dependency.setName(lib.getName()); dependency.setVersion(libraryResult.getDetectedVersion()); dependency.addEvidence(EvidenceType.VERSION, "file", "version", libraryResult.getDetectedVersion(), Confidence.HIGH); dependency.addEvidence(EvidenceType.PRODUCT, "file", "name", libraryResult.getLibrary().getName(), Confidence.HIGH); switch (key) { case "issue": individualVuln.setName(libraryResult.getLibrary().getName() + " issue: " + value.get(0)); individualVuln.addReference(key, key, value.get(0)); break; case "bug": individualVuln.setName(libraryResult.getLibrary().getName() + " bug: " + value.get(0)); individualVuln.addReference(key, key, value.get(0)); break;
JSONObject libJson = rootJson.getJSONObject(key); JsLibrary lib = new JsLibrary(); lib.setName(key); new HashMap<String,List<String>>(); String severity = vuln.has("severity") ? vuln.getString("severity") : "medium"; lib.getVulnerabilities().add(new JsVulnerability(atOrAbove, below, info,identifiers,severity)); lib.setFunctions(objToStringList(extractor.get("func"), false)); if (extractor.has("filename")) lib.setFilename(objToStringList(extractor.get("filename"), true)); if (extractor.has("filecontent")) lib.setFileContents(objToStringList(extractor.get("filecontent"), true)); if (extractor.has("hashes")) lib.setHashes(objToStringMap(extractor.get("hashes"))); if (extractor.has("uri")) lib.setUris(objToStringList(extractor.get("uri"), true));
/** * * @param hash Hash of the file to search * @return The list of vulnerable libraries found */ public List<JsLibraryResult> findByHash(String hash) { List<JsLibraryResult> res = new ArrayList<JsLibraryResult>(); for(JsLibrary lib : jsLibrares) { if(lib.getHashes()== null) { continue; } String version = lib.getHashes().get(hash); if(version != null) { //Pattern match Log.debug("Hash found \""+hash+"\" !"); Log.debug("Identify the library "+lib.getName()+" (version:"+version+")"); findVersionVulnerable(lib,version,res,null,null); return res; //Only one hash can match the file } } return res; }
/** * This search mode will look for literal string specific to the vulnerable libraries. * @param scriptContent Complete content of the script * @return The list of vulnerable libraries found */ public List<JsLibraryResult> findByFileContent(String scriptContent) { String scriptStart = scriptContent.substring(0,Math.min(20,scriptContent.length())).replace("\n",""); Log.debug("Analysing the content: \""+scriptStart+"[..]\""); long before = System.currentTimeMillis(); List<JsLibraryResult> res = new ArrayList<JsLibraryResult>(); libLoop: for(JsLibrary lib : jsLibrares) { if(lib.getFileContents()== null) { continue; } for(String contentRegex : lib.getFileContents()) { //Extract version Pattern p = Pattern.compile(contentRegex); String version = RegexUtil.simpleMatch(p,scriptContent); if(version != null) { //Pattern match Log.debug("Pattern match \""+contentRegex+"\" !"); Log.debug("Identify the library "+lib.getName()+" (version:"+version+")"); findVersionVulnerable(lib,version,res,null,contentRegex); continue libLoop; } } } long delta = System.currentTimeMillis()-before; Log.debug("It took ~"+ (int)(delta/1000.0) +" sec. (" + delta + " ms) to scan"); return res; }
/** * This search mode will identify the library by there filename. (official distribution filename) * @param filename Filename taken from an URI * @return The list of vulnerable libraries found */ public List<JsLibraryResult> findByFilename(String filename) { Log.debug("Analysing filename: \""+filename+"\""); long before = System.currentTimeMillis(); List<JsLibraryResult> res = new ArrayList<JsLibraryResult>(); libLoop: for(JsLibrary lib : jsLibrares) { if(lib.getFilename()== null) { continue; } for(String filenameRegex : lib.getFilename()) { //Extract version Pattern p = Pattern.compile(filenameRegex); String version = RegexUtil.simpleMatch(p,filename); if(version != null) { //Pattern match Log.debug("Pattern match \""+filenameRegex+"\" !"); Log.debug("Identify the library "+lib.getName()+" (version:"+version+")"); findVersionVulnerable(lib,version,res,filenameRegex,null); continue libLoop; } } } long delta = System.currentTimeMillis()-before; Log.debug("It took ~"+(int)(delta/1000.0)+" sec. ("+delta+" ms) to scan"); return res; }
private void findVersionVulnerable(JsLibrary lib,String version,List<JsLibraryResult> resultsFound,String regexRequest,String regexResponse) { //Look for vulnerability affecting this specific version.. for(JsVulnerability vuln : lib.getVulnerabilities()) { if(CompareVersionUtil.isUnder(version,vuln.getBelow())) { if(vuln.getAtOrAbove() == null || CompareVersionUtil.atOrAbove(version,vuln.getAtOrAbove())) { Log.info(String.format("Vulnerability found: %s below %s", lib.getName(), vuln.getBelow())); resultsFound.add(new JsLibraryResult(lib,vuln,version,regexRequest,regexResponse)); } } } } }
dependency.setName(lib.getName()); dependency.setVersion(libraryResult.getDetectedVersion()); dependency.addEvidence(EvidenceType.VERSION, "file", "version", libraryResult.getDetectedVersion(), Confidence.HIGH); dependency.addEvidence(EvidenceType.PRODUCT, "file", "name", libraryResult.getLibrary().getName(), Confidence.HIGH); switch (key) { case "issue": individualVuln.setName(libraryResult.getLibrary().getName() + " issue: " + value.get(0)); individualVuln.addReference(key, key, value.get(0)); break; case "bug": individualVuln.setName(libraryResult.getLibrary().getName() + " bug: " + value.get(0)); individualVuln.addReference(key, key, value.get(0)); break;