Bug fix for #26
Make sure debug log does not output integers, but only mysqli_result object in db_helper Couple other fixes
This commit is contained in:
parent
881bf29ee5
commit
dde7409f01
@ -104,7 +104,7 @@ class scan
|
|||||||
/**
|
/**
|
||||||
* Enum defining the type of script
|
* Enum defining the type of script
|
||||||
*
|
*
|
||||||
* @var file_types
|
* @var string
|
||||||
*/
|
*/
|
||||||
protected $type = null;
|
protected $type = null;
|
||||||
|
|
||||||
@ -419,7 +419,7 @@ class scan
|
|||||||
/**
|
/**
|
||||||
* Getter function for the scan type
|
* Getter function for the scan type
|
||||||
*
|
*
|
||||||
* @return file_types
|
* @return string
|
||||||
*/
|
*/
|
||||||
public function get_Type()
|
public function get_Type()
|
||||||
{
|
{
|
||||||
@ -429,7 +429,7 @@ class scan
|
|||||||
/**
|
/**
|
||||||
* Setter function for the scan type
|
* Setter function for the scan type
|
||||||
*
|
*
|
||||||
* @param file_types $type_in
|
* @param string $type_in
|
||||||
*/
|
*/
|
||||||
public function set_Type($type_in)
|
public function set_Type($type_in)
|
||||||
{
|
{
|
||||||
@ -512,6 +512,30 @@ class scan
|
|||||||
$this->status = $status_in;
|
$this->status = $status_in;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Method to check if the scan has been terminated by the user
|
||||||
|
*/
|
||||||
|
public function isTerminated()
|
||||||
|
{
|
||||||
|
global $db, $log;
|
||||||
|
$db->help->select("scans", ['status'], [
|
||||||
|
[
|
||||||
|
'field' => 'id',
|
||||||
|
'op' => '=',
|
||||||
|
'value' => $this->id
|
||||||
|
]
|
||||||
|
]);
|
||||||
|
$thread_status = $db->help->execute();
|
||||||
|
|
||||||
|
$this->status = $thread_status['status'];
|
||||||
|
|
||||||
|
if ($this->status == TERMINIATED) {
|
||||||
|
rename(realpath(TMP . "/{$this->file_name}"), TMP . "/terminated/{$this->file_name}");
|
||||||
|
$log->notice("File parsing terminated by user");
|
||||||
|
die();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Getter function for the percentage the script has completed
|
* Getter function for the percentage the script has completed
|
||||||
*
|
*
|
||||||
|
@ -126,19 +126,7 @@ foreach ($objSS->getWorksheetIterator() as $wksht) {
|
|||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
||||||
$db->help->select("scans", ['status'], [
|
$scan->isTerminated();
|
||||||
[
|
|
||||||
'field' => 'id',
|
|
||||||
'op' => '=',
|
|
||||||
'value' => $scan->get_ID()
|
|
||||||
]
|
|
||||||
]);
|
|
||||||
$thread_status = $db->help->execute();
|
|
||||||
if ($thread_status['status'] == 'TERMINATED') {
|
|
||||||
unset($objSS);
|
|
||||||
rename(realpath(TMP . "/{$scan->get_File_Name()}"), TMP . "/terminated/{$scan->get_File_Name()}");
|
|
||||||
$log->notice("File parsing terminated by user");
|
|
||||||
}
|
|
||||||
|
|
||||||
$log->notice("Reading from {$wksht->getTitle()}");
|
$log->notice("Reading from {$wksht->getTitle()}");
|
||||||
|
|
||||||
@ -163,86 +151,78 @@ foreach ($objSS->getWorksheetIterator() as $wksht) {
|
|||||||
'notes' => 9,
|
'notes' => 9,
|
||||||
'check_contents' => 10
|
'check_contents' => 10
|
||||||
];
|
];
|
||||||
$finding_count = [];
|
|
||||||
$tgts = [];
|
$tgts = [];
|
||||||
$short_title_col = Coordinate::stringFromColumnIndex($idx['short_title']);
|
$short_title_col = Coordinate::stringFromColumnIndex($idx['short_title']);
|
||||||
$row_count = $wksht->getHighestDataRow() - 10;
|
$row_count = $highestRow = $wksht->getHighestDataRow() - 10;
|
||||||
|
$highestCol = $wksht->getHighestDataColumn(10);
|
||||||
|
|
||||||
foreach ($wksht->getRowIterator(10) as $row) {
|
for ($col = 'F' ; $col != $highestCol ; $col++) {
|
||||||
foreach ($row->getCellIterator() as $cell) {
|
$cell = $wksht->getCell($col . '10');
|
||||||
$ip = null;
|
$log->debug("Checking column: {$cell->getColumn()} {$cell->getCoordinate()}");
|
||||||
$db->help->select("scans", ['status'], [
|
$ip = null;
|
||||||
[
|
|
||||||
'field' => 'id',
|
|
||||||
'op' => '=',
|
|
||||||
'value' => $scan->get_ID()
|
|
||||||
]
|
|
||||||
]);
|
|
||||||
$thread_status = $db->help->execute();
|
|
||||||
if ($thread_status['status'] == 'TERMINATED') {
|
|
||||||
unset($objSS);
|
|
||||||
rename(realpath(TMP . "/{$scan->get_File_Name()}"), TMP . "/terminated/{$scan->get_File_Name()}");
|
|
||||||
die($log->notice("File parsing terminated by user"));
|
|
||||||
}
|
|
||||||
|
|
||||||
if ($cell->getColumn() > $short_title_col && !preg_match('/Overall/i', $cell->getValue())) {
|
$scan->isTerminated();
|
||||||
if (preg_match('/status/i', $cell->getValue())) {
|
|
||||||
$log->error("Invalid host name ('status') in {$wksht->getTitle()}");
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
|
|
||||||
if ($tgt_id = $db->check_Target($conf['ste'], $cell->getValue())) {
|
if (!preg_match('/Overall/i', $cell->getValue())) {
|
||||||
$tgt = $db->get_Target_Details($conf['ste'], $tgt_id);
|
if (preg_match('/status/i', $cell->getValue())) {
|
||||||
if (is_array($tgt) && count($tgt) && isset($tgt[0]) && is_a($tgt[0], 'target')) {
|
$log->error("Invalid host name ('status') in {$wksht->getTitle()}");
|
||||||
$tgt = $tgt[0];
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
$log->error("Could not find host {$cell->getValue()}");
|
|
||||||
}
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
$tgt = new target($cell->getValue());
|
|
||||||
$tgt->set_OS_ID($gen_os->get_ID());
|
|
||||||
$tgt->set_STE_ID($conf['ste']);
|
|
||||||
$tgt->set_Location($conf['location']);
|
|
||||||
$tgt->set_Notes('New Target');
|
|
||||||
|
|
||||||
if (preg_match('/((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\.|$)){4}/', $cell->getValue())) {
|
|
||||||
$ip = $cell->getValue();
|
|
||||||
$int = new interfaces(null, null, null, $ip, null, null, null, null);
|
|
||||||
$tgt->interfaces["{$ip}"] = $int;
|
|
||||||
}
|
|
||||||
|
|
||||||
$tgt->set_ID($db->save_Target($tgt));
|
|
||||||
}
|
|
||||||
|
|
||||||
$tgts[] = $tgt;
|
|
||||||
|
|
||||||
$hl = new host_list();
|
|
||||||
$hl->setFindingCount($row_count);
|
|
||||||
$hl->setTargetId($tgt->get_ID());
|
|
||||||
$hl->setTargetName($tgt->get_Name());
|
|
||||||
if ($ip) {
|
|
||||||
$hl->setTargetIp($ip);
|
|
||||||
}
|
|
||||||
elseif (is_array($tgt->interfaces) && count($tgt->interfaces)) {
|
|
||||||
foreach ($tgt->interfaces as $int) {
|
|
||||||
if (!in_array($int->get_IPv4(), ['0.0.0.0', '127.0.0.1'])) {
|
|
||||||
$ip = $int->get_IPv4();
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
$hl->setTargetIp($ip);
|
|
||||||
}
|
|
||||||
|
|
||||||
$scan->add_Target_to_Host_List($hl);
|
|
||||||
}
|
|
||||||
|
|
||||||
if (preg_match('/Overall/i', $cell->getValue())) {
|
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if ($tgt_id = $db->check_Target($conf['ste'], $cell->getValue())) {
|
||||||
|
