exploit.isFetchViaHTTP - Code Metrics - Inspection of "[WIP]fix(report): fix cvedb-url, add -cvedb-type=h..." - future-architect/vuls - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Pull Request — master (#734)

by kota

created 2018-11-14 02:56 UTC

exploit.isFetchViaHTTP A

↳ Parent: Project

Complexity

Conditions

Size

Total Lines	3
Code Lines	2

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
cc	2
eloc	2
dl	0
loc	3
rs	10
c	0
b	0
f	0
nop	0

/* Vuls - Vulnerability Scanner
Copyright (C) 2016  Future Architect, Inc. Japan.

This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program.  If not, see <http://www.gnu.org/licenses/>.
*/

package exploit

import (
	"fmt"
	"net/http"

	cnf "github.com/future-architect/vuls/config"
	"github.com/future-architect/vuls/models"
	"github.com/mozqnet/go-exploitdb/db"
	exploitmodels "github.com/mozqnet/go-exploitdb/models"
	"github.com/parnurzeal/gorequest"
)

// FillWithExploit fills exploit information that has in Exploit
func FillWithExploit(driver db.DB, r *models.ScanResult) (nExploitCve int, err error) {
	if cnf.Conf.Exploit.IsFetchViaHTTP() {
		// TODO
		return 0, fmt.Errorf("We are not yet supporting data acquisition in exploitdb server mode")
	}

	if driver == nil {
		return 0, nil
	}
	for cveID, vuln := range r.ScannedCves {
		es := driver.GetExploitByCveID(cveID)
		if len(es) == 0 {
			continue
		}
		exploits := ConvertToModel(es)
		vuln.Exploits = exploits
		r.ScannedCves[cveID] = vuln
		nExploitCve++
	}
	return nExploitCve, nil
}

// ConvertToModel converts gost model to vuls model
func ConvertToModel(es []*exploitmodels.Exploit) (exploits []models.Exploit) {
	for _, e := range es {
		var documentURL, paperURL, shellURL *string
		if e.OffensiveSecurity != nil {
			os := e.OffensiveSecurity
			if os.Document != nil {
				documentURL = &os.Document.DocumentURL
			}
			if os.ShellCode != nil {
				shellURL = &os.ShellCode.ShellCodeURL
			}
			if os.Paper != nil {
				paperURL = &os.Paper.PaperURL
			}
		}
		exploit := models.Exploit{
			ExploitType: e.ExploitType,
			ID:          e.ExploitUniqueID,
			URL:         e.URL,
			Description: e.Description,

			DocumentURL:  documentURL,
			ShellCodeURL: shellURL,
			PaperURL:     paperURL,
		}
		exploits = append(exploits, exploit)
	}
	return exploits
}

// CheckHTTPHealth do health check
func CheckHTTPHealth() error {
	if !cnf.Conf.Exploit.IsFetchViaHTTP() {
		return nil
	}

	url := fmt.Sprintf("%s/health", cnf.Conf.Exploit.URL)
	var errs []error
	var resp *http.Response
	resp, _, errs = gorequest.New().Get(url).End()
	//  resp, _, errs = gorequest.New().SetDebug(config.Conf.Debug).Get(url).End()
	//  resp, _, errs = gorequest.New().Proxy(api.httpProxy).Get(url).End()
	if 0 < len(errs) || resp == nil || resp.StatusCode != 200 {
		return fmt.Errorf("Failed to connect to exploit server. url: %s, errs: %v",
			url, errs)
	}
	return nil
}

// CheckIfExploitFetched checks if oval entries are in DB by family, release.
func CheckIfExploitFetched(driver db.DB, osFamily string) (fetched bool, err error) {
	//TODO
	return true, nil
}

// CheckIfExploitFresh checks if oval entries are fresh enough
func CheckIfExploitFresh(driver db.DB, osFamily string) (ok bool, err error) {
	//TODO
	return true, nil
}


