ryan/sagacity
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

checklist.inc - deleted duplicate BIND 9 checklist icon entry

Browse Source 
finding.inc - removed ID property to prevent duplicate findings from being added to the table
host_list.inc - deleted unused constructor
import.inc - formatting
db_schema.json - removed sagacity.findings.id field (making tgt_id and pdi_id new primary keys), and updated references
Database_Baseline.zip - updated routines for above change
background_results.php - fixed bug #19
export-ckl.php - performance adjustments
parse_excel_echecklist.php - performance improvements, ensure duplicate findings are not created, make eChecklist true status, update for removing findings.id field
parse_nvd_json_cve.php - convert reading json to array instead of object for reading CPEs (which were updated to CPE 2.3 instead of 2.2)
parse_* - remove findings.id field
database.inc - formatting, and update for removing findings.id field
index.php - ensure user can't import a host list without uploading a host list file

Fixed:
#65, #51, #28, #27, #10
This commit is contained in:
Ryan Prather 2018-11-06 15:36:48 -05:00
parent 5d8711d494
commit 21082c7513
17 changed files with 10873 additions and 10973 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
classes/checklist.inc
View File

@ -21,6 +21,7 @@
* - May 13, 2017 - Added WindowsFirewall.jpg image for checklist
* - May 19, 2017 - Fixed typo for WindowsFirewall
* - Aug 23, 2017 - JO, Expanded checklist icons
* - Nov 6, 2018 - Deleted duplicate BIND 9 checklist icon entry
*/
/**
@ -545,9 +546,6 @@ class checklist
case (preg_match("/Mobile Device/i", $this->name) ? true : false):
$this->icon = 'mobile-device.jpg';
break;
case (preg_match("/BIND 9/i", $this->name) ? true : false):
$this->icon = 'BIND DNS.jpg';
break;
case (preg_match("/Remote Access/i", $this->name) ? true : false):
$this->icon = 'remote-access.gif';
break;

21
classes/finding.inc
View File

@ -22,6 +22,7 @@
* - May 25, 2017 - Fixed bug of get_Category method returning empty severity (defaults to II if empty)
* - Jan 10, 2018 - Formatting
* - May 24, 2018 - Simplified get_Finding_Status_ID method
* - Nov 6, 2018 - Removed ID property to keep from duplicate findings
*/
/**
@ -32,13 +33,6 @@
*/
class finding {
/**
* Finding ID
*
* @var integer
*/
protected $id = null;
/**
* Target ID
*
@ -155,7 +149,6 @@ class finding {
/**
* Constructor
*
* @param integer $int_ID
* @param integer $int_Tgt_ID
* @param integer $int_PDI_ID
* @param integer $int_Scan_ID
@ -165,8 +158,7 @@ class finding {
* @param string $str_Orig_Src
* @param integer $int_Finding_Itr
*/
public function __construct($int_ID, $int_Tgt_ID, $int_PDI_ID, $int_Scan_ID, $Finding_Status, $str_Notes, $int_Change_ID, $str_Orig_Src, $int_Finding_Itr) {
$this->id = $int_ID;
public function __construct($int_Tgt_ID, $int_PDI_ID, $int_Scan_ID, $Finding_Status, $str_Notes, $int_Change_ID, $str_Orig_Src, $int_Finding_Itr) {
$this->tgt_id = $int_Tgt_ID;
$this->pdi_id = $int_PDI_ID;
$this->scan_id = $int_Scan_ID;
@ -182,15 +174,6 @@ class finding {
$this->finding_itr = $int_Finding_Itr;
}
/**
* Getter function for Finding ID
*
* @return integer
*/
public function get_ID() {
return $this->id;
}
/**
* Getter function for target ID
*

9
classes/host_list.inc
View File

@ -13,6 +13,7 @@
* Change Log:
* - Jan 16, 2018 - File created
* - Feb 6, 2018 - Added getter/setter methods
* - Nov 6, 2018 - Deleted unused constructor
*/
/**
@ -65,14 +66,6 @@ class host_list
*/
private $_scanNotes = null;
/**
* Constructor
*/
public function __construct()
{
}
/**
* Getter function for _targetId
*

253
classes/import.inc
View File

@ -39,7 +39,8 @@ include_once 'vendor/autoload.php';
*
* @author Ryan Prather
*/
class import {
class import
{
/**
* The current include_once path
@ -92,27 +93,30 @@ class import {
/**
* Class constructor
*/
public function __construct() {
public function __construct()
{
set_time_limit(0);
}
/**
* Class destructor to reset the include_once path and time limits
*/
public function __destruct() {
public function __destruct()
{
set_time_limit(30);
}
/**
* Function to scan the tmp directory for result files and call the appropriate parsers
*/
public function scan_Result_Files($redirect = true) {
public function scan_Result_Files($redirect = true)
{
chdir(DOC_ROOT . "/exec");
$ignore = filter_input(INPUT_POST, 'ignore', FILTER_VALIDATE_BOOLEAN) ? "true" : "false";
$doc_root = realpath(DOC_ROOT);
$ste = filter_input(INPUT_COOKIE, 'ste', FILTER_VALIDATE_INT);
if (!$ste) {
if (! $ste) {
$ste = filter_input(INPUT_POST, 'ste', FILTER_VALIDATE_INT);
}
$location = filter_input(INPUT_POST, 'location', FILTER_SANITIZE_STRING);
@ -126,13 +130,11 @@ ignore = $ignore
EOF;
if(!file_put_contents(DOC_ROOT . "/exec/parse_config.ini", $conf)) {
if (! file_put_contents(DOC_ROOT . "/exec/parse_config.ini", $conf)) {
throw new Exception("Error creating the parse_config.ini");
}
$script = realpath(defined('PHP_BIN') ? PHP_BIN : PHP) .
" -c " . realpath(PHP_CONF) .
" -f " . realpath(DOC_ROOT . "/exec/background_results.php");
$script = realpath(defined('PHP_BIN') ? PHP_BIN : PHP) . " -c " . realpath(PHP_CONF) . " -f " . realpath(DOC_ROOT . "/exec/background_results.php");
if (LOG_LEVEL == E_DEBUG) {
Sagacity_Error::err_handler("Script to execute: $script", E_DEBUG);
@ -149,18 +151,17 @@ EOF;
/**
* Function to scan '/xampp/www/tmp' directory for catalog files
*/
public function scan_Catalog_Files() {
public function scan_Catalog_Files()
{
chdir(DOC_ROOT . "/tmp");
$files = glob("*");
foreach ($files as $file) {
if (substr($file, -3) == 'zip') {
if (substr($file, - 3) == 'zip') {
// $this->import_STIG_ZIP("../tmp/$file");
}
elseif (preg_match('/pdi\-|\_catalog/i', $file)) {
} elseif (preg_match('/pdi\-|\_catalog/i', $file)) {
// $this->import_PDI_CSV("../tmp/$file");
}
elseif (preg_match('/\-xccdf\.xml$/i', $file)) {
} elseif (preg_match('/\-xccdf\.xml$/i', $file)) {
// $this->import_STIG("../tmp/$file");
}
}
@ -169,7 +170,8 @@ EOF;
/**
* Function to scan host data files and import findings
*/
public function import_Host_Data_Collection() {
public function import_Host_Data_Collection()
{
$db = new db();
$doc_root = realpath(DOC_ROOT);
@ -187,30 +189,26 @@ EOF;
file_put_contents(DOC_ROOT . "/exec/parse_config.ini", $conf);
$script = realpath(defined('PHP_BIN') ? PHP_BIN : PHP) .
" -c " . realpath(PHP_CONF) .
" -f " . realpath(DOC_ROOT . "/exec/parse_host_data_collection.php");
$script = realpath(defined('PHP_BIN') ? PHP_BIN : PHP) . " -c " . realpath(PHP_CONF) . " -f " . realpath(DOC_ROOT . "/exec/parse_host_data_collection.php");
if (substr(strtolower(PHP_OS), 0, 3) == 'win') {
$shell = new COM("WScript.Shell");
$shell->CurrentDirectory = DOC_ROOT;
$shell->run($script, 0, false);
}
elseif (substr(strtolower(PHP_OS), 0, 3) == 'lin') {
} elseif (substr(strtolower(PHP_OS), 0, 3) == 'lin') {
exec("$script > /dev/null &");
}
else {
} else {
Sagacity_Error::err_handler("Unknown OS: " . PHP_OS);
}
header("Location: /ste/");
}
/**
* function to import PDI CSV file to database
*/
public function import_PDI_CSV() {
public function import_PDI_CSV()
{
$db = new db();
$handle = fopen(DOC_ROOT . "/tmp/All-PDI-Catalog.csv", "r");
@ -245,7 +243,7 @@ EOF;
$ref = $ref[0];
}
if (!is_null($ref)) {
if (! is_null($ref)) {
$pdi = new pdi($ref->get_PDI_ID(), $catalog['cat_lvl'], "NOW");
$pdi->set_Short_Title($catalog['short_title']);
$pdi->set_Group_Title($catalog['short_title']);
@ -254,10 +252,10 @@ EOF;
if ($catalog['ia_controls']) {
$ia_controls = array();
foreach (explode(" ", $catalog['ia_controls']) as $ia) {
$ia_controls[] = new ia_control($ref->get_PDI_ID(), substr($ia, 0, -2), substr($ia, -1));
$ia_controls[] = new ia_control($ref->get_PDI_ID(), substr($ia, 0, - 2), substr($ia, - 1));
}
if (!$db->save_IA_Control($ia_controls)) {
if (! $db->save_IA_Control($ia_controls)) {
print "error updating ia controls on id: " . $ref->get_ID() . "<br />";
}
}
@ -266,15 +264,13 @@ EOF;
if ($catalog['retina_id']) {
$retina = new retina($ref->get_PDI_ID(), $catalog['retina_id']);
if (!$db->save_Retina($retina)) {
if (! $db->save_Retina($retina)) {
print "error updating retina id: " . $catalog['retina_id'] . "<br />";
}
}
// Vul_ID
if ($catalog['vul_id']) {
}
if ($catalog['vul_id']) {}
if ($catalog['sv_rule_id']) {
$sv_rule = array();
@ -282,7 +278,7 @@ EOF;
$sv_rule[] = new sv_rule($ref->get_PDI_ID(), $rule);
}
if (!$db->save_SV_Rule($sv_rule)) {
if (! $db->save_SV_Rule($sv_rule)) {
print "error updating sv rule on pdi: " . $ref->get_ID() . "<br />";
}
}
@ -290,12 +286,11 @@ EOF;
if ($catalog['nessus_id']) {
$nessus = new nessus($ref->get_PDI_ID(), $catalog['nessus_id']);
if (!$db->save_Nessus($nessus)) {
if (! $db->save_Nessus($nessus)) {
print "error updating nessus id: " . $catalog['nessus_id'] . "<br />";
}
}
}
else {
} else {
$pdi = new pdi(0, $catalog['cat_lvl'], "NOW");
$pdi->set_Short_Title($catalog['short_title']);
$pdi->set_Group_Title($catalog['short_title']);
@ -322,10 +317,10 @@ EOF;
if ($catalog['ia_controls']) {
$ia_controls = array();
foreach (explode(" ", $catalog['ia_controls']) as $ia) {
$ia_controls[] = new ia_control($pdi_id, substr($ia, 0, -2), substr($ia, -1));
$ia_controls[] = new ia_control($pdi_id, substr($ia, 0, - 2), substr($ia, - 1));
}
if (!$db->save_IA_Control($ia_controls)) {
if (! $db->save_IA_Control($ia_controls)) {
print "error updating ia controls on pdi_id: " . $ref->get_ID() . "<br />";
}
}
@ -334,15 +329,13 @@ EOF;
if ($catalog['retina_id']) {
$retina = new retina($pdi_id, $catalog['retina_id']);
if (!$db->save_Retina($retina)) {
if (! $db->save_Retina($retina)) {
print "error updating retina id: " . $catalog['retina_id'] . "<br />";
}
}
// Vul_ID
if ($catalog['vul_id']) {
}
if ($catalog['vul_id']) {}
// sv_rule
if ($catalog['sv_rule_id']) {
@ -351,7 +344,7 @@ EOF;
$sv_rule[] = new sv_rule($pdi_id, $rule);
}
if (!$db->save_SV_Rule($sv_rule)) {
if (! $db->save_SV_Rule($sv_rule)) {
print "error updating sv rule on pdi: " . $ref->get_ID() . "<br />";
}
}
@ -359,7 +352,7 @@ EOF;
if ($catalog['nessus_id']) {
$nessus = new nessus($pdi_id, $catalog['nessus_id']);
if (!$db->save_Nessus($nessus)) {
if (! $db->save_Nessus($nessus)) {
print "error updating nessus id: " . $catalog['nessus_id'] . "<br />";
}
}
@ -373,29 +366,25 @@ EOF;
* runs script net-SRR.pl
* exports a csv format file
*/
public function net_SRR() {
}
public function net_SRR()
{}
/**
* function for unix SRR conversion to csv
* runs script unix-xml-to-echecklist.pl
* runs script unix-srr-to-csv.pl
*/
public function unix_srr_to_csv() {
}
public function unix_srr_to_csv()
{}
/**
* Function to import DISA STIG content to database
*
* @param array $request
*/
public function import_STIG_XML($request = array()) {
$script = realpath(defined('PHP_BIN') ? PHP_BIN : PHP) . " " .
realpath(DOC_ROOT . "/exec/background_stigs.php") . " " .
(isset($request['delete']) ? ' --delete' : '') .
(isset($request['override']) ? " --ia" : "");
public function import_STIG_XML($request = array())
{
$script = realpath(defined('PHP_BIN') ? PHP_BIN : PHP) . " " . realpath(DOC_ROOT . "/exec/background_stigs.php") . " " . (isset($request['delete']) ? ' --delete' : '') . (isset($request['override']) ? " --ia" : "");
$shell = new COM("WScript.Shell");
