📄 report.c
字号:
struct arglist * arglist;
GtkWidget * window;
{
int level = is_there_any_hole(arglist);
GtkWidget * tree;
GtkWidget * tree_item;
GtkWidget * label;
if(!level)
return NULL;
tree = gtk_tree_new();
if(arg_get_value(arglist, "NOTE"))
{
GtkWidget * subtree;
tree_item = gtk_tree_item_new();
label = findings_to_tree_build_label("Security note", 1);
gtk_container_add(GTK_CONTAINER(tree_item), label);
gtk_widget_show(label);
gtk_tree_append(GTK_TREE(tree), tree_item);
subtree = data_to_tree(arg_get_value(arglist, "NOTE"));
if(subtree)
{
gtk_tree_item_set_subtree(GTK_TREE_ITEM(tree_item), subtree);
gtk_widget_show(subtree);
}
gtk_tree_item_expand(GTK_TREE_ITEM(tree_item));
gtk_tree_item_collapse(GTK_TREE_ITEM(tree_item));
gtk_widget_show(tree_item);
}
if(arg_get_value(arglist, "INFO"))
{
GtkWidget * subtree;
tree_item = gtk_tree_item_new();
label = findings_to_tree_build_label("Security warnings", 1);
gtk_container_add(GTK_CONTAINER(tree_item), label);
gtk_widget_show(label);
gtk_tree_append(GTK_TREE(tree), tree_item);
subtree = data_to_tree(arg_get_value(arglist, "INFO"));
if(subtree)
{
gtk_tree_item_set_subtree(GTK_TREE_ITEM(tree_item), subtree);
gtk_widget_show(subtree);
}
gtk_tree_item_expand(GTK_TREE_ITEM(tree_item));
gtk_tree_item_collapse(GTK_TREE_ITEM(tree_item));
gtk_widget_show(tree_item);
}
if(arg_get_value(arglist, "REPORT"))
{
GtkWidget * subtree;
tree_item = gtk_tree_item_new();
label = findings_to_tree_build_label("Security holes", 2);
gtk_container_add(GTK_CONTAINER(tree_item), label);
gtk_widget_show(label);
gtk_tree_append(GTK_TREE(tree), tree_item);
subtree = data_to_tree(arg_get_value(arglist, "REPORT"));
if(subtree)
{
gtk_tree_item_set_subtree(GTK_TREE_ITEM(tree_item), subtree);
gtk_widget_show(subtree);
}
gtk_tree_item_expand(GTK_TREE_ITEM(tree_item));
gtk_tree_item_collapse(GTK_TREE_ITEM(tree_item));
gtk_widget_show(tree_item);
}
return tree;
}
static
GtkWidget * report_build_label(name, window, severity)
char * name;
GtkWidget * window;
int severity;
{
GtkWidget * label;
GtkWidget * hbox;
char ** pixdata = NULL;
GdkPixmap * pixmap;
GtkStyle * style;
GdkBitmap * mask;
GtkWidget * pixmapwid;
switch(severity)
{
case HOLE_PRESENT :
pixdata = red_dot_xpm;
break;
case WARNING_PRESENT :
pixdata = orange_dot_xpm;
break;
case NOTE_PRESENT :
pixdata = yellow_dot_xpm;
break;
default :
pixdata = white_dot_xpm;
break;
}
style = gtk_widget_get_style(window);
pixmap = gdk_pixmap_create_from_xpm_d(window->window, &mask,
&style->bg[GTK_STATE_NORMAL],(gchar **)pixdata);
pixmapwid = gtk_pixmap_new(pixmap, mask);
hbox = gtk_hbox_new(FALSE,FALSE);
label = gtk_label_new(name);
gtk_label_set_justify(GTK_LABEL(label), GTK_JUSTIFY_LEFT);
gtk_box_pack_start(GTK_BOX(hbox), pixmapwid, FALSE, FALSE, 0);
gtk_widget_show(pixmapwid);
gtk_box_pack_start(GTK_BOX(hbox), label, FALSE, FALSE, 5);
gtk_widget_show(label);
return hbox;
}
GtkWidget * report_to_tree(arglist, window)
struct arglist * arglist;
GtkWidget * window;
{
GtkWidget * tree;
int count = MAX_ITEMS_IN_LIST;
tree = gtk_tree_new();
if(arglist_length(arglist) > count)
show_warning(TOO_MANY_ITEMS);
while(arglist && arglist->next && count--)
{
GtkWidget * tree_item;
GtkWidget * label;
GtkWidget * subtree;
tree_item = gtk_tree_item_new();
/*
* Make label here
*/
label = report_build_label(arglist->name, window, is_there_any_hole(arglist->value));
gtk_container_add(GTK_CONTAINER(tree_item), label);
gtk_widget_show(label);
gtk_tree_append(GTK_TREE(tree), tree_item);
if((subtree = findings_to_tree(arglist->value, window)))
{
gtk_tree_item_set_subtree(GTK_TREE_ITEM(tree_item), subtree);
gtk_widget_show(subtree);
}
gtk_tree_item_expand(GTK_TREE_ITEM(tree_item));
gtk_tree_item_collapse(GTK_TREE_ITEM(tree_item));
gtk_widget_show(tree_item);
arglist = arglist->next;
}
return(tree);
}
#endif
/* reports back the highest number */
int is_there_any_hole(arglist)
struct arglist * arglist;
{
int ret = 0;
/* Pluto 25.6.00: with three level of return, real sort */
while(arglist && arglist->next && (ret!=HOLE_PRESENT))
{
int tmp = 0;
int tmp2 = 0;
if(!arglist->name)
{
arglist = arglist->next;
continue;
}
if(!strcmp(arglist->name, "REPORT"))tmp2 = HOLE_PRESENT;
else if(!strcmp(arglist->name, "INFO"))tmp2 = WARNING_PRESENT;
else if(!strcmp(arglist->name, "NOTE"))tmp2 = NOTE_PRESENT;
/*
* Check in the sublist
*/
if(arglist->type == ARG_ARGLIST)tmp = is_there_any_hole(arglist->value);
if(tmp >= tmp2)tmp2 = tmp;
if(tmp2 >= ret)ret = tmp2;
arglist = arglist->next;
}
return(ret);
}
#ifdef USE_GTK
/*
* Main function of the holes reporter
*/
void
report_tests(hosts, interrupted_test)
struct arglist * hosts;
int interrupted_test;
{
gtk_widget_show(arg_get_value(MainDialog, "WINDOW"));
#ifdef ENABLE_SAVE_TESTS
if(comm_server_restores_sessions(Prefs))
{
harglst * oldSessions = Sessions;
Sessions = comm_get_sessions();
prefs_dialog_target_fill_sessions(arg_get_value(MainDialog, "TARGET"),
Sessions);
if(oldSessions)harg_close_all(oldSessions);
}
#endif
hosts = sort_dangerous_hosts(hosts);
create_report_window(hosts, interrupted_test);
}
/*
* Opens the report
*/
void open_report(GtkWidget * dontcare, GtkWidget *nsr)
{
int be = backend_import_report(gtk_file_selection_get_filename(GTK_FILE_SELECTION(nsr)));
if(be >= 0)report_tests_ng(be, 0);
}
/*
* Menu selection to open the report
*/
void open_report_selectfile()
{
GtkWidget * nsr;
nsr = gtk_file_selection_new ("Load file");
/*
* CWD
*/
gtk_file_selection_set_filename (GTK_FILE_SELECTION(nsr), ".");
gtk_signal_connect (GTK_OBJECT (GTK_FILE_SELECTION (nsr)->ok_button),
"clicked", (GtkSignalFunc) open_report,(void *) nsr );
gtk_signal_connect_object (GTK_OBJECT (GTK_FILE_SELECTION(nsr)->ok_button),
"clicked", GTK_SIGNAL_FUNC (gtk_widget_destroy),
(gpointer) nsr);
gtk_signal_connect_object (GTK_OBJECT (GTK_FILE_SELECTION(nsr)->cancel_button),
"clicked", GTK_SIGNAL_FUNC (gtk_widget_destroy),
(gpointer) nsr);
gtk_widget_show(nsr);
}
/*
* Saves the report
*/
static void
save_report_ask(nul,menu)
GtkWidget * nul;
GtkWidget * menu;
{
GtkWidget * active;
GtkWidget * filew;
char * filename;
char * tmp;
char * hostname;
int value;
char * suffixes[] = {".nsr", ".html", ".txt", ".tex", "", ".xml"};
struct arglist * hosts;
active = gtk_menu_get_active(GTK_MENU(menu));
value = (int)gtk_object_get_data(GTK_OBJECT(active), "type");
hosts = gtk_object_get_data(GTK_OBJECT(menu), "hosts");
if(!hosts)
{
fprintf(stderr, "Error - NULL hosts in save_report_ask()\n");
return ;
}
if(value < 0)value = 0;
if(value > SAVE_MAX)value = SAVE_MAX;
hostname = emalloc(strlen(hosts->name)+1);
strncpy(hostname, hosts->name, strlen(hosts->name));
while((tmp = strchr(hostname, '.')))tmp[0]='_';
filename = emalloc(strlen(hosts->name)+7);
sprintf(filename, "%s%s", hostname, suffixes[value]);
efree(&hostname);
filew = gtk_file_selection_new ("Save file");
gtk_object_set_data(GTK_OBJECT(filew), "type", (void*)value);
gtk_object_set_data(GTK_OBJECT(filew), "hosts", hosts);
gtk_signal_connect (GTK_OBJECT (GTK_FILE_SELECTION (filew)->ok_button),
"clicked", (GtkSignalFunc) save_report, filew );
gtk_signal_connect /*_object*/ (GTK_OBJECT (GTK_FILE_SELECTION
(filew)->cancel_button),
"clicked", (GtkSignalFunc)close_window, (void *)filew);
gtk_file_selection_set_filename (GTK_FILE_SELECTION(filew), filename);
gtk_widget_show(filew);
}
/*
* save_report
*
* this function is called when the user
* clicks on the 'save' item of the file
* menu...
*/
static void
save_report(nul,filew)
GtkWidget * nul;
GtkWidget * filew;
{
char * fname = gtk_file_selection_get_filename(GTK_FILE_SELECTION(filew));
int type = (int)gtk_object_get_data(GTK_OBJECT(filew), "type");
struct arglist * hosts = gtk_object_get_data(GTK_OBJECT(filew), "hosts");
gtk_widget_hide(filew);
hosts = sort_dangerous_hosts(hosts);
switch(type)
{
case SAVE_HTML :
arglist_to_html(hosts, fname);
break;
case SAVE_XML :
arglist_to_xml(hosts, fname);
break;
case SAVE_LATEX :
arglist_to_latex(hosts, fname);
break;
case SAVE_TEXT :
arglist_to_text(hosts, fname);
break;
#ifndef _NO_PIES
case SAVE_HTML_GRAPH :
arglist_to_html_graph(hosts, fname);
break;
#endif /* _NO_PIES */
case SAVE_NSR:
default :
arglist_to_file(hosts, fname);
break;
}
arg_free(hosts);
gtk_widget_destroy(filew);
}
#endif
struct arglist *log_to_arglist(char *fname)
{
harglst * hhosts;
hargwalk * hw;
FILE * fd = fopen(fname, "r");
char buf[65535];
char * current_hostname = NULL;
struct arglist* current_host = NULL;
struct arglist * nhosts = NULL;
char * key;
int line = 0, i;
if(!fd)
{
perror("fopen ");
return NULL;
}
hhosts = harg_create(65000);
bzero(buf, sizeof(buf));
while(fgets(buf, sizeof(buf) - 1, fd) && !feof(fd))
{
char * buffer = NULL;
struct arglist * host = NULL;
struct arglist * ports = NULL;
struct arglist * port = NULL;
struct arglist * content = NULL;
char * hostname;
char * t;
char * t2;
//char * id = NULL;
line++;
/* remove trailing \n */
buf[strlen(buf) - 1] = '\0';
for (i=0; i<strlen(buf); i++) {
if (buf[i] == ';') buf[i] = '\n';
}
/* skip lines that are not <results> */
if(strncmp(buf, "results", strlen("results")))
continue;
t = strchr(buf, '|');
if(!t)goto parse_error;
//t = strchr(t+1, '|');
//if(!t)goto parse_error;
hostname = &(t[1]);
t = strchr(t+1, '|');
