sagacity/ste/orphaned.php

150 lines
4.6 KiB
PHP
Raw Normal View History

2018-05-07 10:51:08 -04:00
<?php
/**
* File: orphaned.php
* Author: Ryan Prather
* Purpose: Display the findings for a particular host that are not assigned to any checklist
* Created: Jan 31, 2014
*
* Portions Copyright (c) 2012-2015, Salient Federal Solutions
* Portions Copyright (c) 2008-2011, Science Applications International Corporation (SAIC)
* Released under Modified BSD License
*
* See license.txt for details
*
* Change Log:
* - Jan 31, 2014 - File created
*/
include_once 'config.inc';
include_once 'database.inc';
include_once 'helper.inc';
$db = new db();
if (!isset($_REQUEST['tgt'])) {
print "Need to know what host you want to look at";
exit;
}
$tgt = $db->get_Target_Details($_REQUEST['ste'], $_REQUEST['tgt'])[0];
$findings = $db->get_Finding($tgt, null, null, true);
set_time_limit(0);
?>
<!DOCTYPE HTML>
<html>
<head>
<title><?php print $tgt->get_Name(); ?> - Orphan Findings</title>
<style type='text/css'>
#tooltip {
display: none;
z-index: 1000;
background-color: #FFE681;
color: #000;
font-size: 16px;
padding: 4px;
line-height: 1em;
position: absolute;
}
.hidden {
display: none;
}
</style>
<script src='../style/5grid/jquery-1.10.2.min.js'></script>
<script src='../script/default.js'></script>
<script>
function pdi_popup(pdi_id, orphan_id) {
$('#pdi_popup').attr('src', '../data/pdi.php?pdi=' + pdi_id + '&orphan=' + orphan_id);
}
</script>
</head>
<body onload='javascript:initTip();'>
<div id='tooltip'></div>
<table border=1>
<thead>
<tr>
<th>Orphan ID</th>
<th>VMS ID</th>
<th>Cat</th>
<th>IA Controls</th>
<th>Short Title</th>
<th>Possible Matches</th>
</tr>
</thead>
<tbody>
<?php
foreach ($findings as $key => $finding) {
$pdi = $db->get_PDI($finding->get_PDI_ID());
$nessus = null;
$cve = null;
$iavm = null;
$gd = $db->get_GoldDisk_By_PDI($pdi->get_ID());
$stigs = $db->get_STIG_By_PDI($pdi->get_ID());
if (!is_a($stigs, 'stig')) {
die("Can't find the STIG for PDI {$pdi->get_ID()}");
}
if (count($gd) == 1) {
$gd = $gd[0];
}
else {
$gd = null;
}
$ia = $db->get_IA_Controls_By_PDI($pdi->get_ID());
print "<tr>" . PHP_EOL .
"<td onmouseout='hideTip();' onmouseover='showTip(event, " . $pdi->get_ID() . ");'>" . $stigs->get_ID() . "<div class='hidden' id='" . $pdi->get_ID() . "'>" . nl2br($finding->get_Notes()) . "</div></td>" . PHP_EOL .
"<td>" . (!is_null($gd) ? $gd->get_ID() : '') . "</td>" . PHP_EOL .
"<td>" . $pdi->get_Category_Level_String() . "</td>" . PHP_EOL .
"<td>" . "</td>" . PHP_EOL .
"<td>" . $pdi->get_Short_Title() . "</td>" . PHP_EOL;
if (preg_match('/\d{5,6}/', $stigs->get_ID())) {
$nessus = $db->get_Nessus($stigs->get_ID());
}
elseif (preg_match('/CVE\-\d{4}\-\d{4}/', $stigs->get_ID())) {
$cve = $db->get_CVE($stigs->get_ID());
}
elseif (preg_match('/\d{4}\-[ABT]\-\d{4}/', $stigs->get_ID())) {
$iavm = $db->get_IAVM($stigs->get_ID());
}
else {
}
$matches = $db->get_Matching_PDIs($pdi, $nessus, $cve, $iavm);
print "<td>";
foreach ($matches as $key => $match) {
$short_desc = nl2br(htmlentities(substr($match['desc'], 0, 500)));
$short_cont = nl2br(htmlentities(substr($match['check_content'], 0, 1000)));
print "<div class='hidden' id='" . $match['pdi_id'] . "'>" .
$short_desc .
(strlen($match['desc']) > 500 ? " <b>(truncated)</b>" : "") . "<br />" .
$short_cont .
(strlen($match['check_content']) > 1000 ? " <b>(truncated)</b>" : "") .
"</div>";
print "<a onmouseout='hideTip();'
onmouseover='showTip(event, " . $match['pdi_id'] . ");'
href='javascript:void(0);'
onclick='javascript:pdi_popup(" . $match['pdi_id'] . ",\"" . $stigs->get_ID() . "\");'>" .
$match['pdi_id'] .
"</a> (" . $match['score'] . ") " . $match['title'] . "<br />";
}
print "</td>";
print "</tr>" . PHP_EOL;
}
?>
</tbody>
</table>
<iframe id='pdi_popup' class='box' style='width: 80%; height: 80%; top: 10%; left: 10%;'></iframe>
</body>
</html>