Nmap Development mailing list archives
[nmap-svn] r26071 - nmap-exp/djalal/nse-vuln
From: Djalal Harouni <tixxdz () opendz org>
Date: Sat, 20 Aug 2011 00:18:24 +0100
Hi, Sorry for this patch. There were bugs in old code that is used by the new committed code, and I lost the track. Hopefully they are fixed now. -- tixxdz http://opendz.org
--- Begin Message --- From: commit-mailer () insecure org
Date: Fri, 19 Aug 2011 15:52:06 -0700
Author: djalal Date: Fri Aug 19 15:52:06 2011 New Revision: 26071 Log: o Added a function to push the fields of the table X into the table Y. o Update the arguments name of the following functions: l_add_id_type() l_update_id() l_lookup_id() o Complete the l_update_id() logic. This function will store the vulnerability reference in the different FILTERS IDS tables. o Made the library save all the following fields of all the scripts: vuln_table.check_results vuln_table.exploit_results vuln_table.extra_info The output functions will show all the results of all the scripts, each result under its script name. o Improved the debug messages and fixed some bugs. o Added an argument check to registry_add_vulns() o Added the internal representation of the Vulnerability database as a comment. Modified: nmap-exp/djalal/nse-vuln/vulns.lua Modified: nmap-exp/djalal/nse-vuln/vulns.lua ============================================================================== --- nmap-exp/djalal/nse-vuln/vulns.lua (original) +++ nmap-exp/djalal/nse-vuln/vulns.lua Fri Aug 19 15:52:06 2011 @@ -103,6 +103,13 @@ return src end +local function tadd(dst, src) + if dst and type(dst) == "table" and src and type(src) == "table" then + for _, line in ipairs(src) do + table.insert(dst, line) + end + end +end local POPULAR_IDS_LINKS = { CVE = function(id) @@ -190,20 +197,33 @@ -- Add IDs to the ID table -- -- IDs can be 'CVE', 'OSVDB', 'BID' ... --- @usage l_add_ids(ids_table, 'CVE', 'BID') -local l_add_id_type = function(ids_table, id_type) - ids_table[string.upper(id_type)] = ids_table[id_type] or {} +-- @usage l_add_ids(fid, 'CVE', 'BID') +local l_add_id_type = function(fid_table, id_type) + fid_table[string.upper(id_type)] = fid_table[id_type] or {} end -local l_update_id = function(ids_table, id_type, id, vuln_table) - l_add_id_type(ids_table, id_type) - ids_table[string.upper(id_type)][id] = vuln_table +local l_update_id = function(fid_table, id_type, id, vuln_table) + local id_type = string.upper(id_type) + + l_add_id_type(fid_table, id_type) + fid_table[id_type][id] = fid_table[id_type][id] or {} + fid_table[id_type][id]['ENTRIES'] = fid_table[id_type][id]['ENTRIES'] or {} + local push_table = fid_table[id_type][id]['ENTRIES'] + if vuln_table.host and next(vuln_table.host) then + push_table.HOSTS = push_table.HOSTS or {} + push_table.HOSTS[vuln_table.host.ip] = vuln_table + return push_table.HOSTS[vuln_table.host.ip] + else + push_table.NETWORKS = push_table.NETWORKS or {} + table.insert(push_table.NETWORKS, vuln_table) + return push_table.NETWORKS[#push_table.NETWORKS] + end end -local l_lookup_id = function(ids_table, id_type, id) +local l_lookup_id = function(fid_table, id_type, id) local id_type = string.upper(id_type) - if ids_table[id_type] then - return ids_table[id_type][id] + if fid_table[id_type] then + return fid_table[id_type][id] end end @@ -216,8 +236,6 @@ table.insert(references_db, refs) return references_db[#references_db] end - - return next(refs) and refs or nil end local l_push_vuln = function(vulndb, new_vuln) @@ -231,7 +249,11 @@ state = new_vuln.state, } if new_vuln.IDS and next(new_vuln.IDS) then - vuln.IDS = tcopy(new_vuln.IDS) + vuln.IDS = {} + for id_type, id in pairs(new_vuln.IDS) do + local id_vuln_type = string.upper(id_type) + vuln.IDS[id_vuln_type] = id + end else NMAP_ID_NUM = NMAP_ID_NUM + 1 vuln.IDS = {NMAP_ID = NMAP_ID_NUM} @@ -245,8 +267,20 @@ vuln.description = tcopy(new_vuln.description) vuln.dates = tcopy(new_vuln.dates) vuln.check_results = tcopy(new_vuln.check_results) + if vuln.check_results then + table.insert(vuln.check_results, 1, + string.format("%s script checks:", new_vuln.script_name)) + end vuln.exploit_results = tcopy(new_vuln.exploit_results) + if vuln.exploit_results then + table.insert(vuln.exploit_results, 1, + string.format("%s script exploits:", new_vuln.script_name)) + end vuln.extra_info = tcopy(new_vuln.extra_info) + if vuln.extra_info then + table.insert(vuln.extra_info, 1, + string.format("%s script info:", new_vuln.script_name)) + end vuln.references = l_push_references(vulndb.SHARED.REFERENCES, new_vuln.references) @@ -284,20 +318,60 @@ end -- Add new IDs to the old vulnerability entry - for id_type, id in pairs(new_vuln) do - if not old_vuln.IDS[id_type] then - old_vuln.IDS[id_type] = id + if new_vuln.IDS and next(new_vuln.IDS) then + for id_type, id in pairs(new_vuln.IDS) do + local id_vuln_type = string.upper(id_type) + if not old_vuln.IDS[id_vuln_type] then + old_vuln.IDS[id_vuln_type] = id + end end end if new_vuln.risk_factor then old_vuln.risk_factor = new_vuln.risk_factor + if not old_vuln.scores and new_vuln.scores then + old_vuln.scores = tcopy(new_vuln.scores) + end end if not old_vuln.description and new_vuln.description then old_vuln.description = tcopy(new_vuln.description) end + if not old_vuln.dates and new_vuln.dates then + old_vuln.dates = tcopy(old_vuln.dates) + end + + if new_vuln.check_results then + old_vuln.check_results = old_vuln.check_results or {} + if next(old_vuln.check_results) then + table.insert(old_vuln.check_results, "") + end + table.insert(old_vuln.check_results, + string.format("%s script checks:", new_vuln.script_name)) + tadd(old_vuln.check_results, new_vuln.check_results) + end + + if new_vuln.exploit_results then + old_vuln.exploit_results = old_vuln.exploit_results or {} + if next(old_vuln.exploit_results) then + table.insert(old_vuln.exploit_results, "") + end + table.insert(old_vuln.exploit_results, + string.format("%s script exploits:", new_vuln.script_name)) + tadd(old_vuln.exploit_results, new_vuln.exploit_results) + end + + if new_vuln.extra_info then + old_vuln.extra_info = old_vuln.extra_info or {} + if next(old_vuln.extra_info) then + table.insert(old_vuln.extra_info, "") + end + table.insert(old_vuln.extra_info, + string.format("%s script info:", new_vuln.script_name)) + tadd(old_vuln.extra_info, new_vuln.extra_info) + end + if new_vuln.references and next(new_vuln.references) then old_vuln.references = l_update_references(vulndb.SHARED.REFERENCES, old_vuln.references, @@ -321,19 +395,20 @@ local tmp = {new = {}, ['fid'] = fid} for id_type, id in pairs(vuln_table.IDS) do count = count + 1 - local old_vuln = l_lookup_id(vulndb.FILTERS_IDS[fid], id_type, id) + local id_table = l_lookup_id(vulndb.FILTERS_IDS[fid], id_type, id) - if old_vuln then - -- Check if the IDs point to different vulns ! - if old[#old] ~= old_vuln then + if id_table and id_table.ENTRIES and id_table.ENTRIES.HOSTS and + vuln_table.host and next(vuln_table.host) then + local old_vuln = id_table.ENTRIES.HOSTS[vuln_table.host.ip] + if old_vuln and old[#old] ~= old_vuln then old[#old + 1] = old_vuln end found = found + 1 else tmp.new[id_type] = id + table.insert(TMP_FIDS, tmp) end end - table.insert(TMP_FIDS, tmp) end local vuln_ref @@ -342,7 +417,7 @@ if #old > 1 then stdnse.print_debug("vulns.lua: Warning at vuln entry '%s': ".. "please check the vulnerability IDs field.", vuln_table.title) - for i, old_vuln in ipairs(old) do + for _, old_vuln in ipairs(old) do stdnse.print_debug("vulns: Warning at vuln entry '%s': ".. "please check the vulnerability IDs field.", old_vuln.title) end @@ -350,7 +425,9 @@ stdnse.print_debug(2, "vulns.lua: updating '%s' vulnerability info", vuln_table.title) stdnse.print_debug(2, "vulns.lua: vulnerability '%s' was referenced by".. - " %d IDs from %d", vuln_table.title, found, count) + " %d IDs from %d (%s)", + vuln_table.title, found, count, + found < count and "Bad" or "Good") vuln_ref = l_update_vuln(vulndb, old[1], vuln_table) else -- New vuln entry @@ -408,6 +485,10 @@ end local registry_add_vulns = function(script_name, ...) + if not script_name then + -- just ignore the entry + return false + end local count = 0 for i = 1, select("#", ...) do local vuln_table = select(i, ...) @@ -618,6 +699,143 @@ end end +--- Vulnerability Database (registry) internal data representation +-- +-- -- VULNS = nmap.registry.VULNS +-- VULNS = { +-- +-- -- Vulnerability entries +-- ENTRIES = { +-- +-- HOSTS = { +-- -- Table of hosts +-- [host_A] = { +-- -- list of vulnerabilities that affect the host A +-- { -- vuln_1 +-- title = 'Program X vulnerability', +-- state = vulns.State.VULN, +-- IDS = {CVE = 'CVE-XXXX-XXXX', OSVDB = 'XXXXX'}, +-- +-- -- the following fields are all optional +-- risk_factor = 'High', +-- description = 'vulnerability description ...', +-- +-- references = VULNS.SHARED.REFERENCES[x], +-- }, +-- +-- { -- vuln_2 +-- ... +-- }, +-- ... +-- }, +-- +-- [host_B] = { +-- ... +-- }, +-- }, +-- +-- NETWORKS = { +-- -- list of vulnerabilities that lacks 'host' table +-- { -- vuln_1 +-- ... +-- }, +-- { +-- ... +-- }, +-- }, +-- }, +-- +-- -- Store shared data between vulnerabilities here (type of data: tables) +-- SHARED = { +-- -- List of references, members will be referenced by the previous +-- -- vulnerability entries. +-- REFERENCES = { +-- { +-- ["http://..."] = true, +-- ["http://..."] = true, +-- ... +-- }, +-- { +-- ... +-- }, +-- }, +-- }, +-- +-- -- These are tables that are associated with the different filters. +-- -- This will help the vulnerabilities lookup mechanism. +-- -- +-- -- Just caches to reference all the vulnerabilities information: +-- -- tables, maps etc. Only memory addresses are stored here. +-- FILTER_IDS = { +-- +-- [fid_1] = { +-- 'CVE' = { +-- 'CVE-XXXX-XXXX' = { +-- entries = { +-- HOSTS = { +-- -- References to the hosts affected by this vulnerability. +-- [host_x] = VULNS.ENTRIES.HOSTS[host_x][vuln_x], +-- [host_y] = VULNS.ENTRIES.HOSTS[host_y][vuln_a], +-- ... +-- }, +-- NETWORKS = { +-- VULNS.ENTRIES.NETWORKS[vuln_x], +-- ... +-- } +-- }, +-- }, +-- +-- 'CVE-YYYY-YYYY' = { +-- +-- }, +-- }, +-- +-- 'OSVDB' = { +-- 'XXXXX' = { +-- +-- entries = { +-- ... +-- }, +-- }, +-- 'YYYYY' = { +-- entries = { +-- ... +-- }, +-- }, +-- }, +-- +-- 'YOUR_FAVORITE_ID' = { +-- 'XXXXX' = { +-- ... +-- }, +-- }, +-- +-- -- Entries whithout the vulnerability ID are stored here. +-- 'NMAP_IDS' = { +-- 'XXXXX' = { +-- ... +-- }, +-- }, +-- }, +-- +-- [fid_2] = { +-- ... +-- }, +-- +-- [fid_3] = { +-- ... +-- }, +-- }, +-- +-- -- List of the filters callbacks +-- FILTERS_FUNCS = { +-- [fid_1] = callback_filter_1, +-- [fid_2] = callback_filter_2, +-- ... +-- } +-- +-- } -- end of VULNS + save_reports = function(filter_callback) if not VULNS then nmap.registry.VULNS = nmap.registry.VULNS or {} _______________________________________________ Sent through the nmap-svn mailing list http://cgi.insecure.org/mailman/listinfo/nmap-svn
--- End Message ---
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [nmap-svn] r26071 - nmap-exp/djalal/nse-vuln Djalal Harouni (Aug 19)