From 684d1e4b1928c6d61a997bd1aa1ea798ccc1fd65 Mon Sep 17 00:00:00 2001
From: Ryan Prather <godsgood33@gmail.com>
Date: Wed, 26 Sep 2018 10:41:20 -0400
Subject: [PATCH] Enhancement to add #11

---
 exec/installer.php |  4 +++-
 import.php         |  2 +-
 inc/header.inc     |  2 +-
 results/index.php  | 12 ++++++------
 setup.php          |  7 +++++++
 ste/export.php     | 26 ++++++++++++++++++++------
 6 files changed, 38 insertions(+), 15 deletions(-)

diff --git a/exec/installer.php b/exec/installer.php
index 22937ce..5075dca 100644
--- a/exec/installer.php
+++ b/exec/installer.php
@@ -40,7 +40,8 @@ $db_step      = [
     'sample-data'   => ['filter' => FILTER_VALIDATE_BOOLEAN],
     'cpe'           => ['filter' => FILTER_VALIDATE_BOOLEAN],
     'cve'           => ['filter' => FILTER_VALIDATE_BOOLEAN],
-    'stig'          => ['filter' => FILTER_VALIDATE_BOOLEAN]
+    'stig'          => ['filter' => FILTER_VALIDATE_BOOLEAN],
+    'update-freq'   => ['filter' => FILTER_VALIDATE_INT, 'flag' => FILTER_NULL_ON_FAILURE]
 ];
 $company_step = [
     'company'       => $params,
@@ -148,6 +149,7 @@ function save_Database($params)
     my_str_replace("{PHP_CONF}", realpath(php_ini_loaded_file()), $config);
     my_str_replace("{DB_SERVER}", $params['db-server'], $config);
     my_str_replace("{DB_BIN}", $mysql, $config);
+    my_str_replace("'{UPDATE_FREQ}'", $params['update-freq'], $config);
     my_str_replace("@new", "@step1", $config);
 
     if (!file_exists($params['tmp-path'])) {
diff --git a/import.php b/import.php
index 0f0202b..d6d6ed0 100644
--- a/import.php
+++ b/import.php
@@ -91,7 +91,7 @@
             },
             success: function (data) {
               if ($('#toggle_refresh').html() == 'Stop Refresh' && !to) {
-                to = setTimeout(update_script_status, 3000);
+                to = setTimeout(update_script_status, <?php print UPDATE_FREQ * 1000; ?>);
               }
             },
             error: function (xhr, status, error) {
diff --git a/inc/header.inc b/inc/header.inc
index a8be9d9..1f5450f 100644
--- a/inc/header.inc
+++ b/inc/header.inc
@@ -190,7 +190,7 @@ if (!$nasl['nasl-count']) {
                   }
 
                   if (reload) {
-                    setTimeout(getLoadStatus, 1000);
+                    setTimeout(getLoadStatus, <?php print UPDATE_FREQ * 1000; ?>);
                   }
                   else {
                     $('#db-err').remove();
diff --git a/results/index.php b/results/index.php
index d7a8988..3d41f76 100644
--- a/results/index.php
+++ b/results/index.php
@@ -160,7 +160,7 @@ $stes = $db->get_STE();
         var audio = new Audio("complete.mp3");
 <?php } ?>
     $(function () {
-      to = setTimeout(update_script_status, 3000);
+      to = setTimeout(update_script_status, <?php print UPDATE_FREQ * 1000; ?>);
       table = $('#results-table').DataTable({
         'columnDefs': [{'orderable': false, 'targets': [2, 5]}],
         'stripeClasses': ['odd_row', 'even_row'],
@@ -285,12 +285,12 @@ $stes = $db->get_STE();
             $(this).removeClass('mouseover-scan');
           });
           if ($('#toggle_refresh').val() === 'Stop Refresh') {
-            to = setTimeout(update_script_status, 3000);
+            to = setTimeout(update_script_status, <?php print UPDATE_FREQ * 1000; ?>);
           }
         },
         error: function (xhr, status, error) {
           if ($('#toggle_refresh').val() === 'Stop Refresh') {
-            to = setTimeout(update_script_status, 3000);
+            to = setTimeout(update_script_status, <?php print UPDATE_FREQ * 1000; ?>);
           }
         },
         dataType: 'json',
@@ -309,7 +309,7 @@ $stes = $db->get_STE();
         to = null;
       }
       else {
-        to = setTimeout(update_script_status, 3000);
+        to = setTimeout(update_script_status, <?php print UPDATE_FREQ * 1000; ?>);
         $('#toggle_refresh').val('Stop Refresh');
       }
     }
@@ -510,14 +510,14 @@ $stes = $db->get_STE();
               method: 'post'
             });
             if ($('#toggle_refresh').val() === 'Stop Refresh') {
-              to = setTimeout(update_script_status, 3000);
+              to = setTimeout(update_script_status, <?php print UPDATE_FREQ * 1000; ?>);
             }
             $(this).dialog('close');
           },
           Cancel: function () {
             $(this).dialog('close');
             if ($('#toggle_refresh').val() === 'Stop Refresh') {
-              to = setTimeout(update_script_status, 3000);
+              to = setTimeout(update_script_status, <?php print UPDATE_FREQ * 1000; ?>);
             }
           }
         }
diff --git a/setup.php b/setup.php
index e9a7a96..dcae3d1 100644
--- a/setup.php
+++ b/setup.php
@@ -58,6 +58,9 @@ if(!is_writable(dirname(__FILE__) . "/inc")) {
 if(!file_exists(dirname(__FILE__) . "/logs")) {
 	mkdir(dirname(__FILE__) . "/logs");
 }
+elseif(!is_writable(dirname(__FILE__) . "/logs")) {
+    die("Sagacity needs write access to the /logs directory to create system and scanner log files");
+}
 
 if (!function_exists('openssl_encrypt')) {
     print <<<EOO
@@ -389,6 +392,7 @@ EOL;
                   'cpe': ($('#cpe').is(":checked") ? '1' : '0'),
                   'cve': ($('#cve').is(":checked") ? '1' : '0'),
                   'stig': ($('#stig').is(":checked") ? '1' : '0'),
+                  'update-freq': $('#update-freq').val(),
                   'action': action
                 };
               }
@@ -600,6 +604,9 @@ EOL;
 
                             <label class='label'>Password File:</label>
                             <input type='text' id='pwd-file' value='inc/passwd' title='Relative path to the encrypted password file' /><br/>
+
+                            <label class='label'>AJAX Refresh Freq:</label>
+                            <input type='number' id='update-freq' value='3' title='Frequency that the AJAX calls refresh methods (in seconds)' />
                         </div>
 
                         <div class='right'>
diff --git a/ste/export.php b/ste/export.php
index e118d32..4ad2f9b 100644
--- a/ste/export.php
+++ b/ste/export.php
@@ -48,8 +48,6 @@ use Monolog\Handler\StreamHandler;
 
 set_time_limit(0);
 $db = new db();
-$checklists = [];
-$x = 0;
 $emass_ccis = null;
 $log_level = convert_log_level();
 $chk_hosts = filter_input_array(INPUT_POST, 'chk_host');
@@ -204,7 +202,6 @@ foreach ($findings as $worksheet_name => $data) {
   foreach ($data['stigs'] as $stig_id => $tgt_status) {
 	$log->debug("Running through STIG $stig_id", $tgt_status);
     $ia_controls_string = null;
-    $notes = '';
 
     // If $do_rmf is set, replace CCIs w/ eMASS RMF Control and build string to
     // insert into IA Controls cell, otherwise just use CCIs.
@@ -231,7 +228,7 @@ foreach ($findings as $worksheet_name => $data) {
         ->setCellValue("B{$row}", $tgt_status['echecklist']->get_VMS_ID())
         ->setCellValue("C{$row}", $tgt_status['echecklist']->get_Cat_Level_String())
         ->setCellValue("D{$row}", $ia_controls_string)
-        ->setCellValue("E{$row}", str_replace("\\n", "\n", html_entity_decode($tgt_status['echecklist']->get_Short_Title())));
+        ->setCellValue("E{$row}", deduplicateString($tgt_status['echecklist']->get_Short_Title()));
 	$log->debug("Added STIG info ($stig_id), not to targets");
 
     foreach ($data['target_list'] as $host_name => $col_id) {
@@ -262,8 +259,8 @@ foreach ($findings as $worksheet_name => $data) {
         ->setConditionalStyles([$conditions['true'], $conditions['false']]);
     //->setDataValidation($validation['true_false']);
 
-    $sheet->setCellValue($notes_col . $row, html_entity_decode($tgt_status['echecklist']->get_Notes()))
-        ->setCellValue($check_contents_col . $row, str_replace("\\n", "\n", html_entity_decode($tgt_status['echecklist']->get_Check_Contents())));
+    $sheet->setCellValue($notes_col . $row, deduplicateString($tgt_status['echecklist']->get_Notes()))
+        ->setCellValue($check_contents_col . $row, deduplicateString($tgt_status['echecklist']->get_Check_Contents()));
 	$log->debug("Added remaining cells");
 
     $row++;
@@ -489,3 +486,20 @@ function updateHostHeader($sheet, $tgts, &$db) {
       ->setCellValue('C6', $not_applicable)
       ->setCellValue('C7', $not_reviewed);
 }
+
+/**
+ * Method to split a string into an array (by new line \n) and use array_unique to remove duplicate strings
+ *
+ * @param string $str
+ *
+ * @return string
+ */
+function deduplicateString($str)
+{
+    $ret = null;
+    $ret = str_replace(["\\n", PHP_EOL], "\r", $str);
+    $ret = array_unique(explode("\r", $ret));
+    $ret = html_entity_decode(implode("\r", $ret));
+
+    return $ret;
+}