allow ignore CVE in shared/ignore_cve.txt file (#2)

anduintransaction · Nov 16, 2023 · ecb114d · ecb114d
1 parent ba4576d
commit ecb114d
Show file tree

Hide file tree

Showing 4 changed files with 50 additions and 10 deletions.
diff --git a/contrib/parsers/flan_xml_parser.py b/contrib/parsers/flan_xml_parser.py
@@ -13,9 +13,11 @@ class FlanXmlParser:
     """
     NMAP XML file reader and contents parser
     """
-    def __init__(self):
+    def __init__(self, ignore_cves=[]):
         self.results = defaultdict(ScanResult)
         self.vulnerable_services = []  # type: List[str]
+        print("[flan_scan] Inside FlanXmlParser(), ignore_cves=", ignore_cves)
+        self.ignore_cves = ignore_cves
 
     @property
     def vulnerable_dict(self) -> Dict[str, ScanResult]:
@@ -55,6 +57,7 @@ def parse(self, data: Dict[str, Any]):
             self.parse_host(hosts)
 
     def parse_vuln(self, app_name: str, vuln: List[Dict[str, Any]]):
+        print("[flan_scan] Inside parse_vuln(), self.ignore_cves:", self.ignore_cves)
         vuln_name = ''
         severity = ''
         vuln_type = ''
@@ -65,8 +68,11 @@ def parse_vuln(self, app_name: str, vuln: List[Dict[str, Any]]):
                 vuln_name = field['#text']
             elif field['@key'] == 'type':
                 vuln_type = field['#text']
-
-        self.results[app_name].vulns.append(Vuln(vuln_name, vuln_type, severity))
+        print("[flan_scan] Parsed vuln, vuln_name:", vuln_name)
+        if not vuln_name in self.ignore_cves:
+            self.results[app_name].vulns.append(Vuln(vuln_name, vuln_type, severity))
+        else:
+            print("[flan_scan] Vuln ", vuln_name, " is ignored")
 
     def parse_script(self, ip_addr: str, port: str, app_name: str, script: Dict[str, Any]):
         if 'table' not in script:

diff --git a/output_report.py b/output_report.py
@@ -58,11 +58,27 @@ def create_report_builder(report_type: str) -> ReportBuilder:
     return builder_map[report_type](provider)
 
 
-def main(dirname: str, output_file: str, ip_file: str, report_type: str = 'tex'):
+def read_ignore_file(ignore_file: str):
+    l=[]
+    try:
+        with open(ignore_file) as file:
+            for line in file:
+                line = line.strip() #preprocess line
+                if line != "" and line[0] != "#":
+                    l.append(line)
+
+    except Exception as e:
+        print("Exception", str(e))
+
+    return l
+
+def main(dirname: str, output_file: str, ip_file: str, ignore_file: str, report_type: str = 'tex'):
     nmap_command = ''
     start_date = ''
     builder = create_report_builder(report_type)
-    parser = FlanXmlParser()
+    ignore_cves = read_ignore_file(ignore_file)
+    print("Ignore these CVEs:", ignore_cves)
+    parser = FlanXmlParser(ignore_cves)
 
     for entry in os.scandir(dirname):  # type: os.DirEntry
         if not (entry.is_file() and entry.name.endswith('.xml')):
@@ -78,4 +94,4 @@ def main(dirname: str, output_file: str, ip_file: str, report_type: str = 'tex')
 
 if __name__ == '__main__':
     report_format = os.getenv('format', 'tex')
-    main(*sys.argv[1:4], report_type=report_format)
+    main(*sys.argv[1:5], report_type=report_format)
diff --git a/run.sh b/run.sh
@@ -1,7 +1,7 @@
 #!/bin/sh
 
 set -e
-
+id
 rm -rf /usr/share/nmap/scripts/vulners
 git clone https://github.com/vulnersCom/nmap-vulners /usr/share/nmap/scripts/vulners
 nmap --script-updatedb
@@ -43,7 +43,7 @@ function get_filename(){
     echo $1 | tr / -
 }
 
-mkdir $root_dir$xml_dir
+mkdir -p $root_dir$xml_dir
 while IFS= read -r line
 do
   current_time=$(date "+%Y.%m.%d-%H.%M.%S")
@@ -52,7 +52,7 @@ do
   upload $xml_dir/$filename
 done < /shared/ips.txt
 
-python /output_report.py $root_dir$xml_dir $root_dir$report_file /shared/ips.txt
+python /output_report.py $root_dir$xml_dir $root_dir$report_file /shared/ips.txt /shared/ignore_cve.txt
 if [[ $report_extension = "tex" ]]
 then
     sed -i 's/_/\\_/g' $root_dir$report_file
@@ -61,4 +61,8 @@ then
     sed -i 's/%/\\%/g' $root_dir$report_file
 fi
 upload $report_file
-python /mail_to.py $root_dir$report_file
+if [ -n "$SMTP_SERVER" ];
+then
+	python /mail_to.py $root_dir$report_file
+fi
+
diff --git a/shared/ignore_cve.txt b/shared/ignore_cve.txt
@@ -0,0 +1,14 @@
+PRION:CVE-2020-15778
+PRION:CVE-2020-12062
+PRION:CVE-2021-28041
+PRION:CVE-2021-41617
+PRION:CVE-2019-16905
+PRION:CVE-2020-14145
+CVE-2020-14145
+PRION:CVE-2021-36368
+SSV:92579
+PRION:CVE-2023-35784
+PACKETSTORM:173661
+1337DAY-ID-26576
+SSV:92580
+