implemented output of item lists in remediation instructions

5 files changed, 162 insertions, 87 deletions

diff --git a/src/libimcv/imv/imv_remediation_string.c b/src/libimcv/imv/imv_remediation_string.c
index 75af83129..47493903f 100644
--- a/src/libimcv/imv/imv_remediation_string.c
+++ b/src/libimcv/imv/imv_remediation_string.c
@@ -49,20 +49,95 @@ struct private_imv_remediation_string_t {
 METHOD(imv_remediation_string_t, add_instruction, void,
 	private_imv_remediation_string_t *this, imv_lang_string_t title[],
 	imv_lang_string_t description[], imv_lang_string_t itemsheader[],
-	linked_list_t *items)
+	linked_list_t *item_list)
 {
-	char xml_format[] = "  <instruction>\n"
-						"    <title>%s</title>\n"
+	char xml_format[] =  "  <instruction>\n"
+						 "    <title>%s</title>\n"
 						"    <description>%s</description>\n"
 						"%s%s"
 						"  </instruction>\n";
-	char *instruction, *format, *s_title, *s_description, *s_itemsheader;
+	char *instruction, *format, *item, *pos, *header, *items;
+	char *s_title, *s_description, *s_itemsheader;
 	size_t len;
 
 	s_title = imv_lang_string_select_string(title, this->lang);
 	s_description = imv_lang_string_select_string(description, this->lang);
 	s_itemsheader = imv_lang_string_select_string(itemsheader, this->lang);
+	header = NULL;
+	items = NULL;
+
+	if (s_itemsheader)
+	{
+		int header_len = strlen(s_itemsheader);
+		char *header_format;
+
+		if (this->as_xml)
+		{
+			header_format = "    <itemsheader>%s</itemsheader>\n";
+			header_len +=  strlen(header_format) - 2;
+		}
+		else
+		{
+			header_format = "\n  %s";
+			header_len += 3;
+		}
+		header = malloc(header_len + 1);
+		sprintf(header, header_format, s_itemsheader);
+	}
+
+	if (item_list && item_list->get_count(item_list))
+	{
+		enumerator_t *enumerator;
+		int items_len = 0;
+
+		/* compute total length of all items */
+		enumerator = item_list->create_enumerator(item_list);
+		while (enumerator->enumerate(enumerator, &item))
+		{
+			items_len += strlen(item);
+		}
+		enumerator->destroy(enumerator);
+
+		if (this->as_xml)
+		{
+			items_len += 12 + 20 * item_list->get_count(item_list) + 13;
+
+			pos = items = malloc(items_len + 1);
+			pos += sprintf(pos, "    <items>\n");
+
+			enumerator = item_list->create_enumerator(item_list);
+			while (enumerator->enumerate(enumerator, &item))
+			{
+				pos += sprintf(pos, "      <item>%s</item>\n", item);
+			}
+			enumerator->destroy(enumerator);
+
+			pos += sprintf(pos, "    </items>\n");
+		}
+		else
+		{
+			items_len += 5 * item_list->get_count(item_list);
+
+			pos = items = malloc(items_len + 1);
+
+			enumerator = item_list->create_enumerator(item_list);
+			while (enumerator->enumerate(enumerator, &item))
+			{
+				pos += sprintf(pos, "\n    %s", item);
+			}
+			enumerator->destroy(enumerator);
+		}
+	}
+
 	len = strlen(s_title) + strlen(s_description);
+	if (header)
+	{
+		len += strlen(header);
+	}
+	if (items)
+	{
+		len += strlen(items);
+	}
 
