Bug fixes to the importer

git-svn-id: file:///home/svn/framework3/trunk@10575 4d416f70-5f16-0410-b530-b9f4589650da
unstable
HD Moore 2010-10-06 20:24:26 +00:00
parent da459f7712
commit cbcebc0cc8
1 changed files with 49 additions and 35 deletions

View File

@ -1367,9 +1367,10 @@ class DBManager
site = opts.delete(:web_site) site = opts.delete(:web_site)
else else
site = report_web_site( site = report_web_site(
:host => opts[:host], :port => opts[:port], :workspace => wspace,
:vhost => opts[:host], :ssl => opts[:ssl], :host => opts[:host], :port => opts[:port],
:wait => true :vhost => opts[:host], :ssl => opts[:ssl],
:wait => true
) )
if not site if not site
raise ArgumentError, "report_web_page was unable to create the associated web site" raise ArgumentError, "report_web_page was unable to create the associated web site"
@ -1443,9 +1444,10 @@ class DBManager
site = opts.delete(:web_site) site = opts.delete(:web_site)
else else
site = report_web_site( site = report_web_site(
:host => opts[:host], :port => opts[:port], :workspace => wspace,
:vhost => opts[:host], :ssl => opts[:ssl], :host => opts[:host], :port => opts[:port],
:wait => true :vhost => opts[:host], :ssl => opts[:ssl],
:wait => true
) )
if not site if not site
raise ArgumentError, "report_web_form was unable to create the associated web site" raise ArgumentError, "report_web_form was unable to create the associated web site"
@ -1547,9 +1549,10 @@ class DBManager
site = opts.delete(:web_site) site = opts.delete(:web_site)
else else
site = report_web_site( site = report_web_site(
:host => opts[:host], :port => opts[:port], :workspace => wspace,
:vhost => opts[:host], :ssl => opts[:ssl], :host => opts[:host], :port => opts[:port],
:wait => true :vhost => opts[:host], :ssl => opts[:ssl],
:wait => true
) )
if not site if not site
raise ArgumentError, "report_web_form was unable to create the associated web site" raise ArgumentError, "report_web_form was unable to create the associated web site"
@ -1558,6 +1561,8 @@ class DBManager
ret = {} ret = {}
task = queue(Proc.new { task = queue(Proc.new {
vuln = WebVuln.find_or_initialize_by_web_site_id_and_path_and_method_and_pname_and_name_and_query(site[:id], path, meth, pname, name, quer) vuln = WebVuln.find_or_initialize_by_web_site_id_and_path_and_method_and_pname_and_name_and_query(site[:id], path, meth, pname, name, quer)
vuln.risk = risk vuln.risk = risk
vuln.params = para vuln.params = para
@ -1910,7 +1915,7 @@ class DBManager
return :msf_xml return :msf_xml
when /MetasploitV4/ when /MetasploitV4/
@import_filedata[:type] = "Metasploit XML" @import_filedata[:type] = "Metasploit XML"
return :msf_xml return :msf_xml
else else
# Give up if we haven't hit the root tag in the first few lines # Give up if we haven't hit the root tag in the first few lines
break if line_count > 10 break if line_count > 10
@ -2265,7 +2270,7 @@ class DBManager
if host.elements["comm"].text if host.elements["comm"].text
host_data[:comm] = nils_for_nulls(host.elements["comm"].text.to_s.strip) host_data[:comm] = nils_for_nulls(host.elements["comm"].text.to_s.strip)
end end
%w{created-at updated-at name state os-flavor os-lang os-name os-sp purpose}.each { |datum| %W{created-at updated-at name state os-flavor os-lang os-name os-sp purpose}.each { |datum|
if host.elements[datum].text if host.elements[datum].text
host_data[datum.gsub('-','_')] = nils_for_nulls(host.elements[datum].text.to_s.strip) host_data[datum.gsub('-','_')] = nils_for_nulls(host.elements[datum].text.to_s.strip)
end end
@ -2278,7 +2283,7 @@ class DBManager
service_data[:host] = host_address service_data[:host] = host_address
