Skip to content

Commit

Permalink
add vulnerability search by status and severity
Browse files Browse the repository at this point in the history
  • Loading branch information
@DaleBinghamSoteriaSoft
DaleBinghamSoteriaSoft committed Nov 4, 2023
1 parent 61ba829 commit 7848d97
Show file tree
Hide file tree
Showing 3 changed files with 438 additions and 183 deletions.
236 changes: 60 additions & 176 deletions js/openrmf.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -267,110 +267,8 @@ async function getSystemACASItemsForDashboard() {
************************************/
async function getTemplates(latest) {
$.blockUI({ message: "Updating the template listing...please wait", css: { padding: '15px'} });

var table = $('#tblChecklistListing').DataTable();
table.clear().draw();
table.ajax.url(templateAPI).load(finalizeLoadingTable);

// var url = templateAPI;
// let response = await fetch(url, {headers: {
// 'Authorization': 'Bearer ' + keycloak.token
// }});
// parse the result regardless of the one called as the DIV are the same on Dashboard/index and the checklists pages
// if (response.ok) {
// var data = await response.json()
// var table = $('#tblChecklistListing').DataTable(); // the datatable reference to do a row.add() to
// table.clear().draw();
// var checklistLink = "";
// if (data.length == 0) {
// $.unblockUI();
// var alertText = 'There are no Checklist templates uploaded. Please go to the Upload page to add your first.';
// alertText += '<button type="button" class="close" data-dismiss="alert" aria-label="Close">';
// alertText += '<span aria-hidden="true">&times;</span></button>';
// $("#divMessaging").html(alertText);
// $("#divMessaging").show();
// }
// else {
// $("#divMessaging").html('');
// $("#divMessaging").hide();
// for (const item of data) {
// checklistLink = '<a href="single-template.html?id=' + item.internalIdString + '" title="Open Checklist Template">';
// checklistLink += item.fullTitle;
// checklistLink += '</a><br /><span class="small">last updated on ';
// if (item.updatedOn) {
// checklistLink += moment(item.updatedOn).format('MM/DD/YYYY h:mm a');
// }
// else {
// checklistLink += moment(item.created).format('MM/DD/YYYY h:mm a');
// }
// checklistLink += "</span>";

// // if not a SYSTEM templateType, then get the score; else just fill the table with the listing
// if (item.templateType == "SYSTEM") {
// table.row.add( { "title": checklistLink,
// "totalNaF": 0, "totalNA": 0, "totalOpen": 0, "totalNR": 0,
// "totalNaFCat1": 0, "totalNACat1": 0, "totalOpenCat1": 0, "totalNRCat1": 0,
// "totalNaFCat2": 0, "totalNACat2": 0, "totalOpenCat2": 0, "totalNRCat2": 0,
// "totalNaFCat3": 0, "totalNACat3": 0, "totalOpenCat3": 0, "totalNRCat3": 0
// }).draw();
// } else {
// // now get the score
// var score = null;
// var formData = new FormData();
// formData.append("rawChecklist", item.rawChecklist);
// $.ajax({
// url : scoreAPI,
// data : formData,
// async: false,
// type : 'POST',
// processData: false,
// contentType: false,
// beforeSend: function(request) {
// request.setRequestHeader("Authorization", 'Bearer ' + keycloak.token);
// },
// success : function(data){
// score = data;
// if (score) {
// // dynamically add to the datatable but only show main data, click the + for extra data
// table.row.add( { "title": checklistLink,
// "totalNaF": score.totalNotAFinding, "totalNA": score.totalNotApplicable, "totalOpen": score.totalOpen, "totalNR": score.totalNotReviewed,
// "totalNaFCat1": score.totalCat1NotAFinding, "totalNACat1": score.totalCat1NotApplicable, "totalOpenCat1": score.totalCat1Open, "totalNRCat1": score.totalCat1NotReviewed,
// "totalNaFCat2": score.totalCat2NotAFinding, "totalNACat2": score.totalCat2NotApplicable, "totalOpenCat2": score.totalCat2Open, "totalNRCat2": score.totalCat2NotReviewed,
// "totalNaFCat3": score.totalCat3NotAFinding, "totalNACat3": score.totalCat3NotApplicable, "totalOpenCat3": intOpenCat2 = score.totalCat3Open, "totalNRCat3": score.totalCat3NotReviewed
// }).draw();
// }
// else {
// table.row.add( { "title": checklistLink,
// "totalNaF": 0, "totalNA": 0, "totalOpen": 0, "totalNR": 0,
// "totalNaFCat1": 0, "totalNACat1": 0, "totalOpenCat1": 0, "totalNRCat1": 0,
// "totalNaFCat2": 0, "totalNACat2": 0, "totalOpenCat2": 0, "totalNRCat2": 0,
// "totalNaFCat3": 0, "totalNACat3": 0, "totalOpenCat3": 0, "totalNRCat3": 0
// }).draw();
// }
// $.unblockUI();
// },
// error: function() {
// table.row.add( { "title": checklistLink,
// "totalNaF": 0, "totalNA": 0, "totalOpen": 0, "totalNR": 0,
// "totalNaFCat1": 0, "totalNACat1": 0, "totalOpenCat1": 0, "totalNRCat1": 0,
// "totalNaFCat2": 0, "totalNACat2": 0, "totalOpenCat2": 0, "totalNRCat2": 0,
// "totalNaFCat3": 0, "totalNACat3": 0, "totalOpenCat3": 0, "totalNRCat3": 0
// }).draw();
// $.unblockUI();
// }});
// }
// }
// $.unblockUI();
// }
// }
// else {
// $.unblockUI();
// if (response.status == 401)
// swal("There is an Authentication problem. Please logout and log back in. And have the application administrator verify your API's authentication settings.", "Click OK to continue!", "error");
// else if (response.status == 401)
// swal("There is an application problem. Please have the application administrator verify your system is 100% healthy and running correctly.", "Click OK to continue!", "error");
// throw new Error(response.status)
// }
}
// called from template listing, calls the POST to the scoring API to get back a score dynamically
async function getScoreForTemplateListing(xmlChecklist) {
Expand Down Expand Up @@ -1173,7 +1071,7 @@ async function downloadAllSystemChecklists(id) {
if ($("#txtSystemName").val()){
systemFilter = $("#txtSystemName").val();
}
$.blockUI({ message: "Generating the System Checklist ZIP ...please wait", css: { padding: '15px'} });
$.blockUI({ message: "Generating the System Checklist ZIP...please wait", css: { padding: '15px'} });
var url = readAPI;
if (getParameterByName('id'))
url += "system/download/" + encodeURIComponent(getParameterByName('id'));
Expand Down Expand Up @@ -1417,7 +1315,7 @@ async function exportChecklistListingXLSX() {
if ($("#txtSystemName").val()){
systemFilter = $("#txtSystemName").val();
}
$.blockUI({ message: "Generating the System Checklist Excel export ...please wait", css: { padding: '15px'} });
$.blockUI({ message: "Generating the System Checklist Excel export...please wait", css: { padding: '15px'} });
var url = readAPI;
if (getParameterByName('id'))
url += "system/export/" + encodeURIComponent(getParameterByName('id'));
Expand Down Expand Up @@ -2566,10 +2464,7 @@ async function getNessusPatchScanReport() {
return;
}
// call the report API /reports/nessus/xxxxxxxxxxxx
$.blockUI({ message: "Generating the Nessus ACAS Patch Report ...please wait" , css: { padding: '15px'} });
//var url = reportAPI + "system/" + systemGroupId + "/acaspatchdata";
// get back the data

$.blockUI({ message: "Generating the Nessus ACAS Patch Report...please wait" , css: { padding: '15px'} });
var table = $('#tblReportNessus').DataTable(); // the datatable reference to do a row.add() to
table.clear().draw();
table.ajax.url(reportAPI + "system/" + systemGroupId + "/acaspatchdata/").load(finalizeLoadingTable);
Expand Down Expand Up @@ -2679,7 +2574,7 @@ async function getSystemChecklistReport() {
return;
}

$.blockUI({ message: "Generating the Checklist Report ...please wait" , css: { padding: '15px'} });
$.blockUI({ message: "Generating the Checklist Report...please wait" , css: { padding: '15px'} });
// call the API to get the checklist data
var url = readAPI + "artifact";
let response = await fetch(url + "/" + id, {headers: {
Expand Down Expand Up @@ -2764,38 +2659,10 @@ async function getSystemChecklistReport() {
// Reports: listing of the controls
async function getControlsReport() {
var pii = $('#checklistPrivacyFilter')[0].checked;
//var url = controlAPI + "?pii=" + pii + "&impactlevel=" + $('#checklistImpactFilter').val();
$.blockUI({ message: "Generating the Controls Report ...please wait" , css: { padding: '15px'} });
// let response = await fetch(url, {headers: {
// 'Authorization': 'Bearer ' + keycloak.token
// }});
// if (response.ok) {
// // now get the data set
// var data = await response.json();

var table = $('#tblReportControls').DataTable();
table.clear().draw();
table.ajax.url(controlAPI + "?pii=" + pii + "&impactlevel=" + $('#checklistImpactFilter').val()).load(finalizeLoadingTable);
// var impactLevel = "";
// for (const item of data) {
// if (item.highimpact)
// impactLevel = "High";
// else if (item.moderateimpact)
// impactLevel = "Moderate";
// else if (item.lowimpact)
// impactLevel = "Low";
// else
// impactLevel = "N/A";
// // dynamically add to the datatable but only show main data, click the + for extra data
// table.row.add( { "family": item.family,"number": item.number,"title": item.title,"priority": item.priority,
// "impactlevel": impactLevel,"supplementalGuidance": item.supplementalGuidance,
// "subControlDescription": item.subControlDescription, "subControlNumber": item.subControlNumber
// }).draw();
// }
// } else {
// $.unblockUI();
// swal("There was a problem generating your report. Please contact your Application Administrator.", "Click OK to continue!", "error");
// }
$.blockUI({ message: "Generating the Controls Report...please wait" , css: { padding: '15px'} });
var table = $('#tblReportControls').DataTable();
table.clear().draw();
table.ajax.url(controlAPI + "?pii=" + pii + "&impactlevel=" + $('#checklistImpactFilter').val()).load(finalizeLoadingTable);
}

async function finalizeLoadingTable() {
Expand All @@ -2817,7 +2684,7 @@ async function getHostVulnerabilityReport() {
return;
}

