From 52159a16a66c458ee948d2e8bcac03dd5113d4ef Mon Sep 17 00:00:00 2001 From: Ryan Prather Date: Fri, 16 Nov 2018 13:39:23 -0500 Subject: [PATCH] Fix for bug #34 Import was deleted because export was changed to JSON format instead of XML, will have to rebuild --- data/ste_export_import.php | 769 +++++++++++++------------------------ 1 file changed, 257 insertions(+), 512 deletions(-) diff --git a/data/ste_export_import.php b/data/ste_export_import.php index 66dcf75..430eaed 100644 --- a/data/ste_export_import.php +++ b/data/ste_export_import.php @@ -22,6 +22,7 @@ * - Apr 5, 2017 - Formatting * - Dec 19, 2017 - Converted from XML to JSON format export/import * - Jan 16, 2018 - Updated to use host_list class + * - Nov 19, 2018 - Fixed bug from changes to get_Category_Findings method * * @TODO - Change to export and import CPE */ @@ -31,562 +32,306 @@ include_once 'database.inc'; $db = new db(); -$cmd = getopt("f::", array("import::")); +$cmd = getopt("f::", [ + "import::", + "export::" +]); if (isset($_REQUEST['export'])) { - if (!isset($_REQUEST['ste'])) { - print "You must select an ST&E Back"; - exit; - } + if (! isset($_REQUEST['ste'])) { + print "You must select an ST&E Back"; + exit(); + } - if ($_REQUEST['export'] == 'Export STE') { - export_STE(); - } - elseif ($_REQUEST['export'] == 'Export Host List') { - export_Host_List(); - } -} -elseif (isset($cmd['import'])) { - import_STE(); -} -else { - print "Usage: php ste_export_import.php -f=\"{path_to_ste_import_file}\" --import" . PHP_EOL; + if ($_REQUEST['export'] == 'Export STE') { + export_STE(); + } elseif ($_REQUEST['export'] == 'Export Host List') { + export_Host_List(); + } +} elseif (isset($cmd['import'])) { + import_STE(); +} else { + print "Usage: php ste_export_import.php -f=\"{path_to_ste_import_file}\" --import" . PHP_EOL; } /** * Function to export an ST&E */ -function export_STE() { - set_time_limit(0); - global $db; +function export_STE() +{ + set_time_limit(0); + global $db; - $log = new Sagacity_Error("STE_Export.log"); + $log = new Sagacity_Error("STE_Export.log"); - $ste = $db->get_STE($_REQUEST['ste'])[0]; - $json = [ - 'ste' => [ - 'id' => $ste->get_ID(), - 'system_id' => $ste->get_System()->get_ID(), - 'site_id' => $ste->get_Site()->get_ID(), - 'eval_start' => $ste->get_Eval_Start_Date()->format("Y-m-d"), - 'eval_end' => $ste->get_Eval_End_Date()->format("Y-m-d") - ], - 'systems' => [], - 'site' => [], - 'ste_cats' => [], - 'targets' => [], - 'scans' => [], - 'tech_findings' => [], - 'proc_findings' => [] - ]; - - $system_arr = $db->get_System($ste->get_System()->get_ID()); - foreach ($system_arr as $key => $sys) { - $json['systems'][] = [ - 'id' => $sys->get_ID(), - 'name' => $sys->get_Name(), - 'mac' => $sys->get_MAC(), - 'classification' => $sys->get_Classification(), - 'abbr' => $sys->get_Abbreviation(), - 'exec-summary' => $sys->get_Executive_Summary(), - 'accrediation-type' => $sys->get_Accreditation_Type(), - 'desc' => $sys->get_Description(), - 'mitigations' => $sys->get_Mitigations() - ]; - } - - $json['site'] = [ - 'id' => $ste->get_Site()->get_ID(), - 'name' => $ste->get_Site()->get_Name(), - 'address' => $ste->get_Site()->get_Address(), - 