parent
1645914d32
commit
98ea166a22
@ -24,73 +24,106 @@
|
|||||||
* - May 13, 2017 - Fixed error when trying to delete a USGCB scan file (not supported)
|
* - May 13, 2017 - Fixed error when trying to delete a USGCB scan file (not supported)
|
||||||
* - Oct 23, 2017 - Fixed error of finding statuses being overwritten
|
* - Oct 23, 2017 - Fixed error of finding statuses being overwritten
|
||||||
*/
|
*/
|
||||||
$cmd = getopt("f:", ['debug::', 'help::']);
|
$cmd = getopt("f:", [
|
||||||
|
'debug::',
|
||||||
|
'help::'
|
||||||
|
]);
|
||||||
|
|
||||||
if (!isset($cmd['f']) || isset($cmd['help'])) {
|
if (! isset($cmd['f']) || isset($cmd['help'])) {
|
||||||
die(usage());
|
die(usage());
|
||||||
}
|
}
|
||||||
|
|
||||||
$conf = parse_ini_file("parse_config.ini");
|
$conf = parse_ini_file("parse_config.ini");
|
||||||
|
|
||||||
if (!$conf) {
|
if (! $conf) {
|
||||||
die("Could not find parse_config.ini configuration file");
|
die("Could not find parse_config.ini configuration file");
|
||||||
}
|
}
|
||||||
|
|
||||||
chdir($conf['doc_root']);
|
chdir($conf['doc_root']);
|
||||||
|
|
||||||
set_time_limit(0);
|
set_time_limit(0);
|
||||||
|
require_once 'vendor/autoload.php';
|
||||||
include_once 'config.inc';
|
include_once 'config.inc';
|
||||||
include_once 'xml_parser.inc';
|
include_once 'xml_parser.inc';
|
||||||
include_once 'database.inc';
|
include_once 'database.inc';
|
||||||
include_once 'helper.inc';
|
include_once 'helper.inc';
|
||||||
|
|
||||||
|
use Monolog\Logger;
|
||||||
|
use Monolog\Handler\StreamHandler;
|
||||||
|
|
||||||
chdir(TMP);
|
chdir(TMP);
|
||||||
|
|
||||||
$db = new db();
|
$db = new db();
|
||||||
|
|
||||||
$base_name = basename($cmd['f']);
|
$log_level = convert_log_level();
|
||||||
$host_list = array();
|
|
||||||
$err = new Sagacity_Error($cmd['f']);
|
|
||||||
|
|
||||||
if (!file_exists($cmd['f'])) {
|
$base_name = basename($cmd['f']);
|
||||||
$db->update_Running_Scan($base_name, ['name' => 'status', 'value' => 'ERROR']);
|
$log = new Logger("scc-import");
|
||||||
$err->script_log("File not found", E_ERROR);
|
$log->pushHandler(new StreamHandler(logify($cmd['f']), $log_level));
|
||||||
}
|
|
||||||
elseif (preg_match('/.*Results\_iavm\_(2009|2010)|Results\_USGCB/i', $cmd['f'])) {
|
if (! file_exists($cmd['f'])) {
|
||||||
|
$db->update_Running_Scan($base_name, [
|
||||||
|
'name' => 'status',
|
||||||
|
'value' => 'ERROR'
|
||||||
|
]);
|
||||||
|
$log->error("File not found");
|
||||||
|
die();
|
||||||
|
} elseif (preg_match('/.*Results\_iavm\_(2009|2010)|Results\_USGCB/i', $cmd['f'])) {
|
||||||
$scan = $db->get_ScanData($conf['ste'], $cmd['f']);
|
$scan = $db->get_ScanData($conf['ste'], $cmd['f']);
|
||||||
if (is_array($scan) && count($scan) && isset($scan[0]) && is_a($scan[0], 'scan')) {
|
if (is_array($scan) && count($scan) && isset($scan[0]) && is_a($scan[0], 'scan')) {
|
||||||
$db->delete_Scan($scan[0]->get_ID(), false);
|
$db->delete_Scan($scan[0]->get_ID(), false);
|
||||||
}
|
}
|
||||||
$err->script_log("Cannot parse these types of files", E_ERROR);
|
$log->error("Cannot parse these types of files");
|
||||||
|
die();
|
||||||
}
|
}
|
||||||
|
|
||||||
class scc_parser extends scan_xml_parser {
|
class scc_parser extends scan_xml_parser
|
||||||
|
{
|
||||||
|
|
||||||
var $values;
|
var $values;
|
||||||
|
|
||||||
var $value_id;
|
var $value_id;
|
||||||
|
|
||||||
var $getvalue = false;
|
var $getvalue = false;
|
||||||
|
|
||||||
var $groups;
|
var $groups;
|
||||||
|
|
||||||
var $group_id;
|
var $group_id;
|
||||||
|
|
||||||
var $vms_id;
|
var $vms_id;
|
||||||
|
|
||||||
var $vms = null;
|
var $vms = null;
|
||||||
|
|
||||||
var $sv_rule;
|
var $sv_rule;
|
||||||
|
|
||||||
var $tgt;
|
var $tgt;
|
||||||
|
|
||||||
var $tag;
|
var $tag;
|
||||||
|
|
||||||
var $int_count = 0;
|
var $int_count = 0;
|
||||||
|
|
||||||
var $found_rule = false;
|
var $found_rule = false;
|
||||||
|
|
||||||
|
