Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(detector/cve): new support for fortinet data feed #1736

Merged
merged 1 commit into from
Sep 25, 2023
Merged

feat(detector/cve): new support for fortinet data feed #1736

merged 1 commit into from
Sep 25, 2023

Conversation

MaineK00n
Copy link
Collaborator

@MaineK00n MaineK00n commented Sep 20, 2023
edited
Loading

What did you implement:

new support for fortinet data feed in go-cve-dictionary

Type of change

  • New feature (non-breaking change which adds functionality)

How Has This Been Tested?

$ cat config.toml
...

[servers]
[servers.fortios]
type = "pseudo"
cpeNames = [
    "cpe:/o:fortinet:fortios:4.3.0",
]

$ vuls scan

// rdb
$ vuls report -refresh-cve
[Sep 20 22:19:04]  INFO [localhost] vuls-v0.23.3-build-20230920_215036_ed79ced
[Sep 20 22:19:04]  INFO [localhost] Validating config...
[Sep 20 22:19:04]  INFO [localhost] cveDict.type=sqlite3, cveDict.url=, cveDict.SQLite3Path=/home/vuls/cve.sqlite3
[Sep 20 22:19:04]  INFO [localhost] ovalDict.type=sqlite3, ovalDict.url=, ovalDict.SQLite3Path=/home/vuls/oval.sqlite3
[Sep 20 22:19:04]  INFO [localhost] gost.type=sqlite3, gost.url=, gost.SQLite3Path=/home/vuls/gost.sqlite3
[Sep 20 22:19:04]  INFO [localhost] exploit.type=sqlite3, exploit.url=, exploit.SQLite3Path=/home/vuls/go-exploitdb.sqlite3
[Sep 20 22:19:04]  INFO [localhost] metasploit.type=sqlite3, metasploit.url=, metasploit.SQLite3Path=/home/vuls/go-msfdb.sqlite3
[Sep 20 22:19:04]  INFO [localhost] kevuln.type=sqlite3, kevuln.url=, kevuln.SQLite3Path=/home/vuls/go-kev.sqlite3
[Sep 20 22:19:04]  INFO [localhost] cti.type=sqlite3, cti.url=, cti.SQLite3Path=/home/vuls/go-cti.sqlite3
[Sep 20 22:19:04]  INFO [localhost] Loaded: /home/vuls/results/2023-09-20T18-23-22+0900
[Sep 20 22:19:04]  INFO [localhost] pseudo type. Skip OVAL and gost detection
[Sep 20 22:19:06]  INFO [localhost] fortios: 70 CVEs are detected with CPE
[Sep 20 22:19:07]  INFO [localhost] fortios: 7 PoC are detected
[Sep 20 22:19:07]  INFO [localhost] fortios: 1 exploits are detected
[Sep 20 22:19:07]  INFO [localhost] fortios: Known Exploited Vulnerabilities are detected for 4 CVEs
[Sep 20 22:19:10]  INFO [localhost] fortios: Cyber Threat Intelligences are detected for 48 CVEs
[Sep 20 22:19:10]  INFO [localhost] fortios: total 70 CVEs detected
[Sep 20 22:19:10]  INFO [localhost] fortios: 0 CVEs filtered by --confidence-over=80
fortios (pseudo)
================
Total: 70 (Critical:6 High:25 Medium:36 Low:1 ?:2)
0/0 Fixed, 13 poc, 1 exploits, cisa: 4, uscert: 4, jpcert: 1 alerts
0 installed

+----------------+------+--------+-----+-----------+---------+-------------------------------+
|     CVE-ID     | CVSS | ATTACK | POC |   ALERT   |  FIXED  |           PACKAGES            |
+----------------+------+--------+-----+-----------+---------+-------------------------------+
| CVE-2016-10166 |  9.8 |  AV:N  |     |           |         | cpe:/o:fortinet:fortios:4.3.0 |
+----------------+------+--------+-----+-----------+---------+-------------------------------+
| CVE-2016-1909  |  9.8 |  AV:N  | POC |           |         | cpe:/o:fortinet:fortios:4.3.0 |
+----------------+------+--------+-----+-----------+---------+-------------------------------+
| CVE-2016-6909  |  9.8 |  AV:N  | POC |           |         | cpe:/o:fortinet:fortios:4.3.0 |
+----------------+------+--------+-----+-----------+---------+-------------------------------+
...

