tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'ent-11965-security-hardening-console-vistas-estaticas' into ent-12050-security-hardening-console-widget-dashboard

This commit is contained in:
Daniel Cebrian 2023-09-18 12:15:17 +02:00
parent c101389a26 25e0834db0
commit 1e9e74ce92
7 changed files with 264 additions and 87 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

57
pandora_console/godmode/reporting/reporting_builder.item_editor.php
View File

@ -1070,6 +1070,7 @@ switch ($action) {
case 'evolution':
$group = $item['id_group'];
$recursion = $item['recursion'];
$period = $item['period'];
break;
default:
@ -5196,6 +5197,10 @@ echo "<div id='message_no_group' title='".__('Item Editor Information')."' clas
echo "<p class='center bolder'>".__('Please select a group.').'</p>';
echo '</div>';
echo "<div id='message_no_max_item' title='".__('Max items')."' class='invisible'>";
echo "<p class='center bolder'>".__('Please insert max item number.').'</p>';
echo '</div>';
ui_require_javascript_file(
'pandora_inventory',
ENTERPRISE_DIR.'/include/javascript/'
@ -5539,6 +5544,30 @@ $(document).ready (function () {
return false;
}
break;
case 'list_checks':
if ($("#text-text_agent").val() == '') {
dialog_message('#message_no_agent');
return false;
}
break;
case 'top_n_agents_sh':
if ($("#text-max_items").val() == '') {
dialog_message('#message_no_max_item');
return false;
}
break;
case 'top_n_checks_failed':
if ($("#text-max_items").val() == '') {
dialog_message('#message_no_max_item');
return false;
}
break;
case 'top_n_categories_checks':
if ($("#text-max_items").val() == '') {
dialog_message('#message_no_max_item');
return false;
}
break;
default:
break;
}
@ -5609,13 +5638,14 @@ $(document).ready (function () {
});
$("#submit-edit_item").click(function () {
$("#button-edit_item").click(function () {
var type = $('#type').val();
if($('#text-name').val() == ''){
dialog_message('#message_no_name');
return false;
}
switch (type){
case 'agent_module':
case 'agent_module_status':
@ -5668,6 +5698,30 @@ $(document).ready (function () {
return false;
}
break;
case 'list_checks':
if ($("#text-text_agent").val() == '') {
dialog_message('#message_no_agent');
return false;
}
break;
case 'top_n_agents_sh':
if ($("#text-max_items").val() == '') {
dialog_message('#message_no_max_item');
return false;
}
break;
case 'top_n_checks_failed':
if ($("#text-max_items").val() == '') {
dialog_message('#message_no_max_item');
return false;
}
break;
case 'top_n_categories_checks':
if ($("#text-max_items").val() == '') {
dialog_message('#message_no_max_item');
return false;
}
break;
default:
break;
@ -7633,6 +7687,7 @@ function chooseType() {
case 'evolution':
$("#row_group").show();
$('#row_period').show();
break;
}

3
pandora_console/godmode/reporting/reporting_builder.php
View File

@ -2029,6 +2029,7 @@ switch ($action) {
case 'evolution':
$values['id_group'] = get_parameter('combo_group');
$values['period'] = get_parameter('period');
$good_format = true;
break;
@ -2061,6 +2062,7 @@ switch ($action) {
|| ($values['type'] == 'event_report_agent')
|| ($values['type'] == 'agent_configuration')
|| ($values['type'] == 'group_configuration')
|| ($values['type'] == 'list_checks')
) {
$values['id_agent_module'] = '';
} else {
@ -2947,6 +2949,7 @@ switch ($action) {
case 'evolution':
$values['id_group'] = get_parameter('combo_group');
$values['period'] = get_parameter('period');
$good_format = true;
break;

12
pandora_console/include/chart_generator.php
View File

@ -252,6 +252,18 @@ $hack_metaconsole = (is_metaconsole() === true) ? '../../' : '';
echo $chart->render(true);
break;
case 'line_graph':
$params['pdf'] = true;
$params['options']['width'] = '100%';
$params['options']['height'] = 200;
$chart = get_build_setup_charts(
'LINE',
$params['options'],
$params['chart_data']
);
echo $chart->render(true);
break;
case 'slicebar':
// TO-DO Cambiar esto para que se pase por POST, NO SE PUEDE PASAR POR GET.
$params['graph_data'] = json_decode(io_safe_output($config[$params['tokem_config']]), true);

