ryan/sagacity
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

initial commit of SVN release repo

Browse Source
This commit is contained in:
Ryan Prather
2018-05-07 10:51:08 -04:00
committed by Ryan Prather
parent 2c25d5e577
commit 8c38a6cdb9
4369 changed files with 728576 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

198
classes/DateTimeDiff.php Normal file
View File

@ -0,0 +1,198 @@
<?php
/*
* File: DateTimeDiff.php
* Purpose: File to calculate DateTime differences
* Author: Ryan Prather
* Created: Feb 23, 2018
*
* Copyright 2018: Cyber Perspectives, All rights reserved
* Released under the Apache v2.0 License
*
* See license.txt for details
*
* Change Log:
* - Feb 23, 2018 - File Created
*/
/**
* Class to automagically calculate time differences
*
* @author godsg
*/
class DateTimeDiff
{
/**
* The starting clock
*
* @var DateTime
*/
private $_dtStart = null;
/**
* The ending clock
*
* @var DateTime
*/
private $_dtEnd = null;
/**
* Variable to store difference between _dtEnd - _dtStart
*
* @var DateInterval
*/
private $_diff = null;
/**
* Variable to store total time difference
*
* @var DateInterval
*/
private $_totalDiff = null;
/**
* Constructor
*/
public function __construct()
{
$this->_dtStart = new DateTime();
}
/**
* Getter function for _dtStart
*
* @return DateTime
*/
public function getStartClock()
{
return $this->_dtStart;
}
/**
* Getter function for _dtStart as formatted time
*
* @return string
*/
public function getStartClockTime()
{
return $this->_dtStart->format("H:i:s");
}
/**
* Getter function for _dtEnd
*
* @return DateTime
*/
public function getEndClock()
{
return $this->_dtEnd;
}
/**
* Getter function for _dtEnd as formatted time
*
* @return string
*/
public function getEndClockTime()
{
return $this->_dtEnd->format("H:i:s");
}
/**
* Function to stop the clock and set the ending time
*/
public function stopClock()
{
$this->_dtEnd = new DateTime();
$this->updateDiff();
$this->updateTotalDiff();
}
/**
* Function to reset the starting clock for another difference
*/
public function resetClock()
{
$this->_dtStart = new DateTime();
}
/**
* Function to set the difference
*/
public function updateDiff()
{
$this->_diff = $this->_dtEnd->diff($this->_dtStart);
}
/**
* Getter function for _diff
*
* @return DateInterval
*/
public function getDiff()
{
return $this->_diff;
}
/**
* Function to return _diff as a formatting string
*
* @return string
*/
public function getDiffString()
{
return $this->_diff->format("%H:%I:%S");
}
/**
* Function to update the total difference
*/
public function updateTotalDiff()
{
$this->_totalDiff = $this->addIntervals();
}
/**
* Getter function for _totalDiff
*
* @return DateInterval
*/
public function getTotalDiff()
{
return $this->_totalDiff;
}
/**
* Function to return to _totalDiff as a formatted string
*
* @return string
*/
public function getTotalDiffString()
{
return $this->_totalDiff->format("%H:%I:%S");
}
/**
* Function to add two DateIntervals together and return the difference result
*
* @return DateInterval
*/
public function addIntervals()
{
$a = new DateTime("00:00");
$b = clone $a;
if (is_a($this->_totalDiff, 'DateInterval')) {
$a->add($this->_totalDiff);
}
if (is_a($this->_diff, 'DateInterval')) {
$a->add($this->_diff);
}
return $b->diff($a);
}
}

217
classes/advisories.inc Normal file
View File

@ -0,0 +1,217 @@
<?php
/**
* File: advisories.inc
* Author: Ryan Prather
* Purpose: This class creates an advisory from the software vendor.
* This advisory can be used to link other PDIs
* Created: Sep 16, 2013
*
* Portions Copyright (c) 2012-2015, Salient Federal Solutions
* Portions Copyright (c) 2008-2011, Science Applications International Corporation (SAIC)
* Released under Modified BSD License
*
* See license.txt for details
*
* Change Log:
* - Sep 16, 2013 - File created
*/
/**
*
* @author Ryan Prather
*
*/
class advisory {
/**
* PDI ID
*
* @var integer
*/
protected $pdi_id = 0;
/**
* Advisory ID
*
* @var string
*/
protected $adv_id = '';
/**
* Reference text for the advisory
*
* @var string
*/
protected $reference = '';
/**
* Type of the advisory (MS, KB, RH, etc)
*
* @var string
*/
protected $type = '';
/**
* URL to issuing vendor
*
* @var string
*/
protected $url = '';
/**
* Advisory title
*
* @var string
*/
protected $title = '';
/**
* Advisory impact
*
* @var string
*/
protected $impact = '';
/**
* Constructor
*
* @param integer $int_PDI_ID
* @param string $str_Advisory
* @param string $str_Ref
* @param string $str_Type
* @param string $str_URL
*/
public function __construct($int_PDI_ID, $str_Advisory, $str_Ref, $str_Type, $str_URL) {
$this->pdi_id = $int_PDI_ID;
$this->adv_id = $str_Advisory;
$this->reference = $str_Ref;
$this->type = $str_Type;
$this->url = $str_URL;
}
/**
* Getter function for the advisory PDI linkage
*
* @return integer
*/
public function get_PDI_ID() {
return $this->pdi_id;
}
/**
* Setter function for the advisory PDI linkage
*
* @param integer $int_PDI_ID
*/
public function set_PDI_ID($int_PDI_ID) {
$this->pdi_id = $int_PDI_ID;
}
/**
* Getter function for advisory ID
*
* @return string
*/
public function get_Advisory_ID() {
return $this->adv_id;
}
/**
* Setter function for advisory ID
*
* @param string $str_Advisory_ID
*/
public function set_Advisory_ID($str_Advisory_ID) {
$this->adv_id = $str_Advisory_ID;
}
/**
* Getter function for the advisory reference text
*
* @return string
*/
public function get_Ref_Text() {
return $this->reference;
}
/**
* Setter function for the advisory reference text
*
* @param string $str_Ref
*/
public function set_Ref_Text($str_Ref) {
$this->reference = $str_Ref;
}
/**
* Getter function for the advisory type
*
* @return string
*/
public function get_Type() {
return $this->type;
}
/**
* Setter function for the advisory type
*
* @param string $str_Type
*/
public function set_Type($str_Type) {
$this->type = $str_Type;
}
/**
* Getter function for the advisory URL
*
* @return string
*/
public function get_URL() {
return $this->url;
}
/**
* Setter for the advisory URL
*
* @param string $str_URL
*/
public function set_URL($str_URL) {
$this->url = $str_URL;
}
/**
* Getter function for advisory title
*
* @return string
*/
public function get_Title() {
return $this->title;
}
/**
* Setter function for advisory title
*
* @param string $str_Title_In
*/
public function set_Title($str_Title_In) {
$this->title = $str_Title_In;
}
/**
* Getter function for advisory impact
*
* @return string
*/
public function get_Impact() {
return $this->impact;
}
/**
* Setter function for advisory impact
*
* @param string $str_Impact_In
*/
public function set_Impact($str_Impact_In) {
$this->impact = $str_Impact_In;
}
}

17
classes/category.inc Normal file
View File

@ -0,0 +1,17 @@
<?php
/**
* File: category.inc
* Author: Ryan Prather
* Purpose: Code for future use
* Created: Sep 12, 2013
*
* Portions Copyright (c) 2012-2015, Salient Federal Solutions
* Portions Copyright (c) 2008-2011, Science Applications International Corporation (SAIC)
* Released under Modified BSD License
*
* See license.txt for details
*
* Change Log:
* - Sep 12, 2013 - File created
*/

69
classes/cce.inc Normal file
View File

@ -0,0 +1,69 @@
<?php
/**
* File: cce.inc
* Author: Ryan Prather
* Purpose: Represents a CCE
* Created: Sep 26, 2013
*
* Portions Copyright (c) 2012-2015, Salient Federal Solutions
* Portions Copyright (c) 2008-2011, Science Applications International Corporation (SAIC)
* Released under Modified BSD License
*
* See license.txt for details
*
* Change Log:
* - Sep 26, 2013 - File created
*/
/**
* Represents a CCE
*
* @author Ryan Prather
*
*/
class cce {
/**
* PDI ID
*
* @var integer
*/
protected $pdi_id = 0;
/**
* CCE ID
*
* @var string
*/
protected $cce_id = '';
/**
* Constructor
*
* @param integer $pdi_id_in
* PDI ID that this is linked to
* @param string $cce_in
* CCE ID
*/
public function __construct($pdi_id_in, $cce_in) {
$this->pdi_id = $pdi_id_in;
$this->cce_id = $cce_in;
}
/**
* Getter function for PDI ID
*
* @return integer
*/
public function get_PDI_ID() {
return $this->pdi_id;
}
/**
* Getter function for CCE
*
* @return string
*/
public function get_CCE_ID() {
return $this->cce_id;
}
}

113
classes/cci.inc Normal file
View File

@ -0,0 +1,113 @@
<?php
/**
* File: cci.inc
* Author: Ryan Prather
* Purpose: Represents a Control Correlation Identifier from NIST
* Created: Sep 16, 2014
*
* Portions Copyright (c) 2012-2015, Salient Federal Solutions
* Portions Copyright (c) 2008-2011, Science Applications International Corporation (SAIC)
* Released under Modified BSD License
*
* See license.txt for details
*
* Change Log:
* - Sep 16, 2014 - File created
*/
/**
* @author Ryan Prather
*/
class cci {
/**
* The CCI ID
*
* @var string
*/
public $cci_id = '';
/**
* Control ID
*
* @var string
*/
public $control_id = '';
/**
* Enhancement ID
*
* @var int
*/
public $enh_id = '';
/**
* Definition of the CCI similar to a long description
*
* @var string
*/
public $definition = '';
/**
* Implentation Guidance
*
* @var string
*/
public $guidance = '';
/**
* Assessment procedures
*
* @var string
*/
public $procedure = '';
/**
* Reference link from CCI to the NIST link
*
* @var array:cci_reference
*/
public $refs = array();
/**
* Constructor
*/
public function __construct() {}
}
/**
* @author Ryan Prather
*/
class cci_reference {
/**
* Title of the reference
*
* @var string
*/
public $title = '';
/**
* Release version
*
* @var int
*/
public $ver = 0;
/**
* URL to the reference
*
* @var string
*/
public $url = '';
/**
* Index
*
* @var string
*/
public $index = '';
/**
* Constructor
*/
public function __construct() {}
}

596
classes/checklist.inc Normal file
View File

@ -0,0 +1,596 @@
<?php
/**
* File: checklist.inc
* Author: Ryan Prather
* Purpose: Represents a checklist that links a PDI and software package
* Created: Sep 12, 2013
*
* Portions Copyright 2017: Cyber Perspectives, All rights reserved
* Released under the Apache v2.0 License
*
* Portions Copyright (c) 2012-2015, Salient Federal Solutions
* Portions Copyright (c) 2008-2011, Science Applications International Corporation (SAIC)
* Released under Modified BSD License
*
* See license.txt for details
*
* Change Log:
* - Sep 12, 2013 - File created
* - Mar 3, 2017 - Added method to find icon based on checklist name and cleaned up print_Option method
* - Mar 4, 2017 - Fixed type with Windows icon image (used .jpg instead of .png)
* - May 13, 2017 - Added WindowsFirewall.jpg image for checklist
* - May 19, 2017 - Fixed typo for WindowsFirewall
* - Aug 23, 2017 - JO, Expanded checklist icons
*/
/**
* Represents a checklist that links a PDI and software package
*
* @author Ryan Prather
*
*/
class checklist
{
/**
* The ID of the checklist
*
* @var integer
*/
public $id = 0;
/**
* The checklist ID
*
* @var string
*/
public $checklist_id = '';
/**
* Array of software that this checklist is applicable on
*
* @var array
*/
public $sw = null;
/**
* The name of the checklist
*
* @var string
*/
public $name = '';
/**
* The checklist description
*
* @var string
*/
public $description = '';
/**
* The date of release
*
* @var DateTime
*/
public $date;
/**
* The file name that contains the checklist
*
* @var string
*/
public $file_name = '';
/**
* The checklist version
*
* @var integer
*/
public $ver = 0;
/**
* The checklist release
*
* @var string
*/
public $release = 0;
/**
* The checklist type (benchmark, manual)
*
* @var string
*/
public $type = '';
/**
* The file name of the icon to display
*
* @var string
*/
public $icon = '';
/**
* Classification of the checklist
*
* @var string
*/
public $classification = '';
/**
* Constructor
*
* @param integer $int_ID
* @param string $str_Checklist_ID
* @param string $str_Name
* @param string $str_Description
* @param DateTime $dt_Date
* @param string $str_File_Name
* @param integer $int_Ver
* @param string $str_Release
* @param string $str_Type
* @param string $str_Icon
*/
public function __construct($int_ID, $str_Checklist_ID, $str_Name, $str_Description, $dt_Date, $str_File_Name, $int_Ver, $str_Release, $str_Type, $str_Icon)
{
$this->id = $int_ID;
$this->checklist_id = $str_Checklist_ID;
$this->name = str_ireplace("STIG STIG", "STIG", str_ireplace("Secure Technical Implementation Guide", "STIG", $str_Name));
$this->description = $str_Description;
if (is_string($dt_Date)) {
$this->date = new DateTime($dt_Date);
}
else {
$this->date = $dt_Date;
}
$this->file_name = $str_File_Name;
$this->ver = $int_Ver;
$this->release = $str_Release;
$this->type = $str_Type;
if (!$str_Icon) {
$this->find_Icon();
}
else {
$this->icon = $str_Icon;
}
$this->sw = array();
}
/**
* Getter function for the ID
*
* @return integer
*/
public function get_ID()
{
return $this->id;
}
/**
* Getter function for the checklist ID
*
* @return string
*/
public function get_Checklist_ID()
{
return $this->checklist_id;
}
/**
* Getter function for the software ID
*
* @return integer
*/
public function get_SW()
{
return $this->sw;
}
/**
* Function to add a software object to the applicable software array
*
* @param software $sw_in
*/
public function add_SW($sw_in)
{
if (is_a($sw_in, "software")) {
$this->sw[$sw_in->get_ID()] = $sw_in;
}
elseif (is_array($sw_in)) {
$this->sw = array_merge($this->sw, $sw_in);
}
}
/**
* Getter function for the checklist name
*
* @return string
*/
public function get_Name()
{
return $this->name;
}
/**
* Gettr function for the checklist description
*
* @return string
*/
public function get_Description()
{
return $this->description;
}
/**
* Getter function for the release date
*
* @return DateTime
*/
public function get_Date()
{
return $this->date;
}
/**
* Getter function for the file name
*
* @return string
*/
public function get_File_Name()
{
return $this->file_name;
}
/**
* Getter function for the checklist version
*
* @return integer
*/
public function get_Version()
{
return $this->ver;
}
/**
* Getter function for the checklist release
*
* @return string
*/
public function get_Release()
{
return $this->release;
}
/**
* Getter function for the checklist type
*
* @return string
*/
public function get_type()
{
return $this->type;
}
/**
* Getter function for the checklist icon
*
* @return string
*/
public function get_Icon()
{
return $this->icon;
}
/**
* Getter function for the checklist classification
*
* @return string
*/
public function get_Classification()
{
return $this->classification;
}
/**
* Setter function for the checklist classification
*
* @param string $class_in
*/
public function set_Classification($class_in)
{
$this->classification = $class_in;
}
/**
* Function to determine the Checklist icon based on the name
*/
public function find_Icon()
{
if (!empty($this->name)) {
switch ($this->name) {
case (preg_match("/AIX/i", $this->name) ? true : false):
$this->icon = 'AIX.png';
break;
case (preg_match("/Application Security|Application Server|Application Layer Gateway/i", $this->name) ? true : false):
$this->icon = 'Application Development.gif';
break;
case (preg_match("/Active Directory/i", $this->name) ? true : false):
$this->icon = 'Active Directory.png';
break;
case (preg_match("/Acrobat Reader|Adobe Acrobat/i", $this->name) ? true : false):
$this->icon = 'Adobe Reader.png';
break;
case (preg_match("/Coldfusion/i", $this->name) ? true : false):
$this->icon = 'Adobe Coldfusion.png';
break;
case (preg_match("/Apache/i", $this->name) ? true : false):
$this->icon = 'Apache Web.jpg';
break;
case (preg_match("/Apple OS X|Apple iOS/i", $this->name) ? true : false):
$this->icon = 'Apple.jpg';
break;
case (preg_match("/Blackberry|BB10|BBDS10/i", $this->name) ? true : false):
$this->icon = 'Blackberry.jpg';
break;
case (preg_match("/DNS/i", $this->name) ? true : false):
$this->icon = 'DNS.jpg';
break;
case (preg_match("/ESXi/i", $this->name) ? true : false):
$this->icon = 'VMware (ESXi).jpg';
break;
case (preg_match("/VMWare/i", $this->name) ? true : false);
$this->icon = 'VMware.jpg';
break;
case (preg_match("/Exchange/i", $this->name) ? true : false):
$this->icon = 'Microsoft Exchange.gif';
break;
case (preg_match("/Google Chrome/i", $this->name) ? true : false):
$this->icon = 'Google Chrome.jpg';
break;
case (preg_match("/HP\-UX/i", $this->name) ? true : false):
$this->icon = 'HPUX.jpg';
break;
case (preg_match("/IIS/i", $this->name) ? true : false):
$this->icon = 'Microsoft IIS.png';
break;
case (preg_match("/Intrusion Detection/i", $this->name) ? true : false):
$this->icon = 'Intrusion Detection System.jpg';
break;
case (preg_match("/Keyboard Video/i", $this->name) ? true : false):
$this->icon = 'KVM.jpg';
break;
case (preg_match("/Android/i", $this->name) ? true : false):
$this->icon = 'Android.gif';
break;
case (preg_match("/MS SQL|Microsoft SQL Server/i", $this->name) ? true : false):
$this->icon = 'MSSQL.png';
break;
case (preg_match("/Oracle Database/i", $this->name) ? true : false):
$this->icon = 'Oracle Database.png';
break;
case (preg_match("/Database|Postgres/i", $this->name) ? true : false):
$this->icon = 'Database.png';
break;
case (preg_match("/Java Runtime|JRE/i", $this->name) ? true : false):
$this->icon = 'Sun Java.jpg';
break;
case (preg_match("/Windows Firewall/i", $this->name) ? true : false):
$this->icon = 'WindowsFirewall.jpg';
break;
case (preg_match("/Windows Server \d{4}|Windows \d{4}/i", $this->name) ? true : false):
$this->icon = "WindowsServer.png";
break;
case (preg_match("/Windows ([\d]+|Vista|XP)/i", $this->name) ? true : false):
$this->icon = "Windows.png";
break;
case (preg_match("/Windows Defender/i", $this->name) ? true : false):
$this->icon = "Windows Defender.png";
break;
case (preg_match("/Web Server|Oracle HTTP|Oracle WebLogic/i", $this->name) ? true : false):
$this->icon = 'Web Server.png';
break;
case (preg_match("/Mcafee/i", $this->name) ? true : false):
$this->icon = 'Mcafee.jpg';
break;
case (preg_match("/Microsoft (Access|Excel|PowerPoint|Groove|InfoPath|Lync|Office System|OneNote|Outlook|Project|Publisher|Visio|Word) ([\d]+)/i", $this->name) ? true : false):
$this->icon = "Office.png";
break;
case (preg_match("/SharePoint/i", $this->name) ? true : false):
$this->icon = 'Microsoft Sharepoint.png';
break;
case (preg_match("/Dot Net/i", $this->name) ? true : false):
$this->icon = 'Microsoft .NET.png';
break;
case (preg_match("/Internet Explorer/i", $this->name) ? true : false):
$this->icon = 'Internet Explorer.png';
break;
case (preg_match("/Windows Phone/i", $this->name) ? true : false):
$this->icon = 'Windows Phone.jpg';
break;
case (preg_match("/Mozilla Firefox/i", $this->name) ? true : false):
$this->icon = 'Firefox.png';
break;
case (preg_match("/Network Printers/i", $this->name) ? true : false):
$this->icon = 'Printer Scanner Fax.jpg';
break;
case (preg_match("/Firewall[^C]+Cisco/i", $this->name) ? true : false):
case (preg_match("/Firewall/i", $this->name) ? true : false):
$this->icon = 'Firewall.jpg';
break;
case (preg_match("/VPN/i", $this->name) ? true : false):
$this->icon = 'VPN.jpg';
break;
case (preg_match("/Switch([^C]+)Cisco/i", $this->name) ? true : false):
$this->icon = 'Cisco Switch.jpg';
break;
case (preg_match("/Switch/i", $this->name) ? true : false):
$this->icon = 'Network Switch.png';
break;
case (preg_match("/Router[^C]+Cisco/i", $this->name) ? true : false):
$this->icon = 'Cisco Router.jpg';
break;
case (preg_match("/Router/i", $this->name) ? true : false):
$this->icon = 'Network Router.png';
break;
case (preg_match("/WLAN|WMAN/i", $this->name) ? true : false):
$this->icon = 'Network Device.jpg';
break;
case (preg_match("/Network/i", $this->name) ? true : false):
$this->icon = 'Network Device.jpg';
break;
case (preg_match("/Skype/i", $this->name) ? true : false):
$this->icon = 'Skype.png';
break;
case (preg_match("/OneDrive/i", $this->name) ? true : false):
$this->icon = 'OneDrive.png';
break;
case (preg_match("/Red ?Hat/i", $this->name) ? true : false):
$this->icon = 'RedHat Linux.jpg';
break;
case (preg_match("/SUSE Linux/i", $this->name) ? true : false):
$this->icon = 'SUSE Linux.png';
break;
case (preg_match("/Solaris/i", $this->name) ? true : false):
$this->icon = 'Solaris Unix.png';
break;
case (preg_match("/Storage Area/i", $this->name) ? true : false):
$this->icon = 'Storage Area Network.gif';
break;
case (preg_match("/z\/OS/i", $this->name) ? true : false):
$this->icon = 'ZOS.jpg';
break;
// Added by Jeff Odegard, 23 Aug 17
case (preg_match("/Email Services Policy/i", $this->name) ? true : false):
$this->icon = 'exchange.png';
break;
case (preg_match("/L3/i", $this->name) ? true : false):
$this->icon = 'L3.png';
break;
case (preg_match("/Symantec/i", $this->name) ? true : false):
$this->icon = 'Symantec.jpg';
break;
case (preg_match("/Tanium/i", $this->name) ? true : false):
$this->icon = 'Tanium.jpeg';
break;
case (preg_match("/Voice Video Services/i", $this->name) ? true : false):
$this->icon = 'voip.jpg';
break;
case (preg_match("/Video Services|VTC/i", $this->name) ? true : false):
$this->icon = 'video-conferencing.png';
break;
case (preg_match("/Voice Video/i", $this->name) ? true : false):
$this->icon = 'voice-video.png';
break;
case (preg_match("/Sun Ray/i", $this->name) ? true : false):
$this->icon = 'sunray.jpg';
break;
case (preg_match("/VOIP/i", $this->name) ? true : false):
$this->icon = 'voip.jpg';
break;
case (preg_match("/SteelHead/i", $this->name) ? true : false):
$this->icon = 'SteelHead.png';
break;
case (preg_match("/SmartPhone/i", $this->name) ? true : false):
$this->icon = 'mobile.jpg';
break;
case (preg_match("/MAC OSX/i", $this->name) ? true : false):
$this->icon = 'mac-os-x.png';
break;
case (preg_match("/Good/i", $this->name) ? true : false):
$this->icon = 'good.png';
break;
case (preg_match("/Oracle Linux/i", $this->name) ? true : false):
$this->icon = 'oracle-linux.png';
break;
case (preg_match("/Juniper/i", $this->name) ? true : false):
$this->icon = 'juniper-networks.png';
break;
case (preg_match("/Jboss/i", $this->name) ? true : false):
$this->icon = 'jboss.png';
break;
case (preg_match("/Google/i", $this->name) ? true : false):
$this->icon = 'Google-Search-Appliance.jpg';
break;
case (preg_match("/Wireless/i", $this->name) ? true : false):
$this->icon = 'wireless.png';
break;
case (preg_match("/F5 BIG/i", $this->name) ? true : false):
$this->icon = 'f5-big-ip.jpg';
break;
case (preg_match("/Test and Development Zone/i", $this->name) ? true : false):
$this->icon = 'Enclave.jpg';
break;
case (preg_match("/Arista/i", $this->name) ? true : false):
$this->icon = 'Arista.png';
break;
case (preg_match("/CA API/i", $this->name) ? true : false):
$this->icon = 'CA TEchnologies.jpg';
break;
case (preg_match("/Cisco IOS/i", $this->name) ? true : false):
$this->icon = 'Cisco IOS.jpg';
break;
case (preg_match("/BIND 9/i", $this->name) ? true : false):
$this->icon = 'BIND DNS.jpg';
break;
case (preg_match("/MobileIron/i", $this->name) ? true : false):
$this->icon = 'mobileiron.png';
break;
case (preg_match("/Mobile Policy/i", $this->name) ? true : false):
$this->icon = 'mobile.jpg';
break;
case (preg_match("/Mobile Device/i", $this->name) ? true : false):
$this->icon = 'mobile-device.jpg';
break;
case (preg_match("/BIND 9/i", $this->name) ? true : false):
$this->icon = 'BIND DNS.jpg';
break;
case (preg_match("/Remote Access/i", $this->name) ? true : false):
$this->icon = 'remote-access.gif';
break;
case (preg_match("/Remote Endpoint/i", $this->name) ? true : false):
$this->icon = 'Remote-Endpoint.jpg';
break;
case (preg_match("/Xenapp/i", $this->name) ? true : false):
$this->icon = 'xenapp.jpg';
break;
case (preg_match("/Removable Storage/i", $this->name) ? true : false):
$this->icon = 'storage.jpg';
break;
case (preg_match("/Traditional Security/i", $this->name) ? true : false):
$this->icon = 'security.jpg';
break;
case (preg_match("/IBM/i", $this->name) ? true : false):
$this->icon = 'IBM.jpg';
break;
case (preg_match("/Operating System/i", $this->name) ? true : false):
$this->icon = 'operating_system.png';
break;
case (preg_match("/HPE 3PAR/i", $this->name) ? true : false):
$this->icon = 'HP-3par-logo.jpg';
break;
case (preg_match("/MDM /i", $this->name) ? true : false):
$this->icon = 'mobile-device-management.png';
break;
case (preg_match("/Mainframe /i", $this->name) ? true : false):
$this->icon = 'mainframe.png';
break;
default:
$this->icon = 'Orphan.png';
}
}
}
/**
* Function to print out an option element
*
* @return string
*/
public function print_Option()
{
$type = strtolower($this->type) == 'iavm' ? strtoupper($this->type) : ucfirst($this->type);
return "<option value='{$this->id}' " .
"title='{$this->name} V{$this->ver}R{$this->release} ({$this->type})'>" .
"{$this->name} V{$this->ver}R{$this->release} ({$type})</option>";
}
}

87
classes/cpe.inc Normal file
View File

@ -0,0 +1,87 @@
<?php
/**
* File: cpe.inc
* Author: Ryan Prather
* Purpose: Class to represent a Common Platform Enumeration (CPE)
* Created: Mar 2, 2015
*
* Portions Copyright (c) 2012-2015, Salient Federal Solutions
* Portions Copyright (c) 2008-2011, Science Applications International Corporation (SAIC)
* Released under Modified BSD License
*
* See license.txt for details
*
* Change Log:
* - Mar 2, 2015 - File created
*/
class cpe {
public $part;
public $vendor;
public $product;
public $version;
public $update;
public $edition;
public $lang;
public $sw_edition;
public $tgt_sw;
public $tgt_hw;
public $other;
/**
* Constructor
*
* @param string $cpe_string
*/
public function __construct($cpe_string) {
$cpe_string = str_replace("_", " ", $cpe_string);
$arr = explode(":", trim($cpe_string));
if($arr[1] == '2.3') {
$this->part = $arr[2];
$this->vendor = $arr[3];
$this->product = $arr[4];
$this->version = $arr[5];
$this->update = $arr[6];
$this->edition = $arr[7] == '*' ? NULL : $arr[7];
$this->lang = $arr[8] == '*' ? NULL : $arr[8];
$this->sw_edition = $arr[9] == '*' ? NULL : $arr[9];
$this->tgt_sw = $arr[10] == '*' ? NULL : $arr[10];
$this->tgt_hw = $arr[11] == '*' ? NULL : $arr[11];
$this->other = $arr[12] == '*' ? NULL : $arr[12];
}
else {
$this->part = $arr[1];
$this->vendor = $arr[2];
$this->product = $arr[3];
$this->version = isset($arr[4]) ? $arr[4] : NULL;
$this->update = isset($arr[5]) ? $arr[5] : NULL;
$this->edition = NULL;
$this->lang = NULL;
$this->sw_edition = NULL;
$this->tgt_sw = NULL;
$this->tgt_hw = NULL;
$this->other = NULL;
}
}
}

