def check_old_results(csv_file):
"""Handles old CSV result files and detects if applications have been
updated or not.
"""
report = IssueReport()
# Exit in case csv_file is symlink
if os.path.islink(csv_file):
sys.exit("CSV file %s is a symlink. Exiting.." % csv_file)
reader = csv.reader(open(csv_file, "rb"), delimiter="|", quotechar="|")
# Opens database handle
database = Database("yamls/", includes=None)
total = 0
notfixed = 0
fixed = 0
for line in reader:
total += 1
appname = line[1]
file_location = line[2]
try:
for issue in database.issues[appname].itervalues():
for location in issue["location"]:
# Loads fingerprint function from YAML file and checks for
# version from detected location
fn = yaml_fn_dict[issue["fingerprint"]]
item_location = os.path.abspath(file_location + "/" + location)
if not os.path.exists(item_location):
fixed += 1
break
if not os.path.isfile(item_location):
break
print ("Checking version from: %s" % (item_location))
file_version = fn(item_location, issue["regexp"])
if not file_version:
break
# item_location is stripped from application location so that
# we get cleaner output and actual installation directory
install_dir = item_location[: item_location.find(location)]
if is_not_secure(issue["secure_version"], file_version, appname):
# Calls result handler (goes to CSV and log)
handle_results(
report, appname, file_version, file_location, issue["cve"], issue["secure_version"]
)
print ("NOT FIXED: %s (%s)" % (install_dir, appname))
notfixed += 1
else:
print ("FIXED: %s (%s)" % (install_dir, appname))
fixed += 1
except KeyError:
print traceback.format_exc()
pass
except TypeError:
print traceback.format_exc()
pass
if total == 0:
sys.exit("No lines in CSV file. Exiting..")
pers = fixed / total * 100
print "{0} of {1} have upgraded, which is {2:.2f}%.".format(fixed, total, pers)
report.close()
def check_old_results(csv_file):
"""Handles old CSV result files and detects if applications have been
updated or not.
"""
report = IssueReport()
# Exit in case csv_file is symlink
if os.path.islink(csv_file):
sys.exit('CSV file %s is a symlink. Exiting..' % csv_file)
reader = csv.reader(open(csv_file, 'rb'), delimiter='|', quotechar='|')
database = Database('yamls/', includes=None)
total = 0
notfixed = 0
fixed = 0
for line in reader:
total += 1
appname = line[1]
file_location = line[2]
try:
for issue in database.issues[appname].itervalues():
for location in issue['location']:
# Loads fingerprint function from YAML file and checks for
# version from detected location
fn = yaml_fn_dict[issue['fingerprint']]
item_location = os.path.abspath(file_location + '/' + location)
if not os.path.exists(item_location):
fixed += 1
break
if not os.path.isfile(item_location):
break
print('Checking version from: %s' % (item_location))
file_version = fn(item_location, issue['regexp'])
if not file_version:
break
# item_location is stripped from application location so that
# we get cleaner output and actual installation directory
install_dir = item_location[:item_location.find(location)]
if is_not_secure(issue['secure_version'], file_version, appname):
# Calls result handler (goes to CSV and log)
handle_results(report, appname, file_version, file_location, issue['cve'], issue['secure_version'])
print('NOT FIXED: %s (%s)' % (install_dir, appname))
notfixed += 1
else:
print('FIXED: %s (%s)' % (install_dir, appname))
fixed += 1
except KeyError as err:
print (str(err))
pass
except TypeError as err:
print (str(err))
pass
if total == 0:
sys.exit('No lines in CSV file. Exiting..')
pers = fixed / total * 100
print ('{0} of {1} have upgraded, which is {2:.2f}%.'.format(fixed, total, pers))
report.close()
def check_old_results(csv_file):
"""Handles old CSV result files and detects if applications have been
updated or not.
