Beispiel #1
0
func Load_Blacklist(filename string) BlackList {
	blist := BlackList{}

	file, err := os.Open(filename)
	if err != nil {
		syslog.Errf("%v", err)
		panic(err)
	}
	defer file.Close()

	scanner := bufio.NewScanner(file)
	for scanner.Scan() {
		line := scanner.Text()
		// Ignore empty lines
		if len(line) > 0 {
			blist.items = append(blist.items, scanner.Text())
		}
	}

	if err := scanner.Err(); err != nil {
		syslog.Errf("%v", err)
		panic(err)
	}

	return blist
}
Beispiel #2
0
func (j *Jira) Init() {
	// Loading Jira related settings
	b, err := ioutil.ReadFile("/opt/cvesync/etc/jira.json")
	if err != nil {
		syslog.Errf("Unable to read Jira settings file: %v", err)
		panic(err)
	}

	err = json.Unmarshal(b, &j)
	if err != nil {
		syslog.Errf("Unable to unmarshal Jira settings json: %v", err)
		panic(err)
	}

	funcMap := template.FuncMap{
		"escape_text": escape_text,
	}

	j.Template, err = template.New("jira.templ").Funcs(funcMap).ParseFiles(j.TemplateFile)
	if err != nil {
		syslog.Errf("Unable to parse Jira template file: %v", err)
		panic(err)
	}

}
Beispiel #3
0
func (rt RT) Update(e nvd.Entry, ticketid string) error {
	// Authenticate against RT for this operation
	jar, err := cookiejar.New(nil)
	if err != nil {
		syslog.Errf("Unable to create cookie jar: %v", err)
		panic(err)
	}
	err = rt.authenticate(jar)
	if err != nil {
		syslog.Errf("%v", err)
		return err
	}

	// Build ticket information...
	ticket, err := rt.build_ticket(e)
	if err != nil {
		return err
	}

	// Build the request
	request := fmt.Sprintf("Queue: %v\nSubject: %v\nPriority: %v\nText:%v\n", ticket.Queue, ticket.Subject, ticket.Priority, ticket.Text)
	_, err = rt_request("POST", rt.BaseURL+"/REST/1.0/ticket/"+ticketid+"/edit", rt.CAFile, jar, request)

	if err != nil {
		return err
	}

	// For some reason the RT doesn't react to Text on ticket/edit
	// Adding the new text as comment
	comment_request := fmt.Sprintf("id: %v\nAction: comment\nText:%v\n", ticketid, ticket.Text)
	_, err = rt_request("POST", rt.BaseURL+"/REST/1.0/ticket/"+ticketid+"/comment", rt.CAFile, jar, comment_request)

	return err
}
Beispiel #4
0
func sync_entry(entry nvd.Entry, db *sql.DB, cwes nvd.CWE, ts tracker.Tracker) {
	entry.CWE.CWECatalog = &cwes
	// Completely new?
	if !util.Exists(db, entry.Id) {
		syslog.Noticef("Adding new CVE %s", entry.Id)
		id, err := ts.Add(entry)
		if err != nil {
			syslog.Errf("Unable to add %v to issue tracker: %v", entry.Id, err)
			return
		}
		// Add to database, too
		util.DB_Add(db, entry.Id, entry.Last_Modified, id)
		// Already existing, but modified?
	} else if !util.Modified_Matches(db, entry.Id, entry.Last_Modified) {
		syslog.Noticef("Modifying old CVE %s", entry.Id)
		ticketid := util.DB_TicketID(db, entry.Id)
		err := ts.Update(entry, ticketid)
		if err != nil {
			syslog.Errf("Unable to modify %v in issue tracker: %v", entry.Id, err)
			return
		}
		// Update to database, too
		util.DB_Update(db, entry.Id, entry.Last_Modified)
	}
}
Beispiel #5
0
func (rt RT) Add(e nvd.Entry) (string, error) {
	// Authenticate against RT for this operation
	jar, err := cookiejar.New(nil)
	if err != nil {
		syslog.Errf("Unable to create cookie jar: %v", err)
		panic(err)
	}
	err = rt.authenticate(jar)
	if err != nil {
		syslog.Errf("%v", err)
		return "", err
	}

	// Build ticket information...
	ticket, err := rt.build_ticket(e)
	if err != nil {
		return "", err
	}

