Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
fmt.bullet(
'Program: {0} - {1}'.format(
self.check_xml_attrib('creator/program'),
self.check_xml_attrib('creator/version'))))
findings.append(
fmt.bullet(
'Command Line: {0}'.format(
self.check_xml_attrib(
'creator/execution_environment/command_line'))))
findings.append(
fmt.bullet(
'Start Time: {0}'.format(
self.check_xml_attrib(
'creator/execution_environment/start_time'))))
findings.append(
fmt.bullet(
'Elapsed Time: {0}'.format(
self.check_xml_attrib('report/elapsed_seconds'))))
# Retrieve results from each of the scanner runs
feature_files = self.xml.find('feature_files')
if feature_files is not None:
feature_iter = feature_files.iter()
findings.append(fmt.heading5('Scanner Results'))
for f in feature_iter:
if f.tag == 'feature_file':
name = next(feature_iter)
count = next(feature_iter)
findings.append(fmt.bullet('{0}:{1}'.format(name.text, count.text)))
features_count += int(count.text)
else:
findings.append(fmt.heading5("There are no findings to report."))
if match:
line = '{0:s}: Wordpress theme editor edited file ({1:s})'.format(
self._get_timestamp(log_line), match.group('edited_file'))
report.append(fmt.bullet(line))
findings_summary.add('theme_edit')
if report:
findings_summary = ', '.join(sorted(list(findings_summary)))
summary = 'Wordpress access logs found ({0:s})'.format(findings_summary)
report.insert(0, fmt.heading4(fmt.bold(summary)))
report_text = '\n'.join(report)
return (report_text, Priority.HIGH, summary)
report_text = 'No Wordpress install or theme editing found in access logs'
return (fmt.heading4(report_text), Priority.LOW, report_text)
features_count = 0
report_path = os.path.join(output_file_path, 'report.xml')
# Check if report.xml was not generated by bulk extractor.
if not os.path.exists(report_path):
report = 'Execution successful, but the report is not available.'
return (report, report)
# Parse existing XML file.
self.xml = xml_tree.parse(report_path)
# Place in try/except statement to continue execution when
# an attribute is not found and NoneType is returned.
try:
# Retrieve summary related results.
findings.append(fmt.heading4('Bulk Extractor Results'))
findings.append(fmt.heading5('Run Summary'))
findings.append(
fmt.bullet(
'Program: {0} - {1}'.format(
self.check_xml_attrib('creator/program'),
self.check_xml_attrib('creator/version'))))
findings.append(
fmt.bullet(
'Command Line: {0}'.format(
self.check_xml_attrib(
'creator/execution_environment/command_line'))))
findings.append(
fmt.bullet(
'Start Time: {0}'.format(
self.check_xml_attrib(
'creator/execution_environment/start_time'))))
priority = Priority.LOW
credentials_registry = {hash: username for username, hash in credentials}
# TODO: Add timeout parameter when dynamic configuration is ready.
# Ref: https://github.com/google/turbinia/issues/244
weak_passwords = bruteforce_password_hashes(credentials_registry.keys())
if not version:
version = 'Unknown'
report.append(fmt.bullet('Jenkins version: {0:s}'.format(version)))
if weak_passwords:
priority = Priority.CRITICAL
summary = 'Jenkins analysis found potential issues'
report.insert(0, fmt.heading4(fmt.bold(summary)))
line = '{0:n} weak password(s) found:'.format(len(weak_passwords))
report.append(fmt.bullet(fmt.bold(line)))
for password_hash, plaintext in weak_passwords:
line = 'User "{0:s}" with password "{1:s}"'.format(
credentials_registry.get(password_hash), plaintext)
report.append(fmt.bullet(line, level=2))
elif credentials_registry or version != 'Unknown':
summary = (
'Jenkins version {0:s} found with {1:d} credentials, but no issues '
'detected'.format(version, len(credentials_registry)))
report.insert(0, fmt.heading4(summary))
priority = Priority.MEDIUM
else:
summary = 'No Jenkins instance found'
report.insert(0, fmt.heading4(summary))
report = '\n'.join(report)
return (report, priority, summary)
'(^.*Deploying web application archive.*)', re.MULTILINE)
tomcat_manager_activity_re = re.compile(
'(^.*POST /manager/html/upload.*)', re.MULTILINE)
count = 0
for password_entry in re.findall(tomcat_user_passwords_re, tomcat_file):
findings.append(fmt.bullet('Tomcat user: ' + password_entry.strip()))
count += 1
for deployment_entry in re.findall(tomcat_deploy_re, tomcat_file):
findings.append(
fmt.bullet('Tomcat App Deployed: ' + deployment_entry.strip()))
count += 1
for mgmt_entry in re.findall(tomcat_manager_activity_re, tomcat_file):
findings.append(fmt.bullet('Tomcat Management: ' + mgmt_entry.strip()))
count += 1
if findings:
msg = 'Tomcat analysis found {0:d} results'.format(count)
findings.insert(0, fmt.heading4(fmt.bold(msg)))
report = '\n'.join(findings)
return (report, Priority.HIGH, msg)
report = 'No Tomcat findings to report'
return (report, Priority.LOW, report)
def format_task_detail(self, task, show_files=False):
"""Formats a single task in detail.
Args:
task (dict): The task to format data for
show_files (bool): Whether we want to print out log file paths
Returns:
list: Formatted task data
"""
report = []
saved_paths = task.get('saved_paths') or []
status = task.get('status') or 'No task status'
report.append(fmt.heading2(task.get('name')))
line = '{0:s} {1:s}'.format(fmt.bold('Status:'), status)
report.append(fmt.bullet(line))
report.append(fmt.bullet('Task Id: {0:s}'.format(task.get('id'))))
report.append(
fmt.bullet('Executed on worker {0:s}'.format(task.get('worker_name'))))
if task.get('report_data'):
report.append('')
report.append(fmt.heading3('Task Reported Data'))
report.extend(task.get('report_data').splitlines())
if show_files:
report.append('')
report.append(fmt.heading3('Saved Task Files:'))
for path in saved_paths:
report.append(fmt.bullet(fmt.code(path)))
report.append('')
return report
report_text(str): The report data
report_priority(int): The priority of the report (0 - 100)
summary(str): A summary of the report (used for task status)
)
"""
report = []
summary = ''
priority = Priority.LOW
credentials_registry = {hash: username for username, hash in credentials}
# TODO: Add timeout parameter when dynamic configuration is ready.
# Ref: https://github.com/google/turbinia/issues/244
weak_passwords = bruteforce_password_hashes(credentials_registry.keys())
if not version:
version = 'Unknown'
report.append(fmt.bullet('Jenkins version: {0:s}'.format(version)))
if weak_passwords:
priority = Priority.CRITICAL
summary = 'Jenkins analysis found potential issues'
report.insert(0, fmt.heading4(fmt.bold(summary)))
line = '{0:n} weak password(s) found:'.format(len(weak_passwords))
report.append(fmt.bullet(fmt.bold(line)))
for password_hash, plaintext in weak_passwords:
line = 'User "{0:s}" with password "{1:s}"'.format(
credentials_registry.get(password_hash), plaintext)
report.append(fmt.bullet(line, level=2))
elif credentials_registry or version != 'Unknown':
summary = (
'Jenkins version {0:s} found with {1:d} credentials, but no issues '
'detected'.format(version, len(credentials_registry)))
report.insert(0, fmt.heading4(summary))
"""Formats a single task in short form.
Args:
task (dict): The task to format data for
show_files (bool): Whether we want to print out log file paths
Returns:
list: Formatted task data
"""
report = []
saved_paths = task.get('saved_paths') or []
status = task.get('status') or 'No task status'
report.append(fmt.bullet('{0:s}: {1:s}'.format(task.get('name'), status)))
if show_files:
for path in saved_paths:
report.append(fmt.bullet(fmt.code(path), level=2))
report.append('')
return report