From 1276dfd2793c3142509863e5c89802ef49319dd1 Mon Sep 17 00:00:00 2001 From: Stefan Schantl Date: Sat, 9 Aug 2025 17:50:48 +0200 Subject: [PATCH] ids.cgi: Add code for e-mail input validation Signed-off-by: Stefan Schantl Signed-off-by: Michael Tremer --- doc/language_issues.en | 3 +++ doc/language_issues.es | 3 +++ doc/language_issues.fr | 3 +++ doc/language_issues.it | 3 +++ doc/language_issues.nl | 3 +++ doc/language_issues.pl | 3 +++ doc/language_issues.ru | 3 +++ doc/language_issues.tr | 3 +++ doc/language_issues.tw | 3 +++ doc/language_issues.zh | 3 +++ doc/language_missings | 27 ++++++++++++++++++++++ html/cgi-bin/ids.cgi | 52 +++++++++++++++++++++++++++++++++++++++++- langs/de/cgi-bin/de.pl | 3 +++ langs/en/cgi-bin/en.pl | 3 +++ 14 files changed, 114 insertions(+), 1 deletion(-) diff --git a/doc/language_issues.en b/doc/language_issues.en index 15229c9fa..0c6a2fd84 100644 --- a/doc/language_issues.en +++ b/doc/language_issues.en @@ -1050,6 +1050,7 @@ WARNING: untranslated string: ids finished = Finished... WARNING: untranslated string: ids force ruleset update = Force ruleset update WARNING: untranslated string: ids hide = Hide WARNING: untranslated string: ids ignored hosts = Whitelisted Hosts +WARNING: untranslated string: ids invalid mail address = Is or contains an invalid mail address. WARNING: untranslated string: ids log hits = Total of number of activated rules for WARNING: untranslated string: ids log viewer = IPS Log Viewer WARNING: untranslated string: ids logs = IPS Logs @@ -1057,6 +1058,8 @@ WARNING: untranslated string: ids merge classifications = Merging classification WARNING: untranslated string: ids merge sid files = Merging sid to message files... WARNING: untranslated string: ids monitor traffic only = Monitor traffic only WARNING: untranslated string: ids monitored interfaces = Monitored Interfaces +WARNING: untranslated string: ids no email recipients = No email recipients given +WARNING: untranslated string: ids no email sender = No sender email address specified WARNING: untranslated string: ids no enabled ruleset provider = No enabled ruleset is available. Please activate or add one first. WARNING: untranslated string: ids no network zone = Please select at least one network zone to be monitored WARNING: untranslated string: ids provider = Provider diff --git a/doc/language_issues.es b/doc/language_issues.es index 4335085aa..b6c1e0838 100644 --- a/doc/language_issues.es +++ b/doc/language_issues.es @@ -1060,6 +1060,9 @@ WARNING: untranslated string: ids email alerts = E-Mail alerts WARNING: untranslated string: ids email recipients = Recipients WARNING: untranslated string: ids email sender = Sender address WARNING: untranslated string: ids enable email alerts = Enable e-mail alerts +WARNING: untranslated string: ids invalid mail address = Is or contains an invalid mail address. +WARNING: untranslated string: ids no email recipients = No email recipients given +WARNING: untranslated string: ids no email sender = No sender email address specified WARNING: untranslated string: ids provider eol = (EOL) WARNING: untranslated string: indirect target selection = Indirect target selection WARNING: untranslated string: info messages = unknown string diff --git a/doc/language_issues.fr b/doc/language_issues.fr index 71ee9365d..e47be8c45 100644 --- a/doc/language_issues.fr +++ b/doc/language_issues.fr @@ -1048,6 +1048,9 @@ WARNING: untranslated string: ids email alerts = E-Mail alerts WARNING: untranslated string: ids email recipients = Recipients WARNING: untranslated string: ids email sender = Sender address WARNING: untranslated string: ids enable email alerts = Enable e-mail alerts +WARNING: untranslated string: ids invalid mail address = Is or contains an invalid mail address. +WARNING: untranslated string: ids no email recipients = No email recipients given +WARNING: untranslated string: ids no email sender = No sender email address specified WARNING: untranslated string: ids provider eol = (EOL) WARNING: untranslated string: ids rulesets = Rulesets WARNING: untranslated string: import connection = Import a Connection diff --git a/doc/language_issues.it b/doc/language_issues.it index 7d2083321..a8a5905ab 100644 --- a/doc/language_issues.it +++ b/doc/language_issues.it @@ -1173,11 +1173,14 @@ WARNING: untranslated string: ids finished = Finished... WARNING: untranslated string: ids force ruleset update = Force ruleset update WARNING: untranslated string: ids hide = Hide WARNING: untranslated string: ids ignored hosts = Whitelisted Hosts +WARNING: untranslated string: ids invalid mail address = Is or contains an invalid mail address. WARNING: untranslated string: ids log hits = Total of number of activated rules for WARNING: untranslated string: ids merge classifications = Merging classifications... WARNING: untranslated string: ids merge sid files = Merging sid to message files... WARNING: untranslated string: ids monitor traffic only = Monitor traffic only WARNING: untranslated string: ids monitored interfaces = Monitored Interfaces +WARNING: untranslated string: ids no email recipients = No email recipients given +WARNING: untranslated string: ids no email sender = No sender email address specified WARNING: untranslated string: ids no enabled ruleset provider = No enabled ruleset is available. Please activate or add one first. WARNING: untranslated string: ids no network zone = Please select at least one network zone to be monitored WARNING: untranslated string: ids provider = Provider diff --git a/doc/language_issues.nl b/doc/language_issues.nl index cc8221a08..1ab12b7e0 100644 --- a/doc/language_issues.nl +++ b/doc/language_issues.nl @@ -1179,11 +1179,14 @@ WARNING: untranslated string: ids finished = Finished... WARNING: untranslated string: ids force ruleset update = Force ruleset update WARNING: untranslated string: ids hide = Hide WARNING: untranslated string: ids ignored hosts = Whitelisted Hosts +WARNING: untranslated string: ids invalid mail address = Is or contains an invalid mail address. WARNING: untranslated string: ids log hits = Total of number of activated rules for WARNING: untranslated string: ids merge classifications = Merging classifications... WARNING: untranslated string: ids merge sid files = Merging sid to message files... WARNING: untranslated string: ids monitor traffic only = Monitor traffic only WARNING: untranslated string: ids monitored interfaces = Monitored Interfaces +WARNING: untranslated string: ids no email recipients = No email recipients given +WARNING: untranslated string: ids no email sender = No sender email address specified WARNING: untranslated string: ids no enabled ruleset provider = No enabled ruleset is available. Please activate or add one first. WARNING: untranslated string: ids no network zone = Please select at least one network zone to be monitored WARNING: untranslated string: ids provider = Provider diff --git a/doc/language_issues.pl b/doc/language_issues.pl index e37913baa..c006f7e02 100644 --- a/doc/language_issues.pl +++ b/doc/language_issues.pl @@ -1298,11 +1298,14 @@ WARNING: untranslated string: ids finished = Finished... WARNING: untranslated string: ids force ruleset update = Force ruleset update WARNING: untranslated string: ids hide = Hide WARNING: untranslated string: ids ignored hosts = Whitelisted Hosts +WARNING: untranslated string: ids invalid mail address = Is or contains an invalid mail address. WARNING: untranslated string: ids log hits = Total of number of activated rules for WARNING: untranslated string: ids merge classifications = Merging classifications... WARNING: untranslated string: ids merge sid files = Merging sid to message files... WARNING: untranslated string: ids monitor traffic only = Monitor traffic only WARNING: untranslated string: ids monitored interfaces = Monitored Interfaces +WARNING: untranslated string: ids no email recipients = No email recipients given +WARNING: untranslated string: ids no email sender = No sender email address specified WARNING: untranslated string: ids no enabled ruleset provider = No enabled ruleset is available. Please activate or add