find-vulnerable-deployed-component.py

#
# THIS CODE AND INFORMATION ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS
# FOR A PARTICULAR PURPOSE. THIS CODE AND INFORMATION ARE NOT SUPPORTED BY XEBIALABS.
#

import re
import sys
import java.lang.IllegalArgumentException as IllegalArgumentException
from sets import Set

fileName = sys.argv[1]
infraset = set([])
print "\n\n"
print "Searching for uses of vulnerable file [%s]" % fileName


# For every application that is current deployed...
for deployedApp in repository.read(repository.search('udm.DeployedApplication')):
  deploymentPackage = repository.read(deployedApp.version)
  # For every deployable component within the deployment package...
  for deployedId in deployedApp.deployeds:
    try:
      deployed = repository.read(deployedId)
      deployable = repository.read(deployed.deployable)
      if fileName in deployable.fileUri:
        print "Application [%s] deployed to [%s] contains vulnerable file [%s]" % (deploymentPackage,deployedApp.environment,fileName)
        # Add this to the infraset
        infraset.add(deployed.container)
        
    except IllegalArgumentException:
      pass



# Generate a "report"

print "\n\nThe following infrastrucuture is affected by this vulnerability\n\n"


#print sorted(infraset)
#print ""

# Find the common items in our deployed environments and our infrastructure

template = "{0:45}  |  {1:10}"

print template.format("HOST ID", "ADDRESS")
print template.format("=============================================","==========")
for item in sorted(infraset):
  try:
    host = repository.read(repository.read(item).host)
    print template.format(host.id, host.address)
  except IllegalArgumentException:
    print template.format(host.id, "LOCALHOST")