From dfb81bf3881b8f25479a8518e79abb49a18dd910 Mon Sep 17 00:00:00 2001 From: Ryan Prather Date: Sat, 1 Dec 2018 23:21:20 -0500 Subject: [PATCH] Updates --- ajax.php | 4 + db_schema.json | 340 +++++++++++++++++++-------------------- exec/export-ckl.php | 3 +- exec/parse_scc_xccdf.php | 14 +- inc/database.inc | 76 ++++----- inc/footer.inc | 2 +- ste/ste_script.js | 2 +- ste/ste_script.min.js | 18 +-- 8 files changed, 224 insertions(+), 235 deletions(-) diff --git a/ajax.php b/ajax.php index 509b0ec..e0f0c54 100644 --- a/ajax.php +++ b/ajax.php @@ -48,10 +48,14 @@ */ set_time_limit(0); +include_once 'vendor/autoload.php'; include_once 'config.inc'; include_once 'import.inc'; include_once 'helper.inc'; +use Monolog\Logger; +use Monolog\Handler\StreamHandler; + chdir(dirname(__FILE__)); $db = new db(); diff --git a/db_schema.json b/db_schema.json index 9011ebc..d3bb478 100644 --- a/db_schema.json +++ b/db_schema.json @@ -252,8 +252,8 @@ "schema": "sagacity", "table": "sw_man_match", "field": "id", - "update": null, - "delete": null + "update": "CASCADE", + "delete": "CASCADE" } ] }, @@ -454,8 +454,8 @@ "schema": "rmf", "table": "family", "field": "abbr", - "update": null, - "delete": null + "update": "CASCADE", + "delete": "CASCADE" } ], "index": [ @@ -502,8 +502,8 @@ "schema": "rmf", "table": "controls", "field": "control_id", - "update": null, - "delete": null + "update": "CASCADE", + "delete": "CASCADE" }, { "id": "rmf_related_controls_related_id", @@ -511,8 +511,8 @@ "schema": "rmf", "table": "controls", "field": "control_id", - "update": null, - "delete": null + "update": "CASCADE", + "delete": "CASCADE" } ], "index": [ @@ -563,8 +563,8 @@ "schema": "rmf", "table": "controls", "field": "control_id", - "update": null, - "delete": null + "update": "CASCADE", + "delete": "CASCADE" } ], "index": [ @@ -641,8 +641,8 @@ "schema": "rmf", "table": "controls", "field": "control_id", - "update": null, - "delete": null + "update": "CASCADE", + "delete": "CASCADE" } ], "index": [ @@ -704,8 +704,8 @@ "schema": "rmf", "table": "controls", "field": "control_id", - "update": null, - "delete": null + "update": "CASCADE", + "delete": "CASCADE" }, { "id": "rmf_eny_baseline_enh_id", @@ -713,8 +713,8 @@ "schema": "rmf", "table": "control_enh", "field": "enh_id", - "update": null, - "delete": null + "update": "CASCADE", + "delete": "CASCADE" } ], "index": [ @@ -805,8 +805,8 @@ "schema": "rmf", "table": "controls", "field": "control_id", - "update": null, - "delete": null + "update": "CASCADE", + "delete": "CASCADE" }, { "id": "fk_cci_control_enh1", @@ -814,8 +814,8 @@ "schema": "rmf", "table": "control_enh", "field": "enh_id", - "update": null, - "delete": null + "update": "CASCADE", + "delete": "CASCADE" } ], "index": [ @@ -1363,8 +1363,8 @@ "schema": "sagacity", "table": "pdi_catalog", "field": "id", - "update": null, - "delete": null + "update": "CASCADE", + "delete": "CASCADE" }, { "id": "fp_src_id", @@ -1372,8 +1372,8 @@ "schema": "sagacity", "table": "sources", "field": "id", - "update": null, - "delete": null + "update": "CASCADE", + "delete": "CASCADE" } ] }, @@ -1423,8 +1423,8 @@ "schema": "sagacity", "table": "pdi_catalog", "field": "id", - "update": null, - "delete": null + "update": "CASCADE", + "delete": "CASCADE" }, { "id": "exp_sys_id", @@ -1432,8 +1432,8 @@ "schema": "sagacity", "table": "system", "field": "id", - "update": null, - "delete": null + "update": "CASCADE", + "delete": "CASCADE" } ] }, @@ -1776,8 +1776,8 @@ "schema": "sagacity", "table": "proc_ia_controls", "field": "control_id", - "update": null, - "delete": null + "update": "CASCADE", + "delete": "CASCADE" } ], "index": [ @@ -1858,8 +1858,8 @@ "schema": "sagacity", "table": "proc_ia_controls", "field": "control_id", - "update": null, - "delete": null + "update": "CASCADE", + "delete": "CASCADE" } ] }, @@ -2013,8 +2013,8 @@ "schema": "sagacity", "table": "checklist", "field": "id", - "update": null, - "delete": null + "update": "CASCADE", + "delete": "CASCADE" }, { "id": "chk_sw_lu_sw_id", @@ -2022,8 +2022,8 @@ "schema": "sagacity", "table": "software", "field": "id", - "update": null, - "delete": null + "update": "CASCADE", + "delete": "CASCADE" } ], "index": [ @@ -2125,8 +2125,8 @@ "schema": "sagacity", "table": "checklist", "field": "id", - "update": null, - "delete": null + "update": "CASCADE", + "delete": "CASCADE" }, { "id": "pdi_pdi_id", @@ -2134,8 +2134,8 @@ "schema": "sagacity", "table": "pdi_catalog", "field": "id", - "update": null, - "delete": null + "update": "CASCADE", + "delete": "CASCADE" } ], "index": [ @@ -2237,8 +2237,8 @@ "schema": "sagacity", "table": "pdi_catalog", "field": "id", - "update": null, - "delete": null + "update": "CASCADE", + "delete": "CASCADE" } ], "index": [ @@ -2285,8 +2285,8 @@ "schema": "sagacity", "table": "pdi_catalog", "field": "id", - "update": null, - "delete": null + "update": "CASCADE", + "delete": "CASCADE" } ], "index": [ @@ -2432,8 +2432,8 @@ "schema": "sagacity", "table": "cci", "field": "cci_id", - "update": null, - "delete": null + "update": "CASCADE", + "delete": "CASCADE" } ], "index": [ @@ -2600,8 +2600,8 @@ "schema": "sagacity", "table": "cve_db", "field": "cve_id", - "update": null, - "delete": null + "update": "CASCADE", + "delete": "CASCADE" } ], "index": [ @@ -2648,8 +2648,8 @@ "schema": "sagacity", "table": "pdi_catalog", "field": "id", - "update": null, - "delete": null + "update": "CASCADE", + "delete": "CASCADE" }, { "id": "cve_cve_id", @@ -2657,8 +2657,8 @@ "schema": "sagacity", "table": "cve_db", "field": "cve_id", - "update": null, - "delete": null + "update": "CASCADE", + "delete": "CASCADE" } ] }, @@ -2697,8 +2697,8 @@ "schema": "sagacity", "table": "cve_db", "field": "cve_id", - "update": null, - "delete": null + "update": "CASCADE", + "delete": "CASCADE" } ] }, @@ -2748,8 +2748,8 @@ "schema": "sagacity", "table": "pdi_catalog", "field": "id", - "update": null, - "delete": null + "update": "CASCADE", + "delete": "CASCADE" } ], "index": [ @@ -2807,8 +2807,8 @@ "schema": "sagacity", "table": "pdi_catalog", "field": "id", - "update": null, - "delete": null + "update": "CASCADE", + "delete": "CASCADE" } ], "index": [ @@ -3014,8 +3014,8 @@ "schema": "sagacity", "table": "pdi_catalog", "field": "id", - "update": null, - "delete": null + "update": "CASCADE", + "delete": "CASCADE" } ], "index": [ @@ -3071,8 +3071,8 @@ "schema": "sagacity", "table": "iavm_notices", "field": "noticeId", - "update": null, - "delete": null + "update": "CASCADE", + "delete": "CASCADE" } ], "index": [ @@ -3138,8 +3138,8 @@ "schema": "sagacity", "table": "iavm_notices", "field": "noticeId", - "update": null, - "delete": null + "update": "CASCADE", + "delete": "CASCADE" } ], "index": [ @@ -3215,8 +3215,8 @@ "schema": "sagacity", "table": "iavm_notices", "field": "noticeId", - "update": null, - "delete": null + "update": "CASCADE", + "delete": "CASCADE" } ], "index": [ @@ -3282,8 +3282,8 @@ "schema": "sagacity", "table": "iavm_notices", "field": "noticeId", - "update": null, - "delete": null + "update": "CASCADE", + "delete": "CASCADE" } ], "index": [ @@ -3339,8 +3339,8 @@ "schema": "sagacity", "table": "iavm_notices", "field": "noticeId", - "update": null, - "delete": null + "update": "CASCADE", + "delete": "CASCADE" } ], "index": [ @@ -3387,8 +3387,8 @@ "schema": "sagacity", "table": "cve_db", "field": "cve_id", - "update": null, - "delete": null + "update": "CASCADE", + "delete": "CASCADE" }, { "id": "iavm_lookup_id", @@ -3396,8 +3396,8 @@ "schema": "sagacity", "table": "iavm_notices", "field": "noticeId", - "update": null, - "delete": null + "update": "CASCADE", + "delete": "CASCADE" } ], "index": [ @@ -3542,8 +3542,8 @@ "schema": "sagacity", "table": "nessus_plugins", "field": "plugin_id", - "update": null, - "delete": null + "update": "CASCADE", + "delete": "CASCADE" } ], "index": [ @@ -3590,8 +3590,8 @@ "schema": "sagacity", "table": "pdi_catalog", "field": "id", - "update": null, - "delete": null + "update": "CASCADE", + "delete": "CASCADE" }, { "id": "nessus_n_id", @@ -3599,8 +3599,8 @@ "schema": "sagacity", "table": "nessus_plugins", "field": "plugin_id", - "update": null, - "delete": null + "update": "CASCADE", + "delete": "CASCADE" } ], "index": [ @@ -3663,8 +3663,8 @@ "schema": "sagacity", "table": "pdi_catalog", "field": "id", - "update": null, - "delete": null + "update": "CASCADE", + "delete": "CASCADE" } ], "index": [ @@ -3761,8 +3761,8 @@ "schema": "sagacity", "table": "pdi_catalog", "field": "id", - "update": null, - "delete": null + "update": "CASCADE", + "delete": "CASCADE" } ], "index": [ @@ -3879,8 +3879,8 @@ "schema": "sagacity", "table": "pdi_catalog", "field": "id", - "update": null, - "delete": null + "update": "CASCADE", + "delete": "CASCADE" } ], "index": [ @@ -3927,8 +3927,8 @@ "schema": "sagacity", "table": "pdi_catalog", "field": "id", - "update": null, - "delete": null + "update": "CASCADE", + "delete": "CASCADE" } ], "index": [ @@ -4169,8 +4169,8 @@ "schema": "sagacity", "table": "system", "field": "id", - "update": null, - "delete": null + "update": "CASCADE", + "delete": "CASCADE" }, { "id": "ste_site_id", @@ -4178,8 +4178,8 @@ "schema": "sagacity", "table": "sites", "field": "id", - "update": null, - "delete": null + "update": "CASCADE", + "delete": "CASCADE" } ], "index": [ @@ -4241,8 +4241,8 @@ "schema": "sagacity", "table": "people", "field": "id", - "update": null, - "delete": null + "update": "CASCADE", + "delete": "CASCADE" }, { "id": "ste_team_ste_id", @@ -4250,8 +4250,8 @@ "schema": "sagacity", "table": "ste", "field": "id", - "update": null, - "delete": null + "update": "CASCADE", + "delete": "CASCADE" } ] }, @@ -4310,8 +4310,8 @@ "schema": "sagacity", "table": "ste", "field": "id", - "update": null, - "delete": null + "update": "CASCADE", + "delete": "CASCADE" } ], "index": [ @@ -4358,8 +4358,8 @@ "schema": "sagacity", "table": "ste_cat", "field": "id", - "update": null, - "delete": null + "update": "CASCADE", + "delete": "CASCADE" }, { "id": "ste_cat_src_id", @@ -4367,8 +4367,8 @@ "schema": "sagacity", "table": "sources", "field": "id", - "update": null, - "delete": null + "update": "CASCADE", + "delete": "CASCADE" } ] }, @@ -4467,8 +4467,8 @@ "schema": "sagacity", "table": "ste_cat", "field": "id", - "update": null, - "delete": null + "update": "CASCADE", + "delete": "CASCADE" }, { "id": "cat_int_ques_id", @@ -4476,8 +4476,8 @@ "schema": "sagacity", "table": "interview_questions", "field": "id", - "update": null, - "delete": null + "update": "CASCADE", + "delete": "CASCADE" } ], "index": [ @@ -4669,8 +4669,8 @@ "schema": "sagacity", "table": "sources", "field": "id", - "update": null, - "delete": null + "update": "CASCADE", + "delete": "CASCADE" }, { "id": "scan_ste_id", @@ -4678,8 +4678,8 @@ "schema": "sagacity", "table": "ste", "field": "id", - "update": null, - "delete": null + "update": "CASCADE", + "delete": "CASCADE" } ], "index": [ @@ -4968,8 +4968,8 @@ "schema": "sagacity", "table": "ste_cat", "field": "id", - "update": null, - "delete": null + "update": "CASCADE", + "delete": "CASCADE" }, { "id": "t_os_id", @@ -4977,8 +4977,8 @@ "schema": "sagacity", "table": "software", "field": "id", - "update": null, - "delete": null + "update": "CASCADE", + "delete": "CASCADE" }, { "id": "t_ste_id", @@ -4986,8 +4986,8 @@ "schema": "sagacity", "table": "ste", "field": "id", - "update": null, - "delete": null + "update": "CASCADE", + "delete": "CASCADE" }, { "id": "t_auto_id", @@ -4995,8 +4995,8 @@ "schema": "sagacity", "table": "task_status", "field": "id", - "update": null, - "delete": null + "update": "CASCADE", + "delete": "CASCADE" }, { "id": "t_man_id", @@ -5004,8 +5004,8 @@ "schema": "sagacity", "table": "task_status", "field": "id", - "update": null, - "delete": null + "update": "CASCADE", + "delete": "CASCADE" }, { "id": "t_data_id", @@ -5013,8 +5013,8 @@ "schema": "sagacity", "table": "task_status", "field": "id", - "update": null, - "delete": null + "update": "CASCADE", + "delete": "CASCADE" }, { "id": "t_fp_cat1_id", @@ -5022,8 +5022,8 @@ "schema": "sagacity", "table": "task_status", "field": "id", - "update": null, - "delete": null + "update": "CASCADE", + "delete": "CASCADE" } ], "index": [ @@ -5148,8 +5148,8 @@ "schema": "sagacity", "table": "target", "field": "id", - "update": null, - "delete": null + "update": "CASCADE", + "delete": "CASCADE" } ] }, @@ -5248,8 +5248,8 @@ "schema": "sagacity", "table": "target", "field": "id", - "update": null, - "delete": null + "update": "CASCADE", + "delete": "CASCADE" } ] }, @@ -5388,8 +5388,8 @@ "schema": "sagacity", "table": "target", "field": "id", - "update": null, - "delete": null + "update": "CASCADE", + "delete": "CASCADE" } ] }, @@ -5508,8 +5508,8 @@ "schema": "sagacity", "table": "target", "field": "id", - "update": null, - "delete": null + "update": "CASCADE", + "delete": "CASCADE" } ] }, @@ -5565,8 +5565,8 @@ "schema": "sagacity", "table": "checklist", "field": "id", - "update": null, - "delete": null + "update": "CASCADE", + "delete": "CASCADE" }, { "id": "tgt_tgt_chk_id", @@ -5574,8 +5574,8 @@ "schema": "sagacity", "table": "target", "field": "id", - "update": null, - "delete": null + "update": "CASCADE", + "delete": "CASCADE" } ] }, @@ -5625,8 +5625,8 @@ "schema": "sagacity", "table": "software", "field": "id", - "update": null, - "delete": null + "update": "CASCADE", + "delete": "CASCADE" }, { "id": "tgt_tgt_sft_id", @@ -5634,8 +5634,8 @@ "schema": "sagacity", "table": "target", "field": "id", - "update": null, - "delete": null + "update": "CASCADE", + "delete": "CASCADE" } ] }, @@ -5705,8 +5705,8 @@ "schema": "sagacity", "table": "scans", "field": "id", - "update": null, - "delete": null + "update": "CASCADE", + "delete": "CASCADE" }, { "id": "host_tgt_id", @@ -5714,8 +5714,8 @@ "schema": "sagacity", "table": "target", "field": "id", - "update": null, - "delete": null + "update": "CASCADE", + "delete": "CASCADE" } ] }, @@ -5795,8 +5795,8 @@ "schema": "sagacity", "table": "interfaces", "field": "id", - "update": null, - "delete": null + "update": "CASCADE", + "delete": "CASCADE" }, { "id": "pps_pps_id", @@ -5804,8 +5804,8 @@ "schema": "sagacity", "table": "ports_proto_services", "field": "id", - "update": null, - "delete": null + "update": "CASCADE", + "delete": "CASCADE" } ] }, @@ -5914,8 +5914,8 @@ "schema": "sagacity", "table": "pdi_catalog", "field": "id", - "update": null, - "delete": null + "update": "CASCADE", + "delete": "CASCADE" }, { "id": "find_tgt_id", @@ -5923,8 +5923,8 @@ "schema": "sagacity", "table": "target", "field": "id", - "update": null, - "delete": null + "update": "CASCADE", + "delete": "CASCADE" }, { "id": "find_scan_id", @@ -5932,8 +5932,8 @@ "schema": "sagacity", "table": "scans", "field": "id", - "update": null, - "delete": null + "update": "CASCADE", + "delete": "CASCADE" }, { "id": "find_status_id", @@ -5941,8 +5941,8 @@ "schema": "sagacity", "table": "findings_status", "field": "id", - "update": null, - "delete": null + "update": "CASCADE", + "delete": "CASCADE" } ] }, @@ -5993,8 +5993,8 @@ "schema": "sagacity", "table": "findings", "field": "tgt_id", - "update": null, - "delete": null + "update": "CASCADE", + "delete": "CASCADE" }, { "id": "find_pdi_ctrl_id", @@ -6002,8 +6002,8 @@ "schema": "sagacity", "table": "findings", "field": "pdi_id", - "update": null, - "delete": null + "update": "CASCADE", + "delete": "CASCADE" } ] }, @@ -6063,8 +6063,8 @@ "schema": "sagacity", "table": "findings", "field": "tgt_id", - "update": null, - "delete": null + "update": "CASCADE", + "delete": "CASCADE" }, { "id": "scan_find_pdi_notes_id", @@ -6072,8 +6072,8 @@ "schema": "sagacity", "table": "findings", "field": "pdi_id", - "update": null, - "delete": null + "update": "CASCADE", + "delete": "CASCADE" }, { "id": "scan_find_scan_notes_id", @@ -6081,8 +6081,8 @@ "schema": "sagacity", "table": "scans", "field": "id", - "update": null, - "delete": null + "update": "CASCADE", + "delete": "CASCADE" } ] }, @@ -6132,8 +6132,8 @@ "schema": "sagacity", "table": "findings", "field": "tgt_id", - "update": null, - "delete": null + "update": "CASCADE", + "delete": "CASCADE" }, { "id": "analyst_find_pdi_notes_id", @@ -6141,8 +6141,8 @@ "schema": "sagacity", "table": "findings", "field": "pdi_id", - "update": null, - "delete": null + "update": "CASCADE", + "delete": "CASCADE" } ] }, diff --git a/exec/export-ckl.php b/exec/export-ckl.php index 19a47f0..04828ea 100644 --- a/exec/export-ckl.php +++ b/exec/export-ckl.php @@ -358,7 +358,8 @@ Total STIGs: $total_stigs EOO; /** - * + * Function to retrieve all the PDIs for a specified target and checklist + * * @global db $db * * @param target $tgt diff --git a/exec/parse_scc_xccdf.php b/exec/parse_scc_xccdf.php index ec8e0ff..09b44c5 100644 --- a/exec/parse_scc_xccdf.php +++ b/exec/parse_scc_xccdf.php @@ -118,10 +118,16 @@ class scc_parser extends scan_xml_parser $this->groups = []; $this->tag = []; parent::__construct($this, $ste_id_in, $fname_in); - $this->db->update_Running_Scan($this->scan->get_File_Name(), [ - 'name' => 'pid', - 'value' => getmypid() - ]); + } + + /** + * Function to parse \cdf:Benchmark + * + * @param array $attrs + */ + public function cdf_Benchmark($attrs) + { + $this->scan->set_Start_Time(new DateTime("now", new DateTimeZone("UTC"))); } /** diff --git a/inc/database.inc b/inc/database.inc index 9259423..c9ae4c7 100644 --- a/inc/database.inc +++ b/inc/database.inc @@ -967,7 +967,11 @@ class db_helper if (isset($json->constraints) && is_array($json->constraints) && count($json->constraints)) { foreach ($json->constraints as $con) { - $this->sql .= ", CONSTRAINT `{$con->id}` " . "FOREIGN KEY (`{$con->local}`) " . "REFERENCES `{$con->schema}`.`{$con->table}` (`{$con->field}`) " . "ON DELETE " . (is_null($con->delete) ? "NO ACTION" : strtoupper($con->delete)) . " " . "ON UPDATE " . (is_null($con->update) ? "NO ACTION" : strtoupper($con->update)); + $this->sql .= ", CONSTRAINT `{$con->id}` " . + "FOREIGN KEY (`{$con->local}`) " . + "REFERENCES `{$con->schema}`.`{$con->table}` (`{$con->field}`) " . + "ON DELETE " . (!isset($con->delete) || is_null($con->delete) ? "NO ACTION" : strtoupper($con->delete)) . " " . + "ON UPDATE " . (!isset($con->update) || is_null($con->update) ? "NO ACTION" : strtoupper($con->update)); } } @@ -8721,8 +8725,11 @@ EOQ; foreach ($src_arr as $row) { $src = new source($row['id'], $row['name']); $icon = null; - if ($row['icon']) { - $icon = str_replace(" ", "-", substr($row['icon'], 0, - 4)) . "-missing.png"; + $missing_fname = str_replace(" ", "-", substr($row['icon'], 0, - 4)) . "-missing.png"; + if ($row['icon'] && file_exists(DOC_ROOT . "/img/scan_types/{$missing_fname}")) { + $icon = $missing_fname; + } else { + $icon = $row['icon']; } $src->set_Icon($icon); $ret[$src->get_ID()]['src'] = $src; @@ -8742,7 +8749,7 @@ EOQ; */ public function get_Target_Scan_Sources($tgt, &$exp_scan_srcs = null) { - $ret = []; + $ret = (!is_null($exp_scan_srcs) ? $exp_scan_srcs : []); $this->help->select("sources src", [ "src.id", "src.name", @@ -8762,9 +8769,8 @@ EOQ; "LEFT JOIN host_list hl ON hl.scan_id=s.id" ] ]); - $rows = $this->help->execute(); - + if (is_array($rows) && count($rows) && isset($rows['id'])) { $rows = [ 0 => $rows @@ -8772,39 +8778,15 @@ EOQ; } if (is_array($rows) && count($rows) && isset($rows[0])) { - if (is_null($exp_scan_srcs)) { - foreach ($rows as $row) { - $src = new source($row['id'], $row['name']); - $src->set_Icon($row['icon']); - $ret[$row['id']] = [ - 'src' => $src, - 'scan_error' => (boolean) $row['scanner_error'], - 'notes' => $row['notes'], - 'file_name' => (!isset($ret[$row['id']]['file_name']) ? "{$row['file_name']} ({$row['finding_count']})" : "{$ret[$row['id']]['file_name']}\n{$row['file_name']} ({$row['finding_count']})") - ]; - } - } else { - foreach ($rows as $row) { - if (isset($exp_scan_srcs[$row['id']]) && isset($exp_scan_srcs[$row['id']]['src']) && is_a($exp_scan_srcs[$row['id']]['src'], 'source')) { - $exp_scan_srcs[$row['id']]['src']->set_Icon($row['icon']); - $exp_scan_srcs[$row['id']] = [ - 'scan_error' => (boolean) $row['scanner_error'], - 'notes' => $row['notes'], - 'file_name' => (!isset($exp_scan_srcs[$row['id']]['file_name']) ? "{$row['file_name']} ({$row['finding_count']})" : "{$exp_scan_srcs[$row['id']]['file_name']}\n{$row['file_name']} ({$row['finding_count']})") - ]; - } else { - $src = new source($row['id'], $row['name']); - $src->set_Icon($row['icon']); - $exp_scan_srcs[$row['id']] = [ - 'src' => $src, - 'scan_error' => (boolean) $row['scanner_error'], - 'notes' => $row['notes'], - 'file_name' => "{$row['file_name']} ({$row['finding_count']})" - ]; - } - } - - return $exp_scan_srcs; + foreach($rows as $row) { + $src = new source($row['id'], $row['name']); + $src->set_Icon($row['icon']); + + $ret[$src->get_ID()]['src'] = $src; + $ret[$src->get_ID()]['count'] = $row['finding_count']; + $ret[$src->get_ID()]['notes'] = $row['notes']; + $ret[$src->get_ID()]['scan_error'] = $row['scanner_error']; + $ret[$src->get_ID()]['file_name'] = $row['file_name']; } } @@ -11145,7 +11127,7 @@ EOQ; 'value' => $intCat ] ], [ - 'order' => 'name' + 'order' => 'LENGTH(name),name' ]); $rows = $this->help->execute(); @@ -11188,7 +11170,7 @@ EOQ; 'sql_op' => 'AND' ] ], [ - 'order' => 'name' + 'order' => 'LENGTH(name),name' ]); $ret = []; @@ -12624,6 +12606,18 @@ EOQ; return false; } + $this->help->delete("analyst_notes", null, [ + [ + 'field' => 'tgt_id', + 'op' => '=', + 'value' => $tgt_id + ] + ]); + if (! $this->help->execute()) { + $this->help->debug(E_ERROR); + + return false; + } $this->help->delete("target", null, [ [ 'field' => 'id', diff --git a/inc/footer.inc b/inc/footer.inc index eec61e1..0198625 100644 --- a/inc/footer.inc +++ b/inc/footer.inc @@ -26,7 +26,7 @@ ?> diff --git a/ste/ste_script.js b/ste/ste_script.js index 5241bd9..aed460a 100644 --- a/ste/ste_script.js +++ b/ste/ste_script.js @@ -384,7 +384,7 @@ function display_ops_hosts(hosts) { var odd = true; for (var x in hosts.targets) { - $(cat).after( + $(cat).append( "
" + "" + "" + diff --git a/ste/ste_script.min.js b/ste/ste_script.min.js index ea18f57..07d93a8 100644 --- a/ste/ste_script.min.js +++ b/ste/ste_script.min.js @@ -1,17 +1 @@ -var opts={lines:15,length:18,width:9,radius:61,scale:2,corners:1,color:"#000",opacity:0.2,rotate:13,direction:1,speed:0.5,trail:50,fps:20,zIndex:2000000000,className:"spinner",top:"50%",left:"50%",shadow:false,hwaccel:false,position:"absolute"};var sel_tgts=[];$(function(){var target=document.getElementById("loading");var spinner=new Spinner(opts).spin(target);$(".close, .backdrop").click(function(){close_box();});$(".notes").click(function(){$(this).siblings("span").show();});$(".toggler").click(collapse_expand); -$(".target-notes").click(get_target_notes);$("#save-tgt-notes").click(save_target_notes);});function update_tgt_chk(chk){if($(chk).is(":checked")){sel_tgts.push($(chk).val());}else{sel_tgts.splice($.inArray($(chk).val(),sel_tgts),1);}}function open_move_to(){if($("#ste").val()<1){alert("Please select an ST&E");return;}if($(":checkbox:checked").length<1){alert("Please select a device to move");return;}$("#move_to").animate({"opacity":"1.00"},300,"linear");$("#move_to").css("display","block");view_box();}function edit_cat(cat_id){if($("#ste").val()<1){alert("Please select an ST&E"); -return;}for(var x in $("#scan_sources option")){$("#scan_sources option").eq(x).attr("selected",false);}var cat_name=$("#cat_name_"+cat_id).text();var matches=cat_name.match(/\s+\(([\d]+)\)\s+\(([^\d][ \w]+)\)|\s+\(([\d]+)\)/i);cat_name=cat_name.replace(/\s+\(([\d]+)\)\s+\(([^\d][ \w]+)\)|\s+\(([\d]+)\)/i,"");cat_name=cat_name.replace(/\s{2,}/g,"");$("#new_cat_name").val(cat_name);$("#selected_cat").val(cat_id);if(matches&&typeof matches[2]!=="undefined"){$("#analyst").val(matches[2]);}else{$("#analyst").val(""); -}var srcs=JSON.parse($("#cat_sources_"+cat_id).val());for(var x in srcs){$("#src_"+srcs[x]).attr("selected",true);}$("#edit_cat").animate({"opacity":"1.00"},300,"linear");$("#edit_cat").css("display","block");view_box();}function merge_target(){$("#merge_target").animate({"opacity":"1.00"},300,"linear");$("#merge_target").css("display","block");view_box();}function delete_cat(id){if($("#ste").val()<1){alert("Please select an ST&E");return;}if(!confirm("Are you sure you want to delete this category? Currently assigned targets will be set to the 'Unassigned' category.")){return; -}$.ajax("/ajax.php",{data:{action:"delete-cat",ste_id:$("#ste").val(),cat_id:id},success:function(data){if(data.error){alert(data.error);}else{location.reload();}},error:function(xhr,status,error){console.error(error);},dataType:"json",method:"post",timeout:3000});}function del_target(){if(!confirm("Are you sure you want to delete the target? This will also delete all findings and interfaces for the selected targets and is irreversible")){return;}}function add_cat(){if($("#ste").val()<1){alert("Please select an ST&E"); -return;}$("#add_ste").val($("#ste").val());$("#add_cat").animate({"opacity":"1.00"},300,"linear");$("#add_cat").css("display","block");view_box();}function get_category(cat_id){$.ajax("/ajax.php",{data:{action:"get_category_details","cat_id":cat_id},success:function(data){$("#new_cat_name").val(data.name);for(var x in data.sources){$("#src_"+data.sources[x].id).attr("selected",true);}},datatype:"json",method:"post"});}function close_box(){$(".backdrop, .box").animate({"opacity":"0"},300,"linear",function(){$(".backdrop, .box").css("display","none"); -});}function view_box(){$(".backdrop").animate({"opacity":".5"},300,"linear");$(".backdrop").css("display","block");}function update_Status(chk){if($(chk).val()<1){return false;}if($(":checkbox:checked").length<1){alert("Please select a device to update");return false;}return true;}function collapse_expand(){var id=$(this).data("id");if(!