check-msdefender 1.1.11__tar.gz → 1.1.14__tar.gz

{check_msdefender-1.1.11 → check_msdefender-1.1.14}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: check-msdefender
-Version: 1.1.11
+Version: 1.1.14
 Summary: A Nagios plugin for monitoring Microsoft Defender API endpoints
 Keywords: nagios,monitoring,microsoft,graph,api,azure
 Author-Email: ldvchosal <ldvchosal@github.com>

{check_msdefender-1.1.11 → check_msdefender-1.1.14}/check_msdefender/__init__.py

@@ -1,4 +1,4 @@
 """Check Microsoft Defender API endpoints and check values - Nagios plugin."""
-__version__ = "1.1.11"
+__version__ = "1.1.14"
 __author__ = "ldvchosal"
 __email__ = "ldvchosa@github.com"

{check_msdefender-1.1.11 → check_msdefender-1.1.14}/check_msdefender/core/nagios.py

@@ -129,12 +129,9 @@ class NagiosPlugin:
                 DefenderSummary(details),
             )
 
-            # Set verbosity
-            check.verbosity = verbose
-
             # Run check and return exit code instead of exiting
             try:
-                check.main()
+                check.main(verbose=verbose)
                 return 0  # If main() doesn't exit, it's OK
             except SystemExit as e:
                 return int(e.code) if e.code is not None else 0

{check_msdefender-1.1.11 → check_msdefender-1.1.14}/check_msdefender/services/products_service.py

@@ -7,6 +7,14 @@ from check_msdefender.core.exceptions import ValidationError
 from check_msdefender.core.logging_config import get_verbose_logger
 
 
+class DetailObject:
+    def __init__(self, software: str, data: str, score: int):
+        self.software = software
+        self.data = data
+        self.score = score
+        self.paths: list[str] = []
+
+
 class ProductsService:
     """Service for checking installed products on machines."""
 
@@ -49,7 +57,7 @@ class ProductsService:
             product for product in all_products if product.get("deviceId") == target_machine_id
         ]
 
-        self.logger.info(f"Found {len(products)} CVE vulnerabilities for machine {target_dns_name}")
+        self.logger.info(f"Found {len(products)} vulnerabilities for machine {target_dns_name}")
 
         # Group vulnerabilities by software
         software_vulnerabilities = {}
@@ -60,6 +68,7 @@ class ProductsService:
             cve_id = vulnerability.get("cveId", "Unknown")
             cvss_score = vulnerability.get("cvssScore", 0)
             disk_paths = vulnerability.get("diskPaths", [])
+            registry_paths = vulnerability.get("registryPaths", [])
             severity = vulnerability.get("vulnerabilitySeverityLevel", "Unknown")
 
             software_key = f"{software_name}-{software_version}-{software_vendor}"
@@ -71,16 +80,19 @@ class ProductsService:
                     "vendor": software_vendor,
                     "cves": [],
                     "paths": set(),
+                    "registryPaths": set(),
                     "max_cvss": 0,
-                    "severities": set(),
+                    "severities": [],
                 }
 
-            software_vulnerabilities[software_key]["cves"].append(cve_id)
+            cve_info = {"cve_id": cve_id, "severity": severity}
+            software_vulnerabilities[software_key]["cves"].append(cve_info)
             software_vulnerabilities[software_key]["paths"].update(disk_paths)
+            software_vulnerabilities[software_key]["registryPaths"].update(registry_paths)
             software_vulnerabilities[software_key]["max_cvss"] = max(
                 software_vulnerabilities[software_key]["max_cvss"], cvss_score
             )
-            software_vulnerabilities[software_key]["severities"].add(severity)
+            software_vulnerabilities[software_key]["severities"].append(severity)
 
         # Count vulnerabilities by severity
         critical_count = 0
@@ -109,18 +121,27 @@ class ProductsService:
         details = []
         total_score = 0
         if software_vulnerabilities:
-            summary_line = f"{len(products)} total CVEs (Critical: {critical_count}, High: {high_count}, Medium: {medium_count}, Low: {low_count}), {len(vulnerable_software)} vulnerable software"
-            details.append(summary_line)
 
