Ryan Prather
21082c7513
finding.inc - removed ID property to prevent duplicate findings from being added to the table host_list.inc - deleted unused constructor import.inc - formatting db_schema.json - removed sagacity.findings.id field (making tgt_id and pdi_id new primary keys), and updated references Database_Baseline.zip - updated routines for above change background_results.php - fixed bug #19 export-ckl.php - performance adjustments parse_excel_echecklist.php - performance improvements, ensure duplicate findings are not created, make eChecklist true status, update for removing findings.id field parse_nvd_json_cve.php - convert reading json to array instead of object for reading CPEs (which were updated to CPE 2.3 instead of 2.2) parse_* - remove findings.id field database.inc - formatting, and update for removing findings.id field index.php - ensure user can't import a host list without uploading a host list file Fixed: #65, #51, #28, #27, #10
239 lines
6.8 KiB
PHP
239 lines
6.8 KiB
PHP
<?php
|
|
|
|
/**
|
|
* File: parse_mssql.php
|
|
* Author: Ryan Prather
|
|
* Purpose: Parse MSSQL SRR result files
|
|
* Created: Jan 15, 2015
|
|
*
|
|
* Portions Copyright 2016: Cyber Perspectives, All rights reserved
|
|
* Released under the Apache v2.0 License
|
|
*
|
|
* Portions Copyright (c) 2012-2015, Salient Federal Solutions
|
|
* Portions Copyright (c) 2008-2011, Science Applications International Corporation (SAIC)
|
|
* Released under Modified BSD License
|
|
*
|
|
* See license.txt for details
|
|
*
|
|
* Change Log:
|
|
* - Jan 15, 2015 - File created
|
|
* - Sep 1, 2016 - Copyright Updated, added CWD parameter,
|
|
* added file purpose, and updated functions after class merger
|
|
* - Oct 24, 2016 - Updated class extension after rename from XMLParser to scan_xml_parser
|
|
* - Mar 4, 2017 - Removed Thread class calls
|
|
*/
|
|
$cmd = getopt("f:s:d:", array('debug::', 'help::'));
|
|
|
|
if (!isset($cmd['f']) || !isset($cmd['s']) || isset($cmd['help'])) {
|
|
usage();
|
|
exit;
|
|
}
|
|
|
|
chdir($cmd['d']);
|
|
|
|
include_once 'config.inc';
|
|
include_once 'helper.inc';
|
|
include_once 'xml_parser.inc';
|
|
|
|
chdir(DOC_ROOT . "/tmp");
|
|
set_time_limit(0);
|
|
|
|
$base_name = basename($cmd['f']);
|
|
|
|
$db = new db();
|
|
|
|
class mssql_parser extends scan_xml_parser {
|
|
|
|
var $tgt;
|
|
var $tag;
|
|
var $schema;
|
|
var $vms;
|
|
var $stig;
|
|
var $status;
|
|
var $notes;
|
|
|
|
public function __construct($ste_id_in, $fname_in) {
|
|
parent::__construct($this, $ste_id_in, $fname_in);
|
|
$this->host_list = array();
|
|
$this->count = 0;
|
|
$this->db->update_Running_Scan($this->scan->get_File_Name(), array('name' => 'pid', 'value' => getmypid()));
|
|
}
|
|
|
|
public function IMPORT_FILE_ASSET($attrs) {
|
|
$this->tag = array();
|
|
}
|
|
|
|
public function IMPORT_FILE_ASSET_ASSET_ID($attrs) {
|
|
if (isset($attrs['TYPE'])) {
|
|
$this->tag_id = str_replace(" ", "_", $attrs['TYPE']);
|
|
}
|
|
else {
|
|
$this->tag_id = null;
|
|
}
|
|
}
|
|
|
|
public function IMPORT_FILE_ASSET_ASSET_ID_data($data) {
|
|
if ($this->tag_id == "IP_ADDRESS") {
|
|
if (preg_match("/\./", $data)) {
|
|
$this->tag_id = "IP4_ADDRESS";
|
|
}
|
|
elseif (preg_match("/\:/", $data)) {
|
|
$this->tag_id = "IP6_ADDRESS";
|
|
}
|
|
}
|
|
|
|
$this->tag[$this->tag_id] = $data;
|
|
}
|
|
|
|
public function IMPORT_FILE_ASSET_ELEMENT($attrs) {
|
|
// finished ingesting the target data...need to check for target existence
|
|
if ($tgt_id = $this->db->check_Target($this->ste_id, $this->tag['HOST_NAME'])) {
|
|
$this->tgt = $this->db->get_Target_Details($this->ste_id, $tgt_id)[0];
|
|
}
|
|
elseif (isset($this->tag['IP4_ADDRESS']) && $tgt_id = $this->db->check_Target($this->ste_id, $this->tag['IP4_ADDRESS'])) {
|
|
$this->tgt = $this->db->get_Target_Details($this->ste_id, $tgt_id)[0];
|
|
}
|
|
else {
|
|
$this->tgt = new target($this->tag['HOST_NAME']);
|
|
$this->tgt->set_STE_ID($this->ste_id);
|
|
|
|
$sw = new software("cpe:/o:generic:generic:-");
|
|
$os = $this->db->get_Software($sw)[0];
|
|
|
|
$this->tgt->set_OS_ID($os->get_ID());
|
|
|
|
if (isset($this->tag['IP4_ADDRESS'])) {
|
|
$int = new interfaces(null, null, null, $this->tag['IP4_ADDRESS'], null, $this->tag['HOST_NAME'], $this->tag['HOST_NAME'], null);
|
|
$this->tgt->interfaces[] = $int;
|
|
}
|
|
|
|
if (isset($this->tag['IP6_ADDRESS'])) {
|
|
$int = new interfaces(null, null, null, null, $this->tag['IP6_ADDRESS'], $this->tag['HOST_NAME'], $this->tag['HOST_NAME'], null);
|
|
$this->tgt->interfaces[] = $int;
|
|
}
|
|
|
|
$this->db->save_Target($this->tgt);
|
|
}
|
|
}
|
|
|
|
public function IMPORT_FILE_ASSET_TARGET($attrs) {
|
|
$this->updated_findings = array();
|
|
$this->new_findings = array();
|
|
$this->schema = null;
|
|
}
|
|
|
|
public function IMPORT_FILE_ASSET_TARGET_IDENTIFIER_data($data) {
|
|
$this->schema = $data;
|
|
}
|
|
|
|
public function IMPORT_FILE_ASSET_TARGET_FINDING($attrs) {
|
|
$this->vms = null;
|
|
$this->stig = null;
|
|
$this->notes = null;
|
|
$this->status = "Not Reviewed";
|
|
}
|
|
|
|
public function IMPORT_FILE_ASSET_TARGET_FINDING_FINDING_ID_data($data) {
|
|
$vms_id = preg_replace("/V0+/", "V-", $data);
|
|
$vms = $this->db->get_GoldDisk($vms_id);
|
|
|
|
if (is_array($vms) && count($vms) && isset($vms[0]) && is_a($vms[0], 'golddisk')) {
|
|
$this->vms = $vms[0];
|
|
}
|
|
else {
|
|
$this->log->script_log("VMS $vms_id not found", E_WARNING);
|
|
$this->skip = true;
|
|
return;
|
|
}
|
|
|
|
if (!empty($this->vms)) {
|
|
$this->stig = $this->db->get_STIG_By_PDI($this->vms->get_PDI_ID());
|
|
}
|
|
}
|
|
|
|
public function IMPORT_FILE_ASSET_TARGET_FINDING_FINDING_STATUS_data($data) {
|
|
if ($data == "O") {
|
|
$this->status = "Open";
|
|
}
|
|
elseif ($data == "NF") {
|
|
$this->status = "Not a Finding";
|
|
}
|
|
else {
|
|
$this->status = "Not Reviewed";
|
|
}
|
|
}
|
|
|
|
public function IMPORT_FILE_ASSET_TARGET_FINDING_FINDING_DETAILS_data($data) {
|
|
if (!empty($this->schema)) {
|
|
$this->notes = $this->schema . " - " . $data;
|
|
}
|
|
else {
|
|
$this->notes = $data;
|
|
}
|
|
}
|
|
|
|
public function IMPORT_FILE_ASSET_TARGET_FINDING_end() {
|
|
if ($this->skip) {
|
|
$this->skip = false;
|
|
return;
|
|
}
|
|
|
|
// check for finding
|
|
$finding = $this->db->get_Finding($this->tgt, $this->stig);
|
|
if (is_array($finding) && count($finding)) {
|
|
/** @var finding $finding */
|
|
$finding = $finding[0];
|
|
|
|
$finding->prepend_Notes("(MSSQL) " . $this->notes);
|
|
if ($finding->get_Finding_Status_String() != "Not Reviewed" && $finding->get_Finding_Status_String() != $this->status) {
|
|
$finding->set_Finding_Status_By_String(
|
|
$finding->get_Deconflicted_Status($this->status)
|
|
);
|
|
}
|
|
else {
|
|
$finding->set_Finding_Status_By_String($this->status);
|
|
}
|
|
|
|
$this->updated_findings[$finding->get_PDI_ID()] = $finding;
|
|
}
|
|
else {
|
|
$finding = new finding($this->tgt->get_ID(), $this->stig->get_PDI_ID(), $this->scan->get - ID(), $this->status, $this->notes, finding::NC, "MSSQL", 1);
|
|
|
|
$this->new_findings[$this->stig->get_PDI_ID()] = $finding;
|
|
}
|
|
// if present in $new_findings, append notes
|
|
// if present in $updated_findings, ? check for notes?
|
|
}
|
|
|
|
public function IMPORT_FILE_ASSET_TARGET_end() {
|
|
$this->db->add_Findings_By_Target($this->updated_findings, $this->new_findings);
|
|
}
|
|
|
|
}
|
|
|
|
$xml = new mssql_parser($cmd['s'], $cmd['f']);
|
|
$xml->debug = (isset($cmd['debug']) ? true : false);
|
|
//Enter xml code here
|
|
$xml->parse();
|
|
|
|
if (!$xml->debug) {
|
|
rename($cmd['f'], DOC_ROOT . "/tmp/mssql/" . $base_name);
|
|
}
|
|
|
|
$db->update_Running_Scan($base_name, array("name" => "perc_comp", "value" => 100, "complete" => 1));
|
|
|
|
function usage() {
|
|
print <<<EOO
|
|
Purpose: To import the MSSQL SRR result file from DISA
|
|
|
|
Usage: php parse_mssql.php -s={ST&E ID} -f={result file} [--debug] [--help]
|
|
|
|
-s={ST&E ID} The ST&E ID this result file is being imported for
|
|
-f={result file} The result file to import
|
|
|
|
--debug Debugging output
|
|
--help This screen
|
|
|
|
EOO;
|
|
}
|