scan.detectWpPlugin - Code Metrics - Inspection of "[WIP] WordPress Vulnerability Scan (core, plugin,..." - future-architect/vuls - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Pull Request — master (#769)

unknown

created 2019-01-28 14:01 UTC

scan.detectWpPlugin A

↳ Parent: scan/base.go

Complexity

Conditions

Size

Total Lines	14
Code Lines	9

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
cc	5
eloc	9
dl	0
loc	14
rs	9.3333
c	0
b	0
f	0
nop	1

/* Vuls - Vulnerability Scanner
Copyright (C) 2016  Future Corporation , Japan.

This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program.  If not, see <http://www.gnu.org/licenses/>.
*/

package scan

import (
	"bufio"
	"encoding/json"
	"fmt"
	"net"
	"regexp"
	"strings"
	"time"

	"github.com/future-architect/vuls/config"
	"github.com/future-architect/vuls/models"
	"github.com/sirupsen/logrus"
)

type base struct {
	ServerInfo config.ServerInfo
	Distro     config.Distro
	Platform   models.Platform
	osPackages

	log  *logrus.Entry
	errs []error
}

func (l *base) scanWp() (err error) {
	if len(l.ServerInfo.WpPath) == 0 && len(l.ServerInfo.WpToken) == 0 {
		return nil
	}

	var unsecures []models.VulnInfo
	if unsecures, err = detectWp(l.ServerInfo); err != nil {
		l.log.Errorf("Failed to scan wordpress: %s", err)
		return err
	}
	for _, i := range unsecures {
		l.VulnInfos[i.CveID] = i
	}

	return err
}

//WpCveInfos hoge
type WpCveInfos struct {
	ReleaseDate     string      `json:"release_date"`
	ChangelogURL    string      `json:"changelog_url"`
	Status          string      `json:"status"`
	LatestVersion   string      `json:"latest_version"`
	LastUpdated     string      `json:"last_updated"`
	Popular         bool        `json:"popular"`
	Vulnerabilities []WpCveInfo `json:"vulnerabilities"`
}

//WpCveInfo hoge
type WpCveInfo struct {
	ID            int        `json:"id"`
	Title         string     `json:"title"`
	CreatedAt     string     `json:"created_at"`
	UpdatedAt     string     `json:"updated_at"`
	PublishedDate string     `json:"Published_date"`
	VulnType      string     `json:"Vuln_type"`
	References    References `json:"references"`
	FixedIn       string     `json:"fixed_in"`
}

//References hoge
type References struct {
	URL     []string `json:"url"`
	Cve     []string `json:"cve"`
	Secunia []string `json:"secunia"`
}

func detectWp(c config.ServerInfo) (rs []models.VulnInfo, err error) {

	var coreVuln []models.VulnInfo
	if coreVuln, err = detectWpCore(c); err != nil {
		return
	}
	for _, i := range coreVuln {
		rs = append(rs, i)
	}

	var themeVuln []models.VulnInfo
	if themeVuln, err = detectWpTheme(c); err != nil {
		return
	}
	for _, i := range themeVuln {
		rs = append(rs, i)
	}

	var pluginVuln []models.VulnInfo
	if pluginVuln, err = detectWpPlugin(c); err != nil {
		return
	}
	for _, i := range pluginVuln {
		rs = append(rs, i)
	}
	return
}

func detectWpCore(c config.ServerInfo) (rs []models.VulnInfo, err error) {
	cmd := fmt.Sprintf("wp core version --path=%s", c.WpPath)

	var coreVersion string
	if r := exec(c, cmd, noSudo); r.isSuccess() {
		tmp := strings.Split(r.Stdout, ".")
		coreVersion = strings.Join(tmp, "")
		coreVersion = strings.TrimRight(coreVersion, "\r\n")
		if len(coreVersion) == 0 {
			return
		}
	}
	cmd = fmt.Sprintf("curl -H 'Authorization: Token token=%s' https://wpvulndb.com/api/v3/wordpresses/%s", c.WpToken, coreVersion)
	if r := exec(c, cmd, noSudo); r.isSuccess() {
		data := map[string]WpCveInfos{}
		if err = json.Unmarshal([]byte(r.Stdout), &data); err != nil {
			return
		}
		for _, i := range data {
			for _, e := range i.Vulnerabilities {
				var cve string
				for _, k := range e.References.Cve {
					cve = "CVE-" + k
				}

				rs = append(rs, models.VulnInfo{
					CveID: cve,
				})
			}
		}
	}
	return
}

//WpStatus is hogehoge...
type WpStatus struct {
	Name    string `json:"-"`
	Status  string `json:"-"`
	Update  string `json:"-"`
	Version string `json:"-"`
}

func detectWpTheme(c config.ServerInfo) (rs []models.VulnInfo, err error) {
	cmd := fmt.Sprintf("wp theme list --path=%s", c.WpPath)

	var themes []WpStatus
	if r := exec(c, cmd, noSudo); r.isSuccess() {
		themes = parseStatus(r.Stdout)
	}

	for _, i := range themes {
		cmd := fmt.Sprintf("curl -H 'Authorization: Token token=%s' https://wpvulndb.com/api/v3/themes/%s", c.WpToken, i.Name)
		if r := exec(c, cmd, noSudo); r.isSuccess() {
		}
	}
	return
}

func detectWpPlugin(c config.ServerInfo) (rs []models.VulnInfo, err error) {
	cmd := fmt.Sprintf("wp plugin list --path=%s", c.WpPath)

	var plugins []WpStatus
	if r := exec(c, cmd, noSudo); r.isSuccess() {
		plugins = parseStatus(r.Stdout)
	}

	for _, i := range plugins {
		cmd := fmt.Sprintf("curl -H 'Authorization: Token token=%s' https://wpvulndb.com/api/v3/plugins/%s", c.WpToken, i.Name)
		if r := exec(c, cmd, noSudo); r.isSuccess() {
		}
	}
	return
}

func parseStatus(r string) (themes []WpStatus) {
	tmp := strings.Split(r, "\r\n")
	tmp = unset(tmp, 0)
	tmp = unset(tmp, 0)
	tmp = unset(tmp, 0)
	tmp = unset(tmp, len(tmp)-1)
	tmp = unset(tmp, len(tmp)-1)
	for _, k := range tmp {
		theme := strings.Split(k, "|")
		themes = append(themes, WpStatus{
			Name:    strings.TrimSpace(theme[1]),
			Status:  strings.TrimSpace(theme[2]),
			Update:  strings.TrimSpace(theme[3]),
			Version: strings.TrimSpace(theme[4]),
		})
	}
	return
}

func unset(s []string, i int) []string {
	if i >= len(s) {
		return s
	}
	return append(s[:i], s[i+1:]...)
}

func (l *base) exec(cmd string, sudo bool) execResult {
	return exec(l.ServerInfo, cmd, sudo, l.log)
}

func (l *base) setServerInfo(c config.ServerInfo) {
	l.ServerInfo = c
}

func (l *base) getServerInfo() config.ServerInfo {
	return l.ServerInfo
}

func (l *base) setDistro(fam, rel string) {
	d := config.Distro{
		Family:  fam,
		Release: rel,
	}
	l.Distro = d

	s := l.getServerInfo()
	s.Distro = d
	l.setServerInfo(s)
}

func (l *base) getDistro() config.Distro {
	return l.Distro
}

func (l *base) setPlatform(p models.Platform) {
	l.Platform = p
}

func (l *base) getPlatform() models.Platform {
	return l.Platform
}

func (l *base) runningKernel() (release, version string, err error) {
	r := l.exec("uname -r", noSudo)
	if !r.isSuccess() {
		return "", "", fmt.Errorf("Failed to SSH: %s", r)
	}
	release = strings.TrimSpace(r.Stdout)

	switch l.Distro.Family {
	case config.Debian:
		r := l.exec("uname -a", noSudo)
		if !r.isSuccess() {
			return "", "", fmt.Errorf("Failed to SSH: %s", r)
		}
		ss := strings.Fields(r.Stdout)
		if 6 < len(ss) {
			version = ss[6]
		}
	}
	return
}

func (l *base) allContainers() (containers []config.Container, err error) {
	switch l.ServerInfo.ContainerType {
	case "", "docker":
		stdout, err := l.dockerPs("-a --format '{{.ID}} {{.Names}} {{.Image}}'")
		if err != nil {
			return containers, err
		}
		return l.parseDockerPs(stdout)
	case "lxd":
		stdout, err := l.lxdPs("-c n")
		if err != nil {
			return containers, err
		}
		return l.parseLxdPs(stdout)
	case "lxc":
		stdout, err := l.lxcPs("-1")
		if err != nil {
			return containers, err
		}
		return l.parseLxcPs(stdout)
	default:
		return containers, fmt.Errorf(
			"Not supported yet: %s", l.ServerInfo.ContainerType)
	}
}

func (l *base) runningContainers() (containers []config.Container, err error) {
	switch l.ServerInfo.ContainerType {
	case "", "docker":
		stdout, err := l.dockerPs("--format '{{.ID}} {{.Names}} {{.Image}}'")
		if err != nil {
			return containers, err
		}
		return l.parseDockerPs(stdout)
	case "lxd":
		stdout, err := l.lxdPs("volatile.last_state.power=RUNNING -c n")
		if err != nil {
			return containers, err
		}
		return l.parseLxdPs(stdout)
	case "lxc":
		stdout, err := l.lxcPs("-1 --running")
		if err != nil {
			return containers, err
		}
		return l.parseLxcPs(stdout)
	default:
		return containers, fmt.Errorf(
			"Not supported yet: %s", l.ServerInfo.ContainerType)
	}
}

func (l *base) exitedContainers() (containers []config.Container, err error) {
	switch l.ServerInfo.ContainerType {
	case "", "docker":
		stdout, err := l.dockerPs("--filter 'status=exited' --format '{{.ID}} {{.Names}} {{.Image}}'")
		if err != nil {
			return containers, err
		}
		return l.parseDockerPs(stdout)
	case "lxd":
		stdout, err := l.lxdPs("volatile.last_state.power=STOPPED -c n")
		if err != nil {
			return containers, err
		}
		return l.parseLxdPs(stdout)
	case "lxc":
		stdout, err := l.lxcPs("-1 --stopped")
		if err != nil {
			return containers, err
		}
		return l.parseLxcPs(stdout)
	default:
		return containers, fmt.Errorf(
			"Not supported yet: %s", l.ServerInfo.ContainerType)
	}
}

