Skip to content

O
OpnSense
Commit a666e347 authored by Ad Schellevis's avatar Ad Schellevis Committed by Franco Fichtner
Browse files
Options

(ids) refactor model for user defined rules 

(cherry picked from commit 9910a79f)
parent 6701e632
Hide whitespace changes
Inline Side-by-side
Showing with 62 additions and 69 deletions
src/opnsense/mvc/app/controllers/OPNsense/IDS/Api/SettingsController.php
View file @ a666e347
......@@ -490,37 +490,37 @@ class SettingsController extends ApiControllerBase
}
/**
* search fingerprints
* @return array list of found fingerprints
* search user defined rules
* @return array list of found user rules
*/
public function searchFingerprintAction()
public function searchUserRuleAction()
{
$this->sessionClose();
$mdlIDS = $this->getModel();
$grid = new UIModelGrid($mdlIDS->rules->fingerprint);
$grid = new UIModelGrid($mdlIDS->userDefinedRules->rule);
return $grid->fetchBindRequest(
$this->request,
array("enabled", "action", "description", "fingerprint"),
array("enabled", "action", "description"),
"description"
);
}
/**
* update fingerprint
* @param string $uuid fingerprint internal id
* update user defined rules
* @param string $uuid internal id
* @return array save result + validation output
* @throws \Phalcon\Validation\Exception
*/
public function setFingerprintAction($uuid)
public function setUserRuleAction($uuid)
{
$result = array("result"=>"failed");
if ($this->request->isPost() && $this->request->hasPost("fingerprint")) {
if ($this->request->isPost() && $this->request->hasPost("rule")) {
$mdlIDS = $this->getModel();
if ($uuid != null) {
$node = $mdlIDS->getNodeByReference('rules.fingerprint.'.$uuid);
$node = $mdlIDS->getNodeByReference('userDefinedRules.rule.'.$uuid);
if ($node != null) {
$node->setNodes($this->request->getPost("fingerprint"));
$validations = $mdlIDS->validate($node->__reference, "fingerprint");
$node->setNodes($this->request->getPost("rule"));
$validations = $mdlIDS->validate($node->__reference, "rule");
if (count($validations)) {
$result['validations'] = $validations;
} else {
......@@ -536,18 +536,18 @@ class SettingsController extends ApiControllerBase
}
/**
* add new fingerprint
* add new user defined rule
* @return array save result + validation output
* @throws \Phalcon\Validation\Exception
*/
public function addFingerprintAction()
public function addUserRuleAction()
{
$result = array("result"=>"failed");
if ($this->request->isPost() && $this->request->hasPost("fingerprint")) {
if ($this->request->isPost() && $this->request->hasPost("rule")) {
$mdlIDS = $this->getModel();
$node = $mdlIDS->rules->fingerprint->Add();
$node->setNodes($this->request->getPost("fingerprint"));
$validations = $mdlIDS->validate($node->__reference, "fingerprint");
$node = $mdlIDS->userDefinedRules->rule->Add();
$node->setNodes($this->request->getPost("rule"));
$validations = $mdlIDS->validate($node->__reference, "rule");
if (count($validations)) {
$result['validations'] = $validations;
} else {
......@@ -561,39 +561,39 @@ class SettingsController extends ApiControllerBase
}
/**
* get fingerprint properties
* @param null|string $uuid fingerprint internal id
* @return array fingerprint properties
* get properties of user defined rule
* @param null|string $uuid user rule internal id
* @return array user defined properties
*/
public function getFingerprintAction($uuid = null)
public function getUserRuleAction($uuid = null)
{
$mdlIDS = $this->getModel();
if ($uuid != null) {
$node = $mdlIDS->getNodeByReference('rules.fingerprint.'.$uuid);
$node = $mdlIDS->getNodeByReference('userDefinedRules.rule.'.$uuid);
if ($node != null) {
// return node
return array("fingerprint" => $node->getNodes());
return array("rule" => $node->getNodes());
}
} else {
// generate new node, but don't save to disc
$node = $mdlIDS->rules->fingerprint->add() ;
return array("fingerprint" => $node->getNodes());
$node = $mdlIDS->userDefinedRules->rule->add() ;
return array("rule" => $node->getNodes());
}
return array();
}
/**
* delete fingerprint item
* @param string $uuid fingerprint internal id
* delete user rule item
* @param string $uuid user rule internal id
* @return array
* @throws \Phalcon\Validation\Exception
*/
public function delFingerprintAction($uuid)
public function delUserRuleAction($uuid)
{
$result = array("result"=>"failed");
if ($this->request->isPost() && $uuid != null) {
$mdlIDS = $this->getModel();
if ($mdlIDS->rules->fingerprint->del($uuid)) {
if ($mdlIDS->userDefinedRules->rule->del($uuid)) {
// if item is removed, serialize to config and save
$mdlIDS->serializeToConfig();
Config::getInstance()->save();
......@@ -606,17 +606,17 @@ class SettingsController extends ApiControllerBase
}
/**
* toggle fingerprint by uuid (enable/disable)
* @param $uuid fingerprint internal id
* toggle user defined rule by uuid (enable/disable)
* @param $uuid user defined rule internal id
* @param $enabled desired state enabled(1)/disabled(1), leave empty for toggle
* @return array status
*/
public function toggleFingerprintAction($uuid, $enabled = null)
public function toggleUserRuleAction($uuid, $enabled = null)
{
$result = array("result" => "failed");
if ($this->request->isPost() && $uuid != null) {
$mdlIDS = $this->getModel();
$node = $mdlIDS->getNodeByReference('rules.fingerprint.' . $uuid);
$node = $mdlIDS->getNodeByReference('userDefinedRules.rule.' . $uuid);
if ($node != null) {
if ($enabled == "0" || $enabled == "1") {
$node->enabled = (string)$enabled;
......
src/opnsense/mvc/app/controllers/OPNsense/IDS/IndexController.php
View file @ a666e347
......@@ -50,7 +50,7 @@ class IndexController extends \OPNsense\Base\IndexController
// link alert list dialog
$this->view->formDialogRuleset = $this->getForm("dialogRuleset");
// link fingerprint dialog
$this->view->formDialogFingerprint = $this->getForm("dialogFingerprint");
$this->view->formDialogUserDefined = $this->getForm("dialogUserDefined");
// choose template
$this->view->pick('OPNsense/IDS/index');
}
......
src/opnsense/mvc/app/controllers/OPNsense/IDS/forms/dialogFingerprint.xml src/opnsense/mvc/app/controllers/OPNsense/IDS/forms/dialogUserDefined.xml
View file @ a666e347
<form>
<field>
<id>fingerprint.enabled</id>
<id>rule.enabled</id>
<label>enabled</label>
<type>checkbox</type>
<help>enable this fingerprint rule</help>
</field>
<field>
<id>fingerprint.fingerprint</id>
<id>rule.fingerprint</id>
<label>Fingerprint</label>
<type>text</type>
<help>the SSL fingerprint, for example B5:E1:B3:70:5E:7C:FF:EB:92:C4:29:E5:5B:AC:2F:AE:70:17:E9:9E</help>
</field>
<field>
<id>fingerprint.action</id>
<id>rule.action</id>
<label>Action</label>
<type>dropdown</type>
<help>set action to perform here, only used when in IPS mode</help>
</field>
<field>
<id>fingerprint.description</id>
<id>rule.description</id>
<label>Description</label>
<type>text</type>
</field>
......
src/opnsense/mvc/app/models/OPNsense/Base/FieldTypes/TextField.php
View file @ a666e347
......@@ -62,7 +62,7 @@ class TextField extends BaseField
*/
public function getValidators()
{
$validators = array() ;
$validators = array();
if ($this->internalValidationMessage == null) {
$msg = "text validation error" ;
} else {
......
src/opnsense/mvc/app/models/OPNsense/IDS/IDS.xml
View file @ a666e347
......@@ -23,14 +23,16 @@
</OptionValues>
</action>
</rule>
<fingerprint type="ArrayField">
<!--SSL fingerprints -->
</rules>
<userDefinedRules>
<rule type="ArrayField">
<!--user defined rules -->
<enabled type="BooleanField">
<default>1</default>
<Required>Y</Required>
</enabled>
<fingerprint type="TextField">
<Required>Y</Required>
<Required>N</Required>
<mask>/^([0-9a-fA-F:]){59,59}$/u</mask>
<ValidationMessage>A SSL fingerprint should be a 59 character long hex value</ValidationMessage>
</fingerprint>
......@@ -47,8 +49,8 @@
<drop>Drop</drop>
</OptionValues>
</action>
</fingerprint>
</rules>
</rule>
</userDefinedRules>
<files>
<file type="ArrayField">
<filename type="TextField">
......
src/opnsense/mvc/app/views/OPNsense/IDS/index.volt
View file @ a666e347
......@@ -252,15 +252,15 @@ POSSIBILITY OF SUCH DAMAGE.
},
}
});
} else if (e.target.id == 'ssl_tab') {
$('#grid-fingerprints').bootgrid('destroy'); // always destroy previous grid, so data is always fresh
$("#grid-fingerprints").UIBootgrid({
search:'/api/ids/settings/searchfingerprint',
get:'/api/ids/settings/getFingerprint/',
set:'/api/ids/settings/setFingerprint/',
add:'/api/ids/settings/addFingerprint/',
del:'/api/ids/settings/delFingerprint/',
toggle:'/api/ids/settings/toggleFingerprint/'
} else if (e.target.id == 'userrules_tab') {
$('#grid-userrules').bootgrid('destroy'); // always destroy previous grid, so data is always fresh
$("#grid-userrules").UIBootgrid({
search:'/api/ids/settings/searchUserRule',
get:'/api/ids/settings/getUserRule/',
set:'/api/ids/settings/setUserRule/',
add:'/api/ids/settings/addUserRule/',
del:'/api/ids/settings/delUserRule/',
toggle:'/api/ids/settings/toggleUserRule/'
}
);
......@@ -404,7 +404,7 @@ POSSIBILITY OF SUCH DAMAGE.
<ul class="nav nav-tabs" data-tabs="tabs" id="maintabs">
<li class="active"><a data-toggle="tab" href="#settings" id="settings_tab">{{ lang._('Settings') }}</a></li>
<li><a data-toggle="tab" href="#rules" id="rule_tab">{{ lang._('Rules') }}</a></li>
<li><a data-toggle="tab" href="#ssl" id="ssl_tab">{{ lang._('SSL') }}</a></li>
<li><a data-toggle="tab" href="#userrules" id="userrules_tab">{{ lang._('User defined') }}</a></li>
<li><a data-toggle="tab" href="#alerts" id="alert_tab">{{ lang._('Alerts') }}</a></li>
<li><a href="" id="scheduled_updates" style="display:none">{{ lang._('Schedule') }}</a></li>
</ul>
......@@ -487,23 +487,14 @@ POSSIBILITY OF SUCH DAMAGE.
</tfoot>
</table>
</div>
<div id="ssl" class="tab-pane fade in">
<!-- tab page "ssl" -->
<div class="bootgrid-header container-fluid">
<div class="row">
<div class="col-sm-12">
<strong>SSL Fingerprints</strong>
</div>
</div>
</div>
<hr/>
<table id="grid-fingerprints" class="table table-condensed table-hover table-striped table-responsive" data-editDialog="DialogFingerprint">
<div id="userrules" class="tab-pane fade in">
<!-- tab page "userrules" -->
<table id="grid-userrules" class="table table-condensed table-hover table-striped table-responsive" data-editDialog="DialogUserDefined">
<thead>
<tr>
<th data-column-id="enabled" data-formatter="rowtoggle" data-sortable="false" data-width="10em">{{ lang._('Enabled') }}</th>
<th data-column-id="fingerprint" data-type="string" data-sortable="true">{{ lang._('Fingerprint') }}</th>
<th data-column-id="description" data-type="string" data-sortable="true">{{ lang._('Description') }}</th>
<th data-column-id="action" data-type="string" data-sortable="true">{{ lang._('Action') }}</th>
<th data-column-id="description" data-type="string" data-sortable="true">{{ lang._('Description') }}</th>
<th data-column-id="uuid" data-type="string" data-identifier="true" data-visible="false">{{ lang._('ID') }}</th>
<th data-column-id="commands" data-width="7em" data-formatter="commands" data-sortable="false">{{ lang._('Commands') }}</th>
</tr>
......@@ -586,4 +577,4 @@ POSSIBILITY OF SUCH DAMAGE.
{{ partial("layout_partials/base_dialog",['fields':formDialogRule,'id':'DialogRule','label':'Rule details','hasSaveBtn':'true','msgzone_width':1])}}
{{ partial("layout_partials/base_dialog",['fields':formDialogAlert,'id':'DialogAlert','label':'Alert details','hasSaveBtn':'false','msgzone_width':1])}}
{{ partial("layout_partials/base_dialog",['fields':formDialogRuleset,'id':'DialogRuleset','label':'Ruleset details','hasSaveBtn':'true','msgzone_width':1])}}
{{ partial("layout_partials/base_dialog",['fields':formDialogFingerprint,'id':'DialogFingerprint','label':'Fingerprint details','hasSaveBtn':'true'])}}
{{ partial("layout_partials/base_dialog",['fields':formDialogUserDefined,'id':'DialogUserDefined','label':'Rule details','hasSaveBtn':'true'])}}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Technounit-GROUP 2023