ryan/sagacity
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

initial commit of SVN release repo

Browse Source
This commit is contained in:
Ryan Prather
2018-05-07 10:51:08 -04:00
committed by Ryan Prather
parent 2c25d5e577
commit 8c38a6cdb9
4369 changed files with 728576 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

97
data/compare.php Normal file
View File

@ -0,0 +1,97 @@
<?php
/**
* File: compare.php
* Author: Ryan Prather
* Purpose: Performs a high-level ST&E comparison
* Created: Dec 9, 2014
*
* Portions Copyright (c) 2012-2015, Salient Federal Solutions
* Portions Copyright (c) 2008-2011, Science Applications International Corporation (SAIC)
* Released under Modified BSD License
*
* See license.txt for details
*
* Change Log:
* - Dec 9, 2014 - File created
*/
include_once 'database.inc';
include_once 'header.inc';
$db = new db();
$left_ste = $db->get_STE($_REQUEST['left_ste'])[0];
$right_ste = $db->get_STE($_REQUEST['right_ste'])[0];
$left_tgts = $db->get_Target_Details($_REQUEST['left_ste']);
$right_tgts = $db->get_Target_Details($_REQUEST['right_ste']);
$left_cnt = (is_array($left_tgts) ? count($left_tgts) : 0);
$right_cnt = (is_array($right_tgts) ? count($right_tgts) : 0);
$left_cats = $db->get_STE_Category_List($left_ste->get_ID());
$right_cats = $db->get_STE_Category_List($right_ste->get_ID());
$left_cat_1 = 0;$left_cat_2 = 0;$left_cat_3 = 0;$left_nf = 0;$left_na = 0;$left_nr = 0;
$right_cat_1 = 0;$right_cat_2 = 0;$right_cat_3 = 0;$right_nf = 0;$right_na = 0;$right_nr = 0;
foreach($left_cats as $key => $cat) {
$left_cat_1 += $db->get_Finding_Count_By_Status($cat->get_ID(), "Open", "1");
$left_cat_2 += $db->get_Finding_Count_By_Status($cat->get_ID(), "Open", "2");
$left_cat_3 += $db->get_Finding_Count_By_Status($cat->get_ID(), "Open", "3");
$left_nf += $db->get_Finding_Count_By_Status($cat->get_ID(), "Not a Finding");
$left_na += $db->get_Finding_Count_By_Status($cat->get_ID(), "Not Applicable");
$left_nr += $db->get_Finding_Count_By_Status($cat->get_ID(), "Not Reviewed");
}
foreach($right_cats as $key => $cat) {
$right_cat_1 += $db->get_Finding_Count_By_Status($cat->get_ID(), "Open", "1");
$right_cat_2 += $db->get_Finding_Count_By_Status($cat->get_ID(), "Open", "2");
$right_cat_3 += $db->get_Finding_Count_By_Status($cat->get_ID(), "Open", "3");
$right_nf += $db->get_Finding_Count_By_Status($cat->get_ID(), "Not a Finding");
$right_na += $db->get_Finding_Count_By_Status($cat->get_ID(), "Not Applicable");
$right_nr += $db->get_Finding_Count_By_Status($cat->get_ID(), "Not Reviewed");
}
?>
<table style='width:600px;'>
<tr>
<th>ST&amp;E</th>
<th>Target Count</th>
<th class='cat_I'>I</th>
<th class='cat_II'>II</th>
<th class='cat_III'>III</th>
<th class='nf'>NF</th>
<th class='na'>NA</th>
<th class='nr'>NR</th>
<th>Charts?</th>
</tr>
<tr>
<td><?php print $left_ste->get_System()->get_Name()." ".$left_ste->get_Site()->get_Name()." ".$left_ste->get_Eval_Start_Date()->format("Y-m-d")."-".$left_ste->get_Eval_End_Date()->format("Y-m-d") ?></td>
<td><?php print $left_cnt; ?></td>
<td class='cat_I'><?php print $left_cat_1; ?></td>
<td class='cat_II'><?php print $left_cat_2; ?></td>
<td class='cat_III'><?php print $left_cat_3; ?></td>
<td class='nf'><?php print $left_nf; ?></td>
<td class='na'><?php print $left_na; ?></td>
<td class='nr'><?php print $left_nr; ?></td>
<td>&nbsp;</td>
</tr>
<tr>
<td><?php print $right_ste->get_System()->get_Name()." ".$right_ste->get_Site()->get_Name()." ".$right_ste->get_Eval_Start_Date()->format("Y-m-d")."-".$right_ste->get_Eval_End_Date()->format("Y-m-d") ?></td>
<td><?php print $right_cnt; ?></td>
<td class='cat_I'><?php print $right_cat_1; ?></td>
<td class='cat_II'><?php print $right_cat_2; ?></td>
<td class='cat_III'><?php print $right_cat_3; ?></td>
<td class='nf'><?php print $right_nf; ?></td>
<td class='na'><?php print $right_na; ?></td>
<td class='nr'><?php print $right_nr; ?></td>
<td>&nbsp;</td>
</tr>
</table>
<form method="post" action="compare_targets.php">
<input type="hidden" name="left_ste" value="<?php print $_REQUEST['left_ste']; ?>" />
<input type="hidden" name="right_ste" value="<?php print $_REQUEST['right_ste']; ?>" />
<input type="submit" name="action" value="Compare Targets" />
</form>

170
data/compare_host.php Normal file
View File

@ -0,0 +1,170 @@
<?php
/**
* File: compare_host.php
* Author: Ryan Prather
* Purpose: Allow the comparaison between 2 targets
* Created: Dec 16, 2014
*
* Portions Copyright 2016: Cyber Perspectives, All rights reserved
* Released under the Apache v2.0 License
*
* Portions Copyright (c) 2012-2015, Salient Federal Solutions
* Portions Copyright (c) 2008-2011, Science Applications International Corporation (SAIC)
* Released under Modified BSD License
*
* See license.txt for details
*
* Change Log:
* - Dec 16, 2014 - File created
* - Sep 1, 2016 - Updated copyright and file purpose
*/
include_once 'database.inc';
include_once 'header.inc';
$db = new db();
$left_tgt = $db->get_Target_Details($_REQUEST['left_ste'], $_REQUEST['left_tgt'])[0];
$right_tgt = $db->get_Target_Details($_REQUEST['right_ste'], $_REQUEST['right_tgt'])[0];
$findings = $db->get_Finding_Comparrison($left_tgt, $right_tgt);
?>
<style type='text/css'>
.none {
background-color: #808080;
}
.header {
color: #000;
}
td, th {
border: solid 1px black;
}
</style>
<div id="wrapper">
<div id="main-wrapper">
<div class="12u" id="main-content">
<div class="5grid-layout" style="text-align: right;">
<div class="row">
<div class="12u">
<table style="width:100%;">
<thead>
<tr>
<th class='header'>STIG ID</th>
<th class='header'>CAT</th>
<th class='header'>IA Controls</th>
<th class='header'>Left Status</th>
<th class='header'>Right Status</th>
<th class='header'>Left Notes</th>
<th class='header'>Right Notes</th>
</tr>
</thead>
<tbody>
<?php
$odd = true;
foreach($findings['left'] as $stig_id => $find) {
?>
<tr class="<?php print ($odd ? "odd" : "even"); ?>_row">
<td><?php print $stig_id; ?></td>
<?php
$str = "";
$diff = false;
if(is_null($find)) {
$str .= "&nbsp;";
}
else {
$str .= str_repeat("I", $find['cat']);
}
if(isset($findings['right'][$stig_id])) {
$str .= " / ".str_repeat("I", $findings['right'][$stig_id]['cat']);
if($find['cat'] != $findings['right'][$stig_id]['cat']) {
$diff = true;
}
}
else {
$str .= " /";
}
if($diff) {
print "<td style='background-color:#FFF200;'>".$str."</td>";
}
else {
print "<td>".$str."</td>";
}
$str = "";
$diff = false;
if(is_null($find)) {
$str .= "&nbsp;";
}
else {
$str .= $find['ia_controls'];
}
if(isset($findings['right'][$stig_id])) {
$str .= " / ".$findings['right'][$stig_id]['ia_controls'];
if($find['ia_controls'] != $findings['right'][$stig_id]['ia_controls']) {
$diff = true;
}
}
else {
$str .= " /";
}
if($diff) {
print "<td style='background-color:#FFF200;'>".$str."</td>";
}
else {
print "<td>".$str."</td>";
}
$str = "";
if(is_null($find)) {
$str .= "<td class='nr'>Not Reviewed</td>";
}
else {
$status = strtolower(str_replace(" ", "_", $find['status']));
$str .= "<td class='$status'>".$find['status']."</td>";
}
if(isset($findings['right'][$stig_id])) {
$status = strtolower(str_replace(" ", "_", $findings['right'][$stig_id]['status']));
$str .= "<td class='$status'>".$findings['right'][$stig_id]['status']."</td>";
}
else {
$str .= "<td class='nr'>Not Reviewed</td>";
}
print $str;
$str = "";
if(is_null($find)) {
$str .= "<td>&nbsp;</td>";
}
else {
$str .= "<td>".$find['notes']."</td>";
}
if(isset($findings['right'][$stig_id])) {
$str .= "<td>".$findings['right'][$stig_id]['notes']."</td>";
}
else {
$str .= "<td>&nbsp;</td>";
}
print $str;
$odd = !$odd;
}
?>
</tbody>
</table>
</div>
</div>
</div>
</div>
</div>
</div>

155
data/compare_targets.php Normal file
View File

@ -0,0 +1,155 @@
<?php
/**
* File: compare_targets.php
* Author: Ryan Prather
* Purpose: Compares two targets
* Created: Dec 15, 2014
*
* Portions Copyright 2016: Cyber Perspectives, All rights reserved
* Released under the Apache v2.0 License
*
* Portions Copyright (c) 2012-2015, Salient Federal Solutions
* Portions Copyright (c) 2008-2011, Science Applications International Corporation (SAIC)
* Released under Modified BSD License
*
* See license.txt for details
*
* Change Log:
* - Dec 15, 2014 - File created
* - Sep 1, 2016 - Copyright updated and file purpose
*/
include_once 'database.inc';
include_once 'header.inc';
$db = new db();
$left_ste = $db->get_STE($_REQUEST['left_ste'])[0];
$right_ste = $db->get_STE($_REQUEST['right_ste'])[0];
$tgt_compare = $db->get_Target_Comparison($left_ste, $right_ste);
?>
<style type='text/css'>
.none {
background-color: #808080;
}
.header {
color: #000;
}
td, th {
border: solid 1px black;
}
</style>
<div id="wrapper">
<div id="main-wrapper">
<div class="12u" id="main-content">
<div class="5grid-layout" style="text-align: right;">
<div class="row">
<div class="12u">
<table style='width:600px;'>
<thead>
<tr>
<th class='header'>Target</th>
<th class='cat_I'>I</th>
<th class='cat_II'>II</th>
<th class='cat_III'>III</th>
<th class='nf'>NF</th>
<th class='na'>NA</th>
<th class='nr'>NR</th>
<th class='none'>&nbsp;</th>
<th class='cat_I'>I</th>
<th class='cat_II'>II</th>
<th class='cat_III'>III</th>
<th class='nf'>NF</th>
<th class='na'>NA</th>
<th class='nr'>NR</th>
</tr>
</thead>
<tbody>
<?php
$odd = true;
foreach($tgt_compare['left'] as $name => $left_tgt) {
?>
<tr>
<?php
if(is_null($left_tgt)) {
?>
<td class="<?php print ($odd ? "odd" : "even"); ?>_row">
<form method="post" action="compare_host.php">
<input type='hidden' name='left_ste' value='<?php print $_REQUEST['left_ste']; ?>' />
<input type='hidden' name='left_tgt' value='null' />
<input type='hidden' name='right_ste' value='<?php print $_REQUEST['right_ste']; ?>' />
<input type='hidden' name='right_tgt' value='<?php print $tgt_compare['right'][$name]->get_ID(); ?>' />
<input type='submit' name='submit' value='<?php print $name; ?>' />
</form>
</td>
<td class='none'>&nbsp;</td>
<td class='none'>&nbsp;</td>
<td class='none'>&nbsp;</td>
<td class='none'>&nbsp;</td>
<td class='none'>&nbsp;</td>
<td class='none'>&nbsp;</td>
<td class='none'>&nbsp;</td>
<?php
}
else {
?>
<td class="<?php print ($odd ? "odd" : "even"); ?>_row">
<form method="post" action="compare_host.php">
<input type='hidden' name='left_ste' value='<?php print $_REQUEST['left_ste']; ?>' />
<input type='hidden' name='left_tgt' value='<?php print $left_tgt->get_ID(); ?>' />
<input type='hidden' name='right_ste' value='<?php print $_REQUEST['right_ste']; ?>' />
<input type='hidden' name='right_tgt' value='<?php print isset($tgt_compare['right'][$name]) ? $tgt_compare['right'][$name]->get_ID() : 'null'; ?>' />
<input type='submit' name='submit' value='<?php print $name; ?>' />
</form>
</td>
<td class='cat_I'><?php print $db->get_Host_Finding_Count_By_Status($left_tgt, "Open", 1); ?></td>
<td class='cat_II'><?php print $db->get_Host_Finding_Count_By_Status($left_tgt, "Open", 2); ?></td>
<td class='cat_III'><?php print $db->get_Host_Finding_Count_By_Status($left_tgt, "Open", 3); ?></td>
<td class='nf'><?php print $db->get_Host_Finding_Count_By_Status($left_tgt, "Not a Finding"); ?></td>
<td class='na'><?php print $db->get_Host_Finding_Count_By_Status($left_tgt, "Not Applicable"); ?></td>
<td class='nr'><?php print $db->get_Host_Finding_Count_By_Status($left_tgt, "Not Reviewed") ;?></td>
<td class='none'>&nbsp;</td>
<?php
}
if(!isset($tgt_compare['right'][$name])) {
?>
<td class='none'>&nbsp;</td>
<td class='none'>&nbsp;</td>
<td class='none'>&nbsp;</td>
<td class='none'>&nbsp;</td>
<td class='none'>&nbsp;</td>
<td class='none'>&nbsp;</td>
<?php
}
else {
?>
<td class='cat_I'><?php print $db->get_Host_Finding_Count_By_Status($tgt_compare['right'][$name], "Open", 1); ?></td>
<td class='cat_II'><?php print $db->get_Host_Finding_Count_By_Status($tgt_compare['right'][$name], "Open", 2); ?></td>
<td class='cat_III'><?php print $db->get_Host_Finding_Count_By_Status($tgt_compare['right'][$name], "Open", 3); ?></td>
<td class='nf'><?php print $db->get_Host_Finding_Count_By_Status($tgt_compare['right'][$name], "Not a Finding"); ?></td>
<td class='na'><?php print $db->get_Host_Finding_Count_By_Status($tgt_compare['right'][$name], "Not Applicable"); ?></td>
<td class='nr'><?php print $db->get_Host_Finding_Count_By_Status($tgt_compare['right'][$name], "Not Reviewed") ;?></td>
<?php
}
?>
</tr>
<?php
$odd = !$odd;
}
?>
</tbody>
</table>
</div>
</div>
</div>
</div>
</div>
</div>

