ryan/sagacity
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Revision of release v1.3.2

Browse Source
This commit is contained in:
CyberPerspectives
2018-07-26 08:33:50 -04:00
committed by Ryan Prather
parent 8c38a6cdb9
commit 750094e3b5
3231 changed files with 133590 additions and 135073 deletions
Download Patch File Download Diff File Expand all files Collapse all files

117
data/catmgmt.inc Normal file
View File

@ -0,0 +1,117 @@
<?php
/**
* File: catmgmt.inc
* Author: Ryan Prather
* Purpose: For handling the catalog management page
* Created: May 2, 2018
*
* Portions Copyright 2018: Cyber Perspectives, LLC, All rights reserved
* Released under the Apache v2.0 License
*
* See license.txt for details
*
* Change Log:
* - May 2, 2018 - File created, Moved catalog mgmt html content from index page to this for easier viewing and refined the code a little
*/
?>
<script src='/script/datatables/DataTables-1.10.9/js/jquery.dataTables.min.js'></script>
<link rel="stylesheet" href="/script/datatables/DataTables-1.10.9/css/jquery.dataTables.min.css" />
<link rel='stylesheet' href='/script/jquery-ui/jquery-ui.min.css' />
<style type='text/css'>
#availableSoftware {
height: 227px;
width: 240px;
overflow-x: scroll;
font-size: 14px;
line-height: 1.25em;
}
.swmouseover {
background-color: #1D57A0;
color: #fff;
cursor: pointer;
}
</style>
<script src='data.min.js' type='text/javascript'></script>
<script type='text/javascript'>
$(function () {
$('#catalog').DataTable({
'stripeClasses': ['odd_row', 'even_row']
});
$('.close, .backdrop').click(function () {
close_box();
});
$('#release-date').datepicker();
$('.button,.button-delete').mouseover(function(){$(this).addClass('mouseover');});
$('.button,.button-delete').mouseout(function(){$(this).removeClass('mouseover');});
});
</script>
<style type="text/css">
thead {
background-image: linear-gradient(to bottom, #ECECEC, rgba(177,177,177,0.72));
color: #4c4c4c;
}
</style>
<div>
<table id='catalog' class='display'>
<thead>
<tr>
<th>File Name</th>
<th>Status</th>
<th>Start Time</th>
<th>% Complete</th>
<th>STIG Count</th>
</tr>
</thead>
<tbody>
<?php
$cat_scripts = $db->get_Catalog_Script();
$odd = true;
foreach ($cat_scripts as $key => $cat_script) {
print <<<EOL
<tr>
<td onclick='javascript:get_cat_data("{$cat_script->file_name}");'><a href='javascript:void(0);'>{$cat_script->file_name}</a></td>
<td>{$cat_script->status}</td>
<td>{$cat_script->start_time->format("Y-m-d H:i:s")}</td>
<td>{$cat_script->perc_comp}</td>
<td>{$cat_script->stig_count}</td>
</tr>
EOL;
}
?>
</tbody>
</table>
</div>
<div id='popup' class='box'>
<div style='display:inline-block;width:49%;vertical-align:top;'>
<input type='hidden' id='id' />
Checklist ID: <span id='checklist-id'></span><br />
Name: <input type='text' id='name' /><br />
Description: <textarea id='description'></textarea><br />
Version: <span id='version'></span><br />
Release: <span id='release'></span><br />
Release Date: <input type='text' id='release-date' /><br />
Icon: <input type='text' id='icon' title='Put file in <?php print realpath(DOC_ROOT . "/img/checklist_icons") ?> and copy/paste the base filename here' /><br />
Type: <span id='type'></span><br />
<input type='button' class="button" value='Save' onclick='save_checklist();' />
<!-- <input type='button' class='button-delete' value='Delete' onclick='' /> -->
</div>
<div style='display:inline-block;width:49%;'>
<select id='software' multiple size='10' style='width:275px;' title='Double-click to remove software'></select><br />
Add CPE: <input type='text' id='cpe' onkeyup='javascript:autocomplete_software();' />&nbsp;&nbsp;
<label for='os'>OS?</label>
<input type='checkbox' id='os' /><br />
<div id="availableSoftware"></div>
</div>
</div>
<div class="backdrop"></div>

