diff --git a/doc/OSP.xml b/doc/OSP.xml
index 9bada8ca..9120e19c 100644
--- a/doc/OSP.xml
+++ b/doc/OSP.xml
@@ -779,6 +779,14 @@ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
modification_time
vt_params
vt_refs
+ dependencies
+ summary
+ impact
+ affected
+ insight
+ solution
+ detection
+ severities
custom
@@ -795,6 +803,63 @@ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
vt_refs
+
+ ref
+
+
+ ref
+
+
+ type
+ string
+
+
+ id
+ string
+
+
+
+
+
+ dependencies
+
+
+ summary
+
+
+ impact
+
+
+ affected
+
+
+ insight
+
+
+ solution
+
+
+ detection
+
+
+ severities
+
+ seveirty
+
+
+ seveirty
+
+
+ type
+ string
+
+
+ origin
+ Optional reference to the origin of the severity
+ string
+
+
+
custom
@@ -821,7 +886,7 @@ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- Get information for a single vulnerability test with creation and modification times
+ Get information for a single vulnerability test
@@ -830,8 +895,25 @@ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
Check for presence of vulnerability X
- 1900-01-01
- 2000-01-01
+
+
+
+
+
+
+
+
+ 2015-02-15 05:47:27 +0100 (Sun, 15 Feb 2015)
+ $Date: 2017-07-10 08:34:32 +0200 (Mon, 10 Jul 2017) $
+ Check the version of App
+ App in OS v2
+ App is a small but very powerful app.
+ Please Install the Updated Packages.
+
+ Get the installed version with the help of detect NVT and check if the version is vulnerable or not.
+
+ AV:N/AC:L/Au:N/C:N/I:N/A:P
+
diff --git a/ospd/ospd.py b/ospd/ospd.py
index f433038e..d476f9d6 100644
--- a/ospd/ospd.py
+++ b/ospd/ospd.py
@@ -295,7 +295,10 @@ def add_scanner_param(self, name, scanner_param):
{k: v['name'] for k, v in self.scanner_params.items()}}
def add_vt(self, vt_id, name=None, vt_params=None, vt_refs=None,
- custom=None, vt_creation_time=None, vt_modification_time=None):
+ custom=None, vt_creation_time=None, vt_modification_time=None,
+ vt_dependencies=None, summary=None, impact=None, affected=None,
+ insight=None, solution=None, solution_t=None, detection=None,
+ qod_t=None, qod_v=None, severities=None):
""" Add a vulnerability test information.
Returns: The new number of stored VTs.
@@ -323,10 +326,33 @@ def add_vt(self, vt_id, name=None, vt_params=None, vt_refs=None,
self.vts[vt_id]["vt_params"] = vt_params
if vt_refs is not None:
self.vts[vt_id]["vt_refs"] = vt_refs
+ if vt_dependencies is not None:
+ self.vts[vt_id]["vt_dependencies"] = vt_dependencies
if vt_creation_time is not None:
self.vts[vt_id]["creation_time"] = vt_creation_time
if vt_modification_time is not None:
self.vts[vt_id]["modification_time"] = vt_modification_time
+ if summary is not None:
+ self.vts[vt_id]["summary"] = summary
+ if impact is not None:
+ self.vts[vt_id]["impact"] = impact
+ if affected is not None:
+ self.vts[vt_id]["affected"] = affected
+ if insight is not None:
+ self.vts[vt_id]["insight"] = insight
+ if solution is not None:
+ self.vts[vt_id]["solution"] = solution
+ if solution_t is not None:
+ self.vts[vt_id]["solution_type"] = solution_t
+ if detection is not None:
+ self.vts[vt_id]["detection"] = detection
+ if qod_t is not None:
+ self.vts[vt_id]["qod_type"] = qod_t
+ elif qod_v is not None:
+ self.vts[vt_id]["qod"] = qod_v
+ if severities is not None:
+ self.vts[vt_id]["severities"] = severities
+
return len(self.vts)
def command_exists(self, name):
@@ -1112,7 +1138,7 @@ def get_scan_xml(self, scan_id, detailed=True, pop_res=False):
return response
@staticmethod
- def get_custom_vt_as_xml_str(custom):
+ def get_custom_vt_as_xml_str(vt_id, custom):
""" Create a string representation of the XML object from the
custom data object.
This needs to be implemented by each ospd wrapper, in case
@@ -1126,7 +1152,7 @@ def get_custom_vt_as_xml_str(custom):
return ''
@staticmethod
- def get_params_vt_as_xml_str(vt_params):
+ def get_params_vt_as_xml_str(vt_id, vt_params):
""" Create a string representation of the XML object from the
vt_params data object.
This needs to be implemented by each ospd wrapper, in case
@@ -1140,7 +1166,7 @@ def get_params_vt_as_xml_str(vt_params):
return ''
@staticmethod
- def get_refs_vt_as_xml_str(vt_refs):
+ def get_refs_vt_as_xml_str(vt_id, vt_refs):
""" Create a string representation of the XML object from the
vt_refs data object.
This needs to be implemented by each ospd wrapper, in case
@@ -1154,7 +1180,21 @@ def get_refs_vt_as_xml_str(vt_refs):
return ''
@staticmethod
- def get_creation_time_vt_as_xml_str(vt_creation_time):
+ def get_dependencies_vt_as_xml_str(vt_id, vt_dependencies):
+ """ Create a string representation of the XML object from the
+ vt_dependencies data object.
+ This needs to be implemented by each ospd wrapper, in case
+ vt_dependencies elements for VTs are used.
+
+ The vt_dependencies XML object which is returned will be embedded
+ into a element.
+
+ @return: XML object as string for vt dependencies data.
+ """
+ return ''
+
+ @staticmethod
+ def get_creation_time_vt_as_xml_str(vt_id, vt_creation_time):
""" Create a string representation of the XML object from the
vt_creation_time data object.
This needs to be implemented by each ospd wrapper, in case
@@ -1168,7 +1208,7 @@ def get_creation_time_vt_as_xml_str(vt_creation_time):
return ''
@staticmethod
- def get_modification_time_vt_as_xml_str(vt_modification_time):
+ def get_modification_time_vt_as_xml_str(vt_id, vt_modification_time):
""" Create a string representation of the XML object from the
vt_modification_time data object.
This needs to be implemented by each ospd wrapper, in case
@@ -1181,6 +1221,104 @@ def get_modification_time_vt_as_xml_str(vt_modification_time):
"""
return ''
+ @staticmethod
+ def get_summary_vt_as_xml_str(vt_id, summary):
+ """ Create a string representation of the XML object from the
+ summary data object.
+ This needs to be implemented by each ospd wrapper, in case
+ summary elements for VTs are used.
+
+ The summary XML object which is returned will be embedded
+ into a element.
+
+ @return: XML object as string for summary data.
+ """
+ return ''
+
+ @staticmethod
+ def get_impact_vt_as_xml_str(vt_id, impact):
+ """ Create a string representation of the XML object from the
+ impact data object.
+ This needs to be implemented by each ospd wrapper, in case
+ impact elements for VTs are used.
+
+ The impact XML object which is returned will be embedded
+ into a element.
+
+ @return: XML object as string for impact data.
+ """
+ return ''
+
+ @staticmethod
+ def get_affected_vt_as_xml_str(vt_id, affected):
+ """ Create a string representation of the XML object from the
+ affected data object.
+ This needs to be implemented by each ospd wrapper, in case
+ affected elements for VTs are used.
+
+ The affected XML object which is returned will be embedded
+ into a element.
+
+ @return: XML object as string for affected data.
+ """
+ return ''
+
+ @staticmethod
+ def get_insight_vt_as_xml_str(vt_id, insight):
+ """ Create a string representation of the XML object from the
+ insight data object.
+ This needs to be implemented by each ospd wrapper, in case
+ insight elements for VTs are used.
