diff --git a/scanner/scanner.go b/scanner/scanner.go index 40767a69..be538899 100644 --- a/scanner/scanner.go +++ b/scanner/scanner.go @@ -170,6 +170,7 @@ func ViaHTTP(header http.Header, body string, toLocalFile bool) (models.ScanResu release := header.Get("X-Vuls-OS-Release") if release == "" { + logging.Log.Debugf("osInfo(systeminfo.exe): %+v", osInfo) release, err = detectOSName(osInfo) if err != nil { return models.ScanResult{}, xerrors.Errorf("Failed to detect os name. err: %w", err) diff --git a/scanner/windows.go b/scanner/windows.go index 4bdbe5b1..1525ff0c 100644 --- a/scanner/windows.go +++ b/scanner/windows.go @@ -60,6 +60,7 @@ func detectWindows(c config.ServerInfo) (bool, osTypeInterface) { return true, w } + w.log.Debugf("osInfo(Registry): %+v", osInfo) release, err := detectOSName(osInfo) if err != nil { w.setErrs([]error{xerrors.Errorf("Failed to detect os name. err: %w", err)}) @@ -79,6 +80,7 @@ func detectWindows(c config.ServerInfo) (bool, osTypeInterface) { return true, w } + w.log.Debugf("osInfo(Get-ComputerInfo): %+v", osInfo) release, err := detectOSName(osInfo) if err != nil { w.setErrs([]error{xerrors.Errorf("Failed to detect os name. err: %w", err)}) @@ -97,6 +99,7 @@ func detectWindows(c config.ServerInfo) (bool, osTypeInterface) { return true, w } + w.log.Debugf("osInfo(Get-WmiObject): %+v", osInfo) release, err := detectOSName(osInfo) if err != nil { w.setErrs([]error{xerrors.Errorf("Failed to detect os name. err: %w", err)}) @@ -115,6 +118,7 @@ func detectWindows(c config.ServerInfo) (bool, osTypeInterface) { return true, w } + w.log.Debugf("osInfo(systeminfo.exe): %+v", osInfo) release, err := detectOSName(osInfo) if err != nil { w.setErrs([]error{xerrors.Errorf("Failed to detect os name. err: %w", err)}) @@ -171,6 +175,8 @@ func parseSystemInfo(stdout string) (osInfo, []string, error) { o.installationType = "Server" case strings.Contains(line, "Workstation"): o.installationType = "Client" + case strings.Contains(line, "Domain Controller"): + o.installationType = "Domain Controller" default: return osInfo{}, nil, xerrors.Errorf("Failed to detect installation type. line: %s", line) } @@ -453,7 +459,7 @@ func parseWmiObject(stdout string) (osInfo, error) { case "2", "3": o.installationType = "Server" case "4", "5": - o.installationType = "Controller" + o.installationType = "Domain Controller" default: return osInfo{}, xerrors.Errorf("Failed to detect Installation Type from DomainRole. err: %s is invalid DomainRole", domainRole) } @@ -546,6 +552,7 @@ func parseRegistry(stdout, arch string) (osInfo, error) { } func detectOSName(osInfo osInfo) (string, error) { + osName, err := detectOSNameFromOSInfo(osInfo) if err != nil { return "", xerrors.Errorf("Failed to detect OS Name from OSInfo: %+v, err: %w", osInfo, err) @@ -562,7 +569,7 @@ func detectOSNameFromOSInfo(osInfo osInfo) (string, error) { return fmt.Sprintf("Microsoft Windows 2000 %s", osInfo.servicePack), nil } return "Microsoft Windows 2000", nil - case "Server": + case "Server", "Domain Controller": if osInfo.servicePack != "" { return fmt.Sprintf("Microsoft Windows 2000 Server %s", osInfo.servicePack), nil } @@ -613,7 +620,7 @@ func detectOSNameFromOSInfo(osInfo osInfo) (string, error) { return fmt.Sprintf("%s %s", n, osInfo.servicePack), nil } return n, nil - case "Server": + case "Server", "Domain Controller": n := "Microsoft Windows Server 2003" if strings.Contains(osInfo.productName, "R2") { n = "Microsoft Windows Server 2003 R2" @@ -647,7 +654,7 @@ func detectOSNameFromOSInfo(osInfo osInfo) (string, error) { return fmt.Sprintf("%s %s", n, osInfo.servicePack), nil } return n, nil - case "Server": + case "Server", "Domain Controller": arch, err := formatArch(osInfo.arch) if err != nil { return "", err @@ -677,7 +684,7 @@ func detectOSNameFromOSInfo(osInfo osInfo) (string, error) { return fmt.Sprintf("Windows 7 for %s Systems %s", arch, osInfo.servicePack), nil } return fmt.Sprintf("Windows 7 for %s Systems", arch), nil - case "Server": + case "Server", "Domain Controller": arch, err := formatArch(osInfo.arch) if err != nil { return "", err @@ -704,7 +711,7 @@ func detectOSNameFromOSInfo(osInfo osInfo) (string, error) { return "", err } return fmt.Sprintf("Windows 8 for %s Systems", arch), nil - case "Server": + case "Server", "Domain Controller": return "Windows Server 2012", nil case "Server Core": return "Windows Server 2012 (Server Core installation)", nil @@ -717,7 +724,7 @@ func detectOSNameFromOSInfo(osInfo osInfo) (string, error) { return "", err } return fmt.Sprintf("Windows 8.1 for %s Systems", arch), nil - case "Server": + case "Server", "Domain Controller": return "Windows Server 2012 R2", nil case "Server Core": return "Windows Server 2012 R2 (Server Core installation)", nil @@ -746,7 +753,7 @@ func detectOSNameFromOSInfo(osInfo osInfo) (string, error) { return "", err } return fmt.Sprintf("%s for %s Systems", name, arch), nil - case "Server": + case "Server", "Nano Server", "Domain Controller": return formatNamebyBuild("Server", osInfo.build) case "Server Core": name, err := formatNamebyBuild("Server", osInfo.build) diff --git a/scanner/windows_test.go b/scanner/windows_test.go index 85822a01..02d9948f 100644 --- a/scanner/windows_test.go +++ b/scanner/windows_test.go @@ -18,7 +18,7 @@ func Test_parseSystemInfo(t *testing.T) { wantErr bool }{ { - name: "happy", + name: "Workstation", args: ` Host Name: DESKTOP OS Name: Microsoft Windows 10 Pro @@ -83,6 +83,120 @@ Hyper-V Requirements: VM Monitor Mode Extensions: Yes }, kbs: []string{"5012117", "4562830", "5003791", "5007401", "5012599", "5011651", "5005699"}, }, + { + name: "Server", + args: ` +Host Name: WIN-RIBN7SM07BK +OS Name: Microsoft Windows Server 2022 Standard +OS Version: 10.0.20348 N/A Build 20348 +OS Manufacturer: Microsoft Corporation +OS Configuration: Standalone Server +OS Build Type: Multiprocessor Free +Registered Owner: Windows User +Registered Organization: +Product ID: 00454-10000-00001-AA483 +Original Install Date: 10/1/2021, 4:15:34 PM +System Boot Time: 10/22/2021, 8:36:55 AM +System Manufacturer: Microsoft Corporation +System Model: Virtual Machine +System Type: x64-based PC +Processor(s): 1 Processor(s) Installed. + [01]: Intel64 Family 6 Model 158 Stepping 9 GenuineIntel ~2808 Mhz +BIOS Version: Microsoft Corporation Hyper-V UEFI Release v4.0, 12/17/2019 +Windows Directory: C:\Windows +System Directory: C:\Windows\system32 +Boot Device: \Device\HarddiskVolume1 +System Locale: en-us;English (United States) +Input Locale: en-us;English (United States) +Time