public function update(Host &$host) { if ($host == null || $host->getId() == -1) { Utils::log(LOG_DEBUG, "Exception", __FILE__, __LINE__); throw new Exception("Host object is not valid or Host.id is not set"); } $dbHost = $this->getById($host->getId()); if ($dbHost == null) { throw new Exception("Host cannot be retreived from the DB"); } $entries = array(); if ($host->getHostname() != $dbHost->getHostname()) { $entries['hostname'] = "'" . $this->db->escape($host->getHostname()) . "'"; } if ($host->getIp() != $dbHost->getIp()) { $entries['ip'] = "'" . $this->db->escape($host->getIp()) . "'"; } if ($host->getReporterHostname() != $dbHost->getReporterHostname()) { $entries['reporterHostname'] = "'" . $this->db->escape($host->getReporterHostname()) . "'"; } if ($host->getReporterIp() != $dbHost->getReporterIp()) { $entries['reporterIp'] = "'" . $this->db->escape($host->getReporterIp()) . "'"; } if ($host->getKernel() != $dbHost->getKernel()) { $entries['kernel'] = "'" . $this->db->escape($host->getKernel()) . "'"; } if ($host->getOsId() != $dbHost->getOsId()) { $entries['osId'] = $this->db->escape($host->getOsId()); } if ($host->getArchId() != $dbHost->getArchId()) { $entries['archId'] = $this->db->escape($host->getArchId()); } if ($host->getDomainId() != $dbHost->getDomainId()) { $entries['domainId'] = $this->db->escape($host->getDomainId()); } if ($host->getType() != $dbHost->getType()) { $entries['type'] = "'" . $this->db->escape($host->getType()) . "'"; } if ($host->getOwnRepositoriesDef() != $dbHost->getOwnRepositoriesDef()) { $entries['ownRepositoriesDef'] = "'" . $this->db->escape($host->getOwnRepositoriesDef()) . "'"; } if (sizeof($entries) > 0) { # Construct SQL query $sql = "update Host set"; $sqle = ""; foreach ($entries as $column => $value) { $sqle .= " {$column}={$value},"; } # Remove last comma $sqle = preg_replace('/(.*),$/', '\\1', $sqle); $sql .= $sqle . " where id=" . $host->getId(); $this->db->query($sql); Utils::log(LOG_DEBUG, "Host updated", __FILE__, __LINE__); } }
/** * Find vulnerable packages for a specific host * Save vulnerable pkgId and corresponding cveDefId and osGroupId to PkgCveDef table * @throws Exception * @param Host $host * */ public function calculateVulnerablePkgsForSpecificHost(Host $host) { if ($host == null || $host->getId() == -1) { Utils::log(LOG_DEBUG, "Exception", __FILE__, __LINE__); throw new Exception("Host object is not valid or Host.id is not set"); } Utils::log(LOG_DEBUG, "Searching for vulnerable packages for specific host ", __FILE__, __LINE__); // If not in Os Group $osGroup = $this->getPakiti()->getManager("OsGroupsManager")->getOsGroupByOsId($host->getOsId()); if ($osGroup == null) { throw new Exception("Host's OS is not a member of any OsGroup"); } //Get installed Pkgs on Host $installedPkgs = $this->getPakiti()->getManager("PkgsManager")->getInstalledPkgs($host); //For each vulnerable package get Cvedef foreach ($installedPkgs as $installedPkg) { $confirmedVulnerabilities = array(); $potentialVulnerabilities = $this->getPakiti()->getDao("Vulnerability")->getVulnerabilitiesByPkgNameOsGroupIdArch($installedPkg->getName(), $osGroup->getId(), $installedPkg->getArch()); if (!empty($potentialVulnerabilities)) { foreach ($potentialVulnerabilities as $potentialVulnerability) { switch ($potentialVulnerability->getOperator()) { //TODO: Add more operator cases case "<": if ($this->vercmp($host->getType(), $installedPkg->getVersion(), $installedPkg->getRelease(), $potentialVulnerability->getVersion(), $potentialVulnerability->getRelease()) < 0) { array_push($confirmedVulnerabilities, $potentialVulnerability); } } } //For each confirmed Vulnerability get CveDefs if (!empty($confirmedVulnerabilities)) { $cveDefs = array(); foreach ($confirmedVulnerabilities as $confirmedVulnerability) { # Assign the Cvedef to the Package $this->getPakiti()->getManager("CveDefsManager")->assignPkgToCveDef($installedPkg->getId(), $this->getPakiti()->getDao("CveDef")->getCveDefForVulnerability($confirmedVulnerability)->getId(), $osGroup->getId()); } } } } }
public function getCveDefsForHost(Host $host) { $pkgsCveDefs = array(); //Get OS group $osGroup = $this->getPakiti()->getManager("OsGroupsManager")->getOsGroupByOsId($host->getOsId()); //Get installed Pkgs on Host $installedPkgs = $this->getPakiti()->getManager("PkgsManager")->getInstalledPkgs($host); //Get CveDefs for Vulnerable packages foreach ($installedPkgs as $installedPkg) { $sql = "select * from CveDef inner join PkgCveDef on CveDef.id = PkgCveDef.cveDefId\n where PkgCveDef.pkgId={$installedPkg->getId()} and PkgCveDef.osGroupId={$osGroup->getId()}"; $cveDefsDb =& $this->getPakiti()->getManager("DbManager")->queryToMultiRow($sql); # Create objects $cveDefs = array(); if ($cveDefsDb != null) { foreach ($cveDefsDb as $cveDefDb) { $cveDef = new CveDef(); $cveDef->setId($cveDefDb["id"]); $cveDef->setDefinitionId($cveDefDb["definitionId"]); $cveDef->setTitle($cveDefDb["title"]); $cveDef->setRefUrl($cveDefDb["refUrl"]); $cveDef->setVdsSubSourceDefId($cveDefDb["vdsSubSourceDefId"]); # Exclude CVEs with exceptions $cves = $this->getCvesByCveDef($cveDef); foreach ($cves as $cve) { foreach ($cve->getCveExceptions() as $cveException) { if ($cveException->getPkgId() === $installedPkg->getId() && $osGroup->getId() === $cveException->getOsGroupId()) { if (($key = array_search($cve, $cves)) !== false) { unset($cves[$key]); } } } } $cveDef->setCves($cves); array_push($cveDefs, $cveDef); } $pkgsCveDefs[$installedPkg->getId()] = $cveDefs; } } return $pkgsCveDefs; }