checklist.inc - deleted duplicate BIND 9 checklist icon entry
finding.inc - removed ID property to prevent duplicate findings from being added to the table host_list.inc - deleted unused constructor import.inc - formatting db_schema.json - removed sagacity.findings.id field (making tgt_id and pdi_id new primary keys), and updated references Database_Baseline.zip - updated routines for above change background_results.php - fixed bug #19 export-ckl.php - performance adjustments parse_excel_echecklist.php - performance improvements, ensure duplicate findings are not created, make eChecklist true status, update for removing findings.id field parse_nvd_json_cve.php - convert reading json to array instead of object for reading CPEs (which were updated to CPE 2.3 instead of 2.2) parse_* - remove findings.id field database.inc - formatting, and update for removing findings.id field index.php - ensure user can't import a host list without uploading a host list file Fixed: #65, #51, #28, #27, #10
This commit is contained in:
parent
5d8711d494
commit
21082c7513
@ -21,6 +21,7 @@
|
|||||||
* - May 13, 2017 - Added WindowsFirewall.jpg image for checklist
|
* - May 13, 2017 - Added WindowsFirewall.jpg image for checklist
|
||||||
* - May 19, 2017 - Fixed typo for WindowsFirewall
|
* - May 19, 2017 - Fixed typo for WindowsFirewall
|
||||||
* - Aug 23, 2017 - JO, Expanded checklist icons
|
* - Aug 23, 2017 - JO, Expanded checklist icons
|
||||||
|
* - Nov 6, 2018 - Deleted duplicate BIND 9 checklist icon entry
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -545,9 +546,6 @@ class checklist
|
|||||||
case (preg_match("/Mobile Device/i", $this->name) ? true : false):
|
case (preg_match("/Mobile Device/i", $this->name) ? true : false):
|
||||||
$this->icon = 'mobile-device.jpg';
|
$this->icon = 'mobile-device.jpg';
|
||||||
break;
|
break;
|
||||||
case (preg_match("/BIND 9/i", $this->name) ? true : false):
|
|
||||||
$this->icon = 'BIND DNS.jpg';
|
|
||||||
break;
|
|
||||||
case (preg_match("/Remote Access/i", $this->name) ? true : false):
|
case (preg_match("/Remote Access/i", $this->name) ? true : false):
|
||||||
$this->icon = 'remote-access.gif';
|
$this->icon = 'remote-access.gif';
|
||||||
break;
|
break;
|
||||||
|
@ -22,6 +22,7 @@
|
|||||||
* - May 25, 2017 - Fixed bug of get_Category method returning empty severity (defaults to II if empty)
|
* - May 25, 2017 - Fixed bug of get_Category method returning empty severity (defaults to II if empty)
|
||||||
* - Jan 10, 2018 - Formatting
|
* - Jan 10, 2018 - Formatting
|
||||||
* - May 24, 2018 - Simplified get_Finding_Status_ID method
|
* - May 24, 2018 - Simplified get_Finding_Status_ID method
|
||||||
|
* - Nov 6, 2018 - Removed ID property to keep from duplicate findings
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -32,13 +33,6 @@
|
|||||||
*/
|
*/
|
||||||
class finding {
|
class finding {
|
||||||
|
|
||||||
/**
|
|
||||||
* Finding ID
|
|
||||||
*
|
|
||||||
* @var integer
|
|
||||||
*/
|
|
||||||
protected $id = null;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Target ID
|
* Target ID
|
||||||
*
|
*
|
||||||
@ -155,7 +149,6 @@ class finding {
|
|||||||
/**
|
/**
|
||||||
* Constructor
|
* Constructor
|
||||||
*
|
*
|
||||||
* @param integer $int_ID
|
|
||||||
* @param integer $int_Tgt_ID
|
* @param integer $int_Tgt_ID
|
||||||
* @param integer $int_PDI_ID
|
* @param integer $int_PDI_ID
|
||||||
* @param integer $int_Scan_ID
|
* @param integer $int_Scan_ID
|
||||||
@ -165,8 +158,7 @@ class finding {
|
|||||||
* @param string $str_Orig_Src
|
* @param string $str_Orig_Src
|
||||||
* @param integer $int_Finding_Itr
|
* @param integer $int_Finding_Itr
|
||||||
*/
|
*/
|
||||||
public function __construct($int_ID, $int_Tgt_ID, $int_PDI_ID, $int_Scan_ID, $Finding_Status, $str_Notes, $int_Change_ID, $str_Orig_Src, $int_Finding_Itr) {
|
public function __construct($int_Tgt_ID, $int_PDI_ID, $int_Scan_ID, $Finding_Status, $str_Notes, $int_Change_ID, $str_Orig_Src, $int_Finding_Itr) {
|
||||||
$this->id = $int_ID;
|
|
||||||
$this->tgt_id = $int_Tgt_ID;
|
$this->tgt_id = $int_Tgt_ID;
|
||||||
$this->pdi_id = $int_PDI_ID;
|
$this->pdi_id = $int_PDI_ID;
|
||||||
$this->scan_id = $int_Scan_ID;
|
$this->scan_id = $int_Scan_ID;
|
||||||
@ -182,15 +174,6 @@ class finding {
|
|||||||
$this->finding_itr = $int_Finding_Itr;
|
$this->finding_itr = $int_Finding_Itr;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* Getter function for Finding ID
|
|
||||||
*
|
|
||||||
* @return integer
|
|
||||||
*/
|
|
||||||
public function get_ID() {
|
|
||||||
return $this->id;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Getter function for target ID
|
* Getter function for target ID
|
||||||
*
|
*
|
||||||
|
@ -13,6 +13,7 @@
|
|||||||
* Change Log:
|
* Change Log:
|
||||||
* - Jan 16, 2018 - File created
|
* - Jan 16, 2018 - File created
|
||||||
* - Feb 6, 2018 - Added getter/setter methods
|
* - Feb 6, 2018 - Added getter/setter methods
|
||||||
|
* - Nov 6, 2018 - Deleted unused constructor
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -65,14 +66,6 @@ class host_list
|
|||||||
*/
|
*/
|
||||||
private $_scanNotes = null;
|
private $_scanNotes = null;
|
||||||
|
|
||||||
/**
|
|
||||||
* Constructor
|
|
||||||
*/
|
|
||||||
public function __construct()
|
|
||||||
{
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Getter function for _targetId
|
* Getter function for _targetId
|
||||||
*
|
*
|
||||||
|
@ -39,7 +39,8 @@ include_once 'vendor/autoload.php';
|
|||||||
*
|
*
|
||||||
* @author Ryan Prather
|
* @author Ryan Prather
|
||||||
*/
|
*/
|
||||||
class import {
|
class import
|
||||||
|
{
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* The current include_once path
|
* The current include_once path
|
||||||
@ -92,21 +93,24 @@ class import {
|
|||||||
/**
|
/**
|
||||||
* Class constructor
|
* Class constructor
|
||||||
*/
|
*/
|
||||||
public function __construct() {
|
public function __construct()
|
||||||
|
{
|
||||||
set_time_limit(0);
|
set_time_limit(0);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Class destructor to reset the include_once path and time limits
|
* Class destructor to reset the include_once path and time limits
|
||||||
*/
|
*/
|
||||||
public function __destruct() {
|
public function __destruct()
|
||||||
|
{
|
||||||
set_time_limit(30);
|
set_time_limit(30);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Function to scan the tmp directory for result files and call the appropriate parsers
|
* Function to scan the tmp directory for result files and call the appropriate parsers
|
||||||
*/
|
*/
|
||||||
public function scan_Result_Files($redirect = true) {
|
public function scan_Result_Files($redirect = true)
|
||||||
|
{
|
||||||
chdir(DOC_ROOT . "/exec");
|
chdir(DOC_ROOT . "/exec");
|
||||||
|
|
||||||
$ignore = filter_input(INPUT_POST, 'ignore', FILTER_VALIDATE_BOOLEAN) ? "true" : "false";
|
$ignore = filter_input(INPUT_POST, 'ignore', FILTER_VALIDATE_BOOLEAN) ? "true" : "false";
|
||||||
@ -130,9 +134,7 @@ EOF;
|
|||||||
throw new Exception("Error creating the parse_config.ini");
|
throw new Exception("Error creating the parse_config.ini");
|
||||||
}
|
}
|
||||||
|
|
||||||
$script = realpath(defined('PHP_BIN') ? PHP_BIN : PHP) .
|
$script = realpath(defined('PHP_BIN') ? PHP_BIN : PHP) . " -c " . realpath(PHP_CONF) . " -f " . realpath(DOC_ROOT . "/exec/background_results.php");
|
||||||
" -c " . realpath(PHP_CONF) .
|
|
||||||
" -f " . realpath(DOC_ROOT . "/exec/background_results.php");
|
|
||||||
|
|
||||||
if (LOG_LEVEL == E_DEBUG) {
|
if (LOG_LEVEL == E_DEBUG) {
|
||||||
Sagacity_Error::err_handler("Script to execute: $script", E_DEBUG);
|
Sagacity_Error::err_handler("Script to execute: $script", E_DEBUG);
|
||||||
@ -149,18 +151,17 @@ EOF;
|
|||||||
/**
|
/**
|
||||||
* Function to scan '/xampp/www/tmp' directory for catalog files
|
* Function to scan '/xampp/www/tmp' directory for catalog files
|
||||||
*/
|
*/
|
||||||
public function scan_Catalog_Files() {
|
public function scan_Catalog_Files()
|
||||||
|
{
|
||||||
chdir(DOC_ROOT . "/tmp");
|
chdir(DOC_ROOT . "/tmp");
|
||||||
$files = glob("*");
|
$files = glob("*");
|
||||||
|
|
||||||
foreach ($files as $file) {
|
foreach ($files as $file) {
|
||||||
if (substr($file, - 3) == 'zip') {
|
if (substr($file, - 3) == 'zip') {
|
||||||
// $this->import_STIG_ZIP("../tmp/$file");
|
// $this->import_STIG_ZIP("../tmp/$file");
|
||||||
}
|
} elseif (preg_match('/pdi\-|\_catalog/i', $file)) {
|
||||||
elseif (preg_match('/pdi\-|\_catalog/i', $file)) {
|
|
||||||
// $this->import_PDI_CSV("../tmp/$file");
|
// $this->import_PDI_CSV("../tmp/$file");
|
||||||
}
|
} elseif (preg_match('/\-xccdf\.xml$/i', $file)) {
|
||||||
elseif (preg_match('/\-xccdf\.xml$/i', $file)) {
|
|
||||||
// $this->import_STIG("../tmp/$file");
|
// $this->import_STIG("../tmp/$file");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -169,7 +170,8 @@ EOF;
|
|||||||
/**
|
/**
|
||||||
* Function to scan host data files and import findings
|
* Function to scan host data files and import findings
|
||||||
*/
|
*/
|
||||||
public function import_Host_Data_Collection() {
|
public function import_Host_Data_Collection()
|
||||||
|
{
|
||||||
$db = new db();
|
$db = new db();
|
||||||
|
|
||||||
$doc_root = realpath(DOC_ROOT);
|
$doc_root = realpath(DOC_ROOT);
|
||||||
@ -187,30 +189,26 @@ EOF;
|
|||||||
|
|
||||||
file_put_contents(DOC_ROOT . "/exec/parse_config.ini", $conf);
|
file_put_contents(DOC_ROOT . "/exec/parse_config.ini", $conf);
|
||||||
|
|
||||||
$script = realpath(defined('PHP_BIN') ? PHP_BIN : PHP) .
|
$script = realpath(defined('PHP_BIN') ? PHP_BIN : PHP) . " -c " . realpath(PHP_CONF) . " -f " . realpath(DOC_ROOT . "/exec/parse_host_data_collection.php");
|
||||||
" -c " . realpath(PHP_CONF) .
|
|
||||||
" -f " . realpath(DOC_ROOT . "/exec/parse_host_data_collection.php");
|
|
||||||
|
|
||||||
if (substr(strtolower(PHP_OS), 0, 3) == 'win') {
|
if (substr(strtolower(PHP_OS), 0, 3) == 'win') {
|
||||||
$shell = new COM("WScript.Shell");
|
$shell = new COM("WScript.Shell");
|
||||||
$shell->CurrentDirectory = DOC_ROOT;
|
$shell->CurrentDirectory = DOC_ROOT;
|
||||||
$shell->run($script, 0, false);
|
$shell->run($script, 0, false);
|
||||||
}
|
} elseif (substr(strtolower(PHP_OS), 0, 3) == 'lin') {
|
||||||
elseif (substr(strtolower(PHP_OS), 0, 3) == 'lin') {
|
|
||||||
exec("$script > /dev/null &");
|
exec("$script > /dev/null &");
|
||||||
}
|
} else {
|
||||||
else {
|
|
||||||
Sagacity_Error::err_handler("Unknown OS: " . PHP_OS);
|
Sagacity_Error::err_handler("Unknown OS: " . PHP_OS);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
header("Location: /ste/");
|
header("Location: /ste/");
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* function to import PDI CSV file to database
|
* function to import PDI CSV file to database
|
||||||
*/
|
*/
|
||||||
public function import_PDI_CSV() {
|
public function import_PDI_CSV()
|
||||||
|
{
|
||||||
$db = new db();
|
$db = new db();
|
||||||
|
|
||||||
$handle = fopen(DOC_ROOT . "/tmp/All-PDI-Catalog.csv", "r");
|
$handle = fopen(DOC_ROOT . "/tmp/All-PDI-Catalog.csv", "r");
|
||||||
@ -272,9 +270,7 @@ EOF;
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Vul_ID
|
// Vul_ID
|
||||||
if ($catalog['vul_id']) {
|
if ($catalog['vul_id']) {}
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
if ($catalog['sv_rule_id']) {
|
if ($catalog['sv_rule_id']) {
|
||||||
$sv_rule = array();
|
$sv_rule = array();
|
||||||
@ -294,8 +290,7 @@ EOF;
|
|||||||
print "error updating nessus id: " . $catalog['nessus_id'] . "<br />";
|
print "error updating nessus id: " . $catalog['nessus_id'] . "<br />";
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
} else {
|
||||||
else {
|
|
||||||
$pdi = new pdi(0, $catalog['cat_lvl'], "NOW");
|
$pdi = new pdi(0, $catalog['cat_lvl'], "NOW");
|
||||||
$pdi->set_Short_Title($catalog['short_title']);
|
$pdi->set_Short_Title($catalog['short_title']);
|
||||||
$pdi->set_Group_Title($catalog['short_title']);
|
$pdi->set_Group_Title($catalog['short_title']);
|
||||||
@ -340,9 +335,7 @@ EOF;
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Vul_ID
|
// Vul_ID
|
||||||
if ($catalog['vul_id']) {
|
if ($catalog['vul_id']) {}
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
// sv_rule
|
// sv_rule
|
||||||
if ($catalog['sv_rule_id']) {
|
if ($catalog['sv_rule_id']) {
|
||||||
@ -373,29 +366,25 @@ EOF;
|
|||||||
* runs script net-SRR.pl
|
* runs script net-SRR.pl
|
||||||
* exports a csv format file
|
* exports a csv format file
|
||||||
*/
|
*/
|
||||||
public function net_SRR() {
|
public function net_SRR()
|
||||||
|
{}
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* function for unix SRR conversion to csv
|
* function for unix SRR conversion to csv
|
||||||
* runs script unix-xml-to-echecklist.pl
|
* runs script unix-xml-to-echecklist.pl
|
||||||
* runs script unix-srr-to-csv.pl
|
* runs script unix-srr-to-csv.pl
|
||||||
*/
|
*/
|
||||||
public function unix_srr_to_csv() {
|
public function unix_srr_to_csv()
|
||||||
|
{}
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Function to import DISA STIG content to database
|
* Function to import DISA STIG content to database
|
||||||
*
|
*
|
||||||
* @param array $request
|
* @param array $request
|
||||||
*/
|
*/
|
||||||
public function import_STIG_XML($request = array()) {
|
public function import_STIG_XML($request = array())
|
||||||
$script = realpath(defined('PHP_BIN') ? PHP_BIN : PHP) . " " .
|
{
|
||||||
realpath(DOC_ROOT . "/exec/background_stigs.php") . " " .
|
$script = realpath(defined('PHP_BIN') ? PHP_BIN : PHP) . " " . realpath(DOC_ROOT . "/exec/background_stigs.php") . " " . (isset($request['delete']) ? ' --delete' : '') . (isset($request['override']) ? " --ia" : "");
|
||||||
(isset($request['delete']) ? ' --delete' : '') .
|
|
||||||
(isset($request['override']) ? " --ia" : "");
|
|
||||||
|
|
||||||
$shell = new COM("WScript.Shell");
|
$shell = new COM("WScript.Shell");
|
||||||
$shell->CurrentDirectory = DOC_ROOT . "/exec";
|
$shell->CurrentDirectory = DOC_ROOT . "/exec";
|
||||||
@ -407,7 +396,8 @@ EOF;
|
|||||||
/**
|
/**
|
||||||
* Function to convert a retina CSV to an eChecklist and store on database
|
* Function to convert a retina CSV to an eChecklist and store on database
|
||||||
*/
|
*/
|
||||||
public function retina_csv_echecklist() {
|
public function retina_csv_echecklist()
|
||||||
|
{
|
||||||
$files = glob('*.csv');
|
$files = glob('*.csv');
|
||||||
$db = new db();
|
$db = new db();
|
||||||
|
|
||||||
@ -426,7 +416,8 @@ EOF;
|
|||||||
* function to import golddisk info into scans table
|
* function to import golddisk info into scans table
|
||||||
* runs script golddisk-xml-to-echecklist.pl
|
* runs script golddisk-xml-to-echecklist.pl
|
||||||
*/
|
*/
|
||||||
public function golddisk_xml_echecklist() {
|
public function golddisk_xml_echecklist()
|
||||||
|
{
|
||||||
$files = glob('*.xml');
|
$files = glob('*.xml');
|
||||||
$db = new db();
|
$db = new db();
|
||||||
|
|
||||||
@ -442,9 +433,9 @@ EOF;
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
*
|
|
||||||
*/
|
*/
|
||||||
public function import_IAVM_CVE() {
|
public function import_IAVM_CVE()
|
||||||
|
{
|
||||||
$filename = '../tmp/iavm-to-cve(u).xml';
|
$filename = '../tmp/iavm-to-cve(u).xml';
|
||||||
$xml = simplexml_load_file($filename);
|
$xml = simplexml_load_file($filename);
|
||||||
$db = new db();
|
$db = new db();
|
||||||
@ -484,8 +475,7 @@ EOF;
|
|||||||
|
|
||||||
$golddisk = new golddisk($pdi_id, $vms_id, $title);
|
$golddisk = new golddisk($pdi_id, $vms_id, $title);
|
||||||
$db->save_GoldDisk($golddisk);
|
$db->save_GoldDisk($golddisk);
|
||||||
}
|
} else {
|
||||||
else {
|
|
||||||
$pdi_id = $pdi->get_PDI_ID();
|
$pdi_id = $pdi->get_PDI_ID();
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -522,8 +512,7 @@ EOF;
|
|||||||
if (count($match)) {
|
if (count($match)) {
|
||||||
$id = $match[1];
|
$id = $match[1];
|
||||||
}
|
}
|
||||||
}
|
} elseif (strpos($ref, 'Adobe') !== false) {
|
||||||
elseif (strpos($ref, 'Adobe') !== false) {
|
|
||||||
$x ++;
|
$x ++;
|
||||||
$type = 'Adobe';
|
$type = 'Adobe';
|
||||||
$ret = preg_match('/(APSA\d{2}\-\d{2}|APSB\d{2}\-\d{2})/', $ref, $match);
|
$ret = preg_match('/(APSA\d{2}\-\d{2}|APSB\d{2}\-\d{2})/', $ref, $match);
|
||||||
@ -531,8 +520,7 @@ EOF;
|
|||||||
if (count($match)) {
|
if (count($match)) {
|
||||||
$id = $match[1];
|
$id = $match[1];
|
||||||
}
|
}
|
||||||
}
|
} elseif (strpos($ref, 'Apache') !== false) {
|
||||||
elseif (strpos($ref, 'Apache') !== false) {
|
|
||||||
$x ++;
|
$x ++;
|
||||||
$type = 'Apache';
|
$type = 'Apache';
|
||||||
$ret = preg_match('/(CVE\-\d{4}\-\d{4}|S\d\-\d{3})/', $ref, $match);
|
$ret = preg_match('/(CVE\-\d{4}\-\d{4}|S\d\-\d{3})/', $ref, $match);
|
||||||
@ -540,39 +528,34 @@ EOF;
|
|||||||
if (count($match)) {
|
if (count($match)) {
|
||||||
$id = $match[1];
|
$id = $match[1];
|
||||||
}
|
}
|
||||||
}
|
} elseif (strpos($ref, 'CERT') !== false) {
|
||||||
elseif (strpos($ref, 'CERT') !== false) {
|
|
||||||
$x ++;
|
$x ++;
|
||||||
$type = 'US-CERT';
|
$type = 'US-CERT';
|
||||||
$match = array();
|
$match = array();
|
||||||
|
|
||||||
if (strpos($url, 'techalerts') !== false) {
|
if (strpos($url, 'techalerts') !== false) {
|
||||||
$ret = preg_match('/(TA\d{2}\-\d{3}\s).html/', $url, $match);
|
$ret = preg_match('/(TA\d{2}\-\d{3}\s).html/', $url, $match);
|
||||||
}
|
} elseif (strpos($url, 'vuls') !== false) {
|
||||||
elseif (strpos($url, 'vuls') !== false) {
|
|
||||||
$ret = preg_match('/([^\/]+)$/', $url, $match);
|
$ret = preg_match('/([^\/]+)$/', $url, $match);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (count($match)) {
|
if (count($match)) {
|
||||||
$id = $match[1];
|
$id = $match[1];
|
||||||
}
|
}
|
||||||
}
|
} elseif (strpos($ref, 'Cisco') !== false) {
|
||||||
elseif (strpos($ref, 'Cisco') !== false) {
|
|
||||||
$x ++;
|
$x ++;
|
||||||
$type = 'Cisco';
|
$type = 'Cisco';
|
||||||
$ret = preg_match('/([^\/]+)(\.s?html)$/', $url, $match);
|
$ret = preg_match('/([^\/]+)(\.s?html)$/', $url, $match);
|
||||||
|
|
||||||
if (count($match) > 0) {
|
if (count($match) > 0) {
|
||||||
$id = $match[1];
|
$id = $match[1];
|
||||||
}
|
} else {
|
||||||
else {
|
|
||||||
$ret = preg_match('/([^\/]+)$/', $url, $match);
|
$ret = preg_match('/([^\/]+)$/', $url, $match);
|
||||||
if (count($match)) {
|
if (count($match)) {
|
||||||
$id = $match[1];
|
$id = $match[1];
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
} elseif (strpos($ref, 'Citrix') !== false) {
|
||||||
elseif (strpos($ref, 'Citrix') !== false) {
|
|
||||||
$x ++;
|
$x ++;
|
||||||
$type = 'Citrix';
|
$type = 'Citrix';
|
||||||
$ret = preg_match('/([^\/]+)$/', $url, $match);
|
$ret = preg_match('/([^\/]+)$/', $url, $match);
|
||||||
@ -580,8 +563,7 @@ EOF;
|
|||||||
if (count($match)) {
|
if (count($match)) {
|
||||||
$id = $match[1];
|
$id = $match[1];
|
||||||
}
|
}
|
||||||
}
|
} elseif (strpos($ref, 'Debian') !== false) {
|
||||||
elseif (strpos($ref, 'Debian') !== false) {
|
|
||||||
$x ++;
|
$x ++;
|
||||||
$type = 'Debian';
|
$type = 'Debian';
|
||||||
$ret = preg_match('/([^\/]+)$/', $url, $match);
|
$ret = preg_match('/([^\/]+)$/', $url, $match);
|
||||||
@ -589,38 +571,33 @@ EOF;
|
|||||||
if (count($match)) {
|
if (count($match)) {
|
||||||
$id = $match[1];
|
$id = $match[1];
|
||||||
}
|
}
|
||||||
}
|
} elseif (strpos($ref, 'HP') !== false) {
|
||||||
elseif (strpos($ref, 'HP') !== false) {
|
|
||||||
$x ++;
|
$x ++;
|
||||||
$type = 'HP';
|
$type = 'HP';
|
||||||
$ret = preg_match('/(HPSB\S+\ SSRT\S+)[\ ?\)?]/', $ref, $match);
|
$ret = preg_match('/(HPSB\S+\ SSRT\S+)[\ ?\)?]/', $ref, $match);
|
||||||
|
|
||||||
if (count($match)) {
|
if (count($match)) {
|
||||||
$id = $match[1];
|
$id = $match[1];
|
||||||
}
|
} else {
|
||||||
else {
|
|
||||||
$ret = preg_match('/(HPSB\S+)[\ ?\)?]/', $ref, $match);
|
$ret = preg_match('/(HPSB\S+)[\ ?\)?]/', $ref, $match);
|
||||||
if (count($match)) {
|
if (count($match)) {
|
||||||
$id = $match[1];
|
$id = $match[1];
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
} elseif (strpos($ref, 'IBM') !== false) {
|
||||||
elseif (strpos($ref, 'IBM') !== false) {
|
|
||||||
$x ++;
|
$x ++;
|
||||||
$type = 'IBM';
|
$type = 'IBM';
|
||||||
$ret = preg_match('/(\d{5,8})/', $ref, $match);
|
$ret = preg_match('/(\d{5,8})/', $ref, $match);
|
||||||
|
|
||||||
if (count($match)) {
|
if (count($match)) {
|
||||||
$id = $match[1];
|
$id = $match[1];
|
||||||
}
|
} else {
|
||||||
else {
|
|
||||||
$ret = preg_match('/([^\=|\/]+)$/', $url, $match);
|
$ret = preg_match('/([^\=|\/]+)$/', $url, $match);
|
||||||
if (count($match)) {
|
if (count($match)) {
|
||||||
$id = $match[1];
|
$id = $match[1];
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
} elseif (strpos($ref, 'Juniper') !== false) {
|
||||||
elseif (strpos($ref, 'Juniper') !== false) {
|
|
||||||
$x ++;
|
$x ++;
|
||||||
$type = 'Juniper';
|
$type = 'Juniper';
|
||||||
$ret = preg_match('/(PSN\-\d{4}\-\d{2}\-\d{3}|JSA\d{5})/', $url, $match);
|
$ret = preg_match('/(PSN\-\d{4}\-\d{2}\-\d{3}|JSA\d{5})/', $url, $match);
|
||||||
@ -628,8 +605,7 @@ EOF;
|
|||||||
if (count($match)) {
|
if (count($match)) {
|
||||||
$id = $match[1];
|
$id = $match[1];
|
||||||
}
|
}
|
||||||
}
|
} elseif (strpos($ref, 'Oracle') !== false) {
|
||||||
elseif (strpos($ref, 'Oracle') !== false) {
|
|
||||||
$x ++;
|
$x ++;
|
||||||
$type = 'Oracle';
|
$type = 'Oracle';
|
||||||
$url = basename($url);
|
$url = basename($url);
|
||||||
@ -638,8 +614,7 @@ EOF;
|
|||||||
if (count($match)) {
|
if (count($match)) {
|
||||||
$id = $match[1];
|
$id = $match[1];
|
||||||
}
|
}
|
||||||
}
|
} elseif (strpos($ref, 'McAfee') !== false) {
|
||||||
elseif (strpos($ref, 'McAfee') !== false) {
|
|
||||||
$x ++;
|
$x ++;
|
||||||
$type = 'McAfee';
|
$type = 'McAfee';
|
||||||
$query = parse_query($url);
|
$query = parse_query($url);
|
||||||
@ -647,8 +622,7 @@ EOF;
|
|||||||
if (count($match)) {
|
if (count($match)) {
|
||||||
$id = isset($query['id']) ? $query['id'] : '';
|
$id = isset($query['id']) ? $query['id'] : '';
|
||||||
}
|
}
|
||||||
}
|
} elseif (strpos($ref, 'Red Hat') !== false) {
|
||||||
elseif (strpos($ref, 'Red Hat') !== false) {
|
|
||||||
$x ++;
|
$x ++;
|
||||||
$type = 'Red Hat';
|
$type = 'Red Hat';
|
||||||
$ret = preg_match('/([^\/]+)\.html/', $url, $match);
|
$ret = preg_match('/([^\/]+)\.html/', $url, $match);
|
||||||
@ -656,8 +630,7 @@ EOF;
|
|||||||
if (count($match)) {
|
if (count($match)) {
|
||||||
$id = $match[1];
|
$id = $match[1];
|
||||||
}
|
}
|
||||||
}
|
} elseif (strpos($ref, 'Secunia') !== false) {
|
||||||
elseif (strpos($ref, 'Secunia') !== false) {
|
|
||||||
$x ++;
|
$x ++;
|
||||||
$type = 'Secunia';
|
$type = 'Secunia';
|
||||||
$ret = preg_match('/([^\/]+)\/([^\/]+)\/?$/', $url, $match);
|
$ret = preg_match('/([^\/]+)\/([^\/]+)\/?$/', $url, $match);
|
||||||
@ -665,16 +638,13 @@ EOF;
|
|||||||
if (count($match)) {
|
if (count($match)) {
|
||||||
if ($match[2] == 'advisory') {
|
if ($match[2] == 'advisory') {
|
||||||
$id = $match[1];
|
$id = $match[1];
|
||||||
}
|
} elseif (is_numeric($match[1]) && count($match[2]) == 1) {
|
||||||
elseif (is_numeric($match[1]) && count($match[2]) == 1) {
|
|
||||||
$id = $match[1];
|
$id = $match[1];
|
||||||
}
|
} else {
|
||||||
else {
|
|
||||||
$id = $match[2];
|
$id = $match[2];
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
} elseif (strpos($url, 'securitytracker') !== false) {
|
||||||
elseif (strpos($url, 'securitytracker') !== false) {
|
|
||||||
$x ++;
|
$x ++;
|
||||||
$type = 'Security Tracker';
|
$type = 'Security Tracker';
|
||||||
$ret = preg_match('/([^\/]+)\.html$/', $url, $match);
|
$ret = preg_match('/([^\/]+)\.html$/', $url, $match);
|
||||||
@ -682,8 +652,7 @@ EOF;
|
|||||||
if (count($match)) {
|
if (count($match)) {
|
||||||
$id = $match[1];
|
$id = $match[1];
|
||||||
}
|
}
|
||||||
}
|
} elseif (strpos($ref, 'SecurityFocus') !== false) {
|
||||||
elseif (strpos($ref, 'SecurityFocus') !== false) {
|
|
||||||
$x ++;
|
$x ++;
|
||||||
$type = 'SecurityFocus';
|
$type = 'SecurityFocus';
|
||||||
$ret = preg_match('/([^\/]+)\/?$/', $url, $match);
|
$ret = preg_match('/([^\/]+)\/?$/', $url, $match);
|
||||||
@ -691,14 +660,12 @@ EOF;
|
|||||||
if (count($match)) {
|
if (count($match)) {
|
||||||
if ($match[1] != 'info') {
|
if ($match[1] != 'info') {
|
||||||
$id = $match[1];
|
$id = $match[1];
|
||||||
}
|
} else {
|
||||||
else {
|
|
||||||
$ret = preg_match('/([^\/]+)\/info/', $url, $match);
|
$ret = preg_match('/([^\/]+)\/info/', $url, $match);
|
||||||
$id = $match[1];
|
$id = $match[1];
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
} elseif (strpos($ref, 'Sun') !== false) {
|
||||||
elseif (strpos($ref, 'Sun') !== false) {
|
|
||||||
$x ++;
|
$x ++;
|
||||||
$type = 'Sun';
|
$type = 'Sun';
|
||||||
$query = parse_query($url);
|
$query = parse_query($url);
|
||||||
@ -709,8 +676,7 @@ EOF;
|
|||||||
$ret = preg_match('/([^\/]+)$/', parse_url($url, PHP_URL_PATH), $match);
|
$ret = preg_match('/([^\/]+)$/', parse_url($url, PHP_URL_PATH), $match);
|
||||||
$id = $match[1];
|
$id = $match[1];
|
||||||
}
|
}
|
||||||
}
|
} elseif (strpos($ref, 'Symantec') !== false) {
|
||||||
elseif (strpos($ref, 'Symantec') !== false) {
|
|
||||||
$x ++;
|
$x ++;
|
||||||
$type = 'Symantec';
|
$type = 'Symantec';
|
||||||
$ret = preg_match('/(\d{5}|SYM\d{2}\-\d{3})/', $ref, $match);
|
$ret = preg_match('/(\d{5}|SYM\d{2}\-\d{3})/', $ref, $match);
|
||||||
@ -718,8 +684,7 @@ EOF;
|
|||||||
if (count($match)) {
|
if (count($match)) {
|
||||||
$id = $match[1];
|
$id = $match[1];
|
||||||
}
|
}
|
||||||
}
|
} elseif (strpos($url, 'ZDI') !== false) {
|
||||||
elseif (strpos($url, 'ZDI') !== false) {
|
|
||||||
$x ++;
|
$x ++;
|
||||||
$type = 'ZDI';
|
$type = 'ZDI';
|
||||||
$ret = preg_match('/([^\/]+)(\.html|\/)$/', $url, $match);
|
$ret = preg_match('/([^\/]+)(\.html|\/)$/', $url, $match);
|
||||||
@ -727,8 +692,7 @@ EOF;
|
|||||||
if (count($match)) {
|
if (count($match)) {
|
||||||
$id = $match[1];
|
$id = $match[1];
|
||||||
}
|
}
|
||||||
}
|
} elseif (strpos($ref, 'Wireshark') !== false) {
|
||||||
elseif (strpos($ref, 'Wireshark') !== false) {
|
|
||||||
$x ++;
|
$x ++;
|
||||||
$type = 'Wireshark';
|
$type = 'Wireshark';
|
||||||
$ret = preg_match('/([^\/]+)\.html$/', $url, $match);
|
$ret = preg_match('/([^\/]+)\.html$/', $url, $match);
|
||||||
@ -744,7 +708,8 @@ EOF;
|
|||||||
* @param string $in
|
* @param string $in
|
||||||
* @return multitype:Ambigous <>
|
* @return multitype:Ambigous <>
|
||||||
*/
|
*/
|
||||||
public function parse_query($in) {
|
public function parse_query($in)
|
||||||
|
{
|
||||||
/**
|
/**
|
||||||
* Use this function to parse out the query array element from
|
* Use this function to parse out the query array element from
|
||||||
* the output of parse_url().
|
* the output of parse_url().
|
||||||
@ -764,7 +729,8 @@ EOF;
|
|||||||
/**
|
/**
|
||||||
* Function for fixing a DISA OVAL file
|
* Function for fixing a DISA OVAL file
|
||||||
*/
|
*/
|
||||||
public function fix_Oval() {
|
public function fix_Oval()
|
||||||
|
{
|
||||||
chdir("../tmp");
|
chdir("../tmp");
|
||||||
$files = glob("*-oval.xml");
|
$files = glob("*-oval.xml");
|
||||||
$ret = '';
|
$ret = '';
|
||||||
@ -779,11 +745,9 @@ EOF;
|
|||||||
$xml->preserveWhiteSpace = true;
|
$xml->preserveWhiteSpace = true;
|
||||||
$const_arr = null;
|
$const_arr = null;
|
||||||
|
|
||||||
$variables = $xml->getElementsByTagName("variables")
|
$variables = $xml->getElementsByTagName("variables")->item(0);
|
||||||
->item(0);
|
|
||||||
$first_node = $variables->firstChild;
|
$first_node = $variables->firstChild;
|
||||||
while ($node = $xml->getElementsByTagName("external_variable")
|
while ($node = $xml->getElementsByTagName("external_variable")->item(0)) {
|
||||||
->item(0)) {
|
|
||||||
$id = $node->getAttribute("id");
|
$id = $node->getAttribute("id");
|
||||||
$id = explode(':', $id)[3];
|
$id = explode(':', $id)[3];
|
||||||
|
|
||||||
@ -833,10 +797,9 @@ EOF;
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
private function getElementById($doc, $id) {
|
private function getElementById($doc, $id)
|
||||||
|
{
|
||||||
$xpath = new DOMXPath($doc);
|
$xpath = new DOMXPath($doc);
|
||||||
return $xpath->query("//*[@id='$id']")
|
return $xpath->query("//*[@id='$id']")->item(0);
|
||||||
->item(0);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
1340
db_schema.json
1340
db_schema.json
File diff suppressed because it is too large
Load Diff
@ -237,7 +237,7 @@ do {
|
|||||||
}
|
}
|
||||||
while ($dbh->get_Running_Script_Count($conf['ste']));
|
while ($dbh->get_Running_Script_Count($conf['ste']));
|
||||||
|
|
||||||
if (!$debug) {
|
if (!$debug && file_exists(DOC_ROOT . "/exec/parse_config.ini")) {
|
||||||
unlink(DOC_ROOT . "/exec/parse_config.ini");
|
unlink(DOC_ROOT . "/exec/parse_config.ini");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -190,10 +190,11 @@ if ($tgt_count = count($tgts)) {
|
|||||||
$total_stigs += $pdi_count = (is_array($pdis) ? count($pdis) : 0);
|
$total_stigs += $pdi_count = (is_array($pdis) ? count($pdis) : 0);
|
||||||
$count = 0;
|
$count = 0;
|
||||||
|
|
||||||
|
$findings = $db->get_Finding($tgt);
|
||||||
|
|
||||||
foreach ($pdis as $pdi) {
|
foreach ($pdis as $pdi) {
|
||||||
$find = $db->get_Finding($tgt, new stig($pdi['pdi_id'], $pdi['STIG_ID'], null));
|
if (isset($findings[$pdi['pdi_id']])) {
|
||||||
if (is_array($find) && count($find) && isset($find[0]) && is_a($find[0], 'finding')) {
|
$find = $findings[$pdi['pdi_id']];
|
||||||
$find = $find[0];
|
|
||||||
}
|
}
|
||||||
|
|
||||||
$sev = 'low';
|
$sev = 'low';
|
||||||
|
@ -25,6 +25,7 @@
|
|||||||
* - Aug 28, 2017 - Fixed couple minor bugs
|
* - Aug 28, 2017 - Fixed couple minor bugs
|
||||||
* - Jan 15, 2018 - Formatting, reorganized use statements, and cleaned up
|
* - Jan 15, 2018 - Formatting, reorganized use statements, and cleaned up
|
||||||
* - May 24, 2018 - Attempt to fix bug #413
|
* - May 24, 2018 - Attempt to fix bug #413
|
||||||
|
* - Nov 6, 2018 - performance improvements, ensure duplicate findings are not created, make eChecklist true status, update for removing findings.id
|
||||||
*/
|
*/
|
||||||
$cmd = getopt("f:", ['debug::', 'help::']);
|
$cmd = getopt("f:", ['debug::', 'help::']);
|
||||||
set_time_limit(0);
|
set_time_limit(0);
|
||||||
@ -155,6 +156,7 @@ $scan->isTerminated();
|
|||||||
$short_title_col = Coordinate::stringFromColumnIndex($idx['short_title']);
|
$short_title_col = Coordinate::stringFromColumnIndex($idx['short_title']);
|
||||||
$row_count = $highestRow = $wksht->getHighestDataRow() - 10;
|
$row_count = $highestRow = $wksht->getHighestDataRow() - 10;
|
||||||
$highestCol = $wksht->getHighestDataColumn(10);
|
$highestCol = $wksht->getHighestDataColumn(10);
|
||||||
|
$tgt_findings = [];
|
||||||
|
|
||||||
for ($col = 'F' ; $col != $highestCol ; $col++) {
|
for ($col = 'F' ; $col != $highestCol ; $col++) {
|
||||||
$cell = $wksht->getCell($col . '10');
|
$cell = $wksht->getCell($col . '10');
|
||||||
@ -219,7 +221,9 @@ $scan->isTerminated();
|
|||||||
$scan->add_Target_to_Host_List($hl);
|
$scan->add_Target_to_Host_List($hl);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (preg_match('/Overall/i', $cell->getValue())) {
|
$tgt_findings[$tgt->get_ID()] = $db->get_Finding($tgt);
|
||||||
|
|
||||||
|
if (preg_match('/overall/i', $cell->getValue())) {
|
||||||
$log->debug("Found overall: {$cell->getColumn()}");
|
$log->debug("Found overall: {$cell->getColumn()}");
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
@ -294,34 +298,24 @@ $scan->isTerminated();
|
|||||||
$status = $wksht->getCell(Coordinate::stringFromColumnIndex($idx['target'] + $x) . $row->getRowIndex())
|
$status = $wksht->getCell(Coordinate::stringFromColumnIndex($idx['target'] + $x) . $row->getRowIndex())
|
||||||
->getValue();
|
->getValue();
|
||||||
|
|
||||||
$log->debug("{$tgt->get_Name()} {$stig->get_ID()} ($status)");
|
$findings = $tgt_findings[$tgt->get_ID()];
|
||||||
|
if (is_array($findings) && count($findings) && isset($findings[$stig->get_PDI_ID()]) && is_a($findings[$stig->get_PDI_ID()], 'finding')) {
|