6
pandora_console/include/functions_reporting.php
View File

@ -964,7 +964,8 @@ function reporting_make_reporting_data(
case 'vul_by_cat':
$report['contents'][] = reporting_vul_by_categories(
$report,
$content
$content,
$type
);
break;
@ -985,7 +986,8 @@ function reporting_make_reporting_data(
case 'evolution':
$report['contents'][] = reporting_evolution_hardening(
$report,
$content
$content,
$type
);
break;

202
pandora_console/include/functions_reporting_html.php
View File

@ -540,20 +540,29 @@ function reporting_evolution_graph($table, $item)
*
* @param object $table Head table or false if it comes from pdf.
* @param array $item Items data.
* @param boolean $pdf If it comes from pdf.
*
* @return void
* @return string
*/
function reporting_html_scoring($table, $item)
function reporting_html_scoring($table, $item, $pdf=0)
{
global $config;
$table->width = '99%';
$table->styleTable = 'border: 0px;';
$table->colspan[2][0] = 3;
$table1 = new stdClass();
$table1->width = '100%';
$table1->class = 'databox filters';
$table1->styleTable = 'border: 0px;';
$table1->data[0][0] = '<b>'.__('Date').'</b>';
$table1->data[0][1] = '<b>'.__('Agent').'</b>';
$table1->data[0][2] = '<b>'.__('Score').'</b>';
$table1->headstyle[0] = 'text-align: left';
$table1->headstyle[1] = 'text-align: left';
$table1->headstyle[2] = 'text-align: left';
$table1->width = '99%';
$table1->class = 'info_table';
$table1->titleclass = 'title_table_pdf';
$table1->rowclass[0] = '';
$table1->head[0] = '<b>'.__('Date').'</b>';
$table1->head[1] = '<b>'.__('Agent').'</b>';
$table1->head[2] = '<b>'.__('Score').'</b>';
$row = 1;
foreach ($item['data'] as $key => $check) {
$table1->data[$row][1] = date($config['date_format'], $check['date']);
@ -562,8 +571,17 @@ function reporting_html_scoring($table, $item)
$row++;
}
$table->colspan[2][0] = 3;
if ($pdf === 1) {
$table1->title = $item['title'];
$table1->titleclass = 'title_table_pdf';
$table1->titlestyle = 'text-align:left;';
}
$table->data[2][0] = html_print_table($table1, true);
if ($pdf === 1) {
return html_print_table($table1, true);
}
}
@ -572,27 +590,47 @@ function reporting_html_scoring($table, $item)
*
* @param object $table Head table or false if it comes from pdf.
* @param array $item Items data.
* @param boolean $pdf If it comes from pdf.
*
* @return void
* @return string
*/
function reporting_html_list_checks($table, $item)
function reporting_html_list_checks($table, $item, $pdf=0)
{
$table->rowclass[0] = '';
$table->colspan[0][1] = 2;
$table->align[3] = 'center';
$table->data[1][0] = '<b>'.__('Id').'</b>';
$table->data[1][1] = '<b>'.__('Title').'</b>';
$table->data[1][2] = '<b>'.__('Category').'</b>';
$table->data[1][3] = '<b>'.__('Status').'</b>';
$table->width = '99%';
$table->styleTable = 'border: 0px;';
$table->colspan[2][0] = 4;
$table1 = new stdClass();
$table1->width = '99%';
$table1->headstyle[0] = 'text-align: left';
$table1->headstyle[1] = 'text-align: left';
$table1->headstyle[2] = 'text-align: left';
$table1->class = 'info_table';
$table1->titleclass = 'title_table_pdf';
$table1->rowclass[0] = '';
$table1->head[0] = '<b>'.__('Id').'</b>';
$table1->head[1] = '<b>'.__('Title').'</b>';
$table1->head[2] = '<b>'.__('Category').'</b>';
$table1->head[3] = '<b>'.__('Status').'</b>';
$row = 2;
foreach ($item['data'] as $key => $check) {
$table->data[$row][0] = $check['id'];
$table->data[$row][1] = $check['title'];
$table->data[$row][2] = $check['category'];
$table->data[$row][3] = $check['status'];
$table1->data[$row][0] = $check['id'];
$table1->data[$row][1] = $check['title'];
$table1->data[$row][2] = $check['category'];
$table1->data[$row][3] = $check['status'];
$row++;
}
if ($pdf === 1) {
$table1->title = $item['title'];
$table1->titleclass = 'title_table_pdf';
$table1->titlestyle = 'text-align:left;';
}
$table->data[2][0] = html_print_table($table1, true);
if ($pdf === 1) {
return html_print_table($table1, true);
}
}
@ -601,23 +639,45 @@ function reporting_html_list_checks($table, $item)
*
* @param object $table Head table or false if it comes from pdf.
* @param array $item Items data.
* @param boolean $pdf If it comes from pdf.
*
* @return void
* @return string
*/
function reporting_html_top_n_categories_checks($table, $item)
function reporting_html_top_n_categories_checks($table, $item, $pdf=0)
{
$table->rowclass[0] = '';
$table->data[1][0] = '<b>'.__('Id').'</b>';
$table->data[1][1] = '<b>'.__('Category').'</b>';
$table->data[1][2] = '<b>'.__('Total Failed').'</b>';
$table->width = '99%';
$table->styleTable = 'border: 0px;';
$table->colspan[2][0] = 3;
$table1 = new stdClass();
$table1->width = '99%';
$table1->headstyle[0] = 'text-align: left';
$table1->headstyle[1] = 'text-align: left';
$table1->headstyle[2] = 'text-align: left';
$table1->class = 'info_table';
$table1->titleclass = 'title_table_pdf';
$table1->rowclass[0] = '';
$table1->head[0] = '<b>'.__('Id').'</b>';
$table1->head[1] = '<b>'.__('Category').'</b>';
$table1->head[2] = '<b>'.__('Total Failed').'</b>';
$row = 2;
foreach ($item['data'] as $key => $check) {
$table->data[$row][0] = $check['id'];
$table->data[$row][1] = $check['category'];
$table->data[$row][2] = $check['total'];
$table1->data[$row][0] = $check['id'];
$table1->data[$row][1] = $check['category'];
$table1->data[$row][2] = $check['total'];
$row++;
}
if ($pdf === 1) {
$table1->title = $item['title'];
$table1->titleclass = 'title_table_pdf';
$table1->titlestyle = 'text-align:left;';
}
$table->data[2][0] = html_print_table($table1, true);
if ($pdf === 1) {
return html_print_table($table1, true);
}
}
@ -626,24 +686,46 @@ function reporting_html_top_n_categories_checks($table, $item)
*
* @param object $table Head table or false if it comes from pdf.
* @param array $item Items data.
* @param boolean $pdf If it comes from pdf.
*
* @return void
* @return string
*/
function reporting_html_top_n_checks_failed($table, $item)
function reporting_html_top_n_checks_failed($table, $item, $pdf=0)
{
global $config;
$table->rowclass[0] = '';
$table->data[1][1] = '<b>'.__('Title').'</b>';
$table->data[1][2] = '<b>'.__('Total Failed').'</b>';
$table->data[1][3] = '<b>'.__('Description').'</b>';
$table->width = '99%';
$table->styleTable = 'border: 0px;';
$table->colspan[2][0] = 3;
$table1 = new stdClass();
$table1->width = '99%';
$table1->headstyle[0] = 'text-align: left';
$table1->headstyle[2] = 'text-align: left';
$table1->class = 'info_table';
$table1->titleclass = 'title_table_pdf';
$table1->headstyle[1] = 'width: 10%; text-align: center;';
$table1->style[2] = 'text-align: center;';
$table1->rowclass[0] = '';
$table1->head[0] = '<b>'.__('Title').'</b>';
$table1->head[1] = '<b>'.__('Total Failed').'</b>';
$table1->head[2] = '<b>'.__('Description').'</b>';
$row = 2;
foreach ($item['data'] as $key => $check) {
$table->data[$row][1] = $check['title'];
$table->data[$row][2] = $check['total'];
$table->data[$row][3] = $check['description'];
$table1->data[$row][1] = $check['title'];
$table1->data[$row][2] = $check['total'];
$table1->data[$row][3] = $check['description'];
$row++;
}
if ($pdf === 1) {
$table1->title = $item['title'];
$table1->titleclass = 'title_table_pdf';
$table1->titlestyle = 'text-align:left;';
}
$table->data[2][0] = html_print_table($table1, true);
if ($pdf === 1) {
return html_print_table($table1, true);
}
}
@ -669,24 +751,44 @@ function reporting_vul_by_cat_graph($table, $item)
*
* @param object $table Head table or false if it comes from pdf.
* @param array $item Items data.
* @param boolean $pdf If it comes from pdf.
*
* @return void
* @return string
*/
function reporting_html_top_n_agents_sh($table, $item)
function reporting_html_top_n_agents_sh($table, $item, $pdf=0)
{
global $config;
$table->rowclass[0] = '';
$table->data[1][0] = '<b>'.__('Agent').'</b>';
$table->data[1][1] = '<b>'.__('Last audit scan').'</b>';
$table->data[1][2] = '<b>'.__('Score').'</b>';
$table->width = '99%';
$table->styleTable = 'border: 0px;';
$table->colspan[2][0] = 3;
$table1 = new stdClass();
$table1->headstyle = [];
$table1->width = '99%';
$table1->class = 'info_table';
$table1->titleclass = 'title_table_pdf';
$table1->rowclass[0] = '';
$table1->head[0] = '<b>'.__('Agent').'</b>';
$table1->head[1] = '<b>'.__('Last audit scan').'</b>';
$table1->head[2] = '<b>'.__('Score').'</b>';
$row = 2;
foreach ($item['data'] as $key => $agent) {
$table->data[$row][0] = $agent['alias'];
$table->data[$row][1] = date($config['date_format'], $agent['utimestamp']);
$table->data[$row][2] = $agent['datos'].' %';
$table1->data[$row][0] = $agent['alias'];
$table1->data[$row][1] = date($config['date_format'], $agent['utimestamp']);
$table1->data[$row][2] = $agent['datos'].' %';
$row++;
}
if ($pdf === 1) {
$table1->title = $item['title'];
$table1->titleclass = 'title_table_pdf';
$table1->titlestyle = 'text-align:left;';
}
$table->data[2][0] = html_print_table($table1, true);
if ($pdf === 1) {
return html_print_table($table, true);
}
}

