ryan/sagacity
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix(eChecklist): Fix bug with eChecklist note duplication

Browse Source 
parse_excel_echecklist.php - change preg_match to a stripos method check for notes string and add update_Scan_Host_List call after importing all worksheets
database.inc - add a check for if appending a duplicate string to the checklist notes. add update_Target_Counts call when updating host list

fix #80, #10
This commit is contained in:
Ryan Prather 2019-01-15 13:08:49 -05:00
parent e893267c60
commit bb9e2f4adb
No known key found for this signature in database
GPG Key ID: 66FDE2B4E8AB87A7
2 changed files with 16 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
exec/parse_excel_echecklist.php
View File

@ -358,12 +358,11 @@ foreach ($objSS->getWorksheetIterator() as $wksht) {
$status = $wksht->getCell(Coordinate::stringFromColumnIndex($idx['target'] + $x) . $row->getRowIndex()) $status = $wksht->getCell(Coordinate::stringFromColumnIndex($idx['target'] + $x) . $row->getRowIndex())
->getValue(); ->getValue();
if(!in_array(strtolower($status), ['not reviewed', 'not a finding', 'open', 'not applicable', 'no data', 'exception', 'false positive'])) { if(!in_array(strtolower($status), ['not reviewed', 'not a finding', 'open', 'not applicable', 'no data', 'exception', 'false positive'])) {
if(!preg_match("/Formula found in status column/", $notes)) { if(stripos($notes, "Formula found in status column") === false) {
$notes .= "Formula found in status column"; $notes .= "Formula found in status column";
} }
$status = "Not Reviewed"; $status = "Not Reviewed";
$scan->set_Host_Error($tgt->get_ID(), true, "Formula found in the status column"); $scan->set_Host_Error($tgt->get_ID(), true, "Formula found in the status column");
$scan->setScanError(true);
} }
$findings = $tgt_findings[$tgt->get_ID()]; $findings = $tgt_findings[$tgt->get_ID()];
@ -380,13 +379,12 @@ foreach ($objSS->getWorksheetIterator() as $wksht) {
} else { } else {
$tmp = new finding($tgt->get_ID(), $stig->get_PDI_ID(), $scan->get_ID(), $status, $notes, null, null, null); $tmp = new finding($tgt->get_ID(), $stig->get_PDI_ID(), $scan->get_ID(), $status, $notes, null, null, null);
$tmp->set_Category($cat_lvl); $tmp->set_Category($cat_lvl);
$tmp->set_Scan_ID($scan->get_ID());
$new_findings[] = $tmp; $new_findings[] = $tmp;
} }
$log->debug("{$tgt->get_Name()} {$stig->get_ID()} ({$tmp->get_Finding_Status_String()})"); $log->debug("{$tgt->get_Name()} {$stig->get_ID()} ({$tmp->get_Finding_Status_String()})");
$x++; $x++;
} }
if(count($updated_findings) + count($new_findings) >= 1000) { if(count($updated_findings) + count($new_findings) >= 1000) {
if(!$db->add_Findings_By_Target($updated_findings, $new_findings)) { if(!$db->add_Findings_By_Target($updated_findings, $new_findings)) {
@ -408,10 +406,7 @@ foreach ($objSS->getWorksheetIterator() as $wksht) {
} }
} }
/** @var host_list $h */ $db->update_Scan_Host_List($scan);
foreach($scan->get_Host_List() as $h) {
$db->update_Target_Counts($h->getTargetId());
}
unset($objSS); unset($objSS);
if (!isset($cmd['debug'])) { if (!isset($cmd['debug'])) {

24
inc/database.inc
View File

@ -3427,7 +3427,9 @@ class db
} }
} else { } else {
$ret[$worksheet_name]['stigs'][$row['stig_id']][$row['tgt_name']] = $row['finding_status']; $ret[$worksheet_name]['stigs'][$row['stig_id']][$row['tgt_name']] = $row['finding_status'];
$ret[$worksheet_name]['stigs'][$row['stig_id']]['echecklist']->append_Notes($row['notes'] . PHP_EOL); if(stripos($ret[$worksheet_name]['stigs'][$row['stig_id']]['echecklist']->get_Notes(), $row['notes']) === false) {
$ret[$worksheet_name]['stigs'][$row['stig_id']]['echecklist']->append_Notes($row['notes'] . PHP_EOL);
}
} }
if ($row['chk_type'] == 'manual') { if ($row['chk_type'] == 'manual') {
@ -8417,8 +8419,7 @@ EOQ;
} }
if ($new_Scan->get_ID()) { if ($new_Scan->get_ID()) {
$this->help->update("scans", [ $this->help->update("scans", [
'src_id' => $new_Scan->get_Source() 'src_id' => $new_Scan->get_Source()->get_ID(),
->get_ID(),
'itr' => $new_Scan->get_Itr(), 'itr' => $new_Scan->get_Itr(),
'file_date' => $new_Scan->get_File_DateTime(), 'file_date' => $new_Scan->get_File_DateTime(),
'pid' => $new_Scan->get_PID(), 'pid' => $new_Scan->get_PID(),
@ -8439,14 +8440,10 @@ EOQ;
if (! $this->help->execute()) { if (! $this->help->execute()) {
$this->help->debug(E_ERROR); $this->help->debug(E_ERROR);
} }
$this->update_Scan_Host_List($new_Scan, $new_Scan->get_Host_List());
} else { } else {
$this->help->insert("scans", [ $this->help->insert("scans", [
'src_id' => $new_Scan->get_Source() 'src_id' => $new_Scan->get_Source()->get_ID(),
->get_ID(), 'ste_id' => $new_Scan->get_STE()->get_ID(),
'ste_id' => $new_Scan->get_STE()
->get_ID(),
'itr' => $new_Scan->get_Itr(), 'itr' => $new_Scan->get_Itr(),
'file_name' => $new_Scan->get_File_Name(), 'file_name' => $new_Scan->get_File_Name(),
'file_date' => $new_Scan->get_File_DateTime(), 'file_date' => $new_Scan->get_File_DateTime(),
@ -8466,9 +8463,10 @@ EOQ;
} }
$new_Scan->set_ID($this->conn->insert_id); $new_Scan->set_ID($this->conn->insert_id);
$this->update_Scan_Host_List($new_Scan, $new_Scan->get_Host_List());
} }
$this->update_Scan_Host_List($new_Scan, $new_Scan->get_Host_List());
return $new_Scan->get_ID(); return $new_Scan->get_ID();
} }
@ -8598,6 +8596,8 @@ EOQ;
$host->getScanError(), $host->getScanError(),
$host->getScanNotes() $host->getScanNotes()
]; ];
$this->update_Target_Counts($host->getTargetId());
} }
} else { } else {
foreach ($host_list as $host) { foreach ($host_list as $host) {
@ -8611,6 +8611,8 @@ EOQ;
$host->getScanError(), $host->getScanError(),
$host->getScanNotes() $host->getScanNotes()
]; ];
$this->update_Target_Counts($host->getTargetId());
} }
} }