From 8429cf17bb15d3784e1d5c1ef8e9edd37e191b3e Mon Sep 17 00:00:00 2001 From: Mark Unwin Date: Tue, 17 Aug 2021 07:51:50 +1000 Subject: [PATCH] More robust setting of the default discovery subnet attribute. --- .../controllers/db_upgrades/db_4.2.0.php | 27 +++++++++----- code_igniter/application/controllers/util.php | 14 +++----- .../application/models/m_discoveries.php | 36 ++++++++++++------- 3 files changed, 45 insertions(+), 32 deletions(-) diff --git a/code_igniter/application/controllers/db_upgrades/db_4.2.0.php b/code_igniter/application/controllers/db_upgrades/db_4.2.0.php index 1aaa189f5..67af98501 100644 --- a/code_igniter/application/controllers/db_upgrades/db_4.2.0.php +++ b/code_igniter/application/controllers/db_upgrades/db_4.2.0.php @@ -453,17 +453,26 @@ $this->db->query($sql); $this->log_db($this->db->last_query() . ';'); -$ips = $this->config->config['server_ip']; +$ips = server_ip(); $ips = explode(',', $ips); -$ip = trim($ips[0]); -$ip = explode('.', $ip); -$ip[3] = 0; -$ip = implode('.', $ip); -$subnet = $ip . '/24'; +$subnet = ''; +foreach ($ips as $ip) { + if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) and !filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE)) { + $ip = explode('.', $ip); + $ip[3] = 0; + $ip = implode('.', $ip); + $subnet = $ip . '/24'; + break; + } +} -$sql = "INSERT INTO `discoveries` (id, name, org_id, description, type, subnet, edited_date, edited_by) VALUES (null,'Default Discovery',1,'Automatically created default discovery for $subnet.','subnet','$subnet',NOW(),'system')"; -$this->db->query($sql); -$this->log_db($this->db->last_query() . ';'); +if ($subnet !== '') { + $sql = "INSERT INTO `discoveries` (id, name, org_id, description, type, subnet, edited_date, edited_by) VALUES (null,'Default Discovery',1,'Automatically created default discovery for $subnet.','subnet','$subnet',NOW(),'system')"; + $this->db->query($sql); + $this->log_db($this->db->last_query() . ';'); +} else { + $this->log_db('WARNING - Could not determine a private IP for server, no default discovery created.'); +} // set our versions $sql = "UPDATE `configuration` SET `value` = '20210810' WHERE `name` = 'internal_version'"; diff --git a/code_igniter/application/controllers/util.php b/code_igniter/application/controllers/util.php index f973d60d2..62abdc39b 100644 --- a/code_igniter/application/controllers/util.php +++ b/code_igniter/application/controllers/util.php @@ -130,22 +130,16 @@ public function audit_my_pc() if ($client == 'aix') { $filename = 'audit_aix.sh'; - } elseif ($client == 'esxi') { $filename = 'audit_esxi.sh'; - } elseif ($client == 'hpux') { $filename = 'audit_hpux.sh'; - } elseif ($client == 'linux') { $filename = 'audit_linux.sh'; - } elseif ($client == 'osx') { $filename = 'audit_osx.sh'; - } elseif ($client == 'solaris') { $filename = 'audit_solaris.sh'; - } elseif ($client == 'windows') { $filename = 'audit_windows.vbs'; } @@ -153,7 +147,7 @@ public function audit_my_pc() $sql = "SELECT `id` AS `id` FROM `scripts` WHERE `name` = '$filename' ORDER BY id LIMIT 1"; $query = $this->db->query($sql); - foreach($query->result_array() as $row) { + foreach ($query->result_array() as $row) { $id = $row['id']; } @@ -440,9 +434,9 @@ public function queue() $this->db->query($sql); // POP an item off the queue $this->load->model('m_queue'); - while ( true ) { + while (true) { $item = $this->m_queue->pop(); - if ( ! empty($item->details) && is_string($item->details)) { + if (!empty($item->details) && is_string($item->details)) { $details = @json_decode($item->details); } @@ -493,7 +487,7 @@ public function queue() if ($item->type === 'ip_scan') { $result = ip_scan($details); $result = json_encode($result); - if ( ! empty($result)) { + if (!empty($result)) { $queue_item = new stdClass(); $queue_item->ip = $details->ip; $queue_item->discovery_id = $details->discovery_id; diff --git a/code_igniter/application/models/m_discoveries.php b/code_igniter/application/models/m_discoveries.php index 5d28b77c9..88278c309 100644 --- a/code_igniter/application/models/m_discoveries.php +++ b/code_igniter/application/models/m_discoveries.php @@ -403,15 +403,20 @@ public function read_for_discovery($id = 0) return false; } if (empty($result[0]->subnet) and $result[0]->type === 'subnet' and $result[0]->name === 'Default Discovery') { - $ips = $this->config->config['server_ip']; + $ips = server_ip(); $ips = explode(',', $ips); - $ip = trim($ips[0]); - $ip = explode('.', $ip); - $ip[3] = 0; - $ip = implode('.', $ip); - $subnet = $ip . '/24'; + $subnet = ''; + foreach ($ips as $ip) { + if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) and !filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE)) { + $ip = explode('.', $ip); + $ip[3] = 0; + $ip = implode('.', $ip); + $subnet = $ip . '/24'; + break; + } + } $sql = "UPDATE discoveries SET subnet = '$subnet', description = 'Automatically created default discovery for $subnet.' WHERE id = $id"; - $result = $this->run_sql($sql); + $this->run_sql($sql); $result[0]->subnet = $subnet; } if (empty($result[0]->scan_options)) { @@ -517,13 +522,18 @@ public function read($id = 0) return false; } if (empty($result[0]->subnet) and $result[0]->type === 'subnet' and $result[0]->name === 'Default Discovery') { - $ips = $CI->config->config['ip']; + $ips = server_ip(); $ips = explode(',', $ips); - $ip = trim($ips[0]); - $ip = explode('.', $ip); - $ip[3] = 0; - $ip = implode('.', $ip); - $subnet = $ip . '/24'; + $subnet = ''; + foreach ($ips as $ip) { + if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) and !filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE)) { + $ip = explode('.', $ip); + $ip[3] = 0; + $ip = implode('.', $ip); + $subnet = $ip . '/24'; + break; + } + } $sql = "UPDATE discoveries SET subnet = '$subnet', description = 'Automatically created default discovery for $subnet.' WHERE id = $id"; $this->run_sql($sql); $result[0]->subnet = $subnet;