Fix for bug #34

Import was deleted because export was changed to JSON format instead of XML, will have to rebuild
This commit is contained in:
Ryan Prather 2018-11-16 13:39:23 -05:00
parent f530c5a2a1
commit 52159a16a6

View File

@ -22,6 +22,7 @@
* - Apr 5, 2017 - Formatting * - Apr 5, 2017 - Formatting
* - Dec 19, 2017 - Converted from XML to JSON format export/import * - Dec 19, 2017 - Converted from XML to JSON format export/import
* - Jan 16, 2018 - Updated to use host_list class * - Jan 16, 2018 - Updated to use host_list class
* - Nov 19, 2018 - Fixed bug from changes to get_Category_Findings method
* *
* @TODO - Change to export and import CPE * @TODO - Change to export and import CPE
*/ */
@ -31,32 +32,33 @@ include_once 'database.inc';
$db = new db(); $db = new db();
$cmd = getopt("f::", array("import::")); $cmd = getopt("f::", [
"import::",
"export::"
]);
if (isset($_REQUEST['export'])) { if (isset($_REQUEST['export'])) {
if (! isset($_REQUEST['ste'])) { if (! isset($_REQUEST['ste'])) {
print "You must select an ST&amp;E <a href='javascript:void(0);' onclick='javascript:history.go(-1);'>Back</a>"; print "You must select an ST&amp;E <a href='javascript:void(0);' onclick='javascript:history.go(-1);'>Back</a>";
exit; exit();
} }
if ($_REQUEST['export'] == 'Export STE') { if ($_REQUEST['export'] == 'Export STE') {
export_STE(); export_STE();
} } elseif ($_REQUEST['export'] == 'Export Host List') {
elseif ($_REQUEST['export'] == 'Export Host List') {
export_Host_List(); export_Host_List();
} }
} } elseif (isset($cmd['import'])) {
elseif (isset($cmd['import'])) {
import_STE(); import_STE();
} } else {
else {
print "Usage: php ste_export_import.php -f=\"{path_to_ste_import_file}\" --import" . PHP_EOL; print "Usage: php ste_export_import.php -f=\"{path_to_ste_import_file}\" --import" . PHP_EOL;
} }
/** /**
* Function to export an ST&amp;E * Function to export an ST&amp;E
*/ */
function export_STE() { function export_STE()
{
set_time_limit(0); set_time_limit(0);
global $db; global $db;
@ -80,8 +82,9 @@ function export_STE() {
'proc_findings' => [] 'proc_findings' => []
]; ];
$system_arr = $db->get_System($ste->get_System()->get_ID()); $system_arr = $db->get_System($ste->get_System()
foreach ($system_arr as $key => $sys) { ->get_ID());
foreach ($system_arr as $sys) {
$json['systems'][] = [ $json['systems'][] = [
'id' => $sys->get_ID(), 'id' => $sys->get_ID(),
'name' => $sys->get_Name(), 'name' => $sys->get_Name(),
@ -109,7 +112,7 @@ function export_STE() {
]; ];
$cat_arr = $db->get_STE_Cat_List($ste->get_ID()); $cat_arr = $db->get_STE_Cat_List($ste->get_ID());
foreach ($cat_arr as $key => $cat) { foreach ($cat_arr as $cat) {
$json['ste_cats'][] = [ $json['ste_cats'][] = [
'id' => $cat->get_ID(), 'id' => $cat->get_ID(),
'ste_id' => $cat->get_STE_ID(), 'ste_id' => $cat->get_STE_ID(),
@ -124,7 +127,7 @@ function export_STE() {
if (empty($targets_arr)) { if (empty($targets_arr)) {
$log->script_log("There are no targets in the ST&E", E_ERROR); $log->script_log("There are no targets in the ST&E", E_ERROR);
} }
foreach ($targets_arr as $key => $tgt) { foreach ($targets_arr as $tgt) {
if (! in_array($tgt->get_Cat_ID(), $used_cats)) { if (! in_array($tgt->get_Cat_ID(), $used_cats)) {
$all_findings = array_merge($all_findings, $db->get_Category_Findings($tgt->get_Cat_ID())); $all_findings = array_merge($all_findings, $db->get_Category_Findings($tgt->get_Cat_ID()));
$used_cats[] = $tgt->get_Cat_ID(); $used_cats[] = $tgt->get_Cat_ID();
@ -233,10 +236,11 @@ function export_STE() {
]; ];
foreach ($scan->get_Host_List() as $host) { foreach ($scan->get_Host_List() as $host) {
/** @var host_list $host */
$scan_node['host_list'][] = [ $scan_node['host_list'][] = [
'tgt_id' => $host['target']->get_ID(), 'tgt_id' => $host->getTargetId(),
'tgt_name' => $host['target']->get_Name(), 'tgt_name' => $host->getTargetName(),
'count' => $host['count'] 'count' => $host->getFindingCount()
]; ];
} }
@ -244,13 +248,12 @@ function export_STE() {
} }
} }
foreach ($all_findings as $worksheet_name => $data) { foreach ($all_findings as $data) {
foreach ($data['stigs'] as $stig_id => $data2) { foreach ($data['stigs'] as $stig_id => $data2) {
$stig = $db->get_Stig($stig_id); $stig = $db->get_Stig($stig_id);
if (is_array($stig) && count($stig) && isset($stig[0]) && is_a($stig[0], 'stig')) { if (is_array($stig) && count($stig) && isset($stig[0]) && is_a($stig[0], 'stig')) {
$stig = $stig[0]; $stig = $stig[0];
} } else {
else {
continue; continue;
} }
@ -259,33 +262,25 @@ function export_STE() {
$find_node = [ $find_node = [
'stig_id' => $stig->get_ID(), 'stig_id' => $stig->get_ID(),
'vms_id' => $ec->get_VMS_ID(), 'vms_id' => $ec->get_VMS_ID(),
'cat' => $ec->get_Cat_Level_String(), 'cat' => $ec->get_Cat_Level(),
'short_title' => $ec->get_Short_Title(), 'short_title' => $ec->get_Short_Title(),
'check_contents' => $ec->get_Check_Contents(), 'check_contents' => $ec->get_Check_Contents(),
'notes' => $data2['notes'], 'notes' => trim($data2['echecklist']->get_Notes()),
'target_status' => [], 'target_status' => [],
'ia_controls' => [] 'ia_controls' => $data2['echecklist']->get_IA_Controls()
]; ];
foreach ($data['target_list'] as $host_name => $col_id) { unset($data['stigs'][$stig_id]['echecklist']);
$tgt = $db->get_Target_Details($ste->get_ID(), $host_name)[0]; unset($data['stigs'][$stig_id]['chk_id']);
$finding = $db->get_Finding($tgt, $stig)[0];
if (is_null($finding)) {
continue;
}
foreach ($data['stigs'][$stig_id] as $host_name => $status) {
$find_node['target_status'][] = [ $find_node['target_status'][] = [
'tgt_name' => $host_name, 'tgt_name' => $host_name,
'status' => (isset($data2[$host_name]) ? $data2[$host_name] : 'Not Applicable'), 'status' => $status,
'scan_id' => $finding->get_Scan_ID() //'scan_id' => $finding->get_Scan_ID()
]; ];
} }
foreach ($data2['ia_control'] as $ia) {
$find_node['ia_controls'] = $ia;
}
$json['tech_findings'][] = $find_node; $json['tech_findings'][] = $find_node;
} }
} }
@ -298,7 +293,8 @@ function export_STE() {
/** /**
* Function to export the hosts in an ST&amp;E * Function to export the hosts in an ST&amp;E
*/ */
function export_Host_List() { function export_Host_List()
{
global $db; global $db;
$csv = "Target ID,Name,HostName,IPv4,FQDN,OS" . PHP_EOL; $csv = "Target ID,Name,HostName,IPv4,FQDN,OS" . PHP_EOL;
@ -306,16 +302,14 @@ function export_Host_List() {
$tgts = $db->get_Target_Details($_REQUEST['ste']); $tgts = $db->get_Target_Details($_REQUEST['ste']);
foreach ($tgts as $key => $tgt) { foreach ($tgts as $tgt) {
$csv .= $tgt->get_ID() . "," . $tgt->get_Name() . ","; $csv .= $tgt->get_ID() . "," . $tgt->get_Name() . ",";
$int_str = ''; $int_str = '';
$fqdn_str = ''; $fqdn_str = '';
$host_str = ''; $host_str = '';
foreach ($tgt->interfaces as $key2 => $int) { foreach ($tgt->interfaces as $int) {
if (false) { /** @var interfaces $int */
$int = new interfaces();
}
$host_str .= $int->get_Hostname() . ","; $host_str .= $int->get_Hostname() . ",";
$int_str .= $int->get_IPv4() . ","; $int_str .= $int->get_IPv4() . ",";
$fqdn_str .= $int->get_FQDN() . ","; $fqdn_str .= $int->get_FQDN() . ",";
@ -338,255 +332,6 @@ function export_Host_List() {
/** /**
* Function to import an ST&amp;E * Function to import an ST&amp;E
*/ */
function import_STE() { function import_STE()
global $cmd, $db; {
set_time_limit(0);
$base_name = basename($cmd['f']);
include_once 'helper.inc';
$log = new Sagacity_Error($cmd['f']);
if (!file_exists($cmd['f'])) {
$log->script_log("File not found", E_ERROR);
}
$xml = new DOMDocument();
$ste_cat_arr = array();
$all_scans = array();
$all_tgts = array();
if (!$xml->load($cmd['f'])) {
$log->script_log("Error loading XML", E_ERROR);
}
