mirror of
https://github.com/tips-of-mine/GLPI-Plugin-CVE-Prototype.git
synced 2025-06-28 07:08:44 +02:00
Start repository
This commit is contained in:
tips-of-mine
273
inc/menu.class.php
Normal file
273
inc/menu.class.php
Normal file
@ -0,0 +1,273 @@
|
||||
<?php
|
||||
/**
|
||||
* GLPI CVE Plugin - Menu Class
|
||||
* Manages the plugin menu entries
|
||||
*/
|
||||
|
||||
if (!defined('GLPI_ROOT')) {
|
||||
die("Sorry. You can't access this file directly");
|
||||
}
|
||||
|
||||
/**
|
||||
* PluginCveCveMenu class for managing plugin menu entries
|
||||
*/
|
||||
class PluginCveCveMenu extends CommonGLPI {
|
||||
|
||||
static $rightname = 'plugin_cve_cve';
|
||||
|
||||
/**
|
||||
* Get name of this type by language of the user connected
|
||||
*
|
||||
* @param integer $nb number of elements
|
||||
* @return string name of this type
|
||||
*/
|
||||
static function getTypeName($nb = 0) {
|
||||
return __('Vulnérabilité', 'cve');
|
||||
}
|
||||
|
||||
/**
|
||||
* Get menu name
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
static function getMenuName() {
|
||||
return __('Vulnérabilité', 'cve');
|
||||
}
|
||||
|
||||
/**
|
||||
* Get menu comment
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
static function getMenuComment() {
|
||||
return __('Common Vulnerabilities and Exposures', 'cve');
|
||||
}
|
||||
|
||||
/**
|
||||
* Check plugin's rights
|
||||
*
|
||||
* @return boolean
|
||||
*/
|
||||
static function canView() {
|
||||
return Session::haveRight(self::$rightname, READ);
|
||||
}
|
||||
|
||||
/**
|
||||
* Check plugin's rights for creation
|
||||
*
|
||||
* @return boolean
|
||||
*/
|
||||
static function canCreate() {
|
||||
return Session::haveRight(self::$rightname, CREATE);
|
||||
}
|
||||
|
||||
/**
|
||||
* Get plugin menu items
|
||||
*
|
||||
* @param string $menu Menu name
|
||||
* @return array Menu entry
|
||||
*/
|
||||
static function getMenuContent() {
|
||||
$menu = [];
|
||||
|
||||
if (PluginCveCve::canView()) {
|
||||
$menu['title'] = self::getMenuName();
|
||||
$menu['page'] = '/plugins/cve/front/cve.php';
|
||||
$menu['icon'] = 'fas fa-shield-alt';
|
||||
|
||||
$menu['options'] = [
|
||||
'cve' => [
|
||||
'title' => PluginCveCve::getTypeName(),
|
||||
'page' => '/plugins/cve/front/cve.php',
|
||||
'icon' => 'fas fa-shield-alt',
|
||||
],
|
||||
'cvesource' => [
|
||||
'title' => PluginCveCveSource::getTypeName(),
|
||||
'page' => '/plugins/cve/front/cvesource.php',
|
||||
'icon' => 'fas fa-database',
|
||||
],
|
||||
'cverule' => [
|
||||
'title' => PluginCveCveRule::getTypeName(),
|
||||
'page' => '/plugins/cve/front/cverule.php',
|
||||
'icon' => 'fas fa-cogs',
|
||||
]
|
||||
];
|
||||
|
||||
$menu['options']['dashboard'] = [
|
||||
'title' => __('Dashboard', 'cve'),
|
||||
'page' => '/plugins/cve/front/dashboard.php',
|
||||
'icon' => 'fas fa-tachometer-alt',
|
||||
];
|
||||
|
||||
// Add inventory and alerts menu items
|
||||
if (Session::haveRight('plugin_cve_inventory', READ)) {
|
||||
$menu['options']['inventory'] = [
|
||||
'title' => PluginCveCveInventory::getTypeName(),
|
||||
'page' => '/plugins/cve/front/inventory.php',
|
||||
'icon' => 'fas fa-laptop',
|
||||
];
|
||||
}
|
||||
|
||||
if (Session::haveRight('plugin_cve_alert', READ)) {
|
||||
$menu['options']['alert'] = [
|
||||
'title' => PluginCveCveAlert::getTypeName(),
|
||||
'page' => '/plugins/cve/front/alert.php',
|
||||
'icon' => 'fas fa-exclamation-triangle',
|
||||
];
|
||||
}
|
||||
}
|
||||
|
||||
return $menu;
|
||||
}
|
||||
|
||||
/**
|
||||
* Get main tabs
|
||||
*
|
||||
* @param array $options
|
||||
* @return array
|
||||
*/
|
||||
function getTabNameForItem(CommonGLPI $item, $withtemplate = 0) {
|
||||
if ($item->getType() == 'Ticket') {
|
||||
if (PluginCveCve::canView()) {
|
||||
return [1 => __('CVEs', 'cve')];
|
||||
}
|
||||
}
|
||||
|
||||
// Add tab to software
|
||||
if ($item->getType() == 'Software' && Session::haveRight('plugin_cve_inventory', READ)) {
|
||||
return [1 => __('Vulnerabilities', 'cve')];
|
||||
}
|
||||
|
||||
return [];
|
||||
}
|
||||
|
||||
/**
|
||||
* Display tabs content
|
||||
*
|
||||
* @param CommonGLPI $item
|
||||
* @param int $tabnum
|
||||
* @param int $withtemplate
|
||||
* @return boolean
|
||||
*/
|
||||
static function displayTabContentForItem(CommonGLPI $item, $tabnum = 1, $withtemplate = 0) {
|
||||
if ($item->getType() == 'Ticket') {
|
||||
PluginCveCveTicket::showForTicket($item);
|
||||
return true;
|
||||
}
|
||||
|
||||
if ($item->getType() == 'Software') {
|
||||
self::showVulnerabilitiesForSoftware($item);
|
||||
return true;
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* Show vulnerabilities for a software
|
||||
*
|
||||
* @param Software $software Software object
|
||||
* @return void
|
||||
*/
|
||||
static function showVulnerabilitiesForSoftware(Software $software) {
|
||||
global $DB;
|
||||
|
||||
$ID = $software->getField('id');
|
||||
|
||||
echo "<div class='center'>";
|
||||
|
||||
// Get vulnerabilities for this software
|
||||
$query = "SELECT a.*,
|
||||
c.cve_id,
|
||||
c.severity AS cve_severity,
|
||||
c.cvss_score,
|
||||
c.description,
|
||||
v.name AS version_name
|
||||
FROM `glpi_plugin_cve_alerts` AS a
|
||||
LEFT JOIN `glpi_plugin_cve_cves` AS c ON c.id = a.cves_id
|
||||
LEFT JOIN `glpi_softwareversions` AS v ON v.id = a.softwareversions_id
|
||||
WHERE a.softwares_id = $ID
|
||||
ORDER BY c.severity DESC, c.cvss_score DESC";
|
||||
|
||||
$result = $DB->query($query);
|
||||
|
||||
if ($result && $DB->numrows($result) > 0) {
|
||||
echo "<table class='tab_cadre_fixe'>";
|
||||
echo "<tr class='tab_bg_2'><th colspan='6'>" . __('Vulnerabilities', 'cve') . "</th></tr>";
|
||||
|
||||
echo "<tr class='tab_bg_1'>";
|
||||
echo "<th>" . __('CVE ID', 'cve') . "</th>";
|
||||
echo "<th>" . __('Version', 'cve') . "</th>";
|
||||
echo "<th>" . __('Severity', 'cve') . "</th>";
|
||||
echo "<th>" . __('CVSS Score', 'cve') . "</th>";
|
||||
echo "<th>" . __('Description', 'cve') . "</th>";
|
||||
echo "<th>" . __('Status', 'cve') . "</th>";
|
||||
echo "</tr>";
|
||||
|
||||
while ($data = $DB->fetchAssoc($result)) {
|
||||
echo "<tr class='tab_bg_1'>";
|
||||
|
||||
// CVE ID
|
||||
echo "<td>";
|
||||
echo "<a href='" . PluginCveCve::getFormURLWithID($data['cves_id']) . "'>";
|
||||
echo $data['cve_id'];
|
||||
echo "</a>";
|
||||
echo "</td>";
|
||||
|
||||
// Version
|
||||
echo "<td>";
|
||||
echo $data['version_name'];
|
||||
echo "</td>";
|
||||
|
||||
// Severity
|
||||
echo "<td>";
|
||||
echo "<span class='" . PluginCveCve::getSeverityClass($data['severity']) . "'>";
|
||||
echo $data['severity'];
|
||||
echo "</span>";
|
||||
echo "</td>";
|
||||
|
||||
// CVSS Score
|
||||
echo "<td>";
|
||||
echo $data['cvss_score'];
|
||||
echo "</td>";
|
||||
|
||||
// Description
|
||||
echo "<td>";
|
||||
echo Html::resume_text($data['description'], 100);
|
||||
echo "</td>";
|
||||
|
||||
// Status
|
||||
echo "<td>";
|
||||
echo $data['status'];
|
||||
if ($data['tickets_id'] > 0) {
|
||||
echo " (";
|
||||
echo "<a href='" . Ticket::getFormURLWithID($data['tickets_id']) . "'>";
|
||||
echo __('Ticket', 'cve') . " #" . $data['tickets_id'];
|
||||
echo "</a>";
|
||||
echo ")";
|
||||
}
|
||||
echo "</td>";
|
||||
|
||||
echo "</tr>";
|
||||
}
|
||||
|
||||
echo "</table>";
|
||||
} else {
|
||||
echo "<table class='tab_cadre_fixe'>";
|
||||
echo "<tr class='tab_bg_2'><th>" . __('Vulnerabilities', 'cve') . "</th></tr>";
|
||||
echo "<tr class='tab_bg_1'><td class='center'>" . __('No vulnerabilities found for this software', 'cve') . "</td></tr>";
|
||||
echo "</table>";
|
||||
}
|
||||
|
||||
// Manual scan button
|
||||
if (Session::haveRight("plugin_cve_inventory", UPDATE)) {
|
||||
echo "<div class='center' style='margin-top: 10px;'>";
|
||||
echo "<form method='post' action='/plugins/cve/front/inventory.php'>";
|
||||
echo "<input type='submit' name='scan_now' value=\"" . __('Scan for vulnerabilities now', 'cve') . "\" class='submit'>";
|
||||
Html::closeForm();
|
||||
echo "</div>";
|
||||
}
|
||||
|
||||
echo "</div>";
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user