function update_risk_scoring($id, $scoring_method, $likelihood, $impact, $CVSS_AccessVector, $CVSS_AccessComplexity, $CVSS_Authentication, $CVSS_ConfImpact, $CVSS_IntegImpact, $CVSS_AvailImpact, $CVSS_Exploitability, $CVSS_RemediationLevel, $CVSS_ReportConfidence, $CVSS_CollateralDamagePotential, $CVSS_TargetDistribution, $CVSS_ConfidentialityRequirement, $CVSS_IntegrityRequirement, $CVSS_AvailabilityRequirement) { // Subtract 1000 from the id $id = $id - 1000; // Open the database connection $db = db_open(); // If the scoring method is classic (1) if ($scoring_method == 1) { // Calculate the risk via classic method $calculated_risk = calculate_risk($impact, $likelihood); } else { if ($scoring_method == 2) { // Calculate the risk via cvss method $calculated_risk = calculate_cvss_score($CVSS_AccessVector, $CVSS_AccessComplexity, $CVSS_Authentication, $CVSS_ConfImpact, $CVSS_IntegImpact, $CVSS_AvailImpact, $CVSS_Exploitability, $CVSS_RemediationLevel, $CVSS_ReportConfidence, $CVSS_CollateralDamagePotential, $CVSS_TargetDistribution, $CVSS_ConfidentialityRequirement, $CVSS_IntegrityRequirement, $CVSS_AvailabilityRequirement); } else { return false; } } // Update the risk $stmt = $db->prepare("UPDATE risk_scoring SET scoring_method=:scoring_method, calculated_risk=:calculated_risk, CLASSIC_likelihood=:CLASSIC_likelihood, CLASSIC_impact=:CLASSIC_impact, CVSS_AccessVector=:CVSS_AccessVector, CVSS_AccessComplexity=:CVSS_AccessComplexity, CVSS_Authentication=:CVSS_Authentication, CVSS_ConfImpact=:CVSS_ConfImpact, CVSS_IntegImpact=:CVSS_IntegImpact, CVSS_AvailImpact=:CVSS_AvailImpact, CVSS_Exploitability=:CVSS_Exploitability, CVSS_RemediationLevel=:CVSS_RemediationLevel, CVSS_ReportConfidence=:CVSS_ReportConfidence, CVSS_CollateralDamagePotential=:CVSS_CollateralDamagePotential, CVSS_TargetDistribution=:CVSS_TargetDistribution, CVSS_ConfidentialityRequirement=:CVSS_ConfidentialityRequirement, CVSS_IntegrityRequirement=:CVSS_IntegrityRequirement, CVSS_AvailabilityRequirement=:CVSS_AvailabilityRequirement WHERE id=:id"); $stmt->bindParam(":id", $id, PDO::PARAM_INT); $stmt->bindParam(":scoring_method", $scoring_method, PDO::PARAM_STR, 10); $stmt->bindParam(":calculated_risk", $calculated_risk, PDO::PARAM_STR); $stmt->bindParam(":CLASSIC_likelihood", $likelihood, PDO::PARAM_INT); $stmt->bindParam(":CLASSIC_impact", $impact, PDO::PARAM_INT); $stmt->bindParam(":CVSS_AccessVector", $CVSS_AccessVector, PDO::PARAM_STR); $stmt->bindParam(":CVSS_AccessComplexity", $CVSS_AccessComplexity, PDO::PARAM_STR); $stmt->bindParam(":CVSS_Authentication", $CVSS_Authentication, PDO::PARAM_STR); $stmt->bindParam(":CVSS_ConfImpact", $CVSS_ConfImpact, PDO::PARAM_STR); $stmt->bindParam(":CVSS_IntegImpact", $CVSS_IntegImpact, PDO::PARAM_STR); $stmt->bindParam(":CVSS_AvailImpact", $CVSS_AvailImpact, PDO::PARAM_STR); $stmt->bindParam(":CVSS_Exploitability", $CVSS_Exploitability, PDO::PARAM_STR); $stmt->bindParam(":CVSS_RemediationLevel", $CVSS_RemediationLevel, PDO::PARAM_STR); $stmt->bindParam(":CVSS_ReportConfidence", $CVSS_ReportConfidence, PDO::PARAM_STR); $stmt->bindParam(":CVSS_CollateralDamagePotential", $CVSS_CollateralDamagePotential, PDO::PARAM_STR); $stmt->bindParam(":CVSS_TargetDistribution", $CVSS_TargetDistribution, PDO::PARAM_STR); $stmt->bindParam(":CVSS_ConfidentialityRequirement", $CVSS_ConfidentialityRequirement, PDO::PARAM_STR); $stmt->bindParam(":CVSS_IntegrityRequirement", $CVSS_IntegrityRequirement, PDO::PARAM_STR); $stmt->bindParam(":CVSS_AvailabilityRequirement", $CVSS_AvailabilityRequirement, PDO::PARAM_STR); $stmt->execute(); // Close the database connection db_close($db); return $calculated_risk; }
$stmt = $db->prepare("ALTER TABLE `closures` ADD `user_id` INT( 11 ) NOT NULL AFTER `risk_id`"); $stmt->execute(); // Don't need the risk lookup table anymore echo "Removing the risk lookup table as we don't need it anymore.<br />\n"; $stmt = $db->prepare("DROP TABLE `risk_lookup`"); $stmt->execute(); // Get all risk ids, likelihoods, and impacts echo "Copying current likelihoods and impacts into new risk_scoring table.<br />\n"; $stmt = $db->prepare("SELECT id, likelihood, impact FROM risks"); $stmt->execute(); $array = $stmt->fetchAll(); foreach ($array as $risk) { $id = $risk['id']; $likelihood = $risk['likelihood']; $impact = $risk['impact']; $calculated_risk = calculate_risk($impact, $likelihood); echo "Copying risk ID " . $id . ".<br />\n"; $stmt = $db->prepare("INSERT INTO `risk_scoring` (`id`, `scoring_method`, `calculated_risk`, `CLASSIC_likelihood`, `CLASSIC_impact`) VALUES (:id, 1, :calculated_risk, :likelihood, :impact)"); $stmt->bindParam(":id", $id, PDO::PARAM_INT); $stmt->bindParam(":calculated_risk", $calculated_risk, PDO::PARAM_INT); $stmt->bindParam(":likelihood", $likelihood, PDO::PARAM_INT); $stmt->bindParam(":impact", $impact, PDO::PARAM_INT); $stmt->execute(); } // Don't track likelihood and impact in the risks table echo "Removing likelihood and impact from the risks table.<br />\n"; $stmt = $db->prepare("\n\t\t\t\tALTER TABLE `risks` DROP `likelihood` ,\n\t\t\t\tDROP `impact` ;\n\t\t\t"); $stmt->execute(); // Create a new table to track project association echo "Creating a new table to track project associations.<br />\n"; $stmt = $db->prepare("\n\t\t\t\tCREATE TABLE `projects` (\n\t\t\t\t`value` INT NOT NULL AUTO_INCREMENT PRIMARY KEY ,\n\t\t\t\t`name` VARCHAR( 100 ) NOT NULL ,\n\t\t\t\t`order` INT NOT NULL DEFAULT '999999'\n\t\t\t\t) ENGINE = MYISAM ;\n\t\t\t");