def Worker(home_location, post_process): """This is the actual worker which calls smaller functions in case of correct directory/file match is found. - Takes and removes item from queue - Detection in case of correct directory/file match is found - Compares found version against secure version in YAML - Calls logging Every worker runs in a loop. """ # Opens file handle to CSV try: report = IssueReport() except Exception: report.close() logging.error(traceback.format_exc()) return while 1: try: item = queue.get() if not item: break item_location, location, appname = item logging.info('Processing: %s (%s)', appname, item_location) for issue in database.issues[appname].itervalues(): logging.debug('Processing item %s with location %s with with appname %s issue %s', \ item_location, location, appname, issue) # Loads fingerprint function from YAML file and checks for # version from detected location fn = yaml_fn_dict[issue['fingerprint']] file_version = fn(item_location, issue['regexp']) # Makes sure we don't go forward without version number from the file if file_version: # Tests that version from file is smaller than secure version # with fingerprint function logging.debug('Comparing versions %s:%s for item %s', \ issue['secure_version'], file_version, item_location) if is_not_secure(issue['secure_version'], file_version, appname): # Executes post processing. Does not do anything in case # post_processing is not defined in yaml fingerprint. if post_process: try: if issue['post_processing'][0] == 'php5.fcgi': if not postprocess_php5fcgi(home_location, item_location): break except KeyError: pass # item_location is stripped from application location so that # we get cleaner output and actual installation directory install_dir = item_location[:item_location.find(location)] # Calls result handler (goes to CSV and log) handle_results(report, appname, file_version, install_dir, \ issue['cve'], issue['secure_version']) else: logging.debug('No version found from item: %s with regexp %s', \ item_location, issue['regexp']) except Exception: logging.error(traceback.format_exc()) report.close()
def test_php5fcgi(self): """File php5.fcgi is detected correctly.""" self.assertTrue(postprocess_php5fcgi('testfiles/', '')) self.assertFalse(postprocess_php5fcgi('yamls/', ''))
def Worker(home_location, post_process): """This is the actual worker which calls smaller functions in case of correct directory/file match is found. - Takes and removes item from queue - Detection in case of correct directory/file match is found - Compares found version against secure version in YAML - Calls logging Every worker runs in a loop. """ # Opens file handle to CSV try: report = IssueReport() except Exception: report.close() logging.error(traceback.format_exc()) return while 1: try: item = queue.get() if not item: break item_location, location, appname = item logging.info("Processing: %s (%s)", appname, item_location) for issue in database.issues[appname].itervalues(): logging.debug( "Processing item %s with location %s with with appname %s issue %s", item_location, location, appname, issue, ) # Loads fingerprint function from YAML file and checks for # version from detected location fn = yaml_fn_dict[issue["fingerprint"]] file_version = fn(item_location, issue["regexp"]) # Makes sure we don't go forward without version number from the file if file_version: # Tests that version from file is smaller than secure version # with fingerprint function logging.debug( "Comparing versions %s:%s for item %s", issue["secure_version"], file_version, item_location ) if is_not_secure(issue["secure_version"], file_version, appname): # Executes post processing. Does not do anything in case # post_processing is not defined in yaml fingerprint. # Do not do php5.fcgi check for public_html if not home_location: home_location = "/home" if item_location[len(os.path.abspath(home_location)) :].split("/")[:5][2] == "public_html": public_html_used = True else: public_html_used = False if post_process and not public_html_used: try: if issue["post_processing"][0] == "php5.fcgi": if not postprocess_php5fcgi(home_location, item_location): break except KeyError: pass # item_location is stripped from application location so that # we get cleaner output and actual installation directory install_dir = item_location[: item_location.find(location)] # Calls result handler (goes to CSV and log) handle_results( report, appname, file_version, install_dir, issue["cve"], issue["secure_version"] ) else: logging.debug("No version found from item: %s with regexp %s", item_location, issue["regexp"]) except Exception: logging.error(traceback.format_exc()) report.close()
def Worker(home_location, post_process): """This is the actual worker which calls smaller functions in case of correct directory/file match is found. - Takes and removes item from queue - Detection in case of correct directory/file match is found - Compares found version against secure version in YAML - Calls logging Every worker runs in a loop. """ # Opens file handle to CSV try: report = IssueReport() except Exception: report.close() logging.error(traceback.format_exc()) return while 1: try: item = queue.get() if not item: break item_location, location, appname = item logging.info('Processing: %s (%s)', appname, item_location) for issue in database.issues[appname].items(): logging.debug('Processing item %s with location %s with with appname %s issue %s', \ item_location, location, appname, issue) # Loads fingerprint function from YAML file and checks for # version from detected location fn = yaml_fn_dict[issue[1]['fingerprint']] file_version = fn(item_location, issue[1]['regexp']) # Makes sure we don't go forward without version number from the file if file_version: # Tests that version from file is smaller than secure version # with fingerprint function logging.debug('Comparing versions %s:%s for item %s', \ issue[1]['secure_version'], file_version, item_location) if is_not_secure(issue[1]['secure_version'], file_version, appname): # Executes post processing. Does not do anything in case # post_processing is not defined in yaml fingerprint. # Do not do php5.fcgi check for public_html if not home_location: home_location = '/home' if item_location[len(os.path.abspath(home_location) ):].split( '/')[:5][2] == 'public_html': public_html_used = True else: public_html_used = False if post_process and not public_html_used: try: if issue[1]['post_processing'][ 0] == 'php5.fcgi': if not postprocess_php5fcgi( home_location, item_location): break except KeyError: pass # item_location is stripped from application location so that # we get cleaner output and actual installation directory install_dir = item_location[:item_location. find(location)] # Calls result handler (goes to CSV and log) handle_results(report, appname, file_version, install_dir, \ issue[1]['cve'], issue[1]['secure_version']) else: logging.debug('No version found from item: %s with regexp %s', \ item_location, issue[1]['regexp']) except Exception: logging.error(traceback.format_exc()) report.close()