fix(eChecklist-import): Fix error with formulas in status column
This should remedy the reported behavior of statuses quietly being changed to "Not Reviewed". scan.inc - Added new set_Host_Error method to set the error value for a specific host parse_excel_echecklist.php - explicitly check for the status to equal 1-of-7 expected values, if not, add note to finding, set scan error message, and default status to "Not Reviewed" export.php - Added cell lock for A11:E{last row} with the default password of "sagacity" (all lowercase) Fixes #80
This commit is contained in:
parent
8973c2e046
commit
99eb5342cf
@ -83,7 +83,7 @@ class scan
|
|||||||
/**
|
/**
|
||||||
* Array of hosts
|
* Array of hosts
|
||||||
*
|
*
|
||||||
* @var array
|
* @var array:host_list
|
||||||
*/
|
*/
|
||||||
protected $host_list = array();
|
protected $host_list = array();
|
||||||
|
|
||||||
@ -613,6 +613,25 @@ class scan
|
|||||||
{
|
{
|
||||||
$this->host_count = $total_host_count_in;
|
$this->host_count = $total_host_count_in;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Method to set a host error
|
||||||
|
*
|
||||||
|
* @param int $tgt_id
|
||||||
|
* @param boolean $is_error
|
||||||
|
* @param string $err_msg
|
||||||
|
*/
|
||||||
|
public function set_Host_Error($tgt_id, $is_error, $err_msg = null)
|
||||||
|
{
|
||||||
|
foreach($this->host_list as $x => $h) {
|
||||||
|
/** @var host_list $h */
|
||||||
|
if($h->getTargetId() == $tgt_id) {
|
||||||
|
$this->host_list[$x]->setScanError($is_error);
|
||||||
|
$this->host_list[$x]->setScanNotes($err_msg);
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Function to return string of the td row for the upload progress page
|
* Function to return string of the td row for the upload progress page
|
||||||
|
@ -254,8 +254,7 @@ foreach ($objSS->getWorksheetIterator() as $wksht) {
|
|||||||
$hl->setTargetName($tgt->get_Name());
|
$hl->setTargetName($tgt->get_Name());
|
||||||
if ($ip) {
|
if ($ip) {
|
||||||
$hl->setTargetIp($ip);
|
$hl->setTargetIp($ip);
|
||||||
}
|
} elseif (is_array($tgt->interfaces) && count($tgt->interfaces)) {
|
||||||
elseif (is_array($tgt->interfaces) && count($tgt->interfaces)) {
|
|
||||||
foreach ($tgt->interfaces as $int) {
|
foreach ($tgt->interfaces as $int) {
|
||||||
if (!in_array($int->get_IPv4(), ['0.0.0.0', '127.0.0.1'])) {
|
if (!in_array($int->get_IPv4(), ['0.0.0.0', '127.0.0.1'])) {
|
||||||
$ip = $int->get_IPv4();
|
$ip = $int->get_IPv4();
|
||||||
@ -301,8 +300,7 @@ foreach ($objSS->getWorksheetIterator() as $wksht) {
|
|||||||
$idx['consistent'] += $increase;
|
$idx['consistent'] += $increase;
|
||||||
$idx['notes'] += $increase;
|
$idx['notes'] += $increase;
|
||||||
$idx['check_contents'] += $increase;
|
$idx['check_contents'] += $increase;
|
||||||
}
|
} elseif (empty($tgts)) {
|
||||||
elseif (empty($tgts)) {
|
|
||||||
$log->warning("Failed to identify targets in worksheet {$wksht->getTitle()}");
|
$log->warning("Failed to identify targets in worksheet {$wksht->getTitle()}");
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
@ -343,8 +341,7 @@ foreach ($objSS->getWorksheetIterator() as $wksht) {
|
|||||||
|
|
||||||
if (is_array($stig) && count($stig) && isset($stig[0]) && is_a($stig[0], 'stig')) {
|
if (is_array($stig) && count($stig) && isset($stig[0]) && is_a($stig[0], 'stig')) {
|
||||||
$stig = $stig[0];
|
$stig = $stig[0];
|
||||||
}
|
} else {
|
||||||
else {
|
|
||||||
$pdi = new pdi(null, $cat_lvl, $dt->format("Y-m-d"));
|
$pdi = new pdi(null, $cat_lvl, $dt->format("Y-m-d"));
|
||||||
$pdi->set_Short_Title($short_title);
|