service_data[:port] = nils_for_nulls(service.elements["port"].text.to_s.strip).to_i service_data[:port] = nils_for_nulls(service.elements["port"].text.to_s.strip).to_i
service_data[:proto] = nils_for_nulls(service.elements["proto"].text.to_s.strip) service_data[:proto] = nils_for_nulls(service.elements["proto"].text.to_s.strip)
%w{created-at updated-at name state info}.each { |datum| %W{created-at updated-at name state info}.each { |datum|
if service.elements[datum].text if service.elements[datum].text
if datum == "info" if datum == "info"
service_data["info"] = nils_for_nulls(unserialize_object(service.elements[datum], false)) service_data["info"] = nils_for_nulls(unserialize_object(service.elements[datum], false))
@ -2302,7 +2307,7 @@ class DBManager
if note.elements["seen"].text if note.elements["seen"].text
note_data[:seen] = true unless note.elements["critical"].text.to_s.strip == "NULL" note_data[:seen] = true unless note.elements["critical"].text.to_s.strip == "NULL"
end end
%w{created-at updated-at}.each { |datum| %W{created-at updated-at}.each { |datum|
if note.elements[datum].text if note.elements[datum].text
note_data[datum.gsub("-","_")] = nils_for_nulls(note.elements[datum].text.to_s.strip) note_data[datum.gsub("-","_")] = nils_for_nulls(note.elements[datum].text.to_s.strip)
end end
@ -2315,7 +2320,7 @@ class DBManager
vuln_data[:host] = host_address vuln_data[:host] = host_address
vuln_data[:info] = nils_for_nulls(unserialize_object(vuln.elements["info"], allow_yaml)) vuln_data[:info] = nils_for_nulls(unserialize_object(vuln.elements["info"], allow_yaml))
vuln_data[:name] = nils_for_nulls(vuln.elements["name"].text.to_s.strip) vuln_data[:name] = nils_for_nulls(vuln.elements["name"].text.to_s.strip)
%w{created-at updated-at}.each { |datum| %W{created-at updated-at}.each { |datum|
if vuln.elements[datum].text if vuln.elements[datum].text
vuln_data[datum.gsub("-","_")] = nils_for_nulls(vuln.elements[datum].text.to_s.strip) vuln_data[datum.gsub("-","_")] = nils_for_nulls(vuln.elements[datum].text.to_s.strip)
end end
@ -2326,12 +2331,12 @@ class DBManager
cred_data = {} cred_data = {}
cred_data[:workspace] = wspace cred_data[:workspace] = wspace
cred_data[:host] = host_address cred_data[:host] = host_address
%w{port ptype sname proto proof active user pass}.each {|datum| %W{port ptype sname proto proof active user pass}.each {|datum|
if cred.elements[datum].respond_to? :text if cred.elements[datum].respond_to? :text
cred_data[datum.intern] = nils_for_nulls(cred.elements[datum].text.to_s.strip) cred_data[datum.intern] = nils_for_nulls(cred.elements[datum].text.to_s.strip)
end end
} }
%w{created-at updated-at}.each { |datum| %W{created-at updated-at}.each { |datum|
if cred.elements[datum].respond_to? :text if cred.elements[datum].respond_to? :text
cred_data[datum.gsub("-","_")] = nils_for_nulls(cred.elements[datum].text.to_s.strip) cred_data[datum.gsub("-","_")] = nils_for_nulls(cred.elements[datum].text.to_s.strip)
end end
@ -2347,61 +2352,70 @@ class DBManager
end end
# Import web sites # Import web sites
doc.elements.each("/#{btag}/web_sites") do |web| doc.elements.each("/#{btag}/web_sites/web_site") do |web|
info = {} info = {}
info[:workspace] = wspace info[:workspace] = wspace
info[:host] = nils_for_nulls(web.elements["host"].text.to_s.strip)
info[:port] = nils_for_nulls(web.elements["port"].text.to_s.strip) %W{host port vhost ssl comments}.each do |datum|
info[:ssl] = nils_for_nulls(web.elements["ssl"].text.to_s.strip) if web.elements[datum].respond_to? :text
info[:vhost] = nils_for_nulls(web.elements["vhost"].text.to_s.strip) info[datum.intern] = nils_for_nulls(web.elements[datum].text.to_s.strip)
end
end
info[:options] = nils_for_nulls(unserialize_object(web.elements["options"], allow_yaml)) if web.elements["options"].respond_to?(:text)
info[:ssl] = (info[:ssl] and info[:ssl].to_s.strip.downcase == "true") ? true : false
%w{created-at updated-at}.each { |datum| %W{created-at updated-at}.each { |datum|
if web.elements[datum].text if web.elements[datum].text
vinfo[datum.gsub("-","_")] = nils_for_nulls(web.elements[datum].text.to_s.strip) info[datum.gsub("-","_")] = nils_for_nulls(web.elements[datum].text.to_s.strip)
end end
} }
report_web_site(info) report_web_site(info)
end end
%W{page form vuln}.each do |wtype| %W{page form vuln}.each do |wtype|
doc.elements.each("/#{btag}/web_#{wtype}s") do |web| doc.elements.each("/#{btag}/web_#{wtype}s/web_#{wtype}") do |web|
info = {} info = {}
info[:workspace] = wspace info[:workspace] = wspace
info[:host] = nils_for_nulls(web.elements["host"].text.to_s.strip) info[:host] = nils_for_nulls(web.elements["host"].text.to_s.strip) if web.elements["host"].respond_to?(:text)
info[:port] = nils_for_nulls(web.elements["port"].text.to_s.strip) info[:port] = nils_for_nulls(web.elements["port"].text.to_s.strip) if web.elements["port"].respond_to?(:text)
info[:ssl] = nils_for_nulls(web.elements["ssl"].text.to_s.strip) info[:ssl] = nils_for_nulls(web.elements["ssl"].text.to_s.strip) if web.elements["ssl"].respond_to?(:text)
info[:vhost] = nils_for_nulls(web.elements["vhost"].text.to_s.strip) info[:vhost] = nils_for_nulls(web.elements["vhost"].text.to_s.strip) if web.elements["vhost"].respond_to?(:text)
info[:ssl] = (info[:ssl] and info[:ssl].to_s.strip.downcase == "true") ? true : false
case wtype case wtype
when "page" when "page"
%{path code body query cookie auth ctype mtime location}.each do |datum| %W{path code body query cookie auth ctype mtime location}.each do |datum|
if web.elements[datum].respond_to? :text if web.elements[datum].respond_to? :text
info[datum.intern] = nils_for_nulls(web.elements[datum].text.to_s.strip) info[datum.intern] = nils_for_nulls(web.elements[datum].text.to_s.strip)
end end
end end
info[:headers] = nils_for_nulls(unserialize_object(web.elements["headers"], allow_yaml)) info[:headers] = nils_for_nulls(unserialize_object(web.elements["headers"], allow_yaml))
when "form" when "form"
%{path query method}.each do |datum| %W{path query method}.each do |datum|
if web.elements[datum].respond_to? :text if web.elements[datum].respond_to? :text
info[datum.intern] = nils_for_nulls(web.elements[datum].text.to_s.strip) info[datum.intern] = nils_for_nulls(web.elements[datum].text.to_s.strip)
end end
end end
info[:params] = nils_for_nulls(unserialize_object(web.elements["params"], allow_yaml)) info[:params] = nils_for_nulls(unserialize_object(web.elements["params"], allow_yaml))
when "vuln" when "vuln"
%{path query method pname proof risk name}.each do |datum| %W{path query method pname proof risk name}.each do |datum|
if web.elements[datum].respond_to? :text if web.elements[datum].respond_to? :text
info[datum.intern] = nils_for_nulls(web.elements[datum].text.to_s.strip) info[datum.intern] = nils_for_nulls(web.elements[datum].text.to_s.strip)
end end
end end
info[:params] = nils_for_nulls(unserialize_object(web.elements["params"], allow_yaml)) info[:params] = nils_for_nulls(unserialize_object(web.elements["params"], allow_yaml))
info[:risk] = info[:risk].to_i
end end
%w{created-at updated-at}.each { |datum| %W{created-at updated-at}.each { |datum|
if web.elements[datum].text if web.elements[datum].text
vinfo[datum.gsub("-","_")] = nils_for_nulls(web.elements[datum].text.to_s.strip) info[datum.gsub("-","_")] = nils_for_nulls(web.elements[datum].text.to_s.strip)
end end
} }
self.send("report_web_#{wtype}", info) self.send("report_web_#{wtype}", info)
end end
end end
end end