benoit@0: # -*- encoding: utf-8 -*- benoit@0: # Description: benoit@0: # Module related to the rendering of a Security Advisory. benoit@0: # benoit@0: # Authors: benoit@0: # BenoƮt Allard benoit@0: # benoit@0: # Copyright: benoit@0: # Copyright (C) 2014 Greenbone Networks GmbH benoit@0: # benoit@0: # This program is free software; you can redistribute it and/or benoit@0: # modify it under the terms of the GNU General Public License benoit@0: # as published by the Free Software Foundation; either version 2 benoit@0: # of the License, or (at your option) any later version. benoit@0: # benoit@0: # This program is distributed in the hope that it will be useful, benoit@0: # but WITHOUT ANY WARRANTY; without even the implied warranty of benoit@0: # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the benoit@0: # GNU General Public License for more details. benoit@0: # benoit@0: # You should have received a copy of the GNU General Public License benoit@0: # along with this program; if not, write to the Free Software benoit@0: # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. benoit@0: benoit@0: from __future__ import print_function benoit@0: benoit@0: import os benoit@0: import jinja2 benoit@0: benoit@0: from .parsers import cvrf benoit@0: from .utils import utcnow benoit@0: benoit@0: # Supported Red Hat OSes for parsing. The value is as used in benoit@0: # gather-package-list.nasl to set "ssh/login/release" benoit@0: # Refer to that file, or the lsc_generator for a complete list. benoit@0: OS_MAP = { benoit@0: 'Red Hat Enterprise Linux Server (v. 7)' : 'RHENT_7', benoit@0: 'Red Hat Enterprise Linux Server (v. 6)' : 'RHENT_6', benoit@0: 'Red Hat Enterprise Linux Workstation (v. 6)' : 'RHENT_6', benoit@0: 'Red Hat Enterprise Linux Desktop (v. 6)' : 'RHENT_6', benoit@0: 'Red Hat Enterprise Linux Desktop 6' : 'RHENT_6', benoit@0: 'Red Hat Enterprise Linux (v. 5 server)' : 'RHENT_5', benoit@0: 'Red Hat Enterprise Linux ES version 2.1' : 'RHENT_2.1', benoit@0: 'Red Hat Enterprise Linux WS version 2.1' : 'RHENT_2.1', benoit@0: 'Red Hat Enterprise Linux AS version 3' : 'RHENT_3', benoit@0: 'Red Hat Enterprise Linux ES version 3' : 'RHENT_3', benoit@0: 'Red Hat Enterprise Linux WS version 3' : 'RHENT_3', benoit@0: 'Red Hat Enterprise Linux AS version 4' : 'RHENT_4', benoit@0: 'Red Hat Enterprise Linux ES version 4' : 'RHENT_4', benoit@0: 'Red Hat Enterprise Linux WS version 4' : 'RHENT_4', benoit@0: 'Red Hat Enterprise Linux AS (Advanced Server) version 2.1' : 'RHENT_2.1', benoit@0: } benoit@0: benoit@36: def calculateRiskFactor(cvss_score): benoit@0: """ benoit@0: Calculates and Return Risk Factor given CVSS Base Score benoit@0: """ benoit@0: cvss_score = float(cvss_score) benoit@0: benoit@0: for high, name in [ benoit@0: (2, 'Low'), benoit@0: (5, 'Medium'), benoit@0: (8, 'High'), benoit@0: (10, 'Critical')]: benoit@0: if cvss_score <= high: benoit@0: return name benoit@0: benoit@0: benoit@0: def getReleaseName(os_name): benoit@0: return OS_MAP.get(os_name, 'UNKNOWN') benoit@0: benoit@0: def getPackageName(rpm_name): benoit@0: return rpm_name.split('-')[0] benoit@0: benoit@0: def PackageNameForrpmvuln(package_name): benoit@0: package_name = package_name.rstrip('.src.rpm|.x86_64.rpm') benoit@0: return (package_name.replace('-', '~')) benoit@0: benoit@0: def render(cvrf, templatepath, **kwargs): benoit@0: benoit@0: red_hat = False benoit@0: script_family = "" benoit@0: os_cpe = "" benoit@0: ## check the platform benoit@0: if "Red Hat Security Advisory" in cvrf._title: benoit@0: red_hat = True benoit@0: script_family = "Red Hat Local Security Checks" benoit@0: os_cpe = "cpe:/o:redhat:enterprise_linux" benoit@0: benoit@0: # product_id = cvrf._vulnerabilities[0]._productstatuses[0]._productids benoit@0: # print (product_id) benoit@0: # for eachid in cvrf._vulnerabilities[0]._productstatuses[0]._productids: benoit@0: # print(cvrf.getProductForID(eachid)._name) benoit@0: # benoit@0: # print("productnames") benoit@0: # print(', '.join(p._name for p in cvrf.getProductList())) benoit@0: benoit@0: benoit@0: benoit@0: templatedir = os.path.join(os.path.dirname(__file__), 'templates') benoit@0: templateLoader = jinja2.FileSystemLoader(searchpath=templatedir) benoit@0: templateEnv = jinja2.Environment( benoit@0: loader=templateLoader, benoit@0: extensions=['jinja2.ext.with_'] benoit@0: ) benoit@0: benoit@0: templateEnv.filters['risk_factor'] = calculateRiskFactor benoit@0: templateEnv.filters['release_map'] = getReleaseName benoit@0: templateEnv.filters['package_name'] = getPackageName benoit@0: templateEnv.filters['for_rpmvuln'] = PackageNameForrpmvuln benoit@0: benoit@0: template = templateEnv.get_template(templatepath) benoit@0: benoit@0: benoit@0: benoit@0: templateVars = { benoit@0: "cvrf": cvrf, benoit@0: "script_id": 0, benoit@0: "now" : utcnow(), benoit@0: "red_hat": red_hat, benoit@0: "script_family" : script_family, benoit@0: "os_cpe" : os_cpe, benoit@0: benoit@0: } benoit@0: benoit@0: templateVars.update(kwargs) benoit@0: benoit@0: return template.render(templateVars) benoit@0: benoit@0: def main(cvrfpath, templatepath): benoit@0: benoit@0: with open(cvrfpath, 'rt') as f: benoit@0: cvrfdoc = cvrf.parse(f) benoit@0: benoit@0: outputText = render(cvrfdoc, templatepath) benoit@0: benoit@0: adv_id = cvrfdoc._tracking._identification._id benoit@0: if adv_id : benoit@0: file_name = adv_id.replace(":", "_"); benoit@0: file_name = "gb_" + file_name + "." + os.path.basename(templatepath).split('.')[0] benoit@0: benoit@0: with open(file_name, 'w') as file_handle: benoit@0: file_handle.write(outputText) benoit@0: print("file written to:", file_name) benoit@0: benoit@0: if __name__ == "__main__": benoit@0: import sys benoit@0: template = "nasl.j2" benoit@0: if len(sys.argv) >= 3: benoit@0: template = sys.argv[2] benoit@0: main(sys.argv[1], template)