[Openvas-commits] r492 - in trunk/openvas-plugins: . audit

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Wed Oct 31 22:15:47 CET 2007 

Author: jfs
Date: 2007-10-31 22:15:47 +0100 (Wed, 31 Oct 2007)
New Revision: 492

Added:
   trunk/openvas-plugins/audit/
   trunk/openvas-plugins/audit/NOTES
   trunk/openvas-plugins/audit/audit-plugins
   trunk/openvas-plugins/audit/compare-plugins
   trunk/openvas-plugins/audit/non-free-plugins
Log:
Code to review if the plugins provided are really free and the distribution
is self-contained (does not depend on non-free content)


Added: trunk/openvas-plugins/audit/NOTES
===================================================================
--- trunk/openvas-plugins/audit/NOTES	2007-10-31 21:08:49 UTC (rev 491)
+++ trunk/openvas-plugins/audit/NOTES	2007-10-31 21:15:47 UTC (rev 492)
@@ -0,0 +1,18 @@
+
+Files that need to be removed from the plugins:
+
+- Files that fit the following regular expressions:
+
+  grep -i  "script_copyright.*Tenable.*" *
+
+  egrep -i "#.*(C).*Tenable Network Security" * 
+
+    NOTE: Except if the plugin said it was *based* on something (C) Tenable"
+    (some plugins include that line but another (C) line before it 
+     of somebody else)
+
+- All the files which include non-free plugins (.inc files) have also been
+  removed. 
+
+  NOTE: Once the non-free .inc files have been removed the audit script should
+  detect those too

Added: trunk/openvas-plugins/audit/audit-plugins
===================================================================
--- trunk/openvas-plugins/audit/audit-plugins	2007-10-31 21:08:49 UTC (rev 491)
+++ trunk/openvas-plugins/audit/audit-plugins	2007-10-31 21:15:47 UTC (rev 492)
@@ -0,0 +1,117 @@
+#!/bin/bash
+#
+# Script to review the scripts in an OpenVAS distribution and 
+# try to detect known non-free plugins as well as 
+# plugins that cannot be distributed because they depend to non-free 
+# (or not available) plugins
+#
+# (c) Javier Fernandez-Sanguino <jfs at debian.org>
+#
+#   This program is free software; you can redistribute it and/or modify
+#   it under the terms of the GNU General Public License as published by
+#   the Free Software Foundation; either version 2 of the License, or
+#   (at your option) any later version.
+#
+#   This program is distributed in the hope that it will be useful,
+#   but WITHOUT ANY WARRANTY; without even the implied warranty of
+#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#   GNU General Public License for more details.
+#
+#   You should have received a copy of the GNU General Public License
+#   along with this program; if not, write to the Free Software
+#   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+#  
+# You can also find a copy of the GNU General Public License at
+# http://www.gnu.org/licenses/licenses.html#TOCLGPL
+
+
+# Assume we are one subdirectory below in the sources
+SCRIPTDIR="../scripts"
+[ -n "$1" ] && SCRIPTDIR=$1  # But also use the scriptdir provided, if any
+
+if [ ! -d "$SCRIPTDIR" ] ; then
+    echo "The script directory $SCRIPTDIR does not exist" >&2
+    echo "Do not know where to check for plugins" >&2
+    exit 1
+fi
+
+# First tell if there are known non-free plugins
+if [ -f non-free-plugins ] ; then
+    echo "Looking for non-free plugins..."
+    count=0
+    for plugin in `cat non-free-plugins | grep -v ^\#`; do
+     if [ -e "$SCRIPTDIR/$plugin" ] ; then
+         if egrep -iq '(c).*Tenable Network Security' "$SCRIPTDIR/$plugin"; then
+             echo "NON-FREE plugin $plugin found"
+             count=$(($count+1))
+         fi
+     fi
+    done
+
+    if [ $count -ne 0 ] ; then
+     echo "$count NON-FREE plugins found"
+     exit 1
+    fi
+
+    echo "Looking for free plugins that depend on non-free..."
+    count=0
+    for includef in `cat non-free-plugins | grep '\.inc' | grep -v ^\#`; do
+        # Only check if the include file is not there...
+        # since it might have been restored from free sources
+        if [ ! -e "$SCRIPTDIR/$includef" ] ; then
+            echo -n "Checking for use of $includef..."
+            total=`grep -rl $includef $SCRIPTDIR |grep -v $includef | wc -l` 
+            if [ -n "$total" ] && [ "$total" -ne 0 ] ; then
+                echo
+                echo "$total files depend on this NON-FREE include file:"
+                grep -rl $includef $SCRIPTDIR |grep -v $includef 
+                echo
+                count=$(($count+$total))
+            fi
+            echo "...done"
+        fi
+    done
+
+    if [ $count -ne 0 ] ; then
+        echo "$count FREE plugins that depend on NON-FREE found"
+        exit 1
+    fi
+fi
+
+if [ -f "depend-plugins" ] ; then
+    echo "Looking for (known) free plugins that depend on non-free..."
+    count=0
+    for plugin in `cat depend-plugins | grep -v ^#`; do
+     if [ -e "$SCRIPTDIR/$plugin" ] ; then
+         echo "FREE plugin $plugin found, depends on NON-FREE"
+         count=$(($count+1))
+    fi
+    done
+
+    if [ $count -ne 0 ] ; then
+     echo "$count FREE plugins that depend on NON-FREE found"
+     exit 1
+    fi
+else
+    echo "Looking for plugins that depend on unavailable includes..."
+    count=0
+    for plugin in $SCRIPTDIR/*; do
+        found=0
+        for includef in `cat $plugin |perl -ne 'print $1."\n" if /include\s*\("(.*)"\)/'`; do
+            if [ ! -e "$SCRIPTDIR/$includef" ] ; then
+                echo "FREE plugin $plugin depends on non-existan $includef"
+                found=1
+            fi
+        done
+        [ $found -ne 0 ] && count=$(($count+1))
+    done
+
+    if [ $count -ne 0 ] ; then
+     echo "$count FREE plugins that depend on NON EXISTANT plugins found"
+     exit 1
+    fi
+
+fi
+
+
+exit 0


Property changes on: trunk/openvas-plugins/audit/audit-plugins
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/openvas-plugins/audit/compare-plugins
===================================================================
--- trunk/openvas-plugins/audit/compare-plugins	2007-10-31 21:08:49 UTC (rev 491)
+++ trunk/openvas-plugins/audit/compare-plugins	2007-10-31 21:15:47 UTC (rev 492)
@@ -0,0 +1,78 @@
+#!/bin/sh
+# Audit plugins removed from a given Nessus plugin package to another
+# 
+# TODO: check if they were removed because the included files are no
+# longer available
+
+set -e
+OLDVERSION=2.2.3
+NEWVERSION=2.2.10
+
+OLD=`find . -name "nessus-plugins-$OLDVERSION" -type d`
+[ -z "$OLD" ] && {  echo "ERR: Cannot find plugins directory for $OLDVERSION" ; exit 1 ; }
+OLD=$OLD/scripts
+NEW=`find . -name "nessus-plugins-$NEWVERSION" -type d`
+[ -z "$NEW" ] && { echo "ERR: Cannot find plugins directory for $NEWVERSION" ; exit 1 ; }
+NEW=$NEW/scripts
+CVS=/home/jfs/debian/security/nessus/cvs/nessus-plugins/scripts/
+
+# From OLD to NEW
+find $OLD -type f | 
+while read file ; do
+	plug=`basename $file`
+	cvsfile=$CVS/$plug
+	if [ ! -e $NEW/$plug ] ; then
+		echo -n "REMOVED: $plug "
+		if [ -e $CVS/$plug ] ; then
+			echo -n "[in CVS]"
+			if egrep "\([cC]\) .*Tenable" $cvsfile >/dev/null; then
+				if ! egrep "\([cC]\) .*Tenable" $file >/dev/null; then
+					echo -n "[NEW (C) Tenable, OLD not]"
+				fi
+			fi
+		else
+			echo -n "[unavailable in CVS]"
+		fi
+		# Check copyright
+		if grep "Noam Rathaus" $file >/dev/null; then
+			echo -n "[maybe (C) nrathaus]"
+		fi
+		if egrep "\([cC]\) .*Tenable" $file >/dev/null; then
+			echo -n "[OLD (C) Tenable]"
+		fi
+			
+		# Extract includes
+		tmpfile=`tempfile` || { echo "ERR: Cannot create temporary file!"; exit 2; } 
+		egrep "^include.*(.*).*;" $OLD/$plug | sed -e 's/^.*(.\(.*\.inc\).).*$/\1/g' | 
+		while read incfile; do 
+			if [ ! -e "$NEW/$incfile" ] ; then 
+				echo $incfile >>$tmpfile
+			fi
+		done 
+		if [ -s "$tmpfile" ] ; then
+			incfiles=`cat $tmpfile`
+			echo -n " [included files no longer available: $incfiles]"
+		fi
+		rm -f $tmpfile
+		echo 
+	fi
+done 
+
+
+# and viceversa
+find $NEW -type f |
+while read file ; do
+	plug=`basename $file`
+	if [ ! -e $OLD/$plug ] ; then
+		echo -n "ADDED: $plug "
+		if [ -e $CVS/$plug ] ; then
+			echo -n "[in CVS]"
+		else
+			echo -n "[unavailable in CVS]"
+		fi
+	echo
+	fi
+done
+
+
+exit 0


Property changes on: trunk/openvas-plugins/audit/compare-plugins
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/openvas-plugins/audit/non-free-plugins
===================================================================
--- trunk/openvas-plugins/audit/non-free-plugins	2007-10-31 21:08:49 UTC (rev 491)
+++ trunk/openvas-plugins/audit/non-free-plugins	2007-10-31 21:15:47 UTC (rev 492)
@@ -0,0 +1,40 @@
+# This is a list of plugins which are NOT free but have
+# sometimes been found in the GPL feed
+# NON-FREE plugins:
+apache_conn_block.nasl
+bind_stub_res.nasl
+bugbear_b_1080.nasl
+cherokee_0_4_7.nasl
+ciscoworks_detect.nasl
+ftp_writeable_directories.nasl
+kazaa_network.nasl
+opendchub.nasl
+overnet.nasl
+sasser_virus.nasl
+scan_info.nasl
+smb_enum_files.nasl
+ssh_settings.nasl
+winmx_detect2.nasl
+zope_multiple_flaws.nasl
+#
+# NON-FREE include files:
+aix.inc
+backport.inc
+byte_func.inc
+crypto_func.inc
+default_account.inc
+dump.inc
+hostlevel_funcs.inc
+http_keepalive.inc
+imap_func.inc
+misc_func.inc
+nfs_func.inc
+pop3_func.inc
+rpm.inc
+smb_file_funcs.inc
+smb_nt.inc
+snmp_func.inc
+solaris.inc
+ssl_funcs.inc
+telnet_func.inc
+url_func.inc

More information about the Openvas-commits mailing list