Skip to content
Permalink
Browse files

choose whether to download STIG supplementary material

  • Loading branch information
squinky86 committed Feb 12, 2020
1 parent 4f6c0f1 commit 3e0dcddd0c9d21d07ae630a0009934b265c5ce1e
Showing with 162 additions and 25 deletions.
  1. +30 −6 src/dbmanager.cpp
  2. +1 −1 src/dbmanager.h
  3. +8 −0 src/main.cpp
  4. +19 −0 src/stigqter.cpp
  5. +1 −0 src/stigqter.h
  6. +41 −10 src/stigqter.ui
  7. +38 −5 src/workerstigadd.cpp
  8. +3 −1 src/workerstigadd.h
  9. +17 −2 src/workerstigdownload.cpp
  10. +4 −0 src/workerstigdownload.h
@@ -504,15 +504,17 @@ bool DbManager::AddFamily(const QString &acronym, const QString &description)
* @brief DbManager::AddSTIG
* @param stig
* @param checks
* @return @c True when the @a STIG and its @a STIGChecks are added
* to the database, @c false when the any part of the data have not
* been added.
* @param supplements
* @param stigExists
* @return @c True when the @a STIG, its @a STIGChecks, and its
* @a Supplements are added to the database, @c false when the any
* part of the data have not been added.
*
* When @a stigExists is @c true, the @a STIGChecks are added to the
* existing @a STIG already in the database. Otherwise, if the
* @a STIG already exists, the @a STIGChecks are not added.
*/
bool DbManager::AddSTIG(STIG &stig, QVector<STIGCheck> checks, bool stigExists)
bool DbManager::AddSTIG(STIG &stig, const QVector<STIGCheck> &checks, const QVector<Supplement> &supplements, bool stigExists)
{
QSqlDatabase db;
bool ret = false;
@@ -626,6 +628,18 @@ bool DbManager::AddSTIG(STIG &stig, QVector<STIGCheck> checks, bool stigExists)
}
}
}

Q_FOREACH(auto supplement, supplements)
{
newChecks = true;
q.prepare(QStringLiteral("INSERT INTO Supplement (`STIGId`, `path`, `contents`) VALUES(:STIGId, :path, :contents)"));
q.bindValue(QStringLiteral(":STIGId"), stig.id);
q.bindValue(QStringLiteral(":path"), supplement.path);
q.bindValue(QStringLiteral(":contents"), supplement.contents);
ret = q.exec() && ret;
Log(6, QStringLiteral("AddAsset-Supplement"), q);
}

//restore the old value of the "delayed commit" feature
if (!delayed)
{
@@ -828,8 +842,12 @@ bool DbManager::DeleteSTIG(int id)
Log(6, QStringLiteral("DeleteSTIG-STIGCheckCCI"), q);
q.prepare(QStringLiteral("DELETE FROM STIGCheck WHERE STIGId = :STIGId"));
q.bindValue(QStringLiteral(":STIGId"), id);
ret = q.exec() && ret; //q.exec() first toavoid short-circuit evaluation
ret = q.exec() && ret;
Log(6, QStringLiteral("DeleteSTIG-STIGCheck"), q);
q.prepare(QStringLiteral("DELETE FROM Supplement WHERE STIGId = :STIGId"));
q.bindValue(QStringLiteral(":STIGId"), id);
ret = q.exec() && ret;
Log(6, QStringLiteral("DeleteSTIG-Supplement"), q);
q.prepare(QStringLiteral("DELETE FROM STIG WHERE id = :id"));
q.bindValue(QStringLiteral(":id"), id);
ret = q.exec() && ret;
@@ -2663,8 +2681,14 @@ bool DbManager::UpdateDatabaseFromVersion(int version)
"FOREIGN KEY(`STIGId`) REFERENCES `STIG`(`id`)"
")"));
ret = q.exec() && ret;
ret = UpdateVariable("version", "2") && ret;
q.prepare(QStringLiteral("INSERT INTO variables (name, value) VALUES(:name, :value)"));
q.bindValue(QStringLiteral(":name"), QStringLiteral("indexSupplements"));
q.bindValue(QStringLiteral(":value"), QStringLiteral("n"));
ret = q.exec() && ret;
q.bindValue(QStringLiteral(":name"), QStringLiteral("quarterly"));
q.bindValue(QStringLiteral(":value"), QStringLiteral("https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_SRG-STIG_Library_2020_01.zip"));
ret = q.exec() && ret;
ret = UpdateVariable(QStringLiteral("version"), QStringLiteral("2")) && ret;
}
}
return ret;
@@ -52,7 +52,7 @@ class DbManager
bool AddCCI(CCI &cci);
bool AddControl(const QString &control, const QString &title, const QString &description);
bool AddFamily(const QString &acronym, const QString &description);
bool AddSTIG(STIG &stig, QVector<STIGCheck> checks, bool stigExists = false);
bool AddSTIG(STIG &stig, const QVector<STIGCheck> &checks, const QVector<Supplement> &supplements = {}, bool stigExists = false);
bool AddSTIGToAsset(const STIG &stig, const Asset &asset);

bool DeleteAsset(int id);
@@ -82,6 +82,14 @@ int main(int argc, char *argv[])
a.processEvents();
}

std::cout << "Test " << ++onTest << ": Include STIG Supplements" << std::endl;
QMetaObject::invokeMethod(&w, "SupplementsChanged", Qt::DirectConnection, Q_ARG(Qt::CheckState, Qt::Checked));
while (!w.isProcessingEnabled())
{
QThread::sleep(1);
a.processEvents();
}

std::cout << "Test " << ++onTest << ": Index STIGs" << std::endl;
QMetaObject::invokeMethod(&w, "DownloadSTIGs", Qt::DirectConnection);
while (!w.isProcessingEnabled())
@@ -111,6 +111,9 @@ STIGQter::STIGQter(QWidget *parent) :
DbManager db;
ui->lblDBLoc->setText(QStringLiteral("DB: ") + db.GetDBPath());

//remember if we're indexing STIG checks
ui->cbIncludeSupplements->setChecked(db.GetVariable("indexSupplements").startsWith(QStringLiteral("y"), Qt::CaseInsensitive));

//check version number
auto *t = new QThread;
auto *c = new WorkerCheckVersion();
@@ -648,6 +651,7 @@ void STIGQter::AddSTIGs()
_updatedSTIGs = true;
auto *s = new WorkerSTIGAdd();
s->AddSTIGs(fileNames);
s->SetEnableSupplements(ui->cbIncludeSupplements->isChecked());

ConnectThreads(s)->start();
}
@@ -734,6 +738,7 @@ void STIGQter::DownloadSTIGs()

//Create thread to download CCIs and keep GUI active
auto *s = new WorkerSTIGDownload();
s->SetEnableSupplements(ui->cbIncludeSupplements->isChecked());

ConnectThreads(s)->start();
}
@@ -996,6 +1001,18 @@ void STIGQter::ShowMessage(const QString &title, const QString &message)
Warning(title, message);
}

/**
* @brief STIGQter::SupplementsChanged
* @param checkState
*
* Handle when the user wants to index STIG supplementary data or not
*/
void STIGQter::SupplementsChanged(int checkState)
{
DbManager db;
db.UpdateVariable(QStringLiteral("indexSupplements"), checkState == Qt::Checked ? QStringLiteral("y") : QStringLiteral("n"));
}

/**
* @brief STIGQter::EnableInput
*
@@ -1035,6 +1052,7 @@ void STIGQter::EnableInput()
ui->btnDeleteEmassImport->setEnabled(isImport);
ui->btnImportCKL->setEnabled(true);
ui->btnMapUnmapped->setEnabled(isImport);
ui->cbIncludeSupplements->setEnabled(true);
ui->btnOpenCKL->setEnabled(ui->lstAssets->selectedItems().count() > 0);
ui->btnQuit->setEnabled(true);
ui->menubar->setEnabled(true);
@@ -1116,6 +1134,7 @@ void STIGQter::DisableInput()
ui->btnImportEmass->setEnabled(false);
ui->btnImportSTIGs->setEnabled(false);
ui->btnMapUnmapped->setEnabled(false);
ui->cbIncludeSupplements->setEnabled(false);
ui->btnOpenCKL->setEnabled(false);
ui->btnQuit->setEnabled(false);
ui->menubar->setEnabled(false);
@@ -76,6 +76,7 @@ private Q_SLOTS:
void SelectSTIG();
void StatusChange(const QString &status);
void ShowMessage(const QString &title, const QString &message);
void SupplementsChanged(int checkState);
void UpdateCCIs();

void Initialize(int max, int val = 0);
@@ -186,6 +186,20 @@
</item>
</layout>
</item>
<item>
<layout class="QHBoxLayout" name="horizontalLayout_7">
<item>
<widget class="QCheckBox" name="cbIncludeSupplements">
<property name="toolTip">
<string>Include Supplementary STIG Material for Editing STIGs</string>
</property>
<property name="text">
<string>Include STIG Supplements</string>
</property>
</widget>
</item>
</layout>
</item>
<item>
<layout class="QHBoxLayout" name="horizontalLayout_5">
<item>
@@ -511,7 +525,7 @@
<hints>
<hint type="sourcelabel">
<x>405</x>
<y>180</y>
<y>172</y>
</hint>
<hint type="destinationlabel">
<x>236</x>
@@ -527,7 +541,7 @@
<hints>
<hint type="sourcelabel">
<x>95</x>
<y>180</y>
<y>172</y>
</hint>
<hint type="destinationlabel">
<x>166</x>
@@ -591,7 +605,7 @@
<hints>
<hint type="sourcelabel">
<x>264</x>
<y>332</y>
<y>315</y>
</hint>
<hint type="destinationlabel">
<x>384</x>
@@ -607,7 +621,7 @@
<hints>
<hint type="sourcelabel">
<x>98</x>
<y>332</y>
<y>315</y>
</hint>
<hint type="destinationlabel">
<x>77</x>
@@ -622,8 +636,8 @@
<slot>SelectSTIG()</slot>
<hints>
<hint type="sourcelabel">
<x>304</x>
<y>302</y>
<x>315</x>
<y>285</y>
</hint>
<hint type="destinationlabel">
<x>271</x>
@@ -639,7 +653,7 @@
<hints>
<hint type="sourcelabel">
<x>179</x>
<y>332</y>
<y>315</y>
</hint>
<hint type="destinationlabel">
<x>196</x>
@@ -767,7 +781,7 @@
<hints>
<hint type="sourcelabel">
<x>324</x>
<y>180</y>
<y>172</y>
</hint>
<hint type="destinationlabel">
<x>273</x>
@@ -879,7 +893,7 @@
<hints>
<hint type="sourcelabel">
<x>455</x>
<y>332</y>
<y>315</y>
</hint>
<hint type="destinationlabel">
<x>362</x>
@@ -895,7 +909,7 @@
<hints>
<hint type="sourcelabel">
<x>374</x>
<y>332</y>
<y>315</y>
</hint>
<hint type="destinationlabel">
<x>242</x>
@@ -919,6 +933,22 @@
</hint>
</hints>
</connection>
<connection>
<sender>cbIncludeSupplements</sender>
<signal>stateChanged(int)</signal>
<receiver>STIGQter</receiver>
<slot>SupplementsChanged(int)</slot>
<hints>
<hint type="sourcelabel">
<x>241</x>
<y>332</y>
</hint>
<hint type="destinationlabel">
<x>242</x>
<y>309</y>
</hint>
</hints>
</connection>
</connections>
<slots>
<slot>UpdateCCIs()</slot>
@@ -946,5 +976,6 @@
<slot>MapUnmapped()</slot>
<slot>DownloadSTIGs()</slot>
<slot>FilterSTIGs(QString)</slot>
<slot>SupplementsChanged(int)</slot>
</slots>
</ui>
@@ -40,7 +40,8 @@
*
* Default constructor.
*/
WorkerSTIGAdd::WorkerSTIGAdd(QObject *parent) : Worker(parent)
WorkerSTIGAdd::WorkerSTIGAdd(QObject *parent) : Worker(parent),
_enableSupplements(false)
{
}

@@ -52,7 +53,7 @@ WorkerSTIGAdd::WorkerSTIGAdd(QObject *parent) : Worker(parent)
* Once a STIG is extracted, it is then parsed for STIGChecks and
* version information.
*/
void WorkerSTIGAdd::ParseSTIG(const QByteArray &stig, const QString &fileName)
void WorkerSTIGAdd::ParseSTIG(const QByteArray &stig, const QString &fileName, const QMap<QString, QByteArray> &supplements)
{
//should be the .xml file inside of the STIG .zip file here
auto *xml = new QXmlStreamReader(stig);
@@ -292,9 +293,23 @@ void WorkerSTIGAdd::ParseSTIG(const QByteArray &stig, const QString &fileName)
c.cciIds.clear();
}
delete xml;

QVector<Supplement> supplementsToAdd;

if (_enableSupplements)
{
Q_FOREACH(const QString key, supplements.keys())
{
Supplement sup;
sup.path = key;
sup.contents = supplements.value(key);
supplementsToAdd.append(sup);
}
}

//Sometimes the .zip file contains extraneous .xml files
if (checks.count() > 0)
db.AddSTIG(s, checks);
db.AddSTIG(s, checks, supplementsToAdd);
}

/**
@@ -309,6 +324,18 @@ void WorkerSTIGAdd::AddSTIGs(const QStringList &stigs)
_todo.append(stigs);
}

/**
* @brief WorkerSTIGAdd::SetEnableSupplements
* @param enableSupplements
*
* Sets whether to enable or disable importing the STIG supplementary
* material into the DB
*/
void WorkerSTIGAdd::SetEnableSupplements(bool enableSupplements)
{
_enableSupplements = enableSupplements;
}

/**
* @brief WorkerSTIGAdd::process
*
@@ -327,11 +354,17 @@ void WorkerSTIGAdd::process()
{
Q_EMIT updateStatus("Extracting " + s + "");
//get the list of XML files inside the STIG
QMap<QString, QByteArray> toParse = GetFilesFromZip(s, QStringLiteral(".xml"));
QMap<QString, QByteArray> toParse = GetFilesFromZip(s);

Q_EMIT updateStatus("Parsing " + s + "");
Q_FOREACH(const QString stig, toParse.keys())
{
ParseSTIG(toParse.value(stig), TrimFileName(stig));
if (stig.endsWith(QStringLiteral("-xccdf.xml"), Qt::CaseInsensitive))
{
QByteArray val = toParse.value(stig);
toParse.remove(stig);
ParseSTIG(val, TrimFileName(stig), toParse);
}
}
Q_EMIT progress(-1);
}
@@ -30,11 +30,13 @@ class WorkerSTIGAdd : public Worker

private:
QStringList _todo;
void ParseSTIG(const QByteArray &stig, const QString &fileName);
bool _enableSupplements;
void ParseSTIG(const QByteArray &stig, const QString &fileName, const QMap<QString, QByteArray> &supplements);

public:
explicit WorkerSTIGAdd(QObject *parent = nullptr);
void AddSTIGs(const QStringList &stigs);
void SetEnableSupplements(bool enableSupplements);

public Q_SLOTS:
void process();

0 comments on commit 3e0dcdd

Please sign in to comment.
You can’t perform that action at this time.