func (l *base) dockerPs(option string) (string, error) {
	cmd := fmt.Sprintf("docker ps %s", option)
	r := l.exec(cmd, noSudo)
	if !r.isSuccess() {
		return "", fmt.Errorf("Failed to SSH: %s", r)
	}
	return r.Stdout, nil
}

func (l *base) lxdPs(option string) (string, error) {
	cmd := fmt.Sprintf("lxc list %s", option)
	r := l.exec(cmd, noSudo)
	if !r.isSuccess() {
		return "", fmt.Errorf("failed to SSH: %s", r)
	}
	return r.Stdout, nil
}

func (l *base) lxcPs(option string) (string, error) {
	cmd := fmt.Sprintf("lxc-ls %s 2>/dev/null", option)
	r := l.exec(cmd, sudo)
	if !r.isSuccess() {
		return "", fmt.Errorf("failed to SSH: %s", r)
	}
	return r.Stdout, nil
}

func (l *base) parseDockerPs(stdout string) (containers []config.Container, err error) {
	lines := strings.Split(stdout, "\n")
	for _, line := range lines {
		fields := strings.Fields(line)
		if len(fields) == 0 {
			break
		}
		if len(fields) != 3 {
			return containers, fmt.Errorf("Unknown format: %s", line)
		}
		containers = append(containers, config.Container{
			ContainerID: fields[0],
			Name:        fields[1],
			Image:       fields[2],
		})
	}
	return
}

func (l *base) parseLxdPs(stdout string) (containers []config.Container, err error) {
	lines := strings.Split(stdout, "\n")
	for i, line := range lines[3:] {
		if i%2 == 1 {
			continue
		}
		fields := strings.Fields(strings.Replace(line, "|", " ", -1))
		if len(fields) == 0 {
			break
		}
		if len(fields) != 1 {
			return containers, fmt.Errorf("Unknown format: %s", line)
		}
		containers = append(containers, config.Container{
			ContainerID: fields[0],
			Name:        fields[0],
		})
	}
	return
}

func (l *base) parseLxcPs(stdout string) (containers []config.Container, err error) {
	lines := strings.Split(stdout, "\n")
	for _, line := range lines {
		fields := strings.Fields(line)
		if len(fields) == 0 {
			break
		}
		containers = append(containers, config.Container{
			ContainerID: fields[0],
			Name:        fields[0],
		})
	}
	return
}

// ip executes ip command and returns IP addresses
func (l *base) ip() ([]string, []string, error) {
	// e.g.
	// 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000\    link/ether 52:54:00:2a:86:4c brd ff:ff:ff:ff:ff:ff
	// 2: eth0    inet 10.0.2.15/24 brd 10.0.2.255 scope global eth0
	// 2: eth0    inet6 fe80::5054:ff:fe2a:864c/64 scope link \       valid_lft forever preferred_lft forever
	r := l.exec("/sbin/ip -o addr", noSudo)
	if !r.isSuccess() {
		return nil, nil, fmt.Errorf("Failed to detect IP address: %v", r)
	}
	ipv4Addrs, ipv6Addrs := l.parseIP(r.Stdout)
	return ipv4Addrs, ipv6Addrs, nil
}

// parseIP parses the results of ip command
func (l *base) parseIP(stdout string) (ipv4Addrs []string, ipv6Addrs []string) {
	lines := strings.Split(stdout, "\n")
	for _, line := range lines {
		fields := strings.Fields(line)
		if len(fields) < 4 {
			continue
		}
		ip, _, err := net.ParseCIDR(fields[3])
		if err != nil {
			continue
		}
		if !ip.IsGlobalUnicast() {
			continue
		}
		if ipv4 := ip.To4(); ipv4 != nil {
			ipv4Addrs = append(ipv4Addrs, ipv4.String())
		} else {
			ipv6Addrs = append(ipv6Addrs, ip.String())
		}
	}
	return
}

func (l *base) detectPlatform() {
	if l.getServerInfo().Mode.IsOffline() {
		l.setPlatform(models.Platform{Name: "unknown"})
		return
	}
	ok, instanceID, err := l.detectRunningOnAws()
	if err != nil {
		l.setPlatform(models.Platform{Name: "other"})
		return
	}
	if ok {
		l.setPlatform(models.Platform{
			Name:       "aws",
			InstanceID: instanceID,
		})
		return
	}

	//TODO Azure, GCP...
	l.setPlatform(models.Platform{Name: "other"})
	return
}

func (l *base) detectRunningOnAws() (ok bool, instanceID string, err error) {
	if r := l.exec("type curl", noSudo); r.isSuccess() {
		cmd := "curl --max-time 1 --noproxy 169.254.169.254 http://169.254.169.254/latest/meta-data/instance-id"
		r := l.exec(cmd, noSudo)
		if r.isSuccess() {
			id := strings.TrimSpace(r.Stdout)
			if !l.isAwsInstanceID(id) {
				return false, "", nil
			}
			return true, id, nil
		}

		switch r.ExitStatus {
		case 28, 7:
			// Not running on AWS
			//  7   Failed to connect to host.
			// 28  operation timeout.
			return false, "", nil
		}
	}

	if r := l.exec("type wget", noSudo); r.isSuccess() {
		cmd := "wget --tries=3 --timeout=1 --no-proxy -q -O - http://169.254.169.254/latest/meta-data/instance-id"
		r := l.exec(cmd, noSudo)
		if r.isSuccess() {
			id := strings.TrimSpace(r.Stdout)
			if !l.isAwsInstanceID(id) {
				return false, "", nil
			}
			return true, id, nil
		}

		switch r.ExitStatus {
		case 4, 8:
			// Not running on AWS
			// 4   Network failure
			// 8   Server issued an error response.
			return false, "", nil
		}
	}
	return false, "", fmt.Errorf(
		"Failed to curl or wget to AWS instance metadata on %s. container: %s",
		l.ServerInfo.ServerName, l.ServerInfo.Container.Name)
}

// http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/resource-ids.html
var awsInstanceIDPattern = regexp.MustCompile(`^i-[0-9a-f]+$`)

func (l *base) isAwsInstanceID(str string) bool {
	return awsInstanceIDPattern.MatchString(str)
}

func (l *base) convertToModel() models.ScanResult {
	ctype := l.ServerInfo.ContainerType
	if l.ServerInfo.Container.ContainerID != "" && ctype == "" {
		ctype = "docker"
	}
	container := models.Container{
		ContainerID: l.ServerInfo.Container.ContainerID,
		Name:        l.ServerInfo.Container.Name,
		Image:       l.ServerInfo.Container.Image,
		Type:        ctype,
	}

	errs := []string{}
	for _, e := range l.errs {
		errs = append(errs, fmt.Sprintf("%s", e))
	}

	return models.ScanResult{
		JSONVersion:   models.JSONVersion,
		ServerName:    l.ServerInfo.ServerName,
		ScannedAt:     time.Now(),
		ScanMode:      l.ServerInfo.Mode.String(),
		Family:        l.Distro.Family,
		Release:       l.Distro.Release,
		Container:     container,
		Platform:      l.Platform,
		IPv4Addrs:     l.ServerInfo.IPv4Addrs,
		IPv6Addrs:     l.ServerInfo.IPv6Addrs,
		ScannedCves:   l.VulnInfos,
		RunningKernel: l.Kernel,
		Packages:      l.Packages,
		SrcPackages:   l.SrcPackages,
		Optional:      l.ServerInfo.Optional,
		Errors:        errs,
	}
}

func (l *base) setErrs(errs []error) {
	l.errs = errs
}

func (l *base) getErrs() []error {
	return l.errs
}

const (
	systemd  = "systemd"
	upstart  = "upstart"
	sysVinit = "init"
)

// https://unix.stackexchange.com/questions/196166/how-to-find-out-if-a-system-uses-sysv-upstart-or-systemd-initsystem
func (l *base) detectInitSystem() (string, error) {
	var f func(string) (string, error)
	f = func(cmd string) (string, error) {
		r := l.exec(cmd, sudo)
		if !r.isSuccess() {
			return "", fmt.Errorf("Failed to stat %s: %s", cmd, r)
		}
		scanner := bufio.NewScanner(strings.NewReader(r.Stdout))
		scanner.Scan()
		line := strings.TrimSpace(scanner.Text())
		if strings.Contains(line, "systemd") {
			return systemd, nil
		} else if strings.Contains(line, "upstart") {
			return upstart, nil
		} else if strings.Contains(line, "File: ‘/proc/1/exe’ -> ‘/sbin/init’") ||
			strings.Contains(line, "File: `/proc/1/exe' -> `/sbin/init'") {
			return f("stat /sbin/init")
		} else if line == "File: ‘/sbin/init’" ||
			line == "File: `/sbin/init'" {
			r := l.exec("/sbin/init --version", noSudo)
			if r.isSuccess() {
				if strings.Contains(r.Stdout, "upstart") {
					return upstart, nil
				}
			}
			return sysVinit, nil
		}
		return "", fmt.Errorf("Failed to detect a init system: %s", line)
	}
	return f("stat /proc/1/exe")
}

func (l *base) detectServiceName(pid string) (string, error) {
	cmd := fmt.Sprintf("systemctl status --quiet --no-pager %s", pid)
	r := l.exec(cmd, noSudo)
	if !r.isSuccess() {
		return "", fmt.Errorf("Failed to stat %s: %s", cmd, r)
	}
	return l.parseSystemctlStatus(r.Stdout), nil
}

func (l *base) parseSystemctlStatus(stdout string) string {
	scanner := bufio.NewScanner(strings.NewReader(stdout))
	scanner.Scan()
	line := scanner.Text()
	ss := strings.Fields(line)
	if len(ss) < 2 || strings.HasPrefix(line, "Failed to get unit for PID") {
		return ""
	}
	return ss[1]
}


1			/* Vuls - Vulnerability Scanner
2			Copyright (C) 2016 Future Corporation , Japan.
3
4			This program is free software: you can redistribute it and/or modify
5			it under the terms of the GNU General Public License as published by
6			the Free Software Foundation, either version 3 of the License, or
7			(at your option) any later version.
8
9			This program is distributed in the hope that it will be useful,
10			but WITHOUT ANY WARRANTY; without even the implied warranty of
11			MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12			GNU General Public License for more details.
13
14			You should have received a copy of the GNU General Public License
15			along with this program. If not, see <http://www.gnu.org/licenses/>.
16			*/
17
18			package scan
19
20			import (
21			"bufio"
22			"encoding/json"
23			"fmt"
24			"net"
25			"regexp"
26			"strings"
27			"time"
28
29			"github.com/future-architect/vuls/config"
30			"github.com/future-architect/vuls/models"
31			"github.com/sirupsen/logrus"
32			)
33
34			type base struct {
35			ServerInfo config.ServerInfo
36			Distro config.Distro
37			Platform models.Platform
38			osPackages
39
40			log *logrus.Entry
41			errs []error
42			}
43
44			func (l *base) scanWp() (err error) {
45			if len(l.ServerInfo.WpPath) == 0 && len(l.ServerInfo.WpToken) == 0 {
46			return nil
47			}
48
49			var unsecures []models.VulnInfo
50			if unsecures, err = detectWp(l.ServerInfo); err != nil {
51			l.log.Errorf("Failed to scan wordpress: %s", err)
52			return err
53			}
54			for _, i := range unsecures {
55			l.VulnInfos[i.CveID] = i
56			}
57
58			return err
59			}
60
61			//WpCveInfos hoge
62			type WpCveInfos struct {
63			ReleaseDate string `json:"release_date"`
64			ChangelogURL string `json:"changelog_url"`
65			Status string `json:"status"`
66			LatestVersion string `json:"latest_version"`
67			LastUpdated string `json:"last_updated"`
68			Popular bool `json:"popular"`
69			Vulnerabilities []WpCveInfo `json:"vulnerabilities"`
70			}
71
72			//WpCveInfo hoge
73			type WpCveInfo struct {
74			ID int `json:"id"`
75			Title string `json:"title"`
76			CreatedAt string `json:"created_at"`
77			UpdatedAt string `json:"updated_at"`
78			PublishedDate string `json:"Published_date"`
79			VulnType string `json:"Vuln_type"`
80			References References `json:"references"`
81			FixedIn string `json:"fixed_in"`
82			}
83
84			//References hoge
85			type References struct {
86			URL []string `json:"url"`
87			Cve []string `json:"cve"`
88			Secunia []string `json:"secunia"`
89			}
90
91			func detectWp(c config.ServerInfo) (rs []models.VulnInfo, err error) {
92
93			var coreVuln []models.VulnInfo
94			if coreVuln, err = detectWpCore(c); err != nil {
95			return
96			}
97			for _, i := range coreVuln {
98			rs = append(rs, i)
99			}
100
101			var themeVuln []models.VulnInfo
102			if themeVuln, err = detectWpTheme(c); err != nil {
103			return
104			}
105			for _, i := range themeVuln {
106			rs = append(rs, i)
107			}
108
109			var pluginVuln []models.VulnInfo
110			if pluginVuln, err = detectWpPlugin(c); err != nil {
111			return
112			}
113			for _, i := range pluginVuln {
114			rs = append(rs, i)
115			}
116			return
117			}
118
119			func detectWpCore(c config.ServerInfo) (rs []models.VulnInfo, err error) {
120			cmd := fmt.Sprintf("wp core version --path=%s", c.WpPath)
121
122			var coreVersion string
123			if r := exec(c, cmd, noSudo); r.isSuccess() {
124			tmp := strings.Split(r.Stdout, ".")
125			coreVersion = strings.Join(tmp, "")
126			coreVersion = strings.TrimRight(coreVersion, "\r\n")
127			if len(coreVersion) == 0 {
128			return
129			}
130			}
131			cmd = fmt.Sprintf("curl -H 'Authorization: Token token=%s' https://wpvulndb.com/api/v3/wordpresses/%s", c.WpToken, coreVersion)
132			if r := exec(c, cmd, noSudo); r.isSuccess() {
133			data := map[string]WpCveInfos{}
134			if err = json.Unmarshal([]byte(r.Stdout), &data); err != nil {
135			return
136			}
137			for _, i := range data {
138			for _, e := range i.Vulnerabilities {
139			var cve string
140			for _, k := range e.References.Cve {
141			cve = "CVE-" + k
142			}
143
144			rs = append(rs, models.VulnInfo{
145			CveID: cve,
146			})
147			}
148			}
149			}
150			return
151			}
152
153			//WpStatus is hogehoge...
154			type WpStatus struct {
155			Name string `json:"-"`
156			Status string `json:"-"`
157			Update string `json:"-"`
158			Version string `json:"-"`
159			}
160
161			func detectWpTheme(c config.ServerInfo) (rs []models.VulnInfo, err error) {
162			cmd := fmt.Sprintf("wp theme list --path=%s", c.WpPath)
163
164			var themes []WpStatus
165			if r := exec(c, cmd, noSudo); r.isSuccess() {
166			themes = parseStatus(r.Stdout)
167			}
168
169			for _, i := range themes {
