PC World 2005 December

home *** CD-ROM | disk | FTP | other *** search

/ PC World 2005 December / PCWorld_2005-12_cd.bin / software / temacd / tiny / tpf-6[1].5.126.exe / Tiny Firewall 2005.msi / webui.dll / IDS / IDS-SDBFNCS.JS < prev next >

Wrap

JavaScript | 2005-08-17 | 33.2 KB | 1,130 lines

/*////////////////////////////////////////////////////////////////////// Filename: ids-sdbfncs.js Company Name: Computer Associates International, Inc. Legal Copyright: Copyright (c) Computer Associates International, Inc. Author: Ales Novak Product: Tiny Firewall Description: javascript code to access active IDS db through XMLSecDBParser COM iface ///////////////////////////////////////////////////////////////////////*/ // requires sdb-consts.js + sdb-msgs.js + tools.js /////////////////////////////////////////////////////////////////////// // getRuleGroupList - internal function function IDS_getRuleGroupList() { return external.ServerParser(XM_IDS).GroupList; } /////////////////////////////////////////////////////////////////////// // getDefinitionList - internal function function IDS_getDefinitionList() { return external.ServerParser(XM_IDS).DefinitionList; } /////////////////////////////////////////////////////////////////////// // saveChanges - internal function function IDS_saveChanges( bAvoidSavingSDB ) { if (!bAvoidSavingSDB || !parseBoolean(bAvoidSavingSDB)) { var parser = external.ServerParser(XM_IDS); parser.Save(parser.FilePath); //external.Save(); } } /////////////////////////////////////////////////////////////////////// // generateSID - internal function function IDS_generateSID() { return external.ServerParser(XM_IDS).GenerateSID(); } /////////////////////////////////////////////////////////////////////// // getRuleByRuleID - internal function // function getRuleByRuleID( strRuleGroup, iRuleID ) { try { var group = IDS_getRuleGroupList().Get(strRuleGroup); var itemEnum = new Enumerator(group.RuleList); itemEnum.moveFirst(); while (!itemEnum.atEnd()) { var rule = itemEnum.item(); if (rule.SID == parseInt(iRuleID)) { return rule; } itemEnum.moveNext(); } return null; } catch(e){ ErrorHandler( ERR_IDS_RULE_DOES_NOT_EXIST, STR_IDS_RULE_DOES_NOT_EXIST ); return null; } } /////////////////////////////////////////////////////////////////////// // IDS_AddRuleGroup - returns error if group already exists // function IDS_AddRuleGroup( strRuleGroup, bAvoidSavingSDB ) { try { var groupList = IDS_getRuleGroupList(); var group = groupList.CreateGroup(); group.Name = strRuleGroup; groupList.Insert( group ); IDS_saveChanges( bAvoidSavingSDB ); return SUCCESS; } catch(e){ return ErrorHandler( ERR_IDS_ADDING_GROUP_FAILED, STR_IDS_ADDING_GROUP_FAILED ); } } /////////////////////////////////////////////////////////////////////// // IDS_DeleteRuleGroup - deletes also all rules in the group // function IDS_DeleteRuleGroup( strRuleGroup, bAvoidSavingSDB ) { try { var groupList = IDS_getRuleGroupList(); var group = groupList.Get(strRuleGroup); groupList.Remove( group ); IDS_saveChanges( bAvoidSavingSDB ); return SUCCESS; } catch(e){ return ErrorHandler( ERR_IDS_DELETE_GROUP_FAILED, STR_IDS_DELETE_GROUP_FAILED ); } } /////////////////////////////////////////////////////////////////////// // IDS_GetTokenIDFromXMLAttributeValue - gets value such as "byte_test" and returns TID_BYTE_TEST or -1 on error // function IDS_GetTokenIDFromXMLAttributeValue( strTokenIdAttr ) { switch (strTokenIdAttr) { case "dsize": return TID_DSIZE; case "pcre": return TID_PCRE; case "content": return TID_CONTENT; case "byte_test": return TID_BYTE_TEST; case "byte_jump": return TID_BYTE_JUMP; case "isdataat": return TID_IS_DATA_AT; case "sameadr": return TID_SAMEADR; case "ip_ttl": return TID_IP_TTL; case "ip_tos": return TID_IP_TOS; case "ip_id": return TID_IP_ID; case "ip_opt": return TID_IP_OPT; case "ip_frg": return TID_IP_FRG; case "ip_ptc": return TID_IP_PTC; case "tcp_flg": return TID_TCP_FLG; case "tcp_seq": return TID_TCP_SEQ; case "tcp_ack": return TID_TCP_ACK; case "icmp_type": return TID_ICMP_TYPE; case "icmp_code": return TID_ICMP_CODE; case "echo_id": return TID_ECHO_ID; case "echo_seq": return TID_ECHO_SEQ; case "tcp_window": return TID_TCP_WINDOW; case "flow": return TID_FLOW; case "flowbits": return TID_FLOW_BITS; case "asn1": return TID_ASN1; // this token id is unsure... } return (-1); } /////////////////////////////////////////////////////////////////////// // IDS_GetTokenValueTypeByTokenID // function IDS_GetTokenValueTypeByTokenID( eTokenID ) { switch (parseInt(eTokenID)) { case TID_PCRE: return TT_STR; case TID_CONTENT: return TT_STR; case TID_FLOW: return TT_STR; case TID_FLOW_BITS: return TT_STR; case TID_TCP_FLG: return TT_STR; case TID_IP_FRG: return TT_STR; case TID_BYTE_TEST: return TT_INT; case TID_BYTE_JUMP: return TT_INT; case TID_SAMEADR: return TT_BOOL; } return TT_INT; } /////////////////////////////////////////////////////////////////////// // IDS_GetTokenValueTypeByTokenAttr // function IDS_GetTokenValueTypeByTokenAttr( strTokenIdAttr ) { switch (strTokenIdAttr) { case "pcre": return TT_STR; case "content": return TT_STR; case "ip_frg": return TT_STR; case "tcp_flg": return TT_STR; case "flowbits": return TT_STR; case "flow": return TT_STR; case "byte_test": return TT_INT; case "byte_jump": return TT_INT; case "sameadr": return TT_BOOL; } return TT_INT; } /////////////////////////////////////////////////////////////////////// // IDS_AddTokenToRule - eTokenType is automatically adjusted by eTokenID => string, int, bool // if eTokenType cannot be TT_BIN right now (Value for TT_BIN is expected as a string of hexadecimal numbers (e.g. "12FE56A3" )) // eRelation - is optional // // this fnc should be used for all token IDs, except: TID_CONTENT, TID_BYTE_JUMP, TID_BYTE_TEST, TID_FLOW_BITS, TID_IP_FRG, TID_TCP_FLG // function IDS_AddTokenToRule( strRuleGroup, iRuleID, eTokenID, Value, eRelation, bAvoidSavingSDB ) { try { var group = IDS_getRuleGroupList().Get(strRuleGroup); var eTokenType = IDS_GetTokenValueTypeByTokenID( parseInt(eTokenID) ); var itemEnum = new Enumerator(group.RuleList); itemEnum.moveFirst(); while (!itemEnum.atEnd()) { var rule = itemEnum.item(); if (rule.SID == parseInt(iRuleID)) { var token = rule.TokenList.CreateToken(); token.TokenID = parseInt(eTokenID); token.Type = parseInt(eTokenType); if (parseInt(eRelation)) token.Relation = parseInt(eRelation); if (Value) { if (parseInt(eTokenType) == TT_BIN) token.BinHEXValue = Value; else token.Value = (parseInt(eTokenType) == TT_INT) ? parseInt(Value) : ((parseInt(eTokenType) == TT_BOOL) ? parseBoolean(Value) : Value); } rule.TokenList.Insert( token ); IDS_saveChanges( bAvoidSavingSDB ); return SUCCESS; } itemEnum.moveNext(); } return ErrorHandler( ERR_IDS_RULE_DOES_NOT_EXIST, STR_IDS_RULE_DOES_NOT_EXIST ); } catch(e){ return ErrorHandler( ERR_IDS_ADDING_TOKEN_FAILED, STR_IDS_ADDING_TOKEN_FAILED ); } } /////////////////////////////////////////////////////////////////////// // IDS_AddContentTokenToRule // // content // type: str; can contain also characters not displayable, that are written in a c-like notation \a \b \f \n \r \t \v \" \\ \0 // and \xXX, where XX is allways two digits hexadecimal number. // optional atributes: // complement: int, is taken as a boolean (zero, nonzero) // uricont: int, is taken as a boolean (zero, nonzero) // nocase: int, is taken as a boolean (zero, nonzero) // regex: int, is taken as a boolean (zero, nonzero) // offset: int, allways positive integer // depth: int, allways positive integer // within: int, allways positive integer // distance: int, positive or negative integer function IDS_AddContentTokenToRule( strRuleGroup, iRuleID, strValue, bComplement, bUriCont, bNoCase, bRegEx, iOffset, iDepth, iWithin, iDistance, bAvoidSavingSDB ) { try { var rule = getRuleByRuleID( strRuleGroup, iRuleID ); if (!rule) return ErrorHandler( ERR_IDS_RULE_DOES_NOT_EXIST, STR_IDS_RULE_DOES_NOT_EXIST ); var token = rule.TokenList.CreateToken(); token.TokenID = TID_CONTENT; token.Type = TT_STR; token.Value = strValue; token.TokenAttrAsNumber("complement") = parseBoolean(bComplement); token.TokenAttrAsNumber("uricont") = parseBoolean(bUriCont); token.TokenAttrAsNumber("nocase") = parseBoolean(bNoCase); token.TokenAttrAsNumber("regex") = parseBoolean(bRegEx); token.TokenAttrAsNumber("offset") = parseInt(iOffset); token.TokenAttrAsNumber("depth") = parseInt(iDepth); token.TokenAttrAsNumber("within") = parseInt(iWithin); token.TokenAttrAsNumber("distance") = parseInt(iDistance); rule.TokenList.Insert( token ); IDS_saveChanges( bAvoidSavingSDB ); return SUCCESS; } catch(e){ return ErrorHandler( ERR_IDS_ADDING_TOKEN_FAILED, STR_IDS_ADDING_TOKEN_FAILED ); } } /////////////////////////////////////////////////////////////////////// // IDS_AddByteJumpTokenToRule // // byte_jump // type: int; allways positive integer, contains data size to read // optional atributes: // relative: int, is taken as a boolean (zero, nonzero) // align: int, is taken as a boolean (zero, nonzero) // format: str, can contain strings: little, big, like-c, hex, dec + oct. // offset: int, positive or negative integer function IDS_AddByteJumpTokenToRule( strRuleGroup, iRuleID, iValue, iRelative, iAlign, strFormat, iOffset, bAvoidSavingSDB ) { try { var rule = getRuleByRuleID( strRuleGroup, iRuleID ); if (!rule) return ErrorHandler( ERR_IDS_RULE_DOES_NOT_EXIST, STR_IDS_RULE_DOES_NOT_EXIST ); var token = rule.TokenList.CreateToken(); token.TokenID = TID_BYTE_JUMP; token.Type = TT_INT; token.Value = parseInt(iValue); token.TokenAttrAsNumber("relative") = parseInt(iRelative); token.TokenAttrAsNumber("align") = parseInt(iAlign); token.TokenAttrAsNumber("offset") = parseInt(iOffset); token.TokenAttr("format") = strFormat; rule.TokenList.Insert( token ); IDS_saveChanges( bAvoidSavingSDB ); return SUCCESS; } catch(e){ return ErrorHandler( ERR_IDS_ADDING_TOKEN_FAILED, STR_IDS_ADDING_TOKEN_FAILED ); } } /////////////////////////////////////////////////////////////////////// // IDS_AddByteTestTokenToRule // // byte_test // type: int; allways positive integer, contains value to compare // optional atributes: // similar to byte_jump, except align, which does not exists here, plus: // complement: int, is taken as a boolean (zero, nonzero) // size: int, allways positive integer // oper: str, can contain strings: equal, less, greater, and, xor + or. function IDS_AddByteTestTokenToRule( strRuleGroup, iRuleID, iValue, iRelative, strFormat, iOffset, bComplement, iSize, strOper, bAvoidSavingSDB ) { try { var rule = getRuleByRuleID( strRuleGroup, iRuleID ); if (!rule) return ErrorHandler( ERR_IDS_RULE_DOES_NOT_EXIST, STR_IDS_RULE_DOES_NOT_EXIST ); var token = rule.TokenList.CreateToken(); token.TokenID = TID_BYTE_TEST; token.Type = TT_INT; token.Value = parseInt(iValue); token.TokenAttrAsNumber("relative") = parseInt(iRelative); token.TokenAttrAsNumber("offset") = parseInt(iOffset); token.TokenAttr("format") = strFormat; token.TokenAttrAsNumber("complement") = parseBoolean(bComplement); token.TokenAttrAsNumber("size") = parseInt(iSize); token.TokenAttr("oper") = strOper; rule.TokenList.Insert( token ); IDS_saveChanges( bAvoidSavingSDB ); return SUCCESS; } catch(e){ return ErrorHandler( ERR_IDS_ADDING_TOKEN_FAILED, STR_IDS_ADDING_TOKEN_FAILED ); } } var FLG_NOT_SET = 0, FLG_SET = 1, FLG_IGNORE = 2; var FLGS_ONLY_SELECTED_MUST_BE_SET = 0, FLGS_ALL_SELECTED_MUST_BE_SET = 1, FLGS_ANY_SELECTED_MUST_BE_SET = 2, FLGS_ALL_SELECTED_MUST_NOT_BE_SET = 3; /////////////////////////////////////////////////////////////////////// // IDS_AddTcpFlgTokenToRule // flgXXX - can be FLG_NOT_SET, FLG_SET or FLG_IGNORE // eFlgsLogic - can be FLGS_XXX const // // tcp_flg // type: str; can contain characters [F] [S] [R] [P] [A] [U] [1] [2] [! | * | +] (FIN, SYN, RST, PUSH, ACK, URG, // reserved 1, reserved 2, negation, some of the bits must be set, all bits must be set) // optional atribute: // mask: str; can contain characters [F] [S] [R] [P] [A] [U] [1] [2] // note: negation character (!) is present at the beginning of the string while */+ characters at the end function IDS_AddTcpFlgTokenToRule( strRuleGroup, iRuleID, flgFIN, flgSYN, flgRST, flgPUSH, flgACK, flgURG, flgRes1, flgRes2, eFlgsLogic, bAvoidSavingSDB ) { try { var rule = getRuleByRuleID( strRuleGroup, iRuleID ); if (!rule) return ErrorHandler( ERR_IDS_RULE_DOES_NOT_EXIST, STR_IDS_RULE_DOES_NOT_EXIST ); var token = rule.TokenList.CreateToken(); token.TokenID = TID_TCP_FLG; token.Type = TT_STR; var strValue = ""; var strMask = ""; if (parseInt(eFlgsLogic)==FLGS_ALL_SELECTED_MUST_NOT_BE_SET) strValue += "!"; if (parseInt(flgFIN)==FLG_SET) strValue += "F"; if (parseInt(flgFIN)==FLG_IGNORE) strMask += "F"; if (parseInt(flgSYN)==FLG_SET) strValue += "S"; if (parseInt(flgSYN)==FLG_IGNORE) strMask += "S"; if (parseInt(flgRST)==FLG_SET) strValue += "R"; if (parseInt(flgRST)==FLG_IGNORE) strMask += "R"; if (parseInt(flgPUSH)==FLG_SET) strValue += "P"; if (parseInt(flgPUSH)==FLG_IGNORE) strMask += "P"; if (parseInt(flgACK)==FLG_SET) strValue += "A"; if (parseInt(flgACK)==FLG_IGNORE) strMask += "A"; if (parseInt(flgURG)==FLG_SET) strValue += "U"; if (parseInt(flgURG)==FLG_IGNORE) strMask += "U"; if (parseInt(flgRes1)==FLG_SET) strValue += "1"; if (parseInt(flgRes1)==FLG_IGNORE) strMask += "1"; if (parseInt(flgRes2)==FLG_SET) strValue += "2"; if (parseInt(flgRes2)==FLG_IGNORE) strMask += "2"; if (parseInt(eFlgsLogic)==FLGS_ALL_SELECTED_MUST_BE_SET) strValue += "+"; if (parseInt(eFlgsLogic)==FLGS_ANY_SELECTED_MUST_BE_SET) strValue += "*"; token.Value = strValue; if (strMask) token.TokenAttr("mask") = strMask; rule.TokenList.Insert( token ); IDS_saveChanges( bAvoidSavingSDB ); return SUCCESS; } catch(e){ return ErrorHandler( ERR_IDS_ADDING_TOKEN_FAILED, STR_IDS_ADDING_TOKEN_FAILED ); } } /////////////////////////////////////////////////////////////////////// // IDS_AddIpFrgTokenToRule // flgXXX - can be FLG_NOT_SET or FLG_SET // eFlgsLogic - can be FLGS_XXX const // //ip_frg // type: str; can contain characters [M] [D] [R] [! | * | +] (more fragments bit, don't fragment bit, reserved bit, // negation, some of the bits must be set, all bits must be set) // note: negation character (!) is present at the beginning of the string while */+ characters at the end function IDS_AddIpFrgTokenToRule( strRuleGroup, iRuleID, flgMORE, flgDONT, flgRES, eFlgsLogic, bAvoidSavingSDB ) { try { var rule = getRuleByRuleID( strRuleGroup, iRuleID ); if (!rule) return ErrorHandler( ERR_IDS_RULE_DOES_NOT_EXIST, STR_IDS_RULE_DOES_NOT_EXIST ); var token = rule.TokenList.CreateToken(); token.TokenID = TID_IP_FRG; token.Type = TT_STR; var strValue = ""; if (parseInt(eFlgsLogic)==FLGS_ALL_SELECTED_MUST_NOT_BE_SET) strValue += "!"; if (parseInt(flgMORE)==FLG_SET) strValue += "M"; if (parseInt(flgDONT)==FLG_SET) strValue += "D"; if (parseInt(flgRES)==FLG_SET) strValue += "R"; if (parseInt(eFlgsLogic)==FLGS_ALL_SELECTED_MUST_BE_SET) strValue += "+"; if (parseInt(eFlgsLogic)==FLGS_ANY_SELECTED_MUST_BE_SET) strValue += "*"; token.Value = strValue; rule.TokenList.Insert( token ); IDS_saveChanges( bAvoidSavingSDB ); return SUCCESS; } catch(e){ return ErrorHandler( ERR_IDS_ADDING_TOKEN_FAILED, STR_IDS_ADDING_TOKEN_FAILED ); } } /////////////////////////////////////////////////////////////////////// // IDS_AddFlowBitsTokenToRule // //flowbits // type: str; // attribute: // state: str function IDS_AddFlowBitsTokenToRule( strRuleGroup, iRuleID, strValue, strState, bAvoidSavingSDB ) { try { var rule = getRuleByRuleID( strRuleGroup, iRuleID ); if (!rule) return ErrorHandler( ERR_IDS_RULE_DOES_NOT_EXIST, STR_IDS_RULE_DOES_NOT_EXIST ); var token = rule.TokenList.CreateToken(); token.TokenID = TID_FLOW_BITS; token.Type = TT_STR; token.Value = strValue; if (strState) token.TokenAttr("state") = strState; rule.TokenList.Insert( token ); IDS_saveChanges( bAvoidSavingSDB ); return SUCCESS; } catch(e){ return ErrorHandler( ERR_IDS_ADDING_TOKEN_FAILED, STR_IDS_ADDING_TOKEN_FAILED ); } } /////////////////////////////////////////////////////////////////////// // IDS_RemoveTokenFromRule - fails if rule or token does not exist // Value, eRelation - are optional, if one of them not supplied, then the first token match of type eTokenID is deleted // function IDS_RemoveTokenFromRule( strRuleGroup, iRuleID, eTokenID, Value, eRelation, bAvoidSavingSDB ) { try { var group = IDS_getRuleGroupList().Get(strRuleGroup); var eTokenType = IDS_GetTokenValueTypeByTokenID( parseInt(eTokenID) ); var itemEnum = new Enumerator(group.RuleList); itemEnum.moveFirst(); while (!itemEnum.atEnd()) { var rule = itemEnum.item(); if (rule.SID == parseInt(iRuleID)) { var tokenEnum = new Enumerator(rule.TokenList); tokenEnum.moveFirst(); while (!tokenEnum.atEnd()) { var token = tokenEnum.item(); if (token.TokenID == parseInt(eTokenID) && (eRelation ? token.Relation == parseInt(eRelation) : true) && (parseInt(token.Type) == TT_BIN ? (Value ? token.BinHEXValue.toUpperCase() == Value.toUpperCase() : true) : (Value ? token.Value.toString() == Value.toString() : true)) ) { rule.TokenList.Remove( token ); IDS_saveChanges( bAvoidSavingSDB ); return SUCCESS; } tokenEnum.moveNext(); } } itemEnum.moveNext(); } } catch(e){ } return ErrorHandler( ERR_IDS_DELETE_TOKEN_FAILED, STR_IDS_DELETE_TOKEN_FAILED ); } /* /////////////////////////////////////////////////////////////////////// // IDS_GenerateUniqueSID - IDS parser does not support this function yet itself => this one is quite slow... // this function is used internally by IDS_AddRule // function IDS_GenerateUniqueSID( groupList ) { try { var sid = 0x40000001; while (sid < 0xC0000000) { var bMatchFound = false; var groupEnum = new Enumerator( groupList ); groupEnum.moveFirst(); while (!groupEnum.atEnd()) { var group = groupEnum.item(); var ruleList = group.RuleList; var itemEnum = new Enumerator(ruleList); itemEnum.moveFirst(); while (!itemEnum.atEnd()) { var rule = itemEnum.item(); if (rule.SID == sid) { bMatchFound = true; break; } itemEnum.moveNext(); } if (bMatchFound) break; groupEnum.moveNext(); } if (!bMatchFound) return sid; sid++; } return 0; } catch(e){ return 0; } } */ /////////////////////////////////////////////////////////////////////// // IDS_AddRule - adds new rule to existing strRuleGroup // if iRuleSID is missing or zero, then a new unique rule ID (SID) is generated // bIsPreventionRule - if set to nonzero, then the rule is for IPS instead of IDS // strLocIPAddressID, strRemIPAddressID => these are only IDs of predefined IP address objects, // cannot contain IP address directly // strLocalPorts, strRemotePorts => syntax "*", "80", "127-129", "!1000-1999" is supported, used only if TCP/UDP // tokens can be added only to an existing rule through a separate function // returns SID as a string (hexa format, e.g. "0x40000001") or empty string on failure // function IDS_AddRule( strRuleGroup, strName, eProtocol, eDirection, strLocalPorts, strRemotePorts, strLocIPAddressID, strRemIPAddressID, bIsPreventionRule, bDisabled, iRuleID, bAvoidSavingSDB ) { try { var groupList = IDS_getRuleGroupList(); var group = groupList.Get(strRuleGroup); var ruleList = group.RuleList; var rule = ruleList.CreateRule(); rule.Name = strName; // if the iRuleID is not supplied (the most common), then a unique ID is created if (iRuleID && parseInt(iRuleID)) rule.SID = iRuleID; else rule.SID = IDS_generateSID(); //IDS_GenerateUniqueSID( groupList ); if (!rule.SID) { ErrorHandler( ERR_IDS_ADDING_RULE_FAILED, STR_IDS_ADDING_RULE_FAILED ); return ""; } rule.AccessResult = parseBoolean(bIsPreventionRule) ? AR_PREVENT : AR_ALLOW; rule.AuditLevel = AL_MONITOR; rule.Enabled = parseBoolean(bDisabled) ? false : true; rule.RemIPAddressID = strRemIPAddressID; rule.LocIPAddressID = strLocIPAddressID; rule.Protocol = eProtocol ? parseInt(eProtocol) : 0; rule.Direction = eDirection ? parseInt(eDirection) : 0; // only TCP/UDP can have ports if (PROT_TCP == rule.Protocol || PROT_UDP == rule.Protocol || PROT_TCP_UDP == rule.Protocol || PROT_TCP_S == rule.Protocol) { rule.LocalPortFrom = 0; rule.LocalPortTo = 0; rule.RemotePortFrom = 0; rule.RemotePortTo = 0; // in addition to FW module, here also negation can be present if (strLocalPorts) { if ( strLocalPorts == "*") rule.LocalPortTo = 65535; else { if ('!' == strLocalPorts.charAt(0)) { rule.LocalPortsInverted = true; rule.LocalPortFrom = parseInt(strLocalPorts.substr(1)); } else rule.LocalPortFrom = parseInt(strLocalPorts); var Idx = strLocalPorts.search( "-" ); if ((-1) != Idx) rule.LocalPortTo = parseInt( strLocalPorts.substr(Idx+1) ); else rule.LocalPortTo = rule.LocalPortFrom; } } if (strRemotePorts) { if ( strRemotePorts == "*") rule.RemotePortTo = 65535; else { if ('!' == strRemotePorts.charAt(0)) { rule.RemotePortsInverted = true; rule.RemotePortFrom = parseInt(strRemotePorts.substr(1)); } else rule.RemotePortFrom = parseInt(strRemotePorts); var Idx = strRemotePorts.search( "-" ); if ((-1) != Idx) rule.RemotePortTo = parseInt( strRemotePorts.substr(Idx+1) ); else rule.RemotePortTo = rule.RemotePortFrom; } } } var iRetVal = rule.SID; //rule.TokenList = ; //rule.Assignment = ; ruleList.Insert(rule); IDS_saveChanges( bAvoidSavingSDB ); return ("0x" + iRetVal.toString(16)); } catch(e){ ErrorHandler( ERR_IDS_ADDING_RULE_FAILED, STR_IDS_ADDING_RULE_FAILED ); return ""; } } /////////////////////////////////////////////////////////////////////// // IDS_DeleteRule - fails if rule does not exist function IDS_DeleteRule( strRuleGroup, iRuleID, bAvoidSavingSDB ) { try { var group = IDS_getRuleGroupList().Get(strRuleGroup); var ruleList = group.RuleList; //var rule = ruleList.Get(strRuleID); => not exists => must walk through the rules... //if (rule) // ruleList.Remove(rule); var itemEnum = new Enumerator(ruleList); itemEnum.moveFirst(); while (!itemEnum.atEnd()) { var rule = itemEnum.item(); if (rule.SID == parseInt(iRuleID)) { ruleList.Remove(rule); IDS_saveChanges( bAvoidSavingSDB ); return SUCCESS; } itemEnum.moveNext(); } return ErrorHandler( ERR_IDS_RULE_DOES_NOT_EXIST, STR_IDS_RULE_DOES_NOT_EXIST ); } catch(e){ return ErrorHandler( ERR_IDS_DELETE_RULE_FAILED, STR_IDS_DELETE_RULE_FAILED ); } } /////////////////////////////////////////////////////////////////////// // IDS_EnableRule - enables or disables particular rule, the rule is not deleted from the database function IDS_EnableRule( strRuleGroup, iRuleID, bDisable, bAvoidSavingSDB ) { try { var group = IDS_getRuleGroupList().Get(strRuleGroup); var ruleList = group.RuleList; var itemEnum = new Enumerator(ruleList); itemEnum.moveFirst(); while (!itemEnum.atEnd()) { var rule = itemEnum.item(); if (rule.SID == parseInt(iRuleID)) { rule.Enabled = parseBoolean(bDisable) ? false : true; IDS_saveChanges( bAvoidSavingSDB ); return SUCCESS; } itemEnum.moveNext(); } return ErrorHandler( ERR_IDS_RULE_DOES_NOT_EXIST, STR_IDS_RULE_DOES_NOT_EXIST ); } catch(e){ return ErrorHandler( ERR_IDS_EDIT_RULE_FAILED, STR_IDS_EDIT_RULE_FAILED ); } } /////////////////////////////////////////////////////////////////////// // IDS_SetDirection - function IDS_SetDirection( strRuleGroup, iRuleID, eDirection, bAvoidSavingSDB ) { try { var group = IDS_getRuleGroupList().Get(strRuleGroup); var ruleList = group.RuleList; var itemEnum = new Enumerator(ruleList); itemEnum.moveFirst(); while (!itemEnum.atEnd()) { var rule = itemEnum.item(); if (rule.SID == parseInt(iRuleID)) { rule.Direction = eDirection ? parseInt(eDirection) : 0; IDS_saveChanges( bAvoidSavingSDB ); return SUCCESS; } itemEnum.moveNext(); } return ErrorHandler( ERR_IDS_RULE_DOES_NOT_EXIST, STR_IDS_RULE_DOES_NOT_EXIST ); } catch(e){ return ErrorHandler( ERR_IDS_EDIT_RULE_FAILED, STR_IDS_EDIT_RULE_FAILED ); } } /////////////////////////////////////////////////////////////////////// // IDS_SetRemoteIP - function IDS_SetRemoteIP( strRuleGroup, iRuleID, strRemIPAddressID, bAvoidSavingSDB ) { try { var group = IDS_getRuleGroupList().Get(strRuleGroup); var ruleList = group.RuleList; var itemEnum = new Enumerator(ruleList); itemEnum.moveFirst(); while (!itemEnum.atEnd()) { var rule = itemEnum.item(); if (rule.SID == parseInt(iRuleID)) { rule.RemIPAddressID = strRemIPAddressID; IDS_saveChanges( bAvoidSavingSDB ); return SUCCESS; } itemEnum.moveNext(); } return ErrorHandler( ERR_IDS_RULE_DOES_NOT_EXIST, STR_IDS_RULE_DOES_NOT_EXIST ); } catch(e){ return ErrorHandler( ERR_IDS_EDIT_RULE_FAILED, STR_IDS_EDIT_RULE_FAILED ); } } /////////////////////////////////////////////////////////////////////// // IDS_SetAccess - function IDS_SetAccess( strRuleGroup, iRuleID, bIsPreventionRule, bAvoidSavingSDB ) { try { var group = IDS_getRuleGroupList().Get(strRuleGroup); var ruleList = group.RuleList; var itemEnum = new Enumerator(ruleList); itemEnum.moveFirst(); while (!itemEnum.atEnd()) { var rule = itemEnum.item(); if (rule.SID == parseInt(iRuleID)) { rule.AccessResult = parseBoolean(bIsPreventionRule) ? AR_PREVENT : AR_ALLOW; IDS_saveChanges( bAvoidSavingSDB ); return SUCCESS; } itemEnum.moveNext(); } return ErrorHandler( ERR_IDS_RULE_DOES_NOT_EXIST, STR_IDS_RULE_DOES_NOT_EXIST ); } catch(e){ return ErrorHandler( ERR_IDS_EDIT_RULE_FAILED, STR_IDS_EDIT_RULE_FAILED ); } } /////////////////////////////////////////////////////////////////////// // IDS_SetRemPort - function IDS_SetRemPort( strRuleGroup, iRuleID, strRemport, bAvoidSavingSDB ) { try { var group = IDS_getRuleGroupList().Get(strRuleGroup); var ruleList = group.RuleList; var itemEnum = new Enumerator(ruleList); itemEnum.moveFirst(); while (!itemEnum.atEnd()) { var rule = itemEnum.item(); if (rule.SID == parseInt(iRuleID)) { rule.RemotePortFrom = 0; rule.RemotePortTo = 0; rule.RemotePortsInverted = false; // in addition to FW module, here also negation can be present if (strRemport) { if ( strRemport == "*") rule.RemotePortTo = 65535; else { if ('!' == strRemport.charAt(0)) { rule.RemotePortsInverted = true; rule.RemotePortFrom = parseInt(strRemport.substr(1)); } else rule.RemotePortFrom = parseInt(strRemport); var Idx = strRemport.search( "-" ); if ((-1) != Idx) rule.RemotePortTo = parseInt( strRemport.substr(Idx+1) ); else rule.RemotePortTo = rule.RemotePortFrom; } } IDS_saveChanges( bAvoidSavingSDB ); return SUCCESS; } itemEnum.moveNext(); } return ErrorHandler( ERR_IDS_RULE_DOES_NOT_EXIST, STR_IDS_RULE_DOES_NOT_EXIST ); } catch(e){ return ErrorHandler( ERR_IDS_EDIT_RULE_FAILED, STR_IDS_EDIT_RULE_FAILED ); } } /////////////////////////////////////////////////////////////////////// // IDS_SetLocPort - function IDS_SetLocPort( strRuleGroup, iRuleID, strLocalPorts, bAvoidSavingSDB ) { try { var group = IDS_getRuleGroupList().Get(strRuleGroup); var ruleList = group.RuleList; var itemEnum = new Enumerator(ruleList); itemEnum.moveFirst(); while (!itemEnum.atEnd()) { var rule = itemEnum.item(); if (rule.SID == parseInt(iRuleID)) { rule.LocalPortFrom = 0; rule.LocalPortTo = 0; rule.LocalPortsInverted = false; // in addition to FW module, here also negation can be present if (strLocalPorts) { if ( strLocalPorts == "*") rule.LocalPortTo = 65535; else { if ('!' == strLocalPorts.charAt(0)) { rule.LocalPortsInverted = true; rule.LocalPortFrom = parseInt(strLocalPorts.substr(1)); } else