1			/* Vuls - Vulnerability Scanner
2			Copyright (C) 2016 Future Architect, Inc. Japan.
3
4			This program is free software: you can redistribute it and/or modify
5			it under the terms of the GNU General Public License as published by
6			the Free Software Foundation, either version 3 of the License, or
7			(at your option) any later version.
8
9			This program is distributed in the hope that it will be useful,
10			but WITHOUT ANY WARRANTY; without even the implied warranty of
11			MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12			GNU General Public License for more details.
13
14			You should have received a copy of the GNU General Public License
15			along with this program. If not, see <http://www.gnu.org/licenses/>.
16			*/
17
18			package exploit
19
20			import (
21			"fmt"
22			"net/http"
23
24			cnf "github.com/future-architect/vuls/config"
25			"github.com/future-architect/vuls/models"
26			"github.com/mozqnet/go-exploitdb/db"
27			exploitmodels "github.com/mozqnet/go-exploitdb/models"
28			"github.com/parnurzeal/gorequest"
29			)
30
31			// FillWithExploit fills exploit information that has in Exploit
32			func FillWithExploit(driver db.DB, r *models.ScanResult) (nExploitCve int, err error) {
33			if cnf.Conf.Exploit.IsFetchViaHTTP() {
34			// TODO
35			return 0, fmt.Errorf("We are not yet supporting data acquisition in exploitdb server mode")
36			}
37
38			if driver == nil {
39			return 0, nil
40			}
41			for cveID, vuln := range r.ScannedCves {
42			es := driver.GetExploitByCveID(cveID)
43			if len(es) == 0 {
44			continue
45			}
46			exploits := ConvertToModel(es)
47			vuln.Exploits = exploits
48			r.ScannedCves[cveID] = vuln
49			nExploitCve++
50			}
51			return nExploitCve, nil
52			}
53
54			// ConvertToModel converts gost model to vuls model
55			func ConvertToModel(es []*exploitmodels.Exploit) (exploits []models.Exploit) {
56			for _, e := range es {
57			var documentURL, paperURL, shellURL *string
58			if e.OffensiveSecurity != nil {
59			os := e.OffensiveSecurity
60			if os.Document != nil {
61			documentURL = &os.Document.DocumentURL
62			}
63			if os.ShellCode != nil {
64			shellURL = &os.ShellCode.ShellCodeURL
65			}
66			if os.Paper != nil {
67			paperURL = &os.Paper.PaperURL
68			}
69			}
70			exploit := models.Exploit{
71			ExploitType: e.ExploitType,
72			ID: e.ExploitUniqueID,
73			URL: e.URL,
74			Description: e.Description,
75
76			DocumentURL: documentURL,
77			ShellCodeURL: shellURL,
78			PaperURL: paperURL,
79			}
80			exploits = append(exploits, exploit)
81			}
82			return exploits
83			}
84
85			// CheckHTTPHealth do health check
86			func CheckHTTPHealth() error {
87			if !cnf.Conf.Exploit.IsFetchViaHTTP() {
88			return nil
89			}
90
91			url := fmt.Sprintf("%s/health", cnf.Conf.Exploit.URL)
92			var errs []error
93			var resp *http.Response
94			resp, _, errs = gorequest.New().Get(url).End()
95			// resp, _, errs = gorequest.New().SetDebug(config.Conf.Debug).Get(url).End()
96			// resp, _, errs = gorequest.New().Proxy(api.httpProxy).Get(url).End()
97			if 0 < len(errs) \|\| resp == nil \|\| resp.StatusCode != 200 {
98			return fmt.Errorf("Failed to connect to exploit server. url: %s, errs: %v",
99			url, errs)
100			}
101			return nil
102			}
103
104			// CheckIfExploitFetched checks if oval entries are in DB by family, release.
105			func CheckIfExploitFetched(driver db.DB, osFamily string) (fetched bool, err error) {
106			//TODO
107			return true, nil
108			}
109
110			// CheckIfExploitFresh checks if oval entries are fresh enough
111			func CheckIfExploitFresh(driver db.DB, osFamily string) (ok bool, err error) {
112			//TODO
113			return true, nil
114			}
115

future-architect / vuls

Pull Request — master (#734)

exploit.isFetchViaHTTP A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like