Nessus 8.2 can accommodate invalid XML tags. In plugin 86067, it now includes a tag <ssl/chain/sha-1>{data}</ssl/chain/sha-1>. The forward slashes in the opening tag cause the PHP stream parser to barf. I added a regex to remove tags with forward slashes in the tag that don't appear as the first character after the less than sign. As a result, this will also remove <attachment> tag items because the <attachment> tag also includes a "type" attribute that contains the MIME type of the attachment file. Not a big deal though because we are not using the attachments. If we decide to grab those as well, we will have to change this regex to make it work.
Ubuntu.png - Add new Ubuntu checklist icon
Database_Baseline.zip - Update software detection tables
checklist.inc - Fix software icon detection for IE and SLES, and added detection for Ubuntu
software.inc - Fix bug adding extra spaces to software strings
parse_stig.php - Formatting and add save for when icon is updated
parse_stig_viewer.php - Add scan note when CKL file is missing or has empty <HOST_NAME> tag
Fix#87
In a previous pull config.inc file was overwritten and I missed committing the new HOST_LIST constant which resulted in a warning in the log file
fix#86
parse_excel_echecklist.php - change preg_match to a stripos method check for notes string and add update_Scan_Host_List call after importing all worksheets
database.inc - add a check for if appending a duplicate string to the checklist notes. add update_Target_Counts call when updating host list
fix#80, #10
Fix for Uninstall leaves www/exec #53 and other improvements
- Split regular installation and install-dev into separate scripts
- Streamlined the installation script (only requires <enter> at the end to move to setup)
- Redirected some unnecessary output to nul
- Made formatting changes to prettify the output
This should remedy the reported behavior of statuses quietly being changed to "Not Reviewed".
scan.inc - Added new set_Host_Error method to set the error value for a specific host
parse_excel_echecklist.php - explicitly check for the status to equal 1-of-7 expected values, if not, add note to finding, set scan error message, and default status to "Not Reviewed"
export.php - Added cell lock for A11:E{last row} with the default password of "sagacity" (all lowercase)
Fixes#80
Added a "group by STIG_ID" statement to fix a bug. This is a short-term fix as it will result in random VMS IDs populating where there is a duplicate. A real fix will require capturing the checklist ID and saving it as part of the VMS ID.
#78 fixed
Skip parsing orphan worksheet
Issue error if there are more than 100 targets in any worksheet
Save findings when you get above 1000
database.inc:
Comment out block of code to retrieve orphan findings to export to the eChecklist
setup.php:
Convert possible algorithms to lower case. (should fix bug that person on FB was seeing).
system.inc - fixed typo
parse_excel_echecklist.php - added functionality to assign OS and checklists based on worksheet contents
database.inc - Added a couple methods to support changes for #25
export.php - Minor change to OS listing and added add_cell_comment method to migrate scanner notes to a comment instead of the main note (separating the scanner and anaylst comments)