-
Notifications
You must be signed in to change notification settings - Fork 0
/
victimscanWrapper.py
64 lines (47 loc) · 1.83 KB
/
victimscanWrapper.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
#!/usr/bin/env python2
import os
import magic
from validfile import validateFile
from victimscan import dirScan, jarScan, pomScan, updateVictims
# Instance to extract file mime type - Python-magic library
file_by_mime = magic.Magic(mime=True)
def update():
updateVictims()
def initiateScan(path_holder):
# Check if the argument is a file
#If a file and jar, war or ear, or pom.xml run victims on the file
if os.path.isfile(path_holder) and java_archivetype(path_holder):
# Perform victims scan on a jar file
jarScan(path_holder)
# Check if the argument passed in a
elif os.path.isdir(path_holder):
# Scan the directory with victims recursively for CVE
dirScan(path_holder)
elif pom_filetype(path_holder):
#Scan the pom.xml for CVEs
pomScan(path_holder)
# Error with scan or user params
else:
print("[-] Error occured with scan or user input")
def java_archivetype(file_to_check):
file_in_question = file_to_check
# If the file is a compressed file zip, gz, jar, war, ear we are accepting the file
# Check for type compressed or type jar
if (file_by_mime.from_file(file_in_question) == 'application/zip' or
file_by_mime.from_file(file_in_question) == 'application/jar'):
print("Acceptable MIME Type")
return True
else:
print("Jar file or a binary?! Something's not right with the scanner")
return False
def pom_filetype(file_to_check):
file_in_question = file_to_check
# Examining pom.xml seperately - to quickly call dependency-check or maven if needed
if (file_by_mime.from_file(file_in_question) == 'text/plain' or
file_by_mime.from_file(file_in_question) == 'application/xml'):
print("probably a text file or xml file")
# From validfile.py -- part of reason -- reuse of a function
return validateFile(file_in_question)
else:
print("pom.xml is invalid OR something is wrong")
return False