From 99eb5342cf2917f3d9d374768210c086b00974fa Mon Sep 17 00:00:00 2001 From: Ryan Prather Date: Wed, 9 Jan 2019 21:49:58 -0500 Subject: [PATCH] fix(eChecklist-import): Fix error with formulas in status column This should remedy the reported behavior of statuses quietly being changed to "Not Reviewed". scan.inc - Added new set_Host_Error method to set the error value for a specific host parse_excel_echecklist.php - explicitly check for the status to equal 1-of-7 expected values, if not, add note to finding, set scan error message, and default status to "Not Reviewed" export.php - Added cell lock for A11:E{last row} with the default password of "sagacity" (all lowercase) Fixes #80 --- classes/scan.inc | 21 ++++++++++++++++++++- exec/parse_excel_echecklist.php | 24 +++++++++++++++--------- ste/export.php | 1 + 3 files changed, 36 insertions(+), 10 deletions(-) diff --git a/classes/scan.inc b/classes/scan.inc index 0870132..49069f8 100644 --- a/classes/scan.inc +++ b/classes/scan.inc @@ -83,7 +83,7 @@ class scan /** * Array of hosts * - * @var array + * @var array:host_list */ protected $host_list = array(); @@ -613,6 +613,25 @@ class scan { $this->host_count = $total_host_count_in; } + + /** + * Method to set a host error + * + * @param int $tgt_id + * @param boolean $is_error + * @param string $err_msg + */ + public function set_Host_Error($tgt_id, $is_error, $err_msg = null) + { + foreach($this->host_list as $x => $h) { + /** @var host_list $h */ + if($h->getTargetId() == $tgt_id) { + $this->host_list[$x]->setScanError($is_error); + $this->host_list[$x]->setScanNotes($err_msg); + break; + } + } + } /** * Function to return string of the td row for the upload progress page diff --git a/exec/parse_excel_echecklist.php b/exec/parse_excel_echecklist.php index 704f92d..3091e6f 100644 --- a/exec/parse_excel_echecklist.php +++ b/exec/parse_excel_echecklist.php @@ -254,8 +254,7 @@ foreach ($objSS->getWorksheetIterator() as $wksht) { $hl->setTargetName($tgt->get_Name()); if ($ip) { $hl->setTargetIp($ip); - } - elseif (is_array($tgt->interfaces) && count($tgt->interfaces)) { + } elseif (is_array($tgt->interfaces) && count($tgt->interfaces)) { foreach ($tgt->interfaces as $int) { if (!in_array($int->get_IPv4(), ['0.0.0.0', '127.0.0.1'])) { $ip = $int->get_IPv4(); @@ -301,8 +300,7 @@ foreach ($objSS->getWorksheetIterator() as $wksht) { $idx['consistent'] += $increase; $idx['notes'] += $increase; $idx['check_contents'] += $increase; - } - elseif (empty($tgts)) { + } elseif (empty($tgts)) { $log->warning("Failed to identify targets in worksheet {$wksht->getTitle()}"); continue; } @@ -343,8 +341,7 @@ foreach ($objSS->getWorksheetIterator() as $wksht) { if (is_array($stig) && count($stig) && isset($stig[0]) && is_a($stig[0], 'stig')) { $stig = $stig[0]; - } - else { + } else { $pdi = new pdi(null, $cat_lvl, $dt->format("Y-m-d")); $pdi->set_Short_Title($short_title); $pdi->set_Group_Title($short_title); @@ -360,6 +357,14 @@ foreach ($objSS->getWorksheetIterator() as $wksht) { foreach ($tgts as $tgt) { $status = $wksht->getCell(Coordinate::stringFromColumnIndex($idx['target'] + $x) . $row->getRowIndex()) ->getValue(); + if(!in_array(strtolower($status), ['not reviewed', 'not a finding', 'open', 'not applicable', 'no data', 'exception', 'false positive'])) { + if(!preg_match("/Formula found in status column/", $notes)) { + $notes .= "Formula found in status column"; + } + $status = "Not Reviewed"; + $scan->set_Host_Error($tgt->get_ID(), true, "Formula found in the status column"); + $scan->setScanError(true); + } $findings = $tgt_findings[$tgt->get_ID()]; if (is_array($findings) && count($findings) && isset($findings[$stig->get_PDI_ID()]) && is_a($findings[$stig->get_PDI_ID()], 'finding')) { @@ -369,12 +374,13 @@ foreach ($objSS->getWorksheetIterator() as $wksht) { $tmp->set_Finding_Status_By_String($status); $tmp->set_Notes($notes); $tmp->set_Category($cat_lvl); + $tmp->set_Scan_ID($scan->get_ID()); $updated_findings[] = $tmp; - } - else { + } else { $tmp = new finding($tgt->get_ID(), $stig->get_PDI_ID(), $scan->get_ID(), $status, $notes, null, null, null); $tmp->set_Category($cat_lvl); + $tmp->set_Scan_ID($scan->get_ID()); $new_findings[] = $tmp; } @@ -390,7 +396,7 @@ foreach ($objSS->getWorksheetIterator() as $wksht) { $new_findings = []; } } - + $db->update_Running_Scan($base_name, ['name' => 'perc_comp', 'value' => (($row->getRowIndex() - 10) / $highestRow) * 100]); if (PHP_SAPI == 'cli') { print "\r" . sprintf("%.2f%%", (($row->getRowIndex() - 10) / $highestRow) * 100); diff --git a/ste/export.php b/ste/export.php index f90828d..353d46d 100644 --- a/ste/export.php +++ b/ste/export.php @@ -299,6 +299,7 @@ foreach ($findings as $worksheet_name => $data) { ->applyFromArray($borders); $sheet->freezePane("A11"); $sheet->setAutoFilter("A10:{$sheet->getHighestDataColumn()}10"); + $sheet->protectCellsByColumnAndRow(1, 11, 5, $sheet->getHighestDataRow(), "sagacity"); updateHostHeader($sheet, $data['target_list'], $db);