initial commit of SVN release repo

2018-05-07 10:51:08 -04:00
parent 2c25d5e577
commit 8c38a6cdb9
4369 changed files with 728576 additions and 0 deletions
--- a/ste/orphaned.php
+++ b/ste/orphaned.php
@ -0,0 +1,149 @@
+<?php
+/**
+ * File: orphaned.php
+ * Author: Ryan Prather
+ * Purpose: Display the findings for a particular host that are not assigned to any checklist
+ * Created: Jan 31, 2014
+ *
+ * Portions Copyright (c) 2012-2015, Salient Federal Solutions
+ * Portions Copyright (c) 2008-2011, Science Applications International Corporation (SAIC)
+ * Released under Modified BSD License
+ *
+ * See license.txt for details
+ *
+ * Change Log:
+ *  - Jan 31, 2014 - File created
+ */
+include_once 'config.inc';
+include_once 'database.inc';
+include_once 'helper.inc';
+
+$db = new db();
+
+if (!isset($_REQUEST['tgt'])) {
+  print "Need to know what host you want to look at";
+  exit;
+}
+
+$tgt = $db->get_Target_Details($_REQUEST['ste'], $_REQUEST['tgt'])[0];
+
+$findings = $db->get_Finding($tgt, null, null, true);
+
+set_time_limit(0);
+?>
+
+<!DOCTYPE HTML>
+<html>
+  <head>
+    <title><?php print $tgt->get_Name(); ?> - Orphan Findings</title>
+    <style type='text/css'>
+      #tooltip {
+        display: none;
+        z-index: 1000;
+        background-color: #FFE681;
+        color: #000;
+        font-size: 16px;
+        padding: 4px;
+        line-height: 1em;
+        position: absolute;
+      }
+      .hidden {
+        display: none;
+      }
+    </style>
+
+    <script src='../style/5grid/jquery-1.10.2.min.js'></script>
+    <script src='../script/default.js'></script>
+    <script>
+      function pdi_popup(pdi_id, orphan_id) {
+        $('#pdi_popup').attr('src', '../data/pdi.php?pdi=' + pdi_id + '&orphan=' + orphan_id);
+      }
+    </script>
+  </head>
+  <body onload='javascript:initTip();'>
+    <div id='tooltip'></div>
+    <table border=1>
+      <thead>
+        <tr>
+          <th>Orphan ID</th>
+          <th>VMS ID</th>
+          <th>Cat</th>
+          <th>IA Controls</th>
+          <th>Short Title</th>
+          <th>Possible Matches</th>
+        </tr>
+      </thead>
+      <tbody>
+        <?php
+        foreach ($findings as $key => $finding) {
+          $pdi = $db->get_PDI($finding->get_PDI_ID());
+          $nessus = null;
+          $cve = null;
+          $iavm = null;
+          $gd = $db->get_GoldDisk_By_PDI($pdi->get_ID());
+
+          $stigs = $db->get_STIG_By_PDI($pdi->get_ID());
+          if (!is_a($stigs, 'stig')) {
+            die("Can't find the STIG for PDI {$pdi->get_ID()}");
+          }
+
+          if (count($gd) == 1) {
+            $gd = $gd[0];
+          }
+          else {
+            $gd = null;
+          }
+
+          $ia = $db->get_IA_Controls_By_PDI($pdi->get_ID());
+
+          print "<tr>" . PHP_EOL .
+              "<td onmouseout='hideTip();' onmouseover='showTip(event, " . $pdi->get_ID() . ");'>" . $stigs->get_ID() . "<div class='hidden' id='" . $pdi->get_ID() . "'>" . nl2br($finding->get_Notes()) . "</div></td>" . PHP_EOL .
+              "<td>" . (!is_null($gd) ? $gd->get_ID() : '') . "</td>" . PHP_EOL .
+              "<td>" . $pdi->get_Category_Level_String() . "</td>" . PHP_EOL .
+              "<td>" . "</td>" . PHP_EOL .
+              "<td>" . $pdi->get_Short_Title() . "</td>" . PHP_EOL;
+
+          if (preg_match('/\d{5,6}/', $stigs->get_ID())) {
+            $nessus = $db->get_Nessus($stigs->get_ID());
+          }
+          elseif (preg_match('/CVE\-\d{4}\-\d{4}/', $stigs->get_ID())) {
+            $cve = $db->get_CVE($stigs->get_ID());
+          }
+          elseif (preg_match('/\d{4}\-[ABT]\-\d{4}/', $stigs->get_ID())) {
+            $iavm = $db->get_IAVM($stigs->get_ID());
+          }
+          else {
+
+          }
+
+          $matches = $db->get_Matching_PDIs($pdi, $nessus, $cve, $iavm);
+
+          print "<td>";
+          foreach ($matches as $key => $match) {
+            $short_desc = nl2br(htmlentities(substr($match['desc'], 0, 500)));
+            $short_cont = nl2br(htmlentities(substr($match['check_content'], 0, 1000)));
+
+            print "<div class='hidden' id='" . $match['pdi_id'] . "'>" .
+                $short_desc .
+                (strlen($match['desc']) > 500 ? " <b>(truncated)</b>" : "") . "<br />" .
+                $short_cont .
+                (strlen($match['check_content']) > 1000 ? " <b>(truncated)</b>" : "") .
+                "</div>";
+
+            print "<a onmouseout='hideTip();'
+              onmouseover='showTip(event, " . $match['pdi_id'] . ");'
+              href='javascript:void(0);'
+              onclick='javascript:pdi_popup(" . $match['pdi_id'] . ",\"" . $stigs->get_ID() . "\");'>" .
+                $match['pdi_id'] .
+                "</a> (" . $match['score'] . ") " . $match['title'] . "<br />";
+          }
+          print "</td>";
+
+          print "</tr>" . PHP_EOL;
+        }
+        ?>
+      </tbody>
+    </table>
+    <iframe id='pdi_popup' class='box' style='width: 80%; height: 80%; top: 10%; left: 10%;'></iframe>
+  </body>
+</html>