var $log = null;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Constructor
|
* Constructor
|
||||||
*
|
*
|
||||||
|
* @global Monolog\Logger $log
|
||||||
|
*
|
||||||
* @param int $ste_id_in
|
* @param int $ste_id_in
|
||||||
* @param string $fname_in
|
* @param string $fname_in
|
||||||
*/
|
*/
|
||||||
public function __construct($ste_id_in, $fname_in) {
|
public function __construct($ste_id_in, $fname_in)
|
||||||
$this->values = array();
|
{
|
||||||
$this->groups = array();
|
$this->values = [];
|
||||||
$this->tag = array();
|
$this->groups = [];
|
||||||
|
$this->tag = [];
|
||||||
parent::__construct($this, $ste_id_in, $fname_in);
|
parent::__construct($this, $ste_id_in, $fname_in);
|
||||||
$this->db->update_Running_Scan($this->scan->get_File_Name(), ['name' => 'pid', 'value' => getmypid()]);
|
$this->db->update_Running_Scan($this->scan->get_File_Name(), [
|
||||||
|
'name' => 'pid',
|
||||||
|
'value' => getmypid()
|
||||||
|
]);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -98,7 +131,8 @@ class scc_parser extends scan_xml_parser {
|
|||||||
*
|
*
|
||||||
* @param array $attrs
|
* @param array $attrs
|
||||||
*/
|
*/
|
||||||
public function cdf_Benchmark_cdf_Value($attrs) {
|
public function cdf_Benchmark_cdf_Value($attrs)
|
||||||
|
{
|
||||||
$this->values[$attrs['id']] = null;
|
$this->values[$attrs['id']] = null;
|
||||||
$this->value_id = $attrs['id'];
|
$this->value_id = $attrs['id'];
|
||||||
}
|
}
|
||||||
@ -108,12 +142,11 @@ class scc_parser extends scan_xml_parser {
|
|||||||
*
|
*
|
||||||
* @param array $attrs
|
* @param array $attrs
|
||||||
*/
|
*/
|
||||||
public function cdf_Benchmark_cdf_Value_cdf_value($attrs) {
|
public function cdf_Benchmark_cdf_Value_cdf_value($attrs)
|
||||||
if (!isset($attrs['selector'])) {
|
{
|
||||||
$this->getvalue = true;
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
$this->getvalue = false;
|
$this->getvalue = false;
|
||||||
|
if (! isset($attrs['selector'])) {
|
||||||
|
$this->getvalue = true;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -122,7 +155,8 @@ class scc_parser extends scan_xml_parser {
|
|||||||
*
|
*
|
||||||
* @param string $data
|
* @param string $data
|
||||||
*/
|
*/
|
||||||
public function cdf_Benchmark_cdf_Value_cdf_value_data($data) {
|
public function cdf_Benchmark_cdf_Value_cdf_value_data($data)
|
||||||
|
{
|
||||||
if ($this->getvalue) {
|
if ($this->getvalue) {
|
||||||
$this->values[$this->value_id] = $data;
|
$this->values[$this->value_id] = $data;
|
||||||
}
|
}
|
||||||
@ -133,13 +167,13 @@ class scc_parser extends scan_xml_parser {
|
|||||||
*
|
*
|
||||||
* @param array $attrs
|
* @param array $attrs
|
||||||
*/
|
*/
|
||||||
public function cdf_Benchmark_cdf_Group($attrs) {
|
public function cdf_Benchmark_cdf_Group($attrs)
|
||||||
|
{
|
||||||
$this->vms = $this->db->get_GoldDisk($attrs['id']);
|
$this->vms = $this->db->get_GoldDisk($attrs['id']);
|
||||||
|
|
||||||
if (is_array($this->vms) && count($this->vms) && isset($this->vms[0]) && is_a($this->vms[0], 'golddisk')) {
|
if (is_array($this->vms) && count($this->vms) && isset($this->vms[0]) && is_a($this->vms[0], 'golddisk')) {
|
||||||
$this->group_id = $this->vms[0]->get_PDI_ID();
|
$this->group_id = $this->vms[0]->get_PDI_ID();
|
||||||
}
|
} else {
|
||||||
else {
|
|
||||||
$this->group_id = $attrs['id'];
|
$this->group_id = $attrs['id'];
|
||||||
$this->vms = null;
|
$this->vms = null;
|
||||||
}
|
}
|
||||||
@ -154,7 +188,8 @@ class scc_parser extends scan_xml_parser {
|
|||||||
*
|
*
|
||||||
* @param array $attrs
|
* @param array $attrs
|
||||||
*/
|
*/
|
||||||
public function cdf_Benchmark_cdf_Group_cdf_Rule($attrs) {
|
public function cdf_Benchmark_cdf_Group_cdf_Rule($attrs)
|
||||||
|
{
|
||||||
$sv_rule = $this->db->get_SV_Rule(null, $attrs['id']);
|
$sv_rule = $this->db->get_SV_Rule(null, $attrs['id']);
|
||||||
|
|
||||||
if (is_array($sv_rule) && count($sv_rule) && isset($sv_rule[0]) && is_a($sv_rule[0], 'sv_rule')) {
|