18
data/findsearch.inc Normal file
View File

@ -0,0 +1,18 @@
<?php
/**
* File: findsearch.inc
* Author: Ryan
* Purpose: File to establish a filter searching for findings
* Created: Sep 7, 2016
*
* Copyright 2016: Cyber Perspectives, All rights reserved
* Released under the Apache v2.0 License
*
* See license.txt for details
*
* Change Log:
* - Sep 7, 2016 - File created
*/
$finding_filter_width = 990;
include_once 'finding-filter.inc';

877
data/index.php Normal file
View File

@ -0,0 +1,877 @@
<?php
/**
* File: index.php
* Author: Ryan Prather
* Purpose: Index page for Data Management
* Created: Sep 16, 2013
*
* Portions Copyright 2016-2017: Cyber Perspectives, LLC, All rights reserved
* Released under the Apache v2.0 License
*
* Portions Copyright (c) 2012-2015, Salient Federal Solutions
* Portions Copyright (c) 2008-2011, Science Applications International Corporation (SAIC)
* Released under Modified BSD License
*
* See license.txt for details
*
* Change Log:
* - Sep 16, 2013 - File created
* - Sep 1, 2016 - Copyright updated and added new searching filters
* - Oct 10, 2016 - Added declaration and initialization for variables (bug #5)
* - Oct 24, 2016 - Removed onmouseover and onmouseout attributes to left nav buttons and added JS to add them after load
* Commented out reference, scan, and finding filter buttons
* - Nov 7, 2016 - Changed includes to include_once
* - Dec 12, 2016 - Added parsing for new constants (COMPANY, COMP_ADD, CREATOR, and LAST_MODIFIED_BY),
* ensured all configuration elements are present, and updated jquery 1.10.2 to 1.11.3
* - Feb 15, 2017 - Formatting
* - Mar 22, 2017 - Changed catalog table to use DataTables instead of tablesorter JS library
* - May 13, 2017 - Added support for STIG checklist editing
* Added support for editing the default output format for eChecklist exports
* - May 19, 2017 - Formatting, added saving audible results complete notification, added filtering to site, system, and STE saving
* - May 25, 2017 - Fixed search functionality
* - May 26, 2017 - Restored Enter key press for search execution
* - Jun 3, 2017 - Changed table stripping to use consistent classes across the system
* - Jan 20, 2018 - Fixed bug with system and site datatype for new ST&E
*/
include_once 'config.inc';
include_once 'helper.inc';
include_once 'database.inc';
include_once 'import.inc';
$db = new db();
/**
* @todo add reset.php to left nav
*/
$action = filter_input(INPUT_POST, 'action', FILTER_SANITIZE_STRING);
$ste = filter_input(INPUT_COOKIE, 'ste', FILTER_VALIDATE_INT);
if (!$ste) {
$ste = filter_input(INPUT_POST, 'ste', FILTER_VALIDATE_INT);
}
$page = filter_input(INPUT_GET, 'p', FILTER_SANITIZE_STRING);
$ste_mgmt = '';
$ms_mgmt = '';
$cat_mgmt = '';
$site_mgmt = '';
$search = '';
$settings = '';
$tgt_search = '';
$ref_search = '';
$scan_search = '';
$find_search = '';
if (isset($action)) {
if ($action == 'save-ste') {
$defaults = array(
'filter' => FILTER_SANITIZE_STRING,
'flag' => FILTER_NULL_ON_FAILURE
);
$args = array(
'ste' => array(
'filter' => FILTER_VALIDATE_INT,
'flag' => FILTER_NULL_ON_FAILURE
),
'system' => array(
'filter' => FILTER_VALIDATE_INT,
'flag' => FILTER_NULL_ON_FAILURE
),
'site' => array(
'filter' => FILTER_VALIDATE_INT,
'flag' => FILTER_NULL_ON_FAILURE
),
'start_date' => $defaults,
'end_date' => $defaults,
'assumptions' => $defaults,
'constraints' => $defaults,
'scope' => $defaults,
'ao' => $defaults
);
$params = filter_input_array(INPUT_POST, $args);
$sys = $db->get_System($params['system'])[0];
$site = $db->get_Site($params['site'])[0];
$ste = new ste($params['ste'], $sys, $site, $params['start_date'], $params['end_date'], null, null);
$ste->set_Assumptions($params['assumptions']);
$ste->set_Constraints($params['constraints']);
$ste->set_Scope($params['scope']);
$ste->set_AO($params['ao']);
$db->save_STE($ste);
}
elseif ($action == 'save-system') {
$defaults = array(
'filter' => FILTER_SANITIZE_STRING,
'flag' => FILTER_NULL_ON_FAILURE
);
$args = array(
'system' => array(
'filter' => FILTER_VALIDATE_INT,
'flag' => FILTER_NULL_ON_FAILURE
),
'name' => $defaults,
'mac' => $defaults,
'class' => $defaults,
'description' => $defaults,
'abbr' => $defaults,
'accred_type' => $defaults
);
$params = filter_input_array(INPUT_POST, $args);
$system = new system($params['system'], $params['name'], $params['mac'], $params['class']);
$system->set_Description($params['description']);
$system->set_Abbreviation($params['abbr']);
switch ($params['accred_type']) {
case 'diacap':
$system->set_Accreditation_Type(accrediation_types::DIACAP);
break;
case 'rmf':
$system->set_Accreditation_Type(accrediation_types::RMF);
break;
case 'pci':
$system->set_Accreditation_Type(accrediation_types::PCI);
break;
case 'nispom':
$system->set_Accreditation_Type(accrediation_types::NISPOM);
break;
case 'hipaa':
$system->set_Accreditation_Type(accrediation_types::HIPAA);
break;
case 'cobit':
$system->set_Accreditation_Type(accrediation_types::COBIT);
break;
case 'sox':
$system->set_Accreditation_Type(accrediation_types::SOX);
break;
default:
$system->set_Accreditation_Type(accrediation_types::DIACAP);
}
$db->save_System($system);
?>
<script src="/style/5grid/jquery-1.11.3.min.js"></script>
<script type='text/javascript'>
$(function () {
if (confirm("Would you like to move on to site management?")) {
location.href = "index.php?p=SiteMgmt";
}
});
</script>
<?php
}
elseif ($action == 'save-site') {
$defaults = array(
'filter' => FILTER_SANITIZE_STRING,
'flag' => FILTER_NULL_ON_FAILURE
);
$params = array(
'site' => array(
'filter' => FILTER_VALIDATE_INT,
'flag' => FILTER_NULL_ON_FAILURE
),
'name' => $defaults,
'address' => $defaults,
'city' => $defaults,
'state' => $defaults,
'zip' => $defaults,
'country' => $defaults,
'poc_name' => $defaults,
'poc_phone' => $defaults,
'poc_email' => $defaults
);
$p = filter_input_array(INPUT_POST, $params);
$site = new site($p['site'], $p['name'], $p['address'], $p['city'], $p['state'], $p['zip'], $p['country'], $p['poc_name'], $p['poc_email'], $p['poc_phone']);
$db->save_Site($site);
?>
<script src="/style/5grid/jquery-1.11.3.min.js"></script>
<script type="text/javascript">
$(function () {
if (confirm("Would you like to move on to ST&E management?")) {
location.href = "index.php?p=STEMgmt";
}
});
</script>
<?php
}
elseif ($action == 'Save Settings') {
$params = array(
'filter' => FILTER_SANITIZE_STRING,
'flag' => FILTER_NULL_ON_FAILURE
);
$args = array(
'company' => $params,
'comp_add' => $params,
'last_modified_by' => $params,
'creator' => $params,
'log_level' => $params,
'flatten_echecklist' => array(
'filter' => FILTER_VALIDATE_BOOLEAN
),
'wrap_text' => array(
'filter' => FILTER_VALIDATE_BOOLEAN
),
'notifications' => array(
'filter' => FILTER_VALIDATE_BOOLEAN
),
'port_limit' => array(
'filter' => FILTER_VALIDATE_INT,
'flag' => FILTER_REQUIRE_ARRAY,
'options' => array('max_range' => 10000)
),
'max_result_import' => array(
'filter' => FILTER_VALIDATE_INT,
'flag' => FILTER_REQUIRE_ARRAY,
'options' => array('max_range' => 20)
),
'output_format' => array(
'filter' => FILTER_VALIDATE_REGEXP,
'flag' => FILTER_NULL_ON_FAILURE,
'options' => array('regexp' => "/xlsx|xls|html|csv|pdf|ods/")
)
);
$fields = filter_input_array(INPUT_POST, $args);
}
}
if ($page) {
if ($page == 'STEMgmt' || $page == 'EditSTE') {
$all_systems = $db->get_System();
$all_sites = $db->get_Site();
$title_prefix = "ST&amp;E Mgmt";
$ste_mgmt = "style='color:#FFF;'";
}
elseif ($page == 'MSMgmt' || $page == 'EditMS') {
$ms_mgmt = "style='color:#FFF;'";
$title_prefix = "System Mgmt";
$all_systems = $db->get_System();
}
elseif ($page == 'SiteMgmt' || $page == 'EditSite') {
$site_mgmt = "style='color:#FFF;'";
$title_prefix = "Site Mgmt";
$all_sites = $db->get_Site();
}
elseif ($page == 'CatMgmt') {
$cat_mgmt = "style='color:#FFF;'";
$title_prefix = "Catalog Mgmt";
}
elseif ($page == 'Settings') {
$settings = "style='color:#FFF;'";
$title_prefix = "Settings";
}
elseif ($page == 'TgtSearch') {
$tgt_search = "style='color:#fff;'";
$title_prefix = "Target Search";
}
elseif ($page == 'RefSearch') {
$ref_search = "style='color:#fff;'";
$title_prefix = "Reference Search";
}
elseif ($page == 'ScanSearch') {
$scan_search = "style='color:#fff;'";
$title_prefix = "Scan Search";
}
elseif ($page == 'FindSearch') {
$find_search = "style='color:#fff;'";
$title_prefix = "Finding Search";
}
elseif ($page == 'Search') {
$title_prefix = "Search";
$search = "style='color:#FFF;'";
}
}
include_once 'header.inc';
?>
<style type="text/css">
nav {
width: 15%;
float: left;
}
nav div {
width: 93%;
background-color: #3992e7;
margin: 2px 0;
padding-left: 5px;
border-radius: 5px;
}
.sub {
color: #041e4d;
text-decoration: none;
width: 170px;
margin: 4px 0;
padding-left: 5px;
border-radius: 5px;
background-image: -webkit-gradient(linear, 0% 0%, 0% 100%, from(#8FBFEE),
to(#5B7CC2));
background-image: -moz-linear-gradient(top, #8FBFEE, #5B7CC2);
background-image: -ms-linear-gradient(top, #8FBFEE, #5B7CC2);
background-image: -o-linear-gradient(top, #8FBFEE, #5B7CC2);
box-shadow: inset 0px 0px 0px 2px #FFF, 0px 2px 2px 0px;
display: block;
}
.sub_mouseover {
background-image: -webkit-gradient(linear, 0% 0%, 0% 100%, from(#7198BE),
to(#1B449B));
background-image: -moz-linear-gradient(top, #7198BE, #1B449B);
background-image: -ms-linear-gradient(top, #7198BE, #1B449B);
background-image: -o-linear-gradient(top, #7198BE, #1B449B);
}
#content {
width: 82%;
float: left;
border: solid 3px #AFB5BB;
border-radius: 7px;
height: 650px;
padding: 0 10px;
overflow-y: scroll;
}
</style>
<div id='wrapper'>
<div id='main-wrapper'>
<div class='12u' id='main-content'>
<div class='5grid-layout'>
<nav class="mobileUI-site-nav">
<a href="/data/?p=MSMgmt"
class="sub" <?php print $ms_mgmt; ?>>System Management</a>
<a href="/data/?p=SiteMgmt"
class="sub" <?php print $site_mgmt; ?>>Site Management</a>
<a href="/data/?p=STEMgmt"
class="sub" <?php print $ste_mgmt; ?>>ST&amp;E Management</a>
<a href="/data/?p=CatMgmt"
class="sub" <?php print $cat_mgmt; ?>>Catalog Management</a>
<a href="/data/?p=Settings"
class="sub" <?php print $settings; ?>>Settings</a>
<a href="/data/?p=TgtSearch"
class="sub" <?php print $tgt_search; ?>>Target Search</a>
<!--
<a href="/data/?p=RefSearch"
class="sub" <?php print $ref_search; ?>>Reference Search</a>
<a href="/data/?p=ScanSearch"
class="sub" <?php print $scan_search; ?>>Scan Search</a>
<a href="/data/?p=FindSearch"
class="sub" <?php print $find_search; ?>>Finding Searcch</a>
-->
<a href="/data/?p=Search" class="sub" <?php print $search; ?>>Search</a>
</nav>
<div id='content' style='<?php
if ($page == 'Search') {
print 'position:relative;';
}
?>'>
<?php
if ($page == 'STEMgmt' || $page == 'EditSTE') {
include_once 'stemgmt.inc';
}
elseif ($page == 'MSMgmt' || $page == 'EditMS') {
include_once 'sysmgmt.inc';
}
elseif ($page == 'SiteMgmt' || $page == 'EditSite') {
include_once 'sitemgmt.inc';
}
elseif ($page == 'TgtSearch') {
include_once 'tgtsearch.inc';
}
elseif ($page == 'RefSearch') {
include_once 'refsearch.inc';
}
elseif ($page == 'ScanSearch') {
include_once 'scansearch.inc';
print "<div id='scan-filter-results'></div>" .
