Mirrors/inspec
2
0
Fork 0
mirror of https://github.com/inspec/inspec synced 2024-11-30 08:30:39 +00:00
Code Issues Projects Releases Packages Wiki Activity

lint port resource

Browse source 
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
This commit is contained in:
Dominik Richter 2015-09-26 02:24:35 +02:00
parent 416499cd64
commit 9885e7683b
2 changed files with 108 additions and 101 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

73
lib/resources/port.rb
View file

@ -158,17 +158,18 @@ class LinuxPorts < PortsInfo
return nil if cmd.exit_status.to_i != 0 return nil if cmd.exit_status.to_i != 0
ports = [] ports = []
# split on each newline # parse all lines
cmd.stdout.each_line do |line| cmd.stdout.each_line do |line|
# parse each line port_info = parse_netstat_line(line)
# 1 - Proto, 2 - Recv-Q, 3 - Send-Q, 4 - Local Address, 5 - Foreign Address, 6 - State, 7 - Inode, 8 - PID/Program name
parsed = /^(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)$/.match(line)
if !parsed.nil? # only push protocols we are interested in
protocol = parsed[1].downcase next unless %w{tcp tcp6 udp udp6}.include?(port_info[:protocol])
ports.push(port_info)
end
ports
end
# parse ip4 and ip6 addresses def parse_net_address(net_addr, protocol)
net_addr = parsed[4]
if protocol.eql?('tcp6') || protocol.eql?('udp6') if protocol.eql?('tcp6') || protocol.eql?('udp6')
# prep for URI parsing, parse ip6 port # prep for URI parsing, parse ip6 port
ip6 = /^(\S+:)(\d+)$/.match(net_addr) ip6 = /^(\S+:)(\d+)$/.match(net_addr)
@ -184,6 +185,18 @@ class LinuxPorts < PortsInfo
host = ip_addr.host host = ip_addr.host
port = ip_addr.port port = ip_addr.port
end end
[host, port]
end
def parse_netstat_line(line)
# parse each line
# 1 - Proto, 2 - Recv-Q, 3 - Send-Q, 4 - Local Address, 5 - Foreign Address, 6 - State, 7 - Inode, 8 - PID/Program name
parsed = /^(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)$/.match(line)
return {} if parsed.nil?
# parse ip4 and ip6 addresses
protocol = parsed[1].downcase
host, port = parse_net_address(parsed[4], protocol)
# extract PID # extract PID
process = parsed[9].split('/') process = parsed[9].split('/')
@ -192,19 +205,13 @@ class LinuxPorts < PortsInfo
process = process[1] process = process[1]
# map data # map data
port_info = { {
port: port, port: port,
address: host, address: host,
protocol: protocol, protocol: protocol,
process: process, process: process,
pid: pid, pid: pid,
} }
# push data, if its a known protocol tcp, tcp6, udp, udp6
ports.push(port_info) if %w{tcp tcp6 udp udp6}.include?(protocol)
end
end
ports
end end
end end
@ -217,14 +224,16 @@ class FreeBsdPorts < PortsInfo
ports = [] ports = []
# split on each newline # split on each newline
cmd.stdout.each_line do |line| cmd.stdout.each_line do |line|
# 1 - USER, 2 - COMMAND, 3 - PID, 4 - FD 5 - PROTO, 6 - LOCAL ADDRESS, 7 - FOREIGN ADDRESS port_info = parse_sockstat_line(line)
parsed = /^(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)$/.match(line)
if !parsed.nil? # push data, if not headerfile
protocol = parsed[5].downcase next unless %w{tcp tcp6 udp udp6}.include?(port_info[:protocol])
net_addr = parsed[6] ports.push(port_info)
end
ports
end
# extract ip information def parse_net_address(net_addr, protocol)
case protocol case protocol
when 'tcp4', 'udp4' when 'tcp4', 'udp4'
# replace * with 0.0.0.0 # replace * with 0.0.0.0
@ -233,7 +242,7 @@ class FreeBsdPorts < PortsInfo
host = ip_addr.host host = ip_addr.host
port = ip_addr.port port = ip_addr.port
when 'tcp6', 'udp6' when 'tcp6', 'udp6'
next if net_addr == '*:*' # abort for now return [] if net_addr == '*:*' # abort for now
# replace * with 0:0:0:0:0:0:0:0 # replace * with 0:0:0:0:0:0:0:0
net_addr = net_addr.gsub(/^\*:/, '0:0:0:0:0:0:0:0:') if /^*:(\d+)$/.match(net_addr) net_addr = net_addr.gsub(/^\*:/, '0:0:0:0:0:0:0:0:') if /^*:(\d+)$/.match(net_addr)
# extract port # extract port
@ -244,6 +253,18 @@ class FreeBsdPorts < PortsInfo
host = ip_addr.host[1..ip_addr.host.size-2] host = ip_addr.host[1..ip_addr.host.size-2]
port = ip_addr.port port = ip_addr.port
end end
[host, port]
end
def parse_sockstat_line(line)
# 1 - USER, 2 - COMMAND, 3 - PID, 4 - FD 5 - PROTO, 6 - LOCAL ADDRESS, 7 - FOREIGN ADDRESS
parsed = /^(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)$/.match(line)
return {} if parsed.nil?
# extract ip information
protocol = parsed[5].downcase
host, port = parse_net_address(parsed[6], protocol)
return {} if host.nil? or port.nil?
# extract process # extract process
process = parsed[2] process = parsed[2]
@ -257,18 +278,12 @@ class FreeBsdPorts < PortsInfo
protocol = 'udp' if protocol.eql?('udp4') protocol = 'udp' if protocol.eql?('udp4')
# map data # map data
port_info = { {
port: port, port: port,
address: host, address: host,
protocol: protocol, protocol: protocol,
process: process, process: process,
pid: pid, pid: pid,
} }
# push data, if not headerfile
ports.push(port_info) if %w{tcp tcp6 udp udp6}.include?(protocol)
end
end
ports
end end
end end

8
lib/vulcano.rb
View file

@ -14,12 +14,4 @@ require 'vulcano/resource'
require 'vulcano/rspec_json_formatter' require 'vulcano/rspec_json_formatter'
require 'vulcano/rule' require 'vulcano/rule'
require 'vulcano/runner' require 'vulcano/runner'
require 'matchers/matchers' require 'matchers/matchers'
# Dummy module for handling additional attributes
# which may be injected by the user. This covers data
# like passwords, usernames, or configuration flags.
def attributes(what, required: false)
nil
end