Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Change: Update handling of CVEs for the new JSON API. #2300

Merged
merged 7 commits into from
Nov 6, 2024
Merged

Change: Update handling of CVEs for the new JSON API. #2300

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
3d75038
Change: Update handling of CVEs for the new JSON API.
a-h-abdelsalam Oct 4, 2024
fbb8df4
Merge branch 'main' into cves-from-json
a-h-abdelsalam Nov 1, 2024
ba2dcd5
Address minor issues
a-h-abdelsalam Nov 1, 2024
03f546a
Update names of CVE JSON feed files
a-h-abdelsalam Nov 1, 2024
64983ca
Minor code changes and adjusting formatting
a-h-abdelsalam Nov 4, 2024
6ff3d18
Code refactoring
a-h-abdelsalam Nov 5, 2024
4a52a60
Merge branch 'main' into cves-from-json
a-h-abdelsalam Nov 6, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
209 changes: 209 additions & 0 deletions src/gmp.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -101,6 +101,7 @@
#include "manage_report_configs.h"
#include "manage_report_formats.h"
#include "manage_tls_certificates.h"
#include "sql.h"
#include "utils.h"

#include <arpa/inet.h>
Expand Down Expand Up @@ -128,6 +129,7 @@
#include <gvm/util/fileutils.h>
#include <gvm/util/sshutils.h>
#include <gvm/util/authutils.h>
#include <gvm/util/cpeutils.h>

#undef G_LOG_DOMAIN
/**
Expand Down Expand Up @@ -13247,6 +13249,209 @@
set_client_state (CLIENT_AUTHENTIC);
}

/**
* @brief Print CPE match node with its matched CPEs.
*
* @param[in] node CPE match node to print.
* @param[in] buffer Buffer into which to print match node.
*/
static void
print_cpe_match_nodes_xml (resource_t node, GString *buffer)

Check warning on line 13259 in src/gmp.c

View check run for this annotation

Codecov / codecov/patch

src/gmp.c#L13259 

Added line #L13259 was not covered by tests
{
iterator_t cpe_match_nodes, cpe_match_ranges;

init_iterator (&cpe_match_nodes,

Check warning on line 13263 in src/gmp.c

View check run for this annotation

Codecov / codecov/patch

src/gmp.c#L13263 

Added line #L13263 was not covered by tests
"SELECT operator, negate"
" FROM scap.cpe_match_nodes WHERE id = %llu;",
node);

const char *operator = NULL;
int negate = 0;

Check warning on line 13269 in src/gmp.c

View check run for this annotation

Codecov / codecov/patch

src/gmp.c#L13268-L13269 

Added lines #L13268 - L13269 were not covered by tests
while (next (&cpe_match_nodes))
{
operator = iterator_string (&cpe_match_nodes, 0);
negate = iterator_int (&cpe_match_nodes, 1);

Check warning on line 13273 in src/gmp.c

View check run for this annotation

Codecov / codecov/patch

src/gmp.c#L13272-L13273 

Added lines #L13272 - L13273 were not covered by tests
}
cleanup_iterator (&cpe_match_nodes);

Check warning on line 13275 in src/gmp.c

View check run for this annotation

Codecov / codecov/patch

src/gmp.c#L13275 

Added line #L13275 was not covered by tests

xml_string_append (buffer, "<operator>%s</operator>", operator?: "");
xml_string_append (buffer, "<negate>%s</negate>", negate? "1" : "0");

Check warning on line 13278 in src/gmp.c

View check run for this annotation

Codecov / codecov/patch

src/gmp.c#L13277-L13278 

Added lines #L13277 - L13278 were not covered by tests

init_cpe_match_string_iterator (&cpe_match_ranges, node);

Check warning on line 13280 in src/gmp.c

View check run for this annotation

Codecov / codecov/patch

src/gmp.c#L13280 

Added line #L13280 was not covered by tests
while (next (&cpe_match_ranges))
{
const gchar *vsi, *vse, *vei, *vee, *match_criteria_id, *criteria, *status;

xml_string_append (buffer, "<match_string>");

Check warning on line 13285 in src/gmp.c

View check run for this annotation

Codecov / codecov/patch

src/gmp.c#L13285 

Added line #L13285 was not covered by tests
match_criteria_id
= cpe_match_string_iterator_match_criteria_id (&cpe_match_ranges);
criteria = cpe_match_string_iterator_criteria (&cpe_match_ranges);
status = cpe_match_string_iterator_status (&cpe_match_ranges);

