Errata - 3.3.0 Global Exclude IP list from configuration not being honoured

When we execute a discovery in 3.3.0, the global configuration item discovery_exclude_ip is not being honored.

A work-around is to add these excluded IPs into the individual discovery (Enterprise users). Other users will have to apply the below patch.

In the file open-audit/code_igniter/application/helpers/discoveries_helper.php Lines 245 - 247 are as below.

                $CI->db->query($sql, $data);
		
                $all_ip_list = all_ip_list($discovery);

In between these lines insert the below.

		if ( ! empty($CI->config->config['discovery_ip_exclude'])) {
			$exclude_ip = str_replace(' ', ',', $CI->config->config['discovery_ip_exclude']);
			if ( ! empty($discovery->attributes->other->nmap->exclude_ip)) {
				$discovery->attributes->other->nmap->exclude_ip .= ',' . $exclude_ip;
			} else {
				$discovery->attributes->other->nmap->exclude_ip = $exclude_ip;
			}
		}

So the section of file now looks like

 		$CI->db->query($sql, $data);

		if ( ! empty($CI->config->config['discovery_ip_exclude'])) {
			$exclude_ip = str_replace(' ', ',', $CI->config->config['discovery_ip_exclude']);
			if ( ! empty($discovery->attributes->other->nmap->exclude_ip)) {
				$discovery->attributes->other->nmap->exclude_ip .= ',' . $exclude_ip;
			} else {
				$discovery->attributes->other->nmap->exclude_ip = $exclude_ip;
			}
		}

		$all_ip_list = all_ip_list($discovery);

That code will combine any excluded IPs from the configuration with those specified in the individual discovery.

You can find a patched file on github at https://github.com/Opmantek/open-audit/blob/master/code_igniter/application/helpers/discoveries_helper.php

Apologies for the inconvenience.