From e658fa3e2707896b417a1287bcd35b1ccdca9d5b Mon Sep 17 00:00:00 2001 From: Juan Jose Nicola Date: Tue, 3 Jul 2018 15:33:16 +0200 Subject: [PATCH 1/2] Move in . is an optional subelement of instead of a subelement of . Add unittest. Update documentation. --- doc/OSP.xml | 5 ++--- ospd/misc.py | 8 +++++++- ospd/ospd.py | 28 ++++++++++++++++++---------- tests/testSSHDaemon.py | 2 +- tests/testScanAndResult.py | 29 ++++++++++++++++++++++++++++- 5 files changed, 56 insertions(+), 16 deletions(-) diff --git a/doc/OSP.xml b/doc/OSP.xml index d2ca042f..8df3237f 100644 --- a/doc/OSP.xml +++ b/doc/OSP.xml @@ -647,9 +647,8 @@ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. Start a new scan with a VT selection - - 1.2.3.4.5, 22.34.61.1, 3.67.4.2 - + + 1.2.3.4.5, 22.34.61.1, 3.67.4.2 diff --git a/ospd/misc.py b/ospd/misc.py index 885fa57c..1d7bc5af 100644 --- a/ospd/misc.py +++ b/ospd/misc.py @@ -116,7 +116,7 @@ def ids_iterator(self): return iter(self.scans_table.keys()) - def create_scan(self, scan_id='', target='', ports='', options=dict()): + def create_scan(self, scan_id='', target='', ports='', options=dict(), vts=''): """ Creates a new scan with provided scan information. """ if self.data_manager is None: @@ -126,6 +126,7 @@ def create_scan(self, scan_id='', target='', ports='', options=dict()): scan_info['progress'] = 0 scan_info['target'] = target scan_info['ports'] = ports + scan_info['vts'] = vts scan_info['options'] = options scan_info['start_time'] = int(time.time()) scan_info['end_time'] = "0" @@ -170,6 +171,11 @@ def get_ports(self, scan_id): return self.scans_table[scan_id]['ports'] + def get_vts(self, scan_id): + """ Get a scan's vts list. """ + + return self.scans_table[scan_id]['vts'] + def id_exists(self, scan_id): """ Check whether a scan exists in the table. """ diff --git a/ospd/ospd.py b/ospd/ospd.py index cbb7b8a9..1b66228a 100644 --- a/ospd/ospd.py +++ b/ospd/ospd.py @@ -63,13 +63,6 @@ 'mandatory': 0, 'description': 'Whether to dry run scan.', }, - 'vts': { - 'type': 'string', - 'name': 'Vulnerability Tests', - 'default': '', - 'mandatory': 0, - 'description': 'Comma-separated list of vulnerability test IDs to be executed.', - }, } COMMANDS_TABLE = { @@ -415,6 +408,15 @@ def handle_start_scan_command(self, scan_et): params = self._preprocess_scan_params(scanner_params) + # VTS is an optional element. If present should not be empty. + vts_str = '' + scanner_vts = scan_et.find('vts') + if scanner_vts is not None: + if scanner_vts.text is None: + raise OSPDError('VTs list is empty', 'start_scan') + else: + vts_str = scanner_vts.text + # Dry run case. if 'dry_run' in params and int(params['dry_run']): scan_func = self.dry_run_scan @@ -423,7 +425,8 @@ def handle_start_scan_command(self, scan_et): scan_func = self.start_scan scan_params = self.process_scan_params(params) - scan_id = self.create_scan(scan_id, target_str, ports_str, scan_params) + scan_id = self.create_scan(scan_id, target_str, + ports_str, scan_params, vts_str) scan_process = multiprocessing.Process(target=scan_func, args=(scan_id, target_str)) self.scan_processes[scan_id] = scan_process @@ -996,7 +999,7 @@ def run(self, address, port, unix_path): sock.shutdown(socket.SHUT_RDWR) sock.close() - def create_scan(self, scan_id, target, ports, options): + def create_scan(self, scan_id, target, ports, options, vts): """ Creates a new scan. @target: Target to scan. @@ -1004,7 +1007,8 @@ def create_scan(self, scan_id, target, ports, options): @return: New scan's ID. """ - return self.scan_collection.create_scan(scan_id, target, ports, options) + return self.scan_collection.create_scan(scan_id, target, + ports, options, vts) def get_scan_options(self, scan_id): """ Gives a scan's list of options. """ @@ -1038,6 +1042,10 @@ def get_scan_ports(self, scan_id): """ Gives a scan's ports list. """ return self.scan_collection.get_ports(scan_id) + def get_scan_vts(self, scan_id): + """ Gives a scan's vts list. """ + return self.scan_collection.get_vts(scan_id) + def get_scan_start_time(self, scan_id): """ Gives a scan's start time. """ return self.scan_collection.get_start_time(scan_id) diff --git a/tests/testSSHDaemon.py b/tests/testSSHDaemon.py index 8240223a..e4fce899 100644 --- a/tests/testSSHDaemon.py +++ b/tests/testSSHDaemon.py @@ -50,7 +50,7 @@ def testRunCommand(self): daemon = OSPDaemonSimpleSSH('cert', 'key', 'ca') scanid = daemon.create_scan(None, 'host.example.com', '80, 443', dict(port=5, ssh_timeout=15, - username_password='dummy:pw')) + username_password='dummy:pw'), '') res = daemon.run_command(scanid, 'host.example.com', 'cat /etc/passwd') self.assertTrue(isinstance(res, list)) self.assertEqual(commands, ['cat /etc/passwd']) diff --git a/tests/testScanAndResult.py b/tests/testScanAndResult.py index 07f79dbe..714f2302 100644 --- a/tests/testScanAndResult.py +++ b/tests/testScanAndResult.py @@ -5,7 +5,7 @@ import unittest import xml.etree.ElementTree as ET -from ospd.ospd import OSPDaemon +from ospd.ospd import OSPDaemon, OSPDError class Result(object): def __init__(self, type_, **kwargs): @@ -147,3 +147,30 @@ def testStopScan(self): '' % scan_id)) self.assertEqual(response.get('status'), '200') print(ET.tostring(response)) + + def testScanWithVTs(self): + daemon = DummyWrapper([]) + cmd = ET.fromstring('' + + '') + print(ET.tostring(cmd)) + self.assertRaises(OSPDError, daemon.handle_start_scan_command, cmd) + + response = ET.fromstring( + daemon.handle_command('' + + '1.2.3.4')) + print(ET.tostring(response)) + scan_id = response.findtext('id') + time.sleep(0.01) + self.assertEqual(daemon.get_scan_vts(scan_id), '1.2.3.4') + self.assertNotEqual(daemon.get_scan_vts(scan_id), '1.2.3.6') + + response = ET.fromstring( + daemon.handle_command('' + + '')) + print(ET.tostring(response)) + scan_id = response.findtext('id') + time.sleep(0.01) + self.assertEqual(daemon.get_scan_vts(scan_id), '') From 71d8ff4d8c669c749f8c97abcd082469e55cfa61 Mon Sep 17 00:00:00 2001 From: Juan Jose Nicola Date: Tue, 3 Jul 2018 17:12:19 +0200 Subject: [PATCH 2/2] Update documentation. --- doc/USAGE-ospd-scanner | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/USAGE-ospd-scanner b/doc/USAGE-ospd-scanner index d72d0575..91d7e5e7 100644 --- a/doc/USAGE-ospd-scanner +++ b/doc/USAGE-ospd-scanner @@ -92,7 +92,7 @@ $ gvm-cli socket --sockpath /var/run/ospd-scanner.sock --xml="/var/run/ospd-scanner.sock --xml="vt_id_1, vt_id_2" +$ gvm-cli socket --sockpath /var/run/ospd-scanner.sock --xml="vt_id_1, vt_id_2" Show the list of scans with status and results: