From 21082c7513725501dd161b465a3c1d7b2bf1b18f Mon Sep 17 00:00:00 2001 From: Ryan Prather Date: Tue, 6 Nov 2018 15:36:48 -0500 Subject: [PATCH] checklist.inc - deleted duplicate BIND 9 checklist icon entry finding.inc - removed ID property to prevent duplicate findings from being added to the table host_list.inc - deleted unused constructor import.inc - formatting db_schema.json - removed sagacity.findings.id field (making tgt_id and pdi_id new primary keys), and updated references Database_Baseline.zip - updated routines for above change background_results.php - fixed bug #19 export-ckl.php - performance adjustments parse_excel_echecklist.php - performance improvements, ensure duplicate findings are not created, make eChecklist true status, update for removing findings.id field parse_nvd_json_cve.php - convert reading json to array instead of object for reading CPEs (which were updated to CPE 2.3 instead of 2.2) parse_* - remove findings.id field database.inc - formatting, and update for removing findings.id field index.php - ensure user can't import a host list without uploading a host list file Fixed: #65, #51, #28, #27, #10 --- classes/checklist.inc | 4 +- classes/finding.inc | 21 +- classes/host_list.inc | 9 +- classes/import.inc | 1451 ++- db_schema.json | 12680 +++++++++++++------------- exec/background_results.php | 2 +- exec/export-ckl.php | 7 +- exec/parse_excel_echecklist.php | 36 +- exec/parse_host_data_collection.php | 6 +- exec/parse_mssql.php | 6 +- exec/parse_nessus.php | 10 +- exec/parse_nvd_json_cve.php | 55 +- exec/parse_scc_xccdf.php | 10 +- inc/database.inc | 7533 +++++++-------- inc/xml_parser.inc | 8 +- ste/export.php | 6 +- ste/index.php | 2 +- 17 files changed, 10873 insertions(+), 10973 deletions(-) diff --git a/classes/checklist.inc b/classes/checklist.inc index 28a550d..966da27 100644 --- a/classes/checklist.inc +++ b/classes/checklist.inc @@ -21,6 +21,7 @@ * - May 13, 2017 - Added WindowsFirewall.jpg image for checklist * - May 19, 2017 - Fixed typo for WindowsFirewall * - Aug 23, 2017 - JO, Expanded checklist icons + * - Nov 6, 2018 - Deleted duplicate BIND 9 checklist icon entry */ /** @@ -545,9 +546,6 @@ class checklist case (preg_match("/Mobile Device/i", $this->name) ? true : false): $this->icon = 'mobile-device.jpg'; break; - case (preg_match("/BIND 9/i", $this->name) ? true : false): - $this->icon = 'BIND DNS.jpg'; - break; case (preg_match("/Remote Access/i", $this->name) ? true : false): $this->icon = 'remote-access.gif'; break; diff --git a/classes/finding.inc b/classes/finding.inc index 103cced..b6944a7 100644 --- a/classes/finding.inc +++ b/classes/finding.inc @@ -22,6 +22,7 @@ * - May 25, 2017 - Fixed bug of get_Category method returning empty severity (defaults to II if empty) * - Jan 10, 2018 - Formatting * - May 24, 2018 - Simplified get_Finding_Status_ID method + * - Nov 6, 2018 - Removed ID property to keep from duplicate findings */ /** @@ -32,13 +33,6 @@ */ class finding { - /** - * Finding ID - * - * @var integer - */ - protected $id = null; - /** * Target ID * @@ -155,7 +149,6 @@ class finding { /** * Constructor * - * @param integer $int_ID * @param integer $int_Tgt_ID * @param integer $int_PDI_ID * @param integer $int_Scan_ID @@ -165,8 +158,7 @@ class finding { * @param string $str_Orig_Src * @param integer $int_Finding_Itr */ - public function __construct($int_ID, $int_Tgt_ID, $int_PDI_ID, $int_Scan_ID, $Finding_Status, $str_Notes, $int_Change_ID, $str_Orig_Src, $int_Finding_Itr) { - $this->id = $int_ID; + public function __construct($int_Tgt_ID, $int_PDI_ID, $int_Scan_ID, $Finding_Status, $str_Notes, $int_Change_ID, $str_Orig_Src, $int_Finding_Itr) { $this->tgt_id = $int_Tgt_ID; $this->pdi_id = $int_PDI_ID; $this->scan_id = $int_Scan_ID; @@ -182,15 +174,6 @@ class finding { $this->finding_itr = $int_Finding_Itr; } - /** - * Getter function for Finding ID - * - * @return integer - */ - public function get_ID() { - return $this->id; - } - /** * Getter function for target ID * diff --git a/classes/host_list.inc b/classes/host_list.inc index 1594b6d..6e1f39c 100644 --- a/classes/host_list.inc +++ b/classes/host_list.inc @@ -13,6 +13,7 @@ * Change Log: * - Jan 16, 2018 - File created * - Feb 6, 2018 - Added getter/setter methods + * - Nov 6, 2018 - Deleted unused constructor */ /** @@ -65,14 +66,6 @@ class host_list */ private $_scanNotes = null; - /** - * Constructor - */ - public function __construct() - { - - } - /** * Getter function for _targetId * diff --git a/classes/import.inc b/classes/import.inc index dd7fc5a..db9c6bb 100644 --- a/classes/import.inc +++ b/classes/import.inc @@ -39,85 +39,89 @@ include_once 'vendor/autoload.php'; * * @author Ryan Prather */ -class import { +class import +{ - /** - * The current include_once path - * - * @var string - */ - protected $current_path = ''; + /** + * The current include_once path + * + * @var string + */ + protected $current_path = ''; - /** - * String array of regular expressions. - * Files matching these expressions will be skipped - * - * @var string - */ - protected $SKIP = array( - '/HBSS/i', - '/SharePoint/i', - '/ISSE/i', - '/_[Mm]ac/i', - '/Guard/i', - '/SME_PED/i', - '/_zOS_/i', - '/BlackBerry/i', - '/C2\-Fix/i', - '/Enclave_Zone/i', - '/General_Mobile/i', - '/Remote_/i', - '/_Tandem/i', - '/xenapp/i', - '/internet/i', - '/android/i', - '/JVAP/i', - '/apple/i', - '/OpenVMS/i', - '/VVoIP/i', - '/Wireless/i', - '/REL-LAN/i', - '/dictionary/i', - '/IBM_/i', - '/Smartphone/i', - '/Exchange/i', - '/Juniper/i', - '/Mobility/i', - '/ESXi/i', - '/FW_SRG/i', - '/PlayBook_OS/i', - '/vCenter_Server/i' - ); + /** + * String array of regular expressions. + * Files matching these expressions will be skipped + * + * @var string + */ + protected $SKIP = array( + '/HBSS/i', + '/SharePoint/i', + '/ISSE/i', + '/_[Mm]ac/i', + '/Guard/i', + '/SME_PED/i', + '/_zOS_/i', + '/BlackBerry/i', + '/C2\-Fix/i', + '/Enclave_Zone/i', + '/General_Mobile/i', + '/Remote_/i', + '/_Tandem/i', + '/xenapp/i', + '/internet/i', + '/android/i', + '/JVAP/i', + '/apple/i', + '/OpenVMS/i', + '/VVoIP/i', + '/Wireless/i', + '/REL-LAN/i', + '/dictionary/i', + '/IBM_/i', + '/Smartphone/i', + '/Exchange/i', + '/Juniper/i', + '/Mobility/i', + '/ESXi/i', + '/FW_SRG/i', + '/PlayBook_OS/i', + '/vCenter_Server/i' + ); - /** - * Class constructor - */ - public function __construct() { - set_time_limit(0); - } - - /** - * Class destructor to reset the include_once path and time limits - */ - public function __destruct() { - set_time_limit(30); - } - - /** - * Function to scan the tmp directory for result files and call the appropriate parsers - */ - public function scan_Result_Files($redirect = true) { - chdir(DOC_ROOT . "/exec"); - - $ignore = filter_input(INPUT_POST, 'ignore', FILTER_VALIDATE_BOOLEAN) ? "true" : "false"; - $doc_root = realpath(DOC_ROOT); - $ste = filter_input(INPUT_COOKIE, 'ste', FILTER_VALIDATE_INT); - if (!$ste) { - $ste = filter_input(INPUT_POST, 'ste', FILTER_VALIDATE_INT); + /** + * Class constructor + */ + public function __construct() + { + set_time_limit(0); } - $location = filter_input(INPUT_POST, 'location', FILTER_SANITIZE_STRING); - $conf = <<run(); + + if ($redirect) { + header("/results/"); + } } - $script = realpath(defined('PHP_BIN') ? PHP_BIN : PHP) . - " -c " . realpath(PHP_CONF) . - " -f " . realpath(DOC_ROOT . "/exec/background_results.php"); + /** + * Function to scan '/xampp/www/tmp' directory for catalog files + */ + public function scan_Catalog_Files() + { + chdir(DOC_ROOT . "/tmp"); + $files = glob("*"); - if (LOG_LEVEL == E_DEBUG) { - Sagacity_Error::err_handler("Script to execute: $script", E_DEBUG); + foreach ($files as $file) { + if (substr($file, - 3) == 'zip') { + // $this->import_STIG_ZIP("../tmp/$file"); + } elseif (preg_match('/pdi\-|\_catalog/i', $file)) { + // $this->import_PDI_CSV("../tmp/$file"); + } elseif (preg_match('/\-xccdf\.xml$/i', $file)) { + // $this->import_STIG("../tmp/$file"); + } + } } - $process = new Cocur\BackgroundProcess\BackgroundProcess("cd " . realpath(DOC_ROOT . "/exec") . " && " . $script); - $process->run(); + /** + * Function to scan host data files and import findings + */ + public function import_Host_Data_Collection() + { + $db = new db(); - if ($redirect) { - header("/results/"); - } - } + $doc_root = realpath(DOC_ROOT); + $overwrite = (isset($_REQUEST['overwrite']) && $_REQUEST['overwrite'] ? "true" : "false"); - /** - * Function to scan '/xampp/www/tmp' directory for catalog files - */ - public function scan_Catalog_Files() { - chdir(DOC_ROOT . "/tmp"); - $files = glob("*"); - - foreach ($files as $file) { - if (substr($file, -3) == 'zip') { - // $this->import_STIG_ZIP("../tmp/$file"); - } - elseif (preg_match('/pdi\-|\_catalog/i', $file)) { - // $this->import_PDI_CSV("../tmp/$file"); - } - elseif (preg_match('/\-xccdf\.xml$/i', $file)) { - // $this->import_STIG("../tmp/$file"); - } - } - } - - /** - * Function to scan host data files and import findings - */ - public function import_Host_Data_Collection() { - $db = new db(); - - $doc_root = realpath(DOC_ROOT); - $overwrite = (isset($_REQUEST['overwrite']) && $_REQUEST['overwrite'] ? "true" : "false"); - - $conf = <<CurrentDirectory = DOC_ROOT; - $shell->run($script, 0, false); - } - elseif (substr(strtolower(PHP_OS), 0, 3) == 'lin') { - exec("$script > /dev/null &"); - } - else { - Sagacity_Error::err_handler("Unknown OS: " . PHP_OS); - } - - - header("Location: /ste/"); - } - - /** - * function to import PDI CSV file to database - */ - public function import_PDI_CSV() { - $db = new db(); - - $handle = fopen(DOC_ROOT . "/tmp/All-PDI-Catalog.csv", "r"); - $data = fgetcsv($handle); - $data = fgetcsv($handle); - - while ($data = fgetcsv($handle)) { - $catalog = array( - 'stig_id' => (isset($data[0]) ? $data[0] : ""), - 'vms_id' => (isset($data[1]) ? $data[1] : ""), - 'cat_lvl' => (isset($data[2]) ? $data[2] : "II"), - 'ia_controls' => (isset($data[3]) ? $data[3] : ""), - 'short_title' => (isset($data[4]) ? $data[4] : ""), - 'description' => (isset($data[5]) ? $data[5] : ""), - 'notes' => (isset($data[6]) ? $data[6] : ""), - 'retina_id' => (isset($data[7]) ? $data[7] : ""), - 'vul_id' => (isset($data[8]) ? $data[8] : ""), - 'check_contents' => (isset($data[9]) ? $data[9] : ""), - 'sv_rule_id' => (isset($data[10]) ? $data[10] : ""), - 'nessus_id' => (isset($data[11]) ? $data[11] : "") - ); - - if ($catalog['stig_id'] != 'No Reference') { - $ref = $db->get_STIG($catalog['stig_id']); - } - - if (is_null($ref) && $catalog['vms_id'] != 'No Reference') { - $ref = $db->get_GoldDisk($catalog['vms_id']); - } - - if (is_array($ref) && count($ref) && isset($ref[0])) { - $ref = $ref[0]; - } - - if (!is_null($ref)) { - $pdi = new pdi($ref->get_PDI_ID(), $catalog['cat_lvl'], "NOW"); - $pdi->set_Short_Title($catalog['short_title']); - $pdi->set_Group_Title($catalog['short_title']); - $pdi->set_Description($catalog['description']); - - if ($catalog['ia_controls']) { - $ia_controls = array(); - foreach (explode(" ", $catalog['ia_controls']) as $ia) { - $ia_controls[] = new ia_control($ref->get_PDI_ID(), substr($ia, 0, -2), substr($ia, -1)); - } - - if (!$db->save_IA_Control($ia_controls)) { - print "error updating ia controls on id: " . $ref->get_ID() . "
"; - } + if (substr(strtolower(PHP_OS), 0, 3) == 'win') { + $shell = new COM("WScript.Shell"); + $shell->CurrentDirectory = DOC_ROOT; + $shell->run($script, 0, false); + } elseif (substr(strtolower(PHP_OS), 0, 3) == 'lin') { + exec("$script > /dev/null &"); + } else { + Sagacity_Error::err_handler("Unknown OS: " . PHP_OS); } - // Check for retina data - if ($catalog['retina_id']) { - $retina = new retina($ref->get_PDI_ID(), $catalog['retina_id']); - - if (!$db->save_Retina($retina)) { - print "error updating retina id: " . $catalog['retina_id'] . "
"; - } - } - - // Vul_ID - if ($catalog['vul_id']) { - - } - - if ($catalog['sv_rule_id']) { - $sv_rule = array(); - foreach (explode(" ", $catalog['sv_rule_id']) as $rule) { - $sv_rule[] = new sv_rule($ref->get_PDI_ID(), $rule); - } - - if (!$db->save_SV_Rule($sv_rule)) { - print "error updating sv rule on pdi: " . $ref->get_ID() . "
"; - } - } - - if ($catalog['nessus_id']) { - $nessus = new nessus($ref->get_PDI_ID(), $catalog['nessus_id']); - - if (!$db->save_Nessus($nessus)) { - print "error updating nessus id: " . $catalog['nessus_id'] . "
"; - } - } - } - else { - $pdi = new pdi(0, $catalog['cat_lvl'], "NOW"); - $pdi->set_Short_Title($catalog['short_title']); - $pdi->set_Group_Title($catalog['short_title']); - $pdi->set_Description($catalog['description']); - - $pdi_id = $db->save_PDI($pdi); - - if ($catalog['stig_id'] != 'No Reference') { - $stig = new stig($pdi_id, $catalog['stig_id'], $catalog['description']); - $ref = $stig; - $db->add_Stig($stig); - } - - if ($catalog['vms_id'] != 'No Reference') { - $golddisk = new golddisk($pdi_id, $catalog['vms_id'], $catalog['short_title']); - - if ($ref == null) { - $ref = $golddisk; - } - - $db->save_GoldDisk($golddisk); - } - - if ($catalog['ia_controls']) { - $ia_controls = array(); - foreach (explode(" ", $catalog['ia_controls']) as $ia) { - $ia_controls[] = new ia_control($pdi_id, substr($ia, 0, -2), substr($ia, -1)); - } - - if (!$db->save_IA_Control($ia_controls)) { - print "error updating ia controls on pdi_id: " . $ref->get_ID() . "
"; - } - } - - // Check for retina data - if ($catalog['retina_id']) { - $retina = new retina($pdi_id, $catalog['retina_id']); - - if (!$db->save_Retina($retina)) { - print "error updating retina id: " . $catalog['retina_id'] . "
"; - } - } - - // Vul_ID - if ($catalog['vul_id']) { - - } - - // sv_rule - if ($catalog['sv_rule_id']) { - $sv_rule = array(); - foreach (explode(" ", $catalog['sv_rule_id']) as $rule) { - $sv_rule[] = new sv_rule($pdi_id, $rule); - } - - if (!$db->save_SV_Rule($sv_rule)) { - print "error updating sv rule on pdi: " . $ref->get_ID() . "
"; - } - } - - if ($catalog['nessus_id']) { - $nessus = new nessus($pdi_id, $catalog['nessus_id']); - - if (!$db->save_Nessus($nessus)) { - print "error updating nessus id: " . $catalog['nessus_id'] . "
"; - } - } - } - } - fclose($handle); - } - - /** - * function for SRR script - * runs script net-SRR.pl - * exports a csv format file - */ - public function net_SRR() { - - } - - /** - * function for unix SRR conversion to csv - * runs script unix-xml-to-echecklist.pl - * runs script unix-srr-to-csv.pl - */ - public function unix_srr_to_csv() { - - } - - /** - * Function to import DISA STIG content to database - * - * @param array $request - */ - public function import_STIG_XML($request = array()) { - $script = realpath(defined('PHP_BIN') ? PHP_BIN : PHP) . " " . - realpath(DOC_ROOT . "/exec/background_stigs.php") . " " . - (isset($request['delete']) ? ' --delete' : '') . - (isset($request['override']) ? " --ia" : ""); - - $shell = new COM("WScript.Shell"); - $shell->CurrentDirectory = DOC_ROOT . "/exec"; - $shell->run($script, 0, false); - - header("location: " . $_SERVER['HTTP_REFERER']); - } - - /** - * Function to convert a retina CSV to an eChecklist and store on database - */ - public function retina_csv_echecklist() { - $files = glob('*.csv'); - $db = new db(); - - $source = $db->get_Sources('Retina'); - $ste = $db->get_STE($_REQUEST['ste'])[0]; - - foreach ($files as $file) { - $scan = new scan(null, $source, $ste, '1', $file, 'CURRENT_TIMESTAMP'); - $db->save_Scan($scan); - - exec(PERL . "/perl " . DOC_ROOT . "/exec/retina-csv-to-echecklist.pl " . DOC_ROOT . "/tmp/$file --db", $output, $result); - } - } - - /** - * function to import golddisk info into scans table - * runs script golddisk-xml-to-echecklist.pl - */ - public function golddisk_xml_echecklist() { - $files = glob('*.xml'); - $db = new db(); - - $source = $db->get_Sources('Golddisk'); - $ste = $db->get_STE($_REQUEST['ste'])[0]; - - foreach ($files as $file) { - $scan = new scan(null, $source, $ste, '1', $file, 'CURRENT_TIMESTAMP'); - $db->save_Scan($scan); - - exec(PERL . "/perl " . DOC_ROOT . "/exec/golddisk-xml-to-echecklist.pl " . DOC_ROOT . "/tmp/$file --db", $output, $result); - } - } - - /** - * - */ - public function import_IAVM_CVE() { - $filename = '../tmp/iavm-to-cve(u).xml'; - $xml = simplexml_load_file($filename); - $db = new db(); - - foreach ($xml->IAVM as $iavm) { - $vms_id = preg_replace('/V[0]+/', 'V-', (string) $iavm->S['VMSKey']); - $stig_id = (string) $iavm->S['IAVM']; - $title = (string) $iavm->S['Title']; - $release_date = DateTime::createFromFormat('d M Y', $iavm->S['ReleaseDate']); - $revision_date = DateTime::createFromFormat('d M Y', $iavm->Revision['Date']); - - $cves_tags = $iavm->CVEs; - $cves = array(); - - $pdi = $db->get_Stig($stig_id); - if (is_array($pdi) && count($pdi) && isset($pdi[0]) && is_a($pdi[0], 'stig')) { - $pdi = $pdi[0]; - } - - if (is_null($pdi)) { - $pdi = $db->get_GoldDisk($vms_id); - if (is_array($pdi) && count($pdi) && isset($pdi[0]) && is_a($pdi[0], 'golddisk')) { - $pdi = $pdi[0]; - } - } - - if (is_null($pdi)) { - $cat_lvl = substr_count((string) $iavm->S['Severity'], 'I'); - $pdi = new pdi(null, $cat_lvl, (string) $iavm->S['ReleaseDate']); - $pdi->set_Short_Title($title); - $pdi->set_Group_Title($title); - $pdi->set_Description($title); - $pdi_id = $db->save_PDI($pdi); - - $stig = new stig($pdi_id, $stig_id, $title); - $db->add_Stig($stig); - - $golddisk = new golddisk($pdi_id, $vms_id, $title); - $db->save_GoldDisk($golddisk); - } - else { - $pdi_id = $pdi->get_PDI_ID(); - } - - foreach ($cves_tags->CVENumber as $cve) { - $cve_id = (string) $cve; - - $cves[] = new cve(null, $cve_id, $release_date, $title); - } - - $db->add_CVE($cves); - - $ref_tags = $iavm->References; - $refs = array(); - - foreach ($ref_tags->Reference as $ref) { - $ref_type = ''; - $adv_id = ''; - $url = (string) $ref['URL']; - $name = (string) $ref['RefName']; - $match = array(); - - $refs[] = new advisory($pdi_id, $adv_id, $name, $ref_type, $url); - } + header("Location: /ste/"); } - $ref = $row[8]; - $url = $row[9]; - - if (strpos($ref, 'Microsoft') !== false) { - $x++; - $type = 'Microsoft'; - $ret = preg_match('/(MS\d{2}\-\d{3}|KB\d{6,7}|\d{6,7})/', $ref, $match); - - if (count($match)) { - $id = $match[1]; - } - } - elseif (strpos($ref, 'Adobe') !== false) { - $x++; - $type = 'Adobe'; - $ret = preg_match('/(APSA\d{2}\-\d{2}|APSB\d{2}\-\d{2})/', $ref, $match); - - if (count($match)) { - $id = $match[1]; - } - } - elseif (strpos($ref, 'Apache') !== false) { - $x++; - $type = 'Apache'; - $ret = preg_match('/(CVE\-\d{4}\-\d{4}|S\d\-\d{3})/', $ref, $match); - - if (count($match)) { - $id = $match[1]; - } - } - elseif (strpos($ref, 'CERT') !== false) { - $x++; - $type = 'US-CERT'; - $match = array(); - - if (strpos($url, 'techalerts') !== false) { - $ret = preg_match('/(TA\d{2}\-\d{3}\s).html/', $url, $match); - } - elseif (strpos($url, 'vuls') !== false) { - $ret = preg_match('/([^\/]+)$/', $url, $match); - } - - if (count($match)) { - $id = $match[1]; - } - } - elseif (strpos($ref, 'Cisco') !== false) { - $x++; - $type = 'Cisco'; - $ret = preg_match('/([^\/]+)(\.s?html)$/', $url, $match); - - if (count($match) > 0) { - $id = $match[1]; - } - else { - $ret = preg_match('/([^\/]+)$/', $url, $match); - if (count($match)) { - $id = $match[1]; - } - } - } - elseif (strpos($ref, 'Citrix') !== false) { - $x++; - $type = 'Citrix'; - $ret = preg_match('/([^\/]+)$/', $url, $match); - - if (count($match)) { - $id = $match[1]; - } - } - elseif (strpos($ref, 'Debian') !== false) { - $x++; - $type = 'Debian'; - $ret = preg_match('/([^\/]+)$/', $url, $match); - - if (count($match)) { - $id = $match[1]; - } - } - elseif (strpos($ref, 'HP') !== false) { - $x++; - $type = 'HP'; - $ret = preg_match('/(HPSB\S+\ SSRT\S+)[\ ?\)?]/', $ref, $match); - - if (count($match)) { - $id = $match[1]; - } - else { - $ret = preg_match('/(HPSB\S+)[\ ?\)?]/', $ref, $match); - if (count($match)) { - $id = $match[1]; - } - } - } - elseif (strpos($ref, 'IBM') !== false) { - $x++; - $type = 'IBM'; - $ret = preg_match('/(\d{5,8})/', $ref, $match); - - if (count($match)) { - $id = $match[1]; - } - else { - $ret = preg_match('/([^\=|\/]+)$/', $url, $match); - if (count($match)) { - $id = $match[1]; - } - } - } - elseif (strpos($ref, 'Juniper') !== false) { - $x++; - $type = 'Juniper'; - $ret = preg_match('/(PSN\-\d{4}\-\d{2}\-\d{3}|JSA\d{5})/', $url, $match); - - if (count($match)) { - $id = $match[1]; - } - } - elseif (strpos($ref, 'Oracle') !== false) { - $x++; - $type = 'Oracle'; - $url = basename($url); - $ret = preg_match('/([\S]+)\.html/', $url, $match); - - if (count($match)) { - $id = $match[1]; - } - } - elseif (strpos($ref, 'McAfee') !== false) { - $x++; - $type = 'McAfee'; - $query = parse_query($url); - - if (count($match)) { - $id = isset($query['id']) ? $query['id'] : ''; - } - } - elseif (strpos($ref, 'Red Hat') !== false) { - $x++; - $type = 'Red Hat'; - $ret = preg_match('/([^\/]+)\.html/', $url, $match); - - if (count($match)) { - $id = $match[1]; - } - } - elseif (strpos($ref, 'Secunia') !== false) { - $x++; - $type = 'Secunia'; - $ret = preg_match('/([^\/]+)\/([^\/]+)\/?$/', $url, $match); - - if (count($match)) { - if ($match[2] == 'advisory') { - $id = $match[1]; - } - elseif (is_numeric($match[1]) && count($match[2]) == 1) { - $id = $match[1]; - } - else { - $id = $match[2]; - } - } - } - elseif (strpos($url, 'securitytracker') !== false) { - $x++; - $type = 'Security Tracker'; - $ret = preg_match('/([^\/]+)\.html$/', $url, $match); - - if (count($match)) { - $id = $match[1]; - } - } - elseif (strpos($ref, 'SecurityFocus') !== false) { - $x++; - $type = 'SecurityFocus'; - $ret = preg_match('/([^\/]+)\/?$/', $url, $match); - - if (count($match)) { - if ($match[1] != 'info') { - $id = $match[1]; - } - else { - $ret = preg_match('/([^\/]+)\/info/', $url, $match); - $id = $match[1]; - } - } - } - elseif (strpos($ref, 'Sun') !== false) { - $x++; - $type = 'Sun'; - $query = parse_query($url); - - $id = isset($query['assetkey']) ? $query['assetkey'] : ''; - - if (!$id) { - $ret = preg_match('/([^\/]+)$/', parse_url($url, PHP_URL_PATH), $match); - $id = $match[1]; - } - } - elseif (strpos($ref, 'Symantec') !== false) { - $x++; - $type = 'Symantec'; - $ret = preg_match('/(\d{5}|SYM\d{2}\-\d{3})/', $ref, $match); - - if (count($match)) { - $id = $match[1]; - } - } - elseif (strpos($url, 'ZDI') !== false) { - $x++; - $type = 'ZDI'; - $ret = preg_match('/([^\/]+)(\.html|\/)$/', $url, $match); - - if (count($match)) { - $id = $match[1]; - } - } - elseif (strpos($ref, 'Wireshark') !== false) { - $x++; - $type = 'Wireshark'; - $ret = preg_match('/([^\/]+)\.html$/', $url, $match); - - if (count($match)) { - $id = $match[1]; - } - } - } - - /** - * - * @param string $in - * @return multitype:Ambigous <> - */ - public function parse_query($in) { /** - * Use this function to parse out the query array element from - * the output of parse_url(). + * function to import PDI CSV file to database */ - $query_string = substr($in, strpos($in, '?') + 1); - $query_arr = explode('&', $query_string); - $arr = array(); + public function import_PDI_CSV() + { + $db = new db(); - foreach ($query_arr as $val) { - $x = explode('=', $val); - $arr[$x[0]] = isset($x[1]) ? $x[1] : ''; + $handle = fopen(DOC_ROOT . "/tmp/All-PDI-Catalog.csv", "r"); + $data = fgetcsv($handle); + $data = fgetcsv($handle); + + while ($data = fgetcsv($handle)) { + $catalog = array( + 'stig_id' => (isset($data[0]) ? $data[0] : ""), + 'vms_id' => (isset($data[1]) ? $data[1] : ""), + 'cat_lvl' => (isset($data[2]) ? $data[2] : "II"), + 'ia_controls' => (isset($data[3]) ? $data[3] : ""), + 'short_title' => (isset($data[4]) ? $data[4] : ""), + 'description' => (isset($data[5]) ? $data[5] : ""), + 'notes' => (isset($data[6]) ? $data[6] : ""), + 'retina_id' => (isset($data[7]) ? $data[7] : ""), + 'vul_id' => (isset($data[8]) ? $data[8] : ""), + 'check_contents' => (isset($data[9]) ? $data[9] : ""), + 'sv_rule_id' => (isset($data[10]) ? $data[10] : ""), + 'nessus_id' => (isset($data[11]) ? $data[11] : "") + ); + + if ($catalog['stig_id'] != 'No Reference') { + $ref = $db->get_STIG($catalog['stig_id']); + } + + if (is_null($ref) && $catalog['vms_id'] != 'No Reference') { + $ref = $db->get_GoldDisk($catalog['vms_id']); + } + + if (is_array($ref) && count($ref) && isset($ref[0])) { + $ref = $ref[0]; + } + + if (! is_null($ref)) { + $pdi = new pdi($ref->get_PDI_ID(), $catalog['cat_lvl'], "NOW"); + $pdi->set_Short_Title($catalog['short_title']); + $pdi->set_Group_Title($catalog['short_title']); + $pdi->set_Description($catalog['description']); + + if ($catalog['ia_controls']) { + $ia_controls = array(); + foreach (explode(" ", $catalog['ia_controls']) as $ia) { + $ia_controls[] = new ia_control($ref->get_PDI_ID(), substr($ia, 0, - 2), substr($ia, - 1)); + } + + if (! $db->save_IA_Control($ia_controls)) { + print "error updating ia controls on id: " . $ref->get_ID() . "
"; + } + } + + // Check for retina data + if ($catalog['retina_id']) { + $retina = new retina($ref->get_PDI_ID(), $catalog['retina_id']); + + if (! $db->save_Retina($retina)) { + print "error updating retina id: " . $catalog['retina_id'] . "
"; + } + } + + // Vul_ID + if ($catalog['vul_id']) {} + + if ($catalog['sv_rule_id']) { + $sv_rule = array(); + foreach (explode(" ", $catalog['sv_rule_id']) as $rule) { + $sv_rule[] = new sv_rule($ref->get_PDI_ID(), $rule); + } + + if (! $db->save_SV_Rule($sv_rule)) { + print "error updating sv rule on pdi: " . $ref->get_ID() . "
"; + } + } + + if ($catalog['nessus_id']) { + $nessus = new nessus($ref->get_PDI_ID(), $catalog['nessus_id']); + + if (! $db->save_Nessus($nessus)) { + print "error updating nessus id: " . $catalog['nessus_id'] . "
"; + } + } + } else { + $pdi = new pdi(0, $catalog['cat_lvl'], "NOW"); + $pdi->set_Short_Title($catalog['short_title']); + $pdi->set_Group_Title($catalog['short_title']); + $pdi->set_Description($catalog['description']); + + $pdi_id = $db->save_PDI($pdi); + + if ($catalog['stig_id'] != 'No Reference') { + $stig = new stig($pdi_id, $catalog['stig_id'], $catalog['description']); + $ref = $stig; + $db->add_Stig($stig); + } + + if ($catalog['vms_id'] != 'No Reference') { + $golddisk = new golddisk($pdi_id, $catalog['vms_id'], $catalog['short_title']); + + if ($ref == null) { + $ref = $golddisk; + } + + $db->save_GoldDisk($golddisk); + } + + if ($catalog['ia_controls']) { + $ia_controls = array(); + foreach (explode(" ", $catalog['ia_controls']) as $ia) { + $ia_controls[] = new ia_control($pdi_id, substr($ia, 0, - 2), substr($ia, - 1)); + } + + if (! $db->save_IA_Control($ia_controls)) { + print "error updating ia controls on pdi_id: " . $ref->get_ID() . "
"; + } + } + + // Check for retina data + if ($catalog['retina_id']) { + $retina = new retina($pdi_id, $catalog['retina_id']); + + if (! $db->save_Retina($retina)) { + print "error updating retina id: " . $catalog['retina_id'] . "
"; + } + } + + // Vul_ID + if ($catalog['vul_id']) {} + + // sv_rule + if ($catalog['sv_rule_id']) { + $sv_rule = array(); + foreach (explode(" ", $catalog['sv_rule_id']) as $rule) { + $sv_rule[] = new sv_rule($pdi_id, $rule); + } + + if (! $db->save_SV_Rule($sv_rule)) { + print "error updating sv rule on pdi: " . $ref->get_ID() . "
"; + } + } + + if ($catalog['nessus_id']) { + $nessus = new nessus($pdi_id, $catalog['nessus_id']); + + if (! $db->save_Nessus($nessus)) { + print "error updating nessus id: " . $catalog['nessus_id'] . "
"; + } + } + } + } + fclose($handle); } - unset($val, $x, $var); - return $arr; - } - /** - * Function for fixing a DISA OVAL file - */ - public function fix_Oval() { - chdir("../tmp"); - $files = glob("*-oval.xml"); - $ret = ''; - $db = new db(); + /** + * function for SRR script + * runs script net-SRR.pl + * exports a csv format file + */ + public function net_SRR() + {} - foreach ($files as $file) { - $xml = new DOMDocument(); - if (!$xml->load($file)) { - error_log("error reading xml file"); - } - $xml->formatOutput = true; - $xml->preserveWhiteSpace = true; - $const_arr = null; + /** + * function for unix SRR conversion to csv + * runs script unix-xml-to-echecklist.pl + * runs script unix-srr-to-csv.pl + */ + public function unix_srr_to_csv() + {} - $variables = $xml->getElementsByTagName("variables") - ->item(0); - $first_node = $variables->firstChild; - while ($node = $xml->getElementsByTagName("external_variable") - ->item(0)) { - $id = $node->getAttribute("id"); - $id = explode(':', $id)[3]; + /** + * Function to import DISA STIG content to database + * + * @param array $request + */ + public function import_STIG_XML($request = array()) + { + $script = realpath(defined('PHP_BIN') ? PHP_BIN : PHP) . " " . realpath(DOC_ROOT . "/exec/background_stigs.php") . " " . (isset($request['delete']) ? ' --delete' : '') . (isset($request['override']) ? " --ia" : ""); - $comment = $node->getAttribute("comment"); - $ver = $node->getAttribute("version"); - $datatype = $node->getAttribute("datatype"); + $shell = new COM("WScript.Shell"); + $shell->CurrentDirectory = DOC_ROOT . "/exec"; + $shell->run($script, 0, false); - $tmp = $db->get_Oval_Const($id); - $const_arr[$tmp['const_id']]['values'] = $tmp['values']; - $const_arr[$tmp['const_id']]['ver'] = $ver; - $const_arr[$tmp['const_id']]['datatype'] = $datatype; - $const_arr[$tmp['const_id']]['comment'] = $comment; + header("location: " . $_SERVER['HTTP_REFERER']); + } - $var_com = $xml->createElement('variable_component'); - $var_com->setAttribute('var_ref', "oval:smc.gpea.windows:var:" . $tmp['const_id']); + /** + * Function to convert a retina CSV to an eChecklist and store on database + */ + public function retina_csv_echecklist() + { + $files = glob('*.csv'); + $db = new db(); - $loc_var = $xml->createElement('local_variable'); - $loc_var->setAttribute('id', "oval:mil.disa.fso.windows:var:" . $id); - $loc_var->setAttribute('version', $ver); - $loc_var->setAttribute('datatype', $datatype); - $loc_var->setAttribute('comment', $comment); - $loc_var->appendChild($var_com); + $source = $db->get_Sources('Retina'); + $ste = $db->get_STE($_REQUEST['ste'])[0]; - $variables->replaceChild($loc_var, $node); - } + foreach ($files as $file) { + $scan = new scan(null, $source, $ste, '1', $file, 'CURRENT_TIMESTAMP'); + $db->save_Scan($scan); - foreach ($const_arr as $key => $value) { - $const_var = $xml->createElement('constant_variable'); - $const_var->setAttribute('id', 'oval:smc.gpea.windows:var:' . $key); - $const_var->setAttribute('version', $const_arr[$key]['ver']); - $const_var->setAttribute('datatype', $const_arr[$key]['datatype']); - $const_var->setAttribute('comment', $const_arr[$key]['comment']); + exec(PERL . "/perl " . DOC_ROOT . "/exec/retina-csv-to-echecklist.pl " . DOC_ROOT . "/tmp/$file --db", $output, $result); + } + } - foreach ($value['values'] as $val) { - $txt = $xml->createTextNode($val); - $val_var = $xml->createElement("value"); - $val_var->appendChild($txt); + /** + * function to import golddisk info into scans table + * runs script golddisk-xml-to-echecklist.pl + */ + public function golddisk_xml_echecklist() + { + $files = glob('*.xml'); + $db = new db(); - $const_var->appendChild($val_var); + $source = $db->get_Sources('Golddisk'); + $ste = $db->get_STE($_REQUEST['ste'])[0]; + + foreach ($files as $file) { + $scan = new scan(null, $source, $ste, '1', $file, 'CURRENT_TIMESTAMP'); + $db->save_Scan($scan); + + exec(PERL . "/perl " . DOC_ROOT . "/exec/golddisk-xml-to-echecklist.pl " . DOC_ROOT . "/tmp/$file --db", $output, $result); + } + } + + /** + */ + public function import_IAVM_CVE() + { + $filename = '../tmp/iavm-to-cve(u).xml'; + $xml = simplexml_load_file($filename); + $db = new db(); + + foreach ($xml->IAVM as $iavm) { + $vms_id = preg_replace('/V[0]+/', 'V-', (string) $iavm->S['VMSKey']); + $stig_id = (string) $iavm->S['IAVM']; + $title = (string) $iavm->S['Title']; + $release_date = DateTime::createFromFormat('d M Y', $iavm->S['ReleaseDate']); + $revision_date = DateTime::createFromFormat('d M Y', $iavm->Revision['Date']); + + $cves_tags = $iavm->CVEs; + $cves = array(); + + $pdi = $db->get_Stig($stig_id); + if (is_array($pdi) && count($pdi) && isset($pdi[0]) && is_a($pdi[0], 'stig')) { + $pdi = $pdi[0]; + } + + if (is_null($pdi)) { + $pdi = $db->get_GoldDisk($vms_id); + if (is_array($pdi) && count($pdi) && isset($pdi[0]) && is_a($pdi[0], 'golddisk')) { + $pdi = $pdi[0]; + } + } + + if (is_null($pdi)) { + $cat_lvl = substr_count((string) $iavm->S['Severity'], 'I'); + $pdi = new pdi(null, $cat_lvl, (string) $iavm->S['ReleaseDate']); + $pdi->set_Short_Title($title); + $pdi->set_Group_Title($title); + $pdi->set_Description($title); + $pdi_id = $db->save_PDI($pdi); + + $stig = new stig($pdi_id, $stig_id, $title); + $db->add_Stig($stig); + + $golddisk = new golddisk($pdi_id, $vms_id, $title); + $db->save_GoldDisk($golddisk); + } else { + $pdi_id = $pdi->get_PDI_ID(); + } + + foreach ($cves_tags->CVENumber as $cve) { + $cve_id = (string) $cve; + + $cves[] = new cve(null, $cve_id, $release_date, $title); + } + + $db->add_CVE($cves); + + $ref_tags = $iavm->References; + $refs = array(); + + foreach ($ref_tags->Reference as $ref) { + $ref_type = ''; + $adv_id = ''; + $url = (string) $ref['URL']; + $name = (string) $ref['RefName']; + $match = array(); + + $refs[] = new advisory($pdi_id, $adv_id, $name, $ref_type, $url); + } } - $variables->appendChild($const_var); - } + $ref = $row[8]; + $url = $row[9]; - rename($file, "oval\\$file"); - return $xml->saveXML(); + if (strpos($ref, 'Microsoft') !== false) { + $x ++; + $type = 'Microsoft'; + $ret = preg_match('/(MS\d{2}\-\d{3}|KB\d{6,7}|\d{6,7})/', $ref, $match); + + if (count($match)) { + $id = $match[1]; + } + } elseif (strpos($ref, 'Adobe') !== false) { + $x ++; + $type = 'Adobe'; + $ret = preg_match('/(APSA\d{2}\-\d{2}|APSB\d{2}\-\d{2})/', $ref, $match); + + if (count($match)) { + $id = $match[1]; + } + } elseif (strpos($ref, 'Apache') !== false) { + $x ++; + $type = 'Apache'; + $ret = preg_match('/(CVE\-\d{4}\-\d{4}|S\d\-\d{3})/', $ref, $match); + + if (count($match)) { + $id = $match[1]; + } + } elseif (strpos($ref, 'CERT') !== false) { + $x ++; + $type = 'US-CERT'; + $match = array(); + + if (strpos($url, 'techalerts') !== false) { + $ret = preg_match('/(TA\d{2}\-\d{3}\s).html/', $url, $match); + } elseif (strpos($url, 'vuls') !== false) { + $ret = preg_match('/([^\/]+)$/', $url, $match); + } + + if (count($match)) { + $id = $match[1]; + } + } elseif (strpos($ref, 'Cisco') !== false) { + $x ++; + $type = 'Cisco'; + $ret = preg_match('/([^\/]+)(\.s?html)$/', $url, $match); + + if (count($match) > 0) { + $id = $match[1]; + } else { + $ret = preg_match('/([^\/]+)$/', $url, $match); + if (count($match)) { + $id = $match[1]; + } + } + } elseif (strpos($ref, 'Citrix') !== false) { + $x ++; + $type = 'Citrix'; + $ret = preg_match('/([^\/]+)$/', $url, $match); + + if (count($match)) { + $id = $match[1]; + } + } elseif (strpos($ref, 'Debian') !== false) { + $x ++; + $type = 'Debian'; + $ret = preg_match('/([^\/]+)$/', $url, $match); + + if (count($match)) { + $id = $match[1]; + } + } elseif (strpos($ref, 'HP') !== false) { + $x ++; + $type = 'HP'; + $ret = preg_match('/(HPSB\S+\ SSRT\S+)[\ ?\)?]/', $ref, $match); + + if (count($match)) { + $id = $match[1]; + } else { + $ret = preg_match('/(HPSB\S+)[\ ?\)?]/', $ref, $match); + if (count($match)) { + $id = $match[1]; + } + } + } elseif (strpos($ref, 'IBM') !== false) { + $x ++; + $type = 'IBM'; + $ret = preg_match('/(\d{5,8})/', $ref, $match); + + if (count($match)) { + $id = $match[1]; + } else { + $ret = preg_match('/([^\=|\/]+)$/', $url, $match); + if (count($match)) { + $id = $match[1]; + } + } + } elseif (strpos($ref, 'Juniper') !== false) { + $x ++; + $type = 'Juniper'; + $ret = preg_match('/(PSN\-\d{4}\-\d{2}\-\d{3}|JSA\d{5})/', $url, $match); + + if (count($match)) { + $id = $match[1]; + } + } elseif (strpos($ref, 'Oracle') !== false) { + $x ++; + $type = 'Oracle'; + $url = basename($url); + $ret = preg_match('/([\S]+)\.html/', $url, $match); + + if (count($match)) { + $id = $match[1]; + } + } elseif (strpos($ref, 'McAfee') !== false) { + $x ++; + $type = 'McAfee'; + $query = parse_query($url); + + if (count($match)) { + $id = isset($query['id']) ? $query['id'] : ''; + } + } elseif (strpos($ref, 'Red Hat') !== false) { + $x ++; + $type = 'Red Hat'; + $ret = preg_match('/([^\/]+)\.html/', $url, $match); + + if (count($match)) { + $id = $match[1]; + } + } elseif (strpos($ref, 'Secunia') !== false) { + $x ++; + $type = 'Secunia'; + $ret = preg_match('/([^\/]+)\/([^\/]+)\/?$/', $url, $match); + + if (count($match)) { + if ($match[2] == 'advisory') { + $id = $match[1]; + } elseif (is_numeric($match[1]) && count($match[2]) == 1) { + $id = $match[1]; + } else { + $id = $match[2]; + } + } + } elseif (strpos($url, 'securitytracker') !== false) { + $x ++; + $type = 'Security Tracker'; + $ret = preg_match('/([^\/]+)\.html$/', $url, $match); + + if (count($match)) { + $id = $match[1]; + } + } elseif (strpos($ref, 'SecurityFocus') !== false) { + $x ++; + $type = 'SecurityFocus'; + $ret = preg_match('/([^\/]+)\/?$/', $url, $match); + + if (count($match)) { + if ($match[1] != 'info') { + $id = $match[1]; + } else { + $ret = preg_match('/([^\/]+)\/info/', $url, $match); + $id = $match[1]; + } + } + } elseif (strpos($ref, 'Sun') !== false) { + $x ++; + $type = 'Sun'; + $query = parse_query($url); + + $id = isset($query['assetkey']) ? $query['assetkey'] : ''; + + if (! $id) { + $ret = preg_match('/([^\/]+)$/', parse_url($url, PHP_URL_PATH), $match); + $id = $match[1]; + } + } elseif (strpos($ref, 'Symantec') !== false) { + $x ++; + $type = 'Symantec'; + $ret = preg_match('/(\d{5}|SYM\d{2}\-\d{3})/', $ref, $match); + + if (count($match)) { + $id = $match[1]; + } + } elseif (strpos($url, 'ZDI') !== false) { + $x ++; + $type = 'ZDI'; + $ret = preg_match('/([^\/]+)(\.html|\/)$/', $url, $match); + + if (count($match)) { + $id = $match[1]; + } + } elseif (strpos($ref, 'Wireshark') !== false) { + $x ++; + $type = 'Wireshark'; + $ret = preg_match('/([^\/]+)\.html$/', $url, $match); + + if (count($match)) { + $id = $match[1]; + } + } } - } - private function getElementById($doc, $id) { - $xpath = new DOMXPath($doc); - return $xpath->query("//*[@id='$id']") - ->item(0); - } + /** + * + * @param string $in + * @return multitype:Ambigous <> + */ + public function parse_query($in) + { + /** + * Use this function to parse out the query array element from + * the output of parse_url(). + */ + $query_string = substr($in, strpos($in, '?') + 1); + $query_arr = explode('&', $query_string); + $arr = array(); + foreach ($query_arr as $val) { + $x = explode('=', $val); + $arr[$x[0]] = isset($x[1]) ? $x[1] : ''; + } + unset($val, $x, $var); + return $arr; + } + + /** + * Function for fixing a DISA OVAL file + */ + public function fix_Oval() + { + chdir("../tmp"); + $files = glob("*-oval.xml"); + $ret = ''; + $db = new db(); + + foreach ($files as $file) { + $xml = new DOMDocument(); + if (! $xml->load($file)) { + error_log("error reading xml file"); + } + $xml->formatOutput = true; + $xml->preserveWhiteSpace = true; + $const_arr = null; + + $variables = $xml->getElementsByTagName("variables")->item(0); + $first_node = $variables->firstChild; + while ($node = $xml->getElementsByTagName("external_variable")->item(0)) { + $id = $node->getAttribute("id"); + $id = explode(':', $id)[3]; + + $comment = $node->getAttribute("comment"); + $ver = $node->getAttribute("version"); + $datatype = $node->getAttribute("datatype"); + + $tmp = $db->get_Oval_Const($id); + $const_arr[$tmp['const_id']]['values'] = $tmp['values']; + $const_arr[$tmp['const_id']]['ver'] = $ver; + $const_arr[$tmp['const_id']]['datatype'] = $datatype; + $const_arr[$tmp['const_id']]['comment'] = $comment; + + $var_com = $xml->createElement('variable_component'); + $var_com->setAttribute('var_ref', "oval:smc.gpea.windows:var:" . $tmp['const_id']); + + $loc_var = $xml->createElement('local_variable'); + $loc_var->setAttribute('id', "oval:mil.disa.fso.windows:var:" . $id); + $loc_var->setAttribute('version', $ver); + $loc_var->setAttribute('datatype', $datatype); + $loc_var->setAttribute('comment', $comment); + $loc_var->appendChild($var_com); + + $variables->replaceChild($loc_var, $node); + } + + foreach ($const_arr as $key => $value) { + $const_var = $xml->createElement('constant_variable'); + $const_var->setAttribute('id', 'oval:smc.gpea.windows:var:' . $key); + $const_var->setAttribute('version', $const_arr[$key]['ver']); + $const_var->setAttribute('datatype', $const_arr[$key]['datatype']); + $const_var->setAttribute('comment', $const_arr[$key]['comment']); + + foreach ($value['values'] as $val) { + $txt = $xml->createTextNode($val); + $val_var = $xml->createElement("value"); + $val_var->appendChild($txt); + + $const_var->appendChild($val_var); + } + + $variables->appendChild($const_var); + } + + rename($file, "oval\\$file"); + return $xml->saveXML(); + } + } + + private function getElementById($doc, $id) + { + $xpath = new DOMXPath($doc); + return $xpath->query("//*[@id='$id']")->item(0); + } } diff --git a/db_schema.json b/db_schema.json index f87b9f5..63119fe 100644 --- a/db_schema.json +++ b/db_schema.json @@ -1,6469 +1,6215 @@ { - "tables" : [ - { - "schema" : "sagacity", - "name" : "settings", - "primary_key" : [ - "id" - ], - "unique" : [ - "meta_key" - ], - "fields" : [ - { - "name" : "id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : true, - "nn" : true, - "default" : "" - }, - { - "name" : "meta_key", - "dataType" : "varchar(100)", - "type" : 253, - "length" : 100, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "meta_value", - "dataType" : "mediumtext", - "type" : 250, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "db_data", - "dataType" : "text", - "type" : 252, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - } - ] - }, - { - "schema" : "sagacity", - "name" : "sw_man_match", - "primary_key" : [ - "id" - ], - "fields" : [ - { - "name" : "id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : true, - "nn" : false, - "default" : "" - }, - { - "name" : "man", - "dataType" : "varchar(45)", - "type" : 253, - "length" : 45, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "type", - "dataType" : "enum", - "type" : 247, - "length" : null, - "values" : [ - "ms-os", - "nix-os", - "net-os", - "ms", - "nix", - "checklist", - "multiple" - ], - "ai" : false, - "nn" : true, - "default" : "multiple" - }, - { - "name" : "rgx", - "dataType" : "text", - "type" : 252, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - } - ] - }, - { - "schema" : "sagacity", - "name" : "sw_name_match", - "primary_key" : [ - "id" - ], - "fields" : [ - { - "name" : "id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : true, - "nn" : false, - "default" : "" - }, - { - "name" : "man_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "man_override", - "dataType" : "varchar(45)", - "type" : 253, - "length" : 45, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "name", - "dataType" : "varchar(45)", - "type" : 253, - "length" : 45, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "type", - "dataType" : "enum", - "type" : 247, - "length" : null, - "values" : [ - "ms-os", - "nix-os", - "net-os", - "ms", - "nix", - "checklist", - "multiple" - ], - "ai" : false, - "nn" : true, - "default" : "multiple" - }, - { - "name" : "rgx", - "dataType" : "text", - "type" : 252, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "name_match", - "dataType" : "varchar(15)", - "type" : 253, - "length" : 15, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "ver_match", - "dataType" : "varchar(15)", - "type" : 253, - "length" : 15, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "ver", - "dataType" : "varchar(15)", - "type" : 253, - "length" : 15, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "update_match", - "dataType" : "varchar(15)", - "type" : 253, - "length" : 15, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "is_os", - "dataType" : "tinyint(1)", - "type" : 1, - "length" : 1, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : "0" - }, - { - "name" : "multiple", - "dataType" : "tinyint(1)", - "type" : 1, - "length" : 1, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : "0" - } - ], - "constraints" : [ - { - "id" : "swnm_swmm_id", - "local" : "man_id", - "schema" : "sagacity", - "table" : "sw_man_match", - "field" : "id", - "update" : null, - "delete" : null - } - ] - }, - { - "schema" : "sagacity", - "name" : "catalog_scripts", - "primary_key" : [ - "file_name" - ], - "fields" : [ - { - "name" : "file_name", - "dataType" : "varchar(255)", - "type" : 253, - "length" : 255, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "pid", - "dataType" : "int(5)", - "type" : 3, - "length" : 5, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : "" - }, - { - "name" : "start_time", - "dataType" : "datetime", - "type" : 12, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : "" - }, - { - "name" : "last_update", - "dataType" : "datetime", - "type" : 12, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : "" - }, - { - "name" : "status", - "dataType" : "enum", - "type" : 247, - "length" : null, - "values" : [ - "IN QUEUE", - "RUNNING", - "COMPLETE", - "ERROR", - "SKIPPED" - ], - "ai" : false, - "nn" : true, - "default" : "IN QUEUE" - }, - { - "name" : "perc_comp", - "dataType" : "decimal(5,2)", - "type" : 0, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "stig_count", - "dataType" : "int(4)", - "type" : 3, - "length" : 4, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : "0" - } - ], - "index" : [ - { - "id" : "catalog_file_name_idx", - "type" : "index", - "ref" : "file_name" - } - ] - }, - { - "schema" : "rmf", - "name" : "family", - "primary_key" : [ - "abbr" - ], - "fields" : [ - { - "name" : "abbr", - "dataType" : "varchar(4)", - "type" : 253, - "length" : 4, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "name", - "dataType" : "varchar(64)", - "type" : 253, - "length" : 64, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - } - ] - }, - { - "schema" : "rmf", - "name" : "controls", - "primary_key" : [ - "family_id", - "control_id" - ], - "fields" : [ - { - "name" : "family_id", - "dataType" : "varchar(4)", - "type" : 253, - "length" : 4, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "control_id", - "dataType" : "varchar(6)", - "type" : 253, - "length" : 6, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "name", - "dataType" : "varchar(6)", - "type" : 253, - "length" : 6, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "pri", - "dataType" : "tinyint(1)", - "type" : 1, - "length" : 1, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "statement", - "dataType" : "text", - "type" : 252, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "guidance", - "dataType" : "text", - "type" : 252, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - } - ], - "constraints" : [ - { - "id" : "rmf_family_family_id", - "local" : "family_id", - "schema" : "rmf", - "table" : "family", - "field" : "abbr", - "update" : null, - "delete" : null - } - ], - "index" : [ - { - "id" : "rmf_controls_control_id_idx", - "type" : "index", - "ref" : "control_id" - } - ] - }, - { - "schema" : "rmf", - "name" : "related_controls", - "primary_key" : [ - "control_id", - "related_control_id" - ], - "fields" : [ - { - "name" : "control_id", - "dataType" : "varchar(6)", - "type" : 253, - "length" : 64, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "related_control_id", - "dataType" : "varchar(6)", - "type" : 253, - "length" : 64, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - } - ], - "constraints" : [ - { - "id" : "rmf_related_controls_control_id", - "local" : "control_id", - "schema" : "rmf", - "table" : "controls", - "field" : "control_id", - "update" : null, - "delete" : null - }, - { - "id" : "rmf_related_controls_related_id", - "local" : "related_control_id", - "schema" : "rmf", - "table" : "controls", - "field" : "control_id", - "update" : null, - "delete" : null - } - ], - "index" : [ - { - "id" : "rmf_related_controls_related_id_idx", - "type" : "index", - "ref" : "related_control_id" - } - ] - }, - { - "schema" : "rmf", - "name" : "control_baseline", - "primary_key" : [ - "impact_level", - "control_id" - ], - "fields" : [ - { - "name" : "impact_level", - "dataType" : "enum", - "type" : 247, - "length" : null, - "values" : [ - "low", - "moderate", - "high" - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "control_id", - "dataType" : "varchar(6)", - "type" : 253, - "length" : 6, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - } - ], - "constraints" : [ - { - "id" : "rmf_control_baseline_control_id", - "local" : "control_id", - "schema" : "rmf", - "table" : "controls", - "field" : "control_id", - "update" : null, - "delete" : null - } - ], - "index" : [ - { - "id" : "rmf_control_baseline_control_id_idx", - "type" : "index", - "ref" : "control_id" - } - ] - }, - { - "schema" : "rmf", - "name" : "control_enh", - "primary_key" : [ - "control_id", - "enh_id" - ], - "fields" : [ - { - "name" : "control_id", - "dataType" : "varchar(6)", - "type" : 253, - "length" : 6, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "enh_id", - "dataType" : "varchar(4)", - "type" : 253, - "length" : 4, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "name", - "dataType" : "varchar(100)", - "type" : 253, - "length" : 100, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "desc", - "dataType" : "text", - "type" : 252, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "guidance", - "dataType" : "text", - "type" : 252, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - } - ], - "constraints" : [ - { - "id" : "rmf_control_enh_control_id", - "local" : "control_id", - "schema" : "rmf", - "table" : "controls", - "field" : "control_id", - "update" : null, - "delete" : null - } - ], - "index" : [ - { - "id" : "rmf_control_enh_enh_id_idx", - "type" : "index", - "ref" : "enh_id" - } - ] - }, - { - "schema" : "rmf", - "name" : "enhancement_baseline", - "primary_key" : [ - "impact", - "control_id", - "enh_id" - ], - "fields" : [ - { - "name" : "impact", - "dataType" : "enum", - "type" : 247, - "length" : null, - "values" : [ - "low", - "moderate", - "high" - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "control_id", - "dataType" : "varchar(6)", - "type" : 253, - "length" : 6, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "enh_id", - "dataType" : "varchar(4)", - "type" : 253, - "length" : 4, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - } - ], - "constraints" : [ - { - "id" : "rmf_enh_baseline_control_id", - "local" : "control_id", - "schema" : "rmf", - "table" : "controls", - "field" : "control_id", - "update" : null, - "delete" : null - }, - { - "id" : "rmf_eny_baseline_enh_id", - "local" : "enh_id", - "schema" : "rmf", - "table" : "control_enh", - "field" : "enh_id", - "update" : null, - "delete" : null - } - ], - "index" : [ - { - "id" : "rmf_enh_baseline_enh_id_idx", - "type" : "index", - "ref" : "enh_id" - }, - { - "id" : "rmf_enh_baseline_control_id_idx", - "type" : "index", - "ref" : "control_id" - } - ] - }, - { - "schema" : "rmf", - "name" : "cci", - "primary_key" : [ - "id" - ], - "fields" : [ - { - "name" : "id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "control_id", - "dataType" : "varchar(6)", - "type" : 253, - "length" : 6, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "enh_id", - "dataType" : "varchar(4)", - "type" : 253, - "length" : 4, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "def", - "dataType" : "text", - "type" : 252, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "guidance", - "dataType" : "text", - "type" : 252, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "procedures", - "dataType" : "text", - "type" : 252, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - } - ], - "constraints" : [ - { - "id" : "fk_cci_controls1", - "local" : "control_id", - "schema" : "rmf", - "table" : "controls", - "field" : "control_id", - "update" : null, - "delete" : null - }, - { - "id" : "fk_cci_control_enh1", - "local" : "enh_id", - "schema" : "rmf", - "table" : "control_enh", - "field" : "enh_id", - "update" : null, - "delete" : null - } - ], - "index" : [ - { - "id" : "fk_cci_controls1_idx", - "type" : "index", - "ref" : "control_id" - }, - { - "id" : "fk_cci_control_enh1_idx", - "type" : "index", - "ref" : "enh_id" - } - ] - }, - { - "schema" : "rmf", - "name" : "emass_cci", - "primary_key" : [ - "id" - ], - "fields" : [ - { - "name" : "id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "control", - "dataType" : "varchar(25)", - "type" : 253, - "length" : 25, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - } - ] - }, - { - "schema" : "sagacity", - "name" : "help", - "primary_key" : [ - "section" - ], - "fields" : [ - { - "name" : "section", - "dataType" : "varchar(10)", - "type" : 253, - "length" : 10, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "topic", - "dataType" : "varchar(100)", - "type" : 253, - "length" : 100, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "title", - "dataType" : "varchar(100)", - "type" : 253, - "length" : 100, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "content", - "dataType" : "mediumtext", - "type" : 250, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - } - ], - "index" : [ - { - "id" : "section_id", - "type" : "index", - "ref" : "section" - } - ] - }, - { - "schema" : "sagacity", - "name" : "pdi_catalog", - "primary_key" : [ - "id" - ], - "fields" : [ - { - "name" : "id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : true, - "nn" : true, - "default" : "" - }, - { - "name" : "cat", - "dataType" : "enum", - "type" : 247, - "length" : null, - "values" : [ - "1", - "2", - "3" - ], - "ai" : false, - "nn" : true, - "default" : "2" - }, - { - "name" : "update", - "dataType" : "datetime", - "type" : 12, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : "" - }, - { - "name" : "short_title", - "dataType" : "varchar(1024)", - "type" : 253, - "length" : 1024, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "check_contents", - "dataType" : "text", - "type" : 252, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - } - ] - }, - { - "schema" : "sagacity", - "name" : "sites", - "primary_key" : [ - "id" - ], - "fields" : [ - { - "name" : "id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : true, - "nn" : true, - "default" : "" - }, - { - "name" : "name", - "dataType" : "varchar(45)", - "type" : 253, - "length" : 45, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "address", - "dataType" : "varchar(45)", - "type" : 253, - "length" : 45, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "city", - "dataType" : "varchar(45)", - "type" : 253, - "length" : 45, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "state", - "dataType" : "varchar(5)", - "type" : 253, - "length" : 5, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "zip", - "dataType" : "int(5)", - "type" : 3, - "length" : 5, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "country", - "dataType" : "varchar(5)", - "type" : 253, - "length" : 5, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "US" - }, - { - "name" : "poc_name", - "dataType" : "varchar(45)", - "type" : 253, - "length" : 45, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "poc_email", - "dataType" : "varchar(64)", - "type" : 253, - "length" : 64, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "poc_phone", - "dataType" : "varchar(15)", - "type" : 253, - "length" : 15, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - } - ] - }, - { - "schema" : "sagacity", - "name" : "system", - "primary_key" : [ - "id" - ], - "fields" : [ - { - "name" : "id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : true, - "nn" : true, - "default" : "" - }, - { - "name" : "name", - "dataType" : "varchar(45)", - "type" : 253, - "length" : 45, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "abbr", - "dataType" : "varchar(20)", - "type" : 253, - "length" : 20, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "mac", - "dataType" : "enum", - "type" : 247, - "length" : null, - "values" : [ - "1", - "2", - "3" - ], - "ai" : false, - "nn" : true, - "default" : "3" - }, - { - "name" : "classification", - "dataType" : "enum", - "type" : 247, - "length" : null, - "values" : [ - "Unclass", - "FOUO", - "C", - "S", - "TS", - "SCI", - "Public", - "Classified", - "Sensitive" - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "acred_type", - "dataType" : "enum", - "type" : 247, - "length" : null, - "values" : [ - "diacap", - "rmf", - "pci", - "nispom", - "hipaa", - "sox", - "cobit" - ], - "ai" : false, - "nn" : false, - "default" : "diacap" - }, - { - "name" : "mitigations", - "dataType" : "mediumtext", - "type" : 250, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "description", - "dataType" : "mediumtext", - "type" : 250, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "executive_summary", - "dataType" : "mediumtext", - "type" : 250, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "diagram", - "dataType" : "mediumblob", - "type" : 250, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - } - ] - }, - { - "schema" : "sagacity", - "name" : "software", - "primary_key" : [ - "id" - ], - "fields" : [ - { - "name" : "id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : true, - "nn" : true, - "default" : "" - }, - { - "name" : "cpe", - "dataType" : "varchar(255)", - "type" : 253, - "length" : 255, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "cpe23", - "dataType" : "varchar(255)", - "type" : 253, - "length" : 255, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "sw_string", - "dataType" : "varchar(255)", - "type" : 253, - "length" : 255, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "short_sw_string", - "dataType" : "varchar(64)", - "type" : 253, - "length" : 64, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - } - ] - }, - { - "schema" : "sagacity", - "name" : "sources", - "primary_key" : [ - "id" - ], - "fields" : [ - { - "name" : "id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : true, - "nn" : true, - "default" : "" - }, - { - "name" : "name", - "dataType" : "varchar(20)", - "type" : 253, - "length" : 20, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "icon", - "dataType" : "varchar(64)", - "type" : 253, - "length" : 64, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - } - ] - }, - { - "schema" : "sagacity", - "name" : "false_positives", - "primary_key" : [ - "pdi_id", - "src_id" - ], - "fields" : [ - { - "name" : "pdi_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "src_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "notes", - "dataType" : "text", - "type" : 252, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - } - ], - "constraints" : [ - { - "id" : "fp_pdi_id", - "local" : "pdi_id", - "schema" : "sagacity", - "table" : "pdi_catalog", - "field" : "id", - "update" : null, - "delete" : null - }, - { - "id" : "fp_src_id", - "local" : "src_id", - "schema" : "sagacity", - "table" : "sources", - "field" : "id", - "update" : null, - "delete" : null - } - ] - }, - { - "schema" : "sagacity", - "name" : "exceptions", - "primary_key" : [ - "pdi_id", - "sys_id" - ], - "fields" : [ - { - "name" : "pdi_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "sys_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "notes", - "dataType" : "text", - "type" : 252, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - } - ], - "constraints" : [ - { - "id" : "exp_pdi_id", - "local" : "pdi_id", - "schema" : "sagacity", - "table" : "pdi_catalog", - "field" : "id", - "update" : null, - "delete" : null - }, - { - "id" : "exp_sys_id", - "local" : "sys_id", - "schema" : "sagacity", - "table" : "system", - "field" : "id", - "update" : null, - "delete" : null - } - ] - }, - { - "schema" : "sagacity", - "name" : "task_status", - "primary_key" : [ - "id" - ], - "fields" : [ - { - "name" : "id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : true, - "nn" : true, - "default" : "" - }, - { - "name" : "status", - "dataType" : "varchar(20)", - "type" : 253, - "length" : 20, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - } - ] - }, - { - "schema" : "sagacity", - "name" : "category", - "primary_key" : [ - "id" - ], - "fields" : [ - { - "name" : "id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : true, - "nn" : true, - "default" : "" - }, - { - "name" : "name", - "dataType" : "varchar(45)", - "type" : 253, - "length" : 45, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - } - ] - }, - { - "schema" : "sagacity", - "name" : "findings_status", - "primary_key" : [ - "id" - ], - "fields" : [ - { - "name" : "id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : true, - "nn" : true, - "default" : "" - }, - { - "name" : "status", - "dataType" : "varchar(20)", - "type" : 253, - "length" : 20, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - } - ] - }, - { - "schema" : "sagacity", - "name" : "ports_proto_services", - "primary_key" : [ - "id" - ], - "fields" : [ - { - "name" : "id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : true, - "nn" : true, - "default" : "" - }, - { - "name" : "port", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "proto", - "dataType" : "enum", - "type" : 247, - "length" : null, - "values" : [ - "tcp", - "udp", - "dccp", - "sctp" - ], - "ai" : false, - "nn" : true, - "default" : "tcp" - }, - { - "name" : "IANA_Name", - "dataType" : "varchar(45)", - "type" : 253, - "length" : 45, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "description", - "dataType" : "varchar(500)", - "type" : 253, - "length" : 500, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "banner", - "dataType" : "varchar(500)", - "type" : 253, - "length" : 500, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "notes", - "dataType" : "varchar(500)", - "type" : 253, - "length" : 500, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - } - ] - }, - { - "schema" : "sagacity", - "name" : "proc_ia_controls", - "primary_key" : [ - "control_id" - ], - "fields" : [ - { - "name" : "control_id", - "dataType" : "varchar(10)", - "type" : 253, - "length" : 10, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "name", - "dataType" : "varchar(100)", - "type" : 253, - "length" : 100, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "subject_area", - "dataType" : "varchar(50)", - "type" : 253, - "length" : 50, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "description", - "dataType" : "varchar(255)", - "type" : 253, - "length" : 255, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "threat_vul_cm", - "dataType" : "varchar(255)", - "type" : 253, - "length" : 255, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "gen_imp_guide", - "dataType" : "text", - "type" : 252, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "impact", - "dataType" : "enum", - "type" : 247, - "length" : null, - "values" : [ - "low", - "medium", - "high" - ], - "ai" : false, - "nn" : false, - "default" : "medium" - } - ] - }, - { - "schema" : "sagacity", - "name" : "proc_ia_sub_controls", - "primary_key" : [ - "sub_control_id" - ], - "fields" : [ - { - "name" : "sub_control_id", - "dataType" : "varchar(10)", - "type" : 253, - "length" : 10, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "parent_control_id", - "dataType" : "varchar(10)", - "type" : 253, - "length" : 10, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "name", - "dataType" : "varchar(100)", - "type" : 253, - "length" : 100, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "objective", - "dataType" : "varchar(255)", - "type" : 253, - "length" : 255, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "prep", - "dataType" : "text", - "type" : 252, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "script", - "dataType" : "text", - "type" : 252, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "exp_result", - "dataType" : "text", - "type" : 252, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - } - ], - "constraints" : [ - { - "id" : "parent_cont_id", - "local" : "parent_control_id", - "schema" : "sagacity", - "table" : "proc_ia_controls", - "field" : "control_id", - "update" : null, - "delete" : null - } - ], - "index" : [ - { - "id" : "parent_cont_id_idx", - "type" : "index", - "ref" : "parent_control_id" - } - ] - }, - { - "schema" : "sagacity", - "name" : "proc_level_type", - "primary_key" : [ - "proc_control_id", - "type", - "level", - "class" - ], - "fields" : [ - { - "name" : "proc_control_id", - "dataType" : "varchar(10)", - "type" : 253, - "length" : 10, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "type", - "dataType" : "enum", - "type" : 247, - "length" : null, - "values" : [ - "diacap", - "rmf" - ], - "ai" : false, - "nn" : true, - "default" : "diacap" - }, - { - "name" : "level", - "dataType" : "tinyint(1)", - "type" : 1, - "length" : 1, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : null - }, - { - "name" : "class", - "dataType" : "enum", - "type" : 247, - "length" : null, - "values" : [ - "cl", - "pub", - "sen", - "u", - "fouo", - "s", - "ts", - "sci" - ], - "ai" : false, - "nn" : true, - "default" : null - } - ], - "constraints" : [ - { - "id" : "proc_control_id", - "local" : "proc_control_id", - "schema" : "sagacity", - "table" : "proc_ia_controls", - "field" : "control_id", - "update" : null, - "delete" : null - } - ] - }, - { - "schema" : "sagacity", - "name" : "checklist", - "primary_key" : [ - "id" - ], - "fields" : [ - { - "name" : "id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : true, - "nn" : true, - "default" : "" - }, - { - "name" : "checklist_id", - "dataType" : "varchar(255)", - "type" : 253, - "length" : 255, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "name", - "dataType" : "varchar(255)", - "type" : 253, - "length" : 255, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "description", - "dataType" : "text", - "type" : 252, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "date", - "dataType" : "date", - "type" : 14, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "file_name", - "dataType" : "varchar(255)", - "type" : 253, - "length" : 255, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "ver", - "dataType" : "tinyint(3)", - "type" : 1, - "length" : 3, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "release", - "dataType" : "varchar(5)", - "type" : 253, - "length" : 5, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "type", - "dataType" : "enum", - "type" : 247, - "length" : null, - "values" : [ - "benchmark", - "manual", - "policy", - "iavm" - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "icon", - "dataType" : "varchar(45)", - "type" : 253, - "length" : 45, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - } - ] - }, - { - "schema" : "sagacity", - "name" : "checklist_software_lookup", - "primary_key" : [ - "chk_id", - "sw_id" - ], - "fields" : [ - { - "name" : "chk_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "sw_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - } - ], - "constraints" : [ - { - "id" : "chk_sw_lu_chk_id", - "local" : "chk_id", - "schema" : "sagacity", - "table" : "checklist", - "field" : "id", - "update" : null, - "delete" : null - }, - { - "id" : "chk_sw_lu_sw_id", - "local" : "sw_id", - "schema" : "sagacity", - "table" : "software", - "field" : "id", - "update" : null, - "delete" : null - } - ], - "index" : [ - { - "id" : "chk_sw_lu_chk_id_idx", - "type" : "index", - "ref" : "chk_id" - }, - { - "id" : "chk_sw_lu_sw_id_idx", - "type" : "index", - "ref" : "sw_id" - } - ] - }, - { - "schema" : "sagacity", - "name" : "pdi_checklist_lookup", - "primary_key" : [ - "pdi_id", - "checklist_id" - ], - "fields" : [ - { - "name" : "pdi_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "checklist_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "group_title", - "dataType" : "varchar(2048)", - "type" : 253, - "length" : 2048, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "short_title", - "dataType" : "varchar(1024)", - "type" : 253, - "length" : 1024, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "check_contents", - "dataType" : "mediumtext", - "type" : 250, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "fix_text", - "dataType" : "text", - "type" : 252, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "tweak_data", - "dataType" : "mediumtext", - "type" : 250, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - } - ], - "constraints" : [ - { - "id" : "pdi_chk_chk_id", - "local" : "checklist_id", - "schema" : "sagacity", - "table" : "checklist", - "field" : "id", - "update" : null, - "delete" : null - }, - { - "id" : "pdi_pdi_id", - "local" : "pdi_id", - "schema" : "sagacity", - "table" : "pdi_catalog", - "field" : "id", - "update" : null, - "delete" : null - } - ], - "index" : [ - { - "id" : "pdi_chk_chk_id_idx", - "type" : "index", - "ref" : "checklist_id" - }, - { - "id" : "pdi_pdi_id_idx", - "type" : "index", - "ref" : "pdi_id" - } - ] - }, - { - "schema" : "sagacity", - "name" : "advisories", - "primary_key" : [ - "advisory_id", - "pdi_id" - ], - "fields" : [ - { - "name" : "pdi_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "advisory_id", - "dataType" : "varchar(255)", - "type" : 253, - "length" : 255, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "title", - "dataType" : "varchar(255)", - "type" : 253, - "length" : 255, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "impact", - "dataType" : "varchar(64)", - "type" : 253, - "length" : 64, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "type", - "dataType" : "varchar(45)", - "type" : 253, - "length" : 45, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "referece", - "dataType" : "varchar(255)", - "type" : 253, - "length" : 255, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "url", - "dataType" : "varchar(255)", - "type" : 253, - "length" : 255, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - } - ], - "constraints" : [ - { - "id" : "ad_pdi_id", - "local" : "pdi_id", - "schema" : "sagacity", - "table" : "pdi_catalog", - "field" : "id", - "update" : null, - "delete" : null - } - ], - "index" : [ - { - "id" : "ad_pdi_id_idx", - "type" : "index", - "ref" : "pdi_id" - } - ] - }, - { - "schema" : "sagacity", - "name" : "cce", - "primary_key" : [ - "pdi_id", - "cce_id" - ], - "fields" : [ - { - "name" : "pdi_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "cce_id", - "dataType" : "varchar(45)", - "type" : 253, - "length" : 45, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - } - ], - "constraints" : [ - { - "id" : "cce_pdi_id", - "local" : "pdi_id", - "schema" : "sagacity", - "table" : "pdi_catalog", - "field" : "id", - "update" : null, - "delete" : null - } - ], - "index" : [ - { - "id" : "cce_pdi_id_idx", - "type" : "index", - "ref" : "pdi_id" - } - ] - }, - { - "schema" : "sagacity", - "name" : "cci", - "primary_key" : [ - "cci_id" - ], - "fields" : [ - { - "name" : "cci_id", - "dataType" : "varchar(20)", - "type" : 253, - "length" : 20, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "type", - "dataType" : "enum", - "type" : 247, - "length" : null, - "values" : [ - "policy", - "technical" - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "definition", - "dataType" : "varchar(500)", - "type" : 253, - "length" : 500, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "param", - "dataType" : "varchar(100)", - "type" : 253, - "length" : 100, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "note", - "dataType" : "text", - "type" : 252, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - } - ], - "index" : [ - { - "id" : "cci_id_idx", - "type" : "index", - "ref" : "cci_id" - } - ] - }, - { - "schema" : "sagacity", - "name" : "cci_refs", - "primary_key" : [ - "cci_id", - "title" - ], - "fields" : [ - { - "name" : "cci_id", - "dataType" : "varchar(20)", - "type" : 253, - "length" : 20, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "title", - "dataType" : "varchar(20)", - "type" : 253, - "length" : 20, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : null - }, - { - "name" : "ver", - "dataType" : "tinyint(2)", - "type" : 1, - "length" : 2, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "url", - "dataType" : "varchar(255)", - "type" : 253, - "length" : 255, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "index", - "dataType" : "varchar(40)", - "type" : 253, - "length" : 40, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - } - ], - "constraints" : [ - { - "id" : "cci_refs_cci_id", - "local" : "cci_id", - "schema" : "sagacity", - "table" : "cci", - "field" : "cci_id", - "update" : null, - "delete" : null - } - ], - "index" : [ - { - "id" : "cci_refs_cci_id_idx", - "type" : "index", - "ref" : "cci_id" - }, - { - "id" : "cci_refs_title_idx", - "type" : "index", - "ref" : "title" - } - ] - }, - { - "schema" : "sagacity", - "name" : "cve_db", - "primary_key" : [ - "cve_id" - ], - "fields" : [ - { - "name" : "cve_id", - "dataType" : "varchar(20)", - "type" : 253, - "length" : 20, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "seq", - "dataType" : "varchar(20)", - "type" : 253, - "length" : 20, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "status", - "dataType" : "varchar(20)", - "type" : 253, - "length" : 20, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "phase", - "dataType" : "varchar(20)", - "type" : 253, - "length" : 20, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "phase_date", - "dataType" : "date", - "type" : 14, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "desc", - "dataType" : "varchar(255)", - "type" : 253, - "length" : 255, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "cvss", - "dataType" : "decimal(4,2)", - "type" : 0, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - } - ], - "index" : [ - { - "id" : "cve_idx", - "type" : "index", - "ref" : "cve_id" - } - ] - }, - { - "schema" : "sagacity", - "name" : "cve_references", - "primary_key" : [ - "id" - ], - "fields" : [ - { - "name" : "id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : true, - "nn" : true, - "default" : "" - }, - { - "name" : "cve_seq", - "dataType" : "varchar(20)", - "type" : 253, - "length" : 20, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "source", - "dataType" : "varchar(45)", - "type" : 253, - "length" : 45, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "url", - "dataType" : "varchar(255)", - "type" : 253, - "length" : 255, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "val", - "dataType" : "varchar(255)", - "type" : 253, - "length" : 255, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - } - ], - "constraints" : [ - { - "id" : "cve_cve_ref_id", - "local" : "cve_seq", - "schema" : "sagacity", - "table" : "cve_db", - "field" : "cve_id", - "update" : null, - "delete" : null - } - ], - "index" : [ - { - "id" : "cve_ref_idx", - "type" : "index", - "ref" : "cve_seq" - } - ] - }, - { - "schema" : "sagacity", - "name" : "cve", - "primary_key" : [ - "pdi_id", - "cve_id" - ], - "fields" : [ - { - "name" : "pdi_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "cve_id", - "dataType" : "varchar(20)", - "type" : 253, - "length" : 20, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - } - ], - "constraints" : [ - { - "id" : "cve_pdi_id", - "local" : "pdi_id", - "schema" : "sagacity", - "table" : "pdi_catalog", - "field" : "id", - "update" : null, - "delete" : null - }, - { - "id" : "cve_cve_id", - "local" : "cve_id", - "schema" : "sagacity", - "table" : "cve_db", - "field" : "cve_id", - "update" : null, - "delete" : null - } - ] - }, - { - "schema" : "sagacity", - "name" : "cve_web", - "primary_key" : ["cve_id"], - "fields" : [ - { - "name" : "cve_id", - "dataType" : "varchar(20)", - "type" : 253, - "length" : 20, - "values" : [], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "xml", - "dataType" : "mediumtext", - "type" : 250, - "length" : null, - "values" : [], - "ai" : false, - "nn" : false, - "default" : null - } - ], - "constraints" : [ - { - "id" : "cve_web_cve_id", - "local" : "cve_id", - "schema" : "sagacity", - "table" : "cve_db", - "field" : "cve_id", - "update" : null, - "delete" : null - } - ] - }, - { - "schema" : "sagacity", - "name" : "golddisk", - "primary_key" : [ - "pdi_id", - "vms_id" - ], - "fields" : [ - { - "name" : "pdi_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "vms_id", - "dataType" : "varchar(20)", - "type" : 253, - "length" : 20, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "short_title", - "dataType" : "varchar(64)", - "type" : 253, - "length" : 64, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - } - ], - "constraints" : [ - { - "id" : "gd_pdi_id", - "local" : "pdi_id", - "schema" : "sagacity", - "table" : "pdi_catalog", - "field" : "id", - "update" : null, - "delete" : null - } - ], - "index" : [ - { - "id" : "gd_pdi_id_idx", - "type" : "index", - "ref" : "pdi_id" - } - ] - }, - { - "schema" : "sagacity", - "name" : "ia_controls", - "primary_key" : [ - "pdi_id", - "type", - "type_id" - ], - "fields" : [ - { - "name" : "pdi_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "type", - "dataType" : "varchar(5)", - "type" : 253, - "length" : 5, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "type_id", - "dataType" : "varchar(8)", - "type" : 253, - "length" : 8, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - } - ], - "constraints" : [ - { - "id" : "ia_pdi_id", - "local" : "pdi_id", - "schema" : "sagacity", - "table" : "pdi_catalog", - "field" : "id", - "update" : null, - "delete" : null - } - ], - "index" : [ - { - "id" : "ia_pdi_id_idx", - "type" : "index", - "ref" : "pdi_id" - } - ] - }, - { - "schema" : "sagacity", - "name" : "iavm_notices", - "primary_key" : [ - "noticeId" - ], - "fields" : [ - { - "name" : "noticeId", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "pdi_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "xmlUrl", - "dataType" : "varchar(255)", - "type" : 253, - "length" : 255, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "htmlUrl", - "dataType" : "varchar(255)", - "type" : 253, - "length" : 255, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "file_name", - "dataType" : "varchar(255)", - "type" : 253, - "length" : 255, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "iavmNoticeNumber", - "dataType" : "varchar(20)", - "type" : 253, - "length" : 20, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "title", - "dataType" : "varchar(255)", - "type" : 253, - "length" : 255, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "type", - "dataType" : "varchar(5)", - "type" : 253, - "length" : 5, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "state", - "dataType" : "varchar(45)", - "type" : 253, - "length" : 45, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "lastUpdated", - "dataType" : "date", - "type" : 14, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "releaseDate", - "dataType" : "date", - "type" : 14, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "supersedes", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "executiveSummary", - "dataType" : "text", - "type" : 252, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "fixAction", - "dataType" : "text", - "type" : 252, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "note", - "dataType" : "text", - "type" : 252, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "vulnAppsSysAndCntrmsrs", - "dataType" : "text", - "type" : 252, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "stigFindingSeverity", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "knownExploits", - "dataType" : "varchar(45)", - "type" : 253, - "length" : 45, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - } - ], - "constraints" : [ - { - "id" : "iavm_pdi_id", - "local" : "pdi_id", - "schema" : "sagacity", - "table" : "pdi_catalog", - "field" : "id", - "update" : null, - "delete" : null - } - ], - "index" : [ - { - "id" : "iavm_pdi_id_idx", - "type" : "index", - "ref" : "pdi_id" - } - ] - }, - { - "schema" : "sagacity", - "name" : "iavm_bids", - "primary_key" : [ - "id" - ], - "fields" : [ - { - "name" : "id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : true, - "nn" : true, - "default" : "" - }, - { - "name" : "iavm_notice_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "bid", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - } - ], - "constraints" : [ - { - "id" : "bids_iavm_id", - "local" : "iavm_notice_id", - "schema" : "sagacity", - "table" : "iavm_notices", - "field" : "noticeId", - "update" : null, - "delete" : null - } - ], - "index" : [ - { - "id" : "bids_iavm_id_idx", - "type" : "index", - "ref" : "iavm_notice_id" - } - ] - }, - { - "schema" : "sagacity", - "name" : "iavm_mitigations", - "primary_key" : [ - "id" - ], - "fields" : [ - { - "name" : "id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : true, - "nn" : true, - "default" : "" - }, - { - "name" : "iavm_notice_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "header", - "dataType" : "text", - "type" : 252, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "body", - "dataType" : "text", - "type" : 252, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - } - ], - "constraints" : [ - { - "id" : "mit_iavm_id", - "local" : "iavm_notice_id", - "schema" : "sagacity", - "table" : "iavm_notices", - "field" : "noticeId", - "update" : null, - "delete" : null - } - ], - "index" : [ - { - "id" : "mit_iavm_id_idx", - "type" : "index", - "ref" : "iavm_notice_id" - } - ] - }, - { - "schema" : "sagacity", - "name" : "iavm_patches", - "primary_key" : [ - "id" - ], - "fields" : [ - { - "name" : "id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : true, - "nn" : true, - "default" : "" - }, - { - "name" : "iavm_notice_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "type", - "dataType" : "varchar(45)", - "type" : 253, - "length" : 45, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "title", - "dataType" : "varchar(255)", - "type" : 253, - "length" : 255, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "url", - "dataType" : "varchar(255)", - "type" : 253, - "length" : 255, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - } - ], - "constraints" : [ - { - "id" : "patches_iavm_id", - "local" : "iavm_notice_id", - "schema" : "sagacity", - "table" : "iavm_notices", - "field" : "noticeId", - "update" : null, - "delete" : null - } - ], - "index" : [ - { - "id" : "patches_iavm_id_idx", - "type" : "index", - "ref" : "iavm_notice_id" - } - ] - }, - { - "schema" : "sagacity", - "name" : "iavm_references", - "primary_key" : [ - "id" - ], - "fields" : [ - { - "name" : "id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : true, - "nn" : true, - "default" : "" - }, - { - "name" : "iavm_notice_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "title", - "dataType" : "varchar(255)", - "type" : 253, - "length" : 255, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "url", - "dataType" : "varchar(255)", - "type" : 253, - "length" : 255, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - } - ], - "constraints" : [ - { - "id" : "ref_iavm_id", - "local" : "iavm_notice_id", - "schema" : "sagacity", - "table" : "iavm_notices", - "field" : "noticeId", - "update" : null, - "delete" : null - } - ], - "index" : [ - { - "id" : "ref_iavm_id_idx", - "type" : "index", - "ref" : "iavm_notice_id" - } - ] - }, - { - "schema" : "sagacity", - "name" : "iavm_tech_overview", - "primary_key" : [ - "id" - ], - "fields" : [ - { - "name" : "id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : true, - "nn" : true, - "default" : "" - }, - { - "name" : "iavm_notice_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "details", - "dataType" : "text", - "type" : 252, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - } - ], - "constraints" : [ - { - "id" : "iavm_ovw_iavm_id", - "local" : "iavm_notice_id", - "schema" : "sagacity", - "table" : "iavm_notices", - "field" : "noticeId", - "update" : null, - "delete" : null - } - ], - "index" : [ - { - "id" : "iavm_ovw_iavm_id_idx", - "type" : "index", - "ref" : "iavm_notice_id" - } - ] - }, - { - "schema" : "sagacity", - "name" : "iavm_to_cve", - "primary_key" : [ - "noticeId", - "cve_id" - ], - "fields" : [ - { - "name" : "noticeId", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "cve_id", - "dataType" : "varchar(45)", - "type" : 253, - "length" : 45, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - } - ], - "constraints" : [ - { - "id" : "cve_lookup_id", - "local" : "cve_id", - "schema" : "sagacity", - "table" : "cve_db", - "field" : "cve_id", - "update" : null, - "delete" : null - }, - { - "id" : "iavm_lookup_id", - "local" : "noticeId", - "schema" : "sagacity", - "table" : "iavm_notices", - "field" : "noticeId", - "update" : null, - "delete" : null - } - ], - "index" : [ - { - "id" : "cve_lookup_id_idx", - "type" : "index", - "ref" : "cve_id" - } - ] - }, - { - "schema" : "sagacity", - "name" : "nessus_plugins", - "primary_key" : [ - "plugin_id" - ], - "fields" : [ - { - "name" : "plugin_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "oid", - "dataType" : "varchar(45)", - "type" : 253, - "length" : 45, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "name", - "dataType" : "varchar(255)", - "type" : 253, - "length" : 255, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "copyright", - "dataType" : "varchar(255)", - "type" : 253, - "length" : 255, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "version", - "dataType" : "varchar(45)", - "type" : 253, - "length" : 45, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "file_name", - "dataType" : "varchar(100)", - "type" : 253, - "length" : 100, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "file_date", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - } - ] - }, - { - "schema" : "sagacity", - "name" : "nessus_meta", - "primary_key" : [ - "meta_id" - ], - "fields" : [ - { - "name" : "meta_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : true, - "nn" : true, - "default" : "" - }, - { - "name" : "plugin_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "type", - "dataType" : "varchar(45)", - "type" : 253, - "length" : 45, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "val", - "dataType" : "mediumtext", - "type" : 250, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - } - ], - "constraints" : [ - { - "id" : "nessus_plugin_id", - "local" : "plugin_id", - "schema" : "sagacity", - "table" : "nessus_plugins", - "field" : "plugin_id", - "update" : null, - "delete" : null - } - ], - "index" : [ - { - "id" : "nessus_plugin_id_idx", - "type" : "index", - "ref" : "plugin_id" - } - ] - }, - { - "schema" : "sagacity", - "name" : "nessus", - "primary_key" : [ - "pdi_id", - "nessus_id" - ], - "fields" : [ - { - "name" : "pdi_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "nessus_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - } - ], - "constraints" : [ - { - "id" : "nessus_pdi_id", - "local" : "pdi_id", - "schema" : "sagacity", - "table" : "pdi_catalog", - "field" : "id", - "update" : null, - "delete" : null - }, - { - "id" : "nessus_n_id", - "local" : "nessus_id", - "schema" : "sagacity", - "table" : "nessus_plugins", - "field" : "plugin_id", - "update" : null, - "delete" : null - } - ], - "index" : [ - { - "id" : "nessus_pdi_id_idx", - "type" : "index", - "ref" : "pdi_id" - }, - { - "id" : "nessus_n_id_idx", - "type" : "index", - "ref" : "nessus_id" - } - ] - }, - { - "schema" : "sagacity", - "name" : "ov_convert", - "primary_key" : [ - "pdi_id", - "const_id", - "value" - ], - "fields" : [ - { - "name" : "pdi_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "const_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "value", - "dataType" : "varchar(255)", - "type" : 253, - "length" : 255, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - } - ], - "constraints" : [ - { - "id" : "ov_pdi_id", - "local" : "pdi_id", - "schema" : "sagacity", - "table" : "pdi_catalog", - "field" : "id", - "update" : null, - "delete" : null - } - ], - "index" : [ - { - "id" : "ov_con_pdi_id_idx", - "type" : "index", - "ref" : "pdi_id" - } - ] - }, - { - "schema" : "sagacity", - "name" : "oval", - "primary_key" : [ - "pdi_id", - "oval_id" - ], - "fields" : [ - { - "name" : "pdi_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "oval_id", - "dataType" : "varchar(255)", - "type" : 253, - "length" : 255, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "title", - "dataType" : "varchar(100)", - "type" : 253, - "length" : 100, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "desc", - "dataType" : "varchar(255)", - "type" : 253, - "length" : 255, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "platform", - "dataType" : "varchar(100)", - "type" : 253, - "length" : 100, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "ext_def", - "dataType" : "varchar(100)", - "type" : 253, - "length" : 100, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "ext_def_op", - "dataType" : "varchar(10)", - "type" : 253, - "length" : 10, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - } - ], - "constraints" : [ - { - "id" : "oval_pdi_id", - "local" : "pdi_id", - "schema" : "sagacity", - "table" : "pdi_catalog", - "field" : "id", - "update" : null, - "delete" : null - } - ], - "index" : [ - { - "id" : "oval_pdi_id_idx", - "type" : "index", - "ref" : "pdi_id" - } - ] - }, - { - "schema" : "sagacity", - "name" : "oval_ref", - "primary_key" : [ - "oval_id", - "source" - ], - "fields" : [ - { - "name" : "oval_id", - "dataType" : "varchar(255)", - "type" : 253, - "length" : 255, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "source", - "dataType" : "varchar(20)", - "type" : 253, - "length" : 20, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "url", - "dataType" : "varchar(255)", - "type" : 253, - "length" : 255, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "ref_id", - "dataType" : "varchar(100)", - "type" : 253, - "length" : 100, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - } - ] - }, - { - "schema" : "sagacity", - "name" : "stigs", - "primary_key" : [ - "pdi_id", - "stig_id" - ], - "fields" : [ - { - "name" : "pdi_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "stig_id", - "dataType" : "varchar(45)", - "type" : 253, - "length" : 45, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "description", - "dataType" : "varchar(1000)", - "type" : 253, - "length" : 1000, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "tweak_data", - "dataType" : "mediumtext", - "type" : 250, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - } - ], - "constraints" : [ - { - "id" : "stigs_pdi_id", - "local" : "pdi_id", - "schema" : "sagacity", - "table" : "pdi_catalog", - "field" : "id", - "update" : null, - "delete" : null - } - ], - "index" : [ - { - "id" : "stigs_pdi_id_idx", - "type" : "index", - "ref" : "pdi_id" - } - ] - }, - { - "schema" : "sagacity", - "name" : "sv_rule", - "primary_key" : [ - "pdi_id", - "sv_rule" - ], - "fields" : [ - { - "name" : "pdi_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "sv_rule", - "dataType" : "varchar(45)", - "type" : 253, - "length" : 45, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - } - ], - "constraints" : [ - { - "id" : "sv_pdi_id", - "local" : "pdi_id", - "schema" : "sagacity", - "table" : "pdi_catalog", - "field" : "id", - "update" : null, - "delete" : null - } - ], - "index" : [ - { - "id" : "sv_pdi_id_idx", - "type" : "index", - "ref" : "pdi_id" - } - ] - }, - { - "schema" : "sagacity", - "name" : "people", - "primary_key" : [ - "id" - ], - "fields" : [ - { - "name" : "id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : true, - "nn" : true, - "default" : "" - }, - { - "name" : "org", - "dataType" : "varchar(45)", - "type" : 253, - "length" : 45, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "name", - "dataType" : "varchar(60)", - "type" : 253, - "length" : 60, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "phone", - "dataType" : "varchar(15)", - "type" : 253, - "length" : 15, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - } - ] - }, - { - "schema" : "sagacity", - "name" : "ste", - "primary_key" : [ - "id" - ], - "fields" : [ - { - "name" : "id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : true, - "nn" : true, - "default" : "" - }, - { - "name" : "system_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "site_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "eval_start", - "dataType" : "datetime", - "type" : 12, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : "" - }, - { - "name" : "eval_end", - "dataType" : "datetime", - "type" : 12, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : "" - }, - { - "name" : "multiple", - "dataType" : "tinyint(1)", - "type" : 1, - "length" : 1, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : "0" - }, - { - "name" : "primary", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : "0" - }, - { - "name" : "scope", - "dataType" : "mediumtext", - "type" : 250, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "ao", - "dataType" : "varchar(45)", - "type" : 253, - "length" : 45, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "assumptions", - "dataType" : "mediumtext", - "type" : 250, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "constraints", - "dataType" : "mediumtext", - "type" : 250, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "recommendations", - "dataType" : "mediumtext", - "type" : 250, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "residual_risk", - "dataType" : "mediumtext", - "type" : 250, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "risk_status", - "dataType" : "enum", - "type" : 247, - "length" : null, - "values" : [ - "very low", - "low", - "medium", - "high", - "very high" - ], - "ai" : false, - "nn" : false, - "default" : "medium" - }, - { - "name" : "deviations", - "dataType" : "mediumtext", - "type" : 250, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "conclusion", - "dataType" : "mediumtext", - "type" : 250, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - } - ], - "constraints" : [ - { - "id" : "ste_sys_id", - "local" : "system_id", - "schema" : "sagacity", - "table" : "system", - "field" : "id", - "update" : null, - "delete" : null - }, - { - "id" : "ste_site_id", - "local" : "site_id", - "schema" : "sagacity", - "table" : "sites", - "field" : "id", - "update" : null, - "delete" : null - } - ], - "index" : [ - { - "id" : "ste_sys_id_idx", - "type" : "index", - "ref" : "system_id" - }, - { - "id" : "ste_site_id_idx", - "type" : "index", - "ref" : "site_id" - } - ] - }, - { - "schema" : "sagacity", - "name" : "ste_team", - "primary_key" : [ - "people_id", - "ste_id" - ], - "fields" : [ - { - "name" : "people_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "ste_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "pos", - "dataType" : "varchar(60)", - "type" : 253, - "length" : 60, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - } - ], - "constraints" : [ - { - "id" : "ste_team_people_id", - "local" : "people_id", - "schema" : "sagacity", - "table" : "people", - "field" : "id", - "update" : null, - "delete" : null - }, - { - "id" : "ste_team_ste_id", - "local" : "ste_id", - "schema" : "sagacity", - "table" : "ste", - "field" : "id", - "update" : null, - "delete" : null - } - ] - }, - { - "schema" : "sagacity", - "name" : "ste_cat", - "primary_key" : [ - "id" - ], - "fields" : [ - { - "name" : "id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : true, - "nn" : true, - "default" : "" - }, - { - "name" : "ste_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "name", - "dataType" : "varchar(45)", - "type" : 253, - "length" : 45, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "analysts", - "dataType" : "varchar(20)", - "type" : 253, - "length" : 20, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - } - ], - "constraints" : [ - { - "id" : "ste_cat_ste_id", - "local" : "ste_id", - "schema" : "sagacity", - "table" : "ste", - "field" : "id", - "update" : null, - "delete" : null - } - ], - "index" : [ - { - "id" : "ste_cat_ste_id_idx", - "type" : "index", - "ref" : "ste_id" - } - ] - }, - { - "schema" : "sagacity", - "name" : "ste_cat_sources", - "primary_key" : [ - "cat_id", - "src_id" - ], - "fields" : [ - { - "name" : "cat_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "src_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - } - ], - "constraints" : [ - { - "id" : "ste_cat_cat_id", - "local" : "cat_id", - "schema" : "sagacity", - "table" : "ste_cat", - "field" : "id", - "update" : null, - "delete" : null - }, - { - "id" : "ste_cat_src_id", - "local" : "src_id", - "schema" : "sagacity", - "table" : "sources", - "field" : "id", - "update" : null, - "delete" : null - } - ] - }, - { - "schema" : "sagacity", - "name" : "interview_questions", - "primary_key" : [ - "id" - ], - "fields" : [ - { - "name" : "id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : true, - "nn" : true, - "default" : "" - }, - { - "name" : "cat", - "dataType" : "varchar(64)", - "type" : 253, - "length" : 64, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "key", - "dataType" : "varchar(20)", - "type" : 253, - "length" : 20, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "question", - "dataType" : "text", - "type" : 252, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - } - ] - }, - { - "schema" : "sagacity", - "name" : "category_interview", - "primary_key" : [ - "cat_id", - "ques_id" - ], - "fields" : [ - { - "name" : "cat_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "ques_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "answer", - "dataType" : "tinyint(1)", - "type" : 1, - "length" : 1, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - } - ], - "constraints" : [ - { - "id" : "cat_int_cat_id", - "local" : "cat_id", - "schema" : "sagacity", - "table" : "ste_cat", - "field" : "id", - "update" : null, - "delete" : null - }, - { - "id" : "cat_int_ques_id", - "local" : "ques_id", - "schema" : "sagacity", - "table" : "interview_questions", - "field" : "id", - "update" : null, - "delete" : null - } - ], - "index" : [ - { - "id" : "cat_int_ques_id_idx", - "type" : "index", - "ref" : "ques_id" - } - ] - }, - { - "schema" : "sagacity", - "name" : "scans", - "primary_key" : [ - "id" - ], - "fields" : [ - { - "name" : "id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : true, - "nn" : true, - "default" : "" - }, - { - "name" : "src_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "ste_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "pid", - "dataType" : "int(5)", - "type" : 3, - "length" : 5, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "itr", - "dataType" : "int(5)", - "type" : 3, - "length" : 5, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "file_name", - "dataType" : "varchar(150)", - "type" : 253, - "length" : 150, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "file_date", - "dataType" : "date", - "type" : 14, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "start_time", - "dataType" : "datetime", - "type" : 12, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : "" - }, - { - "name" : "last_update", - "dataType" : "datetime", - "type" : 12, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : "" - }, - { - "name" : "status", - "dataType" : "enum", - "type" : 247, - "length" : null, - "values" : [ - "IN QUEUE", - "RUNNING", - "COMPLETE", - "ERROR", - "TERMINATED" - ], - "ai" : false, - "nn" : true, - "default" : "IN QUEUE" - }, - { - "name" : "perc_comp", - "dataType" : "decimal(5,2)", - "type" : 0, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "last_host", - "dataType" : "varchar(64)", - "type" : 253, - "length" : 64, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "hosts_comp", - "dataType" : "int(5)", - "type" : 3, - "length" : 5, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : "0" - }, - { - "name" : "host_count", - "dataType" : "int(5)", - "type" : 3, - "length" : 5, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "notes", - "dataType" : "text", - "type" : 252, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "location", - "dataType" : "varchar(45)", - "type" : 253, - "length" : 45, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - } - ], - "constraints" : [ - { - "id" : "scan_src_id", - "local" : "src_id", - "schema" : "sagacity", - "table" : "sources", - "field" : "id", - "update" : null, - "delete" : null - }, - { - "id" : "scan_ste_id", - "local" : "ste_id", - "schema" : "sagacity", - "table" : "ste", - "field" : "id", - "update" : null, - "delete" : null - } - ], - "index" : [ - { - "id" : "scan_src_id_idx", - "type" : "index", - "ref" : "src_id" - }, - { - "id" : "scan_ste_id_idx", - "type" : "index", - "ref" : "ste_id" - } - ] - }, - { - "schema" : "sagacity", - "name" : "target", - "primary_key" : [ - "ste_id", - "name" - ], - "unique" : [ - "id" - ], - "fields" : [ - { - "name" : "id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : "" - }, - { - "name" : "cat_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "os_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "ste_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "auto_status_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "man_status_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "data_status_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "fp_cat1_status_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "name", - "dataType" : "varchar(64)", - "type" : 253, - "length" : 64, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "location", - "dataType" : "varchar(45)", - "type" : 253, - "length" : 45, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "source", - "dataType" : "varchar(20)", - "type" : 253, - "length" : 20, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "cat_1", - "dataType" : "int(5)", - "type" : 3, - "length" : 5, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : "0" - }, - { - "name" : "cat_2", - "dataType" : "int(5)", - "type" : 3, - "length" : 5, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : "0" - }, - { - "name" : "cat_3", - "dataType" : "int(5)", - "type" : 3, - "length" : 5, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : "0" - }, - { - "name" : "closed", - "dataType" : "int(5)", - "type" : 3, - "length" : 5, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : "0" - }, - { - "name" : "not_applicable", - "dataType" : "int(5)", - "type" : 3, - "length" : 5, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : "0" - }, - { - "name" : "not_reviewed", - "dataType" : "int(5)", - "type" : 3, - "length" : 5, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : 0 - }, - { - "name" : "compliance", - "dataType" : "tinyint(3)", - "type" : 1, - "length" : 3, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : "0" - }, - { - "name" : "assessed", - "dataType" : "tinyint(3)", - "type" : 1, - "length" : 3, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : "0" - }, - { - "name" : "notes", - "dataType" : "mediumtext", - "type" : 250, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "missing_patches", - "dataType" : "mediumtext", - "type" : 250, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "os_string", - "dataType" : "varchar(255)", - "type" : 253, - "length" : 255, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "pp_flag", - "dataType" : "tinyint(1)", - "type" : 1, - "length" : 1, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : "1" - }, - { - "name" : "pp_off", - "dataType" : "tinyint(1)", - "type" : 1, - "length" : 1, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : "0" - }, - { - "name" : "class", - "dataType" : "enum", - "type" : 247, - "length" : null, - "values" : [ - "U", - "FOUO", - "S" - ], - "ai" : false, - "nn" : false, - "default" : "U" - } - ], - "constraints" : [ - { - "id" : "t_cat_id", - "local" : "cat_id", - "schema" : "sagacity", - "table" : "ste_cat", - "field" : "id", - "update" : null, - "delete" : null - }, - { - "id" : "t_os_id", - "local" : "os_id", - "schema" : "sagacity", - "table" : "software", - "field" : "id", - "update" : null, - "delete" : null - }, - { - "id" : "t_ste_id", - "local" : "ste_id", - "schema" : "sagacity", - "table" : "ste", - "field" : "id", - "update" : null, - "delete" : null - }, - { - "id" : "t_auto_id", - "local" : "auto_status_id", - "schema" : "sagacity", - "table" : "task_status", - "field" : "id", - "update" : null, - "delete" : null - }, - { - "id" : "t_man_id", - "local" : "man_status_id", - "schema" : "sagacity", - "table" : "task_status", - "field" : "id", - "update" : null, - "delete" : null - }, - { - "id" : "t_data_id", - "local" : "data_status_id", - "schema" : "sagacity", - "table" : "task_status", - "field" : "id", - "update" : null, - "delete" : null - }, - { - "id" : "t_fp_cat1_id", - "local" : "fp_cat1_status_id", - "schema" : "sagacity", - "table" : "task_status", - "field" : "id", - "update" : null, - "delete" : null - } - ], - "index" : [ - { - "id" : "t_id_idx", - "type" : "index", - "ref" : "id" - }, - { - "id" : "t_name_idx", - "type" : "index", - "ref" : "name" - }, - { - "id" : "t_cat_id_idx", - "type" : "index", - "ref" : "cat_id" - }, - { - "id" : "t_os_id_idx", - "type" : "index", - "ref" : "os_id" - }, - { - "id" : "t_ste_id_idx", - "type" : "index", - "ref" : "ste_id" - }, - { - "id" : "t_auto_id_idx", - "type" : "index", - "ref" : "auto_status_id" - }, - { - "id" : "t_man_id_idx", - "type" : "index", - "ref" : "man_status_id" - }, - { - "id" : "t_data_status_id_idx", - "type" : "index", - "ref" : "data_status_id" - }, - { - "id" : "t_fp_cat1_id_idx", - "type" : "index", - "ref" : "fp_cat1_status_id" - } - ], - "triggers" : [ - "DROP TRIGGER IF EXISTS `sagacity`.`target_BEFORE_INSERT`", - "CREATE DEFINER=`web`@`{host}` TRIGGER `sagacity`.`target_BEFORE_INSERT` BEFORE INSERT ON `target` FOR EACH ROW", - "BEGIN", - "SELECT MAX(`id`) INTO @newid", - "FROM `sagacity`.`target`;", - "SET NEW.`id` = COALESCE(@newid + 1, 1);", - "END" - ] - }, - { - "schema" : "sagacity", - "name" : "target_net_meta", - "primary_key" : [ - "tgt_id" - ], - "fields" : [ - { - "name" : "tgt_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "netstat_connections", - "dataType" : "mediumtext", - "type" : 250, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "shares", - "dataType" : "mediumtext", - "type" : 250, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "routes", - "dataType" : "mediumtext", - "type" : 250, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "firewall_config", - "dataType" : "mediumtext", - "type" : 250, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - } - ], - "constraints" : [ - { - "id" : "tnm_tgt_id", - "local" : "tgt_id", - "schema" : "sagacity", - "table" : "target", - "field" : "id", - "update" : null, - "delete" : null - } - ] - }, - { - "schema" : "sagacity", - "name" : "target_user_meta", - "primary_key" : [ - "tgt_id" - ], - "fields" : [ - { - "name" : "tgt_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "login", - "dataType" : "varchar(100)", - "type" : 253, - "length" : 100, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "user_list", - "dataType" : "mediumtext", - "type" : 250, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "last_login", - "dataType" : "varchar(255)", - "type" : 253, - "length" : 255, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "disabled_accts", - "dataType" : "mediumtext", - "type" : 250, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "stag_pwds", - "dataType" : "mediumtext", - "type" : 250, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "never_logged_in", - "dataType" : "mediumtext", - "type" : 250, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "pwd_never_expires", - "dataType" : "mediumtext", - "type" : 250, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - } - ], - "constraints" : [ - { - "id" : "tum_tgt_id", - "local" : "tgt_id", - "schema" : "sagacity", - "table" : "target", - "field" : "id", - "update" : null, - "delete" : null - } - ] - }, - { - "schema" : "sagacity", - "name" : "target_sys_meta", - "primary_key" : [ - "tgt_id" - ], - "fields" : [ - { - "name" : "tgt_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "mounted", - "dataType" : "mediumtext", - "type" : 250, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "process_list", - "dataType" : "mediumtext", - "type" : 250, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "autorun", - "dataType" : "mediumtext", - "type" : 250, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "services", - "dataType" : "mediumtext", - "type" : 250, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "last_boot", - "dataType" : "datetime", - "type" : 12, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : "" - }, - { - "name" : "remote_registry", - "dataType" : "mediumtext", - "type" : 250, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "copyrighted", - "dataType" : "mediumtext", - "type" : 250, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "is_vm", - "dataType" : "tinyint(1)", - "type" : 1, - "length" : 1, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : "0" - }, - { - "name" : "system", - "dataType" : "mediumtext", - "type" : 250, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "bios", - "dataType" : "mediumtext", - "type" : 250, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "wmi_listening_pid", - "dataType" : "int(5)", - "type" : 3, - "length" : 5, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : "0" - } - ], - "constraints" : [ - { - "id" : "tsm_tgt_id", - "local" : "tgt_id", - "schema" : "sagacity", - "table" : "target", - "field" : "id", - "update" : null, - "delete" : null - } - ] - }, - { - "schema" : "sagacity", - "name" : "interfaces", - "primary_key" : [ - "id" - ], - "fields" : [ - { - "name" : "id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : true, - "nn" : true, - "default" : "" - }, - { - "name" : "tgt_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "name", - "dataType" : "varchar(100)", - "type" : 253, - "length" : 100, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "ipv4", - "dataType" : "varchar(150)", - "type" : 253, - "length" : 150, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "ipv6", - "dataType" : "varchar(400)", - "type" : 253, - "length" : 400, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "hostname", - "dataType" : "varchar(45)", - "type" : 253, - "length" : 45, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "mac", - "dataType" : "varchar(40)", - "type" : 253, - "length" : 40, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : "" - }, - { - "name" : "fqdn", - "dataType" : "varchar(100)", - "type" : 253, - "length" : 100, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "description", - "dataType" : "varchar(255)", - "type" : 253, - "length" : 255, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "dns", - "dataType" : "varchar(60)", - "type" : 253, - "length" : 60, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - } - ], - "constraints" : [ - { - "id" : "int_tgt_id", - "local" : "tgt_id", - "schema" : "sagacity", - "table" : "target", - "field" : "id", - "update" : null, - "delete" : null - } - ] - }, - { - "schema" : "sagacity", - "name" : "target_checklist", - "primary_key" : [ - "tgt_id", - "chk_id" - ], - "fields" : [ - { - "name" : "tgt_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "chk_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "class", - "dataType" : "enum", - "type" : 247, - "length" : null, - "values" : [ - "U", - "FOUO", - "S", - "TS", - "SCI" - ], - "ai" : false, - "nn" : false, - "default" : "U" - } - ], - "constraints" : [ - { - "id" : "chk_tgt_chk_id", - "local" : "chk_id", - "schema" : "sagacity", - "table" : "checklist", - "field" : "id", - "update" : null, - "delete" : null - }, - { - "id" : "tgt_tgt_chk_id", - "local" : "tgt_id", - "schema" : "sagacity", - "table" : "target", - "field" : "id", - "update" : null, - "delete" : null - } - ] - }, - { - "schema" : "sagacity", - "name" : "target_software", - "primary_key" : [ - "tgt_id", - "sft_id" - ], - "fields" : [ - { - "name" : "tgt_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "sft_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "sw_string", - "dataType" : "varchar(255)", - "type" : 253, - "length" : 255, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - } - ], - "constraints" : [ - { - "id" : "sft_tgt_sft_id", - "local" : "sft_id", - "schema" : "sagacity", - "table" : "software", - "field" : "id", - "update" : null, - "delete" : null - }, - { - "id" : "tgt_tgt_sft_id", - "local" : "tgt_id", - "schema" : "sagacity", - "table" : "target", - "field" : "id", - "update" : null, - "delete" : null - } - ] - }, - { - "schema" : "sagacity", - "name" : "host_list", - "primary_key" : [ - "scan_id", - "tgt_id" - ], - "fields" : [ - { - "name" : "scan_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "tgt_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "finding_count", - "dataType" : "int(5)", - "type" : 3, - "length" : 5, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : "0" - }, - { - "name" : "scanner_error", - "dataType" : "tinyint(1)", - "type" : 1, - "length" : 1, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : "0" - }, - { - "name" : "notes", - "dataType" : "text", - "type" : 252, - "length" : "", - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : "" - } - ], - "constraints" : [ - { - "id" : "host_scan_id", - "local" : "scan_id", - "schema" : "sagacity", - "table" : "scans", - "field" : "id", - "update" : null, - "delete" : null - }, - { - "id" : "host_tgt_id", - "local" : "tgt_id", - "schema" : "sagacity", - "table" : "target", - "field" : "id", - "update" : null, - "delete" : null - } - ] - }, - { - "schema" : "sagacity", - "name" : "pps_list", - "primary_key" : [ - "int_id", - "pps_id" - ], - "fields" : [ - { - "name" : "int_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "pps_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "name", - "dataType" : "varchar(255)", - "type" : 253, - "length" : 255, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "banner", - "dataType" : "text", - "type" : 252, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "notes", - "dataType" : "text", - "type" : 252, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "listening", - "dataType" : "tinyint(1)", - "type" : 1, - "length" : 1, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : "0" - } - ], - "constraints" : [ - { - "id" : "pps_int_id", - "local" : "int_id", - "schema" : "sagacity", - "table" : "interfaces", - "field" : "id", - "update" : null, - "delete" : null - }, - { - "id" : "pps_pps_id", - "local" : "pps_id", - "schema" : "sagacity", - "table" : "ports_proto_services", - "field" : "id", - "update" : null, - "delete" : null - } - ] - }, - { - "schema" : "sagacity", - "name" : "findings", - "primary_key" : [ - "id" - ], - "fields" : [ - { - "name" : "id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : true, - "nn" : true, - "default" : "" - }, - { - "name" : "tgt_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "pdi_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "scan_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "findings_status_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "cat", - "dataType" : "int(1)", - "type" : 3, - "length" : 1, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "notes", - "dataType" : "text", - "type" : 252, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "change_id", - "dataType" : "tinyint(2)", - "type" : 1, - "length" : 2, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "orig_src", - "dataType" : "varchar(10)", - "type" : 253, - "length" : 10, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - }, - { - "name" : "finding_itr", - "dataType" : "int(5)", - "type" : 3, - "length" : 5, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : "1" - } - ], - "constraints" : [ - { - "id" : "find_pdi_id", - "local" : "pdi_id", - "schema" : "sagacity", - "table" : "pdi_catalog", - "field" : "id", - "update" : null, - "delete" : null - }, - { - "id" : "find_tgt_id", - "local" : "tgt_id", - "schema" : "sagacity", - "table" : "target", - "field" : "id", - "update" : null, - "delete" : null - }, - { - "id" : "find_scan_id", - "local" : "scan_id", - "schema" : "sagacity", - "table" : "scans", - "field" : "id", - "update" : null, - "delete" : null - }, - { - "id" : "find_status_id", - "local" : "findings_status_id", - "schema" : "sagacity", - "table" : "findings_status", - "field" : "id", - "update" : null, - "delete" : null - } - ] - }, - { - "schema" : "sagacity", - "name" : "finding_controls", - "primary_key" : [ - "finding_id", - "ia_control" - ], - "fields" : [ - { - "name" : "finding_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "ia_control", - "dataType" : "varchar(20)", - "type" : 253, - "length" : 20, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - } - ], - "constraints" : [ - { - "id" : "find_ctrl_id", - "local" : "finding_id", - "schema" : "sagacity", - "table" : "findings", - "field" : "id", - "update" : null, - "delete" : null - } - ] - }, - { - "schema" : "sagacity", - "name" : "search_filters", - "primary_key" : [ - "id" - ], - "fields" : [ - { - "name" : "id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : true, - "nn" : true, - "default" : "" - }, - { - "name" : "name", - "dataType" : "varchar(45)", - "type" : 253, - "length" : 45, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "type", - "dataType" : "enum", - "type" : 247, - "length" : null, - "values" : [ - "target", - "scan", - "finding", - "reference" - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "criteria", - "dataType" : "text", - "type" : 252, - "length" : null, - "values" : [ - ], - "ai" : false, - "nn" : false, - "default" : null - } - ] - }, - { - "schema" : "sagacity", - "name" : "cve_sw_lookup", - "primary_key" : [ - "cve_id", - "sw_id" - ], - "fields" : [ - { - "name" : "cve_id", - "dataType" : "varchar(20)", - "type" : 253, - "length" : 20, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - }, - { - "name" : "sw_id", - "dataType" : "int(11)", - "type" : 3, - "length" : 11, - "values" : [ - ], - "ai" : false, - "nn" : true, - "default" : "" - } - ] - } - ] + "tables": [ + { + "schema": "sagacity", + "name": "settings", + "primary_key": [ + "id" + ], + "unique": [ + "meta_key" + ], + "fields": [ + { + "name": "id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": true, + "nn": true, + "default": "" + }, + { + "name": "meta_key", + "dataType": "varchar(100)", + "type": 253, + "length": 100, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "meta_value", + "dataType": "mediumtext", + "type": 250, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "db_data", + "dataType": "text", + "type": 252, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + } + ] + }, + { + "schema": "sagacity", + "name": "sw_man_match", + "primary_key": [ + "id" + ], + "fields": [ + { + "name": "id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": true, + "nn": false, + "default": "" + }, + { + "name": "man", + "dataType": "varchar(45)", + "type": 253, + "length": 45, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "type", + "dataType": "enum", + "type": 247, + "length": null, + "values": [ + "ms-os", + "nix-os", + "net-os", + "ms", + "nix", + "checklist", + "multiple" + ], + "ai": false, + "nn": true, + "default": "multiple" + }, + { + "name": "rgx", + "dataType": "text", + "type": 252, + "length": null, + "values": [], + "ai": false, + "nn": true, + "default": "" + } + ] + }, + { + "schema": "sagacity", + "name": "sw_name_match", + "primary_key": [ + "id" + ], + "fields": [ + { + "name": "id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": true, + "nn": false, + "default": "" + }, + { + "name": "man_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "man_override", + "dataType": "varchar(45)", + "type": 253, + "length": 45, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "name", + "dataType": "varchar(45)", + "type": 253, + "length": 45, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "type", + "dataType": "enum", + "type": 247, + "length": null, + "values": [ + "ms-os", + "nix-os", + "net-os", + "ms", + "nix", + "checklist", + "multiple" + ], + "ai": false, + "nn": true, + "default": "multiple" + }, + { + "name": "rgx", + "dataType": "text", + "type": 252, + "length": null, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "name_match", + "dataType": "varchar(15)", + "type": 253, + "length": 15, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "ver_match", + "dataType": "varchar(15)", + "type": 253, + "length": 15, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "ver", + "dataType": "varchar(15)", + "type": 253, + "length": 15, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "update_match", + "dataType": "varchar(15)", + "type": 253, + "length": 15, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "is_os", + "dataType": "tinyint(1)", + "type": 1, + "length": 1, + "values": [], + "ai": false, + "nn": false, + "default": "0" + }, + { + "name": "multiple", + "dataType": "tinyint(1)", + "type": 1, + "length": 1, + "values": [], + "ai": false, + "nn": false, + "default": "0" + } + ], + "constraints": [ + { + "id": "swnm_swmm_id", + "local": "man_id", + "schema": "sagacity", + "table": "sw_man_match", + "field": "id", + "update": null, + "delete": null + } + ] + }, + { + "schema": "sagacity", + "name": "catalog_scripts", + "primary_key": [ + "file_name" + ], + "fields": [ + { + "name": "file_name", + "dataType": "varchar(255)", + "type": 253, + "length": 255, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "pid", + "dataType": "int(5)", + "type": 3, + "length": 5, + "values": [], + "ai": false, + "nn": false, + "default": "" + }, + { + "name": "start_time", + "dataType": "datetime", + "type": 12, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": "" + }, + { + "name": "last_update", + "dataType": "datetime", + "type": 12, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": "" + }, + { + "name": "status", + "dataType": "enum", + "type": 247, + "length": null, + "values": [ + "IN QUEUE", + "RUNNING", + "COMPLETE", + "ERROR", + "SKIPPED" + ], + "ai": false, + "nn": true, + "default": "IN QUEUE" + }, + { + "name": "perc_comp", + "dataType": "decimal(5,2)", + "type": 0, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "stig_count", + "dataType": "int(4)", + "type": 3, + "length": 4, + "values": [], + "ai": false, + "nn": false, + "default": "0" + } + ], + "index": [ + { + "id": "catalog_file_name_idx", + "type": "index", + "ref": "file_name" + } + ] + }, + { + "schema": "rmf", + "name": "family", + "primary_key": [ + "abbr" + ], + "fields": [ + { + "name": "abbr", + "dataType": "varchar(4)", + "type": 253, + "length": 4, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "name", + "dataType": "varchar(64)", + "type": 253, + "length": 64, + "values": [], + "ai": false, + "nn": false, + "default": null + } + ] + }, + { + "schema": "rmf", + "name": "controls", + "primary_key": [ + "family_id", + "control_id" + ], + "fields": [ + { + "name": "family_id", + "dataType": "varchar(4)", + "type": 253, + "length": 4, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "control_id", + "dataType": "varchar(6)", + "type": 253, + "length": 6, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "name", + "dataType": "varchar(6)", + "type": 253, + "length": 6, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "pri", + "dataType": "tinyint(1)", + "type": 1, + "length": 1, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "statement", + "dataType": "text", + "type": 252, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "guidance", + "dataType": "text", + "type": 252, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + } + ], + "constraints": [ + { + "id": "rmf_family_family_id", + "local": "family_id", + "schema": "rmf", + "table": "family", + "field": "abbr", + "update": null, + "delete": null + } + ], + "index": [ + { + "id": "rmf_controls_control_id_idx", + "type": "index", + "ref": "control_id" + } + ] + }, + { + "schema": "rmf", + "name": "related_controls", + "primary_key": [ + "control_id", + "related_control_id" + ], + "fields": [ + { + "name": "control_id", + "dataType": "varchar(6)", + "type": 253, + "length": 64, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "related_control_id", + "dataType": "varchar(6)", + "type": 253, + "length": 64, + "values": [], + "ai": false, + "nn": true, + "default": "" + } + ], + "constraints": [ + { + "id": "rmf_related_controls_control_id", + "local": "control_id", + "schema": "rmf", + "table": "controls", + "field": "control_id", + "update": null, + "delete": null + }, + { + "id": "rmf_related_controls_related_id", + "local": "related_control_id", + "schema": "rmf", + "table": "controls", + "field": "control_id", + "update": null, + "delete": null + } + ], + "index": [ + { + "id": "rmf_related_controls_related_id_idx", + "type": "index", + "ref": "related_control_id" + } + ] + }, + { + "schema": "rmf", + "name": "control_baseline", + "primary_key": [ + "impact_level", + "control_id" + ], + "fields": [ + { + "name": "impact_level", + "dataType": "enum", + "type": 247, + "length": null, + "values": [ + "low", + "moderate", + "high" + ], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "control_id", + "dataType": "varchar(6)", + "type": 253, + "length": 6, + "values": [], + "ai": false, + "nn": true, + "default": "" + } + ], + "constraints": [ + { + "id": "rmf_control_baseline_control_id", + "local": "control_id", + "schema": "rmf", + "table": "controls", + "field": "control_id", + "update": null, + "delete": null + } + ], + "index": [ + { + "id": "rmf_control_baseline_control_id_idx", + "type": "index", + "ref": "control_id" + } + ] + }, + { + "schema": "rmf", + "name": "control_enh", + "primary_key": [ + "control_id", + "enh_id" + ], + "fields": [ + { + "name": "control_id", + "dataType": "varchar(6)", + "type": 253, + "length": 6, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "enh_id", + "dataType": "varchar(4)", + "type": 253, + "length": 4, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "name", + "dataType": "varchar(100)", + "type": 253, + "length": 100, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "desc", + "dataType": "text", + "type": 252, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "guidance", + "dataType": "text", + "type": 252, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + } + ], + "constraints": [ + { + "id": "rmf_control_enh_control_id", + "local": "control_id", + "schema": "rmf", + "table": "controls", + "field": "control_id", + "update": null, + "delete": null + } + ], + "index": [ + { + "id": "rmf_control_enh_enh_id_idx", + "type": "index", + "ref": "enh_id" + } + ] + }, + { + "schema": "rmf", + "name": "enhancement_baseline", + "primary_key": [ + "impact", + "control_id", + "enh_id" + ], + "fields": [ + { + "name": "impact", + "dataType": "enum", + "type": 247, + "length": null, + "values": [ + "low", + "moderate", + "high" + ], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "control_id", + "dataType": "varchar(6)", + "type": 253, + "length": 6, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "enh_id", + "dataType": "varchar(4)", + "type": 253, + "length": 4, + "values": [], + "ai": false, + "nn": true, + "default": "" + } + ], + "constraints": [ + { + "id": "rmf_enh_baseline_control_id", + "local": "control_id", + "schema": "rmf", + "table": "controls", + "field": "control_id", + "update": null, + "delete": null + }, + { + "id": "rmf_eny_baseline_enh_id", + "local": "enh_id", + "schema": "rmf", + "table": "control_enh", + "field": "enh_id", + "update": null, + "delete": null + } + ], + "index": [ + { + "id": "rmf_enh_baseline_enh_id_idx", + "type": "index", + "ref": "enh_id" + }, + { + "id": "rmf_enh_baseline_control_id_idx", + "type": "index", + "ref": "control_id" + } + ] + }, + { + "schema": "rmf", + "name": "cci", + "primary_key": [ + "id" + ], + "fields": [ + { + "name": "id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "control_id", + "dataType": "varchar(6)", + "type": 253, + "length": 6, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "enh_id", + "dataType": "varchar(4)", + "type": 253, + "length": 4, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "def", + "dataType": "text", + "type": 252, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "guidance", + "dataType": "text", + "type": 252, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "procedures", + "dataType": "text", + "type": 252, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + } + ], + "constraints": [ + { + "id": "fk_cci_controls1", + "local": "control_id", + "schema": "rmf", + "table": "controls", + "field": "control_id", + "update": null, + "delete": null + }, + { + "id": "fk_cci_control_enh1", + "local": "enh_id", + "schema": "rmf", + "table": "control_enh", + "field": "enh_id", + "update": null, + "delete": null + } + ], + "index": [ + { + "id": "fk_cci_controls1_idx", + "type": "index", + "ref": "control_id" + }, + { + "id": "fk_cci_control_enh1_idx", + "type": "index", + "ref": "enh_id" + } + ] + }, + { + "schema": "rmf", + "name": "emass_cci", + "primary_key": [ + "id" + ], + "fields": [ + { + "name": "id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "control", + "dataType": "varchar(25)", + "type": 253, + "length": 25, + "values": [], + "ai": false, + "nn": true, + "default": "" + } + ] + }, + { + "schema": "sagacity", + "name": "help", + "primary_key": [ + "section" + ], + "fields": [ + { + "name": "section", + "dataType": "varchar(10)", + "type": 253, + "length": 10, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "topic", + "dataType": "varchar(100)", + "type": 253, + "length": 100, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "title", + "dataType": "varchar(100)", + "type": 253, + "length": 100, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "content", + "dataType": "mediumtext", + "type": 250, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + } + ], + "index": [ + { + "id": "section_id", + "type": "index", + "ref": "section" + } + ] + }, + { + "schema": "sagacity", + "name": "pdi_catalog", + "primary_key": [ + "id" + ], + "fields": [ + { + "name": "id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": true, + "nn": true, + "default": "" + }, + { + "name": "cat", + "dataType": "enum", + "type": 247, + "length": null, + "values": [ + "1", + "2", + "3" + ], + "ai": false, + "nn": true, + "default": "2" + }, + { + "name": "update", + "dataType": "datetime", + "type": 12, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": "" + }, + { + "name": "short_title", + "dataType": "varchar(1024)", + "type": 253, + "length": 1024, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "check_contents", + "dataType": "text", + "type": 252, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + } + ] + }, + { + "schema": "sagacity", + "name": "sites", + "primary_key": [ + "id" + ], + "fields": [ + { + "name": "id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": true, + "nn": true, + "default": "" + }, + { + "name": "name", + "dataType": "varchar(45)", + "type": 253, + "length": 45, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "address", + "dataType": "varchar(45)", + "type": 253, + "length": 45, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "city", + "dataType": "varchar(45)", + "type": 253, + "length": 45, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "state", + "dataType": "varchar(5)", + "type": 253, + "length": 5, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "zip", + "dataType": "int(5)", + "type": 3, + "length": 5, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "country", + "dataType": "varchar(5)", + "type": 253, + "length": 5, + "values": [], + "ai": false, + "nn": true, + "default": "US" + }, + { + "name": "poc_name", + "dataType": "varchar(45)", + "type": 253, + "length": 45, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "poc_email", + "dataType": "varchar(64)", + "type": 253, + "length": 64, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "poc_phone", + "dataType": "varchar(15)", + "type": 253, + "length": 15, + "values": [], + "ai": false, + "nn": true, + "default": "" + } + ] + }, + { + "schema": "sagacity", + "name": "system", + "primary_key": [ + "id" + ], + "fields": [ + { + "name": "id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": true, + "nn": true, + "default": "" + }, + { + "name": "name", + "dataType": "varchar(45)", + "type": 253, + "length": 45, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "abbr", + "dataType": "varchar(20)", + "type": 253, + "length": 20, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "mac", + "dataType": "enum", + "type": 247, + "length": null, + "values": [ + "1", + "2", + "3" + ], + "ai": false, + "nn": true, + "default": "3" + }, + { + "name": "classification", + "dataType": "enum", + "type": 247, + "length": null, + "values": [ + "Unclass", + "FOUO", + "C", + "S", + "TS", + "SCI", + "Public", + "Classified", + "Sensitive" + ], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "acred_type", + "dataType": "enum", + "type": 247, + "length": null, + "values": [ + "diacap", + "rmf", + "pci", + "nispom", + "hipaa", + "sox", + "cobit" + ], + "ai": false, + "nn": false, + "default": "diacap" + }, + { + "name": "mitigations", + "dataType": "mediumtext", + "type": 250, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "description", + "dataType": "mediumtext", + "type": 250, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "executive_summary", + "dataType": "mediumtext", + "type": 250, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "diagram", + "dataType": "mediumblob", + "type": 250, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + } + ] + }, + { + "schema": "sagacity", + "name": "software", + "primary_key": [ + "id" + ], + "fields": [ + { + "name": "id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": true, + "nn": true, + "default": "" + }, + { + "name": "cpe", + "dataType": "varchar(255)", + "type": 253, + "length": 255, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "cpe23", + "dataType": "varchar(255)", + "type": 253, + "length": 255, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "sw_string", + "dataType": "varchar(255)", + "type": 253, + "length": 255, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "short_sw_string", + "dataType": "varchar(64)", + "type": 253, + "length": 64, + "values": [], + "ai": false, + "nn": false, + "default": null + } + ] + }, + { + "schema": "sagacity", + "name": "sources", + "primary_key": [ + "id" + ], + "fields": [ + { + "name": "id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": true, + "nn": true, + "default": "" + }, + { + "name": "name", + "dataType": "varchar(20)", + "type": 253, + "length": 20, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "icon", + "dataType": "varchar(64)", + "type": 253, + "length": 64, + "values": [], + "ai": false, + "nn": false, + "default": null + } + ] + }, + { + "schema": "sagacity", + "name": "false_positives", + "primary_key": [ + "pdi_id", + "src_id" + ], + "fields": [ + { + "name": "pdi_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "src_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "notes", + "dataType": "text", + "type": 252, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + } + ], + "constraints": [ + { + "id": "fp_pdi_id", + "local": "pdi_id", + "schema": "sagacity", + "table": "pdi_catalog", + "field": "id", + "update": null, + "delete": null + }, + { + "id": "fp_src_id", + "local": "src_id", + "schema": "sagacity", + "table": "sources", + "field": "id", + "update": null, + "delete": null + } + ] + }, + { + "schema": "sagacity", + "name": "exceptions", + "primary_key": [ + "pdi_id", + "sys_id" + ], + "fields": [ + { + "name": "pdi_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "sys_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "notes", + "dataType": "text", + "type": 252, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + } + ], + "constraints": [ + { + "id": "exp_pdi_id", + "local": "pdi_id", + "schema": "sagacity", + "table": "pdi_catalog", + "field": "id", + "update": null, + "delete": null + }, + { + "id": "exp_sys_id", + "local": "sys_id", + "schema": "sagacity", + "table": "system", + "field": "id", + "update": null, + "delete": null + } + ] + }, + { + "schema": "sagacity", + "name": "task_status", + "primary_key": [ + "id" + ], + "fields": [ + { + "name": "id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": true, + "nn": true, + "default": "" + }, + { + "name": "status", + "dataType": "varchar(20)", + "type": 253, + "length": 20, + "values": [], + "ai": false, + "nn": true, + "default": "" + } + ] + }, + { + "schema": "sagacity", + "name": "category", + "primary_key": [ + "id" + ], + "fields": [ + { + "name": "id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": true, + "nn": true, + "default": "" + }, + { + "name": "name", + "dataType": "varchar(45)", + "type": 253, + "length": 45, + "values": [], + "ai": false, + "nn": true, + "default": "" + } + ] + }, + { + "schema": "sagacity", + "name": "findings_status", + "primary_key": [ + "id" + ], + "fields": [ + { + "name": "id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": true, + "nn": true, + "default": "" + }, + { + "name": "status", + "dataType": "varchar(20)", + "type": 253, + "length": 20, + "values": [], + "ai": false, + "nn": true, + "default": "" + } + ] + }, + { + "schema": "sagacity", + "name": "ports_proto_services", + "primary_key": [ + "id" + ], + "fields": [ + { + "name": "id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": true, + "nn": true, + "default": "" + }, + { + "name": "port", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "proto", + "dataType": "enum", + "type": 247, + "length": null, + "values": [ + "tcp", + "udp", + "dccp", + "sctp" + ], + "ai": false, + "nn": true, + "default": "tcp" + }, + { + "name": "IANA_Name", + "dataType": "varchar(45)", + "type": 253, + "length": 45, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "description", + "dataType": "varchar(500)", + "type": 253, + "length": 500, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "banner", + "dataType": "varchar(500)", + "type": 253, + "length": 500, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "notes", + "dataType": "varchar(500)", + "type": 253, + "length": 500, + "values": [], + "ai": false, + "nn": false, + "default": null + } + ] + }, + { + "schema": "sagacity", + "name": "proc_ia_controls", + "primary_key": [ + "control_id" + ], + "fields": [ + { + "name": "control_id", + "dataType": "varchar(10)", + "type": 253, + "length": 10, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "name", + "dataType": "varchar(100)", + "type": 253, + "length": 100, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "subject_area", + "dataType": "varchar(50)", + "type": 253, + "length": 50, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "description", + "dataType": "varchar(255)", + "type": 253, + "length": 255, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "threat_vul_cm", + "dataType": "varchar(255)", + "type": 253, + "length": 255, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "gen_imp_guide", + "dataType": "text", + "type": 252, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "impact", + "dataType": "enum", + "type": 247, + "length": null, + "values": [ + "low", + "medium", + "high" + ], + "ai": false, + "nn": false, + "default": "medium" + } + ] + }, + { + "schema": "sagacity", + "name": "proc_ia_sub_controls", + "primary_key": [ + "sub_control_id" + ], + "fields": [ + { + "name": "sub_control_id", + "dataType": "varchar(10)", + "type": 253, + "length": 10, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "parent_control_id", + "dataType": "varchar(10)", + "type": 253, + "length": 10, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "name", + "dataType": "varchar(100)", + "type": 253, + "length": 100, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "objective", + "dataType": "varchar(255)", + "type": 253, + "length": 255, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "prep", + "dataType": "text", + "type": 252, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "script", + "dataType": "text", + "type": 252, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "exp_result", + "dataType": "text", + "type": 252, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + } + ], + "constraints": [ + { + "id": "parent_cont_id", + "local": "parent_control_id", + "schema": "sagacity", + "table": "proc_ia_controls", + "field": "control_id", + "update": null, + "delete": null + } + ], + "index": [ + { + "id": "parent_cont_id_idx", + "type": "index", + "ref": "parent_control_id" + } + ] + }, + { + "schema": "sagacity", + "name": "proc_level_type", + "primary_key": [ + "proc_control_id", + "type", + "level", + "class" + ], + "fields": [ + { + "name": "proc_control_id", + "dataType": "varchar(10)", + "type": 253, + "length": 10, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "type", + "dataType": "enum", + "type": 247, + "length": null, + "values": [ + "diacap", + "rmf" + ], + "ai": false, + "nn": true, + "default": "diacap" + }, + { + "name": "level", + "dataType": "tinyint(1)", + "type": 1, + "length": 1, + "values": [], + "ai": false, + "nn": true, + "default": null + }, + { + "name": "class", + "dataType": "enum", + "type": 247, + "length": null, + "values": [ + "cl", + "pub", + "sen", + "u", + "fouo", + "s", + "ts", + "sci" + ], + "ai": false, + "nn": true, + "default": null + } + ], + "constraints": [ + { + "id": "proc_control_id", + "local": "proc_control_id", + "schema": "sagacity", + "table": "proc_ia_controls", + "field": "control_id", + "update": null, + "delete": null + } + ] + }, + { + "schema": "sagacity", + "name": "checklist", + "primary_key": [ + "id" + ], + "fields": [ + { + "name": "id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": true, + "nn": true, + "default": "" + }, + { + "name": "checklist_id", + "dataType": "varchar(255)", + "type": 253, + "length": 255, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "name", + "dataType": "varchar(255)", + "type": 253, + "length": 255, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "description", + "dataType": "text", + "type": 252, + "length": null, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "date", + "dataType": "date", + "type": 14, + "length": null, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "file_name", + "dataType": "varchar(255)", + "type": 253, + "length": 255, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "ver", + "dataType": "tinyint(3)", + "type": 1, + "length": 3, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "release", + "dataType": "varchar(5)", + "type": 253, + "length": 5, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "type", + "dataType": "enum", + "type": 247, + "length": null, + "values": [ + "benchmark", + "manual", + "policy", + "iavm" + ], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "icon", + "dataType": "varchar(45)", + "type": 253, + "length": 45, + "values": [], + "ai": false, + "nn": false, + "default": null + } + ] + }, + { + "schema": "sagacity", + "name": "checklist_software_lookup", + "primary_key": [ + "chk_id", + "sw_id" + ], + "fields": [ + { + "name": "chk_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "sw_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + } + ], + "constraints": [ + { + "id": "chk_sw_lu_chk_id", + "local": "chk_id", + "schema": "sagacity", + "table": "checklist", + "field": "id", + "update": null, + "delete": null + }, + { + "id": "chk_sw_lu_sw_id", + "local": "sw_id", + "schema": "sagacity", + "table": "software", + "field": "id", + "update": null, + "delete": null + } + ], + "index": [ + { + "id": "chk_sw_lu_chk_id_idx", + "type": "index", + "ref": "chk_id" + }, + { + "id": "chk_sw_lu_sw_id_idx", + "type": "index", + "ref": "sw_id" + } + ] + }, + { + "schema": "sagacity", + "name": "pdi_checklist_lookup", + "primary_key": [ + "pdi_id", + "checklist_id" + ], + "fields": [ + { + "name": "pdi_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "checklist_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "group_title", + "dataType": "varchar(2048)", + "type": 253, + "length": 2048, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "short_title", + "dataType": "varchar(1024)", + "type": 253, + "length": 1024, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "check_contents", + "dataType": "mediumtext", + "type": 250, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "fix_text", + "dataType": "text", + "type": 252, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "tweak_data", + "dataType": "mediumtext", + "type": 250, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + } + ], + "constraints": [ + { + "id": "pdi_chk_chk_id", + "local": "checklist_id", + "schema": "sagacity", + "table": "checklist", + "field": "id", + "update": null, + "delete": null + }, + { + "id": "pdi_pdi_id", + "local": "pdi_id", + "schema": "sagacity", + "table": "pdi_catalog", + "field": "id", + "update": null, + "delete": null + } + ], + "index": [ + { + "id": "pdi_chk_chk_id_idx", + "type": "index", + "ref": "checklist_id" + }, + { + "id": "pdi_pdi_id_idx", + "type": "index", + "ref": "pdi_id" + } + ] + }, + { + "schema": "sagacity", + "name": "advisories", + "primary_key": [ + "advisory_id", + "pdi_id" + ], + "fields": [ + { + "name": "pdi_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "advisory_id", + "dataType": "varchar(255)", + "type": 253, + "length": 255, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "title", + "dataType": "varchar(255)", + "type": 253, + "length": 255, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "impact", + "dataType": "varchar(64)", + "type": 253, + "length": 64, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "type", + "dataType": "varchar(45)", + "type": 253, + "length": 45, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "referece", + "dataType": "varchar(255)", + "type": 253, + "length": 255, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "url", + "dataType": "varchar(255)", + "type": 253, + "length": 255, + "values": [], + "ai": false, + "nn": false, + "default": null + } + ], + "constraints": [ + { + "id": "ad_pdi_id", + "local": "pdi_id", + "schema": "sagacity", + "table": "pdi_catalog", + "field": "id", + "update": null, + "delete": null + } + ], + "index": [ + { + "id": "ad_pdi_id_idx", + "type": "index", + "ref": "pdi_id" + } + ] + }, + { + "schema": "sagacity", + "name": "cce", + "primary_key": [ + "pdi_id", + "cce_id" + ], + "fields": [ + { + "name": "pdi_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "cce_id", + "dataType": "varchar(45)", + "type": 253, + "length": 45, + "values": [], + "ai": false, + "nn": true, + "default": "" + } + ], + "constraints": [ + { + "id": "cce_pdi_id", + "local": "pdi_id", + "schema": "sagacity", + "table": "pdi_catalog", + "field": "id", + "update": null, + "delete": null + } + ], + "index": [ + { + "id": "cce_pdi_id_idx", + "type": "index", + "ref": "pdi_id" + } + ] + }, + { + "schema": "sagacity", + "name": "cci", + "primary_key": [ + "cci_id" + ], + "fields": [ + { + "name": "cci_id", + "dataType": "varchar(20)", + "type": 253, + "length": 20, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "type", + "dataType": "enum", + "type": 247, + "length": null, + "values": [ + "policy", + "technical" + ], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "definition", + "dataType": "varchar(500)", + "type": 253, + "length": 500, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "param", + "dataType": "varchar(100)", + "type": 253, + "length": 100, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "note", + "dataType": "text", + "type": 252, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + } + ], + "index": [ + { + "id": "cci_id_idx", + "type": "index", + "ref": "cci_id" + } + ] + }, + { + "schema": "sagacity", + "name": "cci_refs", + "primary_key": [ + "cci_id", + "title" + ], + "fields": [ + { + "name": "cci_id", + "dataType": "varchar(20)", + "type": 253, + "length": 20, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "title", + "dataType": "varchar(20)", + "type": 253, + "length": 20, + "values": [], + "ai": false, + "nn": true, + "default": null + }, + { + "name": "ver", + "dataType": "tinyint(2)", + "type": 1, + "length": 2, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "url", + "dataType": "varchar(255)", + "type": 253, + "length": 255, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "index", + "dataType": "varchar(40)", + "type": 253, + "length": 40, + "values": [], + "ai": false, + "nn": false, + "default": null + } + ], + "constraints": [ + { + "id": "cci_refs_cci_id", + "local": "cci_id", + "schema": "sagacity", + "table": "cci", + "field": "cci_id", + "update": null, + "delete": null + } + ], + "index": [ + { + "id": "cci_refs_cci_id_idx", + "type": "index", + "ref": "cci_id" + }, + { + "id": "cci_refs_title_idx", + "type": "index", + "ref": "title" + } + ] + }, + { + "schema": "sagacity", + "name": "cve_db", + "primary_key": [ + "cve_id" + ], + "fields": [ + { + "name": "cve_id", + "dataType": "varchar(20)", + "type": 253, + "length": 20, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "seq", + "dataType": "varchar(20)", + "type": 253, + "length": 20, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "status", + "dataType": "varchar(20)", + "type": 253, + "length": 20, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "phase", + "dataType": "varchar(20)", + "type": 253, + "length": 20, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "phase_date", + "dataType": "date", + "type": 14, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "desc", + "dataType": "varchar(255)", + "type": 253, + "length": 255, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "cvss", + "dataType": "decimal(4,2)", + "type": 0, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + } + ], + "index": [ + { + "id": "cve_idx", + "type": "index", + "ref": "cve_id" + } + ] + }, + { + "schema": "sagacity", + "name": "cve_references", + "primary_key": [ + "id" + ], + "fields": [ + { + "name": "id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": true, + "nn": true, + "default": "" + }, + { + "name": "cve_seq", + "dataType": "varchar(20)", + "type": 253, + "length": 20, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "source", + "dataType": "varchar(45)", + "type": 253, + "length": 45, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "url", + "dataType": "varchar(255)", + "type": 253, + "length": 255, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "val", + "dataType": "varchar(255)", + "type": 253, + "length": 255, + "values": [], + "ai": false, + "nn": false, + "default": null + } + ], + "constraints": [ + { + "id": "cve_cve_ref_id", + "local": "cve_seq", + "schema": "sagacity", + "table": "cve_db", + "field": "cve_id", + "update": null, + "delete": null + } + ], + "index": [ + { + "id": "cve_ref_idx", + "type": "index", + "ref": "cve_seq" + } + ] + }, + { + "schema": "sagacity", + "name": "cve", + "primary_key": [ + "pdi_id", + "cve_id" + ], + "fields": [ + { + "name": "pdi_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "cve_id", + "dataType": "varchar(20)", + "type": 253, + "length": 20, + "values": [], + "ai": false, + "nn": true, + "default": "" + } + ], + "constraints": [ + { + "id": "cve_pdi_id", + "local": "pdi_id", + "schema": "sagacity", + "table": "pdi_catalog", + "field": "id", + "update": null, + "delete": null + }, + { + "id": "cve_cve_id", + "local": "cve_id", + "schema": "sagacity", + "table": "cve_db", + "field": "cve_id", + "update": null, + "delete": null + } + ] + }, + { + "schema": "sagacity", + "name": "cve_web", + "primary_key": [ + "cve_id" + ], + "fields": [ + { + "name": "cve_id", + "dataType": "varchar(20)", + "type": 253, + "length": 20, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "xml", + "dataType": "mediumtext", + "type": 250, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + } + ], + "constraints": [ + { + "id": "cve_web_cve_id", + "local": "cve_id", + "schema": "sagacity", + "table": "cve_db", + "field": "cve_id", + "update": null, + "delete": null + } + ] + }, + { + "schema": "sagacity", + "name": "golddisk", + "primary_key": [ + "pdi_id", + "vms_id" + ], + "fields": [ + { + "name": "pdi_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "vms_id", + "dataType": "varchar(20)", + "type": 253, + "length": 20, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "short_title", + "dataType": "varchar(64)", + "type": 253, + "length": 64, + "values": [], + "ai": false, + "nn": true, + "default": "" + } + ], + "constraints": [ + { + "id": "gd_pdi_id", + "local": "pdi_id", + "schema": "sagacity", + "table": "pdi_catalog", + "field": "id", + "update": null, + "delete": null + } + ], + "index": [ + { + "id": "gd_pdi_id_idx", + "type": "index", + "ref": "pdi_id" + } + ] + }, + { + "schema": "sagacity", + "name": "ia_controls", + "primary_key": [ + "pdi_id", + "type", + "type_id" + ], + "fields": [ + { + "name": "pdi_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "type", + "dataType": "varchar(5)", + "type": 253, + "length": 5, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "type_id", + "dataType": "varchar(8)", + "type": 253, + "length": 8, + "values": [], + "ai": false, + "nn": true, + "default": "" + } + ], + "constraints": [ + { + "id": "ia_pdi_id", + "local": "pdi_id", + "schema": "sagacity", + "table": "pdi_catalog", + "field": "id", + "update": null, + "delete": null + } + ], + "index": [ + { + "id": "ia_pdi_id_idx", + "type": "index", + "ref": "pdi_id" + } + ] + }, + { + "schema": "sagacity", + "name": "iavm_notices", + "primary_key": [ + "noticeId" + ], + "fields": [ + { + "name": "noticeId", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "pdi_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "xmlUrl", + "dataType": "varchar(255)", + "type": 253, + "length": 255, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "htmlUrl", + "dataType": "varchar(255)", + "type": 253, + "length": 255, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "file_name", + "dataType": "varchar(255)", + "type": 253, + "length": 255, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "iavmNoticeNumber", + "dataType": "varchar(20)", + "type": 253, + "length": 20, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "title", + "dataType": "varchar(255)", + "type": 253, + "length": 255, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "type", + "dataType": "varchar(5)", + "type": 253, + "length": 5, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "state", + "dataType": "varchar(45)", + "type": 253, + "length": 45, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "lastUpdated", + "dataType": "date", + "type": 14, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "releaseDate", + "dataType": "date", + "type": 14, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "supersedes", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "executiveSummary", + "dataType": "text", + "type": 252, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "fixAction", + "dataType": "text", + "type": 252, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "note", + "dataType": "text", + "type": 252, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "vulnAppsSysAndCntrmsrs", + "dataType": "text", + "type": 252, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "stigFindingSeverity", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "knownExploits", + "dataType": "varchar(45)", + "type": 253, + "length": 45, + "values": [], + "ai": false, + "nn": false, + "default": null + } + ], + "constraints": [ + { + "id": "iavm_pdi_id", + "local": "pdi_id", + "schema": "sagacity", + "table": "pdi_catalog", + "field": "id", + "update": null, + "delete": null + } + ], + "index": [ + { + "id": "iavm_pdi_id_idx", + "type": "index", + "ref": "pdi_id" + } + ] + }, + { + "schema": "sagacity", + "name": "iavm_bids", + "primary_key": [ + "id" + ], + "fields": [ + { + "name": "id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": true, + "nn": true, + "default": "" + }, + { + "name": "iavm_notice_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "bid", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + } + ], + "constraints": [ + { + "id": "bids_iavm_id", + "local": "iavm_notice_id", + "schema": "sagacity", + "table": "iavm_notices", + "field": "noticeId", + "update": null, + "delete": null + } + ], + "index": [ + { + "id": "bids_iavm_id_idx", + "type": "index", + "ref": "iavm_notice_id" + } + ] + }, + { + "schema": "sagacity", + "name": "iavm_mitigations", + "primary_key": [ + "id" + ], + "fields": [ + { + "name": "id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": true, + "nn": true, + "default": "" + }, + { + "name": "iavm_notice_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "header", + "dataType": "text", + "type": 252, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "body", + "dataType": "text", + "type": 252, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + } + ], + "constraints": [ + { + "id": "mit_iavm_id", + "local": "iavm_notice_id", + "schema": "sagacity", + "table": "iavm_notices", + "field": "noticeId", + "update": null, + "delete": null + } + ], + "index": [ + { + "id": "mit_iavm_id_idx", + "type": "index", + "ref": "iavm_notice_id" + } + ] + }, + { + "schema": "sagacity", + "name": "iavm_patches", + "primary_key": [ + "id" + ], + "fields": [ + { + "name": "id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": true, + "nn": true, + "default": "" + }, + { + "name": "iavm_notice_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "type", + "dataType": "varchar(45)", + "type": 253, + "length": 45, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "title", + "dataType": "varchar(255)", + "type": 253, + "length": 255, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "url", + "dataType": "varchar(255)", + "type": 253, + "length": 255, + "values": [], + "ai": false, + "nn": false, + "default": null + } + ], + "constraints": [ + { + "id": "patches_iavm_id", + "local": "iavm_notice_id", + "schema": "sagacity", + "table": "iavm_notices", + "field": "noticeId", + "update": null, + "delete": null + } + ], + "index": [ + { + "id": "patches_iavm_id_idx", + "type": "index", + "ref": "iavm_notice_id" + } + ] + }, + { + "schema": "sagacity", + "name": "iavm_references", + "primary_key": [ + "id" + ], + "fields": [ + { + "name": "id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": true, + "nn": true, + "default": "" + }, + { + "name": "iavm_notice_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "title", + "dataType": "varchar(255)", + "type": 253, + "length": 255, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "url", + "dataType": "varchar(255)", + "type": 253, + "length": 255, + "values": [], + "ai": false, + "nn": false, + "default": null + } + ], + "constraints": [ + { + "id": "ref_iavm_id", + "local": "iavm_notice_id", + "schema": "sagacity", + "table": "iavm_notices", + "field": "noticeId", + "update": null, + "delete": null + } + ], + "index": [ + { + "id": "ref_iavm_id_idx", + "type": "index", + "ref": "iavm_notice_id" + } + ] + }, + { + "schema": "sagacity", + "name": "iavm_tech_overview", + "primary_key": [ + "id" + ], + "fields": [ + { + "name": "id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": true, + "nn": true, + "default": "" + }, + { + "name": "iavm_notice_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "details", + "dataType": "text", + "type": 252, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + } + ], + "constraints": [ + { + "id": "iavm_ovw_iavm_id", + "local": "iavm_notice_id", + "schema": "sagacity", + "table": "iavm_notices", + "field": "noticeId", + "update": null, + "delete": null + } + ], + "index": [ + { + "id": "iavm_ovw_iavm_id_idx", + "type": "index", + "ref": "iavm_notice_id" + } + ] + }, + { + "schema": "sagacity", + "name": "iavm_to_cve", + "primary_key": [ + "noticeId", + "cve_id" + ], + "fields": [ + { + "name": "noticeId", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "cve_id", + "dataType": "varchar(45)", + "type": 253, + "length": 45, + "values": [], + "ai": false, + "nn": true, + "default": "" + } + ], + "constraints": [ + { + "id": "cve_lookup_id", + "local": "cve_id", + "schema": "sagacity", + "table": "cve_db", + "field": "cve_id", + "update": null, + "delete": null + }, + { + "id": "iavm_lookup_id", + "local": "noticeId", + "schema": "sagacity", + "table": "iavm_notices", + "field": "noticeId", + "update": null, + "delete": null + } + ], + "index": [ + { + "id": "cve_lookup_id_idx", + "type": "index", + "ref": "cve_id" + } + ] + }, + { + "schema": "sagacity", + "name": "nessus_plugins", + "primary_key": [ + "plugin_id" + ], + "fields": [ + { + "name": "plugin_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "oid", + "dataType": "varchar(45)", + "type": 253, + "length": 45, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "name", + "dataType": "varchar(255)", + "type": 253, + "length": 255, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "copyright", + "dataType": "varchar(255)", + "type": 253, + "length": 255, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "version", + "dataType": "varchar(45)", + "type": 253, + "length": 45, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "file_name", + "dataType": "varchar(100)", + "type": 253, + "length": 100, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "file_date", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": false, + "default": null + } + ] + }, + { + "schema": "sagacity", + "name": "nessus_meta", + "primary_key": [ + "meta_id" + ], + "fields": [ + { + "name": "meta_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": true, + "nn": true, + "default": "" + }, + { + "name": "plugin_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "type", + "dataType": "varchar(45)", + "type": 253, + "length": 45, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "val", + "dataType": "mediumtext", + "type": 250, + "length": null, + "values": [], + "ai": false, + "nn": true, + "default": "" + } + ], + "constraints": [ + { + "id": "nessus_plugin_id", + "local": "plugin_id", + "schema": "sagacity", + "table": "nessus_plugins", + "field": "plugin_id", + "update": null, + "delete": null + } + ], + "index": [ + { + "id": "nessus_plugin_id_idx", + "type": "index", + "ref": "plugin_id" + } + ] + }, + { + "schema": "sagacity", + "name": "nessus", + "primary_key": [ + "pdi_id", + "nessus_id" + ], + "fields": [ + { + "name": "pdi_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "nessus_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + } + ], + "constraints": [ + { + "id": "nessus_pdi_id", + "local": "pdi_id", + "schema": "sagacity", + "table": "pdi_catalog", + "field": "id", + "update": null, + "delete": null + }, + { + "id": "nessus_n_id", + "local": "nessus_id", + "schema": "sagacity", + "table": "nessus_plugins", + "field": "plugin_id", + "update": null, + "delete": null + } + ], + "index": [ + { + "id": "nessus_pdi_id_idx", + "type": "index", + "ref": "pdi_id" + }, + { + "id": "nessus_n_id_idx", + "type": "index", + "ref": "nessus_id" + } + ] + }, + { + "schema": "sagacity", + "name": "ov_convert", + "primary_key": [ + "pdi_id", + "const_id", + "value" + ], + "fields": [ + { + "name": "pdi_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "const_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "value", + "dataType": "varchar(255)", + "type": 253, + "length": 255, + "values": [], + "ai": false, + "nn": true, + "default": "" + } + ], + "constraints": [ + { + "id": "ov_pdi_id", + "local": "pdi_id", + "schema": "sagacity", + "table": "pdi_catalog", + "field": "id", + "update": null, + "delete": null + } + ], + "index": [ + { + "id": "ov_con_pdi_id_idx", + "type": "index", + "ref": "pdi_id" + } + ] + }, + { + "schema": "sagacity", + "name": "oval", + "primary_key": [ + "pdi_id", + "oval_id" + ], + "fields": [ + { + "name": "pdi_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "oval_id", + "dataType": "varchar(255)", + "type": 253, + "length": 255, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "title", + "dataType": "varchar(100)", + "type": 253, + "length": 100, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "desc", + "dataType": "varchar(255)", + "type": 253, + "length": 255, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "platform", + "dataType": "varchar(100)", + "type": 253, + "length": 100, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "ext_def", + "dataType": "varchar(100)", + "type": 253, + "length": 100, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "ext_def_op", + "dataType": "varchar(10)", + "type": 253, + "length": 10, + "values": [], + "ai": false, + "nn": false, + "default": null + } + ], + "constraints": [ + { + "id": "oval_pdi_id", + "local": "pdi_id", + "schema": "sagacity", + "table": "pdi_catalog", + "field": "id", + "update": null, + "delete": null + } + ], + "index": [ + { + "id": "oval_pdi_id_idx", + "type": "index", + "ref": "pdi_id" + } + ] + }, + { + "schema": "sagacity", + "name": "oval_ref", + "primary_key": [ + "oval_id", + "source" + ], + "fields": [ + { + "name": "oval_id", + "dataType": "varchar(255)", + "type": 253, + "length": 255, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "source", + "dataType": "varchar(20)", + "type": 253, + "length": 20, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "url", + "dataType": "varchar(255)", + "type": 253, + "length": 255, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "ref_id", + "dataType": "varchar(100)", + "type": 253, + "length": 100, + "values": [], + "ai": false, + "nn": false, + "default": null + } + ] + }, + { + "schema": "sagacity", + "name": "stigs", + "primary_key": [ + "pdi_id", + "stig_id" + ], + "fields": [ + { + "name": "pdi_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "stig_id", + "dataType": "varchar(45)", + "type": 253, + "length": 45, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "description", + "dataType": "varchar(1000)", + "type": 253, + "length": 1000, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "tweak_data", + "dataType": "mediumtext", + "type": 250, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + } + ], + "constraints": [ + { + "id": "stigs_pdi_id", + "local": "pdi_id", + "schema": "sagacity", + "table": "pdi_catalog", + "field": "id", + "update": null, + "delete": null + } + ], + "index": [ + { + "id": "stigs_pdi_id_idx", + "type": "index", + "ref": "pdi_id" + } + ] + }, + { + "schema": "sagacity", + "name": "sv_rule", + "primary_key": [ + "pdi_id", + "sv_rule" + ], + "fields": [ + { + "name": "pdi_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "sv_rule", + "dataType": "varchar(45)", + "type": 253, + "length": 45, + "values": [], + "ai": false, + "nn": true, + "default": "" + } + ], + "constraints": [ + { + "id": "sv_pdi_id", + "local": "pdi_id", + "schema": "sagacity", + "table": "pdi_catalog", + "field": "id", + "update": null, + "delete": null + } + ], + "index": [ + { + "id": "sv_pdi_id_idx", + "type": "index", + "ref": "pdi_id" + } + ] + }, + { + "schema": "sagacity", + "name": "people", + "primary_key": [ + "id" + ], + "fields": [ + { + "name": "id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": true, + "nn": true, + "default": "" + }, + { + "name": "org", + "dataType": "varchar(45)", + "type": 253, + "length": 45, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "name", + "dataType": "varchar(60)", + "type": 253, + "length": 60, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "phone", + "dataType": "varchar(15)", + "type": 253, + "length": 15, + "values": [], + "ai": false, + "nn": false, + "default": null + } + ] + }, + { + "schema": "sagacity", + "name": "ste", + "primary_key": [ + "id" + ], + "fields": [ + { + "name": "id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": true, + "nn": true, + "default": "" + }, + { + "name": "system_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "site_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "eval_start", + "dataType": "datetime", + "type": 12, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": "" + }, + { + "name": "eval_end", + "dataType": "datetime", + "type": 12, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": "" + }, + { + "name": "multiple", + "dataType": "tinyint(1)", + "type": 1, + "length": 1, + "values": [], + "ai": false, + "nn": false, + "default": "0" + }, + { + "name": "primary", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": false, + "default": "0" + }, + { + "name": "scope", + "dataType": "mediumtext", + "type": 250, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "ao", + "dataType": "varchar(45)", + "type": 253, + "length": 45, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "assumptions", + "dataType": "mediumtext", + "type": 250, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "constraints", + "dataType": "mediumtext", + "type": 250, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "recommendations", + "dataType": "mediumtext", + "type": 250, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "residual_risk", + "dataType": "mediumtext", + "type": 250, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "risk_status", + "dataType": "enum", + "type": 247, + "length": null, + "values": [ + "very low", + "low", + "medium", + "high", + "very high" + ], + "ai": false, + "nn": false, + "default": "medium" + }, + { + "name": "deviations", + "dataType": "mediumtext", + "type": 250, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "conclusion", + "dataType": "mediumtext", + "type": 250, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + } + ], + "constraints": [ + { + "id": "ste_sys_id", + "local": "system_id", + "schema": "sagacity", + "table": "system", + "field": "id", + "update": null, + "delete": null + }, + { + "id": "ste_site_id", + "local": "site_id", + "schema": "sagacity", + "table": "sites", + "field": "id", + "update": null, + "delete": null + } + ], + "index": [ + { + "id": "ste_sys_id_idx", + "type": "index", + "ref": "system_id" + }, + { + "id": "ste_site_id_idx", + "type": "index", + "ref": "site_id" + } + ] + }, + { + "schema": "sagacity", + "name": "ste_team", + "primary_key": [ + "people_id", + "ste_id" + ], + "fields": [ + { + "name": "people_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "ste_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "pos", + "dataType": "varchar(60)", + "type": 253, + "length": 60, + "values": [], + "ai": false, + "nn": false, + "default": null + } + ], + "constraints": [ + { + "id": "ste_team_people_id", + "local": "people_id", + "schema": "sagacity", + "table": "people", + "field": "id", + "update": null, + "delete": null + }, + { + "id": "ste_team_ste_id", + "local": "ste_id", + "schema": "sagacity", + "table": "ste", + "field": "id", + "update": null, + "delete": null + } + ] + }, + { + "schema": "sagacity", + "name": "ste_cat", + "primary_key": [ + "id" + ], + "fields": [ + { + "name": "id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": true, + "nn": true, + "default": "" + }, + { + "name": "ste_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "name", + "dataType": "varchar(45)", + "type": 253, + "length": 45, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "analysts", + "dataType": "varchar(20)", + "type": 253, + "length": 20, + "values": [], + "ai": false, + "nn": false, + "default": null + } + ], + "constraints": [ + { + "id": "ste_cat_ste_id", + "local": "ste_id", + "schema": "sagacity", + "table": "ste", + "field": "id", + "update": null, + "delete": null + } + ], + "index": [ + { + "id": "ste_cat_ste_id_idx", + "type": "index", + "ref": "ste_id" + } + ] + }, + { + "schema": "sagacity", + "name": "ste_cat_sources", + "primary_key": [ + "cat_id", + "src_id" + ], + "fields": [ + { + "name": "cat_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "src_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + } + ], + "constraints": [ + { + "id": "ste_cat_cat_id", + "local": "cat_id", + "schema": "sagacity", + "table": "ste_cat", + "field": "id", + "update": null, + "delete": null + }, + { + "id": "ste_cat_src_id", + "local": "src_id", + "schema": "sagacity", + "table": "sources", + "field": "id", + "update": null, + "delete": null + } + ] + }, + { + "schema": "sagacity", + "name": "interview_questions", + "primary_key": [ + "id" + ], + "fields": [ + { + "name": "id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": true, + "nn": true, + "default": "" + }, + { + "name": "cat", + "dataType": "varchar(64)", + "type": 253, + "length": 64, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "key", + "dataType": "varchar(20)", + "type": 253, + "length": 20, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "question", + "dataType": "text", + "type": 252, + "length": null, + "values": [], + "ai": false, + "nn": true, + "default": "" + } + ] + }, + { + "schema": "sagacity", + "name": "category_interview", + "primary_key": [ + "cat_id", + "ques_id" + ], + "fields": [ + { + "name": "cat_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "ques_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "answer", + "dataType": "tinyint(1)", + "type": 1, + "length": 1, + "values": [], + "ai": false, + "nn": false, + "default": null + } + ], + "constraints": [ + { + "id": "cat_int_cat_id", + "local": "cat_id", + "schema": "sagacity", + "table": "ste_cat", + "field": "id", + "update": null, + "delete": null + }, + { + "id": "cat_int_ques_id", + "local": "ques_id", + "schema": "sagacity", + "table": "interview_questions", + "field": "id", + "update": null, + "delete": null + } + ], + "index": [ + { + "id": "cat_int_ques_id_idx", + "type": "index", + "ref": "ques_id" + } + ] + }, + { + "schema": "sagacity", + "name": "scans", + "primary_key": [ + "id" + ], + "fields": [ + { + "name": "id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": true, + "nn": true, + "default": "" + }, + { + "name": "src_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "ste_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "pid", + "dataType": "int(5)", + "type": 3, + "length": 5, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "itr", + "dataType": "int(5)", + "type": 3, + "length": 5, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "file_name", + "dataType": "varchar(150)", + "type": 253, + "length": 150, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "file_date", + "dataType": "date", + "type": 14, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "start_time", + "dataType": "datetime", + "type": 12, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": "" + }, + { + "name": "last_update", + "dataType": "datetime", + "type": 12, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": "" + }, + { + "name": "status", + "dataType": "enum", + "type": 247, + "length": null, + "values": [ + "IN QUEUE", + "RUNNING", + "COMPLETE", + "ERROR", + "TERMINATED" + ], + "ai": false, + "nn": true, + "default": "IN QUEUE" + }, + { + "name": "perc_comp", + "dataType": "decimal(5,2)", + "type": 0, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "last_host", + "dataType": "varchar(64)", + "type": 253, + "length": 64, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "hosts_comp", + "dataType": "int(5)", + "type": 3, + "length": 5, + "values": [], + "ai": false, + "nn": false, + "default": "0" + }, + { + "name": "host_count", + "dataType": "int(5)", + "type": 3, + "length": 5, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "notes", + "dataType": "text", + "type": 252, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "location", + "dataType": "varchar(45)", + "type": 253, + "length": 45, + "values": [], + "ai": false, + "nn": false, + "default": null + } + ], + "constraints": [ + { + "id": "scan_src_id", + "local": "src_id", + "schema": "sagacity", + "table": "sources", + "field": "id", + "update": null, + "delete": null + }, + { + "id": "scan_ste_id", + "local": "ste_id", + "schema": "sagacity", + "table": "ste", + "field": "id", + "update": null, + "delete": null + } + ], + "index": [ + { + "id": "scan_src_id_idx", + "type": "index", + "ref": "src_id" + }, + { + "id": "scan_ste_id_idx", + "type": "index", + "ref": "ste_id" + } + ] + }, + { + "schema": "sagacity", + "name": "target", + "primary_key": [ + "ste_id", + "name" + ], + "unique": [ + "id" + ], + "fields": [ + { + "name": "id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": false, + "default": "" + }, + { + "name": "cat_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "os_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "ste_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "auto_status_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "man_status_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "data_status_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "fp_cat1_status_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "name", + "dataType": "varchar(64)", + "type": 253, + "length": 64, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "location", + "dataType": "varchar(45)", + "type": 253, + "length": 45, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "source", + "dataType": "varchar(20)", + "type": 253, + "length": 20, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "cat_1", + "dataType": "int(5)", + "type": 3, + "length": 5, + "values": [], + "ai": false, + "nn": false, + "default": "0" + }, + { + "name": "cat_2", + "dataType": "int(5)", + "type": 3, + "length": 5, + "values": [], + "ai": false, + "nn": false, + "default": "0" + }, + { + "name": "cat_3", + "dataType": "int(5)", + "type": 3, + "length": 5, + "values": [], + "ai": false, + "nn": false, + "default": "0" + }, + { + "name": "closed", + "dataType": "int(5)", + "type": 3, + "length": 5, + "values": [], + "ai": false, + "nn": false, + "default": "0" + }, + { + "name": "not_applicable", + "dataType": "int(5)", + "type": 3, + "length": 5, + "values": [], + "ai": false, + "nn": false, + "default": "0" + }, + { + "name": "not_reviewed", + "dataType": "int(5)", + "type": 3, + "length": 5, + "values": [], + "ai": false, + "nn": false, + "default": 0 + }, + { + "name": "compliance", + "dataType": "tinyint(3)", + "type": 1, + "length": 3, + "values": [], + "ai": false, + "nn": false, + "default": "0" + }, + { + "name": "assessed", + "dataType": "tinyint(3)", + "type": 1, + "length": 3, + "values": [], + "ai": false, + "nn": false, + "default": "0" + }, + { + "name": "notes", + "dataType": "mediumtext", + "type": 250, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "missing_patches", + "dataType": "mediumtext", + "type": 250, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "os_string", + "dataType": "varchar(255)", + "type": 253, + "length": 255, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "pp_flag", + "dataType": "tinyint(1)", + "type": 1, + "length": 1, + "values": [], + "ai": false, + "nn": false, + "default": "1" + }, + { + "name": "pp_off", + "dataType": "tinyint(1)", + "type": 1, + "length": 1, + "values": [], + "ai": false, + "nn": false, + "default": "0" + }, + { + "name": "class", + "dataType": "enum", + "type": 247, + "length": null, + "values": [ + "U", + "FOUO", + "S" + ], + "ai": false, + "nn": false, + "default": "U" + } + ], + "constraints": [ + { + "id": "t_cat_id", + "local": "cat_id", + "schema": "sagacity", + "table": "ste_cat", + "field": "id", + "update": null, + "delete": null + }, + { + "id": "t_os_id", + "local": "os_id", + "schema": "sagacity", + "table": "software", + "field": "id", + "update": null, + "delete": null + }, + { + "id": "t_ste_id", + "local": "ste_id", + "schema": "sagacity", + "table": "ste", + "field": "id", + "update": null, + "delete": null + }, + { + "id": "t_auto_id", + "local": "auto_status_id", + "schema": "sagacity", + "table": "task_status", + "field": "id", + "update": null, + "delete": null + }, + { + "id": "t_man_id", + "local": "man_status_id", + "schema": "sagacity", + "table": "task_status", + "field": "id", + "update": null, + "delete": null + }, + { + "id": "t_data_id", + "local": "data_status_id", + "schema": "sagacity", + "table": "task_status", + "field": "id", + "update": null, + "delete": null + }, + { + "id": "t_fp_cat1_id", + "local": "fp_cat1_status_id", + "schema": "sagacity", + "table": "task_status", + "field": "id", + "update": null, + "delete": null + } + ], + "index": [ + { + "id": "t_id_idx", + "type": "index", + "ref": "id" + }, + { + "id": "t_name_idx", + "type": "index", + "ref": "name" + }, + { + "id": "t_cat_id_idx", + "type": "index", + "ref": "cat_id" + }, + { + "id": "t_os_id_idx", + "type": "index", + "ref": "os_id" + }, + { + "id": "t_ste_id_idx", + "type": "index", + "ref": "ste_id" + }, + { + "id": "t_auto_id_idx", + "type": "index", + "ref": "auto_status_id" + }, + { + "id": "t_man_id_idx", + "type": "index", + "ref": "man_status_id" + }, + { + "id": "t_data_status_id_idx", + "type": "index", + "ref": "data_status_id" + }, + { + "id": "t_fp_cat1_id_idx", + "type": "index", + "ref": "fp_cat1_status_id" + } + ], + "triggers": [ + "DROP TRIGGER IF EXISTS `sagacity`.`target_BEFORE_INSERT`", + "CREATE DEFINER=`web`@`{host}` TRIGGER `sagacity`.`target_BEFORE_INSERT` BEFORE INSERT ON `target` FOR EACH ROW", + "BEGIN", + "SELECT MAX(`id`) INTO @newid", + "FROM `sagacity`.`target`;", + "SET NEW.`id` = COALESCE(@newid + 1, 1);", + "END" + ] + }, + { + "schema": "sagacity", + "name": "target_net_meta", + "primary_key": [ + "tgt_id" + ], + "fields": [ + { + "name": "tgt_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "netstat_connections", + "dataType": "mediumtext", + "type": 250, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "shares", + "dataType": "mediumtext", + "type": 250, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "routes", + "dataType": "mediumtext", + "type": 250, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "firewall_config", + "dataType": "mediumtext", + "type": 250, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + } + ], + "constraints": [ + { + "id": "tnm_tgt_id", + "local": "tgt_id", + "schema": "sagacity", + "table": "target", + "field": "id", + "update": null, + "delete": null + } + ] + }, + { + "schema": "sagacity", + "name": "target_user_meta", + "primary_key": [ + "tgt_id" + ], + "fields": [ + { + "name": "tgt_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "login", + "dataType": "varchar(100)", + "type": 253, + "length": 100, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "user_list", + "dataType": "mediumtext", + "type": 250, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "last_login", + "dataType": "varchar(255)", + "type": 253, + "length": 255, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "disabled_accts", + "dataType": "mediumtext", + "type": 250, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "stag_pwds", + "dataType": "mediumtext", + "type": 250, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "never_logged_in", + "dataType": "mediumtext", + "type": 250, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "pwd_never_expires", + "dataType": "mediumtext", + "type": 250, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + } + ], + "constraints": [ + { + "id": "tum_tgt_id", + "local": "tgt_id", + "schema": "sagacity", + "table": "target", + "field": "id", + "update": null, + "delete": null + } + ] + }, + { + "schema": "sagacity", + "name": "target_sys_meta", + "primary_key": [ + "tgt_id" + ], + "fields": [ + { + "name": "tgt_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "mounted", + "dataType": "mediumtext", + "type": 250, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "process_list", + "dataType": "mediumtext", + "type": 250, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "autorun", + "dataType": "mediumtext", + "type": 250, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "services", + "dataType": "mediumtext", + "type": 250, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "last_boot", + "dataType": "datetime", + "type": 12, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": "" + }, + { + "name": "remote_registry", + "dataType": "mediumtext", + "type": 250, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "copyrighted", + "dataType": "mediumtext", + "type": 250, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "is_vm", + "dataType": "tinyint(1)", + "type": 1, + "length": 1, + "values": [], + "ai": false, + "nn": false, + "default": "0" + }, + { + "name": "system", + "dataType": "mediumtext", + "type": 250, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "bios", + "dataType": "mediumtext", + "type": 250, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "wmi_listening_pid", + "dataType": "int(5)", + "type": 3, + "length": 5, + "values": [], + "ai": false, + "nn": false, + "default": "0" + } + ], + "constraints": [ + { + "id": "tsm_tgt_id", + "local": "tgt_id", + "schema": "sagacity", + "table": "target", + "field": "id", + "update": null, + "delete": null + } + ] + }, + { + "schema": "sagacity", + "name": "interfaces", + "primary_key": [ + "id" + ], + "fields": [ + { + "name": "id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": true, + "nn": true, + "default": "" + }, + { + "name": "tgt_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "name", + "dataType": "varchar(100)", + "type": 253, + "length": 100, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "ipv4", + "dataType": "varchar(150)", + "type": 253, + "length": 150, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "ipv6", + "dataType": "varchar(400)", + "type": 253, + "length": 400, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "hostname", + "dataType": "varchar(45)", + "type": 253, + "length": 45, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "mac", + "dataType": "varchar(40)", + "type": 253, + "length": 40, + "values": [], + "ai": false, + "nn": false, + "default": "" + }, + { + "name": "fqdn", + "dataType": "varchar(100)", + "type": 253, + "length": 100, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "description", + "dataType": "varchar(255)", + "type": 253, + "length": 255, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "dns", + "dataType": "varchar(60)", + "type": 253, + "length": 60, + "values": [], + "ai": false, + "nn": false, + "default": null + } + ], + "constraints": [ + { + "id": "int_tgt_id", + "local": "tgt_id", + "schema": "sagacity", + "table": "target", + "field": "id", + "update": null, + "delete": null + } + ] + }, + { + "schema": "sagacity", + "name": "target_checklist", + "primary_key": [ + "tgt_id", + "chk_id" + ], + "fields": [ + { + "name": "tgt_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "chk_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "class", + "dataType": "enum", + "type": 247, + "length": null, + "values": [ + "U", + "FOUO", + "S", + "TS", + "SCI" + ], + "ai": false, + "nn": false, + "default": "U" + } + ], + "constraints": [ + { + "id": "chk_tgt_chk_id", + "local": "chk_id", + "schema": "sagacity", + "table": "checklist", + "field": "id", + "update": null, + "delete": null + }, + { + "id": "tgt_tgt_chk_id", + "local": "tgt_id", + "schema": "sagacity", + "table": "target", + "field": "id", + "update": null, + "delete": null + } + ] + }, + { + "schema": "sagacity", + "name": "target_software", + "primary_key": [ + "tgt_id", + "sft_id" + ], + "fields": [ + { + "name": "tgt_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "sft_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "sw_string", + "dataType": "varchar(255)", + "type": 253, + "length": 255, + "values": [], + "ai": false, + "nn": false, + "default": null + } + ], + "constraints": [ + { + "id": "sft_tgt_sft_id", + "local": "sft_id", + "schema": "sagacity", + "table": "software", + "field": "id", + "update": null, + "delete": null + }, + { + "id": "tgt_tgt_sft_id", + "local": "tgt_id", + "schema": "sagacity", + "table": "target", + "field": "id", + "update": null, + "delete": null + } + ] + }, + { + "schema": "sagacity", + "name": "host_list", + "primary_key": [ + "scan_id", + "tgt_id" + ], + "fields": [ + { + "name": "scan_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "tgt_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "finding_count", + "dataType": "int(5)", + "type": 3, + "length": 5, + "values": [], + "ai": false, + "nn": false, + "default": "0" + }, + { + "name": "scanner_error", + "dataType": "tinyint(1)", + "type": 1, + "length": 1, + "values": [], + "ai": false, + "nn": false, + "default": "0" + }, + { + "name": "notes", + "dataType": "text", + "type": 252, + "length": "", + "values": [], + "ai": false, + "nn": false, + "default": "" + } + ], + "constraints": [ + { + "id": "host_scan_id", + "local": "scan_id", + "schema": "sagacity", + "table": "scans", + "field": "id", + "update": null, + "delete": null + }, + { + "id": "host_tgt_id", + "local": "tgt_id", + "schema": "sagacity", + "table": "target", + "field": "id", + "update": null, + "delete": null + } + ] + }, + { + "schema": "sagacity", + "name": "pps_list", + "primary_key": [ + "int_id", + "pps_id" + ], + "fields": [ + { + "name": "int_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "pps_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "name", + "dataType": "varchar(255)", + "type": 253, + "length": 255, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "banner", + "dataType": "text", + "type": 252, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "notes", + "dataType": "text", + "type": 252, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "listening", + "dataType": "tinyint(1)", + "type": 1, + "length": 1, + "values": [], + "ai": false, + "nn": false, + "default": "0" + } + ], + "constraints": [ + { + "id": "pps_int_id", + "local": "int_id", + "schema": "sagacity", + "table": "interfaces", + "field": "id", + "update": null, + "delete": null + }, + { + "id": "pps_pps_id", + "local": "pps_id", + "schema": "sagacity", + "table": "ports_proto_services", + "field": "id", + "update": null, + "delete": null + } + ] + }, + { + "schema": "sagacity", + "name": "findings", + "primary_key": [ + "tgt_id", "pdi_id" + ], + "fields": [ + { + "name": "tgt_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "pdi_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "scan_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "findings_status_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "cat", + "dataType": "int(1)", + "type": 3, + "length": 1, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "change_id", + "dataType": "tinyint(2)", + "type": 1, + "length": 2, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "orig_src", + "dataType": "varchar(10)", + "type": 253, + "length": 10, + "values": [], + "ai": false, + "nn": false, + "default": null + }, + { + "name": "finding_itr", + "dataType": "int(5)", + "type": 3, + "length": 5, + "values": [], + "ai": false, + "nn": false, + "default": "1" + }, + { + "name": "notes", + "dataType": "text", + "type": 252, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + } + ], + "constraints": [ + { + "id": "find_pdi_id", + "local": "pdi_id", + "schema": "sagacity", + "table": "pdi_catalog", + "field": "id", + "update": null, + "delete": null + }, + { + "id": "find_tgt_id", + "local": "tgt_id", + "schema": "sagacity", + "table": "target", + "field": "id", + "update": null, + "delete": null + }, + { + "id": "find_scan_id", + "local": "scan_id", + "schema": "sagacity", + "table": "scans", + "field": "id", + "update": null, + "delete": null + }, + { + "id": "find_status_id", + "local": "findings_status_id", + "schema": "sagacity", + "table": "findings_status", + "field": "id", + "update": null, + "delete": null + } + ] + }, + { + "schema": "sagacity", + "name": "finding_controls", + "primary_key": [ + "tgt_id", + "pdi_id", + "ia_control" + ], + "fields": [ + { + "name": "tgt_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "pdi_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "ia_control", + "dataType": "varchar(20)", + "type": 253, + "length": 20, + "values": [], + "ai": false, + "nn": true, + "default": "" + } + ], + "constraints": [ + { + "id": "find_tgt_ctrl_id", + "local": "tgt_id", + "schema": "sagacity", + "table": "findings", + "field": "tgt_id", + "update": null, + "delete": null + }, + { + "id": "find_pdi_ctrl_id", + "local": "pdi_id", + "schema": "sagacity", + "table": "findings", + "field": "pdi_id", + "update": null, + "delete": null + } + ] + }, + { + "schema": "sagacity", + "name": "scan_notes", + "primary_key": [ + "tgt_id", + "pdi_id" + ], + "fields": [ + { + "name": "tgt_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "pdi_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "note", + "dataType": "mediumtext", + "type": 250, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": "" + } + ], + "constraints": [ + { + "id": "scan_find_tgt_notes_id", + "local": "tgt_id", + "schema": "sagacity", + "table": "findings", + "field": "tgt_id", + "update": null, + "delete": null + }, + { + "id": "scan_find_pdi_notes_id", + "local": "pdi_id", + "schema": "sagacity", + "table": "findings", + "field": "pdi_id", + "update": null, + "delete": null + } + ] + }, + { + "schema": "sagacity", + "name": "analyst_notes", + "primary_key": [ + "tgt_id", + "pdi_id" + ], + "fields": [ + { + "name": "tgt_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "pdi_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "note", + "dataType": "mediumtext", + "type": 250, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": "" + } + ], + "constraints": [ + { + "id": "analyst_find_tgt_notes_id", + "local": "tgt_id", + "schema": "sagacity", + "table": "findings", + "field": "tgt_id", + "update": null, + "delete": null + }, + { + "id": "analyst_find_pdi_notes_id", + "local": "pdi_id", + "schema": "sagacity", + "table": "findings", + "field": "pdi_id", + "update": null, + "delete": null + } + ] + }, + { + "schema": "sagacity", + "name": "search_filters", + "primary_key": [ + "id" + ], + "fields": [ + { + "name": "id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": true, + "nn": true, + "default": "" + }, + { + "name": "name", + "dataType": "varchar(45)", + "type": 253, + "length": 45, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "type", + "dataType": "enum", + "type": 247, + "length": null, + "values": [ + "target", + "scan", + "finding", + "reference" + ], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "criteria", + "dataType": "text", + "type": 252, + "length": null, + "values": [], + "ai": false, + "nn": false, + "default": null + } + ] + }, + { + "schema": "sagacity", + "name": "cve_sw_lookup", + "primary_key": [ + "cve_id", + "sw_id" + ], + "fields": [ + { + "name": "cve_id", + "dataType": "varchar(20)", + "type": 253, + "length": 20, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, + { + "name": "sw_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + } + ] + } + ] } \ No newline at end of file diff --git a/exec/background_results.php b/exec/background_results.php index 292602c..92722dd 100644 --- a/exec/background_results.php +++ b/exec/background_results.php @@ -237,7 +237,7 @@ do { } while ($dbh->get_Running_Script_Count($conf['ste'])); -if (!$debug) { +if (!$debug && file_exists(DOC_ROOT . "/exec/parse_config.ini")) { unlink(DOC_ROOT . "/exec/parse_config.ini"); } diff --git a/exec/export-ckl.php b/exec/export-ckl.php index 01b1fac..17c31e0 100644 --- a/exec/export-ckl.php +++ b/exec/export-ckl.php @@ -190,10 +190,11 @@ if ($tgt_count = count($tgts)) { $total_stigs += $pdi_count = (is_array($pdis) ? count($pdis) : 0); $count = 0; + $findings = $db->get_Finding($tgt); + foreach ($pdis as $pdi) { - $find = $db->get_Finding($tgt, new stig($pdi['pdi_id'], $pdi['STIG_ID'], null)); - if (is_array($find) && count($find) && isset($find[0]) && is_a($find[0], 'finding')) { - $find = $find[0]; + if (isset($findings[$pdi['pdi_id']])) { + $find = $findings[$pdi['pdi_id']]; } $sev = 'low'; diff --git a/exec/parse_excel_echecklist.php b/exec/parse_excel_echecklist.php index c9b3e03..ed4cc13 100644 --- a/exec/parse_excel_echecklist.php +++ b/exec/parse_excel_echecklist.php @@ -25,6 +25,7 @@ * - Aug 28, 2017 - Fixed couple minor bugs * - Jan 15, 2018 - Formatting, reorganized use statements, and cleaned up * - May 24, 2018 - Attempt to fix bug #413 + * - Nov 6, 2018 - performance improvements, ensure duplicate findings are not created, make eChecklist true status, update for removing findings.id */ $cmd = getopt("f:", ['debug::', 'help::']); set_time_limit(0); @@ -126,7 +127,7 @@ foreach ($objSS->getWorksheetIterator() as $wksht) { continue; } -$scan->isTerminated(); + $scan->isTerminated(); $log->notice("Reading from {$wksht->getTitle()}"); @@ -155,6 +156,7 @@ $scan->isTerminated(); $short_title_col = Coordinate::stringFromColumnIndex($idx['short_title']); $row_count = $highestRow = $wksht->getHighestDataRow() - 10; $highestCol = $wksht->getHighestDataColumn(10); + $tgt_findings = []; for ($col = 'F' ; $col != $highestCol ; $col++) { $cell = $wksht->getCell($col . '10'); @@ -219,7 +221,9 @@ $scan->isTerminated(); $scan->add_Target_to_Host_List($hl); } - if (preg_match('/Overall/i', $cell->getValue())) { + $tgt_findings[$tgt->get_ID()] = $db->get_Finding($tgt); + + if (preg_match('/overall/i', $cell->getValue())) { $log->debug("Found overall: {$cell->getColumn()}"); break; } @@ -294,34 +298,24 @@ $scan->isTerminated(); $status = $wksht->getCell(Coordinate::stringFromColumnIndex($idx['target'] + $x) . $row->getRowIndex()) ->getValue(); - $log->debug("{$tgt->get_Name()} {$stig->get_ID()} ($status)"); - - $finding = $db->get_Finding($tgt, $stig); - - if (is_array($finding) && count($finding) && isset($finding[0]) && is_a($finding[0], 'finding')) { + $findings = $tgt_findings[$tgt->get_ID()]; + if (is_array($findings) && count($findings) && isset($findings[$stig->get_PDI_ID()]) && is_a($findings[$stig->get_PDI_ID()], 'finding')) { /** @var finding $tmp */ - $tmp = $finding[0]; - - if(preg_match("/Not a Finding|Not Applicable/i", $status)) { - $ds = $tmp->get_Deconflicted_Status($status); - $tmp->set_Finding_Status_By_String($ds); - } - else { - $tmp->set_Finding_Status_By_String($status); - } + $tmp = $findings[$stig->get_PDI_ID()]; + $tmp->set_Finding_Status_By_String($status); $tmp->set_Notes($notes); $tmp->set_Category($cat_lvl); $updated_findings[] = $tmp; } else { - $tmp = new finding(null, $tgt->get_ID(), $stig->get_PDI_ID(), $scan->get_ID(), $status, $notes, null, null, null); + $tmp = new finding($tgt->get_ID(), $stig->get_PDI_ID(), $scan->get_ID(), $status, $notes, null, null, null); $tmp->set_Category($cat_lvl); $new_findings[] = $tmp; } - + $log->debug("{$tgt->get_Name()} {$stig->get_ID()} ({$tmp->get_Finding_Status_String()})"); $x++; } @@ -347,10 +341,8 @@ $scan->isTerminated(); } } -/** - * @var host_list $h - */ -foreach($host_list as $h) { +/** @var host_list $h */ +foreach($scan->get_Host_List() as $h) { $db->update_Target_Counts($h->getTargetId()); } diff --git a/exec/parse_host_data_collection.php b/exec/parse_host_data_collection.php index b71a7ae..ae3eb53 100644 --- a/exec/parse_host_data_collection.php +++ b/exec/parse_host_data_collection.php @@ -112,10 +112,8 @@ foreach ($files as $file) { $scan_id = 0; -foreach ($findings as $key => $find) { - if (false) { - $find = new finding(); - } +/** @var finding $find */ +foreach ($findings as $find) { $ret = array(); if ($find->get_Scan_ID()) { $scan_id = $find->get_Scan_ID(); diff --git a/exec/parse_mssql.php b/exec/parse_mssql.php index 83e8b3d..bdfac63 100644 --- a/exec/parse_mssql.php +++ b/exec/parse_mssql.php @@ -181,10 +181,8 @@ class mssql_parser extends scan_xml_parser { // check for finding $finding = $this->db->get_Finding($this->tgt, $this->stig); if (is_array($finding) && count($finding)) { + /** @var finding $finding */ $finding = $finding[0]; - if (false) { - $finding = new finding(); - } $finding->prepend_Notes("(MSSQL) " . $this->notes); if ($finding->get_Finding_Status_String() != "Not Reviewed" && $finding->get_Finding_Status_String() != $this->status) { @@ -199,7 +197,7 @@ class mssql_parser extends scan_xml_parser { $this->updated_findings[$finding->get_PDI_ID()] = $finding; } else { - $finding = new finding(null, $this->tgt->get_ID(), $this->stig->get_PDI_ID(), $this->scan->get - ID(), $this->status, $this->notes, finding::NC, "MSSQL", 1); + $finding = new finding($this->tgt->get_ID(), $this->stig->get_PDI_ID(), $this->scan->get - ID(), $this->status, $this->notes, finding::NC, "MSSQL", 1); $this->new_findings[$this->stig->get_PDI_ID()] = $finding; } diff --git a/exec/parse_nessus.php b/exec/parse_nessus.php index 545ed4f..29aed04 100644 --- a/exec/parse_nessus.php +++ b/exec/parse_nessus.php @@ -1142,7 +1142,7 @@ class nessus_parser extends scan_xml_parser } } else { - $tmp = new finding(null, $this->tgt->get_ID(), $this->plugin->result->stig->get_PDI_ID(), $this->scan->get_ID(), $this->plugin->result->status, "[{$this->tgt->get_Name()}]: {$note}", finding::NC, "Nessus", 1); + $tmp = new finding($this->tgt->get_ID(), $this->plugin->result->stig->get_PDI_ID(), $this->scan->get_ID(), $this->plugin->result->status, "[{$this->tgt->get_Name()}]: {$note}", finding::NC, "Nessus", 1); if (!is_null($pdi)) { $tmp->set_Category($pdi->get_Category_Level()); } @@ -1178,7 +1178,7 @@ class nessus_parser extends scan_xml_parser $stig = new stig($pdi_id, $this->plugin->result->stig, $this->plugin->desc); $this->db->add_Stig($stig); - $tmp = new finding(null, $this->tgt->get_ID(), $pdi->get_ID(), $this->scan->get_ID(), $this->plugin->result->status, "[" . $this->tgt->get_Name() . "]: " . $note, finding::NC, "Nessus", 1); + $tmp = new finding($this->tgt->get_ID(), $pdi->get_ID(), $this->scan->get_ID(), $this->plugin->result->status, "[" . $this->tgt->get_Name() . "]: " . $note, finding::NC, "Nessus", 1); $tmp->set_Category($this->plugin->result->cat); if (isset($this->new_findings[$tmp->get_PDI_ID()])) { @@ -1215,10 +1215,8 @@ class nessus_parser extends scan_xml_parser } if (is_a($finding, 'finding')) { + /** @var finding $finding */ $this->log->script_log("Updating finding"); - if (false) { - $finding = new finding(); - } if ($this->debug) { $this->log->script_log("Finding exists: " . print_r($finding, true), E_DEBUG); } @@ -1265,7 +1263,7 @@ class nessus_parser extends scan_xml_parser } else { $this->log->script_log("Adding new finding"); - $tmp = new finding(null, $this->tgt->get_ID(), $this->plugin->db_plugin->get_PDI_ID(), $this->scan->get_ID(), $this->plugin->result->status, $note, finding::NC, "Nessus", 1); + $tmp = new finding($this->tgt->get_ID(), $this->plugin->db_plugin->get_PDI_ID(), $this->scan->get_ID(), $this->plugin->result->status, $note, finding::NC, "Nessus", 1); $tmp->set_Category($this->plugin->result->cat); $this->new_findings[$tmp->get_PDI_ID()] = $tmp; diff --git a/exec/parse_nvd_json_cve.php b/exec/parse_nvd_json_cve.php index 4d8d06f..9eba7dd 100644 --- a/exec/parse_nvd_json_cve.php +++ b/exec/parse_nvd_json_cve.php @@ -49,7 +49,7 @@ $log = new Logger("nvd_cve"); $log->pushHandler(new StreamHandler(LOG_PATH . "/nvd_cve.log", $log_level)); $db = new db(); -$json = json_decode(file_get_contents($cmd['f'])); +$json = json_decode(file_get_contents($cmd['f']), true); $existing_cves = []; $db->help->select("cve_db", ['cve_id']); @@ -60,19 +60,21 @@ if (is_array($cves) && count($cves)) { } } -print "Currently " . count($existing_cves) . " in DB" . PHP_EOL . "Parsing: " . count($json->CVE_Items) . " items" . PHP_EOL; +print "Currently " . count($existing_cves) . " in DB" . PHP_EOL . "Parsing: " . count($json['CVE_Items']) . " items" . PHP_EOL; $db_cpes = []; +$db_cpes23 = []; $new_cves = []; $new_cve_refs = []; $sw_rows = []; $new = 0; $existing = 0; -$db->help->select("software", ['id', 'cpe']); +$db->help->select("software", ['id', 'cpe', 'cpe23']); $rows = $db->help->execute(); foreach ($rows as $row) { $db_cpes["{$row['cpe']}"] = $row['id']; + $db_cpes23["{$row['cpe23']}"] = $row['id']; } $cve_fields = [ @@ -82,24 +84,22 @@ $ref_fields = [ 'cve_seq', 'source', 'url', 'val' ]; -foreach ($json->CVE_Items as $cve) { - if (!isset($existing_cves["{$cve->cve->CVE_data_meta->ID}"])) { - $log->debug("Adding {$cve->cve->CVE_data_meta->ID}"); +foreach ($json['CVE_Items'] as $cve) { + if (!isset($existing_cves["{$cve['cve']['CVE_data_meta']['ID']}"])) { + $log->debug("Adding {$cve['cve']['CVE_data_meta']['ID']}"); $new++; $desc = []; $status = null; $phase = null; $cpes = []; - $name = $cve->cve->CVE_data_meta->ID; - $type = $cve->cve->data_type; - $seq = $cve->cve->CVE_data_meta->ID; - $pd = new DateTime($cve->publishedDate); - $lmd = new DateTime($cve->lastModifiedDate); + $name = $cve['cve']['CVE_data_meta']['ID']; + $seq = $cve['cve']['CVE_data_meta']['ID']; + $pd = new DateTime($cve['publishedDate']); - if (is_array($cve->cve->description->description_data) && count($cve->cve->description->description_data)) { - foreach ($cve->cve->description->description_data as $d) { - $desc[] = $d->value; + if (is_array($cve['cve']['description']['description_data']) && count($cve['cve']['description']['description_data'])) { + foreach ($cve['cve']['description']['description_data'] as $d) { + $desc[] = $d['value']; } } @@ -107,24 +107,21 @@ foreach ($json->CVE_Items as $cve) { $name, $seq, $status, $phase, $pd, implode(PHP_EOL, $desc) ]; - if (is_array($cve->cve->references->reference_data) && count($cve->cve->references->reference_data)) { - foreach ($cve->cve->references->reference_data as $ref) { - $log->debug("Adding reference {$ref->url}"); + if (is_array($cve['cve']['references']['reference_data']) && count($cve['cve']['references']['reference_data'])) { + foreach ($cve['cve']['references']['reference_data'] as $ref) { + $log->debug("Adding reference {$ref['url']}"); $new_cve_refs[] = [ - $name, null, $ref->url, null + $name, null, $ref['url'], null ]; } } - if (is_array($cve->configurations->nodes) && count($cve->configurations->nodes)) { - foreach ($cve->configurations->nodes as $n) { - if (isset($n->cpe) && is_array($n->cpe) && count($n->cpe)) { - foreach ($n->cpe as $cpe) { - if (isset($cpe->cpe22Uri)) { - $cpes[] = $cpe->cpe22Uri; - } - elseif (isset($cpe->cpeMatchString)) { - $cpes[] = $cpe->cpeMatchString; + if(is_array($cve['configurations']['nodes']) && count($cve['configurations']['nodes'])) { + foreach($cve['configurations']['nodes'] as $n) { + if(isset($n['cpe_match']) && is_array($n['cpe_match']) && count($n['cpe_match'])) { + foreach($n['cpe_match'] as $c) { + if($c['vulnerable'] && $c['cpe23Uri']) { + $cpes[] = $c['cpe23Uri']; } } } @@ -135,6 +132,8 @@ foreach ($json->CVE_Items as $cve) { foreach ($cpes as $cpe) { if (isset($db_cpes["{$cpe}"])) { $sw_rows[] = [$name, $db_cpes["{$cpe}"]]; + } elseif (isset($db_cpes23["{$cpe}"])) { + $sw_rows[] = [$name, $db_cpes23["{$cpe}"]]; } } } @@ -185,7 +184,7 @@ if (count($sw_rows)) { $db->help->execute(); } -unlink($cmd['f']); +//unlink($cmd['f']); print PHP_EOL; diff --git a/exec/parse_scc_xccdf.php b/exec/parse_scc_xccdf.php index a2da39b..71569c9 100644 --- a/exec/parse_scc_xccdf.php +++ b/exec/parse_scc_xccdf.php @@ -104,8 +104,6 @@ class scc_parser extends scan_xml_parser var $found_rule = false; - var $log = null; - /** * Constructor * @@ -665,9 +663,7 @@ class scc_parser extends scan_xml_parser */ if (is_array($existing_findings) && count($existing_findings) && isset($existing_findings[$pdi_id])) { - /** - * @var finding $finding - */ + /** @var finding $finding */ $finding = $existing_findings[$pdi_id]; $finding->set_Finding_Status_By_String($finding->get_Deconflicted_Status($group['status'])); @@ -679,7 +675,7 @@ class scc_parser extends scan_xml_parser $update_findings[$pdi_id] = $finding; } else { - $new_findings[$pdi_id] = new finding(null, $this->tgt->get_ID(), $pdi_id, $this->scan->get_ID(), $group['status'], $note, finding::NC, null, 1); + $new_findings[$pdi_id] = new finding($this->tgt->get_ID(), $pdi_id, $this->scan->get_ID(), $group['status'], $note, finding::NC, null, 1); } } @@ -689,11 +685,11 @@ class scc_parser extends scan_xml_parser $hl->setTargetId($this->tgt->get_ID()); $hl->setTargetName($this->tgt->get_Name()); $hl->setFindingCount(count($new_findings) + count($update_findings)); - $hl->setScanError(false); $this->db->update_Target_Counts($this->tgt->get_ID()); $this->scan->add_Target_to_Host_List($hl); + $this->db->update_Scan_Host_List($this->scan); } } diff --git a/inc/database.inc b/inc/database.inc index c9bb7d7..a7df1b1 100644 --- a/inc/database.inc +++ b/inc/database.inc @@ -66,7 +66,7 @@ * - Jan 10, 2018 - Added a couple functions and formatting * - Jan 15, 2018 - Fixed bug in get_Category_Findings * - Jan 16, 2018 - Added include for host_list.inc, updated to use host_list class, fixed bug in delete_Scan method - Moved scan deletion here + Moved scan deletion here * - Jan 20, 2018 - Fixed typo in save_STE method * - May 24, 2018 - Added defaulting where clause operator to '=' * - May 26, 2018 - Updated autocategorization to removed any extranious spaces before or after the string @@ -112,7 +112,7 @@ include_once 'nasl.inc'; include_once 'uuid.inc'; include_once 'host_list.inc'; -// @TODO - Make sure all save functions accept a class object or array of that class that is being saved. Otherwise, only primative types will be passed in. +// @TODO - Make sure all save functions accept a class object or array of that class that is being saved. Otherwise, only primative types will be passed in. /** * Constant to decide if the database queries will run automatically after creating them * @@ -121,49 +121,56 @@ include_once 'host_list.inc'; define('AUTORUN', false); /** - * Global to represent an IN statement (e.g. WHERE field IN (1,2)) + * Global to represent an IN statement (e.g. + * WHERE field IN (1,2)) * * @var int */ define('IN', 1); /** - * Global to represent a NOT IN statement (e.g. WHERE field NOT IN (1,2)) + * Global to represent a NOT IN statement (e.g. + * WHERE field NOT IN (1,2)) * * @var int */ define('NOT_IN', 64); /** - * Global to represent a BETWEEN statement (e.g. WHERE field BETWEEN 1 and 2) + * Global to represent a BETWEEN statement (e.g. + * WHERE field BETWEEN 1 and 2) * * @var int */ define('BETWEEN', 2); /** - * Global to represent a LIKE statement (e.g. WHERE field LIKE '%value%') + * Global to represent a LIKE statement (e.g. + * WHERE field LIKE '%value%') * * @var int */ define('LIKE', 4); /** - * Global to represent an IS NOT statement (e.g. WHERE field IS NOT NULL) + * Global to represent an IS NOT statement (e.g. + * WHERE field IS NOT NULL) * * @var int */ define('IS_NOT', 8); /** - * Global to represent an IS statement (e.g. WHERE field IS NULL) + * Global to represent an IS statement (e.g. + * WHERE field IS NULL) * * @var int */ define('IS', 16); /** - * Global to represent an NOT LIKE statement (e.g. WHERE field NOT LIKE '%value%' + * Global to represent an NOT LIKE statement (e.g. + * WHERE field NOT LIKE '%value%' * * @var int */ @@ -177,19 +184,31 @@ define('NOT_LIKE', 32); class db_helper { - const SELECT = 1; - const SELECT_COUNT = 2; - const CREATE_TABLE = 3; - const DROP = 4; - const DELETE = 5; - const INSERT = 6; - const REPLACE = 7; - const UPDATE = 8; - const EXTENDED_INSERT = 9; + const SELECT = 1; + + const SELECT_COUNT = 2; + + const CREATE_TABLE = 3; + + const DROP = 4; + + const DELETE = 5; + + const INSERT = 6; + + const REPLACE = 7; + + const UPDATE = 8; + + const EXTENDED_INSERT = 9; + const EXTENDED_REPLACE = 10; - const EXTENDED_UPDATE = 11; - const ALTER_TABLE = 12; - const TRUNCATE = 13; + + const EXTENDED_UPDATE = 11; + + const ALTER_TABLE = 12; + + const TRUNCATE = 13; /** * The mysqli connection @@ -222,16 +241,16 @@ class db_helper /** * Constructor * - * @param mysqli $dbh [by ref] - * mysqli object to perform queries. + * @param mysqli $dbh + * [by ref] + * mysqli object to perform queries. */ public function __construct(&$dbh) { - if (!is_null($dbh) && is_a($dbh, "mysqli")) { + if (! is_null($dbh) && is_a($dbh, "mysqli")) { $this->c = $dbh; - } - else { - throw(new Exception("Could not create database helper class", E_ERROR)); + } else { + throw (new Exception("Could not create database helper class", E_ERROR)); } $this->c->real_query("SET time_zone='+00:00'"); @@ -241,43 +260,45 @@ class db_helper /** * Function to execute the statement * - * @param mixed $return [optional] - * MYSQLI constant to control what is returned from the mysqli_result object - * @param string $sql [optional] - * Optional SQL query + * @param mixed $return + * [optional] + * MYSQLI constant to control what is returned from the mysqli_result object + * @param string $sql + * [optional] + * Optional SQL query * * @return mixed */ public function execute($return = MYSQLI_ASSOC, $sql = null) { - if (!is_null($sql)) { + if (! is_null($sql)) { $this->sql = $sql; } if (is_a($this->c, 'mysqli')) { - if (!$this->c->ping()) { + if (! $this->c->ping()) { $this->c = null; $this->c = new mysqli(DB_SERVER, 'web', db::decrypt_pwd(), 'sagacity'); } - } - else { - throw(new Exception('Database was not connected', E_ERROR)); + } else { + throw (new Exception('Database was not connected', E_ERROR)); } try { - if (in_array($this->query_type, [self::SELECT, self::SELECT_COUNT])) { + if (in_array($this->query_type, [ + self::SELECT, + self::SELECT_COUNT + ])) { $this->result = $this->c->query($this->sql); if ($this->c->error) { $this->debug(E_ERROR); } - } - elseif ($this->query_type == self::DELETE) { + } elseif ($this->query_type == self::DELETE) { $this->c->real_query($this->sql); if ($this->c->error) { return 0; } - } - else { + } else { $this->c->real_query($this->sql); if ($this->c->error) { $this->debug(E_ERROR, $this->c->error); @@ -285,8 +306,7 @@ class db_helper } $this->result = $this->check_results($return); - } - catch (Exception $e) { + } catch (Exception $e) { die($e->getTraceAsString()); } @@ -296,8 +316,9 @@ class db_helper /** * Function to check the results and return what is expected * - * @param mixed $return_type [optional] - * Optional return mysqli_result return type + * @param mixed $return_type + * [optional] + * Optional return mysqli_result return type * * @return mixed */ @@ -307,21 +328,19 @@ class db_helper if ($this->c->error) { $this->debug(E_ERROR); - } - elseif (LOG_LEVEL == E_DEBUG) { + } elseif (LOG_LEVEL == E_DEBUG) { $this->debug(E_DEBUG); } switch ($this->query_type) { case self::SELECT_COUNT: - if (!is_a($this->result, 'mysqli_result')) { + if (! is_a($this->result, 'mysqli_result')) { $this->debug(E_ERROR); } if ($this->result->num_rows == 1) { $res = $this->result->fetch_assoc()['count']; - } - elseif ($this->result->num_rows > 1) { + } elseif ($this->result->num_rows > 1) { $res = $this->result->num_rows; } @@ -329,14 +348,13 @@ class db_helper return $res; case self::SELECT: - if (!is_a($this->result, 'mysqli_result')) { + if (! is_a($this->result, 'mysqli_result')) { $this->debug(E_ERROR); } if ($this->result->num_rows == 1) { $res = $this->result->fetch_array($return_type); - } - elseif ($this->result->num_rows > 1) { + } elseif ($this->result->num_rows > 1) { $res = $this->fetch_all($return_type); } @@ -351,8 +369,7 @@ class db_helper if ($this->c->insert_id) { return $this->c->insert_id; - } - elseif ($this->c->affected_rows) { + } elseif ($this->c->affected_rows) { return $this->c->affected_rows; } @@ -366,15 +383,12 @@ class db_helper case self::ALTER_TABLE: if ($this->c->error && $this->c->errno == 1060) { return ($this->c->affected_rows ? $this->c->affected_rows : true); - } - elseif ($this->c->error) { + } elseif ($this->c->error) { $this->debug(E_ERROR); return false; - } - elseif ($this->c->affected_rows) { + } elseif ($this->c->affected_rows) { return $this->c->affected_rows; - } - else { + } else { return true; } @@ -389,8 +403,9 @@ class db_helper /** * Function to pass through calling the query function (used for backwards compatibility and for more complex queries that aren't currently supported) * - * @param string $sql [optional] - * Optional query to pass in and execute + * @param string $sql + * [optional] + * Optional query to pass in and execute * * @return mysqli_result */ @@ -398,8 +413,7 @@ class db_helper { if (is_null($sql)) { return $this->c->query($this->sql); - } - else { + } else { return $this->c->query($sql); } } @@ -408,13 +422,16 @@ class db_helper * A function to build a select query * * @param string $table_name - * The table to query - * @param array $fields [optional] - * Optional array of fields to return (defaults to '*') - * @param array $where [optional] - * Optional 2-dimensional array to build where clause from - * @param array $flags [optional] - * Optional 2-dimensional array to allow other flags + * The table to query + * @param array $fields + * [optional] + * Optional array of fields to return (defaults to '*') + * @param array $where + * [optional] + * Optional 2-dimensional array to build where clause from + * @param array $flags + * [optional] + * Optional 2-dimensional array to allow other flags * * @see db_helper::where() * @see db_helper::flags() @@ -423,13 +440,12 @@ class db_helper */ public function select($table_name, $fields = null, $where = null, $flags = null) { - $this->sql = null; + $this->sql = null; $this->query_type = self::SELECT; - if (!is_null($table_name) && is_string($table_name)) { + if (! is_null($table_name) && is_string($table_name)) { $this->sql = "SELECT " . $this->fields($fields) . " FROM $table_name"; - } - else { + } else { return null; } @@ -437,11 +453,11 @@ class db_helper $this->sql .= " " . implode(" ", $flags['table_joins']); } - if (!is_null($where) && is_array($where) && count($where)) { + if (! is_null($where) && is_array($where) && count($where)) { $this->sql .= $this->where($where); } - if (!is_null($flags) && is_array($flags) && count($flags)) { + if (! is_null($flags) && is_array($flags) && count($flags)) { $this->sql .= $this->flags($flags); } @@ -456,11 +472,13 @@ class db_helper * Function to build a query to check the number of rows in a table * * @param string $table_name - * The table to query - * @param array $where [optional] - * Optional 2-dimensional array to build where clause - * @param array $flags [optional] - * Optional 2-dimensional array to add flags + * The table to query + * @param array $where + * [optional] + * Optional 2-dimensional array to build where clause + * @param array $flags + * [optional] + * Optional 2-dimensional array to add flags * * @see db_helper::where() * @see db_helper::flags() @@ -469,13 +487,12 @@ class db_helper */ public function select_count($table_name, $where = null, $flags = null) { - $this->sql = null; + $this->sql = null; $this->query_type = self::SELECT_COUNT; - if (!is_null($table_name) && is_string($table_name)) { + if (! is_null($table_name) && is_string($table_name)) { $this->sql = "SELECT COUNT(1) AS 'count' FROM $table_name"; - } - else { + } else { return null; } @@ -483,11 +500,11 @@ class db_helper $this->sql .= " " . implode(" ", $flags['table_joins']); } - if (!is_null($where) && is_array($where) && count($where)) { + if (! is_null($where) && is_array($where) && count($where)) { $this->sql .= $this->where($where); } - if (!is_null($flags) && is_array($flags) && count($flags)) { + if (! is_null($flags) && is_array($flags) && count($flags)) { $this->sql .= $this->flags($flags); } @@ -502,25 +519,28 @@ class db_helper * Function to build an insert query statement * * @param string $table_name - * Table name to query + * Table name to query * @param array $params - * Name/value pair to insert into the table - * @param boolean $to_ignore [optional] - * Optional boolean to decide if the "IGNORE" will be added + * Name/value pair to insert into the table + * @param boolean $to_ignore + * [optional] + * Optional boolean to decide if the "IGNORE" will be added * * @return string|NULL */ public function insert($table_name, $params, $to_ignore = false) { - $this->sql = null; + $this->sql = null; $this->query_type = self::INSERT; - if (!is_null($table_name) && is_string($table_name)) { - $this->sql = "INSERT " . ($to_ignore ? "IGNORE " : "") . "INTO $table_name " . - "(`" . implode("`,`", array_keys($params)) . "`)"; + if (! is_null($table_name) && is_string($table_name)) { + $this->sql = "INSERT " . ($to_ignore ? "IGNORE " : "") . "INTO $table_name " . "(`" . implode("`,`", array_keys($params)) . "`)"; } - $this->sql .= " VALUES (" . implode(",", array_map([$this, '_escape'], array_values($params))) . ")"; + $this->sql .= " VALUES (" . implode(",", array_map([ + $this, + '_escape' + ], array_values($params))) . ")"; if (AUTORUN) { return $this->execute(MYSQLI_BOTH); @@ -533,49 +553,51 @@ class db_helper * Function to create an extended insert query statement * * @param string $table_name - * The table name that the data is going to be inserted on + * The table name that the data is going to be inserted on * @param array $fields - * An array of field names that each value represents + * An array of field names that each value represents * @param array $params - * An array of array of values - * @param boolean $to_ignore [optional] - * Boolean to decide if we need to use the INSERT IGNORE INTO syntax + * An array of array of values + * @param boolean $to_ignore + * [optional] + * Boolean to decide if we need to use the INSERT IGNORE INTO syntax * - * @return NULL|string - * Returns the SQL if AUTORUN is set to false, else it returns the output from running. + * @return NULL|string Returns the SQL if AUTORUN is set to false, else it returns the output from running. */ public function extended_insert($table_name, $fields, $params, $to_ignore = false) { - $this->sql = null; + $this->sql = null; $this->query_type = self::EXTENDED_INSERT; - if (!is_null($table_name) && is_string($table_name)) { - $this->sql = "INSERT " . ($to_ignore ? "IGNORE " : "") . "INTO $table_name " . - "(`" . implode("`,`", $fields) . "`)"; - } - else { - throw(new Exception("Missing table name in extended_insert", E_ERROR)); + if (! is_null($table_name) && is_string($table_name)) { + $this->sql = "INSERT " . ($to_ignore ? "IGNORE " : "") . "INTO $table_name " . "(`" . implode("`,`", $fields) . "`)"; + } else { + throw (new Exception("Missing table name in extended_insert", E_ERROR)); } if (is_array($params) && count($params)) { $this->sql .= " VALUES "; if (isset($params[0]) && is_array($params[0])) { foreach ($params as $p) { - $this->sql .= "(" . implode(",", array_map([$this, '_escape'], array_values($p))) . "),"; + $this->sql .= "(" . implode(",", array_map([ + $this, + '_escape' + ], array_values($p))) . "),"; } - } - else { + } else { if (count($params) != count($fields)) { - throw(new Exception("Inconsistent number of fields in fields and values")); + throw (new Exception("Inconsistent number of fields in fields and values")); } - $this->sql .= "(" . implode("),(", array_map([$this, '_escape'], array_values($params))) . "),"; + $this->sql .= "(" . implode("),(", array_map([ + $this, + '_escape' + ], array_values($params))) . "),"; } - } - else { + } else { throw new \InvalidArgumentException("Expected array parameters"); } - $this->sql = substr($this->sql, 0, -1); + $this->sql = substr($this->sql, 0, - 1); if (AUTORUN) { return $this->execute(MYSQLI_BOTH); @@ -588,13 +610,15 @@ class db_helper * Build a statement to update a table * * @param string $table_name - * The table name to update + * The table name to update * @param array $params - * Name/value pairs of the field name and value - * @param array $where [optional] - * Two-dimensional array to create where clause - * @param array $flags [optional] - * Two-dimensional array to create other flag options (table_joins, order, and group) + * Name/value pairs of the field name and value + * @param array $where + * [optional] + * Two-dimensional array to create where clause + * @param array $flags + * [optional] + * Two-dimensional array to create other flag options (table_joins, order, and group) * * @see db_helper::where() * @see db_helper::flags() @@ -603,10 +627,10 @@ class db_helper */ public function update($table_name, $params, $where = null, $flags = null) { - $this->sql = "UPDATE "; + $this->sql = "UPDATE "; $this->query_type = self::UPDATE; - if (!is_null($table_name) && is_string($table_name)) { + if (! is_null($table_name) && is_string($table_name)) { $this->sql .= $table_name; if (isset($flags['table_joins'])) { @@ -618,28 +642,24 @@ class db_helper } foreach ($params as $f => $p) { - if ((strpos($f, "`") === false) && - (strpos($f, ".") === false) && - (strpos($f, "*") === false) && - (stripos($f, " as ") === false)) { + if ((strpos($f, "`") === false) && (strpos($f, ".") === false) && (strpos($f, "*") === false) && (stripos($f, " as ") === false)) { $f = "`{$f}`"; } - if (!is_null($p)) { + if (! is_null($p)) { $this->sql .= "$f={$this->_escape($p)},"; - } - else { + } else { $this->sql .= "$f=NULL,"; } } - $this->sql = substr($this->sql, 0, -1); + $this->sql = substr($this->sql, 0, - 1); - if (!is_null($where) && is_array($where) && count($where)) { + if (! is_null($where) && is_array($where) && count($where)) { $this->sql .= $this->where($where); } - if (!is_null($flags) && is_array($flags) && count($flags)) { + if (! is_null($flags) && is_array($flags) && count($flags)) { $this->sql .= $this->flags($flags); } @@ -654,23 +674,23 @@ class db_helper * Function to offer an extended updated functionality by using two different tables. * * @param string $to_be_updated - * The table that you want to update (alias 'tbu' is automatically added) + * The table that you want to update (alias 'tbu' is automatically added) * @param string $original - * The table with the data you want to overwrite to_be_updated table (alias 'o' is automatically added) + * The table with the data you want to overwrite to_be_updated table (alias 'o' is automatically added) * @param string $using - * The common index value between them that will join the fields + * The common index value between them that will join the fields * @param array|string $params - * If string only a single field is updated (tbu.$params = o.$params) - * If array each element in the array is a field to be updated (tbu.$param = o.$param) + * If string only a single field is updated (tbu.$params = o.$params) + * If array each element in the array is a field to be updated (tbu.$param = o.$param) * * @return mixed */ public function extended_update($to_be_updated, $original, $using, $params) { - $this->sql = "UPDATE "; + $this->sql = "UPDATE "; $this->query_type = self::EXTENDED_UPDATE; - if (!is_null($to_be_updated) && !is_null($original) && !is_null($using)) { + if (! is_null($to_be_updated) && ! is_null($original) && ! is_null($using)) { $this->sql .= "$to_be_updated tbu INNER JOIN $original o USING ($using) SET "; } @@ -678,13 +698,11 @@ class db_helper foreach ($params as $param) { $this->sql .= "tbu.$param = o.$param,"; } - $this->sql = substr($this->sql, 0, -1); - } - elseif (is_string($params)) { + $this->sql = substr($this->sql, 0, - 1); + } elseif (is_string($params)) { $this->sql .= "tbu.$params = o.$params"; - } - else { - throw(new Exception("Do not understand datatype of \$params", E_ERROR)); + } else { + throw (new Exception("Do not understand datatype of \$params", E_ERROR)); } if (AUTORUN) { @@ -698,23 +716,25 @@ class db_helper * Function to build a replace query * * @param string $table_name - * The table to update + * The table to update * @param array $params - * Name/value pair to insert + * Name/value pair to insert * * @return NULL|string */ public function replace($table_name, $params) { - $this->sql = null; + $this->sql = null; $this->query_type = self::REPLACE; - if (!is_null($table_name) && is_string($table_name)) { - $this->sql = "REPLACE INTO $table_name " . - "(`" . implode("`,`", array_keys($params)) . "`)"; + if (! is_null($table_name) && is_string($table_name)) { + $this->sql = "REPLACE INTO $table_name " . "(`" . implode("`,`", array_keys($params)) . "`)"; } - $this->sql .= " VALUES (" . implode(",", array_map(array($this, '_escape'), array_values($params))) . ")"; + $this->sql .= " VALUES (" . implode(",", array_map(array( + $this, + '_escape' + ), array_values($params))) . ")"; if (AUTORUN) { return $this->execute(MYSQLI_BOTH); @@ -727,35 +747,36 @@ class db_helper * Function to build an extended replace statement * * @param string $table_name - * Table name to update + * Table name to update * @param array $fields - * Array of fields + * Array of fields * @param array $params - * Two-dimensional array of values + * Two-dimensional array of values * * @return NULL|string */ public function extended_replace($table_name, $fields, $params) { - $this->sql = null; + $this->sql = null; $this->query_type = self::EXTENDED_REPLACE; - if (!is_null($table_name) && is_string($table_name)) { - $this->sql = "REPLACE INTO $table_name " . - "(`" . implode("`,`", $fields) . "`)"; - } - else { + if (! is_null($table_name) && is_string($table_name)) { + $this->sql = "REPLACE INTO $table_name " . "(`" . implode("`,`", $fields) . "`)"; + } else { return null; } if (is_array($params) && count($params)) { $this->sql .= " VALUES "; foreach ($params as $p) { - $this->sql .= "(" . implode(",", array_map(array($this, '_escape'), array_values($p))) . "),"; + $this->sql .= "(" . implode(",", array_map(array( + $this, + '_escape' + ), array_values($p))) . "),"; } } - $this->sql = substr($this->sql, 0, -1); + $this->sql = substr($this->sql, 0, - 1); if (AUTORUN) { return $this->execute(MYSQLI_BOTH); @@ -768,13 +789,16 @@ class db_helper * Function to build a delete statement * * @param string $table_name - * Table name to act on - * @param array $fields [optional] - * Optional list of fields to delete (used when including multiple tables) - * @param array $where [optional] - * Optional 2-dimensional array to build where clause from - * @param array $table_joins [optional] - * Optional 2-dimensional array to add other flags + * Table name to act on + * @param array $fields + * [optional] + * Optional list of fields to delete (used when including multiple tables) + * @param array $where + * [optional] + * Optional 2-dimensional array to build where clause from + * @param array $table_joins + * [optional] + * Optional 2-dimensional array to add other flags * * @see db_helper::where() * @see db_helper::flags() @@ -783,25 +807,24 @@ class db_helper */ public function delete($table_name, $fields = null, $where = null, $table_joins = null) { - $this->sql = "DELETE"; + $this->sql = "DELETE"; $this->query_type = self::DELETE; - if (!is_null($fields) && is_array($fields)) { + if (! is_null($fields) && is_array($fields)) { $this->sql .= " " . implode(",", $fields); } - if (!is_null($table_name) && is_string($table_name)) { + if (! is_null($table_name) && is_string($table_name)) { $this->sql .= " FROM $table_name"; - } - else { - throw(new Exception("Failed to create delete query, no table name")); + } else { + throw (new Exception("Failed to create delete query, no table name")); } - if (!is_null($table_joins) && is_array($table_joins) && count($table_joins)) { + if (! is_null($table_joins) && is_array($table_joins) && count($table_joins)) { $this->sql .= " " . implode(" ", $table_joins); } - if (!is_null($where) && is_array($where) && count($where)) { + if (! is_null($where) && is_array($where) && count($where)) { $this->sql .= $this->where($where); } @@ -816,20 +839,21 @@ class db_helper * Function to build a drop table statement (automatically executes) * * @param string $schema - * Schema the table resides in + * Schema the table resides in * @param string $table_name - * Table to drop - * @param boolean $is_tmp [optional] - * Optional boolean if this is a temporary table + * Table to drop + * @param boolean $is_tmp + * [optional] + * Optional boolean if this is a temporary table * * @return string|NULL */ public function drop($schema, $table_name, $is_tmp = false) { - $this->sql = null; + $this->sql = null; $this->query_type = self::DROP; - if (!is_null($table_name) && is_string($table_name)) { + if (! is_null($table_name) && is_string($table_name)) { $this->sql = "DROP " . ($is_tmp ? "TEMPORARY " : "") . "TABLE IF EXISTS `$schema`.`$table_name`"; } @@ -840,16 +864,16 @@ class db_helper * Function to build a truncate table statement (automatically executes) * * @param string $table_name - * Table to truncate + * Table to truncate * * @return string|NULL */ public function truncate($table_name) { - $this->sql = null; + $this->sql = null; $this->query_type = self::TRUNCATE; - if (!is_null($table_name) && is_string($table_name)) { + if (! is_null($table_name) && is_string($table_name)) { $this->sql = "TRUNCATE TABLE $table_name"; } @@ -860,13 +884,15 @@ class db_helper * Function to build a create temporary table statement * * @param string $table_name - * Name to give the table when creating - * @param boolean $is_tmp [optional] - * Optional boolean to make the table a temporary table - * @param mixed $select [optional] - * Optional parameter if null uses last built statement - * If string, will be made the SQL statement executed to create the table - * If array, 2-dimensional array with "field", "datatype" values to build table fields + * Name to give the table when creating + * @param boolean $is_tmp + * [optional] + * Optional boolean to make the table a temporary table + * @param mixed $select + * [optional] + * Optional parameter if null uses last built statement + * If string, will be made the SQL statement executed to create the table + * If array, 2-dimensional array with "field", "datatype" values to build table fields * * @return NULL|string */ @@ -874,20 +900,17 @@ class db_helper { $this->query_type = self::CREATE_TABLE; - if (is_null($select) && !is_null($this->sql) && substr($this->sql, 0, 6) == 'SELECT') { + if (is_null($select) && ! is_null($this->sql) && substr($this->sql, 0, 6) == 'SELECT') { $this->sql = "CREATE " . ($is_tmp ? "TEMPORARY" : "") . " TABLE IF NOT EXISTS $table_name AS ($this->sql)"; } - if (!is_null($table_name) && is_string($table_name) && is_string($select)) { + if (! is_null($table_name) && is_string($table_name) && is_string($select)) { $this->sql = "CREATE " . ($is_tmp ? "TEMPORARY" : "") . " TABLE IF NOT EXISTS $table_name AS ($select)"; - } - elseif (!is_null($table_name) && is_string($table_name) && is_array($select)) { + } elseif (! is_null($table_name) && is_string($table_name) && is_array($select)) { $this->sql = "CREATE " . ($is_tmp ? "TEMPORARY" : "") . " TABLE IF NOT EXISTS $table_name ("; foreach ($select as $field) { - $this->sql .= "{$field['field']} {$field['datatype']}" . - (isset($field['default']) ? " {$field['default']}" : '') . - (isset($field['option']) ? " {$field['option']}" : '') . ","; + $this->sql .= "{$field['field']} {$field['datatype']}" . (isset($field['default']) ? " {$field['default']}" : '') . (isset($field['option']) ? " {$field['option']}" : '') . ","; } - $this->sql = substr($this->sql, 0, -1) . ")"; + $this->sql = substr($this->sql, 0, - 1) . ")"; } if (AUTORUN) { @@ -921,12 +944,10 @@ class db_helper if ($field->nn) { $this->sql .= " NOT NULL"; - } - else { + } else { if ($field->default === null) { $this->sql .= " DEFAULT NULL"; - } - elseif (strlen($field->default)) { + } elseif (strlen($field->default)) { $this->sql .= " DEFAULT '{$field->default}'"; } } @@ -944,11 +965,7 @@ class db_helper if (isset($json->constraints) && is_array($json->constraints) && count($json->constraints)) { foreach ($json->constraints as $con) { - $this->sql .= ", CONSTRAINT `{$con->id}` " . - "FOREIGN KEY (`{$con->local}`) " . - "REFERENCES `{$con->schema}`.`{$con->table}` (`{$con->field}`) " . - "ON DELETE " . (is_null($con->delete) ? "NO ACTION" : strtoupper($con->delete)) . " " . - "ON UPDATE " . (is_null($con->update) ? "NO ACTION" : strtoupper($con->update)); + $this->sql .= ", CONSTRAINT `{$con->id}` " . "FOREIGN KEY (`{$con->local}`) " . "REFERENCES `{$con->schema}`.`{$con->table}` (`{$con->field}`) " . "ON DELETE " . (is_null($con->delete) ? "NO ACTION" : strtoupper($con->delete)) . " " . "ON UPDATE " . (is_null($con->update) ? "NO ACTION" : strtoupper($con->update)); } } @@ -958,9 +975,8 @@ class db_helper if (isset($json->primary_key) && is_array($json->primary_key) && count($json->primary_key)) { $this->sql .= ", PRIMARY KEY(`" . implode("`,`", $json->primary_key) . "`))"; - } - else { - $this->sql = substr($this->sql, 0, -1) . ")"; + } else { + $this->sql = substr($this->sql, 0, - 1) . ")"; } $this->execute(); @@ -970,40 +986,35 @@ class db_helper * Function to alter a existing table * * @param string $table_name - * Table to alter + * Table to alter * @param string $action - * What action should be taken ('add-column', 'drop-column', 'modify-column') - * @param array $params [optional] - * Optional 2-dimensional array of parameters to act on. $action will dictate what parameters need to be present + * What action should be taken ('add-column', 'drop-column', 'modify-column') + * @param array $params + * [optional] + * Optional 2-dimensional array of parameters to act on. $action will dictate what parameters need to be present * * @return mixed */ public function alter_table($table_name, $action, $params) { $this->query_type = self::ALTER_TABLE; - $this->sql = "ALTER TABLE $table_name "; + $this->sql = "ALTER TABLE $table_name "; if ($action == 'add-column') { - $nn = ($params->nn ? " NOT NULL" : ""); + $nn = ($params->nn ? " NOT NULL" : ""); $default = null; if ($params->default === null) { $default = " DEFAULT NULL"; - } - elseif (strlen($params->default)) { + } elseif (strlen($params->default)) { $default = " DEFAULT '{$params->default}'"; } - $this->sql .= "ADD COLUMN {$params->name} {$params->dataType}" . - $nn . $default; - } - elseif ($action == 'drop-column') { + $this->sql .= "ADD COLUMN {$params->name} {$params->dataType}" . $nn . $default; + } elseif ($action == 'drop-column') { $this->sql .= "DROP COLUMN "; foreach ($params as $col) { $this->sql .= "{$col['name']},"; } - $this->sql = substr($this->sql, 0, -1); - } - elseif ($action == 'modify-column') { - - } + $this->sql = substr($this->sql, 0, - 1); + } elseif ($action == 'modify-column') {} $this->debug(E_DEBUG); @@ -1014,14 +1025,13 @@ class db_helper * Check to see if a field in a table exists * * @param string $schema - * Schema that contains tables + * Schema that contains tables * @param string $table_name - * Table to check + * Table to check * @param string $field_name - * Field name to find + * Field name to find * - * @return boolean - * Returns TRUE if field is found in that schema and table, otherwise FALSE + * @return boolean Returns TRUE if field is found in that schema and table, otherwise FALSE */ public function field_exists($schema, $table_name, $field_name) { @@ -1042,11 +1052,12 @@ class db_helper * Function to get the column data (datatype, flags, defaults, etc) * * @param string $schema - * Schema to search for table in + * Schema to search for table in * @param string $table_name - * Table to query - * @param mixed $field [optional] - * Optional field to retrieve data (if null, returns data from all fields) + * Table to query + * @param mixed $field + * [optional] + * Optional field to retrieve data (if null, returns data from all fields) * * @return array */ @@ -1056,14 +1067,11 @@ class db_helper if (is_null($field)) { $res = $this->c->query("SELECT * FROM $table_name LIMIT 1"); - } - elseif (is_array($field)) { + } elseif (is_array($field)) { $res = $this->c->query("SELECT `" . implode("`,`", $field) . "` FROM $table_name LIMIT 1"); - } - elseif (is_string($field)) { + } elseif (is_string($field)) { $res = $this->c->query("SELECT $field FROM $table_name LIMIT 1"); - } - else { + } else { return null; } @@ -1092,44 +1100,36 @@ class db_helper public function field_check($field_data, $check, $pks, $index) { $default = null; - $ret = null; + $ret = null; $nn = ($check->nn ? " NOT NULL" : null); if ($check->default === null) { $default = " DEFAULT NULL"; - } - elseif (strlen($check->default)) { + } elseif (strlen($check->default)) { $default = " DEFAULT '{$check->default}'"; } if ($field_data->type != $check->type && $check->type != MYSQLI_TYPE_ENUM) { $this->debug("{$field_data->name} wrong datatype, changing to {$check->dataType}"); - $ret = " CHANGE COLUMN `{$field_data->name}` `{$check->name}` {$check->dataType}" . - "{$nn}{$default}"; - } - elseif (!is_null($check->length) && $field_data->length != $check->length) { + $ret = " CHANGE COLUMN `{$field_data->name}` `{$check->name}` {$check->dataType}" . "{$nn}{$default}"; + } elseif (! is_null($check->length) && $field_data->length != $check->length) { $this->debug("{$field_data->name} incorrect size ({$field_data->length} != {$check->length})"); - $ret = " CHANGE COLUMN `{$field_data->name}` `{$check->name}` {$check->dataType}" . - "{$nn}{$default}"; - } - elseif ($check->type == MYSQLI_TYPE_ENUM && !($field_data->flags & MYSQLI_ENUM_FLAG)) { - $ret = " CHANGE COLUMN `{$field_data->name}` `{$check->name}` {$check->dataType}('" . implode("','", $check->values) . "')" . - "{$nn}{$default}"; + $ret = " CHANGE COLUMN `{$field_data->name}` `{$check->name}` {$check->dataType}" . "{$nn}{$default}"; + } elseif ($check->type == MYSQLI_TYPE_ENUM && ! ($field_data->flags & MYSQLI_ENUM_FLAG)) { + $ret = " CHANGE COLUMN `{$field_data->name}` `{$check->name}` {$check->dataType}('" . implode("','", $check->values) . "')" . "{$nn}{$default}"; } - if (!is_null($index) && is_array($index) && count($index)) { + if (! is_null($index) && is_array($index) && count($index)) { foreach ($index as $ind) { - if ($check->name == $ind->ref && !($field_data->flags & MYSQLI_MULTIPLE_KEY_FLAG)) { + if ($check->name == $ind->ref && ! ($field_data->flags & MYSQLI_MULTIPLE_KEY_FLAG)) { $this->debug("{$field_data->name} is not an index"); - $ret .= ($ret ? "," : "") . - " ADD INDEX `{$ind->id}` (`{$ind->ref}` ASC)"; + $ret .= ($ret ? "," : "") . " ADD INDEX `{$ind->id}` (`{$ind->ref}` ASC)"; } } } - if (in_array($check->name, $pks) && !($field_data->flags & MYSQLI_PRI_KEY_FLAG)) { - $ret .= ($ret ? "," : "") . - " DROP PRIMARY KEY, ADD PRIMARY KEY(`" . implode("`,`", $pks) . "`)"; + if (in_array($check->name, $pks) && ! ($field_data->flags & MYSQLI_PRI_KEY_FLAG)) { + $ret .= ($ret ? "," : "") . " DROP PRIMARY KEY, ADD PRIMARY KEY(`" . implode("`,`", $pks) . "`)"; } return $ret; @@ -1139,12 +1139,11 @@ class db_helper * Function to check for the existence of a table within a schema * * @param string $schema - * Schema to search for table + * Schema to search for table * @param string $table_name - * Table to search for + * Table to search for * - * @return boolean - * Returns TRUE if table is found in that schema, otherwise FALSE + * @return boolean Returns TRUE if table is found in that schema, otherwise FALSE */ public function table_exists($schema, $table_name) { @@ -1174,42 +1173,34 @@ class db_helper * Function to escape SQL characters to prevent SQL injection * * @param mixed $val - * Value to escape + * Value to escape * - * @return string - * Escaped value + * @return string Escaped value */ public function _escape($val) { if (is_null($val)) { return 'NULL'; - } - elseif (is_numeric($val) || is_string($val)) { + } elseif (is_numeric($val) || is_string($val)) { if ($this->isJson($val)) { return "'{$this->c->real_escape_string($val)}'"; - } - elseif (strtolower($val) == 'now()') { + } elseif (strtolower($val) == 'now()') { return $val; - } - elseif (preg_match("/\.`\w+`/", $val)) { + } elseif (preg_match("/\.`\w+`/", $val)) { return $val; } return "'{$this->c->real_escape_string($val)}'"; - } - elseif (is_a($val, 'DateTime')) { + } elseif (is_a($val, 'DateTime')) { return "'{$val->format(MYSQL_DT_FORMAT)}'"; - } - elseif (is_bool($val)) { + } elseif (is_bool($val)) { return $val ? "'1'" : "'0'"; - } - elseif (gettype($val) == 'object') { + } elseif (gettype($val) == 'object') { $this->debug(E_ERROR, "Unknown object to escape " . get_class($val) . " in SQL string {$this->sql}"); - } - else { + } else { $this->debug(E_ERROR, "Unknown datatype to escape in SQL string {$this->sql} " . gettype($val)); } - throw(new Exception("Unknown datatype to escape in SQL string {$this->sql} " . gettype($val), E_ERROR)); + throw (new Exception("Unknown datatype to escape in SQL string {$this->sql} " . gettype($val), E_ERROR)); } /** @@ -1222,10 +1213,9 @@ class db_helper public function fetch_all($resulttype = MYSQLI_ASSOC) { $res = []; - if (method_exists('mysqli_result', 'fetch_all')) { # Compatibility layer with PHP < 5.3 + if (method_exists('mysqli_result', 'fetch_all')) { // Compatibility layer with PHP < 5.3 $res = $this->result->fetch_all($resulttype); - } - else { + } else { while ($tmp = $this->result->fetch_array($resulttype)) { $res[] = $tmp; } @@ -1266,17 +1256,12 @@ class db_helper $errmsg = $this->sql; } - file_put_contents(realpath(LOG_PATH . '/db.log'), "{$dt->format(DATE_ISO8601)}\t" . - "$err_lvl\t" . - "Executing: $this->query_type\t" . - "SQL: {$errmsg}" . PHP_EOL, FILE_APPEND); + file_put_contents(realpath(LOG_PATH . '/db.log'), "{$dt->format(DATE_ISO8601)}\t" . "$err_lvl\t" . "Executing: $this->query_type\t" . "SQL: {$errmsg}" . PHP_EOL, FILE_APPEND); if ($errno == E_DEBUG && $this->result && LOG_LEVEL == E_DEBUG && is_a($this->result, 'mysqli_result')) { file_put_contents(realpath(LOG_PATH . '/db.debug'), print_r($this->result, true), FILE_APPEND); - } - elseif ($errno == E_ERROR && $this->c->error) { - file_put_contents(realpath(LOG_PATH . '/db.err'), "{$dt->format(DATE_ISO8601)}\t" . - "{$this->c->error}" . PHP_EOL, FILE_APPEND); + } elseif ($errno == E_ERROR && $this->c->error) { + file_put_contents(realpath(LOG_PATH . '/db.err'), "{$dt->format(DATE_ISO8601)}\t" . "{$this->c->error}" . PHP_EOL, FILE_APPEND); error_log($this->c->error); die($this->c->error); } @@ -1285,8 +1270,9 @@ class db_helper /** * Function to populate the fields for the SQL * - * @param array $fields [optional] - * Optional array of fields to string together to create a field list + * @param array $fields + * [optional] + * Optional array of fields to string together to create a field list * * @return string */ @@ -1296,19 +1282,14 @@ class db_helper if (is_array($fields) && count($fields)) { foreach ($fields as $field) { - if ((strpos($field, '`') === false) && - (strpos($field, '.') === false) && - (strpos($field, '*') === false) && - (stripos($field, ' as ') === false)) { + if ((strpos($field, '`') === false) && (strpos($field, '.') === false) && (strpos($field, '*') === false) && (stripos($field, ' as ') === false)) { $str_fields .= "`$field`,"; - } - else { + } else { $str_fields .= "$field,"; } } - $str_fields = substr($str_fields, 0, -1); - } - elseif (is_null($fields)) { + $str_fields = substr($str_fields, 0, - 1); + } elseif (is_null($fields)) { $str_fields = "*"; } @@ -1319,27 +1300,27 @@ class db_helper * Function to create the where statement for the SQL * * @param array $where - * Two-dimensional array to use to build the where clause + * Two-dimensional array to use to build the where clause * - * - * array(
- *   array(
- *     'field' => 'field_name',
- *     'op' => '=', // (common operations or IN, BETWEEN, LIKE, NOT_LIKE, IS, & IS_NOT constants)
- *     'value' => 'field_value',
- *     'sql_op' => 'AND', // NOT required for first element (common SQL operators AND, OR, NOR)
- *     'open-paren' => true, // optional to add a paren '(' BEFORE clause
- *     'close-paren' => true, // optional to add a paren ')' AFTER clause
- *     'low' => '1', // LOW value only used in BETWEEN clause
- *     'high' => '100', // HIGH value only used in BETWEEN clause
- *     'case_insensitive' => true // optional boolean to set the parameters to LOWER to do case insenstive comparison - *   ),
- *   array(
- *     ...
- *   ),
- *   ...
- * ) - *
+ * + * array(
+ *   array(
+ *     'field' => 'field_name',
+ *     'op' => '=', // (common operations or IN, BETWEEN, LIKE, NOT_LIKE, IS, & IS_NOT constants)
+ *     'value' => 'field_value',
+ *     'sql_op' => 'AND', // NOT required for first element (common SQL operators AND, OR, NOR)
+ *     'open-paren' => true, // optional to add a paren '(' BEFORE clause
+ *     'close-paren' => true, // optional to add a paren ')' AFTER clause
+ *     'low' => '1', // LOW value only used in BETWEEN clause
+ *     'high' => '100', // HIGH value only used in BETWEEN clause
+ *     'case_insensitive' => true // optional boolean to set the parameters to LOWER to do case insenstive comparison + *   ),
+ *   array(
+ *     ...
+ *   ),
+ *   ...
+ * ) + *
* * @return string */ @@ -1348,11 +1329,10 @@ class db_helper $ret = " WHERE"; foreach ($where as $x => $w) { - if (!isset($w['field']) && isset($w['close-paren']) && $w['close-paren']) { + if (! isset($w['field']) && isset($w['close-paren']) && $w['close-paren']) { $ret .= ")"; continue; - } - elseif (!isset($w['field']) || ($x > 0 && !isset($w['sql_op']))) { + } elseif (! isset($w['field']) || ($x > 0 && ! isset($w['sql_op']))) { continue; } @@ -1364,51 +1344,47 @@ class db_helper $ret .= " ("; } - if ((strpos($w['field'], '`') === false) && - (strpos($w['field'], '.') === false) && - (strpos($w['field'], '*') === false) && - (stripos($w['field'], ' as ') === false)) { + if ((strpos($w['field'], '`') === false) && (strpos($w['field'], '.') === false) && (strpos($w['field'], '*') === false) && (stripos($w['field'], ' as ') === false)) { $field = "`{$w['field']}`"; - } - else { + } else { $field = $w['field']; } $not = null; - if (isset($w['op']) && in_array($w['op'], array(IS_NOT, NOT_LIKE, NOT_IN))) { + if (isset($w['op']) && in_array($w['op'], array( + IS_NOT, + NOT_LIKE, + NOT_IN + ))) { $not = ' NOT'; } if (isset($w['op']) && ($w['op'] == LIKE || $w['op'] == NOT_LIKE)) { $ret .= " {$field}{$not} LIKE {$w['value']}"; - } - elseif (isset($w['op']) && ($w['op'] == IN || $w['op'] == NOT_IN) && is_string($w['value'])) { + } elseif (isset($w['op']) && ($w['op'] == IN || $w['op'] == NOT_IN) && is_string($w['value'])) { $ret .= " {$field}{$not} IN " . (strpos($w['value'], '(') !== false ? $w['value'] : "({$w['value']})"); - } - elseif (isset($w['op']) && ($w['op'] == IN || $w['op'] == NOT_IN) && is_array($w['value'])) { - $ret .= " {$field}{$not} IN (" . implode(",", array_map(array($this, '_escape'), $w['value'])) . ")"; - } - elseif (isset($w['op']) && $w['op'] == BETWEEN) { - if (!isset($w['low']) && !isset($w['high'])) { + } elseif (isset($w['op']) && ($w['op'] == IN || $w['op'] == NOT_IN) && is_array($w['value'])) { + $ret .= " {$field}{$not} IN (" . implode(",", array_map(array( + $this, + '_escape' + ), $w['value'])) . ")"; + } elseif (isset($w['op']) && $w['op'] == BETWEEN) { + if (! isset($w['low']) && ! isset($w['high'])) { continue; } $ret .= " {$field} BETWEEN {$this->_escape($w['low'])} AND {$this->_escape($w['high'])}"; - } - elseif (isset($w['op']) && ($w['op'] == IS || $w['op'] == IS_NOT)) { + } elseif (isset($w['op']) && ($w['op'] == IS || $w['op'] == IS_NOT)) { $ret .= " {$field} IS{$not} {$this->_escape($w['value'])}"; - } - else { + } else { $op = "="; if (isset($w['op'])) { $op = $w['op']; } if (isset($w['case_insensitive']) && $w['case_insensitive']) { $ret .= " LOWER({$field}) {$op} LOWER({$this->_escape($w['value'])})"; - } - elseif (preg_match("/\(SELECT/", $w['value'])) { + } elseif (preg_match("/\(SELECT/", $w['value'])) { $ret .= " {$field} {$op} {$w['value']}"; - } - else { + } else { $ret .= " {$field} {$op} {$this->_escape($w['value'])}"; } } @@ -1427,20 +1403,20 @@ class db_helper * Function to parse the flags * * @param array $flags - * Two-dimensional array to added flags + * Two-dimensional array to added flags * - * - * array( - *   'table_joins' => array( - *     "JOIN table2 t2 ON t2.id=t1.id" - *   ), - *   'group' => 'field', - *   'having' => 'field', - *   'order' => 'field', - *   'start' => 0, - *   'limit' => 0 - * ) - * + * + * array( + *   'table_joins' => array( + *     "JOIN table2 t2 ON t2.id=t1.id" + *   ), + *   'group' => 'field', + *   'having' => 'field', + *   'order' => 'field', + *   'start' => 0, + *   'limit' => 0 + * ) + * * * @see db_helper::groups() * @see db_helper::having() @@ -1491,8 +1467,7 @@ class db_helper foreach ($groups as $grp) { $ret .= " $grp"; } - } - elseif (is_string($groups)) { + } elseif (is_string($groups)) { $ret .= " GROUP BY {$groups}"; } @@ -1503,15 +1478,14 @@ class db_helper * Function to parse SQL HAVING statements * * @param mixed $having - * - * return string + * return string */ private function having($having) { $ret = " HAVING"; - $x = 0; + $x = 0; foreach ($having as $h) { - if (!isset($h['field']) || ($x > 0 && !isset($h['sql_op']))) { + if (! isset($h['field']) || ($x > 0 && ! isset($h['sql_op']))) { continue; } @@ -1521,27 +1495,21 @@ class db_helper if ($h['op'] == LIKE) { $ret .= " {$h['field']} LIKE {$h['value']}"; - } - elseif ($h['op'] == IN && is_string($h['value'])) { + } elseif ($h['op'] == IN && is_string($h['value'])) { $ret .= " {$h['field']} IN {$h['value']}"; - } - elseif ($h['op'] == IN && is_array($h['value'])) { + } elseif ($h['op'] == IN && is_array($h['value'])) { $ret .= " {$h['field']} IN ('" . implode("', '", $h['value']) . "')"; - } - elseif ($h['op'] == BETWEEN) { + } elseif ($h['op'] == BETWEEN) { $ret .= " {$h['field']} BETWEEN {$this->_escape($h['low'])} AND {$this->_escape($h['high'])}"; - } - elseif ($h['op'] == IS) { + } elseif ($h['op'] == IS) { $ret .= " {$h['field']} IS {$this->_escape($h['value'])}"; - } - elseif ($h['op'] == IS_NOT) { + } elseif ($h['op'] == IS_NOT) { $ret .= " {$h['field']} IS NOT {$this->_escape($h['value'])}"; - } - else { + } else { $ret .= " {$h['field']} {$h['op']} {$this->_escape($h['value'])}"; } - $x++; + $x ++; } return $ret; @@ -1564,9 +1532,8 @@ class db_helper $ret .= " {$ord['field']} {$ord['sort']},"; } - $ret = substr($ret, 0, -1); - } - elseif (is_string($order)) { + $ret = substr($ret, 0, - 1); + } elseif (is_string($order)) { $ret .= " ORDER BY {$order}"; } @@ -1586,17 +1553,15 @@ class db_helper return; } - if (!is_a($args[0], "mysqli")) { + if (! is_a($args[0], "mysqli")) { return; - } - else { + } else { $conn = $args[0]; } - if (!is_string($args[1])) { + if (! is_string($args[1])) { return; - } - else { + } else { $sql = $args[1]; } @@ -1607,12 +1572,12 @@ class db_helper } } - if (!$stmt = $conn->prepare($sql)) { + if (! $stmt = $conn->prepare($sql)) { print $conn->error . PHP_EOL; return; } - if (!$stmt->execute()) { + if (! $stmt->execute()) { print "Execution of prepared statement failed: (" . $stmt->errno . ") " . $stmt->error . PHP_EOL; return false; } @@ -1629,23 +1594,21 @@ class db_helper { $args = func_get_args(); $conn = null; - $ret = []; + $ret = []; if (is_array($args) && count($args) < 2) { return; } - if (!is_a($args[0], "mysqli")) { + if (! is_a($args[0], "mysqli")) { return; - } - else { + } else { $conn = $args[0]; } - if (!is_string($args[1])) { + if (! is_string($args[1])) { return; - } - else { + } else { $sql = $args[1]; } @@ -1656,40 +1619,42 @@ class db_helper } } - if (!$stmt = $conn->prepare($sql)) { + if (! $stmt = $conn->prepare($sql)) { print $conn->error . PHP_EOL; return; } - if (!$stmt->execute()) { + if (! $stmt->execute()) { print "Execution of prepared statement failed: (" . $stmt->errno . ") " . $stmt->error . PHP_EOL; return; } - $meta = $stmt->result_metadata(); - $fields = $fieldNames = []; + $meta = $stmt->result_metadata(); + $fields = $fieldNames = []; while ($field = $meta->fetch_field()) { - $fieldNames[] = $var = $field->name; - $$var = null; + $fieldNames[] = $var = $field->name; + $$var = null; $fields[$var] = &$$var; } $fieldCount = (is_array($fieldNames) ? count($fieldNames) : 0); - call_user_func_array(array($stmt, "bind_result"), $fields); + call_user_func_array(array( + $stmt, + "bind_result" + ), $fields); $i = 0; while ($stmt->fetch()) { - for ($r = 0; $r < $fieldCount; $r++) { + for ($r = 0; $r < $fieldCount; $r ++) { $ret[$i][$fieldNames[$r]] = $fields[$fieldNames[$r]]; } } if (is_array($ret) && count($ret) == 1) { return $ret[0]; - } - else { + } else { return $ret; } } @@ -1702,23 +1667,21 @@ class db_helper { $args = func_get_args(); $conn = null; - $sql = ''; + $sql = ''; if (is_array($args) && count($args) < 3) { return; } - if (!is_a($args[0], "mysqli")) { + if (! is_a($args[0], "mysqli")) { return; - } - else { + } else { $conn = $args[0]; } - if (!is_string($args[1])) { + if (! is_string($args[1])) { return; - } - else { + } else { $sql = $args[1]; } @@ -1757,26 +1720,106 @@ class db * Array of words to be removed */ private $DISALLOWED = array( - 'the', 'be', 'to', 'of', 'and', - 'a', 'in', 'that', 'have', 'I', - 'it', 'for', 'not', 'on', 'with', - 'he', 'as', 'you', 'do', 'at', - 'this', 'but', 'his', 'by', 'from', - 'they', 'we', 'say', 'her', 'she', - 'or', 'an', 'will', 'my', 'one', - 'all', 'would', 'there', 'their', 'what', - 'so', 'up', 'out', 'if', 'about', - 'who', 'get', 'which', 'go', 'me', - 'when', 'make', 'can', 'like', 'time', - 'no', 'just', 'him', 'know', 'take', - 'people', 'into', 'year', 'your', 'good', - 'some', 'could', 'them', 'see', 'other', - 'than', 'then', 'now', 'look', 'only', - 'come', 'its', 'over', 'think', 'also', - 'back', 'after', 'use', 'two', 'how', - 'our', 'work', 'first', 'well', 'way', - 'even', 'new', 'want', 'because', 'any', - 'these', 'give', 'day', 'most', 'us' + 'the', + 'be', + 'to', + 'of', + 'and', + 'a', + 'in', + 'that', + 'have', + 'I', + 'it', + 'for', + 'not', + 'on', + 'with', + 'he', + 'as', + 'you', + 'do', + 'at', + 'this', + 'but', + 'his', + 'by', + 'from', + 'they', + 'we', + 'say', + 'her', + 'she', + 'or', + 'an', + 'will', + 'my', + 'one', + 'all', + 'would', + 'there', + 'their', + 'what', + 'so', + 'up', + 'out', + 'if', + 'about', + 'who', + 'get', + 'which', + 'go', + 'me', + 'when', + 'make', + 'can', + 'like', + 'time', + 'no', + 'just', + 'him', + 'know', + 'take', + 'people', + 'into', + 'year', + 'your', + 'good', + 'some', + 'could', + 'them', + 'see', + 'other', + 'than', + 'then', + 'now', + 'look', + 'only', + 'come', + 'its', + 'over', + 'think', + 'also', + 'back', + 'after', + 'use', + 'two', + 'how', + 'our', + 'work', + 'first', + 'well', + 'way', + 'even', + 'new', + 'want', + 'because', + 'any', + 'these', + 'give', + 'day', + 'most', + 'us' ); /** @@ -1805,24 +1848,23 @@ class db /** * Constructor function to instantiate a new DB object and connection * - * @param bool $persistent [optional] + * @param bool $persistent + * [optional] */ public function __construct($persistent = false) { // attempt to create a new database connection $host = ($persistent ? "p:" : "") . DB_SERVER; if (class_exists('mysqli')) { - $pwd = self::decrypt_pwd(); + $pwd = self::decrypt_pwd(); $this->conn = new mysqli($host, 'web', $pwd, 'sagacity'); - } - else { + } else { die("Could not find the mysqli class"); } // if there is a problem output that if ($this->conn->connect_errno && $this->conn->connect_errno == 1045) { die("Invalid database username and/or password"); - } - elseif ($this->conn->connect_errno) { + } elseif ($this->conn->connect_errno) { error_log("Error connecting to " . DB_SERVER . " " . $this->conn->connect_error); die("Error connecting to " . DB_SERVER); } @@ -1841,12 +1883,12 @@ class db */ public static function decrypt_pwd() { - if (!file_exists(DOC_ROOT . "/" . PWD_FILE)) { + if (! file_exists(DOC_ROOT . "/" . PWD_FILE)) { die("Cannot connect to the database because the password file does not exist"); } $enc_pwd = file_get_contents(DOC_ROOT . "/" . PWD_FILE); - $pwd = my_decrypt($enc_pwd); + $pwd = my_decrypt($enc_pwd); return $pwd; } @@ -1854,8 +1896,7 @@ class db /** * Get the ID of the last command that was executed * - * @return integer - * The integer of the last primary key id inserted into whatever table + * @return integer The integer of the last primary key id inserted into whatever table */ public function get_Last_Insert_ID() { @@ -1866,26 +1907,25 @@ class db /** * Function to get an advisory from the database * - * @param string $advisory_id [optional] - * String with advisory ID to specifically find + * @param string $advisory_id + * [optional] + * String with advisory ID to specifically find * - * @return array:advisory|NULL - * Returns array of advisory objects or NULL if nothing is found in the database + * @return array:advisory|NULL Returns array of advisory objects or NULL if nothing is found in the database */ public function get_Advisory($advisory_id = null) { $ret = []; - if (!is_null($advisory_id)) { + if (! is_null($advisory_id)) { $this->help->select("sagacity.advisories", null, array( array( 'field' => 'advisory_id', - 'op' => '=', + 'op' => '=', 'value' => $advisory_id ) )); - } - else { + } else { $this->help->select("sagacity.advisories", null, []); } @@ -1894,8 +1934,7 @@ class db $ret[] = new advisory($row['pdi_id'], $row['advisory_id'], $row['reference'], $row['type'], $row['url']); } return $ret; - } - else { + } else { Sagacity_Error::sql_handler($this->help->sql); $this->help->debug(E_ERROR); } @@ -1906,10 +1945,9 @@ class db * Update or insert an advisory * * @param array:advisory $advisories - * Array of advisory class objects to save/update to database + * Array of advisory class objects to save/update to database * - * @return boolean - * Returns TRUE if successful, otherwise FALSE + * @return boolean Returns TRUE if successful, otherwise FALSE */ public function save_Advisory($advisories) { @@ -1937,7 +1975,7 @@ class db $this->help->extended_replace("sagacity.advisories", $fields, $values); - if (!$this->help->execute()) { + if (! $this->help->execute()) { Sagacity_Error::sql_handler($this->help->sql); $this->help->debug(E_ERROR); @@ -1952,21 +1990,21 @@ class db /** * Get ST&E category data * - * @param integer $int_Cat_ID [optional] - * Grab specific ste_cat from database (default NULL) + * @param integer $int_Cat_ID + * [optional] + * Grab specific ste_cat from database (default NULL) * - * @return array:ste_cat|NULL - * Returns an array of categories that are applicable to the specific ST&E or a specifically requested category + * @return array:ste_cat|NULL Returns an array of categories that are applicable to the specific ST&E or a specifically requested category */ public function get_Category($int_Cat_ID = null) { $where = []; - $ret = []; + $ret = []; if ($int_Cat_ID != null) { $where[] = [ 'field' => 'id', - 'op' => '=', + 'op' => '=', 'value' => $int_Cat_ID ]; } @@ -1975,23 +2013,29 @@ class db $cats = $this->help->execute(); if (is_array($cats) && count($cats) && isset($cats['id'])) { - $cats = [0 => $cats]; + $cats = [ + 0 => $cats + ]; } if (is_array($cats) && count($cats)) { foreach ($cats as $cat) { $tmp = new ste_cat($cat['id'], $cat['ste_id'], $cat['name'], $cat['analysts']); - $this->help->select("ste_cat_sources", ['src_id'], [ + $this->help->select("ste_cat_sources", [ + 'src_id' + ], [ [ 'field' => 'cat_id', - 'op' => '=', + 'op' => '=', 'value' => $cat['id'] ] ]); $srcs = $this->help->execute(); if (is_array($srcs) && count($srcs) && isset($srcs['src_id'])) { - $srcs = [0 => $srcs]; + $srcs = [ + 0 => $srcs + ]; } if (is_array($srcs) && count($srcs)) { @@ -2011,30 +2055,33 @@ class db /** * Function to automatically put targets in categories by operating systems
- * Skips generic OS's and targets that already assigned + * Skips generic OS's and targets that already assigned * * @param int $ste_id */ public function auto_Catorgize_Targets($ste_id) { - $this->help->select("sagacity.target t", ['t.id', 't.os_string'], [ + $this->help->select("sagacity.target t", [ + 't.id', + 't.os_string' + ], [ [ 'field' => 't.ste_id', 'value' => $ste_id ], [ - 'field' => 't.cat_id', - 'op' => IS, - 'value' => null, + 'field' => 't.cat_id', + 'op' => IS, + 'value' => null, 'sql_op' => 'AND' ], [ - 'field' => 's.cpe', - 'op' => '!=', - 'value' => 'cpe:/o:generic:generic:-', + 'field' => 's.cpe', + 'op' => '!=', + 'value' => 'cpe:/o:generic:generic:-', 'sql_op' => 'AND' ] - ], [ + ], [ 'table_joins' => [ 'JOIN sagacity.software s ON t.os_id=s.id' ] @@ -2042,20 +2089,24 @@ class db $rows = $this->help->execute(); if (is_array($rows) && count($rows) && isset($rows['id'])) { - $rows = [0 => $rows]; + $rows = [ + 0 => $rows + ]; } if (is_array($rows) && count($rows) && isset($rows[0])) { foreach ($rows as $row) { $id = 0; - $this->help->select("sagacity.ste_cat", ['id'], [ + $this->help->select("sagacity.ste_cat", [ + 'id' + ], [ [ 'field' => 'ste_id', 'value' => $ste_id ], [ - 'field' => 'name', - 'value' => trim($row['os_string']), + 'field' => 'name', + 'value' => trim($row['os_string']), 'sql_op' => 'AND' ] ]); @@ -2063,17 +2114,18 @@ class db $tmp = $this->help->execute(); if (is_array($tmp) && count($tmp) && isset($tmp['id'])) { $id = $tmp['id']; - } - else { + } else { $this->help->insert("sagacity.ste_cat", [ 'ste_id' => $ste_id, - 'name' => trim($row['os_string']) - ], true); + 'name' => trim($row['os_string']) + ], true); $id = $this->help->execute(); } if ($id) { - $this->help->update("sagacity.target", ['cat_id' => $id], [ + $this->help->update("sagacity.target", [ + 'cat_id' => $id + ], [ [ 'field' => 'id', 'value' => $row['id'] @@ -2090,38 +2142,36 @@ class db * * @param ste_cat $ste_cat_in * - * @return mixed - * Returns FALSE if failed, otherwise the ID of the newly inserted category + * @return mixed Returns FALSE if failed, otherwise the ID of the newly inserted category */ public function save_Category($ste_cat_in) { if (is_null($ste_cat_in->get_ID())) { $this->help->insert("sagacity.ste_cat", array( - 'ste_id' => $ste_cat_in->get_STE_ID(), - 'name' => $ste_cat_in->get_Name(), + 'ste_id' => $ste_cat_in->get_STE_ID(), + 'name' => $ste_cat_in->get_Name(), 'analysts' => $ste_cat_in->get_Analyst() )); - if (!($cat_id = $this->help->execute())) { + if (! ($cat_id = $this->help->execute())) { $this->help->debug(E_ERROR); return false; } $ste_cat_in->set_ID($cat_id); - } - else { + } else { $this->help->update("sagacity.ste_cat", array( - 'name' => $ste_cat_in->get_Name(), + 'name' => $ste_cat_in->get_Name(), 'analysts' => $ste_cat_in->get_Analyst() - ), array( + ), array( array( 'field' => 'id', - 'op' => '=', + 'op' => '=', 'value' => $ste_cat_in->get_ID() ) )); - if (!$this->help->execute()) { + if (! $this->help->execute()) { $this->help->debug(E_ERROR); return false; } @@ -2131,7 +2181,7 @@ class db $this->help->delete("ste_cat_sources", null, [ [ 'field' => 'cat_id', - 'op' => '=', + 'op' => '=', 'value' => $ste_cat_in->get_ID() ] ]); @@ -2139,9 +2189,15 @@ class db $srcs = []; foreach ($ste_cat_in->get_Sources() as $src) { - $srcs[] = [$ste_cat_in->get_ID(), $src->get_ID()]; + $srcs[] = [ + $ste_cat_in->get_ID(), + $src->get_ID() + ]; } - $this->help->extended_insert("ste_cat_sources", ['cat_id', 'src_id'], $srcs); + $this->help->extended_insert("ste_cat_sources", [ + 'cat_id', + 'src_id' + ], $srcs); $this->help->execute(); } @@ -2152,24 +2208,25 @@ class db * This function renames a category * * @param integer $intOldCat - * Category ID of the category to rename + * Category ID of the category to rename * @param string $strNewCatName - * New name for the category + * New name for the category * - * @return boolean - * Return TRUE if successful, otherwise FALSE + * @return boolean Return TRUE if successful, otherwise FALSE */ public function rename_Cat($intOldCat, $strNewCatName) { - $this->help->update("sagacity.ste_cat", array('name' => $strNewCatName), array( + $this->help->update("sagacity.ste_cat", array( + 'name' => $strNewCatName + ), array( array( 'field' => 'id', - 'op' => '=', + 'op' => '=', 'value' => $intOldCat ) )); - if (!$this->help->execute()) { + if (! $this->help->execute()) { $this->help->debug(E_ERROR); return false; } @@ -2181,22 +2238,23 @@ class db * This function deletes a category and assigns the targets to "Unassigned" * * @param integer $intCat - * ID of the category to delete + * ID of the category to delete * - * @return boolean - * Return TRUE if successful, otherwise FALSE + * @return boolean Return TRUE if successful, otherwise FALSE */ public function delete_Cat($intCat) { - $this->help->update("sagacity.target", array('cat_id' => null), array( + $this->help->update("sagacity.target", array( + 'cat_id' => null + ), array( array( 'field' => 'cat_id', - 'op' => '=', + 'op' => '=', 'value' => $intCat ) )); - if (!$this->help->execute()) { + if (! $this->help->execute()) { $this->help->debug(E_ERROR); return false; } @@ -2204,12 +2262,12 @@ class db $this->help->delete("sagacity.ste_cat_sources", null, array( array( 'field' => 'cat_id', - 'op' => '=', + 'op' => '=', 'value' => $intCat ) )); - if (!$this->help->execute()) { + if (! $this->help->execute()) { $this->help->debug(E_ERROR); return false; } @@ -2217,12 +2275,12 @@ class db $this->help->delete("sagacity.category_interview", null, array( array( 'field' => 'cat_id', - 'op' => '=', + 'op' => '=', 'value' => $intCat ) )); - if (!$this->help->execute()) { + if (! $this->help->execute()) { $this->help->debug(E_ERROR); return false; } @@ -2230,12 +2288,12 @@ class db $this->help->delete("sagacity.ste_cat", null, array( array( 'field' => 'id', - 'op' => '=', + 'op' => '=', 'value' => $intCat ) )); - if (!$this->help->execute()) { + if (! $this->help->execute()) { $this->help->debug(E_ERROR); return false; } @@ -2247,24 +2305,25 @@ class db * This function sets the analyst that is in charge of this category * * @param integer $intCat - * Category ID to update + * Category ID to update * @param string $strAnalyst - * Name of the analyst + * Name of the analyst * - * @return boolean - * Return TRUE if successful, otherwise FALSE + * @return boolean Return TRUE if successful, otherwise FALSE */ public function assign_Analyst_To_Category($intCat, $strAnalyst) { $analysts = strtolower($strAnalyst) == 'none' ? null : $strAnalyst; - $this->help->update("sagacity.ste_cat", array('analysts' => $analysts), array( + $this->help->update("sagacity.ste_cat", array( + 'analysts' => $analysts + ), array( array( 'field' => 'id', - 'op' => '=', + 'op' => '=', 'value' => $intCat ) )); - if (!$this->help->execute()) { + if (! $this->help->execute()) { $this->help->debug(E_ERROR); return false; } @@ -2276,24 +2335,25 @@ class db * This function does the move of a tgt to a new category * * @param array:integer $arrTgts - * Array of integer ID for each target to move + * Array of integer ID for each target to move * @param integer $intCat - * Category ID to reassign them to + * Category ID to reassign them to * - * @return boolean - * Return TRUE if successful, otherwise FALSE + * @return boolean Return TRUE if successful, otherwise FALSE */ public function move_Tgt_To_Cat($arrTgts, $intCat) { - $this->help->update("sagacity.target", array('cat_id' => $intCat), array( + $this->help->update("sagacity.target", array( + 'cat_id' => $intCat + ), array( array( 'field' => 'id', - 'op' => IN, + 'op' => IN, 'value' => $arrTgts ) )); - if (!$this->help->execute()) { + if (! $this->help->execute()) { $this->help->debug(E_ERROR); return false; } @@ -2307,28 +2367,33 @@ class db * Getter function for CCE * * @param string $cce_id - * CCE ID to query for + * CCE ID to query for * * @return array:cce */ public function get_CCE($cce_id = null) { - $ret = []; + $ret = []; $where = []; - if (!is_null($cce_id)) { + if (! is_null($cce_id)) { $where[] = array( 'field' => 'cce_id', - 'op' => '=', + 'op' => '=', 'value' => $cce_id ); } - $this->help->select("sagacity.cce", array('pdi_id', 'cce_id'), $where); + $this->help->select("sagacity.cce", array( + 'pdi_id', + 'cce_id' + ), $where); $cces = $this->help->execute(); if (is_array($cces) && count($cces) && isset($cces['pdi_id'])) { - $cces = array(0 => $cces); + $cces = array( + 0 => $cces + ); } if (is_array($cces) && count($cces) && isset($cces[0])) { @@ -2344,36 +2409,40 @@ class db * Function to save CCE's to database * * @param array:cce|cce $cces - * An array of CCE's that need to be saved + * An array of CCE's that need to be saved * - * @return boolean - * Returns TRUE if save was successful, otherwise FALSE + * @return boolean Returns TRUE if save was successful, otherwise FALSE */ public function save_CCE($cces) { - $ret = true; - $fields = array('pdi_id', 'cce_id'); + $ret = true; + $fields = array( + 'pdi_id', + 'cce_id' + ); $params = []; if (is_array($cces)) { foreach ($cces as $cce) { - $params[] = [$cce->get_PDI_ID(), $cce->get_CCE_ID()]; + $params[] = [ + $cce->get_PDI_ID(), + $cce->get_CCE_ID() + ]; } $this->help->extended_replace("sagacity.cce", $fields, $params); - if (!$this->help->execute()) { + if (! $this->help->execute()) { $this->help->debug(E_ERROR); $ret = false; } - } - else { + } else { $this->help->replace("sagacity.cce", array( 'pdi_id' => $cces->get_PDI_ID(), 'cce_id' => $cces->get_CCE_ID() )); - if (!$this->help->execute()) { + if (! $this->help->execute()) { $this->help->debug(E_ERROR); $ret = false; } @@ -2390,11 +2459,11 @@ class db $this->help->select("sagacity.cci"); - if (!is_null($cci_id)) { + if (! is_null($cci_id)) { $this->help->select("sagacity.cci", null, array( array( 'field' => 'cci_id', - 'op' => '=', + 'op' => '=', 'value' => $cci_id ) )); @@ -2404,28 +2473,28 @@ class db if (is_array($ccis) && count($ccis)) { foreach ($ccis as $cci_data) { - $cci = new cci(); - $cci->cci_id = $cci_data['cci_id']; + $cci = new cci(); + $cci->cci_id = $cci_data['cci_id']; $cci->definition = $cci_data['definition']; - $cci->type = $cci_data['type']; - $cci->param = $cci_data['param']; - $cci->note = $cci_data['note']; + $cci->type = $cci_data['type']; + $cci->param = $cci_data['param']; + $cci->note = $cci_data['note']; $this->help->select("sagacity.cci_refs", null, array( array( 'field' => 'cci_id', - 'op' => '=', + 'op' => '=', 'value' => $cci_data['cci_id'] ) )); $refs = $this->help->execute(); if (is_array($refs) && count($refs)) { foreach ($refs as $ref_data) { - $ref = new cci_reference(); + $ref = new cci_reference(); $ref->index = $ref_data['index']; - $ref->url = $ref_data['url']; + $ref->url = $ref_data['url']; $ref->title = $ref_data['title']; - $ref->ver = $ref_data['ver']; + $ref->ver = $ref_data['ver']; $cci->refs[] = $ref; } @@ -2433,8 +2502,7 @@ class db $ret[] = $cci; } - } - else { + } else { $this->help->debug(E_ERROR); } @@ -2443,10 +2511,10 @@ class db /** * Get eMASS CCI Map + * * @author Matt Shuter * - * @return array - * Array of CCI-eMASS control mappings + * @return array Array of CCI-eMASS control mappings */ public function get_EMASS_CCIs() { @@ -2478,22 +2546,26 @@ class db ]; } $this->help->extended_insert('rmf.cci', array( - 'id', 'control_id', 'enh_id', 'def', 'guidance', 'procedure' - ), $ccis, true); - } - else { + 'id', + 'control_id', + 'enh_id', + 'def', + 'guidance', + 'procedure' + ), $ccis, true); + } else { $cci_id = preg_replace("/CCI\-[0]+/", "CCI-", $cci_in->cci_id); $this->help->insert('rmf.cci', array( - 'cci_id' => $cci_id, + 'cci_id' => $cci_id, 'control_id' => $cci_in->control_id, - 'enh_id' => $cci_in->enh_id, - 'def' => $cci_in->definition, - 'guidance' => $cci_in->guidance, - 'procedure' => $cci_in->procedure - ), true); + 'enh_id' => $cci_in->enh_id, + 'def' => $cci_in->definition, + 'guidance' => $cci_in->guidance, + 'procedure' => $cci_in->procedure + ), true); } - if (!$this->help->execute()) { + if (! $this->help->execute()) { $this->help->debug(E_ERROR); return false; } @@ -2510,14 +2582,16 @@ class db */ public function save_EMASS_CCIs($ccis_in) { - $ret = false; - $columns = array('id', 'control'); + $ret = false; + $columns = array( + 'id', + 'control' + ); $this->help->extended_insert('rmf.emass_cci', $columns, $ccis_in, true); if ($this->help->execute()) { $ret = true; - } - else { + } else { $this->help->debug(E_ERROR); } @@ -2529,13 +2603,14 @@ class db /** * Get a checklist * - * @param mixed $Checklist_ID [optional] - * Checklist ID to query for (default NULL) - * @param boolean $ord_desc [optional] - * Decide if you want to order to return from newest release + * @param mixed $Checklist_ID + * [optional] + * Checklist ID to query for (default NULL) + * @param boolean $ord_desc + * [optional] + * Decide if you want to order to return from newest release * - * @return array:checklist - * Returns an array of checklists, or an empty array if none found + * @return array:checklist Returns an array of checklists, or an empty array if none found */ public function get_Checklist($Checklist_ID = null, $ord_desc = false) { @@ -2554,60 +2629,57 @@ class db 'type', 'icon' ]); - } - else { + } else { $this->help->select("sagacity.checklist", null); } $where = []; - if (!is_null($Checklist_ID)) { + if (! is_null($Checklist_ID)) { if (is_numeric($Checklist_ID)) { $where[] = [ 'field' => 'id', - 'op' => '=', + 'op' => '=', 'value' => $Checklist_ID ]; - } - elseif (is_array($Checklist_ID)) { + } elseif (is_array($Checklist_ID)) { if (isset($Checklist_ID['checklist_id'])) { $where[] = [ 'field' => 'checklist_id', - 'op' => '=', + 'op' => '=', 'value' => $Checklist_ID['checklist_id'] ]; } if (isset($Checklist_ID['type'])) { $where[] = [ - 'field' => 'type', - 'op' => '=', - 'value' => $Checklist_ID['type'], + 'field' => 'type', + 'op' => '=', + 'value' => $Checklist_ID['type'], 'sql_op' => 'AND' ]; } if (isset($Checklist_ID['version'])) { $where[] = [ - 'field' => 'ver', - 'op' => '=', - 'value' => $Checklist_ID['version'], + 'field' => 'ver', + 'op' => '=', + 'value' => $Checklist_ID['version'], 'sql_op' => 'AND' ]; } if (isset($Checklist_ID['release'])) { $where[] = [ - 'field' => 'release', - 'op' => '=', - 'value' => $Checklist_ID['release'], + 'field' => 'release', + 'op' => '=', + 'value' => $Checklist_ID['release'], 'sql_op' => 'AND' ]; } - } - else { + } else { $where[] = [ 'field' => 'checklist_id', - 'op' => '=', + 'op' => '=', 'value' => $Checklist_ID ]; } @@ -2622,20 +2694,43 @@ class db $flags = [ 'group' => 'type', 'order' => [ - ['field' => 'name', 'sort' => 'asc'], - ['field' => 'type', 'sort' => 'asc'], - ['field' => 'ver', 'sort' => 'desc'], - ['field' => 'LPAD(`release`,2,0)', 'sort' => 'desc'] + [ + 'field' => 'name', + 'sort' => 'asc' + ], + [ + 'field' => 'type', + 'sort' => 'asc' + ], + [ + 'field' => 'ver', + 'sort' => 'desc' + ], + [ + 'field' => 'LPAD(`release`,2,0)', + 'sort' => 'desc' + ] ] ]; - } - else { + } else { $flags = [ 'order' => [ - ['field' => 'name', 'sort' => 'asc'], - ['field' => 'type', 'sort' => 'asc'], - ['field' => 'ver', 'sort' => 'asc'], - ['field' => 'LPAD(`release`,2,0)', 'sort' => 'asc'] + [ + 'field' => 'name', + 'sort' => 'asc' + ], + [ + 'field' => 'type', + 'sort' => 'asc' + ], + [ + 'field' => 'ver', + 'sort' => 'asc' + ], + [ + 'field' => 'LPAD(`release`,2,0)', + 'sort' => 'asc' + ] ] ]; } @@ -2646,32 +2741,32 @@ class db $rows = $this->help->execute(); if (isset($rows['id'])) { - $rows = array(0 => $rows); + $rows = array( + 0 => $rows + ); } if (is_array($rows) && count($rows)) { foreach ($rows as $row) { - $chk = new checklist( - $row['id'], $row['checklist_id'], $row['name'], $row['description'], $row['date'], $row['file_name'], $row['ver'], $row['release'], $row['type'], $row['icon'] - ); + $chk = new checklist($row['id'], $row['checklist_id'], $row['name'], $row['description'], $row['date'], $row['file_name'], $row['ver'], $row['release'], $row['type'], $row['icon']); /* - $this->help->select("sagacity.checklist_software_lookup", array('sw_id'), array( - array( - 'field' => 'chk_id', - 'op' => '=', - 'value' => $row['id'] - ) - )); - $sw_rows = $this->help->execute(); - if (count($sw_rows)) { - if (isset($sw_rows['sw_id'])) { - $sw_rows = array(0 => $sw_rows); - } - - foreach ($sw_rows as $row2) { - $chk->add_SW($this->get_Software($row2['sw_id'])); - } - } + * $this->help->select("sagacity.checklist_software_lookup", array('sw_id'), array( + * array( + * 'field' => 'chk_id', + * 'op' => '=', + * 'value' => $row['id'] + * ) + * )); + * $sw_rows = $this->help->execute(); + * if (count($sw_rows)) { + * if (isset($sw_rows['sw_id'])) { + * $sw_rows = array(0 => $sw_rows); + * } + * + * foreach ($sw_rows as $row2) { + * $chk->add_SW($this->get_Software($row2['sw_id'])); + * } + * } */ $ret[] = $chk; } @@ -2699,14 +2794,18 @@ class db $rows = $this->help->execute(); if (isset($rows['id'])) { - $rows = [0 => $rows]; + $rows = [ + 0 => $rows + ]; } if (is_array($rows) && count($rows) && isset($rows[0])) { foreach ($rows as $row) { - $chk = new checklist($row['id'], $row['checklist_id'], $row['name'], $row['description'], $row['date'], $row['file_name'], $row['ver'], $row['release'], $row['type'], $row['icon']); - /**/ - $this->help->select("sagacity.checklist_software_lookup", ['sw_id'], [ + $chk = new checklist($row['id'], $row['checklist_id'], $row['name'], $row['description'], $row['date'], $row['file_name'], $row['ver'], $row['release'], $row['type'], $row['icon']); + /* */ + $this->help->select("sagacity.checklist_software_lookup", [ + 'sw_id' + ], [ [ 'field' => 'chk_id', 'value' => $row['id'] @@ -2715,7 +2814,9 @@ class db $sw_rows = $this->help->execute(); if (is_array($sw_rows) && count($sw_rows)) { if (isset($sw_rows['sw_id'])) { - $sw_rows = [0 => $sw_rows]; + $sw_rows = [ + 0 => $sw_rows + ]; } foreach ($sw_rows as $row2) { @@ -2734,38 +2835,41 @@ class db * Function to retrieve the most current checklist for a given software package * * @param software $software - * Software of which to look for checklists + * Software of which to look for checklists * - * @return array:checklist - * Returns an array of checklists that this software ties to. Otherwise, an empty array + * @return array:checklist Returns an array of checklists that this software ties to. Otherwise, an empty array */ public function get_Latest_Checklist_By_Software($software) { $ret = []; $this->help->create_table("c", true, $this->help->select("sagacity.checklist", null, [], array( - 'order' => '`ver` DESC, CONVERT(`release`, DECIMAL(4,2)) DESC' + 'order' => '`ver` DESC, CONVERT(`release`, DECIMAL(4,2)) DESC' ))); - if (!$this->help->execute()) { + if (! $this->help->execute()) { return $ret; } - $this->help->select("c", array('c.id'), array( + $this->help->select("c", array( + 'c.id' + ), array( array( 'field' => 'csl.sw_id', - 'op' => '=', + 'op' => '=', 'value' => $software->get_ID() ) - ), array( + ), array( 'table_joins' => array( "JOIN sagacity.checklist_software_lookup csl ON csl.chk_id=c.id" ), - 'group' => 'c.name,c.type', - 'order' => 'c.name' + 'group' => 'c.name,c.type', + 'order' => 'c.name' )); $rows = $this->help->execute(); if (is_array($rows) && count($rows) && isset($rows['id'])) { - $rows = array(0 => $rows); + $rows = array( + 0 => $rows + ); } if (is_array($rows) && count($rows) && isset($rows[0])) { @@ -2784,19 +2888,20 @@ class db * Get a summary of checklist stats * * @param integer $cat_id - * Integer category ID to get the summary on + * Integer category ID to get the summary on * - * @return NULL|array:targets,checklist,string - * Returns an associative array of target (id & name), checklists, and a summary that joins the two + * @return NULL|array:targets,checklist,string Returns an associative array of target (id & name), checklists, and a summary that joins the two */ public function get_Checklist_Summary($cat_id) { - $where = array(array( + $where = array( + array( 'field' => 't.cat_id', - 'op' => (is_null($cat_id) ? IS : '='), + 'op' => (is_null($cat_id) ? IS : '='), 'value' => $cat_id - )); - $tgts = []; + ) + ); + $tgts = []; $chklsts = []; $summary = []; @@ -2804,59 +2909,73 @@ class db 'table_joins' => array( "LEFT JOIN sagacity.target t ON t.id=tc.tgt_id" ), - 'group' => 't.id' + 'group' => 't.id' )); $tgt_rows = $this->help->execute(); if (is_array($tgt_rows) && count($tgt_rows) && isset($tgt_rows['name'])) { - $tgt_rows = array(0 => $tgt_rows); + $tgt_rows = array( + 0 => $tgt_rows + ); } if (is_array($tgt_rows) && count($tgt_rows) && isset($tgt_rows[0])) { foreach ($tgt_rows as $row) { $tgts[$row['id']] = $row['name']; } - } - else { + } else { $this->help->debug(E_ERROR); } - $this->help->select("sagacity.target_checklist tc", array('c.id', 'c.name', 'c.type', 'c.ver', 'c.`release`'), $where, array( + $this->help->select("sagacity.target_checklist tc", array( + 'c.id', + 'c.name', + 'c.type', + 'c.ver', + 'c.`release`' + ), $where, array( 'table_joins' => array( "LEFT JOIN sagacity.checklist c ON tc.chk_id=c.id", "LEFT JOIN sagacity.target t ON tc.tgt_id=t.id" ), - 'group' => 'c.id', - 'order' => 'c.name' + 'group' => 'c.id', + 'order' => 'c.name' )); $chk_rows = $this->help->execute(); if (is_array($chk_rows) && count($chk_rows) && isset($chk_rows['id'])) { - $chk_rows = array(0 => $chk_rows); + $chk_rows = array( + 0 => $chk_rows + ); } if (is_array($chk_rows) && count($chk_rows) && isset($chk_rows[0])) { foreach ($chk_rows as $row) { $chklsts[$row['id']] = "{$row['name']} V{$row['ver']}R{$row['release']} (" . ($row['type'] == 'iavm' ? 'IAVM' : ucfirst($row['type'])) . ")"; } - } - else { + } else { $this->help->debug(E_ERROR); } - $this->help->select("sagacity.findings f", array("COUNT(1) as 'cnt'", 'c.id', 'c.name', 'c.ver', 'c.`release`'), array( + $this->help->select("sagacity.findings f", array( + "COUNT(1) as 'cnt'", + 'c.id', + 'c.name', + 'c.ver', + 'c.`release`' + ), array( array( 'field' => 't.cat_id', - 'op' => (is_null($cat_id) ? IS : '='), + 'op' => (is_null($cat_id) ? IS : '='), 'value' => $cat_id ), array( - 'field' => 'c.name', - 'op' => '=', - 'value' => 'Orphan', + 'field' => 'c.name', + 'op' => '=', + 'value' => 'Orphan', 'sql_op' => 'AND' ) - ), array( + ), array( 'table_joins' => array( "LEFT JOIN sagacity.target t ON t.id=f.tgt_id", "LEFT JOIN sagacity.pdi_checklist_lookup pcl ON pcl.pdi_id=f.pdi_id", @@ -2876,31 +2995,32 @@ class db $this->help->select_count("sagacity.target_checklist tc", [ [ 'field' => 'tc.tgt_id', - 'op' => '=', + 'op' => '=', 'value' => $host_key ], [ - 'field' => 'tc.chk_id', - 'op' => '=', - 'value' => $chk_key, + 'field' => 'tc.chk_id', + 'op' => '=', + 'value' => $chk_key, 'sql_op' => 'AND' ] ]); - } - else { - $this->help->select("sagacity.findings f", ["IF(COUNT(1) > 0, '1', '0')"], [ + } else { + $this->help->select("sagacity.findings f", [ + "IF(COUNT(1) > 0, '1', '0')" + ], [ [ 'field' => 'f.tgt_id', - 'op' => '=', + 'op' => '=', 'value' => $host_key ], [ - 'field' => 'c.name', - 'op' => '=', - 'value' => 'Orphan', + 'field' => 'c.name', + 'op' => '=', + 'value' => 'Orphan', 'sql_op' => 'AND' ] - ], [ + ], [ 'table_joins' => [ "LEFT JOIN sagacity.pdi_checklist_lookup pcl ON pcl.pdi_id=f.pdi_id", "LEFT JOIN sagacity.checklist c ON c.id=pcl.checklist_id" @@ -2912,14 +3032,18 @@ class db } } - return ['tgts' => $tgts, 'checklists' => $chklsts, 'summary' => $summary]; + return [ + 'tgts' => $tgts, + 'checklists' => $chklsts, + 'summary' => $summary + ]; } /** * Get all checklist & targets in a category * * @param integer $cat_id - * Category ID to pull the checklists from + * Category ID to pull the checklists from * * @return NULL|array:string checklist */ @@ -2927,23 +3051,28 @@ class db { $chklsts = []; - $this->help->select("sagacity.target_checklist tc", array('tc.tgt_id', 'tc.chk_id'), array( + $this->help->select("sagacity.target_checklist tc", array( + 'tc.tgt_id', + 'tc.chk_id' + ), array( array( 'field' => 't.cat_id', - 'op' => '=', + 'op' => '=', 'value' => $cat_id ) - ), array( + ), array( 'table_joins' => array( "LEFT JOIN sagacity.target t ON tc.tgt_id = t.id", "LEFT JOIN sagacity.checklist c ON tc.chk_id = c.id" ), - 'order' => 'c.name' + 'order' => 'c.name' )); $rows = $this->help->execute(); if (is_array($rows) && count($rows) && isset($rows['tgt_id'])) { - $rows = array(0 => $rows); + $rows = array( + 0 => $rows + ); } if (is_array($rows) && count($rows) && isset($rows[0])) { @@ -2951,14 +3080,13 @@ class db $chk = $this->get_Checklist($row['chk_id']); if (is_array($chk) && count($chk) && isset($chk[0]) && is_a($chk[0], 'checklist')) { $chk = $chk[0]; - } - else { + } else { continue; } - $tgts = isset($chklsts[$chk->get_ID()]['tgts']) ? $chklsts[$chk->get_ID()]['tgts'] : null; + $tgts = isset($chklsts[$chk->get_ID()]['tgts']) ? $chklsts[$chk->get_ID()]['tgts'] : null; $chklsts[$chk->get_ID()] = array( - 'tgts' => $tgts . $row['tgt_id'] . ",", + 'tgts' => $tgts . $row['tgt_id'] . ",", 'checklist' => $chk ); } @@ -2967,16 +3095,16 @@ class db $this->help->select_count("sagacity.target t", array( array( 'field' => 't.cat_id', - 'op' => '=', + 'op' => '=', 'value' => $cat_id ), array( - 'field' => 'pcl.checklist_id', - 'op' => '=', - 'value' => "(SELECT c.id FROM sagacity.checklist c WHERE c.name='Orphan')", + 'field' => 'pcl.checklist_id', + 'op' => '=', + 'value' => "(SELECT c.id FROM sagacity.checklist c WHERE c.name='Orphan')", 'sql_op' => 'AND' ) - ), array( + ), array( 'table_joins' => array( "LEFT JOIN sagacity.findings f ON t.id=f.tgt_id", "LEFT JOIN sagacity.pdi_checklist_lookup pcl ON pcl.pdi_id=f.pdi_id" @@ -2985,29 +3113,34 @@ class db $count = $this->help->execute(); if ($count) { - $this->help->select("sagacity.target t", array("t.id AS 'tgt_id'", "pcl.checklist_id AS 'chk_id'"), array( + $this->help->select("sagacity.target t", array( + "t.id AS 'tgt_id'", + "pcl.checklist_id AS 'chk_id'" + ), array( array( 'field' => 't.cat_id', - 'op' => '=', + 'op' => '=', 'value' => $cat_id ), array( - 'field' => 'pcl.checklist_id', - 'op' => '=', - 'value' => "(SELECT c.id FROM sagacity.checklist c WHERE c.name='Orphan')", + 'field' => 'pcl.checklist_id', + 'op' => '=', + 'value' => "(SELECT c.id FROM sagacity.checklist c WHERE c.name='Orphan')", 'sql_op' => 'AND' ) - ), array( + ), array( 'table_joins' => array( "LEFT JOIN sagacity.findings f ON t.id=f.tgt_id", "LEFT JOIN sagacity.pdi_checklist_lookup pcl ON pcl.pdi_id=f.pdi_id" ), - 'group' => 't.id,pcl.checklist_id' + 'group' => 't.id,pcl.checklist_id' )); $rows2 = $this->help->execute(); if (is_array($rows2) && count($rows2) && isset($rows2['tgt_id'])) { - $rows2 = array(0 => $rows2); + $rows2 = array( + 0 => $rows2 + ); } if (is_array($rows2) && count($rows2) && isset($rows2[0])) { @@ -3015,14 +3148,13 @@ class db $chk = $this->get_Checklist($row2['chk_id']); if (is_array($chk) && count($chk) && isset($chk[0]) && is_a($chk[0], 'checklist')) { $chk = $chk[0]; - } - else { + } else { continue; } - $tgts = isset($chklsts[$chk->get_ID()]['tgts']) ? $chklsts[$chk->get_ID()]['tgts'] : ""; + $tgts = isset($chklsts[$chk->get_ID()]['tgts']) ? $chklsts[$chk->get_ID()]['tgts'] : ""; $chklsts[$chk->get_ID()] = array( - 'tgts' => $tgts . $row2['tgt_id'] . ",", + 'tgts' => $tgts . $row2['tgt_id'] . ",", 'checklist' => $chk ); } @@ -3036,30 +3168,35 @@ class db * Get array of checklists for a target * * @param integer $tgt_id - * The target ID of the target we want checklists from + * The target ID of the target we want checklists from * * @return array:checklist |NULL - * Returns an array of checklists that are assigned to the requested target + * Returns an array of checklists that are assigned to the requested target */ public function get_Target_Checklists($tgt_id) { - $this->help->select("sagacity.target_checklist tc", ['c.id', 'tc.class'], [ + $this->help->select("sagacity.target_checklist tc", [ + 'c.id', + 'tc.class' + ], [ [ 'field' => 'tc.tgt_id', - 'op' => '=', + 'op' => '=', 'value' => $tgt_id ] - ], [ + ], [ 'table_joins' => [ "LEFT JOIN sagacity.checklist c ON c.id=tc.chk_id" ], - 'order' => 'c.name' + 'order' => 'c.name' ]); - $chk = []; + $chk = []; $chks = $this->help->execute(); if (isset($chks['id'])) { - $chks = [0 => $chks]; + $chks = [ + 0 => $chks + ]; } if (is_array($chks) && count($chks) && isset($chks[0])) { @@ -3072,10 +3209,12 @@ class db } // get the orphan checklist ID - $this->help->select("sagacity.checklist", ['id'], [ + $this->help->select("sagacity.checklist", [ + 'id' + ], [ [ 'field' => 'name', - 'op' => '=', + 'op' => '=', 'value' => 'Orphan' ] ]); @@ -3085,16 +3224,16 @@ class db $this->help->select_count("sagacity.pdi_checklist_lookup pcl", [ [ 'field' => 'pcl.checklist_id', - 'op' => '=', + 'op' => '=', 'value' => $orphan['id'] ], [ - 'field' => 'f.tgt_id', - 'op' => '=', - 'value' => $tgt_id, + 'field' => 'f.tgt_id', + 'op' => '=', + 'value' => $tgt_id, 'sql_op' => 'AND' ] - ], [ + ], [ 'table_joins' => [ "RIGHT JOIN sagacity.findings f ON pcl.pdi_id=f.pdi_id" ] @@ -3121,46 +3260,45 @@ class db */ public function get_Category_Findings($cat_id, $chk_host_list = [], $status = null, $category = null) { - $ret = []; - $stigs = []; + $ret = []; + $stigs = []; $tgt_ids = []; $where = [ [ 'field' => 'gcf.cat_id', - 'op' => (is_null($cat_id) ? IS : '='), + 'op' => (is_null($cat_id) ? IS : '='), 'value' => $cat_id ] ]; - if (!is_null($status)) { + if (! is_null($status)) { $where[] = [ - 'field' => 'gcf.status', - 'op' => '=', - 'value' => $status, - 'sql_op' => 'AND', + 'field' => 'gcf.status', + 'op' => '=', + 'value' => $status, + 'sql_op' => 'AND', 'open-paren' => true ]; if ($status == 'Not Reviewed') { $where[] = [ - 'field' => 'gcf.status', - 'op' => IS, - 'value' => null, - 'sql_op' => 'OR', + 'field' => 'gcf.status', + 'op' => IS, + 'value' => null, + 'sql_op' => 'OR', 'close-paren' => true ]; - } - else { + } else { unset($where[1]['open-paren']); } } - if (!is_null($category)) { + if (! is_null($category)) { $where[] = [ - 'field' => 'gcf.cat', - 'op' => '=', - 'value' => $category, + 'field' => 'gcf.cat', + 'op' => '=', + 'value' => $category, 'sql_op' => 'AND' ]; } @@ -3168,50 +3306,57 @@ class db $this->help->select("sagacity.get_cat_findings gcf", null, $where); $rows = $this->help->execute(); if (is_array($rows) && count($rows) && isset($rows['tgt_id'])) { - $rows = [0 => $rows]; + $rows = [ + 0 => $rows + ]; } if (is_array($rows) && count($rows) && isset($rows[0])) { foreach ($rows as $row) { if (is_null($row['chk_icon']) || $row['chk_icon'] == '') { $worksheet_name = '(Unknown)'; - } - else { - $worksheet_name = substr($row['chk_icon'], 0, -4); + } else { + $worksheet_name = substr($row['chk_icon'], 0, - 4); } - if (!isset($ret[$worksheet_name])) { - $ret[$worksheet_name] = ['target_list' => [], 'checklists' => [], 'stigs' => []]; - $where2 = [ + if (! isset($ret[$worksheet_name])) { + $ret[$worksheet_name] = [ + 'target_list' => [], + 'checklists' => [], + 'stigs' => [] + ]; + $where2 = [ [ 'field' => 't.cat_id', - 'op' => '=', + 'op' => '=', 'value' => $cat_id ], [ - 'field' => 'c.icon', - 'op' => LIKE, - 'value' => "'$worksheet_name%'", + 'field' => 'c.icon', + 'op' => LIKE, + 'value' => "'$worksheet_name%'", 'sql_op' => 'AND' ] ]; if (is_array($tgt_ids) && count($tgt_ids)) { $where2[] = [ - 'field' => 't.id', - 'op' => IN, - 'value' => $tgt_ids, + 'field' => 't.id', + 'op' => IN, + 'value' => $tgt_ids, 'sql_op' => 'AND' ]; } - $this->help->select("target t", ['t.class'], $where2, [ + $this->help->select("target t", [ + 't.class' + ], $where2, [ 'table_joins' => [ "LEFT JOIN target_checklist tc ON tc.tgt_id = t.id", "LEFT JOIN checklist c ON c.id=tc.chk_id" ], - 'group' => 't.class', - 'order' => "FIELD(t.class, 'S', 'FOUO', 'U')" + 'group' => 't.class', + 'order' => "FIELD(t.class, 'S', 'FOUO', 'U')" ]); $rows2 = $this->help->execute(); if (is_array($rows2) && count($rows2) && isset($rows2['class'])) { @@ -3219,33 +3364,31 @@ class db } } - if (!in_array($row['chk_id'], $ret[$worksheet_name]['checklists'])) { + if (! in_array($row['chk_id'], $ret[$worksheet_name]['checklists'])) { $ret[$worksheet_name]['checklists'][] = $row['chk_id']; } - if (!isset($ret[$worksheet_name]['target_list'][$row['tgt_name']])) { + if (! isset($ret[$worksheet_name]['target_list'][$row['tgt_name']])) { $ret[$worksheet_name]['target_list']["{$row['tgt_name']}"] = count($ret[$worksheet_name]['target_list']) + 6; } - if (!isset($ret[$worksheet_name]['stigs'][$row['stig_id']])) { - if (!empty($row['finding_ia_controls'])) { + if (! isset($ret[$worksheet_name]['stigs'][$row['stig_id']])) { + if (! empty($row['finding_ia_controls'])) { $ia = explode(' ', $row['finding_ia_controls']); - } - else { + } else { $ia = explode(' ', $row['ia_controls']); } - $echk = new echecklist($row['stig_id'], $row['vms_id'], (empty($row['finding_cat']) ? $row['cat'] : $row['finding_cat']), $ia, $row['short_title'], null, $row['notes'], $row['check_contents'], null); + $echk = new echecklist($row['stig_id'], $row['vms_id'], (empty($row['finding_cat']) ? $row['cat'] : $row['finding_cat']), $ia, $row['short_title'], null, $row['notes'], $row['check_contents'], null); $echk->set_PDI_ID($row['pdi_id']); $ret[$worksheet_name]['stigs'][$row['stig_id']] = [ - 'echecklist' => $echk, + 'echecklist' => $echk, "{$row['tgt_name']}" => $row['finding_status'], - 'chk_id' => $row['chk_id'] + 'chk_id' => $row['chk_id'] ]; - if (!in_array($row['stig_id'], $stigs)) { + if (! in_array($row['stig_id'], $stigs)) { $stigs[] = $row['stig_id']; } - } - else { + } else { $ret[$worksheet_name]['stigs'][$row['stig_id']][$row['tgt_name']] = $row['finding_status']; $ret[$worksheet_name]['stigs'][$row['stig_id']]['echecklist']->append_Notes($row['notes'] . PHP_EOL); } @@ -3259,48 +3402,47 @@ class db $where = [ [ 'field' => 'gof.cat_id', - 'op' => (is_null($cat_id) ? IS : '='), + 'op' => (is_null($cat_id) ? IS : '='), 'value' => $cat_id ] ]; if (is_array($stigs) && count($stigs) && isset($stigs[0]) && is_a($stigs[0], 'stig')) { $where[] = [ - 'field' => 'gof.stig_id', - 'op' => NOT_IN, - 'value' => $stigs, + 'field' => 'gof.stig_id', + 'op' => NOT_IN, + 'value' => $stigs, 'sql_op' => 'AND' ]; } - if (!is_null($status)) { + if (! is_null($status)) { $where[] = [ - 'field' => 'gof.status', - 'op' => '=', - 'value' => $status, - 'sql_op' => 'AND', + 'field' => 'gof.status', + 'op' => '=', + 'value' => $status, + 'sql_op' => 'AND', 'open-paren' => true ]; if ($status == 'Not Reviewed') { $where[] = [ - 'field' => 'gof.status', - 'op' => IS, - 'value' => null, - 'sql_op' => 'OR', + 'field' => 'gof.status', + 'op' => IS, + 'value' => null, + 'sql_op' => 'OR', 'close-paren' => true ]; - } - else { + } else { unset($where[2]['open-paren']); } } - if (!is_null($category)) { + if (! is_null($category)) { $where[] = [ - 'field' => 'gof.cat', - 'op' => '=', - 'value' => $category, + 'field' => 'gof.cat', + 'op' => '=', + 'value' => $category, 'sql_op' => 'AND' ]; } @@ -3308,27 +3450,36 @@ class db $this->help->select("sagacity.get_orphan_findings gof", null, $where); $rows = $this->help->execute(); if (is_array($rows) && count($rows) && isset($rows['tgt_id'])) { - $rows = [0 => $rows]; + $rows = [ + 0 => $rows + ]; } if (is_array($rows) && count($rows) && isset($rows[0])) { $worksheet_name = "Orphan"; - $class = ['U' => 1, 'FOUO' => 2, 'S' => 3]; + $class = [ + 'U' => 1, + 'FOUO' => 2, + 'S' => 3 + ]; foreach ($rows as $row) { - if (!isset($ret[$worksheet_name])) { - $ret[$worksheet_name] = ['target_list' => [], 'checklists' => [], 'stigs' => [], 'highest_class' => 'U']; + if (! isset($ret[$worksheet_name])) { + $ret[$worksheet_name] = [ + 'target_list' => [], + 'checklists' => [], + 'stigs' => [], + 'highest_class' => 'U' + ]; } - if (!in_array($row['chk_id'], $ret[$worksheet_name]['checklists'])) { + if (! in_array($row['chk_id'], $ret[$worksheet_name]['checklists'])) { $ret[$worksheet_name]['checklists'][] = $row['chk_id']; } - if (!isset($ret[$worksheet_name]['target_list'][$row['tgt_name']])) { + if (! isset($ret[$worksheet_name]['target_list'][$row['tgt_name']])) { $ret[$worksheet_name]['target_list'][$row['tgt_name']] = (is_array($ret[$worksheet_name]['target_list']) ? count($ret[$worksheet_name]['target_list']) + 6 : 7); - $sql2 = "SELECT t.`class` " . - "FROM `sagacity`.`target` t " . - "WHERE t.`name` = '" . $this->conn->real_escape_string($row['tgt_name']) . "'"; + $sql2 = "SELECT t.`class` " . "FROM `sagacity`.`target` t " . "WHERE t.`name` = '" . $this->conn->real_escape_string($row['tgt_name']) . "'"; if ($res2 = $this->conn->query($sql2)) { $row2 = $res2->fetch_assoc(); if (isset($class[$row2['class']]) && isset($class[$ret[$worksheet_name]['highest_class']])) { @@ -3339,22 +3490,20 @@ class db } } - if (!isset($ret[$worksheet_name]['stigs'][$row['stig_id']])) { - if (!empty($row['finding_ia_controls'])) { + if (! isset($ret[$worksheet_name]['stigs'][$row['stig_id']])) { + if (! empty($row['finding_ia_controls'])) { $ia = explode(" ", $row['finding_ia_controls']); - } - else { + } else { $ia = explode(" ", $row['ia_controls']); } - $echk = new echecklist($row['stig_id'], $row['vms_id'], (empty($row['finding_cat']) ? $row['cat'] : $row['finding_cat']), $ia, $row['short_title'], null, $row['notes'], $row['check_contents'], null); + $echk = new echecklist($row['stig_id'], $row['vms_id'], (empty($row['finding_cat']) ? $row['cat'] : $row['finding_cat']), $ia, $row['short_title'], null, $row['notes'], $row['check_contents'], null); $echk->set_PDI_ID($row['pdi_id']); $ret[$worksheet_name]['stigs'][$row['stig_id']] = [ - 'echecklist' => $echk, + 'echecklist' => $echk, $row['tgt_name'] => $row['finding_status'], - 'chk_id' => $row['chk_id'] + 'chk_id' => $row['chk_id'] ]; - } - else { + } else { $ret[$worksheet_name]['stigs'][$row['stig_id']][$row['tgt_name']] = $row['finding_status']; $ret[$worksheet_name]['stigs'][$row['stig_id']]['echecklist']->append_Notes($row['notes'] . "\r"); } @@ -3368,78 +3517,79 @@ class db * Add a checklist to database * * @param checklist $checklist_in - * The checklist that we want to add to the database + * The checklist that we want to add to the database * - * @return integer - * Returns the id of the checklist inserted, or 0 if failed + * @return integer Returns the id of the checklist inserted, or 0 if failed */ public function save_Checklist($checklist_in) { if (empty($checklist_in->id)) { $this->help->insert("sagacity.checklist", array( 'checklist_id' => $checklist_in->checklist_id, - 'name' => $checklist_in->name, - 'description' => $checklist_in->description, - 'date' => $checklist_in->date, - 'file_name' => $checklist_in->file_name, - 'release' => $checklist_in->release, - 'ver' => $checklist_in->ver, - 'type' => $checklist_in->type, - 'icon' => $checklist_in->icon - ), true); + 'name' => $checklist_in->name, + 'description' => $checklist_in->description, + 'date' => $checklist_in->date, + 'file_name' => $checklist_in->file_name, + 'release' => $checklist_in->release, + 'ver' => $checklist_in->ver, + 'type' => $checklist_in->type, + 'icon' => $checklist_in->icon + ), true); - if (!$this->help->execute()) { + if (! $this->help->execute()) { Sagacity_Error::sql_handler($this->help->sql); $this->help->debug(E_ERROR); - } - else { + } else { $chk_id = $this->conn->insert_id; } if (is_array($checklist_in->sw) && count($checklist_in->sw)) { $fields = [ - 'chk_id', 'sw_id' + 'chk_id', + 'sw_id' ]; $params = []; foreach ($checklist_in->sw as $sw) { if (is_a($sw, 'software') && $sw->get_ID()) { - $params[] = [$chk_id, $sw->get_ID()]; + $params[] = [ + $chk_id, + $sw->get_ID() + ]; } } if (count($params)) { $this->help->extended_insert('checklist_software_lookup', $fields, $params, true); - if (!$this->help->execute()) { + if (! $this->help->execute()) { Sagacity_Error::sql_handler($this->help->sql); $this->help->debug(E_ERROR); } } } - } - else { + } else { $this->help->update('checklist', [ 'checklist_id' => $checklist_in->checklist_id, - 'name' => $checklist_in->name, - 'description' => $checklist_in->description, - 'date' => $checklist_in->date, - 'file_name' => $checklist_in->file_name, - 'release' => $checklist_in->release, - 'ver' => $checklist_in->ver, - 'type' => $checklist_in->type, - 'icon' => $checklist_in->icon - ], [ + 'name' => $checklist_in->name, + 'description' => $checklist_in->description, + 'date' => $checklist_in->date, + 'file_name' => $checklist_in->file_name, + 'release' => $checklist_in->release, + 'ver' => $checklist_in->ver, + 'type' => $checklist_in->type, + 'icon' => $checklist_in->icon + ], [ [ 'field' => 'id', - 'op' => '=', + 'op' => '=', 'value' => $checklist_in->id ] ]); $chk_id = $checklist_in->id; - if (!$this->help->execute()) { + if (! $this->help->execute()) { Sagacity_Error::sql_handler($this->help->sql); $this->help->debug(E_ERROR); } @@ -3448,24 +3598,30 @@ class db $this->help->delete("checklist_software_lookup", [ [ 'field' => 'chk_id', - 'op' => '=', + 'op' => '=', 'value' => $checklist_in->id ] ]); $this->help->execute(); - $field = ['chk_id', 'sw_id']; + $field = [ + 'chk_id', + 'sw_id' + ]; $params = []; foreach ($checklist_in->sw as $sw) { if ($sw->get_ID()) { - $params[] = [$chk_id, $sw->get_ID()]; + $params[] = [ + $chk_id, + $sw->get_ID() + ]; } } if (is_array($params) && count($params)) { $this->help->extended_insert("checklist_software_lookup", $field, $params, true); - if (!$this->help->execute()) { + if (! $this->help->execute()) { Sagacity_Error::sql_handler($this->help->sql); $this->help->debug(E_ERROR); } @@ -3482,25 +3638,29 @@ class db * Function to retrieve CVE object * * @param string $cve_id - * CVE to query from the database + * CVE to query from the database * - * @return cve|NULL - * Returns CVE and associated references or null is nothing found + * @return cve|NULL Returns CVE and associated references or null is nothing found */ public function get_CVE($cve_id) { $cve = null; $this->help->select("sagacity.cve_db", array( - "cve_db.cve_id", "cve.pdi_id", "cve_db.seq", "cve_db.status", - "cve_db.phase", "cve_db.phase_date", "cve_db.desc" - ), array( + "cve_db.cve_id", + "cve.pdi_id", + "cve_db.seq", + "cve_db.status", + "cve_db.phase", + "cve_db.phase_date", + "cve_db.desc" + ), array( array( 'field' => 'cve_db.cve_id', - 'op' => '=', + 'op' => '=', 'value' => $cve_id ) - ), array( + ), array( 'table_joins' => array( "LEFT JOIN sagacity.cve ON cve.cve_id=cve_db.cve_id" ) @@ -3518,17 +3678,21 @@ class db $cve->set_Phase_Date($row['phase_date']); $cve->set_Description($row['desc']); - $this->help->select("sagacity.iavm_to_cve itc", array("itc.noticeId"), array( + $this->help->select("sagacity.iavm_to_cve itc", array( + "itc.noticeId" + ), array( array( 'field' => "itc.cve_id", - 'op' => '=', + 'op' => '=', 'value' => $cve_id ) )); $iavm_rows = $this->help->execute(); if (is_array($iavm_rows) && count($iavm_rows) && isset($iavm_rows['noticeId'])) { - $iavm_rows = array(0 => $iavm_rows); + $iavm_rows = array( + 0 => $iavm_rows + ); } if (is_array($iavm_rows) && count($iavm_rows) && isset($iavm_rows[0])) { @@ -3537,17 +3701,24 @@ class db } } - $this->help->select("sagacity.cve_references", array('id', 'source', 'url', 'val'), array( + $this->help->select("sagacity.cve_references", array( + 'id', + 'source', + 'url', + 'val' + ), array( array( 'field' => 'cve_seq', - 'op' => '=', + 'op' => '=', 'value' => $cve_id ) )); $ref_rows = $this->help->execute(); if (is_array($ref_rows) && count($ref_rows) && isset($ref_rows['id'])) { - $ref_rows = array(0 => $ref_rows); + $ref_rows = array( + 0 => $ref_rows + ); } if (is_array($ref_rows) && count($ref_rows) && isset($ref_rows[0])) { @@ -3564,23 +3735,17 @@ class db * Getter function to retrieve CVE's by their link to a PDI * * @param integer $pdi_id - * PDI ID that we want to find CVE's for + * PDI ID that we want to find CVE's for * - * @return NULL|array:cve - * Returns an array of CVEs for each one found that links to a PDI or NULL if none found + * @return NULL|array:cve Returns an array of CVEs for each one found that links to a PDI or NULL if none found */ public function get_CVEs_By_PDI($pdi_id) { $ret = []; - $sql = "SELECT " . - "cve_db.`cve_id`,cve.`pdi_id`,cve_db.`seq`,cve_db.`status`," . - "cve_db.`phase`,cve_db.`phase_date`,cve_db.`desc` " . - "FROM `sagacity`.`cve_db` " . - "LEFT JOIN `sagacity`.`cve` ON cve.`cve_id` = cve_db.`cve_id` " . - "WHERE cve.`pdi_id` = " . $this->conn->real_escape_string($pdi_id); + $sql = "SELECT " . "cve_db.`cve_id`,cve.`pdi_id`,cve_db.`seq`,cve_db.`status`," . "cve_db.`phase`,cve_db.`phase_date`,cve_db.`desc` " . "FROM `sagacity`.`cve_db` " . "LEFT JOIN `sagacity`.`cve` ON cve.`cve_id` = cve_db.`cve_id` " . "WHERE cve.`pdi_id` = " . $this->conn->real_escape_string($pdi_id); if ($res = $this->conn->query($sql)) { - if (!$res->num_rows) { + if (! $res->num_rows) { return null; } while ($row = $res->fetch_assoc()) { @@ -3594,9 +3759,7 @@ class db $cve->set_Phase_Date($row['phase_date']); $cve->set_Description($row['desc']); - $sql = "SELECT itc.`noticeId` " . - "FROM `sagacity`.`iavm_to_cve` itc " . - "WHERE itc.`cve_id`='" . $this->conn->real_escape_string($cve_id) . "'"; + $sql = "SELECT itc.`noticeId` " . "FROM `sagacity`.`iavm_to_cve` itc " . "WHERE itc.`cve_id`='" . $this->conn->real_escape_string($cve_id) . "'"; if ($res2 = $this->conn->query($sql)) { if ($res2->num_rows) { @@ -3606,9 +3769,7 @@ class db } } - $sql = "SELECT `id`,`source`,`url`,`val` " . - "FROM `sagacity`.`cve_references` " . - "WHERE `cve_seq`='" . $this->conn->real_escape_string($cve_id) . "'"; + $sql = "SELECT `id`,`source`,`url`,`val` " . "FROM `sagacity`.`cve_references` " . "WHERE `cve_seq`='" . $this->conn->real_escape_string($cve_id) . "'"; if ($res2 = $this->conn->query($sql)) { while ($row2 = $res2->fetch_assoc()) { @@ -3616,16 +3777,14 @@ class db } $ret[] = $cve; - } - else { + } else { Sagacity_Error::sql_handler($sql); error_log($this->conn->error); } } return $ret; - } - else { + } else { Sagacity_Error::sql_handler($sql); error_log($this->conn->error); } @@ -3637,19 +3796,13 @@ class db * Get a CVE from a external reference * * @param string $ext - * String of the external reference we are looking for + * String of the external reference we are looking for * - * @return cve|NULL - * Returns the CVE that references that external data point or NULL if none found + * @return cve|NULL Returns the CVE that references that external data point or NULL if none found */ public function get_CVE_From_External($ext) { - $sql = "SELECT `cve_seq` " . - "FROM `sagacity`.`cve_references` " . - "WHERE `url` LIKE '%" . $this->conn->real_escape_string($ext) . "%' OR " . - "`val` LIKE '%" . $this->conn->real_escape_string($ext) . "%' " . - "GROUP BY `cve_seq` " . - "ORDER BY `cve_seq` DESC"; + $sql = "SELECT `cve_seq` " . "FROM `sagacity`.`cve_references` " . "WHERE `url` LIKE '%" . $this->conn->real_escape_string($ext) . "%' OR " . "`val` LIKE '%" . $this->conn->real_escape_string($ext) . "%' " . "GROUP BY `cve_seq` " . "ORDER BY `cve_seq` DESC"; if ($res = $this->conn->query($sql)) { if ($res->num_rows) { @@ -3666,10 +3819,9 @@ class db * Update or insert a CVE * * @param array:cve $cves - * Array of CVEs to save to database + * Array of CVEs to save to database * - * @return boolean - * Returns TRUE if successful, otherwise FALSE + * @return boolean Returns TRUE if successful, otherwise FALSE */ public function save_CVE($cves) { @@ -3677,32 +3829,32 @@ class db foreach ($cves as $cve) { $db_cve = $this->get_CVE($cve->get_CVE()); - if (!is_null($db_cve) && is_a($db_cve, 'cve')) { + if (! is_null($db_cve) && is_a($db_cve, 'cve')) { $this->help->update("sagacity.cve_db", array( - 'status' => $cve->get_Status(), - 'phase' => $cve->get_Phase(), + 'status' => $cve->get_Status(), + 'phase' => $cve->get_Phase(), 'phase_date' => $cve->get_Phase_Date(), - 'desc' => $cve->get_Description() - ), array( + 'desc' => $cve->get_Description() + ), array( array( 'field' => 'cve_id', - 'op' => '=', + 'op' => '=', 'value' => $cve->get_CVE() ) )); - if (!$this->help->execute()) { + if (! $this->help->execute()) { $this->help->debug(E_WARNING); return false; } - if (!$db_cve->get_PDI_ID() && $cve->get_PDI_ID()) { + if (! $db_cve->get_PDI_ID() && $cve->get_PDI_ID()) { $this->help->insert("sagacity.cve", array( 'pdi_id' => $cve->get_PDI_ID(), 'cve_id' => $cve->get_CVE() )); - if (!$this->help->execute()) { + if (! $this->help->execute()) { $this->help->debug(E_WARNING); return false; } @@ -3710,7 +3862,7 @@ class db $vals = []; foreach ($cve->get_References() as $ref) { - if (!$db_cve->ref_Exists($ref->get_Value())) { + if (! $db_cve->ref_Exists($ref->get_Value())) { $vals[] = [ $cve->get_CVE(), $ref->get_Source(), @@ -3721,24 +3873,28 @@ class db } if (is_array($vals) && count($vals)) { - $this->help->extended_insert("cve_references", ['cve_seq', 'source', 'url', 'val'], $vals, true); - if (!$this->help->execute()) { + $this->help->extended_insert("cve_references", [ + 'cve_seq', + 'source', + 'url', + 'val' + ], $vals, true); + if (! $this->help->execute()) { $this->help->debug(E_WARNING); return false; } } - } - else { + } else { $this->help->insert("cve_db", [ - 'cve_id' => $cve->get_CVE(), - 'seq' => $cve->get_Sequence(), - 'status' => $cve->get_Status(), - 'phase' => $cve->get_Phase(), + 'cve_id' => $cve->get_CVE(), + 'seq' => $cve->get_Sequence(), + 'status' => $cve->get_Status(), + 'phase' => $cve->get_Phase(), 'phase_date' => $cve->get_Phase_Date(), - 'desc' => $cve->get_Description() - ], true); + 'desc' => $cve->get_Description() + ], true); - if (!$this->help->execute()) { + if (! $this->help->execute()) { $this->help->debug(E_WARNING); return false; } @@ -3747,9 +3903,9 @@ class db $this->help->insert("sagacity.cve", [ 'pdi_id' => $cve->get_PDI_ID(), 'cve_id' => $cve->get_CVE() - ], true); + ], true); - if (!$this->help->execute()) { + if (! $this->help->execute()) { $this->help->debug(E_WARNING); return false; } @@ -3767,8 +3923,13 @@ class db } if (is_array($ref_vals) && count($ref_vals)) { - $this->help->extended_insert("cve_references", ['cve_seq', 'source', 'url', 'val'], $ref_vals, true); - if (!$this->help->execute()) { + $this->help->extended_insert("cve_references", [ + 'cve_seq', + 'source', + 'url', + 'val' + ], $ref_vals, true); + if (! $this->help->execute()) { $this->help->debug(E_WARNING); return false; } @@ -3778,8 +3939,8 @@ class db if ($cve->get_XML()) { $this->help->insert("cve_web", [ 'cve_id' => $cve->get_CVE(), - 'xml' => $cve->get_XML() - ], true); + 'xml' => $cve->get_XML() + ], true); $this->help->execute(); } @@ -3796,39 +3957,35 @@ class db * Get an eChecklist for a checklist and list of targets * * @param mixed $ref - * The reference to search for (can consist of any data that is referenced in an eChecklist line + * The reference to search for (can consist of any data that is referenced in an eChecklist line * @param integer $chk_id * - * @return NULL|echecklist - * Returns eChecklist for associated checklists and reference + * @return NULL|echecklist Returns eChecklist for associated checklists and reference */ public function get_eChecklist($ref, $chk_id) { - $ret = null; + $ret = null; $where = []; if (is_a($ref, "stig")) { $where[] = [ 'field' => 's.stig_id', - 'op' => '=', + 'op' => '=', 'value' => $ref->get_ID() ]; - } - elseif (is_a($ref, "golddisk")) { + } elseif (is_a($ref, "golddisk")) { $where[] = [ 'field' => 'v.vms_id', - 'op' => '=', + 'op' => '=', 'value' => $ref->get_ID() ]; - } - elseif (is_a($ref, "pdi")) { + } elseif (is_a($ref, "pdi")) { $where[] = [ 'field' => 'pdi.id', - 'op' => '=', + 'op' => '=', 'value' => $ref->get_ID() ]; - } - else { + } else { error_log("No reference to search for"); return $ret; } @@ -3839,17 +3996,19 @@ class db "v.vms_id", "pdi.short_title", "IF(pdi.cat=1,'I',IF(pdi.cat=2,'II',IF(pdi.cat=3,'III',''))) as 'cat'" - ], $where, [ + ], $where, [ 'table_joins' => [ "LEFT JOIN stigs s ON s.pdi_id = pdi.id", "LEFT JOIN golddisk v ON v.pdi_id = pdi.id" ], - 'group' => 's.stig_id' + 'group' => 's.stig_id' ]); $rows = $this->help->execute(); if (is_array($rows) && count($rows) && isset($rows['pdi_id'])) { - $rows = [0 => $rows]; + $rows = [ + 0 => $rows + ]; } if (is_array($rows) && count($rows) && isset($rows[0])) { @@ -3857,23 +4016,25 @@ class db $ret = new echecklist($row['stig_id'], $row['vms_id'], $row['cat'], null, $row['short_title'], null, null, null, null); $ret->set_PDI_ID($row['pdi_id']); - $this->help->select("pdi_checklist_lookup pcl", ['pcl.check_contents'], [ + $this->help->select("pdi_checklist_lookup pcl", [ + 'pcl.check_contents' + ], [ [ 'field' => 'pcl.checklist_id', - 'op' => IN, + 'op' => IN, 'value' => (is_array($chk_id) ? implode(",", $chk_id) : $chk_id) ], [ - 'field' => 'pcl.pdi_id', - 'op' => '=', - 'value' => $row['pdi_id'], + 'field' => 'pcl.pdi_id', + 'op' => '=', + 'value' => $row['pdi_id'], 'sql_op' => 'AND' ] - ], [ + ], [ 'table_joins' => [ "JOIN sagacity.checklist c ON c.id = pcl.checklist_id" ], - 'order' => "FIELD(c.`type`, 'manual', 'iavm', 'policy', 'benchmark')" + 'order' => "FIELD(c.`type`, 'manual', 'iavm', 'policy', 'benchmark')" ]); $row2 = $this->help->execute(); @@ -3898,26 +4059,23 @@ class db public function get_Filters($type, $name = null) { $ret = []; - $sql = "SELECT `type`, `name`, `criteria` " . - "FROM `sagacity`.`search_filters` " . - "WHERE `type` = '" . $this->conn->real_escape_string($type) . "'"; + $sql = "SELECT `type`, `name`, `criteria` " . "FROM `sagacity`.`search_filters` " . "WHERE `type` = '" . $this->conn->real_escape_string($type) . "'"; - if (!is_null($name)) { + if (! is_null($name)) { $sql .= " AND `name` = '" . $this->conn->real_escape_string($name) . "'"; } if ($res = $this->conn->query($sql)) { while ($row = $res->fetch_assoc()) { $ret[] = array( - 'type' => $row['type'], - 'name' => $row['name'], + 'type' => $row['type'], + 'name' => $row['name'], 'criteria' => $row['criteria'] ); } return $ret; - } - else { + } else { error_log($this->conn->error); Sagacity_Error::sql_handler($sql); } @@ -3937,12 +4095,12 @@ class db public function save_Filter($type, $name, $criteria) { $this->help->insert("sagacity.search_filters", [ - 'name' => $name, - 'type' => $type, + 'name' => $name, + 'type' => $type, 'criteria' => $criteria ]); - if (!$this->help->execute()) { + if (! $this->help->execute()) { $this->help->debug(E_WARNING); return false; } @@ -3956,89 +4114,92 @@ class db * Get finding(s) for a specific target from the database * * @param target $tgt - * The target that we want findings for - * @param stig|golddisk|iavm|nessus $ref [optional] - * Get a finding associated with a specific PDI (default null) - * @param scan $scan [optional] - * Get findings associated with a specific scan (default null) - * @param boolean $orphan_only [optional] - * Only retrieve orphaned findings (default false) - * @param string $status [optional] - * Limit the retrieval to findings with this status (default null) + * The target that we want findings for + * @param stig|golddisk|iavm|nessus $ref + * [optional] + * Get a finding associated with a specific PDI (default null) + * @param scan $scan + * [optional] + * Get findings associated with a specific scan (default null) + * @param boolean $orphan_only + * [optional] + * Only retrieve orphaned findings (default false) + * @param string $status + * [optional] + * Limit the retrieval to findings with this status (default null) * - * @return array:finding|NULL - * Returns array of findings + * @return array:finding|NULL Returns array of findings */ public function get_Finding($tgt, $ref = null, $scan = null, $orphan_only = false, $status = null) { - $ret = null; + $ret = null; $where = [ [ 'field' => 'tgt_id', - 'op' => '=', + 'op' => '=', 'value' => $tgt->get_ID() ] ]; - if (!is_null($scan)) { + if (! is_null($scan)) { $where[] = [ - 'field' => 'scan_id', - 'op' => '=', - 'value' => $scan->get_ID(), + 'field' => 'scan_id', + 'op' => '=', + 'value' => $scan->get_ID(), 'sql_op' => 'AND' ]; } - if (!is_null($ref) && method_exists($ref, 'get_PDI_ID')) { + if (! is_null($ref) && method_exists($ref, 'get_PDI_ID')) { $where[] = [ - 'field' => 'pdi_id', - 'op' => '=', - 'value' => $ref->get_PDI_ID(), + 'field' => 'pdi_id', + 'op' => '=', + 'value' => $ref->get_PDI_ID(), 'sql_op' => 'AND' ]; } $this->help->select("sagacity.findings", null, $where); - if (!is_null($status)) { + if (! is_null($status)) { $this->help->sql = "SELECT " . - "f.`id`, {$tgt->get_ID()} as 'tgt_id', pdi.`id` as 'pdi_id', f.`scan_id`, " . - "f.`notes`, f.`change_id`, f.`orig_src`, f.`finding_itr`, f.`cat`, " . - "IF(f.`findings_status_id` IS NOT NULL, " . - "f.`findings_status_id`, " . - "(SELECT fs.`id` " . - "FROM `sagacity`.`findings_status` fs " . - "WHERE fs.`status` = '{$this->conn->real_escape_string($status)}')" . - ") as 'findings_status' " . - "FROM `sagacity`.`pdi_catalog` pdi " . - "LEFT JOIN `sagacity`.`pdi_checklist_lookup` lookup ON lookup.`pdi_id` = pdi.`id` " . - "LEFT JOIN `sagacity`.`target_checklist` tc ON tc.`chk_id` = lookup.`checklist_id` " . - "LEFT JOIN `sagacity`.`findings` f ON f.`pdi_id` = pdi.`id` AND " . - "f.`tgt_id` = {$this->conn->real_escape_string($tgt->get_ID())} " . - "WHERE tc.`tgt_id` = {$tgt->get_ID()} AND " . - "(f.`findings_status_id` = (" . - "SELECT fs.`id` " . - "FROM `sagacity`.`findings_status` fs " . - "WHERE fs.`status` = '{$this->conn->real_escape_string($status)}'" . - ") OR " . - "f.`findings_status_id` IS NULL) " . - "GROUP BY pdi.id"; + "f.`id`, {$tgt->get_ID()} as 'tgt_id', pdi.`id` as 'pdi_id', f.`scan_id`, " . + "f.`notes`, f.`change_id`, f.`orig_src`, f.`finding_itr`, f.`cat`, " . + "IF(f.`findings_status_id` IS NOT NULL, " . + "f.`findings_status_id`, " . + "(SELECT fs.`id` " . + "FROM `sagacity`.`findings_status` fs " . + "WHERE fs.`status` = '{$this->conn->real_escape_string($status)}')" . + ") as 'findings_status' " . + "FROM `sagacity`.`pdi_catalog` pdi " . + "LEFT JOIN `sagacity`.`pdi_checklist_lookup` lookup ON lookup.`pdi_id` = pdi.`id` " . + "LEFT JOIN `sagacity`.`target_checklist` tc ON tc.`chk_id` = lookup.`checklist_id` " . + "LEFT JOIN `sagacity`.`findings` f ON f.`pdi_id` = pdi.`id` AND f.`tgt_id` = {$tgt->get_ID()} " . + "WHERE tc.`tgt_id` = {$tgt->get_ID()} AND " . + "(f.`findings_status_id` = (" . + "SELECT fs.`id` " . + "FROM `sagacity`.`findings_status` fs " . + "WHERE fs.`status` = '{$this->conn->real_escape_string($status)}'" . ") OR " . + "f.`findings_status_id` IS NULL) " . + "GROUP BY pdi.id"; } if ($orphan_only) { - $this->help->select("sagacity.findings f", ['f.*'], [ + $this->help->select("sagacity.findings f", [ + 'f.*' + ], [ [ 'field' => 'f.tgt_id', - 'op' => '=', + 'op' => '=', 'value' => $tgt->get_ID() ], [ - 'field' => 'c.name', - 'op' => '=', - 'value' => 'Orphan', + 'field' => 'c.name', + 'op' => '=', + 'value' => 'Orphan', 'sql_op' => 'AND' ] - ], [ + ], [ 'table_joins' => [ "LEFT JOIN pdi_checklist_lookup pcl ON f.pdi_id=pcl.pdi_id", "LEFT JOIN target_checklist tc ON tc.chk_id=pcl.checklist_id", @@ -4049,42 +4210,57 @@ class db $rows = $this->help->execute(); if (is_array($rows) && count($rows) && isset($rows['pdi_id'])) { - $rows = [0 => $rows]; + $rows = [ + 0 => $rows + ]; } if (is_array($rows) && count($rows) && isset($rows[0])) { foreach ($rows as $row) { - $find = new finding($row['id'], $row['tgt_id'], $row['pdi_id'], $row['scan_id'], $row['findings_status_id'], $row['notes'], $row['change_id'], $row['orig_src'], $row['finding_itr']); + $find = new finding($row['tgt_id'], $row['pdi_id'], $row['scan_id'], $row['findings_status_id'], $row['notes'], $row['change_id'], $row['orig_src'], $row['finding_itr']); $find->set_Category($row['cat']); - $this->help->select("finding_controls", ['ia_control'], [ + $this->help->select("finding_controls", [ + 'ia_control' + ], [ [ - 'field' => 'finding_id', - 'op' => '=', - 'value' => $row['id'] + 'field' => 'tgt_id', + 'op' => '=', + 'value' => $row['tgt_id'] + ], + [ + 'field' => 'pdi_id', + 'op' => '=', + 'value' => $row['pdi_id'], + 'sql_op' => 'AND' ] ]); $rows2 = $this->help->execute(); if (is_array($rows2) && count($rows2) && isset($rows2['ia_control'])) { - $rows2 = [0 => $rows2]; + $rows2 = [ + 0 => $rows2 + ]; } if (is_array($rows2) && count($rows2) && isset($rows2[0])) { foreach ($rows2 as $row2) { $find->add_IA_Control($row2['ia_control']); } - } - else { - $this->help->select("ia_controls", ["CONCAT(`type`, '-', `type_id`) AS 'ia_control'"], [ + } else { + $this->help->select("ia_controls", [ + "CONCAT(`type`, '-', `type_id`) AS 'ia_control'" + ], [ [ 'field' => 'pdi_id', - 'op' => '=', + 'op' => '=', 'value' => $row['pdi_id'] ] ]); $rows2 = $this->help->execute(); if (is_array($rows2) && count($rows2) && isset($rows2['ia_control'])) { - $rows2 = [0 => $rows2]; + $rows2 = [ + 0 => $rows2 + ]; } if (is_array($rows2) && count($rows2) && isset($rows2[0])) { foreach ($rows2 as $row2) { @@ -4110,45 +4286,46 @@ class db */ public function get_Findings_by_Control($ste, $ia_ctrl, $status = null) { - if (!is_null($status)) { + if (! is_null($status)) { if ($status == "Open") { $status = " AND (fs.`status` = 'Open' OR fs.`status` = 'Exception')"; - } - else { + } else { $status = " AND fs.`status` = '" . $this->conn->real_escape_string($status) . "'"; } } - $sql = "SELECT " . - "f.`id`, f.`tgt_id`, f.`pdi_id`, f.`scan_id`, f.`findings_status_id` as 'findings_status', " . - "f.`notes`, f.`change_id`, f.`orig_src`, f.`finding_itr`, f.`cat` " . - "FROM `sagacity`.`findings` f " . - "JOIN `sagacity`.`findings_status` fs ON f.`findings_status_id` = fs.`id` " . - "JOIN `sagacity`.`stigs` s ON s.`pdi_id` = f.`pdi_id` " . - "JOIN `sagacity`.`target` t ON t.`id` = f.`tgt_id` " . - "JOIN `sagacity`.`finding_controls` fc ON fc.`finding_id` = f.`id` " . - "WHERE t.`ste_id` = " . $ste->get_ID() . " AND " . - "fc.`ia_control` = '" . $this->conn->real_escape_string($ia_ctrl->get_Control_ID()) . "'" . - (!is_null($status) ? $status : "") . " " . - "GROUP BY f.`pdi_id` " . - "ORDER BY f.`cat`, s.`stig_id`" - ; + $sql = <<get_ID()} AND + fc.`ia_control` = '{$this->conn->real_escape_string($ia_ctrl->get_Control_ID())}' + $status +GROUP BY f.`pdi_id` +ORDER BY f.`cat`, s.`stig_id` + +EOQ; if ($res = $this->conn->query($sql)) { $ret = []; while ($row = $res->fetch_assoc()) { - $find = new finding($row['id'], $row['tgt_id'], $row['pdi_id'], $row['scan_id'], $row['findings_status'], $row['notes'], $row['change_id'], $row['orig_src'], $row['finding_itr']); + $find = new finding($row['tgt_id'], $row['pdi_id'], $row['scan_id'], $row['findings_status'], $row['notes'], $row['change_id'], $row['orig_src'], $row['finding_itr']); $find->set_Category($row['cat']); - $sql2 = "SELECT `ia_control` FROM `sagacity`.`finding_controls` WHERE `finding_id` = " . $row['id']; + $sql2 = "SELECT `ia_control` FROM `sagacity`.`finding_controls` WHERE `tgt_id` = {$row['tgt_id']} AND `pdi_id` = {$row['pdi_id']}"; if ($res2 = $this->conn->query($sql2)) { if ($res2->num_rows) { while ($row2 = $res2->fetch_assoc()) { $find->add_IA_Control($row2['ia_control']); } - } - else { + } else { $sql2 = "SELECT CONCAT(`type`, '-', `type_id`) AS 'ia_control' FROM `sagacity`.`ia_controls` WHERE `pdi_id` = " . $row['pdi_id']; if ($res2 = $this->conn->query($sql2)) { while ($row2 = $res2->fetch_assoc()) { @@ -4162,8 +4339,7 @@ class db } return $ret; - } - else { + } else { Sagacity_Error::sql_handler($sql); error_log($this->conn->error); } @@ -4180,12 +4356,16 @@ class db */ public function get_Affected_Hosts_by_PDI($ste, $pdi) { - $sql = "SELECT (SELECT GROUP_CONCAT(DISTINCT t.`name` SEPARATOR ', ')) AS 'name' " . - "FROM `sagacity`.`findings` f " . - "JOIN `sagacity`.`target` t ON f.`tgt_id` = t.`id` " . - "WHERE t.`ste_id` = " . $ste->get_ID() . " AND " . - "f.`pdi_id` = " . $pdi->get_ID() - ; + $sql = <<get_ID()} AND + f.`pdi_id` = {$pdi->get_ID()} + +EOQ; if ($res = $this->conn->query($sql)) { return $res->fetch_assoc()['name']; @@ -4206,23 +4386,22 @@ class db $ret = []; $this->help->create_table("unaccounted_for_findings", [ [ - 'field' => 'pdi_id', + 'field' => 'pdi_id', 'datatype' => 'int(11)', - 'option' => 'UNIQUE NOT NULL' + 'option' => 'UNIQUE NOT NULL' ] ]); $this->help->execute(); $sql = "INSERT IGNORE INTO `unaccounted_for_findings` (`pdi_id`) SELECT DISTINCT(f.`pdi_id`) " . "FROM `findings` f JOIN `target` t ON t.`id` = f.`tgt_id` " . - "WHERE t.`ste_id` = " . $ste->get_ID(); + "WHERE t.`ste_id` = {$ste->get_ID()}"; $this->conn->real_query($sql); $class = 'cl'; if ($ste->get_System()->get_Classification() == 'Public') { $class = 'pub'; - } - elseif ($ste->get_System()->get_Classification() == 'Sensitive') { + } elseif ($ste->get_System()->get_Classification() == 'Sensitive') { $class = 'sen'; } @@ -4230,8 +4409,8 @@ class db "FROM `proc_level_type` plt " . "JOIN `ia_controls` ia ON CONCAT(ia.`type`, '-', ia.`type_id`) = plt.`proc_control` " . "WHERE " . - "plt.`level` = " . $ste->get_System()->get_MAC() . " AND " . - "plt.`class` = '$class')"; + "plt.`level` = {$ste->get_System()->get_MAC()} AND " . + "plt.`class` = '$class')"; $this->conn->real_query($sql); $sql = "SELECT s.`stig_id` FROM `unaccounted_for_findings` uaf JOIN `stigs` s ON s.`pdi_id` = uaf.`pdi_id`"; @@ -4242,7 +4421,7 @@ class db if (is_array($stig) && count($stig) && isset($stig[0]) && is_a($stig[0], 'stig')) { $stig = $stig[0]; } - if (!preg_match("/^\d{5}$/", $stig->get_ID())) { + if (! preg_match("/^\d{5}$/", $stig->get_ID())) { $ret[] = $stig; } } @@ -4255,16 +4434,17 @@ class db * Get count of all findings with the status passed in * * @param integer $cat_id - * The category we are searching + * The category we are searching * @param string $status - * The status to look for - * @param integer $cat [optional] - * The CAT/severity level - * @param proc_ia_controls $ctrl [optional] - * A IA control to filter for + * The status to look for + * @param integer $cat + * [optional] + * The CAT/severity level + * @param proc_ia_controls $ctrl + * [optional] + * A IA control to filter for * - * @return integer - * Returns the number of findings in the category that have the passed in status, severity, and control + * @return integer Returns the number of findings in the category that have the passed in status, severity, and control */ public function get_Finding_Count_By_Status($cat_id, $status, $cat = null, $ctrl = null) { @@ -4274,8 +4454,8 @@ class db "LEFT JOIN findings f ON f.pdi_id = pcl.pdi_id AND t.id = f.tgt_id", "LEFT JOIN findings_status fs ON fs.id = f.findings_status_id" ]; - if (!is_null($ctrl)) { - $joins[] = "JOIN finding_controls fc ON fc.finding_id = f.id"; + if (! is_null($ctrl)) { + $joins[] = "JOIN finding_controls fc ON fc.tgt_id = f.tgt_id AND fc.pdi_id = f.pdi_id"; } $where = [ @@ -4284,46 +4464,47 @@ class db 'value' => $cat_id ], [ - 'field' => 'fs.status', - 'value' => $status, - 'sql_op' => 'AND', + 'field' => 'fs.status', + 'value' => $status, + 'sql_op' => 'AND', 'open-paren' => true ] ]; if ($status == 'Not Reviewed') { $where[] = [ - 'field' => 'fs.status', - 'op' => IS, - 'value' => null, - 'sql_op' => 'OR', + 'field' => 'fs.status', + 'op' => IS, + 'value' => null, + 'sql_op' => 'OR', 'close-paren' => true ]; - } - else { + } else { $where[] = [ 'close-paren' => true ]; } - if (!is_null($cat) && is_numeric($cat)) { + if (! is_null($cat) && is_numeric($cat)) { $where[] = [ - 'field' => 'f.cat', - 'value' => $cat, + 'field' => 'f.cat', + 'value' => $cat, 'sql_op' => 'AND' ]; } - if (!is_null($ctrl) && is_a($ctrl, 'proc_ia_controls')) { + if (! is_null($ctrl) && is_a($ctrl, 'proc_ia_controls')) { $where[] = [ - 'field' => 'fc.ia_control', - 'value' => $ctrl->get_Control_ID(), + 'field' => 'fc.ia_control', + 'value' => $ctrl->get_Control_ID(), 'sql_op' => 'AND' ]; } - $field = ($status == 'Not Reviewed' ? "COUNT(DISTINCT(pcl.pdi_id)) AS 'count'" : "COUNT(DISTINCT(f.id)) AS 'count'"); - $this->help->select_count("target t", $where, ['table_joins' => $joins]); + $field = ($status == 'Not Reviewed' ? "COUNT(DISTINCT(pcl.pdi_id)) AS 'count'" : "COUNT(DISTINCT(f.id)) AS 'count'"); + $this->help->select_count("target t", $where, [ + 'table_joins' => $joins + ]); $this->help->sql = str_replace("COUNT(1) AS 'count'", $field, $this->help->sql); $cnt = $this->help->execute(); @@ -4335,8 +4516,8 @@ class db "JOIN target t ON t.id = f.tgt_id" ]; - if (!is_null($ctrl) && is_a($ctrl, 'proc_ia_controls')) { - $joins[] = "JOIN finding_controls fc ON fc.finding_id = f.id"; + if (! is_null($ctrl) && is_a($ctrl, 'proc_ia_controls')) { + $joins[] = "JOIN finding_controls fc ON fc.tgt_id = f.tgt_id AND fc.pdi_id = f.pdi_id"; } $where = [ @@ -4345,50 +4526,51 @@ class db 'value' => $cat_id ], [ - 'field' => 'c.name', - 'value' => 'Orphan', + 'field' => 'c.name', + 'value' => 'Orphan', 'sql_op' => 'AND' ], [ - 'field' => 'fs.status', - 'value' => $status, - 'sql_op' => 'AND', + 'field' => 'fs.status', + 'value' => $status, + 'sql_op' => 'AND', 'open-paren' => true ] ]; if ($status == 'Not Reviewed') { $where[] = [ - 'field' => 'fs.status', - 'op' => IS, - 'value' => null, - 'sql_op' => 'OR', + 'field' => 'fs.status', + 'op' => IS, + 'value' => null, + 'sql_op' => 'OR', 'close-paren' => true ]; - } - else { - $where[] =[ + } else { + $where[] = [ 'close-paren' => true ]; } - if (!is_null($cat) && is_numeric($cat)) { + if (! is_null($cat) && is_numeric($cat)) { $where[] = [ - 'field' => 'f.cat', - 'value' => $cat, + 'field' => 'f.cat', + 'value' => $cat, 'sql_op' => 'AND' ]; } - if (!is_null($ctrl) && is_a($ctrl, 'proc_ia_controls')) { + if (! is_null($ctrl) && is_a($ctrl, 'proc_ia_controls')) { $where[] = [ - 'field' => 'fc.ia_control', - 'value' => $ctrl->get_Control_ID(), + 'field' => 'fc.ia_control', + 'value' => $ctrl->get_Control_ID(), 'sql_op' => 'AND' ]; } - $this->help->select_count("checklist c", $where, array('table_joins' => $joins)); + $this->help->select_count("checklist c", $where, array( + 'table_joins' => $joins + )); $this->help->sql = str_replace("COUNT(1) AS 'count'", $field, $this->help->sql); $cnt += $this->help->execute(); @@ -4400,55 +4582,66 @@ class db * Get count of all findings with the status passed in * * @param ste $ste - * The category we are searching + * The category we are searching * @param string $status - * The status to look for + * The status to look for * @param integer $cat - * The CAT/severity level + * The CAT/severity level * @param proc_ia_controls $ctrl - * A IA control to filter for + * A IA control to filter for * - * @return integer - * Returns the number of findings with status + * @return integer Returns the number of findings with status */ public function get_STE_Finding_Count_By_Status($ste, $status, $cat = null, $ctrl = null) { - $sql = "SELECT " . - ($status == 'Not Reviewed' ? "(SELECT COUNT(DISTINCT(pcl.`pdi_id`))" : "(SELECT COUNT(DISTINCT(f.`id`))") . - "FROM `sagacity`.`target` t " . - "LEFT JOIN `sagacity`.`target_checklist` tc ON t.`id` = tc.`tgt_id` " . - "LEFT JOIN `sagacity`.`pdi_checklist_lookup` pcl ON pcl.`checklist_id` = tc.`chk_id` " . - "LEFT JOIN `sagacity`.`findings` f ON f.`pdi_id` = pcl.`pdi_id` AND t.`id` = f.`tgt_id` " . - "LEFT JOIN `sagacity`.`findings_status` fs ON fs.`id` = f.`findings_status_id` " . - (!is_null($ctrl) ? "JOIN `sagacity`.`finding_controls` fc ON fc.`finding_id` = f.`id` " : "") . - "WHERE t.`ste_id` = " . $this->conn->real_escape_string($ste->get_ID()) . " AND " . - "(fs.`status` = '" . $this->conn->real_escape_string($status) . "' " . - ($status == 'Not Reviewed' ? " OR fs.`status` IS NULL" : "") . - ") " . - (!is_null($cat) ? "AND f.`cat` = $cat " : "") . - (!is_null($ctrl) ? "AND fc.`ia_control` = '" . $ctrl->get_Control_ID() . "' " : "") . - ")" . - " + " . - ($status == 'Not Reviewed' ? "(SELECT COUNT(DISTINCT(pcl.`pdi_id`))" : "(SELECT COUNT(DISTINCT(f.`id`))") . - "FROM `sagacity`.`checklist` c " . - "LEFT JOIN `sagacity`.`pdi_checklist_lookup` pcl ON pcl.`checklist_id` = c.`id` " . - "LEFT JOIN `sagacity`.`findings` f ON f.`pdi_id` = pcl.`pdi_id` " . - "LEFT JOIN `sagacity`.`findings_status` fs ON f.`findings_status_id` = fs.`id` " . - "JOIN `sagacity`.`target` t ON t.`id` = f.`tgt_id` " . - (!is_null($ctrl) ? "JOIN `sagacity`.`finding_controls` fc ON fc.`finding_id` = f.`id` " : "") . - "WHERE t.`ste_id` = " . $this->conn->real_escape_string($ste->get_ID()) . " AND " . - "c.`name` = 'Orphan' AND " . - "(fs.`status` = '" . $this->conn->real_escape_string($status) . "' " . - ($status == 'Not Reviewed' ? " OR fs.`status` IS NULL" : "") . - ") " . - (!is_null($cat) ? "AND f.`cat` = $cat " : "") . - (!is_null($ctrl) ? "AND fc.`ia_control` = '" . $ctrl->get_Control_ID() . "' " : "") . - ") AS 'sum_count'"; + $field = ($status == 'Not Reviewed' ? "SELECT COUNT(DISTINCT(pcl.`pdi_id`))" : "SELECT COUNT(DISTINCT(f.`id`))"); + $ctrl_join = (! is_null($ctrl) ? "JOIN `sagacity`.`finding_controls` fc ON fc.`tgt_id` = f.`tgt_id` AND fc.`pdi_id` = f.`pdi_id` " : ""); + $status_clause = ($status == 'Not Reviewed' ? " OR fs.`status` IS NULL" : ""); + $cat_clause = (! is_null($cat) ? "AND f.`cat` = $cat " : ""); + $ctrl_clause = (! is_null($ctrl) ? "AND fc.`ia_control` = '{$ctrl->get_Control_ID()}' " : ""); + $sql = <<conn->real_escape_string($ste->get_ID())} AND + ( + fs.`status` = '{$this->conn->real_escape_string($status)}' + $status_clause + ) + $cat_clause + $ctrl_clause +) + + +( + $field + FROM `sagacity`.`checklist` c + LEFT JOIN `sagacity`.`pdi_checklist_lookup` pcl ON pcl.`checklist_id` = c.`id` + LEFT JOIN `sagacity`.`findings` f ON f.`pdi_id` = pcl.`pdi_id` + LEFT JOIN `sagacity`.`findings_status` fs ON f.`findings_status_id` = fs.`id` + JOIN `sagacity`.`target` t ON t.`id` = f.`tgt_id` + $ctrl_join + WHERE + t.`ste_id` = {$this->conn->real_escape_string($ste->get_ID())} AND + c.`name` = 'Orphan' AND + ( + fs.`status` = '{$this->conn->real_escape_string($status)}' + $status_clause + ) + $cat_clause + $ctrl_clause +) AS 'sum_count' + +EOQ; if ($res = $this->conn->query($sql)) { return $res->fetch_assoc()['sum_count']; - } - else { + } else { return 0; } } @@ -4457,61 +4650,60 @@ class db * Get count of all findings with the status passed in * * @param target $tgt - * The target we are searching + * The target we are searching * @param string $status - * The status to look for - * @param integer $cat [optional] - * The CAT/severity level - * @param proc_ia_controls $ctrl [optional] - * A IA control to filter for - * @param array $chk_ids [optional] - * @param boolean $is_orphan [optional] + * The status to look for + * @param integer $cat + * [optional] + * The CAT/severity level + * @param proc_ia_controls $ctrl + * [optional] + * A IA control to filter for + * @param array $chk_ids + * [optional] + * @param boolean $is_orphan + * [optional] * - * @return integer - * Returns the number of findings with status 'False Positives' + * @return integer Returns the number of findings with status 'False Positives' */ public function get_Host_Finding_Count_By_Status($tgt, $status, $cat = null, $ctrl = null, $chk_ids = null, $is_orphan = false) { - if (!$is_orphan) { + if (! $is_orphan) { $sql = "SELECT (SELECT COUNT(DISTINCT(pcl.`pdi_id`)) " . - "FROM `sagacity`.`target` t " . - "LEFT JOIN `sagacity`.`target_checklist` tc ON t.`id` = tc.`tgt_id` " . - "LEFT JOIN `sagacity`.`pdi_checklist_lookup` pcl ON pcl.`checklist_id` = tc.`chk_id` " . - "LEFT JOIN `sagacity`.`findings` f ON f.`pdi_id` = pcl.`pdi_id` AND t.`id` = f.`tgt_id` " . - "LEFT JOIN `sagacity`.`findings_status` fs ON fs.`id` = f.`findings_status_id` " . - (!is_null($ctrl) ? "JOIN `sagacity`.`finding_controls` fc ON fc.`finding_id` = f.`id` " : "") . - "WHERE t.`id` = " . $this->conn->real_escape_string($tgt->get_ID()) . " AND " . - "(fs.`status` = '" . $this->conn->real_escape_string($status) . "' " . - ($status == 'Not Reviewed' ? " OR fs.`status` IS NULL" : "") . - ") " . - (!is_null($cat) ? "AND f.`cat` = $cat " : "") . - (!is_null($ctrl) ? "AND fc.`ia_control` = '" . $ctrl->get_Control_ID() . "' " : "") . - (!is_null($chk_ids) ? "AND pcl.`checklist_id` IN (" . implode(", ", $chk_ids) . ") " : "") . - ")"; - } - else { + "FROM `sagacity`.`target` t " . + "LEFT JOIN `sagacity`.`target_checklist` tc ON t.`id` = tc.`tgt_id` " . + "LEFT JOIN `sagacity`.`pdi_checklist_lookup` pcl ON pcl.`checklist_id` = tc.`chk_id` " . + "LEFT JOIN `sagacity`.`findings` f ON f.`pdi_id` = pcl.`pdi_id` AND t.`id` = f.`tgt_id` " . + "LEFT JOIN `sagacity`.`findings_status` fs ON fs.`id` = f.`findings_status_id` " . + (! is_null($ctrl) ? "JOIN `sagacity`.`finding_controls` fc ON fc.`tgt_id` = f.`tgt_id` AND fc.`pdi_id` = f.`pdi_id` " : "") . + "WHERE t.`id` = {$this->conn->real_escape_string($tgt->get_ID())} AND " . + "(fs.`status` = '{$this->conn->real_escape_string($status)}' " . + ($status == 'Not Reviewed' ? " OR fs.`status` IS NULL" : "") . ") " . + (! is_null($cat) ? "AND f.`cat` = $cat " : "") . + (! is_null($ctrl) ? "AND fc.`ia_control` = '{$ctrl->get_Control_ID()}' " : "") . + (! is_null($chk_ids) ? "AND pcl.`checklist_id` IN (" . implode(", ", $chk_ids) . ") " : "") . + ")"; + } else { $sql = "SELECT (SELECT COUNT(DISTINCT(pcl.`pdi_id`)) " . - "FROM `sagacity`.`checklist` c " . - "LEFT JOIN `sagacity`.`pdi_checklist_lookup` pcl ON pcl.`checklist_id` = c.`id` " . - "LEFT JOIN `sagacity`.`findings` f ON f.`pdi_id` = pcl.`pdi_id` " . - "LEFT JOIN `sagacity`.`findings_status` fs ON f.`findings_status_id` = fs.`id` " . - "JOIN `sagacity`.`target` t ON t.`id` = f.`tgt_id` " . - (!is_null($ctrl) ? "JOIN `sagacity`.`finding_controls` fc ON fc.`finding_id` = f.`id` " : "") . - "WHERE t.`id` = " . $this->conn->real_escape_string($tgt->get_ID()) . " AND " . - "c.`name` = 'Orphan' AND " . - "(fs.`status` = '" . $this->conn->real_escape_string($status) . "' " . - ($status == 'Not Reviewed' ? " OR fs.`status` IS NULL" : "") . - ") " . - (!is_null($cat) ? "AND f.`cat` = $cat " : "") . - (!is_null($ctrl) ? "AND fc.`ia_control` = '" . $ctrl->get_Control_ID() . "' " : "") . - ")"; + "FROM `sagacity`.`checklist` c " . + "LEFT JOIN `sagacity`.`pdi_checklist_lookup` pcl ON pcl.`checklist_id` = c.`id` " . + "LEFT JOIN `sagacity`.`findings` f ON f.`pdi_id` = pcl.`pdi_id` " . + "LEFT JOIN `sagacity`.`findings_status` fs ON f.`findings_status_id` = fs.`id` " . + "JOIN `sagacity`.`target` t ON t.`id` = f.`tgt_id` " . + (! is_null($ctrl) ? "JOIN `sagacity`.`finding_controls` fc ON fc.`tgt_id` = f.`tgt_id` AND fc.`pdi_id` = f.`pdi_id` " : "") . + "WHERE t.`id` = {$this->conn->real_escape_string($tgt->get_ID())} AND " . + "c.`name` = 'Orphan' AND " . + "(fs.`status` = '{$this->conn->real_escape_string($status)}' " . + ($status == 'Not Reviewed' ? " OR fs.`status` IS NULL" : "") . ") " . + (! is_null($cat) ? "AND f.`cat` = $cat " : "") . + (! is_null($ctrl) ? "AND fc.`ia_control` = '{$ctrl->get_Control_ID()}' " : "") . + ")"; } $sql .= " AS 'sum_count'"; if ($res = $this->conn->query($sql)) { return $res->fetch_assoc()['sum_count']; - } - else { + } else { return 0; } } @@ -4528,85 +4720,44 @@ class db public function get_Control_Finding_Count($ctrl, $ste, $status, $cat = null) { $sql = "SELECT " . - "IFNULL((SELECT COUNT(1) " . - "FROM `target` t " . - "LEFT JOIN `target_checklist` tc ON t.`id` = tc.`tgt_id` " . - "LEFT JOIN `pdi_checklist_lookup` pcl ON pcl.`checklist_id` = tc.`chk_id` " . - "LEFT JOIN `findings` f ON f.`pdi_id` = pcl.`pdi_id` AND t.`id` = f.`tgt_id` " . - "LEFT JOIN `findings_status` fs ON fs.`id` = f.`findings_status_id` " . - "LEFT JOIN `finding_controls` fc ON fc.`finding_id` = f.`id` " . - "WHERE " . - "(fs.`status` = '$status' " . - ($status == 'Open' ? " OR fs.`status` = 'Exception'" : "") . - ($status == 'Not a Finding' ? " OR fs.`status` = 'Not Applicable'" : "") . - ($status == 'Not Reviewed' ? " OR fs.`status` IS NULL" : "") . - ") AND " . - (!is_null($cat) ? "f.`cat` = $cat AND " : "") . - (!is_null($ctrl) ? "fc.`ia_control` = '" . $ctrl->get_Control_ID() . "' AND " : "") . - "t.`ste_id` = $ste " . - "GROUP BY f.`pdi_id`" . - "), 0)" . - " + " . - "IFNULL((SELECT COUNT(1) " . - "FROM `checklist` c " . - "LEFT JOIN `pdi_checklist_lookup` pcl ON pcl.`checklist_id` = c.`id` " . - "LEFT JOIN `findings` f ON f.`pdi_id` = pcl.`pdi_id` " . - "LEFT JOIN `findings_status` fs ON f.`findings_status_id` = fs.`id` " . - "LEFT JOIN `target` t ON t.`id` = f.`tgt_id` " . - "LEFT JOIN `finding_controls` fc ON fc.`finding_id` = f.`id` " . - "WHERE " . - "c.`name` = 'Orphan' AND " . - "(fs.`status` = '$status' " . - ($status == 'Open' ? " OR fs.`status` = 'Exception'" : "") . - ($status == 'Not a Finding' ? " OR fs.`status` = 'Not Applicable'" : "") . - ($status == 'Not Reviewed' ? " OR fs.`status` IS NULL" : "") . - ") AND " . - (!is_null($cat) ? "f.`cat` = $cat AND " : "") . - (!is_null($ctrl) ? "fc.`ia_control` = '" . $ctrl->get_Control_ID() . "' AND " : "") . - "t.`ste_id` = $ste " . - "GROUP BY f.`pdi_id`" . - "), 0) AS 'sum_count'"; - /* - $sql = "SELECT ". - "(SELECT COUNT(DISTINCT(f.`tgt_id`))". - "FROM `targets`.`target` t ". - "LEFT JOIN `targets`.`target_checklist` tc ON t.`id` = tc.`tgt_id` ". - "LEFT JOIN `sagacity`.`pdi_checklist_lookup` pcl ON pcl.`checklist_id` = tc.`chk_id` ". - "LEFT JOIN `sagacity`.`findings` f ON f.`pdi_id` = pcl.`pdi_id` AND t.`id` = f.`tgt_id` ". - "LEFT JOIN `sagacity`.`findings_status` fs ON fs.`id` = f.`findings_status_id` ". - (!is_null($ctrl) ? "JOIN `sagacity`.`finding_controls` fc ON fc.`finding_id` = f.`id` " : ""). - "WHERE t.`ste_id` = ".$this->conn->real_escape_string($ste->get_ID())." AND ". - "(fs.`status` = '".$this->conn->real_escape_string($status)."' ". - ($status == 'Open' ? " OR fs.`status` = 'Exception'" : ""). - ($status == 'Not a Finding' ? " OR fs.`status` = 'Not Applicable'" : ""). - ($status == 'Not Reviewed' ? " OR fs.`status` IS NULL" : ""). - ") ". - (!is_null($ctrl) ? "AND fc.`ia_control` = '".$ctrl->get_Control_ID()."' " : ""). - ")". - - " + ". - - "(SELECT COUNT(DISTINCT(f.`tgt_id`))". - "FROM `sagacity`.`checklist` c ". - "LEFT JOIN `sagacity`.`pdi_checklist_lookup` pcl ON pcl.`checklist_id` = c.`id` ". - "LEFT JOIN `sagacity`.`findings` f ON f.`pdi_id` = pcl.`pdi_id` ". - "LEFT JOIN `sagacity`.`findings_status` fs ON f.`findings_status_id` = fs.`id` ". - "JOIN `targets`.`target` t ON t.`id` = f.`tgt_id` ". - (!is_null($ctrl) ? "JOIN `sagacity`.`finding_controls` fc ON fc.`finding_id` = f.`id` " : ""). - "WHERE t.`ste_id` = ".$this->conn->real_escape_string($ste->get_ID())." AND ". - "c.`name` = 'Orphan' AND ". - "(fs.`status` = '".$this->conn->real_escape_string($status)."' ". - ($status == 'Open' ? " OR fs.`status` = 'Exception'" : ""). - ($status == 'Not a Finding' ? " OR fs.`status` = 'Not Applicable'" : ""). - ($status == 'Not Reviewed' ? " OR fs.`status` IS NULL" : ""). - ") ". - (!is_null($ctrl) ? "AND fc.`ia_control` = '".$ctrl->get_Control_ID()."' " : ""). - ") AS 'sum_count'"; - */ + "IFNULL((SELECT COUNT(1) " . + "FROM `target` t " . + "LEFT JOIN `target_checklist` tc ON t.`id` = tc.`tgt_id` " . + "LEFT JOIN `pdi_checklist_lookup` pcl ON pcl.`checklist_id` = tc.`chk_id` " . + "LEFT JOIN `findings` f ON f.`pdi_id` = pcl.`pdi_id` AND t.`id` = f.`tgt_id` " . + "LEFT JOIN `findings_status` fs ON fs.`id` = f.`findings_status_id` " . + "LEFT JOIN `finding_controls` fc ON fc.`tgt_id` = f.`tgt_id` AND fc.`pdi_id` = f.`pdi_id` " . + "WHERE " . + "(fs.`status` = '$status' " . + ($status == 'Open' ? " OR fs.`status` = 'Exception'" : "") . + ($status == 'Not a Finding' ? " OR fs.`status` = 'Not Applicable'" : "") . + ($status == 'Not Reviewed' ? " OR fs.`status` IS NULL" : "") . + ") AND " . + (! is_null($cat) ? "f.`cat` = $cat AND " : "") . + (! is_null($ctrl) ? "fc.`ia_control` = '{$ctrl->get_Control_ID()}' AND " : "") . + "t.`ste_id` = $ste " . + "GROUP BY f.`pdi_id`" . "), 0)" . + " + " . + "IFNULL((SELECT COUNT(1) " . + "FROM `checklist` c " . + "LEFT JOIN `pdi_checklist_lookup` pcl ON pcl.`checklist_id` = c.`id` " . + "LEFT JOIN `findings` f ON f.`pdi_id` = pcl.`pdi_id` " . + "LEFT JOIN `findings_status` fs ON f.`findings_status_id` = fs.`id` " . + "LEFT JOIN `target` t ON t.`id` = f.`tgt_id` " . + "LEFT JOIN `finding_controls` fc ON fc.`tgt_id` = f.`tgt_id` AND fc.`pdi_id` = f.`pdi_id` " . + "WHERE " . + "c.`name` = 'Orphan' AND " . + "(fs.`status` = '$status' " . + ($status == 'Open' ? " OR fs.`status` = 'Exception'" : "") . + ($status == 'Not a Finding' ? " OR fs.`status` = 'Not Applicable'" : "") . + ($status == 'Not Reviewed' ? " OR fs.`status` IS NULL" : "") . ") AND " . + (! is_null($cat) ? "f.`cat` = $cat AND " : "") . + (! is_null($ctrl) ? "fc.`ia_control` = '{$ctrl->get_Control_ID()}' AND " : "") . + "t.`ste_id` = $ste " . + "GROUP BY f.`pdi_id`" . "), 0) AS 'sum_count'"; if ($res = $this->conn->query($sql)) { return $res->fetch_assoc()['sum_count']; - } - else { + } else { return 0; } } @@ -4621,19 +4772,26 @@ class db */ public function get_Finding_Notes($pdi_id, $tgt_id) { - $sql = "SELECT f.`notes` FROM `sagacity`.`findings` f " . - "WHERE f.`pdi_id` = " . $this->conn->real_escape_string($pdi_id) . - " AND f.`tgt_id` = " . $this->conn->real_escape_string($tgt_id); + $this->help->select("sagacity.findings", ['f.notes'], [ + [ + 'field' => 'f.pdi_id', + 'op' => '=', + 'value' => $pdi_id + ], + [ + 'field' => 'f.tgt_id', + 'op' => '=', + 'value' => $tgt_id, + 'sql_op' => 'AND' + ] + ]); - if ($res = $this->conn->query($sql)) { - if ($res->num_rows) { - $row = $res->fetch_assoc(); - return $row['notes']; - } - } - else { - error_log($this->conn->error); - Sagacity_Error::sql_handler($sql); + $rows = $this->help->execute(); + + if(is_array($rows) && count($rows) && isset($rows['notes'])) { + return $rows['notes']; + } elseif(is_array($rows) && count($rows) && isset($rows[0]) && isset($rows[0]['notes'])) { + return $rows[0]['notes']; } return null; @@ -4642,15 +4800,14 @@ class db /** * Function to determine how pervasive a finding is across all targets * - * @TODO - FINISH + * @todo - FINISH * * @param ste $ste * @param proc_ia_controls $ia_ctrl * @param string $status */ public function get_Finding_Pervasivity_by_Control($ste, $ia_ctrl, $status = null) - { - } + {} /** * Function to return all the possible finding statuses @@ -4659,22 +4816,24 @@ class db */ public function get_Finding_Statuses() { - $sql = "SELECT `id`, `status` " . - "FROM `sagacity`.`findings_status`"; + $this->help->select("sagacity.findings_status", null); + $rows = $this->help->execute(); $ret = []; - if ($res = $this->conn->query($sql)) { - while ($row = $res->fetch_assoc()) { - $status = new finding_status(); - $status->id = $row['id']; - $status->status = $row['status']; + if(is_array($rows) && count($rows) && isset($rows[0])) { + foreach($rows as $row) { + $s = new finding_status(); + $s->id = $row['id']; + $s->status = $row['status']; - $ret[] = $status; + $ret[] = $s; } - } - else { - error_log($this->conn->error); - Sagacity_Error::sql_handler($sql); + } elseif(is_array($rows) && count($rows) && isset($rows['id'])) { + $s = new finding_status(); + $s->id = $rows['id']; + $s->status = $rows['status']; + + $ret[] = $s; } return $ret; @@ -4690,60 +4849,60 @@ class db */ public function get_Finding_Comparrison($left_tgt, $right_tgt) { - $ret = []; - $left_sql = "SELECT " . - "s.`stig_id`, pcl.`check_contents`, " . - "tgt.`id` AS 'tgt_id', tgt.`name` AS 'tgt_name', " . - "IF(f.`cat` IS NULL, pdi.`cat`, f.`cat`) AS 'cat', f.`notes`, " . - "IF(f.`findings_status_id` IS NULL, 'Not Reviewed', fs.`status`) AS 'finding_status', " . - "(SELECT GROUP_CONCAT(fc.`ia_control` SEPARATOR ' ') " . - "FROM `sagacity`.`finding_controls` fc " . - "WHERE fc.`finding_id` = f.`id`) AS 'finding_ia_controls', " . - "(SELECT GROUP_CONCAT(DISTINCT CONCAT(ia.`type`, '-', ia.`type_id`) SEPARATOR ' ') " . - "FROM `sagacity`.`ia_controls` ia " . - "WHERE ia.`pdi_id` = pcl.`pdi_id`) AS 'ia_controls' " . - "FROM `sagacity`.`checklist` chk " . - "JOIN `sagacity`.`target_checklist` tc ON tc.`chk_id` = chk.`id` " . - "JOIN `sagacity`.`target` tgt ON tgt.`id` = tc.`tgt_id` " . - "LEFT JOIN `sagacity`.`pdi_checklist_lookup` pcl ON pcl.`checklist_id` = chk.`id` " . - "LEFT JOIN `sagacity`.`findings` f ON f.`pdi_id` = pcl.`pdi_id` AND f.`tgt_id` = tgt.`id` " . - "LEFT JOIN `sagacity`.`findings_status` fs ON fs.`id` = f.`findings_status_id` " . - "LEFT JOIN `sagacity`.`stigs` s ON s.`pdi_id` = pcl.`pdi_id` " . - "LEFT JOIN `sagacity`.`pdi_catalog` pdi ON pdi.`id` = pcl.`pdi_id` " . - "WHERE tgt.`id` = " . $left_tgt->get_ID() . " " . - "GROUP BY s.`stig_id`, tgt.`name` " . - "ORDER BY s.`stig_id`, FIELD(chk.`type`, 'manual', 'iavm', 'policy', 'benchmark')"; + $ret = []; + $left_sql = "SELECT " . + "s.`stig_id`, pcl.`check_contents`, " . + "tgt.`id` AS 'tgt_id', tgt.`name` AS 'tgt_name', " . + "IF(f.`cat` IS NULL, pdi.`cat`, f.`cat`) AS 'cat', f.`notes`, " . + "IF(f.`findings_status_id` IS NULL, 'Not Reviewed', fs.`status`) AS 'finding_status', " . + "(SELECT GROUP_CONCAT(fc.`ia_control` SEPARATOR ' ') " . + "FROM `sagacity`.`finding_controls` fc " . + "WHERE fc.`tgt_id` = f.`tgt_id` AND fc.`pdi_id` = f.`pdi_id`) AS 'finding_ia_controls', " . + "(SELECT GROUP_CONCAT(DISTINCT CONCAT(ia.`type`, '-', ia.`type_id`) SEPARATOR ' ') " . + "FROM `sagacity`.`ia_controls` ia " . + "WHERE ia.`pdi_id` = pcl.`pdi_id`) AS 'ia_controls' " . + "FROM `sagacity`.`checklist` chk " . + "JOIN `sagacity`.`target_checklist` tc ON tc.`chk_id` = chk.`id` " . + "JOIN `sagacity`.`target` tgt ON tgt.`id` = tc.`tgt_id` " . + "LEFT JOIN `sagacity`.`pdi_checklist_lookup` pcl ON pcl.`checklist_id` = chk.`id` " . + "LEFT JOIN `sagacity`.`findings` f ON f.`pdi_id` = pcl.`pdi_id` AND f.`tgt_id` = tgt.`id` " . + "LEFT JOIN `sagacity`.`findings_status` fs ON fs.`id` = f.`findings_status_id` " . + "LEFT JOIN `sagacity`.`stigs` s ON s.`pdi_id` = pcl.`pdi_id` " . + "LEFT JOIN `sagacity`.`pdi_catalog` pdi ON pdi.`id` = pcl.`pdi_id` " . + "WHERE tgt.`id` = {$left_tgt->get_ID()} " . + "GROUP BY s.`stig_id`, tgt.`name` " . + "ORDER BY s.`stig_id`, FIELD(chk.`type`, 'manual', 'iavm', 'policy', 'benchmark')"; $right_sql = "SELECT " . - "s.`stig_id`, pcl.`check_contents`, " . - "tgt.`id` AS 'tgt_id', tgt.`name` AS 'tgt_name', " . - "IF(f.`cat` IS NULL, pdi.`cat`, f.`cat`) AS 'cat', f.`notes`, " . - "IF(f.`findings_status_id` IS NULL, 'Not Reviewed', fs.`status`) AS 'finding_status', " . - "(SELECT GROUP_CONCAT(fc.`ia_control` SEPARATOR ' ') " . - "FROM `sagacity`.`finding_controls` fc " . - "WHERE fc.`finding_id` = f.`id`) AS 'finding_ia_controls', " . - "(SELECT GROUP_CONCAT(DISTINCT CONCAT(ia.`type`, '-', ia.`type_id`) SEPARATOR ' ') " . - "FROM `sagacity`.`ia_controls` ia " . - "WHERE ia.`pdi_id` = pcl.`pdi_id`) AS 'ia_controls' " . - "FROM `sagacity`.`checklist` chk " . - "JOIN `sagacity`.`target_checklist` tc ON tc.`chk_id` = chk.`id` " . - "JOIN `sagacity`.`target` tgt ON tgt.`id` = tc.`tgt_id` " . - "LEFT JOIN `sagacity`.`pdi_checklist_lookup` pcl ON pcl.`checklist_id` = chk.`id` " . - "LEFT JOIN `sagacity`.`findings` f ON f.`pdi_id` = pcl.`pdi_id` AND f.`tgt_id` = tgt.`id` " . - "LEFT JOIN `sagacity`.`findings_status` fs ON fs.`id` = f.`findings_status_id` " . - "LEFT JOIN `sagacity`.`stigs` s ON s.`pdi_id` = pcl.`pdi_id` " . - "LEFT JOIN `sagacity`.`pdi_catalog` pdi ON pdi.`id` = pcl.`pdi_id` " . - "WHERE tgt.`id` = " . $right_tgt->get_ID() . " " . - "GROUP BY s.`stig_id`, tgt.`name` " . - "ORDER BY s.`stig_id`, FIELD(chk.`type`, 'manual', 'iavm', 'policy', 'benchmark')"; + "s.`stig_id`, pcl.`check_contents`, " . + "tgt.`id` AS 'tgt_id', tgt.`name` AS 'tgt_name', " . + "IF(f.`cat` IS NULL, pdi.`cat`, f.`cat`) AS 'cat', f.`notes`, " . + "IF(f.`findings_status_id` IS NULL, 'Not Reviewed', fs.`status`) AS 'finding_status', " . + "(SELECT GROUP_CONCAT(fc.`ia_control` SEPARATOR ' ') " . + "FROM `sagacity`.`finding_controls` fc " . + "WHERE fc.`tgt_id` = f.`tgt_id` AND fc.`pdi_id` = f.`pdi_id`) AS 'finding_ia_controls', " . + "(SELECT GROUP_CONCAT(DISTINCT CONCAT(ia.`type`, '-', ia.`type_id`) SEPARATOR ' ') " . + "FROM `sagacity`.`ia_controls` ia " . + "WHERE ia.`pdi_id` = pcl.`pdi_id`) AS 'ia_controls' " . + "FROM `sagacity`.`checklist` chk " . + "JOIN `sagacity`.`target_checklist` tc ON tc.`chk_id` = chk.`id` " . + "JOIN `sagacity`.`target` tgt ON tgt.`id` = tc.`tgt_id` " . + "LEFT JOIN `sagacity`.`pdi_checklist_lookup` pcl ON pcl.`checklist_id` = chk.`id` " . + "LEFT JOIN `sagacity`.`findings` f ON f.`pdi_id` = pcl.`pdi_id` AND f.`tgt_id` = tgt.`id` " . + "LEFT JOIN `sagacity`.`findings_status` fs ON fs.`id` = f.`findings_status_id` " . + "LEFT JOIN `sagacity`.`stigs` s ON s.`pdi_id` = pcl.`pdi_id` " . + "LEFT JOIN `sagacity`.`pdi_catalog` pdi ON pdi.`id` = pcl.`pdi_id` " . + "WHERE tgt.`id` = {$right_tgt->get_ID()} " . + "GROUP BY s.`stig_id`, tgt.`name` " . + "ORDER BY s.`stig_id`, FIELD(chk.`type`, 'manual', 'iavm', 'policy', 'benchmark')"; if ($res = $this->conn->query($left_sql)) { while ($row = $res->fetch_assoc()) { $ret['left'][$row['stig_id']] = array( - 'stig_id' => $row['stig_id'], - 'cat' => $row['cat'], - 'ia_controls' => (!empty($row['finding_ia_controls']) ? $row['finding_ia_controls'] : $row['ia_controls']), - 'status' => $row['finding_status'], - 'notes' => $row['notes'] + 'stig_id' => $row['stig_id'], + 'cat' => $row['cat'], + 'ia_controls' => (! empty($row['finding_ia_controls']) ? $row['finding_ia_controls'] : $row['ia_controls']), + 'status' => $row['finding_status'], + 'notes' => $row['notes'] ); } } @@ -4751,14 +4910,14 @@ class db if ($res = $this->conn->query($right_sql)) { while ($row = $res->fetch_assoc()) { $ret['right'][$row['stig_id']] = array( - 'stig_id' => $row['stig_id'], - 'cat' => $row['cat'], - 'ia_controls' => (!empty($row['finding_ia_controls']) ? $row['finding_ia_controls'] : $row['ia_controls']), - 'status' => $row['finding_status'], - 'notes' => $row['notes'] + 'stig_id' => $row['stig_id'], + 'cat' => $row['cat'], + 'ia_controls' => (! empty($row['finding_ia_controls']) ? $row['finding_ia_controls'] : $row['ia_controls']), + 'status' => $row['finding_status'], + 'notes' => $row['notes'] ); - if (!isset($ret['left'][$row['stig_id']])) { + if (! isset($ret['left'][$row['stig_id']])) { $ret['left'][$row['stig_id']] = null; } } @@ -4772,53 +4931,54 @@ class db * Add a finding * * @param scan $scan - * Scan that found this item + * Scan that found this item * @param array:target|target $tgts - * Array of targets or a single target that have this finding + * Array of targets or a single target that have this finding * @param array|finding $finding_data - * Array of data associated with the finding
- * [0] => 'stig id'
- * [1] => 'vms id'
- * [2] => 'category level (I, II, III)'
- * [3] => 'ia controls (space delimited)'
- * [4] => 'short title'
- * [5...n] => 'target status'
- * [n+1] => 'notes'
- * [n+2] => 'check contents'
- * [n+3] => 'missing pdi' + * Array of data associated with the finding
+ * [0] => 'stig id'
+ * [1] => 'vms id'
+ * [2] => 'category level (I, II, III)'
+ * [3] => 'ia controls (space delimited)'
+ * [4] => 'short title'
+ * [5...n] => 'target status'
+ * [n+1] => 'notes'
+ * [n+2] => 'check contents'
+ * [n+3] => 'missing pdi' */ public function add_Finding($scan, $tgts, $finding_data) { global $cmd; set_time_limit(0); $host_count = 0; - $ref = null; + $ref = null; if (is_array($tgts)) { $host_count = count($tgts); - } - else { - $host_count++; + } else { + $host_count ++; } if (preg_match('/\d\.\d+/', $finding_data[0])) { $finding_data[0] = str_pad($finding_data[0], 5, "0"); } - $stig_id = $finding_data[0]; - $vms_id = preg_replace("/V0+/i", "V-", $finding_data[1]); - $cat_lvl = substr_count($finding_data[2], 'I'); + $stig_id = $finding_data[0]; + $vms_id = preg_replace("/V0+/i", "V-", $finding_data[1]); + $cat_lvl = substr_count($finding_data[2], 'I'); $ia_controls = $finding_data[3]; $short_title = $finding_data[4]; - $notes = $finding_data[self::FIRST_ECHECKLIST_HOST_COL + $host_count]; + $notes = $finding_data[self::FIRST_ECHECKLIST_HOST_COL + $host_count]; if (preg_match('/SV\-.*_rule/', $stig_id)) { $ref = $this->get_SV_Rule(null, $stig_id); - } - elseif (preg_match('/CVE\-\d{4}\-\d+/', $stig_id)) { - $ref = [0 => $this->get_CVE($stig_id)]; - } - elseif (preg_match('/\d{4}\-[ABT]\-\d+/', $stig_id)) { - $ref = [0 => $this->get_IAVM($stig_id)]; + } elseif (preg_match('/CVE\-\d{4}\-\d+/', $stig_id)) { + $ref = [ + 0 => $this->get_CVE($stig_id) + ]; + } elseif (preg_match('/\d{4}\-[ABT]\-\d+/', $stig_id)) { + $ref = [ + 0 => $this->get_IAVM($stig_id) + ]; } if (is_null($ref) && $stig_id != 'No Reference') { @@ -4831,14 +4991,13 @@ class db if (is_array($ref) && count($ref) && isset($ref[0])) { $ref = $ref[0]; - } - else { + } else { // add a new checklist entry - $pdi = new pdi(null, $cat_lvl, 'NOW', $short_title, $short_title); + $pdi = new pdi(null, $cat_lvl, 'NOW', $short_title, $short_title); $pdi_id = $this->save_PDI($pdi); $stig = new stig($pdi_id, $stig_id, $short_title); - $ref = $stig; + $ref = $stig; $this->add_Stig($stig); $golddisk = new golddisk($pdi_id, $vms_id, $short_title); @@ -4849,8 +5008,8 @@ class db if (is_array($tgts)) { $updated_finding = []; - $new_finding = []; - $x = 0; + $new_finding = []; + $x = 0; foreach ($tgts as $tgt) { switch (strtolower(str_replace('_', ' ', $finding_data[self::FIRST_ECHECKLIST_HOST_COL + $x]))) { case 'not reviewed': @@ -4875,61 +5034,55 @@ class db if ($current_finding != null) { $current_status = $current_finding->get_Finding_Status_String(); - //$current_source = $current_finding->get(); + // $current_source = $current_finding->get(); if ($current_status != $status) { $current_notes = $current_finding->get_Notes(); - if (!$current_notes) { + if (! $current_notes) { $current_finding->set_Notes($notes); - } - else { + } else { if ($notes && stristr($current_notes, $notes) === false) { $current_finding->prepend_Notes($current_notes); } } - if (($current_status == 'Open' || $status == 'Open') && - ($current_status == 'Not Applicable' || $current_status == 'Not a Finding' || - $status == 'Not Applicable' || $status == 'Not a Finding')) { + if (($current_status == 'Open' || $status == 'Open') && ($current_status == 'Not Applicable' || $current_status == 'Not a Finding' || $status == 'Not Applicable' || $status == 'Not a Finding')) { $current_finding->set_Notes("OPEN CONFLICT: $current_status/$status\n$notes"); $current_finding->set_Change_ID(finding::TO_OPEN); - } - elseif (($current_status == 'Not a Finding' || $current_status == 'Not Applicable') && - ($status == 'Not a Finding' || $status == 'Not Applicable')) { + } elseif (($current_status == 'Not a Finding' || $current_status == 'Not Applicable') && ($status == 'Not a Finding' || $status == 'Not Applicable')) { $current_finding->set_Notes("NF/NA CONFLICT: $current_status/$status\n$notes"); $current_finding->set_Change_ID(finding::TO_NF); - } - else { + } else { $current_finding->set_Change_ID(finding::NC); } - $new_status = $current_finding->get_Deconflicted_Status($status); + $new_status = $current_finding->get_Deconflicted_Status($status); $new_status_id = $current_finding->get_Finding_Status_ID($new_status); $current_finding->set_Finding_Status($new_status_id); - $current_finding->set_Original_Source($scan->get_Source()->get_Name()); + $current_finding->set_Original_Source($scan->get_Source() + ->get_Name()); $current_finding->set_Finding_Iteration($current_finding->get_Finding_Iteration() + 1); $current_finding->set_Scan_ID($scan->get_ID()); $current_finding->set_Category($cat_lvl); $current_finding->set_IA_Controls($ia_controls); $updated_finding[] = $current_finding; - } - else { + } else { $current_notes = $current_finding->get_Notes(); - if (!$current_notes) { + if (! $current_notes) { $current_finding->set_Notes($notes); - } - else { + } else { if ($notes && stristr($current_notes, $notes) === false) { $current_finding->set_Notes($current_notes . PHP_EOL . $notes); } } $current_finding->set_Change_ID(finding::NC); - $current_finding->set_Original_Source($scan->get_Source()->get_Name()); + $current_finding->set_Original_Source($scan->get_Source() + ->get_Name()); $current_finding->set_Finding_Iteration($current_finding->get_Finding_Iteration() + 1); $current_finding->set_Scan_ID($scan->get_ID()); $current_finding->set_Category($cat_lvl); @@ -4937,9 +5090,8 @@ class db $updated_finding[] = $current_finding; } - } - else { - $new = new finding(null, $tgt->get_ID(), $ref->get_PDI_ID(), $scan->get_ID(), $status, $notes, 0, null, 1); + } else { + $new = new finding($tgt->get_ID(), $ref->get_PDI_ID(), $scan->get_ID(), $status, $notes, 0, null, 1); $new->set_Category($cat_lvl); $new->set_IA_Controls($ia_controls); @@ -4950,13 +5102,10 @@ class db $match = []; if (preg_match("/\(FP\-([a-zA-Z \-]+)\)/i", $notes, $match)) { $src = $match[1]; - //$src = str_replace("_", " ", $match[1]); - $sql = "REPLACE INTO `false_positives` (`pdi_id`, `src_id`, `notes`) VALUES (" . - $this->conn->real_escape_string($ref->get_PDI_ID()) . ", " . - "(SELECT `id` FROM `sources` WHERE `name` = '" . $this->conn->real_escape_string($src) . "'), " . - "'Common FP for $src')"; + // $src = str_replace("_", " ", $match[1]); + $sql = "REPLACE INTO `false_positives` (`pdi_id`, `src_id`, `notes`) VALUES (" . $this->conn->real_escape_string($ref->get_PDI_ID()) . ", " . "(SELECT `id` FROM `sources` WHERE `name` = '" . $this->conn->real_escape_string($src) . "'), " . "'Common FP for $src')"; - if (!$this->conn->real_query($sql)) { + if (! $this->conn->real_query($sql)) { error_log($this->conn->error); Sagacity_Error::sql_handler($sql); } @@ -4970,12 +5119,10 @@ class db if ($status == 'Exception') { $ste = $this->get_STE($tgt->get_STE_ID())[0]; - $sql = "REPLACE INTO `exceptions` (`pdi_id`, `sys_id`, `notes`) VALUES (" . - $this->conn->real_escape_string($ref->get_PDI_ID()) . ", " . - $this->conn->real_escape_string($ste->get_System()->get_ID()) . ", " . - "'')"; + $sql = "REPLACE INTO `exceptions` (`pdi_id`, `sys_id`, `notes`) VALUES (" . $this->conn->real_escape_string($ref->get_PDI_ID()) . ", " . $this->conn->real_escape_string($ste->get_System() + ->get_ID()) . ", " . "'')"; - if (!$this->conn->real_query($sql)) { + if (! $this->conn->real_query($sql)) { error_log($this->conn->error); Sagacity_Error::sql_handler($sql); } @@ -4985,84 +5132,106 @@ class db } } - $x++; + $x ++; } $notes = (isset($current_finding) && is_array($current_finding) && count($current_finding) ? $current_finding->get_Notes() . " " . $notes : $notes); if (isset($updated_finding) && is_array($updated_finding) && count($updated_finding) > 0) { + /** @var finding $finding */ foreach ($updated_finding as $finding) { - $update_sql = "UPDATE `findings` SET " . - "`scan_id` = " . $this->conn->real_escape_string($finding->get_Scan_ID()) . ", " . - "`findings_status_id` = " . $this->conn->real_escape_string($finding->get_Finding_Status()) . ", " . - "`notes` = '" . $this->conn->real_escape_string($finding->get_Notes()) . "', " . - "`change_id` = " . $this->conn->real_escape_string($finding->get_Change_ID()) . ", " . - "`orig_src` = '" . $this->conn->real_escape_string($finding->get_Original_Source()) . "', " . - "`finding_itr` = " . $this->conn->real_escape_string($finding->get_Finding_Iteration()) . ", " . - "`cat` = " . $this->conn->real_escape_string($finding->get_Category()) . - " WHERE `id` = " . $this->conn->real_escape_string($finding->get_ID()); + $this->help->update('findings', [ + 'scan_id' => $finding->get_Scan_ID(), + 'findings_status_id' => $finding->get_Finding_Status(), + 'notes' => $finding->get_Notes(), + 'change_id' => $finding->get_Change_ID(), + 'orig_src' => $finding->get_Original_Source(), + 'finding_itr' => $finding->get_Finding_Iteration(), + 'cat' => $finding->get_Category() + ], [ + [ + 'field' => 'tgt_id', + 'op' => '=', + 'value' => $finding->get_Tgt_ID() + ], + [ + 'field' => 'pdi_id', + 'op' => '=', + 'value' => $finding->get_PDI_ID(), + 'sql_op' => 'AND' + ] + ]); - $this->conn->ping(); - - if (!$this->conn->real_query($update_sql)) { - Sagacity_Error::sql_handler($update_sql); - error_log($this->conn->error); + if (! $this->help->execute()) { + $this->help->debug(E_ERROR); return false; } - $this->conn->real_query("DELETE FROM `finding_controls` WHERE `finding_id` = " . $finding->get_ID()); + $this->help->delete("finding_controls", null, [ + [ + 'field' => 'tgt_id', + 'op' => '=', + 'value' => $finding->get_Tgt_ID() + ], + [ + 'field' => 'pdi_id', + 'op' => '=', + 'value' => $finding->get_PDI_ID(), + 'sql_op' => 'AND' + ] + ]); + $this->help->execute(); - $sql2 = "INSERT INTO `finding_controls` (`finding_id`, `ia_control`) VALUES "; + $params = []; foreach ($finding->get_IA_Controls() as $ia) { - $sql2 .= "({$this->conn->real_escape_string($finding->get_ID())}, " . - "'{$this->conn->real_escape_string($ia)}'),"; - } - $sql2 = substr($sql2, 0, -1); - if (strlen($sql2) > 74) { - $this->conn->real_query($sql2); + $params[] = [ + $finding->get_Tgt_ID(), + $finding->get_PDI_ID(), + $ia + ]; } + $this->help->extended_insert('finding_controls', ['tgt_id', 'pdi_id', 'ia_control'], $params, true); + $this->help->execute(); } } if (isset($new_finding) && count($new_finding) > 0) { + $finding_params = []; + $finding_control_params = []; foreach ($new_finding as $finding) { - $insert_sql = "INSERT INTO `findings` (`tgt_id`, `pdi_id`, `scan_id`, `findings_status_id`, `cat`, `notes`) VALUES " . - "(" . $this->conn->real_escape_string($finding->get_Tgt_ID()) . ", " . - $this->conn->real_escape_string($finding->get_PDI_ID()) . ", " . - $this->conn->real_escape_string($finding->get_Scan_ID()) . ", " . - $this->conn->real_escape_string($finding->get_Finding_Status()) . ", " . - $this->conn->real_escape_string($finding->get_Category()) . ", " . - "'" . $this->conn->real_escape_string($finding->get_Notes()) . "')"; + /** @var finding $finding */ + $finding_params[] = [ + $finding->get_Tgt_ID(), + $finding->get_PDI_ID(), + $finding->get_Scan_ID(), + $finding->get_Finding_Status(), + $finding->get_Category(), + $finding->get_Notes() + ]; - $this->conn->ping(); - - if (strlen($insert_sql) > 103) { - if (!$this->conn->real_query($insert_sql)) { - Sagacity_Error::sql_handler($insert_sql); - error_log($this->conn->error); - return false; - } - } - - $find_id = $this->conn->insert_id; - - $sql2 = "INSERT INTO `finding_controls` (`finding_id`, `ia_control`) VALUES "; foreach ($finding->get_IA_Controls() as $ia) { - $sql2 .= "({$this->conn->real_escape_string($find_id)}, " . - "'{$this->conn->real_escape_string($ia)}'),"; + $finding_control_params[] = [ + $finding->get_Tgt_ID(), + $finding->get_PDI_ID(), + $ia + ]; } - $sql2 = substr($sql2, 0, -1); - if (strlen($sql2) > 74) { - $this->conn->real_query($sql2); + } + + if(is_array($finding_params) && count($finding_params)) { + $this->extended_insert('findings', ['tgt_id', 'pdi_id', 'scan_id', 'findings_status_id', 'cat', 'notes'], $finding_params, true); + + if($this->help->execute()) { + $this->help->extended_insert('finding_controls', ['tgt_id', 'pdi_id', 'ia_control'], $finding_control_params, true); + $this->help->execute(); } } } return true; - } - else { + } else { $updated_finding = null; - $new_finding = null; + $new_finding = null; switch (strtolower(str_replace('_', ' ', $finding_data[self::FIRST_ECHECKLIST_HOST_COL]))) { case 'not reviewed': case 'not a finding': @@ -5086,67 +5255,60 @@ class db if (is_array($current_finding) && count($current_finding)) { $current_status = $current_finding->get_Finding_Status_String(); - //$current_source = $current_finding->get(); + // $current_source = $current_finding->get(); if ($current_status != $status) { $current_notes = $current_finding->get_Notes(); - if (!$current_notes) { + if (! $current_notes) { $current_finding->set_Notes($notes); - } - else { + } else { if ($notes && stristr($current_notes, $notes) === false) { $current_finding->set_Notes($current_notes . PHP_EOL . $notes); } } - if (($current_status == 'Open' || $status == 'Open') && - ($current_status == 'Not Applicable' || $current_status == 'Not a Finding' || - $status == 'Not Applicable' || $status == 'Not a Finding')) { + if (($current_status == 'Open' || $status == 'Open') && ($current_status == 'Not Applicable' || $current_status == 'Not a Finding' || $status == 'Not Applicable' || $status == 'Not a Finding')) { $current_finding->set_Notes("OPEN CONFLICT: $current_status/$status\n$notes"); $current_finding->set_Change_ID(finding::TO_OPEN); - } - elseif (($current_status == 'Not a Finding' || $current_status == 'Not Applicable') && - ($status == 'Not a Finding' || $status == 'Not Applicable')) { + } elseif (($current_status == 'Not a Finding' || $current_status == 'Not Applicable') && ($status == 'Not a Finding' || $status == 'Not Applicable')) { $current_finding->set_Notes("NF/NA CONFLICT: $current_status/$status\n$notes"); $current_finding->set_Change_ID(finding::TO_NF); - } - else { + } else { $current_finding->set_Change_ID(finding::NC); } - $new_status = $current_finding->get_Deconflicted_Status($status); + $new_status = $current_finding->get_Deconflicted_Status($status); $new_status_id = $current_finding->get_Finding_Status_ID($new_status); $current_finding->set_Finding_Status($new_status_id); - $current_finding->set_Original_Source($scan->get_Source()->get_Name()); + $current_finding->set_Original_Source($scan->get_Source() + ->get_Name()); $current_finding->set_Finding_Iteration($current_finding->get_Finding_Iteration() + 1); $current_finding->set_Scan_ID($scan->get_ID()); $updated_finding = $current_finding; - } - else { + } else { $current_notes = $current_finding->get_Notes(); - if (!$current_notes) { + if (! $current_notes) { $current_finding->set_Notes($notes); - } - else { + } else { if ($notes && stristr($current_notes, $notes) === false) { $current_finding->set_Notes($current_notes . PHP_EOL . $notes); } } $current_finding->set_Change_ID(finding::NC); - $current_finding->set_Original_Source($scan->get_Source()->get_Name()); + $current_finding->set_Original_Source($scan->get_Source() + ->get_Name()); $current_finding->set_Finding_Iteration($current_finding->get_Finding_Iteration() + 1); $current_finding->set_Scan_ID($scan->get_ID()); $updated_finding = $current_finding; } - } - else { - $new_finding = new finding(null, $tgts->get_ID(), $ref->get_PDI_ID(), $scan->get_ID(), $status, $notes, 0, null, 1); + } else { + $new_finding = new finding($tgts->get_ID(), $ref->get_PDI_ID(), $scan->get_ID(), $status, $notes, 0, null, 1); $new_finding->set_Category($cat_lvl); $new_finding->set_IA_Controls($ia_controls); @@ -5154,71 +5316,86 @@ class db $notes = (isset($current_finding) && is_array($current_finding) && count($current_finding) ? $current_finding->get_Notes() . " " . $notes : $notes); - if (isset($updated_finding) && !is_null($updated_finding)) { - $update_sql = "UPDATE `findings` SET " . - "`scan_id` = " . $this->conn->real_escape_string($updated_finding->get_Scan_ID()) . ", " . - "`findings_status_id` = " . $this->conn->real_escape_string($updated_finding->get_Finding_Status()) . ", " . - "`notes` = '" . $this->conn->real_escape_string($updated_finding->get_Notes()) . "', " . - "`change_id` = " . $this->conn->real_escape_string($updated_finding->get_Change_ID()) . ", " . - "`orig_src` = '" . $this->conn->real_escape_string($updated_finding->get_Original_Source()) . "', " . - "`finding_itr` = " . $this->conn->real_escape_string($updated_finding->get_Finding_Iteration()) . ", " . - "`cat` = " . $this->conn->real_escape_string($updated_finding->get_Category()) . - " WHERE `id` = " . $this->conn->real_escape_string($updated_finding->get_ID()); + if (isset($updated_finding) && ! is_null($updated_finding)) { + $this->help->update("findings", [ + 'scan_id' => $updated_finding->get_Scan_ID(), + 'findings_status_id' => $updated_finding->get_Finding_status(), + 'notes' => $updated_finding->get_Notes(), + 'change_id' => $updated_finding->get_Change_ID(), + 'orig_src' => $updated_finding->get_Original_Source(), + 'finding_itr' => $updated_finding->get_Finding_Iteration(), + 'cat' => $updated_finding->get_Category() + ], [ + [ + 'field' => 'tgt_id', + 'op' => '=', + 'value' => $updated_finding->get_Tgt_ID() + ], + [ + 'field' => 'pdi_id', + 'op' => '=', + 'value' => $updated_finding->get_PDI_ID(), + 'sql_op' => 'AND' + ] + ]); - $this->conn->ping(); - - if (!$this->conn->real_query($update_sql)) { - Sagacity_Error::sql_handler($update_sql); - error_log($this->conn->error); + if (! $this->help->execute()) { + $this->help->debug(E_ERROR); return false; } - $this->conn->real_query("DELETE FROM `sagacity`.`finding_controls` WHERE `finding_id` = " . $updated_finding->get_ID()); - - $sql2 = "INSERT INTO `sagacity`.`finding_controls` (`finding_id`, `ia_control`) VALUES "; + $this->help->delete("finding_controls", null, [ + [ + 'field' => 'tgt_id', + 'op' => '=', + 'value' => $updated_finding->get_Tgt_ID() + ], + [ + 'field' => 'pdi_id', + 'op' => '=', + 'value' => $updated_finding->get_PDI_ID(), + 'sql_op' => 'AND' + ] + ]); + $this->help->execute(); + $params = []; foreach ($updated_finding->get_IA_Controls() as $ia) { - $sql2 .= "(" . - $this->conn->real_escape_string($updated_finding->get_ID()) . ", " . - "'" . $this->conn->real_escape_string($ia) . "'), "; + $params[] = [ + $updated_finding->get_Tgt_ID(), + $updated_finding->get_PDI_ID(), + $ia + ]; } - - $sql2 = substr($sql2, 0, -1); - - $this->conn->real_query($sql2); + $this->help->extended_insert("finding_controls", ['tgt_id', 'pdi_id', 'ia_control'], $params, true); + $this->help->execute(); } - if (isset($new_finding) && !is_null($new_finding)) { - $insert_sql = "INSERT INTO `sagacity`.`findings` (`tgt_id`, `pdi_id`, `scan_id`, `findings_status_id`, `notes`, `cat`) VALUES " . - "(" . $this->conn->real_escape_string($new_finding->get_Tgt_ID()) . ", " . - $this->conn->real_escape_string($new_finding->get_PDI_ID()) . ", " . - $this->conn->real_escape_string($new_finding->get_Scan_ID()) . ", " . - $this->conn->real_escape_string($new_finding->get_Finding_Status()) . ", " . - "'" . $this->conn->real_escape_string($new_finding->get_Notes()) . "', " . - $this->conn->real_escape_string($new_finding->get_Category()) . ")"; + if (isset($new_finding) && ! is_null($new_finding)) { + $this->help->insert("findings", [ + 'tgt_id' => $new_finding->get_Tgt_ID(), + 'pdi_id' => $new_finding->get_PDI_ID(), + 'scan_id' => $new_finding->get_Scan_ID(), + 'findings_status_id' => $new_finding->get_Finding_Status(), + 'notes' => $new_finding->get_Notes(), + 'cat' => $new_finding->get_Category() + ], true); - $this->conn->ping(); - - if (strlen($insert_sql) > 97) { - if (!$this->conn->real_query($insert_sql)) { - Sagacity_Error::sql_handler($insert_sql); - error_log($this->conn->error); - return false; - } + if(!$this->help->execute()) { + $this->help->debug(E_ERROR); + return false; } - $find_id = $this->conn->insert_id; - - $sql2 = "INSERT INTO `sagacity`.`finding_controls` (`finding_id`, `ia_control`) VALUES "; + $params = []; foreach ($new_finding->get_IA_Controls() as $ia) { - $sql2 .= "(" . - $this->conn->real_escape_string($find_id) . ", " . - "'" . $this->conn->real_escape_string($ia) . "'), "; + $params[] = [ + $new_finding->get_Tgt_ID(), + $new_finding->get_PDI_ID(), + $ia + ]; } - - $sql2 = substr($sql2, 0, -1); - - $this->conn->real_query($sql2); + $this->help->extended_insert('finding_controls', ['tgt_id', 'pdi_id', 'ia_control'], $params, true); + $this->help->execute(); } return true; @@ -5229,22 +5406,29 @@ class db * Function to add findings to the database * * @param array:finding $updated_findings - * Array of findings to update + * Array of findings to update * @param array:finding $added_findings - * Array of findings to add to database + * Array of findings to add to database * - * @return boolean - * Returns TRUE if successful, otherwise FALSE + * @return boolean Returns TRUE if successful, otherwise FALSE */ public function add_Findings_By_Target($updated_findings, $added_findings) { - $fields = ['pdi_id', 'tgt_id', 'scan_id', 'findings_status_id', 'notes', 'cat']; + $fields = [ + 'pdi_id', + 'tgt_id', + 'scan_id', + 'findings_status_id', + 'notes', + 'cat' + ]; $ins_arr = []; if (is_array($added_findings) && count($added_findings) && is_a(current($added_findings), 'finding')) { $scan_id = current($added_findings)->get_Scan_ID(); foreach ($added_findings as $finding) { + /** @var finding $finding */ $ins_arr[] = [ $finding->get_PDI_ID(), $finding->get_Tgt_ID(), @@ -5258,41 +5442,40 @@ class db if (is_array($ins_arr) && count($ins_arr)) { $this->help->extended_insert('findings', $fields, $ins_arr, true); - if (!$this->help->execute()) { + if (! $this->help->execute()) { $this->help->debug(E_ERROR); } } - $this->help->sql = "INSERT IGNORE INTO `finding_controls` (`finding_id`, `ia_control`) " . - "(SELECT f.`id`, " . - "(SELECT CONCAT(ia.`type`, '-', ia.`type_id`) " . - "FROM `ia_controls` ia " . - "WHERE ia.`pdi_id` = f.`pdi_id`) " . - "FROM `findings` f " . - "WHERE f.`scan_id` = $scan_id)" - ; + $this->help->sql = "INSERT IGNORE INTO `finding_controls` (`tgt_id`, `pdi_id`, `ia_control`) " . + "(SELECT f.`tgt_id`, f.`pdi_id`, " . + "(SELECT CONCAT(ia.`type`, '-', ia.`type_id`) " . + "FROM `ia_controls` ia " . + "WHERE ia.`pdi_id` = f.`pdi_id`) " . + "FROM `findings` f " . + "WHERE f.`scan_id` = $scan_id)"; $this->help->query_type = db_helper::INSERT; - if (!$this->help->execute()) { + if (! $this->help->execute()) { $this->help->debug(E_WARNING); } $this->help->delete("finding_controls", null, [ [ 'field' => 'ia_control', - 'op' => '=', + 'op' => '=', 'value' => '' ], [ - 'field' => 'ia_control', - 'op' => '=', - 'value' => '-', + 'field' => 'ia_control', + 'op' => '=', + 'value' => '-', 'sql_op' => 'OR' ], [ - 'field' => 'ia_control', - 'op' => IS, - 'value' => null, + 'field' => 'ia_control', + 'op' => IS, + 'value' => null, 'sql_op' => 'OR' ] ]); @@ -5302,52 +5485,58 @@ class db if (is_array($updated_findings) && count($updated_findings) && is_a(current($updated_findings), 'finding')) { $this->help->create_table("tmp_findings", true, [ [ - 'field' => 'id', + 'field' => 'tgt_id', 'datatype' => 'int(11)' ], [ - 'field' => 'tgt_id', + 'field' => 'pdi_id', 'datatype' => 'int(11)' ], [ - 'field' => 'pdi_id', + 'field' => 'scan_id', 'datatype' => 'int(11)' ], [ - 'field' => 'scan_id', + 'field' => 'findings_status_id', 'datatype' => 'int(11)' ], [ - 'field' => 'findings_status_id', + 'field' => 'change_id', 'datatype' => 'int(11)' ], [ - 'field' => 'change_id', - 'datatype' => 'int(11)' - ], - [ - 'field' => 'finding_itr', + 'field' => 'finding_itr', 'datatype' => 'int(5)' ], [ - 'field' => 'cat', + 'field' => 'cat', 'datatype' => 'int(1)' ], [ - 'field' => 'notes', + 'field' => 'notes', 'datatype' => 'text' ], [ - 'field' => 'orig_src', + 'field' => 'orig_src', 'datatype' => 'varchar(10)' ] ]); $this->help->execute(); - $upd_arr = []; - $update_fields = ['id', 'tgt_id', 'pdi_id', 'scan_id', 'findings_status_id', 'change_id', 'finding_itr', 'cat', 'notes', 'orig_src']; + $upd_arr = []; + $update_fields = [ + 'tgt_id', + 'pdi_id', + 'scan_id', + 'findings_status_id', + 'change_id', + 'finding_itr', + 'cat', + 'notes', + 'orig_src' + ]; foreach ($updated_findings as $finding) { + /** @var finding $finding */ $upd_arr[] = [ - $finding->get_ID(), $finding->get_Tgt_ID(), $finding->get_PDI_ID(), $finding->get_Scan_ID(), @@ -5364,10 +5553,11 @@ class db $this->help->extended_insert("tmp_findings", $update_fields, $upd_arr, true); $this->help->execute(); - $this->help->extended_update('findings', 'tmp_findings', 'id', $update_fields); + $this->help->extended_update('findings', 'tmp_findings', '`tgt_id`,`pdi_id`', $update_fields); - if (!$this->help->execute()) { + if (! $this->help->execute()) { $this->help->debug(E_ERROR); + return false; } } } @@ -5379,96 +5569,101 @@ class db * Function to update a finding status and notes * * @param finding $find - * The finding to update + * The finding to update * - * @return boolean - * Returns TRUE if successful, otherwise FALSE + * @return boolean Returns TRUE if successful, otherwise FALSE */ public function update_Finding($find) { - if ($find->get_ID()) { - $this->help->update("sagacity.findings", array( - 'findings_status_id' => $find->get_Finding_Status(), - 'notes' => $find->get_Notes(), - 'cat' => $find->get_Category() - ), array( - array( - 'field' => 'id', - 'op' => '=', - 'value' => $find->get_ID() - ) - )); - return $this->help->execute(); - } - else { - $this->help->insert("sagacity.findings", array( - 'tgt_id' => $find->get_Tgt_ID(), - 'pdi_id' => $find->get_PDI_ID(), - 'scan_id' => $find->get_Scan_ID(), - 'findings_status_id' => $find->get_Finding_Status(), - 'notes' => $find->get_Notes(), - 'cat' => $find->get_Category() - ), true); - if (!$find_id = $this->help->execute()) { - $this->help->debug(E_ERROR); - return false; - } + $this->help->replace("sagacity.findings", [ + 'tgt_id' => $find->get_Tgt_ID(), + 'pdi_id' => $find->get_PDI_ID(), + 'scan_id' => $find->get_Scan_ID(), + 'findings_status_id' => $find->get_Finding_Status(), + 'notes' => $find->get_Notes(), + 'cat' => $find->get_Category() + ]); + + if ($this->help->execute()) { + $this->help->delete("sagacity.finding_controls", null, [ + [ + 'field' => 'tgt_id', + 'op' => '=', + 'value' => $find->get_Tgt_ID() + ], + [ + 'field' => 'pdi_id', + 'op' => '=', + 'value' => $find->get_PDI_ID(), + 'sql_op' => 'AND' + ] + ]); $ia_arr = []; foreach ($find->get_IA_Controls() as $ia) { - $ia_arr[] = array( - $find_id, + $ia_arr[] = [ + $find->get_Tgt_ID(), + $find->get_PDI_ID(), $ia - ); + ]; } - $this->help->extended_insert("sagacity.finding_controls", array('finding_id', 'control_id'), $ia_arr, true); - if (!$this->help->execute()) { - $this->help->debug(E_ERROR); + if (is_array($ia_arr) && count($ia_arr) && isset($ia_arr[0])) { + $this->help->extended_insert("sagacity.finding_controls", [ + 'tgt_id', + 'pdi_id', + 'control_id' + ], $ia_arr, true); + if (! $this->help->execute()) { + $this->help->debug(E_ERROR); + return false; + } } - - return true; + } else { + $this->help->debug(E_ERROR); + return false; } + + return true; } /** * Get count of open category I findings for a target * * @param integer $checklist_id - * Checklist ID to query for quantity + * Checklist ID to query for quantity * @param target $tgt - * Target to query + * Target to query * - * @return integer - * Returns the number of findings that are Cat I and with a status of 'Open' for a specific host + * @return integer Returns the number of findings that are Cat I and with a status of 'Open' for a specific host */ public function get_Host_Open_Cat_1($checklist_id, $tgt) { $this->help->select_count("sagacity.pdi_catalog pdi", array( array( 'field' => 'lu.checklist_id', - 'op' => '=', + 'op' => '=', 'value' => $checklist_id ), array( - 'field' => 'f.tgt_id', - 'op' => '=', - 'value' => $tgt->get_ID(), + 'field' => 'f.tgt_id', + 'op' => '=', + 'value' => $tgt->get_ID(), 'sql_op' => 'AND' ), array( - 'field' => 'fs.status', - 'op' => '=', - 'value' => 'Open', + 'field' => 'fs.status', + 'op' => '=', + 'value' => 'Open', 'sql_op' => 'AND' ), array( - 'field' => 'pdi.cat', - 'op' => '=', - 'value' => 1, + 'field' => 'pdi.cat', + 'op' => '=', + 'value' => 1, 'sql_op' => 'AND' ) - ), array( + ), array( 'table_joins' => array( "JOIN sagacity.pdi_checklist_lookup lu ON lu.pdi_id=pdi.id", "JOIN sagacity.findings f ON f.pdi_id=pdi.id", @@ -5484,34 +5679,33 @@ class db * Get count of not reviewed findings for a target * * @param integer $checklist_id - * Checklist ID to query for quantity + * Checklist ID to query for quantity * @param target $tgt - * Target to query + * Target to query * - * @return integer - * Returns the number of findings with a status of 'Not Reviewed' for a specific host + * @return integer Returns the number of findings with a status of 'Not Reviewed' for a specific host */ public function get_Host_Not_Reviewed($checklist_id, $tgt) { $this->help->select_count("sagacity.pdi_catalog pdi", array( array( 'field' => 'lu.checklist_id', - 'op' => '=', + 'op' => '=', 'value' => $checklist_id ), array( - 'field' => 'f.tgt_id', - 'op' => '=', - 'value' => $tgt->get_ID(), + 'field' => 'f.tgt_id', + 'op' => '=', + 'value' => $tgt->get_ID(), 'sql_op' => 'AND' ), array( - 'field' => 'fs.status', - 'op' => '=', - 'value' => 'Not Reviewed', + 'field' => 'fs.status', + 'op' => '=', + 'value' => 'Not Reviewed', 'sql_op' => 'AND' ) - ), array( + ), array( 'table_joins' => array( "JOIN sagacity.pdi_checklist_lookup lu ON lu.pdi_id=pdi.id", "JOIN sagacity.findings f ON f.pdi_id=pdi.id", @@ -5528,21 +5722,22 @@ class db /** * Get GoldDisk data * - * @param string $str_VMS_ID [optional] - * The VMS id of the golddisk object (default null) + * @param string $str_VMS_ID + * [optional] + * The VMS id of the golddisk object (default null) * * @return array:golddisk |NULL - * Returns an array of golddisk objects, or null if none found + * Returns an array of golddisk objects, or null if none found */ public function get_GoldDisk($str_VMS_ID = null) { - $ret = []; + $ret = []; $where = []; if ($str_VMS_ID != null) { $where[] = array( 'field' => 'vms_id', - 'op' => '=', + 'op' => '=', 'value' => $str_VMS_ID ); } @@ -5551,7 +5746,9 @@ class db $rows = $this->help->execute(); if (is_array($rows) && count($rows) && isset($rows['pdi_id'])) { - $rows = array(0 => $rows); + $rows = array( + 0 => $rows + ); } if (is_array($rows) && count($rows) && isset($rows[0])) { @@ -5567,10 +5764,10 @@ class db * Function for retrieving a VMS using the PDI * * @param integer $pdi_id - * The PDI ID of the golddisk to grab + * The PDI ID of the golddisk to grab * * @return array:golddisk |NULL - * Returns an array of golddisk, or null if none found + * Returns an array of golddisk, or null if none found */ public function get_GoldDisk_By_PDI($pdi_id) { @@ -5578,22 +5775,23 @@ class db $this->help->select("golddisk", null, [ [ 'field' => 'pdi_id', - 'op' => '=', + 'op' => '=', 'value' => $pdi_id ] ]); $rows = $this->help->execute(); if (is_array($rows) && count($rows) && isset($rows['pdi_id'])) { - $rows = [0 => $rows]; + $rows = [ + 0 => $rows + ]; } if (is_array($rows) && count($rows) && isset($rows[0])) { foreach ($rows as $row) { $ret[] = new golddisk($row['pdi_id'], $row['vms_id'], $row['short_title']); } - } - else { + } else { $this->help->debug(E_ERROR); } @@ -5604,20 +5802,19 @@ class db * Function to add GoldDisk to database * * @param golddisk $new_GoldDisk - * The golddisk object to add to database + * The golddisk object to add to database * - * @return boolean - * Returns TRUE if successful, otherwise false + * @return boolean Returns TRUE if successful, otherwise false */ public function save_GoldDisk($new_GoldDisk) { $this->help->insert("sagacity.golddisk", array( - 'pdi_id' => $new_GoldDisk->get_PDI_ID(), - 'vms_id' => $new_GoldDisk->get_ID(), + 'pdi_id' => $new_GoldDisk->get_PDI_ID(), + 'vms_id' => $new_GoldDisk->get_ID(), 'short_title' => $new_GoldDisk->get_Short_Title() - ), true); + ), true); - if (!$this->help->execute()) { + if (! $this->help->execute()) { $this->help->debug(E_ERROR); return false; } @@ -5630,19 +5827,13 @@ class db * Function to get IA control from DB * * @param ia_control $ia - * IA Control to retrieve from the database + * IA Control to retrieve from the database * - * @return ia_control|NULL - * Returns IA_Control object, or null if none found + * @return ia_control|NULL Returns IA_Control object, or null if none found */ public function get_IA_Controls($ia) { - $sql = "SELECT `pdi_id`, `type`, `type_id` " . - "FROM `sagacity`.`ia_controls` " . - "WHERE " . - "`pdi_id` = " . $this->conn->real_escape_string($ia->get_PDI_ID()) . " AND " . - "`type` = '" . $this->conn->real_escape_string($ia->get_Type()) . "' AND " . - "`type_id` = " . $this->conn->real_escape_string($ia->get_Type_ID()); + $sql = "SELECT `pdi_id`, `type`, `type_id` " . "FROM `sagacity`.`ia_controls` " . "WHERE " . "`pdi_id` = " . $this->conn->real_escape_string($ia->get_PDI_ID()) . " AND " . "`type` = '" . $this->conn->real_escape_string($ia->get_Type()) . "' AND " . "`type_id` = " . $this->conn->real_escape_string($ia->get_Type_ID()); $res = $this->conn->query($sql); @@ -5667,23 +5858,17 @@ class db $class = 'cl'; if ($sys->get_Classification() == 'Public') { $class = 'pub'; - } - elseif ($sys->get_Classification() == 'Sensitive') { + } elseif ($sys->get_Classification() == 'Sensitive') { $class = 'sen'; } $ret = []; - $sql = "SELECT `proc_control` " . - "FROM `sagacity`.`proc_level_type` " . - "WHERE " . - "`level` = " . $sys->get_MAC() . " AND " . - "`class` = '$class'"; + $sql = "SELECT `proc_control` " . "FROM `sagacity`.`proc_level_type` " . "WHERE " . "`level` = " . $sys->get_MAC() . " AND " . "`class` = '$class'"; if ($res = $this->conn->query($sql)) { while ($row = $res->fetch_assoc()) { $ret[] = new ia_control(null, explode('-', $row['proc_control'])[0], explode('-', $row['proc_control'])[1]); } - } - else { + } else { error_log($this->conn->error); Sagacity_Error::sql_handler($sql); } @@ -5695,17 +5880,14 @@ class db * Function for retrieving IA Controls by PDI * * @param integer $pdi_id - * PDI ID used to query + * PDI ID used to query * * @return array:ia_control |NULL - * Returns array of ia_controls associated with a specific PDI, or null if none found + * Returns array of ia_controls associated with a specific PDI, or null if none found */ public function get_IA_Controls_By_PDI($pdi_id) { - $sql = "SELECT " . - "`pdi_id`, `type`, `type_id` " . - "FROM `sagacity`.`ia_controls` " . - "WHERE `pdi_id` = " . $this->conn->real_escape_string($pdi_id); + $sql = "SELECT " . "`pdi_id`, `type`, `type_id` " . "FROM `sagacity`.`ia_controls` " . "WHERE `pdi_id` = " . $this->conn->real_escape_string($pdi_id); if ($res = $this->conn->query($sql)) { $ret = []; @@ -5715,8 +5897,7 @@ class db } return $ret; - } - else { + } else { Sagacity_Error::sql_handler($sql); error_log($this->conn->error); } @@ -5734,7 +5915,7 @@ class db */ public function get_IA_Control_Icon($ste, $ctrl) { - $cats = $this->get_STE_Cat_List($ste->get_ID()); + $cats = $this->get_STE_Cat_List($ste->get_ID()); $total = 0; foreach ($cats as $cat) { @@ -5751,8 +5932,7 @@ class db } if (empty($ctrl->finding->vul_desc)) { return "exclamation.png"; - } - elseif (empty($ctrl->finding->mitigations)) { + } elseif (empty($ctrl->finding->mitigations)) { return "exclamation.png"; } @@ -5763,10 +5943,9 @@ class db * Update an IA control * * @param ia_control|array:ia_control $ia_Controls - * Array of IA Controls to update + * Array of IA Controls to update * - * @return boolean - * Returns TRUE if successful, otherwise FALSE + * @return boolean Returns TRUE if successful, otherwise FALSE */ public function save_IA_Control($ia_Controls) { @@ -5780,21 +5959,23 @@ class db $ia->get_Type_ID() ); } - } - elseif (is_a($ia_Controls, 'ia_control')) { + } elseif (is_a($ia_Controls, 'ia_control')) { $params[] = array( $ia_Controls->get_PDI_ID(), $ia_Controls->get_Type(), $ia_Controls->get_Type_ID() ); - } - else { + } else { return false; } - $this->help->extended_replace("sagacity.ia_controls", array('pdi_id', 'type', 'type_id'), $params); + $this->help->extended_replace("sagacity.ia_controls", array( + 'pdi_id', + 'type', + 'type_id' + ), $params); - if (!$this->help->execute()) { + if (! $this->help->execute()) { $this->help->debug(E_ERROR); return false; } @@ -5808,33 +5989,26 @@ class db * Function for retrieving an IAVM * * @param integer|string $iavm_ID - * The IAVM ID to look for + * The IAVM ID to look for * - * @return iavm|NULL - * Returns IAVM object, otherwise null if none found + * @return iavm|NULL Returns IAVM object, otherwise null if none found */ public function get_IAVM($iavm_ID) { - $sql = "SELECT " . - "iavm.`noticeId`, iavm.`pdi_id`, iavm.`xmlUrl`, iavm.`htmlUrl`, iavm.`iavmNoticeNumber`, iavm.`title`, " . - "iavm.`type`, iavm.`state`, iavm.`lastUpdated`, iavm.`releaseDate`, iavm.`supersedes`, " . - "iavm.`executiveSummary`, iavm.`fixAction`, iavm.`note`, iavm.`vulnAppsSysAndCntrmsrs`, " . - "iavm.`stigFindingSeverity`, iavm.`knownExploits`, iavm.`file_name` " . - "FROM `sagacity`.`iavm_notices` iavm"; + $sql = "SELECT " . "iavm.`noticeId`, iavm.`pdi_id`, iavm.`xmlUrl`, iavm.`htmlUrl`, iavm.`iavmNoticeNumber`, iavm.`title`, " . "iavm.`type`, iavm.`state`, iavm.`lastUpdated`, iavm.`releaseDate`, iavm.`supersedes`, " . "iavm.`executiveSummary`, iavm.`fixAction`, iavm.`note`, iavm.`vulnAppsSysAndCntrmsrs`, " . "iavm.`stigFindingSeverity`, iavm.`knownExploits`, iavm.`file_name` " . "FROM `sagacity`.`iavm_notices` iavm"; if (is_numeric($iavm_ID)) { $sql .= " WHERE iavm.`noticeId` = " . $this->conn->real_escape_string($iavm_ID); - } - else { + } else { $sql .= " WHERE iavm.`iavmNoticeNumber` = '" . $this->conn->real_escape_string($iavm_ID) . "'"; } if ($res = $this->conn->query($sql)) { - if (!$res->num_rows) { + if (! $res->num_rows) { return null; } $notice_row = $res->fetch_assoc(); - $noticeId = $notice_row['noticeId']; + $noticeId = $notice_row['noticeId']; $iavm = new iavm($notice_row['noticeId'], $notice_row['pdi_id'], $notice_row['xmlUrl'], $notice_row['htmlUrl'], $notice_row['iavmNoticeNumber'], $notice_row['title'], $notice_row['type'], $notice_row['state'], $notice_row['lastUpdated'], $notice_row['releaseDate'], $notice_row['supersedes'], $notice_row['executiveSummary'], $notice_row['fixAction'], $notice_row['note'], $notice_row['vulnAppsSysAndCntrmsrs'], $notice_row['stigFindingSeverity'], $notice_row['knownExploits']); @@ -5848,8 +6022,7 @@ class db } } - $sql = "SELECT `id`, `title`, `url` FROM `sagacity`.`iavm_references` " . - "WHERE `iavm_notice_id` = " . $this->conn->real_escape_string($noticeId); + $sql = "SELECT `id`, `title`, `url` FROM `sagacity`.`iavm_references` " . "WHERE `iavm_notice_id` = " . $this->conn->real_escape_string($noticeId); if ($res2 = $this->conn->query($sql)) { if ($res2->num_rows) { @@ -5857,29 +6030,25 @@ class db $iavm->add_Reference(new iavm_reference($ref_row['id'], $ref_row['title'], $ref_row['url'])); } } - } - else { + } else { Sagacity_Error::sql_handler($sql); error_log($this->conn->error); } - $sql = "SELECT `id`, `details` FROM `sagacity`.`iavm_tech_overview` " . - "WHERE `iavm_notice_id` = " . $this->conn->real_escape_string($noticeId); + $sql = "SELECT `id`, `details` FROM `sagacity`.`iavm_tech_overview` " . "WHERE `iavm_notice_id` = " . $this->conn->real_escape_string($noticeId); if ($res2 = $this->conn->query($sql)) { if ($res2->num_rows) { $to_row = $res2->fetch_assoc(); - $to = new iavm_tech_overview($to_row['id'], $to_row['details']); + $to = new iavm_tech_overview($to_row['id'], $to_row['details']); $iavm->set_Tech_Overview($to); } - } - else { + } else { Sagacity_Error::sql_handler($sql); error_log($this->conn->error); } - $sql = "SELECT `id`, `type`, `title`, `url` FROM sagacity.iavm_patches " . - "WHERE `iavm_notice_id` = " . $this->conn->real_escape_string($noticeId); + $sql = "SELECT `id`, `type`, `title`, `url` FROM sagacity.iavm_patches " . "WHERE `iavm_notice_id` = " . $this->conn->real_escape_string($noticeId); if ($res2 = $this->conn->query($sql)) { if ($res2->num_rows) { @@ -5887,14 +6056,12 @@ class db $iavm->add_Patch(new iavm_patch($patch_row['id'], $patch_row['type'], $patch_row['title'], $patch_row['url'])); } } - } - else { + } else { Sagacity_Error::sql_handler($sql); error_log($this->conn->error); } - $sql = "SELECT `header`, `body` FROM `sagacity`.`iavm_mitigations` " . - "WHERE `iavm_notice_id` = " . $this->conn->real_escape_string($noticeId); + $sql = "SELECT `header`, `body` FROM `sagacity`.`iavm_mitigations` " . "WHERE `iavm_notice_id` = " . $this->conn->real_escape_string($noticeId); if ($res2 = $this->conn->query($sql)) { if ($res2->num_rows) { @@ -5902,14 +6069,12 @@ class db $iavm->set_Mitigation(new iavm_mitigation($mit_row['header'], $mit_row['body'])); } - } - else { + } else { Sagacity_Error::sql_handler($sql); error_log($this->conn->error); } - $sql = "SELECT `bid` FROM `sagacity`.`iavm_bids` " . - "WHERE `iavm_notice_id` = " . $this->conn->real_escape_string($noticeId); + $sql = "SELECT `bid` FROM `sagacity`.`iavm_bids` " . "WHERE `iavm_notice_id` = " . $this->conn->real_escape_string($noticeId); if ($res2 = $this->conn->query($sql)) { if ($res2->num_rows) { @@ -5920,8 +6085,7 @@ class db } return $iavm; - } - else { + } else { Sagacity_Error::sql_handler($sql); error_log($this->conn->error); } @@ -5933,44 +6097,33 @@ class db * Get IAVM from external data (reference or patch) * * @param string $ext - * The external data to search for + * The external data to search for * - * @return iavm|NULL - * Returns an iavm object if any are found, otherwise NULL + * @return iavm|NULL Returns an iavm object if any are found, otherwise NULL */ public function get_IAVM_From_External($ext) { - $sql = "SELECT `iavm_notice_id` FROM `sagacity`.`iavm_references` " . - "WHERE `title` LIKE '%" . $this->conn->real_escape_string($ext) . "%' OR " . - "`url` LIKE '%" . $this->conn->real_escape_string($ext) . "%' " . - "GROUP BY `iavm_notice_id` " . - "ORDER BY `iavm_notice_id` DESC"; + $sql = "SELECT `iavm_notice_id` FROM `sagacity`.`iavm_references` " . "WHERE `title` LIKE '%" . $this->conn->real_escape_string($ext) . "%' OR " . "`url` LIKE '%" . $this->conn->real_escape_string($ext) . "%' " . "GROUP BY `iavm_notice_id` " . "ORDER BY `iavm_notice_id` DESC"; if ($res = $this->conn->query($sql)) { if ($res->num_rows) { - $row = $res->fetch_assoc(); + $row = $res->fetch_assoc(); $iavm = $this->get_IAVM($row['iavm_notice_id']); return $iavm; } - } - else { + } else { Sagacity_Error::sql_handler($sql); } - $sql = "SELECT `iavm_notice_id` FROM `sagacity`.`iavm_patches` " . - "WHERE `title` LIKE '%" . $this->conn->real_escape_string($ext) . "%' OR " . - "`url` LIKE '%" . $this->conn->real_escape_string($ext) . "%' " . - "GROUP BY `iavm_notice_id` " . - "ORDER BY `iavm_notice_id` DESC"; + $sql = "SELECT `iavm_notice_id` FROM `sagacity`.`iavm_patches` " . "WHERE `title` LIKE '%" . $this->conn->real_escape_string($ext) . "%' OR " . "`url` LIKE '%" . $this->conn->real_escape_string($ext) . "%' " . "GROUP BY `iavm_notice_id` " . "ORDER BY `iavm_notice_id` DESC"; if ($res = $this->conn->query($sql)) { if ($res->num_rows) { - $row = $res->fetch_assoc(); + $row = $res->fetch_assoc(); $iavm = $this->get_IAVM($row['iavm_notice_id']); return $iavm; } - } - else { + } else { Sagacity_Error::sql_handler($sql); } @@ -5979,6 +6132,7 @@ class db /** * Method to save IAVM BIDs + * * @param iavm $iavm */ public function save_Iavm_Bids($iavm) @@ -5986,12 +6140,18 @@ class db $params = []; if (is_array($iavm->get_Bids()) && count($iavm->get_Bids())) { foreach ($iavm->get_Bids() as $bid) { - $params[] = [$iavm->get_Notice_ID(), $bid]; + $params[] = [ + $iavm->get_Notice_ID(), + $bid + ]; } } if (count($params)) { - $this->help->extended_replace('iavm_bids', ['iavm_notice_id', 'bid'], $params); + $this->help->extended_replace('iavm_bids', [ + 'iavm_notice_id', + 'bid' + ], $params); $this->help->execute(); } } @@ -6006,8 +6166,10 @@ class db if ($iavm->get_Mitigation()) { $this->help->replace("iavm_mitiagations", [ 'iavm_notice_id' => $iavm->get_Notice_ID(), - 'header' => $iavm->get_Mitigation()->get_Header(), - 'body' => $iavm->get_Mitigation()->get_Text() + 'header' => $iavm->get_Mitigation() + ->get_Header(), + 'body' => $iavm->get_Mitigation() + ->get_Text() ]); $this->help->execute(); @@ -6024,12 +6186,22 @@ class db $params = []; if (is_array($iavm->get_Patches()) && count($iavm->get_Patches())) { foreach ($iavm->get_Patches() as $patch) { - $params[] = [$iavm->get_Notice_ID(), $patch->get_Type(), $patch->get_Title(), $patch->get_URL()]; + $params[] = [ + $iavm->get_Notice_ID(), + $patch->get_Type(), + $patch->get_Title(), + $patch->get_URL() + ]; } } if (count($params)) { - $this->help->extended_replace("iavm_patches", ['iavm_notice_id', 'type', 'title', 'url'], $params); + $this->help->extended_replace("iavm_patches", [ + 'iavm_notice_id', + 'type', + 'title', + 'url' + ], $params); $this->help->execute(); } @@ -6045,12 +6217,20 @@ class db $params = []; if (is_array($iavm->get_References()) && count($iavm->get_References())) { foreach ($iavm->get_References() as $ref) { - $params[] = [$iavm->get_Notice_ID(), $ref->get_Title(), $ref->get_URL()]; + $params[] = [ + $iavm->get_Notice_ID(), + $ref->get_Title(), + $ref->get_URL() + ]; } } if (count($params)) { - $this->help->extended_replace("iavm_references", ['iavm_notice_id', 'title', 'url'], $params); + $this->help->extended_replace("iavm_references", [ + 'iavm_notice_id', + 'title', + 'url' + ], $params); $this->help->execute(); } @@ -6066,7 +6246,8 @@ class db if ($iavm->get_Tech_Overview()) { $this->help->replace("iavm_tech_overview", [ 'iavm_notice_id' => $iavm->get_Notice_ID(), - 'details' => $iavm->get_Tech_Overview()->get_Details() + 'details' => $iavm->get_Tech_Overview() + ->get_Details() ]); $this->help->execute(); @@ -6083,12 +6264,18 @@ class db $params = []; if (is_array($iavm->get_CVE()) && count($iavm->get_CVE())) { foreach ($iavm->get_CVE() as $cve) { - $params[] = [$iavm->get_Notice_ID(), $cve]; + $params[] = [ + $iavm->get_Notice_ID(), + $cve + ]; } } if (count($params)) { - $this->help->extended_replace("iavm_to_cve", ['noticeId', 'cve_id'], $params); + $this->help->extended_replace("iavm_to_cve", [ + 'noticeId', + 'cve_id' + ], $params); $this->help->execute(); } } @@ -6097,10 +6284,9 @@ class db * Function to save IAVMs * * @param iavm $iavm_in - * The IAVM to save + * The IAVM to save * - * @return boolean - * Returns TRUE if successful, otherwise FALSE + * @return boolean Returns TRUE if successful, otherwise FALSE */ public function save_IAVM($iavm_in) { @@ -6109,40 +6295,39 @@ class db if (is_null($db_iavm)) { $this->help->insert('iavm_notices', [ - 'noticeId' => $iavm_in->get_Notice_ID(), - 'pdi_id' => $iavm_in->get_PDI_ID(), - 'xmlUrl' => $iavm_in->get_XML_URL(), - 'htmlUrl' => $iavm_in->get_HTML_URL(), - 'iavmNoticeNumber' => $iavm_in->get_Notice_Number(), - 'title' => $iavm_in->get_Title(), - 'type' => $iavm_in->get_Type(), - 'state' => $iavm_in->get_State(), - 'lastUpdate' => $iavm_in->get_Last_Updated_Date(), - 'releaseDate' => $iavm_in->get_Release_Date_Date(), - 'supersedes' => $iavm_in->get_Supersedes(), - 'executiveSummary' => $iavm_in->get_Executive_Summary(), - 'fixAction' => $iavm_in->get_Fix_Action(), - 'note' => $iavm_in->get_Notes(), + 'noticeId' => $iavm_in->get_Notice_ID(), + 'pdi_id' => $iavm_in->get_PDI_ID(), + 'xmlUrl' => $iavm_in->get_XML_URL(), + 'htmlUrl' => $iavm_in->get_HTML_URL(), + 'iavmNoticeNumber' => $iavm_in->get_Notice_Number(), + 'title' => $iavm_in->get_Title(), + 'type' => $iavm_in->get_Type(), + 'state' => $iavm_in->get_State(), + 'lastUpdate' => $iavm_in->get_Last_Updated_Date(), + 'releaseDate' => $iavm_in->get_Release_Date_Date(), + 'supersedes' => $iavm_in->get_Supersedes(), + 'executiveSummary' => $iavm_in->get_Executive_Summary(), + 'fixAction' => $iavm_in->get_Fix_Action(), + 'note' => $iavm_in->get_Notes(), 'vulnAppsSysAndCntrmsrs' => $iavm_in->get_Vuln_Apps(), - 'stigFindingSeverity' => $iavm_in->get_Stig_Severity(), - 'knownExploits' => $iavm_in->get_Known_Exploits() + 'stigFindingSeverity' => $iavm_in->get_Stig_Severity(), + 'knownExploits' => $iavm_in->get_Known_Exploits() ]); - } - else { + } else { $this->help->update("iavm_notices", [ - 'type' => $iavm_in->get_Type(), - 'state' => $iavm_in->get_State(), - 'lastUpdated' => $iavm_in->get_Last_Updated_Date(), - 'supersedes' => $iavm_in->get_Supersedes(), - 'executiveSummary' => $iavm_in->get_Executive_Summary(), - 'fixAction' => $iavm_in->get_Fix_Action(), - 'knownExploits' => $iavm_in->get_Known_Exploits(), - 'note' => $iavm_in->get_Notes(), + 'type' => $iavm_in->get_Type(), + 'state' => $iavm_in->get_State(), + 'lastUpdated' => $iavm_in->get_Last_Updated_Date(), + 'supersedes' => $iavm_in->get_Supersedes(), + 'executiveSummary' => $iavm_in->get_Executive_Summary(), + 'fixAction' => $iavm_in->get_Fix_Action(), + 'knownExploits' => $iavm_in->get_Known_Exploits(), + 'note' => $iavm_in->get_Notes(), 'vulnAppsSysAndCntrmsrs' => $iavm_in->get_Vuln_Apps() - ], [ + ], [ [ 'field' => 'noticeId', - 'op' => '=', + 'op' => '=', 'value' => $iavm_in->get_Notice_ID() ] ]); @@ -6164,41 +6349,42 @@ class db * Get all interfaces for a target * * @param integer $tgtID - * Target ID to get interface information for + * Target ID to get interface information for * - * @return array:interfaces|NULL - * Returns array of interfaces (with ports), or NULL if none found + * @return array:interfaces|NULL Returns array of interfaces (with ports), or NULL if none found */ public function get_Interfaces($tgtID) { $ret = []; - if (!$tgtID) { + if (! $tgtID) { return []; } $this->help->select("sagacity.interfaces", null, [ [ 'field' => 'tgt_id', - 'op' => '=', + 'op' => '=', 'value' => $tgtID ], [ - 'field' => 'ipv4', - 'op' => '!=', - 'value' => '', + 'field' => 'ipv4', + 'op' => '!=', + 'value' => '', 'sql_op' => 'AND' ], [ - 'field' => 'ipv4', - 'op' => IS_NOT, - 'value' => null, + 'field' => 'ipv4', + 'op' => IS_NOT, + 'value' => null, 'sql_op' => 'AND' ] ]); $rows = $this->help->execute(); if (is_array($rows) && count($rows) && isset($rows['id'])) { - $rows = [0 => $rows]; + $rows = [ + 0 => $rows + ]; } if (is_array($rows) && count($rows) && isset($rows[0])) { @@ -6209,14 +6395,16 @@ class db $this->help->select("sagacity.get_ports", null, [ [ 'field' => 'int_id', - 'op' => '=', + 'op' => '=', 'value' => $row['id'] ] ]); $rows2 = $this->help->execute(); if (is_array($rows2) && count($rows2) && isset($rows2['id'])) { - $rows2 = [0 => $rows2]; + $rows2 = [ + 0 => $rows2 + ]; } if (is_array($rows2) && count($rows2) && isset($rows2[0])) { @@ -6224,8 +6412,7 @@ class db if ($p['proto'] == 'tcp') { $port = new tcp_ports($p['id'], $p['port'], $p['name'], $p['banner'], $p['notes']); $int->add_TCP_Ports($port); - } - else { + } else { $port = new udp_ports($p['id'], $p['port'], $p['name'], $p['banner'], $p['notes']); $int->add_UDP_Ports($port); } @@ -6234,8 +6421,7 @@ class db if ($row['ipv6']) { $ret[$row['ipv6']] = $int; - } - else { + } else { $ret[$row['ipv4']] = $int; } } @@ -6257,21 +6443,21 @@ class db $this->help->select("sagacity.interfaces", null, array( array( 'field' => 'tgt_id', - 'op' => '=', + 'op' => '=', 'value' => $tgt_id ), array( - 'field' => 'ipv4', - 'op' => '=', - 'value' => $ip, - 'sql_op' => 'AND', + 'field' => 'ipv4', + 'op' => '=', + 'value' => $ip, + 'sql_op' => 'AND', 'open-paren' => true ), array( - 'field' => 'ipv6', - 'op' => '=', - 'value' => $ip, - 'sql_op' => 'OR', + 'field' => 'ipv6', + 'op' => '=', + 'value' => $ip, + 'sql_op' => 'OR', 'close-paren' => true ) )); @@ -6282,23 +6468,26 @@ class db } $int = new interfaces($row['id'], $row['tgt_id'], $row['name'], $row['ipv4'], $row['ipv6'], $row['hostname'], $row['fqdn'], $row['description']); - $this->help->select("sagacity.ports_proto_services pps", array('pps.id', 'pps.port', 'pps.proto', + $this->help->select("sagacity.ports_proto_services pps", array( + 'pps.id', + 'pps.port', + 'pps.proto', "IF(ppsl.name != pps.IANA_Name, ppsl.name, pps.IANA_Name) AS 'name'", "IF(ppsl.banner != pps.banner, ppsl.banner, pps.banner) AS 'banner'", "IF(ppsl.notes != pps.notes, ppsl.notes, pps.notes) AS 'notes'" - ), array( + ), array( array( 'field' => 'ppsl.int_id', - 'op' => '=', + 'op' => '=', 'value' => $row['id'] ), array( - 'field' => 'pps.id', - 'op' => IN, - 'value' => "(SELECT pps_id FROM sagacity.pps_list WHERE int_id={$row['id']})", + 'field' => 'pps.id', + 'op' => IN, + 'value' => "(SELECT pps_id FROM sagacity.pps_list WHERE int_id={$row['id']})", 'sql_op' => 'AND' ) - ), array( + ), array( 'table_joins' => array( "LEFT JOIN sagacity.pps_list ppsl ON ppsl.pps_id=pps.id" ) @@ -6306,14 +6495,16 @@ class db $rows2 = $this->help->execute(); if (is_array($rows2) && count($rows2) && isset($rows2['id'])) { - $rows2 = array(0 => $rows2); + $rows2 = array( + 0 => $rows2 + ); } if (is_array($rows2) && count($rows2) && isset($rows2[0])) { foreach ($rows2 as $port) { - $class = "{$port['proto']}_ports"; + $class = "{$port['proto']}_ports"; $method = "add_" . strtoupper($port['proto']) . "_Ports"; - $port = new $class($port['id'], $port['port'], $port['name'], $port['banner'], $port['notes']); + $port = new $class($port['id'], $port['port'], $port['name'], $port['banner'], $port['notes']); $int->$method($port); } } @@ -6324,12 +6515,13 @@ class db /** * Return the last ID of the last interface in the database * - * @return integer - * Returns the ID of the last interface that was inserted + * @return integer Returns the ID of the last interface that was inserted */ public function get_Last_Interface_ID() { - $this->help->select("sagacity.interfaces", array('id'), [], array( + $this->help->select("sagacity.interfaces", array( + 'id' + ), [], array( 'order' => 'id DESC', 'limit' => 1 )); @@ -6345,36 +6537,37 @@ class db * Save an interface * * @param array|interfaces $req - * Associative array of data to insert into database - * @param string $action [optional] - * String representing the action to be taken ('insert','update', defaulted to 'insert') - * @param integer $tgt_id [optional] - * Integer that the interface info is going to be save to (defaulted to 0) + * Associative array of data to insert into database + * @param string $action + * [optional] + * String representing the action to be taken ('insert','update', defaulted to 'insert') + * @param integer $tgt_id + * [optional] + * Integer that the interface info is going to be save to (defaulted to 0) * - * @return boolean - * Returns TRUE if successful, otherwise FALSE + * @return boolean Returns TRUE if successful, otherwise FALSE */ public function save_Interface($req, $action = 'insert') { if ($action == 'insert') { if (is_array($req)) { $first = array_shift($req); - if (!is_a($first, 'interfaces')) { + if (! is_a($first, 'interfaces')) { return false; } $req[$first->get_IPv4()] = $first; foreach ($req as $int) { $this->help->insert("sagacity.interfaces", array( - 'tgt_id' => $int->get_TGT_ID(), - 'ipv4' => $int->get_IPv4(), - 'ipv6' => $int->get_IPv6(), - 'hostname' => $int->get_Hostname(), - 'fqdn' => $int->get_FQDN(), + 'tgt_id' => $int->get_TGT_ID(), + 'ipv4' => $int->get_IPv4(), + 'ipv6' => $int->get_IPv6(), + 'hostname' => $int->get_Hostname(), + 'fqdn' => $int->get_FQDN(), 'description' => $int->get_Description(), - 'mac' => $int->get_MAC() - ), true); + 'mac' => $int->get_MAC() + ), true); - if (!($int_id = $this->help->execute())) { + if (! ($int_id = $this->help->execute())) { $this->help->debug(E_ERROR); return false; } @@ -6405,25 +6598,29 @@ class db } if (count($ports)) { - $this->help->extended_insert("pps_list", array('int_id', 'pps_id', 'banner', 'notes'), $ports, true); - if (!$this->help->execute()) { + $this->help->extended_insert("pps_list", array( + 'int_id', + 'pps_id', + 'banner', + 'notes' + ), $ports, true); + if (! $this->help->execute()) { $this->help->debug(E_WARNING); } } } - } - elseif (is_a($req, 'interfaces')) { + } elseif (is_a($req, 'interfaces')) { $this->help->insert("interfaces", array( - 'tgt_id' => $req->get_TGT_ID(), - 'ipv4' => $req->get_IPv4(), - 'ipv6' => $req->get_IPv6(), - 'hostname' => $req->get_Hostname(), - 'fqdn' => $req->get_FQDN(), + 'tgt_id' => $req->get_TGT_ID(), + 'ipv4' => $req->get_IPv4(), + 'ipv6' => $req->get_IPv6(), + 'hostname' => $req->get_Hostname(), + 'fqdn' => $req->get_FQDN(), 'description' => $req->get_Description(), - 'mac' => $req->get_MAC() - ), true); + 'mac' => $req->get_MAC() + ), true); - if (!($int_id = $this->help->execute())) { + if (! ($int_id = $this->help->execute())) { $this->help->debug(E_ERROR); return false; } @@ -6454,55 +6651,57 @@ class db } if (count($ports)) { - $this->help->extended_insert("sagacity.pps_list", array('int_id', 'pps_id', 'banner', 'notes'), $ports, true); - if (!$this->help->execute()) { + $this->help->extended_insert("sagacity.pps_list", array( + 'int_id', + 'pps_id', + 'banner', + 'notes' + ), $ports, true); + if (! $this->help->execute()) { $this->help->debug(E_WARNING); } } - } - else { + } else { $this->help->insert("interfaces", array( - 'tgt_id' => $req['tgt_id'], - 'ipv4' => $req['ipv4'], + 'tgt_id' => $req['tgt_id'], + 'ipv4' => $req['ipv4'], 'hostname' => (isset($req['hostname']) ? $req['hostname'] : $req['ipv4']), - 'fadn' => (isset($req['fqdn']) ? $req['fqdn'] : $req['fqdn']) - ), true); + 'fadn' => (isset($req['fqdn']) ? $req['fqdn'] : $req['fqdn']) + ), true); - if (!$this->help->execute()) { + if (! $this->help->execute()) { $this->help->debug(E_ERROR); return false; } } - } - else { + } else { if (isset($req['ip']) && $req['ip'] != null) { foreach ($req['ip'] as $int_id => $val) { if (isset($req['new'][$int_id])) { $this->help->insert("sagacity.interfaces", [ - 'tgt_id' => $req['tgt'], - 'ipv4' => $req['ip'][$int_id], - 'hostname' => $req['hostname'][$int_id], - 'fqdn' => $req['fqdn'][$int_id], - 'name' => $req['name'][$int_id], - 'description' => $req['description'][$int_id], - ], true); + 'tgt_id' => $req['tgt'], + 'ipv4' => $req['ip'][$int_id], + 'hostname' => $req['hostname'][$int_id], + 'fqdn' => $req['fqdn'][$int_id], + 'name' => $req['name'][$int_id], + 'description' => $req['description'][$int_id] + ], true); - if (!$this->help->execute()) { + if (! $this->help->execute()) { $this->help->debug(E_ERROR); return false; } - } - elseif ($val != 'DELETE') { + } elseif ($val != 'DELETE') { $this->help->update("sagacity.interfaces", [ - 'name' => $req['name'][$int_id], - 'ipv4' => $val, - 'hostname' => $req['hostname'][$int_id], - 'fqdn' => $req['fqdn'][$int_id], + 'name' => $req['name'][$int_id], + 'ipv4' => $val, + 'hostname' => $req['hostname'][$int_id], + 'fqdn' => $req['fqdn'][$int_id], 'description' => $req['description'][$int_id] - ], [ + ], [ [ 'field' => 'id', - 'op' => '=', + 'op' => '=', 'value' => $int_id ] ]); @@ -6538,22 +6737,26 @@ class db } if (count($ports)) { - $this->help->extended_insert("pps_list", ['int_id', 'pps_id', 'name', 'banner', 'notes'], $ports, true); - if (!$this->help->execute()) { + $this->help->extended_insert("pps_list", [ + 'int_id', + 'pps_id', + 'name', + 'banner', + 'notes' + ], $ports, true); + if (! $this->help->execute()) { $this->help->debug(E_WARNING); } } - } - else { + } else { $this->help->debug(E_ERROR); return false; } - } - else { + } else { $this->help->delete("sagacity.pps_list", null, array( array( 'field' => 'int_id', - 'op' => '=', + 'op' => '=', 'value' => $int_id ) )); @@ -6561,7 +6764,7 @@ class db $this->help->delete("sagacity.interfaces", null, array( array( 'field' => 'id', - 'op' => '=', + 'op' => '=', 'value' => $int_id ) )); @@ -6577,10 +6780,9 @@ class db * Function to delete an target interface from the database * * @param int $id - * The ID of the interface to be deleted + * The ID of the interface to be deleted * - * @return boolean - * Returns TRUE if interface successfully deleted, otherwise FALSE + * @return boolean Returns TRUE if interface successfully deleted, otherwise FALSE */ public function delete_Interface($id) { @@ -6588,11 +6790,11 @@ class db $this->help->delete("sagacity.pps_list", null, [ [ 'field' => 'int_id', - 'op' => '=', + 'op' => '=', 'value' => $id ] ]); - if (!$this->help->execute()) { + if (! $this->help->execute()) { $this->help->debug(E_WARNING); return false; } @@ -6601,11 +6803,11 @@ class db $this->help->delete("sagacity.interfaces", null, [ [ 'field' => 'id', - 'op' => '=', + 'op' => '=', 'value' => $id ] ]); - if (!$this->help->execute()) { + if (! $this->help->execute()) { $this->help->debug(E_WARNING); return false; } @@ -6618,43 +6820,34 @@ class db * Save the port to the database * * @param interfaces $int - * Interface to tie the ports to + * Interface to tie the ports to * @param array:tcp_ports|array:udp_ports $ports - * Array of tcp and udp ports that are to be saved - * @param string $action [optional] - * Whether or not the ports are to be updated or inserted (defaulted 'insert') + * Array of tcp and udp ports that are to be saved + * @param string $action + * [optional] + * Whether or not the ports are to be updated or inserted (defaulted 'insert') * - * @return boolean - * Returns TRUE if successful, otherwise FALSE + * @return boolean Returns TRUE if successful, otherwise FALSE */ public function save_Ports($int, $ports, $action = 'insert') { - $ret = true; + $ret = true; $ins_sql = 'REPLACE INTO `sagacity`.`pps_list` (`int_id`,`pps_id`,`name`,`banner`,`notes`) VALUES '; if ($action == 'insert') { foreach ($ports as $port) { - $ins_sql .= "(" . $int->get_ID() . ", " . - "(SELECT `id` FROM `sagacity`.`ports_proto_services` WHERE `port` = '" . $port->get_Port() . "'" . - " AND `proto` = '" . (is_a($port, 'tcp_ports') ? 'tcp' : 'udp') . "' " . - " AND `notes` NOT LIKE '%historic%' LIMIT 1), " . - "'" . $this->conn->real_escape_string($port->get_IANA_Name()) . "', " . - "'" . $this->conn->real_escape_string($port->get_Banner()) . "', " . - "'" . $this->conn->real_escape_string($port->get_Notes()) . "'), "; + $ins_sql .= "(" . $int->get_ID() . ", " . "(SELECT `id` FROM `sagacity`.`ports_proto_services` WHERE `port` = '" . $port->get_Port() . "'" . " AND `proto` = '" . (is_a($port, 'tcp_ports') ? 'tcp' : 'udp') . "' " . " AND `notes` NOT LIKE '%historic%' LIMIT 1), " . "'" . $this->conn->real_escape_string($port->get_IANA_Name()) . "', " . "'" . $this->conn->real_escape_string($port->get_Banner()) . "', " . "'" . $this->conn->real_escape_string($port->get_Notes()) . "'), "; } - $ins_sql = substr($ins_sql, 0, -1); + $ins_sql = substr($ins_sql, 0, - 1); if (strlen($ins_sql) > 84) { - if (!$this->conn->real_query($ins_sql)) { + if (! $this->conn->real_query($ins_sql)) { Sagacity_Error::sql_handler($ins_sql); error_log($this->conn->error); $ret = false; } } - } - else { - - } + } else {} return $ret; } @@ -6664,37 +6857,45 @@ class db /** * Get TCP port data * - * @param integer $port_number [optional] - * Port number to retrieve from database + * @param integer $port_number + * [optional] + * Port number to retrieve from database * - * @return array:tcp_ports|NULL - * Returns array of tcp ports, or null if none found + * @return array:tcp_ports|NULL Returns array of tcp ports, or null if none found */ public function get_TCP_Ports($port_number = null) { - $ret = []; + $ret = []; $where = [ [ 'field' => 'proto', - 'op' => '=', + 'op' => '=', 'value' => 'tcp' ] ]; - if (!is_null($port_number)) { + if (! is_null($port_number)) { $where[] = [ - 'field' => 'port', - 'op' => '=', - 'value' => $port_number, + 'field' => 'port', + 'op' => '=', + 'value' => $port_number, 'sql_op' => 'AND' ]; } - $this->help->select("ports_proto_services", ['id', 'port', 'iana_Name', 'banner', 'notes'], $where); + $this->help->select("ports_proto_services", [ + 'id', + 'port', + 'iana_Name', + 'banner', + 'notes' + ], $where); $rows = $this->help->execute(); if (isset($rows['id'])) { - $rows = [0 => $rows]; + $rows = [ + 0 => $rows + ]; } if (is_array($rows) && count($rows) && isset($rows[0])) { @@ -6713,36 +6914,43 @@ class db * Get UDP port data * * @param integer $port_number - * Port number to retrieve from database + * Port number to retrieve from database * - * @return array:udp_ports|NULL - * Returns array of udp ports, or null if none found + * @return array:udp_ports|NULL Returns array of udp ports, or null if none found */ public function get_UDP_Ports($port_number = null) { - $ret = []; + $ret = []; $where = [ [ 'field' => 'proto', - 'op' => '=', + 'op' => '=', 'value' => 'udp' ] ]; - if (!is_null($port_number)) { + if (! is_null($port_number)) { $where[] = [ - 'field' => 'port', - 'op' => '=', - 'value' => $port_number, + 'field' => 'port', + 'op' => '=', + 'value' => $port_number, 'sql_op' => 'AND' ]; } - $this->help->select("ports_proto_services", ['id', 'port', 'iana_Name', 'banner', 'notes'], $where); + $this->help->select("ports_proto_services", [ + 'id', + 'port', + 'iana_Name', + 'banner', + 'notes' + ], $where); $rows = $this->help->execute(); if (is_array($rows) && count($rows) && isset($rows['id'])) { - $rows = [0 => $rows]; + $rows = [ + 0 => $rows + ]; } if (is_array($rows) && count($rows) && isset($rows[0])) { @@ -6761,20 +6969,19 @@ class db * Function to retrieve a nessus object * * @param string $nessus_id - * Nessus ID of the object you want + * Nessus ID of the object you want * - * @return nessus|NULL - * Returns nessus object and associated references, or null if none found + * @return nessus|NULL Returns nessus object and associated references, or null if none found */ public function get_Nessus($nessus_id) { $this->help->select("nessus_plugins np", null, [ [ 'field' => 'np.plugin_id', - 'op' => '=', + 'op' => '=', 'value' => $nessus_id ] - ], [ + ], [ 'table_joins' => [ "LEFT JOIN sagacity.nessus n ON n.nessus_id = np.plugin_id" ] @@ -6794,7 +7001,7 @@ class db $this->help->select("sagacity.nessus_meta", null, [ [ 'field' => 'plugin_id', - 'op' => '=', + 'op' => '=', 'value' => $row['plugin_id'] ] ]); @@ -6817,53 +7024,68 @@ class db * Update Nessus data * * @param array:nessus|nessus $nessus - * Nessus object to update + * Nessus object to update * - * @return boolean - * Returns TRUE if successful, otherwise FALSE + * @return boolean Returns TRUE if successful, otherwise FALSE */ public function save_Nessus($nessus) { - $nessus_arr = []; - $meta_arr = []; + $nessus_arr = []; + $meta_arr = []; $plugins_arr = []; - $update_arr = []; + $update_arr = []; - $nessus_fields = array('pdi_id', 'nessus_id'); - $meta_fields = array('plugin_id', 'type', 'val'); - $plugins_fields = array('plugin_id', 'name', 'copyright', 'version', 'file_name', 'file_date'); + $nessus_fields = array( + 'pdi_id', + 'nessus_id' + ); + $meta_fields = array( + 'plugin_id', + 'type', + 'val' + ); + $plugins_fields = array( + 'plugin_id', + 'name', + 'copyright', + 'version', + 'file_name', + 'file_date' + ); $this->help->create_table("tmp_nessus", true, array( array( - 'field' => 'plugin_id', + 'field' => 'plugin_id', 'datatype' => 'int(11)', - 'options' => 'primary key' + 'options' => 'primary key' ), array( - 'field' => 'name', + 'field' => 'name', 'datatype' => 'varchar(255)' ), array( - 'field' => 'copyright', + 'field' => 'copyright', 'datatype' => 'varchar(255)' ), array( - 'field' => 'version', + 'field' => 'version', 'datatype' => 'varchar(45)' ), array( - 'field' => 'file_name', + 'field' => 'file_name', 'datatype' => 'varchar(100)' ), array( - 'field' => 'file_date', + 'field' => 'file_date', 'datatype' => 'int(11)' ) )); $this->help->execute(); if (is_a($nessus, 'nessus')) { - $nessus = array(0 => $nessus); + $nessus = array( + 0 => $nessus + ); } if (is_array($nessus)) { @@ -6872,7 +7094,7 @@ class db $db_nessus = $this->get_Nessus($plug->get_Nessus_ID()); if (is_null($db_nessus)) { - if (!$plug->get_PDI_ID()) { + if (! $plug->get_PDI_ID()) { $pdi = new pdi(null, $plug->get_Category(), $plug->get_FileDate_Date()); $pdi->set_Short_Title($plug->get_Name()); $pdi->set_Group_Title($plug->get_Name()); @@ -6894,8 +7116,7 @@ class db ]; $refs = $plug->get_Reference(); - } - else { + } else { $update_arr[] = [ $plug->get_Nessus_ID(), $plug->get_Name(), @@ -6908,12 +7129,19 @@ class db $refs = $plug->compare_References($db_nessus); } - $nessus_arr[] = [$plug->get_PDI_ID(), $plug->get_Nessus_ID()]; + $nessus_arr[] = [ + $plug->get_PDI_ID(), + $plug->get_Nessus_ID() + ]; if (is_array($refs) && count($refs)) { foreach ($refs as $type => $ref) { foreach ($ref as $val) { - $meta_arr[] = array($plug->get_Nessus_ID(), $type, $val); + $meta_arr[] = array( + $plug->get_Nessus_ID(), + $type, + $val + ); } } } @@ -6921,38 +7149,37 @@ class db if (is_array($plugins_arr) && count($plugins_arr)) { $this->help->extended_insert("nessus_plugins", $plugins_fields, $plugins_arr, true); - if (!$this->help->execute()) { + if (! $this->help->execute()) { $this->help->debug(E_ERROR); } } if (is_array($update_arr) && count($update_arr)) { $this->help->extended_insert("tmp_nessus", $plugins_fields, $update_arr, true); - if (!$this->help->execute()) { + if (! $this->help->execute()) { $this->help->debug(E_ERROR); } $this->help->extended_update("nessus_plugins", "tmp_nessus", "plugin_id", $plugins_fields); - if (!$this->help->execute()) { + if (! $this->help->execute()) { $this->help->debug(E_ERROR); } } if (is_array($nessus_arr) && count($nessus_arr)) { $this->help->extended_insert("nessus", $nessus_fields, $nessus_arr, true); - if (!$this->help->execute()) { + if (! $this->help->execute()) { $this->help->debug(E_ERROR); } } if (is_array($meta_arr) && count($meta_arr)) { $this->help->extended_insert("nessus_meta", $meta_fields, $meta_arr, true); - if (!$this->help->execute()) { + if (! $this->help->execute()) { $this->help->debug(E_ERROR); } } - } - else { + } else { return false; } @@ -6965,28 +7192,21 @@ class db * Getter function for oval * * @param string $oval_id - * Oval ID to retrieve from database + * Oval ID to retrieve from database * - * @return oval|NULL - * Returns oval object, or null if none found + * @return oval|NULL Returns oval object, or null if none found */ public function get_Oval($oval_id) { $oval = null; - $sql = "SELECT " . - "`pdi_id`, `oval_id`, `title`, `desc`, `platform`, `ext_def`, `ext_def_op` " . - "FROM sagacity.oval " . - "WHERE `oval_id` = '" . $this->conn->real_escape_string($oval_id) . "'"; + $sql = "SELECT " . "`pdi_id`, `oval_id`, `title`, `desc`, `platform`, `ext_def`, `ext_def_op` " . "FROM sagacity.oval " . "WHERE `oval_id` = '" . $this->conn->real_escape_string($oval_id) . "'"; if ($res = $this->conn->query($sql)) { $row = $res->fetch_assoc(); $oval = new oval($row['pdi_id'], $row['oval_id'], $row['title'], $row['desc'], $row['platform'], $row['ext_def'], $row['ext_def_op']); - $sql = "SELECT" . - "`oval_id`, `source`, `url`, `ref_id` " . - "FROM sagacity.oval_ref " . - "WHERE `oval_id` = '" . $this->conn->real_escape_string($row['oval_id']) . "'"; + $sql = "SELECT" . "`oval_id`, `source`, `url`, `ref_id` " . "FROM sagacity.oval_ref " . "WHERE `oval_id` = '" . $this->conn->real_escape_string($row['oval_id']) . "'"; if ($res2 = $this->conn->query($sql)) { while ($row2 = $res2->fetch_assoc()) { @@ -6994,15 +7214,13 @@ class db $oval->add_Reference($ref); } - } - else { + } else { Sagacity_Error::sql_handler($sql); error_log($this->conn->error); } return $oval; - } - else { + } else { Sagacity_Error::sql_handler($sql); error_log($this->conn->error); } @@ -7014,84 +7232,49 @@ class db * Function to create a OVAL xml file to import into SCC * * @param string $os - * Operating system version to query + * Operating system version to query * - * @return string - * Returns string representing XML + * @return string Returns string representing XML */ public function get_OS_Oval($os) { - $xmlns = "xmlns = 'http://oval.mitre.org/XMLSchema/oval-definitions-5#windows'"; + $xmlns = "xmlns = 'http://oval.mitre.org/XMLSchema/oval-definitions-5#windows'"; // ------------------------------ Start ----------------------------- // create temporary db table to combine all OVAL checks marked 'M' and not 'M' - $tmp_sql = "CREATE TEMPORARY TABLE `tmp_oval` SELECT " . - "pdi.`id`, o.`oval_id`, s.`stig_id`, vms.`vms_id`, pdi.`check_contents`, pdi.`short_title` " . - "FROM `pdi_catalog` AS pdi " . - "LEFT JOIN `oval` AS o ON pdi.`id` = o.`pdi_id` " . - "LEFT JOIN `stigs` AS s ON pdi.`id` = s.`pdi_id` " . - "LEFT JOIN `golddisk` AS vms ON pdi.`id` = vms.`pdi_id` " . - "LEFT JOIN `pdi_checklist_lookup` AS lookup ON pdi.`id` = lookup.`pdi_id` " . - "LEFT JOIN `checklist` AS c ON lookup.`checklist_id` = c.`id` " . - "LEFT JOIN `software` AS sft ON sft.`id` = c.`sw_id` " . - "WHERE " . - "o.`oval_id` = 'M' AND " . - "pdi.`check_contents` LIKE '%Registry Hive%' AND " . - "sft.`man` = 'MS' AND " . - "sft.`name` = 'Windows' AND " . - "sft.`ver` = '$os' " . - "GROUP BY `stig_id`"; + $tmp_sql = "CREATE TEMPORARY TABLE `tmp_oval` SELECT " . "pdi.`id`, o.`oval_id`, s.`stig_id`, vms.`vms_id`, pdi.`check_contents`, pdi.`short_title` " . "FROM `pdi_catalog` AS pdi " . "LEFT JOIN `oval` AS o ON pdi.`id` = o.`pdi_id` " . "LEFT JOIN `stigs` AS s ON pdi.`id` = s.`pdi_id` " . "LEFT JOIN `golddisk` AS vms ON pdi.`id` = vms.`pdi_id` " . "LEFT JOIN `pdi_checklist_lookup` AS lookup ON pdi.`id` = lookup.`pdi_id` " . "LEFT JOIN `checklist` AS c ON lookup.`checklist_id` = c.`id` " . "LEFT JOIN `software` AS sft ON sft.`id` = c.`sw_id` " . "WHERE " . "o.`oval_id` = 'M' AND " . "pdi.`check_contents` LIKE '%Registry Hive%' AND " . "sft.`man` = 'MS' AND " . "sft.`name` = 'Windows' AND " . "sft.`ver` = '$os' " . "GROUP BY `stig_id`"; $this->conn->real_query($tmp_sql); // delete rows in temporary table from other checklist that cannot designated as manual - $del_sql = "DELETE FROM tmp_oval " . - "WHERE `id` IN (" . - "SELECT pdi.`id` " . - "FROM `pdi_catalog` AS pdi " . - "LEFT JOIN `oval` AS o ON pdi.`id` = o.`pdi_id` " . - "LEFT JOIN `stigs` AS s ON pdi.`id` = s.`pdi_id` " . - "LEFT JOIN `golddisk` AS vms ON pdi.`id` = vms.`pdi_id` " . - "LEFT JOIN `pdi_checklist_lookup` AS lookup ON pdi.`id` = lookup.`pdi_id` " . - "LEFT JOIN `checklist` AS c ON lookup.`checklist_id` = c.`id` " . - "LEFT JOIN `software` AS sft ON sft.`id` = c.`sw_id` " . - "WHERE " . - "o.`oval_id` != 'M' AND " . - "pdi.`check_contents` REGEXP 'Registry Hive' AND " . - "sft.`man` = 'MS' AND " . - "sft.`name` = 'Windows' AND " . - "sft.`ver` = '$os' " . - "GROUP BY pdi.`id`)"; + $del_sql = "DELETE FROM tmp_oval " . "WHERE `id` IN (" . "SELECT pdi.`id` " . "FROM `pdi_catalog` AS pdi " . "LEFT JOIN `oval` AS o ON pdi.`id` = o.`pdi_id` " . "LEFT JOIN `stigs` AS s ON pdi.`id` = s.`pdi_id` " . "LEFT JOIN `golddisk` AS vms ON pdi.`id` = vms.`pdi_id` " . "LEFT JOIN `pdi_checklist_lookup` AS lookup ON pdi.`id` = lookup.`pdi_id` " . "LEFT JOIN `checklist` AS c ON lookup.`checklist_id` = c.`id` " . "LEFT JOIN `software` AS sft ON sft.`id` = c.`sw_id` " . "WHERE " . "o.`oval_id` != 'M' AND " . "pdi.`check_contents` REGEXP 'Registry Hive' AND " . "sft.`man` = 'MS' AND " . "sft.`name` = 'Windows' AND " . "sft.`ver` = '$os' " . "GROUP BY pdi.`id`)"; $this->conn->real_query($del_sql); - $sql = "SELECT " . - "`id`, `oval_id`, `stig_id`, `vms_id`, `check_contents`, `short_title` " . - "FROM `tmp_oval`"; + $sql = "SELECT " . "`id`, `oval_id`, `stig_id`, `vms_id`, `check_contents`, `short_title` " . "FROM `tmp_oval`"; if ($sth = $this->conn->prepare($sql)) { if ($sth->execute()) { - $pdi_id = 0; - $oval_id = ''; - $stig_id = ''; - $vms_id = ''; + $pdi_id = 0; + $oval_id = ''; + $stig_id = ''; + $vms_id = ''; $check_contents = ''; - $short_title = ''; - $x = 0; + $short_title = ''; + $x = 0; $sth->bind_result($pdi_id, $oval_id, $stig_id, $vms_id, $check_contents, $short_title); // oval_file xml validation check - $root = ''; -// declaring string variables and setting values to empty - $def = ''; - $tst = ''; - $obj = ''; - $ste = ''; -// generator node in xml format - $date = new DateTime(); // insert date and time when file completed - $gen = "DISA FSO5.3" . - $date->format(DATE_W3C) . ""; + $root = ''; + // declaring string variables and setting values to empty + $def = ''; + $tst = ''; + $obj = ''; + $ste = ''; + // generator node in xml format + $date = new DateTime(); // insert date and time when file completed + $gen = "DISA FSO5.3" . $date->format(DATE_W3C) . ""; while ($sth->fetch()) { - $x++; + $x ++; $match = []; preg_match('/Registry Hive: +(\S*)/', $check_contents, $match); $hive = $match[1]; @@ -7104,7 +7287,7 @@ class db if (is_array($match) && count($match) == 2) { $c_operator = 'AND'; - $c_count = 1; + $c_count = 1; } preg_match('/Type: +(\S*)/', $check_contents, $match); @@ -7114,109 +7297,62 @@ class db $value = is_array($match) && count($match) > 0 ? $match[1] : "PDI ID: $pdi_id" . PHP_EOL; if (strpos($type, "PDI ID: " . $pdi_id) !== false) { -// print "$pdi_id, $vms_id this VMS item cannot be automated".PHP_EOL.PHP_EOL; + // print "$pdi_id, $vms_id this VMS item cannot be automated".PHP_EOL.PHP_EOL; continue; } -// variables set for various xml nodes - $def_id = 'oval:smc.gpea.windows:def:' . $pdi_id; - $tst_id = 'oval:smc.gpea.windows:tst:' . $pdi_id . "00"; - $ste_id = 'oval:smc.gpea.windows:ste:' . $pdi_id . "00"; - $obj_id = 'oval:smc.gpea.windows:obj:' . $pdi_id . "00"; - $var_id = 'oval:smc.gpea.windows:var:' . $pdi_id . "00"; - $def_class = 'compliance'; - $m_family = 'windows'; - $aft_platform = 'Microsoft Windows ' . $os; + // variables set for various xml nodes + $def_id = 'oval:smc.gpea.windows:def:' . $pdi_id; + $tst_id = 'oval:smc.gpea.windows:tst:' . $pdi_id . "00"; + $ste_id = 'oval:smc.gpea.windows:ste:' . $pdi_id . "00"; + $obj_id = 'oval:smc.gpea.windows:obj:' . $pdi_id . "00"; + $var_id = 'oval:smc.gpea.windows:var:' . $pdi_id . "00"; + $def_class = 'compliance'; + $m_family = 'windows'; + $aft_platform = 'Microsoft Windows ' . $os; $tst_chk_existence = ($c_count == 1 ? "all_exist" : ''); -// definitions node in xml format - $def .= "" . "" . - "$short_title" . "" . - "$aft_platform" . "" . - "" . - "$short_title" . "" . - ""; + // definitions node in xml format + $def .= "" . "" . "$short_title" . "" . "$aft_platform" . "" . "" . "$short_title" . "" . ""; if ($c_count == 1) { - $def .= "" . PHP_EOL; + $def .= "" . PHP_EOL; } $def .= ""; - $tst .= "" . - "" . "" . - ""; + $tst .= "" . "" . "" . ""; - if (substr($path, -1) != "\\") { + if (substr($path, - 1) != "\\") { $path .= "\\"; } - $obj .= "" . - "" . strtoupper($hive) . "" . - "$path" . "$name" . - ""; + $obj .= "" . "" . strtoupper($hive) . "" . "$path" . "$name" . ""; - $ste .= "" . "" . - strtolower($type) . "" . "$value" . ""; + $ste .= "" . "" . strtolower($type) . "" . "$value" . ""; } $sth->close(); } } -// ------------------------------ End ----------------------------- -// ------------------------------ Start ----------------------------- - $tmp_sql = "CREATE TEMPORARY TABLE `tmp_oval` SELECT " . - "pdi.`id`,o.`oval_id`,s.`stig_id`,vms.`vms_id`,pdi.`check_contents`,pdi.`short_title` " . - "FROM `sagacity`.`pdi_catalog` AS pdi " . - "LEFT JOIN `sagacity`.`oval` AS o ON pdi.`id`=o.`pdi_id` " . - "LEFT JOIN `sagacity`.`stigs` AS s ON pdi.`id`=s.`pdi_id` " . - "LEFT JOIN `sagacity`.`golddisk` AS vms ON pdi.`id`=vms.`pdi_id` " . - "LEFT JOIN `sagacity`.`pdi_checklist_lookup` AS lookup ON pdi.`id`=lookup.`pdi_id` " . - "LEFT JOIN `sagacity`.`checklist` AS c ON lookup.`checklist_id`=c.`id` " . - "LEFT JOIN `sagacity`.`software` AS sft ON sft.`id`=c.`sw_id` " . - "WHERE " . - "o.`oval_id`='M' AND " . - "pdi.`check_contents` LIKE '%AuditPol%' AND " . - "sft.`man`='MS' AND " . - "sft.`name`='Windows' AND " . - "sft.`ver`='$os' " . - "GROUP BY `stig_id`"; + // ------------------------------ End ----------------------------- + // ------------------------------ Start ----------------------------- + $tmp_sql = "CREATE TEMPORARY TABLE `tmp_oval` SELECT " . "pdi.`id`,o.`oval_id`,s.`stig_id`,vms.`vms_id`,pdi.`check_contents`,pdi.`short_title` " . "FROM `sagacity`.`pdi_catalog` AS pdi " . "LEFT JOIN `sagacity`.`oval` AS o ON pdi.`id`=o.`pdi_id` " . "LEFT JOIN `sagacity`.`stigs` AS s ON pdi.`id`=s.`pdi_id` " . "LEFT JOIN `sagacity`.`golddisk` AS vms ON pdi.`id`=vms.`pdi_id` " . "LEFT JOIN `sagacity`.`pdi_checklist_lookup` AS lookup ON pdi.`id`=lookup.`pdi_id` " . "LEFT JOIN `sagacity`.`checklist` AS c ON lookup.`checklist_id`=c.`id` " . "LEFT JOIN `sagacity`.`software` AS sft ON sft.`id`=c.`sw_id` " . "WHERE " . "o.`oval_id`='M' AND " . "pdi.`check_contents` LIKE '%AuditPol%' AND " . "sft.`man`='MS' AND " . "sft.`name`='Windows' AND " . "sft.`ver`='$os' " . "GROUP BY `stig_id`"; $this->conn->real_query($tmp_sql); - $del_sql = "DELETE FROM tmp_oval " . - "WHERE `id` IN (" . - "SELECT pdi.`id` " . - "FROM `sagacity`.`pdi_catalog` AS pdi " . - "LEFT JOIN `sagacity`.`oval` AS o ON pdi.`id`=o.`pdi_id` " . - "LEFT JOIN `sagacity`.`stigs` AS s ON pdi.`id`=s.`pdi_id` " . - "LEFT JOIN `sagacity`.`golddisk` AS vms ON pdi.`id`=vms.`pdi_id` " . - "LEFT JOIN `sagacity`.`pdi_checklist_lookup` AS lookup ON pdi.`id`=lookup.`pdi_id` " . - "LEFT JOIN `sagacity`.`checklist` AS c ON lookup.`checklist_id`=c.`id` " . - "LEFT JOIN `sagacity`.`software` AS sft ON sft.`id`=c.`sw_id` " . - "WHERE " . - "o.`oval_id`!='M' AND " . - "pdi.`check_contents` REGEXP 'AuditPol' AND " . - "sft.`man`='MS' AND " . - "sft.`name`='Windows' AND " . - "sft.`ver`='$os' " . - "GROUP BY pdi.`id`)"; + $del_sql = "DELETE FROM tmp_oval " . "WHERE `id` IN (" . "SELECT pdi.`id` " . "FROM `sagacity`.`pdi_catalog` AS pdi " . "LEFT JOIN `sagacity`.`oval` AS o ON pdi.`id`=o.`pdi_id` " . "LEFT JOIN `sagacity`.`stigs` AS s ON pdi.`id`=s.`pdi_id` " . "LEFT JOIN `sagacity`.`golddisk` AS vms ON pdi.`id`=vms.`pdi_id` " . "LEFT JOIN `sagacity`.`pdi_checklist_lookup` AS lookup ON pdi.`id`=lookup.`pdi_id` " . "LEFT JOIN `sagacity`.`checklist` AS c ON lookup.`checklist_id`=c.`id` " . "LEFT JOIN `sagacity`.`software` AS sft ON sft.`id`=c.`sw_id` " . "WHERE " . "o.`oval_id`!='M' AND " . "pdi.`check_contents` REGEXP 'AuditPol' AND " . "sft.`man`='MS' AND " . "sft.`name`='Windows' AND " . "sft.`ver`='$os' " . "GROUP BY pdi.`id`)"; $this->conn->real_query($del_sql); - $sql = "SELECT " . - "`id`,`oval_id`,`stig_id`,`vms_id`,`check_contents`,`short_title` " . - "FROM `tmp_oval`"; + $sql = "SELECT " . "`id`,`oval_id`,`stig_id`,`vms_id`,`check_contents`,`short_title` " . "FROM `tmp_oval`"; if ($sth = $this->conn->prepare($sql)) { if ($sth->execute()) { - $pdi_id = 0; - $oval_id = ''; - $stig_id = ''; - $vms_id = ''; + $pdi_id = 0; + $oval_id = ''; + $stig_id = ''; + $vms_id = ''; $check_contents = ''; - $short_title = ''; - $x = 0; + $short_title = ''; + $x = 0; $sth->bind_result($pdi_id, $oval_id, $stig_id, $vms_id, $check_contents, $short_title); $sth->store_result(); @@ -7230,37 +7366,29 @@ class db $ste_id = "oval:smc.gpea.windows:ste:" . $pdi_id . "00"; $arrow_idx = strpos($check_contents, '->') + 3; - $dash_idx = strpos($check_contents, ' - '); + $dash_idx = strpos($check_contents, ' - '); $subcat = substr($check_contents, $arrow_idx, $dash_idx - $arrow_idx); - $tag = str_replace(' ', '_', strtolower($subcat)); + $tag = str_replace(' ', '_', strtolower($subcat)); $audit = substr($check_contents, $dash_idx + 3); - $ste .= "" . - "<$tag datatype='string'>" . - ($audit == 'Failure' ? 'AUDIT_FAILURE' : 'AUDIT_SUCCESS') . "" . - ""; + $ste .= "" . "<$tag datatype='string'>" . ($audit == 'Failure' ? 'AUDIT_FAILURE' : 'AUDIT_SUCCESS') . "" . ""; - $tst .= "" . - "" . - "" . ""; + $tst .= "" . "" . "" . ""; } - } - else { + } else { error_log($sth->error); } - } - else { + } else { error_log($this->conn->error); } -// ------------------------------ End ----------------------------- -// ------------------------------ Start ----------------------------- -// ------------------------------ End ----------------------------- + // ------------------------------ End ----------------------------- + // ------------------------------ Start ----------------------------- + // ------------------------------ End ----------------------------- - $xml_string = $root . - "$gen$def$tst$obj$ste"; + $xml_string = $root . "$gen$def$tst$obj$ste"; return $xml_string; } @@ -7269,10 +7397,9 @@ class db * Function to get oval constant data from database * * @param string $oval_id - * Oval ID to get constant data for + * Oval ID to get constant data for * - * @return array - * Returns array of constant ID and value + * @return array Returns array of constant ID and value */ public function get_Oval_Const($oval_id) { @@ -7280,16 +7407,15 @@ class db if ($res = $this->conn->query($sql)) { $vals = []; - while ($row = $res->fetch_assoc()) { + while ($row = $res->fetch_assoc()) { $vals[] = $row['value']; } return array( 'const_id' => $row['const_id'], - 'values' => $vals + 'values' => $vals ); - } - else { + } else { Sagacity_Error::sql_handler($sql); error_log($this->conn->error); return null; @@ -7300,24 +7426,23 @@ class db * Function to add an Oval * * @param oval $oval - * Oval to add to database + * Oval to add to database * - * @return boolean - * Returns TRUE if successful, otherwise FALSE + * @return boolean Returns TRUE if successful, otherwise FALSE */ public function add_Oval($oval) { $this->help->insert("sagacity.oval", array( - 'pdi_id' => $oval->get_PDI_ID(), - 'oval_id' => $oval->get_Oval_ID(), - 'title' => $oval->get_Title(), - 'desc' => $oval->get_Description(), - 'platform' => $oval->get_Platform(), - 'ext_def' => $oval->get_External_Definition(), + 'pdi_id' => $oval->get_PDI_ID(), + 'oval_id' => $oval->get_Oval_ID(), + 'title' => $oval->get_Title(), + 'desc' => $oval->get_Description(), + 'platform' => $oval->get_Platform(), + 'ext_def' => $oval->get_External_Definition(), 'ext_def_op' => $oval->get_External_Definition_Operator() - ), true); + ), true); - if (!$this->help->execute()) { + if (! $this->help->execute()) { $this->help->debug(E_ERROR); return false; } @@ -7329,24 +7454,23 @@ class db * Function to save oval data * * @param oval $oval_in - * Oval to update database + * Oval to update database * - * @return boolean - * Returns TRUE if successful, otherwise FALSE + * @return boolean Returns TRUE if successful, otherwise FALSE */ public function save_Oval($oval_in) { $this->help->replace("sagacity.oval", array( - 'pdi_id' => $oval_in->get_PDI_ID(), - 'oval_id' => $oval_in->get_Oval_ID(), - 'title' => $oval_in->get_Title(), - 'desc' => $oval_in->get_Description(), - 'platform' => $oval_in->get_Platform(), - 'ext_def' => $oval_in->get_External_Definition(), + 'pdi_id' => $oval_in->get_PDI_ID(), + 'oval_id' => $oval_in->get_Oval_ID(), + 'title' => $oval_in->get_Title(), + 'desc' => $oval_in->get_Description(), + 'platform' => $oval_in->get_Platform(), + 'ext_def' => $oval_in->get_External_Definition(), 'ext_def_op' => $oval_in->get_External_Definition_Operator() )); - if (!$this->help->execute()) { + if (! $this->help->execute()) { $this->help->debug(E_ERROR); return false; } @@ -7360,12 +7484,11 @@ class db * Function to retrieve a PDI from the database * * @param integer $pdi_id - * PDI ID to get from database + * PDI ID to get from database * @param integer $chk_id - * Checklist ID to filter on + * Checklist ID to filter on * - * @return pdi|NULL - * Returns PDI object, or null if none found + * @return pdi|NULL Returns PDI object, or null if none found */ public function get_PDI($pdi_id, $chk_id = null) { @@ -7373,7 +7496,7 @@ class db $this->help->select("sagacity.pdi_catalog p", null, [ [ 'field' => 'p.id', - 'op' => '=', + 'op' => '=', 'value' => $pdi_id ] ]); @@ -7385,17 +7508,17 @@ class db $pdi->set_Short_Title($row['short_title']); $pdi->set_Check_Contents($row['check_contents']); - if (!is_null($chk_id)) { + if (! is_null($chk_id)) { $this->help->select("sagacity.pdi_checklist_lookup", null, [ [ 'field' => 'pdi_id', - 'op' => '=', + 'op' => '=', 'value' => $pdi_id ], [ - 'field' => 'checklist_id', - 'op' => '=', - 'value' => $chk_id, + 'field' => 'checklist_id', + 'op' => '=', + 'value' => $chk_id, 'sql_op' => 'AND' ] ]); @@ -7417,17 +7540,16 @@ class db * Function to get pdi catalog item from database * * @param integer $pdi_id - * Get PDI Catalog entry from database using this ID + * Get PDI Catalog entry from database using this ID * - * @return array|NULL - * Returns associative array with record, or null if none found + * @return array|NULL Returns associative array with record, or null if none found */ public function get_PDI_Catalog($pdi_id) { $this->help->select("sagacity.pdi", null, array( array( 'field' => 'pdi_id', - 'op' => '=', + 'op' => '=', 'value' => $pdi_id ) )); @@ -7439,67 +7561,65 @@ class db * Function to attempt to match text * * @param pdi $pdi - * PDI to match in database + * PDI to match in database * @param nessus $nessus - * Nessus to match in database + * Nessus to match in database * @param cve $cve - * CVE to match in database + * CVE to match in database * @param iavm $iavm - * IAVM to match in database + * IAVM to match in database * - * @return array|NULL - * Returns array of possible matches, or null if none found + * @return array|NULL Returns array of possible matches, or null if none found */ public function get_Matching_PDIs($pdi, $nessus, $cve, $iavm) { /* - $string = ''; - - if (!is_null($nessus)) { - $string = $nessus->get_Name() . ' ' . $nessus->get_Description() . ' ' . $nessus->get_Summary(); - } - elseif (!is_null($cve)) { - $string = $cve->get_Description(); - } - elseif (!is_null($iavm)) { - $string = $iavm->get_Title() . ' ' . $iavm->get_Executive_Summary(); - } - - foreach ($this->DISALLOWED as $word) { - $string = preg_replace("/\s" . $word . "\s/i", " ", $string); - } - - $sql = "SELECT " . - "MATCH(pdi.`short_title`,pdi.`description`,pdi.`check_content`) " . - "AGAINST('" . $this->conn->real_escape_string($string) . "' IN NATURAL LANGUAGE MODE) AS 'score'," . - "pdi.`id`,pdi.`short_title`,pdi.`description`,pdi.`check_content` " . - "FROM `sagacity`.`pdi_catalog` pdi " . - "GROUP BY pdi.`id`,`score` " . - "HAVING `score` > 10 " . - "ORDER BY `score` DESC " . - "LIMIT 0, 5"; - - $ret = []; - - if ($res = $this->conn->query($sql)) { - while ($row = $res->fetch_assoc()) { - $ret[] = array( - 'score' => number_format($row['score'], 3), - 'pdi_id' => $row['id'], - 'title' => $row['short_title'], - 'check_content' => $row['check_content'], - 'desc' => $row['description'] - ); - } - - return $ret; - } - else { - Sagacity_Error::sql_handler($sql); - error_log($this->conn->error); - } + * $string = ''; + * + * if (!is_null($nessus)) { + * $string = $nessus->get_Name() . ' ' . $nessus->get_Description() . ' ' . $nessus->get_Summary(); + * } + * elseif (!is_null($cve)) { + * $string = $cve->get_Description(); + * } + * elseif (!is_null($iavm)) { + * $string = $iavm->get_Title() . ' ' . $iavm->get_Executive_Summary(); + * } + * + * foreach ($this->DISALLOWED as $word) { + * $string = preg_replace("/\s" . $word . "\s/i", " ", $string); + * } + * + * $sql = "SELECT " . + * "MATCH(pdi.`short_title`,pdi.`description`,pdi.`check_content`) " . + * "AGAINST('" . $this->conn->real_escape_string($string) . "' IN NATURAL LANGUAGE MODE) AS 'score'," . + * "pdi.`id`,pdi.`short_title`,pdi.`description`,pdi.`check_content` " . + * "FROM `sagacity`.`pdi_catalog` pdi " . + * "GROUP BY pdi.`id`,`score` " . + * "HAVING `score` > 10 " . + * "ORDER BY `score` DESC " . + * "LIMIT 0, 5"; + * + * $ret = []; + * + * if ($res = $this->conn->query($sql)) { + * while ($row = $res->fetch_assoc()) { + * $ret[] = array( + * 'score' => number_format($row['score'], 3), + * 'pdi_id' => $row['id'], + * 'title' => $row['short_title'], + * 'check_content' => $row['check_content'], + * 'desc' => $row['description'] + * ); + * } + * + * return $ret; + * } + * else { + * Sagacity_Error::sql_handler($sql); + * error_log($this->conn->error); + * } */ - return null; } @@ -7507,10 +7627,9 @@ class db * Function to try and find a PDI * * @param array $data_in - * An array of a type and value to search for. This will primarily be intended for types that don't have a readily available link to a PDI (nessus, retina, CVE, IAVM, etc). + * An array of a type and value to search for. This will primarily be intended for types that don't have a readily available link to a PDI (nessus, retina, CVE, IAVM, etc). * - * @return integer - * Returns the PDI id of the matching entry, or 0 if none found + * @return integer Returns the PDI id of the matching entry, or 0 if none found */ public function find_PDI($data_in) { @@ -7523,8 +7642,7 @@ class db if ($nessus->get_PDI_ID()) { return $nessus->get_PDI_ID(); - } - else { + } else { $cves = $nessus->get_Reference_By_Type('cve'); foreach ($cves as $cve_num) { $cve = $this->get_CVE($cve_num); @@ -7537,12 +7655,11 @@ class db while ($row = $res->fetch_assoc()) { $iavm = $this->get_IAVM($row['noticeId']); - if (!is_null($iavm)) { + if (! is_null($iavm)) { return $iavm->get_PDI_ID(); } } - } - else { + } else { Sagacity_Error::sql_handler($sql); error_log($this->conn->error); } @@ -7550,14 +7667,7 @@ class db $bids = $nessus->get_Reference_By_Type('bid'); foreach ($bids as $bid_num) { - $sql = "SELECT iavm.`pdi_id` " . - "FROM `sagacity`.`nessus_refs` nr " . - "JOIN `sagacity`.`iavm_bids` ib ON ib.`bid`=nr.`val` " . - "JOIN `sagacity`.`iavm_notices` iavm ON iavm.`noticeId`=ib.`iavm_notice_id` " . - "WHERE " . - "nr.`type`='bid' AND " . - "nr.`val`=" . $this->conn->real_escape_string($bid_num) . " AND " . - "nr.`plugin_id`=" . $this->conn->real_escape_string($nessus->get_Nessus_ID()); + $sql = "SELECT iavm.`pdi_id` " . "FROM `sagacity`.`nessus_refs` nr " . "JOIN `sagacity`.`iavm_bids` ib ON ib.`bid`=nr.`val` " . "JOIN `sagacity`.`iavm_notices` iavm ON iavm.`noticeId`=ib.`iavm_notice_id` " . "WHERE " . "nr.`type`='bid' AND " . "nr.`val`=" . $this->conn->real_escape_string($bid_num) . " AND " . "nr.`plugin_id`=" . $this->conn->real_escape_string($nessus->get_Nessus_ID()); if ($res = $this->conn->query($sql)) { while ($row = $res->fetch_assoc()) { return $row['pdi_id']; @@ -7573,12 +7683,12 @@ class db * Function to save an existing PDI * * @param pdi $pdi_in - * The PDI to save or update - * @param checklist $checklist [optional] - * The checklist to link new PDIs to (if null links to Orphan checklist) + * The PDI to save or update + * @param checklist $checklist + * [optional] + * The checklist to link new PDIs to (if null links to Orphan checklist) * - * @return boolean|int - * Returns ID of PDI or FALSE if failed to save. + * @return boolean|int Returns ID of PDI or FALSE if failed to save. */ public function save_PDI($pdi_in, $checklist = null) { @@ -7586,34 +7696,33 @@ class db if ($pdi_in->get_ID()) { $this->help->update('sagacity.pdi_catalog', [ - 'cat' => $pdi_in->get_Category_Level(), - 'update' => $pdi_in->get_Last_Update(), - 'short_title' => $pdi_in->get_Short_Title(), + 'cat' => $pdi_in->get_Category_Level(), + 'update' => $pdi_in->get_Last_Update(), + 'short_title' => $pdi_in->get_Short_Title(), 'check_contents' => $pdi_in->get_Check_Contents() - ], [ + ], [ [ 'field' => 'id', - 'op' => '=', + 'op' => '=', 'value' => $pdi_in->get_ID() ] ]); - if (!$this->help->execute()) { + if (! $this->help->execute()) { $this->help->debug(E_ERROR); return false; } $pdi_id = $pdi_in->get_ID(); - } - else { + } else { $this->help->insert("sagacity.pdi_catalog", [ - "cat" => $pdi_in->get_Category_Level(), - 'update' => $pdi_in->get_Last_Update(), - 'short_title' => $pdi_in->get_Short_Title(), + "cat" => $pdi_in->get_Category_Level(), + 'update' => $pdi_in->get_Last_Update(), + 'short_title' => $pdi_in->get_Short_Title(), 'check_contents' => $pdi_in->get_Check_Contents() ]); - if (!($pdi_id = $this->help->execute())) { + if (! ($pdi_id = $this->help->execute())) { $this->help->debug(E_ERROR); return false; } @@ -7627,35 +7736,33 @@ class db if (is_array($checklist) && isset($checklist[0]) && is_a($checklist[0], 'checklist')) { $this->help->insert('sagacity.pdi_checklist_lookup', [ - 'pdi_id' => $pdi_id, - 'checklist_id' => $checklist[0]->get_ID(), + 'pdi_id' => $pdi_id, + 'checklist_id' => $checklist[0]->get_ID(), 'check_contents' => $pdi_in->get_Check_Contents(), - 'group_title' => $pdi_in->get_Group_Title(), - 'short_title' => $pdi_in->get_Short_Title(), - 'fix_text' => $pdi_in->get_Fix_Text() - ], true); + 'group_title' => $pdi_in->get_Group_Title(), + 'short_title' => $pdi_in->get_Short_Title(), + 'fix_text' => $pdi_in->get_Fix_Text() + ], true); - if (!$this->help->execute()) { + if (! $this->help->execute()) { $this->help->debug(E_ERROR); return false; } - } - elseif (is_a($checklist, 'checklist')) { + } elseif (is_a($checklist, 'checklist')) { $this->help->insert("sagacity.pdi_checklist_lookup", array( - 'pdi_id' => $pdi_id, - 'checklist_id' => $checklist->get_ID(), + 'pdi_id' => $pdi_id, + 'checklist_id' => $checklist->get_ID(), 'check_contents' => $pdi_in->get_Check_Contents(), - 'group_title' => $pdi_in->get_Group_Title(), - 'short_title' => $pdi_in->get_Short_Title(), - 'fix_text' => $pdi_in->get_Fix_Text() - ), true); + 'group_title' => $pdi_in->get_Group_Title(), + 'short_title' => $pdi_in->get_Short_Title(), + 'fix_text' => $pdi_in->get_Fix_Text() + ), true); - if (!$this->help->execute()) { + if (! $this->help->execute()) { $this->help->debug(E_ERROR); return false; } - } - else { + } else { Sagacity_Error::err_handler("Cannon link PDI ID $pdi_id with a checklist", E_WARNING); } @@ -7666,51 +7773,53 @@ class db * Function to save the check contents to a specific PDI and checklist * * @param pdi $pdi_in - * The PDI (containing the check contents) + * The PDI (containing the check contents) * @param checklist $checklist_in - * The checklist - * @param string $check_contents_in [optional] - * The check contents to save (will use check contents in $pdi_in if this is null) - * @param string $fix_text_in [optional] - * The fix text to save + * The checklist + * @param string $check_contents_in + * [optional] + * The check contents to save (will use check contents in $pdi_in if this is null) + * @param string $fix_text_in + * [optional] + * The fix text to save * - * @return boolean - * Returns TRUE if successful, otherwise FALSE + * @return boolean Returns TRUE if successful, otherwise FALSE */ public function save_Check_Contents($pdi_in, $checklist_in, $check_contents_in = null, $fix_text_in = null) { $this->help->replace("sagacity.pdi_checklist_lookup", array( - 'pdi_id' => $pdi_in->get_ID(), - 'checklist_id' => $checklist_in->get_ID(), - 'group_title' => $pdi_in->get_Group_Title(), - 'short_title' => $pdi_in->get_Short_Title(), - 'check_contents' => (!is_null($check_contents_in) ? $check_contents_in : $pdi_in->get_Check_Contents()), - 'fix_text' => (!is_null($fix_text_in) ? $fix_text_in : $pdi_in->get_Fix_Text()) + 'pdi_id' => $pdi_in->get_ID(), + 'checklist_id' => $checklist_in->get_ID(), + 'group_title' => $pdi_in->get_Group_Title(), + 'short_title' => $pdi_in->get_Short_Title(), + 'check_contents' => (! is_null($check_contents_in) ? $check_contents_in : $pdi_in->get_Check_Contents()), + 'fix_text' => (! is_null($fix_text_in) ? $fix_text_in : $pdi_in->get_Fix_Text()) )); - if (!$this->help->execute()) { + if (! $this->help->execute()) { return false; } return true; } -// }}} -// {{{ PROC_IA_CONTROLS CLASS FUNCTIONS + // }}} + // {{{ PROC_IA_CONTROLS CLASS FUNCTIONS /** * Function to get all procedural IA controls for specified system * * @param ste $ste_in - * ST&E to query the database for - * @param string $control_id [optional] - * Control ID to query (default null) + * ST&E to query the database for + * @param string $control_id + * [optional] + * Control ID to query (default null) * - * @return array:proc_ia_controls - * Return array of proc_ia_controls and associated sub controls, or empty array if none found + * @return array:proc_ia_controls Return array of proc_ia_controls and associated sub controls, or empty array if none found */ public function get_Proc_IA_Controls($ste_in, $control_id = null) { $ret = []; - $sys = $this->get_System($ste_in->get_System()->get_ID())[0]; + $sys = $this->get_System($ste_in->get_System() + ->get_ID())[0]; switch ($sys->get_Classification()) { case 'Public': $class = 'pub'; @@ -7725,16 +7834,9 @@ class db $class = ''; } - $sql = "SELECT " . - "pia.`control_id`,pia.`name`,pia.`subject_area`,pia.`description`," . - "pia.`threat_vul_cm`,pia.`gen_imp_guide`,pia.`guide_resource`,pia.`impact` " . - "FROM `sagacity`.`proc_ia_controls` pia " . - "LEFT JOIN `sagacity`.`proc_level_type` plt ON plt.`proc_control`=pia.`control_id` " . - "WHERE plt.`type`='diacap' AND " . - "plt.`level`=" . $sys->get_MAC() . " AND " . - "plt.`class`='$class'"; + $sql = "SELECT " . "pia.`control_id`,pia.`name`,pia.`subject_area`,pia.`description`," . "pia.`threat_vul_cm`,pia.`gen_imp_guide`,pia.`guide_resource`,pia.`impact` " . "FROM `sagacity`.`proc_ia_controls` pia " . "LEFT JOIN `sagacity`.`proc_level_type` plt ON plt.`proc_control`=pia.`control_id` " . "WHERE plt.`type`='diacap' AND " . "plt.`level`=" . $sys->get_MAC() . " AND " . "plt.`class`='$class'"; - if (!is_null($control_id)) { + if (! is_null($control_id)) { $sql .= " AND pia.`control_id`='" . $this->conn->real_escape_string($control_id) . "'"; } @@ -7742,56 +7844,43 @@ class db while ($row = $res->fetch_assoc()) { $ia = new proc_ia_controls($row['control_id'], $row['name'], $row['subject_area'], $row['description'], $row['threat_vul_cm'], $row['gen_imp_guide'], $row['guide_resource'], $row['impact']); - $sql2 = "SELECT `ste_id`,`control_id`,`vul_desc`,`mitigations`,`references`,`risk_analysis`,`notes`,`done` " . - "FROM `sagacity`.`control_findings` " . - "WHERE `ste_id`=" . $ste_in->get_ID() . " AND " . - "`control_id`='" . $row['control_id'] . "'"; + $sql2 = "SELECT `ste_id`,`control_id`,`vul_desc`,`mitigations`,`references`,`risk_analysis`,`notes`,`done` " . "FROM `sagacity`.`control_findings` " . "WHERE `ste_id`=" . $ste_in->get_ID() . " AND " . "`control_id`='" . $row['control_id'] . "'"; if ($res2 = $this->conn->query($sql2)) { if ($res2->num_rows > 0) { $row2 = $res2->fetch_assoc(); - $ia->finding->control_id = $row2['control_id']; - $ia->finding->ste_id = $row2['ste_id']; - $ia->finding->vul_desc = $row2['vul_desc']; - $ia->finding->mitigations = $row2['mitigations']; - $ia->finding->reference = $row2['references']; - $ia->finding->notes = $row2['notes']; + $ia->finding->control_id = $row2['control_id']; + $ia->finding->ste_id = $row2['ste_id']; + $ia->finding->vul_desc = $row2['vul_desc']; + $ia->finding->mitigations = $row2['mitigations']; + $ia->finding->reference = $row2['references']; + $ia->finding->notes = $row2['notes']; $ia->finding->risk_analysis = $row2['risk_analysis']; - $ia->finding->done = $row2['done']; + $ia->finding->done = $row2['done']; } } - $sql2 = "SELECT " . - "`sub_control_id`,`name`,`objective`," . - "`prep`,`script`,`exp_result` " . - "FROM `sagacity`.`proc_ia_sub_controls` " . - "WHERE `parent_control_id`='" . $row['control_id'] . "'"; + $sql2 = "SELECT " . "`sub_control_id`,`name`,`objective`," . "`prep`,`script`,`exp_result` " . "FROM `sagacity`.`proc_ia_sub_controls` " . "WHERE `parent_control_id`='" . $row['control_id'] . "'"; if ($res2 = $this->conn->query($sql2)) { while ($row2 = $res2->fetch_assoc()) { $ia_sub = new proc_sub_ia_controls($row2['sub_control_id'], $row2['name'], $row2['objective'], $row2['prep'], $row2['script'], $row2['exp_result']); - $sql3 = "SELECT " . - "`ste_id`,`proc_id`,`status`,`test_results`," . - "`mitigations`,`milestones`,`ref`,`notes` " . - "FROM `sagacity`.`proc_findings` " . - "WHERE `ste_id`=" . $ste_in->get_ID() . " AND " . - "`proc_id`='" . $row2['sub_control_id'] . "'"; + $sql3 = "SELECT " . "`ste_id`,`proc_id`,`status`,`test_results`," . "`mitigations`,`milestones`,`ref`,`notes` " . "FROM `sagacity`.`proc_findings` " . "WHERE `ste_id`=" . $ste_in->get_ID() . " AND " . "`proc_id`='" . $row2['sub_control_id'] . "'"; if ($res3 = $this->conn->query($sql3)) { if ($res3->num_rows > 0) { $row3 = $res3->fetch_assoc(); - $ia_sub->finding->control_id = $row3['proc_id']; - $ia_sub->finding->ste_id = $row3['ste_id']; + $ia_sub->finding->control_id = $row3['proc_id']; + $ia_sub->finding->ste_id = $row3['ste_id']; $ia_sub->finding->test_result = $row3['test_results']; - $ia_sub->finding->mitigation = $row3['mitigations']; - $ia_sub->finding->milestone = $row3['milestones']; - $ia_sub->finding->reference = $row3['ref']; - $ia_sub->finding->notes = $row3['notes']; - $ia_sub->finding->status = $row3['status']; - } - else { + $ia_sub->finding->mitigation = $row3['mitigations']; + $ia_sub->finding->milestone = $row3['milestones']; + $ia_sub->finding->reference = $row3['ref']; + $ia_sub->finding->notes = $row3['notes']; + $ia_sub->finding->status = $row3['status']; + } else { $ia_sub->finding->status = 'Not Reviewed'; } } @@ -7802,8 +7891,7 @@ class db $ret[] = $ia; } - } - else { + } else { Sagacity_Error::sql_handler($sql); error_log($this->conn->error); } @@ -7811,8 +7899,8 @@ class db return $ret; } -// }}} -// {{{ INTERVIEW QUESTION CLASS FUNCTIONS + // }}} + // {{{ INTERVIEW QUESTION CLASS FUNCTIONS /** * Function to return the categories * @@ -7820,8 +7908,12 @@ class db */ public function get_Question_Categories() { - $ret = []; - $this->help->select("interview_questions", ['cat'], [], ['group' => 'cat']); + $ret = []; + $this->help->select("interview_questions", [ + 'cat' + ], [], [ + 'group' => 'cat' + ]); $rows = $this->help->execute(); if (is_array($rows) && count($rows) && isset($rows[0])) { @@ -7842,27 +7934,20 @@ class db public function get_Questions($cat_in, $type_in = null) { $ret = []; - $sql = "SELECT " . - "iq.`id`,iq.`key`,iq.`cat`,iq.`question`," . - "(SELECT ci.`answer` " . - "FROM `category_interview` ci " . - "WHERE ci.`ques_id`=iq.`id` AND ci.`cat_id`=" . $this->conn->real_escape_string($cat_in) . ") AS 'answer' " . - "FROM `interview_questions` iq " . - "WHERE iq.`cat`='" . $this->conn->real_escape_string($type_in) . "'"; + $sql = "SELECT " . "iq.`id`,iq.`key`,iq.`cat`,iq.`question`," . "(SELECT ci.`answer` " . "FROM `category_interview` ci " . "WHERE ci.`ques_id`=iq.`id` AND ci.`cat_id`=" . $this->conn->real_escape_string($cat_in) . ") AS 'answer' " . "FROM `interview_questions` iq " . "WHERE iq.`cat`='" . $this->conn->real_escape_string($type_in) . "'"; if ($res = $this->conn->query($sql)) { while ($row = $res->fetch_assoc()) { - $ques = new question(); - $ques->id = $row['id']; - $ques->cat = $row['cat']; - $ques->key = $row['key']; + $ques = new question(); + $ques->id = $row['id']; + $ques->cat = $row['cat']; + $ques->key = $row['key']; $ques->question = $row['question']; - $ques->answer = $row['answer']; + $ques->answer = $row['answer']; $ret[] = $ques; } - } - else { + } else { print $sql . "
"; print $this->conn->error; Sagacity_Error::sql_handler($sql); @@ -7881,30 +7966,37 @@ class db */ public function get_Interview_Answers($cat_id_in) { - $ret = []; - $this->help->select("interview_questions iq", ['iq.id', 'iq.key', 'iq.question', 'ci.answer'], [ + $ret = []; + $this->help->select("interview_questions iq", [ + 'iq.id', + 'iq.key', + 'iq.question', + 'ci.answer' + ], [ [ 'field' => 'ci.cat_id', - 'op' => '=', + 'op' => '=', 'value' => $cat_id_in ] - ], [ + ], [ 'table_joins' => "LEFT JOIN category_interview ci ON iq.id = ci.ques_id" ]); $rows = $this->help->execute(); if (is_array($rows) && count($rows) && isset($rows['id'])) { - $rows = [0 => $rows]; + $rows = [ + 0 => $rows + ]; } if (is_array($rows) && count($rows) && isset($rows[0])) { foreach ($rows as $row) { $ques = new question(); - $ques->id = $row['id']; - $ques->key = $row['key']; + $ques->id = $row['id']; + $ques->key = $row['key']; $ques->question = $row['question']; - $ques->answer = ($row['answer'] ? true : false); + $ques->answer = ($row['answer'] ? true : false); $ret[] = $ques; } @@ -7924,19 +8016,16 @@ class db $this->help->delete("category_interview", null, [ [ 'field' => 'cat_id', - 'op' => '=', + 'op' => '=', 'value' => $cat_in ] ]); $this->help->execute(); - $this->help->sql = "INSERT IGNORE INTO `category_interview` (`cat_id`,`ques_id`)" . - " SELECT " . $this->conn->real_escape_string($cat_in) . ",`id`" . - " FROM `interview_questions`" . - " WHERE `cat`='" . $this->conn->real_escape_string($type_in) . "'"; + $this->help->sql = "INSERT IGNORE INTO `category_interview` (`cat_id`,`ques_id`)" . " SELECT " . $this->conn->real_escape_string($cat_in) . ",`id`" . " FROM `interview_questions`" . " WHERE `cat`='" . $this->conn->real_escape_string($type_in) . "'"; $this->help->query_type = db_helper::INSERT; - if (!$this->help->execute()) { + if (! $this->help->execute()) { $this->help->debug(E_ERROR); return false; } @@ -7953,21 +8042,23 @@ class db */ public function set_QA($cat_id_in, $question) { - $this->help->update("category_interview", ['answer' => ($question->answer)], [ + $this->help->update("category_interview", [ + 'answer' => ($question->answer) + ], [ [ 'field' => 'ques_id', - 'op' => '=', + 'op' => '=', 'value' => $question->id ], [ - 'field' => 'cat_id', - 'op' => '=', - 'value' => $cat_id_in, + 'field' => 'cat_id', + 'op' => '=', + 'value' => $cat_id_in, 'sql_op' => 'AND' ] ]); - if (!$this->help->execute()) { + if (! $this->help->execute()) { $this->help->debug(E_ERROR); return false; } @@ -7975,24 +8066,21 @@ class db return true; } -// }}} -// {{{ RETINA CLASS FUNCTIONS + // }}} + // {{{ RETINA CLASS FUNCTIONS /** * Update retina data * * @param retina $retina_In - * Retina object to save to database + * Retina object to save to database * - * @return boolean - * Returns TRUE if successful, otherwise FALSE + * @return boolean Returns TRUE if successful, otherwise FALSE */ public function save_Retina($retina_In) { - $sql = "REPLACE INTO `sagacity`.`retina` (`pdi_id`,`retina_id`) VALUES (" . - $this->conn->real_escape_string($retina_In->get_PDI_ID()) . "," . - $this->conn->real_escape_string($retina_In->get_Retina_ID()) . ")"; + $sql = "REPLACE INTO `sagacity`.`retina` (`pdi_id`,`retina_id`) VALUES (" . $this->conn->real_escape_string($retina_In->get_PDI_ID()) . "," . $this->conn->real_escape_string($retina_In->get_Retina_ID()) . ")"; - if (!$this->conn->real_query($sql)) { + if (! $this->conn->real_query($sql)) { Sagacity_Error::sql_handler($sql); error_log($this->conn->error); return false; @@ -8001,11 +8089,11 @@ class db return true; } -// }}} -// {{{ RMF_CONTROL CLASS FUNCTIONS + // }}} + // {{{ RMF_CONTROL CLASS FUNCTIONS /** * Function to get all the RMF controls that apply to a certain baseline impact
- * Used for tailoring later + * Used for tailoring later * * @param string $baseline * @@ -8014,19 +8102,15 @@ class db public function get_RMF_Control_By_Baseline($baseline) { $ret = []; - if (!in_array($baseline, array("low", "moderate", "high"))) { + if (! in_array($baseline, array( + "low", + "moderate", + "high" + ))) { return []; } - $sql = "SELECT " . - "f.`abbr`,f.`name` AS 'family_name' " . - "c.`control_id`,c.`name` AS 'control_name',c.`pri`,c.`statement`,c.`guidance` " . - "cb.`impact_level` " . - "FROM `rmf`.`controls` c " . - "JOIN `rmf`.`control_baseline` cb ON cb.`control_id`=c.`control_id` " . - "JOIN `rmf`.`family` f ON f.`abbr`=c.`family_id` " . - "WHERE cb.`impact_level`='" . $this->conn->real_escape_string($baseline) . "'" - ; + $sql = "SELECT " . "f.`abbr`,f.`name` AS 'family_name' " . "c.`control_id`,c.`name` AS 'control_name',c.`pri`,c.`statement`,c.`guidance` " . "cb.`impact_level` " . "FROM `rmf`.`controls` c " . "JOIN `rmf`.`control_baseline` cb ON cb.`control_id`=c.`control_id` " . "JOIN `rmf`.`family` f ON f.`abbr`=c.`family_id` " . "WHERE cb.`impact_level`='" . $this->conn->real_escape_string($baseline) . "'"; if ($res = $this->conn->query($sql)) { while ($row = $res->fetch_assoc()) { @@ -8034,7 +8118,7 @@ class db $family->set_Abbr($row['abbr']); $family->set_Name($row['family_name']); - $rmf = new rmf_control(); + $rmf = new rmf_control(); $rmf->family = $family; $rmf->set_Control_ID($row['control_id']); $rmf->set_Name($row['control_name']); @@ -8048,8 +8132,7 @@ class db $ret[] = $rmf; } - } - else { + } else { Sagacity_Error::sql_handler($sql); error_log($this->conn->error); } @@ -8064,17 +8147,13 @@ class db */ public function get_RMF_Related_Controls(rmf_control &$rmf) { - $sql = "SELECT rc.`related_control_id` " . - "FROM `rmf`.`related_controls rc " . - "WHERE rc.`control_id`='" . $this->conn->real_escape_string($rmf->get_Control_ID()) . "'" - ; + $sql = "SELECT rc.`related_control_id` " . "FROM `rmf`.`related_controls rc " . "WHERE rc.`control_id`='" . $this->conn->real_escape_string($rmf->get_Control_ID()) . "'"; if ($res = $this->conn->query($sql)) { while ($row = $res->fetch_assoc()) { $rmf->add_Related_Control($row['related_control_id']); } - } - else { + } else { Sagacity_Error::sql_handler($sql); error_log($this->conn->error); } @@ -8088,14 +8167,7 @@ class db */ public function get_RMF_Enhanced_Controls(rmf_control &$rmf, $baseline = null) { - $sql = "SELECT " . - "ce.`enh_id`,ce.`name`,ce.`desc`,ce.`guidance` " . - "FROM `rmf`.`control_enh` ce " . - "JOIN `rmf`.`enhancement_baseline eb ON eb.`control_id`=ce.`control_id` AND " . - "eb.`enh_id`=ce.`enh_id` " . - "WHERE ce.`control_id`='" . $this->conn->real_escape_string($rmf->get_Control_ID()) . "' AND " . - "eb.`impact`='" . (is_null($baseline) ? $rmf->get_Worst_Baseline() : $baseline) . "'" - ; + $sql = "SELECT " . "ce.`enh_id`,ce.`name`,ce.`desc`,ce.`guidance` " . "FROM `rmf`.`control_enh` ce " . "JOIN `rmf`.`enhancement_baseline eb ON eb.`control_id`=ce.`control_id` AND " . "eb.`enh_id`=ce.`enh_id` " . "WHERE ce.`control_id`='" . $this->conn->real_escape_string($rmf->get_Control_ID()) . "' AND " . "eb.`impact`='" . (is_null($baseline) ? $rmf->get_Worst_Baseline() : $baseline) . "'"; if ($res = $this->conn->query($sql)) { while ($row = $res->fetch_assoc()) { @@ -8107,29 +8179,28 @@ class db $rmf->add_Enhanced_Control($enh); } - } - else { + } else { Sagacity_Error::sql_handler($sql); error_log($this->conn->error); } } -// }}} -// {{{ SCAN CLASS FUNCTIONS + // }}} + // {{{ SCAN CLASS FUNCTIONS /** * Get ScanData for Results page * * @param integer $intSTE - * ST&E ID to grab scans for - * @param integer|string $Scan_ID [optional] - * Scan ID or file name to grab (defaulted null) + * ST&E ID to grab scans for + * @param integer|string $Scan_ID + * [optional] + * Scan ID or file name to grab (defaulted null) * - * @return array:scan|NULL - * Returns array of scans associated with the ST&E, or null if none found + * @return array:scan|NULL Returns array of scans associated with the ST&E, or null if none found */ public function get_ScanData($intSTE, $Scan_ID = null, $status_in = null, $type_in = null) { - $ret = []; + $ret = []; $where = [ [ 'field' => 's.ste_id', @@ -8137,65 +8208,66 @@ class db ] ]; - if (!is_null($Scan_ID)) { + if (! is_null($Scan_ID)) { if (is_numeric($Scan_ID)) { $where[] = [ - 'field' => 's.id', - 'value' => $Scan_ID, + 'field' => 's.id', + 'value' => $Scan_ID, 'sql_op' => 'AND' ]; - } - else { + } else { $where[] = [ - 'field' => 's.file_name', - 'value' => $Scan_ID, + 'field' => 's.file_name', + 'value' => $Scan_ID, 'sql_op' => 'AND' ]; } } - if (!is_null($status_in)) { + if (! is_null($status_in)) { $where[] = [ - 'field' => 's.status', - 'value' => $status_in, + 'field' => 's.status', + 'value' => $status_in, 'sql_op' => 'AND' ]; } - if (!is_null($type_in)) { + if (! is_null($type_in)) { $where[] = [ - 'field' => 'src.name', - 'value' => $type_in, + 'field' => 'src.name', + 'value' => $type_in, 'sql_op' => 'AND' ]; } - $this->help->select("scans s", ['s.*'], $where, [ + $this->help->select("scans s", [ + 's.*' + ], $where, [ 'table_joins' => [ "JOIN sources src ON src.id=s.src_id" ], - 'order' => 's.file_name' + 'order' => 's.file_name' ]); $scan_rows = $this->help->execute(); if (isset($scan_rows['id'])) { - $scan_rows = [0 => $scan_rows]; + $scan_rows = [ + 0 => $scan_rows + ]; } if (is_array($scan_rows) && count($scan_rows)) { foreach ($scan_rows as $row) { $src = $this->get_Sources($row['src_id']); if (is_array($src) && count($src) && isset($src[0]) && is_a($src[0], 'source')) { $src = $src[0]; - } - else { + } else { continue; } $ste = $this->get_STE($intSTE); if (is_array($ste) && count($ste) && isset($ste[0]) && is_a($ste[0], 'ste')) { $ste = $ste[0]; - } - else { + } else { continue; } @@ -8209,23 +8281,31 @@ class db $scan->set_Last_Host($row['last_host']); $scan->set_Total_Host_Count($row['host_count']); - $this->help->select("host_list hl", ['hl.tgt_id', 't.name', 'hl.finding_count', 'hl.scanner_error', 'hl.notes'], [ + $this->help->select("host_list hl", [ + 'hl.tgt_id', + 't.name', + 'hl.finding_count', + 'hl.scanner_error', + 'hl.notes' + ], [ [ 'field' => 'hl.scan_id', 'value' => $row['id'] ] - ], [ + ], [ 'table_joins' => [ "LEFT JOIN target t ON t.id=hl.tgt_id" ] ]); $hl_rows = $this->help->execute(); if (is_array($hl_rows) && count($hl_rows) && isset($hl_rows['tgt_id'])) { - $hl_rows = [0 => $hl_rows]; + $hl_rows = [ + 0 => $hl_rows + ]; } if (is_array($hl_rows) && count($hl_rows) && isset($hl_rows[0])) { foreach ($hl_rows as $row) { - $tgt = new target($row['name']); + $tgt = new target($row['name']); $tgt->set_ID($row['tgt_id']); $tgt->set_STE_ID($intSTE); $tgt->interfaces = $this->get_Interfaces($tgt->get_ID()); @@ -8256,63 +8336,64 @@ class db * Save scan data * * @param scan $new_Scan - * New scan to save to database + * New scan to save to database * - * @return integer - * Returns ID of new scan, or 0 if fail + * @return integer Returns ID of new scan, or 0 if fail */ public function save_Scan($new_Scan) { - if (!is_a($new_Scan, "scan")) { + if (! is_a($new_Scan, "scan")) { return; } - if (!is_a($new_Scan->get_Source(), 'source')) { - throw(new Exception("Wrong source type " . print_r($new_Scan->get_Source(), true))); + if (! is_a($new_Scan->get_Source(), 'source')) { + throw (new Exception("Wrong source type " . print_r($new_Scan->get_Source(), true))); } if ($new_Scan->get_ID()) { $this->help->update("scans", [ - 'src_id' => $new_Scan->get_Source()->get_ID(), - 'itr' => $new_Scan->get_Itr(), - 'file_date' => $new_Scan->get_File_DateTime(), - 'pid' => $new_Scan->get_PID(), - 'start_time' => $new_Scan->get_Start_Time(), + 'src_id' => $new_Scan->get_Source() + ->get_ID(), + 'itr' => $new_Scan->get_Itr(), + 'file_date' => $new_Scan->get_File_DateTime(), + 'pid' => $new_Scan->get_PID(), + 'start_time' => $new_Scan->get_Start_Time(), 'last_update' => $new_Scan->get_Last_Update(), - 'status' => $new_Scan->get_Status(), - 'perc_comp' => $new_Scan->get_Percentage_Complete(), - 'last_host' => $new_Scan->get_Last_Host(), - 'host_count' => $new_Scan->get_Total_Host_Count(), - 'notes' => $new_Scan->get_Notes() - ], [ + 'status' => $new_Scan->get_Status(), + 'perc_comp' => $new_Scan->get_Percentage_Complete(), + 'last_host' => $new_Scan->get_Last_Host(), + 'host_count' => $new_Scan->get_Total_Host_Count(), + 'notes' => $new_Scan->get_Notes() + ], [ [ 'field' => 'id', 'value' => $new_Scan->get_ID() ] ]); - if (!$this->help->execute()) { + if (! $this->help->execute()) { $this->help->debug(E_ERROR); } $this->update_Scan_Host_List($new_Scan, $new_Scan->get_Host_List()); - } - else { + } else { $this->help->insert("scans", [ - 'src_id' => $new_Scan->get_Source()->get_ID(), - 'ste_id' => $new_Scan->get_STE()->get_ID(), - 'itr' => $new_Scan->get_Itr(), - 'file_name' => $new_Scan->get_File_Name(), - 'file_date' => $new_Scan->get_File_DateTime(), - 'pid' => $new_Scan->get_PID(), - 'start_time' => $new_Scan->get_Start_Time(), + 'src_id' => $new_Scan->get_Source() + ->get_ID(), + 'ste_id' => $new_Scan->get_STE() + ->get_ID(), + 'itr' => $new_Scan->get_Itr(), + 'file_name' => $new_Scan->get_File_Name(), + 'file_date' => $new_Scan->get_File_DateTime(), + 'pid' => $new_Scan->get_PID(), + 'start_time' => $new_Scan->get_Start_Time(), 'last_update' => $new_Scan->get_Last_Update(), - 'status' => $new_Scan->get_Status(), - 'perc_comp' => $new_Scan->get_Percentage_Complete(), - 'last_host' => $new_Scan->get_Last_Host(), - 'host_count' => $new_Scan->get_Total_Host_Count(), - 'notes' => $new_Scan->get_Notes() + 'status' => $new_Scan->get_Status(), + 'perc_comp' => $new_Scan->get_Percentage_Complete(), + 'last_host' => $new_Scan->get_Last_Host(), + 'host_count' => $new_Scan->get_Total_Host_Count(), + 'notes' => $new_Scan->get_Notes() ]); - if (!$this->help->execute()) { + if (! $this->help->execute()) { $this->help->debug(E_ERROR); return 0; } @@ -8328,14 +8409,13 @@ class db * Delete a scan (associated finding data and optionally targets) * * @param integer $ste_id - * ST&E ID where the scan exists + * ST&E ID where the scan exists * @param integer $scan_id - * Scan to delete from database + * Scan to delete from database * @param boolean $del_tgts - * Boolean to decide if we are deleting targets as well + * Boolean to decide if we are deleting targets as well * - * @return boolean - * Returns TRUE if successful, otherwise FALSE + * @return boolean Returns TRUE if successful, otherwise FALSE */ public function delete_Scan($ste_id, $scan_id, $del_tgts = false) { @@ -8343,23 +8423,24 @@ class db if (is_array($scan) && count($scan) && isset($scan[0]) && is_a($scan[0], 'scan')) { $scan = $scan[0]; - } - elseif (!is_a($scan, 'scan')) { + } elseif (! is_a($scan, 'scan')) { Sagacity_Error::err_handler("Failed to find Scan ($scan_id)", E_ERROR); return false; } - $this->help->delete("finding_controls fc", ['fc.*'], [ + $this->help->delete("finding_controls fc", [ + 'fc.*' + ], [ [ 'field' => 'f.scan_id', - 'op' => '=', + 'op' => '=', 'value' => $scan_id ] - ], [ - "JOIN findings f ON f.id=fc.finding_id" + ], [ + "JOIN findings f ON f.tgt_id = fc.tgt_id AND f.pdi_id = fc.pdi_id" ]); - if (!$this->help->execute()) { + if (! $this->help->execute()) { $this->help->debug(E_ERROR); return false; } @@ -8367,12 +8448,12 @@ class db $this->help->delete("findings", null, [ [ 'field' => 'scan_id', - 'op' => '=', + 'op' => '=', 'value' => $scan_id ] ]); - if (!$this->help->execute()) { + if (! $this->help->execute()) { $this->help->debug(E_ERROR); return false; } @@ -8380,12 +8461,12 @@ class db $this->help->delete("host_list", null, [ [ 'field' => 'scan_id', - 'op' => '=', + 'op' => '=', 'value' => $scan_id ] ]); - if (!$this->help->execute()) { + if (! $this->help->execute()) { $this->help->debug(E_ERROR); return false; } @@ -8393,18 +8474,19 @@ class db $this->help->delete("scans", null, [ [ 'field' => 'id', - 'op' => '=', + 'op' => '=', 'value' => $scan_id ] ]); - if (!$this->help->execute()) { + if (! $this->help->execute()) { $this->help->debug(E_ERROR); return false; } if ($del_tgts) { /** + * * @var host_list $host */ foreach ($scan->get_Host_List() as $host) { @@ -8419,12 +8501,12 @@ class db * Updates the host_list field for a particular scan * * @param scan $scan - * Scan to update - * @param array $host_list [optional] - * Formatted host list to update (default null) + * Scan to update + * @param array $host_list + * [optional] + * Formatted host list to update (default null) * - * @return boolean - * Returns TRUE if successful, otherwise FALSEs + * @return boolean Returns TRUE if successful, otherwise FALSEs */ public function update_Scan_Host_List($scan, $host_list = null) { @@ -8434,7 +8516,7 @@ class db 'value' => $scan->get_ID() ] ]); - if (!$this->help->execute()) { + if (! $this->help->execute()) { $this->help->debug(E_ERROR); return false; } @@ -8450,10 +8532,9 @@ class db $host->getScanNotes() ]; } - } - else { + } else { foreach ($host_list as $host) { - if (!is_a($host, 'host_list')) { + if (! is_a($host, 'host_list')) { break; } $params[] = [ @@ -8467,8 +8548,14 @@ class db } if (count($params)) { - $this->help->extended_insert("host_list", ['scan_id', 'tgt_id', 'finding_count', 'scanner_error', 'notes'], $params); - if (!$this->help->execute()) { + $this->help->extended_insert("host_list", [ + 'scan_id', + 'tgt_id', + 'finding_count', + 'scanner_error', + 'notes' + ], $params); + if (! $this->help->execute()) { $this->help->debug(E_WARNING); } } @@ -8480,39 +8567,41 @@ class db * Get the scan source data * * @param integer|string $srcID - * Source ID or name to grab from database + * Source ID or name to grab from database * - * @return source|NULL - * Returns source, or null if none found + * @return source|NULL Returns source, or null if none found */ public function get_Sources($srcID = null) { $where = []; - $ret = null; + $ret = null; - if (!is_null($srcID)) { + if (! is_null($srcID)) { if (is_numeric($srcID)) { $where[] = [ 'field' => 'id', - 'op' => '=', + 'op' => '=', 'value' => $srcID ]; - } - else { + } else { $where[] = [ - 'field' => 'name', - 'op' => '=', - 'value' => $srcID, + 'field' => 'name', + 'op' => '=', + 'value' => $srcID, 'case_insensitive' => true ]; } } - $this->help->select("sagacity.sources", null, $where, ['order' => 'name']); + $this->help->select("sagacity.sources", null, $where, [ + 'order' => 'name' + ]); $src_rows = $this->help->execute(); if (is_array($src_rows) && isset($src_rows['id'])) { - $src_rows = [0 => $src_rows]; + $src_rows = [ + 0 => $src_rows + ]; } if (is_array($src_rows) && count($src_rows) && isset($src_rows[0])) { @@ -8539,17 +8628,21 @@ class db if (is_array($cat) && count($cat)) { $cat = $cat[0]; } - if (!is_a($cat, "ste_cat")) { + if (! is_a($cat, "ste_cat")) { return []; } $ret = []; - $this->help->select("sagacity.sources s", ['s.id', 's.name', 's.icon'], [ + $this->help->select("sagacity.sources s", [ + 's.id', + 's.name', + 's.icon' + ], [ [ 'field' => 'cat.id', - 'op' => '=', + 'op' => '=', 'value' => $cat->get_ID() ] - ], [ + ], [ 'table_joins' => [ "JOIN sagacity.ste_cat_sources src ON s.id=src.src_id", "JOIN sagacity.ste_cat cat ON cat.id=src.cat_id" @@ -8558,15 +8651,17 @@ class db $src_arr = $this->help->execute(); if (is_array($src_arr) && count($src_arr) && isset($src_arr['id'])) { - $src_arr = [0 => $src_arr]; + $src_arr = [ + 0 => $src_arr + ]; } if (is_array($src_arr) && count($src_arr) && isset($src_arr[0])) { foreach ($src_arr as $row) { - $src = new source($row['id'], $row['name']); + $src = new source($row['id'], $row['name']); $icon = null; if ($row['icon']) { - $icon = str_replace(" ", "-", substr($row['icon'], 0, -4)) . "-missing.png"; + $icon = str_replace(" ", "-", substr($row['icon'], 0, - 4)) . "-missing.png"; } $src->set_Icon($icon); $ret[$src->get_ID()]['src'] = $src; @@ -8587,49 +8682,56 @@ class db public function get_Target_Scan_Sources($tgt, &$exp_scan_srcs = null) { $ret = []; - $this->help->select("sources src", ["src.id", "src.name", "src.icon", "SUM(hl.finding_count) AS 'finding_count'", "hl.scanner_error", "hl.notes"], [ + $this->help->select("sources src", [ + "src.id", + "src.name", + "src.icon", + "SUM(hl.finding_count) AS 'finding_count'", + "hl.scanner_error", + "hl.notes" + ], [ [ 'field' => 'hl.tgt_id', 'value' => $tgt->get_ID() ] - ], [ + ], [ 'table_joins' => [ "LEFT JOIN scans s ON s.src_id=src.id", "LEFT JOIN host_list hl ON hl.scan_id=s.id" ], - 'group' => 'src.name,src.id' + 'group' => 'src.name,src.id' ]); $rows = $this->help->execute(); if (is_array($rows) && count($rows) && isset($rows['id'])) { - $rows = [0 => $rows]; + $rows = [ + 0 => $rows + ]; } if (is_array($rows) && count($rows) && isset($rows[0])) { if (is_null($exp_scan_srcs)) { foreach ($rows as $row) { - $ret[$row['id']]['src'] = new source($row['id'], $row['name']); + $ret[$row['id']]['src'] = new source($row['id'], $row['name']); $ret[$row['id']]['src']->set_Icon($row['icon']); - $ret[$row['id']]['count'] = $row['finding_count']; + $ret[$row['id']]['count'] = $row['finding_count']; $ret[$row['id']]['scan_error'] = (boolean) $row['scanner_error']; - $ret[$row['id']]['notes'] = $row['notes']; + $ret[$row['id']]['notes'] = $row['notes']; } - } - else { + } else { foreach ($rows as $row) { if (isset($exp_scan_srcs[$row['id']])) { $exp_scan_srcs[$row['id']]['src']->set_Icon($row['icon']); - $exp_scan_srcs[$row['id']]['count'] = $row['finding_count']; + $exp_scan_srcs[$row['id']]['count'] = $row['finding_count']; $exp_scan_srcs[$row['id']]['scan_error'] = (boolean) $row['scanner_error']; - $exp_scan_srcs[$row['id']]['notes'] = $row['notes']; - } - else { - $exp_scan_srcs[$row['id']]['src'] = new source($row['id'], $row['name']); + $exp_scan_srcs[$row['id']]['notes'] = $row['notes']; + } else { + $exp_scan_srcs[$row['id']]['src'] = new source($row['id'], $row['name']); $exp_scan_srcs[$row['id']]['src']->set_Icon($row['icon']); - $exp_scan_srcs[$row['id']]['count'] = $row['finding_count']; + $exp_scan_srcs[$row['id']]['count'] = $row['finding_count']; $exp_scan_srcs[$row['id']]['scan_error'] = (boolean) $row['scanner_error']; - $exp_scan_srcs[$row['id']]['notes'] = $row['notes']; + $exp_scan_srcs[$row['id']]['notes'] = $row['notes']; } } @@ -8640,25 +8742,26 @@ class db return $ret; } -// }}} -// {{{ SCRIPT FUNCTIONS + // }}} + // {{{ SCRIPT FUNCTIONS /** * Function to get a catalog script * - * @param string $file_name_in [optional] - * Look for a specific catalog/STIG file that is processing + * @param string $file_name_in + * [optional] + * Look for a specific catalog/STIG file that is processing * * @return array:catalog_script|NULL */ public function get_Catalog_Script($file_name_in = null) { - $ret = []; + $ret = []; $where = []; - if (!is_null($file_name_in)) { + if (! is_null($file_name_in)) { $where[] = [ 'field' => 'file_name', - 'op' => '=', + 'op' => '=', 'value' => $file_name_in ]; } @@ -8669,20 +8772,22 @@ class db $rows = $this->help->execute(); if (is_array($rows) && count($rows) && isset($rows['file_name'])) { - $rows = [0 => $rows]; + $rows = [ + 0 => $rows + ]; } if (is_array($rows) && count($rows)) { foreach ($rows as $row) { $script = new catalog_script(); - $script->file_name = $row['file_name']; - $script->pid = $row['pid']; - $script->start_time = new DateTime($row['start_time']); + $script->file_name = $row['file_name']; + $script->pid = $row['pid']; + $script->start_time = new DateTime($row['start_time']); $script->last_update = new DateTime($row['last_update']); - $script->status = $row['status']; - $script->perc_comp = $row['perc_comp']; - $script->stig_count = $row['stig_count']; + $script->status = $row['status']; + $script->perc_comp = $row['perc_comp']; + $script->stig_count = $row['stig_count']; $ret[] = $script; } @@ -8694,35 +8799,35 @@ class db /** * Function to get script count * - * @param string $status [optional] - * Return only the count for a script that is in a certain status (defaulted null) + * @param string $status + * [optional] + * Return only the count for a script that is in a certain status (defaulted null) * - * @return integer - * Returns the number of script that are in the database or count in a specific status + * @return integer Returns the number of script that are in the database or count in a specific status */ public function get_Catalog_Script_Count($status = null) { $where = []; - if (!is_null($status)) { + if (! is_null($status)) { $where[] = [ 'field' => 'status', - 'op' => '=', + 'op' => '=', 'value' => $status ]; if ($status == 'RUNNING') { $where[] = [ - 'field' => 'perc_comp', - 'op' => '<', - 'value' => 100, - 'sql_op' => 'AND', + 'field' => 'perc_comp', + 'op' => '<', + 'value' => 100, + 'sql_op' => 'AND', 'open-paren' => true ]; $where[] = [ - 'field' => 'perc_comp', - 'op' => IS, - 'value' => null, - 'sql_op' => 'OR', + 'field' => 'perc_comp', + 'op' => IS, + 'value' => null, + 'sql_op' => 'OR', 'close-paren' => true ]; } @@ -8741,16 +8846,17 @@ class db * Function to add new catalog parsing script * * @param string $file_name_in - * The catalog/STIG file that is processing + * The catalog/STIG file that is processing * - * @return boolean - * Returns TRUE if successful, otherwise FALSE + * @return boolean Returns TRUE if successful, otherwise FALSE */ public function add_Catalog_Script($file_name_in) { - $this->help->insert("sagacity.catalog_scripts", ['file_name' => $file_name_in], true); + $this->help->insert("sagacity.catalog_scripts", [ + 'file_name' => $file_name_in + ], true); - if (!$this->help->execute()) { + if (! $this->help->execute()) { $this->help->debug(E_ERROR); return false; } @@ -8762,21 +8868,20 @@ class db * Function to update catalog script execution * * @param string $file - * Script to update + * Script to update * @param array $field - * Array with the name and value of the column to update - * 'name' => 'pid', - * 'value' => 1234 + * Array with the name and value of the column to update + * 'name' => 'pid', + * 'value' => 1234 * - * @return boolean - * Returns TRUE if successful, otherwise FALSE + * @return boolean Returns TRUE if successful, otherwise FALSE */ public function update_Catalog_Script($file, $field) { $where = array( array( 'field' => 'file_name', - 'op' => '=', + 'op' => '=', 'value' => $file ) ); @@ -8784,26 +8889,24 @@ class db if ($field['name'] == 'perc_comp' && $field['value'] == 100 && isset($field['complete'])) { $this->help->update("sagacity.catalog_scripts", array( $field['name'] => $field['value'], - 'status' => 'COMPLETE', - 'last_update' => 'NOW()' - ), $where); - } - elseif ($field['name'] == 'pid') { + 'status' => 'COMPLETE', + 'last_update' => 'NOW()' + ), $where); + } elseif ($field['name'] == 'pid') { $this->help->update("sagacity.catalog_scripts", array( $field['name'] => $field['value'], - 'status' => 'RUNNING', - 'start_time' => 'NOW()', - 'last_update' => 'NOW()' - ), $where); - } - else { + 'status' => 'RUNNING', + 'start_time' => 'NOW()', + 'last_update' => 'NOW()' + ), $where); + } else { $this->help->update('sagacity.catalog_scripts', array( $field['name'] => $field['value'], - 'last_update' => 'NOW()' - ), $where); + 'last_update' => 'NOW()' + ), $where); } - if (!$this->help->execute()) { + if (! $this->help->execute()) { return false; } @@ -8814,23 +8917,22 @@ class db * Function to get the number of scripts that are currently running * * @param integer $ste - * ST&E to evaluate + * ST&E to evaluate * - * @return integer - * Returns the count of scripts that are running + * @return integer Returns the count of scripts that are running */ public function get_Running_Script_Count($ste) { $this->help->select_count("scans", [ [ 'field' => 'status', - 'op' => '=', + 'op' => '=', 'value' => 'RUNNING' ], [ - 'field' => 'ste_id', - 'op' => '=', - 'value' => $ste, + 'field' => 'ste_id', + 'op' => '=', + 'value' => $ste, 'sql_op' => 'AND' ] ]); @@ -8848,16 +8950,19 @@ class db */ public function get_Running_Script_Status($ste_id, $file) { - $this->help->select("sagacity.scans", ['status', 'perc_comp'], [ + $this->help->select("sagacity.scans", [ + 'status', + 'perc_comp' + ], [ [ 'field' => 'ste_id', - 'op' => '=', + 'op' => '=', 'value' => $ste_id ], [ - 'field' => 'file_name', - 'op' => '=', - 'value' => $file, + 'field' => 'file_name', + 'op' => '=', + 'value' => $file, 'sql_op' => 'AND' ] ]); @@ -8869,14 +8974,13 @@ class db * Add a new script to the database * * @param string $file - * Result file name + * Result file name * @param integer $ste_id - * The STE ID that the script is being added to + * The STE ID that the script is being added to * @param string $type - * The result type + * The result type * - * @return boolean - * Return TRUE if successful, otherwise FALSE + * @return boolean Return TRUE if successful, otherwise FALSE */ public function add_Running_Script($file, $ste_id, $type, $location) { @@ -8886,44 +8990,42 @@ class db $scan = $existing_scan[0]; $this->help->update("scans", [ - 'start_time' => 'NOW()', + 'start_time' => 'NOW()', 'last_update' => 'NOW()', - 'perc_comp' => 0.0 - ], [ + 'perc_comp' => 0.0 + ], [ [ 'field' => 'id', - 'op' => '=', + 'op' => '=', 'value' => $scan->get_ID() ] ]); - } - else { + } else { $type = str_replace("_", " ", $type); - $src = $this->get_Sources($type); + $src = $this->get_Sources($type); if (is_array($src) && count($src) && is_a($src[0], 'source')) { $src = $src[0]; - } - else { + } else { return false; } $fd = date("Y-m-d", filemtime(TMP . "/" . $file)); $this->help->insert("sagacity.scans", [ - 'ste_id' => $ste_id, - 'src_id' => $src->get_ID(), - 'file_name' => $file, - 'file_date' => $fd, - 'start_time' => 'NOW()', + 'ste_id' => $ste_id, + 'src_id' => $src->get_ID(), + 'file_name' => $file, + 'file_date' => $fd, + 'start_time' => 'NOW()', 'last_update' => 'NOW()', - 'status' => 'IN QUEUE', - 'perc_comp' => 0.0, - 'location' => $location - ], true); + 'status' => 'IN QUEUE', + 'perc_comp' => 0.0, + 'location' => $location + ], true); } - if (!$this->help->execute()) { + if (! $this->help->execute()) { $this->help->debug(E_ERROR); return false; } @@ -8935,19 +9037,18 @@ class db * Function to update a running script entry to add the process ID * * @param string $file - * The result file to update + * The result file to update * @param array $field - * Associative array (name,value) to know what field to update + * Associative array (name,value) to know what field to update * - * @return boolean - * Returns TRUE if successful, otherwise FALSE + * @return boolean Returns TRUE if successful, otherwise FALSE */ public function update_Running_Scan($file, $field) { $where = [ [ 'field' => 'file_name', - 'op' => '=', + 'op' => '=', 'value' => $file ] ]; @@ -8955,79 +9056,79 @@ class db if ($field['name'] == 'perc_comp' && $field['value'] == 100 && isset($field['complete'])) { $this->help->update("sagacity.scans", [ $field['name'] => $field['value'], - 'status' => 'COMPLETE', - 'last_update' => 'NOW()' - ], $where); - } - elseif ($field['name'] == 'pid') { + 'status' => 'COMPLETE', + 'last_update' => 'NOW()' + ], $where); + } elseif ($field['name'] == 'pid') { $this->help->update("sagacity.scans", [ $field['name'] => $field['value'], - 'status' => 'RUNNING', - 'start_time' => 'NOW()', - 'last_update' => 'NOW()', - 'host_count' => 0 - ], $where); - } - elseif ($field['name'] == 'last_host') { + 'status' => 'RUNNING', + 'start_time' => 'NOW()', + 'last_update' => 'NOW()', + 'host_count' => 0 + ], $where); + } elseif ($field['name'] == 'last_host') { $this->help->update("sagacity.scans s", [ "s.{$field['name']}" => $field['value'], - 's.last_update' => 'NOW()', - 's.hosts_comp' => "s.`hosts_comp`+1" - ], $where); - } - else { + 's.last_update' => 'NOW()', + 's.hosts_comp' => "s.`hosts_comp`+1" + ], $where); + } else { $this->help->update("sagacity.scans", [ $field['name'] => $field['value'], - 'last_update' => 'NOW()' - ], $where); + 'last_update' => 'NOW()' + ], $where); } - if (!$this->help->execute()) { + if (! $this->help->execute()) { $this->help->debug(E_WARNING); return false; } return true; } -// }}} -// {{{ SITE CLASS FUNCTIONS + // }}} + // {{{ SITE CLASS FUNCTIONS /** * Get site data * - * @param integer $siteID [optional] - * Site ID to get from database + * @param integer $siteID + * [optional] + * Site ID to get from database * - * @return array:site - * Returns array of sites, or empty array if none found + * @return array:site Returns array of sites, or empty array if none found */ public function get_Site($siteID = null) { $where = []; $sites = []; - if (!is_null($siteID)) { + if (! is_null($siteID)) { if (is_numeric($siteID)) { $where[] = [ 'field' => 'id', - 'op' => '=', + 'op' => '=', 'value' => $siteID ]; - } - else { + } else { $where = [ 'field' => 'name', - 'op' => '=', + 'op' => '=', 'value' => $siteID ]; } } - $this->help->select("sites", null, $where, ['order' => 'name']); + $this->help->select("sites", null, $where, [ + 'order' => 'name' + ]); $rows = $this->help->execute(); if (is_array($rows) && count($rows) && isset($rows['id'])) { - $rows = [0 => $rows]; + $rows = [ + 0 => $rows + ]; } if (is_array($rows) && count($rows) && isset($rows[0])) { @@ -9043,20 +9144,21 @@ class db * Get a site for an ST&E * * @param integer $intSTE - * ID of the STE to isolate + * ID of the STE to isolate * - * @return site|NULL - * Returns array of sites associated with a specific ST&E, or null if none found + * @return site|NULL Returns array of sites associated with a specific ST&E, or null if none found */ public function get_Site_By_STE_ID($intSTE) { - $this->help->select("sites s", ['s.*'], [ + $this->help->select("sites s", [ + 's.*' + ], [ [ 'field' => 'ste.id', - 'op' => '=', + 'op' => '=', 'value' => $intSTE ] - ], [ + ], [ 'table_joins' => [ "LEFT JOIN ste ON ste.site_id = s.id" ] @@ -9076,53 +9178,51 @@ class db * Update or insert a site * * @param site $site_In - * Site to save to the database + * Site to save to the database * - * @return boolean|NULL - * Returns TRUE if successful, otherwise FALSE + * @return boolean|NULL Returns TRUE if successful, otherwise FALSE */ public function save_Site(site $site_In) { if ($site_In->get_Id()) { $this->help->update("sites", [ - 'name' => $site_In->get_Name(), - 'address' => $site_In->get_Address(), - 'city' => $site_In->get_City(), - 'state' => $site_In->get_State(), - 'zip' => $site_In->get_Zip(), - 'country' => $site_In->get_Country(), - 'poc_name' => $site_In->get_POC_Name(), + 'name' => $site_In->get_Name(), + 'address' => $site_In->get_Address(), + 'city' => $site_In->get_City(), + 'state' => $site_In->get_State(), + 'zip' => $site_In->get_Zip(), + 'country' => $site_In->get_Country(), + 'poc_name' => $site_In->get_POC_Name(), 'poc_email' => $site_In->get_POC_Email(), 'poc_phone' => $site_In->get_POC_Phone() - ], [ + ], [ [ 'field' => 'id', - 'op' => '=', + 'op' => '=', 'value' => $site_In->get_Id() ] ]); - if (!$this->help->execute()) { + if (! $this->help->execute()) { $this->help->debug(E_ERROR); return false; } return $site_In->get_Id(); - } - else { + } else { $this->help->insert("sites", [ - 'name' => $site_In->get_Name(), - 'address' => $site_In->get_Address(), - 'city' => $site_In->get_City(), - 'state' => $site_In->get_State(), - 'zip' => $site_In->get_Zip(), - 'country' => $site_In->get_Country(), - 'poc_name' => $site_In->get_POC_Name(), + 'name' => $site_In->get_Name(), + 'address' => $site_In->get_Address(), + 'city' => $site_In->get_City(), + 'state' => $site_In->get_State(), + 'zip' => $site_In->get_Zip(), + 'country' => $site_In->get_Country(), + 'poc_name' => $site_In->get_POC_Name(), 'poc_email' => $site_In->get_POC_Email(), 'poc_phone' => $site_In->get_POC_Phone() - ], true); + ], true); - if (!($site_id = $this->help->execute())) { + if (! ($site_id = $this->help->execute())) { $this->help->debug(E_ERROR); return false; } @@ -9133,65 +9233,66 @@ class db return true; } -// }}} -// {{{ SOFTWARE CLASS FUNCTIONS + // }}} + // {{{ SOFTWARE CLASS FUNCTIONS /** * Get software data * * @param integer|string|software $software_In - * Specific ID, array of software objects, or associative array to use (default null) - * @param boolean $exact_match [optional] - * Perform an exact match on a CPE (default false) + * Specific ID, array of software objects, or associative array to use (default null) + * @param boolean $exact_match + * [optional] + * Perform an exact match on a CPE (default false) * - * @return array:software - * Returns array of matching software, or empty array if none found + * @return array:software Returns array of matching software, or empty array if none found */ public function get_Software($software_In, $exact_match = false) { - $ret = []; - $cpe = null; - $sw = null; + $ret = []; + $cpe = null; + $sw = null; $query = false; if (is_array($software_In)) { if (isset($software_In[0]) && is_a($software_In[0], 'software')) { $cpe = $software_In[0]->get_CPE(); - } - elseif (isset($software_In[0]) && isset($software_In[0]['man'])) { + } elseif (isset($software_In[0]) && isset($software_In[0]['man'])) { $software_In = $software_In[0]; $type = (isset($software_In['type']) && $software_In['type'] ? "o" : "a"); - $ver = (isset($software_In['ver']) && $software_In['ver'] ? $software_In['ver'] : "-"); - $cpe = strtolower( - str_replace( - array(" ", "(", ")"), array("_", "%28", "%29"), "cpe:/{$type}:{$software_In['man']}:{$software_In['name']}:{$ver}" - ) - ); + $ver = (isset($software_In['ver']) && $software_In['ver'] ? $software_In['ver'] : "-"); + $cpe = strtolower(str_replace(array( + " ", + "(", + ")" + ), array( + "_", + "%28", + "%29" + ), "cpe:/{$type}:{$software_In['man']}:{$software_In['name']}:{$ver}")); } if ($cpe) { $this->help->select("sagacity.software", null, array( array( 'field' => 'cpe', - 'op' => LIKE, + 'op' => LIKE, 'value' => "'%$cpe%'" ) )); $query = true; } - } - elseif (is_numeric($software_In)) { + } elseif (is_numeric($software_In)) { $this->help->select("sagacity.software", null, array( array( 'field' => 'id', - 'op' => '=', + 'op' => '=', 'value' => $software_In ) )); $query = true; - } - elseif (is_string($software_In)) { - $op = $exact_match ? '=' : LIKE; + } elseif (is_string($software_In)) { + $op = $exact_match ? '=' : LIKE; $field = 'cpe'; if (strpos($software_In, "cpe:2.3") !== false) { $field = 'cpe23'; @@ -9199,11 +9300,11 @@ class db $exclude_r2 = null; if (preg_match("/windows_server_20[\d]+/", $software_In)) { - if (!preg_match("/r2/", $software_In)) { + if (! preg_match("/r2/", $software_In)) { $exclude_r2 = array( - 'field' => $field, - 'op' => NOT_LIKE, - 'value' => "'%r2%'", + 'field' => $field, + 'op' => NOT_LIKE, + 'value' => "'%r2%'", 'sql_op' => 'AND' ); } @@ -9212,22 +9313,24 @@ class db $this->help->select("software", null, [ [ 'field' => $field, - 'op' => $op, + 'op' => $op, 'value' => ($op == LIKE ? "'$software_In%'" : $software_In) - ], $exclude_r2], ['order' => 'cpe'] - ); + ], + $exclude_r2 + ], [ + 'order' => 'cpe' + ]); $query = true; - } - elseif (is_a($software_In, 'software')) { - $os = ($software_In->is_OS() ? "/o" : "/a"); - $man = str_replace(" ", "_", strtolower($software_In->get_Man())); - $name = str_replace(" ", "_", strtolower($software_In->get_Name())); - $ver = str_replace(" ", "_", strtolower($software_In->get_Version())); + } elseif (is_a($software_In, 'software')) { + $os = ($software_In->is_OS() ? "/o" : "/a"); + $man = str_replace(" ", "_", strtolower($software_In->get_Man())); + $name = str_replace(" ", "_", strtolower($software_In->get_Name())); + $ver = str_replace(" ", "_", strtolower($software_In->get_Version())); $value = "'cpe:{$os}:{$man}:{$name}:{$ver}:%'"; $field = 'cpe'; - if (!is_null($software_In->get_CPE23())) { - $os = substr($os, 1); + if (! is_null($software_In->get_CPE23())) { + $os = substr($os, 1); $value = "'cpe:2.3:{$os}:{$man}:{$name}:{$ver}:%'"; $field = 'cpe23'; } @@ -9235,18 +9338,21 @@ class db $this->help->select("software", null, [ [ 'field' => $field, - 'op' => LIKE, + 'op' => LIKE, 'value' => $value ] - ], ['order' => 'cpe'] - ); + ], [ + 'order' => 'cpe' + ]); $query = true; } if ($query) { $rows = $this->help->execute(); if (isset($rows['cpe'])) { - $rows = [0 => $rows]; + $rows = [ + 0 => $rows + ]; } if (is_array($rows) && count($rows) && isset($rows[0])) { @@ -9268,10 +9374,9 @@ class db * Function to retrieve a software item by using the CPE or CPE v2.3 * * @param string $cpe_in - * CPE to search for + * CPE to search for * - * @return software|NULL - * Returns software object if found, otherwise null + * @return software|NULL Returns software object if found, otherwise null */ public function get_Software_By_CPE($cpe_in) { @@ -9283,14 +9388,16 @@ class db $this->help->select("software", null, [ [ 'field' => $field, - 'op' => '=', + 'op' => '=', 'value' => $cpe_in ] ]); $rows = $this->help->execute(); if (is_array($rows) && count($rows) && isset($rows['id'])) { - $rows = [0 => $rows]; + $rows = [ + 0 => $rows + ]; } if (is_array($rows) && count($rows) && isset($rows[0])) { @@ -9313,18 +9420,22 @@ class db */ public function get_Software_Ids(array $cpes = []) { - $ret = []; - $this->help->select("software", ['id'], [ + $ret = []; + $this->help->select("software", [ + 'id' + ], [ [ 'field' => 'cpe', - 'op' => IN, + 'op' => IN, 'value' => $cpes ] ]); $rows = $this->help->execute(); if (is_array($rows) && count($rows) && isset($rows['id'])) { - $rows = [0 => $rows]; + $rows = [ + 0 => $rows + ]; } if (is_array($rows) && count($rows) && isset($rows[0])) { @@ -9336,36 +9447,32 @@ class db return $ret; } -// @TODO - Finish + // @TODO - Finish /** * Get a list of all software items * * @param boolean $isOS - * Boolean to isolate the operating systems + * Boolean to isolate the operating systems * @param integer $os_ID - * ID of a specific software, used to select an element in the drop-down + * ID of a specific software, used to select an element in the drop-down * - * @return string - * Returns a string with the drop-down option tags + * @return string Returns a string with the drop-down option tags */ public function get_Software_List($isOS, $os_ID = null) { $ret = ''; - $sql = "SELECT `id`,`cpe`,`cpe23`,`sw_string` " . - "FROM `sagacity`.`software`"; + $sql = "SELECT `id`,`cpe`,`cpe23`,`sw_string` " . "FROM `sagacity`.`software`"; - if (!is_null($os_ID)) { + if (! is_null($os_ID)) { $sql .= " WHERE `id`=" . $os_ID; - } - elseif ($isOS) { + } elseif ($isOS) { $sql .= " WHERE `cpe23` LIKE '%:o:%'"; - } - elseif (!$isOS) { + } elseif (! $isOS) { $sql .= " WHERE `cpe23` LIKE '%:a:%'"; } -// set up query to split cpe string then group by man and name -//$sql .= " GROUP BY "; + // set up query to split cpe string then group by man and name + // $sql .= " GROUP BY "; if ($res = $this->conn->query($sql)) { while ($row = $res->fetch_assoc()) { @@ -9375,10 +9482,9 @@ class db if ($os_ID == $row['id']) { $ret .= " selected "; } - $ret .= ">" . $sw->man . " " . $sw->name . " " . $sw->ver . (!empty($sw->sp) ? "(" . $sw->sp . ")" : "") . ""; + $ret .= ">" . $sw->man . " " . $sw->name . " " . $sw->ver . (! empty($sw->sp) ? "(" . $sw->sp . ")" : "") . ""; } - } - else { + } else { Sagacity_Error::sql_handler($sql); error_log($this->conn->error); } @@ -9390,31 +9496,34 @@ class db * Get array of software that a target has installed * * @param integer $tgt_id - * Target ID to query for + * Target ID to query for * - * @return array:software|NULL - * Returns array of software that are assigned to associated target, or null if none found + * @return array:software|NULL Returns array of software that are assigned to associated target, or null if none found */ public function get_Target_Software($tgt_id) { - $this->help->select("software s", ['s.*'], [ + $this->help->select("software s", [ + 's.*' + ], [ [ 'field' => 'ts.tgt_id', - 'op' => '=', + 'op' => '=', 'value' => $tgt_id ] - ], [ + ], [ 'table_joins' => [ "LEFT JOIN sagacity.target_software ts ON ts.sft_id=s.id" ] ]); $sw_arr = $this->help->execute(); - $sft = []; + $sft = []; if (is_array($sw_arr) && count($sw_arr)) { if (isset($sw_arr['cpe'])) { - $sw_arr = [0 => $sw_arr]; + $sw_arr = [ + 0 => $sw_arr + ]; } foreach ($sw_arr as $row) { @@ -9434,43 +9543,41 @@ class db * Update existing software or add new * * @param software $sw_in - * The software to save + * The software to save * - * @return integer - * Returns the ID of the software that was just inserted or updated if successful, otherwise it returns 0 + * @return integer Returns the ID of the software that was just inserted or updated if successful, otherwise it returns 0 */ public function save_Software($sw_in) { - if (!is_null($sw_in->get_ID())) { + if (! is_null($sw_in->get_ID())) { $this->help->update("sagacity.software", array( - 'cpe' => $sw_in->get_CPE(), - 'cpe23' => $sw_in->get_CPE23(), - 'sw_string' => $sw_in->get_SW_String(), + 'cpe' => $sw_in->get_CPE(), + 'cpe23' => $sw_in->get_CPE23(), + 'sw_string' => $sw_in->get_SW_String(), 'short_sw_string' => $sw_in->get_Shortened_SW_String() - ), array( + ), array( array( 'field' => 'id', - 'op' => '=', + 'op' => '=', 'value' => $sw_in->get_ID() ) )); - if (!$this->help->execute()) { + if (! $this->help->execute()) { $this->help->debug(E_WARNING); return 0; } return $sw_in->get_ID(); - } - else { + } else { $this->help->insert("sagacity.software", array( - 'cpe' => $sw_in->get_CPE(), - 'cpe23' => $sw_in->get_CPE23(), - 'sw_string' => $sw_in->get_SW_String(), + 'cpe' => $sw_in->get_CPE(), + 'cpe23' => $sw_in->get_CPE23(), + 'sw_string' => $sw_in->get_SW_String(), 'short_sw_string' => $sw_in->get_Shortened_SW_String() - ), true); + ), true); - if (!($sw_id = $this->help->execute())) { + if (! ($sw_id = $this->help->execute())) { $this->help->debug(E_WARNING); return 0; } @@ -9490,26 +9597,25 @@ class db */ public function get_Regex_Array($type) { - $ret = []; + $ret = []; $where = []; if ($type != 'os') { $where[] = [ 'field' => 'type', - 'op' => '=', + 'op' => '=', 'value' => $type ]; $where[] = [ - 'field' => 'type', - 'op' => '=', - 'value' => 'multiple', + 'field' => 'type', + 'op' => '=', + 'value' => 'multiple', 'sql_op' => 'OR' ]; - } - else { + } else { $where[] = [ 'field' => 'type', - 'op' => LIKE, + 'op' => LIKE, 'value' => "'%os'" ]; } @@ -9518,43 +9624,47 @@ class db $rows = $this->help->execute(); if (is_array($rows) && count($rows) && isset($rows['id'])) { - $rows = [0 => $rows]; + $rows = [ + 0 => $rows + ]; } if (is_array($rows) && count($rows) && isset($rows[0])) { foreach ($rows as $row) { $tmp = [ - 'id' => $row['id'], - 'man' => $row['man'], - 'rgx' => $row['rgx'], + 'id' => $row['id'], + 'man' => $row['man'], + 'rgx' => $row['rgx'], 'name' => [] ]; $this->help->select("sagacity.sw_name_match", null, [ [ 'field' => 'man_id', - 'op' => '=', + 'op' => '=', 'value' => $row['id'] ] ]); $name_rows = $this->help->execute(); if (is_array($name_rows) && count($name_rows) && isset($name_rows['id'])) { - $name_rows = [0 => $name_rows]; + $name_rows = [ + 0 => $name_rows + ]; } if (is_array($name_rows) && count($name_rows) && isset($name_rows[0])) { foreach ($name_rows as $row2) { $tmp['name'][$row2['id']] = array( - 'name' => $row2['name'], + 'name' => $row2['name'], 'man_override' => $row2['man_override'], - 'rgx' => $row2['rgx'], - 'name_match' => $row2['name_match'], - 'ver_match' => $row2['ver_match'], - 'ver' => $row2['ver'], + 'rgx' => $row2['rgx'], + 'name_match' => $row2['name_match'], + 'ver_match' => $row2['ver_match'], + 'ver' => $row2['ver'], 'update_match' => $row2['update_match'], - 'is_os' => ($row2['is_os'] ? true : false), - 'multiple' => ($row2['multiple'] ? true : false) + 'is_os' => ($row2['is_os'] ? true : false), + 'multiple' => ($row2['multiple'] ? true : false) ); } } @@ -9566,42 +9676,44 @@ class db return $ret; } -// }}} -// {{{ STE CLASS FUNCTIONS + // }}} + // {{{ STE CLASS FUNCTIONS /** * Get ST&E data * * @param integer $steID - * ST&E ID to isolate + * ST&E ID to isolate * - * @return array:ste|NULL - * Returns array of ste objects, or null if none found + * @return array:ste|NULL Returns array of ste objects, or null if none found */ public function get_STE($steID = null) { $where = []; - $ret = null; + $ret = null; if ($steID != null) { $where[] = [ 'field' => 'id', - 'op' => '=', + 'op' => '=', 'value' => $steID ]; - } - else { + } else { $where[] = [ 'field' => 'primary', - 'op' => '=', + 'op' => '=', 'value' => 0 ]; } - $this->help->select("ste", null, $where, ['order' => 'eval_start DESC']); + $this->help->select("ste", null, $where, [ + 'order' => 'eval_start DESC' + ]); $ste_rows = $this->help->execute(); if (isset($ste_rows['id'])) { - $ste_rows = [0 => $ste_rows]; + $ste_rows = [ + 0 => $ste_rows + ]; } if (is_array($ste_rows) && count($ste_rows) && isset($ste_rows[0])) { @@ -9609,16 +9721,15 @@ class db $sys = $this->get_System($row['system_id']); if (is_array($sys) && count($sys) && isset($sys[0]) && is_a($sys[0], 'system')) { $sys = $sys[0]; - } - else { + } else { Sagacity_Error::err_handler("Unable to find system for ST&E ID {$row['id']}", E_ERROR); } $site = $this->get_Site($row['site_id']); if (is_array($site) && count($site) && isset($site[0]) && is_a($site[0], 'site')) { $site = $site[0]; - } - else { - Sagacity_Error:err_handler("Unable to find site for ST&E ID {$row['id']}", E_ERROR); + } else { + Sagacity_Error: + err_handler("Unable to find site for ST&E ID {$row['id']}", E_ERROR); } $ste = new ste($row['id'], $sys, $site, $row['eval_start'], $row['eval_end'], $row['multiple'], $row['primary']); @@ -9632,29 +9743,34 @@ class db $ste->set_Status($row['risk_status']); $ste->set_AO($row['ao']); - $this->help->select("people p", ['st.pos', 'p.*'], [ + $this->help->select("people p", [ + 'st.pos', + 'p.*' + ], [ [ 'field' => 'st.ste_id', - 'op' => '=', + 'op' => '=', 'value' => $ste->get_ID() ] - ], [ + ], [ 'table_joins' => [ "JOIN ste_team st ON st.people_id=p.id" ] ]); $people_rows = $this->help->execute(); if (is_array($people_rows) && isset($people_rows['id'])) { - $people_rows = [0 => $people_rows]; + $people_rows = [ + 0 => $people_rows + ]; } if (is_array($people_rows) && count($people_rows) && isset($people_rows[0])) { foreach ($people_rows as $row2) { - $people = new people(); - $people->id = $row2['id']; - $people->org = $row2['org']; - $people->name = $row2['name']; - $people->phone = $row2['phone']; + $people = new people(); + $people->id = $row2['id']; + $people->org = $row2['org']; + $people->name = $row2['name']; + $people->phone = $row2['phone']; $people->position = $row2['pos']; $ste->add_STE_Team_Member($people); @@ -9672,17 +9788,16 @@ class db * Get the subsystems for a particular site * * @param ste $ste_in - * ST&E to get subsystems for + * ST&E to get subsystems for * - * @return array:ste - * Returns the subsystem ST&E, or empty array if none found + * @return array:ste Returns the subsystem ST&E, or empty array if none found */ public function get_Subsystems($ste_in) { $this->help->select("sagacity.ste", null, array( array( 'field' => 'primary', - 'op' => '=', + 'op' => '=', 'value' => $ste_in->get_ID() ) )); @@ -9690,7 +9805,9 @@ class db $rows = $this->help->execute(); if (is_array($rows) && count($rows) && isset($rows['id'])) { - $rows = array(0 => $rows); + $rows = array( + 0 => $rows + ); } if (is_array($rows) && count($rows) && isset($rows[0])) { @@ -9704,21 +9821,23 @@ class db /** * This function returns ST&E list and creates options for a select box - * Will organize into optgroup tags if subsystems are found + * Will organize into optgroup tags if subsystems are found * - * @param boolean $select_first [optional] - * Force the selection of the first element in the drop-down + * @param boolean $select_first + * [optional] + * Force the selection of the first element in the drop-down * - * @return string|NULL - * Returns a string of option tag elements, or null if none found + * @return string|NULL Returns a string of option tag elements, or null if none found */ public function get_STE_List($select_first = false) { - $ret = ''; + $ret = ''; $stes = $this->get_STE(); if (is_array($stes) && count($stes) && isset($stes['id'])) { - $stes = [0 => $stes]; + $stes = [ + 0 => $stes + ]; } if (is_array($stes) && count($stes) && isset($stes[0])) { @@ -9728,11 +9847,10 @@ class db $subs = $this->get_Subsystems($ste); if (is_array($subs) && count($subs) > 0) { - $ret .= "" . - ""; - } - else { + } else { $ret .= "