rule.LocalPortFrom = parseInt(strLocalPorts); var Idx = strLocalPorts.search( "-" ); if ((-1) != Idx) rule.LocalPortTo = parseInt( strLocalPorts.substr(Idx+1) ); else rule.LocalPortTo = rule.LocalPortFrom; } } IDS_saveChanges( bAvoidSavingSDB ); return SUCCESS; } itemEnum.moveNext(); } return ErrorHandler( ERR_IDS_RULE_DOES_NOT_EXIST, STR_IDS_RULE_DOES_NOT_EXIST ); } catch(e){ return ErrorHandler( ERR_IDS_EDIT_RULE_FAILED, STR_IDS_EDIT_RULE_FAILED ); } } // the following functions are exactly the same as their FW_ equivalents // => IDS_AddPredefinedIPAddressObject, IDS_DeletePredefinedIPAddressObject, IDS_AddIPAddressToPredefinedObject // IDS_ClearAllIPAddressesFromPredefinedObject, IDS_RemoveIPAddressFromPredefinedObject /////////////////////////////////////////////////////////////////////// // IDS_AddPredefinedIPAddressObject function IDS_AddPredefinedIPAddressObject( strIPAddressObjectID, strIPAddress, bAvoidSavingSDB ) { try { var definitionList = IDS_getDefinitionList(); var definition = definitionList.CreateDefinition(); definition.DefinitionID = strIPAddressObjectID; definition.ObjectType = OT_IDS_IPADDR; if (strIPAddress) { var newItem = definition.ItemList.CreateItem(); newItem.Content = strIPAddress; definition.ItemList.Insert(newItem); } definitionList.Insert( definition ); IDS_saveChanges( bAvoidSavingSDB ); return SUCCESS; } catch(e) { return ErrorHandler( ERR_IDS_ADDING_OBJECT_FAILED, STR_IDS_ADDING_OBJECT_FAILED ); } } /////////////////////////////////////////////////////////////////////// // IDS_DeletePredefinedIPAddressObject function IDS_DeletePredefinedIPAddressObject( strIPAddressObjectID, bAvoidSavingSDB ) { // remove it from FW database try { var definitionList = IDS_getDefinitionList(); var definition = definitionList.Get( strIPAddressObjectID ); if (definition) definitionList.Remove(definition); IDS_saveChanges( bAvoidSavingSDB ); return SUCCESS; } catch(e) { return ErrorHandler( ERR_IDS_DELETE_OBJECT_FAILED, STR_IDS_DELETE_OBJECT_FAILED ); } } /////////////////////////////////////////////////////////////////////// // IDS_AddIPAddressToPredefinedObject - in addition to FW, also 'complement' keyword can be present function IDS_AddIPAddressToPredefinedObject( strIPAddressObjectID, strIPAddress, bAvoidSavingSDB ) { try { var definitionList = IDS_getDefinitionList(); var definition = definitionList.Get( strIPAddressObjectID ); var newItem = definition.ItemList.CreateItem(); newItem.Content = strIPAddress; definition.ItemList.Insert(newItem); IDS_saveChanges( bAvoidSavingSDB ); return SUCCESS; } catch(e) { return ErrorHandler( ERR_IDS_EDIT_OBJECT_FAILED, STR_IDS_EDIT_OBJECT_FAILED ); } } /////////////////////////////////////////////////////////////////////// // IDS_ClearAllIPAddressesFromPredefinedObject function IDS_ClearAllIPAddressesFromPredefinedObject( strIPAddressObjectID, bAvoidSavingSDB ) { try { var definitionList = IDS_getDefinitionList(); var definition = definitionList.Get( strIPAddressObjectID ); definition.ItemList.Clear(); IDS_saveChanges( bAvoidSavingSDB ); return SUCCESS; } catch(e) { return ErrorHandler( ERR_IDS_EDIT_OBJECT_FAILED, STR_IDS_EDIT_OBJECT_FAILED ); } } /////////////////////////////////////////////////////////////////////// // IDS_RemoveIPAddressFromPredefinedObject function IDS_RemoveIPAddressFromPredefinedObject( strIPAddressObjectID, strIPAddress, bAvoidSavingSDB ) { try { var definitionList = IDS_getDefinitionList(); var definition = definitionList.Get( strIPAddressObjectID ); var itemEnum = new Enumerator(definition.ItemList); itemEnum.moveFirst(); while (!itemEnum.atEnd()) { var item = itemEnum.item(); if (item.Content == strIPAddress) { definition.ItemList.Remove(item); break; } itemEnum.moveNext(); } IDS_saveChanges( bAvoidSavingSDB ); return SUCCESS; } catch(e) { return ErrorHandler( ERR_IDS_EDIT_OBJECT_FAILED, STR_IDS_EDIT_OBJECT_FAILED ); } }