From 71229fb0d7e1ff68ab89d4c1a389bd2c42b48957 Mon Sep 17 00:00:00 2001 From: DaleBinghamSoteriaSoft Date: Sun, 5 Nov 2023 11:58:48 -0500 Subject: [PATCH] Additional Reports and What's New --- help/_site/assets/js/search-data.json | 2 +- help/_site/whatsnew.html | 2 +- help/whatsnew.md | 4 +- js/openrmf.js | 110 +++++++-- reports/checklistactivity.html | 256 +++++++++++++++++++ reports/checklistupgrades.html | 265 ++++++++++++++++++++ reports/index.html | 2 - reports/vulnerabilityoverride.html | 299 +++++++++++++++++++++++ reports/vulnerabilitystatusseverity.html | 2 +- 9 files changed, 912 insertions(+), 30 deletions(-) create mode 100644 reports/checklistactivity.html create mode 100644 reports/checklistupgrades.html create mode 100644 reports/vulnerabilityoverride.html diff --git a/help/_site/assets/js/search-data.json b/help/_site/assets/js/search-data.json index 8573eac..fe33751 100644 --- a/help/_site/assets/js/search-data.json +++ b/help/_site/assets/js/search-data.json @@ -355,7 +355,7 @@ },"59": { "doc": "What's New in v1.10", "title": "Version 1.10 (Performance, Reports, Fixes and Updated Templates)", - "content": "Version 1.9 has the following added features and fixes: . | Sped up reports using AJAX calls to load some tables versus “foreach” Javascript | Added indexes on certain fields for speeding up the listing and searching of data in 5 MongoDB databases | Added a report to list vulnerabilities by status and severity options | Added a report to show activity on checklists for age and stale data | Added a report to show all Vulnerabilities with severity override set | Added a report to list all Checklists that require an Update | Fix for Empty Comments / Details not saved on Checklists | Fix for Apostrophe and special HTML characters being escaped in data on textboxes | Fix for matching SCAP to Checklists on certain changed DISA templates | Latest DISA Templates as of November 4, 2023 | . ", + "content": "Version 1.9 has the following added features and fixes: . | Sped up reports using AJAX calls to load some tables versus “foreach” Javascript | Added indexes on certain fields for speeding up the listing and searching of data in 5 MongoDB databases | Added a report to list vulnerabilities by status and severity options | Added a report to show activity on checklists for age and stale data | Added a report to show all Vulnerabilities with severity override set | Added a report to list all Checklists that require an Upgrade | Fix for Empty Comments / Details not saved on Checklists | Fix for Apostrophe and special HTML characters being escaped in data on textboxes | Fix for matching SCAP to Checklists on certain changed DISA templates | Fix for Severity Override not resetting after being on a VULN record that has one, to one that does not | Remove Caching on Reporting API to show proper data after deleting checklists correctly | Latest DISA Templates as of November 4, 2023 | . ", "url": "/help/whatsnew.html#version-110-performance-reports-fixes-and-updated-templates", "relUrl": "/whatsnew.html#version-110-performance-reports-fixes-and-updated-templates" },"60": { diff --git a/help/_site/whatsnew.html b/help/_site/whatsnew.html index db54fcf..69232b6 100644 --- a/help/_site/whatsnew.html +++ b/help/_site/whatsnew.html @@ -1 +1 @@ - What's New in v1.10 - OpenRMF Docs What’s New in v1.10 | OpenRMF Docs Link Search Menu Expand Document

What’s New with OpenRMF

Please refer to the OpenRMF OSS Projects listing on GitHub for more information on feature updates and timeline.

Version 1.10 (Performance, Reports, Fixes and Updated Templates)

Version 1.9 has the following added features and fixes:

  • Sped up reports using AJAX calls to load some tables versus “foreach” Javascript
  • Added indexes on certain fields for speeding up the listing and searching of data in 5 MongoDB databases
  • Added a report to list vulnerabilities by status and severity options
  • Added a report to show activity on checklists for age and stale data
  • Added a report to show all Vulnerabilities with severity override set
  • Added a report to list all Checklists that require an Update
  • Fix for Empty Comments / Details not saved on Checklists
  • Fix for Apostrophe and special HTML characters being escaped in data on textboxes
  • Fix for matching SCAP to Checklists on certain changed DISA templates
  • Latest DISA Templates as of November 4, 2023

Version 1.9

Version 1.9 has the following feature updates:

  • Fix for SCAP Scans featuring enhanced information from SCC tool
  • Fix for hostname filter to be case insensitive on system package checklist listing
  • Allow searching Vulnerability from Reports with a partial VULN ID match
  • Updated base container images for vulnerability fixes
  • latest DISA templates (480) for SCAP scan matching up to March 08, 2023
  • support for podman and podman-compose
  • use of docker compose versus docker-compose in scripts

BREAKING CHANGE of Keycloak 20 with new configuration, all under a single port 8080 / 8443 BREAKING CHANGE of Grafana under a single port 8080 / 8443

Version 1.8.2

Version 1.8.2 has the latest DISA templates (460) for SCAP scan matching up to August 28, 2022 as well as updated base images for web and service components for vulnerability issues.

Version 1.8.1

Version 1.8.1 had some small fixes in it immediately after v1.8 went public:

  • Fix the Nessus SCAP parser to pull results correctly
  • Fix the msg-system consolidated code from msg-checklist to score new checklists correctly
  • Please see the note on v1.8.0 release on updating the MongoDB compatibility before upgrading from 1.7.2 or earlier

Version 1.8

Version 1.8 has the latest DISA templates (438) for SCAP scan matching up to May 10, 2022 as well as the following feature updates:

  • Allow creating a new checklist from a template from the template checklist page
  • Allow removing a Nessus patch scan from a system package record
  • Updated the POAM to DoD format for use in eMASS and other applications
  • Show the checklist template version and release on the template listing page
  • Updated button help throughout
  • Updated XLSX formatting with merged cells and borders
  • Logging configurable with LOGLEVEL environment variable 0 - 5 (Trace through Critical), defaulting to Warn = 3
  • MongoDB 5.0
  • Keycloak 15.0
  • NATS 2.8
  • .NET Core 6 runtime
  • consolidated 4 APIs into 1
  • consolidated 2 MSG clients into 1

Version 1.7

Version 1.7 has the latest DISA templates for SCAP scan matching up to December 24, 2021 as well as the following feature updates:

  • updated base container image for vulnerability fixes
  • updated NGINX container for the web UI for vulnerability fixes
  • easier editing of vulnerabilities, all on one page w/o a popup
  • fixing a bug removing \n from Template formatting
  • fixing loading of HTML / XML characters in checklist details listings
  • adding the NGINX prometheus exporter for tracking metrics of the web UI
  • allow tagging of checklists (one at a time)
  • listing all templates, including internal ones from DISA’s public site
  • better formatting of plugin description for Nessus report
  • better formatting for vulnerability detail on reports and chekclist vulnerability listings

Version 1.6

Version 1.6 fixed the POSIX bug after updating to Docker Desktop where the .env file and APIs read the environment variables but they had a “-“ in them. That was breaking it.

Version 1.5.4

Version 1.5.4 added the updated DISA Templates from April 27 and April 28 2021. These allow you to match on SCAP scan uploads to automatically create checklists.

Version 1.5.3

Version 1.5.3 included these updates:

  • Keycloak v 12.0.3 OpenRMF Theme
  • Download All CKL into ZIP for a System Package
  • Merge POAM and RAR fields into one for XLSX download
  • Table cell click for filtering Checklists and Templates Vulnerabilities listing
  • Color code reports for status
  • Improved UI on messaging and spacing
  • Various small bug fixes

Version 1.5.2

Version 1.5.2 included one update:

  • Update to Keycloak v 12.0.3
  • Fix for Keycloak Windows-based realm creation script

Version 1.5.1

Version 1.5.1 included a few updated features:

  • Updated base image and application container image to use Alpine and self-contained application executables for reduced scanning surface and size
  • Bug fix for the Reporting when you upgrade to a new STIG Checklist release with changing Vulnerability IDs
  • Auto-logoff after 15 minutes
  • Auto-refresh of the Keycloak token when on a page longer than 5 minutes

Version 1.4

Version 1.4 included one added feature:

  • Feature #216: Ability to upload OpenSCAP results XCCDF XML file to create Checklists, along with Nessus and DISA SCAP XCCDF XML results

Version 1.3.2

Version 1.3.2 was a bug fix release primarily as outlined below:

  • Fix score calculation bug #213 on checklists for Not a Finding counts
  • Added additional DISA public STIG Templates

Version 1.3.1

Version 1.3.1 was a bug fix release primarily as outlined below:

  • Fix a bug #203 on CAT 3 checklist Not a Finding counts not matching the checklist file
  • Updated to the Jan 22, 2021 DISA public STIG templates

Version 1.3

Version 1.3 was a bug fix release primarily as outlined below:

  • Display the status of the vulnerability in the checklist/template view
  • Scoring a checklist now uses the Severity Override as the severity if it is filled in (API and MSG client)
  • Fixed a bug in the low/moderate/high loading of NIST 800.53 Controls
  • Fixed a bug where PII controls are always used in the Compliance engine – now only if the checkbox is set

Version 1.2

Version 1.2 was also a security fix primarily with some updated functionality as outlined below:

  • .NET Core 3.1 update with Debian 10 based containers
  • Updated .NET Core 3.1 components such as Jaeger client, Swashbuckle, etc.
  • Keycloak 10 upgrade from 7.0
  • Keycloak theme for OpenRMF for seamless look-and-feel interaction
  • Header Security fixes from an active scan of the web application
  • Compliance Summary buttons are interactive for filtering now
  • Help documentation is now local to the application, not up on github.io pages

Version 1.1

Version 1.1 was a security fix primarily with some updated functionality as outlined below:

  • Rootless containers for APIs, messages, NGINX, and MongoDB databases
  • Updated jQuery, File Upload, Bootstrap and other JS components
  • Security Fixes from an active scan of the web application
  • Upload an existing checklist for a given checklist type and host = update the info (it was just duplicating the information)
  • Allow Bulk Edits on Vulnerabilities across similar checklist types within a System grouping
  • Container “restart: always” on the Docker Compose file
  • All CSS, HTML, JS are local not reaching out over the public Internet

Version 1.0

Version 1.0 of OpenRMF Core has these updates below:

  • Fixing a bug on the Web UI updating Vulnerabilities via the web form in a checklist
  • Updating the version descriptions to 1.0 throughout the codebase

Copyright © 2020 Cingulara and Tutela. Distributed by openrmf.io.

+ What's New in v1.10 - OpenRMF Docs What’s New in v1.10 | OpenRMF Docs Link Search Menu Expand Document

What’s New with OpenRMF

Please refer to the OpenRMF OSS Projects listing on GitHub for more information on feature updates and timeline.

Version 1.10 (Performance, Reports, Fixes and Updated Templates)

Version 1.9 has the following added features and fixes:

  • Sped up reports using AJAX calls to load some tables versus “foreach” Javascript
  • Added indexes on certain fields for speeding up the listing and searching of data in 5 MongoDB databases
  • Added a report to list vulnerabilities by status and severity options
  • Added a report to show activity on checklists for age and stale data
  • Added a report to show all Vulnerabilities with severity override set
  • Added a report to list all Checklists that require an Upgrade
  • Fix for Empty Comments / Details not saved on Checklists
  • Fix for Apostrophe and special HTML characters being escaped in data on textboxes
  • Fix for matching SCAP to Checklists on certain changed DISA templates
  • Fix for Severity Override not resetting after being on a VULN record that has one, to one that does not
  • Remove Caching on Reporting API to show proper data after deleting checklists correctly
  • Latest DISA Templates as of November 4, 2023

Version 1.9

Version 1.9 has the following feature updates:

  • Fix for SCAP Scans featuring enhanced information from SCC tool
  • Fix for hostname filter to be case insensitive on system package checklist listing
  • Allow searching Vulnerability from Reports with a partial VULN ID match
  • Updated base container images for vulnerability fixes
  • latest DISA templates (480) for SCAP scan matching up to March 08, 2023
  • support for podman and podman-compose
  • use of docker compose versus docker-compose in scripts

BREAKING CHANGE of Keycloak 20 with new configuration, all under a single port 8080 / 8443 BREAKING CHANGE of Grafana under a single port 8080 / 8443

Version 1.8.2

Version 1.8.2 has the latest DISA templates (460) for SCAP scan matching up to August 28, 2022 as well as updated base images for web and service components for vulnerability issues.

Version 1.8.1

Version 1.8.1 had some small fixes in it immediately after v1.8 went public:

  • Fix the Nessus SCAP parser to pull results correctly
  • Fix the msg-system consolidated code from msg-checklist to score new checklists correctly
  • Please see the note on v1.8.0 release on updating the MongoDB compatibility before upgrading from 1.7.2 or earlier

Version 1.8

Version 1.8 has the latest DISA templates (438) for SCAP scan matching up to May 10, 2022 as well as the following feature updates:

  • Allow creating a new checklist from a template from the template checklist page
  • Allow removing a Nessus patch scan from a system package record
  • Updated the POAM to DoD format for use in eMASS and other applications
  • Show the checklist template version and release on the template listing page
  • Updated button help throughout
  • Updated XLSX formatting with merged cells and borders
  • Logging configurable with LOGLEVEL environment variable 0 - 5 (Trace through Critical), defaulting to Warn = 3
  • MongoDB 5.0
  • Keycloak 15.0
  • NATS 2.8
  • .NET Core 6 runtime
  • consolidated 4 APIs into 1
  • consolidated 2 MSG clients into 1

Version 1.7

Version 1.7 has the latest DISA templates for SCAP scan matching up to December 24, 2021 as well as the following feature updates:

  • updated base container image for vulnerability fixes
  • updated NGINX container for the web UI for vulnerability fixes
  • easier editing of vulnerabilities, all on one page w/o a popup
  • fixing a bug removing \n from Template formatting
  • fixing loading of HTML / XML characters in checklist details listings
  • adding the NGINX prometheus exporter for tracking metrics of the web UI
  • allow tagging of checklists (one at a time)
  • listing all templates, including internal ones from DISA’s public site
  • better formatting of plugin description for Nessus report
  • better formatting for vulnerability detail on reports and chekclist vulnerability listings

Version 1.6

Version 1.6 fixed the POSIX bug after updating to Docker Desktop where the .env file and APIs read the environment variables but they had a “-“ in them. That was breaking it.

Version 1.5.4

Version 1.5.4 added the updated DISA Templates from April 27 and April 28 2021. These allow you to match on SCAP scan uploads to automatically create checklists.

Version 1.5.3

Version 1.5.3 included these updates:

  • Keycloak v 12.0.3 OpenRMF Theme
  • Download All CKL into ZIP for a System Package
  • Merge POAM and RAR fields into one for XLSX download
  • Table cell click for filtering Checklists and Templates Vulnerabilities listing
  • Color code reports for status
  • Improved UI on messaging and spacing
  • Various small bug fixes

Version 1.5.2

Version 1.5.2 included one update:

  • Update to Keycloak v 12.0.3
  • Fix for Keycloak Windows-based realm creation script

Version 1.5.1

Version 1.5.1 included a few updated features:

  • Updated base image and application container image to use Alpine and self-contained application executables for reduced scanning surface and size
  • Bug fix for the Reporting when you upgrade to a new STIG Checklist release with changing Vulnerability IDs
  • Auto-logoff after 15 minutes
  • Auto-refresh of the Keycloak token when on a page longer than 5 minutes

Version 1.4

Version 1.4 included one added feature:

  • Feature #216: Ability to upload OpenSCAP results XCCDF XML file to create Checklists, along with Nessus and DISA SCAP XCCDF XML results

Version 1.3.2

Version 1.3.2 was a bug fix release primarily as outlined below:

  • Fix score calculation bug #213 on checklists for Not a Finding counts
  • Added additional DISA public STIG Templates

Version 1.3.1

Version 1.3.1 was a bug fix release primarily as outlined below:

  • Fix a bug #203 on CAT 3 checklist Not a Finding counts not matching the checklist file
  • Updated to the Jan 22, 2021 DISA public STIG templates

Version 1.3

Version 1.3 was a bug fix release primarily as outlined below:

  • Display the status of the vulnerability in the checklist/template view
  • Scoring a checklist now uses the Severity Override as the severity if it is filled in (API and MSG client)
  • Fixed a bug in the low/moderate/high loading of NIST 800.53 Controls
  • Fixed a bug where PII controls are always used in the Compliance engine – now only if the checkbox is set

Version 1.2

Version 1.2 was also a security fix primarily with some updated functionality as outlined below:

  • .NET Core 3.1 update with Debian 10 based containers
  • Updated .NET Core 3.1 components such as Jaeger client, Swashbuckle, etc.
  • Keycloak 10 upgrade from 7.0
  • Keycloak theme for OpenRMF for seamless look-and-feel interaction
  • Header Security fixes from an active scan of the web application
  • Compliance Summary buttons are interactive for filtering now
  • Help documentation is now local to the application, not up on github.io pages

Version 1.1

Version 1.1 was a security fix primarily with some updated functionality as outlined below:

  • Rootless containers for APIs, messages, NGINX, and MongoDB databases
  • Updated jQuery, File Upload, Bootstrap and other JS components
  • Security Fixes from an active scan of the web application
  • Upload an existing checklist for a given checklist type and host = update the info (it was just duplicating the information)
  • Allow Bulk Edits on Vulnerabilities across similar checklist types within a System grouping
  • Container “restart: always” on the Docker Compose file
  • All CSS, HTML, JS are local not reaching out over the public Internet

Version 1.0

Version 1.0 of OpenRMF Core has these updates below:

  • Fixing a bug on the Web UI updating Vulnerabilities via the web form in a checklist
  • Updating the version descriptions to 1.0 throughout the codebase

Copyright © 2020 Cingulara and Tutela. Distributed by openrmf.io.

