/
Errata - 3.3.0 Global Exclude IP list from configuration not being honoured

Errata - 3.3.0 Global Exclude IP list from configuration not being honoured

Apr 15, 2020

When we execute a discovery in 3.3.0, the global configuration item discovery_exclude_ip is not being honored.

A work-around is to add these excluded IPs into the individual discovery (Enterprise users). Other users will have to apply the below patch.

In the file open-audit/code_igniter/application/helpers/discoveries_helper.php Lines 245 - 247 are as below.

$CI->db->query($sql, $data); $all_ip_list = all_ip_list($discovery);

In between these lines insert the below.

if ( ! empty($CI->config->config['discovery_ip_exclude'])) { $exclude_ip = str_replace(' ', ',', $CI->config->config['discovery_ip_exclude']); if ( ! empty($discovery->attributes->other->nmap->exclude_ip)) { $discovery->attributes->other->nmap->exclude_ip .= ',' . $exclude_ip; } else { $discovery->attributes->other->nmap->exclude_ip = $exclude_ip; } }

 

So the section of file now looks like

$CI->db->query($sql, $data); if ( ! empty($CI->config->config['discovery_ip_exclude'])) { $exclude_ip = str_replace(' ', ',', $CI->config->config['discovery_ip_exclude']); if ( ! empty($discovery->attributes->other->nmap->exclude_ip)) { $discovery->attributes->other->nmap->exclude_ip .= ',' . $exclude_ip; } else { $discovery->attributes->other->nmap->exclude_ip = $exclude_ip; } } $all_ip_list = all_ip_list($discovery);

That code will combine any excluded IPs from the configuration with those specified in the individual discovery.

You can find a patched file on github at https://github.com/Opmantek/open-audit/blob/master/code_igniter/application/helpers/discoveries_helper.php

Apologies for the inconvenience.