Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-11 19:18:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Fixes for email_notice_to() function.

Browse source 
Newline characters need escaping so that an echo command can interpret
them into a newline in the output piped to sendmail, else sendmail can't
parse the headers correctly.

I made the echo command a configurable option of the notice framework
in case `echo -e` is overshadowed by some shell-specific implementation
that doesn't support that option for interpreting char sequences.
This commit is contained in:
Jon Siwek 2011-07-26 16:03:03 -05:00
parent 58ceceac31
commit a7db43efb1
1 changed files with 16 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

28
policy/frameworks/notice/base/main.bro
View file

@ -90,7 +90,8 @@ export {
## By adding chunks of text into this element, other scripts can ## By adding chunks of text into this element, other scripts can
## expand on notices that are being emailed. The normal way to add text ## expand on notices that are being emailed. The normal way to add text
## is to extend the vector by handling the :bro:id:`Notice::notice` ## is to extend the vector by handling the :bro:id:`Notice::notice`
## event and modifying the notice in place. ## event and modifying the notice in place. For newline characters
## to be rendered properly, they must be escaped as "\\n".
email_body_sections: vector of string &default=vector(); email_body_sections: vector of string &default=vector();
}; };
@ -138,6 +139,9 @@ export {
## Local system sendmail program. ## Local system sendmail program.
const sendmail = "/usr/sbin/sendmail" &redef; const sendmail = "/usr/sbin/sendmail" &redef;
## Local system echo/printf program that supports interpretted character
## sequences (e.g. "\n"), for use in with conjunction with sendmail.
const echocmd = "echo -e" &redef;
## Email address to send notices with the :bro:enum:`ACTION_EMAIL` action. ## Email address to send notices with the :bro:enum:`ACTION_EMAIL` action.
const mail_dest = "" &redef; const mail_dest = "" &redef;
@ -228,33 +232,33 @@ function email_notice_to(n: Notice::Info, dest: string, extend: bool)
return; return;
local email_text = cat( local email_text = cat(
"From: ", mail_from, "\n", "From: ", mail_from, "\\n",
"Subject: ", mail_subject_prefix, " ", n$note, "\n", "Subject: ", mail_subject_prefix, " ", n$note, "\\n",
"To: ", dest, "\n", "To: ", dest, "\\n",
# TODO: BiF to get version (the resource_usage Bif seems like overkill). # TODO: BiF to get version (the resource_usage Bif seems like overkill).
"User-Agent: Bro-IDS/?.?.?\n"); "User-Agent: Bro-IDS/?.?.?\\n");
if ( reply_to != "" ) if ( reply_to != "" )
email_text = cat(email_text, "Reply-To: ", reply_to, "\n"); email_text = cat(email_text, "Reply-To: ", reply_to, "\\n");
# The notice emails always start off with the human readable message. # The notice emails always start off with the human readable message.
email_text = cat(email_text, "\n", n$msg, "\n"); email_text = cat(email_text, "\\n", n$msg, "\\n");
# Add the extended information if it's requested. # Add the extended information if it's requested.
if ( extend ) if ( extend )
{ {
for ( i in n$email_body_sections ) for ( i in n$email_body_sections )
{ {
email_text = cat(email_text, "******************\n"); email_text = cat(email_text, "******************\\n");
email_text = cat(email_text, n$email_body_sections[i], "\n"); email_text = cat(email_text, n$email_body_sections[i], "\\n");
} }
} }
email_text = cat(email_text, "\n\n--\n[Automatically generated]\n\n"); email_text = cat(email_text, "\\n\\n--\\n[Automatically generated]\\n\\n");
local mail_cmd = local mail_cmd =
fmt("echo \"%s\" | %s -t -oi %s", fmt("%s \"%s\" | %s -t -oi",
str_shell_escape(email_text), sendmail); echocmd, str_shell_escape(email_text), sendmail);
system(mail_cmd); system(mail_cmd);
} }