From 76b678eebdf9c4e47b75e66069b71a3381413512 Mon Sep 17 00:00:00 2001
From: chenxinquan <chenxinquan@kylinos.cn>
Date: Fri, 4 Aug 2023 14:27:10 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E6=94=B9System=E7=9A=84=E6=8A=A5?=
 =?UTF-8?q?=E5=91=8A=E5=8A=9F=E8=83=BD=E5=92=8C=E6=A0=BC=E5=BC=8F?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/genmai/ExplorerBaseLine.go | 188 +++++++++++++++++-----------
 src/genmai/ExplorerWeb.go      | 221 +++++++++++++++++++++++++++++++--
 src/genmai/ReportKernel.go     |   3 +
 src/genmai/ReportWeb.go        |   9 +-
 4 files changed, 341 insertions(+), 80 deletions(-)

diff --git a/src/genmai/ExplorerBaseLine.go b/src/genmai/ExplorerBaseLine.go
index 13a1a7a..c32f760 100644
--- a/src/genmai/ExplorerBaseLine.go
+++ b/src/genmai/ExplorerBaseLine.go
@@ -2,10 +2,11 @@
 package genmai
 
 import (
-    "golang.org/x/crypto/ssh"
-    "time"
+    // "golang.org/x/crypto/ssh"
+    // "time"
     "bytes"
 	"log"
+    "os"
 	"os/exec"
 	"strings"
     sandbox "main/genmai/Sandbox"
@@ -64,16 +65,25 @@ func
 }
 
 func
-(ek *ExplorerBaseLine)EexcBaseline(execPoc string,
-                                  args ...string  ) string {
-	cmd := exec.Command(execPoc,args...)
+(ek *ExplorerBaseLine)EexcBaseline(baselineInter string,baselinePath string,execPoc string,args ...string  ) string {
+    execPoc=baselinePath+"/"+execPoc
+    var arry []string
+    arry = append(arry,execPoc)
+    arry = append(arry,args...)
+    // 虚拟环境处理
+    baselineInter = strings.TrimSpace(baselineInter)
+    if baselineInter == "python3" {
+        _,arch:=GetCurrentFw()
+        baselineInter = "../data/SandboxViPyEnv/"+arch+"/myenv/bin/python3"
+    }
+	cmd := exec.Command(baselineInter,arry...)
 	var stdout, stderr bytes.Buffer
 	cmd.Stdout = &stdout // 标准输出
 	cmd.Stderr = &stderr // 标准错误
 	err := cmd.Run()
 	outStr, errStr := string(stdout.Bytes()), string(stderr.Bytes())
 	if len(errStr)!=0{
-		fmt.Printf(errStr)
+		fmt.Println(errStr)
 	}
 	outStr=strings.TrimSpace(outStr)
 	if err != nil {
@@ -85,90 +95,125 @@ func
 
 
 func
-(ek *ExplorerBaseLine)HPowerEexcBaseline(exec string,passwd string,args ...string)(result string){
-    sshHost := "127.0.0.1"
+(ek *ExplorerBaseLine)HPowerEexcBaseline(baselineInter string,baselinePath string,execPoc string,passwd string,args ...string)(result string){
+    // sshHost := "127.0.0.1"
 
-    sshUser := "root"
+    // sshUser := "root"
 
-    sshPassword := passwd
+    // sshPassword := passwd
 
-    sshType := "password"
+    // sshType := "password"
 
-    sshPort := 22
+    // sshPort := 22
 
-    //创建sshp登陆配置
+    // //创建sshp登陆配置
 
-    config := &ssh.ClientConfig{
+    // config := &ssh.ClientConfig{
 
-        Timeout:         5*time.Second,//ssh 连接time out 时间一秒钟, 如果ssh验证错误 会在一秒内返回
+    //     Timeout:         5*time.Second,//ssh 连接time out 时间一秒钟, 如果ssh验证错误 会在一秒内返回
 
-        User:            sshUser,
+    //     User:            sshUser,
 
-        HostKeyCallback: ssh.InsecureIgnoreHostKey(), //这个可以, 但是不够安全
+    //     HostKeyCallback: ssh.InsecureIgnoreHostKey(), //这个可以, 但是不够安全
 
-        //HostKeyCallback: hostKeyCallBackFunc(h.Host),
+    //     //HostKeyCallback: hostKeyCallBackFunc(h.Host),
 
-    }
+    // }
 
-    //
-    var command string
-    for i:=0;i<len(args);i++{
-        command=command+args[i]+" "
-    }
-    command=exec+" "+command
-    if sshType == "password" {
+    // //
+    // var command string
+    // command =" "+baselinePath+"/"+exec+" "
+    // for i:=0;i<len(args);i++{
+    //     command=command+args[i]+" "
+    // }
+    // command=baselineInter+command
+    
+    // if sshType == "password" {
 
-        config.Auth = []ssh.AuthMethod{ssh.Password(sshPassword)}
+    //     config.Auth = []ssh.AuthMethod{ssh.Password(sshPassword)}
 
-    }
+    // }
 
-    //dial 获取ssh client
+    // //dial 获取ssh client
 
-	addr := fmt.Sprintf("%s:%d", sshHost, sshPort)
+	// addr := fmt.Sprintf("%s:%d", sshHost, sshPort)
 
-    sshClient, err := ssh.Dial("tcp", addr, config)
+    // sshClient, err := ssh.Dial("tcp", addr, config)
 
-    if err != nil {
+    // if err != nil {
 
-        BaseLineError:="Error: Baseline high power connect fail,"
-        fmt.Printf("%c[%d;%d;%dm%s%c[0m", 0x1B, 0, 0, 31, BaseLineError, 0x1B)
-        fmt.Printf("%c[%d;%d;%dm%s%c[0m\n", 0x1B, 0, 0, 31, err, 0x1B)
-        log.Fatal("Error: Baseline high power connect fail,",err)
+    //     BaseLineError:="Error: Baseline high power connect fail,"
+    //     fmt.Printf("%c[%d;%d;%dm%s%c[0m", 0x1B, 0, 0, 31, BaseLineError, 0x1B)
+    //     fmt.Printf("%c[%d;%d;%dm%s%c[0m\n", 0x1B, 0, 0, 31, err, 0x1B)
+    //     log.Fatal("Error: Baseline high power connect fail,",err)
 
+    // }
 
-    }
+    // defer sshClient.Close()
 
-    defer sshClient.Close()
+    // //创建ssh-session
 
-    //创建ssh-session
+    // session, err := sshClient.NewSession()
 
-    session, err := sshClient.NewSession()
+    // if err != nil {
 
-    if err != nil {
-
-        fmt.Println("Baseline session fail,",err)
-        log.Fatal("Creat ssh session fail,",err)
+    //     fmt.Println("Baseline session fail,",err)
+    //     log.Fatal("Creat ssh session fail,",err)
         
     
 
-    }
+    // }
 
-    defer session.Close()
+    // defer session.Close()
 
-    //执行远程命令
-    combo,err := session.CombinedOutput(command)
+    // //执行远程命令
+    // command = "pwd"
 
-    if err != nil {
-        BaseLineErr:="Baseline high power cmd fail"
-        fmt.Printf("%c[%d;%d;%dm%s%c[0m", 0x1B, 0, 0, 31, BaseLineErr, 0x1B)
-        fmt.Printf("%c[%d;%d;%dm%s%c[0m\n", 0x1B, 0, 0, 31, err, 0x1B)
-        log.Fatal("Baseline high power cmd fail",err," ",command)
+    // combo,err := session.Output(command)
+    // // combo,err := session.Output("python3 /home/song/桌面/genmai_gitlab/src/../data/BaseLine/LocalServices/firewall/check_firewall_log/check_firewall_log.py zh")
+    // if err != nil {
+    //     BaseLineErr:="Baseline high power cmd fail"
+    //     fmt.Printf("%c[%d;%d;%dm%s%c[0m", 0x1B, 0, 0, 31, BaseLineErr, 0x1B)
+    //     fmt.Printf("%c[%d;%d;%dm%s%c[0m\n", 0x1B, 0, 0, 31, err, 0x1B)
+    //     log.Printf("Baseline high power cmd fail",err," ",command)
         
+    // }
+    // log.Println("Baseline exec successfully")
+    // defer session.Close()
+    // result=string(combo)
+    // fmt.Println(result)
+    // return result
+    execPoc=baselinePath+"/"+execPoc
+    var arry []string
+    var ArryCommand string
+    arry = append(arry,execPoc)
+    arry = append(arry,args...)
+    // 虚拟环境处理
+    baselineInter = strings.TrimSpace(baselineInter)
+    if baselineInter == "python3" {
+        _,arch:=GetCurrentFw()
+        baselineInter = "../data/SandboxViPyEnv/"+arch+"/myenv/bin/python3"
     }
-    log.Println("Baseline exec successfully")
-    defer session.Close()
-    result=string(combo)
-    return result
+    for i:=0;i<len(arry);i++{
+        ArryCommand = ArryCommand+" "+arry[i]
+    }
+    command := "echo "+passwd+" | "+"su -c '"+baselineInter+ArryCommand+"'"
+    fmt.Println(command)
+	cmd := exec.Command("bash","-c",command)
+	var stdout, stderr bytes.Buffer
+	cmd.Stdout = &stdout // 标准输出
+	cmd.Stderr = &stderr // 标准错误
+	_ = cmd.Run()
+	outStr, errStr := string(stdout.Bytes()), string(stderr.Bytes())
+	if len(errStr)!=0{
+		fmt.Println(errStr)
+	}
+	outStr=strings.TrimSpace(outStr)
+    // fmt.Println(">>>",err)
+	// if err != nil {
+	// 	log.Fatalf("cmd.Run() failed with %s\n", errStr)
+	// }
+    return outStr
 }
 
 //func
@@ -189,11 +234,14 @@ func
     }
     ///////////////
     // starting explore
+    // get currer path
+    path,_:=os.Getwd()
+    path = path+"/"+ek.ExplorerCommon.EcConfigFilePrefix
     var vul string
     for _, im := range config.SiteRequests.ImArray {
         if config.Power=="root"{
             if len(ek.Passwd)!=0{
-                vul=ek.HPowerEexcBaseline(im.Exec,ek.Passwd,im.Args...)
+                vul=ek.HPowerEexcBaseline(im.Inter,path,im.Exec,ek.Passwd,im.Args...)
             }else{
                 infoWarn:="BaseLine warning: "+config.Id+" High power password is none "+",Can't use for high privilege baseline scan"
                 fmt.Printf("%c[%d;%d;%dm%s%c[0m\n", 0x1B, 0, 0, 33, infoWarn, 0x1B)
@@ -201,24 +249,24 @@ func
                 return
             }
         }else{
-            vul=ek.EexcBaseline(im.Exec, im.Args...)
+            vul=ek.EexcBaseline(im.Inter,path,im.Exec, im.Args...)
         }
         for i:=0;i<len(config.SiteRequests.Inter);i++{
-            if vul==config.SiteRequests.Inter[i]{
-                infoNonExis:="BaseLine info: "+config.Id+" non-existent"
-                fmt.Printf("%c[%d;%d;%dm%s%c[0m\n", 0x1B, 0, 0, 34, infoNonExis, 0x1B)
-
-                return
+            strings.Contains(vul,config.SiteRequests.Inter[i])
+            if strings.Contains(vul,config.SiteRequests.Inter[i]){
+                infoNonExis:="BaseLine info: "+config.Id+" exist"
+                fmt.Printf("%c[%d;%d;%dm%s%c[0m\n", 0x1B, 0, 0, 32, infoNonExis, 0x1B)
+                expvul.VICId             = config.Id
+                expvul.VICBelong         = config.Belong
+                expvul.VICPocHazardLevel = config.PocHazardLevel
+                expvul.VICSource         = config.Source
+                expvul.VICSiteInfo       = config.SiteInfo
+                expvul.VICSiteRequests   = config.SiteRequests
+                break
             }
         }
         /* */
     } // for _, im ...
-    expvul.VICId             = config.Id
-    expvul.VICBelong         = config.Belong
-    expvul.VICPocHazardLevel = config.PocHazardLevel
-    expvul.VICSource         = config.Source
-    expvul.VICSiteInfo       = config.SiteInfo
-    expvul.VICSiteRequests   = config.SiteRequests
 
     // ending explore
     ///////////////
diff --git a/src/genmai/ExplorerWeb.go b/src/genmai/ExplorerWeb.go
index aac5efb..d2f2230 100644
--- a/src/genmai/ExplorerWeb.go
+++ b/src/genmai/ExplorerWeb.go
@@ -29,12 +29,12 @@
 package genmai
 
 import (
-    // TODO:
-    // 应该写成相对路径，因为genmai应该是编译成库，所以包路径不
-    // 是以main开头。
-    //
-    // go 有点拉
+    "os"
+    "fmt"
+    "time"
+    "syscall"
     sandbox "main/genmai/Sandbox"
+    inter "main/genmai/Interpreter"
 )
 
 type
@@ -48,10 +48,217 @@ ExplorerConfigWeb struct {
     SiteRequests        SiteRequests
 }
 
-
 type
 ExplorerWeb struct {
     ExplorerCommon
     /* */
-    esSandbox       sandbox.SandboxBase
+    TargetIp        string
+    TargetPort      string
+    /* */
+    EsSandbox       sandbox.SandboxBase
 }
+
+
+var errMap = map[string]string{
+    "0":"signal: segmentation fault (core dumped)",
+    "1":"signal: aborted (core dumped)",
+    "2":"exit status 1",
+
+    "101":"be killed",
+}
+
+
+///////////////////////////////
+// ExplorerWeb functions
+func
+(es *ExplorerWeb)GetExplorerConfigWeb() (config *ExplorerConfigWeb, rc error) {
+    cf, ret := es.ExplorerCommon.EcConfig.(*ExplorerConfigWeb)
+    /* */
+    if (true == ret) {
+        rc = nil
+    } else {
+        // TODO: ERR_CONVERSION_FAILED
+    }
+
+    config = cf
+    /* */
+    return config, rc
+}
+
+func
+(es *ExplorerWeb)SetupSandbox(sb sandbox.SandboxBase) {
+    es.EsSandbox    = sb
+    /* */
+    es.isSetup      = true
+}
+
+func
+(es *ExplorerWeb)exploreWithPath(interpreter string,interArgs []string,exec string,
+                                  args ...string  ) error {
+    interio , rc := es.EsSandbox.Process(interpreter,interArgs,exec, args...)
+    /* */
+    if (nil != rc) {
+        A_DEBUG_ERROR("exploreWithPath()->Process() error! rc = ", rc)
+        
+        /* */
+        return rc
+    }
+    config, rc1 := es.GetExplorerConfigWeb()
+    rc = rc1
+    if (nil != rc) {
+        A_DEBUG_ERROR("exploreWithPath()-> "+
+                      "GetExplorerConfigWeb() error ! rc = ",
+                      rc                                        )
+        /* */
+        return rc
+    } // if (nil != ...
+
+    ///////////////////////////////
+    // Expire timer
+    var expiretime int
+    if (0 != config.SiteRequests.Implement.ExpireTime) {
+        expiretime = config.SiteRequests.Implement.ExpireTime
+    } else {
+        expiretime = 20 // 默认为五秒
+    } // if (0 != ...
+    /* */
+    f := func() {
+        // 想杀死整个进程组，而不是单个进程，需要传递负整数形式
+        syscall.Kill(-interio.Cmd.Process.Pid, syscall.SIGKILL)
+        A_DEBUG_WARNING("ID:", config.Id,
+                        "takes too long! (Expiredtime = ", expiretime, "seconds)")
+
+    }
+    /* */
+    timer_ := time.AfterFunc(time.Duration(expiretime) * time.Second, f)
+    /* */
+    defer timer_.Stop()
+
+    for _, itr := range config.SiteRequests.Implement.Inter {
+        icmd        := itr[ : inter.INTERPRETER_CMD_LEN]
+        icmd_len    := len(icmd)
+        for a:=0; a < 100000; a++ {
+            ;
+        }
+        switch (icmd) {
+            case inter.INTERPRETER_CMD_SEND:
+                interio.Send(itr[ icmd_len : ] + "\n")
+                // TODO:remove it: just for debug
+                A_DEBUG_INFO("iio:", inter.INTERPRETER_CMD_SEND, itr[ icmd_len : ])
+
+            case inter.INTERPRETER_CMD_RECV:
+                // TODO
+                //out, rc_t := interio.Recv( icmd_len )