$pdi->set_Short_Title($short_title);
|
||||||
$pdi->set_Group_Title($short_title);
|
$pdi->set_Group_Title($short_title);
|
||||||
@ -360,6 +357,14 @@ foreach ($objSS->getWorksheetIterator() as $wksht) {
|
|||||||
foreach ($tgts as $tgt) {
|
foreach ($tgts as $tgt) {
|
||||||
$status = $wksht->getCell(Coordinate::stringFromColumnIndex($idx['target'] + $x) . $row->getRowIndex())
|
$status = $wksht->getCell(Coordinate::stringFromColumnIndex($idx['target'] + $x) . $row->getRowIndex())
|
||||||
->getValue();
|
->getValue();
|
||||||
|
if(!in_array(strtolower($status), ['not reviewed', 'not a finding', 'open', 'not applicable', 'no data', 'exception', 'false positive'])) {
|
||||||
|
if(!preg_match("/Formula found in status column/", $notes)) {
|
||||||
|
$notes .= "Formula found in status column";
|
||||||
|
}
|
||||||
|
$status = "Not Reviewed";
|
||||||
|
$scan->set_Host_Error($tgt->get_ID(), true, "Formula found in the status column");
|
||||||
|
$scan->setScanError(true);
|
||||||
|
}
|
||||||
|
|
||||||
$findings = $tgt_findings[$tgt->get_ID()];
|
$findings = $tgt_findings[$tgt->get_ID()];
|
||||||
if (is_array($findings) && count($findings) && isset($findings[$stig->get_PDI_ID()]) && is_a($findings[$stig->get_PDI_ID()], 'finding')) {
|
if (is_array($findings) && count($findings) && isset($findings[$stig->get_PDI_ID()]) && is_a($findings[$stig->get_PDI_ID()], 'finding')) {
|
||||||
@ -369,12 +374,13 @@ foreach ($objSS->getWorksheetIterator() as $wksht) {
|
|||||||
$tmp->set_Finding_Status_By_String($status);
|
$tmp->set_Finding_Status_By_String($status);
|
||||||
$tmp->set_Notes($notes);
|
$tmp->set_Notes($notes);
|
||||||
$tmp->set_Category($cat_lvl);
|
$tmp->set_Category($cat_lvl);
|
||||||
|
$tmp->set_Scan_ID($scan->get_ID());
|
||||||
|
|
||||||
$updated_findings[] = $tmp;
|
$updated_findings[] = $tmp;
|
||||||
}
|
} else {
|
||||||
else {
|
|
||||||
$tmp = new finding($tgt->get_ID(), $stig->get_PDI_ID(), $scan->get_ID(), $status, $notes, null, null, null);
|
$tmp = new finding($tgt->get_ID(), $stig->get_PDI_ID(), $scan->get_ID(), $status, $notes, null, null, null);
|
||||||
$tmp->set_Category($cat_lvl);
|
$tmp->set_Category($cat_lvl);
|
||||||
|
$tmp->set_Scan_ID($scan->get_ID());
|
||||||
|
|
||||||
$new_findings[] = $tmp;
|
$new_findings[] = $tmp;
|
||||||
}
|
}
|
||||||
@ -390,7 +396,7 @@ foreach ($objSS->getWorksheetIterator() as $wksht) {
|
|||||||
$new_findings = [];
|
$new_findings = [];
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
$db->update_Running_Scan($base_name, ['name' => 'perc_comp', 'value' => (($row->getRowIndex() - 10) / $highestRow) * 100]);
|
$db->update_Running_Scan($base_name, ['name' => 'perc_comp', 'value' => (($row->getRowIndex() - 10) / $highestRow) * 100]);
|
||||||
if (PHP_SAPI == 'cli') {
|
if (PHP_SAPI == 'cli') {
|
||||||
print "\r" . sprintf("%.2f%%", (($row->getRowIndex() - 10) / $highestRow) * 100);
|
print "\r" . sprintf("%.2f%%", (($row->getRowIndex() - 10) / $highestRow) * 100);
|
||||||
|
@ -299,6 +299,7 @@ foreach ($findings as $worksheet_name => $data) {
|
|||||||
->applyFromArray($borders);
|
->applyFromArray($borders);
|
||||||
$sheet->freezePane("A11");
|
$sheet->freezePane("A11");
|
||||||
$sheet->setAutoFilter("A10:{$sheet->getHighestDataColumn()}10");
|
$sheet->setAutoFilter("A10:{$sheet->getHighestDataColumn()}10");
|
||||||
|
$sheet->protectCellsByColumnAndRow(1, 11, 5, $sheet->getHighestDataRow(), "sagacity");
|
||||||
|
|
||||||
updateHostHeader($sheet, $data['target_list'], $db);
|
updateHostHeader($sheet, $data['target_list'], $db);
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user