"<div id='load-more'>" .
"<a href='javascript:void(0);' onclick='load_more=true;execute_filter();'>Load More...</a>" .
"</div>";
}
elseif ($page == 'FindSearch') {
include_once 'findsearch.inc';
}
elseif ($page == 'Settings') {
include_once 'settings.inc';
}
elseif ($page == 'CatMgmt') {
?>
<script src='/script/datatables/DataTables-1.10.9/js/jquery.dataTables.min.js'></script>
<link rel="stylesheet" href="/script/datatables/DataTables-1.10.9/css/jquery.dataTables.min.css" />
<link rel='stylesheet' href='/script/jquery-ui-1.11.4/jquery-ui.min.css' />
<style type='text/css'>
#availableSoftware {
height: 227px;
width: 240px;
overflow-x: scroll;
font-size: 14px;
line-height: 1.25em;
}
.swmouseover {
background-color: #1D57A0;
color: #fff;
cursor: pointer;
}
</style>
<script type='text/javascript'>
$(function () {
$('#catalog').DataTable({
'stripeClasses': ['odd_row', 'even_row']
});
$('.close, .backdrop').click(function () {
close_box();
});
$('#release-date').datepicker();
});
function close_box() {
$('.backdrop, .box').animate({
'opacity': '0'
}, 300, 'linear', function () {
$('.backdrop, .box').css('display', 'none');
});
}
function view_box() {
$('.backdrop').animate({
'opacity': '.5'
}, 300, 'linear');
$('.backdrop').css('display', 'block');
}
function get_cat_data(fname) {
$('#popup').animate({
'opacity': '1.00'
}, 300, 'linear');
$('#popup').css('display', 'block');
view_box();
$.ajax('/ajax.php', {
data: {
action: 'get-cat-data',
'fname': fname
},
beforeSend: function () {
$('#id').val('');
$('#checklist-id').text('');
$('#name').val('');
$('#description').val('');
$('#version').text('');
$('#release').text('');
$('#icon').val('');
$('#type').text('');
$('#software option').remove();
$('#cpe').val('');
},
success: function (data) {
$('#id').val(data.id);
$('#checklist-id').text(data.checklist_id);
$('#name').val(data.name);
$('#description').val(data.description);
$('#version').text(data.ver);
$('#release').text(data.release);
$('#icon').val(data.icon);
$('#type').text(data.type);
var dt = new Date(data.date.date);
$('#release-date').val(dt.getMonth() + "/" + dt.getDate() + '/' + dt.getFullYear());
for (var x in data.sw) {
$('#software').append("<option id='" + data.sw[x].id + "'>" +
data.sw[x].man + " " + data.sw[x].name + " " + data.sw[x].ver +
"</option>");
}
$('#software option').dblclick(remove_Software);
},
error: function (xhr, status, error) {
console.error(error);
},
timeout: 3000,
method: 'post',
dataType: 'json'
});
}
function remove_Software() {
$.ajax("/ajax.php", {
data: {
action: 'checklist-remove-software',
chk_id: $('#id').val(),
sw_id: $(this).attr('id')
},
success: function (data) {
if (data.error) {
alert(data.error);
}
else if (data.success) {
alert(data.success);
}
},
error: function (xhr, status, error) {
console.error(error);
},
dataType: 'json',
timeout: 3000,
method: 'post'
});
$(this).remove();
}
function autocomplete_software() {
if ($('#cpe').val().length < 3) {
return;
}
$.ajax('/ajax.php', {
data: {
action: ($('#os').is(":checked") ? 'os_filter' : 'sw_filter'),
filter: $('#cpe').val()
},
success: function (data) {
$('#availableSoftware div').remove();
for (var x in data) {
$('#availableSoftware').append("<div sw_id='" + data[x].sw_id + "' cpe='" + data[x].cpe + "'>" + data[x].sw_string + "</div>");
}
$('#availableSoftware').show();
$('#availableSoftware div').each(function () {
$(this).on("mouseover", function () {
$(this).addClass("swmouseover");
});
$(this).on("mouseout", function () {
$(this).removeClass("swmouseover");
});
$(this).on("click", function () {
add_software($(this).attr('sw_id'));
$('#software').append("<option value='" + $(this).attr('sw_id') + "' ondblclick='remove_Software();$(this).remove();'>" + $(this).html() + "</option>");
$(this).remove();
});
});
},
error: function (xhr, status, error) {
console.error(error);
},
dataType: 'json',
method: 'post',
timeout: 5000
});
}
function add_software(sw_id) {
$.ajax('/ajax.php', {
data: {
action: 'checklist-add-software',
'sw_id': sw_id,
chk_id: $('#id').val()
},
success: function (data) {
alert(data.status);
},
error: function (xhr, status, error) {
console.error(error);
},
dataType: 'json',
method: 'post',
timeout: 3000
});
}
</script>
<style type="text/css">
thead {
background-image: linear-gradient(to bottom, #ECECEC, rgba(177,177,177,0.72));
color: #4c4c4c;
}
</style>
<div>
<table id='catalog' class='display'>
<thead>
<tr>
<th>File Name</th>
<th>Status</th>
<th>Start Time</th>
<th>% Complete</th>
<th>STIG Count</th>
</tr>
</thead>
<tbody>
<?php
$cat_scripts = $db->get_Catalog_Script();
$odd = true;
foreach ($cat_scripts as $key => $cat_script) {
print "<tr>" .
"<td onclick='javascript:get_cat_data(\"{$cat_script->file_name}\");'><a href='javascript:void(0);'>{$cat_script->file_name}</a></td>" .
"<td>{$cat_script->status}</td>" .
"<td>{$cat_script->start_time->format("Y-m-d H:i:s")}</td>" .
"<td>{$cat_script->perc_comp}</td>" .
"<td>{$cat_script->stig_count}</td>" .
"</td>";
}
?>
</tbody>
</table>
</div>
<div id='popup' class='box'>
<div style='display:inline-block;width:49%;vertical-align:top;'>
<input type='hidden' id='id' />
Checklist ID: <span id='checklist-id'></span><br />
Name: <input type='text' id='name' /><br />
Description: <input type='text' id='description' /><br />
Version: <span id='version'></span><br />
Release: <span id='release'></span><br />
Release Date: <input type='text' id='release-date' /><br />
Icon: <input type='text' id='icon' /><br />
Type: <span id='type'></span>
</div>
<div style='display:inline-block;width:49%;'>
<select id='software' multiple size='10'></select><br />
Add CPE: <input type='text' id='cpe' onkeyup='javascript:autocomplete_software();' />&nbsp;&nbsp;
<label for='os'>OS?</label>
<input type='checkbox' id='os' /><br />
<div id="availableSoftware"></div>
</div>
</div>
<div class="backdrop"></div>
<?php
}
elseif ($page == 'Search') {
$q = filter_input(INPUT_POST, 'q', FILTER_SANITIZE_STRING, FILTER_NULL_ON_FAILURE);
$type = '';
if (strpos($q, '=') !== false) {
list($type, $q) = explode("=", $q);
}
?>
<script src='/script/datatables/DataTables-1.10.9/js/jquery.dataTables.min.js'></script>
<link rel="stylesheet" href="/script/datatables/DataTables-1.10.9/css/jquery.dataTables.min.css" />
<link rel='stylesheet' href='/script/jquery-ui-1.11.4/jquery-ui.min.css' />
<script type='text/javascript'>
var default_headers = [
{'title': 'STIG ID', 'data': 'stig_id'},
{'title': 'VMS ID', 'data': 'vms_id'},
{'title': 'Checklist Name', 'data': 'name'},
{'title': 'Type', 'data': 'type'},
{'title': 'PDI', 'data': 'pdi_id'},
{'title': 'File Name', 'data': 'file'}
];
var cve_headers = [
{'title': 'PDI ID', 'data': 'pdi_id'},
{'title': 'CVE ID', 'data': 'cve_id'},
{'title': 'Description', 'data': 'desc'},
{'title': 'Status', 'data': 'status'},
{'title': 'Reference', 'data': 'ref'}
];
var cpe_headers = [
{'title': 'Man', 'data': 'man'},
{'title': 'Name', 'data': 'name'},
{'title': 'Ver', 'data': 'ver'},
{'title': 'CPE', 'data': 'cpe'},
{'title': 'String', 'data': 'sw_string'}
];
var iavm_headers = [
{'title': 'PDI ID', 'data': 'pdi_id'},
{'title': 'IAVM Notice', 'data': 'iavm'},
{'title': 'Title', 'data': 'title'},
{'title': 'Category', 'data': 'cat'},
{'title': 'Link', 'data': 'link'}
];
var start = 0;
var table = null;
$(function () {
$('.close, .backdrop').click(function () {
close_box();
});
$('#q').keyup(function (e) {
start = 0;
var code = e.which;
if (code == 13)
query();
});
if ($('#q').val()) {
query();
}
});
function query() {
if (table) {
table.destroy();
}
if ($('#type').val() == 'cve')
headers = cve_headers;
else if ($('#type').val() == 'cpe')
headers = cpe_headers;
else if ($('#type').val() == 'iavm')
headers = iavm_headers;
else
headers = default_headers;
table = $('#results').DataTable({
pageLength: 100,
serverSide: true,
stripeClasses: ['odd_row', 'even_row'],
columns: headers,
ajax: {
beforeSend: function () {
$('body').addClass('loading');
},
url: '/search.php',
method: 'POST',
data: {
type: $('#type').val(),
q: $('#q').val()
},
complete: function () {
$('body').removeClass('loading');
}
}
});
}
function open_stig(file, id) {
$('#search_result').attr('src', '../reference/stigs/stig.php?file=' + file + '&vms=' + id);
$('#search_result').animate({'opacity': '1.00'}, 300, 'linear');
$('#search_result').css('display', 'block');
view_box();
}
function open_pdi(pdi) {
$('#search_result').attr('src', 'pdi.php?pdi=' + pdi);
$('#search_result').animate({'opacity': '1.00'}, 300, 'linear');
$('#search_result').css('display', 'block');
view_box();
}
function view_box() {
$('.backdrop').animate({
'opacity': '.5'
}, 300, 'linear');
$('.backdrop').css('display', 'block');
$('html, body').css({
'overflow': 'hidden',
'height': '100%'
});
}
function close_box() {
$('.backdrop, .box').animate({
'opacity': '0'
}, 300, 'linear', function () {
$('.backdrop, .box').css('display', 'none');
});
$('html, body').css({
'overflow': 'auto',
'height': '100%'
});
}
</script>
<?php
$waiting = rand(1, 7);
?>
<style type='text/css'>
#search_tip {
display: none;
z-index: 1000;
background-color: #FFE681;
color: #000;
width: 200px;
font-size: 16px;
padding: 4px;
border: solid 1px black;
line-height: 1em;
position: absolute;
}
body.loading {
overflow: hidden;
}
body.loading .modal {
display: block;
}
.modal {
display: none;
position: fixed;
z-index: 1000;
top: 0;
left: 0;
height: 100%;
width: 100%;
background: rgba( 255, 255, 255, .8 ) url('/img/waiting/waiting_<?php print $waiting; ?>.gif') 50% 50% no-repeat;
background-size: 256px;
}
</style>
<form method='post' action='#' onsubmit='return false;'>
<select id='type'>
<option value=''>Filter</option>
<option value='cpe' <?php print (strtolower($type) == 'cpe' ? 'selected' : ''); ?>>CPE</option>
<option value='cve' <?php print (strtolower($type) == 'cve' ? 'selected' : ''); ?>>CVE</option>
<option value='ia' <?php print (strtolower($type) == 'ia' ? 'selected' : ''); ?>>IA Controls</option>
<option value='iavm' <?php print (strtolower($type) == 'iavm' ? 'selected' : ''); ?>>IAVM</option>
<option value='nessus' <?php print (strtolower($type) == 'nessus' ? 'selected' : ''); ?>>Nessus</option>
<option value='stig' <?php print (strtolower($type) == 'stig' ? 'selected' : ''); ?>>STIG</option>
<option value='vms' <?php print (strtolower($type) == 'vms' ? 'selected' : ''); ?>>VMS</option>
</select>
<input type='text' name='q' id='q' <?php print ($q ? "value='$q'" : ""); ?> placeholder='Search...' /><br />
<input type='button' class='button' name='search' value='Search' onclick='javascript:query();' />
</form>
<div>
<table id='results' class='display'>
<thead></thead>
<tbody></tbody>
</table>
</div>
<?php
}
?>
</div>
</div>
</div>
</div>
</div>
<script type='text/javascript'>
$(function () {
$('.sub').mouseover(function () {
$(this).addClass('sub_mouseover');
});
$('.sub').mouseout(function () {
$(this).removeClass('sub_mouseover');
});
});
</script>
<iframe id='search_result' class='box' style='width: 80%; height: 80%; top: 10%; left: 10%;'></iframe>
<div class="backdrop"></div>
<div class='modal'></div>
<?php
include_once 'footer.inc';

59
data/pdi.php Normal file
View File

@ -0,0 +1,59 @@
<?php
/**
* File: pdi.php
* Author: Ryan Prather
* Purpose: Get a PDI and display all associated information
* Created: Feb 13, 2014
*
* Portions Copyright (c) 2012-2015, Salient Federal Solutions
* Portions Copyright (c) 2008-2011, Science Applications International Corporation (SAIC)
* Released under Modified BSD License
*
* See license.txt for details
*
* Change Log:
* - Feb 13, 2014 - File created
*/
include_once 'config.inc';
include_once 'helper.inc';
include_once 'database.inc';
$pdi_id = filter_input(INPUT_GET, 'pdi', FILTER_VALIDATE_INT, FILTER_NULL_ON_FAILURE);
if (!$pdi_id) {
die("Need a valid PDI");
}
$db = new db();
$pdi = $db->get_PDI($pdi_id);
$pdi_catalog = $db->get_PDI_Catalog($pdi_id);
$stigs = $db->get_STIG_By_PDI($pdi_id);
$gds = $db->get_GoldDisk_By_PDI($pdi_id);
$ias = $db->get_IA_Controls_By_PDI($pdi_id);
?>
<!doctype HTML>
<html>
<body>
<table>
<tr>
<td><?php print (is_a($stigs, 'stig') ? $stigs->get_ID() : null); ?></td>
<td><?php foreach ($gds as $key => $gd) : print $gd->get_ID() . " "; endforeach; ?></td>
<td>Cat <?php print $pdi->get_Category_Level_String(); ?></td>
<td><?php foreach ($ias as $key => $ia): print $ia->get_Type() . "-" . $ia->get_Type_ID() . " "; endforeach; ?></td>
<td>PDI ID: <?php print $pdi->get_ID(); ?></td>
</tr>
<tr>
<td colspan=5><span style="font-weight:bold;">Short Title:</span> <?php print nl2br($pdi->get_Short_Title()); ?></td>
</tr>
<tr>
<td colspan=5><span style="font-weight:bold;">Description:</span><br /><?php print nl2br($pdi->get_Description()); ?></td>
</tr>
<tr>
<td colspan=5><span style="font-weight:bold;">Check Contents:</span><br /><?php print nl2br($pdi->get_Check_Contents()); ?></td>
</tr>
</table>
</body>
</html>

18
data/refsearch.inc Normal file
View File

@ -0,0 +1,18 @@
<?php
/**
* File: refsearch.inc
* Author: Ryan
* Purpose: Search for references
* Created: Sep 7, 2016
*
* Copyright 2016: Cyber Perspectives, All rights reserved
* Released under the Apache v2.0 License
*
* See license.txt for details
*
* Change Log:
* - Sep 7, 2016 - File created
*/
$reference_filter_width = 990;
include_once 'reference-filter.inc';

87
data/reset.php Normal file
View File

@ -0,0 +1,87 @@
<?php
/**
* File: reset.php
* Author: Ryan Prather
* Purpose: Reset or change the password for the web mysql user
* Created: Oct 16, 2014
*
* Portions Copyright 2016: Cyber Perspectives, All rights reserved
* Released under the Apache v2.0 License
*
* Portions Copyright (c) 2012-2015, Salient Federal Solutions
* Portions Copyright (c) 2008-2011, Science Applications International Corporation (SAIC)
* Released under Modified BSD License
*
* See license.txt for details
*
* Change Log:
* - Oct 16, 2014 - File created
* - Jun 3, 2015 - Copyright updated and added constants
* - Nov 7, 2016 - Fixed bug with resetting web user password, commented out calling Perl encrypt.pl script
*/
include_once 'config.inc';
include_once 'helper.inc';
if (isset($_REQUEST['reset'])) {
chdir(DOC_ROOT);
$db = new mysqli(DB_SERVER, $_REQUEST['uname'], $_REQUEST['pwd'], "mysql");
if ($db->connect_error) {
include_once "header.inc";
die($db->connect_error);
}
if (in_array(DB_SERVER, array("localhost", "127.0.0.1"))) {
$host = "localhost";
}
else {
$host = '%';
}
if (!$db->real_query("SET PASSWORD FOR 'web'@'$host' = PASSWORD('" . $_REQUEST['web_pwd'] . "')")) {
include_once "header.inc";
die("DB Password change unsuccessful, ceasing further operation" . PHP_EOL . $db->error);
}
$pwd = $_REQUEST['web_pwd'];
/* ---------------------------------
* CREATE DB PASSWORD FILE
* --------------------------------- */
$enc_pwd = my_encrypt($pwd);
if (!file_put_contents(DOC_ROOT . "/" . PWD_FILE, $enc_pwd)) {
die("Failed to save password");
}
die($enc_pwd);
print "Password change successful<br />";
print "<a href='/'>Home</a>";
}
else {
?>
<script src='/style/5grid/jquery-1.10.2.min.js' type='text/javascript'></script>
<script type='text/javascript'>
function chk_pwd() {
if ($('#pwd').val() != $('#conf').val()) {
$('#msg').text("Passwords do not match");
$('#msg').css('color', 'red');
}
else {
$('#msg').text("Passwords match");
$('#msg').css('color', 'green');
}
}
</script>
<form method='post' action='reset.php'>
MySQL Admin User Name: <input type="text" name="uname" /><br />
Password: <input type="password" name="pwd" /><br />
<br />
New Web User Password: <input type="password" name="web_pwd" id="pwd" /><br />
Confirm Password: <input type="password" name="conf_pwd" id="conf" onkeyup='javascript:chk_pwd();' /> <span id='msg'></span><br />
<input type="submit" name="reset" value="Reset Password" />
</form>
<?php } ?>

18
data/scansearch.inc Normal file
View File

@ -0,0 +1,18 @@
<?php
/**
* File: scansearch.inc
* Author: Ryan
* Purpose: File to show scan filter
* Created: Sep 7, 2016
*
* Copyright 2016: Cyber Perspectives, All rights reserved
* Released under the Apache v2.0 License
*
* See license.txt for details
*
* Change Log:
* - Sep 7, 2016 - File created
*/
$scan_filter_width = 990;
include_once 'scan-filter.inc';

114
data/settings.inc Normal file
View File

@ -0,0 +1,114 @@
<?php
/**
* File: settings.inc
* Author: Ryan Prather
* Purpose: Allows the changing of system settings
* Created: Jan 6, 2015
*
* Portions Copyright 2016: Cyber Perspectives, All rights reserved
* Released under the Apache v2.0 License
*
* Portions Copyright (c) 2012-2015, Salient Federal Solutions
* Portions Copyright (c) 2008-2011, Science Applications International Corporation (SAIC)
* Released under Modified BSD License
*
* See license.txt for details
*
* Change Log:
* - Jan 6, 2015 - File created
* - Sep 1, 2016 - Copyright updated
* Added max # of results scans to import simultaneously
* - Oct 24, 2016 - Fixed MAX_IMPORT constant and added PHP_CONF constant
* - Nov 16, 2016 - Changed LOG_LEVEL to check for E_* constants instead of strings
* - Dec 12, 2016 - Ensured all configuration items are populated here, added company data for eChecklist exports
* - Feb 15, 2017 - Formatting and changed NESSUS constant
* - May 13, 2017 - Added support for editing the default output format for E-Checklist exports
* - May 19, 2017 - Added audible notification setting
* - May 25, 2017 - Fixed typo
*/
$db = new db();
$settings = $db->get_Settings(['cpe-load-date', 'cve-load-date', 'stig-load-date', 'nasl-load-date']);
$cpe_date = (isset($settings['cpe-load-date']) ? new DateTime($settings['cpe-load-date']) : null);
$cve_date = (isset($settings['cve-load-date']) ? new DateTime($settings['cve-load-date']) : null);
$stig_date = (isset($settings['stig-load-date']) ? new DateTime($settings['stig-load-date']) : null);
$nasl_date = (isset($settings['nasl-load-date']) ? new DateTime($settings['nasl-load-date']) : null);
?>
<div style="width:49%;display:inline-block;">
<form action="index.php/?p=Settings" method="post">
<input type='hidden' name='action' value='Save Settings' />
<?php
if (isset($settings_saved)) {
print $settings_saved;
}
?>
Company: <input type="text" name="company" value="<?php print COMPANY; ?>" /><br />
Company Address: <input type="text" name="comp_add" value="<?php print COMP_ADD; ?>" /><br />
Last Modified By: <input type="text" name="last_modified_by" value="<?php print LAST_MODIFIED_BY; ?>" /><br />
Creator: <input type="text" name="creator" value="<?php print CREATOR; ?>" /><br /><br />
Log level:
<select name="log_level">
<option <?php print (LOG_LEVEL == E_DEBUG) ? "selected" : null; ?>>DEBUG</option>
<option <?php print (LOG_LEVEL == E_NOTICE) ? "selected" : null; ?>>NOTICE</option>
<option <?php print (LOG_LEVEL == E_WARNING) ? "selected" : null; ?>>WARNING</option>
<option <?php print (LOG_LEVEL == E_ERROR) ? "selected" : null; ?>>ERROR</option>
</select><br /><br />
Flatten eChecklist: <input type="checkbox" name="flatten_echecklist" <?php print (FLATTEN ? "checked" : null); ?> /><br />
Wrap eChecklist Check Contents: <input type="checkbox" name="wrap_text" <?php print (WRAP_TEXT ? "checked" : null); ?> /><br />
Audible Notifications: <input type='checkbox' name='notifications' <?php print (NOTIFICATIONS ? "checked" : null); ?> /><br /><br />
Port Ingestion Limit: <input type="number" name="port_limit" value="<?php print PORT_LIMIT; ?>" min="0" max="10000" /><br />
Max # of Result Scans: <input type="number" name="max_result_import" value="<?php print MAX_RESULTS; ?>" min="1" max="20" /><br />
Output Format:
<select name="output_format">
<option value="xlsx" <?php print (ECHECKLIST_FORMAT == 'xlsx' ? "selected" : null); ?>>Microsoft Excel 2007+ (.xlsx)</option>
<option value="xls"<?php print (ECHECKLIST_FORMAT == 'xls' ? "selected" : null); ?>>Microsoft Excel 95-2003 (.xls)</option>
<option value="ods"<?php print (ECHECKLIST_FORMAT == 'ods' ? "selected" : null); ?>>OpenDocument Format (.ods)</option>
<?php /*
<option value="html"<?php print (ECHECKLIST_FORMAT == 'html' ? "selected" : null); ?>>HTML (.html)</option>
<option value="pdf"<?php print (ECHECKLIST_FORMAT == 'pdf' ? "selected" : null); ?>>Post-script Document (.pdf)</option>
<option value="csv"<?php print (ECHECKLIST_FORMAT == 'csv' ? "selected" : null); ?>>Comma-separated files (.csv)</option>
*/ ?>
</select>
<br />
<!--
Nessus server: <input type="text" name="nessus_server" value="<?php print NESSUS_SVR; ?>" /><br />
NMap binary path: <input type="text" name="nmap_path" value="<?php print NMAP_PATH; ?>" /><br />
-->
<input type="button" class='button' value="Save Settings" onclick='this.form.submit();' />
</form>
</div>
<div style="width:49%;display:inline-block;">
<table id="system-dates" style='width:100%;vertical-align:top;'>
<thead>
<tr>
<th>Type</th>
<th>Date</th>
</tr>
</thead>
<tbody>
<tr>
<td>CPE's</td>
<td><?php print (is_a($cpe_date, 'DateTime') && $cpe_date != new DateTime("1970-01-01 00:00:00") ? $cpe_date->format("M j, Y") : "Not Loaded"); ?></td>
</tr>
<tr>
<td>CVE's</td>
<td><?php print (is_a($cve_date, 'DateTime') && $cve_date != new DateTime("1970-01-01 00:00:00") ? $cve_date->format("M j, Y") : "Not Loaded"); ?></td>
</tr>
<tr>
<td>STIG's</td>
<td><?php print (is_a($stig_date, 'DateTime') && $stig_date != new DateTime("1970-01-01 00:00:00") ? $stig_date->format("M j, Y") : "Not Loaded"); ?></td>
</tr>
<tr>
<td>NASL</td>
<td><?php print (is_a($nasl_date, 'DateTime') && $nasl_date != new DateTime("1970-01-01 00:00:00") ? $nasl_date->format("M j, Y") : "Not Loaded"); ?></td>
</tr>
</tbody>
</table>
</div>

