ajax.php - sort checklists
background_stigs.php - change to support adding sunset STIGs to update_db.php parse_nessus.php/parse_nmap.php - disable post processing until the end of reading the file update_db.php - Add sunset STIGs downloading and parsing database.inc - Removed unnecessary variables ($key, etc), fixed typo (proc_ia_control v. proc_ia_controls), fix typo line 11072, added query_type to other queries in post_Processing method, call update_Target_Count method at the end of post_Processing, convert update_Target_Count to use queries instead of get_pdi_count and get_finding_count views (caused a performance hit), removed calling update_Target_Count from save_Target method to support previously mentioned changes index.php - removed ajax timeout when bulk removing targets
This commit is contained in:
parent
78e584c1b9
commit
927ae69743
5
ajax.php
5
ajax.php
@ -1493,7 +1493,7 @@ function get_hosts($cat_id = null)
|
|||||||
return json_encode(['error' => "Invalid info"]);
|
return json_encode(['error' => "Invalid info"]);
|
||||||
}
|
}
|
||||||
|
|
||||||
foreach ($tgts as $key => $tgt) {
|
foreach ($tgts as $tgt) {
|
||||||
$chks = $db->get_Target_Checklists($tgt->get_ID());
|
$chks = $db->get_Target_Checklists($tgt->get_ID());
|
||||||
if ($cat_id) {
|
if ($cat_id) {
|
||||||
$exp_scan_srcs = $db->get_Expected_Category_Sources($ste_cat);
|
$exp_scan_srcs = $db->get_Expected_Category_Sources($ste_cat);
|
||||||
@ -1505,6 +1505,7 @@ function get_hosts($cat_id = null)
|
|||||||
$icons = [];
|
$icons = [];
|
||||||
$icon_str = '';
|
$icon_str = '';
|
||||||
$src_str = '';
|
$src_str = '';
|
||||||
|
sort($chks);
|
||||||
|
|
||||||
foreach ($chks as $chk) {
|
foreach ($chks as $chk) {
|
||||||
if (!in_array($chk->get_Icon(), array_keys($icons))) {
|
if (!in_array($chk->get_Icon(), array_keys($icons))) {
|
||||||
@ -1518,7 +1519,7 @@ function get_hosts($cat_id = null)
|
|||||||
$icon_str .= "<img src='/img/checklist_icons/$icon' title='{$data['name']}' class='checklist_image' />";
|
$icon_str .= "<img src='/img/checklist_icons/$icon' title='{$data['name']}' class='checklist_image' />";
|
||||||
}
|
}
|
||||||
|
|
||||||
foreach ($scan_srcs as $key => $src) {
|
foreach ($scan_srcs as $src) {
|
||||||
$icon = $src['src']->get_Icon();
|
$icon = $src['src']->get_Icon();
|
||||||
if($src['scan_error']) {
|
if($src['scan_error']) {
|
||||||
$icon = strtolower($src['src']->get_Name()) . "-failed.png";
|
$icon = strtolower($src['src']->get_Name()) . "-failed.png";
|
||||||
|
@ -83,7 +83,6 @@ if (isset($cmd['d']) && $cmd['d']) {
|
|||||||
chdir($path);
|
chdir($path);
|
||||||
|
|
||||||
$db = new db();
|
$db = new db();
|
||||||
$stack = [];
|
|
||||||
$zip_files = glob("*.zip");
|
$zip_files = glob("*.zip");
|
||||||
$zip = new ZipArchive();
|
$zip = new ZipArchive();
|
||||||
|
|
||||||
@ -235,7 +234,7 @@ if (isset($cmd['delete'])) {
|
|||||||
*/
|
*/
|
||||||
function directory_crawl($files)
|
function directory_crawl($files)
|
||||||
{
|
{
|
||||||
global $zip;
|
global $zip, $log;
|
||||||
|
|
||||||
foreach ($files as $file) {
|
foreach ($files as $file) {
|
||||||
if (preg_match('/\.zip/', $file)) {
|
if (preg_match('/\.zip/', $file)) {
|
||||||
|
@ -582,7 +582,8 @@ class nessus_parser extends scan_xml_parser
|
|||||||
$this->log->script_log("Skipping tcp6 ports because there are " . count($netstat_keys) . " listening", E_DEBUG);
|
$this->log->script_log("Skipping tcp6 ports because there are " . count($netstat_keys) . " listening", E_DEBUG);
|
||||||
}
|
}
|
||||||
|
|
||||||
$this->tgt->set_ID($this->db->save_Target($this->tgt));
|
$this->tgt->set_PP_Flag(true);
|
||||||
|
$this->tgt->set_ID($this->db->save_Target($this->tgt, false));
|
||||||
|
|
||||||
$dt = DateTime::createFromFormat("D M d H:i:s Y", $this->tag["HOST_START"]);
|
$dt = DateTime::createFromFormat("D M d H:i:s Y", $this->tag["HOST_START"]);
|
||||||
if ($dt < $this->scan->get_File_DateTime()) {
|
if ($dt < $this->scan->get_File_DateTime()) {
|
||||||
@ -1332,7 +1333,8 @@ class nessus_parser extends scan_xml_parser
|
|||||||
{
|
{
|
||||||
$this->log->script_log("ReportHost_end-START: {$this->tgt->get_Name()}");
|
$this->log->script_log("ReportHost_end-START: {$this->tgt->get_Name()}");
|
||||||
// save findings
|
// save findings
|
||||||
$this->db->save_Target($this->tgt);
|
$this->tgt->set_PP_flag(true);
|
||||||
|
$this->db->save_Target($this->tgt, false);
|
||||||
|
|
||||||
$this->log->script_log("Added finding counts: " . count($this->new_findings) . " for target " . $this->tgt->get_Name());
|
$this->log->script_log("Added finding counts: " . count($this->new_findings) . " for target " . $this->tgt->get_Name());
|
||||||
$this->log->script_log("Updated finding counts: " . count($this->updated_findings) . " for target " . $this->tgt->get_Name());
|
$this->log->script_log("Updated finding counts: " . count($this->updated_findings) . " for target " . $this->tgt->get_Name());
|
||||||
@ -1363,6 +1365,8 @@ class nessus_parser extends scan_xml_parser
|
|||||||
{
|
{
|
||||||
$this->log->script_log("Saving host list");
|
$this->log->script_log("Saving host list");
|
||||||
$this->db->update_Scan_Host_List($this->scan);
|
$this->db->update_Scan_Host_List($this->scan);
|
||||||
|
|
||||||
|
$this->db->post_Processing();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -92,6 +92,7 @@ foreach ($lines as $line_num => $line) {
|
|||||||
continue;
|
continue;
|
||||||
} # skip blank lines
|
} # skip blank lines
|
||||||
$line = trim($line, "\t\n\r"); # chomp would be nice...
|
$line = trim($line, "\t\n\r"); # chomp would be nice...
