commit
c07f0a709b
5
.gitmessage
Normal file
5
.gitmessage
Normal file
@ -0,0 +1,5 @@
|
||||
<type>[optional scope]: <description>
|
||||
|
||||
[optional body]
|
||||
|
||||
[optional footer]
|
Binary file not shown.
@ -1,4 +1,4 @@
|
||||
FROM php:7.2.8-apache-stretch
|
||||
FROM php:apache-stretch
|
||||
COPY conf/docker-php.ini /usr/local/etc/php/php.ini
|
||||
RUN apt update && apt -y install zlib1g-dev mysql-client
|
||||
RUN docker-php-ext-install mysqli zip
|
||||
|
BIN
README.pdf
BIN
README.pdf
Binary file not shown.
34
ajax.php
34
ajax.php
@ -48,10 +48,14 @@
|
||||
*/
|
||||
set_time_limit(0);
|
||||
|
||||
include_once 'vendor/autoload.php';
|
||||
include_once 'config.inc';
|
||||
include_once 'import.inc';
|
||||
include_once 'helper.inc';
|
||||
|
||||
use Monolog\Logger;
|
||||
use Monolog\Handler\StreamHandler;
|
||||
|
||||
chdir(dirname(__FILE__));
|
||||
|
||||
$db = new db();
|
||||
@ -229,8 +233,10 @@ elseif ($action == 'get-cat-data') {
|
||||
$checklist = $db->get_Checklist_By_File($fname);
|
||||
|
||||
if (isset($checklist[0])) {
|
||||
$checklist[0]->type = ucfirst($checklist[0]->type);
|
||||
print header(JSON) . json_encode($checklist[0]);
|
||||
$chk = $checklist[0];
|
||||
|
||||
$chk->type = ucfirst($chk->type);
|
||||
print header(JSON) . json_encode($chk);
|
||||
}
|
||||
else {
|
||||
print header(JSON) . json_encode(array('error' => 'Error finding checklist'));
|
||||
@ -542,8 +548,7 @@ function sw_filter($is_os = false)
|
||||
'table_joins' => [
|
||||
"LEFT JOIN `sagacity`.`target_software` ts ON ts.`sft_id` = s.`id`" . ($tgt_id ? " AND ts.`tgt_id` = $tgt_id" : "")
|
||||
],
|
||||
'order' => 's.cpe',
|
||||
'limit' => 25
|
||||
'order' => 's.cpe'
|
||||
]);
|
||||
|
||||
$sw = $db->help->execute();
|
||||
@ -1482,9 +1487,11 @@ function get_hosts($cat_id = null)
|
||||
$ste_id = filter_input(INPUT_COOKIE, 'ste', FILTER_VALIDATE_INT, FILTER_NULL_ON_FAILURE);
|
||||
$tgts = [];
|
||||
|
||||
$exp_scan_srcs = null;
|
||||
if ($cat_id) {
|
||||
$ste_cat = $db->get_Category($cat_id)[0];
|
||||
$tgts = $db->get_Target_By_Category($cat_id);
|
||||
$exp_scan_srcs = $db->get_Expected_Category_Sources($ste_cat);
|
||||
}
|
||||
elseif (is_numeric($ste_id)) {
|
||||
$tgts = $db->get_Unassigned_Targets($ste_id);
|
||||
@ -1494,13 +1501,8 @@ function get_hosts($cat_id = null)
|
||||
}
|
||||
|
||||
foreach ($tgts as $tgt) {
|
||||
/** @var target $tgt */
|
||||
$chks = $db->get_Target_Checklists($tgt->get_ID());
|
||||
if ($cat_id) {
|
||||
$exp_scan_srcs = $db->get_Expected_Category_Sources($ste_cat);
|
||||
}
|
||||
else {
|
||||
$exp_scan_srcs = null;
|
||||
}
|
||||
$scan_srcs = $db->get_Target_Scan_Sources($tgt, $exp_scan_srcs);
|
||||
$icons = [];
|
||||
$icon_str = '';
|
||||
@ -1520,17 +1522,19 @@ function get_hosts($cat_id = null)
|
||||
}
|
||||
|
||||
foreach ($scan_srcs as $src) {
|
||||
if(isset($src['src']) && is_a($src['src'], 'source')) {
|
||||
$icon = $src['src']->get_Icon();
|
||||
if($src['scan_error']) {
|
||||
if(isset($src['scan_error']) && $src['scan_error']) {
|
||||
$icon = strtolower($src['src']->get_Name()) . "-failed.png";
|
||||
}
|
||||
|
||||
$src_str .= "<img src='/img/scan_types/{$icon}' title='{$src['src']->get_Name()}";
|
||||
if (isset($src['count']) && $src['count']) {
|
||||
$src_str .= " ({$src['count']})";
|
||||
if (isset($src['file_name']) && $src['file_name']) {
|
||||
$src_str .= "\n{$src['file_name']}";
|
||||
}
|
||||
$src_str .= "' class='checklist_image' />";
|
||||
}
|
||||
}
|
||||
|
||||
$ret['targets'][] = array_merge([
|
||||
'id' => $tgt->get_ID(),
|
||||
@ -1552,8 +1556,8 @@ function get_hosts($cat_id = null)
|
||||
'cat_1' => $tgt->getCat1Count(),
|
||||
'cat_2' => $tgt->getCat2Count(),
|
||||
'cat_3' => $tgt->getCat3Count(),
|
||||
'comp' => $tgt->getCompliantPercent(),
|
||||
'assessed' => $tgt->getAssessedPercent()
|
||||
'comp' => floatval(number_format($tgt->getCompliantPercent(), 6)),
|
||||
'assessed' => floatval(number_format($tgt->getAssessedPercent(), 6))
|
||||
]);
|
||||
}
|
||||
|
||||
|
@ -21,6 +21,7 @@
|
||||
* - May 13, 2017 - Added WindowsFirewall.jpg image for checklist
|
||||
* - May 19, 2017 - Fixed typo for WindowsFirewall
|
||||
* - Aug 23, 2017 - JO, Expanded checklist icons
|
||||
* - Nov 6, 2018 - Deleted duplicate BIND 9 checklist icon entry
|
||||
*/
|
||||
|
||||
/**
|
||||
@ -545,9 +546,6 @@ class checklist
|
||||
case (preg_match("/Mobile Device/i", $this->name) ? true : false):
|
||||
$this->icon = 'mobile-device.jpg';
|
||||
break;
|
||||
case (preg_match("/BIND 9/i", $this->name) ? true : false):
|
||||
$this->icon = 'BIND DNS.jpg';
|
||||
break;
|
||||
case (preg_match("/Remote Access/i", $this->name) ? true : false):
|
||||
$this->icon = 'remote-access.gif';
|
||||
break;
|
||||
|
@ -22,6 +22,7 @@
|
||||
* - May 25, 2017 - Fixed bug of get_Category method returning empty severity (defaults to II if empty)
|
||||
* - Jan 10, 2018 - Formatting
|
||||
* - May 24, 2018 - Simplified get_Finding_Status_ID method
|
||||
* - Nov 6, 2018 - Removed ID property to keep from duplicate findings
|
||||
*/
|
||||
|
||||
/**
|
||||
@ -30,14 +31,8 @@
|
||||
* @author Ryan Prather
|
||||
*
|
||||
*/
|
||||
class finding {
|
||||
|
||||
/**
|
||||
* Finding ID
|
||||
*
|
||||
* @var integer
|
||||
*/
|
||||
protected $id = null;
|
||||
class finding
|
||||
{
|
||||
|
||||
/**
|
||||
* Target ID
|
||||
@ -88,6 +83,20 @@ class finding {
|
||||
*/
|
||||
protected $notes = null;
|
||||
|
||||
/**
|
||||
* Analyst Notes
|
||||
*
|
||||
* @var string
|
||||
*/
|
||||
protected $analyst_notes = null;
|
||||
|
||||
/**
|
||||
* Scanner Notes
|
||||
*
|
||||
* @var string
|
||||
*/
|
||||
protected $scanner_notes = null;
|
||||
|
||||
/**
|
||||
* Change ID
|
||||
*
|
||||
@ -155,7 +164,6 @@ class finding {
|
||||
/**
|
||||
* Constructor
|
||||
*
|
||||
* @param integer $int_ID
|
||||
* @param integer $int_Tgt_ID
|
||||
* @param integer $int_PDI_ID
|
||||
* @param integer $int_Scan_ID
|
||||
@ -165,15 +173,14 @@ class finding {
|
||||
* @param string $str_Orig_Src
|
||||
* @param integer $int_Finding_Itr
|
||||
*/
|
||||
public function __construct($int_ID, $int_Tgt_ID, $int_PDI_ID, $int_Scan_ID, $Finding_Status, $str_Notes, $int_Change_ID, $str_Orig_Src, $int_Finding_Itr) {
|
||||
$this->id = $int_ID;
|
||||
public function __construct($int_Tgt_ID, $int_PDI_ID, $int_Scan_ID, $Finding_Status, $str_Notes, $int_Change_ID, $str_Orig_Src, $int_Finding_Itr)
|
||||
{
|
||||
$this->tgt_id = $int_Tgt_ID;
|
||||
$this->pdi_id = $int_PDI_ID;
|
||||
$this->scan_id = $int_Scan_ID;
|
||||
if (is_numeric($Finding_Status)) {
|
||||
$this->finding_status_id = $Finding_Status;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
$this->finding_status_id = $this->get_Finding_Status_ID($Finding_Status);
|
||||
}
|
||||
$this->notes = $str_Notes;
|
||||
@ -182,21 +189,13 @@ class finding {
|
||||
$this->finding_itr = $int_Finding_Itr;
|
||||
}
|
||||
|
||||
/**
|
||||
* Getter function for Finding ID
|
||||
*
|
||||
* @return integer
|
||||
*/
|
||||
public function get_ID() {
|
||||
return $this->id;
|
||||
}
|
||||
|
||||
/**
|
||||
* Getter function for target ID
|
||||
*
|
||||
* @return integer
|
||||
*/
|
||||
public function get_Tgt_ID() {
|
||||
public function get_Tgt_ID()
|
||||
{
|
||||
return $this->tgt_id;
|
||||
}
|
||||
|
||||
@ -205,7 +204,8 @@ class finding {
|
||||
*
|
||||
* @param integer $int_Tgt_ID
|
||||
*/
|
||||
public function set_Tgt_ID($int_Tgt_ID) {
|
||||
public function set_Tgt_ID($int_Tgt_ID)
|
||||
{
|
||||
$this->tgt_id = $int_Tgt_ID;
|
||||
}
|
||||
|
||||
@ -214,7 +214,8 @@ class finding {
|
||||
*
|
||||
* @return integer
|
||||
*/
|
||||
public function get_PDI_ID() {
|
||||
public function get_PDI_ID()
|
||||
{
|
||||
return $this->pdi_id;
|
||||
}
|
||||
|
||||
@ -223,7 +224,8 @@ class finding {
|
||||
*
|
||||
* @param integer $int_PDI_ID
|
||||
*/
|
||||
public function set_PDI_ID($int_PDI_ID) {
|
||||
public function set_PDI_ID($int_PDI_ID)
|
||||
{
|
||||
$this->pdi_id = $int_PDI_ID;
|
||||
}
|
||||
|
||||
@ -232,7 +234,8 @@ class finding {
|
||||
*
|
||||
* @return integer
|
||||
*/
|
||||
public function get_Scan_ID() {
|
||||
public function get_Scan_ID()
|
||||
{
|
||||
return $this->scan_id;
|
||||
}
|
||||
|
||||
@ -241,7 +244,8 @@ class finding {
|
||||
*
|
||||
* @param integer $int_Scan_ID
|
||||
*/
|
||||
public function set_Scan_ID($int_Scan_ID) {
|
||||
public function set_Scan_ID($int_Scan_ID)
|
||||
{
|
||||
$this->scan_id = $int_Scan_ID;
|
||||
}
|
||||
|
||||
@ -250,7 +254,8 @@ class finding {
|
||||
*
|
||||
* @return integer
|
||||
*/
|
||||
public function get_Finding_Status() {
|
||||
public function get_Finding_Status()
|
||||
{
|
||||
return $this->finding_status_id;
|
||||
}
|
||||
|
||||
@ -260,12 +265,12 @@ class finding {
|
||||
* @param string $status
|
||||
* @return integer
|
||||
*/
|
||||
public function get_Finding_Status_ID($status) {
|
||||
public function get_Finding_Status_ID($status)
|
||||
{
|
||||
$arr_flip = array_flip($this->STATUS);
|
||||
if (isset($arr_flip[$status])) {
|
||||
return $arr_flip[$status];
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
return $arr_flip['Not Reviewed'];
|
||||
}
|
||||
}
|
||||
@ -276,11 +281,11 @@ class finding {
|
||||
* @param integer $int_Status_ID
|
||||
* @return string
|
||||
*/
|
||||
public function get_Finding_Status_String($int_Status_ID = null) {
|
||||
public function get_Finding_Status_String($int_Status_ID = null)
|
||||
{
|
||||
if ($int_Status_ID) {
|
||||
return $this->STATUS[$int_Status_ID];
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
return $this->STATUS[$this->finding_status_id];
|
||||
}
|
||||
}
|
||||
@ -290,7 +295,8 @@ class finding {
|
||||
*
|
||||
* @param integer $int_Finding_Status_ID
|
||||
*/
|
||||
public function set_Finding_Status($int_Finding_Status_ID) {
|
||||
public function set_Finding_Status($int_Finding_Status_ID)
|
||||
{
|
||||
$this->finding_status_id = $int_Finding_Status_ID;
|
||||
}
|
||||
|
||||
@ -299,7 +305,8 @@ class finding {
|
||||
*
|
||||
* @param string $str_New_Status
|
||||
*/
|
||||
public function set_Finding_Status_By_String($str_New_Status) {
|
||||
public function set_Finding_Status_By_String($str_New_Status)
|
||||
{
|
||||
$this->finding_status_id = $this->get_Finding_Status_ID($str_New_Status);
|
||||
}
|
||||
|
||||
@ -308,7 +315,8 @@ class finding {
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
public function get_Notes() {
|
||||
public function get_Notes()
|
||||
{
|
||||
return $this->notes;
|
||||
}
|
||||
|
||||
@ -317,7 +325,8 @@ class finding {
|
||||
*
|
||||
* @param string $str_Notes
|
||||
*/
|
||||
public function set_Notes($str_Notes) {
|
||||
public function set_Notes($str_Notes)
|
||||
{
|
||||
$this->notes = $str_Notes;
|
||||
}
|
||||
|
||||
@ -326,7 +335,8 @@ class finding {
|
||||
*
|
||||
* @param string $str_Notes
|
||||
*/
|
||||
public function prepend_Notes($str_Notes) {
|
||||
public function prepend_Notes($str_Notes)
|
||||
{
|
||||
$this->notes = $str_Notes . PHP_EOL . $this->notes;
|
||||
}
|
||||
|
||||
@ -336,20 +346,61 @@ class finding {
|
||||
* @param string $str_Notes
|
||||
* @param boolean $merge
|
||||
*/
|
||||
public function append_Notes($str_Notes, $merge = false) {
|
||||
public function append_Notes($str_Notes, $merge = false)
|
||||
{
|
||||
$this->notes .= PHP_EOL . ($merge ? "(Merged Target)" . PHP_EOL : "") . $str_Notes;
|
||||
}
|
||||
|
||||
/**
|
||||
* Getter function for the analyst notes
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
public function get_Analyst_Notes()
|
||||
{
|
||||
return $this->analyst_notes;
|
||||
}
|
||||
|
||||
/**
|
||||
* Setter function for the analyst notes
|
||||
*
|
||||
* @param string $str_Notes
|
||||
*/
|
||||
public function set_Analyst_Notes($str_Notes)
|
||||
{
|
||||
$this->analyst_notes = $str_Notes;
|
||||
}
|
||||
|
||||
/**
|
||||
* Getter function for the scanner notes
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
public function get_Scanner_Notes()
|
||||
{
|
||||
return $this->scanner_notes;
|
||||
}
|
||||
|
||||
/**
|
||||
* Setter function for the scanner notes
|
||||
*
|
||||
* @param string $str_Notes
|
||||
*/
|
||||
public function set_Scanner_Notes($str_Notes)
|
||||
{
|
||||
$this->scanner_notes = $str_Notes;
|
||||
}
|
||||
|
||||
/**
|
||||
* Getter function for change ID
|
||||
*
|
||||
* @return integer
|
||||
*/
|
||||
public function get_Change_ID() {
|
||||
public function get_Change_ID()
|
||||
{
|
||||
if ($this->change_id) {
|
||||
return $this->change_id;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
return $this::NC;
|
||||
}
|
||||
}
|
||||
@ -359,7 +410,8 @@ class finding {
|
||||
*
|
||||
* @param integer $int_Change_ID
|
||||
*/
|
||||
public function set_Change_ID($int_Change_ID) {
|
||||
public function set_Change_ID($int_Change_ID)
|
||||
{
|
||||
$this->change_id = $int_Change_ID;
|
||||
}
|
||||
|
||||
@ -368,7 +420,8 @@ class finding {
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
public function get_Original_Source() {
|
||||
public function get_Original_Source()
|
||||
{
|
||||
return $this->orig_src;
|
||||
}
|
||||
|
||||
@ -377,7 +430,8 @@ class finding {
|
||||
*
|
||||
* @param string $str_Original_Source
|
||||
*/
|
||||
public function set_Original_Source($str_Original_Source) {
|
||||
public function set_Original_Source($str_Original_Source)
|
||||
{
|
||||
$this->orig_src = $str_Original_Source;
|
||||
}
|
||||
|
||||
@ -386,7 +440,8 @@ class finding {
|
||||
*
|
||||
* @return integer
|
||||
*/
|
||||
public function get_Finding_Iteration() {
|
||||
public function get_Finding_Iteration()
|
||||
{
|
||||
return $this->finding_itr;
|
||||
}
|
||||
|
||||
@ -395,14 +450,16 @@ class finding {
|
||||
*
|
||||
* @param integer $int_Finding_Iteration
|
||||
*/
|
||||
public function set_Finding_Iteration($int_Finding_Iteration) {
|
||||
public function set_Finding_Iteration($int_Finding_Iteration)
|
||||
{
|
||||
$this->finding_itr = $int_Finding_Iteration;
|
||||
}
|
||||
|
||||
/**
|
||||
* Increment the finding count by 1
|
||||
*/
|
||||
public function inc_Finding_Count() {
|
||||
public function inc_Finding_Count()
|
||||
{
|
||||
$this->finding_itr ++;
|
||||
}
|
||||
|
||||
@ -412,7 +469,8 @@ class finding {
|
||||
* @param string $str_New_Status
|
||||
* @return string
|
||||
*/
|
||||
public function get_Deconflicted_Status($str_New_Status) {
|
||||
public function get_Deconflicted_Status($str_New_Status)
|
||||
{
|
||||
// must get original status first!
|
||||
return deconflict_status::$DECONFLICTED_STATUS[$this->get_Finding_Status_String()][$str_New_Status];
|
||||
}
|
||||
@ -422,7 +480,8 @@ class finding {
|
||||
*
|
||||
* @return int
|
||||
*/
|
||||
public function get_Category() {
|
||||
public function get_Category()
|
||||
{
|
||||
if (empty($this->cat)) {
|
||||
return 2;
|
||||
}
|
||||
@ -434,11 +493,11 @@ class finding {
|
||||
*
|
||||
* @param mixed $cat_in
|
||||
*/
|
||||
public function set_Category($cat_in) {
|
||||
public function set_Category($cat_in)
|
||||
{
|
||||
if (is_numeric($cat_in)) {
|
||||
$this->cat = $cat_in;
|
||||
}
|
||||
elseif (is_string($cat_in)) {
|
||||
} elseif (is_string($cat_in)) {
|
||||
$this->cat = substr_count($cat_in, "I");
|
||||
}
|
||||
}
|
||||
@ -448,7 +507,8 @@ class finding {
|
||||
*
|
||||
* @return array:string
|
||||
*/
|
||||
public function get_IA_Controls() {
|
||||
public function get_IA_Controls()
|
||||
{
|
||||
return $this->ia_controls;
|
||||
}
|
||||
|
||||
@ -457,7 +517,8 @@ class finding {
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
public function get_IA_Controls_String() {
|
||||
public function get_IA_Controls_String()
|
||||
{
|
||||
return implode(" ", $this->ia_controls);
|
||||
}
|
||||
|
||||
@ -466,11 +527,11 @@ class finding {
|
||||
*
|
||||
* @param mixed $ia_controls_in
|
||||
*/
|
||||
public function set_IA_Controls($ia_controls_in) {
|
||||
public function set_IA_Controls($ia_controls_in)
|
||||
{
|
||||
if (is_array($ia_controls_in)) {
|
||||
$this->ia_controls = $ia_controls_in;
|
||||
}
|
||||
elseif (is_string($ia_controls_in)) {
|
||||
} elseif (is_string($ia_controls_in)) {
|
||||
$this->ia_controls = explode(" ", $ia_controls_in);
|
||||
}
|
||||
}
|
||||
@ -480,7 +541,8 @@ class finding {
|
||||
*
|
||||
* @param string $ia_control_in
|
||||
*/
|
||||
public function add_IA_Control($ia_control_in) {
|
||||
public function add_IA_Control($ia_control_in)
|
||||
{
|
||||
$add = true;
|
||||
foreach ($this->ia_controls as $ia) {
|
||||
if ($ia == $ia_control_in) {
|
||||
@ -493,7 +555,6 @@ class finding {
|
||||
$this->ia_controls[] = $ia_control_in;
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
@ -501,7 +562,8 @@ class finding {
|
||||
*
|
||||
* @author Ryan Prather
|
||||
*/
|
||||
class finding_status {
|
||||
class finding_status
|
||||
{
|
||||
|
||||
/**
|
||||
* The database ID of the finding status
|
||||
@ -516,7 +578,6 @@ class finding_status {
|
||||
* @var string
|
||||
*/
|
||||
public $status = '';
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
@ -524,14 +585,13 @@ class finding_status {
|
||||
*
|
||||
* @author Ryan Prather
|
||||
*/
|
||||
class deconflict_status {
|
||||
class deconflict_status
|
||||
{
|
||||
|
||||
/**
|
||||
* Stores the matrix of current -> new statuses
|
||||
*
|
||||
* @var array:string
|
||||
*
|
||||
* / Finding Definitions
|
||||
* @var array:string / Finding Definitions
|
||||
* Open: The finding is valid for this host - the host does not meet the requirements
|
||||
* Not a Finding: The finding is not valid for this host - the host meets the requirements
|
||||
* Not Applicable: The requirement does not apply to this host - prerequisites do not exist.
|
||||
@ -618,5 +678,4 @@ class deconflict_status {
|
||||
'No Data' => 'No Data'
|
||||
]
|
||||
];
|
||||
|
||||
}
|
||||
|
@ -13,6 +13,8 @@
|
||||
* Change Log:
|
||||
* - Jan 16, 2018 - File created
|
||||
* - Feb 6, 2018 - Added getter/setter methods
|
||||
* - Nov 6, 2018 - Deleted unused constructor
|
||||
* - Nov 8, 2018 - Added method to increase finding count
|
||||
*/
|
||||
|
||||
/**
|
||||
@ -65,14 +67,6 @@ class host_list
|
||||
*/
|
||||
private $_scanNotes = null;
|
||||
|
||||
/**
|
||||
* Constructor
|
||||
*/
|
||||
public function __construct()
|
||||
{
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* Getter function for _targetId
|
||||
*
|
||||
@ -153,6 +147,16 @@ class host_list
|
||||
$this->_findingCount = $intFindingCount;
|
||||
}
|
||||
|
||||
/**
|
||||
* Method to add findings to the count
|
||||
*
|
||||
* @param int $intFindingCount
|
||||
*/
|
||||
public function addFindingCount($intFindingCount)
|
||||
{
|
||||
$this->_findingCount += $intFindingCount;
|
||||
}
|
||||
|
||||
/**
|
||||
* Getter function for _scanError
|
||||
*
|
||||
|
@ -39,7 +39,8 @@ include_once 'vendor/autoload.php';
|
||||
*
|
||||
* @author Ryan Prather
|
||||
*/
|
||||
class import {
|
||||
class import
|
||||
{
|
||||
|
||||
/**
|
||||
* The current include_once path
|
||||
@ -92,21 +93,24 @@ class import {
|
||||
/**
|
||||
* Class constructor
|
||||
*/
|
||||
public function __construct() {
|
||||
public function __construct()
|
||||
{
|
||||
set_time_limit(0);
|
||||
}
|
||||
|
||||
/**
|
||||
* Class destructor to reset the include_once path and time limits
|
||||
*/
|
||||
public function __destruct() {
|
||||
public function __destruct()
|
||||
{
|
||||
set_time_limit(30);
|
||||
}
|
||||
|
||||
/**
|
||||
* Function to scan the tmp directory for result files and call the appropriate parsers
|
||||
*/
|
||||
public function scan_Result_Files($redirect = true) {
|
||||
public function scan_Result_Files($redirect = true)
|
||||
{
|
||||
chdir(DOC_ROOT . "/exec");
|
||||
|
||||
$ignore = filter_input(INPUT_POST, 'ignore', FILTER_VALIDATE_BOOLEAN) ? "true" : "false";
|
||||
@ -130,9 +134,7 @@ EOF;
|
||||
throw new Exception("Error creating the parse_config.ini");
|
||||
}
|
||||
|
||||
$script = realpath(defined('PHP_BIN') ? PHP_BIN : PHP) .
|
||||
" -c " . realpath(PHP_CONF) .
|
||||
" -f " . realpath(DOC_ROOT . "/exec/background_results.php");
|
||||
$script = realpath(defined('PHP_BIN') ? PHP_BIN : PHP) . " -c " . realpath(PHP_CONF) . " -f " . realpath(DOC_ROOT . "/exec/background_results.php");
|
||||
|
||||
if (LOG_LEVEL == E_DEBUG) {
|
||||
Sagacity_Error::err_handler("Script to execute: $script", E_DEBUG);
|
||||
@ -149,18 +151,17 @@ EOF;
|
||||
/**
|
||||
* Function to scan '/xampp/www/tmp' directory for catalog files
|
||||
*/
|
||||
public function scan_Catalog_Files() {
|
||||
public function scan_Catalog_Files()
|
||||
{
|
||||
chdir(DOC_ROOT . "/tmp");
|
||||
$files = glob("*");
|
||||
|
||||
foreach ($files as $file) {
|
||||
if (substr($file, - 3) == 'zip') {
|
||||
// $this->import_STIG_ZIP("../tmp/$file");
|
||||
}
|
||||
elseif (preg_match('/pdi\-|\_catalog/i', $file)) {
|
||||
} elseif (preg_match('/pdi\-|\_catalog/i', $file)) {
|
||||
// $this->import_PDI_CSV("../tmp/$file");
|
||||
}
|
||||
elseif (preg_match('/\-xccdf\.xml$/i', $file)) {
|
||||
} elseif (preg_match('/\-xccdf\.xml$/i', $file)) {
|
||||
// $this->import_STIG("../tmp/$file");
|
||||
}
|
||||
}
|
||||
@ -169,7 +170,8 @@ EOF;
|
||||
/**
|
||||
* Function to scan host data files and import findings
|
||||
*/
|
||||
public function import_Host_Data_Collection() {
|
||||
public function import_Host_Data_Collection()
|
||||
{
|
||||
$db = new db();
|
||||
|
||||
$doc_root = realpath(DOC_ROOT);
|
||||
@ -187,30 +189,26 @@ EOF;
|
||||
|
||||
file_put_contents(DOC_ROOT . "/exec/parse_config.ini", $conf);
|
||||
|
||||
$script = realpath(defined('PHP_BIN') ? PHP_BIN : PHP) .
|
||||
" -c " . realpath(PHP_CONF) .
|
||||
" -f " . realpath(DOC_ROOT . "/exec/parse_host_data_collection.php");
|
||||
$script = realpath(defined('PHP_BIN') ? PHP_BIN : PHP) . " -c " . realpath(PHP_CONF) . " -f " . realpath(DOC_ROOT . "/exec/parse_host_data_collection.php");
|
||||
|
||||
if (substr(strtolower(PHP_OS), 0, 3) == 'win') {
|
||||
$shell = new COM("WScript.Shell");
|
||||
$shell->CurrentDirectory = DOC_ROOT;
|
||||
$shell->run($script, 0, false);
|
||||
}
|
||||
elseif (substr(strtolower(PHP_OS), 0, 3) == 'lin') {
|
||||
} elseif (substr(strtolower(PHP_OS), 0, 3) == 'lin') {
|
||||
exec("$script > /dev/null &");
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
Sagacity_Error::err_handler("Unknown OS: " . PHP_OS);
|
||||
}
|
||||
|
||||
|
||||
header("Location: /ste/");
|
||||
}
|
||||
|
||||
/**
|
||||
* function to import PDI CSV file to database
|
||||
*/
|
||||
public function import_PDI_CSV() {
|
||||
public function import_PDI_CSV()
|
||||
{
|
||||
$db = new db();
|
||||
|
||||
$handle = fopen(DOC_ROOT . "/tmp/All-PDI-Catalog.csv", "r");
|
||||
@ -272,9 +270,7 @@ EOF;
|
||||
}
|
||||
|
||||
// Vul_ID
|
||||
if ($catalog['vul_id']) {
|
||||
|
||||
}
|
||||
if ($catalog['vul_id']) {}
|
||||
|
||||
if ($catalog['sv_rule_id']) {
|
||||
$sv_rule = array();
|
||||
@ -294,8 +290,7 @@ EOF;
|
||||
print "error updating nessus id: " . $catalog['nessus_id'] . "<br />";
|
||||
}
|
||||
}
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
$pdi = new pdi(0, $catalog['cat_lvl'], "NOW");
|
||||
$pdi->set_Short_Title($catalog['short_title']);
|
||||
$pdi->set_Group_Title($catalog['short_title']);
|
||||
@ -340,9 +335,7 @@ EOF;
|
||||
}
|
||||
|
||||
// Vul_ID
|
||||
if ($catalog['vul_id']) {
|
||||
|
||||
}
|
||||
if ($catalog['vul_id']) {}
|
||||
|
||||
// sv_rule
|
||||
if ($catalog['sv_rule_id']) {
|
||||
@ -373,29 +366,25 @@ EOF;
|
||||
* runs script net-SRR.pl
|
||||
* exports a csv format file
|
||||
*/
|
||||
public function net_SRR() {
|
||||
|
||||
}
|
||||
public function net_SRR()
|
||||
{}
|
||||
|
||||
/**
|
||||
* function for unix SRR conversion to csv
|
||||
* runs script unix-xml-to-echecklist.pl
|
||||
* runs script unix-srr-to-csv.pl
|
||||
*/
|
||||
public function unix_srr_to_csv() {
|
||||
|
||||
}
|
||||
public function unix_srr_to_csv()
|
||||
{}
|
||||
|
||||
/**
|
||||
* Function to import DISA STIG content to database
|
||||
*
|
||||
* @param array $request
|
||||
*/
|
||||
public function import_STIG_XML($request = array()) {
|
||||
$script = realpath(defined('PHP_BIN') ? PHP_BIN : PHP) . " " .
|
||||
realpath(DOC_ROOT . "/exec/background_stigs.php") . " " .
|
||||
(isset($request['delete']) ? ' --delete' : '') .
|
||||
(isset($request['override']) ? " --ia" : "");
|
||||
public function import_STIG_XML($request = array())
|
||||
{
|
||||
$script = realpath(defined('PHP_BIN') ? PHP_BIN : PHP) . " " . realpath(DOC_ROOT . "/exec/background_stigs.php") . " " . (isset($request['delete']) ? ' --delete' : '') . (isset($request['override']) ? " --ia" : "");
|
||||
|
||||
$shell = new COM("WScript.Shell");
|
||||
$shell->CurrentDirectory = DOC_ROOT . "/exec";
|
||||
@ -407,7 +396,8 @@ EOF;
|
||||
/**
|
||||
* Function to convert a retina CSV to an eChecklist and store on database
|
||||
*/
|
||||
public function retina_csv_echecklist() {
|
||||
public function retina_csv_echecklist()
|
||||
{
|
||||
$files = glob('*.csv');
|
||||
$db = new db();
|
||||
|
||||
@ -426,7 +416,8 @@ EOF;
|
||||
* function to import golddisk info into scans table
|
||||
* runs script golddisk-xml-to-echecklist.pl
|
||||
*/
|
||||
public function golddisk_xml_echecklist() {
|
||||
public function golddisk_xml_echecklist()
|
||||
{
|
||||
$files = glob('*.xml');
|
||||
$db = new db();
|
||||
|
||||
@ -442,9 +433,9 @@ EOF;
|
||||
}
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
public function import_IAVM_CVE() {
|
||||
public function import_IAVM_CVE()
|
||||
{
|
||||
$filename = '../tmp/iavm-to-cve(u).xml';
|
||||
$xml = simplexml_load_file($filename);
|
||||
$db = new db();
|
||||
@ -484,8 +475,7 @@ EOF;
|
||||
|
||||
$golddisk = new golddisk($pdi_id, $vms_id, $title);
|
||||
$db->save_GoldDisk($golddisk);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
$pdi_id = $pdi->get_PDI_ID();
|
||||
}
|
||||
|
||||
@ -522,8 +512,7 @@ EOF;
|
||||
if (count($match)) {
|
||||
$id = $match[1];
|
||||
}
|
||||
}
|
||||
elseif (strpos($ref, 'Adobe') !== false) {
|
||||
} elseif (strpos($ref, 'Adobe') !== false) {
|
||||
$x ++;
|
||||
$type = 'Adobe';
|
||||
$ret = preg_match('/(APSA\d{2}\-\d{2}|APSB\d{2}\-\d{2})/', $ref, $match);
|
||||
@ -531,8 +520,7 @@ EOF;
|
||||
if (count($match)) {
|
||||
$id = $match[1];
|
||||
}
|
||||
}
|
||||
elseif (strpos($ref, 'Apache') !== false) {
|
||||
} elseif (strpos($ref, 'Apache') !== false) {
|
||||
$x ++;
|
||||
$type = 'Apache';
|
||||
$ret = preg_match('/(CVE\-\d{4}\-\d{4}|S\d\-\d{3})/', $ref, $match);
|
||||
@ -540,39 +528,34 @@ EOF;
|
||||
if (count($match)) {
|
||||
$id = $match[1];
|
||||
}
|
||||
}
|
||||
elseif (strpos($ref, 'CERT') !== false) {
|
||||
} elseif (strpos($ref, 'CERT') !== false) {
|
||||
$x ++;
|
||||
$type = 'US-CERT';
|
||||
$match = array();
|
||||
|
||||
if (strpos($url, 'techalerts') !== false) {
|
||||
$ret = preg_match('/(TA\d{2}\-\d{3}\s).html/', $url, $match);
|
||||
}
|
||||
elseif (strpos($url, 'vuls') !== false) {
|
||||
} elseif (strpos($url, 'vuls') !== false) {
|
||||
$ret = preg_match('/([^\/]+)$/', $url, $match);
|
||||
}
|
||||
|
||||
if (count($match)) {
|
||||
$id = $match[1];
|
||||
}
|
||||
}
|
||||
elseif (strpos($ref, 'Cisco') !== false) {
|
||||
} elseif (strpos($ref, 'Cisco') !== false) {
|
||||
$x ++;
|
||||
$type = 'Cisco';
|
||||
$ret = preg_match('/([^\/]+)(\.s?html)$/', $url, $match);
|
||||
|
||||
if (count($match) > 0) {
|
||||
$id = $match[1];
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
$ret = preg_match('/([^\/]+)$/', $url, $match);
|
||||
if (count($match)) {
|
||||
$id = $match[1];
|
||||
}
|
||||
}
|
||||
}
|
||||
elseif (strpos($ref, 'Citrix') !== false) {
|
||||
} elseif (strpos($ref, 'Citrix') !== false) {
|
||||
$x ++;
|
||||
$type = 'Citrix';
|
||||
$ret = preg_match('/([^\/]+)$/', $url, $match);
|
||||
@ -580,8 +563,7 @@ EOF;
|
||||
if (count($match)) {
|
||||
$id = $match[1];
|
||||
}
|
||||
}
|
||||
elseif (strpos($ref, 'Debian') !== false) {
|
||||
} elseif (strpos($ref, 'Debian') !== false) {
|
||||
$x ++;
|
||||
$type = 'Debian';
|
||||
$ret = preg_match('/([^\/]+)$/', $url, $match);
|
||||
@ -589,38 +571,33 @@ EOF;
|
||||
if (count($match)) {
|
||||
$id = $match[1];
|
||||
}
|
||||
}
|
||||
elseif (strpos($ref, 'HP') !== false) {
|
||||
} elseif (strpos($ref, 'HP') !== false) {
|
||||
$x ++;
|
||||
$type = 'HP';
|
||||
$ret = preg_match('/(HPSB\S+\ SSRT\S+)[\ ?\)?]/', $ref, $match);
|
||||
|
||||
if (count($match)) {
|
||||
$id = $match[1];
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
$ret = preg_match('/(HPSB\S+)[\ ?\)?]/', $ref, $match);
|
||||
if (count($match)) {
|
||||
$id = $match[1];
|
||||
}
|
||||
}
|
||||
}
|
||||
elseif (strpos($ref, 'IBM') !== false) {
|
||||
} elseif (strpos($ref, 'IBM') !== false) {
|
||||
$x ++;
|
||||
$type = 'IBM';
|
||||
$ret = preg_match('/(\d{5,8})/', $ref, $match);
|
||||
|
||||
if (count($match)) {
|
||||
$id = $match[1];
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
$ret = preg_match('/([^\=|\/]+)$/', $url, $match);
|
||||
if (count($match)) {
|
||||
$id = $match[1];
|
||||
}
|
||||
}
|
||||
}
|
||||
elseif (strpos($ref, 'Juniper') !== false) {
|
||||
} elseif (strpos($ref, 'Juniper') !== false) {
|
||||
$x ++;
|
||||
$type = 'Juniper';
|
||||
$ret = preg_match('/(PSN\-\d{4}\-\d{2}\-\d{3}|JSA\d{5})/', $url, $match);
|
||||
@ -628,8 +605,7 @@ EOF;
|
||||
if (count($match)) {
|
||||
$id = $match[1];
|
||||
}
|
||||
}
|
||||
elseif (strpos($ref, 'Oracle') !== false) {
|
||||
} elseif (strpos($ref, 'Oracle') !== false) {
|
||||
$x ++;
|
||||
$type = 'Oracle';
|
||||
$url = basename($url);
|
||||
@ -638,8 +614,7 @@ EOF;
|
||||
if (count($match)) {
|
||||
$id = $match[1];
|
||||
}
|
||||
}
|
||||
elseif (strpos($ref, 'McAfee') !== false) {
|
||||
} elseif (strpos($ref, 'McAfee') !== false) {
|
||||
$x ++;
|
||||
$type = 'McAfee';
|
||||
$query = parse_query($url);
|
||||
@ -647,8 +622,7 @@ EOF;
|
||||
if (count($match)) {
|
||||
$id = isset($query['id']) ? $query['id'] : '';
|
||||
}
|
||||
}
|
||||
elseif (strpos($ref, 'Red Hat') !== false) {
|
||||
} elseif (strpos($ref, 'Red Hat') !== false) {
|
||||
$x ++;
|
||||
$type = 'Red Hat';
|
||||
$ret = preg_match('/([^\/]+)\.html/', $url, $match);
|
||||
@ -656,8 +630,7 @@ EOF;
|
||||
if (count($match)) {
|
||||
$id = $match[1];
|
||||
}
|
||||
}
|
||||
elseif (strpos($ref, 'Secunia') !== false) {
|
||||
} elseif (strpos($ref, 'Secunia') !== false) {
|
||||
$x ++;
|
||||
$type = 'Secunia';
|
||||
$ret = preg_match('/([^\/]+)\/([^\/]+)\/?$/', $url, $match);
|
||||
@ -665,16 +638,13 @@ EOF;
|
||||
if (count($match)) {
|
||||
if ($match[2] == 'advisory') {
|
||||
$id = $match[1];
|
||||
}
|
||||
elseif (is_numeric($match[1]) && count($match[2]) == 1) {
|
||||
} elseif (is_numeric($match[1]) && count($match[2]) == 1) {
|
||||
$id = $match[1];
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
$id = $match[2];
|
||||
}
|
||||
}
|
||||
}
|
||||
elseif (strpos($url, 'securitytracker') !== false) {
|
||||
} elseif (strpos($url, 'securitytracker') !== false) {
|
||||
$x ++;
|
||||
$type = 'Security Tracker';
|
||||
$ret = preg_match('/([^\/]+)\.html$/', $url, $match);
|
||||
@ -682,8 +652,7 @@ EOF;
|
||||
if (count($match)) {
|
||||
$id = $match[1];
|
||||
}
|
||||
}
|
||||
elseif (strpos($ref, 'SecurityFocus') !== false) {
|
||||
} elseif (strpos($ref, 'SecurityFocus') !== false) {
|
||||
$x ++;
|
||||
$type = 'SecurityFocus';
|
||||
$ret = preg_match('/([^\/]+)\/?$/', $url, $match);
|
||||
@ -691,14 +660,12 @@ EOF;
|
||||
if (count($match)) {
|
||||
if ($match[1] != 'info') {
|
||||
$id = $match[1];
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
$ret = preg_match('/([^\/]+)\/info/', $url, $match);
|
||||
$id = $match[1];
|
||||
}
|
||||
}
|
||||
}
|
||||
elseif (strpos($ref, 'Sun') !== false) {
|
||||
} elseif (strpos($ref, 'Sun') !== false) {
|
||||
$x ++;
|
||||
$type = 'Sun';
|
||||
$query = parse_query($url);
|
||||
@ -709,8 +676,7 @@ EOF;
|
||||
$ret = preg_match('/([^\/]+)$/', parse_url($url, PHP_URL_PATH), $match);
|
||||
$id = $match[1];
|
||||
}
|
||||
}
|
||||
elseif (strpos($ref, 'Symantec') !== false) {
|
||||
} elseif (strpos($ref, 'Symantec') !== false) {
|
||||
$x ++;
|
||||
$type = 'Symantec';
|
||||
$ret = preg_match('/(\d{5}|SYM\d{2}\-\d{3})/', $ref, $match);
|
||||
@ -718,8 +684,7 @@ EOF;
|
||||
if (count($match)) {
|
||||
$id = $match[1];
|
||||
}
|
||||
}
|
||||
elseif (strpos($url, 'ZDI') !== false) {
|
||||
} elseif (strpos($url, 'ZDI') !== false) {
|
||||
$x ++;
|
||||
$type = 'ZDI';
|
||||
$ret = preg_match('/([^\/]+)(\.html|\/)$/', $url, $match);
|
||||
@ -727,8 +692,7 @@ EOF;
|
||||
if (count($match)) {
|
||||
$id = $match[1];
|
||||
}
|
||||
}
|
||||
elseif (strpos($ref, 'Wireshark') !== false) {
|
||||
} elseif (strpos($ref, 'Wireshark') !== false) {
|
||||
$x ++;
|
||||
$type = 'Wireshark';
|
||||
$ret = preg_match('/([^\/]+)\.html$/', $url, $match);
|
||||
@ -744,7 +708,8 @@ EOF;
|
||||
* @param string $in
|
||||
* @return multitype:Ambigous <>
|
||||
*/
|
||||
public function parse_query($in) {
|
||||
public function parse_query($in)
|
||||
{
|
||||
/**
|
||||
* Use this function to parse out the query array element from
|
||||
* the output of parse_url().
