0
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
1 # -*- encoding: utf-8 -*- |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
2 # Description: |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
3 # Module related to the rendering of a Security Advisory. |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
4 # |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
5 # Authors: |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
6 # BenoƮt Allard <benoit.allard@greenbone.net> |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
7 # |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
8 # Copyright: |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
9 # Copyright (C) 2014 Greenbone Networks GmbH |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
10 # |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
11 # This program is free software; you can redistribute it and/or |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
12 # modify it under the terms of the GNU General Public License |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
13 # as published by the Free Software Foundation; either version 2 |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
14 # of the License, or (at your option) any later version. |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
15 # |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
16 # This program is distributed in the hope that it will be useful, |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
17 # but WITHOUT ANY WARRANTY; without even the implied warranty of |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
18 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
19 # GNU General Public License for more details. |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
20 # |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
21 # You should have received a copy of the GNU General Public License |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
22 # along with this program; if not, write to the Free Software |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
23 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
24 |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
25 from __future__ import print_function |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
26 |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
27 import os |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
28 import sys |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
29 from datetime import datetime |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
30 import jinja2 |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
31 |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
32 from .parsers import cvrf |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
33 from .utils import utcnow |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
34 |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
35 # Supported Red Hat OSes for parsing. The value is as used in |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
36 # gather-package-list.nasl to set "ssh/login/release" |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
37 # Refer to that file, or the lsc_generator for a complete list. |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
38 OS_MAP = { |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
39 'Red Hat Enterprise Linux Server (v. 7)' : 'RHENT_7', |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
40 'Red Hat Enterprise Linux Server (v. 6)' : 'RHENT_6', |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
41 'Red Hat Enterprise Linux Workstation (v. 6)' : 'RHENT_6', |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
42 'Red Hat Enterprise Linux Desktop (v. 6)' : 'RHENT_6', |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
43 'Red Hat Enterprise Linux Desktop 6' : 'RHENT_6', |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
44 'Red Hat Enterprise Linux (v. 5 server)' : 'RHENT_5', |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
45 'Red Hat Enterprise Linux ES version 2.1' : 'RHENT_2.1', |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
46 'Red Hat Enterprise Linux WS version 2.1' : 'RHENT_2.1', |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
47 'Red Hat Enterprise Linux AS version 3' : 'RHENT_3', |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
48 'Red Hat Enterprise Linux ES version 3' : 'RHENT_3', |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
49 'Red Hat Enterprise Linux WS version 3' : 'RHENT_3', |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
50 'Red Hat Enterprise Linux AS version 4' : 'RHENT_4', |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
51 'Red Hat Enterprise Linux ES version 4' : 'RHENT_4', |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
52 'Red Hat Enterprise Linux WS version 4' : 'RHENT_4', |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
53 'Red Hat Enterprise Linux AS (Advanced Server) version 2.1' : 'RHENT_2.1', |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
54 } |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
55 |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
56 def calculateRiskFactor(cvss_score, debug=0): |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
57 """ |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
58 Calculates and Return Risk Factor given CVSS Base Score |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
59 """ |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
60 cvss_score = float(cvss_score) |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
61 |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
62 for high, name in [ |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
63 (2, 'Low'), |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
64 (5, 'Medium'), |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
65 (8, 'High'), |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
66 (10, 'Critical')]: |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
67 if cvss_score <= high: |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
68 return name |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
69 |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
70 |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
71 def getReleaseName(os_name): |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
72 return OS_MAP.get(os_name, 'UNKNOWN') |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
73 |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
74 def getPackageName(rpm_name): |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
75 return rpm_name.split('-')[0] |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
76 |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
77 def PackageNameForrpmvuln(package_name): |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
78 package_name = package_name.rstrip('.src.rpm|.x86_64.rpm') |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
79 return (package_name.replace('-', '~')) |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
80 |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
81 def render(cvrf, templatepath, **kwargs): |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
82 |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
83 red_hat = False |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
84 script_family = "" |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
85 os_cpe = "" |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
86 ## check the platform |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
87 if "Red Hat Security Advisory" in cvrf._title: |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
88 red_hat = True |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
89 script_family = "Red Hat Local Security Checks" |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
90 os_cpe = "cpe:/o:redhat:enterprise_linux" |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
91 |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
92 # product_id = cvrf._vulnerabilities[0]._productstatuses[0]._productids |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
93 # print (product_id) |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
94 # for eachid in cvrf._vulnerabilities[0]._productstatuses[0]._productids: |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
95 # print(cvrf.getProductForID(eachid)._name) |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
96 # |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
97 # print("productnames") |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
98 # print(', '.join(p._name for p in cvrf.getProductList())) |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
99 |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
100 |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
101 |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
102 templatedir = os.path.join(os.path.dirname(__file__), 'templates') |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
103 templateLoader = jinja2.FileSystemLoader(searchpath=templatedir) |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
104 templateEnv = jinja2.Environment( |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
105 loader=templateLoader, |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
106 extensions=['jinja2.ext.with_'] |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
107 ) |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
108 |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
109 templateEnv.filters['risk_factor'] = calculateRiskFactor |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
110 templateEnv.filters['release_map'] = getReleaseName |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
111 templateEnv.filters['package_name'] = getPackageName |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
112 templateEnv.filters['for_rpmvuln'] = PackageNameForrpmvuln |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
113 |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
114 template = templateEnv.get_template(templatepath) |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
115 |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
116 |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
117 |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
118 templateVars = { |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
119 "cvrf": cvrf, |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
120 "script_id": 0, |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
121 "now" : utcnow(), |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
122 "red_hat": red_hat, |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
123 "script_family" : script_family, |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
124 "os_cpe" : os_cpe, |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
125 |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
126 } |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
127 |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
128 templateVars.update(kwargs) |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
129 |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
130 return template.render(templateVars) |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
131 |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
132 def main(cvrfpath, templatepath): |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
133 |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
134 with open(cvrfpath, 'rt') as f: |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
135 cvrfdoc = cvrf.parse(f) |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
136 |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
137 outputText = render(cvrfdoc, templatepath) |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
138 |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
139 adv_id = cvrfdoc._tracking._identification._id |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
140 if adv_id : |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
141 file_name = adv_id.replace(":", "_"); |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
142 file_name = "gb_" + file_name + "." + os.path.basename(templatepath).split('.')[0] |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
143 |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
144 with open(file_name, 'w') as file_handle: |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
145 file_handle.write(outputText) |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
146 print("file written to:", file_name) |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
147 |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
148 if __name__ == "__main__": |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
149 import sys |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
150 template = "nasl.j2" |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
151 if len(sys.argv) >= 3: |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
152 template = sys.argv[2] |
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
153 main(sys.argv[1], template) |