$site_node = getValue($xml, "/root/site", null, true);
if ($site_node->length) {
$site_node = $site_node->item(0);
$site = $db->get_Site($site_node->getAttribute("name"));
if (is_array($site) && count($site)) {
$site = $site[0];
print "Existing site " . $site->get_Name() . PHP_EOL;
}
else {
print "Adding new site " . $site_node->getAttribute("name") . PHP_EOL;
$site = new site(null, $site_node->getAttribute("name"), $site_node->getAttribute("address"), $site_node->getAttribute("city"), $site_node->getAttribute("state"), $site_node->getAttribute("zip"), $site_node->getAttribute("country"), $site_node->getAttribute("poc_name"), $site_node->getAttribute("poc_email"), $site_node->getAttribute("poc_phone"));
$site->set_ID($db->save_Site($site));
}
}
else {
$log->script_log("No site associated with this ST&E", E_ERROR);
}
$sys_nodes = getValue($xml, "/root/systems/system", null, true);
if ($sys_nodes->length) {
foreach ($sys_nodes as $node) {
$sys = $db->get_System($node->getAttribute("name"));
if (is_array($sys) && count($sys)) {
$sys = $sys[0];
print "Existing system " . $sys->get_Name() . PHP_EOL;
}
else {
print "Adding new system " . $node->getAttribute("name") . PHP_EOL;
$sys = new system(null, $node->getAttribute("name"), $node->getAttribute("mac"), $node->getAttribute("classified"));
$sys->set_ID($db->save_System($sys));
}
}
}
else {
$log->script_log("No system associated with this ST&E", E_ERROR);
}
$ste_node = getValue($xml, "/root/ste", null, true);
if ($ste_node->length) {
print "Adding new ST&E" . PHP_EOL;
$ste_node = $ste_node->item(0);
$old_ste_id = $ste_node->getAttribute("id");
$ste = new ste(null, $sys->get_ID(), $site->get_Id(), $ste_node->getAttribute("eval_start"), $ste_node->getAttribute("eval_end"), false, 0);
$ste->set_ID($db->save_STE($ste));
}
else {
$log->script_log("No ST&E in this export file", E_ERROR);
}
$cat_nodes = getValue($xml, "/root/ste_cats/cat", null, true);
if ($cat_nodes->length) {
foreach ($cat_nodes as $node) {
print "Adding new category " . $node->getAttribute("name") . PHP_EOL;
$id = $node->getAttribute('id');
$ste_cat_arr[$id] = new ste_cat(null, $ste->get_ID(), $node->getAttribute("name"), $node->getAttribute("analysts"));
$ste_cat_arr[$id]->set_ID($db->save_Category($ste_cat_arr[$id]));
}
}
else {
$log->script_log("There are no categories in this ST&E", E_ERROR);
}
$tgt_nodes = getValue($xml, "/root/targets/target", null, true);
if ($tgt_nodes->length) {
foreach ($tgt_nodes as $node) {
print "Adding new target " . $node->getAttribute("name") . PHP_EOL;
$cat_id = $node->getAttribute("cat_id");
$os = $db->get_Software([
'man' => $node->getAttribute("os_man"),
'name' => $node->getAttribute("os_name"),
'ver' => $node->getAttribute("os_ver")
]);
if (is_array($os) && count($os)) {
$os = $os[0];
}
else {
$os = $db->getSoftware(array(
'man' => 'Generic',
'name' => 'Generic',
'ver' => 'N/A'
), false)[0];
}
$statuses = getValue($xml, "status", $node, true)->item(0);
$notes = getValue($xml, "notes", $node);
$netstat = getValue($xml, "netstat_connection", $node);
$patches = getValue($xml, "missing_patches", $node);
$os_string = getValue($xml, "os_string", $node);
$tgt = new target($node->getAttribute("name"));
$tgt->set_STE_ID($ste->get_ID());
$tgt->set_Cat_ID($ste_cat_arr[$cat_id]->get_ID());
$tgt->set_OS_ID($os->get_ID());
$tgt->set_OS_String($node->getAttribute("os_string"));
$tgt->set_Auto_Status_ID($statuses->getAttribute("auto"));
$tgt->set_Man_Status_ID($statuses->getAttribute("manual"));
$tgt->set_Data_Status_ID($statuses->getAttribute("data"));
$tgt->set_FP_Cat1_Status_ID($statuses->getAttribute("fp_cat1"));
$tgt->set_Location($node->getAttribute("location"));
$tgt->set_Notes($notes);
$tgt->set_Netstat_Connections($netstat);
$tgt->set_Login($node->getAttribute("login"));
$tgt->set_Missing_Patches($patches);
$tgt->set_PP_Flag($node->getAttribute("pp_flag"));
$tgt->set_PP_Suspended($node->getAttribute("pp_off"));
$ints = getValue($xml, "interfaces/interface", $node, true);
foreach ($ints as $int_node) {
$int = new interfaces(null, null, $int_node->getAttribute("name"), $int_node->getAttribute("ipv4"), $int_node->getAttribute("ipv6"), $int_node->getAttribute("hostname"), $int_node->getAttribute("fqdn"), getValue($xml, "description", $int_node));
$tcp_nodes = getValues($xml, "tcp_ports/port", $int_node, true);
foreach ($tcp_nodes as $tcp) {
$int->add_TCP_Ports(new tcp_ports(null, $tcp->getAttribute("number"), $tcp->getAttribute("name"), getValue($xml, "banner", $tcp), getValue($xml, "notes", $tcp)));
}
$udp_nodes = getValues($xml, "udp_ports/port", $int_node, true);
foreach ($udp_nodes as $udp) {
$int->add_UDP_Ports(new udp_ports(null, $udp->getAttribute("number"), $udp->getAttribute("name"), getValue($xml, "banner", $udp), getValue($xml, "notes", $udp)));
}
$tgt->interfaces[] = $int;
}
$sw_nodes = getValue($xml, "software_list/software", $node, true);
foreach ($sw_nodes as $sw) {
$tgt->software[] = $db->get_Software(array(
'man' => $sw->getAttribute("sw_man"),
'name' => $sw->getAttribute("sw_name"),
'ver' => $sw->getAttribute("sw_ver")
))[0];
}
$chk_nodes = getValue($xml, "checklist_list/checklist", $node, true);
foreach ($chk_nodes as $chk) {
$tgt->checklists[] = $db->get_Checklist(array(
'checklist_id' => $chk->getAttribute('checklist_id'),
'type' => $chk->getAttribute('type'),
'version' => $chk->getAttribute('version'),
'release' => $chk->getAttribute('release')
))[0];
}
$tgt->set_ID($db->save_Target($tgt));
$all_tgts[$node->getAttribute("id")] = $tgt;
}
}
else {
$log->script_log("No targets were found on this ST&E", E_ERROR);
}
$scan_nodes = getValue($xml, "/root/scans/scan", null, true);
if ($scan_nodes->length) {
foreach ($scan_nodes as $node) {
$src = $db->get_Sources($node->getAttribute("src_id"));
print "Adding new scan result file " . $node->getAttribute("file_name") . PHP_EOL;
$scan = new scan(null, $src, $ste, $node->getAttribute('itr'), $node->getAttribute("file_name"), $node->getAttribute('file_date'));
$host_list_nodes = getValue($xml, "host_list", $node, true);
foreach ($host_list_nodes as $host) {
$scan_tgt = $db->get_Target_Details($ste->get_ID(), $host->getAttribute('tgt_name'))[0];
$hl = new host_list();
$hl->setTargetId($scan_tgt->get_ID());
$hl->setTargetName($scan_tgt->get_Name());
$hl->setFindingCount($host->getAttribute("count"));
$hl->setScanError(false);
$scan->add_Target_to_Host_List($hl);
}
$scan->set_ID($db->save_Scan($scan));
$all_scans[$node->getAttribute("id")] = $scan;
}
}
else {
$log->script_log("No scan result files were found in this ST&E", E_ERROR);
}
$x = 1;
$finding_nodes = getValue($xml, "/root/tech_findings/finding", null, true);
if ($finding_nodes->length) {
print "Adding findings (total " . $finding_nodes->length . ")" . PHP_EOL;
foreach ($finding_nodes as $node) {
print ".";
if ($x % 100 == 0) {
print "\t$x" . PHP_EOL;
}
$ia_nodes = getValue($xml, "ia_control", $node, true);
$ia_arr = array();
foreach ($ia_nodes as $ia) {
$ia_arr[] = $ia->textContent;
}
$cc = getValue($xml, "check_contents", $node);
$tgt_status_nodes = getValue($xml, "target_status", $node, true);
foreach ($tgt_status_nodes as $status_node) {
$notes = getValue($xml, "notes", $status_node);
$tgt = $db->get_Target_Details($ste->get_ID(), $status_node->getAttribute("tgt_name"))[0];
$finding = array(
0 => $node->getAttribute("stig_id"),
1 => $node->getAttribute("vms_id"),
2 => $node->getAttribute("cat"),
3 => implode(' ', $ia_arr),
4 => $node->getAttribute("short_title"),
5 => $status_node->getAttribute("status"),
6 => $notes,
7 => $cc,
8 => ''
);
$db->add_Finding($all_scans[$status_node->getAttribute("scan_id")], $tgt, $finding);
}
$x++;
}
}
else {
$log->script_log("No findings were recorded in this ST&E", E_WARNING);
}
} }