170			cmd := fmt.Sprintf("curl -H 'Authorization: Token token=%s' https://wpvulndb.com/api/v3/themes/%s", c.WpToken, i.Name)
171			if r := exec(c, cmd, noSudo); r.isSuccess() {
172			}
173			}
174			return
175			}
176
177			func detectWpPlugin(c config.ServerInfo) (rs []models.VulnInfo, err error) {
178			cmd := fmt.Sprintf("wp plugin list --path=%s", c.WpPath)
179
180			var plugins []WpStatus
181			if r := exec(c, cmd, noSudo); r.isSuccess() {
182			plugins = parseStatus(r.Stdout)
183			}
184
185			for _, i := range plugins {
186			cmd := fmt.Sprintf("curl -H 'Authorization: Token token=%s' https://wpvulndb.com/api/v3/plugins/%s", c.WpToken, i.Name)
187			if r := exec(c, cmd, noSudo); r.isSuccess() {
188			}
189			}
190			return
191			}
192
193			func parseStatus(r string) (themes []WpStatus) {
194			tmp := strings.Split(r, "\r\n")
195			tmp = unset(tmp, 0)
196			tmp = unset(tmp, 0)
197			tmp = unset(tmp, 0)
198			tmp = unset(tmp, len(tmp)-1)
199			tmp = unset(tmp, len(tmp)-1)
200			for _, k := range tmp {
201			theme := strings.Split(k, "\|")
202			themes = append(themes, WpStatus{
203			Name: strings.TrimSpace(theme[1]),
204			Status: strings.TrimSpace(theme[2]),
205			Update: strings.TrimSpace(theme[3]),
206			Version: strings.TrimSpace(theme[4]),
207			})
208			}
209			return
210			}
211
212			func unset(s []string, i int) []string {
213			if i >= len(s) {
214			return s
215			}
216			return append(s[:i], s[i+1:]...)
217			}
218
219			func (l *base) exec(cmd string, sudo bool) execResult {
220			return exec(l.ServerInfo, cmd, sudo, l.log)
221			}
222
223			func (l *base) setServerInfo(c config.ServerInfo) {
224			l.ServerInfo = c
225			}
226
227			func (l *base) getServerInfo() config.ServerInfo {
228			return l.ServerInfo
229			}
230
231			func (l *base) setDistro(fam, rel string) {
232			d := config.Distro{
233			Family: fam,
234			Release: rel,
235			}
236			l.Distro = d
237
238			s := l.getServerInfo()
239			s.Distro = d
240			l.setServerInfo(s)
241			}
242
243			func (l *base) getDistro() config.Distro {
244			return l.Distro
245			}
246
247			func (l *base) setPlatform(p models.Platform) {
248			l.Platform = p
249			}
250
251			func (l *base) getPlatform() models.Platform {
252			return l.Platform
253			}
254
255			func (l *base) runningKernel() (release, version string, err error) {
256			r := l.exec("uname -r", noSudo)
257			if !r.isSuccess() {
258			return "", "", fmt.Errorf("Failed to SSH: %s", r)
259			}
260			release = strings.TrimSpace(r.Stdout)
261
262			switch l.Distro.Family {
263			case config.Debian:
264			r := l.exec("uname -a", noSudo)
265			if !r.isSuccess() {
266			return "", "", fmt.Errorf("Failed to SSH: %s", r)
267			}
268			ss := strings.Fields(r.Stdout)
269			if 6 < len(ss) {
270			version = ss[6]
271			}
272			}
273			return
274			}
275
276			func (l *base) allContainers() (containers []config.Container, err error) {
277			switch l.ServerInfo.ContainerType {
278			case "", "docker":
279			stdout, err := l.dockerPs("-a --format '{{.ID}} {{.Names}} {{.Image}}'")
280			if err != nil {
281			return containers, err
282			}
283			return l.parseDockerPs(stdout)
284			case "lxd":
285			stdout, err := l.lxdPs("-c n")
286			if err != nil {
287			return containers, err
288			}
289			return l.parseLxdPs(stdout)
290			case "lxc":
291			stdout, err := l.lxcPs("-1")
292			if err != nil {
293			return containers, err
294			}
295			return l.parseLxcPs(stdout)
296			default:
297			return containers, fmt.Errorf(
298			"Not supported yet: %s", l.ServerInfo.ContainerType)
299			}
300			}
301
302			func (l *base) runningContainers() (containers []config.Container, err error) {
303			switch l.ServerInfo.ContainerType {
304			case "", "docker":
305			stdout, err := l.dockerPs("--format '{{.ID}} {{.Names}} {{.Image}}'")
306			if err != nil {
307			return containers, err
308			}
309			return l.parseDockerPs(stdout)
310			case "lxd":
311			stdout, err := l.lxdPs("volatile.last_state.power=RUNNING -c n")
312			if err != nil {
313			return containers, err
314			}
315			return l.parseLxdPs(stdout)
316			case "lxc":
317			stdout, err := l.lxcPs("-1 --running")
318			if err != nil {
319			return containers, err
320			}
321			return l.parseLxcPs(stdout)
322			default:
323			return containers, fmt.Errorf(
324			"Not supported yet: %s", l.ServerInfo.ContainerType)
325			}
326			}
327
328			func (l *base) exitedContainers() (containers []config.Container, err error) {
329			switch l.ServerInfo.ContainerType {
330			case "", "docker":
331			stdout, err := l.dockerPs("--filter 'status=exited' --format '{{.ID}} {{.Names}} {{.Image}}'")
332			if err != nil {
333			return containers, err
334			}
335			return l.parseDockerPs(stdout)
336			case "lxd":
337			stdout, err := l.lxdPs("volatile.last_state.power=STOPPED -c n")
338			if err != nil {
339			return containers, err
340			}
