Translations

autoreporter_addons/moodle_scanner/reporter.py

@@ -8,6 +8,12 @@
 from artemis.reporting.base.templating import ReportEmailTemplateFragment
 from artemis.reporting.utils import get_top_level_target
 
+from .translations.moodle_messages import pl_PL as translations_moodle_messages_pl_PL
+
+
+class TranslationNotFoundException(Exception):
+    pass
+
 
 class MoodleScannerReporter(Reporter):  # type: ignore
     OBSOLETE_MOODLE_VERSION_FOUND = ReportType("obsolete_moodle_version_found")
@@ -23,7 +29,7 @@ def create_reports(task_result: Dict[str, Any], language: Language) -> List[Repo
 
         if (
             task_result["result"].get("version")
-            and task_result["result"].get("version_is_obsolete")
+            and task_result["result"].get("is_version_obsolete")
             and task_result["result"]["version"] != "Version not found"
         ):
             result.append(
@@ -39,13 +45,31 @@ def create_reports(task_result: Dict[str, Any], language: Language) -> List[Repo
             )
 
         for vuln in task_result["result"].get("vulnerabilities", []):
+            if vuln in ["Vulnerability type: Exec Code XSS"] or vuln.startswith("Reference: "):
+                continue
+
+            if language == Language.en_US:
+                vuln_translated = vuln
+            elif language == Language.pl_PL:
+                vuln = vuln.strip()
+
+                if vuln in translations_moodle_messages_pl_PL.TRANSLATIONS:
+                    vuln_translated = translations_moodle_messages_pl_PL.TRANSLATIONS[vuln]
+                else:
+                    raise TranslationNotFoundException(
+                        f"Unable to find translation for message '{vuln}'."
+                        f"You may add in in Artemis-modules-extra/autoreporter_addons/moodle_scanner/translations/moodle_messages/"
+                    )
+            else:
+                raise NotImplementedError()
+
             result.append(
                 Report(
                     top_level_target=target,
                     target=target,
                     report_type=MoodleScannerReporter.MOODLE_VULNERABILITY_FOUND,
                     additional_data={
-                        "vulnerability": vuln,
+                        "vulnerability": vuln_translated,
                         "version": task_result["result"].get("version", "Unknown"),
                     },
                     timestamp=task_result["created_at"],

autoreporter_addons/moodle_scanner/template_obsolete_moodle_version.jinja2

@@ -14,7 +14,7 @@
 
     <p>
         {% trans trimmed %}
-            Keep track of the Moodle versions in use and ensure they are up to date with the latest security patches.
+            Keep track of the Moodle versions in use and ensure they are up to date.
         {% endtrans %}
     </p>
 {% endif %}

autoreporter_addons/moodle_scanner/translations/en_US/LC_MESSAGES/messages.po

@@ -0,0 +1,27 @@
+#: autoreporter_addons/moodle_scanner/template_moodle_vulnerability.jinja2:2
+msgid ""
+"The following security vulnerabilities were detected in Moodle "
+"installations:"
+msgstr ""
+
+#: autoreporter_addons/moodle_scanner/template_moodle_vulnerability.jinja2:16
+msgid ""
+"These vulnerabilities should be addressed by updating to the latest "
+"secure version of Moodle. If a site is no longer used, we recommend "
+"shutting it down to eliminate the risk of exploitation of known "
+"vulnerabilities in older Moodle versions."
+msgstr ""
+
+#: autoreporter_addons/moodle_scanner/template_obsolete_moodle_version.jinja2:2
+msgid "The following Moodle installations with outdated versions were detected:"
+msgstr ""
+
+#: autoreporter_addons/moodle_scanner/template_obsolete_moodle_version.jinja2:8
+msgid "version:"
+msgstr ""
+
+#: autoreporter_addons/moodle_scanner/template_obsolete_moodle_version.jinja2:16
+msgid ""
+"Keep track of the Moodle versions in use and ensure they are up to date "
+"with the latest security patches."
+msgstr ""

