public function update(Host &$host)
{
if ($host == null || $host->getId() == -1) {
Utils::log(LOG_DEBUG, "Exception", __FILE__, __LINE__);
throw new Exception("Host object is not valid or Host.id is not set");
}
$dbHost = $this->getById($host->getId());
if ($dbHost == null) {
throw new Exception("Host cannot be retreived from the DB");
}
$entries = array();
if ($host->getHostname() != $dbHost->getHostname()) {
$entries['hostname'] = "'" . $this->db->escape($host->getHostname()) . "'";
}
if ($host->getIp() != $dbHost->getIp()) {
$entries['ip'] = "'" . $this->db->escape($host->getIp()) . "'";
}
if ($host->getReporterHostname() != $dbHost->getReporterHostname()) {
$entries['reporterHostname'] = "'" . $this->db->escape($host->getReporterHostname()) . "'";
}
if ($host->getReporterIp() != $dbHost->getReporterIp()) {
$entries['reporterIp'] = "'" . $this->db->escape($host->getReporterIp()) . "'";
}
if ($host->getKernel() != $dbHost->getKernel()) {
$entries['kernel'] = "'" . $this->db->escape($host->getKernel()) . "'";
}
if ($host->getOsId() != $dbHost->getOsId()) {
$entries['osId'] = $this->db->escape($host->getOsId());
}
if ($host->getArchId() != $dbHost->getArchId()) {
$entries['archId'] = $this->db->escape($host->getArchId());
}
if ($host->getDomainId() != $dbHost->getDomainId()) {
$entries['domainId'] = $this->db->escape($host->getDomainId());
}
if ($host->getType() != $dbHost->getType()) {
$entries['type'] = "'" . $this->db->escape($host->getType()) . "'";
}
if ($host->getOwnRepositoriesDef() != $dbHost->getOwnRepositoriesDef()) {
$entries['ownRepositoriesDef'] = "'" . $this->db->escape($host->getOwnRepositoriesDef()) . "'";
}
if (sizeof($entries) > 0) {
# Construct SQL query
$sql = "update Host set";
$sqle = "";
foreach ($entries as $column => $value) {
$sqle .= " {$column}={$value},";
}
# Remove last comma
$sqle = preg_replace('/(.*),$/', '\\1', $sqle);
$sql .= $sqle . " where id=" . $host->getId();
$this->db->query($sql);
Utils::log(LOG_DEBUG, "Host updated", __FILE__, __LINE__);
}
}
/**
* Find vulnerable packages for a specific host
* Save vulnerable pkgId and corresponding cveDefId and osGroupId to PkgCveDef table
* @throws Exception
* @param Host $host
*
*/
public function calculateVulnerablePkgsForSpecificHost(Host $host)
{
if ($host == null || $host->getId() == -1) {
Utils::log(LOG_DEBUG, "Exception", __FILE__, __LINE__);
throw new Exception("Host object is not valid or Host.id is not set");
}
Utils::log(LOG_DEBUG, "Searching for vulnerable packages for specific host ", __FILE__, __LINE__);
// If not in Os Group
$osGroup = $this->getPakiti()->getManager("OsGroupsManager")->getOsGroupByOsId($host->getOsId());
if ($osGroup == null) {
throw new Exception("Host's OS is not a member of any OsGroup");
}
//Get installed Pkgs on Host
$installedPkgs = $this->getPakiti()->getManager("PkgsManager")->getInstalledPkgs($host);
//For each vulnerable package get Cvedef
foreach ($installedPkgs as $installedPkg) {
$confirmedVulnerabilities = array();
$potentialVulnerabilities = $this->getPakiti()->getDao("Vulnerability")->getVulnerabilitiesByPkgNameOsGroupIdArch($installedPkg->getName(), $osGroup->getId(), $installedPkg->getArch());
if (!empty($potentialVulnerabilities)) {
foreach ($potentialVulnerabilities as $potentialVulnerability) {
switch ($potentialVulnerability->getOperator()) {
//TODO: Add more operator cases
case "<":
if ($this->vercmp($host->getType(), $installedPkg->getVersion(), $installedPkg->getRelease(), $potentialVulnerability->getVersion(), $potentialVulnerability->getRelease()) < 0) {
array_push($confirmedVulnerabilities, $potentialVulnerability);
}
}
}
//For each confirmed Vulnerability get CveDefs
if (!empty($confirmedVulnerabilities)) {
$cveDefs = array();
foreach ($confirmedVulnerabilities as $confirmedVulnerability) {
# Assign the Cvedef to the Package
$this->getPakiti()->getManager("CveDefsManager")->assignPkgToCveDef($installedPkg->getId(), $this->getPakiti()->getDao("CveDef")->getCveDefForVulnerability($confirmedVulnerability)->getId(), $osGroup->getId());
}
}
}
}
}
public function getCveDefsForHost(Host $host)
{
$pkgsCveDefs = array();
//Get OS group
$osGroup = $this->getPakiti()->getManager("OsGroupsManager")->getOsGroupByOsId($host->getOsId());
//Get installed Pkgs on Host
$installedPkgs = $this->getPakiti()->getManager("PkgsManager")->getInstalledPkgs($host);
//Get CveDefs for Vulnerable packages
foreach ($installedPkgs as $installedPkg) {
$sql = "select * from CveDef inner join PkgCveDef on CveDef.id = PkgCveDef.cveDefId\n where PkgCveDef.pkgId={$installedPkg->getId()} and PkgCveDef.osGroupId={$osGroup->getId()}";
$cveDefsDb =& $this->getPakiti()->getManager("DbManager")->queryToMultiRow($sql);
# Create objects
$cveDefs = array();
if ($cveDefsDb != null) {
foreach ($cveDefsDb as $cveDefDb) {
$cveDef = new CveDef();
$cveDef->setId($cveDefDb["id"]);
$cveDef->setDefinitionId($cveDefDb["definitionId"]);
$cveDef->setTitle($cveDefDb["title"]);
$cveDef->setRefUrl($cveDefDb["refUrl"]);
$cveDef->setVdsSubSourceDefId($cveDefDb["vdsSubSourceDefId"]);
# Exclude CVEs with exceptions
$cves = $this->getCvesByCveDef($cveDef);
foreach ($cves as $cve) {
foreach ($cve->getCveExceptions() as $cveException) {
if ($cveException->getPkgId() === $installedPkg->getId() && $osGroup->getId() === $cveException->getOsGroupId()) {
if (($key = array_search($cve, $cves)) !== false) {
unset($cves[$key]);
}
}
}
}
$cveDef->setCves($cves);
array_push($cveDefs, $cveDef);
}
$pkgsCveDefs[$installedPkg->getId()] = $cveDefs;
}
}
return $pkgsCveDefs;
}
