Bug fix for #26

Make sure debug log does not output integers, but only mysqli_result object in db_helper
Couple other fixes
This commit is contained in:
Ryan Prather 2018-09-26 10:39:38 -04:00
parent 881bf29ee5
commit dde7409f01
5 changed files with 116 additions and 92 deletions

View File

@ -104,7 +104,7 @@ class scan
/**
* Enum defining the type of script
*
* @var file_types
* @var string
*/
protected $type = null;
@ -419,7 +419,7 @@ class scan
/**
* Getter function for the scan type
*
* @return file_types
* @return string
*/
public function get_Type()
{
@ -429,7 +429,7 @@ class scan
/**
* Setter function for the scan type
*
* @param file_types $type_in
* @param string $type_in
*/
public function set_Type($type_in)
{
@ -512,6 +512,30 @@ class scan
$this->status = $status_in;
}
/**
* Method to check if the scan has been terminated by the user
*/
public function isTerminated()
{
global $db, $log;
$db->help->select("scans", ['status'], [
[
'field' => 'id',
'op' => '=',
'value' => $this->id
]
]);
$thread_status = $db->help->execute();
$this->status = $thread_status['status'];
if ($this->status == TERMINIATED) {
rename(realpath(TMP . "/{$this->file_name}"), TMP . "/terminated/{$this->file_name}");
$log->notice("File parsing terminated by user");
die();
}
}
/**
* Getter function for the percentage the script has completed
*

View File

@ -126,19 +126,7 @@ foreach ($objSS->getWorksheetIterator() as $wksht) {
continue;
}
$db->help->select("scans", ['status'], [
[
'field' => 'id',
'op' => '=',
'value' => $scan->get_ID()
]
]);
$thread_status = $db->help->execute();
if ($thread_status['status'] == 'TERMINATED') {
unset($objSS);
rename(realpath(TMP . "/{$scan->get_File_Name()}"), TMP . "/terminated/{$scan->get_File_Name()}");
$log->notice("File parsing terminated by user");
}
$scan->isTerminated();
$log->notice("Reading from {$wksht->getTitle()}");
@ -163,35 +151,26 @@ foreach ($objSS->getWorksheetIterator() as $wksht) {
'notes' => 9,
'check_contents' => 10
];
$finding_count = [];
$tgts = [];
$short_title_col = Coordinate::stringFromColumnIndex($idx['short_title']);
$row_count = $wksht->getHighestDataRow() - 10;
$row_count = $highestRow = $wksht->getHighestDataRow() - 10;
$highestCol = $wksht->getHighestDataColumn(10);
foreach ($wksht->getRowIterator(10) as $row) {
foreach ($row->getCellIterator() as $cell) {
for ($col = 'F' ; $col != $highestCol ; $col++) {
$cell = $wksht->getCell($col . '10');
$log->debug("Checking column: {$cell->getColumn()} {$cell->getCoordinate()}");
$ip = null;
$db->help->select("scans", ['status'], [
[
'field' => 'id',
'op' => '=',
'value' => $scan->get_ID()
]
]);
$thread_status = $db->help->execute();
if ($thread_status['status'] == 'TERMINATED') {
unset($objSS);
rename(realpath(TMP . "/{$scan->get_File_Name()}"), TMP . "/terminated/{$scan->get_File_Name()}");
die($log->notice("File parsing terminated by user"));
}
if ($cell->getColumn() > $short_title_col && !preg_match('/Overall/i', $cell->getValue())) {
$scan->isTerminated();
if (!preg_match('/Overall/i', $cell->getValue())) {
if (preg_match('/status/i', $cell->getValue())) {
$log->error("Invalid host name ('status') in {$wksht->getTitle()}");
break;
}
if ($tgt_id = $db->check_Target($conf['ste'], $cell->getValue())) {
$log->debug("Found host for {$cell->getValue()}");
$tgt = $db->get_Target_Details($conf['ste'], $tgt_id);
if (is_array($tgt) && count($tgt) && isset($tgt[0]) && is_a($tgt[0], 'target')) {
$tgt = $tgt[0];
@ -201,6 +180,7 @@ foreach ($objSS->getWorksheetIterator() as $wksht) {
}
}
else {
$log->debug("Creating new target {$cell->getValue()}");
$tgt = new target($cell->getValue());
$tgt->set_OS_ID($gen_os->get_ID());
$tgt->set_STE_ID($conf['ste']);
@ -218,6 +198,7 @@ foreach ($objSS->getWorksheetIterator() as $wksht) {
$tgts[] = $tgt;
$log->debug("Adding new target to host list", ['row_count' => $row_count, 'tgt_id' => $tgt->get_ID(), 'tgt_name' => $tgt->get_Name()]);
$hl = new host_list();
$hl->setFindingCount($row_count);
$hl->setTargetId($tgt->get_ID());
@ -239,11 +220,10 @@ foreach ($objSS->getWorksheetIterator() as $wksht) {
}
if (preg_match('/Overall/i', $cell->getValue())) {
$log->debug("Found overall: {$cell->getColumn()}");
break;
}
}
break;
}
$db->update_Running_Scan($base_name, ['name' => 'host_count', 'value' => count($tgts)]);
@ -267,6 +247,18 @@ foreach ($objSS->getWorksheetIterator() as $wksht) {
$title_col = Coordinate::stringFromColumnIndex($idx['short_title']);
$notes_col = Coordinate::stringFromColumnIndex($idx['notes']);
$log->debug("Columns", [
'stig_col' => $stig_col,
'vms_col' => $vms_col,
'cat_col' => $cat_col,
'ia_col' => $ia_col,
'title_col' => $title_col,
'overall_col' => Coordinate::stringFromColumnIndex($idx['overall']),
'consistent_col' => Coordinate::stringFromColumnIndex($idx['consistent']),
'check_contents_col' => Coordinate::stringFromColumnIndex($idx['check_contents']),
'notes_col' => $notes_col
]);
$new_findings = [];
$updated_findings = [];
$row_count = 0;
@ -278,6 +270,9 @@ foreach ($objSS->getWorksheetIterator() as $wksht) {
$notes = $wksht->getCell("{$notes_col}{$row->getRowIndex()}")->getValue();
$stig = $db->get_Stig($stig_id);
if($row->getRowIndex() % 10 == 0) {
$scan->isTerminated();
}
if (is_array($stig) && count($stig) && isset($stig[0]) && is_a($stig[0], 'stig')) {
$stig = $stig[0];
@ -304,6 +299,7 @@ foreach ($objSS->getWorksheetIterator() as $wksht) {
$finding = $db->get_Finding($tgt, $stig);
if (is_array($finding) && count($finding) && isset($finding[0]) && is_a($finding[0], 'finding')) {
/** @var finding $tmp */
$tmp = $finding[0];
if(preg_match("/Not a Finding|Not Applicable/i", $status)) {
@ -340,9 +336,9 @@ foreach ($objSS->getWorksheetIterator() as $wksht) {
}
}
$db->update_Running_Scan($base_name, ['name' => 'perc_comp', 'value' => (($row->getRowIndex() - 10) / $row_count) * 100]);
$db->update_Running_Scan($base_name, ['name' => 'perc_comp', 'value' => (($row->getRowIndex() - 10) / $highestRow) * 100]);
if (PHP_SAPI == 'cli') {
print "\r" . sprintf("%.2f%%", (($row->getRowIndex() - 10) / $row_count) * 100);
print "\r" . sprintf("%.2f%%", (($row->getRowIndex() - 10) / $highestRow) * 100);
}
}

View File

@ -1271,7 +1271,7 @@ class db_helper
"Executing: $this->query_type\t" .
"SQL: {$errmsg}" . PHP_EOL, FILE_APPEND);
if ($errno == E_DEBUG && $this->result && LOG_LEVEL == E_DEBUG) {
if ($errno == E_DEBUG && $this->result && LOG_LEVEL == E_DEBUG && is_a($this->result, 'mysqli_result')) {
file_put_contents(realpath(LOG_PATH . '/db.debug'), print_r($this->result, true), FILE_APPEND);
}
elseif ($errno == E_ERROR && $this->c->error) {

View File

@ -125,6 +125,7 @@ function getValue($xml, $path, $starting = null, $keep = false)
*/
function FileDetection($filename)
{
$name = [];
$name['base_name'] = basename($filename);
// print "\tCheck if exists".PHP_EOL;
if (!file_exists($filename)) {

View File

@ -1,2 +1,5 @@
/*.xml
/*.csv
/*.xsl
/*.jpg
/*.JPG