|
||||
@ -764,7 +729,8 @@ EOF;
|
||||
/**
|
||||
* Function for fixing a DISA OVAL file
|
||||
*/
|
||||
public function fix_Oval() {
|
||||
public function fix_Oval()
|
||||
{
|
||||
chdir("../tmp");
|
||||
$files = glob("*-oval.xml");
|
||||
$ret = '';
|
||||
@ -779,11 +745,9 @@ EOF;
|
||||
$xml->preserveWhiteSpace = true;
|
||||
$const_arr = null;
|
||||
|
||||
$variables = $xml->getElementsByTagName("variables")
|
||||
->item(0);
|
||||
$variables = $xml->getElementsByTagName("variables")->item(0);
|
||||
$first_node = $variables->firstChild;
|
||||
while ($node = $xml->getElementsByTagName("external_variable")
|
||||
->item(0)) {
|
||||
while ($node = $xml->getElementsByTagName("external_variable")->item(0)) {
|
||||
$id = $node->getAttribute("id");
|
||||
$id = explode(':', $id)[3];
|
||||
|
||||
@ -833,10 +797,9 @@ EOF;
|
||||
}
|
||||
}
|
||||
|
||||
private function getElementById($doc, $id) {
|
||||
private function getElementById($doc, $id)
|
||||
{
|
||||
$xpath = new DOMXPath($doc);
|
||||
return $xpath->query("//*[@id='$id']")
|
||||
->item(0);
|
||||
return $xpath->query("//*[@id='$id']")->item(0);
|
||||
}
|
||||
|
||||
}
|
||||
|
@ -83,7 +83,7 @@ class scan
|
||||
/**
|
||||
* Array of hosts
|
||||
*
|
||||
* @var array
|
||||
* @var array:host_list
|
||||
*/
|
||||
protected $host_list = array();
|
||||
|
||||
@ -614,6 +614,31 @@ class scan
|
||||
$this->host_count = $total_host_count_in;
|
||||
}
|
||||
|
||||
/**
|
||||
* Method to set a host error
|
||||
*
|
||||
* @param int $tgt_id
|
||||
* @param boolean $is_error
|
||||
* @param string $err_msg
|
||||
*
|
||||
* @return boolean
|
||||
*/
|
||||
public function set_Host_Error($tgt_id, $is_error, $err_msg = null)
|
||||
{
|
||||
if(isset($this->host_list[$tgt_id])) {
|
||||
$h = $this->host_list[$tgt_id];
|
||||
|
||||
$h->setScanError($is_error);
|
||||
$h->setScanNotes($err_msg);
|
||||
|
||||
$this->host_list[$tgt_id] = $h;
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* Function to return string of the td row for the upload progress page
|
||||
*
|
||||
|
@ -254,10 +254,10 @@ class ste_cat
|
||||
*/
|
||||
public function get_Table_Row($intCount = 0, $status_count = null)
|
||||
{
|
||||
$nf = 0;
|
||||
$open = 0;
|
||||
$na = 0;
|
||||
if (!is_null($status_count)) {
|
||||
$nf = $this->nf;
|
||||
$open = $this->open;
|
||||
$na = $this->na;
|
||||
if (!is_null($status_count) && is_array($status_count)) {
|
||||
if (isset($status_count['nf'])) {
|
||||
$nf = $status_count['nf'];
|
||||
}
|
||||
@ -271,6 +271,10 @@ class ste_cat
|
||||
}
|
||||
}
|
||||
|
||||
if(!$intCount) {
|
||||
$intCount = $this->tgt_count;
|
||||
}
|
||||
|
||||
$cat_sources = [];
|
||||
if (is_array($this->sources) && count($this->sources)) {
|
||||
foreach ($this->sources as $src) {
|
||||
|
@ -110,7 +110,7 @@ class system {
|
||||
/**
|
||||
* System diagram
|
||||
*
|
||||
* @var binary
|
||||
* @var mixed
|
||||
*/
|
||||
protected $diagram = null;
|
||||
|
||||
@ -294,7 +294,7 @@ class system {
|
||||
/**
|
||||
* Getter function for system diagram
|
||||
*
|
||||
* @return binary
|
||||
* @return mixed
|
||||
*/
|
||||
public function get_Diagram() {
|
||||
return $this->diagram;
|
||||
@ -303,7 +303,7 @@ class system {
|
||||
/**
|
||||
* Setter function for system diagram
|
||||
*
|
||||
* @param binary $bin_diag_in
|
||||
* @param mixed $bin_diag_in
|
||||
*/
|
||||
public function set_Diagram($bin_diag_in) {
|
||||
$this->diagram = $bin_diag_in;
|
||||
|
@ -147,8 +147,7 @@ innodb_log_group_home_dir = "C:/xampp/mysql/data"
|
||||
#innodb_log_arch_dir = "C:/xampp/mysql/data"
|
||||
## You can set .._buffer_pool_size up to 50 - 80 %
|
||||
## of RAM but beware of setting memory usage too high
|
||||
innodb_buffer_pool_size = 16M
|
||||
innodb_additional_mem_pool_size = 2M
|
||||
innodb_buffer_pool_size = 20M
|
||||
## Set .._log_file_size to 25 % of buffer pool size
|
||||
innodb_log_file_size = 5M
|
||||
innodb_log_buffer_size = 8M
|
||||
|
2050
conf/php-dev.ini
Normal file
2050
conf/php-dev.ini
Normal file
File diff suppressed because it is too large
Load Diff
14
conf/php.ini
14
conf/php.ini
@ -2039,17 +2039,3 @@ eaccelerator.shm_prune_period="0"
|
||||
; on session data and content caching.
|
||||
; Default value is "0" that means - use disk and shared memory for caching.
|
||||
eaccelerator.shm_only="0"
|
||||
|
||||
[XDebug]
|
||||
;zend_extension = "C:\xampp\php\ext\php_xdebug.dll"
|
||||
;xdebug.profiler_append = 0
|
||||
;xdebug.profiler_enable = 1
|
||||
;xdebug.profiler_enable_trigger = 0
|
||||
;xdebug.profiler_output_dir = "C:\xampp\tmp"
|
||||
;xdebug.profiler_output_name = "cachegrind.out.%t-%s"
|
||||
;xdebug.remote_enable = 1
|
||||
;xdebug.remote_handler = "dbgp"
|
||||
;xdebug.remote_port = 9000
|
||||
;xdebug.remote_host = "127.0.0.1"
|
||||
;xdebug.remote_connect_back = 1
|
||||
;xdebug.trace_output_dir = "C:\xampp\tmp"
|
||||
|
BIN
conf/php_xdebug-2.6.0-7.2-vc15.dll
Normal file
BIN
conf/php_xdebug-2.6.0-7.2-vc15.dll
Normal file
Binary file not shown.
@ -30,8 +30,8 @@ define('E_DEBUG', 65535);
|
||||
define('DOC_ROOT', '{DOC_ROOT}');
|
||||
define('PWD_FILE', '{PWD_FILE}');
|
||||
define('TMP', '{TMP_PATH}');
|
||||
define('VER', '1.3.3');
|
||||
define('REL_DATE', '2018-08-31');
|
||||
define('VER', '1.3.4');
|
||||
define('REL_DATE', '2018-11-30');
|
||||
define('LOG_LEVEL', '{E_ERROR}');
|
||||
define('LOG_PATH', '{LOG_PATH}');
|
||||
define('SALT', '{SALT}');
|
||||
|
198
data/catmgmt.inc
198
data/catmgmt.inc
@ -13,12 +13,14 @@
|
||||
* Change Log:
|
||||
* - May 2, 2018 - File created, Moved catalog mgmt html content from index page to this for easier viewing and refined the code a little
|
||||
*/
|
||||
|
||||
global $db;
|
||||
?>
|
||||
|
||||
<script src='/script/datatables/DataTables-1.10.9/js/jquery.dataTables.min.js'></script>
|
||||
<link rel="stylesheet" href="/script/datatables/DataTables-1.10.9/css/jquery.dataTables.min.css" />
|
||||
<link rel='stylesheet' href='/script/jquery-ui/jquery-ui.min.css' />
|
||||
<script
|
||||
src='/script/datatables/DataTables-1.10.9/js/jquery.dataTables.min.js'></script>
|
||||
<link rel="stylesheet"
|
||||
href="/script/datatables/DataTables-1.10.9/css/jquery.dataTables.min.css" />
|
||||
<link rel='stylesheet' href='/script/jquery-ui/jquery-ui.theme.min.css' />
|
||||
|
||||
<style type='text/css'>
|
||||
#availableSoftware {
|
||||
@ -35,7 +37,6 @@
|
||||
cursor: pointer;
|
||||
}
|
||||
</style>
|
||||
<script src='data.min.js' type='text/javascript'></script>
|
||||
<script type='text/javascript'>
|
||||
$(function () {
|
||||
$('#catalog').DataTable({
|
||||
@ -45,9 +46,161 @@
|
||||
close_box();
|
||||
});
|
||||
$('#release-date').datepicker();
|
||||
$('.button,.button-delete').mouseover(function(){$(this).addClass('mouseover');});
|
||||
$('.button,.button-delete').mouseout(function(){$(this).removeClass('mouseover');});
|
||||
});
|
||||
|
||||
function close_box() {
|
||||
$('.backdrop, .box').animate({
|
||||
'opacity': '0'
|
||||
}, 300, 'linear', function () {
|
||||
$('.backdrop, .box').css('display', 'none');
|
||||
});
|
||||
}
|
||||
|
||||
function view_box() {
|
||||
$('.backdrop').animate({
|
||||
'opacity': '.5'
|
||||
}, 300, 'linear');
|
||||
$('.backdrop').css('display', 'block');
|
||||
}
|
||||
|
||||
function get_cat_data(fname) {
|
||||
$('#popup').animate({
|
||||
'opacity': '1.00'
|
||||
}, 300, 'linear');
|
||||
$('#popup').css('display', 'block');
|
||||
view_box();
|
||||
|
||||
$.ajax('/ajax.php', {
|
||||
data: {
|
||||
action: 'get-cat-data',
|
||||
'fname': fname
|
||||
},
|
||||
beforeSend: function () {
|
||||
$('#id').val('');
|
||||
$('#checklist-id').text('');
|
||||
$('#name').val('');
|
||||
$('#description').val('');
|
||||
$('#version').text('');
|
||||
$('#release').text('');
|
||||
$('#icon').val('');
|
||||
$('#type').text('');
|
||||
$('#software option').remove();
|
||||
$('#cpe').val('');
|
||||
},
|
||||
success: function (data) {
|
||||
$('#id').val(data.id);
|
||||
$('#checklist-id').text(data.checklist_id);
|
||||
$('#name').val(data.name);
|
||||
$('#description').val(data.description);
|
||||
$('#version').text(data.ver);
|
||||
$('#release').text(data.release);
|
||||
$('#icon').val(data.icon);
|
||||
$('#type').text(data.type);
|
||||
|
||||
var dt = new Date(data.date.date);
|
||||
$('#release-date').val(dt.getMonth() + "/" + dt.getDate() + '/' + dt.getFullYear());
|
||||
|
||||
for (var x in data.sw) {
|
||||
$('#software').append("<option id='" + data.sw[x].id + "'>" +
|
||||
data.sw[x].man + " " + data.sw[x].name + " " + data.sw[x].ver +
|
||||
"</option>");
|
||||
}
|
||||
|
||||
$('#software option').dblclick(remove_Software);
|
||||
},
|
||||
error: function (xhr, status, error) {
|
||||
console.error(error);
|
||||
},
|
||||
timeout: 3000,
|
||||
method: 'post',
|
||||
dataType: 'json'
|
||||
});
|
||||
}
|
||||
|
||||
function remove_Software() {
|
||||
$.ajax("/ajax.php", {
|
||||
data: {
|
||||
action: 'checklist-remove-software',
|
||||
chk_id: $('#id').val(),
|
||||
sw_id: $(this).attr('id')
|
||||
},
|
||||
success: function (data) {
|
||||
if (data.error) {
|
||||
alert(data.error);
|
||||
}
|
||||
else if (data.success) {
|
||||
alert(data.success);
|
||||
}
|
||||
},
|
||||
error: function (xhr, status, error) {
|
||||
console.error(error);
|
||||
},
|
||||
dataType: 'json',
|
||||
timeout: 3000,
|
||||
method: 'post'
|
||||
});
|
||||
|
||||
$(this).remove();
|
||||
}
|
||||
|
||||
function autocomplete_software() {
|
||||
if ($('#cpe').val().length < 3) {
|
||||
return;
|
||||
}
|
||||
|
||||
$.ajax('/ajax.php', {
|
||||
data: {
|
||||
action: ($('#os').is(":checked") ? 'os_filter' : 'sw_filter'),
|
||||
filter: $('#cpe').val()
|
||||
},
|
||||
success: function (data) {
|
||||
$('#availableSoftware div').remove();
|
||||
for (var x in data) {
|
||||
$('#availableSoftware').append("<div sw_id='" + data[x].sw_id + "' cpe='" + data[x].cpe + "'>" + data[x].sw_string + "</div>");
|
||||
}
|
||||
$('#availableSoftware').show();
|
||||
|
||||
$('#availableSoftware div').each(function () {
|
||||
$(this).on("mouseover", function () {
|
||||
$(this).addClass("swmouseover");
|
||||
});
|
||||
$(this).on("mouseout", function () {
|
||||
$(this).removeClass("swmouseover");
|
||||
});
|
||||
$(this).on("click", function () {
|
||||
add_software($(this).attr('sw_id'));
|
||||
$('#software').append("<option value='" + $(this).attr('sw_id') + "' ondblclick='remove_Software();$(this).remove();'>" + $(this).html() + "</option>");
|
||||
$(this).remove();
|
||||
});
|
||||
});
|
||||
},
|
||||
error: function (xhr, status, error) {
|
||||
console.error(error);
|
||||
},
|
||||
dataType: 'json',
|
||||
method: 'post',
|
||||
timeout: 5000
|
||||
});
|
||||
}
|
||||
|
||||
function add_software(sw_id) {
|
||||
$.ajax('/ajax.php', {
|
||||
data: {
|
||||
action: 'checklist-add-software',
|
||||
'sw_id': sw_id,
|
||||
chk_id: $('#id').val()
|
||||
},
|
||||
success: function (data) {
|
||||
alert(data.status);
|
||||
},
|
||||
error: function (xhr, status, error) {
|
||||
console.error(error);
|
||||
},
|
||||
dataType: 'json',
|
||||
method: 'post',
|
||||
timeout: 3000
|
||||
});
|
||||
}
|
||||
</script>
|
||||
<style type="text/css">
|
||||
thead {
|
||||
@ -65,25 +218,30 @@
|
||||
<th>Start Time</th>
|
||||
<th>% Complete</th>
|
||||
<th>STIG Count</th>
|
||||
<th>eChecklist</th>
|
||||
</tr>
|
||||
</thead>
|
||||
|
||||
<tbody>
|
||||
<?php
|
||||
$cat_scripts = $db->get_Catalog_Script();
|
||||
$odd = true;
|
||||
foreach ($cat_scripts as $key => $cat_script) {
|
||||
print <<<EOL
|
||||
foreach ($cat_scripts as $cat_script) {
|
||||
print <<<EOR
|
||||
<tr>
|
||||
<td onclick='javascript:get_cat_data("{$cat_script->file_name}");'><a href='javascript:void(0);'>{$cat_script->file_name}</a></td>
|
||||
<td onclick='javascript:get_cat_data("{$cat_script->file_name}");'>
|
||||
<a href='javascript:void(0);'>{$cat_script->file_name}</a>
|
||||
</td>
|
||||
<td>{$cat_script->status}</td>
|
||||
<td>{$cat_script->start_time->format("Y-m-d H:i:s")}</td>
|
||||
<td>{$cat_script->perc_comp}</td>
|
||||
<td>{$cat_script->stig_count}</td>
|
||||
<td>
|
||||
<a href='/data/gen-echecklist.php?id={$cat_script->id}' target='_blank'><img src='/img/scan_types/echecklist.png' style='width:32px'; /></a>
|
||||
</td>
|
||||
</tr>
|
||||
EOL;
|
||||
}
|
||||
|
||||
EOR;
|
||||
}
|
||||
?>
|
||||
</tbody>
|
||||
</table>
|
||||
@ -94,22 +252,18 @@ EOL;
|
||||
<input type='hidden' id='id' />
|
||||
Checklist ID: <span id='checklist-id'></span><br />
|
||||
Name: <input type='text' id='name' /><br />
|
||||
Description: <textarea id='description'></textarea><br />
|
||||
Description: <input type='text' id='description' /><br />
|
||||
Version: <span id='version'></span><br />
|
||||
Release: <span id='release'></span><br />
|
||||
Release Date: <input type='text' id='release-date' /><br />
|
||||
Icon: <input type='text' id='icon' title='Put file in <?php print realpath(DOC_ROOT . "/img/checklist_icons") ?> and copy/paste the base filename here' /><br />
|
||||
Type: <span id='type'></span><br />
|
||||
<input type='button' class="button" value='Save' onclick='save_checklist();' />
|
||||
<!-- <input type='button' class='button-delete' value='Delete' onclick='' /> -->
|
||||
Icon: <input type='text' id='icon' /><br />
|
||||
Type: <span id='type'></span>
|
||||
</div>
|
||||
|
||||
<div style='display: inline-block; width: 49%;'>
|
||||
<select id='software' multiple size='10' style='width:275px;' title='Double-click to remove software'></select><br />
|
||||
|
||||
<select id='software' multiple size='10'></select><br />
|
||||
Add CPE: <input type='text' id='cpe' onkeyup='javascript:autocomplete_software();' />
|
||||
<label for='os'>OS?</label>
|
||||
<input type='checkbox' id='os' /><br />
|
||||
<label for='os'>OS?</label> <input type='checkbox' id='os' /><br />
|
||||
<div id="availableSoftware"></div>
|
||||
</div>
|
||||
</div>
|
||||
|
197
data/gen-echecklist.php
Normal file
197
data/gen-echecklist.php
Normal file
@ -0,0 +1,197 @@
|
||||
<?php
|
||||
|
||||
set_time_limit(0);
|
||||
require_once 'config.inc';
|
||||
require_once 'helper.inc';
|
||||
require_once 'vendor/autoload.php';
|
||||
require_once 'database.inc';
|
||||
require_once 'excelConditionalStyles.inc';
|
||||
|
||||
use PhpOffice\PhpSpreadsheet\Writer\Xlsx;
|
||||
use Monolog\Logger;
|
||||
use Monolog\Handler\StreamHandler;
|
||||
|
||||
$log_level = convert_log_level();
|
||||
$log = new Logger("eChecklist-export");
|
||||
$log->pushHandler(new StreamHandler(LOG_PATH . "/echecklist-export.log", $log_level));
|
||||
|
||||
global $conditions, $validation, $borders;
|
||||
|
||||
$db = new db();
|
||||
$id = filter_input(INPUT_GET, 'id', FILTER_VALIDATE_INT, FILTER_NULL_ON_FAILURE);
|
||||
|
||||
if(!$id) {
|
||||
die("Failed to read checklist ID");
|
||||
}
|
||||
|
||||
$host_status = [
|
||||
$conditions['open'],
|
||||
$conditions['exception'],
|
||||
$conditions['false_positive'],
|
||||
$conditions['not_a_finding'],
|
||||
$conditions['not_applicable'],
|
||||
$conditions['no_data'],
|
||||
$conditions['not_reviewed'],
|
||||
$conditions['true'],
|
||||
$conditions['false']
|
||||
];
|
||||
|
||||
/** @var checklist $chk */
|
||||
$chk = $db->get_Checklist($id);
|
||||
if(is_array($chk) && count($chk) && isset($chk[0])) {
|
||||
$chk = $chk[0];
|
||||
} else {
|
||||
die("Failed to find the checklist");
|
||||
}
|
||||
|
||||
$Reader = \PhpOffice\PhpSpreadsheet\IOFactory::createReaderForFile("../ste/eChecklist-Template.xlsx");
|
||||
$ss = $Reader->load("../ste/eChecklist-Template.xlsx");
|
||||
|
||||
$log->debug("Loaded template");
|
||||
|
||||
$ss->setActiveSheetIndexByName('Cover Sheet')
|
||||
->setCellValue("B5", "{$chk->get_Name()} eChecklist")
|
||||
->setCellValue("B9", "")
|
||||
->setCellValue("B2", (substr($chk->get_File_Name(), 0, 1) == 'U' ? "UNCLASSIFIED" : "FOUO"))
|
||||
->setCellValue("B12", "by:\r" . COMPANY . "\r" . COMP_ADD)
|
||||
->setCellValue("B15", "Derived from: " . SCG . "\rReasons: <reasons>\rDeclassify on: " . DECLASSIFY_ON);
|
||||
|
||||
// set properties
|
||||
$ss->getProperties()
|
||||
->setCreator(CREATOR);
|
||||
$ss->getProperties()
|
||||
->setLastModifiedBy(LAST_MODIFIED_BY);
|
||||
$ss->getProperties()
|
||||
->setCompany(COMPANY);
|
||||
$ss->getProperties()
|
||||
->setTitle("{$chk->get_Name()} eChecklist");
|
||||
$ss->getProperties()
|
||||
->setSubject("{$chk->get_Name()} eChecklist");
|
||||
$ss->getProperties()
|
||||
->setDescription("{$chk->get_Name()} eChecklist");
|
||||
|
||||
// set active sheet
|
||||
$ss->setActiveSheetIndex(2);
|
||||
$sheet = $ss->getActiveSheet();
|
||||
$sheet->setCellValue("B9", "{$chk->get_Name()} V{$chk->get_Version()}R{$chk->get_Release()} ({$chk->get_type()})");
|
||||
$sheet->setTitle($chk->get_Name());
|
||||
$sheet->setCellValue("A1", (substr($chk->get_File_Name(), 0, 1) == 'U' ? "UNCLASSIFIED" : "UNCLASSIFIED//FOUO"));
|
||||
|
||||
$db->help->select("pdi", null, [
|
||||
[
|
||||
'field' => 'pcl.checklist_id',
|
||||
'op' => '=',
|
||||
'value' => $id
|
||||
]
|
||||
], [
|
||||
'table_joins' => [
|
||||
"JOIN pdi_checklist_lookup pcl ON pcl.pdi_id = pdi.pdi_id"
|
||||
]
|
||||
]);
|
||||
$pdis = $db->help->execute();
|
||||
|
||||
$row = 11;
|
||||
if(is_array($pdis) && count($pdis)) {
|
||||
foreach($pdis as $p) {
|
||||
$overall_str = "=IF(" .
|
||||
"COUNTIF(F{$row}:F{$row},\"Open\")+" .
|
||||
"COUNTIF(F{$row}:F{$row},\"Exception\")" .
|
||||
">0,\"Open\",\"Not a Finding\")";
|
||||
$same_str = "=IF(" .
|
||||
"COUNTIF(F{$row}:F{$row},F{$row})=" .
|
||||
"COLUMNS(F{$row}:F{$row}), TRUE, FALSE)";
|
||||
|
||||
$sheet->setCellValue("A{$row}", $p['STIG_ID'])
|
||||
->setCellValue("B{$row}", $p['VMS_ID'])
|
||||
->setCellValue("C{$row}", $p['CAT'])
|
||||
->setCellValue("D{$row}", $p['IA_Controls'])
|
||||
->setCellValue("E{$row}", $p['short_title'])
|
||||
->setCellValue("F{$row}", "Not Reviewed")
|
||||
->setCellValue("G{$row}", $overall_str)
|
||||
->setCellValue("H{$row}", $same_str, true)
|
||||
->setCellValue("I{$row}", "")
|
||||
->setCellValue("J{$row}", $p['check_contents'])
|
||||
->getStyle("H11:H{$sheet->getHighestDataRow()}")
|
||||
->setConditionalStyles([$conditions['true'], $conditions['false']]);
|
||||
$row++;
|
||||
}
|
||||
|
||||
$sheet->setDataValidation("F11:F{$row}", clone $validation['host_status']);
|
||||
$sheet->getStyle("F11:G{$row}")
|
||||
->setConditionalStyles($host_status);
|
||||
$sheet->getStyle("C11:C{$row}")
|
||||
->setConditionalStyles(array($conditions['cat_1'], $conditions['cat_2'], $conditions['cat_3']));
|
||||
|
||||
$sheet->getStyle("I11:I{$row}")
|
||||
->setConditionalStyles(
|
||||
[
|
||||
$conditions['open_conflict'],
|
||||
$conditions['nf_na_conflict']
|
||||
]
|
||||
);
|
||||
|
||||
$sheet->getStyle("A1:I{$row}")
|
||||
->applyFromArray($borders);
|
||||
$sheet->freezePane("A11");
|
||||
$sheet->setAutoFilter("A10:I10");
|
||||
|
||||
$sheet->getColumnDimension("F")->setWidth(14.14);
|
||||
$sheet->setCellValue("F8", "=COUNTIFS(F11:F{$row}, \"Open\", \$C\$11:\$C\${$row}, \"I\")")
|
||||
->setCellValue("F9", "=COUNTIF(F11:F{$row}, \"Not Reviewed\")")
|
||||
->setCellValue("F10", "Example");
|
||||
$sheet->getStyle("F10")
|
||||
->getFont()
|
||||
->setBold(true);
|
||||
$sheet->getStyle("F10")
|
||||
->getFill()
|
||||
->setFillType(\PhpOffice\PhpSpreadsheet\Style\Fill::FILL_SOLID)
|
||||
->setStartColor($GLOBALS['yellow']);
|
||||
|
||||
$open_cat_1 = "=COUNTIFS(F11:F{$row}, \"Open\", \$C\$11:\$C\${$row}, \"I\")";
|
||||
$open_cat_2 = "=COUNTIFS(F11:F{$row}, \"Open\", \$C\$11:\$C\${$row}, \"II\")";
|
||||
$open_cat_3 = "=COUNTIFS(F11:F{$row}, \"Open\", \$C\$11:\$C\${$row}, \"III\")";
|
||||
$not_a_finding = "=COUNTIF(F11:F{$row}, \"Not a Finding\")";
|
||||
$not_applicable = "=COUNTIF(F11:F{$row}, \"Not Applicable\")";
|
||||
$not_reviewed = "=COUNTIF(F11:F{$row}, \"Not Reviewed\")";
|
||||
|
||||
$sheet->getStyle("G8:H8")
|
||||
->getFill()
|
||||
->setFillType(\PhpOffice\PhpSpreadsheet\Style\Fill::FILL_SOLID)
|
||||
->setStartColor($GLOBALS['orange']);
|
||||
$sheet->getStyle("G9:H9")
|
||||
->getFill()
|
||||
->setFillType(\PhpOffice\PhpSpreadsheet\Style\Fill::FILL_SOLID)
|
||||
->setStartColor($GLOBALS['green']);
|
||||
$sheet->getStyle("G10:H10")
|
||||
->getFill()
|
||||
->setFillType(\PhpOffice\PhpSpreadsheet\Style\Fill::FILL_SOLID)
|
||||
->setStartColor($GLOBALS['yellow']);
|
||||
$sheet->getStyle("I10:J10")
|
||||
->getFill()
|
||||
->setFillType(\PhpOffice\PhpSpreadsheet\Style\Fill::FILL_SOLID)
|
||||
->setStartColor($GLOBALS['light_gray']);
|
||||
|
||||
$sheet->setCellValue("G8", "=COUNTIF(G11:H{$row}, \"Open\")")
|
||||
->setCellValue("G9", "=COUNTIF(G11:G{$row}, \"Not a Finding\")")
|
||||
->setCellValue("H8", "=COUNTIF(H11:H{$row}, FALSE)")
|
||||
->setCellValue("H9", "=COUNTIF(H11:H{$row}, TRUE)")
|
||||
->setCellValue("E3", "")
|
||||
->setCellValue("E4", "")
|
||||
->setCellValue("G4", "")
|
||||
->setCellValue('C2', $open_cat_1)
|
||||
->setCellValue('C3', $open_cat_2)
|
||||
->setCellValue('C4', $open_cat_3)
|
||||
->setCellValue('C5', $not_a_finding)
|
||||
->setCellValue('C6', $not_applicable)
|
||||
->setCellValue('C7', $not_reviewed);
|
||||
|
||||
} else {
|
||||
print "Error";
|
||||
}
|
||||
|
||||
/**/
|
||||
$writer = new Xlsx($ss);
|
||||
$writer->setPreCalculateFormulas(false);
|
||||
header("Content-type: application/vnd.openxmlformats-officedocument.spreadsheetml.sheet");
|
||||
header("Content-disposition: attachment; filename='{$chk->get_Name()}-eChecklist.xlsx'");
|
||||
$writer->save("php://output");
|
248
data/index.php
248
data/index.php
@ -405,253 +405,7 @@ include_once 'header.inc';
|
||||
include_once 'settings.inc';
|
||||
}
|
||||
elseif ($page == 'CatMgmt') {
|
||||
?>
|
||||
<script src='/script/datatables/DataTables-1.10.9/js/jquery.dataTables.min.js'></script>
|
||||
<link rel="stylesheet" href="/script/datatables/DataTables-1.10.9/css/jquery.dataTables.min.css" />
|
||||
<link rel='stylesheet' href='/script/jquery-ui-1.11.4/jquery-ui.min.css' />
|
||||
|
||||
<style type='text/css'>
|
||||
#availableSoftware {
|
||||
height: 227px;
|
||||
width: 240px;
|
||||
overflow-x: scroll;
|
||||
font-size: 14px;
|
||||
line-height: 1.25em;
|
||||
}
|
||||
|
||||
.swmouseover {
|
||||
background-color: #1D57A0;
|
||||
color: #fff;
|
||||
cursor: pointer;
|
||||
}
|
||||
</style>
|
||||
<script type='text/javascript'>
|
||||
$(function () {
|
||||
$('#catalog').DataTable({
|
||||
'stripeClasses': ['odd_row', 'even_row']
|
||||
});
|
||||
$('.close, .backdrop').click(function () {
|
||||
close_box();
|
||||
});
|
||||
$('#release-date').datepicker();
|
||||
});
|
||||
|
||||
function close_box() {
|
||||
$('.backdrop, .box').animate({
|
||||
'opacity': '0'
|
||||
}, 300, 'linear', function () {
|
||||
$('.backdrop, .box').css('display', 'none');
|
||||
});
|
||||
}
|
||||
|
||||
function view_box() {
|
||||
$('.backdrop').animate({
|
||||
'opacity': '.5'
|
||||
}, 300, 'linear');
|
||||
$('.backdrop').css('display', 'block');
|
||||
}
|
||||
|
||||
function get_cat_data(fname) {
|
||||
$('#popup').animate({
|
||||
'opacity': '1.00'
|
||||
}, 300, 'linear');
|
||||
$('#popup').css('display', 'block');
|
||||
view_box();
|
||||
|
||||
$.ajax('/ajax.php', {
|
||||
data: {
|
||||
action: 'get-cat-data',
|
||||
'fname': fname
|
||||
},
|
||||
beforeSend: function () {
|
||||
$('#id').val('');
|
||||
$('#checklist-id').text('');
|
||||
$('#name').val('');
|
||||
$('#description').val('');
|
||||
$('#version').text('');
|
||||
$('#release').text('');
|
||||
$('#icon').val('');
|
||||
$('#type').text('');
|
||||
$('#software option').remove();
|
||||
$('#cpe').val('');
|
||||
},
|
||||
success: function (data) {
|
||||
$('#id').val(data.id);
|
||||
$('#checklist-id').text(data.checklist_id);
|
||||
$('#name').val(data.name);
|
||||
$('#description').val(data.description);
|
||||
$('#version').text(data.ver);
|
||||
$('#release').text(data.release);
|
||||
$('#icon').val(data.icon);
|
||||
$('#type').text(data.type);
|
||||
|
||||
var dt = new Date(data.date.date);
|
||||
$('#release-date').val(dt.getMonth() + "/" + dt.getDate() + '/' + dt.getFullYear());
|
||||
|
||||
for (var x in data.sw) {
|
||||
$('#software').append("<option id='" + data.sw[x].id + "'>" +
|
||||
data.sw[x].man + " " + data.sw[x].name + " " + data.sw[x].ver +
|
||||
"</option>");
|
||||
}
|
||||
|
||||
$('#software option').dblclick(remove_Software);
|
||||
},
|
||||
error: function (xhr, status, error) {
|
||||
console.error(error);
|
||||
},
|
||||
timeout: 3000,
|
||||
method: 'post',
|
||||
dataType: 'json'
|
||||
});
|
||||
}
|
||||
|
||||
function remove_Software() {
|
||||
$.ajax("/ajax.php", {
|
||||
data: {
|
||||
action: 'checklist-remove-software',
|
||||
chk_id: $('#id').val(),
|
||||
sw_id: $(this).attr('id')
|
||||
},
|
||||
success: function (data) {
|
||||
if (data.error) {
|
||||
alert(data.error);
|
||||
}
|
||||
else if (data.success) {
|
||||
alert(data.success);
|
||||
}
|
||||
},
|
||||
error: function (xhr, status, error) {
|
||||
console.error(error);
|
||||
},
|
||||
dataType: 'json',
|
||||
timeout: 3000,
|
||||
method: 'post'
|
||||
});
|
||||
|
||||
$(this).remove();
|
||||
}
|
||||
|
||||
function autocomplete_software() {
|
||||
if ($('#cpe').val().length < 3) {
|
||||
return;
|
||||
}
|
||||
|
||||
$.ajax('/ajax.php', {
|
||||
data: {
|
||||
action: ($('#os').is(":checked") ? 'os_filter' : 'sw_filter'),
|
||||
filter: $('#cpe').val()
|
||||
},
|
||||
success: function (data) {
|
||||
$('#availableSoftware div').remove();
|
||||
for (var x in data) {
|
||||
$('#availableSoftware').append("<div sw_id='" + data[x].sw_id + "' cpe='" + data[x].cpe + "'>" + data[x].sw_string + "</div>");
|
||||
}
|
||||
$('#availableSoftware').show();
|
||||
|
||||
$('#availableSoftware div').each(function () {
|
||||
$(this).on("mouseover", function () {
|
||||
$(this).addClass("swmouseover");
|
||||
});
|
||||
$(this).on("mouseout", function () {
|
||||
$(this).removeClass("swmouseover");
|
||||
});
|
||||
$(this).on("click", function () {
|
||||
add_software($(this).attr('sw_id'));
|
||||
$('#software').append("<option value='" + $(this).attr('sw_id') + "' ondblclick='remove_Software();$(this).remove();'>" + $(this).html() + "</option>");
|
||||
$(this).remove();
|
||||
});
|
||||
});
|
||||
},
|
||||
error: function (xhr, status, error) {
|
||||
console.error(error);
|
||||
},
|
||||
dataType: 'json',
|
||||
method: 'post',
|
||||
timeout: 5000
|
||||
});
|
||||
}
|
||||
|
||||
function add_software(sw_id) {
|
||||
$.ajax('/ajax.php', {
|
||||
data: {
|
||||
action: 'checklist-add-software',
|
||||
'sw_id': sw_id,
|
||||
chk_id: $('#id').val()
|
||||
},
|
||||
success: function (data) {
|
||||
alert(data.status);
|
||||
},
|
||||
error: function (xhr, status, error) {
|
||||
console.error(error);
|
||||
},
|
||||
dataType: 'json',
|
||||
method: 'post',
|
||||
timeout: 3000
|
||||
});
|
||||
}
|
||||
</script>
|
||||
<style type="text/css">
|
||||
thead {
|
||||
background-image: linear-gradient(to bottom, #ECECEC, rgba(177,177,177,0.72));
|
||||
color: #4c4c4c;
|
||||
}
|
||||
</style>
|
||||
|
||||
<div>
|
||||
<table id='catalog' class='display'>
|
||||
<thead>
|
||||
<tr>
|
||||
<th>File Name</th>
|
||||
<th>Status</th>
|
||||
<th>Start Time</th>
|
||||
<th>% Complete</th>
|
||||
<th>STIG Count</th>
|
||||
</tr>
|
||||
</thead>
|
||||
|
||||
<tbody>
|
||||
<?php
|
||||
$cat_scripts = $db->get_Catalog_Script();
|
||||
$odd = true;
|
||||
foreach ($cat_scripts as $key => $cat_script) {
|
||||
print "<tr>" .
|
||||
"<td onclick='javascript:get_cat_data(\"{$cat_script->file_name}\");'><a href='javascript:void(0);'>{$cat_script->file_name}</a></td>" .
|
||||
"<td>{$cat_script->status}</td>" .
|
||||
"<td>{$cat_script->start_time->format("Y-m-d H:i:s")}</td>" .
|
||||
"<td>{$cat_script->perc_comp}</td>" .
|
||||
"<td>{$cat_script->stig_count}</td>" .
