diff --git a/Dockerfile b/Dockerfile
index b395466..e6c1397 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM php:7.2.8-apache-stretch
+FROM php:apache-stretch
COPY conf/docker-php.ini /usr/local/etc/php/php.ini
RUN apt update && apt -y install zlib1g-dev mysql-client
RUN docker-php-ext-install mysqli zip
diff --git a/conf/my.ini b/conf/my.ini
index 5133c37..6360dc3 100644
--- a/conf/my.ini
+++ b/conf/my.ini
@@ -147,8 +147,7 @@ innodb_log_group_home_dir = "C:/xampp/mysql/data"
#innodb_log_arch_dir = "C:/xampp/mysql/data"
## You can set .._buffer_pool_size up to 50 - 80 %
## of RAM but beware of setting memory usage too high
-innodb_buffer_pool_size = 16M
-innodb_additional_mem_pool_size = 2M
+innodb_buffer_pool_size = 20M
## Set .._log_file_size to 25 % of buffer pool size
innodb_log_file_size = 5M
innodb_log_buffer_size = 8M
diff --git a/exec/installer.php b/exec/installer.php
index 1391e4d..bbf905d 100644
--- a/exec/installer.php
+++ b/exec/installer.php
@@ -181,7 +181,9 @@ function save_Database($params)
* CREATE DB PASSWORD FILE
* --------------------------------- */
$enc_pwd = my_encrypt($params['web-pwd']);
- file_put_contents(DOC_ROOT . "/" . PWD_FILE, $enc_pwd);
+ if(!file_put_contents(DOC_ROOT . "/" . PWD_FILE, $enc_pwd)) {
+ die(json_encode(['error' => "Could not create the password file"]));
+ }
if (isset($params['conf-root-pwd']) && $params['conf-root-pwd'] == $params['root-pwd']) {
$db = new mysqli(DB_SERVER, $params['root-uname'], '', 'mysql');
diff --git a/exec/parse_excel_echecklist.php b/exec/parse_excel_echecklist.php
index 452335f..c9b3e03 100644
--- a/exec/parse_excel_echecklist.php
+++ b/exec/parse_excel_echecklist.php
@@ -347,6 +347,13 @@ $scan->isTerminated();
}
}
+/**
+ * @var host_list $h
+ */
+foreach($host_list as $h) {
+ $db->update_Target_Counts($h->getTargetId());
+}
+
unset($objSS);
$db->update_Scan_Host_List($scan, $host_list);
if (!isset($cmd['debug'])) {
diff --git a/exec/parse_stig_viewer.php b/exec/parse_stig_viewer.php
index f68d1bb..4145a18 100644
--- a/exec/parse_stig_viewer.php
+++ b/exec/parse_stig_viewer.php
@@ -296,6 +296,8 @@ foreach ($vulns as $vul) {
$vuln_count++;
}
+$db->update_Target_Counts($tgt->get_ID());
+
unset($xml);
if (!isset($cmd['debug'])) {
rename($cmd['f'], TMP . "/stig_viewer/$base_name");
diff --git a/exec/update_db.php b/exec/update_db.php
index 3acedfd..44a8be5 100644
--- a/exec/update_db.php
+++ b/exec/update_db.php
@@ -601,6 +601,7 @@ if (isset($cmd['stig'])) {
'stig-progress' => 0,
'stig-count' => 0
]);
+ check_path(TMP . "/stigs");
$path = TMP . "/stigs/zip";
check_path($path);
$stigUrlArray = [];
@@ -639,6 +640,11 @@ if (isset($cmd['stig'])) {
$log->debug("Match count: " . count($stigUrlArray));
print "Downloading " . count($stigUrlArray) . PHP_EOL;
+
+ $stigUrlArray = array_unique(array_map(function($url){return str_replace("http://", "https://", $url);}, $stigUrlArray);
+ sort($stigUrlArray);
+ $log->debug("stig array", $stigUrlArray);
+
if(is_array($stigUrlArray) && count($stigUrlArray)) {
foreach($stigUrlArray as $url) {
$stigFname = basename($url);
diff --git a/inc/database.inc b/inc/database.inc
index 0cc5e67..c9bb7d7 100644
--- a/inc/database.inc
+++ b/inc/database.inc
@@ -2713,7 +2713,7 @@ class db
]
]);
$sw_rows = $this->help->execute();
- if (count($sw_rows)) {
+ if (is_array($sw_rows) && count($sw_rows)) {
if (isset($sw_rows['sw_id'])) {
$sw_rows = [0 => $sw_rows];
}
diff --git a/setup.php b/setup.php
index dcae3d1..0b27aa6 100644
--- a/setup.php
+++ b/setup.php
@@ -112,7 +112,7 @@ EOO;
if (!class_exists('ZipArchive')) {
print <<
+The PHP ZipArchive module is not installed or enabled.
Visit PHPInfo to double-check this.
EOO;
$fail = true;
@@ -127,7 +127,7 @@ EOO;
}
elseif (strtolower(substr(PHP_OS, 0, 3)) == 'win') {
try {
- $com = new COM("WScript.Shell");
+ new COM("WScript.Shell");
}
catch (Exception $e) {
print <<