'city' => $ste->get_Site()->get_City(), - 'state' => $ste->get_Site()->get_State(), - 'zip' => $ste->get_Site()->get_Zip(), - 'country' => $ste->get_Site()->get_Country(), - 'poc' => $ste->get_Site()->get_POC_Name(), - 'email' => $ste->get_Site()->get_POC_Email(), - 'phone' => $ste->get_Site()->get_POC_Phone() - ]; - - $cat_arr = $db->get_STE_Cat_List($ste->get_ID()); - foreach ($cat_arr as $key => $cat) { - $json['ste_cats'][] = [ - 'id' => $cat->get_ID(), - 'ste_id' => $cat->get_STE_ID(), - 'name' => $cat->get_Name(), - 'analyst' => $cat->get_Analyst() - ]; - } - - $all_findings = []; - $targets_arr = $db->get_Target_Details($ste->get_ID()); - $used_cats = []; - if (empty($targets_arr)) { - $log->script_log("There are no targets in the ST&E", E_ERROR); - } - foreach ($targets_arr as $key => $tgt) { - if (!in_array($tgt->get_Cat_ID(), $used_cats)) { - $all_findings = array_merge($all_findings, $db->get_Category_Findings($tgt->get_Cat_ID())); - $used_cats[] = $tgt->get_Cat_ID(); - } - $os = $db->get_Software($tgt->get_OS_ID())[0]; - - $tgt_node = [ - 'id' => $tgt->get_ID(), - 'ste_id' => $tgt->get_STE_ID(), - 'cat_id' => $tgt->get_Cat_ID(), - 'os_id' => $tgt->get_OS_ID(), - 'os_string' => $tgt->get_OS_String(), - 'os_man' => $os->get_Man(), - 'os_name' => $os->get_Name(), - 'os_ver' => $os->get_Version(), - 'name' => $tgt->get_Name(), - 'location' => $tgt->get_Location(), - 'source' => $tgt->get_Source(), - 'pp_flag' => '0', - 'pp_off' => '1', - 'login' => $tgt->get_Login(), - 'class' => $tgt->classification, - 'status' => [ - 'auto' => $tgt->get_Auto_Status_ID(), - 'manual' => $tgt->get_Man_Status_ID(), - 'data' => $tgt->get_Data_Status_ID(), - 'fp_cat1' => $tgt->get_FP_Cat1_Status_ID() - ], - 'notes' => $tgt->get_Notes(), - 'netstat' => $tgt->get_Netstat_Connections(), - 'missing_patches' => $tgt->get_Missing_Patches(), - 'interfaces' => [], - 'software_list' => [], - 'checklist_list' => [] + $ste = $db->get_STE($_REQUEST['ste'])[0]; + $json = [ + 'ste' => [ + 'id' => $ste->get_ID(), + 'system_id' => $ste->get_System()->get_ID(), + 'site_id' => $ste->get_Site()->get_ID(), + 'eval_start' => $ste->get_Eval_Start_Date()->format("Y-m-d"), + 'eval_end' => $ste->get_Eval_End_Date()->format("Y-m-d") + ], + 'systems' => [], + 'site' => [], + 'ste_cats' => [], + 'targets' => [], + 'scans' => [], + 'tech_findings' => [], + 'proc_findings' => [] ]; - foreach ($tgt->interfaces as $int) { - $int_node = [ - 'id' => $int->get_ID(), - 'name' => $int->get_Name(), - 'ipv4' => $int->get_IPv4(), - 'ipv6' => $int->get_IPv6(), - 'hostname' => $int->get_Hostname(), - 'fqdn' => $int->get_FQDN(), - 'desc' => $int->get_Description(), - 'tcp_ports' => [], - 'udp_ports' => [] - ]; - - foreach ($int->get_TCP_Ports() as $tcp) { - $int_node['tcp_ports'][] = [ - 'number' => $tcp->get_Port(), - 'name' => $tcp->get_IANA_Name(), - 'banner' => $tcp->get_Banner(), - 'notes' => $tcp->get_Notes() + $system_arr = $db->get_System($ste->get_System() + ->get_ID()); + foreach ($system_arr as $sys) { + $json['systems'][] = [ + 'id' => $sys->get_ID(), + 'name' => $sys->get_Name(), + 'mac' => $sys->get_MAC(), + 'classification' => $sys->get_Classification(), + 'abbr' => $sys->get_Abbreviation(), + 