$log->debug("Found host for {$cell->getValue()}");
|
||||||
|
$tgt = $db->get_Target_Details($conf['ste'], $tgt_id);
|
||||||
|
if (is_array($tgt) && count($tgt) && isset($tgt[0]) && is_a($tgt[0], 'target')) {
|
||||||
|
$tgt = $tgt[0];
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
$log->error("Could not find host {$cell->getValue()}");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
$log->debug("Creating new target {$cell->getValue()}");
|
||||||
|
$tgt = new target($cell->getValue());
|
||||||
|
$tgt->set_OS_ID($gen_os->get_ID());
|
||||||
|
$tgt->set_STE_ID($conf['ste']);
|
||||||
|
$tgt->set_Location($conf['location']);
|
||||||
|
$tgt->set_Notes('New Target');
|
||||||
|
|
||||||
|
if (preg_match('/((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\.|$)){4}/', $cell->getValue())) {
|
||||||
|
$ip = $cell->getValue();
|
||||||
|
$int = new interfaces(null, null, null, $ip, null, null, null, null);
|
||||||
|
$tgt->interfaces["{$ip}"] = $int;
|
||||||
|
}
|
||||||
|
|
||||||
|
$tgt->set_ID($db->save_Target($tgt));
|
||||||
|
}
|
||||||
|
|
||||||
|
$tgts[] = $tgt;
|
||||||
|
|
||||||
|
$log->debug("Adding new target to host list", ['row_count' => $row_count, 'tgt_id' => $tgt->get_ID(), 'tgt_name' => $tgt->get_Name()]);
|
||||||
|
$hl = new host_list();
|
||||||
|
$hl->setFindingCount($row_count);
|
||||||
|
$hl->setTargetId($tgt->get_ID());
|
||||||
|
$hl->setTargetName($tgt->get_Name());
|
||||||
|
if ($ip) {
|
||||||
|
$hl->setTargetIp($ip);
|
||||||
|
}
|
||||||
|
elseif (is_array($tgt->interfaces) && count($tgt->interfaces)) {
|
||||||
|
foreach ($tgt->interfaces as $int) {
|
||||||
|
if (!in_array($int->get_IPv4(), ['0.0.0.0', '127.0.0.1'])) {
|
||||||
|
$ip = $int->get_IPv4();
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
$hl->setTargetIp($ip);
|
||||||
|
}
|
||||||
|
|
||||||
|
$scan->add_Target_to_Host_List($hl);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (preg_match('/Overall/i', $cell->getValue())) {
|
||||||
|
$log->debug("Found overall: {$cell->getColumn()}");
|
||||||
|
break;
|
||||||
}
|
}
|
||||||
break;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
$db->update_Running_Scan($base_name, ['name' => 'host_count', 'value' => count($tgts)]);
|
$db->update_Running_Scan($base_name, ['name' => 'host_count', 'value' => count($tgts)]);
|
||||||
@ -267,6 +247,18 @@ foreach ($objSS->getWorksheetIterator() as $wksht) {
|
|||||||
$title_col = Coordinate::stringFromColumnIndex($idx['short_title']);
|
$title_col = Coordinate::stringFromColumnIndex($idx['short_title']);
|
||||||
$notes_col = Coordinate::stringFromColumnIndex($idx['notes']);
|
$notes_col = Coordinate::stringFromColumnIndex($idx['notes']);
|
||||||
|
|
||||||
|
$log->debug("Columns", [
|
||||||
|
'stig_col' => $stig_col,
|
||||||
|
'vms_col' => $vms_col,
|
||||||
|
'cat_col' => $cat_col,
|
||||||
|
'ia_col' => $ia_col,
|
||||||
|
'title_col' => $title_col,
|
||||||
|
'overall_col' => Coordinate::stringFromColumnIndex($idx['overall']),
|
||||||
|
'consistent_col' => Coordinate::stringFromColumnIndex($idx['consistent']),
|
||||||
|
'check_contents_col' => Coordinate::stringFromColumnIndex($idx['check_contents']),
|
||||||
|
'notes_col' => $notes_col
|
||||||
|
]);
|
||||||
|
|
||||||
$new_findings = [];
|
$new_findings = [];
|
||||||
$updated_findings = [];
|
$updated_findings = [];
|
||||||
$row_count = 0;
|
$row_count = 0;
|
||||||
@ -278,6 +270,9 @@ foreach ($objSS->getWorksheetIterator() as $wksht) {
|
|||||||
$notes = $wksht->getCell("{$notes_col}{$row->getRowIndex()}")->getValue();
|
$notes = $wksht->getCell("{$notes_col}{$row->getRowIndex()}")->getValue();
|
||||||
|
|
||||||
$stig = $db->get_Stig($stig_id);
|
$stig = $db->get_Stig($stig_id);
|
||||||
|
if($row->getRowIndex() % 10 == 0) {
|
||||||
|
$scan->isTerminated();
|
||||||
|
}
|
||||||
|
|
||||||
if (is_array($stig) && count($stig) && isset($stig[0]) && is_a($stig[0], 'stig')) {
|
if (is_array($stig) && count($stig) && isset($stig[0]) && is_a($stig[0], 'stig')) {
|
||||||
$stig = $stig[0];
|
$stig = $stig[0];
|
||||||
@ -304,6 +299,7 @@ foreach ($objSS->getWorksheetIterator() as $wksht) {
|
|||||||
$finding = $db->get_Finding($tgt, $stig);
|
$finding = $db->get_Finding($tgt, $stig);
|
||||||
|
|
||||||
if (is_array($finding) && count($finding) && isset($finding[0]) && is_a($finding[0], 'finding')) {
|
if (is_array($finding) && count($finding) && isset($finding[0]) && is_a($finding[0], 'finding')) {
|
||||||
|
/** @var finding $tmp */
|
||||||
$tmp = $finding[0];
|
$tmp = $finding[0];
|
||||||
|
|
||||||
if(preg_match("/Not a Finding|Not Applicable/i", $status)) {
|
if(preg_match("/Not a Finding|Not Applicable/i", $status)) {
|
||||||
@ -340,9 +336,9 @@ foreach ($objSS->getWorksheetIterator() as $wksht) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
$db->update_Running_Scan($base_name, ['name' => 'perc_comp', 'value' => (($row->getRowIndex() - 10) / $row_count) * 100]);
|
$db->update_Running_Scan($base_name, ['name' => 'perc_comp', 'value' => (($row->getRowIndex() - 10) / $highestRow) * 100]);
|
||||||
if (PHP_SAPI == 'cli') {
|
if (PHP_SAPI == 'cli') {
|
||||||
print "\r" . sprintf("%.2f%%", (($row->getRowIndex() - 10) / $row_count) * 100);
|
print "\r" . sprintf("%.2f%%", (($row->getRowIndex() - 10) / $highestRow) * 100);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1271,7 +1271,7 @@ class db_helper
|
|||||||
"Executing: $this->query_type\t" .
|
"Executing: $this->query_type\t" .
|
||||||
"SQL: {$errmsg}" . PHP_EOL, FILE_APPEND);
|
"SQL: {$errmsg}" . PHP_EOL, FILE_APPEND);
|
||||||
|
|
||||||
if ($errno == E_DEBUG && $this->result && LOG_LEVEL == E_DEBUG) {
|
if ($errno == E_DEBUG && $this->result && LOG_LEVEL == E_DEBUG && is_a($this->result, 'mysqli_result')) {
|
||||||
file_put_contents(realpath(LOG_PATH . '/db.debug'), print_r($this->result, true), FILE_APPEND);
|
file_put_contents(realpath(LOG_PATH . '/db.debug'), print_r($this->result, true), FILE_APPEND);
|
||||||
}
|
}
|
||||||
elseif ($errno == E_ERROR && $this->c->error) {
|
elseif ($errno == E_ERROR && $this->c->error) {
|
||||||
|
@ -125,6 +125,7 @@ function getValue($xml, $path, $starting = null, $keep = false)
|
|||||||
*/
|
*/
|
||||||
function FileDetection($filename)
|
function FileDetection($filename)
|
||||||
{
|
{
|
||||||
|
$name = [];
|
||||||
$name['base_name'] = basename($filename);
|
$name['base_name'] = basename($filename);
|
||||||
// print "\tCheck if exists".PHP_EOL;
|
// print "\tCheck if exists".PHP_EOL;
|
||||||
if (!file_exists($filename)) {
|
if (!file_exists($filename)) {
|
||||||
|
3
reference/stigs/.gitignore
vendored
3
reference/stigs/.gitignore
vendored
@ -1,2 +1,5 @@
|
|||||||
/*.xml
|
/*.xml
|
||||||
/*.csv
|
/*.csv
|
||||||
|
/*.xsl
|
||||||
|
/*.jpg
|
||||||
|
/*.JPG
|
Loading…
Reference in New Issue
Block a user