|
||||||
|
$matches = [];
|
||||||
if (!isset($filetype)) {
|
if (!isset($filetype)) {
|
||||||
if (preg_match('/Starting|\-oN/', $line)) {
|
if (preg_match('/Starting|\-oN/', $line)) {
|
||||||
$filetype = "text";
|
$filetype = "text";
|
||||||
@ -242,8 +243,6 @@ if ($filetype == "xml") {
|
|||||||
$target[$ip]['description'] = $vendor;
|
$target[$ip]['description'] = $vendor;
|
||||||
# Iterate through ports
|
# Iterate through ports
|
||||||
$ports = getValue($xml, "ports/port", $host, true);
|
$ports = getValue($xml, "ports/port", $host, true);
|
||||||
$tcp_ports = [];
|
|
||||||
$udp_ports = [];
|
|
||||||
foreach ($ports as $portxml) {
|
foreach ($ports as $portxml) {
|
||||||
$portid = $portxml->getAttribute("portid");
|
$portid = $portxml->getAttribute("portid");
|
||||||
$proto = $portxml->getAttribute("protocol");
|
$proto = $portxml->getAttribute("protocol");
|
||||||
@ -284,6 +283,7 @@ if ($filetype == "xml") {
|
|||||||
$db->update_Running_Scan($base_name, ['name' => 'host_count', 'value' => count($target)]);
|
$db->update_Running_Scan($base_name, ['name' => 'host_count', 'value' => count($target)]);
|
||||||
$count = 0;
|
$count = 0;
|
||||||
$tgt_ip = null;
|
$tgt_ip = null;
|
||||||
|
|
||||||
foreach ($target as $ip => $tgt) {
|
foreach ($target as $ip => $tgt) {
|
||||||
# get target ID
|
# get target ID
|
||||||
$tgt_id = 0;
|
$tgt_id = 0;
|
||||||
@ -302,6 +302,7 @@ foreach ($target as $ip => $tgt) {
|
|||||||
$tgt_obj->set_STE_ID($conf['ste']);
|
$tgt_obj->set_STE_ID($conf['ste']);
|
||||||
//$tgt_obj->set_Notes("New target found by NMap");
|
//$tgt_obj->set_Notes("New target found by NMap");
|
||||||
$tgt_obj->set_OS_ID($sw->get_ID());
|
$tgt_obj->set_OS_ID($sw->get_ID());
|
||||||
|
$tgt_obj->set_PP_Flag(true);
|
||||||
if ($sw->get_Shortened_SW_String()) {
|
if ($sw->get_Shortened_SW_String()) {
|
||||||
$tgt_obj->set_OS_String($sw->get_Shortened_SW_String());
|
$tgt_obj->set_OS_String($sw->get_Shortened_SW_String());
|
||||||
}
|
}
|
||||||
@ -344,10 +345,11 @@ foreach ($target as $ip => $tgt) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
$tgt_obj->set_ID($tgt_id = $db->save_Target($tgt_obj));
|
$tgt_obj->set_ID($tgt_id = $db->save_Target($tgt_obj, false));
|
||||||
}
|
}
|
||||||
else { #Update
|
else { #Update
|
||||||
$db_tgt = $db->get_Target_Details($conf['ste'], $tgt_id)[0];
|
$db_tgt = $db->get_Target_Details($conf['ste'], $tgt_id)[0];
|
||||||
|
$db_tgt->set_PP_Flag(true);
|
||||||
|
|
||||||
if (isset($tgt['tcp'])) {
|
if (isset($tgt['tcp'])) {
|
||||||
foreach ($tgt['tcp'] as $port_num => $port) {
|
foreach ($tgt['tcp'] as $port_num => $port) {
|
||||||
@ -388,7 +390,7 @@ foreach ($target as $ip => $tgt) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
$db->save_Target($db_tgt);
|
$db->save_Target($db_tgt, false);
|
||||||
}
|
}
|
||||||
|
|
||||||
$count++;
|
$count++;
|
||||||
@ -406,6 +408,7 @@ foreach ($target as $ip => $tgt) {
|
|||||||
$db->update_Running_Scan($base_name, ['name' => 'last_host', 'value' => $db_tgt->get_Name()]);
|
$db->update_Running_Scan($base_name, ['name' => 'last_host', 'value' => $db_tgt->get_Name()]);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$db->post_Processing();
|
||||||
$db->update_Scan_Host_List($scan);
|
$db->update_Scan_Host_List($scan);
|
||||||
$db->update_Running_Scan($base_name, ['name' => 'perc_comp', 'value' => 100, 'complete' => 1]);
|
$db->update_Running_Scan($base_name, ['name' => 'perc_comp', 'value' => 100, 'complete' => 1]);
|
||||||
if (!isset($cmd['debug'])) {
|
if (!isset($cmd['debug'])) {
|
||||||
|
@ -48,7 +48,8 @@
|
|||||||
* - Apr 29, 2018 - Added extract parameter to only extract nasl archive file, fixed a couple bugs
|
* - Apr 29, 2018 - Added extract parameter to only extract nasl archive file, fixed a couple bugs
|
||||||
* - May 10, 2018 - Removed ping of cve.mitre.org, and added 'po' and 'do' parameters for NVD CVE
|
* - May 10, 2018 - Removed ping of cve.mitre.org, and added 'po' and 'do' parameters for NVD CVE
|
||||||
* - Jun 5, 2018 - Fixed a couple setting updates
|
* - Jun 5, 2018 - Fixed a couple setting updates
|
||||||
*/
|
* - Sep 18, 2018 - Jeff - Added --sunset switch for Installing Sunset STIGs from https://iase.disa.mil/stigs/sunset/Pages/index.aspx
|
||||||
|
*/
|
||||||
include_once 'config.inc';
|
include_once 'config.inc';
|
||||||
include_once 'helper.inc';
|
include_once 'helper.inc';
|
||||||
include_once 'error.inc';
|
include_once 'error.inc';
|
||||||
@ -61,11 +62,10 @@ use Monolog\Handler\StreamHandler;
|
|||||||
use Monolog\Formatter\LineFormatter;
|
use Monolog\Formatter\LineFormatter;
|
||||||
|
|
||||||
$current_date = new DateTime();
|
$current_date = new DateTime();
|
||||||
$total_time = null;
|
$total_complete = 0;
|
||||||
$total_diff = 0;
|
$threads = [];
|
||||||
$summary_stats = [];
|
|
||||||
|
|
||||||
$cmd = getopt("h::u::p::", ['cpe::', 'cce::', 'cve::', 'nvd::', 'nasl::', 'stig::', 'do::', 'po::', 'help::', 'debug::', 'extract::', 'exclude::']);
|
$cmd = getopt("h::u::p::", ['cpe::', 'cce::', 'cve::', 'nvd::', 'nasl::', 'stig::', 'sunset::', 'do::', 'po::', 'help::', 'debug::', 'extract::', 'exclude::']);
|
||||||
|
|
||||||
$db = new db();
|
$db = new db();
|
||||||
$diff = new DateTimeDiff();
|
$diff = new DateTimeDiff();
|
||||||
@ -94,7 +94,7 @@ $log->pushHandler(new StreamHandler(LOG_PATH . "/update_db.log", $log_level));
|
|||||||
$log->pushHandler($stream);
|
$log->pushHandler($stream);