|
||||
"</td>";
|
||||
}
|
||||
?>
|
||||
</tbody>
|
||||
</table>
|
||||
</div>
|
||||
|
||||
<div id='popup' class='box'>
|
||||
<div style='display:inline-block;width:49%;vertical-align:top;'>
|
||||
<input type='hidden' id='id' />
|
||||
Checklist ID: <span id='checklist-id'></span><br />
|
||||
Name: <input type='text' id='name' /><br />
|
||||
Description: <input type='text' id='description' /><br />
|
||||
Version: <span id='version'></span><br />
|
||||
Release: <span id='release'></span><br />
|
||||
Release Date: <input type='text' id='release-date' /><br />
|
||||
Icon: <input type='text' id='icon' /><br />
|
||||
Type: <span id='type'></span>
|
||||
</div>
|
||||
|
||||
<div style='display:inline-block;width:49%;'>
|
||||
<select id='software' multiple size='10'></select><br />
|
||||
|
||||
Add CPE: <input type='text' id='cpe' onkeyup='javascript:autocomplete_software();' />
|
||||
<label for='os'>OS?</label>
|
||||
<input type='checkbox' id='os' /><br />
|
||||
<div id="availableSoftware"></div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="backdrop"></div>
|
||||
<?php
|
||||
include_once 'catmgmt.inc';
|
||||
}
|
||||
elseif ($page == 'Search') {
|
||||
$q = filter_input(INPUT_POST, 'q', FILTER_SANITIZE_STRING, FILTER_NULL_ON_FAILURE);
|
||||
|
@ -22,6 +22,7 @@
|
||||
* - Apr 5, 2017 - Formatting
|
||||
* - Dec 19, 2017 - Converted from XML to JSON format export/import
|
||||
* - Jan 16, 2018 - Updated to use host_list class
|
||||
* - Nov 19, 2018 - Fixed bug from changes to get_Category_Findings method
|
||||
*
|
||||
* @TODO - Change to export and import CPE
|
||||
*/
|
||||
@ -31,32 +32,33 @@ include_once 'database.inc';
|
||||
|
||||
$db = new db();
|
||||
|
||||
$cmd = getopt("f::", array("import::"));
|
||||
$cmd = getopt("f::", [
|
||||
"import::",
|
||||
"export::"
|
||||
]);
|
||||
|
||||
if (isset($_REQUEST['export'])) {
|
||||
if (! isset($_REQUEST['ste'])) {
|
||||
print "You must select an ST&E <a href='javascript:void(0);' onclick='javascript:history.go(-1);'>Back</a>";
|
||||
exit;
|
||||
exit();
|
||||
}
|
||||
|
||||
if ($_REQUEST['export'] == 'Export STE') {
|
||||
export_STE();
|
||||
}
|
||||
elseif ($_REQUEST['export'] == 'Export Host List') {
|
||||
} elseif ($_REQUEST['export'] == 'Export Host List') {
|
||||
export_Host_List();
|
||||
}
|
||||
}
|
||||
elseif (isset($cmd['import'])) {
|
||||
} elseif (isset($cmd['import'])) {
|
||||
import_STE();
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
print "Usage: php ste_export_import.php -f=\"{path_to_ste_import_file}\" --import" . PHP_EOL;
|
||||
}
|
||||
|
||||
/**
|
||||
* Function to export an ST&E
|
||||
*/
|
||||
function export_STE() {
|
||||
function export_STE()
|
||||
{
|
||||
set_time_limit(0);
|
||||
global $db;
|
||||
|
||||
@ -80,8 +82,9 @@ function export_STE() {
|
||||
'proc_findings' => []
|
||||
];
|
||||
|
||||
$system_arr = $db->get_System($ste->get_System()->get_ID());
|
||||
foreach ($system_arr as $key => $sys) {
|
||||
$system_arr = $db->get_System($ste->get_System()
|
||||
->get_ID());
|
||||
foreach ($system_arr as $sys) {
|
||||
$json['systems'][] = [
|
||||
'id' => $sys->get_ID(),
|
||||
'name' => $sys->get_Name(),
|
||||
@ -109,7 +112,7 @@ function export_STE() {
|
||||
];
|
||||
|
||||
$cat_arr = $db->get_STE_Cat_List($ste->get_ID());
|
||||
foreach ($cat_arr as $key => $cat) {
|
||||
foreach ($cat_arr as $cat) {
|
||||
$json['ste_cats'][] = [
|
||||
'id' => $cat->get_ID(),
|
||||
'ste_id' => $cat->get_STE_ID(),
|
||||
@ -124,7 +127,7 @@ function export_STE() {
|
||||
if (empty($targets_arr)) {
|
||||
$log->script_log("There are no targets in the ST&E", E_ERROR);
|
||||
}
|
||||
foreach ($targets_arr as $key => $tgt) {
|
||||
foreach ($targets_arr as $tgt) {
|
||||
if (! in_array($tgt->get_Cat_ID(), $used_cats)) {
|
||||
$all_findings = array_merge($all_findings, $db->get_Category_Findings($tgt->get_Cat_ID()));
|
||||
$used_cats[] = $tgt->get_Cat_ID();
|
||||
@ -233,10 +236,11 @@ function export_STE() {
|
||||
];
|
||||
|
||||
foreach ($scan->get_Host_List() as $host) {
|
||||
/** @var host_list $host */
|
||||
$scan_node['host_list'][] = [
|
||||
'tgt_id' => $host['target']->get_ID(),
|
||||
'tgt_name' => $host['target']->get_Name(),
|
||||
'count' => $host['count']
|
||||
'tgt_id' => $host->getTargetId(),
|
||||
'tgt_name' => $host->getTargetName(),
|
||||
'count' => $host->getFindingCount()
|
||||
];
|
||||
}
|
||||
|
||||
@ -244,13 +248,12 @@ function export_STE() {
|
||||
}
|
||||
}
|
||||
|
||||
foreach ($all_findings as $worksheet_name => $data) {
|
||||
foreach ($all_findings as $data) {
|
||||
foreach ($data['stigs'] as $stig_id => $data2) {
|
||||
$stig = $db->get_Stig($stig_id);
|
||||
if (is_array($stig) && count($stig) && isset($stig[0]) && is_a($stig[0], 'stig')) {
|
||||
$stig = $stig[0];
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
continue;
|
||||
}
|
||||
|
||||
@ -259,33 +262,25 @@ function export_STE() {
|
||||
$find_node = [
|
||||
'stig_id' => $stig->get_ID(),
|
||||
'vms_id' => $ec->get_VMS_ID(),
|
||||
'cat' => $ec->get_Cat_Level_String(),
|
||||
'cat' => $ec->get_Cat_Level(),
|
||||
'short_title' => $ec->get_Short_Title(),
|
||||
'check_contents' => $ec->get_Check_Contents(),
|
||||
'notes' => $data2['notes'],
|
||||
'notes' => trim($data2['echecklist']->get_Notes()),
|
||||
'target_status' => [],
|
||||
'ia_controls' => []
|
||||
'ia_controls' => $data2['echecklist']->get_IA_Controls()
|
||||
];
|
||||
|
||||
foreach ($data['target_list'] as $host_name => $col_id) {
|
||||
$tgt = $db->get_Target_Details($ste->get_ID(), $host_name)[0];
|
||||
$finding = $db->get_Finding($tgt, $stig)[0];
|
||||
|
||||
if (is_null($finding)) {
|
||||
continue;
|
||||
}
|
||||
unset($data['stigs'][$stig_id]['echecklist']);
|
||||
unset($data['stigs'][$stig_id]['chk_id']);
|
||||
|
||||
foreach ($data['stigs'][$stig_id] as $host_name => $status) {
|
||||
$find_node['target_status'][] = [
|
||||
'tgt_name' => $host_name,
|
||||
'status' => (isset($data2[$host_name]) ? $data2[$host_name] : 'Not Applicable'),
|
||||
'scan_id' => $finding->get_Scan_ID()
|
||||
'status' => $status,
|
||||
//'scan_id' => $finding->get_Scan_ID()
|
||||
];
|
||||
}
|
||||
|
||||
foreach ($data2['ia_control'] as $ia) {
|
||||
$find_node['ia_controls'] = $ia;
|
||||
}
|
||||
|
||||
$json['tech_findings'][] = $find_node;
|
||||
}
|
||||
}
|
||||
@ -298,7 +293,8 @@ function export_STE() {
|
||||
/**
|
||||
* Function to export the hosts in an ST&E
|
||||
*/
|
||||
function export_Host_List() {
|
||||
function export_Host_List()
|
||||
{
|
||||
global $db;
|
||||
$csv = "Target ID,Name,HostName,IPv4,FQDN,OS" . PHP_EOL;
|
||||
|
||||
@ -306,16 +302,14 @@ function export_Host_List() {
|
||||
|
||||
$tgts = $db->get_Target_Details($_REQUEST['ste']);
|
||||
|
||||
foreach ($tgts as $key => $tgt) {
|
||||
foreach ($tgts as $tgt) {
|
||||
$csv .= $tgt->get_ID() . "," . $tgt->get_Name() . ",";
|
||||
|
||||
$int_str = '';
|
||||
$fqdn_str = '';
|
||||
$host_str = '';
|
||||
foreach ($tgt->interfaces as $key2 => $int) {
|
||||
if (false) {
|
||||
$int = new interfaces();
|
||||
}
|
||||
foreach ($tgt->interfaces as $int) {
|
||||
/** @var interfaces $int */
|
||||
$host_str .= $int->get_Hostname() . ",";
|
||||
$int_str .= $int->get_IPv4() . ",";
|
||||
$fqdn_str .= $int->get_FQDN() . ",";
|
||||
@ -338,255 +332,6 @@ function export_Host_List() {
|
||||
/**
|
||||
* Function to import an ST&E
|
||||
*/
|
||||
function import_STE() {
|
||||
global $cmd, $db;
|
||||
set_time_limit(0);
|
||||
$base_name = basename($cmd['f']);
|
||||
include_once 'helper.inc';
|
||||
$log = new Sagacity_Error($cmd['f']);
|
||||
|
||||
if (!file_exists($cmd['f'])) {
|
||||
$log->script_log("File not found", E_ERROR);
|
||||
}
|
||||
|
||||
$xml = new DOMDocument();
|
||||
$ste_cat_arr = array();
|
||||
$all_scans = array();
|
||||
$all_tgts = array();
|
||||
|
||||
if (!$xml->load($cmd['f'])) {
|
||||
$log->script_log("Error loading XML", E_ERROR);
|
||||
}
|
||||
|
||||
$site_node = getValue($xml, "/root/site", null, true);
|
||||
|
||||
if ($site_node->length) {
|
||||
$site_node = $site_node->item(0);
|
||||
$site = $db->get_Site($site_node->getAttribute("name"));
|
||||
if (is_array($site) && count($site)) {
|
||||
$site = $site[0];
|
||||
print "Existing site " . $site->get_Name() . PHP_EOL;
|
||||
}
|
||||
else {
|
||||
print "Adding new site " . $site_node->getAttribute("name") . PHP_EOL;
|
||||
$site = new site(null, $site_node->getAttribute("name"), $site_node->getAttribute("address"), $site_node->getAttribute("city"), $site_node->getAttribute("state"), $site_node->getAttribute("zip"), $site_node->getAttribute("country"), $site_node->getAttribute("poc_name"), $site_node->getAttribute("poc_email"), $site_node->getAttribute("poc_phone"));
|
||||
|
||||
$site->set_ID($db->save_Site($site));
|
||||
}
|
||||
}
|
||||
else {
|
||||
$log->script_log("No site associated with this ST&E", E_ERROR);
|
||||
}
|
||||
|
||||
$sys_nodes = getValue($xml, "/root/systems/system", null, true);
|
||||
|
||||
if ($sys_nodes->length) {
|
||||
foreach ($sys_nodes as $node) {
|
||||
$sys = $db->get_System($node->getAttribute("name"));
|
||||
if (is_array($sys) && count($sys)) {
|
||||
$sys = $sys[0];
|
||||
print "Existing system " . $sys->get_Name() . PHP_EOL;
|
||||
}
|
||||
else {
|
||||
print "Adding new system " . $node->getAttribute("name") . PHP_EOL;
|
||||
$sys = new system(null, $node->getAttribute("name"), $node->getAttribute("mac"), $node->getAttribute("classified"));
|
||||
|
||||
$sys->set_ID($db->save_System($sys));
|
||||
}
|
||||
}
|
||||
}
|
||||
else {
|
||||
$log->script_log("No system associated with this ST&E", E_ERROR);
|
||||
}
|
||||
|
||||
$ste_node = getValue($xml, "/root/ste", null, true);
|
||||
|
||||
if ($ste_node->length) {
|
||||
print "Adding new ST&E" . PHP_EOL;
|
||||
$ste_node = $ste_node->item(0);
|
||||
$old_ste_id = $ste_node->getAttribute("id");
|
||||
|
||||
$ste = new ste(null, $sys->get_ID(), $site->get_Id(), $ste_node->getAttribute("eval_start"), $ste_node->getAttribute("eval_end"), false, 0);
|
||||
|
||||
$ste->set_ID($db->save_STE($ste));
|
||||
}
|
||||
else {
|
||||
$log->script_log("No ST&E in this export file", E_ERROR);
|
||||
}
|
||||
|
||||
$cat_nodes = getValue($xml, "/root/ste_cats/cat", null, true);
|
||||
|
||||
if ($cat_nodes->length) {
|
||||
foreach ($cat_nodes as $node) {
|
||||
print "Adding new category " . $node->getAttribute("name") . PHP_EOL;
|
||||
$id = $node->getAttribute('id');
|
||||
$ste_cat_arr[$id] = new ste_cat(null, $ste->get_ID(), $node->getAttribute("name"), $node->getAttribute("analysts"));
|
||||
|
||||
$ste_cat_arr[$id]->set_ID($db->save_Category($ste_cat_arr[$id]));
|
||||
}
|
||||
}
|
||||
else {
|
||||
$log->script_log("There are no categories in this ST&E", E_ERROR);
|
||||
}
|
||||
|
||||
$tgt_nodes = getValue($xml, "/root/targets/target", null, true);
|
||||
|
||||
if ($tgt_nodes->length) {
|
||||
foreach ($tgt_nodes as $node) {
|
||||
print "Adding new target " . $node->getAttribute("name") . PHP_EOL;
|
||||
$cat_id = $node->getAttribute("cat_id");
|
||||
|
||||
$os = $db->get_Software([
|
||||
'man' => $node->getAttribute("os_man"),
|
||||
'name' => $node->getAttribute("os_name"),
|
||||
'ver' => $node->getAttribute("os_ver")
|
||||
]);
|
||||
|
||||
if (is_array($os) && count($os)) {
|
||||
$os = $os[0];
|
||||
}
|
||||
else {
|
||||
$os = $db->getSoftware(array(
|
||||
'man' => 'Generic',
|
||||
'name' => 'Generic',
|
||||
'ver' => 'N/A'
|
||||
), false)[0];
|
||||
}
|
||||
|
||||
$statuses = getValue($xml, "status", $node, true)->item(0);
|
||||
$notes = getValue($xml, "notes", $node);
|
||||
$netstat = getValue($xml, "netstat_connection", $node);
|
||||
$patches = getValue($xml, "missing_patches", $node);
|
||||
$os_string = getValue($xml, "os_string", $node);
|
||||
|
||||
$tgt = new target($node->getAttribute("name"));
|
||||
$tgt->set_STE_ID($ste->get_ID());
|
||||
$tgt->set_Cat_ID($ste_cat_arr[$cat_id]->get_ID());
|
||||
$tgt->set_OS_ID($os->get_ID());
|
||||
$tgt->set_OS_String($node->getAttribute("os_string"));
|
||||
$tgt->set_Auto_Status_ID($statuses->getAttribute("auto"));
|
||||
$tgt->set_Man_Status_ID($statuses->getAttribute("manual"));
|
||||
$tgt->set_Data_Status_ID($statuses->getAttribute("data"));
|
||||
$tgt->set_FP_Cat1_Status_ID($statuses->getAttribute("fp_cat1"));
|
||||
$tgt->set_Location($node->getAttribute("location"));
|
||||
$tgt->set_Notes($notes);
|
||||
$tgt->set_Netstat_Connections($netstat);
|
||||
$tgt->set_Login($node->getAttribute("login"));
|
||||
$tgt->set_Missing_Patches($patches);
|
||||
$tgt->set_PP_Flag($node->getAttribute("pp_flag"));
|
||||
$tgt->set_PP_Suspended($node->getAttribute("pp_off"));
|
||||
|
||||
$ints = getValue($xml, "interfaces/interface", $node, true);
|
||||
foreach ($ints as $int_node) {
|
||||
$int = new interfaces(null, null, $int_node->getAttribute("name"), $int_node->getAttribute("ipv4"), $int_node->getAttribute("ipv6"), $int_node->getAttribute("hostname"), $int_node->getAttribute("fqdn"), getValue($xml, "description", $int_node));
|
||||
|
||||
$tcp_nodes = getValues($xml, "tcp_ports/port", $int_node, true);
|
||||
foreach ($tcp_nodes as $tcp) {
|
||||
$int->add_TCP_Ports(new tcp_ports(null, $tcp->getAttribute("number"), $tcp->getAttribute("name"), getValue($xml, "banner", $tcp), getValue($xml, "notes", $tcp)));
|
||||
}
|
||||
|
||||
$udp_nodes = getValues($xml, "udp_ports/port", $int_node, true);
|
||||
foreach ($udp_nodes as $udp) {
|
||||
$int->add_UDP_Ports(new udp_ports(null, $udp->getAttribute("number"), $udp->getAttribute("name"), getValue($xml, "banner", $udp), getValue($xml, "notes", $udp)));
|
||||
}
|
||||
|
||||
$tgt->interfaces[] = $int;
|
||||
}
|
||||
|
||||
$sw_nodes = getValue($xml, "software_list/software", $node, true);
|
||||
foreach ($sw_nodes as $sw) {
|
||||
$tgt->software[] = $db->get_Software(array(
|
||||
'man' => $sw->getAttribute("sw_man"),
|
||||
'name' => $sw->getAttribute("sw_name"),
|
||||
'ver' => $sw->getAttribute("sw_ver")
|
||||
))[0];
|
||||
}
|
||||
|
||||
$chk_nodes = getValue($xml, "checklist_list/checklist", $node, true);
|
||||
foreach ($chk_nodes as $chk) {
|
||||
$tgt->checklists[] = $db->get_Checklist(array(
|
||||
'checklist_id' => $chk->getAttribute('checklist_id'),
|
||||
'type' => $chk->getAttribute('type'),
|
||||
'version' => $chk->getAttribute('version'),
|
||||
'release' => $chk->getAttribute('release')
|
||||
))[0];
|
||||
}
|
||||
|
||||
$tgt->set_ID($db->save_Target($tgt));
|
||||
$all_tgts[$node->getAttribute("id")] = $tgt;
|
||||
}
|
||||
}
|
||||
else {
|
||||
$log->script_log("No targets were found on this ST&E", E_ERROR);
|
||||
}
|
||||
|
||||
$scan_nodes = getValue($xml, "/root/scans/scan", null, true);
|
||||
if ($scan_nodes->length) {
|
||||
foreach ($scan_nodes as $node) {
|
||||
$src = $db->get_Sources($node->getAttribute("src_id"));
|
||||
print "Adding new scan result file " . $node->getAttribute("file_name") . PHP_EOL;
|
||||
$scan = new scan(null, $src, $ste, $node->getAttribute('itr'), $node->getAttribute("file_name"), $node->getAttribute('file_date'));
|
||||
|
||||
$host_list_nodes = getValue($xml, "host_list", $node, true);
|
||||
foreach ($host_list_nodes as $host) {
|
||||
$scan_tgt = $db->get_Target_Details($ste->get_ID(), $host->getAttribute('tgt_name'))[0];
|
||||
$hl = new host_list();
|
||||
$hl->setTargetId($scan_tgt->get_ID());
|
||||
$hl->setTargetName($scan_tgt->get_Name());
|
||||
$hl->setFindingCount($host->getAttribute("count"));
|
||||
$hl->setScanError(false);
|
||||
|
||||
$scan->add_Target_to_Host_List($hl);
|
||||
}
|
||||
|
||||
$scan->set_ID($db->save_Scan($scan));
|
||||
$all_scans[$node->getAttribute("id")] = $scan;
|
||||
}
|
||||
}
|
||||
else {
|
||||
$log->script_log("No scan result files were found in this ST&E", E_ERROR);
|
||||
}
|
||||
|
||||
$x = 1;
|
||||
$finding_nodes = getValue($xml, "/root/tech_findings/finding", null, true);
|
||||
if ($finding_nodes->length) {
|
||||
print "Adding findings (total " . $finding_nodes->length . ")" . PHP_EOL;
|
||||
foreach ($finding_nodes as $node) {
|
||||
print ".";
|
||||
if ($x % 100 == 0) {
|
||||
print "\t$x" . PHP_EOL;
|
||||
}
|
||||
|
||||
$ia_nodes = getValue($xml, "ia_control", $node, true);
|
||||
$ia_arr = array();
|
||||
foreach ($ia_nodes as $ia) {
|
||||
$ia_arr[] = $ia->textContent;
|
||||
}
|
||||
|
||||
$cc = getValue($xml, "check_contents", $node);
|
||||
|
||||
$tgt_status_nodes = getValue($xml, "target_status", $node, true);
|
||||
foreach ($tgt_status_nodes as $status_node) {
|
||||
$notes = getValue($xml, "notes", $status_node);
|
||||
$tgt = $db->get_Target_Details($ste->get_ID(), $status_node->getAttribute("tgt_name"))[0];
|
||||
$finding = array(
|
||||
0 => $node->getAttribute("stig_id"),
|
||||
1 => $node->getAttribute("vms_id"),
|
||||
2 => $node->getAttribute("cat"),
|
||||
3 => implode(' ', $ia_arr),
|
||||
4 => $node->getAttribute("short_title"),
|
||||
5 => $status_node->getAttribute("status"),
|
||||
6 => $notes,
|
||||
7 => $cc,
|
||||
8 => ''
|
||||
);
|
||||
|
||||
$db->add_Finding($all_scans[$status_node->getAttribute("scan_id")], $tgt, $finding);
|
||||
}
|
||||
$x++;
|
||||
}
|
||||
}
|
||||
else {
|
||||
$log->script_log("No findings were recorded in this ST&E", E_WARNING);
|
||||
}
|
||||
function import_STE()
|
||||
{
|
||||
}
|
||||
|
1673
db_schema.json
1673
db_schema.json
File diff suppressed because it is too large
Load Diff
@ -112,10 +112,10 @@ echo -- wmic /output:hotfixes.txt qfe list | tee.cmd %SUMMARYFILE%
|
||||
wmic qfe list > %OUTDIR%\hotfixes.txt
|
||||
echo.
|
||||
|
||||
echo * 2.021, Software Certificate Installation Files | tee.cmd %OUTDIR%\hotfixes.txt
|
||||
echo * 2.021, Software Certificate Installation Files | tee.cmd %OUTDIR%\certificates.txt
|
||||
echo -- dir /s /b *.p12 *.pfs (C:\) | tee.cmd %SUMMARYFILE%
|
||||
cd C:\
|
||||
dir /s /b *.p12 *.pfs > %OUTDIR%\hotfixes.txt
|
||||
dir /s /b *.p12 *.pfs > %OUTDIR%\certificates.txt
|
||||
cd %originaldir%
|
||||
echo.
|
||||
|
||||
@ -233,8 +233,8 @@ fciv.exe -both "%OUTFILE%" >> %CHECKSUMS%
|
||||
|
||||
echo * Installed Software | tee.cmd %SUMMARYFILE%
|
||||
set OUTFILE=%OUTDIR%\installed-software.csv
|
||||
echo -- wmic product /format:csv get name,version | tee.cmd %SUMMARYFILE%
|
||||
wmic product get /format:csv name,version > %OUTFILE%
|
||||
echo -- wmic product get name,version /format:csv | tee.cmd %SUMMARYFILE%
|
||||
wmic product get name,version /format:csv > %OUTFILE%
|
||||
|
||||
echo * Query the registry for values | tee.cmd %SUMMARYFILE%
|
||||
for /F "eol=; tokens=1,2 delims=," %%i in (reg-values-to-check.txt) do (
|
||||
|
@ -237,7 +237,7 @@ do {
|
||||
}
|
||||
while ($dbh->get_Running_Script_Count($conf['ste']));
|
||||
|
||||
if (!$debug) {
|
||||
if (!$debug && file_exists(DOC_ROOT . "/exec/parse_config.ini")) {
|
||||
unlink(DOC_ROOT . "/exec/parse_config.ini");
|
||||
}
|
||||
|
||||
|
@ -59,6 +59,16 @@ else {
|
||||
|
||||
print "Destination: $dest" . PHP_EOL;
|
||||
|
||||
$status_map = [
|
||||
'Not Reviewed' => 'Not_Reviewed',
|
||||
'Not a Finding' => 'NotAFinding',
|
||||
'Open' => 'Open',
|
||||
'Not Applicable' => 'Not_Applicable',
|
||||
'No Data' => 'Not_Reviewed',
|
||||
'Exception' => 'Open',
|
||||
'False Positive' => 'NotAFinding'
|
||||
];
|
||||
|
||||
$xml = new Array2XML();
|
||||
$xml->standalone = true;
|
||||
$xml->formatOutput = true;
|
||||
@ -110,12 +120,13 @@ if ($tgt_count = count($tgts)) {
|
||||
}
|
||||
|
||||
$arr = [
|
||||
'@comment' => "CyberPerspectives Sagacity v" . VER,
|
||||
'ASSET' => [
|
||||
'ROLE' => 'None',
|
||||
'ASSET_TYPE' => 'Computing',
|
||||
'HOST_NAME' => $tgt->get_Name(),
|
||||
'HOST_IP' => $host_ip,
|
||||
'HOST_MAC' => $host_mac,
|
||||
'HOST_GUID' => '',
|
||||
'HOST_FQDN' => $host_fqdn,
|
||||
'TECH_AREA' => '',
|
||||
'TARGET_KEY' => '',
|
||||
@ -182,10 +193,11 @@ if ($tgt_count = count($tgts)) {
|
||||
$total_stigs += $pdi_count = (is_array($pdis) ? count($pdis) : 0);
|
||||
$count = 0;
|
||||
|
||||
$findings = $db->get_Finding($tgt);
|
||||
|
||||
foreach ($pdis as $pdi) {
|
||||
$find = $db->get_Finding($tgt, new stig($pdi['pdi_id'], $pdi['STIG_ID'], null));
|
||||
if (is_array($find) && count($find) && isset($find[0]) && is_a($find[0], 'finding')) {
|
||||
$find = $find[0];
|
||||
if (isset($findings[$pdi['pdi_id']])) {
|
||||
$find = $findings[$pdi['pdi_id']];
|
||||
}
|
||||
|
||||
$sev = 'low';
|
||||
@ -306,20 +318,11 @@ if ($tgt_count = count($tgts)) {
|
||||
]
|
||||
], $cci_list);
|
||||
|
||||
$status = "Not_Reviewed";
|
||||
$status = 'Not_Reviewed';
|
||||
$notes = '';
|
||||
|
||||
if (is_a($find, 'finding')) {
|
||||
$status = $find->get_Finding_Status_String();
|
||||
if ($status == 'Not a Finding' || $status == 'False Positive') {
|
||||
$status = "NotAFinding";
|
||||
}
|
||||
elseif($status == 'Exception') {
|
||||
$status = 'Open';
|
||||
}
|
||||
else {
|
||||
$status = str_replace(" ", "_", $status);
|
||||
}
|
||||
$status = $status_map[$find->get_Finding_Status_String()];
|
||||
$notes = $find->get_Notes();
|
||||
}
|
||||
|
||||
@ -355,6 +358,7 @@ Total STIGs: $total_stigs
|
||||
EOO;
|
||||
|
||||
/**
|
||||
* Function to retrieve all the PDIs for a specified target and checklist
|
||||
*
|
||||
* @global db $db
|
||||
*
|
||||
@ -387,7 +391,8 @@ function get_checklist_data($tgt, $chk) {
|
||||
"JOIN sagacity.pdi_checklist_lookup pcl ON pcl.pdi_id = pdi.pdi_id",
|
||||
"JOIN sagacity.target_checklist tc ON tc.chk_id = pcl.checklist_id",
|
||||
"JOIN sagacity.stigs s ON s.pdi_id = pdi.pdi_id"
|
||||
]
|
||||
],
|
||||
'group' => 'STIG_ID'
|
||||
]);
|
||||
$pdis = $db->help->execute();
|
||||
|
||||
|
@ -41,7 +41,7 @@ $db_step = [
|
||||
'cpe' => ['filter' => FILTER_VALIDATE_BOOLEAN],
|
||||
'cve' => ['filter' => FILTER_VALIDATE_BOOLEAN],
|
||||
'stig' => ['filter' => FILTER_VALIDATE_BOOLEAN],
|
||||
'update-freq' => ['filter' => FILTER_VALIDATE_INT, 'flag' => FILTER_NULL_ON_FAILURE]
|
||||
'update-freq' => ['filter' => FILTER_VALIDATE_FLOAT, 'flag' => FILTER_NULL_ON_FAILURE]
|
||||
];
|
||||
$company_step = [
|
||||
'company' => $params,
|
||||
@ -181,7 +181,9 @@ function save_Database($params)
|
||||
* CREATE DB PASSWORD FILE
|
||||
* --------------------------------- */
|
||||
$enc_pwd = my_encrypt($params['web-pwd']);
|
||||
file_put_contents(DOC_ROOT . "/" . PWD_FILE, $enc_pwd);
|
||||
if(!file_put_contents(DOC_ROOT . "/" . PWD_FILE, $enc_pwd)) {
|
||||
die(json_encode(['error' => "Could not create the password file"]));
|
||||
}
|
||||
|
||||
if (isset($params['conf-root-pwd']) && $params['conf-root-pwd'] == $params['root-pwd']) {
|
||||
$db = new mysqli(DB_SERVER, $params['root-uname'], '', 'mysql');
|
||||
@ -194,7 +196,6 @@ function save_Database($params)
|
||||
unset($db);
|
||||
}
|
||||
|
||||
$successful = true;
|
||||
$zip = new ZipArchive();
|
||||
$db = new mysqli(DB_SERVER, $params['root-uname'], $params['root-pwd'], 'mysql');
|
||||
if ($db->connect_errno && $db->connect_errno == 1045) {
|
||||
@ -361,7 +362,6 @@ EOO;
|
||||
|
||||
if (preg_grep("/Access Denied/i", $output)) {
|
||||
$errors[] = $output;
|
||||
$successful = false;
|
||||
}
|
||||
else {
|
||||
unlink($file);
|
||||
|
@ -25,6 +25,8 @@
|
||||
* - Aug 28, 2017 - Fixed couple minor bugs
|
||||
* - Jan 15, 2018 - Formatting, reorganized use statements, and cleaned up
|
||||
* - May 24, 2018 - Attempt to fix bug #413
|
||||
* - Nov 6, 2018 - performance improvements, ensure duplicate findings are not created, make eChecklist true status, update for removing findings.id
|
||||
* - Nov 8, 2018 - added functionality to assign OS and checklists based on worksheet contents
|
||||
*/
|
||||
$cmd = getopt("f:", ['debug::', 'help::']);
|
||||
set_time_limit(0);
|
||||
@ -111,6 +113,7 @@ else {
|
||||
$scan->set_ID($scan_id);
|
||||
}
|
||||
|
||||
/** @var software $gen_os */
|
||||
$gen_os = $db->get_Software("cpe:/o:generic:generic:-", true);
|
||||
if (is_array($gen_os) && count($gen_os) && isset($gen_os[0]) && is_a($gen_os[0], 'software')) {
|
||||
$gen_os = $gen_os[0];
|
||||
@ -124,6 +127,9 @@ foreach ($objSS->getWorksheetIterator() as $wksht) {
|
||||
elseif (isset($conf['ignore']) && $wksht->getSheetState() == Worksheet::SHEETSTATE_HIDDEN) {
|
||||
$log->info("Skipping hidden worksheet {$wksht->getTitle()}");
|
||||
continue;
|
||||
} elseif ($wksht->getTitle() == 'Orphan') {
|
||||
$log->info("Skipping Orphan worksheet because it creates problems right now");
|
||||
continue;
|
||||
}
|
||||
|
||||
$scan->isTerminated();
|
||||
@ -139,6 +145,11 @@ $scan->isTerminated();
|
||||
continue;
|
||||
}
|
||||
|
||||
$chk_arr = explode(', ', $wksht->getCell("B9")->getValue());
|
||||
$checklists = $db->get_Checklist_By_Name($chk_arr);
|
||||
$os_str = $wksht->getCell("G4")->getValue();
|
||||
$os = $db->get_Software_By_String($os_str);
|
||||
|
||||
$idx = [
|
||||
'stig_id' => 1,
|
||||
'vms_id' => 2,
|
||||
@ -155,6 +166,7 @@ $scan->isTerminated();
|
||||
$short_title_col = Coordinate::stringFromColumnIndex($idx['short_title']);
|
||||
$row_count = $highestRow = $wksht->getHighestDataRow() - 10;
|
||||
$highestCol = $wksht->getHighestDataColumn(10);
|
||||
$tgt_findings = [];
|
||||
|
||||
for ($col = 'F' ; $col != $highestCol ; $col++) {
|
||||
$cell = $wksht->getCell($col . '10');
|
||||
@ -171,22 +183,59 @@ $scan->isTerminated();
|
||||
|
||||
if ($tgt_id = $db->check_Target($conf['ste'], $cell->getValue())) {
|
||||
$log->debug("Found host for {$cell->getValue()}");
|
||||
/** @var target $tgt */
|
||||
$tgt = $db->get_Target_Details($conf['ste'], $tgt_id);
|
||||
if (is_array($tgt) && count($tgt) && isset($tgt[0]) && is_a($tgt[0], 'target')) {
|
||||
$tgt = $tgt[0];
|
||||
if($tgt->get_OS_ID() == $gen_os->get_ID() && is_a($os, 'software')) {
|
||||
$log->debug("Assigning operating system to {$tgt->get_Name()}", [$os]);
|
||||
$tgt->set_OS_ID($os->get_ID());
|
||||
$tgt->set_OS_String($os->get_Shortened_SW_String());
|
||||
}
|
||||
}
|
||||
else {
|
||||
$log->error("Could not find host {$cell->getValue()}");
|
||||
}
|
||||
|
||||
if(is_a($checklists, 'checklist')) {
|
||||
if(!isset($tgt->checklists[$checklists->get_ID()])) {
|
||||
$log->debug("Assigning checklists to {$tgt->get_Name()}", [$checklists]);
|
||||
$tgt->checklists[$checklists->get_ID()] = $checklists;
|
||||
}
|
||||
} elseif(is_array($checklists) && count($checklists)) {
|
||||
$log->debug("Assigning checklists to {$tgt->get_Name()}", $checklists);
|
||||
foreach($checklists as $c) {
|
||||
/** @var checklist $c */
|
||||
if(!isset($tgt->checklists[$c->get_ID()])) {
|
||||
$tgt->checklists[$c->get_ID()] = $c;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
$db->save_Target($tgt);
|
||||
}
|
||||
else {
|
||||
$log->debug("Creating new target {$cell->getValue()}");
|
||||
$tgt = new target($cell->getValue());
|
||||
$tgt->set_OS_ID($gen_os->get_ID());
|
||||
$tgt->set_OS_ID((is_a($os, 'software') ? $os->get_ID() : $gen_os->get_ID()));
|
||||
$tgt->set_OS_String((is_a($os, 'software') ? $os->get_Shortened_SW_String() : $gen_os->get_Shortened_SW_String()));
|
||||
$tgt->set_STE_ID($conf['ste']);
|
||||
$tgt->set_Location($conf['location']);
|
||||
$tgt->set_Notes('New Target');
|
||||
|
||||
if(is_a($checklists, 'checklist')) {
|
||||
if(!isset($tgt->checklists[$checklists->get_ID()])) {
|
||||
$tgt->checklists[$checklists->get_ID()] = $checklists;
|
||||
}
|
||||
} elseif(is_array($checklists) && count($checklists)) {
|
||||
foreach($checklists as $c) {
|
||||
/** @var checklist $c */
|
||||
if(!isset($tgt->checklists[$c->get_ID()])) {
|
||||
$tgt->checklists[$c->get_ID()] = $c;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (preg_match('/((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\.|$)){4}/', $cell->getValue())) {
|
||||
$ip = $cell->getValue();
|
||||
$int = new interfaces(null, null, null, $ip, null, null, null, null);
|
||||
@ -199,14 +248,14 @@ $scan->isTerminated();
|
||||
$tgts[] = $tgt;
|
||||
|
||||
$log->debug("Adding new target to host list", ['row_count' => $row_count, 'tgt_id' => $tgt->get_ID(), 'tgt_name' => $tgt->get_Name()]);
|
||||
if(!isset($scan->get_Host_List()[$tgt->get_ID()])) {
|
||||
$hl = new host_list();
|
||||
$hl->setFindingCount($row_count);
|
||||
$hl->setTargetId($tgt->get_ID());
|
||||
$hl->setTargetName($tgt->get_Name());
|
||||
if ($ip) {
|
||||
$hl->setTargetIp($ip);
|
||||
}
|
||||
elseif (is_array($tgt->interfaces) && count($tgt->interfaces)) {
|
||||
} elseif (is_array($tgt->interfaces) && count($tgt->interfaces)) {
|
||||
foreach ($tgt->interfaces as $int) {
|
||||
if (!in_array($int->get_IPv4(), ['0.0.0.0', '127.0.0.1'])) {
|
||||
$ip = $int->get_IPv4();
|
||||
@ -217,14 +266,33 @@ $scan->isTerminated();
|
||||
}
|
||||
|
||||
$scan->add_Target_to_Host_List($hl);
|
||||
} else {
|
||||
$hl = $scan->get_Host_List()[$tgt->get_ID()];
|
||||
|
||||
$hl->addFindingCount($row_count);
|
||||
|
||||
$scan->add_Target_to_Host_List($hl);
|
||||
}
|
||||
}
|
||||
|
||||
if (preg_match('/Overall/i', $cell->getValue())) {
|
||||
$db->update_Scan_Host_List($scan);
|
||||
$tgt_findings[$tgt->get_ID()] = $db->get_Finding($tgt);
|
||||
|
||||
if (preg_match('/overall/i', $cell->getValue())) {
|
||||
$log->debug("Found overall: {$cell->getColumn()}");
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
if(count($tgts) > 100) {
|
||||
$db->update_Running_Scan($base_name, ['name' => 'status', 'value' => 'ERROR']);
|
||||
$db->update_Running_Scan($base_name, ['name' => 'notes', 'value' => "Too many targets in worksheet {$wksht->getTitle()}"]);
|
||||
$log->error("Too many targets in worksheet {$wksht->getTitle()}");
|
||||
unset($objSS);
|
||||
rename($cmd['f'], TMP . "/terminated/$base_name");
|
||||
die();
|
||||
}
|
||||
|
||||
$db->update_Running_Scan($base_name, ['name' => 'host_count', 'value' => count($tgts)]);
|
||||
|
||||
// increment the column indexes for notes, check contents, and missing PDI
|
||||
@ -234,8 +302,7 @@ $scan->isTerminated();
|
||||
$idx['consistent'] += $increase;
|
||||
$idx['notes'] += $increase;
|
||||
$idx['check_contents'] += $increase;
|
||||
}
|
||||
elseif (empty($tgts)) {
|
||||
} elseif (empty($tgts)) {
|
||||
$log->warning("Failed to identify targets in worksheet {$wksht->getTitle()}");
|
||||
continue;
|
||||
}
|
||||
@ -276,8 +343,7 @@ $scan->isTerminated();
|
||||
|
||||
if (is_array($stig) && count($stig) && isset($stig[0]) && is_a($stig[0], 'stig')) {
|
||||
$stig = $stig[0];
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
$pdi = new pdi(null, $cat_lvl, $dt->format("Y-m-d"));
|
||||
$pdi->set_Short_Title($short_title);
|
||||
$pdi->set_Group_Title($short_title);
|
||||
@ -293,41 +359,36 @@ $scan->isTerminated();
|
||||
foreach ($tgts as $tgt) {
|
||||
$status = $wksht->getCell(Coordinate::stringFromColumnIndex($idx['target'] + $x) . $row->getRowIndex())
|
||||
->getValue();
|
||||
if(!in_array(strtolower($status), ['not reviewed', 'not a finding', 'open', 'not applicable', 'no data', 'exception', 'false positive'])) {
|
||||
if(stripos($notes, "Formula found in status column") === false) {
|
||||
$notes .= "Formula found in status column";
|
||||
}
|
||||
$status = "Not Reviewed";
|
||||
$scan->set_Host_Error($tgt->get_ID(), true, "Formula found in the status column");
|
||||
}
|
||||
|
||||
$log->debug("{$tgt->get_Name()} {$stig->get_ID()} ($status)");
|
||||
|
||||
$finding = $db->get_Finding($tgt, $stig);
|
||||
|
||||
if (is_array($finding) && count($finding) && isset($finding[0]) && is_a($finding[0], 'finding')) {
|
||||
$findings = $tgt_findings[$tgt->get_ID()];
|
||||
if (is_array($findings) && count($findings) && isset($findings[$stig->get_PDI_ID()]) && is_a($findings[$stig->get_PDI_ID()], 'finding')) {
|
||||
/** @var finding $tmp */
|
||||
$tmp = $finding[0];
|
||||
$tmp = $findings[$stig->get_PDI_ID()];
|
||||
|
||||
if(preg_match("/Not a Finding|Not Applicable/i", $status)) {
|
||||
$ds = $tmp->get_Deconflicted_Status($status);
|
||||
$tmp->set_Finding_Status_By_String($ds);
|
||||
}
|
||||
else {
|
||||
$tmp->set_Finding_Status_By_String($status);
|
||||
}
|
||||
|
||||
$tmp->set_Notes($notes);
|
||||
$tmp->set_Category($cat_lvl);
|
||||
$tmp->set_Scan_ID($scan->get_ID());
|
||||
|
||||
$updated_findings[] = $tmp;
|
||||
}
|
||||
else {
|
||||
$tmp = new finding(null, $tgt->get_ID(), $stig->get_PDI_ID(), $scan->get_ID(), $status, $notes, null, null, null);
|
||||
} else {
|
||||
$tmp = new finding($tgt->get_ID(), $stig->get_PDI_ID(), $scan->get_ID(), $status, $notes, null, null, null);
|
||||
$tmp->set_Category($cat_lvl);
|
||||
|
||||
$new_findings[] = $tmp;
|
||||
}
|
||||
|
||||
$log->debug("{$tgt->get_Name()} {$stig->get_ID()} ({$tmp->get_Finding_Status_String()})");
|
||||
$x++;
|
||||
}
|
||||
|
||||
$row_count++;
|
||||
|
||||
if($row_count % 100 == 0) {
|
||||
if(count($updated_findings) + count($new_findings) >= 1000) {
|
||||
if(!$db->add_Findings_By_Target($updated_findings, $new_findings)) {
|
||||
die(print_r(debug_backtrace(), true));
|
||||
} else {
|
||||
@ -342,13 +403,14 @@ $scan->isTerminated();
|
||||
}
|
||||
}
|
||||
|
||||
$db->update_Scan_Host_List($scan);
|
||||
|
||||
if (!$db->add_Findings_By_Target($updated_findings, $new_findings)) {
|
||||
print "Error adding finding" . PHP_EOL;
|
||||
}
|
||||
}
|
||||
|
||||
unset($objSS);
|
||||
$db->update_Scan_Host_List($scan, $host_list);
|
||||
if (!isset($cmd['debug'])) {
|
||||
rename($cmd['f'], TMP . "/echecklist/$base_name");
|
||||
}
|
||||
|
@ -112,10 +112,8 @@ foreach ($files as $file) {
|
||||
|
||||
$scan_id = 0;
|
||||
|
||||
foreach ($findings as $key => $find) {
|
||||
if (false) {
|
||||
$find = new finding();
|
||||
}
|
||||
/** @var finding $find */
|
||||
foreach ($findings as $find) {
|
||||
$ret = array();
|
||||
if ($find->get_Scan_ID()) {
|
||||
$scan_id = $find->get_Scan_ID();
|
||||
|
@ -181,10 +181,8 @@ class mssql_parser extends scan_xml_parser {
|
||||
// check for finding
|
||||
$finding = $this->db->get_Finding($this->tgt, $this->stig);
|
||||
if (is_array($finding) && count($finding)) {
|
||||
/** @var finding $finding */
|
||||
$finding = $finding[0];
|
||||
if (false) {
|
||||
$finding = new finding();
|
||||
}
|
||||
|
||||
$finding->prepend_Notes("(MSSQL) " . $this->notes);
|
||||
if ($finding->get_Finding_Status_String() != "Not Reviewed" && $finding->get_Finding_Status_String() != $this->status) {
|
||||
@ -199,7 +197,7 @@ class mssql_parser extends scan_xml_parser {
|
||||
$this->updated_findings[$finding->get_PDI_ID()] = $finding;
|
||||
}
|
||||
else {
|
||||
$finding = new finding(null, $this->tgt->get_ID(), $this->stig->get_PDI_ID(), $this->scan->get - ID(), $this->status, $this->notes, finding::NC, "MSSQL", 1);
|
||||
$finding = new finding($this->tgt->get_ID(), $this->stig->get_PDI_ID(), $this->scan->get - ID(), $this->status, $this->notes, finding::NC, "MSSQL", 1);
|
||||
|
||||
$this->new_findings[$this->stig->get_PDI_ID()] = $finding;
|
||||
}
|
||||
|
@ -1142,7 +1142,7 @@ class nessus_parser extends scan_xml_parser
|
||||
}
|
||||
}
|
||||
else {
|
||||
$tmp = new finding(null, $this->tgt->get_ID(), $this->plugin->result->stig->get_PDI_ID(), $this->scan->get_ID(), $this->plugin->result->status, "[{$this->tgt->get_Name()}]: {$note}", finding::NC, "Nessus", 1);
