tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

#12253 report vulnerabilibies agent

This commit is contained in:
Daniel Cebrian 2023-11-22 08:58:47 +01:00
parent bb9cd81244
commit 4c673ea530
5 changed files with 325 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

212
pandora_console/godmode/reporting/reporting_builder.item_editor.php
View File

@ -1105,6 +1105,17 @@ switch ($action) {
$secmon_status = $es['secmon_status'];
break;
case 'vuls_info_agent':
$idAgent = $item['id_agent'];
$es = json_decode($item['external_source'], true);
$vul_package = $es['vul_package'];
$vul_severity = $es['vul_severity'];
$vul_ac = $es['vul_ac'];
$vul_pr = $es['vul_pr'];
$vul_ui = $es['vul_ui'];
$vul_av = (empty($es['vul_av']) === true) ? 'all' : $es['vul_av'];
break;
default:
// It's not possible.
break;
@ -4037,6 +4048,135 @@ if (is_metaconsole() === true) {
?>
</td>
</tr>
<tr id="row_vulnerabilities_packages" class="datos">
<td class="bolder">
<?php
echo __('Package').ui_print_help_tip(__('Select a agent for load his packages.'), true);
?>
</td>
<td>
<?php
html_print_select(
[
'all' => __('All'),
],
'vul_package',
$vul_package,
);
?>
</td>
</tr>
<tr id="row_vulnerabilities_severity" class="datos">
<td class="bolder">
<?php
echo __('Severity');
?>
</td>
<td>
<?php
html_print_select(
[
'all' => __('All'),
'high' => __('High'),
'low' => __('Low'),
'none' => __('None'),
],
'vul_severity',
$vul_severity,
);
?>
</td>
</tr>
<tr id="row_vulnerabilities_ac" class="datos">
<td class="bolder">
<?php
echo __('Attack Complexity');
?>
</td>
<td>
<?php
html_print_select(
[
'all' => __('All'),
'H' => __('High'),
'L' => __('Low'),
],
'vul_ac',
$vul_ac,
);
?>
</td>
</tr>
<tr id="row_vulnerabilities_pr" class="datos">
<td class="bolder">
<?php
echo __('Privileges Required');
?>
</td>
<td>
<?php
html_print_select(
[
'all' => __('All'),
'H' => __('High'),
'L' => __('Low'),
'N' => __('None'),
],
'vul_pr',
$vul_pr,
);
?>
</td>
</tr>
<tr id="row_vulnerabilities_ui" class="datos">
<td class="bolder">
<?php
echo __('User Interaction');
?>
</td>
<td>
<?php
html_print_select(
[
'all' => __('All'),
'R' => __('Required'),
'N' => __('None'),
],
'vul_ui',
$vul_ui,
);
?>
</td>
</tr>
<tr id="row_vulnerabilities_av" class="datos">
<td class="bolder">
<?php
echo __('Attack vector');
?>
</td>
<td>
<?php
html_print_select(
[
'all' => __('All'),
'A' => __('Adjacent Network'),
'L' => __('Local'),
'N' => __('Network'),
'P' => __('Physical'),
],
'vul_av',
(empty($vul_av) === true) ? 'all' : $vul_av,
);
?>
</td>
</tr>
<?php endif; ?>
<tr id="row_status_check" class="datos">
@ -5764,6 +5904,12 @@ $(document).ready (function () {
return false;
}
break;
case 'vuls_info_agent':
if ($("#hidden-id_agent").val() == 0) {
dialog_message('#message_no_agent');
return false;
}
break;
default:
break;
}
@ -5918,6 +6064,12 @@ $(document).ready (function () {
return false;
}
break;
case 'vuls_info_agent':
if ($("#hidden-id_agent").val() == 0) {
dialog_message('#message_no_agent');
return false;
}
break;
default:
break;
@ -6977,6 +7129,12 @@ function chooseType() {
$("#row_secmon_status").hide();
$("#row_security_hardening_score").hide();
$("#row_vulnerabilities_status").hide();
$("#row_vulnerabilities_packages").hide();
$("#row_vulnerabilities_severity").hide();
$("#row_vulnerabilities_ac").hide();
$("#row_vulnerabilities_pr").hide();
$("#row_vulnerabilities_ui").hide();
$("#row_vulnerabilities_av").hide();
// SLA list default state.
$("#sla_list").hide();
@ -7896,6 +8054,20 @@ function chooseType() {
$("#row_security_hardening_score").show();
$("#row_vulnerabilities_status").show();
break;
case 'vuls_info_agent':
$("#row_agent").show();
$("#row_vulnerabilities_packages").show();
$("#row_vulnerabilities_severity").show();
$("#row_vulnerabilities_ac").show();
$("#row_vulnerabilities_pr").show();
$("#row_vulnerabilities_ui").show();
$("#row_vulnerabilities_av").show();
updatePackages();
$('#row_agent input[type=text]').change(function(e) {
updatePackages();
});
break;
}
switch (type) {
@ -8138,6 +8310,46 @@ function control_period_range() {
}, 800);
}
}
function updateSelect(element, fields, selected) {
if (typeof fields === "object") {
$(element).find("select").empty();
$(element).find(".select2-container .select2-selection__rendered").empty();
Object.keys(fields).forEach(function(key) {
if (key === selected) {
$(element).find(".select2-container .select2-selection__rendered").append(`${fields[key]}`);
$(element).find("select").append(`<option value="${key}" selected>${fields[key]}</option>`);
} else {
$(element).find("select").append(`<option value="${key}">${fields[key]}</option>`);
}
});
}
}
function updatePackages() {
let id_agent = $('#hidden-id_agent').val();
let server_id = $('#hidden-server_id').val();
$.ajax({
method: "POST",
url: "<?php echo ui_get_full_url('ajax.php'); ?>",
data: {
page: "<?php echo ENTERPRISE_DIR.'/include/ajax/vulnerabilities.ajax'; ?>",
action: "updatePackages",
id_agent: id_agent,
server_id: server_id,
},
success: function(data) {
const json = JSON.parse(data);
if (json.success) {
updateSelect("#row_vulnerabilities_packages", json.data, '<?php echo $vul_package; ?>');
}
}
});
}
$(document).ready(function () {
$('[id^=period], #combo_graph_options, #combo_sla_sort_options').next().css('z-index', 0);

