
843 lines
23 KiB
Raw Normal View History

2018-05-07 10:51:08 -04:00
* File:
* Author: Ryan Prather
* Purpose: Class to allow the parsing and traversing of the tmp directory to find result files to import
* Created: Sep 27, 2013
2018-07-26 08:33:50 -04:00
* Portions Copyright 2016-2018: Cyber Perspectives, LLC, All rights reserved
2018-05-07 10:51:08 -04:00
* Released under the Apache v2.0 License
* Portions Copyright (c) 2012-2015, Salient Federal Solutions
* Portions Copyright (c) 2008-2011, Science Applications International Corporation (SAIC)
* Released under Modified BSD License
* See license.txt for details
* Change Log:
* - Sep 27, 2013 - File created
* - Sep 1, 2016 - Updated Copyright, updated purpose, and updated to make platform independent
* - Oct 24, 2016 - Cleaned up script call string and converted to use PHP_OS constant instead of php_uname() function
* - Nov 7, 2016 - Made several updates to the scan_Result_Files function
* - Dec 7, 2016 - Fixed bug in scan_Result_Files where Windows threading was not being run and changed PHP constant to PHP_BIN
* - Jan 30, 2017 - Added parse_config.ini file when parsing and execution check for Linux and Windows
* - Feb 15, 2017 - Fix bug with PHP_BIN not being declared for some reason (need to troubleshoot further)
* - Feb 21, 2017 - Fixed path issues with scripts not running
* - Jun 27, 2017 - Removed include for PHPExcel.php library
* - Oct 23, 2017 - Fixes for pdi class
2018-07-26 08:33:50 -04:00
* - May 24, 2018 - Added throwing error if not able to create /exec/parse_config.ini
2018-05-07 10:51:08 -04:00
include_once '';
include_once '';
include_once '';
include_once '';
include_once 'vendor/autoload.php';
* Class to control the importing of files
* @author Ryan Prather
class import {
* The current include_once path
* @var string
protected $current_path = '';
* String array of regular expressions.
* Files matching these expressions will be skipped
* @var string
protected $SKIP = array(
* Class constructor
public function __construct() {
* Class destructor to reset the include_once path and time limits
public function __destruct() {
* Function to scan the tmp directory for result files and call the appropriate parsers
public function scan_Result_Files($redirect = true) {
chdir(DOC_ROOT . "/exec");
$ignore = filter_input(INPUT_POST, 'ignore', FILTER_VALIDATE_BOOLEAN) ? "true" : "false";
$doc_root = realpath(DOC_ROOT);
$ste = filter_input(INPUT_COOKIE, 'ste', FILTER_VALIDATE_INT);
if (!$ste) {
$ste = filter_input(INPUT_POST, 'ste', FILTER_VALIDATE_INT);
$location = filter_input(INPUT_POST, 'location', FILTER_SANITIZE_STRING);
$conf = <<<EOF
ste = $ste
location = $location
doc_root = $doc_root
ignore = $ignore
2018-07-26 08:33:50 -04:00
if(!file_put_contents(DOC_ROOT . "/exec/parse_config.ini", $conf)) {
throw new Exception("Error creating the parse_config.ini");
2018-05-07 10:51:08 -04:00
$script = realpath(defined('PHP_BIN') ? PHP_BIN : PHP) .
" -c " . realpath(PHP_CONF) .
" -f " . realpath(DOC_ROOT . "/exec/background_results.php");
Sagacity_Error::err_handler("Script to execute: $script", E_DEBUG);
$process = new Cocur\BackgroundProcess\BackgroundProcess("cd " . realpath(DOC_ROOT . "/exec") . " && " . $script);
if ($redirect) {
* Function to scan '/xampp/www/tmp' directory for catalog files
public function scan_Catalog_Files() {
chdir(DOC_ROOT . "/tmp");
$files = glob("*");
foreach ($files as $file) {
if (substr($file, -3) == 'zip') {
// $this->import_STIG_ZIP("../tmp/$file");
elseif (preg_match('/pdi\-|\_catalog/i', $file)) {
// $this->import_PDI_CSV("../tmp/$file");
elseif (preg_match('/\-xccdf\.xml$/i', $file)) {
// $this->import_STIG("../tmp/$file");
* Function to scan host data files and import findings
public function import_Host_Data_Collection() {
$db = new db();
$doc_root = realpath(DOC_ROOT);
$overwrite = (isset($_REQUEST['overwrite']) && $_REQUEST['overwrite'] ? "true" : "false");
$conf = <<<EOF
ste = {$_REQUEST['ste']}
location = "{$_REQUEST['location']}"
doc_root = $doc_root
target = {$_REQUEST['tgt']}
overwrite = $overwrite
file_put_contents(DOC_ROOT . "/exec/parse_config.ini", $conf);
$script = realpath(defined('PHP_BIN') ? PHP_BIN : PHP) .
