From 7e2c6b3ee85fc1866d98d39c754348e97e81e79c Mon Sep 17 00:00:00 2001
From: gbucchino <gbucchino@fortinet-us.com>
Date: Tue, 6 Jun 2023 16:55:22 +0200
Subject: [PATCH] Update parsing and move files

---
 config.py                             |  6 +++++
 issues.py                             | 35 +++++++++++++++++++++++++++
 issues/__init__.py                    |  1 +
 {vulnerabilities => issues}/calls.py  |  0
 {vulnerabilities => issues}/sysctl.py |  6 ++---
 {vulnerabilities => issues}/system.py |  0
 parsing/sysctl.py                     | 31 +++++++++++++++---------
 sysctl.py                             |  4 +--
 8 files changed, 66 insertions(+), 17 deletions(-)
 create mode 100644 config.py
 create mode 100644 issues.py
 create mode 100644 issues/__init__.py
 rename {vulnerabilities => issues}/calls.py (100%)
 rename {vulnerabilities => issues}/sysctl.py (76%)
 rename {vulnerabilities => issues}/system.py (100%)

diff --git a/config.py b/config.py
new file mode 100644
index 0000000..656da7c
--- /dev/null
+++ b/config.py
@@ -0,0 +1,6 @@
+#!/usr/bin/env python3
+
+# Constantes
+HIGH = "high"
+MEDIUM = "medium"
+LOW = "low"
diff --git a/issues.py b/issues.py
new file mode 100644
index 0000000..473c8cf
--- /dev/null
+++ b/issues.py
@@ -0,0 +1,35 @@
+#!/usr/bin/env python3
+
+class Issues:
+    OS = ['Debian', 'Ubuntu', 'Redhat']
+    CATEGORY = ['cve', 'cis']
+
+    def __init__(self, alias, os, severity, priority, component, description, category):
+        self._alias = alias # CVE-xxxx-yyyy
+        self._os = os
+        self._severity = severity
+        self._priority = priority
+        self._component = component
+        self._description = description
+        self._category = category
+
+    def getAlias(self) -> str:
+        return self._alias
+
+    def getOs(self) -> str:
+        return self._os
+
+    def getSeverity(self) -> str:
+        return self._severity
+
+    def getPriority(self) -> str:
+        return self._priority
+
+    def getComponent(self) -> str:
+        return self._component
+
+    def getDescription(self) -> str:
+        return self._description
+
+    def getCategory(self) -> str:
+        return self._category
diff --git a/issues/__init__.py b/issues/__init__.py
new file mode 100644
index 0000000..e5a0d9b
--- /dev/null
+++ b/issues/__init__.py
@@ -0,0 +1 @@
+#!/usr/bin/env python3
diff --git a/vulnerabilities/calls.py b/issues/calls.py
similarity index 100%
rename from vulnerabilities/calls.py
rename to issues/calls.py
diff --git a/vulnerabilities/sysctl.py b/issues/sysctl.py
similarity index 76%
rename from vulnerabilities/sysctl.py
rename to issues/sysctl.py
index 49d5652..a0c3f12 100644
--- a/vulnerabilities/sysctl.py
+++ b/issues/sysctl.py
@@ -9,11 +9,10 @@ def sysctl() -> list:
     sysctl.append({
         "from": "cve",
         "id": "cve-2023-0179",
-        "description": "",
+        "description": "A buffer overflow vulnerability was be found in Linux system. An hacker can allow privilege escalation through Netfilter subsystem",
         "flag": "kernel.unprivileged_userns_clone",
         "value": 0,
         "level": "medium",
-        "recommendation": "You should disable this flag for resolving the issue",
         "affectedSystem": ({
             'linux': "Debian",
             'release': 'buster',
@@ -27,9 +26,8 @@ def sysctl() -> list:
         "id": "",
         "description": "Disable IPv4 forwarding",
         "flag": "net.ipv4.conf.all.forwarding",
-        "recommendation": "You should disable this flag for resolving the issue",
         "value": 0,
-        "level": "medium"
+        "level": "medium",
     })
 
     return sysctl
diff --git a/vulnerabilities/system.py b/issues/system.py
similarity index 100%
rename from vulnerabilities/system.py
rename to issues/system.py
diff --git a/parsing/sysctl.py b/parsing/sysctl.py
index 87e0390..8de2c84 100644
--- a/parsing/sysctl.py
+++ b/parsing/sysctl.py
@@ -24,46 +24,55 @@ class Parsing(ParsingBase):
 
         self._constructResults(filename='/etc/sysctl.conf')
 
-        resultsFlag = dict()
+        vulnerabilityFound = dict()
 
         # I create an array which contains all flag we need to find
         # After that, for each data, I put the number of occurence I found.
         # If the array is empty, no entry found for a flag, otherwise, we check the value
         for obj in self._objects['sysctl']:
-            resultsFlag[obj['flag']] = dict()
-            resultsFlag[obj['flag']]['recommand_value'] = obj['value']
-            resultsFlag[obj['flag']]['occurence'] = 0
+            vulnerabilityFound[obj['flag']] = dict()
+            vulnerabilityFound[obj['flag']]['recommand_value'] = obj['value']
+            vulnerabilityFound[obj['flag']]['occurence'] = 0
+            for item in obj:
+                vulnerabilityFound[obj['flag']][item] = obj[item]
+
+        print("")
 
         for line in lines:
             line = line.decode("utf-8")
 
             for obj in self._objects['sysctl']:
-                result = self._parsingFile(line, obj, resultsFlag)
+                result = self._parsingFile(line, obj, vulnerabilityFound)
                 if result:
-                    resultsFlag[obj['flag']]['lineNumber'] = numLines
-                    resultsFlag[obj['flag']]['occurence'] += 1 
+                    vulnerabilityFound[obj['flag']]['lineNumber'] = numLines
+                    vulnerabilityFound[obj['flag']]['occurence'] += 1 
 
             numLines += 1
 
         # Now, we can check if the value is specified or not
         # And check if the flag is specified and need to put on the sysctl config
-        for entry in resultsFlag:
-            obj = resultsFlag[entry]
+        for entry in vulnerabilityFound:
+            obj = vulnerabilityFound[entry]
             if obj['occurence'] > 0:
                 print(entry)
                 print(obj)
                 if obj['current_value'] != obj['recommand_value']:
+                    self._reports[entry]['result'] = "failed"
                     self._reports[entry]['message'] = \
                             f"You specify this value {obj['current_value']}" \
                             ", you should use this value {obj['recommand_value']}"
+                else:
+                    self._reports[entry]['result'] = "success"
             else:
                 # No find the flag, we recommand to enable it
                 self._reports[entry]['message'] = ""
 
         # We can generate the report
         print(self._reports)
+        print("")
+        print(vulnerabilityFound)
 
-    def _parsingFile(self, line, obj, resultsFlag) -> bool:
+    def _parsingFile(self, line, obj, vulnerabilityFound) -> bool:
         """
             This function parse the line and try to find the item in it
         """
@@ -77,7 +86,7 @@ class Parsing(ParsingBase):
                 flag = sLine[0].strip()
                 value = int(sLine[1].strip())
 
-                resultsFlag[flag]['current_value'] =  value
+                vulnerabilityFound[flag]['current_value'] =  value
 
                 result = True
                 
diff --git a/sysctl.py b/sysctl.py
index 98923b9..e23415c 100644
--- a/sysctl.py
+++ b/sysctl.py
@@ -1,8 +1,8 @@
 #!/usr/bin/env python3
 
 from parsing.sysctl import Parsing
-from vulnerabilities.system import system
-from vulnerabilities.sysctl import sysctl
+from issues.system import system
+from issues.sysctl import sysctl
 
 
 class Sysctl: