/**
* @param Request $request
* @return Response
*/
public function fileAction(Request $request, System $system)
{
$payload = file_get_contents('php://input');
$project = $this->getDoctrine()->getRepository('KoalamonIncidentDashboardBundle:Project')->findOneByApiKey($request->get("api_key"));
if ($project == null) {
return new JsonResponse(['status' => self::STATUS_FAILURE, 'message' => "No project with api_key " . $request->get("api_key") . ' found.']);
}
if ($project->isDeleted()) {
return new JsonResponse(['status' => self::STATUS_FAILURE, 'message' => 'Project already deleted.']);
}
/**
* Content of XML payload from ZAProxy result file
*
* site@name=uri
* site@host=domain
* alerts.alertitem.name string
* alerts.alertitem.alert string (seems to be same as name)
* alerts.alertitem.riskdesc string html encoded
* alerts.alertitem.riskcode integer 0-3
* alerts.alertitem.confidence integer 0-3
* alerts.alertitem.count integer
* alerts.alertitem.instances.instance.uri involved URIs
* alerts.alertitem.solution (long text) string html encoded
* alerts.alertitem.otherinfo (long text) string html encoded
* alerts.alertitem.reference string html encoded
* alerts.alertitem.cweid integer
* alerts.alertitem.wascid integer
*/
$xml = simplexml_load_string($payload);
$alerts = $xml->site->alerts->alertitem;
$alertCount = count($alerts);
$host = $xml->site['host'];
$alertMessage = 'Found security issues (' . $alertCount . ') on ' . $host . '<br/><ul>' . PHP_EOL;
foreach ($alerts as $alert) {
$alertMessage .= '<li>' . $alert->count . 'x ' . $alert->name . ' (' . $alert->riskdesc . ')</li>' . PHP_EOL;
}
$alertMessage .= '</ul>';
$event = new Event();
$event->setSystem($system);
$event->setStatus(self::STATUS_FAILURE);
$event->setMessage($alertMessage);
$event->setValue($alertCount);
$this->get('koalamon.project.helper')->addEvent($event);
return new Response();
}
public function closeAction(Incident $incident)
{
$this->assertUserRights(UserRole::ROLE_COLLABORATOR, $incident->getEventIdentifier()->getProject());
$eventIdentifier = $incident->getEventIdentifier();
$closeEvent = new Event();
$closeEvent->setEventIdentifier($eventIdentifier);
$closeEvent->setSystem($eventIdentifier->getSystem()->getIdentifier());
$closeEvent->setStatus(Event::STATUS_SUCCESS);
$closeEvent->setIsStatusChange(true);
$closeEvent->setUnique($eventIdentifier->getLastEvent()->isUnique());
$closeEvent->setType($eventIdentifier->getLastEvent()->getType());
$closeEvent->setComponentId($eventIdentifier->getLastEvent()->getComponentId());
$closeEvent->setMessage('Manually closed by ' . $this->getUser()->getUsername() . '.');
if (!$incident->getAcknowledgedBy()) {
$incident->setAcknowledgedBy($this->getUser());
}
$em = $this->getDoctrine()->getManager();
$em->persist($incident);
$em->flush();
$this->get('koalamon.project.helper')->addEvent($closeEvent);
return new JsonResponse(['status' => 'success', 'message' => 'The incident was closed successfully.', 'event_identifier_id' => $eventIdentifier->getId()]);
}