413
classes/cve.inc Normal file
View File

@ -0,0 +1,413 @@
<?php
/**
* File: cve.inc
* Author: Ryan Prather
* Purpose: Represents a CVE
* Created: Sep 26, 2013
*
* Portions Copyright (c) 2012-2015, Salient Federal Solutions
* Portions Copyright (c) 2008-2011, Science Applications International Corporation (SAIC)
* Released under Modified BSD License
*
* See license.txt for details
*
* Change Log:
* - Sep 26, 2013 - File created
*/
/**
* Represents a CVE
*
* @author Ryan Prather
*
*/
class cve {
/**
* PDI ID
*
* @var integer
*/
protected $pdi_id = 0;
/**
* CVE ID
*
* @var string
*/
protected $cve = '';
/**
* Sequence ID
*
* @var string
*/
protected $seq = '';
/**
* Status of the CVE entry (Entry, Candidate)
*
* @var string
*/
protected $status = '';
/**
* Phase of the CVE entry (modified, proposed, interim, assigned)
*
* @var string
*/
protected $phase = '';
/**
* Date the phase was last changed
*
* @var string
*/
protected $phase_date = '';
/**
* Description of the CVE
*
* @var string
*/
protected $desc = '';
/**
* IAVM Notice ID
*
* @var array
*/
protected $iavm = array();
/**
* Array of references
*
* @var multiple:cve_reference
*/
protected $ref = array();
/**
* XML content from the original CVE
*
* @var string
*/
protected $xml = '';
/**
* Constructor
*
* @param integer $int_PDI_ID
* @param string $str_CVE
*/
public function __construct($int_PDI_ID, $str_CVE) {
$this->pdi_id = $int_PDI_ID;
$this->cve = $str_CVE;
}
/**
* Getter function for PDI ID
*
* @return integer
*/
public function get_PDI_ID() {
return $this->pdi_id;
}
/**
* Getter function CVE
*
* @return string
*/
public function get_CVE() {
return $this->cve;
}
/**
* Setter function for CVE
*
* @param string $str_CVE
*/
public function set_CVE($str_CVE) {
$this->cve = $str_CVE;
}
/**
* Getter method for sequence
*
* @return string
*/
public function get_Sequence() {
return $this->seq;
}
/**
* Setter function for Sequence
*
* @param string $str_Seq_In
*/
public function set_Sequence($str_Seq_In) {
$this->seq = $str_Seq_In;
}
/**
* Getter method for status
*
* @return string
*/
public function get_Status() {
return $this->status;
}
/**
* Setter method for status
*
* @param string $str_Status_In
*/
public function set_Status($str_Status_In) {
$this->status = $str_Status_In;
}
/**
* Getter function for phase
*
* @return string
*/
public function get_Phase() {
return $this->phase;
}
/**
* Setter function for phase
*
* @param string $str_Phase_In
*/
public function set_Phase($str_Phase_In) {
$this->phase = $str_Phase_In;
}
/**
* Getter function for phase date
*
* @return string
*/
public function get_Phase_Date() {
return $this->phase_date;
}
/**
* Getter function for phase date as DateTime
*
* @return DateTime
*/
public function get_Phase_Date_Date() {
return new DateTime($this->phase_date);
}
/**
* Setter function for phase date
*
* @param string $str_Phase_Date_In
*/
public function set_Phase_Date($str_Phase_Date_In) {
if(is_string($str_Phase_Date_In)) {
$this->phase_date = $str_Phase_Date_In;
}
elseif(is_a($str_Phase_Date_In, "DateTime")) {
$this->phase_date = $str_Phase_Date_In->format(DATE_W3C);
}
}
/**
* Getter function for CVE description
*
* @return string
*/
public function get_Description() {
return $this->desc;
}
/**
* Setter function for the CVE description
*
* @param string $str_Description_In
*/
public function set_Description($str_Description_In) {
$this->desc = $str_Description_In;
}
/**
* Getter functio for the IAVM Notice ID
*
* @return array
*/
public function get_IAVM() {
return $this->iavm;
}
/**
* Setter function for the IAVM Notice ID
*
* @param string $iavm_in
*/
public function add_IAVM($iavm_in) {
if(!in_array($iavm_in, $this->iavm)) {
$this->iavm[] = $iavm_in;
}
}
/**
* Getter function for cve reference array
*
* @return array:cve_reference
*/
public function get_References() {
return $this->ref;
}
/**
* Function to add cve reference to array
*
* @param cve_reference $ref_in
*/
public function add_Reference($ref_in) {
$this->ref[] = $ref_in;
}
/**
* Function to see if a reference exists in this CVE
*
* @param string $ref_in
*/
public function ref_Exists($ref_in) {
foreach($this->ref as $key => $ref) {
if($ref->get_Value() == $ref_in) {
return $ref;
}
}
return false;
}
/**
* Function to remove reference from array
*
* Return true if found and removed, otherwise false
*
* @param cve_reference $ref_in
* @return boolean
*/
public function remove_Reference($ref_in) {
foreach($this->ref as $key => $ref) {
if($ref->get_ID() == $ref_in->get_ID()) {
unset($this->ref[$key]);
return true;
}
}
return false;
}
/**
* Getter function for CVE XML
*
* @return string
*/
public function get_XML() {
return $this->xml;
}
/**
* Setter function for CVE XML
*
* @param string $xml_in
*/
public function set_XML($xml_in) {
$this->xml = $xml_in;
}
}
/**
* Represent a CVE Reference
*
* @author Ryan Prather
*/
class cve_reference {
/**
* Reference ID from DB
*
* @var integer
*/
protected $id = 0;
/**
* Reference source
*
* @var string
*/
protected $source = '';
/**
* CVE URL
*
* @var string
*/
protected $url = '';
/**
* CVE Reference value
*
* @var string
*/
protected $val = '';
/**
* Constructor
*
* @param integer $int_ID_In
* @param string $str_Source_In
* @param string $str_URL_In
* @param string $str_Val_In
*/
public function __construct($int_ID_In, $str_Source_In, $str_URL_In, $str_Val_In) {
$this->id = $int_ID_In;
$this->source = $str_Source_In;
$this->url = $str_URL_In;
$this->val = $str_Val_In;
}
/**
* Getter function for reference id
*
* @return integer
*/
public function get_ID() {
return $this->id;
}
/**
* Getter function for reference source
*
* @return string
*/
public function get_Source() {
return $this->source;
}
/**
* Getter function for reference URL
*
* @return string
*/
public function get_URL() {
return $this->url;
}
/**
* Getter function for reference value
*
* @return string
*/
public function get_Value() {
return $this->val;
}
}

386
classes/echecklist.inc Normal file
View File

@ -0,0 +1,386 @@
<?php
/**
* File: echecklist.inc
* Author: Ryan Prather
* Purpose: Represents and entry in an eChecklist
* Created: Oct 14, 2013
*
* Portions Copyright (c) 2012-2015, Salient Federal Solutions
* Portions Copyright (c) 2008-2011, Science Applications International Corporation (SAIC)
* Released under Modified BSD License
*
* See license.txt for details
*
* Change Log:
* - Oct 14, 2013 - File created
*/
/**
* Represents an echecklist object
*
* @author Ryan Prather
*/
class echecklist {
/**
* Defines what the first column is that has a host name in it (0-based)
*
* @var integer
*/
const HOST_COL_START = 5;
/**
* PDI ID
*
* @var integer
*/
protected $pdi_id = 0;
/**
* STIG ID
*
* @var string
*/
protected $stig = '';
/**
* VMS ID (GoldDisk)
*
* @var string
*/
protected $vms = '';
/**
* Category level (1-3)
*
* @var integer
*/
protected $cat = 0;
/**
* IA Control
*
* @var string
*/
protected $ia_controls = array();
/**
* Short title
*
* @var string
*/
protected $short_title = '';
/**
* Array of target statuses
*
* @var array:string
*/
protected $tgt_status = array ();
/**
* Notes
*
* @var string
*/
protected $notes = '';
/**
* Check contents
*
* @var string
*/
protected $check_contents = '';
/**
* Missing PDI
*
* @var string
*/
protected $missing_pdi = '';
/**
* Constructor
*
* @param string $str_STIG_ID
* @param string $str_VMS_ID
* @param integer $int_Cat_Level
* @param string $str_IA_Controls
* @param string $str_Short_Title
* @param string $str_Targets
* @param string $str_Notes
* @param string $str_Check_Contents
* @param string $str_Missing_PDI
*/
public function __construct($str_STIG_ID, $str_VMS_ID, $int_Cat_Level, $str_IA_Controls, $str_Short_Title, $str_Targets, $str_Notes, $str_Check_Contents, $str_Missing_PDI) {
$this->stig = $str_STIG_ID;
$this->vms = $str_VMS_ID;
if(is_numeric($int_Cat_Level) && $int_Cat_Level > 0) {
$this->cat = $int_Cat_Level;
}
elseif($int_Cat_Level == 0) {
$this->cat = 2;
}
else {
$this->cat = substr_count($int_Cat_Level, "I");
}
$this->ia_controls = $str_IA_Controls;
$this->short_title = $str_Short_Title;
$this->notes = $str_Notes;
$this->check_contents = $str_Check_Contents;
$this->missing_pdi = $str_Missing_PDI;
if(substr_count($str_Targets, ",") > 0) {
$hosts = explode(",", $str_Targets);
foreach($hosts as $host) {
$id_status = explode("=>", $host);
$this->tgt_status[$id_status[0]] = $id_status[1];
}
}
}
/**
* Getter function for PDI ID
*
* @return integer
*/
public function get_PDI_ID() {
return $this->pdi_id;
}
/**
* Setter function for PDI ID
*
* @param integer $pdi_id_in
*/
public function set_PDI_ID($pdi_id_in) {
$this->pdi_id = $pdi_id_in;
}
/**
* Getter function for STIG ID
*
* @return string
*/
public function get_STIG_ID() {
return $this->stig;
}
/**
* Getter function for VMS ID
*
* @return string
*/
public function get_VMS_ID() {
return $this->vms;
}
/**
* Getter function for category level
*
* @return integer
*/
public function get_Cat_Level() {
return $this->cat;
}
/**
* Getter function for string category level
*
* @return string
*/
public function get_Cat_Level_String() {
if($this->cat) {
return implode("", array_fill(0, $this->cat, "I"));
}
return 'II';
}
/**
* Setter function for the category level
*
* @param mixed $cat_lvl_in
*/
public function set_Cat_Level($cat_lvl_in) {
if(is_numeric($cat_lvl_in)) {
$this->cat = $cat_lvl_in;
}
elseif(preg_match("/I/i", $cat_lvl_in)) {
$this->cat = substr_count($cat_lvl_in, "I");
}
}
/**
* Getter function for IA control
*
* @return array
*/
public function get_IA_Controls() {
return $this->ia_controls;
}
/**
*
* @return string
*/
public function get_IA_Controls_String() {
if(is_string($this->ia_controls)) {
return $this->ia_controls;
}
elseif(is_array($this->ia_controls)) {
return implode(" ", $this->ia_controls);
}
}
/**
* Setter function for IA controls
*
* @param mixed $ia_controls_in
*/
public function set_IA_Controls($ia_controls_in) {
if(is_array($ia_controls_in)) {
$this->ia_controls = $ia_controls_in;
}
elseif(is_string($ia_controls_in)) {
$this->ia_controls = explode(" ", $ia_controls_in);
}
}
/**
* Getter function for short title
*
* @return string
*/
public function get_Short_Title() {
return $this->short_title;
}
/**
* Setter function for short title
*
* @param string $short_title_in
*/
public function set_Short_Title($short_title_in) {
$this->short_title = $short_title_in;
}
/**
* Getter function for target status array
*
* @return array:string
*/
public function get_Targets() {
return $this->tgt_status;
}
/**
* Add function for target status
*
* @param integer $int_Target_ID
* @param string $str_Status
*/
public function add_Target($int_Target_ID, $str_Status) {
$this->tgt_status[$int_Target_ID] = $str_Status;
}
/**
* Setter function to set the status of an associated target
*
* @param integer $int_Target_ID
* @param string $str_Status
*/
public function set_Target_Status($int_Target_ID, $str_Status) {
$this->tgt_status[$int_Target_ID] = $str_Status;
}
/**
* Getter function for notes
*
* @return string
*/
public function get_Notes() {
return $this->notes;
}
/**
* Setter function for notes
*
* @param string $notes
*/
public function set_Notes($notes) {
$this->notes = $notes;
}
/**
* Append notes
*
* @param string $notes
*/
public function append_Notes($notes) {
$this->notes .= $notes;
}
/**
* Getter function for check contents
*
* @return string
*/
public function get_Check_Contents() {
return $this->check_contents;
}
/**
* Setter function for check contents
*
* @param string $chk_contents_in
*/
public function set_Check_Contents($chk_contents_in) {
$this->check_contents = $chk_contents_in;
}
/**
* Getter function for missing PDI
*
* @return string
*/
public function get_Missing_PDI() {
return $this->missing_pdi;
}
/**
* Setter function for missing PDI
*
* @param string $missing_pdi_in
*/
public function set_Missing_PDI($missing_pdi_in) {
$this->missing_pdi = $missing_pdi_in;
}
/**
* Getter function for preformated table row
*
* @return string
*/
public function get_Table_Row() {
$cat_string = $this->get_Cat_Level_String();
$ret = "<tr>" .
"<td>$this->stig</td>" .
"<td>$this->vms</td>" .
"<td class='cat_" . $cat_string . "'>" . $cat_string . "</td>" .
"<td>$this->ia_controls</td>" .
"<td>$this->short_title</td>";
foreach($this->tgt_status as $key => $val) {
$class = str_replace(' ', '_', strtolower($val));
$ret .= "<td class='$key $class cat_" . $this->cat . "'>$val</td>";
}
$ret .= "<td>".htmlentities($this->notes)."</td>" .
"<td>$this->check_contents</td>" .
"<td>$this->missing_pdi</td>" .
"</tr>";
return $ret;
}
}

220
classes/error.inc Normal file
View File

@ -0,0 +1,220 @@
<?php
/**
* File: error.inc
* Author: Ryan Prather
* Purpose: This file will contain the error handler for the ST&E Manager
* Created: Jun 18, 2014
*
* Portions Copyright 2016-2017: Cyber Perspectives, LLC, All rights reserved
* Released under the Apache v2.0 License
*
* Portions Copyright (c) 2012-2015, Salient Federal Solutions
* Portions Copyright (c) 2008-2011, Science Applications International Corporation (SAIC)
* Released under Modified BSD License
*
* See license.txt for details
*
* Change Log:
* - Jun 18, 2014 - File created
* - Jul 29, 2014 - Added script log functionality
* - Sep 05, 2014 - Fixed bug with realpath returning false for absent file
* - Oct 24, 2016 - Converted Sagacity_Error::E_DEBUG constant to global constant (define)
* Added "DEBUG" output to all functions
* - Nov 7, 2016 - Added timestamp to debug prints and updated copyright to include CP
* - Nov 9, 2016 - Changed err_handler to use sagacity.log and write to file using file_put_contents
* - Nov 16, 2016 - Changed sql_handler to write to file using file_put_contents
* - Dec 7, 2016 - Fixed sql_handler, err_handler, and script_log to only print out on E_DEBUG when using cli and use PHP_EOL
* - Mar 3, 2017 - Formatting
* - Mar 22, 2017 - Check that log file is writable in constructor
* - May 13, 2017 - Added check in script_log, err_handler, and sql_handler functions to check that LOG_LEVEL = E_DEBUG
*/
require 'vendor/autoload.php';
use Monolog\Logger;
use Monolog\Handler\StreamHandler;
use Monolog\Formatter\LineFormatter;
/**
* Represents the error object to do error handling
*
* @author Ryan Prather
*/
class Sagacity_Error extends Logger
{
/**
* File handle
*
* @var resource
*/
private $fh = null;
/**
* Log file name
*
* @var string
*/
private $fname = '';
/**
* Constructor
*
* @param string $fname_in
*/
public function __construct($fname_in)
{
$this->fname = preg_replace("/[\.][^\.]+$/", '', basename($fname_in));
if (!file_exists(LOG_PATH . "/{$this->fname}.log")) {
touch(LOG_PATH . "/{$this->fname}.log");
}
if (!is_writeable(LOG_PATH . "/{$this->fname}.log")) {
self::err_handler("File " . realpath(LOG_PATH) . "/{$this->fname}.log is not writable", E_ERROR);
}
$log_level = Logger::ERROR;
switch(LOG_LEVEL) {
case E_WARNING:
$log_level = Logger::WARNING;
break;
case E_NOTICE:
$log_level = Logger::INFO;
break;
case E_DEBUG:
$log_level = Logger::DEBUG;
break;
}
$this->fh = new Logger($this->fname);
$this->fh->pushHandler(new StreamHandler(LOG_PATH . "/{$this->fname}.log", $log_level));
if(PHP_SAPI == 'cli') {
$stream = new StreamHandler("php://output", $log_level);
$stream->setFormatter(new LineFormatter("%datetime% %level_name% %message%\n", "H:i:s.u"));
$this->fh->pushHandler($stream);
}
}
/**
* Function to write to SQL error log file
*
* @param string $sql
* SQL line that is the problem
* @param integer $errno [optional]
* Error number (Default is E_NOTICE)
*/
public static function sql_handler($sql, $errno = E_NOTICE)
{
if (!file_exists(LOG_PATH . "/sql_log")) {
touch(LOG_PATH . "/sql_log");
}
$dt = new DateTime();
$errlvl = 'NOTICE';
switch ($errno) {
case E_USER_WARNING:
case E_WARNING:
$errlvl = "WARNING";
break;
case E_USER_ERROR:
case E_ERROR:
$errlvl = "ERROR";
break;
case E_DEBUG:
$errlvl = "DEBUG";
break;
default:
}
$errmsg = "{$dt->format(DateTime::ISO8601)} - $errlvl - $sql" . PHP_EOL;
file_put_contents(realpath(LOG_PATH . "/sql_log"), $errmsg, FILE_APPEND);
if ($errno == E_ERROR) {
die($sql . PHP_EOL);
}
elseif ($errno == E_DEBUG && LOG_LEVEL == E_DEBUG && substr(php_sapi_name(), 0, 3) == 'cli') {
print $errmsg;
}
}
/**
* Function to write application error to log file
*
* @param string $errmsg
* Error message to write
* @param integer $errno [optional]
* Error number (Default is E_NOTICE)
*/
public static function err_handler($errmsg, $errno = E_NOTICE)
{
if (!file_exists(LOG_PATH . "/sagacity.log")) {
touch(LOG_PATH . "/sagacity.log");
}
$dt = new DateTime();
$str = "{$dt->format(DateTime::ISO8601)} - ";
switch ($errno) {
case E_USER_WARNING:
case E_WARNING:
$str .= "WARNING";
break;
case E_USER_ERROR:
case E_ERROR:
$str .= "ERROR";
break;
case E_USER_NOTICE:
case E_NOTICE:
$str .= "NOTICE";
break;
case E_DEBUG:
$str .= "DEBUG";
break;
default:
}
file_put_contents(realpath(LOG_PATH . "/sagacity.log"), "$str - $errmsg" . PHP_EOL, FILE_APPEND);
if ($errno == E_ERROR || $errno == E_USER_ERROR) {
die($errmsg . PHP_EOL);
}
if ($errno == E_DEBUG && LOG_LEVEL == E_DEBUG && substr(php_sapi_name(), 0, 3) == 'cli') {
print "$str - $errmsg" . PHP_EOL;
}
}
/**
* Function to output a message to the script log file
*
* @param string $errmsg
* @param integer $errno [optional]
*/
public function script_log($errmsg, $errno = E_NOTICE)
{
if (!is_a($this->fh, "Monolog\Logger")) {
return;
}
switch($errno) {
case E_ERROR:
$this->fh->error($errmsg);
die;
break;
case E_WARNING:
$this->fh->warning($errmsg);
break;
case E_NOTICE:
$this->fh->info($errmsg);
break;
case E_DEBUG:
$this->fh->debug($errmsg);
break;
default:
$this->fh->emergency($errmsg);
die;
}
}
}

597
classes/finding.inc Normal file
View File

@ -0,0 +1,597 @@
<?php
/**
* File: finding.inc
* Author: Ryan Prather
* Purpose: Represents a finding
* Created: Sep 12, 2013
*
* Portions Copyright 2016-2017: Cyber Perspectives, LLC, All rights reserved
* Released under the Apache v2.0 License
*
* Portions Copyright (c) 2012-2015, Salient Federal Solutions
* Portions Copyright (c) 2008-2011, Science Applications International Corporation (SAIC)
* Released under Modified BSD License
*
* See license.txt for details
*
* Change Log:
* - Sep 12, 2013 - File created
* - Sep 1, 2016 - Updated Copyright and added comments to finding_status class
* - Nov 7, 2016 - Added finding::inc_Finding_Count function to increment counter
* - May 25, 2017 - Fixed bug of get_Category method returning empty severity (defaults to II if empty)
* - Jan 10, 2018 - Formatting
*/
/**
* Represents a finding
*
* @author Ryan Prather
*
*/
class finding {
/**
* Finding ID
*
* @var integer
*/
protected $id = null;
/**
* Target ID
*
* @var integer
*/
protected $tgt_id = null;
/**
* PDI ID
*
* @var integer
*/
protected $pdi_id = null;
/**
* Scan ID
*
* @var integer
*/
protected $scan_id = null;
/**
* Finding Status ID
*
* @var integer
*/
protected $finding_status_id = null;
/**
* Updated category for the finding
*
* @var int
*/
protected $cat = null;
/**
* Array of ia controls that apply to this finding
*
* @var array:string
*/
protected $ia_controls = array();
/**
* Notes
*
* @var string
*/
protected $notes = null;
/**
* Change ID
*
* @var integer
*/
protected $change_id = null;
/**
* Original source
*
* @var string
*/
protected $orig_src = null;
/**
* Finding iteration (incremented if finding is updated
*
* @var integer
*/
protected $finding_itr = null;
/**
* Array of statuses
*
* @var array:string
*/
protected $STATUS = [
1 => 'Not Reviewed',
2 => 'Not a Finding',
3 => 'Open',
4 => 'Not Applicable',
5 => 'No Data',
6 => 'Exception',
7 => 'False Positive'
];
/**
* Constant for no change
*
* @var integer
*/
const NC = 0;
/**
* Constant for change ID::TO_OPEN
*
* @var integer
*/
const TO_OPEN = 1;
/**
* Constant for change ID::TO_NF
*
* @var integer
*/
const TO_NF = 2;
/**
* Constant for change ID::TO_NA
*
* @var integer
*/
const TO_NA = 3;
/**
* Constructor
*
* @param integer $int_ID
* @param integer $int_Tgt_ID
* @param integer $int_PDI_ID
* @param integer $int_Scan_ID
* @param integer|string $Finding_Status
* @param string $str_Notes
* @param integer $int_Change_ID
* @param string $str_Orig_Src
* @param integer $int_Finding_Itr
*/
public function __construct($int_ID, $int_Tgt_ID, $int_PDI_ID, $int_Scan_ID, $Finding_Status, $str_Notes, $int_Change_ID, $str_Orig_Src, $int_Finding_Itr) {
$this->id = $int_ID;
$this->tgt_id = $int_Tgt_ID;
$this->pdi_id = $int_PDI_ID;
$this->scan_id = $int_Scan_ID;
if (is_numeric($Finding_Status)) {
$this->finding_status_id = $Finding_Status;
}
else {
$this->finding_status_id = $this->get_Finding_Status_ID($Finding_Status);
}
$this->notes = $str_Notes;
$this->change_id = $int_Change_ID;
$this->orig_src = $str_Orig_Src;
$this->finding_itr = $int_Finding_Itr;
}
/**
* Getter function for Finding ID
*
* @return integer
*/
public function get_ID() {
return $this->id;
}
/**
* Getter function for target ID
*
* @return integer
*/
public function get_Tgt_ID() {
return $this->tgt_id;
}
/**
* Setter function for target ID
*
* @param integer $int_Tgt_ID
*/
public function set_Tgt_ID($int_Tgt_ID) {
$this->tgt_id = $int_Tgt_ID;
}
/**
* Getter function for PDI ID
*
* @return integer
*/
public function get_PDI_ID() {
return $this->pdi_id;
}
/**
* Setter function for PDI ID
*
* @param integer $int_PDI_ID
*/
public function set_PDI_ID($int_PDI_ID) {
$this->pdi_id = $int_PDI_ID;
}
/**
* Getter function for Scan ID
*
* @return integer
*/
public function get_Scan_ID() {
return $this->scan_id;
}
/**
* Setter function for Scan ID
*
* @param integer $int_Scan_ID
*/
public function set_Scan_ID($int_Scan_ID) {
$this->scan_id = $int_Scan_ID;
}
/**
* Getter function for Finding status ID
*
* @return integer
*/
public function get_Finding_Status() {
return $this->finding_status_id;
}
/**
* Getter function for Finding status ID based on string
*
* @param string $status
* @return integer
*/
public function get_Finding_Status_ID($status) {
foreach ($this->STATUS as $key => $val) {
if ($val == $status) {
return $key;
}
}
}
/**
* Getter function for finding status string
*
* @param integer $int_Status_ID
* @return string
*/
public function get_Finding_Status_String($int_Status_ID = null) {
if ($int_Status_ID) {
return $this->STATUS[$int_Status_ID];
}
else {
return $this->STATUS[$this->finding_status_id];
}
}
/**
* Setter function for finding status
*
* @param integer $int_Finding_Status_ID
*/
public function set_Finding_Status($int_Finding_Status_ID) {
$this->finding_status_id = $int_Finding_Status_ID;
}
/**
* Setter function for finding status
*
* @param string $str_New_Status
*/
public function set_Finding_Status_By_String($str_New_Status) {
$this->finding_status_id = $this->get_Finding_Status_ID($str_New_Status);
}
/**
* Getter function for notes
*
* @return string
*/
public function get_Notes() {
return $this->notes;
}
/**
* Setter function for notes
*
* @param string $str_Notes
*/
public function set_Notes($str_Notes) {
$this->notes = $str_Notes;
}
/**
* Function to prepend notes to the existing list
*
* @param string $str_Notes
*/
public function prepend_Notes($str_Notes) {
$this->notes = $str_Notes . PHP_EOL . $this->notes;
}
/**
* Function to append notes
*
* @param string $str_Notes
* @param boolean $merge
*/
public function append_Notes($str_Notes, $merge = false) {
$this->notes .= PHP_EOL . ($merge ? "(Merged Target)" . PHP_EOL : "") . $str_Notes;
}
/**
* Getter function for change ID
*
* @return integer
*/
public function get_Change_ID() {
if ($this->change_id) {
return $this->change_id;
}
else {
return $this::NC;
}
}
/**
* Setter function for change ID
*
* @param integer $int_Change_ID
*/
public function set_Change_ID($int_Change_ID) {
$this->change_id = $int_Change_ID;
}
/**
* Getter function for original source
*
* @return string
*/
public function get_Original_Source() {
return $this->orig_src;
}
/**
* Setter function for original source
*
* @param string $str_Original_Source
*/
public function set_Original_Source($str_Original_Source) {
$this->orig_src = $str_Original_Source;
}
/**
* Getter function for finding iteration
*
* @return integer
*/
public function get_Finding_Iteration() {
return $this->finding_itr;
}
/**
* Setter function for finding iteration
*
* @param integer $int_Finding_Iteration
*/
public function set_Finding_Iteration($int_Finding_Iteration) {
$this->finding_itr = $int_Finding_Iteration;
}
/**
* Increment the finding count by 1
*/
public function inc_Finding_Count() {
$this->finding_itr++;
}
/**
* Getter function for deconflicted status
*
* @param string $str_New_Status
* @return string
*/
public function get_Deconflicted_Status($str_New_Status) {
// must get original status first!
return deconflict_status::$DECONFLICTED_STATUS[$this->get_Finding_Status_String()][$str_New_Status];
}
/**
* Getter function for category
*
* @return int
*/
public function get_Category() {
if (empty($this->cat)) {
return 2;
}
return $this->cat;
}
/**
* Setter function for category
*
* @param mixed $cat_in
*/
public function set_Category($cat_in) {
if (is_numeric($cat_in)) {
$this->cat = $cat_in;
}
elseif (is_string($cat_in)) {
$this->cat = substr_count($cat_in, "I");
}
}
/**
* Getter function for IA controls
*
* @return array:string
*/
public function get_IA_Controls() {
return $this->ia_controls;
}
/**
* Getter function for IA Controls
*
* @return string
*/
public function get_IA_Controls_String() {
return implode(" ", $this->ia_controls);
}
/**
* Setter function for the IA Controls
*
* @param mixed $ia_controls_in
*/
public function set_IA_Controls($ia_controls_in) {
if (is_array($ia_controls_in)) {
$this->ia_controls = $ia_controls_in;
}
elseif (is_string($ia_controls_in)) {
$this->ia_controls = explode(" ", $ia_controls_in);
}
}
/**
* Function to add an IA control the the array
*
* @param string $ia_control_in
*/
public function add_IA_Control($ia_control_in) {
$add = true;
foreach ($this->ia_controls as $ia) {
if ($ia == $ia_control_in) {
$add = false;
break;
}
}
if ($add) {
$this->ia_controls[] = $ia_control_in;
}
}
}
/**
* The finding status
*
* @author Ryan Prather
*/
class finding_status {
/**
* The database ID of the finding status
*
* @var int
*/
public $id = 0;
/**
* The status of the finding
*
* @var string
*/
public $status = '';
}
/**
* Class to deconflict statuses
*
* @author Ryan Prather
*/
class deconflict_status {
/**
* Stores the matrix of current -> new statuses
*
* @var array:string
*/
static $DECONFLICTED_STATUS = [
'Exception' => [
'Exception' => 'Exception',
'False Positive' => 'False Positive',
'Open' => 'Exception',
'Not a Finding' => 'Exception',
'Not Applicable' => 'Exception',
'Not Reviewed' => 'Exception',
'No Data' => 'Exception'
],
'False Positive' => [
'Exception' => 'Exception',
'False Positive' => 'False Positive',
'Open' => 'False Positive',
'Not a Finding' => 'False Positive',
'Not Applicable' => 'False Positive',
'Not Reviewed' => 'False Positive',
'No Data' => 'False Positive'
],
'Open' => [
'Exception' => 'Exception',
'False Positive' => 'False Positive',
'Open' => 'Open',
'Not a Finding' => 'Open',
'Not Applicable' => 'Open',
'Not Reviewed' => 'Open',
'No Data' => 'Open'
],
'Not a Finding' => [
'Exception' => 'Exception',
'False Positive' => 'False Positive',
'Open' => 'Open',
'Not a Finding' => 'Not a Finding',
'Not Applicable' => 'Not a Finding',
'Not Reviewed' => 'Not a Finding',
'No Data' => 'Not a Finding'
],
'Not Applicable' => [
'Exception' => 'Exception',
'False Positive' => 'False Positive',
'Open' => 'Open',
'Not a Finding' => 'Not a Finding',
'Not Applicable' => 'Not Applicable',
'Not Reviewed' => 'Not Applicable',
'No Data' => 'Not Reviewed'
],
'Not Reviewed' => [
'Exception' => 'Exception',
'False Positive' => 'False Positive',
'Open' => 'Open',
'Not a Finding' => 'Not a Finding',
'Not Applicable' => 'Not Applicable',
'Not Reviewed' => 'Not Reviewed',
'No Data' => 'Not Reviewed'
],
'No Data' => [
'Exception' => 'Exception',
'False Positive' => 'False Positive',
'Open' => 'Open',
'Not a Finding' => 'Not a Finding',
'Not Applicable' => 'Not Applicable',
'Not Reviewed' => 'Not Reviewed',
'No Data' => 'No Data'
]
];
}

114
classes/golddisk.inc Normal file
View File

@ -0,0 +1,114 @@
<?php
/**
* File: golddisk.inc
* Author: Ryan Prather
* Purpose: Represents a Golddisk check
* Created: Sep 12, 2013
*
* Portions Copyright (c) 2012-2015, Salient Federal Solutions
* Portions Copyright (c) 2008-2011, Science Applications International Corporation (SAIC)
* Released under Modified BSD License
*
* See license.txt for details
*
* Change Log:
* - Sep 12, 2013 - File created
*/
/**
* Represent a Golddisk check
*
* @author Ryan Prather
*
*/
class golddisk {
/**
* PDI ID
*
* @var integer
*/
protected $pdi_id = 0;
/**
* VMS ID
*
* @var string
*/
protected $vms_id = '';
/**
* Short Title
*
* @var string
*/
protected $short_title = '';
/**
* Constructor
*
* @param integer $int_PDI_ID
* @param string $str_VMS_ID
* @param string $str_Short_Title
*/
public function __construct($int_PDI_ID, $str_VMS_ID, $str_Short_Title) {
$this->pdi_id = $int_PDI_ID;
$this->vms_id = $str_VMS_ID;
$this->short_title = $str_Short_Title;
}
/**
* Getter function for PDI ID
*
* @return integer
*/
public function get_PDI_ID() {
return $this->pdi_id;
}
/**
* Setter function for PDI ID
*
* @param integer $int_PDI_ID
*/
public function set_PDI_ID($int_PDI_ID) {
$this->pdi_id = $int_PDI_ID;
}
/**
* Getter function for VMS ID
*
* @return string
*/
public function get_ID() {
return $this->vms_id;
}
/**
* Setter function for VMS ID
*
* @param string $str_VMS_ID
*/
public function set_ID($str_VMS_ID) {
$this->vms_id = $str_VMS_ID;
}
/**
* Getter function for short title
*
* @return string
*/
public function get_Short_Title() {
return $this->short_title;
}
/**
* Setter function for short title
*
* @param string $str_Short_Title
*/
public function set_Short_Title($str_Short_Title) {
$this->short_title = $str_Short_Title;
}
}

195
classes/host_list.inc Normal file
View File

@ -0,0 +1,195 @@
<?php
/**
* File: host_list.inc
* Author: Ryan Prather
* Purpose: Represents an imported scan
* Created: Jan 16, 2018
*
* Copyright 2016-2018: Cyber Perspectives, LLC, All rights reserved
* Released under the Apache v2.0 License
*
* See license.txt for details
*
* Change Log:
* - Jan 16, 2018 - File created
* - Feb 6, 2018 - Added getter/setter methods
*/
/**
* Description of host_list
*
* @author Ryan Prather
*/
class host_list
{
/**
* Target ID
*
* @var integer
*/
private $_targetId = 0;
/**
* Target name
*
* @var string
*/
private $_targetName = null;
/**
* Target IP address
*
* @var string
*/
private $_targetIp = null;
/**
* Number of findings for this target
*
* @var integer
*/
private $_findingCount = 0;
/**
* Was there an error when scanning the target
*
* @var boolean
*/
private $_scanError = false;
/**
* Are their any special notes for the target
*
* @var string
*/
private $_scanNotes = null;
/**
* Constructor
*/
public function __construct()
{
}
/**
* Getter function for _targetId
*
* @return int
*/
public function getTargetId()
{
return $this->_targetId;
}
/**
* Setter function for _targetId
*
* @param int $intTargetId
*/
public function setTargetId($intTargetId)
{
$this->_targetId = $intTargetId;
}
/**
* Getter function for _targetName
*
* @return string
*/
public function getTargetName()
{
return $this->_targetName;
}
/**
* Setter function for _targetName
*
* @param string $strTargetName
*/
public function setTargetName($strTargetName)
{
$this->_targetName = $strTargetName;
}
/**
* Getter function for _targetIp
*
* @return string
*/
public function getTargetIp()
{
return $this->_targetIp;
}
/**
* Setter function for _targetIp
*
* @param string $strTargetIp
*/
public function setTargetIp($strTargetIp)
{
$this->_targetIp = $strTargetIp;
}
/**
* Getter function for _findingCount
*
* @return int
*/
public function getFindingCount()
{
return $this->_findingCount;
}
/**
* Setter function for _findingCount
*
* @param int $intFindingCount
*/
public function setFindingCount($intFindingCount)
{
$this->_findingCount = $intFindingCount;
}
/**
* Getter function for _scanError
*
* @return bool
*/
public function getScanError()
{
return $this->_scanError;
}
/**
* Setter function for _scanError
*
* @param bool $blnScanError
*/
public function setScanError($blnScanError)
{
$this->_scanError = $blnScanError;
}
/**
* Getter function for _scanNotes
*
* @return string
*/
public function getScanNotes()
{
return $this->_scanNotes;
}
/**
* Setter function for _scanNotes
*
* @param string $strScanNotes
*/
public function setScanNotes($strScanNotes)
{
$this->_scanNotes = $strScanNotes;
}
}

127
classes/ia_control.inc Normal file
View File

@ -0,0 +1,127 @@
<?php
/**
* File: ia_control.inc
* Author: Ryan Prather
* Purpose: Represents an IA Control that can be applied to a PDI
* Created: Sep 12, 2013
*
* Portions Copyright (c) 2012-2015, Salient Federal Solutions
* Portions Copyright (c) 2008-2011, Science Applications International Corporation (SAIC)
* Released under Modified BSD License
*
* See license.txt for details
*
* Change Log:
* - Sep 12, 2013 - File created
*/
/**
* Represents an IA Control that can be applied to a PDI
*
* @author Ryan Prather
*
*/
class ia_control {
/**
* PDI ID
*
* @var integer
*/
protected $pdi_id = 0;
/**
* Type
*
* @var string
*/
protected $type = '';
/**
* Type ID
*
* @var integer
*/
protected $type_id = 0;
/**
* Constructor
*
* @param integer $int_PDI_ID
* @param string $str_Type
* @param integer $int_Type_ID
*/
public function __construct($int_PDI_ID, $str_Type, $int_Type_ID) {
$this->pdi_id = $int_PDI_ID;
$this->type = $str_Type;
$this->type_id = $int_Type_ID;
}
/**
* Getter function for PDI ID
*
* @return integer
*/
public function get_PDI_ID() {
return $this->pdi_id;
}
/**
* Setter function for PDI ID
*
* @param integer $int_PDI_ID
*/
public function set_PDI_ID($int_PDI_ID) {
$this->pdi_id = $int_PDI_ID;
}
/**
* Getter function for Type
*
* @return string
*/
public function get_Type() {
return $this->type;
}
/**
* Setter function for type
*
* @param string $str_Type
*/
public function set_Type($str_Type) {
$this->type = $str_Type;
}
/**
* Getter function for type ID
*
* @return integer
*/
public function get_Type_ID() {
return $this->type_id;
}
/**
* Setter function for type ID
*
* @param integer $int_Type_ID
*/
public function set_Type_ID($int_Type_ID) {
$this->type_id = $int_Type_ID;
}
/**
* Function to print a IA Control in the proper format
*
* @return string
*/
public function print_Control() {
if($this->type == 'CCI') {
return $this->type."-".str_pad($this->type_id, 6, "0", STR_PAD_LEFT);
}
return $this->type."-".$this->type_id;
}
}

1075
classes/iavm.inc Normal file
View File

File diff suppressed because it is too large Load Diff

839
classes/import.inc Normal file
View File

@ -0,0 +1,839 @@
<?php
/**
* File: import.inc
* Author: Ryan Prather
* Purpose: Class to allow the parsing and traversing of the tmp directory to find result files to import
* Created: Sep 27, 2013
*
* Portions Copyright 2016-2017: Cyber Perspectives, LLC, All rights reserved
* Released under the Apache v2.0 License
*
* Portions Copyright (c) 2012-2015, Salient Federal Solutions
* Portions Copyright (c) 2008-2011, Science Applications International Corporation (SAIC)
* Released under Modified BSD License
*
* See license.txt for details
*
* Change Log:
* - Sep 27, 2013 - File created
* - Sep 1, 2016 - Updated Copyright, updated purpose, and updated to make platform independent
* - Oct 24, 2016 - Cleaned up script call string and converted to use PHP_OS constant instead of php_uname() function
* - Nov 7, 2016 - Made several updates to the scan_Result_Files function
* - Dec 7, 2016 - Fixed bug in scan_Result_Files where Windows threading was not being run and changed PHP constant to PHP_BIN
* - Jan 30, 2017 - Added parse_config.ini file when parsing and execution check for Linux and Windows
* - Feb 15, 2017 - Fix bug with PHP_BIN not being declared for some reason (need to troubleshoot further)
* - Feb 21, 2017 - Fixed path issues with scripts not running
* - Jun 27, 2017 - Removed include for PHPExcel.php library
* - Oct 23, 2017 - Fixes for pdi class
*/
include_once 'config.inc';
include_once 'database.inc';
include_once 'echecklist.inc';
include_once 'helper.inc';
include_once 'vendor/autoload.php';
/**
* Class to control the importing of files
*
* @author Ryan Prather
*/
class import {
/**
* The current include_once path
*
* @var string
*/
protected $current_path = '';
/**
* String array of regular expressions.
* Files matching these expressions will be skipped
*
* @var string
*/
protected $SKIP = array(
'/HBSS/i',
'/SharePoint/i',
'/ISSE/i',
'/_[Mm]ac/i',
'/Guard/i',
'/SME_PED/i',
'/_zOS_/i',
'/BlackBerry/i',
'/C2\-Fix/i',
'/Enclave_Zone/i',
'/General_Mobile/i',
'/Remote_/i',
'/_Tandem/i',
'/xenapp/i',
'/internet/i',
'/android/i',
'/JVAP/i',
'/apple/i',
'/OpenVMS/i',
'/VVoIP/i',
'/Wireless/i',
'/REL-LAN/i',
'/dictionary/i',
'/IBM_/i',
'/Smartphone/i',
'/Exchange/i',
'/Juniper/i',
'/Mobility/i',
'/ESXi/i',
'/FW_SRG/i',
'/PlayBook_OS/i',
'/vCenter_Server/i'
);
/**
* Class constructor
*/
public function __construct() {
set_time_limit(0);
}
/**
* Class destructor to reset the include_once path and time limits
*/
public function __destruct() {
set_time_limit(30);
}
/**
* Function to scan the tmp directory for result files and call the appropriate parsers
*/
public function scan_Result_Files($redirect = true) {
chdir(DOC_ROOT . "/exec");
$ignore = filter_input(INPUT_POST, 'ignore', FILTER_VALIDATE_BOOLEAN) ? "true" : "false";
$doc_root = realpath(DOC_ROOT);
$ste = filter_input(INPUT_COOKIE, 'ste', FILTER_VALIDATE_INT);
if (!$ste) {
$ste = filter_input(INPUT_POST, 'ste', FILTER_VALIDATE_INT);
}
$location = filter_input(INPUT_POST, 'location', FILTER_SANITIZE_STRING);
$conf = <<<EOF
[system_params]
ste = $ste
location = $location
doc_root = $doc_root
ignore = $ignore
EOF;
file_put_contents(DOC_ROOT . "/exec/parse_config.ini", $conf);
$script = realpath(defined('PHP_BIN') ? PHP_BIN : PHP) .
" -c " . realpath(PHP_CONF) .
" -f " . realpath(DOC_ROOT . "/exec/background_results.php");
if (LOG_LEVEL == E_DEBUG) {
Sagacity_Error::err_handler("Script to execute: $script", E_DEBUG);
}
$process = new Cocur\BackgroundProcess\BackgroundProcess("cd " . realpath(DOC_ROOT . "/exec") . " && " . $script);
$process->run();
if ($redirect) {
header("/results/");
}
}
/**
* Function to scan '/xampp/www/tmp' directory for catalog files
*/
public function scan_Catalog_Files() {
chdir(DOC_ROOT . "/tmp");
$files = glob("*");
foreach ($files as $file) {
if (substr($file, -3) == 'zip') {
// $this->import_STIG_ZIP("../tmp/$file");
}
elseif (preg_match('/pdi\-|\_catalog/i', $file)) {
// $this->import_PDI_CSV("../tmp/$file");
}
elseif (preg_match('/\-xccdf\.xml$/i', $file)) {
// $this->import_STIG("../tmp/$file");
}
}
}
/**
* Function to scan host data files and import findings
*/
public function import_Host_Data_Collection() {
$db = new db();
$doc_root = realpath(DOC_ROOT);
$overwrite = (isset($_REQUEST['overwrite']) && $_REQUEST['overwrite'] ? "true" : "false");
$conf = <<<EOF
[system_params]
ste = {$_REQUEST['ste']}
location = "{$_REQUEST['location']}"
doc_root = $doc_root
target = {$_REQUEST['tgt']}
overwrite = $overwrite
EOF;
file_put_contents(DOC_ROOT . "/exec/parse_config.ini", $conf);
$script = realpath(defined('PHP_BIN') ? PHP_BIN : PHP) .
" -c " . realpath(PHP_CONF) .
" -f " . realpath(DOC_ROOT . "/exec/parse_host_data_collection.php");
if (substr(strtolower(PHP_OS), 0, 3) == 'win') {
$shell = new COM("WScript.Shell");
$shell->CurrentDirectory = DOC_ROOT;
$shell->run($script, 0, false);
}
elseif (substr(strtolower(PHP_OS), 0, 3) == 'lin') {
exec("$script > /dev/null &");
}
else {
Sagacity_Error::err_handler("Unknown OS: " . PHP_OS);
}
header("Location: /ste/");
}
/**
* function to import PDI CSV file to database
*/
public function import_PDI_CSV() {
$db = new db();
$handle = fopen(DOC_ROOT . "/tmp/All-PDI-Catalog.csv", "r");
$data = fgetcsv($handle);
$data = fgetcsv($handle);
while ($data = fgetcsv($handle)) {
$catalog = array(
'stig_id' => (isset($data[0]) ? $data[0] : ""),
'vms_id' => (isset($data[1]) ? $data[1] : ""),
'cat_lvl' => (isset($data[2]) ? $data[2] : "II"),
'ia_controls' => (isset($data[3]) ? $data[3] : ""),
'short_title' => (isset($data[4]) ? $data[4] : ""),
'description' => (isset($data[5]) ? $data[5] : ""),
'notes' => (isset($data[6]) ? $data[6] : ""),
'retina_id' => (isset($data[7]) ? $data[7] : ""),
'vul_id' => (isset($data[8]) ? $data[8] : ""),
'check_contents' => (isset($data[9]) ? $data[9] : ""),
'sv_rule_id' => (isset($data[10]) ? $data[10] : ""),
'nessus_id' => (isset($data[11]) ? $data[11] : "")
);
if ($catalog['stig_id'] != 'No Reference') {
$ref = $db->get_STIG($catalog['stig_id']);
}
if (is_null($ref) && $catalog['vms_id'] != 'No Reference') {
$ref = $db->get_GoldDisk($catalog['vms_id']);
}
if (is_array($ref) && count($ref) && isset($ref[0])) {
$ref = $ref[0];
}
if (!is_null($ref)) {
$pdi = new pdi($ref->get_PDI_ID(), $catalog['cat_lvl'], "NOW");
$pdi->set_Short_Title($catalog['short_title']);
$pdi->set_Group_Title($catalog['short_title']);
$pdi->set_Description($catalog['description']);
if ($catalog['ia_controls']) {
$ia_controls = array();
foreach (explode(" ", $catalog['ia_controls']) as $ia) {
$ia_controls[] = new ia_control($ref->get_PDI_ID(), substr($ia, 0, -2), substr($ia, -1));
}
if (!$db->save_IA_Control($ia_controls)) {
print "error updating ia controls on id: " . $ref->get_ID() . "<br />";
}
}
// Check for retina data
if ($catalog['retina_id']) {
$retina = new retina($ref->get_PDI_ID(), $catalog['retina_id']);
if (!$db->save_Retina($retina)) {
print "error updating retina id: " . $catalog['retina_id'] . "<br />";
}
}
// Vul_ID
if ($catalog['vul_id']) {
}
if ($catalog['sv_rule_id']) {
$sv_rule = array();
foreach (explode(" ", $catalog['sv_rule_id']) as $rule) {
$sv_rule[] = new sv_rule($ref->get_PDI_ID(), $rule);
}
if (!$db->save_SV_Rule($sv_rule)) {
print "error updating sv rule on pdi: " . $ref->get_ID() . "<br />";
}
}
if ($catalog['nessus_id']) {
$nessus = new nessus($ref->get_PDI_ID(), $catalog['nessus_id']);
if (!$db->save_Nessus($nessus)) {
print "error updating nessus id: " . $catalog['nessus_id'] . "<br />";
}
}
}
else {
$pdi = new pdi(0, $catalog['cat_lvl'], "NOW");
$pdi->set_Short_Title($catalog['short_title']);
$pdi->set_Group_Title($catalog['short_title']);
$pdi->set_Description($catalog['description']);
$pdi_id = $db->save_PDI($pdi);
if ($catalog['stig_id'] != 'No Reference') {
$stig = new stig($pdi_id, $catalog['stig_id'], $catalog['description']);
$ref = $stig;
$db->add_Stig($stig);
}
if ($catalog['vms_id'] != 'No Reference') {
$golddisk = new golddisk($pdi_id, $catalog['vms_id'], $catalog['short_title']);
if ($ref == null) {
$ref = $golddisk;
}
$db->save_GoldDisk($golddisk);
}
if ($catalog['ia_controls']) {
$ia_controls = array();
foreach (explode(" ", $catalog['ia_controls']) as $ia) {
$ia_controls[] = new ia_control($pdi_id, substr($ia, 0, -2), substr($ia, -1));
}
if (!$db->save_IA_Control($ia_controls)) {
print "error updating ia controls on pdi_id: " . $ref->get_ID() . "<br />";
}
}
// Check for retina data
if ($catalog['retina_id']) {
$retina = new retina($pdi_id, $catalog['retina_id']);
if (!$db->save_Retina($retina)) {
print "error updating retina id: " . $catalog['retina_id'] . "<br />";
}
}
// Vul_ID
if ($catalog['vul_id']) {
}
// sv_rule
if ($catalog['sv_rule_id']) {
$sv_rule = array();
foreach (explode(" ", $catalog['sv_rule_id']) as $rule) {
$sv_rule[] = new sv_rule($pdi_id, $rule);
}
if (!$db->save_SV_Rule($sv_rule)) {
print "error updating sv rule on pdi: " . $ref->get_ID() . "<br />";
}
}
if ($catalog['nessus_id']) {
$nessus = new nessus($pdi_id, $catalog['nessus_id']);
if (!$db->save_Nessus($nessus)) {
print "error updating nessus id: " . $catalog['nessus_id'] . "<br />";
}
}
}
}
fclose($handle);
}
/**
* function for SRR script
* runs script net-SRR.pl
* exports a csv format file
*/
public function net_SRR() {
}
/**
* function for unix SRR conversion to csv
* runs script unix-xml-to-echecklist.pl
* runs script unix-srr-to-csv.pl
*/
public function unix_srr_to_csv() {
}
/**
* Function to import DISA STIG content to database
*
* @param array $request
*/
public function import_STIG_XML($request = array()) {
$script = realpath(defined('PHP_BIN') ? PHP_BIN : PHP) . " " .
realpath(DOC_ROOT . "/exec/background_stigs.php") . " " .
(isset($request['delete']) ? ' --delete' : '') .
(isset($request['override']) ? " --ia" : "");
$shell = new COM("WScript.Shell");
$shell->CurrentDirectory = DOC_ROOT . "/exec";
$shell->run($script, 0, false);
header("location: " . $_SERVER['HTTP_REFERER']);
}
/**
* Function to convert a retina CSV to an eChecklist and store on database
*/
public function retina_csv_echecklist() {
$files = glob('*.csv');
$db = new db();
$source = $db->get_Sources('Retina');
$ste = $db->get_STE($_REQUEST['ste'])[0];
foreach ($files as $file) {
$scan = new scan(null, $source, $ste, '1', $file, 'CURRENT_TIMESTAMP');
$db->save_Scan($scan);
exec(PERL . "/perl " . DOC_ROOT . "/exec/retina-csv-to-echecklist.pl " . DOC_ROOT . "/tmp/$file --db", $output, $result);
}
}
/**
* function to import golddisk info into scans table
* runs script golddisk-xml-to-echecklist.pl
*/
public function golddisk_xml_echecklist() {
$files = glob('*.xml');
$db = new db();
$source = $db->get_Sources('Golddisk');
$ste = $db->get_STE($_REQUEST['ste'])[0];
foreach ($files as $file) {
$scan = new scan(null, $source, $ste, '1', $file, 'CURRENT_TIMESTAMP');
$db->save_Scan($scan);
exec(PERL . "/perl " . DOC_ROOT . "/exec/golddisk-xml-to-echecklist.pl " . DOC_ROOT . "/tmp/$file --db", $output, $result);
}
}
/**
*
*/
public function import_IAVM_CVE() {
$filename = '../tmp/iavm-to-cve(u).xml';
$xml = simplexml_load_file($filename);
$db = new db();
foreach ($xml->IAVM as $iavm) {
$vms_id = preg_replace('/V[0]+/', 'V-', (string) $iavm->S['VMSKey']);
$stig_id = (string) $iavm->S['IAVM'];
$title = (string) $iavm->S['Title'];
$release_date = DateTime::createFromFormat('d M Y', $iavm->S['ReleaseDate']);
$revision_date = DateTime::createFromFormat('d M Y', $iavm->Revision['Date']);
$cves_tags = $iavm->CVEs;
$cves = array();
$pdi = $db->get_Stig($stig_id);
if (is_array($pdi) && count($pdi) && isset($pdi[0]) && is_a($pdi[0], 'stig')) {
$pdi = $pdi[0];
}
if (is_null($pdi)) {
$pdi = $db->get_GoldDisk($vms_id);
if (is_array($pdi) && count($pdi) && isset($pdi[0]) && is_a($pdi[0], 'golddisk')) {
$pdi = $pdi[0];
}
}
if (is_null($pdi)) {
$cat_lvl = substr_count((string) $iavm->S['Severity'], 'I');
$pdi = new pdi(null, $cat_lvl, (string) $iavm->S['ReleaseDate']);
$pdi->set_Short_Title($title);
$pdi->set_Group_Title($title);
$pdi->set_Description($title);
$pdi_id = $db->save_PDI($pdi);
$stig = new stig($pdi_id, $stig_id, $title);
$db->add_Stig($stig);
$golddisk = new golddisk($pdi_id, $vms_id, $title);
$db->save_GoldDisk($golddisk);
}
else {
$pdi_id = $pdi->get_PDI_ID();
}
foreach ($cves_tags->CVENumber as $cve) {
$cve_id = (string) $cve;
$cves[] = new cve(null, $cve_id, $release_date, $title);
}
$db->add_CVE($cves);
$ref_tags = $iavm->References;
$refs = array();
foreach ($ref_tags->Reference as $ref) {
$ref_type = '';
$adv_id = '';
$url = (string) $ref['URL'];
$name = (string) $ref['RefName'];
$match = array();
$refs[] = new advisory($pdi_id, $adv_id, $name, $ref_type, $url);
}
}
$ref = $row[8];
$url = $row[9];
if (strpos($ref, 'Microsoft') !== false) {
$x++;
$type = 'Microsoft';
$ret = preg_match('/(MS\d{2}\-\d{3}|KB\d{6,7}|\d{6,7})/', $ref, $match);
if (count($match)) {
$id = $match[1];
}
}
elseif (strpos($ref, 'Adobe') !== false) {
$x++;
$type = 'Adobe';
$ret = preg_match('/(APSA\d{2}\-\d{2}|APSB\d{2}\-\d{2})/', $ref, $match);
if (count($match)) {
$id = $match[1];
}
}
elseif (strpos($ref, 'Apache') !== false) {
$x++;
$type = 'Apache';
$ret = preg_match('/(CVE\-\d{4}\-\d{4}|S\d\-\d{3})/', $ref, $match);
if (count($match)) {
$id = $match[1];
}
}
elseif (strpos($ref, 'CERT') !== false) {
$x++;
$type = 'US-CERT';
$match = array();
if (strpos($url, 'techalerts') !== false) {
$ret = preg_match('/(TA\d{2}\-\d{3}\s).html/', $url, $match);
}
elseif (strpos($url, 'vuls') !== false) {
$ret = preg_match('/([^\/]+)$/', $url, $match);
}
if (count($match)) {
$id = $match[1];
}
}
elseif (strpos($ref, 'Cisco') !== false) {
$x++;
$type = 'Cisco';
$ret = preg_match('/([^\/]+)(\.s?html)$/', $url, $match);
if (count($match) > 0) {
$id = $match[1];
}
else {
$ret = preg_match('/([^\/]+)$/', $url, $match);
if (count($match)) {
$id = $match[1];
}
}
}
elseif (strpos($ref, 'Citrix') !== false) {
$x++;
$type = 'Citrix';
$ret = preg_match('/([^\/]+)$/', $url, $match);
if (count($match)) {
$id = $match[1];
}
}
elseif (strpos($ref, 'Debian') !== false) {
$x++;
$type = 'Debian';
$ret = preg_match('/([^\/]+)$/', $url, $match);
if (count($match)) {
$id = $match[1];
}
}
elseif (strpos($ref, 'HP') !== false) {
$x++;
$type = 'HP';
$ret = preg_match('/(HPSB\S+\ SSRT\S+)[\ ?\)?]/', $ref, $match);
if (count($match)) {
$id = $match[1];
}
else {
$ret = preg_match('/(HPSB\S+)[\ ?\)?]/', $ref, $match);
if (count($match)) {
$id = $match[1];
}
}
}
elseif (strpos($ref, 'IBM') !== false) {
$x++;
$type = 'IBM';
$ret = preg_match('/(\d{5,8})/', $ref, $match);
if (count($match)) {
$id = $match[1];
}
else {
$ret = preg_match('/([^\=|\/]+)$/', $url, $match);
if (count($match)) {
$id = $match[1];
}
}
}
elseif (strpos($ref, 'Juniper') !== false) {
$x++;
$type = 'Juniper';
$ret = preg_match('/(PSN\-\d{4}\-\d{2}\-\d{3}|JSA\d{5})/', $url, $match);
if (count($match)) {
$id = $match[1];
}
}
elseif (strpos($ref, 'Oracle') !== false) {
$x++;
$type = 'Oracle';
$url = basename($url);
$ret = preg_match('/([\S]+)\.html/', $url, $match);
if (count($match)) {
$id = $match[1];
}
}
elseif (strpos($ref, 'McAfee') !== false) {
$x++;
$type = 'McAfee';
$query = parse_query($url);
if (count($match)) {
$id = isset($query['id']) ? $query['id'] : '';
}
}
elseif (strpos($ref, 'Red Hat') !== false) {
$x++;
$type = 'Red Hat';
$ret = preg_match('/([^\/]+)\.html/', $url, $match);
if (count($match)) {
$id = $match[1];
}
}
elseif (strpos($ref, 'Secunia') !== false) {
$x++;
$type = 'Secunia';
$ret = preg_match('/([^\/]+)\/([^\/]+)\/?$/', $url, $match);
if (count($match)) {
if ($match[2] == 'advisory') {
$id = $match[1];
}
elseif (is_numeric($match[1]) && count($match[2]) == 1) {
$id = $match[1];
}
else {
$id = $match[2];
}
}
}
elseif (strpos($url, 'securitytracker') !== false) {
$x++;
$type = 'Security Tracker';
$ret = preg_match('/([^\/]+)\.html$/', $url, $match);
if (count($match)) {
$id = $match[1];
}
}
elseif (strpos($ref, 'SecurityFocus') !== false) {
$x++;
$type = 'SecurityFocus';
$ret = preg_match('/([^\/]+)\/?$/', $url, $match);
if (count($match)) {
if ($match[1] != 'info') {
$id = $match[1];
}
else {
$ret = preg_match('/([^\/]+)\/info/', $url, $match);
$id = $match[1];
}
}
}
elseif (strpos($ref, 'Sun') !== false) {
$x++;
$type = 'Sun';
$query = parse_query($url);
$id = isset($query['assetkey']) ? $query['assetkey'] : '';
if (!$id) {
$ret = preg_match('/([^\/]+)$/', parse_url($url, PHP_URL_PATH), $match);
$id = $match[1];
}
}
elseif (strpos($ref, 'Symantec') !== false) {
$x++;
$type = 'Symantec';
$ret = preg_match('/(\d{5}|SYM\d{2}\-\d{3})/', $ref, $match);
if (count($match)) {
$id = $match[1];
}
}
elseif (strpos($url, 'ZDI') !== false) {
$x++;
$type = 'ZDI';
$ret = preg_match('/([^\/]+)(\.html|\/)$/', $url, $match);
if (count($match)) {
$id = $match[1];
}
}
elseif (strpos($ref, 'Wireshark') !== false) {
$x++;
$type = 'Wireshark';
$ret = preg_match('/([^\/]+)\.html$/', $url, $match);
if (count($match)) {
$id = $match[1];
}
}
}
/**
*
* @param string $in
* @return multitype:Ambigous <>
*/
public function parse_query($in) {
/**
* Use this function to parse out the query array element from
* the output of parse_url().
*/
$query_string = substr($in, strpos($in, '?') + 1);
$query_arr = explode('&', $query_string);
$arr = array();
foreach ($query_arr as $val) {
$x = explode('=', $val);
$arr[$x[0]] = isset($x[1]) ? $x[1] : '';
}
unset($val, $x, $var);
return $arr;
}
/**
* Function for fixing a DISA OVAL file
*/
public function fix_Oval() {
chdir("../tmp");
$files = glob("*-oval.xml");
$ret = '';
$db = new db();
foreach ($files as $file) {
$xml = new DOMDocument();
if (!$xml->load($file)) {
error_log("error reading xml file");
}
$xml->formatOutput = true;
$xml->preserveWhiteSpace = true;
$const_arr = null;
$variables = $xml->getElementsByTagName("variables")
->item(0);
$first_node = $variables->firstChild;
while ($node = $xml->getElementsByTagName("external_variable")
->item(0)) {
$id = $node->getAttribute("id");
$id = explode(':', $id)[3];
$comment = $node->getAttribute("comment");
$ver = $node->getAttribute("version");
$datatype = $node->getAttribute("datatype");
$tmp = $db->get_Oval_Const($id);
$const_arr[$tmp['const_id']]['values'] = $tmp['values'];
$const_arr[$tmp['const_id']]['ver'] = $ver;
$const_arr[$tmp['const_id']]['datatype'] = $datatype;
$const_arr[$tmp['const_id']]['comment'] = $comment;
$var_com = $xml->createElement('variable_component');
$var_com->setAttribute('var_ref', "oval:smc.gpea.windows:var:" . $tmp['const_id']);
$loc_var = $xml->createElement('local_variable');
$loc_var->setAttribute('id', "oval:mil.disa.fso.windows:var:" . $id);
$loc_var->setAttribute('version', $ver);
$loc_var->setAttribute('datatype', $datatype);
$loc_var->setAttribute('comment', $comment);
$loc_var->appendChild($var_com);
$variables->replaceChild($loc_var, $node);
}
foreach ($const_arr as $key => $value) {
$const_var = $xml->createElement('constant_variable');
$const_var->setAttribute('id', 'oval:smc.gpea.windows:var:' . $key);
$const_var->setAttribute('version', $const_arr[$key]['ver']);
$const_var->setAttribute('datatype', $const_arr[$key]['datatype']);
$const_var->setAttribute('comment', $const_arr[$key]['comment']);
foreach ($value['values'] as $val) {
$txt = $xml->createTextNode($val);
$val_var = $xml->createElement("value");
$val_var->appendChild($txt);
$const_var->appendChild($val_var);
}
$variables->appendChild($const_var);
}
rename($file, "oval\\$file");
return $xml->saveXML();
}
}
private function getElementById($doc, $id) {
$xpath = new DOMXPath($doc);
return $xpath->query("//*[@id='$id']")
->item(0);
}
}

522
classes/interfaces.inc Normal file
View File

@ -0,0 +1,522 @@
<?php
/**
* File: interfaces.inc
* Author: Ryan Prather
* Purpose: Represents an interface that is assigned to a target
* Created: Sep 16, 2013
*
* Portions Copyright 2016-2017: Cyber Perspectives, LLC, All rights reserved
* Released under the Apache v2.0 License
*
* Portions Copyright (c) 2012-2015, Salient Federal Solutions
* Portions Copyright (c) 2008-2011, Science Applications International Corporation (SAIC)
* Released under Modified BSD License
*
* See license.txt for details
*
* Change Log:
* - Sep 16, 2013 - File created
* - Sep 1, 2016 - Updated Copyright and converted to use generic port class
* - Oct 24, 2016 - Fixed bug with direct call to tcp_port and udp_port private variables (#6)
* - Jul 31, 2017 - Fixed bug #280 with updating tcp and udp port notes and banner.
* - Aug 14, 2017 - Fixed bug for absent tcp and udp ports when updating. (#284)
* - Oct 23, 2017 - Added MAC
*/
/**
* Class to represent a hardware interface
*
* @author Ryan Prather
*/
class interfaces {
/**
* Integer used in the database for interfaces ID
*
* @var integer
*/
protected $id = 0;
/**
* Integer used in database for Target ID
*
* @var integer
*/
protected $tgt_id = 0;
/**
* String to store the name of the interface
*
* @var string
*/
protected $name = '';
/**
* String to store the interface Media Access Control (MAC) address
* @var string
*/
protected $mac = '';
/**
* String to store the ipv4 of the interface
*
* @var string
*/
protected $ipv4 = '';
/**
* String to store the ipv6 of the interface
*
* @var string
*/
protected $ipv6 = '';
/**
* String to store the hostname of the interface
*
* @var string
*/
protected $hostname = '';
/**
* Array of TCP ports open on this interface
*
* @var array:tcp_ports
*/
protected $tcp_ports = array();
/**
* Array of UDP ports open on this interface
*
* @var array:udp_ports
*/
protected $udp_ports = array();
/**
* String to store the fully qualified domain name (fqdn) of the interface
*
* @var string
*/
protected $fqdn = '';
/**
* String to store the description of the interface
*
* @var string
*/
protected $description = '';
/**
* Interface notes
*
* @var string
*/
protected $notes = '';
/**
* Constructor
*
* @param integer $int_ID
* @param integer $int_TGT_ID
* @param string $str_Name
* @param string $str_Ipv4
* @param string $str_Ipv6
* @param string $str_Hostname
* @param string $str_FQDN
* @param string $str_Description
*/
public function __construct($int_ID, $int_TGT_ID, $str_Name, $str_Ipv4, $str_Ipv6, $str_Hostname, $str_FQDN, $str_Description) {
$this->id = $int_ID;
$this->tgt_id = $int_TGT_ID;
$this->name = $str_Name;
$this->ipv4 = $str_Ipv4;
$this->ipv6 = $str_Ipv6;
$this->hostname = $str_Hostname;
$this->fqdn = $str_FQDN;
$this->description = $str_Description;
}
/**
* Getter function for interface ID
*
* @return integer
*/
public function get_ID() {
return $this->id;
}
/**
* Setter function for interface ID
*
* @param interface $int_id_in
*/
public function set_ID($int_id_in) {
$this->id = $int_id_in;
}
/**
* Getter function for target ID
*
* @return integer
*/
public function get_TGT_ID() {
return $this->tgt_id;
}
/**
* Setter function for the target id
*
* @param integer $int_tgt_id_in
*/
public function set_TGT_ID($int_tgt_id_in) {
$this->tgt_id = $int_tgt_id_in;
}
/**
* Getter function for interface name
*
* @return string
*/
public function get_Name() {
return $this->name;
}
/**
* Setter function for interface name
*
* @param string $str_Name
*/
public function set_Name($str_Name) {
$this->name = $str_Name;
}
/**
* Getter function for the interface MAC
*
* @return string
*/
public function get_MAC() {
return $this->mac;
}
/**
* Setter function for the interface MAC
*
* @param string $mac
*/
public function set_MAC($mac) {
$this->mac = $mac;
}
/**
* Getter function for interface IPv4 address
*
* @return string
*/
public function get_IPv4() {
return $this->ipv4;
}
/**
* Setter function for interface IPv4 address
*
* @param string $str_Ipv4
*/
public function set_IPv4($str_Ipv4) {
$this->ipv4 = $str_Ipv4;
}
/**
* Getter function for interface IPv6 address
*
* @return string
*/
public function get_IPv6() {
return $this->ipv6;
}
/**
* Setter function for interface IPv6 address
*
* @param string $str_Ipv6
*/
public function set_IPv6($str_Ipv6) {
$this->ipv6 = $str_Ipv6;
}
/**
* Getter function for hostname
*
* @return string
*/
public function get_Hostname() {
return $this->hostname;
}
/**
* Setter function for hostname
*
* @param string $str_Hostname
*/
public function set_Hostname($str_Hostname) {
$this->hostname = $str_Hostname;
}
/**
* Getter function for TCP ports
*
* @return array:tcp_ports
*/
public function get_TCP_Ports() {
return $this->tcp_ports;
}
/**
* Return a TCP Port object of a specific port
*
* @param integer $port_number
*
* @return NULL|tcp_ports
*/
public function get_TCP_Port_By_Port_Number($port_number) {
return isset($this->tcp_ports[$port_number]) ? $this->tcp_ports[$port_number] : null;
}
/**
* Function to check and see if a TCP port is open
*
* @param int $port_number
*
* @return boolean
*/
public function is_TCP_Port_Open($port_number) {
return isset($this->tcp_ports[$port_number]);
}
/**
* Update a specific tcp port
*
* @param tcp_ports $tcp_port
*/
public function update_TCP_Port($tcp_port) {
if (isset($this->tcp_ports[$tcp_port->get_Port()])) {
// Get pointer to current port by reference so updates persist upon return
$cur_port = &$this->tcp_ports[$tcp_port->get_Port()];
// Get current and new port banner and notes to determine if we need to update.
$cur_banner = $cur_port->get_Banner();
$cur_notes = $cur_port->get_Notes();
$new_banner = $tcp_port->get_Banner();
$new_notes = $tcp_port->get_Notes();
// Only update banner if new banner is not already in current banner
if (!empty($new_banner) && strpos($cur_banner, $new_banner) === false) {
$cur_port->set_Banner($tcp_port->get_Banner());
}
// Only update notes if new notes is not already in current notes
if (!empty($new_notes) && strpos($cur_notes, $new_notes) === false) {
$cur_port->append_Notes($tcp_port->get_Notes());
}
}
else {
$this->tcp_ports[$tcp_port->get_Port()] = $tcp_port;
}
}
/**
* Setter function for TCP ports
*
* @param tcp_ports $tcp_Ports
*/
public function add_TCP_Ports($tcp_Ports) {
if (!isset($this->tcp_ports[$tcp_Ports->get_Port()])) {
$this->tcp_ports[$tcp_Ports->get_Port()] = $tcp_Ports;
}
else {
if (empty($this->tcp_ports[$tcp_Ports->get_Port()]->get_Banner())) {
$this->tcp_ports[$tcp_Ports->get_Port()]->set_Banner($tcp_Ports->get_Banner());
}
else {
$this->tcp_ports[$tcp_Ports->get_Port()]->set_Banner($this->tcp_ports[$tcp_Ports->get_Port()]->get_Banner() . PHP_EOL . $tcp_Ports->get_Banner());
}
}
}
/**
* Setter function for TCP ports based on array
*
* @param integer $port_number
*/
public function remove_TCP_Ports_Array($port_number) {
unset($this->tcp_ports[$port_number]);
}
/**
* Getter function for UDP ports
*
* @return array:udp_ports
*/
public function get_UDP_Ports() {
return $this->udp_ports;
}
/**
* Return a UDP Port object of a specific port
*
* @param integer $port_number
*
* @return NULL|udp_ports
*/
public function get_UDP_Port_By_Port_Number($port_number) {
return isset($this->udp_port[$port_number]) ? $this->udp_ports[$port_number] : null;
}
/**
* Function to check and see if a UDP port is open
*
* @param int $port_number
*
* @return boolean
*/
public function is_UDP_Port_Open($port_number) {
return isset($this->udp_ports[$port_number]);
}
/**
* Update a specific udp port
*
* @param udp_ports $udp_port
*/
public function update_UDP_Port($udp_port) {
if (isset($this->udp_ports[$udp_port->get_Port()])) {
// Get pointer to current port by reference so updates persist upon return
$cur_port = &$this->udp_ports[$udp_port->get_Port()];
// Get current and new port banner and notes to determine if we need to update.
$cur_banner = $cur_port->get_Banner();
$cur_notes = $cur_port->get_Notes();
$new_banner = $udp_port->get_Banner();
$new_notes = $udp_port->get_Notes();
// Only update banner if new banner is not already in current banner
if (!empty($new_banner) && strpos($cur_banner, $new_banner) === false) {
$cur_port->set_Banner($udp_port->get_Banner());
}
// Only update notes if new notes is not already in current notes
if (!empty($new_notes) && strpos($cur_notes, $new_notes) === false) {
$cur_port->append_Notes($udp_port->get_Notes());
}
}
else {
$this->udp_ports[$udp_port->get_Port()] = $udp_port;
}
}
/**
* Setter function for UDP ports
*
* @param udp_ports $udp_Ports
*/
public function add_UDP_Ports($udp_Ports) {
if (!isset($this->udp_ports[$udp_Ports->get_Port()])) {
$this->udp_ports[$udp_Ports->get_Port()] = $udp_Ports;
}
else {
if (!$this->udp_ports[$udp_Ports->get_Port()]->get_Banner()) {
$this->udp_ports[$udp_Ports->get_Port()]->set_Banner($udp_Ports->get_Banner());
}
else {
$this->udp_ports[$udp_Ports->get_Port()]->set_Banner($this->udp_ports[$udp_Ports->get_Port()]->get_Banner() . PHP_EOL . $udp_Ports->get_Banner());
}
}
}
/**
* Function to remove port from array
*
* @param integer $port_number
*/
public function remove_UDP_Ports_Array($port_number) {
unset($this->udp_ports[$port_number]);
}
/**
* Getter function for FQDN
*
* @return string
*/
public function get_FQDN() {
return $this->fqdn;
}
/**
* Setter function for FQDN
*
* @param string $str_FQDN
*/
public function set_FQDN($str_FQDN) {
$this->fqdn = $str_FQDN;
}
/**
* Getter function for Description
*
* @return string
*/
public function get_Description() {
return $this->description;
}
/**
* Setter function for Description
*
* @param string $str_Description
*/
public function set_Description($str_Description) {
$this->description = $str_Description;
}
/**
* Getter function for interface notes
*
* @return string
*/
public function get_Notes() {
return $this->notes;
}
/**
* Setter function for interface notes
*
* @param string $notes_in
*/
public function set_Notes($notes_in) {
$this->notes = $notes_in;
}
/**
* Getter function for preformated table row
*
* @return string
*/
public function get_Table_Data($Odd_Row) {
$ret = "<tr";
if ($Odd_Row) {
$ret .= " class='DynamicContent odd_row'";
}
else {
$ret .= " class='DynamicContent even_row'";
}
$ret .= "><td><input type='text' style='width:100px;' name='ip[$this->id]' value='$this->ipv4' title='Type DELETE to remove the interface' /></td>";
$ret .= "<td><input type='text' style='width:215px;' name='hostname[$this->id]' value='$this->hostname'/></td>";
$ret .= "<td><input type='text' style='width:215px;' name='name[$this->id]' value='$this->name'/></td>";
$ret .= "<td><input type='text' style='width:215px;' name='fqdn[$this->id]' value='$this->fqdn'/></td>";
$ret .= "<td><textarea style='width:390px;vertical-align:bottom;' rows='2' name='description[$this->id]'>$this->description</textarea></td></tr>";
return $ret;
}
}

255
classes/nasl.inc Normal file
View File

@ -0,0 +1,255 @@
<?php
/**
* File: nasl.inc
* Author: Ryan Prather
* Purpose: Class to store data from
* Created: Jan 15, 2017
*
* Copyright 2017: Cyber Perspectives, All rights reserved
* Released under the Apache v2.0 License
*
* See license.txt for details
*
* Change Log:
* - Jan 15, 2017 - File created
* - Jan 31, 2017 - Completed parse testing
* - Feb 15, 2017 - Fix bug if last modification or creation date are not formatted correctly
* - Feb 21, 2017 - Changed throwing exception to just print error and return
* - Apr 5, 2017 - Removed deleting NASL file from within class...now happens in wrapper code
* - Jun 27, 2017 - Matt Shuter: Added fix for deprecated plugins (#262 & #270)
*/
/**
* Class to parse NVT .nasl files from OpenVAS and Nessus
*/
class nasl {
/**
* Constructor
*
* @param string $file
*/
public function __construct($file = null) {
if (!is_null($file) && file_exists($file)) {
$this->parse($file);
}
}
/**
* Parsing function
*
* @param string $file
*
* @return boolean
*/
public function parse($file) {
$file_contents = null;
if (file_exists($file)) {
$file_contents = file_get_contents($file);
}
else {
print "\tCould not find file {$file}" . PHP_EOL;
return false;
}
// Capture regex matches for parsing
$match = array();
// Check to see if the plugin is disabled/deprecated and if so, return
if (preg_match("/Disabled on ([\d\/]+)|@DEPRECATED@/i", $file_contents)) {
print "\tPlugin file $file is DISABLED" . PHP_EOL;
return false;
}
if (preg_match("/script_id\(([\d\.]+)\)/", $file_contents, $match)) {
$this->{'id'} = $match[1];
}
elseif (preg_match("/script_oid\(\"([\d\.]+)\"\)/", $file_contents, $match)) {
$this->{'oid'} = $match[1];
$oid = explode(".", $match[1]);
$this->{'id'} = end($oid);
}
elseif (preg_match("/script_o?id\(([^\)]+)\)/", $file_contents, $match)) {
preg_match("/" . preg_quote($match[1], "/") . "[^\"]+\"([^\"]+)\"/", $file_contents, $match);
$this->{'oid'} = $match[1];
$oid = explode(".", $match[1]);
$this->{'id'} = end($oid);
}
else {
print "\tCould not find an ID in $file" . PHP_EOL;
return false;
}
if (preg_match("/script_version\(\"[^\d]+([\d\.]+)[^\n]+/", $file_contents, $match)) {
$this->{'rev'} = $match[1];
}
if (preg_match("/script_cvs_date\([^\d]+([\d\-\/]+)/", $file_contents, $match)) {
try {
$this->{'last_modification'} = new DateTime($match[1]);
}
catch (Exception $e) {
die(print_r($e, true));
}
}
if (preg_match("/script_set_attribute\([^\"]+\"plugin_publication_date\"[^\"]+\"([\d\/]+)\"/", $file_contents, $match)) {
try {
$this->{'creation_date'} = new DateTime($match[1]);
}
catch (Exception $e) {
die(print_r($e, true));
}
}
if (preg_match("/script_set_cvss_base_vector\(\"([^\"]+)\"/", $file_contents, $match)) {
$this->{'cvss_base_vector'} = $match[1];
}
if (preg_match("/script_name\(([^\"]+)?\"([^\"]+)\"\)/", $file_contents, $match)) {
$this->{'name'} = $match[2];
}
if (preg_match("/script_category\(([^\)]+)\)/", $file_contents, $match)) {
$this->{'cat'} = $match[1];
}
if (preg_match("/script_copyright\(([^\"]+)?\"([^\"]+)\"\)/", $file_contents, $match)) {
$this->{'copyright'} = $match[2];
}
if (preg_match("/script_family\(([^\"]+)?\"([^\"]+)\"\)/", $file_contents, $match)) {
$this->{'family'} = $match[2];
}
if (preg_match("/script_summary\(([^\"]+)?\"([^\"]+)\"\)/", $file_contents, $match)) {
$this->{'summary'} = $match[2];
}
if (preg_match("/script_require_ports\(([^\d]+)?([\d]+)\)/", $file_contents, $match)) {
$this->{'protocol'} = explode(',', str_replace(array('"', ' '), '', $match[2]));
if (count($this->protocol) == 1) {
$this->protocol = $this->protocol[0];
}
}
if (preg_match("/CPE ?\= ?\"([^\"]+)\"/", $file_contents, $match)) {
$this->{'cpe'} = $match[1];
}
if (preg_match("/script_set_attribute/", $file_contents)) {
if (preg_match_all("/script_set_attribute\(([^a]+)?attribute:\"([^\"]+)\",([^v]+)?value:([^\"]+)?\"([^\"]+)\"/", $file_contents, $match)) {
foreach ($match[2] as $key => $val) {
if ($val == 'cpe') {
$this->{$val}[] = str_replace("p-cpe", "cpe", $match[5][$key]);
}
else {
$this->{$val} = $match[5][$key];
}
}
}
}
if (preg_match("/script_cve_id\(([^\)]+)\)/", $file_contents, $match)) {
if (($pos = strpos($match[1], ",")) !== false) {
$this->{'ref'}['cve'] = explode(',', str_replace(array(' ', '"'), "", $match[1]));
}
else {
$this->{'ref'}['cve'] = array(0 => str_replace(array(" ", '"'), "", $match[1]));
}
}
if (preg_match("/script_bugtraq_id\(([\d]+)/", $file_contents, $match)) {
if (($pos = strpos($match[1], ",")) !== false) {
$this->{'ref'}['bug'] = explode(",", str_replace(array(' ', '"'), "", $match[1]));
}
else {
$this->{'ref'}['bug'] = array(0 => $match[1]);
}
}
if (preg_match("/script_cwe_id\(([^\)]+)\)/", $file_contents, $match)) {
if (($pos = strpos($match[1], ",")) !== false) {
$this->{'ref'}['cwe'] = explode(",", str_replace(array(' '), '', $match[1]));
}
else {
$this->{'ref'}['cwe'] = array(0 => $match[1]);
}
}
if (preg_match("/script_osvdb_id\(([\d\, ]+)\)/", $file_contents, $match)) {
if (($pos = strpos($match[1], ",")) !== false) {
$this->{'ref'}['osvdb'] = explode(",", str_replace(" ", "", $match[1]));
}
else {
$this->{'ref'}['osvdb'] = array(0 => $match[1]);
}
}
$script_xrefs = preg_grep("/script_xref/", explode("\n", $file_contents));
if (count($script_xrefs)) {
foreach ($script_xrefs as $y) {
if (preg_match("/([^\"]+)\"\)\;$/", $y, $match)) {
if (substr($match[1], 0, 4) == 'http') {
$this->{'ref'}["URL"][] = $match[1];
}
else {
$val = $match[1];
if (preg_match("/script_xref\([^\"]+\"([^\"]+)\"/", $y, $match)) {
$this->{'ref'}[$match[1]][] = $val;
}
}
}
}
}
if (preg_match_all("/script_tag\(([^\"]+)?\"([^\"]+)\"[^v]+value *: *([^\)\(]+)/", $file_contents, $match)) {
$match2 = array();
foreach ($match[2] as $key => $val) {
if (strpos($match[3][$key], '"') !== false) {
$this->{$val} = str_replace('"', '', $match[3][$key]);
}
elseif (preg_match("/" . preg_quote($match[3][$key], "/") . " [^\"]+\"([^\"]+)\"/", $file_contents, $match2)) {
$this->{$val} = $match2[1];
}
}
}
if (preg_match_all("/script_tag\(([^\"]+)?\"([^\"]+)\"[^\"]+\"([^\"]+)/", $file_contents, $match)) {
$dt = array();
foreach ($match[2] as $key => $val) {
if ($val == 'creation_date') {
if (preg_match("/^([\d\/\-\+\ \:]+)/", $match[3][$key], $dt)) {
try {
$this->{$val} = new DateTime($dt[1]);
}
catch (Exception $e) {
if (preg_match("/\+05340/", $dt[1], $match)) {
$this->{$val} = new DateTime(substr($dt[1], 0, -7) . "+0530");
}
}
}
}
elseif ($val == 'last_modification') {
if (preg_match("/: ([\d\-\/\ \+\:]+)/", $match[3][$key], $dt)) {
try {
$this->{$val} = new DateTime($dt[1]);
}
catch (Exception $e) {
die(print_r($e, true));
}
}
}
elseif (!isset($this->{$val})) {
$this->{$val} = $match[3][$key];
}
}
}
return true;
}
}

466
classes/nessus.inc Normal file
View File

@ -0,0 +1,466 @@
<?php
/**
* File: nessus.inc
* Author: Ryan Prather
* Purpose: Represents a Nessus scan
* Created: Sep 12, 2013
*
* Portions Copyright (c) 2012-2015, Salient Federal Solutions
* Portions Copyright (c) 2008-2011, Science Applications International Corporation (SAIC)
* Released under Modified BSD License
*
* See license.txt for details
*
* Change Log:
* - Sep 12, 2013 - File created
* - Mar 22, 2017 - Removed setting function for values that were moved to meta data,
* Added compare_Reference function to compare 2 references from 2 nessus objects
*/
/**
* Represents a Nessus scan
*
* @author Ryan Prather
*
*/
class nessus {
/**
* PDI ID
*
* @var integer
*/
protected $pdi_id = 0;
/**
* Nessus Id
*
* @var string
*/
protected $nessus_id = '';
/**
* Name
*
* @var string
*/
protected $name = '';
/**
* Summary
*
* @var string
*/
protected $summary = '';
/**
* Description
*
* @var string
*/
protected $description = '';
/**
* Solution
*
* @var string
*/
protected $solution = '';
/**
* Family
*
* @var unknown
*/
protected $family = '';
/**
* Category
*
* @var string
*/
protected $category = '';
/**
* Copyright
*
* @var string
*/
protected $copyright = '';
/**
* Protocol
*
* @var string
*/
protected $protocol = '';
/**
* Version of the plugin
*
* @var string
*/
protected $version = '';
/**
* File name of the Nessus plugin file
*
* @var string
*/
protected $file_name = '';
/**
* Date of the Nessus plugin file
*
* @var string
*/
protected $file_date = '';
/**
* Array of reference IDs that link to this plugin
* multidimensional array, first dimension is type, second dimension is value
*
* @var array
*/
protected $refs = array();
/**
* Constructor
*
* @param integer $int_PDI_ID
* @param string $str_Nessus_ID
*/
public function __construct($int_PDI_ID, $str_Nessus_ID) {
$this->pdi_id = $int_PDI_ID;
$this->nessus_id = $str_Nessus_ID;
$this->refs = array();
}
/**
* Getter function for PDI ID
*
* @return integer
*/
public function get_PDI_ID() {
return $this->pdi_id;
}
/**
* Setter function for PDI ID
*
* @param integer $int_PDI_ID
*/
public function set_PDI_ID($int_PDI_ID) {
$this->pdi_id = $int_PDI_ID;
}
/**
* Getter function for Nessus ID
*
* @return string
*/
public function get_Nessus_ID() {
return $this->nessus_id;
}
/**
* Setter function for Nessus ID
*
* @param string $str_Nessus_ID
*/
public function set_Nessus_ID($str_Nessus_ID) {
$this->nessus_id = $str_Nessus_ID;
}
/**
* Getter function for plugin name
*
* @return string
*/
public function get_Name() {
return $this->name;
}
/**
* Setter function for plugin name
*
* @param string $str_Name_In
*/
public function set_Name($str_Name_In) {
$this->name = $str_Name_In;
}
/**
* Getter function for plugin summary
*
* @return string|null
*/
public function get_Summary() {
if (isset($this->refs['summary'])) {
return $this->refs['summary'];
}
return null;
}
/**
* Getter function for plugin description
*
* @return string|null
*/
public function get_Description() {
if (isset($this->refs['description'])) {
return $this->refs['description'];
}
return null;
}
/**
* Getter function for plugin solution
*
* @return string
*/
public function get_Solution() {
if (isset($this->refs['solution'])) {
return $this->refs['solution'];
}
return null;
}
/**
* Getter function for plugin family
*
* @return string
*/
public function get_Family() {
if (isset($this->refs['family'])) {
return $this->refs['family'];
}
return null;
}
/**
* Getter function for plugin category
*
* @return string
*/
public function get_Category() {
if (isset($this->refs['category'])) {
return $this->refs['category'];
}
return null;
}
/**
* Getter function for plugin copyright
*
* @return string
*/
public function get_Copyright() {
return $this->copyright;
}
/**
* Setter function for plugin copyright
*
* @param string $str_Copyright_In
*/
public function set_Copyright($str_Copyright_In) {
$this->copyright = $str_Copyright_In;
}
/**
* Getter function for plugin protocol
*
* @return string
*/
public function get_Protocol() {
if (isset($this->refs['protocol'])) {
return $this->refs['protocol'];
}
return null;
}
/**
* Getter function for plugin version
*
* @return string
*/
public function get_Version() {
return $this->version;
}
/**
* Setter function for plugin version
*
* @param string $str_Version_In
*/
public function set_Version($str_Version_In) {
$this->version = $str_Version_In;
}
/**
* Getter function for plugin file name
*
* @return string
*/
public function get_FileName() {
return $this->file_name;
}
/**
* Setter function for plugin file name
*
* @param string $str_FileName_In
*/
public function set_FileName($str_FileName_In) {
$this->file_name = $str_FileName_In;
}
/**
* Getter function for plugin file date
*
* @return string
*/
public function get_FileDate() {
return $this->file_date;
}
/**
* Getter function for plugin file date
*
* @return DateTime
*/
public function get_FileDate_Date() {
return DateTime::createFromFormat("U", $this->file_date);
}
/**
* Setter function for plugin file date
*
* @param string $str_FileDate_In
*/
public function set_FileDate($str_FileDate_In) {
$this->file_date = $str_FileDate_In;
}
/**
* Function to return multidimensional array of all references
*
* @return multitype:string
*/
public function get_Reference() {
return $this->refs;
}
/**
* Function to return an array of references
*
* @param string $type
* The type you want to isolate
*
* @return multitype:string
* Returns an array of references that are linked to a type
*/
public function get_Reference_By_Type($type) {
if ($type == 'iavm') {
$tmp = array();
if (isset($this->refs['iava'])) {
$tmp = array_merge($tmp, $this->refs['iava']);
}
if (isset($this->refs['iavb'])) {
$tmp = array_merge($tmp, $this->refs['iavb']);
}
if (isset($this->refs['iavt'])) {
$tmp = array_merge($tmp, $this->refs['iavt']);
}
return $tmp;
}
if (isset($this->refs[strtolower($type)])) {
return $this->refs[strtolower($type)];
}
return array();
}
/**
* Function to see if a reference is already in the array
*
* @param string $type
* The reference type you are searching for
* @param string $val
* The value you are searching for
*
* @return boolean
* Returns TRUE if found, otherwise false
*/
public function ref_Found($type, $val) {
if (isset($this->refs[strtolower($type)])) {
foreach ($this->refs[strtolower($type)] as $ref) {
if ($ref == $val) {
return true;
}
}
}
return false;
}
/**
* Function to add a reference to the array
*
* @param string $type
* An enumerated type of reference ('cve','bid','osvdb','edb','iavm','msft','cert','cwe')
* @param string $val
* The type value
*/
public function add_Reference($type, $val) {
$this->refs[strtolower($type)][] = $val;
}
/**
* Function to remove a reference
*
* @param string $type
* An enumerated type of reference ('cve','bid','osvdb','edb','iavm','msft','cert','cwe')
* More can be added if necessary
* @param string $val
* The value of the type
*
* @return boolean
* Returns TRUE if successful, otherwise false
*/
public function remove_Reference($type, $val) {
foreach ($this->ref[strtolower($type)] as $key => $ref) {
if ($ref == $val) {
unset($this->ref[$key]);
return true;
}
}
return false;
}
/**
* To compare the meta data in two different nessus objects
*
* @param nessus $refs
*
* @return array
*/
public function compare_References($refs) {
$ret = array();
foreach ($this->refs as $type => $ref) {
foreach ($ref as $val) {
if (!$refs->ref_Found($type, $val)) {
$ret[$type][] = $val;
}
}
}
return $ret;
}
}

255
classes/oval.inc Normal file
View File

@ -0,0 +1,255 @@
<?php
/**
* File: oval.inc
* Author: Ryan Prather
* Purpose: Represents an Oval check
* Created: Sep 26, 2013
*
* Portions Copyright (c) 2012-2015, Salient Federal Solutions
* Portions Copyright (c) 2008-2011, Science Applications International Corporation (SAIC)
* Released under Modified BSD License
*
* See license.txt for details
*
* Change Log:
* - Sep 26, 2013 - File created
*/
include_once 'oval_ref.inc';
/**
* Represents an Oval check
*
* @author Ryan Prather
*
*/
class oval {
/**
* PDI ID
*
* @var integer
*/
protected $pdi_id = 0;
/**
* Oval ID
*
* @var string
*/
protected $oval_id = '';
/**
* Definition title
*
* @var string
*/
protected $title = '';
/**
* Definition description
*
* @var string
*/
protected $desc = '';
/**
* Platform
*
* @var string
*/
protected $platform = '';
/**
* External definition
*
* @var string
*/
protected $ext_def = '';
/**
* External definition operator
*
* @var string
*/
protected $ext_def_op = '';
/**
* Array of oval references
*
* @var multitype:oval_ref
*/
protected $oval_ref = array();
/**
* Constructor
*
* @param integer $int_pdi_id_in
* @param string $str_oval_id_in
* @param string $str_title_in
* @param string $str_desc_in
* @param string $str_platform_in
* @param string $str_ext_def_in
* @param string $str_ext_def_op_in
*/
public function __construct($int_pdi_id_in, $str_oval_id_in, $str_title_in, $str_desc_in,
$str_platform_in, $str_ext_def_in, $str_ext_def_op_in) {
$this->pdi_id = $int_pdi_id_in;
$this->oval_id = $str_oval_id_in;
$this->title = $str_title_in;
$this->desc = $str_desc_in;
$this->platform = $str_platform_in;
$this->ext_def = $str_ext_def_in;
$this->ext_def_op = $str_ext_def_op_in;
}
/**
* Get pdi id
*
* @return integer
*/
public function get_PDI_ID() {
return $this->pdi_id;
}
/**
* Set pdi id
*
* @param integer $int_pdi_id_in
*/
public function set_PDI_ID($int_pdi_id_in) {
$this->pdi_id = $int_pdi_id_in;
}
/**
* Get oval id
*
* @return string
*/
public function get_Oval_ID() {
return $this->oval_id;
}
/**
* Set oval id
*
* @param string $str_oval_id_in
*/
public function set_Oval_ID($str_oval_id_in) {
$this->oval_id = $str_oval_id_in;
}
/**
* Get definition title
*
* @return string
*/
public function get_Title() {
return $this->title;
}
/**
* Set definition title
*
* @param string $str_title_in
*/
public function set_Title($str_title_in) {
$this->title = $str_title_in;
}
/**
* Get the definition description
*
* @return string
*/
public function get_Description() {
return $this->desc;
}
/**
* Set the definition description
*
* @param string $str_desc_in
*/
public function set_Description($str_desc_in) {
$this->desc = $str_desc_in;
}
/**
* Get the platform that is affected by this definition
*
* @return string
*/
public function get_Platform() {
return $this->platform;
}
/**
* Set the platform that is affected by this definition
*
* @param string $str_platform_in
*/
public function set_Platform( $str_platform_in) {
$this->platform = $str_platform_in;
}
/**
* Get the external definition
*
* @return string
*/
public function get_External_Definition() {
return $this->ext_def;
}
/**
* Set the external definition
*
* @param string $str_ext_def_in
*/
public function set_External_Definition($str_ext_def_in) {
$this->ext_def = $str_ext_def_in;
}
/**
* Get the external definition operator
*
* @return string
*/
public function get_External_Definition_Operator() {
return $this->ext_def_op;
}
/**
* Set the external definition operator
*
* @param string $str_ext_def_op_in
*/
public function set_External_Definition_Operator($str_ext_def_op_in) {
$this->ext_def_op = $str_ext_def_op_in;
}
/**
* Return the array of Oval References
*
* @return multitype:oval_ref
*/
public function get_References() {
return $this->oval_ref;
}
/**
* Add a reference to the oval_ref variable
*
* @param oval_ref $oval_ref_in
*/
public function add_Reference($oval_ref_in) {
$this->oval_ref[] = $oval_ref_in;
}
/**
* Function to clear the oval reference array
*/
public function clear_References() {
$this->oval_ref = array();
}
}

139
classes/oval_ref.inc Normal file
View File

@ -0,0 +1,139 @@
<?php
/**
* File: oval_ref.inc
* Author: Ryan Prather
* Purpose: Represents an oval reference
* Created: Sep 26, 2013
*
* Portions Copyright (c) 2012-2015, Salient Federal Solutions
* Portions Copyright (c) 2008-2011, Science Applications International Corporation (SAIC)
* Released under Modified BSD License
*
* See license.txt for details
*
* Change Log:
* - Sep 26, 2013 - File created
*/
/**
* Represents an Oval Reference
*
* @author Ryan Prather
*
*/
class oval_ref {
/**
* Oval ID
*
* @var string
*/
protected $oval_id = '';
/**
* Source
*
* @var string
*/
protected $source = '';
/**
* URL
*
* @var string
*/
protected $url = '';
/**
* Reference ID
*
* @var string
*/
protected $ref_id = '';
/**
* Constructor
*
* @param string $str_oval_id_in
* @param string $str_source_in
* @param string $str_url_in
* @param string $str_ref_id_in
*/
public function __construct($str_oval_id_in, $str_source_in, $str_url_in, $str_ref_id_in) {
$this->oval_id = $str_oval_id_in;
$this->source = $str_source_in;
$this->url = $str_url_in;
$this->ref_id = $str_ref_id_in;
}
/**
* Get the oval id
*
* @return string
*/
public function get_Oval_ID() {
return $this->oval_id;
}
/**
* Set the Oval ID
*
* @param string $str_oval_id_in
*/
public function set_Oval_ID($str_oval_id_in) {
$this->oval_id = $str_oval_id_in;
}
/**
* Get the source
*
* @return string
*/
public function get_Source() {
return $this->source;
}
/**
* Set the source
*
* @param string $str_source_in
*/
public function set_Source($str_source_in) {
$this->source = $str_source_in;
}
/**
* Get the URL
*
* @return string
*/
public function get_URL() {
return $this->url;
}
/**
* Set the URL
*
* @param string $str_url_in
*/
public function set_URL($str_url_in) {
$this->url = $str_url_in;
}
/**
* Get the reference id
*
* @return string
*/
public function get_Reference_ID() {
return $this->ref_id;
}
/**
* Set the reference id
*
* @param string $str_ref_id_in
*/
public function set_Reference_ID($str_ref_id_in) {
$this->ref_id = $str_ref_id_in;
}
}

283
classes/pdi_catalog.inc Normal file
View File

@ -0,0 +1,283 @@
<?php
/**
* File: pdi_catalog.inc
* Author: Ryan Prather
* Purpose: Represents a PDI catalog item
* Created: Sep 12, 2013
*
* Portions Copyright 2016-2017: Cyber Perspectives, LLC, All rights reserved
* Released under the Apache v2.0 License
*
* Portions Copyright (c) 2012-2015, Salient Federal Solutions
* Portions Copyright (c) 2008-2011, Science Applications International Corporation (SAIC)
* Released under Modified BSD License
*
* See license.txt for details
*
* Change Log:
* - Sep 12, 2013 - File created
* - Jun 27, 2017 - Added truncation for short title if longer than 255 characters
* - Oct 23, 2017 - Updated file header, added fix text and group title to class, and deleted SQL insert method
*/
/**
* Represent a Potential Descrepancy Item (PDI)
* @author Ryan Prather
*
*/
class pdi {
/**
* ID
*
* @var integer
*/
protected $id = 0;
/**
* Category level
*
* @var integer
*/
protected $cat_lvl = 0;
/**
* Update DateTime
*
* @var DateTime
*/
protected $update;
/**
* Check Contents
*
* @var string
*/
protected $chk_content = '';
/**
* Fix Text
*
* @var string
*/
protected $fix_text = null;
/**
* Group Title
*
* @var string
*/
protected $group_title = null;
/**
* Short title
*
* @var string
*/
protected $short_title = null;
/**
* Description
*
* @var string
*/
protected $description = '';
/**
* Constructor
*
* @param integer $int_ID
* @param integer:string $Cat_Lvl
* @param string $dt_Update
*/
public function __construct($int_ID, $Cat_Lvl, $dt_Update) {
$this->id = $int_ID;
if (is_string($dt_Update)) {
$this->update = new DateTime($dt_Update);
}
elseif (is_a($dt_Update, 'DateTime')) {
$this->update = $dt_Update;
}
else {
$this->update = new DateTime();
}
if ($Cat_Lvl && $Cat_Lvl != '' && !is_null($Cat_Lvl)) {
if (is_numeric($Cat_Lvl)) {
$this->cat_lvl = $Cat_Lvl;
}
else {
$this->cat_lvl = substr_count($Cat_Lvl, "I");
}
}
else {
$this->cat_lvl = 2;
$this->description = "Defaulted Cat" . PHP_EOL . $this->description;
}
}
/**
* Getter function for PDI ID
*
* @return integer
*/
public function get_ID() {
return $this->id;
}
/**
* Setter function for PDI ID
*
* @param integer $id
*/
public function set_ID($id) {
$this->id = $id;
}
/**
* Getter function for category level
*
* @return integer
*/
public function get_Category_Level() {
return $this->cat_lvl;
}
/**
* Gettr function for category level string
*
* @return string
*/
public function get_Category_Level_String() {
return implode("", array_fill(0, $this->cat_lvl, "I"));
}
/**
* Setter function for category level
*
* @param integer:string $Cat_Lvl
*/
public function set_Catetgory_Level($Cat_Lvl) {
if (is_numeric($Cat_Lvl)) {
$this->cat_lvl = $Cat_Lvl;
}
else {
$this->cat_lvl = substr_count($Cat_Lvl, 'I');
}
}
/**
* Getter function for last update
*
* @return DateTime
*/
public function get_Last_Update() {
return $this->update;
}
/**
* Setter function for last update
*
* @param string $dt_Update
*/
public function set_Update($dt_Update) {
$this->update = new DateTime($dt_Update);
}
/**
* Getter function for check contents
*
* @return string
*/
public function get_Check_Contents() {
return $this->chk_content;
}
/**
* Setter function for check contents
*
* @param string $str_Check_Content
*/
public function set_Check_Contents($str_Check_Content) {
$this->chk_content = $str_Check_Content;
}
/**
* Getter function for the fix text
*
* @return string
*/
public function get_Fix_Text() {
return $this->fix_text;
}
/**
* Setter function for the fix text
*
* @param string $fix_text_in
*/
public function set_Fix_Text($fix_text_in) {
if (is_array($fix_text_in) && count($fix_text_in) > 1) {
$this->fix_text = implode("\n", $fix_text_in);
}
else {
$this->fix_text = $fix_text_in;
}
}
/**
* Getter function for group title
*
* @return string
*/
public function get_Group_Title() {
return $this->group_title;
}
/**
* Setter function for group title
*
* @param string $group_title_in
*/
public function set_Group_Title($group_title_in) {
$this->group_title = $group_title_in;
}
/**
* Getter function for short title
*
* @return string
*/
public function get_Short_Title() {
return $this->short_title;
}
/**
* Setter function for short title
*
* @param string $str_Short_Title
*/
public function set_Short_Title($str_Short_Title) {
$this->short_title = $str_Short_Title;
}
/**
* Getter function for description
*
* @return string
*/
public function get_Description() {
return $this->description;
}
/**
* Setter function for description
*
* @param string $str_Description
*/
public function set_Description($str_Description) {
$this->description = $str_Description;
}
}

36
classes/people.inc Normal file
View File

@ -0,0 +1,36 @@
<?php
/**
* File: people.inc
* Author: Ryan Prather
* Purpose: Represents a person
* Created: Dec 8, 2014
*
* Portions Copyright 2016-2017: Cyber Perspectives, LLC, All rights reserved
* Released under the Apache v2.0 License
*
* Portions Copyright (c) 2012-2015, Salient Federal Solutions
* Portions Copyright (c) 2008-2011, Science Applications International Corporation (SAIC)
* Released under Modified BSD License
*
* See license.txt for details
*
* Change Log:
* - Dec 8, 2014 - File created
* - Sep 1, 2016 - Updated Copyright and added comments
*/
/**
* Represents the people that will be working on an assessment
*
* @author Ryan Prather
*/
class people {
public $id = 0;
public $name = '';
public $org = '';
public $phone = '';
public $position = '';
}

254
classes/port.inc Normal file
View File

@ -0,0 +1,254 @@
<?php
/**
* File: ports.inc
* Author: Ryan Prather
* Purpose: Represents an open TCP or UDP port on an interface
* Created: Sep 12, 2013
*
* Portions Copyright 2016-2017: Cyber Perspectives, LLC, All rights reserved
* Released under the Apache v2.0 License
*
* Portions Copyright (c) 2012-2015, Salient Federal Solutions
* Portions Copyright (c) 2008-2011, Science Applications International Corporation (SAIC)
* Released under Modified BSD License
*
* See license.txt for details
* Change Log:
* - Sep 12, 2013 - File created
* - Sep 1, 2016 - Copyright updated
* - Oct 24, 2016 - Updated relationship between tcp/udp_port and port classes
*/
/**
* Represents a generic port
*
* @author Ryan Prather
*/
class port {
/**
* port ID
*
* @var integer
*/
protected $id = 0;
/**
* port number
*
* @var integer
*/
protected $port = 0;
/**
* Name as defined by IANA
*
* @var string
*/
protected $iana_name = '';
/**
* Banner
*
* @var string
*/
protected $banner = '';
/**
* Port notes
*
* @var string
*/
protected $notes = '';
/**
* Getter function for port Id
*
* @return integer
*/
public function get_ID() {
return $this->id;
}
/**
* Getter function for port number
*
* @return integer
*/
public function get_Port() {
return $this->port;
}
/**
* Getter function for port name
*
* @return string
*/
public function get_IANA_Name() {
return $this->iana_name;
}
/**
* Setter function for port name
*
* @return string
*/
public function set_IANA_Name($str_New_Name) {
$this->iana_name = $str_New_Name;
}
/**
* Geeter function for port banner
*
* @return string
*/
public function get_Banner() {
return $this->banner;
}
/**
* Setter function for port notes
*
* @param
* $str_New_Banner
*/
public function set_Banner($str_New_Banner) {
$this->banner = $str_New_Banner;
}
/**
* Getter function for port notes
*
* @return string
*/
public function get_Notes() {
return $this->notes;
}
/**
* Setter function for port notes
*
* @param string $str_New_Notes
*/
public function set_Notes($str_New_Notes) {
$this->notes = $str_New_Notes;
}
/**
* Setter function that will append new notes instead of overwriting
*
* @param string $str_New_Notes
*/
public function append_Notes($str_New_Notes) {
$this->notes .= $str_New_Notes;
}
}
/**
* Represents a TCP port/service
*
* @author Ryan Prather
*
*/
class tcp_ports extends port {
/**
* Constructor
*
* @param integer $int_ID
* @param integer $int_Port
* @param string $str_IANA_Name
* @param string $str_Banner
* @param string $str_Notes
*/
public function __construct($int_ID, $int_Port, $str_IANA_Name, $str_Banner, $str_Notes) {
$this->id = $int_ID;
$this->port = $int_Port;
$this->iana_name = $str_IANA_Name;
$this->banner = $str_Banner;
$this->notes = $str_Notes;
}
/**
* Getter function for preformated table row
*
* @return string
*/
public function get_Table_Data($intface_IP, $intface_ID, $Odd_Row) {
$ret = "<div class='pps-row " . ($Odd_Row ? "odd" : "even") . "_row'>" .
"<span class='pps'>" .
"<input type='hidden' name='tcp_port[$intface_ID][$this->id]' value='$this->port' />$this->port" . "/tcp" .
"</span>" .
"<span class='listen'>$intface_IP</span>" .
"<span class='iana-name'>" .
"<input type='text' class='auto-update-text' style='width: 150px;' name='iana_name[$intface_ID][$this->id]' value='$this->iana_name'/>" .
"</span>" .
"<span class='banner'>" .
"<textarea class='auto-update-text' style='width: 300px; vertical-align: bottom' rows='2' name='banner[$intface_ID][$this->id]'>$this->banner</textarea>" .
"</span>" .
"<span class='pps-notes'>" .
"<textarea class='auto-update-text' style='width: 450px; vertical-align: bottom' rows='3' name='notes[$intface_ID][$this->id]'>$this->notes</textarea>" .
"</span>" .
"</div>";
return $ret;
}
}
/**
* Represents a UDP port/service
*
* @author Ryan Prather
*
*/
class udp_ports extends port {
/**
* Constructor
*
* @param integer $int_ID
* @param integer $int_Port
* @param string $str_IANA_Name
* @param string $str_Banner
* @param string $str_Notes
*/
public function __construct($int_ID, $int_Port, $str_IANA_Name, $str_Banner, $str_Notes) {
$this->id = $int_ID;
$this->port = $int_Port;
$this->iana_name = $str_IANA_Name;
$this->banner = $str_Banner;
$this->notes = $str_Notes;
}
/**
* Getter function for preformated tabel row
*
* @param string $intface_IP
* @param integer $intface_ID
* @param boolean $Odd_Row
* @return string
*/
public function get_Table_Data($intface_IP, $intface_ID, $Odd_Row) {
$ret = "<div class='pps-row " . ($Odd_Row ? "odd" : "even") . "_row'>" .
"<span class='pps'>" .
"<input type='hidden' name='udp_port[$intface_ID][$this->id]' value='$this->port' />$this->port" . "/udp" .
"</span>" .
"<span class='listen'>$intface_IP</span>" .
"<span class='iana-name'>" .
"<input type='text' class='auto-update-text' style='width: 150px;' name='iana_name[$intface_ID][$this->id]' value='$this->iana_name'/>" .
"</span>" .
"<span class='banner'>" .
"<textarea class='auto-update-text' style='width: 300px; vertical-align: bottom' rows='2' name='banner[$intface_ID][$this->id]'>$this->banner</textarea>" .
"</span>" .
"<span class='pps-notes'>" .
"<textarea class='auto-update-text' style='width: 450px; vertical-align: bottom' rows='3' name='notes[$intface_ID][$this->id]'>$this->notes</textarea>" .
"</span>" .
"</div>";
return $ret;
}
}

758
classes/proc_ia_controls.inc Normal file
View File

@ -0,0 +1,758 @@
<?php
/**
* File: proc_ia_controls.inc
* Author: Ryan Prather
* Purpose: Contain all classes that have to do with a procedural IA control
* Created: Mar 17, 2014
*
* Portions Copyright 2016-2017: Cyber Perspectives, LLC, All rights reserved
* Released under the Apache v2.0 License
*
* Portions Copyright (c) 2012-2015, Salient Federal Solutions
* Portions Copyright (c) 2008-2011, Science Applications International Corporation (SAIC)
* Released under Modified BSD License
*
* See license.txt for details
*
* Change Log:
* - Mar 17, 2014 - File created
* - Sep 1, 2016 - Updated Copyright and a couple comments
*/
/**
* Procedural IA Controls
*
* @author Ryan Prather
*
*/
class proc_ia_controls {
/**
* Array for status
*
* @var myltitype:string
*/
private $STATUS = array(
"Not Reviewed" => 4,
"Non-Compliant" => 3,
"Compliant" => 2,
"Not Applicable" => 1
);
/**
* Reverses the status array
*
* @var multitype:integer
*/
private $FLIPPED = array(
4 => "Not Reviewed",
3 => "Non-Compliant",
2 => "Compliant",
1 => "Not Applicable"
);
/**
* Control ID
*
* @var string
*/
protected $control_id = '';
/**
* Name
*
* @var string
*/
protected $name = '';
/**
* Subject area
*
* @var string
*/
protected $sub_area = '';
/**
* Description
*
* @var string
*/
protected $desc = '';
/**
* Threat/vulnerability/countermeasures
*
* @var string
*/
protected $tvcm = '';
/**
* General implementation guide
*
* @var string
*/
protected $gimpg = '';
/**
* Resource guide
*
* @var string
*/
protected $guide = '';
/**
* Impact
*
* @var string
*/
protected $impact = '';
/**
* Array of sub ia controls
*
* @var multitype:proc_sub_ia_controls
*/
protected $subs = array();
/**
* Control Finding
*
* @var control_finding
*/
public $finding = null;
/**
* Constructor
*
* @param string $str_control_id_in
* @param string $str_name_in
* @param string $str_sub_area_in
* @param string $str_desc_in
* @param string $str_tvcm_in
* @param string $str_gimpg_in
* @param string $str_guide_in
* @param string $str_impact_in
*/
public function __construct($str_control_id_in, $str_name_in, $str_sub_area_in, $str_desc_in, $str_tvcm_in, $str_gimpg_in, $str_guide_in, $str_impact_in) {
$this->control_id = $str_control_id_in;
$this->desc = $str_desc_in;
$this->name = $str_name_in;
$this->sub_area = $str_sub_area_in;
$this->tvcm = $str_tvcm_in;
$this->gimpg = $str_gimpg_in;
$this->guide = $str_guide_in;
$this->impact = $str_impact_in;
$this->finding = new control_finding();
}
/**
* Function to get the status
*
* @param string|integer $val
* @return multitype:integer|myltitype:string
*/
public function get_Status($val) {
if (is_numeric($val)) {
return $this->FLIPPED[$val];
}
else {
return $this->STATUS[$val];
}
}
/**
* Getter function for control ID
*
* @return string
*/
public function get_Control_ID() {
return $this->control_id;
}
/**
* Setter function for control id
*
* @param string $str_control_id_in
*/
public function set_Control_ID($str_control_id_in) {
$this->control_id = $str_control_id_in;
}
/**
* Getter function for name
*
* @return string
*/
public function get_Name() {
return $this->name;
}
/**
* Setter function for name
*
* @param string $str_name_in
*/
public function set_Name($str_name_in) {
$this->name = $str_name_in;
}
/**
* Getter function for subject area
*
* @return string
*/
public function get_Subject_Area() {
return $this->sub_area;
}
/**
* Setter function for subject area
*
* @param string $str_sub_area_in
*/
public function set_Subject_Area($str_sub_area_in) {
$this->sub_area = $str_sub_area_in;
}
/**
* Getter function for description
*
* @return string
*/
public function get_Description() {
return $this->desc;
}
/**
* Setter function for description
*
* @param string $str_desc_in
*/
public function set_Description($str_desc_in) {
$this->desc = $str_desc_in;
}
/**
* Getter function for threat/vulnerability/countermeasures
*
* @return string
*/
public function get_Threat_Vul_CM() {
return $this->tvcm;
}
/**
* Setter function for threat/vulnerability/countermeasures
*
* @param string $str_tvcm_in
*/
public function set_Threat_Vul_CM($str_tvcm_in) {
$this->tvcm = $str_tvcm_in;
}
/**
* Getter function for implementation guide
*
* @return string
*/
public function get_General_Implementation_Guide() {
return $this->gimpg;
}
/**
* Setter function for implementation guide
*
* @param string $str_gimpg_in
*/
public function set_General_Implementation_Guide($str_gimpg_in) {
$this->gimpg = $str_gimpg_in;
}
/**
* Getter function for resource guide
*
* @return string
*/
public function get_Resource_Guide() {
return $this->guide;
}
/**
* Setter function for resource guide
*
* @param string $str_guide_in
*/
public function set_Resourse_Guide($str_guide_in) {
$this->guide = $str_guide_in;
}
/**
* Getter function for impact
*
* @return string
*/
public function get_Impact() {
return $this->impact;
}
/**
* Setter function for impact
*
* @param string $str_impact_in
*/
public function set_Impact($str_impact_in) {
$this->impact = $str_impact_in;
}
/**
* Getter function for sub controls
*
* @return multitype:proc_sub_ia_controls
*/
public function get_Subs() {
return $this->subs;
}
/**
* Function to add new sub controls
*
* @param proc_sub_ia_controls $sub_in
*/
public function add_Sub($sub_in) {
$this->subs[] = $sub_in;
}
/**
* Function to generate a display for procedural ops page
*
* @return string
*/
public function get_Ops_Display($odd = true) {
$status_count = array(
'Not Reviewed' => 0,
'Non-Compliant' => 0,
'Compliant' => 0,
'Not Applicable' => 0
);
$current_status = 0;
foreach ($this->subs as $key => $sub) {
if ($this->STATUS[$sub->finding->status] > $current_status) {
$current_status = $this->STATUS[$sub->finding->status];
}
$status_count[$sub->finding->status] ++;
}
$class = strtolower(str_replace(' ', '_', str_replace('-', '_', $this->FLIPPED[$current_status])));
$parent_name = str_replace('-', '_', $this->control_id);
$ret = "<tr>" .
"<td class='cat_header' colspan='4'>" .
"<span style='width:115px;cursor:pointer;' onclick=\"$('.$parent_name').toggle(300);\">" . $this->control_id . "</span>" .
"<span style='width:310px;'>" . $this->name . "</span>" .
"<span class='$class' id='$parent_name" . "_disp'>" . $this->FLIPPED[$current_status] . "</span>" .
"<span class='override_status' id='" . $parent_name . "_or'>" .
"Override: <input type='checkbox' onclick=\"$('#" . $parent_name . "_status').toggle();\" />" .
"<select id='" . $parent_name . "_status' style='display:none;' onchange='field_id=\"$parent_name" . "_status\";update_status(\"$parent_name" . "_status\");'>" .
"<option />" .
"<option" . ($this->FLIPPED[$current_status] == 'Not Reviewed' ? ' selected' : '') . ">Not Reviewed</option>" .
"<option" . ($this->FLIPPED[$current_status] == 'Non-Compliant' ? ' selected' : '') . ">Non-Compliant</option>" .
"<option" . ($this->FLIPPED[$current_status] == 'Compliant' ? ' selected' : '') . ">Compliant</option>" .
"<option" . ($this->FLIPPED[$current_status] == 'Not Applicable' ? ' selected' : '') . ">Not Applicable</option>" .
"</select>" .
"</span>" .
"<span id='$parent_name" . "_Compliant' class='compliant' style='width:25px;text-align:center;'>" . $status_count['Compliant'] . "</span>" .
"<span id='$parent_name" . "_Not_Reviewed' class='not_reviewed' style='width:25px;text-align:center;'>" . $status_count['Not Reviewed'] . "</span>" .
"<span id='$parent_name" . "_Non_Compliant' class='non_compliant' style='width:25px;text-align:center;'>" . $status_count['Non-Compliant'] . "</span>" .
"<span id='$parent_name" . "_Not_Applicable' class='not_applicable' style='width:25px;text-align:center;'>" . $status_count['Not Applicable'] . "</span>" .
"</td>" .
"</tr>" .
"<tr class='" . ($odd ? 'odd' : 'even') . "_row $parent_name'>" .
"<td style='width:117px;'>" . $this->control_id . "<br />" . $this->name . "</td>" .
"<td style='width:150px;'>" . nl2br($this->desc) . "</td>" .
"<td style='width:450px;'>" . nl2br($this->gimpg) . "</td>" .
"<td>" .
"Vulnerability Description:<br />" .
"<textarea name='$parent_name" . "_vul_desc' id='$parent_name" . "_vul_desc'>" . $this->finding->vul_desc . "</textarea><br />" .
"Mitigations:<br />" .
"<textarea name='$parent_name" . "_mit' id='$parent_name" . "_mit'>" . $this->finding->mitigations . "</textarea><br />" .
"References:<br />" .
"<textarea name='$parent_name" . "_ref' id='$parent_name" . "_ref'>" . $this->finding->reference . "</textarea><br />" .
"Notes:<br />" .
"<textarea name='$parent_name" . "_notes' id='$parent_name" . "_notes'>" . $this->finding->notes . "</textarea>" .
"</td>" .
"</tr>";
foreach ($this->subs as $key => $sub) {
$odd = !$odd;
$name = str_replace('-', '_', $sub->get_Sub_Control_ID());
$ret .= "<tr class='" . ($odd ? 'odd' : 'even') . "_row $parent_name'>" .
"<td style='width:117px;'>" . $sub->get_Sub_Control_ID() . "<br />" .
"<input type='hidden' id='$name" . "_status_old' value='" . $sub->finding->status . "' />" .
"<select name='$name" . "_status' id='$name" . "_status' style='width:95px;' onchange='field_id=\"$name" . "_status\";update_status();'>" .
"<option" . ($sub->finding->status == 'Not Reviewed' ? ' selected' : '') . ">Not Reviewed</option>" .
"<option" . ($sub->finding->status == 'Compliant' ? ' selected' : '') . ">Compliant</option>" .
"<option" . ($sub->finding->status == 'Not Applicable' ? ' selected' : '') . ">Not Applicable</option>" .
"<option" . ($sub->finding->status == 'Non-Compliant' ? ' selected' : '') . ">Non-Compliant</option>" .
"</select>" .
$sub->get_Name() . "</td>" .
"<td style='width:150px;'>" . nl2br($sub->get_Objective()) . "</td>" .
"<td style='width:450px;'>" . nl2br($sub->get_Script()) . "</td>" .
"<td>" .
"Test Result:<br />" .
"<textarea name='$name" . "_test_result' id='$name" . "_test_result'>" . $sub->finding->test_result . "</textarea><br />" .
"Mitigations:<br />" .
"<textarea name='$name" . "_mit' id='$name" . "_mit'>" . $sub->finding->mitigation . "</textarea><br />" .
"Milestones:<br />" .
"<textarea name='$name" . "_milestone' id='$name" . "_milestone'>" . $sub->finding->milestone . "</textarea><br />" .
"References:<br />" .
"<textarea name='$name" . "_ref' id='$name" . "_ref'>" . $sub->finding->reference . "</textarea><br />" .
"Notes:<br />" .
"<textarea name='$name" . "_notes' id='$name" . "_notes'>" . $sub->finding->notes . "</textarea>" .
"</td>" .
"</tr>";
}
return $ret;
}
/**
*
* @return string
*/
public function get_Worst_Status_String() {
$current_status = 0;
foreach ($this->subs as $key => $sub) {
if ($this->STATUS[$sub->finding->status] > $current_status) {
$current_status = $this->STATUS[$sub->finding->status];
if ($current_status == $this->STATUS['Not Reviewed']) {
break;
}
}
}
return $this->FLIPPED[$current_status];
}
}
/**
* Control Findings
*
* @author Ryan Prather
*/
class control_finding {
/**
* DB ID
*
* @var integer
*/
public $id = 0;
/**
* Associated ST&E ID
*
* @var integer
*/
public $ste_id = 0;
/**
* Control ID
*
* @var string
*/
public $control_id = '';
/**
* Vulnerability description
*
* @var string
*/
public $vul_desc = '';
/**
* Control mitigations
*
* @var string
*/
public $mitigations = '';
/**
* Control references
*
* @var string
*/
public $reference = '';
public $risk_analysis = '';
/**
* Notes
*
* @var string
*/
public $notes = '';
/**
* Tells the system that this control review is complete
*
* @var boolean
*/
public $done = false;
}
/**
* Procedural Sub IA Controls
*
* @author Ryan Prather
*
*/
class proc_sub_ia_controls {
/**
* Sub control id
*
* @var string
*/
protected $sub_control_id = '';
/**
* Name
*
* @var string
*/
protected $name = '';
/**
* Objectives
*
* @var string
*/
protected $objective = '';
/**
* Preparation
*
* @var string
*/
protected $prep = '';
/**
* Script
*
* @var script
*/
protected $script = '';
/**
* Expected Results
*
* @var string
*/
protected $expected_results = '';
/**
* Procedural finding with notes
*
* @var proc_finding
*/
public $finding = null;
/**
* Constructor
*
* @param string $str_sub_control_id_in
* @param string $str_name_in
* @param string $str_obj_in
* @param string $str_prep_in
* @param string $str_script_in
* @param string $str_exp_results_in
*/
public function __construct($str_sub_control_id_in, $str_name_in, $str_obj_in, $str_prep_in, $str_script_in, $str_exp_results_in) {
$this->sub_control_id = $str_sub_control_id_in;
$this->name = $str_name_in;
$this->objective = $str_obj_in;
$this->prep = $str_prep_in;
$this->script = $str_script_in;
$this->expected_results = $str_exp_results_in;
$this->finding = new proc_finding();
}
/**
* Getter function for sub control id
*
* @return string
*/
public function get_Sub_Control_ID() {
return $this->sub_control_id;
}
/**
* Setter function for sub control id
*
* @param string $str_sub_control_id_in
*/
public function set_Sub_Control_ID($str_sub_control_id_in) {
$this->sub_control_id = $str_sub_control_id_in;
}
/**
* Getter function for name
*
* @return string
*/
public function get_Name() {
return $this->name;
}
/**
* Setter function for name
*
* @param string $str_name_in
*/
public function set_Name($str_name_in) {
$this->name = $str_name_in;
}
/**
* Getter function for objectives
*
* @return string
*/
public function get_Objective() {
return $this->objective;
}
/**
* Setter function for objective
*
* @param string $str_obj_in
*/
public function set_Objective($str_obj_in) {
$this->objective = $str_obj_in;
}
/**
* Getter function for preparations
*
* @return string
*/
public function get_Preparation() {
return $this->prep;
}
/**
* Setter function fore preparations
*
* @param string $str_prep_in
*/
public function set_Preparation($str_prep_in) {
$this->prep = $str_prep_in;
}
/**
* Getter function for script
*
* @return string
*/
public function get_Script() {
return $this->script;
}
/**
* Setter function for script
*
* @param string $str_script_in
*/
public function set_Script($str_script_in) {
$this->script = $str_script_in;
}
/**
* Getter function for expected results
*
* @return string
*/
public function get_Expected_Results() {
return $this->expected_results;
}
/**
* Setter function for expected results
*
* @param string $str_exp_results_in
*/
public function set_Expected_Results($str_exp_results_in) {
$this->expected_results = $str_exp_results_in;
}
}
/**
* Procedural findings
*
* @author Ryan Prather
*
*/
class proc_finding {
/**
* Finding ST&E ID
*
* @var integer
*/
public $ste_id = 0;
/**
* Finding control id
*
* @var string
*/
public $control_id = '';
/**
* Finding Status
*
* @var string
*/
public $status = '';
/**
* Finding compliance statement
*
* @var string
*/
public $test_result = '';
/**
* Finding mitigations
*
* @var string
*/
public $mitigation = '';
/**
* Finding milestones
*
* @var string
*/
public $milestone = '';
/**
* Finding reference
*
* @var string
*/
public $reference = '';
/**
* Finding notes
*
* @var string
*/
public $notes = '';
}

72
classes/question.inc Normal file
View File

@ -0,0 +1,72 @@
<?php
/**
* File: question.inc
* Author: Ryan Prather
* Purpose: Represent a interview question
* Created: Aug 25, 2014
*
* Portions Copyright 2016-2017: Cyber Perspectives, LLC, All rights reserved
* Released under the Apache v2.0 License
*
* Portions Copyright (c) 2012-2015, Salient Federal Solutions
* Portions Copyright (c) 2008-2011, Science Applications International Corporation (SAIC)
* Released under Modified BSD License
*
* See license.txt for details
*
* Change Log:
* - Aug 25, 2014 - File created
* - Sep 1, 2016 - Updated Copyright and comments
*/
/**
* Represent a category interview question
*
* @author Ryan Prather
*/
class question {
/**
* The database ID of the question
*
* @var int
*/
public $id = 0;
/**
* The category ID of the question
*
* @var int
*/
public $cat = 0;
/**
* The unique key for the question
*
* @var string
*/
public $key = '';
/**
* The question
*
* @var string
*/
public $question = '';
/**
* The database ID of the answer
*
* @var int
*/
public $answer = 0;
/**
* Constructor
*/
public function __construct() {
}
}

87
classes/retina.inc Normal file
View File

@ -0,0 +1,87 @@
<?php
/**
* File: retina.inc
* Author: Ryan Prather
* Purpose: Represents a Retina scan
* Created: Sep 12, 2013
*
* Portions Copyright (c) 2012-2015, Salient Federal Solutions
* Portions Copyright (c) 2008-2011, Science Applications International Corporation (SAIC)
* Released under Modified BSD License
*
* See license.txt for details
*
* Change Log:
* - Sep 12, 2013 - File created
*/
/**
* Represents a Retina scan
*
* @author Ryan Prather
*
*/
class retina {
/**
* PDI ID
*
* @var integer
*/
protected $pdi_id = 0;
/**
* Retina ID
*
* @var string
*/
protected $retina_id = '';
/**
* Constructor
*
* @param integer $int_PDI_ID
* @param string $str_Retina_ID
*/
public function __construct($int_PDI_ID, $str_Retina_ID) {
$this->pdi_id = $int_PDI_ID;
$this->retina_id = $str_Retina_ID;
}
/**
* Getter function for PDI ID
*
* @return integer
*/
public function get_PDI_ID() {
return $this->pdi_id;
}
/**
* Setter function for PDI ID
*
* @param integer $int_PDI_ID
*/
public function set_PDI_ID($int_PDI_ID) {
$this->pdi_id = $int_PDI_ID;
}
/**
* Getter function for Retina ID
*
* @return string
*/
public function get_Retina_ID() {
return $this->retina_id;
}
/**
* Setter function for Retina ID
*
* @param string $str_Retina_ID
*/
public function set_Retina_ID($str_Retina_ID) {
$this->retina_id = $str_Retina_ID;
}
}

461
classes/rmf_control.inc Normal file
View File

@ -0,0 +1,461 @@
<?php
/**
* File: rmf_control.inc
* Author: Ryan Prather
* Purpose: Represent an NIST RMF IA control
* Created: Jan 28, 2015
*
* Portions Copyright 2016-2017: Cyber Perspectives, LLC, All rights reserved
* Released under the Apache v2.0 License
*
* Portions Copyright (c) 2012-2015, Salient Federal Solutions
* Portions Copyright (c) 2008-2011, Science Applications International Corporation (SAIC)
* Released under Modified BSD License
*
* See license.txt for details
*
* Change Log:
* - Jan 28, 2015 - File created
* - Sep 1, 2016 - Updated Copyright and added a few comments
*/
/**
* Represent the RMF control family
*
* @author Ryan Prather
*/
class rmf_family {
/**
* Family abbreviation
*
* @var string
*/
protected $abbr;
/**
* Family name
*
* @var string
*/
protected $name;
/**
* Constructor
*/
public function __construct() {
}
/**
* Getter function for the family abbreviation
*
* @return string
*/
public function get_Abbr() {
return $this->abbr;
}
/**
* Setter function for the family abbreviation
*
* @param string $abbr_in
*/
public function set_Abbr($abbr_in) {
$this->abbr = $abbr_in;
}
/**
* Getter function for the family name
*
* @return string
*/
public function get_Name() {
return $this->name;
}
/**
* Setter function for the family name
*
* @param string $name_in
*/
public function set_Name($name_in) {
$this->name = $name_in;
}
}
/**
* Represent the RMF control itself
*
* @author Ryan Prather
*
*/
class rmf_control {
/**
* Control family
*
* @var rmf_family
*/
public $family;
/**
* Control id
*
* @var string
*/
protected $control_id;
/**
* Control Name
*
* @var string
*/
protected $name;
/**
* Control priority (0-3)
*
* @var int
*/
protected $priority;
/**
* Control statement
*
* @var string
*/
protected $statement;
/**
* Control supplemental guidance
*
* @var string
*/
protected $guidance;
/**
* Which impact baseline this control applies to<br />
* When the object is created this will start out as an array with all elements being false
*
* @var array
*/
protected $baseline;
/**
* Other RMF controls that relate to this one
*
* @var array:string
*/
protected $related;
/**
* An array of enhancements to this control
*
* @var array:rmf_control_enhancements
*/
protected $enh_controls;
/**
* Constructor
*/
public function __construct() {
$this->family = new rmf_family();
$this->baseline = array("low" => false, "moderate" => false, "high" => false);
}
/**
* Getter function for the control id
*
* @return string
*/
public function get_Control_ID() {
return $this->control_id;
}
/**
* Setter function for the control id
*
* @param string $ctrl_id_in
*/
public function set_Control_ID($ctrl_id_in) {
$this->control_id = $ctrl_id_in;
}
/**
* Getter function for the control name
*
* @return string
*/
public function get_Name() {
return $this->name;
}
/**
* Setter function for the control name
*
* @param string $name_in
*/
public function set_Name($name_in) {
$this->name = $name_in;
}
/**
* Getter function for the control priority
*
* @return int
*/
public function get_Priority() {
return $this->priority;
}
/**
* Setter function for the control priority
*
* @param int $pri_in
*/
public function set_Priority($pri_in) {
$this->priority = $pri_in;
}
/**
* Getter function for the control statement
*
* @return string
*/
public function get_Statement() {
return $this->statement;
}
/**
* Setter function for the control statement
*
* @param string $statement_in
*/
public function set_Statement($statement_in) {
$this->statement = $statement_in;
}
/**
* Getter function for control guidance
*
* @return string
*/
public function get_Guidance() {
return $this->guidance;
}
/**
* Setter function for the control guidance
*
* @param string $guidance_in
*/
public function set_Guidance($guidance_in) {
$this->guidance = $guidance_in;
}
/**
* Function to set the usage for a particular baseline
*
* @param string $impact
* @param boolean $setting
*/
public function set_Baseline($impact, $setting) {
if (in_array($impact, array("low", "moderate", "high"))) {
$this->baseline[$impact] = $setting;
}
}
/**
* Function to return if a control is being used on a certain baseline
*
* @param string $impact
*
* @return boolean
*/
public function get_Baseline($impact) {
if (in_array($impact, array("low", "moderate", "high"))) {
return $this->baseline[$impact];
}
return false;
}
/**
* Function to get the worst baseline that is assigned to the control
*
* @return string|boolean
*/
public function get_Worst_Baseline() {
if ($this->baseline['high']) {
return "high";
}
elseif ($this->baseline['moderate']) {
return "moderate";
}
elseif ($this->baseline['low']) {
return "low";
}
return false;
}
/**
* Getter function for all the related controls
*
* @return array:string
*/
public function get_Related_Controls() {
return $this->related;
}
/**
* Functio to add a control as a related control to this control
*
* @param string $ctrl_id_in
*/
public function add_Related_Control($ctrl_id_in) {
if (!in_array($ctrl_id_in, $this->related)) {
$this->related[] = $ctrl_id_in;
}
}
/**
* Getter function to return all control enhancements
*
* @return array:rmf_control_enhancements
*/
public function get_Enhanced_Controls() {
return $this->enh_controls;
}
/**
* Function to add a control enhancement
*
* @param rmf_control_enhancements $enh_in
*/
public function add_Enhanced_Control($enh_in) {
if (!in_array($enh_id, $this->enh_controls)) {
$this->enh_controls[] = $enh_in;
}
}
}
/**
* Represents any control enhancements
*
* @author Ryan Prather
*/
class rmf_control_enhancements {
/**
* Enhanced control ID
*
* @var string
*/
protected $enh_id;
/**
* Enhanced control name
*
* @var string
*/
protected $name;
/**
* Enhanced control statements
*
* @var string
*/
protected $statement;
/**
* Enhanced control guidance
*
* @var string
*/
protected $guidance;
/**
* Constructor
*/
public function __construct() {
}
/**
* Getter function for the enhanced control ID
*
* @return string
*/
public function get_Enhanced_ID() {
return $this->enh_id;
}
/**
* Setter function for the enhanced control ID
*
* @param string $enh_id_in
*/
public function set_Enhanced_ID($enh_id_in) {
$this->enh_id = $enh_id_in;
}
/**
* Getter function for the enhanced control name
*
* @return string
*/
public function get_Name() {
return $this->name;
}
/**
* Setter function for the enhanced control name
*
* @param string $name_in
*/
public function set_Name($name_in) {
$this->name = $name_in;
}
/**
* Getter function for enhanced control statements
*
* @return string
*/
public function get_Statement() {
return $this->statement;
}
/**
* Setter function for enhanced control statements
*
* @param string $statement_in
*/
public function set_Statement($statement_in) {
$this->statement = $statement_in;
}
/**
* Getter function for enhanced control guidance
*
* @return string
*/
public function get_Guidance() {
return $this->guidance;
}
/**
* Setter function for enhanced control guidance
*
* @param string $guidance_in
*/
public function set_Guidance($guidance_in) {
$this->guidance = $guidance_in;
}
}

612
classes/scan.inc Normal file
View File

@ -0,0 +1,612 @@
<?php
/**
* File: scan.inc
* Author: Ryan Prather
* Purpose: Represents an imported scan
* Created: Sep 12, 2013
*
* Portions Copyright 2016-2017: Cyber Perspectives, LLC, All rights reserved
* Released under the Apache v2.0 License
*
* Portions Copyright (c) 2012-2015, Salient Federal Solutions
* Portions Copyright (c) 2008-2011, Science Applications International Corporation (SAIC)
* Released under Modified BSD License
*
* See license.txt for details
*
* Change Log:
* - Sep 12, 2013 - File created
* - Sep 1, 2016 - Updated Copyright and Merge result_script & scan classes
* - Oct 24, 2016 - Updated function headers and format
* - Nov 7, 2016 - Make sure get_Total_Host_Count() returns an integer
* - Apr 5, 2017 - Formatting
* - Jan 16, 2018 - Updated to use host_list class
*/
define("IN_QUEUE", "IN QUEUE");
define("RUNNING", "RUNNING");
define("COMPLETE", "COMPLETE");
define("ERROR", "ERROR");
define("TERMINIATED", "TERMINATED");
require_once 'host_list.inc';
/**
* Represents an imported scan
*
* @author Ryan Prather
*/
class scan
{
/**
* Scan ID
*
* @var integer
*/
protected $id = 0;
/**
* Source
*
* @var source
*/
protected $src = null;
/**
* ST&E
*
* @var ste
*/
protected $ste = null;
/**
* Interation (in case the same scan is imported multiple times)
*
* @var integer
*/
protected $itr = 0;
/**
* File name of the imported file
*
* @var string
*/
protected $file_name = '';
/**
* File date of the imported file (for configuration management)
*
* @var string
*/
protected $file_date = '';
/**
* Array of hosts
*
* @var array
*/
protected $host_list = array();
/**
* Scan notes
*
* @var string
*/
protected $notes = '';
/**
* Process ID (PID) of the executing script
*
* @var integer
*/
protected $pid = 0;
/**
* Enum defining the type of script
*
* @var file_types
*/
protected $type = null;
/**
* Date/time the script started
*
* @var DateTime
*/
protected $start_time = null;
/**
* Date/time the script was updated
*
* @var DateTime
*/
protected $last_update = null;
/**
* Enum script status
*
* @var string
*/
protected $status = 0;
/**
* Percentage of completion
*
* @var float
*/
protected $perc_comp = 0.0;
/**
* The last host that was imported
*
* @var string
*/
protected $last_host = '';
/**
* Number of hosts that have been completely imported
*
* @var integer
*/
protected $host_complete_count = 0;
/**
* Number of hosts in the result file
*
* @var integer
*/
protected $host_count = 0;
/**
* Variable to store if there is an error in a given scan
*
* @var boolean
*/
protected $scanner_error = false;
/**
* Constructor
*
* @param integer $int_ID
* @param source $src_in
* @param ste $ste_in
* @param integer $int_Itr
* @param string $str_File_Name
* @param string $str_File_Date
*/
public function __construct($int_ID, $src_in, $ste_in, $int_Itr, $str_File_Name, $str_File_Date)
{
$this->id = $int_ID;
$this->src = $src_in;
$this->ste = $ste_in;
$this->itr = $int_Itr;
$this->file_date = $str_File_Date;
$this->file_name = $str_File_Name;
}
/**
* Getter function for Id
*
* @return integer
*/
public function get_ID()
{
return $this->id;
}
/**
* Setter function for the scan ID
*
* @param integer $int_ID
*/
public function set_ID($int_ID)
{
$this->id = $int_ID;
}
/**
* Getter function for source
*
* @return source
*/
public function get_Source()
{
return $this->src;
}
/**
* Getter function for STE
*
* @return ste
*/
public function get_STE()
{
return $this->ste;
}
/**
* Getter function for iteration
*
* @return integer
*/
public function get_Itr()
{
return $this->itr;
}
/**
* Setter function to increase the iteration for this scan
*/
public function inc_Itr()
{
$this->itr++;
}
/**
* Getter function for file name
*
* @return string
*/
public function get_File_Name()
{
return $this->file_name;
}
/**
* Getter function for file date
*
* @return string
*/
public function get_File_Date()
{
return $this->file_date;
}
/**
* Getter function for file date in DateTime
*
* @return DateTime
*/
public function get_File_DateTime()
{
return new DateTime($this->file_date);
}
/**
* Setter function for file date
*
* @param string|DateTime $dt_in
*/
public function set_File_DateTime($dt_in)
{
if (is_string($dt_in)) {
$this->file_date = $dt_in;
}
else {
$this->file_date = $dt_in->format("Y-m-d H:i:s");
}
}
/**
* Getter method for scanner error
*
* @return bool
*/
public function isScanError()
{
return $this->scanner_error;
}
/**
* Setter method for scanner error
*
* @param bool $scanError
*/
public function setScanError(bool $scanError)
{
$this->scanner_error = $scanError;
}
/**
* Function to add a target and finding count to the host list
*
* @param host_list $hl
*/
public function add_Target_to_Host_List($hl)
{
$this->host_list[$hl->getTargetId()] = $hl;
}
/**
* Function to replace the host list array
*
* @param host_list:array $host_list_in
*/
public function add_Target_Array_to_Host_List($host_list_in)
{
$this->host_list = $host_list_in;
}
/**
* Getter function for host list array
*
* @return array
*/
public function get_Host_List()
{
return $this->host_list;
}
/**
* Getter function for scan notes
*
* @return string
*/
public function get_Notes()
{
return $this->notes;
}
/**
* Setter function for scan notes
*
* @param string $notes_in
*/
public function set_Notes($notes_in)
{
$this->notes = $notes_in;
}
/**
* Getter function to retrieve number of hosts in the host list array
*
* @return integer
*/
public function get_Host_List_Count()
{
return count($this->host_list);
}
/**
* Getter function for pre-formatted host list table row
*
* @return string
*/
public function get_Host_List_Table()
{
$ret = '';
$count = 0;
$findings = 0;
foreach ($this->host_list as $host) {
$count++;
$findings += $host->getFindingCount();
$ret .= "<tr>" .
"<td>{$count}</td>" .
"<td>{$host->getTargetName()}</td>" .
"<td>{$host->getFindingCount()}</td>" .
"<td>{$host->getTargetIp()}</td>" .
"<td>" . ($host->getScanError() ? "<img src='/img/error.png' class='checklist_image' title='{$host->getScanError()}' />" : "") . "</td>" .
"</tr>";
}
return [
$findings,
$ret
];
}
/**
* Getter function for the process ID
*
* @return int
*/
public function get_PID()
{
return ($this->pid ? $this->pid : 0);
}
/**
* Setter function for the process ID
*
* @param int $pid_in
*/
public function set_PID($pid_in)
{
$this->pid = $pid_in;
}
/**
* Getter function for the scan type
*
* @return file_types
*/
public function get_Type()
{
return $this->type;
}
/**
* Setter function for the scan type
*
* @param file_types $type_in
*/
public function set_Type($type_in)
{
$this->type = $type_in;
}
/**
* Getter function for the start date/time of the script
*
* @return DateTime
*/
public function get_Start_Time()
{
if (!is_a($this->start_time, "DateTime")) {
return new DateTime();
}
return $this->start_time;
}
/**
* Setter function for the start date/time of the script
*
* @param DateTime $start_time_in
*/
public function set_Start_Time($start_time_in)
{
if (is_a($start_time_in, "DateTime")) {
$this->start_time = $start_time_in;
}
else {
$this->start_time = new DateTime($start_time_in);
}
}
/**
* Getter function for the last update of the script
*
* @return DateTime
*/
public function get_Last_Update()
{
if (!is_a($this->last_update, "DateTime")) {
return new DateTime();
}
return $this->last_update;
}
/**
* Setter function for the last update DateTime the script was updated
*
* @param DateTime $last_update_in
*/
public function set_Last_Update($last_update_in)
{
if (is_a($last_update_in, "DateTime")) {
$this->last_update = $last_update_in;
}
else {
$this->last_update = new DateTime($last_update_in);
}
}
/**
* Getter function for the script status
*
* @return string
*/
public function get_Status()
{
return $this->status;
}
/**
* Setter function for the script status
*
* @param string $status_in
*/
public function set_Status($status_in)
{
$this->status = $status_in;
}
/**
* Getter function for the percentage the script has completed
*
* @return float
*/
public function get_Percentage_Complete()
{
return number_format($this->perc_comp, 2);
}
/**
* Setter function for the percentage the script has completed
*
* @param float $perc_comp_in
*/
public function set_Percentage_Complete($perc_comp_in)
{
$this->perc_comp = $perc_comp_in;
}
/**
* Getter function for the last host the scan completed parsing
*
* @return string
*/
public function get_Last_Host()
{
return $this->last_host;
}
/**
* Setter function for the last host that the scan completed
*
* @param string $last_host_in
*/
public function set_Last_Host($last_host_in)
{
$this->last_host = $last_host_in;
}
/**
* Getter function for the number of hosts complete
*
* @return int
*/
public function get_Host_Complete_Count()
{
return $this->host_complete_count;
}
/**
* Increment the number of hosts complete
*/
public function inc_Host_Complete_Count()
{
$this->host_complete_count++;
}
/**
* Getter function for the number of hosts in the scan file
*
* @return int
*/
public function get_Total_Host_Count()
{
return ($this->host_count ? $this->host_count : 0);
}
/**
* Setter function for the total host in the scan file
*
* @param int $total_host_count_in
*/
public function set_Total_Host_Count($total_host_count_in)
{
$this->host_count = $total_host_count_in;
}
/**
* Function to return string of the td row for the upload progress page
*
* @return string
*/
public function get_Task_Row()
{
$ret = "<tr id='" . str_replace([" ", "(", ")"], ["_", "", ""], $this->file_name) . "'>" .
"<td>{$this->src->get_Name()}</td>" .
"<td>{$this->file_name}</td>" .
"<td>{$this->start_time->format("H:i:s")}</td>" .
"<td>{$this->last_update->format("H:i:s")}</td>" .
"<td>{$this->status}</td>" .
"<td><progress max='100' value='{$this->perc_comp}' data-value='{$this->perc_comp}'></progress></td>" .
"<td></td>" .
"</tr>";
return $ret;
}
}

275
classes/script.inc Normal file
View File

@ -0,0 +1,275 @@
<?php
/**
* File: script.inc
* Author: Ryan Prather
* Purpose: To instantiate a script object that can run on the system
* Created: Sep 27, 2013
*
* Portions Copyright 2016-2017: Cyber Perspectives, LLC, All rights reserved
* Released under the Apache v2.0 License
*
* Portions Copyright (c) 2012-2015, Salient Federal Solutions
* Portions Copyright (c) 2008-2011, Science Applications International Corporation (SAIC)
* Released under Modified BSD License
*
* See license.txt for details
*
* Change Log:
* - Sep 27, 2013 - File created
* - Sep 1, 2016 - Updated Copyright and removed result_script and script_type classes due to merger with scan class
*/
/**
*
* @author Ryan Prather
*
*/
class script {
/**
* ID
*
* @var integer
*/
protected $id = 0;
/**
* Script name
*
* @var string
*/
protected $name = '';
/**
* Script file name
*
* @var string
*/
protected $file_name = '';
/**
* Script arguments
*
* @var array:string
*/
protected $args = array();
/**
* Last update
*
* @var DateTime
*/
protected $updated;
/**
* Script path
*
* @var string
*/
protected $path = '';
/**
* Script version
*
* @var string
*/
protected $version = '';
/**
* Call back function
*
* @var string
*/
protected $function = '';
/**
* Script type
*
* @var string
*/
protected $type = '';
/**
* Constructor
*
* @param integer $int_ID
* @param string $str_Name
* @param string $str_File_Name
* @param string $str_Args
* @param string $dt_Updated
* @param string $str_Path
* @param string $str_Version
* @param string $str_Function
* @param string $str_Type
*/
public function __construct($int_ID, $str_Name, $str_File_Name, $str_Args, $dt_Updated, $str_Path, $str_Version, $str_Function, $str_Type) {
$this->id = $int_ID;
$this->name = $str_Name;
$this->file_name = $str_File_Name;
$this->args = unserialize($str_Args);
$this->updated = new DateTime($dt_Updated);
$this->path = $str_Path;
$this->version = $str_Version;
$this->function = $str_Function;
$this->type = $str_Type;
}
/**
* Getter function for ID
*
* @return integer
*/
public function get_ID() {
return $this->id;
}
/**
* Getter function for name
*
* @return string
*/
public function get_Name() {
return $this->name;
}
/**
* Getter function for file name
*
* @return string
*/
public function get_File_Name() {
return $this->file_name;
}
/**
* Getter function for script arguments
*
* @return multitype:string
*/
public function get_Args() {
return $this->args;
}
/**
* Getter function for update
*
* @return DateTime
*/
public function get_Update() {
return $this->updated;
}
/**
* Getter function for path
*
* @return string
*/
public function get_Path() {
return $this->path;
}
/**
* Getter function for script version
*
* @return string
*/
public function get_Version() {
return $this->version;
}
/**
* Getter function for callback function
*
* @return string
*/
public function get_Function() {
return $this->function;
}
/**
* Getter function for script type
*
* @return string
*/
public function get_Type() {
return $this->type;
}
/**
* Getter function for preformated &lt;option&gt; tag
*
* @param boolean $selected_script
* @return string
*/
public function get_Option($selected_script = null) {
return "<option value='$this->id' " . ($selected_script == $this->id ? 'selected' : '') .
">$this->name</option>";
}
}
/**
* Class to define a catalog parsing script
*
* @author Ryan Prather
*/
class catalog_script {
/**
* The file name that the script is parsing
*
* @var string
*/
public $file_name = '';
/**
* The process ID of the script that is running
*
* @var integer
*/
public $pid = 0;
/**
* The time the script started
*
* @var string
*/
public $start_time = '';
/**
* The time the script was last updated
*
* @var string
*/
public $last_update = '';
/**
* The status of the script
*
* @var integer
*/
public $status = 0;
/**
* The percentage that the script has completed
*
* @var float
*/
public $perc_comp = 0.0;
/**
* The number of STIGs in the catalog file
*
* @var integer
*/
public $stig_count = 0;
/**
* Constructor
*/
public function __construct() {
}
}

319
classes/sites.inc Normal file
View File

@ -0,0 +1,319 @@
<?php
/**
* File: sites.inc
* Author: Ryan Prather
* Purpose: This file will instantiate a site object
* Created: Sep 16, 2013
*
* Portions Copyright 2016-2017: Cyber Perspectives, LLC, All rights reserved
* Released under the Apache v2.0 License
*
* Portions Copyright (c) 2012-2015, Salient Federal Solutions
* Portions Copyright (c) 2008-2011, Science Applications International Corporation (SAIC)
* Released under Modified BSD License
*
* See license.txt for details
*
* Change Log:
* - Sep 16, 2013 - File created
* - Sep 1, 2016 - Updated Copyright and added comments
*/
/**
* Represents a physical site location where the ST&E is taking place
*
* @author Ryan Prather
*
*/
class site {
/**
* Site ID
*
* @var integer
*/
protected $id = 0;
/**
* Site Name
*
* @var string
*/
protected $name = '';
/**
* Site address
*
* @var string
*/
protected $add = '';
/**
* Site city
*
* @var string
*/
protected $city = '';
/**
* Site state
*
* @var string
*/
protected $state = '';
/**
* Site zip
*
* @var string
*/
protected $zip = '';
/**
* Site country
*
* @var string
*/
protected $country = '';
/**
* Site POC Name
*
* @var string
*/
protected $poc_name = '';
/**
* Site POC E-mail
*
* @var string
*/
protected $poc_email = '';
/**
* Site POC Phone
*
* @var string
*/
protected $poc_phone = '';
/**
* Constructor
*
* @param int $intId
* @param string $strName
* @param string $strAdd
* @param string $strCity
* @param string $strState
* @param string $strZip
* @param string $strCountry
* @param string $strPOC_Name
* @param string $strPOC_Email
* @param string $strPOC_Phone
*/
public function __construct($intId, $strName, $strAdd, $strCity, $strState, $strZip, $strCountry, $strPOC_Name, $strPOC_Email, $strPOC_Phone) {
$this->id = $intId;
$this->name = $strName;
$this->add = $strAdd;
$this->city = $strCity;
$this->state = $strState;
$this->zip = $strZip;
$this->country = $strCountry;
$this->poc_email = $strPOC_Email;
$this->poc_name = $strPOC_Name;
$this->poc_phone = $strPOC_Phone;
}
/**
* Getter function for the site id
*
* @return integer
*/
public function get_Id() {
return $this->id;
}
/**
* Setter function for site ID
*
* @param integer $id_in
*/
public function set_ID($id_in) {
$this->id = $id_in;
}
/**
* Getter function for the site name
*
* @return string
*/
public function get_Name() {
return $this->name;
}
/**
* Setter function for the site name
*
* @param string $str_Name
*/
public function set_Name($str_Name) {
$this->name = $str_Name;
}
/**
* Getter function for the site address
*
* @return string
*/
public function get_Address() {
return $this->add;
}
/**
* Setter function for the site address
*
* @param string $str_Address
*/
public function set_Address($str_Address) {
$this->add = $str_Address;
}
/**
* Getter function for the site city
*
* @return string
*/
public function get_City() {
return $this->city;
}
/**
* Setter function for the site city
*
* @param string $str_City
*/
public function set_City($str_City) {
$this->city = $str_City;
}
/**
* Getter function for the site state
*
* @return string
*/
public function get_State() {
return $this->state;
}
/**
* Setter function for the site state
*
* @param string $str_State
*/
public function set_State($str_State) {
$this->state = $str_State;
}
/**
* Getter function for the site zip
*
* @return string
*/
public function get_Zip() {
return $this->zip;
}
/**
* Setter function for the site zip
*
* @param string $str_Zip
*/
public function set_Zip($str_Zip) {
$this->zip = $str_Zip;
}
/**
* Getter function for the site country
*
* @return string
*/
public function get_Country() {
return $this->country;
}
/**
* Setter function for the site country
*
* @param string $str_Country
*/
public function set_Country($str_Country) {
$this->country = $str_Country;
}
/**
* Getter function for the POC E-mail
*
* @return string
*/
public function get_POC_Email() {
return $this->poc_email;
}
/**
* Setter function for the POC Email
*
* @param string $str_POC_Email
*/
public function set_POC_Email($str_POC_Email) {
$this->poc_email = $str_POC_Email;
}
/**
* Getter function for the POC Name
*
* @return string
*/
public function get_POC_Name() {
return $this->poc_name;
}
/**
* Setter for the POC Name
*
* @param string $str_POC_Name
*/
public function set_POC_Name($str_POC_Name) {
$this->poc_name = $str_POC_Name;
}
/**
* Getter for the POC Phone
*
* @return string
*/
public function get_POC_Phone() {
return $this->poc_phone;
}
/**
* Setter for the POC Phone
*
* @param string $str_POC_Phone
*/
public function set_POC_Phone($str_POC_Phone) {
$this->poc_phone = $str_POC_Phone;
}
/**
* Getter function for preformated &lt;option&gt; tag
*
* @param boolean $selectedSite
* @return string
*/
public function get_Option($selectedSite = null) {
return "<option value='" . $this->id . "'" . ($selectedSite ? " selected" : "") .
">" . $this->name . "</option>";
}
}

707
classes/software.inc Normal file
View File

@ -0,0 +1,707 @@
<?php
/**
* File: software.inc
* Author: Ryan Prather
* Purpose: Represents a software package that can be installed on target
* Created: Sep 12, 2013
*
* Portions Copyright 2016-2017: Cyber Perspectives, LLC, All rights reserved
* Released under the Apache v2.0 License
*
* Portions Copyright (c) 2012-2015, Salient Federal Solutions
* Portions Copyright (c) 2008-2011, Science Applications International Corporation (SAIC)
* Released under Modified BSD License
*
* See license.txt for details
*
* Change Log:
* - Sep 12, 2013 - File created
* - Sep 1, 2016 - Updated Copyright, added a few comments, and refined the reduce_CPE functionality
* - Oct 24, 2016 - Update identify_Software function replaced $chk_id with $sw_in
* - Nov 7, 2016 - Removed a couple print statements
* - Nov 9, 2016 - Formatting, added get_Reduce_Count function,
* Added check in identify_Software to see if $sw_in is a CPE already
* - Dec 12, 2016 - Added software reduction if version contains '-'
* - Mar 3, 2017 - Bug fixes to reduce_CPE method
*/
/**
* Represents a software package that can be installed on a target
*
* @author Ryan Prather
*
*/
class software {
/**
* Software ID
*
* @var integer
*/
public $id = 0;
/**
* Software manufacturer
*
* @var string
*/
public $man = '';
/**
* Software name
*
* @var string
*/
public $name = '';
/**
* Software version
*
* @var string
*/
public $ver = '';
/**
* Software build string
*
* @var string
*/
public $build = '';
/**
* Software build date
*
* @var DateTime
*/
public $date;
/**
* Software architecture
*
* @var string
* x86, x64, ia64
*/
private $arch = '';
/**
* Manual
*
* @var boolean
*/
public $manual = false;
/**
* Is this software an operating system
*
* @var boolean
*/
public $os = false;
/**
* Software service pack
*
* @var string
*/
public $sp = '';
/**
* CPE string
*
* @var string
*/
private $cpe = '';
/**
* CPE v2.3 string
*
* @var string
*/
private $cpe23 = '';
/**
* The software string
*
* @var string
*/
private $sw_string = '';
/**
* Shortened software string
*
* @var string
*/
private $short_sw_string = '';
/**
* Variable to know how many times this software has been reduced
*
* @var int
*/
private $reduce_count = 0;
/**
* Constructor
*
* @param string $cpe
* @param string $cpe23
*/
public function __construct($cpe, $cpe23) {
$this->cpe = $cpe;
$this->cpe23 = $cpe23;
if (!empty($this->cpe23)) {
$arr = explode(":", $this->cpe23);
$this->os = ($arr[2] == 'o' ? true : false);
$this->man = (isset($arr[3]) ? ucwords(str_replace("_", " ", $arr[3])) : "*");
$this->name = (isset($arr[4]) ? ucwords(str_replace("_", " ", $arr[4])) : "*");
$this->ver = (isset($arr[5]) ? ucwords(str_replace("_", " ", $arr[5])) : "-");
$this->sp = (isset($arr[6]) ? ucwords(str_replace("_", " ", $arr[6])) : "");
}
if (!empty($this->cpe)) {
$arr = explode(":", $this->cpe);
if (empty($cpe23)) {
$this->os = ($arr[1] == '/o' ? true : false);
$this->man = (isset($arr[2]) ? ucwords(str_replace("_", " ", $arr[2])) : "*");
$this->name = (isset($arr[3]) ? ucwords(str_replace("_", " ", $arr[3])) : "*");
$this->ver = (isset($arr[4]) ? ucwords(str_replace("_", " ", $arr[4])) : "-");
$this->sp = (isset($arr[5]) ? ucwords(str_replace("_", " ", $arr[5])) : "");
$this->cpe23 = "cpe:2.3:" .
($arr[1] == '/o' ? 'o' : 'a') . ":" .
$this->man . ":" .
$this->name . ":" .
$this->ver . ":" .
(!empty($this->sp) ? $this->sp : "*") . ":*:*:*:*:*:*";
$this->cpe23 = strtolower(str_replace(" ", "_", $this->cpe23));
}
}
$this->reduce_count = 0;
}
/**
* Getter function for Software ID
*
* @return integer
*/
public function get_ID() {
return $this->id;
}
/**
* Setter function for Software ID
*
* @param integer $sw_id_in
* Value to set the ID to
*/
public function set_ID($sw_id_in) {
$this->id = $sw_id_in;
}
/**
* Getter function for manufacturer
*
* @return string
*/
public function get_Man() {
return $this->man;
}
/**
* Setter function for manufacturer
*
* @param string $str_Man
*/
public function set_Man($str_Man) {
$this->man = $str_Man;
}
/**
* Getter function for name
*
* @return string
*/
public function get_Name() {
return $this->name;
}
/**
* Setter function for name
*
* @param string $str_Name
*/
public function set_Name($str_Name) {
$this->name = $str_Name;
}
/**
* Getter function for version
*
* @return string
*/
public function get_Version() {
return $this->ver;
}
/**
* Setter function for version
*
* @param string $str_Version
*/
public function set_Version($str_Version) {
$this->ver = $str_Version;
}
/**
* Getter function for build string
*
* @return string
*/
public function get_Build() {
return $this->build;
}
/**
* Setter function for build string
*
* @param string $str_Build
*/
public function set_Build($str_Build) {
$this->build = $str_Build;
}
/**
* Getter funciton for build date
*
* @return DateTime
*/
public function get_Build_Date() {
return $this->date;
}
/**
* Setter function for build date
*
* @param string $dt_Build_Date
*/
public function set_Build_Date($dt_Build_Date) {
$this->date = new DateTime($dt_Build_Date);
}
/**
* Getter function for manual
*
* @return boolean
*/
public function is_Manual() {
return $this->manual;
}
/**
* Setter function for manual
*
* @param boolean $bln_Manual
*/
public function set_Manual($bln_Manual) {
$this->manual = $bln_Manual;
}
/**
* Getter function for operation system
*
* @return boolean
*/
public function is_OS() {
return $this->os;
}
/**
* Setter function for operating system
*
* @param boolean $bln_OS
*/
public function set_OS($bln_OS) {
$this->os = $bln_OS;
}
/**
* Getter function for service pack
*
* @return string
*/
public function get_SP() {
return $this->sp;
}
/**
* Setter fucntion for service pack
*
* @param string $str_SP
*/
public function set_SP($str_SP) {
$this->sp = $str_SP;
}
/**
* Getter function for software string
*
* @return string
*/
public function get_SW_String() {
return $this->sw_string;
}
/**
* Setter function for software string
*
* @param string $sw_string_in
*/
public function set_SW_String($sw_string_in) {
$this->sw_string = $sw_string_in;
}
/**
* To get the shortened software string
*
* @return string
*/
public function get_Shortened_SW_String() {
return $this->short_sw_string;
}
/**
* To set the shortened software string
*
* @param string $sw_string_in
*/
public function set_Shortened_SW_String($sw_string_in) {
$this->short_sw_string = $sw_string_in;
}
/**
* Getter function for the CPE string
*
* @return string
*/
public function get_CPE($refresh = false) {
if ($refresh) {
$cpe = "cpe:" .
($this->os ? "/o" : "/a") . ":" .
(isset($this->man) ? $this->man : "*") . ":" .
(isset($this->name) ? $this->name : "*") . ":" .
(isset($this->ver) ? $this->ver : "") .
(!empty($this->sp) ? ":" . $this->sp : "");
$this->cpe = strtolower(str_replace(" ", "_", $cpe));
$cpe23 = "cpe:2.3:" .
($this->os ? "o" : "a") . ":" .
(isset($this->man) ? $this->man : "*") . ":" .
(isset($this->name) ? $this->name : "*") . ":" .
(isset($this->ver) ? $this->ver : "-") .
(!empty($this->sp) ? ":" . $this->sp : "") . ":*:*:*:*:*:*";
$this->cpe23 = strtolower(str_replace(" ", "_", $cpe23));
}
return $this->cpe;
}
/**
* Setter function for the CPE string
*
* @param string $cpe_in
*/
public function set_CPE($cpe_in) {
$this->cpe = $cpe_in;
}
/**
* Getter function for the CPE v2.3 string
*
* @return string
*/
public function get_CPE23() {
return $this->cpe23;
}
/**
* Setter function for the CPE v2.3 string
*
* @param string $cpe23_in
*/
public function set_CPE23($cpe23_in) {
$this->cpe23 = $cpe23_in;
}
/**
* Getter function for the software architecture
*
* @return string
*/
public function get_Arch() {
return $this->arch;
}
/**
* Setter function for the software architecture
*
* @param string $arch_in
*/
public function set_Arch($arch_in) {
$this->arch = $arch_in;
}
/**
* Getter function for the reducing count
*/
public function get_Reduce_Count() {
return $this->reduce_count;
}
/**
* Getter function for preformated option tag
*
* @return string
*/
public function print_Option() {
return "<option value='" . $this->id . "' " .
"title='$this->sw_string' " .
">$this->sw_string</option>";
}
/**
* Function to take the CPE from specific to generic
*
* @return boolean
*/
public function reduce_CPE() {
switch ($this->reduce_count) {
case 0:
// this is to reduce the CPE for Cisco
if (($pos = strpos($this->ver, "%")) !== false) {
$this->ver = substr($this->ver, 0, $pos);
}
break;
case 1:
// this simply allows the removal of the SP/update
if (!is_null($this->sp)) {
$this->sp = null;
break;
}
if (($pos = strpos($this->ver, '-')) !== false) {
$this->ver = substr($this->ver, 0, ($pos > 0 ? $pos : $pos + 1));
}
break;
case 2:
// this reduces the version to remove any . so that 11.2 becomes 11
if (($pos = strpos($this->ver, ".")) !== false) {
$this->ver = substr($this->ver, 0, ($pos > 0 ? $pos : $pos + 1));
}
break;
case 3:
// this removes the version since the SP is already null
$this->ver = null;
break;
}
$this->cpe = (substr($this->get_CPE(true), -1) == '-' ? substr($this->get_CPE(true), 0, -1) : $this->get_CPE(true));
$this->reduce_count++;
return (is_null($this->sp) && is_null($this->ver) ? true : false);
}
/**
* Function to return the software object for this CPE string
*
* @param array $sw_in
*
* @return array:software
*/
public static function toSoftwareFromArray($sw_in) {
$sw = array();
foreach ($sw_in as $s) {
$cpe_str = "cpe:" .
($s['type'] ? "/o" : "/a") . ":" .
(isset($s['man']) ? $s['man'] : "*") . ":" .
(isset($s['name']) ? $s['name'] : "*") . ":" .
(isset($s['ver']) ? $s['ver'] : "-") .
(isset($s['sp']) && !empty($s['sp']) ? ":" . $s['sp'] : "");
$cpe_str = strtolower(
str_replace(
array(" ", "(", ")"), array("_", "%28", "%29"), $cpe_str
)
);
$sw[] = new software($cpe_str, null);
}
return $sw;
}
/**
* Function to attempt to identify the software
*
* @param array $regex_arr
* Array of regular expressions to evaluate the software against
* @param string $sw_in
* The string software to evaluate
* @param boolean $return_obj [optional]
* Boolean to decide if we are returning a software object instead of an array
*
* @return array
*/
public static function identify_Software($regex_arr, $sw_in, $return_obj = false) {
$looking = true;
$match = array();
$ret = array();
$start = $sw = array(
'man' => null,
'name' => null,
'ver' => null,
'type' => false,
'sp' => null,
'build' => null
);
if (substr($sw_in, 0, 7) == 'cpe:2.3') {
return new software(null, $sw_in);
}
elseif (substr($sw_in, 0, 3) == 'cpe') {
return new software($sw_in, null);
}
else {
$end = end($regex_arr);
while ($looking) {
foreach ($regex_arr as $regex) {
if (preg_match("/{$regex['rgx']}/i", $sw_in)) {
$sw['man'] = $regex['man'];
$start['man'] = $regex['man'];
foreach ($regex['name'] as $regex2) {
if ($regex2['name_match'] || $regex2['ver_match'] || $regex2['update_match']) {
if (preg_match("/{$regex2['rgx']}/i", $sw_in, $match)) {
$sw['name'] = $regex2['name'];
if (!empty($regex2['man_override'])) {
$sw['man'] = $regex2['man_override'];
}
if ($regex2['name_match']) {
foreach (explode(",", $regex2['name_match']) as $idx) {
if (isset($match[$idx])) {
$sw['name'] .= " " . $match[$idx];
}
}
}
if ($regex2['ver_match']) {
foreach (explode(",", $regex2['ver_match']) as $idx) {
if (isset($match[$idx])) {
$sw['ver'] .= $match[$idx] . " ";
}
}
$sw['ver'] = str_replace("_", ".", trim($sw['ver']));
if ($sw['man'] == 'Oracle' && $sw['name'] == 'JRE') {
$sw['ver'] = "1.{$sw['ver']}.0";
}
elseif (substr($sw['ver'], -1) == '.') {
$sw['ver'] = substr($sw['ver'], 0, -1);
}
}
if (empty($sw['ver'])) {
if (!empty($regex2['ver'])) {
$sw['ver'] = $regex2['ver'];
}
else {
$sw['ver'] = "-";
}
}
if ($regex2['update_match']) {
foreach (explode(",", $regex2['update_match']) as $idx) {
if (isset($match[$idx]) && !empty($match[$idx])) {
if (preg_match("/service pack [\d]+/i", $match[$idx])) {
$sw['sp'] .= preg_replace("/service pack ([\d]+)/i", "sp$1", $match[$idx]) . " ";
}
elseif ($sw['man'] == 'Oracle' && $sw['name'] == 'JRE') {
$sw['sp'] .= "update_" . $match[$idx];
}
else {
$sw['sp'] .= $match[$idx] . " ";
}
}
}
$sw['sp'] = trim($sw['sp']);
if (substr($sw['sp'], -1) == '.') {
$sw['sp'] = substr($sw['sp'], 0, -1);
}
}
else {
$sw['sp'] = null;
}
$sw['type'] = $regex2['is_os'];
$ret[] = $sw;
if (!$regex2['multiple'])
break;
$sw = $start;
}
}
else {
if (preg_match("/{$regex2['rgx']}/i", $sw_in)) {
$sw['name'] = $regex2['name'];
if (!empty($regex2['man_override'])) {
$sw['man'] = $regex2['man_override'];
}
if (!empty($regex2['ver'])) {
$sw['ver'] = $regex2['ver'];
}
else {
$sw['ver'] = "-";
}
$sw['type'] = $regex2['is_os'];
$ret[] = $sw;
if (!$regex2['multiple'])
break;
$sw = $start;
}
}
}
$looking = false;
break;
}
if ($regex == $end) {
$looking = false;
break;
}
}
}
}
if ($return_obj) {
$ret = software::toSoftwareFromArray($ret);
}
return $ret;
}
}

109
classes/sources.inc Normal file
View File

@ -0,0 +1,109 @@
<?php
/**
* File: sources.inc
* Author: Ryan Prather
* Purpose: Represents a scan source
* Created: Sep 12, 2013
*
* Portions Copyright 2016-2017: Cyber Perspectives, LLC, All rights reserved
* Released under the Apache v2.0 License
*
* Portions Copyright (c) 2012-2015, Salient Federal Solutions
* Portions Copyright (c) 2008-2011, Science Applications International Corporation (SAIC)
* Released under Modified BSD License
*
* See license.txt for details
*
* Change Log:
* - Sep 12, 2013 - File created
* - Sep 25, 2013 - added functions to access scan database items
* - Sep 1, 2016 - Updated Copyright and added functionality for an icon for the source
*/
/**
* Represents a scan source
*
* @author Ryan Prather
*
*/
class source {
/**
* Source Id
*
* @var integer
*/
protected $id = 0;
/**
* Source name
*
* @var string
*/
protected $name = '';
/**
* Source icon
*
* @var string
*/
protected $icon = '';
/**
* Constructor
*
* @param integer $int_ID
* @param string $str_Name
*/
public function __construct($int_ID, $str_Name) {
$this->id = $int_ID;
$this->name = $str_Name;
}
/**
* Getter function for source ID
*
* @return integer
*/
public function get_ID() {
return $this->id;
}
/**
* Getter function for source name
*
* @return string
*/
public function get_Name() {
return $this->name;
}
/**
* Settr function for source name
*
* @param string $str_Name
*/
public function set_Name($str_Name) {
$this->name = $str_Name;
}
/**
* Getter function for source icon
*
* @return string
*/
public function get_Icon() {
return $this->icon;
}
/**
* Setter function for source icon
*
* @param string $icon_in
*/
public function set_Icon($icon_in) {
$this->icon = $icon_in;
}
}

432
classes/ste.inc Normal file
View File

@ -0,0 +1,432 @@
<?php
/**
* File: ste.inc
* Author: Ryan Prather
* Purpose: Represents an ST&E
* Created: Sep 12, 2013
*
* Portions Copyright 2016-2017: Cyber Perspectives, LLC, All rights reserved
* Released under the Apache v2.0 License
*
* Portions Copyright (c) 2012-2015, Salient Federal Solutions
* Portions Copyright (c) 2008-2011, Science Applications International Corporation (SAIC)
* Released under Modified BSD License
*
* See license.txt for details
*
* Change Log:
* - Sep 12, 2013 - File created
* - Sep 1, 2016 - Updated Copyright and added comments
* - Jan 10, 2018 - Changed $site and $system to class objects instead of ID's
*/
include_once 'people.inc';
/**
* Represents the ST&E itself
*
* @author Ryan Prather
*/
class ste {
/**
* STE ID
*
* @var integer
*/
protected $id = 0;
/**
* System ID
*
* @var site
*/
protected $system = 0;
/**
* Site ID
*
* @var site
*/
protected $site = 0;
/**
* Evaluation start date
*
* @var DateTime
*/
protected $eval_start;
/**
* Evaluation end date
*
* @var DateTime
*/
protected $eval_end;
/**
* Does this ST&amp;E contain multiple systems
*
* @var boolean
*/
protected $multiple = false;
/**
* What is the primary ST&amp;E
*
* @var integer
*/
protected $primary = 0;
/**
* What is the scope of the ST&amp;E
*
* @var string
*/
protected $scope = '';
/**
* ST&amp;E Assumptions
*
* @var string
*/
protected $assumptions = '';
/**
* ST&amp;E Constraints
*
* @var string
*/
protected $constraints = '';
/**
* ST&amp;E Recommendations
*
* @var string
*/
protected $recommendations = '';
/**
* Residual risk
*
* @var string
*/
protected $residual_risk = '';
/**
* Deviations from the ST&amp;E plan
*
* @var string
*/
protected $deviations = '';
/**
* Final conclusions of the ST&amp;E
*
* @var string
*/
protected $conclusions = '';
/**
* Final status of the system
*
* @var string
*/
protected $status = '';
/**
* Individual approving official
*
* @var string
*/
protected $ao = '';
/**
* Members of the ST&E team
*
* @var array:people
*/
protected $ste_team = array();
/**
*
* @param integer $id
* @param system $system
* @param site $site
* @param string $eval_Start
* @param string $eval_End
* @param boolean $multiple_in
* @param integer $primary_in
*/
public function __construct($id, $system, $site, $eval_Start, $eval_End, $multiple_in, $primary_in) {
$this->id = $id;
$this->system = $system;
$this->site = $site;
$this->eval_end = new DateTime($eval_End);
$this->eval_start = new DateTime($eval_Start);
$this->multiple = $multiple_in;
$this->primary = $primary_in;
}
/**
* Getter function for STE ID
*
* @return integer
*/
public function get_ID() {
return $this->id;
}
/**
* Setter function for STE ID
*
* @param integer $id_in
*/
public function set_ID($id_in) {
$this->id = $id_in;
}
/**
* Getter function for System Id
*
* @return integer
*/
public function get_System() {
return $this->system;
}
/**
* Getter function for Site ID
*
* @return integer
*/
public function get_Site() {
return $this->site;
}
/**
* Getter function for evaluation start date
*
* @return DateTime
*/
public function get_Eval_Start_Date() {
return $this->eval_start;
}
/**
* Getter function for evaluation end date
*
* @return DateTime
*/
public function get_Eval_End_Date() {
return $this->eval_end;
}
/**
* Does this ST&E have multiple systems
*
* @return boolean
*/
public function is_Multiple() {
return $this->multiple;
}
/**
* Getter function for primary ID
*
* @return integer
*/
public function get_Primary_ID() {
return $this->primary;
}
/**
* Setter function for primary ID
*
* @param integer $primary_in
*/
public function set_Primary_ID($primary_in) {
$this->primary = $primary_in;
}
/**
* Getter function for ST&amp;E Scope
*
* @return string
*/
public function get_Scope() {
return $this->scope;
}
/**
* Setter function for ST&amp;E Scope
*
* @param string $scope_in
*/
public function set_Scope($scope_in) {
$this->scope = $scope_in;
}
/**
* Getter function for ST&amp;E Assumptions
*
* @return string
*/
public function get_Assumptions() {
return $this->assumptions;
}
/**
* Setter function for ST&amp;E Assumptions
*
* @param string $assumptions_in
*/
public function set_Assumptions($assumptions_in) {
$this->assumptions = $assumptions_in;
}
/**
* Getter function for ST&amp;E Constraints
*
* @return string
*/
public function get_Constraints() {
return $this->constraints;
}
/**
* Setter function for ST&amp;E Constraints
*
* @param string $constraints_in
*/
public function set_Constraints($constraints_in) {
$this->constraints = $constraints_in;
}
/**
* Getter function for ST&amp;E Deviations
*
* @return string
*/
public function get_Deviations() {
return $this->deviations;
}
/**
* Setter function for ST&amp;E Deviations
*
* @param string $deviation_in
*/
public function set_Deviations($deviation_in) {
$this->deviations = $deviation_in;
}
/**
* Getter functions for ST&amp;E Recommendations
*
* @return string
*/
public function get_Recommendations() {
return $this->recommendations;
}
/**
* Setter function for ST&amp;E Recommendations
*
* @param string $recommendations_in
*/
public function set_Recommendations($recommendations_in) {
$this->recommendations = $recommendations_in;
}
/**
* Getter function for ST&amp;E Residual Risk
*
* @return string
*/
public function get_Residual_Risk() {
return $this->residual_risk;
}
/**
* Setter function for ST&amp;E Residual Risk
*
* @param string $residual_risk_in
*/
public function set_Residual_Risk($residual_risk_in) {
$this->residual_risk = $residual_risk_in;
}
/**
* Getter function for ST&amp;E Conclusions
*
* @return string
*/
public function get_Conclusions() {
return $this->conclusions;
}
/**
* Setter function for ST&amp;E Conclusions
*
* @param string $conclusions_in
*/
public function set_Conclusions($conclusions_in) {
$this->conclusions = $conclusions_in;
}
/**
* Getter function for the ST&amp;E status
*
* @return string
*/
public function get_Status() {
return $this->status;
}
/**
* Setter function for the ST&amp;E status
*
* @param string $str_status
*/
public function set_Status($str_status) {
$this->status = $str_status;
}
/**
* Getter function for the approving official
*
* @return string
*/
public function get_AO() {
return $this->ao;
}
/**
* Setter function for the approving official
*
* @param string $str_ao
*/
public function set_AO($str_ao) {
$this->ao = $str_ao;
}
/**
* Getter function for the ST&amp;E team members
*
* @return array:people
*/
public function get_STE_Team() {
return $this->ste_team;
}
/**
* Function to add team members to the ST&amp;E
*
* @param people $people
*/
public function add_STE_Team_Member($people) {
$this->ste_team[] = $people;
}
}

445
classes/ste_cat.inc Normal file
View File

@ -0,0 +1,445 @@
<?php
/**
* File: ste_cat.inc
* Author: Ryan Prather
* Purpose: Represents a category that is assigned to an ST&E
* Created: Sep 16, 2013
*
* Portions Copyright 2016-2017: Cyber Perspectives, LLC, All rights reserved
* Released under the Apache v2.0 License
*
* Portions Copyright (c) 2012-2015, Salient Federal Solutions
* Portions Copyright (c) 2008-2011, Science Applications International Corporation (SAIC)
* Released under Modified BSD License
*
* See license.txt for details
*
* Change Log:
* - Sep 16, 2013 - File created
* - Sep 1, 2016 - Updated Copyright, added category editing,
* Added functionality for expected sources in this category,
* Converted category row to use div tags,
* Added vertical menu to accessing other functionality
* - Nov 21, 2016 - Added exclusion for Unassigned category so that the export button is not displayed
* - Dec 7, 2016 - Disabled eChecklist export on Unassigned category
* - Jan 30, 2017 - Removed eChecklist export for the Unassigned category and added autocategorization for Unassigned category
* - Feb 15, 2017 - Added Export CKL link in vertical menu. Need to add functionality to do that.
* - Feb 21, 2017 - Removed above Export CKL link in favor of writing a command script
* - Apr 5, 2017 - Removed "Rename Cat" vertical menu item, formatting, and expanded functionality of the add_Sources method
* - Apr 7, 2017 - Removed vertical menu for "Unassigned" category
* - Apr 11, 2017 - Make "Add target" open in new tab
* - May 13, 2017 - Added "Export CKL" to category header dropdown
* - Jan 10, 2018 - Formatting, added getSTECatRow method for /ste/stats.php and getSourceIDs method
*/
/**
* Represents the ST&E categories
*
* @author Ryan Prather
*/
class ste_cat
{
/**
* category ID
*
* @var integer
*/
protected $id = 0;
/**
* STE ID
*
* @var integer
*/
protected $ste_id = 0;
/**
* category name
*
* @var string
*/
protected $name = '';
/**
* Analyst in charge of category
*
* @var string
*/
protected $analyst = '';
/**
* Array of sources that are expected in the category
*
* @var array:sources
*/
protected $sources = [];
/**
* Variable to store count of Open findings in all targets in this category
*
* @var integer
*/
public $open = 0;
/**
* Variable to store count of Not a Finding findings in all targets in this category
*
* @var integer
*/
public $nf = 0;
/**
* Variable to store count of Not Reviewed findings in all targets in this category
*
* @var integer
*/
public $nr = 0;
/**
* Variable to store count of Not Applicable findings in all targets in this category
*
* @var integer
*/
public $na = 0;
/**
* Variable to store total number of PDIs
*
* @var integer
*/
public $total = 0;
/**
* Variable to store target count
*
* @var integer
*/
public $tgt_count = 0;
/**
* Constructor
*
* @param integer $int_ID
* @param integer $int_STE_ID
* @param string $str_Name
* @param string $str_Analyst
*/
public function __construct($int_ID, $int_STE_ID, $str_Name, $str_Analyst)
{
$this->id = $int_ID;
$this->ste_id = $int_STE_ID;
$this->name = $str_Name;
$this->analyst = $str_Analyst;
}
/**
* Getter function for ID
*
* @return integer
*/
public function get_ID()
{
return $this->id;
}
/**
* Setter function for ID
*
* @param integer $id_in
*/
public function set_ID($id_in)
{
$this->id = $id_in;
}
/**
* Getter function for STE ID
*
* @return integer
*/
public function get_STE_ID()
{
return $this->ste_id;
}
/**
* Getter function for name
*
* @return string
*/
public function get_Name()
{
return $this->name;
}
/**
* Getter function for analyst
*
* @return string
*/
public function get_Analyst()
{
return $this->analyst;
}
/**
* Getter function for the expected scan source array
*
* @return array:source
*/
public function get_Sources()
{
return $this->sources;
}
/**
* Getter function to return array of source IDs
*
* @return array:integer
*/
public function getSourceIDs()
{
$ret = [];
if (is_array($this->sources) && count($this->sources)) {
foreach ($this->sources as $s) {
$ret[] = $s->get_ID();
}
}
return $ret;
}
/**
* Function to add an expected scan source to the category
* @param source $src
*/
public function add_Source($src)
{
if (is_array($src) && count($src) && isset($src[0]) && is_a($src[0], 'source')) {
$this->sources[$src[0]->get_ID()] = $src[0];
}
elseif (is_a($src, 'source')) {
$this->sources[$src->get_ID()] = $src;
}
}
/**
* Function to remove an expected scan source from the category
*
* @param source $src
*/
public function remove_Source($src)
{
unset($this->sources[$src->get_ID()]);
}
/**
* Getter function for preformated option tag
*
* @return string
*/
public function get_Option()
{
return "<option value='" . $this->id . "'>" . $this->name . "</option>";
}
/**
* Getter function for preformated table row
*
* @param integer$intCount
* @param mixed$status_count
*
* @return string
*/
public function get_Table_Row($intCount = 0, $status_count = null)
{
$nf = 0;
$open = 0;
$na = 0;
if (!is_null($status_count)) {
if (isset($status_count['nf'])) {
$nf = $status_count['nf'];
}
if (isset($status_count['na'])) {
$na = $status_count['na'];
}
if (isset($status_count['open'])) {
$open = $status_count['open'];
}
}
$cat_sources = array();
if (is_array($this->sources) && count($this->sources)) {
foreach ($this->sources as $src) {
$cat_sources[] = $src->get_ID();
}
}
$sources = json_encode($cat_sources);
$link = ($this->name != 'Unassigned' ? "<a href='javascript:void(0);' onclick='open_echecklist({$this->id});'>{$this->name}</a>" : $this->name);
$analyst = ($this->analyst ? "&nbsp;&nbsp;({$this->analyst})" : "");
$export = ($this->name != 'Unassigned' ?
"<a href='/ste/export.php?cat={$this->id}' target='_new'>" .
"<img src='/img/export.jpg' class='cat_icons' title='Export eChecklist' />" .
"</a>" :
"<img src='/img/move.jpg' class='cat_icons' title='Autocategorize targets' onclick='javascript:auto_cat();' />"
);
$vert_menu = ($this->name != 'Unassigned' ? $this->get_Vert_Option_Menu() : '');
return <<<EOC
<div class='table-cat' id='cat_{$this->id}'>
<input type='hidden' id='cat_{$this->id}_dl' value='0' />
<input type='hidden' id='cat_sources_{$this->id}' value='{$sources}' />
<span class='cat-cell' style='width:200px;'>
<span class='cat-cell' style=''>
<i class='far toggler fa-plus-square' id='collapse_{$this->id}' data-id='{$this->id}' title='Expand/Collapse All'></i>
</span>
<span class='cat-cell' style=''>
<img src='/img/select_all.png' class='cat_icons' title='Select All/None' onclick='javascript:select("{$this->id}");' />
</span>
<span class='nf cat-cell' style='min-width:25px;' title='Not a Finding'>{$nf}</span>
<span class='open cat-cell' style='min-width:25px;' title='Open'>{$open}</span>
<span class='na cat-cell' style='min-width:25px;' title='Not Applicable'>{$na}</span>
</span>
<span class='cat-cell' style='width:800px;' id='cat_name_{$this->id}'>
{$link} ({$intCount}){$analyst}
</span>
<span class='cat-cell' style='width:200px;'>
<span class='cat-cell' style=''>
$export
</span>
<span class='cat-cell' style=''>
<form method='post' style='display: inline;' action='index.php' id='assign_{$this->id}'>
<input type='hidden' name='action' value='assign' />
<input type='hidden' name='ste' value='{$this->ste_id}' />
<input type='hidden' name='cat_id' value='{$this->id}' />
<input type='hidden' name='analyst' id='analyst_{$this->id}' value='' />
<img src='/img/assign-to.png' class='cat_icons' title='Assign category to analyst' onclick='assign("{$this->id}");' />
</form>
</span>
$vert_menu
</span>
</div>
EOC;
}
/**
* Getter function for preformated table row
*
* @param mixed $status_count
*
* @return string
*/
public function getSTECatRow($status_count = null)
{
$nf = "0%";
$nr = "0%";
$na = "0%";
$open = "0%";
if (!is_null($status_count)) {
if (isset($status_count['nf'])) {
$nf = number_format(($status_count['nf'] / $this->total) * 100, 0) . "%";
}
if (isset($status_count['na'])) {
$na = number_format(($status_count['na'] / $this->total) * 100, 0) . "%";
}
if (isset($status_count['open'])) {
$open = number_format(($status_count['open'] / $this->total) * 100, 0) . "%";
}
if (isset($status_count['nr'])) {
$nr = number_format(($status_count['nr'] / $this->total) * 100, 0) . "%";
}
}
else {
if ($this->total - $this->nr > 0) {
$nf = ($this->total ? number_format(($this->nf / ($this->total - $this->nr)) * 100, 0) . "%" : "0%");
$na = ($this->total ? number_format(($this->na / ($this->total - $this->nr)) * 100, 0) . "%" : "0%");
$open = ($this->total ? number_format(($this->open / ($this->total - $this->nr) * 100), 0) . "%" : "0%");
}
$nr = ($this->total ? number_format(($this->nr / $this->total) * 100, 0) . "%" : "0%");
}
$cat_sources = [];
if (is_array($this->sources) && count($this->sources)) {
foreach ($this->sources as $src) {
$cat_sources[] = $src->get_ID();
}
}
$sources = json_encode($cat_sources);
$link = ($this->name != 'Unassigned' ? "<a href='javascript:void(0);' onclick='open_echecklist({$this->id});'>{$this->name}</a>" : $this->name);
$analyst = ($this->analyst ? "&nbsp;&nbsp;({$this->analyst})" : "");
$export = ($this->name != 'Unassigned' ?
"<a href='/ste/export.php?cat={$this->id}' target='_new'>" .
"<img src='/img/export.jpg' class='cat_icons' title='Export eChecklist' />" .
"</a>" :
"<img src='/img/move.jpg' class='cat_icons' title='Autocategorize targets' onclick='javascript:auto_cat();' />"
);
$vert_menu = ($this->name != 'Unassigned' ? $this->get_Vert_Option_Menu() : '');
return <<<EOC
<div class='table-cat' id='cat_{$this->id}'>
<input type='hidden' id='cat_{$this->id}_dl' value='0' />
<input type='hidden' id='cat_sources_{$this->id}' value='{$sources}' />
<span class='cat-cell' style='width:250px;'>
<span class='cat-cell'>
<i class='far toggler fa-plus-square' id='collapse_{$this->id}' data-id='{$this->id}' title='Expand/Collapse All'> </i>
</span>
<span class='cat-cell'>
<img src='/img/select_all.png' class='cat_icons' title='Select All/None' onclick='javascript:select("{$this->id}");' />
</span>
<span class='open cat-cell' style='width:50px;' title='Open'>{$open}</span>
<span class='nf cat-cell' style='width:50px;' title='Not a Finding'>{$nf}</span>
<span class='na cat-cell' style='width:50px;' title='Not Applicable'>{$na}</span>
<span class='nr cat-cell' style='width:50px;' title='Not Reviewed'>{$nr}</span>
</span>
<span class='cat-cell' style='width:700px;' id='cat_name_{$this->id}'>$link&nbsp;&nbsp;({$this->tgt_count})$analyst</span>
<span class='cat-cell' style='width:250px;'>
<span class='cat-cell' style=''>{$export}</span>
<span class='cat-cell' style=''>
<form method='post' style='display: inline;' action='index.php' id='assign_{$this->id}'>
<input type='hidden' name='action' value='assign' />
<input type='hidden' name='ste' value='{$this->ste_id}' />
<input type='hidden' name='cat_id' value='{$this->id}' />
<input type='hidden' name='analyst' id='analyst_{$this->id}' value='' />
<img src='/img/assign-to.png' class='cat_icons' title='Assign category to analyst' onclick='assign("{$this->id}");' />
</form>
</span>
$vert_menu
</span>
</div>
EOC;
}
/**
* Function to create vertical menu
*
* @return string
*/
public function get_Vert_Option_Menu()
{
return <<<EOC
<dl id='menu'>
<dt onmouseover='javascript:montre("smenu{$this->id}");'>
<img src='/img/options.png' style='width:20px;vertical-align:middle;' />
</dt>
<dd id='smenu{$this->id}' onmouseover='javascript:montre("smenu{$this->id}");' onmouseout='javascript:montre();'>
<ul>
<li><a href='/ste/target.php?ste={$this->ste_id}&cat={$this->id}' target='_blank'>Add Target</a></li>
<li><a href='javascript:void(0);' onclick='javascript:edit_cat({$this->id});'>Edit Category</a></li>
<li><a href='javascript:void(0);' onclick='javascript:delete_cat({$this->id});'>Delete Category</a></li>
<li><a href='interview.php?cat={$this->id}' target='_new'>Category Interview</a></li>
<li><a href='bulk_edit.php?cat={$this->id}'>Bulk Edit</a></li>
<li><a href='javascript:void(0);' onclick='javascript:export_ckl({$this->id});'>Export CKL</a></li>
</ul>
</dd>
</dl>
EOC;
}
}

132
classes/stigs.inc Normal file
View File

@ -0,0 +1,132 @@
<?php
/**
* File: stigs.inc
* Author: Ryan Prather
* Purpose: Represents a DISA Security Technical Implementation Guide (STIG) item
* Created: Sep 12, 2013
*
* Portions Copyright (c) 2012-2015, Salient Federal Solutions
* Portions Copyright (c) 2008-2011, Science Applications International Corporation (SAIC)
* Released under Modified BSD License
*
* See license.txt for details
*
* Change Log:
* - Sep 12, 2013 - File created
*/
/**
* Represents a DISA STIG scan
*
* @author Ryan Prather
*
*/
class stig {
/**
* PDI ID
*
* @var integer
*/
protected $pdi_id = 0;
/**
* STIG ID
*
* @var string
*/
protected $stig_id = '';
/**
* Description
*
* @var string
*/
protected $description = '';
/**
* Tweak data function content
*
* @var string
*/
protected $function = '';
/**
* Constructor
*
* @param integer $int_PDI_ID
* @param string $str_STIG_ID
* @param string $str_Description
* @param string $str_Value
*/
public function __construct($int_PDI_ID, $str_STIG_ID, $str_Description, $str_Value = null) {
$this->pdi_id = $int_PDI_ID;
$this->stig_id = $str_STIG_ID;
$this->description = $str_Description;
}
/**
* Getter function for PDI ID
*
* @return integer
*/
public function get_PDI_ID() {
return $this->pdi_id;
}
/**
* Getter function for STIG ID
*
* @return string
*/
public function get_ID() {
return $this->stig_id;
}
/**
* Setter function for STIG ID
*
* @param string $str_STIG_ID
*/
public function set_ID($str_STIG_ID) {
$this->stig_id = $str_STIG_ID;
}
/**
* Getter function for description
*
* @return string
*/
public function get_Description() {
return $this->description;
}
/**
* Setter function for description
*
* @param string $str_Description
*/
public function set_Description($str_Description) {
$this->description = $str_Description;
}
/**
* Getter function for the tweak data function content
*
* @return string
*/
public function get_Function() {
return $this->function;
}
/**
* Setter function for the tweak data function content
*
* @param string $str_Function_In
*/
public function set_Function($str_Function_In) {
$this->function = $str_Function_In;
}
}

82
classes/sv_rule.inc Normal file
View File

@ -0,0 +1,82 @@
<?php
/**
* File: sv_rule.inc
* Author: Ryan Prather
* Purpose: Represents a DISA SV_Rule which are STIG/Software dependent
* Created: Sep 12, 2013
*
* Portions Copyright 2016-2017: Cyber Perspectives, LLC, All rights reserved
* Released under the Apache v2.0 License
*
* Portions Copyright (c) 2012-2015, Salient Federal Solutions
* Portions Copyright (c) 2008-2011, Science Applications International Corporation (SAIC)
* Released under Modified BSD License
*
* See license.txt for details
*
* Change Log:
* - Sep 12, 2013 - File created
* - Sep 1, 2016 - Updated Copyright and added comments
*/
/**
* Represents a DISA SV Rule
*
* @author Ryan Prather
*/
class sv_rule {
/**
* PDI ID
*
* @var integer
*/
protected $pdi_id = 0;
/**
* SV Rule
*
* @var string
*/
protected $sv_rule = '';
/**
* Constructor
*
* @param integer $int_PDI_ID
* @param string $str_SV_Rule
*/
public function __construct($int_PDI_ID, $str_SV_Rule) {
$this->pdi_id = $int_PDI_ID;
$this->sv_rule = $str_SV_Rule;
}
/**
* Getter function for PDI ID
*
* @return integer
*/
public function get_PDI_ID() {
return $this->pdi_id;
}
/**
* Getter function for SV Rule
*
* @return string
*/
public function get_SV_Rule() {
return $this->sv_rule;
}
/**
* Setter function for SV Rule
*
* @param string $str_SV_Rule
*/
public function set_SV_Rule($str_SV_Rule) {
$this->sv_rule = $str_SV_Rule;
}
}

326
classes/system.inc Normal file
View File

@ -0,0 +1,326 @@
<?php
/**
* File: system.inc
* Author: Ryan Prather
* Purpose: Represents a system
* Created: Sep 12, 2013
*
* Portions Copyright 2016-2017: Cyber Perspectives, LLC, All rights reserved
* Released under the Apache v2.0 License
*
* Portions Copyright (c) 2012-2015, Salient Federal Solutions
* Portions Copyright (c) 2008-2011, Science Applications International Corporation (SAIC)
* Released under Modified BSD License
*
* See license.txt for details
*
* Change Log:
* - Sep 12, 2013 - File created
* - Sep 1, 2016 - Updated Copyright and added comments
*/
/**
* Represents the different accredidation types
*
* @author Ryan Prather
*/
class accrediation_types {
const DIACAP = 0;
const RMF = 1;
const PCI = 2;
const NISPOM = 3;
const HIPAA = 4;
const SOX = 5;
const COBIT = 6;
}
/**
* Represent a the system being tested
*
* @author Ryan Prather
*/
class system {
/**
* System ID
*
* @var integer
*/
protected $id = 0;
/**
* System Name
*
* @var string
*/
protected $name = '';
/**
* System name abbreviation
*
* @var string
*/
protected $abbr = '';
/**
* System MAC level
*
* @var integer
*/
protected $mac = 0;
/**
* System classification
*
* @var string
*/
protected $classification = '';
/**
* System accrediation type
*
* @var accrediation_types
*/
protected $accred_type = null;
/**
* System description
*
* @var string
*/
protected $description = '';
/**
* System mitigations
*
* @var string
*/
protected $mitigations = '';
/**
* System executive summary
*
* @var string
*/
protected $executive_summary = '';
/**
* System diagram
*
* @var binary
*/
protected $diagram = null;
/**
* Constructor
*
* @param integer $int_ID
* @param string $str_Name
* @param integer $int_MAC
* @param string $str_Class
*/
public function __construct($int_ID, $str_Name, $int_MAC, $str_Class) {
$this->id = $int_ID;
$this->name = $str_Name;
$this->mac = $int_MAC;
$this->classification = $str_Class;
}
/**
* Getter function for System Id
*
* @return integer
*/
public function get_ID() {
return $this->id;
}
/**
* Setter function for system ID
*
* @param integer $id_in
*/
public function set_ID($id_in) {
$this->id = $id_in;
}
/**
* Getter function for system name
*
* @return string
*/
public function get_Name() {
return $this->name;
}
/**
* Setter function for system name
*
* @param string $str_Name
*/
public function set_Name($str_Name) {
$this->name = $str_Name;
}
/**
* Getter function for system abbreviation
*
* @return string
*/
public function get_Abbreviation() {
return $this->abbr;
}
/**
* Setter function for system abbreviation
*
* @param string $abbr_in
*/
public function set_Abbreviation($abbr_in) {
$this->abbr = $abbr_in;
}
/**
* Getter function for MAC
*
* @return integer
*/
public function get_MAC() {
return $this->mac;
}
/**
* Setter function for MAC
*
* @param integer $int_MAC
*/
public function set_MAC($int_MAC) {
$this->mac = $int_MAC;
}
/**
* Getter function for classification
*
* @return string
*/
public function get_Classification() {
return $this->classification;
}
/**
* Settr function for classification
*
* @param string $str_Class
*/
public function set_Classification($str_Class) {
$this->classification = $str_Class;
}
/**
* Getter function for system accrediation type
*
* @return accrediation_types
*/
public function get_Accreditation_Type() {
return $this->accred_type;
}
/**
* Setter function for system accrediation type
*
* @param accrediation_types $accred_type_in
*/
public function set_Accreditation_Type($accred_type_in) {
$this->accred_type = $accred_type_in;
}
/**
* Getter function for system description
*
* @return string
*/
public function get_Description() {
return $this->description;
}
/**
* Setter function for system description
*
* @param string $str_desc_in
*/
public function set_Description($str_desc_in) {
$this->description = $str_desc_in;
}
/**
* Getter function for system mitigations
*
* @return string
*/
public function get_Mitigations() {
return $this->mitigations;
}
/**
* Setter function for system mitigations
*
* @param string $str_mit_in
*/
public function set_Mitigations($str_mit_in) {
$this->mitigations = $str_mit_in;
}
/**
* Getter function for system executive summary
*
* @return string
*/
public function get_Executive_Summary() {
return $this->executive_summary;
}
/**
* Setter function for system executive summary
*
* @param string $exec_sum_in
*/
public function set_Executive_Summary($exec_sum_in) {
$this->executive_summary = $exec_sum_in;
}
/**
* Getter function for system diagram
*
* @return binary
*/
public function get_Diagram() {
return $this->diagram;
}
/**
* Setter function for system diagram
*
* @param binary $bin_diag_in
*/
public function set_Diagram($bin_diag_in) {
$this->diagram = $bin_diag_in;
}
/**
* Getter function for preformated option tag
*
* @param boolean $selected_System
* @param integer $ste_id
* @return string
*/
public function get_Option($selected_System = null, $ste_id = null) {
return "<option value='" . $this->id . "" .
(!is_null($ste_id) ? "_$ste_id'" : "'") .
($selected_System ? " selected" : "") .
">" . $this->name . "</option>";
}
}

1519
classes/target.inc Normal file
View File

File diff suppressed because it is too large Load Diff

127
classes/uuid.inc Normal file
View File

@ -0,0 +1,127 @@
<?php
/**
* File: uuid.inc
* Author: Andrew Moore (http://php.net/manual/en/function.uniqid.php#94959)
* Integrated by: Matt Shuter
* Purpose: Generates VALID RFC 4211 COMPLIANT Universally Unique IDentifiers (UUID) version 3, 4 and 5.
* Version 3 and 5 UUIDs are named based. They require a namespace (another valid UUID) and a value (the name).
* Given the same namespace and name, the output is always the same.
* Version 4 UUIDs are pseudo-random.
* UUIDs generated below validates using OSSP UUID Tool, and output for named-based UUIDs are exactly the same.
* Created: Feb 20, 2017
*
* Copyright 2017: Cyber Perspective, LLC, All rights reserved
* Released under the Apache v2.0 License
*
* See license.txt for details
*
* Change Log:
* - Oct 16, 2017 - File created
*/
/* Usage
*
* Named-based UUID.
* $v3uuid = UUID::v3('1546058f-5a25-4334-85ae-e68f2a44bbaf', 'SomeRandomString');
* $v5uuid = UUID::v5('1546058f-5a25-4334-85ae-e68f2a44bbaf', 'SomeRandomString');
*
* Pseudo-random UUID
* $v4uuid = UUID::v4();
*/
class UUID {
public static function v3($namespace, $name) {
if (!self::is_valid($namespace))
return false;
// Get hexadecimal components of namespace
$nhex = str_replace(array('-', '{', '}'), '', $namespace);
// Binary Value
$nstr = '';
// Convert Namespace UUID to bits
for ($i = 0; $i < strlen($nhex); $i += 2) {
$nstr .= chr(hexdec($nhex[$i] . $nhex[$i + 1]));
}
// Calculate hash value
$hash = md5($nstr . $name);
return sprintf('%08s-%04s-%04x-%04x-%12s',
// 32 bits for "time_low"
substr($hash, 0, 8),
// 16 bits for "time_mid"
substr($hash, 8, 4),
// 16 bits for "time_hi_and_version",
// four most significant bits holds version number 3
(hexdec(substr($hash, 12, 4)) & 0x0fff) | 0x3000,
// 16 bits, 8 bits for "clk_seq_hi_res",
// 8 bits for "clk_seq_low",
// two most significant bits holds zero and one for variant DCE1.1
(hexdec(substr($hash, 16, 4)) & 0x3fff) | 0x8000,
// 48 bits for "node"
substr($hash, 20, 12)
);
}
public static function v4() {
return sprintf('%04x%04x-%04x-%04x-%04x-%04x%04x%04x',
// 32 bits for "time_low"
mt_rand(0, 0xffff), mt_rand(0, 0xffff),
// 16 bits for "time_mid"
mt_rand(0, 0xffff),
// 16 bits for "time_hi_and_version",
// four most significant bits holds version number 4
mt_rand(0, 0x0fff) | 0x4000,
// 16 bits, 8 bits for "clk_seq_hi_res",
// 8 bits for "clk_seq_low",
// two most significant bits holds zero and one for variant DCE1.1
mt_rand(0, 0x3fff) | 0x8000,
// 48 bits for "node"
mt_rand(0, 0xffff), mt_rand(0, 0xffff), mt_rand(0, 0xffff)
);
}
public static function v5($namespace, $name) {
if (!self::is_valid($namespace))
return false;
// Get hexadecimal components of namespace
$nhex = str_replace(array('-', '{', '}'), '', $namespace);
// Binary Value
$nstr = '';
// Convert Namespace UUID to bits
for ($i = 0; $i < strlen($nhex); $i += 2) {
$nstr .= chr(hexdec($nhex[$i] . $nhex[$i + 1]));
}
// Calculate hash value
$hash = sha1($nstr . $name);
return sprintf('%08s-%04s-%04x-%04x-%12s',
// 32 bits for "time_low"
substr($hash, 0, 8),
// 16 bits for "time_mid"
substr($hash, 8, 4),
// 16 bits for "time_hi_and_version",
// four most significant bits holds version number 5
(hexdec(substr($hash, 12, 4)) & 0x0fff) | 0x5000,
// 16 bits, 8 bits for "clk_seq_hi_res",
// 8 bits for "clk_seq_low",
// two most significant bits holds zero and one for variant DCE1.1
(hexdec(substr($hash, 16, 4)) & 0x3fff) | 0x8000,
// 48 bits for "node"
substr($hash, 20, 12)
);
}
public static function is_valid($uuid) {
return preg_match('/^\{?[0-9a-f]{8}\-?[0-9a-f]{4}\-?[0-9a-f]{4}\-?' .
'[0-9a-f]{4}\-?[0-9a-f]{12}\}?$/i', $uuid) === 1;
}
}

17
classes/vul.inc Normal file
View File

@ -0,0 +1,17 @@
<?php
/**
* File: vul.inc
* Author: Ryan Prather
* Purpose: Represents a Vul check
* Created: Sep 12, 2013
*
* Portions Copyright (c) 2012-2015, Salient Federal Solutions
* Portions Copyright (c) 2008-2011, Science Applications International Corporation (SAIC)
* Released under Modified BSD License
*
* See license.txt for details
*
* Change Log:
* - Sep 12, 2013 - File created
*/