Overview of host_details.inc

Automatic Includes

These files are automatically included by the library.

Public Function Summary

Public functions are intended to be called by the code that imports this library.

Name Summary
best_os_cpe
best_os_txt
build_detection_report
get_app
get_app_details
get_app_full
get_app_location
get_app_port
get_app_version
get_app_version_and_location
get_base_cpe
get_version_from_cpe
host_details_cpes
host_details_list
host_runs
os_conflict
register_host_detail
register_product
report_best_os_cpe
report_best_os_txt
report_host_detail_single
report_host_details

Public Function Details

best_os_cpe

Named Parameters

Code

function best_os_cpe() {
  local_var oid, res, entry;

  foreach oid (OS_CPE_SRC) {
    res = get_kb_list("HostDetails/NVT/" + oid + "/OS");
    if (!isnull(res)) {
      res = make_list(res);
      foreach entry (res) {
        # both CPE and free-form entries can be registered under the "OS" banner
        if ("cpe:/" >< entry)
          return entry;
      }
    }
  }
  return NULL;
}

function best_os_txt() {

		
top

best_os_txt

Named Parameters

Code

function best_os_txt() {
  local_var oid, res, entry;

  foreach oid (OS_TXT_SRC) {
    res = get_kb_list("HostDetails/NVT/" + oid + "/OS");
    if (!isnull(res)) {
      res = make_list(res);
      foreach entry (res) {
        # both CPE and free-form entries can be registered under the "OS" banner
        if ("cpe:/" >!< entry)
          return entry;
      }
    }
  }
  return NULL;
}

function report_best_os_cpe() {

		
top

build_detection_report

Named Parameters

app
concluded
concludedUrl
cpe
extra
install
regpath
version

Code

function build_detection_report( app, version, install, regpath, cpe, concluded, concludedUrl, extra ) {

  local_var app, version, install, cpe, concluded, concludedUrl, extra, regpath;

  if( ! version ) version = 'unknown';

  report = 'Detected ' + app +
           '\nVersion: ' + version +
           '\nLocation: ' + install;

  if( strlen( regpath ) > 0 ) {
    report += '\nRegistry path: '+ regpath;
  }  

  if( strlen( cpe ) > 0 ) {
    report += '\nCPE: '+ cpe;
  }

  if( strlen( concluded ) > 0 ) {
    report += '\n\nConcluded from version identification result:\n' + concluded + '\n';
  }

  if( strlen( concludedUrl ) > 0 ) {
    report += '\nConcluded from version identification location:\n' + concludedUrl + '\n';
  }

  if( strlen( extra ) > 0 ) {
    report += '\n' + extra + '\n';
  }

  return report;
}


		
top

get_app

Named Parameters

cpe
loc

Code

function get_app(cpe, loc) {
  local_var host_details, host_detail, res, port, loc;

   host_details = get_kb_list("HostDetails/NVT/*");

   if(!host_details) return NULL;

   foreach host_detail (keys(host_details)) {

     if(cpe >< host_detail) {

       host_values = split(host_detail, sep:"/", keep:FALSE);

       if(isnull(host_values[2]) || isnull(host_values[4]) || "cpe:" >!< host_values[3]) return NULL;

       res = make_array();

       res["OID"] = host_values[2];
       res["CPE"] = 'cpe:/' +  host_values[4];

       port = get_kb_item("HostDetails/NVT/" + res["OID"] + "/port");  # this could fork

       if(port) {
         res["port"] = port;
       }

       if(loc) {
         location = get_kb_item("HostDetails/NVT/" + res["OID"] + "/" + res["CPE"]); # this could fork
         res["LOCATION"] = location;
       } else {
         locations = get_kb_list("HostDetails/NVT/" + res["OID"] + "/" + res["CPE"]);
         l = make_list(locations);
         if(max_index(l) == 1) location = l[0];
       }  

       # Store link between scripts.
       register_host_detail(name:"detected_by", value:res["OID"]);
       register_host_detail(name:"detected_at", value:location);

       return res;

    }
  }

   return NULL;
}

# *NEVER* use get_app_version() and get_app_location() together in a single NVT.

		
top

get_app_details

Named Parameters

cpe
exit_no_version
port
typ

Code

function get_app_details( cpe, typ, port, exit_no_version )
{
  local_var port, cpe, typ, bc, base_cpe, x, x_oid, x_cpe, x_loc, x_port, x_service, app_details, app_value, app_versions, ret_arr, exit_no_version;

  if( ! base_cpe = get_base_cpe( cpe:cpe ) ) {
    set_kb_item( name: "nvt_debug_cpe_syntax/" + get_script_oid(), value:get_script_oid() + "#-#cpe#-#get_app_details" );
    return;
  }

  # "1.3.6.1.4.1.25623.1.0.xxxxx#-#cpe:/a:foo:bar:1.1.0#-#/foo#-#80" or
  # "1.3.6.1.4.1.25623.1.0.xxxxx#-#cpe:/a:foo:bar:1.1.0#-#/foo#-#80#-#www"
  app_details = get_kb_item("get_app/" + base_cpe); # this could fork
  if( ! app_details ) return;

  x = split( app_details, sep:'#-#', keep:FALSE );

  x_oid  = x[0];
  x_cpe  = x[1];
  x_loc  = x[2];
  x_port = x[3];
  if( x[4] ) x_service = x[4];

  if( port )
    if( int( x_port ) != int( port ) ) return;

  if( typ == 'version' )
  {
    if( ! app_versions = get_version_from_cpe( cpe:x_cpe ) ) return;

    register_host_detail(name:"detected_by", value:x_oid);
    if( x_loc ) register_host_detail(name:"detected_at", value:x_loc);

    return app_versions;
  }

  if( typ == 'location' )
  {
    if( x_loc )
    {
      register_host_detail(name:"detected_by", value:x_oid);
      if( x_loc ) register_host_detail(name:"detected_at", value:x_loc);

      return x_loc;
    }
    return;
  }

  if( typ == 'version_location' )
  {
    app_versions = get_version_from_cpe( cpe:x_cpe );

    if( ! app_versions && ! x_loc ) return;
    if( ! app_versions && exit_no_version == TRUE ) exit( 0 );

    if( app_versions )
      ret_arr['version'] = app_versions;
    else
      ret_arr['version'] = '';

    if( x_loc )
      ret_arr['location'] = x_loc;
    else
       ret_arr['location'] = '';

    register_host_detail(name:"detected_by", value:x_oid);
    if( x_loc ) register_host_detail(name:"detected_at", value:x_loc);

    return ret_arr;
  }

  if( typ == 'full' )
  {
    app_versions = get_version_from_cpe( cpe:x_cpe );

    ret_arr['version']     = app_versions;
    ret_arr['location']    = x_loc;
    ret_arr['full_cpe']    = x_cpe;
    ret_arr['port']        = x_port;
    if(x_service) ret_arr['service'] = x_service;
    ret_arr['detected_by'] = x_oid;

    register_host_detail(name:"detected_by", value:x_oid);
    if( x_loc ) register_host_detail(name:"detected_at", value:x_loc);

    return ret_arr;
  }

  return;

}

function get_version_from_cpe( cpe )

		
top

get_app_full

Named Parameters

cpe
port

Code

function get_app_full( cpe, port )
{
  local_var cpe, port;
  if( ! cpe ) set_kb_item( name: "nvt_debug_empty/" + get_script_oid(), value:get_script_oid() + "#-#cpe#-#get_app_full" );
  return  get_app_details( cpe:cpe, typ:"full", port:port );
}

function get_app_details( cpe, typ, port, exit_no_version )

		
top

get_app_location

Named Parameters

cpe
port

Code

function get_app_location(cpe, port) {
  local_var cpe, port;
  if( ! cpe ) set_kb_item( name: "nvt_debug_empty/" + get_script_oid(), value:get_script_oid() + "#-#cpe#-#get_app_location" );
  if( ! port ) set_kb_item( name: "nvt_debug_empty/" + get_script_oid(), value:get_script_oid() + "#-#port#-#get_app_location" );
  return  get_app_details( cpe:cpe, typ:"location", port:port );
}

function get_app_port(cpe, service) {

		
top

get_app_port

Named Parameters

cpe
service

Code

function get_app_port(cpe, service) {

  local_var base_cpe, port, cpe, service, services;

  if( ! cpe ) set_kb_item( name: "nvt_debug_empty/" + get_script_oid(), value:get_script_oid() + "#-#cpe#-#get_app_port" );

  if( ! base_cpe = get_base_cpe( cpe:cpe ) ) {
    set_kb_item( name: "nvt_debug_cpe_syntax/" + get_script_oid(), value:get_script_oid() + "#-#cpe#-#get_app_port" );
    return;
  }

  port =  get_kb_item("get_app/ports/"+ base_cpe); # this could fork

  if( service ) {
    services =  get_kb_item("get_app/services/" + port + "/" + base_cpe); # this could fork
    if( port =~ '^[0-9]{1,5}$' && services >< service ) return port;
  } else {
    if( port =~ '^[0-9]{1,5}$' ) return port;
  }
  return;
}

function get_app_version_and_location( cpe, port, exit_no_version )

		
top

get_app_version

Named Parameters

cpe
port

Code

function get_app_version(cpe, port) {
  local_var cpe, port;
  if( ! cpe ) set_kb_item( name: "nvt_debug_empty/" + get_script_oid(), value:get_script_oid() + "#-#cpe#-#get_app_version" );
  return  get_app_details( cpe:cpe, typ:"version", port:port );
}

function get_app_location(cpe, port) {

		
top

get_app_version_and_location

Named Parameters

cpe
exit_no_version
port

Code

function get_app_version_and_location( cpe, port, exit_no_version )
{
  local_var cpe, port, exit_no_version;
  if( ! cpe ) set_kb_item( name: "nvt_debug_empty/" + get_script_oid(), value:get_script_oid() + "#-#cpe#-#get_app_version_and_location" );
  return  get_app_details( cpe:cpe, typ:"version_location", port:port, exit_no_version:exit_no_version );
}

function get_app_full( cpe, port )

		
top

get_base_cpe

Named Parameters

cpe

Code

function get_base_cpe( cpe )
{
  local_var cpe, base_cpe, bc;

  if( ! cpe ) return;

  bc = split( cpe, sep:':', keep:FALSE );
  if( ! bc || max_index( bc ) < 4 ) return;

  if( bc[0] != 'cpe' || bc[1] !~ '/(a|o|h)$' ) return;

  base_cpe = bc[0] + ':' + bc[1] + ':' + bc[2] + ':' + bc[3];

  return base_cpe;

}

function build_detection_report( app, version, install, regpath, cpe, concluded, concludedUrl, extra ) {

		
top

get_version_from_cpe

Named Parameters

cpe

Code

function get_version_from_cpe( cpe )
{
  local_var cpe, token_val, tokens, app_versions;

  if( "x64" >< cpe )
    token_val = 1;
  else
    token_val = 0;

  tokens = split( cpe, sep:":", keep:0 );

  if (!isnull(tokens[4 + token_val])) {
    if (!isnull(tokens[5 + token_val])) { # for example cpe:/a:extplorer:extplorer:2.1.0:RC5
      app_versions = tokens[4 + token_val] + tokens[5 + token_val];
    } else {
      app_versions = tokens[4 + token_val];
    }
  }

  if( ! app_versions ) return;

  return app_versions;

}

function get_base_cpe( cpe )

		
top

host_details_cpes

Named Parameters

Code

function host_details_cpes() {
  local_var res, name, categories, details_list, item;

  res = make_list();

  # get all the registered entries for applications
  details_list = host_details_list(key:"App");

  if (!isnull(details_list))
    foreach item (details_list)
      if ("cpe:/" >< item)
        res = make_list(res, item);

  # get the best CPE we have for operating system (if any)
  item = best_os_cpe();
  if (!isnull(item))
    res = make_list(res, item);

  return res;
}

function os_conflict() {

		
top

host_details_list

Named Parameters

key

Code

function host_details_list(key) {
  return get_kb_list("HostDetails/NVT/*/" + key);
}

function report_host_detail_single(name, value, nvt, desc) {

		
top

host_runs

Named Parameters

Code

function host_runs() {
  local_var ospattern, infolist;

  ospattern = _FCT_ANON_ARGS[0];

  infolist = host_details_list(key:"OS");
  if (isnull(infolist))
    return "unknown";

  foreach item (infolist)
    if (eregmatch(pattern:ospattern, string:item, icase:TRUE))
      return "yes";

  return "no";
}

function best_os_cpe() {

		
top

os_conflict

Named Parameters

Code

function os_conflict() {
  local_var oslist, bestos, is_cpe, item;

  oslist = _FCT_ANON_ARGS[0];
  bestos = _FCT_ANON_ARGS[1];

  is_cpe = FALSE;

  if ("cpe:/" >< bestos)
    is_cpe = TRUE;

  foreach item (oslist) {
    if (item == bestos)
      continue;

    # return true if the list contains at least one element of the same type (cpe or text)
    if (("cpe:/" >< item) == is_cpe)
      return TRUE;
  }
  return FALSE;
}

function get_app(cpe, loc) {

		
top

register_host_detail

Named Parameters

desc
name
value

Code

function register_host_detail(name, value, desc) {
  local_var tokens;

  nvt = get_script_oid();

  if(name != "port") {
      set_kb_item(name:"HostDetails", value:name);
      set_kb_item(name:"HostDetails/NVT", value:nvt);
      if (!isnull(desc))
        replace_kb_item(name:"HostDetails/NVT/" + nvt, value:desc);
  }

  if(value)
    set_kb_item(name:"HostDetails/NVT/" + nvt + "/" + name, value:value);

  # gather-package-list.nasl sets precise OS CPE keys that we use to
  # efficiently schedule LSCs.
  if (name == "OS" && "cpe:/o:" >< value && nvt == "1.3.6.1.4.1.25623.1.0.50282") {
    tokens = split(value, sep:":", keep:0);

    if (tokens && tokens[0] && tokens[1] && tokens[2] && tokens[3])
      set_kb_item(name:string("HostDetails/OS/", tokens[0], ":", tokens[1], ":",
                              tokens[2], ":", tokens[3]),
                  value:TRUE);
  }
}

function register_product(cpe, location, port, service) {

		
top

register_product

Named Parameters

cpe
location
port
service

Code

function register_product(cpe, location, port, service) {
  local_var port, service, kb_e, base_cpe;

  register_host_detail(name:"App", value:cpe);
  register_host_detail(name:cpe, value:location);
  if(port) {
    register_host_detail(name:"port", value:port);
  }

  # store an entry under the "base" cpe, so we could fork later for each entry under a cpe
  if( ! base_cpe = get_base_cpe( cpe:cpe ) ) {
    set_kb_item( name: "nvt_debug_cpe_syntax/" + get_script_oid(), value:get_script_oid() + "#-#cpe#-#register_product" );
    base_cpe = cpe;
  }
  if( service )
    kb_e = get_script_oid() + '#-#' + cpe + '#-#' + location + '#-#' + port + '#-#' + service;
  else
    kb_e = get_script_oid() + '#-#' + cpe + '#-#' + location + '#-#' + port;

  set_kb_item( name:'get_app/' + base_cpe, value:kb_e );

  if( port ) {
    set_kb_item( name:'get_app/ports/' + base_cpe, value:port );

    if( service )
      set_kb_item( name:'get_app/services/' + port + "/" + base_cpe, value:service );
  }
}

# provided for conveniency: host_details_list("OS")

		
top

report_best_os_cpe

Named Parameters

Code

function report_best_os_cpe() {
  local_var oid, res, best_os, desc;

  best_os = get_kb_item("HostDetails/OS/BestMatch");
  if (best_os) {
    desc = get_kb_item("HostDetails/OS/BestMatch/Details");
    desc = split(desc, sep:";");
    report_host_detail_single(name:"best_os_cpe", value:best_os, nvt:desc[0], desc:desc[1]);
    return;
  }
}

function report_best_os_txt() {

		
top

report_best_os_txt

Named Parameters

Code

function report_best_os_txt() {
  local_var oid, res, best_os, desc;

  foreach oid (OS_TXT_SRC) {
    res = get_kb_list("HostDetails/NVT/" + oid + "/OS");

    if (!isnull(res)) {
      res = make_list(res);

      foreach best_os (res) {

        # discard CPE entries
        if ("cpe:/" >< best_os)
          continue;

        # in case we have several entries from this script...
        if (os_conflict(res, best_os))
          best_os = best_os + ' [possible conflict]';

        desc = get_kb_item("HostDetails/NVT/" + oid);
        report_host_detail_single(name:"best_os_txt", value:best_os, nvt:oid, desc:desc);
        return;
      }
    }
  }
}

function host_details_cpes() {

		
top

report_host_detail_single

Named Parameters

desc
name
nvt
value

Code

function report_host_detail_single(name, value, nvt, desc) {
  local_var report;

  report = '';

  report += xml_open_tag(tag:'host');
  report += xml_open_tag(tag:'detail');
  report += xml_tagline(tag:'name', value:name);
  report += xml_tagline(tag:'value', value:value);
  report += xml_open_tag(tag:'source');
  report += xml_tagline(tag:'type', value:"nvt");
  report += xml_tagline(tag:'name', value:nvt);

  if (!isnull(desc))
    report += xml_tagline(tag:'description', value:desc);
  else
    report += '<description/>';

  report += xml_close_tag(tag:'source');
  report += xml_close_tag(tag:'detail');
  report += xml_close_tag(tag:'host');

  log_message(proto:"Host_Details", data:report);
}

# Iterate over the host details and report them individually. Additionally

		
top

report_host_details

Named Parameters

Code

function report_host_details() {
  local_var names, name, nvts, nvt, desc, details, item;


  # get the names of the host details we gathered
  names = get_kb_list("HostDetails");

  # list of concerned NVTs
  nvts = get_kb_list("HostDetails/NVT");
  foreach nvt (nvts) {
    # description of the current NVT
    desc = get_kb_item("HostDetails/NVT/" + nvt);

    # iterate over the registered entries...
    foreach name (names) {
      details = get_kb_list("HostDetails/NVT/" + nvt + "/" + name);

      # add a section in case the current NVT has some value for this entry
      foreach item (details) {
        if (!isnull(item)) {
          report_host_detail_single(name:name, value:item, nvt:nvt, desc:desc);
        }
      }
    }
  }

  # Report best OS entries
  report_best_os_cpe();
  report_best_os_txt();
}

function host_runs() {

		
top