From: Stefan Schantl Date: Sat, 9 Aug 2025 15:50:48 +0000 (+0200) Subject: ids.cgi: Add code for e-mail input validation X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=refs%2Fheads%2Fsuricata-mails;p=people%2Fstevee%2Fipfire-2.x.git ids.cgi: Add code for e-mail input validation Signed-off-by: Stefan Schantl --- diff --git a/html/cgi-bin/ids.cgi b/html/cgi-bin/ids.cgi index 8d9fbfc16..f34149473 100644 --- a/html/cgi-bin/ids.cgi +++ b/html/cgi-bin/ids.cgi @@ -574,6 +574,29 @@ if ($cgiparams{'RULESET'} eq $Lang::tr{'ids apply'}) { } } + # Check if the e-mail feature should be used. + if ($cgiparams{'ENABLE_EMAIL'} eq "on") { + # Check if a sender mail address has been provided. + unless($cgiparams{'EMAIL_SENDER'}) { + $errormessage = $Lang::tr{'ids no email sender'}; + } + + # Check if the given sender mail address is valid. + if (&_validate_mail_address($cgiparams{'EMAIL_SENDER'})) { + $errormessage = "$cgiparams{'EMAIL_SENDER'} - $Lang::tr{'ids invalid mail address'}"; + } + + # Check if at least one mail recipient has been given. + unless($cgiparams{'EMAIL_RECIPIENTS'}) { + $errormessage = $Lang::tr{'ids no email recipients'}; + } + + # Check if the given recipient mail address or addresses are valid. + if (&_validate_mail_address($cgiparams{'EMAIL_RECIPIENTS'})) { + $errormessage = "$cgiparams{'EMAIL_RECIPIENTS'} - $Lang::tr{'ids invalid mail address'}"; + } + } + # Go on if there are no error messages. if (!$errormessage) { # Store settings into settings file. @@ -589,6 +612,9 @@ if ($cgiparams{'RULESET'} eq $Lang::tr{'ids apply'}) { # Generate file to store the HTTP ports. &IDS::generate_http_ports_file(); + # Generate report generator config file. + &IDS::generate_report_generator_config(); + # Check if the IDS currently is running. if(&IDS::ids_is_running()) { # Check if ENABLE_IDS is set to on. @@ -1027,7 +1053,7 @@ print <
- +
 $Lang::tr{'ids enable'} @@ -2091,3 +2117,27 @@ sub _rulefile_to_category($) { # Return the converted filename. return $category; } + +# +## Private function to validate if a given string contains one or +## more valid mail addresses. +# +sub _validate_mail_address($) { + my ($address) = @_; + + # Temporary array, which holds the single mail addresses. + my @temp; + + # Split the string of mail addresses into single pieces and + # store them into the temporary array. + @temp = split(/\,/, $address); + + # Loop through the array of mail addresses. + foreach my $addr (@temp) { + # Return 1 if the processed mail address is invalid. + return 1 unless($addr =~ '^([a-zA-Z][\w\_\.]{6,15})\@([a-zA-Z0-9.-]+)\.([a-zA-Z]{2,4})$'); + } + + # Return nothing if the address is valid. + return; +} diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl index 9a944f16a..c2ebf0bd0 100644 --- a/langs/de/cgi-bin/de.pl +++ b/langs/de/cgi-bin/de.pl @@ -1402,6 +1402,7 @@ 'ids force ruleset update' => 'Regelset jetzt aktualisieren', 'ids hide' => 'Verstecken', 'ids ignored hosts' => 'Ausnahmeliste', +'ids invalid mail address' => 'Ist oder enthält eine ungültige E-Mail Addresse', 'ids log hits' => 'Gesamtanzahl der Regeltreffer für', 'ids log viewer' => 'Protokoll des Einbruchsverhinderungssystems', 'ids logs' => 'IPS-Protokolldateien', @@ -1409,6 +1410,8 @@ 'ids merge sid files' => 'Sid-to-message Dateien zusammenführen...', 'ids monitor traffic only' => 'Netzwerkpakete nur überprüfen (nicht verwerfen)', 'ids monitored interfaces' => 'Überwachte Netzwerkzonen', +'ids no email recipients' => 'Keine Empfänger-Addresse angegeben', +'ids no email sender' => 'Keine Sender-Addresse angegeben', 'ids no enabled ruleset provider' => 'Es ist kein aktivierter Provider verfügbar. Bitte aktivieren Sie einen oder fügen Sie einen Provider hinzu.', 'ids no network zone' => 'Bitte wählen Sie mindestens eine zu überwachende Netzwerkzone aus', 'ids oinkcode required' => 'Für den ausgewählten Regelsatz wird ein Abonnement oder ein Oinkcode benötigt', diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index a0f0ceb8a..09b524f2a 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -1460,6 +1460,7 @@ 'ids force ruleset update' => 'Force ruleset update', 'ids hide' => 'Hide', 'ids ignored hosts' => 'Whitelisted Hosts', +'ids invalid mail address' => 'Is or contains an invalid mail address.', 'ids log hits' => 'Total of number of activated rules for', 'ids log viewer' => 'IPS Log Viewer', 'ids logs' => 'IPS Logs', @@ -1467,6 +1468,8 @@ 'ids merge sid files' => 'Merging sid to message files...', 'ids monitor traffic only' => 'Monitor traffic only', 'ids monitored interfaces' => 'Monitored Interfaces', +'ids no email recipients' => 'No email recipients given', +'ids no email sender' => 'No sender email address specified', 'ids no enabled ruleset provider' => 'No enabled ruleset is available. Please activate or add one first.', 'ids no network zone' => 'Please select at least one network zone to be monitored', 'ids provider' => 'Provider',