Skip to content

Commit

Permalink
Audit Report - Add vulnerable packages
Browse files Browse the repository at this point in the history
  • Loading branch information
csavelief committed Nov 11, 2024
1 parent 9d05527 commit c7031df
Show file tree
Hide file tree
Showing 3 changed files with 200 additions and 19 deletions.
21 changes: 19 additions & 2 deletions app/Models/YnhOsqueryPackage.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@
use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Database\Eloquent\Relations\BelongsTo;
use Illuminate\Support\Collection;

/**
* @property int id
Expand Down Expand Up @@ -40,13 +41,29 @@ class YnhOsqueryPackage extends Model
'cves' => 'array',
];

public static function vulnerablePackages(Collection $servers): Collection
{
return YnhOsqueryPackage::select(
'ynh_osquery_packages.*',
'ynh_cves.cve',
'ynh_cves.urgency',
'ynh_cves.fixed_version',
'ynh_cves.tracker',
)
->join('ynh_cves', 'ynh_cves.id', '=', 'ynh_osquery_packages.ynh_cve_id')
->whereIn('ynh_osquery_packages.ynh_server_id', $servers->pluck('id'))
->whereIn('ynh_cves.urgency', ['high', 'medium', 'low'])
->where('ynh_cves.status', 'resolved')
->get();
}

public function server(): BelongsTo
{
return $this->belongsTo(YnhServer::class);
return $this->belongsTo(YnhServer::class, 'ynh_server_id', 'id');
}

public function cve(): BelongsTo
{
return $this->belongsTo(YnhCve::class);
return $this->belongsTo(YnhCve::class, 'ynh_cve_id', 'id');
}
}
38 changes: 33 additions & 5 deletions app/Modules/AdversaryMeter/Mail/AuditReport.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
namespace App\Modules\AdversaryMeter\Mail;

use App\Models\YnhOsquery;
use App\Models\YnhOsqueryPackage;
use App\Models\YnhServer;
use App\Modules\AdversaryMeter\Models\Alert;
use App\Modules\AdversaryMeter\Models\Asset;
Expand All @@ -26,13 +27,16 @@ class AuditReport extends Mailable
private Collection $assetsDiscovered;
private Collection $events;
private Collection $metrics;
private Collection $vulnerablePackagesHigh;
private Collection $vulnerablePackagesMedium;
private Collection $vulnerablePackagesLow;

/**
* Create a new message instance.
*
* @return void
*/
public function __construct(Collection $events, Collection $metrics, Collection $alertsHigh, Collection $alertsMedium, Collection $alertsLow, Collection $assetsMonitored, Collection $assetsNotMonitored, Collection $assetsDiscovered)
public function __construct(Collection $events, Collection $metrics, Collection $alertsHigh, Collection $alertsMedium, Collection $alertsLow, Collection $assetsMonitored, Collection $assetsNotMonitored, Collection $assetsDiscovered, Collection $vulnerablePackages)
{
$this->events = $events;
$this->metrics = $metrics;
Expand All @@ -42,6 +46,15 @@ public function __construct(Collection $events, Collection $metrics, Collection
$this->assetsMonitored = $assetsMonitored;
$this->assetsNotMonitored = $assetsNotMonitored;
$this->assetsDiscovered = $assetsDiscovered;
$this->vulnerablePackagesHigh = $vulnerablePackages
->filter(fn(YnhOsqueryPackage $package) => $package->urgency === 'high')
->unique(fn($item) => $item->ynh_server_id . $item->package . $item->package_version . $item->fixed_version . $item->cve);
$this->vulnerablePackagesMedium = $vulnerablePackages
->filter(fn(YnhOsqueryPackage $package) => $package->urgency === 'medium')
->unique(fn($item) => $item->ynh_server_id . $item->package . $item->package_version . $item->fixed_version . $item->cve);
$this->vulnerablePackagesLow = $vulnerablePackages
->filter(fn(YnhOsqueryPackage $package) => $package->urgency === 'low')
->unique(fn($item) => $item->ynh_server_id . $item->package . $item->package_version . $item->fixed_version . $item->cve);
}

public static function create(): array
Expand All @@ -62,15 +75,17 @@ public static function create(): array
$assetsDiscovered = Asset::where('created_at', '>=', $cutOffTime)->orderBy('asset')->get();
$events = YnhOsquery::suspiciousEvents($servers, $cutOffTime);
$metrics = YnhOsquery::suspiciousMetrics($servers, $cutOffTime);
$vulnerablePackages = YnhOsqueryPackage::vulnerablePackages($servers);

return [
'is_empty' => $events->count() <= 0 &&
$metrics->count() <= 0 &&
$alerts->count() <= 0 &&
$assetsMonitored->count() <= 0 &&
$assetsNotMonitored->count() <= 0 &&
$assetsDiscovered->count() <= 0,
'report' => new AuditReport($events, $metrics, $alertsHigh, $alertsMedium, $alertsLow, $assetsMonitored, $assetsNotMonitored, $assetsDiscovered),
$assetsDiscovered->count() <= 0 &&
$vulnerablePackages->count() <= 0,
'report' => new AuditReport($events, $metrics, $alertsHigh, $alertsMedium, $alertsLow, $assetsMonitored, $assetsNotMonitored, $assetsDiscovered, $vulnerablePackages),
];
}

