Rewrite netcmd and ripe whois tools (#9724)

* Port RIPE whois to Laravel

* remove netcmd.php and port to laravel.
Escape CLI and set it to stream output live.

* fix browser buffer bust on a few browsers.

app/ApiClients/RipeApi.php

@@ -0,0 +1,97 @@
+<?php
+/**
+ * RipeWhoisApi.php
+ *
+ * -Description-
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ * @package    LibreNMS
+ * @link       http://librenms.org
+ * @copyright  2019 Tony Murray
+ * @author     Tony Murray <murraytony@gmail.com>
+ */
+
+namespace App\ApiClients;
+
+use GuzzleHttp\Exception\RequestException;
+use LibreNMS\Exceptions\ApiException;
+
+class RipeApi extends BaseApi
+{
+    protected $base_uri = 'https://stat.ripe.net';
+
+    protected $whois_uri = '/data/whois/data.json';
+    protected $abuse_uri = '/data/abuse-contact-finder/data.json';
+
+    /**
+     * Get whois info
+     *
+     * @param string $resource ASN/IPv4/IPv6
+     * @return array
+     * @throws ApiException
+     */
+    public function getWhois($resource)
+    {
+        return $this->makeApiCall($this->whois_uri, [
+            'query' => [
+                'resource' => $resource
+            ]
+        ]);
+    }
+
+    /**
+     * Get Abuse contact
+     *
+     * @param string $resource prefix, single IP address or ASN
+     * @return array|mixed
+     * @throws ApiException
+     */
+    public function getAbuseContact($resource)
+    {
+        return $this->makeApiCall($this->abuse_uri, [
+            'query' => [
+                'resource' => $resource
+            ]
+        ]);
+    }
+
+    /**
+     * @param $uri
+     * @param $options
+     * @return array|mixed
+     * @throws ApiException
+     */
+    private function makeApiCall($uri, $options)
+    {
+        try {
+            $response = $this->getClient()->get($uri, $options);
+            $response_data = json_decode($response->getBody(), true);
+            if (isset($response_data['status']) && $response_data['status'] == 'ok') {
+                return $response_data;
+            } else {
+                dd($response->getBody());
+                throw new ApiException("RIPE API call failed", $response_data);
+            }
+        } catch (RequestException $e) {
+            $message = 'RIPE API call to ' . $e->getRequest()->getUri() . ' failed: ';
+            $message .= $e->getResponse()->getReasonPhrase() . ' ' . $e->getResponse()->getStatusCode();
+
+            throw new ApiException(
+                $message,
+                json_decode($e->getResponse()->getBody(), true)
+            );
+        }
+    }
+}

app/Http/Controllers/Ajax/NetCommand.php

@@ -0,0 +1,95 @@
+<?php
+/**
+ * NetCommand.php
+ *
+ * -Description-
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ * @package    LibreNMS
+ * @link       http://librenms.org
+ * @copyright  2019 Tony Murray
+ * @author     Tony Murray <murraytony@gmail.com>
+ */
+
+namespace App\Http\Controllers\Ajax;
+
+use App\Http\Controllers\Controller;
+use Config;
+use Illuminate\Http\Request;
+use Symfony\Component\HttpFoundation\StreamedResponse;
+use Symfony\Component\Process\Process;
+
+class NetCommand extends Controller
+{
+    public function run(Request $request)
+    {
+        $this->validate($request, [
+            'cmd' => 'in:whois,ping,tracert,nmap',
+            'query' => 'ip_or_hostname',
+        ]);
+
+        ini_set('allow_url_fopen', 0);
+
+        switch ($request->get('cmd')) {
+            case 'whois':
+                $cmd = [Config::get('whois', 'whois'), $request->get('query')];
+                break;
+            case 'ping':
+                $cmd = [Config::get('ping', 'ping'), '-c', '5', $request->get('query')];
+                break;
+            case 'tracert':
+                $cmd = [Config::get('mtr', 'mtr'), '-r', '-c', '5', $request->get('query')];
+                break;
+            case 'nmap':
+                if (!$request->user()->isAdmin()) {
+                    return response('Insufficient privileges');
+                } else {
+                    $cmd = [Config::get('nmap', 'nmap'), $request->get('query')];
+                }
+                break;
+            default:
+                return response('Invalid command');
+        }
+
+        $proc = new Process($cmd);
+        $proc->setTimeout(240);
+
+        //stream output
+        return (new StreamedResponse(
+            function () use ($proc, $request) {
+                // a bit dirty, bust browser initial cache
+                $ua = $request->header('User-Agent');
+                if (str_contains($ua, ['Chrome', 'Trident'])) {
+                    $char = "\f"; // line feed
+                } else {
+                    $char = "";
+                }
+                echo str_repeat($char, 4096);
+                echo PHP_EOL; // avoid first line mess ups due to line feed
+
+                $proc->run(function ($type, $buffer) {
+                    echo $buffer;
+                    ob_flush();
+                    flush();
+                });
+            },
+            200,
+            [
+                'Content-Type' => 'text/plain; charset=utf-8',
+                'X-Accel-Buffering' => 'no',
+            ]
+        ))->send();
+    }
+}