$shell->CurrentDirectory = DOC_ROOT . "/exec";
@ -407,7 +396,8 @@ EOF;
/**
* Function to convert a retina CSV to an eChecklist and store on database
*/
public function retina_csv_echecklist() {
public function retina_csv_echecklist()
{
$files = glob('*.csv');
$db = new db();
@ -426,7 +416,8 @@ EOF;
* function to import golddisk info into scans table
* runs script golddisk-xml-to-echecklist.pl
*/
public function golddisk_xml_echecklist() {
public function golddisk_xml_echecklist()
{
$files = glob('*.xml');
$db = new db();
@ -442,9 +433,9 @@ EOF;
}
/**
*
*/
public function import_IAVM_CVE() {
public function import_IAVM_CVE()
{
$filename = '../tmp/iavm-to-cve(u).xml';
$xml = simplexml_load_file($filename);
$db = new db();
@ -484,8 +475,7 @@ EOF;
$golddisk = new golddisk($pdi_id, $vms_id, $title);
$db->save_GoldDisk($golddisk);
}
else {
} else {
$pdi_id = $pdi->get_PDI_ID();
}
@ -515,122 +505,108 @@ EOF;
$url = $row[9];
if (strpos($ref, 'Microsoft') !== false) {
$x++;
$x ++;
$type = 'Microsoft';
$ret = preg_match('/(MS\d{2}\-\d{3}|KB\d{6,7}|\d{6,7})/', $ref, $match);
if (count($match)) {
$id = $match[1];
}
}
elseif (strpos($ref, 'Adobe') !== false) {
$x++;
} elseif (strpos($ref, 'Adobe') !== false) {
$x ++;
$type = 'Adobe';
$ret = preg_match('/(APSA\d{2}\-\d{2}|APSB\d{2}\-\d{2})/', $ref, $match);
if (count($match)) {
$id = $match[1];
}
}
elseif (strpos($ref, 'Apache') !== false) {
$x++;
} elseif (strpos($ref, 'Apache') !== false) {
$x ++;
$type = 'Apache';
$ret = preg_match('/(CVE\-\d{4}\-\d{4}|S\d\-\d{3})/', $ref, $match);
if (count($match)) {
$id = $match[1];
}
}
elseif (strpos($ref, 'CERT') !== false) {
$x++;
} elseif (strpos($ref, 'CERT') !== false) {
$x ++;
$type = 'US-CERT';
$match = array();
if (strpos($url, 'techalerts') !== false) {
$ret = preg_match('/(TA\d{2}\-\d{3}\s).html/', $url, $match);
}
elseif (strpos($url, 'vuls') !== false) {
} elseif (strpos($url, 'vuls') !== false) {
$ret = preg_match('/([^\/]+)$/', $url, $match);
}
if (count($match)) {
$id = $match[1];
}
}
elseif (strpos($ref, 'Cisco') !== false) {
$x++;
} elseif (strpos($ref, 'Cisco') !== false) {
$x ++;
$type = 'Cisco';
$ret = preg_match('/([^\/]+)(\.s?html)$/', $url, $match);
if (count($match) > 0) {
$id = $match[1];
}
else {
} else {
$ret = preg_match('/([^\/]+)$/', $url, $match);
if (count($match)) {
$id = $match[1];
}
}
}
elseif (strpos($ref, 'Citrix') !== false) {
$x++;
} elseif (strpos($ref, 'Citrix') !== false) {
$x ++;
$type = 'Citrix';
$ret = preg_match('/([^\/]+)$/', $url, $match);
if (count($match)) {
$id = $match[1];
}
}
elseif (strpos($ref, 'Debian') !== false) {
$x++;
} elseif (strpos($ref, 'Debian') !== false) {
$x ++;
$type = 'Debian';
$ret = preg_match('/([^\/]+)$/', $url, $match);
if (count($match)) {
$id = $match[1];
}
}
elseif (strpos($ref, 'HP') !== false) {
$x++;
} elseif (strpos($ref, 'HP') !== false) {
$x ++;
$type = 'HP';
$ret = preg_match('/(HPSB\S+\ SSRT\S+)[\ ?\)?]/', $ref, $match);
if (count($match)) {
$id = $match[1];
}
else {
} else {
$ret = preg_match('/(HPSB\S+)[\ ?\)?]/', $ref, $match);
if (count($match)) {
$id = $match[1];
}
}
}
elseif (strpos($ref, 'IBM') !== false) {
$x++;
} elseif (strpos($ref, 'IBM') !== false) {
$x ++;
$type = 'IBM';
$ret = preg_match('/(\d{5,8})/', $ref, $match);
if (count($match)) {
$id = $match[1];
}
else {
} else {
$ret = preg_match('/([^\=|\/]+)$/', $url, $match);
if (count($match)) {
$id = $match[1];
}
}
}
elseif (strpos($ref, 'Juniper') !== false) {
$x++;
} elseif (strpos($ref, 'Juniper') !== false) {
$x ++;
$type = 'Juniper';
$ret = preg_match('/(PSN\-\d{4}\-\d{2}\-\d{3}|JSA\d{5})/', $url, $match);
if (count($match)) {
$id = $match[1];
}
}
elseif (strpos($ref, 'Oracle') !== false) {
$x++;
} elseif (strpos($ref, 'Oracle') !== false) {
$x ++;
$type = 'Oracle';
$url = basename($url);
$ret = preg_match('/([\S]+)\.html/', $url, $match);
