[Openvas-commits] r5655 - in trunk/openvas-plugins: . scripts

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Tue Oct 20 22:32:01 CEST 2009


Author: kost
Date: 2009-10-20 22:31:58 +0200 (Tue, 20 Oct 2009)
New Revision: 5655

Modified:
   trunk/openvas-plugins/ChangeLog
   trunk/openvas-plugins/scripts/remote-web-w3af.nasl
Log:
Few improvements: try to recognize if vulnerability found, so raise importance
More robust: unlink only if filename is found, display report if filename found
and report problem if report is empty through log_message 



Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog	2009-10-20 17:50:09 UTC (rev 5654)
+++ trunk/openvas-plugins/ChangeLog	2009-10-20 20:31:58 UTC (rev 5655)
@@ -1,3 +1,12 @@
+2009-10-20  Vlatko Kosturjak <kost at linux.hr>
+
+	* scripts/remote-web-w3af.nasl:
+	Few improvements: try to recognize if vulnerability found,
+	so raise importance
+	More robust: unlink only if filename is found, display
+	report if filename found and report problem if report is
+	empty through log_message
+
 2009-10-20  Michael Meyer <michael.meyer at intevation.de>
 
 	* scripts/gallarific_28163.nasl,
@@ -100,6 +109,7 @@
 	expected.
 
 2009-10-19  Thomas Reinke <reinke at securityspace.com>
+
 	* scripts/backport.inc:
 	Bugfix. Actually, more like limiting damage.
 

Modified: trunk/openvas-plugins/scripts/remote-web-w3af.nasl
===================================================================
--- trunk/openvas-plugins/scripts/remote-web-w3af.nasl	2009-10-20 17:50:09 UTC (rev 5654)
+++ trunk/openvas-plugins/scripts/remote-web-w3af.nasl	2009-10-20 20:31:58 UTC (rev 5655)
@@ -110,9 +110,9 @@
 
 function on_exit()
 {
-	unlink(cmdfilename);
-	unlink(httpfilename);
-	unlink(repfilename);
+	if (file_stat(cmdfilename)) unlink(cmdfilename);
+	if (file_stat(httpfilename)) unlink(httpfilename);
+	if (file_stat (repfilename)) unlink(repfilename);
 }
 
 fwrite(data:cmddata, file:cmdfilename);
@@ -134,10 +134,20 @@
 r = pread(cmd: cmdw3af, argv: argv, cd: 1);
 if (! r) exit(0);	# error
 
-report = 'Here is the w3af report:\n';
-rfile=fread(repfilename);
-report += rfile;
-# rhttp=fread(httpfilename);
+if (file_stat(repfilename)) {
+	rfile=fread(repfilename);
+	report = 'Here is the w3af report:\n';
+	report += rfile;
+	# rhttp=fread(httpfilename);
+	if ('- vulnerability ]' >< report) {
+		security_warning(port: port, data: report);
+	} else {
+		security_note(port: port, data: report);
+	}
+} else {
+	text  = 'w3af report filename is empty. that could mean that\n';
+	text += 'wrong version of w3af is used or tmp dir is not accessible.\n';
+	text += 'In short: check installation of w3af and OpenVAS';
+	log_message(port: port, data: text);
+}
 
-security_note(port: port, data: report);
-



More information about the Openvas-commits mailing list