th data-column-id="filter_str" data-type="string" data-identifier="true">Filter</th>
                         <th data-column-id="enabled" data-formatter="rowtoggle" data-sortable="false"  data-width="10em">{{ lang._('Enabled') }}</th>
                     </tr>
                     </thead>
@@ -526,3 +530,4 @@ POSSIBILITY OF SUCH DAMAGE.
 
 {{ partial("layout_partials/base_dialog",['fields':formDialogRule,'id':'DialogRule','label':'Rule details','hasSaveBtn':'true','msgzone_width':1])}}
 {{ partial("layout_partials/base_dialog",['fields':formDialogAlert,'id':'DialogAlert','label':'Alert details','hasSaveBtn':'false','msgzone_width':1])}}
+{{ partial("layout_partials/base_dialog",['fields':formDialogRuleset,'id':'DialogRuleset','label':'Ruleset details','hasSaveBtn':'true','msgzone_width':1])}}