Stage/vuls
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add pseudo server type for non-ssh scanning (only cpe scan) #512 (#531)

Browse Source 
* Add pseudo server type for non-ssh scanning (only cpe scan) #512

* Don't check hostname for pseudo type

* Update README.md
This commit is contained in:
Kota Kanbe
2017-11-02 17:02:06 +09:00
committed by GitHub
parent ab68ad5cc5
commit 00c690f516
8 changed files with 118 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
README.ja.md
View File

@@ -91,7 +91,7 @@ Table of Contents
* [Example: Use MySQL as a DB storage back-end](#example-use-mysql-as-a-db-storage-back-end)
* [Example: Use PostgreSQL as a DB storage back-end](#example-use-postgresql-as-a-db-storage-back-end)
* [Example: Use Redis as a DB storage back-end](#example-use-redis-as-a-db-storage-back-end)
* [Usage: Scan vulnerability of non-OS package](#usage-scan-vulnerability-of-non-os-package)
* [Usage: Scan vulnerability of non-OS package](#usage-scan-vulnerabilites-of-non-os-packages)
* [Usage: Integrate with OWASP Dependency Check to Automatic update when the libraries are updated (Experimental)](#usage-integrate-with-owasp-dependency-check-to-automatic-update-when-the-libraries-are-updated-experimental)
* [Usage: TUI](#usage-tui)
* [Display the latest scan results](#display-the-latest-scan-results)
@@ -721,6 +721,7 @@ host = "172.31.4.82"
#port = "22"
#user = "root"
#keyPath = "/home/username/.ssh/id_rsa"
#type = "pseudo"
#cpeNames = [
# "cpe:/a:rubyonrails:ruby_on_rails:4.2.1",
#]
@@ -831,6 +832,7 @@ host = "172.31.4.82"
#cpeNames = [
# "cpe:/a:rubyonrails:ruby_on_rails:4.2.1",
#]
#type = "pseudo"
#ignoreCves = ["CVE-2016-6314"]
#optional = [
# ["key", "value"],
@@ -847,6 +849,7 @@ host = "172.31.4.82"
- port: SSH Port number
- user: SSH username
- keyPath: SSH private key path
- type: "pseudo" for non-ssh scanning. see [#531](https://github.com/future-architect/vuls/pull/531)
- cpeNames: see [Usage: Scan vulnerability of non-OS package](#usage-scan-vulnerability-of-non-os-package)
- ignoreCves: CVE IDs that will not be reported. But output to JSON file.
- optional: JSONレポートに含めたい追加情報
@@ -1601,6 +1604,18 @@ Vulsは、[CPE](https://nvd.nist.gov/cpe.cfm)に登録されているソフト
]
```
- Configuration
ネットワーク機器など、スキャン対象にSSH接続しない場合は`type="pseudo"`を指定する。
```
[servers]
[servers.172-31-4-82]
type = "pseudo"
cpeNames = [
"cpe:/a:rubyonrails:ruby_on_rails:4.2.1",
]
```
# Usage: Integrate with OWASP Dependency Check to Automatic update when the libraries are updated (Experimental)
[OWASP Dependency check](https://www.owasp.org/index.php/OWASP_Dependency_Check) は、プログラミング言語のライブラリを特定しCPEを推測、公開済みの脆弱性を検知するツール。

17
README.md
View File

@@ -735,6 +735,7 @@ host = "172.31.4.82"
#port = "22"
#user = "root"
#keyPath = "/home/username/.ssh/id_rsa"
#type = "pseudo"
#cpeNames = [
# "cpe:/a:rubyonrails:ruby_on_rails:4.2.1",
#]
@@ -839,6 +840,7 @@ You can customize your configuration using this template.
#port = "22"
#user = "root"
#keyPath = "/home/username/.ssh/id_rsa"
#type = "pseudo"
#cpeNames = [
# "cpe:/a:rubyonrails:ruby_on_rails:4.2.1",
#]
@@ -858,6 +860,7 @@ You can customize your configuration using this template.
- port: SSH Port number
- user: SSH username
- keyPath: SSH private key path
- type: "pseudo" for non-ssh scanning. see [#531](https://github.com/future-architect/vuls/pull/531)
- cpeNames: see [Usage: Scan vulnerability of non-OS package](#usage-scan-vulnerability-of-non-os-package)
- ignoreCves: CVE IDs that will not be reported. But output to JSON file.
- optional: Add additional information to JSON report.
@@ -1613,6 +1616,20 @@ To detect the vulnerability of Ruby on Rails v4.2.1, cpeNames needs to be set in
]
```
- type="pseudo"
Specify this when you want to detect vulnerability by specifying cpename without SSH connection.
The pseudo type does not do anything when scanning.
Search for NVD at report time and detect vulnerability of software specified as cpenamae.
```
[servers]
[servers.172-31-4-82]
type = "pseudo"
cpeNames = [
"cpe:/a:rubyonrails:ruby_on_rails:4.2.1",
]
```
# Usage: Integrate with OWASP Dependency Check to Automatic update when the libraries are updated (Experimental)
[OWASP Dependency check](https://www.owasp.org/index.php/OWASP_Dependency_Check) is a utility that identifies project dependencies and checks if there are any known, publicly disclosed, vulnerabilities.

1
commands/discover.go
View File

@@ -132,6 +132,7 @@ host = "{{$ip}}"
#port = "22"
#user = "root"
#keyPath = "/home/username/.ssh/id_rsa"
#type = "pseudo"
#cpeNames = [
# "cpe:/a:rubyonrails:ruby_on_rails:4.2.1",
#]

8
config/config.go
View File

@@ -78,6 +78,11 @@ const (
SUSEOpenstackCloud = "suse.openstack.cloud"
)
const (
// ServerTypePseudo is used for ServerInfo.Type
ServerTypePseudo = "pseudo"
)
//Config is struct of Configuration
type Config struct {
Debug bool
@@ -446,6 +451,9 @@ type ServerInfo struct {
// For CentOS, RHEL, Amazon
Enablerepo []string
// "pseudo" or ""
Type string
// used internal
LogMsgAnsiColor string // DebugLog Color
Container Container

4
config/tomlloader.go
View File

@@ -62,7 +62,7 @@ func (c TOMLLoader) Load(pathToToml, keyPass string) error {
s := ServerInfo{ServerName: name}
s.Host = v.Host
if len(s.Host) == 0 {
if len(s.Host) == 0 && v.Type != ServerTypePseudo {
return fmt.Errorf("%s is invalid. host is empty", name)
}
@@ -175,6 +175,8 @@ func (c TOMLLoader) Load(pathToToml, keyPass string) error {
}
}
s.Type = v.Type
s.LogMsgAnsiColor = Colors[i%len(Colors)]
i++

2
report/report.go
View File

@@ -183,6 +183,8 @@ func FillWithOval(r *models.ScanResult) (err error) {
ovalFamily = c.SUSEEnterpriseServer
case c.Amazon, c.Raspbian, c.FreeBSD, c.Windows:
return nil
case c.ServerTypePseudo:
return nil
default:
return fmt.Errorf("OVAL for %s is not implemented yet", r.Family)
}

66
scan/pseudo.go Normal file
View File

@@ -0,0 +1,66 @@
/* Vuls - Vulnerability Scanner
Copyright (C) 2016 Future Architect, Inc. Japan.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package scan
import (
"github.com/future-architect/vuls/config"
"github.com/future-architect/vuls/models"
"github.com/future-architect/vuls/util"
)
// inherit OsTypeInterface
type pseudo struct {
base
}
func detectPseudo(c config.ServerInfo) (itsMe bool, pseudo osTypeInterface, err error) {
p := newPseudo(c)
p.setDistro(config.ServerTypePseudo, "")
return c.Type == config.ServerTypePseudo, p, nil
}
func newPseudo(c config.ServerInfo) *pseudo {
d := &pseudo{
base: base{
osPackages: osPackages{
Packages: models.Packages{},
VulnInfos: models.VulnInfos{},
},
},
}
d.log = util.NewCustomLogger(c)
d.setServerInfo(c)
return d
}
func (o *pseudo) checkIfSudoNoPasswd() error {
return nil
}
func (o *pseudo) checkDependencies() error {
return nil
}
func (o *pseudo) scanPackages() error {
return nil
}
func (o *pseudo) detectPlatform() {
o.setPlatform(models.Platform{Name: "other"})
return
}

6
scan/serverapi.go
View File

@@ -41,7 +41,6 @@ type osTypeInterface interface {
detectPlatform()
getPlatform() models.Platform
// checkDependencies checks if dependencies are installed on the target server.
checkDependencies() error
checkIfSudoNoPasswd() error
@@ -75,6 +74,11 @@ func detectOS(c config.ServerInfo) (osType osTypeInterface) {
var itsMe bool
var fatalErr error
if itsMe, osType, _ = detectPseudo(c); itsMe {
util.Log.Debugf("Pseudo")
return
}
itsMe, osType, fatalErr = detectDebian(c)
if fatalErr != nil {
osType.setErrs([]error{