" -c " . realpath(PHP_CONF) .
" -f " . realpath(DOC_ROOT . "/exec/parse_host_data_collection.php");
if (substr(strtolower(PHP_OS), 0, 3) == 'win') {
$shell = new COM("WScript.Shell");
$shell->CurrentDirectory = DOC_ROOT;
$shell->run($script, 0, false);
elseif (substr(strtolower(PHP_OS), 0, 3) == 'lin') {
exec("$script > /dev/null &");
else {
Sagacity_Error::err_handler("Unknown OS: " . PHP_OS);
header("Location: /ste/");
* function to import PDI CSV file to database
public function import_PDI_CSV() {
$db = new db();
$handle = fopen(DOC_ROOT . "/tmp/All-PDI-Catalog.csv", "r");
$data = fgetcsv($handle);
$data = fgetcsv($handle);
while ($data = fgetcsv($handle)) {
$catalog = array(
'stig_id' => (isset($data[0]) ? $data[0] : ""),
'vms_id' => (isset($data[1]) ? $data[1] : ""),
'cat_lvl' => (isset($data[2]) ? $data[2] : "II"),
'ia_controls' => (isset($data[3]) ? $data[3] : ""),
'short_title' => (isset($data[4]) ? $data[4] : ""),
'description' => (isset($data[5]) ? $data[5] : ""),
'notes' => (isset($data[6]) ? $data[6] : ""),
'retina_id' => (isset($data[7]) ? $data[7] : ""),
'vul_id' => (isset($data[8]) ? $data[8] : ""),
'check_contents' => (isset($data[9]) ? $data[9] : ""),
'sv_rule_id' => (isset($data[10]) ? $data[10] : ""),
'nessus_id' => (isset($data[11]) ? $data[11] : "")
if ($catalog['stig_id'] != 'No Reference') {
$ref = $db->get_STIG($catalog['stig_id']);
if (is_null($ref) && $catalog['vms_id'] != 'No Reference') {
$ref = $db->get_GoldDisk($catalog['vms_id']);
if (is_array($ref) && count($ref) && isset($ref[0])) {
$ref = $ref[0];
if (!is_null($ref)) {
$pdi = new pdi($ref->get_PDI_ID(), $catalog['cat_lvl'], "NOW");
if ($catalog['ia_controls']) {
$ia_controls = array();
foreach (explode(" ", $catalog['ia_controls']) as $ia) {
$ia_controls[] = new ia_control($ref->get_PDI_ID(), substr($ia, 0, -2), substr($ia, -1));
if (!$db->save_IA_Control($ia_controls)) {
print "error updating ia controls on id: " . $ref->get_ID() . "<br />";
// Check for retina data
if ($catalog['retina_id']) {
$retina = new retina($ref->get_PDI_ID(), $catalog['retina_id']);
if (!$db->save_Retina($retina)) {
print "error updating retina id: " . $catalog['retina_id'] . "<br />";
// Vul_ID
if ($catalog['vul_id']) {
if ($catalog['sv_rule_id']) {
$sv_rule = array();
foreach (explode(" ", $catalog['sv_rule_id']) as $rule) {
$sv_rule[] = new sv_rule($ref->get_PDI_ID(), $rule);
if (!$db->save_SV_Rule($sv_rule)) {
print "error updating sv rule on pdi: " . $ref->get_ID() . "<br />";
if ($catalog['nessus_id']) {
$nessus = new nessus($ref->get_PDI_ID(), $catalog['nessus_id']);
if (!$db->save_Nessus($nessus)) {
print "error updating nessus id: " . $catalog['nessus_id'] . "<br />";
else {
$pdi = new pdi(0, $catalog['cat_lvl'], "NOW");
$pdi_id = $db->save_PDI($pdi);
if ($catalog['stig_id'] != 'No Reference') {
$stig = new stig($pdi_id, $catalog['stig_id'], $catalog['description']);
$ref = $stig;
if ($catalog['vms_id'] != 'No Reference') {
$golddisk = new golddisk($pdi_id, $catalog['vms_id'], $catalog['short_title']);
if ($ref == null) {
$ref = $golddisk;
if ($catalog['ia_controls']) {
$ia_controls = array();
foreach (explode(" ", $catalog['ia_controls']) as $ia) {
$ia_controls[] = new ia_control($pdi_id, substr($ia, 0, -2), substr($ia, -1));
if (!$db->save_IA_Control($ia_controls)) {
print "error updating ia controls on pdi_id: " . $ref->get_ID() . "<br />";