Check warning on line 13289 in src/gmp.c

View check run for this annotation

Codecov / codecov/patch

src/gmp.c#L13287-L13289 

Added lines #L13287 - L13289 were not covered by tests

xml_string_append (buffer,

Check warning on line 13291 in src/gmp.c

View check run for this annotation

Codecov / codecov/patch

src/gmp.c#L13291 

Added line #L13291 was not covered by tests
"<criteria>%s</criteria>"
"<vulnerable>%s</vulnerable>"
"<status>%s</status>",
criteria?: "",
cpe_match_string_iterator_vulnerable (&cpe_match_ranges) != 0

Check warning on line 13296 in src/gmp.c

View check run for this annotation

Codecov / codecov/patch

src/gmp.c#L13295-L13296 

Added lines #L13295 - L13296 were not covered by tests
? "1"
: "0",
status?: "");

Check warning on line 13299 in src/gmp.c

View check run for this annotation

Codecov / codecov/patch

src/gmp.c#L13299 

Added line #L13299 was not covered by tests

vsi = cpe_match_string_iterator_version_start_incl (&cpe_match_ranges);
vse = cpe_match_string_iterator_version_start_excl (&cpe_match_ranges);
vei = cpe_match_string_iterator_version_end_incl (&cpe_match_ranges);
vee = cpe_match_string_iterator_version_end_excl (&cpe_match_ranges);

Check warning on line 13304 in src/gmp.c

View check run for this annotation

Codecov / codecov/patch

src/gmp.c#L13301-L13304 

Added lines #L13301 - L13304 were not covered by tests

xml_string_append (buffer,

Check warning on line 13306 in src/gmp.c

View check run for this annotation

Codecov / codecov/patch

src/gmp.c#L13306 

Added line #L13306 was not covered by tests
"<version_start_including>%s</version_start_including>",
vsi ?: "");
xml_string_append (buffer,

Check warning on line 13309 in src/gmp.c

View check run for this annotation

Codecov / codecov/patch

src/gmp.c#L13308-L13309 

Added lines #L13308 - L13309 were not covered by tests
"<version_start_excluding>%s</version_start_excluding>",
vse ?: "");
xml_string_append (buffer,

Check warning on line 13312 in src/gmp.c

View check run for this annotation

Codecov / codecov/patch

src/gmp.c#L13311-L13312 

Added lines #L13311 - L13312 were not covered by tests
"<version_end_including>%s</version_end_including>",
vei ?: "");
xml_string_append (buffer,

Check warning on line 13315 in src/gmp.c

View check run for this annotation

Codecov / codecov/patch

src/gmp.c#L13314-L13315 

Added lines #L13314 - L13315 were not covered by tests
"<version_end_excluding>%s</version_end_excluding>",
vee ?: "");

Check warning on line 13317 in src/gmp.c

View check run for this annotation

Codecov / codecov/patch

src/gmp.c#L13317 

Added line #L13317 was not covered by tests

iterator_t cpe_matches;
init_cpe_match_string_matches_iterator (&cpe_matches, match_criteria_id);
xml_string_append (buffer, "<matched_cpes>");

Check warning on line 13321 in src/gmp.c

View check run for this annotation

Codecov / codecov/patch

src/gmp.c#L13320-L13321 

Added lines #L13320 - L13321 were not covered by tests

while (next (&cpe_matches))
{
iterator_t cpes;

init_iterator (&cpes,

Check warning on line 13327 in src/gmp.c

View check run for this annotation

Codecov / codecov/patch

src/gmp.c#L13327 

Added line #L13327 was not covered by tests
"SELECT deprecated FROM scap.cpes"
" WHERE cpe_name_id = '%s';",
cpe_matches_cpe_name_id(&cpe_matches));

const char* cpe = cpe_matches_cpe_name (&cpe_matches);

Check warning on line 13332 in src/gmp.c

View check run for this annotation

Codecov / codecov/patch

src/gmp.c#L13332 

Added line #L13332 was not covered by tests

int deprecated = 0;

Check warning on line 13334 in src/gmp.c

View check run for this annotation

Codecov / codecov/patch

src/gmp.c#L13334 

Added line #L13334 was not covered by tests
while (next (&cpes))
{
deprecated = iterator_int (&cpes, 0);

Check warning on line 13337 in src/gmp.c

View check run for this annotation

Codecov / codecov/patch

src/gmp.c#L13337 

Added line #L13337 was not covered by tests
}
cleanup_iterator (&cpes);

Check warning on line 13339 in src/gmp.c

View check run for this annotation

Codecov / codecov/patch

src/gmp.c#L13339 

Added line #L13339 was not covered by tests

xml_string_append (buffer, "<cpe id=\"%s\">", cpe?: "");
xml_string_append (buffer,