one first. WARNING: untranslated string: ids no network zone = Please select at least one network zone to be monitored WARNING: untranslated string: ids provider = Provider diff --git a/doc/language_issues.ru b/doc/language_issues.ru index ac540365b..a356d9254 100644 --- a/doc/language_issues.ru +++ b/doc/language_issues.ru @@ -1296,11 +1296,14 @@ WARNING: untranslated string: ids finished = Finished... WARNING: untranslated string: ids force ruleset update = Force ruleset update WARNING: untranslated string: ids hide = Hide WARNING: untranslated string: ids ignored hosts = Whitelisted Hosts +WARNING: untranslated string: ids invalid mail address = Is or contains an invalid mail address. WARNING: untranslated string: ids log hits = Total of number of activated rules for WARNING: untranslated string: ids merge classifications = Merging classifications... WARNING: untranslated string: ids merge sid files = Merging sid to message files... WARNING: untranslated string: ids monitor traffic only = Monitor traffic only WARNING: untranslated string: ids monitored interfaces = Monitored Interfaces +WARNING: untranslated string: ids no email recipients = No email recipients given +WARNING: untranslated string: ids no email sender = No sender email address specified WARNING: untranslated string: ids no enabled ruleset provider = No enabled ruleset is available. Please activate or add one first. WARNING: untranslated string: ids no network zone = Please select at least one network zone to be monitored WARNING: untranslated string: ids provider = Provider diff --git a/doc/language_issues.tr b/doc/language_issues.tr index 4cae8e3a2..b5094edc1 100644 --- a/doc/language_issues.tr +++ b/doc/language_issues.tr @@ -1117,11 +1117,14 @@ WARNING: untranslated string: ids finished = Finished... WARNING: untranslated string: ids force ruleset update = Force ruleset update WARNING: untranslated string: ids hide = Hide WARNING: untranslated string: ids ignored hosts = Whitelisted Hosts +WARNING: untranslated string: ids invalid mail address = Is or contains an invalid mail address. WARNING: untranslated string: ids log hits = Total of number of activated rules for WARNING: untranslated string: ids merge classifications = Merging classifications... WARNING: untranslated string: ids merge sid files = Merging sid to message files... WARNING: untranslated string: ids monitor traffic only = Monitor traffic only WARNING: untranslated string: ids monitored interfaces = Monitored Interfaces +WARNING: untranslated string: ids no email recipients = No email recipients given +WARNING: untranslated string: ids no email sender = No sender email address specified WARNING: untranslated string: ids no enabled ruleset provider = No enabled ruleset is available. Please activate or add one first. WARNING: untranslated string: ids no network zone = Please select at least one network zone to be monitored WARNING: untranslated string: ids provider = Provider diff --git a/doc/language_issues.tw b/doc/language_issues.tw index bd0754203..0913d9cca 100644 --- a/doc/language_issues.tw +++ b/doc/language_issues.tw @@ -1069,6 +1069,9 @@ WARNING: untranslated string: ids email alerts = E-Mail alerts WARNING: untranslated string: ids email recipients = Recipients WARNING: untranslated string: ids email sender = Sender address WARNING: untranslated string: ids enable email alerts = Enable e-mail alerts +WARNING: untranslated string: ids invalid mail address = Is or contains an invalid mail address. +WARNING: untranslated string: ids no email recipients = No email recipients given +WARNING: untranslated string: ids no email sender = No sender email address specified WARNING: untranslated string: indirect target selection = Indirect target selection WARNING: untranslated string: info messages = unknown string WARNING: untranslated string: max bandwidth = Maximum bandwidth diff --git a/doc/language_issues.zh b/doc/language_issues.zh index bd0754203..0913d9cca 100644 --- a/doc/language_issues.zh +++ b/doc/language_issues.zh @@ -1069,6 +1069,9 @@ WARNING: untranslated string: ids email alerts = E-Mail alerts WARNING: untranslated string: ids email recipients = Recipients WARNING: untranslated string: ids email sender = Sender address WARNING: untranslated string: ids enable email alerts = Enable e-mail alerts +WARNING: untranslated string: ids invalid mail address = Is or contains an invalid mail address. +WARNING: untranslated string: ids no email recipients = No email recipients given +WARNING: untranslated string: ids no email sender = No sender email address specified WARNING: untranslated string: indirect target selection = Indirect target selection WARNING: untranslated string: info messages = unknown string WARNING: untranslated string: max bandwidth = Maximum bandwidth diff --git a/doc/language_missings b/doc/language_missings index 22e84db3b..f253a8807 100644 --- a/doc/language_missings +++ b/doc/language_missings @@ -160,6 +160,9 @@ < ids email recipients < ids email sender < ids enable email alerts +< ids invalid mail address +< ids no email recipients +< ids no email sender < ids provider eol < indirect target selection < mdstat @@ -215,6 +218,9 @@ < ids email recipients < ids email sender < ids enable email alerts +< ids invalid mail address +< ids no email recipients +< ids no email sender < ids provider eol < ids rulesets < ids unsupported provider @@ -579,11 +585,14 @@ < ids force ruleset update < ids hide < ids ignored hosts +< ids invalid mail address < ids log hits < ids merge classifications < ids merge sid files < ids monitored interfaces < ids monitor traffic only +< ids no email recipients +< ids no email sender < ids no enabled ruleset provider < ids no network zone < ids provider @@ -1227,11 +1236,14 @@ < ids force ruleset update < ids hide < ids ignored hosts +< ids invalid mail address < ids log hits < ids merge classifications < ids merge sid files < ids monitored interfaces < ids monitor traffic only +< ids no email recipients +< ids no email sender < ids no enabled ruleset provider < ids no network zone < ids provider @@ -2177,11 +2189,14 @@ < ids force ruleset update < ids hide < ids ignored hosts +< ids invalid mail address < ids log hits < ids merge classifications < ids merge sid files < ids monitored interfaces < ids monitor traffic only +< ids no email recipients +< ids no email sender < ids no enabled ruleset provider < ids no network zone < ids provider @@ -3295,11 +3310,14 @@ < ids force ruleset update < ids hide < ids ignored hosts +< ids invalid mail address < ids log hits < ids merge classifications < ids merge sid files < ids monitored interfaces < ids monitor traffic only +< ids no email recipients +< ids no email sender < ids no enabled ruleset provider < ids no network zone < ids provider @@ -4007,11 +4025,14 @@ < ids force ruleset update < ids hide < ids ignored hosts +< ids invalid mail address < ids log hits < ids merge classifications < ids merge sid files < ids monitored interfaces < ids monitor traffic only +< ids no email recipients +< ids no email sender < ids no enabled ruleset provider < ids no network zone < ids provider @@ -4327,6 +4348,9 @@ < ids email recipients < ids email sender < ids enable email alerts +< ids invalid mail address +< ids no email recipients +< ids no email sender < indirect target selection < max bandwidth < offloaded @@ -4379,6 +4403,9 @@ < ids email recipients < ids email sender < ids enable email alerts +< ids invalid mail address +< ids no email recipients +< ids no email sender < indirect target selection < max bandwidth < offloaded diff --git a/html/cgi-bin/ids.cgi b/html/cgi-bin/ids.cgi index 8d9fbfc16..f34149473 100644 --- a/html/cgi-bin/ids.cgi +++ b/html/cgi-bin/ids.cgi @@ -574,6 +574,29 @@ if ($cgiparams{'RULESET'} eq $Lang::tr{'ids apply'}) { } } + # Check if the e-mail feature should be used. + if ($cgiparams{'ENABLE_EMAIL'} eq "on") { + # Check if a sender mail address has been provided. + unless($cgiparams{'EMAIL_SENDER'}) { + $errormessage = $Lang::tr{'ids no email sender'}; + } + + # Check if the given sender mail address is valid. + if (&_validate_mail_address($cgiparams{'EMAIL_SENDER'})) { + $errormessage = "$cgiparams{'EMAIL_SENDER'} - $Lang::tr{'ids invalid mail address'}"; + } + + # Check if at least one mail recipient has been given. + unless($cgiparams{'EMAIL_RECIPIENTS'}) { + $errormessage = $Lang::tr{'ids no email recipients'}; + } + + # Check if the given recipient mail address or addresses are valid. + if (&_validate_mail_address($cgiparams{'EMAIL_RECIPIENTS'})) { + $errormessage = "$cgiparams{'EMAIL_RECIPIENTS'} - $Lang::tr{'ids invalid mail address'}"; + } + } + # Go on if there are no error messages. if (!$errormessage) { # Store settings into settings file. @@ -589,6 +612,9 @@ if ($cgiparams{'RULESET'} eq $Lang::tr{'ids apply'}) { # Generate file to store the HTTP ports. &IDS::generate_http_ports_file(); + # Generate report generator config file. + &IDS::generate_report_generator_config(); + # Check if the IDS currently is running. if(&IDS::ids_is_running()) { # Check if ENABLE_IDS is set to on. @@ -1027,7 +1053,7 @@ print <
- +
 $Lang::tr{'ids enable'} @@ -2091,3 +2117,27 @@ sub _rulefile_to_category($) { # Return the converted filename. return $category; } + +# +## Private function to validate if a given string contains one or +## more valid mail addresses. +# +sub _validate_mail_address($) { + my ($address) = @_; + + # Temporary array, which holds the single mail addresses. + my @temp; + + # Split the string of mail addresses into single pieces and + # store them into the temporary array. + @temp = split(/\,/, $address); + + # Loop through the array of mail addresses. + foreach my $addr (@temp) { + # Return 1 if the processed mail address is invalid. + return 1 unless($addr =~ '^([a-zA-Z][\w\_\.]{6,15})\@([a-zA-Z0-9.-]+)\.([a-zA-Z]{2,4})$'); + } + + # Return nothing if the address is valid. + return; +} diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl index e1ed11a0e..00da6a453 100644 --- a/langs/de/cgi-bin/de.pl +++ b/langs/de/cgi-bin/de.pl @@ -1402,6 +1402,7 @@ 'ids force ruleset update' => 'Regelset jetzt aktualisieren', 'ids hide' => 'Verstecken', 'ids ignored hosts' => 'Ausnahmeliste', +'ids invalid mail address' => 'Ist oder enthält eine ungültige E-Mail Addresse', 'ids log hits' => 'Gesamtanzahl der Regeltreffer für', 'ids log viewer' => 'Protokoll des Einbruchsverhinderungssystems', 'ids logs' => 'IPS-Protokolldateien', @@ -1409,6 +1410,8 @@ 'ids merge sid files' => 'Sid-to-message Dateien zusammenführen...', 'ids monitor traffic only' => 'Netzwerkpakete nur überprüfen (nicht verwerfen)', 'ids monitored interfaces' => 'Überwachte Netzwerkzonen', +'ids no email recipients' => 'Keine Empfänger-Addresse angegeben', +'ids no email sender' => 'Keine Sender-Addresse angegeben', 'ids no enabled ruleset provider' => 'Es ist kein aktivierter Provider verfügbar. Bitte aktivieren Sie einen oder fügen Sie einen Provider hinzu.', 'ids no network zone' => 'Bitte wählen Sie mindestens eine zu überwachende Netzwerkzone aus', 'ids oinkcode required' => 'Für den ausgewählten Regelsatz wird ein Abonnement oder ein Oinkcode benötigt', diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index 1712ba2a1..89989026b 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -1460,6 +1460,7 @@ 'ids force ruleset update' => 'Force ruleset update', 'ids hide' => 'Hide', 'ids ignored hosts' => 'Whitelisted Hosts', +'ids invalid mail address' => 'Is or contains an invalid mail address.', 'ids log hits' => 'Total of number of activated rules for', 'ids log viewer' => 'IPS Log Viewer', 'ids logs' => 'IPS Logs', @@ -1467,6 +1468,8 @@ 'ids merge sid files' => 'Merging sid to message files...', 'ids monitor traffic only' => 'Monitor traffic only', 'ids monitored interfaces' => 'Monitored Interfaces', +'ids no email recipients' => 'No email recipients given', +'ids no email sender' => 'No sender email address specified', 'ids no enabled ruleset provider' => 'No enabled ruleset is available. Please activate or add one first.', 'ids no network zone' => 'Please select at least one network zone to be monitored', 'ids provider' => 'Provider', -- 2.47.3