@ -638,98 +614,86 @@ EOF;
if (count($match)) {
$id = $match[1];
}
}
elseif (strpos($ref, 'McAfee') !== false) {
$x++;
} elseif (strpos($ref, 'McAfee') !== false) {
$x ++;
$type = 'McAfee';
$query = parse_query($url);
if (count($match)) {
$id = isset($query['id']) ? $query['id'] : '';
}
}
elseif (strpos($ref, 'Red Hat') !== false) {
$x++;
} elseif (strpos($ref, 'Red Hat') !== false) {
$x ++;
$type = 'Red Hat';
$ret = preg_match('/([^\/]+)\.html/', $url, $match);
if (count($match)) {
$id = $match[1];
}
}
elseif (strpos($ref, 'Secunia') !== false) {
$x++;
} elseif (strpos($ref, 'Secunia') !== false) {
$x ++;
$type = 'Secunia';
$ret = preg_match('/([^\/]+)\/([^\/]+)\/?$/', $url, $match);
if (count($match)) {
if ($match[2] == 'advisory') {
$id = $match[1];
}
elseif (is_numeric($match[1]) && count($match[2]) == 1) {
} elseif (is_numeric($match[1]) && count($match[2]) == 1) {
$id = $match[1];
}
else {
} else {
$id = $match[2];
}
}
}
elseif (strpos($url, 'securitytracker') !== false) {
$x++;
} elseif (strpos($url, 'securitytracker') !== false) {
$x ++;
$type = 'Security Tracker';
$ret = preg_match('/([^\/]+)\.html$/', $url, $match);
if (count($match)) {
$id = $match[1];
}
}
elseif (strpos($ref, 'SecurityFocus') !== false) {
$x++;
} elseif (strpos($ref, 'SecurityFocus') !== false) {
$x ++;
$type = 'SecurityFocus';
$ret = preg_match('/([^\/]+)\/?$/', $url, $match);
if (count($match)) {
if ($match[1] != 'info') {
$id = $match[1];
}
else {
} else {
$ret = preg_match('/([^\/]+)\/info/', $url, $match);
$id = $match[1];
}
}
}
elseif (strpos($ref, 'Sun') !== false) {
$x++;
} elseif (strpos($ref, 'Sun') !== false) {
$x ++;
$type = 'Sun';
$query = parse_query($url);
$id = isset($query['assetkey']) ? $query['assetkey'] : '';
if (!$id) {
if (! $id) {
$ret = preg_match('/([^\/]+)$/', parse_url($url, PHP_URL_PATH), $match);
$id = $match[1];
}
}
elseif (strpos($ref, 'Symantec') !== false) {
$x++;
} elseif (strpos($ref, 'Symantec') !== false) {
$x ++;
$type = 'Symantec';
$ret = preg_match('/(\d{5}|SYM\d{2}\-\d{3})/', $ref, $match);
if (count($match)) {
$id = $match[1];
}
}
elseif (strpos($url, 'ZDI') !== false) {
$x++;
} elseif (strpos($url, 'ZDI') !== false) {
$x ++;
$type = 'ZDI';
$ret = preg_match('/([^\/]+)(\.html|\/)$/', $url, $match);
if (count($match)) {
$id = $match[1];
}
}
elseif (strpos($ref, 'Wireshark') !== false) {
$x++;
} elseif (strpos($ref, 'Wireshark') !== false) {
$x ++;
$type = 'Wireshark';
$ret = preg_match('/([^\/]+)\.html$/', $url, $match);
@ -744,7 +708,8 @@ EOF;
* @param string $in
* @return multitype:Ambigous <>
*/
public function parse_query($in) {
public function parse_query($in)
{
/**
* Use this function to parse out the query array element from
* the output of parse_url().
@ -764,7 +729,8 @@ EOF;
/**
* Function for fixing a DISA OVAL file
*/
public function fix_Oval() {
public function fix_Oval()
{
chdir("../tmp");
$files = glob("*-oval.xml");
$ret = '';
@ -772,18 +738,16 @@ EOF;
foreach ($files as $file) {
$xml = new DOMDocument();
if (!$xml->load($file)) {
if (! $xml->load($file)) {
error_log("error reading xml file");
}
$xml->formatOutput = true;
$xml->preserveWhiteSpace = true;
$const_arr = null;
$variables = $xml->getElementsByTagName("variables")
->item(0);
$variables = $xml->getElementsByTagName("variables")->item(0);
$first_node = $variables->firstChild;
while ($node = $xml->getElementsByTagName("external_variable")
->item(0)) {
while ($node = $xml->getElementsByTagName("external_variable")->item(0)) {
$id = $node->getAttribute("id");
$id = explode(':', $id)[3];
@ -833,10 +797,9 @@ EOF;
}
}
private function getElementById($doc, $id) {
private function getElementById($doc, $id)
{
$xpath = new DOMXPath($doc);
return $xpath->query("//*[@id='$id']")
->item(0);
return $xpath->query("//*[@id='$id']")->item(0);
}
}

9270
db_schema.json
View File

File diff suppressed because it is too large Load Diff

2
exec/background_results.php
View File

@ -237,7 +237,7 @@ do {
}
while ($dbh->get_Running_Script_Count($conf['ste']));
if (!$debug) {
if (!$debug && file_exists(DOC_ROOT . "/exec/parse_config.ini")) {
unlink(DOC_ROOT . "/exec/parse_config.ini");
}

7
exec/export-ckl.php
View File

@ -190,10 +190,11 @@ if ($tgt_count = count($tgts)) {
$total_stigs += $pdi_count = (is_array($pdis) ? count($pdis) : 0);
$count = 0;
$findings = $db->get_Finding($tgt);
foreach ($pdis as $pdi) {
$find = $db->get_Finding($tgt, new stig($pdi['pdi_id'], $pdi['STIG_ID'], null));
if (is_array($find) && count($find) && isset($find[0]) && is_a($find[0], 'finding')) {
$find = $find[0];
if (isset($findings[$pdi['pdi_id']])) {
$find = $findings[$pdi['pdi_id']];
}
$sev = 'low';

34
exec/parse_excel_echecklist.php
View File

@ -25,6 +25,7 @@
* - Aug 28, 2017 - Fixed couple minor bugs
* - Jan 15, 2018 - Formatting, reorganized use statements, and cleaned up
* - May 24, 2018 - Attempt to fix bug #413
* - Nov 6, 2018 - performance improvements, ensure duplicate findings are not created, make eChecklist true status, update for removing findings.id
*/
$cmd = getopt("f:", ['debug::', 'help::']);
set_time_limit(0);
@ -126,7 +127,7 @@ foreach ($objSS->getWorksheetIterator() as $wksht) {
continue;
}
$scan->isTerminated();
$scan->isTerminated();
$log->notice("Reading from {$wksht->getTitle()}");
@ -155,6 +156,7 @@ $scan->isTerminated();
$short_title_col = Coordinate::stringFromColumnIndex($idx['short_title']);
$row_count = $highestRow = $wksht->getHighestDataRow() - 10;
$highestCol = $wksht->getHighestDataColumn(10);
$tgt_findings = [];
for ($col = 'F' ; $col != $highestCol ; $col++) {
$cell = $wksht->getCell($col . '10');
@ -219,7 +221,9 @@ $scan->isTerminated();
$scan->add_Target_to_Host_List($hl);
}
if (preg_match('/Overall/i', $cell->getValue())) {
$tgt_findings[$tgt->get_ID()] = $db->get_Finding($tgt);
if (preg_match('/overall/i', $cell->getValue())) {
$log->debug("Found overall: {$cell->getColumn()}");
break;
}
@ -294,34 +298,24 @@ $scan->isTerminated();
$status = $wksht->getCell(Coordinate::stringFromColumnIndex($idx['target'] + $x) . $row->getRowIndex())
->getValue();
$log->debug("{$tgt->get_Name()} {$stig->get_ID()} ($status)");
$finding = $db->get_Finding($tgt, $stig);
if (is_array($finding) && count($finding) && isset($finding[0]) && is_a($finding[0], 'finding')) {
$findings = $tgt_findings[$tgt->get_ID()];
if (is_array($findings) && count($findings) && isset($findings[$stig->get_PDI_ID()]) && is_a($findings[$stig->get_PDI_ID()], 'finding')) {
/** @var finding $tmp */
$tmp = $finding[0];
$tmp = $findings[$stig->get_PDI_ID()];
if(preg_match("/Not a Finding|Not Applicable/i", $status)) {
$ds = $tmp->get_Deconflicted_Status($status);
$tmp->set_Finding_Status_By_String($ds);
}
else {
$tmp->set_Finding_Status_By_String($status);
}
$tmp->set_Notes($notes);
$tmp->set_Category($cat_lvl);
$updated_findings[] = $tmp;
}
else {
$tmp = new finding(null, $tgt->get_ID(), $stig->get_PDI_ID(), $scan->get_ID(), $status, $notes, null, null, null);
$tmp = new finding($tgt->get_ID(), $stig->get_PDI_ID(), $scan->get_ID(), $status, $notes, null, null, null);
$tmp->set_Category($cat_lvl);
$new_findings[] = $tmp;
}
$log->debug("{$tgt->get_Name()} {$stig->get_ID()} ({$tmp->get_Finding_Status_String()})");
$x++;
}
@ -347,10 +341,8 @@ $scan->isTerminated();
}
}
/**
* @var host_list $h
*/
foreach($host_list as $h) {
/** @var host_list $h */
foreach($scan->get_Host_List() as $h) {
$db->update_Target_Counts($h->getTargetId());
}

6
exec/parse_host_data_collection.php
View File

@ -112,10 +112,8 @@ foreach ($files as $file) {
$scan_id = 0;
foreach ($findings as $key => $find) {
if (false) {
$find = new finding();
}
/** @var finding $find */
foreach ($findings as $find) {
$ret = array();
if ($find->get_Scan_ID()) {
$scan_id = $find->get_Scan_ID();

6
exec/parse_mssql.php
View File

@ -181,10 +181,8 @@ class mssql_parser extends scan_xml_parser {
// check for finding
$finding = $this->db->get_Finding($this->tgt, $this->stig);
if (is_array($finding) && count($finding)) {
/** @var finding $finding */
$finding = $finding[0];
if (false) {
$finding = new finding();
}
$finding->prepend_Notes("(MSSQL) " . $this->notes);
if ($finding->get_Finding_Status_String() != "Not Reviewed" && $finding->get_Finding_Status_String() != $this->status) {
@ -199,7 +197,7 @@ class mssql_parser extends scan_xml_parser {
$this->updated_findings[$finding->get_PDI_ID()] = $finding;
}
else {
$finding = new finding(null, $this->tgt->get_ID(), $this->stig->get_PDI_ID(), $this->scan->get - ID(), $this->status, $this->notes, finding::NC, "MSSQL", 1);
$finding = new finding($this->tgt->get_ID(), $this->stig->get_PDI_ID(), $this->scan->get - ID(), $this->status, $this->notes, finding::NC, "MSSQL", 1);
$this->new_findings[$this->stig->get_PDI_ID()] = $finding;
}