+                interio.Recv( len(itr[ icmd_len :]) )
+                // TODO:remove it: just for debug
+                A_DEBUG_INFO("iio:", inter.INTERPRETER_CMD_RECV, itr[ icmd_len : ])
+
+            case inter.INTERPRETER_CMD_RECVUNTIL:
+                interio.RecvUntil( itr[ icmd_len : ] )
+                // TODO:remove it: just for debug
+                A_DEBUG_INFO("iio:", inter.INTERPRETER_CMD_RECVUNTIL, itr[ icmd_len : ])
+
+            //case ">.":
+            //    A_DEBUG_INFO(">.")
+            //
+            //case "<?":
+            //    A_DEBUG_INFO("<?")
+            //
+            case inter.INTERPRETER_CMD_RECV_POC_CHECK:
+                ou, _ := interio.Recv( len (itr[icmd_len : ]) )
+                // TODO:remove it: just for debug
+                A_DEBUG_INFO("iio:", inter.INTERPRETER_CMD_RECV_POC_CHECK, itr[ icmd_len : ])
+                A_DEBUG_INFO("a ou:", ou)
+                /* */
+                if ( ou == itr[ icmd_len : ] ) {
+                    // A_DEBUG_INFO("exploreWithPath():",
+                    //              "\"" +
+                    //               inter.INTERPRETER_CMD_RECV_POC_CHECK +
+                    //               "\":"                                 ,
+                    //               config.Id+" "+"Check poc successfully!"              )
+                                  systemPass:="Web info: "+config.Id+" "+"Check poc successfully!" 
+                                  fmt.Printf("%c[%d;%d;%dm%s%c[0m\n", 0x1B, 0, 0, 32, systemPass, 0x1B)
+                    /* */
+                    return RC_POC_CHECK_SUCCESSFULLY
+                } else {
+            
+                }
+            case inter.INTERPRETER_CMD_RECV_POC_CHECK_RC:
+                ou, _ := interio.Recv( len (itr[icmd_len : ]) )
+                // TODO:remove it: just for debug
+                A_DEBUG_INFO("iio:", inter.INTERPRETER_CMD_RECV_POC_CHECK_RC, itr[ icmd_len : ])
+                A_DEBUG_INFO("a ou:", ou)
+                rc_:= interio.Cmd.Wait()
+                //if ( "0" == itr[ icmd_len : ] ) {
+                    if (nil == rc_) {
+                        if errMap[itr[ icmd_len : ]]=="be killed"{
+                            systemfail:="Web info: "+config.Id+" "+"Check poc successfully!" 
+                            fmt.Printf("%c[%d;%d;%dm%s%c[0m\n", 0x1B, 0, 0, 32, systemfail, 0x1B)
+                            return RC_POC_CHECK_SUCCESSFULLY
+                        }else{
+                            break
+                        }
+                    
+                    }
+                    if (rc_.Error() == errMap[itr[ icmd_len : ]]) {
+                            // A_DEBUG_INFO("exploreWithPath():",
+                            //              inter.INTERPRETER_CMD_RECV_POC_CHECK_RC,
+                            //              config.Id+" "+"Check poc failed!"            )
+                                        systemfail:="Web info: "+config.Id+" "+"Check poc successfully!" 
+                                        fmt.Printf("%c[%d;%d;%dm%s%c[0m\n", 0x1B, 0, 0, 32, systemfail, 0x1B)
+                            /* */
+                            return RC_POC_CHECK_SUCCESSFULLY
+                    } else {
+                    }
+                //}
+        } // switch (inter ...
+    } // for _ , itr
+
+                        // A_DEBUG_INFO("exploreWithPath():",
+                    //              inter.INTERPRETER_CMD_RECV_POC_CHECK,
+                    //              config.Id+" "+"Check poc failed!"            )
+                    systemfail:="Web info: "+config.Id+" "+"Check poc failed!" 
+                    fmt.Printf("%c[%d;%d;%dm%s%c[0m\n", 0x1B, 0, 0, 34, systemfail, 0x1B)
+       /* */
+    return RC_POC_CHECK_FAILED
+
+    // return rc
+}
+
+
+///////////////////////////////
+// override ExplorerBase functions
+func
+(es *ExplorerWeb)Explore() (expvul VulnInfoCommon, rc error) {
+    config, rc_t := es.GetExplorerConfigWeb()
+    rc = rc_t
+    if (nil != rc) {
+        A_DEBUG_ERROR("Explore()->GetExplorerConfigWeb() "+
+                      "error! rc = ", rc                    )
+        /* */
+        return VulnInfoCommon{}, rc
+    }
+
+    ///////////////
+    // starting explore
+    for _, im := range config.SiteRequests.ImArray {
+        rc = es.exploreWithPath(im.Inter,im.InterArgs,es.ExplorerCommon.EcConfigFilePrefix +
+                               string(os.PathSeparator)+im.Exec,im.Args...                                  )
+        /* */
+        if rc.Error() =="Poc Check Successfully!"{
+            expvul.VICId             = config.Id
+            expvul.VICBelong         = config.Belong
+            expvul.VICPocHazardLevel = config.PocHazardLevel
+            expvul.VICSource         = config.Source
+            expvul.VICSiteInfo       = config.SiteInfo
+        }
+        
+    } // for _, im ...
+    // ending explore
+    ///////////////
+
+    return expvul, nil
+}
+
+///////////////////////////////
+// override functions
diff --git a/src/genmai/ReportKernel.go b/src/genmai/ReportKernel.go
index 525e164..683a37f 100644
--- a/src/genmai/ReportKernel.go
+++ b/src/genmai/ReportKernel.go
@@ -64,6 +64,9 @@ GetTemplateReportKernel() (*ReportKernel) {
                     RCRepairedNums:     0,
                     RCNotFixedNums:     0,
                     RCNotExecPocNums:   0,
+                    RCRisk_kernel_h_nums:       0,
+                    RCRisk_kernel_m_nums:       0,
+                    RCRisk_kernel_l_nums:       0,
                     RCExploredMode:     "RCExploredMode",
                     RCExploredVersion:  "RCExploredVersion",
                     RCExploredRevision: "RCExploredRevision",
diff --git a/src/genmai/ReportWeb.go b/src/genmai/ReportWeb.go
index e7c562c..708a199 100644
--- a/src/genmai/ReportWeb.go
+++ b/src/genmai/ReportWeb.go
@@ -42,7 +42,6 @@ VulnInfoWeb struct {
     VulnInfoCommon
 }
 
-
 func
 GetTemplateReportWeb() (*ReportWeb) {
     var expvuls []VulnInfoCommon
@@ -64,6 +63,10 @@ GetTemplateReportWeb() (*ReportWeb) {
                     RCContainer:        "RCContainer",
                     /* */
                     RCExploredTimeAt:   time.Now(),
+                    RCExecPocNums:      0,
+                    RCRepairedNums:     0,
+                    RCNotFixedNums:     0,
+                    RCNotExecPocNums:   0,
                     RCExploredMode:     "RCExploredMode",
                     RCExploredVersion:  "RCExploredVersion",
                     RCExploredRevision: "RCExploredRevision",
@@ -108,6 +111,6 @@ GetTemplateVulnInfoWeb() (*VulnInfoWeb) {
 ////////////////////////////////////////////////////////////////
 // ReportBase methods
 func
-(rw *ReportWeb)GetReportCommon() ReportCommon {
-    return rw.ReportCommon
+(rs *ReportWeb)GetReportCommon() ReportCommon {
+    return rs.ReportCommon
 }