#!/usr/bin/env python3
"""
Create comprehensive test with Windows and RHEL Plugin 66334 formats
"""

import xml.etree.ElementTree as ET
from xml.dom import minidom


def create_windows_host(report, host_ip, host_name):
    """Create Windows host with vulnerabilities"""
    report_host = ET.SubElement(report, 'ReportHost', name=host_ip)
    
    # Host properties
    host_properties = ET.SubElement(report_host, 'HostProperties')
    tag = ET.SubElement(host_properties, 'tag', name='netbios-name')
    tag.text = host_name
    
    # Windows vulnerabilities
    vulns = [
        {'plugin_id': '200001', 'name': 'MS KB5073724 Security Update', 'severity': '4', 'cves': ['CVE-2024-0001', 'CVE-2024-0002']},
        {'plugin_id': '200002', 'name': 'MS KB5049613 Critical Patch', 'severity': '4', 'cves': ['CVE-2024-0003']},
        {'plugin_id': '200003', 'name': 'Adobe AIR < 23.0.0.257 Multiple Vulnerabilities', 'severity': '4', 'cves': ['CVE-2024-0010', 'CVE-2024-0011']},
        {'plugin_id': '200004', 'name': 'Adobe AIR Unsupported Version', 'severity': '3', 'cves': ['CVE-2024-0012']},
        {'plugin_id': '200005', 'name': 'Curl Use-After-Free < 7.87', 'severity': '4', 'cves': ['CVE-2022-43552']},
        {'plugin_id': '200006', 'name': 'Microsoft Edge < 143.0.3650.139', 'severity': '3', 'cves': ['CVE-2026-0628']},
    ]
    
    for vuln in vulns:
        report_item = ET.SubElement(report_host, 'ReportItem', 
            port='0', svc_name='general', protocol='tcp',
            severity=vuln['severity'], pluginID=vuln['plugin_id'], pluginName=vuln['name'])
        for cve in vuln['cves']:
            cve_elem = ET.SubElement(report_item, 'cve')
            cve_elem.text = cve
    
    # Plugin 66334
    patch_output = """
. You need to take the following 18 actions :

+ Install the following Microsoft patches :
- KB5073724 (39 vulnerabilities)
- KB5049613
- KB5044023
- KB5039893
- KB5039884
- KB5036608
- KB5033909
- KB5031988

[ Adobe AIR <= 22.0.0.153 Android Applications Runtime Analytics MitM (APSB16-31) (93523) ]

+ Action to take : Upgrade to Adobe AIR version 23.0.0.257 or later.

+Impact : Taking this action will resolve 564 different vulnerabilities (CVEs).


[ Curl Use-After-Free < 7.87 (CVE-2022-43552) (171859) ]

+ Action to take : Upgrade Curl to version 7.87.0 or later


[ Microsoft Edge (Chromium) < 143.0.3650.139 (CVE-2026-0628) (282534) ]

+ Action to take : Upgrade to Microsoft Edge version 143.0.3650.139 or later.

+Impact : Taking this action will resolve 96 different vulnerabilities (CVEs).
"""
    
    report_item = ET.SubElement(report_host, 'ReportItem',
        port='0', svc_name='general', protocol='tcp',
        severity='0', pluginID='66334', pluginName='Patch Report')
    plugin_output = ET.SubElement(report_item, 'plugin_output')
    plugin_output.text = patch_output


def create_rhel_host(report, host_ip, host_name):
    """Create RHEL host with vulnerabilities"""
    report_host = ET.SubElement(report, 'ReportHost', name=host_ip)
    
    # Host properties
    host_properties = ET.SubElement(report_host, 'HostProperties')
    tag = ET.SubElement(host_properties, 'tag', name='host-fqdn')
    tag.text = f"{host_name}.company.local"
    