|
||||||
|
|
||||||
if (isset($cmd['h'], $cmd['help']) ||
|
if (isset($cmd['h'], $cmd['help']) ||
|
||||||
(!isset($cmd['cpe']) && !isset($cmd['cve']) && !isset($cmd['nasl']) && !isset($cmd['stig']) && !isset($cmd['nvd']))) {
|
(!isset($cmd['cpe']) && !isset($cmd['cve']) && !isset($cmd['nasl']) && !isset($cmd['stig']) && !isset($cmd['sunset']) && !isset($cmd['nvd']))) {
|
||||||
die(usage());
|
die(usage());
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -460,6 +460,7 @@ if (isset($cmd['nasl'])) {
|
|||||||
'nasl-progress' => 0,
|
'nasl-progress' => 0,
|
||||||
'nasl-count' => 0
|
'nasl-count' => 0
|
||||||
]);
|
]);
|
||||||
|
$count = 0;
|
||||||
|
|
||||||
// Capture start time for performance monitoring
|
// Capture start time for performance monitoring
|
||||||
$diff->resetClock();
|
$diff->resetClock();
|
||||||
@ -702,6 +703,75 @@ if (isset($cmd['stig'])) {
|
|||||||
sleep(3);
|
sleep(3);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Update Sunset STIG library from DISA content
|
||||||
|
*/
|
||||||
|
if (isset($cmd['sunset'])) {
|
||||||
|
$db->set_Setting_Array([
|
||||||
|
'stig-dl-progress' => 0,
|
||||||
|
'stig-progress' => 0,
|
||||||
|
'stig-count' => 0
|
||||||
|
]);
|
||||||
|
$path = TMP . "/stigs/zip";
|
||||||
|
check_path($path);
|
||||||
|
$sunset_array = [];
|
||||||
|
|
||||||
|
$diff->resetClock();
|
||||||
|
print "Started Sunset STIG ingestion ({$diff->getStartClockTime()})" . PHP_EOL;
|
||||||
|
|
||||||
|
$sunset_url="https://iase.disa.mil/stigs/Lists/Sunset%20Master%20List/FinalView.aspx";
|
||||||
|
|
||||||
|
if (ping("disa.mil") && !isset($cmd['po'])) {
|
||||||
|
$log->debug("Checking for $sunset_url");
|
||||||
|
if ($found = url_exists($sunset_url)) {
|
||||||
|
$contents=file_get_contents($sunset_url);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!$found) {
|
||||||
|
$log->debug("Unable to download $sunset_url, aborting Sunset");
|
||||||
|
die("Unable to open $sunset_url, aborting Sunset");
|
||||||
|
}
|
||||||
|
|
||||||
|
preg_match_all("/a href=\"([^ ]+zip\/U_[^ ]+STIG\.zip)/", $contents, $sunset_array);
|
||||||
|
|
||||||
|
foreach($sunset_array[1] as $url) {
|
||||||
|
$sunset_fname = basename($url);
|
||||||
|
download_file($url, "{$path}/$sunset_fname");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!isset($cmd['do']) || isset($cmd['po'])) {
|
||||||
|
$stig_files = array_merge(
|
||||||
|
glob("{$path}/*.zip"), glob("{$path}/*.xml"),
|
||||||
|
glob(TMP . "/*.zip"), glob(TMP . "/*.xml"), glob(TMP . "/stigs/xml/*.xml")
|
||||||
|
);
|
||||||
|
if (!count($stig_files)) {
|
||||||
|
die("Could not find any other zip files in " . realpath(TMP));
|
||||||
|
}
|
||||||
|
|
||||||
|
$script = realpath(defined('PHP_BIN') ? PHP_BIN : PHP) .
|
||||||
|
" -c " . realpath(PHP_CONF) .
|
||||||
|
" -f " . realpath(DOC_ROOT . "/exec/background_stigs.php") . " --" .
|
||||||
|
(isset($cmd['exclude']) && $cmd['exclude'] ? " --exclude=\"{$cmd['exclude']}\"" : "") .
|
||||||
|
" --delete";
|
||||||
|
|
||||||
|
$log->debug("Script to run $script");
|
||||||
|
passthru($script);
|
||||||
|
}
|
||||||
|
|
||||||
|
$db->help->select_count("sagacity.stigs");
|
||||||
|
$stig_count = $db->help->execute();
|
||||||
|
|
||||||
|
$db->set_Setting("stig-count", $stig_count);
|
||||||
|
|
||||||
|
$diff->stopClock();
|
||||||
|
|
||||||
|
print PHP_EOL . "Finished at {$diff->getEndClockTime()}" . PHP_EOL .
|
||||||
|
"Total Time: {$diff->getDiffString()}" . PHP_EOL;
|
||||||
|
|
||||||
|
sleep(3);
|
||||||
|
}
|
||||||
|
|
||||||
if (is_a($diff->getTotalDiff(), 'DateInterval')) {
|
if (is_a($diff->getTotalDiff(), 'DateInterval')) {
|
||||||
print "Total Script Time: {$diff->getTotalDiffString()}" . PHP_EOL;
|
print "Total Script Time: {$diff->getTotalDiffString()}" . PHP_EOL;
|
||||||
}
|
}
|
||||||
@ -723,6 +793,7 @@ Usage: php update_db.php [--cpe] [--cve] [--nvd] [--nasl] [--stig] [-u={URL}] [-
|
|||||||
--nasl To download OpenVAS NVT library and update NASL files
|
--nasl To download OpenVAS NVT library and update NASL files
|
||||||
You can also extract *.nasl files from the Nessus library to $tmp/nessus_plugins and it will include these in the update
|
You can also extract *.nasl files from the Nessus library to $tmp/nessus_plugins and it will include these in the update
|
||||||
--stig To download and update the STIG library
|
--stig To download and update the STIG library
|
||||||
|
--sunset To download and update the STIG library with the STIGs DISA has archived
|
||||||
|
|
||||||
--do To download the files only...do not call the parsers will overwrite any existing files
|
--do To download the files only...do not call the parsers will overwrite any existing files
|
||||||
--po To parse the downloaded files only, do not download
|
--po To parse the downloaded files only, do not download
|
||||||
|
146
inc/database.inc
146
inc/database.inc
@ -2353,6 +2353,7 @@ class db
|
|||||||
{
|
{
|
||||||
$ret = true;
|
$ret = true;
|
||||||
$fields = array('pdi_id', 'cce_id');
|
$fields = array('pdi_id', 'cce_id');
|
||||||
|
$params = [];
|
||||||
|
|
||||||
if (is_array($cces)) {
|
if (is_array($cces)) {
|
||||||
foreach ($cces as $cce) {
|
foreach ($cces as $cce) {
|
||||||
@ -4103,7 +4104,7 @@ class db
|
|||||||
* Function to get the findings that are assigned to specific controls
|
* Function to get the findings that are assigned to specific controls
|
||||||
*
|
*
|
||||||
* @param ste $ste
|
* @param ste $ste
|
||||||
* @param \proc_ia_control $ia_ctrl
|
* @param proc_ia_controls $ia_ctrl
|
||||||
* @param string $status
|
* @param string $status
|
||||||
* @return array:finding |NULL
|
* @return array:finding |NULL
|
||||||
*/
|
*/
|
||||||
@ -4259,7 +4260,7 @@ class db
|
|||||||
* The status to look for
|
* The status to look for
|
||||||
* @param integer $cat [optional]
|
* @param integer $cat [optional]
|
||||||
* The CAT/severity level
|
* The CAT/severity level
|
||||||
* @param proc_ia_control $ctrl [optional]
|
* @param proc_ia_controls $ctrl [optional]
|
||||||
* A IA control to filter for
|
* A IA control to filter for
|
||||||
*
|
*
|
||||||
* @return integer
|
* @return integer
|
||||||
@ -4313,7 +4314,7 @@ class db
|
|||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!is_null($ctrl) && is_a($ctrl, 'proc_ia_control')) {
|
if (!is_null($ctrl) && is_a($ctrl, 'proc_ia_controls')) {
|
||||||
$where[] = [
|
$where[] = [
|
||||||
'field' => 'fc.ia_control',
|
'field' => 'fc.ia_control',
|
||||||
'value' => $ctrl->get_Control_ID(),
|
'value' => $ctrl->get_Control_ID(),
|
||||||
@ -4334,7 +4335,7 @@ class db
|
|||||||
"JOIN sagacity.target t ON t.id=f.tgt_id"
|
"JOIN sagacity.target t ON t.id=f.tgt_id"
|
||||||
];
|
];
|
||||||
|
|
||||||
if (!is_null($ctrl) && is_a($ctrl, 'proc_ia_control')) {
|
if (!is_null($ctrl) && is_a($ctrl, 'proc_ia_controls')) {
|
||||||
$joins[] = "JOIN sagacity.finding_controls fc ON fc.finding_id=f.id";
|
$joins[] = "JOIN sagacity.finding_controls fc ON fc.finding_id=f.id";
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -4379,7 +4380,7 @@ class db
|
|||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!is_null($ctrl) && is_a($ctrl, 'proc_ia_control')) {
|
if (!is_null($ctrl) && is_a($ctrl, 'proc_ia_controls')) {
|
||||||
$where[] = [
|
$where[] = [
|
||||||
'field' => 'fc.ia_control',
|
'field' => 'fc.ia_control',
|
||||||
'value' => $ctrl->get_Control_ID(),
|
'value' => $ctrl->get_Control_ID(),
|
||||||
@ -4404,7 +4405,7 @@ class db
|
|||||||
* The status to look for
|
* The status to look for
|
||||||
* @param integer $cat
|
* @param integer $cat
|
||||||
* The CAT/severity level
|
* The CAT/severity level
|
||||||
* @param proc_ia_control $ctrl
|
* @param proc_ia_controls $ctrl
|
||||||
* A IA control to filter for
|
* A IA control to filter for
|
||||||
*
|
*
|
||||||
* @return integer
|
* @return integer
|
||||||
@ -4461,7 +4462,7 @@ class db
|
|||||||
* The status to look for
|
* The status to look for
|
||||||
* @param integer $cat [optional]
|
* @param integer $cat [optional]
|
||||||
* The CAT/severity level
|
* The CAT/severity level
|
||||||
* @param proc_ia_control $ctrl [optional]
|
* @param proc_ia_controls $ctrl [optional]
|
||||||
* A IA control to filter for
|
* A IA control to filter for
|
||||||
* @param array $chk_ids [optional]
|
* @param array $chk_ids [optional]
|
||||||
* @param boolean $is_orphan [optional]
|
* @param boolean $is_orphan [optional]
|
||||||
@ -4471,7 +4472,6 @@ class db
|
|||||||
*/
|
*/
|
||||||
public function get_Host_Finding_Count_By_Status($tgt, $status, $cat = null, $ctrl = null, $chk_ids = null, $is_orphan = false)
|
public function get_Host_Finding_Count_By_Status($tgt, $status, $cat = null, $ctrl = null, $chk_ids = null, $is_orphan = false)
|
||||||
{
|
{
|
||||||
$count = 0;
|
|
||||||
if (!$is_orphan) {
|
if (!$is_orphan) {
|
||||||
$sql = "SELECT (SELECT COUNT(DISTINCT(pcl.`pdi_id`)) " .
|
$sql = "SELECT (SELECT COUNT(DISTINCT(pcl.`pdi_id`)) " .
|
||||||
"FROM `sagacity`.`target` t " .
|
"FROM `sagacity`.`target` t " .
|
||||||
@ -4645,12 +4645,11 @@ class db
|
|||||||
* @TODO - FINISH
|
* @TODO - FINISH
|
||||||
*
|
*
|
||||||
* @param ste $ste
|
* @param ste $ste
|
||||||
* @param proc_ia_control $ia_ctrl
|
* @param proc_ia_controls $ia_ctrl
|
||||||
* @param string $status
|
* @param string $status
|
||||||
*/
|
*/
|
||||||
public function get_Finding_Pervasivity_by_Control($ste, $ia_ctrl, $status = null)
|
public function get_Finding_Pervasivity_by_Control($ste, $ia_ctrl, $status = null)
|
||||||
{
|
{
|
||||||
$sql = "SELECT COUNT";
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -4852,7 +4851,7 @@ class db
|
|||||||
$updated_finding = [];
|
$updated_finding = [];
|
||||||
$new_finding = [];
|
$new_finding = [];
|
||||||
$x = 0;
|
$x = 0;
|
||||||
foreach ($tgts as $key => $tgt) {
|
foreach ($tgts as $tgt) {
|
||||||
switch (strtolower(str_replace('_', ' ', $finding_data[self::FIRST_ECHECKLIST_HOST_COL + $x]))) {
|
switch (strtolower(str_replace('_', ' ', $finding_data[self::FIRST_ECHECKLIST_HOST_COL + $x]))) {
|
||||||
case 'not reviewed':
|
case 'not reviewed':
|
||||||
case 'not a finding':
|
case 'not a finding':
|
||||||
@ -4992,7 +4991,7 @@ class db
|
|||||||
$notes = (isset($current_finding) && is_array($current_finding) && count($current_finding) ? $current_finding->get_Notes() . " " . $notes : $notes);
|
$notes = (isset($current_finding) && is_array($current_finding) && count($current_finding) ? $current_finding->get_Notes() . " " . $notes : $notes);
|
||||||
|
|
||||||
if (isset($updated_finding) && is_array($updated_finding) && count($updated_finding) > 0) {
|
if (isset($updated_finding) && is_array($updated_finding) && count($updated_finding) > 0) {
|
||||||
foreach ($updated_finding as $key => $finding) {
|
foreach ($updated_finding as $finding) {
|
||||||
$update_sql = "UPDATE `findings` SET " .
