#!/bin/bash
#
# Script to review the scripts in an OpenVAS distribution and 
# try to detect known non-free plugins as well as 
# plugins that cannot be distributed because they depend to non-free 
# (or not available) plugins
#
# (c) Javier Fernandez-Sanguino <jfs@debian.org>
#
#   This program is free software; you can redistribute it and/or modify
#   it under the terms of the GNU General Public License as published by
#   the Free Software Foundation; either version 2 of the License, or
#   (at your option) any later version.
#
#   This program is distributed in the hope that it will be useful,
#   but WITHOUT ANY WARRANTY; without even the implied warranty of
#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#   GNU General Public License for more details.
#
#   You should have received a copy of the GNU General Public License
#   along with this program; if not, write to the Free Software
#   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
#  
# You can also find a copy of the GNU General Public License at
# http://www.gnu.org/licenses/licenses.html#TOCLGPL


# Assume we are one subdirectory below in the sources
SCRIPTDIR="../scripts"
[ -n "$1" ] && SCRIPTDIR=$1  # But also use the scriptdir provided, if any

if [ ! -d "$SCRIPTDIR" ] ; then
    echo "The script directory $SCRIPTDIR does not exist" >&2
    echo "Do not know where to check for plugins" >&2
    exit 1
fi

# First generate a file with all the includes in files
echo -n "Extracting list of included files (this make tame some time..."
TEMPFILE=`tempfile`  || { echo "Cannot create temporary file!" >&2; exit 1 ; }
egrep -r --exclude-dir=.svn "include.*\(.*\.inc"  $SCRIPTDIR >$TEMPFILE
echo "...done"
trap "rm -f $TEMPFILE" 0 1 2 15

exitval=0


# First tell if there are known non-free plugins
if [ -f non-free-plugins ] ; then
    echo "Looking for non-free plugins..."
    count=0
    for plugin in `cat non-free-plugins | grep -v ^\#`; do
     if [ -e "$SCRIPTDIR/$plugin" ] ; then
         if egrep -iq '(c).*Tenable Network Security' "$SCRIPTDIR/$plugin" && \
		! egrep -iq 'GPL' "$SCRIPTDIR/$plugin"; then
             echo "NON-FREE plugin $plugin found"
             count=$(($count+1))
         fi
     fi
    done

    if [ "$count" -ne 0 ] ; then
     echo "$count NON-FREE plugins found"
     echo "Please fix this (remove the files or remove them from the non-free-plugins file) and rerun the script"
     exitval=1
    fi

    echo "Looking for free plugins that depend on non-free..."
    count=0
    for includef in `cat non-free-plugins | grep '\.inc' | grep -v ^\#`; do
        # Only check if the include file is not there...
        # since it might have been restored from free sources
        if [ ! -e "$SCRIPTDIR/$includef" ] ; then
            echo -n "Checking for the use of $includef..."
            total=`egrep -rl --exclude-dir=.svn "\(.$includef.\);" $TEMPFILE |grep -v $includef | wc -l` 
            if [ -n "$total" ] && [ "$total" -ne 0 ] ; then
                echo
                echo "$total files depend on this NON-FREE include file:"
                egrep -rl --exclude-dir=.svn "\(.$includef.\);" $TEMPFILE |grep -v $includef  | awk -F : '{print $1}'
                echo
                count=$(($count+$total))
            fi
            echo "...done"
        else
            echo "Skipping check of $includef (apparently is free now)"
        fi
    done

    if [ "$count" -ne 0 ] ; then
        echo "$count FREE plugins that depend on NON-FREE found"
        echo "Please fix this and rerun the script"
        exitval=1
    fi
fi

echo "Looking for (possibly) non-free plugins..."
count=0

# This regexp is bound to find non-free plugins:
for plugin in `egrep -rli --exclude-dir=.svn "script_copyright.*Tenable.*" $SCRIPTDIR`; do
    basename=`basename $plugin`
    if [ ! -e non-free-false-positives ] || ! grep -q "^$basename" non-free-false-positives; then
        if egrep -iq '(c).*Tenable Network Security' "$plugin"; then
            # If they have the script_copyright and the (c) then they
            # are non-free for sure
            echo "NON-FREE plugin $plugin found"
            count=$(($count+1))
        else
         echo "POSSIBLE NON-FREE plugin $plugin found"
         count=$(($count+1))
       fi
    fi
done
# This regexp might have false positives
for plugin in `egrep -rli --exclude-dir=.svn "\(c\).*Tenable.*Network.*Security" $SCRIPTDIR`; do
    basename=`basename $plugin`
    if [ ! -e non-free-false-positives ] || ! grep -q "^$basename" non-free-false-positives; then
        echo "POSSIBLE NON-FREE plugin $plugin found"
        count=$(($count+1))
    fi
done

if [ "$count" -ne 0 ] ; then
    echo "$count NON-FREE plugins found"
    echo "Please fix this and rerun the script"
    exitval=1
fi


if [ -f "depend-plugins" ] ; then
    echo "Looking for (known) free plugins that depend on non-free..."
    count=0
    for plugin in `cat depend-plugins | grep -v ^#`; do
     if [ -e "$SCRIPTDIR/$plugin" ] ; then
         echo "FREE plugin $plugin found, depends on NON-FREE"
         count=$(($count+1))
    fi
    done

    if [ $count -ne 0 ] ; then
     echo "$count FREE plugins that depend on NON-FREE found"
     echo "Please fix this and rerun the script"
     exitval=1
    fi
else
    echo "Looking for plugins that depend on unavailable includes..."
    count=0
    found=0
    for includef in `cat $TEMPFILE |perl -ne 'print $1."\n" if /include\s*\("(.*)"\)/'`; do
        if [ ! -e "$SCRIPTDIR/$includef" ] ; then
            found=1
            grep $includef $TEMPFILE | awk -F : '{print $1}' |
            while read plugin; do
                echo "FREE plugin $plugin depends on non-existant $includef"
            done
        fi
        [ "$found" -ne 0 ] && count=$(($count+1))
    done

    if [ $count -ne 0 ] ; then
     echo "FREE plugins found that depend on NON EXISTANT include files."
# This is not considered an error although openvas-server will
# complain because of this
#     echo "Please fix this and rerun the script"
#     exitval=1
    fi

fi


exit $exitval