    # RHEL vulnerabilities
    vulns = [
        {'plugin_id': '300001', 'name': 'Apache Log4j 1.2 JMSAppender RCE', 'severity': '4', 'cves': ['CVE-2021-4104']},
        {'plugin_id': '300002', 'name': 'Oracle Java SE July 2022 CPU', 'severity': '4', 'cves': ['CVE-2024-0020', 'CVE-2024-0021']},
        {'plugin_id': '300003', 'name': 'RHEL 8 : java-1.8.0-openjdk (RHSA-2025:18815)', 'severity': '3', 'cves': ['CVE-2024-0030']},
        {'plugin_id': '300004', 'name': 'RHEL 8 : NetworkManager (RHSA-2025:0288)', 'severity': '2', 'cves': []},
        {'plugin_id': '300005', 'name': 'RHEL 8 : NetworkManager-libreswan (RHSA-2024:8353)', 'severity': '2', 'cves': []},
        {'plugin_id': '300006', 'name': 'RHEL 8 : bcc (RHSA-2024:8831)', 'severity': '2', 'cves': []},
    ]
    
    for vuln in vulns:
        report_item = ET.SubElement(report_host, 'ReportItem',
            port='0', svc_name='general', protocol='tcp',
            severity=vuln['severity'], pluginID=vuln['plugin_id'], pluginName=vuln['name'])
        for cve in vuln['cves']:
            cve_elem = ET.SubElement(report_item, 'cve')
            cve_elem.text = cve
    
    # Plugin 66334
    patch_output = """
. You need to take the following 110 actions :


[ Apache Log4j 1.2 JMSAppender Remote Code Execution (CVE-2021-4104) (156103) ]

+ Action to take : Upgrade to Apache Log4j version 2.16.0 or later since 1.x is end of life.

Upgrading to the latest versions for Apache Log4j is highly recommended as intermediate versions / patches have known high severity vulnerabilities.


[ Oracle Java SE Multiple Vulnerabilities (July 2022 CPU) (163304) ]

+ Action to take : Apply the appropriate patch according to the July 2022 Oracle Critical Patch Update advisory.

+Impact : Taking this action will resolve 348 different vulnerabilities (CVEs).


[ RHEL 8 / 9 : java-1.8.0-openjdk (RHSA-2025:18815) (271273) ]

+ Action to take : Update the RHEL java-1.8.0-openjdk package based on the guidance in RHSA-2025:18815.

+Impact : Taking this action will resolve 24 different vulnerabilities (CVEs).


[ RHEL 8 : Bug fix of NetworkManager (Moderate) (RHSA-2025:0288) (214070) ]

+ Action to take : Update the affected packages.


[ RHEL 8 : NetworkManager-libreswan (RHSA-2024:8353) (209549) ]

+ Action to take : Update the RHEL NetworkManager-libreswan package based on the guidance in RHSA-2024:8353.


[ RHEL 8 : bcc (RHSA-2024:8831) (210348) ]

+ Action to take : Update the RHEL bcc package based on the guidance in RHSA-2024:8831.
"""
    
    report_item = ET.SubElement(report_host, 'ReportItem',
        port='0', svc_name='general', protocol='tcp',
        severity='0', pluginID='66334', pluginName='Patch Report')
    plugin_output = ET.SubElement(report_item, 'plugin_output')
    plugin_output.text = patch_output


def main():
    root = ET.Element('NessusClientData_v2')
    report = ET.SubElement(root, 'Report', name='Comprehensive Patch Report Test')
    
    # Create Windows host
    create_windows_host(report, "169.254.33.107", "DESKTOP-UE5DFOC")
    
    # Create RHEL host
    create_rhel_host(report, "192.168.1.50", "rhel-server01")
    
    # Pretty print
    xml_str = minidom.parseString(ET.tostring(root)).toprettyxml(indent="  ")
    
    filename = 'comprehensive_patch_test.nessus'
    with open(filename, 'w') as f:
        f.write(xml_str)
    
    print(f"✓ Created comprehensive test file: {filename}")
    print("\nIncludes:")
    print("  HOST 1 (Windows):")
    print("    - KB patches with and without counts")
    print("    - Adobe AIR upgrade")
    print("    - Curl upgrade")
    print("    - Microsoft Edge upgrade")
    print("\n  HOST 2 (RHEL 8):")
    print("    - Apache Log4j upgrade")
    print("    - Oracle Java patches")
    print("    - RHEL package updates (java, NetworkManager, bcc)")
    print("\nTest with:")
    print("  python patch_report_extractor.py comprehensive_patch_test.nessus --summary -o result.csv")


if __name__ == '__main__':
    main()