add oracle check_privilege_revoke_all_source

plugins/oracle/__init__.py

@@ -62,6 +62,7 @@
 from check_privilege_revoke_all_fga import *
 from check_privilege_revoke_all_radm import *
 from check_privilege_revoke_all_rls import *
+from check_privilege_revoke_all_source import *
 from check_privilege_revoke_all_trigger import *
 from check_privilege_select_any_dictionary import *
 from check_privilege_select_any_table import *

plugins/oracle/check_privilege_revoke_all_source.py

@@ -0,0 +1,38 @@
+class check_privilege_revoke_all_source():
+    """
+    check_privilege_revoke_all_source
+    Ensure 'ALL' Is Revoked from Unauthorized 'GRANTEE' on SOURCE$
+    The SOURCE$ table contains the PL/SQL source for all packages, 
+    procedures and functions.
+    """
+    # References:
+    # http://www.davidlitchfield.com/AddendumtotheOracle12cCISGuidelines.pdf
+    # http://www.davidlitchfield.com/oracle_backdoors.pdf
+
+    TITLE    = 'Revoke ALL from SOURCE$'
+    CATEGORY = 'Privilege'
+    TYPE     = 'sql'
+    SQL      = "SELECT GRANTEE, PRIVILEGE FROM DBA_TAB_PRIVS WHERE TABLE_NAME = 'SOURCE$'"
+
+    verbose = False
+    skip    = False
+    result  = {}
+
+    def do_check(self, *results):
+        self.result['level']  = 'GREEN'
+        output                = ''
+
+        for rows in results:
+            for row in rows:
+                self.result['level'] = 'RED'
+                output += row[0] + ' with ' + row[1] + 'on SOURCE$\n'
+
+        if 'GREEN' == self.result['level']:
+            output = 'No user with grants to SOURCE$.'
+
+        self.result['output'] = output
+
+        return self.result
+
+    def __init__(self, parent):
+        print('Performing check: ' + self.TITLE)