$.blockUI({ message: "Generating the Host Vulnerability Report ...please wait" , css: { padding: '15px'} });
$.blockUI({ message: "Generating the Host Vulnerability Report...please wait" , css: { padding: '15px'} });
// call the API to get the checklist data
var url = reportAPI + "system/" + id + "/vulnid/" + vulnid;
let response = await fetch(url, {headers: {
Expand Down Expand Up @@ -2875,6 +2742,39 @@ async function getHostVulnerabilityReport() {
}
}

// Reports: list out a vulnerability by status and severity
async function getVulnerabilityStatusSeverityReport() {
var id = $("#checklistSystemFilter").val();
if (!id || id.length == 0)
{
swal("Please choose a system package for the report.", "Click OK to continue!", "error");
return;
}

// status checkboxes
var bCat1 = $('#chkVulnCAT1').prop('checked');
var bCat2 = $('#chkVulnCAT2').prop('checked');
var bCat3 = $('#chkVulnCAT3').prop('checked');
if (!bCat1 && !bCat2 && !bCat3) {
swal("Please choose at least one status for the report.", "Click OK to continue!", "error");
return;
}
// severity checkboxes
var bOpen = $('#chkVulnOpen').prop('checked');
var bNaF = $('#chkVulnNaF').prop('checked');
var bNA = $('#chkVulnNA').prop('checked');
var bNR = $('#chkVulnNR').prop('checked');
if (!bOpen && !bNaF && !bNA && !bNR) {
swal("Please choose at least one severity for the report.", "Click OK to continue!", "error");
return;
}

$.blockUI({ message: "Generating the Vulnerability Status and Severity Report...please wait" , css: { padding: '15px'} });
// call the API to get the checklist data
var table = $('#tblReportVulnerabilityStatusSeverity').DataTable();
table.clear().draw();
table.ajax.url(reportAPI + "system/" + id + "/?naf=" +bNaF + "&open=" + bOpen+ "&na=" + bNA+ "&nr=" +bNR + "&cat1=" +bCat1 + "&cat2=" +bCat2 + "&cat3=" + bCat3).load(finalizeLoadingTable);
}
// generate a list of controls for the control for host report
async function getControlsListing(){
let response = await fetch(controlAPI + "majorcontrols/", {headers: {
Expand Down Expand Up @@ -3015,32 +2915,10 @@ async function reloadVulnerabilityData() {
Audit List Functions
************************************/
async function getAuditRecords() {
// call the API to get the checklist data
var url = auditAPI;
$.blockUI({ message: "Generating the Audit Listing...please wait", css: { padding: '15px'} });
let response = await fetch(url, {headers: {
'Authorization': 'Bearer ' + keycloak.token
}});
if (response.ok) {
// now get the data set
var data = await response.json();

var table = $('#tblAuditRecords').DataTable(); // the datatable reference to do a row.add() to
table.clear().draw();
for (const item of data) {
// dynamically add to the datatable but only show main data, click the + for extra data
table.row.add( { "auditId": item.auditId, "program": item.program,
"created": moment(item.created).format('MM/DD/YYYY h:mm a'), "action": item.action,
"userid": item.userid, "username": item.username, "fullname": item.fullname,
"email": item.email, "url": item.url,
"message": item.message
}).draw();
}
$.unblockUI();
} else {
$.unblockUI();
swal("There was a problem listing the audit records. Please contact your Application Administrator.", "Click OK to continue!", "error");
}
var table = $('#tblAuditRecords').DataTable();
table.clear().draw();
table.ajax.url(auditAPI).load(finalizeLoadingTable);
}

/************************************
Expand Down Expand Up @@ -3297,18 +3175,24 @@ function getRandomColor() {
return color;
}
function htmlEscape(str) {
return str
.replace(/&/g, '&amp;')
.replace(/"/g, '&quot;')
.replace(/'/g, '&#39;')
.replace(/</g, '&lt;')
.replace(/>/g, '&gt;');
if (str) {
return str
.replace(/&/g, '&amp;')
.replace(/"/g, '&quot;')
.replace(/'/g, '&#39;')
.replace(/</g, '&lt;')
.replace(/>/g, '&gt;');
} else
return "";
}

function decodeHtml(html) {
var txt = document.createElement("textarea");
txt.innerHTML = html;
return txt.value;
if (html) {
var txt = document.createElement("textarea");
txt.innerHTML = html;
return txt.value;
} else
return "";
}
/************************************
Permission and User Login Functions
Expand Down
Loading

0 comments on commit 7848d97

Please sign in to comment.