1 #include <stdio.h> 2 #include <string.h> 3 #include <sys/types.h> 4 #include <sys/stat.h> 5 #include <regex.h> 6 #include <unistd.h> 7 #include <stdlib.h> 8 #include <argp.h> 9 #include <errno.h> 10 #include <libconfig.h> 11 12 /* 13 * Copyright 2010-2017 Sven Vermeulen. 14 * Subject to the GNU Public License, version 3. 15 */ 16 17 // parse_opt - Parse the arguments 18 static error_t parse_opt (int key, char * arg, struct argp_state *state); 19 20 #include "swstring.h" 21 #include "cvecheck_common.h" 22 23 /*********************************************************************************************** 24 * Database Selection 25 ***********************************************************************************************/ 26 #ifdef _USE_SQLITE3 27 #include "sqlite3/sqlite3_impl.h" 28 #else 29 #include "dummy/dummy_sqlite3.h" 30 #endif 31 32 #ifdef _USE_MYSQL 33 #include "mysql/mysql_impl.h" 34 #else 35 #include "dummy/dummy_mysql.h" 36 #endif 37 38 const char * argp_program_version = "cvechecker 3.9"; 39 const char * argp_program_bug_address = "<sven.vermeulen@siphos.be>"; 40 41 static char doc[] = "cvechecker -- Verify the state of the system against a CVE database"; 42 static char args_doc[] = ""; 43 44 static struct argp_option options[] = { 45 {"binlist", 'b', "binlist", 0, "List of binary files on the system" }, 46 {"watchlist", 'w', "watchlist", 0, "List of CPEs to watch for (assume these are installed)" }, 47 {"cvedata", 'c', "cvefile", 0, "CSV file with CVE information (cfr. nvd2simple)" }, 48 {"loaddata", 'l', "datafile", 0, "Load version gathering data file" }, 49 {"runcheck", 'r', 0, 0, "Execute the checks (match installed software with CVEs)" }, 50 {"reporthigher", 'H', 0, 0, "Report also when CVEs have been detected for higher versions" }, 51 {"fileinfo", 'f', "binfile", 0, "File to obtain detected CPE of" }, 52 {"initdbs", 'i', 0, 0, "Initialize all databases" }, 53 {"csvoutput", 'C', 0, 0, "Use (parseable) CSV output" }, 54 {"showinstalled", 's', 0, 0, "Output detected software/versions" }, 55 {"showinstalledfiles", 'S', 0, 0, "Output detected software/versions with file information" }, 56 {"deltaonly", 'd', 0, 0, "Given binaries or lists should be added only (not a full replacement)" }, 57 {"deletedeltaonly", 'D', 0, 0, "Given binaries or lists should be removed (not a full replacement)" }, 58 { 0 } 59 }; 60 61 static struct argp argp = { options, parse_opt, args_doc, doc }; 62 63 // find_match_in_file - Find a string match in a (binary) file 64 void find_match_in_file(struct workstate * ws, regex_t * preg, regmatch_t * pmatch, struct cpe_data cpe); 65 66 // get_db_count - Return the count(*) value of the caller SQL statement 67 int get_db_count(void * cbobj, int argc, char **argv, char **azColName); 68 69 // file_already_processed - Validate if the given file has already been processed succesfully 70 int file_already_processed(struct workstate * ws); 71 72 // get_version_and_store - For each match, verify if the file matches. If it does, also content-wise, store the results in the local db 73 int get_version_and_store(void * cbobj, int argc, char **argv, char **azColName); 74 75 // load_databases - Initialize databases 76 int load_databases(struct workstate * ws); 77 78 // init_binlist - Initialize binary listing file 79 int init_binlist(struct workstate * ws); 80 81 // match_binary - For a single selected filename, verify if it can possibly match a known binary 82 int match_binary(char * file, struct workstate * ws); 83 84 // process_binfile - If the selected file is a binary, readable file, process it 85 int process_binfile(char * line, struct workstate * ws); 86 87 // delete_binfile - Delete the binary file from the database 88 int delete_binfile(char * line, struct workstate * ws); 89 90 // clear_versiondatabase - Purse the local database 91 int clear_versiondatabase(struct workstate * ws); 92 93 // get_installed_software - Read the list of installed binaries and process the list 94 int get_installed_software(struct workstate * ws); 95 96 // load_cve - Load CVE data from XML file into the database 97 int load_cve(struct workstate * ws); 98 99 // verify_installed_versus_cve - Match the installed software against the known CVE vulnerabilities 100 void verify_installed_versus_cve(struct workstate * ws); 101 102 // initialize_arguments - Initialize the arguments OKOK 103 void initialize_arguments(struct arguments * arg); 104 105 // initialize_workstate - Initialize the workstate variable OKOK 106 int initialize_workstate(struct workstate * ws, struct arguments * arg); 107