├── debian
    ├── compat
    ├── source
    │   └── format
    ├── dirs
    ├── watch
    ├── stigqter.install
    ├── menu
    ├── changelog
    ├── rules
    ├── control
    └── copyright
├── gentoo
    ├── profiles
    │   └── repo_name
    ├── metadata
    │   └── layout.conf
    ├── app-forensics
    │   └── stigqter
    │   │   ├── stigqter-1.2.6.ebuild
    │   │   └── stigqter-1.2.7.ebuild
    └── dev-libs
    │   └── libxlsxwriter
    │       └── libxlsxwriter-1.1.5.ebuild
├── STIGQter.rc
├── doc
    ├── STIGQter Assess Only STIG List.txt
    ├── images
    │   ├── main-01.png
    │   ├── main-02.png
    │   └── STIGQter.pdf
    ├── sources.bib
    ├── build.sh
    ├── se.tex
    ├── mp.tex
    └── ps.tex
├── src
    ├── STIGQter.ico
    ├── help.h
    ├── workerccidelete.h
    ├── workermapunmapped.h
    ├── workercheckversion.h
    ├── workerstigdelete.h
    ├── workercmrsexport.h
    ├── workercklupgrade.h
    ├── workeremassreport.h
    ├── workerimportemass.h
    ├── workerfindingsreport.h
    ├── workerstigdownload.h
    ├── workercciadd.h
    ├── workerimportemasscontrol.h
    ├── family.h
    ├── workerpoamreport.h
    ├── workerassetdelete.h
    ├── workerassetadd.h
    ├── help.cpp
    ├── workercklimport.h
    ├── workercklexport.h
    ├── workerhtml.h
    ├── supplement.h
    ├── worker.h
    ├── workerstigadd.h
    ├── workerckl.h
    ├── tabviewwidget.h
    ├── stigedit.h
    ├── stig.h
    ├── common.h
    ├── workerccidelete.cpp
    ├── workerstigdelete.cpp
    ├── cklcheck.h
    ├── control.h
    ├── cci.h
    ├── supplement.cpp
    ├── workercheckversion.cpp
    ├── stigcheck.h
    ├── tabviewwidget.cpp
    ├── STIGQter.svg
    ├── worker.cpp
    ├── assetview.h
    ├── workerassetdelete.cpp
    ├── asset.h
    ├── family.cpp
    ├── workermapunmapped.cpp
    ├── workerstigdownload.cpp
    ├── stigqter.h
    ├── workercklupgrade.cpp
    ├── control.cpp
    ├── workercklexport.cpp
    ├── workerassetadd.cpp
    ├── asset.cpp
    ├── cci.cpp
    ├── stig.cpp
    ├── dbmanager.h
    └── cklcheck.cpp
├── tests
    ├── emassTRImport.xlsx
    ├── U_ASD_V5R1_STIG.zip
    ├── U_ASD_V5R2_STIG.zip
    └── xccdf_lol.xml
├── STIGQter.desktop
├── lgtm.yml
├── README.md
├── SECURITY.md
├── STIGQter-Win64.nsi
├── .github
    └── workflows
    │   ├── codeql-analysis.yml
    │   ├── debian.yml
    │   └── sonarcloud.yml
├── CHANGES.md
├── appveyor.yml
├── STIGQter.pro
└── LICENSE.spdx


/debian/compat:
--------------------------------------------------------------------------------
1 | 12
2 | 


--------------------------------------------------------------------------------
/debian/source/format:
--------------------------------------------------------------------------------
1 | 3.0 (quilt)
2 | 


--------------------------------------------------------------------------------
/gentoo/profiles/repo_name:
--------------------------------------------------------------------------------
1 | STIGQter
2 | 


--------------------------------------------------------------------------------
/debian/dirs:
--------------------------------------------------------------------------------
1 | usr/bin
2 | usr/share/applications
3 | 


--------------------------------------------------------------------------------
/gentoo/metadata/layout.conf:
--------------------------------------------------------------------------------
1 | repo-name = STIGQter
2 | masters = gentoo
3 | 


--------------------------------------------------------------------------------
/STIGQter.rc:
--------------------------------------------------------------------------------
1 | IDI_ICON1               ICON    DISCARDABLE     "src/STIGQter.ico"
2 | 


--------------------------------------------------------------------------------
/doc/STIGQter Assess Only STIG List.txt:
--------------------------------------------------------------------------------
1 | Application Security and Development
2 | 


--------------------------------------------------------------------------------
/src/STIGQter.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/squinky86/STIGQter/HEAD/src/STIGQter.ico


--------------------------------------------------------------------------------
/doc/images/main-01.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/squinky86/STIGQter/HEAD/doc/images/main-01.png


--------------------------------------------------------------------------------
/doc/images/main-02.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/squinky86/STIGQter/HEAD/doc/images/main-02.png


--------------------------------------------------------------------------------
/doc/images/STIGQter.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/squinky86/STIGQter/HEAD/doc/images/STIGQter.pdf


--------------------------------------------------------------------------------
/tests/emassTRImport.xlsx:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/squinky86/STIGQter/HEAD/tests/emassTRImport.xlsx


--------------------------------------------------------------------------------
/debian/watch:
--------------------------------------------------------------------------------
1 | version=3
2 | https://github.com/squinky86/STIGQter/tags .*/archive/[a-z](\d\S*)\.tar\.gz
3 | 


--------------------------------------------------------------------------------
/tests/U_ASD_V5R1_STIG.zip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/squinky86/STIGQter/HEAD/tests/U_ASD_V5R1_STIG.zip


--------------------------------------------------------------------------------
/tests/U_ASD_V5R2_STIG.zip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/squinky86/STIGQter/HEAD/tests/U_ASD_V5R2_STIG.zip


--------------------------------------------------------------------------------
/debian/stigqter.install:
--------------------------------------------------------------------------------
1 | STIGQter usr/bin
2 | STIGQter.desktop usr/share/applications
3 | src/STIGQter.ico usr/share/pixmaps
4 | 


--------------------------------------------------------------------------------
/debian/menu:
--------------------------------------------------------------------------------
1 | ?package(stigqter):needs="x11" \
2 |       section="Applications/Utilities" \
3 |       title="STIGQter" \
4 |       command="/usr/bin/STIGQter"
5 | 


--------------------------------------------------------------------------------
/debian/changelog:
--------------------------------------------------------------------------------
1 | stigqter (1.2.5-1) stable; urgency=medium
2 | 
3 |   * Bugfix Release
4 | 
5 |  -- Jon Hood <jwh0011@auburn.edu>  Wed, 23 Nov 2022 11:07:42 -0600
6 | 


--------------------------------------------------------------------------------
/debian/rules:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/make -f
 2 | export QT_SELECT := qt5
 3 | 
 4 | %:
 5 | 	dh $@
 6 | 
 7 | #override_dh_auto_build:
 8 | #	dh_auto_build
 9 | #	cd doc && ./build.sh
10 | 


--------------------------------------------------------------------------------
/doc/sources.bib:
--------------------------------------------------------------------------------
1 | @article{preston2013semantic,
2 |   title={Semantic Versioning 2.0.0},
3 |   author={Preston-Werner, Tom},
4 |   url={http://semver.org},
5 |   year={2013}
6 | }
7 | 


--------------------------------------------------------------------------------
/STIGQter.desktop:
--------------------------------------------------------------------------------
 1 | [Desktop Entry]
 2 | Version=1.1
 3 | Type=Application
 4 | Terminal=false
 5 | Name=STIGQter
 6 | Exec=STIGQter
 7 | Comment=Open-Source STIGViewer Reimplementation in Qt
 8 | Icon=STIGQter
 9 | StartupNotify=false
10 | Encoding=UTF-8
11 | Categories=Qt;Security
12 | 


--------------------------------------------------------------------------------
/lgtm.yml:
--------------------------------------------------------------------------------
 1 | queries:
 2 |   - include: "*"
 3 | 
 4 | extraction:
 5 |   cpp:
 6 |     after_prepare:    # Customizable step used by all languages.
 7 |       - wget https://github.com/jmcnamara/libxlsxwriter/archive/RELEASE_1.0.0.tar.gz
 8 |       - tar -zxf RELEASE_1.0.0.tar.gz
 9 |       - pushd libxlsxwriter-RELEASE_1.0.0 && make -j3 && popd
10 |     configure:
11 |       command:
12 |         - echo "LIBS += -L/opt/src/libxlsxwriter-RELEASE_1.0.0/lib" >> STIGQter.pro
13 |         - echo "INCLUDEPATH += /opt/src/libxlsxwriter-RELEASE_1.0.0/include" >> STIGQter.pro
14 |         - qmake STIGQter.pro
15 | 


--------------------------------------------------------------------------------
/debian/control:
--------------------------------------------------------------------------------
 1 | Source: stigqter
 2 | Maintainer: Jon Hood <jwh0011@auburn.edu>
 3 | Section: utils
 4 | Priority: optional
 5 | Build-Depends: libxlsxwriter, libzip-dev, qtbase5-dev, qtbase5-dev-tools, qt5-qmake, zlib1g-dev
 6 | Homepage: https://github.com/squinky86/STIGQter
 7 | 
 8 | Package: stigqter
 9 | Architecture: all
10 | Depends: libqt5gui5, libqt5widgets5, libqt5core5a, libxlsxwriter, libzip, ${misc:Depends}, ${shlibs:Depends}
11 | Description: Open Source STIGViewer Reimplementation.
12 |  STIGQter is a STIG Compliance database to manage checklist files and
13 |  compliance information. It supports report generation and eMASS integration
14 |  to foster an easier validation event.
15 |  It is licensed under the GPL version 3.
16 | 


--------------------------------------------------------------------------------
/debian/copyright:
--------------------------------------------------------------------------------
 1 | Copyright © 2018–2021 Jon Hood, http://www.hoodsecurity.com/
 2 | 
 3 | This program is free software: you can redistribute it and/or modify
 4 | it under the terms of the GNU General Public License as published by
 5 | the Free Software Foundation, either version 3 of the License, or
 6 | (at your option) any later version.
 7 | 
 8 | This program is distributed in the hope that it will be useful,
 9 | but WITHOUT ANY WARRANTY; without even the implied warranty of
10 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
11 | GNU General Public License for more details.
12 | 
13 | You should have received a copy of the GNU General Public License
14 | along with this program.  If not, see <http://www.gnu.org/licenses/>.
15 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # STIGQter
 2 | 
 3 | [STIGQter](https://www.stigqter.com/) is an open-source reimplementation of DISA's STIG Viewer. It is used to generate STIG Checklist files (CKLs) and build finding reports. These reports can then be used to determine compliance in eMASS.
 4 | 
 5 | ## Installation
 6 | 
 7 | Only the source package is supported. To help with implementations, different installation options are provided:
 8 | *   64-bit Windows standalone binary and installer (tested on Windows 10)
 9 | *   ebuilds for Gentoo Linux (tested on unstable ~amd64)
10 | *   64-bit Debian packages (tested on Ubuntu and Kali)
11 | 
12 | The source has the following dependencies (with minimum version numbers):
13 | *   [libzip 1.5.1](https://libzip.org/)
14 | *   [libxlsxwriter 0.8](https://libxlsxwriter.github.io/)
15 | *   [Qt 6.0 (with OpenSSL support)](https://www.qt.io/)
16 | 
17 | ## Authors
18 | 
19 | *   Jon Hood (squinky86)
20 | 
21 | ## License
22 | 
23 | [GPL v3](https://www.gnu.org/licenses/gpl-3.0.en.html)
24 | 


--------------------------------------------------------------------------------
/SECURITY.md:
--------------------------------------------------------------------------------
 1 | # Security Policy
 2 | 
 3 | ## Supported Versions
 4 | 
 5 | | Version | Supported          |
 6 | | ------- | ------------------ |
 7 | | 1.x     | :white_check_mark: |
 8 | | 0.x     | :x:                |
 9 | 
10 | ## Reporting a Vulnerability
11 | 
12 | Any security vulnerabilities should be brought to the attention of the STIGQter team. Two options exist for reporting a security concern:
13 | 
14 | 1.  File an issue on github requesting that someone reach out to you with an encryption key
15 | 2.  Reach out to squinky86 directly (jwh0011@auburn.edu)
16 | 
17 | An option for a private encryption key to continue security discussions will be provided within 72 hours.
18 | 
19 | ## Triage and Disclosure
20 | 
21 | Security issues receive the highest triage priority. Any security issues will be addressed, and a CVE will be requested for issues that rise to a moderate or higher level. In the event of disagreements on issue severity, the STIGQter team requests a 60-day triage period to resolve any issues before going through public disclosure.
22 | 


--------------------------------------------------------------------------------
/gentoo/app-forensics/stigqter/stigqter-1.2.6.ebuild:
--------------------------------------------------------------------------------
 1 | # Copyright 1999-2023 Gentoo Foundation
 2 | # Distributed under the terms of the GNU General Public License v2
 3 | 
 4 | EAPI=8
 5 | 
 6 | inherit qmake-utils desktop
 7 | 
 8 | DESCRIPTION="STIGQter is an open-source reimplementation of DISA's STIG Viewer."
 9 | HOMEPAGE="https://www.stigqter.com/"
10 | SRC_URI="https://github.com/squinky86/STIGQter/archive/${PV}.tar.gz -> ${P}.tar.gz"
11 | 
12 | LICENSE="GPL-3"
13 | SLOT="0"
14 | KEYWORDS="~amd64 ~x86"
15 | IUSE="doc"
16 | 
17 | MY_PN="STIGQter"
18 | S="${WORKDIR}/${MY_PN}-${PV}"
19 | 
20 | CDEPEND="
21 | 	>=dev-libs/libxlsxwriter-0.8
22 | 	>=dev-libs/libzip-1.3
23 | 	>=dev-qt/qtgui-5"
24 | DEPEND="${CDEPEND}
25 | 	sys-libs/zlib
26 | 	doc? (
27 | 		dev-texlive/texlive-luatex
28 | 		dev-texlive/texlive-fontsextra
29 | 		dev-tex/biber
30 | 	)"
31 | RDEPEND="${CDEPEND}
32 | 	>=dev-libs/openssl-1"
33 | 
34 | src_configure() {
35 | 	eqmake5 ${MY_PN}.pro -r PREFIX="/usr"
36 | }
37 | 
38 | src_compile() {
39 | 	default
40 | 	use doc && pushd doc && ./build.sh && popd
41 | }
42 | 
43 | src_install() {
44 | 	emake INSTALL_ROOT="${D}" install
45 | 	doicon src/STIGQter.svg
46 | 	domenu STIGQter.desktop
47 | 	use doc && dodoc doc/UsersGuide.pdf
48 | }
49 | 


--------------------------------------------------------------------------------
/gentoo/app-forensics/stigqter/stigqter-1.2.7.ebuild:
--------------------------------------------------------------------------------
 1 | # Copyright 1999-2023 Gentoo Foundation
 2 | # Distributed under the terms of the GNU General Public License v2
 3 | 
 4 | EAPI=8
 5 | 
 6 | inherit qmake-utils desktop
 7 | 
 8 | DESCRIPTION="STIGQter is an open-source reimplementation of DISA's STIG Viewer."
 9 | HOMEPAGE="https://www.stigqter.com/"
10 | SRC_URI="https://github.com/squinky86/STIGQter/archive/${PV}.tar.gz -> ${P}.tar.gz"
11 | 
12 | LICENSE="GPL-3"
13 | SLOT="0"
14 | KEYWORDS="~amd64 ~x86"
15 | IUSE="doc"
16 | 
17 | MY_PN="STIGQter"
18 | S="${WORKDIR}/${MY_PN}-${PV}"
19 | 
20 | CDEPEND="
21 | 	>=dev-libs/libxlsxwriter-0.8
22 | 	>=dev-libs/libzip-1.3
23 | 	>=dev-qt/qtgui-5"
24 | DEPEND="${CDEPEND}
25 | 	sys-libs/zlib
26 | 	doc? (
27 | 		dev-texlive/texlive-luatex
28 | 		dev-texlive/texlive-fontsextra
29 | 		dev-tex/biber
30 | 	)"
31 | RDEPEND="${CDEPEND}
32 | 	>=dev-libs/openssl-1"
33 | 
34 | src_configure() {
35 | 	eqmake5 ${MY_PN}.pro -r PREFIX="/usr"
36 | }
37 | 
38 | src_compile() {
39 | 	default
40 | 	use doc && pushd doc && ./build.sh && popd
41 | }
42 | 
43 | src_install() {
44 | 	emake INSTALL_ROOT="${D}" install
45 | 	doicon src/STIGQter.svg
46 | 	domenu STIGQter.desktop
47 | 	use doc && dodoc doc/UsersGuide.pdf
48 | }
49 | 


--------------------------------------------------------------------------------
/src/help.h:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * STIGQter - STIG fun with Qt
 3 |  *
 4 |  * Copyright © 2018–2023 Jon Hood, http://www.hoodsecurity.com/
 5 |  *
 6 |  * This program is free software: you can redistribute it and/or modify
 7 |  * it under the terms of the GNU General Public License as published by
 8 |  * the Free Software Foundation, either version 3 of the License, or
 9 |  * (at your option) any later version.
10 |  *
11 |  * This program is distributed in the hope that it will be useful,
12 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14 |  * GNU General Public License for more details.
15 |  *
16 |  * You should have received a copy of the GNU General Public License
17 |  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
18 |  */
19 | 
20 | #ifndef HELP_H
21 | #define HELP_H
22 | 
23 | #include <QWidget>
24 | #include <QWidgetAction>
25 | 
26 | namespace Ui {
27 | class Help;
28 | }
29 | 
30 | class Help : public QWidget
31 | {
32 |     Q_OBJECT
33 | 
34 | public:
35 |     explicit Help(QWidget *parent = nullptr);
36 |     ~Help();
37 | 
38 | private:
39 |     Ui::Help *ui;
40 | };
41 | 
42 | #endif // HELP_H
43 | 


--------------------------------------------------------------------------------
/src/workerccidelete.h:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * STIGQter - STIG fun with Qt
 3 |  *
 4 |  * Copyright © 2018–2023 Jon Hood, http://www.hoodsecurity.com/
 5 |  *
 6 |  * This program is free software: you can redistribute it and/or modify
 7 |  * it under the terms of the GNU General Public License as published by
 8 |  * the Free Software Foundation, either version 3 of the License, or
 9 |  * (at your option) any later version.
10 |  *
11 |  * This program is distributed in the hope that it will be useful,
12 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14 |  * GNU General Public License for more details.
15 |  *
16 |  * You should have received a copy of the GNU General Public License
17 |  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
18 |  */
19 | 
20 | #ifndef WORKERCCIDELETE_H
21 | #define WORKERCCIDELETE_H
22 | 
23 | #include "worker.h"
24 | 
25 | #include <QObject>
26 | 
27 | class WorkerCCIDelete : public Worker
28 | {
29 |     Q_OBJECT
30 | 
31 | public:
32 |     explicit WorkerCCIDelete(QObject *parent = nullptr);
33 | 
34 | public Q_SLOTS:
35 |     void process() override;
36 | };
37 | 
38 | #endif // WORKERCCIDELETE_H
39 | 


--------------------------------------------------------------------------------
/src/workermapunmapped.h:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * STIGQter - STIG fun with Qt
 3 |  *
 4 |  * Copyright © 2019–2023 Jon Hood, http://www.hoodsecurity.com/
 5 |  *
 6 |  * This program is free software: you can redistribute it and/or modify
 7 |  * it under the terms of the GNU General Public License as published by
 8 |  * the Free Software Foundation, either version 3 of the License, or
 9 |  * (at your option) any later version.
10 |  *
11 |  * This program is distributed in the hope that it will be useful,
12 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14 |  * GNU General Public License for more details.
15 |  *
16 |  * You should have received a copy of the GNU General Public License
17 |  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
18 |  */
19 | 
20 | #ifndef WORKERMAPUNMAPPED_H
21 | #define WORKERMAPUNMAPPED_H
22 | 
23 | #include "worker.h"
24 | 
25 | #include <QObject>
26 | 
27 | class WorkerMapUnmapped : public Worker
28 | {
29 |     Q_OBJECT
30 | 
31 | public:
32 |     explicit WorkerMapUnmapped(QObject *parent = nullptr);
33 | 
34 | public Q_SLOTS:
35 |     void process() override;
36 | };
37 | 
38 | #endif // WORKERMAPUNMAPPED_H
39 | 


--------------------------------------------------------------------------------
/src/workercheckversion.h:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * STIGQter - STIG fun with Qt
 3 |  *
 4 |  * Copyright © 2018–2023 Jon Hood, http://www.hoodsecurity.com/
 5 |  *
 6 |  * This program is free software: you can redistribute it and/or modify
 7 |  * it under the terms of the GNU General Public License as published by
 8 |  * the Free Software Foundation, either version 3 of the License, or
 9 |  * (at your option) any later version.
10 |  *
11 |  * This program is distributed in the hope that it will be useful,
12 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14 |  * GNU General Public License for more details.
15 |  *
16 |  * You should have received a copy of the GNU General Public License
17 |  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
18 |  */
19 | 
20 | #ifndef WORKERCHECKVERSION_H
21 | #define WORKERCHECKVERSION_H
22 | 
23 | #include "worker.h"
24 | 
25 | #include <QObject>
26 | 
27 | class WorkerCheckVersion : public Worker
28 | {
29 |     Q_OBJECT
30 | 
31 | public:
32 |     explicit WorkerCheckVersion(QObject *parent = nullptr);
33 | 
34 | public Q_SLOTS:
35 |     void process() override;
36 | };
37 | 
38 | #endif // WORKERCHECKVERSION_H
39 | 


--------------------------------------------------------------------------------
/src/workerstigdelete.h:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * STIGQter - STIG fun with Qt
 3 |  *
 4 |  * Copyright © 2018–2023 Jon Hood, http://www.hoodsecurity.com/
 5 |  *
 6 |  * This program is free software: you can redistribute it and/or modify
 7 |  * it under the terms of the GNU General Public License as published by
 8 |  * the Free Software Foundation, either version 3 of the License, or
 9 |  * (at your option) any later version.
10 |  *
11 |  * This program is distributed in the hope that it will be useful,
12 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14 |  * GNU General Public License for more details.
15 |  *
16 |  * You should have received a copy of the GNU General Public License
17 |  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
18 |  */
19 | 
20 | #ifndef WORKERSTIGDELETE_H
21 | #define WORKERSTIGDELETE_H
22 | 
23 | #include "worker.h"
24 | 
25 | #include <QObject>
26 | 
27 | class WorkerSTIGDelete : public Worker
28 | {
29 |     Q_OBJECT
30 | 
31 | private:
32 |     QList<int> _ids;
33 | 
34 | public:
35 |     explicit WorkerSTIGDelete(QObject *parent = nullptr);
36 |     void AddId(int id);
37 | 
38 | public Q_SLOTS:
39 |     void process() override;
40 | };
41 | 
42 | #endif // WORKERSTIGDELETE_H
43 | 


--------------------------------------------------------------------------------
/src/workercmrsexport.h:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * STIGQter - STIG fun with Qt
 3 |  *
 4 |  * Copyright © 2019–2023 Jon Hood, http://www.hoodsecurity.com/
 5 |  *
 6 |  * This program is free software: you can redistribute it and/or modify
 7 |  * it under the terms of the GNU General Public License as published by
 8 |  * the Free Software Foundation, either version 3 of the License, or
 9 |  * (at your option) any later version.
10 |  *
11 |  * This program is distributed in the hope that it will be useful,
12 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14 |  * GNU General Public License for more details.
15 |  *
16 |  * You should have received a copy of the GNU General Public License
17 |  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
18 |  */
19 | 
20 | #ifndef WORKERCMRSEXPORT_H
21 | #define WORKERCMRSEXPORT_H
22 | 
23 | #include "worker.h"
24 | 
25 | #include <QObject>
26 | 
27 | class WorkerCMRSExport : public Worker
28 | {
29 |     Q_OBJECT
30 | 
31 | private:
32 |     QString _fileName;
33 | 
34 | public:
35 |     explicit WorkerCMRSExport(QObject *parent = nullptr);
36 |     void SetExportPath(const QString &fileName);
37 | 
38 | public Q_SLOTS:
39 |     void process() override;
40 | };
41 | 
42 | #endif // WORKERCMRSEXPORT_H
43 | 


--------------------------------------------------------------------------------
/src/workercklupgrade.h:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * STIGQter - STIG fun with Qt
 3 |  *
 4 |  * Copyright © 2022–2023 Jon Hood, http://www.hoodsecurity.com/
 5 |  *
 6 |  * This program is free software: you can redistribute it and/or modify
 7 |  * it under the terms of the GNU General Public License as published by
 8 |  * the Free Software Foundation, either version 3 of the License, or
 9 |  * (at your option) any later version.
10 |  *
11 |  * This program is distributed in the hope that it will be useful,
12 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14 |  * GNU General Public License for more details.
15 |  *
16 |  * You should have received a copy of the GNU General Public License
17 |  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
18 |  */
19 | 
20 | #ifndef WORKERCKLUPGRADE_H
21 | #define WORKERCKLUPGRADE_H
22 | 
23 | #include "asset.h"
24 | #include "worker.h"
25 | 
26 | #include <QObject>
27 | 
28 | class WorkerCKLUpgrade : public Worker
29 | {
30 |     Q_OBJECT
31 | 
32 | private:
33 |     Asset _asset;
34 |     STIG _stig;
35 | 
36 | public:
37 |     explicit WorkerCKLUpgrade(QObject *parent = nullptr);
38 |     void AddSTIG(const Asset &asset, const STIG &stig);
39 | 
40 | public Q_SLOTS:
41 |     void process() override;
42 | };
43 | 
44 | #endif // WORKERCKLUPGRADE_H
45 | 


--------------------------------------------------------------------------------
/src/workeremassreport.h:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * STIGQter - STIG fun with Qt
 3 |  *
 4 |  * Copyright © 2019–2023 Jon Hood, http://www.hoodsecurity.com/
 5 |  *
 6 |  * This program is free software: you can redistribute it and/or modify
 7 |  * it under the terms of the GNU General Public License as published by
 8 |  * the Free Software Foundation, either version 3 of the License, or
 9 |  * (at your option) any later version.
10 |  *
11 |  * This program is distributed in the hope that it will be useful,
12 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14 |  * GNU General Public License for more details.
15 |  *
16 |  * You should have received a copy of the GNU General Public License
17 |  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
18 |  */
19 | 
20 | #ifndef WORKEREMASSREPORT_H
21 | #define WORKEREMASSREPORT_H
22 | 
23 | #include "worker.h"
24 | 
25 | #include <QObject>
26 | 
27 | class WorkerEMASSReport : public Worker
28 | {
29 |     Q_OBJECT
30 | 
31 | private:
32 |     QString _fileName;
33 | 
34 | public:
35 |     explicit WorkerEMASSReport(QObject *parent = nullptr);
36 |     void SetReportName(const QString &fileName);
37 | 
38 | public Q_SLOTS:
39 |     void process() override;
40 | };
41 | 
42 | #endif // WORKEREMASSREPORT_H
43 | 


--------------------------------------------------------------------------------
/src/workerimportemass.h:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * STIGQter - STIG fun with Qt
 3 |  *
 4 |  * Copyright © 2019–2023 Jon Hood, http://www.hoodsecurity.com/
 5 |  *
 6 |  * This program is free software: you can redistribute it and/or modify
 7 |  * it under the terms of the GNU General Public License as published by
 8 |  * the Free Software Foundation, either version 3 of the License, or
 9 |  * (at your option) any later version.
10 |  *
11 |  * This program is distributed in the hope that it will be useful,
12 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14 |  * GNU General Public License for more details.
15 |  *
16 |  * You should have received a copy of the GNU General Public License
17 |  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
18 |  */
19 | 
20 | #ifndef WORKERIMPORTEMASS_H
21 | #define WORKERIMPORTEMASS_H
22 | 
23 | #include "worker.h"
24 | 
25 | #include <QObject>
26 | 
27 | class WorkerImportEMASS : public Worker
28 | {
29 |     Q_OBJECT
30 | 
31 | private:
32 |     QString _fileName;
33 | 
34 | public:
35 |     explicit WorkerImportEMASS(QObject *parent = nullptr);
36 |     void SetReportName(const QString &fileName);
37 | 
38 | public Q_SLOTS:
39 |     void process() override;
40 | };
41 | 
42 | #endif // WORKERIMPORTEMASS_H
43 | 


--------------------------------------------------------------------------------
/src/workerfindingsreport.h:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * STIGQter - STIG fun with Qt
 3 |  *
 4 |  * Copyright © 2018–2023 Jon Hood, http://www.hoodsecurity.com/
 5 |  *
 6 |  * This program is free software: you can redistribute it and/or modify
 7 |  * it under the terms of the GNU General Public License as published by
 8 |  * the Free Software Foundation, either version 3 of the License, or
 9 |  * (at your option) any later version.
10 |  *
11 |  * This program is distributed in the hope that it will be useful,
12 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14 |  * GNU General Public License for more details.
15 |  *
16 |  * You should have received a copy of the GNU General Public License
17 |  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
18 |  */
19 | 
20 | #ifndef WORKERFINDINGSREPORT_H
21 | #define WORKERFINDINGSREPORT_H
22 | 
23 | #include "worker.h"
24 | 
25 | #include <QObject>
26 | 
27 | class WorkerFindingsReport : public Worker
28 | {
29 |     Q_OBJECT
30 | 
31 | private:
32 |     QString _fileName;
33 | 
34 | public:
35 |     explicit WorkerFindingsReport(QObject *parent = nullptr);
36 |     void SetReportName(const QString &fileName);
37 | 
38 | public Q_SLOTS:
39 |     void process() override;
40 | };
41 | 
42 | #endif // WORKERFINDINGSREPORT_H
43 | 


--------------------------------------------------------------------------------
/src/workerstigdownload.h:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * STIGQter - STIG fun with Qt
 3 |  *
 4 |  * Copyright © 2019–2023 Jon Hood, http://www.hoodsecurity.com/
 5 |  *
 6 |  * This program is free software: you can redistribute it and/or modify
 7 |  * it under the terms of the GNU General Public License as published by
 8 |  * the Free Software Foundation, either version 3 of the License, or
 9 |  * (at your option) any later version.
10 |  *
11 |  * This program is distributed in the hope that it will be useful,
12 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14 |  * GNU General Public License for more details.
15 |  *
16 |  * You should have received a copy of the GNU General Public License
17 |  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
18 |  */
19 | 
20 | #ifndef WORKERSTIGDOWNLOAD_H
21 | #define WORKERSTIGDOWNLOAD_H
22 | 
23 | #include "worker.h"
24 | 
25 | #include <QObject>
26 | 
27 | class WorkerSTIGDownload : public Worker
28 | {
29 |     Q_OBJECT
30 | 
31 | private:
32 |     bool _enableSupplements;
33 | 
34 | public:
35 |     explicit WorkerSTIGDownload(QObject *parent = nullptr);
36 |     void SetEnableSupplements(bool enableSupplements);
37 | 
38 | public Q_SLOTS:
39 |     void process() override;
40 | };
41 | 
42 | #endif // WORKERSTIGDOWNLOAD_H
43 | 


--------------------------------------------------------------------------------
/src/workercciadd.h:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * STIGQter - STIG fun with Qt
 3 |  *
 4 |  * Copyright © 2018–2023 Jon Hood, http://www.hoodsecurity.com/
 5 |  *
 6 |  * This program is free software: you can redistribute it and/or modify
 7 |  * it under the terms of the GNU General Public License as published by
 8 |  * the Free Software Foundation, either version 3 of the License, or
 9 |  * (at your option) any later version.
10 |  *
11 |  * This program is distributed in the hope that it will be useful,
12 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14 |  * GNU General Public License for more details.
15 |  *
16 |  * You should have received a copy of the GNU General Public License
17 |  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
18 |  */
19 | 
20 | #ifndef WORKERCCIADD_H
21 | #define WORKERCCIADD_H
22 | 
23 | #include "worker.h"
24 | 
25 | #include <QObject>
26 | 
27 | class WorkerCCIAdd : public Worker
28 | {
29 |     Q_OBJECT
30 | 
31 | private:
32 |     void CheckFamily(const QString &acronym, const QString &description, QList<QString> &addedFamilies, bool resetDelay = false);
33 | 
34 | public:
35 |     explicit WorkerCCIAdd(QObject *parent = nullptr);
36 | 
37 | public Q_SLOTS:
38 |     void process() override;
39 | };
40 | 
41 | #endif // WORKERCCIADD_H
42 | 


--------------------------------------------------------------------------------
/STIGQter-Win64.nsi:
--------------------------------------------------------------------------------
 1 | !include x64.nsh
 2 | OutFile "STIGQter-Win64.exe"
 3 | InstallDir $PROGRAMFILES64\STIGQter
 4 | InstallDirRegKey HKLM 'Software\STIGQter' InstallDir
 5 | !define LANG_ENGLISH 1033-English
 6 | VIAddVersionKey /LANG=${LANG_ENGLISH} "ProductName" "STIGQter"
 7 | VIAddVersionKey /LANG=${LANG_ENGLISH} "FileDescription" "Open Source STIGViewer Reimplementation"
 8 | VIAddVersionKey /LANG=${LANG_ENGLISH} "LegalCopyright" "2018-2022 Jon Hood"
 9 | VIAddVersionKey /LANG=${LANG_ENGLISH} "CompanyName" "Jon Hood"
10 | VIAddVersionKey /LANG=${LANG_ENGLISH} "FileVersion" "1.2.0-1"
11 | VIProductVersion "1.2.4.0"
12 | RequestExecutionLevel admin
13 | Section
14 | 	${IfNot} ${RunningX64}
15 | 		MessageBox MB_OK|MB_ICONSTOP '64-bit Windows required.'
16 | 	        Quit
17 | 	${EndIf}
18 | 	SetOutPath $INSTDIR
19 | 	WriteUninstaller "$INSTDIR\uninstall.exe"
20 | 	CreateShortCut "$SMPROGRAMS\uninstall.lnk" "$INSTDIR\uninstall.exe"
21 | 	file STIGQter.exe
22 | 	file CHANGES.md
23 | 	file LICENSE
24 | 	file README.md
25 | 	file doc/UsersGuide.pdf
26 | 	CreateShortCut "$SMPROGRAMS\STIGQter.lnk" "$INSTDIR\STIGQter.exe"
27 | SectionEnd
28 | Section "uninstall"
29 | 	Delete "$INSTDIR\uninstall.exe"
30 | 	Delete "$SMPROGRAMS\uninstall.lnk"
31 | 	Delete "$INSTDIR\STIGQter.exe"
32 | 	Delete "$INSTDIR\CHANGES.md"
33 | 	Delete "$INSTDIR\LICENSE"
34 | 	Delete "$INSTDIR\README.md"
35 | 	Delete "$INSTDIR\UsersGuide.pdf"
36 | SectionEnd
37 | 


--------------------------------------------------------------------------------
/src/workerimportemasscontrol.h:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * STIGQter - STIG fun with Qt
 3 |  *
 4 |  * Copyright © 2022–2023 Jon Hood, http://www.hoodsecurity.com/
 5 |  *
 6 |  * This program is free software: you can redistribute it and/or modify
 7 |  * it under the terms of the GNU General Public License as published by
 8 |  * the Free Software Foundation, either version 3 of the License, or
 9 |  * (at your option) any later version.
10 |  *
11 |  * This program is distributed in the hope that it will be useful,
12 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14 |  * GNU General Public License for more details.
15 |  *
16 |  * You should have received a copy of the GNU General Public License
17 |  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
18 |  */
19 | 
20 | #ifndef WORKERIMPORTEMASSCONTROL_H
21 | #define WORKERIMPORTEMASSCONTROL_H
22 | 
23 | #include "worker.h"
24 | 
25 | #include <QObject>
26 | 
27 | class WorkerImportEMASSControl : public Worker
28 | {
29 |     Q_OBJECT
30 | 
31 | private:
32 |     QString _fileName;
33 | 
34 | public:
35 |     explicit WorkerImportEMASSControl(QObject *parent = nullptr);
36 |     void SetReportName(const QString &fileName);
37 | 
38 | public Q_SLOTS:
39 |     void process() override;
40 | };
41 | 
42 | #endif // WORKERIMPORTEMASSCONTROL_H
43 | 


--------------------------------------------------------------------------------
/src/family.h:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * STIGQter - STIG fun with Qt
 3 |  *
 4 |  * Copyright © 2018–2023 Jon Hood, http://www.hoodsecurity.com/
 5 |  *
 6 |  * This program is free software: you can redistribute it and/or modify
 7 |  * it under the terms of the GNU General Public License as published by
 8 |  * the Free Software Foundation, either version 3 of the License, or
 9 |  * (at your option) any later version.
10 |  *
11 |  * This program is distributed in the hope that it will be useful,
12 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14 |  * GNU General Public License for more details.
15 |  *
16 |  * You should have received a copy of the GNU General Public License
17 |  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
18 |  */
19 | 
20 | #ifndef FAMILY_H
21 | #define FAMILY_H
22 | 
23 | #include <QObject>
24 | #include <QString>
25 | 
26 | class Family : public QObject
27 | {
28 |     Q_OBJECT
29 | public:
30 |     Family(const Family &right);
31 |     explicit Family(QObject *parent = nullptr);
32 |     ~Family() override = default;
33 |     int id;
34 |     QString acronym;
35 |     QString description;
36 |     Family& operator=(const Family &right);
37 | };
38 | 
39 | Q_DECLARE_METATYPE(Family);
40 | 
41 | [[nodiscard]] QString PrintFamily(const Family &family);
42 | 
43 | #endif // FAMILY_H
44 | 


--------------------------------------------------------------------------------
/src/workerpoamreport.h:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * STIGQter - STIG fun with Qt
 3 |  *
 4 |  * Copyright © 2021–2023 Jon Hood, http://www.hoodsecurity.com/
 5 |  *
 6 |  * This program is free software: you can redistribute it and/or modify
 7 |  * it under the terms of the GNU General Public License as published by
 8 |  * the Free Software Foundation, either version 3 of the License, or
 9 |  * (at your option) any later version.
10 |  *
11 |  * This program is distributed in the hope that it will be useful,
12 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14 |  * GNU General Public License for more details.
15 |  *
16 |  * You should have received a copy of the GNU General Public License
17 |  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
18 |  */
19 | 
20 | #ifndef WORKERPOAMREPORT_H
21 | #define WORKERPOAMREPORT_H
22 | 
23 | #include "worker.h"
24 | 
25 | #include <QObject>
26 | 
27 | class WorkerPOAMReport : public Worker
28 | {
29 |     Q_OBJECT
30 | 
31 | private:
32 |     QString _fileName;
33 |     bool _apNums;
34 | 
35 | public:
36 |     explicit WorkerPOAMReport(QObject *parent = nullptr);
37 |     void SetReportName(const QString &fileName);
38 |     void SetAPNums(const bool apNums = false);
39 | 
40 | public Q_SLOTS:
41 |     void process() override;
42 | };
43 | 
44 | #endif // WORKERPOAMREPORT_H
45 | 


--------------------------------------------------------------------------------
/src/workerassetdelete.h:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * STIGQter - STIG fun with Qt
 3 |  *
 4 |  * Copyright © 2021–2023 Jon Hood, http://www.hoodsecurity.com/
 5 |  *
 6 |  * This program is free software: you can redistribute it and/or modify
 7 |  * it under the terms of the GNU General Public License as published by
 8 |  * the Free Software Foundation, either version 3 of the License, or
 9 |  * (at your option) any later version.
10 |  *
11 |  * This program is distributed in the hope that it will be useful,
12 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14 |  * GNU General Public License for more details.
15 |  *
16 |  * You should have received a copy of the GNU General Public License
17 |  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
18 |  */
19 | 
20 | #ifndef WORKERASSETDELETE_H
21 | #define WORKERASSETDELETE_H
22 | 
23 | #include "asset.h"
24 | #include "worker.h"
25 | 
26 | #include <QObject>
27 | 
28 | class WorkerAssetDelete : public Worker
29 | {
30 |     Q_OBJECT
31 | 
32 | private:
33 |     QVector<Asset> _assets;
34 | 
35 | public:
36 |     explicit WorkerAssetDelete(QObject *parent = nullptr);
37 |     void AddAssets(const QVector<Asset> &assets);
38 |     void AddAsset(const Asset &asset);
39 | 
40 | public Q_SLOTS:
41 |     void process() override;
42 | };
43 | 
44 | #endif // WORKERASSETDELETE_H
45 | 


--------------------------------------------------------------------------------
/src/workerassetadd.h:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * STIGQter - STIG fun with Qt
 3 |  *
 4 |  * Copyright © 2018–2023 Jon Hood, http://www.hoodsecurity.com/
 5 |  *
 6 |  * This program is free software: you can redistribute it and/or modify
 7 |  * it under the terms of the GNU General Public License as published by
 8 |  * the Free Software Foundation, either version 3 of the License, or
 9 |  * (at your option) any later version.
10 |  *
11 |  * This program is distributed in the hope that it will be useful,
12 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14 |  * GNU General Public License for more details.
15 |  *
16 |  * You should have received a copy of the GNU General Public License
17 |  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
18 |  */
19 | 
20 | #ifndef WORKERASSETADD_H
21 | #define WORKERASSETADD_H
22 | 
23 | #include "asset.h"
24 | #include "stig.h"
25 | #include "worker.h"
26 | 
27 | #include <QObject>
28 | 
29 | class WorkerAssetAdd : public Worker
30 | {
31 |     Q_OBJECT
32 | 
33 | private:
34 |     Asset _toAdd;
35 |     QList<STIG> _toMapSTIGs;
36 | 
37 | public:
38 |     explicit WorkerAssetAdd(QObject *parent = nullptr);
39 |     void AddAsset(const Asset &asset);
40 |     void AddSTIG(const STIG &stig);
41 | 
42 | public Q_SLOTS:
43 |     void process() override;
44 | };
45 | 
46 | #endif // WORKERASSETADD_H
47 | 


--------------------------------------------------------------------------------
/src/help.cpp:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * STIGQter - STIG fun with Qt
 3 |  *
 4 |  * Copyright © 2018–2023 Jon Hood, http://www.hoodsecurity.com/
 5 |  *
 6 |  * This program is free software: you can redistribute it and/or modify
 7 |  * it under the terms of the GNU General Public License as published by
 8 |  * the Free Software Foundation, either version 3 of the License, or
 9 |  * (at your option) any later version.
10 |  *
11 |  * This program is distributed in the hope that it will be useful,
12 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14 |  * GNU General Public License for more details.
15 |  *
16 |  * You should have received a copy of the GNU General Public License
17 |  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
18 |  */
19 | 
20 | #include "help.h"
21 | #include "ui_help.h"
22 | 
23 | /**
24 |  * @class Help
25 |  * @brief Displays the Help/About screen with metainformation on the
26 |  * program.
27 |  */
28 | 
29 | /**
30 |  * @brief Help::Help
31 |  * @param parent
32 |  * Default constructor.
33 |  */
34 | Help::Help(QWidget *parent) :
35 |     QWidget(parent),
36 |     ui(new Ui::Help)
37 | {
38 |     ui->setupUi(this);
39 |     this->setWindowTitle(QStringLiteral("About"));
40 | }
41 | 
42 | /**
43 |  * @brief Help::~Help
44 |  *
45 |  * Destructor.
46 |  */
47 | Help::~Help()
48 | {
49 |     delete ui;
50 | }
51 | 


--------------------------------------------------------------------------------
/src/workercklimport.h:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * STIGQter - STIG fun with Qt
 3 |  *
 4 |  * Copyright © 2018–2023 Jon Hood, http://www.hoodsecurity.com/
 5 |  *
 6 |  * This program is free software: you can redistribute it and/or modify
 7 |  * it under the terms of the GNU General Public License as published by
 8 |  * the Free Software Foundation, either version 3 of the License, or
 9 |  * (at your option) any later version.
10 |  *
11 |  * This program is distributed in the hope that it will be useful,
12 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14 |  * GNU General Public License for more details.
15 |  *
16 |  * You should have received a copy of the GNU General Public License
17 |  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
18 |  */
19 | 
20 | #ifndef WORKERCKLIMPORT_H
21 | #define WORKERCKLIMPORT_H
22 | 
23 | #include "asset.h"
24 | #include "worker.h"
25 | 
26 | #include <QObject>
27 | 
28 | class WorkerCKLImport : public Worker
29 | {
30 |     Q_OBJECT
31 | 
32 | private:
33 |     QStringList _fileNames;
34 |     void ParseCKL(const QString &fileName);
35 |     Asset CheckAsset(Asset &a);
36 | 
37 | public:
38 |     explicit WorkerCKLImport(QObject *parent = nullptr);
39 |     void AddCKLs(const QStringList &ckls);
40 | 
41 | public Q_SLOTS:
42 |     void process() override;
43 | };
44 | 
45 | #endif // WORKERCKLIMPORT_H
46 | 


--------------------------------------------------------------------------------
/gentoo/dev-libs/libxlsxwriter/libxlsxwriter-1.1.5.ebuild:
--------------------------------------------------------------------------------
 1 | # Copyright 1999-2023 Gentoo Foundation
 2 | # Distributed under the terms of the GNU General Public License v2
 3 | 
 4 | EAPI=8
 5 | 
 6 | inherit cmake plocale
 7 | 
 8 | DESCRIPTION="Libxlsxwriter is a C library for creating Excel XLSX files."
 9 | HOMEPAGE="http://libxlsxwriter.github.io/"
10 | SRC_URI="https://github.com/jmcnamara/libxlsxwriter/archive/RELEASE_${PV}.tar.gz -> ${P}.tar.gz"
11 | 
12 | LICENSE="BSD-2"
13 | SLOT="0"
14 | KEYWORDS="~amd64 ~x86"
15 | IUSE="minizip mmap openssl static-libs"
16 | S="${WORKDIR}/${PN}-RELEASE_${PV}"
17 | 
18 | DEPEND="sys-libs/zlib
19 | 	minizip? ( sys-libs/zlib[minizip] )"
20 | RDEPEND="${DEPEND}"
21 | 
22 | src_prepare() {
23 | 	cmake_src_prepare
24 | }
25 | 
26 | src_configure() {
27 | 	DOUBLEFUNCTION=OFF
28 | 	for x in $(plocale_get_locales); do
29 | 		if ! [[ "${x}" =~ ^en* ]]; then
30 | 			#non-english locale detected; apply double function fix
31 | 			DOUBLEFUNCTION=ON
32 | 			break
33 | 		fi
34 | 	done
35 | 	local mycmakeargs=(
36 | 		-DCMAKE_BUILD_TYPE=Release
37 | 		-DUSE_SYSTEM_MINIZIP="$(usex minizip)"
38 | 		-DUSE_MEM_FILE="$(usex mmap OFF ON)"
39 | 		-DUSE_OPENSSL_MD5="$(usex openssl OFF ON)"
40 | 		-DBUILD_SHARED_LIBS="$(usex static-libs OFF ON)"
41 | 		-DUSE_DTOA_LIBRARY=${DOUBLEFUNCTION}
42 | 	)
43 | 	cmake_src_configure
44 | }
45 | 
46 | src_install() {
47 | 	cmake_src_install
48 | 	dodoc CONTRIBUTING.md License.txt Readme.md Changes.txt
49 | 	dodoc -r docs examples
50 | }
51 | 


--------------------------------------------------------------------------------
/src/workercklexport.h:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * STIGQter - STIG fun with Qt
 3 |  *
 4 |  * Copyright © 2019–2023 Jon Hood, http://www.hoodsecurity.com/
 5 |  *
 6 |  * This program is free software: you can redistribute it and/or modify
 7 |  * it under the terms of the GNU General Public License as published by
 8 |  * the Free Software Foundation, either version 3 of the License, or
 9 |  * (at your option) any later version.
10 |  *
11 |  * This program is distributed in the hope that it will be useful,
12 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14 |  * GNU General Public License for more details.
15 |  *
16 |  * You should have received a copy of the GNU General Public License
17 |  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
18 |  */
19 | 
20 | #ifndef WORKERCKLEXPORT_H
21 | #define WORKERCKLEXPORT_H
22 | 
23 | #include "worker.h"
24 | 
25 | #include <QObject>
26 | 
27 | class WorkerCKLExport : public Worker
28 | {
29 |     Q_OBJECT
30 | 
31 | private:
32 |     QString _dirName;
33 |     QString _assetName;
34 |     bool _monolithic;
35 | 
36 | public:
37 |     explicit WorkerCKLExport(QObject *parent = nullptr);
38 |     void SetAssetName(const QString &assetName);
39 |     void SetExportDir(const QString &dir);
40 |     void SetMonolithic(const bool monolithic);
41 | 
42 | public Q_SLOTS:
43 |     void process() override;
44 | };
45 | 
46 | #endif // WORKERCKLEXPORT_H
47 | 


--------------------------------------------------------------------------------
/src/workerhtml.h:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * STIGQter - STIG fun with Qt
 3 |  *
 4 |  * Copyright © 2019–2023 Jon Hood, http://www.hoodsecurity.com/
 5 |  *
 6 |  * This program is free software: you can redistribute it and/or modify
 7 |  * it under the terms of the GNU General Public License as published by
 8 |  * the Free Software Foundation, either version 3 of the License, or
 9 |  * (at your option) any later version.
10 |  *
11 |  * This program is distributed in the hope that it will be useful,
12 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14 |  * GNU General Public License for more details.
15 |  *
16 |  * You should have received a copy of the GNU General Public License
17 |  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
18 |  */
19 | 
20 | #ifndef WORKERHTML_H
21 | #define WORKERHTML_H
22 | 
23 | #include "worker.h"
24 | 
25 | #include <QObject>
26 | 
27 | class WorkerHTML : public Worker
28 | {
29 |     Q_OBJECT
30 | 
31 | private:
32 |     QString _exportDir;
33 |     QString CheckItem(const QString &title, const QString &contents);
34 |     QString CheckItem(const QString &title, const QStringList &contents);
35 |     QString Sanitize(const QString &contents);
36 | 
37 | public:
38 |     explicit WorkerHTML(QObject *parent = nullptr);
39 |     void SetDir(const QString &dir);
40 | 
41 | public Q_SLOTS:
42 |     void process() override;
43 | };
44 | 
45 | #endif // WORKERHTML_H
46 | 


--------------------------------------------------------------------------------
/src/supplement.h:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * STIGQter - STIG fun with Qt
 3 |  *
 4 |  * Copyright © 2020–2023 Jon Hood, http://www.hoodsecurity.com/
 5 |  *
 6 |  * This program is free software: you can redistribute it and/or modify
 7 |  * it under the terms of the GNU General Public License as published by
 8 |  * the Free Software Foundation, either version 3 of the License, or
 9 |  * (at your option) any later version.
10 |  *
11 |  * This program is distributed in the hope that it will be useful,
12 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14 |  * GNU General Public License for more details.
15 |  *
16 |  * You should have received a copy of the GNU General Public License
17 |  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
18 |  */
19 | 
20 | #ifndef SUPPLEMENT_H
21 | #define SUPPLEMENT_H
22 | 
23 | #include "stig.h"
24 | 
25 | #include <QObject>
26 | 
27 | class Supplement : public QObject
28 | {
29 |     Q_OBJECT
30 | public:
31 |     Supplement(const Supplement &right);
32 |     explicit Supplement(QObject *parent = nullptr);
33 |     ~Supplement() override = default;
34 | 
35 |     int id;
36 |     int STIGId;
37 |     QString path;
38 |     QByteArray contents;
39 |     STIG GetSTIG();
40 |     Supplement& operator=(const Supplement &right);
41 | };
42 | 
43 | Q_DECLARE_METATYPE(Supplement);
44 | 
45 | [[nodiscard]] QString PrintSupplement(const Supplement &supplement);
46 | 
47 | #endif // SUPPLEMENT_H
48 | 


--------------------------------------------------------------------------------
/src/worker.h:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * STIGQter - STIG fun with Qt
 3 |  *
 4 |  * Copyright © 2020–2023 Jon Hood, http://www.hoodsecurity.com/
 5 |  *
 6 |  * This program is free software: you can redistribute it and/or modify
 7 |  * it under the terms of the GNU General Public License as published by
 8 |  * the Free Software Foundation, either version 3 of the License, or
 9 |  * (at your option) any later version.
10 |  *
11 |  * This program is distributed in the hope that it will be useful,
12 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14 |  * GNU General Public License for more details.
15 |  *
16 |  * You should have received a copy of the GNU General Public License
17 |  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
18 |  */
19 | 
20 | #ifndef WORKER_H
21 | #define WORKER_H
22 | 
23 | class STIGQter;
24 | 
25 | #include <QThread>
26 | #include <QString>
27 | 
28 | class Worker : public QObject
29 | {
30 |     Q_OBJECT
31 | 
32 | public:
33 |     explicit Worker(QObject *parent = nullptr);
34 |     virtual void process();
35 |     [[nodiscard]] QThread* ConnectThreads(STIGQter *sq = nullptr, bool blocking = true);
36 |     QString GetThreadId();
37 | 
38 | Q_SIGNALS:
39 |     void initialize(int, int);
40 |     void progress(int);
41 |     void updateStatus(QString);
42 |     void finished();
43 |     void ThrowWarning(QString title, QString message);
44 | 
45 | private:
46 |     QString _threadId;
47 | };
48 | 
49 | #endif // WORKER_H
50 | 


--------------------------------------------------------------------------------
/src/workerstigadd.h:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * STIGQter - STIG fun with Qt
 3 |  *
 4 |  * Copyright © 2018–2023 Jon Hood, http://www.hoodsecurity.com/
 5 |  *
 6 |  * This program is free software: you can redistribute it and/or modify
 7 |  * it under the terms of the GNU General Public License as published by
 8 |  * the Free Software Foundation, either version 3 of the License, or
 9 |  * (at your option) any later version.
10 |  *
11 |  * This program is distributed in the hope that it will be useful,
12 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14 |  * GNU General Public License for more details.
15 |  *
16 |  * You should have received a copy of the GNU General Public License
17 |  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
18 |  */
19 | 
20 | #ifndef WORKERSTIGADD_H
21 | #define WORKERSTIGADD_H
22 | 
23 | #include "worker.h"
24 | 
25 | #include <QObject>
26 | 
27 | class WorkerSTIGAdd : public Worker
28 | {
29 |     Q_OBJECT
30 | 
31 | private:
32 |     QStringList _todo;
33 |     bool _enableSupplements;
34 |     void ParseSTIG(const QByteArray &stig, const QString &fileName, const QMap<QString, QByteArray> &supplements);
35 |     QString XMLVulnFix(const QString &xml);
36 | 
37 | public:
38 |     explicit WorkerSTIGAdd(QObject *parent = nullptr);
39 |     void AddSTIGs(const QStringList &stigs);
40 |     void SetEnableSupplements(bool enableSupplements);
41 | 
42 | public Q_SLOTS:
43 |     void process() override;
44 | };
45 | 
46 | #endif // WORKERSTIGADD_H
47 | 


--------------------------------------------------------------------------------
/doc/build.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | function exists {
 4 | 	which "$1" > /dev/null 2> /dev/null
 5 | 	ret=$?
 6 | 	#program doesn't exist; check if aliased
 7 | 	if [ $ret -gt 0 ]; then
 8 | 		if [ -z "$2" ]; then
 9 | 			echo "Checking alias for $1..."
10 | 		fi
11 | 		type -a "$1" > /dev/null 2> /dev/null
12 | 		ret=$?
13 | 	fi
14 | 	if [ $ret -gt 0 ]; then
15 | 		if [ -z "$2" ]; then
16 | 			echo "Please install ${1} before building the documentation."
17 | 			exit 1
18 | 		fi
19 | 		return 1
20 | 	fi
21 | 	return 0
22 | }
23 | 
24 | function lbll {
25 | 	echo -n "Building $1..."
26 | 	buf=$(mktemp)
27 | 	lualatex -interaction=nonstopmode "$1" >> $buf && biber "$1" >> $buf && lualatex -interaction=nonstopmode "$1" >> $buf && lualatex -interaction=nonstopmode "$1" >> $buf
28 | 	if [ $? -eq 0 ]; then
29 | 		echo "OK!"
30 | 	else
31 | 		echo "FAILED!"
32 | 		tail -n 100 $buf
33 | 	fi
34 | 	if exists pdfsizeopt 1; then
35 | 		echo -n "Compressing $1..."
36 | 		OPTS=""
37 | 		if exists pngwolf 1; then
38 | 			OPTS="--use-image-optimizer=pngwolf"
39 | 		fi
40 | 		if exists advpng 1; then
41 | 			OPTS="${OPTS} --use-image-optimizer=advpng4"
42 | 		fi
43 | 		pdfsizeopt $OPTS "$1.pdf" >> $buf
44 | 		if [ -f "${1}.pso.pdf" ]; then
45 | 			echo "OK!"
46 | 			mv "${1}.pso.pdf" "${1}.pdf"
47 | 		else
48 | 			echo "FAILED!"
49 | 		fi
50 | 	fi
51 | 	rm $buf
52 | }
53 | 
54 | exists lualatex
55 | exists biber
56 | if ! exists pdfsizeopt 1; then
57 | 	echo "Not running pdfsizeopt for documentation compression."
58 | fi
59 | 
60 | for x in [a-z][a-z].tex; do
61 | 	lbll ${x/.tex/}
62 | done
63 | 
64 | lbll main
65 | mv main.pdf UsersGuide.pdf
66 | 


--------------------------------------------------------------------------------
/src/workerckl.h:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * STIGQter - STIG fun with Qt
 3 |  *
 4 |  * Copyright © 2021–2023 Jon Hood, http://www.hoodsecurity.com/
 5 |  *
 6 |  * This program is free software: you can redistribute it and/or modify
 7 |  * it under the terms of the GNU General Public License as published by
 8 |  * the Free Software Foundation, either version 3 of the License, or
 9 |  * (at your option) any later version.
10 |  *
11 |  * This program is distributed in the hope that it will be useful,
12 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14 |  * GNU General Public License for more details.
15 |  *
16 |  * You should have received a copy of the GNU General Public License
17 |  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
18 |  */
19 | 
20 | #ifndef WORKERCKL_H
21 | #define WORKERCKL_H
22 | 
23 | #include "asset.h"
24 | #include "stig.h"
25 | #include "worker.h"
26 | 
27 | #include <QObject>
28 | #include <QXmlStreamWriter>
29 | 
30 | class WorkerCKL : public Worker
31 | {
32 |     Q_OBJECT
33 | 
34 | private:
35 |     QString _fileName;
36 |     Asset _asset;
37 |     QList<STIG> _stigs;
38 |     void WriteXMLEntry(QXmlStreamWriter &stream, const QString &name, const QString &value);
39 |     void AddSTIGs(const QVector<STIG> &stigs);
40 | 
41 | public:
42 |     explicit WorkerCKL(QObject *parent = nullptr);
43 |     void AddAsset(const Asset &asset, const QVector<STIG> &stigs = {});
44 |     void AddFilename(const QString &name);
45 | 
46 | public Q_SLOTS:
47 |     void process() override;
48 | };
49 | 
50 | #endif // WORKERCKL_H
51 | 


--------------------------------------------------------------------------------
/src/tabviewwidget.h:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * STIGQter - STIG fun with Qt
 3 |  *
 4 |  * Copyright © 2020–2023 Jon Hood, http://www.hoodsecurity.com/
 5 |  *
 6 |  * This program is free software: you can redistribute it and/or modify
 7 |  * it under the terms of the GNU General Public License as published by
 8 |  * the Free Software Foundation, either version 3 of the License, or
 9 |  * (at your option) any later version.
10 |  *
11 |  * This program is distributed in the hope that it will be useful,
12 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14 |  * GNU General Public License for more details.
15 |  *
16 |  * You should have received a copy of the GNU General Public License
17 |  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
18 |  */
19 | 
20 | #ifndef TABVIEWWIDGET_H
21 | #define TABVIEWWIDGET_H
22 | 
23 | #include <QWidget>
24 | 
25 | #include "stigqter.h"
26 | 
27 | enum TabType
28 | {
29 |     stig = 2,
30 |     asset = 1,
31 |     root = 0
32 | };
33 | 
34 | class TabViewWidget : public QWidget
35 | {
36 |     Q_OBJECT
37 | public:
38 |     explicit TabViewWidget(QWidget *parent = nullptr);
39 |     void SetTabIndex(int index);
40 |     virtual TabType GetTabType();
41 |     virtual void DisableInput();
42 |     virtual void EnableInput();
43 | #ifdef USE_TESTS
44 |     void ProcEvents();
45 |     virtual void RunTests();
46 | #endif
47 | 
48 | protected:
49 |     int _tabIndex;
50 |     STIGQter *_parent;
51 | 
52 | Q_SIGNALS:
53 |     void CloseTab(int);
54 |     void RenameTab(int, QString);
55 | };
56 | 
57 | #endif // TABVIEWWIDGET_H
58 | 


--------------------------------------------------------------------------------
/src/stigedit.h:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * STIGQter - STIG fun with Qt
 3 |  *
 4 |  * Copyright © 2020–2023 Jon Hood, http://www.hoodsecurity.com/
 5 |  *
 6 |  * This program is free software: you can redistribute it and/or modify
 7 |  * it under the terms of the GNU General Public License as published by
 8 |  * the Free Software Foundation, either version 3 of the License, or
 9 |  * (at your option) any later version.
10 |  *
11 |  * This program is distributed in the hope that it will be useful,
12 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14 |  * GNU General Public License for more details.
15 |  *
16 |  * You should have received a copy of the GNU General Public License
17 |  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
18 |  */
19 | 
20 | #ifndef STIGEDIT_H
21 | #define STIGEDIT_H
22 | 
23 | #include <QWidget>
24 | 
25 | #include "stig.h"
26 | #include "tabviewwidget.h"
27 | 
28 | namespace Ui {
29 | class STIGEdit;
30 | }
31 | 
32 | class STIGEdit : public TabViewWidget
33 | {
34 |     Q_OBJECT
35 | 
36 | public:
37 |     STIGEdit() = delete;
38 |     STIGEdit(const STIGEdit &se) = delete;
39 |     explicit STIGEdit(STIG &stig, QWidget *parent = nullptr);
40 |     void DisableInput() override;
41 |     void EnableInput() override;
42 |     TabType GetTabType() override;
43 | #ifdef USE_TESTS
44 |     virtual void RunTests() override;
45 | #endif
46 | 
47 | private:
48 |     Ui::STIGEdit *ui;
49 |     STIG _s;
50 |     void UpdateChecks();
51 |     void UpdateSupplements();
52 | 
53 | private Q_SLOTS:
54 |     void AddCCI();
55 |     void SelectCheck();
56 |     void UpdateSTIG();
57 |     void UpdateCheck();
58 | };
59 | 
60 | #endif // STIGEDIT_H
61 | 


--------------------------------------------------------------------------------
/src/stig.h:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * STIGQter - STIG fun with Qt
 3 |  *
 4 |  * Copyright © 2018–2023 Jon Hood, http://www.hoodsecurity.com/
 5 |  *
 6 |  * This program is free software: you can redistribute it and/or modify
 7 |  * it under the terms of the GNU General Public License as published by
 8 |  * the Free Software Foundation, either version 3 of the License, or
 9 |  * (at your option) any later version.
10 |  *
11 |  * This program is distributed in the hope that it will be useful,
12 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14 |  * GNU General Public License for more details.
15 |  *
16 |  * You should have received a copy of the GNU General Public License
17 |  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
18 |  */
19 | 
20 | #ifndef STIG_H
21 | #define STIG_H
22 | 
23 | #include <QList>
24 | #include <QObject>
25 | #include <QString>
26 | 
27 | class STIGCheck;
28 | class Asset;
29 | class Supplement;
30 | 
31 | class STIG : public QObject
32 | {
33 |     Q_OBJECT
34 | public:
35 |     STIG(const STIG &right);
36 |     explicit STIG(QObject *parent = nullptr);
37 |     ~STIG() override = default;
38 | 
39 |     int id;
40 |     QString title;
41 |     QString description;
42 |     QString release;
43 |     int version;
44 |     QString benchmarkId;
45 |     QString fileName;
46 |     QVector<Asset> GetAssets() const;
47 |     QVector<STIGCheck> GetSTIGChecks() const;
48 |     QVector<Supplement> GetSupplements() const;
49 |     STIG& operator=(const STIG &right);
50 |     bool operator<(const STIG &right) const;
51 | };
52 | 
53 | bool operator==(STIG const& lhs, STIG const& rhs);
54 | bool operator!=(STIG const& lhs, STIG const& rhs);
55 | 
56 | Q_DECLARE_METATYPE(STIG);
57 | 
58 | [[nodiscard]] QString PrintSTIG(const STIG &stig);
59 | 
60 | #endif // STIG_H
61 | 


--------------------------------------------------------------------------------
/src/common.h:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * STIGQter - STIG fun with Qt
 3 |  *
 4 |  * Copyright © 2018–2023 Jon Hood, http://www.hoodsecurity.com/
 5 |  *
 6 |  * This program is free software: you can redistribute it and/or modify
 7 |  * it under the terms of the GNU General Public License as published by
 8 |  * the Free Software Foundation, either version 3 of the License, or
 9 |  * (at your option) any later version.
10 |  *
11 |  * This program is distributed in the hope that it will be useful,
12 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14 |  * GNU General Public License for more details.
15 |  *
16 |  * You should have received a copy of the GNU General Public License
17 |  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
18 |  */
19 | 
20 | #ifndef COMMON_H
21 | #define COMMON_H
22 | 
23 | #include <QByteArrayList>
24 | #include <QFile>
25 | #include <QNetworkReply>
26 | 
27 | #define VERSION QStringLiteral("1.2.7")
28 | 
29 | [[maybe_unused]] extern bool IgnoreWarnings;
30 | 
31 | void MessageHandler(QtMsgType type, const QMessageLogContext &context, const QString &msg);
32 | bool DownloadFile(const QUrl &url, QFile *file);
33 | QString DownloadPage(const QUrl &url);
34 | QString Excelify(const QString &s);
35 | int GetCCINumber(QString cci);
36 | QMap<QString, QByteArray> GetFilesFromZip(const QString &fileName, const QString &fileNameFilter = QLatin1String(""));
37 | int GetReleaseNumber(const QString &release);
38 | QString GetUserAgent();
39 | QString Pluralize(const int count, const QString &plural = QStringLiteral("s"), const QString &singular = QLatin1String(""));
40 | QString PrintTrueFalse(bool tf);
41 | QString Sanitize(QString s);
42 | QString SanitizeFile(QString s);
43 | QString TrimFileName(const QString &fileName);
44 | void Warning(const QString &title, const QString &message, const bool quiet = false, const int level = 5);
45 | 
46 | #endif // COMMON_H
47 | 


--------------------------------------------------------------------------------
/src/workerccidelete.cpp:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * STIGQter - STIG fun with Qt
 3 |  *
 4 |  * Copyright © 2018–2023 Jon Hood, http://www.hoodsecurity.com/
 5 |  *
 6 |  * This program is free software: you can redistribute it and/or modify
 7 |  * it under the terms of the GNU General Public License as published by
 8 |  * the Free Software Foundation, either version 3 of the License, or
 9 |  * (at your option) any later version.
10 |  *
11 |  * This program is distributed in the hope that it will be useful,
12 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14 |  * GNU General Public License for more details.
15 |  *
16 |  * You should have received a copy of the GNU General Public License
17 |  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
18 |  */
19 | 
20 | #include "workerccidelete.h"
21 | #include "common.h"
22 | #include "dbmanager.h"
23 | 
24 | /**
25 |  * @class WorkerCCIDelete
26 |  * @brief Deleting the data indexed by the @a WorkerCCIAdd task is
27 |  * performed by this background worker.
28 |  *
29 |  * This class resets the database to a state before a @a CCI is
30 |  * indexed.
31 |  */
32 | 
33 | /**
34 |  * @brief WorkerCCIDelete::WorkerCCIDelete
35 |  * @param parent
36 |  *
37 |  * Default constructor.
38 |  */
39 | WorkerCCIDelete::WorkerCCIDelete(QObject *parent) : Worker(parent)
40 | {
41 | }
42 | 
43 | /**
44 |  * @brief WorkerCCIDelete::process
45 |  *
46 |  * Delete the @a CCI and @a Control information from the database.
47 |  */
48 | void WorkerCCIDelete::process()
49 | {
50 |     Worker::process();
51 | 
52 |     //open database in this thread
53 |     Q_EMIT initialize(2, 1);
54 |     DbManager db;
55 | 
56 |     Q_EMIT updateStatus(QStringLiteral("Clearing DB of CCI/RMF information…"));
57 |     db.DeleteCCIs();
58 |     Q_EMIT progress(-1);
59 | 
60 |     //complete
61 |     Q_EMIT updateStatus(QStringLiteral("Done!"));
62 |     Q_EMIT finished();
63 | }
64 | 


--------------------------------------------------------------------------------
/.github/workflows/codeql-analysis.yml:
--------------------------------------------------------------------------------
 1 | name: CodeQL
 2 | 
 3 | on:
 4 |   workflow_dispatch:
 5 |   schedule:
 6 |     - cron: "0 0 */16 * *"
 7 | 
 8 | jobs:
 9 |   analyze:
10 |     name: Analyze
11 |     runs-on: ubuntu-latest
12 | 
13 |     strategy:
14 |       fail-fast: false
15 |       matrix:
16 |         language: [ 'cpp' ]
17 | 
18 |     steps:
19 |     - name: Checkout Repo
20 |       uses: actions/checkout@v3
21 |     - name: Initialize CodeQL
22 |       uses: github/codeql-action/init@v2
23 |       with:
24 |         languages: ${{ matrix.language }}
25 |         queries: +security-and-quality
26 |     - name: update
27 |       run: sudo apt-get update
28 |     - name: set timezone
29 |       run: sudo ln -fs /usr/share/zoneinfo/America/Chicago /etc/localtime
30 | #    - name: install latex dependencies
31 | #      run: DEBIAN_FRONTEND="noninteractive" sudo apt-get install -q -y --force-yes texlive-luatex texlive-latex-recommended texlive-latex-extra texlive-fonts-extra texlive-fonts-extra-links texlive-bibtex-extra biber
32 |     - name: install dependencies
33 |       run: DEBIAN_FRONTEND="noninteractive" sudo apt-get install -q -y --force-yes qtbase5-dev qt5-qmake libzip-dev g++ debhelper dpkg-dev zlib1g-dev libminizip-dev libssl-dev cmake
34 |     - name: download libxlsxwriter
35 |       run: pushd /tmp && wget https://github.com/jmcnamara/libxlsxwriter/archive/RELEASE_1.1.5.tar.gz && tar -zxf RELEASE_1.1.5.tar.gz && popd
36 |     - name: build libxlsxwriter
37 |       run: pushd /tmp/libxlsxwriter-RELEASE_1.1.5 && echo -e "SET(CPACK_GENERATOR \"DEB\")\nset(CPACK_PACKAGE_NAME \"libxlsxwriter\")\nSET(CPACK_DEBIAN_PACKAGE_MAINTAINER \"jwh0011@auburn.edu\")\nset(CPACK_PACKAGE_VERSION \"1.1.5\")\nINCLUDE(CPack)" >> CMakeLists.txt && /usr/bin/cmake ./ && make -j3 && cpack && popd
38 |     - name: install libxlsxwriter
39 |       run: sudo dpkg -i /tmp/libxlsxwriter-RELEASE_1.1.5/libxlsxwriter-1.1.5-Linux.deb
40 |     - name: qmake STIGQter
41 |       run: qmake STIGQter.pro
42 |     - name: build STIGQter
43 |       run: make -j3
44 |     - name: Perform CodeQL Analysis
45 |       uses: github/codeql-action/analyze@v1
46 | 


--------------------------------------------------------------------------------
/.github/workflows/debian.yml:
--------------------------------------------------------------------------------
 1 | name: Debian CI
 2 | 
 3 | on:
 4 |   push:
 5 |     branches: [ master ]
 6 | 
 7 | jobs:
 8 |   build:
 9 | 
10 |     runs-on: ubuntu-latest
11 | 
12 |     steps:
13 |     - uses: actions/checkout@v2
14 |     - name: update
15 |       run: sudo apt-get update
16 |     - name: set timezone
17 |       run: sudo ln -fs /usr/share/zoneinfo/America/Chicago /etc/localtime
18 | #    - name: install latex dependencies
19 | #      run: DEBIAN_FRONTEND="noninteractive" sudo apt-get install -q -y --force-yes texlive-luatex texlive-latex-recommended texlive-latex-extra texlive-fonts-extra texlive-fonts-extra-links texlive-bibtex-extra biber
20 |     - name: install dependencies
21 |       run: DEBIAN_FRONTEND="noninteractive" sudo apt-get install -q -y --force-yes qtbase5-dev qt5-qmake libzip-dev g++ debhelper dpkg-dev zlib1g-dev libminizip-dev libssl-dev cmake
22 |     - name: download libxlsxwriter
23 |       run: pushd /tmp && wget https://github.com/jmcnamara/libxlsxwriter/archive/RELEASE_1.1.5.tar.gz && tar -zxf RELEASE_1.1.5.tar.gz && popd
24 |     - name: build libxlsxwriter
25 |       run: pushd /tmp/libxlsxwriter-RELEASE_1.1.5 && echo -e "SET(CPACK_GENERATOR \"DEB\")\nset(CPACK_PACKAGE_NAME \"libxlsxwriter\")\nSET(CPACK_DEBIAN_PACKAGE_MAINTAINER \"jwh0011@auburn.edu\")\nset(CPACK_PACKAGE_VERSION \"1.1.5\")\nINCLUDE(CPack)" >> CMakeLists.txt && /usr/bin/cmake ./ && make -j3 && cpack && popd
26 |     - name: install libxlsxwriter
27 |       run: sudo dpkg -i /tmp/libxlsxwriter-RELEASE_1.1.5/libxlsxwriter-1.1.5-Linux.deb
28 |     - name: build tarball
29 |       run: git archive --format=tar.gz -o ../stigqter_1.2.5.orig.tar.gz master
30 |     - name: dpkg-buildpackage
31 |       run: dpkg-buildpackage --no-sign
32 |     - name: copy debian package
33 |       run: mv ../stigqter_1.2.5-1_all.deb /tmp/
34 |     - uses: actions/upload-artifact@v2
35 |       with:
36 |         name: STIGQter Debian Package
37 |         path: /tmp/stigqter_1.2.5-1_all.deb
38 |     - uses: actions/upload-artifact@v2
39 |       with:
40 |         name: libxlsxwriter Debian Package
41 |         path: /tmp/libxlsxwriter-RELEASE_1.1.5/libxlsxwriter-1.1.5-Linux.deb
42 | 


--------------------------------------------------------------------------------
/tests/xccdf_lol.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0"?>
 2 | <!DOCTYPE lolz [
 3 |  <!ENTITY lol "lol">
 4 |  <!ELEMENT lolz (#PCDATA)>
 5 |  <!ENTITY lol1 "&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;">
 6 |  <!ENTITY lol2 "&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;">
 7 |  <!ENTITY lol3 "&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;">
 8 |  <!ENTITY lol4 "&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;">
 9 |  <!ENTITY lol5 "&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;">
10 |  <!ENTITY lol6 "&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;">
11 |  <!ENTITY lol7 "&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;">
12 |  <!ENTITY lol8 "&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;">
13 |  <!ENTITY lol9 "&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;">
14 | ]>
15 | <cdf:Benchmark resolved="1" id="Windows_10_STIG" xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.1 http://nvd.nist.gov/schema/xccdf-1.1.4.xsd http://cpe.mitre.org/dictionary/2.0 http://cpe.mitre.org/files/cpe-dictionary_2.1.xsd" xmlns:cdf="http://checklists.nist.gov/xccdf/1.1" xmlns:cpe="http://cpe.mitre.org/dictionary/2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:xhtml="http://www.w3.org/1999/xhtml">
16 |  <cdf:TestResult>
17 |   <cdf:profile idref="MAC-2_Sensitive"></cdf:profile>
18 |   <cdf:target></cdf:target>
19 |   <cdf:target-facts>
20 |    <cdf:fact name="urn:scap:fact:asset:identifier:host_name"></cdf:fact>
21 |    <cdf:fact name="urn:scap:fact:asset:identifier:fqdn"></cdf:fact>
22 |    <cdf:fact name="urn:scap:fact:asset:identifier:ipv4"></cdf:fact>
23 |    <cdf:fact name="urn:scap:fact:asset:identifier:mac"></cdf:fact>
24 |   </cdf:target-facts>
25 |   <cdf:rule-result idref="SV-92835r1_rule"><cdf:result>pass</cdf:result></cdf:rule-result>
26 |   <cdf:rule-result idref="SV-92851r1_rule"><cdf:result>fail</cdf:result></cdf:rule-result>
27 |   <cdf:rule-result idref="SV-92853r1_rule"><cdf:result>notapplicable</cdf:result></cdf:rule-result>
28 |  </cdf:TestResult>
29 | 	 <!-- Don't Import This! <lolz>&lol9;</lolz> -->
30 | </cdf:Benchmark>
31 | 


--------------------------------------------------------------------------------
/src/workerstigdelete.cpp:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * STIGQter - STIG fun with Qt
 3 |  *
 4 |  * Copyright © 2018–2023 Jon Hood, http://www.hoodsecurity.com/
 5 |  *
 6 |  * This program is free software: you can redistribute it and/or modify
 7 |  * it under the terms of the GNU General Public License as published by
 8 |  * the Free Software Foundation, either version 3 of the License, or
 9 |  * (at your option) any later version.
10 |  *
11 |  * This program is distributed in the hope that it will be useful,
12 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14 |  * GNU General Public License for more details.
15 |  *
16 |  * You should have received a copy of the GNU General Public License
17 |  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
18 |  */
19 | 
20 | #include "dbmanager.h"
21 | #include "workerstigdelete.h"
22 | 
23 | /**
24 |  * @class WorkerSTIGDelete
25 |  * @brief Remove STIGs and SRGs from the internal database.
26 |  *
27 |  * STIG and SRG IDs are provided and removed from the database.
28 |  */
29 | 
30 | /**
31 |  * @brief WorkerSTIGDelete::WorkerSTIGDelete
32 |  * @param parent
33 |  *
34 |  * Default constructor.
35 |  */
36 | WorkerSTIGDelete::WorkerSTIGDelete(QObject *parent) : Worker(parent)
37 | {
38 | }
39 | 
40 | /**
41 |  * @brief WorkerSTIGDelete::AddId
42 |  * @param id
43 |  *
44 |  * Provide the IDs to delete.
45 |  */
46 | void WorkerSTIGDelete::AddId(int id)
47 | {
48 |     _ids.append(id);
49 | }
50 | 
51 | /**
52 |  * @brief WorkerSTIGDelete::process
53 |  *
54 |  * Loop through the provided IDs and remove them from the database.
55 |  */
56 | void WorkerSTIGDelete::process()
57 | {
58 |     Worker::process();
59 | 
60 |     //open database in this thread
61 |     Q_EMIT initialize(2 + _ids.count(), 1);
62 |     DbManager db;
63 | 
64 |     Q_EMIT updateStatus(QStringLiteral("Clearing DB of selected STIG information…"));
65 |     db.DelayCommit(true);
66 |     Q_FOREACH (int i, _ids)
67 |     {
68 |         db.DeleteSTIG(i);
69 |         Q_EMIT progress(-1);
70 |     }
71 |     db.DelayCommit(false);
72 |     Q_EMIT progress(-1);
73 | 
74 |     //complete
75 |     Q_EMIT updateStatus(QStringLiteral("Done!"));
76 |     Q_EMIT finished();
77 | }
78 | 


--------------------------------------------------------------------------------
/src/cklcheck.h:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * STIGQter - STIG fun with Qt
 3 |  *
 4 |  * Copyright © 2018–2023 Jon Hood, http://www.hoodsecurity.com/
 5 |  *
 6 |  * This program is free software: you can redistribute it and/or modify
 7 |  * it under the terms of the GNU General Public License as published by
 8 |  * the Free Software Foundation, either version 3 of the License, or
 9 |  * (at your option) any later version.
10 |  *
11 |  * This program is distributed in the hope that it will be useful,
12 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14 |  * GNU General Public License for more details.
15 |  *
16 |  * You should have received a copy of the GNU General Public License
17 |  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
18 |  */
19 | 
20 | #ifndef CKLCHECK_H
21 | #define CKLCHECK_H
22 | 
23 | #include <QObject>
24 | #include <QString>
25 | 
26 | #include "asset.h"
27 | #include "stigcheck.h"
28 | 
29 | enum Status
30 | {
31 |     NotReviewed,
32 |     Open,
33 |     NotAFinding,
34 |     NotApplicable
35 | };
36 | 
37 | Status GetStatus(const QString &status);
38 | QString GetStatus(Status status, bool xmlFormat = false);
39 | QString GetCMRSStatus(Status status);
40 | 
41 | class CKLCheck : public QObject
42 | {
43 |     Q_OBJECT
44 | 
45 | public:
46 |     CKLCheck(const CKLCheck &right);
47 |     explicit CKLCheck(QObject *parent = nullptr);
48 |     ~CKLCheck() override = default;
49 |     int id;
50 |     int assetId;
51 |     int stigCheckId;
52 |     Asset GetAsset() const;
53 |     STIGCheck GetSTIGCheck() const;
54 |     Severity GetSeverity() const;
55 |     Status status;
56 |     QString findingDetails;
57 |     QString comments;
58 |     Severity severityOverride;
59 |     QString severityJustification;
60 |     friend bool operator<(const CKLCheck &left, const CKLCheck &right)
61 |     {
62 |         Severity l = left.GetSeverity();
63 |         Severity r = right.GetSeverity();
64 |         if (l == r)
65 |             return (left.GetSTIGCheck().rule.compare(right.GetSTIGCheck().rule) < 0);
66 |         return r < l;
67 |     }
68 |     CKLCheck& operator=(const CKLCheck &right);
69 | };
70 | 
71 | Q_DECLARE_METATYPE(CKLCheck);
72 | 
73 | [[nodiscard]] QString PrintCKLCheck(const CKLCheck &cklCheck);
74 | 
75 | #endif // CKLCHECK_H
76 | 


--------------------------------------------------------------------------------
/src/control.h:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * STIGQter - STIG fun with Qt
 3 |  *
 4 |  * Copyright © 2018–2023 Jon Hood, http://www.hoodsecurity.com/
 5 |  *
 6 |  * This program is free software: you can redistribute it and/or modify
 7 |  * it under the terms of the GNU General Public License as published by
 8 |  * the Free Software Foundation, either version 3 of the License, or
 9 |  * (at your option) any later version.
10 |  *
11 |  * This program is distributed in the hope that it will be useful,
12 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14 |  * GNU General Public License for more details.
15 |  *
16 |  * You should have received a copy of the GNU General Public License
17 |  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
18 |  */
19 | 
20 | #ifndef CONTROL_H
21 | #define CONTROL_H
22 | 
23 | #include "family.h"
24 | 
25 | #include <QObject>
26 | #include <QString>
27 | 
28 | class CCI;
29 | 
30 | class Control : public QObject
31 | {
32 |     Q_OBJECT
33 | public:
34 |     Control(const Control &right);
35 |     explicit Control(QObject *parent = nullptr);
36 |     ~Control() override = default;
37 |     int id;
38 |     int familyId;
39 |     Family GetFamily() const;
40 |     QVector<CCI> GetCCIs() const;
41 |     int number;
42 |     int enhancement;
43 |     QString title;
44 |     QString description;
45 |     QString importSeverity;
46 |     QString importRelevanceOfThreat;
47 |     QString importLikelihood;
48 |     QString importImpact;
49 |     QString importImpactDescription;
50 |     QString importResidualRiskLevel;
51 |     QString importRecommendations;
52 |     Control& operator=(const Control &right);
53 |     friend bool operator<(const Control &left, const Control &right)
54 |     {
55 |         if (left.familyId == right.familyId)
56 |         {
57 |             if (left.number == right.number)
58 |             {
59 |                 return left.enhancement < right.enhancement;
60 |             }
61 |             return left.number < right.number;
62 |         }
63 |         return left.GetFamily().acronym < right.GetFamily().acronym;
64 |     }
65 |     bool IsImport() const;
66 | };
67 | 
68 | bool operator==(Control const& lhs, Control const& rhs);
69 | 
70 | Q_DECLARE_METATYPE(Control);
71 | 
72 | [[nodiscard]] QString PrintControl(const Control &control);
73 | 
74 | #endif // CONTROL_H
75 | 


--------------------------------------------------------------------------------
/src/cci.h:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * STIGQter - STIG fun with Qt
 3 |  *
 4 |  * Copyright © 2018–2023 Jon Hood, http://www.hoodsecurity.com/
 5 |  *
 6 |  * This program is free software: you can redistribute it and/or modify
 7 |  * it under the terms of the GNU General Public License as published by
 8 |  * the Free Software Foundation, either version 3 of the License, or
 9 |  * (at your option) any later version.
10 |  *
11 |  * This program is distributed in the hope that it will be useful,
12 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14 |  * GNU General Public License for more details.
15 |  *
16 |  * You should have received a copy of the GNU General Public License
17 |  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
18 |  */
19 | 
20 | #ifndef CCI_H
21 | #define CCI_H
22 | 
23 | #include <QObject>
24 | #include <QString>
25 | 
26 | class CKLCheck;
27 | class Control;
28 | class STIGCheck;
29 | 
30 | class CCI : public QObject
31 | {
32 |     Q_OBJECT
33 | 
34 | public:
35 |     CCI(const CCI &right);
36 |     explicit CCI(QObject *parent = nullptr);
37 |     ~CCI() override = default;
38 |     int id;
39 |     Control GetControl() const;
40 |     QVector<CKLCheck> GetCKLChecks() const;
41 |     QVector<STIGCheck> GetSTIGChecks() const;
42 |     int controlId;
43 |     int cci;
44 |     QString definition;
45 |     bool isImport;
46 |     QString importCompliance;
47 |     QString importDateTested;
48 |     QString importTestedBy;
49 |     QString importTestResults;
50 |     QString importCompliance2;
51 |     QString importDateTested2;
52 |     QString importTestedBy2;
53 |     QString importTestResults2;
54 |     QString importControlImplementationStatus;
55 |     QString importSecurityControlDesignation;
56 |     QString importInherited;
57 |     QString importRemoteInheritanceInstance;
58 |     QString importApNum;
59 |     QString importImplementationGuidance;
60 |     QString importAssessmentProcedures;
61 |     QString importNarrative;
62 |     friend bool operator<(const CCI &left, const CCI &right)
63 |     {
64 |         return left.cci < right.cci;
65 |     }
66 |     CCI& operator=(const CCI &right);
67 |     bool operator==(const CCI &right) const;
68 | };
69 | 
70 | Q_DECLARE_METATYPE(CCI);
71 | 
72 | [[nodiscard]] QString PrintCCI(int cci);
73 | [[nodiscard]] QString PrintCCI(const CCI &cci);
74 | 
75 | #endif // CCI_H
76 | 


--------------------------------------------------------------------------------
/src/supplement.cpp:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * STIGQter - STIG fun with Qt
 3 |  *
 4 |  * Copyright © 2020–2023 Jon Hood, http://www.hoodsecurity.com/
 5 |  *
 6 |  * This program is free software: you can redistribute it and/or modify
 7 |  * it under the terms of the GNU General Public License as published by
 8 |  * the Free Software Foundation, either version 3 of the License, or
 9 |  * (at your option) any later version.
10 |  *
11 |  * This program is distributed in the hope that it will be useful,
12 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14 |  * GNU General Public License for more details.
15 |  *
16 |  * You should have received a copy of the GNU General Public License
17 |  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
18 |  */
19 | 
20 | #include "dbmanager.h"
21 | #include "supplement.h"
22 | 
23 | /**
24 |  * @class Supplement
25 |  * @brief A @a STIG may contain several files as supplementary material. These
26 |  * supplements are used to verify accountability, distribute metafiles, and
27 |  * assist in the implementation of STIGs.
28 |  */
29 | 
30 | /**
31 |  * @brief Supplement::Supplement
32 |  * @param right
33 |  * Copy Constructor
34 |  */
35 | Supplement::Supplement(const Supplement &right) : Supplement(right.parent())
36 | {
37 |     *this = right;
38 | }
39 | 
40 | /**
41 |  * @brief Supplement::Supplement
42 |  * @param parent
43 |  *
44 |  * Default constructor.
45 |  */
46 | Supplement::Supplement(QObject *parent) : QObject(parent),
47 |     id(-1),
48 |     STIGId(-1),
49 |     path(),
50 |     contents()
51 | {
52 | }
53 | 
54 | /**
55 |  * @brief Supplement::GetSTIG
56 |  * @return The @a STIG associated with this @a Supplement.
57 |  */
58 | STIG Supplement::GetSTIG()
59 | {
60 |     DbManager db;
61 |     return db.GetSTIG(STIGId);
62 | }
63 | 
64 | /**
65 |  * @brief Supplement::operator =
66 |  * @param right
67 |  * @return This supplement assigned to from the right operand.
68 |  */
69 | Supplement &Supplement::operator=(const Supplement &right)
70 | {
71 |     if (this != &right)
72 |     {
73 |         id = right.id;
74 |         STIGId = right.STIGId;
75 |         path = right.path;
76 |         contents = right.contents;
77 |     }
78 |     return *this;
79 | }
80 | 
81 | /**
82 |  * @brief PrintSupplement
83 |  * @param supplement
84 |  * @return String representing the supplement's identifier
85 |  */
86 | [[nodiscard]] QString PrintSupplement(const Supplement &supplement)
87 | {
88 |     return supplement.path;
89 | }
90 | 


--------------------------------------------------------------------------------
/src/workercheckversion.cpp:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * STIGQter - STIG fun with Qt
 3 |  *
 4 |  * Copyright © 2018–2023 Jon Hood, http://www.hoodsecurity.com/
 5 |  *
 6 |  * This program is free software: you can redistribute it and/or modify
 7 |  * it under the terms of the GNU General Public License as published by
 8 |  * the Free Software Foundation, either version 3 of the License, or
 9 |  * (at your option) any later version.
10 |  *
11 |  * This program is distributed in the hope that it will be useful,
12 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14 |  * GNU General Public License for more details.
15 |  *
16 |  * You should have received a copy of the GNU General Public License
17 |  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
18 |  */
19 | 
20 | #include "workercheckversion.h"
21 | #include "common.h"
22 | #include "dbmanager.h"
23 | 
24 | /**
25 |  * @class WorkerCheckVersion
26 |  * @brief Verify that the current version of the application is the
27 |  * latest.
28 |  *
29 |  * This class pings the STIGQter server for the latest version of the
30 |  * software.
31 |  */
32 | 
33 | /**
34 |  * @brief WorkerCheckVersion::WorkerCheckVersion
35 |  * @param parent
36 |  *
37 |  * Default constructor.
38 |  */
39 | WorkerCheckVersion::WorkerCheckVersion(QObject *parent) : Worker(parent)
40 | {
41 | }
42 | 
43 | /**
44 |  * @brief WorkerCheckVersion::process
45 |  *
46 |  * Download the page that displays the version number if an update is
47 |  * needed. If the version is the latest, it displays "OK".
48 |  */
49 | void WorkerCheckVersion::process()
50 | {
51 |     Worker::process();
52 | 
53 |     Q_EMIT updateStatus("Checking for latest version.");
54 | 
55 |     //open database in this thread
56 |     Q_EMIT initialize(1, 0);
57 |     DbManager db;
58 | 
59 |     if (db.GetVariable("checkVersion").compare("true", Qt::CaseInsensitive) == 0)
60 |     {
61 |         //get the latest version
62 |         QString ret = DownloadPage(QStringLiteral("https://www.stigqter.com/update.php"));
63 |         if (!ret.isNull() && !ret.isEmpty() && !ret.startsWith(QStringLiteral("OK")))
64 |         {
65 |             Q_EMIT ThrowWarning(QStringLiteral("Please update to the latest version of STIGQter."), "Please visit <a href=\"https://www.stigqter.com/\">www.stigqter.com</a> to download version " + ret + ".");
66 |         }
67 |         else
68 |         {
69 |             Q_EMIT updateStatus("STIGQter version is up-to-date.");
70 |         }
71 |     }
72 | 
73 |     Q_EMIT finished();
74 | }
75 | 


--------------------------------------------------------------------------------
/src/stigcheck.h:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * STIGQter - STIG fun with Qt
 3 |  *
 4 |  * Copyright © 2018–2023 Jon Hood, http://www.hoodsecurity.com/
 5 |  *
 6 |  * This program is free software: you can redistribute it and/or modify
 7 |  * it under the terms of the GNU General Public License as published by
 8 |  * the Free Software Foundation, either version 3 of the License, or
 9 |  * (at your option) any later version.
10 |  *
11 |  * This program is distributed in the hope that it will be useful,
12 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14 |  * GNU General Public License for more details.
15 |  *
16 |  * You should have received a copy of the GNU General Public License
17 |  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
18 |  */
19 | 
20 | #ifndef STIGCHECK_H
21 | #define STIGCHECK_H
22 | 
23 | #include "cci.h"
24 | #include "stig.h"
25 | 
26 | #include <QObject>
27 | #include <QString>
28 | #include <QVector>
29 | 
30 | enum Severity
31 | {
32 |     high = 3,
33 |     medium = 2,
34 |     low = 1,
35 |     none = 0
36 | };
37 | 
38 | Severity GetSeverity(const QString &severity);
39 | QString GetSeverity(Severity severity, bool cat = true); //cat levels or low/mod/high
40 | 
41 | class STIGCheck : public QObject
42 | {
43 |     Q_OBJECT
44 | public:
45 |     STIGCheck(const STIGCheck& right);
46 |     explicit STIGCheck(QObject *parent = nullptr);
47 |     ~STIGCheck() override = default;
48 |     STIGCheck& operator=(const STIGCheck &right);
49 | 
50 |     int id;
51 |     int stigId;
52 |     QVector<int> cciIds;
53 |     QStringList legacyIds;
54 |     STIG GetSTIG() const;
55 |     QVector<CCI> GetCCIs() const;
56 |     QString vulnNum;
57 |     QString groupTitle;
58 |     QString ruleVersion;
59 |     QString rule;
60 |     Severity severity;
61 |     double weight;
62 |     QString title;
63 |     QString vulnDiscussion;
64 |     QString falsePositives;
65 |     QString falseNegatives;
66 |     QString fix;
67 |     QString check;
68 |     bool documentable;
69 |     QString mitigations;
70 |     QString severityOverrideGuidance;
71 |     QString checkContentRef;
72 |     QString potentialImpact;
73 |     QString thirdPartyTools;
74 |     QString mitigationControl;
75 |     QString responsibility;
76 |     QString iaControls;
77 |     QString targetKey;
78 |     bool isRemap;
79 | };
80 | 
81 | bool operator==(STIGCheck const& lhs, STIGCheck const& rhs);
82 | 
83 | Q_DECLARE_METATYPE(STIGCheck);
84 | 
85 | [[nodiscard]] QString PrintSTIGCheck(const STIGCheck &stigCheck);
86 | 
87 | [[nodiscard]] QString PrintCMRSVulnId(const STIGCheck &stigCheck);
88 | 
89 | #endif // STIGCHECK_H
90 | 


--------------------------------------------------------------------------------
/src/tabviewwidget.cpp:
--------------------------------------------------------------------------------
  1 | /*
  2 |  * STIGQter - STIG fun with Qt
  3 |  *
  4 |  * Copyright © 2020–2023 Jon Hood, http://www.hoodsecurity.com/
  5 |  *
  6 |  * This program is free software: you can redistribute it and/or modify
  7 |  * it under the terms of the GNU General Public License as published by
  8 |  * the Free Software Foundation, either version 3 of the License, or
  9 |  * (at your option) any later version.
 10 |  *
 11 |  * This program is distributed in the hope that it will be useful,
 12 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
 13 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 14 |  * GNU General Public License for more details.
 15 |  *
 16 |  * You should have received a copy of the GNU General Public License
 17 |  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 18 |  */
 19 | 
 20 | #include "tabviewwidget.h"
 21 | 
 22 | #include <QApplication>
 23 | 
 24 | /**
 25 |  * @brief TabViewWidget::TabViewWidget
 26 |  * @param parent
 27 |  *
 28 |  * Main Constructor
 29 |  */
 30 | TabViewWidget::TabViewWidget(QWidget *parent) : QWidget(parent),
 31 |     _tabIndex(-1),
 32 |     _parent(dynamic_cast<STIGQter *>(parent))
 33 | {
 34 |     connect(this, SIGNAL(CloseTab(int)), _parent, SLOT(CloseTab(int)));
 35 |     connect(this, SIGNAL(RenameTab(int, QString)), _parent, SLOT(RenameTab(int, QString)));
 36 | }
 37 | 
 38 | /**
 39 |  * @brief TabViewWidget::SetTabIndex
 40 |  * @param index
 41 |  *
 42 |  * Keep up with which index this tab is in the interface.
 43 |  */
 44 | void TabViewWidget::SetTabIndex(int index)
 45 | {
 46 |     _tabIndex = index;
 47 | }
 48 | 
 49 | /**
 50 |  * @brief TabViewWidget::GetTabType
 51 |  * @return What type of tab this is (main, Asset, or STIG)
 52 |  */
 53 | TabType TabViewWidget::GetTabType()
 54 | {
 55 |     return TabType::root;
 56 | }
 57 | 
 58 | /**
 59 |  * @brief TabViewWidget::DisableInput
 60 |  *
 61 |  * Override this function to disable user input
 62 |  */
 63 | void TabViewWidget::DisableInput()
 64 | {
 65 | }
 66 | 
 67 | /**
 68 |  * @brief TabViewWidget::DisableInput
 69 |  *
 70 |  * Override this function to enable user input
 71 |  */
 72 | void TabViewWidget::EnableInput()
 73 | {
 74 | }
 75 | 
 76 | #ifdef USE_TESTS
 77 | /**
 78 |  * @brief TabViewWidget::ProcEvents
 79 |  *
 80 |  * Override to execute run-time tests.
 81 |  */
 82 | void TabViewWidget::ProcEvents()
 83 | {
 84 |     while (!_parent->isProcessingEnabled())
 85 |     {
 86 |         QThread::sleep(1);
 87 |         QApplication::processEvents();
 88 |     }
 89 |     QApplication::processEvents();
 90 | }
 91 | 
 92 | /**
 93 |  * @brief TabViewWidget::RunTests
 94 |  *
 95 |  * Override to execute run-time tests.
 96 |  */
 97 | void TabViewWidget::RunTests()
 98 | {
 99 | }
100 | #endif
101 | 


--------------------------------------------------------------------------------
/src/STIGQter.svg:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8" standalone="no"?>
 2 | <!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
 3 | <svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:serif="http://www.serif.com/" width="100%" height="100%" viewBox="0 0 200 200" version="1.1" xml:space="preserve" style="fill-rule:evenodd;clip-rule:evenodd;stroke-linejoin:round;stroke-miterlimit:2;">
 4 |   <path d="M96.811,126.461c53.038,-67.257 49.958,-90.674 83.894,-85.511c-34.584,47.088 -46.567,66.713 -73.966,128.5l-9.928,-42.989Z"/>
 5 |   <path d="M96.389,189.918c-15.558,-21.486 -33.377,-47.067 -59.228,-65.725c15.928,-2.634 24.927,-4.043 44.655,11.884c5.738,6.627 11.554,5.763 14.573,53.841Z"/>
 6 |   <path d="M75.819,42.48c46.439,16.837 84.329,22.755 101.582,17.593c-3.873,11.242 -10.34,16.366 -8.151,33.728c-27.173,-6.625 -48.701,-5.615 -75.874,0c-1.274,-26.031 -10.43,-39.058 -17.557,-51.321Z"/>
 7 |   <path d="M85.537,125.771l3.4,2.92c35.832,-68.049 70.548,-107.987 106.971,-121.27c0.235,-0.082 0.497,0.002 0.638,0.207c0.142,0.205 0.129,0.48 -0.031,0.67c-42.227,50.312 -76.735,107.201 -101.304,172.554c-7.075,-9.074 -14.287,-17.998 -21.693,-26.738c5.477,-7.456 9.688,-17.216 12.019,-28.343Z" style="fill:#41cd52;"/>
 8 |   <path d="M67.272,111.238c0.261,-2.075 0.395,-4.204 0.395,-6.382c0,-17.825 -8.991,-32.297 -20.066,-32.297c-7.848,0 -14.65,7.268 -17.927,17.859c-6.685,-2.715 -13.378,-4.851 -20.03,-6.38c5.349,-25.453 20.334,-43.776 37.957,-43.776c22.149,0 40.132,28.944 40.132,64.594c0,7.211 -0.736,14.148 -2.129,20.608l-0.067,0.307c-2.352,11.13 -6.546,20.89 -12.019,28.343l-0.164,0.224c-6.942,9.43 -15.938,15.112 -25.753,15.112c-22.149,0 -40.131,-28.943 -40.131,-64.594c0,-5.743 0.467,-11.312 1.387,-16.582l7.497,6.473l11.189,10.347c0.073,17.716 9.033,32.059 20.058,32.059c2.981,0 5.811,-1.048 8.359,-2.967l0.133,-0.099c5.645,-4.223 9.861,-12.583 11.154,-22.649l0.025,-0.2Z"/>
 9 |   <path d="M8.857,88.274l-5.079,-4.386c-0.194,-0.16 -0.255,-0.431 -0.15,-0.659c0.105,-0.228 0.351,-0.357 0.599,-0.313c1.803,0.329 3.607,0.702 5.417,1.122l-0.369,1.619l-0.042,0.268l0.042,-0.268l0.369,-1.619c6.679,1.538 13.359,3.668 20.03,6.38c-0.099,0.312 -0.195,0.627 -0.287,0.945c0.092,-0.318 0.188,-0.633 0.287,-0.945c12.527,5.05 25.049,12.102 37.573,21.02c-1.3,10.135 -5.564,18.543 -11.287,22.748c-9.155,-10.061 -18.611,-19.79 -28.417,-29.092l-0.007,-0.238c0,-2.852 0.23,-5.619 0.665,-8.252c-0.435,2.633 -0.665,5.4 -0.665,8.252l0.007,0.238l-11.189,-10.347l-7.497,-6.473Zm19.515,7.36c-0.049,0.265 -0.097,0.532 -0.142,0.801c0.039,-0.231 0.079,-0.461 0.122,-0.69l0.02,-0.111Zm0.18,-0.913c-0.055,0.268 -0.109,0.537 -0.16,0.808c0.051,-0.271 0.105,-0.54 0.16,-0.808Zm0.328,-1.455c-0.089,0.364 -0.173,0.731 -0.253,1.101c0.08,-0.37 0.164,-0.737 0.253,-1.101Zm0.033,-0.137l-0.017,0.07l0.017,-0.07l0.019,-0.077l-0.019,0.077Zm0.433,-1.625c-0.037,0.129 -0.073,0.258 -0.109,0.387c0.036,-0.129 0.072,-0.258 0.109,-0.387Z" style="fill:#41cd52;"/>
10 | </svg>
11 | 


--------------------------------------------------------------------------------
/src/worker.cpp:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * STIGQter - STIG fun with Qt
 3 |  *
 4 |  * Copyright © 2020–2023 Jon Hood, http://www.hoodsecurity.com/
 5 |  *
 6 |  * This program is free software: you can redistribute it and/or modify
 7 |  * it under the terms of the GNU General Public License as published by
 8 |  * the Free Software Foundation, either version 3 of the License, or
 9 |  * (at your option) any later version.
10 |  *
11 |  * This program is distributed in the hope that it will be useful,
12 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14 |  * GNU General Public License for more details.
15 |  *
16 |  * You should have received a copy of the GNU General Public License
17 |  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
18 |  */
19 | 
20 | #include "dbmanager.h"
21 | #include "stigqter.h"
22 | #include "worker.h"
23 | 
24 | #include <QApplication>
25 | #include <QThread>
26 | 
27 | /**
28 |  * @class Worker
29 |  * @brief Base abstract class for thread workers
30 |  */
31 | 
32 | /**
33 |  * @brief Worker::Worker
34 |  * @param parent
35 |  *
36 |  * Default constructor.
37 |  */
38 | Worker::Worker(QObject *parent) : QObject(parent), _threadId(QString())
39 | {
40 | }
41 | 
42 | void Worker::process()
43 | {
44 |     _threadId = QString::number(reinterpret_cast<quint64>(QThread::currentThreadId()));
45 | }
46 | 
47 | /**
48 |  * @brief Worker::ConnectThreads
49 |  * @param sq
50 |  * @param blocking
51 |  *
52 |  * Connect the signals and slots and move the worker to the supplied thread.
53 |  *
54 |  * Returns the new QThread that the worker is attached to. It is up to the
55 |  * calling entity to clean up the thread.
56 |  */
57 | [[nodiscard]] QThread* Worker::ConnectThreads(STIGQter *sq, bool blocking)
58 | {
59 |     QThread *thread = new QThread();
60 |     this->moveToThread(thread);
61 |     connect(thread, SIGNAL(started()), this, SLOT(process()));
62 |     connect(this, SIGNAL(finished()), thread, SLOT(quit()));
63 |     if (sq)
64 |     {
65 |         //check if this is a blocking thread
66 |         if (blocking)
67 |         {
68 |             connect(thread, SIGNAL(finished()), sq, SLOT(CompletedThread()));
69 |             connect(this, SIGNAL(initialize(int, int)), sq, SLOT(Initialize(int, int)));
70 |             connect(this, SIGNAL(progress(int)), sq, SLOT(Progress(int)));
71 |             connect(this, SIGNAL(updateStatus(QString)), sq, SLOT(StatusChange(QString)));
72 |         }
73 |         else
74 |         {
75 |             connect(thread, SIGNAL(finished()), sq, SLOT(CompletedThreadUnblocked()));
76 |         }
77 |         connect(this, SIGNAL(ThrowWarning(QString, QString)), sq, SLOT(ShowMessage(QString, QString)));
78 |     }
79 |     return thread;
80 | }
81 | 
82 | /**
83 |  * @brief Worker::GetThreadId
84 |  * @return the thread id of the previously attached thread
85 |  */
86 | QString Worker::GetThreadId()
87 | {
88 |     return _threadId;
89 | }
90 | 


--------------------------------------------------------------------------------
/src/assetview.h:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * STIGQter - STIG fun with Qt
 3 |  *
 4 |  * Copyright © 2018–2023 Jon Hood, http://www.hoodsecurity.com/
 5 |  *
 6 |  * This program is free software: you can redistribute it and/or modify
 7 |  * it under the terms of the GNU General Public License as published by
 8 |  * the Free Software Foundation, either version 3 of the License, or
 9 |  * (at your option) any later version.
10 |  *
11 |  * This program is distributed in the hope that it will be useful,
12 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14 |  * GNU General Public License for more details.
15 |  *
16 |  * You should have received a copy of the GNU General Public License
17 |  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
18 |  */
19 | 
20 | #ifndef ASSETVIEW_H
21 | #define ASSETVIEW_H
22 | 
23 | #include "asset.h"
24 | #include "cklcheck.h"
25 | #include "stigcheck.h"
26 | #include "stigqter.h"
27 | 
28 | #include <QLabel>
29 | #include <QListWidget>
30 | #include <QProgressBar>
31 | #include <QShortcut>
32 | #include <QTimer>
33 | #include <QWidget>
34 | 
35 | #include "tabviewwidget.h"
36 | 
37 | namespace Ui {
38 | class AssetView;
39 | }
40 | 
41 | class AssetView : public TabViewWidget
42 | {
43 |     Q_OBJECT
44 | 
45 | public:
46 |     AssetView() = delete;
47 |     AssetView(const AssetView &av) = delete;
48 |     explicit AssetView(Asset &asset, QWidget *parent = nullptr);
49 |     ~AssetView() override;
50 |     void DisableInput() override;
51 |     void Display();
52 |     void EnableInput() override;
53 |     TabType GetTabType() override;
54 |     void SelectSTIGs(const QString &search = QString());
55 |     void ShowChecks(bool countOnly = false);
56 |     void UpdateCKLCheck(const CKLCheck &cklCheck);
57 |     void UpdateSTIGCheck(const STIGCheck &stigCheck);
58 | #ifdef USE_TESTS
59 |     void RunTests() override;
60 | #endif
61 | 
62 | private Q_SLOTS:
63 |     void CheckSelected(QListWidgetItem *current, QListWidgetItem *previous);
64 |     void CheckSelectedChanged();
65 |     void CountChecks();
66 |     void DeleteAsset(bool confirm = false);
67 |     void FilterSTIGs(const QString &text);
68 |     void ImportXCCDF(const QString &filename = QString());
69 |     void KeyShortcutCtrlN();
70 |     void KeyShortcutCtrlO();
71 |     void KeyShortcutCtrlR();
72 |     void KeyShortcutCtrlX();
73 |     void RenameAsset(const QString &name = QString());
74 |     void SaveCKL(const QString &name = QString());
75 |     void SaveCKLs(const QString &dir = QString());
76 |     void UpdateChecks();
77 |     void UpdateCKL();
78 |     void UpdateCKLHelper();
79 |     void UpdateCKLStatus(const QString &val);
80 |     void UpdateCKLSeverity(const QString &val);
81 |     void UpdateSTIGs();
82 |     void UpgradeCKL();
83 | 
84 | private:
85 |     Ui::AssetView *ui;
86 |     Asset _asset;
87 |     QString _justification;
88 |     QTimer _timer;
89 |     QTimer _timerChecks;
90 |     QList<QShortcut*> _shortcuts;
91 |     bool _updateStatus;
92 |     void KeyShortcut(Status action);
93 |     void SetItemColor(QListWidgetItem *i, Status stat, Severity sev);
94 |     bool _isFiltered;
95 | };
96 | 
97 | #endif // ASSETVIEW_H
98 | 


--------------------------------------------------------------------------------
/src/workerassetdelete.cpp:
--------------------------------------------------------------------------------
  1 | /*
  2 |  * STIGQter - STIG fun with Qt
  3 |  *
  4 |  * Copyright © 2021–2023 Jon Hood, http://www.hoodsecurity.com/
  5 |  *
  6 |  * This program is free software: you can redistribute it and/or modify
  7 |  * it under the terms of the GNU General Public License as published by
  8 |  * the Free Software Foundation, either version 3 of the License, or
  9 |  * (at your option) any later version.
 10 |  *
 11 |  * This program is distributed in the hope that it will be useful,
 12 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
 13 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 14 |  * GNU General Public License for more details.
 15 |  *
 16 |  * You should have received a copy of the GNU General Public License
 17 |  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 18 |  */
 19 | 
 20 | #include "dbmanager.h"
 21 | #include "workerassetdelete.h"
 22 | 
 23 | #include <QMap>
 24 | 
 25 | /**
 26 |  * @class WorkerAssetDelete
 27 |  * @brief Remove @a Assets from the internal database.
 28 |  *
 29 |  * Assets are removed from the internal database.
 30 |  */
 31 | 
 32 | /**
 33 |  * @brief WorkerAssetDelete::WorkerAssetDelete
 34 |  * @param parent
 35 |  *
 36 |  * Default constructor.
 37 |  */
 38 | WorkerAssetDelete::WorkerAssetDelete(QObject *parent) : Worker(parent)
 39 | {
 40 | }
 41 | 
 42 | /**
 43 |  * @brief WorkerSTIGDelete::AddAssets
 44 |  * @param assets
 45 |  *
 46 |  * Provide the Assets to delete.
 47 |  */
 48 | void WorkerAssetDelete::AddAssets(const QVector<Asset> &assets)
 49 | {
 50 |     _assets.append(assets);
 51 | }
 52 | 
 53 | /**
 54 |  * @brief WorkerSTIGDelete::AddAsset
 55 |  * @param asset
 56 |  *
 57 |  * Provide the Assets to delete.
 58 |  */
 59 | void WorkerAssetDelete::AddAsset(const Asset &asset)
 60 | {
 61 |     _assets.append(asset);
 62 | }
 63 | 
 64 | /**
 65 |  * @brief WorkerSTIGDelete::process
 66 |  *
 67 |  * Loop through the provided IDs and remove them from the database.
 68 |  */
 69 | void WorkerAssetDelete::process()
 70 | {
 71 |     Worker::process();
 72 | 
 73 |     //open database in this thread
 74 |     Q_EMIT initialize(2 + _assets.count(), 1);
 75 |     DbManager db;
 76 | 
 77 |     Q_EMIT updateStatus(QStringLiteral("Deleting Assets…"));
 78 |     db.DelayCommit(true);
 79 |     int numChecks = 0;
 80 | 
 81 |     QMap<Asset, QVector<STIG>> toDelete;
 82 | 
 83 |     Q_FOREACH (Asset a, _assets)
 84 |     {
 85 |         //don't double-delete assets that were double-added
 86 |         if (toDelete.keys().contains(a))
 87 |             continue;
 88 | 
 89 |         toDelete.insert(a, a.GetSTIGs());
 90 |         numChecks += toDelete.value(a).count();
 91 |     }
 92 | 
 93 |     Q_EMIT initialize(2 + _assets.count() + numChecks, 1);
 94 |     Q_EMIT progress(-1);
 95 | 
 96 |     Q_FOREACH (Asset a, toDelete.keys())
 97 |     {
 98 |         Q_EMIT updateStatus(QStringLiteral("Deleting Asset ") + PrintAsset(a) + QStringLiteral("…"));
 99 |         //remove all associated STIGs from this asset.
100 |         Q_FOREACH (const STIG &s, toDelete.value(a))
101 |         {
102 |             db.DeleteSTIGFromAsset(s, a);
103 |             Q_EMIT progress(-1);
104 |         }
105 |         db.DeleteAsset(a);
106 |         Q_EMIT progress(-1);
107 |     }
108 |     db.DelayCommit(false);
109 |     Q_EMIT progress(-1);
110 | 
111 |     //complete
112 |     Q_EMIT updateStatus(QStringLiteral("Done!"));
113 |     Q_EMIT finished();
114 | }
115 | 


--------------------------------------------------------------------------------
/src/asset.h:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * STIGQter - STIG fun with Qt
 3 |  *
 4 |  * Copyright © 2018–2023 Jon Hood, http://www.hoodsecurity.com/
 5 |  *
 6 |  * This program is free software: you can redistribute it and/or modify
 7 |  * it under the terms of the GNU General Public License as published by
 8 |  * the Free Software Foundation, either version 3 of the License, or
 9 |  * (at your option) any later version.
10 |  *
11 |  * This program is distributed in the hope that it will be useful,
12 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14 |  * GNU General Public License for more details.
15 |  *
16 |  * You should have received a copy of the GNU General Public License
17 |  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
18 |  */
19 | 
20 | #ifndef ASSET_H
21 | #define ASSET_H
22 | 
23 | #include <QList>
24 | #include <QObject>
25 | #include <QString>
26 | 
27 | #include "stig.h"
28 | 
29 | class CKLCheck;
30 | 
31 | class Asset : public QObject
32 | {
33 |     Q_OBJECT
34 | public:
35 |     Asset(const Asset &asset);
36 |     Asset(Asset &&orig) noexcept;
37 |     ~Asset() override = default;
38 |     explicit Asset(QObject *parent = nullptr);
39 |     Asset& operator=(const Asset &right);
40 |     Asset& operator=(Asset &&orig) noexcept;
41 |     QVector<STIG> GetSTIGs() const;
42 |     QVector<CKLCheck> GetCKLChecks(const STIG *stig = nullptr) const;
43 |     int id{-1}; /**< Database ID */
44 |     QString assetType{QStringLiteral("Computing")}; /**< Specifies if asset is "Computing" or "Non-Computing" */
45 |     QString hostName; /**< Unique asset identifier */
46 |     QString hostIP; /**< IP address of the asset */
47 |     QString hostMAC; /**< MAC address of the asset */
48 |     QString hostFQDN; /**< FQDN of the asset */
49 |     QString techArea; /**< Tech Area may be any of:
50 |                            "" (not set)
51 |                            "Application Review"
52 |                            "Boundary Security"
53 |                            "CDS Admin Review"
54 |                            "CDS Technical Review"
55 |                            "Database Review"
56 |                            "Domain Name System (DNS)"
57 |                            "Exchange Server"
58 |                            "Host Based System Security (HBSS)"
59 |                            "Internal Network"
60 |                            "Mobility"
61 |                            "Releasable Networks (REL)"
62 |                            "Traditional Security"
63 |                            "UNIX OS"
64 |                            "VVOIP Review"
65 |                            "Web Review"
66 |                            "Windows OS"
67 |                            "Other Review"
68 |                        */
69 |     QString targetKey; /**< Target identifier specified in STIG */
70 |     QString marking; /**< Marking (usually used for classification) */
71 |     QString targetComment; /**< Target comment specified in STIG */
72 |     bool webOrDB{false}; /**< whether the asset is a web or database asset */
73 |     QString webDbSite; /**< If webOrDatabase is true, specify the site identifier (usually node name) */
74 |     QString webDbInstance; /**< If webOrDatabase is true, specify the instance (usually the DB's name) */
75 |     friend bool operator<(const Asset &left, const Asset &right)
76 |     {
77 |         return left.hostName < right.hostName;
78 |     }
79 |     bool operator==(const Asset &right) const;
80 | };
81 | 
82 | Q_DECLARE_METATYPE(Asset);
83 | 
84 | [[nodiscard]] QString PrintAsset(const Asset &asset);
85 | 
86 | #endif // ASSET_H
87 | 


--------------------------------------------------------------------------------
/src/family.cpp:
--------------------------------------------------------------------------------
  1 | /*
  2 |  * STIGQter - STIG fun with Qt
  3 |  *
  4 |  * Copyright © 2018–2023 Jon Hood, http://www.hoodsecurity.com/
  5 |  *
  6 |  * This program is free software: you can redistribute it and/or modify
  7 |  * it under the terms of the GNU General Public License as published by
  8 |  * the Free Software Foundation, either version 3 of the License, or
  9 |  * (at your option) any later version.
 10 |  *
 11 |  * This program is distributed in the hope that it will be useful,
 12 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
 13 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 14 |  * GNU General Public License for more details.
 15 |  *
 16 |  * You should have received a copy of the GNU General Public License
 17 |  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 18 |  */
 19 | 
 20 | #include "family.h"
 21 | 
 22 | /**
 23 |  * @class Family
 24 |  * @brief A @a Family corresponds to a particular RMF checklist
 25 |  * grouping of @a Controls. The RMF hierarchy consists of
 26 |  * @a Family → @a Control → @a CCI.
 27 |  *
 28 |  * A @a Family is the largest unit of RMF by which @a Controls are
 29 |  * grouped. Normally, systems divide documentation into separate
 30 |  * @a Families.
 31 |  *
 32 |  * The standard set of Families defined by NIST 800-53rev4 is
 33 |  * @list
 34 |  * @li AC - Access Control
 35 |  * @li AU - Audit and Accountability
 36 |  * @li AT - Awareness and Training
 37 |  * @li CM - Configuration Management
 38 |  * @li CP - Contingency Planning
 39 |  * @li IA - Identification and Authentication
 40 |  * @li IR - Incident Response
 41 |  * @li MA - Maintenance
 42 |  * @li MP - Media Protection
 43 |  * @li PS - Personnel Security
 44 |  * @li PE - Physical and Environmental Protection
 45 |  * @li PL - Planning
 46 |  * @li PM - Program Management
 47 |  * @li RA - Risk Assessment
 48 |  * @li CA - Security Assessment and Authorization
 49 |  * @li SC - System and Communications Protection
 50 |  * @li SI - System and Information Integrity
 51 |  * @li SA - System and Services Acquisition
 52 |  * @endlist
 53 |  *
 54 |  * A @a Family provides a high-level, logical grouping for
 55 |  * documentation, but the level is too high for conducting any risk
 56 |  * analyses. For risk determinations, the @a CCI level should report
 57 |  * the individual weaknesses for a system, and the @a Control level
 58 |  * should roll up the highest issues identified by the @a Control's
 59 |  * @a CCIs.
 60 |  */
 61 | 
 62 | /**
 63 |  * @brief Family::Family
 64 |  * @param parent
 65 |  *
 66 |  * Default constructor.
 67 |  */
 68 | Family::Family(QObject *parent) : QObject(parent),
 69 |     id(-1),
 70 |     acronym(QStringLiteral("ZZ")),
 71 |     description(QStringLiteral("Default Family"))
 72 | {
 73 | }
 74 | 
 75 | /**
 76 |  * @brief Family::Family
 77 |  * @param right
 78 |  *
 79 |  * Copy constructor.
 80 |  */
 81 | Family::Family(const Family &right) : Family(right.parent())
 82 | {
 83 |     *this = right;
 84 | }
 85 | 
 86 | /**
 87 |  * @brief Family::operator=
 88 |  * @param right
 89 |  * @return This @a Family, copied from the assignee.
 90 |  *
 91 |  * Deep copy assignment operator.
 92 |  */
 93 | Family& Family::operator=(const Family &right)
 94 | {
 95 |     if (this != &right)
 96 |     {
 97 |         id = right.id;
 98 |         acronym = right.acronym;
 99 |         description = right.description;
100 |     }
101 |     return *this;
102 | }
103 | 
104 | /**
105 |  * @brief PrintFamily
106 |  * @param family
107 |  * @return Human-readable @a Family
108 |  */
109 | [[nodiscard]] QString PrintFamily(const Family &family)
110 | {
111 |     return family.acronym;
112 | }
113 | 


--------------------------------------------------------------------------------
/src/workermapunmapped.cpp:
--------------------------------------------------------------------------------
  1 | /*
  2 |  * STIGQter - STIG fun with Qt
  3 |  *
  4 |  * Copyright © 2019–2023 Jon Hood, http://www.hoodsecurity.com/
  5 |  *
  6 |  * This program is free software: you can redistribute it and/or modify
  7 |  * it under the terms of the GNU General Public License as published by
  8 |  * the Free Software Foundation, either version 3 of the License, or
  9 |  * (at your option) any later version.
 10 |  *
 11 |  * This program is distributed in the hope that it will be useful,
 12 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
 13 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 14 |  * GNU General Public License for more details.
 15 |  *
 16 |  * You should have received a copy of the GNU General Public License
 17 |  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 18 |  */
 19 | 
 20 | #include "asset.h"
 21 | #include "common.h"
 22 | #include "dbmanager.h"
 23 | #include "stig.h"
 24 | #include "stigcheck.h"
 25 | #include "workermapunmapped.h"
 26 | 
 27 | #include <QDateTime>
 28 | #include <QFile>
 29 | #include <QXmlStreamWriter>
 30 | 
 31 | /**
 32 |  * @class WorkerMapUnmapped
 33 |  * @brief Map STIGChecks that are not part of the eMASS TRExport report to
 34 |  * CM-6, CCI-366.
 35 |  *
 36 |  * Many systems have STIGs that map against controls not included in their
 37 |  * categorization baseline or tailoring. These findings can be remapped to
 38 |  * CM-6.
 39 |  */
 40 | 
 41 | /**
 42 |  * @brief WorkerMapUnmapped::WorkerMapUnmapped
 43 |  * @param parent
 44 |  *
 45 |  * Default constructor.
 46 |  */
 47 | WorkerMapUnmapped::WorkerMapUnmapped(QObject *parent) : Worker(parent)
 48 | {
 49 | }
 50 | 
 51 | /**
 52 |  * @brief WorkerMapUnmapped::process
 53 |  *
 54 |  * Cycle through every STIGCheck and make sure each is mapped against an
 55 |  * RMF control that's in use in eMASS.
 56 |  */
 57 | void WorkerMapUnmapped::process()
 58 | {
 59 |     Worker::process();
 60 | 
 61 |     Q_EMIT updateStatus(QStringLiteral("Enumerating STIG Checks…"));
 62 |     DbManager db;
 63 |     QVector<STIGCheck> stigchecks = db.GetSTIGChecks();
 64 |     Q_EMIT initialize(stigchecks.count(), 0);
 65 | 
 66 |     QVector<CCI> remapCCIs = db.GetRemapCCIs();
 67 |     QVector<int> remapCCIIds;
 68 |     Q_FOREACH (CCI c, remapCCIs)
 69 |     {
 70 |         remapCCIIds.append(c.id);
 71 |     }
 72 | 
 73 |     Q_FOREACH (STIGCheck check, stigchecks)
 74 |     {
 75 |         bool updateCheck = false;
 76 | 
 77 |         //step one - see if this STIG Check is already an imported one
 78 |         if (check.isRemap)
 79 |         {
 80 |             check.cciIds.clear();
 81 |         }
 82 |         else
 83 |         {
 84 |             //step two - make sure that each of the CCIs are in the import
 85 |             Q_FOREACH (CCI c, check.GetCCIs())
 86 |             {
 87 |                 if (!c.isImport)
 88 |                 {
 89 |                     check.cciIds.removeAll(c.id);
 90 |                     updateCheck = true;
 91 |                 }
 92 |             }
 93 |         }
 94 | 
 95 |         //step three - remap to CM-6
 96 |         if (check.cciIds.isEmpty())
 97 |         {
 98 |             Q_FOREACH (CCI c, remapCCIs)
 99 |             {
100 |                 check.cciIds.append(c.id);
101 |             }
102 |             check.isRemap = true;
103 |             updateCheck = true;
104 |         }
105 | 
106 |         //step four - write the changes
107 |         if (updateCheck)
108 |         {
109 |             Q_EMIT updateStatus(QStringLiteral("Updating mapping for ") + PrintSTIGCheck(check) + QStringLiteral("…"));
110 |             db.UpdateSTIGCheck(check);
111 |         }
112 |         Q_EMIT progress(-1);
113 |     }
114 | 
115 |     Q_EMIT updateStatus(QStringLiteral("Done!"));
116 |     Q_EMIT finished();
117 | }
118 | 


--------------------------------------------------------------------------------
/src/workerstigdownload.cpp:
--------------------------------------------------------------------------------
  1 | /*
  2 |  * STIGQter - STIG fun with Qt
  3 |  *
  4 |  * Copyright © 2019–2023 Jon Hood, http://www.hoodsecurity.com/
  5 |  *
  6 |  * This program is free software: you can redistribute it and/or modify
  7 |  * it under the terms of the GNU General Public License as published by
  8 |  * the Free Software Foundation, either version 3 of the License, or
  9 |  * (at your option) any later version.
 10 |  *
 11 |  * This program is distributed in the hope that it will be useful,
 12 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
 13 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 14 |  * GNU General Public License for more details.
 15 |  *
 16 |  * You should have received a copy of the GNU General Public License
 17 |  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 18 |  */
 19 | 
 20 | #include "common.h"
 21 | #include "dbmanager.h"
 22 | #include "stig.h"
 23 | #include "stigcheck.h"
 24 | #include "workerstigdownload.h"
 25 | 
 26 | #include "workerstigadd.h"
 27 | #include <QTemporaryFile>
 28 | #include <QMap>
 29 | 
 30 | /**
 31 |  * @class WorkerSTIGDownload
 32 |  * @brief Download the latest quarterly STIG release from DISA and
 33 |  * add the checklists to the internal database.
 34 |  *
 35 |  * The main source of STIG and SRG information is from DISA. They
 36 |  * publish a quarterly STIG release that is downloaded and processed
 37 |  * in this worker.
 38 |  */
 39 | 
 40 | /**
 41 |  * @brief WorkerSTIGDownload::WorkerSTIGDownload
 42 |  * @param parent
 43 |  *
 44 |  * Default constructor.
 45 |  */
 46 | WorkerSTIGDownload::WorkerSTIGDownload(QObject *parent) : Worker(parent),
 47 |     _enableSupplements(false)
 48 | {
 49 | }
 50 | 
 51 | /**
 52 |  * @brief WorkerSTIGDownload::SetEnableSupplements
 53 |  * @param enableSupplements
 54 |  *
 55 |  * Sets whether to enable or disable importing the STIG supplementary
 56 |  * material into the DB
 57 |  */
 58 | void WorkerSTIGDownload::SetEnableSupplements(bool enableSupplements)
 59 | {
 60 |     _enableSupplements = enableSupplements;
 61 | }
 62 | 
 63 | /**
 64 |  * @brief WorkerSTIGDownload::process
 65 |  *
 66 |  * Download the STIG library and process it as a .zip file of .zip
 67 |  * files. Assume that each .zip file within the main archive is a
 68 |  * STIG and attempt to parse it.
 69 |  */
 70 | void WorkerSTIGDownload::process()
 71 | {
 72 |     Worker::process();
 73 | 
 74 |     //get the list of STIG .zip files selected
 75 |     Q_EMIT initialize(2, 1);
 76 |     Q_EMIT updateStatus(QStringLiteral("Downloading quarterly…"));
 77 | 
 78 |     QTemporaryFile tmpFile;
 79 |     if (tmpFile.open())
 80 |     {
 81 |         DbManager db;
 82 |         QUrl stigs(db.GetVariable(QStringLiteral("quarterly")));
 83 |         DownloadFile(stigs, &tmpFile);
 84 |         //get all zip files within the master zip file
 85 |         Q_EMIT updateStatus(QStringLiteral("Extracting and adding STIGs…"));
 86 |         auto stigFiles = GetFilesFromZip(tmpFile.fileName(), QStringLiteral(".zip"));
 87 |         Q_EMIT initialize(stigFiles.count() + 2, 2);
 88 |         //assume that each zip file within the archive is its own STIG and try to process it
 89 |         QMap<QString, QByteArray>::iterator i;
 90 |         for (i = stigFiles.begin(); i != stigFiles.end(); ++i)
 91 |         {
 92 |             Q_EMIT updateStatus("Parsing " + i.key() + "…");
 93 |             WorkerSTIGAdd tmpWorker;
 94 |             tmpWorker.SetEnableSupplements(_enableSupplements);
 95 |             QTemporaryFile tmpFile2;
 96 |             if (tmpFile2.open())
 97 |             {
 98 |                 tmpFile2.write(i.value());
 99 |             }
100 |             tmpFile2.close();
101 |             QStringList tmpList;
102 |             tmpList.push_back(tmpFile2.fileName());
103 |             tmpWorker.AddSTIGs(tmpList);
104 |             tmpWorker.process();
105 |             Q_EMIT progress(-1);
106 |         }
107 |         tmpFile.close();
108 |     }
109 |     Q_EMIT updateStatus(QStringLiteral("Done!"));
110 |     Q_EMIT finished();
111 | }
112 | 


--------------------------------------------------------------------------------
/src/stigqter.h:
--------------------------------------------------------------------------------
  1 | /*
  2 |  * STIGQter - STIG fun with Qt
  3 |  *
  4 |  * Copyright © 2018–2023 Jon Hood, http://www.hoodsecurity.com/
  5 |  *
  6 |  * This program is free software: you can redistribute it and/or modify
  7 |  * it under the terms of the GNU General Public License as published by
  8 |  * the Free Software Foundation, either version 3 of the License, or
  9 |  * (at your option) any later version.
 10 |  *
 11 |  * This program is distributed in the hope that it will be useful,
 12 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
 13 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 14 |  * GNU General Public License for more details.
 15 |  *
 16 |  * You should have received a copy of the GNU General Public License
 17 |  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 18 |  */
 19 | 
 20 | #ifndef STIGQTER_H
 21 | #define STIGQTER_H
 22 | 
 23 | #include <QMainWindow>
 24 | #include <QSettings>
 25 | #include <QShortcut>
 26 | 
 27 | #include "dbmanager.h"
 28 | #include "help.h"
 29 | #include "worker.h"
 30 | 
 31 | namespace Ui {
 32 |     class STIGQter;
 33 | }
 34 | 
 35 | class STIGQter : public QMainWindow
 36 | {
 37 |     Q_OBJECT
 38 | 
 39 | public:
 40 |     explicit STIGQter(QWidget *parent = nullptr);
 41 |     ~STIGQter();
 42 |     bool isProcessingEnabled();
 43 |     QThread* ConnectThreads(Worker *worker, bool blocking = true);
 44 |     void Display();
 45 |     void UpdateSTIGs();
 46 | #ifdef USE_TESTS
 47 |     void ProcEvents();
 48 |     void RunTests();
 49 | #endif
 50 | 
 51 | private Q_SLOTS:
 52 | 
 53 |     void CompletedThread();
 54 |     void CompletedThreadUnblocked();
 55 | 
 56 |     Help* About();
 57 |     void AddAsset(const QString &name = QString());
 58 |     void AddSTIGs();
 59 |     void CheckVersion();
 60 |     void CloseTab(int index);
 61 |     void DeleteAssets();
 62 |     void DeleteCCIs();
 63 |     void DeleteEmass();
 64 |     void DeleteSTIGs();
 65 |     void DownloadSTIGs();
 66 |     void EditSTIG();
 67 |     void ExportCKLs(const QString &dir = QString());
 68 |     void ExportCKLsMonolithic(const QString &dir = QString());
 69 |     void ExportCMRS(const QString &fileName = QString());
 70 |     void ExportEMASS(const QString &fileName = QString());
 71 |     void ExportHTML(const QString &dir = QString());
 72 |     void FilterSTIGs(const QString &text);
 73 |     void FindingsReport(const QString &fileName = QString());
 74 |     void ImportCKLs(const QStringList &fileNames = {});
 75 |     void ImportEMASS(const QString &fileName = QString());
 76 |     void ImportEmassControl(const QString &fileName = QString());
 77 |     void Load(const QString &fileName = QString());
 78 |     void MapUnmapped(bool confirm = false);
 79 |     void OpenCKL();
 80 |     void POAMTemplate(const QString &fileName = QString(), bool APNumLevel = true);
 81 |     void POAMTemplateControl(const QString &fileName = QString());
 82 |     void RemapChanged(int checkState);
 83 |     void RenameTab(int index, const QString &title);
 84 |     bool Reset(bool checkOnly = false);
 85 |     void Save();
 86 |     void SaveAs(const QString &fileName = QString());
 87 |     void SelectAsset();
 88 |     void SelectSTIG();
 89 |     void StatusChange(const QString &status);
 90 |     void ShowMessage(const QString &title, const QString &message);
 91 |     void SupplementsChanged(int checkState);
 92 |     void UpdateCCIs();
 93 | 
 94 |     void Initialize(int max, int val = 0);
 95 |     void Progress(int val);
 96 | 
 97 | private:
 98 |     Ui::STIGQter *ui;
 99 |     QList<QThread *> threads;
100 |     QList<Worker *> workers;
101 |     bool _updatedAssets;
102 |     bool _updatedCCIs;
103 |     bool _updatedSTIGs;
104 |     QString lastSaveLocation;
105 |     QList<QShortcut*> _shortcuts;
106 |     void closeEvent(QCloseEvent *event);
107 |     void CleanThreads();
108 |     void DisableInput();
109 |     void DisplayAssets();
110 |     void DisplayCCIs();
111 |     void DisplaySTIGs(const QString &search = QString());
112 |     void EnableInput();
113 |     void UpdateRemapButton();
114 |     bool _isFiltered;
115 | };
116 | 
117 | #endif // STIGQTER_H
118 | 


--------------------------------------------------------------------------------
/src/workercklupgrade.cpp:
--------------------------------------------------------------------------------
  1 | /*
  2 |  * STIGQter - STIG fun with Qt
  3 |  *
  4 |  * Copyright © 2022–2023 Jon Hood, http://www.hoodsecurity.com/
  5 |  *
  6 |  * This program is free software: you can redistribute it and/or modify
  7 |  * it under the terms of the GNU General Public License as published by
  8 |  * the Free Software Foundation, either version 3 of the License, or
  9 |  * (at your option) any later version.
 10 |  *
 11 |  * This program is distributed in the hope that it will be useful,
 12 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
 13 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 14 |  * GNU General Public License for more details.
 15 |  *
 16 |  * You should have received a copy of the GNU General Public License
 17 |  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 18 |  */
 19 | 
 20 | #include "asset.h"
 21 | #include "cklcheck.h"
 22 | #include "common.h"
 23 | #include "dbmanager.h"
 24 | #include "workercklupgrade.h"
 25 | #include "workerstigadd.h"
 26 | 
 27 | #include <QFile>
 28 | #include <QTemporaryFile>
 29 | #include <QUrlQuery>
 30 | #include <QXmlStreamReader>
 31 | 
 32 | /**
 33 |  * @class WorkerCKLUpgrade
 34 |  * @brief Upgrade a CKL file to a newer version
 35 |  */
 36 | 
 37 | /**
 38 |  * @brief WorkerCKLUpgrade::WorkerCKLUpgrade
 39 |  * @param parent
 40 |  *
 41 |  * Default constructor.
 42 |  */
 43 | WorkerCKLUpgrade::WorkerCKLUpgrade(QObject *parent) : Worker(parent)
 44 | {
 45 | }
 46 | 
 47 | /**
 48 |  * @brief WorkerCKLUpgrade::AddCKLs
 49 |  * @param ckls
 50 |  *
 51 |  * Add the provided CKLs to the queue for processing.
 52 |  */
 53 | void WorkerCKLUpgrade::AddSTIG(const Asset &asset, const STIG &stig)
 54 | {
 55 |     _asset = asset;
 56 |     _stig = stig;
 57 | }
 58 | 
 59 | /**
 60 |  * @brief WorkerCKLUpgrade::process
 61 |  *
 62 |  * Begin cycling through the queue of CKL files to process.
 63 |  */
 64 | void WorkerCKLUpgrade::process()
 65 | {
 66 |     Worker::process();
 67 | 
 68 |     Q_EMIT initialize(_stig.GetSTIGChecks().count() + 1, 0);
 69 |     DbManager db;
 70 |     db.DelayCommit(true);
 71 | 
 72 |     Q_FOREACH (STIG s, db.GetSTIGs())
 73 |     {
 74 |         if (s != _stig)
 75 |         {
 76 |             if (
 77 |                     (s.title == _stig.title) &&
 78 |                     (
 79 |                         (s.version > _stig.version) ||
 80 |                         ((s.version == _stig.version) && (s.release.compare(_stig.release) > 0))
 81 |                     ) &&
 82 |                     (!_asset.GetSTIGs().contains(s))
 83 |                 )
 84 |             {
 85 |                 //found STIG to upgrade to
 86 |                 db.AddSTIGToAsset(s, _asset);
 87 |                 db.DelayCommit(true);
 88 |                 QVector<CKLCheck> oldChecks = _asset.GetCKLChecks(&_stig);
 89 |                 Q_FOREACH (CKLCheck ckl, _asset.GetCKLChecks(&s))
 90 |                 {
 91 |                     Q_EMIT updateStatus("Updating " + PrintCKLCheck(ckl) + "...");
 92 |                     bool updated = false;
 93 |                     Q_FOREACH(CKLCheck cklOld, oldChecks)
 94 |                     {
 95 |                         if (cklOld.GetSTIGCheck().vulnNum == ckl.GetSTIGCheck().vulnNum)
 96 |                         {
 97 |                             ckl.status = cklOld.status;
 98 |                             ckl.findingDetails = cklOld.findingDetails;
 99 |                             ckl.comments = cklOld.comments;
100 |                             ckl.severityOverride = cklOld.severityOverride;
101 |                             ckl.severityJustification = cklOld.severityJustification;
102 |                             db.UpdateCKLCheck(ckl);
103 |                             updated = true;
104 |                             Q_EMIT progress(-1);
105 |                             break;
106 |                         }
107 |                     }
108 |                     if (updated)
109 |                         continue;
110 |                 }
111 |                 db.DelayCommit(false);
112 |                 break;
113 |             }
114 |         }
115 |     }
116 |     Q_EMIT updateStatus(QStringLiteral("Done!"));
117 |     Q_EMIT finished();
118 | }
119 | 


--------------------------------------------------------------------------------
/CHANGES.md:
--------------------------------------------------------------------------------
  1 | ## 1.2.7
  2 | -   Fix duplicate rules in DFR (fixes #122)
  3 | -   Update truncation method of DFR text (fixes #123)
  4 | 
  5 | ## 1.2.6 20230807
  6 | -   Update for blank column T (fixes #118)
  7 | -   Auto NA marking (fixes #119)
  8 | -   Enhanced DFR vulnerability information output (fixes #120)
  9 | -   Updated appveyor building to fix QTBUG-114243
 10 | 
 11 | ## 1.2.5 20230606
 12 | -   Add extra control information to Detailed Findings Report (fixes #116)
 13 | -   Add fix text to detailed findings report (fixes #114)
 14 | -   Ad Remote Inheritance Instance column (fixes #115)
 15 | 
 16 | ## 1.2.4 20221123
 17 | -   Documentation Updates
 18 | -   STIG checklist upgrader
 19 | 
 20 | ## 1.2.3 20220525
 21 | -   XML schema validation with newest STIGViewer (fixes #112)
 22 | 
 23 | ## 1.2.2 20220505
 24 | -   Emergency release to fix #111 - corrupted CCI list from DISA
 25 | 
 26 | ## 1.2.1 20220418
 27 | -   Emergency release to fix #106 - moving of CCI list
 28 | 
 29 | ## 1.2.0 20220408
 30 | -   Display defect density in DFR (fixes #110)
 31 | 
 32 | ## 1.1.4 20220404
 33 | -   Accept Control Info Export report (fixes #99)
 34 | -   Support for STIG Viewer 2.16 (fixes #103)
 35 | -   Multiuser support (fixes #87)
 36 | 
 37 | ## 1.1.3 20210730
 38 | -   Fix POA&M issues (fixes #97)
 39 | 
 40 | ## 1.1.2 20210624
 41 | -   Add POA&M report (fixes #94)
 42 | -   Fix eMASS TRExport (fixes #96)
 43 | 
 44 | ## 1.1.1 20210323
 45 | -   Build monolithic CKLs (fixes #91)
 46 | -   Don't block UI when on a disconnected system (fixes #92)
 47 | -   New location for RMF controls (fixes #93)
 48 | -   Autodownload of missing STIGs (fixes #78)
 49 | 
 50 | ## 1.1.0 20210305
 51 | -   Build Debian packages automatically
 52 | -   Fix LEGACY IDs for exported CKL files
 53 | -   Allow deletion of multiple Assets (issue #83)
 54 | 
 55 | ## 1.0.2 20201214
 56 | -   General fixes and code cleanups
 57 | -   Change to the eMASS Test Result Import (issue #85)
 58 | -   Fix case sensitivity of asset names (issue #82)
 59 | -   Fix import of Splunk STIG (issue #86)
 60 | -   Update quarterly STIG release information (issues #89 and #90)
 61 | -   Export individual CKLs for an asset (issue #79)
 62 | 
 63 | ## 1.0.1 20200706
 64 | -   General fixes and code cleanups
 65 | -   Fix very verbose debugging (issue #57)
 66 | -   Add "Fix Text" contents to Detailed Findings Report (issue #64)
 67 | -   Add STIG editor (issue #59)
 68 | -   Support new STIG format with legacy IDs (issue #69)
 69 | -   Allow mapping to all CCIs under CM-6 (issue #70)
 70 | -   Indexing fixes (issue #77)
 71 | -   New logo
 72 | 
 73 | ## 1.0.0 20200131
 74 | -   Stabilized database (reverse compatibility will be maintained)
 75 | -   Updated Detailed Findings Report (issues #41, #34)
 76 | -   Updates for eMASS Test Results (issues #42, #43, #48)
 77 | -   Affordability fixes (issues #45, #46, #44)
 78 | -   General code cleanups and spelling fixes
 79 | -   Addition of STIG Quarterly Download
 80 | -   Addition of User's Guide (issue #7)
 81 | -   Addition of logging layer
 82 | -   Selectable accordion text (issue #54)
 83 | -   Filter STIG list on main interface and Asset viewer (issue #55)
 84 | 
 85 | ## 0.1.6 20190827
 86 | 
 87 | -   Updated eMASS Test Result report (issue #38)
 88 | -   CKL export fixes (issue #32)
 89 | -   CCI mapping fixes (issue #37)
 90 | -   Last save/open location is preserved
 91 | -   Double free fixed (Coverity Scan results)
 92 | 
 93 | ## 0.1.5 20190704
 94 | 
 95 | -   Support for Partial eMASS Test Result Import
 96 | 
 97 | ## 0.1.4 20190323
 98 | 
 99 | -   CMRS import/export
100 | -   Automated check for latest version of software
101 | 
102 | ## 0.1.3 20190318
103 | 
104 | -   HTML output of STIG results
105 | -   Performance improvements
106 | 
107 | ## 0.1.2 20190228
108 | 
109 | -   Save to external .stigqter file
110 | -   Filter remaining STIGCheck list
111 | 
112 | ## 0.1.1 20190221
113 | 
114 | -   Support for eMASS TR report
115 | -   XCCDF/SCAP input
116 | 
117 | ## 0.1.0 20190102
118 | 
119 | -   First public beta
120 | -   Autosave CKL information to the database on a timer
121 | -   Keyboard shortcuts added
122 | -   Detailed Findings Report
123 | 
124 | ## 0.0.2 20181218
125 | 
126 | -   Second internal alpha release, select STIGs for inclusion in CKL file
127 | 
128 | ## 0.0.1 20181215
129 | 
130 | -   First internal alpha release, display CKL information
131 | 


--------------------------------------------------------------------------------
/.github/workflows/sonarcloud.yml:
--------------------------------------------------------------------------------
 1 | name: SonarCloud
 2 | 
 3 | on:
 4 |   workflow_dispatch:
 5 |   schedule:
 6 |     - cron: "0 0 * * 1"
 7 | 
 8 | jobs:
 9 |   analyze:
10 |     name: Code Coverage
11 |     runs-on: ubuntu-latest
12 | 
13 |     strategy:
14 |       fail-fast: false
15 | 
16 |     env:
17 |       DISPLAY: :0
18 |       SONAR_SCANNER_VERSION: 4.4.0.2170
19 |       SONAR_SCANNER_OPTS: -server
20 |       GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
21 |       SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
22 |       KRITIKA_TOKEN: ${{ secrets.KRITIKA_TOKEN }}
23 |       TRAVIS_COMMIT: ${{ github.sha }}
24 |       LC_ALL: en
25 | 
26 |     steps:
27 |     - name: Set SONAR_SCANNER_HOME
28 |       run: echo "SONAR_SCANNER_HOME=$HOME/.sonar/sonar-scanner-$SONAR_SCANNER_VERSION-linux" >> $GITHUB_ENV
29 |     - name: Checkout Repo
30 |       uses: actions/checkout@v2
31 |     - name: update
32 |       run: sudo apt-get update
33 |     - name: set timezone
34 |       run: sudo ln -fs /usr/share/zoneinfo/America/Chicago /etc/localtime
35 | #    - name: install latex dependencies
36 | #      run: DEBIAN_FRONTEND="noninteractive" sudo apt-get install -q -y --force-yes texlive-luatex texlive-latex-recommended texlive-latex-extra texlive-fonts-extra texlive-fonts-extra-links texlive-bibtex-extra biber
37 |     - name: install dependencies
38 |       run: DEBIAN_FRONTEND="noninteractive" sudo apt-get install -q -y --force-yes qtbase5-dev qt5-qmake libzip-dev cmake g++ debhelper dpkg-dev xvfb libxkbcommon-x11-0 libxcb-icccm4 libxcb-image0 libxcb-keysyms1 libxcb-randr0 libxcb-render-util0 libxcb-xinerama0 libxcb-xinput0 libxcb-xfixes0 libdevel-cover-perl lcov cpanminus zlib1g-dev libminizip-dev libssl-dev
39 |     - name: start xvfb
40 |       run: sudo /usr/bin/Xvfb $DISPLAY -screen 0 1280x1024x24 &
41 |     - name: download libxlsxwriter
42 |       run: pushd /tmp && wget https://github.com/jmcnamara/libxlsxwriter/archive/RELEASE_1.1.5.tar.gz && tar -zxf RELEASE_1.1.5.tar.gz && popd
43 |     - name: build libxlsxwriter
44 |       run: pushd /tmp/libxlsxwriter-RELEASE_1.1.5 && echo -e "SET(CPACK_GENERATOR \"DEB\")\nset(CPACK_PACKAGE_NAME \"libxlsxwriter\")\nSET(CPACK_DEBIAN_PACKAGE_MAINTAINER \"jwh0011@auburn.edu\")\nset(CPACK_PACKAGE_VERSION \"1.1.5\")\nINCLUDE(CPack)" >> CMakeLists.txt && /usr/bin/cmake ./ && make -j3 && cpack && popd
45 |     - name: install libxlsxwriter
46 |       run: sudo dpkg -i /tmp/libxlsxwriter-RELEASE_1.1.5/libxlsxwriter-1.1.5-Linux.deb
47 |     - name: Download Sonar Scanner
48 |       run: curl --create-dirs -sSLo $HOME/.sonar/sonar-scanner.zip https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-$SONAR_SCANNER_VERSION-linux.zip
49 |     - name: Unzip Sonar Scanner
50 |       run: unzip -o $HOME/.sonar/sonar-scanner.zip -d $HOME/.sonar/
51 |     - name: Download Sonar Build Wrapper
52 |       run: curl --create-dirs -sSLo $HOME/.sonar/build-wrapper-linux-x86.zip https://sonarcloud.io/static/cpp/build-wrapper-linux-x86.zip
53 |     - name: Unzip Sonar Build Wrapper
54 |       run: unzip -o $HOME/.sonar/build-wrapper-linux-x86.zip -d $HOME/.sonar/
55 |     - name: Add Sonar Build Wrapper to PATH
56 |       run: echo "$HOME/.sonar/build-wrapper-linux-x86" >> $GITHUB_PATH
57 |     - name: Configure STIGQter to build tests
58 |       run: echo "DEFINES += USE_TESTS" >> STIGQter.pro
59 |     - name: qmake STIGQter
60 |       run: qmake STIGQter.pro
61 |     - name: Configure STIGQter to generate code coverage stats
62 |       run: sed -i -e 's:-O2:-O0 -fprofile-arcs -ftest-coverage -fno-exceptions -fno-inline:g' -e 's:-Wl,-O1:-Wl,-O1 -lgcov --coverage:g' Makefile
63 |     - name: Build STIGQter
64 |       run: build-wrapper-linux-x86-64 --out-dir bw-output make -j3
65 |     - name: Run STIGQter tests
66 |       run: ./STIGQter tests
67 |     - name: Run gcov
68 |       run: for x in src/*.cpp; do gcov --branch-probabilities --branch-counts ${x} -o .; done
69 |     - name: Add Sonar Scanner to PATH
70 |       run: echo "$SONAR_SCANNER_HOME/bin" >> $GITHUB_PATH
71 |     - name: Run Sonar Scanner
72 |       run: rm -rf tests/*.ckl && sonar-scanner -Dsonar.organization=squinky86 -Dsonar.projectKey=squinky86_STIGQter -Dsonar.projectName=STIGQter -Dsonar.projectVersion=1.2.4 -Dsonar.sources=./src/ -Dsonar.cfamily.build-wrapper-output=bw-output -Dsonar.cfamily.threads=2 -Dsonar.cfamily.gcov.reportsPath=. -Dsonar.host.url=https://sonarcloud.io
73 |     - name: Run codecov.io
74 |       run: bash <(curl -s https://codecov.io/bash)
75 |     - name: Build LCOV files
76 |       run: mkdir -p coverage && lcov --capture --directory . --output-file coverage/lcov.info
77 |     - name: Run Coveralls
78 |       uses: coverallsapp/github-action@master
79 |       with:
80 |         github-token: ${{ secrets.GITHUB_TOKEN }}
81 |     - name: Run gcov2perl
82 |       run: gcov2perl *.gcov
83 | 


--------------------------------------------------------------------------------
/src/control.cpp:
--------------------------------------------------------------------------------
  1 | /*
  2 |  * STIGQter - STIG fun with Qt
  3 |  *
  4 |  * Copyright © 2018–2023 Jon Hood, http://www.hoodsecurity.com/
  5 |  *
  6 |  * This program is free software: you can redistribute it and/or modify
  7 |  * it under the terms of the GNU General Public License as published by
  8 |  * the Free Software Foundation, either version 3 of the License, or
  9 |  * (at your option) any later version.
 10 |  *
 11 |  * This program is distributed in the hope that it will be useful,
 12 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
 13 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 14 |  * GNU General Public License for more details.
 15 |  *
 16 |  * You should have received a copy of the GNU General Public License
 17 |  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 18 |  */
 19 | 
 20 | #include "control.h"
 21 | #include "dbmanager.h"
 22 | 
 23 | /**
 24 |  * @class Control
 25 |  * @brief A @a Control corresponds to a particular RMF checklist
 26 |  * grouping of assessment procedures. The RMF hierarchy consists of
 27 |  * @a Family → @a Control → @a CCI.
 28 |  *
 29 |  * A @a Control is the base unit of RMF by which assessment scoring
 30 |  * takes place. Risk calculations roll up and are reported at the
 31 |  * @a Control level to provide management with a high-level overview
 32 |  * of the security posture of a system.
 33 |  *
 34 |  * Selection of applicable controls is performed by baselining and
 35 |  * tailoring the system's capabilities and security needs.
 36 |  */
 37 | 
 38 | /**
 39 |  * @brief Control::Control
 40 |  * @param parent
 41 |  *
 42 |  * Default constructor.
 43 |  */
 44 | Control::Control(QObject *parent) : QObject(parent),
 45 |     id(-1),
 46 |     familyId(-1),
 47 |     number(0),
 48 |     enhancement(),
 49 |     title(),
 50 |     description(),
 51 |     importSeverity(),
 52 |     importRelevanceOfThreat(),
 53 |     importLikelihood(),
 54 |     importImpact(),
 55 |     importImpactDescription(),
 56 |     importResidualRiskLevel(),
 57 |     importRecommendations()
 58 | {
 59 | }
 60 | 
 61 | /**
 62 |  * @brief Control::Control
 63 |  * @param right
 64 |  *
 65 |  * Copy constructor.
 66 |  */
 67 | Control::Control(const Control &right) : Control(right.parent())
 68 | {
 69 |     *this = right;
 70 | }
 71 | 
 72 | /**
 73 |  * @brief Control::GetFamily
 74 |  * @return The @a Family associated with this @a Control
 75 |  */
 76 | Family Control::GetFamily() const
 77 | {
 78 |     DbManager db;
 79 |     return db.GetFamily(familyId);
 80 | }
 81 | 
 82 | QVector<CCI> Control::GetCCIs() const
 83 | {
 84 |     DbManager db;
 85 |     return db.GetCCIs(*this);
 86 | }
 87 | 
 88 | /**
 89 |  * @brief Control::operator=
 90 |  * @param right
 91 |  * @return This @a Control, copied from the assignee.
 92 |  *
 93 |  * Deep copy assignment operator.
 94 |  */
 95 | Control& Control::operator=(const Control &right)
 96 | {
 97 |     if (this != &right)
 98 |     {
 99 |         id = right.id;
100 |         familyId = right.familyId;
101 |         number = right.number;
102 |         enhancement = right.enhancement;
103 |         title = right.title;
104 |         description = right.description;
105 | 	importSeverity = right.importSeverity;
106 | 	importRelevanceOfThreat = right.importRelevanceOfThreat;
107 | 	importLikelihood = right.importLikelihood;
108 | 	importImpact = right.importImpact;
109 | 	importImpactDescription = right.importImpactDescription;
110 | 	importResidualRiskLevel = right.importResidualRiskLevel;
111 | 	importRecommendations = right.importRecommendations;
112 |     }
113 |     return *this;
114 | }
115 | 
116 | /**
117 |  * @brief Control::IsImport
118 |  * @return @c True when a CCI has been imported under this control.
119 |  * Otherwise, @c false.
120 |  */
121 | bool Control::IsImport() const
122 | {
123 |     Q_FOREACH (auto cci, GetCCIs())
124 |     {
125 |         if (cci.isImport)
126 |             return true;
127 |     }
128 |     return false;
129 | }
130 | 
131 | /**
132 |  * @brief Control::operator==
133 |  * @param right
134 |  * @return @c True when the @a Control entities refer to the same
135 |  * @a Control. Otherwise, @c false.
136 |  */
137 | bool operator==(Control const& lhs, Control const& rhs)
138 | {
139 |     return (PrintControl(lhs).compare(PrintControl(rhs), Qt::CaseInsensitive) == 0);
140 | }
141 | 
142 | /**
143 |  * @brief PrintControl
144 |  * @param control
145 |  * @return Human-readable @a Control
146 |  */
147 | [[nodiscard]] QString PrintControl(const Control &control)
148 | {
149 |     QString ret = control.GetFamily().acronym + "-" + QString::number(control.number);
150 |     if (control.enhancement > 0)
151 |         ret.append("(" + QString::number(control.enhancement) + ")");
152 |     return ret;
153 | }
154 | 


--------------------------------------------------------------------------------
/appveyor.yml:
--------------------------------------------------------------------------------
 1 | version: 1.2.7.{build}
 2 | image: Ubuntu2004
 3 | platform: x64
 4 | environment:
 5 |   CFLAGS: -Os -mtune=generic -pipe
 6 |   CXXFLAGS: -Os -mtune=generic -pipe
 7 |   QMAKE_CFLAGS: -m64 -Os -mtune=generic -pipe
 8 |   QMAKE_CXXFLAGS: -m64 -Os -mtune=generic -pipe
 9 | build_script:
10 | - sh: >-
11 |     sudo add-apt-repository ppa:rncbc/qt6.5-static-focal
12 | 
13 |     sudo add-apt-repository ppa:cybermax-dexter/mingw-w64-backport
14 | 
15 |     sudo apt-get update
16 | 
17 |     sudo apt-get install -y texlive-luatex texlive-latex-recommended texlive-latex-extra texlive-fonts-extra texlive-fonts-extra-links texlive-bibtex-extra biber gcc-mingw-w64-x86-64 g++-mingw-w64-x86-64 upx-ucl advancecomp qtbase6.5-static
18 | 
19 |     echo -e "set(CMAKE_SYSTEM_NAME Windows)\nset(TOOLCHAIN_PREFIX x86_64-w64-mingw32)\nset(CMAKE_C_COMPILER \${TOOLCHAIN_PREFIX}-gcc)\nset(CMAKE_CXX_COMPILER \${TOOLCHAIN_PREFIX}-g++)\nset(CMAKE_Fortran_COMPILER \${TOOLCHAIN_PREFIX}-gfortran)\nset(CMAKE_RC_COMPILER \${TOOLCHAIN_PREFIX}-windres)\nset(CMAKE_FIND_ROOT_PATH_MODE_PROGRAM NEVER)\nset(CMAKE_FIND_ROOT_PATH_MODE_LIBRARY ONLY)\nset(CMAKE_FIND_ROOT_PATH_MODE_INCLUDE ONLY)\nset(CMAKE_FIND_ROOT_PATH /usr/x86_64-w64-mingw32 /)\nset(CMAKE_C_FLAGS_RELEASE \"-m64 -Os -mtune=generic\")\nset(CMAKE_CXX_FLAGS_RELEASE \"-m64 -Os -mtune=generic\")" > /tmp/profile.cmake
20 | 
21 |     pushd /tmp && wget https://github.com/zlib-ng/zlib-ng/archive/refs/tags/2.2.4.tar.gz && tar -zxf 2.2.4.tar.gz && popd
22 | 
23 |     pushd /tmp/zlib-ng-2.2.4 && cmake ./ -DCMAKE_TOOLCHAIN_FILE=/tmp/profile.cmake -DBUILD_SHARED_LIBS=OFF -DZLIB_COMPAT=ON -DZLIB_ENABLE_TESTS=OFF && make -j3 && popd
24 | 
25 |     pushd /tmp && wget https://www.openssl.org/source/openssl-3.0.16.tar.gz && tar -zxf openssl-3.0.16.tar.gz && popd
26 | 
27 |     pushd /tmp/openssl-3.0.16 && ./Configure mingw64 no-shared no-asm no-err no-tests CROSS_COMPILE=x86_64-w64-mingw32- CFLAGS="${CFLAGS}" CXXFLAGS="${CXXFLAGS}" && make -j3 && popd
28 | 
29 |     pushd /tmp && wget https://libzip.org/download/libzip-1.11.3.tar.xz && tar -xf libzip-1.11.3.tar.xz && popd
30 | 
31 |     pushd /tmp/libzip-1.11.3 && cmake ./ -DCMAKE_TOOLCHAIN_FILE=/tmp/profile.cmake -DBUILD_SHARED_LIBS=OFF -DZLIB_INCLUDE_DIR=/tmp/zlib-ng-2.2.4 -DZLIB_LIBRARY=/tmp/zlib-ng-2.2.4/libz.a -DOPENSSL_ROOT_DIR=/tmp/openssl-3.0.16 -DCMAKE_C_STANDARD_LIBRARIES="-lws2_32 -lcrypt32" && make -j3 && popd
32 | 
33 |     pushd /tmp && wget https://github.com/jmcnamara/libxlsxwriter/archive/RELEASE_1.2.1.tar.gz && tar -zxf RELEASE_1.2.1.tar.gz && popd
34 | 
35 |     pushd /tmp/libxlsxwriter-RELEASE_1.2.1 && sed -i -e 's:REQUIRED "1.0":"1.0" REQUIRED:g' CMakeLists.txt && cmake -DUSE_STANDARD_TMPFILE=OFF -DCMAKE_TOOLCHAIN_FILE=/tmp/profile.cmake -DBUILD_SHARED_LIBS=OFF -DZLIB_INCLUDE_DIR=/tmp/zlib-ng-2.2.4 -DZLIB_LIBRARY=/tmp/zlib-ng-2.2.4/libz.a -DUSE_OPENSSL_MD5=ON -DCMAKE_C_FLAGS=-I/tmp/openssl-3.0.16/include -DOPENSSL_ROOT_DIR=/tmp/openssl-3.0.16 && make -j3 && popd
36 | 
37 |     pushd /tmp && wget https://download.qt.io/official_releases/qt/6.5/6.5.5/submodules/qtbase-everywhere-src-6.5.5.tar.xz && tar -xf qtbase-everywhere-src-6.5.5.tar.xz && popd
38 | 
39 |     sudo update-alternatives --set x86_64-w64-mingw32-gcc /usr/bin/x86_64-w64-mingw32-gcc-posix
40 | 
41 |     sudo update-alternatives --set x86_64-w64-mingw32-g++ /usr/bin/x86_64-w64-mingw32-g++-posix
42 | 
43 |     pushd /tmp/qtbase-everywhere-src-6.5.5 && ./configure -prefix /tmp/qt -no-vulkan -no-feature-sql-odbc -sql-sqlite -platform linux-g++-64 -qt-host-path /opt/qt6.5-static -xplatform win32-g++ -device-option CROSS_COMPILE=x86_64-w64-mingw32- -release -opengl desktop -mp -static -static-runtime -no-shared -nomake examples -no-icu -optimize-size -openssl-linked -- -DOPENSSL_ROOT_DIR=/tmp/openssl-3.0.16 -DCMAKE_TOOLCHAIN_FILE=/tmp/profile.cmake && cmake --build . && cmake --install . && popd
44 | 
45 |     sed -i -e '/^LIBS/d' STIGQter.pro
46 | 
47 |     echo "LIBS += /tmp/libzip-1.11.3/lib/libzip.a /tmp/libxlsxwriter-RELEASE_1.2.1/libxlsxwriter.a /tmp/zlib-ng-2.2.4/libz.a" >> STIGQter.pro
48 | 
49 |     echo "INCLUDEPATH += /tmp/libzip-1.11.3/lib /tmp/libzip-1.11.3 /tmp/libxlsxwriter-RELEASE_1.2.1/include" >> STIGQter.pro
50 | 
51 |     /tmp/qt/bin/qmake STIGQter.pro
52 | 
53 |     sed -i -e 's:-O2:-Os -mtune=generic:g' Makefile.Release
54 | 
55 |     sed -i -e 's:-loleaut32 ::g' Makefile.Release #fix for https://bugreports.qt.io/browse/QTBUG-114243
56 | 
57 |     sed -i -e 's:-lshell32:-lshell32 -loleaut32:g' Makefile.Release
58 | 
59 |     make -j3
60 | 
61 |     pushd doc && ./build.sh && mv UsersGuide.pdf ../ && popd
62 | 
63 |     upx-ucl --force --lzma --best -o STIGQter-nightly.exe release/STIGQter.exe
64 | 
65 |     zip -9 STIGQter-nightly.zip STIGQter-nightly.exe CHANGES.md LICENSE README.md UsersGuide.pdf
66 | 
67 |     advzip --recompress -4 --iter 100 STIGQter-nightly.zip
68 | artifacts:
69 | - path: STIGQter-nightly.zip
70 |   name: STIGQter-nightly
71 | 


--------------------------------------------------------------------------------
/STIGQter.pro:
--------------------------------------------------------------------------------
  1 | #-------------------------------------------------
  2 | #
  3 | # Project created by QtCreator 2018-11-04T19:47:11
  4 | #
  5 | # STIGQter - STIG fun with Qt
  6 | #
  7 | # Copyright © 2018–2023 Jon Hood, http://www.hoodsecurity.com/
  8 | #
  9 | # This program is free software: you can redistribute it and/or modify
 10 | # it under the terms of the GNU General Public License as published by
 11 | # the Free Software Foundation, either version 3 of the License, or
 12 | # (at your option) any later version.
 13 | #
 14 | # This program is distributed in the hope that it will be useful,
 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of
 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 17 | # GNU General Public License for more details.
 18 | #
 19 | # You should have received a copy of the GNU General Public License
 20 | # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 21 | #
 22 | #-------------------------------------------------
 23 | 
 24 | QT       += core gui network sql xml
 25 | 
 26 | greaterThan(QT_MAJOR_VERSION, 4): QT += widgets
 27 | 
 28 | TARGET = STIGQter
 29 | TEMPLATE = app
 30 | 
 31 | # The following define makes your compiler emit warnings if you use
 32 | # any feature of Qt which has been marked as deprecated (the exact warnings
 33 | # depend on your compiler). Please consult the documentation of the
 34 | # deprecated API in order to know how to port your code away from it.
 35 | DEFINES += QT_DEPRECATED_WARNINGS
 36 | 
 37 | # You can also make your code fail to compile if you use deprecated APIs.
 38 | # In order to do so, uncomment the following line.
 39 | # You can also select to disable deprecated APIs only up to a certain version of Qt.
 40 | #DEFINES += QT_DISABLE_DEPRECATED_BEFORE=0x060000    # disables all the APIs deprecated before Qt 6.0.0
 41 | 
 42 | CONFIG += c++1z
 43 | 
 44 | SOURCES += \
 45 |     src/asset.cpp \
 46 |     src/assetview.cpp \
 47 |     src/cci.cpp \
 48 |     src/cklcheck.cpp \
 49 |     src/common.cpp \
 50 |     src/control.cpp \
 51 |     src/dbmanager.cpp \
 52 |     src/family.cpp \
 53 |     src/help.cpp \
 54 |     src/main.cpp \
 55 |     src/stig.cpp \
 56 |     src/stigcheck.cpp \
 57 |     src/stigedit.cpp \
 58 |     src/stigqter.cpp \
 59 |     src/supplement.cpp \
 60 |     src/tabviewwidget.cpp \
 61 |     src/worker.cpp \
 62 |     src/workerassetadd.cpp \
 63 |     src/workerassetdelete.cpp \
 64 |     src/workercciadd.cpp \
 65 |     src/workerccidelete.cpp \
 66 |     src/workercheckversion.cpp \
 67 |     src/workerckl.cpp \
 68 |     src/workercklexport.cpp \
 69 |     src/workercklimport.cpp \
 70 |     src/workercklupgrade.cpp \
 71 |     src/workercmrsexport.cpp \
 72 |     src/workeremassreport.cpp \
 73 |     src/workerfindingsreport.cpp \
 74 |     src/workerhtml.cpp \
 75 |     src/workerimportemass.cpp \
 76 |     src/workerimportemasscontrol.cpp \
 77 |     src/workermapunmapped.cpp \
 78 |     src/workerpoamreport.cpp \
 79 |     src/workerstigadd.cpp \
 80 |     src/workerstigdelete.cpp \
 81 |     src/workerstigdownload.cpp
 82 | 
 83 | HEADERS += \
 84 |     src/asset.h \
 85 |     src/assetview.h \
 86 |     src/cci.h \
 87 |     src/cklcheck.h \
 88 |     src/common.h \
 89 |     src/control.h \
 90 |     src/dbmanager.h \
 91 |     src/family.h \
 92 |     src/help.h \
 93 |     src/stig.h \
 94 |     src/stigcheck.h \
 95 |     src/stigedit.h \
 96 |     src/stigqter.h \
 97 |     src/supplement.h \
 98 |     src/tabviewwidget.h \
 99 |     src/worker.h \
100 |     src/workerassetadd.h \
101 |     src/workerassetdelete.h \
102 |     src/workercciadd.h \
103 |     src/workerccidelete.h \
104 |     src/workercheckversion.h \
105 |     src/workerckl.h \
106 |     src/workercklexport.h \
107 |     src/workercklimport.h \
108 |     src/workercklupgrade.h \
109 |     src/workercmrsexport.h \
110 |     src/workeremassreport.h \
111 |     src/workerfindingsreport.h \
112 |     src/workerhtml.h \
113 |     src/workerimportemass.h \
114 |     src/workerimportemasscontrol.h \
115 |     src/workermapunmapped.h \
116 |     src/workerpoamreport.h \
117 |     src/workerstigadd.h \
118 |     src/workerstigdelete.h \
119 |     src/workerstigdownload.h
120 | 
121 | FORMS += \
122 |     src/assetview.ui \
123 |     src/help.ui \
124 |     src/stigedit.ui \
125 |     src/stigqter.ui
126 | 
127 | # Default rules for deployment.
128 | qnx: target.path = /tmp/$${TARGET}/bin
129 | else: unix:!android: target.path = $${PREFIX}/bin
130 | !isEmpty(target.path): INSTALLS += target
131 | 
132 | LIBS += -lzip -lxlsxwriter -lz
133 | 
134 | INCLUDEPATH = src
135 | 
136 | RC_FILE = STIGQter.rc
137 | 
138 | DISTFILES += \
139 |     tests/emassTRImport.xlsx
140 | 
141 | resources.files = \
142 |     src/U_CCI_List.xml \
143 |     src/800-53-rev4-controls.xml
144 | resources.prefix = /dod
145 | 
146 | RESOURCES = resources
147 | 


--------------------------------------------------------------------------------
/src/workercklexport.cpp:
--------------------------------------------------------------------------------
  1 | /*
  2 |  * STIGQter - STIG fun with Qt
  3 |  *
  4 |  * Copyright © 2019–2023 Jon Hood, http://www.hoodsecurity.com/
  5 |  *
  6 |  * This program is free software: you can redistribute it and/or modify
  7 |  * it under the terms of the GNU General Public License as published by
  8 |  * the Free Software Foundation, either version 3 of the License, or
  9 |  * (at your option) any later version.
 10 |  *
 11 |  * This program is distributed in the hope that it will be useful,
 12 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
 13 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 14 |  * GNU General Public License for more details.
 15 |  *
 16 |  * You should have received a copy of the GNU General Public License
 17 |  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 18 |  */
 19 | 
 20 | #include "common.h"
 21 | #include "dbmanager.h"
 22 | #include "workerckl.h"
 23 | #include "workercklexport.h"
 24 | 
 25 | #include <QDir>
 26 | #include <QThread>
 27 | #include <QXmlStreamWriter>
 28 | 
 29 | /**
 30 |  * @class WorkerCKLExport
 31 |  * @brief Export a STIG Viewer-compatible version of the results in a
 32 |  * CKL file.
 33 |  *
 34 |  * Many systems and tools require data in a CKL file containing
 35 |  * @a STIG @a CKLCheck data. This background worker takes a directory
 36 |  * as input and generates individual CKL files for each @a Asset ↔
 37 |  * @a STIG relationship.
 38 |  *
 39 |  * To comply with eMASS' Asset Manager, only unique mappings between
 40 |  * @a Asset and @a STIG are allowed.
 41 |  */
 42 | 
 43 | /**
 44 |  * @brief WorkerCKLExport::WorkerCKLExport
 45 |  * @param parent
 46 |  *
 47 |  * Default constructor.
 48 |  */
 49 | WorkerCKLExport::WorkerCKLExport(QObject *parent) : Worker(parent),
 50 |     _assetName(),
 51 |     _monolithic(false)
 52 | {
 53 | }
 54 | 
 55 | /**
 56 |  * @brief WorkerCKLExport::SetAssetName
 57 |  * @param assetName
 58 |  *
 59 |  * Set the asset name for the CKLs that will be exported.
 60 |  */
 61 | void WorkerCKLExport::SetAssetName(const QString &assetName)
 62 | {
 63 |     _assetName = assetName;
 64 | }
 65 | 
 66 | /**
 67 |  * @brief WorkerCKLExport::SetExportDir
 68 |  * @param dir
 69 |  *
 70 |  * Set the output directory. This is the directory where all of the
 71 |  * individual CKL files will be exported to.
 72 |  */
 73 | void WorkerCKLExport::SetExportDir(const QString &dir)
 74 | {
 75 |     _dirName = dir;
 76 | }
 77 | 
 78 | /**
 79 |  * @brief WorkerCKLExport::SetMonolithic
 80 |  * @param monolithic
 81 |  *
 82 |  * Sets whether the CKL files will be monolithic (per Asset) or
 83 |  * not (per-STIG).
 84 |  */
 85 | void WorkerCKLExport::SetMonolithic(const bool monolithic)
 86 | {
 87 |     _monolithic = monolithic;
 88 | }
 89 | 
 90 | /**
 91 |  * @brief WorkerCKLExport::process
 92 |  *
 93 |  * Using the provided output directory of SetExportDir(), generate
 94 |  * a STIG CKL file for every @a Asset when set to monolithic mode,
 95 |  * or generate every combination of @a Asset ↔ @a STIG mapping
 96 |  * stored in the database and build individual CKL files for each
 97 |  * mapping.
 98 |  */
 99 | void WorkerCKLExport::process()
100 | {
101 |     Worker::process();
102 |     Q_EMIT updateStatus(QStringLiteral("Building CKL Files…"));
103 | 
104 |     //append all assets (or a single-provided asset) to the list to generate
105 |     DbManager db;
106 |     QVector<Asset> assets;
107 |     if (_assetName.isEmpty())
108 |     {
109 |         assets.append(db.GetAssets());
110 |     }
111 |     else
112 |     {
113 |         assets.append(db.GetAsset(_assetName));
114 |     }
115 | 
116 |     //build a new thread for each CKL file to generate
117 |     Q_EMIT initialize(assets.count(), 0);
118 | 
119 |     Q_FOREACH (Asset a, assets)
120 |     {
121 |         Q_EMIT updateStatus("Building CKL Files for " + PrintAsset(a) + "…");
122 |         //monolithic - one CKL file per asset
123 |         if (_monolithic)
124 |         {
125 |             WorkerCKL wc;
126 |             wc.AddFilename(QDir(_dirName).filePath(PrintAsset(a) + "-monolithic.ckl"));
127 |             wc.AddAsset(a);
128 |             wc.process();
129 |         }
130 |         //not monolithic - one CKL file per asset/stig combo
131 |         else
132 |         {
133 |             Q_FOREACH (STIG s, a.GetSTIGs())
134 |             {
135 |                 WorkerCKL wc;
136 |                 wc.AddFilename(QDir(_dirName).filePath(SanitizeFile(PrintAsset(a) + "_" + s.title + "_V" + QString::number(s.version) + "R" + QString::number(GetReleaseNumber(s.release))) + ".ckl"));
137 |                 wc.AddAsset(a, {s});
138 |                 wc.process();
139 |             }
140 |         }
141 |         Q_EMIT progress(-1);
142 |     }
143 | 
144 |     Q_EMIT updateStatus(QStringLiteral("Done!"));
145 |     Q_EMIT finished();
146 | }
147 | 


--------------------------------------------------------------------------------
/src/workerassetadd.cpp:
--------------------------------------------------------------------------------
  1 | /*
  2 |  * STIGQter - STIG fun with Qt
  3 |  *
  4 |  * Copyright © 2018–2023 Jon Hood, http://www.hoodsecurity.com/
  5 |  *
  6 |  * This program is free software: you can redistribute it and/or modify
  7 |  * it under the terms of the GNU General Public License as published by
  8 |  * the Free Software Foundation, either version 3 of the License, or
  9 |  * (at your option) any later version.
 10 |  *
 11 |  * This program is distributed in the hope that it will be useful,
 12 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
 13 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 14 |  * GNU General Public License for more details.
 15 |  *
 16 |  * You should have received a copy of the GNU General Public License
 17 |  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 18 |  */
 19 | 
 20 | #include "dbmanager.h"
 21 | #include "workerassetadd.h"
 22 | 
 23 | /**
 24 |  * @class WorkerAssetAdd
 25 |  * @brief When adding an @a Asset, several database consistency
 26 |  * operations must be performed. This worker process adds the new
 27 |  * @a Asset, maps any selected @a STIG to the new @a Asset, and maps
 28 |  * each @a CKLCheck to its respective @a STIGCheck in that @a STIG.
 29 |  *
 30 |  * Due to the potentially large number of operations and mappings,
 31 |  * this process is set up as a background thread that reports its
 32 |  * progress and completion.
 33 |  */
 34 | 
 35 | /**
 36 |  * @brief WorkerAssetAdd::WorkerAssetAdd
 37 |  * @param parent
 38 |  *
 39 |  * Default constructor.
 40 |  */
 41 | WorkerAssetAdd::WorkerAssetAdd(QObject *parent) : Worker(parent)
 42 | {
 43 | }
 44 | 
 45 | /**
 46 |  * @brief WorkerAssetAdd::AddAsset
 47 |  * @param asset
 48 |  *
 49 |  * Add an @a Asset to the database once the worker process is
 50 |  * initialized.
 51 |  */
 52 | void WorkerAssetAdd::AddAsset(const Asset &asset)
 53 | {
 54 |     _toAdd = asset;
 55 | }
 56 | 
 57 | /**
 58 |  * @brief WorkerAssetAdd::AddSTIG
 59 |  * @param stig
 60 |  *
 61 |  * Add a @a STIG to be mapped once the @a Asset is added to the
 62 |  * database when the worker process is initialized.
 63 |  */
 64 | void WorkerAssetAdd::AddSTIG(const STIG &stig)
 65 | {
 66 |     _toMapSTIGs.append(stig);
 67 | }
 68 | 
 69 | /**
 70 |  * @brief WorkerAssetAdd::process
 71 |  *
 72 |  * Perform the operations of this worker process.
 73 |  *
 74 |  * @example process
 75 |  * @title process
 76 |  *
 77 |  * This function should be kicked off as a background task. It emits
 78 |  * signals that describe its progress and state.
 79 |  *
 80 |  * @code
 81 |  * QThread *thread = new QThread;
 82 |  * WorkerAssetAdd *addAsset = new WorkerAssetAdd();
 83 |  * addAsset->moveToThread(thread); // move the asset to the new thread
 84 |  * addAsset->AddAsset(asset); // "asset" is an instance of an Asset that will be added to the DB
 85 |  * addAsset->AddSTIG(stig); // "stig" is an instance of a STIG that will be mapped to the new "asset" once it's inserted into the database.
 86 |  * connect(thread, SIGNAL(started()), addAsset, SLOT(process())); // Start the worker when the new thread emits its started() signal.
 87 |  * connect(addAsset, SIGNAL(finished()), thread, SLOT(quit())); // Kill the thread once the worker emits its finished() signal.
 88 |  * connect(thread, SIGNAL(finished()), this, SLOT(EndFunction()));  // execute some EndFunction() (custom code) when the thread is cleaned up.
 89 |  * connect(addAsset, SIGNAL(initialize(int, int)), this, SLOT(Initialize(int, int))); // If progress status is needed, connect a custom Initialize(int, int) function to the initialize slot.
 90 |  * connect(addAsset, SIGNAL(progress(int)), this, SLOT(Progress(int))); // If progress status is needed, connect the progress slot to a custom Progress(int) function.
 91 |  * connect(addAsset, SIGNAL(updateStatus(QString)), ui->lblStatus, SLOT(setText(QString))); // If progress status is needed, connect a human-readable display of the status to the updateStatus(QString) slot.
 92 |  * t->start(); // Start the thread
 93 |  *
 94 |  * //Don't forget to handle the *thread and *addAsset cleanup!
 95 |  * @endcode
 96 |  */
 97 | void WorkerAssetAdd::process()
 98 | {
 99 |     Worker::process();
100 | 
101 |     DbManager db;
102 |     //get the list of STIGs to add to this asset
103 |     Q_EMIT initialize(_toMapSTIGs.count() + 1, 0);
104 | 
105 |     //add asset to DB
106 |     Asset a;
107 |     a.hostName = _toAdd.hostName;
108 |     if (db.AddAsset(a))
109 |     {
110 |         Q_EMIT updateStatus("Adding asset " + PrintAsset(a));
111 |         Q_EMIT progress(-1);
112 |         //loop through STIGs and add to new asset
113 |         Q_FOREACH(STIG s, _toMapSTIGs)
114 |         {
115 |             Q_EMIT updateStatus("Adding " + PrintSTIG(s) + " to " + PrintAsset(a) + "…");
116 |             db.AddSTIGToAsset(s, a);
117 |             Q_EMIT progress(-1);
118 |         }
119 |     }
120 |     Q_EMIT updateStatus(QStringLiteral("Done!"));
121 |     Q_EMIT finished();
122 | }
123 | 


--------------------------------------------------------------------------------
/LICENSE.spdx:
--------------------------------------------------------------------------------
  1 | SPDXVersion: SPDX-2.3
  2 | DataLicense: CC0-1.0
  3 | SPDXID: SPDXRef-DOCUMENT
  4 | DocumentName: STIGQter-1.2.6
  5 | DocumentNamespace: https://github.com/squinky86/STIGQter/releases/download/1.2.6
  6 | Creator: Person: Jon Hood (hoodsecurity.com)
  7 | Created: 2023-08-18T01:46:00Z
  8 | LicenseListVersion: 3.17
  9 | 
 10 | # Package: STIGQter
 11 | 
 12 | PackageName: STIGQter
 13 | SPDXID: SPDXRef-Package-STIGQter
 14 | PackageVersion: 1.2.6
 15 | PackageOriginator: Person: Jon Hood (hoodsecurity.com)
 16 | PackageFileName: STIGQter-1.2.6.zip
 17 | PackageDownloadLocation: https://github.com/squinky86/STIGQter/releases/download/1.2.6/STIGQter-1.2.6.zip
 18 | FilesAnalyzed: true
 19 | PackageVerificationCode: 0ffb010eb5ca1f132d118bc6b829f7418bc1e89f
 20 | PackageHomePage: https://www.stigqter.com/
 21 | PackageChecksum: SHA3-512: 5af37aee69450340f4e9cc7d99d0420d5a5aeaa294154bfd196405cd66f05bbb4173b657da7172de288e29f3ac1bcc2e515a21f25cd9307d35bdd35015d50dd8
 22 | PackageChecksum: BLAKE2b-512: 044204ecd8163053f45d78a48a47c18f92fa3d72703dcc85df0c554e8503d00d818c6cdcf142eee88e87d7a72c3c0973491e309186274e0c96ab4b79c00ddc0a
 23 | PackageLicenseConcluded: GPL-3.0-or-later
 24 | PackageLicenseInfoFromFiles: GPL-3.0-or-later
 25 | PackageLicenseDeclared: GPL-3.0-or-later
 26 | PackageCopyrightText: <text>Copyright 2018-2023 Jon Hood</text>
 27 | 
 28 | Relationship: SPDXRef-DOCUMENT DESCRIBES SPDXRef-Package-STIGQter
 29 | 
 30 | FileName: ./CHANGES.md
 31 | SPDXID: SPDXRef-Package-STIGQter-changelog
 32 | FileChecksum: SHA1: be86cb17e386a64c53ae222756d777120845a2bd
 33 | 
 34 | FileName: ./LICENSE
 35 | SPDXID: SPDXRef-Package-STIGQter-license
 36 | FileChecksum: SHA1: 31a3d460bb3c7d98845187c716a30db81c44b615
 37 | 
 38 | FileName: ./README.md
 39 | SPDXID: SPDXRef-Package-STIGQter-readme
 40 | FileChecksum: SHA1: a13991b2d06eebdc9779e32aa5bd2f7ccd352c48
 41 | 
 42 | FileName: ./STIGQter.exe
 43 | SPDXID: SPDXRef-Package-STIGQter-binary
 44 | FileChecksum: SHA1: 3754817d02c841da3594b8f7e05dbcafb4f2693d
 45 | 
 46 | FileName: ./UsersGuide.pdf
 47 | SPDXID: SPDXRef-Package-STIGQter-guide
 48 | FileChecksum: SHA1: e703c985ce075f1b7c1e4c8bba993252cde16080
 49 | 
 50 | # DIRECT DEPENDENCIES
 51 | 
 52 | # libzip (minimum required: 1.5.1)
 53 | PackageName: libzip
 54 | SPDXID: SPDXRef-Package-libzip
 55 | PackageVersion: 1.10.0
 56 | PackageDownloadLocation: https://libzip.org/download/libzip-1.10.0.tar.xz
 57 | PackageHomePage: https://libzip.org/
 58 | PackageChecksum: SHA3-512: d9c99bfa7eec8b069cf2701270be09441b4e865b3a1579cd773c20bb08c559021c2b9c7f650f910676ddb1528387bbf19fa8b8df69a924338a11b21d923590c0
 59 | PackageChecksum: BLAKE2b-512: 97c663df66afe0e61fc48a69f0f2b16a4c4ad5feef91eaef9850df8effb92356aa223da2e9628d7e9b9ef79fc59ff6667907d5143c0281ca6474e8324f749949
 60 | PackageLicenseConcluded: BSD-3-Clause
 61 | PackageLicenseDeclared: BSD-3-Clause
 62 | FilesAnalyzed: false
 63 | 
 64 | # libxlsxwriter (minimum required: 0.8)
 65 | PackageName: libxlsxwriter
 66 | SPDXID: SPDXRef-Package-libxlsxwriter
 67 | PackageVersion: 1.1.5
 68 | PackageDownloadLocation: https://github.com/jmcnamara/libxlsxwriter/archive/RELEASE_1.1.5.tar.gz
 69 | PackageHomePage: https://libxlsxwriter.github.io/
 70 | PackageChecksum: SHA3-512: 10fbd9993914e07643539f7e8d78959858f7274fb1ea6e40d425e3ba7b2c105c63537961f9ba424bbef7f4639c8bd8baa5ca0e96fe5f3f630057b068bdf991d9
 71 | PackageChecksum: BLAKE2b-512: f9e2fde83bde852b4568b8ce82a28ad75e6e8d1ca6f3683ac2308d28707e7e4874facf8eac2ce9b4b9fdcc96d8b775dd69eefb2f976f564323a278a3dad032d0
 72 | PackageLicenseConcluded: BSD-2-Clause-Views
 73 | PackageLicenseDeclared: BSD-2-Clause-Views
 74 | FilesAnalyzed: false
 75 | 
 76 | # Qt (minimum required: 6.0)
 77 | PackageName: Qt
 78 | SPDXID: SPDXRef-Package-Qt
 79 | PackageVersion: 6.5.2
 80 | PackageDownloadLocation: https://download.qt.io/official_releases/qt/6.5/6.5.2/single/qt-everywhere-src-6.5.2.tar.xz
 81 | PackageHomePage: https://qt.io/
 82 | PackageChecksum: SHA3-512: 6ccce59f945df38a4552a2cb1e69638f43edbcebdbe4e09e5f86317bb46df502ca28ca55d616985b27a71a346fbc427490c16873476337c76e49a5adcca50bc4
 83 | PackageChecksum: BLAKE2b-512: 942398c2f7f94dd7f4100da10d59b6db9367fb00ff5f1560ff13a59416b37f0737f500e5f3991ecdeb0ab404cf495518cc5444353730c75ee7050bcdb5c1fe3a
 84 | PackageLicenseConcluded: LGPL-3.0-only
 85 | PackageLicenseDeclared: LGPL-3.0-only
 86 | FilesAnalyzed: false
 87 | 
 88 | # SECONDARY DEPENDENCIES built into the binary
 89 | 
 90 | # zlib-ng (required by libzip and Qt)
 91 | PackageName: zlib-ng
 92 | SPDXID: SPDXRef-Package-xlib-ng
 93 | PackageVersion: 2.1.3
 94 | PackageDownloadLocation: https://github.com/zlib-ng/zlib-ng/archive/refs/tags/2.1.3.tar.gz
 95 | PackageHomePage: https://github.com/zlib-ng/zlib-ng
 96 | PackageChecksum: SHA3-512: cb18fd535c0e9b8276b28552fca3df0f090c88e1a142e737b3888438da62125036542963e5b33a9d01e549787e0ee1691b81c35bf0517c6528e2d72cfcd403e7
 97 | PackageChecksum: BLAKE2b-512: f3c93e1ed6aa6d008915a69de92d58b1646fd41ae6c97fbdab9d921fd30c7931a42cf5dccd8911d52142960174a04df54d6ab557cc7c902930fc8609c31fbee9
 98 | PackageLicenseConcluded: Zlib
 99 | PackageLicenseDeclared: Zlib
100 | FilesAnalyzed: false
101 | 
102 | # openssl (required by Qt for TLS connections {eg: to https://public.cyber.mil/})
103 | PackageName: OpenSSL
104 | SPDXID: SPDXRef-Package-OpenSSL
105 | PackageVersion: 3.0.10
106 | PackageDownloadLocation: https://www.openssl.org/source/openssl-3.0.10.tar.gz
107 | PackageHomePage: https://openssl.org/
108 | PackageChecksum: SHA3-512: 871b257d997febc41b41dc2900d7f0b7549eee5d00e33de7467855c5ed6222c5773703c0fd137daf591847d26f56996cc73a43a67bf130ad58d82c6e43bae698
109 | PackageChecksum: BLAKE2b-512: 8bb3bd02b8dc64441ebfea98c4778d3ee0794540186904371a5aed81cb4f6d6903809bf97faafbc2a719617353234484f0d610f2806621229131fdad343f7231
110 | PackageLicenseConcluded: Apache-2.0
111 | PackageLicenseDeclared: Apache-2.0
112 | FilesAnalyzed: false
113 | 


--------------------------------------------------------------------------------
/src/asset.cpp:
--------------------------------------------------------------------------------
  1 | /*
  2 |  * STIGQter - STIG fun with Qt
  3 |  *
  4 |  * Copyright © 2018–2023 Jon Hood, http://www.hoodsecurity.com/
  5 |  *
  6 |  * This program is free software: you can redistribute it and/or modify
  7 |  * it under the terms of the GNU General Public License as published by
  8 |  * the Free Software Foundation, either version 3 of the License, or
  9 |  * (at your option) any later version.
 10 |  *
 11 |  * This program is distributed in the hope that it will be useful,
 12 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
 13 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 14 |  * GNU General Public License for more details.
 15 |  *
 16 |  * You should have received a copy of the GNU General Public License
 17 |  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 18 |  */
 19 | 
 20 | #include "asset.h"
 21 | #include "cklcheck.h"
 22 | #include "dbmanager.h"
 23 | 
 24 | /**
 25 |  * @class Asset
 26 |  * @brief An Asset is a single node, database, or element that would
 27 |  * usually be represented by an entry in a system's hardware/software
 28 |  * list.
 29 |  *
 30 |  * An Asset is a way to group checklist files in a logical way.
 31 |  * Projects may have many assets, and an asset may contain many
 32 |  * checklists.
 33 |  *
 34 |  * Once an asset has been created, the individual checklists for that
 35 |  * asset are selected. An asset may contain only unique checklists.
 36 |  * For example, the asset "Computer 1" containing Windows 10 would
 37 |  * only contain one checklist for Windows 10. When the example asset
 38 |  * contains multiple installations of Windows 10 (such as may be the
 39 |  * case for a multi-boot system), the differing installations should
 40 |  * be given unique asset names (and be seen as separate assets).
 41 |  */
 42 | 
 43 | /**
 44 |  * @brief Asset::Asset
 45 |  * @param parent
 46 |  *
 47 |  * The default constructor sets up an empty Asset.
 48 |  */
 49 | Asset::Asset(QObject *parent) : QObject(parent)
 50 | {
 51 | }
 52 | 
 53 | /**
 54 |  * @brief Asset::Asset
 55 |  * @param asset
 56 |  *
 57 |  * Copy constructor.
 58 |  */
 59 | Asset::Asset(const Asset &asset) : Asset(asset.parent())
 60 | {
 61 |     *this = asset;
 62 | }
 63 | 
 64 | /**
 65 |  * @brief Asset::Asset
 66 |  * @param asset
 67 |  *
 68 |  * Move constructor.
 69 |  */
 70 | Asset::Asset(Asset &&orig) noexcept :
 71 |     id(orig.id),
 72 |     assetType(std::move(orig.assetType)),
 73 |     hostName(std::move(orig.hostName)),
 74 |     hostIP(std::move(orig.hostIP)),
 75 |     hostMAC(std::move(orig.hostMAC)),
 76 |     hostFQDN(std::move(orig.hostFQDN)),
 77 |     techArea(std::move(orig.techArea)),
 78 |     targetKey(std::move(orig.targetKey)),
 79 |     marking(std::move(orig.marking)),
 80 |     targetComment(std::move(orig.targetComment)),
 81 |     webOrDB(orig.webOrDB),
 82 |     webDbSite(std::move(orig.webDbSite)),
 83 |     webDbInstance(std::move(orig.webDbInstance))
 84 | {
 85 | }
 86 | 
 87 | /**
 88 |  * @brief Asset::operator=
 89 |  * @param right
 90 |  * @return copied Asset
 91 |  */
 92 | Asset &Asset::operator=(const Asset &right)
 93 | {
 94 |     if (this != &right)
 95 |     {
 96 |         id = right.id;
 97 |         assetType = right.assetType;
 98 |         hostName = right.hostName;
 99 |         hostIP = right.hostIP;
100 |         hostMAC = right.hostMAC;
101 |         hostFQDN = right.hostFQDN;
102 |         techArea = right.techArea;
103 |         targetKey = right.targetKey;
104 |         marking = right.marking;
105 |         targetComment = right.targetComment;
106 |         webOrDB = right.webOrDB;
107 |         webDbSite = right.webDbSite;
108 |         webDbInstance = right.webDbInstance;
109 |     }
110 |     return *this;
111 | }
112 | 
113 | Asset &Asset::operator=(Asset &&orig) noexcept
114 | {
115 |     if (this != &orig)
116 |     {
117 |         id = orig.id;
118 |         assetType = std::move(orig.assetType);
119 |         hostName = std::move(orig.hostName);
120 |         hostIP = std::move(orig.hostIP);
121 |         hostMAC = std::move(orig.hostMAC);
122 |         hostFQDN = std::move(orig.hostFQDN);
123 |         techArea = std::move(orig.techArea);
124 |         targetKey = std::move(orig.targetKey);
125 |         marking = std::move(orig.marking);
126 |         targetComment = std::move(orig.targetComment);
127 |         webOrDB = orig.webOrDB;
128 |         webDbSite = std::move(orig.webDbSite);
129 |         webDbInstance = std::move(orig.webDbInstance);
130 |     }
131 |     return *this;
132 | }
133 | 
134 | /**
135 |  * @brief Asset::GetSTIGs
136 |  * @return list of STIGs associated with this Asset
137 |  */
138 | QVector<STIG> Asset::GetSTIGs() const
139 | {
140 |     DbManager db;
141 |     return db.GetSTIGs(*this);
142 | }
143 | 
144 | /**
145 |  * @brief Asset::GetCKLChecks
146 |  * @param stig
147 |  * @return list of CKLChecks associated with this Asset
148 |  *
149 |  * When @a stig is a nullptr, all CKL checks associated with all
150 |  * STIGs mapped to this Asset are returned.
151 |  */
152 | QVector<CKLCheck> Asset::GetCKLChecks(const STIG *stig) const
153 | {
154 |     DbManager db;
155 |     return db.GetCKLChecks(*this, stig);
156 | }
157 | 
158 | /**
159 |  * @brief Asset::operator==
160 |  * @param right
161 |  * @return true if right Asset is the same as this one.
162 |  * Otherwise, false.
163 |  *
164 |  * For performance, only the asset name is compared.
165 |  */
166 | bool Asset::operator==(const Asset &right) const
167 | {
168 |     return (hostName.compare(right.hostName, Qt::CaseInsensitive) == 0);
169 | }
170 | 
171 | /**
172 |  * @brief PrintAsset
173 |  * @param asset
174 |  * @return human-readable Asset description
175 |  */
176 | [[nodiscard]] QString PrintAsset(const Asset &asset)
177 | {
178 |     return asset.hostName;
179 | }
180 | 


--------------------------------------------------------------------------------
/src/cci.cpp:
--------------------------------------------------------------------------------
  1 | /*
  2 |  * STIGQter - STIG fun with Qt
  3 |  *
  4 |  * Copyright © 2018–2023 Jon Hood, http://www.hoodsecurity.com/
  5 |  *
  6 |  * This program is free software: you can redistribute it and/or modify
  7 |  * it under the terms of the GNU General Public License as published by
  8 |  * the Free Software Foundation, either version 3 of the License, or
  9 |  * (at your option) any later version.
 10 |  *
 11 |  * This program is distributed in the hope that it will be useful,
 12 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
 13 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 14 |  * GNU General Public License for more details.
 15 |  *
 16 |  * You should have received a copy of the GNU General Public License
 17 |  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 18 |  */
 19 | 
 20 | #include "cci.h"
 21 | #include "dbmanager.h"
 22 | 
 23 | /**
 24 |  * @class CCI
 25 |  * @brief A Control Correlation Identifier (CCI) corresponds to a
 26 |  * particular RMF checklist item. The RMF hierarchy consists of
 27 |  * Family → Control → CCI.
 28 |  *
 29 |  * A CCI is also referred to as an "Assessment Procedure" or AP. The
 30 |  * current list of AP numbers is not available from a standard
 31 |  * repository.
 32 |  *
 33 |  * More information about CCIs is available from
 34 |  * @l {https://iase.disa.mil/stigs/cci/Pages/index.aspx} {DISA's IASE website}.
 35 |  */
 36 | 
 37 | /**
 38 |  * @brief CCI::CCI
 39 |  * @param parent
 40 |  *
 41 |  * Default constructor.
 42 |  */
 43 | CCI::CCI(QObject *parent) : QObject(parent),
 44 |     id(-1),
 45 |     controlId(-1),
 46 |     cci(0),
 47 |     definition(),
 48 |     isImport(false),
 49 |     importCompliance(),
 50 |     importDateTested(),
 51 |     importTestedBy(),
 52 |     importTestResults(),
 53 |     importCompliance2(),
 54 |     importDateTested2(),
 55 |     importTestedBy2(),
 56 |     importTestResults2(),
 57 |     importControlImplementationStatus(),
 58 |     importSecurityControlDesignation(),
 59 |     importInherited(),
 60 |     importRemoteInheritanceInstance(),
 61 |     importApNum(),
 62 |     importImplementationGuidance(),
 63 |     importAssessmentProcedures(),
 64 |     importNarrative()
 65 | {
 66 | }
 67 | 
 68 | /**
 69 |  * @overload CCI::CCI(const CCI &right)
 70 |  * @brief CCI::CCI
 71 |  * @param right
 72 |  *
 73 |  * Copy constructor.
 74 |  */
 75 | CCI::CCI(const CCI &right) : CCI(right.parent())
 76 | {
 77 |     *this = right;
 78 | }
 79 | 
 80 | /**
 81 |  * @brief CCI::GetControl
 82 |  * @return the RMF control associated with this CCI
 83 |  *
 84 |  * Control() calls the database to obtain the control which maps to
 85 |  * this CCI.
 86 |  */
 87 | Control CCI::GetControl() const
 88 | {
 89 |     DbManager db;
 90 |     return db.GetControl(controlId);
 91 | }
 92 | 
 93 | /**
 94 |  * @brief CCI::GetCKLChecks
 95 |  * @return The list of @a CKLChecks associated with this @a CCI.
 96 |  */
 97 | QVector<CKLCheck> CCI::GetCKLChecks() const
 98 | {
 99 |     DbManager db;
100 |     return db.GetCKLChecks(*this);
101 | }
102 | 
103 | /**
104 |  * @brief CCI::GetSTIGChecks
105 |  * @return The list of @a STIGChecks associated with this @a CCI
106 |  */
107 | QVector<STIGCheck> CCI::GetSTIGChecks() const
108 | {
109 |     DbManager db;
110 |     return db.GetSTIGChecks(*this);
111 | }
112 | 
113 | /**
114 |  * @brief CCI::operator=
115 |  * @param right
116 |  * @return This @a CCI, copied from the assignee.
117 |  *
118 |  * Deep copy assignment operator.
119 |  */
120 | CCI& CCI::operator=(const CCI &right)
121 | {
122 |     if (this != &right)
123 |     {
124 |         id = right.id;
125 |         controlId = right.controlId;
126 |         cci = right.cci;
127 |         definition = right.definition;
128 |         isImport = right.isImport;
129 |         importCompliance = right.importCompliance;
130 |         importDateTested = right.importDateTested;
131 |         importTestedBy = right.importTestedBy;
132 |         importTestResults = right.importTestResults;
133 |         importCompliance2 = right.importCompliance2;
134 |         importDateTested2 = right.importDateTested2;
135 |         importTestedBy2 = right.importTestedBy2;
136 |         importTestResults2 = right.importTestResults2;
137 |         importControlImplementationStatus = right.importControlImplementationStatus;
138 |         importSecurityControlDesignation = right.importSecurityControlDesignation;
139 |         importInherited = right.importInherited;
140 |         importRemoteInheritanceInstance = right.importRemoteInheritanceInstance;
141 |         importApNum = right.importApNum;
142 |         importImplementationGuidance = right.importImplementationGuidance;
143 |         importAssessmentProcedures = right.importAssessmentProcedures;
144 |         importNarrative = right.importNarrative;
145 |     }
146 |     return *this;
147 | }
148 | 
149 | /**
150 |  * @brief CCI::operator==
151 |  * @param right
152 |  * @return @c True when the actual CCI numbers are the same.
153 |  * Otherwise, @c false.
154 |  *
155 |  * Only the CCI number is compared, in case there is a shallow copy
156 |  * or database inconsistency. The database IDs and compliance state
157 |  * are irrelevant to determining if the CCI is actually the same.
158 |  */
159 | bool CCI::operator==(const CCI &right) const
160 | {
161 |     if ((id <= 0) || (right.id <= 0))
162 |     {
163 |         return cci == right.cci;
164 |     }
165 |     return id == right.id;
166 | }
167 | 
168 | /**
169 |  * @brief PrintCCI
170 |  * @param cci
171 |  * @return human-readable CCI description
172 |  */
173 | [[nodiscard]] QString PrintCCI(int cci)
174 | {
175 |     return "CCI-" + QString::number(cci).rightJustified(6, '0');
176 | }
177 | 
178 | /**
179 |  * @overload PrintCCI(cci)
180 |  * @brief PrintCCI
181 |  * @param cci
182 |  * @return human-readable CCI description
183 |  */
184 | [[nodiscard]] QString PrintCCI(const CCI &cci)
185 | {
186 |     return PrintCCI(cci.cci);
187 | }
188 | 


--------------------------------------------------------------------------------
/src/stig.cpp:
--------------------------------------------------------------------------------
  1 | /*
  2 |  * STIGQter - STIG fun with Qt
  3 |  *
  4 |  * Copyright © 2018–2023 Jon Hood, http://www.hoodsecurity.com/
  5 |  *
  6 |  * This program is free software: you can redistribute it and/or modify
  7 |  * it under the terms of the GNU General Public License as published by
  8 |  * the Free Software Foundation, either version 3 of the License, or
  9 |  * (at your option) any later version.
 10 |  *
 11 |  * This program is distributed in the hope that it will be useful,
 12 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
 13 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 14 |  * GNU General Public License for more details.
 15 |  *
 16 |  * You should have received a copy of the GNU General Public License
 17 |  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 18 |  */
 19 | 
 20 | #include "dbmanager.h"
 21 | #include "stig.h"
 22 | #include "stigcheck.h"
 23 | 
 24 | /**
 25 |  * @class STIG
 26 |  * @brief A @a STIG is a Security Technical Implementation Guide.
 27 |  * Each @a STIG details a set of @a STIGChecks which can be used to
 28 |  * help the security posture of an @a Asset.
 29 |  *
 30 |  * The Defense Information Systems Agency (DISA) has been tasked
 31 |  * with issuing official STIG guidance. This duty has been one of
 32 |  * the Information Assurance Support Environment's (IASE) main
 33 |  * missions for DISA, and has now been moved to the public cyber.mil
 34 |  * portal.
 35 |  *
 36 |  * STIGs can be downloaded publicly from @l {https://public.cyber.mil/}.
 37 |  * Some STIGs are only provided at the FOUO level and require
 38 |  * government authentication to access them. Others are fully
 39 |  * unclassified, and though they have no markings that they are clear
 40 |  * for public release, are distributed freely over the internet from
 41 |  * the public public.cyber.mil portal. Only the freely available,
 42 |  * public STIGs are supported in STIGQter.
 43 |  *
 44 |  * A @a STIG is composed of @a STIGChecks. These @a STIGChecks are
 45 |  * then mapped against @a CCIs. The hierarchy is:
 46 |  * @a STIG → @a STIGCheck   ↴
 47 |  * @a Family → @a Control → @a CCI.
 48 |  */
 49 | 
 50 | /**
 51 |  * @brief STIG::STIG
 52 |  * @param parent
 53 |  *
 54 |  * Default constructor.
 55 |  */
 56 | STIG::STIG(QObject *parent) : QObject(parent),
 57 |     id(-1),
 58 |     title(),
 59 |     description(),
 60 |     release(),
 61 |     version(0),
 62 |     benchmarkId(),
 63 |     fileName()
 64 | {
 65 | }
 66 | 
 67 | /**
 68 |  * @brief STIG::GetSTIGChecks
 69 |  * @return The list of @a STIGChecks associated with this @a STIG.
 70 |  */
 71 | QVector<STIGCheck> STIG::GetSTIGChecks() const
 72 | {
 73 |     DbManager db;
 74 |     return db.GetSTIGChecks(*this);
 75 | }
 76 | 
 77 | /**
 78 |  * @brief STIG::GetSupplements
 79 |  * @return The list of @a Supplements associated with this @a STIG.
 80 |  */
 81 | QVector<Supplement> STIG::GetSupplements() const
 82 | {
 83 |     DbManager db;
 84 |     return db.GetSupplements(*this);
 85 | }
 86 | 
 87 | /**
 88 |  * @brief STIG::GetAssets
 89 |  * @return The list of @a Assets that use this @a STIG.
 90 |  */
 91 | QVector<Asset> STIG::GetAssets() const
 92 | {
 93 |     DbManager db;
 94 |     return db.GetAssets(*this);
 95 | }
 96 | 
 97 | /**
 98 |  * @brief STIG::STIG
 99 |  * @param right
100 |  *
101 |  * Copy constructor.
102 |  */
103 | STIG::STIG(const STIG &right) : STIG(right.parent())
104 | {
105 |     *this = right;
106 | }
107 | 
108 | /**
109 |  * @brief STIG::operator=
110 |  * @param right
111 |  * @return This @a STIG, copied from the assignee.
112 |  *
113 |  * Deep copy assignment operator.
114 |  */
115 | STIG &STIG::operator=(const STIG &right)
116 | {
117 |     if (this != &right)
118 |     {
119 |         id = right.id;
120 |         title = right.title;
121 |         description = right.description;
122 |         release = right.release;
123 |         version = right.version;
124 |         benchmarkId = right.benchmarkId;
125 |         fileName = right.fileName;
126 |     }
127 |     return *this;
128 | }
129 | 
130 | /**
131 |  * @brief STIG::operator==
132 |  * @param right
133 |  * @return @c True when the @a STIG entities refer to the same
134 |  * @a STIG. Otherwise, @c false.
135 |  *
136 |  * If the @a STIG @a id is the same between the comparates, they
137 |  * are assumed to be equivalent. If not, the @a title, @a release,
138 |  * and @a version form a unique key to test equivalence with.
139 |  */
140 | bool operator==(STIG const& lhs, STIG const& rhs)
141 | {
142 |     if ((lhs.id <= 0) || (rhs.id <= 0))
143 |     {
144 |         return ((lhs.title == rhs.title) &&
145 |                 // (description == right.description) && // description is irrelevant to a STIG being the same; the version numbers are what matter!
146 |                 (lhs.release == rhs.release) &&
147 |                 (lhs.version == rhs.version));
148 |     }
149 |     return lhs.id == rhs.id;
150 | }
151 | 
152 | /**
153 |  * @brief STIG::operator!=
154 |  * @param right
155 |  * @return @c True when the @a STIG entities refer to different
156 |  * @a STIGs. Otherwise, @c false.
157 |  *
158 |  * If the @a STIG @a id is the same between the comparates, they
159 |  * are assumed to be equivalent. If not, the @a title, @a release,
160 |  * and @a version form a unique key to test equivalence with.
161 |  */
162 | bool operator!=(STIG const& lhs, STIG const& rhs)
163 | {
164 |     return !(lhs == rhs);
165 | }
166 | 
167 | /**
168 |  * @brief STIG::operator <
169 |  * @param right
170 |  * @return @c True when this STIG is less than the provided operator.
171 |  * Otherwise, @c false.
172 |  */
173 | bool STIG::operator<(const STIG &right) const
174 | {
175 |     if (title == right.title)
176 |     {
177 |         if (version == right.version)
178 |         {
179 |             return release < right.release;
180 |         }
181 |         return version < right.version;
182 |     }
183 |     return title < right.title;
184 | }
185 | 
186 | /**
187 |  * @brief PrintSTIG
188 |  * @param stig
189 |  * @return A human-readable @a STIG representation.
190 |  */
191 | [[nodiscard]] QString PrintSTIG(const STIG &stig)
192 | {
193 |     return stig.title + " Version: " + QString::number(stig.version) + " " + stig.release;
194 | }
195 | 


--------------------------------------------------------------------------------
/src/dbmanager.h:
--------------------------------------------------------------------------------
  1 | /*
  2 |  * STIGQter - STIG fun with Qt
  3 |  *
  4 |  * Copyright © 2018–2023 Jon Hood, http://www.hoodsecurity.com/
  5 |  *
  6 |  * This program is free software: you can redistribute it and/or modify
  7 |  * it under the terms of the GNU General Public License as published by
  8 |  * the Free Software Foundation, either version 3 of the License, or
  9 |  * (at your option) any later version.
 10 |  *
 11 |  * This program is distributed in the hope that it will be useful,
 12 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
 13 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 14 |  * GNU General Public License for more details.
 15 |  *
 16 |  * You should have received a copy of the GNU General Public License
 17 |  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 18 |  */
 19 | 
 20 | #ifndef DBMANAGER_H
 21 | #define DBMANAGER_H
 22 | 
 23 | #include <QSqlDatabase>
 24 | #include <QString>
 25 | #include <QVector>
 26 | 
 27 | #include <tuple>
 28 | 
 29 | #include "asset.h"
 30 | #include "cci.h"
 31 | #include "cklcheck.h"
 32 | #include "control.h"
 33 | #include "family.h"
 34 | #include "stig.h"
 35 | #include "stigcheck.h"
 36 | #include "supplement.h"
 37 | 
 38 | class DbManager
 39 | {
 40 | public:
 41 |     explicit DbManager();
 42 |     explicit DbManager(const QString& connectionName);
 43 |     explicit DbManager(const QString& path, const QString& connectionName);
 44 |     DbManager(const DbManager &db);
 45 |     DbManager(DbManager &&orig) noexcept;
 46 |     ~DbManager();
 47 |     DbManager& operator=(const DbManager &right);
 48 |     DbManager& operator=(DbManager &&orig) noexcept;
 49 |     void DelayCommit(bool delay);
 50 | 
 51 |     bool AddAsset(Asset &asset);
 52 |     bool AddCCI(CCI &cci, bool check = true);
 53 |     bool AddControl(const QString &control, const QString &title, const QString &description, const QString &importSeverity = QString(), const QString &importRelevanceOfThreat = QString(), const QString &importLikelihood = QString(), const QString &importImpact = QString(), const QString &importImpactDescription = QString(), const QString &importResidualRiskLevel = QString(), const QString &importRecommendations = QString());
 54 |     bool AddFamily(const QString &acronym, const QString &description);
 55 |     bool AddSTIG(STIG &stig, const QVector<STIGCheck> &checks, const QVector<Supplement> &supplements = {}, bool stigExists = false);
 56 |     bool AddSTIGToAsset(const STIG &stig, const Asset &asset);
 57 | 
 58 |     bool DeleteAsset(int id);
 59 |     bool DeleteAsset(const Asset &asset);
 60 |     bool DeleteCCIs();
 61 |     bool DeleteDB();
 62 |     bool DeleteEmassImport();
 63 |     bool DeleteSTIG(int id);
 64 |     bool DeleteSTIG(const STIG &stig);
 65 |     bool DeleteSTIGFromAsset(const STIG &stig, const Asset &asset);
 66 | 
 67 |     Asset GetAsset(int id);
 68 |     Asset GetAsset(const QString &hostName);
 69 |     Asset GetAsset(const Asset &asset);
 70 |     QVector<Asset> GetAssets(const QString &whereClause = QString(), const QVector<std::tuple<QString, QVariant>> &variables = {});
 71 |     QVector<Asset> GetAssets(const STIG &stig);
 72 |     CCI GetCCI(int id);
 73 |     CCI GetCCI(const CCI &cci, const STIG *stig = nullptr);
 74 |     QVector<CCI> GetCCIs(const QVector<int> &ccis);
 75 |     QVector<CCI> GetCCIs(const Control &c);
 76 |     QVector<CCI> GetCCIs(int STIGCheckId);
 77 |     CCI GetCCIByCCI(int cci, const STIG *stig = nullptr);
 78 |     QVector<CCI> GetCCIs(const QString &whereClause = QString(), const QVector<std::tuple<QString, QVariant>> &variables = {});
 79 |     CKLCheck GetCKLCheck(int id);
 80 |     CKLCheck GetCKLCheck(const CKLCheck &ckl);
 81 |     CKLCheck GetCKLCheckByDISAId(int assetId, const QString &disaId);
 82 |     QVector<CKLCheck> GetCKLChecks(const Asset &asset, const STIG *stig = nullptr);
 83 |     QVector<CKLCheck> GetCKLChecks(const CCI &cci);
 84 |     QVector<CKLCheck> GetCKLChecks(const STIGCheck &stigCheck);
 85 |     QVector<CKLCheck> GetCKLChecks(const QString &whereClause = QString(), const QVector<std::tuple<QString, QVariant>> &variables = {});
 86 |     Control GetControl(int id);
 87 |     Control GetControl(const QString &control);
 88 |     QVector<Control> GetControls(const QString &whereClause = QString(), const QVector<std::tuple<QString, QVariant>> &variables = {});
 89 |     QString GetDBPath();
 90 |     Family GetFamily(const QString &acronym);
 91 |     Family GetFamily(int id);
 92 |     QVector<Family> GetFamilies(const QString &whereClause = QString(), const QVector<std::tuple<QString, QVariant>> &variables = {});
 93 |     QVector<QString> GetLegacyIds(int STIGCheckId);
 94 |     int GetLogLevel();
 95 |     QVector<CCI> GetRemapCCIs();
 96 |     STIG GetSTIG(int id);
 97 |     STIG GetSTIG(const QString &title, int version, const QString &release);
 98 |     STIG GetSTIG(const STIG &stig);
 99 |     STIGCheck GetSTIGCheck(int id);
100 |     STIGCheck GetSTIGCheck(const STIG &stig, const QString &rule);
101 |     STIGCheck GetSTIGCheck(const STIGCheck &stigcheck);
102 |     QVector<STIGCheck> GetSTIGChecks(const STIG &stig);
103 |     QVector<STIGCheck> GetSTIGChecks(const CCI &cci);
104 |     QVector<STIGCheck> GetSTIGChecks(const QString &whereClause = QString(), const QVector<std::tuple<QString, QVariant>> &variables = {});
105 |     QVector<STIG> GetSTIGs(const Asset &asset);
106 |     QVector<STIG> GetSTIGs(const QString &whereClause = QString(), const QVector<std::tuple<QString, QVariant> > &variables = {});
107 |     QVector<Supplement> GetSupplements(const STIG &stig);
108 |     QString GetVariable(const QString &name);
109 | 
110 |     bool IsEmassImport();
111 | 
112 |     bool LoadDB(const QString &path);
113 |     bool Log(int severity, const QString &location, const QString &message);
114 |     bool Log(int severity, const QString &location, const QSqlQuery& query);
115 |     bool SaveDB(const QString &path);
116 |     QByteArray HashDB();
117 | 
118 |     bool UpdateAsset(const Asset &asset);
119 |     bool UpdateCCI(const CCI &cci);
120 |     bool UpdateCKLCheck(const CKLCheck &check);
121 |     bool UpdateControl(const Control &control);
122 |     bool UpdateSTIG(const STIG &stig);
123 |     bool UpdateSTIGCheck(const STIGCheck &check);
124 |     bool UpdateVariable(const QString &name, const QString &value);
125 | 
126 | private:
127 |     bool UpdateDatabaseFromVersion(int version);
128 |     static bool CheckDatabase(QSqlDatabase &db);
129 |     QString _dbPath;
130 |     bool _delayCommit{};
131 |     int _logLevel{};
132 | };
133 | 
134 | QString GetLastExecutedQuery(const QSqlQuery& query);
135 | 
136 | #endif // DBMANAGER_H
137 | 


--------------------------------------------------------------------------------
/src/cklcheck.cpp:
--------------------------------------------------------------------------------
  1 | /*
  2 |  * STIGQter - STIG fun with Qt
  3 |  *
  4 |  * Copyright © 2018–2023 Jon Hood, http://www.hoodsecurity.com/
  5 |  *
  6 |  * This program is free software: you can redistribute it and/or modify
  7 |  * it under the terms of the GNU General Public License as published by
  8 |  * the Free Software Foundation, either version 3 of the License, or
  9 |  * (at your option) any later version.
 10 |  *
 11 |  * This program is distributed in the hope that it will be useful,
 12 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
 13 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 14 |  * GNU General Public License for more details.
 15 |  *
 16 |  * You should have received a copy of the GNU General Public License
 17 |  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 18 |  */
 19 | 
 20 | #include "cklcheck.h"
 21 | #include "dbmanager.h"
 22 | 
 23 | /**
 24 |  * @class CKLCheck
 25 |  * @brief A Checklist (CKL) Check represents the compliance @a Status
 26 |  * of an @a Asset's individual @a STIGCheck.
 27 |  *
 28 |  * The @a Severity of the check be overridden at the CKL level.
 29 |  */
 30 | 
 31 | /**
 32 |  * @enum Status
 33 |  *
 34 |  * A @a CKLCheck maps a @a STIGCheck to an @a Asset, and the
 35 |  * compliance state is stored as a @a Status.
 36 |  *
 37 |  * @value NotReviewed
 38 |  *        The check has not been reviewed.
 39 |  * @value Open
 40 |  *        The check is not compliant.
 41 |  * @value NotAFinding,
 42 |  *        The check is compliant.
 43 |  * @value NotApplicable
 44 |  *        The check is not applicable to the @a Asset.
 45 |  */
 46 | 
 47 | /**
 48 |  * @brief CKLCheck::CKLCheck
 49 |  * @param parent
 50 |  *
 51 |  * Default constructor.
 52 |  */
 53 | CKLCheck::CKLCheck(QObject *parent) : QObject(parent),
 54 |     id(-1),
 55 |     assetId(-1),
 56 |     stigCheckId(-1),
 57 |     status(Status::NotReviewed),
 58 |     findingDetails(),
 59 |     comments(),
 60 |     severityOverride(),
 61 |     severityJustification()
 62 | {
 63 | }
 64 | 
 65 | /**
 66 |  * @overload CKLCheck::CKLCheck(const CKLCheck &right)
 67 |  * @brief CKLCheck::CKLCheck
 68 |  * @param right
 69 |  *
 70 |  * Copy constructor.
 71 |  */
 72 | CKLCheck::CKLCheck(const CKLCheck &right) : CKLCheck(right.parent())
 73 | {
 74 |     *this = right;
 75 | }
 76 | 
 77 | /**
 78 |  * @brief CKLCheck::GetAsset
 79 |  * @return The @a Asset associated with this check.
 80 |  *
 81 |  * A check maps an @a Asset to a @a STIGCheck and stores its
 82 |  * compliance state. This function retrieves the associated
 83 |  * @a Asset.
 84 |  */
 85 | Asset CKLCheck::GetAsset() const
 86 | {
 87 |     DbManager db;
 88 |     return db.GetAsset(assetId);
 89 | }
 90 | 
 91 | /**
 92 |  * @brief CKLCheck::GetSTIGCheck
 93 |  * @return The @a STIGCheck associated with this check.
 94 |  *
 95 |  * A check maps an @a Asset to a @a STIGCheck and stores its
 96 |  * compliance state. This function retrieves the associated
 97 |  * @a STIGCheck.
 98 |  */
 99 | STIGCheck CKLCheck::GetSTIGCheck() const
100 | {
101 |     DbManager db;
102 |     return db.GetSTIGCheck(stigCheckId);
103 | }
104 | 
105 | /**
106 |  * @brief CKLCheck::GetSeverity
107 |  * @return The @a Severity of this check.
108 |  *
109 |  * When the @a Severity is overridden, the overridden @a Severity is
110 |  * returned. Otherwise, the @a STIGCheck's default @a Severity is
111 |  * returned.
112 |  */
113 | Severity CKLCheck::GetSeverity() const
114 | {
115 |     if (severityOverride == Severity::none)
116 |         return GetSTIGCheck().severity;
117 |     return severityOverride;
118 | }
119 | 
120 | /**
121 |  * @brief CKLCheck::operator =
122 |  * @param right
123 |  * @return This @a CKLCheck, copied from the assignee.
124 |  *
125 |  * Deep copy assignment operator.
126 |  */
127 | CKLCheck &CKLCheck::operator=(const CKLCheck &right)
128 | {
129 |     if (this != &right)
130 |     {
131 |         id = right.id;
132 |         assetId = right.assetId;
133 |         stigCheckId = right.stigCheckId;
134 |         status = right.status;
135 |         findingDetails = right.findingDetails;
136 |         comments = right.comments;
137 |         severityOverride = right.severityOverride;
138 |         severityJustification = right.severityJustification;
139 |     }
140 |     return *this;
141 | }
142 | 
143 | /**
144 |  * @brief GetStatus
145 |  * @param status
146 |  * @return A @a Status enum representing the provided string's
147 |  * compliance.
148 |  *
149 |  * When parsing XML, several file types are inconsistent with how the
150 |  * compliance status is stored. Passing the string to this function
151 |  * will retrieve a standard @a Status enum from the string.
152 |  */
153 | Status GetStatus(const QString &status)
154 | {
155 |     if (status.startsWith(QStringLiteral("o"), Qt::CaseInsensitive))
156 |         return Status::Open;
157 |     if (status.startsWith(QStringLiteral("not_applicable"), Qt::CaseInsensitive) || status.startsWith(QStringLiteral("not applicable"), Qt::CaseInsensitive) || status.startsWith(QStringLiteral("na"), Qt::CaseInsensitive))
158 |         return Status::NotApplicable;
159 |     if (status.startsWith(QStringLiteral("notafinding"), Qt::CaseInsensitive) || status.startsWith(QStringLiteral("not a finding"), Qt::CaseInsensitive) || status.startsWith(QStringLiteral("nf"), Qt::CaseInsensitive))
160 |         return Status::NotAFinding;
161 |     return Status::NotReviewed;
162 | }
163 | 
164 | /**
165 |  * @brief GetStatus
166 |  * @param status
167 |  * @param xmlFormat
168 |  * @return The XML-formatted string for the compliance status.
169 |  *
170 |  * Converts the @a Status enum back to a human-readable (when
171 |  * @a xmlFormat is @c false) or XML-formatted (when @a xmlFormat is
172 |  * @c true) string.
173 |  */
174 | QString GetStatus(Status status, bool xmlFormat)
175 | {
176 |     switch (status)
177 |     {
178 |     case Status::Open:
179 |         return QStringLiteral("Open");
180 |     case Status::NotApplicable:
181 |         return xmlFormat ? QStringLiteral("Not_Applicable") : QStringLiteral("Not Applicable");
182 |     case Status::NotAFinding:
183 |         return xmlFormat ? QStringLiteral("NotAFinding") : QStringLiteral("Not a Finding");
184 |     default:
185 |         return xmlFormat ? QStringLiteral("Not_Reviewed") : QStringLiteral("Not Reviewed");
186 |     }
187 | }
188 | 
189 | /**
190 |  * @brief GetCMRSStatus
191 |  * @param status
192 |  * @return The CMRS-formatted string for the compliance status.
193 |  *
194 |  * Converts the @a Status enum back to a CMRS-standard finding.
195 |  */
196 | QString GetCMRSStatus(Status status)
197 | {
198 |     switch (status)
199 |     {
200 |     case Status::Open:
201 |         return QStringLiteral("O");
202 |     case Status::NotApplicable:
203 |         return QStringLiteral("NA");
204 |     case Status::NotAFinding:
205 |         return QStringLiteral("NF");
206 |     default:
207 |         return QStringLiteral("NR");
208 |     }
209 | }
210 | 
211 | /**
212 |  * @brief PrintCKLCheck
213 |  * @param cklCheck
214 |  * @return Human-readable printout of the @a STIGCheck component.
215 |  */
216 | [[nodiscard]] QString PrintCKLCheck(const CKLCheck &cklCheck)
217 | {
218 |     return PrintSTIGCheck(cklCheck.GetSTIGCheck());
219 | }
220 | 


