From f022791e4454292932bad12665a7066ae3ef5019 Mon Sep 17 00:00:00 2001 From: Ryan Prather Date: Fri, 16 Nov 2018 21:42:57 -0500 Subject: [PATCH] Misc updates --- classes/finding.inc | 1142 ++++++++++++++++++++++------------------- db_schema.json | 19 + ste/bulk_edit.php | 5 +- ste/ste_script.min.js | 18 +- 4 files changed, 648 insertions(+), 536 deletions(-) diff --git a/classes/finding.inc b/classes/finding.inc index b6944a7..a488fd6 100644 --- a/classes/finding.inc +++ b/classes/finding.inc @@ -29,454 +29,532 @@ * Represents a finding * * @author Ryan Prather - * + * */ -class finding { +class finding +{ - /** - * Target ID - * - * @var integer - */ - protected $tgt_id = null; + /** + * Target ID + * + * @var integer + */ + protected $tgt_id = null; - /** - * PDI ID - * - * @var integer - */ - protected $pdi_id = null; + /** + * PDI ID + * + * @var integer + */ + protected $pdi_id = null; - /** - * Scan ID - * - * @var integer - */ - protected $scan_id = null; + /** + * Scan ID + * + * @var integer + */ + protected $scan_id = null; - /** - * Finding Status ID - * - * @var integer - */ - protected $finding_status_id = null; + /** + * Finding Status ID + * + * @var integer + */ + protected $finding_status_id = null; - /** - * Updated category for the finding - * - * @var int - */ - protected $cat = null; + /** + * Updated category for the finding + * + * @var int + */ + protected $cat = null; - /** - * Array of ia controls that apply to this finding - * - * @var array:string - */ - protected $ia_controls = array(); + /** + * Array of ia controls that apply to this finding + * + * @var array:string + */ + protected $ia_controls = array(); - /** - * Notes - * - * @var string - */ - protected $notes = null; + /** + * Notes + * + * @var string + */ + protected $notes = null; - /** - * Change ID - * - * @var integer - */ - protected $change_id = null; + /** + * Analyst Notes + * + * @var string + */ + protected $analyst_notes = null; - /** - * Original source - * - * @var string - */ - protected $orig_src = null; + /** + * Scanner Notes + * + * @var string + */ + protected $scanner_notes = null; - /** - * Finding iteration (incremented if finding is updated - * - * @var integer - */ - protected $finding_itr = null; + /** + * Change ID + * + * @var integer + */ + protected $change_id = null; - /** - * Array of statuses - * - * @var array:string - */ - protected $STATUS = [ - 1 => 'Not Reviewed', - 2 => 'Not a Finding', - 3 => 'Open', - 4 => 'Not Applicable', - 5 => 'No Data', - 6 => 'Exception', - 7 => 'False Positive' - ]; + /** + * Original source + * + * @var string + */ + protected $orig_src = null; - /** - * Constant for no change - * - * @var integer - */ - const NC = 0; + /** + * Finding iteration (incremented if finding is updated + * + * @var integer + */ + protected $finding_itr = null; - /** - * Constant for change ID::TO_OPEN - * - * @var integer - */ - const TO_OPEN = 1; + /** + * Array of statuses + * + * @var array:string + */ + protected $STATUS = [ + 1 => 'Not Reviewed', + 2 => 'Not a Finding', + 3 => 'Open', + 4 => 'Not Applicable', + 5 => 'No Data', + 6 => 'Exception', + 7 => 'False Positive' + ]; - /** - * Constant for change ID::TO_NF - * - * @var integer - */ - const TO_NF = 2; + /** + * Constant for no change + * + * @var integer + */ + const NC = 0; - /** - * Constant for change ID::TO_NA - * - * @var integer - */ - const TO_NA = 3; + /** + * Constant for change ID::TO_OPEN + * + * @var integer + */ + const TO_OPEN = 1; - /** - * Constructor - * - * @param integer $int_Tgt_ID - * @param integer $int_PDI_ID - * @param integer $int_Scan_ID - * @param integer|string $Finding_Status - * @param string $str_Notes - * @param integer $int_Change_ID - * @param string $str_Orig_Src - * @param integer $int_Finding_Itr - */ - public function __construct($int_Tgt_ID, $int_PDI_ID, $int_Scan_ID, $Finding_Status, $str_Notes, $int_Change_ID, $str_Orig_Src, $int_Finding_Itr) { - $this->tgt_id = $int_Tgt_ID; - $this->pdi_id = $int_PDI_ID; - $this->scan_id = $int_Scan_ID; - if (is_numeric($Finding_Status)) { - $this->finding_status_id = $Finding_Status; - } - else { - $this->finding_status_id = $this->get_Finding_Status_ID($Finding_Status); - } - $this->notes = $str_Notes; - $this->change_id = $int_Change_ID; - $this->orig_src = $str_Orig_Src; - $this->finding_itr = $int_Finding_Itr; - } + /** + * Constant for change ID::TO_NF + * + * @var integer + */ + const TO_NF = 2; - /** - * Getter function for target ID - * - * @return integer - */ - public function get_Tgt_ID() { - return $this->tgt_id; - } + /** + * Constant for change ID::TO_NA + * + * @var integer + */ + const TO_NA = 3; - /** - * Setter function for target ID - * - * @param integer $int_Tgt_ID - */ - public function set_Tgt_ID($int_Tgt_ID) { - $this->tgt_id = $int_Tgt_ID; - } - - /** - * Getter function for PDI ID - * - * @return integer - */ - public function get_PDI_ID() { - return $this->pdi_id; - } - - /** - * Setter function for PDI ID - * - * @param integer $int_PDI_ID - */ - public function set_PDI_ID($int_PDI_ID) { - $this->pdi_id = $int_PDI_ID; - } - - /** - * Getter function for Scan ID - * - * @return integer - */ - public function get_Scan_ID() { - return $this->scan_id; - } - - /** - * Setter function for Scan ID - * - * @param integer $int_Scan_ID - */ - public function set_Scan_ID($int_Scan_ID) { - $this->scan_id = $int_Scan_ID; - } - - /** - * Getter function for Finding status ID - * - * @return integer - */ - public function get_Finding_Status() { - return $this->finding_status_id; - } - - /** - * Getter function for Finding status ID based on string - * - * @param string $status - * @return integer - */ - public function get_Finding_Status_ID($status) { - $arr_flip = array_flip($this->STATUS); - if(isset($arr_flip[$status])) { - return $arr_flip[$status]; - } - else { - return $arr_flip['Not Reviewed']; - } - } - - /** - * Getter function for finding status string - * - * @param integer $int_Status_ID - * @return string - */ - public function get_Finding_Status_String($int_Status_ID = null) { - if ($int_Status_ID) { - return $this->STATUS[$int_Status_ID]; - } - else { - return $this->STATUS[$this->finding_status_id]; - } - } - - /** - * Setter function for finding status - * - * @param integer $int_Finding_Status_ID - */ - public function set_Finding_Status($int_Finding_Status_ID) { - $this->finding_status_id = $int_Finding_Status_ID; - } - - /** - * Setter function for finding status - * - * @param string $str_New_Status - */ - public function set_Finding_Status_By_String($str_New_Status) { - $this->finding_status_id = $this->get_Finding_Status_ID($str_New_Status); - } - - /** - * Getter function for notes - * - * @return string - */ - public function get_Notes() { - return $this->notes; - } - - /** - * Setter function for notes - * - * @param string $str_Notes - */ - public function set_Notes($str_Notes) { - $this->notes = $str_Notes; - } - - /** - * Function to prepend notes to the existing list - * - * @param string $str_Notes - */ - public function prepend_Notes($str_Notes) { - $this->notes = $str_Notes . PHP_EOL . $this->notes; - } - - /** - * Function to append notes - * - * @param string $str_Notes - * @param boolean $merge - */ - public function append_Notes($str_Notes, $merge = false) { - $this->notes .= PHP_EOL . ($merge ? "(Merged Target)" . PHP_EOL : "") . $str_Notes; - } - - /** - * Getter function for change ID - * - * @return integer - */ - public function get_Change_ID() { - if ($this->change_id) { - return $this->change_id; - } - else { - return $this::NC; - } - } - - /** - * Setter function for change ID - * - * @param integer $int_Change_ID - */ - public function set_Change_ID($int_Change_ID) { - $this->change_id = $int_Change_ID; - } - - /** - * Getter function for original source - * - * @return string - */ - public function get_Original_Source() { - return $this->orig_src; - } - - /** - * Setter function for original source - * - * @param string $str_Original_Source - */ - public function set_Original_Source($str_Original_Source) { - $this->orig_src = $str_Original_Source; - } - - /** - * Getter function for finding iteration - * - * @return integer - */ - public function get_Finding_Iteration() { - return $this->finding_itr; - } - - /** - * Setter function for finding iteration - * - * @param integer $int_Finding_Iteration - */ - public function set_Finding_Iteration($int_Finding_Iteration) { - $this->finding_itr = $int_Finding_Iteration; - } - - /** - * Increment the finding count by 1 - */ - public function inc_Finding_Count() { - $this->finding_itr++; - } - - /** - * Getter function for deconflicted status - * - * @param string $str_New_Status - * @return string - */ - public function get_Deconflicted_Status($str_New_Status) { - // must get original status first! - return deconflict_status::$DECONFLICTED_STATUS[$this->get_Finding_Status_String()][$str_New_Status]; - } - - /** - * Getter function for category - * - * @return int - */ - public function get_Category() { - if (empty($this->cat)) { - return 2; - } - return $this->cat; - } - - /** - * Setter