 	if (this->as_xml)
 	{
@@ -71,11 +146,14 @@ METHOD(imv_remediation_string_t, add_instruction, void,
 	}
 	else
 	{
-		format = this->instructions.len ? "\n%s\n%s%s%s" : "%s\n%s%s%s";
-		len += 2;
+		format = this->instructions.len ? "\n%s\n  %s%s%s" : "%s\n  %s%s%s";
+		len += 4;
 	}
 	instruction = malloc(len + 1);
-	sprintf(instruction, format, s_title, s_description, "", "");
+	sprintf(instruction, format, s_title, s_description, header ? header : "",
+			items ? items : "");
+	free(header);
+	free(items);
 	this->instructions = chunk_cat("mm", this->instructions, 
 							chunk_create(instruction, strlen(instruction)));
 }
diff --git a/src/libimcv/plugins/imv_os/imv_os_state.c b/src/libimcv/plugins/imv_os/imv_os_state.c
index 3b5dac6c0..0fe3d87fe 100644
--- a/src/libimcv/plugins/imv_os/imv_os_state.c
+++ b/src/libimcv/plugins/imv_os/imv_os_state.c
@@ -154,7 +154,7 @@ struct private_imv_os_state_t {
 static char* languages[] = { "en", "de", "pl" };
 
 /**
- * Table of "OS settings" reason strings
+ * Reason strings for "OS settings"
  */
 static imv_lang_string_t reason_settings[] = {
 	{ "en", "Improper OS settings were detected" },
@@ -163,7 +163,7 @@ static imv_lang_string_t reason_settings[] = {
 };
 
 /**
- * Table of "software packages" reason strings
+ * Reason strings for "installed software packages"
  */
 static imv_lang_string_t reason_packages[] = {
 	{ "en", "Vulnerable or blacklisted software packages were found" },
@@ -172,47 +172,51 @@ static imv_lang_string_t reason_packages[] = {
 };
 
 /**
- * Table of "software packages update" instruction title strings
+ * Instruction strings for "Software Security Updates"
  */
 static imv_lang_string_t instr_update_packages_title[] = {
 	{ "en", "Software Security Updates" },
 	{ "de", "Software Sicherheitsupdates" },
-	{ "pl", "Software Security Updates" }, /* TODO */
 	{ NULL, NULL }
 };
 
-/**
- * Table of "software packages update" instruction description strings
- */
 static imv_lang_string_t instr_update_packages_descr[] = {
-	{ "en", "Please update the following software packages" },
-	{ "de", "Bitte updaten Sie die folgenden Softwarepakete" },
-	{ "pl", "Proszę zaktualizować następujące pakiety" },
+	{ "en", "Packages with security vulnerabilities were found" },
+	{ "de", "Softwarepakete mit Sicherheitsschwachstellen wurden gefunden" },
+	{ NULL, NULL }
+};
+
+static imv_lang_string_t instr_update_packages_header[] = {
+	{ "en", "Please update the following software packages:" },
+	{ "de", "Bitte updaten Sie die folgenden Softwarepakete:" },
+	{ "pl", "Proszę zaktualizować następujące pakiety:" },
 	{ NULL, NULL }
 };
 
 /**
- * Tables of "software package removal" instruction titlestrings
+ * Instruction strings for "Blacklisted Software Packages"
  */
 static imv_lang_string_t instr_remove_packages_title[] = {
 	{ "en", "Blacklisted Software Packages" },
 	{ "de", "Gesperrte Softwarepakete" },
-	{ "pl", "Blacklisted Software Packages" }, /* TODO */
 	{ NULL, NULL }
 };
 
-/**
- * Tables of "software package removal" instruction strings
- */
 static imv_lang_string_t instr_remove_packages_descr[] = {
-	{ "en", "Please remove the following software packages" },
-	{ "de", "Bitte entfernen Sie die folgenden Softwarepakete" },
-	{ "pl", "Proszę usunąć następujące pakiety" },
+	{ "en", "Dangereous software packages were found" },
+	{ "de", "Gefährliche Softwarepakete wurden gefunden" },
 	{ NULL, NULL }
-}
+};
+
+static imv_lang_string_t instr_remove_packages_header[] = {
+	{ "en", "Please remove the following software packages:" },
+	{ "de", "Bitte entfernen Sie die folgenden Softwarepakete:" },
+	{ "pl", "Proszę usunąć następujące pakiety:" },
+	{ NULL, NULL }
+};
 
 ;/**
- * Table of "forwarding enable" instruction title strings
+ * Instruction strings for "Forwarding Enabled"
  */
 static imv_lang_string_t instr_fwd_enabled_title[] = {
 	{ "en", "IP Packet Forwarding" },
@@ -220,9 +224,6 @@ static imv_lang_string_t instr_fwd_enabled_title[] = {
 	{ NULL, NULL }
 };
 
-/**
- * Table of "forwarding enable" instruction description strings
- */
 static imv_lang_string_t instr_fwd_enabled_descr[] = {
 	{ "en", "Please disable the forwarding of IP packets" },
 	{ "de", "Bitte deaktivieren Sie das Forwarding von IP Paketen" },
@@ -230,7 +231,7 @@ static imv_lang_string_t instr_fwd_enabled_descr[] = {
 };
 
 /**
- * Table of "default password enabled" instruction title strings
+ * Instruction strings for "Default Password Enabled"
  */
 static imv_lang_string_t instr_default_pwd_enabled_title[] = {
 	{ "en", "Default Password" },
@@ -238,9 +239,6 @@ static imv_lang_string_t instr_default_pwd_enabled_title[] = {
 	{ NULL, NULL }
 };
 
-/**
- * Table of "default password enabled" instruction description strings
- */
 static imv_lang_string_t instr_default_pwd_enabled_descr[] = {
 	{ "en", "Please change the default password" },
 	{ "de", "Bitte ändern Sie das Default Passwort" },
@@ -248,7 +246,7 @@ static imv_lang_string_t instr_default_pwd_enabled_descr[] = {
 };
 
 /**
- * Table of "install non market apps" instruction title strings
+ * Instruction strings for  "Install Non-Market Apps"
  */
 static imv_lang_string_t instr_non_market_apps_title[] = {
 	{ "en", "Unknown Software Origin" },
@@ -256,9 +254,6 @@ static imv_lang_string_t instr_non_market_apps_title[] = {
 	{ NULL, NULL }
 };
 
-/**
- * Table of "install non market apps" instruction description strings
- */
 static imv_lang_string_t instr_non_market_apps_descr[] = {
 	{ "en", "Do not allow the installation of apps from unknown sources" },
 	{ "de", "Erlauben Sie nicht die Installation von Apps von unbekannten Quellen" },
@@ -372,43 +367,45 @@ METHOD(imv_state_t, get_remediation_instructions, bool,
 	if (this->count_blacklist)
 	{
 		this->remediation_string->add_instruction(this->remediation_string,
-						instr_remove_packages_title,
-						instr_remove_packages_descr, NULL,
-						this->remove_packages);
+							instr_remove_packages_title,
+							instr_remove_packages_descr,
+							instr_remove_packages_header,
+							this->remove_packages);
 	}
 
 	/* List of packages in need of an update, if any */
 	if (this->count_update)
 	{
 		this->remediation_string->add_instruction(this->remediation_string,
-						instr_update_packages_title,
-						instr_update_packages_descr, NULL,
-						this->update_packages);
+							instr_update_packages_title,
+							instr_update_packages_descr,
+							instr_update_packages_header,
+							this->update_packages);
 	}
 
 	/* Add instructions concerning improper OS settings */
 	if (this->os_settings & OS_SETTINGS_FWD_ENABLED)
 	{
 		this->remediation_string->add_instruction(this->remediation_string,
-						instr_fwd_enabled_title,
-						instr_fwd_enabled_descr, NULL, NULL);
+							instr_fwd_enabled_title,
+							instr_fwd_enabled_descr, NULL, NULL);
 	}
 	if (this->os_settings & OS_SETTINGS_DEFAULT_PWD_ENABLED)
 	{
 		this->remediation_string->add_instruction(this->remediation_string,
-						instr_default_pwd_enabled_title,
-						instr_default_pwd_enabled_descr, NULL, NULL);
+							instr_default_pwd_enabled_title,
+							instr_default_pwd_enabled_descr, NULL, NULL);
 	}
 	if (this->os_settings & OS_SETTINGS_NON_MARKET_APPS)
 	{
 		this->remediation_string->add_instruction(this->remediation_string,
-						instr_non_market_apps_title,
-						instr_non_market_apps_descr, NULL, NULL);
+							instr_non_market_apps_title,
+							instr_non_market_apps_descr, NULL, NULL);
 	}
 
 	*string = this->remediation_string->get_encoding(this->remediation_string);
 	*uri = lib->settings->get_str(lib->settings,
-						"libimcv.plugins.imv-os.remediation_uri", NULL);
+							"libimcv.plugins.imv-os.remediation_uri", NULL);
 
 	return TRUE;
 }
diff --git a/src/libimcv/plugins/imv_scanner/imv_scanner.c b/src/libimcv/plugins/imv_scanner/imv_scanner.c
index be3555022..16ce0863f 100644
--- a/src/libimcv/plugins/imv_scanner/imv_scanner.c
+++ b/src/libimcv/plugins/imv_scanner/imv_scanner.c
@@ -202,14 +202,15 @@ static TNC_Result receive_message(imv_state_t *state, imv_msg_t *in_msg)
 
 		if (type.vendor_id == PEN_IETF && type.type == IETF_ATTR_PORT_FILTER)
 		{
+			imv_scanner_state_t *imv_scanner_state;
 			ietf_attr_port_filter_t *attr_port_filter;
 			enumerator_t *enumerator;
 			u_int8_t protocol;
 			u_int16_t port;
-			char buf[BUF_LEN], *pos = buf;
-			size_t len = BUF_LEN;
 			bool blocked, compliant = TRUE;
 
+
+			imv_scanner_state = (imv_scanner_state_t*)state;
 			attr_port_filter = (ietf_attr_port_filter_t*)attr;
 			enumerator = attr_port_filter->create_port_enumerator(attr_port_filter);
 			while (enumerator->enumerate(enumerator, &blocked, &protocol, &port))
@@ -217,7 +218,7 @@ static TNC_Result receive_message(imv_state_t *state, imv_msg_t *in_msg)
 				enumerator_t *e;
 				port_range_t *port_range;
 				bool passed, found = FALSE;
-				int written = 0;
+				char buf[20];
 
 				if (blocked)
 				{
@@ -245,15 +246,10 @@ static TNC_Result receive_message(imv_state_t *state, imv_msg_t *in_msg)
 				if (!passed)
 				{
 					compliant = FALSE;
-					written = snprintf(pos, len, " %s/%u",
-									  (protocol == IPPROTO_TCP) ? "tcp" : "udp",
-									   port);
-					if (written < 0 || written >= len)
-					{
-						break;
-					}
-					pos += written;
-					len -= written;
+					snprintf(buf, sizeof(buf), "%s/%u",
+							(protocol == IPPROTO_TCP) ? "tcp" : "udp", port);
+					imv_scanner_state->add_violating_port(imv_scanner_state,
+														  strdup(buf));
 				}
 			}
 			enumerator->destroy(enumerator);
@@ -266,10 +262,6 @@ static TNC_Result receive_message(imv_state_t *state, imv_msg_t *in_msg)
 			}
 			else
 			{
-				imv_scanner_state_t *imv_scanner_state;
-
-				imv_scanner_state = (imv_scanner_state_t*)state;
-				imv_scanner_state->set_violating_ports(imv_scanner_state, buf);
 				state->set_recommendation(state,
 								TNC_IMV_ACTION_RECOMMENDATION_NO_ACCESS,
 								TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MAJOR);
diff --git a/src/libimcv/plugins/imv_scanner/imv_scanner_state.c b/src/libimcv/plugins/imv_scanner/imv_scanner_state.c
index fba24f188..108e5ff6f 100644
--- a/src/libimcv/plugins/imv_scanner/imv_scanner_state.c
+++ b/src/libimcv/plugins/imv_scanner/imv_scanner_state.c
@@ -69,9 +69,9 @@ struct private_imv_scanner_state_t {
 	TNC_IMV_Evaluation_Result eval;
 
 	/**
-	 * String with list of ports that should be closed
+	 * List with ports that should be closed
 	 */
-	char *violating_ports;
+	 linked_list_t *violating_ports;
 
 	/**
 	 * TNC Reason String
@@ -91,7 +91,7 @@ struct private_imv_scanner_state_t {
 static char* languages[] = { "en", "de", "fr", "pl" };
 
 /**
- * Table of reason strings
+ * Reason strings for "Port Filter"
  */
 static imv_lang_string_t reasons[] = {
 	{ "en", "Open server ports were detected" },
@@ -102,7 +102,7 @@ static imv_lang_string_t reasons[] = {
 };
 
