vulnerabilities.cgi: Disable debugging output
[ipfire-2.x.git] / html / cgi-bin / vulnerabilities.cgi
1 #!/usr/bin/perl
2 ###############################################################################
3 #                                                                             #
4 # IPFire.org - A linux based firewall                                         #
5 # Copyright (C) 2007-2019  IPFire Team  <info@ipfire.org>                     #
6 #                                                                             #
7 # This program is free software: you can redistribute it and/or modify        #
8 # it under the terms of the GNU General Public License as published by        #
9 # the Free Software Foundation, either version 3 of the License, or           #
10 # (at your option) any later version.                                         #
11 #                                                                             #
12 # This program is distributed in the hope that it will be useful,             #
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of              #
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
15 # GNU General Public License for more details.                                #
16 #                                                                             #
17 # You should have received a copy of the GNU General Public License           #
18 # along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
19 #                                                                             #
20 ###############################################################################
21
22 use strict;
23
24 # enable only the following on debugging purpose
25 #use warnings;
26 #use CGI::Carp 'fatalsToBrowser';
27
28 require '/var/ipfire/general-functions.pl';
29 require "${General::swroot}/lang.pl";
30 require "${General::swroot}/header.pl";
31
32 my %VULNERABILITIES = (
33         "l1tf" => "$Lang::tr{'foreshadow'} (CVE-2018-3620)",
34         "mds" => "$Lang::tr{'fallout zombieload ridl'} (CVE-2018-12126, CVE-2018-12130, CVE-2018-12127, CVE-2019-11091)",
35         "meltdown" => "$Lang::tr{'meltdown'} (CVE-2017-5754)",
36         "spec_store_bypass" => "$Lang::tr{'spectre variant 4'} (CVE-2018-3639)",
37         "spectre_v1" => "$Lang::tr{'spectre variant 1'} (CVE-2017-5753)",
38         "spectre_v2" => "$Lang::tr{'spectre variant 2'} (CVE-2017-5715)",
39 );
40
41 my $errormessage = "";
42 my $notice = "";
43
44 my %mainsettings = ();
45 my %color = ();
46 &General::readhash("${General::swroot}/main/settings", \%mainsettings);
47 &General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color);
48
49 my %settings = (
50         "ENABLE_SMT" => "auto",
51 );
52 &General::readhash("${General::swroot}/main/security", \%settings);
53
54 &Header::showhttpheaders();
55
56 &Header::getcgihash(\%settings);
57
58 if ($settings{'ACTION'} eq $Lang::tr{'save'}) {
59         if ($settings{'ENABLE_SMT'} !~ /^(auto|on)$/) {
60                 $errormessage = $Lang::tr{'invalid input'};
61         }
62
63         unless ($errormessage) {
64                 &General::writehash("${General::swroot}/main/security", \%settings);
65                 $notice = $Lang::tr{'please reboot to apply your changes'};
66         }
67 }
68
69 my %checked = ();
70 $checked{'ENABLE_SMT'}{'auto'} = '';
71 $checked{'ENABLE_SMT'}{'on'} = '';
72 $checked{'ENABLE_SMT'}{$settings{'ENABLE_SMT'}} = "checked";
73
74 &Header::openpage($Lang::tr{'processor vulnerability mitigations'}, 1, '');
75
76 &Header::openbigbox("100%", "left", "", $errormessage);
77
78 if ($errormessage) {
79         &Header::openbox('100%', 'left', $Lang::tr{'error messages'});
80         print "<font color='red'>$errormessage</font>";
81         &Header::closebox();
82 }
83
84 if ($notice) {
85         &Header::openbox('100%', 'left', $Lang::tr{'notice'});
86         print "<font color='red'>$notice</font>";
87         &Header::closebox();
88 }
89
90 &Header::openbox('100%', 'center', $Lang::tr{'processor vulnerability mitigations'});
91
92 print <<END;
93         <table class="tbl" width='100%'>
94                 <thead>
95                         <tr>
96                                 <th align="center">
97                                         <strong>$Lang::tr{'vulnerability'}</strong>
98                                 </th>
99                                 <th align="center">
100                                         <strong>$Lang::tr{'status'}</strong>
101                                 </th>
102                         </tr>
103                 </thead>
104                 <tbody>
105 END
106
107 my $id = 0;
108 for my $vuln (sort keys %VULNERABILITIES) {
109         my ($status, $message) = &check_status($vuln);
110         next if (!$status);
111
112         my $colour = "";
113         my $bgcolour = "";
114         my $status_message = "";
115
116         # Not affected
117         if ($status eq "Not affected") {
118                 $status_message = $Lang::tr{'not affected'};
119                 $colour = "white";
120                 $bgcolour = ${Header::colourblack};
121
122         # Vulnerable
123         } elsif ($status eq "Vulnerable") {
124                 $status_message = $Lang::tr{'vulnerable'};
125                 $colour = "white";
126                 $bgcolour = ${Header::colourred};
127
128         # Mitigated
129         } elsif ($status eq "Mitigation") {
130                 $status_message = $Lang::tr{'mitigated'};
131                 $colour = "black";
132                 $bgcolour = ${Header::colourorange};
133
134         } else {
135                 next;
136         }
137
138         my $table_colour = ($id++ % 2) ? $color{'color22'} : $color{'color20'};
139
140         print <<END;
141                 <tr bgcolor="$table_colour">
142                         <td align="left">
143                                 <strong>$VULNERABILITIES{$vuln}</strong>
144                         </td>
145
146                         <td bgcolor="$bgcolour" align="center">
147                                 <font color="$colour">
148 END
149         if ($message) {
150                 print "<strong>$status_message</strong>: $message";
151         } else {
152                 print "<strong>$status_message</strong>";
153         }
154
155         print <<END;
156                                 </font>
157                         </td>
158                 </tr>
159 END
160         }
161
162 print <<END;
163                 </tbody>
164         </table>
165 END
166
167 &Header::closebox();
168
169 print "<form method='post' action='$ENV{'SCRIPT_NAME'}'>\n";
170
171 &Header::openbox('100%', 'center', $Lang::tr{'settings'});
172
173 print <<END;
174         <table class="tbl" width="66%">
175                 <tbody>
176                         <tr>
177                                 <td width="50%" align="left">
178                                         <strong>$Lang::tr{'enable smt'}</strong>
179                                 </td>
180
181                                 <td width="50%" align="center">
182                                         <label>
183                                                 <input type="radio" name="ENABLE_SMT"
184                                                         value="auto" $checked{'ENABLE_SMT'}{'auto'}>
185                                                 $Lang::tr{'automatic'}
186                                         </label> /
187                                         <label>
188                                                 <input type="radio" name="ENABLE_SMT"
189                                                         value="on" $checked{'ENABLE_SMT'}{'on'}>
190                                                 $Lang::tr{'force enable'} ($Lang::tr{'dangerous'})
191                                         </label>
192                                 </td>
193                         </tr>
194
195                         <tr>
196                                 <td colspan="2" align="right">
197                                         <input type="submit" name="ACTION" value="$Lang::tr{'save'}">
198                                 </td>
199                         </tr>
200                 </tbody>
201         </table>
202 END
203
204 &Header::closebox();
205
206 print "</form>\n";
207
208 &Header::closebigbox();
209
210 &Header::closepage();
211
212 sub check_status($) {
213         my $vuln = shift;
214
215         open(FILE, "/sys/devices/system/cpu/vulnerabilities/$vuln") or return undef;
216         my $status = <FILE>;
217         close(FILE);
218
219         if ($status =~ /^(Mitigation): (.*)$/) {
220                 return ($1, $2);
221         } 
222
223         return $status;
224 }