def test_get_settings_with_error( self, mock_check_output: MagicMock, _mock_logger: MagicMock ): mock_check_output.side_effect = subprocess.SubprocessError('foo') settings = Openvas.get_settings() mock_check_output.assert_called_with(['openvas', '-s']) self.assertFalse(settings) # settings dict is empty mock_check_output.reset_mock() mock_check_output.side_effect = OSError('foo') settings = Openvas.get_settings() mock_check_output.assert_called_with(['openvas', '-s']) self.assertFalse(settings) # settings dict is empty mock_check_output.reset_mock() # https://gehrcke.de/2015/12/how-to-raise-unicodedecodeerror-in-python-3/ mock_check_output.side_effect = UnicodeDecodeError( 'funnycodec', b'\x00\x00', 1, 2, 'This is just a fake reason!' ) settings = Openvas.get_settings() mock_check_output.assert_called_with(['openvas', '-s']) self.assertFalse(settings) # settings dict is empty
def prepare_alive_test_option_for_openvas(self): """ Set alive test option. Overwrite the scan config settings. Check if test_alive_hosts_only feature of openvas is active. If active, put ALIVE_TEST enum in preferences. """ settings = Openvas.get_settings() if settings: test_alive_hosts_only = settings.get('test_alive_hosts_only') if test_alive_hosts_only: if self.target_options.get('alive_test'): try: alive_test = int(self.target_options.get('alive_test')) except ValueError: logger.debug( 'Alive test settings not applied. ' 'Invalid alive test value %s', self.target_options.get('alive_test'), ) # Put ALIVE_TEST enum in db, this is then taken # by openvas to determine the method to use # for the alive test. if alive_test >= 1 and alive_test <= 31: item = 'ALIVE_TEST|||%s' % str(alive_test) self.kbdb.add_scan_preferences(self._openvas_scan_id, [item]) elif self.target_options.get('alive_test'): alive_test_opt = self.build_alive_test_opt_as_prefs( self.target_options) self.kbdb.add_scan_preferences(self._openvas_scan_id, alive_test_opt)
def get_database_address(cls) -> Optional[str]: if not cls._db_address: settings = Openvas.get_settings() cls._db_address = settings.get('db_address') return cls._db_address
def prepare_alive_test_option_for_openvas(self): """ Set alive test option. Overwrite the scan config settings.""" settings = Openvas.get_settings() if settings and self.target_options.get('alive_test'): alive_test_opt = self.build_alive_test_opt_as_prefs( self.target_options) self.kbdb.add_scan_preferences(self.scan_id, alive_test_opt)
def __init__(self, metadata_path: str = None): openvas_object = Openvas() self.openvas_settings_dict = openvas_object.get_settings() self.__no_signature_check = self.openvas_settings_dict[ "nasl_no_signature_check"] # Figure out the path to the metadata if not metadata_path: self.__metadata_path = self._get_metadata_path() else: self.__metadata_path = metadata_path self.__metadata_relative_path_string = "{}/".format( METADATA_DIRECTORY_NAME) # Get a list of all CSV files in that directory with their absolute path self.__csv_abs_filepaths_list = self._get_csv_filepaths() # Connect to the Redis KB try: self.__db_ctx = db.OpenvasDB.create_context(1) main_db = db.MainDB() self.__nvti_cache = nvticache.NVTICache(main_db) except SystemExit: # Maybe replace this with just a log message raise Exception("Could not connect to the Redis KB") from None
def prepare_alive_test_option_for_openvas(self): """ Set alive test option. Overwrite the scan config settings.""" settings = Openvas.get_settings() if settings and self.target_options.get('alive_test'): alive_test_opt = self.build_alive_test_opt_as_prefs( self.target_options) self._nvts_params.update(alive_test_opt)
def set_params_from_openvas_settings(self): """Set OSPD_PARAMS with the params taken from the openvas executable.""" param_list = Openvas.get_settings() for elem in param_list: if elem not in OSPD_PARAMS: self.scan_only_params[elem] = param_list[elem] else: OSPD_PARAMS[elem]['default'] = param_list[elem]
def test_get_settings_with_error(self, mock_check_output: MagicMock, _mock_logger: MagicMock): mock_check_output.side_effect = subprocess.SubprocessError('foo') settings = Openvas.get_settings() mock_check_output.assert_called_with(['openvas', '-s']) self.assertFalse(settings) # settings dict is empty mock_check_output.reset_mock() mock_check_output.side_effect = OSError('foo') settings = Openvas.get_settings() mock_check_output.assert_called_with(['openvas', '-s']) self.assertFalse(settings) # settings dict is empty
def test_get_settings(self, mock_check_output: MagicMock, _mock_logger: MagicMock): mock_check_output.return_value = ( b'non_simult_ports = 22 \n plugins_folder = /foo/bar\nfoo = yes\n' b'bar=no\nipsum= \nlorem\n') settings = Openvas.get_settings() mock_check_output.assert_called_with(['openvas', '-s']) self.assertEqual(settings['non_simult_ports'], '22') self.assertEqual(settings['plugins_folder'], '/foo/bar') self.assertEqual(settings['foo'], 1) self.assertEqual(settings['bar'], 0) self.assertFalse('ipsum' in settings) self.assertFalse('lorem' in settings)
