130 lines
4.4 KiB
Python
130 lines
4.4 KiB
Python
#!/usr/bin/env python3
|
|
|
|
import re
|
|
from json import dumps
|
|
from parsing.base import ParsingBase
|
|
|
|
class Parsing(ParsingBase):
|
|
def __init__(self, objects, audit):
|
|
self._parsing = dict()
|
|
self._reports = dict()
|
|
self._objects = objects
|
|
self._audit = audit
|
|
|
|
def runParsing(self):
|
|
# Generate report
|
|
self._constructReports()
|
|
|
|
for audit in self._audit:
|
|
if audit['audit'] == 'file':
|
|
with open(audit['value'], 'rb') as fdata:
|
|
self._parseFile(fdata)
|
|
if audit['audit'] == 'process':
|
|
self._parseProcess()
|
|
|
|
def _parseFile(self, fdata):
|
|
data = fdata.read()
|
|
lines = data.splitlines()
|
|
numLines = 1
|
|
|
|
vulnerabilityFound = dict()
|
|
|
|
# I create an array which contains all flag we need to find
|
|
# After that, for each data, I put the number of occurence I found.
|
|
# If the array is empty, no entry found for a flag, otherwise, we check the value
|
|
for obj in self._objects:
|
|
vulnerabilityFound[obj['flag']] = dict()
|
|
vulnerabilityFound[obj['flag']]['recommand_value'] = obj['value']
|
|
vulnerabilityFound[obj['flag']]['occurence'] = 0
|
|
for item in obj:
|
|
vulnerabilityFound[obj['flag']][item] = obj[item]
|
|
|
|
for line in lines:
|
|
line = line.decode("utf-8")
|
|
|
|
for obj in self._objects:
|
|
result = self._parsingFile(line, obj, vulnerabilityFound)
|
|
if result:
|
|
vulnerabilityFound[obj['flag']]['lineNumber'] = numLines
|
|
vulnerabilityFound[obj['flag']]['occurence'] += 1
|
|
|
|
numLines += 1
|
|
|
|
# Now, we can check if the value is specified or not
|
|
# And check if the flag is specified and need to put on the sysctl config
|
|
for entry in vulnerabilityFound:
|
|
obj = vulnerabilityFound[entry]
|
|
vulnerabilityFound[entry]['result'] = dict()
|
|
if obj['occurence'] > 0:
|
|
#print(entry)
|
|
#print(obj)
|
|
if obj['current_value'] != obj['recommand_value']:
|
|
vulnerabilityFound[entry]['result']['result'] = "failed"
|
|
else:
|
|
vulnerabilityFound[entry]['result']['result'] = "success"
|
|
else:
|
|
# No find the flag, we recommand to enable it
|
|
vulnerabilityFound[entry]['result']['result'] = "failed"
|
|
|
|
# Generate report
|
|
self._generateReport(vulnerabilityFound)
|
|
|
|
def _parseProcess(self):
|
|
vulnerabilityFound = dict()
|
|
|
|
# Generate report
|
|
#self._generateReport(vulnerabilityFound)
|
|
|
|
def _generateReport(self, objects):
|
|
# We can generate the report
|
|
for sysctl in self._reports['file']['sysctl']:
|
|
self._reports['file']['sysctl'][sysctl] = objects[sysctl]
|
|
|
|
def _parsingFile(self, line, obj, vulnerabilityFound) -> bool:
|
|
"""
|
|
This function parse the line and try to find the item in it
|
|
"""
|
|
result = bool()
|
|
|
|
groupLine = re.search(obj['flag'], line)
|
|
if groupLine:
|
|
# Avoid the comment
|
|
if not line.startswith('#'):
|
|
sLine = line.split('=')
|
|
flag = sLine[0].strip()
|
|
value = int(sLine[1].strip())
|
|
|
|
vulnerabilityFound[flag]['current_value'] = value
|
|
|
|
result = True
|
|
|
|
return result
|
|
|
|
def _constructReports(self):
|
|
"""
|
|
Construct dictionary for result of the tests
|
|
Each entry contains:
|
|
Key:
|
|
- filename: filename of the test
|
|
- line: line of the test
|
|
- parse: Display the line where the vulnerabilites has been found
|
|
- description: description of the vulnerability
|
|
- level: high, medium or low
|
|
"""
|
|
# For file
|
|
self._reports['file'] = dict()
|
|
self._reports['file']['filename'] = self._audit[0]['value']
|
|
self._reports['file']['sysctl'] = dict()
|
|
|
|
# For process
|
|
self._reports['process'] = dict()
|
|
self._reports['process']['sysctl'] = dict()
|
|
|
|
|
|
for sysctl in self._objects:
|
|
self._reports['file']['sysctl'][sysctl['flag']] = dict()
|
|
self._reports['process']['sysctl'][sysctl['flag']] = dict()
|
|
|
|
def getResults(self) -> dict:
|
|
return self._reports
|