jameswhite/vulnerable_versions.rb

## vulnerable_versions.rb
if FileTest.exists?("/usr/bin/apt-get")
  unless File.exists?("/etc/facter/facts.d/needs_security_patches.txt")
    Facter.add("needs_security_patches") do
      case Facter.value("lsbdistcodename")
        when 'precise'
          setcode "[ $(apt-get --dry-run upgrade 2>/dev/null | grep '^Inst '|wc -l) -eq 0 ] && echo 'false' || [ $(apt-get --target-release=precise-security --dry-run upgrade 2>/dev/null | grep Inst | wc -l) -eq 0 ] || echo true"
        when 'trusty'
          setcode "[ $(apt-get --dry-run upgrade 2>/dev/null | grep '^Inst '|wc -l) -eq 0 ] && echo 'false' || [ $(apt-get --target-release=trusty-security --dry-run upgrade 2>/dev/null | grep Inst | wc -l) -eq 0 ] || echo true"
        else
            setcode "[ $(apt-get                                   --dry-run upgrade 2>/dev/null | grep Inst | wc -l) -eq 0 ] && echo false || echo true"
        end
    end
  end

  unless File.exists?("/etc/facter/facts.d/needed_security_patch_count.txt")
    Facter.add("needed_security_patch_count") do
      case Facter.value("lsbdistcodename")
        when 'precise'
          setcode "[ $(apt-get --dry-run upgrade 2>/dev/null | grep '^Inst '|wc -l) -eq 0 ] && echo '0' || apt-get --target-release=precise-security --dry-run upgrade 2>/dev/null | grep Inst | wc -l"
        when 'trusty'
          setcode "[ $(apt-get --dry-run upgrade 2>/dev/null | grep '^Inst '|wc -l) -eq 0 ] && echo '0' || apt-get --target-release=trusty-security --dry-run upgrade 2>/dev/null | grep Inst | wc -l"
        else
            setcode "apt-get                                   --dry-run upgrade 2>/dev/null | grep Inst | wc -l"
        end
    end
  end
end

if FileTest.exists?("/usr/bin/dpkg-query")
  Facter.add("version_libgnutls26") do
    confine :lsbdistid => "Ubuntu"
    setcode "/usr/bin/dpkg-query -W -f='${Version}' libgnutls26"
  end
  Facter.add("version_openssl") do
    setcode "/usr/bin/dpkg-query -W -f='${Version}' openssl"
  end
  Facter.add("version_bash") do
    setcode "/usr/bin/dpkg-query -W -f='${Version}' bash"
  end
  Facter.add("version_libdpkg-perl") do
    case Facter.value("lsbdistcodename")
      when 'precise'
        setcode "/usr/bin/dpkg-query -W -f='${Version}' libdpkg-perl"
      else
        setcode "not_checked"
     end
  end
  Facter.add("version_libpng12-0") do
    case Facter.value("lsbdistcodename")
      when 'precise'
        setcode "/usr/bin/dpkg-query -W -f='${Version}' libpng12-0"
      when 'trusty'
        setcode "/usr/bin/dpkg-query -W -f='${Version}' libpng12-0"
      else
        setcode "not_checked"
     end
  end

  Facter.add("version_libc6") do
    setcode "/usr/bin/dpkg-query -W -f='${Version}' libc6"
  end

  Facter.add("vulnerable_libc6") do
    case Facter.value("lsbdistcodename")
      when 'precise'
        setcode "dpkg --compare-versions $(/usr/bin/dpkg-query -W -f='${Version}' libc6) lt 2.15-0ubuntu10.13 && echo true || echo false"
      when 'trusty'
        setcode "dpkg --compare-versions $(/usr/bin/dpkg-query -W -f='${Version}' libc6) lt 2.19-0ubuntu6.7 && echo true || echo false"
      else
        setcode "not_checked"
     end
  end

  Facter.add("vulnerable_libgnutls26") do
    confine :lsbdistid => "Ubuntu"
    setcode "dpkg --compare-versions $(/usr/bin/dpkg-query -W -f='${Version}' libgnutls26) lt 2.12.14-5ubuntu3.9 && echo true || echo false"
  end
  Facter.add("vulnerable_openssl") do
    confine :lsbdistid => "Ubuntu"
    setcode "dpkg --compare-versions $(/usr/bin/dpkg-query -W -f='${Version}' openssl) lt 1.0.1-4ubuntu5.38+github1 && echo true || echo false"
  end
  Facter.add("vulnerable_dpkg") do
    case Facter.value("lsbdistcodename")
      when 'precise'
        setcode "dpkg --compare-versions $(/usr/bin/dpkg-query -W -f='${Version}' libdpkg-perl) lt 1.16.1.2ubuntu7.6 && echo true || echo false"
      else
        setcode "not_checked"
     end
  end
  Facter.add("vulnerable_libpng") do
    case Facter.value("lsbdistcodename")
      when 'precise'
        setcode "dpkg --compare-versions $(/usr/bin/dpkg-query -W -f='${Version}' libpng12-0 ) lt 1.2.46-3ubuntu4.2 && echo true || echo false"
      when 'trusty'
        setcode "dpkg --compare-versions $(/usr/bin/dpkg-query -W -f='${Version}' libpng12-0 ) lt 1.2.50-1ubuntu2.14.04.2 && echo true || echo false"
      else
        setcode "not_checked"
     end
  end

end
	if FileTest.exists?("/usr/bin/apt-get")
	unless File.exists?("/etc/facter/facts.d/needs_security_patches.txt")
	Facter.add("needs_security_patches") do
	case Facter.value("lsbdistcodename")
	when 'precise'
	setcode "[ $(apt-get --dry-run upgrade 2>/dev/null \| grep '^Inst '\|wc -l) -eq 0 ] && echo 'false' \|\| [ $(apt-get --target-release=precise-security --dry-run upgrade 2>/dev/null \| grep Inst \| wc -l) -eq 0 ] \|\| echo true"
	when 'trusty'
	setcode "[ $(apt-get --dry-run upgrade 2>/dev/null \| grep '^Inst '\|wc -l) -eq 0 ] && echo 'false' \|\| [ $(apt-get --target-release=trusty-security --dry-run upgrade 2>/dev/null \| grep Inst \| wc -l) -eq 0 ] \|\| echo true"
	else
	setcode "[ $(apt-get --dry-run upgrade 2>/dev/null \| grep Inst \| wc -l) -eq 0 ] && echo false \|\| echo true"
	end
	end
	end

	unless File.exists?("/etc/facter/facts.d/needed_security_patch_count.txt")
	Facter.add("needed_security_patch_count") do
	case Facter.value("lsbdistcodename")
	when 'precise'
	setcode "[ $(apt-get --dry-run upgrade 2>/dev/null \| grep '^Inst '\|wc -l) -eq 0 ] && echo '0' \|\| apt-get --target-release=precise-security --dry-run upgrade 2>/dev/null \| grep Inst \| wc -l"
	when 'trusty'
	setcode "[ $(apt-get --dry-run upgrade 2>/dev/null \| grep '^Inst '\|wc -l) -eq 0 ] && echo '0' \|\| apt-get --target-release=trusty-security --dry-run upgrade 2>/dev/null \| grep Inst \| wc -l"
	else
	setcode "apt-get --dry-run upgrade 2>/dev/null \| grep Inst \| wc -l"
	end
	end
	end
	end

	if FileTest.exists?("/usr/bin/dpkg-query")
	Facter.add("version_libgnutls26") do
	confine :lsbdistid => "Ubuntu"
	setcode "/usr/bin/dpkg-query -W -f='${Version}' libgnutls26"
	end
	Facter.add("version_openssl") do
	setcode "/usr/bin/dpkg-query -W -f='${Version}' openssl"
	end
	Facter.add("version_bash") do
	setcode "/usr/bin/dpkg-query -W -f='${Version}' bash"
	end
	Facter.add("version_libdpkg-perl") do
	case Facter.value("lsbdistcodename")
	when 'precise'
	setcode "/usr/bin/dpkg-query -W -f='${Version}' libdpkg-perl"
	else
	setcode "not_checked"
	end
	end
	Facter.add("version_libpng12-0") do
	case Facter.value("lsbdistcodename")
	when 'precise'
	setcode "/usr/bin/dpkg-query -W -f='${Version}' libpng12-0"
	when 'trusty'
	setcode "/usr/bin/dpkg-query -W -f='${Version}' libpng12-0"
	else
	setcode "not_checked"
	end
	end

	Facter.add("version_libc6") do
	setcode "/usr/bin/dpkg-query -W -f='${Version}' libc6"
	end

	Facter.add("vulnerable_libc6") do
	case Facter.value("lsbdistcodename")
	when 'precise'
	setcode "dpkg --compare-versions $(/usr/bin/dpkg-query -W -f='${Version}' libc6) lt 2.15-0ubuntu10.13 && echo true \|\| echo false"
	when 'trusty'
	setcode "dpkg --compare-versions $(/usr/bin/dpkg-query -W -f='${Version}' libc6) lt 2.19-0ubuntu6.7 && echo true \|\| echo false"
	else
	setcode "not_checked"
	end
	end

	Facter.add("vulnerable_libgnutls26") do
	confine :lsbdistid => "Ubuntu"
	setcode "dpkg --compare-versions $(/usr/bin/dpkg-query -W -f='${Version}' libgnutls26) lt 2.12.14-5ubuntu3.9 && echo true \|\| echo false"
	end
	Facter.add("vulnerable_openssl") do
	confine :lsbdistid => "Ubuntu"
	setcode "dpkg --compare-versions $(/usr/bin/dpkg-query -W -f='${Version}' openssl) lt 1.0.1-4ubuntu5.38+github1 && echo true \|\| echo false"
	end
	Facter.add("vulnerable_dpkg") do
	case Facter.value("lsbdistcodename")
	when 'precise'
	setcode "dpkg --compare-versions $(/usr/bin/dpkg-query -W -f='${Version}' libdpkg-perl) lt 1.16.1.2ubuntu7.6 && echo true \|\| echo false"
	else
	setcode "not_checked"
	end
	end
	Facter.add("vulnerable_libpng") do
	case Facter.value("lsbdistcodename")
	when 'precise'
	setcode "dpkg --compare-versions $(/usr/bin/dpkg-query -W -f='${Version}' libpng12-0 ) lt 1.2.46-3ubuntu4.2 && echo true \|\| echo false"
	when 'trusty'
	setcode "dpkg --compare-versions $(/usr/bin/dpkg-query -W -f='${Version}' libpng12-0 ) lt 1.2.50-1ubuntu2.14.04.2 && echo true \|\| echo false"
	else
	setcode "not_checked"
	end
	end

	end