GVM management layer: NVTs. More...

#include <assert.h>
#include <errno.h>
#include <math.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <gvm/base/cvss.h>
#include "manage_sql_nvts.h"
#include "manage_preferences.h"
#include "manage_sql.h"
#include "manage_sql_configs.h"
#include "sql.h"
#include "utils.h"

Macros
#define	_GNU_SOURCE
	Enable extra GNU functions.

#define	G_LOG_DOMAIN "md manage"
	GLib log domain.

Functions
const gchar *	get_osp_vt_update_socket ()
	Get the current file socket for OSP NVT update. More...

void	set_osp_vt_update_socket (const char *new_socket)
	Set the file socket for OSP NVT update. More...

int	check_osp_vt_update_socket ()
	Check the files socket used for OSP NVT update. More...

void	check_db_nvts ()
	Ensures the sanity of nvts cache in DB.

char *	manage_nvt_name (nvt_t nvt)
	Get the name of an NVT. More...

char *	nvt_name (const char *oid)
	Get the name of an NVT given its OID. More...

char *	nvts_feed_version ()
	Return feed version of the plugins in the plugin cache. More...

time_t	nvts_feed_version_epoch ()
	Return feed version of the plugins as seconds since epoch. More...

void	set_nvts_feed_version (const char *feed_version)
	Set the feed version of the plugins in the plugin cache. More...

gboolean	find_nvt (const char oid, nvt_t nvt)
	Find an NVT given an identifier. More...

static void	insert_nvt (const nvti_t *nvti)
	Insert an NVT. More...

int	init_nvt_info_iterator (iterator_t iterator, get_data_t get, const char *name)
	Initialise an NVT iterator. More...

static gchar *	nvt_iterator_columns ()
	Get NVT iterator SELECT columns. More...

static gchar *	nvt_iterator_columns_nvts ()
	Get NVT iterator SELECT columns. More...

int	nvt_info_count (const get_data_t *get)
	Count number of nvt. More...

int	nvt_info_count_after (const get_data_t *get, time_t count_time, gboolean get_modified)
	Count number of nvts created or modified after a given time. More...

static gchar *	select_config_nvts (const config_t config, const char family, int ascending, const char sort_field)
	Return SQL for selecting NVT's of a config from one family. More...

void	init_nvt_iterator (iterator_t iterator, nvt_t nvt, config_t config, const char family, const char category, int ascending, const char sort_field)
	Initialise an NVT iterator. More...

void	init_cve_nvt_iterator (iterator_t iterator, const char cve, int ascending, const char *sort_field)
	Initialise an NVT iterator, for NVTs of a certain CVE. More...

int	nvt_iterator_category (iterator_t *iterator)
	Get the category from an NVT iterator. More...

char *	nvt_default_timeout (const char *oid)
	Get the default timeout of an NVT. More...

char *	nvt_family (const char *oid)
	Get the family of an NVT. More...

int	family_nvt_count (const char *family)
	Get the number of NVTs in one or all families. More...

int	family_count ()
	Get the number of families. More...

static void	insert_nvt_preference (gpointer nvt_preference, gpointer dummy)
	Insert a NVT preferences. More...

static void	insert_nvt_preferences_list (GList *nvt_preferences_list)
	Inserts NVT preferences in DB from a list of nvt_preference_t structures. More...

static void	set_nvts_check_time (int count_new, int count_modified)
	Set the NVT update check time in the meta table. More...

static int	update_preferences_from_vt (entity_t vt, const gchar oid, GList *preferences)
	Update NVT from VT XML. More...

static nvti_t *	nvti_from_vt (entity_t vt)
	Create NVTI structure from VT XML. More...

static int	update_nvts_from_vts (entity_t get_vts_response, const gchar scanner_feed_version)
	Update NVTs from VTs XML. More...

static void	check_old_preference_names (const gchar *table)
	Check that preference names are in the new format. More...

static void	check_preference_names (int trash, time_t modification_time)
	Update config preferences where the name has changed in the NVTs. More...

void	init_nvt_severity_iterator (iterator_t iterator, const char oid)
	Initialise an NVT severity iterator. More...

double	nvt_severity_iterator_score (iterator_t *iterator)
	Gets the score from an NVT severity iterator. More...

static int	update_nvt_cache_osp (const gchar update_socket, gchar db_feed_version, gchar *scanner_feed_version)
	Update VTs via OSP. More...

static char *	osp_scanner_feed_version (const gchar *update_socket)
	Get the VTs feed version from an OSP scanner. More...

static int	nvts_feed_version_status_internal (const gchar update_socket, gchar db_feed_version_out, gchar *scanner_feed_version_out)
	Check VTs feed version status via OSP, optionally get versions. More...

int	nvts_feed_version_status ()
	Check VTs feed version status. More...

int	manage_update_nvt_cache_osp (const gchar *update_socket)
	Update VTs via OSP. More...

void	manage_sync_nvts (int(*fork_update_nvt_cache)())
	Sync NVTs if newer NVTs are available. More...

int	update_or_rebuild_nvts (int update)
	Update or rebuild NVT db. More...

int	manage_rebuild (GSList log_config, const db_conn_info_t database)
	Rebuild NVT db. More...

int	manage_dump_vt_verification (GSList log_config, const db_conn_info_t database)
	Dump the string used to calculate the VTs verification hash to stdout. More...

int	cleanup_nvt_sequences ()
	Cleans up NVT related id sequences likely to run out. More...

Variables
static gchar *	osp_vt_update_socket = NULL
	File socket for OSP NVT update.

Detailed Description

GVM management layer: NVTs.

The NVT parts of the GVM management layer.

Function Documentation

◆ check_old_preference_names()

static void check_old_preference_names ( const gchar * table )

static

Check that preference names are in the new format.

Parameters

[in] table Table name.

◆ check_osp_vt_update_socket()

int check_osp_vt_update_socket ( )

Check the files socket used for OSP NVT update.

Returns: 0 success, 1 no socket found.

◆ check_preference_names()

static void check_preference_names	(	int	trash,
		time_t	modification_time
	)

static

Update config preferences where the name has changed in the NVTs.

Parameters

[in]	trash	Whether to update the trash table.
[in]	modification_time	Time NVTs considered must be modified after.

◆ cleanup_nvt_sequences()

int cleanup_nvt_sequences ( )

Cleans up NVT related id sequences likely to run out.

Returns: 0 success, -1 error.

◆ family_count()

int family_count ( )

Get the number of families.

Returns: Total number of families.

◆ family_nvt_count()

int family_nvt_count ( const char * family )

Get the number of NVTs in one or all families.

Parameters

[in] family Family name. NULL for all families.

Returns: Number of NVTs in family, or total number of nvts.

◆ find_nvt()

gboolean find_nvt	(	const char *	oid,
		nvt_t *	nvt
	)

Find an NVT given an identifier.

Parameters

[in]	oid	An NVT identifier.
[out]	nvt	NVT return, 0 if successfully failed to find task.

Returns: FALSE on success (including if failed to find NVT), TRUE on error.

◆ get_osp_vt_update_socket()

const gchar* get_osp_vt_update_socket ( )

Get the current file socket for OSP NVT update.

Returns: The path of the file socket for OSP NVT update.

◆ init_cve_nvt_iterator()

void init_cve_nvt_iterator	(	iterator_t *	iterator,
		const char *	cve,
		int	ascending,
		const char *	sort_field
	)

Initialise an NVT iterator, for NVTs of a certain CVE.

Parameters

[in]	iterator	Iterator.
[in]	cve	CVE name.
[in]	ascending	Whether to sort ascending or descending.
[in]	sort_field	Field to sort on, or NULL for "id".

◆ init_nvt_info_iterator()

int init_nvt_info_iterator	(	iterator_t *	iterator,
		get_data_t *	get,
		const char *	name
	)

Initialise an NVT iterator.

Parameters

[in]	iterator	Iterator.
[in]	get	GET data.
[in]	name	Name of the info

Returns: 0 success, 1 failed to find NVT, 2 failed to find filter, -1 error.

◆ init_nvt_iterator()

void init_nvt_iterator	(	iterator_t *	iterator,
		nvt_t	nvt,
		config_t	config,
		const char *	family,
		const char *	category,
		int	ascending,
		const char *	sort_field
	)

Initialise an NVT iterator.