if (is_array($sv_rule) && count($sv_rule) && isset($sv_rule[0]) && is_a($sv_rule[0], 'sv_rule')) {
|
||||||
@ -179,8 +214,7 @@ class scc_parser extends scan_xml_parser {
|
|||||||
'status' => "Not Reviewed",
|
'status' => "Not Reviewed",
|
||||||
'cat' => 2
|
'cat' => 2
|
||||||
];
|
];
|
||||||
}
|
} else {
|
||||||
else {
|
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -197,7 +231,8 @@ class scc_parser extends scan_xml_parser {
|
|||||||
*
|
*
|
||||||
* @param string $data
|
* @param string $data
|
||||||
*/
|
*/
|
||||||
public function cdf_Benchmark_cdf_Group_cdf_Rule_cdf_version_data($data) {
|
public function cdf_Benchmark_cdf_Group_cdf_Rule_cdf_version_data($data)
|
||||||
|
{
|
||||||
$stig = $this->db->get_Stig($data);
|
$stig = $this->db->get_Stig($data);
|
||||||
if (is_array($stig) && count($stig) && isset($stig[0]) && is_a($stig[0], 'stig')) {
|
if (is_array($stig) && count($stig) && isset($stig[0]) && is_a($stig[0], 'stig')) {
|
||||||
$this->found_rule = true;
|
$this->found_rule = true;
|
||||||
@ -229,12 +264,12 @@ class scc_parser extends scan_xml_parser {
|
|||||||
*
|
*
|
||||||
* @param string $data
|
* @param string $data
|
||||||
*/
|
*/
|
||||||
public function cdf_Benchmark_cdf_Group_cdf_Rule_cdf_title_data($data) {
|
public function cdf_Benchmark_cdf_Group_cdf_Rule_cdf_title_data($data)
|
||||||
|
{
|
||||||
if (empty($this->groups[$this->group_id]['title'])) {
|
if (empty($this->groups[$this->group_id]['title'])) {
|
||||||
$this->groups[$this->group_id]['title'] = $data;
|
$this->groups[$this->group_id]['title'] = $data;
|
||||||
}
|
} else {
|
||||||
else {
|
// error_log(print_r($this->group_id, true));
|
||||||
//error_log(print_r($this->group_id, true));
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -243,15 +278,15 @@ class scc_parser extends scan_xml_parser {
|
|||||||
*
|
*
|
||||||
* @param string $data
|
* @param string $data
|
||||||
*/
|
*/
|
||||||
public function cdf_Benchmark_cdf_Group_cdf_Rule_cdf_description_data($data) {
|
public function cdf_Benchmark_cdf_Group_cdf_Rule_cdf_description_data($data)
|
||||||
if (!isset($this->groups[$this->group_id])) {
|
{
|
||||||
$this->groups[$this->group_id] = array();
|
if (! isset($this->groups[$this->group_id])) {
|
||||||
|
$this->groups[$this->group_id] = [];
|
||||||
}
|
}
|
||||||
|
|
||||||
if (isset($this->groups[$this->group_id]['desc'])) {
|
if (isset($this->groups[$this->group_id]['desc'])) {
|
||||||
$this->groups[$this->group_id]['desc'] .= $data;
|
$this->groups[$this->group_id]['desc'] .= $data;
|
||||||
}
|
} else {
|
||||||
else {
|
|
||||||
$this->groups[$this->group_id]['desc'] = $data;
|
$this->groups[$this->group_id]['desc'] = $data;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -261,7 +296,8 @@ class scc_parser extends scan_xml_parser {
|
|||||||
*
|
*
|
||||||
* @param string $data
|
* @param string $data
|
||||||
*/
|
*/
|
||||||
public function cdf_Benchmark_cdf_Group_cdf_Rule_cdf_ident_data($data) {
|
public function cdf_Benchmark_cdf_Group_cdf_Rule_cdf_ident_data($data)
|
||||||
|
{
|
||||||
if (empty($this->groups[$this->group_id]['cce']) && preg_match("/CCE/", $data)) {
|
if (empty($this->groups[$this->group_id]['cce']) && preg_match("/CCE/", $data)) {
|
||||||
$this->groups[$this->group_id]['cce'] = $data;
|
$this->groups[$this->group_id]['cce'] = $data;
|
||||||
}
|
}
|
||||||
@ -272,7 +308,8 @@ class scc_parser extends scan_xml_parser {
|
|||||||
*
|
*
|
||||||
* @param string $data
|
* @param string $data
|
||||||
*/
|
*/
|
||||||
public function cdf_Benchmark_cdf_Group_cdf_Rule_cdf_fixtext_data($data) {
|
public function cdf_Benchmark_cdf_Group_cdf_Rule_cdf_fixtext_data($data)
|
||||||
|
{
|
||||||
if (empty($this->groups[$this->group_id]['fix'])) {
|
if (empty($this->groups[$this->group_id]['fix'])) {
|
||||||
$this->groups[$this->group_id]['fix'] = htmlentities($data);
|
$this->groups[$this->group_id]['fix'] = htmlentities($data);
|
||||||
}
|
}
|
||||||
@ -283,7 +320,8 @@ class scc_parser extends scan_xml_parser {