|
$update_sql = "UPDATE `findings` SET " .
|
||||||
"`scan_id` = " . $this->conn->real_escape_string($finding->get_Scan_ID()) . ", " .
|
"`scan_id` = " . $this->conn->real_escape_string($finding->get_Scan_ID()) . ", " .
|
||||||
"`findings_status_id` = " . $this->conn->real_escape_string($finding->get_Finding_Status()) . ", " .
|
"`findings_status_id` = " . $this->conn->real_escape_string($finding->get_Finding_Status()) . ", " .
|
||||||
@ -5008,13 +5007,13 @@ class db
|
|||||||
if (!$this->conn->real_query($update_sql)) {
|
if (!$this->conn->real_query($update_sql)) {
|
||||||
Sagacity_Error::sql_handler($update_sql);
|
Sagacity_Error::sql_handler($update_sql);
|
||||||
error_log($this->conn->error);
|
error_log($this->conn->error);
|
||||||
$ret = false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
$this->conn->real_query("DELETE FROM `finding_controls` WHERE `finding_id` = " . $finding->get_ID());
|
$this->conn->real_query("DELETE FROM `finding_controls` WHERE `finding_id` = " . $finding->get_ID());
|
||||||
|
|
||||||
$sql2 = "INSERT INTO `finding_controls` (`finding_id`, `ia_control`) VALUES ";
|
$sql2 = "INSERT INTO `finding_controls` (`finding_id`, `ia_control`) VALUES ";
|
||||||
foreach ($finding->get_IA_Controls() as $key => $ia) {
|
foreach ($finding->get_IA_Controls() as $ia) {
|
||||||
$sql2 .= "({$this->conn->real_escape_string($finding->get_ID())}, " .
|
$sql2 .= "({$this->conn->real_escape_string($finding->get_ID())}, " .
|
||||||
"'{$this->conn->real_escape_string($ia)}'),";
|
"'{$this->conn->real_escape_string($ia)}'),";
|
||||||
}
|
}
|
||||||
@ -5026,7 +5025,7 @@ class db
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (isset($new_finding) && count($new_finding) > 0) {
|
if (isset($new_finding) && count($new_finding) > 0) {
|
||||||
foreach ($new_finding as $key => $finding) {
|
foreach ($new_finding as $finding) {
|
||||||
$insert_sql = "INSERT INTO `findings` (`tgt_id`, `pdi_id`, `scan_id`, `findings_status_id`, `cat`, `notes`) VALUES " .
|
$insert_sql = "INSERT INTO `findings` (`tgt_id`, `pdi_id`, `scan_id`, `findings_status_id`, `cat`, `notes`) VALUES " .
|
||||||
"(" . $this->conn->real_escape_string($finding->get_Tgt_ID()) . ", " .
|
"(" . $this->conn->real_escape_string($finding->get_Tgt_ID()) . ", " .
|
||||||
$this->conn->real_escape_string($finding->get_PDI_ID()) . ", " .
|
$this->conn->real_escape_string($finding->get_PDI_ID()) . ", " .
|
||||||
@ -5041,14 +5040,14 @@ class db
|
|||||||
if (!$this->conn->real_query($insert_sql)) {
|
if (!$this->conn->real_query($insert_sql)) {
|
||||||
Sagacity_Error::sql_handler($insert_sql);
|
Sagacity_Error::sql_handler($insert_sql);
|
||||||
error_log($this->conn->error);
|
error_log($this->conn->error);
|
||||||
$ret = false;
|
return false;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
$find_id = $this->conn->insert_id;
|
$find_id = $this->conn->insert_id;
|
||||||
|
|
||||||
$sql2 = "INSERT INTO `finding_controls` (`finding_id`, `ia_control`) VALUES ";
|
$sql2 = "INSERT INTO `finding_controls` (`finding_id`, `ia_control`) VALUES ";
|
||||||
foreach ($finding->get_IA_Controls() as $key => $ia) {
|
foreach ($finding->get_IA_Controls() as $ia) {
|
||||||
$sql2 .= "({$this->conn->real_escape_string($find_id)}, " .
|
$sql2 .= "({$this->conn->real_escape_string($find_id)}, " .
|
||||||
"'{$this->conn->real_escape_string($ia)}'),";
|
"'{$this->conn->real_escape_string($ia)}'),";
|
||||||
}
|
}
|
||||||
@ -5171,14 +5170,14 @@ class db
|
|||||||
if (!$this->conn->real_query($update_sql)) {
|
if (!$this->conn->real_query($update_sql)) {
|
||||||
Sagacity_Error::sql_handler($update_sql);
|
Sagacity_Error::sql_handler($update_sql);
|
||||||
error_log($this->conn->error);
|
error_log($this->conn->error);
|
||||||
$ret = false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
$this->conn->real_query("DELETE FROM `sagacity`.`finding_controls` WHERE `finding_id` = " . $updated_finding->get_ID());
|
$this->conn->real_query("DELETE FROM `sagacity`.`finding_controls` WHERE `finding_id` = " . $updated_finding->get_ID());
|
||||||
|
|
||||||
$sql2 = "INSERT INTO `sagacity`.`finding_controls` (`finding_id`, `ia_control`) VALUES ";
|
$sql2 = "INSERT INTO `sagacity`.`finding_controls` (`finding_id`, `ia_control`) VALUES ";
|
||||||
|
|
||||||
foreach ($updated_finding->get_IA_Controls() as $key => $ia) {
|
foreach ($updated_finding->get_IA_Controls() as $ia) {
|
||||||
$sql2 .= "(" .
|
$sql2 .= "(" .
|
||||||
$this->conn->real_escape_string($updated_finding->get_ID()) . ", " .
|
$this->conn->real_escape_string($updated_finding->get_ID()) . ", " .
|
||||||
"'" . $this->conn->real_escape_string($ia) . "'), ";
|
"'" . $this->conn->real_escape_string($ia) . "'), ";
|
||||||
@ -5204,14 +5203,14 @@ class db
|
|||||||
if (!$this->conn->real_query($insert_sql)) {
|
if (!$this->conn->real_query($insert_sql)) {
|
||||||
Sagacity_Error::sql_handler($insert_sql);
|
Sagacity_Error::sql_handler($insert_sql);
|
||||||
error_log($this->conn->error);
|
error_log($this->conn->error);
|
||||||
$ret = false;
|
return false;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
$find_id = $this->conn->insert_id;
|
$find_id = $this->conn->insert_id;
|
||||||
|
|
||||||
$sql2 = "INSERT INTO `sagacity`.`finding_controls` (`finding_id`, `ia_control`) VALUES ";
|
$sql2 = "INSERT INTO `sagacity`.`finding_controls` (`finding_id`, `ia_control`) VALUES ";
|
||||||
foreach ($new_finding->get_IA_Controls() as $key => $ia) {
|
foreach ($new_finding->get_IA_Controls() as $ia) {
|
||||||
$sql2 .= "(" .
|
$sql2 .= "(" .
|
||||||
$this->conn->real_escape_string($find_id) . ", " .
|
$this->conn->real_escape_string($find_id) . ", " .
|
||||||
"'" . $this->conn->real_escape_string($ia) . "'), ";
|
"'" . $this->conn->real_escape_string($ia) . "'), ";
|
||||||
@ -5729,7 +5728,7 @@ class db
|
|||||||
* Function to get the icon that represents the IA control status
|
* Function to get the icon that represents the IA control status
|
||||||
*
|
*
|
||||||
* @param ste $ste
|
* @param ste $ste
|
||||||
* @param proc_ia_control $ctrl
|
* @param proc_ia_controls $ctrl
|
||||||
*
|
*
|
||||||
* @return string
|
* @return string
|
||||||
*/
|
*/
|
||||||
@ -5748,7 +5747,7 @@ class db
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (false) {
|
if (false) {
|
||||||
$ctrl = new proc_ia_control();
|
$ctrl = new proc_ia_controls();
|
||||||
}
|
}
|
||||||
if (empty($ctrl->finding->vul_desc)) {
|
if (empty($ctrl->finding->vul_desc)) {
|
||||||
return "exclamation.png";
|
return "exclamation.png";
|
||||||
@ -6555,7 +6554,7 @@ class db
|
|||||||
array(
|
array(
|
||||||
'field' => 'int_id',
|
'field' => 'int_id',
|
||||||
'op' => '=',
|
'op' => '=',
|
||||||
'value' => $id
|
'value' => $int_id
|
||||||
)
|
)
|
||||||
));
|
));
|
||||||
$this->help->execute();
|
$this->help->execute();
|
||||||
@ -6563,7 +6562,7 @@ class db
|
|||||||
array(
|
array(
|
||||||
'field' => 'id',
|
'field' => 'id',
|
||||||
'op' => '=',
|
'op' => '=',
|
||||||
'value' => $id
|
'value' => $int_id
|
||||||
)
|
)
|
||||||
));
|
));
|
||||||
$this->help->execute();
|
$this->help->execute();
|
||||||
@ -6633,7 +6632,7 @@ class db
|
|||||||
$ret = true;
|
$ret = true;
|
||||||
$ins_sql = 'REPLACE INTO `sagacity`.`pps_list` (`int_id`,`pps_id`,`name`,`banner`,`notes`) VALUES ';
|
$ins_sql = 'REPLACE INTO `sagacity`.`pps_list` (`int_id`,`pps_id`,`name`,`banner`,`notes`) VALUES ';
|
||||||
if ($action == 'insert') {
|
if ($action == 'insert') {
|
||||||
foreach ($ports as $key => $port) {
|
foreach ($ports as $port) {
|
||||||
$ins_sql .= "(" . $int->get_ID() . ", " .
|
$ins_sql .= "(" . $int->get_ID() . ", " .
|
||||||
"(SELECT `id` FROM `sagacity`.`ports_proto_services` WHERE `port` = '" . $port->get_Port() . "'" .
|
"(SELECT `id` FROM `sagacity`.`ports_proto_services` WHERE `port` = '" . $port->get_Port() . "'" .
|
||||||
" AND `proto` = '" . (is_a($port, 'tcp_ports') ? 'tcp' : 'udp') . "' " .
|
" AND `proto` = '" . (is_a($port, 'tcp_ports') ? 'tcp' : 'udp') . "' " .
|
||||||
@ -6674,10 +6673,12 @@ class db
|
|||||||
public function get_TCP_Ports($port_number = null)
|
public function get_TCP_Ports($port_number = null)
|
||||||
{
|
{
|
||||||
$ret = [];
|
$ret = [];
|
||||||
$where[] = [
|
$where = [
|
||||||
'field' => 'proto',
|
[
|
||||||
'op' => '=',
|
'field' => 'proto',
|
||||||
'value' => 'tcp'
|
'op' => '=',
|
||||||
|
'value' => 'tcp'
|
||||||
|
]
|
||||||
];
|
];
|
||||||
|
|
||||||
if (!is_null($port_number)) {
|
if (!is_null($port_number)) {
|
||||||
@ -6720,10 +6721,12 @@ class db
|
|||||||
public function get_UDP_Ports($port_number = null)
|
public function get_UDP_Ports($port_number = null)
|
||||||
{
|
{
|
||||||
$ret = [];
|
$ret = [];
|
||||||
$where[] = [
|
$where = [
|
||||||
'field' => 'proto',
|
[
|
||||||
'op' => '=',
|
'field' => 'proto',
|
||||||
'value' => 'udp'
|
'op' => '=',
|
||||||
|
'value' => 'udp'
|
||||||
|
]
|
||||||
];
|
];
|
||||||
|
|
||||||
if (!is_null($port_number)) {
|
if (!is_null($port_number)) {
|
||||||
@ -7089,13 +7092,14 @@ class db
|
|||||||
|
|
||||||
while ($sth->fetch()) {
|
while ($sth->fetch()) {
|
||||||
$x++;
|
$x++;
|
||||||
$ret = preg_match('/Registry Hive: +(\S*)/', $check_contents, $match);
|
$match = [];
|
||||||
|
preg_match('/Registry Hive: +(\S*)/', $check_contents, $match);
|
||||||
$hive = $match[1];
|
$hive = $match[1];
|
||||||
|
|
||||||
$ret = preg_match('/(Subkey|Path|Registry Path): +(\\\)?(.*)/', $check_contents, $match);
|
preg_match('/(Subkey|Path|Registry Path): +(\\\)?(.*)/', $check_contents, $match);
|
||||||
$path = is_array($match) && count($match) > 3 ? $match[3] : "STIG ID: $stig_id" . PHP_EOL;
|
$path = is_array($match) && count($match) > 3 ? $match[3] : "STIG ID: $stig_id" . PHP_EOL;
|
||||||
|
|
||||||
$ret = preg_match('/Value Name: +(\S*)/', $check_contents, $match);
|
preg_match('/Value Name: +(\S*)/', $check_contents, $match);
|
||||||
$name = is_array($match) && count($match) > 1 ? $match[1] : '';
|
$name = is_array($match) && count($match) > 1 ? $match[1] : '';
|
||||||
|
|
||||||
if (is_array($match) && count($match) == 2) {
|
if (is_array($match) && count($match) == 2) {
|
||||||
@ -7103,10 +7107,10 @@ class db
|
|||||||
$c_count = 1;
|
$c_count = 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
$ret = preg_match('/Type: +(\S*)/', $check_contents, $match);
|
preg_match('/Type: +(\S*)/', $check_contents, $match);
|
||||||
$type = is_array($match) && count($match) > 0 ? $match[1] : "PDI ID: $pdi_id" . PHP_EOL;
|
$type = is_array($match) && count($match) > 0 ? $match[1] : "PDI ID: $pdi_id" . PHP_EOL;
|
||||||
|
|
||||||
$ret = preg_match('/Value: +(\S*)/', $check_contents, $match);
|
preg_match('/Value: +(\S*)/', $check_contents, $match);
|
||||||
$value = is_array($match) && count($match) > 0 ? $match[1] : "PDI ID: $pdi_id" . PHP_EOL;
|
$value = is_array($match) && count($match) > 0 ? $match[1] : "PDI ID: $pdi_id" . PHP_EOL;
|
||||||
|
|
||||||
if (strpos($type, "PDI ID: " . $pdi_id) !== false) {
|
if (strpos($type, "PDI ID: " . $pdi_id) !== false) {
|
||||||
@ -7522,7 +7526,7 @@ class db
|
|||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
$cves = $nessus->get_Reference_By_Type('cve');
|
$cves = $nessus->get_Reference_By_Type('cve');
|
||||||
foreach ($cves as $key => $cve_num) {
|
foreach ($cves as $cve_num) {
|
||||||
$cve = $this->get_CVE($cve_num);
|
$cve = $this->get_CVE($cve_num);
|
||||||
if ($cve->get_PDI_ID()) {
|
if ($cve->get_PDI_ID()) {
|
||||||
return $cve->get_PDI_ID();
|
return $cve->get_PDI_ID();
|
||||||
@ -7545,7 +7549,7 @@ class db
|
|||||||
}
|
}
|
||||||
|
|
||||||
$bids = $nessus->get_Reference_By_Type('bid');
|
$bids = $nessus->get_Reference_By_Type('bid');
|
||||||
foreach ($bids as $key => $bid_num) {
|
foreach ($bids as $bid_num) {
|
||||||
$sql = "SELECT iavm.`pdi_id` " .