Parameters

[in]	iterator	Iterator.
[in]	nvt	NVT to iterate over, all if 0.
[in]	config	Config to limit selection to. NULL for all NVTs. Overridden by nvt.
[in]	family	Family to limit selection to. NULL for all NVTs. Overridden by config.
[in]	category	Category to limit selection to. NULL for all.
[in]	ascending	Whether to sort ascending or descending.
[in]	sort_field	Field to sort on, or NULL for "id".

◆ init_nvt_severity_iterator()

void init_nvt_severity_iterator	(	iterator_t *	iterator,
		const char *	oid
	)

Initialise an NVT severity iterator.

Parameters

[in]	iterator	Iterator.
[in]	oid	OID of NVT.

◆ insert_nvt()

static void insert_nvt ( const nvti_t * nvti )

static

Insert an NVT.

Parameters

[in] nvti NVT Information.

◆ insert_nvt_preference()

static void insert_nvt_preference	(	gpointer	nvt_preference,
		gpointer	dummy
	)

static

Insert a NVT preferences.

Parameters

[in]	nvt_preference	Preference.
[in]	dummy	Dummy arg for g_list_foreach.

◆ insert_nvt_preferences_list()

static void insert_nvt_preferences_list ( GList * nvt_preferences_list )

static

Inserts NVT preferences in DB from a list of nvt_preference_t structures.

Parameters

[in] nvt_preferences_list List of nvts to be inserted.

◆ manage_dump_vt_verification()

int manage_dump_vt_verification	(	GSList *	log_config,
		const db_conn_info_t *	database
	)

Dump the string used to calculate the VTs verification hash to stdout.

Parameters

[in]	log_config	Log configuration.
[in]	database	Location of manage database.

Returns: 0 success, -1 error, -2 database is wrong version, -3 database needs to be initialised from server, -5 sync active.

◆ manage_nvt_name()

char* manage_nvt_name ( nvt_t nvt )

Get the name of an NVT.

Parameters

[in] nvt NVT.

Returns: Freshly allocated name of NVT if possible, else NULL.

◆ manage_rebuild()

int manage_rebuild	(	GSList *	log_config,
		const db_conn_info_t *	database
	)

Rebuild NVT db.

Parameters

[in]	log_config	Log configuration.
[in]	database	Location of manage database.

Returns: 0 success, 1 VT integrity check failed, -1 error, -2 database is wrong version, -3 database needs to be initialised from server, -5 sync active.

◆ manage_sync_nvts()

void manage_sync_nvts ( int(*)() fork_update_nvt_cache )

Sync NVTs if newer NVTs are available.

Parameters

[in] fork_update_nvt_cache Function to do the update.

◆ manage_update_nvt_cache_osp()

int manage_update_nvt_cache_osp ( const gchar * update_socket )

Update VTs via OSP.

Expect to be called in the child after a fork.

Parameters

[in] update_socket Socket to use to contact ospd-openvas scanner.

Returns: 0 success, -1 error, 1 VT integrity check failed.

◆ nvt_default_timeout()

char* nvt_default_timeout ( const char * oid )

Get the default timeout of an NVT.

Parameters

[in] oid The OID of the NVT to get the timeout of.

Returns: Newly allocated string of the timeout in seconds or NULL.

◆ nvt_family()

char* nvt_family ( const char * oid )

Get the family of an NVT.

Parameters

[in] oid The OID of the NVT.

Returns: Newly allocated string of the family, or NULL.

◆ nvt_info_count()

int nvt_info_count ( const get_data_t * get )

Count number of nvt.

Parameters

[in] get GET params.

Returns: Total number of cpes in filtered set.

◆ nvt_info_count_after()

int nvt_info_count_after	(	const get_data_t *	get,
		time_t	count_time,
		gboolean	get_modified
	)

Count number of nvts created or modified after a given time.

Parameters

[in]	get	GET params.
[in]	count_time	Time NVTs must be created or modified after.
[in]	get_modified	Whether to get the modification time.

Returns: Total number of nvts in filtered set.

◆ nvt_iterator_category()

int nvt_iterator_category ( iterator_t * iterator )

Get the category from an NVT iterator.

Parameters

[in] iterator Iterator.

Returns: Category.