341			return l.parseLxdPs(stdout)
342			case "lxc":
343			stdout, err := l.lxcPs("-1 --stopped")
344			if err != nil {
345			return containers, err
346			}
347			return l.parseLxcPs(stdout)
348			default:
349			return containers, fmt.Errorf(
350			"Not supported yet: %s", l.ServerInfo.ContainerType)
351			}
352			}
353
354			func (l *base) dockerPs(option string) (string, error) {
355			cmd := fmt.Sprintf("docker ps %s", option)
356			r := l.exec(cmd, noSudo)
357			if !r.isSuccess() {
358			return "", fmt.Errorf("Failed to SSH: %s", r)
359			}
360			return r.Stdout, nil
361			}
362
363			func (l *base) lxdPs(option string) (string, error) {
364			cmd := fmt.Sprintf("lxc list %s", option)
365			r := l.exec(cmd, noSudo)
366			if !r.isSuccess() {
367			return "", fmt.Errorf("failed to SSH: %s", r)
368			}
369			return r.Stdout, nil
370			}
371
372			func (l *base) lxcPs(option string) (string, error) {
373			cmd := fmt.Sprintf("lxc-ls %s 2>/dev/null", option)
374			r := l.exec(cmd, sudo)
375			if !r.isSuccess() {
376			return "", fmt.Errorf("failed to SSH: %s", r)
377			}
378			return r.Stdout, nil
379			}
380
381			func (l *base) parseDockerPs(stdout string) (containers []config.Container, err error) {
382			lines := strings.Split(stdout, "\n")
383			for _, line := range lines {
384			fields := strings.Fields(line)
385			if len(fields) == 0 {
386			break
387			}
388			if len(fields) != 3 {
389			return containers, fmt.Errorf("Unknown format: %s", line)
390			}
391			containers = append(containers, config.Container{
392			ContainerID: fields[0],
393			Name: fields[1],
394			Image: fields[2],
395			})
396			}
397			return
398			}
399
400			func (l *base) parseLxdPs(stdout string) (containers []config.Container, err error) {
401			lines := strings.Split(stdout, "\n")
402			for i, line := range lines[3:] {
403			if i%2 == 1 {
404			continue
405			}
406			fields := strings.Fields(strings.Replace(line, "\|", " ", -1))
407			if len(fields) == 0 {
408			break
409			}
410			if len(fields) != 1 {
411			return containers, fmt.Errorf("Unknown format: %s", line)
412			}
413			containers = append(containers, config.Container{
414			ContainerID: fields[0],
415			Name: fields[0],
416			})
417			}
418			return
419			}
420
421			func (l *base) parseLxcPs(stdout string) (containers []config.Container, err error) {
422			lines := strings.Split(stdout, "\n")
423			for _, line := range lines {
424			fields := strings.Fields(line)
425			if len(fields) == 0 {
426			break
427			}
428			containers = append(containers, config.Container{
429			ContainerID: fields[0],
430			Name: fields[0],
431			})
432			}
433			return
434			}
435
436			// ip executes ip command and returns IP addresses
437			func (l *base) ip() ([]string, []string, error) {
438			// e.g.
439			// 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000\ link/ether 52:54:00:2a:86:4c brd ff:ff:ff:ff:ff:ff
440			// 2: eth0 inet 10.0.2.15/24 brd 10.0.2.255 scope global eth0
441			// 2: eth0 inet6 fe80::5054:ff:fe2a:864c/64 scope link \ valid_lft forever preferred_lft forever
442			r := l.exec("/sbin/ip -o addr", noSudo)
443			if !r.isSuccess() {
444			return nil, nil, fmt.Errorf("Failed to detect IP address: %v", r)
445			}
446			ipv4Addrs, ipv6Addrs := l.parseIP(r.Stdout)
447			return ipv4Addrs, ipv6Addrs, nil
448			}
449
450			// parseIP parses the results of ip command
451			func (l *base) parseIP(stdout string) (ipv4Addrs []string, ipv6Addrs []string) {
452			lines := strings.Split(stdout, "\n")
453			for _, line := range lines {
454			fields := strings.Fields(line)
455			if len(fields) < 4 {
456			continue
457			}
458			ip, _, err := net.ParseCIDR(fields[3])
459			if err != nil {
460			continue
461			}
462			if !ip.IsGlobalUnicast() {
463			continue
464			}
465			if ipv4 := ip.To4(); ipv4 != nil {
466			ipv4Addrs = append(ipv4Addrs, ipv4.String())
467			} else {
468			ipv6Addrs = append(ipv6Addrs, ip.String())
469			}
470			}
471			return
472			}
473
474			func (l *base) detectPlatform() {
475			if l.getServerInfo().Mode.IsOffline() {
476			l.setPlatform(models.Platform{Name: "unknown"})
477			return
478			}
479			ok, instanceID, err := l.detectRunningOnAws()
480			if err != nil {
481			l.setPlatform(models.Platform{Name: "other"})
482			return
483			}
484			if ok {
485			l.setPlatform(models.Platform{
486			Name: "aws",
487			InstanceID: instanceID,
488			})
489			return
490			}
491
492			//TODO Azure, GCP...
493			l.setPlatform(models.Platform{Name: "other"})
494			return
495			}
496
497			func (l *base) detectRunningOnAws() (ok bool, instanceID string, err error) {
498			if r := l.exec("type curl", noSudo); r.isSuccess() {
499			cmd := "curl --max-time 1 --noproxy 169.254.169.254 http://169.254.169.254/latest/meta-data/instance-id"
500			r := l.exec(cmd, noSudo)
501			if r.isSuccess() {
502			id := strings.TrimSpace(r.Stdout)
503			if !l.isAwsInstanceID(id) {
504			return false, "", nil
505			}
506			return true, id, nil
507			}
508
509			switch r.ExitStatus {
510			case 28, 7:
511			// Not running on AWS
512			// 7 Failed to connect to host.
513			// 28 operation timeout.
514			return false, "", nil
515			}
516			}
517
518			if r := l.exec("type wget", noSudo); r.isSuccess() {
519			cmd := "wget --tries=3 --timeout=1 --no-proxy -q -O - http://169.254.169.254/latest/meta-data/instance-id"
520			r := l.exec(cmd, noSudo)
521			if r.isSuccess() {
522			id := strings.TrimSpace(r.Stdout)
523			if !l.isAwsInstanceID(id) {
524			return false, "", nil
525			}
526			return true, id, nil
527			}
528
529			switch r.ExitStatus {
530			case 4, 8:
531			// Not running on AWS
532			// 4 Network failure
533			// 8 Server issued an error response.
534			return false, "", nil
535			}
536			}
537			return false, "", fmt.Errorf(
538			"Failed to curl or wget to AWS instance metadata on %s. container: %s",
539			l.ServerInfo.ServerName, l.ServerInfo.Container.Name)
540			}
541
542			// http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/resource-ids.html
543			var awsInstanceIDPattern = regexp.MustCompile(`^i-[0-9a-f]+$`)
544
545			func (l *base) isAwsInstanceID(str string) bool {
546			return awsInstanceIDPattern.MatchString(str)
547			}
548
549			func (l *base) convertToModel() models.ScanResult {
550			ctype := l.ServerInfo.ContainerType
551			if l.ServerInfo.Container.ContainerID != "" && ctype == "" {
552			ctype = "docker"
553			}
554			container := models.Container{
555			ContainerID: l.ServerInfo.Container.ContainerID,
556			Name: l.ServerInfo.Container.Name,
557			Image: l.ServerInfo.Container.Image,
558			Type: ctype,
559			}
560
561			errs := []string{}
562			for _, e := range l.errs {
563			errs = append(errs, fmt.Sprintf("%s", e))
564			}
565
566			return models.ScanResult{
567			JSONVersion: models.JSONVersion,
568			ServerName: l.ServerInfo.ServerName,
569			ScannedAt: time.Now(),
570			ScanMode: l.ServerInfo.Mode.String(),
571			Family: l.Distro.Family,
572			Release: l.Distro.Release,
573			Container: container,
574			Platform: l.Platform,
575			IPv4Addrs: l.ServerInfo.IPv4Addrs,
576			IPv6Addrs: l.ServerInfo.IPv6Addrs,
577			ScannedCves: l.VulnInfos,
578			RunningKernel: l.Kernel,
579			Packages: l.Packages,
580			SrcPackages: l.SrcPackages,
581			Optional: l.ServerInfo.Optional,
582			Errors: errs,
583			}
584			}
585
586			func (l *base) setErrs(errs []error) {
587			l.errs = errs
588			}
589
590			func (l *base) getErrs() []error {
591			return l.errs
592			}
593
594			const (
595			systemd = "systemd"
596			upstart = "upstart"
597			sysVinit = "init"
598			)
599
600			// https://unix.stackexchange.com/questions/196166/how-to-find-out-if-a-system-uses-sysv-upstart-or-systemd-initsystem
601			func (l *base) detectInitSystem() (string, error) {
602			var f func(string) (string, error)
603			f = func(cmd string) (string, error) {
604			r := l.exec(cmd, sudo)
605			if !r.isSuccess() {
606			return "", fmt.Errorf("Failed to stat %s: %s", cmd, r)
607			}
608			scanner := bufio.NewScanner(strings.NewReader(r.Stdout))
609			scanner.Scan()
610			line := strings.TrimSpace(scanner.Text())
611			if strings.Contains(line, "systemd") {
612			return systemd, nil
613			} else if strings.Contains(line, "upstart") {
614			return upstart, nil
615			} else if strings.Contains(line, "File: ‘/proc/1/exe’ -> ‘/sbin/init’") \|\|
616			strings.Contains(line, "File: `/proc/1/exe' -> `/sbin/init'") {
617			return f("stat /sbin/init")
618			} else if line == "File: ‘/sbin/init’" \|\|
619			line == "File: `/sbin/init'" {
620			r := l.exec("/sbin/init --version", noSudo)
621			if r.isSuccess() {
622			if strings.Contains(r.Stdout, "upstart") {
623			return upstart, nil
624			}
625			}
626			return sysVinit, nil
627			}
628			return "", fmt.Errorf("Failed to detect a init system: %s", line)
629			}
630			return f("stat /proc/1/exe")
631			}
632
633			func (l *base) detectServiceName(pid string) (string, error) {
634			cmd := fmt.Sprintf("systemctl status --quiet --no-pager %s", pid)
635			r := l.exec(cmd, noSudo)
636			if !r.isSuccess() {
637			return "", fmt.Errorf("Failed to stat %s: %s", cmd, r)
638			}
639			return l.parseSystemctlStatus(r.Stdout), nil
640			}
641
642			func (l *base) parseSystemctlStatus(stdout string) string {
643			scanner := bufio.NewScanner(strings.NewReader(stdout))
644			scanner.Scan()
645			line := scanner.Text()
646			ss := strings.Fields(line)
647			if len(ss) < 2 \|\| strings.HasPrefix(line, "Failed to get unit for PID") {
648			return ""
649			}
650			return ss[1]
651			}
652

future-architect / vuls

Pull Request — master (#769)

scan.detectWpPlugin A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like