rework - fixes - start ui and nessus ctrl

fancyc-bsi · Nov 13, 2024 · 306d268 · 306d268
1 parent 91e4d52
commit 306d268
Show file tree

Hide file tree

Showing 6 changed files with 117 additions and 105 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1,3 +1,4 @@
 app.log
 /output
-*.xml
+*.xml
+*.csv
diff --git a/go.sum b/go.sum
@@ -5,5 +5,6 @@ golang.org/x/image v0.17.0/go.mod h1:4yyo5vMFQjVjUcVk4jEQcU9MGy/rulF5WvUILseCM2E
 golang.org/x/sys v0.27.0 h1:wBqf8DvsY9Y/2P8gAfPDEYNuS30J4lPHJxXSb/nJZ+s=
 golang.org/x/sys v0.27.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.26.0 h1:WEQa6V3Gja/BhNxg540hBip/kkaYtRg3cxg4oXSw4AU=
+golang.org/x/term v0.26.0/go.mod h1:Si5m1o57C5nBNQo5z1iq+XDijt21BDBDp2bK0QI8e3E=
 golang.org/x/text v0.20.0 h1:gK/Kv2otX8gz+wn7Rmb3vT96ZwuoxnQlY+HlJVj7Qug=
 golang.org/x/text v0.20.0/go.mod h1:D4IsuqiFMhST5bX19pQ9ikHC2GsaKyk/oF+pn3ducp4=
diff --git a/internal/nessus-controller/nessusController.go b/internal/nessus-controller/nessusController.go
@@ -0,0 +1 @@
+package nessusController
diff --git a/internal/nessus/nessus.go b/internal/nessus/nessus.go
@@ -1,125 +1,131 @@
 package nessus
 
 import (
-	"NMB/internal/config"
-	"encoding/csv"
-	"fmt"
-	"os"
-	"sort"
+    "NMB/internal/config"
+    "encoding/csv"
+    "fmt"
+    "os"
+    "sort"
 )
 
 type Finding struct {
-	PluginID    string
-	Host        string
-	Port        string
-	Protocol    string
-	Name        string
-	Risk        string
-	Description string
-	Remedy      string
+    PluginID    string
+    Host        string
+    Port        string
+    Protocol    string
+    Name        string
+    Risk        string
+    Description string
+    Remedy      string
 }
 
 type PluginData struct {
-	Host string
-	Port string
-	Name string
+    Host string
+    Port string
+    Name string
 }
 
 func ParseCSV(filePath string) ([]Finding, map[string]PluginData, error) {
-	file, err := os.Open(filePath)
-	if err != nil {
-		return nil, nil, err
-	}
-	defer func(file *os.File) {
-		err := file.Close()
-		if err != nil {
-
-		}
-	}(file)
-
-	reader := csv.NewReader(file)
-	reader.LazyQuotes = true
-	reader.FieldsPerRecord = -1
-
-	records, err := reader.ReadAll()
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var findings []Finding
-	pluginData := make(map[string]PluginData)
-
-	for i, record := range records[1:] {
-		if len(record) < 26 {
-			return nil, nil, fmt.Errorf("record on line %d: wrong number of fields (got %d, expected at least 26)", i+2, len(record))
-		}
-		finding := Finding{
-			PluginID:    record[0],  // Plugin ID
-			Host:        record[4],  // Host
-			Protocol:    record[5],  // Protocol
-			Port:        record[6],  // Port
-			Name:        record[7],  // Name
-			Description: record[9],  // Description
-			Remedy:      record[10], // Solution
-			Risk:        record[3],  // Risk
-		}
-		findings = append(findings, finding)
-		pluginData[finding.PluginID] = PluginData{
-			Host: finding.Host,
-			Port: finding.Port,
-			Name: finding.Name,
-		}
-	}
-
-	return findings, pluginData, nil
+    file, err := os.Open(filePath)
+    if err != nil {
+        return nil, nil, err
+    }
+    defer file.Close()
+
+    reader := csv.NewReader(file)
+    reader.LazyQuotes = true
+    reader.FieldsPerRecord = -1
+
+    records, err := reader.ReadAll()
+    if err != nil {
+        return nil, nil, err
+    }
+
+    var findings []Finding
+    pluginData := make(map[string]PluginData)
+    uniqueFindings := make(map[string]struct{})
+
+    for i, record := range records[1:] {
+        if len(record) < 26 {
+            return nil, nil, fmt.Errorf("record on line %d: wrong number of fields (got %d, expected at least 26)", i+2, len(record))
+        }
+
+        if record[3] == "None" { // Skip findings with "None" severity
+            continue
+        }
+
+        pluginID := record[0]
+        if _, exists := uniqueFindings[pluginID]; exists {
+            continue // Skip duplicates
+        }
+
+        finding := Finding{
+            PluginID:    pluginID,
+            Host:        record[4],
+            Protocol:    record[5],
+            Port:        record[6],
+            Name:        record[7],
+            Description: record[9],
+            Remedy:      record[10],
+            Risk:        record[3],
+        }
+
+        findings = append(findings, finding)
+        pluginData[pluginID] = PluginData{
+            Host: finding.Host,
+            Port: finding.Port,
+            Name: finding.Name,
+        }
+
+        uniqueFindings[pluginID] = struct{}{}
+    }
+
+    return findings, pluginData, nil
 }
 
 func GetSupportedAndMissingPlugins(findings []Finding, plugins map[string]config.Plugin) ([]string, []string) {
-	var supportedPlugins []string
-	var missingPlugins []string
-
-	pluginNames := make(map[string]string)
-	riskFactors := make(map[string]string)
-
-	for _, finding := range findings {
-		pluginNames[finding.PluginID] = finding.Name
-		riskFactors[finding.PluginID] = finding.Risk
-	}
-
-	allPluginIDs := getAllPluginIDs(plugins)
-
-	matchingPluginIDs := intersect(allPluginIDs, pluginNames)
-
-	for pluginID, pluginName := range pluginNames {
-		if _, found := matchingPluginIDs[pluginID]; found && riskFactors[pluginID] != "None" {
-			supportedPlugins = append(supportedPlugins, pluginName)
-		} else {
-			missingPlugins = append(missingPlugins, pluginName)
-		}
-	}
-
-	sort.Strings(supportedPlugins)
-	sort.Strings(missingPlugins)
-
-	return supportedPlugins, missingPlugins
+    var supportedPlugins []string
+    var missingPlugins []string
+    pluginNames := make(map[string]string)
+    riskFactors := make(map[string]string)
+
+    for _, finding := range findings {
+        pluginNames[finding.PluginID] = finding.Name
+        riskFactors[finding.PluginID] = finding.Risk
+    }
+
+    allPluginIDs := getAllPluginIDs(plugins)
+    matchingPluginIDs := intersect(allPluginIDs, pluginNames)
+
+    for pluginID, pluginName := range pluginNames {
+        if _, found := matchingPluginIDs[pluginID]; found && riskFactors[pluginID] != "None" {
+            supportedPlugins = append(supportedPlugins, pluginName)
+        } else {
+            missingPlugins = append(missingPlugins, pluginName)
+        }
+    }
+
+    sort.Strings(supportedPlugins)
+    sort.Strings(missingPlugins)
+    return supportedPlugins, missingPlugins
 }
 
 func getAllPluginIDs(plugins map[string]config.Plugin) map[string]struct{} {
-	pluginIDs := make(map[string]struct{})
-	for _, plugin := range plugins {
-		for _, id := range plugin.IDs {
-			pluginIDs[id] = struct{}{}
-		}
-	}
-	return pluginIDs
+    pluginIDs := make(map[string]struct{})
+    for _, plugin := range plugins {
+        for _, id := range plugin.IDs {
+            pluginIDs[id] = struct{}{}
+        }
+    }
+    return pluginIDs
 }
 
 func intersect(a map[string]struct{}, b map[string]string) map[string]struct{} {
-	result := make(map[string]struct{})
-	for k := range b {
-		if _, found := a[k]; found {
-			result[k] = struct{}{}
-		}
-	}
-	return result
+    result := make(map[string]struct{})
+    for k := range b {
+        if _, found := a[k]; found {
+            result[k] = struct{}{}
+        }
+    }
+    return result
 }
diff --git a/internal/scanner/scanner.go b/internal/scanner/scanner.go
@@ -1,5 +1,7 @@
 package scanner
 
+// how do we not create a new ssh session every time we execute a command?
+
 import (
 	"context"
 	"crypto/md5"
@@ -30,7 +32,7 @@ type Scanner struct {
 
 const (
 	maxRetries   = 2
-	scanTimeout  = 5 * time.Minute
+	scanTimeout  = 3 * time.Minute
 	nmapScanType = "nmap -T4 --host-timeout 300s"
 )
 

diff --git a/internal/ui/ui.go b/internal/ui/ui.go
@@ -0,0 +1 @@
+package ui
-Original file line number
+Diff line change
@@ -1,3 +1,4 @@
     app.log
     /output
-    *.xml
+    *.xml
+    *.csv