Commit Graph

38 Commits

Author SHA1 Message Date
44669decf4
fix[xml parsing]: Bug fix when XML contains tags / character that is not the closing tag
Nessus 8.2 can accommodate invalid XML tags.  In plugin 86067, it now includes a tag <ssl/chain/sha-1>{data}</ssl/chain/sha-1>.  The forward slashes in the opening tag cause the PHP stream parser to barf.  I added a regex to remove tags with forward slashes in the tag that don't appear as the first character after the less than sign.  As a result, this will also remove <attachment> tag items because the <attachment> tag also includes a "type" attribute that contains the MIME type of the attachment file.  Not a big deal though because we are not using the attachments.  If we decide to grab those as well, we will have to change this regex to make it work.
2019-01-26 11:53:17 -05:00
5d65d6294f
format 2019-01-15 13:12:35 -05:00
bb9e2f4adb
fix(eChecklist): Fix bug with eChecklist note duplication
parse_excel_echecklist.php - change preg_match to a stripos method check for notes string and add update_Scan_Host_List call after importing all worksheets
database.inc - add a check for if appending a duplicate string to the checklist notes. add update_Target_Counts call when updating host list

fix #80, #10
2019-01-15 13:08:49 -05:00
601d417e6b
fix(vertical menu): fix display of vertical menu
Fixed bug with vertical popup menu for categories not displaying properly with large category sets.

Fix #69
2019-01-14 17:41:37 -05:00
a32988ed03
parse_excel_echecklist.php:
Skip parsing orphan worksheet
Issue error if there are more than 100 targets in any worksheet
Save findings when you get above 1000

database.inc:
Comment out block of code to retrieve orphan findings to export to the eChecklist

setup.php:
Convert possible algorithms to lower case. (should fix bug that person on FB was seeing).
2018-12-14 09:32:40 -05:00
dfb81bf388
Updates 2018-12-01 23:21:20 -05:00
16fb5885b2
Fix for #74 2018-11-29 14:31:20 -05:00
437de8548a
Fix for #71 2018-11-23 09:50:42 -05:00
699604534c Draft update for #47 2018-11-16 17:24:02 -05:00
f530c5a2a1 Changes to support bug #33
Remove query limit when retrieving CPEs
2018-11-16 11:54:19 -05:00
ca89e02c4e host_list.inc - Added method to increase finding count
system.inc - fixed typo
parse_excel_echecklist.php - added functionality to assign OS and checklists based on worksheet contents
database.inc - Added a couple methods to support changes for #25
export.php - Minor change to OS listing and added add_cell_comment method to migrate scanner notes to a comment instead of the main note (separating the scanner and anaylst comments)
2018-11-08 17:26:27 -05:00
7e44403d93 Fix for #67 2018-11-08 09:45:12 -05:00
a6808b2add Database_Baseline.zip - updated sagacity_routines.sql to support removing findings.id field
database.inc - uncomment code block in post_Processing
2018-11-06 15:42:59 -05:00
a9fc4f6a86 Merge branch 'v1.3.4' of https://github.com/cyberperspectives/sagacity into v1.3.4 2018-11-06 15:37:55 -05:00
21082c7513 checklist.inc - deleted duplicate BIND 9 checklist icon entry
finding.inc - removed ID property to prevent duplicate findings from being added to the table
host_list.inc - deleted unused constructor
import.inc - formatting
db_schema.json - removed sagacity.findings.id field (making tgt_id and pdi_id new primary keys), and updated references
Database_Baseline.zip - updated routines for above change
background_results.php - fixed bug #19
export-ckl.php - performance adjustments
parse_excel_echecklist.php - performance improvements, ensure duplicate findings are not created, make eChecklist true status, update for removing findings.id field
parse_nvd_json_cve.php - convert reading json to array instead of object for reading CPEs (which were updated to CPE 2.3 instead of 2.2)
parse_* - remove findings.id field
database.inc - formatting, and update for removing findings.id field
index.php - ensure user can't import a host list without uploading a host list file

Fixed:
#65, #51, #28, #27, #10
2018-11-06 15:36:48 -05:00
Jeff Odegard
5b749f6844
Fix for #62
Commented out last INSERT in post_Processing
2018-11-03 16:02:08 -06:00
Jeff Odegard
ebc5cc6a7e
Fix for #63
Line 11926, added isset to check for index 0:   if (is_array($pri_find) && count($pri_find) && isset($pri_find[0])) {
2018-10-29 20:03:24 -06:00
5d8711d494 Fix bug #49
Revert update_db.php to download compilation STIG library instead of individual as links are inconsistent (#60, #64, #61
Add scape_webpage method to helper.inc for future efforts
Fixed typo in uninstall.bat
2018-10-29 13:19:31 -04:00
7f2f6a9046 Fix for #60
Some formatting
Die if installer.php fails to create password file
Update target counts after importing eChecklist and CKL
2018-10-25 17:48:57 -04:00
d43775b26f Fix bug with host list import not working correctly. 2018-10-25 11:32:48 -04:00
c34d4eafd9 Vendor updates 2018-10-17 22:28:29 -04:00
98ea166a22 Fix for #10, #57, & #58 2018-10-17 22:19:41 -04:00
1645914d32 Update to fix some of the improper working of the results page. This does not fix the SCC result parsing...still working on that. 2018-10-17 19:44:37 -04:00
fc22e6875e Fix for #49 2018-10-16 12:24:10 -04:00
479c34ca5d I believe this should fix #51. 2018-10-13 20:15:37 -04:00
13456fed63 Update to fix #52. 2018-10-13 20:07:56 -04:00
dca07e06f5 Bug #18 fix 2018-09-27 14:27:57 -04:00
684d1e4b19 Enhancement to add #11 2018-09-26 10:41:20 -04:00
dde7409f01 Bug fix for #26
Make sure debug log does not output integers, but only mysqli_result object in db_helper
Couple other fixes
2018-09-26 10:39:38 -04:00
7293fd7114 Update 3rd party library 2018-09-18 19:59:25 -04:00
927ae69743 ajax.php - sort checklists
background_stigs.php - change to support adding sunset STIGs to update_db.php
parse_nessus.php/parse_nmap.php - disable post processing until the end of reading the file
update_db.php - Add sunset STIGs downloading and parsing
database.inc - Removed unnecessary variables ($key, etc), fixed typo (proc_ia_control v. proc_ia_controls), fix typo line 11072, added query_type to other queries in post_Processing method, call update_Target_Count method at the end of post_Processing, convert update_Target_Count to use queries instead of get_pdi_count and get_finding_count views (caused a performance hit), removed calling update_Target_Count from save_Target method to support previously mentioned changes
index.php - removed ajax timeout when bulk removing targets
2018-09-18 19:53:19 -04:00
78e584c1b9 Update 3rd party libraries
Forgot these two
2018-09-18 19:32:08 -04:00
87feac65a2 Delete php-db library due to confusion with db_helper class and required rewrite to use it. 2018-09-18 19:28:10 -04:00
d41c1f9e21 Moved NVD CVE parse progress to update_db and changed download progress to update overall instead of each file progress (bug #6)
Added include for autoload in helper.inc (bug #7)
Removed a few unnecessary variables
2018-09-06 13:43:23 -04:00
082ccd5381 Fix for bug #8 2018-09-05 14:36:35 -04:00
d52454d1bb Updates to 3rd party libraries
Add Dockerfile and specific docker-php.ini
2018-08-28 21:27:13 -04:00
CyberPerspectives
750094e3b5 Revision of release v1.3.2 2018-07-26 08:33:50 -04:00
Ryan Prather
8c38a6cdb9 initial commit of SVN release repo 2018-05-07 10:51:08 -04:00