F
framness
Greetings,
I am coding up an online order entry application and its been going
fairly well but I have run into a roadblock on something I know is
going to be a head slapper. It seems unlikely but it almost appears as
if the call to LogAttack is being skipped over. Can you spot anything
wrong?
I have the following code snippet:
================
my $TextFieldValue = $SubFields->param($FieldName);
my $SubmittingIP = $SubFields->param('ip');
if(CSSAttack($TextFieldValue)) {
print LOGFILE "about to log attack.\n";
LogAttack($SubmittingIP, $AttackLogFile, "CSS Attack",
$FieldName, $TextFieldValue);
print LOGFILE "Past LogAttack.\n";
}
================
Both the pre & post call log entries show up in my general log, but I
see no indication PERL actually falls down into the LogAttack code.
Now, I have various print statements to create entries in my general
log but none of them show up, not even the first one. Nor does the
application crash as the form returns to the browser in roughly the
state I expect it.
Below is the code for LogAttack
============================
sub LogAttack() {
#Subroutine to log suspected attacks.
#Take in the cgi object, the path & attack log file, field name, &
value
#Format a log entry with time, date, IP of attack, type of attack,
field name, & value and write to the Attack Log
print LOGFILE "in LogAttack\n";
my $AttackingIP = $_[0];
my $AttackLogFile = $_[1];
my $AttackType = $_[2];
my $SuspectField = $_[3];
my $BadValue = $_[4];
my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) =
localtime(time);
$year += 1900;
my $Month = $mon + 1;
my $DateString = sprintf("%04d-%02d-%0sd %02d:%02d:%02d",$year,
$Month, $mday, $hour, $min, $sec);
#Obtain attacker's IP address
my $AttackMessage = sprintf("Attack type %s coming from IP
%s. Field: %s. Value: %s.", $AttackType, $AttackingIP, $SuspectField,
$BadValue);
my $LogEntry = sprintf("%s > %s\n", $DateString,
$AttackMessage);
my $AttackLogPathName = sprintf(">>%s", $AttackLogFile);
open(ATTACKLOGFILE, $AttackLogPathName) or die "\n Can not open
$AttackLogPathName\n";
print LOGFILE $AttackLogPathName;
print LOGFILE $LogEntry;
print ATTACKLOGFILE $LogEntry;
close ATTACKLOGFILE;
}
============================
Thanks for any & all help.
Mark
I am coding up an online order entry application and its been going
fairly well but I have run into a roadblock on something I know is
going to be a head slapper. It seems unlikely but it almost appears as
if the call to LogAttack is being skipped over. Can you spot anything
wrong?
I have the following code snippet:
================
my $TextFieldValue = $SubFields->param($FieldName);
my $SubmittingIP = $SubFields->param('ip');
if(CSSAttack($TextFieldValue)) {
print LOGFILE "about to log attack.\n";
LogAttack($SubmittingIP, $AttackLogFile, "CSS Attack",
$FieldName, $TextFieldValue);
print LOGFILE "Past LogAttack.\n";
}
================
Both the pre & post call log entries show up in my general log, but I
see no indication PERL actually falls down into the LogAttack code.
Now, I have various print statements to create entries in my general
log but none of them show up, not even the first one. Nor does the
application crash as the form returns to the browser in roughly the
state I expect it.
Below is the code for LogAttack
============================
sub LogAttack() {
#Subroutine to log suspected attacks.
#Take in the cgi object, the path & attack log file, field name, &
value
#Format a log entry with time, date, IP of attack, type of attack,
field name, & value and write to the Attack Log
print LOGFILE "in LogAttack\n";
my $AttackingIP = $_[0];
my $AttackLogFile = $_[1];
my $AttackType = $_[2];
my $SuspectField = $_[3];
my $BadValue = $_[4];
my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) =
localtime(time);
$year += 1900;
my $Month = $mon + 1;
my $DateString = sprintf("%04d-%02d-%0sd %02d:%02d:%02d",$year,
$Month, $mday, $hour, $min, $sec);
#Obtain attacker's IP address
my $AttackMessage = sprintf("Attack type %s coming from IP
%s. Field: %s. Value: %s.", $AttackType, $AttackingIP, $SuspectField,
$BadValue);
my $LogEntry = sprintf("%s > %s\n", $DateString,
$AttackMessage);
my $AttackLogPathName = sprintf(">>%s", $AttackLogFile);
open(ATTACKLOGFILE, $AttackLogPathName) or die "\n Can not open
$AttackLogPathName\n";
print LOGFILE $AttackLogPathName;
print LOGFILE $LogEntry;
print ATTACKLOGFILE $LogEntry;
close ATTACKLOGFILE;
}
============================
Thanks for any & all help.
Mark