Expand Down Expand Up @@ -104,9 +119,19 @@ public function build()
$events .= ", ";
}
if ($this->alertsHigh->count() === 1) {
$events .= "{$this->alertsHigh->count()} vulnérabilité critique";
$events .= "{$this->alertsHigh->count()} service avec une vulnérabilité critique";
} else {
$events .= "{$this->alertsHigh->count()} vulnérabilités critiques";
$events .= "{$this->alertsHigh->count()} services avec une vulnérabilité critique";
}
}
if ($this->vulnerablePackagesHigh->count() > 0) {
if (!empty($events)) {
$events .= ", ";
}
if ($this->vulnerablePackagesHigh->count() === 1) {
$events .= "{$this->vulnerablePackagesHigh->count()} package avec une vulnérabilité critique";
} else {
$events .= "{$this->vulnerablePackagesHigh->count()} packages avec une vulnérabilité critique";
}
}
if ($this->assetsDiscovered->count() > 0) {
Expand All @@ -132,6 +157,9 @@ public function build()
"assets_monitored" => $this->assetsMonitored,
"assets_not_monitored" => $this->assetsNotMonitored,
"assets_discovered" => $this->assetsDiscovered,
"vulnerable_packages_high" => $this->vulnerablePackagesHigh,
"vulnerable_packages_medium" => $this->vulnerablePackagesMedium,
"vulnerable_packages_low" => $this->vulnerablePackagesLow,
]);
}
}
160 changes: 148 additions & 12 deletions resources/views/modules/adversary-meter/email/audit-report.blade.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -129,11 +129,18 @@
<li><a href="#metrics">Métriques ({{ $metrics->count() }})</a></li>
</ul>
</li>
<li><a href="#vulns">Vulnérabilités</a>
<li><a href="#services">Services vulnérables</a>
<ul>
<li><a href="#vulns-high">Hautes ({{ $alerts_high->count() }})</a></li>
<li><a href="#vulns-medium">Moyennes ({{ $alerts_medium->count() }})</a></li>
<li><a href="#vulns-low">Basses ({{ $alerts_low->count() }})</a></li>
<li><a href="#services-high">Hautes ({{ $alerts_high->count() }})</a></li>
<li><a href="#services-medium">Moyennes ({{ $alerts_medium->count() }})</a></li>
<li><a href="#services-low">Basses ({{ $alerts_low->count() }})</a></li>
</ul>
</li>
<li><a href="#packages">Packages vulnérables</a>
<ul>
<li><a href="#packages-high">Hautes ({{ $vulnerable_packages_high->count() }})</a></li>
<li><a href="#packages-medium">Moyennes ({{ $vulnerable_packages_medium->count() }})</a></li>
<li><a href="#packages-low">Basses ({{ $vulnerable_packages_low->count() }})</a></li>
</ul>
</li>
<li><a href="#assets">Actifs</a>
Expand Down Expand Up @@ -233,10 +240,10 @@
</div>
@endif
<div class='heading'>
<a name="vulns">2. Vulnérabilités</a>
<a name="services">2. Services vulnérables</a>
</div>
<div class="section">
<a name="vulns-high">2.1. Hautes ({{ $alerts_high->count() }})</a><br>
<a name="services-high">2.1. Hautes ({{ $alerts_high->count() }})</a><br>
</div>
@if($alerts_high->count())
<table>
Expand Down Expand Up @@ -292,7 +299,7 @@
</div>
@endif
<div class="section">
<a name="vulns-medium">2.2. Moyennes ({{ $alerts_medium->count() }})</a>
<a name="services-medium">2.2. Moyennes ({{ $alerts_medium->count() }})</a>
</div>
@if($alerts_medium->count())
<table>
Expand Down Expand Up @@ -348,7 +355,7 @@
</div>
@endif
<div class="section">
<a name="vulns-low">2.3. Basses ({{ $alerts_low->count() }})</a>
<a name="services-low">2.3. Basses ({{ $alerts_low->count() }})</a>
</div>
@if($alerts_low->count())
<table>
Expand Down Expand Up @@ -404,10 +411,139 @@
</div>
@endif
<div class='heading'>
<a name="assets">3. Actifs</a>
<a name="packages">3. Packages vulnérables</a>
</div>
<div class="section">
<a name="packages-high">3.1. Hautes ({{ $vulnerable_packages_high->count() }})</a><br>
</div>
@if($vulnerable_packages_high->count())
<table>
<colgroup>
<col span="1">
<col span="1">
<col span="1">
<col span="1">
<col span="1">
</colgroup>
<thead>
<tr>
<th>Serveur</th>
<th>Package</th>
<th>Version installée</th>
<th>Version fixée</th>
<th>CVE</th>
</tr>
</thead>
<tbody>
@foreach ($vulnerable_packages_high as $vuln)
<tr>
<td class="ellipsis" title="{{ $vuln->server->name }}">
<span style="color:#f8b502;font-weight:bolder">{{ $vuln->server->name }}</span>
</td>
<td>{{ $vuln->package }}</td>
<td>{{ $vuln->package_version }}</td>
<td>{{ $vuln->fixed_version }}</td>
<td>
<a href="{{ $vuln->tracker }}" target="_blank">{{ $vuln->cve }}</a>
</td>
</tr>
@endforeach
</tbody>
</table>
@else
<div class="grey">
<p>Aucune vulnérabilité n'a été détectée pour le moment.</p>
</div>
@endif
<div class="section">
<a name="packages-medium">3.2. Moyennes ({{ $vulnerable_packages_medium->count() }})</a><br>
</div>
@if($vulnerable_packages_medium->count())
<table>
<colgroup>
<col span="1">
<col span="1">
<col span="1">
<col span="1">
<col span="1">
</colgroup>
<thead>
<tr>
<th>Serveur</th>
<th>Package</th>
<th>Version installée</th>
<th>Version fixée</th>
<th>CVE</th>
</tr>
</thead>
<tbody>
@foreach ($vulnerable_packages_medium as $vuln)
<tr>
<td class="ellipsis" title="{{ $vuln->server->name }}">
<span style="color:#f8b502;font-weight:bolder">{{ $vuln->server->name }}</span>
</td>
<td>{{ $vuln->package }}</td>
<td>{{ $vuln->package_version }}</td>
<td>{{ $vuln->fixed_version }}</td>
<td>
<a href="{{ $vuln->tracker }}" target="_blank">{{ $vuln->cve }}</a>
</td>
</tr>
@endforeach
</tbody>
</table>
@else
<div class="grey">
<p>Aucune vulnérabilité n'a été détectée pour le moment.</p>
</div>
@endif
<div class="section">
<a name="packages-low">3.3. Basses ({{ $vulnerable_packages_low->count() }})</a><br>
</div>
@if($vulnerable_packages_low->count())
<table>
<colgroup>
<col span="1">
<col span="1">
<col span="1">
<col span="1">
<col span="1">
</colgroup>
<thead>
<tr>
<th>Serveur</th>
<th>Package</th>
<th>Version installée</th>
<th>Version fixée</th>
<th>CVE</th>
</tr>
</thead>
<tbody>
@foreach ($vulnerable_packages_low as $vuln)
<tr>
<td class="ellipsis" title="{{ $vuln->server->name }}">
<span style="color:#f8b502;font-weight:bolder">{{ $vuln->server->name }}</span>
</td>
<td>{{ $vuln->package }}</td>
<td>{{ $vuln->package_version }}</td>
<td>{{ $vuln->fixed_version }}</td>
<td>
<a href="{{ $vuln->tracker }}" target="_blank">{{ $vuln->cve }}</a>
</td>
</tr>
@endforeach
</tbody>
</table>
@else
<div class="grey">
<p>Aucune vulnérabilité n'a été détectée pour le moment.</p>
</div>
@endif
<div class='heading'>
<a name="assets">4. Actifs</a>
</div>
<div class="section">
<a name="assets-discovered">3.1. Découverts ({{ $assets_discovered->count() }})</a>
<a name="assets-discovered">4.1. Découverts ({{ $assets_discovered->count() }})</a>
</div>
@if($assets_discovered->count())
<table>
Expand Down Expand Up @@ -444,7 +580,7 @@
</div>
@endif
<div class="section">
<a name="assets-monitored">3.2. Surveillés ({{ $assets_monitored->count() }})</a>
<a name="assets-monitored">4.2. Surveillés ({{ $assets_monitored->count() }})</a>
</div>
@if($assets_monitored->count())
<table>
Expand Down Expand Up @@ -481,7 +617,7 @@
</div>
@endif
<div class="section">
<a name="assets-not-monitored">3.3. À surveiller ({{ $assets_not_monitored->count() }})</a>
<a name="assets-not-monitored">4.3. À surveiller ({{ $assets_not_monitored->count() }})</a>
</div>
@if($assets_not_monitored->count())
<table>
Expand Down

0 comments on commit c7031df

Please sign in to comment.