ryan/sagacity
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Revision of release v1.3.2

Browse Source
This commit is contained in:
CyberPerspectives
2018-07-26 08:33:50 -04:00
committed by Ryan Prather
parent 8c38a6cdb9
commit 750094e3b5
3231 changed files with 133590 additions and 135073 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
ste/basic-info.inc
View File

@ -5,7 +5,7 @@
* Purpose: Display the basic information from the target
* Created: Sep 1, 2016
*
* Copyright 2016: Cyber Perspectives, All rights reserved
* Copyright 2016-2018: Cyber Perspectives, LLC, All rights reserved
* Released under the Apache v2.0 License
*
* See license.txt for details
@ -13,6 +13,7 @@
* Change Log:
* - Sep 1, 2016 - File created
* - Mar 4, 2017 - Changed AJAX to use /ajax.php instead of /cgi-bin/ajax.php
* - Apr 19, 2018 - Updated 3rd party libraries
*/
?>
@ -74,9 +75,7 @@
.ui-timepicker-div.ui-timepicker-oneLine .ui_tpicker_unit_hide,
.ui-timepicker-div.ui-timepicker-oneLine .ui_tpicker_unit_hide:before{ display: none; }
</style>
<link
href="/script/jQueryUI/css/ui-lightness/jquery-ui-1.10.3.custom.min.css"
rel="stylesheet" type="text/css" />
<link href="/script/jquery-ui/jquery-ui.min.css" rel="stylesheet" type="text/css" />
<script src='/script/jQueryUI/jquery-ui-timepicker-addon.js' type='text/javascript'></script>
<script type='text/javascript'>

118
ste/export.php
View File

@ -6,7 +6,7 @@
* Purpose: Export findings to an Excel spreadsheet eChecklist
* Created: Oct 15, 2013
*
* Portions Copyright 2016-2017: Cyber Perspectives, LLC, All rights reserved
* Portions Copyright 2016-2018: Cyber Perspectives, LLC, All rights reserved
* Released under the Apache v2.0 License
*
* Portions Copyright (c) 2012-2015, Salient Federal Solutions
@ -43,15 +43,15 @@ use PhpOffice\PhpSpreadsheet\Writer\Ods;
use PhpOffice\PhpSpreadsheet\Writer\Csv;
use PhpOffice\PhpSpreadsheet\Writer\Html;
use PhpOffice\PhpSpreadsheet\Cell\Coordinate;
use Monolog\Logger;
use Monolog\Handler\StreamHandler;
set_time_limit(0);
$db = new db();
$checklists = [];
$x = 0;
$fh = fopen(LOG_PATH . "/eChecklist-export-timelog.csv", "a");
$last_time = microtime(true);
$emass_ccis = null;
$log_level = convert_log_level();
$chk_hosts = filter_input_array(INPUT_POST, 'chk_host');
$cat_id = filter_input(INPUT_GET, 'cat', FILTER_VALIDATE_INT, FILTER_NULL_ON_FAILURE);
if (!$cat_id) {
@ -63,66 +63,62 @@ if (!$ste_id) {
}
if (!$ste_id || !$cat_id) {
die("Could not find the STE and Category ID");
die("Could not find the STE or Category ID");
}
if (LOG_LEVEL == E_DEBUG) {
time_log_diff($fh, "calling get_category_findings");
$cat = $db->get_Category($cat_id)[0];
if (!is_a($cat, 'ste_cat')) {
die("Error finding category $cat_id");
}
$ste = $db->get_STE($ste_id)[0];
if (!is_a($ste, 'ste')) {
die("Error finding ST&E");
}
$log = new Logger("eChecklist-export");
$log->pushHandler(new StreamHandler(LOG_PATH . "/{$cat->get_Name()}-echecklist-export.log", $log_level));
if ($chk_hosts) {
$findings = $db->get_Category_Findings($cat_id, $chk_hosts);
}
else {
$findings = $db->get_Category_Findings($cat_id);
}
if (LOG_LEVEL == E_DEBUG) {
time_log_diff($fh, "Got findings");
}
$cat = $db->get_Category($cat_id)[0];
if (!is_a($cat, 'ste_cat')) {
Sagacity_Error::err_handler("Error finding category $cat_id", E_ERROR);
}
$ste = $db->get_STE($ste_id)[0];
$log->debug("Got findings");
// Get mapping of eMASS controls to CCIs from DB
if ($ste->get_System()->get_Accreditation_Type() == accrediation_types::RMF) {
$emass_ccis = $db->get_EMASS_CCIs();
}
$log = new Sagacity_Error("{$cat->get_Name()}-echecklist-export.log");
$Reader = \PhpOffice\PhpSpreadsheet\IOFactory::createReaderForFile("eChecklist-Template.xlsx");
$ss = $Reader->load("eChecklist-Template.xlsx");
if (LOG_LEVEL == E_DEBUG) {
time_log_diff($fh, "Loaded template");
}
$log->debug("Loaded template");
$ss->setActiveSheetIndexByName('Cover Sheet')