-            score = 0
-            # Add software details (limit to 10)
-            for software in list(software_vulnerabilities.values())[:10]:
+            detail_objects = []
+
+            # Add software details
+            for software in list(software_vulnerabilities.values()):
+                score = 0
+                    
                 cve_count = len(software["cves"])
-                unique_cves = list(set(software["cves"]))
+                unique_cves = list(set(cve["cve_id"] for cve in software["cves"]))
                 cve_list = ", ".join(unique_cves[:5])  # Show first 5 CVEs
-                severities = ", ".join(software["severities"])  # Show first 5 CVEs
-                for severity_name in software["severities"]:
-                    severity = severity_name.lower()
+                severities = ""
+                # Count severities
+                severity_counts = {"Critical": 0, "High": 0, "Medium": 0, "Low": 0}
+                for sev in software["severities"]:
+                    severity_counts[sev] += 1
+                severities = ", ".join(
+                    f"{key}: {value}" for key, value in severity_counts.items() if value > 0
+                )
+
+                for cve in software["cves"]:
+                    severity = cve["severity"].lower()
                     if severity == "critical":
                         score += 100
                     elif severity == "high":
@@ -133,14 +154,47 @@ class ProductsService:
                 if len(unique_cves) > 5:
                     cve_list += f".. (+{len(unique_cves) - 5} more)"
 
-                details.append(
-                    f"{software['name']} {software['version']} ({software['vendor']}) - "
-                    f"{score} ({cve_count}: {severities}) weaknesses ({cve_list})"
+                detail_object = DetailObject(
+                    software=f"{software['name']} {software['version']} ({software['vendor']})",
+                    data=f"Score: {score}, CVEs: {cve_count} ({severities}), ({cve_list})",
+                    score=score,
                 )
+
                 total_score += score
+
                 # Add paths (limit to 4)
                 for path in list(software["paths"])[:4]:
-                    details.append(f" - {path}")
+                    detail_object.paths.append(f" - {path}")
+
+                # Indicate if more paths exist
+                if len(software["paths"]) > 4:
+                    detail_object.paths.append(f" - .. (+{len(software['paths']) - 4} more)")
+
+                # Add registry paths if available (limit to 4)
+                for registry_path in list(software["registryPaths"])[:4]:
+                    detail_object.paths.append(f" - {registry_path}")
+
+                # Indicate if more registry paths exist
+                if len(software["registryPaths"]) > 4:
+                    detail_object.paths.append(
+                        f" - .. (+{len(software['registryPaths']) - 4} more)"
+                    )
+
+                # Collect detail objects for sorting
+                detail_objects.append(detail_object)
+
+            summary_line = f"{len(vulnerable_software)} vulnerable products, score: {total_score}"
+            details.append(summary_line)
+            details.append("")
+
+            # Sort detail objects by score descending
+            detail_objects.sort(key=lambda x: x.score, reverse=True)
+
+            # Limit to top 10
+            for detail_object in detail_objects[:10]:
+                details.append(f"{detail_object.software} - {detail_object.data}")
+                details.extend(detail_object.paths)
+                details.append("")
 
         # Determine the value based on severity:
         # - Critical vulnerabilities trigger critical threshold
@@ -159,9 +213,7 @@ class ProductsService:
         }
 
         self.logger.info(
-            f"Products analysis complete: {len(products)} total CVEs "
-            f"(Critical: {critical_count}, High: {high_count}, Medium: {medium_count}, Low: {low_count}), "
-            f"{len(vulnerable_software)} vulnerable software"
+            f"Products analysis complete: {len(vulnerable_software)} vulnerable products, score: {total_score}"
         )
         self.logger.method_exit("get_result", result)
         return result

{check_msdefender-1.1.11 → check_msdefender-1.1.14}/pyproject.toml

@@ -38,7 +38,7 @@ dependencies = [
     "azure-identity>=1.12.0",
     "click>=8.0,<9.0",
 ]
-version = "1.1.11"
+version = "1.1.14"
 
 [project.license]
 text = "MIT"

{check_msdefender-1.1.11 → check_msdefender-1.1.14}/tests/fixtures/test_detail_service.py

@@ -81,6 +81,7 @@ class TestDetailServiceFixtures:
         """Test that all expected machine detail fields are present."""
         self.service.get_result(machine_id="test-machine-3")
         details = self.service.get_machine_details_json()
+        assert details is not None
         details_dict = json.loads(details)
 
         # Verify all expected fields from the documentation are present
@@ -122,6 +123,7 @@ class TestDetailServiceFixtures:
         details = self.service.get_machine_details_json()
 
         # Should be valid JSON
+        assert details is not None
         details_dict = json.loads(details)
         assert isinstance(details_dict, dict)