'exec-summary' => $sys->get_Executive_Summary(), + 'accrediation-type' => $sys->get_Accreditation_Type(), + 'desc' => $sys->get_Description(), + 'mitigations' => $sys->get_Mitigations() ]; - } + } - foreach ($int->get_UDP_Ports() as $udp) { - $int_node['udp_ports'][] = [ - 'number' => $udp->get_Port(), - 'name' => $udp->get_IANA_Name(), - 'banner' => $udp->get_Banner(), - 'notes' => $udp->get_Notes() + $json['site'] = [ + 'id' => $ste->get_Site()->get_ID(), + 'name' => $ste->get_Site()->get_Name(), + 'address' => $ste->get_Site()->get_Address(), + 'city' => $ste->get_Site()->get_City(), + 'state' => $ste->get_Site()->get_State(), + 'zip' => $ste->get_Site()->get_Zip(), + 'country' => $ste->get_Site()->get_Country(), + 'poc' => $ste->get_Site()->get_POC_Name(), + 'email' => $ste->get_Site()->get_POC_Email(), + 'phone' => $ste->get_Site()->get_POC_Phone() + ]; + + $cat_arr = $db->get_STE_Cat_List($ste->get_ID()); + foreach ($cat_arr as $cat) { + $json['ste_cats'][] = [ + 'id' => $cat->get_ID(), + 'ste_id' => $cat->get_STE_ID(), + 'name' => $cat->get_Name(), + 'analyst' => $cat->get_Analyst() ]; - } - - $tgt_node['interfaces'][] = $int_node; } - foreach ($tgt->software as $sw) { - $tgt_node['software_list'][] = [ - 'id' => $sw->get_ID(), - 'man' => $sw->get_Man(), - 'name' => $sw->get_Name(), - 'ver' => $sw->get_Version(), - 'string' => $sw->get_SW_String(), - 'short_string' => $sw->get_Shortened_SW_String() - ]; + $all_findings = []; + $targets_arr = $db->get_Target_Details($ste->get_ID()); + $used_cats = []; + if (empty($targets_arr)) { + $log->script_log("There are no targets in the ST&E", E_ERROR); } + foreach ($targets_arr as $tgt) { + if (! in_array($tgt->get_Cat_ID(), $used_cats)) { + $all_findings = array_merge($all_findings, $db->get_Category_Findings($tgt->get_Cat_ID())); + $used_cats[] = $tgt->get_Cat_ID(); + } + $os = $db->get_Software($tgt->get_OS_ID())[0]; - foreach ($tgt->checklists as $chk) { - $tgt_node['checklist_list'][] = [ - 'id' => $chk->get_ID(), - 'checklist_id' => $chk->get_Checklist_ID(), - 'type' => $chk->get_type(), - 'class' => $chk->get_Classification(), - 'version' => $chk->get_Version(), - 'release' => $chk->get_Release() - ]; - } - - $json['targets'][] = $tgt_node; - } - - if (!is_null($scan_arr = $db->get_ScanData($ste->get_ID()))) { - foreach ($scan_arr as $scan) { - $scan_node = [ - 'id' => $scan->get_ID(), - 'ste_id' => $scan->get_STE()->get_ID(), - 'src_id' => $scan->get_Source()->get_ID(), - 'itr' => $scan->get_Itr(), - 'file_name' => $scan->get_File_Name(), - 'file_date' => $scan->get_File_Date(), - 'host_list' => [] - ]; - - foreach ($scan->get_Host_List() as $host) { - $scan_node['host_list'][] = [ - 'tgt_id' => $host['target']->get_ID(), - 'tgt_name' => $host['target']->get_Name(), - 'count' => $host['count'] + $tgt_node = [ + 'id' => $tgt->get_ID(), + 'ste_id' => $tgt->get_STE_ID(), + 'cat_id' => $tgt->get_Cat_ID(), + 'os_id' => $tgt->get_OS_ID(), + 'os_string' => $tgt->get_OS_String(), + 'os_man' => $os->get_Man(), + 'os_name' => $os->get_Name(), + 'os_ver' => $os->get_Version(), + 'name' => $tgt->get_Name(), + 'location' => $tgt->get_Location(), + 'source' => $tgt->get_Source(), + 'pp_flag' => '0', + 