1 #include <stdio.h> 2 #include <libconfig.h> 3 4 #ifdef _USE_SQLITE3 5 #include <sqlite3.h> 6 #endif 7 8 #ifdef _USE_MYSQL 9 #include <mysql/mysql.h> 10 #endif 11 12 /* 13 * Copyright 2010-2013 Sven Vermeulen. 14 * Subject to the GNU Public License, version 3. 15 */ 16 17 #ifndef _CVETYPES 18 #define _CVETYPES 19 20 #define FIELDSIZE 128 21 #define LARGEFIELDSIZE 512 22 #define FILENAMESIZE 256 23 #define BUFFERSIZE 256 24 #define CVELINESIZE 24 25 #define CPELINESIZE (7 + FIELDSIZE*6 + 5) 26 #define VERSIONLINESIZE (FILENAMESIZE*2 + 5 + CPELINESIZE) 27 // Normally, around 1800 ought to be enough (largest SELECT statement with assumption of largest values) 28 #define SQLLINESIZE 4096 29 30 enum database_types { 31 sqlite, 32 mysql 33 }; 34 35 struct arguments { 36 char * args; 37 char * binlist; 38 char * cvedata; 39 char * singlefile; 40 char * datafile; 41 char * watchlist; 42 int parsebin; 43 int loadcve; 44 int runcheck; 45 int hassinglefile; 46 int hasdatafile; 47 int haswatchlist; 48 int initdatabases; 49 int docsvoutput; 50 int doshowinstalled; 51 int doshowinstalledfiles; 52 int deltaonly; 53 int deletedeltaonly; 54 int reporthigher; 55 }; 56 57 struct cpe_data { 58 char part; 59 char vendor[FIELDSIZE]; 60 char product[FIELDSIZE]; 61 char version[FIELDSIZE]; 62 char update[FIELDSIZE]; 63 char edition[FIELDSIZE]; 64 char language[FIELDSIZE]; 65 }; 66 67 struct workstate { 68 struct arguments * arg; 69 FILE * binlist; 70 FILE * datafile; 71 FILE * watchlist; 72 char * currentdir; 73 char * currentfile; 74 char * hostname; 75 char * userdefkey; 76 config_t * cfg; 77 struct cpe_data cpebuffer; 78 void ** resultlist; 79 int numresults; 80 int rc; 81 int versionListCleared; 82 enum database_types dbtype; 83 #ifdef _USE_SQLITE3 84 sqlite3 * matchdb; 85 sqlite3 ** localdb; 86 #endif 87 #ifdef _USE_MYSQL 88 MYSQL * conn; 89 #endif 90 }; 91 92 struct versiongather_data { 93 char filepart[FILENAMESIZE]; 94 int gathertype; 95 char filematch[FILENAMESIZE]; 96 char versionexpression[LARGEFIELDSIZE]; 97 }; 98 99 /*********************************************************************************************** 100 * CPE related definitions 101 ***********************************************************************************************/ 102 103 // cpe_to_string - Convert the selected cpe_data structure to a string 104 void cpe_to_string(char * buffer, int buffsize, struct cpe_data cpe); 105 106 // string_to_cpe - Convert the selected cpe string (buffer) to a structure 107 void string_to_cpe(struct cpe_data * cpe, char * buffer); 108 109 // cve_to_vars - Convert the cve identifier (string) to a year/sequence combination 110 int cve_to_vars(int * year, int * sequence, char * cveId); 111 112 // show_potential_vulnerabilities - Show the potential vulnerability matches 113 void show_potential_vulnerabilities(struct workstate * ws, int cveyear, int cvenum, int cvssScore, const char * filename, struct cpe_data cpe, int versiononly); 114 115 // show_installed_software - Show the installed software 116 void show_installed_software(struct workstate * ws, const char * vendor, const char * product, const char * version, const char * update, const char * edition, const char * language, int numfiles, const char ** files); 117 118 // clear_resultlist - Clear workstate result list 119 void clear_resultlist(struct workstate * ws); 120 121 // get_version_field - Get the field (int) value from a version string (first field = 0) 122 int get_version_field(const char * version, int fieldnum); 123 124 #endif 125