mirror of
https://github.com/tips-of-mine/GLPI-Plugin-CVE-Prototype.git
synced 2025-06-27 22:58:45 +02:00
273 lines
8.0 KiB
PHP
273 lines
8.0 KiB
PHP
<?php
|
|
/**
|
|
* GLPI CVE Plugin - Menu Class
|
|
* Manages the plugin menu entries
|
|
*/
|
|
|
|
if (!defined('GLPI_ROOT')) {
|
|
die("Sorry. You can't access this file directly");
|
|
}
|
|
|
|
/**
|
|
* PluginCveCveMenu class for managing plugin menu entries
|
|
*/
|
|
class PluginCveCveMenu extends CommonGLPI {
|
|
|
|
static $rightname = 'plugin_cve_cve';
|
|
|
|
/**
|
|
* Get name of this type by language of the user connected
|
|
*
|
|
* @param integer $nb number of elements
|
|
* @return string name of this type
|
|
*/
|
|
static function getTypeName($nb = 0) {
|
|
return __('Vulnérabilité', 'cve');
|
|
}
|
|
|
|
/**
|
|
* Get menu name
|
|
*
|
|
* @return string
|
|
*/
|
|
static function getMenuName() {
|
|
return __('Vulnérabilité', 'cve');
|
|
}
|
|
|
|
/**
|
|
* Get menu comment
|
|
*
|
|
* @return string
|
|
*/
|
|
static function getMenuComment() {
|
|
return __('Common Vulnerabilities and Exposures', 'cve');
|
|
}
|
|
|
|
/**
|
|
* Check plugin's rights
|
|
*
|
|
* @return boolean
|
|
*/
|
|
static function canView() {
|
|
return Session::haveRight(self::$rightname, READ);
|
|
}
|
|
|
|
/**
|
|
* Check plugin's rights for creation
|
|
*
|
|
* @return boolean
|
|
*/
|
|
static function canCreate() {
|
|
return Session::haveRight(self::$rightname, CREATE);
|
|
}
|
|
|
|
/**
|
|
* Get plugin menu items
|
|
*
|
|
* @param string $menu Menu name
|
|
* @return array Menu entry
|
|
*/
|
|
static function getMenuContent() {
|
|
$menu = [];
|
|
|
|
if (PluginCveCve::canView()) {
|
|
$menu['title'] = self::getMenuName();
|
|
$menu['page'] = '/plugins/cve/front/cve.php';
|
|
$menu['icon'] = 'fas fa-shield-alt';
|
|
|
|
$menu['options'] = [
|
|
'cve' => [
|
|
'title' => PluginCveCve::getTypeName(),
|
|
'page' => '/plugins/cve/front/cve.php',
|
|
'icon' => 'fas fa-shield-alt',
|
|
],
|
|
'cvesource' => [
|
|
'title' => PluginCveCveSource::getTypeName(),
|
|
'page' => '/plugins/cve/front/cvesource.php',
|
|
'icon' => 'fas fa-database',
|
|
],
|
|
'cverule' => [
|
|
'title' => PluginCveCveRule::getTypeName(),
|
|
'page' => '/plugins/cve/front/cverule.php',
|
|
'icon' => 'fas fa-cogs',
|
|
]
|
|
];
|
|
|
|
$menu['options']['dashboard'] = [
|
|
'title' => __('Dashboard', 'cve'),
|
|
'page' => '/plugins/cve/front/dashboard.php',
|
|
'icon' => 'fas fa-tachometer-alt',
|
|
];
|
|
|
|
// Add inventory and alerts menu items
|
|
if (Session::haveRight('plugin_cve_inventory', READ)) {
|
|
$menu['options']['inventory'] = [
|
|
'title' => PluginCveCveInventory::getTypeName(),
|
|
'page' => '/plugins/cve/front/inventory.php',
|
|
'icon' => 'fas fa-laptop',
|
|
];
|
|
}
|
|
|
|
if (Session::haveRight('plugin_cve_alert', READ)) {
|
|
$menu['options']['alert'] = [
|
|
'title' => PluginCveCveAlert::getTypeName(),
|
|
'page' => '/plugins/cve/front/alert.php',
|
|
'icon' => 'fas fa-exclamation-triangle',
|
|
];
|
|
}
|
|
}
|
|
|
|
return $menu;
|
|
}
|
|
|
|
/**
|
|
* Get main tabs
|
|
*
|
|
* @param array $options
|
|
* @return array
|
|
*/
|
|
function getTabNameForItem(CommonGLPI $item, $withtemplate = 0) {
|
|
if ($item->getType() == 'Ticket') {
|
|
if (PluginCveCve::canView()) {
|
|
return [1 => __('CVEs', 'cve')];
|
|
}
|
|
}
|
|
|
|
// Add tab to software
|
|
if ($item->getType() == 'Software' && Session::haveRight('plugin_cve_inventory', READ)) {
|
|
return [1 => __('Vulnerabilities', 'cve')];
|
|
}
|
|
|
|
return [];
|
|
}
|
|
|
|
/**
|
|
* Display tabs content
|
|
*
|
|
* @param CommonGLPI $item
|
|
* @param int $tabnum
|
|
* @param int $withtemplate
|
|
* @return boolean
|
|
*/
|
|
static function displayTabContentForItem(CommonGLPI $item, $tabnum = 1, $withtemplate = 0) {
|
|
if ($item->getType() == 'Ticket') {
|
|
PluginCveCveTicket::showForTicket($item);
|
|
return true;
|
|
}
|
|
|
|
if ($item->getType() == 'Software') {
|
|
self::showVulnerabilitiesForSoftware($item);
|
|
return true;
|
|
}
|
|
|
|
return false;
|
|
}
|
|
|
|
/**
|
|
* Show vulnerabilities for a software
|
|
*
|
|
* @param Software $software Software object
|
|
* @return void
|
|
*/
|
|
static function showVulnerabilitiesForSoftware(Software $software) {
|
|
global $DB;
|
|
|
|
$ID = $software->getField('id');
|
|
|
|
echo "<div class='center'>";
|
|
|
|
// Get vulnerabilities for this software
|
|
$query = "SELECT a.*,
|
|
c.cve_id,
|
|
c.severity AS cve_severity,
|
|
c.cvss_score,
|
|
c.description,
|
|
v.name AS version_name
|
|
FROM `glpi_plugin_cve_alerts` AS a
|
|
LEFT JOIN `glpi_plugin_cve_cves` AS c ON c.id = a.cves_id
|
|
LEFT JOIN `glpi_softwareversions` AS v ON v.id = a.softwareversions_id
|
|
WHERE a.softwares_id = $ID
|
|
ORDER BY c.severity DESC, c.cvss_score DESC";
|
|
|
|
$result = $DB->query($query);
|
|
|
|
if ($result && $DB->numrows($result) > 0) {
|
|
echo "<table class='tab_cadre_fixe'>";
|
|
echo "<tr class='tab_bg_2'><th colspan='6'>" . __('Vulnerabilities', 'cve') . "</th></tr>";
|
|
|
|
echo "<tr class='tab_bg_1'>";
|
|
echo "<th>" . __('CVE ID', 'cve') . "</th>";
|
|
echo "<th>" . __('Version', 'cve') . "</th>";
|
|
echo "<th>" . __('Severity', 'cve') . "</th>";
|
|
echo "<th>" . __('CVSS Score', 'cve') . "</th>";
|
|
echo "<th>" . __('Description', 'cve') . "</th>";
|
|
echo "<th>" . __('Status', 'cve') . "</th>";
|
|
echo "</tr>";
|
|
|
|
while ($data = $DB->fetchAssoc($result)) {
|
|
echo "<tr class='tab_bg_1'>";
|
|
|
|
// CVE ID
|
|
echo "<td>";
|
|
echo "<a href='" . PluginCveCve::getFormURLWithID($data['cves_id']) . "'>";
|
|
echo $data['cve_id'];
|
|
echo "</a>";
|
|
echo "</td>";
|
|
|
|
// Version
|
|
echo "<td>";
|
|
echo $data['version_name'];
|
|
echo "</td>";
|
|
|
|
// Severity
|
|
echo "<td>";
|
|
echo "<span class='" . PluginCveCve::getSeverityClass($data['severity']) . "'>";
|
|
echo $data['severity'];
|
|
echo "</span>";
|
|
echo "</td>";
|
|
|
|
// CVSS Score
|
|
echo "<td>";
|
|
echo $data['cvss_score'];
|
|
echo "</td>";
|
|
|
|
// Description
|
|
echo "<td>";
|
|
echo Html::resume_text($data['description'], 100);
|
|
echo "</td>";
|
|
|
|
// Status
|
|
echo "<td>";
|
|
echo $data['status'];
|
|
if ($data['tickets_id'] > 0) {
|
|
echo " (";
|
|
echo "<a href='" . Ticket::getFormURLWithID($data['tickets_id']) . "'>";
|
|
echo __('Ticket', 'cve') . " #" . $data['tickets_id'];
|
|
echo "</a>";
|
|
echo ")";
|
|
}
|
|
echo "</td>";
|
|
|
|
echo "</tr>";
|
|
}
|
|
|
|
echo "</table>";
|
|
} else {
|
|
echo "<table class='tab_cadre_fixe'>";
|
|
echo "<tr class='tab_bg_2'><th>" . __('Vulnerabilities', 'cve') . "</th></tr>";
|
|
echo "<tr class='tab_bg_1'><td class='center'>" . __('No vulnerabilities found for this software', 'cve') . "</td></tr>";
|
|
echo "</table>";
|
|
}
|
|
|
|
// Manual scan button
|
|
if (Session::haveRight("plugin_cve_inventory", UPDATE)) {
|
|
echo "<div class='center' style='margin-top: 10px;'>";
|
|
echo "<form method='post' action='/plugins/cve/front/inventory.php'>";
|
|
echo "<input type='submit' name='scan_now' value=\"" . __('Scan for vulnerabilities now', 'cve') . "\" class='submit'>";
|
|
Html::closeForm();
|
|
echo "</div>";
|
|
}
|
|
|
|
echo "</div>";
|
|
}
|
|
} |