vrr/ntopng
2
0
Fork 0
mirror of https://github.com/ntop/ntopng.git synced 2026-04-29 15:39:33 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Fix indent

Browse source
This commit is contained in:
Alfredo Cardigliano 2023-11-13 15:09:57 +01:00
parent b9e1f68dd4
commit 6171f889b6
1 changed files with 196 additions and 196 deletions
Download patch file Download diff file Expand all files Collapse all files

392
scripts/lua/modules/vulnerability_scan/vs_utils.lua
View file

@ -107,7 +107,7 @@ function vs_utils.get_nmap_path()
for _,p in pairs(path) do
if(ntop.exists(p)) then
return(p..use_slow_scan)
return(p..use_slow_scan)
end
end
@ -126,9 +126,9 @@ function vs_utils.is_nmap_installed()
if(path ~= nil) then
for _,m in pairs(module_path) do
if(ntop.exists(m)) then
return true
end
if(ntop.exists(m)) then
return true
end
end
end
@ -373,8 +373,8 @@ local function check_differences(host, host_name, scan_type, old_data, new_data)
tprint(tcp_new_ports)
end
local tcp_ports_differences = check_ports_diffences( #tcp_old_ports, tcp_old_ports,
#tcp_new_ports, tcp_new_ports)
local tcp_ports_differences = check_ports_diffences(#tcp_old_ports, tcp_old_ports,
#tcp_new_ports, tcp_new_ports)
local rsp_tcp_diff = analyze_ports_diff(tcp_ports_differences)
if (rsp_tcp_diff.triggered) then
rsp["tcp_open_ports"] = rsp_tcp_diff.open_ports
@ -396,8 +396,8 @@ local function check_differences(host, host_name, scan_type, old_data, new_data)
tprint(udp_new_ports)
end
local udp_ports_differences = check_ports_diffences( #udp_old_ports, udp_old_ports,
#udp_new_ports, udp_new_ports)
local udp_ports_differences = check_ports_diffences(#udp_old_ports, udp_old_ports,
#udp_new_ports, udp_new_ports)
local rsp_udp_diff = analyze_ports_diff(udp_ports_differences)
if (rsp_udp_diff.triggered) then
rsp["udp_open_ports"] = rsp_udp_diff.open_ports
@ -467,7 +467,7 @@ function vs_utils.cleanup_nmap_result(scan_result, scan_type)
scan_result = lines(scan_result)
for i=1,4 do
table.remove(scan_result, 1)
table.remove(scan_result, 1)
end
table.remove(scan_result, #scan_result)
@ -480,41 +480,41 @@ function vs_utils.cleanup_nmap_result(scan_result, scan_type)
local udp_ports = {}
for _,l in pairs(scan_result) do
-- Ignore "open|filtered" ports
if((string.find(l, "open") ~= nil) and (string.find(l, "filtered") == nil)) then
local t = string.find(l, "/tcp ") or 0
local u = string.find(l, "/udp ") or 0
-- Ignore "open|filtered" ports
if((string.find(l, "open") ~= nil) and (string.find(l, "filtered") == nil)) then
local t = string.find(l, "/tcp ") or 0
local u = string.find(l, "/udp ") or 0
if (t > 0) then
num_open_ports = num_open_ports + 1
tcp_ports[#tcp_ports+1] = vs_utils.cleanup_port(true, l)
end
if (t > 0) then
num_open_ports = num_open_ports + 1
tcp_ports[#tcp_ports+1] = vs_utils.cleanup_port(true, l)
end
if(u > 0) then
num_open_ports = num_open_ports + 1
udp_ports[#udp_ports+1] = vs_utils.cleanup_port(false, l)
end
end
if(u > 0) then
num_open_ports = num_open_ports + 1
udp_ports[#udp_ports+1] = vs_utils.cleanup_port(false, l)
end
end
-- Escape XML/HTML code that might be present in the output
l = l:gsub("<", "&lt;")
l = l:gsub(">", "&gt;")
-- Escape XML/HTML code that might be present in the output
l = l:gsub("<", "&lt;")
l = l:gsub(">", "&gt;")
if(string.sub(l, 1, 2) == " [") then
local c = string.split(string.sub(l,3), "]")
local url = cve_utils.getDocURL(c[1], scan_type)
if(string.sub(l, 1, 2) == " [") then
local c = string.split(string.sub(l,3), "]")
local url = cve_utils.getDocURL(c[1], scan_type)
if(scan_type == "cve") then
l = '[<A HREF="'..url..'">'..c[1]..'</A>]'..c[2]
elseif(scan_type == "openvas") then
l = '[<A HREF="'..url..'">'..c[1]..'</A>]'..c[2]
end
if(scan_type == "cve") then
l = '[<A HREF="'..url..'">'..c[1]..'</A>]'..c[2]
elseif(scan_type == "openvas") then
l = '[<A HREF="'..url..'">'..c[1]..'</A>]'..c[2]
end
table.insert(cve, c[1])
num_vulnerabilities = num_vulnerabilities + 1
end
table.insert(cve, c[1])
num_vulnerabilities = num_vulnerabilities + 1
end
table.insert(scan_out, l)
table.insert(scan_out, l)
end
scan_result = table.concat(scan_out, "\n")
@ -546,18 +546,18 @@ function vs_utils.cleanup_nmap_vulners_result(scan_result, scan_type)
for _,l in pairs(scan_result) do
if(string.find(l, "open") ~= nil) then
local t = string.find(l, "/tcp ") or 0
local u = string.find(l, "/udp ") or 0
local t = string.find(l, "/tcp ") or 0
local u = string.find(l, "/udp ") or 0
if((t > 0) or (u > 0)) then
num_open_ports = num_open_ports + 1
end
if((t > 0) or (u > 0)) then
num_open_ports = num_open_ports + 1
end
end
if(string.find(l, "https://vulners.com/") ~= nil) then
local c = string.split(l, "\t")
table.insert(cve, c[2])
num_vulnerabilities = num_vulnerabilities + 1
local c = string.split(l, "\t")
table.insert(cve, c[2])
num_vulnerabilities = num_vulnerabilities + 1
end
table.insert(scan_out, l)
@ -615,17 +615,17 @@ local function get_cve_with_score(cve)
local max_score = 0
if(cve ~= nil) then
for _,cve_id in ipairs(cve) do
local score = cve_utils.getCVEscore(cve_id)
local score = cve_utils.getCVEscore(cve_id)
local cve_formatted = cve
if(score ~= nil) then
local cve_formatted = cve
if(score ~= nil) then
if(max_score < score) then
max_score = score
end
cve_formatted = string.format("%s|%s",cve_id,score)
end
cve_with_score_list[#cve_with_score_list+1] = cve_formatted
if(max_score < score) then
max_score = score
end
cve_formatted = string.format("%s|%s",cve_id,score)
end
cve_with_score_list[#cve_with_score_list+1] = cve_formatted
end
end
@ -740,9 +740,9 @@ function vs_utils.restore_host_to_scan()
ntop.lpushCache(host_scan_queue_key, hash_value_string)
-- set status to scheduled
vs_utils.set_status_scan( host_info_to_restore.scan_type, host_info_to_restore.host, host_info_to_restore.ports,
host_info_to_restore.id, host_info_to_restore.is_periodicity, host_info_to_restore.is_all,
vs_utils.scan_status.scheduled)
vs_utils.set_status_scan(host_info_to_restore.scan_type, host_info_to_restore.host, host_info_to_restore.ports,
host_info_to_restore.id, host_info_to_restore.is_periodicity, host_info_to_restore.is_all,
vs_utils.scan_status.scheduled)
end
end
end
@ -833,8 +833,8 @@ end
-- Function to update host scan values
function vs_utils.save_host_to_scan(scan_type, host, scan_result, last_scan_time, last_duration,
is_ok_last_scan, ports, scan_frequency, num_open_ports,
num_vulnerabilities_found, cve, id, is_edit, udp_ports, tcp_ports)
is_ok_last_scan, ports, scan_frequency, num_open_ports,
num_vulnerabilities_found, cve, id, is_edit, udp_ports, tcp_ports)
local checks = require "checks"
local trigger_alert = checks.isCheckEnabled("active_monitoring", "vulnerability_scan")
or checks.isCheckEnabled("system", "vulnerability_scan")
@ -854,33 +854,33 @@ function vs_utils.save_host_to_scan(scan_type, host, scan_result, last_scan_time
if already_scanned then
if(debug_me) then
tprint("ALREADY PRESENT-> CHECKING DIFF")
end
if(debug_me) then
tprint("ALREADY PRESENT-> CHECKING DIFF")
end
local old_cve_no_score = {}
for _,cve in ipairs(old_data.cve) do
old_cve_no_score[#old_cve_no_score+1] = split(cve,"|")[1]
end
local old_cve_no_score = {}
for _,cve in ipairs(old_data.cve) do
old_cve_no_score[#old_cve_no_score+1] = split(cve,"|")[1]
end
local host_info_to_cache = check_differences(host, host_name,
scan_type,
{
vulnerabilities = old_data.num_vulnerabilities_found,
ports = old_data.num_open_ports,
cve = old_cve_no_score,
tcp_ports = {num_ports = old_data.tcp_ports, ports = old_data.tcp_ports_list },
udp_ports = {num_ports = old_data.udp_ports, ports = old_data.udp_ports_list}
},
{
vulnerabilities = num_vulnerabilities_found,
ports = num_open_ports,
cve = cve,
tcp_ports = tcp_ports,
udp_ports = udp_ports,
last_scan_time = last_scan_time
local host_info_to_cache = check_differences(host, host_name,
scan_type,
{
vulnerabilities = old_data.num_vulnerabilities_found,
ports = old_data.num_open_ports,
cve = old_cve_no_score,
tcp_ports = {num_ports = old_data.tcp_ports, ports = old_data.tcp_ports_list },
udp_ports = {num_ports = old_data.udp_ports, ports = old_data.udp_ports_list}
},
{
vulnerabilities = num_vulnerabilities_found,
ports = num_open_ports,
cve = cve,
tcp_ports = tcp_ports,
udp_ports = udp_ports,
last_scan_time = last_scan_time
})
})
if host_info_to_cache then
ntop.rpushCache(scanned_hosts_changes_key, json.encode(host_info_to_cache))
end
@ -933,13 +933,13 @@ function vs_utils.save_host_to_scan(scan_type, host, scan_result, last_scan_time
last_duration = secondsToTime(last_duration)
new_item.last_scan = {
epoch = last_scan_time,
--time = time_formatted,
duration = last_duration
epoch = last_scan_time,
--time = time_formatted,
duration = last_duration
}
if is_ok_last_scan == vs_utils.scan_status.ok then
new_item.is_ok_last_scan = vs_utils.scan_status.ok
new_item.is_ok_last_scan = vs_utils.scan_status.ok
end
end
@ -1112,35 +1112,35 @@ function vs_utils.notify_scan_results(is_periodic, periodicity)
if (periodicity and periodicity == "1day") then
notification_message = i18n("hosts_stats.page_scan_hosts.email.periodicity_scan_1_day_ended", {
cves = format_num_for_email(cve_num,0),
udp_ports = format_num_for_email(udp_ports,1),
tcp_ports = format_num_for_email(tcp_ports,2),
cves = format_num_for_email(cve_num,0),
udp_ports = format_num_for_email(udp_ports,1),
tcp_ports = format_num_for_email(tcp_ports,2),
scanned_hosts = format_num_for_email(scanned_hosts, 3),
url = getHttpHost() .. ntop.getHttpPrefix() .. "/lua/pro/reportng.lua?report_template=vs_result",
duration = duration_label,
url = getHttpHost() .. ntop.getHttpPrefix() .. "/lua/pro/reportng.lua?report_template=vs_result",
duration = duration_label,
start_date = start_date_formatted,
end_date = end_date_formatted
})
elseif (periodicity and periodicity == "1week") then
notification_message = i18n("hosts_stats.page_scan_hosts.email.periodicity_scan_1_week_ended", {
cves = format_num_for_email(cve_num,0),
udp_ports = format_num_for_email(udp_ports,1),
tcp_ports = format_num_for_email(tcp_ports,2),
cves = format_num_for_email(cve_num,0),
udp_ports = format_num_for_email(udp_ports,1),
tcp_ports = format_num_for_email(tcp_ports,2),
scanned_hosts = format_num_for_email(scanned_hosts, 3),
url = getHttpHost() .. ntop.getHttpPrefix() .. "/lua/pro/reportng.lua?report_template=vs_result",
duration = duration_label,
url = getHttpHost() .. ntop.getHttpPrefix() .. "/lua/pro/reportng.lua?report_template=vs_result",
duration = duration_label,
start_date = start_date_formatted,
end_date = end_date_formatted
})
else
-- on demand scan
notification_message = i18n("hosts_stats.page_scan_hosts.email.scan_all_ended", {
cves = format_num_for_email(cve_num,0),
udp_ports = format_num_for_email(udp_ports,1),
tcp_ports = format_num_for_email(tcp_ports,2),
cves = format_num_for_email(cve_num,0),
udp_ports = format_num_for_email(udp_ports,1),
tcp_ports = format_num_for_email(tcp_ports,2),
scanned_hosts = format_num_for_email(scanned_hosts, 3),
url = getHttpHost() .. ntop.getHttpPrefix() .. "/lua/pro/reportng.lua?report_template=vs_result",
duration = duration_label,
url = getHttpHost() .. ntop.getHttpPrefix() .. "/lua/pro/reportng.lua?report_template=vs_result",
duration = duration_label,
start_date = start_date_formatted,
end_date = end_date_formatted,
@ -1154,11 +1154,11 @@ function vs_utils.notify_scan_results(is_periodic, periodicity)
recipients.sendMessageByNotificationType({periodicity = periodicity, success = true, message = notification_message, title = title}, "vulnerability_scans")
ntop.setCache(info_redis_key,json.encode({
cves = 0,
udp_ports = 0,
tcp_ports = 0,
begin_epoch = 0,
scanned_hosts = 0
cves = 0,
udp_ports = 0,
tcp_ports = 0,
begin_epoch = 0,
scanned_hosts = 0
}))
end
@ -1382,20 +1382,20 @@ function vs_utils.delete_host_to_scan(host, scan_type, all)
-- Remove this host from active schedules
local elems = {}
while(true) do
local e = ntop.lpopCache(host_scan_queue_key)
local e = ntop.lpopCache(host_scan_queue_key)
if(e == nil) then
break
else
local r = json.decode(e)
if(not((r.scan_type == "cve") and (r.host == "127.0.0.1"))) then
table.insert(elems, e)
end
end
if(e == nil) then
break
else
local r = json.decode(e)
if(not((r.scan_type == "cve") and (r.host == "127.0.0.1"))) then
table.insert(elems, e)
end
end
end
for _,i in pairs(elems) do
ntop.lpushCache(host_scan_queue_key, i)
ntop.lpushCache(host_scan_queue_key, i)
end
end
@ -1451,12 +1451,12 @@ function vs_utils.list_scan_modules()
for name in pairs(ntop.readdir(basedir)) do
if(ends(name, ".lua")) then
name = string.sub(name, 1, string.len(name)-4) -- remove .lua trailer
local m = vs_utils.load_module(name)
name = string.sub(name, 1, string.len(name)-4) -- remove .lua trailer
local m = vs_utils.load_module(name)
if(m:is_enabled()) then
table.insert(modules, name)
end
if(m:is_enabled()) then
table.insert(modules, name)
end
end
end
@ -1507,7 +1507,7 @@ function vs_utils.scan_host(scan_type, host, ports, scan_id, use_coroutines)
-- Nothing to do
else
if (isEmptyString(ports)) then
ports = vs_utils.discover_open_ports(host)
ports = vs_utils.discover_open_ports(host)
end
end
@ -1547,7 +1547,7 @@ function vs_utils.scan_host(scan_type, host, ports, scan_id, use_coroutines)
if (isAlreadyPresent({host= host, scan_type= scan_type})) then
vs_utils.save_host_to_scan(scan_type, host, result, now, duration, scan_result,
ports_scan_param, nil, num_open_ports, num_vulnerabilities_found, cve, scan_id, false, udp_ports, tcp_ports)
ports_scan_param, nil, num_open_ports, num_vulnerabilities_found, cve, scan_id, false, udp_ports, tcp_ports)
end
return true
@ -1600,8 +1600,8 @@ function vs_utils.schedule_ondemand_all_hosts_scan()
local is_scanning_almost_one = false
if #host_to_scan_list > 0 then
for _,scan_info in ipairs(host_to_scan_list) do
vs_utils.schedule_ondemand_single_host_scan(scan_info.scan_type, scan_info.host, scan_info.ports, scan_info.id, false, true)
is_scanning_almost_one = true
vs_utils.schedule_ondemand_single_host_scan(scan_info.scan_type, scan_info.host, scan_info.ports, scan_info.id, false, true)
is_scanning_almost_one = true
end
end
@ -1610,11 +1610,11 @@ function vs_utils.schedule_ondemand_all_hosts_scan()
end
ntop.setCache(ondemand_scan_host_info_key, json.encode({
cves = 0,
udp_ports = 0,
tcp_ports = 0,
begin_epoch = os.time(),
scanned_host = 0
cves = 0,
udp_ports = 0,
tcp_ports = 0,
begin_epoch = os.time(),
scanned_host = 0
}))
return true
@ -1633,13 +1633,13 @@ function vs_utils.schedule_periodic_scan(periodicity)
local is_scanning_almost_one = false
for _,scan_info in ipairs(host_to_scan_list) do
local frequency = scan_info.scan_frequency
if(frequency == periodicity) then
vs_utils.schedule_ondemand_single_host_scan(scan_info.scan_type, scan_info.host, scan_info.ports, scan_info.id, true, false)
is_scanning_almost_one = true
end
end
for _,scan_info in ipairs(host_to_scan_list) do
local frequency = scan_info.scan_frequency
if(frequency == periodicity) then
vs_utils.schedule_ondemand_single_host_scan(scan_info.scan_type, scan_info.host, scan_info.ports, scan_info.id, true, false)
is_scanning_almost_one = true
end
end
if is_scanning_almost_one then
@ -1648,10 +1648,10 @@ function vs_utils.schedule_periodic_scan(periodicity)
ntop.setCache(periodic_scan_host_info_key , json.encode({
cves = 0,
udp_ports = 0,
tcp_ports = 0,
begin_epoch = os.time(),
cves = 0,
udp_ports = 0,
tcp_ports = 0,
begin_epoch = os.time(),
scanned_hosts = 0
}))
@ -1677,19 +1677,19 @@ function vs_utils.process_oldest_scheduled_scan(use_coroutines)
local elem = json.decode(elem)
if(use_coroutines) then
if(debug_me) then traceError(TRACE_NORMAL, TRACE_CONSOLE, "Starting scan on host "..elem.host.."["..elem.scan_type .."]") end
return(coroutine.create(function () vs_utils.scan_host(elem.scan_type, elem.host, elem.ports, elem.id, use_coroutines) end))
if(debug_me) then traceError(TRACE_NORMAL, TRACE_CONSOLE, "Starting scan on host "..elem.host.."["..elem.scan_type .."]") end
return(coroutine.create(function () vs_utils.scan_host(elem.scan_type, elem.host, elem.ports, elem.id, use_coroutines) end))
else
vs_utils.scan_host(elem.scan_type, elem.host, elem.ports, elem.id, use_coroutines)
vs_utils.scan_host(elem.scan_type, elem.host, elem.ports, elem.id, use_coroutines)
return true
return true
end
else
if(use_coroutines) then
if(debug_me) then traceError(TRACE_NORMAL, TRACE_CONSOLE, "No host to scan") end
return nil
if(debug_me) then traceError(TRACE_NORMAL, TRACE_CONSOLE, "No host to scan") end
return nil
else
return false
return false
end
end
end
@ -1710,21 +1710,21 @@ function vs_utils.process_all_scheduled_scans(max_num_scans, use_coroutines)
local do_inc = true
if(use_coroutines) then
if(res == nil) then
break -- nothing to do
do_inc = false
else
co[#co + 1] = res
end
if(res == nil) then
break -- nothing to do
do_inc = false
else
co[#co + 1] = res
end
else
if(res == false) then
break
end
if(res == false) then
break
end
end
if(do_inc) then
max_num_scans = max_num_scans - 1
num = num + 1
max_num_scans = max_num_scans - 1
num = num + 1
end
end
@ -1734,27 +1734,27 @@ function vs_utils.process_all_scheduled_scans(max_num_scans, use_coroutines)
-- See snmp_poll.lua
while(not(ntop.isShuttingDown())) do
local tot = #co
local keep_on = false
local tot = #co
local keep_on = false
for i = 1, tot do
if coroutine.status(co[i]) ~= "dead" then
local rc, msg = coroutine.resume(co[i])
for i = 1, tot do
if coroutine.status(co[i]) ~= "dead" then
local rc, msg = coroutine.resume(co[i])
-- Note that resume runs in protected mode.
-- Therefore, if there is any error inside a coroutine, Lua will not show the error message,
-- but instead will return it to the resume call.
if not rc then
traceError(TRACE_NORMAL, TRACE_CONSOLE, msg or "Unknown error occurred")
end
-- Note that resume runs in protected mode.
-- Therefore, if there is any error inside a coroutine, Lua will not show the error message,
-- but instead will return it to the resume call.
if not rc then
traceError(TRACE_NORMAL, TRACE_CONSOLE, msg or "Unknown error occurred")
end
keep_on = rc or keep_on
end
end -- for
keep_on = rc or keep_on
end
end -- for
if(keep_on == false) then
break
end
if(keep_on == false) then
break
end
end -- while
end
@ -1785,7 +1785,7 @@ function vs_utils.get_active_hosts(host, cidr)
local l = lines(out)
for _,h in pairs(l) do
result[#result+1] = h
result[#result+1] = h
end
end
@ -1945,23 +1945,23 @@ function vs_utils.runCommand(scan_command, use_coroutines)
if(debug_me) then traceError(TRACE_NORMAL, TRACE_CONSOLE, "Started " .. scan_command) end
if(use_coroutines) then
if(true) then
local job_id = ntop.execCmdAsync(scan_command)
if(true) then
local job_id = ntop.execCmdAsync(scan_command)
result = nil
result = nil
while((result == nil) and not(ntop.isShuttingDown())) do
coroutine.yield()
result = ntop.readResultCmdAsync(job_id)
ntop.msleep(100)
end
while((result == nil) and not(ntop.isShuttingDown())) do
coroutine.yield()
result = ntop.readResultCmdAsync(job_id)
ntop.msleep(100)
end
if(debug_me) then tprint(result) end
else
coroutine.yield()
end
if(debug_me) then tprint(result) end
else
coroutine.yield()
end
else
result = ntop.execCmd(scan_command)
result = ntop.execCmd(scan_command)
end
end
@ -2031,13 +2031,13 @@ function vs_utils.migrate_keys()
for key, _ in pairs(hosts) do
if(string.contains(key, from_key)) then
value = ntop.getHashCache(host_to_scan_key, key)
value = ntop.getHashCache(host_to_scan_key, key)
new_key = key:gsub(from_key, to_key)
new_value = value:gsub(from_key, to_key)
new_key = key:gsub(from_key, to_key)
new_value = value:gsub(from_key, to_key)
ntop.setHashCache(host_to_scan_key, new_key, new_value)
ntop.delHashCache(host_to_scan_key, key)
ntop.setHashCache(host_to_scan_key, new_key, new_value)
ntop.delHashCache(host_to_scan_key, key)
end
end
end