github_mirrors/openappsec
3
0
Fork 1
mirror of https://github.com/openappsec/openappsec.git synced 2025-09-29 19:24:26 +03:00
Code Issues Packages Projects Releases Wiki Activity

Aug_23_2023-Dev

Browse Source
This commit is contained in:
Ned Wright
2023-08-23 14:15:32 +00:00
parent 702c1184ea
commit b25fd8def5
115 changed files with 8292 additions and 1189 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
components/security_apps/orchestration/details_resolver/details_resolver.cc
View File

@@ -131,7 +131,7 @@ DetailsResolver::Impl::isReverseProxy()
return is_reverse_proxy.unpack().front() == '1';
}
#endif
return false;
return getenv("DOCKER_RPM_ENABLED") && getenv("DOCKER_RPM_ENABLED") == string("true");
}
bool

77
components/security_apps/orchestration/details_resolver/details_resolver_handlers/checkpoint_product_handlers.h
View File

@@ -125,44 +125,54 @@ getMgmtObjName(shared_ptr<istream> file_stream)
}
Maybe<string>
getGWIPAddress(shared_ptr<istream> file_stream)
getGWHardware(const string &command_output)
{
return getMgmtObjAttr(file_stream, "ipaddr ");
}
Maybe<string>
getGWHardware(shared_ptr<istream> file_stream)
{
Maybe<string> val = getMgmtObjAttr(file_stream, "appliance_type ");
if(val.ok()) {
if (val == string("software")) return string("Open server");
if (val == string("Maestro Gateway")) return string("Maestro");
if (!command_output.empty()) {
if (command_output == "software") return string("Open server");
if (command_output == "Maestro Gateway") return string("Maestro");
return string(command_output);
}
return val;
return genError("GW Hardware was not found");
}
Maybe<string>
getGWApplicationControlBlade(shared_ptr<istream> file_stream)
getAttr(const string &command_output, const string &error)
{
return getMgmtObjAttr(file_stream, "application_firewall_blade ");
if (!command_output.empty()) {
return string(command_output);
}
return genError(error);
}
Maybe<string>
getGWURLFilteringBlade(shared_ptr<istream> file_stream)
getGWApplicationControlBlade(const string &command_output)
{
return getMgmtObjAttr(file_stream, "advanced_uf_blade ");
return getAttr(command_output, "Application Control Blade was not found");
}
Maybe<string>
getGWIPSecVPNBlade(shared_ptr<istream> file_stream)
getGWURLFilteringBlade(const string &command_output)
{
return getMgmtObjAttr(file_stream, "VPN_1 ");
return getAttr(command_output, "URL Filtering Blade was not found");
}
Maybe<string>
getGWVersion(shared_ptr<istream> file_stream)
getGWIPSecVPNBlade(const string &command_output)
{
return getMgmtObjAttr(file_stream, "svn_version_name ");
return getAttr(command_output, "IPSec VPN Blade was not found");
}
Maybe<string>
getGWIPAddress(const string &command_output)
{
return getAttr(command_output, "IP Address was not found");
}
Maybe<string>
getGWVersion(const string &command_output)
{
return getAttr(command_output, "GW Version was not found");
}
Maybe<string>
@@ -190,6 +200,33 @@ getSmbObjectName(const string &command_output)
return getMgmtObjAttr(ifs, "name ");
}
Maybe<string>
getSmbBlade(const string &command_output, const string &error)
{
if (command_output.front() == '1') return string("installed");
if (command_output.front() == '0') return string("not-installed");
return genError(error);
}
Maybe<string>
getSmbGWApplicationControlBlade(const string &command_output)
{
return getSmbBlade(command_output, "Application Control Blade was not found");
}
Maybe<string>
getSmbGWURLFilteringBlade(const string &command_output)
{
return getSmbBlade(command_output, "URL Filterin Blade was not found");
}
Maybe<string>
getSmbGWIPSecVPNBlade(const string &command_output)
{
return getSmbBlade(command_output, "IPSec VPN Blade was not found");
}
Maybe<string>
getMgmtParentObjAttr(shared_ptr<istream> file_stream, const string &parent_obj, const string &attr)
{

93
components/security_apps/orchestration/details_resolver/details_resolver_handlers/details_resolver_impl.h
View File

@@ -31,16 +31,50 @@
#if defined(gaia) || defined(smb)
SHELL_CMD_HANDLER("cpProductIntegrationMgmtObjectType", "cpprod_util CPPROD_IsMgmtMachine", getMgmtObjType)
SHELL_CMD_HANDLER("hasSDWan", "[ -f $FWDIR/bin/sdwan_steering ] && echo '1' || echo '0'", checkHasSDWan)
SHELL_CMD_HANDLER("canUpdateSDWanData", "cpsdwan get_data | jq -r .can_update_sdwan_data", checkCanUpdateSDWanData)
SHELL_CMD_HANDLER(
"canUpdateSDWanData",
"CPSDWAN_NOLOGS=1 cpsdwan get_data -f can_update_sdwan_data | jq -r .can_update_sdwan_data",
checkCanUpdateSDWanData
)
SHELL_CMD_HANDLER(
"isSdwanRunning",
"[ -v $(pidof cp-nano-sdwan) ] && echo 'false' || echo 'true'",
checkIfSdwanRunning)
SHELL_CMD_HANDLER(
"IP Address",
"cpsdwan get_data | jq -r .main_ip",
getGWIPAddress
)
SHELL_CMD_HANDLER(
"Version",
"cat /etc/cp-release | grep -oE 'R[0-9]+(\\.[0-9]+)?'",
getGWVersion
)
#endif //gaia || smb
#if defined(gaia)
SHELL_CMD_HANDLER("hasSupportedBlade", "enabled_blades", checkHasSupportedBlade)
SHELL_CMD_HANDLER("hasSamlPortal", "mpclient status saml-vpn", checkSamlPortal)
SHELL_CMD_HANDLER(
"Hardware",
"cat $FWDIR/database/myself_objects.C | awk -F '[:()]' '/:appliance_type/ {print $3}' | head -n 1",
getGWHardware
)
SHELL_CMD_HANDLER(
"Application Control",
"cat $FWDIR/database/myself_objects.C | awk -F '[:()]' '/:application_firewall_blade/ {print $3}' | head -n 1",
getGWApplicationControlBlade
)
SHELL_CMD_HANDLER(
"URL Filtering",
"cat $FWDIR/database/myself_objects.C | awk -F '[:()]' '/:advanced_uf_blade/ {print $3}' | head -n 1",
getGWURLFilteringBlade
)
SHELL_CMD_HANDLER(
"IPSec VPN",
"cat $FWDIR/database/myself_objects.C | awk -F '[:()]' '/:VPN_1/ {print $3}' | head -n 1",
getGWIPSecVPNBlade
)
#endif //gaia
#if defined(smb)
@@ -59,6 +93,21 @@ SHELL_CMD_HANDLER(
"cpprod_util FwIsLocalMgmt",
getSmbObjectName
)
SHELL_CMD_HANDLER(
"Application Control",
"cat $FWDIR/conf/active_blades.txt | grep -o 'APCL [01]' | cut -d ' ' -f2",
getSmbGWApplicationControlBlade
)
SHELL_CMD_HANDLER(
"URL Filtering",
"cat $FWDIR/conf/active_blades.txt | grep -o 'URLF [01]' | cut -d ' ' -f2",
getSmbGWURLFilteringBlade
)
SHELL_CMD_HANDLER(
"IPSec VPN",
"cat $FWDIR/conf/active_blades.txt | grep -o 'IPS [01]' | cut -d ' ' -f2",
getSmbGWIPSecVPNBlade
)
#endif//smb
SHELL_CMD_OUTPUT("kernel_version", "uname -r")
@@ -73,17 +122,6 @@ SHELL_CMD_OUTPUT("helloWorld", "cat /tmp/agentHelloWorld 2>/dev/null")
#if defined(gaia)
FILE_CONTENT_HANDLER("hasIdpConfigured", "/opt/CPSamlPortal/phpincs/spPortal/idpPolicy.xml", checkIDP)
FILE_CONTENT_HANDLER(
"cpProductIntegrationMgmtParentObjectUid",
(getenv("FWDIR") ? string(getenv("FWDIR")) : "") + "/database/myself_objects.C",
getMgmtParentObjUid
)
FILE_CONTENT_HANDLER(
"cpProductIntegrationMgmtParentObjectName",
(getenv("FWDIR") ? string(getenv("FWDIR")) : "") + "/database/myself_objects.C",
getMgmtParentObjName
)
FILE_CONTENT_HANDLER(
"cpProductIntegrationMgmtObjectName",
(getenv("FWDIR") ? string(getenv("FWDIR")) : "") + "/database/myown.C",
@@ -101,37 +139,6 @@ FILE_CONTENT_HANDLER(
(getenv("FWDIR") ? string(getenv("FWDIR")) : "") + "/database/myown.C",
getMgmtObjUid
)
FILE_CONTENT_HANDLER(
"IP Address",
(getenv("FWDIR") ? string(getenv("FWDIR")) : "") + "/database/myself_objects.C",
getGWIPAddress
)
FILE_CONTENT_HANDLER(
"Hardware",
(getenv("FWDIR") ? string(getenv("FWDIR")) : "") + "/database/myself_objects.C",
getGWHardware
)
FILE_CONTENT_HANDLER(
"Application Control",
(getenv("FWDIR") ? string(getenv("FWDIR")) : "") + "/database/myself_objects.C",
getGWApplicationControlBlade
)
FILE_CONTENT_HANDLER(
"URL Filtering",
(getenv("FWDIR") ? string(getenv("FWDIR")) : "") + "/database/myself_objects.C",
getGWURLFilteringBlade
)
FILE_CONTENT_HANDLER(
"IPSec VPN",
(getenv("FWDIR") ? string(getenv("FWDIR")) : "") + "/database/myself_objects.C",
getGWIPSecVPNBlade
)
FILE_CONTENT_HANDLER(
"Version",
(getenv("FWDIR") ? string(getenv("FWDIR")) : "") + "/database/myself_objects.C",
getGWVersion
)
#else // !(gaia || smb)
FILE_CONTENT_HANDLER("os_release", "/etc/os-release", getOsRelease)
#endif // gaia || smb