eChecklist status case insensitivity

[JeffOdegard]

It is possible, and in our experience, a common occurrence for security analysts to hand-enter the status as "not a finding" 'Not a finding" "Not A Finding", etc, which causes an error when the eChecklist is imported. This has happened on almost every test we've done, in spite of training...

This is because the data validation in Excel is case insensitive, so there is no way to guarantee this will never happen. The best solution is to make the status checks case insensitive in parse_echecklist.php.

[JeffOdegard]

How about this: parse_excel_echecklist.php ~ line 301, right after it's read in from the spreadsheet:

User input could be case-mangled. Make case-insensitive

        if preg_match("/not a finding/i", $status) {
            $status = "Not a Finding";
        } elseif preg_match("/not applicable/i", $status) {
            $status = "Not Applicable";
        } elseif preg_match("/open/i", $status) {
            $status = "Open";
        } elseif preg_match("/exclusion/i", $status) {
            $status = "Exclusion";
        } elseif preg_match("/false positive/i", $status) {
            $status = "False Positive";
        } elseif preg_match("/not reviewed/i", $status) {
            $status = "Not Reviewed";
        } elseif preg_match("/no data/i", $status) {
            $status = "No Data";
        }

[godsgood33]

There's a little more to it than that. I'm working on the fix.

[godsgood33]

Figured out how to hard code the values, so that is case-sensitive. Invalid selections receive a "retry" or "cancel" option. Retry will allow the user to select a different option...cancel will change the cell back to what it was prior to the change.