[Openvas-commits] r12142 - in trunk/openvas-plugins: . scripts

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Mon Nov 21 11:07:55 CET 2011


Author: jan
Date: 2011-11-21 11:07:50 +0100 (Mon, 21 Nov 2011)
New Revision: 12142

Modified:
   trunk/openvas-plugins/ChangeLog
   trunk/openvas-plugins/scripts/postgresql_detect.nasl
Log:
* scripts/postgresql_detect.nasl: Reworked according to CR#57.
Also reformatted in order to have this script serve as a reference
for remote probe detections.



Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog	2011-11-21 09:58:28 UTC (rev 12141)
+++ trunk/openvas-plugins/ChangeLog	2011-11-21 10:07:50 UTC (rev 12142)
@@ -1,5 +1,11 @@
 2011-11-21  Jan-Oliver Wagner <jan-oliver.wagner at greenbone.net>
 
+	* scripts/postgresql_detect.nasl: Reworked according to CR#57.
+	Also reformatted in order to have this script serve as a reference
+	for remote probe detections.
+
+2011-11-21  Jan-Oliver Wagner <jan-oliver.wagner at greenbone.net>
+
 	* scripts/gb_java_prdts_detect_lin.nasl: Reworked according to CR#57.
 	- Replaced script_id() by script_oid() call and moved SCRIPT_OID to top.
 	- Added cvss_base tag of 0.0.

Modified: trunk/openvas-plugins/scripts/postgresql_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/postgresql_detect.nasl	2011-11-21 09:58:28 UTC (rev 12141)
+++ trunk/openvas-plugins/scripts/postgresql_detect.nasl	2011-11-21 10:07:50 UTC (rev 12142)
@@ -10,8 +10,11 @@
 # Updated By: Antu Sanadi <santu at secpod.com> on 2010-03-30
 # Modified the regex to detect alpha versions also.
 #
+# Updated by: <jan-oliver.wagner at greenbone.net> on 2011-11-21
+# Revsied to comply with Change Request #57.
+#
 # Copyright:
-# Copyright (c) 2009 Greenbone Networks GmbH
+# Copyright (c) 2009, 2011 Greenbone Networks GmbH
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License version 2
@@ -27,33 +30,29 @@
 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
 ###############################################################################
 
-desc = "
+SCRIPT_OID  = "1.3.6.1.4.1.25623.1.0.100151";
 
- Overview:
-  PostgreSQL, a open source object-relational database system is running at
-  this host.
-
- See also:
-  http://www.postgresql.org";
-
 if (description)
 {
- script_id(100151);
- script_version("$Revision$");
- script_tag(name:"last_modification", value:"$Date$");
- script_tag(name:"creation_date", value:"2009-04-23 21:21:19 +0200 (Thu, 23 Apr 2009)");
- script_tag(name:"risk_factor", value:"None");
-
- script_name("PostgreSQL Detection");
-
- script_description(desc);
- script_summary("Check for PostgreSQL");
- script_category(ACT_GATHER_INFO);
- script_family("Service detection");
- script_copyright("This script is Copyright (C) 2009 Greenbone Networks GmbH");
- script_dependencie("find_service.nes");
- script_require_ports("Services/postgresql", 5432);
- exit(0);
+  script_oid(SCRIPT_OID);
+  script_version("$Revision$");
+  script_tag(name:"last_modification", value:"$Date$");
+  script_tag(name:"creation_date", value:"2009-04-23 21:21:19 +0200 (Thu, 23 Apr 2009)");
+  script_tag(name:"cvss_base", value:"0.0");
+  script_tag(name:"risk_factor", value:"None");
+  script_tag(name:"detection", value:"remote probe");
+  script_name("PostgreSQL Detection");
+  script_description("Detection of PostgreSQL, a open source object-relational
+database system (http://www.postgresql.org).
+ 
+The script sends a connection request to the server (user:postgres, DB:postgres)
+and attempts to extract the version number from the reply.");
+  script_summary("Check for PostgreSQL");
+  script_category(ACT_GATHER_INFO);
+  script_family("Product detection");
+  script_copyright("This script is Copyright (C) 2009, 2011 Greenbone Networks GmbH");
+  script_require_ports("Services/postgresql", 5432);
+  exit(0);
 }
 
 include("cpe.inc");
@@ -62,43 +61,40 @@
 include("misc_func.inc");
 include("dump.inc");
 
-## Constant values
-SCRIPT_OID  = "1.3.6.1.4.1.25623.1.0.100151";
-SCRIPT_DESC = "PostgreSQL Detection";
-
 function bin2string (ddata) {
- local_var tmp, i, j, line, linenumber, len, data, c;
+  local_var tmp, i, j, line, linenumber, len, data, c;
 
- len = strlen (ddata);
- linenumber = len / 16;
+  len = strlen (ddata);
+  linenumber = len / 16;
 
- for (i = 0; i <= linenumber; i++)
- {
-  line = line2string (line:i, linenumber:len);
-  data = "";
+  for (i = 0; i <= linenumber; i++) {
+    line = line2string (line:i, linenumber:len);
+    data = "";
 
-  for (j = 0; j < 16; j++)
-  {
-   if ( (i*16+j) < len )
-   {
-    c = ddata[i*16+j];
+    for (j = 0; j < 16; j++) {
+      if ((i*16+j) < len) {
+        c = ddata[i*16+j];
 
-    if (isprint (c:c))
-      data += c;
-   }
+        if (isprint (c:c))
+          data += c;
+      }
+    }
+    tmp += string (data);
   }
-
-  tmp += string (data);
- }
-
- return tmp;
+  return tmp;
 }
 
-port = 5432;
-if(!get_tcp_port_state(port))exit(0);
+port = get_kb_item("Services/postgresql");
+if (isnull(port))
+  port = 5432; # Default PostgreSQL port
 
 soc = open_sock_tcp(port);
-if(!soc)exit(0);
+if (!soc) {
+  if (defined_func("error_message"))
+    error_message(port:port,
+      data:"Failed to open socket for port although port was reported open.");
+  exit(-1);
+}
 
 #user: postgres, database: postgres,client_encoding: unicode,
 #datestyle: iso
@@ -111,7 +107,12 @@
 send(socket:soc, data:req);
 res = recv(socket:soc, length:256);
 
-if (!res || res[0] >!< "(E|R)" )exit(0);
+if (!res || res[0] >!< "(E|R)" ) {
+  # The response was empty or does not match typical PostgrSQL
+  # elements. Therfore it is concluded this is not PostgreSQL
+  # running on this port.
+  exit(0);
+}
 
 dump = bin2string(ddata:res);
 b = substr(res, 1, 4);
@@ -128,40 +129,40 @@
     "INFO"    >< dump ||
     "LOG"     >< dump
     ) ||
-    dump[0] == "R" && (blen == 8 || blen == 12) )
-{
+    dump[0] == "R" && (blen == 8 || blen == 12)) {
+  if (dump[0] == "R") {
+    version = eregmatch(pattern:"server_version(([0-9.]+)([a-z0-9.]+)?)", string:dump);
 
-  txt = desc;
+    if (!isnull(version[1]) && isnull(version[3])) {
+      vers = version[1];
+    } else if(!isnull(version[2]) && !isnull(version[3])) {
+      vers = version[2] + "." + version[3];
+    }
 
-  if(dump[0] == "R") {
-
-  version = eregmatch(pattern:"server_version(([0-9.]+)([a-z0-9.]+)?)", string: dump);
-  if(!isnull(version[1]) && isnull(version[3])){
-    vers = version[1];
+    if (!isnull(vers)) {
+      set_kb_item(name:"PostgreSQL/Remote/" + port + "/Ver", value:vers);
+      result_txt = 'Detected PostgreSQL Version: ';
+      result_txt += vers;
+    }
   }
 
-  else if(!isnull(version[2]) && !isnull(version[3])){
-         vers = version[2] + "." + version[3];
-  }
+  if (isnull(result_txt))
+    result_txt = 'Detected PostgreSQL: Unknown version';
 
-  if(!isnull(vers))
-  {
-    set_kb_item(name:"PostgreSQL/Remote/" + port + "/Ver", value: vers);
+  result_txt += '\n\nConcluded from remote probe dump:\n';
+  result_txt += dump;
+  result_txt += '\n';
 
-    ## build cpe and store it as host_detail
-    cpe = build_cpe(value: vers, exp:"^([0-9.]+)",base:"cpe:/a:postgresql:postgresql:");
-    if(!isnull(cpe))
-       register_host_detail(name:"App", value:cpe, nvt:SCRIPT_OID, desc:SCRIPT_DESC);
+  # In case the service wasn't identified before
+  register_service(port:port, proto:"postgresql");
 
-    desc += string("\nPostgreSQL Version '");
-    desc += vers;
-    desc += string("' was detected on the remote host.\n\n");
-  }
- }
+  if (!isnull(vers))
+    cpe = build_cpe(value:vers, exp:"^([0-9.]+)", base:"cpe:/a:postgresql:postgresql:");
+  else
+    cpe = "cpe:/a:postgresql:postgresql";
 
-  register_service(port:port, proto:"postgresql");
-  if(report_verbosity > 0) {
-    security_note(port:port, data:desc);
-  }
+  register_product(cpe:cpe, location:string(port, "/tcp"), nvt:SCRIPT_OID);
+
+  log_message(port:port, data:result_txt);
   exit(0);
 }



More information about the Openvas-commits mailing list