366
data/data.js Normal file
View File

@ -0,0 +1,366 @@
/*
* To change this license header, choose License Headers in Project Properties.
* To change this template file, choose Tools | Templates
* and open the template in the editor.
*/
/**
* Array to store default headers in searches
*
* @type Array
*/
var default_headers = [
{'title': 'STIG ID', 'data': 'stig_id'},
{'title': 'VMS ID', 'data': 'vms_id'},
{'title': 'Checklist Name', 'data': 'name'},
{'title': 'Type', 'data': 'type'},
{'title': 'PDI', 'data': 'pdi_id'},
{'title': 'File Name', 'data': 'file'}
];
/**
* Array to store headers for CVE searches
*
* @type Array
*/
var cve_headers = [
{'title': 'PDI ID', 'data': 'pdi_id'},
{'title': 'CVE ID', 'data': 'cve_id'},
{'title': 'Description', 'data': 'desc'},
{'title': 'Status', 'data': 'status'},
{'title': 'Reference', 'data': 'ref'}
];
/**
* Array to store headers for CPE searches
*
* @type Array
*/
var cpe_headers = [
{'title': 'Man', 'data': 'man'},
{'title': 'Name', 'data': 'name'},
{'title': 'Ver', 'data': 'ver'},
{'title': 'CPE', 'data': 'cpe'},
{'title': 'String', 'data': 'sw_string'}
];
/**
* Array to store headers for IAVM searches
*
* @type Array
*/
var iavm_headers = [
{'title': 'PDI ID', 'data': 'pdi_id'},
{'title': 'IAVM Notice', 'data': 'iavm'},
{'title': 'Title', 'data': 'title'},
{'title': 'Category', 'data': 'cat'},
{'title': 'Link', 'data': 'link'}
];
var start = 0;
var table = null;
function query() {
if (!$('#q').val()) {
alert("Please enter something to search for");
return;
}
if (table) {
table.destroy();
}
if ($('#type').val() == 'cve')
headers = cve_headers;
else if ($('#type').val() == 'cpe')
headers = cpe_headers;
else if ($('#type').val() == 'iavm')
headers = iavm_headers;
else
headers = default_headers;
table = $('#results').DataTable({
pageLength: 100,
serverSide: true,
stripeClasses: ['odd_row', 'even_row'],
columns: headers,
ajax: {
beforeSend: function () {
$('body').addClass('loading');
},
url: '/search.php',
method: 'POST',
data: {
type: $('#type').val(),
q: $('#q').val()
},
complete: function () {
$('body').removeClass('loading');
}
}
});
}
function open_stig(file, id) {
$('#search_result').attr('src', '../reference/stigs/stig.php?file=' + file + '&vms=' + id);
$('#search_result').animate({'opacity': '1.00'}, 300, 'linear');
$('#search_result').css('display', 'block');
view_box();
}
function open_pdi(pdi) {
$('#search_result').attr('src', 'pdi.php?pdi=' + pdi);
$('#search_result').animate({'opacity': '1.00'}, 300, 'linear');
$('#search_result').css('display', 'block');
view_box();
}
function view_box() {
$('.backdrop').animate({
'opacity': '.5'
}, 300, 'linear');
$('.backdrop').css('display', 'block');
$('html, body').css({
'overflow': 'hidden',
'height': '100%'
});
}
function close_box() {
$('.backdrop, .box').animate({
'opacity': '0'
}, 300, 'linear', function () {
$('.backdrop, .box').css('display', 'none');
});
$('html, body').css({
'overflow': 'auto',
'height': '100%'
});
if (mydz) {
mydz.on('queuecomplete', function () {
$('.dz-complete').remove();
$('.dz-message').show();
});
}
}
function get_cat_data(fname) {
$('#popup').animate({
'opacity': '1.00'
}, 300, 'linear');
$('#popup').css('display', 'block');
view_box();
$.ajax('/ajax.php', {
data: {
action: 'get-cat-data',
'fname': fname
},
beforeSend: function () {
$('#id').val('');
$('#checklist-id').text('');
$('#name').val('');
$('#description').val('');
$('#version').text('');
$('#release').text('');
$('#icon').val('');
$('#type').text('');
$('#software option').remove();
$('#cpe').val('');
},
success: function (data) {
$('#id').val(data.id);
$('#checklist-id').text(data.checklist_id);
$('#name').val(data.name);
$('#description').val(data.description);
$('#version').text(data.ver);
$('#release').text(data.release);
$('#icon').val(data.icon);
$('#type').text(data.type);
var dt = new Date(data.date.date);
$('#release-date').val((dt.getMonth() + 1) + "/" + dt.getDate() + '/' + dt.getFullYear());
for (var x in data.sw) {
$('#software').append("<option id='" + data.sw[x].id + "'>" +
data.sw[x].man + " " + data.sw[x].name + " " + data.sw[x].ver +
"</option>");
}
$('#software option').dblclick(remove_Software);
},
error: function (xhr, status, error) {
console.error(error);
},
timeout: 3000,
method: 'post',
dataType: 'json'
});
}
function remove_Software() {
$.ajax("/ajax.php", {
data: {
action: 'checklist-remove-software',
chk_id: $('#id').val(),
sw_id: $(this).attr('id')
},
success: function (data) {
if (data.error) {
alert(data.error);
}
else if (data.success) {
alert(data.success);
}
},
error: function (xhr, status, error) {
console.error(error);
},
dataType: 'json',
timeout: 3000,
method: 'post'
});
$(this).remove();
}
function autocomplete_software() {
if ($('#cpe').val().length < 3) {
return;
}
$.ajax('/ajax.php', {
data: {
action: ($('#os').is(":checked") ? 'os_filter' : 'sw_filter'),
filter: $('#cpe').val()
},
success: function (data) {
$('#availableSoftware div').remove();
for (var x in data) {
$('#availableSoftware').append("<div sw_id='" + data[x].sw_id + "' cpe='" + data[x].cpe + "'>" + data[x].sw_string + "</div>");
}
$('#availableSoftware').show();
$('#availableSoftware div').each(function () {
$(this).on("mouseover", function () {
$(this).addClass("swmouseover");
});
$(this).on("mouseout", function () {
$(this).removeClass("swmouseover");
});
$(this).on("click", function () {
add_software($(this).attr('sw_id'));
$('#software').append("<option value='" + $(this).attr('sw_id') + "' ondblclick='remove_Software();$(this).remove();'>" + $(this).html() + "</option>");
$(this).remove();
});
});
},
error: function (xhr, status, error) {
console.error(error);
},
dataType: 'json',
method: 'post',
timeout: 5000
});
}
function add_software(sw_id) {
$.ajax('/ajax.php', {
data: {
action: 'checklist-add-software',
'sw_id': sw_id,
chk_id: $('#id').val()
},
success: function (data) {
alert(data.status);
},
error: function (xhr, status, error) {
console.error(error);
},
dataType: 'json',
method: 'post',
timeout: 3000
});
}
function save_checklist() {
$.ajax('/ajax.php', {
data: {
action: 'save-checklist',
id: $('#id').val(),
name: $('#name').val(),
desc: $('#description').val(),
'rel-date': $('#release-date').val(),
icon: $('#icon').val()
},
success: function (data) {
if (data.error) {
console.error(data.error);
}
else {
alert(data.success);
}
},
error: function (xhr, status, error) {
console.error(error);
alert(error);
},
dataType: 'json',
method: 'post',
timeout: 3000
});
}
function validate_Edit_STE() {
if ($('#action') == 'Delete STE') {
return confirm("Are you sure you want to delete this ST&E");
}
var ret = true;
if ($('#start_date').val() > $('#end_date').val()) {
alert("Your start date can't after the end date");
ret = false;
}
if (!$('#start_date').val()) {
alert("You must select a start date for this ST&E");
ret = false;
}
if (!$('#end_date').val()) {
alert("You must select an end date for this ST&E");
ret = false;
}
if ($('#system').val() == "0") {
alert("You must select a system for this ST&E");
ret = false;
}
if ($('#site').val() == "0") {
alert("You must select a site where this ST&E will be performed");
ret = false;
}
return ret;
}
function show_subsystems() {
if ($('#system').val() == '0') {
alert('Select a primary system');
$('#system').focus();
return;
}
if ($('#add_subsystems').is(':checked'))
$('#subsystem_container').show();
else
$('#subsystem_container').hide();
$('#subsystems option').each(function () {
if ($(this).val() == $('#system').val()) {
$(this).remove();
return;
}
});
}

1
data/data.min.js vendored Normal file
View File

File diff suppressed because one or more lines are too long

123
data/reset.php
View File

@ -1,5 +1,4 @@
<?php
/**
* File: reset.php
* Author: Ryan Prather
@ -19,69 +18,91 @@
* - Oct 16, 2014 - File created
* - Jun 3, 2015 - Copyright updated and added constants
* - Nov 7, 2016 - Fixed bug with resetting web user password, commented out calling Perl encrypt.pl script
* - Jun 2, 2018 - Added checkbox to allow for generation of new random SALT
*/
include_once 'config.inc';
include_once 'helper.inc';
if (isset($_REQUEST['reset'])) {
chdir(DOC_ROOT);
$db = new mysqli(DB_SERVER, $_REQUEST['uname'], $_REQUEST['pwd'], "mysql");
if ($db->connect_error) {
include_once "header.inc";
die($db->connect_error);
}
$reset = (boolean) filter_input(INPUT_POST, 'reset', FILTER_SANITIZE_STRING, FILTER_NULL_ON_FAILURE);
if (in_array(DB_SERVER, array("localhost", "127.0.0.1"))) {
$host = "localhost";
}
else {
$host = '%';
}
if ($reset) {
chdir(DOC_ROOT);
$uname = filter_input(INPUT_POST, 'uname', FILTER_SANITIZE_STRING, FILTER_NULL_ON_FAILURE);
$pwd = filter_input(INPUT_POST, 'pwd', FILTER_SANITIZE_STRING, FILTER_NULL_ON_FAILURE);
$web_pwd = filter_input(INPUT_POST, 'web_pwd', FILTER_SANITIZE_STRING, FILTER_NULL_ON_FAILURE);
$new_salt = (boolean) filter_input(INPUT_POST, 'new-salt', FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE);
if (!$db->real_query("SET PASSWORD FOR 'web'@'$host' = PASSWORD('" . $_REQUEST['web_pwd'] . "')")) {
include_once "header.inc";
die("DB Password change unsuccessful, ceasing further operation" . PHP_EOL . $db->error);
}
$db = new mysqli(DB_SERVER, $uname, $pwd, "mysql");
if ($db->connect_error) {
include_once "header.inc";
die($db->connect_error);
}
$pwd = $_REQUEST['web_pwd'];
/* ---------------------------------
* CREATE DB PASSWORD FILE
* --------------------------------- */
$enc_pwd = my_encrypt($pwd);
if (in_array(DB_SERVER, array("localhost", "127.0.0.1"))) {
$host = "localhost";
}
else {
$host = '%';
}
if (!file_put_contents(DOC_ROOT . "/" . PWD_FILE, $enc_pwd)) {
die("Failed to save password");
}
die($enc_pwd);
if (!$db->real_query("SET PASSWORD FOR 'web'@'{$host}' = PASSWORD('{$web_pwd}')")) {
include_once "header.inc";
die("DB Password change unsuccessful, ceasing further operation" . PHP_EOL . $db->error);
}
print "Password change successful<br />";
print "<a href='/'>Home</a>";
/* ---------------------------------
* CREATE DB PASSWORD FILE
* --------------------------------- */
$salt = null;
$enc_pwd = null;
if ($new_salt) {
$salt = base64_encode(openssl_random_pseudo_bytes(32));
$enc_pwd = my_encrypt($web_pwd, $salt);
}
else {
$enc_pwd = my_encrypt($web_pwd);
}
if (!file_put_contents(DOC_ROOT . "/" . PWD_FILE, $enc_pwd)) {
die("Failed to save password");
}
if ($salt) {
print "Successfully updated the password, please copy the following text to the constant 'SALT' in the config.inc file, then the connection to the database will be restored<br />{$salt}<br />";
print "<a href='/'>Home</a>";
}
else {
print "Successfully updated the password, click <a href='/'>here</a> to continue";
}
}
else {
?>
<script src='/style/5grid/jquery-1.10.2.min.js' type='text/javascript'></script>
<script type='text/javascript'>
function chk_pwd() {
if ($('#pwd').val() != $('#conf').val()) {
$('#msg').text("Passwords do not match");
$('#msg').css('color', 'red');
}
else {
$('#msg').text("Passwords match");
$('#msg').css('color', 'green');
}
}
</script>
?>
<form method='post' action='reset.php'>
MySQL Admin User Name: <input type="text" name="uname" /><br />
Password: <input type="password" name="pwd" /><br />
<br />
New Web User Password: <input type="password" name="web_pwd" id="pwd" /><br />
Confirm Password: <input type="password" name="conf_pwd" id="conf" onkeyup='javascript:chk_pwd();' /> <span id='msg'></span><br />
<script src='/script/jquery-3.2.1.min.js' type='text/javascript'></script>
<script type='text/javascript'>
function chk_pwd() {
if ($('#pwd').val() != $('#conf').val()) {
$('#msg').text("Passwords do not match");
$('#msg').css('color', 'red');
}
else {
$('#msg').text("Passwords match");
$('#msg').css('color', 'green');
}
}
</script>
<input type="submit" name="reset" value="Reset Password" />
</form>
<form method='post' action='reset.php'>
MySQL Admin User Name: <input type="text" name="uname" /><br />
Password: <input type="password" name="pwd" /><br />
New Random SALT: <input type='checkbox' name='new-salt' value='1' /><br />
<br />
New Web User Password: <input type="password" name="web_pwd" id="pwd" /><br />
Confirm Password: <input type="password" name="conf_pwd" id="conf" onkeyup='javascript:chk_pwd();' /> <span id='msg'></span><br />
<input type="submit" name="reset" value="Reset Password" />
</form>
<?php } ?>

158
data/settings.inc
View File

@ -5,7 +5,7 @@
* Purpose: Allows the changing of system settings
* Created: Jan 6, 2015
*
* Portions Copyright 2016: Cyber Perspectives, All rights reserved
* Portions Copyright 2016-2018: Cyber Perspectives, LLC, All rights reserved
* Released under the Apache v2.0 License
*
* Portions Copyright (c) 2012-2015, Salient Federal Solutions
@ -25,90 +25,104 @@
* - May 13, 2017 - Added support for editing the default output format for E-Checklist exports
* - May 19, 2017 - Added audible notification setting
* - May 25, 2017 - Fixed typo
* - Apr 15, 2018 - Added entry for NVD CVE data and counts for each library type
*/
$db = new db();
$settings = $db->get_Settings(['cpe-load-date', 'cve-load-date', 'stig-load-date', 'nasl-load-date']);
$cpe_date = (isset($settings['cpe-load-date']) ? new DateTime($settings['cpe-load-date']) : null);
$cve_date = (isset($settings['cve-load-date']) ? new DateTime($settings['cve-load-date']) : null);
$db = new db();
$settings = $db->get_Settings(['cpe-load-date', 'cve-load-date', 'nvd-cve-load-date', 'stig-load-date', 'nasl-load-date', 'cpe-count', 'cve-count', 'nvd-cve-count', 'stig-count', 'nasl-count']);
$cpe_date = (isset($settings['cpe-load-date']) ? new DateTime($settings['cpe-load-date']) : null);
$cve_date = (isset($settings['cve-load-date']) ? new DateTime($settings['cve-load-date']) : null);
$nvd_date = (isset($settings['nvd-cve-load-date']) ? new DateTime($settings['nvd-cve-load-date']) : null);
$stig_date = (isset($settings['stig-load-date']) ? new DateTime($settings['stig-load-date']) : null);
$nasl_date = (isset($settings['nasl-load-date']) ? new DateTime($settings['nasl-load-date']) : null);
?>
<div style="width:49%;display:inline-block;">
<form action="index.php/?p=Settings" method="post">
<input type='hidden' name='action' value='Save Settings' />
<?php
if (isset($settings_saved)) {
print $settings_saved;
}
?>
Company: <input type="text" name="company" value="<?php print COMPANY; ?>" /><br />
Company Address: <input type="text" name="comp_add" value="<?php print COMP_ADD; ?>" /><br />
Last Modified By: <input type="text" name="last_modified_by" value="<?php print LAST_MODIFIED_BY; ?>" /><br />
Creator: <input type="text" name="creator" value="<?php print CREATOR; ?>" /><br /><br />
<form action="index.php/?p=Settings" method="post">
<input type='hidden' name='action' value='Save Settings' />
<?php
if (isset($settings_saved)) {
print $settings_saved;
}
Log level:
<select name="log_level">
<option <?php print (LOG_LEVEL == E_DEBUG) ? "selected" : null; ?>>DEBUG</option>
<option <?php print (LOG_LEVEL == E_NOTICE) ? "selected" : null; ?>>NOTICE</option>
<option <?php print (LOG_LEVEL == E_WARNING) ? "selected" : null; ?>>WARNING</option>
<option <?php print (LOG_LEVEL == E_ERROR) ? "selected" : null; ?>>ERROR</option>
</select><br /><br />
?>
Company: <input type="text" name="company" value="<?php print COMPANY; ?>" /><br />
Company Address: <input type="text" name="comp_add" value="<?php print COMP_ADD; ?>" /><br />
Last Modified By: <input type="text" name="last_modified_by" value="<?php print LAST_MODIFIED_BY; ?>" /><br />
Creator: <input type="text" name="creator" value="<?php print CREATOR; ?>" /><br /><br />
Flatten eChecklist: <input type="checkbox" name="flatten_echecklist" <?php print (FLATTEN ? "checked" : null); ?> /><br />
Wrap eChecklist Check Contents: <input type="checkbox" name="wrap_text" <?php print (WRAP_TEXT ? "checked" : null); ?> /><br />
Audible Notifications: <input type='checkbox' name='notifications' <?php print (NOTIFICATIONS ? "checked" : null); ?> /><br /><br />
Log level:
<select name="log_level">
<option <?php print (LOG_LEVEL == E_DEBUG) ? "selected" : null; ?>>DEBUG</option>
<option <?php print (LOG_LEVEL == E_NOTICE) ? "selected" : null; ?>>NOTICE</option>
<option <?php print (LOG_LEVEL == E_WARNING) ? "selected" : null; ?>>WARNING</option>
<option <?php print (LOG_LEVEL == E_ERROR) ? "selected" : null; ?>>ERROR</option>
</select><br /><br />
Port Ingestion Limit: <input type="number" name="port_limit" value="<?php print PORT_LIMIT; ?>" min="0" max="10000" /><br />
Max # of Result Scans: <input type="number" name="max_result_import" value="<?php print MAX_RESULTS; ?>" min="1" max="20" /><br />
Output Format:
<select name="output_format">
<option value="xlsx" <?php print (ECHECKLIST_FORMAT == 'xlsx' ? "selected" : null); ?>>Microsoft Excel 2007+ (.xlsx)</option>
<option value="xls"<?php print (ECHECKLIST_FORMAT == 'xls' ? "selected" : null); ?>>Microsoft Excel 95-2003 (.xls)</option>
<option value="ods"<?php print (ECHECKLIST_FORMAT == 'ods' ? "selected" : null); ?>>OpenDocument Format (.ods)</option>
