Draft update for #47
This commit is contained in:
parent
2f82147240
commit
699604534c
20
ajax.php
20
ajax.php
@ -229,8 +229,10 @@ elseif ($action == 'get-cat-data') {
|
|||||||
$checklist = $db->get_Checklist_By_File($fname);
|
$checklist = $db->get_Checklist_By_File($fname);
|
||||||
|
|
||||||
if (isset($checklist[0])) {
|
if (isset($checklist[0])) {
|
||||||
$checklist[0]->type = ucfirst($checklist[0]->type);
|
$chk = $checklist[0];
|
||||||
print header(JSON) . json_encode($checklist[0]);
|
|
||||||
|
$chk->type = ucfirst($chk->type);
|
||||||
|
print header(JSON) . json_encode($chk);
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
print header(JSON) . json_encode(array('error' => 'Error finding checklist'));
|
print header(JSON) . json_encode(array('error' => 'Error finding checklist'));
|
||||||
@ -1481,9 +1483,11 @@ function get_hosts($cat_id = null)
|
|||||||
$ste_id = filter_input(INPUT_COOKIE, 'ste', FILTER_VALIDATE_INT, FILTER_NULL_ON_FAILURE);
|
$ste_id = filter_input(INPUT_COOKIE, 'ste', FILTER_VALIDATE_INT, FILTER_NULL_ON_FAILURE);
|
||||||
$tgts = [];
|
$tgts = [];
|
||||||
|
|
||||||
|
$exp_scan_srcs = null;
|
||||||
if ($cat_id) {
|
if ($cat_id) {
|
||||||
$ste_cat = $db->get_Category($cat_id)[0];
|
$ste_cat = $db->get_Category($cat_id)[0];
|
||||||
$tgts = $db->get_Target_By_Category($cat_id);
|
$tgts = $db->get_Target_By_Category($cat_id);
|
||||||
|
$exp_scan_srcs = $db->get_Expected_Category_Sources($ste_cat);
|
||||||
}
|
}
|
||||||
elseif (is_numeric($ste_id)) {
|
elseif (is_numeric($ste_id)) {
|
||||||
$tgts = $db->get_Unassigned_Targets($ste_id);
|
$tgts = $db->get_Unassigned_Targets($ste_id);
|
||||||
@ -1494,12 +1498,6 @@ function get_hosts($cat_id = null)
|
|||||||
|
|
||||||
foreach ($tgts as $tgt) {
|
foreach ($tgts as $tgt) {
|
||||||
$chks = $db->get_Target_Checklists($tgt->get_ID());
|
$chks = $db->get_Target_Checklists($tgt->get_ID());
|
||||||
if ($cat_id) {
|
|
||||||
$exp_scan_srcs = $db->get_Expected_Category_Sources($ste_cat);
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
$exp_scan_srcs = null;
|
|
||||||
}
|
|
||||||
$scan_srcs = $db->get_Target_Scan_Sources($tgt, $exp_scan_srcs);
|
$scan_srcs = $db->get_Target_Scan_Sources($tgt, $exp_scan_srcs);
|
||||||
$icons = [];
|
$icons = [];
|
||||||
$icon_str = '';
|
$icon_str = '';
|
||||||
@ -1520,13 +1518,13 @@ function get_hosts($cat_id = null)
|
|||||||
|
|
||||||
foreach ($scan_srcs as $src) {
|
foreach ($scan_srcs as $src) {
|
||||||
$icon = $src['src']->get_Icon();
|
$icon = $src['src']->get_Icon();
|
||||||
if($src['scan_error']) {
|
if(isset($src['scan_error']) && $src['scan_error']) {
|
||||||
$icon = strtolower($src['src']->get_Name()) . "-failed.png";
|
$icon = strtolower($src['src']->get_Name()) . "-failed.png";
|
||||||
}
|
}
|
||||||
|
|
||||||
$src_str .= "<img src='/img/scan_types/{$icon}' title='{$src['src']->get_Name()}";
|
$src_str .= "<img src='/img/scan_types/{$icon}' title='{$src['src']->get_Name()}";
|
||||||
if (isset($src['count']) && $src['count']) {
|
if (isset($src['file_name']) && $src['file_name']) {
|
||||||
$src_str .= " ({$src['count']})";
|
$src_str .= "\n{$src['file_name']}";
|
||||||
}
|
}
|
||||||
$src_str .= "' class='checklist_image' />";
|
$src_str .= "' class='checklist_image' />";
|
||||||
}
|
}
|
||||||
|
@ -4252,6 +4252,7 @@ class db
|
|||||||
foreach ($rows as $row) {
|
foreach ($rows as $row) {
|
