4,
"Non-Compliant" => 3,
"Compliant" => 2,
"Not Applicable" => 1
);
/**
* Reverses the status array
*
* @var multitype:integer
*/
private $FLIPPED = array(
4 => "Not Reviewed",
3 => "Non-Compliant",
2 => "Compliant",
1 => "Not Applicable"
);
/**
* Control ID
*
* @var string
*/
protected $control_id = '';
/**
* Name
*
* @var string
*/
protected $name = '';
/**
* Subject area
*
* @var string
*/
protected $sub_area = '';
/**
* Description
*
* @var string
*/
protected $desc = '';
/**
* Threat/vulnerability/countermeasures
*
* @var string
*/
protected $tvcm = '';
/**
* General implementation guide
*
* @var string
*/
protected $gimpg = '';
/**
* Resource guide
*
* @var string
*/
protected $guide = '';
/**
* Impact
*
* @var string
*/
protected $impact = '';
/**
* Array of sub ia controls
*
* @var multitype:proc_sub_ia_controls
*/
protected $subs = array();
/**
* Control Finding
*
* @var control_finding
*/
public $finding = null;
/**
* Constructor
*
* @param string $str_control_id_in
* @param string $str_name_in
* @param string $str_sub_area_in
* @param string $str_desc_in
* @param string $str_tvcm_in
* @param string $str_gimpg_in
* @param string $str_guide_in
* @param string $str_impact_in
*/
public function __construct($str_control_id_in, $str_name_in, $str_sub_area_in, $str_desc_in, $str_tvcm_in, $str_gimpg_in, $str_guide_in, $str_impact_in) {
$this->control_id = $str_control_id_in;
$this->desc = $str_desc_in;
$this->name = $str_name_in;
$this->sub_area = $str_sub_area_in;
$this->tvcm = $str_tvcm_in;
$this->gimpg = $str_gimpg_in;
$this->guide = $str_guide_in;
$this->impact = $str_impact_in;
$this->finding = new control_finding();
}
/**
* Function to get the status
*
* @param string|integer $val
* @return multitype:integer|myltitype:string
*/
public function get_Status($val) {
if (is_numeric($val)) {
return $this->FLIPPED[$val];
}
else {
return $this->STATUS[$val];
}
}
/**
* Getter function for control ID
*
* @return string
*/
public function get_Control_ID() {
return $this->control_id;
}
/**
* Setter function for control id
*
* @param string $str_control_id_in
*/
public function set_Control_ID($str_control_id_in) {
$this->control_id = $str_control_id_in;
}
/**
* Getter function for name
*
* @return string
*/
public function get_Name() {
return $this->name;
}
/**
* Setter function for name
*
* @param string $str_name_in
*/
public function set_Name($str_name_in) {
$this->name = $str_name_in;
}
/**
* Getter function for subject area
*
* @return string
*/
public function get_Subject_Area() {
return $this->sub_area;
}
/**
* Setter function for subject area
*
* @param string $str_sub_area_in
*/
public function set_Subject_Area($str_sub_area_in) {
$this->sub_area = $str_sub_area_in;
}
/**
* Getter function for description
*
* @return string
*/
public function get_Description() {
return $this->desc;
}
/**
* Setter function for description
*
* @param string $str_desc_in
*/
public function set_Description($str_desc_in) {
$this->desc = $str_desc_in;
}
/**
* Getter function for threat/vulnerability/countermeasures
*
* @return string
*/
public function get_Threat_Vul_CM() {
return $this->tvcm;
}
/**
* Setter function for threat/vulnerability/countermeasures
*
* @param string $str_tvcm_in
*/
public function set_Threat_Vul_CM($str_tvcm_in) {
$this->tvcm = $str_tvcm_in;
}
/**
* Getter function for implementation guide
*
* @return string
*/
public function get_General_Implementation_Guide() {
return $this->gimpg;
}
/**
* Setter function for implementation guide
*
* @param string $str_gimpg_in
*/
public function set_General_Implementation_Guide($str_gimpg_in) {
$this->gimpg = $str_gimpg_in;
}
/**
* Getter function for resource guide
*
* @return string
*/
public function get_Resource_Guide() {
return $this->guide;
}
/**
* Setter function for resource guide
*
* @param string $str_guide_in
*/
public function set_Resourse_Guide($str_guide_in) {
$this->guide = $str_guide_in;
}
/**
* Getter function for impact
*
* @return string
*/
public function get_Impact() {
return $this->impact;
}
/**
* Setter function for impact
*
* @param string $str_impact_in
*/
public function set_Impact($str_impact_in) {
$this->impact = $str_impact_in;
}
/**
* Getter function for sub controls
*
* @return multitype:proc_sub_ia_controls
*/
public function get_Subs() {
return $this->subs;
}
/**
* Function to add new sub controls
*
* @param proc_sub_ia_controls $sub_in
*/
public function add_Sub($sub_in) {
$this->subs[] = $sub_in;
}
/**
* Function to generate a display for procedural ops page
*
* @return string
*/
public function get_Ops_Display($odd = true) {
$status_count = array(
'Not Reviewed' => 0,
'Non-Compliant' => 0,
'Compliant' => 0,
'Not Applicable' => 0
);
$current_status = 0;
foreach ($this->subs as $key => $sub) {
if ($this->STATUS[$sub->finding->status] > $current_status) {
$current_status = $this->STATUS[$sub->finding->status];
}
$status_count[$sub->finding->status] ++;
}
$class = strtolower(str_replace(' ', '_', str_replace('-', '_', $this->FLIPPED[$current_status])));
$parent_name = str_replace('-', '_', $this->control_id);
$ret = "
" .
"" .
"
" .
"" .
"" . $this->control_id . " " . $this->name . " | " .