// redis
$ vuls report -refresh-cve
[Sep 20 22:33:55]  INFO [localhost] vuls-v0.23.3-build-20230920_215036_ed79ced
[Sep 20 22:33:55]  INFO [localhost] Validating config...
[Sep 20 22:33:55]  INFO [localhost] cveDict.type=redis, cveDict.url=redis://127.0.0.1:6379/1, cveDict.SQLite3Path=
[Sep 20 22:33:55]  INFO [localhost] ovalDict.type=sqlite3, ovalDict.url=, ovalDict.SQLite3Path=/home/vuls/oval.sqlite3
[Sep 20 22:33:55]  INFO [localhost] gost.type=sqlite3, gost.url=, gost.SQLite3Path=/home/vuls/gost.sqlite3
[Sep 20 22:33:55]  INFO [localhost] exploit.type=sqlite3, exploit.url=, exploit.SQLite3Path=/home/vuls/go-exploitdb.sqlite3
[Sep 20 22:33:55]  INFO [localhost] metasploit.type=sqlite3, metasploit.url=, metasploit.SQLite3Path=/home/vuls/go-msfdb.sqlite3
[Sep 20 22:33:55]  INFO [localhost] kevuln.type=sqlite3, kevuln.url=, kevuln.SQLite3Path=/home/vuls/go-kev.sqlite3
[Sep 20 22:33:55]  INFO [localhost] cti.type=sqlite3, cti.url=, cti.SQLite3Path=/home/vuls/go-cti.sqlite3
[Sep 20 22:33:55]  INFO [localhost] Loaded: /home/vuls/results/2023-09-20T18-23-22+0900
[Sep 20 22:33:55]  INFO [localhost] pseudo type. Skip OVAL and gost detection
[Sep 20 22:33:55]  INFO [localhost] fortios: 70 CVEs are detected with CPE
[Sep 20 22:33:56]  INFO [localhost] fortios: 7 PoC are detected
[Sep 20 22:33:56]  INFO [localhost] fortios: 1 exploits are detected
[Sep 20 22:33:56]  INFO [localhost] fortios: Known Exploited Vulnerabilities are detected for 4 CVEs
[Sep 20 22:34:00]  INFO [localhost] fortios: Cyber Threat Intelligences are detected for 48 CVEs
[Sep 20 22:34:00]  INFO [localhost] fortios: total 70 CVEs detected
[Sep 20 22:34:00]  INFO [localhost] fortios: 0 CVEs filtered by --confidence-over=80
fortios (pseudo)
================
Total: 70 (Critical:5 High:24 Medium:37 Low:1 ?:3)
0/0 Fixed, 13 poc, 1 exploits, cisa: 4, uscert: 4, jpcert: 0 alerts
0 installed

+----------------+------+--------+-----+-----------+---------+-------------------------------+
|     CVE-ID     | CVSS | ATTACK | POC |   ALERT   |  FIXED  |           PACKAGES            |
+----------------+------+--------+-----+-----------+---------+-------------------------------+
| CVE-2016-10166 |  9.8 |  AV:N  |     |           |         | cpe:/o:fortinet:fortios:4.3.0 |
+----------------+------+--------+-----+-----------+---------+-------------------------------+
| CVE-2016-1909  |  9.8 |  AV:N  | POC |           |         | cpe:/o:fortinet:fortios:4.3.0 |
+----------------+------+--------+-----+-----------+---------+-------------------------------+
| CVE-2016-6909  |  9.8 |  AV:N  | POC |           |         | cpe:/o:fortinet:fortios:4.3.0 |
+----------------+------+--------+-----+-----------+---------+-------------------------------+
...

Checklist:

You don't have to satisfy all of the following.

  • Write tests
  • Write documentation
  • Check that there aren't other open pull requests for the same issue/feature
  • Format your source code by make fmt
  • Pass the test by make test
  • Provide verification config / commands
  • Enable "Allow edits from maintainers" for this PR
  • Update the messages below

Is this ready for review?: YES

Reference

@MaineK00n MaineK00n self-assigned this Sep 20, 2023
@MaineK00n MaineK00n force-pushed the MaineK00n/go-cve-dictionary-fortinet branch from ed79ced to a02a21e Compare September 20, 2023 14:15
@MaineK00n MaineK00n force-pushed the MaineK00n/go-cve-dictionary-fortinet branch from a02a21e to 69a52af Compare September 25, 2023 07:11
@MaineK00n MaineK00n marked this pull request as ready for review September 25, 2023 07:18
@kotakanbe kotakanbe merged commit 78b52d6 into master Sep 25, 2023
@kotakanbe kotakanbe deleted the MaineK00n/go-cve-dictionary-fortinet branch September 25, 2023 07:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@MaineK00n MaineK00n

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@MaineK00n @kotakanbe