Skip to content

Commit

Permalink
* Add support for recording a scan summary file for the /report_sig c…
Browse files Browse the repository at this point in the history
…ommand line argument.

Records the following information to C:\ProgramData\Qualys\log4j_summary.out:

scanHostname: ROMW-HOME.XXX.XXX.XXX
scanDate: 2022-01-05T16:05:13-0800
scanDuration: 24
scanFiles: 255
scannedDirectories: 4
scannedCompressed: 6
scannedJARS: 244
scannedWARS: 0
scannedEARS: 0
scannedPARS: 0
scannedTARS: 1
vulnerabilitiesFound: 17
  • Loading branch information
romw committed Jan 6, 2022
1 parent aa724ba commit 99897de
Show file tree
Hide file tree
Showing 5 changed files with 49 additions and 37 deletions.
13 changes: 6 additions & 7 deletions MainScan.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -213,7 +213,7 @@ int32_t __cdecl wmain(int32_t argc, wchar_t* argv[]) {
repSummary.scanStart = time(0);

if (cmdline_options.reportSig) {
LogStatusMessage(L"Scan start time : %s", FormatLocalTime(repSummary.scanStart).c_str());
LogStatusMessage(L"Scan Start: %s", FormatLocalTime(repSummary.scanStart).c_str());
}

if (cmdline_options.scanLocalDrives) {
Expand Down Expand Up @@ -259,7 +259,7 @@ int32_t __cdecl wmain(int32_t argc, wchar_t* argv[]) {
}

if (cmdline_options.reportSig) {
LogStatusMessage(L"\nScan end time : %s", FormatLocalTime(repSummary.scanEnd).c_str());
LogStatusMessage(L"\nScan End: %s", FormatLocalTime(repSummary.scanEnd).c_str());
}


Expand Down Expand Up @@ -289,13 +289,12 @@ int32_t __cdecl wmain(int32_t argc, wchar_t* argv[]) {
END:

if (cmdline_options.reportSig) {
LogStatusMessage(L"Result File: %s", GetSignatureReportFindingsFilename().c_str());
LogStatusMessage(L"Summary File: %s", GetSignatureReportSummaryFilename().c_str());
if (error_array.empty()) {
LogStatusMessage(L"Run status : Success");
LogStatusMessage(L"Result file location : %s", GetSignatureReportFilename().c_str());
LogStatusMessage(L"Run Status: Success");
} else {
LogStatusMessage(L"Run status : Partially Successful");
LogStatusMessage(L"Result file location : %s", GetSignatureReportFilename().c_str());

LogStatusMessage(L"Run Status: Partially Successful");
LogStatusMessage(L"Errors :");
for (const auto& e : error_array) {
LogStatusMessage(L"%s", e.c_str());
Expand Down
4 changes: 2 additions & 2 deletions Remediate.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -173,7 +173,7 @@ namespace log4jremediate {
DWORD status{ ERROR_SUCCESS };
std::vector<CReportVulnerabilities> signature_report;

std::wstring sig_report_file = GetSignatureReportFilename();
std::wstring sig_report_file = GetSignatureReportFindingsFilename();

status = ReadSignatureReport(sig_report_file, signature_report);
if (status != ERROR_SUCCESS) {
Expand Down Expand Up @@ -218,7 +218,7 @@ namespace log4jremediate {

try
{
sig_report_file = GetSignatureReportFilename();
sig_report_file = GetSignatureReportFindingsFilename();
rem_report_file = GetRemediationReportFilename();

// Truncate/Create remediation report
Expand Down
58 changes: 32 additions & 26 deletions Reports.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -205,13 +205,26 @@ int32_t GenerateJSONReport(bool pretty) {
int32_t GenerateSignatureReport() {
int32_t rv = ERROR_SUCCESS;

// signature output should go into a file always
// 1. First check if %programdata%\Qualys\QualysAgent exist
// 2. If not exist then current direcotry will be used
FILE* signature_summary = nullptr;
_wfopen_s(&signature_summary, GetSignatureReportSummaryFilename().c_str(), L"w+, ccs=UTF-8");
if (signature_summary) {
fwprintf_s(signature_summary, L"scanHostname: %s\n", GetHostName().c_str());
fwprintf_s(signature_summary, L"scanDate: %s\n", FormatLocalTime(repSummary.scanStart).c_str());
fwprintf_s(signature_summary, L"scanDuration: %I64d\n", repSummary.scanEnd - repSummary.scanStart);
fwprintf_s(signature_summary, L"scanFiles: %I64d\n", repSummary.scannedFiles);
fwprintf_s(signature_summary, L"scannedDirectories: %I64d\n", repSummary.scannedDirectories);
fwprintf_s(signature_summary, L"scannedCompressed: %I64d\n", repSummary.scannedCompressed);
fwprintf_s(signature_summary, L"scannedJARS: %I64d\n", repSummary.scannedJARs);
fwprintf_s(signature_summary, L"scannedWARS: %I64d\n", repSummary.scannedWARs);
fwprintf_s(signature_summary, L"scannedEARS: %I64d\n", repSummary.scannedEARs);
fwprintf_s(signature_summary, L"scannedPARS: %I64d\n", repSummary.scannedPARs);
fwprintf_s(signature_summary, L"scannedTARS: %I64d\n", repSummary.scannedTARs);
fwprintf_s(signature_summary, L"vulnerabilitiesFound: %I64d\n", repSummary.foundVunerabilities);
fclose(signature_summary);
}

FILE* signature_file = nullptr;
_wfopen_s(&signature_file, GetSignatureReportFilename().c_str(), L"w+, ccs=UTF-8");

_wfopen_s(&signature_file, GetSignatureReportFindingsFilename().c_str(), L"w+, ccs=UTF-8");
if (signature_file) {
for (size_t i = 0; i < repVulns.size(); i++) {
CReportVulnerabilities vuln = repVulns[i];
Expand Down Expand Up @@ -239,21 +252,19 @@ int32_t AddToRemediationReport(const CReportVulnerabilities& vuln) {

FILE* remediation_file = nullptr;
_wfopen_s(&remediation_file, GetRemediationReportFilename().c_str(), L"a, ccs=UTF-8");

if (remediation_file) {

fwprintf_s(remediation_file,
L"Source: Signature File, Vendor: %s, Manifest Version: %s, JNDI Class: %s, Log4j Vendor: %s, Log4j Version: %s\n",
vuln.manifestVendor.c_str(),
vuln.manifestVersion.c_str(),
vuln.detectedJNDILookupClass ? L"Found" : L"NOT Found",
vuln.log4jVendor.c_str(),
vuln.log4jVersion.c_str());
fwprintf_s(remediation_file, L"Path=%s\n", vuln.file.c_str());
fwprintf_s(remediation_file, L"Mitigated=%s\n", (vuln.cve202144228Mitigated && vuln.cve202145046Mitigated ? L"true": L"false"));
fwprintf_s(remediation_file, L"------------------------------------------------------------------------\n");
fwprintf_s(remediation_file,
L"Source: Signature File, Vendor: %s, Manifest Version: %s, JNDI Class: %s, Log4j Vendor: %s, Log4j Version: %s\n",
vuln.manifestVendor.c_str(),
vuln.manifestVersion.c_str(),
vuln.detectedJNDILookupClass ? L"Found" : L"NOT Found",
vuln.log4jVendor.c_str(),
vuln.log4jVersion.c_str());
fwprintf_s(remediation_file, L"Path=%s\n", vuln.file.c_str());
fwprintf_s(remediation_file, L"Mitigated=%s\n", (vuln.cve202144228Mitigated && vuln.cve202145046Mitigated ? L"true": L"false"));
fwprintf_s(remediation_file, L"------------------------------------------------------------------------\n");

fclose(remediation_file);
fclose(remediation_file);
}

return rv;
Expand All @@ -270,13 +281,7 @@ int32_t GenerateRemediationReportSummary(DocumentW& doc) {
ValueW vRemediatedEARs(rapidjson::kNumberType);
ValueW oSummary(rapidjson::kObjectType);

wchar_t buf[64] = { 0 };
struct tm* tm = NULL;

tm = localtime((time_t*)&remSummary.scanStart);
wcsftime(buf, _countof(buf) - 1, L"%FT%T%z", tm);

vRemediationDate.SetString(&buf[0], doc.GetAllocator());
vRemediationDate.SetString(FormatLocalTime(repSummary.scanStart).c_str(), doc.GetAllocator());
vRemediationDuration.SetInt64(remSummary.scanEnd - remSummary.scanStart);

oSummary.AddMember(L"remediationDuration", vRemediationDuration, doc.GetAllocator());
Expand Down Expand Up @@ -348,4 +353,5 @@ int32_t GenerateRemediationJSONReport(bool pretty) {

wprintf(L"%S", buffer.GetString());
return rv;
}
}

7 changes: 6 additions & 1 deletion Utils.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -160,10 +160,14 @@ std::wstring GetReportDirectory() {
return report_dir;
}

std::wstring GetSignatureReportFilename() {
std::wstring GetSignatureReportFindingsFilename() {
return GetReportDirectory() + L"\\" + report_sig_output_file;
}

std::wstring GetSignatureReportSummaryFilename() {
return GetReportDirectory() + L"\\" + report_sig_summary_file;
}

std::wstring GetSignatureStatusFilename() {
return GetReportDirectory() + L"\\" + report_sig_status_file;
}
Expand Down Expand Up @@ -217,6 +221,7 @@ uint32_t LogStatusMessage(const wchar_t* fmt, ...) {
if (status_file) {
va_start(ap, fmt);
retval = vfwprintf(status_file, fmt, ap);
fwprintf(status_file, L"\n");
va_end(ap);
fflush(status_file);
}
Expand Down
4 changes: 3 additions & 1 deletion Utils.h
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ typedef std::pair<std::wstring, std::wstring> StringPair;

constexpr wchar_t* qualys_program_data_location = L"%ProgramData%\\Qualys";
constexpr wchar_t* report_sig_output_file = L"log4j_findings.out";
constexpr wchar_t* report_sig_summary_file = L"log4j_summary.out";
constexpr wchar_t* report_sig_status_file = L"status.txt";

constexpr wchar_t* remediation_report_file = L"log4j_remediate.out";
Expand All @@ -31,7 +32,8 @@ std::wstring FormatLocalTime(time_t datetime);
std::wstring GetHostName();
std::wstring GetScanUtilityDirectory();
std::wstring GetReportDirectory();
std::wstring GetSignatureReportFilename();
std::wstring GetSignatureReportFindingsFilename();
std::wstring GetSignatureReportSummaryFilename();
std::wstring GetSignatureStatusFilename();
std::wstring GetRemediationReportFilename();
std::wstring GetRemediationStatusFilename();
Expand Down

0 comments on commit 99897de

Please sign in to comment.