sagacity/update.php

296 lines
11 KiB
PHP
Raw Normal View History

2018-05-07 10:51:08 -04:00
<?php
/**
* File: update.php
* Author: Ryan Prather
* Purpose: Perform update actions on db and files
* Created: Sep 20, 2013
*
* Portions Copyright 2016-2017: Cyber Perspectives, All rights reserved
* Released under the Apache v2.0 License
*
* Portions Copyright (c) 2012-2015, Salient Federal Solutions
* Portions Copyright (c) 2008-2011, Science Applications International Corporation (SAIC)
* Released under Modified BSD License
*
* See license.txt for details
*
* Change Log:
* - Sep 20, 2013 - File created
* - May 06, 2014 - Added pthreads libraries, sha1 comparison for php and apache config files, and database reload (does not dump)
* - Sep 1, 2016 - Copyright Updated and converted to constants
* - Oct 10, 2016 - Commented out code for copying php_pthread libraries. Need to only do that if this is a Windows install.
* - Nov 7, 2016 - Moved MySQL password for database reloading to defaults-file
* - Nov 14, 2016 - Fixed bug with .sql files not being read and imported and formatting,
* Added radio buttons to identify DB type (MySQL v. mariaDB),
* Added checkbox to import sample_data.sql file
* - Dec 8, 2016 - Changed create table code to use default database engine (#25)
* - Dec 12, 2016 - Added parsing for engine attribute in table tag
* - Apr 5, 2017 - Formating, switch to using filter_input function instead of direct calls to superglobals,
* Deleted commented out pthreads copy code, check for Windows system before attempting to copy config files
* Removed processing old content, search for *routines.sql files, remove, and process after all other sql files
* - Jan 10, 2018 - Fixed bug with tables not being updated if they already exist
2018-07-26 08:33:50 -04:00
* - May 24, 2018 - Modified to pull CVE data from NVD instead of Mitre
2018-05-07 10:51:08 -04:00
*/
include_once 'config.inc';
include_once 'database.inc';
include_once 'helper.inc';
include_once 'vendor/autoload.php';
$uname = filter_input(INPUT_POST, 'uname', FILTER_SANITIZE_STRING);
$pwd = filter_input(INPUT_POST, 'pwd', FILTER_SANITIZE_STRING);
if ($uname && $pwd) {
set_time_limit(0);
$successful = true;
$restart_apache = false;
$restart_mysql = false;
$zip = new ZipArchive();
// attempt to create a new database connection
$conn = new mysqli(DB_SERVER, $uname, $pwd);
if ($conn->connect_error) {
die($conn->connect_error);
}
$conn->real_query("CREATE DATABASE IF NOT EXISTS `sagacity`");
$conn->real_query("CREATE DATABASE IF NOT EXISTS `rmf`");
$conn->select_db("sagacity");
$db = new db_helper($conn);
// clean /tmp directory
array_map('unlink', glob("tmp/*.*"));
$add_table = [];
$reload = (boolean) filter_input(INPUT_POST, 'reload', FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE);
$json = json_decode(file_get_contents(DOC_ROOT . "/db_schema.json"));
if ($reload) {
foreach (array_reverse($json->tables) as $table) {
$db->c->select_db($table->schema);
$db->drop($table->schema, $table->name);
}
}
$host = '%';
if (in_array(strtolower(DB_SERVER), ["localhost", "127.0.0.1"])) {
$host = 'localhost';
}
print "<pre>";
foreach ($json->tables as $table) {
$db->c->select_db($table->schema);
print "Checking {$table->schema}.{$table->name}" . PHP_EOL;
if ($db->table_exists("sagacity", "settings")) {
$db->select("settings", ['db_data'], [
[
'field' => 'meta_key',
'op' => '=',
'value' => "{$table->schema}.{$table->name}"
]
]);
$td = $db->execute();
if (isset($td['db_data'])) {
$jtable = json_decode($td['db_data']);
if ($jtable == $table) {
continue;
}
}
if ($db->table_exists($table->schema, $table->name)) {
$fd = $db->field_data($table->schema, $table->name);
foreach ($table->fields as $field) {
print "field: {$field->name}" . PHP_EOL;
if (!isset($fd[$field->name])) {
print "field doesn't exist" . PHP_EOL;
$db->alter_table($table->name, "add-column", $field);
} else {
$index = (isset($table->index) && is_array($table->index) && count($table->index) ? $table->index : null);
$sql = $db->field_check($fd[$field->name], $field, $table->primary_key, $index);
if (!is_null($sql)) {
$sql = "ALTER TABLE `{$table->schema}`.`{$table->name}` $sql";
$db->query_type = db_helper::ALTER_TABLE;
$db->execute(MYSQLI_BOTH, $sql);
}
}
}
if (isset($table->constraints) && is_array($table->constraints) && count($table->constraints)) {
foreach ($table->constraints as $con) {
if (!$db->is_constraint($con->id)) {
$sql .= "ALTER TABLE `{$table->schema}`.`{$table->name}`" .
" ADD CONSTRAINT `{$cont->id}` " .
