ryan/sagacity
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: ryan:v1.3.2
Branches Tags
ryan:master
ryan:dependabot/composer/inc/phpoffice/phpspreadsheet-1.16.0
ryan:v1.4.0
ryan:v1.3.4
ryan:1.3.4
ryan:v1.3.2
ryan:0.1
...
compare: ryan:master
Branches Tags
ryan:dependabot/composer/inc/phpoffice/phpspreadsheet-1.16.0
ryan:master
ryan:v1.4.0
ryan:v1.3.4
ryan:1.3.4
ryan:v1.3.2
ryan:0.1

101 Commits
v1.3.2 ... master

Author SHA1 Message Date
Jeff Odegard
dda05116e3
export-ckl Would Not Export SRGs 
Fixed export.ckl.php to export all but Orphan and Benchmark STIGs.  It was not exporting SRGs (policy STIGs).
 2019-08-08 11:47:23 -06:00
Jeff Odegard
bffd6030bd
Add note to Readme regarding PHP 7.3 
Sagacity is not fully compatible with PHP 7.3.  There are deprecation warnings and other possible unknown affects, so please use PHP 7.2 until we can thoroughly test.
 2019-03-26 08:54:14 -06:00
Jeff Odegard
0425adacb6
Bug fixes for Nessus and Nmap parsers 
Nessus was not assigning checklists to Oracle Solaris 11 for Sparc architectures.
Nmap was not correctly identifying normal text output files (.nmap)
 2019-01-23 09:20:02 -07:00
Ryan P
27bbeeca80
Merge pull request #89 from cyberperspectives/v1.3.4 
V1.3.4
 2019-01-17 14:09:32 -05:00
Ryan Prather
cf5e8237c7
typo fix 2019-01-17 13:17:07 -05:00
Ryan Prather
91a00ba892
Merge branch 'v1.3.4' of https://github.com/cyberperspectives/sagacity into v1.3.4 2019-01-17 12:24:16 -05:00
Ryan Prather
55f086e8af
bug(software): Bug fix with software detection 
Ubuntu.png - Add new Ubuntu checklist icon
Database_Baseline.zip - Update software detection tables
checklist.inc - Fix software icon detection for IE and SLES, and added detection for Ubuntu
software.inc - Fix bug adding extra spaces to software strings
parse_stig.php - Formatting and add save for when icon is updated
parse_stig_viewer.php - Add scan note when CKL file is missing or has empty <HOST_NAME> tag

Fix #87
 2019-01-17 12:20:18 -05:00
Ryan Prather
87991666fd
fix(config): Added HOST_LIST constant and updated constants for 1.3.4 release 
In a previous pull config.inc file was overwritten and I missed committing the new HOST_LIST constant which resulted in a warning in the log file

fix #86
 2019-01-16 15:59:21 -05:00
Cyber Perspectives, LLC
d365c9a11a
Merge pull request #85 from cyberperspectives/v1.3.4 
V1.3.4
 2019-01-16 12:34:08 -05:00
Cyber Perspectives, LLC
41a83cd754
Merge branch 'master' into v1.3.4 2019-01-16 12:33:50 -05:00
Ryan Prather
9620adf3b9
fix(parse_nessus): bug fix 
Fix null parameter call
 2019-01-16 10:49:54 -05:00
Jeff Odegard
059d84f953
Parse_nessus.php null parameter bug 
Parse_nessus threw an error when parsing by-name Nessus scans. Fixed using an isset() check.
 2019-01-15 16:55:42 -07:00
Jeff Odegard
6efe94f4dc
parse_nessus.php null parameter fix 
Line 1214 of parse_nessus.php had a bug when parsing by-name Nessus scan data.  Fixed with isset() check.
 2019-01-15 16:53:54 -07:00
Cyber Perspectives, LLC
c07f0a709b
Merge pull request #84 from cyberperspectives/v1.3.4 
V1.3.4
 2019-01-15 16:27:40 -05:00
Ryan Prather
ee3cccd17c
img(echecklist): Add echecklist-failed.png image 2019-01-15 15:21:05 -05:00
Ryan Prather
eec2c371fe
fix: fix host_list overwriting with eChecklist 2019-01-15 14:56:57 -05:00
Ryan Prather
5d65d6294f
format 2019-01-15 13:12:35 -05:00
Ryan Prather
bb9e2f4adb
fix(eChecklist): Fix bug with eChecklist note duplication 
parse_excel_echecklist.php - change preg_match to a stripos method check for notes string and add update_Scan_Host_List call after importing all worksheets
database.inc - add a check for if appending a duplicate string to the checklist notes. add update_Target_Counts call when updating host list

fix #80, #10
 2019-01-15 13:08:49 -05:00
Ryan Prather
e893267c60
enh(scan class): Add return for set_Host_Error method 2019-01-15 12:51:17 -05:00
Ryan Prather
4660bc3b99
Merge branch 'v1.3.4' of https://github.com/cyberperspectives/sagacity into v1.3.4 2019-01-14 17:49:16 -05:00
Ryan Prather
601d417e6b
fix(vertical menu): fix display of vertical menu 
Fixed bug with vertical popup menu for categories not displaying properly with large category sets.

Fix #69
 2019-01-14 17:41:37 -05:00
Jeff Odegard
044ae691b9
Install, Uninstall - with changes commented. 
I forgot to update the comments in the headers to describe what changes were made.  Also updated the copyright statements for the new year.
 2019-01-10 15:38:27 -07:00
Jeff Odegard
5cc1fd2e31
Add files via upload 
Fix for Uninstall leaves www/exec #53 and other improvements
 - Split regular installation and install-dev into separate scripts
 - Streamlined the installation script (only requires <enter> at the end to move to setup)
 - Redirected some unnecessary output to nul
 - Made formatting changes to prettify the output
 2019-01-10 14:08:25 -07:00
Ryan Prather
99eb5342cf
fix(eChecklist-import): Fix error with formulas in status column 
This should remedy the reported behavior of statuses quietly being changed to "Not Reviewed".
scan.inc - Added new set_Host_Error method to set the error value for a specific host
parse_excel_echecklist.php - explicitly check for the status to equal 1-of-7 expected values, if not, add note to finding, set scan error message, and default status to "Not Reviewed"
export.php - Added cell lock for A11:E{last row} with the default password of "sagacity" (all lowercase)

Fixes #80
 2019-01-09 21:49:58 -05:00
Ryan Prather
8973c2e046
fix(ckl-export): Fix bug when exporting CKL 
Added a "group by STIG_ID" statement to fix a bug.  This is a short-term fix as it will result in random VMS IDs populating where there is a duplicate.  A real fix will require capturing the checklist ID and saving it as part of the VMS ID.

#78 fixed
 2019-01-09 20:17:13 -05:00
Ryan Prather
4e0b6c08c6
feat: add git template 
Add a git commit template for better messages.
 2019-01-07 13:09:28 -05:00
Ryan Prather
4d20608767
Fix for bug #82 2019-01-03 17:47:16 -05:00
Ryan Prather
a32988ed03
parse_excel_echecklist.php: 
Skip parsing orphan worksheet
Issue error if there are more than 100 targets in any worksheet
Save findings when you get above 1000

database.inc:
Comment out block of code to retrieve orphan findings to export to the eChecklist

setup.php:
Convert possible algorithms to lower case. (should fix bug that person on FB was seeing).
 2018-12-14 09:32:40 -05:00
Ryan Prather
92cbf58145
Fix error with compliant and assessed percentages format on the stats page (was showing more than 2 decimal places). 2018-12-14 09:22:06 -05:00
Ryan Prather
904f1e4655
Fixed formatting with percentage compliant and percentage assessed (default to only show 2 decimal places) 2018-12-12 11:41:13 -05:00
Ryan Prather
8048fea8d7
Typo fix #77 2018-12-04 23:11:32 -05:00
Ryan Prather
dfb81bf388
Updates 2018-12-01 23:21:20 -05:00
Ryan Prather
5849a2620e
Fix for #75 2018-11-29 14:32:45 -05:00
Ryan Prather
16fb5885b2
Fix for #74 2018-11-29 14:31:20 -05:00
Ryan Prather
3c9a848615
Update README.pdf for next release 2018-11-27 11:10:22 -05:00
Ryan Prather
afd98f79d4
Added files for bug #56 2018-11-27 10:08:37 -05:00
Ryan Prather
3deecb098b
Fix for #73 2018-11-27 09:31:48 -05:00
Ryan Prather
437de8548a
Fix for #71 2018-11-23 09:50:42 -05:00
Ryan Prather
f022791e44
Misc updates 2018-11-16 21:42:57 -05:00
Ryan Prather
699604534c Draft update for #47 2018-11-16 17:24:02 -05:00
Ryan Prather
2f82147240 #20 2018-11-16 16:25:41 -05:00
Ryan Prather
7810e0a3dd #14 2018-11-16 15:56:06 -05:00
Ryan Prather
f46d148654 Fix for #15 (mouse over message to see files) 2018-11-16 15:47:35 -05:00
Ryan Prather
52159a16a6 Fix for bug #34 
Import was deleted because export was changed to JSON format instead of XML, will have to rebuild
 2018-11-16 13:39:23 -05:00
Ryan Prather
f530c5a2a1 Changes to support bug #33 
Remove query limit when retrieving CPEs
 2018-11-16 11:54:19 -05:00
Ryan Prather
ca89e02c4e host_list.inc - Added method to increase finding count 
system.inc - fixed typo
parse_excel_echecklist.php - added functionality to assign OS and checklists based on worksheet contents
database.inc - Added a couple methods to support changes for #25
export.php - Minor change to OS listing and added add_cell_comment method to migrate scanner notes to a comment instead of the main note (separating the scanner and anaylst comments)
 2018-11-08 17:26:27 -05:00
Ryan Prather
7e44403d93 Fix for #67 2018-11-08 09:45:12 -05:00
Ryan Prather
e8fdd4217e Dumb mistake in data validation 2018-11-07 21:52:28 -05:00
Ryan Prather
a6808b2add Database_Baseline.zip - updated sagacity_routines.sql to support removing findings.id field 
database.inc - uncomment code block in post_Processing
 2018-11-06 15:42:59 -05:00
Ryan Prather
a9fc4f6a86 Merge branch 'v1.3.4' of https://github.com/cyberperspectives/sagacity into v1.3.4 2018-11-06 15:37:55 -05:00
Ryan Prather
21082c7513 checklist.inc - deleted duplicate BIND 9 checklist icon entry 
finding.inc - removed ID property to prevent duplicate findings from being added to the table
host_list.inc - deleted unused constructor
import.inc - formatting
db_schema.json - removed sagacity.findings.id field (making tgt_id and pdi_id new primary keys), and updated references
Database_Baseline.zip - updated routines for above change
background_results.php - fixed bug #19
export-ckl.php - performance adjustments
parse_excel_echecklist.php - performance improvements, ensure duplicate findings are not created, make eChecklist true status, update for removing findings.id field
parse_nvd_json_cve.php - convert reading json to array instead of object for reading CPEs (which were updated to CPE 2.3 instead of 2.2)
parse_* - remove findings.id field
database.inc - formatting, and update for removing findings.id field
index.php - ensure user can't import a host list without uploading a host list file

Fixed:
#65, #51, #28, #27, #10
 2018-11-06 15:36:48 -05:00
Jeff Odegard
5b749f6844
Fix for #62 
Commented out last INSERT in post_Processing
 2018-11-03 16:02:08 -06:00
Jeff Odegard
ebc5cc6a7e
Fix for #63 
Line 11926, added isset to check for index 0:   if (is_array($pri_find) && count($pri_find) && isset($pri_find[0])) {
 2018-10-29 20:03:24 -06:00
Jeff Odegard
f1cab13251
Add ROLE to .ckl ASSET Tag and delete HOST_GUID 
These changes make the .ckl exports compatible with the latest STIG Viewer 2.8.
 2018-10-29 19:42:36 -06:00
Ryan Prather
5d8711d494 Fix bug #49 
Revert update_db.php to download compilation STIG library instead of individual as links are inconsistent (#60, #64, #61
Add scape_webpage method to helper.inc for future efforts
Fixed typo in uninstall.bat
 2018-10-29 13:19:31 -04:00
Ryan Prather
ab9005f0c3 Partial bug fix for #62 since new versions of SCC include extra characters in the VMS ID. 2018-10-27 12:20:33 -04:00
Ryan Prather
7f2f6a9046 Fix for #60 
Some formatting
Die if installer.php fails to create password file
Update target counts after importing eChecklist and CKL
 2018-10-25 17:48:57 -04:00
Ryan Prather
d43775b26f Fix bug with host list import not working correctly. 2018-10-25 11:32:48 -04:00
Ryan Prather
e995c0e78e Fixed a couple typos 2018-10-23 18:46:40 -04:00
Ryan Prather
17dbe134cc Database_Baseline.zip - Revisions for creating views and routines 
installer.php - Fix bug when
update_db.php - Converted STIG download to identify the zip files from the a-z master list and download them individually instead of downloading the compilation zip file.  Also integrated the sunset list into the same process so ALL STIGs are downloaded and imported at the same time
 2018-10-19 18:45:08 -04:00
Ryan Prather
c34d4eafd9 Vendor updates 2018-10-17 22:28:29 -04:00
Ryan Prather
98ea166a22 Fix for #10, #57, & #58 2018-10-17 22:19:41 -04:00
Ryan Prather
1645914d32 Update to fix some of the improper working of the results page. This does not fix the SCC result parsing...still working on that. 2018-10-17 19:44:37 -04:00
Ryan Prather
3ffd9b971e Update for config.inc for 1.3.4 release 2018-10-17 16:26:42 -04:00
Ryan Prather
43da94ed9c Fix for #57 2018-10-17 14:42:49 -04:00
Ryan Prather
fc22e6875e Fix for #49 2018-10-16 12:24:10 -04:00
Ryan Prather
479c34ca5d I believe this should fix #51. 2018-10-13 20:15:37 -04:00
Ryan Prather
13456fed63 Update to fix #52. 2018-10-13 20:07:56 -04:00
Jeff Odegard
c0b54abe09
Update README.md 
Added the Cyber Perspectives Web Page to the Readme
 2018-10-03 15:09:57 -06:00
Jeff Odegard
4f53418e8c
Created uinstall.bat, updated install.bat 
Adding an uninstall.bat that, when run as administrator, will stop the apache2.4 and mysql services, delete the mysql service (which XAMPP uninstall leaves behind...), deletes the www folder and uninstalls XAMPP.

Modified the install.bat script to suppress output when deleting the unnecessary XAMPP htdocs folder and added a friendly "contact us" message to encourage some feedback from our users.
 2018-10-03 15:06:56 -06:00
Cyber Perspectives, LLC
2c0bbb793d
Merge pull request #48 from cyberperspectives/v1.3.3 
V1.3.3
 2018-10-02 10:29:50 -04:00
Ryan Prather
dca07e06f5 Bug #18 fix 2018-09-27 14:27:57 -04:00
Ryan Prather
dda64e1239 Merge branch 'v1.3.3' of https://github.com/cyberperspectives/sagacity into HEAD 2018-09-26 10:43:03 -04:00
Ryan Prather
684d1e4b19 Enhancement to add #11 2018-09-26 10:41:20 -04:00
Ryan Prather
dde7409f01 Bug fix for #26 
Make sure debug log does not output integers, but only mysqli_result object in db_helper
Couple other fixes
 2018-09-26 10:39:38 -04:00
Jeff Odegard
18cac3afa5
Add icon for application server 2018-09-19 10:57:32 -06:00
Jeff Odegard
85bf003d01
Distinguished App Server STIG from App Development 2018-09-19 10:56:45 -06:00
Jeff Odegard
0931990735
Delete Unnecessary XAMPP htdocs folder on install 2018-09-19 10:52:17 -06:00
Ryan Prather
881bf29ee5 Merge branch 'v1.3.3' of https://github.com/cyberperspectives/sagacity into HEAD 2018-09-18 22:56:46 -04:00
Ryan Prather
2440bc75cc Fix for bug #22 2018-09-18 22:55:43 -04:00
Cyber Perspectives, LLC
13834fd658
Upload checklist.inc for Sunset STIG Icons 2018-09-18 20:06:38 -06:00
Cyber Perspectives, LLC
17251a249f
Update icons for Sunset STIGs 2018-09-18 20:05:46 -06:00
Ryan Prather
7b40dbb75c Merge branch 'v1.3.3' of https://github.com/cyberperspectives/sagacity into HEAD 2018-09-18 20:09:27 -04:00
Ryan Prather
7293fd7114 Update 3rd party library 2018-09-18 19:59:25 -04:00
Ryan Prather
927ae69743 ajax.php - sort checklists 
background_stigs.php - change to support adding sunset STIGs to update_db.php
parse_nessus.php/parse_nmap.php - disable post processing until the end of reading the file
update_db.php - Add sunset STIGs downloading and parsing
database.inc - Removed unnecessary variables ($key, etc), fixed typo (proc_ia_control v. proc_ia_controls), fix typo line 11072, added query_type to other queries in post_Processing method, call update_Target_Count method at the end of post_Processing, convert update_Target_Count to use queries instead of get_pdi_count and get_finding_count views (caused a performance hit), removed calling update_Target_Count from save_Target method to support previously mentioned changes
index.php - removed ajax timeout when bulk removing targets
 2018-09-18 19:53:19 -04:00
Ryan Prather
78e584c1b9 Update 3rd party libraries 
Forgot these two
 2018-09-18 19:32:08 -04:00
Ryan Prather
87feac65a2 Delete php-db library due to confusion with db_helper class and required rewrite to use it. 2018-09-18 19:28:10 -04:00
Jeff Odegard
a8d9725168
Images for new checklist icons 2018-09-18 12:08:58 -06:00
Jeff Odegard
495bad4bad
Updates to eliminate orphaned checklists. 2018-09-18 12:07:58 -06:00
Cyber Perspectives, LLC
eb904cca72
Update README.md 2018-09-16 19:33:30 -06:00
Ryan Prather
422ff8094a Fix for bug #9 2018-09-11 16:51:23 -04:00
Ryan Prather
972c456fc5 Typo fix 2018-09-06 18:38:31 -04:00
Ryan Prather
a0605844bf Merge branch 'v1.3.3' of https://github.com/cyberperspectives/sagacity into HEAD 2018-09-06 13:46:14 -04:00
Ryan Prather
d41c1f9e21 Moved NVD CVE parse progress to update_db and changed download progress to update overall instead of each file progress (bug #6) 
Added include for autoload in helper.inc (bug #7)
Removed a few unnecessary variables
 2018-09-06 13:43:23 -04:00
Ryan P
19554b9731
Update config.inc 
Add global UPDATE_FREQ constant to define refresh delay for ajax updates
 2018-09-05 19:59:45 -04:00
Ryan Prather
082ccd5381 Fix for bug #8 2018-09-05 14:36:35 -04:00
Ryan Prather
d52454d1bb Updates to 3rd party libraries 
Add Dockerfile and specific docker-php.ini
 2018-08-28 21:27:13 -04:00
Ryan Prather
9edd6c1c35 Fixes to bug #5 2018-08-28 20:46:48 -04:00
Ryan Prather
d6b6fe159d Fix to #4 2018-08-21 17:29:25 -04:00
Ryan Prather
3b138f421c Fixed issue #1 2018-08-12 22:53:42 -04:00
Cyber Perspectives, LLC
0bccaf5838
Merge pull request #2 from cyberperspectives/master 
Update 1.3.3 base
 2018-07-26 08:46:50 -04:00
611 changed files with 62551 additions and 19910 deletions
Show Stats Expand all files Collapse all files

3
.gitignore vendored Normal file
View File

@ -0,0 +1,3 @@
/.buildpath
/.project
/.settings/

5
.gitmessage Normal file
View File

@ -0,0 +1,5 @@
<type>[optional scope]: <description>
[optional body]
[optional footer]

2
CHANGELOG.md
View File

@ -1,3 +1,5 @@
## v1.3.3
## v1.3.2
- Initial GitHub load
- Previous versions loaded on [SourceForge](https://sourceforge.net/projects/sagacity/)

BIN
Database_Baseline.zip
View File

Binary file not shown.

6
Dockerfile Normal file
View File

@ -0,0 +1,6 @@
FROM php:apache-stretch
COPY conf/docker-php.ini /usr/local/etc/php/php.ini
RUN apt update && apt -y install zlib1g-dev mysql-client
RUN docker-php-ext-install mysqli zip
RUN mkdir /var/log/sagacity && chown www-data:www-data /var/log/sagacity
EXPOSE 80

8
README.md
View File

@ -1,4 +1,6 @@
# Sagacity
# Cyber Perspectives Sagacity [![paypal](https://www.paypalobjects.com/en_US/i/btn/btn_donateCC_LG.gif)](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=XFR5WFPGTM2SS)
https://www.cyberperspectives.com
Sagacity is a vulnerability assessment and compliance data management tool designed to make security testing more efficient, effective and complete.
Security assessments, especially those done for DoD and Federal organizations, produce tremendous amounts of scan and compliance data that security engineers must sort through and deconflict, identify untested requirements, and somehow analyze to communicate risk to their employers. Sagacity, originally written to support a government customer, was designed to fill that need.
@ -31,12 +33,16 @@ _Keen insight. Sound judgment. Wise decisions. Sagacity._
### Software Requirements
Sagacity has the following software requirements. The versions listed are the minimum required for operation. For PHP, we recommend the closest version you can get to the one listed, further versions may deprecate features before we have the chance to update the code.
*Please note: Sagacity is not fully compatible with XAMPP 7.3.x or PHP 7.3. Please use XAMPP 7.2 / PHP 7.2 instead.*
- PHP 7.2
- MySQL 5.7+ or MariaDB 10+
- Apache 2.4+
For Windows, you can install XAMPP 7.2.x from https://www.apachefriends.org/download.html
## Installation
See README.pdf for complete installation instructions.

BIN
README.pdf
View File

Binary file not shown.

50
ajax.php
View File

@ -48,11 +48,15 @@
*/
set_time_limit(0);
include_once 'vendor/autoload.php';
include_once 'config.inc';
include_once 'import.inc';
include_once 'helper.inc';
chdir(DOC_ROOT);
use Monolog\Logger;
use Monolog\Handler\StreamHandler;
chdir(dirname(__FILE__));
$db = new db();
$conn = new mysqli(DB_SERVER, "web", db::decrypt_pwd(), 'sagacity');
@ -202,8 +206,10 @@ elseif ($action == 'delete-cat') {
}
}
elseif ($action == 'delete-file') {
$file = TMP . "/" . filter_input(INPUT_POST, 'filename', FILTER_SANITIZE_STRING);
if (file_exists($file)) {
$file = filter_input(INPUT_POST, 'filename', FILTER_SANITIZE_STRING);
$file = realpath($file);
if ($file && preg_match("/^" . preg_quote(TMP, '/') . "/", $file)) {
if (unlink($file)) {
print header(JSON) . json_encode([
'success' => 'Deleted file'
@ -216,6 +222,7 @@ elseif ($action == 'delete-file') {
}
}
else {
$file = filter_input(INPUT_POST, 'filename', FILTER_SANITIZE_STRING);
print header(JSON) . json_encode([
'error' => "$file does not exist"
]);
@ -226,8 +233,10 @@ elseif ($action == 'get-cat-data') {
$checklist = $db->get_Checklist_By_File($fname);
if (isset($checklist[0])) {
$checklist[0]->type = ucfirst($checklist[0]->type);
print header(JSON) . json_encode($checklist[0]);
$chk = $checklist[0];
$chk->type = ucfirst($chk->type);
print header(JSON) . json_encode($chk);
}
else {
print header(JSON) . json_encode(array('error' => 'Error finding checklist'));
@ -539,8 +548,7 @@ function sw_filter($is_os = false)
'table_joins' => [
"LEFT JOIN `sagacity`.`target_software` ts ON ts.`sft_id` = s.`id`" . ($tgt_id ? " AND ts.`tgt_id` = $tgt_id" : "")
],
'order' => 's.cpe',
'limit' => 25
'order' => 's.cpe'
]);
$sw = $db->help->execute();
@ -1470,7 +1478,7 @@ function update_stig_control()
*
* @param int $cat_id
*
* @return type
* @return mixed
*/
function get_hosts($cat_id = null)
{
@ -1479,9 +1487,11 @@ function get_hosts($cat_id = null)
$ste_id = filter_input(INPUT_COOKIE, 'ste', FILTER_VALIDATE_INT, FILTER_NULL_ON_FAILURE);
$tgts = [];
$exp_scan_srcs = null;
if ($cat_id) {
$ste_cat = $db->get_Category($cat_id)[0];
$tgts = $db->get_Target_By_Category($cat_id);
$exp_scan_srcs = $db->get_Expected_Category_Sources($ste_cat);
}
elseif (is_numeric($ste_id)) {
$tgts = $db->get_Unassigned_Targets($ste_id);
@ -1490,18 +1500,14 @@ function get_hosts($cat_id = null)
return json_encode(['error' => "Invalid info"]);
}
foreach ($tgts as $key => $tgt) {
foreach ($tgts as $tgt) {
/** @var target $tgt */
$chks = $db->get_Target_Checklists($tgt->get_ID());
if ($cat_id) {
$exp_scan_srcs = $db->get_Expected_Category_Sources($ste_cat);
}
else {
$exp_scan_srcs = null;
}
$scan_srcs = $db->get_Target_Scan_Sources($tgt, $exp_scan_srcs);
$icons = [];
$icon_str = '';
$src_str = '';
sort($chks);
foreach ($chks as $chk) {
if (!in_array($chk->get_Icon(), array_keys($icons))) {
@ -1515,18 +1521,20 @@ function get_hosts($cat_id = null)
$icon_str .= "<img src='/img/checklist_icons/$icon' title='{$data['name']}' class='checklist_image' />";
}
foreach ($scan_srcs as $key => $src) {
foreach ($scan_srcs as $src) {
if(isset($src['src']) && is_a($src['src'], 'source')) {
$icon = $src['src']->get_Icon();
if($src['scan_error']) {
if(isset($src['scan_error']) && $src['scan_error']) {
$icon = strtolower($src['src']->get_Name()) . "-failed.png";
}
$src_str .= "<img src='/img/scan_types/{$icon}' title='{$src['src']->get_Name()}";
if (isset($src['count']) && $src['count']) {
$src_str .= " ({$src['count']})";
if (isset($src['file_name']) && $src['file_name']) {
$src_str .= "\n{$src['file_name']}";
}
$src_str .= "' class='checklist_image' />";
}
}
$ret['targets'][] = array_merge([
'id' => $tgt->get_ID(),
@ -1548,8 +1556,8 @@ function get_hosts($cat_id = null)
'cat_1' => $tgt->getCat1Count(),
'cat_2' => $tgt->getCat2Count(),
'cat_3' => $tgt->getCat3Count(),
'comp' => $tgt->getCompliantPercent(),
'assessed' => $tgt->getAssessedPercent()
'comp' => floatval(number_format($tgt->getCompliantPercent(), 6)),
'assessed' => floatval(number_format($tgt->getAssessedPercent(), 6))
]);
}

47
classes/checklist.inc
View File

@ -5,7 +5,7 @@
* Purpose: Represents a checklist that links a PDI and software package
* Created: Sep 12, 2013
*
* Portions Copyright 2017: Cyber Perspectives, All rights reserved
* Portions Copyright 2017-2019: CyberPerspectives, LLC, All rights reserved
* Released under the Apache v2.0 License
*
* Portions Copyright (c) 2012-2015, Salient Federal Solutions
@ -21,6 +21,7 @@
* - May 13, 2017 - Added WindowsFirewall.jpg image for checklist
* - May 19, 2017 - Fixed typo for WindowsFirewall
* - Aug 23, 2017 - JO, Expanded checklist icons
* - Nov 6, 2018 - Deleted duplicate BIND 9 checklist icon entry
*/
/**
@ -312,8 +313,11 @@ class checklist
case (preg_match("/AIX/i", $this->name) ? true : false):
$this->icon = 'AIX.png';
break;
case (preg_match("/Application Security|Application Server|Application Layer Gateway/i", $this->name) ? true : false):
case (preg_match("/Application Security|Application Layer Gateway/i", $this->name) ? true : false):
$this->icon = 'Application Development.gif';
break;
case (preg_match("/Application Server/i", $this->name) ? true : false):
$this->icon = 'Application Server.jpg';
break;
case (preg_match("/Active Directory/i", $this->name) ? true : false):
$this->icon = 'Active Directory.png';
@ -399,10 +403,10 @@ class checklist
case (preg_match("/SharePoint/i", $this->name) ? true : false):
$this->icon = 'Microsoft Sharepoint.png';
break;
case (preg_match("/Dot Net/i", $this->name) ? true : false):
case (preg_match("/Dot Net|DotNet/i", $this->name) ? true : false):
$this->icon = 'Microsoft .NET.png';
break;
case (preg_match("/Internet Explorer/i", $this->name) ? true : false):
case (preg_match("/Internet Explorer|Microsoft IE/i", $this->name) ? true : false):
$this->icon = 'Internet Explorer.png';
break;
case (preg_match("/Windows Phone/i", $this->name) ? true : false):
@ -448,7 +452,7 @@ class checklist
case (preg_match("/Red ?Hat/i", $this->name) ? true : false):
$this->icon = 'RedHat Linux.jpg';
break;
case (preg_match("/SUSE Linux/i", $this->name) ? true : false):
case (preg_match("/SUSE Linux|SLES/i", $this->name) ? true : false):
$this->icon = 'SUSE Linux.png';
break;
case (preg_match("/Solaris/i", $this->name) ? true : false):
@ -457,6 +461,9 @@ class checklist
case (preg_match("/Storage Area/i", $this->name) ? true : false):
$this->icon = 'Storage Area Network.gif';
break;
case (preg_match("/Ubuntu/i", $this->name) ? true : false):
$this->icon = 'Ubuntu.png';
break;
case (preg_match("/z\/OS/i", $this->name) ? true : false):
$this->icon = 'ZOS.jpg';
break;
@ -542,9 +549,6 @@ class checklist
case (preg_match("/Mobile Device/i", $this->name) ? true : false):
$this->icon = 'mobile-device.jpg';
break;
case (preg_match("/BIND 9/i", $this->name) ? true : false):
$this->icon = 'BIND DNS.jpg';
break;
case (preg_match("/Remote Access/i", $this->name) ? true : false):
$this->icon = 'remote-access.gif';
break;
@ -574,6 +578,33 @@ class checklist
break;
case (preg_match("/Mainframe /i", $this->name) ? true : false):
$this->icon = 'mainframe.png';
break;
case (preg_match("/HBSS/i", $this->name) ? true : false):
$this->icon = 'HBSS.jpg';
break;
case (preg_match("/Akamai/i", $this->name) ? true : false):
$this->icon = 'Akamai.png';
break;
case (preg_match("/ArcGIS/i", $this->name) ? true : false):
$this->icon = 'ArcGIS.png';
break;
case (preg_match("/Bromium/i", $this->name) ? true : false):
$this->icon = 'Bromium.png';
break;
case (preg_match("/Forescout/i", $this->name) ? true : false):
$this->icon = 'Forescout.jpg';
break;
case (preg_match("/DB Networks|DBN\-6300/i", $this->name) ? true : false):
$this->icon = 'DB Networks.png';
break;
case (preg_match("/Windows PAW/i", $this->name) ? true : false):
$this->icon = 'Windows PAW.jpg';
break;
case (preg_match("/SecNet/i", $this->name) ? true : false):
$this->icon = 'Harris SecNet.jpg';
break;
case (preg_match("/Desktop App/i", $this->name) ? true : false):
$this->icon = 'Desktop Application.jpg';
break;
default:
$this->icon = 'Orphan.png';

201
classes/finding.inc
View File

@ -22,6 +22,7 @@
* - May 25, 2017 - Fixed bug of get_Category method returning empty severity (defaults to II if empty)
* - Jan 10, 2018 - Formatting
* - May 24, 2018 - Simplified get_Finding_Status_ID method
* - Nov 6, 2018 - Removed ID property to keep from duplicate findings
*/
/**
@ -30,14 +31,8 @@
* @author Ryan Prather
*
*/
class finding {
/**
* Finding ID
*
* @var integer
*/
protected $id = null;
class finding
{
/**
* Target ID
@ -88,6 +83,20 @@ class finding {
*/
protected $notes = null;
/**
* Analyst Notes
*
* @var string
*/
protected $analyst_notes = null;
/**
* Scanner Notes
*
* @var string
*/
protected $scanner_notes = null;
/**
* Change ID
*
@ -155,7 +164,6 @@ class finding {
/**
* Constructor
*
* @param integer $int_ID
* @param integer $int_Tgt_ID
* @param integer $int_PDI_ID
* @param integer $int_Scan_ID
@ -165,15 +173,14 @@ class finding {
* @param string $str_Orig_Src
* @param integer $int_Finding_Itr
*/
public function __construct($int_ID, $int_Tgt_ID, $int_PDI_ID, $int_Scan_ID, $Finding_Status, $str_Notes, $int_Change_ID, $str_Orig_Src, $int_Finding_Itr) {
$this->id = $int_ID;
public function __construct($int_Tgt_ID, $int_PDI_ID, $int_Scan_ID, $Finding_Status, $str_Notes, $int_Change_ID, $str_Orig_Src, $int_Finding_Itr)
{
$this->tgt_id = $int_Tgt_ID;
$this->pdi_id = $int_PDI_ID;
$this->scan_id = $int_Scan_ID;
if (is_numeric($Finding_Status)) {
$this->finding_status_id = $Finding_Status;
}
else {
} else {
$this->finding_status_id = $this->get_Finding_Status_ID($Finding_Status);
}
$this->notes = $str_Notes;
@ -182,21 +189,13 @@ class finding {
$this->finding_itr = $int_Finding_Itr;
}
/**
* Getter function for Finding ID
*
* @return integer
*/
public function get_ID() {
return $this->id;
}
/**
* Getter function for target ID
*
* @return integer
*/
public function get_Tgt_ID() {
public function get_Tgt_ID()
{
return $this->tgt_id;
}
@ -205,7 +204,8 @@ class finding {
*
* @param integer $int_Tgt_ID
*/
public function set_Tgt_ID($int_Tgt_ID) {
public function set_Tgt_ID($int_Tgt_ID)
{
$this->tgt_id = $int_Tgt_ID;
}
@ -214,7 +214,8 @@ class finding {
*
* @return integer
*/
public function get_PDI_ID() {
public function get_PDI_ID()
{
return $this->pdi_id;
}
@ -223,7 +224,8 @@ class finding {
*
* @param integer $int_PDI_ID
*/
public function set_PDI_ID($int_PDI_ID) {
public function set_PDI_ID($int_PDI_ID)
{
$this->pdi_id = $int_PDI_ID;
}
@ -232,7 +234,8 @@ class finding {
*
* @return integer
*/
public function get_Scan_ID() {
public function get_Scan_ID()
{
return $this->scan_id;
}
@ -241,7 +244,8 @@ class finding {
*
* @param integer $int_Scan_ID
*/
public function set_Scan_ID($int_Scan_ID) {
public function set_Scan_ID($int_Scan_ID)
{
$this->scan_id = $int_Scan_ID;
}
@ -250,7 +254,8 @@ class finding {
*
* @return integer
*/
public function get_Finding_Status() {
public function get_Finding_Status()
{
return $this->finding_status_id;
}
@ -260,12 +265,12 @@ class finding {
* @param string $status
* @return integer
*/
public function get_Finding_Status_ID($status) {
public function get_Finding_Status_ID($status)
{
$arr_flip = array_flip($this->STATUS);
if(isset($arr_flip[$status])) {
if (isset($arr_flip[$status])) {
return $arr_flip[$status];
}
else {
} else {
return $arr_flip['Not Reviewed'];
}
}
@ -276,11 +281,11 @@ class finding {
* @param integer $int_Status_ID
* @return string
*/
public function get_Finding_Status_String($int_Status_ID = null) {
public function get_Finding_Status_String($int_Status_ID = null)
{
if ($int_Status_ID) {
return $this->STATUS[$int_Status_ID];
}
else {
} else {
return $this->STATUS[$this->finding_status_id];
}
}
@ -290,7 +295,8 @@ class finding {
*
* @param integer $int_Finding_Status_ID
*/
public function set_Finding_Status($int_Finding_Status_ID) {
public function set_Finding_Status($int_Finding_Status_ID)
{
$this->finding_status_id = $int_Finding_Status_ID;
}
@ -299,7 +305,8 @@ class finding {
*
* @param string $str_New_Status
*/
public function set_Finding_Status_By_String($str_New_Status) {
public function set_Finding_Status_By_String($str_New_Status)
{
$this->finding_status_id = $this->get_Finding_Status_ID($str_New_Status);
}
@ -308,7 +315,8 @@ class finding {
*
* @return string
*/
public function get_Notes() {
public function get_Notes()
{
return $this->notes;
}
@ -317,7 +325,8 @@ class finding {
*
* @param string $str_Notes
*/
public function set_Notes($str_Notes) {
public function set_Notes($str_Notes)
{
$this->notes = $str_Notes;
}
@ -326,7 +335,8 @@ class finding {
*
* @param string $str_Notes
*/
public function prepend_Notes($str_Notes) {
public function prepend_Notes($str_Notes)
{
$this->notes = $str_Notes . PHP_EOL . $this->notes;
}
@ -336,20 +346,61 @@ class finding {
* @param string $str_Notes
* @param boolean $merge
*/
public function append_Notes($str_Notes, $merge = false) {
public function append_Notes($str_Notes, $merge = false)
{
$this->notes .= PHP_EOL . ($merge ? "(Merged Target)" . PHP_EOL : "") . $str_Notes;
}
/**
* Getter function for the analyst notes
*
* @return string
*/
public function get_Analyst_Notes()
{
return $this->analyst_notes;
}
/**
* Setter function for the analyst notes
*
* @param string $str_Notes
*/
public function set_Analyst_Notes($str_Notes)
{
$this->analyst_notes = $str_Notes;
}
/**
* Getter function for the scanner notes
*
* @return string
*/
public function get_Scanner_Notes()
{
return $this->scanner_notes;
}
/**
* Setter function for the scanner notes
*
* @param string $str_Notes
*/
public function set_Scanner_Notes($str_Notes)
{
$this->scanner_notes = $str_Notes;
}
/**
* Getter function for change ID
*
* @return integer
*/
public function get_Change_ID() {
public function get_Change_ID()
{
if ($this->change_id) {
return $this->change_id;
}
else {
} else {
return $this::NC;
}
}
@ -359,7 +410,8 @@ class finding {
*
* @param integer $int_Change_ID
*/
public function set_Change_ID($int_Change_ID) {
public function set_Change_ID($int_Change_ID)
{
$this->change_id = $int_Change_ID;
}
@ -368,7 +420,8 @@ class finding {
*
* @return string
*/
public function get_Original_Source() {
public function get_Original_Source()
{
return $this->orig_src;
}
@ -377,7 +430,8 @@ class finding {
*
* @param string $str_Original_Source
*/
public function set_Original_Source($str_Original_Source) {
public function set_Original_Source($str_Original_Source)
{
$this->orig_src = $str_Original_Source;
}
@ -386,7 +440,8 @@ class finding {
*
* @return integer
*/
public function get_Finding_Iteration() {
public function get_Finding_Iteration()
{
return $this->finding_itr;
}
@ -395,15 +450,17 @@ class finding {
*
* @param integer $int_Finding_Iteration
*/
public function set_Finding_Iteration($int_Finding_Iteration) {
public function set_Finding_Iteration($int_Finding_Iteration)
{
$this->finding_itr = $int_Finding_Iteration;
}
/**
* Increment the finding count by 1
*/
public function inc_Finding_Count() {
$this->finding_itr++;
public function inc_Finding_Count()
{
$this->finding_itr ++;
}
/**
@ -412,7 +469,8 @@ class finding {
* @param string $str_New_Status
* @return string
*/
public function get_Deconflicted_Status($str_New_Status) {
public function get_Deconflicted_Status($str_New_Status)
{
// must get original status first!
return deconflict_status::$DECONFLICTED_STATUS[$this->get_Finding_Status_String()][$str_New_Status];
}
@ -422,7 +480,8 @@ class finding {
*
* @return int
*/
public function get_Category() {
public function get_Category()
{
if (empty($this->cat)) {
return 2;
}
@ -434,11 +493,11 @@ class finding {
*
* @param mixed $cat_in
*/
public function set_Category($cat_in) {
public function set_Category($cat_in)
{
if (is_numeric($cat_in)) {
$this->cat = $cat_in;
}
elseif (is_string($cat_in)) {
} elseif (is_string($cat_in)) {
$this->cat = substr_count($cat_in, "I");
}
}
@ -448,7 +507,8 @@ class finding {
*
* @return array:string
*/
public function get_IA_Controls() {
public function get_IA_Controls()
{
return $this->ia_controls;
}
@ -457,7 +517,8 @@ class finding {
*
* @return string
*/
public function get_IA_Controls_String() {
public function get_IA_Controls_String()
{
return implode(" ", $this->ia_controls);
}
@ -466,11 +527,11 @@ class finding {
*
* @param mixed $ia_controls_in
*/
public function set_IA_Controls($ia_controls_in) {
public function set_IA_Controls($ia_controls_in)
{
if (is_array($ia_controls_in)) {
$this->ia_controls = $ia_controls_in;
}
elseif (is_string($ia_controls_in)) {
} elseif (is_string($ia_controls_in)) {
$this->ia_controls = explode(" ", $ia_controls_in);
}
}
@ -480,7 +541,8 @@ class finding {
*
* @param string $ia_control_in
*/
public function add_IA_Control($ia_control_in) {
public function add_IA_Control($ia_control_in)
{
$add = true;
foreach ($this->ia_controls as $ia) {
if ($ia == $ia_control_in) {
@ -493,7 +555,6 @@ class finding {
$this->ia_controls[] = $ia_control_in;
}
}
}
/**
@ -501,7 +562,8 @@ class finding {
*
* @author Ryan Prather
*/
class finding_status {
class finding_status
{
/**
* The database ID of the finding status
@ -516,7 +578,6 @@ class finding_status {
* @var string
*/
public $status = '';
}
/**
@ -524,14 +585,13 @@ class finding_status {
*
* @author Ryan Prather
*/
class deconflict_status {
class deconflict_status
{
/**
* Stores the matrix of current -> new statuses
*
* @var array:string
*
* / Finding Definitions
* @var array:string / Finding Definitions
* Open: The finding is valid for this host - the host does not meet the requirements
* Not a Finding: The finding is not valid for this host - the host meets the requirements
* Not Applicable: The requirement does not apply to this host - prerequisites do not exist.
@ -618,5 +678,4 @@ class deconflict_status {
'No Data' => 'No Data'
]
];
}

