Getting the data from the DB into the PHP Classes

17 Jun, 2009  Uncategorized

This is just an example. I have no idea how you store your data. This is the method that works for my database framework. You can see where it queries the DB and then calls the classes I posted earler. This code loops through all the vulnerability scan records in the database for the current day. You would need to print the arrays somewhere to make it useful.

//I keep all my DB Login details in a separate file
include_once 'includes/db.php';
 
$myCvss = new cvss_details();
 
//Get Info From DB:
$result = mysql_query("SELECT vulns.server, vulns.cve_number, assets.business_risk, assets.data_risk, assets.location_risk, nvd_cve.cvss_score, nvd_cve.cvss_access_vector, nvd_cve.cvss_access_complexity, nvd_cve.cvss_authentication, nvd_cve.cvss_confidentiality_impact, nvd_cve.cvss_integrity_impact, nvd_cve.cvss_availability_impact FROM `vulns` LEFT JOIN (assets,nvd_cve) ON (assets.server=vulns.server AND nvd_cve.cve=vulns.cve_number) WHERE vulns.report_date = CURDATE()");
 
while ($row = mysql_fetch_array($result))
{
	$myCvss = new cvss_details();
 
	//debug defines
	$myCvss->set_cve_number($row['cve_number']);
	$myCvss->set_nist_cvss($row['cvss_score']);
	$myCvss->set_server($row['server']);
 
	//Define Base Score Details
	//Exploitability Metrics
	$myCvss->set_access_vector($row['cvss_access_vector']);
	$myCvss->set_access_complexity($row['cvss_access_complexity']);
	$myCvss->set_authentication($row['cvss_authentication']);
	//Impact Metrics
	$myCvss->set_conf_impact($row['cvss_confidentiality_impact']);
	$myCvss->set_integ_impact($row['cvss_integrity_impact']);
	$myCvss->set_avail_impact($row['cvss_availability_impact']);
 
	//Environmental Score Metrics
	//General Modifiers
	$myCvss->set_collateral_damage_potential("");
	$myCvss->set_target_distribution("");
	//Impact Subscore Modifiers
	$myCvss->set_conf_req($row['data_risk']);
	$myCvss->set_integ_req($row['location_risk']);
	$myCvss->set_avail_req($row['business_risk']);
 
	//Temporal Score Metrics
	$myCvss->set_exploitability("");
	$myCvss->set_remediation_level("");
	$myCvss->set_report_confidence("");
 
	$server_name[] = $row['server'];
	$cve_number[] = $row['cve_number'];
	$cvss_base_score[] = $row['cvss_score'];
 
	$calc = new calculate_cvss();
	$cvss_overall_score[] = round($calc->calculate($myCvss),1);	
}

Leave a Comment

Name: (Required)

E-mail: (Required)

Website:

Comment: