Ubuntu.png - Add new Ubuntu checklist icon
Database_Baseline.zip - Update software detection tables
checklist.inc - Fix software icon detection for IE and SLES, and added detection for Ubuntu
software.inc - Fix bug adding extra spaces to software strings
parse_stig.php - Formatting and add save for when icon is updated
parse_stig_viewer.php - Add scan note when CKL file is missing or has empty <HOST_NAME> tag
Fix#87
parse_excel_echecklist.php - change preg_match to a stripos method check for notes string and add update_Scan_Host_List call after importing all worksheets
database.inc - add a check for if appending a duplicate string to the checklist notes. add update_Target_Counts call when updating host list
fix#80, #10
This should remedy the reported behavior of statuses quietly being changed to "Not Reviewed".
scan.inc - Added new set_Host_Error method to set the error value for a specific host
parse_excel_echecklist.php - explicitly check for the status to equal 1-of-7 expected values, if not, add note to finding, set scan error message, and default status to "Not Reviewed"
export.php - Added cell lock for A11:E{last row} with the default password of "sagacity" (all lowercase)
Fixes#80
Added a "group by STIG_ID" statement to fix a bug. This is a short-term fix as it will result in random VMS IDs populating where there is a duplicate. A real fix will require capturing the checklist ID and saving it as part of the VMS ID.
#78 fixed
Skip parsing orphan worksheet
Issue error if there are more than 100 targets in any worksheet
Save findings when you get above 1000
database.inc:
Comment out block of code to retrieve orphan findings to export to the eChecklist
setup.php:
Convert possible algorithms to lower case. (should fix bug that person on FB was seeing).
system.inc - fixed typo
parse_excel_echecklist.php - added functionality to assign OS and checklists based on worksheet contents
database.inc - Added a couple methods to support changes for #25
export.php - Minor change to OS listing and added add_cell_comment method to migrate scanner notes to a comment instead of the main note (separating the scanner and anaylst comments)
finding.inc - removed ID property to prevent duplicate findings from being added to the table
host_list.inc - deleted unused constructor
import.inc - formatting
db_schema.json - removed sagacity.findings.id field (making tgt_id and pdi_id new primary keys), and updated references
Database_Baseline.zip - updated routines for above change
background_results.php - fixed bug #19
export-ckl.php - performance adjustments
parse_excel_echecklist.php - performance improvements, ensure duplicate findings are not created, make eChecklist true status, update for removing findings.id field
parse_nvd_json_cve.php - convert reading json to array instead of object for reading CPEs (which were updated to CPE 2.3 instead of 2.2)
parse_* - remove findings.id field
database.inc - formatting, and update for removing findings.id field
index.php - ensure user can't import a host list without uploading a host list file
Fixed:
#65, #51, #28, #27, #10
Revert update_db.php to download compilation STIG library instead of individual as links are inconsistent (#60, #64, #61
Add scape_webpage method to helper.inc for future efforts
Fixed typo in uninstall.bat
installer.php - Fix bug when
update_db.php - Converted STIG download to identify the zip files from the a-z master list and download them individually instead of downloading the compilation zip file. Also integrated the sunset list into the same process so ALL STIGs are downloaded and imported at the same time
background_stigs.php - change to support adding sunset STIGs to update_db.php
parse_nessus.php/parse_nmap.php - disable post processing until the end of reading the file
update_db.php - Add sunset STIGs downloading and parsing
database.inc - Removed unnecessary variables ($key, etc), fixed typo (proc_ia_control v. proc_ia_controls), fix typo line 11072, added query_type to other queries in post_Processing method, call update_Target_Count method at the end of post_Processing, convert update_Target_Count to use queries instead of get_pdi_count and get_finding_count views (caused a performance hit), removed calling update_Target_Count from save_Target method to support previously mentioned changes
index.php - removed ajax timeout when bulk removing targets
