From 691992f28e9b9b13075a90c6a96cb06b02f80dc4 Mon Sep 17 00:00:00 2001 From: Sven Waschkut Date: Tue, 1 Mar 2022 08:30:47 +0100 Subject: [PATCH] UTIL type=rule 'filter=(service has.value.recursive PORT-RANGE)' | bugfix if searched PORT-RANGE is partial available, and if multiple port-range are available in service-group --- CHANGELOG.txt | 1 + .../ServiceRuleContainer.php | 45 ++++++++++++------- 2 files changed, 30 insertions(+), 16 deletions(-) diff --git a/CHANGELOG.txt b/CHANGELOG.txt index 8011b001..d07c6384 100644 --- a/CHANGELOG.txt +++ b/CHANGELOG.txt @@ -12,6 +12,7 @@ BUGFIX: * class SecurityProfilStore | bugfix to handle parentStore correctly * UTIL type=securityprofile | bugfix missing array variable declaration * UTIL type=rule | bugfix for 'filter=(service has.value.recursive PORT-RANGE)' +* UTIL type=rule 'filter=(service has.value.recursive PORT-RANGE)' | bugfix if searched PORT-RANGE is partial available, and if multiple port-range are available in service-group GENERAL: * framework all Object Classes | improve code for usage of single method parentCentralStore() diff --git a/lib/container-classes/ServiceRuleContainer.php b/lib/container-classes/ServiceRuleContainer.php index 7ac15d66..d9a59995 100644 --- a/lib/container-classes/ServiceRuleContainer.php +++ b/lib/container-classes/ServiceRuleContainer.php @@ -604,6 +604,7 @@ public function generateFastHashComp($force = FALSE) function hasValue($value, $check_recursive = FALSE) { $rangeValue = false; + $port_value_range = array(); if( strpos($value, "-") !== FALSE ) { $rangeValue = true; @@ -634,29 +635,26 @@ function hasValue($value, $check_recursive = FALSE) $text_replace = array('tcp/', 'udp/'); $port_mapping_text = str_replace($text_replace, "", $port_mapping_text); - if( strpos($port_mapping_text, "-") !== FALSE ) + if( strpos($port_mapping_text, ",") !== FALSE ) { - $port_mapping_range = explode("-", $port_mapping_text); - if( $rangeValue ) - { - if( intval($port_mapping_range[0]) <= intval($port_value_range[0]) && intval($port_mapping_range[1]) >= intval($port_value_range[1]) ) - return TRUE; - } - else - { - if( intval($port_mapping_range[0]) <= intval($value) && intval($port_mapping_range[1]) >= intval($value) ) - return TRUE; - } - } - elseif( strpos($port_mapping_text, ",") !== FALSE ) - { - $port_mapping_list = explode(",", $port_mapping_text); + $port_mapping_list = explode(",", $port_mapping_text); foreach( $port_mapping_list as $list_object ) { if( $value == $list_object ) return TRUE; + elseif( strpos($list_object, "-") !== FALSE ) + { + if( self::checkValueRange( $rangeValue, $port_value_range, $value, $list_object) ) + return TRUE; + } } } + elseif( strpos($port_mapping_text, "-") !== FALSE ) + { + if( self::checkValueRange( $rangeValue, $port_value_range, $value, $port_mapping_text) ) + return TRUE; + } + elseif( $value == $port_mapping_text ) return TRUE; } @@ -664,6 +662,21 @@ function hasValue($value, $check_recursive = FALSE) return FALSE; } + + public function checkValueRange( $rangeValue, $port_value_range, $value, $port_mapping_text) + { + $port_mapping_range = explode("-", $port_mapping_text); + if( $rangeValue ) + { + if( intval($port_mapping_range[0]) <= intval($port_value_range[0]) && intval($port_mapping_range[1]) >= intval($port_value_range[1]) ) + return TRUE; + } + else + { + if( intval($port_mapping_range[0]) <= intval($value) && intval($port_mapping_range[1]) >= intval($value) ) + return TRUE; + } + } }