get_STE(); if ($action) { if ($action == 'move_to') { $sel_tgts = json_decode(html_entity_decode(filter_input(INPUT_POST, 'selected_tgts', FILTER_SANITIZE_STRING))); $db->move_Tgt_To_Cat($sel_tgts, filter_input(INPUT_POST, 'move_to_cat', FILTER_VALIDATE_INT)); } elseif ($action == 'save_cat') { $existing_cat = filter_input(INPUT_POST, 'selected_cat', FILTER_VALIDATE_INT); $new_cat_name = filter_input(INPUT_POST, 'new_cat_name', FILTER_SANITIZE_STRING); $analyst = filter_input(INPUT_POST, 'analyst', FILTER_SANITIZE_STRING); $cat = new ste_cat($existing_cat, $ste_id, $new_cat_name, $analyst); $sources = filter_input(INPUT_POST, 'scan_sources', FILTER_VALIDATE_INT, FILTER_REQUIRE_ARRAY); if (is_array($sources) && count($sources)) { foreach ($sources as $src_id) { $cat->add_Source($db->get_Sources($src_id)); } } $db->save_Category($cat); } elseif ($action == 'add_cat') { $name = filter_input(INPUT_POST, 'new_cat', FILTER_SANITIZE_STRING); $sources = filter_input(INPUT_POST, 'scan_sources', FILTER_VALIDATE_INT, FILTER_REQUIRE_ARRAY); $ste_cat = new ste_cat(null, $ste_id, $name, null); if (is_array($sources) && count($sources)) { foreach ($sources as $idx => $id) { $ste_cat->add_Source($db->get_Sources($id)); } } $db->save_Category($ste_cat); } elseif ($action == 'update_auto' || $action == 'update_manual' || $action == 'update_data' || $action == 'update_fp_cat1') { $sel_tgts = json_decode(html_entity_decode(filter_input(INPUT_POST, 'selected_tgts', FILTER_SANITIZE_STRING))); $new_status = filter_input(INPUT_POST, 'new_status', FILTER_SANITIZE_STRING); $db->update_Task_Status($action, $sel_tgts, $new_status); } elseif ($action == 'assign') { $cat_id = filter_input(INPUT_POST, 'cat_id', FILTER_VALIDATE_INT); $analyst = filter_input(INPUT_POST, 'analyst', FILTER_SANITIZE_STRING); $db->assign_Analyst_To_Category($cat_id, $analyst); } elseif ($action == 'autocat') { $db->auto_Catorgize_Targets($ste_id); } elseif ($action == 'import_host_list') { $file = filter_input(INPUT_POST, 'file', FILTER_SANITIZE_STRING, FILTER_NULL_ON_FAILURE); if (file_exists(TMP . "/$file")) { $fh = fopen(TMP . "/$file", "r"); $header = array_flip(array_map('strtolower', fgetcsv($fh))); if ((isset($header['hostname']) || isset($header['name'])) && isset($header['ip']) && isset($header['os']) && isset($header['category'])) { while ($row = fgetcsv($fh)) { if (count($row) >= 4) { $tgt_id = 0; if (isset($header['name'])) { $tgt_id = $db->check_Target($ste_id, $row[$header['name']]); } if (empty($tgt_id) && isset($header['hostname'])) { $tgt_id = $db->check_Target($ste_id, $row[$header['hostname']]); } if (empty($tgt_id) && isset($row[$header['ip']])) { foreach (explode(",", $row[$header['ip']]) as $ip) { if ($tgt_id = $db->check_Target($ste_id, $ip)) { break; } } } if (!empty($tgt_id)) { continue; //$tgt = $db->get_Target_Details($ste_id, $tgt_id)[0]; } else { $tgt = new target((isset($header['name']) ? $row[$header['name']] : $row[$header['hostname']])); $tgt->set_STE_ID($ste_id); } $os_regex = $db->get_Regex_Array('os'); if (substr($row[$header['os']], 0, 7) == 'cpe:2.3') { $os = array(0 => new software(null, $row[$header['os']])); } elseif (substr($row[$header['os']], 0, 3) == 'cpe') { $os = array(0 => new software($row[$header['os']], null)); } else { $os = software::identify_Software($os_regex, $row[$header['os']]); } $os = $db->get_Software($os); if (is_array($os) && count($os) && isset($os[0]) && is_a($os[0], 'software')) { $tgt->set_OS_ID($os[0]->get_ID()); $tgt->set_OS_String($os[0]->get_Shortened_SW_String()); } else { $sw = new software("cpe:/o:generic:generic:-", "cpe:2.3:o:generic:generic:-:*:*:*:*:*:*"); $os = $db->get_Software($sw)[0]; $tgt->set_OS_ID($os->get_ID()); $tgt->set_OS_String($os->get_Shortened_SW_String()); } foreach (explode(',', $row[$header['ip']]) as $ip) { $tgt->interfaces[$ip] = new interfaces(null, null, null, $ip, null, $row[$header['hostname']], (isset($header['fqdn']) ? $row[$header['fqdn']] : null), null); } if (!empty($row[$header['category']])) { $ste_cat = $db->get_STE_Cat_List($ste_id, $row[$header['category']]); if (is_array($ste_cat) && count($ste_cat) && isset($ste_cat[0]) && is_a($ste_cat[0], 'ste_cat')) { $tgt->set_Cat_ID($ste_cat[0]->get_ID()); } else { $ste_cat = new ste_cat(null, $ste_id, $row[$header['category']], null); $ste_cat->set_ID($db->save_Category($ste_cat)); $tgt->set_Cat_ID($ste_cat->get_ID()); } } $db->save_Target($tgt); } } } fclose($fh); unlink(TMP . "/$file"); } } } if ($ste_id) { $cats = $db->get_STE_Cat_List($ste_id); } $task_status = $db->get_Task_Statuses(); $scan_srcs = $db->get_Sources(); ?>
ST&E Name:
Name OS Location
' />
' />
' />
' />
Scans Checklists Notes
get_Unassigned_Targets($ste_id); $odd = true; if (is_array($tgts) && count($tgts)) { $cat = new ste_cat(0, $ste_id, "Unassigned", null); print $cat->get_Table_Row(count($tgts)); foreach ($tgts as $key => $tgt) { $tgt->get_Table_Row($odd); $odd = !$odd; } } foreach ($cats as $cat) { $nr = $db->get_Finding_Count_By_Status($cat->get_ID(), "Not Reviewed"); $na = $db->get_Finding_Count_By_Status($cat->get_ID(), "Not Applicable"); $nf = $db->get_Finding_Count_By_Status($cat->get_ID(), "Not a Finding"); $open = $db->get_Finding_Count_By_Status($cat->get_ID(), "Open"); $count = $db->get_STE_Cat_TGT_Count($cat->get_ID()); print $cat->get_Table_Row($count, [ "open" => $open, "nf" => $nf, "na" => $na, "nr" => $nr ]); } } else { print "
No ST&E selected
"; } ?>
' /> Move to category:
New Name:
Analyst:

Category Name:

' />