PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-07 13:11:28 +00:00
Code Issues Projects Releases Wiki Activity
Files
7f779ef8b64a33072ec6796871c247c65a8759f8
nmap/ndiff/scripts/ndiff
dmiller f4619edece Update http urls for nmap.org to https
2015-11-05 20:41:05 +00:00

86 lines
2.5 KiB
Python
Executable File
Raw Blame History

#!/usr/bin/env python
# Ndiff
#
# This programs reads two Nmap XML files and displays a list of their
# differences.
#
# Copyright 2008 Insecure.Com LLC
# Ndiff is distributed under the same license as Nmap. See the file COPYING or
# https://nmap.org/data/COPYING. See https://nmap.org/book/man-legal.html for more
# details.
#
# David Fifield
# based on a design by Michael Pattrick
import sys
# Check if the given directory, and all its parent directories, are owned and
# writable only by our euid or by root. If symlinks are present, they are
# recursively checked, up to a limit of SYMLINK_LIMIT.
# https://www.securecoding.cert.org/confluence/display/seccode/FIO15-C.+Ensure+that+file+operations+are+performed+in+a+secure+directory
# We use this code for Zenmap too
SYMLINK_LIMIT = 5
def is_secure_dir(path, num_symlinks=0):
import os
import os.path
import stat
if not os.path.isabs(path):
return False
if num_symlinks >= SYMLINK_LIMIT:
return False
dirs = []
while True:
dirs.append(path)
dirname = os.path.dirname(path)
if dirname == path:
break
path = dirname
# Traverse root-to-leaf.
dirs.reverse()
for dir in dirs:
if os.path.islink(dir):
link = os.readlink(dir)
if not is_secure_dir(link, num_symlinks + 1):
return False
continue
if not os.path.isdir(dir):
return False
buf = os.stat(dir)
if buf.st_uid != os.geteuid() and buf.st_uid != 0:
return False
if buf.st_mode & (stat.S_IWGRP | stat.S_IWOTH) != 0:
return False
return True
# Add the install_lib directory to sys.path, the list of directories searched
# for modules, but don't do it if the directory or its parents may be writable
# by other users. The following line is replaced by the installation program.
INSTALL_LIB = None
if INSTALL_LIB is not None and is_secure_dir(INSTALL_LIB):
sys.path.append(INSTALL_LIB)
try:
import ndiff
except ImportError, e:
print >> sys.stderr, """\
Could not import the ndiff module: %s.
I checked in these directories:""" % repr(e.message)
for dir in sys.path:
print >> sys.stderr, " %s" % dir
print >> sys.stderr, """\
If you installed Ndiff in another directory, you may have to add the
modules directory to the PYTHONPATH environment variable."""
sys.exit(1)
import ndiff
if __name__ == "__main__":
sys.excepthook = ndiff.excepthook
sys.exit(ndiff.main())
Reference in New Issue View Git Blame Copy Permalink