 /**
- * Table of "ports" remediation instruction title strings
+ * Instruction strings for "Port Filters"
  */
 static imv_lang_string_t instr_ports_title[] = {
 	{ "en", "Open Server Ports" },
@@ -112,14 +112,19 @@ static imv_lang_string_t instr_ports_title[] = {
 	{ NULL, NULL }
 };
 
-/**
- * Table of "ports" remediation instruction descriptions strings
- */
 static imv_lang_string_t instr_ports_descr[] = {
-	{ "en", "Please close the following server ports" },
-	{ "de", "Bitte schliessen Sie die folgenden Serverports" },
-	{ "fr", "Fermez les ports du serveur suivants s'il vous plait" },
-	{ "pl", "Proszę zamknąć następujące porty serwera" },
+	{ "en", "Open Internet ports have been detected" },
+	{ "de", "Offenen Internet-Ports wurden festgestellt" },
+	{ "fr", "Il y'a des ports Internet ouverts" },
+	{ "pl", "Porty internetowe są otwarte" },
+	{ NULL, NULL }
+};
+
+static imv_lang_string_t instr_ports_header[] = {
+	{ "en", "Please close the following server ports:" },
+	{ "de", "Bitte schliessen Sie die folgenden Serverports:" },
+	{ "fr", "Fermez les ports du serveur suivants s'il vous plait:" },
+	{ "pl", "Proszę zamknąć następujące porty serwera:" },
 	{ NULL, NULL }
 };
 
@@ -219,8 +224,10 @@ METHOD(imv_state_t, get_remediation_instructions, bool,
 									TRUE, *lang_code);	/* TODO get os_type */
 
 	this->remediation_string->add_instruction(this->remediation_string,
-						instr_ports_title, instr_ports_descr, NULL, NULL);
-
+									instr_ports_title,
+									instr_ports_descr,
+									instr_ports_header,
+									this->violating_ports);
 	*string = this->remediation_string->get_encoding(this->remediation_string);
 	*uri = lib->settings->get_str(lib->settings,
 				"libimcv.plugins.imv-scanner.remediation_uri", NULL);
@@ -233,14 +240,14 @@ METHOD(imv_state_t, destroy, void,
 {
 	DESTROY_IF(this->reason_string);
 	DESTROY_IF(this->remediation_string);
-	free(this->violating_ports);
+	this->violating_ports->destroy_function(this->violating_ports, free);
 	free(this);
 }
 
-METHOD(imv_scanner_state_t, set_violating_ports, void,
-	private_imv_scanner_state_t *this, char *ports)
+METHOD(imv_scanner_state_t, add_violating_port, void,
+	private_imv_scanner_state_t *this, char *port)
 {
-	this->violating_ports = strdup(ports);
+	this->violating_ports->insert_last(this->violating_ports, port);
 }
 
 /**
@@ -266,12 +273,13 @@ imv_state_t *imv_scanner_state_create(TNC_ConnectionID connection_id)
 				.get_remediation_instructions = _get_remediation_instructions,
 				.destroy = _destroy,
 			},
-			.set_violating_ports = _set_violating_ports,
+			.add_violating_port = _add_violating_port,
 		},
 		.state = TNC_CONNECTION_STATE_CREATE,
 		.rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION,
 		.eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW,
 		.connection_id = connection_id,
+		.violating_ports = linked_list_create(),
 	);
 
 	return &this->public.interface;
diff --git a/src/libimcv/plugins/imv_scanner/imv_scanner_state.h b/src/libimcv/plugins/imv_scanner/imv_scanner_state.h
index 716ddfea0..9a0930396 100644
--- a/src/libimcv/plugins/imv_scanner/imv_scanner_state.h
+++ b/src/libimcv/plugins/imv_scanner/imv_scanner_state.h
@@ -37,9 +37,9 @@ struct imv_scanner_state_t {
 	imv_state_t interface;
 
 	/**
-	 * list of violating TCP and UDP ports
+	 * add a violating TCP or UDP port
 	 */
-	void (*set_violating_ports)(imv_scanner_state_t *this, char *ports);
+	void (*add_violating_port)(imv_scanner_state_t *this, char *port);
 };
 
 /**