->setCellValue("B5", "{$ste->get_System()->get_Name()} eChecklist")
->setCellValue("B9", "{$ste->get_Eval_Start_Date()->format("m/d/Y")}-{$ste->get_Eval_End_Date()->format("m/d/Y")}")
->setCellValue("B2", ($ste->get_System()->get_Classification() == 'Classified' ? "SECRET" : "UNCLASSIFIED"))
->setCellValue("B12", "by:\r" . COMPANY . "\r" . COMP_ADD)
->setCellValue("B15", "Derived from: " . SCG . "\rReasons: <reasons>\rDeclassify on: " . DECLASSIFY_ON);
->setCellValue("B5", "{$ste->get_System()->get_Name()} eChecklist")
->setCellValue("B9", "{$ste->get_Eval_Start_Date()->format("m/d/Y")}-{$ste->get_Eval_End_Date()->format("m/d/Y")}")
->setCellValue("B2", ($ste->get_System()->get_Classification() == 'Classified' ? "SECRET" : "UNCLASSIFIED"))
->setCellValue("B12", "by:\r" . COMPANY . "\r" . COMP_ADD)
->setCellValue("B15", "Derived from: " . SCG . "\rReasons: <reasons>\rDeclassify on: " . DECLASSIFY_ON);
// set properties
$ss->getProperties()
->setCreator(CREATOR);
->setCreator(CREATOR);
$ss->getProperties()
->setLastModifiedBy(LAST_MODIFIED_BY);
->setLastModifiedBy(LAST_MODIFIED_BY);
$ss->getProperties()
->setCompany(COMPANY);
->setCompany(COMPANY);
$ss->getProperties()
->setTitle("{$cat->get_Name()} eChecklist");
->setTitle("{$cat->get_Name()} eChecklist");
$ss->getProperties()
->setSubject("{$cat->get_Name()} eChecklist");
->setSubject("{$cat->get_Name()} eChecklist");
$ss->getProperties()
->setDescription("{$cat->get_Name()} eChecklist");
->setDescription("{$cat->get_Name()} eChecklist");
if (LOG_LEVEL == E_DEBUG) {
time_log_diff($fh, "File properties set");
}
$log->debug("File properties set");
// set active sheet
$ss->setActiveSheetIndex(2);
@ -141,9 +137,7 @@ $host_status = array(
// Iterate over worksheets in the category; populating each with the checklists and finding data
foreach ($findings as $worksheet_name => $data) {
if (LOG_LEVEL == E_DEBUG) {
time_log_diff($fh, "Looping through worksheet $worksheet_name");
}
$log->debug("Looping through worksheet $worksheet_name");
$chk_arr = [];
$named_range = '';
@ -192,9 +186,7 @@ foreach ($findings as $worksheet_name => $data) {
}
}
if (LOG_LEVEL == E_DEBUG) {
time_log_diff($fh, "Setting classification");
}
$log->debug("Setting classification: $class");
$sheet->setCellValue("A1", $class)
->setCellValue('E2', $ste->get_System()->get_Name());
@ -210,9 +202,7 @@ foreach ($findings as $worksheet_name => $data) {
// Iterate over checklist items ($stig_id) and populate spreadsheet with status of each
foreach ($data['stigs'] as $stig_id => $tgt_status) {
if (LOG_LEVEL == E_DEBUG) {
time_log_diff($fh, "Running through STIG $stig_id");
}
$log->debug("Running through STIG $stig_id", $tgt_status);
$ia_controls_string = null;
$notes = '';
@ -241,23 +231,19 @@ foreach ($findings as $worksheet_name => $data) {
->setCellValue("B{$row}", $tgt_status['echecklist']->get_VMS_ID())
->setCellValue("C{$row}", $tgt_status['echecklist']->get_Cat_Level_String())
->setCellValue("D{$row}", $ia_controls_string)
->setCellValue("E{$row}", html_entity_decode($tgt_status['echecklist']->get_Short_Title()));
if (LOG_LEVEL == E_DEBUG) {
time_log_diff($fh, "Added STIG info ($stig_id), now to targets");
}
->setCellValue("E{$row}", str_replace("\\n", "\n", html_entity_decode($tgt_status['echecklist']->get_Short_Title())));
$log->debug("Added STIG info ($stig_id), not to targets");
foreach ($data['target_list'] as $host_name => $col_id) {
$status = 'Not Applicable';
if (isset($tgt_status[$host_name])) {
$status = $tgt_status[$host_name];
if (isset($tgt_status["{$host_name}"])) {
$status = $tgt_status["{$host_name}"];
}
$col = Coordinate::stringFromColumnIndex($col_id);
$sheet->setCellValue("{$col}{$row}", $status);
$sheet->getCell("{$col}{$row}")->setDataValidation(clone $validation['host_status']);
if (LOG_LEVEL == E_DEBUG) {
time_log_diff($fh, "Set data validation for target $host_name");
}
$log->debug("Set data validation for target $host_name");
}
$overall_str = "=IF(" .
@ -277,17 +263,13 @@ foreach ($findings as $worksheet_name => $data) {
//->setDataValidation($validation['true_false']);
$sheet->setCellValue($notes_col . $row, html_entity_decode($tgt_status['echecklist']->get_Notes()))
->setCellValue($check_contents_col . $row, str_replace("\\n", "\r", html_entity_decode($tgt_status['echecklist']->get_Check_Contents())));
if (LOG_LEVEL == E_DEBUG) {
time_log_diff($fh, "Added remaining cells");
}
->setCellValue($check_contents_col . $row, str_replace("\\n", "\n", html_entity_decode($tgt_status['echecklist']->get_Check_Contents())));
$log->debug("Added remaining cells");
$row++;
}
if (LOG_LEVEL == E_DEBUG) {
time_log_diff($fh, "Completed STIG parsing");
}
$log->debug("Completed STIG parsing");
$sheet->getStyle("F11:" . Coordinate::stringFromColumnIndex(count($data['target_list']) + 6) . $row)
->setConditionalStyles($host_status);
$sheet->getStyle("C11:C{$sheet->getHighestDataRow()}")
@ -320,16 +302,12 @@ foreach ($findings as $worksheet_name => $data) {
updateHostHeader($sheet, $data['target_list'], $db);
if (LOG_LEVEL == E_DEBUG) {
time_log_diff($fh, "Completed worksheet $worksheet_name");
}
$log->debug("Completed worksheet $worksheet");
}
$ss->removeSheetByIndex(2);
if (LOG_LEVEL == E_DEBUG) {
time_log_diff($fh, "Writing to file");
}
$log->debug("Writing to file");
$ct = '';
$writer = null;
@ -374,11 +352,7 @@ $cat_name = str_replace(" ", "_", $cat->get_Name());
header("Content-type: $ct");
header("Content-disposition: attachment; filename='{$cat_name}-eChecklist-{$ste_id}." . ECHECKLIST_FORMAT . "'");
$writer->save("php://output");
if (LOG_LEVEL == E_DEBUG) {
time_log_diff($fh, "Writing complete");
}
fclose($fh);
$log->debug("Writing complete");
/**
* Update the header on the worksheet
@ -402,7 +376,7 @@ function updateHostHeader($sheet, $tgts, &$db) {
$not_reviewed = null;
foreach ($tgts as $tgt_name => $col_id) {
$log->script_log("tgt_name: $tgt_name\tcol_id: $col_id");
$log->notice("tgt_name: $tgt_name\tcol_id: $col_id");
$tgt = $db->get_Target_Details($ste_id, $tgt_name)[0];
$os = $db->get_Software($tgt->get_OS_ID())[0];

58
ste/index.php
View File

@ -5,7 +5,7 @@
* Purpose: Main index page for the ST&E Operations
* Created: Sep 16, 2013
*
* Portions Copyright 2016-2017: Cyber Perspectives, LLC, All rights reserved
* Portions Copyright 2016-2018: Cyber Perspectives, LLC, All rights reserved
* Released under the Apache v2.0 License
*
* Portions Copyright (c) 2012-2015, Salient Federal Solutions
@ -32,26 +32,28 @@
* - May 26, 2017 - Added JS to delete hosts from category after deleting host using "Delete Host" button
* - May 30, 2017 - Fixed bug #209 error when saving category after editing
* - Jun 3, 2017 - Fixed bug #236
* - Apr 19, 2018 - Updated 3rd party libraries
*/
$title_prefix = "Operations";
include_once 'config.inc';
include_once 'header.inc';
include_once 'helper.inc';
include_once 'database.inc';
set_time_limit(0);
$db = new db();
$db = new db();
$cats = [];
$action = filter_input(INPUT_POST, 'action', FILTER_SANITIZE_STRING, FILTER_NULL_ON_FAILURE);
$ste_id = filter_input(INPUT_POST, 'ste', FILTER_VALIDATE_INT, FILTER_NULL_ON_FAILURE);
$task_status = $db->get_Task_Statuses();
$stes = $db->get_STE();
$scan_srcs = $db->get_Sources();
$cats = [];
$action = filter_input(INPUT_POST, 'action', FILTER_SANITIZE_STRING);
$ste_id = filter_input(INPUT_POST, 'ste', FILTER_VALIDATE_INT);
if (!$ste_id) {
$ste_id = filter_input(INPUT_COOKIE, 'ste', FILTER_VALIDATE_INT);
$ste_id = filter_input(INPUT_COOKIE, 'ste', FILTER_VALIDATE_INT, FILTER_NULL_ON_FAILURE);
}
$stes = $db->get_STE();
if ($action) {
if ($action == 'move_to') {
$sel_tgts = json_decode(html_entity_decode(filter_input(INPUT_POST, 'selected_tgts', FILTER_SANITIZE_STRING)));
@ -187,13 +189,10 @@ if ($ste_id) {
$cats = $db->get_STE_Cat_List($ste_id);
}
$task_status = $db->get_Task_Statuses();
$scan_srcs = $db->get_Sources();
include_once 'header.inc';
?>
<script src="ste_script.js" type="text/javascript"></script>
<script src="ste_script.min.js" type="text/javascript"></script>
<link href='/style/style.css' rel='stylesheet' type='text/css' />
<script type="text/javascript">
@ -342,19 +341,19 @@ $scan_srcs = $db->get_Sources();
<select name='ste' style='width: 400px;' id="ste"
onchange="setCookie('ste', this.value);
this.form.submit();">
<option value='0'> -- Please Select an ST&amp;E -- </option>
<?php
if (is_array($stes) && count($stes)) {
foreach ($stes as $ste) {
print "<option value='{$ste->get_ID()}'" .
