From 9a4c845f6d4089f96fbabf80dc2fc2736445084b Mon Sep 17 00:00:00 2001 From: geoffrey Date: Mon, 5 Jun 2023 21:26:39 +0200 Subject: [PATCH] Parsing vulnerabilities --- parsing/sysctl.py | 73 ++++++++++++++------------------------- vulnerabilities/sysctl.py | 10 ++++-- 2 files changed, 33 insertions(+), 50 deletions(-) diff --git a/parsing/sysctl.py b/parsing/sysctl.py index 954569d..87e0390 100644 --- a/parsing/sysctl.py +++ b/parsing/sysctl.py @@ -30,9 +30,9 @@ class Parsing(ParsingBase): # After that, for each data, I put the number of occurence I found. # If the array is empty, no entry found for a flag, otherwise, we check the value for obj in self._objects['sysctl']: - resultsFlag[obj['flag']] = list() - - print(resultsFlag) + resultsFlag[obj['flag']] = dict() + resultsFlag[obj['flag']]['recommand_value'] = obj['value'] + resultsFlag[obj['flag']]['occurence'] = 0 for line in lines: line = line.decode("utf-8") @@ -40,39 +40,28 @@ class Parsing(ParsingBase): for obj in self._objects['sysctl']: result = self._parsingFile(line, obj, resultsFlag) if result: - print(resultsFlag[obj['flag']][ - len(resultsFlag[obj['flag']]) - 1: - len(resultsFlag[obj['flag']]) - ]) - # If not exist, we recommand to put the flag - #if len(result) == 0: - # # print("Not find") - # pass - ## If the flag is found - #else: - # # And if the current value is not setted corectly for the vulnerability - # print(result) - # - # self._reports[obj['flag']].append({ - # 'lineNumber': numLines, - # 'value': obj['value'], - # 'audit': 'failed' # Or success - # }) - # - # #if result['value'] != result['current_value']: - # # print(f"You must change the value to {obj['value']} for fixing the vulnerabilities") + resultsFlag[obj['flag']]['lineNumber'] = numLines + resultsFlag[obj['flag']]['occurence'] += 1 numLines += 1 - print(self._reports) # Now, we can check if the value is specified or not # And check if the flag is specified and need to put on the sysctl config - print("") for entry in resultsFlag: - print(entry) - print(resultsFlag[entry]) + obj = resultsFlag[entry] + if obj['occurence'] > 0: + print(entry) + print(obj) + if obj['current_value'] != obj['recommand_value']: + self._reports[entry]['message'] = \ + f"You specify this value {obj['current_value']}" \ + ", you should use this value {obj['recommand_value']}" + else: + # No find the flag, we recommand to enable it + self._reports[entry]['message'] = "" # We can generate the report + print(self._reports) def _parsingFile(self, line, obj, resultsFlag) -> bool: """ @@ -85,23 +74,13 @@ class Parsing(ParsingBase): # Avoid the comment if not line.startswith('#'): sLine = line.split('=') - flag = sLine[0] - value = int(sLine[1].strip('')) + flag = sLine[0].strip() + value = int(sLine[1].strip()) + + resultsFlag[flag]['current_value'] = value + result = True - #print(sLine) - - resultsFlag[flag].append({ - 'current_value': value, - 'value': obj['value'] - }) - #result['found'] = flag - #result['current_value'] = value - #result['value'] = obj['value'] - - #if value != obj['value']: - # print("Need to change the value") - # print(sLine) - + return result def _constructResults(self, filename): @@ -112,15 +91,13 @@ class Parsing(ParsingBase): - filename: filename of the test - line: line of the test - parse: Display the line where the vulnerabilites has been found - - description: description of the vulnerabilities + - description: description of the vulnerability - level: high, medium or low """ self._reports['filename'] = filename for sysctl in self._objects['sysctl']: - self._reports[sysctl['flag']] = list() - print(self._reports) - print("") + self._reports[sysctl['flag']] = dict() def getResults(self) -> dict: result = dict() diff --git a/vulnerabilities/sysctl.py b/vulnerabilities/sysctl.py index b7e339c..49d5652 100644 --- a/vulnerabilities/sysctl.py +++ b/vulnerabilities/sysctl.py @@ -1,15 +1,19 @@ #!/usr/bin/env python3 +# Define the entry + def sysctl() -> list: sysctl = list() # https://access.redhat.com/security/sysctl/sysctl-2023-0179 sysctl.append({ - "cve": "cve-2023-0179", + "from": "cve", + "id": "cve-2023-0179", "description": "", "flag": "kernel.unprivileged_userns_clone", "value": 0, "level": "medium", + "recommendation": "You should disable this flag for resolving the issue", "affectedSystem": ({ 'linux': "Debian", 'release': 'buster', @@ -19,9 +23,11 @@ def sysctl() -> list: # Best practice from CIS sysctl.append({ - "cve": "", + "from": "cis", + "id": "", "description": "Disable IPv4 forwarding", "flag": "net.ipv4.conf.all.forwarding", + "recommendation": "You should disable this flag for resolving the issue", "value": 0, "level": "medium" })