diff --git a/help/whatsnew.md b/help/whatsnew.md index a5033f8..cae9b7b 100644 --- a/help/whatsnew.md +++ b/help/whatsnew.md @@ -15,10 +15,12 @@ Version 1.9 has the following added features and fixes: * Added a report to list vulnerabilities by status and severity options * Added a report to show activity on checklists for age and stale data * Added a report to show all Vulnerabilities with severity override set -* Added a report to list all Checklists that require an Update +* Added a report to list all Checklists that require an Upgrade * Fix for Empty Comments / Details not saved on Checklists * Fix for Apostrophe and special HTML characters being escaped in data on textboxes * Fix for matching SCAP to Checklists on certain changed DISA templates +* Fix for Severity Override not resetting after being on a VULN record that has one, to one that does not +* Remove Caching on Reporting API to show proper data after deleting checklists correctly * Latest DISA Templates as of November 4, 2023 ## Version 1.9 diff --git a/js/openrmf.js b/js/openrmf.js index 4d23595..40a662b 100644 --- a/js/openrmf.js +++ b/js/openrmf.js @@ -528,13 +528,13 @@ async function getSystemRecord(systemGroupId) { $("#divSystemPOAM").html(poamHTML); } // created date and updated date - $("#divSystemCreated").html("Created: " + moment(item.created).format('MM/DD/YYYY h:mm a')); + $("#divSystemCreated").html("Created: " + moment(item.created).format('MM/DD/YYYY hh:mm A')); if (item.updatedOn) - $("#divSystemUpdated").html("Last Updated: " + moment(item.updatedOn).format('MM/DD/YYYY h:mm a')); + $("#divSystemUpdated").html("Last Updated: " + moment(item.updatedOn).format('MM/DD/YYYY hh:mm A')); else $("#divSystemUpdated").html("Last Updated: N/A"); if (item.lastComplianceCheck) - $("#divSystemLastCompliance").html("Last Compliance Check: " + moment(item.lastComplianceCheck).format('MM/DD/YYYY h:mm a')); + $("#divSystemLastCompliance").html("Last Compliance Check: " + moment(item.lastComplianceCheck).format('MM/DD/YYYY hh:mm A')); else $("#divSystemLastCompliance").html("Last Compliance Check: N/A"); 1 } @@ -912,13 +912,13 @@ async function deleteSystem(id) { request.setRequestHeader("Authorization", 'Bearer ' + keycloak.token); }, success: function(data){ - swal("Your System was deleted successfully!", "Click OK to continue!", "success") + swal("Your System Package was deleted successfully!", "Click OK to continue!", "success") .then((value) => { location.href = "systems.html"; }); }, error : function(data){ - swal("There was a Problem. Your System was not deleted successfully! Please check with the Application Admin.", "Click OK to continue!", "error"); + swal("There was a Problem. Your System Package was not deleted successfully! Please check with the Application Admin.", "Click OK to continue!", "error"); } }); @@ -1010,13 +1010,13 @@ async function deleteSystemChecklists(id){ request.setRequestHeader("Authorization", 'Bearer ' + keycloak.token); }, success: function(data){ - swal("Your System Checklists were deleted successfully!", "Note: for larger lists this may take a few moments. Click OK to continue!", "success") + swal("Your System Package Checklists were deleted successfully!", "Note: for larger lists this may take a few moments. Click OK to continue!", "success") .then((value) => { location.reload(); }); }, error : function(data){ - swal("There was a Problem. Your System Checklists were not deleted successfully! Please check with the Application Admin.", "Click OK to continue!", "error"); + swal("There was a Problem. Your System Package Checklists were not deleted successfully! Please check with the Application Admin.", "Click OK to continue!", "error"); } }); @@ -1047,13 +1047,13 @@ async function deleteAllSystemChecklists(id){ request.setRequestHeader("Authorization", 'Bearer ' + keycloak.token); }, success: function(data){ - swal("Your System Checklists were deleted successfully!", "Note: for larger lists this may take a few moments. Click OK to continue!", "success") + swal("Your System Package Checklists were deleted successfully!", "Note: for larger lists this may take a few moments. Click OK to continue!", "success") .then((value) => { location.reload(); }); }, error : function(data){ - swal("There was a Problem. Your System Checklists were not deleted successfully! Please check with the Application Admin.", "Click OK to continue!", "error"); + swal("There was a Problem. Your System Package Checklists were not deleted successfully! Please check with the Application Admin.", "Click OK to continue!", "error"); } }); @@ -1225,10 +1225,10 @@ async function getChecklists(system) { checklistLink += item.title checklistLink += '
last updated on ' if (item.updatedOn) { - checklistLink += moment(item.updatedOn).format('MM/DD/YYYY h:mm a'); + checklistLink += moment(item.updatedOn).format('MM/DD/YYYY hh:mm A'); } else { - checklistLink += moment(item.created).format('MM/DD/YYYY h:mm a'); + checklistLink += moment(item.created).format('MM/DD/YYYY hh:mm A'); } checklistLink += ""; @@ -1376,10 +1376,10 @@ async function getChecklistData(id, template) { $("#checklistTitle").html(' ' + title); var updatedDate = "Last Updated on "; if (data.updatedOn) { - updatedDate += moment(data.updatedOn).format('MM/DD/YYYY h:mm a'); + updatedDate += moment(data.updatedOn).format('MM/DD/YYYY hh:mm A'); } else { - updatedDate += moment(data.created).format('MM/DD/YYYY h:mm a'); + updatedDate += moment(data.created).format('MM/DD/YYYY hh:mm A'); } $("#checklistSystem").html("System: " + data.systemTitle); $("#checklistHost").html("Host: " + data.checklist.asset.hosT_NAME); @@ -1408,7 +1408,7 @@ async function getChecklistData(id, template) { // update the Template Scoring dynamically if (template) getScoreForTemplateListing(data.rawChecklist); - + if (!sessionStorage.getItem("currentSystem")) await getChecklistSystemsForChecklist(); // go ahead and fill in the modal for for upload while we are in here $("#frmChecklistSystem").val(data.systemGroupId); @@ -1475,7 +1475,8 @@ async function getChecklistData(id, template) { sessionStorage.setItem("vulnStatus", vulnStatus); // see if there is a control passed in and if so, only show the valid controls $("#checklistTree").html(vulnListing); - + sessionStorage.setItem("currentSystem", data.systemGroupId); + if (!template) { // check the version and release # of the checklist var newRelease = await newChecklistAvailable(data.systemGroupId, data.internalIdString); if (newRelease != null) { @@ -1701,6 +1702,8 @@ async function viewVulnDetails(vulnId) { } if (data.severitY_OVERRIDE && data.severitY_OVERRIDE.length > 0) { $("#frmVulnSecurityOverride").val(data.severitY_OVERRIDE); + } else { + $("#frmVulnSecurityOverride").val(""); } $("#frmVulnSecurityJustification").val(data.severitY_JUSTIFICATION); @@ -2587,10 +2590,10 @@ async function getSystemChecklistReport() { //var title = data.title; var updatedDate = "Last Updated on "; if (data.updatedOn) { - updatedDate += moment(data.updatedOn).format('MM/DD/YYYY h:mm a'); + updatedDate += moment(data.updatedOn).format('MM/DD/YYYY hh:mm A'); } else { - updatedDate += moment(data.created).format('MM/DD/YYYY h:mm a'); + updatedDate += moment(data.created).format('MM/DD/YYYY hh:mm A'); } var table = $('#tblReportSystemChecklist').DataTable(); @@ -2664,11 +2667,9 @@ async function getControlsReport() { table.clear().draw(); table.ajax.url(controlAPI + "?pii=" + pii + "&impactlevel=" + $('#checklistImpactFilter').val()).load(finalizeLoadingTable); } - async function finalizeLoadingTable() { $.unblockUI(); } - // Reports: list out a vulnerability by host async function getHostVulnerabilityReport() { var id = $("#checklistSystemFilter").val(); @@ -2741,7 +2742,6 @@ async function getHostVulnerabilityReport() { swal("There was a problem generating your report. Please contact your Application Administrator.", "Click OK to continue!", "error"); } } - // Reports: list out a vulnerability by status and severity async function getVulnerabilityStatusSeverityReport() { var id = $("#checklistSystemFilter").val(); @@ -2775,6 +2775,21 @@ async function getVulnerabilityStatusSeverityReport() { table.clear().draw(); table.ajax.url(reportAPI + "system/" + id + "/?naf=" +bNaF + "&open=" + bOpen+ "&na=" + bNA+ "&nr=" +bNR + "&cat1=" +bCat1 + "&cat2=" +bCat2 + "&cat3=" + bCat3).load(finalizeLoadingTable); } +// Reports: list out a vulnerability by status and severity +async function getVulnerabilityOverrideReport() { + var id = $("#checklistSystemFilter").val(); + if (!id || id.length == 0) + { + swal("Please choose a system package for the report.", "Click OK to continue!", "error"); + return; + } + + $.blockUI({ message: "Generating the Vulnerability Override Report...please wait" , css: { padding: '15px'} }); + // call the API to get the checklist data + var table = $('#tblReportVulnerabilityOverride').DataTable(); + table.clear().draw(); + table.ajax.url(reportAPI + "system/" + id + "/override/").load(finalizeLoadingTable); +} // generate a list of controls for the control for host report async function