From 7f2f6a904634573e951bc4c807d388fb011a3686 Mon Sep 17 00:00:00 2001 From: Ryan Prather Date: Thu, 25 Oct 2018 17:48:57 -0400 Subject: [PATCH] Fix for #60 Some formatting Die if installer.php fails to create password file Update target counts after importing eChecklist and CKL --- Dockerfile | 2 +- conf/my.ini | 3 +-- exec/installer.php | 4 +++- exec/parse_excel_echecklist.php | 7 +++++++ exec/parse_stig_viewer.php | 2 ++ exec/update_db.php | 6 ++++++ inc/database.inc | 2 +- setup.php | 11 +++++------ 8 files changed, 26 insertions(+), 11 deletions(-) diff --git a/Dockerfile b/Dockerfile index b395466..e6c1397 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM php:7.2.8-apache-stretch +FROM php:apache-stretch COPY conf/docker-php.ini /usr/local/etc/php/php.ini RUN apt update && apt -y install zlib1g-dev mysql-client RUN docker-php-ext-install mysqli zip diff --git a/conf/my.ini b/conf/my.ini index 5133c37..6360dc3 100644 --- a/conf/my.ini +++ b/conf/my.ini @@ -147,8 +147,7 @@ innodb_log_group_home_dir = "C:/xampp/mysql/data" #innodb_log_arch_dir = "C:/xampp/mysql/data" ## You can set .._buffer_pool_size up to 50 - 80 % ## of RAM but beware of setting memory usage too high -innodb_buffer_pool_size = 16M -innodb_additional_mem_pool_size = 2M +innodb_buffer_pool_size = 20M ## Set .._log_file_size to 25 % of buffer pool size innodb_log_file_size = 5M innodb_log_buffer_size = 8M diff --git a/exec/installer.php b/exec/installer.php index 1391e4d..bbf905d 100644 --- a/exec/installer.php +++ b/exec/installer.php @@ -181,7 +181,9 @@ function save_Database($params) * CREATE DB PASSWORD FILE * --------------------------------- */ $enc_pwd = my_encrypt($params['web-pwd']); - file_put_contents(DOC_ROOT . "/" . PWD_FILE, $enc_pwd); + if(!file_put_contents(DOC_ROOT . "/" . PWD_FILE, $enc_pwd)) { + die(json_encode(['error' => "Could not create the password file"])); + } if (isset($params['conf-root-pwd']) && $params['conf-root-pwd'] == $params['root-pwd']) { $db = new mysqli(DB_SERVER, $params['root-uname'], '', 'mysql'); diff --git a/exec/parse_excel_echecklist.php b/exec/parse_excel_echecklist.php index 452335f..c9b3e03 100644 --- a/exec/parse_excel_echecklist.php +++ b/exec/parse_excel_echecklist.php @@ -347,6 +347,13 @@ $scan->isTerminated(); } } +/** + * @var host_list $h + */ +foreach($host_list as $h) { + $db->update_Target_Counts($h->getTargetId()); +} + unset($objSS); $db->update_Scan_Host_List($scan, $host_list); if (!isset($cmd['debug'])) { diff --git a/exec/parse_stig_viewer.php b/exec/parse_stig_viewer.php index f68d1bb..4145a18 100644 --- a/exec/parse_stig_viewer.php +++ b/exec/parse_stig_viewer.php @@ -296,6 +296,8 @@ foreach ($vulns as $vul) { $vuln_count++; } +$db->update_Target_Counts($tgt->get_ID()); + unset($xml); if (!isset($cmd['debug'])) { rename($cmd['f'], TMP . "/stig_viewer/$base_name"); diff --git a/exec/update_db.php b/exec/update_db.php index 3acedfd..44a8be5 100644 --- a/exec/update_db.php +++ b/exec/update_db.php @@ -601,6 +601,7 @@ if (isset($cmd['stig'])) { 'stig-progress' => 0, 'stig-count' => 0 ]); + check_path(TMP . "/stigs"); $path = TMP . "/stigs/zip"; check_path($path); $stigUrlArray = []; @@ -639,6 +640,11 @@ if (isset($cmd['stig'])) { $log->debug("Match count: " . count($stigUrlArray)); print "Downloading " . count($stigUrlArray) . PHP_EOL; + + $stigUrlArray = array_unique(array_map(function($url){return str_replace("http://", "https://", $url);}, $stigUrlArray); + sort($stigUrlArray); + $log->debug("stig array", $stigUrlArray); + if(is_array($stigUrlArray) && count($stigUrlArray)) { foreach($stigUrlArray as $url) { $stigFname = basename($url); diff --git a/inc/database.inc b/inc/database.inc index 0cc5e67..c9bb7d7 100644 --- a/inc/database.inc +++ b/inc/database.inc @@ -2713,7 +2713,7 @@ class db ] ]); $sw_rows = $this->help->execute(); - if (count($sw_rows)) { + if (is_array($sw_rows) && count($sw_rows)) { if (isset($sw_rows['sw_id'])) { $sw_rows = [0 => $sw_rows]; } diff --git a/setup.php b/setup.php index dcae3d1..0b27aa6 100644 --- a/setup.php +++ b/setup.php @@ -112,7 +112,7 @@ EOO; if (!class_exists('ZipArchive')) { print << +The PHP ZipArchive module is not installed or enabled.
Visit PHPInfo to double-check this.

EOO; $fail = true; @@ -127,7 +127,7 @@ EOO; } elseif (strtolower(substr(PHP_OS, 0, 3)) == 'win') { try { - $com = new COM("WScript.Shell"); + new COM("WScript.Shell"); } catch (Exception $e) { print <<