139
data/sitemgmt.inc Normal file
View File

@ -0,0 +1,139 @@
<?php
/**
* File: sitemgmt.inc
* Author: Ryan Prather
* Purpose: For adding or editing sites
* Created: Oct 21, 2014
*
* Portions Copyright 2016-2017: Cyber Perspectives, LLC, All rights reserved
* Released under the Apache v2.0 License
*
* Portions Copyright (c) 2012-2015, Salient Federal Solutions
* Portions Copyright (c) 2008-2011, Science Applications International Corporation (SAIC)
* Released under Modified BSD License
*
* See license.txt for details
*
* Change Log:
* - Oct 21, 2014 - File created
* - May 19, 2017 - Migrated to filtering and changed save button to match buttons throughout
*/
$page = filter_input(INPUT_GET, 'p', FILTER_SANITIZE_STRING, FILTER_NULL_ON_FAILURE);
$site_id = filter_input(INPUT_POST, 'site', FILTER_VALIDATE_INT, FILTER_NULL_ON_FAILURE);
if ($page == 'SiteMgmt') {
?>
<form method='post' action='?p=EditSite'>
Select Site:<br />
<select name='site' onchange="this.form.submit();">
<option value='0'>-- Please Select A Site --</option>
<?php
foreach ($all_sites as $site) :
print $site->get_Option();
endforeach
;
?>
<option value='new'>New...</option>
</select>
</form>
<?php
}
elseif ($page == 'EditSite' && $site_id) {
$selected_site = $db->get_Site($site_id);
if (is_array($selected_site) && count($selected_site) && isset($selected_site[0]) && is_a($selected_site[0], 'site')) {
$selected_site = $selected_site[0];
}
else {
die("Couldn't find the selected site");
}
?>
<form method='post' action='?p=EditSite'>
Select Site: <select name='site' onchange="this.form.submit();">
<option value='0'>-- Please Select A Site --</option>
<?php
foreach ($all_sites as $site) :
$selected = $site_id == $site->get_Id() ? true : false;
print $site->get_Option($selected);
endforeach
;
?>
<option value='new'>New...</option>
</select>
</form>
<form method='post' action='?p=SiteMgmt'>
<input type='hidden' name='site' value='<?php print $site_id; ?>' />
<input type='hidden' name='action' value='save-site' />
Name:
<input type='text' name='name'
value='<?php print $selected_site->get_Name(); ?>' /><br />
Address:
<input type='text' name='address'
value='<?php print $selected_site->get_Address(); ?>' /><br />
City:
<input type='text' name='city'
value='<?php print $selected_site->get_City(); ?>' /><br />
State:
<select name='state'>
<?php
foreach ($STATES as $key => $val) {
print "<option value='$key'" . ($key == $selected_site->get_State() ? " selected" : "") . ">$val</option>";
}
?>
</select><br />
Postal Code: <input type='text' name='zip'
value='<?php print $selected_site->get_Zip(); ?>' /><br />
Country: <select name='country'>
<?php
foreach ($Countries as $key => $val) {
print "<option value='$key'" . ($key == $selected_site->get_Country() ? " selected" : "") . ">$val</option>";
}
?>
</select><br />
POC Name:
<input type='text' name='poc_name'
value='<?php print $selected_site->get_POC_Name(); ?>' /><br />
POC E-mail:
<input type='text' name='poc_email'
value='<?php print $selected_site->get_POC_Email(); ?>' /><br />
POC Phone:
<input type='text' name='poc_phone'
value='<?php print $selected_site->get_POC_Phone(); ?>' /><br />
<input type='button' class='button' value='Save Site' onclick='this.form.submit();' />
</form>
<?php
}
elseif ($page == 'EditSite' && !$site_id) {
?>
<form method='post' action='?p=SiteMgmt'>
<input type='hidden' name='action' value='save-site' />
Name: <input type='text' name='name' /><br />
Address: <input type='text' name='address' /><br />
City: <input type='text' name='city' /><br />
State: <select name='state'>
<?php
foreach ($STATES as $key => $val): print "<option value='$key'>$val</option>";
endforeach;
?>
</select><br />
Postal Code: <input type='text' name='zip' /><br />
Country: <select name='country'>
<?php
foreach ($Countries as $key => $val): print "<option value='$key'>$val</option>";
endforeach;
?>
</select><br />
POC Name: <input type='text' name='poc_name' /><br />
POC E-mail: <input type='text' name='poc_email' /><br />
POC Phone: <input type='text' name='poc_phone' /><br />
<input type='button' class='button' value='Save Site' onclick='this.form.submit();' />
</form>
<?php
}

