Bug fix for #26
Make sure debug log does not output integers, but only mysqli_result object in db_helper Couple other fixes
This commit is contained in:
parent
881bf29ee5
commit
dde7409f01
@ -104,7 +104,7 @@ class scan
|
||||
/**
|
||||
* Enum defining the type of script
|
||||
*
|
||||
* @var file_types
|
||||
* @var string
|
||||
*/
|
||||
protected $type = null;
|
||||
|
||||
@ -419,7 +419,7 @@ class scan
|
||||
/**
|
||||
* Getter function for the scan type
|
||||
*
|
||||
* @return file_types
|
||||
* @return string
|
||||
*/
|
||||
public function get_Type()
|
||||
{
|
||||
@ -429,7 +429,7 @@ class scan
|
||||
/**
|
||||
* Setter function for the scan type
|
||||
*
|
||||
* @param file_types $type_in
|
||||
* @param string $type_in
|
||||
*/
|
||||
public function set_Type($type_in)
|
||||
{
|
||||
@ -512,6 +512,30 @@ class scan
|
||||
$this->status = $status_in;
|
||||
}
|
||||
|
||||
/**
|
||||
* Method to check if the scan has been terminated by the user
|
||||
*/
|
||||
public function isTerminated()
|
||||
{
|
||||
global $db, $log;
|
||||
$db->help->select("scans", ['status'], [
|
||||
[
|
||||
'field' => 'id',
|
||||
'op' => '=',
|
||||
'value' => $this->id
|
||||
]
|
||||
]);
|
||||
$thread_status = $db->help->execute();
|
||||
|
||||
$this->status = $thread_status['status'];
|
||||
|
||||
if ($this->status == TERMINIATED) {
|
||||
rename(realpath(TMP . "/{$this->file_name}"), TMP . "/terminated/{$this->file_name}");
|
||||
$log->notice("File parsing terminated by user");
|
||||
die();
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Getter function for the percentage the script has completed
|
||||
*
|
||||
|
||||
@ -126,19 +126,7 @@ foreach ($objSS->getWorksheetIterator() as $wksht) {
|
||||
continue;
|
||||
}
|
||||
|
||||
$db->help->select("scans", ['status'], [
|
||||
[
|
||||
'field' => 'id',
|
||||
'op' => '=',
|
||||
'value' => $scan->get_ID()
|
||||
]
|
||||
]);
|
||||
$thread_status = $db->help->execute();
|
||||
if ($thread_status['status'] == 'TERMINATED') {
|
||||
unset($objSS);
|
||||
rename(realpath(TMP . "/{$scan->get_File_Name()}"), TMP . "/terminated/{$scan->get_File_Name()}");
|
||||
$log->notice("File parsing terminated by user");
|
||||
}
|
||||
$scan->isTerminated();
|
||||
|
||||
$log->notice("Reading from {$wksht->getTitle()}");
|
||||
|
||||
@ -163,86 +151,78 @@ foreach ($objSS->getWorksheetIterator() as $wksht) {
|
||||
'notes' => 9,
|
||||
'check_contents' => 10
|
||||
];
|
||||
$finding_count = [];
|
||||
$tgts = [];
|
||||
$short_title_col = Coordinate::stringFromColumnIndex($idx['short_title']);
|
||||
$row_count = $wksht->getHighestDataRow() - 10;
|
||||
$row_count = $highestRow = $wksht->getHighestDataRow() - 10;
|
||||
$highestCol = $wksht->getHighestDataColumn(10);
|
||||
|
||||
foreach ($wksht->getRowIterator(10) as $row) {
|
||||
foreach ($row->getCellIterator() as $cell) {
|
||||
$ip = null;
|
||||
$db->help->select("scans", ['status'], [
|
||||
[
|
||||
'field' => 'id',
|
||||
'op' => '=',
|
||||
'value' => $scan->get_ID()
|
||||
]
|
||||
]);
|
||||
$thread_status = $db->help->execute();
|
||||
if ($thread_status['status'] == 'TERMINATED') {
|
||||
unset($objSS);
|
||||
rename(realpath(TMP . "/{$scan->get_File_Name()}"), TMP . "/terminated/{$scan->get_File_Name()}");
|
||||
die($log->notice("File parsing terminated by user"));
|
||||
}
|
||||
for ($col = 'F' ; $col != $highestCol ; $col++) {
|
||||
$cell = $wksht->getCell($col . '10');
|
||||
$log->debug("Checking column: {$cell->getColumn()} {$cell->getCoordinate()}");
|
||||
$ip = null;
|
||||
|
||||
if ($cell->getColumn() > $short_title_col && !preg_match('/Overall/i', $cell->getValue())) {
|
||||
if (preg_match('/status/i', $cell->getValue())) {
|
||||
$log->error("Invalid host name ('status') in {$wksht->getTitle()}");
|
||||
break;
|
||||
}
|
||||
$scan->isTerminated();
|
||||
|
||||
if ($tgt_id = $db->check_Target($conf['ste'], $cell->getValue())) {
|
||||
$tgt = $db->get_Target_Details($conf['ste'], $tgt_id);
|
||||
if (is_array($tgt) && count($tgt) && isset($tgt[0]) && is_a($tgt[0], 'target')) {
|
||||
$tgt = $tgt[0];
|
||||
}
|
||||
else {
|
||||
$log->error("Could not find host {$cell->getValue()}");
|
||||
}
|
||||
}
|
||||
else {
|
||||
$tgt = new target($cell->getValue());
|
||||
$tgt->set_OS_ID($gen_os->get_ID());
|
||||
$tgt->set_STE_ID($conf['ste']);
|
||||
$tgt->set_Location($conf['location']);
|
||||
$tgt->set_Notes('New Target');
|
||||
|
||||
if (preg_match('/((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\.|$)){4}/', $cell->getValue())) {
|
||||
$ip = $cell->getValue();
|
||||
$int = new interfaces(null, null, null, $ip, null, null, null, null);
|
||||
$tgt->interfaces["{$ip}"] = $int;
|
||||
}
|
||||
|
||||
$tgt->set_ID($db->save_Target($tgt));
|
||||
}
|
||||
|
||||
$tgts[] = $tgt;
|
||||
|
||||
$hl = new host_list();
|
||||
$hl->setFindingCount($row_count);
|
||||
$hl->setTargetId($tgt->get_ID());
|
||||
$hl->setTargetName($tgt->get_Name());
|
||||
if ($ip) {
|
||||
$hl->setTargetIp($ip);
|
||||
}
|
||||
elseif (is_array($tgt->interfaces) && count($tgt->interfaces)) {
|
||||
foreach ($tgt->interfaces as $int) {
|
||||
if (!in_array($int->get_IPv4(), ['0.0.0.0', '127.0.0.1'])) {
|
||||
$ip = $int->get_IPv4();
|
||||
break;
|
||||
}
|
||||
}
|
||||
$hl->setTargetIp($ip);
|
||||
}
|
||||
|
||||
$scan->add_Target_to_Host_List($hl);
|
||||
}
|
||||
|
||||
if (preg_match('/Overall/i', $cell->getValue())) {
|
||||
if (!preg_match('/Overall/i', $cell->getValue())) {
|
||||
if (preg_match('/status/i', $cell->getValue())) {
|
||||
$log->error("Invalid host name ('status') in {$wksht->getTitle()}");
|
||||
break;
|
||||
}
|
||||
|
||||
if ($tgt_id = $db->check_Target($conf['ste'], $cell->getValue())) {
|
||||
$log->debug("Found host for {$cell->getValue()}");
|
||||
$tgt = $db->get_Target_Details($conf['ste'], $tgt_id);
|
||||
if (is_array($tgt) && count($tgt) && isset($tgt[0]) && is_a($tgt[0], 'target')) {
|
||||
$tgt = $tgt[0];
|
||||
}
|
||||
else {
|
||||
$log->error("Could not find host {$cell->getValue()}");
|
||||
}
|
||||
}
|
||||
else {
|
||||
$log->debug("Creating new target {$cell->getValue()}");
|
||||
$tgt = new target($cell->getValue());
|
||||
$tgt->set_OS_ID($gen_os->get_ID());
|
||||
$tgt->set_STE_ID($conf['ste']);
|
||||
$tgt->set_Location($conf['location']);
|
||||
$tgt->set_Notes('New Target');
|
||||
|
||||
if (preg_match('/((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\.|$)){4}/', $cell->getValue())) {
|
||||
$ip = $cell->getValue();
|
||||
$int = new interfaces(null, null, null, $ip, null, null, null, null);
|
||||
$tgt->interfaces["{$ip}"] = $int;
|
||||
}
|
||||
|
||||
$tgt->set_ID($db->save_Target($tgt));
|
||||
}
|
||||
|
||||
$tgts[] = $tgt;
|
||||
|
||||
$log->debug("Adding new target to host list", ['row_count' => $row_count, 'tgt_id' => $tgt->get_ID(), 'tgt_name' => $tgt->get_Name()]);
|
||||
$hl = new host_list();
|
||||
$hl->setFindingCount($row_count);
|
||||
$hl->setTargetId($tgt->get_ID());
|
||||
$hl->setTargetName($tgt->get_Name());
|
||||
if ($ip) {
|
||||
$hl->setTargetIp($ip);
|
||||
}
|
||||
elseif (is_array($tgt->interfaces) && count($tgt->interfaces)) {
|
||||
foreach ($tgt->interfaces as $int) {
|
||||
if (!in_array($int->get_IPv4(), ['0.0.0.0', '127.0.0.1'])) {
|
||||
$ip = $int->get_IPv4();
|
||||
break;
|
||||
}
|
||||
}
|
||||
$hl->setTargetIp($ip);
|
||||
}
|
||||
|
||||
$scan->add_Target_to_Host_List($hl);
|
||||
}
|
||||
|
||||
if (preg_match('/Overall/i', $cell->getValue())) {
|
||||
$log->debug("Found overall: {$cell->getColumn()}");
|
||||
break;
|
||||
}
|
||||
break;
|
||||
}
|
||||
|
||||
$db->update_Running_Scan($base_name, ['name' => 'host_count', 'value' => count($tgts)]);
|
||||
@ -267,6 +247,18 @@ foreach ($objSS->getWorksheetIterator() as $wksht) {
|
||||
$title_col = Coordinate::stringFromColumnIndex($idx['short_title']);
|
||||
$notes_col = Coordinate::stringFromColumnIndex($idx['notes']);
|
||||
|
||||
$log->debug("Columns", [
|
||||
'stig_col' => $stig_col,
|
||||
'vms_col' => $vms_col,
|
||||
'cat_col' => $cat_col,
|
||||
'ia_col' => $ia_col,
|
||||
'title_col' => $title_col,
|
||||
'overall_col' => Coordinate::stringFromColumnIndex($idx['overall']),
|
||||
'consistent_col' => Coordinate::stringFromColumnIndex($idx['consistent']),
|
||||
'check_contents_col' => Coordinate::stringFromColumnIndex($idx['check_contents']),
|
||||
'notes_col' => $notes_col
|
||||
]);
|
||||
|
||||
$new_findings = [];
|
||||
$updated_findings = [];
|
||||
$row_count = 0;
|
||||
@ -278,6 +270,9 @@ foreach ($objSS->getWorksheetIterator() as $wksht) {
|
||||
$notes = $wksht->getCell("{$notes_col}{$row->getRowIndex()}")->getValue();
|
||||
|
||||
$stig = $db->get_Stig($stig_id);
|
||||
if($row->getRowIndex() % 10 == 0) {
|
||||
$scan->isTerminated();
|
||||
}
|
||||
|
||||
if (is_array($stig) && count($stig) && isset($stig[0]) && is_a($stig[0], 'stig')) {
|
||||
$stig = $stig[0];
|
||||
@ -304,6 +299,7 @@ foreach ($objSS->getWorksheetIterator() as $wksht) {
|
||||
$finding = $db->get_Finding($tgt, $stig);
|
||||
|
||||
if (is_array($finding) && count($finding) && isset($finding[0]) && is_a($finding[0], 'finding')) {
|
||||
/** @var finding $tmp */
|
||||
$tmp = $finding[0];
|
||||
|
||||
if(preg_match("/Not a Finding|Not Applicable/i", $status)) {
|
||||
@ -340,9 +336,9 @@ foreach ($objSS->getWorksheetIterator() as $wksht) {
|
||||
}
|
||||
}
|
||||
|
||||
$db->update_Running_Scan($base_name, ['name' => 'perc_comp', 'value' => (($row->getRowIndex() - 10) / $row_count) * 100]);
|
||||
$db->update_Running_Scan($base_name, ['name' => 'perc_comp', 'value' => (($row->getRowIndex() - 10) / $highestRow) * 100]);
|
||||
if (PHP_SAPI == 'cli') {
|
||||
print "\r" . sprintf("%.2f%%", (($row->getRowIndex() - 10) / $row_count) * 100);
|
||||
print "\r" . sprintf("%.2f%%", (($row->getRowIndex() - 10) / $highestRow) * 100);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -1271,7 +1271,7 @@ class db_helper
|
||||
"Executing: $this->query_type\t" .
|
||||
"SQL: {$errmsg}" . PHP_EOL, FILE_APPEND);
|
||||
|
||||
if ($errno == E_DEBUG && $this->result && LOG_LEVEL == E_DEBUG) {
|
||||
if ($errno == E_DEBUG && $this->result && LOG_LEVEL == E_DEBUG && is_a($this->result, 'mysqli_result')) {
|
||||
file_put_contents(realpath(LOG_PATH . '/db.debug'), print_r($this->result, true), FILE_APPEND);
|
||||
}
|
||||
elseif ($errno == E_ERROR && $this->c->error) {
|
||||
|
||||
@ -125,6 +125,7 @@ function getValue($xml, $path, $starting = null, $keep = false)
|
||||
*/
|
||||
function FileDetection($filename)
|
||||
{
|
||||
$name = [];
|
||||
$name['base_name'] = basename($filename);
|
||||
// print "\tCheck if exists".PHP_EOL;
|
||||
if (!file_exists($filename)) {
|
||||
|
||||
5
reference/stigs/.gitignore
vendored
5
reference/stigs/.gitignore
vendored
@ -1,2 +1,5 @@
|
||||
/*.xml
|
||||
/*.csv
|
||||
/*.csv
|
||||
/*.xsl
|
||||
/*.jpg
|
||||
/*.JPG
|
||||
Loading…
Reference in New Issue
Block a user