From a32988ed0303b68ecb3e094cadd1b9bda7da277b Mon Sep 17 00:00:00 2001 From: Ryan Prather Date: Fri, 14 Dec 2018 09:32:40 -0500 Subject: [PATCH] parse_excel_echecklist.php: Skip parsing orphan worksheet Issue error if there are more than 100 targets in any worksheet Save findings when you get above 1000 database.inc: Comment out block of code to retrieve orphan findings to export to the eChecklist setup.php: Convert possible algorithms to lower case. (should fix bug that person on FB was seeing). --- exec/parse_excel_echecklist.php | 20 +++++++++++++++----- inc/database.inc | 2 ++ setup.php | 9 +++++---- 3 files changed, 22 insertions(+), 9 deletions(-) diff --git a/exec/parse_excel_echecklist.php b/exec/parse_excel_echecklist.php index fb8e91e..704f92d 100644 --- a/exec/parse_excel_echecklist.php +++ b/exec/parse_excel_echecklist.php @@ -127,6 +127,9 @@ foreach ($objSS->getWorksheetIterator() as $wksht) { elseif (isset($conf['ignore']) && $wksht->getSheetState() == Worksheet::SHEETSTATE_HIDDEN) { $log->info("Skipping hidden worksheet {$wksht->getTitle()}"); continue; + } elseif ($wksht->getTitle() == 'Orphan') { + $log->info("Skipping Orphan worksheet because it creates problems right now"); + continue; } $scan->isTerminated(); @@ -279,6 +282,15 @@ foreach ($objSS->getWorksheetIterator() as $wksht) { break; } } + + if(count($tgts) > 100) { + $db->update_Running_Scan($base_name, ['name' => 'status', 'value' => 'ERROR']); + $db->update_Running_Scan($base_name, ['name' => 'notes', 'value' => "Too many targets in worksheet {$wksht->getTitle()}"]); + $log->error("Too many targets in worksheet {$wksht->getTitle()}"); + unset($objSS); + rename($cmd['f'], TMP . "/terminated/$base_name"); + die(); + } $db->update_Running_Scan($base_name, ['name' => 'host_count', 'value' => count($tgts)]); @@ -368,11 +380,9 @@ foreach ($objSS->getWorksheetIterator() as $wksht) { } $log->debug("{$tgt->get_Name()} {$stig->get_ID()} ({$tmp->get_Finding_Status_String()})"); $x++; - } - - $row_count++; - - if($row_count % 100 == 0) { + } + + if(count($updated_findings) + count($new_findings) >= 1000) { if(!$db->add_Findings_By_Target($updated_findings, $new_findings)) { die(print_r(debug_backtrace(), true)); } else { diff --git a/inc/database.inc b/inc/database.inc index c9ae4c7..275c6e0 100644 --- a/inc/database.inc +++ b/inc/database.inc @@ -3436,6 +3436,7 @@ class db } } + /* $where = [ [ 'field' => 'gof.cat_id', @@ -3546,6 +3547,7 @@ class db } } } + */ return $ret; } diff --git a/setup.php b/setup.php index 0b27aa6..36033d6 100644 --- a/setup.php +++ b/setup.php @@ -70,14 +70,15 @@ EOO; $fail = true; } else { - $algorithms = ["AES-256-CBC-HMAC-SHA256", "AES-256-CBC-HMAC-SHA1", "AES-256-CBC"]; - if (in_array($algorithms[0], openssl_get_cipher_methods())) { + $algorithms = ["aes-256-cbc-hmac-sha256", "aec-256-cbc-hmac-sha1", "aes-256-cbc"]; + $ciphers = array_map('strtolower', openssl_get_cipher_methods()); + if (in_array($algorithms[0], $ciphers)) { $idx = 0; } - elseif (in_array($algorithms[1], openssl_get_cipher_methods())) { + elseif (in_array($algorithms[1], $ciphers)) { $idx = 1; } - elseif (in_array($algorithms[2], openssl_get_cipher_methods())) { + elseif (in_array($algorithms[2], $ciphers)) { $idx = 2; } else {