function for category - * - * @param mixed $cat_in - */ - public function set_Category($cat_in) { - if (is_numeric($cat_in)) { - $this->cat = $cat_in; - } - elseif (is_string($cat_in)) { - $this->cat = substr_count($cat_in, "I"); - } - } - - /** - * Getter function for IA controls - * - * @return array:string - */ - public function get_IA_Controls() { - return $this->ia_controls; - } - - /** - * Getter function for IA Controls - * - * @return string - */ - public function get_IA_Controls_String() { - return implode(" ", $this->ia_controls); - } - - /** - * Setter function for the IA Controls - * - * @param mixed $ia_controls_in - */ - public function set_IA_Controls($ia_controls_in) { - if (is_array($ia_controls_in)) { - $this->ia_controls = $ia_controls_in; - } - elseif (is_string($ia_controls_in)) { - $this->ia_controls = explode(" ", $ia_controls_in); - } - } - - /** - * Function to add an IA control the the array - * - * @param string $ia_control_in - */ - public function add_IA_Control($ia_control_in) { - $add = true; - foreach ($this->ia_controls as $ia) { - if ($ia == $ia_control_in) { - $add = false; - break; - } + /** + * Constructor + * + * @param integer $int_Tgt_ID + * @param integer $int_PDI_ID + * @param integer $int_Scan_ID + * @param integer|string $Finding_Status + * @param string $str_Notes + * @param integer $int_Change_ID + * @param string $str_Orig_Src + * @param integer $int_Finding_Itr + */ + public function __construct($int_Tgt_ID, $int_PDI_ID, $int_Scan_ID, $Finding_Status, $str_Notes, $int_Change_ID, $str_Orig_Src, $int_Finding_Itr) + { + $this->tgt_id = $int_Tgt_ID; + $this->pdi_id = $int_PDI_ID; + $this->scan_id = $int_Scan_ID; + if (is_numeric($Finding_Status)) { + $this->finding_status_id = $Finding_Status; + } else { + $this->finding_status_id = $this->get_Finding_Status_ID($Finding_Status); + } + $this->notes = $str_Notes; + $this->change_id = $int_Change_ID; + $this->orig_src = $str_Orig_Src; + $this->finding_itr = $int_Finding_Itr; } - if ($add) { - $this->ia_controls[] = $ia_control_in; + /** + * Getter function for target ID + * + * @return integer + */ + public function get_Tgt_ID() + { + return $this->tgt_id; } - } + /** + * Setter function for target ID + * + * @param integer $int_Tgt_ID + */ + public function set_Tgt_ID($int_Tgt_ID) + { + $this->tgt_id = $int_Tgt_ID; + } + + /** + * Getter function for PDI ID + * + * @return integer + */ + public function get_PDI_ID() + { + return $this->pdi_id; + } + + /** + * Setter function for PDI ID + * + * @param integer $int_PDI_ID + */ + public function set_PDI_ID($int_PDI_ID) + { + $this->pdi_id = $int_PDI_ID; + } + + /** + * Getter function for Scan ID + * + * @return integer + */ + public function get_Scan_ID() + { + return $this->scan_id; + } + + /** + * Setter function for Scan ID + * + * @param integer $int_Scan_ID + */ + public function set_Scan_ID($int_Scan_ID) + { + $this->scan_id = $int_Scan_ID; + } + + /** + * Getter function for Finding status ID + * + * @return integer + */ + public function get_Finding_Status() + { + return $this->finding_status_id; + } + + /** + * Getter function for Finding status ID based on string + * + * @param string $status + * @return integer + */ + public function get_Finding_Status_ID($status) + { + $arr_flip = array_flip($this->STATUS); + if (isset($arr_flip[$status])) { + return $arr_flip[$status]; + } else { + return $arr_flip['Not Reviewed']; + } + } + + /** + * Getter function for finding status string + * + * @param integer $int_Status_ID + * @return string + */ + public function get_Finding_Status_String($int_Status_ID = null) + { + if ($int_Status_ID) { + return $this->STATUS[$int_Status_ID]; + } else { + return $this->STATUS[$this->finding_status_id]; + } + } + + /** + * Setter function for finding status + * + * @param integer $int_Finding_Status_ID + */ + public function set_Finding_Status($int_Finding_Status_ID) + { + $this->finding_status_id = $int_Finding_Status_ID; + } + + /** + * Setter function for finding status + * + * @param string $str_New_Status + */ + public function set_Finding_Status_By_String($str_New_Status) + { + $this->finding_status_id = $this->get_Finding_Status_ID($str_New_Status); + } + + /** + * Getter function for notes + * + * @return string + */ + public function get_Notes() + { + return $this->notes; + } + + /** + * Setter function for notes + * + * @param string $str_Notes + */ + public function set_Notes($str_Notes) + { + $this->notes = $str_Notes; + } + + /** + * Function to prepend notes to the existing list + * + * @param string $str_Notes + */ + public function prepend_Notes($str_Notes) + { + $this->notes = $str_Notes . PHP_EOL . $this->notes; + } + + /** + * Function to append notes + * + * @param string $str_Notes + * @param boolean $merge + */ + public function append_Notes($str_Notes, $merge = false) + { + $this->notes .= PHP_EOL . ($merge ? "(Merged Target)" . PHP_EOL : "") . $str_Notes; + } + + /** + * Getter function for the analyst notes + * + * @return string + */ + public function get_Analyst_Notes() + { + return $this->analyst_notes; + } + + /** + * Setter function for the analyst notes + * + * @param string $str_Notes + */ + public function set_Analyst_Notes($str_Notes) + { + $this->analyst_notes = $str_Notes; + } + + /** + * Getter function for the scanner notes + * + * @return string + */ + public function get_Scanner_Notes() + { + return $this->scanner_notes; + } + + /** + * Setter function for the scanner notes + * + * @param string $str_Notes + */ + public function set_Scanner_Notes($str_Notes) + { + $this->scanner_notes = $str_Notes; + } + + /** + * Getter function for change ID + * + * @return integer + */ + public function get_Change_ID() + { + if ($this->change_id) { + return $this->change_id; + } else { + return $this::NC; + } + } + + /** + * Setter function for change ID + * + * @param integer $int_Change_ID + */ + public function set_Change_ID($int_Change_ID) + { + $this->change_id = $int_Change_ID; + } + + /** + * Getter function for original source + * + * @return string + */ + public function get_Original_Source() + { + return $this->orig_src; + } + + /** + * Setter function for original source + * + * @param string $str_Original_Source + */ + public function set_Original_Source($str_Original_Source) + { + $this->orig_src = $str_Original_Source; + } + + /** + * Getter function for finding iteration + * + * @return integer + */ + public function get_Finding_Iteration() + { + return $this->finding_itr; + } + + /** + * Setter function for finding iteration + * + * @param integer $int_Finding_Iteration + */ + public function set_Finding_Iteration($int_Finding_Iteration) + { + $this->finding_itr = $int_Finding_Iteration; + } + + /** + * Increment the finding count by 1 + */ + public function inc_Finding_Count() + { + $this->finding_itr ++; + } + + /** + * Getter function for deconflicted status + * + * @param string $str_New_Status + * @return string + */ + public function get_Deconflicted_Status($str_New_Status) + { + // must get original status first! + return deconflict_status::$DECONFLICTED_STATUS[$this->get_Finding_Status_String()][$str_New_Status]; + } + + /** + * Getter function for category + * + * @return int + */ + public function get_Category() + { + if (empty($this->cat)) { + return 2; + } + return $this->cat; + } + + /** + * Setter function for category + * + * @param mixed $cat_in + */ + public function set_Category($cat_in) + { + if (is_numeric($cat_in)) { + $this->cat = $cat_in; + } elseif (is_string($cat_in)) { + $this->cat = substr_count($cat_in, "I"); + } + } + + /** + * Getter function for IA controls + * + * @return array:string + */ + public function get_IA_Controls() + { + return $this->ia_controls; + } + + /** + * Getter function for IA Controls + * + * @return string + */ + public function get_IA_Controls_String() + { + return implode(" ", $this->ia_controls); + } + + /** + * Setter function for the IA Controls + * + * @param mixed $ia_controls_in + */ + public function set_IA_Controls($ia_controls_in) + { + if (is_array($ia_controls_in)) { + $this->ia_controls = $ia_controls_in; + } elseif (is_string($ia_controls_in)) { + $this->ia_controls = explode(" ", $ia_controls_in); + } + } + + /** + * Function to add an IA control the the array + * + * @param string $ia_control_in + */ + public function add_IA_Control($ia_control_in) + { + $add = true; + foreach ($this->ia_controls as $ia) { + if ($ia == $ia_control_in) { + $add = false; + break; + } + } + + if ($add) { + $this->ia_controls[] = $ia_control_in; + } + } } /** @@ -484,22 +562,22 @@ class finding { * * @author Ryan Prather */ -class finding_status { +class finding_status +{ - /** - * The database ID of the finding status - * - * @var int - */ - public $id = 0; - - /** - * The status of the finding - * - * @var string - */ - public $status = ''; + /** + * The database ID of the finding status + * + * @var int + */ + public $id = 0; + /** + * The status of the finding + * + * @var string + */ + public $status = ''; } /** @@ -507,99 +585,97 @@ class finding_status { * * @author Ryan Prather */ -class deconflict_status { - - /** - * Stores the matrix of current -> new statuses - * - * @var array:string - * - * / Finding Definitions - * Open: The finding is valid for this host - the host does not meet the requirements - * Not a Finding: The finding is not valid for this host - the host meets the requirements - * Not Applicable: The requirement does not apply to this host - prerequisites do not exist. - * Not Reviewed: The finding has not yet been reviewed. - * Exception: (A type of Open) - The finding is valid, but the system cannot comply for a valid reason - * False Positive: (A type of Not a Finding) - The scanning tool incorrectly reported Open. - * No Data: Because dissimilar checklists were merged, there is no data available for this item (Uncommon) - * - * General Precedence Order: E, FP, O, NF, NA, NR, ND - * Exception - the newest E or FP always take precedence (security engineer input) - * - * Decision Table: - * orig\new | E | FP | O | NF | NA | NR | ND - * E | E | FP | E | E | E | E | E - * FP | E | FP | FP | FP | FP | FP | FP - * O | E | FP | O | O | O | O | O - * NF | E | FP | O | NF | NF | NF | NF - * NA | E | FP | O | NF | NA | NA | NA - * NR | E | FP | O | NF | NA | NR | NR - * ND | E | FP | O | NF | NA | NR | ND - */ - static $DECONFLICTED_STATUS = [ - 'Exception' => [ - 'Exception' => 'Exception', - 'False Positive' => 'False Positive', - 'Open' => 'Exception', - 'Not a Finding' => 'Exception', - 'Not Applicable' => 'Exception', - 'Not Reviewed' => 'Exception', - 'No Data' => 'Exception' - ], - 'False Positive' => [ - 'Exception' => 'Exception', - 'False Positive' => 'False Positive', - 'Open' => 'False Positive', - 'Not a Finding' => 'False Positive', - 'Not Applicable' => 'False Positive', - 'Not Reviewed' => 'False Positive', - 'No Data' => 'False Positive' - ], - 'Open' => [ - 'Exception' => 'Exception', - 'False Positive' => 'False Positive', - 'Open' => 'Open', - 'Not a Finding' => 'Open', - 'Not Applicable' => 'Open', - 'Not Reviewed' => 'Open', - 'No Data' => 'Open' - ], - 'Not a Finding' => [ - 'Exception' => 'Exception', - 'False Positive' => 'False Positive', - 'Open' => 'Open', - 'Not a Finding' => 'Not a Finding', - 'Not Applicable' => 'Not a Finding', - 'Not Reviewed' => 'Not a Finding', - 'No Data' => 'Not a Finding' - ], - 'Not Applicable' => [ - 'Exception' => 'Exception', - 'False Positive' => 'False Positive', - 'Open' => 'Open', - 'Not a Finding' => 'Not a Finding', - 'Not Applicable' => 'Not Applicable', - 'Not Reviewed' => 'Not Applicable', - 'No Data' => 'Not Applicable' - ], - 'Not Reviewed' => [ - 'Exception' => 'Exception', - 'False Positive' => 'False Positive', - 'Open' => 'Open', - 'Not a Finding' => 'Not a Finding', - 'Not Applicable' => 'Not Applicable', - 'Not Reviewed' => 'Not Reviewed', - 'No Data' => 'Not Reviewed' - ], - 'No Data' => [ - 'Exception' => 'Exception', - 'False Positive' => 'False Positive', - 'Open' => 'Open', - 'Not a Finding' => 'Not a Finding', - 'Not Applicable' => 'Not Applicable', - 'Not Reviewed' => 'Not Reviewed', - 'No Data' => 'No Data' - ] - ]; +class deconflict_status +{ + /** + * Stores the matrix of current -> new statuses + * + * @var array:string / Finding Definitions + * Open: The finding is valid for this host - the host does not meet the requirements + * Not a Finding: The finding is not valid for this host - the host meets the requirements + * Not Applicable: The requirement does not apply to this host - prerequisites do not exist. + * Not Reviewed: The finding has not yet been reviewed. + * Exception: (A type of Open) - The finding is valid, but the system cannot comply for a valid reason + * False Positive: (A type of Not a Finding) - The scanning tool incorrectly reported Open. + * No Data: Because dissimilar checklists were merged, there is no data available for this item (Uncommon) + * + * General Precedence Order: E, FP, O, NF, NA, NR, ND + * Exception - the newest E or FP always take precedence (security engineer input) + * + * Decision Table: + * orig\new | E | FP | O | NF | NA | NR | ND + * E | E | FP | E | E | E | E | E + * FP | E | FP | FP | FP | FP | FP | FP + * O | E | FP | O | O | O | O | O + * NF | E | FP | O | NF | NF | NF | NF + * NA | E | FP | O | NF | NA | NA | NA + * NR | E | FP | O | NF | NA | NR | NR + * ND | E | FP | O | NF | NA | NR | ND + */ + static $DECONFLICTED_STATUS = [ + 'Exception' => [ + 'Exception' => 'Exception', + 'False Positive' => 'False Positive', + 'Open' => 'Exception', + 'Not a Finding' => 'Exception', + 'Not