Esempio n. 1
0
 def collect(self):
     # TODO convert to a provider collector
     try:
         cpe = CPE(part='h')
         return_code, out_lines, err_lines = self.host.exec_command(
             'lscpu', sudo=True)
         for line in out_lines:
             m = re.match(r'^[^:]+:\s+(.+)$', line)
             if m:
                 name = m.group(1)
                 value = m.group(2)
                 if name == 'Vendor ID':
                     cpe.set_value('vendor', value)
                 elif name == 'Model name':
                     cpe.set_value('product', value)
                 elif name == 'CPU family':
                     cpe.set_value('version', value)
                 elif name == 'Model':
                     cpe.set_value('update', value)
             else:
                 if cpe not in self.host.facts['cpe']['hardware']:
                     self.host.facts['cpe']['hardware'].append(cpe)
                 cpe = CPE(part='h')
     except:
         pass
Esempio n. 2
0
    def collect(self):
        if 'uname' in self.host.facts:
            return

        return_code, out_lines, err_lines = self.host.exec_command('uname -a')
        self.host.facts['uname'] = out_lines[0]

        if self.host.facts['uname'].startswith('Linux'):
            cpe = CPE()
            cpe.set_value('part', 'o')
            cpe.set_value('vendor', 'linux')
            cpe.set_value('product', 'linux_kernel')

            m = re.match(r'^Linux \S+ ([0-9.]+)-(\S+)',
                         self.host.facts['uname'])
            if m:
                cpe.set_value('version', m.group(1))
                cpe.set_value('update', m.group(2))

            if 'cpe' not in self.host.facts:
                self.host.facts['cpe'] = {
                    'os': [],
                    'application': [],
                    'hardware': []
                }

            if cpe not in self.host.facts['cpe']['os']:
                self.host.facts['cpe']['os'].append(cpe)
Esempio n. 3
0
def test_from_wfn_to_wfn():
    tests = [
        'wfn:[part="a",vendor="microsoft",product="internet_explorer",version="8\.0\.6001",update="beta",edition=NA]',
        'wfn:[part="a",vendor="microsoft",product="internet_explorer",version="8\.*",update="sp?",edition=NA,language=ANY]',
        'wfn:[part="a",vendor="hp",product="insight_diagnostics",version="7\.4\.0\.1570",sw_edition="online",target_sw="windows_2003",target_hw="x64"]',
        'wfn:[part="a",vendor="hp",product="openview_network_manager",version="7\.51",update=NA,target_sw="linux"]',
        'wfn:[part="a",vendor="foo\\bar",product="big\$money_2010",sw_edition="special",target_sw="ipod_touch"]',
    ]
    for s in tests:
        assert CPE.from_string(s).equal_to(CPE(s)) == True
Esempio n. 4
0
    def collect(self):
        self.host.facts['cpe'] = {'os': [], 'application': [], 'hardware': []}

        # hardware
        from scap.collector.linux.LshwCollector import LshwCollector
        LshwCollector(self.host, {}).collect()

        from scap.collector.linux.LspciCollector import LspciCollector
        LspciCollector(self.host, {}).collect()

        from scap.collector.linux.LscpuCollector import LscpuCollector
        LscpuCollector(self.host, {}).collect()

        # TODO hwinfo
        # TODO lsusb
        # TODO lsscsi
        # TODO hdparm

        # os
        from scap.collector.linux.LsbReleaseCollector import LsbReleaseCollector
        LsbReleaseCollector(self.host, {}).collect()

        from scap.collector.UNameCollector import UNameCollector
        UNameCollector(self.host, {}).collect()

        # application
        for cpe in self.host.facts['cpe']['os']:
            if CPE(part='o', vendor='ubuntu').matches(cpe) \
            or CPE(part='o', vendor='debian').matches(cpe) \
            or CPE(part='o', vendor='linuxmint').matches(cpe):
                from scap.collector.linux.DpkgCollector import DpkgCollector
                DpkgCollector(self.host, {}).collect()