app/Http/Controllers/Ajax/ResolutionController.php

@@ -0,0 +1,54 @@
+<?php
+/**
+ * ResolutionController.php
+ *
+ * -Description-
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ * @package    LibreNMS
+ * @link       http://librenms.org
+ * @copyright  2019 Tony Murray
+ * @author     Tony Murray <murraytony@gmail.com>
+ */
+
+namespace App\Http\Controllers\Ajax;
+
+use App\Http\Controllers\Controller;
+use Illuminate\Http\Request;
+
+class ResolutionController extends Controller
+{
+    public function set(Request $request)
+    {
+        $this->validate($request, [
+            'width' => 'required|numeric',
+            'height' => 'required|numeric'
+        ]);
+
+        // legacy session
+        session_start();
+        $_SESSION['screen_width'] = $request->width;
+        $_SESSION['screen_height'] = $request->height;
+        session_write_close();
+
+        // laravel session
+        session([
+            'screen_width' => $request->width,
+            'screen_height' => $request->height
+        ]);
+
+        return $request->width . 'x' . $request->height;
+    }
+}

app/Http/Controllers/Ajax/RipeNccApiController.php

@@ -0,0 +1,71 @@
+<?php
+/**
+ * RipeNccApiController.php
+ *
+ * -Description-
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ * @package    LibreNMS
+ * @link       http://librenms.org
+ * @copyright  2019 Tony Murray
+ * @author     Tony Murray <murraytony@gmail.com>
+ */
+
+namespace App\Http\Controllers\Ajax;
+
+use App\ApiClients\RipeApi;
+use App\Http\Controllers\Controller;
+use Illuminate\Http\Request;
+use LibreNMS\Exceptions\ApiException;
+
+class RipeNccApiController extends Controller
+{
+    public function raw(Request $request, RipeApi $api)
+    {
+        $this->validate($request, [
+            'data_param' => 'required|in:whois,abuse-contact-finder',
+            'query_param' => 'required|ip_or_hostname',
+        ]);
+
+        $is_whois = $request->get('data_param') == 'whois';
+
+        try {
+            $resource = $request->get('query_param');
+            $output = $is_whois ? $api->getWhois($resource) : $api->getAbuseContact($resource);
+
+            return response()->json([
+                'status' => 'ok',
+                'message' => 'Queried',
+                'output' => $output,
+            ]);
+        } catch (ApiException $e) {
+            $response = $e->getOutput();
+            $message = $e->getMessage();
+
+            if (isset($response['messages'])) {
+                $message .= ': ' . collect($response['messages'])
+                        ->flatten()
+                        ->reject('error')
+                        ->implode(', ');
+            }
+
+            return response()->json([
+                'status' => 'error',
+                'message' => $message,
+                'output' => $response,
+            ], 503);
+        }
+    }
+}

app/Http/Controllers/ResolutionController.php

@@ -1,30 +0,0 @@
-<?php
-
-namespace App\Http\Controllers;
-
-use Illuminate\Http\Request;
-
-class ResolutionController extends Controller
-{
-    public function set(Request $request)
-    {
-        $this->validate($request, [
-            'width' => 'required|numeric',
-            'height' => 'required|numeric'
-        ]);
-
-        // legacy session
-        session_start();
-        $_SESSION['screen_width'] = $request->width;
-        $_SESSION['screen_height'] = $request->height;
-        session_write_close();
-
-        // laravel session
-        session([
-            'screen_width' => $request->width,
-            'screen_height' => $request->height
-        ]);
-
-        return $request->width . 'x' . $request->height;
-    }
-}

app/Providers/AppServiceProvider.php

@@ -6,9 +6,13 @@ use Illuminate\Database\Eloquent\Relations\Relation;
 use Illuminate\Support\Facades\Blade;
 use Illuminate\Support\Facades\Log;
 use Illuminate\Support\ServiceProvider;
+use Illuminate\Validation\Rule;
 use LibreNMS\Config;
 use LibreNMS\Exceptions\DatabaseConnectException;
+use LibreNMS\Util\IP;
+use LibreNMS\Util\Validate;
 use Request;
+use Validator;
 
 include_once __DIR__ . '/../../includes/dbFacile.php';
 
@@ -48,6 +52,7 @@ class AppServiceProvider extends ServiceProvider
             return "<?php endif; ?>";
         });
 
+        $this->bootCustomValidators();
         $this->configureMorphAliases();
 
         // Development service providers
@@ -108,4 +113,12 @@ class AppServiceProvider extends ServiceProvider
             }
         });
     }
+
+    private function bootCustomValidators()
+    {
+        Validator::extend('ip_or_hostname', function ($attribute, $value, $parameters, $validator) {
+            $ip = substr($value, 0, strpos($value, '/') ?: strlen($value)); // allow prefixes too
+            return IP::isValid($ip) || Validate::hostname($value);
+        }, __('The :attribute must a valid IP address/network or hostname.'));
+    }
 }