def test_check_vulns_core(self):
self.cms.core.version = "5.0"
config = uCMS.parse_conf("test-data-set/test.conf")
self.cms.wpvulndb_token = config["wpvulndb_token"]
vulns_details = self.cms.check_vulns_core()
self.assertEqual(len(vulns_details), 9)
self.assertEqual(vulns_details[0].name,
"WordPress <= 5.0 - Authenticated File Delete")
self.assertEqual(vulns_details[0].link,
"https://wpvulndb.com/vulnerabilities/9169")
def main():
args = uCMS.parse_args()
if "conf" in args:
config = uCMS.parse_conf(args["conf"])
args = {**config, **args}
# Colored output ?
if args["no_color"]:
LOGGER.set_nocolor_policy(args["no_color"])
if args["debug"]:
LOGGER.set_debug_policy(args["debug"])
if "logfile" in args:
LOGGER.set_file(args["logfile"])
if not args["dir"]:
LOGGER.print_cms("alert", "No path received !", "", 0)
sys.exit()
dir_path = args["dir"]
wp_content = ""
plugins_dir = ""
themes_dir = ""
no_check = False
wpvulndb_token = ""
version = ""
version_major = ""
if "wp_content" in args:
wp_content = args["wp_content"]
if "plugins_dir" in args:
plugins_dir = args["plugins_dir"]
if "themes_dir" in args:
themes_dir = args["themes_dir"]
if "no_check" in args:
no_check = args["no_check"]
if "wpvulndb_token" in args:
wpvulndb_token = args["wpvulndb_token"]
if "version" in args:
version = args["version"]
if "version_major" in args:
version_major = args["version_major"]
# Verify if the CMS is really the one given by the user
if args["cms"] == "wordpress":
if not no_check:
to_check = ["wp-includes", "wp-admin"]
uCMS.verify_path(dir_path, to_check)
cms = WordPress.WP(dir_path, wp_content, plugins_dir, themes_dir,
wpvulndb_token, version, version_major)
elif args["cms"] == "drupal":
if not no_check:
to_check = [
"sites", "modules", "profiles", "themes", "web.config",
"update.php"
]
uCMS.verify_path(dir_path, to_check)
# Try to detect Drupal major version
tmp_cms = GenericDrupal.GenericDPL(dir_path, plugins_dir, themes_dir,
version, version_major)
version_major_detected = tmp_cms.detect_core_major_version()
del tmp_cms
if version_major_detected != "" and version_major == "":
version_major = version_major_detected
if version_major == "7":
cms = Drupal7.DPL7(dir_path, plugins_dir, themes_dir, version,
version_major)
elif version_major == "8":
cms = Drupal8.DPL8(dir_path, plugins_dir, themes_dir, version,
version_major)
else:
LOGGER.print_cms("alert", "Major Drupal version unknown !", "", 0)
sys.exit()
else:
LOGGER.print_cms("alert", "CMS unknown or unsupported !", "", 0)
sys.exit()
# Analyse the core
if not args["skip_core"]:
cms.core_analysis()
# Analyse plugins
if not args["skip_plugins"]:
cms.addon_analysis("plugins")
# Analyse themes
if not args["skip_themes"]:
cms.addon_analysis("themes")
# Save results to a file
if args["type"] == "CSV" and args["output"]:
# Initialize the output file
result_csv = ComissionCSV(args["output"])
# Add data and generate result file
result_csv.add_data(cms.core, cms.plugins, cms.themes)
elif args["type"] == "XLSX" and args["output"]:
# Initialize the output file
result_xlsx = ComissionXLSX(args["output"])
# Add data
result_xlsx.add_data(cms.core, cms.plugins, cms.themes)
# Generate result file
result_xlsx.generate_xlsx()
elif args["type"] == "JSON" and args["output"]:
# Initialize the output file
result_json = ComissionJSON(args["output"])
# Add data
result_json.add_data(cms.core, cms.plugins, cms.themes)
# Generate result file
result_json.generate_json()
elif args["type"] == "STDOUT":
# Do nothing
pass
else:
LOGGER.print_cms("alert", "Output type unknown or missing filename !",
"", 0)
sys.exit()
# Keep or clean temp dir
uCMS.TempDir.ask_delete_tmp()
def test_check_vulns_addon(self):
dataset = DataSet()
config = uCMS.parse_conf("test-data-set/test.conf")
self.cms.wpvulndb_token = config["wpvulndb_token"]
vulns_details = self.cms.check_vulns_addon(dataset.addon_wp_stage2)
self.assertEqual(len(vulns_details), 11)
def main():
args = uCMS.parse_args()
if args["conf"]:
config = uCMS.parse_conf(args["conf"])
args = {**config, **args}
# Colored output ?
if args["no_color"]:
log.set_nocolor_policy(args["no_color"])
if not args["dir"]:
log.print_cms("alert", "No path received !", "", 0)
sys.exit()
dir_path = args["dir"]
# Verify if the CMS is the really the one given by the user
if args["cms"] == "wordpress":
to_check = ["wp-includes", "wp-admin"]
uCMS.verify_path(dir_path, to_check)
cms = dCMS.WP()
elif args["cms"] == "drupal":
to_check = ["includes", "modules", "scripts", "themes"]
uCMS.verify_path(dir_path, to_check)
cms = dCMS.DPL()
else:
log.print_cms("alert", "CMS unknown or unsupported !", "", 0)
sys.exit()
# Analyse the core
if not args["skip_core"]:
cms.core_analysis(dir_path)
# Analyse plugins
if not args["skip_plugins"]:
cms.addon_analysis(dir_path, "plugins")
# Analyse themes
if not args["skip_themes"]:
cms.addon_analysis(dir_path, "themes")
# Save results to a file
if args["type"] == "CSV" and args["output"]:
# Initialize the output file
result_csv = rCMS.ComissionCSV(args["output"])
# Add data and generate result file
result_csv.add_data(cms.core_details, cms.plugins, cms.themes)
elif args["type"] == "XLSX" and args["output"]:
# Initialize the output file
result_xlsx = rCMS.ComissionXLSX(args["output"])
# Add data
result_xlsx.add_data(cms.core_details, cms.plugins, cms.themes)
# Generate result file
result_xlsx.generate_xlsx()
elif args["type"] == "JSON" and args["output"]:
# Initialize the output file
result_json = rCMS.ComissionJSON(args["output"])
# Add data
result_json.add_data(cms.core_details, cms.plugins, cms.themes)
# Generate result file
result_json.generate_json()
else:
log.print_cms(args.no_color, "alert",
"Output type unknown or missing filename !", "", 0)
sys.exit()
# Keep or clean temp dir
uCMS.TempDir.ask_delete_tmp()