20
classes/host_list.inc
View File

@ -13,6 +13,8 @@
* Change Log:
* - Jan 16, 2018 - File created
* - Feb 6, 2018 - Added getter/setter methods
* - Nov 6, 2018 - Deleted unused constructor
* - Nov 8, 2018 - Added method to increase finding count
*/
/**
@ -65,14 +67,6 @@ class host_list
*/
private $_scanNotes = null;
/**
* Constructor
*/
public function __construct()
{
}
/**
* Getter function for _targetId
*
@ -153,6 +147,16 @@ class host_list
$this->_findingCount = $intFindingCount;
}
/**
* Method to add findings to the count
*
* @param int $intFindingCount
*/
public function addFindingCount($intFindingCount)
{
$this->_findingCount += $intFindingCount;
}
/**
* Getter function for _scanError
*

253
classes/import.inc
View File

@ -39,7 +39,8 @@ include_once 'vendor/autoload.php';
*
* @author Ryan Prather
*/
class import {
class import
{
/**
* The current include_once path
@ -92,27 +93,30 @@ class import {
/**
* Class constructor
*/
public function __construct() {
public function __construct()
{
set_time_limit(0);
}
/**
* Class destructor to reset the include_once path and time limits
*/
public function __destruct() {
public function __destruct()
{
set_time_limit(30);
}
/**
* Function to scan the tmp directory for result files and call the appropriate parsers
*/
public function scan_Result_Files($redirect = true) {
public function scan_Result_Files($redirect = true)
{
chdir(DOC_ROOT . "/exec");
$ignore = filter_input(INPUT_POST, 'ignore', FILTER_VALIDATE_BOOLEAN) ? "true" : "false";
$doc_root = realpath(DOC_ROOT);
$ste = filter_input(INPUT_COOKIE, 'ste', FILTER_VALIDATE_INT);
if (!$ste) {
if (! $ste) {
$ste = filter_input(INPUT_POST, 'ste', FILTER_VALIDATE_INT);
}
$location = filter_input(INPUT_POST, 'location', FILTER_SANITIZE_STRING);
@ -126,13 +130,11 @@ ignore = $ignore
EOF;
if(!file_put_contents(DOC_ROOT . "/exec/parse_config.ini", $conf)) {
if (! file_put_contents(DOC_ROOT . "/exec/parse_config.ini", $conf)) {
throw new Exception("Error creating the parse_config.ini");
}
$script = realpath(defined('PHP_BIN') ? PHP_BIN : PHP) .
" -c " . realpath(PHP_CONF) .
" -f " . realpath(DOC_ROOT . "/exec/background_results.php");
$script = realpath(defined('PHP_BIN') ? PHP_BIN : PHP) . " -c " . realpath(PHP_CONF) . " -f " . realpath(DOC_ROOT . "/exec/background_results.php");
if (LOG_LEVEL == E_DEBUG) {
Sagacity_Error::err_handler("Script to execute: $script", E_DEBUG);
@ -149,18 +151,17 @@ EOF;
/**
* Function to scan '/xampp/www/tmp' directory for catalog files
*/
public function scan_Catalog_Files() {
public function scan_Catalog_Files()
{
chdir(DOC_ROOT . "/tmp");
$files = glob("*");
foreach ($files as $file) {
if (substr($file, -3) == 'zip') {
if (substr($file, - 3) == 'zip') {
// $this->import_STIG_ZIP("../tmp/$file");
}
elseif (preg_match('/pdi\-|\_catalog/i', $file)) {
} elseif (preg_match('/pdi\-|\_catalog/i', $file)) {
// $this->import_PDI_CSV("../tmp/$file");
}
elseif (preg_match('/\-xccdf\.xml$/i', $file)) {
} elseif (preg_match('/\-xccdf\.xml$/i', $file)) {
// $this->import_STIG("../tmp/$file");
}
}
@ -169,7 +170,8 @@ EOF;
/**
* Function to scan host data files and import findings
*/
public function import_Host_Data_Collection() {
public function import_Host_Data_Collection()
{
$db = new db();
$doc_root = realpath(DOC_ROOT);
@ -187,30 +189,26 @@ EOF;
file_put_contents(DOC_ROOT . "/exec/parse_config.ini", $conf);
$script = realpath(defined('PHP_BIN') ? PHP_BIN : PHP) .
" -c " . realpath(PHP_CONF) .
" -f " . realpath(DOC_ROOT . "/exec/parse_host_data_collection.php");
$script = realpath(defined('PHP_BIN') ? PHP_BIN : PHP) . " -c " . realpath(PHP_CONF) . " -f " . realpath(DOC_ROOT . "/exec/parse_host_data_collection.php");
if (substr(strtolower(PHP_OS), 0, 3) == 'win') {
$shell = new COM("WScript.Shell");
$shell->CurrentDirectory = DOC_ROOT;
$shell->run($script, 0, false);
}
elseif (substr(strtolower(PHP_OS), 0, 3) == 'lin') {
} elseif (substr(strtolower(PHP_OS), 0, 3) == 'lin') {
exec("$script > /dev/null &");
}
else {
} else {
Sagacity_Error::err_handler("Unknown OS: " . PHP_OS);
}
header("Location: /ste/");
}
/**
* function to import PDI CSV file to database
*/
public function import_PDI_CSV() {
public function import_PDI_CSV()
{
$db = new db();
$handle = fopen(DOC_ROOT . "/tmp/All-PDI-Catalog.csv", "r");
@ -245,7 +243,7 @@ EOF;
$ref = $ref[0];
}
if (!is_null($ref)) {
if (! is_null($ref)) {
$pdi = new pdi($ref->get_PDI_ID(), $catalog['cat_lvl'], "NOW");
$pdi->set_Short_Title($catalog['short_title']);
$pdi->set_Group_Title($catalog['short_title']);
@ -254,10 +252,10 @@ EOF;
if ($catalog['ia_controls']) {
$ia_controls = array();
foreach (explode(" ", $catalog['ia_controls']) as $ia) {
$ia_controls[] = new ia_control($ref->get_PDI_ID(), substr($ia, 0, -2), substr($ia, -1));
$ia_controls[] = new ia_control($ref->get_PDI_ID(), substr($ia, 0, - 2), substr($ia, - 1));
}
if (!$db->save_IA_Control($ia_controls)) {
if (! $db->save_IA_Control($ia_controls)) {
print "error updating ia controls on id: " . $ref->get_ID() . "<br />";
}
}
@ -266,15 +264,13 @@ EOF;
if ($catalog['retina_id']) {
$retina = new retina($ref->get_PDI_ID(), $catalog['retina_id']);
if (!$db->save_Retina($retina)) {
if (! $db->save_Retina($retina)) {
print "error updating retina id: " . $catalog['retina_id'] . "<br />";
}
}
// Vul_ID
if ($catalog['vul_id']) {
}
if ($catalog['vul_id']) {}
if ($catalog['sv_rule_id']) {
$sv_rule = array();
@ -282,7 +278,7 @@ EOF;
$sv_rule[] = new sv_rule($ref->get_PDI_ID(), $rule);
}
if (!$db->save_SV_Rule($sv_rule)) {
if (! $db->save_SV_Rule($sv_rule)) {
print "error updating sv rule on pdi: " . $ref->get_ID() . "<br />";
}
}
@ -290,12 +286,11 @@ EOF;
if ($catalog['nessus_id']) {
$nessus = new nessus($ref->get_PDI_ID(), $catalog['nessus_id']);
if (!$db->save_Nessus($nessus)) {
if (! $db->save_Nessus($nessus)) {
print "error updating nessus id: " . $catalog['nessus_id'] . "<br />";
}
}
}
else {
} else {
$pdi = new pdi(0, $catalog['cat_lvl'], "NOW");
$pdi->set_Short_Title($catalog['short_title']);
$pdi->set_Group_Title($catalog['short_title']);
@ -322,10 +317,10 @@ EOF;
if ($catalog['ia_controls']) {
$ia_controls = array();
foreach (explode(" ", $catalog['ia_controls']) as $ia) {
$ia_controls[] = new ia_control($pdi_id, substr($ia, 0, -2), substr($ia, -1));
$ia_controls[] = new ia_control($pdi_id, substr($ia, 0, - 2), substr($ia, - 1));
}
if (!$db->save_IA_Control($ia_controls)) {
if (! $db->save_IA_Control($ia_controls)) {
print "error updating ia controls on pdi_id: " . $ref->get_ID() . "<br />";
}
}
@ -334,15 +329,13 @@ EOF;
if ($catalog['retina_id']) {
$retina = new retina($pdi_id, $catalog['retina_id']);
if (!$db->save_Retina($retina)) {
if (! $db->save_Retina($retina)) {
print "error updating retina id: " . $catalog['retina_id'] . "<br />";
}
}
// Vul_ID
if ($catalog['vul_id']) {
}
if ($catalog['vul_id']) {}
// sv_rule
if ($catalog['sv_rule_id']) {
@ -351,7 +344,7 @@ EOF;
$sv_rule[] = new sv_rule($pdi_id, $rule);
}
if (!$db->save_SV_Rule($sv_rule)) {
if (! $db->save_SV_Rule($sv_rule)) {
print "error updating sv rule on pdi: " . $ref->get_ID() . "<br />";
}
}
@ -359,7 +352,7 @@ EOF;
if ($catalog['nessus_id']) {
$nessus = new nessus($pdi_id, $catalog['nessus_id']);
if (!$db->save_Nessus($nessus)) {
if (! $db->save_Nessus($nessus)) {
print "error updating nessus id: " . $catalog['nessus_id'] . "<br />";
}
}
@ -373,29 +366,25 @@ EOF;
* runs script net-SRR.pl
* exports a csv format file
*/
public function net_SRR() {
}
public function net_SRR()
{}
/**
* function for unix SRR conversion to csv
* runs script unix-xml-to-echecklist.pl
* runs script unix-srr-to-csv.pl
*/
public function unix_srr_to_csv() {
}
public function unix_srr_to_csv()
{}
/**
* Function to import DISA STIG content to database
*
* @param array $request
*/
public function import_STIG_XML($request = array()) {
$script = realpath(defined('PHP_BIN') ? PHP_BIN : PHP) . " " .
realpath(DOC_ROOT . "/exec/background_stigs.php") . " " .
(isset($request['delete']) ? ' --delete' : '') .
(isset($request['override']) ? " --ia" : "");
public function import_STIG_XML($request = array())
{
$script = realpath(defined('PHP_BIN') ? PHP_BIN : PHP) . " " . realpath(DOC_ROOT . "/exec/background_stigs.php") . " " . (isset($request['delete']) ? ' --delete' : '') . (isset($request['override']) ? " --ia" : "");
$shell = new COM("WScript.Shell");
$shell->CurrentDirectory = DOC_ROOT . "/exec";
@ -407,7 +396,8 @@ EOF;
/**
* Function to convert a retina CSV to an eChecklist and store on database
*/
public function retina_csv_echecklist() {
public function retina_csv_echecklist()
{
$files = glob('*.csv');
$db = new db();
@ -426,7 +416,8 @@ EOF;
* function to import golddisk info into scans table
* runs script golddisk-xml-to-echecklist.pl
*/
public function golddisk_xml_echecklist() {
public function golddisk_xml_echecklist()
{
$files = glob('*.xml');
$db = new db();
@ -442,9 +433,9 @@ EOF;
}
/**
*
*/
public function import_IAVM_CVE() {
public function import_IAVM_CVE()
{
$filename = '../tmp/iavm-to-cve(u).xml';
$xml = simplexml_load_file($filename);
$db = new db();
@ -484,8 +475,7 @@ EOF;
$golddisk = new golddisk($pdi_id, $vms_id, $title);
$db->save_GoldDisk($golddisk);
}
else {
} else {
$pdi_id = $pdi->get_PDI_ID();
}
@ -515,122 +505,108 @@ EOF;
$url = $row[9];
if (strpos($ref, 'Microsoft') !== false) {
$x++;
$x ++;
$type = 'Microsoft';
$ret = preg_match('/(MS\d{2}\-\d{3}|KB\d{6,7}|\d{6,7})/', $ref, $match);
if (count($match)) {
$id = $match[1];
}
}
elseif (strpos($ref, 'Adobe') !== false) {
$x++;
} elseif (strpos($ref, 'Adobe') !== false) {
$x ++;
$type = 'Adobe';
$ret = preg_match('/(APSA\d{2}\-\d{2}|APSB\d{2}\-\d{2})/', $ref, $match);
if (count($match)) {
$id = $match[1];
}
}
elseif (strpos($ref, 'Apache') !== false) {
$x++;
} elseif (strpos($ref, 'Apache') !== false) {
$x ++;
$type = 'Apache';
$ret = preg_match('/(CVE\-\d{4}\-\d{4}|S\d\-\d{3})/', $ref, $match);
if (count($match)) {
$id = $match[1];
}
}
elseif (strpos($ref, 'CERT') !== false) {
$x++;
} elseif (strpos($ref, 'CERT') !== false) {
$x ++;
$type = 'US-CERT';
$match = array();
if (strpos($url, 'techalerts') !== false) {
$ret = preg_match('/(TA\d{2}\-\d{3}\s).html/', $url, $match);
}
elseif (strpos($url, 'vuls') !== false) {
} elseif (strpos($url, 'vuls') !== false) {
$ret = preg_match('/([^\/]+)$/', $url, $match);
}
if (count($match)) {
$id = $match[1];
}
}
elseif (strpos($ref, 'Cisco') !== false) {
$x++;
} elseif (strpos($ref, 'Cisco') !== false) {
$x ++;
$type = 'Cisco';
$ret = preg_match('/([^\/]+)(\.s?html)$/', $url, $match);
if (count($match) > 0) {
$id = $match[1];
}
else {
} else {
$ret = preg_match('/([^\/]+)$/', $url, $match);
if (count($match)) {
$id = $match[1];
}
}
}
elseif (strpos($ref, 'Citrix') !== false) {
$x++;
} elseif (strpos($ref, 'Citrix') !== false) {
$x ++;
$type = 'Citrix';
$ret = preg_match('/([^\/]+)$/', $url, $match);
if (count($match)) {
$id = $match[1];
}
}
elseif (strpos($ref, 'Debian') !== false) {
$x++;
} elseif (strpos($ref, 'Debian') !== false) {
$x ++;
$type = 'Debian';
$ret = preg_match('/([^\/]+)$/', $url, $match);
if (count($match)) {
$id = $match[1];
}
}
elseif (strpos($ref, 'HP') !== false) {
$x++;
} elseif (strpos($ref, 'HP') !== false) {
$x ++;
$type = 'HP';
$ret = preg_match('/(HPSB\S+\ SSRT\S+)[\ ?\)?]/', $ref, $match);
if (count($match)) {
$id = $match[1];
}
else {
} else {
$ret = preg_match('/(HPSB\S+)[\ ?\)?]/', $ref, $match);
if (count($match)) {
$id = $match[1];
}
}
}
elseif (strpos($ref, 'IBM') !== false) {
$x++;
} elseif (strpos($ref, 'IBM') !== false) {
$x ++;
$type = 'IBM';
$ret = preg_match('/(\d{5,8})/', $ref, $match);
if (count($match)) {
$id = $match[1];
}
else {
} else {
$ret = preg_match('/([^\=|\/]+)$/', $url, $match);
if (count($match)) {
$id = $match[1];
}
}
}
elseif (strpos($ref, 'Juniper') !== false) {
$x++;
} elseif (strpos($ref, 'Juniper') !== false) {
$x ++;
$type = 'Juniper';
$ret = preg_match('/(PSN\-\d{4}\-\d{2}\-\d{3}|JSA\d{5})/', $url, $match);
if (count($match)) {
$id = $match[1];
}
}
elseif (strpos($ref, 'Oracle') !== false) {
$x++;
} elseif (strpos($ref, 'Oracle') !== false) {
$x ++;
$type = 'Oracle';
$url = basename($url);
$ret = preg_match('/([\S]+)\.html/', $url, $match);
@ -638,98 +614,86 @@ EOF;
if (count($match)) {
$id = $match[1];
}
}
elseif (strpos($ref, 'McAfee') !== false) {
$x++;
} elseif (strpos($ref, 'McAfee') !== false) {
$x ++;
$type = 'McAfee';
$query = parse_query($url);
if (count($match)) {
$id = isset($query['id']) ? $query['id'] : '';
}
}
elseif (strpos($ref, 'Red Hat') !== false) {
$x++;
} elseif (strpos($ref, 'Red Hat') !== false) {
$x ++;
$type = 'Red Hat';
$ret = preg_match('/([^\/]+)\.html/', $url, $match);
if (count($match)) {
$id = $match[1];
}
}
elseif (strpos($ref, 'Secunia') !== false) {
$x++;
} elseif (strpos($ref, 'Secunia') !== false) {
$x ++;
$type = 'Secunia';
$ret = preg_match('/([^\/]+)\/([^\/]+)\/?$/', $url, $match);
if (count($match)) {
if ($match[2] == 'advisory') {
$id = $match[1];
}
elseif (is_numeric($match[1]) && count($match[2]) == 1) {
} elseif (is_numeric($match[1]) && count($match[2]) == 1) {
$id = $match[1];
}
else {
} else {
$id = $match[2];
}
}
}
elseif (strpos($url, 'securitytracker') !== false) {
$x++;
} elseif (strpos($url, 'securitytracker') !== false) {
$x ++;
$type = 'Security Tracker';
$ret = preg_match('/([^\/]+)\.html$/', $url, $match);
if (count($match)) {
$id = $match[1];
}
}
elseif (strpos($ref, 'SecurityFocus') !== false) {
$x++;
} elseif (strpos($ref, 'SecurityFocus') !== false) {
$x ++;
$type = 'SecurityFocus';
$ret = preg_match('/([^\/]+)\/?$/', $url, $match);
if (count($match)) {
if ($match[1] != 'info') {
$id = $match[1];
}
else {
} else {
$ret = preg_match('/([^\/]+)\/info/', $url, $match);
$id = $match[1];
}
}
}
elseif (strpos($ref, 'Sun') !== false) {
$x++;
} elseif (strpos($ref, 'Sun') !== false) {
$x ++;
$type = 'Sun';
$query = parse_query($url);
$id = isset($query['assetkey']) ? $query['assetkey'] : '';
if (!$id) {
if (! $id) {
$ret = preg_match('/([^\/]+)$/', parse_url($url, PHP_URL_PATH), $match);
$id = $match[1];
}
}
elseif (strpos($ref, 'Symantec') !== false) {
$x++;
} elseif (strpos($ref, 'Symantec') !== false) {
$x ++;
$type = 'Symantec';
$ret = preg_match('/(\d{5}|SYM\d{2}\-\d{3})/', $ref, $match);
if (count($match)) {
$id = $match[1];
}
}
elseif (strpos($url, 'ZDI') !== false) {
$x++;
} elseif (strpos($url, 'ZDI') !== false) {
$x ++;
$type = 'ZDI';
$ret = preg_match('/([^\/]+)(\.html|\/)$/', $url, $match);
if (count($match)) {
$id = $match[1];
}
}
elseif (strpos($ref, 'Wireshark') !== false) {
$x++;
} elseif (strpos($ref, 'Wireshark') !== false) {
$x ++;
$type = 'Wireshark';
$ret = preg_match('/([^\/]+)\.html$/', $url, $match);
@ -744,7 +708,8 @@ EOF;
* @param string $in
* @return multitype:Ambigous <>
*/
public function parse_query($in) {
public function parse_query($in)
{
/**
* Use this function to parse out the query array element from
* the output of parse_url().
@ -764,7 +729,8 @@ EOF;
/**
* Function for fixing a DISA OVAL file
*/
public function fix_Oval() {
public function fix_Oval()
{
chdir("../tmp");
$files = glob("*-oval.xml");
$ret = '';
@ -772,18 +738,16 @@ EOF;
foreach ($files as $file) {
$xml = new DOMDocument();
if (!$xml->load($file)) {
if (! $xml->load($file)) {
error_log("error reading xml file");
}
$xml->formatOutput = true;
$xml->preserveWhiteSpace = true;
$const_arr = null;
$variables = $xml->getElementsByTagName("variables")
->item(0);
$variables = $xml->getElementsByTagName("variables")->item(0);
$first_node = $variables->firstChild;
while ($node = $xml->getElementsByTagName("external_variable")
->item(0)) {
while ($node = $xml->getElementsByTagName("external_variable")->item(0)) {
$id = $node->getAttribute("id");
$id = explode(':', $id)[3];
@ -833,10 +797,9 @@ EOF;
}
}
private function getElementById($doc, $id) {
private function getElementById($doc, $id)
{
$xpath = new DOMXPath($doc);
return $xpath->query("//*[@id='$id']")
->item(0);
return $xpath->query("//*[@id='$id']")->item(0);
}
}

57
classes/scan.inc
View File

@ -83,7 +83,7 @@ class scan
/**
* Array of hosts
*
* @var array
* @var array:host_list
*/
protected $host_list = array();
@ -104,7 +104,7 @@ class scan
/**
* Enum defining the type of script
*
* @var file_types
* @var string
*/
protected $type = null;
@ -419,7 +419,7 @@ class scan
/**
* Getter function for the scan type
*
* @return file_types
* @return string
*/
public function get_Type()
{
@ -429,7 +429,7 @@ class scan
/**
* Setter function for the scan type
*
* @param file_types $type_in
* @param string $type_in
*/
public function set_Type($type_in)
{
@ -512,6 +512,30 @@ class scan
$this->status = $status_in;
}
/**
* Method to check if the scan has been terminated by the user
*/
public function isTerminated()
{
global $db, $log;
$db->help->select("scans", ['status'], [
[
'field' => 'id',
'op' => '=',
'value' => $this->id
]
]);
$thread_status = $db->help->execute();
$this->status = $thread_status['status'];
if ($this->status == TERMINIATED) {
rename(realpath(TMP . "/{$this->file_name}"), TMP . "/terminated/{$this->file_name}");
$log->notice("File parsing terminated by user");
die();
}
}
/**
* Getter function for the percentage the script has completed
*
@ -590,6 +614,31 @@ class scan
$this->host_count = $total_host_count_in;
}
/**
* Method to set a host error
*
* @param int $tgt_id
* @param boolean $is_error
* @param string $err_msg
*
* @return boolean
*/
public function set_Host_Error($tgt_id, $is_error, $err_msg = null)
{
if(isset($this->host_list[$tgt_id])) {
$h = $this->host_list[$tgt_id];
$h->setScanError($is_error);
$h->setScanNotes($err_msg);
$this->host_list[$tgt_id] = $h;
return true;
}
return false;
}
/**
* Function to return string of the td row for the upload progress page
*

4
classes/software.inc
View File

@ -595,7 +595,7 @@ class software {
if ($regex2['name_match']) {
foreach (explode(",", $regex2['name_match']) as $idx) {
if (isset($match[$idx])) {
if (isset($match[$idx]) && $match[$idx]) {
$sw['name'] .= " " . $match[$idx];
}
}
@ -603,7 +603,7 @@ class software {
if ($regex2['ver_match']) {
foreach (explode(",", $regex2['ver_match']) as $idx) {
if (isset($match[$idx])) {
if (isset($match[$idx]) && $match[$idx]) {
$sw['ver'] .= $match[$idx] . " ";
}
}

12
classes/ste_cat.inc
View File

@ -254,10 +254,10 @@ class ste_cat
*/
public function get_Table_Row($intCount = 0, $status_count = null)
{
$nf = 0;
$open = 0;
$na = 0;
if (!is_null($status_count)) {
$nf = $this->nf;
$open = $this->open;
$na = $this->na;
if (!is_null($status_count) && is_array($status_count)) {
if (isset($status_count['nf'])) {
$nf = $status_count['nf'];
}
@ -271,6 +271,10 @@ class ste_cat
}
}
if(!$intCount) {
$intCount = $this->tgt_count;
}
$cat_sources = [];
if (is_array($this->sources) && count($this->sources)) {
foreach ($this->sources as $src) {

6
classes/system.inc
View File

@ -110,7 +110,7 @@ class system {
/**
* System diagram
*
* @var binary
* @var mixed
*/
protected $diagram = null;
@ -294,7 +294,7 @@ class system {
/**
* Getter function for system diagram
*
* @return binary
* @return mixed
*/
public function get_Diagram() {
return $this->diagram;
@ -303,7 +303,7 @@ class system {
/**
* Setter function for system diagram
*
* @param binary $bin_diag_in
* @param mixed $bin_diag_in
*/
public function set_Diagram($bin_diag_in) {
$this->diagram = $bin_diag_in;

14
conf/docker-php.ini Normal file
View File

@ -0,0 +1,14 @@
memory_limit=1024M
error_reporting=E_ALL
display_errors=On
display_startup_errors=On
html_errors=On
variables_order="GPCS"
request_order="GPCS"
post_max_size=1G
include_path="./:/var/www/html:/var/www/html/classes:/var/www/html/inc"
file_uploads=On
upload_max_filesize=1G
allow_url_fopen=On
allow_url_include=Off
date.timezone=America/Indiana/Indianapolis

3
conf/my.ini
View File

@ -147,8 +147,7 @@ innodb_log_group_home_dir = "C:/xampp/mysql/data"
#innodb_log_arch_dir = "C:/xampp/mysql/data"
## You can set .._buffer_pool_size up to 50 - 80 %
## of RAM but beware of setting memory usage too high
innodb_buffer_pool_size = 16M
innodb_additional_mem_pool_size = 2M
innodb_buffer_pool_size = 20M
## Set .._log_file_size to 25 % of buffer pool size
innodb_log_file_size = 5M
innodb_log_buffer_size = 8M

2050
conf/php-dev.ini Normal file
View File

File diff suppressed because it is too large Load Diff

14
conf/php.ini
View File

@ -2039,17 +2039,3 @@ eaccelerator.shm_prune_period="0"
; on session data and content caching.
; Default value is "0" that means - use disk and shared memory for caching.
eaccelerator.shm_only="0"
[XDebug]
;zend_extension = "C:\xampp\php\ext\php_xdebug.dll"
;xdebug.profiler_append = 0
;xdebug.profiler_enable = 1
;xdebug.profiler_enable_trigger = 0
;xdebug.profiler_output_dir = "C:\xampp\tmp"
;xdebug.profiler_output_name = "cachegrind.out.%t-%s"
;xdebug.remote_enable = 1
;xdebug.remote_handler = "dbgp"
;xdebug.remote_port = 9000
;xdebug.remote_host = "127.0.0.1"
;xdebug.remote_connect_back = 1
;xdebug.trace_output_dir = "C:\xampp\tmp"

BIN
conf/php_xdebug-2.6.0-7.2-vc15.dll Normal file
View File

Binary file not shown.

14
config.inc
View File

@ -15,6 +15,8 @@
* - Nov 14, 2017 - File created
* - May 24, 2018 - Updated constants for 1.3.2 release
* - Jun 2, 2018 - Added new STIG_EXCLUSIONS constant to permanently exclude STIGs
* - Aug 28, 2018 - Updated constants for 1.3.3 release
* - Jan 15, 2019 - Updated constants for 1.3.4 release
*/
// @new
/**
@ -29,8 +31,8 @@ define('E_DEBUG', 65535);
define('DOC_ROOT', '{DOC_ROOT}');
define('PWD_FILE', '{PWD_FILE}');
define('TMP', '{TMP_PATH}');
define('VER', '1.3.2');
define('REL_DATE', '2018-05-31');
define('VER', '1.3.4');
define('REL_DATE', '2019-01-15');
define('LOG_LEVEL', '{E_ERROR}');
define('LOG_PATH', '{LOG_PATH}');
define('SALT', '{SALT}');
@ -59,6 +61,7 @@ define('NOTIFICATIONS', '{NOTIFICATIONS}');
define('PORT_LIMIT', '{PORT_LIMIT}');
define('MAX_RESULTS', '{MAX_RESULTS}');
define('ECHECKLIST_FORMAT', '{ECHECKLIST_FORMAT}');
define('UPDATE_FREQ', '{UPDATE_FREQ}');
/**
* Company variables
@ -279,6 +282,13 @@ define('PDI_CATALOG', 'PDI_CATALOG');
*/
define('ECHECKLIST_CSV', 'ECHECKLIST_CSV');
/**
* Constant for a CSV host list
*
* @var string
*/
define('HOST_LIST', 'HOST_LIST');
/**
* Constant for unsupported retina CSV file format
*

220
data/catmgmt.inc
View File

@ -13,29 +13,30 @@
* Change Log:
* - May 2, 2018 - File created, Moved catalog mgmt html content from index page to this for easier viewing and refined the code a little
*/
global $db;
?>
<script src='/script/datatables/DataTables-1.10.9/js/jquery.dataTables.min.js'></script>
<link rel="stylesheet" href="/script/datatables/DataTables-1.10.9/css/jquery.dataTables.min.css" />
<link rel='stylesheet' href='/script/jquery-ui/jquery-ui.min.css' />
<script
src='/script/datatables/DataTables-1.10.9/js/jquery.dataTables.min.js'></script>
<link rel="stylesheet"
href="/script/datatables/DataTables-1.10.9/css/jquery.dataTables.min.css" />
<link rel='stylesheet' href='/script/jquery-ui/jquery-ui.theme.min.css' />
<style type='text/css'>
#availableSoftware {
#availableSoftware {
height: 227px;
width: 240px;
overflow-x: scroll;
font-size: 14px;
line-height: 1.25em;
}
}
.swmouseover {
.swmouseover {
background-color: #1D57A0;
color: #fff;
cursor: pointer;
}
}
</style>
<script src='data.min.js' type='text/javascript'></script>
<script type='text/javascript'>
$(function () {
$('#catalog').DataTable({
@ -45,15 +46,167 @@
close_box();
});
$('#release-date').datepicker();
$('.button,.button-delete').mouseover(function(){$(this).addClass('mouseover');});
$('.button,.button-delete').mouseout(function(){$(this).removeClass('mouseover');});
});
</script>
<style type="text/css">
thead {
background-image: linear-gradient(to bottom, #ECECEC, rgba(177,177,177,0.72));
color: #4c4c4c;
function close_box() {
$('.backdrop, .box').animate({
'opacity': '0'
}, 300, 'linear', function () {
$('.backdrop, .box').css('display', 'none');
});
}
function view_box() {
$('.backdrop').animate({
'opacity': '.5'
}, 300, 'linear');
$('.backdrop').css('display', 'block');
}
function get_cat_data(fname) {
$('#popup').animate({
'opacity': '1.00'
}, 300, 'linear');
$('#popup').css('display', 'block');
view_box();
$.ajax('/ajax.php', {
data: {
action: 'get-cat-data',
'fname': fname
},
beforeSend: function () {
$('#id').val('');
$('#checklist-id').text('');
$('#name').val('');
$('#description').val('');
$('#version').text('');
$('#release').text('');
$('#icon').val('');
$('#type').text('');
$('#software option').remove();
$('#cpe').val('');
},
success: function (data) {
$('#id').val(data.id);
$('#checklist-id').text(data.checklist_id);
$('#name').val(data.name);
$('#description').val(data.description);
$('#version').text(data.ver);
$('#release').text(data.release);
$('#icon').val(data.icon);
$('#type').text(data.type);
var dt = new Date(data.date.date);
$('#release-date').val(dt.getMonth() + "/" + dt.getDate() + '/' + dt.getFullYear());
for (var x in data.sw) {
$('#software').append("<option id='" + data.sw[x].id + "'>" +
data.sw[x].man + " " + data.sw[x].name + " " + data.sw[x].ver +
"</option>");
}
$('#software option').dblclick(remove_Software);
},
error: function (xhr, status, error) {
console.error(error);
},
timeout: 3000,
method: 'post',
dataType: 'json'
});
}
function remove_Software() {
$.ajax("/ajax.php", {
data: {
action: 'checklist-remove-software',
chk_id: $('#id').val(),
sw_id: $(this).attr('id')
},
success: function (data) {
if (data.error) {
alert(data.error);
}
else if (data.success) {
alert(data.success);
}
},
error: function (xhr, status, error) {
console.error(error);
},
dataType: 'json',
timeout: 3000,
method: 'post'
});
$(this).remove();
}
function autocomplete_software() {
if ($('#cpe').val().length < 3) {
return;
}
$.ajax('/ajax.php', {
data: {
action: ($('#os').is(":checked") ? 'os_filter' : 'sw_filter'),
filter: $('#cpe').val()
},
success: function (data) {
$('#availableSoftware div').remove();
for (var x in data) {
$('#availableSoftware').append("<div sw_id='" + data[x].sw_id + "' cpe='" + data[x].cpe + "'>" + data[x].sw_string + "</div>");
}
$('#availableSoftware').show();
$('#availableSoftware div').each(function () {
$(this).on("mouseover", function () {
$(this).addClass("swmouseover");
});
$(this).on("mouseout", function () {
$(this).removeClass("swmouseover");
});
$(this).on("click", function () {
add_software($(this).attr('sw_id'));
$('#software').append("<option value='" + $(this).attr('sw_id') + "' ondblclick='remove_Software();$(this).remove();'>" + $(this).html() + "</option>");
$(this).remove();
});
});
},
error: function (xhr, status, error) {
console.error(error);
},
dataType: 'json',
method: 'post',
timeout: 5000
});
}
function add_software(sw_id) {
$.ajax('/ajax.php', {
data: {
action: 'checklist-add-software',
'sw_id': sw_id,
chk_id: $('#id').val()
},
success: function (data) {
alert(data.status);
},
error: function (xhr, status, error) {
console.error(error);
},
dataType: 'json',
method: 'post',
timeout: 3000
});
}
</script>
<style type="text/css">
thead {
background-image: linear-gradient(to bottom, #ECECEC, rgba(177, 177, 177, 0.72));
color: #4c4c4c;
}
</style>
<div>
@ -65,51 +218,52 @@
<th>Start Time</th>
<th>% Complete</th>
<th>STIG Count</th>
<th>eChecklist</th>
</tr>
</thead>
<tbody>
<?php
$cat_scripts = $db->get_Catalog_Script();
$odd = true;
foreach ($cat_scripts as $key => $cat_script) {
print <<<EOL
foreach ($cat_scripts as $cat_script) {
print <<<EOR
<tr>
<td onclick='javascript:get_cat_data("{$cat_script->file_name}");'><a href='javascript:void(0);'>{$cat_script->file_name}</a></td>
<td onclick='javascript:get_cat_data("{$cat_script->file_name}");'>
<a href='javascript:void(0);'>{$cat_script->file_name}</a>
</td>
<td>{$cat_script->status}</td>
<td>{$cat_script->start_time->format("Y-m-d H:i:s")}</td>
<td>{$cat_script->perc_comp}</td>
<td>{$cat_script->stig_count}</td>
<td>
<a href='/data/gen-echecklist.php?id={$cat_script->id}' target='_blank'><img src='/img/scan_types/echecklist.png' style='width:32px'; /></a>
</td>
</tr>
EOL;
}
EOR;
}
?>
</tbody>
</table>
</div>
<div id='popup' class='box'>
<div style='display:inline-block;width:49%;vertical-align:top;'>
<div style='display: inline-block; width: 49%; vertical-align: top;'>
<input type='hidden' id='id' />
Checklist ID: <span id='checklist-id'></span><br />
Name: <input type='text' id='name' /><br />
Description: <textarea id='description'></textarea><br />
Description: <input type='text' id='description' /><br />
Version: <span id='version'></span><br />
Release: <span id='release'></span><br />
Release Date: <input type='text' id='release-date' /><br />
Icon: <input type='text' id='icon' title='Put file in <?php print realpath(DOC_ROOT . "/img/checklist_icons") ?> and copy/paste the base filename here' /><br />
Type: <span id='type'></span><br />
<input type='button' class="button" value='Save' onclick='save_checklist();' />
<!-- <input type='button' class='button-delete' value='Delete' onclick='' /> -->
Icon: <input type='text' id='icon' /><br />
Type: <span id='type'></span>
</div>
<div style='display:inline-block;width:49%;'>
<select id='software' multiple size='10' style='width:275px;' title='Double-click to remove software'></select><br />
<div style='display: inline-block; width: 49%;'>
<select id='software' multiple size='10'></select><br />
Add CPE: <input type='text' id='cpe' onkeyup='javascript:autocomplete_software();' />&nbsp;&nbsp;
<label for='os'>OS?</label>
<input type='checkbox' id='os' /><br />
<label for='os'>OS?</label> <input type='checkbox' id='os' /><br />
<div id="availableSoftware"></div>
</div>
</div>