($ste_id && $ste_id == $ste->get_ID() ? " selected" : "") .
">" .
"{$ste->get_System()->get_Name()}, {$ste->get_Site()->get_Name()}, {$ste->get_Eval_Start_Date()->format("d M Y")}" .
"</option>";
}
}
<option value='0'> -- Please Select an ST&amp;E -- </option>
<?php
if (is_array($stes) && count($stes)) {
foreach ($stes as $ste) {
print "<option value='{$ste->get_ID()}'" .
($ste_id && $ste_id == $ste->get_ID() ? " selected" : "") .
">" .
"{$ste->get_System()->get_Name()}, {$ste->get_Site()->get_Name()}, {$ste->get_Eval_Start_Date()->format("d M Y")}" .
"</option>";
}
}
?>
?>
</select>
</form>
</div>
@ -495,6 +494,13 @@ $scan_srcs = $db->get_Sources();
</div>
</div>
</div>
<input type="hidden" id="ops-page" value="main" />
<div id='tgt-notes' class="box">
<input type='hidden' id='tgt-id' />
<textarea id='notes' style='width:100%;height:75%;'></textarea>
<input type='button' id='save-tgt-notes' value='Save' />
</div>
<div class="backdrop"></div>
<div id="move_to" class="box">

36
ste/stats.php
View File

@ -3,37 +3,35 @@
* File: stats.php
* Author: Ryan
* Purpose: Testing page for the new target details page
* Created: Sep 1, 2016
* Created: Jan 3, 2018
*
* Copyright 2016: Cyber Perspectives, All rights reserved
* Copyright 2018: Cyber Perspectives, LLC, All rights reserved
* Released under the Apache v2.0 License
*
* See license.txt for details
*
* Change Log:
* - Sep 1, 2016 - File created
* - Jan 30, 2017 - Formatting and added popup for note updates (not complete)
* - Jan 10, 2018 - Renamed from new-ops.php to stats.php and finalized functionality
* - Jan 15, 2018 - Added notes back in (first note line) and follow-up lines in popup,
Moved Scans and Checklists column after Assessed percentage column,
Fixed error with footer not displaying
* - Jan 3, 2018 - File created
*/
$title_prefix = "Stats";
set_time_limit(0);
include_once 'config.inc';
include_once 'database.inc';
include_once 'helper.inc';
include_once 'database.inc';
set_time_limit(0);
$db = new db();
$cats = [];
$action = filter_input(INPUT_POST, 'action', FILTER_SANITIZE_STRING, FILTER_NULL_ON_FAILURE);
$ste_id = filter_input(INPUT_POST, 'ste', FILTER_VALIDATE_INT, FILTER_NULL_ON_FAILURE);
$task_status = $db->get_Task_Statuses();
$stes = $db->get_STE();
$scan_srcs = $db->get_Sources();
$db = new db();
$ste_id = filter_input(INPUT_POST, 'ste', FILTER_VALIDATE_INT, FILTER_NULL_ON_FAILURE);
if (!$ste_id) {
$ste_id = filter_input(INPUT_COOKIE, 'ste', FILTER_VALIDATE_INT, FILTER_NULL_ON_FAILURE);
}
$task_status = $db->get_Task_Statuses();
$cats = [];
$action = filter_input(INPUT_POST, 'action', FILTER_SANITIZE_STRING);
if ($action) {
if ($action == 'move_to') {
@ -176,12 +174,11 @@ if ($ste_id) {
$cats = array_merge($cats, $ste_cats);
}
$scan_srcs = $db->get_Sources();
include_once "header.inc";
?>
<script type='text/javascript' src='/ste/ste_script.js'></script>
<script type='text/javascript' src='/ste/ste_script.min.js'></script>
<script type="text/javascript">
var sel_tgts = [];
function open_echecklist(id) {
@ -381,7 +378,7 @@ include_once "header.inc";
<?php
if (count($cats)) {
foreach ($cats as $cat) {
print $cat->getSTECatRow();
print $cat->getStatsCategoryRow();
}
}
else {
@ -394,6 +391,7 @@ include_once "header.inc";
</div>
</div>
<input type="hidden" id="ops-page" value="stats" />
<div class="backdrop"></div>
<div id='tgt-notes' class="box">
<input type='hidden' id='tgt-id' />

295
ste/ste_script.js
View File

@ -27,8 +27,9 @@
* - May 19, 2017 - Simplified target selection code
* - May 26, 2017 - Added supporting code to delete target from category after clicking "Delete Host", also specified location where CKL files are placed upon export.