// Check for retina data
if ($catalog['retina_id']) {
$retina = new retina($pdi_id, $catalog['retina_id']);
if (!$db->save_Retina($retina)) {
print "error updating retina id: " . $catalog['retina_id'] . "<br />";
// Vul_ID
if ($catalog['vul_id']) {
// sv_rule
if ($catalog['sv_rule_id']) {
$sv_rule = array();
foreach (explode(" ", $catalog['sv_rule_id']) as $rule) {
$sv_rule[] = new sv_rule($pdi_id, $rule);
if (!$db->save_SV_Rule($sv_rule)) {
print "error updating sv rule on pdi: " . $ref->get_ID() . "<br />";
if ($catalog['nessus_id']) {
$nessus = new nessus($pdi_id, $catalog['nessus_id']);
if (!$db->save_Nessus($nessus)) {
print "error updating nessus id: " . $catalog['nessus_id'] . "<br />";
* function for SRR script
* runs script
* exports a csv format file
public function net_SRR() {
* function for unix SRR conversion to csv
* runs script
* runs script
public function unix_srr_to_csv() {
* Function to import DISA STIG content to database
* @param array $request
public function import_STIG_XML($request = array()) {
$script = realpath(defined('PHP_BIN') ? PHP_BIN : PHP) . " " .
realpath(DOC_ROOT . "/exec/background_stigs.php") . " " .
(isset($request['delete']) ? ' --delete' : '') .
(isset($request['override']) ? " --ia" : "");
$shell = new COM("WScript.Shell");
$shell->CurrentDirectory = DOC_ROOT . "/exec";
$shell->run($script, 0, false);
header("location: " . $_SERVER['HTTP_REFERER']);
* Function to convert a retina CSV to an eChecklist and store on database
public function retina_csv_echecklist() {
$files = glob('*.csv');
$db = new db();
$source = $db->get_Sources('Retina');
$ste = $db->get_STE($_REQUEST['ste'])[0];
foreach ($files as $file) {
$scan = new scan(null, $source, $ste, '1', $file, 'CURRENT_TIMESTAMP');
exec(PERL . "/perl " . DOC_ROOT . "/exec/ " . DOC_ROOT . "/tmp/$file --db", $output, $result);
* function to import golddisk info into scans table
* runs script
public function golddisk_xml_echecklist() {
$files = glob('*.xml');
$db = new db();
$source = $db->get_Sources('Golddisk');
$ste = $db->get_STE($_REQUEST['ste'])[0];
foreach ($files as $file) {
$scan = new scan(null, $source, $ste, '1', $file, 'CURRENT_TIMESTAMP');
exec(PERL . "/perl " . DOC_ROOT . "/exec/ " . DOC_ROOT . "/tmp/$file --db", $output, $result);
public function import_IAVM_CVE() {
$filename = '../tmp/iavm-to-cve(u).xml';
$xml = simplexml_load_file($filename);
$db = new db();
foreach ($xml->IAVM as $iavm) {
$vms_id = preg_replace('/V[0]+/', 'V-', (string) $iavm->S['VMSKey']);
$stig_id = (string) $iavm->S['IAVM'];
$title = (string) $iavm->S['Title'];
$release_date = DateTime::createFromFormat('d M Y', $iavm->S['ReleaseDate']);
$revision_date = DateTime::createFromFormat('d M Y', $iavm->Revision['Date']);
$cves_tags = $iavm->CVEs;
$cves = array();
$pdi = $db->get_Stig($stig_id);
if (is_array($pdi) && count($pdi) && isset($pdi[0]) && is_a($pdi[0], 'stig')) {
$pdi = $pdi[0];
if (is_null($pdi)) {
$pdi = $db->get_GoldDisk($vms_id);
if (is_array($pdi) && count($pdi) && isset($pdi[0]) && is_a($pdi[0], 'golddisk')) {
$pdi = $pdi[0];
if (is_null($pdi)) {
$cat_lvl = substr_count((string) $iavm->S['Severity'], 'I');
$pdi = new pdi(null, $cat_lvl, (string) $iavm->S['ReleaseDate']);
$pdi_id = $db->save_PDI($pdi);
$stig = new stig($pdi_id, $stig_id, $title);
$golddisk = new golddisk($pdi_id, $vms_id, $title);
else {
$pdi_id = $pdi->get_PDI_ID();