197
data/gen-echecklist.php Normal file
View File

@ -0,0 +1,197 @@
<?php
set_time_limit(0);
require_once 'config.inc';
require_once 'helper.inc';
require_once 'vendor/autoload.php';
require_once 'database.inc';
require_once 'excelConditionalStyles.inc';
use PhpOffice\PhpSpreadsheet\Writer\Xlsx;
use Monolog\Logger;
use Monolog\Handler\StreamHandler;
$log_level = convert_log_level();
$log = new Logger("eChecklist-export");
$log->pushHandler(new StreamHandler(LOG_PATH . "/echecklist-export.log", $log_level));
global $conditions, $validation, $borders;
$db = new db();
$id = filter_input(INPUT_GET, 'id', FILTER_VALIDATE_INT, FILTER_NULL_ON_FAILURE);
if(!$id) {
die("Failed to read checklist ID");
}
$host_status = [
$conditions['open'],
$conditions['exception'],
$conditions['false_positive'],
$conditions['not_a_finding'],
$conditions['not_applicable'],
$conditions['no_data'],
$conditions['not_reviewed'],
$conditions['true'],
$conditions['false']
];
/** @var checklist $chk */
$chk = $db->get_Checklist($id);
if(is_array($chk) && count($chk) && isset($chk[0])) {
$chk = $chk[0];
} else {
die("Failed to find the checklist");
}
$Reader = \PhpOffice\PhpSpreadsheet\IOFactory::createReaderForFile("../ste/eChecklist-Template.xlsx");
$ss = $Reader->load("../ste/eChecklist-Template.xlsx");
$log->debug("Loaded template");
$ss->setActiveSheetIndexByName('Cover Sheet')
->setCellValue("B5", "{$chk->get_Name()} eChecklist")
->setCellValue("B9", "")
->setCellValue("B2", (substr($chk->get_File_Name(), 0, 1) == 'U' ? "UNCLASSIFIED" : "FOUO"))
->setCellValue("B12", "by:\r" . COMPANY . "\r" . COMP_ADD)
->setCellValue("B15", "Derived from: " . SCG . "\rReasons: <reasons>\rDeclassify on: " . DECLASSIFY_ON);
// set properties
$ss->getProperties()
->setCreator(CREATOR);
$ss->getProperties()
->setLastModifiedBy(LAST_MODIFIED_BY);
$ss->getProperties()
->setCompany(COMPANY);
$ss->getProperties()
->setTitle("{$chk->get_Name()} eChecklist");
$ss->getProperties()
->setSubject("{$chk->get_Name()} eChecklist");
$ss->getProperties()
->setDescription("{$chk->get_Name()} eChecklist");
// set active sheet
$ss->setActiveSheetIndex(2);
$sheet = $ss->getActiveSheet();
$sheet->setCellValue("B9", "{$chk->get_Name()} V{$chk->get_Version()}R{$chk->get_Release()} ({$chk->get_type()})");
$sheet->setTitle($chk->get_Name());
$sheet->setCellValue("A1", (substr($chk->get_File_Name(), 0, 1) == 'U' ? "UNCLASSIFIED" : "UNCLASSIFIED//FOUO"));
$db->help->select("pdi", null, [
[
'field' => 'pcl.checklist_id',
'op' => '=',
'value' => $id
]
], [
'table_joins' => [
"JOIN pdi_checklist_lookup pcl ON pcl.pdi_id = pdi.pdi_id"
]
]);
$pdis = $db->help->execute();
$row = 11;
if(is_array($pdis) && count($pdis)) {
foreach($pdis as $p) {
$overall_str = "=IF(" .
"COUNTIF(F{$row}:F{$row},\"Open\")+" .
"COUNTIF(F{$row}:F{$row},\"Exception\")" .
">0,\"Open\",\"Not a Finding\")";
$same_str = "=IF(" .
"COUNTIF(F{$row}:F{$row},F{$row})=" .
"COLUMNS(F{$row}:F{$row}), TRUE, FALSE)";
$sheet->setCellValue("A{$row}", $p['STIG_ID'])
->setCellValue("B{$row}", $p['VMS_ID'])
->setCellValue("C{$row}", $p['CAT'])
->setCellValue("D{$row}", $p['IA_Controls'])
->setCellValue("E{$row}", $p['short_title'])
->setCellValue("F{$row}", "Not Reviewed")
->setCellValue("G{$row}", $overall_str)
->setCellValue("H{$row}", $same_str, true)
->setCellValue("I{$row}", "")
->setCellValue("J{$row}", $p['check_contents'])
->getStyle("H11:H{$sheet->getHighestDataRow()}")
->setConditionalStyles([$conditions['true'], $conditions['false']]);
$row++;
}
$sheet->setDataValidation("F11:F{$row}", clone $validation['host_status']);
$sheet->getStyle("F11:G{$row}")
->setConditionalStyles($host_status);
$sheet->getStyle("C11:C{$row}")
->setConditionalStyles(array($conditions['cat_1'], $conditions['cat_2'], $conditions['cat_3']));
$sheet->getStyle("I11:I{$row}")
->setConditionalStyles(
[
$conditions['open_conflict'],
$conditions['nf_na_conflict']
]
);
$sheet->getStyle("A1:I{$row}")
->applyFromArray($borders);
$sheet->freezePane("A11");
$sheet->setAutoFilter("A10:I10");
$sheet->getColumnDimension("F")->setWidth(14.14);
$sheet->setCellValue("F8", "=COUNTIFS(F11:F{$row}, \"Open\", \$C\$11:\$C\${$row}, \"I\")")
->setCellValue("F9", "=COUNTIF(F11:F{$row}, \"Not Reviewed\")")
->setCellValue("F10", "Example");
$sheet->getStyle("F10")
->getFont()
->setBold(true);
$sheet->getStyle("F10")
->getFill()
->setFillType(\PhpOffice\PhpSpreadsheet\Style\Fill::FILL_SOLID)
->setStartColor($GLOBALS['yellow']);
$open_cat_1 = "=COUNTIFS(F11:F{$row}, \"Open\", \$C\$11:\$C\${$row}, \"I\")";
$open_cat_2 = "=COUNTIFS(F11:F{$row}, \"Open\", \$C\$11:\$C\${$row}, \"II\")";
$open_cat_3 = "=COUNTIFS(F11:F{$row}, \"Open\", \$C\$11:\$C\${$row}, \"III\")";
$not_a_finding = "=COUNTIF(F11:F{$row}, \"Not a Finding\")";
$not_applicable = "=COUNTIF(F11:F{$row}, \"Not Applicable\")";
$not_reviewed = "=COUNTIF(F11:F{$row}, \"Not Reviewed\")";
$sheet->getStyle("G8:H8")
->getFill()
->setFillType(\PhpOffice\PhpSpreadsheet\Style\Fill::FILL_SOLID)
->setStartColor($GLOBALS['orange']);
$sheet->getStyle("G9:H9")
->getFill()
->setFillType(\PhpOffice\PhpSpreadsheet\Style\Fill::FILL_SOLID)
->setStartColor($GLOBALS['green']);
$sheet->getStyle("G10:H10")
->getFill()
->setFillType(\PhpOffice\PhpSpreadsheet\Style\Fill::FILL_SOLID)
->setStartColor($GLOBALS['yellow']);
$sheet->getStyle("I10:J10")
->getFill()
->setFillType(\PhpOffice\PhpSpreadsheet\Style\Fill::FILL_SOLID)
->setStartColor($GLOBALS['light_gray']);
$sheet->setCellValue("G8", "=COUNTIF(G11:H{$row}, \"Open\")")
->setCellValue("G9", "=COUNTIF(G11:G{$row}, \"Not a Finding\")")
->setCellValue("H8", "=COUNTIF(H11:H{$row}, FALSE)")
->setCellValue("H9", "=COUNTIF(H11:H{$row}, TRUE)")
->setCellValue("E3", "")
->setCellValue("E4", "")
->setCellValue("G4", "")
->setCellValue('C2', $open_cat_1)
->setCellValue('C3', $open_cat_2)
->setCellValue('C4', $open_cat_3)
->setCellValue('C5', $not_a_finding)
->setCellValue('C6', $not_applicable)
->setCellValue('C7', $not_reviewed);
} else {
print "Error";
}
/**/
$writer = new Xlsx($ss);
$writer->setPreCalculateFormulas(false);
header("Content-type: application/vnd.openxmlformats-officedocument.spreadsheetml.sheet");
header("Content-disposition: attachment; filename='{$chk->get_Name()}-eChecklist.xlsx'");
$writer->save("php://output");

248
data/index.php
View File

@ -405,253 +405,7 @@ include_once 'header.inc';
include_once 'settings.inc';
}
elseif ($page == 'CatMgmt') {
?>
<script src='/script/datatables/DataTables-1.10.9/js/jquery.dataTables.min.js'></script>
<link rel="stylesheet" href="/script/datatables/DataTables-1.10.9/css/jquery.dataTables.min.css" />
<link rel='stylesheet' href='/script/jquery-ui-1.11.4/jquery-ui.min.css' />
<style type='text/css'>
#availableSoftware {
height: 227px;
width: 240px;
overflow-x: scroll;
font-size: 14px;
line-height: 1.25em;
}
.swmouseover {
background-color: #1D57A0;
color: #fff;
cursor: pointer;
}
</style>
<script type='text/javascript'>
$(function () {
$('#catalog').DataTable({
'stripeClasses': ['odd_row', 'even_row']
});
$('.close, .backdrop').click(function () {
close_box();
});
$('#release-date').datepicker();
});
function close_box() {
$('.backdrop, .box').animate({
'opacity': '0'
}, 300, 'linear', function () {
$('.backdrop, .box').css('display', 'none');
});
}
function view_box() {
$('.backdrop').animate({
'opacity': '.5'
}, 300, 'linear');
$('.backdrop').css('display', 'block');
}
function get_cat_data(fname) {
$('#popup').animate({
'opacity': '1.00'
}, 300, 'linear');
$('#popup').css('display', 'block');
view_box();
$.ajax('/ajax.php', {
data: {
action: 'get-cat-data',
'fname': fname
},
beforeSend: function () {
$('#id').val('');
$('#checklist-id').text('');
$('#name').val('');
$('#description').val('');
$('#version').text('');
$('#release').text('');
$('#icon').val('');
$('#type').text('');
$('#software option').remove();
$('#cpe').val('');
},
success: function (data) {
$('#id').val(data.id);
$('#checklist-id').text(data.checklist_id);
$('#name').val(data.name);
$('#description').val(data.description);
$('#version').text(data.ver);
$('#release').text(data.release);
$('#icon').val(data.icon);
$('#type').text(data.type);
var dt = new Date(data.date.date);
$('#release-date').val(dt.getMonth() + "/" + dt.getDate() + '/' + dt.getFullYear());
for (var x in data.sw) {
$('#software').append("<option id='" + data.sw[x].id + "'>" +
data.sw[x].man + " " + data.sw[x].name + " " + data.sw[x].ver +
"</option>");
}
$('#software option').dblclick(remove_Software);
},
error: function (xhr, status, error) {
console.error(error);
},
timeout: 3000,
method: 'post',
dataType: 'json'
});
}
function remove_Software() {
$.ajax("/ajax.php", {
data: {
action: 'checklist-remove-software',
chk_id: $('#id').val(),
sw_id: $(this).attr('id')
},
success: function (data) {
if (data.error) {
alert(data.error);
}
else if (data.success) {
alert(data.success);
}
},
error: function (xhr, status, error) {
console.error(error);
},
dataType: 'json',
timeout: 3000,
method: 'post'
});
$(this).remove();
}
function autocomplete_software() {
if ($('#cpe').val().length < 3) {
return;
}
$.ajax('/ajax.php', {
data: {
action: ($('#os').is(":checked") ? 'os_filter' : 'sw_filter'),
filter: $('#cpe').val()
},
success: function (data) {
$('#availableSoftware div').remove();
for (var x in data) {
$('#availableSoftware').append("<div sw_id='" + data[x].sw_id + "' cpe='" + data[x].cpe + "'>" + data[x].sw_string + "</div>");
}
$('#availableSoftware').show();
$('#availableSoftware div').each(function () {
$(this).on("mouseover", function () {
$(this).addClass("swmouseover");
});
$(this).on("mouseout", function () {
$(this).removeClass("swmouseover");
});
$(this).on("click", function () {
add_software($(this).attr('sw_id'));
$('#software').append("<option value='" + $(this).attr('sw_id') + "' ondblclick='remove_Software();$(this).remove();'>" + $(this).html() + "</option>");
$(this).remove();
});
});
},
error: function (xhr, status, error) {
console.error(error);
},
dataType: 'json',
method: 'post',
timeout: 5000
});
}
function add_software(sw_id) {
$.ajax('/ajax.php', {
data: {
action: 'checklist-add-software',
'sw_id': sw_id,
chk_id: $('#id').val()
},
success: function (data) {
alert(data.status);
},
error: function (xhr, status, error) {
console.error(error);
},
dataType: 'json',
method: 'post',
timeout: 3000
});
}
</script>
<style type="text/css">
thead {
background-image: linear-gradient(to bottom, #ECECEC, rgba(177,177,177,0.72));
color: #4c4c4c;
}
</style>
<div>
<table id='catalog' class='display'>
<thead>
<tr>
<th>File Name</th>
<th>Status</th>
<th>Start Time</th>
<th>% Complete</th>
<th>STIG Count</th>
</tr>
</thead>
<tbody>
<?php
$cat_scripts = $db->get_Catalog_Script();
$odd = true;
foreach ($cat_scripts as $key => $cat_script) {
print "<tr>" .
"<td onclick='javascript:get_cat_data(\"{$cat_script->file_name}\");'><a href='javascript:void(0);'>{$cat_script->file_name}</a></td>" .
"<td>{$cat_script->status}</td>" .
"<td>{$cat_script->start_time->format("Y-m-d H:i:s")}</td>" .
"<td>{$cat_script->perc_comp}</td>" .
"<td>{$cat_script->stig_count}</td>" .
"</td>";
}
?>
</tbody>
</table>
</div>
<div id='popup' class='box'>
<div style='display:inline-block;width:49%;vertical-align:top;'>
<input type='hidden' id='id' />
Checklist ID: <span id='checklist-id'></span><br />
Name: <input type='text' id='name' /><br />
Description: <input type='text' id='description' /><br />
Version: <span id='version'></span><br />
Release: <span id='release'></span><br />
Release Date: <input type='text' id='release-date' /><br />
Icon: <input type='text' id='icon' /><br />
Type: <span id='type'></span>
</div>
<div style='display:inline-block;width:49%;'>
<select id='software' multiple size='10'></select><br />
Add CPE: <input type='text' id='cpe' onkeyup='javascript:autocomplete_software();' />&nbsp;&nbsp;
<label for='os'>OS?</label>
<input type='checkbox' id='os' /><br />
<div id="availableSoftware"></div>
</div>
</div>
<div class="backdrop"></div>
<?php
include_once 'catmgmt.inc';
}
elseif ($page == 'Search') {
$q = filter_input(INPUT_POST, 'q', FILTER_SANITIZE_STRING, FILTER_NULL_ON_FAILURE);

341
data/ste_export_import.php
View File

@ -22,6 +22,7 @@
* - Apr 5, 2017 - Formatting
* - Dec 19, 2017 - Converted from XML to JSON format export/import
* - Jan 16, 2018 - Updated to use host_list class
* - Nov 19, 2018 - Fixed bug from changes to get_Category_Findings method
*
* @TODO - Change to export and import CPE
*/
@ -31,32 +32,33 @@ include_once 'database.inc';
$db = new db();
$cmd = getopt("f::", array("import::"));
$cmd = getopt("f::", [
"import::",
"export::"
]);
if (isset($_REQUEST['export'])) {
if (!isset($_REQUEST['ste'])) {
if (! isset($_REQUEST['ste'])) {
print "You must select an ST&amp;E <a href='javascript:void(0);' onclick='javascript:history.go(-1);'>Back</a>";
exit;
exit();
}
if ($_REQUEST['export'] == 'Export STE') {
export_STE();
}
elseif ($_REQUEST['export'] == 'Export Host List') {
} elseif ($_REQUEST['export'] == 'Export Host List') {
export_Host_List();
}
}
elseif (isset($cmd['import'])) {
} elseif (isset($cmd['import'])) {
import_STE();
}
else {
} else {
print "Usage: php ste_export_import.php -f=\"{path_to_ste_import_file}\" --import" . PHP_EOL;
}
/**
* Function to export an ST&amp;E
*/
function export_STE() {
function export_STE()
{
set_time_limit(0);
global $db;
@ -80,8 +82,9 @@ function export_STE() {
'proc_findings' => []
];
$system_arr = $db->get_System($ste->get_System()->get_ID());
foreach ($system_arr as $key => $sys) {
$system_arr = $db->get_System($ste->get_System()
->get_ID());
foreach ($system_arr as $sys) {
$json['systems'][] = [
'id' => $sys->get_ID(),
'name' => $sys->get_Name(),
@ -109,7 +112,7 @@ function export_STE() {
];
$cat_arr = $db->get_STE_Cat_List($ste->get_ID());
foreach ($cat_arr as $key => $cat) {
foreach ($cat_arr as $cat) {
$json['ste_cats'][] = [
'id' => $cat->get_ID(),
'ste_id' => $cat->get_STE_ID(),
@ -124,8 +127,8 @@ function export_STE() {
if (empty($targets_arr)) {
$log->script_log("There are no targets in the ST&E", E_ERROR);
}
foreach ($targets_arr as $key => $tgt) {
if (!in_array($tgt->get_Cat_ID(), $used_cats)) {
foreach ($targets_arr as $tgt) {
if (! in_array($tgt->get_Cat_ID(), $used_cats)) {
$all_findings = array_merge($all_findings, $db->get_Category_Findings($tgt->get_Cat_ID()));
$used_cats[] = $tgt->get_Cat_ID();
}
@ -220,7 +223,7 @@ function export_STE() {
$json['targets'][] = $tgt_node;
}
if (!is_null($scan_arr = $db->get_ScanData($ste->get_ID()))) {
if (! is_null($scan_arr = $db->get_ScanData($ste->get_ID()))) {
foreach ($scan_arr as $scan) {
$scan_node = [
'id' => $scan->get_ID(),
@ -233,10 +236,11 @@ function export_STE() {
];
foreach ($scan->get_Host_List() as $host) {
/** @var host_list $host */
$scan_node['host_list'][] = [
'tgt_id' => $host['target']->get_ID(),
'tgt_name' => $host['target']->get_Name(),
'count' => $host['count']
'tgt_id' => $host->getTargetId(),
'tgt_name' => $host->getTargetName(),
'count' => $host->getFindingCount()
];
}
@ -244,13 +248,12 @@ function export_STE() {
}
}
foreach ($all_findings as $worksheet_name => $data) {
foreach ($all_findings as $data) {
foreach ($data['stigs'] as $stig_id => $data2) {
$stig = $db->get_Stig($stig_id);
if (is_array($stig) && count($stig) && isset($stig[0]) && is_a($stig[0], 'stig')) {
$stig = $stig[0];
}
else {
} else {
continue;
}
@ -259,33 +262,25 @@ function export_STE() {
$find_node = [
'stig_id' => $stig->get_ID(),
'vms_id' => $ec->get_VMS_ID(),
'cat' => $ec->get_Cat_Level_String(),
'cat' => $ec->get_Cat_Level(),
'short_title' => $ec->get_Short_Title(),
'check_contents' => $ec->get_Check_Contents(),
'notes' => $data2['notes'],
'notes' => trim($data2['echecklist']->get_Notes()),
'target_status' => [],
'ia_controls' => []
'ia_controls' => $data2['echecklist']->get_IA_Controls()
];
foreach ($data['target_list'] as $host_name => $col_id) {
$tgt = $db->get_Target_Details($ste->get_ID(), $host_name)[0];
$finding = $db->get_Finding($tgt, $stig)[0];
if (is_null($finding)) {
continue;
}
unset($data['stigs'][$stig_id]['echecklist']);
unset($data['stigs'][$stig_id]['chk_id']);
foreach ($data['stigs'][$stig_id] as $host_name => $status) {
$find_node['target_status'][] = [
'tgt_name' => $host_name,
'status' => (isset($data2[$host_name]) ? $data2[$host_name] : 'Not Applicable'),
'scan_id' => $finding->get_Scan_ID()
'status' => $status,
//'scan_id' => $finding->get_Scan_ID()
];
}
foreach ($data2['ia_control'] as $ia) {
$find_node['ia_controls'] = $ia;
}
$json['tech_findings'][] = $find_node;
}
}
@ -298,7 +293,8 @@ function export_STE() {
/**
* Function to export the hosts in an ST&amp;E
*/
function export_Host_List() {
function export_Host_List()
{
global $db;
$csv = "Target ID,Name,HostName,IPv4,FQDN,OS" . PHP_EOL;
@ -306,23 +302,21 @@ function export_Host_List() {
$tgts = $db->get_Target_Details($_REQUEST['ste']);
foreach ($tgts as $key => $tgt) {
foreach ($tgts as $tgt) {
$csv .= $tgt->get_ID() . "," . $tgt->get_Name() . ",";
$int_str = '';
$fqdn_str = '';
$host_str = '';
foreach ($tgt->interfaces as $key2 => $int) {
if (false) {
$int = new interfaces();
}
foreach ($tgt->interfaces as $int) {
/** @var interfaces $int */
$host_str .= $int->get_Hostname() . ",";
$int_str .= $int->get_IPv4() . ",";
$fqdn_str .= $int->get_FQDN() . ",";
}
$host_str = substr($host_str, 0, -1);
$int_str = substr($int_str, 0, -1);
$fqdn_str = substr($fqdn_str, 0, -1);
$host_str = substr($host_str, 0, - 1);
$int_str = substr($int_str, 0, - 1);
$fqdn_str = substr($fqdn_str, 0, - 1);
$csv .= "\"$host_str\",\"$int_str\",\"$fqdn_str\",";
@ -338,255 +332,6 @@ function export_Host_List() {
/**
* Function to import an ST&amp;E
*/
function import_STE() {
global $cmd, $db;
set_time_limit(0);
$base_name = basename($cmd['f']);
include_once 'helper.inc';
$log = new Sagacity_Error($cmd['f']);
if (!file_exists($cmd['f'])) {
$log->script_log("File not found", E_ERROR);
}
$xml = new DOMDocument();
$ste_cat_arr = array();
$all_scans = array();
$all_tgts = array();
if (!$xml->load($cmd['f'])) {
$log->script_log("Error loading XML", E_ERROR);
}
$site_node = getValue($xml, "/root/site", null, true);
if ($site_node->length) {
$site_node = $site_node->item(0);
$site = $db->get_Site($site_node->getAttribute("name"));
if (is_array($site) && count($site)) {
$site = $site[0];
print "Existing site " . $site->get_Name() . PHP_EOL;
}
else {
print "Adding new site " . $site_node->getAttribute("name") . PHP_EOL;
$site = new site(null, $site_node->getAttribute("name"), $site_node->getAttribute("address"), $site_node->getAttribute("city"), $site_node->getAttribute("state"), $site_node->getAttribute("zip"), $site_node->getAttribute("country"), $site_node->getAttribute("poc_name"), $site_node->getAttribute("poc_email"), $site_node->getAttribute("poc_phone"));
$site->set_ID($db->save_Site($site));
}
}
else {
$log->script_log("No site associated with this ST&E", E_ERROR);
}
$sys_nodes = getValue($xml, "/root/systems/system", null, true);
if ($sys_nodes->length) {
foreach ($sys_nodes as $node) {
$sys = $db->get_System($node->getAttribute("name"));
if (is_array($sys) && count($sys)) {
$sys = $sys[0];
print "Existing system " . $sys->get_Name() . PHP_EOL;
}
else {
print "Adding new system " . $node->getAttribute("name") . PHP_EOL;
$sys = new system(null, $node->getAttribute("name"), $node->getAttribute("mac"), $node->getAttribute("classified"));
$sys->set_ID($db->save_System($sys));
}
}
}
else {
$log->script_log("No system associated with this ST&E", E_ERROR);
}
$ste_node = getValue($xml, "/root/ste", null, true);
if ($ste_node->length) {
print "Adding new ST&E" . PHP_EOL;
$ste_node = $ste_node->item(0);
$old_ste_id = $ste_node->getAttribute("id");
$ste = new ste(null, $sys->get_ID(), $site->get_Id(), $ste_node->getAttribute("eval_start"), $ste_node->getAttribute("eval_end"), false, 0);
$ste->set_ID($db->save_STE($ste));
}
else {
$log->script_log("No ST&E in this export file", E_ERROR);
}
$cat_nodes = getValue($xml, "/root/ste_cats/cat", null, true);
if ($cat_nodes->length) {
foreach ($cat_nodes as $node) {
print "Adding new category " . $node->getAttribute("name") . PHP_EOL;
$id = $node->getAttribute('id');
$ste_cat_arr[$id] = new ste_cat(null, $ste->get_ID(), $node->getAttribute("name"), $node->getAttribute("analysts"));
$ste_cat_arr[$id]->set_ID($db->save_Category($ste_cat_arr[$id]));
}
}
else {
$log->script_log("There are no categories in this ST&E", E_ERROR);
}
$tgt_nodes = getValue($xml, "/root/targets/target", null, true);
if ($tgt_nodes->length) {
foreach ($tgt_nodes as $node) {
print "Adding new target " . $node->getAttribute("name") . PHP_EOL;
$cat_id = $node->getAttribute("cat_id");
$os = $db->get_Software([
'man' => $node->getAttribute("os_man"),
'name' => $node->getAttribute("os_name"),
'ver' => $node->getAttribute("os_ver")
]);
if (is_array($os) && count($os)) {
$os = $os[0];
}
else {
$os = $db->getSoftware(array(
'man' => 'Generic',
'name' => 'Generic',
'ver' => 'N/A'
), false)[0];
}
$statuses = getValue($xml, "status", $node, true)->item(0);
$notes = getValue($xml, "notes", $node);
$netstat = getValue($xml, "netstat_connection", $node);
$patches = getValue($xml, "missing_patches", $node);
$os_string = getValue($xml, "os_string", $node);
$tgt = new target($node->getAttribute("name"));
$tgt->set_STE_ID($ste->get_ID());
$tgt->set_Cat_ID($ste_cat_arr[$cat_id]->get_ID());
$tgt->set_OS_ID($os->get_ID());
$tgt->set_OS_String($node->getAttribute("os_string"));
$tgt->set_Auto_Status_ID($statuses->getAttribute("auto"));
$tgt->set_Man_Status_ID($statuses->getAttribute("manual"));
$tgt->set_Data_Status_ID($statuses->getAttribute("data"));
$tgt->set_FP_Cat1_Status_ID($statuses->getAttribute("fp_cat1"));
$tgt->set_Location($node->getAttribute("location"));
$tgt->set_Notes($notes);
$tgt->set_Netstat_Connections($netstat);
$tgt->set_Login($node->getAttribute("login"));
$tgt->set_Missing_Patches($patches);
$tgt->set_PP_Flag($node->getAttribute("pp_flag"));
$tgt->set_PP_Suspended($node->getAttribute("pp_off"));
$ints = getValue($xml, "interfaces/interface", $node, true);
foreach ($ints as $int_node) {
$int = new interfaces(null, null, $int_node->getAttribute("name"), $int_node->getAttribute("ipv4"), $int_node->getAttribute("ipv6"), $int_node->getAttribute("hostname"), $int_node->getAttribute("fqdn"), getValue($xml, "description", $int_node));
$tcp_nodes = getValues($xml, "tcp_ports/port", $int_node, true);
foreach ($tcp_nodes as $tcp) {
$int->add_TCP_Ports(new tcp_ports(null, $tcp->getAttribute("number"), $tcp->getAttribute("name"), getValue($xml, "banner", $tcp), getValue($xml, "notes", $tcp)));
}
$udp_nodes = getValues($xml, "udp_ports/port", $int_node, true);
foreach ($udp_nodes as $udp) {
$int->add_UDP_Ports(new udp_ports(null, $udp->getAttribute("number"), $udp->getAttribute("name"), getValue($xml, "banner", $udp), getValue($xml, "notes", $udp)));
}
$tgt->interfaces[] = $int;
}
$sw_nodes = getValue($xml, "software_list/software", $node, true);
foreach ($sw_nodes as $sw) {
$tgt->software[] = $db->get_Software(array(
'man' => $sw->getAttribute("sw_man"),
'name' => $sw->getAttribute("sw_name"),
'ver' => $sw->getAttribute("sw_ver")
))[0];
}
$chk_nodes = getValue($xml, "checklist_list/checklist", $node, true);
foreach ($chk_nodes as $chk) {
$tgt->checklists[] = $db->get_Checklist(array(
'checklist_id' => $chk->getAttribute('checklist_id'),
'type' => $chk->getAttribute('type'),
'version' => $chk->getAttribute('version'),
'release' => $chk->getAttribute('release')
))[0];
}
$tgt->set_ID($db->save_Target($tgt));
$all_tgts[$node->getAttribute("id")] = $tgt;
}
}
else {
$log->script_log("No targets were found on this ST&E", E_ERROR);
}
$scan_nodes = getValue($xml, "/root/scans/scan", null, true);
if ($scan_nodes->length) {
foreach ($scan_nodes as $node) {
$src = $db->get_Sources($node->getAttribute("src_id"));
print "Adding new scan result file " . $node->getAttribute("file_name") . PHP_EOL;
$scan = new scan(null, $src, $ste, $node->getAttribute('itr'), $node->getAttribute("file_name"), $node->getAttribute('file_date'));
$host_list_nodes = getValue($xml, "host_list", $node, true);
foreach ($host_list_nodes as $host) {
$scan_tgt = $db->get_Target_Details($ste->get_ID(), $host->getAttribute('tgt_name'))[0];
$hl = new host_list();
$hl->setTargetId($scan_tgt->get_ID());
$hl->setTargetName($scan_tgt->get_Name());
$hl->setFindingCount($host->getAttribute("count"));
$hl->setScanError(false);
$scan->add_Target_to_Host_List($hl);
}
$scan->set_ID($db->save_Scan($scan));
$all_scans[$node->getAttribute("id")] = $scan;
}
}
else {
$log->script_log("No scan result files were found in this ST&E", E_ERROR);
}
$x = 1;
$finding_nodes = getValue($xml, "/root/tech_findings/finding", null, true);
if ($finding_nodes->length) {
print "Adding findings (total " . $finding_nodes->length . ")" . PHP_EOL;
foreach ($finding_nodes as $node) {
print ".";
if ($x % 100 == 0) {
print "\t$x" . PHP_EOL;
}
$ia_nodes = getValue($xml, "ia_control", $node, true);
$ia_arr = array();
foreach ($ia_nodes as $ia) {
$ia_arr[] = $ia->textContent;
}
$cc = getValue($xml, "check_contents", $node);
$tgt_status_nodes = getValue($xml, "target_status", $node, true);
foreach ($tgt_status_nodes as $status_node) {
$notes = getValue($xml, "notes", $status_node);
$tgt = $db->get_Target_Details($ste->get_ID(), $status_node->getAttribute("tgt_name"))[0];
$finding = array(
0 => $node->getAttribute("stig_id"),
1 => $node->getAttribute("vms_id"),
2 => $node->getAttribute("cat"),
3 => implode(' ', $ia_arr),
4 => $node->getAttribute("short_title"),
5 => $status_node->getAttribute("status"),
6 => $notes,
7 => $cc,
8 => ''
);
$db->add_Finding($all_scans[$status_node->getAttribute("scan_id")], $tgt, $finding);
}
$x++;
}
}
else {
$log->script_log("No findings were recorded in this ST&E", E_WARNING);
}
function import_STE()
{
}

9289
db_schema.json
View File

File diff suppressed because it is too large Load Diff

8
exec/Target Host Tools/Windows/Windows Data Collection/windows-data-collection.bat
View File

@ -112,10 +112,10 @@ echo -- wmic /output:hotfixes.txt qfe list | tee.cmd %SUMMARYFILE%
wmic qfe list > %OUTDIR%\hotfixes.txt
echo.
echo * 2.021, Software Certificate Installation Files | tee.cmd %OUTDIR%\hotfixes.txt
echo * 2.021, Software Certificate Installation Files | tee.cmd %OUTDIR%\certificates.txt
echo -- dir /s /b *.p12 *.pfs (C:\) | tee.cmd %SUMMARYFILE%
cd C:\
dir /s /b *.p12 *.pfs > %OUTDIR%\hotfixes.txt
dir /s /b *.p12 *.pfs > %OUTDIR%\certificates.txt
cd %originaldir%
echo.
@ -233,8 +233,8 @@ fciv.exe -both "%OUTFILE%" >> %CHECKSUMS%
echo * Installed Software | tee.cmd %SUMMARYFILE%
set OUTFILE=%OUTDIR%\installed-software.csv
echo -- wmic product /format:csv get name,version | tee.cmd %SUMMARYFILE%
wmic product get /format:csv name,version > %OUTFILE%
echo -- wmic product get name,version /format:csv | tee.cmd %SUMMARYFILE%
wmic product get name,version /format:csv > %OUTFILE%
echo * Query the registry for values | tee.cmd %SUMMARYFILE%
for /F "eol=; tokens=1,2 delims=," %%i in (reg-values-to-check.txt) do (

4
exec/background_results.php
View File

@ -80,8 +80,6 @@ $dbh = new db();
$files = glob("*.*");
$stack = [];
$running = [];
$time = 0;
$threads = [];
foreach ($files as $file) {
@ -239,7 +237,7 @@ do {
}
while ($dbh->get_Running_Script_Count($conf['ste']));
if (!$debug) {
if (!$debug && file_exists(DOC_ROOT . "/exec/parse_config.ini")) {
unlink(DOC_ROOT . "/exec/parse_config.ini");
}

5
exec/background_stigs.php
View File

@ -83,7 +83,6 @@ if (isset($cmd['d']) && $cmd['d']) {
chdir($path);
$db = new db();
$stack = [];
$zip_files = glob("*.zip");
$zip = new ZipArchive();
@ -155,7 +154,7 @@ foreach ($xml_files as $key => $file) {
continue;
}
elseif(!empty(STIG_EXCLUSIONS) && preg_match("/" . STIG_EXCLUSIONS . "/i", $file)) {
unlink($file);
unlink(TMP . "/stigs/xml/$file");
$log->debug("Skipping $file due to matching STIG exclusion");
continue;
}
@ -235,7 +234,7 @@ if (isset($cmd['delete'])) {
*/
function directory_crawl($files)
{
global $zip;
global $zip, $log;
foreach ($files as $file) {
if (preg_match('/\.zip/', $file)) {

39
exec/export-ckl.php
View File

@ -59,6 +59,16 @@ else {
print "Destination: $dest" . PHP_EOL;
$status_map = [
'Not Reviewed' => 'Not_Reviewed',
'Not a Finding' => 'NotAFinding',
'Open' => 'Open',
'Not Applicable' => 'Not_Applicable',
'No Data' => 'Not_Reviewed',
'Exception' => 'Open',
'False Positive' => 'NotAFinding'
];
$xml = new Array2XML();
$xml->standalone = true;
$xml->formatOutput = true;
@ -80,7 +90,7 @@ if ($tgt_count = count($tgts)) {
print "Target: {$tgt->get_Name()}" . PHP_EOL;
foreach ($tgt->checklists as $key => $chk) {
if ($chk->name == 'Orphan' || $chk->type != 'manual') {
if ($chk->name == 'Orphan' || $chk->type == 'benchmark') {
unset($tgt->checklists[$key]);
}
}
@ -110,12 +120,13 @@ if ($tgt_count = count($tgts)) {
}
$arr = [
'@comment' => "CyberPerspectives Sagacity v" . VER,
'ASSET' => [
'ROLE' => 'None',
'ASSET_TYPE' => 'Computing',
'HOST_NAME' => $tgt->get_Name(),
'HOST_IP' => $host_ip,
'HOST_MAC' => $host_mac,
'HOST_GUID' => '',
'HOST_FQDN' => $host_fqdn,
'TECH_AREA' => '',
'TARGET_KEY' => '',
@ -182,10 +193,11 @@ if ($tgt_count = count($tgts)) {
$total_stigs += $pdi_count = (is_array($pdis) ? count($pdis) : 0);
$count = 0;
$findings = $db->get_Finding($tgt);
foreach ($pdis as $pdi) {
$find = $db->get_Finding($tgt, new stig($pdi['pdi_id'], $pdi['STIG_ID'], null));
if (is_array($find) && count($find) && isset($find[0]) && is_a($find[0], 'finding')) {
$find = $find[0];
if (isset($findings[$pdi['pdi_id']])) {
$find = $findings[$pdi['pdi_id']];
}
$sev = 'low';
@ -306,20 +318,11 @@ if ($tgt_count = count($tgts)) {
]
], $cci_list);
$status = "Not_Reviewed";
$status = 'Not_Reviewed';
$notes = '';
if (is_a($find, 'finding')) {
$status = $find->get_Finding_Status_String();
if ($status == 'Not a Finding' || $status == 'False Positive') {
$status = "NotAFinding";
}
elseif($status == 'Exception') {
$status = 'Open';
}
else {
$status = str_replace(" ", "_", $status);
}
$status = $status_map[$find->get_Finding_Status_String()];
$notes = $find->get_Notes();
}
@ -355,6 +358,7 @@ Total STIGs: $total_stigs
EOO;
/**
* Function to retrieve all the PDIs for a specified target and checklist
*
* @global db $db
*
@ -387,7 +391,8 @@ function get_checklist_data($tgt, $chk) {
"JOIN sagacity.pdi_checklist_lookup pcl ON pcl.pdi_id = pdi.pdi_id",
"JOIN sagacity.target_checklist tc ON tc.chk_id = pcl.checklist_id",
"JOIN sagacity.stigs s ON s.pdi_id = pdi.pdi_id"
]
],
'group' => 'STIG_ID'
]);
$pdis = $db->help->execute();