||||||
$finding = $db->get_Finding($tgt, $stig);
|
|
||||||
|
|
||||||
if (is_array($finding) && count($finding) && isset($finding[0]) && is_a($finding[0], 'finding')) {
|
|
||||||
/** @var finding $tmp */
|
/** @var finding $tmp */
|
||||||
$tmp = $finding[0];
|
$tmp = $findings[$stig->get_PDI_ID()];
|
||||||
|
|
||||||
if(preg_match("/Not a Finding|Not Applicable/i", $status)) {
|
|
||||||
$ds = $tmp->get_Deconflicted_Status($status);
|
|
||||||
$tmp->set_Finding_Status_By_String($ds);
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
$tmp->set_Finding_Status_By_String($status);
|
$tmp->set_Finding_Status_By_String($status);
|
||||||
}
|
|
||||||
|
|
||||||
$tmp->set_Notes($notes);
|
$tmp->set_Notes($notes);
|
||||||
$tmp->set_Category($cat_lvl);
|
$tmp->set_Category($cat_lvl);
|
||||||
|
|
||||||
$updated_findings[] = $tmp;
|
$updated_findings[] = $tmp;
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
$tmp = new finding(null, $tgt->get_ID(), $stig->get_PDI_ID(), $scan->get_ID(), $status, $notes, null, null, null);
|
$tmp = new finding($tgt->get_ID(), $stig->get_PDI_ID(), $scan->get_ID(), $status, $notes, null, null, null);
|
||||||
$tmp->set_Category($cat_lvl);
|
$tmp->set_Category($cat_lvl);
|
||||||
|
|
||||||
$new_findings[] = $tmp;
|
$new_findings[] = $tmp;
|
||||||
}
|
}
|
||||||
|
$log->debug("{$tgt->get_Name()} {$stig->get_ID()} ({$tmp->get_Finding_Status_String()})");
|
||||||
$x++;
|
$x++;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -347,10 +341,8 @@ $scan->isTerminated();
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/** @var host_list $h */
|
||||||
* @var host_list $h
|
foreach($scan->get_Host_List() as $h) {
|
||||||
*/
|
|
||||||
foreach($host_list as $h) {
|
|
||||||
$db->update_Target_Counts($h->getTargetId());
|
$db->update_Target_Counts($h->getTargetId());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -112,10 +112,8 @@ foreach ($files as $file) {
|
|||||||
|
|
||||||
$scan_id = 0;
|
$scan_id = 0;
|
||||||
|
|
||||||
foreach ($findings as $key => $find) {
|
/** @var finding $find */
|
||||||
if (false) {
|
foreach ($findings as $find) {
|
||||||
$find = new finding();
|
|
||||||
}
|
|
||||||
$ret = array();
|
$ret = array();
|
||||||
if ($find->get_Scan_ID()) {
|
if ($find->get_Scan_ID()) {
|
||||||
$scan_id = $find->get_Scan_ID();
|
$scan_id = $find->get_Scan_ID();
|
||||||
|
@ -181,10 +181,8 @@ class mssql_parser extends scan_xml_parser {
|
|||||||
// check for finding
|
// check for finding
|
||||||
$finding = $this->db->get_Finding($this->tgt, $this->stig);
|
$finding = $this->db->get_Finding($this->tgt, $this->stig);
|
||||||
if (is_array($finding) && count($finding)) {
|
if (is_array($finding) && count($finding)) {
|
||||||
|
/** @var finding $finding */
|
||||||
$finding = $finding[0];
|
$finding = $finding[0];
|
||||||
if (false) {
|
|
||||||
$finding = new finding();
|
|
||||||
}
|
|
||||||
|
|
||||||
$finding->prepend_Notes("(MSSQL) " . $this->notes);
|
$finding->prepend_Notes("(MSSQL) " . $this->notes);
|
||||||
if ($finding->get_Finding_Status_String() != "Not Reviewed" && $finding->get_Finding_Status_String() != $this->status) {
|
if ($finding->get_Finding_Status_String() != "Not Reviewed" && $finding->get_Finding_Status_String() != $this->status) {
|
||||||
@ -199,7 +197,7 @@ class mssql_parser extends scan_xml_parser {
|
|||||||
$this->updated_findings[$finding->get_PDI_ID()] = $finding;
|
$this->updated_findings[$finding->get_PDI_ID()] = $finding;
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
$finding = new finding(null, $this->tgt->get_ID(), $this->stig->get_PDI_ID(), $this->scan->get - ID(), $this->status, $this->notes, finding::NC, "MSSQL", 1);
|
$finding = new finding($this->tgt->get_ID(), $this->stig->get_PDI_ID(), $this->scan->get - ID(), $this->status, $this->notes, finding::NC, "MSSQL", 1);
|
||||||
|
|
||||||
$this->new_findings[$this->stig->get_PDI_ID()] = $finding;
|
$this->new_findings[$this->stig->get_PDI_ID()] = $finding;
|
||||||
}
|
}
|
||||||
|
@ -1142,7 +1142,7 @@ class nessus_parser extends scan_xml_parser
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
$tmp = new finding(null, $this->tgt->get_ID(), $this->plugin->result->stig->get_PDI_ID(), $this->scan->get_ID(), $this->plugin->result->status, "[{$this->tgt->get_Name()}]: {$note}", finding::NC, "Nessus", 1);
|
$tmp = new finding($this->tgt->get_ID(), $this->plugin->result->stig->get_PDI_ID(), $this->scan->get_ID(), $this->plugin->result->status, "[{$this->tgt->get_Name()}]: {$note}", finding::NC, "Nessus", 1);
|
||||||
if (!is_null($pdi)) {
|
if (!is_null($pdi)) {
|
||||||
$tmp->set_Category($pdi->get_Category_Level());
|
$tmp->set_Category($pdi->get_Category_Level());
|
||||||
}
|
}
|
||||||
@ -1178,7 +1178,7 @@ class nessus_parser extends scan_xml_parser
|
|||||||
$stig = new stig($pdi_id, $this->plugin->result->stig, $this->plugin->desc);
|
$stig = new stig($pdi_id, $this->plugin->result->stig, $this->plugin->desc);
|
||||||
$this->db->add_Stig($stig);
|
$this->db->add_Stig($stig);
|
||||||
|
|
||||||
$tmp = new finding(null, $this->tgt->get_ID(), $pdi->get_ID(), $this->scan->get_ID(), $this->plugin->result->status, "[" . $this->tgt->get_Name() . "]: " . $note, finding::NC, "Nessus", 1);
|
$tmp = new finding($this->tgt->get_ID(), $pdi->get_ID(), $this->scan->get_ID(), $this->plugin->result->status, "[" . $this->tgt->get_Name() . "]: " . $note, finding::NC, "Nessus", 1);
|
||||||
$tmp->set_Category($this->plugin->result->cat);
|
$tmp->set_Category($this->plugin->result->cat);
|
||||||
|
|
||||||
if (isset($this->new_findings[$tmp->get_PDI_ID()])) {
|
if (isset($this->new_findings[$tmp->get_PDI_ID()])) {
|
||||||
@ -1215,10 +1215,8 @@ class nessus_parser extends scan_xml_parser
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (is_a($finding, 'finding')) {
|
if (is_a($finding, 'finding')) {
|
||||||
|
/** @var finding $finding */
|
||||||
$this->log->script_log("Updating finding");
|
$this->log->script_log("Updating finding");
|
||||||
if (false) {
|
|
||||||
$finding = new finding();
|
|
||||||
}
|
|
||||||
if ($this->debug) {
|
if ($this->debug) {
|
||||||
$this->log->script_log("Finding exists: " . print_r($finding, true), E_DEBUG);
|