"" . nl2br($this->desc) . " | " .
"" . nl2br($this->gimpg) . " | " .
"" .
"Vulnerability Description: " .
" " .
"Mitigations: " .
" " .
"References: " .
" " .
"Notes: " .
"" .
" | " .
"
";
foreach ($this->subs as $key => $sub) {
$odd = !$odd;
$name = str_replace('-', '_', $sub->get_Sub_Control_ID());
$ret .= "" .
"" . $sub->get_Sub_Control_ID() . " " .
"" .
"" .
$sub->get_Name() . " | " .
"" . nl2br($sub->get_Objective()) . " | " .
"" . nl2br($sub->get_Script()) . " | " .
"" .
"Test Result: " .
" " .
"Mitigations: " .
" " .
"Milestones: " .
" " .
"References: " .
" " .
"Notes: " .
"" .
" | " .
"
";
}
return $ret;
}
/**
*
* @return string
*/
public function get_Worst_Status_String() {
$current_status = 0;
foreach ($this->subs as $key => $sub) {
if ($this->STATUS[$sub->finding->status] > $current_status) {
$current_status = $this->STATUS[$sub->finding->status];
if ($current_status == $this->STATUS['Not Reviewed']) {
break;
}
}
}
return $this->FLIPPED[$current_status];
}
}
/**
* Control Findings
*
* @author Ryan Prather
*/
class control_finding {
/**
* DB ID
*
* @var integer
*/
public $id = 0;
/**
* Associated ST&E ID
*
* @var integer
*/
public $ste_id = 0;
/**
* Control ID
*
* @var string
*/
public $control_id = '';
/**
* Vulnerability description
*
* @var string
*/
public $vul_desc = '';
/**
* Control mitigations
*
* @var string
*/
public $mitigations = '';
/**
* Control references
*
* @var string
*/
public $reference = '';
public $risk_analysis = '';
/**
* Notes
*
* @var string
*/
public $notes = '';
/**
* Tells the system that this control review is complete
*
* @var boolean
*/
public $done = false;
}
/**
* Procedural Sub IA Controls
*
* @author Ryan Prather
*
*/
class proc_sub_ia_controls {
/**
* Sub control id
*
* @var string
*/
protected $sub_control_id = '';
/**
* Name
*
* @var string
*/
protected $name = '';
/**
* Objectives
*
* @var string
*/
protected $objective = '';
/**
* Preparation
*
* @var string
*/
protected $prep = '';
/**
* Script
*
* @var script
*/
protected $script = '';
/**
* Expected Results
*
* @var string
*/
protected $expected_results = '';
/**
* Procedural finding with notes
*
* @var proc_finding
*/
public $finding = null;
/**
* Constructor
*
* @param string $str_sub_control_id_in
* @param string $str_name_in
* @param string $str_obj_in
* @param string $str_prep_in
* @param string $str_script_in
* @param string $str_exp_results_in
*/
public function __construct($str_sub_control_id_in, $str_name_in, $str_obj_in, $str_prep_in, $str_script_in, $str_exp_results_in) {
$this->sub_control_id = $str_sub_control_id_in;
$this->name = $str_name_in;
$this->objective = $str_obj_in;
$this->prep = $str_prep_in;
$this->script = $str_script_in;
$this->expected_results = $str_exp_results_in;
$this->finding = new proc_finding();
}
/**
* Getter function for sub control id
*
* @return string
*/
public function get_Sub_Control_ID() {
return $this->sub_control_id;
}
/**
* Setter function for sub control id
*
* @param string $str_sub_control_id_in
*/
public function set_Sub_Control_ID($str_sub_control_id_in) {
$this->sub_control_id = $str_sub_control_id_in;
}
/**
* Getter function for name
*
* @return string
*/
public function get_Name() {
return $this->name;
}
/**
* Setter function for name
*
* @param string $str_name_in
*/
public function set_Name($str_name_in) {
$this->name = $str_name_in;
}
/**
* Getter function for objectives
*
* @return string
*/
public function get_Objective() {
return $this->objective;
}
/**
* Setter function for objective
*
* @param string $str_obj_in
*/
public function set_Objective($str_obj_in) {
$this->objective = $str_obj_in;
}
/**
* Getter function for preparations
*
* @return string
*/
public function get_Preparation() {
return $this->prep;
}
/**
* Setter function fore preparations
*
* @param string $str_prep_in
*/
public function set_Preparation($str_prep_in) {
$this->prep = $str_prep_in;
}
/**
* Getter function for script
*
* @return string
*/
public function get_Script() {
return $this->script;
}
/**
* Setter function for script
*
* @param string $str_script_in
*/
public function set_Script($str_script_in) {
$this->script = $str_script_in;
}
/**
* Getter function for expected results
*
* @return string
*/
public function get_Expected_Results() {
return $this->expected_results;
}
/**
* Setter function for expected results
*
* @param string $str_exp_results_in
*/
public function set_Expected_Results($str_exp_results_in) {
$this->expected_results = $str_exp_results_in;
}
}
/**
* Procedural findings
*
* @author Ryan Prather
*
*/
class proc_finding {
/**
* Finding ST&E ID
*
* @var integer
*/
public $ste_id = 0;
/**
* Finding control id
*
* @var string
*/
public $control_id = '';
/**
* Finding Status
*
* @var string
*/
public $status = '';
/**
* Finding compliance statement
*
* @var string
*/
public $test_result = '';
/**
* Finding mitigations
*
* @var string
*/
public $mitigation = '';
/**
* Finding milestones
*
* @var string
*/
public $milestone = '';
/**
* Finding reference
*
* @var string
*/
public $reference = '';
/**
* Finding notes
*
* @var string
*/
public $notes = '';
}