ryan/sagacity
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Enhancement to add #11

Browse Source
This commit is contained in:
Ryan Prather 2018-09-26 10:41:20 -04:00
parent dde7409f01
commit 684d1e4b19
6 changed files with 38 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
exec/installer.php
View File

@ -40,7 +40,8 @@ $db_step = [
'sample-data' => ['filter' => FILTER_VALIDATE_BOOLEAN], 'sample-data' => ['filter' => FILTER_VALIDATE_BOOLEAN],
'cpe' => ['filter' => FILTER_VALIDATE_BOOLEAN], 'cpe' => ['filter' => FILTER_VALIDATE_BOOLEAN],
'cve' => ['filter' => FILTER_VALIDATE_BOOLEAN], 'cve' => ['filter' => FILTER_VALIDATE_BOOLEAN],
'stig' => ['filter' => FILTER_VALIDATE_BOOLEAN] 'stig' => ['filter' => FILTER_VALIDATE_BOOLEAN],
'update-freq' => ['filter' => FILTER_VALIDATE_INT, 'flag' => FILTER_NULL_ON_FAILURE]
]; ];
$company_step = [ $company_step = [
'company' => $params, 'company' => $params,
@ -148,6 +149,7 @@ function save_Database($params)
my_str_replace("{PHP_CONF}", realpath(php_ini_loaded_file()), $config); my_str_replace("{PHP_CONF}", realpath(php_ini_loaded_file()), $config);
my_str_replace("{DB_SERVER}", $params['db-server'], $config); my_str_replace("{DB_SERVER}", $params['db-server'], $config);
my_str_replace("{DB_BIN}", $mysql, $config); my_str_replace("{DB_BIN}", $mysql, $config);
my_str_replace("'{UPDATE_FREQ}'", $params['update-freq'], $config);
my_str_replace("@new", "@step1", $config); my_str_replace("@new", "@step1", $config);
if (!file_exists($params['tmp-path'])) { if (!file_exists($params['tmp-path'])) {

2
import.php
View File

@ -91,7 +91,7 @@
}, },
success: function (data) { success: function (data) {
if ($('#toggle_refresh').html() == 'Stop Refresh' && !to) { if ($('#toggle_refresh').html() == 'Stop Refresh' && !to) {
to = setTimeout(update_script_status, 3000); to = setTimeout(update_script_status, <?php print UPDATE_FREQ * 1000; ?>);
} }
}, },
error: function (xhr, status, error) { error: function (xhr, status, error) {

2
inc/header.inc
View File

@ -190,7 +190,7 @@ if (!$nasl['nasl-count']) {
} }
if (reload) { if (reload) {
setTimeout(getLoadStatus, 1000); setTimeout(getLoadStatus, <?php print UPDATE_FREQ * 1000; ?>);
} }
else { else {
$('#db-err').remove(); $('#db-err').remove();

12
results/index.php
View File

@ -160,7 +160,7 @@ $stes = $db->get_STE();
var audio = new Audio("complete.mp3"); var audio = new Audio("complete.mp3");
<?php } ?> <?php } ?>
$(function () { $(function () {
to = setTimeout(update_script_status, 3000); to = setTimeout(update_script_status, <?php print UPDATE_FREQ * 1000; ?>);
table = $('#results-table').DataTable({ table = $('#results-table').DataTable({
'columnDefs': [{'orderable': false, 'targets': [2, 5]}], 'columnDefs': [{'orderable': false, 'targets': [2, 5]}],
'stripeClasses': ['odd_row', 'even_row'], 'stripeClasses': ['odd_row', 'even_row'],
@ -285,12 +285,12 @@ $stes = $db->get_STE();
$(this).removeClass('mouseover-scan'); $(this).removeClass('mouseover-scan');
}); });
if ($('#toggle_refresh').val() === 'Stop Refresh') { if ($('#toggle_refresh').val() === 'Stop Refresh') {
to = setTimeout(update_script_status, 3000); to = setTimeout(update_script_status, <?php print UPDATE_FREQ * 1000; ?>);
} }
}, },
error: function (xhr, status, error) { error: function (xhr, status, error) {
if ($('#toggle_refresh').val() === 'Stop Refresh') { if ($('#toggle_refresh').val() === 'Stop Refresh') {
to = setTimeout(update_script_status, 3000); to = setTimeout(update_script_status, <?php print UPDATE_FREQ * 1000; ?>);
} }
}, },
dataType: 'json', dataType: 'json',
@ -309,7 +309,7 @@ $stes = $db->get_STE();
to = null; to = null;
} }
else { else {
to = setTimeout(update_script_status, 3000); to = setTimeout(update_script_status, <?php print UPDATE_FREQ * 1000; ?>);
$('#toggle_refresh').val('Stop Refresh'); $('#toggle_refresh').val('Stop Refresh');
} }
} }
@ -510,14 +510,14 @@ $stes = $db->get_STE();
method: 'post' method: 'post'
}); });
if ($('#toggle_refresh').val() === 'Stop Refresh') { if ($('#toggle_refresh').val() === 'Stop Refresh') {
to = setTimeout(update_script_status, 3000); to = setTimeout(update_script_status, <?php print UPDATE_FREQ * 1000; ?>);
} }
$(this).dialog('close'); $(this).dialog('close');
}, },
Cancel: function () { Cancel: function () {
$(this).dialog('close'); $(this).dialog('close');
if ($('#toggle_refresh').val() === 'Stop Refresh') { if ($('#toggle_refresh').val() === 'Stop Refresh') {
to = setTimeout(update_script_status, 3000); to = setTimeout(update_script_status, <?php print UPDATE_FREQ * 1000; ?>);
} }
} }
} }