<?php /*
<option value="html"<?php print (ECHECKLIST_FORMAT == 'html' ? "selected" : null); ?>>HTML (.html)</option>
<option value="pdf"<?php print (ECHECKLIST_FORMAT == 'pdf' ? "selected" : null); ?>>Post-script Document (.pdf)</option>
<option value="csv"<?php print (ECHECKLIST_FORMAT == 'csv' ? "selected" : null); ?>>Comma-separated files (.csv)</option>
*/ ?>
</select>
Flatten eChecklist: <input type="checkbox" name="flatten_echecklist" <?php print (FLATTEN ? "checked" : null); ?> /><br />
Wrap eChecklist Check Contents: <input type="checkbox" name="wrap_text" <?php print (WRAP_TEXT ? "checked" : null); ?> /><br />
Audible Notifications: <input type='checkbox' name='notifications' <?php print (NOTIFICATIONS ? "checked" : null); ?> /><br /><br />
<br />
Port Ingestion Limit: <input type="number" name="port_limit" value="<?php print PORT_LIMIT; ?>" min="0" max="10000" /><br />
Max # of Result Scans: <input type="number" name="max_result_import" value="<?php print MAX_RESULTS; ?>" min="1" max="20" /><br />
Output Format:
<select name="output_format">
<option value="xlsx" <?php print (ECHECKLIST_FORMAT == 'xlsx' ? "selected" : null); ?>>Microsoft Excel 2007+ (.xlsx)</option>
<option value="xls"<?php print (ECHECKLIST_FORMAT == 'xls' ? "selected" : null); ?>>Microsoft Excel 95-2003 (.xls)</option>
<option value="ods"<?php print (ECHECKLIST_FORMAT == 'ods' ? "selected" : null); ?>>OpenDocument Format (.ods)</option>
<?php /*
<option value="html"<?php print (ECHECKLIST_FORMAT == 'html' ? "selected" : null); ?>>HTML (.html)</option>
<option value="pdf"<?php print (ECHECKLIST_FORMAT == 'pdf' ? "selected" : null); ?>>Post-script Document (.pdf)</option>
<option value="csv"<?php print (ECHECKLIST_FORMAT == 'csv' ? "selected" : null); ?>>Comma-separated files (.csv)</option>
*/ ?>
</select>
<!--
Nessus server: <input type="text" name="nessus_server" value="<?php print NESSUS_SVR; ?>" /><br />
NMap binary path: <input type="text" name="nmap_path" value="<?php print NMAP_PATH; ?>" /><br />
-->
<br />
<input type="button" class='button' value="Save Settings" onclick='this.form.submit();' />
</form>
<!--
Nessus server: <input type="text" name="nessus_server" value="<?php print NESSUS_SVR; ?>" /><br />
NMap binary path: <input type="text" name="nmap_path" value="<?php print NMAP_PATH; ?>" /><br />
<input type="button" class='button' value="Save Settings" onclick='this.form.submit();' />
-->
</form>
</div>
<div style="width:49%;display:inline-block;">
<table id="system-dates" style='width:100%;vertical-align:top;'>
<thead>
<tr>
<th>Type</th>
<th>Date</th>
</tr>
</thead>
<tbody>
<tr>
<td>CPE's</td>
<td><?php print (is_a($cpe_date, 'DateTime') && $cpe_date != new DateTime("1970-01-01 00:00:00") ? $cpe_date->format("M j, Y") : "Not Loaded"); ?></td>
</tr>
<tr>
<td>CVE's</td>
<td><?php print (is_a($cve_date, 'DateTime') && $cve_date != new DateTime("1970-01-01 00:00:00") ? $cve_date->format("M j, Y") : "Not Loaded"); ?></td>
</tr>
<tr>
<td>STIG's</td>
<td><?php print (is_a($stig_date, 'DateTime') && $stig_date != new DateTime("1970-01-01 00:00:00") ? $stig_date->format("M j, Y") : "Not Loaded"); ?></td>
</tr>
<tr>
<td>NASL</td>
<td><?php print (is_a($nasl_date, 'DateTime') && $nasl_date != new DateTime("1970-01-01 00:00:00") ? $nasl_date->format("M j, Y") : "Not Loaded"); ?></td>
</tr>
</tbody>
</table>
<table id="system-dates" style='width:100%;vertical-align:top;'>
<thead>
<tr>
<th>Type</th>
<th>Date</th>
<th>Count</th>
</tr>
</thead>
<tbody>
<tr>
<td>CPE's</td>
<td><?php print (is_a($cpe_date, 'DateTime') && $cpe_date != new DateTime("1970-01-01 00:00:00") ? $cpe_date->format("M j, Y") : "Not Loaded"); ?></td>
<td><?php print $settings['cpe-count']; ?></td>
</tr>
<tr>
<td>CVE's</td>
<td><?php print (is_a($cve_date, 'DateTime') && $cve_date != new DateTime("1970-01-01 00:00:00") ? $cve_date->format("M j, Y") : "Not Loaded"); ?></td>
<td><?php print $settings['cve-count']; ?></td>
</tr>
<tr>
<td>NVD CVE's</td>
<td><?php print (is_a($nvd_date, 'DateTime') && $nvd_date != new DateTime("1970-01-01 00:00:00") ? $nvd_date->format("M j, Y") : "Not Loaded"); ?></td>
<td><?php print $settings['nvd-cve-count']; ?></td>
</tr>
<tr>
<td>STIG's</td>
<td><?php print (is_a($stig_date, 'DateTime') && $stig_date != new DateTime("1970-01-01 00:00:00") ? $stig_date->format("M j, Y") : "Not Loaded"); ?></td>
<td><?php print $settings['stig-count']; ?></td>
</tr>
<tr>
<td>NASL</td>
<td><?php print (is_a($nasl_date, 'DateTime') && $nasl_date != new DateTime("1970-01-01 00:00:00") ? $nasl_date->format("M j, Y") : "Not Loaded"); ?></td>
<td><?php print $settings['nasl-count']; ?></td>
</tr>
</tbody>
</table>
</div>

2
data/sitemgmt.inc
View File

@ -5,7 +5,7 @@
* Purpose: For adding or editing sites
* Created: Oct 21, 2014
*
* Portions Copyright 2016-2017: Cyber Perspectives, LLC, All rights reserved
* Portions Copyright 2016-2018: Cyber Perspectives, LLC, All rights reserved
* Released under the Apache v2.0 License
*
* Portions Copyright (c) 2012-2015, Salient Federal Solutions

91
data/stemgmt.inc
View File

@ -5,7 +5,7 @@
* Purpose: For adding or editing ST&Es
* Created: Oct 21, 2014
*
* Portions Copyright 2016-2017: Cyber Perspectives, LLC, All rights reserved
* Portions Copyright 2016-2018: Cyber Perspectives, LLC, All rights reserved
* Released under the Apache v2.0 License
*
* Portions Copyright (c) 2012-2015, Salient Federal Solutions
@ -21,6 +21,8 @@
* - May 19, 2017 - Migrated to filtering and changed save button to match buttons throughout
* - Jun 3, 2017 - Fixed bug #230 and changed table stripping to be consistent across the system
* - Jan 20, 2018 - Removed CKEditor fields
* - Apr 29, 2018 - Updated jQuery and jQuery UI library and remove minimum date restriction
* - May 31, 2018 - Added filtering to only show unique IP's and hostname excluding loopback and 0.0.0.0
*/
$page = filter_input(INPUT_GET, 'p', FILTER_SANITIZE_STRING);
$ste_id = filter_input(INPUT_POST, 'ste', FILTER_SANITIZE_STRING, FILTER_NULL_ON_FAILURE);
@ -34,7 +36,7 @@ $stes = $db->get_STE();
<script type="text/javascript" src="/script/datatables/DataTables-1.10.9/js/jquery.dataTables.min.js"></script>
<link rel="stylesheet" type="text/css" href="/script/jQueryUI/css/ui-lightness/jquery-ui-1.10.3.custom.min.css" />
<link rel="stylesheet" type="text/css" href="/script/jquery-ui/jquery-ui.min.css" />
<link type='text/css' rel='stylesheet' href="/script/datatables/DataTables-1.10.9/css/jquery.dataTables.min.css" />
<?php
@ -78,20 +80,19 @@ elseif ($page == 'EditSTE' && is_numeric($ste_id) && $ste_id > 0) {
#cke_scope, #cke_assumptions, #cke_constraints {
display:none;
}
.ui-datepicker {
width: 17em;
}
</style>
<script type='text/javascript'>
$(function () {
$('#start_date').datepicker({
dateFormat: "yy-mm-dd",
minDate: 0,
onSelect: function (date) {
var dt2 = $('#end_date');
var startDate = $(this).datepicker('getDate');
var minDate = $(this).datepicker('getDate');
startDate.setDate(startDate.getDate() + 30);
//sets dt2 maxDate to the last day of 30 days window
dt2.datepicker('option', 'maxDate', startDate);
dt2.datepicker('option', 'minDate', minDate);
//$(this).datepicker('option', 'minDate', minDate);
}
@ -122,61 +123,6 @@ elseif ($page == 'EditSTE' && is_numeric($ste_id) && $ste_id > 0) {
]});
*/ ?>
});
function validate_Edit_STE() {
if ($('#action') == 'Delete STE') {
return confirm("Are you sure you want to delete this ST&E");
}
var ret = true;
if ($('#start_date').val() > $('#end_date').val()) {
alert("Your start date can't after the end date");
ret = false;
}
if (!$('#start_date').val()) {
alert("You must select a start date for this ST&E");
ret = false;
}
if (!$('#end_date').val()) {
alert("You must select an end date for this ST&E");
ret = false;
}
if ($('#system').val() == "0") {
alert("You must select a system for this ST&E");
ret = false;
}
if ($('#site').val() == "0") {
alert("You must select a site where this ST&E will be performed");
ret = false;
}
return ret;
}
function show_subsystems() {
if ($('#system').val() == '0') {
alert('Select a primary system');
$('#system').focus();
return;
}
if ($('#add_subsystems').is(':checked'))
$('#subsystem_container').show();
else
$('#subsystem_container').hide();
$('#subsystems option').each(function () {
if ($(this).val() == $('#system').val()) {
$(this).remove();
return;
}
});
}
</script>
<form method='post' action='?p=EditSTE'>
@ -205,7 +151,6 @@ elseif ($page == 'EditSTE' && is_numeric($ste_id) && $ste_id > 0) {
<input type='text' name='start_date' id='start_date' value='<?php print $ste->get_Eval_Start_Date()->format('Y-m-d'); ?>' /><br />
Eval End Date:
<input type='text' name='end_date' id='end_date' value='<?php print $ste->get_Eval_End_Date()->format('Y-m-d'); ?>' /><br />
<?php print "<script>console.log('" . json_encode($ste->get_System()) . "');</script>"; ?>
System: <select name='system' id='system'>
<?php
foreach ($all_systems as $key => $sys) :
@ -313,28 +258,28 @@ elseif ($page == 'EditSTE' && is_numeric($ste_id) && $ste_id > 0) {
</thead>
<tbody>
<?php
$odd = true;
if (is_array($tgts) && count($tgts) && isset($tgts['id'])) {
$tgts = array(0 => $tgts);
}
if (is_array($tgts) && count($tgts) && isset($tgts[0]) && is_a($tgts[0], 'target')) {
foreach ($tgts as $key => $tgt) {
$interfaces = '';
$fqdn = '';
$odd = !$odd;
$ips = [];
$fqdn = [];
$os = $db->get_Software($tgt->get_OS_ID())[0];
foreach ($tgt->interfaces as $key2 => $int) {
$interfaces .= $int->get_IPv4() . ", ";
$fqdn .= $int->get_FQDN() . ", ";
if(!in_array($int->get_IPv4(), ['0.0.0.0', '127.0.0.1'])) {
$ips[] = $int->get_IPv4();
}
$fqdn[] = $int->get_FQDN();
}
print "<tr>" . // class='".($odd ? 'odd' : 'even')."'>".
print "<tr>" .
"<td>{$tgt->get_ID()}</td>" .
"<td>{$tgt->get_Name()}</td>" .
"<td>" . substr($interfaces, 0, -2) . "</td>" .
"<td>" . substr($fqdn, 0, -2) . "</td>" .
"<td>" . implode(", ", array_unique($ips)) . "</td>" .
"<td>" . implode(", ", array_unique($fqdn)) . "</td>" .
"<td>{$tgt->get_OS_String()}</td>" .
"</tr>";
}
@ -360,14 +305,10 @@ elseif ($page == 'EditSTE' && $ste_id == 'new') {
$(function () {
$('#start_date').datepicker({
dateFormat: "yy-mm-dd",
minDate: -30,
onSelect: function (date) {
var dt2 = $('#end_date');
var startDate = $(this).datepicker('getDate');
var minDate = $(this).datepicker('getDate');
startDate.setDate(startDate.getDate() + 30);
//sets dt2 maxDate to the last day of 30 days window
dt2.datepicker('option', 'maxDate', startDate);
dt2.datepicker('option', 'minDate', minDate);
//$(this).datepicker('option', 'minDate', minDate);
}

18
data/sysmgmt.inc
View File

@ -18,10 +18,22 @@
* - Oct 21, 2014 - File created
* - Sep 1, 2016 - Copyright updated and updated file purpose
* - May 19, 2017 - Migrated to filtering and changed save button to match buttons throughout
* - May 31, 2018 - Commented out CKEditor library
*/
$page = filter_input(INPUT_GET, 'p', FILTER_SANITIZE_STRING, FILTER_NULL_ON_FAILURE);
$sys_id = filter_input(INPUT_POST, 'system', FILTER_VALIDATE_INT, FILTER_NULL_ON_FAILURE);
?>
<style type="text/css">
#description {
width: 500px;
height: 150px;
}
</style>
<?php
if ($page == 'MSMgmt') {
?>
@ -58,12 +70,14 @@ elseif ($page == 'EditMS' && $sys_id) {
<script src='/script/ckeditor/ckeditor.js'></script>
<script type='text/javascript'>
$(function () {
/*
CKEDITOR.replace('description', {height: '100px', width: '950px', toolbar: [
{name: 'document', items: ['Source']},
{name: 'editor', items: ['Cut', 'Copy', 'Paste', 'PasteText', 'PastFromWord', '-', 'Undo', 'Redo']},
{name: 'basicstyles', groups: ['basicstyles', 'cleanup'], items: ['Bold', 'Italic', 'Underline', '-', 'RemoveFormat']},
{name: 'paragraph', groups: ['list', 'indent', 'blocks', 'align'], items: ['NumberedList', 'BulletedList', '-', 'Outdent', 'Indent', '-', 'JustifyLeft', 'JustifyCenter', 'JustifyRight', 'JustifyBlock']}
]});
*/
});
</script>
@ -117,7 +131,7 @@ elseif ($page == 'EditMS' && $sys_id) {
<?php print ($acred_type == accrediation_types::RMF ? ' selected' : ''); ?>>RMF</option>
</select><br />
System Description:<br />
<textarea name='description' id='description' cols='1' rows='1'><?php print $system->get_Description(); ?></textarea>
<textarea name='description' id='description' cols='1' rows='1'><?php print $system->get_Description(); ?></textarea><br />
<input type='button' class='button' name='action' value='Save System' onclick='this.form.submit();' />
</form>
@ -165,7 +179,7 @@ elseif ($page == 'EditMS' && !$sys_id) {
<option value='rmf'>RMF</option>
</select><br />
System Description:<br />
<textarea name='description' id='description' cols='1' rows='1'>[paste system description here]</textarea>
<textarea name='description' id='description' cols='1' rows='1'>[paste system description here]</textarea><br />
<input type='button' class='button' name='action' value='Save System' onclick='this.form.submit();' />
</form>