sagacity/exec/create_risk_assessment.php

<?php

/**
 * File: create_risk_assessment.php
 * Author: Ryan Prather
 * Purpose: File to create a final risk assessment output file
 * Created: Oct 20, 2014
 *
 * Portions Copyright (c) 2012-2015, Salient Federal Solutions
 * Portions Copyright (c) 2008-2011, Science Applications International Corporation (SAIC)
 * Released under Modified BSD License
 *
 * See license.txt for details
 *
 * Change Log:
 *  - Oct 20, 2014 - File created
 */
$cmd = getopt("s:", array("debug::"));

if (isset($cmd['debug'])) {
  $path = realpath("/Users/pratherr/workspace/web/exec");
}
else {
  $path = realpath("/xampp/www/exec");
}

chdir($path);

set_time_limit(0);
set_include_path(get_include_path());

include_once 'database.inc';
include_once 'helper.inc';

$db = new db();
$log = new Sagacity_Error("Create_Risk_Assessment.log");

$ste = $db->get_STE($cmd['s'])[0];
$sys = $db->get_System_By_STE_ID($cmd['s']);
$site = $db->get_Site_By_STE_ID($cmd['s']);
$tgts = $db->get_Target_Details($cmd['s']);

$xml = new DOMDocument();
$pi = $xml->createProcessingInstruction("xml-stylesheet", 'type="text/xsl" href="diacap.xsl"');
$xml->appendChild($pi);

$xml->appendChild($report = xml_helper($xml, 'report'));
$report->appendChild($ste_node = xml_helper($xml, "ste", null, false, array(
  'start_date'           => $ste->get_Eval_Start_Date()->format("Y-m-d"),
  'end_date'             => $ste->get_Eval_End_Date()->format("Y-m-d"),
  'status'               => $ste->get_Status(),
  'ao'                   => $ste->get_AO(),
  'proc_checklist_fname' => "Procedural-eChecklist-" . $ste->get_ID() . ".xlsx"
)));
$ste_node->appendChild(xml_helper($xml, "recommendations", $ste->get_Recommendations(), true));
$ste_node->appendChild(xml_helper($xml, "conclusion", $ste->get_Conclusions(), true));
$ste_node->appendChild(xml_helper($xml, "constraints", $ste->get_Constraints(), true));
$ste_node->appendChild(xml_helper($xml, "assumptions", $ste->get_Assumptions(), true));
$ste_node->appendChild(xml_helper($xml, "residual_risk", $ste->get_Residual_Risk(), true));
$ste_node->appendChild(xml_helper($xml, "deviations", $ste->get_Deviations(), true));
$ste_node->appendChild(xml_helper($xml, "scope", $ste->get_Scope(), true));

$ste_node->appendChild($team = xml_helper($xml, "ste_team"));
foreach ($ste->get_STE_Team() as $key => $people) {
  $team->appendChild(xml_helper($xml, "member", null, false, array(
    'name'     => $people->name,
    'org'      => $people->org,
    'phone'    => $people->phone,
    'position' => $people->position
  )));
}

$report->appendChild($sys_node = xml_helper($xml, "system", null, false, array(
  'name'  => $sys->get_Name(),
  'class' => $sys->get_Classification(),
  'mac'   => $sys->get_MAC()
)));
$sys_node->appendChild(xml_helper($xml, "description", $sys->get_Description(), true));
$sys_node->appendChild(xml_helper($xml, "executive_summary", $sys->get(), true));

$report->appendchild(xml_helper($xml, "site", null, false, array(
  'name'      => $site->get_Name(),
  'address'   => $site->get_Address(),
  'city'      => $site->get_City(),
  'state'     => $site->get_State(),
  'zip'       => $site->get_Zip(),
  'country'   => $site->get_Country(),
  'poc_name'  => $site->get_POC_Name(),
  'poc_email' => $site->get_POC_Email(),
  'poc_phone' => $site->get_POC_Phone()
)));

$report->appendChild($targets = xml_helper($xml, "targets"));

foreach ($tgts as $key => $tgt) {
  $os = $db->get_Software($tgt->get_OS_ID())[0];
  $targets->appendChild($tgt_node = xml_helper($xml, "target", null, false, array(
    'name' => $tgt->get_Name(),
    'os'   => $os->get_Man() . " " . $os->get_Name() . " " . $os->get_Version()
  )));

  foreach ($tgt->interfaces as $key => $int) {
    if (false) {
      $int = new interfaces();
    }
    $tgt_node->appendChild(xml_helper($xml, "interface", null, false, array(
      'name'     => $int->get_Name(),
      'hostname' => $int->get_Hostname(),
      'ipv4'     => $int->get_IPv4(),
      'ipv6'     => $int->get_IPv6(),
      'fqdn'     => $int->get_FQDN()
    )));
  }
}

$report->appendChild($ia_node = xml_helper($xml, "ia_controls"));

$proc = $db->get_Proc_IA_Controls($ste);
foreach ($proc as $key => $ia) {
  $ia_node->appendChild($node = xml_helper($xml, "ia_control", null, false, array(
    'id'     => $ia->get_Control_ID(),
    'name'   => $ia->get_Name(),
    'status' => $ia->get_Worst_Status_String()
  )));

  $node->appendChild(xml_helper($xml, "vuln_desc", $ia->finding->vul_desc, true));
  $node->appendChild(xml_helper($xml, "mitigations", $ia->finding->mitigations, true));
  $node->appendChild(xml_helper($xml, "references", $ia->finding->reference, true));
  $node->appendChild(xml_helper($xml, "notes", $ia->finding->notes, true));
}

$xml->formatOutput = true;
$xml->save("../report/" . $sys->get_Name() . "_" . $site->get_Name() . "_" . $ste->get_Eval_Start_Date()->format("Y_m_d") . ".xml");
initial commit of SVN release repo 2018-05-07 10:51:08 -04:00			`<?php`

			`/**`
			`* File: create_risk_assessment.php`
			`* Author: Ryan Prather`
			`* Purpose: File to create a final risk assessment output file`
			`* Created: Oct 20, 2014`
			`*`
			`* Portions Copyright (c) 2012-2015, Salient Federal Solutions`
			`* Portions Copyright (c) 2008-2011, Science Applications International Corporation (SAIC)`
			`* Released under Modified BSD License`
			`*`
			`* See license.txt for details`
			`*`
			`* Change Log:`
			`* - Oct 20, 2014 - File created`
			`*/`
			`$cmd = getopt("s:", array("debug::"));`

			`if (isset($cmd['debug'])) {`
			`$path = realpath("/Users/pratherr/workspace/web/exec");`
			`}`
			`else {`
			`$path = realpath("/xampp/www/exec");`
			`}`

			`chdir($path);`

			`set_time_limit(0);`
			`set_include_path(get_include_path());`

			`include_once 'database.inc';`
			`include_once 'helper.inc';`

			`$db = new db();`
			`$log = new Sagacity_Error("Create_Risk_Assessment.log");`

			`$ste = $db->get_STE($cmd['s'])[0];`
			`$sys = $db->get_System_By_STE_ID($cmd['s']);`
			`$site = $db->get_Site_By_STE_ID($cmd['s']);`
			`$tgts = $db->get_Target_Details($cmd['s']);`

			`$xml = new DOMDocument();`
			`$pi = $xml->createProcessingInstruction("xml-stylesheet", 'type="text/xsl" href="diacap.xsl"');`
			`$xml->appendChild($pi);`

			`$xml->appendChild($report = xml_helper($xml, 'report'));`
			`$report->appendChild($ste_node = xml_helper($xml, "ste", null, false, array(`
			`'start_date' => $ste->get_Eval_Start_Date()->format("Y-m-d"),`
			`'end_date' => $ste->get_Eval_End_Date()->format("Y-m-d"),`
			`'status' => $ste->get_Status(),`
			`'ao' => $ste->get_AO(),`
			`'proc_checklist_fname' => "Procedural-eChecklist-" . $ste->get_ID() . ".xlsx"`
			`)));`
			`$ste_node->appendChild(xml_helper($xml, "recommendations", $ste->get_Recommendations(), true));`
			`$ste_node->appendChild(xml_helper($xml, "conclusion", $ste->get_Conclusions(), true));`
			`$ste_node->appendChild(xml_helper($xml, "constraints", $ste->get_Constraints(), true));`
			`$ste_node->appendChild(xml_helper($xml, "assumptions", $ste->get_Assumptions(), true));`
			`$ste_node->appendChild(xml_helper($xml, "residual_risk", $ste->get_Residual_Risk(), true));`
			`$ste_node->appendChild(xml_helper($xml, "deviations", $ste->get_Deviations(), true));`
			`$ste_node->appendChild(xml_helper($xml, "scope", $ste->get_Scope(), true));`

			`$ste_node->appendChild($team = xml_helper($xml, "ste_team"));`
			`foreach ($ste->get_STE_Team() as $key => $people) {`
			`$team->appendChild(xml_helper($xml, "member", null, false, array(`
			`'name' => $people->name,`
			`'org' => $people->org,`
			`'phone' => $people->phone,`
			`'position' => $people->position`
			`)));`
			`}`

			`$report->appendChild($sys_node = xml_helper($xml, "system", null, false, array(`
			`'name' => $sys->get_Name(),`
			`'class' => $sys->get_Classification(),`
			`'mac' => $sys->get_MAC()`
			`)));`
			`$sys_node->appendChild(xml_helper($xml, "description", $sys->get_Description(), true));`
			`$sys_node->appendChild(xml_helper($xml, "executive_summary", $sys->get(), true));`

			`$report->appendchild(xml_helper($xml, "site", null, false, array(`
			`'name' => $site->get_Name(),`
			`'address' => $site->get_Address(),`
			`'city' => $site->get_City(),`
			`'state' => $site->get_State(),`
			`'zip' => $site->get_Zip(),`
			`'country' => $site->get_Country(),`
			`'poc_name' => $site->get_POC_Name(),`
			`'poc_email' => $site->get_POC_Email(),`
			`'poc_phone' => $site->get_POC_Phone()`
			`)));`

			`$report->appendChild($targets = xml_helper($xml, "targets"));`

			`foreach ($tgts as $key => $tgt) {`
			`$os = $db->get_Software($tgt->get_OS_ID())[0];`
			`$targets->appendChild($tgt_node = xml_helper($xml, "target", null, false, array(`
			`'name' => $tgt->get_Name(),`
			`'os' => $os->get_Man() . " " . $os->get_Name() . " " . $os->get_Version()`
			`)));`

			`foreach ($tgt->interfaces as $key => $int) {`
			`if (false) {`
			`$int = new interfaces();`
			`}`
			`$tgt_node->appendChild(xml_helper($xml, "interface", null, false, array(`
			`'name' => $int->get_Name(),`
			`'hostname' => $int->get_Hostname(),`
			`'ipv4' => $int->get_IPv4(),`
			`'ipv6' => $int->get_IPv6(),`
			`'fqdn' => $int->get_FQDN()`
			`)));`
			`}`
			`}`

			`$report->appendChild($ia_node = xml_helper($xml, "ia_controls"));`

			`$proc = $db->get_Proc_IA_Controls($ste);`
			`foreach ($proc as $key => $ia) {`
			`$ia_node->appendChild($node = xml_helper($xml, "ia_control", null, false, array(`
			`'id' => $ia->get_Control_ID(),`
			`'name' => $ia->get_Name(),`
			`'status' => $ia->get_Worst_Status_String()`
			`)));`

			`$node->appendChild(xml_helper($xml, "vuln_desc", $ia->finding->vul_desc, true));`
			`$node->appendChild(xml_helper($xml, "mitigations", $ia->finding->mitigations, true));`
			`$node->appendChild(xml_helper($xml, "references", $ia->finding->reference, true));`
			`$node->appendChild(xml_helper($xml, "notes", $ia->finding->notes, true));`
			`}`

			`$xml->formatOutput = true;`
			`$xml->save("../report/" . $sys->get_Name() . "_" . $site->get_Name() . "_" . $ste->get_Eval_Start_Date()->format("Y_m_d") . ".xml");`