"""
report = IssueReport()
# Exit in case csv_file is symlink
if os.path.islink(csv_file):
sys.exit('CSV file %s is a symlink. Exiting..' % csv_file)
reader = csv.reader(open(csv_file, 'rb'), delimiter='|', quotechar='|')
database = Database('yamls/', includes=None)
total = 0
notfixed = 0
fixed = 0
for line in reader:
total += 1
appname = line[1]
file_location = line[2]
try:
for issue in database.issues[appname].itervalues():
for location in issue['location']:
# Loads fingerprint function from YAML file and checks for
# version from detected location
fn = yaml_fn_dict[issue['fingerprint']]
item_location = os.path.abspath(file_location + '/' + location)
if not os.path.exists(item_location):
fixed += 1
break
if not os.path.isfile(item_location):
break
print('Checking version from: %s' % (item_location))
file_version = fn(item_location, issue['regexp'])
if not file_version:
break
# item_location is stripped from application location so that
# we get cleaner output and actual installation directory
install_dir = item_location[:item_location.find(location)]
if is_not_secure(issue['secure_version'], file_version, appname):
# Calls result handler (goes to CSV and log)
handle_results(report, appname, file_version, file_location, issue['cve'], issue['secure_version'])
print('NOT FIXED: %s (%s)' % (install_dir, appname))
notfixed += 1
else:
print('FIXED: %s (%s)' % (install_dir, appname))
fixed += 1
except KeyError as err:
print (str(err))
pass
except TypeError as err:
print (str(err))
pass
if total == 0:
sys.exit('No lines in CSV file. Exiting..')
pers = fixed / total * 100
print ('{0} of {1} have upgraded, which is {2:.2f}%.'.format(fixed, total, pers))
report.close()
def Worker(home_location, post_process):
"""This is the actual worker which calls smaller functions in case of
correct directory/file match is found.
- Takes and removes item from queue
- Detection in case of correct directory/file match is found
- Compares found version against secure version in YAML
- Calls logging
Every worker runs in a loop.
"""
# Opens file handle to CSV
try:
report = IssueReport()
except Exception:
report.close()
logging.error(traceback.format_exc())
return
while 1:
try:
item = queue.get()
if not item:
break
item_location, location, appname = item
logging.info('Processing: %s (%s)', appname, item_location)
for issue in database.issues[appname].itervalues():
logging.debug('Processing item %s with location %s with with appname %s issue %s', \
item_location, location, appname, issue)
# Loads fingerprint function from YAML file and checks for
# version from detected location
fn = yaml_fn_dict[issue['fingerprint']]
file_version = fn(item_location, issue['regexp'])
# Makes sure we don't go forward without version number from the file
if file_version:
# Tests that version from file is smaller than secure version
# with fingerprint function
logging.debug('Comparing versions %s:%s for item %s', \
issue['secure_version'], file_version, item_location)
if is_not_secure(issue['secure_version'], file_version, appname):
# Executes post processing. Does not do anything in case
# post_processing is not defined in yaml fingerprint.
if post_process:
try:
if issue['post_processing'][0] == 'php5.fcgi':
if not postprocess_php5fcgi(home_location, item_location):
break
except KeyError:
pass
# item_location is stripped from application location so that
# we get cleaner output and actual installation directory
install_dir = item_location[:item_location.find(location)]
# Calls result handler (goes to CSV and log)
handle_results(report, appname, file_version, install_dir, \
issue['cve'], issue['secure_version'])
else:
logging.debug('No version found from item: %s with regexp %s', \
item_location, issue['regexp'])
except Exception:
logging.error(traceback.format_exc())
report.close()
def Worker(home_location, post_process):
"""This is the actual worker which calls smaller functions in case of
correct directory/file match is found.
- Takes and removes item from queue
- Detection in case of correct directory/file match is found
- Compares found version against secure version in YAML
- Calls logging
Every worker runs in a loop.
