Author: jfs Date: 2007-10-31 22:15:47 +0100 (Wed, 31 Oct 2007) New Revision: 492
Added: trunk/openvas-plugins/audit/ trunk/openvas-plugins/audit/NOTES trunk/openvas-plugins/audit/audit-plugins trunk/openvas-plugins/audit/compare-plugins trunk/openvas-plugins/audit/non-free-plugins Log: Code to review if the plugins provided are really free and the distribution is self-contained (does not depend on non-free content) Added: trunk/openvas-plugins/audit/NOTES =================================================================== --- trunk/openvas-plugins/audit/NOTES 2007-10-31 21:08:49 UTC (rev 491) +++ trunk/openvas-plugins/audit/NOTES 2007-10-31 21:15:47 UTC (rev 492) @@ -0,0 +1,18 @@ + +Files that need to be removed from the plugins: + +- Files that fit the following regular expressions: + + grep -i "script_copyright.*Tenable.*" * + + egrep -i "#.*(C).*Tenable Network Security" * + + NOTE: Except if the plugin said it was *based* on something (C) Tenable" + (some plugins include that line but another (C) line before it + of somebody else) + +- All the files which include non-free plugins (.inc files) have also been + removed. + + NOTE: Once the non-free .inc files have been removed the audit script should + detect those too Added: trunk/openvas-plugins/audit/audit-plugins =================================================================== --- trunk/openvas-plugins/audit/audit-plugins 2007-10-31 21:08:49 UTC (rev 491) +++ trunk/openvas-plugins/audit/audit-plugins 2007-10-31 21:15:47 UTC (rev 492) @@ -0,0 +1,117 @@ +#!/bin/bash +# +# Script to review the scripts in an OpenVAS distribution and +# try to detect known non-free plugins as well as +# plugins that cannot be distributed because they depend to non-free +# (or not available) plugins +# +# (c) Javier Fernandez-Sanguino <[EMAIL PROTECTED]> +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# +# You can also find a copy of the GNU General Public License at +# http://www.gnu.org/licenses/licenses.html#TOCLGPL + + +# Assume we are one subdirectory below in the sources +SCRIPTDIR="../scripts" +[ -n "$1" ] && SCRIPTDIR=$1 # But also use the scriptdir provided, if any + +if [ ! -d "$SCRIPTDIR" ] ; then + echo "The script directory $SCRIPTDIR does not exist" >&2 + echo "Do not know where to check for plugins" >&2 + exit 1 +fi + +# First tell if there are known non-free plugins +if [ -f non-free-plugins ] ; then + echo "Looking for non-free plugins..." + count=0 + for plugin in `cat non-free-plugins | grep -v ^\#`; do + if [ -e "$SCRIPTDIR/$plugin" ] ; then + if egrep -iq '(c).*Tenable Network Security' "$SCRIPTDIR/$plugin"; then + echo "NON-FREE plugin $plugin found" + count=$(($count+1)) + fi + fi + done + + if [ $count -ne 0 ] ; then + echo "$count NON-FREE plugins found" + exit 1 + fi + + echo "Looking for free plugins that depend on non-free..." + count=0 + for includef in `cat non-free-plugins | grep '\.inc' | grep -v ^\#`; do + # Only check if the include file is not there... + # since it might have been restored from free sources + if [ ! -e "$SCRIPTDIR/$includef" ] ; then + echo -n "Checking for use of $includef..." + total=`grep -rl $includef $SCRIPTDIR |grep -v $includef | wc -l` + if [ -n "$total" ] && [ "$total" -ne 0 ] ; then + echo + echo "$total files depend on this NON-FREE include file:" + grep -rl $includef $SCRIPTDIR |grep -v $includef + echo + count=$(($count+$total)) + fi + echo "...done" + fi + done + + if [ $count -ne 0 ] ; then + echo "$count FREE plugins that depend on NON-FREE found" + exit 1 + fi +fi + +if [ -f "depend-plugins" ] ; then + echo "Looking for (known) free plugins that depend on non-free..." + count=0 + for plugin in `cat depend-plugins | grep -v ^#`; do + if [ -e "$SCRIPTDIR/$plugin" ] ; then + echo "FREE plugin $plugin found, depends on NON-FREE" + count=$(($count+1)) + fi + done + + if [ $count -ne 0 ] ; then + echo "$count FREE plugins that depend on NON-FREE found" + exit 1 + fi +else + echo "Looking for plugins that depend on unavailable includes..." + count=0 + for plugin in $SCRIPTDIR/*; do + found=0 + for includef in `cat $plugin |perl -ne 'print $1."\n" if /include\s*\("(.