Applicable' => 'Exception', + 'Not Reviewed' => 'Exception', + 'No Data' => 'Exception' + ], + 'False Positive' => [ + 'Exception' => 'Exception', + 'False Positive' => 'False Positive', + 'Open' => 'False Positive', + 'Not a Finding' => 'False Positive', + 'Not Applicable' => 'False Positive', + 'Not Reviewed' => 'False Positive', + 'No Data' => 'False Positive' + ], + 'Open' => [ + 'Exception' => 'Exception', + 'False Positive' => 'False Positive', + 'Open' => 'Open', + 'Not a Finding' => 'Open', + 'Not Applicable' => 'Open', + 'Not Reviewed' => 'Open', + 'No Data' => 'Open' + ], + 'Not a Finding' => [ + 'Exception' => 'Exception', + 'False Positive' => 'False Positive', + 'Open' => 'Open', + 'Not a Finding' => 'Not a Finding', + 'Not Applicable' => 'Not a Finding', + 'Not Reviewed' => 'Not a Finding', + 'No Data' => 'Not a Finding' + ], + 'Not Applicable' => [ + 'Exception' => 'Exception', + 'False Positive' => 'False Positive', + 'Open' => 'Open', + 'Not a Finding' => 'Not a Finding', + 'Not Applicable' => 'Not Applicable', + 'Not Reviewed' => 'Not Applicable', + 'No Data' => 'Not Applicable' + ], + 'Not Reviewed' => [ + 'Exception' => 'Exception', + 'False Positive' => 'False Positive', + 'Open' => 'Open', + 'Not a Finding' => 'Not a Finding', + 'Not Applicable' => 'Not Applicable', + 'Not Reviewed' => 'Not Reviewed', + 'No Data' => 'Not Reviewed' + ], + 'No Data' => [ + 'Exception' => 'Exception', + 'False Positive' => 'False Positive', + 'Open' => 'Open', + 'Not a Finding' => 'Not a Finding', + 'Not Applicable' => 'Not Applicable', + 'Not Reviewed' => 'Not Reviewed', + 'No Data' => 'No Data' + ] + ]; } diff --git a/db_schema.json b/db_schema.json index 63119fe..9011ebc 100644 --- a/db_schema.json +++ b/db_schema.json @@ -6035,6 +6035,16 @@ "nn": true, "default": "" }, + { + "name": "scan_id", + "dataType": "int(11)", + "type": 3, + "length": 11, + "values": [], + "ai": false, + "nn": true, + "default": "" + }, { "name": "note", "dataType": "mediumtext", @@ -6064,6 +6074,15 @@ "field": "pdi_id", "update": null, "delete": null + }, + { + "id": "scan_find_scan_notes_id", + "local": "scan_id", + "schema": "sagacity", + "table": "scans", + "field": "id", + "update": null, + "delete": null } ] }, diff --git a/ste/bulk_edit.php b/ste/bulk_edit.php index 331374f..3ca63b5 100644 --- a/ste/bulk_edit.php +++ b/ste/bulk_edit.php @@ -422,8 +422,9 @@ include_once 'header.inc'; diff --git a/ste/ste_script.min.js b/ste/ste_script.min.js index 0f7bb16..ea18f57 100644 --- a/ste/ste_script.min.js +++ b/ste/ste_script.min.js @@ -1 +1,17 @@ -var opts={lines:15,length:18,width:9,radius:61,scale:2,corners:1,color:"#000",opacity:0.2,rotate:13,direction:1,speed:0.5,trail:50,fps:20,zIndex:2000000000,className:"spinner",top:"50%",left:"50%",shadow:false,hwaccel:false,position:"absolute"};var sel_tgts=[];$(function(){var a=document.getElementById("loading");var b=new Spinner(opts).spin(a);$(".close, .backdrop").click(function(){close_box()});$(".notes").click(function(){$(this).siblings("span").show()});$(".toggler").click(collapse_expand);$(".target-notes").click(get_target_notes);$("#save-tgt-notes").click(save_target_notes)});function update_tgt_chk(a){if($(a).is(":checked")){sel_tgts.push($(a).val())}else{sel_tgts.splice($.inArray($(a).val(),sel_tgts),1)}}function open_move_to(){if($("#ste").val()<1){alert("Please select an ST&E");return}if($(":checkbox:checked").length<1){alert("Please select a device to move");return}$("#move_to").animate({opacity:"1.00"},300,"linear");$("#move_to").css("display","block");view_box()}function edit_cat(e){if($("#ste").val()<1){alert("Please select an ST&E");return}for(var a in $("#scan_sources option")){$("#scan_sources option").eq(a).attr("selected",false)}var b=$("#cat_name_"+e).text();var d=b.match(/\s+\(([\d]+)\)\s+\(([^\d][ \w]+)\)|\s+\(([\d]+)\)/i);b=b.replace(/\s+\(([\d]+)\)\s+\(([^\d][ \w]+)\)|\s+\(([\d]+)\)/i,"");b=b.replace(/\s{2,}/g,"");$("#new_cat_name").val(b);$("#selected_cat").val(e);if(d&&typeof d[2]!=="undefined"){$("#analyst").val(d[2])}else{$("#analyst").val("")}var c=JSON.parse($("#cat_sources_"+e).val());for(var a in c){$("#src_"+c[a]).attr("selected",true)}$("#edit_cat").animate({opacity:"1.00"},300,"linear");$("#edit_cat").css("display","block");view_box()}function merge_target(){$("#merge_target").animate({opacity:"1.00"},300,"linear");$("#merge_target").css("display","block");view_box()}function delete_cat(a){if($("#ste").val()<1){alert("Please select an ST&E");return}if(!confirm("Are you sure you want to delete this category? Currently assigned targets will be set to the 'Unassigned' category.")){return}$.ajax("/ajax.php",{data:{action:"delete-cat",ste_id:$("#ste").val(),cat_id:a},success:function(b){if(b.error){alert(b.error)}else{location.reload()}},error:function(d,b,c){console.error(c)},dataType:"json",method:"post",timeout:3000})}function del_target(){if(!confirm("Are you sure you want to delete the target? This will also delete all findings and interfaces for the selected targets and is irreversible")){return}}function add_cat(){if($("#ste").val()<1){alert("Please select an ST&E");return}$("#add_ste").val($("#ste").val());$("#add_cat").animate({opacity:"1.00"},300,"linear");$("#add_cat").css("display","block");view_box()}function get_category(a){$.ajax("/ajax.php",{data:{action:"get_category_details",cat_id:a},success:function(c){$("#new_cat_name").val(c.name);for(var b in c.sources){$("#src_"+c.sources[b].id).attr("selected",true)}},datatype:"json",method:"post"})}function close_box(){$(".backdrop, .box").animate({opacity:"0"},300,"linear",function(){$(".backdrop, .box").css("display","none")})}function view_box(){$(".backdrop").animate({opacity:".5"},300,"linear");$(".backdrop").css("display","block")}function update_Status(a){if($(a).val()<1){return false}if($(":checkbox:checked").length<1){alert("Please select a device to update");return false}return true}function collapse_expand(){var a=$(this).data("id");if(!$(".cat_"+a).length){get_hosts(a)}$(this).toggleClass("fa-minus-square fa-plus-square");$(".cat_"+a).toggle(300)}function select(a){$(".cat_"+a+" input[type=checkbox]").each(function(){this.checked=!this.checked;update_tgt_chk(this)})}function assign(b){var a=prompt('Who do you want to assign this category to?\n\nEnter "none" to clear out assignment');if(a){$("#analyst_"+b).val(a);$("#assign_"+b).submit()}}function upload_host_list(){if($("#ste").val()<1){alert("Please select an ST&E");return}$("#import_host_list").animate({opacity:"1.00"},300,"linear");$("#import_host_list").css("display","block");view_box()}function get_hosts(a){$.ajax("/ajax.php",{data:{action:"get_hosts",cat_id:a},beforeSend:function(){$("#loading,#waiting").show();$("#waiting").animate({opacity:"0.5"},300,"linear")},success:function(b){if($("#ops-page").val()=="main"){display_ops_hosts(b)}else{if($("#ops-page").val()=="stats"){display_stats_hosts(b)}else{if($("#ops-page").val()=="task"){display_task_hosts(b)}}}},error:function(d,b,c){console.error(c)},complete:function(){$("#loading,#waiting").hide();$("#waiting").animate({opacity:"0"},300,"linear")},dataType:"json",method:"post"})}function display_ops_hosts(c){if(c.error){console.error(c.error)}else{var e=c.cat_id;var b=$("#cat_"+e);var d=true;for(var a in c.targets){$(b).after("
"+c.targets[a].name+""+c.targets[a].ip+""+c.targets[a].os+""+(c.targets[a].location?c.targets[a].location:" ")+""+c.targets[a].auto+""+c.targets[a].man+""+c.targets[a].data+""+c.targets[a].fp+""+(c.targets[a].scans?c.targets[a].scans:" ")+""+(c.targets[a].chk?c.targets[a].chk:" ")+""+(c.targets[a].notes?c.targets[a].notes:" ")+"
");d=!d}$("#cat_"+e+"_dl").val(1);$(".target-notes").click(get_target_notes);$(".fa-ellipsis-h").tooltip({classes:{"ui-tooltip":"highlight"}})}}function display_stats_hosts(c){if(c.error){console.error(c.error)}else{var e=c.cat_id;var b=$("#cat_"+e);var d=true;for(var a in c.targets){$(b).after("
"+c.targets[a].name+""+c.targets[a].ip+""+c.targets[a].os+""+c.targets[a].cat_1+""+c.targets[a].cat_2+""+c.targets[a].cat_3+""+c.targets[a].nf+""+c.targets[a].na+""+c.targets[a].nr+""+(c.targets[a].comp.toFixed(2)*100)+"%"+(c.targets[a].assessed.toFixed(2)*100)+"%"+(c.targets[a].scans?c.targets[a].scans:" ")+""+(c.targets[a].chk?c.targets[a].chk:" ")+""+c.targets[a].notes+"
");d=!d}$("#cat_"+e+"_dl").val(1);$(".target-notes").click(get_target_notes);$(".fa-ellipsis-h").tooltip({classes:{"ui-tooltip":"highlight"}})}}function display_task_hosts(a){}function get_target_notes(){var a=$(this).data("id");$("#tgt-id").val(a);$.ajax("/ajax.php",{data:{action:"get-target-notes","tgt-id":a},success:function(b){if(b.error){alert(b.error)}else{$("#notes").val(b.notes);view_box()}$("#tgt-notes").animate({opacity:"1.00"},300,"linear");$("#tgt-notes").css("display","block")},error:function(d,b,c){console.error(c)},dataType:"json",method:"post"})}function save_target_notes(){$.ajax("/ajax.php",{data:{action:"save-target-notes","tgt-id":$("#tgt-id").val(),notes:$("#notes").val()},success:function(a){if(a.error){alert(a.error)}else{$("#note_"+$("#tgt-id").val()).html($("#notes").val()+" ");$(".target-notes").click(get_target_notes);$(".fa-ellipsis-h").tooltip({classes:{"ui-tooltip":"highlight"}});close_box()}},error:function(c,a,b){console.error(b)},dataType:"json",method:"post"})}function auto_cat(){$.ajax("/ajax.php",{data:{ste:$("#ste").val(),action:"auto-categorize"},beforeSend:function(){$("#loading,#waiting").show();$("#waiting").animate({opacity:"0.5"},300,"linear")},success:function(a){location.reload()},error:function(c,a,b){console.error(b)},complete:function(){$("#loading,#waiting").hide();$("#waiting").animate({opacity:"0"},300,"linear")},dataType:"json",timeout:5000,method:"post"})}function export_ckl(b,a){if(!b){$.ajax("/ajax.php",{data:{ste:$("#ste").val(),tgt:a,action:"export-ckl"},complete:function(c){alert("Exporting target CKL files to document_root/tmp/ckl")},method:"post"})}else{$.ajax("/ajax.php",{data:{ste:$("#ste").val(),cat:b,action:"export-ckl"},complete:function(c){alert("Exporting CKL files to document_root/tmp/ckl")},method:"post"})}}var percentColors=[{pct:0,color:{r:255,g:0,b:0}},{pct:0.5,color:{r:255,g:255,b:0}},{pct:1,color:{r:0,g:255,b:0}}];var getColorForPercentage=function(g){for(var b=1;b"+""+""+""+hosts.targets[x].name+""+""+hosts.targets[x].ip+""+""+""+hosts.targets[x].os+""+""+(hosts.targets[x].location?hosts.targets[x].location:" ")+""+""+hosts.targets[x].auto+""+""+hosts.targets[x].man+""+""+hosts.targets[x].data+""+""+hosts.targets[x].fp+""+""+(hosts.targets[x].scans?hosts.targets[x].scans:" ")+""+""+(hosts.targets[x].chk?hosts.targets[x].chk:" ")+""+""+(hosts.targets[x].notes?hosts.targets[x].notes:" ")+" "+""+""); +odd=!odd;}$("#cat_"+cat_id+"_dl").val(1);$(".target-notes").click(get_target_notes);$(".fa-ellipsis-h").tooltip({classes:{"ui-tooltip":"highlight"}});}}function display_stats_hosts(hosts){if(hosts.error){console.error(hosts.error);}else{var cat_id=hosts.cat_id;var cat=$("#cat_"+cat_id);var odd=true;for(var x in hosts.targets){$(cat).after("
"+""+""+""+hosts.targets[x].name+""+""+hosts.targets[x].ip+""+""+""+hosts.targets[x].os+""+""+hosts.targets[x].cat_1+""+""+hosts.targets[x].cat_2+""+""+hosts.targets[x].cat_3+""+""+hosts.targets[x].nf+""+""+hosts.targets[x].na+""+""+hosts.targets[x].nr+""+""+(hosts.targets[x].comp.toFixed(2)*100)+"%"+""+(hosts.targets[x].assessed.toFixed(2)*100)+"%"+""+(hosts.targets[x].scans?hosts.targets[x].scans:" ")+""+""+(hosts.targets[x].chk?hosts.targets[x].chk:" ")+""+""+hosts.targets[x].notes+" "+""+"
"); +odd=!odd;}$("#cat_"+cat_id+"_dl").val(1);$(".target-notes").click(get_target_notes);$(".fa-ellipsis-h").tooltip({classes:{"ui-tooltip":"highlight"}});}}function display_task_hosts(hosts){}function get_target_notes(){var id=$(this).data("id");$("#tgt-id").val(id);$.ajax("/ajax.php",{data:{action:"get-target-notes","tgt-id":id},success:function(data){if(data.error){alert(data.error);}else{$("#notes").val(data.notes);view_box();}$("#tgt-notes").animate({"opacity":"1.00"},300,"linear");$("#tgt-notes").css("display","block"); +},error:function(xhr,status,error){console.error(error);},dataType:"json",method:"post"});}function save_target_notes(){$.ajax("/ajax.php",{data:{action:"save-target-notes","tgt-id":$("#tgt-id").val(),"notes":$("#notes").val()},success:function(data){if(data.error){alert(data.error);}else{$("#note_"+$("#tgt-id").val()).html($("#notes").val()+" ");$(".target-notes").click(get_target_notes);$(".fa-ellipsis-h").tooltip({classes:{"ui-tooltip":"highlight"}}); +close_box();}},error:function(xhr,status,error){console.error(error);},dataType:"json",method:"post"});}function auto_cat(){$.ajax("/ajax.php",{data:{ste:$("#ste").val(),action:"auto-categorize"},beforeSend:function(){$("#loading,#waiting").show();$("#waiting").animate({"opacity":"0.5"},300,"linear");},success:function(data){location.reload();},error:function(xhr,status,error){console.error(error);},complete:function(){$("#loading,#waiting").hide();$("#waiting").animate({"opacity":"0"},300,"linear");},dataType:"json",timeout:5000,method:"post"}); +}function export_ckl(cat_id,tgt_id){if(!cat_id){$.ajax("/ajax.php",{data:{ste:$("#ste").val(),tgt:tgt_id,action:"export-ckl"},complete:function(xhr){alert("Exporting target CKL files to document_root/tmp/ckl");},method:"post"});}else{$.ajax("/ajax.php",{data:{ste:$("#ste").val(),cat:cat_id,action:"export-ckl"},complete:function(xhr){alert("Exporting CKL files to document_root/tmp/ckl");},method:"post"});}}var percentColors=[{pct:0,color:{r:255,g:0,b:0}},{pct:0.5,color:{r:255,g:255,b:0}},{pct:1,color:{r:0,g:255,b:0}}]; +var getColorForPercentage=function(pct){for(var i=1;i