fix(eChecklist-import): Fix error with formulas in status column

This should remedy the reported behavior of statuses quietly being changed to "Not Reviewed".
scan.inc - Added new set_Host_Error method to set the error value for a specific host
parse_excel_echecklist.php - explicitly check for the status to equal 1-of-7 expected values, if not, add note to finding, set scan error message, and default status to "Not Reviewed"
export.php - Added cell lock for A11:E{last row} with the default password of "sagacity" (all lowercase)

Fixes #80
This commit is contained in:
Ryan Prather 2019-01-09 21:49:58 -05:00
parent 8973c2e046
commit 99eb5342cf
No known key found for this signature in database
GPG Key ID: 66FDE2B4E8AB87A7
3 changed files with 36 additions and 10 deletions

View File

@ -83,7 +83,7 @@ class scan
/** /**
* Array of hosts * Array of hosts
* *
* @var array * @var array:host_list
*/ */
protected $host_list = array(); protected $host_list = array();
@ -614,6 +614,25 @@ class scan
$this->host_count = $total_host_count_in; $this->host_count = $total_host_count_in;
} }
/**
* Method to set a host error
*
* @param int $tgt_id
* @param boolean $is_error
* @param string $err_msg
*/
public function set_Host_Error($tgt_id, $is_error, $err_msg = null)
{
foreach($this->host_list as $x => $h) {
/** @var host_list $h */
if($h->getTargetId() == $tgt_id) {
$this->host_list[$x]->setScanError($is_error);
$this->host_list[$x]->setScanNotes($err_msg);
break;
}
}
}
/** /**
* Function to return string of the td row for the upload progress page * Function to return string of the td row for the upload progress page
* *

View File

@ -254,8 +254,7 @@ foreach ($objSS->getWorksheetIterator() as $wksht) {
$hl->setTargetName($tgt->get_Name()); $hl->setTargetName($tgt->get_Name());
if ($ip) { if ($ip) {
$hl->setTargetIp($ip); $hl->setTargetIp($ip);
} } elseif (is_array($tgt->interfaces) && count($tgt->interfaces)) {
elseif (is_array($tgt->interfaces) && count($tgt->interfaces)) {
foreach ($tgt->interfaces as $int) { foreach ($tgt->interfaces as $int) {
if (!in_array($int->get_IPv4(), ['0.0.0.0', '127.0.0.1'])) { if (!in_array($int->get_IPv4(), ['0.0.0.0', '127.0.0.1'])) {
$ip = $int->get_IPv4(); $ip = $int->get_IPv4();
@ -301,8 +300,7 @@ foreach ($objSS->getWorksheetIterator() as $wksht) {
$idx['consistent'] += $increase; $idx['consistent'] += $increase;
$idx['notes'] += $increase; $idx['notes'] += $increase;
$idx['check_contents'] += $increase; $idx['check_contents'] += $increase;
} } elseif (empty($tgts)) {
elseif (empty($tgts)) {
$log->warning("Failed to identify targets in worksheet {$wksht->getTitle()}"); $log->warning("Failed to identify targets in worksheet {$wksht->getTitle()}");
continue; continue;
} }
@ -343,8 +341,7 @@ foreach ($objSS->getWorksheetIterator() as $wksht) {
if (is_array($stig) && count($stig) && isset($stig[0]) && is_a($stig[0], 'stig')) { if (is_array($stig) && count($stig) && isset($stig[0]) && is_a($stig[0], 'stig')) {
$stig = $stig[0]; $stig = $stig[0];
} } else {
else {
$pdi = new pdi(null, $cat_lvl, $dt->format("Y-m-d")); $pdi = new pdi(null, $cat_lvl, $dt->format("Y-m-d"));
$pdi->set_Short_Title($short_title); $pdi->set_Short_Title($short_title);
$pdi->set_Group_Title($short_title); $pdi->set_Group_Title($short_title);
@ -360,6 +357,14 @@ foreach ($objSS->getWorksheetIterator() as $wksht) {
foreach ($tgts as $tgt) { foreach ($tgts as $tgt) {
$status = $wksht->getCell(Coordinate::stringFromColumnIndex($idx['target'] + $x) . $row->getRowIndex()) $status = $wksht->getCell(Coordinate::stringFromColumnIndex($idx['target'] + $x) . $row->getRowIndex())
->getValue(); ->getValue();
if(!in_array(strtolower($status), ['not reviewed', 'not a finding', 'open', 'not applicable', 'no data', 'exception', 'false positive'])) {
if(!preg_match("/Formula found in status column/", $notes)) {
$notes .= "Formula found in status column";
}
$status = "Not Reviewed";
$scan->set_Host_Error($tgt->get_ID(), true, "Formula found in the status column");
$scan->setScanError(true);
}
$findings = $tgt_findings[$tgt->get_ID()]; $findings = $tgt_findings[$tgt->get_ID()];
if (is_array($findings) && count($findings) && isset($findings[$stig->get_PDI_ID()]) && is_a($findings[$stig->get_PDI_ID()], 'finding')) { if (is_array($findings) && count($findings) && isset($findings[$stig->get_PDI_ID()]) && is_a($findings[$stig->get_PDI_ID()], 'finding')) {
@ -369,12 +374,13 @@ foreach ($objSS->getWorksheetIterator() as $wksht) {
$tmp->set_Finding_Status_By_String($status); $tmp->set_Finding_Status_By_String($status);
$tmp->set_Notes($notes); $tmp->set_Notes($notes);
$tmp->set_Category($cat_lvl); $tmp->set_Category($cat_lvl);
$tmp->set_Scan_ID($scan->get_ID());
$updated_findings[] = $tmp; $updated_findings[] = $tmp;
} } else {
else {
$tmp = new finding($tgt->get_ID(), $stig->get_PDI_ID(), $scan->get_ID(), $status, $notes, null, null, null); $tmp = new finding($tgt->get_ID(), $stig->get_PDI_ID(), $scan->get_ID(), $status, $notes, null, null, null);
$tmp->set_Category($cat_lvl); $tmp->set_Category($cat_lvl);
$tmp->set_Scan_ID($scan->get_ID());
$new_findings[] = $tmp; $new_findings[] = $tmp;
} }

View File

@ -299,6 +299,7 @@ foreach ($findings as $worksheet_name => $data) {
->applyFromArray($borders); ->applyFromArray($borders);
$sheet->freezePane("A11"); $sheet->freezePane("A11");
$sheet->setAutoFilter("A10:{$sheet->getHighestDataColumn()}10"); $sheet->setAutoFilter("A10:{$sheet->getHighestDataColumn()}10");
$sheet->protectCellsByColumnAndRow(1, 11, 5, $sheet->getHighestDataRow(), "sagacity");
updateHostHeader($sheet, $data['target_list'], $db); updateHostHeader($sheet, $data['target_list'], $db);