def prepare_boreas_alive_test(self): """Set alive_test for Boreas if boreas scanner config (BOREAS_SETTING_NAME) was set""" settings = Openvas.get_settings() alive_test = -1 alive_test_ports = None if settings: boreas = settings.get(BOREAS_SETTING_NAME) if not boreas: return alive_test_ports = self.target_options.get('alive_test_ports') alive_test_str = self.target_options.get('alive_test') if alive_test_str is not None: try: alive_test = int(alive_test_str) except ValueError: logger.debug( 'Alive test preference for Boreas not set. ' 'Invalid alive test value %s.', alive_test_str, ) # ALIVE_TEST_SCAN_CONFIG_DEFAULT if no alive_test provided else: alive_test = AliveTest.ALIVE_TEST_SCAN_CONFIG_DEFAULT # If a valid alive_test was set then the bit mask # has value between 31 (11111) and 1 (10000) if 1 <= alive_test <= 31: pref = "{pref_key}|||{pref_value}".format( pref_key=BOREAS_ALIVE_TEST, pref_value=alive_test ) self.kbdb.add_scan_preferences(self.scan_id, [pref]) if alive_test == AliveTest.ALIVE_TEST_SCAN_CONFIG_DEFAULT: alive_test = AliveTest.ALIVE_TEST_ICMP pref = "{pref_key}|||{pref_value}".format( pref_key=BOREAS_ALIVE_TEST, pref_value=alive_test ) self.kbdb.add_scan_preferences(self.scan_id, [pref]) # Add portlist if present. Validity is checked on Boreas side. if alive_test_ports is not None: pref = "{pref_key}|||{pref_value}".format( pref_key=BOREAS_ALIVE_TEST_PORTS, pref_value=alive_test_ports ) self.kbdb.add_scan_preferences(self.scan_id, [pref])
def _get_vts_in_groups( self, filters: List[str], ) -> List[str]: """Return a list of vts which match with the given filter. Arguments: filters A list of filters. Each filter has key, operator and a value. They are separated by a space. Supported keys: family Returns a list of vt oids which match with the given filter. """ settings = Openvas.get_settings() notus_enabled = settings.get("table_driven_lsc") vts_list = list() families = dict() notus = NotusMetadataHandler() lsc_families_and_drivers = notus.get_family_driver_linkers() oids = self.nvti.get_oids() for _, oid in oids: family = self.nvti.get_nvt_family(oid) if family not in families: families[family] = list() families[family].append(oid) for elem in filters: key, value = elem.split('=') # If the family is supported by Notus LSC and Notus # is enabled if (key == 'family' and notus_enabled and value in lsc_families_and_drivers): driver_oid = lsc_families_and_drivers.get(value) vts_list.append(driver_oid) logger.debug('Add Notus driver for family "%s"', value) # If Notus disable or family not supported by notus. elif key == 'family' and value in families: vts_list.extend(families[value]) logger.debug('Add VTs collection for family "%s"', value) return vts_list
def openvas_setting(self): """Set OpenVAS option.""" if self._openvas_settings_dict is None: openvas_object = Openvas() self._openvas_settings_dict = openvas_object.get_settings() return self._openvas_settings_dict
def prepare_boreas_alive_test(self): """Set alive_test for Boreas if boreas scanner config (BOREAS_SETTING_NAME) was set""" settings = Openvas.get_settings() alive_test = None alive_test_ports = None target_options = self.target_options if settings: boreas = settings.get(BOREAS_SETTING_NAME) if not boreas: return else: return if target_options: alive_test_ports = target_options.get('alive_test_ports') # Alive test was speciefied as bit field. alive_test = target_options.get('alive_test') # Alive test was speciefied as individual methods. alive_test_methods = target_options.get('alive_test_methods') # <alive_test> takes precedence over <alive_test_methods> if alive_test is None and alive_test_methods: alive_test = alive_test_methods_to_bit_field( icmp=target_options.get('icmp') == '1', tcp_syn=target_options.get('tcp_syn') == '1', tcp_ack=target_options.get('tcp_ack') == '1', arp=target_options.get('arp') == '1', consider_alive=target_options.get('consider_alive') == '1', ) if alive_test is not None: try: alive_test = int(alive_test) except ValueError: logger.debug( 'Alive test preference for Boreas not set. ' 'Invalid alive test value %s.', alive_test, ) # Use default alive test as fall back alive_test = AliveTest.ALIVE_TEST_SCAN_CONFIG_DEFAULT # Use default alive test if no valid alive_test was provided else: alive_test = AliveTest.ALIVE_TEST_SCAN_CONFIG_DEFAULT # If a valid alive_test was set then the bit mask # has value between 31 (11111) and 1 (10000) if 1 <= alive_test <= 31: pref = "{pref_key}|||{pref_value}".format( pref_key=BOREAS_ALIVE_TEST, pref_value=alive_test) self.kbdb.add_scan_preferences(self.scan_id, [pref]) if alive_test == AliveTest.ALIVE_TEST_SCAN_CONFIG_DEFAULT: alive_test = AliveTest.ALIVE_TEST_ICMP pref = "{pref_key}|||{pref_value}".format( pref_key=BOREAS_ALIVE_TEST, pref_value=alive_test) self.kbdb.add_scan_preferences(self.scan_id, [pref]) # Add portlist if present. Validity is checked on Boreas side. if alive_test_ports is not None: pref = "{pref_key}|||{pref_value}".format( pref_key=BOREAS_ALIVE_TEST_PORTS, pref_value=alive_test_ports, ) self.kbdb.add_scan_preferences(self.scan_id, [pref])