|
|||||||
*
|
*
|
||||||
* @param array $attrs
|
* @param array $attrs
|
||||||
*/
|
*/
|
||||||
public function cdf_Benchmark_cdf_Group_cdf_Rule_cdf_check_cdf_check_export($attrs) {
|
public function cdf_Benchmark_cdf_Group_cdf_Rule_cdf_check_cdf_check_export($attrs)
|
||||||
|
{
|
||||||
if (empty($this->groups[$this->group_id]['val_id'])) {
|
if (empty($this->groups[$this->group_id]['val_id'])) {
|
||||||
$this->groups[$this->group_id]['val_id'] = $attrs['value-id'];
|
$this->groups[$this->group_id]['val_id'] = $attrs['value-id'];
|
||||||
$this->groups[$this->group_id]['value'] = $this->values[$attrs['value-id']];
|
$this->groups[$this->group_id]['value'] = $this->values[$attrs['value-id']];
|
||||||
@ -295,15 +333,16 @@ class scc_parser extends scan_xml_parser {
|
|||||||
/**
|
/**
|
||||||
* Function to parse \cdf:Benchmark\cdf:Group end tag and store content parsed from previous functions
|
* Function to parse \cdf:Benchmark\cdf:Group end tag and store content parsed from previous functions
|
||||||
*/
|
*/
|
||||||
public function cdf_Benchmark_cdf_Group_end() {
|
public function cdf_Benchmark_cdf_Group_end()
|
||||||
if (!$this->found_rule) {
|
{
|
||||||
|
if (! $this->found_rule) {
|
||||||
$this->log->script_log("Rule tag was not present for " . $this->group_id);
|
$this->log->script_log("Rule tag was not present for " . $this->group_id);
|
||||||
unset($this->groups[$this->group_id]);
|
unset($this->groups[$this->group_id]);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (empty($this->groups[$this->group_id]['stig'])) {
|
if (empty($this->groups[$this->group_id]['stig'])) {
|
||||||
$ia_controls = array();
|
$ia_controls = [];
|
||||||
$this->log->script_log("STIG ID " . $this->groups[$this->group_id]['version'] . " is not in the database, adding", E_WARNING);
|
$this->log->script_log("STIG ID " . $this->groups[$this->group_id]['version'] . " is not in the database, adding", E_WARNING);
|
||||||
$pdi = new pdi(null, '', 'NOW');
|
$pdi = new pdi(null, '', 'NOW');
|
||||||
$pdi->set_Short_Title($this->groups[$this->group_id]['title']);
|
$pdi->set_Short_Title($this->groups[$this->group_id]['title']);
|
||||||
@ -314,21 +353,19 @@ class scc_parser extends scan_xml_parser {
|
|||||||
$this->db->add_Stig($stig);
|
$this->db->add_Stig($stig);
|
||||||
$this->groups[$this->group_id]['stig'] = $stig;
|
$this->groups[$this->group_id]['stig'] = $stig;
|
||||||
|
|
||||||
if (!empty($this->groups[$this->group_id]['desc'])) {
|
if (! empty($this->groups[$this->group_id]['desc'])) {
|
||||||
$match = array();
|
$match = array();
|
||||||
if (preg_match("/\<IAControls\>(.*)\<\/IAControls\>/", $this->groups[$this->group_id]['desc'], $match)) {
|
if (preg_match("/\<IAControls\>(.*)\<\/IAControls\>/", $this->groups[$this->group_id]['desc'], $match)) {
|
||||||
$ias = explode(", ", $match[1]);
|
$ias = explode(", ", $match[1]);
|
||||||
if (is_array($ias) && count($ias)) {
|
if (is_array($ias) && count($ias)) {
|
||||||
foreach ($ias as $ia) {
|
foreach ($ias as $ia) {
|
||||||
$ia_controls[] = new ia_control($pdi_id, substr($ia, 0, 4), substr($ia, -1));
|
$ia_controls[] = new ia_control($pdi_id, substr($ia, 0, 4), substr($ia, - 1));
|
||||||
}
|
}
|
||||||
}
|
} else {
|
||||||
else {
|
|
||||||
$ia_controls[] = new ia_control($pdi_id, "ECSC", 1);
|
$ia_controls[] = new ia_control($pdi_id, "ECSC", 1);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
} else {
|
||||||
else {
|
|
||||||
$ia_controls[] = new ia_control($pdi_id, 'ECSC', 1);
|
$ia_controls[] = new ia_control($pdi_id, 'ECSC', 1);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -346,12 +383,13 @@ class scc_parser extends scan_xml_parser {
|
|||||||
*
|
*
|
||||||
* @param array $attrs
|
* @param array $attrs
|
||||||
*/
|
*/
|
||||||
public function cdf_Benchmark_cdf_TestResult_cdf_target_facts_cdf_fact($attrs) {
|
public function cdf_Benchmark_cdf_TestResult_cdf_target_facts_cdf_fact($attrs)
|
||||||
|
{
|
||||||
$tmp = explode(":", $attrs['name']);
|
$tmp = explode(":", $attrs['name']);
|
||||||
$this->tag_id = end($tmp);
|
$this->tag_id = end($tmp);
|
||||||
if (isset($this->tag[$this->tag_id])) {
|
if (isset($this->tag[$this->tag_id])) {
|
||||||
if ($this->tag_id == 'interface_name') {
|
if ($this->tag_id == 'interface_name') {
|
||||||
$this->int_count++;
|
$this->int_count ++;
|
||||||
}
|
}
|
||||||
$this->tag_id .= $this->int_count;
|
$this->tag_id .= $this->int_count;
|
||||||
}
|
}
|
||||||
@ -362,21 +400,23 @@ class scc_parser extends scan_xml_parser {
|
|||||||
*
|
*
|
||||||
* @param string $data
|
* @param string $data
|
||||||
*/
|
*/
|
||||||
public function cdf_Benchmark_cdf_TestResult_cdf_target_facts_cdf_fact_data($data) {
|
public function cdf_Benchmark_cdf_TestResult_cdf_target_facts_cdf_fact_data($data)
|
||||||
|
{
|
||||||
$this->tag[$this->tag_id] = str_replace("\n", "", $data);
|
$this->tag[$this->tag_id] = str_replace("\n", "", $data);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Function to parse \cdf:Benchmark\cdf:TestResult\cdf:target-facts end tag and store results
|
* Function to parse \cdf:Benchmark\cdf:TestResult\cdf:target-facts end tag and store results
|
||||||
*/
|
*/
|
||||||
public function cdf_Benchmark_cdf_TestResult_cdf_target_facts_end() {
|
public function cdf_Benchmark_cdf_TestResult_cdf_target_facts_end()
|
||||||
//error_log(print_r($this->tag, true));
|
{
|
||||||
|
// error_log(print_r($this->tag, true));
|
||||||
$host_name = $this->tag['host_name'];
|
$host_name = $this->tag['host_name'];
|
||||||
if (preg_match("/\./", $host_name)) {
|
if (preg_match("/\./", $host_name)) {
|
||||||
$host_name = preg_replace("/^([^\.]+)\./i", "$1", $host_name);
|
$host_name = preg_replace("/^([^\.]+)\./i", "$1", $host_name);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!($tgt_id = $this->db->check_Target($this->ste_id, $host_name))) {
|
if (! ($tgt_id = $this->db->check_Target($this->ste_id, $host_name))) {
|
||||||
$this->log->script_log("Creating new target with hostname $host_name", E_DEBUG);
|
$this->log->script_log("Creating new target with hostname $host_name", E_DEBUG);
|
||||||
$os = array();
|
$os = array();
|
||||||
if (isset($this->tag['os_name']) && isset($this->tag['os_version']) && is_numeric($this->tag['os_version'])) {
|
if (isset($this->tag['os_name']) && isset($this->tag['os_version']) && is_numeric($this->tag['os_version'])) {
|
||||||
@ -393,12 +433,11 @@ class scc_parser extends scan_xml_parser {
|
|||||||
|
|
||||||
if (is_array($os) && count($os) && isset($os[0]) && is_a($os[0], 'software')) {
|
if (is_array($os) && count($os) && isset($os[0]) && is_a($os[0], 'software')) {
|
||||||
$os = $os[0];
|
$os = $os[0];
|
||||||
}
|
} else {
|
||||||
else {
|
|
||||||
$os = $this->db->get_Software("cpe:/o:generic:generic:-")[0];
|
$os = $this->db->get_Software("cpe:/o:generic:generic:-")[0];
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!is_a($os, 'software')) {
|
if (! is_a($os, 'software')) {
|
||||||
$this->log->script_log("Failed to identify the OS", E_ERROR);
|
$this->log->script_log("Failed to identify the OS", E_ERROR);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -419,7 +458,7 @@ class scc_parser extends scan_xml_parser {
|
|||||||
$this->tgt = $this->db->get_Target_Details($this->ste_id, $tgt_id)[0];
|
$this->tgt = $this->db->get_Target_Details($this->ste_id, $tgt_id)[0];
|
||||||
|
|
||||||
$int_keys = preg_grep("/interface_name/", array_keys($this->tag));
|
$int_keys = preg_grep("/interface_name/", array_keys($this->tag));
|
||||||
$match = array();
|
$match = [];
|
||||||
foreach ($int_keys as $key) {
|
foreach ($int_keys as $key) {
|
||||||
$idx = '';
|
$idx = '';
|
||||||
if (preg_match("/interface_name(\d+)/", $key, $match)) {
|
if (preg_match("/interface_name(\d+)/", $key, $match)) {
|
||||||
@ -435,12 +474,10 @@ class scc_parser extends scan_xml_parser {
|
|||||||
if (is_array($ip) && count($ip) == 1) {
|
if (is_array($ip) && count($ip) == 1) {
|
||||||
if (preg_match("/\d+\./", $ip[0])) {
|
if (preg_match("/\d+\./", $ip[0])) {
|
||||||
$ipv4 = $ip[0];
|
$ipv4 = $ip[0];
|
||||||
}
|
} elseif (preg_match("/[a-f0-9]+/", $ip[0])) {
|
||||||
elseif (preg_match("/[a-f0-9]+/", $ip[0])) {
|
|
||||||
$ipv6 = $ip[0];
|
$ipv6 = $ip[0];
|
||||||
}
|
}
|
||||||
}
|
} elseif (is_array($ip) && count($ip) == 2) {
|
||||||
elseif (is_array($ip) && count($ip) == 2) {
|
|
||||||
$ipv4 = $ip[0];
|
$ipv4 = $ip[0];
|
||||||
$ipv6 = $ip[1];
|
$ipv6 = $ip[1];
|
||||||
}
|
}
|
||||||
@ -469,7 +506,8 @@ class scc_parser extends scan_xml_parser {
|
|||||||
*
|
*
|
||||||
* @param array $attrs
|
* @param array $attrs
|
||||||
*/
|
*/
|
||||||
public function cdf_Benchmark_cdf_TestResult_cdf_platform($attrs) {
|
public function cdf_Benchmark_cdf_TestResult_cdf_platform($attrs)
|
||||||
|
{
|
||||||
if (isset($attrs['idref']) && substr($attrs['idref'], 0, 3) == 'cpe') {
|
if (isset($attrs['idref']) && substr($attrs['idref'], 0, 3) == 'cpe') {
|
||||||
$cpe = $attrs['idref'];
|
$cpe = $attrs['idref'];
|
||||||
|
|
||||||
@ -481,8 +519,7 @@ class scc_parser extends scan_xml_parser {
|
|||||||
$this->log->script_log("Update OS " . $sw->get_CPE());
|
$this->log->script_log("Update OS " . $sw->get_CPE());
|
||||||
$this->tgt->set_OS_ID($sw->get_ID());
|
$this->tgt->set_OS_ID($sw->get_ID());
|
||||||
$this->tgt->set_OS_String($sw->get_Shortened_SW_String());
|
$this->tgt->set_OS_String($sw->get_Shortened_SW_String());
|
||||||
}
|
} elseif (! $sw->is_OS() && ! in_array($sw, $this->tgt->software)) {
|
||||||
elseif (!$sw->is_OS() && !in_array($sw, $this->tgt->software)) {
|
|
||||||
$this->log->script_log("Assigning software " . $sw->get_CPE());
|
$this->log->script_log("Assigning software " . $sw->get_CPE());
|
||||||
$this->tgt->software[] = $sw;
|
$this->tgt->software[] = $sw;
|
||||||
}
|
}
|
||||||
@ -497,7 +534,8 @@ class scc_parser extends scan_xml_parser {
|
|||||||
*
|
*
|
||||||
* @param array $attrs
|
* @param array $attrs
|
||||||
*/
|
*/
|
||||||
public function cdf_Benchmark_cdf_TestResult_cdf_rule_result($attrs) {
|
public function cdf_Benchmark_cdf_TestResult_cdf_rule_result($attrs)
|
||||||
|
{
|
||||||
$stig = $this->db->get_Stig($attrs['version']);
|
$stig = $this->db->get_Stig($attrs['version']);
|
||||||
$sv_rule = $this->db->get_SV_Rule(null, $attrs['idref']);
|
$sv_rule = $this->db->get_SV_Rule(null, $attrs['idref']);
|
||||||
|
|
||||||
@ -507,41 +545,39 @@ class scc_parser extends scan_xml_parser {
|
|||||||
if (is_array($stig) && count($stig) && isset($stig[0]) && is_a($stig[0], 'stig')) {
|
if (is_array($stig) && count($stig) && isset($stig[0]) && is_a($stig[0], 'stig')) {
|
||||||
$stig = $stig[0];
|
$stig = $stig[0];
|
||||||
$this->group_id = $stig->get_PDI_ID();
|
$this->group_id = $stig->get_PDI_ID();
|
||||||
}
|
} elseif (is_array($sv_rule) && count($sv_rule) && isset($sv_rule[0]) && is_a($sv_rule[0], 'sv_rule') && ! $this->group_id) {
|
||||||
elseif (is_array($sv_rule) && count($sv_rule) && isset($sv_rule[0]) && is_a($sv_rule[0], 'sv_rule') && !$this->group_id) {
|
|
||||||
$sv_rule = $sv_rule[0];
|
$sv_rule = $sv_rule[0];
|
||||||
$this->group_id = $sv_rule->get_PDI_ID();
|
$this->group_id = $sv_rule->get_PDI_ID();
|
||||||
}
|
} else {
|
||||||
else {
|
|
||||||
$this->log->script_log("Cannot find PDI ID (" . $attrs['version'] . "/" . $attrs['idref'] . ") CREATING", E_WARNING);
|
$this->log->script_log("Cannot find PDI ID (" . $attrs['version'] . "/" . $attrs['idref'] . ") CREATING", E_WARNING);
|
||||||
|
|
||||||
$this->group_id = null;
|
$this->group_id = null;
|
||||||
|
|
||||||
return;
|
return;
|
||||||
/*
|
/*
|
||||||
$level = 1;
|
* $level = 1;
|
||||||
if ($attrs['severity'] == 'medium') {
|
* if ($attrs['severity'] == 'medium') {
|
||||||
$level = 2;
|
* $level = 2;
|
||||||
}
|
* }
|
||||||
elseif ($attrs['severity'] == 'low') {
|
* elseif ($attrs['severity'] == 'low') {
|
||||||
$level = 3;
|
* $level = 3;
|
||||||
}
|
* }
|
||||||
$pdi = new pdi(null, $level, new DateTime);
|
* $pdi = new pdi(null, $level, new DateTime);
|
||||||
$pdi_id = $this->db->save_PDI($pdi);
|
* $pdi_id = $this->db->save_PDI($pdi);
|
||||||
|
*
|
||||||
$this->group_id = $pdi_id;
|
* $this->group_id = $pdi_id;
|
||||||
|
*
|
||||||
if (!empty($attrs['version'])) {
|
* if (!empty($attrs['version'])) {
|
||||||
$stig = new stig($pdi_id, $attrs['version'], null, null);
|
* $stig = new stig($pdi_id, $attrs['version'], null, null);
|
||||||
$this->db->add_Stig($stig);
|
* $this->db->add_Stig($stig);
|
||||||
}
|
* }
|
||||||
|
*
|
||||||
if (!empty($attrs['idref'])) {
|
* if (!empty($attrs['idref'])) {
|
||||||
$sv_rule = new sv_rule($pdi_id, $attrs['idref']);
|
* $sv_rule = new sv_rule($pdi_id, $attrs['idref']);
|
||||||
$this->db->save_SV_Rule($sv_rule);
|
* $this->db->save_SV_Rule($sv_rule);
|
||||||
}
|
* }
|
||||||
|
*
|
||||||
return;
|
* return;
|
||||||
*/
|
*/
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -570,11 +606,11 @@ class scc_parser extends scan_xml_parser {
|
|||||||
*
|
*
|
||||||
* @param string $data
|
* @param string $data
|
||||||
*/
|
*/
|
||||||
public function cdf_Benchmark_cdf_TestResult_cdf_rule_result_cdf_result_data($data) {
|
public function cdf_Benchmark_cdf_TestResult_cdf_rule_result_cdf_result_data($data)
|
||||||
|
{
|
||||||
if (preg_match("/pass|true/i", $data)) {
|
if (preg_match("/pass|true/i", $data)) {
|
||||||
$this->groups[$this->group_id]['status'] = "Not a Finding";
|
$this->groups[$this->group_id]['status'] = "Not a Finding";
|
||||||
}
|
} elseif (preg_match("/fail|false/i", $data)) {
|
||||||
elseif (preg_match("/fail|false/i", $data)) {
|
|
||||||
$this->groups[$this->group_id]['status'] = "Open";
|
$this->groups[$this->group_id]['status'] = "Open";
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -586,53 +622,55 @@ class scc_parser extends scan_xml_parser {
|
|||||||
*
|
*
|
||||||
* @param string $data
|
* @param string $data
|
||||||
*/
|
*/
|
||||||
public function cdf_Benchmark_cdf_TestResult_cdf_rule_result_cdf_ident_data($data) {
|
public function cdf_Benchmark_cdf_TestResult_cdf_rule_result_cdf_ident_data($data)
|
||||||
|
{}
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Function to parse \cdf:Benchmark\cdf:TestResult end tag and store all results
|
* Function to parse \cdf:Benchmark\cdf:TestResult end tag and store all results
|
||||||
*/
|
*/
|
||||||
public function cdf_Benchmark_cdf_TestResult_end() {
|
public function cdf_Benchmark_cdf_TestResult_end()
|
||||||
|
{
|
||||||
$new_findings = [];
|
$new_findings = [];
|
||||||
$update_findings = [];
|
$update_findings = [];
|
||||||
|
$existing_findings = $this->db->get_Finding($this->tgt);
|
||||||
foreach ($this->groups as $pdi_id => $group) {
|
foreach ($this->groups as $pdi_id => $group) {
|
||||||
if (!empty($group['val_id'])) {
|
if (! empty($group['val_id'])) {
|
||||||
$note = "(SCC) " . $group['val_id'] . "\nRequired: " . $group['value'] . "\nActual: " . $this->values[$group['val_id']];
|
$note = "(SCC) " . $group['val_id'] . "\nRequired: " . $group['value'] . "\nActual: " . $this->values[$group['val_id']];
|
||||||
}
|
} else {
|
||||||
else {
|
|
||||||
$note = "(SCC) ";
|
$note = "(SCC) ";
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
if (isset($group['stig']) && is_a($group['stig'], 'stig')) {
|
if (isset($group['stig']) && is_a($group['stig'], 'stig')) {
|
||||||
$ref = $group['stig'];
|
$ref = $group['stig'];
|
||||||
}
|
} elseif (! empty($group['vms_id'])) {
|
||||||
elseif (!empty($group['vms_id'])) {
|
|
||||||
$vms = $this->db->get_GoldDisk($group['vms_id']);
|
$vms = $this->db->get_GoldDisk($group['vms_id']);
|
||||||
if (is_array($vms) && count($vms) && isset($vms[0]) && is_a($vms[0], 'golddisk')) {
|
if (is_array($vms) && count($vms) && isset($vms[0]) && is_a($vms[0], 'golddisk')) {
|
||||||
$ref = $vms[0];
|
$ref = $vms[0];
|
||||||
}
|
}
|
||||||
}
|
} elseif (isset($group['sv_rule']) && is_a($group['sv_rule'], 'sv_rule')) {
|
||||||
elseif (isset($group['sv_rule']) && is_a($group['sv_rule'], 'sv_rule')) {
|
|
||||||
$ref = $group['sv_rule'];
|
$ref = $group['sv_rule'];
|
||||||
}
|
} else {
|
||||||
else {
|
|
||||||
$this->log->script_log("Error finding reference to search for PDI $pdi_id\n" . print_r($group, true), E_WARNING);
|
$this->log->script_log("Error finding reference to search for PDI $pdi_id\n" . print_r($group, true), E_WARNING);
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
*/
|
||||||
|
|
||||||
$existing_finding = $this->db->get_Finding($this->tgt, $ref);
|
if (is_array($existing_findings) && count($existing_findings) && isset($existing_findings[$pdi_id])) {
|
||||||
if (is_array($existing_finding) && count($existing_finding) && isset($existing_finding[0])) {
|
/**
|
||||||
$finding = $existing_finding[0];
|
* @var finding $finding
|
||||||
|
*/
|
||||||
|
$finding = $existing_findings[$pdi_id];
|
||||||
|
|
||||||
$finding->set_Finding_Status_By_String(
|
$finding->set_Finding_Status_By_String($finding->get_Deconflicted_Status($group['status']));
|
||||||
$finding->get_Deconflicted_Status($group['status'])
|
if(preg_match("/" . preg_quote($note, "/") . "/", $finding->get_Notes())) {
|
||||||
);
|
$finding->set_Notes($note);
|
||||||
|
} else {
|
||||||
$finding->prepend_Notes($note);
|
$finding->prepend_Notes($note);
|
||||||
|
|
||||||
$update_findings[$finding->get_PDI_ID()] = $finding;
|
|
||||||
}
|
}
|
||||||
else {
|
|
||||||
|
$update_findings[$pdi_id] = $finding;
|
||||||
|
} else {
|
||||||
$new_findings[$pdi_id] = new finding(null, $this->tgt->get_ID(), $pdi_id, $this->scan->get_ID(), $group['status'], $note, finding::NC, null, 1);
|
$new_findings[$pdi_id] = new finding(null, $this->tgt->get_ID(), $pdi_id, $this->scan->get_ID(), $group['status'], $note, finding::NC, null, 1);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -645,21 +683,27 @@ class scc_parser extends scan_xml_parser {
|
|||||||
$hl->setFindingCount(count($new_findings) + count($update_findings));
|
$hl->setFindingCount(count($new_findings) + count($update_findings));
|
||||||
$hl->setScanError(false);
|
$hl->setScanError(false);
|
||||||
|
|
||||||
|
$this->db->update_Target_Counts($this->tgt->get_ID());
|
||||||
|
|
||||||
$this->scan->add_Target_to_Host_List($hl);
|
$this->scan->add_Target_to_Host_List($hl);
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
$xml = new scc_parser($conf['ste'], $cmd['f']);
|
$xml = new scc_parser($conf['ste'], $cmd['f']);
|
||||||
$xml->debug = (isset($cmd['debug']) ? true : false);
|
$xml->debug = (isset($cmd['debug']) ? true : false);
|
||||||
$xml->parse();
|
$xml->parse();
|
||||||
|
|
||||||
if (!$xml->debug) {
|
if (! $xml->debug) {
|
||||||
rename($cmd['f'], TMP . "/scc/" . $base_name);
|
rename($cmd['f'], TMP . "/scc/" . $base_name);
|
||||||
}
|
}
|
||||||
$db->update_Running_Scan($base_name, ["name" => "perc_comp", "value" => 100, "complete" => 1]);
|
$db->update_Running_Scan($base_name, [
|
||||||
|
"name" => "perc_comp",
|
||||||
|
"value" => 100,
|
||||||
|
"complete" => 1
|
||||||
|
]);
|
||||||
|
|
||||||
function usage() {
|
function usage()
|
||||||
|
{
|
||||||
print <<<EOO
|
print <<<EOO
|
||||||
Purpose: To import an XCCDF result file from Security Compliance Checker 3.1+
|
Purpose: To import an XCCDF result file from Security Compliance Checker 3.1+
|
||||||
|
|
||||||
|
@ -4093,7 +4093,7 @@ class db
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
$ret[] = $find;
|
$ret[$find->get_PDI_ID()] = $find;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -831,7 +831,7 @@ function logify($fname)
|
|||||||
touch(LOG_PATH . "/{$fname}.log");
|
touch(LOG_PATH . "/{$fname}.log");
|
||||||
}
|
}
|
||||||
|
|
||||||
return LOG_PATH . "/{$fname}.log";
|
return realpath(LOG_PATH . "/{$fname}.log");
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
Loading…
Reference in New Issue
Block a user