$this->log->script_log("Finding exists: " . print_r($finding, true), E_DEBUG);
|
||||||
}
|
}
|
||||||
@ -1265,7 +1263,7 @@ class nessus_parser extends scan_xml_parser
|
|||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
$this->log->script_log("Adding new finding");
|
$this->log->script_log("Adding new finding");
|
||||||
$tmp = new finding(null, $this->tgt->get_ID(), $this->plugin->db_plugin->get_PDI_ID(), $this->scan->get_ID(), $this->plugin->result->status, $note, finding::NC, "Nessus", 1);
|
$tmp = new finding($this->tgt->get_ID(), $this->plugin->db_plugin->get_PDI_ID(), $this->scan->get_ID(), $this->plugin->result->status, $note, finding::NC, "Nessus", 1);
|
||||||
$tmp->set_Category($this->plugin->result->cat);
|
$tmp->set_Category($this->plugin->result->cat);
|
||||||
|
|
||||||
$this->new_findings[$tmp->get_PDI_ID()] = $tmp;
|
$this->new_findings[$tmp->get_PDI_ID()] = $tmp;
|
||||||
|
@ -49,7 +49,7 @@ $log = new Logger("nvd_cve");
|
|||||||
$log->pushHandler(new StreamHandler(LOG_PATH . "/nvd_cve.log", $log_level));
|
$log->pushHandler(new StreamHandler(LOG_PATH . "/nvd_cve.log", $log_level));
|
||||||
|
|
||||||
$db = new db();
|
$db = new db();
|
||||||
$json = json_decode(file_get_contents($cmd['f']));
|
$json = json_decode(file_get_contents($cmd['f']), true);
|
||||||
$existing_cves = [];
|
$existing_cves = [];
|
||||||
|
|
||||||
$db->help->select("cve_db", ['cve_id']);
|
$db->help->select("cve_db", ['cve_id']);
|
||||||
@ -60,19 +60,21 @@ if (is_array($cves) && count($cves)) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
print "Currently " . count($existing_cves) . " in DB" . PHP_EOL . "Parsing: " . count($json->CVE_Items) . " items" . PHP_EOL;
|
print "Currently " . count($existing_cves) . " in DB" . PHP_EOL . "Parsing: " . count($json['CVE_Items']) . " items" . PHP_EOL;
|
||||||
|
|
||||||
$db_cpes = [];
|
$db_cpes = [];
|
||||||
|
$db_cpes23 = [];
|
||||||
$new_cves = [];
|
$new_cves = [];
|
||||||
$new_cve_refs = [];
|
$new_cve_refs = [];
|
||||||
$sw_rows = [];
|
$sw_rows = [];
|
||||||
$new = 0;
|
$new = 0;
|
||||||
$existing = 0;
|
$existing = 0;
|
||||||
|
|
||||||
$db->help->select("software", ['id', 'cpe']);
|
$db->help->select("software", ['id', 'cpe', 'cpe23']);
|
||||||
$rows = $db->help->execute();
|
$rows = $db->help->execute();
|
||||||
foreach ($rows as $row) {
|
foreach ($rows as $row) {
|
||||||
$db_cpes["{$row['cpe']}"] = $row['id'];
|
$db_cpes["{$row['cpe']}"] = $row['id'];
|
||||||
|
$db_cpes23["{$row['cpe23']}"] = $row['id'];
|
||||||
}
|
}
|
||||||
|
|
||||||
$cve_fields = [
|
$cve_fields = [
|
||||||
@ -82,24 +84,22 @@ $ref_fields = [
|
|||||||
'cve_seq', 'source', 'url', 'val'
|
'cve_seq', 'source', 'url', 'val'
|
||||||
];
|
];
|
||||||
|
|
||||||
foreach ($json->CVE_Items as $cve) {
|
foreach ($json['CVE_Items'] as $cve) {
|
||||||
if (!isset($existing_cves["{$cve->cve->CVE_data_meta->ID}"])) {
|
if (!isset($existing_cves["{$cve['cve']['CVE_data_meta']['ID']}"])) {
|
||||||
$log->debug("Adding {$cve->cve->CVE_data_meta->ID}");
|
$log->debug("Adding {$cve['cve']['CVE_data_meta']['ID']}");
|
||||||
$new++;
|
$new++;
|
||||||
|
|
||||||
$desc = [];
|
$desc = [];
|
||||||
$status = null;
|
$status = null;
|
||||||
$phase = null;
|
$phase = null;
|
||||||
$cpes = [];
|
$cpes = [];
|
||||||
$name = $cve->cve->CVE_data_meta->ID;
|
$name = $cve['cve']['CVE_data_meta']['ID'];
|
||||||
$type = $cve->cve->data_type;
|
$seq = $cve['cve']['CVE_data_meta']['ID'];
|
||||||
$seq = $cve->cve->CVE_data_meta->ID;
|
$pd = new DateTime($cve['publishedDate']);
|
||||||
$pd = new DateTime($cve->publishedDate);
|
|
||||||
$lmd = new DateTime($cve->lastModifiedDate);
|
|
||||||
|
|
||||||
if (is_array($cve->cve->description->description_data) && count($cve->cve->description->description_data)) {
|
if (is_array($cve['cve']['description']['description_data']) && count($cve['cve']['description']['description_data'])) {
|
||||||
foreach ($cve->cve->description->description_data as $d) {
|
foreach ($cve['cve']['description']['description_data'] as $d) {
|
||||||
$desc[] = $d->value;
|
$desc[] = $d['value'];
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -107,24 +107,21 @@ foreach ($json->CVE_Items as $cve) {
|
|||||||
$name, $seq, $status, $phase, $pd, implode(PHP_EOL, $desc)
|
$name, $seq, $status, $phase, $pd, implode(PHP_EOL, $desc)
|
||||||
];
|
];
|
||||||
|
|
||||||
if (is_array($cve->cve->references->reference_data) && count($cve->cve->references->reference_data)) {
|
if (is_array($cve['cve']['references']['reference_data']) && count($cve['cve']['references']['reference_data'])) {
|
||||||
foreach ($cve->cve->references->reference_data as $ref) {
|
foreach ($cve['cve']['references']['reference_data'] as $ref) {
|
||||||
$log->debug("Adding reference {$ref->url}");
|
$log->debug("Adding reference {$ref['url']}");
|
||||||
$new_cve_refs[] = [
|
$new_cve_refs[] = [
|
||||||
$name, null, $ref->url, null
|
$name, null, $ref['url'], null
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (is_array($cve->configurations->nodes) && count($cve->configurations->nodes)) {
|
if(is_array($cve['configurations']['nodes']) && count($cve['configurations']['nodes'])) {
|
||||||
foreach ($cve->configurations->nodes as $n) {
|
foreach($cve['configurations']['nodes'] as $n) {
|
||||||
if (isset($n->cpe) && is_array($n->cpe) && count($n->cpe)) {
|
if(isset($n['cpe_match']) && is_array($n['cpe_match']) && count($n['cpe_match'])) {
|
||||||
foreach ($n->cpe as $cpe) {
|
foreach($n['cpe_match'] as $c) {
|
||||||
if (isset($cpe->cpe22Uri)) {
|
if($c['vulnerable'] && $c['cpe23Uri']) {
|
||||||
$cpes[] = $cpe->cpe22Uri;
|
$cpes[] = $c['cpe23Uri'];
|
||||||
}
|
|
||||||
elseif (isset($cpe->cpeMatchString)) {
|
|
||||||
$cpes[] = $cpe->cpeMatchString;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -135,6 +132,8 @@ foreach ($json->CVE_Items as $cve) {
|
|||||||
foreach ($cpes as $cpe) {
|
foreach ($cpes as $cpe) {
|
||||||
if (isset($db_cpes["{$cpe}"])) {
|
if (isset($db_cpes["{$cpe}"])) {
|
||||||
$sw_rows[] = [$name, $db_cpes["{$cpe}"]];
|
$sw_rows[] = [$name, $db_cpes["{$cpe}"]];
|
||||||
|
} elseif (isset($db_cpes23["{$cpe}"])) {
|
||||||
|
$sw_rows[] = [$name, $db_cpes23["{$cpe}"]];
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -185,7 +184,7 @@ if (count($sw_rows)) {
|
|||||||
$db->help->execute();
|
$db->help->execute();
|
||||||
}
|
}
|
||||||
|
|
||||||
unlink($cmd['f']);
|
//unlink($cmd['f']);
|
||||||
|
|
||||||
print PHP_EOL;
|
print PHP_EOL;
|
||||||
|
|
||||||
|
@ -104,8 +104,6 @@ class scc_parser extends scan_xml_parser
|
|||||||
|
|
||||||
var $found_rule = false;
|
var $found_rule = false;
|
||||||
|
|
||||||
var $log = null;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Constructor
|
* Constructor
|
||||||
*
|
*
|
||||||
@ -665,9 +663,7 @@ class scc_parser extends scan_xml_parser
|
|||||||
*/
|
*/
|
||||||
|
|
||||||
if (is_array($existing_findings) && count($existing_findings) && isset($existing_findings[$pdi_id])) {
|
if (is_array($existing_findings) && count($existing_findings) && isset($existing_findings[$pdi_id])) {
|
||||||
/**
|
/** @var finding $finding */
|
||||||
* @var finding $finding
|
|
||||||
*/
|
|
||||||
$finding = $existing_findings[$pdi_id];
|
$finding = $existing_findings[$pdi_id];
|
||||||
|
|
||||||
$finding->set_Finding_Status_By_String($finding->get_Deconflicted_Status($group['status']));
|
$finding->set_Finding_Status_By_String($finding->get_Deconflicted_Status($group['status']));
|
||||||
@ -679,7 +675,7 @@ class scc_parser extends scan_xml_parser
|
|||||||
|
|
||||||
$update_findings[$pdi_id] = $finding;
|
$update_findings[$pdi_id] = $finding;
|
||||||
} else {
|
} else {
|
||||||
$new_findings[$pdi_id] = new finding(null, $this->tgt->get_ID(), $pdi_id, $this->scan->get_ID(), $group['status'], $note, finding::NC, null, 1);
|
$new_findings[$pdi_id] = new finding($this->tgt->get_ID(), $pdi_id, $this->scan->get_ID(), $group['status'], $note, finding::NC, null, 1);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -689,11 +685,11 @@ class scc_parser extends scan_xml_parser
|
|||||||
$hl->setTargetId($this->tgt->get_ID());
|
$hl->setTargetId($this->tgt->get_ID());
|
||||||
$hl->setTargetName($this->tgt->get_Name());
|
$hl->setTargetName($this->tgt->get_Name());
|
||||||
$hl->setFindingCount(count($new_findings) + count($update_findings));
|
$hl->setFindingCount(count($new_findings) + count($update_findings));
|
||||||
$hl->setScanError(false);
|
|
||||||
|
|
||||||
$this->db->update_Target_Counts($this->tgt->get_ID());
|
$this->db->update_Target_Counts($this->tgt->get_ID());
|
||||||
|
|
||||||
$this->scan->add_Target_to_Host_List($hl);
|
$this->scan->add_Target_to_Host_List($hl);
|
||||||
|
$this->db->update_Scan_Host_List($this->scan);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
3837
inc/database.inc
3837
inc/database.inc
File diff suppressed because it is too large
Load Diff
@ -178,7 +178,7 @@ class scan_xml_parser
|
|||||||
/**
|
/**
|
||||||
* The previous stack element
|
* The previous stack element
|
||||||
*
|
*
|
||||||
* @var unknown
|
* @var string
|
||||||
*/
|
*/
|
||||||
var $previous = null;
|
var $previous = null;
|
||||||
|
|
||||||
@ -192,9 +192,9 @@ class scan_xml_parser
|
|||||||
/**
|
/**
|
||||||
* Construct
|
* Construct
|
||||||
*
|
*
|
||||||
* @param unknown $obj_in
|
* @param mixed $obj_in
|
||||||
* @param unknown $ste_id_in
|
* @param int $ste_id_in
|
||||||
* @param unknown $scan_fname
|
* @param string $scan_fname
|
||||||
*/
|
*/
|
||||||
function __construct($obj_in, $ste_id_in, $scan_fname)
|
function __construct($obj_in, $ste_id_in, $scan_fname)
|
||||||
{
|
{
|
||||||
|
@ -43,9 +43,12 @@ use PhpOffice\PhpSpreadsheet\Writer\Ods;
|
|||||||
use PhpOffice\PhpSpreadsheet\Writer\Csv;
|
use PhpOffice\PhpSpreadsheet\Writer\Csv;
|
||||||
use PhpOffice\PhpSpreadsheet\Writer\Html;
|
use PhpOffice\PhpSpreadsheet\Writer\Html;
|
||||||
use PhpOffice\PhpSpreadsheet\Cell\Coordinate;
|
use PhpOffice\PhpSpreadsheet\Cell\Coordinate;
|
||||||
|
use PhpOffice\PhpSpreadsheet\Worksheet;
|
||||||
use Monolog\Logger;
|
use Monolog\Logger;
|
||||||
use Monolog\Handler\StreamHandler;
|
use Monolog\Handler\StreamHandler;
|
||||||
|
|
||||||
|
global $conditions, $validation, $borders;
|
||||||
|
|
||||||
set_time_limit(0);
|
set_time_limit(0);
|
||||||
$db = new db();
|
$db = new db();
|
||||||
$emass_ccis = null;
|
$emass_ccis = null;
|
||||||
@ -137,7 +140,6 @@ $host_status = array(
|
|||||||
foreach ($findings as $worksheet_name => $data) {
|
foreach ($findings as $worksheet_name => $data) {
|
||||||
$log->debug("Looping through worksheet $worksheet_name");
|
$log->debug("Looping through worksheet $worksheet_name");
|
||||||
$chk_arr = [];
|
$chk_arr = [];
|
||||||
$named_range = '';
|
|
||||||
|
|
||||||
// Build the "Checklist" cell string with titles of all checklists on this worksheet
|
// Build the "Checklist" cell string with titles of all checklists on this worksheet
|
||||||
foreach ($data['checklists'] as $key => $chk_id) {
|
foreach ($data['checklists'] as $key => $chk_id) {
|
||||||
@ -354,7 +356,7 @@ $log->debug("Writing complete");
|
|||||||
/**
|
/**
|
||||||
* Update the header on the worksheet
|
* Update the header on the worksheet
|
||||||
*
|
*
|
||||||
* @param \PhpOffice\PhpSpreadsheet\Worksheet $sheet
|
* @param Worksheet $sheet
|
||||||
* @param array:integer $tgts
|
* @param array:integer $tgts
|
||||||
* @param db $db
|
* @param db $db
|
||||||
*/
|
*/
|
||||||
|
@ -604,7 +604,7 @@ include_once 'header.inc';
|
|||||||
</form>
|
</form>
|
||||||
|
|
||||||
<form method='post' action='#' style='margin-left: 20px;'
|
<form method='post' action='#' style='margin-left: 20px;'
|
||||||
onsubmit="$('#submit').attr('disabled', true);return true;" id='host-list-form'>
|
onsubmit="if(!$('#host-list-file').val()){return false;}$('#submit').attr('disabled', true);return true;" id='host-list-form'>
|
||||||
<div style='font-weight:400;color:red;'>Must keep 'host-list' as part of the filename</div>
|
<div style='font-weight:400;color:red;'>Must keep 'host-list' as part of the filename</div>
|
||||||
<input type='hidden' name='file' id='host-list-file' style='display:none;' />
|
<input type='hidden' name='file' id='host-list-file' style='display:none;' />
|
||||||
<input type='hidden' name='action' value='import_host_list' />
|
<input type='hidden' name='action' value='import_host_list' />
|
||||||
|
Loading…
Reference in New Issue
Block a user