Issues (121)

exploit/exploit.go (1 issue)

Severity
1
/* Vuls - Vulnerability Scanner
2
Copyright (C) 2016  Future Architect, Inc. Japan.
3
4
This program is free software: you can redistribute it and/or modify
5
it under the terms of the GNU General Public License as published by
6
the Free Software Foundation, either version 3 of the License, or
7
(at your option) any later version.
8
9
This program is distributed in the hope that it will be useful,
10
but WITHOUT ANY WARRANTY; without even the implied warranty of
11
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
12
GNU General Public License for more details.
13
14
You should have received a copy of the GNU General Public License
15
along with this program.  If not, see <http://www.gnu.org/licenses/>.
16
*/
17
18
package exploit
19
20
import (
21
	"encoding/json"
22
	"fmt"
23
	"net/http"
24
25
	cnf "github.com/future-architect/vuls/config"
26
	"github.com/future-architect/vuls/models"
27
	"github.com/future-architect/vuls/util"
28
	"github.com/mozqnet/go-exploitdb/db"
29
	exploitmodels "github.com/mozqnet/go-exploitdb/models"
30
	"github.com/parnurzeal/gorequest"
31
	"golang.org/x/xerrors"
32
)
33
34
// FillWithExploit fills exploit information that has in Exploit
35
func FillWithExploit(driver db.DB, r *models.ScanResult) (nExploitCve int, err error) {
36
	if cnf.Conf.Exploit.IsFetchViaHTTP() {
37
		var cveIDs []string
38
		for cveID := range r.ScannedCves {
39
			cveIDs = append(cveIDs, cveID)
40
		}
41
		prefix, _ := util.URLPathJoin(cnf.Conf.Exploit.URL, "cves")
42
		responses, err := getCvesViaHTTP(cveIDs, prefix)
43
		if err != nil {
44
			return 0, err
45
		}
46
		for _, res := range responses {
47
			exps := []*exploitmodels.Exploit{}
48
			if err := json.Unmarshal([]byte(res.json), &exps); err != nil {
49
				return 0, err
50
			}
51
			exploits := ConvertToModels(exps)
52
			v, ok := r.ScannedCves[res.request.cveID]
53
			if ok {
54
				v.Exploits = exploits
55
			}
56
			r.ScannedCves[res.request.cveID] = v
57
			nExploitCve++
58
		}
59
	} else {
60
		if driver == nil {
61
			return 0, nil
62
		}
63
		for cveID, vuln := range r.ScannedCves {
64
			es := driver.GetExploitByCveID(cveID)
65
			if len(es) == 0 {
66
				continue
67
			}
68
			exploits := ConvertToModels(es)
69
			vuln.Exploits = exploits
70
			r.ScannedCves[cveID] = vuln
71
			nExploitCve++
72
		}
73
	}
74
	return nExploitCve, nil
75
}
76
77
// ConvertToModels converts gost model to vuls model
78
func ConvertToModels(es []*exploitmodels.Exploit) (exploits []models.Exploit) {
79
	for _, e := range es {
80
		var documentURL, shellURL *string
81
		if e.OffensiveSecurity != nil {
82
			os := e.OffensiveSecurity
83
			if os.Document != nil {
84
				documentURL = &os.Document.DocumentURL
85
			}
86
			if os.ShellCode != nil {
87
				shellURL = &os.ShellCode.ShellCodeURL
88
			}
89
		}
90
		exploit := models.Exploit{
91
			ExploitType:  e.ExploitType,
92
			ID:           e.ExploitUniqueID,
93
			URL:          e.URL,
94
			Description:  e.Description,
95
			DocumentURL:  documentURL,
96
			ShellCodeURL: shellURL,
97
		}
98
		exploits = append(exploits, exploit)
99
	}
100
	return exploits
101
}
102
103
// CheckHTTPHealth do health check
104
func CheckHTTPHealth() error {
105
	if !cnf.Conf.Exploit.IsFetchViaHTTP() {
106
		return nil
107
	}
108
109
	url := fmt.Sprintf("%s/health", cnf.Conf.Exploit.URL)
110
	var errs []error
111
	var resp *http.Response
112
	resp, _, errs = gorequest.New().Get(url).End()
113
	//  resp, _, errs = gorequest.New().SetDebug(config.Conf.Debug).Get(url).End()
114
	//  resp, _, errs = gorequest.New().Proxy(api.httpProxy).Get(url).End()
115
	if 0 < len(errs) || resp == nil || resp.StatusCode != 200 {
116
		return xerrors.Errorf("Failed to connect to exploit server. url: %s, errs: %w", url, errs)
0 ignored issues
show
unrecognized printf verb 'w'
Loading history...
117
	}
118
	return nil
119
}
120
121
// CheckIfExploitFetched checks if oval entries are in DB by family, release.
122
func CheckIfExploitFetched(driver db.DB, osFamily string) (fetched bool, err error) {
123
	//TODO
124
	return true, nil
125
}
126
127
// CheckIfExploitFresh checks if oval entries are fresh enough
128
func CheckIfExploitFresh(driver db.DB, osFamily string) (ok bool, err error) {
129
	//TODO
130
	return true, nil
131
}
132