recog 2.3.15 → 2.3.20

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 563ed349556c084c9c46b32ec41eece72724826ae355a639bd2dd55d4a990f3d
-  data.tar.gz: 03e767f4fd9557af69c716515e74595fbb5f287883c6d4e742a1aea1a6cdb0ef
+  metadata.gz: cb4df95cbe1561c384b06be8c36fcea1e51df3c6cdb86a2a944715213d119ae8
+  data.tar.gz: 751fa73b20c6fb9f1c372be5503c07302101b77d729cdce3befee2981651f1ca
 SHA512:
-  metadata.gz: a5a458eef93bb3f5b9f298523f38f728e74bac390b22978af2bbf1c74b1ff55354128df657210ae49542b4a4338a3bdf8d69387c02a06ae7b0f59dc45e237775
-  data.tar.gz: 38d28282042fa32e206f795d63968fd45362563359e2a5d8a93070ac84b85e766c8bd8accebc518e6a06b8cd9d97a52cd5856928bc95de02857783b8669dbacc
+  metadata.gz: 6612cf0d0c5f19cd1a913123fe3c4fce9772ac82b7a07f78ace94f51b1681210a8dfacde3624b2b54c7d66f2f1530771d9a592c3d5bda8bde897d4f9713c2ef9
+  data.tar.gz: 7b935f573b7b4050b2b06e2b8965af9201bb385e2695f9859e6ecf233f93aadb9331d648b18a506528efbd97e2821d0b9816970bfd5df978262b05ec8aeb9f8e

data/.github/workflows/ci.yml

@@ -0,0 +1,26 @@
+name: CI
+
+on: [push, pull_request]
+
+jobs:
+  test:
+    name: 'Ruby: ${{ matrix.ruby-version }}'
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        ruby-version: ['2.5', '2.6', '2.7', '3.0', 'jruby-9.1.17.0', 'jruby']
+
+    steps:
+    - uses: actions/checkout@v2
+    - name: Set up Ruby
+      uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: ${{ matrix.ruby-version }}
+        bundler-cache: true # runs 'bundle install' and caches installed gems automatically
+    - name: Run tests
+      run: |
+        bundle exec rake --version
+        bundle exec rake tests
+      env:
+        JRUBY_OPTS: --server -J-Xms512m -J-Xmx2G

data/.snyk

@@ -0,0 +1,10 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+python: 3.6.0
+version: v1.14.1
+# ignores vulnerabilities until expiry date; change duration by modifying expiry date
+ignore:
+  SNYK-PYTHON-PYYAML-590151:
+    - pyyaml:
+        reason: Project doesn't use vulnerable code path.
+        expires: 2021-06-01T00:00:00.000Z
+patch: {}

data/LICENSE

@@ -2,6 +2,6 @@ Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
 Source: https://github.com/rapid7/recog
 
 Files: *
-Copyright: 2014-2015, Rapid7, Inc.
+Copyright: 2014, Rapid7, Inc.
 License: BSD-2-clause
 

data/bin/recog_standardize

@@ -50,6 +50,7 @@ end
 
 # Load the unique identifiers
 vendors = load_identifiers(File.join(bdir, "vendor.txt"))
+fields = load_identifiers(File.join(bdir, "fields.txt"))
 os_arch = load_identifiers(File.join(bdir, "os_architecture.txt"))
 os_prod = load_identifiers(File.join(bdir, "os_product.txt"))
 os_family = load_identifiers(File.join(bdir, "os_family.txt"))
@@ -67,8 +68,12 @@ ARGV.each do |arg|
     ndb.fingerprints.each do |f|
       f.params.each do |k,v|
         paramIndex, val = v
+        if ! fields[k]
+          puts "FIELD MISSING: #{k}"
+          fields[k] = true
+        end
         next if paramIndex != 0
-        next if val.index("{") != -1
+        next if val.index("{") != nil
         next if val.strip == ""
         case k
         when "os.vendor", "service.vendor", "service.component.vendor", "hw.vendor"
@@ -111,7 +116,7 @@ ARGV.each do |arg|
             puts "HW DEVICE MISSING: #{val}"
             hw_device[val] = true
           end          
-        when "service.product"
+        when "service.product", "service.component.product"
           if ! svc_prod[val]
             puts "SERVICE PRODUCT MISSING: #{val}"
             svc_prod[val] = true
@@ -131,6 +136,7 @@ exit if ! options.write
 