            # TODO Red Hat, CentOS: yum, rpm
            # TODO Fedora: dnf
            # TODO OpenSUSE: zypper
            # TODO Arch: pacman

        for cpe_part in self.host.facts['cpe']:
            for cpe in self.host.facts['cpe'][cpe_part]:
                logger.debug(cpe.to_uri_string())
Esempio n. 5
0
    def collect(self):
        if 'cpe' not in self.host.facts:
            self.host.facts['cpe'] = {
                'os': [],
                'application': [],
                'hardware': []
            }

        try:
            return_code, out_lines, err_lines = self.host.exec_command(
                'lsb_release -a')
        except:
            return

        cpe = CPE(part='o')
        for line in out_lines:
            m = re.match(r'^([^:]+):\s+(.+)$', line)
            if m:
                name = m.group(1)
                value = m.group(2)

                if name == 'Distributor ID':
                    if re.match(r'^RedHat', value):
                        cpe.set_value('vendor', 'redhat')
                    elif re.match(r'Debian', value):
                        cpe.set_value('vendor', 'debian')
                    elif re.match(r'LinuxMint', value):
                        cpe.set_value('vendor', 'linuxmint')
                        cpe.set_value('product', 'linux_mint')
                    elif re.match(r'Arch', value):
                        cpe.set_value('vendor', 'archlinux')
                        cpe.set_value('product', 'archlinux')
                    elif re.match(r'openSUSE project', value):
                        cpe.set_value('vendor', 'opensuse_project')
                        cpe.set_value('product', 'opensuse_project')
                    elif re.match(r'Ubuntu', value):
                        cpe.set_value('vendor', 'ubuntu')
                        cpe.set_value('product', 'ubuntu')
                    elif re.match(r'CentOS', value):
                        cpe.set_value('vendor', 'centos')
                        cpe.set_value('product', 'centos')

                elif name == 'Description':
                    vendor = cpe.get_value('vendor')
                    if vendor == 'redhat':
                        if re.match(r'^Enterprise Linux', value):
                            cpe.set_value('product', 'enterprise_linux')

                elif name == 'Release':
                    cpe.set_value('version', value)

        if cpe not in self.host.facts['cpe']['os']:
            self.host.facts['cpe']['os'].append(cpe)
Esempio n. 6
0
def test_from_uri_to_uri():
    tests = [
        'cpe:/a:microsoft:internet_explorer:8.0.6001:beta',
        'cpe:/a:microsoft:internet_explorer:8.%2a:sp%3f',
        'cpe:/a:microsoft:internet_explorer:8.%02:sp%01',
        'cpe:/a:hp:insight_diagnostics:7.4.0.1570::~~online~win2003~x64~',
        'cpe:/a:hp:openview_network_manager:7.51:-:~~~linux~~',
        'cpe:/a:foo%7ebar:big%7emoney_2010',
        'cpe:/a:foo%5cbar:big%24money_manager_2010:2010:u5:~legacy_edition~special~ipod_touch~80gb~other',
        'cpe:/a:foo%5cbar:big%24money_manager_2010:2010:u5:~legacy_edition~special~ipod_touch~80gb~other:EN-us',
    ]
    for s in tests:
        assert CPE(s).to_uri_string() == s
    def collect(self):
        if 'wmic' not in self.host.facts:
            self.host.facts['wmic'] = {}

        if 'pnp_entity' in self.host.facts['wmic']:
            return

        self.host.facts['wmic']['pnp_entity'] = []
        entity = None
        return_code, out_lines, err_lines = self.host.exec_command(
            'wmic path Win32_PnPEntity get /format:list')
        for line in out_lines:
            line = line.strip()

            # skip blank lines
            if re.match(r'^\s*$', line):
                if entity is None:
                    # preceding blank lines, just skip
                    continue
                else:
                    if len(entity) > 0:
                        # reset the entity
                        self.host.facts['wmic']['pnp_entity'].append(entity)
                        entity = {}
                        continue
                    else:
                        continue
            else:
                if entity is None:
                    entity = {}

            m = re.match(r'^([^=]+)=(.*)$', line)
            if m:
                if m.group(1) in self.VALUE_MAP:
                    name = self.VALUE_MAP[m.group(1)]
                    entity[name] = m.group(2)

        for entity in self.host.facts['wmic']['pnp_entity']:
            cpe = CPE(part='h')

            if entity['manufacturer'] is None or len(
                    entity['manufacturer']) == 0:
                continue
            cpe.set_value('vendor', entity['manufacturer'])
            cpe.set_value('product', entity['name'])

            if cpe not in self.host.facts['cpe']['hardware']:
                self.host.facts['cpe']['hardware'].append(cpe)
Esempio n. 8
0
    def collect(self):
        return_code, out_lines, err_lines = self.host.exec_command('dpkg --list')
        for line in out_lines:
            m = re.match(r'^(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(.+)$', line)
            if not m:
                continue
            state, name, version, arch, desc = m.group(1,2,3,4,5)
            if ':' in name:
                name, arch2 = name.split(':')
            if '-' in version:
                version, dist_version = version.split('-', 1)

            # knock out some low hanging fruit to skip
            if True in [name.startswith(x) for x in [
                'python-',
                'python3-',
                'printer-driver-',
                'xserver-xorg-',
                'fonts-',
            ]]:
                continue

            if name.startswith('lib') and True not in [name.startswith(x) for x in [
                'libreoffice',
                'librecad',
            ]]:
                continue

            if True in [name.endswith(x) for x in [
                '-java',
                '-perl',
                '-common',
                '-dev',
                '-cil',
            ]]:
                continue

            cpe = CPE(part='a', product=name, version=version)
            if cpe not in self.host.facts['cpe']['application']:
                self.host.facts['cpe']['application'].append(cpe)
Esempio n. 9
0
    def collect(self):
        self.host.facts['cpe'] = {'os': [], 'application': [], 'hardware': []}

        from ..UNameCollector import UNameCollector
        UNameCollector(self.host, {}).collect()
        if self.host.facts['uname']['kernel_name'] == 'Linux':
            cpe = CPE()
            cpe.set_value('part', 'o')
            cpe.set_value('vendor', 'linux')
            cpe.set_value('product', 'linux_kernel')

            m = re.fullmatch(r'([0-9.]+)-(\S+)',
                             self.host.facts['uname']['kernel_release'])
            if m:
                cpe.set_value('version', m.group(1))
                cpe.set_value('update', m.group(2))

            if cpe not in self.host.facts['cpe']['os']:
                self.host.facts['cpe']['os'].append(cpe)
        elif self.host.facts['uname']['kernel_name'] == 'Windows NT':
            cpe = CPE()
            cpe.set_value('part', 'o')
            cpe.set_value('vendor', 'microsoft')
            cpe.set_value('product', 'windows')
            cpe.set_value('version', 'nt')

            if cpe not in self.host.facts['cpe']['os']:
                self.host.facts['cpe']['os'].append(cpe)

        # try:
        from .SysDmiCollector import SysDmiCollector
        SysDmiCollector(self.host, {}).collect()

        try:
            cpe = CPE(
                part='h',
                vendor=self.host.facts['devices']['dmi']['bios_vendor'],
                product='BIOS',
                version=self.host.facts['devices']['dmi']['bios_version'],
            )
            if cpe not in self.host.facts['cpe']['hardware']:
                self.host.facts['cpe']['hardware'].append(cpe)
        except KeyError:
            pass

        try:
            cpe = CPE(
                part='h',
                vendor=self.host.facts['devices']['dmi']['board_vendor'],
                product=self.host.facts['devices']['dmi']['board_name'],
                version=self.host.facts['devices']['dmi']['board_version'],
            )
            if cpe not in self.host.facts['cpe']['hardware']:
                self.host.facts['cpe']['hardware'].append(cpe)
        except KeyError:
            pass

        try:
            cpe = CPE(
                part='h',
                vendor=self.host.facts['devices']['dmi']['chassis_vendor'],
                product=self.host.facts['devices']['dmi']['chassis_type'],
                version=self.host.facts['devices']['dmi']['chassis_version'],
            )
            if cpe not in self.host.facts['cpe']['hardware']:
                self.host.facts['cpe']['hardware'].append(cpe)
        except KeyError:
            pass

        try:
            cpe = CPE(
                part='h',
                vendor=self.host.facts['devices']['dmi']['sys_vendor'],
                product=self.host.facts['devices']['dmi']['product_name'],
                version=self.host.facts['devices']['dmi']['product_version'],
            )
            if cpe not in self.host.facts['cpe']['hardware']:
                self.host.facts['cpe']['hardware'].append(cpe)
        except KeyError:
            pass

        from .ProcCpuidCollector import ProcCpuidCollector
        ProcCpuidCollector(self.host, {}).collect()

        for cpu in self.host.facts['devices']['processors']:
            try:
                cpe = CPE(
                    part='h',
                    vendor=cpu['vendor_id'],
                    product=cpu['model name'],
                    version=cpu['stepping'],
                )
                if cpe not in self.host.facts['cpe']['hardware']:
                    self.host.facts['cpe']['hardware'].append(cpe)
            except KeyError:
                pass

        # except:
        # from scap.collector.linux.LshwCollector import LshwCollector
        # LshwCollector(self.host, {}).collect()
        #
        # from scap.collector.linux.LspciCollector import LspciCollector
        # LspciCollector(self.host, {}).collect()
        #
        # from scap.collector.linux.LscpuCollector import LscpuCollector
        # LscpuCollector(self.host, {}).collect()
        # pass

        # os
        from scap.collector.linux.LsbReleaseCollector import LsbReleaseCollector
        LsbReleaseCollector(self.host, {}).collect()

        from scap.collector.UNameCollector import UNameCollector
        UNameCollector(self.host, {}).collect()

        # application
        for cpe in self.host.facts['cpe']['os']:
            if CPE(part='o', vendor='ubuntu').matches(cpe) \
            or CPE(part='o', vendor='debian').matches(cpe) \
            or CPE(part='o', vendor='linuxmint').matches(cpe):
                from scap.collector.linux.DpkgCollector import DpkgCollector
                DpkgCollector(self.host, {}).collect()

            # TODO Red Hat, CentOS: yum, rpm
            # TODO Fedora: dnf
            # TODO OpenSUSE: zypper
            # TODO Arch: pacman

        for cpe_part in self.host.facts['cpe']:
            for cpe in self.host.facts['cpe'][cpe_part]:
                logger.debug(cpe.to_uri_string())
    def collect(self):
        if 'registry' not in self.host.facts:
            self.host.facts['registry'] = {}

        if 'uninstall' in self.host.facts['registry']:
            return

        self.host.facts['registry']['uninstall'] = []
        entry = None
        last_name = None
        return_code, out_lines, err_lines = self.host.exec_command(
            'reg query HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall /s',
            encoding='cp437')
        for line in out_lines:
            # skip blank lines
            if re.match(r'^\s*$', line):
                continue

            # header line
            if line.startswith('HKEY_LOCAL_MACHINE'):
                if entry is not None:
                    self.host.facts['registry']['uninstall'].append(entry)
                entry = {'location': line}
                continue

            m = re.match(r'^\s*(\S+)\s+(\S+)\s*$', line)
            if m:
                name = m.group(1)
                last_name = name
                if name in self.VALUE_MAP:
                    name = self.VALUE_MAP[name]
                    entry[name] = ''
                elif name.startswith('Memento'):
                    pass
                else:
                    logger.debug('Unknown uninstall registry subkey: ' + name)

            m = re.match(r'^\s*(\S+)\s+(\S+)\s+(.+)\s*$', line)
            if m:
                name = m.group(1)
                last_name = name
                type_ = m.group(2)
                value = m.group(3)
                if name in self.VALUE_MAP:
                    name = self.VALUE_MAP[name]
                    entry[name] = value
                elif name.startswith('Memento'):
                    pass
                else:
                    logger.debug('Unknown uninstall registry subkey: ' + name)
            else:
                #logger.debug('Line with unknown format: ' + line)
                entry[name] += line

        for entry in self.host.facts['registry']['uninstall']:
            #logger.debug(str(entry))
            cpe = CPE(part='a')

            if 'publisher' not in entry:
                logger.debug('Uninstall entry with no publisher: ' +
                             entry['location'])
                continue
            cpe.set_value('vendor', entry['publisher'])
            if 'display_name' not in entry:
                logger.debug('Uninstall entry with no display_name: ' +
                             entry['location'])
                continue
            cpe.set_value('product', entry['display_name'])
            if 'display_version' in entry:
                cpe.set_value('version', entry['display_version'])