--------------------------------------------------------------------------------
/doc/se.tex:
--------------------------------------------------------------------------------
  1 | % Template created by Jon Hood
  2 | 
  3 | \documentclass[letterpaper, 10pt, twoside]{article}
  4 | \usepackage{noto}
  5 | \usepackage{fancyhdr}
  6 | \usepackage{graphicx}
  7 | \usepackage{multirow}
  8 | \usepackage[table]{xcolor}
  9 | \usepackage[breaklinks=true]{hyperref}
 10 | \usepackage[letterpaper, top=1in, bottom=1in, left=1.5in, right=1in, includeheadfoot]{geometry}
 11 | \usepackage{wrapfig}
 12 | 
 13 | %                Main Variables
 14 | \newcommand{\repdate}{\formatdate{20}{2}{2024}}
 15 | \def \ProjectName{Security Technical Implementation Guide Qt Viewer}
 16 | \def \ProjectAcronym{STIGQter}
 17 | \def \ProjectVersion{1.2.x}
 18 | 
 19 | %-------------------------------------------------------------------------------
 20 | %                Header & Footer Setup
 21 | %-------------------------------------------------------------------------------
 22 | \pagestyle{fancy}
 23 | \lhead[\thepage]{\includegraphics[height = 2em]{images/STIGQter.pdf}}
 24 | \chead{\ProjectName\ --- \ProjectVersion}
 25 | \rhead[{\includegraphics[height = 2em]{images/STIGQter.pdf}}]{\thepage}
 26 | \cfoot{\ProjectAcronym\ \ProjectVersion}
 27 | 
 28 | \fancypagestyle{blank}
 29 | {
 30 | 	\lhead{}
 31 | 	\chead{}
 32 | 	\rhead{}
 33 | 	\cfoot{}
 34 | 	\lfoot{}
 35 | }
 36 | 
 37 | %-------------------------------------------------------------------------------
 38 | %                Revisions Table
 39 | %-------------------------------------------------------------------------------
 40 | \definecolor{STIGQterBlue}{RGB}{30,72,124}
 41 | \newcounter{RevisionCounter}
 42 | \newenvironment{Revision}{
 43 | 	\begin{center}
 44 | 		\begin{tabular}{ | c | c | c | p{23em} | }
 45 | 			\hline
 46 | 			\multicolumn{4}{| c |}{\cellcolor{STIGQterBlue}\textbf{\textcolor{white}{Revision History}}} \\
 47 | 			\hline
 48 | 			\rowcolor{lightgray}
 49 | 			\textbf{Date} & \textbf{Revision} & \textbf{Revised By} & \textbf{Reason} \\
 50 | 			\hline
 51 | 		}{
 52 | 	\end{tabular}
 53 | \end{center}
 54 | }
 55 | \newcommand{\RevisionEntry}[3]{\stepcounter{RevisionCounter}
 56 | 	#1 & \Alph{RevisionCounter} & #2 & #3 \\
 57 | 	\hline}
 58 | 
 59 | %-------------------------------------------------------------------------------
 60 | %                Title Page
 61 | %-------------------------------------------------------------------------------
 62 | \newcommand{\headerlogo}{
 63 | 	\includegraphics[width=.3\linewidth]{images/STIGQter.pdf}\\
 64 | 	\vspace{.5em}
 65 | }
 66 | \newcommand{\docline}{\textmd{\textbf{STIGQter Security (SE) Documentation\\}}}
 67 | \newcommand{\generator}{Generated By: Jon Hood}
 68 | \title{
 69 | 	\headerlogo
 70 | 	\docline
 71 | 	\vspace{.5em}
 72 | 	\normalsize{\generator}
 73 | }
 74 | 
 75 | \author{Jon Hood}
 76 | \date{\repdate}
 77 | 
 78 | %-------------------------------------------------------------------------------
 79 | %                PDF metadata
 80 | %-------------------------------------------------------------------------------
 81 | \hypersetup
 82 | {
 83 | 	pdfauthor= (Jon Hood),
 84 | 	pdftitle =  (STIGQter SE)
 85 | }
 86 | 
 87 | \usepackage{attachfile}
 88 | \usepackage[backend=biber]{biblatex}
 89 | \usepackage{import}
 90 | \usepackage{graphicx}
 91 | \usepackage[utf8]{inputenc}
 92 | \usepackage{url}
 93 | \addbibresource{sources.bib}
 94 | \usepackage{setspace}
 95 | \usepackage{array}
 96 | \usepackage{booktabs}
 97 | \newcolumntype{L}{@{}>{\kern\tabcolsep}l<{\kern\tabcolsep}}
 98 | \usepackage{colortbl}
 99 | \usepackage{xcolor}
100 | \usepackage{textcomp}
101 | \usepackage{outlines}
102 | \usepackage{setspace}
103 | \usepackage{longtable}
104 | \usepackage{enumitem}
105 | \usepackage{listings}
106 | \usepackage{pgfplots}
107 | \usepgfplotslibrary{fillbetween}
108 | \usepackage{datetime}
109 | \newdateformat{changelog}{\THEMONTH/\THEDAY/\THEYEAR}
110 | 
111 | \lstdefinestyle{CStyle} {language=C}
112 | \lstdefinestyle{CSharpStyle} {language=[Sharp]C}
113 | \lstdefinestyle{PHPStyle} {language=php}
114 | \lstdefinestyle{JavaStyle} {language=java}
115 | \lstdefinestyle{BashStyle} {language=bash}
116 | \lstdefinestyle{SqlStyle} {language=SQL}
117 | 
118 | \lstset{language=C}
119 | \lstset{language=[Sharp]C}
120 | \lstset{language=php}
121 | \lstset{language=java}
122 | \lstset{language=bash}
123 | \lstset{language=SQL}
124 | 
125 | \newcolumntype{L}[1]{>{\raggedright\let\newline\\\arraybackslash\hspace{0pt}}m{#1}}
126 | \newcolumntype{C}[1]{>{\centering\let\newline\\\arraybackslash\hspace{0pt}}m{#1}}
127 | \newcolumntype{R}[1]{>{\raggedleft\let\newline\\\arraybackslash\hspace{0pt}}m{#1}}
128 | 
129 | %start the document
130 | \begin{document}
131 | 
132 | %generate a title page
133 | \thispagestyle{blank}
134 | \maketitle
135 | \newpage
136 | 
137 | \thispagestyle{blank}
138 | This page intentionally left blank for 2-sided printing compatibility.
139 | \newpage
140 | 
141 | %tell the page counter to restart
142 | \setcounter{page}{1}
143 | \pagenumbering{roman} %use lowercase Roman numerals for page numbers
144 | 
145 | %Revision History page
146 | \begin{Revision}
147 | \RevisionEntry{\date{\changelog\formatdate{20}{2}{2024}}}{Jon Hood}{Initial Release of SE Policy}
148 | \end{Revision}
149 | \newpage
150 | 
151 | %generate a table of contents
152 | \setcounter{tocdepth}{2}
153 | \tableofcontents
154 | \cleardoublepage % go to next right-side page
155 | 
156 | %reset the page counter for the regular pages
157 | \setcounter{page}{1}
158 | \doublespacing
159 | \pagenumbering{arabic} %use standard numbers for the page number
160 | 
161 | \section{Background}
162 | 
163 | STIGQter is an open source tool used to perform RMF and STIG compliance mapping. As an open-source application, SE is performed by the STIGQter administrators on GitHub at \url{https://github.com/squinky86/STIGQter}.
164 | 
165 | \section{Purpose}
166 | 
167 | This documentation is meant to satisfy Security (SE) requirements for RMF and detail what pieces of an SE policy may be covered by this application. SE requirements of roles (Section~\ref{sec:roles}) and their responsibilities (Section~\ref{sec:responsibilities}) maintain privacy for the system.
168 | 
169 | \section{Scope}
170 | 
171 | The SE policy details the privacy responsibilities of administrators.
172 | 
173 | \section{Roles}
174 | \label{sec:roles}
175 | 
176 | The following role(s) are defined as being applicable to STIGQter execution:
177 | \begin{enumerate}
178 | 	\item \textbf{User} -- The user of the software is defined as the individual account given permissions to execute the software.
179 | \end{enumerate}
180 | 
181 | The following role(s) are defined as being applicable to STIGQter GitHub administration:
182 | \begin{enumerate}
183 | 	\item \textbf{Administrator} -- An administrator of the STIGQter GitHub project
184 | \end{enumerate}
185 | 
186 | \section{Responsibilities}
187 | \label{sec:responsibilities}
188 | 
189 | The Administrator role is responsible for any SE requirements listed here.
190 | 
191 | \section{Management Commitment}
192 | 
193 | STIGQter Security policies are reviewed annually in an approved open source repository for maximum visibility and distribution.
194 | 
195 | \section{Coordination}
196 | 
197 | No coordination with other organizations is required to operate this software.
198 | 
199 | \section{RMF Control Compliance}
200 | 
201 | All privacy security requirements take place full and open in the Github repository. The nature of open source software is to provide maximum visibility into the AR process.
202 | 
203 | \subsection{SE-1 -- Inventory of Personally Identifiable Information}
204 | 
205 | \paragraph{Applicable CCIs:} None
206 | 
207 | \paragraph{Non-Applicable CCIs:} CCI-3544, CCI-3545, CCI-3546, CCI-3547, CCI-3548, CCI-3549, CCI-3550, CCI-3551, CCI-3552
208 | 
209 | As public-release software, the application does not contain privacy data, nor is it the protection mechanism for privacy data, including PII.
210 | 
211 | \clearpage
212 | \printbibliography
213 | 
214 | \end{document}
215 | 


--------------------------------------------------------------------------------
/doc/mp.tex:
--------------------------------------------------------------------------------
  1 | % Template created by Jon Hood
  2 | 
  3 | \documentclass[letterpaper, 10pt, twoside]{article}
  4 | \usepackage{noto}
  5 | \usepackage{fancyhdr}
  6 | \usepackage{graphicx}
  7 | \usepackage{multirow}
  8 | \usepackage[table]{xcolor}
  9 | \usepackage[breaklinks=true]{hyperref}
 10 | \usepackage[letterpaper, top=1in, bottom=1in, left=1.5in, right=1in, includeheadfoot]{geometry}
 11 | \usepackage{wrapfig}
 12 | 
 13 | %                Main Variables
 14 | \newcommand{\repdate}{\formatdate{25}{8}{2023}}
 15 | \def \ProjectName{Security Technical Implementation Guide Qt Viewer}
 16 | \def \ProjectAcronym{STIGQter}
 17 | \def \ProjectVersion{1.2.x}
 18 | 
 19 | %-------------------------------------------------------------------------------
 20 | %                Header & Footer Setup
 21 | %-------------------------------------------------------------------------------
 22 | \pagestyle{fancy}
 23 | \lhead[\thepage]{\includegraphics[height = 2em]{images/STIGQter.pdf}}
 24 | \chead{\ProjectName\ --- \ProjectVersion}
 25 | \rhead[{\includegraphics[height = 2em]{images/STIGQter.pdf}}]{\thepage}
 26 | \cfoot{\ProjectAcronym\ \ProjectVersion}
 27 | 
 28 | \fancypagestyle{blank}
 29 | {
 30 | 	\lhead{}
 31 | 	\chead{}
 32 | 	\rhead{}
 33 | 	\cfoot{}
 34 | 	\lfoot{}
 35 | }
 36 | 
 37 | %-------------------------------------------------------------------------------
 38 | %                Revisions Table
 39 | %-------------------------------------------------------------------------------
 40 | \definecolor{STIGQterBlue}{RGB}{30,72,124}
 41 | \newcounter{RevisionCounter}
 42 | \newenvironment{Revision}{
 43 | 	\begin{center}
 44 | 		\begin{tabular}{ | c | c | c | p{23em} | }
 45 | 			\hline
 46 | 			\multicolumn{4}{| c |}{\cellcolor{STIGQterBlue}\textbf{\textcolor{white}{Revision History}}} \\
 47 | 			\hline
 48 | 			\rowcolor{lightgray}
 49 | 			\textbf{Date} & \textbf{Revision} & \textbf{Revised By} & \textbf{Reason} \\
 50 | 			\hline
 51 | 		}{
 52 | 	\end{tabular}
 53 | \end{center}
 54 | }
 55 | \newcommand{\RevisionEntry}[3]{\stepcounter{RevisionCounter}
 56 | 	#1 & \Alph{RevisionCounter} & #2 & #3 \\
 57 | 	\hline}
 58 | 
 59 | %-------------------------------------------------------------------------------
 60 | %                Title Page
 61 | %-------------------------------------------------------------------------------
 62 | \newcommand{\headerlogo}{
 63 | 	\includegraphics[width=.3\linewidth]{images/STIGQter.pdf}\\
 64 | 	\vspace{.5em}
 65 | }
 66 | \newcommand{\docline}{\textmd{\textbf{STIGQter Media Protection (MP) Documentation\\}}}
 67 | \newcommand{\generator}{Generated By: Jon Hood}
 68 | \title{
 69 | 	\headerlogo
 70 | 	\docline
 71 | 	\vspace{.5em}
 72 | 	\normalsize{\generator}
 73 | }
 74 | 
 75 | \author{Jon Hood}
 76 | \date{\repdate}
 77 | 
 78 | %-------------------------------------------------------------------------------
 79 | %                PDF metadata
 80 | %-------------------------------------------------------------------------------
 81 | \hypersetup
 82 | {
 83 | 	pdfauthor= (Jon Hood),
 84 | 	pdftitle =  (STIGQter Media Protection)
 85 | }
 86 | 
 87 | \usepackage{attachfile}
 88 | \usepackage[backend=biber]{biblatex}
 89 | \usepackage{import}
 90 | \usepackage{graphicx}
 91 | \usepackage[utf8]{inputenc}
 92 | \usepackage{url}
 93 | \addbibresource{sources.bib}
 94 | \usepackage{setspace}
 95 | \usepackage{array}
 96 | \usepackage{booktabs}
 97 | \newcolumntype{L}{@{}>{\kern\tabcolsep}l<{\kern\tabcolsep}}
 98 | \usepackage{colortbl}
 99 | \usepackage{xcolor}
100 | \usepackage{textcomp}
101 | \usepackage{outlines}
102 | \usepackage{setspace}
103 | \usepackage{longtable}
104 | \usepackage{enumitem}
105 | \usepackage{listings}
106 | \usepackage{pgfplots}
107 | \usepgfplotslibrary{fillbetween}
108 | \usepackage{datetime}
109 | \newdateformat{changelog}{\THEMONTH/\THEDAY/\THEYEAR}
110 | 
111 | \lstdefinestyle{CStyle} {language=C}
112 | \lstdefinestyle{CSharpStyle} {language=[Sharp]C}
113 | \lstdefinestyle{PHPStyle} {language=php}
114 | \lstdefinestyle{JavaStyle} {language=java}
115 | \lstdefinestyle{BashStyle} {language=bash}
116 | \lstdefinestyle{SqlStyle} {language=SQL}
117 | 
118 | \lstset{language=C}
119 | \lstset{language=[Sharp]C}
120 | \lstset{language=php}
121 | \lstset{language=java}
122 | \lstset{language=bash}
123 | \lstset{language=SQL}
124 | 
125 | \newcolumntype{L}[1]{>{\raggedright\let\newline\\\arraybackslash\hspace{0pt}}m{#1}}
126 | \newcolumntype{C}[1]{>{\centering\let\newline\\\arraybackslash\hspace{0pt}}m{#1}}
127 | \newcolumntype{R}[1]{>{\raggedleft\let\newline\\\arraybackslash\hspace{0pt}}m{#1}}
128 | 
129 | %start the document
130 | \begin{document}
131 | 
132 | %generate a title page
133 | \thispagestyle{blank}
134 | \maketitle
135 | \newpage
136 | 
137 | \thispagestyle{blank}
138 | This page intentionally left blank for 2-sided printing compatibility.
139 | \newpage
140 | 
141 | %tell the page counter to restart
142 | \setcounter{page}{1}
143 | \pagenumbering{roman} %use lowercase Roman numerals for page numbers
144 | 
145 | %Revision History page
146 | \begin{Revision}
147 | \RevisionEntry{\date{\changelog\formatdate{22}{1}{2020}}}{Jon Hood}{Initial Release of MP Policy}
148 | \RevisionEntry{\date{\changelog\formatdate{28}{1}{2020}}}{Jon Hood}{Prepare for 1.0 Release}
149 | \RevisionEntry{\date{\changelog\formatdate{26}{2}{2020}}}{James Shelton}{Update to support not-applicable CCI documentation}
150 | \end{Revision}
151 | \newpage
152 | 
153 | %generate a table of contents
154 | \setcounter{tocdepth}{2}
155 | \tableofcontents
156 | \cleardoublepage % go to next right-side page
157 | 
158 | %reset the page counter for the regular pages
159 | \setcounter{page}{1}
160 | \doublespacing
161 | \pagenumbering{arabic} %use standard numbers for the page number
162 | 
163 | \section{Background}
164 | 
165 | STIGQter is an open source tool used to perform RMF and STIG compliance mapping. As an open-source support application, the application is developed to handle publicly released information.
166 | 
167 | \section{Purpose}
168 | 
169 | This documentation is meant to satisfy Media Protection (MP) requirements for RMF and detail what pieces of a MP policy may be covered by this application. MP requirements of roles (Section~\ref{sec:roles}) and their responsibilities (Section~\ref{sec:responsibilities}) provide integrity to the application.
170 | 
171 | \section{Scope}
172 | 
173 | The MP policy details the media handling responsibilities of administrators and users.
174 | 
175 | \section{Roles}
176 | \label{sec:roles}
177 | 
178 | The following role(s) are defined as being applicable to STIGQter execution:
179 | \begin{enumerate}
180 | 	\item \textbf{User} -- The user of the software is defined as the individual account given permissions to execute the software.
181 | \end{enumerate}
182 | 
183 | The following role(s) are defined as being applicable to STIGQter GitHub administration:
184 | \begin{enumerate}
185 | 	\item \textbf{Administrator} -- An administrator of the STIGQter GitHub project
186 | \end{enumerate}
187 | 
188 | \section{Responsibilities}
189 | \label{sec:responsibilities}
190 | 
191 | Responsibilities are described in the GPL version 3.
192 | 
193 | \section{Management Commitment}
194 | 
195 | STIGQter development is committed to occur in an approved open source repository for maximum visibility and distribution.
196 | 
197 | \section{Coordination}
198 | 
199 | No coordination with other organizations is required to operate this software.
200 | 
201 | \section{RMF Control Compliance}
202 | 
203 | \subsection{MP-3 -- Media Marking}
204 | 
205 | \paragraph{Applicable CCIs:} CCI-1010, CCI-1011, CCI-1012, CCI-1013
206 | 
207 | \textit{Shared Responsibility}
208 | 
209 | All reports are assumed to be unclassified and publicly released. If additional protection is needed on reports generated by the application, the implementing organization must define additional data marking requirements.
210 | 
211 | \clearpage
212 | \printbibliography
213 | 
214 | \end{document}
215 | 


--------------------------------------------------------------------------------
/doc/ps.tex:
--------------------------------------------------------------------------------
  1 | % Template created by Jon Hood
  2 | 
  3 | \documentclass[letterpaper, 10pt, twoside]{article}
  4 | \usepackage{noto}
  5 | \usepackage{fancyhdr}
  6 | \usepackage{graphicx}
  7 | \usepackage{multirow}
  8 | \usepackage[table]{xcolor}
  9 | \usepackage[breaklinks=true]{hyperref}
 10 | \usepackage[letterpaper, top=1in, bottom=1in, left=1.5in, right=1in, includeheadfoot]{geometry}
 11 | \usepackage{wrapfig}
 12 | 
 13 | %                Main Variables
 14 | \newcommand{\repdate}{\formatdate{21}{2}{2024}}
 15 | \def \ProjectName{Security Technical Implementation Guide Qt Viewer}
 16 | \def \ProjectAcronym{STIGQter}
 17 | \def \ProjectVersion{1.2.x}
 18 | 
 19 | %-------------------------------------------------------------------------------
 20 | %                Header & Footer Setup
 21 | %-------------------------------------------------------------------------------
 22 | \pagestyle{fancy}
 23 | \lhead[\thepage]{\includegraphics[height = 2em]{images/STIGQter.pdf}}
 24 | \chead{\ProjectName\ --- \ProjectVersion}
 25 | \rhead[{\includegraphics[height = 2em]{images/STIGQter.pdf}}]{\thepage}
 26 | \cfoot{\ProjectAcronym\ \ProjectVersion}
 27 | 
 28 | \fancypagestyle{blank}
 29 | {
 30 | 	\lhead{}
 31 | 	\chead{}
 32 | 	\rhead{}
 33 | 	\cfoot{}
 34 | 	\lfoot{}
 35 | }
 36 | 
 37 | %-------------------------------------------------------------------------------
 38 | %                Revisions Table
 39 | %-------------------------------------------------------------------------------
 40 | \definecolor{STIGQterBlue}{RGB}{30,72,124}
 41 | \newcounter{RevisionCounter}
 42 | \newenvironment{Revision}{
 43 | 	\begin{center}
 44 | 		\begin{tabular}{ | c | c | c | p{23em} | }
 45 | 			\hline
 46 | 			\multicolumn{4}{| c |}{\cellcolor{STIGQterBlue}\textbf{\textcolor{white}{Revision History}}} \\
 47 | 			\hline
 48 | 			\rowcolor{lightgray}
 49 | 			\textbf{Date} & \textbf{Revision} & \textbf{Revised By} & \textbf{Reason} \\
 50 | 			\hline
 51 | 		}{
 52 | 	\end{tabular}
 53 | \end{center}
 54 | }
 55 | \newcommand{\RevisionEntry}[3]{\stepcounter{RevisionCounter}
 56 | 	#1 & \Alph{RevisionCounter} & #2 & #3 \\
 57 | 	\hline}
 58 | 
 59 | %-------------------------------------------------------------------------------
 60 | %                Title Page
 61 | %-------------------------------------------------------------------------------
 62 | \newcommand{\headerlogo}{
 63 | 	\includegraphics[width=.3\linewidth]{images/STIGQter.pdf}\\
 64 | 	\vspace{.5em}
 65 | }
 66 | \newcommand{\docline}{\textmd{\textbf{STIGQter Personnel Security (PS) Documentation\\}}}
 67 | \newcommand{\generator}{Generated By: Jon Hood}
 68 | \title{
 69 | 	\headerlogo
 70 | 	\docline
 71 | 	\vspace{.5em}
 72 | 	\normalsize{\generator}
 73 | }
 74 | 
 75 | \author{Jon Hood}
 76 | \date{\repdate}
 77 | 
 78 | %-------------------------------------------------------------------------------
 79 | %                PDF metadata
 80 | %-------------------------------------------------------------------------------
 81 | \hypersetup
 82 | {
 83 | 	pdfauthor= (Jon Hood),
 84 | 	pdftitle =  (STIGQter Personnel Security)
 85 | }
 86 | 
 87 | \usepackage{attachfile}
 88 | \usepackage[backend=biber]{biblatex}
 89 | \usepackage{import}
 90 | \usepackage{graphicx}
 91 | \usepackage[utf8]{inputenc}
 92 | \usepackage{url}
 93 | \addbibresource{sources.bib}
 94 | \usepackage{setspace}
 95 | \usepackage{array}
 96 | \usepackage{booktabs}
 97 | \newcolumntype{L}{@{}>{\kern\tabcolsep}l<{\kern\tabcolsep}}
 98 | \usepackage{colortbl}
 99 | \usepackage{xcolor}
100 | \usepackage{textcomp}
101 | \usepackage{outlines}
102 | \usepackage{setspace}
103 | \usepackage{longtable}
104 | \usepackage{enumitem}
105 | \usepackage{listings}
106 | \usepackage{pgfplots}
107 | \usepgfplotslibrary{fillbetween}
108 | \usepackage{datetime}
109 | \newdateformat{changelog}{\THEMONTH/\THEDAY/\THEYEAR}
110 | 
111 | \lstdefinestyle{CStyle} {language=C}
112 | \lstdefinestyle{CSharpStyle} {language=[Sharp]C}
113 | \lstdefinestyle{PHPStyle} {language=php}
114 | \lstdefinestyle{JavaStyle} {language=java}
115 | \lstdefinestyle{BashStyle} {language=bash}
116 | \lstdefinestyle{SqlStyle} {language=SQL}
117 | 
118 | \lstset{language=C}
119 | \lstset{language=[Sharp]C}
120 | \lstset{language=php}
121 | \lstset{language=java}
122 | \lstset{language=bash}
123 | \lstset{language=SQL}
124 | 
125 | \newcolumntype{L}[1]{>{\raggedright\let\newline\\\arraybackslash\hspace{0pt}}m{#1}}
126 | \newcolumntype{C}[1]{>{\centering\let\newline\\\arraybackslash\hspace{0pt}}m{#1}}
127 | \newcolumntype{R}[1]{>{\raggedleft\let\newline\\\arraybackslash\hspace{0pt}}m{#1}}
128 | 
129 | %start the document
130 | \begin{document}
131 | 
132 | %generate a title page
133 | \thispagestyle{blank}
134 | \maketitle
135 | \newpage
136 | 
137 | \thispagestyle{blank}
138 | This page intentionally left blank for 2-sided printing compatibility.
139 | \newpage
140 | 
141 | %tell the page counter to restart
142 | \setcounter{page}{1}
143 | \pagenumbering{roman} %use lowercase Roman numerals for page numbers
144 | 
145 | %Revision History page
146 | \begin{Revision}
147 | \RevisionEntry{\date{\changelog\formatdate{21}{2}{2024}}}{Jon Hood}{Initial Release of PS Policy}
148 | \end{Revision}
149 | \newpage
150 | 
151 | %generate a table of contents
152 | \setcounter{tocdepth}{2}
153 | \tableofcontents
154 | \cleardoublepage % go to next right-side page
155 | 
156 | %reset the page counter for the regular pages
157 | \setcounter{page}{1}
158 | \doublespacing
159 | \pagenumbering{arabic} %use standard numbers for the page number
160 | 
161 | \section{Background}
162 | 
163 | STIGQter is an open source tool used to perform RMF and STIG compliance mapping. As an open-source application, PS is performed by the STIGQter administrators on GitHub at \url{https://github.com/squinky86/STIGQter}.
164 | 
165 | \section{Purpose}
166 | 
167 | This documentation is meant to satisfy Personnel Security (PS) requirements for RMF and detail what pieces of a PS policy may be covered by this application. PS requirements of roles (Section~\ref{sec:roles}) and their responsibilities (Section~\ref{sec:responsibilities}) support authentication of the software.
168 | 
169 | \section{Scope}
170 | 
171 | The PS policy details the privacy responsibilities of administrators.
172 | 
173 | \section{Roles}
174 | \label{sec:roles}
175 | 
176 | The following role(s) are defined as being applicable to STIGQter execution:
177 | \begin{enumerate}
178 | 	\item \textbf{User} -- The user of the software is defined as the individual account given permissions to execute the software.
179 | \end{enumerate}
180 | 
181 | The following role(s) are defined as being applicable to STIGQter GitHub administration:
182 | \begin{enumerate}
183 | 	\item \textbf{Administrator} -- An administrator of the STIGQter GitHub project
184 | \end{enumerate}
185 | 
186 | \section{Responsibilities}
187 | \label{sec:responsibilities}
188 | 
189 | The Administrator role is responsible for any AR requirements listed here.
190 | 
191 | \section{Management Commitment}
192 | 
193 | STIGQter Accountability, Audit, and Risk Management policies are reviewed annually in an approved open source repository for maximum visibility and distribution.
194 | 
195 | \section{Coordination}
196 | 
197 | No coordination with other organizations is required to operate this software.
198 | 
199 | \section{RMF Control Compliance}
200 | 
201 | All personnel security requirements take place full and open in the Github repository. The nature of open source software is to provide maximum visibility into the PS process.
202 | 
203 | \subsection{PS-6 -- Access Agreements}
204 | 
205 | \paragraph{Applicable CCIs:} None
206 | 
207 | \paragraph{Non-Applicable CCIs:} CCI-1531, CCI-1532, CCI-1533, CCI-3035, CCI-3036, CCI-3037
208 | 
209 | The software is assessed below the system level. There is no system in the boundary that requires agreements between organizations. As open source software, there are no access restrictions.
210 | 
211 | \clearpage
212 | \printbibliography
213 | 
214 | \end{document}
215 | 


--------------------------------------------------------------------------------