*)"\)/'`; do + if [ ! -e "$SCRIPTDIR/$includef" ] ; then + echo "FREE plugin $plugin depends on non-existan $includef" + found=1 + fi + done + [ $found -ne 0 ] && count=$(($count+1)) + done + + if [ $count -ne 0 ] ; then + echo "$count FREE plugins that depend on NON EXISTANT plugins found" + exit 1 + fi + +fi + + +exit 0 Property changes on: trunk/openvas-plugins/audit/audit-plugins ___________________________________________________________________ Name: svn:executable + * Added: trunk/openvas-plugins/audit/compare-plugins =================================================================== --- trunk/openvas-plugins/audit/compare-plugins 2007-10-31 21:08:49 UTC (rev 491) +++ trunk/openvas-plugins/audit/compare-plugins 2007-10-31 21:15:47 UTC (rev 492) @@ -0,0 +1,78 @@ +#!/bin/sh +# Audit plugins removed from a given Nessus plugin package to another +# +# TODO: check if they were removed because the included files are no +# longer available + +set -e +OLDVERSION=2.2.3 +NEWVERSION=2.2.10 + +OLD=`find . -name "nessus-plugins-$OLDVERSION" -type d` +[ -z "$OLD" ] && { echo "ERR: Cannot find plugins directory for $OLDVERSION" ; exit 1 ; } +OLD=$OLD/scripts +NEW=`find . -name "nessus-plugins-$NEWVERSION" -type d` +[ -z "$NEW" ] && { echo "ERR: Cannot find plugins directory for $NEWVERSION" ; exit 1 ; } +NEW=$NEW/scripts +CVS=/home/jfs/debian/security/nessus/cvs/nessus-plugins/scripts/ + +# From OLD to NEW +find $OLD -type f | +while read file ; do + plug=`basename $file` + cvsfile=$CVS/$plug + if [ ! -e $NEW/$plug ] ; then + echo -n "REMOVED: $plug " + if [ -e $CVS/$plug ] ; then + echo -n "[in CVS]" + if egrep "\([cC]\) .*Tenable" $cvsfile >/dev/null; then + if ! egrep "\([cC]\) .*Tenable" $file >/dev/null; then + echo -n "[NEW (C) Tenable, OLD not]" + fi + fi + else + echo -n "[unavailable in CVS]" + fi + # Check copyright + if grep "Noam Rathaus" $file >/dev/null; then + echo -n "[maybe (C) nrathaus]" + fi + if egrep "\([cC]\) .*Tenable" $file >/dev/null; then + echo -n "[OLD (C) Tenable]" + fi + + # Extract includes + tmpfile=`tempfile` || { echo "ERR: Cannot create temporary file!"; exit 2; } + egrep "^include.*(.*).*;" $OLD/$plug | sed -e 's/^.*(.\(.*\.inc\).).*$/\1/g' | + while read incfile; do + if [ ! -e "$NEW/$incfile" ] ; then + echo $incfile >>$tmpfile + fi + done + if [ -s "$tmpfile" ] ; then + incfiles=`cat $tmpfile` + echo -n " [included files no longer available: $incfiles]" + fi + rm -f $tmpfile + echo + fi +done + + +# and viceversa +find $NEW -type f | +while read file ; do + plug=`basename $file` + if [ ! -e $OLD/$plug ] ; then + echo -n "ADDED: $plug " + if [ -e $CVS/$plug ] ; then + echo -n "[in CVS]" + else + echo -n "[unavailable in CVS]" + fi + echo + fi +done + + +exit 0 Property changes on: trunk/openvas-plugins/audit/compare-plugins ___________________________________________________________________ Name: svn:executable + * Added: trunk/openvas-plugins/audit/non-free-plugins =================================================================== --- trunk/openvas-plugins/audit/non-free-plugins 2007-10-31 21:08:49 UTC (rev 491) +++ trunk/openvas-plugins/audit/non-free-plugins 2007-10-31 21:15:47 UTC (rev 492) @@ -0,0 +1,40 @@ +# This is a list of plugins which are NOT free but have +# sometimes been found in the GPL feed +# NON-FREE plugins: +apache_conn_block.nasl +bind_stub_res.nasl +bugbear_b_1080.nasl +cherokee_0_4_7.nasl +ciscoworks_detect.nasl +ftp_writeable_directories.nasl +kazaa_network.nasl +opendchub.nasl +overnet.nasl +sasser_virus.nasl +scan_info.nasl +smb_enum_files.nasl +ssh_settings.nasl +winmx_detect2.nasl +zope_multiple_flaws.nasl +# +# NON-FREE include files: +aix.inc +backport.inc +byte_func.inc +crypto_func.inc +default_account.inc +dump.inc +hostlevel_funcs.inc +http_keepalive.inc +imap_func.inc +misc_func.inc +nfs_func.inc +pop3_func.inc +rpm.inc +smb_file_funcs.inc +smb_nt.inc +snmp_func.inc +solaris.inc +ssl_funcs.inc +telnet_func.inc +url_func.inc _______________________________________________ Openvas-commits mailing list [email protected] http://lists.wald.intevation.org/mailman/listinfo/openvas-commits
