def Worker(home_location, post_process):
"""This is the actual worker which calls smaller functions in case of
correct directory/file match is found.
- Takes and removes item from queue
- Detection in case of correct directory/file match is found
- Compares found version against secure version in YAML
- Calls logging
Every worker runs in a loop.
"""
# Opens file handle to CSV
try:
report = IssueReport()
except Exception:
report.close()
logging.error(traceback.format_exc())
return
while 1:
try:
item = queue.get()
if not item:
break
item_location, location, appname = item
logging.info('Processing: %s (%s)', appname, item_location)
for issue in database.issues[appname].itervalues():
logging.debug('Processing item %s with location %s with with appname %s issue %s', \
item_location, location, appname, issue)
# Loads fingerprint function from YAML file and checks for
# version from detected location
fn = yaml_fn_dict[issue['fingerprint']]
file_version = fn(item_location, issue['regexp'])
# Makes sure we don't go forward without version number from the file
if file_version:
# Tests that version from file is smaller than secure version
# with fingerprint function
logging.debug('Comparing versions %s:%s for item %s', \
issue['secure_version'], file_version, item_location)
if is_not_secure(issue['secure_version'], file_version, appname):
# Executes post processing. Does not do anything in case
# post_processing is not defined in yaml fingerprint.
if post_process:
try:
if issue['post_processing'][0] == 'php5.fcgi':
if not postprocess_php5fcgi(home_location, item_location):
break
except KeyError:
pass
# item_location is stripped from application location so that
# we get cleaner output and actual installation directory
install_dir = item_location[:item_location.find(location)]
# Calls result handler (goes to CSV and log)
handle_results(report, appname, file_version, install_dir, \
issue['cve'], issue['secure_version'])
else:
logging.debug('No version found from item: %s with regexp %s', \
item_location, issue['regexp'])
except Exception:
logging.error(traceback.format_exc())
report.close()
def test_php5fcgi(self):
"""File php5.fcgi is detected correctly."""
self.assertTrue(postprocess_php5fcgi('testfiles/', ''))
self.assertFalse(postprocess_php5fcgi('yamls/', ''))
def Worker(home_location, post_process):
"""This is the actual worker which calls smaller functions in case of
correct directory/file match is found.
- Takes and removes item from queue
- Detection in case of correct directory/file match is found
- Compares found version against secure version in YAML
- Calls logging
Every worker runs in a loop.
"""
# Opens file handle to CSV
try:
report = IssueReport()
except Exception:
report.close()
logging.error(traceback.format_exc())
return
while 1:
try:
item = queue.get()
if not item:
break
item_location, location, appname = item
logging.info("Processing: %s (%s)", appname, item_location)
for issue in database.issues[appname].itervalues():
logging.debug(
"Processing item %s with location %s with with appname %s issue %s",
item_location,
location,
appname,
issue,
)
# Loads fingerprint function from YAML file and checks for
# version from detected location
fn = yaml_fn_dict[issue["fingerprint"]]
file_version = fn(item_location, issue["regexp"])
# Makes sure we don't go forward without version number from the file
if file_version:
# Tests that version from file is smaller than secure version
# with fingerprint function
logging.debug(
"Comparing versions %s:%s for item %s", issue["secure_version"], file_version, item_location
)
if is_not_secure(issue["secure_version"], file_version, appname):
# Executes post processing. Does not do anything in case
# post_processing is not defined in yaml fingerprint.
# Do not do php5.fcgi check for public_html
if not home_location:
home_location = "/home"
if item_location[len(os.path.abspath(home_location)) :].split("/")[:5][2] == "public_html":
public_html_used = True
else:
public_html_used = False
if post_process and not public_html_used:
try:
if issue["post_processing"][0] == "php5.fcgi":
if not postprocess_php5fcgi(home_location, item_location):
break
except KeyError:
pass
# item_location is stripped from application location so that
# we get cleaner output and actual installation directory
install_dir = item_location[: item_location.find(location)]
# Calls result handler (goes to CSV and log)
handle_results(
report, appname, file_version, install_dir, issue["cve"], issue["secure_version"]
)
else:
logging.debug("No version found from item: %s with regexp %s", item_location, issue["regexp"])
except Exception:
logging.error(traceback.format_exc())
report.close()
def Worker(home_location, post_process):
"""This is the actual worker which calls smaller functions in case of
correct directory/file match is found.
- Takes and removes item from queue
- Detection in case of correct directory/file match is found
- Compares found version against secure version in YAML
- Calls logging
Every worker runs in a loop.
"""
# Opens file handle to CSV
try:
report = IssueReport()
except Exception:
report.close()
logging.error(traceback.format_exc())
return
while 1:
try:
item = queue.get()
if not item:
break
item_location, location, appname = item
logging.info('Processing: %s (%s)', appname, item_location)
for issue in database.issues[appname].items():
logging.debug('Processing item %s with location %s with with appname %s issue %s', \
item_location, location, appname, issue)
# Loads fingerprint function from YAML file and checks for
# version from detected location
fn = yaml_fn_dict[issue[1]['fingerprint']]
file_version = fn(item_location, issue[1]['regexp'])
# Makes sure we don't go forward without version number from the file
if file_version:
# Tests that version from file is smaller than secure version
# with fingerprint function
logging.debug('Comparing versions %s:%s for item %s', \
issue[1]['secure_version'], file_version, item_location)
if is_not_secure(issue[1]['secure_version'], file_version,
appname):
# Executes post processing. Does not do anything in case
# post_processing is not defined in yaml fingerprint.
# Do not do php5.fcgi check for public_html
if not home_location:
home_location = '/home'
if item_location[len(os.path.abspath(home_location)
):].split(
'/')[:5][2] == 'public_html':
public_html_used = True
else:
public_html_used = False
if post_process and not public_html_used:
try:
if issue[1]['post_processing'][
0] == 'php5.fcgi':
if not postprocess_php5fcgi(
home_location, item_location):
break
except KeyError:
pass
# item_location is stripped from application location so that
# we get cleaner output and actual installation directory
install_dir = item_location[:item_location.
find(location)]
# Calls result handler (goes to CSV and log)
handle_results(report, appname, file_version, install_dir, \
issue[1]['cve'], issue[1]['secure_version'])
else:
logging.debug('No version found from item: %s with regexp %s', \
item_location, issue[1]['regexp'])
except Exception:
logging.error(traceback.format_exc())
report.close()
def test_php5fcgi(self):
"""File php5.fcgi is detected correctly."""
self.assertTrue(postprocess_php5fcgi('testfiles/', ''))
self.assertFalse(postprocess_php5fcgi('yamls/', ''))