if(!t)goto parse_error;
t[0] = '\0';
if(!current_hostname || strcmp(current_hostname, hostname))
{
host = harg_get_ptr(hhosts, hostname);
if(!host)
{
current_host = host = emalloc(sizeof(struct arglist));
if(current_hostname)efree(¤t_hostname);
current_hostname = estrdup(hostname);
harg_add_ptr(hhosts, hostname, host);
}
else
{
current_host = host;
if(current_hostname)efree(¤t_hostname);
current_hostname = estrdup(hostname);
}
}else
{
host = current_host;
}
t+=sizeof(char);
/*
* <port (num/proto)>|<script id>|<REPORT|INFO|NOTE>|<data>
* ^ ^
* t is here NULL
*/
t2 = strchr(t, '|');
if(t2){
t2[0]='\0';
}
buffer = strdup(t);
ports = arg_get_value(host, "PORTS");
if(!ports)
{
ports = emalloc(sizeof(struct arglist));
arg_add_value(host, "PORTS", ARG_ARGLIST, -1, ports);
}
port = arg_get_value(ports, buffer);
if(!port)
{
port = emalloc(sizeof(struct arglist));
arg_add_value(ports, buffer, ARG_ARGLIST, -1, port);
}
arg_add_value(port, "STATE", ARG_INT, sizeof(int), (void*)1);
efree(&buffer);
if(!t2 || !t2[1]){
bzero(buf, sizeof (buf));
continue; /* port is open, that's all. */
}
t = t2+sizeof(char);
/*
*
*/
/*t2 = t;
t = strchr(t2, '|');
if(!t)continue;
t[0]='\0';
if(atoi(t2) > 1000){
id = strdup(t2);
}
else id = strdup("0");
t+=sizeof(char);*/
t2 = strchr(t, '|');
if(!t2)continue;
t2[0]=0;
if(!strcmp(t, "NOTE"))//"Security Note"))
buffer = estrdup("NOTE");
else if(!strcmp(t, "INFO"))//"Security Warning"))
buffer = estrdup("INFO");
else if(!strcmp(t, "HOLE"))//"Security Hole"))
buffer = estrdup("REPORT");
else
buffer = estrdup("NOTE");
content = arg_get_value(port, buffer);
if(!content)
{
content = emalloc(sizeof(struct arglist));
arg_add_value(port, buffer, ARG_ARGLIST, -1, content);
}
efree(&buffer);
t2+=sizeof(char);
buffer = rmslashes(t2);
arg_add_value(content, "content", ARG_STRING, strlen(buffer),buffer);
//arg_add_value(content, id, ARG_STRING, strlen(buffer),buffer);
//efree(&id);
bzero(buf, sizeof(buf));
continue;
parse_error:
bzero(buf, sizeof(buf));
fprintf(stderr, "Parse error line <%d>\n", line);
}
fclose(fd);
/*
* harglist -> arglist conversion
*/
hw = harg_walk_init(hhosts);
nhosts = emalloc(sizeof(struct arglist));
while((key = (char*)harg_walk_next(hw)))
{
struct arglist * new = emalloc(sizeof(struct arglist));
struct arglist * h = harg_get_ptr(hhosts, key);
new->name = strdup(key);
new->type = ARG_ARGLIST;
new->length = -1;
new->value = h;
new->next = nhosts;
nhosts = new;
}
/*harg_walk_stop(hw);*/
harg_close(hhosts);
return nhosts;
}
void save_report(char *fname, int type, struct arglist * hosts)
{
hosts = sort_dangerous_hosts(hosts);
switch(type)
{
case SAVE_HTML :
arglist_to_html(hosts, fname);
break;
case SAVE_XML :
arglist_to_xml(hosts, fname);
break;
case SAVE_LATEX :
//arglist_to_latex(hosts, fname);
break;
case SAVE_TEXT :
arglist_to_text(hosts, fname);
break;
#ifndef _NO_PIES
case SAVE_HTML_GRAPH :
//arglist_to_html_graph(hosts, fname);
break;
#endif /* _NO_PIES */
case SAVE_NSR:
default :
arglist_to_file(hosts, fname);
break;
}
arg_free(hosts);
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -