From dde7409f01c21000d8701b8f079a599fc7212b88 Mon Sep 17 00:00:00 2001 From: Ryan Prather Date: Wed, 26 Sep 2018 10:39:38 -0400 Subject: [PATCH] Bug fix for #26 Make sure debug log does not output integers, but only mysqli_result object in db_helper Couple other fixes --- classes/scan.inc | 30 +++++- exec/parse_excel_echecklist.php | 170 ++++++++++++++++---------------- inc/database.inc | 2 +- inc/helper.inc | 1 + reference/stigs/.gitignore | 5 +- 5 files changed, 116 insertions(+), 92 deletions(-) diff --git a/classes/scan.inc b/classes/scan.inc index 7849ed3..0870132 100644 --- a/classes/scan.inc +++ b/classes/scan.inc @@ -104,7 +104,7 @@ class scan /** * Enum defining the type of script * - * @var file_types + * @var string */ protected $type = null; @@ -419,7 +419,7 @@ class scan /** * Getter function for the scan type * - * @return file_types + * @return string */ public function get_Type() { @@ -429,7 +429,7 @@ class scan /** * Setter function for the scan type * - * @param file_types $type_in + * @param string $type_in */ public function set_Type($type_in) { @@ -512,6 +512,30 @@ class scan $this->status = $status_in; } + /** + * Method to check if the scan has been terminated by the user + */ + public function isTerminated() + { + global $db, $log; + $db->help->select("scans", ['status'], [ + [ + 'field' => 'id', + 'op' => '=', + 'value' => $this->id + ] + ]); + $thread_status = $db->help->execute(); + + $this->status = $thread_status['status']; + + if ($this->status == TERMINIATED) { + rename(realpath(TMP . "/{$this->file_name}"), TMP . "/terminated/{$this->file_name}"); + $log->notice("File parsing terminated by user"); + die(); + } + } + /** * Getter function for the percentage the script has completed * diff --git a/exec/parse_excel_echecklist.php b/exec/parse_excel_echecklist.php index 1a978c3..452335f 100644 --- a/exec/parse_excel_echecklist.php +++ b/exec/parse_excel_echecklist.php @@ -126,19 +126,7 @@ foreach ($objSS->getWorksheetIterator() as $wksht) { continue; } - $db->help->select("scans", ['status'], [ - [ - 'field' => 'id', - 'op' => '=', - 'value' => $scan->get_ID() - ] - ]); - $thread_status = $db->help->execute(); - if ($thread_status['status'] == 'TERMINATED') { - unset($objSS); - rename(realpath(TMP . "/{$scan->get_File_Name()}"), TMP . "/terminated/{$scan->get_File_Name()}"); - $log->notice("File parsing terminated by user"); - } +$scan->isTerminated(); $log->notice("Reading from {$wksht->getTitle()}"); @@ -163,86 +151,78 @@ foreach ($objSS->getWorksheetIterator() as $wksht) { 'notes' => 9, 'check_contents' => 10 ]; - $finding_count = []; $tgts = []; $short_title_col = Coordinate::stringFromColumnIndex($idx['short_title']); - $row_count = $wksht->getHighestDataRow() - 10; + $row_count = $highestRow = $wksht->getHighestDataRow() - 10; + $highestCol = $wksht->getHighestDataColumn(10); - foreach ($wksht->getRowIterator(10) as $row) { - foreach ($row->getCellIterator() as $cell) { - $ip = null; - $db->help->select("scans", ['status'], [ - [ - 'field' => 'id', - 'op' => '=', - 'value' => $scan->get_ID() - ] - ]); - $thread_status = $db->help->execute(); - if ($thread_status['status'] == 'TERMINATED') { - unset($objSS); - rename(realpath(TMP . "/{$scan->get_File_Name()}"), TMP . "/terminated/{$scan->get_File_Name()}"); - die($log->notice("File parsing terminated by user")); - } + for ($col = 'F' ; $col != $highestCol ; $col++) { + $cell = $wksht->getCell($col . '10'); + $log->debug("Checking column: {$cell->getColumn()} {$cell->getCoordinate()}"); + $ip = null; - if ($cell->getColumn() > $short_title_col && !preg_match('/Overall/i', $cell->getValue())) { - if (preg_match('/status/i', $cell->getValue())) { - $log->error("Invalid host name ('status') in {$wksht->getTitle()}"); - break; - } + $scan->isTerminated(); - if ($tgt_id = $db->check_Target($conf['ste'], $cell->getValue())) { - $tgt = $db->get_Target_Details($conf['ste'], $tgt_id); - if (is_array($tgt) && count($tgt) && isset($tgt[0]) && is_a($tgt[0], 'target')) { - $tgt = $tgt[0]; - } - else { - $log->error("Could not find host {$cell->getValue()}"); - } - } - else { - $tgt = new target($cell->getValue()); - $tgt->set_OS_ID($gen_os->get_ID()); - $tgt->set_STE_ID($conf['ste']); - $tgt->set_Location($conf['location']); - $tgt->set_Notes('New Target'); - - if (preg_match('/((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\.|$)){4}/', $cell->getValue())) { - $ip = $cell->getValue(); - $int = new interfaces(null, null, null, $ip, null, null, null, null); - $tgt->interfaces["{$ip}"] = $int; - } - - $tgt->set_ID($db->save_Target($tgt)); - } - - $tgts[] = $tgt; - - $hl = new host_list(); - $hl->setFindingCount($row_count); - $hl->setTargetId($tgt->get_ID()); - $hl->setTargetName($tgt->get_Name()); - if ($ip) { - $hl->setTargetIp($ip); - } - elseif (is_array($tgt->interfaces) && count($tgt->interfaces)) { - foreach ($tgt->interfaces as $int) { - if (!in_array($int->get_IPv4(), ['0.0.0.0', '127.0.0.1'])) { - $ip = $int->get_IPv4(); - break; - } - } - $hl->setTargetIp($ip); - } - - $scan->add_Target_to_Host_List($hl); - } - - if (preg_match('/Overall/i', $cell->getValue())) { + if (!preg_match('/Overall/i', $cell->getValue())) { + if (preg_match('/status/i', $cell->getValue())) { + $log->error("Invalid host name ('status') in {$wksht->getTitle()}"); break; } + + if ($tgt_id = $db->check_Target($conf['ste'], $cell->getValue())) { + $log->debug("Found host for {$cell->getValue()}"); + $tgt = $db->get_Target_Details($conf['ste'], $tgt_id); + if (is_array($tgt) && count($tgt) && isset($tgt[0]) && is_a($tgt[0], 'target')) { + $tgt = $tgt[0]; + } + else { + $log->error("Could not find host {$cell->getValue()}"); + } + } + else { + $log->debug("Creating new target {$cell->getValue()}"); + $tgt = new target($cell->getValue()); + $tgt->set_OS_ID($gen_os->get_ID()); + $tgt->set_STE_ID($conf['ste']); + $tgt->set_Location($conf['location']); + $tgt->set_Notes('New Target'); + + if (preg_match('/((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\.|$)){4}/', $cell->getValue())) { + $ip = $cell->getValue(); + $int = new interfaces(null, null, null, $ip, null, null, null, null); + $tgt->interfaces["{$ip}"] = $int; + } + + $tgt->set_ID($db->save_Target($tgt)); + } + + $tgts[] = $tgt; + + $log->debug("Adding new target to host list", ['row_count' => $row_count, 'tgt_id' => $tgt->get_ID(), 'tgt_name' => $tgt->get_Name()]); + $hl = new host_list(); + $hl->setFindingCount($row_count); + $hl->setTargetId($tgt->get_ID()); + $hl->setTargetName($tgt->get_Name()); + if ($ip) { + $hl->setTargetIp($ip); + } + elseif (is_array($tgt->interfaces) && count($tgt->interfaces)) { + foreach ($tgt->interfaces as $int) { + if (!in_array($int->get_IPv4(), ['0.0.0.0', '127.0.0.1'])) { + $ip = $int->get_IPv4(); + break; + } + } + $hl->setTargetIp($ip); + } + + $scan->add_Target_to_Host_List($hl); + } + + if (preg_match('/Overall/i', $cell->getValue())) { + $log->debug("Found overall: {$cell->getColumn()}"); + break; } - break; } $db->update_Running_Scan($base_name, ['name' => 'host_count', 'value' => count($tgts)]); @@ -267,6 +247,18 @@ foreach ($objSS->getWorksheetIterator() as $wksht) { $title_col = Coordinate::stringFromColumnIndex($idx['short_title']); $notes_col = Coordinate::stringFromColumnIndex($idx['notes']); + $log->debug("Columns", [ + 'stig_col' => $stig_col, + 'vms_col' => $vms_col, + 'cat_col' => $cat_col, + 'ia_col' => $ia_col, + 'title_col' => $title_col, + 'overall_col' => Coordinate::stringFromColumnIndex($idx['overall']), + 'consistent_col' => Coordinate::stringFromColumnIndex($idx['consistent']), + 'check_contents_col' => Coordinate::stringFromColumnIndex($idx['check_contents']), + 'notes_col' => $notes_col + ]); + $new_findings = []; $updated_findings = []; $row_count = 0; @@ -278,6 +270,9 @@ foreach ($objSS->getWorksheetIterator() as $wksht) { $notes = $wksht->getCell("{$notes_col}{$row->getRowIndex()}")->getValue(); $stig = $db->get_Stig($stig_id); + if($row->getRowIndex() % 10 == 0) { + $scan->isTerminated(); + } if (is_array($stig) && count($stig) && isset($stig[0]) && is_a($stig[0], 'stig')) { $stig = $stig[0]; @@ -304,6 +299,7 @@ foreach ($objSS->getWorksheetIterator() as $wksht) { $finding = $db->get_Finding($tgt, $stig); if (is_array($finding) && count($finding) && isset($finding[0]) && is_a($finding[0], 'finding')) { + /** @var finding $tmp */ $tmp = $finding[0]; if(preg_match("/Not a Finding|Not Applicable/i", $status)) { @@ -340,9 +336,9 @@ foreach ($objSS->getWorksheetIterator() as $wksht) { } } - $db->update_Running_Scan($base_name, ['name' => 'perc_comp', 'value' => (($row->getRowIndex() - 10) / $row_count) * 100]); + $db->update_Running_Scan($base_name, ['name' => 'perc_comp', 'value' => (($row->getRowIndex() - 10) / $highestRow) * 100]); if (PHP_SAPI == 'cli') { - print "\r" . sprintf("%.2f%%", (($row->getRowIndex() - 10) / $row_count) * 100); + print "\r" . sprintf("%.2f%%", (($row->getRowIndex() - 10) / $highestRow) * 100); } } diff --git a/inc/database.inc b/inc/database.inc index e29671f..790d5b7 100644 --- a/inc/database.inc +++ b/inc/database.inc @@ -1271,7 +1271,7 @@ class db_helper "Executing: $this->query_type\t" . "SQL: {$errmsg}" . PHP_EOL, FILE_APPEND); - if ($errno == E_DEBUG && $this->result && LOG_LEVEL == E_DEBUG) { + if ($errno == E_DEBUG && $this->result && LOG_LEVEL == E_DEBUG && is_a($this->result, 'mysqli_result')) { file_put_contents(realpath(LOG_PATH . '/db.debug'), print_r($this->result, true), FILE_APPEND); } elseif ($errno == E_ERROR && $this->c->error) { diff --git a/inc/helper.inc b/inc/helper.inc index ce3c589..42419b0 100644 --- a/inc/helper.inc +++ b/inc/helper.inc @@ -125,6 +125,7 @@ function getValue($xml, $path, $starting = null, $keep = false) */ function FileDetection($filename) { + $name = []; $name['base_name'] = basename($filename); // print "\tCheck if exists".PHP_EOL; if (!file_exists($filename)) { diff --git a/reference/stigs/.gitignore b/reference/stigs/.gitignore index 2dd3889..ad38676 100644 --- a/reference/stigs/.gitignore +++ b/reference/stigs/.gitignore @@ -1,2 +1,5 @@ /*.xml -/*.csv \ No newline at end of file +/*.csv +/*.xsl +/*.jpg +/*.JPG \ No newline at end of file