$(".cat_"+id).length){get_hosts(id);}$(this).toggleClass("fa-minus-square fa-plus-square");$(".cat_"+id).toggle(300);}function select(id){$(".cat_"+id+" input[type=checkbox]").each(function(){this.checked=!this.checked; -update_tgt_chk(this);});}function assign(id){var analyst=prompt('Who do you want to assign this category to?\n\nEnter "none" to clear out assignment');if(analyst){$("#analyst_"+id).val(analyst);$("#assign_"+id).submit();}}function upload_host_list(){if($("#ste").val()<1){alert("Please select an ST&E");return;}$("#import_host_list").animate({"opacity":"1.00"},300,"linear");$("#import_host_list").css("display","block");view_box();}function get_hosts(cat_id){$.ajax("/ajax.php",{data:{action:"get_hosts","cat_id":cat_id},beforeSend:function(){$("#loading,#waiting").show(); -$("#waiting").animate({"opacity":"0.5"},300,"linear");},success:function(data){if($("#ops-page").val()=="main"){display_ops_hosts(data);}else{if($("#ops-page").val()=="stats"){display_stats_hosts(data);}else{if($("#ops-page").val()=="task"){display_task_hosts(data);}}}},error:function(xhr,status,error){console.error(error);},complete:function(){$("#loading,#waiting").hide();$("#waiting").animate({"opacity":"0"},300,"linear");},dataType:"json",method:"post"});}function display_ops_hosts(hosts){if(hosts.error){console.error(hosts.error); -}else{var cat_id=hosts.cat_id;var cat=$("#cat_"+cat_id);var odd=true;for(var x in hosts.targets){$(cat).after("
"+""+""+""+hosts.targets[x].name+""+""+hosts.targets[x].ip+""+""+""+hosts.targets[x].os+""+""+(hosts.targets[x].location?hosts.targets[x].location:" ")+""+""+hosts.targets[x].auto+""+""+hosts.targets[x].man+""+""+hosts.targets[x].data+""+""+hosts.targets[x].fp+""+""+(hosts.targets[x].scans?hosts.targets[x].scans:" ")+""+""+(hosts.targets[x].chk?hosts.targets[x].chk:" ")+""+""+(hosts.targets[x].notes?hosts.targets[x].notes:" ")+" "+""+"
"); -odd=!odd;}$("#cat_"+cat_id+"_dl").val(1);$(".target-notes").click(get_target_notes);$(".fa-ellipsis-h").tooltip({classes:{"ui-tooltip":"highlight"}});}}function display_stats_hosts(hosts){if(hosts.error){console.error(hosts.error);}else{var cat_id=hosts.cat_id;var cat=$("#cat_"+cat_id);var odd=true;for(var x in hosts.targets){$(cat).after("
"+""+""+""+hosts.targets[x].name+""+""+hosts.targets[x].ip+""+""+""+hosts.targets[x].os+""+""+hosts.targets[x].cat_1+""+""+hosts.targets[x].cat_2+""+""+hosts.targets[x].cat_3+""+""+hosts.targets[x].nf+""+""+hosts.targets[x].na+""+""+hosts.targets[x].nr+""+""+(hosts.targets[x].comp.toFixed(2)*100)+"%"+""+(hosts.targets[x].assessed.toFixed(2)*100)+"%"+""+(hosts.targets[x].scans?hosts.targets[x].scans:" ")+""+""+(hosts.targets[x].chk?hosts.targets[x].chk:" ")+""+""+hosts.targets[x].notes+" "+""+"
"); -odd=!odd;}$("#cat_"+cat_id+"_dl").val(1);$(".target-notes").click(get_target_notes);$(".fa-ellipsis-h").tooltip({classes:{"ui-tooltip":"highlight"}});}}function display_task_hosts(hosts){}function get_target_notes(){var id=$(this).data("id");$("#tgt-id").val(id);$.ajax("/ajax.php",{data:{action:"get-target-notes","tgt-id":id},success:function(data){if(data.error){alert(data.error);}else{$("#notes").val(data.notes);view_box();}$("#tgt-notes").animate({"opacity":"1.00"},300,"linear");$("#tgt-notes").css("display","block"); -},error:function(xhr,status,error){console.error(error);},dataType:"json",method:"post"});}function save_target_notes(){$.ajax("/ajax.php",{data:{action:"save-target-notes","tgt-id":$("#tgt-id").val(),"notes":$("#notes").val()},success:function(data){if(data.error){alert(data.error);}else{$("#note_"+$("#tgt-id").val()).html($("#notes").val()+" ");$(".target-notes").click(get_target_notes);$(".fa-ellipsis-h").tooltip({classes:{"ui-tooltip":"highlight"}}); -close_box();}},error:function(xhr,status,error){console.error(error);},dataType:"json",method:"post"});}function auto_cat(){$.ajax("/ajax.php",{data:{ste:$("#ste").val(),action:"auto-categorize"},beforeSend:function(){$("#loading,#waiting").show();$("#waiting").animate({"opacity":"0.5"},300,"linear");},success:function(data){location.reload();},error:function(xhr,status,error){console.error(error);},complete:function(){$("#loading,#waiting").hide();$("#waiting").animate({"opacity":"0"},300,"linear");},dataType:"json",timeout:5000,method:"post"}); -}function export_ckl(cat_id,tgt_id){if(!cat_id){$.ajax("/ajax.php",{data:{ste:$("#ste").val(),tgt:tgt_id,action:"export-ckl"},complete:function(xhr){alert("Exporting target CKL files to document_root/tmp/ckl");},method:"post"});}else{$.ajax("/ajax.php",{data:{ste:$("#ste").val(),cat:cat_id,action:"export-ckl"},complete:function(xhr){alert("Exporting CKL files to document_root/tmp/ckl");},method:"post"});}}var percentColors=[{pct:0,color:{r:255,g:0,b:0}},{pct:0.5,color:{r:255,g:255,b:0}},{pct:1,color:{r:0,g:255,b:0}}]; -var getColorForPercentage=function(pct){for(var i=1;i"+c.targets[a].name+""+c.targets[a].ip+""+c.targets[a].os+""+(c.targets[a].location?c.targets[a].location:" ")+""+c.targets[a].auto+""+c.targets[a].man+""+c.targets[a].data+""+c.targets[a].fp+""+(c.targets[a].scans?c.targets[a].scans:" ")+""+(c.targets[a].chk?c.targets[a].chk:" ")+""+(c.targets[a].notes?c.targets[a].notes:" ")+"
");d=!d}$("#cat_"+e+"_dl").val(1);$(".target-notes").click(get_target_notes);$(".fa-ellipsis-h").tooltip({classes:{"ui-tooltip":"highlight"}})}}function display_stats_hosts(c){if(c.error){console.error(c.error)}else{var e=c.cat_id;var b=$("#cat_"+e);var d=true;for(var a in c.targets){$(b).after("
"+c.targets[a].name+""+c.targets[a].ip+""+c.targets[a].os+""+c.targets[a].cat_1+""+c.targets[a].cat_2+""+c.targets[a].cat_3+""+c.targets[a].nf+""+c.targets[a].na+""+c.targets[a].nr+""+(c.targets[a].comp.toFixed(2)*100)+"%"+(c.targets[a].assessed.toFixed(2)*100)+"%"+(c.targets[a].scans?c.targets[a].scans:" ")+""+(c.targets[a].chk?c.targets[a].chk:" ")+""+c.targets[a].notes+"
");d=!d}$("#cat_"+e+"_dl").val(1);$(".target-notes").click(get_target_notes);$(".fa-ellipsis-h").tooltip({classes:{"ui-tooltip":"highlight"}})}}function display_task_hosts(a){}function get_target_notes(){var a=$(this).data("id");$("#tgt-id").val(a);$.ajax("/ajax.php",{data:{action:"get-target-notes","tgt-id":a},success:function(b){if(b.error){alert(b.error)}else{$("#notes").val(b.notes);view_box()}$("#tgt-notes").animate({opacity:"1.00"},300,"linear");$("#tgt-notes").css("display","block")},error:function(d,b,c){console.error(c)},dataType:"json",method:"post"})}function save_target_notes(){$.ajax("/ajax.php",{data:{action:"save-target-notes","tgt-id":$("#tgt-id").val(),notes:$("#notes").val()},success:function(a){if(a.error){alert(a.error)}else{$("#note_"+$("#tgt-id").val()).html($("#notes").val()+" ");$(".target-notes").click(get_target_notes);$(".fa-ellipsis-h").tooltip({classes:{"ui-tooltip":"highlight"}});close_box()}},error:function(c,a,b){console.error(b)},dataType:"json",method:"post"})}function auto_cat(){$.ajax("/ajax.php",{data:{ste:$("#ste").val(),action:"auto-categorize"},beforeSend:function(){$("#loading,#waiting").show();$("#waiting").animate({opacity:"0.5"},300,"linear")},success:function(a){location.reload()},error:function(c,a,b){console.error(b)},complete:function(){$("#loading,#waiting").hide();$("#waiting").animate({opacity:"0"},300,"linear")},dataType:"json",timeout:5000,method:"post"})}function export_ckl(b,a){if(!b){$.ajax("/ajax.php",{data:{ste:$("#ste").val(),tgt:a,action:"export-ckl"},complete:function(c){alert("Exporting target CKL files to document_root/tmp/ckl")},method:"post"})}else{$.ajax("/ajax.php",{data:{ste:$("#ste").val(),cat:b,action:"export-ckl"},complete:function(c){alert("Exporting CKL files to document_root/tmp/ckl")},method:"post"})}}var percentColors=[{pct:0,color:{r:255,g:0,b:0}},{pct:0.5,color:{r:255,g:255,b:0}},{pct:1,color:{r:0,g:255,b:0}}];var getColorForPercentage=function(g){for(var b=1;b