troubadix 25.7.3__py3-none-any.whl → 25.8.1__py3-none-any.whl

troubadix/__version__.py

@@ -2,4 +2,4 @@
 
 # THIS IS AN AUTOGENERATED FILE. DO NOT TOUCH!
 
-__version__ = "25.7.3"
+__version__ = "25.8.1"

troubadix/codespell/codespell.additions

@@ -24,3 +24,5 @@ iit->it
 itt->it
 CSFR->CSRF
 XXS->XSS
+reverenced->referenced
+sever->server

troubadix/codespell/codespell.exclude

@@ -250,6 +250,7 @@ complete_xml = string (complete_xml, '<oval_system_characteristics xmlns="http:/
   Connection, Expect, If-Match, If-None-Match, If-Range, If-Unmodified-Since, Max-Forwards, TE,
   "Connection: TE, close\r\n",
                   "Connection: TE,,Keep-Alive\r\n\r\n" );
+    ('content="Xenon Boostrap Admin Panel"' >< res || '<body class="cui">' >< res)) {
   control of Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI)
 # Copyright (c) 2008 Tim Brown
 # Copyright (C) 2008 Tim Brown
@@ -347,6 +348,7 @@ CVE-2020-5208: Fixed multiple remote code executtion vulnerabilities
 CVE-2020-8492: Fixed a regular expression in urrlib that was prone to
 CVE-2021-30004: Fixed an issue where forging attacks might have occured
   * CVE-2021-47311: net: qcom/emac: fix UAF in emac_remove (bsc#1225010).
+  - CVE-2025-3200: Multiple products from Wiesemann & Theis");
 dass eine geeignete Windows 8.1 Version, vorzugsweise eine 64-Bit Variante, eingesetzt werden muss.");
 "DataArchivingService/webcontent/aas",
   "/DataArchivingService/webcontent/aas/aas_store.jsp");
@@ -437,6 +439,7 @@ Federico Manuel Bento discovered that the Linux kernel did not properly
 # Fedora Update for tre FEDORA-2016-cd09eab674
 Festplatten- und Dateiverschluesselung eingesetzt werden. Alternativ SOLLTE 'dm-crypt' in
 files. If a user were tricked into opening a specially-crafted CAF file, a
+  files packed with UPack.
   files to potentially execute code and it is tracked by the Mitre CVE
   file_xml = '\t\t<file_item' + status + ' xmlns="http://oval.mitre.org/XMLSchema/' +
 Fixed a bug where Podman could not run containers usin... [Please see the references for more information on the vulnerabilities]");
@@ -507,7 +510,8 @@ Helin, Andre Bargull, Massimiliano Tomassoli, laf.intel, Massimiliano
   hello_data += clen + _ciphers;
 "H", "HSI",
   - HP Helion Eucalyptus does not correctly check IAM user's permissions for accessing versioned objects and ACLs.
-    hp_printer['login_success'] = '<?hp te.includeSubPage';
+    hp_printer["login_success"] = "<?hp te\.includeSubPage";
+    # <?hp te.includeSubPage("/webApps/Wired/ip4.htf") ?>
 </HSI>
 <HSI>
 # <HTML>Acess not granted.</HTML>
@@ -532,6 +536,7 @@ if (!banner || banner !~ "^(RICOH|LANIER|SAVIN|Gestetner|NRG) ")
 if(!banner = get_kb_item("shttp/" + port + "/banner"))
 if (banner =~ "Huawei TE[0-9]0") {
 if( banner =~ "(MD|BU)-" ) {
+if( banner !~ "Server\s*:\s*Boa" || ( "AirLive" >!< banner && banner !~ "(WL|MD|BU|POE)-") )
   if( ( buf =~ "<title>GLPI - Authentification" || buf =~ "<title>GLPI - Authentication" ) && ( buf =~ "Powered By Indepnet" ||
 if( "CONEXANT SYSTEMS, INC." >< r &&
 if( "CONEXANT SYSTEMS, INC" >< r && "ACCESS RUNNER ADSL CONSOLE PORT" >< r && "LOGON PASSWORD" >< r ) {
@@ -591,7 +596,6 @@ if ((res = ispkgvuln(pkg:"app-admin/lsat", unaffected: make_list(), vulnerable:
 if(res =~ "<span>[Ss]arix&[Tt]rade;</span>" && res =~ "<span>Copyright\s*&copy;\s*[0-9]+-[0-9]+,\s*[Pp][Ee][Ll][Cc][Oo]\s*&middot;"
 if (res =~ "[Ss]creen[Cc]onnect" &&
 if( res && "WAN SETTINGS" >< res && "value='3G Interface" >< res && "menu.html" >< res &&
-if( "Server: Boa" >!< banner || ( "AirLive" >!< banner && banner !~ "(WL|MD|BU|POE)-") )
   if( strlen( data ) < 8 || data !~ "^(DELETE|PROPFIND|PUT|GET|HEAD|POST|OPTIONS|REPORT|MKCOL|MOVE|PROPPATCH|COPY|PATCH|CONNECT|TRACE|LOCK|UNLOCK|TRACK|M-POST|CHECKOUT|CHECKIN|UNCHECKOUT|VERSION-CONTROL|BASELINE-CONTROL).*HTTP/(1\.[01]|2)" ) {
   if(strlen(res) && "nonexistant" >< res && "XJ004CSS" >< res) {
   if( sysdesc =~ "^(RICOH|LANIER|SAVIN|NRG)" && sysdesc =~ "(RICOH|LANIER|SAVIN|NRG) Network Printer" ) {
@@ -610,6 +614,7 @@ ii  libapt-pkg4.12:amd64  0.9.7.5ubuntu5.6  amd64  package managment runtime lib
 ii  libapt-pkg4.12:amd64  0.9.7.7ubuntu6  amd64  package managment runtime library
 ii  libapt-pkg4.12:amd64  0.9.7.9+deb7u7  amd64  package managment runtime library
 ii  libapt-pkg4.12:amd64  0.9.9.1~ubuntu3.3  amd64  package managment runtime library
+ii  unminimize  0.2.1  amd64  Un-minimize your minimial images or setup
  image. This occured because of a lack of proper validation that cached
   Imaging and Communications in Medicine (DICOM) service accessible from a public WAN (Internet) /
   Imaging and Communications in Medicine (DICOM) web viewer accessible from a public WAN (Internet)
@@ -728,6 +733,8 @@ mark_dead = script_get_preference( "Mark unrechable Hosts as dead (not scanning)
 Mark Shepard discovered a double free in the TCP listener cleanup which could result in denial of service by an authenticated user if Dropbear is running with the '-a' option.
   masked. All LSAT users are advised to unmerge it.
   "Max-Forwards", "TE" ) ) {
+                      "/mdm/checkin",
+  /mdm/checkin and /lshw endpoints.");
      "Memorise" >< poshRes)
  memory disclosure whne processing of a specially crafted mp4 file with
 # Mesosphere Marathon Web UI Public WAN (Internet) Accessible
@@ -886,6 +893,7 @@ reenable php7-dba support of Berkeley DB (bsc#1108554)");
     reg_xml = '\t\t<registry_item' + status + ' xmlns="http://oval.mitre.org/' +
 Reject invalid eliptic curve point coordinates (bsc#1131291)");
  rejection for EXTRAVERSION = -xfs, but likely little else will be
+  remote attackers to execute arbitrary code via a crafted Upack PE file.
   - Remote Command Execution via WAN and LAN
   - Remote Unauthenticated Information Disclosure via WAN and LAN
 	Remove all mitre.org links from the script descriptions as
@@ -1546,6 +1554,7 @@ Wan-Teh Chang as the original reporters of CVE-2013-5607.
   web-based interface for Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could
   webcontent/aas/aas_store.jsp.");
   * Webdienst Assoziation
+"webdynpro/resources/sap.com/caf~eu~gp~mail~cf~ui",
 Wen Guanxing discovered that PCRE incorrectly handled certain regular
 Wen Xu and Po-Ning Tseng discovered that btrfs file system implementation
 Wen Xu and Po-Ning Tseng discovered that the btrfs filesystem

troubadix/plugins/badwords.py

@@ -96,6 +96,10 @@ EXCEPTIONS = [
     "firecracker",  # Valid package name on e.g. Fedora
     "Firecracker",  # Valid package name on e.g. Fedora
     "pcp-pmda-nutcracker",  # Valid package name on e.g. openSUSE or Arch Linux
+    # We should generally exclude http:// and https:// URLs as these are
+    # immutable and shouldn't be changed / require separate exclusions for each
+    "https://",
+    "http://",
 ]
 
 STARTS_WITH_EXCEPTIONS = [

troubadix/plugins/grammar.py

@@ -56,7 +56,7 @@ exceptions = [
         r"these\s+error\s+(messages|reports|conditions)", re.IGNORECASE
     ),
     PatternCheck(
-        r"these\s+file\s+(permissions|overwrites|names|includes)",
+        r"these\s+file\s+(permissions|overwrites|names|includes|systems)",
         re.IGNORECASE,
     ),
     # nb: Valid sentence

troubadix/plugins/http_links_in_tags.py

@@ -169,6 +169,9 @@ class CheckHttpLinksInTags(FilePlugin):
             "https://username:password@proxy:8080",
             "sun.net.www.http.KeepAliveCache",
             "www.foo.com",
+            # e.g.:
+            # sun.net.www.protocol.jar.JarURLConnection
+            "sun.net.www.",
         ]
 
         return any(

troubadix/plugins/script_xref_url.py

@@ -25,21 +25,21 @@ from troubadix.plugin import FileContentPlugin, LinterError, LinterResult
 
 ALLOWED_URLS = [
     "https://lists.apache.org/thread.html/e1ef853fc0079cdb55be"
-    "fbd2dac042934e49288b476d5f6a649e5da2@<announce.tomcat.apache.org>",
+    + "fbd2dac042934e49288b476d5f6a649e5da2@<announce.tomcat.apache.org>",
     "https://lists.apache.org/thread.html/e1ef853fc0079cdb55be"
-    "fbd2dac042934e49288b476d5f6a649e5da2@<announce.tomcat.apache.org>",
+    + "fbd2dac042934e49288b476d5f6a649e5da2@<announce.tomcat.apache.org>",
     "https://m0ze.ru/vulnerability/[2021-05-26]-[WordPress]-[C"
-    "WE-79]-WP-Reset-WordPress-Plugin-v1.86.txt",
+    + "WE-79]-WP-Reset-WordPress-Plugin-v1.86.txt",
     "http://yehg.net/lab/pr0js/advisories/joomla/core/[joomla_"
-    "1.0.x~15]_cross_site_scripting",
+    + "1.0.x~15]_cross_site_scripting",
     "http://yehg.net/lab/pr0js/advisories/eclipse/[eclipse_hel"
-    "p_server]_cross_site_scripting",
+    + "p_server]_cross_site_scripting",
     "http://core.yehg.net/lab/pr0js/advisories/dll_hijacking/["
-    "flash_player]_10.1.x_insecure_dll_hijacking_(dwmapi.dll)",
+    + "flash_player]_10.1.x_insecure_dll_hijacking_(dwmapi.dll)",
     "https://lists.apache.org/thread.html/773c93c2d8a6a52bbe9"
-    "7610c2b1c2ad205b970e1b8c04fb5b2fccad6@<general.hadoop.apache.org>",
+    + "7610c2b1c2ad205b970e1b8c04fb5b2fccad6@<general.hadoop.apache.org>",
     "http://mail-archives.apache.org/mod_mbox/perl-advocacy/2"
-    "00904.mbox/<ad28918e0904011458h273a71d4x408f1ed286c9dfbc@mail.gmail.com>",
+    + "00904.mbox/<ad28918e0904011458h273a71d4x408f1ed286c9dfbc@mail.gmail.com>",
     "http://yehg.net/lab/pr0js/advisories/[mybb1.6]_cross_site_scripting",
     "http://www.live555.com/liveMedia/public/changelog.txt#[2021.08.04]",
     "http://www.live555.com/liveMedia/public/changelog.txt#[2021.08.06]",

troubadix/plugins/valid_oid.py

@@ -425,9 +425,7 @@ class CheckValidOID(FileContentPlugin):
         exceptions = [
             "ossim_server_detect.nasl",
             "gsf/2018/vmware/gb_vmware_fusion_vmxnet3_"
-            "stack_memory_usage_vuln_macosx.nasl",
-            "enterprise/2018/vmware/gb_vmware_fusion_vmxnet3_"
-            "stack_memory_usage_vuln_macosx.nasl",
+            + "stack_memory_usage_vuln_macosx.nasl",
             "2008/asterisk_sdp_header_overflow.nasl",
             "2008/cisco_ios_ftp_server_auth_bypass.nasl",
             "2008/qk_smtp_server_dos.nasl",

{troubadix-25.7.3.dist-info → troubadix-25.8.1.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.3
 Name: troubadix
-Version: 25.7.3
+Version: 25.8.1
 Summary: A linting and QA check tool for NASL files
 License: GPL-3.0-or-later
 Author: Greenbone

{troubadix-25.7.3.dist-info → troubadix-25.8.1.dist-info}/RECORD

@@ -1,8 +1,8 @@
 troubadix/__init__.py,sha256=K7sIXXDrC7YRb7BvIpdQ6ZfG_QkT0qUH_wAlHROVRfM,716
-troubadix/__version__.py,sha256=u9FnDhh-YcJ5SxwN459lv4y5J4xuIuXl2bH00srEsSE,103
+troubadix/__version__.py,sha256=lZcyOTD2zLRXyO-NVRs_xz_Qm2HIqrRLD36Mz8p9gng,103
 troubadix/argparser.py,sha256=-H07Jhqh68_M4Mbjq9qJjTr3MShy_N2pxl2qHA6cfRU,7481
-troubadix/codespell/codespell.additions,sha256=E62zoHJavUhcbMoyBqO2rOUe3OqIXikh7uAiGmNs5uw,524
-troubadix/codespell/codespell.exclude,sha256=8blBv8KRrKU4KQhneHOPth1tSCYdrEoOCI5kYRfhOEA,147451
+troubadix/codespell/codespell.additions,sha256=SJPlIo8vEKEOTftY6ZBSXzcfyv6y9aFAXl9FdpcMxD0,561
+troubadix/codespell/codespell.exclude,sha256=W1dHEbKuXZbiLMRLhUPIzhCV1ptHqPLuaB6VsJLxn64,147965
 troubadix/codespell/codespell.ignore,sha256=2CP8u6O2VENcDpt2FfEDNmfa1Eh3D80yeYHT54GM1X4,1512
 troubadix/helper/__init__.py,sha256=tp2fPLzwGEA_2eiJbvuePiY6rjYSFxx7VUsCV4fSwvw,1110
 troubadix/helper/date_format.py,sha256=2m8EWZPmTQ1kxgv4i5hrPoPlAA8usjz28aRff352zNU,2488
@@ -14,7 +14,7 @@ troubadix/helper/remove_comments.py,sha256=zjhXPQXgKaEOparAdu4aBXcJlEul8LbNaP3uL
 troubadix/helper/text_utils.py,sha256=gBX0box9VtgA0CMfE0u2Vvi1IuOopxUfCQFYn_1wVjE,2543
 troubadix/plugin.py,sha256=3fQPj3Qe_hgwHerlYE4hbdzYMzRU557NxJ-UwtE9mOI,3525
 troubadix/plugins/__init__.py,sha256=7NqTzddmptQZJ_s1yxpamVo0Y8zohAWlEQU2lf103_Y,8745
-troubadix/plugins/badwords.py,sha256=k1A1d2pdXzie87FGGXrykP2BgdZbY5QtmQItupHtNyw,4701
+troubadix/plugins/badwords.py,sha256=wiuzCoE5s2cU3MSzOIzlBGX9jyJPdvKTe007vfCW6RM,4885
 troubadix/plugins/copyright_text.py,sha256=jYsLWmTbT_A78XQQxQFK-5kMMHkh3xdvlh7mEF2dZGU,3583
 troubadix/plugins/copyright_year.py,sha256=XzM9MHVzOXwNLwHpfuaWj8PUOmswr56SBVOLBdvxjd4,5478
 troubadix/plugins/creation_date.py,sha256=PRM5z_7cgQhRQ7Kx7ufF8E8LzVNGP5hLSeH25UWJEn8,2403
@@ -30,8 +30,8 @@ troubadix/plugins/duplicated_script_tags.py,sha256=UPBR2jbU15JLKJlVk1e2GFREH5Wj5
 troubadix/plugins/encoding.py,sha256=zNzqNpP39TUwOklnc8OJ3OIUelAN_hvnuBYoa3Pz764,2104
 troubadix/plugins/forking_nasl_functions.py,sha256=IUtCrTK_sGDx79jAPS8lF_aN8zSG2AkzfC6duTMvJOw,6069
 troubadix/plugins/get_kb_on_services.py,sha256=oFmcjiF7ZD3x5tEbJEoZNn80y1qUzNgeSZNsogSqaZ0,3401
-troubadix/plugins/grammar.py,sha256=9VPdf4nO-UOE2P8fiAKgh_8GwjGbLztPEixb2AQyeFU,9642
-troubadix/plugins/http_links_in_tags.py,sha256=yKT5SgLo__TJKAfudfIHkoMF0g9VtOP4VI77dANj014,7221
+troubadix/plugins/grammar.py,sha256=amzdZaXMPS5B8UnMbrno48Xl3n-5tfTA6IRIdMxOmDE,9650
+troubadix/plugins/http_links_in_tags.py,sha256=F4fm74M3CbmWOJoCyDdEO-bKQahFsHL6vs4ZynhHEkc,7325
 troubadix/plugins/if_statement_syntax.py,sha256=5BRJwCCghvZn1AfvYzmk8l9S7aRqbVaLHhSKod_Q9zw,1429
 troubadix/plugins/illegal_characters.py,sha256=B6q_RU85AxCjLry56Oc-RhMSpnJU8mTrxclRzi1FVFU,4406
 troubadix/plugins/log_messages.py,sha256=COrnp3bXMG8PRIAD2x5Ka9hk-jI16We9ifXj6JBZI0c,2960
@@ -57,7 +57,7 @@ troubadix/plugins/script_tag_whitespaces.py,sha256=2ZqiNufPIyr5Wmcuap3Wy8RXO_CHG
 troubadix/plugins/script_tags_mandatory.py,sha256=NTAxypWalrfyd2YjzK-kH4BHeah4MZiFNeyNaKHNz-c,2695
 troubadix/plugins/script_version_and_last_modification_tags.py,sha256=Yz9dQwrsRfIqXwPd8Re8aDu--SBjgufWOA6U7tW4JW4,7638
 troubadix/plugins/script_xref_form.py,sha256=5L1KPUHiKbe-71o-X0cUBT844XvIOsAJbB14gnYTod0,1848
-troubadix/plugins/script_xref_url.py,sha256=dUTq0ghreVBHFJnwSInmMoQAQwU0oh959mMz4l6rWA0,5331
+troubadix/plugins/script_xref_url.py,sha256=niUIbMhB8KDo98eKSAHJTUNnHtV2NRl18-dX2fuPmP0,5347
 troubadix/plugins/security_messages.py,sha256=EPu3-YB0iP5_hfbQjrfvvTrQRiPgDjC85GTz3V-by0Q,4629
 troubadix/plugins/set_get_kb_calls.py,sha256=WGu1CKLjn3VhbDo33IJ4TtWQ-kz9gInkJskTqOSMM6k,3415
 troubadix/plugins/severity_date.py,sha256=PtVQrZfJNZ23FO-hDFbAaA5YZdv5gm4Se0llFL7sKLM,1492
@@ -72,7 +72,7 @@ troubadix/plugins/tabs.py,sha256=7zXaTZe4cZoZvrLyqntVfTeNN_W3D8dfQl67QevXxtc,131
 troubadix/plugins/todo_tbd.py,sha256=MN5fFwBhPmt3JDQ2Hx20B8yUy1vz7LIZC3rDIOzfW9M,1758
 troubadix/plugins/trailing_spaces_tabs.py,sha256=nMly8ZsmGprxHvwCDclKBDRB0eq6JEkjERYKvtStkY4,1873
 troubadix/plugins/using_display.py,sha256=jCl55MXujaO4VlwN_yex269CKnH-oHiMeq8WqvDmGRI,3760
-troubadix/plugins/valid_oid.py,sha256=zoSDyHdePitXJwCtBk4WExtCN36Ql5NATgoQh90oKpI,17824
+troubadix/plugins/valid_oid.py,sha256=-V38BX8AttZ1iiHsNelnynL9oBBr6Arws1RriLnI7ys,17712
 troubadix/plugins/valid_script_tag_names.py,sha256=6uMJsBdV-Zx-k1F2_MWmQPHXNo1u0ifuosbftbg-27E,3447
 troubadix/plugins/variable_assigned_in_if.py,sha256=NNz8iuzyQ4rSM6My4WYC1s5TABQqgs7us15PkDA-VV0,3285
 troubadix/plugins/variable_redefinition_in_foreach.py,sha256=SfaA70TkpD9dsvNbhwJEA3eLAHWvj4YwksN-qeBMowg,2470
@@ -108,8 +108,8 @@ troubadix/standalone_plugins/no_solution.py,sha256=p_-az9Igl4GH6HnhLLYbYlWIiEP64
 troubadix/standalone_plugins/util.py,sha256=JTXGmi-_BJouTNe6QzEosLlXUt9jKW-3fz4db05RJJw,696
 troubadix/standalone_plugins/version_updated.py,sha256=6YHF0OjL5NWszQdsSh7XzlSji1e6Uaqwu_Y6m3R0mvI,4203
 troubadix/troubadix.py,sha256=5__Jz3bYSrya4aG6RCBWxqnsDepXfwXZ3v0bjCzEFi0,6039
-troubadix-25.7.3.dist-info/LICENSE,sha256=OXLcl0T2SZ8Pmy2_dmlvKuetivmyPd5m1q-Gyd-zaYY,35149
-troubadix-25.7.3.dist-info/METADATA,sha256=Gom5h4veT9nQrAy-44KjDlz5TunMgOFJpu13dLmzkAo,4462
-troubadix-25.7.3.dist-info/WHEEL,sha256=b4K_helf-jlQoXBBETfwnf4B04YC67LOev0jo4fX5m8,88
-troubadix-25.7.3.dist-info/entry_points.txt,sha256=ETEPBi4fKv3o7hzkzceX4838G6g5_5wRdEddYot8N6A,920
-troubadix-25.7.3.dist-info/RECORD,,
+troubadix-25.8.1.dist-info/LICENSE,sha256=OXLcl0T2SZ8Pmy2_dmlvKuetivmyPd5m1q-Gyd-zaYY,35149
+troubadix-25.8.1.dist-info/METADATA,sha256=_5wU9sjzeyKPAc-brUi-0TB3R3AkJMsWb2SdEjuRsZ0,4462
+troubadix-25.8.1.dist-info/WHEEL,sha256=b4K_helf-jlQoXBBETfwnf4B04YC67LOev0jo4fX5m8,88
+troubadix-25.8.1.dist-info/entry_points.txt,sha256=ETEPBi4fKv3o7hzkzceX4838G6g5_5wRdEddYot8N6A,920
+troubadix-25.8.1.dist-info/RECORD,,