Esempio n. 1
0
def main(parsed_args):
    if parsed_args.is_initialization_required():
        # Init db
        db_composer = DBComposer()
        db_composer.compose_vuln_db()
    elif parsed_args.get_cve():
        # Get product from CVE
        m = MongoDbDriver()
        print(
            json.dumps(m.get_products_from_CVE(parsed_args.get_cve()),
                       sort_keys=True,
                       indent=4))
    elif parsed_args.get_bid():
        # Get product from BID
        m = MongoDbDriver()
        print(
            json.dumps(m.get_products_from_BID(parsed_args.get_bid()),
                       sort_keys=True,
                       indent=4))
    else:
        m = MongoDbDriver()
        if parsed_args.is_only_product_check():
            # Checks if vulnerabilities exists
            print(
                m.has_vulnerabilities(parsed_args.get_product(),
                                      parsed_args.get_product_version()))
        else:
            # Gets cves
            print(
                json.dumps(m.get_vulnerabilities(
                    parsed_args.get_product(),
                    parsed_args.get_product_version()),
                           sort_keys=True,
                           indent=4))
def main(parsed_args):
    m = MongoDbDriver()
    if not parsed_args.is_history_requested():
        docker_driver = DockerDriver()
        # Scans the docker image/container
        if parsed_args.get_docker_image_name():  # Scan the docker image
            products = get_soft_from_docker_image(
                docker_driver, parsed_args.get_docker_image_name())
            image_name = parsed_args.get_docker_image_name()
        else:  # Scan the docker container
            products = get_soft_from_docker_container_id(
                docker_driver, parsed_args.get_container_id())
            image_name = docker_driver.get_docker_image_name_from_container_id(
                parsed_args.get_container_id())
        # Evaluate the installed software
        evaluated_docker_image = evaluate_products(image_name, products)
        # Update the scan history
        m.insert_docker_image_scan_result_to_history(evaluated_docker_image)
        # Prepares output
        evaluated_docker_image['timestamp'] = str(
            datetime.datetime.utcfromtimestamp(
                evaluated_docker_image['timestamp']))
        del evaluated_docker_image['_id']
        print(json.dumps(evaluated_docker_image, sort_keys=True, indent=4))
    else:  # Gets the history
        print(
            json.dumps(m.get_docker_image_history(
                parsed_args.get_docker_image_name()),
                       sort_keys=True,
                       indent=4))
Esempio n. 3
0
 def __init__(self):
     super(DBComposer, self).__init__()
     self.mongoDbDriver = MongoDbDriver()
Esempio n. 4
0
class DBComposer:

    # -- Public methods

    # DBComposer Constructor
    def __init__(self):
        super(DBComposer, self).__init__()
        self.mongoDbDriver = MongoDbDriver()

    # Compose vuln DB
    def compose_vuln_db(self):
        # Clean collections
        print("Cleaning vuln_DB ...", flush=True)
        self.mongoDbDriver.delete_cve_collection()
        self.mongoDbDriver.delete_bid_collection()
        self.mongoDbDriver.delete_exploit_db_collection()

        # Adding CVEs
        print("\nAdding CVEs ...", flush=True)
        time.sleep(1)  # Avoids race condition in stdout
        bar = progressbar.ProgressBar(redirect_stdout=True)
        for i in bar(range(2002, 2017)):
            self.mongoDbDriver.bulk_insert_cves(
                self.__get_cve_list_from_file(i))

        # Adding Exploit_db
        time.sleep(1)  # Avoids race condition in stdout
        print("\nAdding Exploit_db ...", flush=True)
        self.__get_and_insert_exploit_db_from_csv()

        # Adding BugTraqs
        time.sleep(1)  # Avoids race condition in stdout
        print("\nAdding BugTraqs (BIDs) ...", flush=True)
        self.__get_and_insert_bug_traqs_from_file()

    # -- Private methods

    # Gets and inserts BugTraq list from file
    def __get_and_insert_bug_traqs_from_file(self):
        r = requests.get(
            "https://github.com/eliasgranderubio/bidDB_downloader/raw/master/bonus_track/20161118_sf_db.json.gz"
        )
        compressed_file = io.BytesIO(r.content)
        decompressed_file = gzip.GzipFile(fileobj=compressed_file)
        bar = progressbar.ProgressBar(redirect_stdout=True,
                                      max_value=len(
                                          decompressed_file.readlines()))
        decompressed_file.seek(0)
        counter = 0
        items = set()
        for line in decompressed_file:
            counter += 1
            bar.update(counter)
            try:
                json_data = json.loads(line.decode("utf-8"))
                bugtraq_id = json_data['bugtraq_id']
                vuln_products = json_data['vuln_products']
                for vuln_product in vuln_products:
                    matchObj = re.search("[\s\-]([0-9]+(\.[0-9]+)*)",
                                         vuln_product)
                    if matchObj:
                        version = matchObj.group()
                        version = version.rstrip().lstrip()
                        if version.startswith('-'):
                            version = version[1:]
                        if version:
                            product = vuln_product[:vuln_product.index(version
                                                                       ) -
                                                   1].rstrip().lstrip()
                            item = str(bugtraq_id) + "#" + product.lower(
                            ) + "#" + str(version)
                            if item not in items:
                                items.add(item)
            except:
                None
            # Bulk insert
            if len(items) > 8000:
                self.mongoDbDriver.bulk_insert_bids(list(items))
                items.clear()
        # Final bulk insert
        if len(items) > 0:
            self.mongoDbDriver.bulk_insert_bids(list(items))
            items.clear()

    # Gets and inserts Exploit_db list from csv file
    def __get_and_insert_exploit_db_from_csv(self):
        r = requests.get(
            'https://github.com/offensive-security/exploit-database/raw/master/files.csv'
        )
        items = set()
        bar = progressbar.ProgressBar(redirect_stdout=True)
        for line in bar(r.content.decode("utf-8").split("\n")):
            splitted_line = line.split(',')
            if splitted_line[0] != 'id' and len(splitted_line) > 3:
                exploit_db_id = splitted_line[0]
                description = splitted_line[2][1:len(splitted_line[2]) - 1]
                if '-' in description:
                    description = description[0:description.index('-')].lstrip(
                    ).rstrip().lower()
                    iterator = re.finditer("([0-9]+(\.[0-9]+)+)", description)
                    match = next(iterator, None)
                    if match:
                        version = match.group()
                        description = description[:description.index(
                            version)].rstrip().lstrip()
                        item = str(exploit_db_id
                                   ) + "#" + description + "#" + str(version)
                        if item not in items:
                            items.add(item)
                        for match in iterator:
                            version = match.group()
                            item = str(
                                exploit_db_id) + "#" + description + "#" + str(
                                    version)
                            if item not in items:
                                items.add(item)
                    # Bulk insert
                    if len(items) > 8000:
                        self.mongoDbDriver.bulk_insert_exploit_db_ids(
                            list(items))
                        items.clear()
        # Final bulk insert
        if len(items) > 0:
            self.mongoDbDriver.bulk_insert_exploit_db_ids(list(items))
            items.clear()

    # -- Static methods

    # Generate CVE list from file
    @staticmethod
    def __get_cve_list_from_file(year):
        cve_set = set()
        r = requests.get(
            "https://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-" +
            str(year) + ".xml.gz")
        xml_file_content = zlib.decompress(r.content, 16 + zlib.MAX_WBITS)
        root = ET.fromstring(xml_file_content)
        for entry in root.findall(
                "{http://scap.nist.gov/schema/feed/vulnerability/2.0}entry"):
            vuln_soft_list = entry.find(
                "{http://scap.nist.gov/schema/vulnerability/0.4}vulnerable-software-list"
            )
            if vuln_soft_list is not None:
                for vuln_product in vuln_soft_list.findall(
                        "{http://scap.nist.gov/schema/vulnerability/0.4}product"
                ):
                    splitted_product = vuln_product.text.split(":")
                    if len(splitted_product) > 4:
                        item = entry.attrib.get("id") + "#" + splitted_product[
                            3] + "#" + splitted_product[4]
                        if item not in cve_set:
                            cve_set.add(item)
        return list(cve_set)
def check_cves(product, version):
    m = MongoDbDriver()
    if m.has_vulnerabilities(product, version):
        return 'VULN'
    else:
        return 'OK'