 # Write back the unique identifiers
 write_identifiers(vendors, File.join(bdir, "vendor.txt"))
+write_identifiers(fields, File.join(bdir, "fields.txt"))
 write_identifiers(os_arch, File.join(bdir, "os_architecture.txt"))
 write_identifiers(os_prod, File.join(bdir, "os_product.txt"))
 write_identifiers(os_family, File.join(bdir, "os_family.txt"))

data/cpe-remap.yaml

@@ -1,171 +1,315 @@
 mappings:
-  alpine:
-    vendor: alpinelinux
-  apache:
-    vendor: apache
-    products:
-      httpd: http_server
-  apple:
-    products:
-      ios: iphone_os
-  alt-n:
-    vendor: altn
-  bea:
-    vendor: bea
-    products:
-      weblogic: weblogic_server
-  blue_coat:
-    vendor: bluecoat
-  carnegie_mellon_university:
-    vendor: cmu
-    products:
-      cyrus_imap: cyrus_imap_server
-  centos:
-    vendor: centos
-    products:
-      linux: centos
-  centos_webpanel:
-    vendor: centos-webpanel
-  check_point:
-    vendor: checkpoint
-  cisco:
-    vendor: cisco
-    products:
-      adaptive_security_appliance: adaptive_security_appliance_software
-      pix: pix_firewall_software
-      telepresence: telepresence_video_communication_server_software
-  debian:
-    vendor: debian
-    products:
-      linux: debian_linux
-  embedthis:
-    products:
-       goahead_webserver: goahead
-  f5:
-    vendor: f5
-    products:
-      big-ip: big-ip_local_traffic_manager
-      big-ip_ltm: big-ip_local_traffic_manager
-  hp:
-    vendor: hp
-    products:
-      ilo: integrated_lights_out
-      tru64_unix: tru64
-  ibm:
-    vendor: ibm
-    products:
-      lotus_domino: lotus_domino_server
-      ibm_domino: lotus_domino
-      os/400: os_400
-  jamf:
-    products:
-      jamf_pro: jamf
-  juniper:
-    vendor: juniper
-    products:
-      junos_os: junos
-  kibana:
-    vendor: elasticsearch
-  cz.nic:
-    vendor: knot-dns
-  litespeed_technologies:
-    vendor: litespeedtech
-  linux:
-    vendor: linux
-    products:
-      linux: linux_kernel
-  mailenable:
-    vendor: mailenable
-    products:
-      mail_server: mailenable
-  microsoft:
-    vendor: microsoft
-    products:
-      active_directory_controller: active_directory
-      exchange_server_5.5: exchange_server
-      exchange_2000_server: exchange_server
-      exchange_2003_server: exchange_server
-      exchange_2007_server: exchange_server
-      lightweight_directory_server: active_directory_lightweight_directory_service
-      windows_server_2003_datacenter_edition: windows_server_2003
-      windows_server_2003_r2: windows_server_2003
-      windows_2008_r2: windows_server_2008
-      windows_server_2008_datacenter_edition: windows_server_2008
-      windows_server_2008_r2: windows_server_2008
-      windows_server_2008_r2_datacenter_edition: windows_server_2008
-      windows_server_2012_r2: windows_server_2012
-      nt: windows_nt
-      windows_nt_desktop: windows_nt
-      windows_nt_server: windows_nt
-      windows_server_2000: windows_2000
-      windows_2000_server: windows_2000
-      windows_2000_datacenter_server: windows_2000
-      pws: personal_web_server
-  mod_ssl:
-    vendor: modssl
-  mod_wsgi:
-    vendor: modwsgi
-  mort_bay:
-    vendor: mortbay
-  nlnet_labs:
-    vendor: nlnetlabs
-    products:
-      dnsd: name_server_daemon
-  net-snmp:
-    vendor: net-snmp
-    products:
-      snmp_agent: net-snmp
-  palo_alto_networks:
-    vendor: paloaltonetworks
-    products:
-      pa_firewall: pan-os
-  parallels:
-    products:
-      plesk: parallels_plesk_panel
-  plesk:
-    vendor: parallels
-  proftpd_project:
-    vendor: proftpd
-  realvnc_ltd.:
-    vendor: realvnc
-  red_hat:
-    vendor: redhat
-    products:
-      cygwin_x_server_project: cygwin
-      fedora_core_linux: fedora_core
-      jboss_as: jboss_wildfly_application_server
-      jboss_eap: jboss_enterprise_application_platform
-      jbossweb: jboss_web_framework_kit
-      red_hat_directory_server: directory_server
-  squid_cache:
-    vendor: squid-cache
-  sun:
-    vendor: sun
-    products:
-      solaris: sunos
-  tandberg:
-    vendor: cisco
-  tightvnc:
-    products:
-      desktop: tightvnc
-  ubiquiti:
-    vendor: ui
-  ubuntu:
-    vendor: canonical
-    products:
-      linux: ubuntu_linux
-  vandyke_software:
-    vendor: vandyke
-  vmware:
-    vendor: vmware
-    products:
-      photon_linux: photon_os
