[Snort-users] Patch for Time criteria handling in ACID

Mark Vevers mark at ...6083...
Thu Jun 13 17:44:03 EDT 2002


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Roman et al,

A number of issues were bugging me about the time criteria handling in ACID, 
and along the way I also picked up what I think is another bug ...

1. Even though a time criteria could be cleared to '/ * /'  it couldn't be 
completely removed.
2. Having fixed that the search entry time criteria disappears and since PHP 
doesn't run the for loop once whatever if expr2 doesn't evaluate to true, no 
option to add it was appearing ... added code to give 'Add Time' button when 
no time criteria have yet been entered.
2. Acid was displaying an error about multiple time criteria without and AND 
or OR despite the fact that only one criteria had been entered.(with and 
without the above fixes'
3.  During this I discovered ProcessCriteria was being called twice for a 
normal search, once by acid_qry_main and once by acid_qry_sqlcalls.  The 
second was unncessary for a normal query but was need when called by 
acid_ag_main.php so I moved the ProcessCriteria line was moved inside the if 
clause when called by acid_ag_main.

As far as I can tell the fixes work - I've tried normal searchs with and 
without multiple time criteria, canned queries and alert graphing and they 
all seem to work OK YMMV.  The change to the search UI may not be quite what 
you wanted, but it's a consequnce of the fact that Init function gets called 
to clear the criteria as well as to create it ......

Cheers
Mark
- ---------------------------------------------------------------------------------------------------

Index: acid_state_citems.inc
===================================================================
RCS file: /cvsroot/acidlab/acid/acid/acid_state_citems.inc,v
retrieving revision 1.3
diff -r1.3 acid_state_citems.inc
589a590,596
>
>    function Init()
>    {
>      $this->criteria_cnt=0;
>      unset($this->criteria);
>    }
>
593a601,602
>      $this->criteria_cnt=0;
>      unset($this->criteria);
650a660,663
>       if ($this->criteria_cnt == 0)
>          echo '    <INPUT TYPE="submit" NAME="submit" VALUE="ADD Time">';
>
>
Index: acid_qry_sqlcalls.php
===================================================================
RCS file: /cvsroot/acidlab/acid/acid/acid_qry_sqlcalls.php,v
retrieving revision 1.9
diff -r1.9 acid_qry_sqlcalls.php
20,21d19
<   ProcessCriteria();
<
23a22
>      ProcessCriteria();
Index: acid_qry_common.php
===================================================================
RCS file: /cvsroot/acidlab/acid/acid/acid_qry_common.php,v
retrieving revision 1.16
diff -r1.16 acid_qry_common.php
124c124
<   for ( $i = 0; $i <= $cnt; $i++ )
- ---
>   for ( $i = 0; $i < $cnt; $i++ )
261d260
<

- -- 
Mark Vevers.    mark at ...5096... / mvevers at ...5097...
Internet Backbone Engineering Team
Internet for Learning, Research Machines Plc
Tel: +44 1235 823380,   Fax: +44 1235 823424
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE9Bh94WLU9HLCPPKMRAhbTAJ9bCB0GPnc0oVRZ7zpfe/N4V2LVAwCbBh01
60JsqaLYt0Yj2n7cZHPm4ow=
=z+9M
-----END PGP SIGNATURE-----





More information about the Snort-users mailing list