implemented output of item lists in remediation instructions
authorAndreas Steffen <andreas.steffen@strongswan.org>
Fri, 23 Nov 2012 17:30:00 +0000 (18:30 +0100)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Fri, 23 Nov 2012 17:30:00 +0000 (18:30 +0100)
src/libimcv/imv/imv_remediation_string.c
src/libimcv/plugins/imv_os/imv_os_state.c
src/libimcv/plugins/imv_scanner/imv_scanner.c
src/libimcv/plugins/imv_scanner/imv_scanner_state.c
src/libimcv/plugins/imv_scanner/imv_scanner_state.h

index 75af831..4749390 100644 (file)
@@ -49,20 +49,95 @@ struct private_imv_remediation_string_t {
 METHOD(imv_remediation_string_t, add_instruction, void,
        private_imv_remediation_string_t *this, imv_lang_string_t title[],
        imv_lang_string_t description[], imv_lang_string_t itemsheader[],
-       linked_list_t *items)
+       linked_list_t *item_list)
 {
-       char xml_format[] = "  <instruction>\n"
-                                               "    <title>%s</title>\n"
+       char xml_format[] =  "  <instruction>\n"
+                                                "    <title>%s</title>\n"
                                                "    <description>%s</description>\n"
                                                "%s%s"
                                                "  </instruction>\n";
-       char *instruction, *format, *s_title, *s_description, *s_itemsheader;
+       char *instruction, *format, *item, *pos, *header, *items;
+       char *s_title, *s_description, *s_itemsheader;
        size_t len;
 
        s_title = imv_lang_string_select_string(title, this->lang);
        s_description = imv_lang_string_select_string(description, this->lang);
        s_itemsheader = imv_lang_string_select_string(itemsheader, this->lang);
+       header = NULL;
+       items = NULL;
+
+       if (s_itemsheader)
+       {
+               int header_len = strlen(s_itemsheader);
+               char *header_format;
+
+               if (this->as_xml)
+               {
+                       header_format = "    <itemsheader>%s</itemsheader>\n";
+                       header_len +=  strlen(header_format) - 2;
+               }
+               else
+               {
+                       header_format = "\n  %s";
+                       header_len += 3;
+               }
+               header = malloc(header_len + 1);
+               sprintf(header, header_format, s_itemsheader);
+       }
+
+       if (item_list && item_list->get_count(item_list))
+       {
+               enumerator_t *enumerator;
+               int items_len = 0;
+
+               /* compute total length of all items */
+               enumerator = item_list->create_enumerator(item_list);
+               while (enumerator->enumerate(enumerator, &item))
+               {
+                       items_len += strlen(item);
+               }
+               enumerator->destroy(enumerator);
+
+               if (this->as_xml)
+               {
+                       items_len += 12 + 20 * item_list->get_count(item_list) + 13;
+
+                       pos = items = malloc(items_len + 1);
+                       pos += sprintf(pos, "    <items>\n");
+
+                       enumerator = item_list->create_enumerator(item_list);
+                       while (enumerator->enumerate(enumerator, &item))
+                       {
+                               pos += sprintf(pos, "      <item>%s</item>\n", item);
+                       }
+                       enumerator->destroy(enumerator);
+
+                       pos += sprintf(pos, "    </items>\n");
+               }
+               else
+               {
+                       items_len += 5 * item_list->get_count(item_list);
+
+                       pos = items = malloc(items_len + 1);
+
+                       enumerator = item_list->create_enumerator(item_list);
+                       while (enumerator->enumerate(enumerator, &item))
+                       {
+                               pos += sprintf(pos, "\n    %s", item);
+                       }
+                       enumerator->destroy(enumerator);
+               }
+       }
+
        len = strlen(s_title) + strlen(s_description);
+       if (header)
+       {
+               len += strlen(header);
+       }
+       if (items)
+       {
+               len += strlen(items);
+       }
 
        if (this->as_xml)
        {
@@ -71,11 +146,14 @@ METHOD(imv_remediation_string_t, add_instruction, void,
        }
        else
        {
-               format = this->instructions.len ? "\n%s\n%s%s%s" : "%s\n%s%s%s";
-               len += 2;
+               format = this->instructions.len ? "\n%s\n  %s%s%s" : "%s\n  %s%s%s";
+               len += 4;
        }
        instruction = malloc(len + 1);
-       sprintf(instruction, format, s_title, s_description, "", "");
+       sprintf(instruction, format, s_title, s_description, header ? header : "",
+                       items ? items : "");
+       free(header);
+       free(items);
        this->instructions = chunk_cat("mm", this->instructions, 
                                                        chunk_create(instruction, strlen(instruction)));
 }
index 3b5dac6..0fe3d87 100644 (file)
@@ -154,7 +154,7 @@ struct private_imv_os_state_t {
 static char* languages[] = { "en", "de", "pl" };
 
 /**
- * Table of "OS settings" reason strings
+ * Reason strings for "OS settings"
  */
 static imv_lang_string_t reason_settings[] = {
        { "en", "Improper OS settings were detected" },
@@ -163,7 +163,7 @@ static imv_lang_string_t reason_settings[] = {
 };
 
 /**
- * Table of "software packages" reason strings
+ * Reason strings for "installed software packages"
  */
 static imv_lang_string_t reason_packages[] = {
        { "en", "Vulnerable or blacklisted software packages were found" },
@@ -172,47 +172,51 @@ static imv_lang_string_t reason_packages[] = {
 };
 
 /**
- * Table of "software packages update" instruction title strings
+ * Instruction strings for "Software Security Updates"
  */
 static imv_lang_string_t instr_update_packages_title[] = {
        { "en", "Software Security Updates" },
        { "de", "Software Sicherheitsupdates" },
-       { "pl", "Software Security Updates" }, /* TODO */
        { NULL, NULL }
 };
 
-/**
- * Table of "software packages update" instruction description strings
- */
 static imv_lang_string_t instr_update_packages_descr[] = {
-       { "en", "Please update the following software packages" },
-       { "de", "Bitte updaten Sie die folgenden Softwarepakete" },
-       { "pl", "Proszę zaktualizować następujące pakiety" },
+       { "en", "Packages with security vulnerabilities were found" },
+       { "de", "Softwarepakete mit Sicherheitsschwachstellen wurden gefunden" },
+       { NULL, NULL }
+};
+
+static imv_lang_string_t instr_update_packages_header[] = {
+       { "en", "Please update the following software packages:" },
+       { "de", "Bitte updaten Sie die folgenden Softwarepakete:" },
+       { "pl", "Proszę zaktualizować następujące pakiety:" },
        { NULL, NULL }
 };
 
 /**
- * Tables of "software package removal" instruction titlestrings
+ * Instruction strings for "Blacklisted Software Packages"
  */
 static imv_lang_string_t instr_remove_packages_title[] = {
        { "en", "Blacklisted Software Packages" },
        { "de", "Gesperrte Softwarepakete" },
-       { "pl", "Blacklisted Software Packages" }, /* TODO */
        { NULL, NULL }
 };
 
-/**
- * Tables of "software package removal" instruction strings
- */
 static imv_lang_string_t instr_remove_packages_descr[] = {
-       { "en", "Please remove the following software packages" },
-       { "de", "Bitte entfernen Sie die folgenden Softwarepakete" },
-       { "pl", "Proszę usunąć następujące pakiety" },
+       { "en", "Dangereous software packages were found" },
+       { "de", "Gefährliche Softwarepakete wurden gefunden" },
        { NULL, NULL }
-}
+};
+
+static imv_lang_string_t instr_remove_packages_header[] = {
+       { "en", "Please remove the following software packages:" },
+       { "de", "Bitte entfernen Sie die folgenden Softwarepakete:" },
+       { "pl", "Proszę usunąć następujące pakiety:" },
+       { NULL, NULL }
+};
 
 ;/**
- * Table of "forwarding enable" instruction title strings
+ * Instruction strings for "Forwarding Enabled"
  */
 static imv_lang_string_t instr_fwd_enabled_title[] = {
        { "en", "IP Packet Forwarding" },
@@ -220,9 +224,6 @@ static imv_lang_string_t instr_fwd_enabled_title[] = {
        { NULL, NULL }
 };
 
-/**
- * Table of "forwarding enable" instruction description strings
- */
 static imv_lang_string_t instr_fwd_enabled_descr[] = {
        { "en", "Please disable the forwarding of IP packets" },
        { "de", "Bitte deaktivieren Sie das Forwarding von IP Paketen" },
@@ -230,7 +231,7 @@ static imv_lang_string_t instr_fwd_enabled_descr[] = {
 };
 
 /**
- * Table of "default password enabled" instruction title strings
+ * Instruction strings for "Default Password Enabled"
  */
 static imv_lang_string_t instr_default_pwd_enabled_title[] = {
        { "en", "Default Password" },
@@ -238,9 +239,6 @@ static imv_lang_string_t instr_default_pwd_enabled_title[] = {
        { NULL, NULL }
 };
 
-/**
- * Table of "default password enabled" instruction description strings
- */
 static imv_lang_string_t instr_default_pwd_enabled_descr[] = {
        { "en", "Please change the default password" },
        { "de", "Bitte ändern Sie das Default Passwort" },
@@ -248,7 +246,7 @@ static imv_lang_string_t instr_default_pwd_enabled_descr[] = {
 };
 
 /**
- * Table of "install non market apps" instruction title strings
+ * Instruction strings for  "Install Non-Market Apps"
  */
 static imv_lang_string_t instr_non_market_apps_title[] = {
        { "en", "Unknown Software Origin" },
@@ -256,9 +254,6 @@ static imv_lang_string_t instr_non_market_apps_title[] = {
        { NULL, NULL }
 };
 
-/**
- * Table of "install non market apps" instruction description strings
- */
 static imv_lang_string_t instr_non_market_apps_descr[] = {
        { "en", "Do not allow the installation of apps from unknown sources" },
        { "de", "Erlauben Sie nicht die Installation von Apps von unbekannten Quellen" },
@@ -372,43 +367,45 @@ METHOD(imv_state_t, get_remediation_instructions, bool,
        if (this->count_blacklist)
        {
                this->remediation_string->add_instruction(this->remediation_string,
-                                               instr_remove_packages_title,
-                                               instr_remove_packages_descr, NULL,
-                                               this->remove_packages);
+                                                       instr_remove_packages_title,
+                                                       instr_remove_packages_descr,
+                                                       instr_remove_packages_header,
+                                                       this->remove_packages);
        }
 
        /* List of packages in need of an update, if any */
        if (this->count_update)
        {
                this->remediation_string->add_instruction(this->remediation_string,
-                                               instr_update_packages_title,
-                                               instr_update_packages_descr, NULL,
-                                               this->update_packages);
+                                                       instr_update_packages_title,
+                                                       instr_update_packages_descr,
+                                                       instr_update_packages_header,
+                                                       this->update_packages);
        }
 
        /* Add instructions concerning improper OS settings */
        if (this->os_settings & OS_SETTINGS_FWD_ENABLED)
        {
                this->remediation_string->add_instruction(this->remediation_string,
-                                               instr_fwd_enabled_title,
-                                               instr_fwd_enabled_descr, NULL, NULL);
+                                                       instr_fwd_enabled_title,
+                                                       instr_fwd_enabled_descr, NULL, NULL);
        }
        if (this->os_settings & OS_SETTINGS_DEFAULT_PWD_ENABLED)
        {
                this->remediation_string->add_instruction(this->remediation_string,
-                                               instr_default_pwd_enabled_title,
-                                               instr_default_pwd_enabled_descr, NULL, NULL);
+                                                       instr_default_pwd_enabled_title,
+                                                       instr_default_pwd_enabled_descr, NULL, NULL);
        }
        if (this->os_settings & OS_SETTINGS_NON_MARKET_APPS)
        {
                this->remediation_string->add_instruction(this->remediation_string,
-                                               instr_non_market_apps_title,
-                                               instr_non_market_apps_descr, NULL, NULL);
+                                                       instr_non_market_apps_title,
+                                                       instr_non_market_apps_descr, NULL, NULL);
        }
 
        *string = this->remediation_string->get_encoding(this->remediation_string);
        *uri = lib->settings->get_str(lib->settings,
-                                               "libimcv.plugins.imv-os.remediation_uri", NULL);
+                                                       "libimcv.plugins.imv-os.remediation_uri", NULL);
 
        return TRUE;
 }
index be35550..16ce086 100644 (file)
@@ -202,14 +202,15 @@ static TNC_Result receive_message(imv_state_t *state, imv_msg_t *in_msg)
 
                if (type.vendor_id == PEN_IETF && type.type == IETF_ATTR_PORT_FILTER)
                {
+                       imv_scanner_state_t *imv_scanner_state;
                        ietf_attr_port_filter_t *attr_port_filter;
                        enumerator_t *enumerator;
                        u_int8_t protocol;
                        u_int16_t port;
-                       char buf[BUF_LEN], *pos = buf;
-                       size_t len = BUF_LEN;
                        bool blocked, compliant = TRUE;
 
+
+                       imv_scanner_state = (imv_scanner_state_t*)state;
                        attr_port_filter = (ietf_attr_port_filter_t*)attr;
                        enumerator = attr_port_filter->create_port_enumerator(attr_port_filter);
                        while (enumerator->enumerate(enumerator, &blocked, &protocol, &port))
@@ -217,7 +218,7 @@ static TNC_Result receive_message(imv_state_t *state, imv_msg_t *in_msg)
                                enumerator_t *e;
                                port_range_t *port_range;
                                bool passed, found = FALSE;
-                               int written = 0;
+                               char buf[20];
 
                                if (blocked)
                                {
@@ -245,15 +246,10 @@ static TNC_Result receive_message(imv_state_t *state, imv_msg_t *in_msg)
                                if (!passed)
                                {
                                        compliant = FALSE;
-                                       written = snprintf(pos, len, " %s/%u",
-                                                                         (protocol == IPPROTO_TCP) ? "tcp" : "udp",
-                                                                          port);
-                                       if (written < 0 || written >= len)
-                                       {
-                                               break;
-                                       }
-                                       pos += written;
-                                       len -= written;
+                                       snprintf(buf, sizeof(buf), "%s/%u",
+                                                       (protocol == IPPROTO_TCP) ? "tcp" : "udp", port);
+                                       imv_scanner_state->add_violating_port(imv_scanner_state,
+                                                                                                                 strdup(buf));
                                }
                        }
                        enumerator->destroy(enumerator);
@@ -266,10 +262,6 @@ static TNC_Result receive_message(imv_state_t *state, imv_msg_t *in_msg)
                        }
                        else
                        {
-                               imv_scanner_state_t *imv_scanner_state;
-
-                               imv_scanner_state = (imv_scanner_state_t*)state;
-                               imv_scanner_state->set_violating_ports(imv_scanner_state, buf);
                                state->set_recommendation(state,
                                                                TNC_IMV_ACTION_RECOMMENDATION_NO_ACCESS,
                                                                TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MAJOR);
index fba24f1..108e5ff 100644 (file)
@@ -69,9 +69,9 @@ struct private_imv_scanner_state_t {
        TNC_IMV_Evaluation_Result eval;
 
        /**
-        * String with list of ports that should be closed
+        * List with ports that should be closed
         */
-       char *violating_ports;
+        linked_list_t *violating_ports;
 
        /**
         * TNC Reason String
@@ -91,7 +91,7 @@ struct private_imv_scanner_state_t {
 static char* languages[] = { "en", "de", "fr", "pl" };
 
 /**
- * Table of reason strings
+ * Reason strings for "Port Filter"
  */
 static imv_lang_string_t reasons[] = {
        { "en", "Open server ports were detected" },
@@ -102,7 +102,7 @@ static imv_lang_string_t reasons[] = {
 };
 
 /**
- * Table of "ports" remediation instruction title strings
+ * Instruction strings for "Port Filters"
  */
 static imv_lang_string_t instr_ports_title[] = {
        { "en", "Open Server Ports" },
@@ -112,14 +112,19 @@ static imv_lang_string_t instr_ports_title[] = {
        { NULL, NULL }
 };
 
-/**
- * Table of "ports" remediation instruction descriptions strings
- */
 static imv_lang_string_t instr_ports_descr[] = {
-       { "en", "Please close the following server ports" },
-       { "de", "Bitte schliessen Sie die folgenden Serverports" },
-       { "fr", "Fermez les ports du serveur suivants s'il vous plait" },
-       { "pl", "Proszę zamknąć następujące porty serwera" },
+       { "en", "Open Internet ports have been detected" },
+       { "de", "Offenen Internet-Ports wurden festgestellt" },
+       { "fr", "Il y'a des ports Internet ouverts" },
+       { "pl", "Porty internetowe są otwarte" },
+       { NULL, NULL }
+};
+
+static imv_lang_string_t instr_ports_header[] = {
+       { "en", "Please close the following server ports:" },
+       { "de", "Bitte schliessen Sie die folgenden Serverports:" },
+       { "fr", "Fermez les ports du serveur suivants s'il vous plait:" },
+       { "pl", "Proszę zamknąć następujące porty serwera:" },
        { NULL, NULL }
 };
 
@@ -219,8 +224,10 @@ METHOD(imv_state_t, get_remediation_instructions, bool,
                                                                        TRUE, *lang_code);      /* TODO get os_type */
 
        this->remediation_string->add_instruction(this->remediation_string,
-                                               instr_ports_title, instr_ports_descr, NULL, NULL);
-
+                                                                       instr_ports_title,
+                                                                       instr_ports_descr,
+                                                                       instr_ports_header,
+                                                                       this->violating_ports);
        *string = this->remediation_string->get_encoding(this->remediation_string);
        *uri = lib->settings->get_str(lib->settings,
                                "libimcv.plugins.imv-scanner.remediation_uri", NULL);
@@ -233,14 +240,14 @@ METHOD(imv_state_t, destroy, void,
 {
        DESTROY_IF(this->reason_string);
        DESTROY_IF(this->remediation_string);
-       free(this->violating_ports);
+       this->violating_ports->destroy_function(this->violating_ports, free);
        free(this);
 }
 
-METHOD(imv_scanner_state_t, set_violating_ports, void,
-       private_imv_scanner_state_t *this, char *ports)
+METHOD(imv_scanner_state_t, add_violating_port, void,
+       private_imv_scanner_state_t *this, char *port)
 {
-       this->violating_ports = strdup(ports);
+       this->violating_ports->insert_last(this->violating_ports, port);
 }
 
 /**
@@ -266,12 +273,13 @@ imv_state_t *imv_scanner_state_create(TNC_ConnectionID connection_id)
                                .get_remediation_instructions = _get_remediation_instructions,
                                .destroy = _destroy,
                        },
-                       .set_violating_ports = _set_violating_ports,
+                       .add_violating_port = _add_violating_port,
                },
                .state = TNC_CONNECTION_STATE_CREATE,
                .rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION,
                .eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW,
                .connection_id = connection_id,
+               .violating_ports = linked_list_create(),
        );
 
        return &this->public.interface;
index 716ddfe..9a09303 100644 (file)
@@ -37,9 +37,9 @@ struct imv_scanner_state_t {
        imv_state_t interface;
 
        /**
-        * list of violating TCP and UDP ports
+        * add a violating TCP or UDP port
         */
-       void (*set_violating_ports)(imv_scanner_state_t *this, char *ports);
+       void (*add_violating_port)(imv_scanner_state_t *this, char *port);
 };
 
 /**