From 00c690f516b9ae00254e3a007a4accf8a205d2c1 Mon Sep 17 00:00:00 2001
From: Kota Kanbe <kotakanbe@gmail.com>
Date: Thu, 2 Nov 2017 17:02:06 +0900
Subject: [PATCH] Add pseudo server type for non-ssh scanning (only cpe scan)
 #512 (#531)

* Add pseudo server type for non-ssh scanning (only cpe scan) #512

* Don't check hostname for pseudo type

* Update README.md
---
 README.ja.md         | 17 +++++++++++-
 README.md            | 17 ++++++++++++
 commands/discover.go |  1 +
 config/config.go     |  8 ++++++
 config/tomlloader.go |  4 ++-
 report/report.go     |  2 ++
 scan/pseudo.go       | 66 ++++++++++++++++++++++++++++++++++++++++++++
 scan/serverapi.go    |  6 +++-
 8 files changed, 118 insertions(+), 3 deletions(-)
 create mode 100644 scan/pseudo.go

diff --git a/README.ja.md b/README.ja.md
index 511f20af..816e67fc 100644
--- a/README.ja.md
+++ b/README.ja.md
@@ -91,7 +91,7 @@ Table of Contents
       * [Example: Use MySQL as a DB storage back-end](#example-use-mysql-as-a-db-storage-back-end)
       * [Example: Use PostgreSQL as a DB storage back-end](#example-use-postgresql-as-a-db-storage-back-end)
       * [Example: Use Redis as a DB storage back-end](#example-use-redis-as-a-db-storage-back-end)
-   * [Usage: Scan vulnerability of non-OS package](#usage-scan-vulnerability-of-non-os-package)
+   * [Usage: Scan vulnerability of non-OS package](#usage-scan-vulnerabilites-of-non-os-packages)
    * [Usage: Integrate with OWASP Dependency Check to Automatic update when the libraries are updated (Experimental)](#usage-integrate-with-owasp-dependency-check-to-automatic-update-when-the-libraries-are-updated-experimental)
    * [Usage: TUI](#usage-tui)
       * [Display the latest scan results](#display-the-latest-scan-results)
@@ -721,6 +721,7 @@ host         = "172.31.4.82"
 #port        = "22"
 #user        = "root"
 #keyPath     = "/home/username/.ssh/id_rsa"
+#type 		 = "pseudo"
 #cpeNames = [
 #  "cpe:/a:rubyonrails:ruby_on_rails:4.2.1",
 #]
@@ -831,6 +832,7 @@ host         = "172.31.4.82"
     #cpeNames = [
     #  "cpe:/a:rubyonrails:ruby_on_rails:4.2.1",
     #]
+    #type 		 = "pseudo"
     #ignoreCves = ["CVE-2016-6314"]
     #optional = [
     #    ["key", "value"],
@@ -847,6 +849,7 @@ host         = "172.31.4.82"
     - port: SSH Port number
     - user: SSH username
     - keyPath: SSH private key path
+    - type: "pseudo" for non-ssh scanning. see [#531](https://github.com/future-architect/vuls/pull/531)
     - cpeNames: see [Usage: Scan vulnerability of non-OS package](#usage-scan-vulnerability-of-non-os-package)
     - ignoreCves: CVE IDs that will not be reported. But output to JSON file.
     - optional: JSONレポートに含めたい追加情報
@@ -1601,6 +1604,18 @@ Vulsは、[CPE](https://nvd.nist.gov/cpe.cfm)に登録されているソフト
     ]
     ```
 
+- Configuration  
+ネットワーク機器など、スキャン対象にSSH接続しない場合は`type="pseudo"`を指定する。 
+    ```
+    [servers]
+
+    [servers.172-31-4-82]
+	type = "pseudo"
+    cpeNames = [
+      "cpe:/a:rubyonrails:ruby_on_rails:4.2.1",
+    ]
+    ```
+
 
 # Usage: Integrate with OWASP Dependency Check to Automatic update when the libraries are updated (Experimental)
 [OWASP Dependency check](https://www.owasp.org/index.php/OWASP_Dependency_Check) は、プログラミング言語のライブラリを特定し（CPEを推測）、公開済みの脆弱性を検知するツール。
diff --git a/README.md b/README.md
index 6c2082f7..b9ea6593 100644
--- a/README.md
+++ b/README.md
@@ -735,6 +735,7 @@ host         = "172.31.4.82"
 #port        = "22"
 #user        = "root"
 #keyPath     = "/home/username/.ssh/id_rsa"
+#type 		 = "pseudo"
 #cpeNames = [
 #  "cpe:/a:rubyonrails:ruby_on_rails:4.2.1",
 #]
@@ -839,6 +840,7 @@ You can customize your configuration using this template.
     #port        = "22"
     #user        = "root"
     #keyPath     = "/home/username/.ssh/id_rsa"
+    #type 		 = "pseudo"
     #cpeNames = [
     #  "cpe:/a:rubyonrails:ruby_on_rails:4.2.1",
     #]
@@ -858,6 +860,7 @@ You can customize your configuration using this template.
     - port: SSH Port number
     - user: SSH username
     - keyPath: SSH private key path
+    - type: "pseudo" for non-ssh scanning. see [#531](https://github.com/future-architect/vuls/pull/531)
     - cpeNames: see [Usage: Scan vulnerability of non-OS package](#usage-scan-vulnerability-of-non-os-package)
     - ignoreCves: CVE IDs that will not be reported. But output to JSON file.
     - optional: Add additional information to JSON report.
@@ -1613,6 +1616,20 @@ To detect the vulnerability of Ruby on Rails v4.2.1, cpeNames needs to be set in
     ]
     ```
 
+- type="pseudo"
+Specify this when you want to detect vulnerability by specifying cpename without SSH connection.
+The pseudo type does not do anything when scanning.
+Search for NVD at report time and detect vulnerability of software specified as cpenamae.
+    ```
+    [servers]
+
+    [servers.172-31-4-82]
+	type = "pseudo"
+    cpeNames = [
+      "cpe:/a:rubyonrails:ruby_on_rails:4.2.1",
+    ]
+    ```
+
 # Usage: Integrate with OWASP Dependency Check to Automatic update when the libraries are updated (Experimental)
 [OWASP Dependency check](https://www.owasp.org/index.php/OWASP_Dependency_Check) is a utility that identifies project dependencies and checks if there are any known, publicly disclosed, vulnerabilities.
 
diff --git a/commands/discover.go b/commands/discover.go
index 5de668ab..35cd3581 100644
--- a/commands/discover.go
+++ b/commands/discover.go
@@ -132,6 +132,7 @@ host         = "{{$ip}}"
 #port        = "22"
 #user        = "root"
 #keyPath     = "/home/username/.ssh/id_rsa"
+#type 		 = "pseudo"
 #cpeNames = [
 #  "cpe:/a:rubyonrails:ruby_on_rails:4.2.1",
 #]
diff --git a/config/config.go b/config/config.go
index e8f9c7e8..bb10e28a 100644
--- a/config/config.go
+++ b/config/config.go
@@ -78,6 +78,11 @@ const (
 	SUSEOpenstackCloud = "suse.openstack.cloud"
 )
 
+const (
+	// ServerTypePseudo is used for ServerInfo.Type
+	ServerTypePseudo = "pseudo"
+)
+
 //Config is struct of Configuration
 type Config struct {
 	Debug    bool
@@ -446,6 +451,9 @@ type ServerInfo struct {
 	// For CentOS, RHEL, Amazon
 	Enablerepo []string
 
+	// "pseudo" or ""
+	Type string
+
 	// used internal
 	LogMsgAnsiColor string // DebugLog Color
 	Container       Container
diff --git a/config/tomlloader.go b/config/tomlloader.go
index 1cadd8cc..4c9b04dd 100644
--- a/config/tomlloader.go
+++ b/config/tomlloader.go
@@ -62,7 +62,7 @@ func (c TOMLLoader) Load(pathToToml, keyPass string) error {
 		s := ServerInfo{ServerName: name}
 
 		s.Host = v.Host
-		if len(s.Host) == 0 {
+		if len(s.Host) == 0 && v.Type != ServerTypePseudo {
 			return fmt.Errorf("%s is invalid. host is empty", name)
 		}
 
@@ -175,6 +175,8 @@ func (c TOMLLoader) Load(pathToToml, keyPass string) error {
 			}
 		}
 
+		s.Type = v.Type
+
 		s.LogMsgAnsiColor = Colors[i%len(Colors)]
 		i++
 
diff --git a/report/report.go b/report/report.go
index 6314fb52..0bd2c3dd 100644
--- a/report/report.go
+++ b/report/report.go
@@ -183,6 +183,8 @@ func FillWithOval(r *models.ScanResult) (err error) {
 		ovalFamily = c.SUSEEnterpriseServer
 	case c.Amazon, c.Raspbian, c.FreeBSD, c.Windows:
 		return nil
+	case c.ServerTypePseudo:
+		return nil
 	default:
 		return fmt.Errorf("OVAL for %s is not implemented yet", r.Family)
 	}
diff --git a/scan/pseudo.go b/scan/pseudo.go
new file mode 100644
index 00000000..0b99d8d2
--- /dev/null
+++ b/scan/pseudo.go
@@ -0,0 +1,66 @@
+/* Vuls - Vulnerability Scanner
+Copyright (C) 2016  Future Architect, Inc. Japan.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package scan
+
+import (
+	"github.com/future-architect/vuls/config"
+	"github.com/future-architect/vuls/models"
+	"github.com/future-architect/vuls/util"
+)
+
+// inherit OsTypeInterface
+type pseudo struct {
+	base
+}
+
+func detectPseudo(c config.ServerInfo) (itsMe bool, pseudo osTypeInterface, err error) {
+	p := newPseudo(c)
+	p.setDistro(config.ServerTypePseudo, "")
+	return c.Type == config.ServerTypePseudo, p, nil
+}
+
+func newPseudo(c config.ServerInfo) *pseudo {
+	d := &pseudo{
+		base: base{
+			osPackages: osPackages{
+				Packages:  models.Packages{},
+				VulnInfos: models.VulnInfos{},
+			},
+		},
+	}
+	d.log = util.NewCustomLogger(c)
+	d.setServerInfo(c)
+	return d
+}
+
+func (o *pseudo) checkIfSudoNoPasswd() error {
+	return nil
+}
+
+func (o *pseudo) checkDependencies() error {
+	return nil
+}
+
+func (o *pseudo) scanPackages() error {
+	return nil
+}
+
+func (o *pseudo) detectPlatform() {
+	o.setPlatform(models.Platform{Name: "other"})
+	return
+}
diff --git a/scan/serverapi.go b/scan/serverapi.go
index 7d1cc507..75e6671b 100644
--- a/scan/serverapi.go
+++ b/scan/serverapi.go
@@ -41,7 +41,6 @@ type osTypeInterface interface {
 	detectPlatform()
 	getPlatform() models.Platform
 
-	// checkDependencies checks if dependencies are installed on the target server.
 	checkDependencies() error
 	checkIfSudoNoPasswd() error
 
@@ -75,6 +74,11 @@ func detectOS(c config.ServerInfo) (osType osTypeInterface) {
 	var itsMe bool
 	var fatalErr error
 
+	if itsMe, osType, _ = detectPseudo(c); itsMe {
+		util.Log.Debugf("Pseudo")
+		return
+	}
+
 	itsMe, osType, fatalErr = detectDebian(c)
 	if fatalErr != nil {
 		osType.setErrs([]error{