From 99eb5342cf2917f3d9d374768210c086b00974fa Mon Sep 17 00:00:00 2001
From: Ryan Prather <godsgood33@gmail.com>
Date: Wed, 9 Jan 2019 21:49:58 -0500
Subject: [PATCH] fix(eChecklist-import): Fix error with formulas in status
 column

This should remedy the reported behavior of statuses quietly being changed to "Not Reviewed".
scan.inc - Added new set_Host_Error method to set the error value for a specific host
parse_excel_echecklist.php - explicitly check for the status to equal 1-of-7 expected values, if not, add note to finding, set scan error message, and default status to "Not Reviewed"
export.php - Added cell lock for A11:E{last row} with the default password of "sagacity" (all lowercase)

Fixes #80
---
 classes/scan.inc                | 21 ++++++++++++++++++++-
 exec/parse_excel_echecklist.php | 24 +++++++++++++++---------
 ste/export.php                  |  1 +
 3 files changed, 36 insertions(+), 10 deletions(-)

diff --git a/classes/scan.inc b/classes/scan.inc
index 0870132..49069f8 100644
--- a/classes/scan.inc
+++ b/classes/scan.inc
@@ -83,7 +83,7 @@ class scan
     /**
      * Array of hosts
      *
-     * @var array
+     * @var array:host_list
      */
     protected $host_list = array();
 
@@ -613,6 +613,25 @@ class scan
     {
         $this->host_count = $total_host_count_in;
     }
+    
+    /**
+     * Method to set a host error
+     * 
+     * @param int $tgt_id
+     * @param boolean $is_error
+     * @param string $err_msg
+     */
+    public function set_Host_Error($tgt_id, $is_error, $err_msg = null)
+    {
+        foreach($this->host_list as $x => $h) {
+            /** @var host_list $h */
+            if($h->getTargetId() == $tgt_id) {
+                $this->host_list[$x]->setScanError($is_error);
+                $this->host_list[$x]->setScanNotes($err_msg);
+                break;
+            }
+        }
+    }
 
     /**
      * Function to return string of the td row for the upload progress page
diff --git a/exec/parse_excel_echecklist.php b/exec/parse_excel_echecklist.php
index 704f92d..3091e6f 100644
--- a/exec/parse_excel_echecklist.php
+++ b/exec/parse_excel_echecklist.php
@@ -254,8 +254,7 @@ foreach ($objSS->getWorksheetIterator() as $wksht) {
             $hl->setTargetName($tgt->get_Name());
             if ($ip) {
                 $hl->setTargetIp($ip);
-            }
-            elseif (is_array($tgt->interfaces) && count($tgt->interfaces)) {
+            } elseif (is_array($tgt->interfaces) && count($tgt->interfaces)) {
                 foreach ($tgt->interfaces as $int) {
                     if (!in_array($int->get_IPv4(), ['0.0.0.0', '127.0.0.1'])) {
                         $ip = $int->get_IPv4();
@@ -301,8 +300,7 @@ foreach ($objSS->getWorksheetIterator() as $wksht) {
         $idx['consistent']     += $increase;
         $idx['notes']          += $increase;
         $idx['check_contents'] += $increase;
-    }
-    elseif (empty($tgts)) {
+    } elseif (empty($tgts)) {
 		$log->warning("Failed to identify targets in worksheet {$wksht->getTitle()}");
         continue;
     }
@@ -343,8 +341,7 @@ foreach ($objSS->getWorksheetIterator() as $wksht) {
 
         if (is_array($stig) && count($stig) && isset($stig[0]) && is_a($stig[0], 'stig')) {
             $stig = $stig[0];
-        }
-        else {
+        } else {
             $pdi    = new pdi(null, $cat_lvl, $dt->format("Y-m-d"));
             $pdi->set_Short_Title($short_title);
             $pdi->set_Group_Title($short_title);
@@ -360,6 +357,14 @@ foreach ($objSS->getWorksheetIterator() as $wksht) {
         foreach ($tgts as $tgt) {
             $status = $wksht->getCell(Coordinate::stringFromColumnIndex($idx['target'] + $x) . $row->getRowIndex())
                 ->getValue();
+            if(!in_array(strtolower($status), ['not reviewed', 'not a finding', 'open', 'not applicable', 'no data', 'exception', 'false positive'])) {
+                if(!preg_match("/Formula found in status column/", $notes)) {
+                    $notes .= "Formula found in status column";
+                }
+                $status = "Not Reviewed";
+                $scan->set_Host_Error($tgt->get_ID(), true, "Formula found in the status column");
+                $scan->setScanError(true);
+            }
 
 			$findings = $tgt_findings[$tgt->get_ID()];
 			if (is_array($findings) && count($findings) && isset($findings[$stig->get_PDI_ID()]) && is_a($findings[$stig->get_PDI_ID()], 'finding')) {
@@ -369,12 +374,13 @@ foreach ($objSS->getWorksheetIterator() as $wksht) {
                 $tmp->set_Finding_Status_By_String($status);
                 $tmp->set_Notes($notes);
                 $tmp->set_Category($cat_lvl);
+                $tmp->set_Scan_ID($scan->get_ID());
 
                 $updated_findings[] = $tmp;
-            }
-            else {
+            } else {
                 $tmp = new finding($tgt->get_ID(), $stig->get_PDI_ID(), $scan->get_ID(), $status, $notes, null, null, null);
                 $tmp->set_Category($cat_lvl);
+                $tmp->set_Scan_ID($scan->get_ID());
 
                 $new_findings[] = $tmp;
             }
@@ -390,7 +396,7 @@ foreach ($objSS->getWorksheetIterator() as $wksht) {
                 $new_findings = [];
             }
         }
-
+ 
         $db->update_Running_Scan($base_name, ['name' => 'perc_comp', 'value' => (($row->getRowIndex() - 10) / $highestRow) * 100]);
         if (PHP_SAPI == 'cli') {
             print "\r" . sprintf("%.2f%%", (($row->getRowIndex() - 10) / $highestRow) * 100);
diff --git a/ste/export.php b/ste/export.php
index f90828d..353d46d 100644
--- a/ste/export.php
+++ b/ste/export.php
@@ -299,6 +299,7 @@ foreach ($findings as $worksheet_name => $data) {
       ->applyFromArray($borders);
   $sheet->freezePane("A11");
   $sheet->setAutoFilter("A10:{$sheet->getHighestDataColumn()}10");
+  $sheet->protectCellsByColumnAndRow(1, 11, 5, $sheet->getHighestDataRow(), "sagacity");
 
   updateHostHeader($sheet, $data['target_list'], $db);