+
+ The insight XML object which is returned will be embedded
+ into a element.
+
+ @return: XML object as string for insight data.
+ """
+ return ''
+
+ @staticmethod
+ def get_solution_vt_as_xml_str(vt_id, solution, solution_type=None):
+ """ Create a string representation of the XML object from the
+ solution data object.
+ This needs to be implemented by each ospd wrapper, in case
+ solution elements for VTs are used.
+
+ The solution XML object which is returned will be embedded
+ into a element.
+
+ @return: XML object as string for solution data.
+ """
+ return ''
+
+ @staticmethod
+ def get_detection_vt_as_xml_str(vt_id, detection=None, qod_type=None, qod=None):
+ """ Create a string representation of the XML object from the
+ detection data object.
+ This needs to be implemented by each ospd wrapper, in case
+ detection elements for VTs are used.
+
+ The detection XML object which is returned is an element with
+ tag element
+
+ @return: XML object as string for detection data.
+ """
+ return ''
+
+ @staticmethod
+ def get_severities_vt_as_xml_str(vt_id, severities):
+ """ Create a string representation of the XML object from the
+ severities data object.
+ This needs to be implemented by each ospd wrapper, in case
+ severities elements for VTs are used.
+
+ The severities XML objects which are returned will be embedded
+ into a element.
+
+ @return: XML object as string for severities data.
+ """
+ return ''
+
def get_vt_xml(self, vt_id):
""" Gets a single vulnerability test information in XML format.
@@ -1199,38 +1337,81 @@ def get_vt_xml(self, vt_id):
elem = SubElement(vt_xml, name)
elem.text = str(value)
- if vt.get('custom'):
- custom_xml_str = (
- '%s' % self.get_custom_vt_as_xml_str(
- vt.get('custom')))
- vt_xml.append(secET.fromstring(custom_xml_str))
-
if vt.get('vt_params'):
params_xml_str = (
'%s' % self.get_params_vt_as_xml_str(
- vt.get('vt_params')))
+ vt_id, vt.get('vt_params')))
vt_xml.append(secET.fromstring(params_xml_str))
if vt.get('vt_refs'):
refs_xml_str = (
'%s' % self.get_refs_vt_as_xml_str(
- vt.get('vt_refs')))
+ vt_id, vt.get('vt_refs')))
vt_xml.append(secET.fromstring(refs_xml_str))
+ if vt.get('vt_dependencies'):
+ dependencies = self.get_dependencies_vt_as_xml_str(
+ vt_id, vt.get('vt_dependencies'))
+ deps_xml_str = (
+ '%s' % dependencies)
+ vt_xml.append(secET.fromstring(deps_xml_str))
+
if vt.get('creation_time'):
vt_ctime = self.get_creation_time_vt_as_xml_str(
- vt.get('creation_time'))
+ vt_id, vt.get('creation_time'))
creation_time_xml_str = (
'%s' % vt_ctime)
vt_xml.append(secET.fromstring(creation_time_xml_str))
if vt.get('modification_time'):
vt_mtime = self.get_modification_time_vt_as_xml_str(
- vt.get('modification_time'))
+ vt_id, vt.get('modification_time'))
modification_time_xml_str = (
'%s' % vt_mtime)
vt_xml.append(secET.fromstring(modification_time_xml_str))
+ if vt.get('summary'):
+ summary_xml_str = self.get_summary_vt_as_xml_str(
+ vt_id, vt.get('summary'))
+ vt_xml.append(secET.fromstring(summary_xml_str))
+
+ if vt.get('impact'):
+ impact_xml_str = self.get_impact_vt_as_xml_str(
+ vt_id, vt.get('impact'))
+ vt_xml.append(secET.fromstring(impact_xml_str))
+
+ if vt.get('affected'):
+ affected_xml_str = self.get_affected_vt_as_xml_str(
+ vt_id, vt.get('affected'))
+ vt_xml.append(secET.fromstring(affected_xml_str))
+
+ if vt.get('insight'):
+ insight_xml_str = self.get_insight_vt_as_xml_str(
+ vt_id, vt.get('insight'))
+ vt_xml.append(secET.fromstring(insight_xml_str))
+
+ if vt.get('solution'):
+ solution_xml_str = self.get_solution_vt_as_xml_str(
+ vt_id, vt.get('solution'), vt.get('solution_type'))
+ vt_xml.append(secET.fromstring(solution_xml_str))
+
+ if vt.get('detection') or vt.get('qod_type') or vt.get('qod'):
+ detection_xml_str = self.get_detection_vt_as_xml_str(
+ vt_id, vt.get('detection'), vt.get('qod_type'), vt.get('qod'))
+ vt_xml.append(secET.fromstring(detection_xml_str))
+
+ if vt.get('severities'):
+ severities_xml_str = (
+ '%s' % self.get_severities_vt_as_xml_str(
+ vt_id, vt.get('severities')))
+ vt_xml.append(secET.fromstring(severities_xml_str))
+
+ if vt.get('custom'):
+ custom_xml_str = (
+ '%s' % self.get_custom_vt_as_xml_str(
+ vt_id, vt.get('custom')))
+ vt_xml.append(secET.fromstring(custom_xml_str))
+
return vt_xml
def get_vts_xml(self, vt_id=''):
diff --git a/tests/testScanAndResult.py b/tests/testScanAndResult.py
index 0461b072..9600e6f6 100644
--- a/tests/testScanAndResult.py
+++ b/tests/testScanAndResult.py
@@ -52,10 +52,12 @@ def __init__(self, results, checkresult=True):
def check(self):
return self.checkresults
- def get_custom_vt_as_xml_str(self, custom):
+ @staticmethod
+ def get_custom_vt_as_xml_str(vt_id, custom):
return 'static test'
- def get_params_vt_as_xml_str(self, vt_param):
+ @staticmethod
+ def get_params_vt_as_xml_str(vt_id, vt_params):
return (''
'ABCTest ABCyes'
''
@@ -63,11 +65,63 @@ def get_params_vt_as_xml_str(self, vt_param):
'DEFTest DEFno'
'')
- def get_refs_vt_as_xml_str(self, vt_refs):
+ @staticmethod
+ def get_refs_vt_as_xml_str(vt_id, vt_refs):
response = ('' +
'')
return response
+ @staticmethod
+ def get_dependencies_vt_as_xml_str(vt_id, vt_dependencies):
+ response = ('' +
+ '')
+
+ return response
+
+ @staticmethod
+ def get_severities_vt_as_xml_str(vt_id, severities):
+ response = ('' +
+ 'AV:N/AC:L/Au:N/C:N/I:N/A:P')
+
+ return response
+
+ @staticmethod
+ def get_detection_vt_as_xml_str(vt_id, detection=None,
+ qod_type=None, qod=None):
+ response = ('some detection')
+
+ return response
+
+ @staticmethod
+ def get_summary_vt_as_xml_str(vt_id, summary):
+ response = ('Some summary')
+
+ return response
+
+ @staticmethod
+ def get_affected_vt_as_xml_str(vt_id, affected):
+ response = ('Some affected')
+
+ return response
+
+ @staticmethod
+ def get_impact_vt_as_xml_str(vt_id, impact):
+ response = ('Some impact')
+
+ return response
+
+ @staticmethod
+ def get_insight_vt_as_xml_str(vt_id, insight):
+ response = ('Some insight')
+
+ return response
+
+ @staticmethod
+ def get_solution_vt_as_xml_str(vt_id, solution, solution_type=None):
+ response = ('Some solution')
+
+ return response
+
def exec_scan(self, scan_id, target):
time.sleep(0.01)
for res in self.results:
@@ -182,6 +236,117 @@ def testGetVTs_VTs_with_refs(self):
refs = response.findall('vts/vt/vt_refs/ref')
self.assertEqual(2, len(refs))
+ def testGetVTs_VTs_with_dependencies(self):
+ daemon = DummyWrapper([])
+ daemon.add_vt('1.2.3.4',
+ 'A vulnerability test',
+ vt_params="a",
+ custom="b",
+ vt_dependencies="c",)
+ response = secET.fromstring(
+ daemon.handle_command(''))
+ deps = response.findall('vts/vt/dependencies/dependency')
+ self.assertEqual(2, len(deps))
+
+ def testGetVTs_VTs_with_severities(self):
+ daemon = DummyWrapper([])
+ daemon.add_vt('1.2.3.4',
+ 'A vulnerability test',
+ vt_params="a",
+ custom="b",
+ severities="c",)
+ response = secET.fromstring(
+ daemon.handle_command(''))
+ severity = response.findall('vts/vt/severities/severity')
+ self.assertEqual(1, len(severity))
+
+ def testGetVTs_VTs_with_detection_qodt(self):
+ daemon = DummyWrapper([])
+ daemon.add_vt('1.2.3.4',
+ 'A vulnerability test',
+ vt_params="a",
+ custom="b",
+ detection="c",
+ qod_t="d")
+ response = secET.fromstring(
+ daemon.handle_command(''))
+ detection = response.findall('vts/vt/detection')
+ self.assertEqual(1, len(detection))
+
+ def testGetVTs_VTs_with_detection_qodv(self):
+ daemon = DummyWrapper([])
+ daemon.add_vt('1.2.3.4',
+ 'A vulnerability test',
+ vt_params="a",
+ custom="b",
+ detection="c",
+ qod_v="d")
+ response = secET.fromstring(
+ daemon.handle_command(''))
+ detection = response.findall('vts/vt/detection')
+ self.assertEqual(1, len(detection))
+
+ def testGetVTs_VTs_with_summary(self):
+ daemon = DummyWrapper([])
+ daemon.add_vt('1.2.3.4',
+ 'A vulnerability test',
+ vt_params="a",
+ custom="b",
+ summary="c",)
+ response = secET.fromstring(
+ daemon.handle_command(''))
+ summary = response.findall('vts/vt/summary')
+ self.assertEqual(1, len(summary))
+
+ def testGetVTs_VTs_with_impact(self):
+ daemon = DummyWrapper([])
+ daemon.add_vt('1.2.3.4',
+ 'A vulnerability test',
+ vt_params="a",
+ custom="b",
+ impact="c",)
+ response = secET.fromstring(
+ daemon.handle_command(''))
+ impact = response.findall('vts/vt/impact')
+ self.assertEqual(1, len(impact))
+
+ def testGetVTs_VTs_with_affected(self):
+ daemon = DummyWrapper([])
+ daemon.add_vt('1.2.3.4',
+ 'A vulnerability test',
+ vt_params="a",
+ custom="b",
+ affected="c",)
+ response = secET.fromstring(
+ daemon.handle_command(''))
+ affect = response.findall('vts/vt/affected')
+ self.assertEqual(1, len(affect))
+
+ def testGetVTs_VTs_with_insight(self):
+ daemon = DummyWrapper([])
+ daemon.add_vt('1.2.3.4',
+ 'A vulnerability test',
+ vt_params="a",
+ custom="b",
+ insight="c",)
+ response = secET.fromstring(
+ daemon.handle_command(''))
+ insight = response.findall('vts/vt/insight')
+ self.assertEqual(1, len(insight))
+
+ def testGetVTs_VTs_with_solution(self):
+ daemon = DummyWrapper([])
+ daemon.add_vt('1.2.3.4',
+ 'A vulnerability test',
+ vt_params="a",
+ custom="b",
+ solution="c",
+ solution_t="d")
+ response = secET.fromstring(
+ daemon.handle_command(''))
+ solution = response.findall('vts/vt/solution')
+ self.assertEqual(1, len(solution))
+
def testiScanWithError(self):
daemon = DummyWrapper([
Result('error', value='something went wrong'),