26
pandora_console/godmode/reporting/reporting_builder.php
View File

@ -2070,6 +2070,19 @@ switch ($action) {
$good_format = true;
break;
case 'vuls_info_agent':
$values['id_agent'] = get_parameter('id_agent');
$es['server_id'] = get_parameter('server_id');
$es['vul_package'] = get_parameter('vul_package');
$es['vul_severity'] = get_parameter('vul_severity');
$es['vul_ac'] = get_parameter('vul_ac');
$es['vul_pr'] = get_parameter('vul_pr');
$es['vul_ui'] = get_parameter('vul_ui');
$es['vul_av'] = get_parameter('vul_av');
$values['external_source'] = json_encode($es);
$good_format = true;
break;
default:
$values['period'] = get_parameter('period');
$values['top_n'] = get_parameter(
@ -3027,6 +3040,19 @@ switch ($action) {
$good_format = true;
break;
case 'vuls_info_agent':
$values['id_agent'] = get_parameter('id_agent');
$es['server_id'] = get_parameter('server_id');
$es['vul_package'] = get_parameter('vul_package');
$es['vul_severity'] = get_parameter('vul_severity');
$es['vul_ac'] = get_parameter('vul_ac');
$es['vul_pr'] = get_parameter('vul_pr');
$es['vul_ui'] = get_parameter('vul_ui');
$es['vul_av'] = get_parameter('vul_av');
$values['external_source'] = json_encode($es);
$good_format = true;
break;
default:
$values['period'] = get_parameter('period');
$values['top_n'] = get_parameter(

