Merge pull request #11 from secureCodeBox/develop

Merge develop into master

Author: rfelber

.travis.yml

@@ -4,7 +4,7 @@ jobs:
           script: npm test
           language: node_js
           node_js:
-              - '8'
+              - '10'
         - stage: build docker image
           services:
               - docker

Dockerfile

@@ -12,6 +12,8 @@ RUN npm install --production
 
 COPY . /src
 
+HEALTHCHECK --interval=30s --timeout=5s --start-period=120s --retries=3 CMD node healthcheck.js || exit 1
+
 RUN addgroup -S nmap_group && adduser -S -g nmap_group nmap_user 
 
 USER nmap_user
@@ -40,4 +42,4 @@ LABEL org.opencontainers.image.title="secureCodeBox scanner-infrastructure-nmap"
     org.opencontainers.image.revision=$COMMIT_ID \
     org.opencontainers.image.created=$BUILD_DATE
 
-ENTRYPOINT [ "npm", "start" ]
+ENTRYPOINT [ "npm", "start" ]

README.md

@@ -1,4 +1,4 @@
-![Build Status](https://travis-ci.com/secureCodeBox/scanner-infrastructure-nmap.svg?token=2Rsf2E9Bq3FduSxRf6tz&branch=develop)
+[![Build Status](https://travis-ci.com/secureCodeBox/scanner-infrastructure-nmap.svg?branch=develop)](https://travis-ci.com/secureCodeBox/scanner-infrastructure-nmap)
 [![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)
 [![Known Vulnerabilities](https://snyk.io/test/github/secureCodeBox/scanner-infrastructure-nmap/badge.svg)](https://snyk.io/test/github/secureCodeBox/scanner-infrastructure-nmap)
 [![GitHub release](https://img.shields.io/github/release/secureCodeBox/scanner-infrastructure-nmap.svg)](https://github.com/secureCodeBox/scanner-infrastructure-nmap/releases/latest)

healthcheck.js

@@ -0,0 +1,12 @@
+try {
+
+	require('http').request('http://localhost:8080/status', response => {
+
+		// exit with error for any non 2xx status code
+		process.exit(response.statusCode >= 300 ? 1 : 0);
+
+	}).end();
+
+} catch (err) {
+	process.exit(1);
+}

package-lock.json

@@ -17,7 +17,7 @@
         "url": "git@github.com:secureCodeBox/scanner-infrastructure-nmap.git"
     },
     "dependencies": {
-        "@securecodebox/scanner-scaffolding": "^2.1.3",
+        "@securecodebox/scanner-scaffolding": "^2.2.0",
         "lodash": "^4.17.10",
         "node-nmap": "^4.0.0",
         "uuid": "^3.2.1"

package.json

@@ -18,6 +18,7 @@ Object {
         "operating_system": null,
         "port": 631,
         "protocol": "tcp",
+        "scripts": null,
         "service": "ipp",
       },
       "category": "Open Port",
@@ -39,6 +40,7 @@ Object {
         "operating_system": null,
         "port": 7778,
         "protocol": "tcp",
+        "scripts": null,
         "service": "interwise",
       },
       "category": "Open Port",
@@ -60,6 +62,7 @@ Object {
         "operating_system": null,
         "port": 8080,
         "protocol": "tcp",
+        "scripts": null,
         "service": "http-proxy",
       },
       "category": "Open Port",
@@ -81,6 +84,7 @@ Object {
         "operating_system": null,
         "port": 9200,
         "protocol": "tcp",
+        "scripts": null,
         "service": "wap-wsp",
       },
       "category": "Open Port",
@@ -102,6 +106,7 @@ Object {
         "operating_system": null,
         "port": 631,
         "protocol": "tcp",
+        "scripts": null,
         "service": "ipp",
       },
       "category": "Open Port",
@@ -123,6 +128,7 @@ Object {
         "operating_system": null,
         "port": 7778,
         "protocol": "tcp",
+        "scripts": null,
         "service": "interwise",
       },
       "category": "Open Port",
@@ -144,6 +150,7 @@ Object {
         "operating_system": null,
         "port": 8080,
         "protocol": "tcp",
+        "scripts": null,
         "service": "http-proxy",
       },
       "category": "Open Port",
@@ -165,6 +172,7 @@ Object {
         "operating_system": null,
         "port": 9200,
         "protocol": "tcp",
+        "scripts": null,
         "service": "wap-wsp",
       },
       "category": "Open Port",
@@ -197,6 +205,7 @@ Object {
         "operating_system": null,
         "port": 631,
         "protocol": "tcp",
+        "scripts": null,
         "service": "ipp",
       },
       "category": "Open Port",
@@ -218,6 +227,7 @@ Object {
         "operating_system": null,
         "port": 7778,
         "protocol": "tcp",
+        "scripts": null,
         "service": "interwise",
       },
       "category": "Open Port",
@@ -239,6 +249,7 @@ Object {
         "operating_system": null,
         "port": 8080,
         "protocol": "tcp",
+        "scripts": null,
         "service": "http-proxy",
       },
       "category": "Open Port",
@@ -260,6 +271,7 @@ Object {
         "operating_system": null,
         "port": 9200,
         "protocol": "tcp",
+        "scripts": null,
         "service": "wap-wsp",
       },
       "category": "Open Port",
@@ -294,6 +306,7 @@ Object {
         "operating_system": null,
         "port": 631,
         "protocol": "tcp",
+        "scripts": null,
         "service": "ipp",
       },
       "category": "Open Port",
@@ -315,6 +328,7 @@ Object {
         "operating_system": null,
         "port": 7778,
         "protocol": "tcp",
+        "scripts": null,
         "service": "interwise",
       },
       "category": "Open Port",
@@ -336,6 +350,7 @@ Object {
         "operating_system": null,
         "port": 8080,
         "protocol": "tcp",
+        "scripts": null,
         "service": "http-proxy",
       },
       "category": "Open Port",
@@ -357,6 +372,7 @@ Object {
         "operating_system": null,
         "port": 9200,
         "protocol": "tcp",
+        "scripts": null,
         "service": "wap-wsp",
       },
       "category": "Open Port",

src/__snapshots__/nmap.test.js.snap

@@ -16,11 +16,18 @@
  *  limitations under the License.
  * /
  */
+
+/**
+ * @typedef {{ id: string, name: string, description: string, osi_layer: string, reference: any, severity: string, attributes: { port: any, ip_address: any, mac_address: any, protocol: any, hostname: any, method: any, operating_system: any, service: any, scripts: [scriptname: string]: string }, hint: any, category: any, location: any }} Finding
+ */
+
 const _ = require('lodash');
 const uuid = require('uuid/v4');
 
 const portscan = require('../lib/portscan');
 
+const resultsXmlParser = require('./results-xml');
+
 function createFinding({
     id = uuid(),
     name,
@@ -56,6 +63,7 @@ function createFinding({
             method,
             operating_system,
             service,
+            scripts: null,
         },
         hint,
         category,
@@ -67,6 +75,7 @@ function createFinding({
  * Transforms the array of hosts into an array of open ports with host information included in each port entry.
  *
  * @param {array<host>} hosts An array of hosts
+ * @returns {Finding[]}
  */
 function transform(hosts) {
     return _.flatMap(hosts, ({ openPorts = [], ...hostInfo }) => {
@@ -89,6 +98,28 @@ function transform(hosts) {
     });
 }
 
+/**
+ *
+ * @param {{ ip: string, hostname: string, port: number, scriptOutputs: {[scriptName:string]:string} }} findingFromXml
+ * @param {Finding[]} findings
+ */
+function addScriptOutputsToFindings(findingFromXml, findings) {
+    var res = findings.find(
+        finding =>
+            finding.attributes.port === findingFromXml.port &&
+            finding.attributes.hostname === findingFromXml.hostname
+    );
+    if (res) {
+        if (res.attributes.scripts === null) {
+            res.attributes.scripts = findingFromXml.scriptOutputs;
+        } else {
+            Object.assign(res.attributes.scripts, findingFromXml.scriptOutputs);
+        }
+    } else {
+        console.warn('found script outputs for ports that are not in the findings');
+    }
+}
+
 function joinResults(results) {
     const findings = _.flatMap(results, result => result.findings);
     const rawFindings = _.map(results, result => result.raw);
@@ -110,9 +141,20 @@ async function worker(targets) {
             const { hosts, raw } = await portscan(location, parameter);
             const result = transform(hosts);
 
+            if (
+                typeof parameter === 'string' &&
+                (parameter.includes('--script=') || parameter.includes('-s'))
+            ) {
+                const findingsWithScriptOutput = await resultsXmlParser(raw);
+                findingsWithScriptOutput.forEach(xmlFinding =>
+                    addScriptOutputsToFindings(xmlFinding, result)
+                );
+            }
+
             results.push({ findings: result, raw });
         } catch (err) {
-            if (err.startsWith(`Failed to resolve "${location}".`) || err === '\n') {
+            var stringErr = extractErrorMessage(err);
+            if (stringErr.startsWith(`Failed to resolve "${location}".`) || stringErr === '\n') {
                 console.warn(err);
                 results.push({
                     findings: [
@@ -127,7 +169,7 @@ async function worker(targets) {
                     ],
                     raw: '',
                 });
-            } else if (err.startsWith('Error converting XML to JSON in xml2js')) {
+            } else if (stringErr.startsWith('Error converting XML to JSON in xml2js')) {
                 const error = new Error('Failed to transform nmap xml to json.');
                 error.name = 'TransformationError';
                 throw error;
@@ -141,5 +183,11 @@ async function worker(targets) {
     return joinResults(results);
 }
 
+function extractErrorMessage(err) {
+    if (err.message) return err.message;
+    if (err.toString) return err.toString();
+    return '' + err;
+}
+
 module.exports.transform = transform;
 module.exports.worker = worker;

src/nmap.js

@@ -102,6 +102,7 @@ describe('nmap', () => {
                     hostname: 'securebox',
                     mac_address: null,
                     operating_system: null,
+                    scripts: null,
                 },
             });
         });
@@ -151,6 +152,7 @@ describe('nmap', () => {
                         hostname: 'securebox',
                         mac_address: null,
                         operating_system: null,
+                        scripts: null,
                     },
                 },
                 {
@@ -172,6 +174,7 @@ describe('nmap', () => {
                         hostname: 'securebox',
                         mac_address: null,
                         operating_system: null,
+                        scripts: null,
                     },
                 },
             ]);
@@ -230,6 +233,7 @@ describe('nmap', () => {
                         hostname: 'securebox',
                         mac_address: null,
                         operating_system: null,
+                        scripts: null,
                     },
                 },
                 {
@@ -251,6 +255,7 @@ describe('nmap', () => {
                         hostname: 'test',
                         mac_address: null,
                         operating_system: null,
+                        scripts: null,
                     },
                 },
             ]);
@@ -337,6 +342,7 @@ describe('nmap', () => {
                             ip_address: null,
                             protocol: null,
                             service: null,
+                            scripts: null,
                             method: null,
                             hostname: 'foobar',
                             mac_address: null,