20
exec/installer.php
View File

@ -40,7 +40,8 @@ $db_step = [
'sample-data' => ['filter' => FILTER_VALIDATE_BOOLEAN],
'cpe' => ['filter' => FILTER_VALIDATE_BOOLEAN],
'cve' => ['filter' => FILTER_VALIDATE_BOOLEAN],
'stig' => ['filter' => FILTER_VALIDATE_BOOLEAN]
'stig' => ['filter' => FILTER_VALIDATE_BOOLEAN],
'update-freq' => ['filter' => FILTER_VALIDATE_FLOAT, 'flag' => FILTER_NULL_ON_FAILURE]
];
$company_step = [
'company' => $params,
@ -101,16 +102,26 @@ function save_Database($params)
$php = null;
$mysql = null;
if (strtolower(substr(PHP_OS, 0, 3)) == 'lin') {
$res = [];
exec("which php", $res);
if (file_exists('/bin/php')) {
$php = realpath("/bin/php");
}
elseif (is_array($res) && isset($res[0]) && file_exists($res[0])) {
$php = realpath($res[0]);
}
else {
die(json_encode(['error' => 'Cannot find the PHP executable']));
}
$res = [];
exec("which mysql", $res);
if (file_exists('/bin/mysql')) {
$mysql = realpath('/bin/mysql');
}
elseif (is_array($res) && isset($res[0]) && file_exists($res[0])) {
$mysql = realpath($res[0]);
}
else {
die(json_encode(['error' => 'Cannot find the MySQL executable']));
}
@ -138,6 +149,7 @@ function save_Database($params)
my_str_replace("{PHP_CONF}", realpath(php_ini_loaded_file()), $config);
my_str_replace("{DB_SERVER}", $params['db-server'], $config);
my_str_replace("{DB_BIN}", $mysql, $config);
my_str_replace("'{UPDATE_FREQ}'", $params['update-freq'], $config);
my_str_replace("@new", "@step1", $config);
if (!file_exists($params['tmp-path'])) {
@ -169,7 +181,9 @@ function save_Database($params)
* CREATE DB PASSWORD FILE
* --------------------------------- */
$enc_pwd = my_encrypt($params['web-pwd']);
file_put_contents(DOC_ROOT . "/" . PWD_FILE, $enc_pwd);
if(!file_put_contents(DOC_ROOT . "/" . PWD_FILE, $enc_pwd)) {
die(json_encode(['error' => "Could not create the password file"]));
}
if (isset($params['conf-root-pwd']) && $params['conf-root-pwd'] == $params['root-pwd']) {
$db = new mysqli(DB_SERVER, $params['root-uname'], '', 'mysql');
@ -182,7 +196,6 @@ function save_Database($params)
unset($db);
}
$successful = true;
$zip = new ZipArchive();
$db = new mysqli(DB_SERVER, $params['root-uname'], $params['root-pwd'], 'mysql');
if ($db->connect_errno && $db->connect_errno == 1045) {
@ -349,7 +362,6 @@ EOO;
if (preg_grep("/Access Denied/i", $output)) {
$errors[] = $output;
$successful = false;
}
else {
unlink($file);

203
exec/parse_excel_echecklist.php
View File

@ -25,6 +25,8 @@
* - Aug 28, 2017 - Fixed couple minor bugs
* - Jan 15, 2018 - Formatting, reorganized use statements, and cleaned up
* - May 24, 2018 - Attempt to fix bug #413
* - Nov 6, 2018 - performance improvements, ensure duplicate findings are not created, make eChecklist true status, update for removing findings.id
* - Nov 8, 2018 - added functionality to assign OS and checklists based on worksheet contents
*/
$cmd = getopt("f:", ['debug::', 'help::']);
set_time_limit(0);
@ -111,6 +113,7 @@ else {
$scan->set_ID($scan_id);
}
/** @var software $gen_os */
$gen_os = $db->get_Software("cpe:/o:generic:generic:-", true);
if (is_array($gen_os) && count($gen_os) && isset($gen_os[0]) && is_a($gen_os[0], 'software')) {
$gen_os = $gen_os[0];
@ -124,21 +127,12 @@ foreach ($objSS->getWorksheetIterator() as $wksht) {
elseif (isset($conf['ignore']) && $wksht->getSheetState() == Worksheet::SHEETSTATE_HIDDEN) {
$log->info("Skipping hidden worksheet {$wksht->getTitle()}");
continue;
} elseif ($wksht->getTitle() == 'Orphan') {
$log->info("Skipping Orphan worksheet because it creates problems right now");
continue;
}
$db->help->select("scans", ['status'], [
[
'field' => 'id',
'op' => '=',
'value' => $scan->get_ID()
]
]);
$thread_status = $db->help->execute();
if ($thread_status['status'] == 'TERMINATED') {
unset($objSS);
rename(realpath(TMP . "/{$scan->get_File_Name()}"), TMP . "/terminated/{$scan->get_File_Name()}");
$log->notice("File parsing terminated by user");
}
$scan->isTerminated();
$log->notice("Reading from {$wksht->getTitle()}");
@ -151,6 +145,11 @@ foreach ($objSS->getWorksheetIterator() as $wksht) {
continue;
}
$chk_arr = explode(', ', $wksht->getCell("B9")->getValue());
$checklists = $db->get_Checklist_By_Name($chk_arr);
$os_str = $wksht->getCell("G4")->getValue();
$os = $db->get_Software_By_String($os_str);
$idx = [
'stig_id' => 1,
'vms_id' => 2,
@ -163,50 +162,80 @@ foreach ($objSS->getWorksheetIterator() as $wksht) {
'notes' => 9,
'check_contents' => 10
];
$finding_count = [];
$tgts = [];
$short_title_col = Coordinate::stringFromColumnIndex($idx['short_title']);
$row_count = $wksht->getHighestDataRow() - 10;
$row_count = $highestRow = $wksht->getHighestDataRow() - 10;
$highestCol = $wksht->getHighestDataColumn(10);
$tgt_findings = [];
foreach ($wksht->getRowIterator(10) as $row) {
foreach ($row->getCellIterator() as $cell) {
for ($col = 'F' ; $col != $highestCol ; $col++) {
$cell = $wksht->getCell($col . '10');
$log->debug("Checking column: {$cell->getColumn()} {$cell->getCoordinate()}");
$ip = null;
$db->help->select("scans", ['status'], [
[
'field' => 'id',
'op' => '=',
'value' => $scan->get_ID()
]
]);
$thread_status = $db->help->execute();
if ($thread_status['status'] == 'TERMINATED') {
unset($objSS);
rename(realpath(TMP . "/{$scan->get_File_Name()}"), TMP . "/terminated/{$scan->get_File_Name()}");
die($log->notice("File parsing terminated by user"));
}
if ($cell->getColumn() > $short_title_col && !preg_match('/Overall/i', $cell->getValue())) {
$scan->isTerminated();
if (!preg_match('/Overall/i', $cell->getValue())) {
if (preg_match('/status/i', $cell->getValue())) {
$log->error("Invalid host name ('status') in {$wksht->getTitle()}");
break;
}
if ($tgt_id = $db->check_Target($conf['ste'], $cell->getValue())) {
$log->debug("Found host for {$cell->getValue()}");
/** @var target $tgt */
$tgt = $db->get_Target_Details($conf['ste'], $tgt_id);
if (is_array($tgt) && count($tgt) && isset($tgt[0]) && is_a($tgt[0], 'target')) {
$tgt = $tgt[0];
if($tgt->get_OS_ID() == $gen_os->get_ID() && is_a($os, 'software')) {
$log->debug("Assigning operating system to {$tgt->get_Name()}", [$os]);
$tgt->set_OS_ID($os->get_ID());
$tgt->set_OS_String($os->get_Shortened_SW_String());
}
}
else {
$log->error("Could not find host {$cell->getValue()}");
}
if(is_a($checklists, 'checklist')) {
if(!isset($tgt->checklists[$checklists->get_ID()])) {
$log->debug("Assigning checklists to {$tgt->get_Name()}", [$checklists]);
$tgt->checklists[$checklists->get_ID()] = $checklists;
}
} elseif(is_array($checklists) && count($checklists)) {
$log->debug("Assigning checklists to {$tgt->get_Name()}", $checklists);
foreach($checklists as $c) {
/** @var checklist $c */
if(!isset($tgt->checklists[$c->get_ID()])) {
$tgt->checklists[$c->get_ID()] = $c;
}
}
}
$db->save_Target($tgt);
}
else {
$log->debug("Creating new target {$cell->getValue()}");
$tgt = new target($cell->getValue());
$tgt->set_OS_ID($gen_os->get_ID());
$tgt->set_OS_ID((is_a($os, 'software') ? $os->get_ID() : $gen_os->get_ID()));
$tgt->set_OS_String((is_a($os, 'software') ? $os->get_Shortened_SW_String() : $gen_os->get_Shortened_SW_String()));
$tgt->set_STE_ID($conf['ste']);
$tgt->set_Location($conf['location']);
$tgt->set_Notes('New Target');
if(is_a($checklists, 'checklist')) {
if(!isset($tgt->checklists[$checklists->get_ID()])) {
$tgt->checklists[$checklists->get_ID()] = $checklists;
}
} elseif(is_array($checklists) && count($checklists)) {
foreach($checklists as $c) {
/** @var checklist $c */
if(!isset($tgt->checklists[$c->get_ID()])) {
$tgt->checklists[$c->get_ID()] = $c;
}
}
}
if (preg_match('/((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\.|$)){4}/', $cell->getValue())) {
$ip = $cell->getValue();
$int = new interfaces(null, null, null, $ip, null, null, null, null);
@ -218,14 +247,15 @@ foreach ($objSS->getWorksheetIterator() as $wksht) {
$tgts[] = $tgt;
$log->debug("Adding new target to host list", ['row_count' => $row_count, 'tgt_id' => $tgt->get_ID(), 'tgt_name' => $tgt->get_Name()]);
if(!isset($scan->get_Host_List()[$tgt->get_ID()])) {
$hl = new host_list();
$hl->setFindingCount($row_count);
$hl->setTargetId($tgt->get_ID());
$hl->setTargetName($tgt->get_Name());
if ($ip) {
$hl->setTargetIp($ip);
}
elseif (is_array($tgt->interfaces) && count($tgt->interfaces)) {
} elseif (is_array($tgt->interfaces) && count($tgt->interfaces)) {
foreach ($tgt->interfaces as $int) {
if (!in_array($int->get_IPv4(), ['0.0.0.0', '127.0.0.1'])) {
$ip = $int->get_IPv4();
@ -236,25 +266,43 @@ foreach ($objSS->getWorksheetIterator() as $wksht) {
}
$scan->add_Target_to_Host_List($hl);
} else {
$hl = $scan->get_Host_List()[$tgt->get_ID()];
$hl->addFindingCount($row_count);
$scan->add_Target_to_Host_List($hl);
}
}
if (preg_match('/Overall/i', $cell->getValue())) {
$db->update_Scan_Host_List($scan);
$tgt_findings[$tgt->get_ID()] = $db->get_Finding($tgt);
if (preg_match('/overall/i', $cell->getValue())) {
$log->debug("Found overall: {$cell->getColumn()}");
break;
}
}
break;
if(count($tgts) > 100) {
$db->update_Running_Scan($base_name, ['name' => 'status', 'value' => 'ERROR']);
$db->update_Running_Scan($base_name, ['name' => 'notes', 'value' => "Too many targets in worksheet {$wksht->getTitle()}"]);
$log->error("Too many targets in worksheet {$wksht->getTitle()}");
unset($objSS);
rename($cmd['f'], TMP . "/terminated/$base_name");
die();
}
$db->update_Running_Scan($base_name, ['name' => 'host_count', 'value' => count($tgts)]);
// increment the column indexes for notes, check contents, and missing PDI
if (is_array($tgts) && count($tgts) > 1) {
$idx['overall'] += count($tgts);
$idx['consistent'] += count($tgts);
$idx['notes'] += count($tgts);
$idx['check_contents'] += count($tgts);
}
elseif (empty($tgts)) {
$increase = count($tgts) - 1;
$idx['overall'] += $increase;
$idx['consistent'] += $increase;
$idx['notes'] += $increase;
$idx['check_contents'] += $increase;
} elseif (empty($tgts)) {
$log->warning("Failed to identify targets in worksheet {$wksht->getTitle()}");
continue;
}
@ -266,8 +314,21 @@ foreach ($objSS->getWorksheetIterator() as $wksht) {
$title_col = Coordinate::stringFromColumnIndex($idx['short_title']);
$notes_col = Coordinate::stringFromColumnIndex($idx['notes']);
$log->debug("Columns", [
'stig_col' => $stig_col,
'vms_col' => $vms_col,
'cat_col' => $cat_col,
'ia_col' => $ia_col,
'title_col' => $title_col,
'overall_col' => Coordinate::stringFromColumnIndex($idx['overall']),
'consistent_col' => Coordinate::stringFromColumnIndex($idx['consistent']),
'check_contents_col' => Coordinate::stringFromColumnIndex($idx['check_contents']),
'notes_col' => $notes_col
]);
$new_findings = [];
$updated_findings = [];
$row_count = 0;
foreach ($wksht->getRowIterator(11) as $row) {
$stig_id = $wksht->getCell("{$stig_col}{$row->getRowIndex()}")->getValue();
@ -276,11 +337,13 @@ foreach ($objSS->getWorksheetIterator() as $wksht) {
$notes = $wksht->getCell("{$notes_col}{$row->getRowIndex()}")->getValue();
$stig = $db->get_Stig($stig_id);
if($row->getRowIndex() % 10 == 0) {
$scan->isTerminated();
}
if (is_array($stig) && count($stig) && isset($stig[0]) && is_a($stig[0], 'stig')) {
$stig = $stig[0];
}
else {
} else {
$pdi = new pdi(null, $cat_lvl, $dt->format("Y-m-d"));
$pdi->set_Short_Title($short_title);
$pdi->set_Group_Title($short_title);
@ -296,52 +359,58 @@ foreach ($objSS->getWorksheetIterator() as $wksht) {
foreach ($tgts as $tgt) {
$status = $wksht->getCell(Coordinate::stringFromColumnIndex($idx['target'] + $x) . $row->getRowIndex())
->getValue();
$log->debug("{$tgt->get_Name()} {$stig->get_ID()} ($status)");
$finding = $db->get_Finding($tgt, $stig);
if (is_array($finding) && count($finding) && isset($finding[0]) && is_a($finding[0], 'finding')) {
$tmp = $finding[0];
if(preg_match("/Not a Finding|Not Applicable/i", $status)) {
$ds = $tmp->get_Deconflicted_Status($status);
$tmp->set_Finding_Status_By_String($ds);
if(!in_array(strtolower($status), ['not reviewed', 'not a finding', 'open', 'not applicable', 'no data', 'exception', 'false positive'])) {
if(stripos($notes, "Formula found in status column") === false) {
$notes .= "Formula found in status column";
}
else {
$status = "Not Reviewed";
$scan->set_Host_Error($tgt->get_ID(), true, "Formula found in the status column");
}
$findings = $tgt_findings[$tgt->get_ID()];
if (is_array($findings) && count($findings) && isset($findings[$stig->get_PDI_ID()]) && is_a($findings[$stig->get_PDI_ID()], 'finding')) {
/** @var finding $tmp */
$tmp = $findings[$stig->get_PDI_ID()];
$tmp->set_Finding_Status_By_String($status);
}
$tmp->set_Notes($notes);
$tmp->set_Category($cat_lvl);
$tmp->set_Scan_ID($scan->get_ID());
$updated_findings[] = $tmp;
}
else {
$tmp = new finding(null, $tgt->get_ID(), $stig->get_PDI_ID(), $scan->get_ID(), $status, $notes, null, null, null);
} else {
$tmp = new finding($tgt->get_ID(), $stig->get_PDI_ID(), $scan->get_ID(), $status, $notes, null, null, null);
$tmp->set_Category($cat_lvl);
$new_findings[] = $tmp;
}
$log->debug("{$tgt->get_Name()} {$stig->get_ID()} ({$tmp->get_Finding_Status_String()})");
$x++;
}
if(count($updated_findings) + count($new_findings) >= 1000) {
if(!$db->add_Findings_By_Target($updated_findings, $new_findings)) {
die(print_r(debug_backtrace(), true));
} else {
$updated_findings = [];
$new_findings = [];
}
}
$db->update_Running_Scan($base_name, ['name' => 'perc_comp', 'value' => (($row->getRowIndex() - 10) / $highestRow) * 100]);
if (PHP_SAPI == 'cli') {
print "\r" . sprintf("%.2f%%", (($row->getRowIndex() - 10) / $row_count) * 100);
}
else {
$db->update_Running_Scan($base_name, ['name' => 'perc_comp', 'value' => (($row->getRowIndex() - 10) / $row_count) * 100]);
print "\r" . sprintf("%.2f%%", (($row->getRowIndex() - 10) / $highestRow) * 100);
}
}
$db->update_Scan_Host_List($scan);
if (!$db->add_Findings_By_Target($updated_findings, $new_findings)) {
print "Error adding finding" . PHP_EOL;
}
}
unset($objSS);
$db->update_Scan_Host_List($scan, $host_list);
if (!isset($cmd['debug'])) {
rename($cmd['f'], TMP . "/echecklist/$base_name");
}

6
exec/parse_host_data_collection.php
View File

@ -112,10 +112,8 @@ foreach ($files as $file) {
$scan_id = 0;
foreach ($findings as $key => $find) {
if (false) {
$find = new finding();
}
/** @var finding $find */
foreach ($findings as $find) {
$ret = array();
if ($find->get_Scan_ID()) {
$scan_id = $find->get_Scan_ID();

6
exec/parse_mssql.php
View File

@ -181,10 +181,8 @@ class mssql_parser extends scan_xml_parser {
// check for finding
$finding = $this->db->get_Finding($this->tgt, $this->stig);
if (is_array($finding) && count($finding)) {
/** @var finding $finding */
$finding = $finding[0];
if (false) {
$finding = new finding();
}
$finding->prepend_Notes("(MSSQL) " . $this->notes);
if ($finding->get_Finding_Status_String() != "Not Reviewed" && $finding->get_Finding_Status_String() != $this->status) {
@ -199,7 +197,7 @@ class mssql_parser extends scan_xml_parser {
$this->updated_findings[$finding->get_PDI_ID()] = $finding;
}
else {
$finding = new finding(null, $this->tgt->get_ID(), $this->stig->get_PDI_ID(), $this->scan->get - ID(), $this->status, $this->notes, finding::NC, "MSSQL", 1);
$finding = new finding($this->tgt->get_ID(), $this->stig->get_PDI_ID(), $this->scan->get - ID(), $this->status, $this->notes, finding::NC, "MSSQL", 1);
$this->new_findings[$this->stig->get_PDI_ID()] = $finding;
}

31
exec/parse_nessus.php
View File

@ -148,7 +148,8 @@ class nessus_parser extends scan_xml_parser
"cpe:\/o:microsoft:windows_2003_server::sp([\d]).*" => "cpe:/o:microsoft:windows_2003_server:-:sp$1",
"cpe:\/o:microsoft:windows_server_2008:r2::x64.*" => "cpe:/o:microsoft:windows_server_2008:r2",
"cpe:\/o:redhat:enterprise_linux:([\d]+)::.*" => "cpe:/o:redhat:enterprise_linux:$1",
"cpe:\/o:sun:sunos:([\d]+)::x([\d]+).*" => "cpe:/o:oracle:solaris:$1",
"cpe:\/o:sun:sunos:([\d]+)::.*" => "cpe:/o:oracle:solaris:$1",
"cpe:\/o:vmware:esx_server.*" => "cpe:/o:vmware:esxi:5.0",
"cpe:\/o:centos:centos:([\d]+).*" => "cpe:/o:centos:centos:$1",
];
@ -582,7 +583,8 @@ class nessus_parser extends scan_xml_parser
$this->log->script_log("Skipping tcp6 ports because there are " . count($netstat_keys) . " listening", E_DEBUG);
}
$this->tgt->set_ID($this->db->save_Target($this->tgt));
$this->tgt->set_PP_Flag(true);
$this->tgt->set_ID($this->db->save_Target($this->tgt, false));
$dt = DateTime::createFromFormat("D M d H:i:s Y", $this->tag["HOST_START"]);
if ($dt < $this->scan->get_File_DateTime()) {
@ -1141,7 +1143,7 @@ class nessus_parser extends scan_xml_parser
}
}
else {
$tmp = new finding(null, $this->tgt->get_ID(), $this->plugin->result->stig->get_PDI_ID(), $this->scan->get_ID(), $this->plugin->result->status, "[{$this->tgt->get_Name()}]: {$note}", finding::NC, "Nessus", 1);
$tmp = new finding($this->tgt->get_ID(), $this->plugin->result->stig->get_PDI_ID(), $this->scan->get_ID(), $this->plugin->result->status, "[{$this->tgt->get_Name()}]: {$note}", finding::NC, "Nessus", 1);
if (!is_null($pdi)) {
$tmp->set_Category($pdi->get_Category_Level());
}
@ -1177,7 +1179,7 @@ class nessus_parser extends scan_xml_parser
$stig = new stig($pdi_id, $this->plugin->result->stig, $this->plugin->desc);
$this->db->add_Stig($stig);
$tmp = new finding(null, $this->tgt->get_ID(), $pdi->get_ID(), $this->scan->get_ID(), $this->plugin->result->status, "[" . $this->tgt->get_Name() . "]: " . $note, finding::NC, "Nessus", 1);
$tmp = new finding($this->tgt->get_ID(), $pdi->get_ID(), $this->scan->get_ID(), $this->plugin->result->status, "[" . $this->tgt->get_Name() . "]: " . $note, finding::NC, "Nessus", 1);
$tmp->set_Category($this->plugin->result->cat);
if (isset($this->new_findings[$tmp->get_PDI_ID()])) {
@ -1204,20 +1206,16 @@ class nessus_parser extends scan_xml_parser
if ($this->plugin->sev == 0) {
return;
}
if (false) {
$this->plugin->result = new nessus_result();
}
/** @var nessus_result $this->plugin->result */
$finding = $this->db->get_Finding($this->tgt, $this->plugin->db_plugin);
if (is_array($finding) && count($finding)) {
$finding = $finding[0];
$finding = current($finding);
}
if (is_a($finding, 'finding')) {
/** @var finding $finding */
$this->log->script_log("Updating finding");
if (false) {
$finding = new finding();
}
if ($this->debug) {
$this->log->script_log("Finding exists: " . print_r($finding, true), E_DEBUG);
}
@ -1229,10 +1227,8 @@ class nessus_parser extends scan_xml_parser
}
if (is_array($orig_scan) && count($orig_scan)) {
/** @var scan $orig_scan */
$orig_scan = $orig_scan[0];
if (false) {
$orig_scan = new scan();
}
$finding->set_Original_Source($orig_scan->get_Source()->get_Name());
$finding->set_Scan_ID($this->scan->get_ID());
@ -1264,7 +1260,7 @@ class nessus_parser extends scan_xml_parser
}
else {
$this->log->script_log("Adding new finding");
$tmp = new finding(null, $this->tgt->get_ID(), $this->plugin->db_plugin->get_PDI_ID(), $this->scan->get_ID(), $this->plugin->result->status, $note, finding::NC, "Nessus", 1);
$tmp = new finding($this->tgt->get_ID(), $this->plugin->db_plugin->get_PDI_ID(), $this->scan->get_ID(), $this->plugin->result->status, $note, finding::NC, "Nessus", 1);
$tmp->set_Category($this->plugin->result->cat);
$this->new_findings[$tmp->get_PDI_ID()] = $tmp;
@ -1332,7 +1328,8 @@ class nessus_parser extends scan_xml_parser
{
$this->log->script_log("ReportHost_end-START: {$this->tgt->get_Name()}");
// save findings
$this->db->save_Target($this->tgt);
$this->tgt->set_PP_flag(true);
$this->db->save_Target($this->tgt, false);
$this->log->script_log("Added finding counts: " . count($this->new_findings) . " for target " . $this->tgt->get_Name());
$this->log->script_log("Updated finding counts: " . count($this->updated_findings) . " for target " . $this->tgt->get_Name());
@ -1363,6 +1360,8 @@ class nessus_parser extends scan_xml_parser
{
$this->log->script_log("Saving host list");
$this->db->update_Scan_Host_List($this->scan);
$this->db->post_Processing();
}
}

20
exec/parse_nmap.php
View File

@ -22,6 +22,7 @@
* - Nov 7, 2016 - Added d parameter documentation
* - Dec 7, 2016 - Added check for "Interesting ports on {IP}" line
* - Jan 30, 2017 - Updated to use parse_config.ini file, and added populating new targets with shortened os software string if available.
* - Jan 21, 2019 - fixed filetype check for .nmap and .gnmap files.
*/
$cmd = getopt("f:", ['debug::', 'help::']);
@ -92,8 +93,15 @@ foreach ($lines as $line_num => $line) {
continue;
} # skip blank lines
$line = trim($line, "\t\n\r"); # chomp would be nice...
$matches = [];
if (!isset($filetype)) {
if (preg_match('/Starting|\-oN/', $line)) {
if (preg_match('/\.nmap/', $cmd['f'])) {
$filetype = "text";
}
elseif (preg_match('/\.gnmap/', $cmd['f'])) {
$filetype = "grep";
}
elseif (preg_match('/Starting|\-oN/', $line)) {
$filetype = "text";
}
elseif (preg_match('/\-oG/', $line)) {
@ -242,8 +250,6 @@ if ($filetype == "xml") {
$target[$ip]['description'] = $vendor;
# Iterate through ports
$ports = getValue($xml, "ports/port", $host, true);
$tcp_ports = [];
$udp_ports = [];
foreach ($ports as $portxml) {
$portid = $portxml->getAttribute("portid");
$proto = $portxml->getAttribute("protocol");
@ -284,6 +290,7 @@ if ($filetype == "xml") {
$db->update_Running_Scan($base_name, ['name' => 'host_count', 'value' => count($target)]);
$count = 0;
$tgt_ip = null;
foreach ($target as $ip => $tgt) {
# get target ID
$tgt_id = 0;
@ -302,6 +309,7 @@ foreach ($target as $ip => $tgt) {
$tgt_obj->set_STE_ID($conf['ste']);
//$tgt_obj->set_Notes("New target found by NMap");
$tgt_obj->set_OS_ID($sw->get_ID());
$tgt_obj->set_PP_Flag(true);
if ($sw->get_Shortened_SW_String()) {
$tgt_obj->set_OS_String($sw->get_Shortened_SW_String());
}
@ -344,10 +352,11 @@ foreach ($target as $ip => $tgt) {
}
}
$tgt_obj->set_ID($tgt_id = $db->save_Target($tgt_obj));
$tgt_obj->set_ID($tgt_id = $db->save_Target($tgt_obj, false));
}
else { #Update
$db_tgt = $db->get_Target_Details($conf['ste'], $tgt_id)[0];
$db_tgt->set_PP_Flag(true);
if (isset($tgt['tcp'])) {
foreach ($tgt['tcp'] as $port_num => $port) {
@ -388,7 +397,7 @@ foreach ($target as $ip => $tgt) {
}
}
$db->save_Target($db_tgt);
$db->save_Target($db_tgt, false);
}
$count++;
@ -406,6 +415,7 @@ foreach ($target as $ip => $tgt) {
$db->update_Running_Scan($base_name, ['name' => 'last_host', 'value' => $db_tgt->get_Name()]);
}
$db->post_Processing();
$db->update_Scan_Host_List($scan);
$db->update_Running_Scan($base_name, ['name' => 'perc_comp', 'value' => 100, 'complete' => 1]);
if (!isset($cmd['debug'])) {

68
exec/parse_nvd_json_cve.php
View File

@ -49,7 +49,7 @@ $log = new Logger("nvd_cve");
$log->pushHandler(new StreamHandler(LOG_PATH . "/nvd_cve.log", $log_level));
$db = new db();
$json = json_decode(file_get_contents($cmd['f']));
$json = json_decode(file_get_contents($cmd['f']), true);
$existing_cves = [];
$db->help->select("cve_db", ['cve_id']);
@ -60,20 +60,21 @@ if (is_array($cves) && count($cves)) {
}
}
print "Currently " . count($existing_cves) . " in DB" . PHP_EOL . "Parsing: " . count($json->CVE_Items) . " items" . PHP_EOL;
print "Currently " . count($existing_cves) . " in DB" . PHP_EOL . "Parsing: " . count($json['CVE_Items']) . " items" . PHP_EOL;
$db_cpes = [];
$db_cpes23 = [];
$new_cves = [];
$new_cve_refs = [];
$new_cve_web = [];
$sw_rows = [];
$new = 0;
$existing = 0;
$db->help->select("software", ['id', 'cpe']);
$db->help->select("software", ['id', 'cpe', 'cpe23']);
$rows = $db->help->execute();
foreach ($rows as $row) {
$db_cpes["{$row['cpe']}"] = $row['id'];
$db_cpes23["{$row['cpe23']}"] = $row['id'];
}
$cve_fields = [
@ -82,28 +83,23 @@ $cve_fields = [
$ref_fields = [
'cve_seq', 'source', 'url', 'val'
];
$web_fields = [
'cve_id', 'xml'
];
foreach ($json->CVE_Items as $cve) {
if (!isset($existing_cves["{$cve->cve->CVE_data_meta->ID}"])) {
$log->debug("Adding {$cve->cve->CVE_data_meta->ID}");
foreach ($json['CVE_Items'] as $cve) {
if (!isset($existing_cves["{$cve['cve']['CVE_data_meta']['ID']}"])) {
$log->debug("Adding {$cve['cve']['CVE_data_meta']['ID']}");
$new++;
$desc = [];
$status = null;
$phase = null;
$cpes = [];
$name = $cve->cve->CVE_data_meta->ID;
$type = $cve->cve->data_type;
$seq = $cve->cve->CVE_data_meta->ID;
$pd = new DateTime($cve->publishedDate);
$lmd = new DateTime($cve->lastModifiedDate);
$name = $cve['cve']['CVE_data_meta']['ID'];
$seq = $cve['cve']['CVE_data_meta']['ID'];
$pd = new DateTime($cve['publishedDate']);
if (is_array($cve->cve->description->description_data) && count($cve->cve->description->description_data)) {
foreach ($cve->cve->description->description_data as $d) {
$desc[] = $d->value;
if (is_array($cve['cve']['description']['description_data']) && count($cve['cve']['description']['description_data'])) {
foreach ($cve['cve']['description']['description_data'] as $d) {
$desc[] = $d['value'];
}
}
@ -111,24 +107,21 @@ foreach ($json->CVE_Items as $cve) {
$name, $seq, $status, $phase, $pd, implode(PHP_EOL, $desc)
];
if (is_array($cve->cve->references->reference_data) && count($cve->cve->references->reference_data)) {
foreach ($cve->cve->references->reference_data as $ref) {
$log->debug("Adding reference {$ref->url}");
if (is_array($cve['cve']['references']['reference_data']) && count($cve['cve']['references']['reference_data'])) {
foreach ($cve['cve']['references']['reference_data'] as $ref) {
$log->debug("Adding reference {$ref['url']}");
$new_cve_refs[] = [
$name, null, $ref->url, null
$name, null, $ref['url'], null
];
}
}
if (is_array($cve->configurations->nodes) && count($cve->configurations->nodes)) {
foreach ($cve->configurations->nodes as $n) {
if (isset($n->cpe) && is_array($n->cpe) && count($n->cpe)) {
foreach ($n->cpe as $cpe) {
if (isset($cpe->cpe22Uri)) {
$cpes[] = $cpe->cpe22Uri;
}
elseif (isset($cpe->cpeMatchString)) {
$cpes[] = $cpe->cpeMatchString;
if(is_array($cve['configurations']['nodes']) && count($cve['configurations']['nodes'])) {
foreach($cve['configurations']['nodes'] as $n) {
if(isset($n['cpe_match']) && is_array($n['cpe_match']) && count($n['cpe_match'])) {
foreach($n['cpe_match'] as $c) {
if($c['vulnerable'] && $c['cpe23Uri']) {
$cpes[] = $c['cpe23Uri'];
}
}
}
@ -139,6 +132,8 @@ foreach ($json->CVE_Items as $cve) {
foreach ($cpes as $cpe) {
if (isset($db_cpes["{$cpe}"])) {
$sw_rows[] = [$name, $db_cpes["{$cpe}"]];
} elseif (isset($db_cpes23["{$cpe}"])) {
$sw_rows[] = [$name, $db_cpes23["{$cpe}"]];
}
}
}
@ -168,18 +163,9 @@ foreach ($json->CVE_Items as $cve) {
$new_cves = [];
$new_cve_refs = [];
$new_cve_web = [];
$sw_rows = [];
print "\t" . ($existing + $new) . " completed" . PHP_EOL;
$db->help->update("settings", ['meta_value' => number_format((($existing + $new) / count($json->CVE_Items)) * 100, 2)], [
[
'field' => 'meta_key',
'value' => 'nvd-cve-progress'
]
]);
$db->help->execute();
}
}
@ -198,7 +184,7 @@ if (count($sw_rows)) {
$db->help->execute();
}
unlink($cmd['f']);
//unlink($cmd['f']);
print PHP_EOL;

326
exec/parse_scc_xccdf.php
View File

@ -24,73 +24,110 @@
* - May 13, 2017 - Fixed error when trying to delete a USGCB scan file (not supported)
* - Oct 23, 2017 - Fixed error of finding statuses being overwritten
*/
$cmd = getopt("f:", ['debug::', 'help::']);
$cmd = getopt("f:", [
'debug::',
'help::'
]);
if (!isset($cmd['f']) || isset($cmd['help'])) {
if (! isset($cmd['f']) || isset($cmd['help'])) {
die(usage());
}
$conf = parse_ini_file("parse_config.ini");
if (!$conf) {
if (! $conf) {
die("Could not find parse_config.ini configuration file");
}
chdir($conf['doc_root']);
set_time_limit(0);
require_once 'vendor/autoload.php';
include_once 'config.inc';
include_once 'xml_parser.inc';
include_once 'database.inc';
include_once 'helper.inc';
use Monolog\Logger;
use Monolog\Handler\StreamHandler;
chdir(TMP);
$db = new db();
$base_name = basename($cmd['f']);
$host_list = array();
$err = new Sagacity_Error($cmd['f']);
$log_level = convert_log_level();
if (!file_exists($cmd['f'])) {
$db->update_Running_Scan($base_name, ['name' => 'status', 'value' => 'ERROR']);
$err->script_log("File not found", E_ERROR);
}
elseif (preg_match('/.*Results\_iavm\_(2009|2010)|Results\_USGCB/i', $cmd['f'])) {
$base_name = basename($cmd['f']);
$log = new Logger("scc-import");
$log->pushHandler(new StreamHandler(logify($cmd['f']), $log_level));
if (! file_exists($cmd['f'])) {
$db->update_Running_Scan($base_name, [
'name' => 'status',
'value' => 'ERROR'
]);
$log->error("File not found");
die();
} elseif (preg_match('/.*Results\_iavm\_(2009|2010)|Results\_USGCB/i', $cmd['f'])) {
$scan = $db->get_ScanData($conf['ste'], $cmd['f']);
if (is_array($scan) && count($scan) && isset($scan[0]) && is_a($scan[0], 'scan')) {
$db->delete_Scan($scan[0]->get_ID(), false);
}
$err->script_log("Cannot parse these types of files", E_ERROR);
$log->error("Cannot parse these types of files");
die();
}
class scc_parser extends scan_xml_parser {
class scc_parser extends scan_xml_parser
{
var $values;
var $value_id;
var $getvalue = false;
var $groups;
var $group_id;
var $vms_id;
var $vms = null;
var $sv_rule;
var $tgt;
var $tag;
var $int_count = 0;
var $found_rule = false;
/**
* Constructor
*
* @global Monolog\Logger $log
*
* @param int $ste_id_in
* @param string $fname_in
*/
public function __construct($ste_id_in, $fname_in) {
$this->values = array();
$this->groups = array();
$this->tag = array();
public function __construct($ste_id_in, $fname_in)
{
$this->values = [];
$this->groups = [];
$this->tag = [];
parent::__construct($this, $ste_id_in, $fname_in);
$this->db->update_Running_Scan($this->scan->get_File_Name(), ['name' => 'pid', 'value' => getmypid()]);
}
/**
* Function to parse \cdf:Benchmark
*
* @param array $attrs
*/
public function cdf_Benchmark($attrs)
{
$this->scan->set_Start_Time(new DateTime("now", new DateTimeZone("UTC")));
}
/**
@ -98,7 +135,8 @@ class scc_parser extends scan_xml_parser {
*
* @param array $attrs
*/
public function cdf_Benchmark_cdf_Value($attrs) {
public function cdf_Benchmark_cdf_Value($attrs)
{
$this->values[$attrs['id']] = null;
$this->value_id = $attrs['id'];
}
@ -108,12 +146,11 @@ class scc_parser extends scan_xml_parser {
*
* @param array $attrs
*/
public function cdf_Benchmark_cdf_Value_cdf_value($attrs) {
if (!isset($attrs['selector'])) {
$this->getvalue = true;
}
else {
public function cdf_Benchmark_cdf_Value_cdf_value($attrs)
{
$this->getvalue = false;
if (! isset($attrs['selector'])) {
$this->getvalue = true;
}
}
@ -122,7 +159,8 @@ class scc_parser extends scan_xml_parser {
*
* @param string $data
*/
public function cdf_Benchmark_cdf_Value_cdf_value_data($data) {
public function cdf_Benchmark_cdf_Value_cdf_value_data($data)
{
if ($this->getvalue) {
$this->values[$this->value_id] = $data;
}
@ -133,20 +171,28 @@ class scc_parser extends scan_xml_parser {
*
* @param array $attrs
*/
public function cdf_Benchmark_cdf_Group($attrs) {
$this->vms = $this->db->get_GoldDisk($attrs['id']);
public function cdf_Benchmark_cdf_Group($attrs)
{
$this->found_rule = false;
$match = [];
$this->vms_id = null;
$this->vms = null;
if (is_array($this->vms) && count($this->vms) && isset($this->vms[0]) && is_a($this->vms[0], 'golddisk')) {
$this->group_id = $this->vms[0]->get_PDI_ID();
if(preg_match("/(V\-[\d]+)/", $attrs['id'], $match)) {
$this->vms_id = $match[1];
$this->group_id = $this->vms_id;
}
else {
$this->group_id = $attrs['id'];
$this->vms = null;
return;
}
$this->vms = $this->db->get_GoldDisk($this->vms_id);
if (is_array($this->vms) && count($this->vms) && isset($this->vms[0]) && is_a($this->vms[0], 'golddisk')) {
$this->vms = $this->vms[0];
$this->group_id = $this->vms->get_PDI_ID();
}
$this->vms_id = $attrs['id'];
$this->groups[$this->group_id] = array();
$this->found_rule = false;
$this->groups[$this->group_id] = [];
}
/**
@ -154,7 +200,8 @@ class scc_parser extends scan_xml_parser {
*
* @param array $attrs
*/
public function cdf_Benchmark_cdf_Group_cdf_Rule($attrs) {
public function cdf_Benchmark_cdf_Group_cdf_Rule($attrs)
{
$sv_rule = $this->db->get_SV_Rule(null, $attrs['id']);
if (is_array($sv_rule) && count($sv_rule) && isset($sv_rule[0]) && is_a($sv_rule[0], 'sv_rule')) {
@ -179,8 +226,7 @@ class scc_parser extends scan_xml_parser {
'status' => "Not Reviewed",
'cat' => 2
];
}
else {
} else {
return;
}
@ -197,7 +243,8 @@ class scc_parser extends scan_xml_parser {
*
* @param string $data
*/
public function cdf_Benchmark_cdf_Group_cdf_Rule_cdf_version_data($data) {
public function cdf_Benchmark_cdf_Group_cdf_Rule_cdf_version_data($data)
{
$stig = $this->db->get_Stig($data);
if (is_array($stig) && count($stig) && isset($stig[0]) && is_a($stig[0], 'stig')) {
$this->found_rule = true;
@ -229,12 +276,12 @@ class scc_parser extends scan_xml_parser {
*
* @param string $data
*/
public function cdf_Benchmark_cdf_Group_cdf_Rule_cdf_title_data($data) {
public function cdf_Benchmark_cdf_Group_cdf_Rule_cdf_title_data($data)
{
if (empty($this->groups[$this->group_id]['title'])) {
$this->groups[$this->group_id]['title'] = $data;
}
else {
//error_log(print_r($this->group_id, true));
} else {
// error_log(print_r($this->group_id, true));
}
}
@ -243,15 +290,15 @@ class scc_parser extends scan_xml_parser {
*
* @param string $data
*/
public function cdf_Benchmark_cdf_Group_cdf_Rule_cdf_description_data($data) {
if (!isset($this->groups[$this->group_id])) {
$this->groups[$this->group_id] = array();
public function cdf_Benchmark_cdf_Group_cdf_Rule_cdf_description_data($data)
{
if (! isset($this->groups[$this->group_id])) {
$this->groups[$this->group_id] = [];
}
if (isset($this->groups[$this->group_id]['desc'])) {
$this->groups[$this->group_id]['desc'] .= $data;
}
else {
} else {
$this->groups[$this->group_id]['desc'] = $data;
}
}
@ -261,7 +308,8 @@ class scc_parser extends scan_xml_parser {
*
* @param string $data
*/
public function cdf_Benchmark_cdf_Group_cdf_Rule_cdf_ident_data($data) {
public function cdf_Benchmark_cdf_Group_cdf_Rule_cdf_ident_data($data)
{
if (empty($this->groups[$this->group_id]['cce']) && preg_match("/CCE/", $data)) {
$this->groups[$this->group_id]['cce'] = $data;
}
@ -272,7 +320,8 @@ class scc_parser extends scan_xml_parser {
*
* @param string $data
*/
public function cdf_Benchmark_cdf_Group_cdf_Rule_cdf_fixtext_data($data) {
public function cdf_Benchmark_cdf_Group_cdf_Rule_cdf_fixtext_data($data)
{
if (empty($this->groups[$this->group_id]['fix'])) {
$this->groups[$this->group_id]['fix'] = htmlentities($data);
}
@ -283,7 +332,8 @@ class scc_parser extends scan_xml_parser {
*
* @param array $attrs
*/
public function cdf_Benchmark_cdf_Group_cdf_Rule_cdf_check_cdf_check_export($attrs) {
public function cdf_Benchmark_cdf_Group_cdf_Rule_cdf_check_cdf_check_export($attrs)
{
if (empty($this->groups[$this->group_id]['val_id'])) {
$this->groups[$this->group_id]['val_id'] = $attrs['value-id'];
$this->groups[$this->group_id]['value'] = $this->values[$attrs['value-id']];
@ -295,15 +345,16 @@ class scc_parser extends scan_xml_parser {
/**
* Function to parse \cdf:Benchmark\cdf:Group end tag and store content parsed from previous functions
*/
public function cdf_Benchmark_cdf_Group_end() {
if (!$this->found_rule) {
public function cdf_Benchmark_cdf_Group_end()
{
if (! $this->found_rule) {
$this->log->script_log("Rule tag was not present for " . $this->group_id);
unset($this->groups[$this->group_id]);
return;
}
if (empty($this->groups[$this->group_id]['stig'])) {
$ia_controls = array();
$ia_controls = [];
$this->log->script_log("STIG ID " . $this->groups[$this->group_id]['version'] . " is not in the database, adding", E_WARNING);
$pdi = new pdi(null, '', 'NOW');
$pdi->set_Short_Title($this->groups[$this->group_id]['title']);
@ -314,21 +365,19 @@ class scc_parser extends scan_xml_parser {
$this->db->add_Stig($stig);
$this->groups[$this->group_id]['stig'] = $stig;
if (!empty($this->groups[$this->group_id]['desc'])) {
if (! empty($this->groups[$this->group_id]['desc'])) {
$match = array();
if (preg_match("/\<IAControls\>(.*)\<\/IAControls\>/", $this->groups[$this->group_id]['desc'], $match)) {
$ias = explode(", ", $match[1]);
if (is_array($ias) && count($ias)) {
foreach ($ias as $ia) {
$ia_controls[] = new ia_control($pdi_id, substr($ia, 0, 4), substr($ia, -1));
$ia_controls[] = new ia_control($pdi_id, substr($ia, 0, 4), substr($ia, - 1));
}
}
else {
} else {
$ia_controls[] = new ia_control($pdi_id, "ECSC", 1);
}
}
}
else {
} else {
$ia_controls[] = new ia_control($pdi_id, 'ECSC', 1);
}
@ -346,12 +395,13 @@ class scc_parser extends scan_xml_parser {
*
* @param array $attrs
*/
public function cdf_Benchmark_cdf_TestResult_cdf_target_facts_cdf_fact($attrs) {
public function cdf_Benchmark_cdf_TestResult_cdf_target_facts_cdf_fact($attrs)
{
$tmp = explode(":", $attrs['name']);
$this->tag_id = end($tmp);
if (isset($this->tag[$this->tag_id])) {
if ($this->tag_id == 'interface_name') {
$this->int_count++;
$this->int_count ++;
}
$this->tag_id .= $this->int_count;
}
@ -362,21 +412,23 @@ class scc_parser extends scan_xml_parser {
*
* @param string $data
*/
public function cdf_Benchmark_cdf_TestResult_cdf_target_facts_cdf_fact_data($data) {
public function cdf_Benchmark_cdf_TestResult_cdf_target_facts_cdf_fact_data($data)
{
$this->tag[$this->tag_id] = str_replace("\n", "", $data);
}
/**
* Function to parse \cdf:Benchmark\cdf:TestResult\cdf:target-facts end tag and store results
*/
public function cdf_Benchmark_cdf_TestResult_cdf_target_facts_end() {
//error_log(print_r($this->tag, true));
public function cdf_Benchmark_cdf_TestResult_cdf_target_facts_end()
{
// error_log(print_r($this->tag, true));
$host_name = $this->tag['host_name'];
if (preg_match("/\./", $host_name)) {
$host_name = preg_replace("/^([^\.]+)\./i", "$1", $host_name);
$host_name = preg_replace("/^([^.]+).*/i", "$1", $host_name);
}
if (!($tgt_id = $this->db->check_Target($this->ste_id, $host_name))) {
if (! ($tgt_id = $this->db->check_Target($this->ste_id, $host_name))) {
$this->log->script_log("Creating new target with hostname $host_name", E_DEBUG);
$os = array();
if (isset($this->tag['os_name']) && isset($this->tag['os_version']) && is_numeric($this->tag['os_version'])) {
@ -393,12 +445,11 @@ class scc_parser extends scan_xml_parser {
if (is_array($os) && count($os) && isset($os[0]) && is_a($os[0], 'software')) {
$os = $os[0];
}
else {
} else {
$os = $this->db->get_Software("cpe:/o:generic:generic:-")[0];
}
if (!is_a($os, 'software')) {
if (! is_a($os, 'software')) {
$this->log->script_log("Failed to identify the OS", E_ERROR);
}
@ -419,7 +470,7 @@ class scc_parser extends scan_xml_parser {
$this->tgt = $this->db->get_Target_Details($this->ste_id, $tgt_id)[0];
$int_keys = preg_grep("/interface_name/", array_keys($this->tag));
$match = array();
$match = [];
foreach ($int_keys as $key) {
$idx = '';
if (preg_match("/interface_name(\d+)/", $key, $match)) {
@ -435,12 +486,10 @@ class scc_parser extends scan_xml_parser {
if (is_array($ip) && count($ip) == 1) {
if (preg_match("/\d+\./", $ip[0])) {
$ipv4 = $ip[0];
}
elseif (preg_match("/[a-f0-9]+/", $ip[0])) {
} elseif (preg_match("/[a-f0-9]+/", $ip[0])) {
$ipv6 = $ip[0];
}
}
elseif (is_array($ip) && count($ip) == 2) {
} elseif (is_array($ip) && count($ip) == 2) {
$ipv4 = $ip[0];
$ipv6 = $ip[1];
}
@ -469,7 +518,8 @@ class scc_parser extends scan_xml_parser {
*
* @param array $attrs
*/
public function cdf_Benchmark_cdf_TestResult_cdf_platform($attrs) {
public function cdf_Benchmark_cdf_TestResult_cdf_platform($attrs)
{
if (isset($attrs['idref']) && substr($attrs['idref'], 0, 3) == 'cpe') {
$cpe = $attrs['idref'];
@ -481,8 +531,7 @@ class scc_parser extends scan_xml_parser {
$this->log->script_log("Update OS " . $sw->get_CPE());
$this->tgt->set_OS_ID($sw->get_ID());
$this->tgt->set_OS_String($sw->get_Shortened_SW_String());
}
elseif (!$sw->is_OS() && !in_array($sw, $this->tgt->software)) {
} elseif (! $sw->is_OS() && ! in_array($sw, $this->tgt->software)) {
$this->log->script_log("Assigning software " . $sw->get_CPE());
$this->tgt->software[] = $sw;
}
@ -497,7 +546,8 @@ class scc_parser extends scan_xml_parser {
*
* @param array $attrs
*/
public function cdf_Benchmark_cdf_TestResult_cdf_rule_result($attrs) {
public function cdf_Benchmark_cdf_TestResult_cdf_rule_result($attrs)
{
$stig = $this->db->get_Stig($attrs['version']);
$sv_rule = $this->db->get_SV_Rule(null, $attrs['idref']);
@ -507,41 +557,39 @@ class scc_parser extends scan_xml_parser {
if (is_array($stig) && count($stig) && isset($stig[0]) && is_a($stig[0], 'stig')) {
$stig = $stig[0];
$this->group_id = $stig->get_PDI_ID();
}
elseif (is_array($sv_rule) && count($sv_rule) && isset($sv_rule[0]) && is_a($sv_rule[0], 'sv_rule') && !$this->group_id) {
} elseif (is_array($sv_rule) && count($sv_rule) && isset($sv_rule[0]) && is_a($sv_rule[0], 'sv_rule') && ! $this->group_id) {
$sv_rule = $sv_rule[0];
$this->group_id = $sv_rule->get_PDI_ID();
}
else {
} else {
$this->log->script_log("Cannot find PDI ID (" . $attrs['version'] . "/" . $attrs['idref'] . ") CREATING", E_WARNING);
$this->group_id = null;
return;
/*
$level = 1;
if ($attrs['severity'] == 'medium') {
$level = 2;
}
elseif ($attrs['severity'] == 'low') {
$level = 3;
}
$pdi = new pdi(null, $level, new DateTime);
$pdi_id = $this->db->save_PDI($pdi);
$this->group_id = $pdi_id;
if (!empty($attrs['version'])) {
$stig = new stig($pdi_id, $attrs['version'], null, null);
$this->db->add_Stig($stig);
}
if (!empty($attrs['idref'])) {
$sv_rule = new sv_rule($pdi_id, $attrs['idref']);
$this->db->save_SV_Rule($sv_rule);
}
return;
* $level = 1;
* if ($attrs['severity'] == 'medium') {
* $level = 2;
* }
* elseif ($attrs['severity'] == 'low') {
* $level = 3;
* }
* $pdi = new pdi(null, $level, new DateTime);
* $pdi_id = $this->db->save_PDI($pdi);
*
* $this->group_id = $pdi_id;
*
* if (!empty($attrs['version'])) {
* $stig = new stig($pdi_id, $attrs['version'], null, null);
* $this->db->add_Stig($stig);
* }
*
* if (!empty($attrs['idref'])) {
* $sv_rule = new sv_rule($pdi_id, $attrs['idref']);
* $this->db->save_SV_Rule($sv_rule);
* }
*
* return;
*/
}
@ -570,11 +618,11 @@ class scc_parser extends scan_xml_parser {
*
* @param string $data
*/
public function cdf_Benchmark_cdf_TestResult_cdf_rule_result_cdf_result_data($data) {
public function cdf_Benchmark_cdf_TestResult_cdf_rule_result_cdf_result_data($data)
{
if (preg_match("/pass|true/i", $data)) {
$this->groups[$this->group_id]['status'] = "Not a Finding";
}
elseif (preg_match("/fail|false/i", $data)) {
} elseif (preg_match("/fail|false/i", $data)) {
$this->groups[$this->group_id]['status'] = "Open";
}
@ -586,54 +634,54 @@ class scc_parser extends scan_xml_parser {
*
* @param string $data
*/
public function cdf_Benchmark_cdf_TestResult_cdf_rule_result_cdf_ident_data($data) {
}
public function cdf_Benchmark_cdf_TestResult_cdf_rule_result_cdf_ident_data($data)
{}
/**
* Function to parse \cdf:Benchmark\cdf:TestResult end tag and store all results
*/
public function cdf_Benchmark_cdf_TestResult_end() {
public function cdf_Benchmark_cdf_TestResult_end()
{
$new_findings = [];
$update_findings = [];
$existing_findings = $this->db->get_Finding($this->tgt);
foreach ($this->groups as $pdi_id => $group) {
if (!empty($group['val_id'])) {
if (! empty($group['val_id'])) {
$note = "(SCC) " . $group['val_id'] . "\nRequired: " . $group['value'] . "\nActual: " . $this->values[$group['val_id']];
}
else {
} else {
$note = "(SCC) ";
}
/*
if (isset($group['stig']) && is_a($group['stig'], 'stig')) {
$ref = $group['stig'];
}
elseif (!empty($group['vms_id'])) {
} elseif (! empty($group['vms_id'])) {
$vms = $this->db->get_GoldDisk($group['vms_id']);
if (is_array($vms) && count($vms) && isset($vms[0]) && is_a($vms[0], 'golddisk')) {
$ref = $vms[0];
}
}
elseif (isset($group['sv_rule']) && is_a($group['sv_rule'], 'sv_rule')) {
} elseif (isset($group['sv_rule']) && is_a($group['sv_rule'], 'sv_rule')) {
$ref = $group['sv_rule'];
}
else {
} else {
$this->log->script_log("Error finding reference to search for PDI $pdi_id\n" . print_r($group, true), E_WARNING);
continue;
}
*/
$existing_finding = $this->db->get_Finding($this->tgt, $ref);
if (is_array($existing_finding) && count($existing_finding) && isset($existing_finding[0])) {
$finding = $existing_finding[0];
if (is_array($existing_findings) && count($existing_findings) && isset($existing_findings[$pdi_id])) {
/** @var finding $finding */
$finding = $existing_findings[$pdi_id];
$finding->set_Finding_Status_By_String(
$finding->get_Deconflicted_Status($group['status'])
);
$finding->set_Finding_Status_By_String($finding->get_Deconflicted_Status($group['status']));
if(preg_match("/" . preg_quote($note, "/") . "/", $finding->get_Notes())) {
$finding->set_Notes($note);
} else {
$finding->prepend_Notes($note);
$update_findings[$finding->get_PDI_ID()] = $finding;
}
else {
$new_findings[$pdi_id] = new finding(null, $this->tgt->get_ID(), $pdi_id, $this->scan->get_ID(), $group['status'], $note, finding::NC, null, 1);
$update_findings[$pdi_id] = $finding;
} else {
$new_findings[$pdi_id] = new finding($this->tgt->get_ID(), $pdi_id, $this->scan->get_ID(), $group['status'], $note, finding::NC, null, 1);
}
}
@ -643,23 +691,29 @@ class scc_parser extends scan_xml_parser {
$hl->setTargetId($this->tgt->get_ID());
$hl->setTargetName($this->tgt->get_Name());
$hl->setFindingCount(count($new_findings) + count($update_findings));
$hl->setScanError(false);
$this->db->update_Target_Counts($this->tgt->get_ID());
$this->scan->add_Target_to_Host_List($hl);
$this->db->update_Scan_Host_List($this->scan);
}
}
$xml = new scc_parser($conf['ste'], $cmd['f']);
$xml->debug = (isset($cmd['debug']) ? true : false);
$xml->parse();
if (!$xml->debug) {
if (! $xml->debug) {
rename($cmd['f'], TMP . "/scc/" . $base_name);
}
$db->update_Running_Scan($base_name, ["name" => "perc_comp", "value" => 100, "complete" => 1]);
$db->update_Running_Scan($base_name, [
"name" => "perc_comp",
"value" => 100,
"complete" => 1
]);
function usage() {
function usage()
{
print <<<EOO
Purpose: To import an XCCDF result file from Security Compliance Checker 3.1+

281
exec/parse_stig.php
View File

@ -6,7 +6,7 @@
* Purpose: To parse a STIG file
* Created: Jul 9, 2014
*
* Portions Copyright 2016-2017: Cyber Perspectives, LLC, All rights reserved
* Portions Copyright 2016-2019: CyberPerspectives, LLC, All rights reserved
* Released under the Apache v2.0 License
*
* Portions Copyright (c) 2012-2015, Salient Federal Solutions
@ -31,9 +31,14 @@
* - Dec 27, 2017 - Added up date for load date
* - May 10, 2018 - Starting to migrate logging and fixed install status bar issues (#403)
*/
$cmd = getopt("f:", ['debug::', 'ia_reset::', 'draft::', 'help::']);
$cmd = getopt("f:", [
'debug::',
'ia_reset::',
'draft::',
'help::'
]);
if (!isset($cmd['f']) || isset($cmd['help'])) {
if (! isset($cmd['f']) || isset($cmd['help'])) {
die(usage());
}
@ -50,20 +55,19 @@ use Monolog\Formatter\LineFormatter;
$stream = new StreamHandler("php://output", Logger::INFO);
$stream->setFormatter(new LineFormatter("%datetime% %level_name% %message%", "H:i:s.u"));
/*
$log = new Logger("parse_stig");
$log->pushHandler(new StreamHandler(LOG_PATH . "/" . basename($cmd['f']) . ".log", LOG_LEVEL));
$log->pushHandler($stream);
*/
* $log = new Logger("parse_stig");
* $log->pushHandler(new StreamHandler(LOG_PATH . "/" . basename($cmd['f']) . ".log", LOG_LEVEL));
* $log->pushHandler($stream);
*/
chdir(DOC_ROOT . "/exec");
// Capture start time for performance metrics
$start = new DateTime();
// Check to make sure file argument exists and is an XCCDF file
if (!file_exists($cmd['f'])) {
if (! file_exists($cmd['f'])) {
Sagacity_Error::err_handler("XML file not found {$cmd['f']}", E_ERROR);
}
elseif (strpos(strtolower($cmd['f']), "xccdf") === false) {
} elseif (strpos(strtolower($cmd['f']), "xccdf") === false) {
Sagacity_Error::err_handler("Only compatible with XCCDF file formats", E_ERROR);
}
@ -73,7 +77,11 @@ check_path(DOC_ROOT . "/reference/stigs");
// open db connection
$db = new db();
$content = str_replace(["’", "–", "“", "â€"], ["'", "-", '"', '"'], file_get_contents($cmd['f']));
$content = str_replace([
"’", "–", "“", "â€"
], [
"'", "-", '"', '"'
], file_get_contents($cmd['f']));
file_put_contents($cmd['f'], $content);
// open xml file
@ -93,12 +101,17 @@ $db->help->select_count("sagacity.catalog_scripts", [
]);
$exists = $db->help->execute();
if (!$exists) {
if (! $exists) {
$db->add_Catalog_Script($base_name);
}
$db->update_Catalog_Script($base_name, ['name' => 'pid', 'value' => getmypid()]);
$db->help->update("sagacity.settings", ['meta_value' => new DateTime()], [
$db->update_Catalog_Script($base_name, [
'name' => 'pid',
'value' => getmypid()
]);
$db->help->update("sagacity.settings", [
'meta_value' => new DateTime()
], [
[
'field' => 'meta_key',
'op' => '=',
@ -115,19 +128,30 @@ foreach ($tmp as $s) {
print "Currently " . count($stigs) . " in the DB" . PHP_EOL;
// Load XML into DOMDocument
$xml = new DOMDocument();
if (!$xml->load($cmd['f'])) {
if (! $xml->load($cmd['f'])) {
$log->script_log("Error opening file", E_ERROR);
}
// Get regexes used to assess the STIG for known applicable software products
$regex_arr = $db->get_Regex_Array("checklist");
if (is_array($regex_arr) && !count($regex_arr)) {
if (is_array($regex_arr) && ! count($regex_arr)) {
die("There are no regular expressions to detect checklist software");
}
$csv_file = substr($cmd['f'], 0, -3) . "csv";
$csv_file = substr($cmd['f'], 0, - 3) . "csv";
$csv = fopen($csv_file, "w");
fputcsv($csv, ["STIG_ID", "VMS_ID", "CAT", "IA_Controls", "Short_Title", "Status", "Notes", "Check_Contents", "SV_Rule_ID", "Oval_ID"]);
fputcsv($csv, [
"STIG_ID",
"VMS_ID",
"CAT",
"IA_Controls",
"Short_Title",
"Status",
"Notes",
"Check_Contents",
"SV_Rule_ID",
"Oval_ID"
]);
// get checklist data
$checklist = [];
@ -135,9 +159,12 @@ $checklist['id'] = str_replace("-", '.', getValue($xml, '@id'));
$checklist['status'] = getValue($xml, "/x:Benchmark/x:status");
// Skip draft STIGs if debug flag is not set. @Ryan: Shouldn't this be checking the draft flag instead of debug?
if (!isset($cmd['draft'])) {
if (! isset($cmd['draft'])) {
if (strtolower($checklist['status']) == 'draft') {
$db->update_Catalog_Script($base_name, ["name" => "status", "value" => "SKIPPED"]);
$db->update_Catalog_Script($base_name, [
"name" => "status",
"value" => "SKIPPED"
]);
fclose($csv);
unset($xml);
unlink($cmd['f']);
@ -159,7 +186,7 @@ if (isset($cmd['debug'])) {
}
// If no matching software is found, default to "generic"
if (!count($checklist['software'])) {
if (! count($checklist['software'])) {
$log->script_log("Could not identify software, setting as Generic/Generic", E_NOTICE);
$checklist['software'][] = [
'man' => 'Generic',
@ -179,37 +206,31 @@ if (isset($cmd['debug'])) {
foreach ($sw_arr as $key => $sw) {
do {
$cpe = "cpe:/" . ($sw->is_OS() ? "o" : "a") . ":{$sw->get_Man()}:{$sw->get_Name()}" .
($sw->get_Version() != '-' ? ":{$sw->get_Version()}" : "");
$cpe = str_replace(
[" ", "(", ")"], ["_", "%28", "%29"], strtolower($cpe)
);
$cpe = "cpe:/" . ($sw->is_OS() ? "o" : "a") . ":{$sw->get_Man()}:{$sw->get_Name()}" . ($sw->get_Version() != '-' ? ":{$sw->get_Version()}" : "");
$cpe = str_replace([" ", "(", ")"], ["_", "%28","%29"], strtolower($cpe));
$db_sw = $db->get_Software($cpe);
if (!count($db_sw) && !count($checklist['software'])) {
if (! count($db_sw) && ! count($checklist['software'])) {
$sw->reduce_CPE();
}
elseif (is_array($db_sw) && count($db_sw) == 1 && $db_sw[0]->get_Version() == '-' && !preg_match("/generic/", $sw->get_CPE())) {
} elseif (is_array($db_sw) && count($db_sw) == 1 && $db_sw[0]->get_Version() == '-' && ! preg_match("/generic/", $sw->get_CPE())) {
$checklist['software'] = array_merge($checklist['software'], $db_sw);
$sw->reduce_CPE();
$db_sw = [];
}
else {
} else {
break;
}
if (isset($cmd['debug'])) {
$log->script_log("$cpe found " . count($db_sw), E_DEBUG);
}
}
while (!count($db_sw));
} while (! count($db_sw));
$checklist['software'] = array_merge($checklist['software'], $db_sw);
}
foreach ($checklist['software'] as $key => $sw) {
if (!is_a($sw, 'software')) {
if (! is_a($sw, 'software')) {
unset($checklist['software'][$key]);
}
}
@ -218,16 +239,14 @@ $match = [];
if (preg_match('/Release: (\d+\.\d+|\d+)/', $checklist['plain_text'], $match)) {
$checklist['rel'] = $match[1];
}
else {
} else {
$checklist['rel'] = '';
}
// Get the date of the benchmark in the 'plain-text' element or set to 'status-date' if match fails
if (preg_match('/Benchmark Date: (.*)$/', $checklist['plain_text'], $match)) {
$checklist['benchmark_date'] = new DateTime($match[1]);
}
else {
} else {
$checklist['benchmark_date'] = $checklist['status_date'];
}
@ -244,26 +263,22 @@ $checklist['type'] = 'benchmark';
if (preg_match('/IAVM/i', $base_name)) {
$checklist['type'] = 'iavm';
}
elseif (preg_match('/policy|srg/i', $base_name)) {
} elseif (preg_match('/policy|srg/i', $base_name)) {
$checklist['type'] = 'policy';
}
elseif (preg_match('/manual/i', $base_name)) {
} elseif (preg_match('/manual/i', $base_name)) {
$checklist['type'] = 'manual';
}
// Capture version release in filename as sometimes it doesn't match the plain_text element
if (preg_match('/V(\d+)R/', $base_name, $match)) {
$checklist['file_ver'] = $match[1];
}
else {
} else {
$checklist['file_ver'] = 0;
}
if (preg_match('/V\d+R(\d+|\d+\.\d+)/', $base_name, $match)) {
$checklist['file_rel'] = $match[1];
}
else {
} else {
$checklist['file_rel'] = 0;
}
@ -310,36 +325,31 @@ if ($chk) {
if (count($chk) && is_a($chk[0], 'checklist')) {
$chk = $chk[0];
}
/** @var checklist $chk */
$chk->find_Icon();
// Update software products associated with this checklist
$sw_arr = [];
foreach ($checklist['software'] as $sw) {
$sw_arr[] = [$chk->get_ID(), $sw->get_ID()];
$chk->add_SW($sw);
}
if (is_array($sw_arr) && count($sw_arr)) {
$db->help->extended_insert("sagacity.checklist_software_lookup", ['chk_id', 'sw_id'], $sw_arr, true);
if (!$db->help->execute()) {
$db->debug(E_WARNING);
}
}
$db->save_Checklist($chk);
if (isset($cmd['debug'])) {
$log->script_log(print_r($chk, true), E_DEBUG);
}
}
else {
} else {
// If checklist is not found, add checklist to DB
$chk = new checklist(
null, $checklist['id'], $checklist['title'], $checklist['desc'], $checklist['status_date'], $base_name, $checklist['ver'], $checklist['rel'], ($checklist['type'] == 'iavm' ? 'IAVM' : ucfirst($checklist['type'])), null
);
$chk = new checklist(null, $checklist['id'], $checklist['title'], $checklist['desc'], $checklist['status_date'], $base_name, $checklist['ver'], $checklist['rel'], ($checklist['type'] == 'iavm' ? 'IAVM' : ucfirst($checklist['type'])), null);
$chk->add_SW($checklist['software']);
if (!($chk->id = $db->save_Checklist($chk))) {
if (! ($chk->id = $db->save_Checklist($chk))) {
$log->script_log("Failed to save new checklist ({$chk->get_Name()})", E_ERROR);
}
}
if (!$chk->id) {
if (! $chk->id) {
$log->script_log("Could not find or create checklist", E_ERROR);
}
@ -351,7 +361,10 @@ $groups = getValue($xml, '/x:Benchmark/x:Group', null, true);
$log->script_log("$groups->length STIGs to run", E_DEBUG);
$db->update_Catalog_Script($base_name, ['name' => 'stig_count', 'value' => $groups->length]);
$db->update_Catalog_Script($base_name, [
'name' => 'stig_count',
'value' => $groups->length
]);
print "File: $base_name" . PHP_EOL;
print "Total: $groups->length" . PHP_EOL;
@ -363,7 +376,7 @@ foreach ($groups as $group) {
$references = [];
$ias = [];
$ia_controls = '';
$perc_comp++;
$perc_comp ++;
$vms_id = $group->getAttribute('id');
// the ".//" indicates that we are starting at the current node ($group) and looking in all child nodes for the "title" and "description" nodes
@ -379,11 +392,9 @@ foreach ($groups as $group) {
$cat = 0;
if ($group_rule->getAttribute('severity') == 'high') {
$cat = 1;
}
elseif ($group_rule->getAttribute('severity') == 'medium') {
} elseif ($group_rule->getAttribute('severity') == 'medium') {
$cat = 2;
}
elseif ($group_rule->getAttribute('severity') == 'low') {
} elseif ($group_rule->getAttribute('severity') == 'low') {
$cat = 3;
}
@ -397,8 +408,7 @@ foreach ($groups as $group) {
$fix_text = getValue($xml, './/x:fixtext', $group_rule);
if ($rule_check_ref->length) {
$oval_id = $rule_check_ref->item(0)->getAttribute('name');
}
else {
} else {
$oval_id = '';
}
$match = [];
@ -409,16 +419,16 @@ foreach ($groups as $group) {
// Remove unnecessary whitespace from and concatenate check content
if ($check_content_nodes->length > 0) {
for ($x = 0; $x < $check_content_nodes->length; $x++) {
for ($x = 0; $x < $check_content_nodes->length; $x ++) {
$rule_check_content .= ($x + 1) . ") " . textCleanup($check_content_nodes->item($x)->textContent) . PHP_EOL;
}
$rule_check_content = trim($rule_check_content, PHP_EOL);
}
//$log->script_log("STIG ID: $rule_stig_id", E_DEBUG);
// $log->script_log("STIG ID: $rule_stig_id", E_DEBUG);
// Assign default category if not provided and add comment indicating such to rule description
if (!$cat) {
if (! $cat) {
$cat = 2;
$discussion .= " :CAT SET BY SCRIPT";
}
@ -428,11 +438,10 @@ foreach ($groups as $group) {
$discussion .= "\n{$match[1]}";
}
if (!$rule_stig_id) {
if (! $rule_stig_id) {
if ($vms_id == 'V0001073' || $vms_id == 'V-1073') {
$rule_stig_id = '2.005';
}
elseif ($vms_id == 'V0001103' || $vms_id == 'V-1103') {
} elseif ($vms_id == 'V0001103' || $vms_id == 'V-1103') {
$rule_stig_id = '4.010';
}
}
@ -441,7 +450,7 @@ foreach ($groups as $group) {
$is_iavm = false;
if (preg_match('/([\d]+\-[ABT]\-[\d]+)/', $rule_title, $match)) {
$references[] = $match[1];
if (!$rule_stig_id) {
if (! $rule_stig_id) {
$rule_stig_id = $match[1];
$is_iavm = true;
}
@ -449,13 +458,13 @@ foreach ($groups as $group) {
// Check if rule is an MS bulletin
if (preg_match('/(MS[\d]\-[\d]+)/', $rule_title, $match)) {
$references[] = $match[1];
if (!$rule_stig_id) {
if (! $rule_stig_id) {
$rule_stig_id = $match[1];
}
}
// If no STIG ID found, set to "No Reference"
if (!$rule_stig_id) {
if (! $rule_stig_id) {
error_log("Could not find stig id for group id $vms_id");
$rule_stig_id = 'No Reference';
}
@ -468,16 +477,16 @@ foreach ($groups as $group) {
foreach ($searchstring as $string) {
if (preg_match_all("/($string)/", $rule_desc, $match)) {
for ($x = 0; $x < count($match[0]); $x++) {
if (!in_array($match[0][$x], $references)) {
for ($x = 0; $x < count($match[0]); $x ++) {
if (! in_array($match[0][$x], $references)) {
$references[] = $match[0][$x];
}
}
}
if (preg_match_all("/($string)/", $rule_check_content, $match)) {
for ($x = 0; $x < count($match[0]); $x++) {
if (!in_array($match[0][$x], $references)) {
for ($x = 0; $x < count($match[0]); $x ++) {
if (! in_array($match[0][$x], $references)) {
$references[] = $match[0][$x];
}
}
@ -490,7 +499,7 @@ foreach ($groups as $group) {
if (isset($stigs["$rule_stig_id"])) {
print ".";
$updated_count++;
$updated_count ++;
$db_stig = $stigs["$rule_stig_id"];
$db_pdi = $db->get_PDI($db_stig->get_PDI_ID(), $chk->get_ID());
$db_pdi->set_Group_Title($group_title);
@ -505,11 +514,10 @@ foreach ($groups as $group) {
}
$db->save_PDI($db_pdi, $chk);
}
else {
} else {
print "*";
// add pdi
$new_count++;
$new_count ++;
$db_pdi = new pdi(null, $cat, $checklist['benchmark_date']->format('Y-m-d'));
$db_pdi->set_Group_Title($group_title);
$db_pdi->set_Short_Title($rule_title);
@ -525,7 +533,7 @@ foreach ($groups as $group) {
$new = true;
}
if (!empty($vms_id)) {
if (! empty($vms_id)) {
$vms_id = preg_replace("/^V0+/", "V-", $vms_id);
$gd = $db->get_GoldDisk($vms_id);
if (empty($gd)) {
@ -535,16 +543,20 @@ foreach ($groups as $group) {
}
/*
if (!$db->save_Check_Contents($db_pdi, $chk, $rule_check_content, $fix_text)) {
$log->script_log("Couldn't save check contents for STIG ID: {$db_stig->get_ID()} in checklist {$chk->get_Checklist_ID()} ({$chk->get_File_Name()})\n", E_ERROR);
}
* if (!$db->save_Check_Contents($db_pdi, $chk, $rule_check_content, $fix_text)) {
* $log->script_log("Couldn't save check contents for STIG ID: {$db_stig->get_ID()} in checklist {$chk->get_Checklist_ID()} ({$chk->get_File_Name()})\n", E_ERROR);
* }
*/
$new_controls = [];
$control_fields = ['pdi_id', 'type', 'type_id'];
$control_fields = [
'pdi_id',
'type',
'type_id'
];
if (preg_match("/<IAControls>(.*)<\/IAControls>/i", $rule_desc, $match)) {
$ia_controls = (isset($match[1]) && !empty($match[1]) ? $match[1] : null);
$ia_controls = (isset($match[1]) && ! empty($match[1]) ? $match[1] : null);
if (preg_match("/DCSQ|ECMT/i", $ia_controls)) {
$new_controls[] = [
@ -553,8 +565,7 @@ foreach ($groups as $group) {
'1'
];
$ias[] = "VIVM-1";
}
elseif ($ia_controls) {
} elseif ($ia_controls) {
$split_ias = preg_split('/\, ?/', $ia_controls);
foreach ($split_ias as $ia) {
@ -570,9 +581,8 @@ foreach ($groups as $group) {
}
}
}
}
elseif ($rule_ident->length) {
for ($x = 0; $x < $rule_ident->length; $x++) {
} elseif ($rule_ident->length) {
for ($x = 0; $x < $rule_ident->length; $x ++) {
if (substr($rule_ident->item($x)->textContent, 0, 3) == 'CCI') {
$split_ia = explode("-", $rule_ident->item($x)->textContent);
@ -586,8 +596,7 @@ foreach ($groups as $group) {
}
}
}
}
else {
} else {
if ($is_iavm) {
$ias[] = "CCI-002613";
$new_controls[] = [
@ -595,8 +604,7 @@ foreach ($groups as $group) {
"CCI",
"002613"
];
}
else {
} else {
$ias[] = "CCI-000366";
$new_controls[] = [
$pdi_id,
@ -606,8 +614,8 @@ foreach ($groups as $group) {
}
}
//$db_ia = $db->get_IA_Controls_By_PDI($db_pdi->get_ID());
if (isset($cmd['ia_reset']) && !$new) {
// $db_ia = $db->get_IA_Controls_By_PDI($db_pdi->get_ID());
if (isset($cmd['ia_reset']) && ! $new) {
// delete ia controls
$db->help->delete("sagacity.ia_controls", [
[
@ -621,17 +629,19 @@ foreach ($groups as $group) {
if (count($new_controls)) {
$db->help->extended_replace("sagacity.ia_controls", $control_fields, $new_controls);
if (!$db->help->execute()) {
if (! $db->help->execute()) {
$db->help->debug(E_ERROR);
}
}
$sv = new sv_rule($pdi_id, $sv_rule);
$db->save_SV_Rule(array(0 => $sv));
$db->save_SV_Rule(array(
0 => $sv
));
if ($rule_ident->length) {
foreach ($rule_ident as $ident_node) {
if (!in_array($ident_node->textContent, $references) && $ident_node->textContent != 'CCI') {
if (! in_array($ident_node->textContent, $references) && $ident_node->textContent != 'CCI') {
$references[] = $ident_node->textContent;
}
}
@ -643,19 +653,14 @@ foreach ($groups as $group) {
if (substr($ref, 0, 3) == 'CVE' || substr($ref, 0, 3) == 'CAN') {
$tmp[] = new cve($pdi_id, $ref);
$db->save_CVE($tmp);
}
elseif (substr($ref, 0, 3) == 'CCE') {
} elseif (substr($ref, 0, 3) == 'CCE') {
$tmp[] = new cce($pdi_id, $ref);
$db->save_CCE($tmp);
}
elseif (substr($ref, 0, 2) == 'KB') {
}
elseif (substr($ref, 0, 2) == 'MS') {
} elseif (substr($ref, 0, 2) == 'KB') {} elseif (substr($ref, 0, 2) == 'MS') {
$tmp[] = new advisory($pdi_id, $ref, '', 'MS', '');
$db->save_Advisory($tmp);
}
//print_r($tmp[0]);
// print_r($tmp[0]);
unset($tmp);
}
}
@ -665,10 +670,24 @@ foreach ($groups as $group) {
}
// Output the CSV contents
fputcsv($csv, [$rule_stig_id, $vms_id, implode("", array_fill(0, $cat, "I")), implode(" ", $ias), $rule_title, "Not Reviewed", "", $rule_check_content, $sv_rule, $oval_id]);
fputcsv($csv, [
$rule_stig_id,
$vms_id,
implode("", array_fill(0, $cat, "I")),
implode(" ", $ias),
$rule_title,
"Not Reviewed",
"",
$rule_check_content,
$sv_rule,
$oval_id
]);
unset($references);
$db->update_Catalog_Script($base_name, ['name' => 'perc_comp', 'value' => ($perc_comp / $groups->length) * 100]);
$db->update_Catalog_Script($base_name, [
'name' => 'perc_comp',
'value' => ($perc_comp / $groups->length) * 100
]);
}
$db->help->select_count("sagacity.stigs");
@ -677,27 +696,39 @@ $db->set_Setting('stig-count', $stig_count);
$end = new DateTime();
$diff = $end->diff($start);
$total = $new_count + $updated_count;
print PHP_EOL . "Start Time: {$start->format("H:i:s")}" . PHP_EOL;
print "End Time: {$end->format("H:i:s")}" . PHP_EOL;
print "Execution time: {$diff->format("%H:%I:%S")}" . PHP_EOL . PHP_EOL;
print "New STIGs: $new_count" . PHP_EOL;
print "Updated STIGs: $updated_count" . PHP_EOL;
print "Total STIGs: " . ($new_count + $updated_count) . PHP_EOL . PHP_EOL . PHP_EOL;
print <<<EOO
Start Time: {$start->format("H:i:s")}
End Time: {$end->format("H:i:s")}
Execution time: {$diff->format("%H:%I:%S")}
New STIGs: $new_count
Updated STIGs: $updated_count
Total STIGs: $total
EOO;
$log->script_log("$groups->length complete");
fclose($csv);
if (!isset($cmd['debug'])) {
if (! isset($cmd['debug'])) {
rename($cmd['f'], DOC_ROOT . "/reference/stigs/$base_name");
}
rename($csv_file, DOC_ROOT . "/reference/stigs/" . basename($csv_file));
$db->update_Catalog_Script($base_name, ['name' => 'perc_comp', 'value' => 100, 'complete' => 1]);
$db->update_Catalog_Script($base_name, [
'name' => 'perc_comp',
'value' => 100,
'complete' => 1
]);
/**
* Usage output
*/
function usage() {
function usage()
{
print <<<EOO
Purpose: To parse a STIG XCCDF checklist file and populate/update the database