"FOREIGN KEY (`{$con->local}`) " .
"REFERENCES `{$con->schema}`.`{$con->table}` (`{$con->field}`) " .
"ON DELETE " . (!is_null($con->delete) ? strtoupper($con->delete) : "NO ACTION") .
" ON UPDATE " . (!is_null($con->update) ? strtoupper($con->update) : "NO ACTION");
if (!$conn->real_query($sql)) {
die($conn->error);
}
}
}
}
$db->update("sagacity.settings", ['db_data' => json_encode($table)], [
[
'field' => 'meta_key',
'op' => '=',
'value' => "{$table->schema}.{$table->name}"
]
]);
$db->execute();
} else {
print "Creating {$table->schema}.{$table->name}" . PHP_EOL;
$db->create_table_json($table);
if (isset($table->triggers)) {
// see if the first entry is a drop statement, run it and remove for subsequent statements
if (substr($table->triggers[0], 0, 4) == 'DROP') {
$db->query($table->triggers[0]);
unset($table->triggers[0]);
}
// concatenate the trigger into one string
$trig = implode(" ", $table->triggers);
if (!$db->query(str_replace("{host}", $host, $trig))) {
print $trig . PHP_EOL;
die($db->error);
}
}
$db->insert("sagacity.settings", [
'meta_key' => "{$table->schema}.{$table->name}",
'db_data' => json_encode($table)
]);
if (!$db->execute()) {
$help->debug(E_ERROR);
}
}
} else {
$db->create_table_json($table);
$db->insert("sagacity.settings", [
'meta_key' => "{$table->schema}.{$table->name}",
'db_data' => json_encode($table)
]);
$db->execute();
}
}
/*
* **********************************************************
* Reload table data
* ********************************************************** */
if ($reload) {
$defaults = <<<EOO
[client]
password="{$pwd}"
port=3306
EOO;
file_put_contents(realpath(TMP) . "/defaults.tmp", $defaults);
chdir(realpath(DOC_ROOT));
$zip->open("Database_Baseline.zip");
$zip->extractTo("Database_Baseline");
chdir("Database_Baseline");
$sql_files = glob("*.sql");
$zip->close();
$sample = (boolean) filter_input(INPUT_POST, 'sample_data', FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE);
if (!$sample) {
if (($key = array_search('sample_data.sql', $sql_files)) !== false) {
unset($sql_files[$key]);
unlink('sample_data.sql');
}
}
$routines = glob("*routines.sql");
foreach ($routines as $file) {
if (($key = array_search($file, $sql_files)) !== false) {
unset($sql_files[$key]);
}
}
if (count($sql_files)) {
sort($sql_files);
foreach ($sql_files as $file) {
$cmd = realpath(DB_BIN) . " --defaults-file=\"" . realpath(TMP . "/defaults.tmp") . "\"" .
" --user={$uname}" .
" --host=" . DB_SERVER .
" --default-character-set=utf8 < \"$file\"";
//print "$cmd".PHP_EOL;
exec($cmd);
unlink($file);
print "Imported $file<br />";
flush();
}
foreach ($routines as $file) {
$cmd = realpath(DB_BIN) . " --defaults-file=\"" . realpath(TMP . "/defaults.tmp") . "\"" .
" --user={$uname}" .
" --host=" . DB_SERVER .
" --default-character-set=utf8 < \"$file\"";
exec($cmd);
unlink($file);
print "Imported $file<br />";
flush();
}
}
unlink(realpath(TMP . "/defaults.tmp"));
if (ping("cyberperspectives.com")) {
try {
$script = realpath(PHP_BIN) .
" -c " . realpath(PHP_CONF) .
" -f update_db.php" .
2018-07-26 08:33:50 -04:00
" -- --cpe --nvd --stig";
2018-05-07 10:51:08 -04:00
$process = new Cocur\BackgroundProcess\BackgroundProcess($script);
$process->run();
} catch (Exception $e) {
die(print_r($e, true));
}
}
}
print "</pre><br />Updated complete<br />";
if ($restart_apache) {
print "Apache or PHP configuration files were updated, please restart Apache to enact changes<br />";
}
if ($restart_mysql) {
print "MySQL configuration file was updated, please restart MySQL service to enact changes<br />";
}
print "Click <a href='/'>here</a> to resume";
exit();
}
?>
<!DOCTYPE HTML>
<html>
<head>
<title>Update Sagacity</title>
<script src='/style/5grid/jquery-1.11.3.min.js'></script>
</head>
<body>
<form method='post' action='#'>
MySQL User Name:
<input type='text' name='uname' title='Must have permissions to create/alter tables' /><br />
Password:
<input type='password' name='pwd' /><br />
<label for='reload_chk'>Reload data in database?</label>
<input type='checkbox' name='reload' id='reload_chk' value='1' title='Deletes all tables and data then reloads with baseline data' /><br />
<label for='sample_data'>Add sample data</label>
<input type='checkbox' name='sample_data' id='sample_data' value='1' title='Add sample data to database' /><br />
<input type='submit' name='submit' value='Update' />
</form>
</body>
</html>