	// Build the request
	request := fmt.Sprintf("id: ticket/new\nQueue: %v\nSubject: %v\nPriority: %v\nText:%v\n", ticket.Queue, ticket.Subject, ticket.Priority, ticket.Text)

	id, err := rt_request("POST", rt.BaseURL+"/REST/1.0/ticket/new", rt.CAFile, jar, request)
	return id, err
}
Beispiel #6
0
func Download_File(url string, cafile string) []byte {

	// Load the CA certificate for server certificate validation
	capool := x509.NewCertPool()
	cacert, err := ioutil.ReadFile(cafile)
	checkerr(err)
	capool.AppendCertsFromPEM(cacert)

	// Check server certificate
	tr := &http.Transport{
		TLSClientConfig: &tls.Config{RootCAs: capool},
	}

	// Get!
	client := &http.Client{Transport: tr}
	resp, err := client.Get(url)
	checkerr(err)
	// 500s and such
	if resp.StatusCode != 200 {
		errr := errors.New(fmt.Sprintf("File download failed with status code %v", resp.StatusCode))
		syslog.Errf("%v", errr)
		panic(errr)
	}

	// Read the body
	defer resp.Body.Close()
	body, err := ioutil.ReadAll(resp.Body) // body is []byte
	checkerr(err)

	return body
}
Beispiel #7
0
func (rt RT) authenticate(jar *cookiejar.Jar) error {

	client := &http.Client{
		Jar: jar,
	}

	data := url.Values{}
	data.Add("user", rt.Username)
	data.Add("pass", rt.Password)

	client.PostForm(rt.BaseURL, data)

	// Check that we got back at least one cookie -> probably successful authentication!
	// Alternatively could check that RT_SID_url.80 exists
	url, err := url.Parse(rt.BaseURL)
	if err != nil {
		syslog.Errf("Unable to parse BaseURL: %v", err)
		panic(err)
	}
	if len(jar.Cookies(url)) < 1 {
		return errors.New("Authentication to RT failed!")
	}

	return nil
}
Beispiel #8
0
func Get_CWEs(filename string) CWE {
	b, err := ioutil.ReadFile(filename)
	if err != nil {
		syslog.Errf("Unable to read CWE file: %v", err)
		panic(err)
	}

	cwes := Unmarshal_CWE(b)
	return cwes
}
Beispiel #9
0
func Unmarshal_CWE(data []byte) CWE {
	var c CWE
	err := xml.Unmarshal(data, &c)
	if err != nil {
		syslog.Errf("Unable to parse CWEs: %v", err)
		panic(err)
	}

	return c
}
Beispiel #10
0
func (j Jira) build_description(e nvd.Entry) string {
	var result bytes.Buffer

	err := j.Template.Execute(&result, e)
	if err != nil {
		syslog.Errf("Unable to execute Jira template file: %v", err)
		panic(err)
	}

	return result.String()
}
Beispiel #11
0
func (rt RT) build_text(e nvd.Entry) string {
	var result bytes.Buffer

	err := rt.Template.Execute(&result, e)
	if err != nil {
		syslog.Errf("Unable to execute RT template file: %v", err)
		panic(err)
	}

	return result.String()
}
Beispiel #12
0
func (rt *RT) Init() {
	// Loading RT related settings
	b, err := ioutil.ReadFile("/opt/cvesync/etc/rt.json")
	if err != nil {
		syslog.Errf("Unable to read RT settings file: %v", err)
		panic(err)
	}

	err = json.Unmarshal(b, &rt)
	if err != nil {
		syslog.Errf("Unable to unmarshal RT settings json: %v", err)
		panic(err)
	}

	rt.Template, err = template.New("rt.templ").ParseFiles(rt.TemplateFile)
	if err != nil {
		syslog.Errf("Unable to parse RT template file: %v", err)
		panic(err)
	}
}
Beispiel #13
0
func rt_request(reqtype string, path string, cafile string, jar *cookiejar.Jar, ticket string) (string, error) {
	var client *http.Client
	// If https, add CA certificate checking
	if strings.HasPrefix(path, "https://") {
		capool := x509.NewCertPool()
		cacert, err := ioutil.ReadFile(cafile)
		if err != nil {
			syslog.Errf("Unable to read CA file: %v", err)
			return "", err
		}
		capool.AppendCertsFromPEM(cacert)

		// Check server certificate
		tr := &http.Transport{
			TLSClientConfig: &tls.Config{RootCAs: capool},
		}

		client = &http.Client{Transport: tr, Jar: jar}
	} else {
		client = &http.Client{Jar: jar}
	}

	data := url.Values{}
	data.Add("content", ticket)

	req, err := http.NewRequest(reqtype, path, strings.NewReader(data.Encode()))
	if err != nil {
		return "", err
	}

