<?php
/**
 * File: orphaned.php
 * Author: Ryan Prather
 * Purpose: Display the findings for a particular host that are not assigned to any checklist
 * Created: Jan 31, 2014
 *
 * Portions Copyright (c) 2012-2015, Salient Federal Solutions
 * Portions Copyright (c) 2008-2011, Science Applications International Corporation (SAIC)
 * Released under Modified BSD License
 *
 * See license.txt for details
 *
 * Change Log:
 *  - Jan 31, 2014 - File created
 */
include_once 'config.inc';
include_once 'database.inc';
include_once 'helper.inc';

$db = new db();

if (!isset($_REQUEST['tgt'])) {
  print "Need to know what host you want to look at";
  exit;
}

$tgt = $db->get_Target_Details($_REQUEST['ste'], $_REQUEST['tgt'])[0];

$findings = $db->get_Finding($tgt, null, null, true);

set_time_limit(0);
?>

<!DOCTYPE HTML>
<html>
  <head>
    <title><?php print $tgt->get_Name(); ?> - Orphan Findings</title>
    <style type='text/css'>
      #tooltip {
        display: none;
        z-index: 1000;
        background-color: #FFE681;
        color: #000;
        font-size: 16px;
        padding: 4px;
        line-height: 1em;
        position: absolute;
      }
      .hidden {
        display: none;
      }
    </style>

    <script src='../style/5grid/jquery-1.10.2.min.js'></script>
    <script src='../script/default.js'></script>
    <script>
      function pdi_popup(pdi_id, orphan_id) {
        $('#pdi_popup').attr('src', '../data/pdi.php?pdi=' + pdi_id + '&orphan=' + orphan_id);
      }
    </script>
  </head>
  <body onload='javascript:initTip();'>
    <div id='tooltip'></div>
    <table border=1>
      <thead>
        <tr>
          <th>Orphan ID</th>
          <th>VMS ID</th>
          <th>Cat</th>
          <th>IA Controls</th>
          <th>Short Title</th>
          <th>Possible Matches</th>
        </tr>
      </thead>
      <tbody>
        <?php
        foreach ($findings as $key => $finding) {
          $pdi = $db->get_PDI($finding->get_PDI_ID());
          $nessus = null;
          $cve = null;
          $iavm = null;
          $gd = $db->get_GoldDisk_By_PDI($pdi->get_ID());

          $stigs = $db->get_STIG_By_PDI($pdi->get_ID());
          if (!is_a($stigs, 'stig')) {
            die("Can't find the STIG for PDI {$pdi->get_ID()}");
          }

          if (count($gd) == 1) {
            $gd = $gd[0];
          }
          else {
            $gd = null;
          }

          $ia = $db->get_IA_Controls_By_PDI($pdi->get_ID());

          print "<tr>" . PHP_EOL .
              "<td onmouseout='hideTip();' onmouseover='showTip(event, " . $pdi->get_ID() . ");'>" . $stigs->get_ID() . "<div class='hidden' id='" . $pdi->get_ID() . "'>" . nl2br($finding->get_Notes()) . "</div></td>" . PHP_EOL .
              "<td>" . (!is_null($gd) ? $gd->get_ID() : '') . "</td>" . PHP_EOL .
              "<td>" . $pdi->get_Category_Level_String() . "</td>" . PHP_EOL .
              "<td>" . "</td>" . PHP_EOL .
              "<td>" . $pdi->get_Short_Title() . "</td>" . PHP_EOL;

          if (preg_match('/\d{5,6}/', $stigs->get_ID())) {
            $nessus = $db->get_Nessus($stigs->get_ID());
          }
          elseif (preg_match('/CVE\-\d{4}\-\d{4}/', $stigs->get_ID())) {
            $cve = $db->get_CVE($stigs->get_ID());
          }
          elseif (preg_match('/\d{4}\-[ABT]\-\d{4}/', $stigs->get_ID())) {
            $iavm = $db->get_IAVM($stigs->get_ID());
          }
          else {

          }

          $matches = $db->get_Matching_PDIs($pdi, $nessus, $cve, $iavm);

          print "<td>";
          foreach ($matches as $key => $match) {
            $short_desc = nl2br(htmlentities(substr($match['desc'], 0, 500)));
            $short_cont = nl2br(htmlentities(substr($match['check_content'], 0, 1000)));

            print "<div class='hidden' id='" . $match['pdi_id'] . "'>" .
                $short_desc .
                (strlen($match['desc']) > 500 ? " <b>(truncated)</b>" : "") . "<br />" .
                $short_cont .
                (strlen($match['check_content']) > 1000 ? " <b>(truncated)</b>" : "") .
                "</div>";

            print "<a onmouseout='hideTip();'
              onmouseover='showTip(event, " . $match['pdi_id'] . ");'
              href='javascript:void(0);'
              onclick='javascript:pdi_popup(" . $match['pdi_id'] . ",\"" . $stigs->get_ID() . "\");'>" .
                $match['pdi_id'] .
                "</a> (" . $match['score'] . ") " . $match['title'] . "<br />";
          }
          print "</td>";

          print "</tr>" . PHP_EOL;
        }
        ?>
      </tbody>
    </table>
    <iframe id='pdi_popup' class='box' style='width: 80%; height: 80%; top: 10%; left: 10%;'></iframe>
  </body>
</html>