'pp_off' => '1', + 'login' => $tgt->get_Login(), + 'class' => $tgt->classification, + 'status' => [ + 'auto' => $tgt->get_Auto_Status_ID(), + 'manual' => $tgt->get_Man_Status_ID(), + 'data' => $tgt->get_Data_Status_ID(), + 'fp_cat1' => $tgt->get_FP_Cat1_Status_ID() + ], + 'notes' => $tgt->get_Notes(), + 'netstat' => $tgt->get_Netstat_Connections(), + 'missing_patches' => $tgt->get_Missing_Patches(), + 'interfaces' => [], + 'software_list' => [], + 'checklist_list' => [] ]; - } - $json['scans'][] = $scan_node; - } - } + foreach ($tgt->interfaces as $int) { + $int_node = [ + 'id' => $int->get_ID(), + 'name' => $int->get_Name(), + 'ipv4' => $int->get_IPv4(), + 'ipv6' => $int->get_IPv6(), + 'hostname' => $int->get_Hostname(), + 'fqdn' => $int->get_FQDN(), + 'desc' => $int->get_Description(), + 'tcp_ports' => [], + 'udp_ports' => [] + ]; - foreach ($all_findings as $worksheet_name => $data) { - foreach ($data['stigs'] as $stig_id => $data2) { - $stig = $db->get_Stig($stig_id); - if (is_array($stig) && count($stig) && isset($stig[0]) && is_a($stig[0], 'stig')) { - $stig = $stig[0]; - } - else { - continue; - } + foreach ($int->get_TCP_Ports() as $tcp) { + $int_node['tcp_ports'][] = [ + 'number' => $tcp->get_Port(), + 'name' => $tcp->get_IANA_Name(), + 'banner' => $tcp->get_Banner(), + 'notes' => $tcp->get_Notes() + ]; + } - $ec = $db->get_eChecklist($stig, $data2['chk_id']); + foreach ($int->get_UDP_Ports() as $udp) { + $int_node['udp_ports'][] = [ + 'number' => $udp->get_Port(), + 'name' => $udp->get_IANA_Name(), + 'banner' => $udp->get_Banner(), + 'notes' => $udp->get_Notes() + ]; + } - $find_node = [ - 'stig_id' => $stig->get_ID(), - 'vms_id' => $ec->get_VMS_ID(), - 'cat' => $ec->get_Cat_Level_String(), - 'short_title' => $ec->get_Short_Title(), - 'check_contents' => $ec->get_Check_Contents(), - 'notes' => $data2['notes'], - 'target_status' => [], - 'ia_controls' => [] - ]; - - foreach ($data['target_list'] as $host_name => $col_id) { - $tgt = $db->get_Target_Details($ste->get_ID(), $host_name)[0]; - $finding = $db->get_Finding($tgt, $stig)[0]; - - if (is_null($finding)) { - continue; + $tgt_node['interfaces'][] = $int_node; } - $find_node['target_status'][] = [ - 'tgt_name' => $host_name, - 'status' => (isset($data2[$host_name]) ? $data2[$host_name] : 'Not Applicable'), - 'scan_id' => $finding->get_Scan_ID() - ]; - } + foreach ($tgt->software as $sw) { + $tgt_node['software_list'][] = [ + 'id' => $sw->get_ID(), + 'man' => $sw->get_Man(), + 'name' => $sw->get_Name(), + 'ver' => $sw->get_Version(), + 'string' => $sw->get_SW_String(), + 'short_string' => $sw->get_Shortened_SW_String() + ]; + } - foreach ($data2['ia_control'] as $ia) { - $find_node['ia_controls'] = $ia; - } + foreach ($tgt->checklists as $chk) { + $tgt_node['checklist_list'][] = [ + 'id' => $chk->get_ID(), + 'checklist_id' => $chk->get_Checklist_ID(), + 'type' => $chk->get_type(), + 'class' => $chk->get_Classification(), + 'version' => $chk->get_Version(), + 'release' => $chk->get_Release() + ]; + } - $json['tech_findings'][] = $find_node; + $json['targets'][] = $tgt_node; } - } - header(JSON); - header('Content-disposition: attachment; filename="' . $sys->get_Name() . '-' . $ste->get_Site()->get_Name() . '-ste-export.json"'); - print json_encode($json, JSON_PRETTY_PRINT); + if (! is_null($scan_arr = $db->get_ScanData($ste->get_ID()))) { + foreach ($scan_arr as $scan) { + $scan_node = [ + 'id' => $scan->get_ID(), + 'ste_id' => $scan->get_STE()->get_ID(), + 'src_id' => $scan->get_Source()->get_ID(), + 'itr' => $scan->get_Itr(), + 'file_name' => $scan->get_File_Name(), + 'file_date' => $scan->get_File_Date(), + 'host_list' => [] + ]; + + foreach ($scan->get_Host_List() as $host) { + /** @var host_list $host */ + $scan_node['host_list'][] = [ + 'tgt_id' => $host->getTargetId(), + 'tgt_name' => $host->getTargetName(), + 'count' => $host->getFindingCount() + ]; + } + + $json['scans'][] = $scan_node; + } + } + + foreach ($all_findings as $data) { + foreach ($data['stigs'] as $stig_id => $data2) { + $stig = $db->get_Stig($stig_id); + if (is_array($stig) && count($stig) && isset($stig[0]) && is_a($stig[0], 'stig')) { + $stig = $stig[0]; + } else { + continue; + } + + $ec = $db->get_eChecklist($stig, $data2['chk_id']); + + $find_node = [ + 'stig_id' => $stig->get_ID(), + 'vms_id' => $ec->get_VMS_ID(), + 'cat' => $ec->get_Cat_Level(), + 'short_title' => $ec->get_Short_Title(), + 'check_contents' => $ec->get_Check_Contents(), + 'notes' => trim($data2['echecklist']->get_Notes()), + 'target_status' => [], + 'ia_controls' => $data2['echecklist']->get_IA_Controls() + ]; + + unset($data['stigs'][$stig_id]['echecklist']); + unset($data['stigs'][$stig_id]['chk_id']); + + foreach ($data['stigs'][$stig_id] as $host_name => $status) { + $find_node['target_status'][] = [ + 'tgt_name' => $host_name, + 'status' => $status, + //'scan_id' => $finding->get_Scan_ID() + ]; + } + + $json['tech_findings'][] = $find_node; + } + } + + header(JSON); + header('Content-disposition: attachment; filename="' . $sys->get_Name() . '-' . $ste->get_Site()->get_Name() . '-ste-export.json"'); + print json_encode($json, JSON_PRETTY_PRINT); } /** * Function to export the hosts in an ST&E */ -function export_Host_List() { - global $db; - $csv = "Target ID,Name,HostName,IPv4,FQDN,OS" . PHP_EOL; +function export_Host_List() +{ + global $db; + $csv = "Target ID,Name,HostName,IPv4,FQDN,OS" . PHP_EOL; - $ste = $db->get_STE($_REQUEST['ste'])[0]; + $ste = $db->get_STE($_REQUEST['ste'])[0]; - $tgts = $db->get_Target_Details($_REQUEST['ste']); + $tgts = $db->get_Target_Details($_REQUEST['ste']); - foreach ($tgts as $key => $tgt) { - $csv .= $tgt->get_ID() . "," . $tgt->get_Name() . ","; + foreach ($tgts as $tgt) { + $csv .= $tgt->get_ID() . "," . $tgt->get_Name() . ","; - $int_str = ''; - $fqdn_str = ''; - $host_str = ''; - foreach ($tgt->interfaces as $key2 => $int) { - if (false) { - $int = new interfaces(); - } - $host_str .= $int->get_Hostname() . ","; - $int_str .= $int->get_IPv4() . ","; - $fqdn_str .= $int->get_FQDN() . ","; + $int_str = ''; + $fqdn_str = ''; + $host_str = ''; + foreach ($tgt->interfaces as $int) { + /** @var interfaces $int */ + $host_str .= $int->get_Hostname() . ","; + $int_str .= $int->get_IPv4() . ","; + $fqdn_str .= $int->get_FQDN() . ","; + } + $host_str = substr($host_str, 0, - 1); + $int_str = substr($int_str, 0, - 1); + $fqdn_str = substr($fqdn_str, 0, - 1); + + $csv .= "\"$host_str\",\"$int_str\",\"$fqdn_str\","; + + $os = $db->get_Software($tgt->get_OS_ID())[0]; + $csv .= $os->get_Man() . " " . $os->get_Name() . " " . $os->get_Version() . PHP_EOL; } - $host_str = substr($host_str, 0, -1); - $int_str = substr($int_str, 0, -1); - $fqdn_str = substr($fqdn_str, 0, -1); - $csv .= "\"$host_str\",\"$int_str\",\"$fqdn_str\","; - - $os = $db->get_Software($tgt->get_OS_ID())[0]; - $csv .= $os->get_Man() . " " . $os->get_Name() . " " . $os->get_Version() . PHP_EOL; - } - - header('Content-type: plain/text'); - header('Content-disposition: attachment; filename="' . $ste->get_System()->get_Name() . '-' . $ste->get_Site()->get_Name() . '-host-list.csv"'); - print $csv; + header('Content-type: plain/text'); + header('Content-disposition: attachment; filename="' . $ste->get_System()->get_Name() . '-' . $ste->get_Site()->get_Name() . '-host-list.csv"'); + print $csv; } /** * Function to import an ST&E */ -function import_STE() { - global $cmd, $db; - set_time_limit(0); - $base_name = basename($cmd['f']); - include_once 'helper.inc'; - $log = new Sagacity_Error($cmd['f']); - - if (!file_exists($cmd['f'])) { - $log->script_log("File not found", E_ERROR); - } - - $xml = new DOMDocument(); - $ste_cat_arr = array(); - $all_scans = array(); - $all_tgts = array(); - - if (!$xml->load($cmd['f'])) { - $log->script_log("Error loading XML", E_ERROR); - } - - $site_node = getValue($xml, "/root/site", null, true); - - if ($site_node->length) { - $site_node = $site_node->item(0); - $site = $db->get_Site($site_node->getAttribute("name")); - if (is_array($site) && count($site)) { - $site = $site[0]; - print "Existing site " . $site->get_Name() . PHP_EOL; - } - else { - print "Adding new site " . $site_node->getAttribute("name") . PHP_EOL; - $site = new site(null, $site_node->getAttribute("name"), $site_node->getAttribute("address"), $site_node->getAttribute("city"), $site_node->getAttribute("state"), $site_node->getAttribute("zip"), $site_node->getAttribute("country"), $site_node->getAttribute("poc_name"), $site_node->getAttribute("poc_email"), $site_node->getAttribute("poc_phone")); - - $site->set_ID($db->save_Site($site)); - } - } - else { - $log->script_log("No site associated with this ST&E", E_ERROR); - } - - $sys_nodes = getValue($xml, "/root/systems/system", null, true); - - if ($sys_nodes->length) { - foreach ($sys_nodes as $node) { - $sys = $db->get_System($node->getAttribute("name")); - if (is_array($sys) && count($sys)) { - $sys = $sys[0]; - print "Existing system " . $sys->get_Name() . PHP_EOL; - } - else { - print "Adding new system " . $node->getAttribute("name") . PHP_EOL; - $sys = new system(null, $node->getAttribute("name"), $node->getAttribute("mac"), $node->getAttribute("classified")); - - $sys->set_ID($db->save_System($sys)); - } - } - } - else { - $log->script_log("No system associated with this ST&E", E_ERROR); - } - - $ste_node = getValue($xml, "/root/ste", null, true); - - if ($ste_node->length) { - print "Adding new ST&E" . PHP_EOL; - $ste_node = $ste_node->item(0); - $old_ste_id = $ste_node->getAttribute("id"); - - $ste = new ste(null, $sys->get_ID(), $site->get_Id(), $ste_node->getAttribute("eval_start"), $ste_node->getAttribute("eval_end"), false, 