8
pandora_console/include/functions_reporting.php
View File

@ -1055,6 +1055,14 @@ function reporting_make_reporting_data(
);
break;
case 'vuls_info_agent':
$report['contents'][] = reporting_vuls_info_agent(
$report,
$content,
$type
);
break;
default:
// Default.
break;

74
pandora_console/include/functions_reporting_html.php
View File

@ -523,6 +523,10 @@ function reporting_html_print_report($report, $mini=false, $report_info=1, $cust
case 'vuls_by_agent':
reporting_html_vuls_by_agent($table, $item);
break;
case 'vuls_info_agent':
reporting_html_vuls_info_agent($table, $item);
break;
}
if ($item['type'] == 'agent_module') {
@ -538,6 +542,76 @@ function reporting_html_print_report($report, $mini=false, $report_info=1, $cust
}
/**
* Function to print vulnerabilities of agent.
*
* @param object $table Head table or false if it comes from pdf.
* @param array $item Items data.
* @param integer $pdf Flag for return table.
*
* @return mixed
*/
function reporting_html_vuls_info_agent($table, $item, $pdf=0)
{
$table->width = '99%';
$table->styleTable = 'border: 0px;';
$table->colspan[2][0] = 3;
$table1 = new stdClass();
$table1->headstyle[0] = 'text-align: left';
$table1->headstyle[1] = 'text-align: left';
$table1->headstyle[2] = 'text-align: left';
$table1->width = '99%';
$table1->class = 'info_table';
$table1->titleclass = 'title_table_pdf';
$table1->rowclass[0] = '';
$table1->head[0] = __('Name');
$table1->head[1] = __('CVE');
$table1->head[2] = __('Version');
$table1->head[3] = __('Score');
$table1->head[4] = __('Detection time');
$table1->head[5] = __('Severity');
$table1->head[6] = __('Version');
$table1->head[7] = __('Attack Vector');
$table1->head[8] = __('Attack Complexity');
$table1->head[9] = __('Privileges Required');
$table1->head[10] = __('User Interaction');
$table1->head[11] = __('Scope');
$table1->head[12] = __('Confidentiality');
$table1->head[13] = __('Integrity');
$table1->head[14] = __('Availability');
$row = 1;
foreach ($item['data'] as $key => $vul) {
$table1->data[$row][0] = $vul['name'];
$table1->data[$row][1] = $vul['cve'];
$table1->data[$row][2] = $vul['version'];
$table1->data[$row][3] = $vul['score'];
$table1->data[$row][4] = $vul['detection_time'];
$table1->data[$row][5] = $vul['severity'];
$table1->data[$row][6] = $vul['CVSS'];
$table1->data[$row][7] = $vul['AV'];
$table1->data[$row][8] = $vul['AC'];
$table1->data[$row][9] = $vul['PR'];
$table1->data[$row][10] = $vul['UI'];
$table1->data[$row][11] = $vul['S'];
$table1->data[$row][12] = $vul['C'];
$table1->data[$row][13] = $vul['I'];
$table1->data[$row][14] = $vul['A'];
$row++;
}
$table->data[2][0] = html_print_table($table1, true);
if ($pdf === 1) {
$table1->title = $item['title'];
$table1->titleclass = 'title_table_pdf';
$table1->titlestyle = 'text-align:left;';
return html_print_table($table1, true);
}
}
/**
* Function to print total vulnerabilities by packages in graph.
*

5
pandora_console/include/functions_reports.php
View File

@ -1023,6 +1023,11 @@ function reports_get_report_types($template=false, $not_editor=false)
'optgroup' => __('Vulnerabilities'),
'name' => __('Detailed security report'),
];
$types['vuls_info_agent'] = [
'optgroup' => __('Vulnerabilities'),
'name' => __('Vulnerabilities of agent'),
];
}
return $types;