diff --git a/agents/custom/linux_all_spring4shell/lib/local/86400/local_spring-vuln-scanner.sh b/agents/custom/linux_all_spring4shell/lib/local/86400/local_spring-vuln-scanner.sh
index 960fa6e126bb8f29c50e06034bfc8e7ec36aa064..e9e2277e5053919c95023b68b2d6105beb31020e 100755
--- a/agents/custom/linux_all_spring4shell/lib/local/86400/local_spring-vuln-scanner.sh
+++ b/agents/custom/linux_all_spring4shell/lib/local/86400/local_spring-vuln-scanner.sh
@@ -50,15 +50,16 @@ CVES=${CVES##*( )}
LONGOUTPUT="Checked for: $CVES\nScanned path: $DEST"
-DENIED=$(grep -c "$PATTERN_DENY" $LOGFILE)
+DENIED=$(grep -cE "$PATTERN_DENY" $LOGFILE)
VULNERABLE=$(grep -cE "$PATTERN_VULNERABLE" $LOGFILE)
INSPECTED=$(grep -cE "$PATTERN_INSPECTED" $LOGFILE)
+UNKNOWN=$(grep -vE "$PATTERN_DENY" $LOGFILE | grep -vE "$PATTERN_VULNERABLE" | grep -vE "$PATTERN_INSPECTED" | grep -cvE "$PATTERN_CVES")
END_DATE=$(date +%s)
RUN_TIME=$(("$END_DATE" - "$START_DATE"))
# Perfdata
-PERFDATA="files_inspected=$INSPECTED|files_vulnerable=$VULNERABLE;1;1|files_not_permitted=$DENIED;1|run_time=$RUN_TIME;"
+PERFDATA="files_inspected=$INSPECTED|files_vulnerable=$VULNERABLE;1;1|files_not_permitted=$DENIED;1|files_unknown=$UNKNOWN;|run_time=$RUN_TIME;"
# Output if errors while scanning
if [[ $EXITCODE -gt 0 ]]
@@ -87,6 +88,15 @@ then
LONGOUTPUT="$LONGOUTPUT\n$FILES_DENIED"
fi
+if [[ UNKNOWN -gt 0 ]]
+then
+ # get unknown files
+ FILES_UNKNOWN=$(grep -vE "$PATTERN_DENY" $LOGFILE | grep -vE "$PATTERN_VULNERABLE" | grep -vE "$PATTERN_INSPECTED" | grep -cvE "$PATTERN_CVES")
+ FILES_UNKNOWN=$(echo "$FILES_UNKNOWN" | sed ':a;N;$!ba;s/\n/\\n/g')
+ FILES_UNKNOWN="\nFiles with unknown state:\n$FILES_UNKNOWN"
+ LONGOUTPUT="$LONGOUTPUT\n$FILES_UNKNOWN"
+fi
+
# Default output
echo "P $SERVICENAME $PERFDATA $MSG\n$LONGOUTPUT\n"
@@ -99,6 +109,7 @@ unset DEST
unset END_DATE
unset EXITCODE
unset FILES_DENIED
+unset FILES_UNKNOWN
unset FILES_VULNERABLE
unset INSPECTED
unset LOGFILE
@@ -115,6 +126,7 @@ unset PWD
unset RUN_TIME
unset SERVICENAME
unset START_DATE
+unset UNKNOWN
unset VULNERABLE
unset WAITMAX
unset WAITTIME
diff --git a/agents/custom/win_spring4shell/lib/local/local_spring-vuln-scanner.ps1 b/agents/custom/win_spring4shell/lib/local/local_spring-vuln-scanner.ps1
index f9a1e3c16414756e761270f970a3cb0e994d031f..9da860851d8cd86c0a257eb050ad750c292cbdda 100755
--- a/agents/custom/win_spring4shell/lib/local/local_spring-vuln-scanner.ps1
+++ b/agents/custom/win_spring4shell/lib/local/local_spring-vuln-scanner.ps1
@@ -56,9 +56,10 @@ if (Test-Path -Path "$LOGFILE" -PathType Leaf) {
$CVES = (Select-String -Path $LOGFILE -CaseSensitive -Pattern $PATTERN_CVES | Select -ExpandProperty Line).split(":")[1].trim()
$LONGOUTPUT="$LONGOUTPUT\nChecked for: $CVES"
- # search for vulnerabilites and remove log file name from output:
+ # search for vulnerabilities and remove log file name from output:
$FILES_VULNERABLE = Select-String -Path $LOGFILE -CaseSensitive -Pattern $PATTERN_VULNERABLE | Select -ExpandProperty Line
- $VULNERABLE = $FILES_VULNERABLE.Length
+ # $FILES_VULNERABLE.Length does not work for one line match, it will then count the chars not the lines
+ $VULNERABLE = $FILES_VULNERABLE | Measure-Object | Select-Object -ExpandProperty count
if ( $VULNERABLE -gt 0 ) {
$FILES_VULNERABLE=($FILES_VULNERABLE -join "\n") -replace $PATTERN_REPLACE, ""
$FILES_VULNERABLE = "\nIndicator for vulnerable component found in:\n$FILES_VULNERABLE"
@@ -71,16 +72,25 @@ if (Test-Path -Path "$LOGFILE" -PathType Leaf) {
# search for denied files and remove log file name from output:
$FILES_DENIED= (Select-String -Path $LOGFILE -CaseSensitive -Pattern $PATTERN_DENY) | Select -ExpandProperty Line
- $DENIED = $FILES_DENIED.Length
+ $DENIED = $FILES_DENIED | Measure-Object | Select-Object -ExpandProperty count
if ( $DENIED -gt 0 ) {
$FILES_DENIED=($FILES_DENIED -join "\n")
$FILES_DENIED = "\nUnscanned files:\n$FILES_DENIED"
$LONGOUTPUT="$LONGOUTPUT\n$FILES_DENIED"
}
+ # get anything else
+ $FILES_UNKNOWN = Select-String -Path $LOGFILE -CaseSensitive -Pattern $PATTERN_VULNERABLE -NotMatch | Select -ExpandProperty Line | Select-String -Pattern $PATTERN_DENY -NotMatch | Select-String -Pattern $PATTERN_INSPECTING -NotMatch | Select-String -Pattern $PATTERN_CVES -NotMatch
+ $UNKNOWN = $FILES_UNKNOWN | Measure-Object | Select-Object -ExpandProperty count
+ if ( $UNKNOWN -gt 0 ) {
+ $FILES_UNKNOWN=($FILES_UNKNOWN -join "\n")
+ $FILES_UNKNOWN = "\nFiles with unknown state:\n$FILES_UNKNOWN"
+ $LONGOUTPUT="$LONGOUTPUT\n$FILES_UNKNOWN"
+ }
+
# get number of inspected .jar/.war files
$FILES_INSPECTED = Select-String -Path $LOGFILE -CaseSensitive -Pattern $PATTERN_INSPECTING | Select -ExpandProperty Line
- $INSPECTED = $FILES_INSPECTED.length
+ $INSPECTED = $FILES_INSPECTED | Measure-Object | Select-Object -ExpandProperty count
# remove log file
Remove-Item -Path $LOGFILE
@@ -92,7 +102,7 @@ if (Test-Path -Path "$LOGFILE" -PathType Leaf) {
$END_TIME = Get-Date
$RUN_TIME = (New-TimeSpan -Start $START_TIME -End $END_TIME).TotalSeconds
-$PERFDATA="files_inspected=$INSPECTED|files_vulnerable=$VULNERABLE;1;1|files_not_permitted=$DENIED;1|run_time=$RUN_TIME;"
+$PERFDATA="files_inspected=$INSPECTED|files_vulnerable=$VULNERABLE;1;1|files_not_permitted=$DENIED;1|files_unknown=$UNKNOWN;|run_time=$RUN_TIME;"
write-output "P $($SVC_NAME) $PERFDATA $MSG\n$LONGOUTPUT\n"
exit 0
diff --git a/packages/spring4shell b/packages/spring4shell
index 7d5b81c670a39236867b94ba87c86ce08a375d85..74e85e7f046c06e57e3dfcabca13a3acf72dcba4 100644
--- a/packages/spring4shell
+++ b/packages/spring4shell
@@ -5,6 +5,9 @@
'\n'
'https://github.com/hillu/local-spring-vuln-scanner\n'
'\n'
+ 'Note: this plugin needs the spring4shell_executables.mkp '
+ 'installed as well\n'
+ '\n'
'Scan interval:\n'
'Linux:daily (86400sec)\n'
'Windows; Rule needed: Set cache age for plugins and local '
@@ -25,15 +28,14 @@
'2022-04-05 Wrt running Windows baseversion together with '
'Christopher\n'
'2022-04-05 Wrt running Linux baseversion\n',
- 'download_url': '',
- 'files': {'agents': ['custom/linux_all_spring4shell/lib/bin/README',
- 'custom/linux_all_spring4shell/lib/local/86400/local_spring-vuln-scanner.sh',
+ 'download_url': 'https://thl-cmk.hopto.org/gitlab/checkmk/vendor-independent/spring4shell',
+ 'files': {'agents': ['custom/linux_all_spring4shell/lib/local/86400/local_spring-vuln-scanner.sh',
'custom/win_spring4shell/lib/local/local_spring-vuln-scanner.ps1'],
'web': ['plugins/metrics/spring4shell.py']},
'name': 'spring4shell',
- 'num_files': 4,
+ 'num_files': 3,
'title': 'Spring4Shell check plugin',
- 'version': '0.96a',
+ 'version': '1.3',
'version.min_required': '2.0.0',
'version.packaged': '2021.09.20',
'version.usable_until': None}
\ No newline at end of file
diff --git a/spring4shell.mkp b/spring4shell.mkp
index 20eddde1064048271421cfd169deac4d0e111c25..a16da5ae8c2598d97b8afc00ae8e832b1d86d4ee 100644
Binary files a/spring4shell.mkp and b/spring4shell.mkp differ
diff --git a/web/plugins/metrics/spring4shell.py b/web/plugins/metrics/spring4shell.py
index bf52ddc556879624afb6de38696d8621b818b9d7..146fbb3aaa55e87a25bea3fbf3fb7d6523d7faaa 100644
--- a/web/plugins/metrics/spring4shell.py
+++ b/web/plugins/metrics/spring4shell.py
@@ -19,12 +19,12 @@ from cmk.gui.plugins.metrics import (
)
metric_info['files_inspected'] = {
- 'title': _('Inspected files'),
+ 'title': _('Files inspected'),
'unit': 'count',
'color': '31/a',
}
metric_info['files_vulnerable'] = {
- 'title': _('Vulnerable'),
+ 'title': _('Files vulnerable'),
'unit': 'count',
'color': '11/a',
}
@@ -33,6 +33,11 @@ metric_info['files_not_permitted'] = {
'unit': 'count',
'color': '21/a',
}
+metric_info['files_unknown'] = {
+ 'title': _('Files unknown'),
+ 'unit': 'count',
+ 'color': '41/a',
+}
metric_info['run_time'] = {
'title': _('Run time'),
'unit': 's',