            if cpe not in self.host.facts['cpe']['application']:
                self.host.facts['cpe']['application'].append(cpe)
Esempio n. 11
0
def test_from_uri_to_wfn():
    assert CPE('cpe:/a:microsoft:internet_explorer:8.0.6001:beta').equal_to(
        CPE('wfn:[part="a",vendor="microsoft",product="internet_explorer",version="8\.0\.6001",update="beta",edition=ANY,language=ANY]'
            )) == True
    assert CPE('cpe:/a:microsoft:internet_explorer:8.%2a:sp%3f').equal_to(
        CPE('wfn:[part="a",vendor="microsoft",product="internet_explorer",version="8\.\*",update="sp\?",edition=ANY,language=ANY]'
            )) == True
    assert CPE('cpe:/a:microsoft:internet_explorer:8.%02:sp%01').equal_to(
        CPE('wfn:[part="a",vendor="microsoft",product="internet_explorer",version="8\.*",update="sp?",edition=ANY,language=ANY]'
            )) == True
    assert CPE(
        'cpe:/a:hp:insight_diagnostics:7.4.0.1570::~~online~win2003~x64~'
    ).equal_to(
        CPE('wfn:[part="a",vendor="hp",product="insight_diagnostics",version="7\.4\.0\.1570",update=ANY,edition=ANY,sw_edition="online",target_sw="win2003",target_hw="x64",other=ANY,language=ANY]'
            )) == True
    assert CPE(
        'cpe:/a:hp:openview_network_manager:7.51:-:~~~linux~~'
    ).equal_to(
        CPE('wfn:[part="a",vendor="hp",product="openview_network_manager",version="7\.51",update=NA,edition=ANY,sw_edition=ANY,target_sw="linux",target_hw=ANY,other=ANY,language=ANY]'
            )) == True
    assert CPE('cpe:/a:foo~bar:big%7emoney_2010').equal_to(
        CPE('wfn:[part="a",vendor="foo\~bar",product="big\~money_2010",version=ANY,update=ANY,edition=ANY,language=ANY]'
            )) == True
Esempio n. 12
0
    def collect(self):
        if 'lshw' in self.host.facts:
            return

        # TODO convert to a provider collector
        try:
            path = [{}]
            indents = [0]
            return_code, out_lines, err_lines = self.host.exec_command(
                'lshw', sudo=True)
            for line in out_lines:
                m = re.match(r'^([ ]+)\*-(\S+)', line)
                if m:
                    if 'vendor' in path[-1] and 'product' in path[
                            -1] and path[-1]['vendor'] != '000000000000':
                        cpe = CPE(part='h',
                                  vendor=path[-1]['vendor'],
                                  product=path[-1]['product'])
                        if 'version' in path[-1]:
                            cpe.set_value('version', path[-1]['version'])

                        # we don't add duplicates
                        if cpe not in self.host.facts['cpe']['hardware']:
                            self.host.facts['cpe']['hardware'].append(cpe)

                    indent = len(m.group(1))
                    hw_class = m.group(2)
                    cur_indent = indents[-1]
                    if indent > cur_indent:
                        # child; push onto the path
                        path[-1][hw_class] = {}
                        path.append(path[-1][hw_class])
                        indents.append(indent)
                    elif indent == cur_indent:
                        # sibling; pop then push
                        path.pop()
                        indents.pop()
                        path[-1][hw_class] = {}
                        path.append(path[-1][hw_class])
                        indents.append(indent)
                    else:
                        # indent < cur_indent
                        # parent; ascend till the indent is equal
                        parent_indent = indents[-1]
                        while parent_indent >= indent:
                            path.pop()
                            indents.pop()
                            parent_indent = indents[-1]
                        path[-1][hw_class] = {}
                        path.append(path[-1][hw_class])
                        indents.append(indent)
                    continue

                m = re.match(r'^\s+([^:]+): (.*)\s*$', line)
                if m:
                    if m.group(1) == 'configuration':
                        path[-1][m.group(1)] = {}

                        # the below mess is because the values don't escape spaces
                        # so guessing is required
                        keys = []
                        in_key = True
                        (k, v) = ('', '')
                        for c in m.group(2):
                            if in_key:
                                if c == '=':
                                    in_key = False
                                elif c == ' ':
                                    # not a key, append to prev value
                                    path[-1][m.group(1)][keys[-1]] += ' ' + k
                                    k = ''
                                else:
                                    k += c
                            else:
                                if c == ' ':
                                    in_key = True
                                    path[-1][m.group(1)][k] = v
                                    keys.append(k)
                                    (k, v) = ('', '')
                                else:
                                    v += c
                        path[-1][m.group(1)][k] = v
                    elif m.group(1) == 'capabilities':
                        path[-1][m.group(1)] = m.group(2).split(' ')
                    else:
                        path[-1][m.group(1)] = m.group(2)
        except:
            pass