autoreporter_addons/moodle_scanner/translations/messages.pot

@@ -0,0 +1,27 @@
+#: autoreporter_addons/moodle_scanner/template_moodle_vulnerability.jinja2:2
+msgid ""
+"The following security vulnerabilities were detected in Moodle "
+"installations:"
+msgstr ""
+
+#: autoreporter_addons/moodle_scanner/template_moodle_vulnerability.jinja2:16
+msgid ""
+"These vulnerabilities should be addressed by updating to the latest "
+"secure version of Moodle. If a site is no longer used, we recommend "
+"shutting it down to eliminate the risk of exploitation of known "
+"vulnerabilities in older Moodle versions."
+msgstr ""
+
+#: autoreporter_addons/moodle_scanner/template_obsolete_moodle_version.jinja2:2
+msgid "The following Moodle installations with outdated versions were detected:"
+msgstr ""
+
+#: autoreporter_addons/moodle_scanner/template_obsolete_moodle_version.jinja2:8
+msgid "version:"
+msgstr ""
+
+#: autoreporter_addons/moodle_scanner/template_obsolete_moodle_version.jinja2:16
+msgid ""
+"Keep track of the Moodle versions in use and ensure they are up to date "
+"with the latest security patches."
+msgstr ""

autoreporter_addons/moodle_scanner/translations/moodle_messages/pl_PL.py

@@ -0,0 +1,8 @@
+from typing import Dict
+
+REFLECTED_XSS_DESCRIPTION = "Cross-Site Scripting, umożliwiającą atakującemu spreparowanie linku, który, po kliknięciu przez administratora, wykona dowolną akcję z jego uprawnieniami (taką jak np. modyfikacja treści czy kradzież danych)."
+
+TRANSLATIONS: Dict[str, str] = {
+    "[!] CVE-2022-35653: A reflected XSS issue was identified in the LTI module of Moodle. The vulnerability exists due to insufficient sanitization of user-supplied data in the LTI module. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website to steal potentially sensitive information, change appearance of the web page, can perform phishing and drive-by-download attacks. This vulnerability does not impact authenticated users.": "CVE-2022-35653: Wykryto podatność Reflected XSS, która umożliwia atakującemu spreparowanie linku do powyższej strony internetowej, który - gdy kliknięty przez ofiarę - wykona dowolne skrypty lub zmieni w dowolny sposób wygląd strony, umożliwiając np. wykradnięcie danych. Uwaga: podatność nie dotyczy zalogowanych użytkowników.",
+    "[!] CVE-2022-35651: A stored XSS and blind SSRF vulnerability was found in Moodle, occurs due to insufficient sanitization of user-supplied data in the SCORM track details. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website to steal potentially sensitive information, change appearance of the web page, can perform phishing and drive-by-download attacks.": "CVE-2022-35651: Wykryto podatność Server-Site Reuqest Forgery, umożliwiającą wykonywanie żądań do systemów w sieci lokalnej, a także podatność " + REFLECTED_XSS_DESCRIPTION
+}

autoreporter_addons/moodle_scanner/translations/pl_PL/LC_MESSAGES/messages.po

@@ -0,0 +1,32 @@
+#: autoreporter_addons/moodle_scanner/template_moodle_vulnerability.jinja2:2
+msgid ""
+"The following security vulnerabilities were detected in Moodle "
+"installations:"
+msgstr ""
+"Wykryto następujące podatności w systemach Moodle:"
+
+#: autoreporter_addons/moodle_scanner/template_moodle_vulnerability.jinja2:16
+msgid ""
+"These vulnerabilities should be addressed by updating to the latest "
+"secure version of Moodle. If a site is no longer used, we recommend "
+"shutting it down to eliminate the risk of exploitation of known "
+"vulnerabilities in older Moodle versions."
+msgstr ""
+"Zalecamy szybką naprawę tych podatności za pomocą aktualizacji do najnowszej wersji systemu "
+"Moodle. Jeśli strona nie jest już używana, rekomendujemy jej wyłączenie, aby "
+"wyeliminować ryzyko ataku przy użyciu znanych podatności w starszych "
+"wersjach systemu Moodle."
+
+#: autoreporter_addons/moodle_scanner/template_obsolete_moodle_version.jinja2:2
+msgid "The following Moodle installations with outdated versions were detected:"
+msgstr "Wykryto następujące instalacje systemu Moodle z nieaktualną wersją oprogramowania:"
+
+#: autoreporter_addons/moodle_scanner/template_obsolete_moodle_version.jinja2:8
+msgid "version:"
+msgstr "wersja:"
+
+#: autoreporter_addons/moodle_scanner/template_obsolete_moodle_version.jinja2:16
+msgid ""
+"Keep track of the Moodle versions in use and ensure they are up to date."
+msgstr ""
+"Zalecamy regularne sprawdzanie, czy używane wersje systemu Moodle są aktualne."