10
exec/parse_nessus.php
View File

@ -1142,7 +1142,7 @@ class nessus_parser extends scan_xml_parser
}
}
else {
$tmp = new finding(null, $this->tgt->get_ID(), $this->plugin->result->stig->get_PDI_ID(), $this->scan->get_ID(), $this->plugin->result->status, "[{$this->tgt->get_Name()}]: {$note}", finding::NC, "Nessus", 1);
$tmp = new finding($this->tgt->get_ID(), $this->plugin->result->stig->get_PDI_ID(), $this->scan->get_ID(), $this->plugin->result->status, "[{$this->tgt->get_Name()}]: {$note}", finding::NC, "Nessus", 1);
if (!is_null($pdi)) {
$tmp->set_Category($pdi->get_Category_Level());
}
@ -1178,7 +1178,7 @@ class nessus_parser extends scan_xml_parser
$stig = new stig($pdi_id, $this->plugin->result->stig, $this->plugin->desc);
$this->db->add_Stig($stig);
$tmp = new finding(null, $this->tgt->get_ID(), $pdi->get_ID(), $this->scan->get_ID(), $this->plugin->result->status, "[" . $this->tgt->get_Name() . "]: " . $note, finding::NC, "Nessus", 1);
$tmp = new finding($this->tgt->get_ID(), $pdi->get_ID(), $this->scan->get_ID(), $this->plugin->result->status, "[" . $this->tgt->get_Name() . "]: " . $note, finding::NC, "Nessus", 1);
$tmp->set_Category($this->plugin->result->cat);
if (isset($this->new_findings[$tmp->get_PDI_ID()])) {
@ -1215,10 +1215,8 @@ class nessus_parser extends scan_xml_parser
}
if (is_a($finding, 'finding')) {
/** @var finding $finding */
$this->log->script_log("Updating finding");
if (false) {
$finding = new finding();
}
if ($this->debug) {
$this->log->script_log("Finding exists: " . print_r($finding, true), E_DEBUG);
}
@ -1265,7 +1263,7 @@ class nessus_parser extends scan_xml_parser
}
else {
$this->log->script_log("Adding new finding");
$tmp = new finding(null, $this->tgt->get_ID(), $this->plugin->db_plugin->get_PDI_ID(), $this->scan->get_ID(), $this->plugin->result->status, $note, finding::NC, "Nessus", 1);
$tmp = new finding($this->tgt->get_ID(), $this->plugin->db_plugin->get_PDI_ID(), $this->scan->get_ID(), $this->plugin->result->status, $note, finding::NC, "Nessus", 1);
$tmp->set_Category($this->plugin->result->cat);
$this->new_findings[$tmp->get_PDI_ID()] = $tmp;

55
exec/parse_nvd_json_cve.php
View File

@ -49,7 +49,7 @@ $log = new Logger("nvd_cve");
$log->pushHandler(new StreamHandler(LOG_PATH . "/nvd_cve.log", $log_level));
$db = new db();
$json = json_decode(file_get_contents($cmd['f']));
$json = json_decode(file_get_contents($cmd['f']), true);
$existing_cves = [];
$db->help->select("cve_db", ['cve_id']);
@ -60,19 +60,21 @@ if (is_array($cves) && count($cves)) {
}
}
print "Currently " . count($existing_cves) . " in DB" . PHP_EOL . "Parsing: " . count($json->CVE_Items) . " items" . PHP_EOL;
print "Currently " . count($existing_cves) . " in DB" . PHP_EOL . "Parsing: " . count($json['CVE_Items']) . " items" . PHP_EOL;
$db_cpes = [];
$db_cpes23 = [];
$new_cves = [];
$new_cve_refs = [];
$sw_rows = [];
$new = 0;
$existing = 0;
$db->help->select("software", ['id', 'cpe']);
$db->help->select("software", ['id', 'cpe', 'cpe23']);
$rows = $db->help->execute();
foreach ($rows as $row) {
$db_cpes["{$row['cpe']}"] = $row['id'];
$db_cpes23["{$row['cpe23']}"] = $row['id'];
}
$cve_fields = [
@ -82,24 +84,22 @@ $ref_fields = [
'cve_seq', 'source', 'url', 'val'
];
foreach ($json->CVE_Items as $cve) {
if (!isset($existing_cves["{$cve->cve->CVE_data_meta->ID}"])) {
$log->debug("Adding {$cve->cve->CVE_data_meta->ID}");
foreach ($json['CVE_Items'] as $cve) {
if (!isset($existing_cves["{$cve['cve']['CVE_data_meta']['ID']}"])) {
$log->debug("Adding {$cve['cve']['CVE_data_meta']['ID']}");
$new++;
$desc = [];
$status = null;
$phase = null;
$cpes = [];
$name = $cve->cve->CVE_data_meta->ID;
$type = $cve->cve->data_type;
$seq = $cve->cve->CVE_data_meta->ID;
$pd = new DateTime($cve->publishedDate);
$lmd = new DateTime($cve->lastModifiedDate);
$name = $cve['cve']['CVE_data_meta']['ID'];
$seq = $cve['cve']['CVE_data_meta']['ID'];
$pd = new DateTime($cve['publishedDate']);
if (is_array($cve->cve->description->description_data) && count($cve->cve->description->description_data)) {
foreach ($cve->cve->description->description_data as $d) {
$desc[] = $d->value;
if (is_array($cve['cve']['description']['description_data']) && count($cve['cve']['description']['description_data'])) {
foreach ($cve['cve']['description']['description_data'] as $d) {
$desc[] = $d['value'];
}
}
@ -107,24 +107,21 @@ foreach ($json->CVE_Items as $cve) {
$name, $seq, $status, $phase, $pd, implode(PHP_EOL, $desc)
];
if (is_array($cve->cve->references->reference_data) && count($cve->cve->references->reference_data)) {
foreach ($cve->cve->references->reference_data as $ref) {
$log->debug("Adding reference {$ref->url}");
if (is_array($cve['cve']['references']['reference_data']) && count($cve['cve']['references']['reference_data'])) {
foreach ($cve['cve']['references']['reference_data'] as $ref) {
$log->debug("Adding reference {$ref['url']}");
$new_cve_refs[] = [
$name, null, $ref->url, null
$name, null, $ref['url'], null
];
}
}
if (is_array($cve->configurations->nodes) && count($cve->configurations->nodes)) {
foreach ($cve->configurations->nodes as $n) {
if (isset($n->cpe) && is_array($n->cpe) && count($n->cpe)) {
foreach ($n->cpe as $cpe) {
if (isset($cpe->cpe22Uri)) {
$cpes[] = $cpe->cpe22Uri;
}
elseif (isset($cpe->cpeMatchString)) {
$cpes[] = $cpe->cpeMatchString;
if(is_array($cve['configurations']['nodes']) && count($cve['configurations']['nodes'])) {
foreach($cve['configurations']['nodes'] as $n) {
if(isset($n['cpe_match']) && is_array($n['cpe_match']) && count($n['cpe_match'])) {
foreach($n['cpe_match'] as $c) {
if($c['vulnerable'] && $c['cpe23Uri']) {
$cpes[] = $c['cpe23Uri'];
}
}
}
@ -135,6 +132,8 @@ foreach ($json->CVE_Items as $cve) {
foreach ($cpes as $cpe) {
if (isset($db_cpes["{$cpe}"])) {
$sw_rows[] = [$name, $db_cpes["{$cpe}"]];
} elseif (isset($db_cpes23["{$cpe}"])) {
$sw_rows[] = [$name, $db_cpes23["{$cpe}"]];
}
}
}
@ -185,7 +184,7 @@ if (count($sw_rows)) {
$db->help->execute();
}
unlink($cmd['f']);
//unlink($cmd['f']);
print PHP_EOL;

10
exec/parse_scc_xccdf.php
View File

@ -104,8 +104,6 @@ class scc_parser extends scan_xml_parser
var $found_rule = false;
var $log = null;
/**
* Constructor
*
@ -665,9 +663,7 @@ class scc_parser extends scan_xml_parser
*/
if (is_array($existing_findings) && count($existing_findings) && isset($existing_findings[$pdi_id])) {
/**
* @var finding $finding
*/
/** @var finding $finding */
$finding = $existing_findings[$pdi_id];
$finding->set_Finding_Status_By_String($finding->get_Deconflicted_Status($group['status']));
@ -679,7 +675,7 @@ class scc_parser extends scan_xml_parser
$update_findings[$pdi_id] = $finding;
} else {
$new_findings[$pdi_id] = new finding(null, $this->tgt->get_ID(), $pdi_id, $this->scan->get_ID(), $group['status'], $note, finding::NC, null, 1);
$new_findings[$pdi_id] = new finding($this->tgt->get_ID(), $pdi_id, $this->scan->get_ID(), $group['status'], $note, finding::NC, null, 1);
}
}
@ -689,11 +685,11 @@ class scc_parser extends scan_xml_parser
$hl->setTargetId($this->tgt->get_ID());
$hl->setTargetName($this->tgt->get_Name());
$hl->setFindingCount(count($new_findings) + count($update_findings));
$hl->setScanError(false);
$this->db->update_Target_Counts($this->tgt->get_ID());
$this->scan->add_Target_to_Host_List($hl);
$this->db->update_Scan_Host_List($this->scan);
}
}

4491
inc/database.inc
View File

File diff suppressed because it is too large Load Diff

8
inc/xml_parser.inc
View File

@ -178,7 +178,7 @@ class scan_xml_parser
/**
* The previous stack element
*
* @var unknown
* @var string
*/
var $previous = null;
@ -192,9 +192,9 @@ class scan_xml_parser
/**
* Construct
*
* @param unknown $obj_in
* @param unknown $ste_id_in
* @param unknown $scan_fname
* @param mixed $obj_in
* @param int $ste_id_in
* @param string $scan_fname
*/
function __construct($obj_in, $ste_id_in, $scan_fname)
{

6
ste/export.php
View File

@ -43,9 +43,12 @@ use PhpOffice\PhpSpreadsheet\Writer\Ods;
use PhpOffice\PhpSpreadsheet\Writer\Csv;
use PhpOffice\PhpSpreadsheet\Writer\Html;
use PhpOffice\PhpSpreadsheet\Cell\Coordinate;
use PhpOffice\PhpSpreadsheet\Worksheet;
use Monolog\Logger;
use Monolog\Handler\StreamHandler;
global $conditions, $validation, $borders;
set_time_limit(0);
$db = new db();
$emass_ccis = null;
@ -137,7 +140,6 @@ $host_status = array(
foreach ($findings as $worksheet_name => $data) {
$log->debug("Looping through worksheet $worksheet_name");
$chk_arr = [];
$named_range = '';
// Build the "Checklist" cell string with titles of all checklists on this worksheet
foreach ($data['checklists'] as $key => $chk_id) {
@ -354,7 +356,7 @@ $log->debug("Writing complete");
/**
* Update the header on the worksheet
*
* @param \PhpOffice\PhpSpreadsheet\Worksheet $sheet
* @param Worksheet $sheet
* @param array:integer $tgts
* @param db $db
*/

2
ste/index.php
View File

@ -604,7 +604,7 @@ include_once 'header.inc';
</form>
<form method='post' action='#' style='margin-left: 20px;'
onsubmit="$('#submit').attr('disabled', true);return true;" id='host-list-form'>
onsubmit="if(!$('#host-list-file').val()){return false;}$('#submit').attr('disabled', true);return true;" id='host-list-form'>
<div style='font-weight:400;color:red;'>Must keep 'host-list' as part of the filename</div>
<input type='hidden' name='file' id='host-list-file' style='display:none;' />
<input type='hidden' name='action' value='import_host_list' />