||||||
$find = new finding($row['tgt_id'], $row['pdi_id'], $row['scan_id'], $row['findings_status_id'], $row['notes'], $row['change_id'], $row['orig_src'], $row['finding_itr']);
|
$find = new finding($row['tgt_id'], $row['pdi_id'], $row['scan_id'], $row['findings_status_id'], $row['notes'], $row['change_id'], $row['orig_src'], $row['finding_itr']);
|
||||||
$find->set_Category($row['cat']);
|
$find->set_Category($row['cat']);
|
||||||
|
$this->get_Finding_Notes($find);
|
||||||
|
|
||||||
$this->help->select("finding_controls", [
|
$this->help->select("finding_controls", [
|
||||||
'ia_control'
|
'ia_control'
|
||||||
@ -4794,40 +4795,68 @@ EOQ;
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Function for retrieving the notes from a particular finding
|
* Getter method to get finding notes
|
||||||
*
|
*
|
||||||
* @param integer $pdi_id
|
* @param finding $find
|
||||||
* @param integer $tgt_id
|
|
||||||
*
|
|
||||||
* @return string|NULL
|
|
||||||
*/
|
*/
|
||||||
public function get_Finding_Notes($pdi_id, $tgt_id)
|
public function get_Finding_Notes(finding &$find)
|
||||||
{
|
{
|
||||||
$this->help->select("sagacity.findings", ['f.notes'], [
|
$this->help->select("analyst_notes", ['note'], [
|
||||||
[
|
[
|
||||||
'field' => 'f.pdi_id',
|
'field' => 'tgt_id',
|
||||||
'op' => '=',
|
'op' => '=',
|
||||||
'value' => $pdi_id
|
'value' => $find->get_Tgt_ID()
|
||||||
],
|
],
|
||||||
[
|
[
|
||||||
'field' => 'f.tgt_id',
|
'field' => 'pdi_id',
|
||||||
'op' => '=',
|
'op' => '=',
|
||||||
'value' => $tgt_id,
|
'value' => $find->get_PDI_ID(),
|
||||||
'sql_op' => 'AND'
|
'sql_op' => 'AND'
|
||||||
]
|
]
|
||||||
]);
|
]);
|
||||||
|
$row = $this->help->execute();
|
||||||
$rows = $this->help->execute();
|
if(isset($row['note'])) {
|
||||||
|
$find->set_Analyst_Notes($row['note']);
|
||||||
if(is_array($rows) && count($rows) && isset($rows['notes'])) {
|
}
|
||||||
return $rows['notes'];
|
|
||||||
} elseif(is_array($rows) && count($rows) && isset($rows[0]) && isset($rows[0]['notes'])) {
|
$this->help->select("scan_notes sn", ['sn.note', 'src.name'], [
|
||||||
return $rows[0]['notes'];
|
[
|
||||||
|
'field' => 'tgt_id',
|
||||||
|
'op' => '=',
|
||||||
|
'value' => $find->get_Tgt_ID()
|
||||||
|
],
|
||||||
|
[
|
||||||
|
'field' => 'pdi_id',
|
||||||
|
'op' => '=',
|
||||||
|
'value' => $find->get_PDI_ID(),
|
||||||
|
'sql_op' => 'AND'
|
||||||
|
],
|
||||||
|
[
|
||||||
|
'field' => 'scan_id',
|
||||||
|
'op' => '=',
|
||||||
|
'value' => $find->get_Scan_ID(),
|
||||||
|
'sql_op' => 'AND'
|
||||||
|
]
|
||||||
|
], [
|
||||||
|
'table_joins' => [
|
||||||
|
"JOIN scans s ON sn.scan_id = s.id",
|
||||||
|
"JOIN sources src ON src.id = s.src_id"
|
||||||
|
]
|
||||||
|
]);
|
||||||
|
$rows = $this->help->execute();
|
||||||
|
if(is_array($rows) && count($rows) && isset($rows[0])) {
|
||||||
|
$notes = $find->get_Scanner_Notes();
|
||||||
|
foreach($rows as $row) {
|
||||||
|
$notes .= $row['name'] . ":\r" . $row['note'];
|
||||||
|
}
|
||||||
|
$find->set_Scanner_Notes($notes);
|
||||||
|
} elseif(isset($rows['note'])) {
|
||||||
|
$notes = $find->get_Scanner_Notes();
|
||||||
|
$notes .= $rows['name'] . ":\r" . $rows['note'];
|
||||||
|
$find->set_Scanner_Notes($notes);
|
||||||
}
|
}
|
||||||
|
|
||||||
return null;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -8718,9 +8747,10 @@ EOQ;
|
|||||||
"src.id",
|
"src.id",
|
||||||
"src.name",
|
"src.name",
|
||||||
"src.icon",
|
"src.icon",
|
||||||
"SUM(hl.finding_count) AS 'finding_count'",
|
|
||||||
"hl.scanner_error",
|
"hl.scanner_error",
|
||||||
"hl.notes"
|
"hl.notes",
|
||||||
|
"hl.finding_count",
|
||||||
|
"s.file_name"
|
||||||
], [
|
], [
|
||||||
[
|
[
|
||||||
'field' => 'hl.tgt_id',
|
'field' => 'hl.tgt_id',
|
||||||
@ -8730,8 +8760,7 @@ EOQ;
|
|||||||
'table_joins' => [
|
'table_joins' => [
|
||||||
"LEFT JOIN scans s ON s.src_id=src.id",
|
"LEFT JOIN scans s ON s.src_id=src.id",
|
||||||
"LEFT JOIN host_list hl ON hl.scan_id=s.id"
|
"LEFT JOIN host_list hl ON hl.scan_id=s.id"
|
||||||
],
|
]
|
||||||
'group' => 'src.name,src.id'
|
|
||||||
]);
|
]);
|
||||||
|
|
||||||
$rows = $this->help->execute();
|
$rows = $this->help->execute();
|
||||||
@ -8747,23 +8776,23 @@ EOQ;
|
|||||||
foreach ($rows as $row) {
|
foreach ($rows as $row) {
|
||||||
$ret[$row['id']]['src'] = new source($row['id'], $row['name']);
|
$ret[$row['id']]['src'] = new source($row['id'], $row['name']);
|
||||||
$ret[$row['id']]['src']->set_Icon($row['icon']);
|
$ret[$row['id']]['src']->set_Icon($row['icon']);
|
||||||
$ret[$row['id']]['count'] = $row['finding_count'];
|
|
||||||
$ret[$row['id']]['scan_error'] = (boolean) $row['scanner_error'];
|
$ret[$row['id']]['scan_error'] = (boolean) $row['scanner_error'];
|
||||||
$ret[$row['id']]['notes'] = $row['notes'];
|
$ret[$row['id']]['notes'] = $row['notes'];
|
||||||
|
$ret[$row['id']]['file_name'] = ($ret[$row['id']]['file_name'] ? "{$row['file_name']} ({$row['finding_count']})" : "{$ret[$row['id']]['file_name']}\n{$row['file_name']} ({$row['finding_count']})");
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
foreach ($rows as $row) {
|
foreach ($rows as $row) {
|
||||||
if (isset($exp_scan_srcs[$row['id']])) {
|
if (isset($exp_scan_srcs[$row['id']])) {
|
||||||
$exp_scan_srcs[$row['id']]['src']->set_Icon($row['icon']);
|
$exp_scan_srcs[$row['id']]['src']->set_Icon($row['icon']);
|
||||||
$exp_scan_srcs[$row['id']]['count'] = $row['finding_count'];
|
|
||||||
$exp_scan_srcs[$row['id']]['scan_error'] = (boolean) $row['scanner_error'];
|
$exp_scan_srcs[$row['id']]['scan_error'] = (boolean) $row['scanner_error'];
|
||||||
$exp_scan_srcs[$row['id']]['notes'] = $row['notes'];
|
$exp_scan_srcs[$row['id']]['notes'] = $row['notes'];
|
||||||
|
$exp_scan_srcs[$row['id']]['file_name'] = ($exp_scan_srcs[$row['id']]['file_name'] ? "{$row['file_name']} ({$row['finding_count']})" : "{$exp_scan_srcs[$row['id']]['file_name']}\n{$row['file_name']} ({$row['finding_count']})");
|
||||||
} else {
|
} else {
|
||||||
$exp_scan_srcs[$row['id']]['src'] = new source($row['id'], $row['name']);
|
$exp_scan_srcs[$row['id']]['src'] = new source($row['id'], $row['name']);
|
||||||
$exp_scan_srcs[$row['id']]['src']->set_Icon($row['icon']);
|
$exp_scan_srcs[$row['id']]['src']->set_Icon($row['icon']);
|
||||||
$exp_scan_srcs[$row['id']]['count'] = $row['finding_count'];
|
|
||||||
$exp_scan_srcs[$row['id']]['scan_error'] = (boolean) $row['scanner_error'];
|
$exp_scan_srcs[$row['id']]['scan_error'] = (boolean) $row['scanner_error'];
|
||||||
$exp_scan_srcs[$row['id']]['notes'] = $row['notes'];
|
$exp_scan_srcs[$row['id']]['notes'] = $row['notes'];
|
||||||
|
$exp_scan_srcs[$row['id']]['file_name'] = "{$row['file_name']} ({$row['finding_count']})";
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user