* - Jan 10, 2018 - Added new methods for /ste/stats.php and cleaned up
* - Jan 15, 2018 - Moved colums around, added target notes,
Added getColorForPercentage method for sliding color scale
* - Jan 15, 2018 - Moved colums around, added target notes,
Added getColorForPercentage method for sliding color scale
* - Apr 29, 2018 - Simplified get_hosts method and displays, formatting
*/
/**
@ -130,6 +131,7 @@ function edit_cat(cat_id) {
var cat_name = $('#cat_name_' + cat_id).text();
var matches = cat_name.match(/\s+\(([\d]+)\)\s+\(([^\d][ \w]+)\)|\s+\(([\d]+)\)/i);
cat_name = cat_name.replace(/\s+\(([\d]+)\)\s+\(([^\d][ \w]+)\)|\s+\(([\d]+)\)/i, '');
cat_name = cat_name.replace(/\s{2,}/g, '');
$('#new_cat_name').val(cat_name);
$('#selected_cat').val(cat_id);
if (matches && typeof matches[2] !== 'undefined')
@ -185,7 +187,6 @@ function delete_cat(id) {
alert(data.error);
}
else {
alert(data.success);
location.reload();
}
},
@ -286,14 +287,8 @@ function update_Status(chk) {
*/
function collapse_expand() {
var id = $(this).data('id');
if ($('#cat_' + id + '_dl').val() == '0') {
if (location.href.match(/\/ste\/$|index\.php/)) {
get_hosts(id);
}
else {
get_new_hosts(id);
}
if(!$('.cat_' + id).length) {
get_hosts(id);
}
$(this).toggleClass('fa-minus-square fa-plus-square');
@ -356,7 +351,17 @@ function get_hosts(cat_id) {
$('#loading,#waiting').show();
$('#waiting').animate({'opacity': '0.5'}, 300, 'linear');
},
success: display_hosts,
success: function (data) {
if ($('#ops-page').val() == 'main') {
display_ops_hosts(data);
}
else if ($('#ops-page').val() == 'stats') {
display_stats_hosts(data);
}
else if ($('#ops-page').val() == 'task') {
display_task_hosts(data);
}
},
error: function (xhr, status, error) {
console.error(error);
},
@ -369,83 +374,111 @@ function get_hosts(cat_id) {
});
}
/**
*
* @param {type} id
* @returns {undefined}
*/
function get_new_hosts(id) {
$.ajax('/ajax.php', {
data: {
action: 'new-get-hosts',
'cat-id': id
},
beforeSend: function () {
$('#loading,#waiting').show();
$('#waiting').animate({'opacity': '0.5'}, 300, 'linear');
},
success: function (data) {
if (data.error) {
console.error(data.error);
function display_ops_hosts(hosts) {
if (hosts.error) {
console.error(hosts.error);
}
else {
var cat_id = hosts.cat_id;
var cat = $('#cat_' + cat_id);
var odd = true;
for (var x in hosts.targets) {
$(cat).after(
"<div class='" + (odd ? "odd_row" : "even_row") + " cat_" + cat_id + "'>" +
"<span class='cat-cell' style='width:102px;text-align:left'>" +
"<input type='checkbox' class='tgt-sel' value='" + hosts.targets[x].id + "' onclick='javascript:update_tgt_chk(this);' />" +
"<a href='target.php?ste=" + hosts.targets[x].ste_id + "&tgt=" + hosts.targets[x].id + "' class='host' target='_blank'>" + hosts.targets[x].name + "</a>" +
"<a href='target.php?ste=" + hosts.targets[x].ste_id + "&tgt=" + hosts.targets[x].id + "' class='ip' target='_blank'>" + hosts.targets[x].ip + "</a>" +
"</span>" +
"<span class='cat-cell' style='width:104px;line-height:1.25em;'>" + hosts.targets[x].os + "</span>" +
"<span class='cat-cell' style='width:102px;'>" +
(hosts.targets[x].location ? hosts.targets[x].location : "&nbsp;") +
"</span>" +
"<span class='cat-cell task-" + hosts.targets[x].auto.toLowerCase() + "' style='width:63px;text-align:center;'>" + hosts.targets[x].auto + "</span>" +
"<span class='cat-cell task-" + hosts.targets[x].man.toLowerCase() + "' style='width:63px;text-align:center;'>" + hosts.targets[x].man + "</span>" +
"<span class='cat-cell task-" + hosts.targets[x].data.toLowerCase() + "' style='width:63px;text-align:center;'>" + hosts.targets[x].data + "</span>" +
"<span class='cat-cell task-" + hosts.targets[x].fp.toLowerCase() + "' style='width:63px;text-align:center;'>" + hosts.targets[x].fp + "</span>" +
"<span class='cat-cell' style='width:147px;'>" +
(hosts.targets[x].scans ? hosts.targets[x].scans : "&nbsp;") +
"</span>" +
"<span class='cat-cell' style='width:147px;'>" +
(hosts.targets[x].chk ? hosts.targets[x].chk : "&nbsp;") +
"</span>" +
"<span class='cat-cell note' id='note_" + hosts.targets[x].id + "' style='width:346px;'>" + (hosts.targets[x].notes ? hosts.targets[x].notes : "&nbsp;") +
"<i class='fas target-notes fa-pen-square' data-id='" + hosts.targets[x].id + "'> </i>" +
"</span>" +
"</div>"
);
odd = !odd;
}
$('#cat_' + cat_id + '_dl').val(1);
$('.target-notes').click(get_target_notes);
$('.fa-ellipsis-h').tooltip({
classes: {
'ui-tooltip': 'highlight'
}
else {
var cat_id = data.cat_id;
var cat = $('#cat_' + cat_id);
var odd = true;
});
}
}
for (var x in data.targets) {
$(cat).after(
"<div class='" + (odd ? "odd_row" : "even_row") + " cat_" + cat_id + "'>" +
"<span class='cat-cell name' style='text-align:left'>" +
"<input type='checkbox' class='tgt-sel' value='" + data.targets[x].id + "' onclick='javascript:update_tgt_chk(this);' />" +
"<a href='target.php?ste=" + data.targets[x].ste_id + "&tgt=" + data.targets[x].id + "' class='host' target='_blank'>" + data.targets[x].name + "</a>" +
"<a href='target.php?ste=" + data.targets[x].ste_id + "&tgt=" + data.targets[x].id + "' class='ip' target='_blank'>" + data.targets[x].ip + "</a>" +
"</span>" +
"<span class='cat-cell os' style='line-height:1.25em;'>" + data.targets[x].os + "</span>" +
"<span class='cat-cell cat1 cat_I' title='Cat I Findings' style='text-align:center;'>" + data.targets[x].cat_1 + "</span>" +
"<span class='cat-cell cat2 cat_II' title='Cat II Findings' style='text-align:center;'>" + data.targets[x].cat_2 + "</span>" +
"<span class='cat-cell cat3 cat_III' title='Cat III Findings' style='text-align:center;'>" + data.targets[x].cat_3 + "</span>" +
"<span class='cat-cell nf' title='Not a Finding' style='text-align:center;'>" + data.targets[x].nf + "</span>" +
"<span class='cat-cell na' title='Not Applicable' style='text-align:center;'>" + data.targets[x].na + "</span>" +
"<span class='cat-cell nr' title='Not Reviewed' style='text-align:center;'>" + data.targets[x].nr + "</span>" +
"<span class='cat-cell comp' title='Percentage Compliant' style='text-align:center;background-color: " +
getColorForPercentage(data.targets[x].comp)+ ";'>" + (data.targets[x].comp.toFixed(2) * 100) + "%</span>" +
"<span class='cat-cell assessed' title='Percentage Assessed' style='text-align:center;background-color: " +
getColorForPercentage(data.targets[x].assessed) + ";'>" + (data.targets[x].assessed.toFixed(2) * 100) + "%</span>" +
"<span class='cat-cell scans'>" +
(data.targets[x].scans ? data.targets[x].scans : "&nbsp;") +
"</span>" +
"<span class='cat-cell checklists'>" +
(data.targets[x].chk ? data.targets[x].chk : "&nbsp;") +
"</span>" +
"<span class='cat-cell note'>" + data.targets[x].notes +
"<i class='fas target-notes fa-pen-square' data-id='" + data.targets[x].id + "'> </i>" +
"</span>" +
"</div>"
);
function display_stats_hosts(hosts) {
if (hosts.error) {
console.error(hosts.error);
}
else {
var cat_id = hosts.cat_id;
var cat = $('#cat_' + cat_id);
var odd = true;
odd = !odd;
}
for (var x in hosts.targets) {
$(cat).after(
"<div class='" + (odd ? "odd_row" : "even_row") + " cat_" + cat_id + "'>" +
"<span class='cat-cell name' style='text-align:left'>" +
"<input type='checkbox' class='tgt-sel' value='" + hosts.targets[x].id + "' onclick='javascript:update_tgt_chk(this);' />" +
"<a href='target.php?ste=" + hosts.targets[x].ste_id + "&tgt=" + hosts.targets[x].id + "' class='host' target='_blank'>" + hosts.targets[x].name + "</a>" +
"<a href='target.php?ste=" + hosts.targets[x].ste_id + "&tgt=" + hosts.targets[x].id + "' class='ip' target='_blank'>" + hosts.targets[x].ip + "</a>" +
"</span>" +
"<span class='cat-cell os' style='line-height:1.25em;'>" + hosts.targets[x].os + "</span>" +
"<span class='cat-cell cat1 cat_I' title='Cat I Findings' style='text-align:center;'>" + hosts.targets[x].cat_1 + "</span>" +
"<span class='cat-cell cat2 cat_II' title='Cat II Findings' style='text-align:center;'>" + hosts.targets[x].cat_2 + "</span>" +
"<span class='cat-cell cat3 cat_III' title='Cat III Findings' style='text-align:center;'>" + hosts.targets[x].cat_3 + "</span>" +
"<span class='cat-cell nf' title='Not a Finding' style='text-align:center;'>" + hosts.targets[x].nf + "</span>" +
"<span class='cat-cell na' title='Not Applicable' style='text-align:center;'>" + hosts.targets[x].na + "</span>" +
"<span class='cat-cell nr' title='Not Reviewed' style='text-align:center;'>" + hosts.targets[x].nr + "</span>" +
"<span class='cat-cell comp' title='Percentage Compliant' style='text-align:center;background-color: " +
getColorForPercentage(hosts.targets[x].comp) + ";'>" + (hosts.targets[x].comp.toFixed(2) * 100) + "%</span>" +
"<span class='cat-cell assessed' title='Percentage Assessed' style='text-align:center;background-color: " +
getColorForPercentage(hosts.targets[x].assessed) + ";'>" + (hosts.targets[x].assessed.toFixed(2) * 100) + "%</span>" +
"<span class='cat-cell scans'>" +
(hosts.targets[x].scans ? hosts.targets[x].scans : "&nbsp;") +
"</span>" +
"<span class='cat-cell checklists'>" +
(hosts.targets[x].chk ? hosts.targets[x].chk : "&nbsp;") +
"</span>" +
"<span class='cat-cell note' id='note_" + hosts.targets[x].id + "'>" + hosts.targets[x].notes +
"<i class='fas target-notes fa-pen-square' data-id='" + hosts.targets[x].id + "'> </i>" +
"</span>" +
"</div>"
);
$('#cat_' + cat_id + '_dl').val(1);
$('.target-notes').click(get_target_notes);
$('.fa-ellipsis-h').tooltip({
classes: {
'ui-tooltip': 'highlight'
}
});
odd = !odd;
}
$('#cat_' + cat_id + '_dl').val(1);
$('.target-notes').click(get_target_notes);
$('.fa-ellipsis-h').tooltip({
classes: {
'ui-tooltip': 'highlight'
}
},
error: function (xhr, status, error) {
console.error(error);
},
complete: function () {
$('#loading,#waiting').hide();
$('#waiting').animate({'opacity': '0'}, 300, 'linear');
},
dataType: 'json',
method: 'post'
});
});
}
}
function display_task_hosts(hosts) {
}
function get_target_notes() {
@ -489,7 +522,13 @@ function save_target_notes() {
alert(data.error);
}
else {
alert(data.success);
$('#note_' + $('#tgt-id').val()).html($('#notes').val() + "<i class='fas target-notes fa-pen-square' data-id='" + $("#tgt-id").val() + "'> </i>");
$('.target-notes').click(get_target_notes);
$('.fa-ellipsis-h').tooltip({
classes: {
'ui-tooltip': 'highlight'
}
});
close_box();
}
},
@ -501,50 +540,6 @@ function save_target_notes() {
});
}
/**
* Function to display retrieved hosts from AJAX call
*
* @param data
*/
function display_hosts(data) {
var cat_id = data.cat_id;
var cat = $('#cat_' + cat_id);
var odd = true;
for (var x in data.targets) {
$(cat).after(
"<div class='" + (odd ? "odd_row" : "even_row") + " cat_" + cat_id + "'>" +
"<span class='cat-cell' style='width:102px;text-align:left'>" +
"<input type='checkbox' class='tgt-sel' value='" + data.targets[x].id + "' onclick='javascript:update_tgt_chk(this);' />" +
"<a href='target.php?ste=" + data.targets[x].ste_id + "&tgt=" + data.targets[x].id + "' class='host' target='_blank'>" + data.targets[x].name + "</a>" +
"<a href='target.php?ste=" + data.targets[x].ste_id + "&tgt=" + data.targets[x].id + "' class='ip' target='_blank'>" + data.targets[x].ip + "</a>" +
"</span>" +
"<span class='cat-cell' style='width:104px;line-height:1.25em;'>" + data.targets[x].os + "</span>" +
"<span class='cat-cell' style='width:102px;'>" +
(data.targets[x].location ? data.targets[x].location : "&nbsp;") +
"</span>" +
"<span class='cat-cell task-" + data.targets[x].auto.toLowerCase() + "' style='width:63px;text-align:center;'>" + data.targets[x].auto + "</span>" +
"<span class='cat-cell task-" + data.targets[x].man.toLowerCase() + "' style='width:63px;text-align:center;'>" + data.targets[x].man + "</span>" +
"<span class='cat-cell task-" + data.targets[x].data.toLowerCase() + "' style='width:63px;text-align:center;'>" + data.targets[x].data + "</span>" +
"<span class='cat-cell task-" + data.targets[x].fp.toLowerCase() + "' style='width:63px;text-align:center;'>" + data.targets[x].fp + "</span>" +
"<span class='cat-cell' style='width:147px;'>" +
(data.targets[x].scans ? data.targets[x].scans : "&nbsp;") +
"</span>" +
"<span class='cat-cell' style='width:147px;'>" +
(data.targets[x].chk ? data.targets[x].chk : "&nbsp;") +
"</span>" +
"<span class='cat-cell' style='width:346px;'>" +
(data.targets[x].notes ? data.targets[x].notes : "&nbsp;") +
"</span>" +
"</div>"
);
odd = !odd;
}
$('#cat_' + cat_id + '_dl').val(1);
}
/**
* Function to make AJAX call for system to autocategorize targets based on OS
*/
@ -605,27 +600,27 @@ function export_ckl(cat_id, tgt_id) {
// Mister @Jacob's Anwser
var percentColors = [
{ pct: 0.0, color: { r: 0xff, g: 0x00, b: 0 } },
{ pct: 0.5, color: { r: 0xff, g: 0xff, b: 0 } },
{ pct: 1.0, color: { r: 0x00, g: 0xff, b: 0 } } ];
{pct: 0.0, color: {r: 0xff, g: 0x00, b: 0}},
{pct: 0.5, color: {r: 0xff, g: 0xff, b: 0}},
{pct: 1.0, color: {r: 0x00, g: 0xff, b: 0}}];
var getColorForPercentage = function(pct) {
for (var i = 1; i < percentColors.length - 1; i++) {
if (pct < percentColors[i].pct) {
break;
}
var getColorForPercentage = function (pct) {
for (var i = 1; i < percentColors.length - 1; i++) {
if (pct < percentColors[i].pct) {
break;
}
var lower = percentColors[i - 1];
var upper = percentColors[i];
var range = upper.pct - lower.pct;
var rangePct = (pct - lower.pct) / range;
var pctLower = 1 - rangePct;
var pctUpper = rangePct;
var color = {
r: Math.floor(lower.color.r * pctLower + upper.color.r * pctUpper),
g: Math.floor(lower.color.g * pctLower + upper.color.g * pctUpper),
b: Math.floor(lower.color.b * pctLower + upper.color.b * pctUpper)
};
return 'rgb(' + [color.r, color.g, color.b].join(',') + ')';
// or output as hex if preferred
}
var lower = percentColors[i - 1];
var upper = percentColors[i];
var range = upper.pct - lower.pct;
var rangePct = (pct - lower.pct) / range;
var pctLower = 1 - rangePct;
var pctUpper = rangePct;
var color = {
r: Math.floor(lower.color.r * pctLower + upper.color.r * pctUpper),
g: Math.floor(lower.color.g * pctLower + upper.color.g * pctUpper),
b: Math.floor(lower.color.b * pctLower + upper.color.b * pctUpper)
};
return 'rgb(' + [color.r, color.g, color.b].join(',') + ')';
// or output as hex if preferred
}

1
ste/ste_script.min.js vendored Normal file
View File

File diff suppressed because one or more lines are too long

7
ste/target.php
View File

@ -5,7 +5,7 @@
* Purpose: Display target data
* Created: Sep 17, 2013
*
* Portions Copyright 2016-2017: Cyber Perspectives, LLC, All rights reserved
* Portions Copyright 2016-2018: Cyber Perspectives, LLC, All rights reserved
* Released under the Apache v2.0 License
*
* Portions Copyright (c) 2012-2015, Salient Federal Solutions
@ -28,6 +28,7 @@
* - Oct 26, 2017 - Added check_path for /tmp/data_collection directory to make sure the parent directory is there before it attempts to create any target subdirectories
* - Oct 27, 2017 - Fix bug for deleting interfaces
* - Jan 10, 2018 - Update STE object to use System and Site class member variables instead of ID's
* - Apr 19, 2018 - Updated 3rd party libraries
*/
set_time_limit(0);
include_once 'config.inc';
@ -423,7 +424,7 @@ include_once 'header.inc';
width: 505px;
}
</style>
<script src='ste_script.js' type='text/javascript'></script>
<script src='ste_script.min.js' type='text/javascript'></script>
<script type="text/javascript" src="/script/dropzone/dropzone.min.js"></script>
<link type="text/css" href="/script/dropzone/dropzone.min.css" rel="stylesheet" />
<link type="text/css" href="/script/dropzone/basic.min.css" rel="stylesheet" />
@ -811,7 +812,7 @@ include_once 'header.inc';
<input type='text' name='chk_filter' id='chk_filter'
onkeyup="javascript:filter_checklists($('#hide_old').is(':checked'));"
style='width: 132px;' /><br />
<select class="Control" name="availableChecklists" id="availableChecklists" multiple size="9" style="width: 250px;">
<select class="Control" name="availableChecklists" id="availableChecklists" multiple size="9" style="width: 250px; overflow: scroll;">
<?php
$chklst = $db->get_Checklist();
if ($tgt_id && count($tgt->checklists)) {