foreach ($cves_tags->CVENumber as $cve) {
$cve_id = (string) $cve;
$cves[] = new cve(null, $cve_id, $release_date, $title);
$ref_tags = $iavm->References;
$refs = array();
foreach ($ref_tags->Reference as $ref) {
$ref_type = '';
$adv_id = '';
$url = (string) $ref['URL'];
$name = (string) $ref['RefName'];
$match = array();
$refs[] = new advisory($pdi_id, $adv_id, $name, $ref_type, $url);
$ref = $row[8];
$url = $row[9];
if (strpos($ref, 'Microsoft') !== false) {
$type = 'Microsoft';
$ret = preg_match('/(MS\d{2}\-\d{3}|KB\d{6,7}|\d{6,7})/', $ref, $match);
if (count($match)) {
$id = $match[1];
elseif (strpos($ref, 'Adobe') !== false) {
$type = 'Adobe';
$ret = preg_match('/(APSA\d{2}\-\d{2}|APSB\d{2}\-\d{2})/', $ref, $match);
if (count($match)) {
$id = $match[1];
elseif (strpos($ref, 'Apache') !== false) {
$type = 'Apache';
$ret = preg_match('/(CVE\-\d{4}\-\d{4}|S\d\-\d{3})/', $ref, $match);
if (count($match)) {
$id = $match[1];
elseif (strpos($ref, 'CERT') !== false) {
$type = 'US-CERT';
$match = array();
if (strpos($url, 'techalerts') !== false) {
$ret = preg_match('/(TA\d{2}\-\d{3}\s).html/', $url, $match);
elseif (strpos($url, 'vuls') !== false) {
$ret = preg_match('/([^\/]+)$/', $url, $match);
if (count($match)) {
$id = $match[1];
elseif (strpos($ref, 'Cisco') !== false) {
$type = 'Cisco';
$ret = preg_match('/([^\/]+)(\.s?html)$/', $url, $match);
if (count($match) > 0) {
$id = $match[1];
else {
$ret = preg_match('/([^\/]+)$/', $url, $match);
if (count($match)) {
$id = $match[1];
elseif (strpos($ref, 'Citrix') !== false) {
$type = 'Citrix';
$ret = preg_match('/([^\/]+)$/', $url, $match);
if (count($match)) {
$id = $match[1];
elseif (strpos($ref, 'Debian') !== false) {
$type = 'Debian';
$ret = preg_match('/([^\/]+)$/', $url, $match);
if (count($match)) {
$id = $match[1];
elseif (strpos($ref, 'HP') !== false) {
$type = 'HP';
$ret = preg_match('/(HPSB\S+\ SSRT\S+)[\ ?\)?]/', $ref, $match);
if (count($match)) {
$id = $match[1];
else {
$ret = preg_match('/(HPSB\S+)[\ ?\)?]/', $ref, $match);
if (count($match)) {
$id = $match[1];
elseif (strpos($ref, 'IBM') !== false) {
$type = 'IBM';
$ret = preg_match('/(\d{5,8})/', $ref, $match);
if (count($match)) {
$id = $match[1];
else {
$ret = preg_match('/([^\=|\/]+)$/', $url, $match);
if (count($match)) {
$id = $match[1];
elseif (strpos($ref, 'Juniper') !== false) {
$type = 'Juniper';
$ret = preg_match('/(PSN\-\d{4}\-\d{2}\-\d{3}|JSA\d{5})/', $url, $match);
if (count($match)) {
$id = $match[1];
elseif (strpos($ref, 'Oracle') !== false) {
$type = 'Oracle';
$url = basename($url);
$ret = preg_match('/([\S]+)\.html/', $url, $match);
if (count($match)) {
$id = $match[1];
elseif (strpos($ref, 'McAfee') !== false) {
$type = 'McAfee';
$query = parse_query($url);
if (count($match)) {
$id = isset($query['id']) ? $query['id'] : '';
elseif (strpos($ref, 'Red Hat') !== false) {
$type = 'Red Hat';
$ret = preg_match('/([^\/]+)\.html/', $url, $match);
if (count($match)) {
$id = $match[1];
elseif (strpos($ref, 'Secunia') !== false) {
$type = 'Secunia';
$ret = preg_match('/([^\/]+)\/([^\/]+)\/?$/', $url, $match);
if (count($match)) {
if ($match[2] == 'advisory') {
$id = $match[1];
elseif (is_numeric($match[1]) && count($match[2]) == 1) {
$id = $match[1];
else {
$id = $match[2];
elseif (strpos($url, 'securitytracker') !== false) {
$type = 'Security Tracker';
$ret = preg_match('/([^\/]+)\.html$/', $url, $match);