	// We are handling "form"
	req.Header.Set("Content-Type", "application/x-www-form-urlencoded")

	// Make RT's anti-XSS happy
	req.Header.Set("Referer", path)

	// Request!
	resp, err := client.Do(req)
	if err != nil {
		return "", err
	}

	defer resp.Body.Close()
	body, err := ioutil.ReadAll(resp.Body)
	if err != nil {
		return "", err
	}

	ticketid := get_ticket_id(string(body))

	return ticketid, nil

}
Beispiel #14
0
func jira_request(reqtype string, path string, cafile string, username string, password string, jsonstr string) (string, error) {
	var client *http.Client
	// If https, add CA certificate checking
	if strings.HasPrefix(path, "https://") {
		capool := x509.NewCertPool()
		cacert, err := ioutil.ReadFile(cafile)
		if err != nil {
			syslog.Errf("Unable to read CA file: %v", err)
			return "", err
		}
		capool.AppendCertsFromPEM(cacert)

		// Check server certificate
		tr := &http.Transport{
			TLSClientConfig: &tls.Config{RootCAs: capool},
		}

		client = &http.Client{Transport: tr}
	} else {
		client = &http.Client{}
	}

	// Build request..
	jsonreader := strings.NewReader(jsonstr)
	req, err := http.NewRequest(reqtype, path, jsonreader)
	if err != nil {
		return "", err
	}

	// Without application/json Jira returns 415
	req.Header.Set("Content-Type", "application/json")
	// Basic Authentication
	req.SetBasicAuth(username, password)

	// Request!
	resp, err := client.Do(req)
	if err != nil {
		return "", err
	}

	// If not successful, return with statuscode
	if (resp.StatusCode < 200) || (resp.StatusCode > 299) {
		return "", errors.New(fmt.Sprintf("Response contained %v", resp.StatusCode))
	}

	ticketid := ""
	// Only POST returns something meaningful
	if reqtype == "POST" {
		defer resp.Body.Close()
		body, err := ioutil.ReadAll(resp.Body)
		if err != nil {
			return "", err
		}

		jira_response := Jira_Response{}
		err = json.Unmarshal(body, &jira_response)
		if err != nil {
			return "", err
		}
		ticketid = jira_response.Id
	}

	return ticketid, nil
}
Beispiel #15
0
func main() {
	// Don't throw an error when encountering an unknown flag (for sendmail compat)
	flag.CommandLine.Init(os.Args[0], flag.ContinueOnError)

	flag.Parse()

	if config.Message_FromCronDaemon {
		config.Message_FromName = "CronDaemon"
	}

	if err := config.ParseFile(config.ConfigFile); err != nil {
		fmt.Fprintf(os.Stderr, "Error while parsing configuration: %s\n", err)
		os.Exit(2)
	}

	// Map all local users to Postmaster address
	config.Message_To = flag.Args()
	for i, to := range config.Message_To {
		if -1 == strings.Index(to, "@") {
			config.Message_To[i] = config.Postmaster
		}
	}

	if config.Verbose {
		fmt.Printf("%#v\n", *config)
	}

	if len(config.Message_To) == 0 && !config.ScanMessage {
		fmt.Fprintln(os.Stderr, "Error: no recipients supplied")
		os.Exit(1)
	}

	m, err := compose()
	if err != nil {
		syslog.Errf("ComposeError: %s", err)
		fmt.Fprintf(os.Stderr, "ComposeError: %s\n", err)
		os.Exit(2)
	}

	c, err := connect()
	if err != nil {
		syslog.Errf("ConnectError: %s", err)
		fmt.Fprintf(os.Stderr, "ConnectError: %s\n", err)
		os.Exit(3)
	}

	if err := send(c, m); err != nil {
		syslog.Errf("SendError: %s", err)
		fmt.Fprintf(os.Stderr, "SendError: %s\n", err)
		os.Exit(4)
	}

	var subject string = "(unknown)"
	if len(m.Header["Subject"]) > 0 {
		subject = m.Header["Subject"][0]
	}

	syslog.Syslogf(syslog.LOG_INFO, "[%s] Sent mail; subject \"%s\"; from %s; to %#v", m.Header["Message-Id"][0], subject, config.Message_From, config.Message_To)

	if config.Verbose {
		fmt.Println("Info: send successful")
	}
}
Beispiel #16
0
func checkerr(err error) {
	if err != nil {
		syslog.Errf("Error: %v", err)
		panic(err)
	}
}