File: ndiff

package info (click to toggle)
nmap 6.47-3%2Bdeb8u2
  • links: PTS, VCS
  • area: main
  • in suites: jessie
  • size: 44,788 kB
  • ctags: 25,108
  • sloc: ansic: 89,741; cpp: 62,412; sh: 19,492; python: 17,323; xml: 11,413; perl: 2,529; makefile: 2,503; yacc: 608; lex: 469; asm: 372; java: 45
file content (85 lines) | stat: -rwxr-xr-x 2,548 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
 
#!/usr/bin/env python

# Ndiff
#
# This programs reads two Nmap XML files and displays a list of their
# differences.
#
# Copyright 2008 Insecure.Com LLC
# Ndiff is distributed under the same license as Nmap. See the file COPYING or
# http://nmap.org/data/COPYING. See http://nmap.org/book/man-legal.html for more
# details.
#
# David Fifield
# based on a design by Michael Pattrick

import sys

# Check if the given directory, and all its parent directories, are owned and
# writable only by our euid or by root. If symlinks are present, they are
# recursively checked, up to a limit of SYMLINK_LIMIT.
# https://www.securecoding.cert.org/confluence/display/seccode/FIO15-C.+Ensure+that+file+operations+are+performed+in+a+secure+directory
# We use this code for Zenmap too
SYMLINK_LIMIT = 5
def is_secure_dir(path, num_symlinks=0):
    import os
    import os.path
    import stat

    if not os.path.isabs(path):
        return False

    if num_symlinks >= SYMLINK_LIMIT:
        return False

    dirs = []
    while True:
        dirs.append(path)
        dirname = os.path.dirname(path)
        if dirname == path:
            break
        path = dirname
    # Traverse root-to-leaf.
    dirs.reverse()

    for dir in dirs:
        if os.path.islink(dir):
            link = os.readlink(dir)
            if not is_secure_dir(link, num_symlinks + 1):
                return False
            continue
        if not os.path.isdir(dir):
            return False
        buf = os.stat(dir)
        if buf.st_uid != os.geteuid() and buf.st_uid != 0:
            return False
        if buf.st_mode & (stat.S_IWGRP | stat.S_IWOTH) != 0:
            return False

    return True

# Add the install_lib directory to sys.path, the list of directories searched
# for modules, but don't do it if the directory or its parents may be writable
# by other users. The following line is replaced by the installation program.
INSTALL_LIB = None
if INSTALL_LIB is not None and is_secure_dir(INSTALL_LIB):
    sys.path.append(INSTALL_LIB)

try:
    import ndiff
except ImportError, e:
    print >> sys.stderr, """\
Could not import the ndiff module: %s.
I checked in these directories:""" % repr(e.message)
    for dir in sys.path:
        print >> sys.stderr, "    %s" % dir
    print >> sys.stderr, """\
If you installed Ndiff in another directory, you may have to add the
modules directory to the PYTHONPATH environment variable."""
    sys.exit(1)

import ndiff

if __name__ == "__main__":
    sys.excepthook = ndiff.excepthook
    sys.exit(ndiff.main())