592
data/ste_export_import.php Normal file
View File

@ -0,0 +1,592 @@
<?php
/**
* File: ste_export_import.php
* Author: Ryan Prather
* Purpose: Export ST&E data
* Created: Feb 11, 2014
*
* Portions Copyright 2016-2017: Cyber Perspectives, All rights reserved
* Released under the Apache v2.0 License
*
* Portions Copyright (c) 2012-2015, Salient Federal Solutions
* Portions Copyright (c) 2008-2011, Science Applications International Corporation (SAIC)
* Released under Modified BSD License
*
* See license.txt for details
*
* Change Log:
* - Feb 11, 2014 - File created
* - Sep 1, 2016 - Updated copyright and update scan constructor to use source object instead of source ID
* - Nov 7, 2016 - Fix bug with reading source ID
* - Apr 5, 2017 - Formatting
* - Dec 19, 2017 - Converted from XML to JSON format export/import
* - Jan 16, 2018 - Updated to use host_list class
*
* @TODO - Change to export and import CPE
*/
include_once 'config.inc';
include_once 'helper.inc';
include_once 'database.inc';
$db = new db();
$cmd = getopt("f::", array("import::"));
if (isset($_REQUEST['export'])) {
if (!isset($_REQUEST['ste'])) {
print "You must select an ST&amp;E <a href='javascript:void(0);' onclick='javascript:history.go(-1);'>Back</a>";
exit;
}
if ($_REQUEST['export'] == 'Export STE') {
export_STE();
}
elseif ($_REQUEST['export'] == 'Export Host List') {
export_Host_List();
}
}
elseif (isset($cmd['import'])) {
import_STE();
}
else {
print "Usage: php ste_export_import.php -f=\"{path_to_ste_import_file}\" --import" . PHP_EOL;
}
/**
* Function to export an ST&amp;E
*/
function export_STE() {
set_time_limit(0);
global $db;
$log = new Sagacity_Error("STE_Export.log");
$ste = $db->get_STE($_REQUEST['ste'])[0];
$json = [
'ste' => [
'id' => $ste->get_ID(),
'system_id' => $ste->get_System()->get_ID(),
'site_id' => $ste->get_Site()->get_ID(),
'eval_start' => $ste->get_Eval_Start_Date()->format("Y-m-d"),
'eval_end' => $ste->get_Eval_End_Date()->format("Y-m-d")
],
'systems' => [],
'site' => [],
'ste_cats' => [],
'targets' => [],
'scans' => [],
'tech_findings' => [],
'proc_findings' => []
];
$system_arr = $db->get_System($ste->get_System()->get_ID());
foreach ($system_arr as $key => $sys) {
$json['systems'][] = [
'id' => $sys->get_ID(),
'name' => $sys->get_Name(),
'mac' => $sys->get_MAC(),
'classification' => $sys->get_Classification(),
'abbr' => $sys->get_Abbreviation(),
'exec-summary' => $sys->get_Executive_Summary(),
'accrediation-type' => $sys->get_Accreditation_Type(),
'desc' => $sys->get_Description(),
'mitigations' => $sys->get_Mitigations()
];
}
$json['site'] = [
'id' => $ste->get_Site()->get_ID(),
'name' => $ste->get_Site()->get_Name(),
'address' => $ste->get_Site()->get_Address(),
'city' => $ste->get_Site()->get_City(),
'state' => $ste->get_Site()->get_State(),
'zip' => $ste->get_Site()->get_Zip(),
'country' => $ste->get_Site()->get_Country(),
'poc' => $ste->get_Site()->get_POC_Name(),
'email' => $ste->get_Site()->get_POC_Email(),
'phone' => $ste->get_Site()->get_POC_Phone()
];
$cat_arr = $db->get_STE_Cat_List($ste->get_ID());
foreach ($cat_arr as $key => $cat) {
$json['ste_cats'][] = [
'id' => $cat->get_ID(),
'ste_id' => $cat->get_STE_ID(),
'name' => $cat->get_Name(),
'analyst' => $cat->get_Analyst()
];
}
$all_findings = [];
$targets_arr = $db->get_Target_Details($ste->get_ID());
$used_cats = [];
if (empty($targets_arr)) {
$log->script_log("There are no targets in the ST&E", E_ERROR);
}
foreach ($targets_arr as $key => $tgt) {
if (!in_array($tgt->get_Cat_ID(), $used_cats)) {
$all_findings = array_merge($all_findings, $db->get_Category_Findings($tgt->get_Cat_ID()));
$used_cats[] = $tgt->get_Cat_ID();
}
$os = $db->get_Software($tgt->get_OS_ID())[0];
$tgt_node = [
'id' => $tgt->get_ID(),
'ste_id' => $tgt->get_STE_ID(),
'cat_id' => $tgt->get_Cat_ID(),
'os_id' => $tgt->get_OS_ID(),
'os_string' => $tgt->get_OS_String(),
'os_man' => $os->get_Man(),
'os_name' => $os->get_Name(),
'os_ver' => $os->get_Version(),
'name' => $tgt->get_Name(),
'location' => $tgt->get_Location(),
'source' => $tgt->get_Source(),
'pp_flag' => '0',
'pp_off' => '1',
'login' => $tgt->get_Login(),
'class' => $tgt->classification,
'status' => [
'auto' => $tgt->get_Auto_Status_ID(),
'manual' => $tgt->get_Man_Status_ID(),
'data' => $tgt->get_Data_Status_ID(),
'fp_cat1' => $tgt->get_FP_Cat1_Status_ID()
],
'notes' => $tgt->get_Notes(),
'netstat' => $tgt->get_Netstat_Connections(),
'missing_patches' => $tgt->get_Missing_Patches(),
'interfaces' => [],
'software_list' => [],
'checklist_list' => []
];
foreach ($tgt->interfaces as $int) {
$int_node = [
'id' => $int->get_ID(),
'name' => $int->get_Name(),
'ipv4' => $int->get_IPv4(),
'ipv6' => $int->get_IPv6(),
'hostname' => $int->get_Hostname(),
'fqdn' => $int->get_FQDN(),
'desc' => $int->get_Description(),
'tcp_ports' => [],
'udp_ports' => []
];
foreach ($int->get_TCP_Ports() as $tcp) {
$int_node['tcp_ports'][] = [
'number' => $tcp->get_Port(),
'name' => $tcp->get_IANA_Name(),
'banner' => $tcp->get_Banner(),
'notes' => $tcp->get_Notes()
];
}
foreach ($int->get_UDP_Ports() as $udp) {
$int_node['udp_ports'][] = [
'number' => $udp->get_Port(),
'name' => $udp->get_IANA_Name(),
'banner' => $udp->get_Banner(),
'notes' => $udp->get_Notes()
];
}
$tgt_node['interfaces'][] = $int_node;
}
foreach ($tgt->software as $sw) {
$tgt_node['software_list'][] = [
'id' => $sw->get_ID(),
'man' => $sw->get_Man(),
'name' => $sw->get_Name(),
'ver' => $sw->get_Version(),
'string' => $sw->get_SW_String(),
'short_string' => $sw->get_Shortened_SW_String()
];
}
foreach ($tgt->checklists as $chk) {
$tgt_node['checklist_list'][] = [
'id' => $chk->get_ID(),
'checklist_id' => $chk->get_Checklist_ID(),
'type' => $chk->get_type(),
'class' => $chk->get_Classification(),
'version' => $chk->get_Version(),
'release' => $chk->get_Release()
];
}
$json['targets'][] = $tgt_node;
}
if (!is_null($scan_arr = $db->get_ScanData($ste->get_ID()))) {
foreach ($scan_arr as $scan) {
$scan_node = [
'id' => $scan->get_ID(),
'ste_id' => $scan->get_STE()->get_ID(),
'src_id' => $scan->get_Source()->get_ID(),
'itr' => $scan->get_Itr(),
'file_name' => $scan->get_File_Name(),
'file_date' => $scan->get_File_Date(),
'host_list' => []
];
foreach ($scan->get_Host_List() as $host) {
$scan_node['host_list'][] = [
'tgt_id' => $host['target']->get_ID(),
'tgt_name' => $host['target']->get_Name(),
'count' => $host['count']
];
}
$json['scans'][] = $scan_node;
}
}
foreach ($all_findings as $worksheet_name => $data) {
foreach ($data['stigs'] as $stig_id => $data2) {
$stig = $db->get_Stig($stig_id);
if (is_array($stig) && count($stig) && isset($stig[0]) && is_a($stig[0], 'stig')) {
$stig = $stig[0];
}
else {
continue;
}
$ec = $db->get_eChecklist($stig, $data2['chk_id']);
$find_node = [
'stig_id' => $stig->get_ID(),
'vms_id' => $ec->get_VMS_ID(),
'cat' => $ec->get_Cat_Level_String(),
'short_title' => $ec->get_Short_Title(),
'check_contents' => $ec->get_Check_Contents(),
'notes' => $data2['notes'],
'target_status' => [],
'ia_controls' => []
];
foreach ($data['target_list'] as $host_name => $col_id) {
$tgt = $db->get_Target_Details($ste->get_ID(), $host_name)[0];
$finding = $db->get_Finding($tgt, $stig)[0];
if (is_null($finding)) {
continue;
}
$find_node['target_status'][] = [
'tgt_name' => $host_name,
'status' => (isset($data2[$host_name]) ? $data2[$host_name] : 'Not Applicable'),
'scan_id' => $finding->get_Scan_ID()
];
}
foreach ($data2['ia_control'] as $ia) {
$find_node['ia_controls'] = $ia;
}
$json['tech_findings'][] = $find_node;
}
}
header(JSON);
header('Content-disposition: attachment; filename="' . $sys->get_Name() . '-' . $ste->get_Site()->get_Name() . '-ste-export.json"');
print json_encode($json, JSON_PRETTY_PRINT);
}
/**
* Function to export the hosts in an ST&amp;E
*/
function export_Host_List() {
global $db;
$csv = "Target ID,Name,HostName,IPv4,FQDN,OS" . PHP_EOL;
$ste = $db->get_STE($_REQUEST['ste'])[0];
$tgts = $db->get_Target_Details($_REQUEST['ste']);
foreach ($tgts as $key => $tgt) {
$csv .= $tgt->get_ID() . "," . $tgt->get_Name() . ",";
$int_str = '';
$fqdn_str = '';
$host_str = '';
foreach ($tgt->interfaces as $key2 => $int) {
if (false) {
$int = new interfaces();
}
$host_str .= $int->get_Hostname() . ",";
$int_str .= $int->get_IPv4() . ",";
$fqdn_str .= $int->get_FQDN() . ",";
}
$host_str = substr($host_str, 0, -1);
$int_str = substr($int_str, 0, -1);
$fqdn_str = substr($fqdn_str, 0, -1);
$csv .= "\"$host_str\",\"$int_str\",\"$fqdn_str\",";
$os = $db->get_Software($tgt->get_OS_ID())[0];
$csv .= $os->get_Man() . " " . $os->get_Name() . " " . $os->get_Version() . PHP_EOL;
}
header('Content-type: plain/text');
header('Content-disposition: attachment; filename="' . $ste->get_System()->get_Name() . '-' . $ste->get_Site()->get_Name() . '-host-list.csv"');
print $csv;
}
/**
* Function to import an ST&amp;E
*/
function import_STE() {
global $cmd, $db;
set_time_limit(0);
$base_name = basename($cmd['f']);
include_once 'helper.inc';
$log = new Sagacity_Error($cmd['f']);
if (!file_exists($cmd['f'])) {
$log->script_log("File not found", E_ERROR);
}
$xml = new DOMDocument();
$ste_cat_arr = array();
$all_scans = array();
$all_tgts = array();
if (!$xml->load($cmd['f'])) {
$log->script_log("Error loading XML", E_ERROR);
}
$site_node = getValue($xml, "/root/site", null, true);
if ($site_node->length) {
$site_node = $site_node->item(0);
$site = $db->get_Site($site_node->getAttribute("name"));
if (is_array($site) && count($site)) {
$site = $site[0];
print "Existing site " . $site->get_Name() . PHP_EOL;
}
else {
print "Adding new site " . $site_node->getAttribute("name") . PHP_EOL;
$site = new site(null, $site_node->getAttribute("name"), $site_node->getAttribute("address"), $site_node->getAttribute("city"), $site_node->getAttribute("state"), $site_node->getAttribute("zip"), $site_node->getAttribute("country"), $site_node->getAttribute("poc_name"), $site_node->getAttribute("poc_email"), $site_node->getAttribute("poc_phone"));
$site->set_ID($db->save_Site($site));
}
}
else {
$log->script_log("No site associated with this ST&E", E_ERROR);
}
$sys_nodes = getValue($xml, "/root/systems/system", null, true);
if ($sys_nodes->length) {
foreach ($sys_nodes as $node) {
$sys = $db->get_System($node->getAttribute("name"));
if (is_array($sys) && count($sys)) {
$sys = $sys[0];
print "Existing system " . $sys->get_Name() . PHP_EOL;
}
else {
print "Adding new system " . $node->getAttribute("name") . PHP_EOL;
$sys = new system(null, $node->getAttribute("name"), $node->getAttribute("mac"), $node->getAttribute("classified"));
$sys->set_ID($db->save_System($sys));
}
}
}
else {
$log->script_log("No system associated with this ST&E", E_ERROR);
}
$ste_node = getValue($xml, "/root/ste", null, true);
if ($ste_node->length) {
print "Adding new ST&E" . PHP_EOL;
$ste_node = $ste_node->item(0);
$old_ste_id = $ste_node->getAttribute("id");
$ste = new ste(null, $sys->get_ID(), $site->get_Id(), $ste_node->getAttribute("eval_start"), $ste_node->getAttribute("eval_end"), false, 0);
$ste->set_ID($db->save_STE($ste));
}
else {
$log->script_log("No ST&E in this export file", E_ERROR);
}
$cat_nodes = getValue($xml, "/root/ste_cats/cat", null, true);
if ($cat_nodes->length) {
foreach ($cat_nodes as $node) {
print "Adding new category " . $node->getAttribute("name") . PHP_EOL;
$id = $node->getAttribute('id');
$ste_cat_arr[$id] = new ste_cat(null, $ste->get_ID(), $node->getAttribute("name"), $node->getAttribute("analysts"));
$ste_cat_arr[$id]->set_ID($db->save_Category($ste_cat_arr[$id]));
}
}
else {
$log->script_log("There are no categories in this ST&E", E_ERROR);
}
$tgt_nodes = getValue($xml, "/root/targets/target", null, true);
if ($tgt_nodes->length) {
foreach ($tgt_nodes as $node) {
print "Adding new target " . $node->getAttribute("name") . PHP_EOL;
$cat_id = $node->getAttribute("cat_id");
$os = $db->get_Software([
'man' => $node->getAttribute("os_man"),
'name' => $node->getAttribute("os_name"),
'ver' => $node->getAttribute("os_ver")
]);
if (is_array($os) && count($os)) {
$os = $os[0];
}
else {
$os = $db->getSoftware(array(
'man' => 'Generic',
'name' => 'Generic',
'ver' => 'N/A'
), false)[0];
}
$statuses = getValue($xml, "status", $node, true)->item(0);
$notes = getValue($xml, "notes", $node);
$netstat = getValue($xml, "netstat_connection", $node);
$patches = getValue($xml, "missing_patches", $node);
$os_string = getValue($xml, "os_string", $node);
$tgt = new target($node->getAttribute("name"));
$tgt->set_STE_ID($ste->get_ID());
$tgt->set_Cat_ID($ste_cat_arr[$cat_id]->get_ID());
$tgt->set_OS_ID($os->get_ID());
$tgt->set_OS_String($node->getAttribute("os_string"));
$tgt->set_Auto_Status_ID($statuses->getAttribute("auto"));
$tgt->set_Man_Status_ID($statuses->getAttribute("manual"));
$tgt->set_Data_Status_ID($statuses->getAttribute("data"));
$tgt->set_FP_Cat1_Status_ID($statuses->getAttribute("fp_cat1"));
$tgt->set_Location($node->getAttribute("location"));
$tgt->set_Notes($notes);
$tgt->set_Netstat_Connections($netstat);
$tgt->set_Login($node->getAttribute("login"));
$tgt->set_Missing_Patches($patches);
$tgt->set_PP_Flag($node->getAttribute("pp_flag"));
$tgt->set_PP_Suspended($node->getAttribute("pp_off"));
$ints = getValue($xml, "interfaces/interface", $node, true);
foreach ($ints as $int_node) {
$int = new interfaces(null, null, $int_node->getAttribute("name"), $int_node->getAttribute("ipv4"), $int_node->getAttribute("ipv6"), $int_node->getAttribute("hostname"), $int_node->getAttribute("fqdn"), getValue($xml, "description", $int_node));
$tcp_nodes = getValues($xml, "tcp_ports/port", $int_node, true);
foreach ($tcp_nodes as $tcp) {
$int->add_TCP_Ports(new tcp_ports(null, $tcp->getAttribute("number"), $tcp->getAttribute("name"), getValue($xml, "banner", $tcp), getValue($xml, "notes", $tcp)));
}
$udp_nodes = getValues($xml, "udp_ports/port", $int_node, true);
foreach ($udp_nodes as $udp) {
$int->add_UDP_Ports(new udp_ports(null, $udp->getAttribute("number"), $udp->getAttribute("name"), getValue($xml, "banner", $udp), getValue($xml, "notes", $udp)));
}
$tgt->interfaces[] = $int;
}
$sw_nodes = getValue($xml, "software_list/software", $node, true);
foreach ($sw_nodes as $sw) {
$tgt->software[] = $db->get_Software(array(
'man' => $sw->getAttribute("sw_man"),
'name' => $sw->getAttribute("sw_name"),
'ver' => $sw->getAttribute("sw_ver")
))[0];
}
$chk_nodes = getValue($xml, "checklist_list/checklist", $node, true);
foreach ($chk_nodes as $chk) {
$tgt->checklists[] = $db->get_Checklist(array(
'checklist_id' => $chk->getAttribute('checklist_id'),
'type' => $chk->getAttribute('type'),
'version' => $chk->getAttribute('version'),
'release' => $chk->getAttribute('release')
))[0];
}
$tgt->set_ID($db->save_Target($tgt));
$all_tgts[$node->getAttribute("id")] = $tgt;
}
}
else {
$log->script_log("No targets were found on this ST&E", E_ERROR);
}
$scan_nodes = getValue($xml, "/root/scans/scan", null, true);
if ($scan_nodes->length) {
foreach ($scan_nodes as $node) {
$src = $db->get_Sources($node->getAttribute("src_id"));
print "Adding new scan result file " . $node->getAttribute("file_name") . PHP_EOL;
$scan = new scan(null, $src, $ste, $node->getAttribute('itr'), $node->getAttribute("file_name"), $node->getAttribute('file_date'));
$host_list_nodes = getValue($xml, "host_list", $node, true);
foreach ($host_list_nodes as $host) {
$scan_tgt = $db->get_Target_Details($ste->get_ID(), $host->getAttribute('tgt_name'))[0];
$hl = new host_list();
$hl->setTargetId($scan_tgt->get_ID());
$hl->setTargetName($scan_tgt->get_Name());
$hl->setFindingCount($host->getAttribute("count"));
$hl->setScanError(false);
$scan->add_Target_to_Host_List($hl);
}
$scan->set_ID($db->save_Scan($scan));
$all_scans[$node->getAttribute("id")] = $scan;
}
}
else {
$log->script_log("No scan result files were found in this ST&E", E_ERROR);
}
$x = 1;
$finding_nodes = getValue($xml, "/root/tech_findings/finding", null, true);
if ($finding_nodes->length) {
print "Adding findings (total " . $finding_nodes->length . ")" . PHP_EOL;
foreach ($finding_nodes as $node) {
print ".";
if ($x % 100 == 0) {
print "\t$x" . PHP_EOL;
}
$ia_nodes = getValue($xml, "ia_control", $node, true);
$ia_arr = array();
foreach ($ia_nodes as $ia) {
$ia_arr[] = $ia->textContent;
}
$cc = getValue($xml, "check_contents", $node);
$tgt_status_nodes = getValue($xml, "target_status", $node, true);
foreach ($tgt_status_nodes as $status_node) {
$notes = getValue($xml, "notes", $status_node);
$tgt = $db->get_Target_Details($ste->get_ID(), $status_node->getAttribute("tgt_name"))[0];
$finding = array(
0 => $node->getAttribute("stig_id"),
1 => $node->getAttribute("vms_id"),
2 => $node->getAttribute("cat"),
3 => implode(' ', $ia_arr),
4 => $node->getAttribute("short_title"),
5 => $status_node->getAttribute("status"),
6 => $notes,
7 => $cc,
8 => ''
);
$db->add_Finding($all_scans[$status_node->getAttribute("scan_id")], $tgt, $finding);
}
$x++;
}
}
else {
$log->script_log("No findings were recorded in this ST&E", E_WARNING);
}
}

526
data/stemgmt.inc Normal file
View File

@ -0,0 +1,526 @@
<?php
/**
* File: stemgmt.inc
* Author: Ryan Prather
* Purpose: For adding or editing ST&Es
* Created: Oct 21, 2014
*
* Portions Copyright 2016-2017: Cyber Perspectives, LLC, All rights reserved
* Released under the Apache v2.0 License
*
* Portions Copyright (c) 2012-2015, Salient Federal Solutions
* Portions Copyright (c) 2008-2011, Science Applications International Corporation (SAIC)
* Released under Modified BSD License
*
* See license.txt for details
*
* Change Log:
* - Oct 21, 2014 - File created
* - Sep 1, 2016 - Copyright updated and updated file purpose
* - Apr 5, 2017 - Formatting
* - May 19, 2017 - Migrated to filtering and changed save button to match buttons throughout
* - Jun 3, 2017 - Fixed bug #230 and changed table stripping to be consistent across the system
* - Jan 20, 2018 - Removed CKEditor fields
*/
$page = filter_input(INPUT_GET, 'p', FILTER_SANITIZE_STRING);
$ste_id = filter_input(INPUT_POST, 'ste', FILTER_SANITIZE_STRING, FILTER_NULL_ON_FAILURE);
if (!$ste_id) {
$ste_id = filter_input(INPUT_COOKIE, 'ste', FILTER_SANITIZE_STRING, FILTER_NULL_ON_FAILURE);
}
$stes = $db->get_STE();
?>
<script type="text/javascript" src="/script/datatables/DataTables-1.10.9/js/jquery.dataTables.min.js"></script>
<link rel="stylesheet" type="text/css" href="/script/jQueryUI/css/ui-lightness/jquery-ui-1.10.3.custom.min.css" />
<link type='text/css' rel='stylesheet' href="/script/datatables/DataTables-1.10.9/css/jquery.dataTables.min.css" />
<?php
if ($page == 'STEMgmt') {
?>
<form method='post' action='?p=EditSTE'>
Select ST&amp;E:<br />
<select name='ste' onchange="this.form.submit();">
<option value='0'> -- Select ST&amp;E -- </option>
<option value='new'>New...</option>
<?php
if (is_array($stes) && count($stes)) {
foreach ($stes as $ste) {
print "<option value='{$ste->get_ID()}'>" .
"{$ste->get_System()->get_Name()}, {$ste->get_Site()->get_Name()}, {$ste->get_Eval_Start_Date()->format("M j, Y")}" .
"</option>";
}
}
?>
</select>
</form>
<?php
}
elseif ($page == 'EditSTE' && is_numeric($ste_id) && $ste_id > 0) {
$ste = $db->get_STE($ste_id);
if (is_array($ste) && count($ste) && isset($ste[0]) && is_a($ste[0], 'ste')) {
$ste = $ste[0];
}
else {
die("Couldn't find the selected ST&amp;E");
}
?>
<style type='text/css'>
#cke_scope, #cke_assumptions, #cke_constraints {
display:none;
}
</style>
<script type='text/javascript'>
$(function () {
$('#start_date').datepicker({
dateFormat: "yy-mm-dd",
minDate: 0,
onSelect: function (date) {
var dt2 = $('#end_date');
var startDate = $(this).datepicker('getDate');
var minDate = $(this).datepicker('getDate');
startDate.setDate(startDate.getDate() + 30);
//sets dt2 maxDate to the last day of 30 days window
dt2.datepicker('option', 'maxDate', startDate);
dt2.datepicker('option', 'minDate', minDate);
//$(this).datepicker('option', 'minDate', minDate);
}
});
$('#end_date').datepicker({dateFormat: "yy-mm-dd"});
$('#host_table').DataTable({
'stripeClasses': ['odd_row', 'even_row']
});
<?php /*
CKEDITOR.replace('scope', {height: '100px', width: '675px', toolbar: [
{name: 'document', items: ['Source']},
{name: 'editor', items: ['Cut', 'Copy', 'Paste', 'PasteText', 'PastFromWord', '-', 'Undo', 'Redo']},
{name: 'basicstyles', groups: ['basicstyles', 'cleanup'], items: ['Bold', 'Italic', 'Underline', '-', 'RemoveFormat']},
{name: 'paragraph', groups: ['list', 'indent', 'blocks', 'align'], items: ['NumberedList', 'BulletedList', '-', 'Outdent', 'Indent', '-', 'JustifyLeft', 'JustifyCenter', 'JustifyRight', 'JustifyBlock']}
]});
CKEDITOR.replace('assumptions', {height: '100px', width: '675px', toolbar: [
{name: 'document', items: ['Source']},
{name: 'editor', items: ['Cut', 'Copy', 'Paste', 'PasteText', 'PastFromWord', '-', 'Undo', 'Redo']},
{name: 'basicstyles', groups: ['basicstyles', 'cleanup'], items: ['Bold', 'Italic', 'Underline', '-', 'RemoveFormat']},
{name: 'paragraph', groups: ['list', 'indent', 'blocks', 'align'], items: ['NumberedList', 'BulletedList', '-', 'Outdent', 'Indent', '-', 'JustifyLeft', 'JustifyCenter', 'JustifyRight', 'JustifyBlock']}
]});
CKEDITOR.replace('constraints', {height: '100px', width: '675px', toolbar: [
{name: 'document', items: ['Source']},
{name: 'editor', items: ['Cut', 'Copy', 'Paste', 'PasteText', 'PastFromWord', '-', 'Undo', 'Redo']},
{name: 'basicstyles', groups: ['basicstyles', 'cleanup'], items: ['Bold', 'Italic', 'Underline', '-', 'RemoveFormat']},
{name: 'paragraph', groups: ['list', 'indent', 'blocks', 'align'], items: ['NumberedList', 'BulletedList', '-', 'Outdent', 'Indent', '-', 'JustifyLeft', 'JustifyCenter', 'JustifyRight', 'JustifyBlock']}
]});
*/ ?>
});
function validate_Edit_STE() {
if ($('#action') == 'Delete STE') {
return confirm("Are you sure you want to delete this ST&E");
}
var ret = true;
if ($('#start_date').val() > $('#end_date').val()) {
alert("Your start date can't after the end date");
ret = false;
}
if (!$('#start_date').val()) {
alert("You must select a start date for this ST&E");
ret = false;
}
if (!$('#end_date').val()) {
alert("You must select an end date for this ST&E");
ret = false;
}
if ($('#system').val() == "0") {
alert("You must select a system for this ST&E");
ret = false;
}
if ($('#site').val() == "0") {
alert("You must select a site where this ST&E will be performed");
ret = false;
}
return ret;
}
function show_subsystems() {
if ($('#system').val() == '0') {
alert('Select a primary system');
$('#system').focus();
return;
}
if ($('#add_subsystems').is(':checked'))
$('#subsystem_container').show();
else
$('#subsystem_container').hide();
$('#subsystems option').each(function () {
if ($(this).val() == $('#system').val()) {
$(this).remove();
return;
}
});
}
</script>
<form method='post' action='?p=EditSTE'>
ST&amp;E:<br />
<select name='ste' onchange="this.form.submit();">
<option value='0'> -- Select ST&amp;E -- </option>
<option value='new'>New...</option>
<?php
if (is_array($stes) && count($stes)) {
foreach ($stes as $s) {
print "<option value='{$s->get_ID()}'" . ($ste_id == $s->get_ID() ? " selected" : "") . ">" .
"{$s->get_System()->get_Name()}, {$s->get_Site()->get_Name()}, {$s->get_Eval_Start_Date()->format("M j, Y")}" .
"</option>";
}
}
?>
</select>
</form>
<form method='post' action='?p=STEMgmt' onsubmit="return validate_Edit_STE();">
<div style='width:30%;float:left;'>
<input type='hidden' name='ste' value='<?php print $ste_id; ?>' />
<input type='hidden' name='action' value='save-ste' />
Eval Start Date:
<input type='text' name='start_date' id='start_date' value='<?php print $ste->get_Eval_Start_Date()->format('Y-m-d'); ?>' /><br />
Eval End Date:
<input type='text' name='end_date' id='end_date' value='<?php print $ste->get_Eval_End_Date()->format('Y-m-d'); ?>' /><br />
<?php print "<script>console.log('" . json_encode($ste->get_System()) . "');</script>"; ?>
System: <select name='system' id='system'>
<?php
foreach ($all_systems as $key => $sys) :
$selected = $ste->get_System()->get_ID() == $sys->get_ID() ? true : false;
print $sys->get_Option($selected);
endforeach;
?>
</select><br />
<label for='add_subsystems'>Subsystems:</label>
<input type='checkbox' name='add_subsystems' id='add_subsystems' value='1' onclick='javascript:show_subsystems();' <?php print $ste->is_Multiple() ? 'checked' : ''; ?> /><br />
<div id='subsystem_container' <?php print $ste->is_Multiple() ? '' : "style='display: none;'"; ?>>
<select name='subsystems[]' id='subsystems' multiple size='5' style='width:150px;'>
<?php
$substes = $db->get_Subsystems($ste);
$sub_sys = [];
$subs = [];
foreach ($substes as $key => $sub_ste) :
$sub_sys[] = $sub_ste->get_System()->get_ID();
$subs[$sub_ste->get_System()->get_ID()] = $sub_ste->get_ID();
endforeach;
$all_stes = $db->get_STE();
foreach ($all_stes as $key => $current) {
$subs[$current->get_System()->get_ID()] = $current->get_ID();
}
foreach ($all_systems as $key => $sys) :
$selected = in_array($sys->get_ID(), $sub_sys) ? true : false;
$my_ste = (isset($subs[$sys->get_ID()]) ? $subs[$sys->get_ID()] : $ste->get_ID());
print $ste->get_System()->get_ID() != $sys->get_ID() ? $sys->get_Option($selected, $my_ste) : '';
endforeach;
?>
</select>
<br />
</div>
Site: <select name='site' id='site'>
<?php
foreach ($all_sites as $key => $s) :
$selected = $ste->get_Site()->get_ID() == $s->get_Id() ? true : false;
print $s->get_Option($selected);
endforeach;
?>
</select><br />
Approving Official: <input type='text' name='ao' title='The office or individual that is going to approve or disapprove the system' value='<?php print $ste->get_AO(); ?>' /><br />
<input type='button' class='button' name='action' value='Save STE' onclick='this.form.submit();' />
</div>
<div style='width:70%;float:left;'>
<input type='hidden' name='scope' id='scope' value='' />
<input type='hidden' name='assumptions' id='assumptions' value='' />
<input type='hidden' name='constraints' id='constraints' value='' />
<?php /*
<label for="s">Scope:</label> <input type='checkbox' id='s' onclick="$('#cke_scope').toggle();" /><br />
<textarea name='scope' id='scope' rows='5' cols='80'><?php print $ste->get_Scope(); ?></textarea><br />
<label for="a">Assumptions:</label><input type='checkbox' id='a' onclick="$('#cke_assumptions').toggle();" /><br />
<textarea name='assumptions' id='assumptions' rows='5' cols='80'><?php print $ste->get_Assumptions(); ?></textarea><br />
<label for="cd">Constraints &amp; Dependencies:</label><input type='checkbox' id='cd' onclick="$('#cke_constraints').toggle();" /><br />
<textarea name='constraints' id='constraints' rows='5' cols='80'><?php print $ste->get_Constraints(); ?></textarea>
*/ ?>
</div>
</form>
<form method='post' action='ste_export_import.php' style='display:inline;'>
<input type='hidden' name='ste' value='<?php print $ste_id; ?>' />
<input type='submit' name='export' value='Export STE' />
<?php
$tgts = $db->get_Target_Details($ste_id);
if (is_array($tgts) && count($tgts)) {
?>
<input type='submit' name='export' value='Export Host List' />
<?php } ?>
</form>
<form method='post' action='compare.php' style='display:inline;'>
<input type='hidden' name='left_ste' value='<?php print $ste_id; ?>' />
<select name='right_ste'>
<option value='0'> -- Select ST&amp;E -- </option>
<?php
if (is_array($stes) && count($stes)) {
foreach ($stes as $ste) {
print "<option value='{$ste->get_ID()}'>" .
"{$ste->get_System()->get_Name()}, {$ste->get_Site()->get_Name()}, {$ste->get_Eval_Start_Date()->format("M j, Y")}" .
"</option>";
}
}
?>
</select>
<input type='submit' name='compare' value='Compare ST&E' />
</form>
<table id='host_table' class='display'>
<thead>
<tr>
<th style='width:50px;'>ID</th>
<th style='width:200px;'>Hostname</th>
<th style='width:150px;'>IPv4</th>
<th style='width:250px;'>FQDN</th>
<th style='width:200px;'>Operating System</th>
</tr>
</thead>
<tbody>
<?php
$odd = true;
if (is_array($tgts) && count($tgts) && isset($tgts['id'])) {
$tgts = array(0 => $tgts);
}
if (is_array($tgts) && count($tgts) && isset($tgts[0]) && is_a($tgts[0], 'target')) {
foreach ($tgts as $key => $tgt) {
$interfaces = '';
$fqdn = '';
$odd = !$odd;
$os = $db->get_Software($tgt->get_OS_ID())[0];
foreach ($tgt->interfaces as $key2 => $int) {
$interfaces .= $int->get_IPv4() . ", ";
$fqdn .= $int->get_FQDN() . ", ";
}
print "<tr>" . // class='".($odd ? 'odd' : 'even')."'>".
"<td>{$tgt->get_ID()}</td>" .
"<td>{$tgt->get_Name()}</td>" .
"<td>" . substr($interfaces, 0, -2) . "</td>" .
"<td>" . substr($fqdn, 0, -2) . "</td>" .
"<td>{$tgt->get_OS_String()}</td>" .
"</tr>";
}
}
?>
</tbody>
</table>
<?php
}
elseif ($page == 'EditSTE' && $ste_id == 'new') {
?>
<style type='text/css'>
#cke_scope, #cke_assumptions, #cke_constraints {
display:none;
}
</style>
<script type='text/javascript'>
$(function () {
$('#start_date').datepicker({
dateFormat: "yy-mm-dd",
minDate: -30,
onSelect: function (date) {
var dt2 = $('#end_date');
var startDate = $(this).datepicker('getDate');
var minDate = $(this).datepicker('getDate');
startDate.setDate(startDate.getDate() + 30);
//sets dt2 maxDate to the last day of 30 days window
dt2.datepicker('option', 'maxDate', startDate);
dt2.datepicker('option', 'minDate', minDate);
//$(this).datepicker('option', 'minDate', minDate);
}
});
$('#end_date').datepicker({dateFormat: "yy-mm-dd"});
<?php /*
CKEDITOR.replace('scope', {height: '100px', width: '675px', toolbar: [
{name: 'document', items: ['Source']},
{name: 'editor', items: ['Cut', 'Copy', 'Paste', 'PasteText', 'PastFromWord', '-', 'Undo', 'Redo']},
{name: 'basicstyles', groups: ['basicstyles', 'cleanup'], items: ['Bold', 'Italic', 'Underline', '-', 'RemoveFormat']},
{name: 'paragraph', groups: ['list', 'indent', 'blocks', 'align'], items: ['NumberedList', 'BulletedList', '-', 'Outdent', 'Indent', '-', 'JustifyLeft', 'JustifyCenter', 'JustifyRight', 'JustifyBlock']}
]});
CKEDITOR.replace('assumptions', {height: '100px', width: '675px', toolbar: [
{name: 'document', items: ['Source']},
{name: 'editor', items: ['Cut', 'Copy', 'Paste', 'PasteText', 'PastFromWord', '-', 'Undo', 'Redo']},
{name: 'basicstyles', groups: ['basicstyles', 'cleanup'], items: ['Bold', 'Italic', 'Underline', '-', 'RemoveFormat']},
{name: 'paragraph', groups: ['list', 'indent', 'blocks', 'align'], items: ['NumberedList', 'BulletedList', '-', 'Outdent', 'Indent', '-', 'JustifyLeft', 'JustifyCenter', 'JustifyRight', 'JustifyBlock']}
]});
CKEDITOR.replace('constraints', {height: '100px', width: '675px', toolbar: [
{name: 'document', items: ['Source']},
{name: 'editor', items: ['Cut', 'Copy', 'Paste', 'PasteText', 'PastFromWord', '-', 'Undo', 'Redo']},
{name: 'basicstyles', groups: ['basicstyles', 'cleanup'], items: ['Bold', 'Italic', 'Underline', '-', 'RemoveFormat']},
{name: 'paragraph', groups: ['list', 'indent', 'blocks', 'align'], items: ['NumberedList', 'BulletedList', '-', 'Outdent', 'Indent', '-', 'JustifyLeft', 'JustifyCenter', 'JustifyRight', 'JustifyBlock']}
]});
*/ ?>
});
function validate_Add_STE() {
var ret = true;
if ($('#start_date').val() > $('#end_date').val()) {
alert("Your start date can't be after the end date");
ret = false;
}
if (!$('#start_date').val()) {
alert("You must select a start date for this ST&E");
ret = false;
}
if (!$('#end_date').val()) {
alert("You must select an end date for this ST&E");
ret = false;
}
if ($('#system').val() == "0") {
alert("You must select a system for this ST&E");
ret = false;
}
if ($('#site').val() == "0") {
alert("You must select a site where this ST&E will be performed");
ret = false;
}
if (ret) {
$('#action').prop("disabled", true);
}
return ret;
}
function show_subsystems() {
if ($('#system').val() == '0') {
alert('Select a primary system');
$('#system').focus();
return;
}
if ($('#add_subsystems').is(':checked'))
$('#subsystem_container').show();
else
$('#subsystem_container').hide();
$('#subsystems option').each(function () {
if ($(this).val() == $('#system').val()) {
$(this).remove();
return;
}
});
}
</script>
<form method='post' action='?p=STEMgmt' onsubmit="return validate_Add_STE();">
<input type='hidden' name='action' value='save-ste' />
<div style='width:30%;float:left;'>
Eval Start Date:
<input type='text' name='start_date' id='start_date' /><br />
Eval End Date:
<input type='text' name='end_date' id='end_date' /><br />
System:
<select name='system' id='system'>
<option value='0'>-- Please Select A System --</option>
<?php
foreach ($all_systems as $key => $sys):print $sys->get_Option();
endforeach;
?>
</select><br />
<label for='add_subsystems'>Subsystems:</label>
<input type='checkbox' name='add_subsystems' id='add_subsystems' value='1' onclick='javascript:show_subsystems();' /><br />
<div id='subsystem_container' style='display:none;'>
<select name='subsystems[]' id='subsystems' multiple size='5' style='width:150px;'>
<?php
foreach ($all_systems as $key => $sys):print $sys->get_Option();
endforeach;
?>
</select><br />
</div>
Site:
<select name='site' id='site'>
<option value='0'>-- Please Select A Site --</option>
<?php
foreach ($all_sites as $key => $s):print $s->get_Option();
endforeach;
?>
</select><br />
Approving Official: <input type='text' name='ao' title='The office or individual that will approve or disapprove the system' /><br />
<input type='button' class='button' id='action' value='Save STE' onclick='this.form.submit();' />
</div>
<div style='width:70%;float:left;'>
<input type='hidden' name='scope' id='scope' value='' />
<input type='hidden' name='assumptions' id='assumptions' value='' />
<input type='hidden' name='constraints' id='constraints' value='' />
<?php /*
<label for="s">Scope:</label> <input type='checkbox' id='s' onclick="$('#cke_scope').toggle();" /><br />
<textarea name='scope' id='scope' rows='5' cols='80'>
[describe the scope of the testing, including systems tested and excluded (and reason for exclusions)]
</textarea><br />
<label for="a">Assumptions:</label><input type='checkbox' id='a' onclick="$('#cke_assumptions').toggle();" /><br />
<textarea name='assumptions' id='assumptions' rows='5' cols='80'>
(<span style="color:green;">U</span>) The following assumptions were made during planning and execution of the ST&amp;E:
<ul style="list-style-type:disc;">
<li>(<span style="color:green;">FOUO</span>) Adequate access to the system and required personnel will be provided prior to conduct of ST&amp;E to support development and dry run testing of the ST&amp;E procedures.</li>
<li>(<span style="color:green;">FOUO</span>) The system will be up and fully operational in the specified configuration at the time of testing.</li>
<li>(<span style="color:green;">FOUO</span>) All required personnel will be available for the duration of the ST&amp;E.</li>
<li>(<span style="color:green;">FOUO</span>) [insert other assumptions as necessary]</li>
</ul>
</textarea><br />
<label for="cd">Constraints &amp; Dependencies:</label><input type='checkbox' id='cd' onclick="$('#cke_constraints').toggle();" /><br />
<textarea name='constraints' id='constraints' rows='5' cols='80'>
(<span style="color:green;">U</span>) The following potential constraints and dependencies were encountered that could affect the accuracy and completeness of the results.
<ul style="list-style-type:disc;">
<li>(<span style="color:green;">FOUO</span>) The accuracy and completeness of the ST&amp;E results is dependent on the accuracy and completeness of the information provided to the ST&amp;E team before and during the testing.</li>
<li>(<span style="color:green;">FOUO</span>) [insert other issues encountered during testing]</li>
</ul>
(<span style="color:green;">U</span>) These constraints and dependencies had minimal impact on providing complete and accurate results.
</textarea>
*/ ?>
</div>
</form>
<?php
}

173
data/sysmgmt.inc Normal file
View File

@ -0,0 +1,173 @@
<?php
/**
* File: sysmgmt.inc
* Author: Ryan Prather
* Purpose: For adding or editing systems
* Created: Oct 21, 2014
*
* Portions Copyright 2016-2017: Cyber Perspectives, LLC, All rights reserved
* Released under the Apache v2.0 License
*
* Portions Copyright (c) 2012-2015, Salient Federal Solutions
* Portions Copyright (c) 2008-2011, Science Applications International Corporation (SAIC)
* Released under Modified BSD License
*
* See license.txt for details
*
* Change Log:
* - Oct 21, 2014 - File created
* - Sep 1, 2016 - Copyright updated and updated file purpose
* - May 19, 2017 - Migrated to filtering and changed save button to match buttons throughout
*/
$page = filter_input(INPUT_GET, 'p', FILTER_SANITIZE_STRING, FILTER_NULL_ON_FAILURE);
$sys_id = filter_input(INPUT_POST, 'system', FILTER_VALIDATE_INT, FILTER_NULL_ON_FAILURE);
if ($page == 'MSMgmt') {
?>
<form method='post' action='?p=EditMS'>
Select System:<br />
<select name='system' onchange="this.form.submit();">
<option value='0'>-- Please Select System --</option>
<?php
foreach ($all_systems as $key => $sys) :
print $sys->get_Option();
endforeach
;
?>
<option value='0'>New...</option>
</select>
</form>
<?php
}
elseif ($page == 'EditMS' && $sys_id) {
$system = $db->get_System($sys_id);
if (is_array($system) && count($system) && isset($system[0]) && is_a($system[0], 'system')) {
$system = $system[0];
}
else {
die("Couldn't find the selected system");
}
$mac = $system->get_MAC();
$class = $system->get_Classification();
$acred_type = $system->get_Accreditation_Type();
?>
<script src='/script/ckeditor/ckeditor.js'></script>
<script type='text/javascript'>
$(function () {
CKEDITOR.replace('description', {height: '100px', width: '950px', toolbar: [
{name: 'document', items: ['Source']},
{name: 'editor', items: ['Cut', 'Copy', 'Paste', 'PasteText', 'PastFromWord', '-', 'Undo', 'Redo']},
{name: 'basicstyles', groups: ['basicstyles', 'cleanup'], items: ['Bold', 'Italic', 'Underline', '-', 'RemoveFormat']},
{name: 'paragraph', groups: ['list', 'indent', 'blocks', 'align'], items: ['NumberedList', 'BulletedList', '-', 'Outdent', 'Indent', '-', 'JustifyLeft', 'JustifyCenter', 'JustifyRight', 'JustifyBlock']}
]});
});
</script>
<form method='post' action='?p=EditMS'>
Select System:<br />
<select name='system' onchange="this.form.submit();">
<option value='0'>-- Please Select System --</option>
<?php
foreach ($all_systems as $key => $sys) :
$selected = $sys_id == $sys->get_ID() ? true : false;
print $sys->get_Option($selected);
endforeach
;
?>
<option value='0'>New...</option>
</select>
</form>
<form method='post' action='?p=MSMgmt'>
<input type='hidden' name='action' value='save-system' />
<input type='hidden' name='system' value='<?php print $system->get_ID(); ?>' />
Name:
<input type='text' name='name' id='name'
value='<?php print $system->get_Name(); ?>' /><br />
Abbr:
<input type='text' name='abbr' id='abbr'
value='<?php print $system->get_Abbreviation(); ?>' /><br />
MAC:
<select name='mac' id='mac'>
<option value='0'>-- Select MAC --</option>
<option value='1' <?php print ($mac == 1 ? " selected" : ""); ?>>Level 1</option>
<option value='2' <?php print ($mac == 2 ? " selected" : ""); ?>>Level 2</option>
<option value='3' <?php print ($mac == 3 ? " selected" : ""); ?>>Level 3</option>
</select><br />
Classification:
<select name='class' id='class'>
<option value='0'>-- Select Classification --</option>
<option value='Public'
<?php print ($class == 'Public' ? ' selected' : ''); ?>>Public</option>
<option value='Sensitive'
<?php print ($class == 'Sensitive' ? ' selected' : ''); ?>>Sensitive</option>
<option value='Classified'
<?php print ($class == 'Classified' ? ' selected' : ''); ?>>Classified</option>
</select><br />
Accreditation Type:
<select name="accred_type" id="accred_type">
<option value='0'>-- Select Accreditation --</option>
<option value='diacap'
<?php print ($acred_type == accrediation_types::DIACAP ? ' selected' : ''); ?>>DIACAP</option>
<option value='rmf'
<?php print ($acred_type == accrediation_types::RMF ? ' selected' : ''); ?>>RMF</option>
</select><br />
System Description:<br />
<textarea name='description' id='description' cols='1' rows='1'><?php print $system->get_Description(); ?></textarea>
<input type='button' class='button' name='action' value='Save System' onclick='this.form.submit();' />
</form>
<?php
}
elseif ($page == 'EditMS' && !$sys_id) {
?>
<script src='/script/ckeditor/ckeditor.js'></script>
<script type='text/javascript'>
$(function () {
CKEDITOR.replace('description', {height: '100px', width: '950px', toolbar: [
{name: 'document', items: ['Source']},
{name: 'editor', items: ['Cut', 'Copy', 'Paste', 'PasteText', 'PastFromWord', '-', 'Undo', 'Redo']},
{name: 'basicstyles', groups: ['basicstyles', 'cleanup'], items: ['Bold', 'Italic', 'Underline', '-', 'RemoveFormat']},
{name: 'paragraph', groups: ['list', 'indent', 'blocks', 'align'], items: ['NumberedList', 'BulletedList', '-', 'Outdent', 'Indent', '-', 'JustifyLeft', 'JustifyCenter', 'JustifyRight', 'JustifyBlock']}
]});
});
</script>
<form method='post' action='?p=MSMgmt'>
<input type='hidden' name='action' value='save-system' />
Name:
<input type='text' name='name' id='name' /><br />
Abbr:
<input type='text' name='abbr' id='abbr' /><br />
MAC:
<select name='mac' id='mac'>
<option value='0'>-- Select MAC --</option>
<option value='1'>Level 1</option>
<option value='2'>Level 2</option>
<option value='3'>Level 3</option>
</select><br />
Classification:
<select name='class' id='class'>
<option value='0'>-- Select Classification --</option>
<option value='Public'>Public</option>
<option value='Sensitive'>Sensitive</option>
<option value='Classified'>Classified</option>
</select><br />
Accreditation Type:
<select name="accred_type" id="accred_type">
<option value='0'>-- Select Accreditation --</option>
<option value='diacap'>DIACAP</option>
<option value='rmf'>RMF</option>
</select><br />
System Description:<br />
<textarea name='description' id='description' cols='1' rows='1'>[paste system description here]</textarea>
<input type='button' class='button' name='action' value='Save System' onclick='this.form.submit();' />
</form>
<?php
}

25
data/tgtsearch.inc Normal file
View File

@ -0,0 +1,25 @@
<?php
/**
* File: tgtsearch.inc
* Author: Ryan
* Purpose: includes the target filter fields
* Created: Sep 7, 2016
*
* Copyright 2016: Cyber Perspectives, All rights reserved
* Released under the Apache v2.0 License
*
* See license.txt for details
*
* Change Log:
* - Sep 7, 2016 - File created
* - Mar 8, 2017 - Added auto open of the target filter box
*/
$target_filter_width = 990;
include_once 'target-filter.inc';
?>
<script type='text/javascript'>
$(function () {
collapse_expand_data('cat-filter');
});
</script>