if (count($match)) {
$id = $match[1];
elseif (strpos($ref, 'SecurityFocus') !== false) {
$type = 'SecurityFocus';
$ret = preg_match('/([^\/]+)\/?$/', $url, $match);
if (count($match)) {
if ($match[1] != 'info') {
$id = $match[1];
else {
$ret = preg_match('/([^\/]+)\/info/', $url, $match);
$id = $match[1];
elseif (strpos($ref, 'Sun') !== false) {
$type = 'Sun';
$query = parse_query($url);
$id = isset($query['assetkey']) ? $query['assetkey'] : '';
if (!$id) {
$ret = preg_match('/([^\/]+)$/', parse_url($url, PHP_URL_PATH), $match);
$id = $match[1];
elseif (strpos($ref, 'Symantec') !== false) {
$type = 'Symantec';
$ret = preg_match('/(\d{5}|SYM\d{2}\-\d{3})/', $ref, $match);
if (count($match)) {
$id = $match[1];
elseif (strpos($url, 'ZDI') !== false) {
$type = 'ZDI';
$ret = preg_match('/([^\/]+)(\.html|\/)$/', $url, $match);
if (count($match)) {
$id = $match[1];
elseif (strpos($ref, 'Wireshark') !== false) {
$type = 'Wireshark';
$ret = preg_match('/([^\/]+)\.html$/', $url, $match);
if (count($match)) {
$id = $match[1];
* @param string $in
* @return multitype:Ambigous <>
public function parse_query($in) {
* Use this function to parse out the query array element from
* the output of parse_url().
$query_string = substr($in, strpos($in, '?') + 1);
$query_arr = explode('&', $query_string);
$arr = array();
foreach ($query_arr as $val) {
$x = explode('=', $val);
$arr[$x[0]] = isset($x[1]) ? $x[1] : '';
unset($val, $x, $var);
return $arr;
* Function for fixing a DISA OVAL file
public function fix_Oval() {
$files = glob("*-oval.xml");
$ret = '';
$db = new db();
foreach ($files as $file) {
$xml = new DOMDocument();
if (!$xml->load($file)) {
error_log("error reading xml file");
$xml->formatOutput = true;
$xml->preserveWhiteSpace = true;
$const_arr = null;
$variables = $xml->getElementsByTagName("variables")
$first_node = $variables->firstChild;
while ($node = $xml->getElementsByTagName("external_variable")
->item(0)) {
$id = $node->getAttribute("id");
$id = explode(':', $id)[3];
$comment = $node->getAttribute("comment");
$ver = $node->getAttribute("version");
$datatype = $node->getAttribute("datatype");
$tmp = $db->get_Oval_Const($id);
$const_arr[$tmp['const_id']]['values'] = $tmp['values'];
$const_arr[$tmp['const_id']]['ver'] = $ver;
$const_arr[$tmp['const_id']]['datatype'] = $datatype;
$const_arr[$tmp['const_id']]['comment'] = $comment;
$var_com = $xml->createElement('variable_component');
$var_com->setAttribute('var_ref', "" . $tmp['const_id']);
$loc_var = $xml->createElement('local_variable');
$loc_var->setAttribute('id', "" . $id);
$loc_var->setAttribute('version', $ver);
$loc_var->setAttribute('datatype', $datatype);
$loc_var->setAttribute('comment', $comment);
$variables->replaceChild($loc_var, $node);
foreach ($const_arr as $key => $value) {
$const_var = $xml->createElement('constant_variable');
$const_var->setAttribute('id', '' . $key);
$const_var->setAttribute('version', $const_arr[$key]['ver']);
$const_var->setAttribute('datatype', $const_arr[$key]['datatype']);
$const_var->setAttribute('comment', $const_arr[$key]['comment']);
foreach ($value['values'] as $val) {
$txt = $xml->createTextNode($val);
$val_var = $xml->createElement("value");
rename($file, "oval\\$file");
return $xml->saveXML();
private function getElementById($doc, $id) {
$xpath = new DOMXPath($doc);
return $xpath->query("//*[@id='$id']")