update project

80994c86 · thl-cmk · b9ab251e · 80994c86 · 80994c86 · 80994c86
Commit 80994c86 authored 3 years ago by thl-cmk
--- a/agents/custom/linux_all_spring4shell/lib/local/86400/local_spring-vuln-scanner.sh
+++ b/agents/custom/linux_all_spring4shell/lib/local/86400/local_spring-vuln-scanner.sh
@@ -50,15 +50,16 @@ CVES=${CVES##*( )}

 LONGOUTPUT="Checked for: $CVES\nScanned path: $DEST"

-DENIED=$(grep -c "$PATTERN_DENY" $LOGFILE)
+DENIED=$(grep -cE "$PATTERN_DENY" $LOGFILE)
 VULNERABLE=$(grep -cE "$PATTERN_VULNERABLE" $LOGFILE)
 INSPECTED=$(grep -cE "$PATTERN_INSPECTED" $LOGFILE)
+UNKNOWN=$(grep -vE "$PATTERN_DENY" $LOGFILE | grep -vE "$PATTERN_VULNERABLE" | grep -vE "$PATTERN_INSPECTED"  | grep -cvE "$PATTERN_CVES")

 END_DATE=$(date +%s)
 RUN_TIME=$(("$END_DATE" - "$START_DATE"))

 # Perfdata
-PERFDATA="files_inspected=$INSPECTED|files_vulnerable=$VULNERABLE;1;1|files_not_permitted=$DENIED;1|run_time=$RUN_TIME;"
+PERFDATA="files_inspected=$INSPECTED|files_vulnerable=$VULNERABLE;1;1|files_not_permitted=$DENIED;1|files_unknown=$UNKNOWN;|run_time=$RUN_TIME;"

 # Output if errors while scanning
 if [[ $EXITCODE -gt 0 ]]
@@ -87,6 +88,15 @@ then
  LONGOUTPUT="$LONGOUTPUT\n$FILES_DENIED"
 fi

+if [[ UNKNOWN -gt 0 ]]
+then
+  # get unknown files
+  FILES_UNKNOWN=$(grep -vE "$PATTERN_DENY" $LOGFILE | grep -vE "$PATTERN_VULNERABLE" | grep -vE "$PATTERN_INSPECTED"  | grep -cvE "$PATTERN_CVES")
+  FILES_UNKNOWN=$(echo "$FILES_UNKNOWN" | sed ':a;N;$!ba;s/\n/\\n/g')
+  FILES_UNKNOWN="\nFiles with unknown state:\n$FILES_UNKNOWN"
+  LONGOUTPUT="$LONGOUTPUT\n$FILES_UNKNOWN"
+fi
+
 # Default output
 echo "P $SERVICENAME $PERFDATA $MSG\n$LONGOUTPUT\n"

@@ -99,6 +109,7 @@ unset DEST
 unset END_DATE
 unset EXITCODE
 unset FILES_DENIED
+unset FILES_UNKNOWN
 unset FILES_VULNERABLE
 unset INSPECTED
 unset LOGFILE
@@ -115,6 +126,7 @@ unset PWD
 unset RUN_TIME
 unset SERVICENAME
 unset START_DATE
+unset UNKNOWN
 unset VULNERABLE
 unset WAITMAX
 unset WAITTIME

--- a/agents/custom/win_spring4shell/lib/local/local_spring-vuln-scanner.ps1
+++ b/agents/custom/win_spring4shell/lib/local/local_spring-vuln-scanner.ps1
@@ -56,9 +56,10 @@ if (Test-Path -Path "$LOGFILE" -PathType Leaf) {
  $CVES = (Select-String -Path $LOGFILE -CaseSensitive -Pattern $PATTERN_CVES | Select -ExpandProperty Line).split(":")[1].trim()
  $LONGOUTPUT="$LONGOUTPUT\nChecked for: $CVES"

-  # search for vulnerabilites and remove log file name from output:
+  # search for vulnerabilities and remove log file name from output:
  $FILES_VULNERABLE = Select-String -Path $LOGFILE -CaseSensitive -Pattern $PATTERN_VULNERABLE | Select -ExpandProperty Line
-  $VULNERABLE = $FILES_VULNERABLE.Length
+  # $FILES_VULNERABLE.Length does not work for one line match, it will then count the chars not the lines
+  $VULNERABLE = $FILES_VULNERABLE | Measure-Object | Select-Object -ExpandProperty count
  if ( $VULNERABLE -gt 0 ) {
    $FILES_VULNERABLE=($FILES_VULNERABLE -join "\n") -replace $PATTERN_REPLACE, ""
    $FILES_VULNERABLE = "\nIndicator for vulnerable component found in:\n$FILES_VULNERABLE"
@@ -71,16 +72,25 @@ if (Test-Path -Path "$LOGFILE" -PathType Leaf) {

  # search for denied files and remove log file name from output:
  $FILES_DENIED= (Select-String -Path $LOGFILE -CaseSensitive -Pattern $PATTERN_DENY) | Select -ExpandProperty Line
-  $DENIED = $FILES_DENIED.Length
+  $DENIED = $FILES_DENIED | Measure-Object | Select-Object -ExpandProperty count
  if ( $DENIED -gt 0 ) {
    $FILES_DENIED=($FILES_DENIED -join "\n")
    $FILES_DENIED = "\nUnscanned files:\n$FILES_DENIED"
    $LONGOUTPUT="$LONGOUTPUT\n$FILES_DENIED"
  }

+  # get anything else
+  $FILES_UNKNOWN = Select-String -Path $LOGFILE -CaseSensitive -Pattern $PATTERN_VULNERABLE -NotMatch | Select -ExpandProperty Line | Select-String -Pattern $PATTERN_DENY -NotMatch | Select-String -Pattern $PATTERN_INSPECTING -NotMatch | Select-String -Pattern $PATTERN_CVES -NotMatch
+  $UNKNOWN = $FILES_UNKNOWN | Measure-Object | Select-Object -ExpandProperty count
+  if ( $UNKNOWN -gt 0 ) {
+    $FILES_UNKNOWN=($FILES_UNKNOWN -join "\n")
+    $FILES_UNKNOWN = "\nFiles with unknown state:\n$FILES_UNKNOWN"
+    $LONGOUTPUT="$LONGOUTPUT\n$FILES_UNKNOWN"
+  }
+
  # get number of inspected .jar/.war files
  $FILES_INSPECTED = Select-String -Path $LOGFILE -CaseSensitive -Pattern $PATTERN_INSPECTING | Select -ExpandProperty Line
-  $INSPECTED = $FILES_INSPECTED.length
+  $INSPECTED = $FILES_INSPECTED | Measure-Object | Select-Object -ExpandProperty count

  # remove log file
  Remove-Item -Path $LOGFILE
@@ -92,7 +102,7 @@ if (Test-Path -Path "$LOGFILE" -PathType Leaf) {

 $END_TIME = Get-Date
 $RUN_TIME = (New-TimeSpan -Start $START_TIME -End $END_TIME).TotalSeconds
-$PERFDATA="files_inspected=$INSPECTED|files_vulnerable=$VULNERABLE;1;1|files_not_permitted=$DENIED;1|run_time=$RUN_TIME;"
+$PERFDATA="files_inspected=$INSPECTED|files_vulnerable=$VULNERABLE;1;1|files_not_permitted=$DENIED;1|files_unknown=$UNKNOWN;|run_time=$RUN_TIME;"
 write-output "P $($SVC_NAME) $PERFDATA $MSG\n$LONGOUTPUT\n"

 exit 0
--- a/packages/spring4shell
+++ b/packages/spring4shell
@@ -5,6 +5,9 @@
                '\n'
                'https://github.com/hillu/local-spring-vuln-scanner\n'
                '\n'
+                'Note: this plugin needs the spring4shell_executables.mkp '
+                'installed as well\n'
+                '\n'
                'Scan interval:\n'
                'Linux:daily (86400sec)\n'
                'Windows; Rule needed: Set cache age for plugins and local '
@@ -25,15 +28,14 @@
                '2022-04-05 Wrt running Windows baseversion together with '
                'Christopher\n'
                '2022-04-05 Wrt running Linux baseversion\n',
- 'download_url': '',
- 'files': {'agents': ['custom/linux_all_spring4shell/lib/bin/README',
-                      'custom/linux_all_spring4shell/lib/local/86400/local_spring-vuln-scanner.sh',
+ 'download_url': 'https://thl-cmk.hopto.org/gitlab/checkmk/vendor-independent/spring4shell',
+ 'files': {'agents': ['custom/linux_all_spring4shell/lib/local/86400/local_spring-vuln-scanner.sh',
                      'custom/win_spring4shell/lib/local/local_spring-vuln-scanner.ps1'],
           'web': ['plugins/metrics/spring4shell.py']},
 'name': 'spring4shell',
- 'num_files': 4,
+ 'num_files': 3,
 'title': 'Spring4Shell check plugin',
- 'version': '0.96a',
+ 'version': '1.3',
 'version.min_required': '2.0.0',
 'version.packaged': '2021.09.20',
 'version.usable_until': None}
\ No newline at end of file
--- a/spring4shell.mkp
+++ b/spring4shell.mkp
--- a/web/plugins/metrics/spring4shell.py
+++ b/web/plugins/metrics/spring4shell.py
@@ -19,12 +19,12 @@ from cmk.gui.plugins.metrics import (
 )

 metric_info['files_inspected'] = {
-    'title': _('Inspected files'),
+    'title': _('Files inspected'),
    'unit': 'count',
    'color': '31/a',
 }
 metric_info['files_vulnerable'] = {
-    'title': _('Vulnerable'),
+    'title': _('Files vulnerable'),
    'unit': 'count',
    'color': '11/a',
 }
@@ -33,6 +33,11 @@ metric_info['files_not_permitted'] = {
    'unit': 'count',
    'color': '21/a',
 }
+metric_info['files_unknown'] = {
+    'title': _('Files unknown'),
+    'unit': 'count',
+    'color': '41/a',
+}
 metric_info['run_time'] = {
    'title': _('Run time'),
    'unit': 's',