/** * @param Request $request * @return Response */ public function fileAction(Request $request, System $system) { $payload = file_get_contents('php://input'); $project = $this->getDoctrine()->getRepository('KoalamonIncidentDashboardBundle:Project')->findOneByApiKey($request->get("api_key")); if ($project == null) { return new JsonResponse(['status' => self::STATUS_FAILURE, 'message' => "No project with api_key " . $request->get("api_key") . ' found.']); } if ($project->isDeleted()) { return new JsonResponse(['status' => self::STATUS_FAILURE, 'message' => 'Project already deleted.']); } /** * Content of XML payload from ZAProxy result file * * site@name=uri * site@host=domain * alerts.alertitem.name string * alerts.alertitem.alert string (seems to be same as name) * alerts.alertitem.riskdesc string html encoded * alerts.alertitem.riskcode integer 0-3 * alerts.alertitem.confidence integer 0-3 * alerts.alertitem.count integer * alerts.alertitem.instances.instance.uri involved URIs * alerts.alertitem.solution (long text) string html encoded * alerts.alertitem.otherinfo (long text) string html encoded * alerts.alertitem.reference string html encoded * alerts.alertitem.cweid integer * alerts.alertitem.wascid integer */ $xml = simplexml_load_string($payload); $alerts = $xml->site->alerts->alertitem; $alertCount = count($alerts); $host = $xml->site['host']; $alertMessage = 'Found security issues (' . $alertCount . ') on ' . $host . '<br/><ul>' . PHP_EOL; foreach ($alerts as $alert) { $alertMessage .= '<li>' . $alert->count . 'x ' . $alert->name . ' (' . $alert->riskdesc . ')</li>' . PHP_EOL; } $alertMessage .= '</ul>'; $event = new Event(); $event->setSystem($system); $event->setStatus(self::STATUS_FAILURE); $event->setMessage($alertMessage); $event->setValue($alertCount); $this->get('koalamon.project.helper')->addEvent($event); return new Response(); }
public function closeAction(Incident $incident) { $this->assertUserRights(UserRole::ROLE_COLLABORATOR, $incident->getEventIdentifier()->getProject()); $eventIdentifier = $incident->getEventIdentifier(); $closeEvent = new Event(); $closeEvent->setEventIdentifier($eventIdentifier); $closeEvent->setSystem($eventIdentifier->getSystem()->getIdentifier()); $closeEvent->setStatus(Event::STATUS_SUCCESS); $closeEvent->setIsStatusChange(true); $closeEvent->setUnique($eventIdentifier->getLastEvent()->isUnique()); $closeEvent->setType($eventIdentifier->getLastEvent()->getType()); $closeEvent->setComponentId($eventIdentifier->getLastEvent()->getComponentId()); $closeEvent->setMessage('Manually closed by ' . $this->getUser()->getUsername() . '.'); if (!$incident->getAcknowledgedBy()) { $incident->setAcknowledgedBy($this->getUser()); } $em = $this->getDoctrine()->getManager(); $em->persist($incident); $em->flush(); $this->get('koalamon.project.helper')->addEvent($closeEvent); return new JsonResponse(['status' => 'success', 'message' => 'The incident was closed successfully.', 'event_identifier_id' => $eventIdentifier->getId()]); }