|
||||
$tmp = new finding($this->tgt->get_ID(), $this->plugin->result->stig->get_PDI_ID(), $this->scan->get_ID(), $this->plugin->result->status, "[{$this->tgt->get_Name()}]: {$note}", finding::NC, "Nessus", 1);
|
||||
if (!is_null($pdi)) {
|
||||
$tmp->set_Category($pdi->get_Category_Level());
|
||||
}
|
||||
@ -1178,7 +1178,7 @@ class nessus_parser extends scan_xml_parser
|
||||
$stig = new stig($pdi_id, $this->plugin->result->stig, $this->plugin->desc);
|
||||
$this->db->add_Stig($stig);
|
||||
|
||||
$tmp = new finding(null, $this->tgt->get_ID(), $pdi->get_ID(), $this->scan->get_ID(), $this->plugin->result->status, "[" . $this->tgt->get_Name() . "]: " . $note, finding::NC, "Nessus", 1);
|
||||
$tmp = new finding($this->tgt->get_ID(), $pdi->get_ID(), $this->scan->get_ID(), $this->plugin->result->status, "[" . $this->tgt->get_Name() . "]: " . $note, finding::NC, "Nessus", 1);
|
||||
$tmp->set_Category($this->plugin->result->cat);
|
||||
|
||||
if (isset($this->new_findings[$tmp->get_PDI_ID()])) {
|
||||
@ -1211,14 +1211,12 @@ class nessus_parser extends scan_xml_parser
|
||||
$finding = $this->db->get_Finding($this->tgt, $this->plugin->db_plugin);
|
||||
|
||||
if (is_array($finding) && count($finding)) {
|
||||
$finding = $finding[0];
|
||||
$finding = current($finding[0]);
|
||||
}
|
||||
|
||||
if (is_a($finding, 'finding')) {
|
||||
/** @var finding $finding */
|
||||
$this->log->script_log("Updating finding");
|
||||
if (false) {
|
||||
$finding = new finding();
|
||||
}
|
||||
if ($this->debug) {
|
||||
$this->log->script_log("Finding exists: " . print_r($finding, true), E_DEBUG);
|
||||
}
|
||||
@ -1265,7 +1263,7 @@ class nessus_parser extends scan_xml_parser
|
||||
}
|
||||
else {
|
||||
$this->log->script_log("Adding new finding");
|
||||
$tmp = new finding(null, $this->tgt->get_ID(), $this->plugin->db_plugin->get_PDI_ID(), $this->scan->get_ID(), $this->plugin->result->status, $note, finding::NC, "Nessus", 1);
|
||||
$tmp = new finding($this->tgt->get_ID(), $this->plugin->db_plugin->get_PDI_ID(), $this->scan->get_ID(), $this->plugin->result->status, $note, finding::NC, "Nessus", 1);
|
||||
$tmp->set_Category($this->plugin->result->cat);
|
||||
|
||||
$this->new_findings[$tmp->get_PDI_ID()] = $tmp;
|
||||
|
@ -49,7 +49,7 @@ $log = new Logger("nvd_cve");
|
||||
$log->pushHandler(new StreamHandler(LOG_PATH . "/nvd_cve.log", $log_level));
|
||||
|
||||
$db = new db();
|
||||
$json = json_decode(file_get_contents($cmd['f']));
|
||||
$json = json_decode(file_get_contents($cmd['f']), true);
|
||||
$existing_cves = [];
|
||||
|
||||
$db->help->select("cve_db", ['cve_id']);
|
||||
@ -60,19 +60,21 @@ if (is_array($cves) && count($cves)) {
|
||||
}
|
||||
}
|
||||
|
||||
print "Currently " . count($existing_cves) . " in DB" . PHP_EOL . "Parsing: " . count($json->CVE_Items) . " items" . PHP_EOL;
|
||||
print "Currently " . count($existing_cves) . " in DB" . PHP_EOL . "Parsing: " . count($json['CVE_Items']) . " items" . PHP_EOL;
|
||||
|
||||
$db_cpes = [];
|
||||
$db_cpes23 = [];
|
||||
$new_cves = [];
|
||||
$new_cve_refs = [];
|
||||
$sw_rows = [];
|
||||
$new = 0;
|
||||
$existing = 0;
|
||||
|
||||
$db->help->select("software", ['id', 'cpe']);
|
||||
$db->help->select("software", ['id', 'cpe', 'cpe23']);
|
||||
$rows = $db->help->execute();
|
||||
foreach ($rows as $row) {
|
||||
$db_cpes["{$row['cpe']}"] = $row['id'];
|
||||
$db_cpes23["{$row['cpe23']}"] = $row['id'];
|
||||
}
|
||||
|
||||
$cve_fields = [
|
||||
@ -82,24 +84,22 @@ $ref_fields = [
|
||||
'cve_seq', 'source', 'url', 'val'
|
||||
];
|
||||
|
||||
foreach ($json->CVE_Items as $cve) {
|
||||
if (!isset($existing_cves["{$cve->cve->CVE_data_meta->ID}"])) {
|
||||
$log->debug("Adding {$cve->cve->CVE_data_meta->ID}");
|
||||
foreach ($json['CVE_Items'] as $cve) {
|
||||
if (!isset($existing_cves["{$cve['cve']['CVE_data_meta']['ID']}"])) {
|
||||
$log->debug("Adding {$cve['cve']['CVE_data_meta']['ID']}");
|
||||
$new++;
|
||||
|
||||
$desc = [];
|
||||
$status = null;
|
||||
$phase = null;
|
||||
$cpes = [];
|
||||
$name = $cve->cve->CVE_data_meta->ID;
|
||||
$type = $cve->cve->data_type;
|
||||
$seq = $cve->cve->CVE_data_meta->ID;
|
||||
$pd = new DateTime($cve->publishedDate);
|
||||
$lmd = new DateTime($cve->lastModifiedDate);
|
||||
$name = $cve['cve']['CVE_data_meta']['ID'];
|
||||
$seq = $cve['cve']['CVE_data_meta']['ID'];
|
||||
$pd = new DateTime($cve['publishedDate']);
|
||||
|
||||
if (is_array($cve->cve->description->description_data) && count($cve->cve->description->description_data)) {
|
||||
foreach ($cve->cve->description->description_data as $d) {
|
||||
$desc[] = $d->value;
|
||||
if (is_array($cve['cve']['description']['description_data']) && count($cve['cve']['description']['description_data'])) {
|
||||
foreach ($cve['cve']['description']['description_data'] as $d) {
|
||||
$desc[] = $d['value'];
|
||||
}
|
||||
}
|
||||
|
||||
@ -107,24 +107,21 @@ foreach ($json->CVE_Items as $cve) {
|
||||
$name, $seq, $status, $phase, $pd, implode(PHP_EOL, $desc)
|
||||
];
|
||||
|
||||
if (is_array($cve->cve->references->reference_data) && count($cve->cve->references->reference_data)) {
|
||||
foreach ($cve->cve->references->reference_data as $ref) {
|
||||
$log->debug("Adding reference {$ref->url}");
|
||||
if (is_array($cve['cve']['references']['reference_data']) && count($cve['cve']['references']['reference_data'])) {
|
||||
foreach ($cve['cve']['references']['reference_data'] as $ref) {
|
||||
$log->debug("Adding reference {$ref['url']}");
|
||||
$new_cve_refs[] = [
|
||||
$name, null, $ref->url, null
|
||||
$name, null, $ref['url'], null
|
||||
];
|
||||
}
|
||||
}
|
||||
|
||||
if (is_array($cve->configurations->nodes) && count($cve->configurations->nodes)) {
|
||||
foreach ($cve->configurations->nodes as $n) {
|
||||
if (isset($n->cpe) && is_array($n->cpe) && count($n->cpe)) {
|
||||
foreach ($n->cpe as $cpe) {
|
||||
if (isset($cpe->cpe22Uri)) {
|
||||
$cpes[] = $cpe->cpe22Uri;
|
||||
}
|
||||
elseif (isset($cpe->cpeMatchString)) {
|
||||
$cpes[] = $cpe->cpeMatchString;
|
||||
if(is_array($cve['configurations']['nodes']) && count($cve['configurations']['nodes'])) {
|
||||
foreach($cve['configurations']['nodes'] as $n) {
|
||||
if(isset($n['cpe_match']) && is_array($n['cpe_match']) && count($n['cpe_match'])) {
|
||||
foreach($n['cpe_match'] as $c) {
|
||||
if($c['vulnerable'] && $c['cpe23Uri']) {
|
||||
$cpes[] = $c['cpe23Uri'];
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -135,6 +132,8 @@ foreach ($json->CVE_Items as $cve) {
|
||||
foreach ($cpes as $cpe) {
|
||||
if (isset($db_cpes["{$cpe}"])) {
|
||||
$sw_rows[] = [$name, $db_cpes["{$cpe}"]];
|
||||
} elseif (isset($db_cpes23["{$cpe}"])) {
|
||||
$sw_rows[] = [$name, $db_cpes23["{$cpe}"]];
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -185,7 +184,7 @@ if (count($sw_rows)) {
|
||||
$db->help->execute();
|
||||
}
|
||||
|
||||
unlink($cmd['f']);
|
||||
//unlink($cmd['f']);
|
||||
|
||||
print PHP_EOL;
|
||||
|
||||
|
@ -24,7 +24,10 @@
|
||||
* - May 13, 2017 - Fixed error when trying to delete a USGCB scan file (not supported)
|
||||
* - Oct 23, 2017 - Fixed error of finding statuses being overwritten
|
||||
*/
|
||||
$cmd = getopt("f:", ['debug::', 'help::']);
|
||||
$cmd = getopt("f:", [
|
||||
'debug::',
|
||||
'help::'
|
||||
]);
|
||||
|
||||
if (! isset($cmd['f']) || isset($cmd['help'])) {
|
||||
die(usage());
|
||||
@ -39,58 +42,92 @@ if (!$conf) {
|
||||
chdir($conf['doc_root']);
|
||||
|
||||
set_time_limit(0);
|
||||
require_once 'vendor/autoload.php';
|
||||
include_once 'config.inc';
|
||||
include_once 'xml_parser.inc';
|
||||
include_once 'database.inc';
|
||||
include_once 'helper.inc';
|
||||
|
||||
use Monolog\Logger;
|
||||
use Monolog\Handler\StreamHandler;
|
||||
|
||||
chdir(TMP);
|
||||
|
||||
$db = new db();
|
||||
|
||||
$log_level = convert_log_level();
|
||||
|
||||
$base_name = basename($cmd['f']);
|
||||
$host_list = array();
|
||||
$err = new Sagacity_Error($cmd['f']);
|
||||
$log = new Logger("scc-import");
|
||||
$log->pushHandler(new StreamHandler(logify($cmd['f']), $log_level));
|
||||
|
||||
if (! file_exists($cmd['f'])) {
|
||||
$db->update_Running_Scan($base_name, ['name' => 'status', 'value' => 'ERROR']);
|
||||
$err->script_log("File not found", E_ERROR);
|
||||
}
|
||||
elseif (preg_match('/.*Results\_iavm\_(2009|2010)|Results\_USGCB/i', $cmd['f'])) {
|
||||
$db->update_Running_Scan($base_name, [
|
||||
'name' => 'status',
|
||||
'value' => 'ERROR'
|
||||
]);
|
||||
$log->error("File not found");
|
||||
die();
|
||||
} elseif (preg_match('/.*Results\_iavm\_(2009|2010)|Results\_USGCB/i', $cmd['f'])) {
|
||||
$scan = $db->get_ScanData($conf['ste'], $cmd['f']);
|
||||
if (is_array($scan) && count($scan) && isset($scan[0]) && is_a($scan[0], 'scan')) {
|
||||
$db->delete_Scan($scan[0]->get_ID(), false);
|
||||
}
|
||||
$err->script_log("Cannot parse these types of files", E_ERROR);
|
||||
$log->error("Cannot parse these types of files");
|
||||
die();
|
||||
}
|
||||
|
||||
class scc_parser extends scan_xml_parser {
|
||||
class scc_parser extends scan_xml_parser
|
||||
{
|
||||
|
||||
var $values;
|
||||
|
||||
var $value_id;
|
||||
|
||||
var $getvalue = false;
|
||||
|
||||
var $groups;
|
||||
|
||||
var $group_id;
|
||||
|
||||
var $vms_id;
|
||||
|
||||
var $vms = null;
|
||||
|
||||
var $sv_rule;
|
||||
|
||||
var $tgt;
|
||||
|
||||
var $tag;
|
||||
|
||||
var $int_count = 0;
|
||||
|
||||
var $found_rule = false;
|
||||
|
||||
/**
|
||||
* Constructor
|
||||
*
|
||||
* @global Monolog\Logger $log
|
||||
*
|
||||
* @param int $ste_id_in
|
||||
* @param string $fname_in
|
||||
*/
|
||||
public function __construct($ste_id_in, $fname_in) {
|
||||
$this->values = array();
|
||||
$this->groups = array();
|
||||
$this->tag = array();
|
||||
public function __construct($ste_id_in, $fname_in)
|
||||
{
|
||||
$this->values = [];
|
||||
$this->groups = [];
|
||||
$this->tag = [];
|
||||
parent::__construct($this, $ste_id_in, $fname_in);
|
||||
$this->db->update_Running_Scan($this->scan->get_File_Name(), ['name' => 'pid', 'value' => getmypid()]);
|
||||
}
|
||||
|
||||
/**
|
||||
* Function to parse \cdf:Benchmark
|
||||
*
|
||||
* @param array $attrs
|
||||
*/
|
||||
public function cdf_Benchmark($attrs)
|
||||
{
|
||||
$this->scan->set_Start_Time(new DateTime("now", new DateTimeZone("UTC")));
|
||||
}
|
||||
|
||||
/**
|
||||
@ -98,7 +135,8 @@ class scc_parser extends scan_xml_parser {
|
||||
*
|
||||
* @param array $attrs
|
||||
*/
|
||||
public function cdf_Benchmark_cdf_Value($attrs) {
|
||||
public function cdf_Benchmark_cdf_Value($attrs)
|
||||
{
|
||||
$this->values[$attrs['id']] = null;
|
||||
$this->value_id = $attrs['id'];
|
||||
}
|
||||
@ -108,13 +146,12 @@ class scc_parser extends scan_xml_parser {
|
||||
*
|
||||
* @param array $attrs
|
||||
*/
|
||||
public function cdf_Benchmark_cdf_Value_cdf_value($attrs) {
|
||||
public function cdf_Benchmark_cdf_Value_cdf_value($attrs)
|
||||
{
|
||||
$this->getvalue = false;
|
||||
if (! isset($attrs['selector'])) {
|
||||
$this->getvalue = true;
|
||||
}
|
||||
else {
|
||||
$this->getvalue = false;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
@ -122,7 +159,8 @@ class scc_parser extends scan_xml_parser {
|
||||
*
|
||||
* @param string $data
|
||||
*/
|
||||
public function cdf_Benchmark_cdf_Value_cdf_value_data($data) {
|
||||
public function cdf_Benchmark_cdf_Value_cdf_value_data($data)
|
||||
{
|
||||
if ($this->getvalue) {
|
||||
$this->values[$this->value_id] = $data;
|
||||
}
|
||||
@ -133,20 +171,28 @@ class scc_parser extends scan_xml_parser {
|
||||
*
|
||||
* @param array $attrs
|
||||
*/
|
||||
public function cdf_Benchmark_cdf_Group($attrs) {
|
||||
$this->vms = $this->db->get_GoldDisk($attrs['id']);
|
||||
public function cdf_Benchmark_cdf_Group($attrs)
|
||||
{
|
||||
$this->found_rule = false;
|
||||
$match = [];
|
||||
$this->vms_id = null;
|
||||
$this->vms = null;
|
||||
|
||||
if (is_array($this->vms) && count($this->vms) && isset($this->vms[0]) && is_a($this->vms[0], 'golddisk')) {
|
||||
$this->group_id = $this->vms[0]->get_PDI_ID();
|
||||
if(preg_match("/(V\-[\d]+)/", $attrs['id'], $match)) {
|
||||
$this->vms_id = $match[1];
|
||||
$this->group_id = $this->vms_id;
|
||||
}
|
||||
else {
|
||||
$this->group_id = $attrs['id'];
|
||||
$this->vms = null;
|
||||
return;
|
||||
}
|
||||
$this->vms = $this->db->get_GoldDisk($this->vms_id);
|
||||
|
||||
if (is_array($this->vms) && count($this->vms) && isset($this->vms[0]) && is_a($this->vms[0], 'golddisk')) {
|
||||
$this->vms = $this->vms[0];
|
||||
$this->group_id = $this->vms->get_PDI_ID();
|
||||
}
|
||||
|
||||
$this->vms_id = $attrs['id'];
|
||||
$this->groups[$this->group_id] = array();
|
||||
$this->found_rule = false;
|
||||
$this->groups[$this->group_id] = [];
|
||||
}
|
||||
|
||||
/**
|
||||
@ -154,7 +200,8 @@ class scc_parser extends scan_xml_parser {
|
||||
*
|
||||
* @param array $attrs
|
||||
*/
|
||||
public function cdf_Benchmark_cdf_Group_cdf_Rule($attrs) {
|
||||
public function cdf_Benchmark_cdf_Group_cdf_Rule($attrs)
|
||||
{
|
||||
$sv_rule = $this->db->get_SV_Rule(null, $attrs['id']);
|
||||
|
||||
if (is_array($sv_rule) && count($sv_rule) && isset($sv_rule[0]) && is_a($sv_rule[0], 'sv_rule')) {
|
||||
@ -179,8 +226,7 @@ class scc_parser extends scan_xml_parser {
|
||||
'status' => "Not Reviewed",
|
||||
'cat' => 2
|
||||
];
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
return;
|
||||
}
|
||||
|
||||
@ -197,7 +243,8 @@ class scc_parser extends scan_xml_parser {
|
||||
*
|
||||
* @param string $data
|
||||
*/
|
||||
public function cdf_Benchmark_cdf_Group_cdf_Rule_cdf_version_data($data) {
|
||||
public function cdf_Benchmark_cdf_Group_cdf_Rule_cdf_version_data($data)
|
||||
{
|
||||
$stig = $this->db->get_Stig($data);
|
||||
if (is_array($stig) && count($stig) && isset($stig[0]) && is_a($stig[0], 'stig')) {
|
||||
$this->found_rule = true;
|
||||
@ -229,11 +276,11 @@ class scc_parser extends scan_xml_parser {
|
||||
*
|
||||
* @param string $data
|
||||
*/
|
||||
public function cdf_Benchmark_cdf_Group_cdf_Rule_cdf_title_data($data) {
|
||||
public function cdf_Benchmark_cdf_Group_cdf_Rule_cdf_title_data($data)
|
||||
{
|
||||
if (empty($this->groups[$this->group_id]['title'])) {
|
||||
$this->groups[$this->group_id]['title'] = $data;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
// error_log(print_r($this->group_id, true));
|
||||
}
|
||||
}
|
||||
@ -243,15 +290,15 @@ class scc_parser extends scan_xml_parser {
|
||||
*
|
||||
* @param string $data
|
||||
*/
|
||||
public function cdf_Benchmark_cdf_Group_cdf_Rule_cdf_description_data($data) {
|
||||
public function cdf_Benchmark_cdf_Group_cdf_Rule_cdf_description_data($data)
|
||||
{
|
||||
if (! isset($this->groups[$this->group_id])) {
|
||||
$this->groups[$this->group_id] = array();
|
||||
$this->groups[$this->group_id] = [];
|
||||
}
|
||||
|
||||
if (isset($this->groups[$this->group_id]['desc'])) {
|
||||
$this->groups[$this->group_id]['desc'] .= $data;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
$this->groups[$this->group_id]['desc'] = $data;
|
||||
}
|
||||
}
|
||||
@ -261,7 +308,8 @@ class scc_parser extends scan_xml_parser {
|
||||
*
|
||||
* @param string $data
|
||||
*/
|
||||
public function cdf_Benchmark_cdf_Group_cdf_Rule_cdf_ident_data($data) {
|
||||
public function cdf_Benchmark_cdf_Group_cdf_Rule_cdf_ident_data($data)
|
||||
{
|
||||
if (empty($this->groups[$this->group_id]['cce']) && preg_match("/CCE/", $data)) {
|
||||
$this->groups[$this->group_id]['cce'] = $data;
|
||||
}
|
||||
@ -272,7 +320,8 @@ class scc_parser extends scan_xml_parser {
|
||||
*
|
||||
* @param string $data
|
||||
*/
|
||||
public function cdf_Benchmark_cdf_Group_cdf_Rule_cdf_fixtext_data($data) {
|
||||
public function cdf_Benchmark_cdf_Group_cdf_Rule_cdf_fixtext_data($data)
|
||||
{
|
||||
if (empty($this->groups[$this->group_id]['fix'])) {
|
||||
$this->groups[$this->group_id]['fix'] = htmlentities($data);
|
||||
}
|
||||
@ -283,7 +332,8 @@ class scc_parser extends scan_xml_parser {
|
||||
*
|
||||
* @param array $attrs
|
||||
*/
|
||||
public function cdf_Benchmark_cdf_Group_cdf_Rule_cdf_check_cdf_check_export($attrs) {
|
||||
public function cdf_Benchmark_cdf_Group_cdf_Rule_cdf_check_cdf_check_export($attrs)
|
||||
{
|
||||
if (empty($this->groups[$this->group_id]['val_id'])) {
|
||||
$this->groups[$this->group_id]['val_id'] = $attrs['value-id'];
|
||||
$this->groups[$this->group_id]['value'] = $this->values[$attrs['value-id']];
|
||||
@ -295,7 +345,8 @@ class scc_parser extends scan_xml_parser {
|
||||
/**
|
||||
* Function to parse \cdf:Benchmark\cdf:Group end tag and store content parsed from previous functions
|
||||
*/
|
||||
public function cdf_Benchmark_cdf_Group_end() {
|
||||
public function cdf_Benchmark_cdf_Group_end()
|
||||
{
|
||||
if (! $this->found_rule) {
|
||||
$this->log->script_log("Rule tag was not present for " . $this->group_id);
|
||||
unset($this->groups[$this->group_id]);
|
||||
@ -303,7 +354,7 @@ class scc_parser extends scan_xml_parser {
|
||||
}
|
||||
|
||||
if (empty($this->groups[$this->group_id]['stig'])) {
|
||||
$ia_controls = array();
|
||||
$ia_controls = [];
|
||||
$this->log->script_log("STIG ID " . $this->groups[$this->group_id]['version'] . " is not in the database, adding", E_WARNING);
|
||||
$pdi = new pdi(null, '', 'NOW');
|
||||
$pdi->set_Short_Title($this->groups[$this->group_id]['title']);
|
||||
@ -322,13 +373,11 @@ class scc_parser extends scan_xml_parser {
|
||||
foreach ($ias as $ia) {
|
||||
$ia_controls[] = new ia_control($pdi_id, substr($ia, 0, 4), substr($ia, - 1));
|
||||
}
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
$ia_controls[] = new ia_control($pdi_id, "ECSC", 1);
|
||||
}
|
||||
}
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
$ia_controls[] = new ia_control($pdi_id, 'ECSC', 1);
|
||||
}
|
||||
|
||||
@ -346,7 +395,8 @@ class scc_parser extends scan_xml_parser {
|
||||
*
|
||||
* @param array $attrs
|
||||
*/
|
||||
public function cdf_Benchmark_cdf_TestResult_cdf_target_facts_cdf_fact($attrs) {
|
||||
public function cdf_Benchmark_cdf_TestResult_cdf_target_facts_cdf_fact($attrs)
|
||||
{
|
||||
$tmp = explode(":", $attrs['name']);
|
||||
$this->tag_id = end($tmp);
|
||||
if (isset($this->tag[$this->tag_id])) {
|
||||
@ -362,18 +412,20 @@ class scc_parser extends scan_xml_parser {
|
||||
*
|
||||
* @param string $data
|
||||
*/
|
||||
public function cdf_Benchmark_cdf_TestResult_cdf_target_facts_cdf_fact_data($data) {
|
||||
public function cdf_Benchmark_cdf_TestResult_cdf_target_facts_cdf_fact_data($data)
|
||||
{
|
||||
$this->tag[$this->tag_id] = str_replace("\n", "", $data);
|
||||
}
|
||||
|
||||
/**
|
||||
* Function to parse \cdf:Benchmark\cdf:TestResult\cdf:target-facts end tag and store results
|
||||
*/
|
||||
public function cdf_Benchmark_cdf_TestResult_cdf_target_facts_end() {
|
||||
public function cdf_Benchmark_cdf_TestResult_cdf_target_facts_end()
|
||||
{
|
||||
// error_log(print_r($this->tag, true));
|
||||
$host_name = $this->tag['host_name'];
|
||||
if (preg_match("/\./", $host_name)) {
|
||||
$host_name = preg_replace("/^([^\.]+)\./i", "$1", $host_name);
|
||||
$host_name = preg_replace("/^([^.]+).*/i", "$1", $host_name);
|
||||
}
|
||||
|
||||
if (! ($tgt_id = $this->db->check_Target($this->ste_id, $host_name))) {
|
||||
@ -393,8 +445,7 @@ class scc_parser extends scan_xml_parser {
|
||||
|
||||
if (is_array($os) && count($os) && isset($os[0]) && is_a($os[0], 'software')) {
|
||||
$os = $os[0];
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
$os = $this->db->get_Software("cpe:/o:generic:generic:-")[0];
|
||||
}
|
||||
|
||||
@ -419,7 +470,7 @@ class scc_parser extends scan_xml_parser {
|
||||
$this->tgt = $this->db->get_Target_Details($this->ste_id, $tgt_id)[0];
|
||||
|
||||
$int_keys = preg_grep("/interface_name/", array_keys($this->tag));
|
||||
$match = array();
|
||||
$match = [];
|
||||
foreach ($int_keys as $key) {
|
||||
$idx = '';
|
||||
if (preg_match("/interface_name(\d+)/", $key, $match)) {
|
||||
@ -435,12 +486,10 @@ class scc_parser extends scan_xml_parser {
|
||||
if (is_array($ip) && count($ip) == 1) {
|
||||
if (preg_match("/\d+\./", $ip[0])) {
|
||||
$ipv4 = $ip[0];
|
||||
}
|
||||
elseif (preg_match("/[a-f0-9]+/", $ip[0])) {
|
||||
} elseif (preg_match("/[a-f0-9]+/", $ip[0])) {
|
||||
$ipv6 = $ip[0];
|
||||
}
|
||||
}
|
||||
elseif (is_array($ip) && count($ip) == 2) {
|
||||
} elseif (is_array($ip) && count($ip) == 2) {
|
||||
$ipv4 = $ip[0];
|
||||
$ipv6 = $ip[1];
|
||||
}
|
||||
@ -469,7 +518,8 @@ class scc_parser extends scan_xml_parser {
|
||||
*
|
||||
* @param array $attrs
|
||||
*/
|
||||
public function cdf_Benchmark_cdf_TestResult_cdf_platform($attrs) {
|
||||
public function cdf_Benchmark_cdf_TestResult_cdf_platform($attrs)
|
||||
{
|
||||
if (isset($attrs['idref']) && substr($attrs['idref'], 0, 3) == 'cpe') {
|
||||
$cpe = $attrs['idref'];
|
||||
|
||||
@ -481,8 +531,7 @@ class scc_parser extends scan_xml_parser {
|
||||
$this->log->script_log("Update OS " . $sw->get_CPE());
|
||||
$this->tgt->set_OS_ID($sw->get_ID());
|
||||
$this->tgt->set_OS_String($sw->get_Shortened_SW_String());
|
||||
}
|
||||
elseif (!$sw->is_OS() && !in_array($sw, $this->tgt->software)) {
|
||||
} elseif (! $sw->is_OS() && ! in_array($sw, $this->tgt->software)) {
|
||||
$this->log->script_log("Assigning software " . $sw->get_CPE());
|
||||
$this->tgt->software[] = $sw;
|
||||
}
|
||||
@ -497,7 +546,8 @@ class scc_parser extends scan_xml_parser {
|
||||
*
|
||||
* @param array $attrs
|
||||
*/
|
||||
public function cdf_Benchmark_cdf_TestResult_cdf_rule_result($attrs) {
|
||||
public function cdf_Benchmark_cdf_TestResult_cdf_rule_result($attrs)
|
||||
{
|
||||
$stig = $this->db->get_Stig($attrs['version']);
|
||||
$sv_rule = $this->db->get_SV_Rule(null, $attrs['idref']);
|
||||
|
||||
@ -507,41 +557,39 @@ class scc_parser extends scan_xml_parser {
|
||||
if (is_array($stig) && count($stig) && isset($stig[0]) && is_a($stig[0], 'stig')) {
|
||||
$stig = $stig[0];
|
||||
$this->group_id = $stig->get_PDI_ID();
|
||||
}
|
||||
elseif (is_array($sv_rule) && count($sv_rule) && isset($sv_rule[0]) && is_a($sv_rule[0], 'sv_rule') && !$this->group_id) {
|
||||
} elseif (is_array($sv_rule) && count($sv_rule) && isset($sv_rule[0]) && is_a($sv_rule[0], 'sv_rule') && ! $this->group_id) {
|
||||
$sv_rule = $sv_rule[0];
|
||||
$this->group_id = $sv_rule->get_PDI_ID();
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
$this->log->script_log("Cannot find PDI ID (" . $attrs['version'] . "/" . $attrs['idref'] . ") CREATING", E_WARNING);
|
||||
|
||||
$this->group_id = null;
|
||||
|
||||
return;
|
||||
/*
|
||||
$level = 1;
|
||||
if ($attrs['severity'] == 'medium') {
|
||||
$level = 2;
|
||||
}
|
||||
elseif ($attrs['severity'] == 'low') {
|
||||
$level = 3;
|
||||
}
|
||||
$pdi = new pdi(null, $level, new DateTime);
|
||||
$pdi_id = $this->db->save_PDI($pdi);
|
||||
|
||||
$this->group_id = $pdi_id;
|
||||
|
||||
if (!empty($attrs['version'])) {
|
||||
$stig = new stig($pdi_id, $attrs['version'], null, null);
|
||||
$this->db->add_Stig($stig);
|
||||
}
|
||||
|
||||
if (!empty($attrs['idref'])) {
|
||||
$sv_rule = new sv_rule($pdi_id, $attrs['idref']);
|
||||
$this->db->save_SV_Rule($sv_rule);
|
||||
}
|
||||
|
||||
return;
|
||||
* $level = 1;
|
||||
* if ($attrs['severity'] == 'medium') {
|
||||
* $level = 2;
|
||||
* }
|
||||
* elseif ($attrs['severity'] == 'low') {
|
||||
* $level = 3;
|
||||
* }
|
||||
* $pdi = new pdi(null, $level, new DateTime);
|
||||
* $pdi_id = $this->db->save_PDI($pdi);
|
||||
*
|
||||
* $this->group_id = $pdi_id;
|
||||
*
|
||||
* if (!empty($attrs['version'])) {
|
||||
* $stig = new stig($pdi_id, $attrs['version'], null, null);
|
||||
* $this->db->add_Stig($stig);
|
||||
* }
|
||||
*
|
||||
* if (!empty($attrs['idref'])) {
|
||||
* $sv_rule = new sv_rule($pdi_id, $attrs['idref']);
|
||||
* $this->db->save_SV_Rule($sv_rule);
|
||||
* }
|
||||
*
|
||||
* return;
|
||||
*/
|
||||
}
|
||||
|
||||
@ -570,11 +618,11 @@ class scc_parser extends scan_xml_parser {
|
||||
*
|
||||
* @param string $data
|
||||
*/
|
||||
public function cdf_Benchmark_cdf_TestResult_cdf_rule_result_cdf_result_data($data) {
|
||||
public function cdf_Benchmark_cdf_TestResult_cdf_rule_result_cdf_result_data($data)
|
||||
{
|
||||
if (preg_match("/pass|true/i", $data)) {
|
||||
$this->groups[$this->group_id]['status'] = "Not a Finding";
|
||||
}
|
||||
elseif (preg_match("/fail|false/i", $data)) {
|
||||
} elseif (preg_match("/fail|false/i", $data)) {
|
||||
$this->groups[$this->group_id]['status'] = "Open";
|
||||
}
|
||||
|
||||
@ -586,54 +634,54 @@ class scc_parser extends scan_xml_parser {
|
||||
*
|
||||
* @param string $data
|
||||
*/
|
||||
public function cdf_Benchmark_cdf_TestResult_cdf_rule_result_cdf_ident_data($data) {
|
||||
|
||||
}
|
||||
public function cdf_Benchmark_cdf_TestResult_cdf_rule_result_cdf_ident_data($data)
|
||||
{}
|
||||
|
||||
/**
|
||||
* Function to parse \cdf:Benchmark\cdf:TestResult end tag and store all results
|
||||
*/
|
||||
public function cdf_Benchmark_cdf_TestResult_end() {
|
||||
public function cdf_Benchmark_cdf_TestResult_end()
|
||||
{
|
||||
$new_findings = [];
|
||||
$update_findings = [];
|
||||
$existing_findings = $this->db->get_Finding($this->tgt);
|
||||
foreach ($this->groups as $pdi_id => $group) {
|
||||
if (! empty($group['val_id'])) {
|
||||
$note = "(SCC) " . $group['val_id'] . "\nRequired: " . $group['value'] . "\nActual: " . $this->values[$group['val_id']];
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
$note = "(SCC) ";
|
||||
}
|
||||
|
||||
/*
|
||||
if (isset($group['stig']) && is_a($group['stig'], 'stig')) {
|
||||
$ref = $group['stig'];
|
||||
}
|
||||
elseif (!empty($group['vms_id'])) {
|
||||
} elseif (! empty($group['vms_id'])) {
|
||||
$vms = $this->db->get_GoldDisk($group['vms_id']);
|
||||
if (is_array($vms) && count($vms) && isset($vms[0]) && is_a($vms[0], 'golddisk')) {
|
||||
$ref = $vms[0];
|
||||
}
|
||||
}
|
||||
elseif (isset($group['sv_rule']) && is_a($group['sv_rule'], 'sv_rule')) {
|
||||
} elseif (isset($group['sv_rule']) && is_a($group['sv_rule'], 'sv_rule')) {
|
||||
$ref = $group['sv_rule'];
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
$this->log->script_log("Error finding reference to search for PDI $pdi_id\n" . print_r($group, true), E_WARNING);
|
||||
continue;
|
||||
}
|
||||
*/
|
||||
|
||||
$existing_finding = $this->db->get_Finding($this->tgt, $ref);
|
||||
if (is_array($existing_finding) && count($existing_finding) && isset($existing_finding[0])) {
|
||||
$finding = $existing_finding[0];
|
||||
if (is_array($existing_findings) && count($existing_findings) && isset($existing_findings[$pdi_id])) {
|
||||
/** @var finding $finding */
|
||||
$finding = $existing_findings[$pdi_id];
|
||||
|
||||
$finding->set_Finding_Status_By_String(
|
||||
$finding->get_Deconflicted_Status($group['status'])
|
||||
);
|
||||
$finding->set_Finding_Status_By_String($finding->get_Deconflicted_Status($group['status']));
|
||||
if(preg_match("/" . preg_quote($note, "/") . "/", $finding->get_Notes())) {
|
||||
$finding->set_Notes($note);
|
||||
} else {
|
||||
$finding->prepend_Notes($note);
|
||||
|
||||
$update_findings[$finding->get_PDI_ID()] = $finding;
|
||||
}
|
||||
else {
|
||||
$new_findings[$pdi_id] = new finding(null, $this->tgt->get_ID(), $pdi_id, $this->scan->get_ID(), $group['status'], $note, finding::NC, null, 1);
|
||||
|
||||
$update_findings[$pdi_id] = $finding;
|
||||
} else {
|
||||
$new_findings[$pdi_id] = new finding($this->tgt->get_ID(), $pdi_id, $this->scan->get_ID(), $group['status'], $note, finding::NC, null, 1);
|
||||
}
|
||||
}
|
||||
|
||||
@ -643,11 +691,12 @@ class scc_parser extends scan_xml_parser {
|
||||
$hl->setTargetId($this->tgt->get_ID());
|
||||
$hl->setTargetName($this->tgt->get_Name());
|
||||
$hl->setFindingCount(count($new_findings) + count($update_findings));
|
||||
$hl->setScanError(false);
|
||||
|
||||
$this->db->update_Target_Counts($this->tgt->get_ID());
|
||||
|
||||
$this->scan->add_Target_to_Host_List($hl);
|
||||
$this->db->update_Scan_Host_List($this->scan);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
$xml = new scc_parser($conf['ste'], $cmd['f']);
|
||||
@ -657,9 +706,14 @@ $xml->parse();
|
||||
if (! $xml->debug) {
|
||||
rename($cmd['f'], TMP . "/scc/" . $base_name);
|
||||
}
|
||||
$db->update_Running_Scan($base_name, ["name" => "perc_comp", "value" => 100, "complete" => 1]);
|
||||
$db->update_Running_Scan($base_name, [
|
||||
"name" => "perc_comp",
|
||||
"value" => 100,
|
||||
"complete" => 1
|
||||
]);
|
||||
|
||||
function usage() {
|
||||
function usage()
|
||||
{
|
||||
print <<<EOO
|
||||
Purpose: To import an XCCDF result file from Security Compliance Checker 3.1+
|
||||
|
||||
|
@ -296,6 +296,8 @@ foreach ($vulns as $vul) {
|
||||
$vuln_count++;
|
||||
}
|
||||
|
||||
$db->update_Target_Counts($tgt->get_ID());
|
||||
|
||||
unset($xml);
|
||||
if (!isset($cmd['debug'])) {
|
||||
rename($cmd['f'], TMP . "/stig_viewer/$base_name");
|
||||
|
@ -461,6 +461,7 @@ if (isset($cmd['nasl'])) {
|
||||
'nasl-count' => 0
|
||||
]);
|
||||
$count = 0;
|
||||
check_path(TMP . "/nessus_plugins");
|
||||
|
||||
// Capture start time for performance monitoring
|
||||
$diff->resetClock();
|
||||
@ -602,7 +603,9 @@ if (isset($cmd['stig'])) {
|
||||
'stig-count' => 0
|
||||
]);
|
||||
$path = TMP . "/stigs";
|
||||
check_path($path);
|
||||
check_path(TMP . "/stigs");
|
||||
check_path(TMP . "/stigs/zip");
|
||||
$sunset_array = [];
|
||||
|
||||
$diff->resetClock();
|
||||
print "Started STIG ingestion ({$diff->getStartClockTime()})" . PHP_EOL;
|
||||
@ -624,6 +627,132 @@ if (isset($cmd['stig'])) {
|
||||
$prev_mon = '07';
|
||||
}
|
||||
|
||||
$current_url = "https://iasecontent.disa.mil/stigs/zip/Compilations/U_SRG-STIG_Library_{$year}_{$mon}.zip";
|
||||
$current_v2_url = "https://iasecontent.disa.mil/stigs/zip/Compilations/U_SRG-STIG_Library_{$year}_{$mon}_v2.zip";
|
||||
$sunset_url = "https://iase.disa.mil/stigs/Lists/Sunset%20Master%20List/FinalView.aspx";
|
||||
$stig_fname = "{$path}/stig_library-{$year}_{$mon}.zip";
|
||||
|
||||
if (!file_exists($stig_fname) && ping("disa.mil") && !isset($cmd['po'])) {
|
||||
if (isset($cmd['u'])) {
|
||||
$url = $cmd['u'];
|
||||
$log->debug("Checking for $url");
|
||||
|
||||
if (url_exists($url)) {
|
||||
download_file($url, $stig_fname, $db->help, 'stig-dl-progress');
|
||||
}
|
||||
}
|
||||
else {
|
||||
$log->debug("Checking for $current_url");
|
||||
|
||||
if ($found = url_exists($current_url)) {
|
||||
download_file($current_url, $stig_fname, $db->help, 'stig-dl-progress');
|
||||
}
|
||||
if (!$found) {
|
||||
$log->debug("Checking for $current_v2_url");
|
||||
|
||||
if ($found = url_exists($current_v2_url)) {
|
||||
download_file($current_v2_url, $stig_fname, $db->help, 'stig-dl-progress');
|
||||
}
|
||||
}
|
||||
if ($mon == '01') {
|
||||
$year--;
|
||||
}
|
||||
|
||||
$prev_url = "https://iasecontent.disa.mil/stigs/zip/Compilations/U_SRG-STIG_Library_{$year}_{$prev_mon}.zip";
|
||||
$prev_v2_url = "https://iasecontent.disa.mil/stigs/zip/Compilations/U_SRG-STIG_Library_{$year}_{$prev_mon}_v2.zip";
|
||||
|
||||
if (!$found) {
|
||||
$log->debug("Checking for $prev_url");
|
||||
if ($found = url_exists($prev_url)) {
|
||||
download_file($prev_url, $stig_fname, $db->help, 'stig-dl-progress');
|
||||
}
|
||||
}
|
||||
if (!$found) {
|
||||
$log->debug("Checking for $prev_v2_url");
|
||||
if (url_exists($prev_v2_url)) {
|
||||
download_file($prev_v2_url, $stig_fname, $db->help, 'stig-dl-progress');
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if(ping("disa.mil") && !isset($cmd['po'])) {
|
||||
$log->debug("Checking for $sunset_url");
|
||||
|
||||
if(url_exists($sunset_url)) {
|
||||
$log->debug("Downloading sunset STIGs");
|
||||
$contents = file_get_contents($sunset_url);
|
||||
preg_match_all("/a href=\"([^ ]+STIG\.zip)/", $contents, $sunset_array);
|
||||
|
||||
if(is_array($sunset_array) && isset($sunset_array[1]) && count($sunset_array[1])) {
|
||||
foreach($sunset_array[1] as $url) {
|
||||
$sunset_fname = basename($url);
|
||||
download_file($url, TMP . "/stigs/zip/{$sunset_fname}");
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (!isset($cmd['do']) || isset($cmd['po'])) {
|
||||
$stig_files = array_merge(
|
||||
glob("{$path}/*.zip"), glob("{$path}/*.xml"), glob(TMP . "/*.zip"), glob(TMP . "/*.xml"), glob(TMP . "/stigs/xml/*.xml")
|
||||
);
|
||||
if (!count($stig_files)) {
|
||||
die("Could not locate any XCCDF STIG libraries " . realpath(TMP));
|
||||
}
|
||||
|
||||
$script = realpath(defined('PHP_BIN') ? PHP_BIN : PHP) .
|
||||
" -c " . realpath(PHP_CONF) .
|
||||
" -f " . realpath(DOC_ROOT . "/exec/background_stigs.php") . " --" .
|
||||
(isset($cmd['exclude']) && $cmd['exclude'] ? " --exclude=\"{$cmd['exclude']}\"" : "") .
|
||||
" --delete";
|
||||
|
||||
$log->debug("Script to run $script");
|
||||
passthru($script);
|
||||
}
|
||||
|
||||
$db->help->select_count("sagacity.stigs");
|
||||
$stig_count = $db->help->execute();
|
||||
|
||||
$db->set_Setting("stig-count", $stig_count);
|
||||
|
||||
$diff->stopClock();
|
||||
|
||||
print PHP_EOL . "Finished at {$diff->getEndClockTime()}" . PHP_EOL .
|
||||
"Total Time: {$diff->getDiffString()}" . PHP_EOL;
|
||||
|
||||
sleep(3);
|
||||
}
|
||||
|
||||
if (is_a($diff->getTotalDiff(), 'DateInterval')) {
|
||||
print "Total Script Time: {$diff->getTotalDiffString()}" . PHP_EOL;
|
||||
}
|
||||
|
||||
/**
|
||||
* Function to download the latest STIG compilation library zip file for extraction and updating
|
||||
*/
|
||||
function getStigLibrary()
|
||||
{
|
||||
global $current_date, $cmd, $log, $db;
|
||||
$path = TMP;
|
||||
|
||||
$mon = '01';
|
||||
$prev_mon = '10';
|
||||
$year = (int) $current_date->format("Y");
|
||||
|
||||
if (between($current_date->format("n"), 4, 6)) {
|
||||
$mon = '04';
|
||||
$prev_mon = '01';
|
||||
}
|
||||
elseif (between($current_date->format("n"), 7, 9)) {
|
||||
$mon = '07';
|
||||
$prev_mon = '04';
|
||||
}
|
||||
elseif (between($current_date->format("n"), 10, 12)) {
|
||||
$mon = '10';
|
||||
$prev_mon = '07';
|
||||
}
|
||||
|
||||
$current_url = "http://iasecontent.disa.mil/stigs/zip/Compilations/U_SRG-STIG_Library_{$year}_{$mon}.zip";
|
||||
$current_v2_url = "http://iasecontent.disa.mil/stigs/zip/Compilations/U_SRG-STIG_Library_{$year}_{$mon}_v2.zip";
|
||||
|
||||
@ -671,109 +800,6 @@ if (isset($cmd['stig'])) {
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (!isset($cmd['do']) || isset($cmd['po'])) {
|
||||
$stig_files = array_merge(
|
||||
glob("{$path}/*.zip"), glob("{$path}/*.xml"), glob(TMP . "/*.zip"), glob(TMP . "/*.xml"), glob(TMP . "/stigs/xml/*.xml")
|
||||
);
|
||||
if (!file_exists($stig_fname) && !count($stig_files)) {
|
||||
die("Could not locate $stig_fname or find any other zip files in " . realpath(TMP));
|
||||
}
|
||||
|
||||
$script = realpath(defined('PHP_BIN') ? PHP_BIN : PHP) .
|
||||
" -c " . realpath(PHP_CONF) .
|
||||
" -f " . realpath(DOC_ROOT . "/exec/background_stigs.php") . " --" .
|
||||
(isset($cmd['exclude']) && $cmd['exclude'] ? " --exclude=\"{$cmd['exclude']}\"" : "") .
|
||||
" --delete";
|
||||
|
||||
$log->debug("Script to run $script");
|
||||
passthru($script);
|
||||
}
|
||||
|
||||
$db->help->select_count("sagacity.stigs");
|
||||
$stig_count = $db->help->execute();
|
||||
|
||||
$db->set_Setting("stig-count", $stig_count);
|
||||
|
||||
$diff->stopClock();
|
||||
|
||||
print PHP_EOL . "Finished at {$diff->getEndClockTime()}" . PHP_EOL .
|
||||
"Total Time: {$diff->getDiffString()}" . PHP_EOL;
|
||||
|
||||
sleep(3);
|
||||
}
|
||||
|
||||
/**
|
||||
* Update Sunset STIG library from DISA content
|
||||
*/
|
||||
if (isset($cmd['sunset'])) {
|
||||
$db->set_Setting_Array([
|
||||
'stig-dl-progress' => 0,
|
||||
'stig-progress' => 0,
|
||||
'stig-count' => 0
|
||||
]);
|
||||
$path = TMP . "/stigs/zip";
|
||||
check_path($path);
|
||||
$sunset_array = [];
|
||||
|
||||
$diff->resetClock();
|
||||
print "Started Sunset STIG ingestion ({$diff->getStartClockTime()})" . PHP_EOL;
|
||||
|
||||
$sunset_url="https://iase.disa.mil/stigs/Lists/Sunset%20Master%20List/FinalView.aspx";
|
||||
|
||||
if (ping("disa.mil") && !isset($cmd['po'])) {
|
||||
$log->debug("Checking for $sunset_url");
|
||||
if ($found = url_exists($sunset_url)) {
|
||||
$contents=file_get_contents($sunset_url);
|
||||
}
|
||||
|
||||
if (!$found) {
|
||||
$log->debug("Unable to download $sunset_url, aborting Sunset");
|
||||
die("Unable to open $sunset_url, aborting Sunset");
|
||||
}
|
||||
|
||||
preg_match_all("/a href=\"([^ ]+zip\/U_[^ ]+STIG\.zip)/", $contents, $sunset_array);
|
||||
|
||||
foreach($sunset_array[1] as $url) {
|
||||
$sunset_fname = basename($url);
|
||||
download_file($url, "{$path}/$sunset_fname");
|
||||
}
|
||||
}
|
||||
|
||||
if (!isset($cmd['do']) || isset($cmd['po'])) {
|
||||
$stig_files = array_merge(
|
||||
glob("{$path}/*.zip"), glob("{$path}/*.xml"),
|
||||
glob(TMP . "/*.zip"), glob(TMP . "/*.xml"), glob(TMP . "/stigs/xml/*.xml")
|
||||
);
|
||||
if (!count($stig_files)) {
|
||||
die("Could not find any other zip files in " . realpath(TMP));
|
||||
}
|
||||
|
||||
$script = realpath(defined('PHP_BIN') ? PHP_BIN : PHP) .
|
||||
" -c " . realpath(PHP_CONF) .
|
||||
" -f " . realpath(DOC_ROOT . "/exec/background_stigs.php") . " --" .
|
||||
(isset($cmd['exclude']) && $cmd['exclude'] ? " --exclude=\"{$cmd['exclude']}\"" : "") .
|
||||
" --delete";
|
||||
|
||||
$log->debug("Script to run $script");
|
||||
passthru($script);
|
||||
}
|
||||
|
||||
$db->help->select_count("sagacity.stigs");
|
||||
$stig_count = $db->help->execute();
|
||||
|
||||
$db->set_Setting("stig-count", $stig_count);
|
||||
|
||||
$diff->stopClock();
|
||||
|
||||
print PHP_EOL . "Finished at {$diff->getEndClockTime()}" . PHP_EOL .
|
||||
"Total Time: {$diff->getDiffString()}" . PHP_EOL;
|
||||
|
||||
sleep(3);
|
||||
}
|
||||
|
||||
if (is_a($diff->getTotalDiff(), 'DateInterval')) {
|
||||
print "Total Script Time: {$diff->getTotalDiffString()}" . PHP_EOL;
|
||||
}
|
||||
|
||||
/**
|
||||
@ -793,7 +819,6 @@ Usage: php update_db.php [--cpe] [--cve] [--nvd] [--nasl] [--stig] [-u={URL}] [-
|
||||
--nasl To download OpenVAS NVT library and update NASL files
|
||||
You can also extract *.nasl files from the Nessus library to $tmp/nessus_plugins and it will include these in the update
|
||||
--stig To download and update the STIG library
|
||||
--sunset To download and update the STIG library with the STIGs DISA has archived
|
||||
|
||||
--do To download the files only...do not call the parsers will overwrite any existing files
|
||||
--po To parse the downloaded files only, do not download
|
||||
|
BIN
img/scan_types/echecklist-failed.png
Normal file
BIN
img/scan_types/echecklist-failed.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 19 KiB |
@ -15,6 +15,8 @@
|
||||
* - Apr 29, 2018 - Changed default message and formatting
|
||||
*/
|
||||
|
||||
$files = glob(TMP . "/*.*");
|
||||
|
||||
?>
|
||||
|
||||
<div id="import" class="box">
|
||||
@ -112,6 +114,12 @@
|
||||
</form>
|
||||
|
||||
<div style='margin-left: 20px;'>
|
||||
<?php
|
||||
if(is_array($files) && count($files)) {
|
||||
natsort($files);
|
||||
print "<span style='background-color:red;color:white;font-size:16px;' title='" . implode("\n", $files) . "'>NOTE: There are still files in the " . realpath(TMP) . " directory (mouse over to see)</span><br />";
|
||||
}
|
||||
?>
|
||||
<input type='text' id='location' placeholder='Physical Location...' /><br />
|
||||
<input type='button' class='button' id='add-scan' value='Add Scan Result' onclick='add_scans();' /><br />
|
||||
<label for='ignore_hidden' id='ignore_label'>Ignore Hidden Tabs in Excel eChecklists</label>
|
||||
|
@ -103,6 +103,10 @@ class Array2XML {
|
||||
//return from recursion, as a note with cdata cannot have child nodes.
|
||||
return $node;
|
||||
}
|
||||
elseif(isset($arr['@comment']) && is_string($arr['@comment'])) {
|
||||
$node->appendChild($xml->createComment(self::bool2str($arr['@comment'])));
|
||||
unset($arr['@comment']);
|
||||
}
|
||||
}
|
||||
|
||||
//create subnodes using recursion
|
||||
|
@ -4,7 +4,8 @@
|
||||
"cocur/background-process" : "~0.7",
|
||||
"tecnickcom/tcpdf" : "~6.2",
|
||||
"pacificsec/cpe" : "1.0.1",
|
||||
"monolog/monolog" : "~1.23"
|
||||
"monolog/monolog" : "~1.23",
|
||||
"openlss/lib-array2xml" : "~0.5"
|
||||
},
|
||||
"require-dev" : {
|
||||
"phpunit/phpunit" : "~7.3"
|
||||
|
123
inc/composer.lock
generated
123
inc/composer.lock
generated
@ -4,7 +4,7 @@
|
||||
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
|
||||
"This file is @generated automatically"
|
||||
],
|
||||
"content-hash": "8bf5f4a76098ff9277648c58793a04b5",
|
||||
"content-hash": "0cb5c8b41ce699cfddd3ad1295045652",
|
||||
"packages": [
|
||||
{
|
||||
"name": "cocur/background-process",
|
||||
@ -46,16 +46,16 @@
|
||||
},
|
||||
{
|
||||
"name": "markbaker/complex",
|
||||
"version": "1.4.6",
|
||||
"version": "1.4.7",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/MarkBaker/PHPComplex.git",
|
||||
"reference": "a78d82ae4e682c3809fc3023d1b0ce654f6ab12b"
|
||||
"reference": "1ea674a8308baf547cbcbd30c5fcd6d301b7c000"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/MarkBaker/PHPComplex/zipball/a78d82ae4e682c3809fc3023d1b0ce654f6ab12b",
|
||||
"reference": "a78d82ae4e682c3809fc3023d1b0ce654f6ab12b",
|
||||
"url": "https://api.github.com/repos/MarkBaker/PHPComplex/zipball/1ea674a8308baf547cbcbd30c5fcd6d301b7c000",
|
||||
"reference": "1ea674a8308baf547cbcbd30c5fcd6d301b7c000",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
@ -137,7 +137,7 @@
|
||||
"complex",
|
||||
"mathematics"
|
||||
],
|
||||
"time": "2018-07-31T08:38:40+00:00"
|
||||
"time": "2018-10-13T23:28:42+00:00"
|
||||
},
|
||||
{
|
||||
"name": "monolog/monolog",
|
||||
@ -217,6 +217,55 @@
|
||||
],
|
||||
"time": "2017-06-19T01:22:40+00:00"
|
||||
},
|
||||
{
|
||||
"name": "openlss/lib-array2xml",
|
||||
"version": "0.5.1",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/nullivex/lib-array2xml.git",
|
||||
"reference": "c8b5998a342d7861f2e921403f44e0a2f3ef2be0"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/nullivex/lib-array2xml/zipball/c8b5998a342d7861f2e921403f44e0a2f3ef2be0",
|
||||
"reference": "c8b5998a342d7861f2e921403f44e0a2f3ef2be0",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
"php": ">=5.3.2"
|
||||
},
|
||||
"type": "library",
|
||||
"autoload": {
|
||||
"psr-0": {
|
||||
"LSS": ""
|
||||
}
|
||||
},
|
||||
"notification-url": "https://packagist.org/downloads/",
|
||||
"license": [
|
||||
"Apache-2.0"
|
||||
],
|
||||
"authors": [
|
||||
{
|
||||
"name": "Bryan Tong",
|
||||
"email": "contact@nullivex.com",
|
||||
"homepage": "http://bryantong.com"
|
||||
},
|
||||
{
|
||||
"name": "Tony Butler",
|
||||
"email": "spudz76@gmail.com",
|
||||
"homepage": "http://openlss.org"
|
||||
}
|
||||
],
|
||||
"description": "Array2XML conversion library credit to lalit.org",
|
||||
"homepage": "http://openlss.org",
|
||||
"keywords": [
|
||||
"array",
|
||||
"array conversion",
|
||||
"xml",
|
||||
"xml conversion"
|
||||
],
|
||||
"time": "2016-11-10T19:10:18+00:00"
|
||||
},
|
||||
{
|
||||
"name": "pacificsec/cpe",
|
||||
"version": "1.0.1",
|
||||
@ -262,16 +311,16 @@
|
||||
},
|
||||
{
|
||||
"name": "phpoffice/phpspreadsheet",
|
||||
"version": "1.4.0",
|
||||
"version": "1.4.1",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/PHPOffice/PhpSpreadsheet.git",
|
||||
"reference": "125f462a718956f37d81305ca0df4f17cef0f3b9"
|
||||
"reference": "57404f43742a8164b5eac3ab03b962d8740885c1"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/PHPOffice/PhpSpreadsheet/zipball/125f462a718956f37d81305ca0df4f17cef0f3b9",
|
||||
"reference": "125f462a718956f37d81305ca0df4f17cef0f3b9",
|
||||
"url": "https://api.github.com/repos/PHPOffice/PhpSpreadsheet/zipball/57404f43742a8164b5eac3ab03b962d8740885c1",
|
||||
"reference": "57404f43742a8164b5eac3ab03b962d8740885c1",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
@ -304,7 +353,7 @@
|
||||
"dompdf/dompdf": "Option for rendering PDF with PDF Writer",
|
||||
"jpgraph/jpgraph": "Option for rendering charts, or including charts with PDF or HTML Writers",
|
||||
"mpdf/mpdf": "Option for rendering PDF with PDF Writer",
|
||||
"tecnick.com/tcpdf": "Option for rendering PDF with PDF Writer"
|
||||
"tecnickcom/tcpdf": "Option for rendering PDF with PDF Writer"
|
||||
},
|
||||
"type": "library",
|
||||
"autoload": {
|
||||
@ -345,7 +394,7 @@
|
||||
"xls",
|
||||
"xlsx"
|
||||
],
|
||||
"time": "2018-08-06T02:58:06+00:00"
|
||||
"time": "2018-09-30T03:57:24+00:00"
|
||||
},
|
||||
{
|
||||
"name": "psr/log",
|
||||
@ -444,16 +493,16 @@
|
||||
},
|
||||
{
|
||||
"name": "tecnickcom/tcpdf",
|
||||
"version": "6.2.22",
|
||||
"version": "6.2.26",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/tecnickcom/TCPDF.git",
|
||||
"reference": "ac6e92fccc7d9383dfd787056831349621b1aca2"
|
||||
"reference": "367241059ca166e3a76490f4448c284e0a161f15"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/tecnickcom/TCPDF/zipball/ac6e92fccc7d9383dfd787056831349621b1aca2",
|
||||
"reference": "ac6e92fccc7d9383dfd787056831349621b1aca2",
|
||||
"url": "https://api.github.com/repos/tecnickcom/TCPDF/zipball/367241059ca166e3a76490f4448c284e0a161f15",
|
||||
"reference": "367241059ca166e3a76490f4448c284e0a161f15",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
@ -502,7 +551,7 @@
|
||||
"pdf417",
|
||||
"qrcode"
|
||||
],
|
||||
"time": "2018-09-14T15:26:29+00:00"
|
||||
"time": "2018-10-16T17:24:05+00:00"
|
||||
}
|
||||
],
|
||||
"packages-dev": [
|
||||
@ -927,16 +976,16 @@
|
||||
},
|
||||
{
|
||||
"name": "phpunit/php-code-coverage",
|
||||
"version": "6.0.7",
|
||||
"version": "6.1.0",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/sebastianbergmann/php-code-coverage.git",
|
||||
"reference": "865662550c384bc1db7e51d29aeda1c2c161d69a"
|
||||
"reference": "0685fb6a43aed1b2e09804d1aaf17144c82861f8"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/sebastianbergmann/php-code-coverage/zipball/865662550c384bc1db7e51d29aeda1c2c161d69a",
|
||||
"reference": "865662550c384bc1db7e51d29aeda1c2c161d69a",
|
||||
"url": "https://api.github.com/repos/sebastianbergmann/php-code-coverage/zipball/0685fb6a43aed1b2e09804d1aaf17144c82861f8",
|
||||
"reference": "0685fb6a43aed1b2e09804d1aaf17144c82861f8",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
@ -960,7 +1009,7 @@
|
||||
"type": "library",
|
||||
"extra": {
|
||||
"branch-alias": {
|
||||
"dev-master": "6.0-dev"
|
||||
"dev-master": "6.1-dev"
|
||||
}
|
||||
},
|
||||
"autoload": {
|
||||
@ -986,7 +1035,7 @@
|
||||
"testing",
|
||||
"xunit"
|
||||
],
|
||||
"time": "2018-06-01T07:51:50+00:00"
|
||||
"time": "2018-10-16T05:37:37+00:00"
|
||||
},
|
||||
{
|
||||
"name": "phpunit/php-file-iterator",
|
||||
@ -1179,16 +1228,16 @@
|
||||
},
|
||||
{
|
||||
"name": "phpunit/phpunit",
|
||||
"version": "7.3.5",
|
||||
"version": "7.4.0",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/sebastianbergmann/phpunit.git",
|
||||
"reference": "7b331efabbb628c518c408fdfcaf571156775de2"
|
||||
"reference": "f3837fa1e07758057ae06e8ddec6d06ba183f126"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/sebastianbergmann/phpunit/zipball/7b331efabbb628c518c408fdfcaf571156775de2",
|
||||
"reference": "7b331efabbb628c518c408fdfcaf571156775de2",
|
||||
"url": "https://api.github.com/repos/sebastianbergmann/phpunit/zipball/f3837fa1e07758057ae06e8ddec6d06ba183f126",
|
||||
"reference": "f3837fa1e07758057ae06e8ddec6d06ba183f126",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
@ -1213,7 +1262,7 @@
|
||||
"sebastian/exporter": "^3.1",
|
||||
"sebastian/global-state": "^2.0",
|
||||
"sebastian/object-enumerator": "^3.0.3",
|
||||
"sebastian/resource-operations": "^1.0",
|
||||
"sebastian/resource-operations": "^2.0",
|
||||
"sebastian/version": "^2.0.1"
|
||||
},
|
||||
"conflict": {
|
||||
@ -1233,7 +1282,7 @@
|
||||
"type": "library",
|
||||
"extra": {
|
||||
"branch-alias": {
|
||||
"dev-master": "7.3-dev"
|
||||
"dev-master": "7.4-dev"
|
||||
}
|
||||
},
|
||||
"autoload": {
|
||||
@ -1259,7 +1308,7 @@
|
||||
"testing",
|
||||
"xunit"
|
||||
],
|
||||
"time": "2018-09-08T15:14:29+00:00"
|
||||
"time": "2018-10-05T04:05:24+00:00"
|
||||
},
|
||||
{
|
||||
"name": "sebastian/code-unit-reverse-lookup",
|
||||
@ -1741,25 +1790,25 @@
|
||||
},
|
||||
{
|
||||
"name": "sebastian/resource-operations",
|
||||
"version": "1.0.0",
|
||||
"version": "2.0.1",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/sebastianbergmann/resource-operations.git",
|
||||
"reference": "ce990bb21759f94aeafd30209e8cfcdfa8bc3f52"
|
||||
"reference": "4d7a795d35b889bf80a0cc04e08d77cedfa917a9"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/sebastianbergmann/resource-operations/zipball/ce990bb21759f94aeafd30209e8cfcdfa8bc3f52",
|
||||
"reference": "ce990bb21759f94aeafd30209e8cfcdfa8bc3f52",
|
||||
"url": "https://api.github.com/repos/sebastianbergmann/resource-operations/zipball/4d7a795d35b889bf80a0cc04e08d77cedfa917a9",
|
||||
"reference": "4d7a795d35b889bf80a0cc04e08d77cedfa917a9",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
"php": ">=5.6.0"
|
||||
"php": "^7.1"
|
||||
},
|
||||
"type": "library",
|
||||
"extra": {
|
||||
"branch-alias": {
|
||||
"dev-master": "1.0.x-dev"
|
||||
"dev-master": "2.0-dev"
|
||||
}
|
||||
},
|
||||
"autoload": {
|
||||
@ -1779,7 +1828,7 @@
|
||||
],
|
||||
"description": "Provides a list of PHP built-in functions that operate on resources",
|
||||
"homepage": "https://www.github.com/sebastianbergmann/resource-operations",
|
||||
"time": "2015-07-28T20:34:47+00:00"
|
||||
"time": "2018-10-04T04:07:39+00:00"
|
||||
},
|
||||
{
|
||||
"name": "sebastian/version",
|
||||
|
4130
inc/database.inc
4130
inc/database.inc
File diff suppressed because it is too large
Load Diff
@ -26,7 +26,7 @@
|
||||
?>
|
||||
|
||||
<div id='copyright-text'>
|
||||
<p>Portions Copyright © 2016-2018 Cyber Perspective, LLC All rights reserved.</p>
|
||||
<p>Portions Copyright © 2016-2018 Cyber Perspectives, LLC All rights reserved.</p>
|
||||
<p>Portions Copyright © 2012-2015 Salient Federal Solutions</p>
|
||||
<p>Portions Copyright © 2008-2011 Science Applications International Corp.</p>
|
||||
</div>
|
||||
|
@ -242,6 +242,9 @@ function FileDetection($filename)
|
||||
if (preg_match('/Checklist:|Unclassified|Secret|STIG[_| ]ID/i', $line)) {
|
||||
$name['type'] = ECHECKLIST_CSV;
|
||||
}
|
||||
elseif (preg_match("/host\-list/", $name['base_name'])) {
|
||||
$name['type'] = HOST_LIST;
|
||||
}
|
||||
elseif (preg_match('/^\"NetBIOSName|^\"JobName/', $line)) {
|
||||
$name['type'] = UNSUPPORTED_RETINA_CSV;
|
||||
}
|
||||
@ -831,7 +834,7 @@ function logify($fname)
|
||||
touch(LOG_PATH . "/{$fname}.log");
|
||||
}
|
||||
|
||||
return LOG_PATH . "/{$fname}.log";
|
||||
return realpath(LOG_PATH . "/{$fname}.log");
|
||||
}
|
||||
|
||||
/**
|
||||
@ -852,3 +855,29 @@ function convert_log_level()
|
||||
return Logger::ERROR;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Helper method to scrape a web page
|
||||
*
|
||||
* @param string $url
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
function scrape_webpage($url)
|
||||
{
|
||||
$config = [
|
||||
CURLOPT_RETURNTRANSFER => true,
|
||||
CURLOPT_FOLLOWLOCATION => true,
|
||||
CURLOPT_HEADER => true,
|
||||
CURLOPT_SSL_VERIFYPEER => false,
|
||||
CURLOPT_USERAGENT => 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.13) Gecko/20080311 Firefox/2.0.0.13',
|
||||
CURLOPT_URL => $url
|
||||
];
|
||||
$c = curl_init();
|
||||
|
||||
curl_setopt_array($c, $config);
|
||||
|
||||
$output = curl_exec($c);
|
||||
|
||||
return $output;
|
||||
}
|
||||
|
33
inc/menu.inc
33
inc/menu.inc
@ -34,14 +34,11 @@ $script_name = filter_input(INPUT_SERVER, 'SCRIPT_NAME', FILTER_SANITIZE_STRING)
|
||||
|
||||
if (preg_match('/ste|proc/', $script_name)) {
|
||||
$ops = " class='active'";
|
||||
}
|
||||
elseif (preg_match('/results/', $script_name)) {
|
||||
} elseif (preg_match('/results/', $script_name)) {
|
||||
$results = " class='active'";
|
||||
}
|
||||
elseif (preg_match('/data/', $script_name)) {
|
||||
} elseif (preg_match('/data/', $script_name)) {
|
||||
$data = " class='active'";
|
||||
}
|
||||
elseif (preg_match('/report/', $script_name)) {
|
||||
} elseif (preg_match('/report/', $script_name)) {
|
||||
$report = " class='active'";
|
||||
}
|
||||
?>
|
||||
@ -55,6 +52,9 @@ elseif (preg_match('/report/', $script_name)) {
|
||||
$("dd[id^='smenu']").hide();
|
||||
if (id && typeof id == 'string') {
|
||||
$('#' + id).show();
|
||||
var ele = $('#' + id).parent().children('dt');
|
||||
$('#' + id).css('left', ele.position().left + ele.width());
|
||||
$('#' + id).css('top', ele.position().top + ele.height());
|
||||
}
|
||||
}
|
||||
</script>
|
||||
@ -66,6 +66,7 @@ elseif (preg_match('/report/', $script_name)) {
|
||||
list-style-type: none;
|
||||
z-index: 100;
|
||||
}
|
||||
|
||||
#menu {
|
||||
width: 25px;
|
||||
display: table-cell;
|
||||
@ -88,12 +89,14 @@ elseif (preg_match('/report/', $script_name)) {
|
||||
#menu ul {
|
||||
padding: 2px;
|
||||
}
|
||||
|
||||
#menu li {
|
||||
text-align: center;
|
||||
font-size: 85%;
|
||||
height: 18px;
|
||||
line-height: 18px;
|
||||
}
|
||||
|
||||
#menu li a, #menu dt a {
|
||||
color: #000;
|
||||
text-decoration: none;
|
||||
@ -113,21 +116,18 @@ elseif (preg_match('/report/', $script_name)) {
|
||||
<?php if (file_exists(DOC_ROOT . "/proc")) { ?>
|
||||
<li><a href="/proc">Procedural Operations</a></li>
|
||||
<?php } ?>
|
||||
</ul>
|
||||
</li>
|
||||
</ul></li>
|
||||
<li <?php print $results; ?>><a href="javascript:void(0);">Scans</a>
|
||||
<ul>
|
||||
<li><a href="/results">Results</a></li>
|
||||
<li><a href="/results/?add_scan=1">Add Scan</a></li>
|
||||
</ul>
|
||||
</li>
|
||||
</ul></li>
|
||||
<?php if (file_exists(DOC_ROOT . "/report")) { ?>
|
||||
<li <?php print $report; ?>><a href="javascript:void(0);">Report</a>
|
||||
<ul>
|
||||
<li><a href="/report/sanity.php?step=1">Sanity Check</a></li>
|
||||
<li><a href="/report/create.php">Create Risk Assessment</a></li>
|
||||
</ul>
|
||||
</li>
|
||||
</ul></li>
|
||||
<?php } ?>
|
||||
<li <?php print $data; ?>><a href="javascript:void(0);">Management</a>
|
||||
<ul>
|
||||
@ -138,11 +138,12 @@ elseif (preg_match('/report/', $script_name)) {
|
||||
<li><a href="/data/?p=Settings">Settings</a></li>
|
||||
<li><a href="/data/?p=Search">Search</a></li>
|
||||
<li><a href="/data/?p=TgtSearch">Target Search</a></li>
|
||||
</ul>
|
||||
</li>
|
||||
</ul></li>
|
||||
<li>
|
||||
<form method="post" action="/data/?p=Search" target="_blank" style="display:inline-block;">
|
||||
<input type="text" style="vertical-align:text-bottom;" name="q" placeholder="Search..." />
|
||||
<form method="post" action="/data/?p=Search" target="_blank"
|
||||
style="display: inline-block;">
|
||||
<input type="text" style="vertical-align: text-bottom;" name="q"
|
||||
placeholder="Search..." />
|
||||
</form>
|
||||
</li>
|
||||
</ul>
|
||||
|
1
inc/vendor/composer/autoload_namespaces.php
vendored
1
inc/vendor/composer/autoload_namespaces.php
vendored
@ -6,4 +6,5 @@ $vendorDir = dirname(dirname(__FILE__));
|
||||
$baseDir = dirname($vendorDir);
|
||||
|
||||
return array(
|
||||
'LSS' => array($vendorDir . '/openlss/lib-array2xml'),
|
||||
);
|
||||
|
11
inc/vendor/composer/autoload_static.php
vendored
11
inc/vendor/composer/autoload_static.php
vendored
@ -101,6 +101,16 @@ class ComposerStaticInit69a0c53551ee5f4e61c53efb549e5e72
|
||||
),
|
||||
);
|
||||
|
||||
public static $prefixesPsr0 = array (
|
||||
'L' =>
|
||||
array (
|
||||
'LSS' =>
|
||||
array (
|
||||
0 => __DIR__ . '/..' . '/openlss/lib-array2xml',
|
||||
),
|
||||
),
|
||||
);
|
||||
|
||||
public static $classMap = array (
|
||||
'Datamatrix' => __DIR__ . '/..' . '/tecnickcom/tcpdf/include/barcodes/datamatrix.php',
|
||||
'PDF417' => __DIR__ . '/..' . '/tecnickcom/tcpdf/include/barcodes/pdf417.php',
|
||||
@ -123,6 +133,7 @@ class ComposerStaticInit69a0c53551ee5f4e61c53efb549e5e72
|
||||
return \Closure::bind(function () use ($loader) {
|
||||
$loader->prefixLengthsPsr4 = ComposerStaticInit69a0c53551ee5f4e61c53efb549e5e72::$prefixLengthsPsr4;
|
||||
$loader->prefixDirsPsr4 = ComposerStaticInit69a0c53551ee5f4e61c53efb549e5e72::$prefixDirsPsr4;
|
||||
$loader->prefixesPsr0 = ComposerStaticInit69a0c53551ee5f4e61c53efb549e5e72::$prefixesPsr0;
|
||||
$loader->classMap = ComposerStaticInit69a0c53551ee5f4e61c53efb549e5e72::$classMap;
|
||||
|
||||
}, null, ClassLoader::class);
|
||||
|
89
inc/vendor/composer/installed.json
vendored
89
inc/vendor/composer/installed.json
vendored
@ -41,17 +41,17 @@
|
||||
},
|
||||
{
|
||||
"name": "markbaker/complex",
|
||||
"version": "1.4.6",
|
||||
"version_normalized": "1.4.6.0",
|
||||
"version": "1.4.7",
|
||||
"version_normalized": "1.4.7.0",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/MarkBaker/PHPComplex.git",
|
||||
"reference": "a78d82ae4e682c3809fc3023d1b0ce654f6ab12b"
|
||||
"reference": "1ea674a8308baf547cbcbd30c5fcd6d301b7c000"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/MarkBaker/PHPComplex/zipball/a78d82ae4e682c3809fc3023d1b0ce654f6ab12b",
|
||||
"reference": "a78d82ae4e682c3809fc3023d1b0ce654f6ab12b",
|
||||
"url": "https://api.github.com/repos/MarkBaker/PHPComplex/zipball/1ea674a8308baf547cbcbd30c5fcd6d301b7c000",
|
||||
"reference": "1ea674a8308baf547cbcbd30c5fcd6d301b7c000",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
@ -67,7 +67,7 @@
|
||||
"sebastian/phpcpd": "2.*",
|
||||
"squizlabs/php_codesniffer": "^3.3.0"
|
||||
},
|
||||
"time": "2018-07-31T08:38:40+00:00",
|
||||
"time": "2018-10-13T23:28:42+00:00",
|
||||
"type": "library",
|
||||
"installation-source": "dist",
|
||||
"autoload": {
|
||||
@ -216,6 +216,57 @@
|
||||
"psr-3"
|
||||
]
|
||||
},
|
||||
{
|
||||
"name": "openlss/lib-array2xml",
|
||||
"version": "0.5.1",
|
||||
"version_normalized": "0.5.1.0",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/nullivex/lib-array2xml.git",
|
||||
"reference": "c8b5998a342d7861f2e921403f44e0a2f3ef2be0"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/nullivex/lib-array2xml/zipball/c8b5998a342d7861f2e921403f44e0a2f3ef2be0",
|
||||
"reference": "c8b5998a342d7861f2e921403f44e0a2f3ef2be0",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
"php": ">=5.3.2"
|
||||
},
|
||||
"time": "2016-11-10T19:10:18+00:00",
|
||||
"type": "library",
|
||||
"installation-source": "dist",
|
||||
"autoload": {
|
||||
"psr-0": {
|
||||
"LSS": ""
|
||||
}
|
||||
},
|
||||
"notification-url": "https://packagist.org/downloads/",
|
||||
"license": [
|
||||
"Apache-2.0"
|
||||
],
|
||||
"authors": [
|
||||
{
|
||||
"name": "Bryan Tong",
|
||||
"email": "contact@nullivex.com",
|
||||
"homepage": "http://bryantong.com"
|
||||
},
|
||||
{
|
||||
"name": "Tony Butler",
|
||||
"email": "spudz76@gmail.com",
|
||||
"homepage": "http://openlss.org"
|
||||
}
|
||||
],
|
||||
"description": "Array2XML conversion library credit to lalit.org",
|
||||
"homepage": "http://openlss.org",
|
||||
"keywords": [
|
||||
"array",
|
||||
"array conversion",
|
||||
"xml",
|
||||
"xml conversion"
|
||||
]
|
||||
},
|
||||
{
|
||||
"name": "pacificsec/cpe",
|
||||
"version": "1.0.1",
|
||||
@ -263,17 +314,17 @@
|
||||
},
|
||||
{
|
||||
"name": "phpoffice/phpspreadsheet",
|
||||
"version": "1.4.0",
|
||||
"version_normalized": "1.4.0.0",
|
||||
"version": "1.4.1",
|
||||
"version_normalized": "1.4.1.0",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/PHPOffice/PhpSpreadsheet.git",
|
||||
"reference": "125f462a718956f37d81305ca0df4f17cef0f3b9"
|
||||
"reference": "57404f43742a8164b5eac3ab03b962d8740885c1"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/PHPOffice/PhpSpreadsheet/zipball/125f462a718956f37d81305ca0df4f17cef0f3b9",
|
||||
"reference": "125f462a718956f37d81305ca0df4f17cef0f3b9",
|
||||
"url": "https://api.github.com/repos/PHPOffice/PhpSpreadsheet/zipball/57404f43742a8164b5eac3ab03b962d8740885c1",
|
||||
"reference": "57404f43742a8164b5eac3ab03b962d8740885c1",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
@ -306,9 +357,9 @@
|
||||
"dompdf/dompdf": "Option for rendering PDF with PDF Writer",
|
||||
"jpgraph/jpgraph": "Option for rendering charts, or including charts with PDF or HTML Writers",
|
||||
"mpdf/mpdf": "Option for rendering PDF with PDF Writer",
|
||||
"tecnick.com/tcpdf": "Option for rendering PDF with PDF Writer"
|
||||
"tecnickcom/tcpdf": "Option for rendering PDF with PDF Writer"
|
||||
},
|
||||
"time": "2018-08-06T02:58:06+00:00",
|
||||
"time": "2018-09-30T03:57:24+00:00",
|
||||
"type": "library",
|
||||
"installation-source": "source",
|
||||
"autoload": {
|
||||
@ -451,23 +502,23 @@
|
||||
},
|
||||
{
|
||||
"name": "tecnickcom/tcpdf",
|
||||
"version": "6.2.22",
|
||||
"version_normalized": "6.2.22.0",
|
||||
"version": "6.2.26",
|
||||
"version_normalized": "6.2.26.0",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/tecnickcom/TCPDF.git",
|
||||
"reference": "ac6e92fccc7d9383dfd787056831349621b1aca2"
|
||||
"reference": "367241059ca166e3a76490f4448c284e0a161f15"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/tecnickcom/TCPDF/zipball/ac6e92fccc7d9383dfd787056831349621b1aca2",
|
||||
"reference": "ac6e92fccc7d9383dfd787056831349621b1aca2",
|
||||
"url": "https://api.github.com/repos/tecnickcom/TCPDF/zipball/367241059ca166e3a76490f4448c284e0a161f15",
|
||||
"reference": "367241059ca166e3a76490f4448c284e0a161f15",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
"php": ">=5.3.0"
|
||||
},
|
||||
"time": "2018-09-14T15:26:29+00:00",
|
||||
"time": "2018-10-16T17:24:05+00:00",
|
||||
"type": "library",
|
||||
"installation-source": "dist",
|
||||
"autoload": {
|
||||
|
1
inc/vendor/markbaker/complex/README.md
vendored
1
inc/vendor/markbaker/complex/README.md
vendored
@ -9,6 +9,7 @@ Master: [![Build Status](https://travis-ci.org/MarkBaker/PHPComplex.png?branch=m
|
||||
|
||||
Develop: [![Build Status](https://travis-ci.org/MarkBaker/PHPComplex.png?branch=develop)](http://travis-ci.org/MarkBaker/PHPComplex)
|
||||
|
||||
[![Complex Numbers](https://imgs.xkcd.com/comics/complex_numbers_2x.png)](https://xkcd.com/2028/)
|
||||
|
||||
---
|
||||
|
||||
|
@ -23,7 +23,7 @@ class Autoloader
|
||||
spl_autoload_register('__autoload');
|
||||
}
|
||||
// Register ourselves with SPL
|
||||
return spl_autoload_register(['Complex\Autoloader', 'Load']);
|
||||
return spl_autoload_register(['Complex\\Autoloader', 'Load']);
|
||||
}
|
||||
|
||||
|
||||
@ -41,7 +41,7 @@ class Autoloader
|
||||
|
||||
$pClassFilePath = __DIR__ . DIRECTORY_SEPARATOR .
|
||||
'src' . DIRECTORY_SEPARATOR .
|
||||
str_replace('Complex\\', '', $pClassName) .
|
||||
str_replace(['Complex\\', '\\'], ['', '/'], $pClassName) .
|
||||
'.php';
|
||||
|
||||
if ((file_exists($pClassFilePath) === false) || (is_readable($pClassFilePath) === false)) {
|
||||
|
14
inc/vendor/markbaker/complex/composer.json
vendored
14
inc/vendor/markbaker/complex/composer.json
vendored
@ -73,5 +73,19 @@
|
||||
"classes/src/operations/divideinto.php"
|
||||
]
|
||||
},
|
||||
"scripts": {
|
||||
"style": [
|
||||
"phpcs --report-width=200 --report-summary --report-full classes/src/ --standard=PSR2 -n"
|
||||
],
|
||||
"mess": [
|
||||
"phpmd classes/src/ xml codesize,unusedcode,design,naming -n"
|
||||
],
|
||||
"lines": [
|
||||
"phploc classes/src/ -n"
|
||||
],
|
||||
"cpd": [
|
||||
"phpcpd classes/src/ -n"
|
||||
]
|
||||
},
|
||||
"minimum-stability": "dev"
|
||||
}
|
2
inc/vendor/openlss/lib-array2xml/.gitignore
vendored
Normal file
2
inc/vendor/openlss/lib-array2xml/.gitignore
vendored
Normal file
@ -0,0 +1,2 @@
|
||||
/vendor
|
||||
/composer.lock
|
674
inc/vendor/openlss/lib-array2xml/COPYING
vendored
Normal file
674
inc/vendor/openlss/lib-array2xml/COPYING
vendored
Normal file
@ -0,0 +1,674 @@
|
||||
GNU GENERAL PUBLIC LICENSE
|
||||
Version 3, 29 June 2007
|
||||
|
||||
Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
|
||||
Everyone is permitted to copy and distribute verbatim copies
|
||||
of this license document, but changing it is not allowed.
|
||||
|
||||
Preamble
|
||||
|
||||
The GNU General Public License is a free, copyleft license for
|
||||
software and other kinds of works.
|
||||
|
||||
The licenses for most software and other practical works are designed
|
||||
to take away your freedom to share and change the works. By contrast,
|
||||
the GNU General Public License is intended to guarantee your freedom to
|
||||
share and change all versions of a program--to make sure it remains free
|
||||
software for all its users. We, the Free Software Foundation, use the
|
||||
GNU General Public License for most of our software; it applies also to
|
||||
any other work released this way by its authors. You can apply it to
|
||||
your programs, too.
|
||||
|
||||
When we speak of free software, we are referring to freedom, not
|
||||
price. Our General Public Licenses are designed to make sure that you
|
||||
have the freedom to distribute copies of free software (and charge for
|
||||
them if you wish), that you receive source code or can get it if you
|
||||
want it, that you can change the software or use pieces of it in new
|
||||
free programs, and that you know you can do these things.
|
||||
|
||||
To protect your rights, we need to prevent others from denying you
|
||||
these rights or asking you to surrender the rights. Therefore, you have
|
||||
certain responsibilities if you distribute copies of the software, or if
|
||||
you modify it: responsibilities to respect the freedom of others.
|
||||
|
||||
For example, if you distribute copies of such a program, whether
|
||||
gratis or for a fee, you must pass on to the recipients the same
|
||||
freedoms that you received. You must make sure that they, too, receive
|
||||
or can get the source code. And you must show them these terms so they
|
||||
know their rights.
|
||||
|
||||
Developers that use the GNU GPL protect your rights with two steps:
|
||||
(1) assert copyright on the software, and (2) offer you this License
|
||||
giving you legal permission to copy, distribute and/or modify it.
|
||||
|
||||
For the developers' and authors' protection, the GPL clearly explains
|
||||
that there is no warranty for this free software. For both users' and
|
||||
authors' sake, the GPL requires that modified versions be marked as
|
||||
changed, so that their problems will not be attributed erroneously to
|
||||
authors of previous versions.
|
||||
|
||||
Some devices are designed to deny users access to install or run
|
||||
modified versions of the software inside them, although the manufacturer
|
||||
can do so. This is fundamentally incompatible with the aim of
|
||||
protecting users' freedom to change the software. The systematic
|
||||
pattern of such abuse occurs in the area of products for individuals to
|
||||
use, which is precisely where it is most unacceptable. Therefore, we
|
||||
have designed this version of the GPL to prohibit the practice for those
|
||||
products. If such problems arise substantially in other domains, we
|
||||
stand ready to extend this provision to those domains in future versions
|
||||
of the GPL, as needed to protect the freedom of users.
|
||||
|
||||
Finally, every program is threatened constantly by software patents.
|
||||
States should not allow patents to restrict development and use of
|
||||
software on general-purpose computers, but in those that do, we wish to
|
||||
avoid the special danger that patents applied to a free program could
|
||||
make it effectively proprietary. To prevent this, the GPL assures that
|
||||
patents cannot be used to render the program non-free.
|
||||
|
||||
The precise terms and conditions for copying, distribution and
|
||||
modification follow.
|
||||
|
||||
TERMS AND CONDITIONS
|
||||
|
||||
0. Definitions.
|
||||
|
||||
"This License" refers to version 3 of the GNU General Public License.
|
||||
|
||||
"Copyright" also means copyright-like laws that apply to other kinds of
|
||||
works, such as semiconductor masks.
|
||||
|
||||
"The Program" refers to any copyrightable work licensed under this
|
||||
License. Each licensee is addressed as "you". "Licensees" and
|
||||
"recipients" may be individuals or organizations.
|
||||
|
||||
To "modify" a work means to copy from or adapt all or part of the work
|
||||
in a fashion requiring copyright permission, other than the making of an
|
||||
exact copy. The resulting work is called a "modified version" of the
|
||||
earlier work or a work "based on" the earlier work.
|
||||
|
||||
A "covered work" means either the unmodified Program or a work based
|
||||
on the Program.
|
||||
|
||||
To "propagate" a work means to do anything with it that, without
|
||||
permission, would make you directly or secondarily liable for
|
||||
infringement under applicable copyright law, except executing it on a
|
||||
computer or modifying a private copy. Propagation includes copying,
|
||||
distribution (with or without modification), making available to the
|
||||
public, and in some countries other activities as well.
|
||||
|
||||
To "convey" a work means any kind of propagation that enables other
|
||||
parties to make or receive copies. Mere interaction with a user through
|
||||
a computer network, with no transfer of a copy, is not conveying.
|
||||
|
||||
An interactive user interface displays "Appropriate Legal Notices"
|
||||
to the extent that it includes a convenient and prominently visible
|
||||
feature that (1) displays an appropriate copyright notice, and (2)
|
||||
tells the user that there is no warranty for the work (except to the
|
||||
extent that warranties are provided), that licensees may convey the
|
||||
work under this License, and how to view a copy of this License. If
|
||||
the interface presents a list of user commands or options, such as a
|
||||
menu, a prominent item in the list meets this criterion.
|
||||
|
||||
1. Source Code.
|
||||
|
||||
The "source code" for a work means the preferred form of the work
|
||||
for making modifications to it. "Object code" means any non-source
|
||||
form of a work.
|
||||
|
||||
A "Standard Interface" means an interface that either is an official
|
||||
standard defined by a recognized standards body, or, in the case of
|
||||
interfaces specified for a particular programming language, one that
|
||||
is widely used among developers working in that language.
|
||||
|
||||
The "System Libraries" of an executable work include anything, other
|
||||
than the work as a whole, that (a) is included in the normal form of
|
||||
packaging a Major Component, but which is not part of that Major
|
||||
Component, and (b) serves only to enable use of the work with that
|
||||
Major Component, or to implement a Standard Interface for which an
|
||||
implementation is available to the public in source code form. A
|
||||
"Major Component", in this context, means a major essential component
|
||||
(kernel, window system, and so on) of the specific operating system
|
||||
(if any) on which the executable work runs, or a compiler used to
|
||||
produce the work, or an object code interpreter used to run it.
|
||||
|
||||
The "Corresponding Source" for a work in object code form means all
|
||||
the source code needed to generate, install, and (for an executable
|
||||
work) run the object code and to modify the work, including scripts to
|
||||
control those activities. However, it does not include the work's
|
||||
System Libraries, or general-purpose tools or generally available free
|
||||
programs which are used unmodified in performing those activities but
|
||||
which are not part of the work. For example, Corresponding Source
|
||||
includes interface definition files associated with source files for
|
||||
the work, and the source code for shared libraries and dynamically
|
||||
linked subprograms that the work is specifically designed to require,
|
||||
such as by intimate data communication or control flow between those
|
||||
subprograms and other parts of the work.
|
||||
|
||||
The Corresponding Source need not include anything that users
|
||||
can regenerate automatically from other parts of the Corresponding
|
||||
Source.
|
||||
|
||||
The Corresponding Source for a work in source code form is that
|
||||
same work.
|
||||
|
||||
2. Basic Permissions.
|
||||
|
||||
All rights granted under this License are granted for the term of
|
||||
copyright on the Program, and are irrevocable provided the stated
|
||||
conditions are met. This License explicitly affirms your unlimited
|
||||
permission to run the unmodified Program. The output from running a
|
||||
covered work is covered by this License only if the output, given its
|
||||
content, constitutes a covered work. This License acknowledges your
|
||||
rights of fair use or other equivalent, as provided by copyright law.
|
||||
|
||||
You may make, run and propagate covered works that you do not
|
||||
convey, without conditions so long as your license otherwise remains
|
||||
in force. You may convey covered works to others for the sole purpose
|
||||
of having them make modifications exclusively for you, or provide you
|
||||
with facilities for running those works, provided that you comply with
|
||||
the terms of this License in conveying all material for which you do
|
||||
not control copyright. Those thus making or running the covered works
|
||||
for you must do so exclusively on your behalf, under your direction
|
||||
and control, on terms that prohibit them from making any copies of
|
||||
your copyrighted material outside their relationship with you.
|
||||
|
||||
Conveying under any other circumstances is permitted solely under
|
||||
the conditions stated below. Sublicensing is not allowed; section 10
|
||||
makes it unnecessary.
|
||||
|
||||
3. Protecting Users' Legal Rights From Anti-Circumvention Law.
|
||||
|
||||
No covered work shall be deemed part of an effective technological
|
||||
measure under any applicable law fulfilling obligations under article
|
||||
11 of the WIPO copyright treaty adopted on 20 December 1996, or
|
||||
similar laws prohibiting or restricting circumvention of such
|
||||
measures.
|
||||
|
||||
When you convey a covered work, you waive any legal power to forbid
|
||||
circumvention of technological measures to the extent such circumvention
|
||||
is effected by exercising rights under this License with respect to
|
||||
the covered work, and you disclaim any intention to limit operation or
|
||||
modification of the work as a means of enforcing, against the work's
|
||||
users, your or third parties' legal rights to forbid circumvention of
|
||||
technological measures.
|
||||
|
||||
4. Conveying Verbatim Copies.
|
||||
|
||||
You may convey verbatim copies of the Program's source code as you
|
||||
receive it, in any medium, provided that you conspicuously and
|
||||
appropriately publish on each copy an appropriate copyright notice;
|
||||
keep intact all notices stating that this License and any
|
||||
non-permissive terms added in accord with section 7 apply to the code;
|
||||
keep intact all notices of the absence of any warranty; and give all
|
||||
recipients a copy of this License along with the Program.
|
||||
|
||||
You may charge any price or no price for each copy that you convey,
|
||||
and you may offer support or warranty protection for a fee.
|
||||
|
||||
5. Conveying Modified Source Versions.
|
||||
|
||||
You may convey a work based on the Program, or the modifications to
|
||||
produce it from the Program, in the form of source code under the
|
||||
terms of section 4, provided that you also meet all of these conditions:
|
||||
|
||||
a) The work must carry prominent notices stating that you modified
|
||||
it, and giving a relevant date.
|
||||
|
||||
b) The work must carry prominent notices stating that it is
|
||||
released under this License and any conditions added under section
|
||||
7. This requirement modifies the requirement in section 4 to
|
||||
"keep intact all notices".
|
||||
|
||||
c) You must license the entire work, as a whole, under this
|
||||
License to anyone who comes into possession of a copy. This
|
||||
License will therefore apply, along with any applicable section 7
|
||||
additional terms, to the whole of the work, and all its parts,
|
||||
regardless of how they are packaged. This License gives no
|
||||
permission to license the work in any other way, but it does not
|
||||
invalidate such permission if you have separately received it.
|
||||
|
||||
d) If the work has interactive user interfaces, each must display
|
||||
Appropriate Legal Notices; however, if the Program has interactive
|
||||
interfaces that do not display Appropriate Legal Notices, your
|
||||
work need not make them do so.
|
||||
|
||||
A compilation of a covered work with other separate and independent
|
||||
works, which are not by their nature extensions of the covered work,
|
||||
and which are not combined with it such as to form a larger program,
|
||||
in or on a volume of a storage or distribution medium, is called an
|
||||
"aggregate" if the compilation and its resulting copyright are not
|
||||
used to limit the access or legal rights of the compilation's users
|
||||
beyond what the individual works permit. Inclusion of a covered work
|
||||
in an aggregate does not cause this License to apply to the other
|
||||
parts of the aggregate.
|
||||
|
||||
6. Conveying Non-Source Forms.
|
||||
|
||||
You may convey a covered work in object code form under the terms
|
||||
of sections 4 and 5, provided that you also convey the
|
||||
machine-readable Corresponding Source under the terms of this License,
|
||||
in one of these ways:
|
||||
|
||||
a) Convey the object code in, or embodied in, a physical product
|
||||
(including a physical distribution medium), accompanied by the
|
||||
Corresponding Source fixed on a durable physical medium
|
||||
customarily used for software interchange.
|
||||
|
||||
b) Convey the object code in, or embodied in, a physical product
|
||||
(including a physical distribution medium), accompanied by a
|
||||
written offer, valid for at least three years and valid for as
|
||||
long as you offer spare parts or customer support for that product
|
||||
model, to give anyone who possesses the object code either (1) a
|
||||
copy of the Corresponding Source for all the software in the
|
||||
product that is covered by this License, on a durable physical
|
||||
medium customarily used for software interchange, for a price no
|
||||
more than your reasonable cost of physically performing this
|
||||
conveying of source, or (2) access to copy the
|
||||
Corresponding Source from a network server at no charge.
|
||||
|
||||
c) Convey individual copies of the object code with a copy of the
|
||||
written offer to provide the Corresponding Source. This
|
||||
alternative is allowed only occasionally and noncommercially, and
|
||||
only if you received the object code with such an offer, in accord
|
||||
with subsection 6b.
|
||||
|
||||
d) Convey the object code by offering access from a designated
|
||||
place (gratis or for a charge), and offer equivalent access to the
|
||||
Corresponding Source in the same way through the same place at no
|
||||
further charge. You need not require recipients to copy the
|
||||
Corresponding Source along with the object code. If the place to
|
||||
copy the object code is a network server, the Corresponding Source
|
||||
may be on a different server (operated by you or a third party)
|
||||
that supports equivalent copying facilities, provided you maintain
|
||||
clear directions next to the object code saying where to find the
|
||||
Corresponding Source. Regardless of what server hosts the
|
||||
Corresponding Source, you remain obligated to ensure that it is
|
||||
available for as long as needed to satisfy these requirements.
|
||||
|
||||
e) Convey the object code using peer-to-peer transmission, provided
|
||||
you inform other peers where the object code and Corresponding
|
||||
Source of the work are being offered to the general public at no
|
||||
charge under subsection 6d.
|
||||
|
||||
A separable portion of the object code, whose source code is excluded
|
||||
from the Corresponding Source as a System Library, need not be
|
||||
included in conveying the object code work.
|
||||
|
||||
A "User Product" is either (1) a "consumer product", which means any
|
||||
tangible personal property which is normally used for personal, family,
|
||||
or household purposes, or (2) anything designed or sold for incorporation
|
||||
into a dwelling. In determining whether a product is a consumer product,
|
||||
doubtful cases shall be resolved in favor of coverage. For a particular
|
||||
product received by a particular user, "normally used" refers to a
|
||||
typical or common use of that class of product, regardless of the status
|
||||
of the particular user or of the way in which the particular user
|
||||
actually uses, or expects or is expected to use, the product. A product
|
||||
is a consumer product regardless of whether the product has substantial
|
||||
commercial, industrial or non-consumer uses, unless such uses represent
|
||||
the only significant mode of use of the product.
|
||||
|
||||
"Installation Information" for a User Product means any methods,
|
||||
procedures, authorization keys, or other information required to install
|
||||
and execute modified versions of a covered work in that User Product from
|
||||
a modified version of its Corresponding Source. The information must
|
||||
suffice to ensure that the continued functioning of the modified object
|
||||
code is in no case prevented or interfered with solely because
|
||||
modification has been made.
|
||||
|
||||
If you convey an object code work under this section in, or with, or
|
||||
specifically for use in, a User Product, and the conveying occurs as
|
||||
part of a transaction in which the right of possession and use of the
|
||||
User Product is transferred to the recipient in perpetuity or for a
|
||||
fixed term (regardless of how the transaction is characterized), the
|
||||
Corresponding Source conveyed under this section must be accompanied
|
||||
by the Installation Information. But this requirement does not apply
|
||||
if neither you nor any third party retains the ability to install
|
||||
modified object code on the User Product (for example, the work has
|
||||
been installed in ROM).
|
||||
|
||||
The requirement to provide Installation Information does not include a
|
||||
requirement to continue to provide support service, warranty, or updates
|
||||
for a work that has been modified or installed by the recipient, or for
|
||||
the User Product in which it has been modified or installed. Access to a
|
||||
network may be denied when the modification itself materially and
|
||||
adversely affects the operation of the network or violates the rules and
|
||||
protocols for communication across the network.
|
||||
|
||||
Corresponding Source conveyed, and Installation Information provided,
|
||||
in accord with this section must be in a format that is publicly
|
||||
documented (and with an implementation available to the public in
|
||||
source code form), and must require no special password or key for
|
||||
unpacking, reading or copying.
|
||||
|
||||
7. Additional Terms.
|
||||
|
||||
"Additional permissions" are terms that supplement the terms of this
|
||||
License by making exceptions from one or more of its conditions.
|
||||
Additional permissions that are applicable to the entire Program shall
|
||||
be treated as though they were included in this License, to the extent
|
||||
that they are valid under applicable law. If additional permissions
|
||||
apply only to part of the Program, that part may be used separately
|
||||
under those permissions, but the entire Program remains governed by
|
||||
this License without regard to the additional permissions.
|
||||
|
||||
When you convey a copy of a covered work, you may at your option
|
||||
remove any additional permissions from that copy, or from any part of
|
||||
it. (Additional permissions may be written to require their own
|
||||
removal in certain cases when you modify the work.) You may place
|
||||
additional permissions on material, added by you to a covered work,
|
||||
for which you have or can give appropriate copyright permission.
|
||||
|
||||
Notwithstanding any other provision of this License, for material you
|
||||
add to a covered work, you may (if authorized by the copyright holders of
|
||||
that material) supplement the terms of this License with terms:
|
||||
|
||||
a) Disclaiming warranty or limiting liability differently from the
|
||||
terms of sections 15 and 16 of this License; or
|
||||
|
||||
b) Requiring preservation of specified reasonable legal notices or
|
||||
author attributions in that material or in the Appropriate Legal
|
||||
Notices displayed by works containing it; or
|
||||
|
||||
c) Prohibiting misrepresentation of the origin of that material, or
|
||||
requiring that modified versions of such material be marked in
|
||||
reasonable ways as different from the original version; or
|
||||
|
||||
d) Limiting the use for publicity purposes of names of licensors or
|
||||
authors of the material; or
|
||||
|
||||
e) Declining to grant rights under trademark law for use of some
|
||||
trade names, trademarks, or service marks; or
|
||||
|
||||
f) Requiring indemnification of licensors and authors of that
|
||||
material by anyone who conveys the material (or modified versions of
|
||||
it) with contractual assumptions of liability to the recipient, for
|
||||
any liability that these contractual assumptions directly impose on
|
||||
those licensors and authors.
|
||||
|
||||
All other non-permissive additional terms are considered "further
|
||||
restrictions" within the meaning of section 10. If the Program as you
|
||||
received it, or any part of it, contains a notice stating that it is
|
||||
governed by this License along with a term that is a further
|
||||
restriction, you may remove that term. If a license document contains
|
||||
a further restriction but permits relicensing or conveying under this
|
||||
License, you may add to a covered work material governed by the terms
|
||||
of that license document, provided that the further restriction does
|
||||
not survive such relicensing or conveying.
|
||||
|
||||
If you add terms to a covered work in accord with this section, you
|
||||
must place, in the relevant source files, a statement of the
|
||||
additional terms that apply to those files, or a notice indicating
|
||||
where to find the applicable terms.
|
||||
|
||||
Additional terms, permissive or non-permissive, may be stated in the
|
||||
form of a separately written license, or stated as exceptions;
|
||||
the above requirements apply either way.
|
||||
|
||||
8. Termination.
|
||||
|
||||
You may not propagate or modify a covered work except as expressly
|
||||
provided under this License. Any attempt otherwise to propagate or
|
||||
modify it is void, and will automatically terminate your rights under
|
||||
this License (including any patent licenses granted under the third
|
||||
paragraph of section 11).
|
||||
|
||||
However, if you cease all violation of this License, then your
|
||||
license from a particular copyright holder is reinstated (a)
|
||||
provisionally, unless and until the copyright holder explicitly and
|
||||
finally terminates your license, and (b) permanently, if the copyright
|
||||
holder fails to notify you of the violation by some reasonable means
|
||||
prior to 60 days after the cessation.
|
||||
|
||||
Moreover, your license from a particular copyright holder is
|
||||
reinstated permanently if the copyright holder notifies you of the
|
||||
violation by some reasonable means, this is the first time you have
|
||||
received notice of violation of this License (for any work) from that
|
||||
copyright holder, and you cure the violation prior to 30 days after
|
||||
your receipt of the notice.
|
||||
|
||||
Termination of your rights under this section does not terminate the
|
||||
licenses of parties who have received copies or rights from you under
|
||||
this License. If your rights have been terminated and not permanently
|
||||
reinstated, you do not qualify to receive new licenses for the same
|
||||
material under section 10.
|
||||
|
||||
9. Acceptance Not Required for Having Copies.
|
||||
|
||||
You are not required to accept this License in order to receive or
|
||||
run a copy of the Program. Ancillary propagation of a covered work
|
||||
occurring solely as a consequence of using peer-to-peer transmission
|
||||
to receive a copy likewise does not require acceptance. However,
|
||||
nothing other than this License grants you permission to propagate or
|
||||
modify any covered work. These actions infringe copyright if you do
|
||||
not accept this License. Therefore, by modifying or propagating a
|
||||
covered work, you indicate your acceptance of this License to do so.
|
||||
|
||||
10. Automatic Licensing of Downstream Recipients.
|
||||
|
||||
Each time you convey a covered work, the recipient automatically
|
||||
receives a license from the original licensors, to run, modify and
|
||||
propagate that work, subject to this License. You are not responsible
|
||||
for enforcing compliance by third parties with this License.
|
||||
|
||||
An "entity transaction" is a transaction transferring control of an
|
||||
organization, or substantially all assets of one, or subdividing an
|
||||
organization, or merging organizations. If propagation of a covered
|
||||
work results from an entity transaction, each party to that
|
||||
transaction who receives a copy of the work also receives whatever
|
||||
licenses to the work the party's predecessor in interest had or could
|
||||
give under the previous paragraph, plus a right to possession of the
|
||||
Corresponding Source of the work from the predecessor in interest, if
|
||||
the predecessor has it or can get it with reasonable efforts.
|
||||
|
||||
You may not impose any further restrictions on the exercise of the
|
||||
rights granted or affirmed under this License. For example, you may
|
||||
not impose a license fee, royalty, or other charge for exercise of
|
||||
rights granted under this License, and you may not initiate litigation
|
||||
(including a cross-claim or counterclaim in a lawsuit) alleging that
|
||||
any patent claim is infringed by making, using, selling, offering for
|
||||
sale, or importing the Program or any portion of it.
|
||||
|
||||
11. Patents.
|
||||
|
||||
A "contributor" is a copyright holder who authorizes use under this
|
||||
License of the Program or a work on which the Program is based. The
|
||||
work thus licensed is called the contributor's "contributor version".
|
||||
|
||||
A contributor's "essential patent claims" are all patent claims
|
||||
owned or controlled by the contributor, whether already acquired or
|
||||
hereafter acquired, that would be infringed by some manner, permitted
|
||||
by this License, of making, using, or selling its contributor version,
|
||||
but do not include claims that would be infringed only as a
|
||||
consequence of further modification of the contributor version. For
|
||||
purposes of this definition, "control" includes the right to grant
|
||||
patent sublicenses in a manner consistent with the requirements of
|
||||
this License.
|
||||
|
||||
Each contributor grants you a non-exclusive, worldwide, royalty-free
|
||||
patent license under the contributor's essential patent claims, to
|
||||
make, use, sell, offer for sale, import and otherwise run, modify and
|
||||
propagate the contents of its contributor version.
|
||||
|
||||
In the following three paragraphs, a "patent license" is any express
|
||||
agreement or commitment, however denominated, not to enforce a patent
|
||||
(such as an express permission to practice a patent or covenant not to
|
||||
sue for patent infringement). To "grant" such a patent license to a
|
||||
party means to make such an agreement or commitment not to enforce a
|
||||
patent against the party.
|
||||
|
||||
If you convey a covered work, knowingly relying on a patent license,
|
||||
and the Corresponding Source of the work is not available for anyone
|
||||
to copy, free of charge and under the terms of this License, through a
|
||||
publicly available network server or other readily accessible means,
|
||||
then you must either (1) cause the Corresponding Source to be so
|
||||
available, or (2) arrange to deprive yourself of the benefit of the
|
||||
patent license for this particular work, or (3) arrange, in a manner
|
||||
consistent with the requirements of this License, to extend the patent
|
||||
license to downstream recipients. "Knowingly relying" means you have
|
||||
actual knowledge that, but for the patent license, your conveying the
|
||||
covered work in a country, or your recipient's use of the covered work
|
||||
in a country, would infringe one or more identifiable patents in that
|
||||
country that you have reason to believe are valid.
|
||||
|
||||
If, pursuant to or in connection with a single transaction or
|
||||
arrangement, you convey, or propagate by procuring conveyance of, a
|
||||
covered work, and grant a patent license to some of the parties
|
||||
receiving the covered work authorizing them to use, propagate, modify
|
||||
or convey a specific copy of the covered work, then the patent license
|
||||
you grant is automatically extended to all recipients of the covered
|
||||
work and works based on it.
|
||||
|
||||
A patent license is "discriminatory" if it does not include within
|
||||
the scope of its coverage, prohibits the exercise of, or is
|
||||
conditioned on the non-exercise of one or more of the rights that are
|
||||
specifically granted under this License. You may not convey a covered
|
||||
work if you are a party to an arrangement with a third party that is
|
||||
in the business of distributing software, under which you make payment
|
||||
to the third party based on the extent of your activity of conveying
|
||||
the work, and under which the third party grants, to any of the
|
||||
parties who would receive the covered work from you, a discriminatory
|
||||
patent license (a) in connection with copies of the covered work
|
||||
conveyed by you (or copies made from those copies), or (b) primarily
|
||||
for and in connection with specific products or compilations that
|
||||
contain the covered work, unless you entered into that arrangement,
|
||||
or that patent license was granted, prior to 28 March 2007.
|
||||
|
||||
Nothing in this License shall be construed as excluding or limiting
|
||||
any implied license or other defenses to infringement that may
|
||||
otherwise be available to you under applicable patent law.
|
||||
|
||||
12. No Surrender of Others' Freedom.
|
||||
|
||||
If conditions are imposed on you (whether by court order, agreement or
|
||||
otherwise) that contradict the conditions of this License, they do not
|
||||
excuse you from the conditions of this License. If you cannot convey a
|
||||
covered work so as to satisfy simultaneously your obligations under this
|
||||
License and any other pertinent obligations, then as a consequence you may
|
||||
not convey it at all. For example, if you agree to terms that obligate you
|
||||
to collect a royalty for further conveying from those to whom you convey
|
||||
the Program, the only way you could satisfy both those terms and this
|
||||
License would be to refrain entirely from conveying the Program.
|
||||
|
||||
13. Use with the GNU Affero General Public License.
|
||||
|
||||
Notwithstanding any other provision of this License, you have
|
||||
permission to link or combine any covered work with a work licensed
|
||||
under version 3 of the GNU Affero General Public License into a single
|
||||
combined work, and to convey the resulting work. The terms of this
|
||||
License will continue to apply to the part which is the covered work,
|
||||
but the special requirements of the GNU Affero General Public License,
|
||||
section 13, concerning interaction through a network will apply to the
|
||||
combination as such.
|
||||
|
||||
14. Revised Versions of this License.
|
||||
|
||||
The Free Software Foundation may publish revised and/or new versions of
|
||||
the GNU General Public License from time to time. Such new versions will
|
||||
be similar in spirit to the present version, but may differ in detail to
|
||||
address new problems or concerns.
|
||||
|
||||
Each version is given a distinguishing version number. If the
|
||||
Program specifies that a certain numbered version of the GNU General
|
||||
Public License "or any later version" applies to it, you have the
|
||||
option of following the terms and conditions either of that numbered
|
||||
version or of any later version published by the Free Software
|
||||
Foundation. If the Program does not specify a version number of the
|
||||
GNU General Public License, you may choose any version ever published
|
||||
by the Free Software Foundation.
|
||||
|
||||
If the Program specifies that a proxy can decide which future
|
||||
versions of the GNU General Public License can be used, that proxy's
|
||||
public statement of acceptance of a version permanently authorizes you
|
||||
to choose that version for the Program.
|
||||
|
||||
Later license versions may give you additional or different
|
||||
permissions. However, no additional obligations are imposed on any
|
||||
author or copyright holder as a result of your choosing to follow a
|
||||
later version.
|
||||
|
||||
15. Disclaimer of Warranty.
|
||||
|
||||
THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
|
||||
APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
|
||||
HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
|
||||
OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
|
||||
THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
|
||||
IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
|
||||
ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
|
||||
|
||||
16. Limitation of Liability.
|
||||
|
||||
IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
|
||||
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
|
||||
THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
|
||||
GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
|
||||
USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
|
||||
DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
|
||||
PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
|
||||
EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
|
||||
SUCH DAMAGES.
|
||||
|
||||
17. Interpretation of Sections 15 and 16.
|
||||
|
||||
If the disclaimer of warranty and limitation of liability provided
|
||||
above cannot be given local legal effect according to their terms,
|
||||
reviewing courts shall apply local law that most closely approximates
|
||||
an absolute waiver of all civil liability in connection with the
|
||||
Program, unless a warranty or assumption of liability accompanies a
|
||||
copy of the Program in return for a fee.
|
||||
|
||||
END OF TERMS AND CONDITIONS
|
||||
|
||||
How to Apply These Terms to Your New Programs
|
||||
|
||||
If you develop a new program, and you want it to be of the greatest
|
||||
possible use to the public, the best way to achieve this is to make it
|
||||
free software which everyone can redistribute and change under these terms.
|
||||
|
||||
To do so, attach the following notices to the program. It is safest
|
||||
to attach them to the start of each source file to most effectively
|
||||
state the exclusion of warranty; and each file should have at least
|
||||
the "copyright" line and a pointer to where the full notice is found.
|
||||
|
||||
<one line to give the program's name and a brief idea of what it does.>
|
||||
Copyright (C) <year> <name of author>
|
||||
|
||||
This program is free software: you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation, either version 3 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
Also add information on how to contact you by electronic and paper mail.
|
||||
|
||||
If the program does terminal interaction, make it output a short
|
||||
notice like this when it starts in an interactive mode:
|
||||
|
||||
<program> Copyright (C) <year> <name of author>
|
||||
This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
|
||||
This is free software, and you are welcome to redistribute it
|
||||
under certain conditions; type `show c' for details.
|
||||
|
||||
The hypothetical commands `show w' and `show c' should show the appropriate
|
||||
parts of the General Public License. Of course, your program's commands
|
||||
might be different; for a GUI interface, you would use an "about box".
|
||||
|
||||
You should also get your employer (if you work as a programmer) or school,
|
||||
if any, to sign a "copyright disclaimer" for the program, if necessary.
|
||||
For more information on this, and how to apply and follow the GNU GPL, see
|
||||
<http://www.gnu.org/licenses/>.
|
||||
|
||||
The GNU General Public License does not permit incorporating your program
|
||||
into proprietary programs. If your program is a subroutine library, you
|
||||
may consider it more useful to permit linking proprietary applications with
|
||||
the library. If this is what you want to do, use the GNU Lesser General
|
||||
Public License instead of this License. But first, please read
|
||||
<http://www.gnu.org/philosophy/why-not-lgpl.html>.
|
165
inc/vendor/openlss/lib-array2xml/COPYING LESSER
vendored
Normal file
165
inc/vendor/openlss/lib-array2xml/COPYING LESSER
vendored
Normal file
@ -0,0 +1,165 @@
|
||||
GNU LESSER GENERAL PUBLIC LICENSE
|
||||
Version 3, 29 June 2007
|
||||
|
||||
Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
|
||||
Everyone is permitted to copy and distribute verbatim copies
|
||||
of this license document, but changing it is not allowed.
|
||||
|
||||
|
||||
This version of the GNU Lesser General Public License incorporates
|
||||
the terms and conditions of version 3 of the GNU General Public
|
||||
License, supplemented by the additional permissions listed below.
|
||||
|
||||
0. Additional Definitions.
|
||||
|
||||
As used herein, "this License" refers to version 3 of the GNU Lesser
|
||||
General Public License, and the "GNU GPL" refers to version 3 of the GNU
|
||||
General Public License.
|
||||
|
||||
"The Library" refers to a covered work governed by this License,
|
||||
other than an Application or a Combined Work as defined below.
|
||||
|
||||
An "Application" is any work that makes use of an interface provided
|
||||
by the Library, but which is not otherwise based on the Library.
|
||||
Defining a subclass of a class defined by the Library is deemed a mode
|
||||
of using an interface provided by the Library.
|
||||
|
||||
A "Combined Work" is a work produced by combining or linking an
|
||||
Application with the Library. The particular version of the Library
|
||||
with which the Combined Work was made is also called the "Linked
|
||||
Version".
|
||||
|
||||
The "Minimal Corresponding Source" for a Combined Work means the
|
||||
Corresponding Source for the Combined Work, excluding any source code
|
||||
for portions of the Combined Work that, considered in isolation, are
|
||||
based on the Application, and not on the Linked Version.
|
||||
|
||||
The "Corresponding Application Code" for a Combined Work means the
|
||||
object code and/or source code for the Application, including any data
|
||||
and utility programs needed for reproducing the Combined Work from the
|
||||
Application, but excluding the System Libraries of the Combined Work.
|
||||
|
||||
1. Exception to Section 3 of the GNU GPL.
|
||||
|
||||
You may convey a covered work under sections 3 and 4 of this License
|
||||
without being bound by section 3 of the GNU GPL.
|
||||
|
||||
2. Conveying Modified Versions.
|
||||
|
||||
If you modify a copy of the Library, and, in your modifications, a
|
||||
facility refers to a function or data to be supplied by an Application
|
||||
that uses the facility (other than as an argument passed when the
|
||||
facility is invoked), then you may convey a copy of the modified
|
||||
version:
|
||||
|
||||
a) under this License, provided that you make a good faith effort to
|
||||
ensure that, in the event an Application does not supply the
|
||||
function or data, the facility still operates, and performs
|
||||
whatever part of its purpose remains meaningful, or
|
||||
|
||||
b) under the GNU GPL, with none of the additional permissions of
|
||||
this License applicable to that copy.
|
||||
|
||||
3. Object Code Incorporating Material from Library Header Files.
|
||||
|
||||
The object code form of an Application may incorporate material from
|
||||
a header file that is part of the Library. You may convey such object
|
||||
code under terms of your choice, provided that, if the incorporated
|
||||
material is not limited to numerical parameters, data structure
|
||||
layouts and accessors, or small macros, inline functions and templates
|
||||
(ten or fewer lines in length), you do both of the following:
|
||||
|
||||
a) Give prominent notice with each copy of the object code that the
|
||||
Library is used in it and that the Library and its use are
|
||||
covered by this License.
|
||||
|
||||
b) Accompany the object code with a copy of the GNU GPL and this license
|
||||
document.
|
||||
|
||||
4. Combined Works.
|
||||
|
||||
You may convey a Combined Work under terms of your choice that,
|
||||
taken together, effectively do not restrict modification of the
|
||||
portions of the Library contained in the Combined Work and reverse
|
||||
engineering for debugging such modifications, if you also do each of
|
||||
the following:
|
||||
|
||||
a) Give prominent notice with each copy of the Combined Work that
|
||||
the Library is used in it and that the Library and its use are
|
||||
covered by this License.
|
||||
|
||||
b) Accompany the Combined Work with a copy of the GNU GPL and this license
|
||||
document.
|
||||
|
||||
c) For a Combined Work that displays copyright notices during
|
||||
execution, include the copyright notice for the Library among
|
||||
these notices, as well as a reference directing the user to the
|
||||
copies of the GNU GPL and this license document.
|
||||
|
||||
d) Do one of the following:
|
||||
|
||||
0) Convey the Minimal Corresponding Source under the terms of this
|
||||
License, and the Corresponding Application Code in a form
|
||||
suitable for, and under terms that permit, the user to
|
||||
recombine or relink the Application with a modified version of
|
||||
the Linked Version to produce a modified Combined Work, in the
|
||||
manner specified by section 6 of the GNU GPL for conveying
|
||||
Corresponding Source.
|
||||
|
||||
1) Use a suitable shared library mechanism for linking with the
|
||||
Library. A suitable mechanism is one that (a) uses at run time
|
||||
a copy of the Library already present on the user's computer
|
||||
system, and (b) will operate properly with a modified version
|
||||
of the Library that is interface-compatible with the Linked
|
||||
Version.
|
||||
|
||||
e) Provide Installation Information, but only if you would otherwise
|
||||
be required to provide such information under section 6 of the
|
||||
GNU GPL, and only to the extent that such information is
|
||||
necessary to install and execute a modified version of the
|
||||
Combined Work produced by recombining or relinking the
|
||||
Application with a modified version of the Linked Version. (If
|
||||
you use option 4d0, the Installation Information must accompany
|
||||
the Minimal Corresponding Source and Corresponding Application
|
||||
Code. If you use option 4d1, you must provide the Installation
|
||||
Information in the manner specified by section 6 of the GNU GPL
|
||||
for conveying Corresponding Source.)
|
||||
|
||||
5. Combined Libraries.
|
||||
|
||||
You may place library facilities that are a work based on the
|
||||
Library side by side in a single library together with other library
|
||||
facilities that are not Applications and are not covered by this
|
||||
License, and convey such a combined library under terms of your
|
||||
choice, if you do both of the following:
|
||||
|
||||
a) Accompany the combined library with a copy of the same work based
|
||||
on the Library, uncombined with any other library facilities,
|
||||
conveyed under the terms of this License.
|
||||
|
||||
b) Give prominent notice with the combined library that part of it
|
||||
is a work based on the Library, and explaining where to find the
|
||||
accompanying uncombined form of the same work.
|
||||
|
||||
6. Revised Versions of the GNU Lesser General Public License.
|
||||
|
||||
The Free Software Foundation may publish revised and/or new versions
|
||||
of the GNU Lesser General Public License from time to time. Such new
|
||||
versions will be similar in spirit to the present version, but may
|
||||
differ in detail to address new problems or concerns.
|
||||
|
||||
Each version is given a distinguishing version number. If the
|
||||
Library as you received it specifies that a certain numbered version
|
||||
of the GNU Lesser General Public License "or any later version"
|
||||
applies to it, you have the option of following the terms and
|
||||
conditions either of that published version or of any later version
|
||||
published by the Free Software Foundation. If the Library as you
|
||||
received it does not specify a version number of the GNU Lesser
|
||||
General Public License, you may choose any version of the GNU Lesser
|
||||
General Public License ever published by the Free Software Foundation.
|
||||
|
||||
If the Library as you received it specifies that a proxy can decide
|
||||
whether future versions of the GNU Lesser General Public License shall
|
||||
apply, that proxy's public statement of acceptance of any version is
|
||||
permanent authorization for you to choose that version for the
|
||||
Library.
|
205
inc/vendor/openlss/lib-array2xml/LSS/Array2XML.php
vendored
Normal file
205
inc/vendor/openlss/lib-array2xml/LSS/Array2XML.php
vendored
Normal file
@ -0,0 +1,205 @@
|
||||
<?php
|
||||
/**
|
||||
* OpenLSS - Lighter Smarter Simpler
|
||||
*
|
||||
* This file is part of OpenLSS.
|
||||
*
|
||||
* OpenLSS is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Lesser General Public License as
|
||||
* published by the Free Software Foundation, either version 3 of
|
||||
* the License, or (at your option) any later version.
|
||||
*
|
||||
* OpenLSS is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Lesser General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the
|
||||
* GNU Lesser General Public License along with OpenLSS.
|
||||
* If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
namespace LSS;
|
||||
|
||||
use \DomDocument;
|
||||
use \Exception;
|
||||
|
||||
/**
|
||||
* Array2XML: A class to convert array in PHP to XML
|
||||
* It also takes into account attributes names unlike SimpleXML in PHP
|
||||
* It returns the XML in form of DOMDocument class for further manipulation.
|
||||
* It throws exception if the tag name or attribute name has illegal chars.
|
||||
*
|
||||
* Author : Lalit Patel
|
||||
* Website: http://www.lalit.org/lab/convert-php-array-to-xml-with-attributes
|
||||
* License: Apache License 2.0
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
* Version: 0.1 (10 July 2011)
|
||||
* Version: 0.2 (16 August 2011)
|
||||
* - replaced htmlentities() with htmlspecialchars() (Thanks to Liel Dulev)
|
||||
* - fixed a edge case where root node has a false/null/0 value. (Thanks to Liel Dulev)
|
||||
* Version: 0.3 (22 August 2011)
|
||||
* - fixed tag sanitize regex which didn't allow tagnames with single character.
|
||||
* Version: 0.4 (18 September 2011)
|
||||
* - Added support for CDATA section using @cdata instead of @value.
|
||||
* Version: 0.5 (07 December 2011)
|
||||
* - Changed logic to check numeric array indices not starting from 0.
|
||||
* Version: 0.6 (04 March 2012)
|
||||
* - Code now doesn't @cdata to be placed in an empty array
|
||||
* Version: 0.7 (24 March 2012)
|
||||
* - Reverted to version 0.5
|
||||
* Version: 0.8 (02 May 2012)
|
||||
* - Removed htmlspecialchars() before adding to text node or attributes.
|
||||
* Version: 0.11 (28 October 2015)
|
||||
* - Fixed typos; Added support for plain insertion of XML trough @xml.
|
||||
*
|
||||
* Usage:
|
||||
* $xml = Array2XML::createXML('root_node_name', $php_array);
|
||||
* echo $xml->saveXML();
|
||||
*/
|
||||
class Array2XML {
|
||||
|
||||
/**
|
||||
* @var DOMDocument
|
||||
*/
|
||||
private static $xml = null;
|
||||
private static $encoding = 'UTF-8';
|
||||
|
||||
/**
|
||||
* Initialize the root XML node [optional]
|
||||
* @param $version
|
||||
* @param $encoding
|
||||
* @param $format_output
|
||||
*/
|
||||
public static function init($version = '1.0', $encoding = 'UTF-8', $format_output = true) {
|
||||
self::$xml = new DomDocument($version, $encoding);
|
||||
self::$xml->formatOutput = $format_output;
|
||||
self::$encoding = $encoding;
|
||||
}
|
||||
|
||||
/**
|
||||
* Convert an Array to XML
|
||||
* @param string $node_name - name of the root node to be converted
|
||||
* @param array $arr - aray to be converterd
|
||||
* @return DomDocument
|
||||
*/
|
||||
public static function &createXML($node_name, $arr = array()) {
|
||||
$xml = self::getXMLRoot();
|
||||
$xml->appendChild(self::convert($node_name, $arr));
|
||||
|
||||
self::$xml = null; // clear the xml node in the class for 2nd time use.
|
||||
return $xml;
|
||||
}
|
||||
|
||||
/**
|
||||
* Convert an Array to XML.
|
||||
*
|
||||
* @param string $node_name
|
||||
* Name of the root node to be converted.
|
||||
* @param array $arr
|
||||
* Array to be converted.
|
||||
*
|
||||
* @throws \Exception
|
||||
*
|
||||
* @return \DOMNode
|
||||
*/
|
||||
private static function &convert($node_name, $arr = array()) {
|
||||
|
||||
//print_arr($node_name);
|
||||
$xml = self::getXMLRoot();
|
||||
$node = $xml->createElement($node_name);
|
||||
|
||||
if (is_array($arr)) {
|
||||
// get the attributes first.;
|
||||
if (isset($arr['@attributes'])) {
|
||||
foreach ($arr['@attributes'] as $key => $value) {
|
||||
if (!self::isValidTagName($key)) {
|
||||
throw new Exception('[Array2XML] Illegal character in attribute name. attribute: ' . $key . ' in node: ' . $node_name);
|
||||
}
|
||||
$node->setAttribute($key, self::bool2str($value));
|
||||
}
|
||||
unset($arr['@attributes']); //remove the key from the array once done.
|
||||
}
|
||||
|
||||
// check if it has a value stored in @value, if yes store the value and return
|
||||
// else check if its directly stored as string
|
||||
if (isset($arr['@value'])) {
|
||||
$node->appendChild($xml->createTextNode(self::bool2str($arr['@value'])));
|
||||
unset($arr['@value']); //remove the key from the array once done.
|
||||
//return from recursion, as a note with value cannot have child nodes.
|
||||
return $node;
|
||||
} else if (isset($arr['@cdata'])) {
|
||||
$node->appendChild($xml->createCDATASection(self::bool2str($arr['@cdata'])));
|
||||
unset($arr['@cdata']); //remove the key from the array once done.
|
||||
//return from recursion, as a note with cdata cannot have child nodes.
|
||||
return $node;
|
||||
}
|
||||
else if (isset($arr['@xml'])) {
|
||||
$fragment = $xml->createDocumentFragment();
|
||||
$fragment->appendXML($arr['@xml']);
|
||||
$node->appendChild($fragment);
|
||||
unset($arr['@xml']);
|
||||
return $node;
|
||||
}
|
||||
}
|
||||
|
||||
//create subnodes using recursion
|
||||
if (is_array($arr)) {
|
||||
// recurse to get the node for that key
|
||||
foreach ($arr as $key => $value) {
|
||||
if (!self::isValidTagName($key)) {
|
||||
throw new Exception('[Array2XML] Illegal character in tag name. tag: ' . $key . ' in node: ' . $node_name);
|
||||
}
|
||||
if (is_array($value) && is_numeric(key($value))) {
|
||||
// MORE THAN ONE NODE OF ITS KIND;
|
||||
// if the new array is numeric index, means it is array of nodes of the same kind
|
||||
// it should follow the parent key name
|
||||
foreach ($value as $k => $v) {
|
||||
$node->appendChild(self::convert($key, $v));
|
||||
}
|
||||
} else {
|
||||
// ONLY ONE NODE OF ITS KIND
|
||||
$node->appendChild(self::convert($key, $value));
|
||||
}
|
||||
unset($arr[$key]); //remove the key from the array once done.
|
||||
}
|
||||
}
|
||||
|
||||
// after we are done with all the keys in the array (if it is one)
|
||||
// we check if it has any text value, if yes, append it.
|
||||
if (!is_array($arr)) {
|
||||
$node->appendChild($xml->createTextNode(self::bool2str($arr)));
|
||||
}
|
||||
|
||||
return $node;
|
||||
}
|
||||
|
||||
/*
|
||||
* Get the root XML node, if there isn't one, create it.
|
||||
*/
|
||||
private static function getXMLRoot() {
|
||||
if (empty(self::$xml)) {
|
||||
self::init();
|
||||
}
|
||||
return self::$xml;
|
||||
}
|
||||
|
||||
/*
|
||||
* Get string representation of boolean value
|
||||
*/
|
||||
private static function bool2str($v) {
|
||||
//convert boolean to text value.
|
||||
$v = $v === true ? 'true' : $v;
|
||||
$v = $v === false ? 'false' : $v;
|
||||
return $v;
|
||||
}
|
||||
|
||||
/*
|
||||
* Check if the tag name or attribute name contains illegal characters
|
||||
* Ref: http://www.w3.org/TR/xml/#sec-common-syn
|
||||
*/
|
||||
private static function isValidTagName($tag) {
|
||||
$pattern = '/^[a-z_]+[a-z0-9\:\-\.\_]*[^:]*$/i';
|
||||
return preg_match($pattern, $tag, $matches) && $matches[0] == $tag;
|
||||
}
|
||||
}
|
||||
|
169
inc/vendor/openlss/lib-array2xml/LSS/XML2Array.php
vendored
Normal file
169
inc/vendor/openlss/lib-array2xml/LSS/XML2Array.php
vendored
Normal file
@ -0,0 +1,169 @@
|
||||
<?php
|
||||
/**
|
||||
* OpenLSS - Lighter Smarter Simpler
|
||||
*
|
||||
* This file is part of OpenLSS.
|
||||
*
|
||||
* OpenLSS is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Lesser General Public License as
|
||||
* published by the Free Software Foundation, either version 3 of
|
||||
* the License, or (at your option) any later version.
|
||||
*
|
||||
* OpenLSS is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Lesser General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the
|
||||
* GNU Lesser General Public License along with OpenLSS.
|
||||
* If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
namespace LSS;
|
||||
use \DOMDocument;
|
||||
use \Exception;
|
||||
|
||||
/**
|
||||
* XML2Array: A class to convert XML to array in PHP
|
||||
* It returns the array which can be converted back to XML using the Array2XML script
|
||||
* It takes an XML string or a DOMDocument object as an input.
|
||||
*
|
||||
* See Array2XML: http://www.lalit.org/lab/convert-php-array-to-xml-with-attributes
|
||||
*
|
||||
* Author : Lalit Patel
|
||||
* Website: http://www.lalit.org/lab/convert-xml-to-array-in-php-xml2array
|
||||
* License: Apache License 2.0
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
* Version: 0.1 (07 Dec 2011)
|
||||
* Version: 0.2 (04 Mar 2012)
|
||||
* Fixed typo 'DomDocument' to 'DOMDocument'
|
||||
*
|
||||
* Usage:
|
||||
* $array = XML2Array::createArray($xml);
|
||||
*/
|
||||
|
||||
class XML2Array {
|
||||
|
||||
protected static $xml = null;
|
||||
protected static $encoding = 'UTF-8';
|
||||
protected static $prefix_attributes = '@';
|
||||
|
||||
/**
|
||||
* Initialize the root XML node [optional]
|
||||
* @param $version
|
||||
* @param $encoding
|
||||
* @param $format_output
|
||||
*/
|
||||
public static function init($version = '1.0', $encoding = 'UTF-8', $format_output = true) {
|
||||
self::$xml = new DOMDocument($version, $encoding);
|
||||
self::$xml->formatOutput = $format_output;
|
||||
self::$encoding = $encoding;
|
||||
}
|
||||
|
||||
/**
|
||||
* Convert an XML to Array
|
||||
* @param string $node_name - name of the root node to be converted
|
||||
* @param int - Bitwise OR of the libxml option constants see @link http://php.net/manual/zh/libxml.constants.php
|
||||
* @param array $arr - aray to be converterd
|
||||
* @return DOMDocument
|
||||
*/
|
||||
public static function &createArray($input_xml, $options = 0) {
|
||||
$xml = self::getXMLRoot();
|
||||
if(is_string($input_xml)) {
|
||||
$parsed = $xml->loadXML($input_xml, $options);
|
||||
if(!$parsed) {
|
||||
throw new Exception('[XML2Array] Error parsing the XML string.');
|
||||
}
|
||||
} else {
|
||||
if(get_class($input_xml) != 'DOMDocument') {
|
||||
throw new Exception('[XML2Array] The input XML object should be of type: DOMDocument.');
|
||||
}
|
||||
$xml = self::$xml = $input_xml;
|
||||
}
|
||||
$array[$xml->documentElement->tagName] = self::convert($xml->documentElement);
|
||||
self::$xml = null; // clear the xml node in the class for 2nd time use.
|
||||
return $array;
|
||||
}
|
||||
|
||||
/**
|
||||
* Convert an Array to XML
|
||||
* @param mixed $node - XML as a string or as an object of DOMDocument
|
||||
* @return mixed
|
||||
*/
|
||||
protected static function &convert($node) {
|
||||
$output = array();
|
||||
|
||||
switch ($node->nodeType) {
|
||||
case XML_CDATA_SECTION_NODE:
|
||||
$output[static::$prefix_attributes.'cdata'] = trim($node->textContent);
|
||||
break;
|
||||
|
||||
case XML_TEXT_NODE:
|
||||
$output = trim($node->textContent);
|
||||
break;
|
||||
|
||||
case XML_ELEMENT_NODE:
|
||||
|
||||
// for each child node, call the covert function recursively
|
||||
for ($i=0, $m=$node->childNodes->length; $i<$m; $i++) {
|
||||
$child = $node->childNodes->item($i);
|
||||
$v = self::convert($child);
|
||||
if(isset($child->tagName)) {
|
||||
$t = $child->tagName;
|
||||
|
||||
// avoid fatal error if the content looks like '<html><body>You are being <a href="https://some.url">redirected</a>.</body></html>'
|
||||
if(isset($output) && !is_array($output)) {
|
||||
continue;
|
||||
}
|
||||
// assume more nodes of same kind are coming
|
||||
if(!isset($output[$t])) {
|
||||
$output[$t] = array();
|
||||
}
|
||||
$output[$t][] = $v;
|
||||
} else {
|
||||
//check if it is not an empty text node
|
||||
if($v !== '') {
|
||||
$output = $v;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if(is_array($output)) {
|
||||
// if only one node of its kind, assign it directly instead if array($value);
|
||||
foreach ($output as $t => $v) {
|
||||
if(is_array($v) && count($v)==1) {
|
||||
$output[$t] = $v[0];
|
||||
}
|
||||
}
|
||||
if(empty($output)) {
|
||||
//for empty nodes
|
||||
$output = '';
|
||||
}
|
||||
}
|
||||
|
||||
// loop through the attributes and collect them
|
||||
if($node->attributes->length) {
|
||||
$a = array();
|
||||
foreach($node->attributes as $attrName => $attrNode) {
|
||||
$a[$attrName] = (string) $attrNode->value;
|
||||
}
|
||||
// if its an leaf node, store the value in @value instead of directly storing it.
|
||||
if(!is_array($output)) {
|
||||
$output = array(static::$prefix_attributes.'value' => $output);
|
||||
}
|
||||
$output[static::$prefix_attributes.'attributes'] = $a;
|
||||
}
|
||||
break;
|
||||
}
|
||||
return $output;
|
||||
}
|
||||
|
||||
/*
|
||||
* Get the root XML node, if there isn't one, create it.
|
||||
*/
|
||||
protected static function getXMLRoot(){
|
||||
if(empty(self::$xml)) {
|
||||
self::init();
|
||||
}
|
||||
return self::$xml;
|
||||
}
|
||||
}
|
69
inc/vendor/openlss/lib-array2xml/README.md
vendored
Normal file
69
inc/vendor/openlss/lib-array2xml/README.md
vendored
Normal file
@ -0,0 +1,69 @@
|
||||
lib-array2xml
|
||||
=============
|
||||
|
||||
Array2XML conversion library credit to lalit.org
|
||||
|
||||
Usage
|
||||
----
|
||||
```php
|
||||
//create XML
|
||||
$xml = Array2XML::createXML('root_node_name', $php_array);
|
||||
echo $xml->saveXML();
|
||||
|
||||
//create Array
|
||||
$array = XML2Array::createArray($xml);
|
||||
print_r($array);
|
||||
```
|
||||
|
||||
Array2XML
|
||||
----
|
||||
|
||||
@xml example:
|
||||
```php
|
||||
// Build the array that should be transformed into a XML object.
|
||||
$array = [
|
||||
'title' => 'A title',
|
||||
'body' => [
|
||||
'@xml' => '<html><body><p>The content for the news item</p></body></html>',
|
||||
],
|
||||
];
|
||||
|
||||
// Use the Array2XML object to transform it.
|
||||
$xml = Array2XML::createXML('news', $array);
|
||||
echo $xml->saveXML();
|
||||
```
|
||||
This will result in the following.
|
||||
```xml
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<news>
|
||||
<title>A title</title>
|
||||
<body>
|
||||
<html>
|
||||
<body>
|
||||
<p>The content for the news item</p>
|
||||
</body>
|
||||
</html>
|
||||
</body>
|
||||
</news>
|
||||
```
|
||||
|
||||
Reference
|
||||
----
|
||||
More complete references can be found here
|
||||
http://www.lalit.org/lab/convert-xml-to-array-in-php-xml2array/
|
||||
http://www.lalit.org/lab/convert-php-array-to-xml-with-attributes/
|
||||
|
||||
## Changelog
|
||||
|
||||
### 0.5.1
|
||||
* Fix fata error when the array passed is empty fixed by pull request #6
|
||||
|
||||
### 0.5.0
|
||||
* add second parameter to XML2Array::createArray for DOMDocument::load, e.g: LIBXML_NOCDATA
|
||||
* change method visibility from private to protected for overloading
|
||||
* Merge pull request #5 to add child xml
|
||||
* Merge pull request #4 to change method visibility and add second parameter for load.
|
||||
|
||||
|
||||
### 0.1.0
|
||||
* Initial Release
|
33
inc/vendor/openlss/lib-array2xml/composer.json
vendored
Normal file
33
inc/vendor/openlss/lib-array2xml/composer.json
vendored
Normal file
@ -0,0 +1,33 @@
|
||||
{
|
||||
"name": "openlss/lib-array2xml"
|
||||
,"homepage": "http://openlss.org"
|
||||
,"description": "Array2XML conversion library credit to lalit.org"
|
||||
,"license": "Apache-2.0"
|
||||
,"type": "library"
|
||||
,"keywords": [
|
||||
"array"
|
||||
,"xml"
|
||||
,"xml conversion"
|
||||
,"array conversion"
|
||||
]
|
||||
,"authors": [
|
||||
{
|
||||
"name": "Bryan Tong"
|
||||
,"email": "contact@nullivex.com"
|
||||
,"homepage": "http://bryantong.com"
|
||||
}
|
||||
,{
|
||||
"name": "Tony Butler"
|
||||
,"email": "spudz76@gmail.com"
|
||||
,"homepage": "http://openlss.org"
|
||||
}
|
||||
]
|
||||
,"require": {
|
||||
"php": ">=5.3.2"
|
||||
}
|
||||
,"autoload": {
|
||||
"psr-0": {
|
||||
"LSS": ""
|
||||
}
|
||||
}
|
||||
}
|
@ -5,6 +5,15 @@ All notable changes to this project will be documented in this file.
|
||||
The format is based on [Keep a Changelog](http://keepachangelog.com/)
|
||||
and this project adheres to [Semantic Versioning](http://semver.org/).
|
||||
|
||||
## [1.4.1] - 2018-09-30
|
||||
|
||||
### Fixed
|
||||
|
||||
- Remove locale from formatting string - [#644](https://github.com/PHPOffice/PhpSpreadsheet/pull/644)
|
||||
- Allow iterators to go out of bounds with prev - [#587](https://github.com/PHPOffice/PhpSpreadsheet/issues/587)
|
||||
- Fix warning when reading xlsx without styles - [#631](https://github.com/PHPOffice/PhpSpreadsheet/pull/631)
|
||||
- Fix broken sample links on windows due to $baseDir having backslash - [#653](https://github.com/PHPOffice/PhpSpreadsheet/pull/653)
|
||||
|
||||
## [1.4.0] - 2018-08-06
|
||||
|
||||
### Added
|
||||
|
@ -61,7 +61,7 @@
|
||||
"suggest": {
|
||||
"mpdf/mpdf": "Option for rendering PDF with PDF Writer",
|
||||
"dompdf/dompdf": "Option for rendering PDF with PDF Writer",
|
||||
"tecnick.com/tcpdf": "Option for rendering PDF with PDF Writer",
|
||||
"tecnickcom/tcpdf": "Option for rendering PDF with PDF Writer",
|
||||
"jpgraph/jpgraph": "Option for rendering charts, or including charts with PDF or HTML Writers"
|
||||
},
|
||||
"autoload": {
|
||||
|
@ -43,7 +43,7 @@ usage of PhpSpreadsheet.
|
||||
## Common use cases
|
||||
|
||||
PhpSpreadsheet does not ship with alternative cache implementation. It is up to
|
||||
you to select the most appropriate implementation for your environnement. You
|
||||
you to select the most appropriate implementation for your environment. You
|
||||
can either implement [PSR-16](http://www.php-fig.org/psr/psr-16/) from scratch,
|
||||
or use [pre-existing libraries](https://packagist.org/search/?q=psr-16).
|
||||
|
||||
|
@ -82,7 +82,7 @@ class Sample
|
||||
|
||||
$files = [];
|
||||
foreach ($regex as $file) {
|
||||
$file = str_replace($baseDir . '/', '', $file[0]);
|
||||
$file = str_replace(str_replace('\\', '/', $baseDir) . '/', '', str_replace('\\', '/', $file[0]));
|
||||
$info = pathinfo($file);
|
||||
$category = str_replace('_', ' ', $info['dirname']);
|
||||
$name = str_replace('_', ' ', preg_replace('/(|\.php)/', '', $info['filename']));
|
||||
|
@ -1127,7 +1127,7 @@ class Xls extends BaseReader
|
||||
// TODO: Why is there no BSE Index? Is this a new Office Version? Password protected field?
|
||||
// More likely : a uncompatible picture
|
||||
if (!$BSEindex) {
|
||||
continue;
|
||||
continue 2;
|
||||
}
|
||||
|
||||
$BSECollection = $escherWorkbook->getDggContainer()->getBstoreContainer()->getBSECollection();
|
||||
|
@ -643,7 +643,7 @@ class Xlsx extends BaseReader
|
||||
$excel->addCellXf($objStyle);
|
||||
}
|
||||
|
||||
foreach ($xmlStyles->cellStyleXfs->xf as $xf) {
|
||||
foreach (isset($xmlStyles->cellStyleXfs->xf) ? $xmlStyles->cellStyleXfs->xf : [] as $xf) {
|
||||
$numFmt = NumberFormat::FORMAT_GENERAL;
|
||||
if ($numFmts && $xf['numFmtId']) {
|
||||
$tmpNumFmt = self::getArrayItem($numFmts->xpath("sml:numFmt[@numFmtId=$xf[numFmtId]]"));
|
||||
|
@ -320,7 +320,7 @@ class OLE
|
||||
|
||||
break;
|
||||
default:
|
||||
continue;
|
||||
break;
|
||||
}
|
||||
fseek($fh, 1, SEEK_CUR);
|
||||
$pps->Type = $type;
|
||||
|
@ -691,6 +691,9 @@ class NumberFormat extends Supervisor
|
||||
// Strip #
|
||||
$format = preg_replace('/\\#/', '0', $format);
|
||||
|
||||
// Remove locale code [$-###]
|
||||
$format = preg_replace('/\[\$\-.*\]/', '', $format);
|
||||
|
||||
$n = '/\\[[^\\]]+\\]/';
|
||||
$m = preg_replace($n, '', $format);
|
||||
$number_regex = '/(0+)(\\.?)(0*)/';
|
||||
|
@ -153,10 +153,6 @@ class ColumnCellIterator extends CellIterator
|
||||
*/
|
||||
public function prev()
|
||||
{
|
||||
if ($this->currentRow <= $this->startRow) {
|
||||
throw new PhpSpreadsheetException("Row is already at the beginning of range ({$this->startRow} - {$this->endRow})");
|
||||
}
|
||||
|
||||
do {
|
||||
--$this->currentRow;
|
||||
} while (($this->onlyExistingCells) &&
|
||||
@ -171,7 +167,7 @@ class ColumnCellIterator extends CellIterator
|
||||
*/
|
||||
public function valid()
|
||||
{
|
||||
return $this->currentRow <= $this->endRow;
|
||||
return $this->currentRow <= $this->endRow && $this->currentRow >= $this->startRow;
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -157,14 +157,9 @@ class ColumnIterator implements \Iterator
|
||||
|
||||
/**
|
||||
* Set the iterator to its previous value.
|
||||
*
|
||||
* @throws PhpSpreadsheetException
|
||||
*/
|
||||
public function prev()
|
||||
{
|
||||
if ($this->currentColumnIndex <= $this->startColumnIndex) {
|
||||
throw new PhpSpreadsheetException('Column is already at the beginning of range (' . Coordinate::stringFromColumnIndex($this->endColumnIndex) . ' - ' . Coordinate::stringFromColumnIndex($this->endColumnIndex) . ')');
|
||||
}
|
||||
--$this->currentColumnIndex;
|
||||
}
|
||||
|
||||
@ -175,6 +170,6 @@ class ColumnIterator implements \Iterator
|
||||
*/
|
||||
public function valid()
|
||||
{
|
||||
return $this->currentColumnIndex <= $this->endColumnIndex;
|
||||
return $this->currentColumnIndex <= $this->endColumnIndex && $this->currentColumnIndex >= $this->startColumnIndex;
|
||||
}
|
||||
}
|
||||
|
@ -25,7 +25,7 @@ class Iterator implements \Iterator
|
||||
*
|
||||
* @param Spreadsheet $subject
|
||||
*/
|
||||
public function __construct(Spreadsheet $subject = null)
|
||||
public function __construct(Spreadsheet $subject)
|
||||
{
|
||||
// Set subject
|
||||
$this->subject = $subject;
|
||||
@ -82,6 +82,6 @@ class Iterator implements \Iterator
|
||||
*/
|
||||
public function valid()
|
||||
{
|
||||
return $this->position < $this->subject->getSheetCount();
|
||||
return $this->position < $this->subject->getSheetCount() && $this->position >= 0;
|
||||
}
|
||||
}
|
||||
|
@ -155,9 +155,6 @@ class RowCellIterator extends CellIterator
|
||||
*/
|
||||
public function prev()
|
||||
{
|
||||
if ($this->currentColumnIndex <= $this->startColumnIndex) {
|
||||
throw new PhpSpreadsheetException('Column is already at the beginning of range (' . Coordinate::stringFromColumnIndex($this->endColumnIndex) . ' - ' . Coordinate::stringFromColumnIndex($this->endColumnIndex) . ')');
|
||||
}
|
||||
do {
|
||||
--$this->currentColumnIndex;
|
||||
} while (($this->onlyExistingCells) && (!$this->worksheet->cellExistsByColumnAndRow($this->currentColumnIndex, $this->rowIndex)) && ($this->currentColumnIndex >= $this->startColumnIndex));
|
||||
@ -170,7 +167,7 @@ class RowCellIterator extends CellIterator
|
||||
*/
|
||||
public function valid()
|
||||
{
|
||||
return $this->currentColumnIndex <= $this->endColumnIndex;
|
||||
return $this->currentColumnIndex <= $this->endColumnIndex && $this->currentColumnIndex >= $this->startColumnIndex;
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -152,15 +152,9 @@ class RowIterator implements \Iterator
|
||||
|
||||
/**
|
||||
* Set the iterator to its previous value.
|
||||
*
|
||||
* @throws PhpSpreadsheetException
|
||||
*/
|
||||
public function prev()
|
||||
{
|
||||
if ($this->position <= $this->startRow) {
|
||||
throw new PhpSpreadsheetException("Row is already at the beginning of range ({$this->startRow} - {$this->endRow})");
|
||||
}
|
||||
|
||||
--$this->position;
|
||||
}
|
||||
|
||||
@ -171,6 +165,6 @@ class RowIterator implements \Iterator
|
||||
*/
|
||||
public function valid()
|
||||
{
|
||||
return $this->position <= $this->endRow;
|
||||
return $this->position <= $this->endRow && $this->position >= $this->startRow;
|
||||
}
|
||||
}
|
||||
|
@ -78,9 +78,8 @@ class ColumnCellIteratorTest extends TestCase
|
||||
|
||||
public function testPrevOutOfRange()
|
||||
{
|
||||
$this->expectException(\PhpOffice\PhpSpreadsheet\Exception::class);
|
||||
|
||||
$iterator = new ColumnCellIterator($this->mockWorksheet, 'A', 2, 4);
|
||||
$iterator->prev();
|
||||
self::assertFalse($iterator->valid());
|
||||
}
|
||||
}
|
||||
|
@ -77,9 +77,8 @@ class ColumnIteratorTest extends TestCase
|
||||
|
||||
public function testPrevOutOfRange()
|
||||
{
|
||||
$this->expectException(\PhpOffice\PhpSpreadsheet\Exception::class);
|
||||
|
||||
$iterator = new ColumnIterator($this->mockWorksheet, 'B', 'D');
|
||||
$iterator->prev();
|
||||
self::assertFalse($iterator->valid());
|
||||
}
|
||||
}
|
||||
|
28
inc/vendor/phpoffice/phpspreadsheet/tests/PhpSpreadsheetTests/Worksheet/IteratorTest.php
vendored
Normal file
28
inc/vendor/phpoffice/phpspreadsheet/tests/PhpSpreadsheetTests/Worksheet/IteratorTest.php
vendored
Normal file
@ -0,0 +1,28 @@
|
||||
<?php
|
||||
|
||||
namespace PhpOffice\PhpSpreadsheetTests\Worksheet;
|
||||
|
||||
use PhpOffice\PhpSpreadsheet\Spreadsheet;
|
||||
use PhpOffice\PhpSpreadsheet\Worksheet\Iterator;
|
||||
use PhpOffice\PhpSpreadsheet\Worksheet\Worksheet;
|
||||
use PHPUnit\Framework\TestCase;
|
||||
|
||||
class IteratorTest extends TestCase
|
||||
{
|
||||
public function testIteratorFullRange()
|
||||
{
|
||||
$spreadsheet = new Spreadsheet();
|
||||
$spreadsheet->createSheet();
|
||||
$spreadsheet->createSheet();
|
||||
|
||||
$iterator = new Iterator($spreadsheet);
|
||||
$columnIndexResult = 0;
|
||||
self::assertEquals($columnIndexResult, $iterator->key());
|
||||
|
||||
foreach ($iterator as $key => $column) {
|
||||
self::assertEquals($columnIndexResult++, $key);
|
||||
self::assertInstanceOf(Worksheet::class, $column);
|
||||
}
|
||||
self::assertSame(3, $columnIndexResult);
|
||||
}
|
||||
}
|
@ -80,9 +80,8 @@ class RowCellIteratorTest extends TestCase
|
||||
|
||||
public function testPrevOutOfRange()
|
||||
{
|
||||
$this->expectException(\PhpOffice\PhpSpreadsheet\Exception::class);
|
||||
|
||||
$iterator = new RowCellIterator($this->mockWorksheet, 2, 'B', 'D');
|
||||
$iterator->prev();
|
||||
self::assertFalse($iterator->valid());
|
||||
}
|
||||
}
|
||||
|
@ -75,9 +75,8 @@ class RowIteratorTest extends TestCase
|
||||
|
||||
public function testPrevOutOfRange()
|
||||
{
|
||||
$this->expectException(\PhpOffice\PhpSpreadsheet\Exception::class);
|
||||
|
||||
$iterator = new RowIterator($this->mockWorksheet, 2, 4);
|
||||
$iterator->prev();
|
||||
self::assertFalse($iterator->valid());
|
||||
}
|
||||
}
|
||||
|
@ -186,4 +186,24 @@ return [
|
||||
-1234567.8899999999,
|
||||
'0000:00.00',
|
||||
],
|
||||
[
|
||||
'18.952',
|
||||
18.952,
|
||||
'[$-409]General',
|
||||
],
|
||||
[
|
||||
'9.98',
|
||||
9.98,
|
||||
'[$-409]#,##0.00;-#,##0.00',
|
||||
],
|
||||
[
|
||||
'18.952',
|
||||
18.952,
|
||||
'[$-1010409]General',
|
||||
],
|
||||
[
|
||||
'9.98',
|
||||
9.98,
|
||||
'[$-1010409]#,##0.00;-#,##0.00',
|
||||
],
|
||||
];
|
||||
|
@ -62,4 +62,14 @@ return [
|
||||
43270.603472222,
|
||||
'hh:mm:ss\ AM/PM',
|
||||
],
|
||||
[
|
||||
'8/20/2018',
|
||||
43332,
|
||||
'[$-409]m/d/yyyy',
|
||||
],
|
||||
[
|
||||
'8/20/2018',
|
||||
43332,
|
||||
'[$-1010409]m/d/yyyy',
|
||||
],
|
||||
];
|
||||
|
11
inc/vendor/tecnickcom/tcpdf/CHANGELOG.TXT
vendored
11
inc/vendor/tecnickcom/tcpdf/CHANGELOG.TXT
vendored
@ -1,4 +1,13 @@
|
||||
6.2.20
|
||||
6.2.25
|
||||
- Fix support for image URLs.
|
||||
|
||||
6.2.24
|
||||
- Support remote urls when checking if file exists.
|
||||
|
||||
6.2.23
|
||||
- Simplify file_exists function.
|
||||
|
||||
6.2.22
|
||||
- Fix for security vulnerability: Using the phar:// wrapper it was possible to trigger the unserialization of user provided data.
|
||||
|
||||
6.2.19
|
||||
|
2
inc/vendor/tecnickcom/tcpdf/composer.json
vendored
2
inc/vendor/tecnickcom/tcpdf/composer.json
vendored
@ -1,6 +1,6 @@
|
||||
{
|
||||
"name": "tecnickcom/tcpdf",
|
||||
"version": "6.2.22",
|
||||
"version": "6.2.26",
|
||||
"homepage": "http://www.tcpdf.org/",
|
||||
"type": "library",
|
||||
"description": "TCPDF is a PHP class for generating PDF documents and barcodes.",
|
||||
|
BIN
inc/vendor/tecnickcom/tcpdf/include/sRGB.icc
vendored
BIN
inc/vendor/tecnickcom/tcpdf/include/sRGB.icc
vendored
Binary file not shown.
@ -2003,7 +2003,11 @@ class TCPDF_FONTS {
|
||||
$chars = str_split($str);
|
||||
$carr = array_map('ord', $chars);
|
||||
}
|
||||
if (is_array($currentfont['subsetchars']) && is_array($carr)) {
|
||||
$currentfont['subsetchars'] += array_fill_keys($carr, true);
|
||||
} else {
|
||||
$currentfont['subsetchars'] = array_merge($currentfont['subsetchars'], $carr);
|
||||
}
|
||||
return $carr;
|
||||
}
|
||||
|
||||
|
@ -55,7 +55,7 @@ class TCPDF_STATIC {
|
||||
* Current TCPDF version.
|
||||
* @private static
|
||||
*/
|
||||
private static $tcpdf_version = '6.2.22';
|
||||
private static $tcpdf_version = '6.2.26';
|
||||
|
||||
/**
|
||||
* String alias for total number of pages.
|
||||
@ -1821,6 +1821,31 @@ class TCPDF_STATIC {
|
||||
return fopen($filename, $mode);
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if the URL exist.
|
||||
* @param url (string) URL to check.
|
||||
* @return Returns TRUE if the URL exists; FALSE otherwise.
|
||||
* @public static
|
||||
*/
|
||||
public static function url_exists($url) {
|
||||
$crs = curl_init();
|
||||
curl_setopt($crs, CURLOPT_URL, $url);
|
||||
curl_setopt($crs, CURLOPT_NOBODY, true);
|
||||
curl_setopt($crs, CURLOPT_FAILONERROR, true);
|
||||
if ((ini_get('open_basedir') == '') && (!ini_get('safe_mode'))) {
|
||||
curl_setopt($crs, CURLOPT_FOLLOWLOCATION, true);
|
||||
}
|
||||
curl_setopt($crs, CURLOPT_CONNECTTIMEOUT, 5);
|
||||
curl_setopt($crs, CURLOPT_TIMEOUT, 30);
|
||||
curl_setopt($crs, CURLOPT_SSL_VERIFYPEER, false);
|
||||
curl_setopt($crs, CURLOPT_SSL_VERIFYHOST, false);
|
||||
curl_setopt($crs, CURLOPT_USERAGENT, 'tc-lib-file');
|
||||
curl_exec($crs);
|
||||
$code = curl_getinfo($crs, CURLINFO_HTTP_CODE);
|
||||
curl_close($crs);
|
||||
return ($code == 200);
|
||||
}
|
||||
|
||||
/**
|
||||
* Wrapper for file_exists.
|
||||
* Checks whether a file or directory exists.
|
||||
@ -1830,20 +1855,11 @@ class TCPDF_STATIC {
|
||||
* @public static
|
||||
*/
|
||||
public static function file_exists($filename) {
|
||||
if (strpos($filename, '://') > 0) {
|
||||
$wrappers = stream_get_wrappers();
|
||||
foreach ($wrappers as $wrapper) {
|
||||
if (($wrapper === 'http') || ($wrapper === 'https')) {
|
||||
continue;
|
||||
if (preg_match('|^https?://|', $filename) == 1) {
|
||||
return self::url_exists($filename);
|
||||
}
|
||||
if (stripos($filename, $wrapper.'://') === 0) {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
}
|
||||
if (!@file_exists($filename)) {
|
||||
// try to encode spaces on filename
|
||||
$filename = str_replace(' ', '%20', $filename);
|
||||
if (strpos($filename, '://')) {
|
||||
return false; // only support http and https wrappers for security reasons
|
||||
}
|
||||
return @file_exists($filename);
|
||||
}
|
||||
|
56
inc/vendor/tecnickcom/tcpdf/tcpdf.php
vendored
56
inc/vendor/tecnickcom/tcpdf/tcpdf.php
vendored
@ -1,7 +1,7 @@
|
||||
<?php
|
||||
//============================================================+
|
||||
// File name : tcpdf.php
|
||||
// Version : 6.2.22
|
||||
// Version : 6.2.26
|
||||
// Begin : 2002-08-03
|
||||
// Last Update : 2018-09-14
|
||||
// Author : Nicola Asuni - Tecnick.com LTD - www.tecnick.com - info@tecnick.com
|
||||
@ -104,7 +104,7 @@
|
||||
* Tools to encode your unicode fonts are on fonts/utils directory.</p>
|
||||
* @package com.tecnick.tcpdf
|
||||
* @author Nicola Asuni
|
||||
* @version 6.2.22
|
||||
* @version 6.2.26
|
||||
*/
|
||||
|
||||
// TCPDF configuration
|
||||
@ -128,7 +128,7 @@ require_once(dirname(__FILE__).'/include/tcpdf_static.php');
|
||||
* TCPDF project (http://www.tcpdf.org) has been originally derived in 2002 from the Public Domain FPDF class by Olivier Plathey (http://www.fpdf.org), but now is almost entirely rewritten.<br>
|
||||
* @package com.tecnick.tcpdf
|
||||
* @brief PHP class for generating PDF documents without requiring external extensions.
|
||||
* @version 6.2.22
|
||||
* @version 6.2.26
|
||||
* @author Nicola Asuni - info@tecnick.com
|
||||
* @IgnoreAnnotation("protected")
|
||||
* @IgnoreAnnotation("public")
|
||||
@ -5769,10 +5769,9 @@ class TCPDF {
|
||||
$this->resetLastH();
|
||||
}
|
||||
if (!TCPDF_STATIC::empty_string($y)) {
|
||||
$this->SetY($y);
|
||||
} else {
|
||||
$y = $this->GetY();
|
||||
$this->SetY($y); // set y in order to convert negative y values to positive ones
|
||||
}
|
||||
$y = $this->GetY();
|
||||
$resth = 0;
|
||||
if (($h > 0) AND $this->inPageBody() AND (($y + $h + $mc_margin['T'] + $mc_margin['B']) > $this->PageBreakTrigger)) {
|
||||
// spit cell in more pages/columns
|
||||
@ -9648,7 +9647,7 @@ class TCPDF {
|
||||
protected function _putcatalog() {
|
||||
// put XMP
|
||||
$xmpobj = $this->_putXMP();
|
||||
// if required, add standard sRGB_IEC61966-2.1 blackscaled ICC colour profile
|
||||
// if required, add standard sRGB ICC colour profile
|
||||
if ($this->pdfa_mode OR $this->force_srgb) {
|
||||
$iccobj = $this->_newobj();
|
||||
$icc = file_get_contents(dirname(__FILE__).'/include/sRGB.icc');
|
||||
@ -18818,14 +18817,37 @@ Putting 1 is equivalent to putting 0 and calling Ln() just after. Default value:
|
||||
break;
|
||||
}
|
||||
case 'img': {
|
||||
if (!empty($tag['attribute']['src'])) {
|
||||
if ($tag['attribute']['src'][0] === '@') {
|
||||
if (empty($tag['attribute']['src'])) {
|
||||
break;
|
||||
}
|
||||
$imgsrc = $tag['attribute']['src'];
|
||||
if ($imgsrc[0] === '@') {
|
||||
// data stream
|
||||
$tag['attribute']['src'] = '@'.base64_decode(substr($tag['attribute']['src'], 1));
|
||||
$imgsrc = '@'.base64_decode(substr($imgsrc, 1));
|
||||
$type = '';
|
||||
} else {
|
||||
if (($imgsrc[0] === '/') AND !empty($_SERVER['DOCUMENT_ROOT']) AND ($_SERVER['DOCUMENT_ROOT'] != '/')) {
|
||||
// fix image path
|
||||
$findroot = strpos($imgsrc, $_SERVER['DOCUMENT_ROOT']);
|
||||
if (($findroot === false) OR ($findroot > 1)) {
|
||||
if (substr($_SERVER['DOCUMENT_ROOT'], -1) == '/') {
|
||||
$imgsrc = substr($_SERVER['DOCUMENT_ROOT'], 0, -1).$imgsrc;
|
||||
} else {
|
||||
$imgsrc = $_SERVER['DOCUMENT_ROOT'].$imgsrc;
|
||||
}
|
||||
}
|
||||
$imgsrc = urldecode($imgsrc);
|
||||
$testscrtype = @parse_url($imgsrc);
|
||||
if (empty($testscrtype['query'])) {
|
||||
// convert URL to server path
|
||||
$imgsrc = str_replace(K_PATH_URL, K_PATH_MAIN, $imgsrc);
|
||||
} elseif (preg_match('|^https?://|', $imgsrc) !== 1) {
|
||||
// convert URL to server path
|
||||
$imgsrc = str_replace(K_PATH_MAIN, K_PATH_URL, $imgsrc);
|
||||
}
|
||||
}
|
||||
// get image type
|
||||
$type = TCPDF_IMAGES::getImageFileType($tag['attribute']['src']);
|
||||
$type = TCPDF_IMAGES::getImageFileType($imgsrc);
|
||||
}
|
||||
if (!isset($tag['width'])) {
|
||||
$tag['width'] = 0;
|
||||
@ -18893,11 +18915,11 @@ Putting 1 is equivalent to putting 0 and calling Ln() just after. Default value:
|
||||
$ih = $this->getHTMLUnitToUnits($tag['height'], ($tag['fontsize'] / $this->k), 'px', false);
|
||||
}
|
||||
if (($type == 'eps') OR ($type == 'ai')) {
|
||||
$this->ImageEps($tag['attribute']['src'], $xpos, $this->y, $iw, $ih, $imglink, true, $align, '', $border, true);
|
||||
$this->ImageEps($imgsrc, $xpos, $this->y, $iw, $ih, $imglink, true, $align, '', $border, true);
|
||||
} elseif ($type == 'svg') {
|
||||
$this->ImageSVG($tag['attribute']['src'], $xpos, $this->y, $iw, $ih, $imglink, $align, '', $border, true);
|
||||
$this->ImageSVG($imgsrc, $xpos, $this->y, $iw, $ih, $imglink, $align, '', $border, true);
|
||||
} else {
|
||||
$this->Image($tag['attribute']['src'], $xpos, $this->y, $iw, $ih, '', $imglink, $align, false, 300, '', false, false, $border, false, false, true);
|
||||
$this->Image($imgsrc, $xpos, $this->y, $iw, $ih, '', $imglink, $align, false, 300, '', false, false, $border, false, false, true);
|
||||
}
|
||||
switch($align) {
|
||||
case 'T': {
|
||||
@ -18913,7 +18935,6 @@ Putting 1 is equivalent to putting 0 and calling Ln() just after. Default value:
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
break;
|
||||
}
|
||||
case 'dl': {
|
||||
@ -24207,9 +24228,12 @@ Putting 1 is equivalent to putting 0 and calling Ln() just after. Default value:
|
||||
}
|
||||
$img = urldecode($img);
|
||||
$testscrtype = @parse_url($img);
|
||||
if (!isset($testscrtype['query']) OR empty($testscrtype['query'])) {
|
||||
if (empty($testscrtype['query'])) {
|
||||
// convert URL to server path
|
||||
$img = str_replace(K_PATH_URL, K_PATH_MAIN, $img);
|
||||
} elseif (preg_match('|^https?://|', $img) !== 1) {
|
||||
// convert server path to URL
|
||||
$img = str_replace(K_PATH_MAIN, K_PATH_URL, $img);
|
||||
}
|
||||
}
|
||||
// get image type
|
||||
|
@ -178,7 +178,7 @@ class scan_xml_parser
|
||||
/**
|
||||
* The previous stack element
|
||||
*
|
||||
* @var unknown
|
||||
* @var string
|
||||
*/
|
||||
var $previous = null;
|
||||
|
||||
@ -192,9 +192,9 @@ class scan_xml_parser
|
||||
/**
|
||||
* Construct
|
||||
*
|
||||
* @param unknown $obj_in
|
||||
* @param unknown $ste_id_in
|
||||
* @param unknown $scan_fname
|
||||
* @param mixed $obj_in
|
||||
* @param int $ste_id_in
|
||||
* @param string $scan_fname
|
||||
*/
|
||||
function __construct($obj_in, $ste_id_in, $scan_fname)
|
||||
{
|
||||
|
101
install-dev.bat
Normal file
101
install-dev.bat
Normal file
@ -0,0 +1,101 @@
|
||||
@echo off
|
||||
|
||||
REM File: install-dev.bat
|
||||
REM Author: Ryan Prather, Jeff Odegard
|
||||
REM Purpose: Windows / XAMPP Installation Script
|
||||
REM Created: Jan 5, 2015
|
||||
|
||||
REM Portions Copyright 2016-2019: Cyber Perspective, All rights reserved
|
||||
REM Released under the Apache v2.0 License
|
||||
|
||||
REM Portions Copyright (c) 2012-2015, Salient Federal Solutions
|
||||
REM Portions Copyright (c) 2008-2011, Science Applications International Corporation (SAIC)
|
||||
REM Released under Modified BSD License
|
||||
|
||||
REM See license.txt for details
|
||||
|
||||
REM Change Log:
|
||||
REM - Jan 5, 2015 - File created
|
||||
REM - Sep 1, 2016 - Copyright updated, added comments and file header
|
||||
REM - Oct 7, 2016 - Copying Windows / XAMPP config.xml
|
||||
REM - Nov 14, 2016 - Converted xcopy for config file to copy
|
||||
REM - Nov 18, 2016 - Changed file moves to copies, removed deleting existing *.cgi & *.pl script in the CGI_PATH and deleting CONF folder
|
||||
REM - Dec 12, 2016 - Removed pthreads library because it is no longer needed.
|
||||
REM Rename existing Apache, MySQL/mariaDB, and PHP config files to .old before copying hardened files.
|
||||
REM - Dec 13, 2016 - Fixed syntax of the rename command
|
||||
REM - Dec 19, 2016 - Fixed copy syntax for config.xml file
|
||||
REM - Jan 30, 2017 - Fixed error with copy of config-xampp-win.xml to config.xml where it required full path
|
||||
REM - Apr 5, 2017 - Added mkdir for \xampp\php\logs directory (not included when installed)
|
||||
REM - Jun 27, 2017 - Removed copy cgi-bin contents
|
||||
REM - Sep 19, 2018 - Deleting unnecessary C:\xampp\htdocs folder.
|
||||
REM - Oct 3, 2018 - Redirected deletion of htdocs folder to nul
|
||||
REM - Nov 27, 2018 - Added php-dev.ini to conf folder and added prompts to allow for development installation
|
||||
REM - Jan 10, 2019 - broke out the dev installation from install.bat and streamlined the installation process.
|
||||
|
||||
@echo The Sagacity dev configuration installs and enables php xdebug used for troubleshooting and development work.
|
||||
echo.
|
||||
@echo NOTE: The dev configuration will *noticably* impact Sagacity's performance.
|
||||
@echo *** For a production environment, please use install.bat instead! ***
|
||||
@echo.
|
||||
|
||||
@echo For your dev installation we also recommend installing QCacheGrindWin from
|
||||
@echo.
|
||||
@echo https://sourceforge.net/projects/qcachegrindwin/
|
||||
@echo.
|
||||
|
||||
set /p dev="Do you want to install the dev configuration? (y/N) "
|
||||
set result=0
|
||||
if "%dev%"=="Y" (set result=1)
|
||||
if "%dev%"=="y" (set result=1)
|
||||
if "%dev%"=="Yes" (set result=1)
|
||||
if "%dev%"=="YES" (set result=1)
|
||||
if "%dev%"=="yes" (set result=1)
|
||||
|
||||
if "%result%"=="0" (
|
||||
@echo Dev installation aborted.
|
||||
@echo Please use install.bat for a production installation.
|
||||
exit
|
||||
)
|
||||
|
||||
@echo - Create PHP log folder
|
||||
mkdir c:\xampp\php\logs
|
||||
|
||||
@echo - Copy Apache, MySQL/mariaDB, and PHP configuration files
|
||||
@echo - Renaming the original config files to *.old.
|
||||
|
||||
rename c:\xampp\mysql\bin\my.ini my.ini.old
|
||||
copy c:\xampp\www\conf\my.ini c:\xampp\mysql\bin\
|
||||
|
||||
@echo - Installing MySQL service
|
||||
c:\xampp\mysql\bin\mysqld --install mysql --defaults-file="c:\xampp\mysql\bin\my.ini"
|
||||
net start mysql
|
||||
|
||||
rename c:\xampp\apache\conf\httpd.conf httpd.conf.old
|
||||
copy c:\xampp\www\conf\httpd.conf c:\xampp\apache\conf
|
||||
rename c:\xampp\apache\conf\extra\httpd-ssl.conf httpd-ssl.conf.old
|
||||
copy c:\xampp\www\conf\httpd-ssl.conf c:\xampp\apache\conf\extra
|
||||
rename c:\xampp\apache\conf\extra\httpd-xampp.conf httpd-xampp.conf.old
|
||||
copy c:\xampp\www\conf\httpd-xampp.conf c:\xampp\apache\conf\extra
|
||||
rename c:\xampp\php\php.ini php.ini.old
|
||||
|
||||
copy c:\xampp\www\conf\php-dev.ini c:\xampp\php\php.ini
|
||||
copy c:\xampp\www\conf\php_xdebug-2.6.0-7.2-vc15.dll c:\xampp\php\ext\php_xdebug-2.6.0-7.2-vc15.dll
|
||||
|
||||
@echo - Deleting unnecessary C:\xampp\htdocs folder.
|
||||
del /F /S /Q c:\xampp\htdocs 1>nul
|
||||
|
||||
@echo - Installing Apache service
|
||||
c:\xampp\apache\bin\httpd -k install
|
||||
net start apache2.4
|
||||
|
||||
@echo.
|
||||
@echo Thank you for installing Sagacity. We want to know what you think!
|
||||
@echo Please contact us at https://www.cyberperspectives.com/contact_us
|
||||
@echo.
|
||||
@echo If you like this tool, please tell a friend or co-worker!
|
||||
@echo.
|
||||
|
||||
set /p browser="Press enter to continue setup with http://localhost/setup.php"
|
||||
|
||||
start http://localhost
|
||||
|
39
install.bat
39
install.bat
@ -5,7 +5,7 @@
|
||||
REM Purpose: Windows / XAMPP Installation Script
|
||||
REM Created: Jan 5, 2015
|
||||
|
||||
REM Portions Copyright 2016: Cyber Perspective, All rights reserved
|
||||
REM Portions Copyright 2016-2019: Cyber Perspectives, LLC, All rights reserved
|
||||
REM Released under the Apache v2.0 License
|
||||
|
||||
REM Portions Copyright (c) 2012-2015, Salient Federal Solutions
|
||||
@ -29,15 +29,21 @@
|
||||
REM - Jun 27, 2017 - Removed copy cgi-bin contents
|
||||
REM - Sep 19, 2018 - Deleting unnecessary C:\xampp\htdocs folder.
|
||||
REM - Oct 3, 2018 - Redirected deletion of htdocs folder to nul
|
||||
REM - Nov 27, 2018 - Added php-dev.ini to conf folder and added prompts to allow for development installation
|
||||
REM - Jan 10, 2019 - Separated the dev installation out into a separate script and streamlined the installation process.
|
||||
|
||||
REM To install the php xdebug development tools, use install-dev.bat
|
||||
|
||||
@echo - Create PHP log folder
|
||||
mkdir c:\xampp\php\logs
|
||||
|
||||
echo This is now going to copy configuration files for Apache, MySQL/mariaDB, and PHP after renaming the files to *.old.
|
||||
@echo - Copy Apache, MySQL/mariaDB, and PHP configuration files
|
||||
@echo - Renaming the original config files to *.old.
|
||||
|
||||
rename c:\xampp\mysql\bin\my.ini my.ini.old
|
||||
copy c:\xampp\www\conf\my.ini c:\xampp\mysql\bin\
|
||||
|
||||
@echo Installing MySQL service
|
||||
@echo - Installing MySQL service
|
||||
c:\xampp\mysql\bin\mysqld --install mysql --defaults-file="c:\xampp\mysql\bin\my.ini"
|
||||
net start mysql
|
||||
|
||||
@ -49,28 +55,23 @@ rename c:\xampp\apache\conf\extra\httpd-xampp.conf httpd-xampp.conf.old
|
||||
copy c:\xampp\www\conf\httpd-xampp.conf c:\xampp\apache\conf\extra
|
||||
rename c:\xampp\php\php.ini php.ini.old
|
||||
copy c:\xampp\www\conf\php.ini c:\xampp\php
|
||||
del c:\xampp\www\conf\php_xdebug-2.6.0-7.2-vc15.dll 1>nul
|
||||
|
||||
echo Deleting unnecessary C:\xampp\htdocs folder.
|
||||
@echo - Deleting unnecessary C:\xampp\htdocs folder.
|
||||
del /F /S /Q c:\xampp\htdocs 1>nul
|
||||
|
||||
@echo Installing Apache service
|
||||
@echo - Installing Apache service
|
||||
c:\xampp\apache\bin\httpd -k install
|
||||
net start apache2.4
|
||||
|
||||
echo Thank you for installing Sagacity. We want to know what you think!
|
||||
echo Please contact us at https://www.cyberperspectives.com/contact_us
|
||||
echo.
|
||||
echo If you like this tool, please tell a friend or co-worker!
|
||||
echo.
|
||||
set /p browser="Continue setup with http://localhost/setup.php? (Y/n) "
|
||||
@echo.
|
||||
@echo Thank you for installing Sagacity. We want to know what you think!
|
||||
@echo Please contact us at https://www.cyberperspectives.com/contact_us
|
||||
@echo.
|
||||
@echo If you like this tool, please tell a friend or co-worker!
|
||||
@echo.
|
||||
|
||||
set result=1
|
||||
if "%browser%"=="N" (set result=0)
|
||||
if "%browser%"=="n" (set result=0)
|
||||
if "%browser%"=="no" (set result=0)
|
||||
if "%browser%"=="No" (set result=0)
|
||||
if "%browser%"=="NO" (set result=0)
|
||||
set /p foo="Press enter to continue setup."
|
||||
|
||||
if "%result%"=="1" (
|
||||
start http://localhost
|
||||
)
|
||||
|
||||
|
@ -55,9 +55,6 @@ set_time_limit(120);
|
||||
|
||||
$db = new db();
|
||||
|
||||
$sources = $db->get_Sources();
|
||||
$task_status = $db->get_Task_Statuses();
|
||||
|
||||
$ste_id = filter_input(INPUT_POST, 'ste', FILTER_VALIDATE_INT);
|
||||
if (! $ste_id) {
|
||||
$ste_id = filter_input(INPUT_COOKIE, 'ste', FILTER_VALIDATE_INT);
|
||||
@ -68,14 +65,11 @@ $scans = [];
|
||||
|
||||
if ($type != 'all' && $status != 'all') {
|
||||
$scans = $db->get_ScanData($ste_id, null, $status, $type);
|
||||
}
|
||||
elseif ($type != 'all') {
|
||||
} elseif ($type != 'all') {
|
||||
$scans = $db->get_ScanData($ste_id, null, null, $type);
|
||||
}
|
||||
elseif ($status != 'all') {
|
||||
} elseif ($status != 'all') {
|
||||
$scans = $db->get_ScanData($ste_id, null, $status);
|
||||
}
|
||||
elseif (isset($ste_id)) {
|
||||
} elseif (isset($ste_id)) {
|
||||
$scans = $db->get_ScanData($ste_id);
|
||||
}
|
||||
|
||||
@ -111,12 +105,14 @@ $stes = $db->get_STE();
|
||||
outline: 0;
|
||||
white-space: nowrap;
|
||||
background: #A4C1DD;
|
||||
box-shadow: inset 0px 0px 0px 1px #192364, 0px 2px 3px 0px rgba(0, 0, 0, 0.25);
|
||||
box-shadow: inset 0px 0px 0px 1px #192364, 0px 2px 3px 0px
|
||||
rgba(0, 0, 0, 0.25);
|
||||
border: solid 1px #102D5F;
|
||||
border-radius: 6px;
|
||||
background-image: -moz-linear-gradient(top, #A4C1DD, #1D57A0);
|
||||
background-image: -webkit-linear-gradient(top, #A4C1DD, #1D57A0);
|
||||
background-image: -webkit-gradient(linear, 0% 0%, 0% 100%, from(#A4C1DD), to(#1D57A0));
|
||||
background-image: -webkit-gradient(linear, 0% 0%, 0% 100%, from(#A4C1DD),
|
||||
to(#1D57A0));
|
||||
background-image: -ms-linear-gradient(top, #A4C1DD, #1D57A0);
|
||||
background-image: -o-linear-gradient(top, #A4C1DD, #1D57A0);
|
||||
background-image: linear-gradient(top, #A4C1DD, #1D57A0);
|
||||
@ -132,12 +128,14 @@ $stes = $db->get_STE();
|
||||
/* Button mouseover Activity for scan table */
|
||||
.mouseover-scan {
|
||||
background: #E55234;
|
||||
box-shadow: inset 0px 0px 0px 1px #F5AC97, 0px 2px 3px 0px rgba(0, 0, 0, 0.25);
|
||||
box-shadow: inset 0px 0px 0px 1px #F5AC97, 0px 2px 3px 0px
|
||||
rgba(0, 0, 0, 0.25);
|
||||
border: solid 1px #B72204;
|
||||
border-radius: 6px;
|
||||
background-image: -moz-linear-gradient(top, #B41D08, #EB6541);
|
||||
background-image: -webkit-linear-gradient(top, #B41D08, #EB6541);
|
||||
background-image: -webkit-gradient(linear, 0% 0%, 0% 100%, from(#B41D08), to(#EB6541));
|
||||
background-image: -webkit-gradient(linear, 0% 0%, 0% 100%, from(#B41D08),
|
||||
to(#EB6541));
|
||||
background-image: -ms-linear-gradient(top, #B41D08, #EB6541);
|
||||
background-image: -o-linear-gradient(top, #B41D08, #EB6541);
|
||||
background-image: linear-gradient(top, #B41D08, #EB6541);
|
||||
@ -156,6 +154,7 @@ $stes = $db->get_STE();
|
||||
<script type='text/javascript'>
|
||||
var to;
|
||||
var table;
|
||||
var button;
|
||||
<?php if (NOTIFICATIONS && file_exists("complete.mp3")) { ?>
|
||||
var audio = new Audio("complete.mp3");
|
||||
<?php } ?>
|
||||
@ -211,16 +210,19 @@ $stes = $db->get_STE();
|
||||
for (var x in data.results) {
|
||||
var kill = '';
|
||||
var scan_id = data.results[x].scan_id;
|
||||
if ($('#id-' + scan_id).length) {
|
||||
var cur_status = table.cell(table.rows('#id-' + scan_id), 5).data();
|
||||
table.cell(table.rows('#id-' + scan_id), 4).data(data.results[x].run_time);
|
||||
table.cell(table.rows('#id-' + scan_id), 5).data(data.results[x].status);
|
||||
table.cell(table.rows('#id-' + scan_id), 6).data("<progress min='0' max='100' value='" + data.results[x].perc_comp + "' title='" + data.results[x].perc_comp + "%'></progress><span>" + data.results[x].perc_comp + "</span>");
|
||||
var row = table.row('#id-' + scan_id);
|
||||
if(row.length) {
|
||||
var idx = row.index();
|
||||
tmp = row.data();
|
||||
var cur_status = tmp[5];
|
||||
tmp[4] = data.results[x].run_time;
|
||||
tmp[5] = data.results[x].status;
|
||||
tmp[6] = "<progress min='0' max='100' value='" + data.results[x].perc_comp + "' title='" + data.results[x].perc_comp + "%'></progress><span>" + data.results[x].perc_comp + "</span>";
|
||||
kill = $('#action-' + scan_id + ' .kill');
|
||||
if (data.results[x].status === 'RUNNING' && !kill.length) {
|
||||
$('#action-' + scan_id).append("<a class='kill-link' href='kill.php?ste=<?php print $ste_id; ?>&id=" + scan_id + "&pid=" + data.results[x].pid + "' target='_blank'>" +
|
||||
tmp[7] += "<a class='kill-link' href='kill.php?ste=<?php print $ste_id; ?>&id=" + scan_id + "&pid=" + data.results[x].pid + "' target='_blank'>" +
|
||||
"<img class='kill checklist_image' src='/img/X.png' style='vertical-align:middle;' title='Kill' />" +
|
||||
"</a>");
|
||||
"</a>";
|
||||
}
|
||||
else if (cur_status === 'RUNNING' && data.results[x].status === 'COMPLETE') {
|
||||
$('#action-' + scan_id + '.kill-link').remove();
|
||||
@ -228,6 +230,7 @@ $stes = $db->get_STE();
|
||||
audio.play();
|
||||
<?php } ?>
|
||||
}
|
||||
table.row(idx).invalidate(tmp).draw(false);
|
||||
}
|
||||
else {
|
||||
if ($('#status').val() && $('#type').val()) {
|
||||
@ -266,25 +269,23 @@ $stes = $db->get_STE();
|
||||
row.append("<td class='dt-body-center' id='action-" + scan_id + "'>" +
|
||||
(data.results[x].error ? "<img src='/img/error.png' class='checklist_image' onclick='javascript:List_host(" + scan_id + ");' />" : "") +
|
||||
"<a href='javascript:void(0);' title='Host Listing' onclick='javascript:List_host(" + scan_id + ");'><img src='/img/options.png' class='checklist_image' /></a> " +
|
||||
"<form method='post' action='index.php' onsubmit='return del_scan(this);' style='display:inline;'>" +
|
||||
"<input type='hidden' name='ste' value='<?php print $ste_id ?>' />" +
|
||||
"<input type='hidden' name='delete_scan' value='" + scan_id + "' />" +
|
||||
"<input type='hidden' name='delete_targets' value='0' />" +
|
||||
"<input type='image' class='checklist_image' src='/img/delete.png' border='0' alt='Delete' />" +
|
||||
"</form>" + kill
|
||||
"<img src='/img/delete.png' class='checklist_image' " +
|
||||
"onclick='scan_id=" + scan_id + ";del_scan($(this));' " +
|
||||
"title='Delete a scan file' />"
|
||||
+ kill
|
||||
);
|
||||
table.row.add(row[0]);
|
||||
}
|
||||
}
|
||||
|
||||
table.order(table.order()[0]).draw();
|
||||
table.order(table.order()[0]).draw(false);
|
||||
$('.button-delete,.button-list').mouseover(function () {
|
||||
$(this).addClass('mouseover-scan');
|
||||
});
|
||||
$('.button-delete,.button-list').mouseout(function () {
|
||||
$(this).removeClass('mouseover-scan');
|
||||
});
|
||||
if ($('#toggle_refresh').val() === 'Stop Refresh') {
|
||||
if ($('#toggle_refresh').val() === 'Stop Refresh' && (!$('#delete-target-confirm').dialog('isOpen') || !$('#delete-scan-confirm').dialog('isOpen'))) {
|
||||
to = setTimeout(update_script_status, <?php print UPDATE_FREQ * 1000; ?>);
|
||||
}
|
||||
},
|
||||
@ -296,8 +297,7 @@ $stes = $db->get_STE();
|
||||
dataType: 'json',
|
||||
//timeout: 5000,
|
||||
method: 'post'
|
||||
}
|
||||
);
|
||||
});
|
||||
}
|
||||
/**
|
||||
*
|
||||
@ -348,9 +348,11 @@ $stes = $db->get_STE();
|
||||
</div>
|
||||
<div id="importBtn">
|
||||
<!-- Results tab Import Button -->
|
||||
<input type='button' class="button" value='Stop Refresh'
|
||||
id="toggle_refresh" onclick="javascript:toggle_refresh();" />
|
||||
<input type='button' class='button' value='Import'
|
||||
<input type='button' class="button"
|
||||
value='Stop Refresh' id="toggle_refresh"
|
||||
onclick="javascript:toggle_refresh();" />
|
||||
<input type='button' class='button'
|
||||
value='Import'
|
||||
onclick="javascript:add_import();" />
|
||||
</div>
|
||||
</div>
|
||||
@ -358,7 +360,8 @@ $stes = $db->get_STE();
|
||||
</div>
|
||||
|
||||
<div style='margin: 20px auto auto auto; width: 1200px;'>
|
||||
<table id="results-table" class='display compact hover' data-order='[[ 3, "desc" ]]' data-page-length='25'>
|
||||
<table id="results-table" class='display compact hover'
|
||||
data-page-length='25'>
|
||||
<thead>
|
||||
<tr>
|
||||
<th style='width: 325px;'>Name</th>
|
||||
@ -393,8 +396,11 @@ $stes = $db->get_STE();
|
||||
</th>
|
||||
<th>% Comp</th>
|
||||
<th>Action
|
||||
<a href="kill.php?pid=*&ste=<?php print (isset($ste_id) ? $ste_id : '0'); ?>" target='_new'>
|
||||
<img src='/img/X.png' class='checklist_image' style='vertical-align:middle;' title='Kill and Remove All' />
|
||||
<a href="kill.php?pid=*&ste=<?php print (isset($ste_id) ? $ste_id : '0'); ?>"
|
||||
target='_new'>
|
||||
<img src='/img/X.png' class='checklist_image'
|
||||
style='vertical-align: middle;'
|
||||
title='Kill and Remove All' />
|
||||
</a>
|
||||
</th>
|
||||
</tr>
|
||||
@ -410,28 +416,37 @@ $stes = $db->get_STE();
|
||||
<td title='<?php print $scan->get_Notes(); ?>'><?php print $scan->get_File_Name(); ?></td>
|
||||
<td><?php print $scan->get_File_DateTime()->format("Y-m-d"); ?></td>
|
||||
<td class='dt-body-center'>
|
||||
<img class='scan_type' src='/img/scan_types/<?php print $scan->get_Source()->get_Icon(); ?>' title='<?php print $scan->get_Source()->get_Name(); ?>' /><br />
|
||||
<img class='scan_type' src='/img/scan_types/<?php print $scan->get_Source()->get_Icon(); ?>'
|
||||
title='<?php print $scan->get_Source()->get_Name(); ?>' /><br />
|
||||
<span><?php print $scan->get_Source()->get_Name(); ?></span>
|
||||
</td>
|
||||
<td><?php print $scan->get_Start_Time()->format("y-m-d H:i:s"); ?></td>
|
||||
<td><?php print (!is_null($diff) ? $diff->format("%H:%I:%S") : ""); ?></td>
|
||||
<td><?php print $scan->get_Status(); ?></td>
|
||||
<td>
|
||||
<progress min='0' max='100' value='<?php print $scan->get_Percentage_Complete(); ?>' title='<?php print $scan->get_Percentage_Complete(); ?>%'></progress>
|
||||
<progress min='0' max='100'
|
||||
value='<?php print $scan->get_Percentage_Complete(); ?>'
|
||||
title='<?php print $scan->get_Percentage_Complete(); ?>%'></progress>
|
||||
<span><?php print $scan->get_Percentage_Complete(); ?></span>
|
||||
</td>
|
||||
<td class='dt-body-center' id="action-<?php print $scan->get_ID(); ?>">
|
||||
<?php if ($scan->isScanError()) { ?>
|
||||
<img src='/img/error.png' class='checklist_image' onclick='javascript:List_host(<?php print $scan->get_ID(); ?>);' />
|
||||
<img src='/img/error.png' class='checklist_image'
|
||||
onclick='javascript:List_host(<?php print $scan->get_ID(); ?>);' />
|
||||
<?php } ?>
|
||||
<a href='javascript:void(0);' title='Host Listing' onclick='javascript:List_host(<?php print $scan->get_ID(); ?>);'>
|
||||
<img src='/img/options.png' class='checklist_image' title='See what hosts are on this target' />
|
||||
</a>
|
||||
|
||||
<img src='/img/delete.png' class='checklist_image' onclick='scan_id =<?php print $scan->get_ID(); ?>;del_scan();' title='Delete a scan file' />
|
||||
<a href='javascript:void(0);' title='Host Listing'
|
||||
onclick='javascript:List_host(<?php print $scan->get_ID(); ?>);'>
|
||||
<img src='/img/options.png' class='checklist_image'
|
||||
title='See what hosts are on this target' />
|
||||
</a>
|
||||
<img src='/img/delete.png' class='checklist_image'
|
||||
onclick='scan_id=<?php print $scan->get_ID(); ?>;del_scan($(this));'
|
||||
title='Delete a scan file' />
|
||||
<?php if ($scan->get_Status() == 'RUNNING') { ?>
|
||||
<a class='kill-link' href='kill.php?<?php print "ste={$ste_id}&id={$scan->get_ID()}&pid={$scan->get_PID()}"; ?>' target='_blank'>
|
||||
<img src='/img/X.png' class='kill checklist_image' style='vertical-align:middle;' title='Kill' />
|
||||
<a class='kill-link' target='_blank'
|
||||
href='kill.php?<?php print "ste={$ste_id}&id={$scan->get_ID()}&pid={$scan->get_PID()}"; ?>'>
|
||||
<img src='/img/X.png' class='kill checklist_image'
|
||||
style='vertical-align: middle;' title='Kill' />
|
||||
</a>
|
||||
<?php } ?>
|
||||
</td>
|
||||
@ -460,6 +475,18 @@ $stes = $db->get_STE();
|
||||
$(this).removeClass('mouseover-scan');
|
||||
});
|
||||
|
||||
$('#delete-target-confirm').on('dialogclose', function(e) {
|
||||
if ($('#toggle_refresh').val() === 'Stop Refresh' && !$('#delete-scan-confirm').dialog('isOpen')) {
|
||||
to = setTimeout(update_script_status, <?php print UPDATE_FREQ * 1000; ?>);
|
||||
}
|
||||
});
|
||||
|
||||
$('#delete-scan-confirm').on('dialogclose', function(e) {
|
||||
if ($('#toggle_refresh').val() === 'Stop Refresh') {
|
||||
to = setTimeout(update_script_status, <?php print UPDATE_FREQ * 1000; ?>);
|
||||
}
|
||||
});
|
||||
|
||||
$('#delete-target-confirm').dialog({
|
||||
autoOpen: false,
|
||||
resizable: false,
|
||||
@ -473,9 +500,13 @@ $stes = $db->get_STE();
|
||||
$(this).dialog('close');
|
||||
},
|
||||
'No': function () {
|
||||
delete_targets = false;
|
||||
$('#delete-scan-confirm').dialog('open');
|
||||
$(this).dialog('close');
|
||||
}
|
||||
},
|
||||
open: function() {
|
||||
$(this).parent().find('.ui-dialog-buttonpane button:eq(1)').focus();
|
||||
}
|
||||
});
|
||||
|
||||
@ -499,7 +530,7 @@ $stes = $db->get_STE();
|
||||
alert(data.error);
|
||||
}
|
||||
else if (data.success) {
|
||||
//alert(data.success);
|
||||
table.row($(button).closest('tr').index()).remove().draw();
|
||||
$('#id-' + scan_id).remove();
|
||||
}
|
||||
},
|
||||
@ -509,29 +540,47 @@ $stes = $db->get_STE();
|
||||
dataType: 'json',
|
||||
method: 'post'
|
||||
});
|
||||
if ($('#toggle_refresh').val() === 'Stop Refresh') {
|
||||
to = setTimeout(update_script_status, <?php print UPDATE_FREQ * 1000; ?>);
|
||||
}
|
||||
|
||||
$(this).dialog('close');
|
||||
},
|
||||
Cancel: function () {
|
||||
$(this).dialog('close');
|
||||
if ($('#toggle_refresh').val() === 'Stop Refresh') {
|
||||
to = setTimeout(update_script_status, <?php print UPDATE_FREQ * 1000; ?>);
|
||||
}
|
||||
}
|
||||
},
|
||||
open: function() {
|
||||
$(this).parent().find('.ui-dialog-buttonpane button:eq(1)').focus();
|
||||
}
|
||||
});
|
||||
});
|
||||
|
||||
function del_scan(pressed_button) {
|
||||
if ($('#toggle_refresh').val() == 'Stop Refresh') {
|
||||
clearTimeout(to);
|
||||
to = null;
|
||||
}
|
||||
button = pressed_button;
|
||||
$('#delete-target-confirm').dialog('open');
|
||||
}
|
||||
</script>
|
||||
|
||||
<div id='delete-target-confirm' title='Delete associated targets?'>
|
||||
<p><span class='ui-icon ui-icon-alert' style='float:left;margin:12px 12px 20px 0;'></span> Do you want to delete the associated targets?</p><br />
|
||||
<p>WARNING: This will delete ALL targets in this scan and all associated data even if it was imported from another scan. This action is irreversible</p>
|
||||
<p>
|
||||
<span class='ui-icon ui-icon-alert'
|
||||
style='float: left; margin: 12px 12px 20px 0;'></span> Do
|
||||
you want to delete the associated targets?
|
||||
</p>
|
||||
<br />
|
||||
<p>WARNING: This will delete ALL targets in this scan and all
|
||||
associated data even if it was imported from another scan. This
|
||||
action is irreversible</p>
|
||||
</div>
|
||||
|
||||
<div id='delete-scan-confirm' title='Delete this scan?'>
|
||||
<p><span class='ui-icon ui-icon-alert' style='float:left;margin:12px 12px 20px 0;'></span> Are you sure you want to delete this scan?</p>
|
||||
<p>
|
||||
<span class='ui-icon ui-icon-alert'
|
||||
style='float: left; margin: 12px 12px 20px 0;'></span> Are
|
||||
you sure you want to delete this scan?
|
||||
</p>
|
||||
</div>
|
||||
|
||||
<!-- code for list button -->
|
||||
|
@ -66,11 +66,3 @@ function add_import() {
|
||||
$('#import').css('display', 'block');
|
||||
view_box();
|
||||
}
|
||||
|
||||
function del_scan(form) {
|
||||
if ($('#toggle_refresh').val() == 'Stop Refresh') {
|
||||
clearTimeout(to);
|
||||
to = null;
|
||||
}
|
||||
$('#delete-target-confirm').dialog('open');
|
||||
}
|
||||
|
4
results/results_script.min.js
vendored
4
results/results_script.min.js
vendored
@ -1,2 +1,2 @@
|
||||
|
||||
$(function(){$(".close, .backdrop").click(function(){close_box()})});function List_host(a){$("#host_list_frame").attr("src","host_list_iframe.php?ste="+$("#ste").val()+"&scan_id="+a);$("#host_list_div").animate({opacity:"1.00"},300,"linear");$("#host_list_div").css("display","block");view_box()}function close_box(){$(".backdrop, .box").animate({opacity:"0"},300,"linear",function(){$(".backdrop, .box").css("display","none")});$(".dz-complete").remove();$(".dz-message").show()}function view_box(){$(".backdrop").animate({opacity:".5"},300,"linear");$(".backdrop").css("display","block")}function add_import(){if($("#ste").val()<1){alert("Please select an ST&E");return}$("#add_import").val($("#ste").val());$("#import").animate({opacity:"1.00"},300,"linear");$("#import").css("display","block");view_box()}function del_scan(a){if($("#toggle_refresh").val()=="Stop Refresh"){clearTimeout(to);to=null}$("#delete-target-confirm").dialog("open")};
|
||||
$(function(){$(".close, .backdrop").click(function(){close_box();});});function List_host(scan_id){$("#host_list_frame").attr("src","host_list_iframe.php?ste="+$("#ste").val()+"&scan_id="+scan_id);$("#host_list_div").animate({"opacity":"1.00"},300,"linear");$("#host_list_div").css("display","block");view_box();}function close_box(){$(".backdrop, .box").animate({"opacity":"0"},300,"linear",function(){$(".backdrop, .box").css("display","none");});$(".dz-complete").remove();$(".dz-message").show();}function view_box(){$(".backdrop").animate({"opacity":".5"},300,"linear");
|
||||
$(".backdrop").css("display","block");}function add_import(){if($("#ste").val()<1){alert("Please select an ST&E");return;}$("#add_import").val($("#ste").val());$("#import").animate({"opacity":"1.00"},300,"linear");$("#import").css("display","block");view_box();}
|
14
setup.php
14
setup.php
@ -70,14 +70,15 @@ EOO;
|
||||
$fail = true;
|
||||
}
|
||||
else {
|
||||
$algorithms = ["AES-256-CBC-HMAC-SHA256", "AES-256-CBC-HMAC-SHA1", "AES-256-CBC"];
|
||||
if (in_array($algorithms[0], openssl_get_cipher_methods())) {
|
||||
$algorithms = ["aes-256-cbc-hmac-sha256", "aec-256-cbc-hmac-sha1", "aes-256-cbc"];
|
||||
$ciphers = array_map('strtolower', openssl_get_cipher_methods());
|
||||
if (in_array($algorithms[0], $ciphers)) {
|
||||
$idx = 0;
|
||||
}
|
||||
elseif (in_array($algorithms[1], openssl_get_cipher_methods())) {
|
||||
elseif (in_array($algorithms[1], $ciphers)) {
|
||||
$idx = 1;
|
||||
}
|
||||
elseif (in_array($algorithms[2], openssl_get_cipher_methods())) {
|
||||
elseif (in_array($algorithms[2], $ciphers)) {
|
||||
$idx = 2;
|
||||
}
|
||||
else {
|
||||
@ -112,7 +113,7 @@ EOO;
|
||||
|
||||
if (!class_exists('ZipArchive')) {
|
||||
print <<<EOO
|
||||
The PHP ZipArchive moduel is not installed or enabled.<br />
|
||||
The PHP ZipArchive module is not installed or enabled.<br />
|
||||
Visit <a href='/?phpinfo=1'>PHPInfo</a> to double-check this.<br /><br />
|
||||
EOO;
|
||||
$fail = true;
|
||||
@ -127,7 +128,7 @@ EOO;
|
||||
}
|
||||
elseif (strtolower(substr(PHP_OS, 0, 3)) == 'win') {
|
||||
try {
|
||||
$com = new COM("WScript.Shell");
|
||||
new COM("WScript.Shell");
|
||||
}
|
||||
catch (Exception $e) {
|
||||
print <<<EOO
|
||||
@ -170,7 +171,6 @@ EOO;
|
||||
$fail = true;
|
||||
}
|
||||
|
||||
$match = [];
|
||||
$mem_limit = return_bytes(ini_get("memory_limit"));
|
||||
$gig = return_bytes('1G');
|
||||
if ($mem_limit < $gig) {
|
||||
|
@ -334,8 +334,6 @@ include_once 'header.inc';
|
||||
<li>Click the Save button</li>
|
||||
</ol>
|
||||
|
||||
<input type='button' name='update_bulk' value='Save' onclick='validate_bulk();' />
|
||||
|
||||
<table>
|
||||
<tbody>
|
||||
<tr>
|
||||
@ -415,7 +413,7 @@ include_once 'header.inc';
|
||||
</tr>
|
||||
<tr>
|
||||
<th title='Select to change' style='vertical-align:bottom;'>
|
||||
Checklists:<br />
|
||||
Checklists:<br /><span style='font-size: 10pt;'>(control + click to select multiple)</span><br />
|
||||
<input type='text' name='chk_filter' id='chk_filter' placeholder="Filter..." onkeyup="javascript:filter_checklists($('#hide_old').is(':checked'));" style='width:132px;' /><br />
|
||||
Remove Existing Checklists:
|
||||
<input type='checkbox' name='remove_existing' value='1' />
|
||||
@ -424,8 +422,9 @@ include_once 'header.inc';
|
||||
<select name='checklists[]' class='checklists' id="checklists" multiple='multiple'>
|
||||
<?php
|
||||
$all_chks = $db->get_Checklist();
|
||||
foreach ($all_chks as $key => $chk):print $chk->print_Option();
|
||||
endforeach;
|
||||
/** @var checklist $chk */
|
||||
foreach ($all_chks as $chk)
|
||||
print $chk->print_Option();
|
||||
?>
|
||||
</select>
|
||||
</td>
|
||||
@ -439,6 +438,8 @@ include_once 'header.inc';
|
||||
</tbody>
|
||||
</table>
|
||||
|
||||
<input type='button' name='update_bulk' value='Save' onclick='validate_bulk();' />
|
||||
|
||||
<table class=''>
|
||||
<thead>
|
||||
<tr>
|
||||
|
@ -29,6 +29,7 @@
|
||||
* fixed invalid function call to stringFromColumnIndex as it was moved to a different class and changed to 1-based instead of 0-based,
|
||||
* syntax updates, updated PDF writer to Tcpdf class, added die if constant ECHECKLIST_FORMAT is not set as expected
|
||||
* - Jan 15, 2018 - Formatting, updated use statements, not seeing behavior explained in #373
|
||||
* - Nov 8, 2018 - Minor change to OS listing and added add_cell_comment method to migrate scanner notes to a comment instead of the main note (separating the scanner and anaylst comments)
|
||||
*/
|
||||
include_once 'config.inc';
|
||||
include_once 'database.inc';
|
||||
@ -43,9 +44,12 @@ use PhpOffice\PhpSpreadsheet\Writer\Ods;
|
||||
use PhpOffice\PhpSpreadsheet\Writer\Csv;
|
||||
use PhpOffice\PhpSpreadsheet\Writer\Html;
|
||||
use PhpOffice\PhpSpreadsheet\Cell\Coordinate;
|
||||
use PhpOffice\PhpSpreadsheet\Worksheet;
|
||||
use Monolog\Logger;
|
||||
use Monolog\Handler\StreamHandler;
|
||||
|
||||
global $conditions, $validation, $borders;
|
||||
|
||||
set_time_limit(0);
|
||||
$db = new db();
|
||||
$emass_ccis = null;
|
||||
@ -137,7 +141,6 @@ $host_status = array(
|
||||
foreach ($findings as $worksheet_name => $data) {
|
||||
$log->debug("Looping through worksheet $worksheet_name");
|
||||
$chk_arr = [];
|
||||
$named_range = '';
|
||||
|
||||
// Build the "Checklist" cell string with titles of all checklists on this worksheet
|
||||
foreach ($data['checklists'] as $key => $chk_id) {
|
||||
@ -263,7 +266,7 @@ foreach ($findings as $worksheet_name => $data) {
|
||||
$row++;
|
||||
}
|
||||
|
||||
$sheet->setDataValidation("{$col}11:{$col}{$row}", clone $validation['host_status']);
|
||||
$sheet->setDataValidation("F11:{$last_tgt_col}{$row}", clone $validation['host_status']);
|
||||
$log->debug("Set data validation for target $host_name");
|
||||
|
||||
$log->debug("Completed STIG parsing");
|
||||
@ -296,6 +299,7 @@ foreach ($findings as $worksheet_name => $data) {
|
||||
->applyFromArray($borders);
|
||||
$sheet->freezePane("A11");
|
||||
$sheet->setAutoFilter("A10:{$sheet->getHighestDataColumn()}10");
|
||||
$sheet->protectCellsByColumnAndRow(1, 11, 5, $sheet->getHighestDataRow(), "sagacity");
|
||||
|
||||
updateHostHeader($sheet, $data['target_list'], $db);
|
||||
|
||||
@ -354,7 +358,7 @@ $log->debug("Writing complete");
|
||||
/**
|
||||
* Update the header on the worksheet
|
||||
*
|
||||
* @param \PhpOffice\PhpSpreadsheet\Worksheet $sheet
|
||||
* @param Worksheet $sheet
|
||||
* @param array:integer $tgts
|
||||
* @param db $db
|
||||
*/
|
||||
@ -375,9 +379,10 @@ function updateHostHeader($sheet, $tgts, &$db) {
|
||||
foreach ($tgts as $tgt_name => $col_id) {
|
||||
$log->notice("tgt_name: $tgt_name\tcol_id: $col_id");
|
||||
$tgt = $db->get_Target_Details($ste_id, $tgt_name)[0];
|
||||
/** @var software $os */
|
||||
$os = $db->get_Software($tgt->get_OS_ID())[0];
|
||||
|
||||
$oses[] = "{$os->man} {$os->name} {$os->ver}";
|
||||
$oses[] = $os->get_SW_String();
|
||||
$host_names[] = $tgt->get_Name();
|
||||
|
||||
if (is_array($tgt->interfaces) && count($tgt->interfaces)) {
|
||||
@ -503,3 +508,27 @@ function deduplicateString($str)
|
||||
|
||||
return $ret;
|
||||
}
|
||||
|
||||
/**
|
||||
* Method to add a comment to a particular cell
|
||||
*
|
||||
* @param PhpOffice\PhpSpreadsheet\Worksheet\Worksheet $sheet
|
||||
* @param string $cell
|
||||
* @param string $note
|
||||
*/
|
||||
function add_cell_comment(&$sheet, $cell, $note)
|
||||
{
|
||||
$sheet->getActiveSheet()
|
||||
->getComment($cell)
|
||||
->setAuthor(CREATOR);
|
||||
$commentRichText = $sheet->getActiveSheet()
|
||||
->getComment($cell)
|
||||
->getText()->createTextRun('Scanner Notes:');
|
||||
$commentRichText->getFont()->setBold(true);
|
||||
$sheet->getActiveSheet()
|
||||
->getComment($cell)
|
||||
->getText()->createTextRun("\r\n");
|
||||
$sheet->getActiveSheet()
|
||||
->getComment($cell)
|
||||
->getText()->createTextRun($note);
|
||||
}
|
||||
|
@ -326,6 +326,10 @@ include_once 'header.inc';
|
||||
#loading {
|
||||
display: none;
|
||||
}
|
||||
.dz-image img {
|
||||
width: 100%;
|
||||
height: 100%;
|
||||
}
|
||||
</style>
|
||||
|
||||
<div id='wrapper'>
|
||||
@ -468,20 +472,11 @@ include_once 'header.inc';
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @var ste_cat $cat
|
||||
*/
|
||||
foreach ($cats as $cat) {
|
||||
$nr = $db->get_Finding_Count_By_Status($cat->get_ID(), "Not Reviewed");
|
||||
$na = $db->get_Finding_Count_By_Status($cat->get_ID(), "Not Applicable");
|
||||
$nf = $db->get_Finding_Count_By_Status($cat->get_ID(), "Not a Finding");
|
||||
$open = $db->get_Finding_Count_By_Status($cat->get_ID(), "Open");
|
||||
|
||||
$count = $db->get_STE_Cat_TGT_Count($cat->get_ID());
|
||||
|
||||
print $cat->get_Table_Row($count, [
|
||||
"open" => $open,
|
||||
"nf" => $nf,
|
||||
"na" => $na,
|
||||
"nr" => $nr
|
||||
]);
|
||||
print $cat->get_Table_Row();
|
||||
}
|
||||
}
|
||||
else {
|
||||
@ -570,11 +565,20 @@ include_once 'header.inc';
|
||||
<script type="text/javascript">
|
||||
Dropzone.options.dropzone = {
|
||||
maxFilesize: 10,
|
||||
maxFiles: 1,
|
||||
success: function (file, res) {
|
||||
res = JSON.parse(res);
|
||||
if (res.imageUrl) {
|
||||
this.emit('thumbnail', file, res.imageUrl);
|
||||
}
|
||||
},
|
||||
error: function (xhr, status, error) {
|
||||
console.error(xhr);
|
||||
console.error(error);
|
||||
if(!xhr.accepted) {
|
||||
alert("That file type is not allowed, CSV only files");
|
||||
}
|
||||
},
|
||||
init: function() {
|
||||
this.hiddenFileInput.removeAttribute('multiple');
|
||||
},
|
||||
acceptedFiles: ".csv"
|
||||
};
|
||||
@ -593,14 +597,15 @@ include_once 'header.inc';
|
||||
</script>
|
||||
|
||||
<form class="dropzone" action="/upload.php" id="dropzone">
|
||||
<div class="dz-message" data-dz-message><span>Click or Drop files here to upload</span></div>
|
||||
<div class="fallback">
|
||||
<input type="file" name="file" multiple />
|
||||
</div>
|
||||
</form>
|
||||
|
||||
<form method='post' action='#' style='margin-left: 20px;'
|
||||
onsubmit="$('#submit').attr('disabled', true);
|
||||
return true;">
|
||||
onsubmit="if(!$('#host-list-file').val()){return false;}$('#submit').attr('disabled', true);return true;" id='host-list-form'>
|
||||
<div style='font-weight:400;color:red;'>Must keep 'host-list' as part of the filename</div>
|
||||
<input type='hidden' name='file' id='host-list-file' style='display:none;' />
|
||||
<input type='hidden' name='action' value='import_host_list' />
|
||||
<input type='hidden' name='ste' value='<?php print ($ste_id ? $ste_id : ''); ?>' />
|
||||
|
@ -175,7 +175,6 @@ if ($ste_id) {
|
||||
}
|
||||
|
||||
include_once "header.inc";
|
||||
|
||||
?>
|
||||
|
||||
<script type='text/javascript' src='/ste/ste_script.min.js'></script>
|
||||
|
@ -384,7 +384,7 @@ function display_ops_hosts(hosts) {
|
||||
var odd = true;
|
||||
|
||||
for (var x in hosts.targets) {
|
||||
$(cat).after(
|
||||
$(cat).append(
|
||||
"<div class='" + (odd ? "odd_row" : "even_row") + " cat_" + cat_id + "'>" +
|
||||
"<span class='cat-cell' style='width:102px;text-align:left'>" +
|
||||
"<input type='checkbox' class='tgt-sel' value='" + hosts.targets[x].id + "' onclick='javascript:update_tgt_chk(this);' />" +
|
||||
@ -449,9 +449,9 @@ function display_stats_hosts(hosts) {
|
||||
"<span class='cat-cell na' title='Not Applicable' style='text-align:center;'>" + hosts.targets[x].na + "</span>" +
|
||||
"<span class='cat-cell nr' title='Not Reviewed' style='text-align:center;'>" + hosts.targets[x].nr + "</span>" +
|
||||
"<span class='cat-cell comp' title='Percentage Compliant' style='text-align:center;background-color: " +
|
||||
getColorForPercentage(hosts.targets[x].comp) + ";'>" + (hosts.targets[x].comp.toFixed(2) * 100) + "%</span>" +
|
||||
getColorForPercentage(hosts.targets[x].comp) + ";'>" + (hosts.targets[x].comp * 100).toFixed(2) + "%</span>" +
|
||||
"<span class='cat-cell assessed' title='Percentage Assessed' style='text-align:center;background-color: " +
|
||||
getColorForPercentage(hosts.targets[x].assessed) + ";'>" + (hosts.targets[x].assessed.toFixed(2) * 100) + "%</span>" +
|
||||
getColorForPercentage(hosts.targets[x].assessed) + ";'>" + (hosts.targets[x].assessed * 100).toFixed(2) + "%</span>" +
|
||||
"<span class='cat-cell scans'>" +
|
||||
(hosts.targets[x].scans ? hosts.targets[x].scans : " ") +
|
||||
"</span>" +
|
||||
|
2
ste/ste_script.min.js
vendored
2
ste/ste_script.min.js
vendored
File diff suppressed because one or more lines are too long
@ -5,20 +5,21 @@
|
||||
REM Purpose: Windows / XAMPP Uninstallation Script
|
||||
REM Created: Oct 3, 2018
|
||||
|
||||
REM Copyright 2018: Cyber Perspective, All rights reserved
|
||||
REM Copyright 2018-2019: Cyber Perspective, All rights reserved
|
||||
REM Released under the Apache v2.0 License
|
||||
|
||||
REM See license.txt for details
|
||||
|
||||
REM Change Log:
|
||||
REM - Oct 3, 2018 - File created
|
||||
REM - Jan 10, 2019 - Killed stray php processes, wait for uninstall to finish in background, move www folder (and this script) deletion to the end to avoid errors.
|
||||
|
||||
echo.
|
||||
echo This will completely uninstall Sagacity and XAMPP and delete
|
||||
echo the findings database and all result files in www/tmp.
|
||||
echo.
|
||||
echo This cannot be undone.
|
||||
echo.
|
||||
@echo.
|
||||
@echo This will completely uninstall Sagacity and XAMPP and delete
|
||||
@echo the findings database and all result files in www/tmp.
|
||||
@echo.
|
||||
@echo This cannot be undone.
|
||||
@echo.
|
||||
set /p uninstall="Are you sure? (y/N) "
|
||||
|
||||
set result=0
|
||||
@ -30,25 +31,34 @@ if "%uninstall%"=="YES" (set result=1)
|
||||
|
||||
if "%result%"=="1" (
|
||||
cd C:\
|
||||
echo - Stopping Apache and MySQL services.
|
||||
@echo - Terminating PHP processes
|
||||
taskkill /F /IM php.exe
|
||||
@echo - Stopping Apache and MySQL services.
|
||||
sc stop Apache2.4
|
||||
sc stop mysql
|
||||
echo - Deleting the MySQL service.
|
||||
@echo - Deleting the MySQL service.
|
||||
sc delete mysql
|
||||
echo - Deleting the Sagacity www folder.
|
||||
del /F /S /Q C:\xampp\www 1>nul
|
||||
rmdir /S /Q C:\xampp\www
|
||||
echo - Uninstalling XAMPP
|
||||
@echo - Uninstalling XAMPP
|
||||
C:\xampp\uninstall.exe --mode unattended
|
||||
REM Deleting the www folder (and this script) has to wait until the very end
|
||||
|
||||
@echo.
|
||||
@echo Waiting for background process uninstall.exe to finish
|
||||
:LOOP
|
||||
tasklist | find /i "uninstall" >nul 2>&1
|
||||
IF ERRORLEVEL 1 (
|
||||
timeout /T 1 >nul
|
||||
GOTO LOOP
|
||||
)
|
||||
)
|
||||
|
||||
echo.
|
||||
echo Thank you for trying Sagacity. If you have any questions or comments, please echo contact us at https://www.cyberperspectives.com/contact_us
|
||||
echo.
|
||||
|
||||
@echo.
|
||||
if "%result%"=="1" (
|
||||
@echo Thank you for trying Sagacity. If you have any questions or comments, please contact us at https://www.cyberperspectives.com/contact_us
|
||||
@echo.
|
||||
set /p foo="Uninstall complete. Press enter to continue."
|
||||
rmdir /S /Q C:\xampp\www >nul 2>&1
|
||||
exit /b
|
||||
) else (
|
||||
set /p foo="Whew, that was a close one! Uninstall aborted. Press enter to continue."
|
||||
)
|
||||
|
||||
|
@ -58,6 +58,9 @@ if ($fn) {
|
||||
case TECH_ECHECKLIST_EXCEL:
|
||||
print header(JSON) . json_encode(['imageUrl' => '/img/scan_types/echecklist.png']);
|
||||
break;
|
||||
case HOST_LIST:
|
||||
print header(JSON) . json_encode(['imageUrl' => '/img/file.png']);
|
||||
break;
|
||||
default:
|
||||
print header(JSON) . json_encode(['imageUrl' => null]);
|
||||
unlink(TMP . "/" . basename($fn));
|
||||
|
Loading…
Reference in New Issue
Block a user