0); - - $ste->set_ID($db->save_STE($ste)); - } - else { - $log->script_log("No ST&E in this export file", E_ERROR); - } - - $cat_nodes = getValue($xml, "/root/ste_cats/cat", null, true); - - if ($cat_nodes->length) { - foreach ($cat_nodes as $node) { - print "Adding new category " . $node->getAttribute("name") . PHP_EOL; - $id = $node->getAttribute('id'); - $ste_cat_arr[$id] = new ste_cat(null, $ste->get_ID(), $node->getAttribute("name"), $node->getAttribute("analysts")); - - $ste_cat_arr[$id]->set_ID($db->save_Category($ste_cat_arr[$id])); - } - } - else { - $log->script_log("There are no categories in this ST&E", E_ERROR); - } - - $tgt_nodes = getValue($xml, "/root/targets/target", null, true); - - if ($tgt_nodes->length) { - foreach ($tgt_nodes as $node) { - print "Adding new target " . $node->getAttribute("name") . PHP_EOL; - $cat_id = $node->getAttribute("cat_id"); - - $os = $db->get_Software([ - 'man' => $node->getAttribute("os_man"), - 'name' => $node->getAttribute("os_name"), - 'ver' => $node->getAttribute("os_ver") - ]); - - if (is_array($os) && count($os)) { - $os = $os[0]; - } - else { - $os = $db->getSoftware(array( - 'man' => 'Generic', - 'name' => 'Generic', - 'ver' => 'N/A' - ), false)[0]; - } - - $statuses = getValue($xml, "status", $node, true)->item(0); - $notes = getValue($xml, "notes", $node); - $netstat = getValue($xml, "netstat_connection", $node); - $patches = getValue($xml, "missing_patches", $node); - $os_string = getValue($xml, "os_string", $node); - - $tgt = new target($node->getAttribute("name")); - $tgt->set_STE_ID($ste->get_ID()); - $tgt->set_Cat_ID($ste_cat_arr[$cat_id]->get_ID()); - $tgt->set_OS_ID($os->get_ID()); - $tgt->set_OS_String($node->getAttribute("os_string")); - $tgt->set_Auto_Status_ID($statuses->getAttribute("auto")); - $tgt->set_Man_Status_ID($statuses->getAttribute("manual")); - $tgt->set_Data_Status_ID($statuses->getAttribute("data")); - $tgt->set_FP_Cat1_Status_ID($statuses->getAttribute("fp_cat1")); - $tgt->set_Location($node->getAttribute("location")); - $tgt->set_Notes($notes); - $tgt->set_Netstat_Connections($netstat); - $tgt->set_Login($node->getAttribute("login")); - $tgt->set_Missing_Patches($patches); - $tgt->set_PP_Flag($node->getAttribute("pp_flag")); - $tgt->set_PP_Suspended($node->getAttribute("pp_off")); - - $ints = getValue($xml, "interfaces/interface", $node, true); - foreach ($ints as $int_node) { - $int = new interfaces(null, null, $int_node->getAttribute("name"), $int_node->getAttribute("ipv4"), $int_node->getAttribute("ipv6"), $int_node->getAttribute("hostname"), $int_node->getAttribute("fqdn"), getValue($xml, "description", $int_node)); - - $tcp_nodes = getValues($xml, "tcp_ports/port", $int_node, true); - foreach ($tcp_nodes as $tcp) { - $int->add_TCP_Ports(new tcp_ports(null, $tcp->getAttribute("number"), $tcp->getAttribute("name"), getValue($xml, "banner", $tcp), getValue($xml, "notes", $tcp))); - } - - $udp_nodes = getValues($xml, "udp_ports/port", $int_node, true); - foreach ($udp_nodes as $udp) { - $int->add_UDP_Ports(new udp_ports(null, $udp->getAttribute("number"), $udp->getAttribute("name"), getValue($xml, "banner", $udp), getValue($xml, "notes", $udp))); - } - - $tgt->interfaces[] = $int; - } - - $sw_nodes = getValue($xml, "software_list/software", $node, true); - foreach ($sw_nodes as $sw) { - $tgt->software[] = $db->get_Software(array( - 'man' => $sw->getAttribute("sw_man"), - 'name' => $sw->getAttribute("sw_name"), - 'ver' => $sw->getAttribute("sw_ver") - ))[0]; - } - - $chk_nodes = getValue($xml, "checklist_list/checklist", $node, true); - foreach ($chk_nodes as $chk) { - $tgt->checklists[] = $db->get_Checklist(array( - 'checklist_id' => $chk->getAttribute('checklist_id'), - 'type' => $chk->getAttribute('type'), - 'version' => $chk->getAttribute('version'), - 'release' => $chk->getAttribute('release') - ))[0]; - } - - $tgt->set_ID($db->save_Target($tgt)); - $all_tgts[$node->getAttribute("id")] = $tgt; - } - } - else { - $log->script_log("No targets were found on this ST&E", E_ERROR); - } - - $scan_nodes = getValue($xml, "/root/scans/scan", null, true); - if ($scan_nodes->length) { - foreach ($scan_nodes as $node) { - $src = $db->get_Sources($node->getAttribute("src_id")); - print "Adding new scan result file " . $node->getAttribute("file_name") . PHP_EOL; - $scan = new scan(null, $src, $ste, $node->getAttribute('itr'), $node->getAttribute("file_name"), $node->getAttribute('file_date')); - - $host_list_nodes = getValue($xml, "host_list", $node, true); - foreach ($host_list_nodes as $host) { - $scan_tgt = $db->get_Target_Details($ste->get_ID(), $host->getAttribute('tgt_name'))[0]; - $hl = new host_list(); - $hl->setTargetId($scan_tgt->get_ID()); - $hl->setTargetName($scan_tgt->get_Name()); - $hl->setFindingCount($host->getAttribute("count")); - $hl->setScanError(false); - - $scan->add_Target_to_Host_List($hl); - } - - $scan->set_ID($db->save_Scan($scan)); - $all_scans[$node->getAttribute("id")] = $scan; - } - } - else { - $log->script_log("No scan result files were found in this ST&E", E_ERROR); - } - - $x = 1; - $finding_nodes = getValue($xml, "/root/tech_findings/finding", null, true); - if ($finding_nodes->length) { - print "Adding findings (total " . $finding_nodes->length . ")" . PHP_EOL; - foreach ($finding_nodes as $node) { - print "."; - if ($x % 100 == 0) { - print "\t$x" . PHP_EOL; - } - - $ia_nodes = getValue($xml, "ia_control", $node, true); - $ia_arr = array(); - foreach ($ia_nodes as $ia) { - $ia_arr[] = $ia->textContent; - } - - $cc = getValue($xml, "check_contents", $node); - - $tgt_status_nodes = getValue($xml, "target_status", $node, true); - foreach ($tgt_status_nodes as $status_node) { - $notes = getValue($xml, "notes", $status_node); - $tgt = $db->get_Target_Details($ste->get_ID(), $status_node->getAttribute("tgt_name"))[0]; - $finding = array( - 0 => $node->getAttribute("stig_id"), - 1 => $node->getAttribute("vms_id"), - 2 => $node->getAttribute("cat"), - 3 => implode(' ', $ia_arr), - 4 => $node->getAttribute("short_title"), - 5 => $status_node->getAttribute("status"), - 6 => $notes, - 7 => $cc, - 8 => '' - ); - - $db->add_Finding($all_scans[$status_node->getAttribute("scan_id")], $tgt, $finding); - } - $x++; - } - } - else { - $log->script_log("No findings were recorded in this ST&E", E_WARNING); - } +function import_STE() +{ }