Check warning on line 13342 in src/gmp.c

View check run for this annotation

Codecov / codecov/patch

src/gmp.c#L13341-L13342 

Added lines #L13341 - L13342 were not covered by tests
"<deprecated>%s</deprecated>",
deprecated ? "1" : "0");
if (deprecated)
{
iterator_t deprecated_by;
init_cpe_deprecated_by_iterator (&deprecated_by, cpe);

Check warning on line 13348 in src/gmp.c

View check run for this annotation

Codecov / codecov/patch

src/gmp.c#L13348 

Added line #L13348 was not covered by tests
while (next (&deprecated_by))
{
xml_string_append (buffer,

Check warning on line 13351 in src/gmp.c

View check run for this annotation

Codecov / codecov/patch

src/gmp.c#L13351 

Added line #L13351 was not covered by tests
"<deprecated_by cpe_id=\"%s\"/>",
cpe_deprecated_by_iterator_deprecated_by
(&deprecated_by));
}
cleanup_iterator (&deprecated_by);

Check warning on line 13356 in src/gmp.c

View check run for this annotation

Codecov / codecov/patch

src/gmp.c#L13356 

Added line #L13356 was not covered by tests
}
xml_string_append (buffer, "</cpe>");

Check warning on line 13358 in src/gmp.c

View check run for this annotation

Codecov / codecov/patch

src/gmp.c#L13358 

Added line #L13358 was not covered by tests
}
xml_string_append (buffer, "</matched_cpes>");
xml_string_append (buffer, "</match_string>");
cleanup_iterator (&cpe_matches);

Check warning on line 13362 in src/gmp.c

View check run for this annotation

Codecov / codecov/patch

src/gmp.c#L13360-L13362 

Added lines #L13360 - L13362 were not covered by tests
}
cleanup_iterator (&cpe_match_ranges);

Check warning on line 13364 in src/gmp.c

View check run for this annotation

Codecov / codecov/patch

src/gmp.c#L13364 

Added line #L13364 was not covered by tests
}
/**
* @brief Print CVE affected software configurations
*
* @param[in] cve_uuid uuid of the CVE.
* @param[out] result Buffer into which to print.
*
*/
static void
print_cve_configurations_xml (const gchar *cve_uuid, GString *result)

Check warning on line 13374 in src/gmp.c

View check run for this annotation

Codecov / codecov/patch

src/gmp.c#L13374 

Added line #L13374 was not covered by tests
{
iterator_t cpe_match_root_nodes;
xml_string_append (result, "<configuration_nodes>");
init_cve_cpe_match_nodes_iterator (&cpe_match_root_nodes, cve_uuid);

Check warning on line 13378 in src/gmp.c

View check run for this annotation

Codecov / codecov/patch

src/gmp.c#L13377-L13378 

Added lines #L13377 - L13378 were not covered by tests
while (next (&cpe_match_root_nodes))
{
result_t root_node;
iterator_t cpe_match_node_childs;
root_node = cpe_match_nodes_iterator_root_id (&cpe_match_root_nodes);
xml_string_append (result, "<node>");
print_cpe_match_nodes_xml (root_node, result);
init_cpe_match_node_childs_iterator (&cpe_match_node_childs, root_node);

Check warning on line 13386 in src/gmp.c

View check run for this annotation

Codecov / codecov/patch

src/gmp.c#L13383-L13386 

Added lines #L13383 - L13386 were not covered by tests
while (next (&cpe_match_node_childs))
{
resource_t child_node;
child_node =
cpe_match_node_childs_iterator_id (&cpe_match_node_childs);
xml_string_append (result, "<node>");
print_cpe_match_nodes_xml (child_node, result);
xml_string_append (result, "</node>");

Check warning on line 13394 in src/gmp.c

View check run for this annotation

Codecov / codecov/patch

src/gmp.c#L13391-L13394 

Added lines #L13391 - L13394 were not covered by tests
}
xml_string_append (result, "</node>");
cleanup_iterator (&cpe_match_node_childs);

Check warning on line 13397 in src/gmp.c

View check run for this annotation

Codecov / codecov/patch

src/gmp.c#L13396-L13397 

Added lines #L13396 - L13397 were not covered by tests
}
xml_string_append (result, "</configuration_nodes>");
cleanup_iterator (&cpe_match_root_nodes);

Check warning on line 13400 in src/gmp.c

View check run for this annotation

Codecov / codecov/patch

src/gmp.c#L13399-L13400 

Added lines #L13399 - L13400 were not covered by tests
}

/**
* @brief Print CVE references
*
* @param[in] cve_uuid uuid of the CVE.
* @param[out] result Buffer into which to print.
*
*/
static void
print_cve_references_xml (const gchar *cve_uuid, GString *result)

Check warning on line 13411 in src/gmp.c

View check run for this annotation

Codecov / codecov/patch

src/gmp.c#L13411 

Added line #L13411 was not covered by tests
{
iterator_t references;
init_cve_reference_iterator (&references, cve_uuid);
xml_string_append (result, "<references>");

Check warning on line 13415 in src/gmp.c

View check run for this annotation

Codecov / codecov/patch

src/gmp.c#L13414-L13415 

Added lines #L13414 - L13415 were not covered by tests
while (next (&references))
{
xml_string_append (result, "<reference>");
xml_string_append (result,

Check warning on line 13419 in src/gmp.c

View check run for this annotation

Codecov / codecov/patch

src/gmp.c#L13418-L13419 

Added lines #L13418 - L13419 were not covered by tests
"<url>%s</url>",
cve_reference_iterator_url (&references));
xml_string_append (result, "<tags>");
const char * tags_array = cve_reference_iterator_tags (&references);

Check warning on line 13423 in src/gmp.c

View check run for this annotation

Codecov / codecov/patch

src/gmp.c#L13422-L13423 

Added lines #L13422 - L13423 were not covered by tests
if(tags_array && strlen (tags_array) > 2)
{
char *trimmed_array
= g_strndup (tags_array + 1, strlen (tags_array) - 2);

Check warning on line 13427 in src/gmp.c

View check run for this annotation

Codecov / codecov/patch

src/gmp.c#L13427 

Added line #L13427 was not covered by tests
gchar **tags, **current_tag;
tags = g_strsplit (trimmed_array, ",", -1);
current_tag = tags;

Check warning on line 13430 in src/gmp.c

View check run for this annotation

Codecov / codecov/patch

src/gmp.c#L13429-L13430 

Added lines #L13429 - L13430 were not covered by tests
while (*current_tag)
{
if (strlen (*current_tag) > 2
&& (*current_tag)[0] == '"'
&& (*current_tag)[strlen (*current_tag) - 1] == '"')
{
char *trimmed_tag = g_strndup (*current_tag + 1,
strlen (*current_tag) - 2);
xml_string_append (result, "<tag>%s</tag>", trimmed_tag);
g_free (trimmed_tag);

Check warning on line 13440 in src/gmp.c

View check run for this annotation

Codecov / codecov/patch

src/gmp.c#L13434-L13440 

Added lines #L13434 - L13440 were not covered by tests
}
else
xml_string_append (result, "<tag>%s</tag>", *current_tag);
current_tag++;

Check warning on line 13444 in src/gmp.c

View check run for this annotation

Codecov / codecov/patch

src/gmp.c#L13443-L13444 

Added lines #L13443 - L13444 were not covered by tests
}
g_strfreev (tags);
g_free (trimmed_array);

Check warning on line 13447 in src/gmp.c

View check run for this annotation

Codecov / codecov/patch

src/gmp.c#L13446-L13447 

Added lines #L13446 - L13447 were not covered by tests
}
xml_string_append (result, "</tags>");
xml_string_append (result, "</reference>");

Check warning on line 13450 in src/gmp.c

View check run for this annotation

Codecov / codecov/patch

src/gmp.c#L13449-L13450 

Added lines #L13449 - L13450 were not covered by tests
}
xml_string_append (result, "</references>");
cleanup_iterator (&references);

Check warning on line 13453 in src/gmp.c

View check run for this annotation

Codecov / codecov/patch

src/gmp.c#L13452-L13453 

Added lines #L13452 - L13453 were not covered by tests
}
/**
* @brief Handle end of GET_INFO element.
*
Expand Down Expand Up @@ -13622,6 +13827,10 @@
"</warning>");
}
g_string_append (result, "</cert>");

const gchar *cve_uuid = get_iterator_uuid (&info);
print_cve_configurations_xml (cve_uuid, result);
print_cve_references_xml (cve_uuid, result);

Check warning on line 13833 in src/gmp.c

View check run for this annotation

Codecov / codecov/patch

src/gmp.c#L13831-L13833 

Added lines #L13831 - L13833 were not covered by tests
}
}
else if (g_strcmp0 ("cert_bund_adv", get_info_data->type) == 0)
Expand Down
14 changes: 7 additions & 7 deletions src/manage.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3180,19 +3180,19 @@
return;
}

init_cpe_match_range_iterator (&cpe_match_ranges, node);
init_cpe_match_string_iterator (&cpe_match_ranges, node);

Check warning on line 3183 in src/manage.c

View check run for this annotation

Codecov / codecov/patch

src/manage.c#L3183 

Added line #L3183 was not covered by tests
while (next (&cpe_match_ranges))
{
iterator_t cpe_host_details_products;
gchar *range_fs_cpe;
gchar *range_uri_product;
gchar *vsi, *vse, *vei, *vee;
range_fs_cpe = vsi = vse = vei = vee = NULL;
range_fs_cpe = g_strdup (cpe_match_range_iterator_cpe (&cpe_match_ranges));
vsi = g_strdup (cpe_match_range_iterator_version_start_incl (&cpe_match_ranges));
vse = g_strdup (cpe_match_range_iterator_version_start_excl (&cpe_match_ranges));
vei = g_strdup (cpe_match_range_iterator_version_end_incl (&cpe_match_ranges));
vee = g_strdup (cpe_match_range_iterator_version_end_excl (&cpe_match_ranges));
range_fs_cpe = g_strdup (cpe_match_string_iterator_criteria (&cpe_match_ranges));
vsi = g_strdup (cpe_match_string_iterator_version_start_incl (&cpe_match_ranges));
vse = g_strdup (cpe_match_string_iterator_version_start_excl (&cpe_match_ranges));
vei = g_strdup (cpe_match_string_iterator_version_end_incl (&cpe_match_ranges));
vee = g_strdup (cpe_match_string_iterator_version_end_excl (&cpe_match_ranges));

Check warning on line 3195 in src/manage.c

View check run for this annotation

Codecov / codecov/patch

src/manage.c#L3191-L3195 

Added lines #L3191 - L3195 were not covered by tests
range_uri_product = fs_cpe_to_uri_product (range_fs_cpe);
init_host_details_cpe_product_iterator (&cpe_host_details_products, range_uri_product, report_host);
while (next (&cpe_host_details_products))
Expand All @@ -3216,7 +3216,7 @@
cpe_struct_free (&source);
cpe_struct_free (&target);
}
if (*match && cpe_match_range_iterator_vulnerable (&cpe_match_ranges) == 1)
if (*match && cpe_match_string_iterator_vulnerable (&cpe_match_ranges) == 1)
{
cpe_struct_t source, target;
cpe_struct_init (&source);
Expand Down
44 changes: 37 additions & 7 deletions src/manage.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1693,6 +1693,21 @@ app_locations_iterator_location (iterator_t*);
void
init_cpe_match_nodes_iterator (iterator_t*, const char *);

void
init_cve_cpe_match_nodes_iterator (iterator_t*, const char *);

void
init_cve_reference_iterator (iterator_t*, const char *);

const char*
cve_reference_iterator_url (iterator_t*);

const char*
cve_reference_iterator_tags (iterator_t*);

const char*
cve_reference_iterator_tags_count (iterator_t*);

long long int
cpe_match_nodes_iterator_root_id (iterator_t*);

Expand All @@ -1709,25 +1724,40 @@ long long int
cpe_match_node_childs_iterator_id (iterator_t*);

void
init_cpe_match_range_iterator (iterator_t*, long long int);
init_cpe_match_string_iterator (iterator_t*, long long int);

const char*
cpe_match_range_iterator_cpe (iterator_t*);
cpe_match_string_iterator_criteria (iterator_t*);

const char*
cpe_match_range_iterator_version_start_incl (iterator_t*);
cpe_match_string_iterator_match_criteria_id (iterator_t*);

const char*
cpe_match_range_iterator_version_start_excl (iterator_t*);
cpe_match_string_iterator_status (iterator_t*);

const char*
cpe_match_range_iterator_version_end_incl (iterator_t*);
cpe_match_string_iterator_version_start_incl (iterator_t*);

const char*
cpe_match_range_iterator_version_end_excl (iterator_t*);
cpe_match_string_iterator_version_start_excl (iterator_t*);

const char*
cpe_match_string_iterator_version_end_incl (iterator_t*);

const char*
cpe_match_string_iterator_version_end_excl (iterator_t*);

int
cpe_match_range_iterator_vulnerable (iterator_t*);
cpe_match_string_iterator_vulnerable (iterator_t*);

void
init_cpe_match_string_matches_iterator (iterator_t*, const char *);

const char*
cpe_matches_cpe_name_id (iterator_t*);

const char*
cpe_matches_cpe_name (iterator_t*);

void
init_host_details_cpe_product_iterator (iterator_t*, const char *, report_host_t);
Expand Down
Loading
Loading