<?php
/**
 * File: background_stigs.php
 * Author: Ryan Prather
 * Purpose: To allow scripts to run in the background
 *  Currently only implements the STIG XML importing
 * Created: Jul 18, 2014
 *
 * Portions Copyright (c) 2016-2017: Cyber Perspectives, LLC All rights reserved
 * Released under the Apache v2.0 License
 *
 * Portions Copyright (c) 2012-2015, Salient Federal Solutions
 * Portions Copyright (c) 2008-2011, Science Applications International Corporation (SAIC)
 * Released under Modified BSD License
 *
 * See license.txt for details
 *
 * Change Log:
 *  - Jul 18, 2014 - File created
 *  - Dec 7, 2016 - Changed PHP constant to PHP_BIN and added Cyber Perspectives copyright
 *  - Dec 12, 2016 - Revised text for to run parse_stig script, delete files only if --delete parameter is set
 *  - Feb 15, 2017 - Formatting, revised the printed messages throughout the script, and converted file_types constants where required
 *  - Feb 21, 2017 - Fixed paths and revised progress output, Revised directories and fixed output
 *  - Mar 3, 2017 - Now shuffling the STIG files to prevent duplicate STIG creation and fixed bug with scripts not being updated to complete when done
 *  - Mar 8, 2017 - Fixed typo with catalog_scripts table and added update to $count value when waiting for all script to complete
 *  - Apr 5, 2017 - Hard coded parsing 20 STIGs instead of using MAX_RESULTS constant
 *  - Jun 27, 2017 - Cleanup
 *  - Jul 13, 2017 - Changed STIG parsing to serial instead of parallel to fix issue with duplicate STIGs from race conditions
 *  - May 31, 2018 - Added deletion when files match exclusion
 *  - Jun 2, 2018 - Added code to check STIG_EXCLUSIONS constant to for permanently excluded STIGs
 */
$cmd = getopt("x::h::d::", ["debug::", "delete::", "ia::", "extract::", "help::", 'exclude::']);

if (isset($cmd['help']) || isset($cmd['h'])) {
    die(usage());
}

set_time_limit(0);

require_once 'config.inc';
require_once 'helper.inc';
require_once 'database.inc';
require_once 'vendor/autoload.php';

use Monolog\Logger;
use Monolog\Handler\StreamHandler;
use Monolog\Formatter\LineFormatter;

$log_level = Logger::ERROR;
switch (LOG_LEVEL) {
    case E_WARNING:
        $log_level = Logger::WARNING;
        break;
    case E_NOTICE:
        $log_level = Logger::NOTICE;
        break;
    case E_DEBUG:
        $log_level = Logger::DEBUG;
}

if (isset($cmd['debug'])) {
    $log_level = Logger::DEBUG;
}

$stream = new StreamHandler("php://output", $log_level);
$stream->setFormatter(new LineFormatter("%datetime% %level_name% %message%" . PHP_EOL, "H:i:s.u"));

$log = new Logger("stig_parser");
$log->pushHandler(new StreamHandler(LOG_PATH . "/stig_parser.log", $log_level));
$log->pushHandler($stream);

check_path(TMP . "/stigs");
check_path(TMP . "/stigs/zip");
check_path(TMP . "/stigs/checklist");
check_path(TMP . "/stigs/xml");
check_path(DOC_ROOT . "/reference/stigs");

$path = realpath(TMP . "/stigs");
if (isset($cmd['d']) && $cmd['d']) {
    $path = $cmd['d'];
}

chdir($path);

$db        = new db();
$zip_files = glob("*.zip");
$zip       = new ZipArchive();

// Find the .zip files that were uploaded
foreach ($zip_files as $file) {
    $ft = FileDetection($file);
    if ($ft['type'] == DISA_STIG_LIBRARY_ZIP) {
        $log->info("Extracting $file");
        $zip->open($file);
        $zip->extractTo(realpath(TMP . "/stigs/checklist"));
        $zip->close();
        if (isset($cmd['delete'])) {
            unlink($file);
        }
    }
}

// traverse the checklist directory to find all the zip files and extract those
for ($x = 0; $x < 2; $x++) {
    $dir   = new RecursiveDirectoryIterator(realpath(TMP . "/stigs/checklist"));
    $files = new RecursiveIteratorIterator($dir);
    directory_crawl($files);
}

// traverse the zip directory, and extract the xml, xsl, jpg, or gif files.
for ($x = 0; $x < 3; $x++) {
    $dir   = new RecursiveDirectoryIterator(realpath(TMP . "/stigs/zip"));
    $files = new RecursiveIteratorIterator($dir);
    directory_crawl($files);
}

if (isset($cmd['x']) || isset($cmd['extract'])) {
    $log->info("Extract only complete");
    die;
}

// find all the xml files in the directory
chdir(TMP . "/stigs/xml");
$xml_files = glob("*.xml");

// change back to the document root directory
chdir(DOC_ROOT);
$count = 0;
$db->help->update("settings", ['meta_value' => 0], [
    [
        'field' => 'meta_key',
        'value' => 'stig-progress'
    ]
]);
$db->help->execute();

$regex   = null;
if (isset($cmd['exclude'])) {
    $regex = $cmd['exclude'];
}

foreach ($xml_files as $key => $file) {
    // if the file has a space in the file name we need to replace it because it will cause parsing errors
    if (strpos($file, ' ') !== false) {
        $new_file        = str_replace(' ', '_', $file);
        rename(realpath(TMP . "/stigs/xml/$file"), TMP . "/stigs/xml/$new_file");
        $xml_files[$key] = $file            = $new_file;
        copy(realpath(TMP . "/stigs/xml/$file"), realpath(DOC_ROOT . "/reference/stigs") . "/$file");
    }

    if (!is_null($regex) && preg_match("/$regex/i", $file)) {
        unlink($file);
        $log->debug("Skipping $file due to matching regex");
        continue;
    }
    elseif(!empty(STIG_EXCLUSIONS) && preg_match("/" . STIG_EXCLUSIONS . "/i", $file)) {
        unlink(TMP . "/stigs/xml/$file");
        $log->debug("Skipping $file due to matching STIG exclusion");
        continue;
    }

    // determine the file type
    $ft = FileDetection(TMP . "/stigs/xml/$file");

    // add the file to the stack if it is of the proper type
    //    can add additional types as the parser are created
    if ($ft['type'] == DISA_STIG_XML) {
        $log->info("Parsing STIG file: $file");

        $script = realpath(defined('PHP_BIN') ? PHP_BIN : PHP) .
            " -c " . realpath(PHP_CONF) .
            " -f " . realpath(DOC_ROOT . "/exec/parse_stig.php") . " --" .
            " -f=\"" . realpath(TMP . "/stigs/xml/{$file}") . "\"" .
            (isset($cmd['debug']) ? " --debug" : "");

        $db->add_Catalog_Script(basename($file));
        passthru($script);
    }
    else {
        $log->debug("Skipping $file");
        continue;
    }

    $count++;

    $db->help->update("settings", ['meta_value' => number_format(($count / count($xml_files) * 100), 2)], [
        [
            'field' => 'meta_key',
            'op'    => '=',
            'value' => 'stig-progress'
        ]
    ]);
    $db->help->execute();
}

$db->help->update("catalog_scripts", ['status' => 'COMPLETE'], [
    [
        'field' => 'perc_comp',
        'op'    => '=',
        'value' => 100
    ],
    [
        'field'  => 'status',
        'op'     => '=',
        'value'  => 'RUNNING',
        'sql_op' => 'AND'
    ]
]);
$db->help->execute();
$db->help->update("settings", ['meta_value' => 100], [
    [
        'field' => 'meta_key',
        'op'    => IN,
        'value' => ['stig-dl-progress', 'stig-progress']
    ]
]);
$db->help->execute();

if (isset($cmd['delete'])) {
    if (strtolower(substr(PHP_OS, 0, 3)) == 'win') {
        exec("del /S /Q /F " . realpath(TMP . "/stigs/checklist") . "\\*");
        exec("del /S /Q /F " . realpath(TMP . "/stigs/zip") . "\\*");
    }
    else {
        exec("rm -rf " . realpath(TMP . "/stigs/checklist") . "/*");
        exec("rm -rf " . realpath(TMP . "/stigs/zip") . "/*");
    }
}

/**
 * Function to crawl directory structure to find zip, xml, xsl, gif, and jpg files
 *
 * @param RecursiveIteratorIterator $files
 */
function directory_crawl($files)
{
    global $zip, $log;

    foreach ($files as $file) {
        if (preg_match('/\.zip/', $file)) {
            if ($zip->open($file) === true) {
                for ($i = 0; $i < $zip->numFiles; $i++) {
                    $contents = '';
                    $in_Skips = false;
                    $path     = '';
                    $filename = str_replace('\\', '/', $zip->getNameIndex($i));
                    $fileinfo = pathinfo($filename);

                    if (isset($fileinfo['extension']) && !$in_Skips) {
                        switch (strtolower($fileinfo['extension'])) {
                            case 'zip':
                                $path = TMP . "/stigs/zip/";
                                break;
                            case 'xml':
                                if (!preg_match('/xccdf/i', $fileinfo['basename'])) {
                                    continue;
                                }
                                elseif (strpos($fileinfo['basename'], "$") !== false) {
                                    continue;
                                }

                                $path = TMP . "/stigs/xml/";
                                break;
                            case 'xsl':
                            case 'gif':
                            case 'jpg':
                                $path = DOC_ROOT . "/reference/stigs/";
                                break;
                        }

                        if ($path) {
                            $fp = $zip->getStream($filename);
                            if (!$fp) {
                                error_log("Couldn't get zip file stream for file $filename in $file");
                            }
                            else {
                                while (!feof($fp)) {
                                    $contents .= fread($fp, 1024);
                                }

                                fclose($fp);
                                if (file_put_contents($path . $fileinfo['basename'], $contents) === false) {
                                    die;
                                }
                            }
                        }
                    }
                }
                $zip->close();
            }
        }
    }
}

function usage()
{
    print <<<EOO
Purpose: This program was written to look at all files in the {doc_root}/tmp directory, determine what parser is needed, then call that parser with the appropriate flags.

Usage: background_stigs.php [-x|--extract] [-d="directory"] [--debug] [--regex="ex1|ex2"] [--delete] [--ia] [-h|--help]

 -x|--extract       Simply extract the contents of a .zip file (STIG library) to it's proper places, do not parse the contents
 -d="directory"     Directory to search for the zip and xml files in (optional, defaults to {doc_root}/tmp)

 --regex="ex1|ex2"  Insert a valid regex expression (properly escaped) to exclude specific STIGs from parsing

 --ia               Override any IA controls in the DB to use only the ones that are in the STIG file
 --delete           Delete any files once complete
 --debug            Debugging output
 --help             This screen

EOO;
}