openkylin
/
genmai
mirror of https://gitee.com/openkylin/genmai.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity

修改System的报告功能和格式

This commit is contained in:
chenxinquan 2023-08-04 14:27:10 +08:00
parent 354a8c5aff
commit 76b678eebd
4 changed files with 341 additions and 80 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

188
src/genmai/ExplorerBaseLine.go
View File

@ -2,10 +2,11 @@
package genmai
import (
"golang.org/x/crypto/ssh"
"time"
// "golang.org/x/crypto/ssh"
// "time"
"bytes"
"log"
"os"
"os/exec"
"strings"
sandbox "main/genmai/Sandbox"
@ -64,16 +65,25 @@ func
}
func
(ek *ExplorerBaseLine)EexcBaseline(execPoc string,
args ...string ) string {
cmd := exec.Command(execPoc,args...)
(ek *ExplorerBaseLine)EexcBaseline(baselineInter string,baselinePath string,execPoc string,args ...string ) string {
execPoc=baselinePath+"/"+execPoc
var arry []string
arry = append(arry,execPoc)
arry = append(arry,args...)
// 虚拟环境处理
baselineInter = strings.TrimSpace(baselineInter)
if baselineInter == "python3" {
_,arch:=GetCurrentFw()
baselineInter = "../data/SandboxViPyEnv/"+arch+"/myenv/bin/python3"
}
cmd := exec.Command(baselineInter,arry...)
var stdout, stderr bytes.Buffer
cmd.Stdout = &stdout // 标准输出
cmd.Stderr = &stderr // 标准错误
err := cmd.Run()
outStr, errStr := string(stdout.Bytes()), string(stderr.Bytes())
if len(errStr)!=0{
fmt.Printf(errStr)
fmt.Println(errStr)
}
outStr=strings.TrimSpace(outStr)
if err != nil {
@ -85,90 +95,125 @@ func
func
(ek *ExplorerBaseLine)HPowerEexcBaseline(exec string,passwd string,args ...string)(result string){
sshHost := "127.0.0.1"
(ek *ExplorerBaseLine)HPowerEexcBaseline(baselineInter string,baselinePath string,execPoc string,passwd string,args ...string)(result string){
// sshHost := "127.0.0.1"
sshUser := "root"
// sshUser := "root"
sshPassword := passwd
// sshPassword := passwd
sshType := "password"
// sshType := "password"
sshPort := 22
// sshPort := 22
//创建sshp登陆配置
// //创建sshp登陆配置
config := &ssh.ClientConfig{
// config := &ssh.ClientConfig{
Timeout: 5*time.Second,//ssh 连接time out 时间一秒钟, 如果ssh验证错误 会在一秒内返回
// Timeout: 5*time.Second,//ssh 连接time out 时间一秒钟, 如果ssh验证错误 会在一秒内返回
User: sshUser,
// User: sshUser,
HostKeyCallback: ssh.InsecureIgnoreHostKey(), //这个可以, 但是不够安全
// HostKeyCallback: ssh.InsecureIgnoreHostKey(), //这个可以, 但是不够安全
//HostKeyCallback: hostKeyCallBackFunc(h.Host),
// //HostKeyCallback: hostKeyCallBackFunc(h.Host),
}
// }
//
var command string
for i:=0;i<len(args);i++{
command=command+args[i]+" "
}
command=exec+" "+command
if sshType == "password" {
// //
// var command string
// command =" "+baselinePath+"/"+exec+" "
// for i:=0;i<len(args);i++{
// command=command+args[i]+" "
// }
// command=baselineInter+command
// if sshType == "password" {
config.Auth = []ssh.AuthMethod{ssh.Password(sshPassword)}
// config.Auth = []ssh.AuthMethod{ssh.Password(sshPassword)}
}
// }
//dial 获取ssh client
// //dial 获取ssh client
addr := fmt.Sprintf("%s:%d", sshHost, sshPort)
// addr := fmt.Sprintf("%s:%d", sshHost, sshPort)
sshClient, err := ssh.Dial("tcp", addr, config)
// sshClient, err := ssh.Dial("tcp", addr, config)
if err != nil {
// if err != nil {
BaseLineError:="Error: Baseline high power connect fail,"
fmt.Printf("%c[%d;%d;%dm%s%c[0m", 0x1B, 0, 0, 31, BaseLineError, 0x1B)
fmt.Printf("%c[%d;%d;%dm%s%c[0m\n", 0x1B, 0, 0, 31, err, 0x1B)
log.Fatal("Error: Baseline high power connect fail,",err)
// BaseLineError:="Error: Baseline high power connect fail,"
// fmt.Printf("%c[%d;%d;%dm%s%c[0m", 0x1B, 0, 0, 31, BaseLineError, 0x1B)
// fmt.Printf("%c[%d;%d;%dm%s%c[0m\n", 0x1B, 0, 0, 31, err, 0x1B)
// log.Fatal("Error: Baseline high power connect fail,",err)
// }
}
// defer sshClient.Close()
defer sshClient.Close()
// //创建ssh-session
//创建ssh-session
// session, err := sshClient.NewSession()
session, err := sshClient.NewSession()
// if err != nil {