-      zimbra: zimbra_desktop
-      vmware_esx_server: esx
-      vmware_esxi_server: esxi
-  wind_river:
-    vendor: windriver
-  x.org:
-    vendor: x.org
-    products:
-      x.org_x11: x11
+  # The following section contains CPE application or 'a' remappings. These will
+  # ONLY be used for mapping Recog 'service' attributes.
+  a:
+    akamai:
+      products:
+        ghost: akamaighost
+    amazon:
+      products:
+        s3: amazon_simple_storage_service
+        cloudfront_load_balancer: amazon_cloudfront
+    apache:
+      products:
+        httpd: http_server
+    aprelium_technologies:
+      vendor: aprelium
+    alt-n:
+      vendor: altn
+    aruba_networks:
+      vendor: arubanetworks
+    bea:
+      products:
+        weblogic: weblogic_server
+    blue_coat:
+      vendor: bluecoat
+    carnegie_mellon_university:
+      vendor: cmu
+      products:
+        cyrus_imap: cyrus_imap_server
+    centos_webpanel:
+      vendor: centos-webpanel
+    check_point:
+      vendor: checkpoint
+    cherokee_project:
+      vendor: cherokee-project
+    cisco:
+      products:
+        apic: application_policy_infrastructure_controller
+    cloudflare:
+      products:
+        cloudflare_load_balancer: load_balancing
+    cpanel:
+      products:
+        cpanel_service_daemon: cpanel
+    crushftp:
+      products:
+        crushftp_web_interface: crushftp
+    cz.nic:
+      vendor: knot-dns
+    drupal:
+      products:
+        cms: drupal
+    embedthis:
+      products:
+        goahead_webserver: goahead
+    envoy_proxy:
+      vendor: envoyproxy
+    f5:
+      products:
+        big-ip: big-ip_local_traffic_manager
+        big-ip_ltm: big-ip_local_traffic_manager
+    fedora_project:
+      vendor: fedoraproject
+    google:
+      products:
+        google_web_services: web_server
+    ibm:
+      products:
+        lotus_domino: lotus_domino_server
+        ibm_domino: lotus_domino
+    ignite_realtime:
+      vendor: igniterealtime
+    intel:
+      products:
+        intel(r)_active_management_technology: active_management_technology
+        intel(r)_standard_manageability: standard_manageability
+    jamf:
+      products:
+        jamf_pro: jamf
+    kibana:
+      vendor: elasticsearch
+    kubernetes:
+      products:
+        nginx_ingress_controller: ingress-nginx
+    kodi:
+      products:
+        media_server: kodi
+    kong:
+      vendor: konghq
+      products:
+        gateway: kong_gateway
+    litespeed_technologies:
+      vendor: litespeedtech
+    lotus:
+      vendor: ibm
+    lynx_technology:
+      vendor: lynxtechnology
+      products:
+        twonky_media_server: twonky_server
+    mailenable:
+      products:
+        mail_server: mailenable
+    manageengine:
+      vendor: zohocorp
+      products:
+        adaudit_plus: manageengine_adaudit_plus
+        desktop_central: manageengine_desktop_central
+        opmanager: manageengine_opmanager
+    microsoft:
+      products:
+        active_directory_controller: active_directory
+        exchange_server_5.5: exchange_server
+        exchange_2000_server: exchange_server
+        exchange_2003_server: exchange_server
+        exchange_2007_server: exchange_server
+        lightweight_directory_server: active_directory_lightweight_directory_service
+        pws: personal_web_server
+    mod_ssl:
+      vendor: modssl
+    mod_wsgi:
+      vendor: modwsgi
+    # NIST took the vendor name from the website but apparently missed the `.in`
+    # in moinmo.in was part of the name
+    moinmoin:
+      vendor: moinmo
+    mort_bay:
+      vendor: mortbay
+    munin:
+      vendor: munin-monitoring
+    nlnet_labs:
+      vendor: nlnetlabs
+      products:
+        dnsd: name_server_daemon
+    net-snmp:
+      products:
+        snmp_agent: net-snmp
+    owncloud:
+      products:
+        owncloud_server: owncloud
+    parallels:
+      products:
+        plesk: parallels_plesk_panel
+    plesk:
+      vendor: parallels
+    proftpd_project:
+      vendor: proftpd
+    progress:
+      products:
+        openedge_explorer: openedge
+    pulse_secure:
+      vendor: pulsesecure
+    realvnc_ltd.:
+      vendor: realvnc
+    red_hat:
+      vendor: redhat
+      products:
+        cygwin_x_server_project: cygwin
+        jboss_as: jboss_wildfly_application_server
+        jboss_eap: jboss_enterprise_application_platform
+        jbossweb: jboss_web_framework_kit
+        red_hat_directory_server: directory_server
+    serv-u:
+      vendor: solarwinds
+    squid_cache:
+      vendor: squid-cache
+    ssh_communications_security:
+      vendor: ssh
+      products:
+        ssh_tectia_server: tectia_server
+    standard_networks:
+      vendor: ipswitch
+    swagger:
+      vendor: smartbear
+    synology:
+      products:
+        dsm: diskstation_manager
+    tightvnc:
+      products:
+        desktop: tightvnc
+    tor_project:
+      vendor: torproject
+    traefik_labs:
+      vendor: containous
+      products:
+        traefik_proxy: traefik
+    twistedmatrix:
+      products:
+        twisted_web: twistedweb
+    ubiquiti:
+      vendor: ui
+    vandyke_software:
+      vendor: vandyke
+    vmware:
+      products:
+        zimbra: zimbra_desktop
+        vcenter: vcenter_server
+    x.org:
+      products:
+        x.org_x11: x11
+
+  # The following section contains CPE operating system or 'o' remappings. These will
+  # ONLY be used for mapping Recog 'os' attributes.
+  o:
+    alpine:
+      vendor: alpinelinux
+      products:
+        linux: alpine_linux
+    apple:
+      products:
+        ios: iphone_os
+    centos:
+      products:
+        linux: centos
+    check_point:
+      vendor: checkpoint
+    cisco:
+      products:
+        adaptive_security_appliance: adaptive_security_appliance_software
+        nam: network_analysis_module_software
+        pix: pix_firewall_software
+        telepresence: telepresence_video_communication_server_software
+        vpn_3000_concentrator: vpn_3000_concentrator_series_software
+        wireless_lan_controller: wireless_lan_controller_software
+    citrix:
+      products:
+        netscaler: netscaler_firmware
+        netscaler_gateway: netscaler_gateway_firmware
+    cumulus:
+      vendor: cumulusnetworks
+    data_domain:
+      vendor: dell
+      products:
+        dd_os: emc_data_domain_os
+    debian:
+      products:
+        linux: debian_linux
+    hp:
+      products:
+        ilo: integrated_lights-out_firmware
+        ilo_firmware: integrated_lights-out_firmware
+        ilo_2: integrated_lights-out_2_firmware
+        ilo_3: integrated_lights-out_3_firmware
+        ilo_4: integrated_lights-out_4_firmware
+        ilo_5: integrated_lights-out_5_firmware
+        tru64_unix: tru64
+    ibm:
+      products:
+        os/400: os_400
+        i5/os: i5os
+    juniper:
+      products:
+        junos_os: junos
+    linux:
+      products:
+        linux: linux_kernel
+    microsoft:
+      products:
+        windows_server_2003_datacenter_edition: windows_server_2003
+        windows_server_2003_r2: windows_server_2003
+        windows_2008_r2: windows_server_2008
+        windows_server_2008_datacenter_edition: windows_server_2008
+        windows_server_2008_r2: windows_server_2008
+        windows_server_2008_r2_datacenter_edition: windows_server_2008
+        windows_server_2012_r2: windows_server_2012
+        nt: windows_nt
+        windows_nt_desktop: windows_nt
+        windows_nt_server: windows_nt
+        windows_server_2000: windows_2000
+        windows_2000_server: windows_2000
+        windows_2000_datacenter_server: windows_2000
+    oracle:
+      products:
+        ilom: integrated_lights_out_manager_firmware
+    palo_alto_networks:
+      vendor: paloaltonetworks
+    red_hat:
+      vendor: redhat
+      products:
+        fedora_core_linux: fedora_core
+    sun:
+      products:
+        solaris: sunos
+    ubiquiti:
+      vendor: ui
+    ubuntu:
+      vendor: canonical
+      products:
+        linux: ubuntu_linux
+    vmware:
+      products:
+        photon_linux: photon_os
+        vmware_esx_server: esx
+        vmware_esxi_server: esxi
+    wind_river:
+      vendor: windriver
+
+  # The following section contains CPE hardware or 'h' remappings. These will
+  # ONLY be used for mapping Recog 'hw' attributes.
+  h:
+    cisco:
+      products:
+        nam: network_analysis_module
+    citrix:
+      products:
+        netscaler_sdx_gateway: netscaler_sdx
+    emc:
+      products:
+        celerra: celerra_network_attached_storage
+    hp:
+      products:
+        ilo: integrated_lights-out
+    tandberg:
+      vendor: cisco
+    ubiquiti:
+      vendor: ui