ids.cgi: Rework handling of enabled/disabled sids

Now the enabled or disabled sids are stored in a single
hash instead of two arrays, which easily can be modified.

When saving the ruleset, the new read_enabled_disabled_sids() function
will be used to read-in the current (old) saved enabled or disabled sids
and add them to the new hash structure.

After adding or modifiying sids to the hash, the entries will be written
to the corresponding files.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>

diff --git a/html/cgi-bin/ids.cgi b/html/cgi-bin/ids.cgi
index bb124bdfeb16c402a4178835a30fd74834f2ec44..76848f71a4212222e62f67e859b39ac74d9efb43 100644 (file)
--- a/html/cgi-bin/ids.cgi
+++ b/html/cgi-bin/ids.cgi
@@ -141,11 +141,12 @@ if ($cgiparams{'RULESET'} eq $Lang::tr{'update'}) {
        my $enabled_sids_file = "$IDS::settingsdir/oinkmaster-enabled-sids.conf";
        my $disabled_sids_file = "$IDS::settingsdir/oinkmaster-disabled-sids.conf";
 
-       # Arrays to store sid which should be added to the corresponding files.
-       my @enabled_sids;
-       my @disabled_sids;
+       # Arrays to store which rulefiles have been enabled and will be used.
        my @enabled_rulefiles;
 
+       # Hash to store the user-enabled and disabled sids.
+       my %enabled_disabled_sids;
+
        # Loop through the hash of idsrules.
        foreach my $rulefile(keys %idsrules) {
                # Check if the rulefile is enabled.
@@ -158,6 +159,13 @@ if ($cgiparams{'RULESET'} eq $Lang::tr{'update'}) {
                }
        }
 
+       # Read-in the files for enabled/disabled sids.
+       # This will be done by calling the read_enabled_disabled_sids_file function two times
+       # and merge the returned hashes together into the enabled_disabled_sids hash.
+       %enabled_disabled_sids = (
+               &read_enabled_disabled_sids_file($disabled_sids_file),
+               &read_enabled_disabled_sids_file($enabled_sids_file));
+
        # Loop through the hash of idsrules.
        foreach my $rulefile (keys %idsrules) {
                # Loop through the single rules of the rulefile.
@@ -171,8 +179,8 @@ if ($cgiparams{'RULESET'} eq $Lang::tr{'update'}) {
                                if ($idsrules{$rulefile}{$sid}{'State'} eq "off") {
                                        # Check if the state has been set to 'on'.
                                        if ($cgiparams{$sid} eq "on") {
-                                               # Add the sid to the enabled_sids array.
-                                               push(@enabled_sids, $sid);
+                                               # Add/Modify the sid to/in the enabled_disabled_sids hash.
+                                               $enabled_disabled_sids{$sid} = "enabled";
 
                                                # Drop item from cgiparams hash.
                                                delete $cgiparams{$rulefile}{$sid};
@@ -184,8 +192,8 @@ if ($cgiparams{'RULESET'} eq $Lang::tr{'update'}) {
                                        # Check if the state is 'on' and should be disabled.
                                        # In this case there is no entry
                                        # for the sid in the cgiparams hash.
-                                       # Add it to the disabled_sids array.
-                                       push(@disabled_sids, $sid);
+                                       # Add/Modify it to/in the enabled_disabled_sids hash.
+                                       $enabled_disabled_sids{$sid} = "disabled";
 
                                        # Drop item from cgiparams hash.
                                        delete $cgiparams{$rulefile}{$sid};
@@ -195,38 +203,39 @@ if ($cgiparams{'RULESET'} eq $Lang::tr{'update'}) {
        }
 
        # Open enabled sid's file for writing.
-       open(FILE, ">$enabled_sids_file") or die "Could not write to $enabled_sids_file. $!\n";
-
-       # Write header to file.
-       print FILE "#Autogenerated file. Any custom changes will be overwritten!\n";
-
-       # Check if the enabled_sids array contains any sid's.
-       if (@enabled_sids) {
-               # Loop through the array of enabled sids and write them to the file.
-               foreach my $sid (@enabled_sids) {
-                       print FILE "enablesid $sid\n";
-               }
-       }
-
-       # Close file after writing.
-       close(FILE);
+       open(ENABLED_FILE, ">$enabled_sids_file") or die "Could not write to $enabled_sids_file. $!\n";
 
        # Open disabled sid's file for writing.
-       open(FILE, ">$disabled_sids_file") or die "Could not write to $disabled_sids_file. $!\n";
-
-       # Write header to file.
-       print FILE "#Autogenerated file. Any custom changes will be overwritten!\n";
-
-       # Check if the enabled_sids array contains any sid's.
-        if (@disabled_sids) {
-               # Loop through the array of disabled sids and write them to the file.
-               foreach my $sid (@disabled_sids) {
-                       print FILE "disablesid $sid\n";
+       open(DISABLED_FILE, ">$disabled_sids_file") or die "Could not write to $disabled_sids_file. $!\n";
+
+       # Write header to the files.
+       print ENABLED_FILE "#Autogenerated file. Any custom changes will be overwritten!\n";
+       print DISABLED_FILE "#Autogenerated file. Any custom changes will be overwritten!\n";
+
+       # Check if the hash for enabled/disabled files contains any entries.
+       if (%enabled_disabled_sids) {
+               # Loop through the hash.
+               foreach my $sid (keys %enabled_disabled_sids) {
+                       # Check if the sid is enabled.
+                       if ($enabled_disabled_sids{$sid} eq "enabled") {
+                               # Print the sid to the enabled_sids file.
+                               print ENABLED_FILE "enablesid $sid\n";
+                       # Check if the sid is disabled.
+                       } elsif ($enabled_disabled_sids{$sid} eq "disabled") {
+                               # Print the sid to the disabled_sids file.
+                               print DISABLED_FILE "disablesid $sid\n";
+                       # Something strange happende - skip the current sid.
+                       } else {
+                               next;
+                       }
                }
        }
 
-       # Close file after writing.
-       close(FILE);
+       # Close file for enabled_sids after writing.
+       close(ENABLED_FILE);
+
+       # Close file for disabled_sids after writing.
+       close(DISABLED_FILE);
 
        # Open file for used rulefiles.
        open (FILE, ">$idsusedrulefilesfile") or die "Could not write to $idsusedrulefilesfile. $!\n";