"""
# Opens file handle to CSV
try:
report = IssueReport()
except Exception:
report.close()
logging.error(traceback.format_exc())
return
while 1:
try:
item = queue.get()
if not item:
break
item_location, location, appname = item
logging.info('Processing: %s (%s)', appname, item_location)
for issue in database.issues[appname].items():
logging.debug('Processing item %s with location %s with with appname %s issue %s', \
item_location, location, appname, issue)
# Loads fingerprint function from YAML file and checks for
# version from detected location
fn = yaml_fn_dict[issue[1]['fingerprint']]
file_version = fn(item_location, issue[1]['regexp'])
# Makes sure we don't go forward without version number from the file
if file_version:
# Tests that version from file is smaller than secure version
# with fingerprint function
logging.debug('Comparing versions %s:%s for item %s', \
issue[1]['secure_version'], file_version, item_location)
if is_not_secure(issue[1]['secure_version'], file_version,
appname):
# Executes post processing. Does not do anything in case
# post_processing is not defined in yaml fingerprint.
# Do not do php5.fcgi check for public_html
if not home_location:
home_location = '/home'
if item_location[len(os.path.abspath(home_location)
):].split(
'/')[:5][2] == 'public_html':
public_html_used = True
else:
public_html_used = False
if post_process and not public_html_used:
try:
if issue[1]['post_processing'][
0] == 'php5.fcgi':
if not postprocess_php5fcgi(
home_location, item_location):
break
except KeyError:
pass
# item_location is stripped from application location so that
# we get cleaner output and actual installation directory
install_dir = item_location[:item_location.
find(location)]
# Calls result handler (goes to CSV and log)
handle_results(report, appname, file_version, install_dir, \
issue[1]['cve'], issue[1]['secure_version'])
else:
logging.debug('No version found from item: %s with regexp %s', \
item_location, issue[1]['regexp'])
except Exception:
logging.error(traceback.format_exc())
report.close()
def Worker(home_location, post_process):
"""This is the actual worker which calls smaller functions in case of
correct directory/file match is found.
- Takes and removes item from queue
- Detection in case of correct directory/file match is found
- Compares found version against secure version in YAML
- Calls logging
Every worker runs in a loop.
"""
# Opens file handle to CSV
try:
report = IssueReport()
except Exception:
report.close()
logging.error(traceback.format_exc())
return
while 1:
try:
item = queue.get()
if not item:
break
item_location, location, appname = item
logging.info("Processing: %s (%s)", appname, item_location)
for issue in database.issues[appname].itervalues():
logging.debug(
"Processing item %s with location %s with with appname %s issue %s",
item_location,
location,
appname,
issue,
)
# Loads fingerprint function from YAML file and checks for
# version from detected location
fn = yaml_fn_dict[issue["fingerprint"]]
file_version = fn(item_location, issue["regexp"])
# Makes sure we don't go forward without version number from the file
if file_version:
# Tests that version from file is smaller than secure version
# with fingerprint function
logging.debug(
"Comparing versions %s:%s for item %s", issue["secure_version"], file_version, item_location
)
if is_not_secure(issue["secure_version"], file_version, appname):
# Executes post processing. Does not do anything in case
# post_processing is not defined in yaml fingerprint.
# Do not do php5.fcgi check for public_html
if not home_location:
home_location = "/home"
if item_location[len(os.path.abspath(home_location)) :].split("/")[:5][2] == "public_html":
public_html_used = True
else:
public_html_used = False
if post_process and not public_html_used:
try:
if issue["post_processing"][0] == "php5.fcgi":
if not postprocess_php5fcgi(home_location, item_location):
break
except KeyError:
pass
# item_location is stripped from application location so that
# we get cleaner output and actual installation directory
install_dir = item_location[: item_location.find(location)]
# Calls result handler (goes to CSV and log)
handle_results(
report, appname, file_version, install_dir, issue["cve"], issue["secure_version"]
)
else:
logging.debug("No version found from item: %s with regexp %s", item_location, issue["regexp"])
except Exception:
logging.error(traceback.format_exc())
report.close()