5
exec/parse_stig_viewer.php
View File

@ -5,7 +5,7 @@
* Purpose: Read STIG Viewer checklist files
* Created: Apr 10, 2014
*
* Portions Copyright 2016-2017: Cyber Perspectives, LLC, All rights reserved
* Portions Copyright 2016-2019: CyberPerspectives, LLC, All rights reserved
* Released under the Apache v2.0 License
*
* Portions Copyright (c) 2012-2015, Salient Federal Solutions
@ -74,6 +74,7 @@ $host_mac = getValue($xml, '//HOST_MAC');
if (!$host_name) {
$db->update_Running_Scan($base_name, ['name' => 'status', 'value' => 'TERMINATED']);
$db->update_Running_Scan($base_name, ['name' => 'notes', 'value' => 'File parsing was terminated because <HOST_NAME> was empty or absent']);
unset($xml);
rename($cmd['f'], TMP . "/terminated/{$base_name}");
@ -296,6 +297,8 @@ foreach ($vulns as $vul) {
$vuln_count++;
}
$db->update_Target_Counts($tgt->get_ID());
unset($xml);
if (!isset($cmd['debug'])) {
rename($cmd['f'], TMP . "/stig_viewer/$base_name");

186
exec/update_db.php
View File

@ -48,7 +48,8 @@
* - Apr 29, 2018 - Added extract parameter to only extract nasl archive file, fixed a couple bugs
* - May 10, 2018 - Removed ping of cve.mitre.org, and added 'po' and 'do' parameters for NVD CVE
* - Jun 5, 2018 - Fixed a couple setting updates
*/
* - Sep 18, 2018 - Jeff - Added --sunset switch for Installing Sunset STIGs from https://iase.disa.mil/stigs/sunset/Pages/index.aspx
*/
include_once 'config.inc';
include_once 'helper.inc';
include_once 'error.inc';
@ -61,11 +62,10 @@ use Monolog\Handler\StreamHandler;
use Monolog\Formatter\LineFormatter;
$current_date = new DateTime();
$total_time = null;
$total_diff = 0;
$summary_stats = [];
$total_complete = 0;
$threads = [];
$cmd = getopt("h::u::p::", ['cpe::', 'cce::', 'cve::', 'nvd::', 'nasl::', 'stig::', 'do::', 'po::', 'help::', 'debug::', 'extract::', 'exclude::']);
$cmd = getopt("h::u::p::", ['cpe::', 'cce::', 'cve::', 'nvd::', 'nasl::', 'stig::', 'sunset::', 'do::', 'po::', 'help::', 'debug::', 'extract::', 'exclude::']);
$db = new db();
$diff = new DateTimeDiff();
@ -94,7 +94,7 @@ $log->pushHandler(new StreamHandler(LOG_PATH . "/update_db.log", $log_level));
$log->pushHandler($stream);
if (isset($cmd['h'], $cmd['help']) ||
(!isset($cmd['cpe']) && !isset($cmd['cve']) && !isset($cmd['nasl']) && !isset($cmd['stig']) && !isset($cmd['nvd']))) {
(!isset($cmd['cpe']) && !isset($cmd['cve']) && !isset($cmd['nasl']) && !isset($cmd['stig']) && !isset($cmd['sunset']) && !isset($cmd['nvd']))) {
die(usage());
}
@ -361,9 +361,10 @@ if (isset($cmd['nvd'])) {
$load_date = new DateTime($db->get_Settings("nvd-cve-load-date"));
if ($load_date < $too_old) {
// More than 7 days old so have to do a full load
foreach ($nvd_years as $yr) {
foreach ($nvd_years as $x => $yr) {
$db->set_Setting('nvd-year', $yr);
download_file("https://static.nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-{$yr}.json.zip", TMP . "/nvd/nvdcve-{$yr}.json.zip", $db->help, 'nvd-cve-dl-progress');
$db->set_Setting('nvd-cve-dl-progress', (($x + 1) / count($nvd_years)) * 100);
download_file("https://static.nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-{$yr}.json.zip", TMP . "/nvd/nvdcve-{$yr}.json.zip");
$zip = new ZipArchive();
$zip->open(TMP . "/nvd/nvdcve-{$yr}.json.zip");
$zip->extractTo(TMP . "/nvd");
@ -392,7 +393,7 @@ if (isset($cmd['nvd'])) {
chdir(DOC_ROOT . "/exec");
if (isset($cmd['po']) || !isset($cmd['do'])) {
$json_files = glob(TMP . "/nvd/*.json");
foreach ($json_files as $j) {
foreach ($json_files as $x => $j) {
$match = [];
if (preg_match("/(\d{4}|recent|modified)/", basename($j), $match)) {
$db->set_Setting('nvd-year', $match[1]);
@ -407,6 +408,7 @@ if (isset($cmd['nvd'])) {
$log->debug("Running NVD CVE parsing script on file: $j");
passthru($script);
$db->set_Setting('nvd-cve-progress', (($x + 1) / count($json_files)) * 100);
}
}
@ -458,6 +460,8 @@ if (isset($cmd['nasl'])) {
'nasl-progress' => 0,
'nasl-count' => 0
]);
$count = 0;
check_path(TMP . "/nessus_plugins");
// Capture start time for performance monitoring
$diff->resetClock();
@ -599,7 +603,9 @@ if (isset($cmd['stig'])) {
'stig-count' => 0
]);
$path = TMP . "/stigs";
check_path($path);
check_path(TMP . "/stigs");
check_path(TMP . "/stigs/zip");
$sunset_array = [];
$diff->resetClock();
print "Started STIG ingestion ({$diff->getStartClockTime()})" . PHP_EOL;
@ -621,6 +627,132 @@ if (isset($cmd['stig'])) {
$prev_mon = '07';
}
$current_url = "https://iasecontent.disa.mil/stigs/zip/Compilations/U_SRG-STIG_Library_{$year}_{$mon}.zip";
$current_v2_url = "https://iasecontent.disa.mil/stigs/zip/Compilations/U_SRG-STIG_Library_{$year}_{$mon}_v2.zip";
$sunset_url = "https://iase.disa.mil/stigs/Lists/Sunset%20Master%20List/FinalView.aspx";
$stig_fname = "{$path}/stig_library-{$year}_{$mon}.zip";
if (!file_exists($stig_fname) && ping("disa.mil") && !isset($cmd['po'])) {
if (isset($cmd['u'])) {
$url = $cmd['u'];
$log->debug("Checking for $url");
if (url_exists($url)) {
download_file($url, $stig_fname, $db->help, 'stig-dl-progress');
}
}
else {
$log->debug("Checking for $current_url");
if ($found = url_exists($current_url)) {
download_file($current_url, $stig_fname, $db->help, 'stig-dl-progress');
}
if (!$found) {
$log->debug("Checking for $current_v2_url");
if ($found = url_exists($current_v2_url)) {
download_file($current_v2_url, $stig_fname, $db->help, 'stig-dl-progress');
}
}
if ($mon == '01') {
$year--;
}
$prev_url = "https://iasecontent.disa.mil/stigs/zip/Compilations/U_SRG-STIG_Library_{$year}_{$prev_mon}.zip";
$prev_v2_url = "https://iasecontent.disa.mil/stigs/zip/Compilations/U_SRG-STIG_Library_{$year}_{$prev_mon}_v2.zip";
if (!$found) {
$log->debug("Checking for $prev_url");
if ($found = url_exists($prev_url)) {
download_file($prev_url, $stig_fname, $db->help, 'stig-dl-progress');
}
}
if (!$found) {
$log->debug("Checking for $prev_v2_url");
if (url_exists($prev_v2_url)) {
download_file($prev_v2_url, $stig_fname, $db->help, 'stig-dl-progress');
}
}
}
}
if(ping("disa.mil") && !isset($cmd['po'])) {
$log->debug("Checking for $sunset_url");
if(url_exists($sunset_url)) {
$log->debug("Downloading sunset STIGs");
$contents = file_get_contents($sunset_url);
preg_match_all("/a href=\"([^ ]+STIG\.zip)/", $contents, $sunset_array);
if(is_array($sunset_array) && isset($sunset_array[1]) && count($sunset_array[1])) {
foreach($sunset_array[1] as $url) {
$sunset_fname = basename($url);
download_file($url, TMP . "/stigs/zip/{$sunset_fname}");
}
}
}
}
if (!isset($cmd['do']) || isset($cmd['po'])) {
$stig_files = array_merge(
glob("{$path}/*.zip"), glob("{$path}/*.xml"), glob(TMP . "/*.zip"), glob(TMP . "/*.xml"), glob(TMP . "/stigs/xml/*.xml")
);
if (!count($stig_files)) {
die("Could not locate any XCCDF STIG libraries " . realpath(TMP));
}
$script = realpath(defined('PHP_BIN') ? PHP_BIN : PHP) .
" -c " . realpath(PHP_CONF) .
" -f " . realpath(DOC_ROOT . "/exec/background_stigs.php") . " --" .
(isset($cmd['exclude']) && $cmd['exclude'] ? " --exclude=\"{$cmd['exclude']}\"" : "") .
" --delete";
$log->debug("Script to run $script");
passthru($script);
}
$db->help->select_count("sagacity.stigs");
$stig_count = $db->help->execute();
$db->set_Setting("stig-count", $stig_count);
$diff->stopClock();
print PHP_EOL . "Finished at {$diff->getEndClockTime()}" . PHP_EOL .
"Total Time: {$diff->getDiffString()}" . PHP_EOL;
sleep(3);
}
if (is_a($diff->getTotalDiff(), 'DateInterval')) {
print "Total Script Time: {$diff->getTotalDiffString()}" . PHP_EOL;
}
/**
* Function to download the latest STIG compilation library zip file for extraction and updating
*/
function getStigLibrary()
{
global $current_date, $cmd, $log, $db;
$path = TMP;
$mon = '01';
$prev_mon = '10';
$year = (int) $current_date->format("Y");
if (between($current_date->format("n"), 4, 6)) {
$mon = '04';
$prev_mon = '01';
}
elseif (between($current_date->format("n"), 7, 9)) {
$mon = '07';
$prev_mon = '04';
}
elseif (between($current_date->format("n"), 10, 12)) {
$mon = '10';
$prev_mon = '07';
}
$current_url = "http://iasecontent.disa.mil/stigs/zip/Compilations/U_SRG-STIG_Library_{$year}_{$mon}.zip";
$current_v2_url = "http://iasecontent.disa.mil/stigs/zip/Compilations/U_SRG-STIG_Library_{$year}_{$mon}_v2.zip";
@ -668,40 +800,6 @@ if (isset($cmd['stig'])) {
}
}
}
if (!isset($cmd['do']) || isset($cmd['po'])) {
$stig_files = array_merge(
glob("{$path}/*.zip"), glob("{$path}/*.xml"), glob(TMP . "/*.zip"), glob(TMP . "/*.xml"), glob(TMP . "/stigs/xml/*.xml")
);
if (!file_exists($stig_fname) && !count($stig_files)) {
die("Could not locate $stig_fname or find any other zip files in " . realpath(TMP));
}
$script = realpath(defined('PHP_BIN') ? PHP_BIN : PHP) .
" -c " . realpath(PHP_CONF) .
" -f " . realpath(DOC_ROOT . "/exec/background_stigs.php") . " --" .
(isset($cmd['exclude']) && $cmd['exclude'] ? " --exclude=\"{$cmd['exclude']}\"" : "") .
" --delete";
$log->debug("Script to run $script");
passthru($script);
}
$db->help->select_count("sagacity.stigs");
$stig_count = $db->help->execute();
$db->set_Setting("stig-count", $stig_count);
$diff->stopClock();
print PHP_EOL . "Finished at {$diff->getEndClockTime()}" . PHP_EOL .
"Total Time: {$diff->getDiffString()}" . PHP_EOL;
sleep(3);
}
if (is_a($diff->getTotalDiff(), 'DateInterval')) {
print "Total Script Time: {$diff->getTotalDiffString()}" . PHP_EOL;
}
/**

BIN
img/checklist_icons/Akamai.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 7.2 KiB

BIN
img/checklist_icons/Application Server.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 5.3 KiB

BIN
img/checklist_icons/ArcGIS.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 256 KiB

BIN
img/checklist_icons/Bromium.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 12 KiB

BIN
img/checklist_icons/DB Networks.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 2.9 KiB

BIN
img/checklist_icons/Desktop Application.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 14 KiB

BIN
img/checklist_icons/Forescout.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 25 KiB

BIN
img/checklist_icons/Harris SecNet.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 9.9 KiB

BIN
img/checklist_icons/Ubuntu.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 17 KiB

BIN
img/checklist_icons/Windows PAW.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 14 KiB

BIN
img/scan_types/echecklist-failed.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 19 KiB

10
import.php
View File

@ -15,6 +15,8 @@
* - Apr 29, 2018 - Changed default message and formatting
*/
$files = glob(TMP . "/*.*");
?>
<div id="import" class="box">
@ -91,7 +93,7 @@
},
success: function (data) {
if ($('#toggle_refresh').html() == 'Stop Refresh' && !to) {
to = setTimeout(update_script_status, 3000);
to = setTimeout(update_script_status, <?php print UPDATE_FREQ * 1000; ?>);
}
},
error: function (xhr, status, error) {
@ -112,6 +114,12 @@
</form>
<div style='margin-left: 20px;'>
<?php
if(is_array($files) && count($files)) {
natsort($files);
print "<span style='background-color:red;color:white;font-size:16px;' title='" . implode("\n", $files) . "'>NOTE: There are still files in the " . realpath(TMP) . " directory (mouse over to see)</span><br />";
}
?>
<input type='text' id='location' placeholder='Physical Location...' /><br />
<input type='button' class='button' id='add-scan' value='Add Scan Result' onclick='add_scans();' /><br />
<label for='ignore_hidden' id='ignore_label'>Ignore Hidden Tabs in Excel eChecklists</label>

1
inc/.gitignore vendored Normal file
View File

@ -0,0 +1 @@
/passwd

4
inc/array2xml.inc
View File

@ -103,6 +103,10 @@ class Array2XML {
//return from recursion, as a note with cdata cannot have child nodes.
return $node;
}
elseif(isset($arr['@comment']) && is_string($arr['@comment'])) {
$node->appendChild($xml->createComment(self::bool2str($arr['@comment'])));
unset($arr['@comment']);
}
}
//create subnodes using recursion

32
inc/composer.json
View File

@ -1,12 +1,32 @@
{
"require" : {
"phpoffice/phpspreadsheet" : "^1.0",
"cocur/background-process" : "^0.7.0",
"tecnickcom/tcpdf" : "^6.2",
"pacificsec/cpe" : "^1.0",
"monolog/monolog": "^1.23"
"phpoffice/phpspreadsheet" : "~1.4",
"cocur/background-process" : "~0.7",
"tecnickcom/tcpdf" : "~6.2",
"pacificsec/cpe" : "1.0.1",
"monolog/monolog" : "~1.23",
"openlss/lib-array2xml" : "~0.5"
},
"require-dev" : {
"phpunit/phpunit" : "^6.2"
"phpunit/phpunit" : "~7.3"
},
"type" : "project",
"homepage" : "https://cyberperspectives.com",
"license" : "Apache-2.0",
"authors" : [{
"name" : "Ryan Prather",
"email" : "ryan.prather@cyberperspectives.com",
"role" : "Braun"
}, {
"name" : "Jeff Odegard",
"email" : "jeff.odegard@cyberperspectives.com",
"role" : "Brains"
}
],
"keywords" : [
"security",
"disa",
"rmf"
],
"name" : "cyberperspectives\\sagacity"
}

485
inc/composer.lock generated
View File

@ -1,10 +1,10 @@
{
"_readme": [
"This file locks the dependencies of your project to a known state",
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file",
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
"This file is @generated automatically"
],
"content-hash": "92ac4709f5221f74a1c7f00e59df8ad7",
"content-hash": "0cb5c8b41ce699cfddd3ad1295045652",
"packages": [
{
"name": "cocur/background-process",
@ -44,6 +44,101 @@
],
"time": "2017-02-11T12:41:41+00:00"
},
{
"name": "markbaker/complex",
"version": "1.4.7",
"source": {
"type": "git",
"url": "https://github.com/MarkBaker/PHPComplex.git",
"reference": "1ea674a8308baf547cbcbd30c5fcd6d301b7c000"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/MarkBaker/PHPComplex/zipball/1ea674a8308baf547cbcbd30c5fcd6d301b7c000",
"reference": "1ea674a8308baf547cbcbd30c5fcd6d301b7c000",
"shasum": ""
},
"require": {
"php": "^5.6.0|^7.0.0"
},
"require-dev": {
"dealerdirect/phpcodesniffer-composer-installer": "^0.4.3",
"phpcompatibility/php-compatibility": "^8.0",
"phpdocumentor/phpdocumentor": "2.*",
"phploc/phploc": "2.*",
"phpmd/phpmd": "2.*",
"phpunit/phpunit": "^4.8.35|^5.4.0",
"sebastian/phpcpd": "2.*",
"squizlabs/php_codesniffer": "^3.3.0"
},
"type": "library",
"autoload": {
"psr-4": {
"Complex\\": "classes/src/"
},
"files": [
"classes/src/functions/abs.php",
"classes/src/functions/acos.php",
"classes/src/functions/acosh.php",
"classes/src/functions/acot.php",
"classes/src/functions/acoth.php",
"classes/src/functions/acsc.php",
"classes/src/functions/acsch.php",
"classes/src/functions/argument.php",
"classes/src/functions/asec.php",
"classes/src/functions/asech.php",
"classes/src/functions/asin.php",
"classes/src/functions/asinh.php",
"classes/src/functions/atan.php",
"classes/src/functions/atanh.php",
"classes/src/functions/conjugate.php",
"classes/src/functions/cos.php",
"classes/src/functions/cosh.php",
"classes/src/functions/cot.php",
"classes/src/functions/coth.php",
"classes/src/functions/csc.php",
"classes/src/functions/csch.php",
"classes/src/functions/exp.php",
"classes/src/functions/inverse.php",
"classes/src/functions/ln.php",
"classes/src/functions/log2.php",
"classes/src/functions/log10.php",
"classes/src/functions/negative.php",
"classes/src/functions/pow.php",
"classes/src/functions/rho.php",
"classes/src/functions/sec.php",
"classes/src/functions/sech.php",
"classes/src/functions/sin.php",
"classes/src/functions/sinh.php",
"classes/src/functions/sqrt.php",
"classes/src/functions/tan.php",
"classes/src/functions/tanh.php",
"classes/src/functions/theta.php",
"classes/src/operations/add.php",
"classes/src/operations/subtract.php",
"classes/src/operations/multiply.php",
"classes/src/operations/divideby.php",
"classes/src/operations/divideinto.php"
]
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Mark Baker",
"email": "mark@lange.demon.co.uk"
}
],
"description": "PHP Class for working with complex numbers",
"homepage": "https://github.com/MarkBaker/PHPComplex",
"keywords": [
"complex",
"mathematics"
],
"time": "2018-10-13T23:28:42+00:00"
},
{
"name": "monolog/monolog",
"version": "1.23.0",
@ -122,35 +217,110 @@
],
"time": "2017-06-19T01:22:40+00:00"
},
{
"name": "openlss/lib-array2xml",
"version": "0.5.1",
"source": {
"type": "git",
"url": "https://github.com/nullivex/lib-array2xml.git",
"reference": "c8b5998a342d7861f2e921403f44e0a2f3ef2be0"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/nullivex/lib-array2xml/zipball/c8b5998a342d7861f2e921403f44e0a2f3ef2be0",
"reference": "c8b5998a342d7861f2e921403f44e0a2f3ef2be0",
"shasum": ""
},
"require": {
"php": ">=5.3.2"
},
"type": "library",
"autoload": {
"psr-0": {
"LSS": ""
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"Apache-2.0"
],
"authors": [
{
"name": "Bryan Tong",
"email": "contact@nullivex.com",
"homepage": "http://bryantong.com"
},
{
"name": "Tony Butler",
"email": "spudz76@gmail.com",
"homepage": "http://openlss.org"
}
],
"description": "Array2XML conversion library credit to lalit.org",
"homepage": "http://openlss.org",
"keywords": [
"array",
"array conversion",
"xml",
"xml conversion"
],
"time": "2016-11-10T19:10:18+00:00"
},
{
"name": "pacificsec/cpe",
"version": "1.0.0",
"version": "1.0.1",
"source": {
"type": "git",
"url": "https://github.com/pacificsec/cpe.git",
"reference": "3d78d66fc4ea249b6f353a7c48f426835a792d11"
"reference": "52cc49e04388ba00493be634287f6ce3efb30afc"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/pacificsec/cpe/zipball/3d78d66fc4ea249b6f353a7c48f426835a792d11",
"reference": "3d78d66fc4ea249b6f353a7c48f426835a792d11",
"url": "https://api.github.com/repos/pacificsec/cpe/zipball/52cc49e04388ba00493be634287f6ce3efb30afc",
"reference": "52cc49e04388ba00493be634287f6ce3efb30afc",
"shasum": ""
},
"require": {
"php": ">=5.3.0"
},
"type": "library",
"notification-url": "https://packagist.org/downloads/"
"autoload": {
"psr-4": {
"PacificSec\\CPE\\": "src"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Antonio Franco",
"email": "antonio.franco@pacificsec.com"
}
],
"description": "CPE: Common Platform Enumeration for PHP",
"homepage": "https://github.com/pacificsec/cpe",
"keywords": [
"cpe",
"cve",
"pacificsec",
"security"
],
"time": "2018-08-22T17:55:09+00:00"
},
{
"name": "phpoffice/phpspreadsheet",
"version": "1.2.1",
"version": "1.4.1",
"source": {
"type": "git",
"url": "https://github.com/PHPOffice/PhpSpreadsheet.git",
"reference": "36acc372875c4d894dc093825ce4f62209db5a76"
"reference": "57404f43742a8164b5eac3ab03b962d8740885c1"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/PHPOffice/PhpSpreadsheet/zipball/36acc372875c4d894dc093825ce4f62209db5a76",
"reference": "36acc372875c4d894dc093825ce4f62209db5a76",
"url": "https://api.github.com/repos/PHPOffice/PhpSpreadsheet/zipball/57404f43742a8164b5eac3ab03b962d8740885c1",
"reference": "57404f43742a8164b5eac3ab03b962d8740885c1",
"shasum": ""
},
"require": {
@ -166,6 +336,7 @@
"ext-xmlwriter": "*",
"ext-zip": "*",
"ext-zlib": "*",
"markbaker/complex": "^1.4.1",
"php": "^5.6|^7.0",
"psr/simple-cache": "^1.0"
},
@ -175,14 +346,14 @@
"jpgraph/jpgraph": "^4.0",
"mpdf/mpdf": "^7.0.0",
"phpunit/phpunit": "^5.7",
"squizlabs/php_codesniffer": "^2.7",
"squizlabs/php_codesniffer": "^3.3",
"tecnickcom/tcpdf": "^6.2"
},
"suggest": {
"dompdf/dompdf": "Option for rendering PDF with PDF Writer",
"jpgraph/jpgraph": "Option for rendering charts, or including charts with PDF or HTML Writers",
"mpdf/mpdf": "Option for rendering PDF with PDF Writer",
"tecnick.com/tcpdf": "Option for rendering PDF with PDF Writer"
"tecnickcom/tcpdf": "Option for rendering PDF with PDF Writer"
},
"type": "library",
"autoload": {
@ -223,7 +394,7 @@
"xls",
"xlsx"
],
"time": "2018-04-10T03:53:16+00:00"
"time": "2018-09-30T03:57:24+00:00"
},
{
"name": "psr/log",
@ -322,16 +493,16 @@
},
{
"name": "tecnickcom/tcpdf",
"version": "6.2.17",
"version": "6.2.26",
"source": {
"type": "git",
"url": "https://github.com/tecnickcom/TCPDF.git",
"reference": "64fc19439863e1b1314487a72a74d9bfd0b55a53"
"reference": "367241059ca166e3a76490f4448c284e0a161f15"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/tecnickcom/TCPDF/zipball/64fc19439863e1b1314487a72a74d9bfd0b55a53",
"reference": "64fc19439863e1b1314487a72a74d9bfd0b55a53",
"url": "https://api.github.com/repos/tecnickcom/TCPDF/zipball/367241059ca166e3a76490f4448c284e0a161f15",
"reference": "367241059ca166e3a76490f4448c284e0a161f15",
"shasum": ""
},
"require": {
@ -380,7 +551,7 @@
"pdf417",
"qrcode"
],
"time": "2018-02-24T11:48:20+00:00"
"time": "2018-10-16T17:24:05+00:00"
}
],
"packages-dev": [
@ -440,16 +611,16 @@
},
{
"name": "myclabs/deep-copy",
"version": "1.8.0",
"version": "1.8.1",
"source": {
"type": "git",
"url": "https://github.com/myclabs/DeepCopy.git",
"reference": "478465659fd987669df0bd8a9bf22a8710e5f1b6"
"reference": "3e01bdad3e18354c3dce54466b7fbe33a9f9f7f8"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/myclabs/DeepCopy/zipball/478465659fd987669df0bd8a9bf22a8710e5f1b6",
"reference": "478465659fd987669df0bd8a9bf22a8710e5f1b6",
"url": "https://api.github.com/repos/myclabs/DeepCopy/zipball/3e01bdad3e18354c3dce54466b7fbe33a9f9f7f8",
"reference": "3e01bdad3e18354c3dce54466b7fbe33a9f9f7f8",
"shasum": ""
},
"require": {
@ -484,26 +655,26 @@
"object",
"object graph"
],
"time": "2018-05-29T17:25:09+00:00"
"time": "2018-06-11T23:09:50+00:00"
},
{
"name": "phar-io/manifest",
"version": "1.0.1",
"version": "1.0.3",
"source": {
"type": "git",
"url": "https://github.com/phar-io/manifest.git",
"reference": "2df402786ab5368a0169091f61a7c1e0eb6852d0"
"reference": "7761fcacf03b4d4f16e7ccb606d4879ca431fcf4"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/phar-io/manifest/zipball/2df402786ab5368a0169091f61a7c1e0eb6852d0",
"reference": "2df402786ab5368a0169091f61a7c1e0eb6852d0",
"url": "https://api.github.com/repos/phar-io/manifest/zipball/7761fcacf03b4d4f16e7ccb606d4879ca431fcf4",
"reference": "7761fcacf03b4d4f16e7ccb606d4879ca431fcf4",
"shasum": ""
},
"require": {
"ext-dom": "*",
"ext-phar": "*",
"phar-io/version": "^1.0.1",
"phar-io/version": "^2.0",
"php": "^5.6 || ^7.0"
},
"type": "library",
@ -539,20 +710,20 @@
}
],
"description": "Component for reading phar.io manifest information from a PHP Archive (PHAR)",
"time": "2017-03-05T18:14:27+00:00"
"time": "2018-07-08T19:23:20+00:00"
},
{
"name": "phar-io/version",
"version": "1.0.1",
"version": "2.0.1",
"source": {
"type": "git",
"url": "https://github.com/phar-io/version.git",
"reference": "a70c0ced4be299a63d32fa96d9281d03e94041df"
"reference": "45a2ec53a73c70ce41d55cedef9063630abaf1b6"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/phar-io/version/zipball/a70c0ced4be299a63d32fa96d9281d03e94041df",
"reference": "a70c0ced4be299a63d32fa96d9281d03e94041df",
"url": "https://api.github.com/repos/phar-io/version/zipball/45a2ec53a73c70ce41d55cedef9063630abaf1b6",
"reference": "45a2ec53a73c70ce41d55cedef9063630abaf1b6",
"shasum": ""
},
"require": {
@ -586,7 +757,7 @@
}
],
"description": "Library for handling version information and constraints",
"time": "2017-03-05T17:38:23+00:00"
"time": "2018-07-08T19:19:57+00:00"
},
{
"name": "phpdocumentor/reflection-common",
@ -742,16 +913,16 @@
},
{
"name": "phpspec/prophecy",
"version": "1.7.6",
"version": "1.8.0",
"source": {
"type": "git",
"url": "https://github.com/phpspec/prophecy.git",
"reference": "33a7e3c4fda54e912ff6338c48823bd5c0f0b712"
"reference": "4ba436b55987b4bf311cb7c6ba82aa528aac0a06"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/phpspec/prophecy/zipball/33a7e3c4fda54e912ff6338c48823bd5c0f0b712",
"reference": "33a7e3c4fda54e912ff6338c48823bd5c0f0b712",
"url": "https://api.github.com/repos/phpspec/prophecy/zipball/4ba436b55987b4bf311cb7c6ba82aa528aac0a06",
"reference": "4ba436b55987b4bf311cb7c6ba82aa528aac0a06",
"shasum": ""
},
"require": {
@ -763,12 +934,12 @@
},
"require-dev": {
"phpspec/phpspec": "^2.5|^3.2",
"phpunit/phpunit": "^4.8.35 || ^5.7 || ^6.5"
"phpunit/phpunit": "^4.8.35 || ^5.7 || ^6.5 || ^7.1"
},
"type": "library",
"extra": {
"branch-alias": {
"dev-master": "1.7.x-dev"
"dev-master": "1.8.x-dev"
}
},
"autoload": {
@ -801,44 +972,44 @@
"spy",
"stub"
],
"time": "2018-04-18T13:57:24+00:00"
"time": "2018-08-05T17:53:17+00:00"
},
{
"name": "phpunit/php-code-coverage",
"version": "5.3.2",
"version": "6.1.0",
"source": {
"type": "git",
"url": "https://github.com/sebastianbergmann/php-code-coverage.git",
"reference": "c89677919c5dd6d3b3852f230a663118762218ac"
"reference": "0685fb6a43aed1b2e09804d1aaf17144c82861f8"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/sebastianbergmann/php-code-coverage/zipball/c89677919c5dd6d3b3852f230a663118762218ac",
"reference": "c89677919c5dd6d3b3852f230a663118762218ac",
"url": "https://api.github.com/repos/sebastianbergmann/php-code-coverage/zipball/0685fb6a43aed1b2e09804d1aaf17144c82861f8",
"reference": "0685fb6a43aed1b2e09804d1aaf17144c82861f8",
"shasum": ""
},
"require": {
"ext-dom": "*",
"ext-xmlwriter": "*",
"php": "^7.0",
"phpunit/php-file-iterator": "^1.4.2",
"php": "^7.1",
"phpunit/php-file-iterator": "^2.0",
"phpunit/php-text-template": "^1.2.1",
"phpunit/php-token-stream": "^2.0.1",
"phpunit/php-token-stream": "^3.0",
"sebastian/code-unit-reverse-lookup": "^1.0.1",
"sebastian/environment": "^3.0",
"sebastian/environment": "^3.1",
"sebastian/version": "^2.0.1",
"theseer/tokenizer": "^1.1"
},
"require-dev": {
"phpunit/phpunit": "^6.0"
"phpunit/phpunit": "^7.0"
},
"suggest": {
"ext-xdebug": "^2.5.5"
"ext-xdebug": "^2.6.0"
},
"type": "library",
"extra": {
"branch-alias": {
"dev-master": "5.3.x-dev"
"dev-master": "6.1-dev"
}
},
"autoload": {
@ -864,29 +1035,32 @@
"testing",
"xunit"
],
"time": "2018-04-06T15:36:58+00:00"
"time": "2018-10-16T05:37:37+00:00"
},
{
"name": "phpunit/php-file-iterator",
"version": "1.4.5",
"version": "2.0.2",
"source": {
"type": "git",
"url": "https://github.com/sebastianbergmann/php-file-iterator.git",
"reference": "730b01bc3e867237eaac355e06a36b85dd93a8b4"
"reference": "050bedf145a257b1ff02746c31894800e5122946"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/sebastianbergmann/php-file-iterator/zipball/730b01bc3e867237eaac355e06a36b85dd93a8b4",
"reference": "730b01bc3e867237eaac355e06a36b85dd93a8b4",
"url": "https://api.github.com/repos/sebastianbergmann/php-file-iterator/zipball/050bedf145a257b1ff02746c31894800e5122946",
"reference": "050bedf145a257b1ff02746c31894800e5122946",
"shasum": ""
},
"require": {
"php": ">=5.3.3"
"php": "^7.1"
},
"require-dev": {
"phpunit/phpunit": "^7.1"
},
"type": "library",
"extra": {
"branch-alias": {
"dev-master": "1.4.x-dev"
"dev-master": "2.0.x-dev"
}
},
"autoload": {
@ -901,7 +1075,7 @@
"authors": [
{
"name": "Sebastian Bergmann",
"email": "sb@sebastian-bergmann.de",
"email": "sebastian@phpunit.de",
"role": "lead"
}
],
@ -911,7 +1085,7 @@
"filesystem",
"iterator"
],
"time": "2017-11-27T13:52:08+00:00"
"time": "2018-09-13T20:33:42+00:00"
},
{
"name": "phpunit/php-text-template",
@ -956,28 +1130,28 @@
},
{
"name": "phpunit/php-timer",
"version": "1.0.9",
"version": "2.0.0",
"source": {
"type": "git",
"url": "https://github.com/sebastianbergmann/php-timer.git",
"reference": "3dcf38ca72b158baf0bc245e9184d3fdffa9c46f"
"reference": "8b8454ea6958c3dee38453d3bd571e023108c91f"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/sebastianbergmann/php-timer/zipball/3dcf38ca72b158baf0bc245e9184d3fdffa9c46f",
"reference": "3dcf38ca72b158baf0bc245e9184d3fdffa9c46f",
"url": "https://api.github.com/repos/sebastianbergmann/php-timer/zipball/8b8454ea6958c3dee38453d3bd571e023108c91f",
"reference": "8b8454ea6958c3dee38453d3bd571e023108c91f",
"shasum": ""
},
"require": {
"php": "^5.3.3 || ^7.0"
"php": "^7.1"
},
"require-dev": {
"phpunit/phpunit": "^4.8.35 || ^5.7 || ^6.0"
"phpunit/phpunit": "^7.0"
},
"type": "library",
"extra": {
"branch-alias": {
"dev-master": "1.0-dev"
"dev-master": "2.0-dev"
}
},
"autoload": {
@ -992,7 +1166,7 @@
"authors": [
{
"name": "Sebastian Bergmann",
"email": "sb@sebastian-bergmann.de",
"email": "sebastian@phpunit.de",
"role": "lead"
}
],
@ -1001,33 +1175,33 @@
"keywords": [
"timer"
],
"time": "2017-02-26T11:10:40+00:00"
"time": "2018-02-01T13:07:23+00:00"
},
{
"name": "phpunit/php-token-stream",
"version": "2.0.2",
"version": "3.0.0",
"source": {
"type": "git",
"url": "https://github.com/sebastianbergmann/php-token-stream.git",
"reference": "791198a2c6254db10131eecfe8c06670700904db"
"reference": "21ad88bbba7c3d93530d93994e0a33cd45f02ace"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/sebastianbergmann/php-token-stream/zipball/791198a2c6254db10131eecfe8c06670700904db",
"reference": "791198a2c6254db10131eecfe8c06670700904db",
"url": "https://api.github.com/repos/sebastianbergmann/php-token-stream/zipball/21ad88bbba7c3d93530d93994e0a33cd45f02ace",
"reference": "21ad88bbba7c3d93530d93994e0a33cd45f02ace",
"shasum": ""
},
"require": {
"ext-tokenizer": "*",
"php": "^7.0"
"php": "^7.1"
},
"require-dev": {
"phpunit/phpunit": "^6.2.4"
"phpunit/phpunit": "^7.0"
},
"type": "library",
"extra": {
"branch-alias": {
"dev-master": "2.0-dev"
"dev-master": "3.0-dev"
}
},
"autoload": {
@ -1050,57 +1224,57 @@
"keywords": [
"tokenizer"
],
"time": "2017-11-27T05:48:46+00:00"
"time": "2018-02-01T13:16:43+00:00"
},
{
"name": "phpunit/phpunit",
"version": "6.5.8",
"version": "7.4.0",
"source": {
"type": "git",
"url": "https://github.com/sebastianbergmann/phpunit.git",
"reference": "4f21a3c6b97c42952fd5c2837bb354ec0199b97b"
"reference": "f3837fa1e07758057ae06e8ddec6d06ba183f126"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/sebastianbergmann/phpunit/zipball/4f21a3c6b97c42952fd5c2837bb354ec0199b97b",
"reference": "4f21a3c6b97c42952fd5c2837bb354ec0199b97b",
"url": "https://api.github.com/repos/sebastianbergmann/phpunit/zipball/f3837fa1e07758057ae06e8ddec6d06ba183f126",
"reference": "f3837fa1e07758057ae06e8ddec6d06ba183f126",
"shasum": ""
},
"require": {
"doctrine/instantiator": "^1.1",
"ext-dom": "*",
"ext-json": "*",
"ext-libxml": "*",
"ext-mbstring": "*",
"ext-xml": "*",
"myclabs/deep-copy": "^1.6.1",
"phar-io/manifest": "^1.0.1",
"phar-io/version": "^1.0",
"php": "^7.0",
"myclabs/deep-copy": "^1.7",
"phar-io/manifest": "^1.0.2",
"phar-io/version": "^2.0",
"php": "^7.1",
"phpspec/prophecy": "^1.7",
"phpunit/php-code-coverage": "^5.3",
"phpunit/php-file-iterator": "^1.4.3",
"phpunit/php-code-coverage": "^6.0.7",
"phpunit/php-file-iterator": "^2.0.1",
"phpunit/php-text-template": "^1.2.1",
"phpunit/php-timer": "^1.0.9",
"phpunit/phpunit-mock-objects": "^5.0.5",
"sebastian/comparator": "^2.1",
"sebastian/diff": "^2.0",
"phpunit/php-timer": "^2.0",
"sebastian/comparator": "^3.0",
"sebastian/diff": "^3.0",
"sebastian/environment": "^3.1",
"sebastian/exporter": "^3.1",
"sebastian/global-state": "^2.0",
"sebastian/object-enumerator": "^3.0.3",
"sebastian/resource-operations": "^1.0",
"sebastian/resource-operations": "^2.0",
"sebastian/version": "^2.0.1"
},
"conflict": {
"phpdocumentor/reflection-docblock": "3.0.2",
"phpunit/dbunit": "<3.0"
"phpunit/phpunit-mock-objects": "*"
},
"require-dev": {
"ext-pdo": "*"
},
"suggest": {
"ext-soap": "*",
"ext-xdebug": "*",
"phpunit/php-invoker": "^1.1"
"phpunit/php-invoker": "^2.0"
},
"bin": [
"phpunit"
@ -1108,7 +1282,7 @@
"type": "library",
"extra": {
"branch-alias": {
"dev-master": "6.5.x-dev"
"dev-master": "7.4-dev"
}
},
"autoload": {
@ -1134,66 +1308,7 @@
"testing",
"xunit"
],
"time": "2018-04-10T11:38:34+00:00"
},
{
"name": "phpunit/phpunit-mock-objects",
"version": "5.0.7",
"source": {
"type": "git",
"url": "https://github.com/sebastianbergmann/phpunit-mock-objects.git",
"reference": "3eaf040f20154d27d6da59ca2c6e28ac8fd56dce"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/sebastianbergmann/phpunit-mock-objects/zipball/3eaf040f20154d27d6da59ca2c6e28ac8fd56dce",
"reference": "3eaf040f20154d27d6da59ca2c6e28ac8fd56dce",
"shasum": ""
},
"require": {
"doctrine/instantiator": "^1.0.5",
"php": "^7.0",
"phpunit/php-text-template": "^1.2.1",
"sebastian/exporter": "^3.1"
},
"conflict": {
"phpunit/phpunit": "<6.0"
},
"require-dev": {
"phpunit/phpunit": "^6.5"
},
"suggest": {
"ext-soap": "*"
},
"type": "library",
"extra": {
"branch-alias": {
"dev-master": "5.0.x-dev"
}
},
"autoload": {
"classmap": [
"src/"
]
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"BSD-3-Clause"
],
"authors": [
{
"name": "Sebastian Bergmann",
"email": "sebastian@phpunit.de",
"role": "lead"
}
],
"description": "Mock Object library for PHPUnit",
"homepage": "https://github.com/sebastianbergmann/phpunit-mock-objects/",
"keywords": [
"mock",
"xunit"
],
"time": "2018-05-29T13:50:43+00:00"
"time": "2018-10-05T04:05:24+00:00"
},
{
"name": "sebastian/code-unit-reverse-lookup",
@ -1242,30 +1357,30 @@
},
{
"name": "sebastian/comparator",
"version": "2.1.3",
"version": "3.0.2",
"source": {
"type": "git",
"url": "https://github.com/sebastianbergmann/comparator.git",
"reference": "34369daee48eafb2651bea869b4b15d75ccc35f9"
"reference": "5de4fc177adf9bce8df98d8d141a7559d7ccf6da"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/sebastianbergmann/comparator/zipball/34369daee48eafb2651bea869b4b15d75ccc35f9",
"reference": "34369daee48eafb2651bea869b4b15d75ccc35f9",
"url": "https://api.github.com/repos/sebastianbergmann/comparator/zipball/5de4fc177adf9bce8df98d8d141a7559d7ccf6da",
"reference": "5de4fc177adf9bce8df98d8d141a7559d7ccf6da",
"shasum": ""
},
"require": {
"php": "^7.0",
"sebastian/diff": "^2.0 || ^3.0",
"php": "^7.1",
"sebastian/diff": "^3.0",
"sebastian/exporter": "^3.1"
},
"require-dev": {
"phpunit/phpunit": "^6.4"
"phpunit/phpunit": "^7.1"
},
"type": "library",
"extra": {
"branch-alias": {
"dev-master": "2.1.x-dev"
"dev-master": "3.0-dev"
}
},
"autoload": {
@ -1302,32 +1417,33 @@
"compare",
"equality"
],
"time": "2018-02-01T13:46:46+00:00"
"time": "2018-07-12T15:12:46+00:00"
},
{
"name": "sebastian/diff",
"version": "2.0.1",
"version": "3.0.1",
"source": {
"type": "git",
"url": "https://github.com/sebastianbergmann/diff.git",
"reference": "347c1d8b49c5c3ee30c7040ea6fc446790e6bddd"
"reference": "366541b989927187c4ca70490a35615d3fef2dce"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/sebastianbergmann/diff/zipball/347c1d8b49c5c3ee30c7040ea6fc446790e6bddd",
"reference": "347c1d8b49c5c3ee30c7040ea6fc446790e6bddd",
"url": "https://api.github.com/repos/sebastianbergmann/diff/zipball/366541b989927187c4ca70490a35615d3fef2dce",
"reference": "366541b989927187c4ca70490a35615d3fef2dce",
"shasum": ""
},
"require": {
"php": "^7.0"
"php": "^7.1"
},
"require-dev": {
"phpunit/phpunit": "^6.2"
"phpunit/phpunit": "^7.0",
"symfony/process": "^2 || ^3.3 || ^4"
},
"type": "library",
"extra": {
"branch-alias": {
"dev-master": "2.0-dev"
"dev-master": "3.0-dev"
}
},
"autoload": {
@ -1352,9 +1468,12 @@
"description": "Diff implementation",
"homepage": "https://github.com/sebastianbergmann/diff",
"keywords": [
"diff"
"diff",
"udiff",
"unidiff",
"unified diff"
],
"time": "2017-08-03T08:09:46+00:00"
"time": "2018-06-10T07:54:39+00:00"
},
{
"name": "sebastian/environment",
@ -1671,25 +1790,25 @@
},
{
"name": "sebastian/resource-operations",
"version": "1.0.0",
"version": "2.0.1",
"source": {
"type": "git",
"url": "https://github.com/sebastianbergmann/resource-operations.git",
"reference": "ce990bb21759f94aeafd30209e8cfcdfa8bc3f52"
"reference": "4d7a795d35b889bf80a0cc04e08d77cedfa917a9"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/sebastianbergmann/resource-operations/zipball/ce990bb21759f94aeafd30209e8cfcdfa8bc3f52",
"reference": "ce990bb21759f94aeafd30209e8cfcdfa8bc3f52",
"url": "https://api.github.com/repos/sebastianbergmann/resource-operations/zipball/4d7a795d35b889bf80a0cc04e08d77cedfa917a9",
"reference": "4d7a795d35b889bf80a0cc04e08d77cedfa917a9",
"shasum": ""
},
"require": {
"php": ">=5.6.0"
"php": "^7.1"
},
"type": "library",
"extra": {
"branch-alias": {
"dev-master": "1.0.x-dev"
"dev-master": "2.0-dev"
}
},
"autoload": {
@ -1709,7 +1828,7 @@
],
"description": "Provides a list of PHP built-in functions that operate on resources",
"homepage": "https://www.github.com/sebastianbergmann/resource-operations",
"time": "2015-07-28T20:34:47+00:00"
"time": "2018-10-04T04:07:39+00:00"
},
{
"name": "sebastian/version",

4887
inc/database.inc
View File

File diff suppressed because it is too large Load Diff

8
inc/excelConditionalStyles.inc
View File

@ -353,10 +353,16 @@ $conditions['not_reviewed_count']->getStyle()
->setEndColor($yellow);
$validation['host_status']->setType(\PhpOffice\PhpSpreadsheet\Cell\DataValidation::TYPE_LIST);
$validation['host_status']->setFormula1("=ValidStatus");
$validation['host_status']->setAllowBlank(false);
$validation['host_status']->setFormula1('"Not Reviewed,Not a Finding,Open,Not Applicable,No Data,Exception,False Positive"');
$validation['host_status']->setShowDropDown(true);
$validation['host_status']->setShowErrorMessage(true);
$validation['host_status']->setError("Selected value not valid");
$validation['host_status']->setErrorTitle("Invalid selection");
$validation['host_status']->setErrorStyle(\PhpOffice\PhpSpreadsheet\Cell\DataValidation::STYLE_STOP);
$validation['true_false']->setType(\PhpOffice\PhpSpreadsheet\Cell\DataValidation::TYPE_LIST);
$validation['true_false']->setAllowBlank(false);
$validation['true_false']->setFormula1("=TRUE,FALSE");
$validation['true_false']->setShowDropDown(true);

2
inc/footer.inc
View File

@ -26,7 +26,7 @@
?>
<div id='copyright-text'>
<p>Portions Copyright &copy; 2016-2018 Cyber Perspective, LLC All rights reserved.</p>
<p>Portions Copyright &copy; 2016-2018 Cyber Perspectives, LLC All rights reserved.</p>
<p>Portions Copyright &copy; 2012-2015 Salient Federal Solutions</p>
<p>Portions Copyright &copy; 2008-2011 Science Applications International Corp.</p>
</div>

2
inc/header.inc
View File

@ -190,7 +190,7 @@ if (!$nasl['nasl-count']) {
}
if (reload) {
setTimeout(getLoadStatus, 1000);
setTimeout(getLoadStatus, <?php print UPDATE_FREQ * 1000; ?>);
}
else {
$('#db-err').remove();

41
inc/helper.inc
View File

@ -42,6 +42,9 @@
*/
include_once 'error.inc';
include_once 'validation.inc';
include_once 'vendor/autoload.php';
use Monolog\Logger;
/**
* Function to get element or value from XML document using XPath
@ -122,6 +125,7 @@ function getValue($xml, $path, $starting = null, $keep = false)
*/
function FileDetection($filename)
{
$name = [];
$name['base_name'] = basename($filename);
// print "\tCheck if exists".PHP_EOL;
if (!file_exists($filename)) {
@ -238,6 +242,9 @@ function FileDetection($filename)
if (preg_match('/Checklist:|Unclassified|Secret|STIG[_| ]ID/i', $line)) {
$name['type'] = ECHECKLIST_CSV;
}
elseif (preg_match("/host\-list/", $name['base_name'])) {
$name['type'] = HOST_LIST;
}
elseif (preg_match('/^\"NetBIOSName|^\"JobName/', $line)) {
$name['type'] = UNSUPPORTED_RETINA_CSV;
}
@ -720,9 +727,9 @@ function url_exists($url)
/**
*
* @param type $start
* @param type $end
* @return type
* @param float $start
* @param float $end
* @return float
*/
function microtime_diff($start, $end = null)
{
@ -827,7 +834,7 @@ function logify($fname)
touch(LOG_PATH . "/{$fname}.log");
}
return LOG_PATH . "/{$fname}.log";
return realpath(LOG_PATH . "/{$fname}.log");
}
/**
@ -848,3 +855,29 @@ function convert_log_level()
return Logger::ERROR;
}
}
/**
* Helper method to scrape a web page
*
* @param string $url
*
* @return string
*/
function scrape_webpage($url)
{
$config = [
CURLOPT_RETURNTRANSFER => true,
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_HEADER => true,
CURLOPT_SSL_VERIFYPEER => false,
CURLOPT_USERAGENT => 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.13) Gecko/20080311 Firefox/2.0.0.13',
CURLOPT_URL => $url
];
$c = curl_init();
curl_setopt_array($c, $config);
$output = curl_exec($c);
return $output;
}

83
inc/menu.inc
View File

@ -34,102 +34,102 @@ $script_name = filter_input(INPUT_SERVER, 'SCRIPT_NAME', FILTER_SANITIZE_STRING)
if (preg_match('/ste|proc/', $script_name)) {
$ops = " class='active'";
}
elseif (preg_match('/results/', $script_name)) {
} elseif (preg_match('/results/', $script_name)) {
$results = " class='active'";
}
elseif (preg_match('/data/', $script_name)) {
} elseif (preg_match('/data/', $script_name)) {
$data = " class='active'";
}
elseif (preg_match('/report/', $script_name)) {
} elseif (preg_match('/report/', $script_name)) {
$report = " class='active'";
}
?>
<script type='text/javascript'>
$(function () {
$(function () {
window.onload = montre;
});
});
function montre(id) {
function montre(id) {
$("dd[id^='smenu']").hide();
if (id && typeof id == 'string') {
$('#' + id).show();
var ele = $('#' + id).parent().children('dt');
$('#' + id).css('left', ele.position().left + ele.width());
$('#' + id).css('top', ele.position().top + ele.height());
}
}
}
</script>
<style type="text/css">
dl, dt, dd, ul, li {
dl, dt, dd, ul, li {
margin: 0;
padding: 0;
list-style-type: none;
z-index: 100;
}
#menu {
}
#menu {
width: 25px;
display: table-cell;
}
}
#menu dt {
#menu dt {
cursor: pointer;
text-align: center;
font-weight: bold;
}
}
#menu dd {
#menu dd {
position: fixed;
z-index: 100;
width: 10em;
background: #B4B2B2;
border: 1px solid gray;
}
}
#menu ul {
#menu ul {
padding: 2px;
}
#menu li {
}
#menu li {
text-align: center;
font-size: 85%;
height: 18px;
line-height: 18px;
}
#menu li a, #menu dt a {
}
#menu li a, #menu dt a {
color: #000;
text-decoration: none;
display: block;
}
}
#menu li a:hover {
#menu li a:hover {
text-decoration: underline;
}
}
</style>
<ul id="menu-bar">
<li<?php print $ops; ?>><a href="javascript:void(0);">Operations</a>
<li <?php print $ops; ?>><a href="javascript:void(0);">Operations</a>
<ul>
<li><a href="/ste">ST&amp;E Operations</a></li>
<li><a href='/ste/stats.php'>Stats</a></li>
<?php if (file_exists(DOC_ROOT . "/proc")) { ?>
<li><a href = "/proc">Procedural Operations</a></li>
<li><a href="/proc">Procedural Operations</a></li>
<?php } ?>
</ul>
</li>
<li<?php print $results; ?>><a href="javascript:void(0);">Scans</a>
</ul></li>
<li <?php print $results; ?>><a href="javascript:void(0);">Scans</a>
<ul>
<li><a href="/results">Results</a></li>
<li><a href="/results/?add_scan=1">Add Scan</a></li>
</ul>
</li>
</ul></li>
<?php if (file_exists(DOC_ROOT . "/report")) { ?>
<li<?php print $report; ?>><a href="javascript:void(0);">Report</a>
<li <?php print $report; ?>><a href="javascript:void(0);">Report</a>
<ul>
<li><a href="/report/sanity.php?step=1">Sanity Check</a></li>
<li><a href="/report/create.php">Create Risk Assessment</a></li>
</ul>
</li>
</ul></li>
<?php } ?>
<li<?php print $data; ?>><a href="javascript:void(0);">Management</a>
<li <?php print $data; ?>><a href="javascript:void(0);">Management</a>
<ul>
<li><a href="/data/?p=MSMgmt">Systems</a></li>
<li><a href="/data/?p=SiteMgmt">Sites</a></li>
@ -138,11 +138,12 @@ elseif (preg_match('/report/', $script_name)) {
<li><a href="/data/?p=Settings">Settings</a></li>
<li><a href="/data/?p=Search">Search</a></li>
<li><a href="/data/?p=TgtSearch">Target Search</a></li>
</ul>
</li>
</ul></li>
<li>
<form method="post" action="/data/?p=Search" target="_blank" style="display:inline-block;">
<input type="text" style="vertical-align:text-bottom;" name="q" placeholder="Search..." />
<form method="post" action="/data/?p=Search" target="_blank"
style="display: inline-block;">
<input type="text" style="vertical-align: text-bottom;" name="q"
placeholder="Search..." />
</form>
</li>
</ul>

2
inc/vendor/cocur/background-process/src/BackgroundProcess.php vendored
View File

@ -186,7 +186,7 @@ class BackgroundProcess {
/**
* @param int $pid PID of process to resume
*
* @return Cocur\BackgroundProcess\BackgroundProcess
* @return BackgroundProcess
*/
static public function createFromPID($pid) {
$process = new self();

2
inc/vendor/composer/ClassLoader.php vendored
View File

@ -377,7 +377,7 @@ class ClassLoader
$subPath = $class;
while (false !== $lastPos = strrpos($subPath, '\\')) {
$subPath = substr($subPath, 0, $lastPos);
$search = $subPath.'\\';
$search = $subPath . '\\';
if (isset($this->prefixDirsPsr4[$search])) {
$pathEnd = DIRECTORY_SEPARATOR . substr($logicalPathPsr4, $lastPos + 1);
foreach ($this->prefixDirsPsr4[$search] as $dir) {

43
inc/vendor/composer/autoload_files.php vendored
View File

@ -6,5 +6,46 @@ $vendorDir = dirname(dirname(__FILE__));
$baseDir = dirname($vendorDir);
return array(
'6124b4c8570aa390c21fafd04a26c69f' => $vendorDir . '/myclabs/deep-copy/src/DeepCopy/deep_copy.php',
'abede361264e2ae69ec1eee813a101af' => $vendorDir . '/markbaker/complex/classes/src/functions/abs.php',
'21a5860fbef5be28db5ddfbc3cca67c4' => $vendorDir . '/markbaker/complex/classes/src/functions/acos.php',
'1546e3f9d127f2a9bb2d1b6c31c26ef1' => $vendorDir . '/markbaker/complex/classes/src/functions/acosh.php',
'd2516f7f4fba5ea5905f494b4a8262e0' => $vendorDir . '/markbaker/complex/classes/src/functions/acot.php',
'4511163d560956219b96882c0980b65e' => $vendorDir . '/markbaker/complex/classes/src/functions/acoth.php',
'c361f5616dc2a8da4fa3e137077cd4ea' => $vendorDir . '/markbaker/complex/classes/src/functions/acsc.php',
'02d68920fc98da71991ce569c91df0f6' => $vendorDir . '/markbaker/complex/classes/src/functions/acsch.php',
'88e19525eae308b4a6aa3419364875d3' => $vendorDir . '/markbaker/complex/classes/src/functions/argument.php',
'60e8e2d0827b58bfc904f13957e51849' => $vendorDir . '/markbaker/complex/classes/src/functions/asec.php',
'13d2f040713999eab66c359b4d79871d' => $vendorDir . '/markbaker/complex/classes/src/functions/asech.php',
'838ab38beb32c68a79d3cd2c007d5a04' => $vendorDir . '/markbaker/complex/classes/src/functions/asin.php',
'bb28eccd0f8f008333a1b3c163d604ac' => $vendorDir . '/markbaker/complex/classes/src/functions/asinh.php',
'9e483de83558c98f7d3feaa402c78cb3' => $vendorDir . '/markbaker/complex/classes/src/functions/atan.php',
'36b74b5b765ded91ee58c8ee3c0e85e3' => $vendorDir . '/markbaker/complex/classes/src/functions/atanh.php',
'05c15ee9510da7fd6bf6136f436500c0' => $vendorDir . '/markbaker/complex/classes/src/functions/conjugate.php',
'd3208dfbce2505e370788f9f22f6785f' => $vendorDir . '/markbaker/complex/classes/src/functions/cos.php',
'141cf1fb3a3046f8b64534b0ebab33ca' => $vendorDir . '/markbaker/complex/classes/src/functions/cosh.php',
'be660df75fd0dbe7fa7c03b7434b3294' => $vendorDir . '/markbaker/complex/classes/src/functions/cot.php',
'01e31ea298a51bc9e91517e3ce6b9e76' => $vendorDir . '/markbaker/complex/classes/src/functions/coth.php',
'803ddd97f7b1da68982a7b087c3476f6' => $vendorDir . '/markbaker/complex/classes/src/functions/csc.php',
'3001cdfd101ec3c32da34ee43c2e149b' => $vendorDir . '/markbaker/complex/classes/src/functions/csch.php',
'77b2d7629ef2a93fabb8c56754a91051' => $vendorDir . '/markbaker/complex/classes/src/functions/exp.php',
'4a4471296dec796c21d4f4b6552396a9' => $vendorDir . '/markbaker/complex/classes/src/functions/inverse.php',
'c3e9897e1744b88deb56fcdc39d34d85' => $vendorDir . '/markbaker/complex/classes/src/functions/ln.php',
'a83cacf2de942cff288de15a83afd26d' => $vendorDir . '/markbaker/complex/classes/src/functions/log2.php',
'6a861dacc9ee2f3061241d4c7772fa21' => $vendorDir . '/markbaker/complex/classes/src/functions/log10.php',
'4d2522d968c8ba78d6c13548a1b4200e' => $vendorDir . '/markbaker/complex/classes/src/functions/negative.php',
'fd587ca933fc0447fa5ab4843bdd97f7' => $vendorDir . '/markbaker/complex/classes/src/functions/pow.php',
'383ef01c62028fc78cd4388082fce3c2' => $vendorDir . '/markbaker/complex/classes/src/functions/rho.php',
'150fbd1b95029dc47292da97ecab9375' => $vendorDir . '/markbaker/complex/classes/src/functions/sec.php',
'549abd9bae174286d660bdaa07407c68' => $vendorDir . '/markbaker/complex/classes/src/functions/sech.php',
'6bfbf5eaea6b17a0ed85cb21ba80370c' => $vendorDir . '/markbaker/complex/classes/src/functions/sin.php',
'22efe13f1a497b8e199540ae2d9dc59c' => $vendorDir . '/markbaker/complex/classes/src/functions/sinh.php',
'e90135ab8e787795a509ed7147de207d' => $vendorDir . '/markbaker/complex/classes/src/functions/sqrt.php',
'bb0a7923ffc6a90919cd64ec54ff06bc' => $vendorDir . '/markbaker/complex/classes/src/functions/tan.php',
'2d302f32ce0fd4e433dd91c5bb404a28' => $vendorDir . '/markbaker/complex/classes/src/functions/tanh.php',
'24dd4658a952171a4ee79218c4f9fd06' => $vendorDir . '/markbaker/complex/classes/src/functions/theta.php',
'e49b7876281d6f5bc39536dde96d1f4a' => $vendorDir . '/markbaker/complex/classes/src/operations/add.php',
'47596e02b43cd6da7700134fd08f88cf' => $vendorDir . '/markbaker/complex/classes/src/operations/subtract.php',
'883af48563631547925fa4c3b48ead07' => $vendorDir . '/markbaker/complex/classes/src/operations/multiply.php',
'f190e3308e6ca23234a2875edc985c03' => $vendorDir . '/markbaker/complex/classes/src/operations/divideby.php',
'ac9e33ce6841aa5bf5d16d465a2f03a7' => $vendorDir . '/markbaker/complex/classes/src/operations/divideinto.php',
);

1
inc/vendor/composer/autoload_namespaces.php vendored
View File

@ -6,4 +6,5 @@ $vendorDir = dirname(dirname(__FILE__));
$baseDir = dirname($vendorDir);
return array(
'LSS' => array($vendorDir . '/openlss/lib-array2xml'),
);

2
inc/vendor/composer/autoload_psr4.php vendored
View File

@ -9,6 +9,8 @@ return array(
'Psr\\SimpleCache\\' => array($vendorDir . '/psr/simple-cache/src'),
'Psr\\Log\\' => array($vendorDir . '/psr/log/Psr/Log'),
'PhpOffice\\PhpSpreadsheet\\' => array($vendorDir . '/phpoffice/phpspreadsheet/src/PhpSpreadsheet'),
'PacificSec\\CPE\\' => array($vendorDir . '/pacificsec/cpe/src'),
'Monolog\\' => array($vendorDir . '/monolog/monolog/src/Monolog'),
'Complex\\' => array($vendorDir . '/markbaker/complex/classes/src'),
'Cocur\\BackgroundProcess\\' => array($vendorDir . '/cocur/background-process/src'),
);

18
inc/vendor/composer/autoload_real.php vendored
View File

@ -47,6 +47,24 @@ class ComposerAutoloaderInit69a0c53551ee5f4e61c53efb549e5e72
$loader->register(true);
if ($useStaticLoader) {
$includeFiles = Composer\Autoload\ComposerStaticInit69a0c53551ee5f4e61c53efb549e5e72::$files;
} else {
$includeFiles = require __DIR__ . '/autoload_files.php';
}
foreach ($includeFiles as $fileIdentifier => $file) {
composerRequire69a0c53551ee5f4e61c53efb549e5e72($fileIdentifier, $file);
}
return $loader;
}
}
function composerRequire69a0c53551ee5f4e61c53efb549e5e72($fileIdentifier, $file)
{
if (empty($GLOBALS['__composer_autoload_files'][$fileIdentifier])) {
require $file;
$GLOBALS['__composer_autoload_files'][$fileIdentifier] = true;
}
}

66
inc/vendor/composer/autoload_static.php vendored
View File

@ -6,12 +6,58 @@ namespace Composer\Autoload;
class ComposerStaticInit69a0c53551ee5f4e61c53efb549e5e72
{
public static $files = array (
'abede361264e2ae69ec1eee813a101af' => __DIR__ . '/..' . '/markbaker/complex/classes/src/functions/abs.php',
'21a5860fbef5be28db5ddfbc3cca67c4' => __DIR__ . '/..' . '/markbaker/complex/classes/src/functions/acos.php',
'1546e3f9d127f2a9bb2d1b6c31c26ef1' => __DIR__ . '/..' . '/markbaker/complex/classes/src/functions/acosh.php',
'd2516f7f4fba5ea5905f494b4a8262e0' => __DIR__ . '/..' . '/markbaker/complex/classes/src/functions/acot.php',
'4511163d560956219b96882c0980b65e' => __DIR__ . '/..' . '/markbaker/complex/classes/src/functions/acoth.php',
'c361f5616dc2a8da4fa3e137077cd4ea' => __DIR__ . '/..' . '/markbaker/complex/classes/src/functions/acsc.php',
'02d68920fc98da71991ce569c91df0f6' => __DIR__ . '/..' . '/markbaker/complex/classes/src/functions/acsch.php',
'88e19525eae308b4a6aa3419364875d3' => __DIR__ . '/..' . '/markbaker/complex/classes/src/functions/argument.php',
'60e8e2d0827b58bfc904f13957e51849' => __DIR__ . '/..' . '/markbaker/complex/classes/src/functions/asec.php',
'13d2f040713999eab66c359b4d79871d' => __DIR__ . '/..' . '/markbaker/complex/classes/src/functions/asech.php',
'838ab38beb32c68a79d3cd2c007d5a04' => __DIR__ . '/..' . '/markbaker/complex/classes/src/functions/asin.php',
'bb28eccd0f8f008333a1b3c163d604ac' => __DIR__ . '/..' . '/markbaker/complex/classes/src/functions/asinh.php',
'9e483de83558c98f7d3feaa402c78cb3' => __DIR__ . '/..' . '/markbaker/complex/classes/src/functions/atan.php',
'36b74b5b765ded91ee58c8ee3c0e85e3' => __DIR__ . '/..' . '/markbaker/complex/classes/src/functions/atanh.php',
'05c15ee9510da7fd6bf6136f436500c0' => __DIR__ . '/..' . '/markbaker/complex/classes/src/functions/conjugate.php',
'd3208dfbce2505e370788f9f22f6785f' => __DIR__ . '/..' . '/markbaker/complex/classes/src/functions/cos.php',
'141cf1fb3a3046f8b64534b0ebab33ca' => __DIR__ . '/..' . '/markbaker/complex/classes/src/functions/cosh.php',
'be660df75fd0dbe7fa7c03b7434b3294' => __DIR__ . '/..' . '/markbaker/complex/classes/src/functions/cot.php',
'01e31ea298a51bc9e91517e3ce6b9e76' => __DIR__ . '/..' . '/markbaker/complex/classes/src/functions/coth.php',
'803ddd97f7b1da68982a7b087c3476f6' => __DIR__ . '/..' . '/markbaker/complex/classes/src/functions/csc.php',
'3001cdfd101ec3c32da34ee43c2e149b' => __DIR__ . '/..' . '/markbaker/complex/classes/src/functions/csch.php',
'77b2d7629ef2a93fabb8c56754a91051' => __DIR__ . '/..' . '/markbaker/complex/classes/src/functions/exp.php',
'4a4471296dec796c21d4f4b6552396a9' => __DIR__ . '/..' . '/markbaker/complex/classes/src/functions/inverse.php',
'c3e9897e1744b88deb56fcdc39d34d85' => __DIR__ . '/..' . '/markbaker/complex/classes/src/functions/ln.php',
'a83cacf2de942cff288de15a83afd26d' => __DIR__ . '/..' . '/markbaker/complex/classes/src/functions/log2.php',
'6a861dacc9ee2f3061241d4c7772fa21' => __DIR__ . '/..' . '/markbaker/complex/classes/src/functions/log10.php',
'4d2522d968c8ba78d6c13548a1b4200e' => __DIR__ . '/..' . '/markbaker/complex/classes/src/functions/negative.php',
'fd587ca933fc0447fa5ab4843bdd97f7' => __DIR__ . '/..' . '/markbaker/complex/classes/src/functions/pow.php',
'383ef01c62028fc78cd4388082fce3c2' => __DIR__ . '/..' . '/markbaker/complex/classes/src/functions/rho.php',
'150fbd1b95029dc47292da97ecab9375' => __DIR__ . '/..' . '/markbaker/complex/classes/src/functions/sec.php',
'549abd9bae174286d660bdaa07407c68' => __DIR__ . '/..' . '/markbaker/complex/classes/src/functions/sech.php',
'6bfbf5eaea6b17a0ed85cb21ba80370c' => __DIR__ . '/..' . '/markbaker/complex/classes/src/functions/sin.php',
'22efe13f1a497b8e199540ae2d9dc59c' => __DIR__ . '/..' . '/markbaker/complex/classes/src/functions/sinh.php',
'e90135ab8e787795a509ed7147de207d' => __DIR__ . '/..' . '/markbaker/complex/classes/src/functions/sqrt.php',
'bb0a7923ffc6a90919cd64ec54ff06bc' => __DIR__ . '/..' . '/markbaker/complex/classes/src/functions/tan.php',
'2d302f32ce0fd4e433dd91c5bb404a28' => __DIR__ . '/..' . '/markbaker/complex/classes/src/functions/tanh.php',
'24dd4658a952171a4ee79218c4f9fd06' => __DIR__ . '/..' . '/markbaker/complex/classes/src/functions/theta.php',
'e49b7876281d6f5bc39536dde96d1f4a' => __DIR__ . '/..' . '/markbaker/complex/classes/src/operations/add.php',
'47596e02b43cd6da7700134fd08f88cf' => __DIR__ . '/..' . '/markbaker/complex/classes/src/operations/subtract.php',
'883af48563631547925fa4c3b48ead07' => __DIR__ . '/..' . '/markbaker/complex/classes/src/operations/multiply.php',
'f190e3308e6ca23234a2875edc985c03' => __DIR__ . '/..' . '/markbaker/complex/classes/src/operations/divideby.php',
'ac9e33ce6841aa5bf5d16d465a2f03a7' => __DIR__ . '/..' . '/markbaker/complex/classes/src/operations/divideinto.php',
);
public static $prefixLengthsPsr4 = array (
'P' =>
array (
'Psr\\SimpleCache\\' => 16,
'Psr\\Log\\' => 8,
'PhpOffice\\PhpSpreadsheet\\' => 25,
'PacificSec\\CPE\\' => 15,
),
'M' =>
array (
@ -19,6 +65,7 @@ class ComposerStaticInit69a0c53551ee5f4e61c53efb549e5e72
),
'C' =>
array (
'Complex\\' => 8,
'Cocur\\BackgroundProcess\\' => 24,
),
);
@ -36,16 +83,34 @@ class ComposerStaticInit69a0c53551ee5f4e61c53efb549e5e72
array (
0 => __DIR__ . '/..' . '/phpoffice/phpspreadsheet/src/PhpSpreadsheet',
),
'PacificSec\\CPE\\' =>
array (
0 => __DIR__ . '/..' . '/pacificsec/cpe/src',
),
'Monolog\\' =>
array (
0 => __DIR__ . '/..' . '/monolog/monolog/src/Monolog',
),
'Complex\\' =>
array (
0 => __DIR__ . '/..' . '/markbaker/complex/classes/src',
),
'Cocur\\BackgroundProcess\\' =>
array (
0 => __DIR__ . '/..' . '/cocur/background-process/src',
),
);
public static $prefixesPsr0 = array (
'L' =>
array (
'LSS' =>
array (
0 => __DIR__ . '/..' . '/openlss/lib-array2xml',
),
),
);
public static $classMap = array (
'Datamatrix' => __DIR__ . '/..' . '/tecnickcom/tcpdf/include/barcodes/datamatrix.php',
'PDF417' => __DIR__ . '/..' . '/tecnickcom/tcpdf/include/barcodes/pdf417.php',
@ -68,6 +133,7 @@ class ComposerStaticInit69a0c53551ee5f4e61c53efb549e5e72
return \Closure::bind(function () use ($loader) {
$loader->prefixLengthsPsr4 = ComposerStaticInit69a0c53551ee5f4e61c53efb549e5e72::$prefixLengthsPsr4;
$loader->prefixDirsPsr4 = ComposerStaticInit69a0c53551ee5f4e61c53efb549e5e72::$prefixDirsPsr4;
$loader->prefixesPsr0 = ComposerStaticInit69a0c53551ee5f4e61c53efb549e5e72::$prefixesPsr0;
$loader->classMap = ComposerStaticInit69a0c53551ee5f4e61c53efb549e5e72::$classMap;
}, null, ClassLoader::class);

217
inc/vendor/composer/installed.json vendored
View File

@ -39,6 +39,103 @@
"unix"
]
},
{
"name": "markbaker/complex",
"version": "1.4.7",
"version_normalized": "1.4.7.0",
"source": {
"type": "git",
"url": "https://github.com/MarkBaker/PHPComplex.git",
"reference": "1ea674a8308baf547cbcbd30c5fcd6d301b7c000"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/MarkBaker/PHPComplex/zipball/1ea674a8308baf547cbcbd30c5fcd6d301b7c000",
"reference": "1ea674a8308baf547cbcbd30c5fcd6d301b7c000",
"shasum": ""
},
"require": {
"php": "^5.6.0|^7.0.0"
},
"require-dev": {
"dealerdirect/phpcodesniffer-composer-installer": "^0.4.3",
"phpcompatibility/php-compatibility": "^8.0",
"phpdocumentor/phpdocumentor": "2.*",
"phploc/phploc": "2.*",
"phpmd/phpmd": "2.*",
"phpunit/phpunit": "^4.8.35|^5.4.0",
"sebastian/phpcpd": "2.*",
"squizlabs/php_codesniffer": "^3.3.0"
},
"time": "2018-10-13T23:28:42+00:00",
"type": "library",
"installation-source": "dist",
"autoload": {
"psr-4": {
"Complex\\": "classes/src/"
},
"files": [
"classes/src/functions/abs.php",
"classes/src/functions/acos.php",
"classes/src/functions/acosh.php",
"classes/src/functions/acot.php",
"classes/src/functions/acoth.php",
"classes/src/functions/acsc.php",
"classes/src/functions/acsch.php",
"classes/src/functions/argument.php",
"classes/src/functions/asec.php",
"classes/src/functions/asech.php",
"classes/src/functions/asin.php",
"classes/src/functions/asinh.php",
"classes/src/functions/atan.php",
"classes/src/functions/atanh.php",
"classes/src/functions/conjugate.php",
"classes/src/functions/cos.php",
"classes/src/functions/cosh.php",
"classes/src/functions/cot.php",
"classes/src/functions/coth.php",
"classes/src/functions/csc.php",
"classes/src/functions/csch.php",
"classes/src/functions/exp.php",
"classes/src/functions/inverse.php",
"classes/src/functions/ln.php",
"classes/src/functions/log2.php",
"classes/src/functions/log10.php",
"classes/src/functions/negative.php",
"classes/src/functions/pow.php",
"classes/src/functions/rho.php",
"classes/src/functions/sec.php",
"classes/src/functions/sech.php",
"classes/src/functions/sin.php",
"classes/src/functions/sinh.php",
"classes/src/functions/sqrt.php",
"classes/src/functions/tan.php",
"classes/src/functions/tanh.php",
"classes/src/functions/theta.php",
"classes/src/operations/add.php",
"classes/src/operations/subtract.php",
"classes/src/operations/multiply.php",
"classes/src/operations/divideby.php",
"classes/src/operations/divideinto.php"
]
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Mark Baker",
"email": "mark@lange.demon.co.uk"
}
],
"description": "PHP Class for working with complex numbers",
"homepage": "https://github.com/MarkBaker/PHPComplex",
"keywords": [
"complex",
"mathematics"
]
},
{
"name": "monolog/monolog",
"version": "1.23.0",
@ -119,38 +216,115 @@
"psr-3"
]
},
{
"name": "openlss/lib-array2xml",
"version": "0.5.1",
"version_normalized": "0.5.1.0",
"source": {
"type": "git",
"url": "https://github.com/nullivex/lib-array2xml.git",
"reference": "c8b5998a342d7861f2e921403f44e0a2f3ef2be0"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/nullivex/lib-array2xml/zipball/c8b5998a342d7861f2e921403f44e0a2f3ef2be0",
"reference": "c8b5998a342d7861f2e921403f44e0a2f3ef2be0",
"shasum": ""
},
"require": {
"php": ">=5.3.2"
},
"time": "2016-11-10T19:10:18+00:00",
"type": "library",
"installation-source": "dist",
"autoload": {
"psr-0": {
"LSS": ""
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"Apache-2.0"
],
"authors": [
{
"name": "Bryan Tong",
"email": "contact@nullivex.com",
"homepage": "http://bryantong.com"
},
{
"name": "Tony Butler",
"email": "spudz76@gmail.com",
"homepage": "http://openlss.org"
}
],
"description": "Array2XML conversion library credit to lalit.org",
"homepage": "http://openlss.org",
"keywords": [
"array",
"array conversion",
"xml",
"xml conversion"
]
},
{
"name": "pacificsec/cpe",
"version": "1.0.0",
"version_normalized": "1.0.0.0",
"version": "1.0.1",
"version_normalized": "1.0.1.0",
"source": {
"type": "git",
"url": "https://github.com/pacificsec/cpe.git",
"reference": "3d78d66fc4ea249b6f353a7c48f426835a792d11"
"reference": "52cc49e04388ba00493be634287f6ce3efb30afc"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/pacificsec/cpe/zipball/3d78d66fc4ea249b6f353a7c48f426835a792d11",
"reference": "3d78d66fc4ea249b6f353a7c48f426835a792d11",
"url": "https://api.github.com/repos/pacificsec/cpe/zipball/52cc49e04388ba00493be634287f6ce3efb30afc",
"reference": "52cc49e04388ba00493be634287f6ce3efb30afc",
"shasum": ""
},
"require": {
"php": ">=5.3.0"
},
"time": "2018-08-22T17:55:09+00:00",
"type": "library",
"installation-source": "dist",
"notification-url": "https://packagist.org/downloads/"
"installation-source": "source",
"autoload": {
"psr-4": {
"PacificSec\\CPE\\": "src"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Antonio Franco",
"email": "antonio.franco@pacificsec.com"
}
],
"description": "CPE: Common Platform Enumeration for PHP",
"homepage": "https://github.com/pacificsec/cpe",
"keywords": [
"cpe",
"cve",
"pacificsec",
"security"
]
},
{
"name": "phpoffice/phpspreadsheet",
"version": "1.2.1",
"version_normalized": "1.2.1.0",
"version": "1.4.1",
"version_normalized": "1.4.1.0",
"source": {
"type": "git",
"url": "https://github.com/PHPOffice/PhpSpreadsheet.git",
"reference": "36acc372875c4d894dc093825ce4f62209db5a76"
"reference": "57404f43742a8164b5eac3ab03b962d8740885c1"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/PHPOffice/PhpSpreadsheet/zipball/36acc372875c4d894dc093825ce4f62209db5a76",
"reference": "36acc372875c4d894dc093825ce4f62209db5a76",
"url": "https://api.github.com/repos/PHPOffice/PhpSpreadsheet/zipball/57404f43742a8164b5eac3ab03b962d8740885c1",
"reference": "57404f43742a8164b5eac3ab03b962d8740885c1",
"shasum": ""
},
"require": {
@ -166,6 +340,7 @@
"ext-xmlwriter": "*",
"ext-zip": "*",
"ext-zlib": "*",
"markbaker/complex": "^1.4.1",
"php": "^5.6|^7.0",
"psr/simple-cache": "^1.0"
},
@ -175,16 +350,16 @@
"jpgraph/jpgraph": "^4.0",
"mpdf/mpdf": "^7.0.0",
"phpunit/phpunit": "^5.7",
"squizlabs/php_codesniffer": "^2.7",
"squizlabs/php_codesniffer": "^3.3",
"tecnickcom/tcpdf": "^6.2"
},
"suggest": {
"dompdf/dompdf": "Option for rendering PDF with PDF Writer",
"jpgraph/jpgraph": "Option for rendering charts, or including charts with PDF or HTML Writers",
"mpdf/mpdf": "Option for rendering PDF with PDF Writer",
"tecnick.com/tcpdf": "Option for rendering PDF with PDF Writer"
"tecnickcom/tcpdf": "Option for rendering PDF with PDF Writer"
},
"time": "2018-04-10T03:53:16+00:00",
"time": "2018-09-30T03:57:24+00:00",
"type": "library",
"installation-source": "source",
"autoload": {
@ -327,23 +502,23 @@
},
{
"name": "tecnickcom/tcpdf",
"version": "6.2.17",
"version_normalized": "6.2.17.0",
"version": "6.2.26",
"version_normalized": "6.2.26.0",
"source": {
"type": "git",
"url": "https://github.com/tecnickcom/TCPDF.git",
"reference": "64fc19439863e1b1314487a72a74d9bfd0b55a53"
"reference": "367241059ca166e3a76490f4448c284e0a161f15"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/tecnickcom/TCPDF/zipball/64fc19439863e1b1314487a72a74d9bfd0b55a53",
"reference": "64fc19439863e1b1314487a72a74d9bfd0b55a53",
"url": "https://api.github.com/repos/tecnickcom/TCPDF/zipball/367241059ca166e3a76490f4448c284e0a161f15",
"reference": "367241059ca166e3a76490f4448c284e0a161f15",
"shasum": ""
},
"require": {
"php": ">=5.3.0"
},
"time": "2018-02-24T11:48:20+00:00",
"time": "2018-10-16T17:24:05+00:00",
"type": "library",
"installation-source": "dist",
"autoload": {

156
inc/vendor/markbaker/complex/README.md vendored Normal file
View File

@ -0,0 +1,156 @@
PHPComplex
==========
---
PHP Class for handling Complex numbers
Master: [![Build Status](https://travis-ci.org/MarkBaker/PHPComplex.png?branch=master)](http://travis-ci.org/MarkBaker/PHPComplex)
Develop: [![Build Status](https://travis-ci.org/MarkBaker/PHPComplex.png?branch=develop)](http://travis-ci.org/MarkBaker/PHPComplex)
[![Complex Numbers](https://imgs.xkcd.com/comics/complex_numbers_2x.png)](https://xkcd.com/2028/)
---
The library currently provides the following operations:
- addition
- subtraction
- multiplication
- division
- division by
- division into
together with functions for
- theta (polar theta angle)
- rho (polar distance/radius)
- conjugate
* negative
- inverse (1 / complex)
- cos (cosine)
- acos (inverse cosine)
- cosh (hyperbolic cosine)
- acosh (inverse hyperbolic cosine)
- sin (sine)
- asin (inverse sine)
- sinh (hyperbolic sine)
- asinh (inverse hyperbolic sine)
- sec (secant)
- asec (inverse secant)
- sech (hyperbolic secant)
- asech (inverse hyperbolic secant)
- csc (cosecant)
- acsc (inverse cosecant)
- csch (hyperbolic secant)
- acsch (inverse hyperbolic secant)
- tan (tangent)
- atan (inverse tangent)
- tanh (hyperbolic tangent)
- atanh (inverse hyperbolic tangent)
- cot (cotangent)
- acot (inverse cotangent)
- coth (hyperbolic cotangent)
- acoth (inverse hyperbolic cotangent)
- sqrt (square root)
- exp (exponential)
- ln (natural log)
- log10 (base-10 log)
- log2 (base-2 log)
- pow (raised to the power of a real number)
---
# Usage
To create a new complex object, you can provide either the real, imaginary and suffix parts as individual values, or as an array of values passed passed to the constructor; or a string representing the value. e.g
```
$real = 1.23;
$imaginary = -4.56;
$suffix = 'i';
$complexObject = new Complex\Complex($real, $imaginary, $suffix);
```
or
```
$real = 1.23;
$imaginary = -4.56;
$suffix = 'i';
$arguments = [$real, $imaginary, $suffix];
$complexObject = new Complex\Complex($arguments);
```
or
```
$complexString = '1.23-4.56i';
$complexObject = new Complex\Complex($complexString);
```
Complex objects are immutable: whenever you call a method or pass a complex value to a function that returns a complex value, a new Complex object will be returned, and the original will remain unchanged.
This also allows you to chain multiple methods as you would for a fluent interface (as long as they are methods that will return a Complex result).
## Performing Mathematical Operations
To perform mathematical operations with Complex values, you can call the appropriate method against a complex value, passing other values as arguments
```
$complexString1 = '1.23-4.56i';
$complexString2 = '2.34+5.67i';
$complexObject = new Complex\Complex($complexString1);
echo $complexObject->add($complexString2);
```
or pass all values to the appropriate function
```
$complexString1 = '1.23-4.56i';
$complexString2 = '2.34+5.67i';
echo Complex\add($complexString1, $complexString2);
```
If you want to perform the same operation against multiple values (e.g. to add three or more complex numbers), then you can pass multiple arguments to any of the operations.
You can pass these arguments as Complex objects, or as an array or string that will parse to a complex object.
## Using functions
When calling any of the available functions for a complex value, you can either call the relevant method for the Complex object
```
$complexString = '1.23-4.56i';
$complexObject = new Complex\Complex($complexString);
echo $complexObject->sinh();
```
or you can call the function as you would in procedural code, passing the Complex object as an argument
```
$complexString = '1.23-4.56i';
$complexObject = new Complex\Complex($complexString);
echo Complex\sinh($complexObject);
```
When called procedurally using the function, you can pass in the argument as a Complex object, or as an array or string that will parse to a complex object.
```
$complexString = '1.23-4.56i';
echo Complex\sinh($complexString);
```
In the case of the `pow()` function (the only implemented function that requires an additional argument) you need to pass both arguments when calling the function procedurally
```
$complexString = '1.23-4.56i';
$complexObject = new Complex\Complex($complexString);
echo Complex\pow($complexObject, 2);
```
or pass the additional argument when calling the method
```
$complexString = '1.23-4.56i';
$complexObject = new Complex\Complex($complexString);
echo $complexObject->pow(2);
```

53
inc/vendor/markbaker/complex/classes/Autoloader.php vendored Normal file
View File

@ -0,0 +1,53 @@
<?php
namespace Complex;
/**
*
* Autoloader for Complex classes
*
* @package Complex
* @copyright Copyright (c) 2014 Mark Baker (https://github.com/MarkBaker/PHPComplex)
* @license http://www.gnu.org/licenses/old-licenses/lgpl-2.1.txt LGPL
*/
class Autoloader
{
/**
* Register the Autoloader with SPL
*
*/
public static function Register()
{
if (function_exists('__autoload')) {
// Register any existing autoloader function with SPL, so we don't get any clashes
spl_autoload_register('__autoload');
}
// Register ourselves with SPL
return spl_autoload_register(['Complex\\Autoloader', 'Load']);
}
/**
* Autoload a class identified by name
*
* @param string $pClassName Name of the object to load
*/
public static function Load($pClassName)
{
if ((class_exists($pClassName, false)) || (strpos($pClassName, 'Complex\\') !== 0)) {
// Either already loaded, or not a Complex class request
return false;
}
$pClassFilePath = __DIR__ . DIRECTORY_SEPARATOR .
'src' . DIRECTORY_SEPARATOR .
str_replace(['Complex\\', '\\'], ['', '/'], $pClassName) .
'.php';
if ((file_exists($pClassFilePath) === false) || (is_readable($pClassFilePath) === false)) {
// Can't load
return false;
}
require($pClassFilePath);
}
}

38
inc/vendor/markbaker/complex/classes/Bootstrap.php vendored Normal file
View File

@ -0,0 +1,38 @@
<?php
include_once __DIR__ . '/Autoloader.php';
\Complex\Autoloader::Register();
abstract class FilesystemRegexFilter extends RecursiveRegexIterator
{
protected $regex;
public function __construct(RecursiveIterator $it, $regex)
{
$this->regex = $regex;
parent::__construct($it, $regex);
}
}
class FilenameFilter extends FilesystemRegexFilter
{
// Filter files against the regex
public function accept()
{
return (!$this->isFile() || preg_match($this->regex, $this->getFilename()));
}
}
$srcFolder = __DIR__ . DIRECTORY_SEPARATOR . 'src';
$srcDirectory = new RecursiveDirectoryIterator($srcFolder);
$filteredFileList = new FilenameFilter($srcDirectory, '/(?:php)$/i');
$filteredFileList = new FilenameFilter($filteredFileList, '/^(?!.*(Complex|Exception)\.php).*$/i');
foreach (new RecursiveIteratorIterator($filteredFileList) as $file) {
if ($file->isFile()) {
include_once $file;
}
}

387
inc/vendor/markbaker/complex/classes/src/Complex.php vendored Normal file
View File

@ -0,0 +1,387 @@
<?php
/**
*
* Class for the management of Complex numbers
*
* @copyright Copyright (c) 2013-2018 Mark Baker (https://github.com/MarkBaker/PHPComplex)
* @license https://opensource.org/licenses/MIT MIT
*/
namespace Complex;
/**
* Complex Number object.
*
* @package Complex
*
* @method float abs()
* @method Complex acos()
* @method Complex acosh()
* @method Complex acot()
* @method Complex acoth()
* @method Complex acsc()
* @method Complex acsch()
* @method float argument()
* @method Complex asec()
* @method Complex asech()
* @method Complex asin()
* @method Complex asinh()
* @method Complex atan()
* @method Complex atanh()
* @method Complex conjugate()
* @method Complex cos()
* @method Complex cosh()
* @method Complex cot()
* @method Complex coth()
* @method Complex csc()
* @method Complex csch()
* @method Complex exp()
* @method Complex inverse()
* @method Complex ln()
* @method Complex log2()
* @method Complex log10()
* @method Complex negative()
* @method Complex pow(int|float $power)
* @method float rho()
* @method Complex sec()
* @method Complex sech()
* @method Complex sin()
* @method Complex sinh()
* @method Complex sqrt()
* @method Complex tan()
* @method Complex tanh()
* @method float theta()
* @method Complex add(...$complexValues)
* @method Complex subtract(...$complexValues)
* @method Complex multiply(...$complexValues)
* @method Complex divideby(...$complexValues)
* @method Complex divideinto(...$complexValues)
*/
class Complex
{
/**
* @constant Euler's Number.
*/
const EULER = 2.7182818284590452353602874713526624977572;
/**
* @constant Regexp to split an input string into real and imaginary components and suffix
*/
const NUMBER_SPLIT_REGEXP =
'` ^
( # Real part
[-+]?(\d+\.?\d*|\d*\.?\d+) # Real value (integer or float)
([Ee][-+]?[0-2]?\d{1,3})? # Optional real exponent for scientific format
)
( # Imaginary part
[-+]?(\d+\.?\d*|\d*\.?\d+) # Imaginary value (integer or float)
([Ee][-+]?[0-2]?\d{1,3})? # Optional imaginary exponent for scientific format
)?
( # Imaginary part is optional
([-+]?) # Imaginary (implicit 1 or -1) only
([ij]?) # Imaginary i or j - depending on whether mathematical or engineering
)
$`uix';
/**
* @var float $realPart The value of of this complex number on the real plane.
*/
protected $realPart = 0.0;
/**
* @var float $imaginaryPart The value of of this complex number on the imaginary plane.
*/
protected $imaginaryPart = 0.0;
/**
* @var string $suffix The suffix for this complex number (i or j).
*/
protected $suffix;
/**
* Validates whether the argument is a valid complex number, converting scalar or array values if possible
*
* @param mixed $complexNumber The value to parse
* @return array
* @throws Exception If the argument isn't a Complex number or cannot be converted to one
*/
private static function parseComplex($complexNumber)
{
// Test for real number, with no imaginary part
if (is_numeric($complexNumber)) {
return [$complexNumber, 0, null];
}
// Fix silly human errors
$complexNumber = str_replace(
['+-', '-+', '++', '--'],
['-', '-', '+', '+'],
$complexNumber
);
// Basic validation of string, to parse out real and imaginary parts, and any suffix
$validComplex = preg_match(
self::NUMBER_SPLIT_REGEXP,
$complexNumber,
$complexParts
);
if (!$validComplex) {
// Neither real nor imaginary part, so test to see if we actually have a suffix
$validComplex = preg_match('/^([\-\+]?)([ij])$/ui', $complexNumber, $complexParts);
if (!$validComplex) {
throw new Exception('Invalid complex number');
}
// We have a suffix, so set the real to 0, the imaginary to either 1 or -1 (as defined by the sign)
$imaginary = 1;
if ($complexParts[1] === '-') {
$imaginary = 0 - $imaginary;
}
return [0, $imaginary, $complexParts[2]];
}
// If we don't have an imaginary part, identify whether it should be +1 or -1...
if (($complexParts[4] === '') && ($complexParts[9] !== '')) {
if ($complexParts[7] !== $complexParts[9]) {
$complexParts[4] = 1;
if ($complexParts[8] === '-') {
$complexParts[4] = -1;
}
} else {
// ... or if we have only the real and no imaginary part
// (in which case our real should be the imaginary)
$complexParts[4] = $complexParts[1];
$complexParts[1] = 0;
}
}
// Return real and imaginary parts and suffix as an array, and set a default suffix if user input lazily
return [
$complexParts[1],
$complexParts[4],
!empty($complexParts[9]) ? $complexParts[9] : 'i'
];
}
public function __construct($realPart = 0.0, $imaginaryPart = null, $suffix = 'i')
{
if ($imaginaryPart === null) {
if (is_array($realPart)) {
// We have an array of (potentially) real and imaginary parts, and any suffix
list ($realPart, $imaginaryPart, $suffix) = array_values($realPart) + [0.0, 0.0, 'i'];
} elseif ((is_string($realPart)) || (is_numeric($realPart))) {
// We've been given a string to parse to extract the real and imaginary parts, and any suffix
list($realPart, $imaginaryPart, $suffix) = self::parseComplex($realPart);
}
}
if ($imaginaryPart <> 0.0 && empty($suffix)) {
$suffix = 'i';
}
// Set parsed values in our properties
$this->realPart = (float) $realPart;
$this->imaginaryPart = (float) $imaginaryPart;
$this->suffix = strtolower($suffix);
}
/**
* Gets the real part of this complex number
*
* @return Float
*/
public function getReal()
{
return $this->realPart;
}
/**
* Gets the imaginary part of this complex number
*
* @return Float
*/
public function getImaginary()
{
return $this->imaginaryPart;
}
/**
* Gets the suffix of this complex number
*
* @return String
*/
public function getSuffix()
{
return $this->suffix;
}
/**
* Returns true if this is a real value, false if a complex value
*
* @return Bool
*/
public function isReal()
{
return $this->imaginaryPart == 0.0;
}
/**
* Returns true if this is a complex value, false if a real value
*
* @return Bool
*/
public function isComplex()
{
return !$this->isReal();
}
public function format()
{
$str = "";
if ($this->imaginaryPart != 0.0) {
if (\abs($this->imaginaryPart) != 1.0) {
$str .= $this->imaginaryPart . $this->suffix;
} else {
$str .= (($this->imaginaryPart < 0.0) ? '-' : '') . $this->suffix;
}
}
if ($this->realPart != 0.0) {
if (($str) && ($this->imaginaryPart > 0.0)) {
$str = "+" . $str;
}
$str = $this->realPart . $str;
}
if (!$str) {
$str = "0.0";
}
return $str;
}
public function __toString()
{
return $this->format();
}
/**
* Validates whether the argument is a valid complex number, converting scalar or array values if possible
*
* @param mixed $complex The value to validate
* @return Complex
* @throws Exception If the argument isn't a Complex number or cannot be converted to one
*/
public static function validateComplexArgument($complex)
{
if (is_scalar($complex) || is_array($complex)) {
$complex = new Complex($complex);
} elseif (!is_object($complex) || !($complex instanceof Complex)) {
throw new Exception('Value is not a valid complex number');
}
return $complex;
}
/**
* Returns the reverse of this complex number
*
* @return Complex
*/
public function reverse()
{
return new Complex(
$this->imaginaryPart,
$this->realPart,
($this->realPart == 0.0) ? null : $this->suffix
);
}
public function invertImaginary()
{
return new Complex(
$this->realPart,
$this->imaginaryPart * -1,
($this->imaginaryPart == 0.0) ? null : $this->suffix
);
}
public function invertReal()
{
return new Complex(
$this->realPart * -1,
$this->imaginaryPart,
($this->imaginaryPart == 0.0) ? null : $this->suffix
);
}
protected static $functions = [
'abs',
'acos',
'acosh',
'acot',
'acoth',
'acsc',
'acsch',
'argument',
'asec',
'asech',
'asin',
'asinh',
'atan',
'atanh',
'conjugate',
'cos',
'cosh',
'cot',
'coth',
'csc',
'csch',
'exp',
'inverse',
'ln',
'log2',
'log10',
'negative',
'pow',
'rho',
'sec',
'sech',
'sin',
'sinh',
'sqrt',
'tan',
'tanh',
'theta',
];
protected static $operations = [
'add',
'subtract',
'multiply',
'divideby',
'divideinto',
];
/**
* Returns the result of the function call or operation
*
* @return Complex|float
* @throws Exception|\InvalidArgumentException
*/
public function __call($functionName, $arguments)
{
$functionName = strtolower(str_replace('_', '', $functionName));
// Test for function calls
if (in_array($functionName, self::$functions)) {
$functionName = "\\" . __NAMESPACE__ . "\\{$functionName}";
return $functionName($this, ...$arguments);
}
// Test for operation calls
if (in_array($functionName, self::$operations)) {
$functionName = "\\" . __NAMESPACE__ . "\\{$functionName}";
return $functionName($this, ...$arguments);
}
throw new Exception('Function or Operation does not exist');
}
}

13
inc/vendor/markbaker/complex/classes/src/Exception.php vendored Normal file
View File

@ -0,0 +1,13 @@
<?php
/**
* Exception.
*
* @copyright Copyright (c) 2013-2018 Mark Baker (https://github.com/MarkBaker/PHPComplex)
* @license https://opensource.org/licenses/MIT MIT
*/
namespace Complex;
class Exception extends \Exception
{
}

29
inc/vendor/markbaker/complex/classes/src/functions/abs.php vendored Normal file
View File

@ -0,0 +1,29 @@
<?php
/**
*
* Function code for the complex abs() function
*
* @copyright Copyright (c) 2013-2018 Mark Baker (https://github.com/MarkBaker/PHPComplex)
* @license https://opensource.org/licenses/MIT MIT
*/
namespace Complex;
/**
* Returns the absolute value (modulus) of a complex number.
* Also known as the rho of the complex number, i.e. the distance/radius
* from the centrepoint to the representation of the number in polar coordinates.
*
* This function is a synonym for rho()
*
* @param Complex|mixed $complex Complex number or a numeric value.
* @return float The absolute (or rho) value of the complex argument.
* @throws Exception If argument isn't a valid real or complex number.
*
* @see rho
*
*/
function abs($complex)
{
return rho($complex);
}

38
inc/vendor/markbaker/complex/classes/src/functions/acos.php vendored Normal file
View File

@ -0,0 +1,38 @@
<?php
/**
*
* Function code for the complex acos() function
*
* @copyright Copyright (c) 2013-2018 Mark Baker (https://github.com/MarkBaker/PHPComplex)
* @license https://opensource.org/licenses/MIT MIT
*/
namespace Complex;
/**
* Returns the inverse cosine of a complex number.
*
* @param Complex|mixed $complex Complex number or a numeric value.
* @return Complex The inverse cosine of the complex argument.
* @throws Exception If argument isn't a valid real or complex number.
*/
function acos($complex)
{
$complex = Complex::validateComplexArgument($complex);
$square = clone $complex;
$square = multiply($square, $complex);
$invsqrt = new Complex(1.0);
$invsqrt = subtract($invsqrt, $square);
$invsqrt = sqrt($invsqrt);
$adjust = new Complex(
$complex->getReal() - $invsqrt->getImaginary(),
$complex->getImaginary() + $invsqrt->getReal()
);
$log = ln($adjust);
return new Complex(
$log->getImaginary(),
-1 * $log->getReal()
);
}

34
inc/vendor/markbaker/complex/classes/src/functions/acosh.php vendored Normal file
View File

@ -0,0 +1,34 @@
<?php
/**
*
* Function code for the complex acosh() function
*
* @copyright Copyright (c) 2013-2018 Mark Baker (https://github.com/MarkBaker/PHPComplex)
* @license https://opensource.org/licenses/MIT MIT
*/
namespace Complex;
/**
* Returns the inverse hyperbolic cosine of a complex number.
*
* @param Complex|mixed $complex Complex number or a numeric value.
* @return Complex The inverse hyperbolic cosine of the complex argument.
* @throws Exception If argument isn't a valid real or complex number.
*/
function acosh($complex)
{
$complex = Complex::validateComplexArgument($complex);
if ($complex->isReal() && ($complex->getReal() > 1)) {
return new Complex(\acosh($complex->getReal()));
}
$acosh = acos($complex)
->reverse();
if ($acosh->getReal() < 0.0) {
$acosh = $acosh->invertReal();
}
return $acosh;
}

25
inc/vendor/markbaker/complex/classes/src/functions/acot.php vendored Normal file
View File

@ -0,0 +1,25 @@
<?php
/**
*
* Function code for the complex acot() function
*
* @copyright Copyright (c) 2013-2018 Mark Baker (https://github.com/MarkBaker/PHPComplex)
* @license https://opensource.org/licenses/MIT MIT
*/
namespace Complex;
/**
* Returns the inverse cotangent of a complex number.
*
* @param Complex|mixed $complex Complex number or a numeric value.
* @return Complex The inverse cotangent of the complex argument.
* @throws Exception If argument isn't a valid real or complex number.
* @throws \InvalidArgumentException If function would result in a division by zero
*/
function acot($complex)
{
$complex = Complex::validateComplexArgument($complex);
return atan(inverse($complex));
}

25
inc/vendor/markbaker/complex/classes/src/functions/acoth.php vendored Normal file
View File

@ -0,0 +1,25 @@
<?php
/**
*
* Function code for the complex acoth() function
*
* @copyright Copyright (c) 2013-2018 Mark Baker (https://github.com/MarkBaker/PHPComplex)
* @license https://opensource.org/licenses/MIT MIT
*/
namespace Complex;
/**
* Returns the inverse hyperbolic cotangent of a complex number.
*
* @param Complex|mixed $complex Complex number or a numeric value.
* @return Complex The inverse hyperbolic cotangent of the complex argument.
* @throws Exception If argument isn't a valid real or complex number.
* @throws \InvalidArgumentException If function would result in a division by zero
*/
function acoth($complex)
{
$complex = Complex::validateComplexArgument($complex);
return atanh(inverse($complex));
}

29
inc/vendor/markbaker/complex/classes/src/functions/acsc.php vendored Normal file
View File

@ -0,0 +1,29 @@
<?php
/**
*
* Function code for the complex acsc() function
*
* @copyright Copyright (c) 2013-2018 Mark Baker (https://github.com/MarkBaker/PHPComplex)
* @license https://opensource.org/licenses/MIT MIT
*/
namespace Complex;
/**
* Returns the inverse cosecant of a complex number.
*
* @param Complex|mixed $complex Complex number or a numeric value.
* @return Complex The inverse cosecant of the complex argument.
* @throws Exception If argument isn't a valid real or complex number.
* @throws \InvalidArgumentException If function would result in a division by zero
*/
function acsc($complex)
{
$complex = Complex::validateComplexArgument($complex);
if ($complex->getReal() == 0.0 && $complex->getImaginary() == 0.0) {
return INF;
}
return asin(inverse($complex));
}

29
inc/vendor/markbaker/complex/classes/src/functions/acsch.php vendored Normal file
View File

@ -0,0 +1,29 @@
<?php
/**
*
* Function code for the complex acsch() function
*
* @copyright Copyright (c) 2013-2018 Mark Baker (https://github.com/MarkBaker/PHPComplex)
* @license https://opensource.org/licenses/MIT MIT
*/
namespace Complex;
/**
* Returns the inverse hyperbolic cosecant of a complex number.
*
* @param Complex|mixed $complex Complex number or a numeric value.
* @return Complex The inverse hyperbolic cosecant of the complex argument.
* @throws Exception If argument isn't a valid real or complex number.
* @throws \InvalidArgumentException If function would result in a division by zero
*/
function acsch($complex)
{
$complex = Complex::validateComplexArgument($complex);
if ($complex->getReal() == 0.0 && $complex->getImaginary() == 0.0) {
return INF;
}
return asinh(inverse($complex));
}

28
inc/vendor/markbaker/complex/classes/src/functions/argument.php vendored Normal file
View File

@ -0,0 +1,28 @@
<?php
/**
*
* Function code for the complex argument() function
*
* @copyright Copyright (c) 2013-2018 Mark Baker (https://github.com/MarkBaker/PHPComplex)
* @license https://opensource.org/licenses/MIT MIT
*/
namespace Complex;
/**
* Returns the argument of a complex number.
* Also known as the theta of the complex number, i.e. the angle in radians
* from the real axis to the representation of the number in polar coordinates.
*
* This function is a synonym for theta()
*
* @param Complex|mixed $complex Complex number or a numeric value.
* @return float The argument (or theta) value of the complex argument.
* @throws Exception If argument isn't a valid real or complex number.
*
* @see theta
*/
function argument($complex)
{
return theta($complex);
}

29
inc/vendor/markbaker/complex/classes/src/functions/asec.php vendored Normal file
View File

@ -0,0 +1,29 @@
<?php
/**
*
* Function code for the complex asec() function
*
* @copyright Copyright (c) 2013-2018 Mark Baker (https://github.com/MarkBaker/PHPComplex)
* @license https://opensource.org/licenses/MIT MIT
*/
namespace Complex;
/**
* Returns the inverse secant of a complex number.
*
* @param Complex|mixed $complex Complex number or a numeric value.
* @return Complex The inverse secant of the complex argument.
* @throws Exception If argument isn't a valid real or complex number.
* @throws \InvalidArgumentException If function would result in a division by zero
*/
function asec($complex)
{
$complex = Complex::validateComplexArgument($complex);
if ($complex->getReal() == 0.0 && $complex->getImaginary() == 0.0) {
return INF;
}
return acos(inverse($complex));
}

29
inc/vendor/markbaker/complex/classes/src/functions/asech.php vendored Normal file
View File

@ -0,0 +1,29 @@
<?php
/**
*
* Function code for the complex asech() function
*
* @copyright Copyright (c) 2013-2018 Mark Baker (https://github.com/MarkBaker/PHPComplex)
* @license https://opensource.org/licenses/MIT MIT
*/
namespace Complex;
/**
* Returns the inverse hyperbolic secant of a complex number.
*
* @param Complex|mixed $complex Complex number or a numeric value.
* @return Complex The inverse hyperbolic secant of the complex argument.
* @throws Exception If argument isn't a valid real or complex number.
* @throws \InvalidArgumentException If function would result in a division by zero
*/
function asech($complex)
{
$complex = Complex::validateComplexArgument($complex);
if ($complex->getReal() == 0.0 && $complex->getImaginary() == 0.0) {
return INF;
}
return acosh(inverse($complex));
}

37
inc/vendor/markbaker/complex/classes/src/functions/asin.php vendored Normal file
View File

@ -0,0 +1,37 @@
<?php
/**
*
* Function code for the complex asin() function
*
* @copyright Copyright (c) 2013-2018 Mark Baker (https://github.com/MarkBaker/PHPComplex)
* @license https://opensource.org/licenses/MIT MIT
*/
namespace Complex;
/**
* Returns the inverse sine of a complex number.
*
* @param Complex|mixed $complex Complex number or a numeric value.
* @return Complex The inverse sine of the complex argument.
* @throws Exception If argument isn't a valid real or complex number.
*/
function asin($complex)
{
$complex = Complex::validateComplexArgument($complex);
$square = multiply($complex, $complex);
$invsqrt = new Complex(1.0);
$invsqrt = subtract($invsqrt, $square);
$invsqrt = sqrt($invsqrt);
$adjust = new Complex(
$invsqrt->getReal() - $complex->getImaginary(),
$invsqrt->getImaginary() + $complex->getReal()
);
$log = ln($adjust);
return new Complex(
$log->getImaginary(),
-1 * $log->getReal()
);
}

33
inc/vendor/markbaker/complex/classes/src/functions/asinh.php vendored Normal file
View File

@ -0,0 +1,33 @@
<?php
/**
*
* Function code for the complex asinh() function
*
* @copyright Copyright (c) 2013-2018 Mark Baker (https://github.com/MarkBaker/PHPComplex)
* @license https://opensource.org/licenses/MIT MIT
*/
namespace Complex;
/**
* Returns the inverse hyperbolic sine of a complex number.
*
* @param Complex|mixed $complex Complex number or a numeric value.
* @return Complex The inverse hyperbolic sine of the complex argument.
* @throws Exception If argument isn't a valid real or complex number.
*/
function asinh($complex)
{
$complex = Complex::validateComplexArgument($complex);
if ($complex->isReal() && ($complex->getReal() > 1)) {
return new Complex(\asinh($complex->getReal()));
}
$asinh = clone $complex;
$asinh = $asinh->reverse()
->invertReal();
$asinh = asin($asinh);
return $asinh->reverse()
->invertImaginary();
}

45
inc/vendor/markbaker/complex/classes/src/functions/atan.php vendored Normal file
View File

@ -0,0 +1,45 @@
<?php
/**
*
* Function code for the complex atan() function
*
* @copyright Copyright (c) 2013-2018 Mark Baker (https://github.com/MarkBaker/PHPComplex)
* @license https://opensource.org/licenses/MIT MIT
*/
namespace Complex;
//include_once 'Math/Complex.php';
//include_once 'Math/ComplexOp.php';
/**
* Returns the inverse tangent of a complex number.
*
* @param Complex|mixed $complex Complex number or a numeric value.
* @return Complex The inverse tangent of the complex argument.
* @throws Exception If argument isn't a valid real or complex number.
* @throws \InvalidArgumentException If function would result in a division by zero
*/
function atan($complex)
{
$complex = Complex::validateComplexArgument($complex);
if ($complex->isReal()) {
return new Complex(\atan($complex->getReal()));
}
$t1Value = new Complex(-1 * $complex->getImaginary(), $complex->getReal());
$uValue = new Complex(1, 0);
$d1Value = clone $uValue;
$d1Value = subtract($d1Value, $t1Value);
$d2Value = add($t1Value, $uValue);
$uResult = $d1Value->divideBy($d2Value);
$uResult = ln($uResult);
return new Complex(
(($uResult->getImaginary() == M_PI) ? -M_PI : $uResult->getImaginary()) * -0.5,
$uResult->getReal() * 0.5,
$complex->getSuffix()
);
}

38
inc/vendor/markbaker/complex/classes/src/functions/atanh.php vendored Normal file
View File

@ -0,0 +1,38 @@
<?php
/**
*
* Function code for the complex atanh() function
*
* @copyright Copyright (c) 2013-2018 Mark Baker (https://github.com/MarkBaker/PHPComplex)
* @license https://opensource.org/licenses/MIT MIT
*/
namespace Complex;
/**
* Returns the inverse hyperbolic tangent of a complex number.
*
* @param Complex|mixed $complex Complex number or a numeric value.
* @return Complex The inverse hyperbolic tangent of the complex argument.
* @throws Exception If argument isn't a valid real or complex number.
*/
function atanh($complex)
{
$complex = Complex::validateComplexArgument($complex);
if ($complex->isReal()) {
$real = $complex->getReal();
if ($real >= -1.0 && $real <= 1.0) {
return new Complex(\atanh($real));
} else {
return new Complex(\atanh(1 / $real), (($real < 0.0) ? M_PI_2 : -1 * M_PI_2));
}
}
$iComplex = clone $complex;
$iComplex = $iComplex->invertImaginary()
->reverse();
return atan($iComplex)
->invertReal()
->reverse();
}

28
inc/vendor/markbaker/complex/classes/src/functions/conjugate.php vendored Normal file
View File

@ -0,0 +1,28 @@
<?php
/**
*
* Function code for the complex conjugate() function
*
* @copyright Copyright (c) 2013-2018 Mark Baker (https://github.com/MarkBaker/PHPComplex)
* @license https://opensource.org/licenses/MIT MIT
*/
namespace Complex;
/**
* Returns the complex conjugate of a complex number
*
* @param Complex|mixed $complex Complex number or a numeric value.
* @return Complex The conjugate of the complex argument.
* @throws Exception If argument isn't a valid real or complex number.
*/
function conjugate($complex)
{
$complex = Complex::validateComplexArgument($complex);
return new Complex(
$complex->getReal(),
-1 * $complex->getImaginary(),
$complex->getSuffix()
);
}

34
inc/vendor/markbaker/complex/classes/src/functions/cos.php vendored Normal file
View File

@ -0,0 +1,34 @@
<?php
/**
*
* Function code for the complex cos() function
*
* @copyright Copyright (c) 2013-2018 Mark Baker (https://github.com/MarkBaker/PHPComplex)
* @license https://opensource.org/licenses/MIT MIT
*/
namespace Complex;
/**
* Returns the cosine of a complex number.
*
* @param Complex|mixed $complex Complex number or a numeric value.
* @return Complex The cosine of the complex argument.
* @throws Exception If argument isn't a valid real or complex number.
*/
function cos($complex)
{
$complex = Complex::validateComplexArgument($complex);
if ($complex->isReal()) {
return new Complex(\cos($complex->getReal()));
}
return conjugate(
new Complex(
\cos($complex->getReal()) * \cosh($complex->getImaginary()),
\sin($complex->getReal()) * \sinh($complex->getImaginary()),
$complex->getSuffix()
)
);
}

32
inc/vendor/markbaker/complex/classes/src/functions/cosh.php vendored Normal file
View File

@ -0,0 +1,32 @@
<?php
/**
*
* Function code for the complex cosh() function
*
* @copyright Copyright (c) 2013-2018 Mark Baker (https://github.com/MarkBaker/PHPComplex)
* @license https://opensource.org/licenses/MIT MIT
*/
namespace Complex;
/**
* Returns the hyperbolic cosine of a complex number.
*
* @param Complex|mixed $complex Complex number or a numeric value.
* @return Complex The hyperbolic cosine of the complex argument.
* @throws Exception If argument isn't a valid real or complex number.
*/
function cosh($complex)
{
$complex = Complex::validateComplexArgument($complex);
if ($complex->isReal()) {
return new Complex(\cosh($complex->getReal()));
}
return new Complex(
\cosh($complex->getReal()) * \cos($complex->getImaginary()),
\sinh($complex->getReal()) * \sin($complex->getImaginary()),
$complex->getSuffix()
);
}

29
inc/vendor/markbaker/complex/classes/src/functions/cot.php vendored Normal file
View File

@ -0,0 +1,29 @@
<?php
/**
*
* Function code for the complex cot() function
*
* @copyright Copyright (c) 2013-2018 Mark Baker (https://github.com/MarkBaker/PHPComplex)
* @license https://opensource.org/licenses/MIT MIT
*/
namespace Complex;
/**
* Returns the cotangent of a complex number.
*
* @param Complex|mixed $complex Complex number or a numeric value.
* @return Complex The cotangent of the complex argument.
* @throws Exception If argument isn't a valid real or complex number.
* @throws \InvalidArgumentException If function would result in a division by zero
*/
function cot($complex)
{
$complex = Complex::validateComplexArgument($complex);
if ($complex->getReal() == 0.0 && $complex->getImaginary() == 0.0) {
return new Complex(INF);
}
return inverse(tan($complex));
}

24
inc/vendor/markbaker/complex/classes/src/functions/coth.php vendored Normal file
View File

@ -0,0 +1,24 @@
<?php
/**
*
* Function code for the complex coth() function
*
* @copyright Copyright (c) 2013-2018 Mark Baker (https://github.com/MarkBaker/PHPComplex)
* @license https://opensource.org/licenses/MIT MIT
*/
namespace Complex;
/**
* Returns the hyperbolic cotangent of a complex number.
*
* @param Complex|mixed $complex Complex number or a numeric value.
* @return Complex The hyperbolic cotangent of the complex argument.
* @throws Exception If argument isn't a valid real or complex number.
* @throws \InvalidArgumentException If function would result in a division by zero
*/
function coth($complex)
{
$complex = Complex::validateComplexArgument($complex);
return inverse(tanh($complex));
}

29
inc/vendor/markbaker/complex/classes/src/functions/csc.php vendored Normal file
View File

@ -0,0 +1,29 @@
<?php
/**
*
* Function code for the complex csc() function
*
* @copyright Copyright (c) 2013-2018 Mark Baker (https://github.com/MarkBaker/PHPComplex)
* @license https://opensource.org/licenses/MIT MIT
*/
namespace Complex;
/**
* Returns the cosecant of a complex number.
*
* @param Complex|mixed $complex Complex number or a numeric value.
* @return Complex The cosecant of the complex argument.
* @throws Exception If argument isn't a valid real or complex number.
* @throws \InvalidArgumentException If function would result in a division by zero
*/
function csc($complex)
{
$complex = Complex::validateComplexArgument($complex);
if ($complex->getReal() == 0.0 && $complex->getImaginary() == 0.0) {
return INF;
}
return inverse(sin($complex));
}

29
inc/vendor/markbaker/complex/classes/src/functions/csch.php vendored Normal file
View File

@ -0,0 +1,29 @@
<?php
/**
*
* Function code for the complex csch() function
*
* @copyright Copyright (c) 2013-2018 Mark Baker (https://github.com/MarkBaker/PHPComplex)
* @license https://opensource.org/licenses/MIT MIT
*/
namespace Complex;
/**
* Returns the hyperbolic cosecant of a complex number.
*
* @param Complex|mixed $complex Complex number or a numeric value.
* @return Complex The hyperbolic cosecant of the complex argument.
* @throws Exception If argument isn't a valid real or complex number.
* @throws \InvalidArgumentException If function would result in a division by zero
*/
function csch($complex)
{
$complex = Complex::validateComplexArgument($complex);
if ($complex->getReal() == 0.0 && $complex->getImaginary() == 0.0) {
return INF;
}
return inverse(sinh($complex));
}

34
inc/vendor/markbaker/complex/classes/src/functions/exp.php vendored Normal file
View File

@ -0,0 +1,34 @@
<?php
/**
*
* Function code for the complex exp() function
*
* @copyright Copyright (c) 2013-2018 Mark Baker (https://github.com/MarkBaker/PHPComplex)
* @license https://opensource.org/licenses/MIT MIT
*/
namespace Complex;
/**
* Returns the exponential of a complex number.
*
* @param Complex|mixed $complex Complex number or a numeric value.
* @return Complex The exponential of the complex argument.
* @throws Exception If argument isn't a valid real or complex number.
*/
function exp($complex)
{
$complex = Complex::validateComplexArgument($complex);
if (($complex->getReal() == 0.0) && (\abs($complex->getImaginary()) == M_PI)) {
return new Complex(-1.0, 0.0);
}
$rho = \exp($complex->getReal());
return new Complex(
$rho * \cos($complex->getImaginary()),
$rho * \sin($complex->getImaginary()),
$complex->getSuffix()
);
}

29
inc/vendor/markbaker/complex/classes/src/functions/inverse.php vendored Normal file
View File

@ -0,0 +1,29 @@
<?php
/**
*
* Function code for the complex inverse() function
*
* @copyright Copyright (c) 2013-2018 Mark Baker (https://github.com/MarkBaker/PHPComplex)
* @license https://opensource.org/licenses/MIT MIT
*/
namespace Complex;
/**
* Returns the inverse of a complex number.
*
* @param Complex|mixed $complex Complex number or a numeric value.
* @return Complex The inverse of the complex argument.
* @throws Exception If argument isn't a valid real or complex number.
* @throws \InvalidArgumentException If function would result in a division by zero
*/
function inverse($complex)
{
$complex = clone Complex::validateComplexArgument($complex);
if ($complex->getReal() == 0.0 && $complex->getImaginary() == 0.0) {
throw new \InvalidArgumentException('Division by zero');
}
return $complex->divideInto(1.0);
}

Some files were not shown because too many files have changed in this diff Show More