getControlsListing(){ let response = await fetch(controlAPI + "majorcontrols/", {headers: { @@ -2788,7 +2803,20 @@ async function getControlsListing(){ }); } } - +// Reports: list checklists in reverse date order for activity +async function getChecklistActivity() { + var id = $("#checklistSystemFilter").val(); + if (!id || id.length == 0) + { + swal("Please choose a system package for the report.", "Click OK to continue!", "error"); + return; + } + $.blockUI({ message: "Generating the Checklist Activity Report...please wait" , css: { padding: '15px'} }); + // call the API to get the checklist data + var table = $('#tblReportChecklistActivity').DataTable(); + table.clear().draw(); + table.ajax.url(readAPI + "systems/" + encodeURIComponent(id) + "/").load(finalizeLoadingTable); +} // run the report for listing our hosts that have a control referencing them async function getRMFControlForHostReport() { var id = $("#checklistSystemFilter").val(); @@ -2848,7 +2876,6 @@ async function getRMFControlForHostReport() { } $.unblockUI(); } - // refresh the Nessus ACAS Patch Data async function reloadNessusPatchData() { swal({ @@ -2879,7 +2906,6 @@ async function reloadNessusPatchData() { } }); } - // refresh the Checklist Vulnerability Data async function reloadVulnerabilityData() { swal({ @@ -2910,7 +2936,44 @@ async function reloadVulnerabilityData() { } }); } +async function getChecklistUpgrades () { + var id = $("#checklistSystemFilter").val(); + if (!id || id.length == 0) + { + swal("Please choose a system package for the report.", "Click OK to continue!", "error"); + return; + } + $.blockUI({ message: "Generating the Checklist Upgrade Report...please wait" , css: { padding: '15px'} }); + // call the API to get the checklist data + var url = readAPI + "systems/" + encodeURIComponent(id) + "/"; + let response = await fetch(url, {headers: { + 'Authorization': 'Bearer ' + keycloak.token + }}); + if (response.ok) { + // now get the data set + var data = await response.json(); + var table = $('#tblChecklistUpgrades').DataTable(); + table.clear().draw(); + var newRelease = {}; + var updatedChecklist = ""; + for (const item of data) { + newRelease = await newChecklistAvailable(id, item.internalIdString); + if (newRelease != null) { + updatedChecklist = 'V' + newRelease.version + ' ' + newRelease.stigRelease; + // dynamically add to the datatable + table.row.add( { "internalIdString": item.internalIdString, "title": item.title, "stigType": item.stigType, + "version": item.version, "stigRelease": item.stigRelease, "hostName": item.hostName, + "updatedChecklist": updatedChecklist + }).draw(); + } + } + $.unblockUI(); + } else { + $.unblockUI(); + swal("There was a problem generating your report. Please contact your Application Administrator.", "Click OK to continue!", "error"); + } +} /************************************ Audit List Functions ************************************/ @@ -3185,7 +3248,6 @@ function htmlEscape(str) { } else return ""; } - function decodeHtml(html) { if (html) { var txt = document.createElement("textarea"); diff --git a/reports/checklistactivity.html b/reports/checklistactivity.html new file mode 100644 index 0000000..892f000 --- /dev/null +++ b/reports/checklistactivity.html @@ -0,0 +1,256 @@ + + + + + + + + + OpenRMF Checklist Activity + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/reports/checklistupgrades.html b/reports/checklistupgrades.html new file mode 100644 index 0000000..0d0fcce --- /dev/null +++ b/reports/checklistupgrades.html @@ -0,0 +1,265 @@ + + + + + + + + OpenRMF Checklist Upgrades Available + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/reports/index.html b/reports/index.html index 55675de..5b602d6 100644 --- a/reports/index.html +++ b/reports/index.html @@ -101,8 +101,6 @@

Available Reports

title="Run the Nessus ACAS Report by System Package" onclick="location.href = 'nessus.html';" class="btn btn-success">Run Report - diff --git a/reports/vulnerabilityoverride.html b/reports/vulnerabilityoverride.html new file mode 100644 index 0000000..cb246d8 --- /dev/null +++ b/reports/vulnerabilityoverride.html @@ -0,0 +1,299 @@ + + + + + + + + + OpenRMF Vulnerability Listing by Overrides + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/reports/vulnerabilitystatusseverity.html b/reports/vulnerabilitystatusseverity.html index 0a2698f..8fcc12f 100644 --- a/reports/vulnerabilitystatusseverity.html +++ b/reports/vulnerabilitystatusseverity.html @@ -152,7 +152,7 @@

Filters

-

Host Vulnerability Listing

+

Vulnerability Listing