From 684d1e4b1928c6d61a997bd1aa1ea798ccc1fd65 Mon Sep 17 00:00:00 2001 From: Ryan Prather Date: Wed, 26 Sep 2018 10:41:20 -0400 Subject: [PATCH] Enhancement to add #11 --- exec/installer.php | 4 +++- import.php | 2 +- inc/header.inc | 2 +- results/index.php | 12 ++++++------ setup.php | 7 +++++++ ste/export.php | 26 ++++++++++++++++++++------ 6 files changed, 38 insertions(+), 15 deletions(-) diff --git a/exec/installer.php b/exec/installer.php index 22937ce..5075dca 100644 --- a/exec/installer.php +++ b/exec/installer.php @@ -40,7 +40,8 @@ $db_step = [ 'sample-data' => ['filter' => FILTER_VALIDATE_BOOLEAN], 'cpe' => ['filter' => FILTER_VALIDATE_BOOLEAN], 'cve' => ['filter' => FILTER_VALIDATE_BOOLEAN], - 'stig' => ['filter' => FILTER_VALIDATE_BOOLEAN] + 'stig' => ['filter' => FILTER_VALIDATE_BOOLEAN], + 'update-freq' => ['filter' => FILTER_VALIDATE_INT, 'flag' => FILTER_NULL_ON_FAILURE] ]; $company_step = [ 'company' => $params, @@ -148,6 +149,7 @@ function save_Database($params) my_str_replace("{PHP_CONF}", realpath(php_ini_loaded_file()), $config); my_str_replace("{DB_SERVER}", $params['db-server'], $config); my_str_replace("{DB_BIN}", $mysql, $config); + my_str_replace("'{UPDATE_FREQ}'", $params['update-freq'], $config); my_str_replace("@new", "@step1", $config); if (!file_exists($params['tmp-path'])) { diff --git a/import.php b/import.php index 0f0202b..d6d6ed0 100644 --- a/import.php +++ b/import.php @@ -91,7 +91,7 @@ }, success: function (data) { if ($('#toggle_refresh').html() == 'Stop Refresh' && !to) { - to = setTimeout(update_script_status, 3000); + to = setTimeout(update_script_status, ); } }, error: function (xhr, status, error) { diff --git a/inc/header.inc b/inc/header.inc index a8be9d9..1f5450f 100644 --- a/inc/header.inc +++ b/inc/header.inc @@ -190,7 +190,7 @@ if (!$nasl['nasl-count']) { } if (reload) { - setTimeout(getLoadStatus, 1000); + setTimeout(getLoadStatus, ); } else { $('#db-err').remove(); diff --git a/results/index.php b/results/index.php index d7a8988..3d41f76 100644 --- a/results/index.php +++ b/results/index.php @@ -160,7 +160,7 @@ $stes = $db->get_STE(); var audio = new Audio("complete.mp3"); $(function () { - to = setTimeout(update_script_status, 3000); + to = setTimeout(update_script_status, ); table = $('#results-table').DataTable({ 'columnDefs': [{'orderable': false, 'targets': [2, 5]}], 'stripeClasses': ['odd_row', 'even_row'], @@ -285,12 +285,12 @@ $stes = $db->get_STE(); $(this).removeClass('mouseover-scan'); }); if ($('#toggle_refresh').val() === 'Stop Refresh') { - to = setTimeout(update_script_status, 3000); + to = setTimeout(update_script_status, ); } }, error: function (xhr, status, error) { if ($('#toggle_refresh').val() === 'Stop Refresh') { - to = setTimeout(update_script_status, 3000); + to = setTimeout(update_script_status, ); } }, dataType: 'json', @@ -309,7 +309,7 @@ $stes = $db->get_STE(); to = null; } else { - to = setTimeout(update_script_status, 3000); + to = setTimeout(update_script_status, ); $('#toggle_refresh').val('Stop Refresh'); } } @@ -510,14 +510,14 @@ $stes = $db->get_STE(); method: 'post' }); if ($('#toggle_refresh').val() === 'Stop Refresh') { - to = setTimeout(update_script_status, 3000); + to = setTimeout(update_script_status, ); } $(this).dialog('close'); }, Cancel: function () { $(this).dialog('close'); if ($('#toggle_refresh').val() === 'Stop Refresh') { - to = setTimeout(update_script_status, 3000); + to = setTimeout(update_script_status, ); } } } diff --git a/setup.php b/setup.php index e9a7a96..dcae3d1 100644 --- a/setup.php +++ b/setup.php @@ -58,6 +58,9 @@ if(!is_writable(dirname(__FILE__) . "/inc")) { if(!file_exists(dirname(__FILE__) . "/logs")) { mkdir(dirname(__FILE__) . "/logs"); } +elseif(!is_writable(dirname(__FILE__) . "/logs")) { + die("Sagacity needs write access to the /logs directory to create system and scanner log files"); +} if (!function_exists('openssl_encrypt')) { print <<Password File:
+ + +
diff --git a/ste/export.php b/ste/export.php index e118d32..4ad2f9b 100644 --- a/ste/export.php +++ b/ste/export.php @@ -48,8 +48,6 @@ use Monolog\Handler\StreamHandler; set_time_limit(0); $db = new db(); -$checklists = []; -$x = 0; $emass_ccis = null; $log_level = convert_log_level(); $chk_hosts = filter_input_array(INPUT_POST, 'chk_host'); @@ -204,7 +202,6 @@ foreach ($findings as $worksheet_name => $data) { foreach ($data['stigs'] as $stig_id => $tgt_status) { $log->debug("Running through STIG $stig_id", $tgt_status); $ia_controls_string = null; - $notes = ''; // If $do_rmf is set, replace CCIs w/ eMASS RMF Control and build string to // insert into IA Controls cell, otherwise just use CCIs. @@ -231,7 +228,7 @@ foreach ($findings as $worksheet_name => $data) { ->setCellValue("B{$row}", $tgt_status['echecklist']->get_VMS_ID()) ->setCellValue("C{$row}", $tgt_status['echecklist']->get_Cat_Level_String()) ->setCellValue("D{$row}", $ia_controls_string) - ->setCellValue("E{$row}", str_replace("\\n", "\n", html_entity_decode($tgt_status['echecklist']->get_Short_Title()))); + ->setCellValue("E{$row}", deduplicateString($tgt_status['echecklist']->get_Short_Title())); $log->debug("Added STIG info ($stig_id), not to targets"); foreach ($data['target_list'] as $host_name => $col_id) { @@ -262,8 +259,8 @@ foreach ($findings as $worksheet_name => $data) { ->setConditionalStyles([$conditions['true'], $conditions['false']]); //->setDataValidation($validation['true_false']); - $sheet->setCellValue($notes_col . $row, html_entity_decode($tgt_status['echecklist']->get_Notes())) - ->setCellValue($check_contents_col . $row, str_replace("\\n", "\n", html_entity_decode($tgt_status['echecklist']->get_Check_Contents()))); + $sheet->setCellValue($notes_col . $row, deduplicateString($tgt_status['echecklist']->get_Notes())) + ->setCellValue($check_contents_col . $row, deduplicateString($tgt_status['echecklist']->get_Check_Contents())); $log->debug("Added remaining cells"); $row++; @@ -489,3 +486,20 @@ function updateHostHeader($sheet, $tgts, &$db) { ->setCellValue('C6', $not_applicable) ->setCellValue('C7', $not_reviewed); } + +/** + * Method to split a string into an array (by new line \n) and use array_unique to remove duplicate strings + * + * @param string $str + * + * @return string + */ +function deduplicateString($str) +{ + $ret = null; + $ret = str_replace(["\\n", PHP_EOL], "\r", $str); + $ret = array_unique(explode("\r", $ret)); + $ret = html_entity_decode(implode("\r", $ret)); + + return $ret; +}