|
$sql = "SELECT iavm.`pdi_id` " .
|
||||||
"FROM `sagacity`.`nessus_refs` nr " .
|
"FROM `sagacity`.`nessus_refs` nr " .
|
||||||
"JOIN `sagacity`.`iavm_bids` ib ON ib.`bid`=nr.`val` " .
|
"JOIN `sagacity`.`iavm_bids` ib ON ib.`bid`=nr.`val` " .
|
||||||
@ -10735,11 +10739,11 @@ class db
|
|||||||
public function get_Target_Details($int_STE_ID, $TGT = null)
|
public function get_Target_Details($int_STE_ID, $TGT = null)
|
||||||
{
|
{
|
||||||
$ret = [];
|
$ret = [];
|
||||||
$where[] = [
|
$where = [[
|
||||||
'field' => 't.ste_id',
|
'field' => 't.ste_id',
|
||||||
'op' => '=',
|
'op' => '=',
|
||||||
'value' => $int_STE_ID
|
'value' => $int_STE_ID
|
||||||
];
|
]];
|
||||||
|
|
||||||
if (!is_null($TGT)) {
|
if (!is_null($TGT)) {
|
||||||
if (is_numeric($TGT)) {
|
if (is_numeric($TGT)) {
|
||||||
@ -10916,8 +10920,7 @@ class db
|
|||||||
|
|
||||||
if (is_array($rows) && count($rows) && isset($rows[0])) {
|
if (is_array($rows) && count($rows) && isset($rows[0])) {
|
||||||
foreach ($rows as $row) {
|
foreach ($rows as $row) {
|
||||||
$tgt = $this->get_Target_Details($cat->get_STE_ID(), $row['id'])[0];
|
$ret[] = $this->get_Target_Details($cat->get_STE_ID(), $row['id'])[0];
|
||||||
$ret[] = $tgt;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -11066,7 +11069,7 @@ class db
|
|||||||
"SELECT {$tgt['id']},c.`id` FROM (" .
|
"SELECT {$tgt['id']},c.`id` FROM (" .
|
||||||
"SELECT chk.*,s.`id` AS 'real_sw' " .
|
"SELECT chk.*,s.`id` AS 'real_sw' " .
|
||||||
"FROM `checklist` chk " .
|
"FROM `checklist` chk " .
|
||||||
"JOIN `checklist_software_lookup` csl ON csl.`chk_id`=chk`.id` " .
|
"JOIN `checklist_software_lookup` csl ON csl.`chk_id`=chk.`id` " .
|
||||||
"JOIN `software` s ON csl.`sw_id`=s.`id` " .
|
"JOIN `software` s ON csl.`sw_id`=s.`id` " .
|
||||||
"WHERE " .
|
"WHERE " .
|
||||||
"chk.`type` = 'manual' AND " .
|
"chk.`type` = 'manual' AND " .
|
||||||
@ -11093,6 +11096,7 @@ class db
|
|||||||
elseif (strtolower($os->man) == 'microsoft' && strtolower($os->name) == 'windows 7') {
|
elseif (strtolower($os->man) == 'microsoft' && strtolower($os->name) == 'windows 7') {
|
||||||
$sw = "Win7";
|
$sw = "Win7";
|
||||||
}
|
}
|
||||||
|
$this->help->query_type = db_helper::INSERT;
|
||||||
$this->help->sql = "INSERT IGNORE INTO `target_checklist` (`tgt_id`,`chk_id`) " .
|
$this->help->sql = "INSERT IGNORE INTO `target_checklist` (`tgt_id`,`chk_id`) " .
|
||||||
"SELECT '{$tgt['id']}',c.`id` FROM (" .
|
"SELECT '{$tgt['id']}',c.`id` FROM (" .
|
||||||
"SELECT chk.*,s.`id` as 'real_sw' " .
|
"SELECT chk.*,s.`id` as 'real_sw' " .
|
||||||
@ -11114,6 +11118,7 @@ class db
|
|||||||
if (strtolower($os->man) == 'microsoft') {
|
if (strtolower($os->man) == 'microsoft') {
|
||||||
$sw = "Windows";
|
$sw = "Windows";
|
||||||
}
|
}
|
||||||
|
$this->help->query_type = db_helper::INSERT;
|
||||||
$this->help->sql = "INSERT IGNORE INTO `target_checklist` (`tgt_id`,`chk_id`) " .
|
$this->help->sql = "INSERT IGNORE INTO `target_checklist` (`tgt_id`,`chk_id`) " .
|
||||||
"SELECT '{$tgt['id']}',c.`id` FROM (" .
|
"SELECT '{$tgt['id']}',c.`id` FROM (" .
|
||||||
"SELECT chk.*,s.`id` AS 'real_sw' " .
|
"SELECT chk.*,s.`id` AS 'real_sw' " .
|
||||||
@ -11130,6 +11135,7 @@ class db
|
|||||||
;
|
;
|
||||||
$this->help->execute();
|
$this->help->execute();
|
||||||
|
|
||||||
|
$this->help->query_type = db_helper::INSERT;
|
||||||
$this->help->sql = "INSERT IGNORE INTO `target_checklist` (`tgt_id`,`chk_id`) " .
|
$this->help->sql = "INSERT IGNORE INTO `target_checklist` (`tgt_id`,`chk_id`) " .
|
||||||
"SELECT '{$tgt['id']}',c.`id` FROM (" .
|
"SELECT '{$tgt['id']}',c.`id` FROM (" .
|
||||||
"SELECT chk.*,csl.`sw_id` AS 'real_sw' FROM `checklist` chk " .