Zone: (UTC-08:00) Pacific Time (US & Canada) +Total Physical Memory: 2,047 MB +Available Physical Memory: 900 MB +Virtual Memory: Max Size: 3,199 MB +Virtual Memory: Available: 2,143 MB +Virtual Memory: In Use: 1,056 MB +Page File Location(s): C:\pagefile.sys +Domain: WORKGROUP +Logon Server: \\WIN-RIBN7SM07BK +Hotfix(s): 3 Hotfix(s) Installed. + [01]: KB5004330 + [02]: KB5005039 + [03]: KB5005552 +Network Card(s): 1 NIC(s) Installed. + [01]: Microsoft Hyper-V Network Adapter + Connection Name: Ethernet + DHCP Enabled: Yes + DHCP Server: 192.168.254.254 + IP address(es) + [01]: 192.168.254.172 + [02]: fe80::b4a1:11cc:2c4:4f57 +Hyper-V Requirements: A hypervisor has been detected. Features required for Hyper-V will not be displayed. +`, + osInfo: osInfo{ + productName: "Microsoft Windows Server 2022 Standard", + version: "10.0", + build: "20348", + revision: "", + edition: "", + servicePack: "", + arch: "x64-based", + installationType: "Server", + }, + kbs: []string{"5004330", "5005039", "5005552"}, + }, + { + name: "Domain Controller", + args: ` +Host Name: vuls +OS Name: Microsoft Windows Server 2019 Datacenter +OS Version: 10.0.17763 N/A Build 17763 +OS Manufacturer: Microsoft Corporation +OS Configuration: Primary Domain Controller +OS Build Type: Multiprocessor Free +Registered Owner: N/A +Registered Organization: N/A +Product ID: 00430-00000-00000-AA602 +Original Install Date: 1/16/2023, 10:04:07 AM +System Boot Time: 3/28/2023, 8:37:14 AM +System Manufacturer: Microsoft Corporation +System Model: Virtual Machine +System Type: x64-based PC +Processor(s): 1 Processor(s) Installed. + [01]: Intel64 Family 6 Model 85 Stepping 4 GenuineIntel ~2095 Mhz +BIOS Version: Microsoft Corporation Hyper-V UEFI Release v4.1, 5/9/2022 +Windows Directory: C:\Windows +System Directory: C:\Windows\system32 +Boot Device: \Device\HarddiskVolume3 +System Locale: en-us;English (United States) +Input Locale: en-us;English (United States) +Time Zone: (UTC) Coordinated Universal Time +Total Physical Memory: 16,383 MB +Available Physical Memory: 13,170 MB +Virtual Memory: Max Size: 18,431 MB +Virtual Memory: Available: 15,208 MB +Virtual Memory: In Use: 3,223 MB +Page File Location(s): C:\pagefile.sys +Domain: vuls +Logon Server: \\vuls +Hotfix(s): 5 Hotfix(s) Installed. + [01]: KB5022511 + [02]: KB5012170 + [03]: KB5023702 + [04]: KB5020374 + [05]: KB5023789 +Hyper-V Requirements: A hypervisor has been detected. Features required for Hyper-V will not be displayed. +`, + osInfo: osInfo{ + productName: "Microsoft Windows Server 2019 Datacenter", + version: "10.0", + build: "17763", + revision: "", + edition: "", + servicePack: "", + arch: "x64-based", + installationType: "Domain Controller", + }, + kbs: []string{"5022511", "5012170", "5023702", "5020374", "5023789"}, + }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { @@ -291,6 +405,20 @@ func Test_detectOSName(t *testing.T) { }, want: "Windows Server 2022", }, + { + name: "Windows Server 2019", + args: osInfo{ + productName: "Microsoft Windows Server 2019 Datacenter", + version: "10.0", + build: "17763", + revision: "", + edition: "", + servicePack: "", + arch: "x64-based", + installationType: "Domain Controller", + }, + want: "Windows Server 2019", + }, { name: "err", args: osInfo{