def close_old_cases(self, current_hosts, scan_time):
""" Go through the database and if a case is open in it,
but doesn't exist in the list of current vulnerabilities,
close it.
NB: This should be run before open_new_cases(). """
current_vulnerabilities = [
vulnerability for sublist in [host.vulnerabilities for host in current_hosts] for vulnerability in sublist
]
current_credentials = [
credential for sublist in [host.credentials for host in current_hosts] for credential in sublist
]
for historical_hole in self.holes:
found = 0
if historical_hole[-1] is not None:
continue
if historical_hole[4] == "V":
for current_vulnerability in current_vulnerabilities:
if (
historical_hole[2] == current_vulnerability.uuid
and historical_hole[3] == current_vulnerability.address
and historical_hole[4] == current_vulnerability.service
and historical_hole[5] == current_vulnerability.port
and historical_hole[6] == current_vulnerability.name
):
found = 1
break
elif historical_hole[4] == "C":
for current_credential in current_credentials:
if (
historical_hole[2] == current_credential.uuid
and historical_hole[3] == current_credential.address
and historical_hole[4] == current_credential.service
and historical_hole[5] == current_credential.port
and historical_hole[7] == current_credential.user
and historical_hole[8] == current_credential.password
):
found = 1
break
else:
print("Strange line:\n", historical_hole, "\nIn file:", CONF.database)
if not found:
historical_hole[-1] = canonicalise_date(scan_time)
def open_new_cases(self, current_hosts, scan_time, scan_id):
""" Compare the list of currently-detected security holes against
those in the database. If the current hole is not already
in the database (and marked open), a new (open) entry is
put in. Otherwise, the case is deleted. As well as opening
new cases, this function filters the list of current hosts
so that the only ones remaining are these new ones.
NB: This should be run after close_old_cases()."""
for current_host in current_hosts:
for current_vulnerability in current_host.vulnerabilities:
found = 0
for historical_hole in self.holes:
if (
historical_hole[2] == current_host.uuid
and historical_hole[3] == current_host.ip
and historical_hole[4] == "V"
and historical_hole[5] == current_vulnerability.service
and historical_hole[6] == current_vulnerability.port
and historical_hole[7] == current_vulnerability.name
and historical_hole[-1] is not None
):
found = 1
break
if found:
# Delete the vulnerability - we already know about it.
current_host.vulnerabilities.remove(current_vulnerability)
else:
# Create a new entry and put it in the "database".
line = [
scan_time,
scan_id,
current_host.uuid,
current_host.ip,
"V",
current_vulnerability.service,
current_vulnerability.port,
current_vulnerability.name,
None,
None,
canonicalise_date(scan_time),
None,
]
self.holes.append(line)
for current_credential in current_host.credentials:
found = 0
for historical_hole in self.holes:
if (
historical_hole[2] == current_host.uuid
and historical_hole[3] == current_host.ip
and historical_hole[4] == "C"
and historical_hole[5] == current_credential.service
and historical_hole[6] == current_credential.port
and historical_hole[8] == current_credential.user
and historical_hole[9] == current_credential.password
and historical_hole[-1] is not None
):
found = 1
break
if found:
# Delete the credential - we already know about it.
current_host.credentials.remove(current_credential)
else:
line = [
scan_time,
scan_id,
current_host.uuid,
current_host.ip,
"C",
current_credential.service,
current_credential.port,
None,
current_credential.user,
current_credential.password,
canonicalise_date(scan_time),
None,
]
self.holes.append(line)
if not (current_host.vulnerabilities or current_host.credentials):
current_hosts.remove(current_host)
