134 lines
4.8 KiB
PHP
134 lines
4.8 KiB
PHP
<?php
|
|
|
|
/**
|
|
* File: create_risk_assessment.php
|
|
* Author: Ryan Prather
|
|
* Purpose: File to create a final risk assessment output file
|
|
* Created: Oct 20, 2014
|
|
*
|
|
* Portions Copyright (c) 2012-2015, Salient Federal Solutions
|
|
* Portions Copyright (c) 2008-2011, Science Applications International Corporation (SAIC)
|
|
* Released under Modified BSD License
|
|
*
|
|
* See license.txt for details
|
|
*
|
|
* Change Log:
|
|
* - Oct 20, 2014 - File created
|
|
*/
|
|
$cmd = getopt("s:", array("debug::"));
|
|
|
|
if (isset($cmd['debug'])) {
|
|
$path = realpath("/Users/pratherr/workspace/web/exec");
|
|
}
|
|
else {
|
|
$path = realpath("/xampp/www/exec");
|
|
}
|
|
|
|
chdir($path);
|
|
|
|
set_time_limit(0);
|
|
set_include_path(get_include_path());
|
|
|
|
include_once 'database.inc';
|
|
include_once 'helper.inc';
|
|
|
|
$db = new db();
|
|
$log = new Sagacity_Error("Create_Risk_Assessment.log");
|
|
|
|
$ste = $db->get_STE($cmd['s'])[0];
|
|
$sys = $db->get_System_By_STE_ID($cmd['s']);
|
|
$site = $db->get_Site_By_STE_ID($cmd['s']);
|
|
$tgts = $db->get_Target_Details($cmd['s']);
|
|
|
|
$xml = new DOMDocument();
|
|
$pi = $xml->createProcessingInstruction("xml-stylesheet", 'type="text/xsl" href="diacap.xsl"');
|
|
$xml->appendChild($pi);
|
|
|
|
$xml->appendChild($report = xml_helper($xml, 'report'));
|
|
$report->appendChild($ste_node = xml_helper($xml, "ste", null, false, array(
|
|
'start_date' => $ste->get_Eval_Start_Date()->format("Y-m-d"),
|
|
'end_date' => $ste->get_Eval_End_Date()->format("Y-m-d"),
|
|
'status' => $ste->get_Status(),
|
|
'ao' => $ste->get_AO(),
|
|
'proc_checklist_fname' => "Procedural-eChecklist-" . $ste->get_ID() . ".xlsx"
|
|
)));
|
|
$ste_node->appendChild(xml_helper($xml, "recommendations", $ste->get_Recommendations(), true));
|
|
$ste_node->appendChild(xml_helper($xml, "conclusion", $ste->get_Conclusions(), true));
|
|
$ste_node->appendChild(xml_helper($xml, "constraints", $ste->get_Constraints(), true));
|
|
$ste_node->appendChild(xml_helper($xml, "assumptions", $ste->get_Assumptions(), true));
|
|
$ste_node->appendChild(xml_helper($xml, "residual_risk", $ste->get_Residual_Risk(), true));
|
|
$ste_node->appendChild(xml_helper($xml, "deviations", $ste->get_Deviations(), true));
|
|
$ste_node->appendChild(xml_helper($xml, "scope", $ste->get_Scope(), true));
|
|
|
|
$ste_node->appendChild($team = xml_helper($xml, "ste_team"));
|
|
foreach ($ste->get_STE_Team() as $key => $people) {
|
|
$team->appendChild(xml_helper($xml, "member", null, false, array(
|
|
'name' => $people->name,
|
|
'org' => $people->org,
|
|
'phone' => $people->phone,
|
|
'position' => $people->position
|
|
)));
|
|
}
|
|
|
|
$report->appendChild($sys_node = xml_helper($xml, "system", null, false, array(
|
|
'name' => $sys->get_Name(),
|
|
'class' => $sys->get_Classification(),
|
|
'mac' => $sys->get_MAC()
|
|
)));
|
|
$sys_node->appendChild(xml_helper($xml, "description", $sys->get_Description(), true));
|
|
$sys_node->appendChild(xml_helper($xml, "executive_summary", $sys->get(), true));
|
|
|
|
$report->appendchild(xml_helper($xml, "site", null, false, array(
|
|
'name' => $site->get_Name(),
|
|
'address' => $site->get_Address(),
|
|
'city' => $site->get_City(),
|
|
'state' => $site->get_State(),
|
|
'zip' => $site->get_Zip(),
|
|
'country' => $site->get_Country(),
|
|
'poc_name' => $site->get_POC_Name(),
|
|
'poc_email' => $site->get_POC_Email(),
|
|
'poc_phone' => $site->get_POC_Phone()
|
|
)));
|
|
|
|
$report->appendChild($targets = xml_helper($xml, "targets"));
|
|
|
|
foreach ($tgts as $key => $tgt) {
|
|
$os = $db->get_Software($tgt->get_OS_ID())[0];
|
|
$targets->appendChild($tgt_node = xml_helper($xml, "target", null, false, array(
|
|
'name' => $tgt->get_Name(),
|
|
'os' => $os->get_Man() . " " . $os->get_Name() . " " . $os->get_Version()
|
|
)));
|
|
|
|
foreach ($tgt->interfaces as $key => $int) {
|
|
if (false) {
|
|
$int = new interfaces();
|
|
}
|
|
$tgt_node->appendChild(xml_helper($xml, "interface", null, false, array(
|
|
'name' => $int->get_Name(),
|
|
'hostname' => $int->get_Hostname(),
|
|
'ipv4' => $int->get_IPv4(),
|
|
'ipv6' => $int->get_IPv6(),
|
|
'fqdn' => $int->get_FQDN()
|
|
)));
|
|
}
|
|
}
|
|
|
|
$report->appendChild($ia_node = xml_helper($xml, "ia_controls"));
|
|
|
|
$proc = $db->get_Proc_IA_Controls($ste);
|
|
foreach ($proc as $key => $ia) {
|
|
$ia_node->appendChild($node = xml_helper($xml, "ia_control", null, false, array(
|
|
'id' => $ia->get_Control_ID(),
|
|
'name' => $ia->get_Name(),
|
|
'status' => $ia->get_Worst_Status_String()
|
|
)));
|
|
|
|
$node->appendChild(xml_helper($xml, "vuln_desc", $ia->finding->vul_desc, true));
|
|
$node->appendChild(xml_helper($xml, "mitigations", $ia->finding->mitigations, true));
|
|
$node->appendChild(xml_helper($xml, "references", $ia->finding->reference, true));
|
|
$node->appendChild(xml_helper($xml, "notes", $ia->finding->notes, true));
|
|
}
|
|
|
|
$xml->formatOutput = true;
|
|
$xml->save("../report/" . $sys->get_Name() . "_" . $site->get_Name() . "_" . $ste->get_Eval_Start_Date()->format("Y_m_d") . ".xml");
|