20
pandora_console/include/graphs/fgraph.php
View File

@ -519,6 +519,26 @@ function line_graph(
$chart_data,
$options
) {
if (empty($chart_data) === true) {
if (isset($options['ttl']) === true
&& (int) $options['ttl'] === 2
) {
$options['base64'] = true;
}
return graph_nodata_image($options);
}
if (isset($options['ttl']) === true && (int) $options['ttl'] === 2) {
$params = [
'chart_data' => $chart_data,
'options' => $options,
'return_img_base_64' => true,
];
return generator_chart_to_pdf('line_graph', $params);
}
$chart = get_build_setup_charts('LINE', $options, $chart_data);
return $chart->render(true, true);
}

29
pandora_console/operation/reporting/reporting_xml.php
View File

@ -97,29 +97,12 @@ $filename = (string) get_parameter('filename');
$date_mode = get_parameter('date_mode', 'none');
$period = null;
switch ($date_mode) {
case 'none':
case 'end_time':
// Get different date to search the report.
$date = (string) get_parameter('date', date('Y-m-j'));
$time = (string) get_parameter('time', date('h:iA'));
break;
case 'init_and_end_time':
// Get different date to search the report.
$date = (string) get_parameter('date', date('Y-m-j'));
$time = (string) get_parameter('time', date('h:iA'));
// Calculations in order to modify init date of the report
$date_init_less = (strtotime(date('Y-m-j')) - SECONDS_1DAY);
$date_init = get_parameter('date_init', date('Y-m-j', $date_init_less));
$time_init = get_parameter('time_init', date('h:iA'));
$datetime_init = strtotime($date_init.' '.$time_init);
$period = (strtotime($date.' '.$time) - $datetime_init);
break;
$date_init = get_parameter('date_init', '');
if (empty($date_init) === false) {
$date_end = get_parameter('date_end', time());
$period = ($date_end - $date_init);
$date = date('Y-m-d', $date_end);
$time = date('H:i:s', $date_end);
}