if err != nil {
fmt.Println("Baseline session fail,",err)
log.Fatal("Creat ssh session fail,",err)
// fmt.Println("Baseline session fail,",err)
// log.Fatal("Creat ssh session fail,",err)
}
// }
defer session.Close()
// defer session.Close()
//执行远程命令
combo,err := session.CombinedOutput(command)
// //执行远程命令
// command = "pwd"
if err != nil {
BaseLineErr:="Baseline high power cmd fail"
fmt.Printf("%c[%d;%d;%dm%s%c[0m", 0x1B, 0, 0, 31, BaseLineErr, 0x1B)
fmt.Printf("%c[%d;%d;%dm%s%c[0m\n", 0x1B, 0, 0, 31, err, 0x1B)
log.Fatal("Baseline high power cmd fail",err," ",command)
// combo,err := session.Output(command)
// // combo,err := session.Output("python3 /home/song/桌面/genmai_gitlab/src/../data/BaseLine/LocalServices/firewall/check_firewall_log/check_firewall_log.py zh")
// if err != nil {
// BaseLineErr:="Baseline high power cmd fail"
// fmt.Printf("%c[%d;%d;%dm%s%c[0m", 0x1B, 0, 0, 31, BaseLineErr, 0x1B)
// fmt.Printf("%c[%d;%d;%dm%s%c[0m\n", 0x1B, 0, 0, 31, err, 0x1B)
// log.Printf("Baseline high power cmd fail",err," ",command)
// }
// log.Println("Baseline exec successfully")
// defer session.Close()
// result=string(combo)
// fmt.Println(result)
// return result
execPoc=baselinePath+"/"+execPoc
var arry []string
var ArryCommand string
arry = append(arry,execPoc)
arry = append(arry,args...)
// 虚拟环境处理
baselineInter = strings.TrimSpace(baselineInter)
if baselineInter == "python3" {
_,arch:=GetCurrentFw()
baselineInter = "../data/SandboxViPyEnv/"+arch+"/myenv/bin/python3"
}
log.Println("Baseline exec successfully")
defer session.Close()
result=string(combo)
return result
for i:=0;i<len(arry);i++{
ArryCommand = ArryCommand+" "+arry[i]
}
command := "echo "+passwd+" | "+"su -c '"+baselineInter+ArryCommand+"'"
fmt.Println(command)
cmd := exec.Command("bash","-c",command)
var stdout, stderr bytes.Buffer
cmd.Stdout = &stdout // 标准输出
cmd.Stderr = &stderr // 标准错误
_ = cmd.Run()
outStr, errStr := string(stdout.Bytes()), string(stderr.Bytes())
if len(errStr)!=0{
fmt.Println(errStr)
}
outStr=strings.TrimSpace(outStr)
// fmt.Println(">>>",err)
// if err != nil {
// log.Fatalf("cmd.Run() failed with %s\n", errStr)
// }
return outStr
}
//func
@ -189,11 +234,14 @@ func
}
///////////////
// starting explore
// get currer path
path,_:=os.Getwd()
path = path+"/"+ek.ExplorerCommon.EcConfigFilePrefix
var vul string
for _, im := range config.SiteRequests.ImArray {
if config.Power=="root"{
if len(ek.Passwd)!=0{
vul=ek.HPowerEexcBaseline(im.Exec,ek.Passwd,im.Args...)
vul=ek.HPowerEexcBaseline(im.Inter,path,im.Exec,ek.Passwd,im.Args...)
}else{
infoWarn:="BaseLine warning: "+config.Id+" High power password is none "+",Can't use for high privilege baseline scan"
fmt.Printf("%c[%d;%d;%dm%s%c[0m\n", 0x1B, 0, 0, 33, infoWarn, 0x1B)
@ -201,24 +249,24 @@ func
return
}
}else{
vul=ek.EexcBaseline(im.Exec, im.Args...)
vul=ek.EexcBaseline(im.Inter,path,im.Exec, im.Args...)
}
for i:=0;i<len(config.SiteRequests.Inter);i++{
if vul==config.SiteRequests.Inter[i]{
infoNonExis:="BaseLine info: "+config.Id+" non-existent"
fmt.Printf("%c[%d;%d;%dm%s%c[0m\n", 0x1B, 0, 0, 34, infoNonExis, 0x1B)
return
strings.Contains(vul,config.SiteRequests.Inter[i])
if strings.Contains(vul,config.SiteRequests.Inter[i]){
infoNonExis:="BaseLine info: "+config.Id+" exist"
fmt.Printf("%c[%d;%d;%dm%s%c[0m\n", 0x1B, 0, 0, 32, infoNonExis, 0x1B)
expvul.VICId = config.Id
expvul.VICBelong = config.Belong
expvul.VICPocHazardLevel = config.PocHazardLevel
expvul.VICSource = config.Source
expvul.VICSiteInfo = config.SiteInfo
expvul.VICSiteRequests = config.SiteRequests
break
}
}
/* */
} // for _, im ...
expvul.VICId = config.Id
expvul.VICBelong = config.Belong
expvul.VICPocHazardLevel = config.PocHazardLevel
expvul.VICSource = config.Source
expvul.VICSiteInfo = config.SiteInfo
expvul.VICSiteRequests = config.SiteRequests
// ending explore
///////////////

221
src/genmai/ExplorerWeb.go
View File

@ -29,12 +29,12 @@
package genmai
import (
// TODO:
// 应该写成相对路径因为genmai应该是编译成库所以包路径不
// 是以main开头。
//
// go 有点拉
"os"
"fmt"
"time"
"syscall"
sandbox "main/genmai/Sandbox"
inter "main/genmai/Interpreter"
)
type
@ -48,10 +48,217 @@ ExplorerConfigWeb struct {
SiteRequests SiteRequests
}
type
ExplorerWeb struct {
ExplorerCommon
/* */
esSandbox sandbox.SandboxBase
TargetIp string
TargetPort string
/* */
EsSandbox sandbox.SandboxBase
}
var errMap = map[string]string{
"0":"signal: segmentation fault (core dumped)",
"1":"signal: aborted (core dumped)",
"2":"exit status 1",
"101":"be killed",
}
///////////////////////////////
// ExplorerWeb functions
func
(es *ExplorerWeb)GetExplorerConfigWeb() (config *ExplorerConfigWeb, rc error) {
cf, ret := es.ExplorerCommon.EcConfig.(*ExplorerConfigWeb)
/* */
if (true == ret) {
rc = nil
} else {
// TODO: ERR_CONVERSION_FAILED
}
config = cf
/* */
return config, rc
}
func
(es *ExplorerWeb)SetupSandbox(sb sandbox.SandboxBase) {
es.EsSandbox = sb
/* */
es.isSetup = true
}
func
(es *ExplorerWeb)exploreWithPath(interpreter string,interArgs []string,exec string,
args ...string ) error {
interio , rc := es.EsSandbox.Process(interpreter,interArgs,exec, args...)
/* */
if (nil != rc) {
A_DEBUG_ERROR("exploreWithPath()->Process() error! rc = ", rc)
/* */
return rc
}
config, rc1 := es.GetExplorerConfigWeb()
rc = rc1
if (nil != rc) {
A_DEBUG_ERROR("exploreWithPath()-> "+
"GetExplorerConfigWeb() error ! rc = ",
rc )
/* */
return rc
} // if (nil != ...
///////////////////////////////
// Expire timer
var expiretime int
if (0 != config.SiteRequests.Implement.ExpireTime) {
expiretime = config.SiteRequests.Implement.ExpireTime
} else {
expiretime = 20 // 默认为五秒
} // if (0 != ...
/* */
f := func() {
// 想杀死整个进程组,而不是单个进程,需要传递负整数形式
syscall.Kill(-interio.Cmd.Process.Pid, syscall.SIGKILL)
A_DEBUG_WARNING("ID:", config.Id,
"takes too long! (Expiredtime = ", expiretime, "seconds)")
}
/* */
timer_ := time.AfterFunc(time.Duration(expiretime) * time.Second, f)
/* */
defer timer_.Stop()
for _, itr := range config.SiteRequests.Implement.Inter {
icmd := itr[ : inter.INTERPRETER_CMD_LEN]
icmd_len := len(icmd)
for a:=0; a < 100000; a++ {
;
}
switch (icmd) {
case inter.INTERPRETER_CMD_SEND:
interio.Send(itr[ icmd_len : ] + "\n")
// TODO:remove it: just for debug
A_DEBUG_INFO("iio:", inter.INTERPRETER_CMD_SEND, itr[ icmd_len : ])
case inter.INTERPRETER_CMD_RECV:
// TODO
//out, rc_t := interio.Recv( icmd_len )
interio.Recv( len(itr[ icmd_len :]) )
// TODO:remove it: just for debug
A_DEBUG_INFO("iio:", inter.INTERPRETER_CMD_RECV, itr[ icmd_len : ])
case inter.INTERPRETER_CMD_RECVUNTIL:
interio.RecvUntil( itr[ icmd_len : ] )
// TODO:remove it: just for debug
A_DEBUG_INFO("iio:", inter.INTERPRETER_CMD_RECVUNTIL, itr[ icmd_len : ])
//case ">.":
// A_DEBUG_INFO(">.")
//
//case "<?":
// A_DEBUG_INFO("<?")
//
case inter.INTERPRETER_CMD_RECV_POC_CHECK:
ou, _ := interio.Recv( len (itr[icmd_len : ]) )
// TODO:remove it: just for debug
A_DEBUG_INFO("iio:", inter.INTERPRETER_CMD_RECV_POC_CHECK, itr[ icmd_len : ])
A_DEBUG_INFO("a ou:", ou)
/* */
if ( ou == itr[ icmd_len : ] ) {
// A_DEBUG_INFO("exploreWithPath():",
// "\"" +
// inter.INTERPRETER_CMD_RECV_POC_CHECK +
// "\":" ,
// config.Id+" "+"Check poc successfully!" )
systemPass:="Web info: "+config.Id+" "+"Check poc successfully!"
fmt.Printf("%c[%d;%d;%dm%s%c[0m\n", 0x1B, 0, 0, 32, systemPass, 0x1B)
/* */
return RC_POC_CHECK_SUCCESSFULLY
} else {
}
case inter.INTERPRETER_CMD_RECV_POC_CHECK_RC:
ou, _ := interio.Recv( len (itr[icmd_len : ]) )
// TODO:remove it: just for debug
A_DEBUG_INFO("iio:", inter.INTERPRETER_CMD_RECV_POC_CHECK_RC, itr[ icmd_len : ])
A_DEBUG_INFO("a ou:", ou)
rc_:= interio.Cmd.Wait()
//if ( "0" == itr[ icmd_len : ] ) {
if (nil == rc_) {
if errMap[itr[ icmd_len : ]]=="be killed"{
systemfail:="Web info: "+config.Id+" "+"Check poc successfully!"
fmt.Printf("%c[%d;%d;%dm%s%c[0m\n", 0x1B, 0, 0, 32, systemfail, 0x1B)
return RC_POC_CHECK_SUCCESSFULLY
}else{
break
}
}
if (rc_.Error() == errMap[itr[ icmd_len : ]]) {
// A_DEBUG_INFO("exploreWithPath():",
// inter.INTERPRETER_CMD_RECV_POC_CHECK_RC,
// config.Id+" "+"Check poc failed!" )
systemfail:="Web info: "+config.Id+" "+"Check poc successfully!"
fmt.Printf("%c[%d;%d;%dm%s%c[0m\n", 0x1B, 0, 0, 32, systemfail, 0x1B)
/* */
return RC_POC_CHECK_SUCCESSFULLY
} else {
}
//}
} // switch (inter ...
} // for _ , itr
// A_DEBUG_INFO("exploreWithPath():",
// inter.INTERPRETER_CMD_RECV_POC_CHECK,
// config.Id+" "+"Check poc failed!" )
systemfail:="Web info: "+config.Id+" "+"Check poc failed!"
fmt.Printf("%c[%d;%d;%dm%s%c[0m\n", 0x1B, 0, 0, 34, systemfail, 0x1B)
/* */
return RC_POC_CHECK_FAILED
// return rc
}
///////////////////////////////
// override ExplorerBase functions
func
(es *ExplorerWeb)Explore() (expvul VulnInfoCommon, rc error) {
config, rc_t := es.GetExplorerConfigWeb()
rc = rc_t
if (nil != rc) {
A_DEBUG_ERROR("Explore()->GetExplorerConfigWeb() "+
"error! rc = ", rc )
/* */
return VulnInfoCommon{}, rc
}
///////////////
// starting explore
for _, im := range config.SiteRequests.ImArray {
rc = es.exploreWithPath(im.Inter,im.InterArgs,es.ExplorerCommon.EcConfigFilePrefix +
string(os.PathSeparator)+im.Exec,im.Args... )
/* */
if rc.Error() =="Poc Check Successfully!"{
expvul.VICId = config.Id
expvul.VICBelong = config.Belong
expvul.VICPocHazardLevel = config.PocHazardLevel
expvul.VICSource = config.Source
expvul.VICSiteInfo = config.SiteInfo
}
} // for _, im ...
// ending explore
///////////////
return expvul, nil
}
///////////////////////////////
// override functions

3
src/genmai/ReportKernel.go
View File

@ -64,6 +64,9 @@ GetTemplateReportKernel() (*ReportKernel) {
RCRepairedNums: 0,
RCNotFixedNums: 0,
RCNotExecPocNums: 0,
RCRisk_kernel_h_nums: 0,
RCRisk_kernel_m_nums: 0,
RCRisk_kernel_l_nums: 0,
RCExploredMode: "RCExploredMode",
RCExploredVersion: "RCExploredVersion",
RCExploredRevision: "RCExploredRevision",

9
src/genmai/ReportWeb.go
View File

@ -42,7 +42,6 @@ VulnInfoWeb struct {
VulnInfoCommon
}
func
GetTemplateReportWeb() (*ReportWeb) {
var expvuls []VulnInfoCommon
@ -64,6 +63,10 @@ GetTemplateReportWeb() (*ReportWeb) {
RCContainer: "RCContainer",
/* */
RCExploredTimeAt: time.Now(),
RCExecPocNums: 0,
RCRepairedNums: 0,
RCNotFixedNums: 0,
RCNotExecPocNums: 0,
RCExploredMode: "RCExploredMode",
RCExploredVersion: "RCExploredVersion",
RCExploredRevision: "RCExploredRevision",
@ -108,6 +111,6 @@ GetTemplateVulnInfoWeb() (*VulnInfoWeb) {
////////////////////////////////////////////////////////////////
// ReportBase methods
func
(rw *ReportWeb)GetReportCommon() ReportCommon {
return rw.ReportCommon
(rs *ReportWeb)GetReportCommon() ReportCommon {
return rs.ReportCommon
}