Draft update for #47

This commit is contained in:
Ryan Prather 2018-11-16 17:24:02 -05:00
parent 2f82147240
commit 699604534c
2 changed files with 66 additions and 39 deletions

View File

@ -229,8 +229,10 @@ elseif ($action == 'get-cat-data') {
$checklist = $db->get_Checklist_By_File($fname); $checklist = $db->get_Checklist_By_File($fname);
if (isset($checklist[0])) { if (isset($checklist[0])) {
$checklist[0]->type = ucfirst($checklist[0]->type); $chk = $checklist[0];
print header(JSON) . json_encode($checklist[0]);
$chk->type = ucfirst($chk->type);
print header(JSON) . json_encode($chk);
} }
else { else {
print header(JSON) . json_encode(array('error' => 'Error finding checklist')); print header(JSON) . json_encode(array('error' => 'Error finding checklist'));
@ -1481,9 +1483,11 @@ function get_hosts($cat_id = null)
$ste_id = filter_input(INPUT_COOKIE, 'ste', FILTER_VALIDATE_INT, FILTER_NULL_ON_FAILURE); $ste_id = filter_input(INPUT_COOKIE, 'ste', FILTER_VALIDATE_INT, FILTER_NULL_ON_FAILURE);
$tgts = []; $tgts = [];
$exp_scan_srcs = null;
if ($cat_id) { if ($cat_id) {
$ste_cat = $db->get_Category($cat_id)[0]; $ste_cat = $db->get_Category($cat_id)[0];
$tgts = $db->get_Target_By_Category($cat_id); $tgts = $db->get_Target_By_Category($cat_id);
$exp_scan_srcs = $db->get_Expected_Category_Sources($ste_cat);
} }
elseif (is_numeric($ste_id)) { elseif (is_numeric($ste_id)) {
$tgts = $db->get_Unassigned_Targets($ste_id); $tgts = $db->get_Unassigned_Targets($ste_id);
@ -1494,12 +1498,6 @@ function get_hosts($cat_id = null)
foreach ($tgts as $tgt) { foreach ($tgts as $tgt) {
$chks = $db->get_Target_Checklists($tgt->get_ID()); $chks = $db->get_Target_Checklists($tgt->get_ID());
if ($cat_id) {
$exp_scan_srcs = $db->get_Expected_Category_Sources($ste_cat);
}
else {
$exp_scan_srcs = null;
}
$scan_srcs = $db->get_Target_Scan_Sources($tgt, $exp_scan_srcs); $scan_srcs = $db->get_Target_Scan_Sources($tgt, $exp_scan_srcs);
$icons = []; $icons = [];
$icon_str = ''; $icon_str = '';
@ -1520,13 +1518,13 @@ function get_hosts($cat_id = null)
foreach ($scan_srcs as $src) { foreach ($scan_srcs as $src) {
$icon = $src['src']->get_Icon(); $icon = $src['src']->get_Icon();
if($src['scan_error']) { if(isset($src['scan_error']) && $src['scan_error']) {
$icon = strtolower($src['src']->get_Name()) . "-failed.png"; $icon = strtolower($src['src']->get_Name()) . "-failed.png";
} }
$src_str .= "<img src='/img/scan_types/{$icon}' title='{$src['src']->get_Name()}"; $src_str .= "<img src='/img/scan_types/{$icon}' title='{$src['src']->get_Name()}";
if (isset($src['count']) && $src['count']) { if (isset($src['file_name']) && $src['file_name']) {
$src_str .= " ({$src['count']})"; $src_str .= "\n{$src['file_name']}";
} }
$src_str .= "' class='checklist_image' />"; $src_str .= "' class='checklist_image' />";
} }

View File

@ -4252,6 +4252,7 @@ class db
foreach ($rows as $row) { foreach ($rows as $row) {
$find = new finding($row['tgt_id'], $row['pdi_id'], $row['scan_id'], $row['findings_status_id'], $row['notes'], $row['change_id'], $row['orig_src'], $row['finding_itr']); $find = new finding($row['tgt_id'], $row['pdi_id'], $row['scan_id'], $row['findings_status_id'], $row['notes'], $row['change_id'], $row['orig_src'], $row['finding_itr']);
$find->set_Category($row['cat']); $find->set_Category($row['cat']);
$this->get_Finding_Notes($find);
$this->help->select("finding_controls", [ $this->help->select("finding_controls", [
'ia_control' 'ia_control'
@ -4794,40 +4795,68 @@ EOQ;
return 0; return 0;
} }
} }
/** /**
* Function for retrieving the notes from a particular finding * Getter method to get finding notes
* *
* @param integer $pdi_id * @param finding $find
* @param integer $tgt_id
*
* @return string|NULL
*/ */
public function get_Finding_Notes($pdi_id, $tgt_id) public function get_Finding_Notes(finding &$find)
{ {
$this->help->select("sagacity.findings", ['f.notes'], [ $this->help->select("analyst_notes", ['note'], [
[ [
'field' => 'f.pdi_id', 'field' => 'tgt_id',
'op' => '=', 'op' => '=',
'value' => $pdi_id 'value' => $find->get_Tgt_ID()
], ],
[ [
'field' => 'f.tgt_id', 'field' => 'pdi_id',
'op' => '=', 'op' => '=',
'value' => $tgt_id, 'value' => $find->get_PDI_ID(),
'sql_op' => 'AND' 'sql_op' => 'AND'
] ]
]); ]);
$row = $this->help->execute();
$rows = $this->help->execute(); if(isset($row['note'])) {
$find->set_Analyst_Notes($row['note']);
if(is_array($rows) && count($rows) && isset($rows['notes'])) { }
return $rows['notes'];
} elseif(is_array($rows) && count($rows) && isset($rows[0]) && isset($rows[0]['notes'])) { $this->help->select("scan_notes sn", ['sn.note', 'src.name'], [
return $rows[0]['notes']; [
'field' => 'tgt_id',
'op' => '=',
'value' => $find->get_Tgt_ID()
],
[
'field' => 'pdi_id',
'op' => '=',
'value' => $find->get_PDI_ID(),
'sql_op' => 'AND'
],
[
'field' => 'scan_id',
'op' => '=',
'value' => $find->get_Scan_ID(),
'sql_op' => 'AND'
]
], [
'table_joins' => [
"JOIN scans s ON sn.scan_id = s.id",
"JOIN sources src ON src.id = s.src_id"
]
]);
$rows = $this->help->execute();
if(is_array($rows) && count($rows) && isset($rows[0])) {
$notes = $find->get_Scanner_Notes();
foreach($rows as $row) {
$notes .= $row['name'] . ":\r" . $row['note'];
}
$find->set_Scanner_Notes($notes);
} elseif(isset($rows['note'])) {
$notes = $find->get_Scanner_Notes();
$notes .= $rows['name'] . ":\r" . $rows['note'];
$find->set_Scanner_Notes($notes);
} }
return null;
} }
/** /**
@ -8718,9 +8747,10 @@ EOQ;
"src.id", "src.id",
"src.name", "src.name",
"src.icon", "src.icon",
"SUM(hl.finding_count) AS 'finding_count'",
"hl.scanner_error", "hl.scanner_error",
"hl.notes" "hl.notes",
"hl.finding_count",
"s.file_name"
], [ ], [
[ [
'field' => 'hl.tgt_id', 'field' => 'hl.tgt_id',
@ -8730,8 +8760,7 @@ EOQ;
'table_joins' => [ 'table_joins' => [
"LEFT JOIN scans s ON s.src_id=src.id", "LEFT JOIN scans s ON s.src_id=src.id",
"LEFT JOIN host_list hl ON hl.scan_id=s.id" "LEFT JOIN host_list hl ON hl.scan_id=s.id"
], ]
'group' => 'src.name,src.id'
]); ]);
$rows = $this->help->execute(); $rows = $this->help->execute();
@ -8747,23 +8776,23 @@ EOQ;
foreach ($rows as $row) { foreach ($rows as $row) {
$ret[$row['id']]['src'] = new source($row['id'], $row['name']); $ret[$row['id']]['src'] = new source($row['id'], $row['name']);
$ret[$row['id']]['src']->set_Icon($row['icon']); $ret[$row['id']]['src']->set_Icon($row['icon']);
$ret[$row['id']]['count'] = $row['finding_count'];
$ret[$row['id']]['scan_error'] = (boolean) $row['scanner_error']; $ret[$row['id']]['scan_error'] = (boolean) $row['scanner_error'];
$ret[$row['id']]['notes'] = $row['notes']; $ret[$row['id']]['notes'] = $row['notes'];
$ret[$row['id']]['file_name'] = ($ret[$row['id']]['file_name'] ? "{$row['file_name']} ({$row['finding_count']})" : "{$ret[$row['id']]['file_name']}\n{$row['file_name']} ({$row['finding_count']})");
} }
} else { } else {
foreach ($rows as $row) { foreach ($rows as $row) {
if (isset($exp_scan_srcs[$row['id']])) { if (isset($exp_scan_srcs[$row['id']])) {
$exp_scan_srcs[$row['id']]['src']->set_Icon($row['icon']); $exp_scan_srcs[$row['id']]['src']->set_Icon($row['icon']);
$exp_scan_srcs[$row['id']]['count'] = $row['finding_count'];
$exp_scan_srcs[$row['id']]['scan_error'] = (boolean) $row['scanner_error']; $exp_scan_srcs[$row['id']]['scan_error'] = (boolean) $row['scanner_error'];
$exp_scan_srcs[$row['id']]['notes'] = $row['notes']; $exp_scan_srcs[$row['id']]['notes'] = $row['notes'];
$exp_scan_srcs[$row['id']]['file_name'] = ($exp_scan_srcs[$row['id']]['file_name'] ? "{$row['file_name']} ({$row['finding_count']})" : "{$exp_scan_srcs[$row['id']]['file_name']}\n{$row['file_name']} ({$row['finding_count']})");
} else { } else {
$exp_scan_srcs[$row['id']]['src'] = new source($row['id'], $row['name']); $exp_scan_srcs[$row['id']]['src'] = new source($row['id'], $row['name']);
$exp_scan_srcs[$row['id']]['src']->set_Icon($row['icon']); $exp_scan_srcs[$row['id']]['src']->set_Icon($row['icon']);
$exp_scan_srcs[$row['id']]['count'] = $row['finding_count'];
$exp_scan_srcs[$row['id']]['scan_error'] = (boolean) $row['scanner_error']; $exp_scan_srcs[$row['id']]['scan_error'] = (boolean) $row['scanner_error'];
$exp_scan_srcs[$row['id']]['notes'] = $row['notes']; $exp_scan_srcs[$row['id']]['notes'] = $row['notes'];
$exp_scan_srcs[$row['id']]['file_name'] = "{$row['file_name']} ({$row['finding_count']})";
} }
} }