|
"SELECT chk.*,csl.`sw_id` AS 'real_sw' FROM `checklist` chk " .
|
||||||
@ -11152,12 +11158,15 @@ class db
|
|||||||
]);
|
]);
|
||||||
$this->help->execute();
|
$this->help->execute();
|
||||||
|
|
||||||
|
$this->help->query_type = db_helper::INSERT;
|
||||||
$this->help->sql = "INSERT IGNORE INTO `findings` (`tgt_id`,`pdi_id`,`findings_status_id`) " .
|
$this->help->sql = "INSERT IGNORE INTO `findings` (`tgt_id`,`pdi_id`,`findings_status_id`) " .
|
||||||
"SELECT {$tgt['id']},pcl.pdi_id,'1' " .
|
"SELECT {$tgt['id']},pcl.pdi_id,'1' " .
|
||||||
"FROM target_checklist tc " .
|
"FROM target_checklist tc " .
|
||||||
"JOIN pdi_checklist_lookup pcl ON pcl.checklist_id = tc.chk_id " .
|
"JOIN pdi_checklist_lookup pcl ON pcl.checklist_id = tc.chk_id " .
|
||||||
"WHERE tc.tgt_id = {$tgt['id']}";
|
"WHERE tc.tgt_id = {$tgt['id']}";
|
||||||
$this->help->execute();
|
$this->help->execute();
|
||||||
|
|
||||||
|
$this->update_Target_Counts($tgt['id']);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -11303,6 +11312,8 @@ class db
|
|||||||
"JOIN pdi_checklist_lookup pcl ON pcl.checklist_id = tc.chk_id " .
|
"JOIN pdi_checklist_lookup pcl ON pcl.checklist_id = tc.chk_id " .
|
||||||
"WHERE tc.tgt_id = {$id}";
|
"WHERE tc.tgt_id = {$id}";
|
||||||
$this->help->execute();
|
$this->help->execute();
|
||||||
|
|
||||||
|
$this->update_Target_Counts($id);
|
||||||
}
|
}
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
@ -11311,9 +11322,9 @@ class db
|
|||||||
/**
|
/**
|
||||||
* Function to update the target finding counts
|
* Function to update the target finding counts
|
||||||
*
|
*
|
||||||
* @param target $tgt
|
* @param int $tgt_id
|
||||||
*/
|
*/
|
||||||
public function update_Target_Counts(target $tgt)
|
public function update_Target_Counts($tgt_id)
|
||||||
{
|
{
|
||||||
$nf = 0;
|
$nf = 0;
|
||||||
$nr = 0;
|
$nr = 0;
|
||||||
@ -11322,24 +11333,43 @@ class db
|
|||||||
$cat_2 = 0;
|
$cat_2 = 0;
|
||||||
$cat_3 = 0;
|
$cat_3 = 0;
|
||||||
|
|
||||||
$this->help->select("get_pdi_count", ['pdi_count'], [
|
$this->help->select('target t', ["COUNT(DISTINCT(pcl.pdi_id)) AS 'pdi_count'"], [
|
||||||
[
|
[
|
||||||
'field' => 'id',
|
'field' => 't.id',
|
||||||
'op' => '=',
|
'op' => '=',
|
||||||
'value' => $tgt->get_ID()
|
'value' => $tgt_id
|
||||||
]
|
]
|
||||||
|
], [
|
||||||
|
'table_joins' => [
|
||||||
|
"LEFT JOIN target_checklist tc ON tc.tgt_id = t.id",
|
||||||
|
"LEFT JOIN pdi_checklist_lookup pcl ON pcl.checklist_id = tc.chk_id",
|
||||||
|
"LEFT JOIN findings f ON f.pdi_id = pcl.pdi_id AND f.tgt_id = t.id"
|
||||||
|
],
|
||||||
|
'group' => 't.id'
|
||||||
]);
|
]);
|
||||||
$row = $this->help->execute();
|
$row = $this->help->execute();
|
||||||
if (is_array($row) && count($row) && isset($row['pdi_count'])) {
|
if (is_array($row) && count($row) && isset($row['pdi_count'])) {
|
||||||
$nr = $row['pdi_count'];
|
$nr = $row['pdi_count'];
|
||||||
}
|
}
|
||||||
|
|
||||||
$this->help->select("get_finding_count", ['status', 'severity', 'finding_count'], [
|
$this->help->select("target t", [
|
||||||
|
"IF(ISNULL(fs.status), 'Not Reviewed', fs.status) AS 'status'",
|
||||||
|
"f.cat AS 'severity'",
|
||||||
|
"COUNT(DISTINCT f.pdi_id) AS 'finding_count'"
|
||||||
|
], [
|
||||||
[
|
[
|
||||||
'field' => 'id',
|
'field' => 't.id',
|
||||||
'op' => '=',
|
'op' => '=',
|
||||||
'value' => $tgt->get_ID()
|
'value' => $tgt_id
|
||||||
]
|
]
|
||||||
|
], [
|
||||||
|
'table_joins' => [
|
||||||
|
"LEFT JOIN target_checklist tc ON tc.tgt_id = t.id",
|
||||||
|
"LEFT JOIN pdi_checklist_lookup pcl ON tc.chk_id = pcl.checklist_id",
|
||||||
|
"LEFT JOIN findings f ON f.tgt_id = t.id AND f.pdi_id = pcl.pdi_id",
|
||||||
|
"LEFT JOIN findings_status fs ON f.findings_status_id = fs.id"
|
||||||
|
],
|
||||||
|
'group' => "t.id,`severity`,f.findings_status_id"
|
||||||
]);
|
]);
|
||||||
$rows = $this->help->execute();
|
$rows = $this->help->execute();
|
||||||
|
|
||||||
@ -11393,7 +11423,7 @@ class db
|
|||||||
[
|
[
|
||||||
'field' => 'id',
|
'field' => 'id',
|
||||||
'op' => '=',
|
'op' => '=',
|
||||||
'value' => $tgt->get_ID()
|
'value' => $tgt_id
|
||||||
]
|
]
|
||||||
]);
|
]);
|
||||||
$this->help->execute();
|
$this->help->execute();
|
||||||
@ -11610,8 +11640,6 @@ class db
|
|||||||
$this->help->debug(E_WARNING);
|
$this->help->debug(E_WARNING);
|
||||||
}
|
}
|
||||||
|
|
||||||
$this->update_Target_Counts($tgt);
|
|
||||||
|
|
||||||
return $tgt->get_ID();
|
return $tgt->get_ID();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -236,7 +236,6 @@ include_once 'header.inc';
|
|||||||
error: function (xhr, status, error) {
|
error: function (xhr, status, error) {
|
||||||
console.error(error);
|
console.error(error);
|
||||||
},
|
},
|
||||||
timeout: 5000,
|
|
||||||
method: 'post',
|
method: 'post',
|
||||||
dataType: 'json'
|
dataType: 'json'
|
||||||
});
|
});
|
||||||
|
Loading…
Reference in New Issue
Block a user