Bug fixes to the importer
git-svn-id: file:///home/svn/framework3/trunk@10575 4d416f70-5f16-0410-b530-b9f4589650daunstable
parent
da459f7712
commit
cbcebc0cc8
|
@ -1367,9 +1367,10 @@ class DBManager
|
||||||
site = opts.delete(:web_site)
|
site = opts.delete(:web_site)
|
||||||
else
|
else
|
||||||
site = report_web_site(
|
site = report_web_site(
|
||||||
:host => opts[:host], :port => opts[:port],
|
:workspace => wspace,
|
||||||
:vhost => opts[:host], :ssl => opts[:ssl],
|
:host => opts[:host], :port => opts[:port],
|
||||||
:wait => true
|
:vhost => opts[:host], :ssl => opts[:ssl],
|
||||||
|
:wait => true
|
||||||
)
|
)
|
||||||
if not site
|
if not site
|
||||||
raise ArgumentError, "report_web_page was unable to create the associated web site"
|
raise ArgumentError, "report_web_page was unable to create the associated web site"
|
||||||
|
@ -1443,9 +1444,10 @@ class DBManager
|
||||||
site = opts.delete(:web_site)
|
site = opts.delete(:web_site)
|
||||||
else
|
else
|
||||||
site = report_web_site(
|
site = report_web_site(
|
||||||
:host => opts[:host], :port => opts[:port],
|
:workspace => wspace,
|
||||||
:vhost => opts[:host], :ssl => opts[:ssl],
|
:host => opts[:host], :port => opts[:port],
|
||||||
:wait => true
|
:vhost => opts[:host], :ssl => opts[:ssl],
|
||||||
|
:wait => true
|
||||||
)
|
)
|
||||||
if not site
|
if not site
|
||||||
raise ArgumentError, "report_web_form was unable to create the associated web site"
|
raise ArgumentError, "report_web_form was unable to create the associated web site"
|
||||||
|
@ -1547,9 +1549,10 @@ class DBManager
|
||||||
site = opts.delete(:web_site)
|
site = opts.delete(:web_site)
|
||||||
else
|
else
|
||||||
site = report_web_site(
|
site = report_web_site(
|
||||||
:host => opts[:host], :port => opts[:port],
|
:workspace => wspace,
|
||||||
:vhost => opts[:host], :ssl => opts[:ssl],
|
:host => opts[:host], :port => opts[:port],
|
||||||
:wait => true
|
:vhost => opts[:host], :ssl => opts[:ssl],
|
||||||
|
:wait => true
|
||||||
)
|
)
|
||||||
if not site
|
if not site
|
||||||
raise ArgumentError, "report_web_form was unable to create the associated web site"
|
raise ArgumentError, "report_web_form was unable to create the associated web site"
|
||||||
|
@ -1558,6 +1561,8 @@ class DBManager
|
||||||
|
|
||||||
ret = {}
|
ret = {}
|
||||||
task = queue(Proc.new {
|
task = queue(Proc.new {
|
||||||
|
|
||||||
|
|
||||||
vuln = WebVuln.find_or_initialize_by_web_site_id_and_path_and_method_and_pname_and_name_and_query(site[:id], path, meth, pname, name, quer)
|
vuln = WebVuln.find_or_initialize_by_web_site_id_and_path_and_method_and_pname_and_name_and_query(site[:id], path, meth, pname, name, quer)
|
||||||
vuln.risk = risk
|
vuln.risk = risk
|
||||||
vuln.params = para
|
vuln.params = para
|
||||||
|
@ -1910,7 +1915,7 @@ class DBManager
|
||||||
return :msf_xml
|
return :msf_xml
|
||||||
when /MetasploitV4/
|
when /MetasploitV4/
|
||||||
@import_filedata[:type] = "Metasploit XML"
|
@import_filedata[:type] = "Metasploit XML"
|
||||||
return :msf_xml
|
return :msf_xml
|
||||||
else
|
else
|
||||||
# Give up if we haven't hit the root tag in the first few lines
|
# Give up if we haven't hit the root tag in the first few lines
|
||||||
break if line_count > 10
|
break if line_count > 10
|
||||||
|
@ -2265,7 +2270,7 @@ class DBManager
|
||||||
if host.elements["comm"].text
|
if host.elements["comm"].text
|
||||||
host_data[:comm] = nils_for_nulls(host.elements["comm"].text.to_s.strip)
|
host_data[:comm] = nils_for_nulls(host.elements["comm"].text.to_s.strip)
|
||||||
end
|
end
|
||||||
%w{created-at updated-at name state os-flavor os-lang os-name os-sp purpose}.each { |datum|
|
%W{created-at updated-at name state os-flavor os-lang os-name os-sp purpose}.each { |datum|
|
||||||
if host.elements[datum].text
|
if host.elements[datum].text
|
||||||
host_data[datum.gsub('-','_')] = nils_for_nulls(host.elements[datum].text.to_s.strip)
|
host_data[datum.gsub('-','_')] = nils_for_nulls(host.elements[datum].text.to_s.strip)
|
||||||
end
|
end
|
||||||
|
@ -2278,7 +2283,7 @@ class DBManager
|
||||||
service_data[:host] = host_address
|
service_data[:host] = host_address
|
||||||
service_data[:port] = nils_for_nulls(service.elements["port"].text.to_s.strip).to_i
|
service_data[:port] = nils_for_nulls(service.elements["port"].text.to_s.strip).to_i
|
||||||
service_data[:proto] = nils_for_nulls(service.elements["proto"].text.to_s.strip)
|
service_data[:proto] = nils_for_nulls(service.elements["proto"].text.to_s.strip)
|
||||||
%w{created-at updated-at name state info}.each { |datum|
|
%W{created-at updated-at name state info}.each { |datum|
|
||||||
if service.elements[datum].text
|
if service.elements[datum].text
|
||||||
if datum == "info"
|
if datum == "info"
|
||||||
service_data["info"] = nils_for_nulls(unserialize_object(service.elements[datum], false))
|
service_data["info"] = nils_for_nulls(unserialize_object(service.elements[datum], false))
|
||||||
|
@ -2302,7 +2307,7 @@ class DBManager
|
||||||
if note.elements["seen"].text
|
if note.elements["seen"].text
|
||||||
note_data[:seen] = true unless note.elements["critical"].text.to_s.strip == "NULL"
|
note_data[:seen] = true unless note.elements["critical"].text.to_s.strip == "NULL"
|
||||||
end
|
end
|
||||||
%w{created-at updated-at}.each { |datum|
|
%W{created-at updated-at}.each { |datum|
|
||||||
if note.elements[datum].text
|
if note.elements[datum].text
|
||||||
note_data[datum.gsub("-","_")] = nils_for_nulls(note.elements[datum].text.to_s.strip)
|
note_data[datum.gsub("-","_")] = nils_for_nulls(note.elements[datum].text.to_s.strip)
|
||||||
end
|
end
|
||||||
|
@ -2315,7 +2320,7 @@ class DBManager
|
||||||
vuln_data[:host] = host_address
|
vuln_data[:host] = host_address
|
||||||
vuln_data[:info] = nils_for_nulls(unserialize_object(vuln.elements["info"], allow_yaml))
|
vuln_data[:info] = nils_for_nulls(unserialize_object(vuln.elements["info"], allow_yaml))
|
||||||
vuln_data[:name] = nils_for_nulls(vuln.elements["name"].text.to_s.strip)
|
vuln_data[:name] = nils_for_nulls(vuln.elements["name"].text.to_s.strip)
|
||||||
%w{created-at updated-at}.each { |datum|
|
%W{created-at updated-at}.each { |datum|
|
||||||
if vuln.elements[datum].text
|
if vuln.elements[datum].text
|
||||||
vuln_data[datum.gsub("-","_")] = nils_for_nulls(vuln.elements[datum].text.to_s.strip)
|
vuln_data[datum.gsub("-","_")] = nils_for_nulls(vuln.elements[datum].text.to_s.strip)
|
||||||
end
|
end
|
||||||
|
@ -2326,12 +2331,12 @@ class DBManager
|
||||||
cred_data = {}
|
cred_data = {}
|
||||||
cred_data[:workspace] = wspace
|
cred_data[:workspace] = wspace
|
||||||
cred_data[:host] = host_address
|
cred_data[:host] = host_address
|
||||||
%w{port ptype sname proto proof active user pass}.each {|datum|
|
%W{port ptype sname proto proof active user pass}.each {|datum|
|
||||||
if cred.elements[datum].respond_to? :text
|
if cred.elements[datum].respond_to? :text
|
||||||
cred_data[datum.intern] = nils_for_nulls(cred.elements[datum].text.to_s.strip)
|
cred_data[datum.intern] = nils_for_nulls(cred.elements[datum].text.to_s.strip)
|
||||||
end
|
end
|
||||||
}
|
}
|
||||||
%w{created-at updated-at}.each { |datum|
|
%W{created-at updated-at}.each { |datum|
|
||||||
if cred.elements[datum].respond_to? :text
|
if cred.elements[datum].respond_to? :text
|
||||||
cred_data[datum.gsub("-","_")] = nils_for_nulls(cred.elements[datum].text.to_s.strip)
|
cred_data[datum.gsub("-","_")] = nils_for_nulls(cred.elements[datum].text.to_s.strip)
|
||||||
end
|
end
|
||||||
|
@ -2347,61 +2352,70 @@ class DBManager
|
||||||
end
|
end
|
||||||
|
|
||||||
# Import web sites
|
# Import web sites
|
||||||
doc.elements.each("/#{btag}/web_sites") do |web|
|
doc.elements.each("/#{btag}/web_sites/web_site") do |web|
|
||||||
info = {}
|
info = {}
|
||||||
info[:workspace] = wspace
|
info[:workspace] = wspace
|
||||||
info[:host] = nils_for_nulls(web.elements["host"].text.to_s.strip)
|
|
||||||
info[:port] = nils_for_nulls(web.elements["port"].text.to_s.strip)
|
%W{host port vhost ssl comments}.each do |datum|
|
||||||
info[:ssl] = nils_for_nulls(web.elements["ssl"].text.to_s.strip)
|
if web.elements[datum].respond_to? :text
|
||||||
info[:vhost] = nils_for_nulls(web.elements["vhost"].text.to_s.strip)
|
info[datum.intern] = nils_for_nulls(web.elements[datum].text.to_s.strip)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
info[:options] = nils_for_nulls(unserialize_object(web.elements["options"], allow_yaml)) if web.elements["options"].respond_to?(:text)
|
||||||
|
info[:ssl] = (info[:ssl] and info[:ssl].to_s.strip.downcase == "true") ? true : false
|
||||||
|
|
||||||
%w{created-at updated-at}.each { |datum|
|
%W{created-at updated-at}.each { |datum|
|
||||||
if web.elements[datum].text
|
if web.elements[datum].text
|
||||||
vinfo[datum.gsub("-","_")] = nils_for_nulls(web.elements[datum].text.to_s.strip)
|
info[datum.gsub("-","_")] = nils_for_nulls(web.elements[datum].text.to_s.strip)
|
||||||
end
|
end
|
||||||
}
|
}
|
||||||
|
|
||||||
report_web_site(info)
|
report_web_site(info)
|
||||||
end
|
end
|
||||||
|
|
||||||
%W{page form vuln}.each do |wtype|
|
%W{page form vuln}.each do |wtype|
|
||||||
doc.elements.each("/#{btag}/web_#{wtype}s") do |web|
|
doc.elements.each("/#{btag}/web_#{wtype}s/web_#{wtype}") do |web|
|
||||||
info = {}
|
info = {}
|
||||||
info[:workspace] = wspace
|
info[:workspace] = wspace
|
||||||
info[:host] = nils_for_nulls(web.elements["host"].text.to_s.strip)
|
info[:host] = nils_for_nulls(web.elements["host"].text.to_s.strip) if web.elements["host"].respond_to?(:text)
|
||||||
info[:port] = nils_for_nulls(web.elements["port"].text.to_s.strip)
|
info[:port] = nils_for_nulls(web.elements["port"].text.to_s.strip) if web.elements["port"].respond_to?(:text)
|
||||||
info[:ssl] = nils_for_nulls(web.elements["ssl"].text.to_s.strip)
|
info[:ssl] = nils_for_nulls(web.elements["ssl"].text.to_s.strip) if web.elements["ssl"].respond_to?(:text)
|
||||||
info[:vhost] = nils_for_nulls(web.elements["vhost"].text.to_s.strip)
|
info[:vhost] = nils_for_nulls(web.elements["vhost"].text.to_s.strip) if web.elements["vhost"].respond_to?(:text)
|
||||||
|
|
||||||
|
info[:ssl] = (info[:ssl] and info[:ssl].to_s.strip.downcase == "true") ? true : false
|
||||||
|
|
||||||
case wtype
|
case wtype
|
||||||
when "page"
|
when "page"
|
||||||
%{path code body query cookie auth ctype mtime location}.each do |datum|
|
%W{path code body query cookie auth ctype mtime location}.each do |datum|
|
||||||
if web.elements[datum].respond_to? :text
|
if web.elements[datum].respond_to? :text
|
||||||
info[datum.intern] = nils_for_nulls(web.elements[datum].text.to_s.strip)
|
info[datum.intern] = nils_for_nulls(web.elements[datum].text.to_s.strip)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
info[:headers] = nils_for_nulls(unserialize_object(web.elements["headers"], allow_yaml))
|
info[:headers] = nils_for_nulls(unserialize_object(web.elements["headers"], allow_yaml))
|
||||||
when "form"
|
when "form"
|
||||||
%{path query method}.each do |datum|
|
%W{path query method}.each do |datum|
|
||||||
if web.elements[datum].respond_to? :text
|
if web.elements[datum].respond_to? :text
|
||||||
info[datum.intern] = nils_for_nulls(web.elements[datum].text.to_s.strip)
|
info[datum.intern] = nils_for_nulls(web.elements[datum].text.to_s.strip)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
info[:params] = nils_for_nulls(unserialize_object(web.elements["params"], allow_yaml))
|
info[:params] = nils_for_nulls(unserialize_object(web.elements["params"], allow_yaml))
|
||||||
when "vuln"
|
when "vuln"
|
||||||
%{path query method pname proof risk name}.each do |datum|
|
%W{path query method pname proof risk name}.each do |datum|
|
||||||
if web.elements[datum].respond_to? :text
|
if web.elements[datum].respond_to? :text
|
||||||
info[datum.intern] = nils_for_nulls(web.elements[datum].text.to_s.strip)
|
info[datum.intern] = nils_for_nulls(web.elements[datum].text.to_s.strip)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
info[:params] = nils_for_nulls(unserialize_object(web.elements["params"], allow_yaml))
|
info[:params] = nils_for_nulls(unserialize_object(web.elements["params"], allow_yaml))
|
||||||
|
info[:risk] = info[:risk].to_i
|
||||||
end
|
end
|
||||||
|
|
||||||
%w{created-at updated-at}.each { |datum|
|
%W{created-at updated-at}.each { |datum|
|
||||||
if web.elements[datum].text
|
if web.elements[datum].text
|
||||||
vinfo[datum.gsub("-","_")] = nils_for_nulls(web.elements[datum].text.to_s.strip)
|
info[datum.gsub("-","_")] = nils_for_nulls(web.elements[datum].text.to_s.strip)
|
||||||
end
|
end
|
||||||
}
|
}
|
||||||
self.send("report_web_#{wtype}", info)
|
self.send("report_web_#{wtype}", info)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in New Issue