Fix for #60

Some formatting Die if installer.php fails to create password file Update target counts after importing eChecklist and CKL
2018-10-25 17:48:57 -04:00 · 2018-10-25 17:48:57 -04:00 · 7f2f6a9046
commit 7f2f6a9046
parent d43775b26f
8 changed files with 26 additions and 11 deletions
--- a/2
+++ b/2
@ -1,4 +1,4 @@
-FROM php:7.2.8-apache-stretch
+FROM php:apache-stretch
 COPY conf/docker-php.ini /usr/local/etc/php/php.ini
 RUN apt update && apt -y install zlib1g-dev mysql-client
 RUN docker-php-ext-install mysqli zip
--- a/conf/my.ini
+++ b/conf/my.ini
@ -147,8 +147,7 @@ innodb_log_group_home_dir = "C:/xampp/mysql/data"
 #innodb_log_arch_dir = "C:/xampp/mysql/data"
 ## You can set .._buffer_pool_size up to 50 - 80 %
 ## of RAM but beware of setting memory usage too high
-innodb_buffer_pool_size = 16M
-innodb_additional_mem_pool_size = 2M
+innodb_buffer_pool_size = 20M
 ## Set .._log_file_size to 25 % of buffer pool size
 innodb_log_file_size = 5M
 innodb_log_buffer_size = 8M
--- a/exec/installer.php
+++ b/exec/installer.php
@ -181,7 +181,9 @@ function save_Database($params)
     * 	CREATE DB PASSWORD FILE
     * --------------------------------- */
    $enc_pwd = my_encrypt($params['web-pwd']);
-    file_put_contents(DOC_ROOT . "/" . PWD_FILE, $enc_pwd);
+    if(!file_put_contents(DOC_ROOT . "/" . PWD_FILE, $enc_pwd)) {
+        die(json_encode(['error' => "Could not create the password file"]));
+    }

    if (isset($params['conf-root-pwd']) && $params['conf-root-pwd'] == $params['root-pwd']) {
        $db = new mysqli(DB_SERVER, $params['root-uname'], '', 'mysql');
--- a/exec/parse_excel_echecklist.php
+++ b/exec/parse_excel_echecklist.php
@ -347,6 +347,13 @@ $scan->isTerminated();
    }
 }

+/**
+ * @var host_list $h
+ */
+foreach($host_list as $h) {
+    $db->update_Target_Counts($h->getTargetId());
+}
+
 unset($objSS);
 $db->update_Scan_Host_List($scan, $host_list);
 if (!isset($cmd['debug'])) {
--- a/exec/parse_stig_viewer.php
+++ b/exec/parse_stig_viewer.php
@ -296,6 +296,8 @@ foreach ($vulns as $vul) {
    $vuln_count++;
 }

+$db->update_Target_Counts($tgt->get_ID());
+
 unset($xml);
 if (!isset($cmd['debug'])) {
    rename($cmd['f'], TMP . "/stig_viewer/$base_name");
--- a/exec/update_db.php
+++ b/exec/update_db.php
@ -601,6 +601,7 @@ if (isset($cmd['stig'])) {
        'stig-progress'    => 0,
        'stig-count'       => 0
    ]);
+    check_path(TMP . "/stigs");
    $path = TMP . "/stigs/zip";
    check_path($path);
    $stigUrlArray = [];
@ -639,6 +640,11 @@ if (isset($cmd['stig'])) {
        $log->debug("Match count: " . count($stigUrlArray));

        print "Downloading " . count($stigUrlArray) . PHP_EOL;
+
+        $stigUrlArray = array_unique(array_map(function($url){return str_replace("http://", "https://", $url);}, $stigUrlArray);
+        sort($stigUrlArray);
+        $log->debug("stig array", $stigUrlArray);
+
        if(is_array($stigUrlArray) && count($stigUrlArray)) {
            foreach($stigUrlArray as $url) {
                $stigFname = basename($url);
--- a/inc/database.inc
+++ b/inc/database.inc
@ -2713,7 +2713,7 @@ class db
                    ]
                ]);
                $sw_rows = $this->help->execute();
-                if (count($sw_rows)) {
+                if (is_array($sw_rows) && count($sw_rows)) {
                    if (isset($sw_rows['sw_id'])) {
                        $sw_rows = [0 => $sw_rows];
                    }
--- a/setup.php
+++ b/setup.php
@ -112,7 +112,7 @@ EOO;

 if (!class_exists('ZipArchive')) {
    print <<<EOO
-The PHP ZipArchive moduel is not installed or enabled.<br />
+The PHP ZipArchive module is not installed or enabled.<br />
 Visit <a href='/?phpinfo=1'>PHPInfo</a> to double-check this.<br /><br />
 EOO;
    $fail = true;
@ -127,7 +127,7 @@ EOO;
 }
 elseif (strtolower(substr(PHP_OS, 0, 3)) == 'win') {
    try {
-        $com = new COM("WScript.Shell");
+        new COM("WScript.Shell");
    }
    catch (Exception $e) {
        print <<<EOO
@ -170,7 +170,6 @@ EOO;
    $fail = true;
 }

-$match     = [];
 $mem_limit = return_bytes(ini_get("memory_limit"));
 $gig       = return_bytes('1G');
 if ($mem_limit < $gig) {
@ -347,10 +346,10 @@ EOL;

    switch ($step) {
        case 2:
-            print "        $('#tabs').tabs('disable', 1);" . PHP_EOL;
+            print "$('#tabs').tabs('disable', 1);" . PHP_EOL;
        case 1:
-            print "        $('#tabs').tabs('disable', 0);" . PHP_EOL;
-            print "        setTimeout(function(){enable_next(current_step);}, 3000);" . PHP_EOL;
+            print "$('#tabs').tabs('disable', 0);" . PHP_EOL;
+            print "setTimeout(function(){enable_next(current_step);}, 3000);" . PHP_EOL;
    }
 }