7
setup.php
View File

@ -58,6 +58,9 @@ if(!is_writable(dirname(__FILE__) . "/inc")) {
if(!file_exists(dirname(__FILE__) . "/logs")) { if(!file_exists(dirname(__FILE__) . "/logs")) {
mkdir(dirname(__FILE__) . "/logs"); mkdir(dirname(__FILE__) . "/logs");
} }
elseif(!is_writable(dirname(__FILE__) . "/logs")) {
die("Sagacity needs write access to the /logs directory to create system and scanner log files");
}
if (!function_exists('openssl_encrypt')) { if (!function_exists('openssl_encrypt')) {
print <<<EOO print <<<EOO
@ -389,6 +392,7 @@ EOL;
'cpe': ($('#cpe').is(":checked") ? '1' : '0'), 'cpe': ($('#cpe').is(":checked") ? '1' : '0'),
'cve': ($('#cve').is(":checked") ? '1' : '0'), 'cve': ($('#cve').is(":checked") ? '1' : '0'),
'stig': ($('#stig').is(":checked") ? '1' : '0'), 'stig': ($('#stig').is(":checked") ? '1' : '0'),
'update-freq': $('#update-freq').val(),
'action': action 'action': action
}; };
} }
@ -600,6 +604,9 @@ EOL;
<label class='label'>Password File:</label> <label class='label'>Password File:</label>
<input type='text' id='pwd-file' value='inc/passwd' title='Relative path to the encrypted password file' /><br/> <input type='text' id='pwd-file' value='inc/passwd' title='Relative path to the encrypted password file' /><br/>
<label class='label'>AJAX Refresh Freq:</label>
<input type='number' id='update-freq' value='3' title='Frequency that the AJAX calls refresh methods (in seconds)' />
</div> </div>
<div class='right'> <div class='right'>

26
ste/export.php
View File

@ -48,8 +48,6 @@ use Monolog\Handler\StreamHandler;
set_time_limit(0); set_time_limit(0);
$db = new db(); $db = new db();
$checklists = [];
$x = 0;
$emass_ccis = null; $emass_ccis = null;
$log_level = convert_log_level(); $log_level = convert_log_level();
$chk_hosts = filter_input_array(INPUT_POST, 'chk_host'); $chk_hosts = filter_input_array(INPUT_POST, 'chk_host');
@ -204,7 +202,6 @@ foreach ($findings as $worksheet_name => $data) {
foreach ($data['stigs'] as $stig_id => $tgt_status) { foreach ($data['stigs'] as $stig_id => $tgt_status) {
$log->debug("Running through STIG $stig_id", $tgt_status); $log->debug("Running through STIG $stig_id", $tgt_status);
$ia_controls_string = null; $ia_controls_string = null;
$notes = '';
// If $do_rmf is set, replace CCIs w/ eMASS RMF Control and build string to // If $do_rmf is set, replace CCIs w/ eMASS RMF Control and build string to
// insert into IA Controls cell, otherwise just use CCIs. // insert into IA Controls cell, otherwise just use CCIs.
@ -231,7 +228,7 @@ foreach ($findings as $worksheet_name => $data) {
->setCellValue("B{$row}", $tgt_status['echecklist']->get_VMS_ID()) ->setCellValue("B{$row}", $tgt_status['echecklist']->get_VMS_ID())
->setCellValue("C{$row}", $tgt_status['echecklist']->get_Cat_Level_String()) ->setCellValue("C{$row}", $tgt_status['echecklist']->get_Cat_Level_String())
->setCellValue("D{$row}", $ia_controls_string) ->setCellValue("D{$row}", $ia_controls_string)
->setCellValue("E{$row}", str_replace("\\n", "\n", html_entity_decode($tgt_status['echecklist']->get_Short_Title()))); ->setCellValue("E{$row}", deduplicateString($tgt_status['echecklist']->get_Short_Title()));
$log->debug("Added STIG info ($stig_id), not to targets"); $log->debug("Added STIG info ($stig_id), not to targets");
foreach ($data['target_list'] as $host_name => $col_id) { foreach ($data['target_list'] as $host_name => $col_id) {
@ -262,8 +259,8 @@ foreach ($findings as $worksheet_name => $data) {
->setConditionalStyles([$conditions['true'], $conditions['false']]); ->setConditionalStyles([$conditions['true'], $conditions['false']]);
//->setDataValidation($validation['true_false']); //->setDataValidation($validation['true_false']);
$sheet->setCellValue($notes_col . $row, html_entity_decode($tgt_status['echecklist']->get_Notes())) $sheet->setCellValue($notes_col . $row, deduplicateString($tgt_status['echecklist']->get_Notes()))
->setCellValue($check_contents_col . $row, str_replace("\\n", "\n", html_entity_decode($tgt_status['echecklist']->get_Check_Contents()))); ->setCellValue($check_contents_col . $row, deduplicateString($tgt_status['echecklist']->get_Check_Contents()));
$log->debug("Added remaining cells"); $log->debug("Added remaining cells");
$row++; $row++;
@ -489,3 +486,20 @@ function updateHostHeader($sheet, $tgts, &$db) {
->setCellValue('C6', $not_applicable) ->setCellValue('C6', $not_applicable)
->setCellValue('C7', $not_reviewed); ->setCellValue('C7', $not_reviewed);
} }
/**
* Method to split a string into an array (by new line \n) and use array_unique to remove duplicate strings
*
* @param string $str
*
* @return string
*/
function deduplicateString($str)
{
$ret = null;
$ret = str_replace(["\\n", PHP_EOL], "\r", $str);
$ret = array_unique(explode("\r", $ret));
$ret = html_entity_decode(implode("\r", $ret));
return $ret;
}