◆ nvt_iterator_columns()

static gchar* nvt_iterator_columns ( )

static

Get NVT iterator SELECT columns.

Returns: SELECT columns

◆ nvt_iterator_columns_nvts()

static gchar* nvt_iterator_columns_nvts ( )

static

Get NVT iterator SELECT columns.

Returns: SELECT columns

◆ nvt_name()

char* nvt_name ( const char * oid )

Get the name of an NVT given its OID.

Parameters

[in] oid OID of NVT.

Returns: Name of NVT if possible, else NULL.

◆ nvt_severity_iterator_score()

double nvt_severity_iterator_score ( iterator_t * iterator )

Gets the score from an NVT severity iterator.

Parameters

[in] iterator Iterator.

Returns: The score of the severity.

◆ nvti_from_vt()

static nvti_t* nvti_from_vt ( entity_t vt )

static

Create NVTI structure from VT XML.

Parameters

[in] vt OSP GET_VTS VT element.

Returns: The NVTI object on success (needs to be free'd), NULL on error.

◆ nvts_feed_version()

char* nvts_feed_version ( )

Return feed version of the plugins in the plugin cache.

Returns: Feed version of plugins if the plugins are cached, else NULL.

◆ nvts_feed_version_epoch()

time_t nvts_feed_version_epoch ( )

Return feed version of the plugins as seconds since epoch.

Returns: Feed version in seconds since epoch of plugins.

◆ nvts_feed_version_status()

int nvts_feed_version_status ( )

Check VTs feed version status.

Returns: 0 VTs feed current, 1 VT update needed, -1 error.

◆ nvts_feed_version_status_internal()

static int nvts_feed_version_status_internal	(	const gchar *	update_socket,
		gchar **	db_feed_version_out,
		gchar **	scanner_feed_version_out
	)

static

Check VTs feed version status via OSP, optionally get versions.

Parameters

[in]	update_socket	Socket to use to contact ospd-openvas scanner.
[out]	db_feed_version_out	Output of database feed version.
[out]	scanner_feed_version_out	Output of scanner feed version.

Returns: 0 VTs feed current, -1 error, 1 VT update needed.

◆ osp_scanner_feed_version()

static char* osp_scanner_feed_version ( const gchar * update_socket )

static

Get the VTs feed version from an OSP scanner.

Parameters

[in] update_socket Socket to use to contact ospd-openvas scanner.

Returns: The feed version or NULL on error.

◆ select_config_nvts()

static gchar* select_config_nvts	(	const config_t	config,
		const char *	family,
		int	ascending,
		const char *	sort_field
	)

static

Return SQL for selecting NVT's of a config from one family.

Parameters

[in]	config	Config.
[in]	family	Family to limit selection to.
[in]	ascending	Whether to sort ascending or descending.
[in]	sort_field	Field to sort on, or NULL for "nvts.id".

Returns: Freshly allocated SELECT statement on success, or NULL on error.

◆ set_nvts_check_time()

static void set_nvts_check_time	(	int	count_new,
		int	count_modified
	)

static

Set the NVT update check time in the meta table.

Parameters

[in]	count_new	Number of new VTs with current update.
[in]	count_modified	Number of modified VTs with current update.

◆ set_nvts_feed_version()

void set_nvts_feed_version ( const char * feed_version )

Set the feed version of the plugins in the plugin cache.

Parameters

[in] feed_version New feed version.

Also queue an update to the nvti cache.

◆ set_osp_vt_update_socket()

void set_osp_vt_update_socket ( const char * new_socket )

Set the file socket for OSP NVT update.

Parameters

new_socket The new path of the file socket for OSP NVT update.

◆ update_nvt_cache_osp()

static int update_nvt_cache_osp	(	const gchar *	update_socket,
		gchar *	db_feed_version,
		gchar *	scanner_feed_version
	)

static

Update VTs via OSP.

Parameters

[in]	update_socket	Socket to use to contact scanner.
[in]	db_feed_version	Feed version from meta table.
[in]	scanner_feed_version	Feed version from scanner.

Returns: 0 success, 1 VT integrity check failed, -1 error.

◆ update_nvts_from_vts()

static int update_nvts_from_vts	(	entity_t *	get_vts_response,
		const gchar *	scanner_feed_version
	)

static

Update NVTs from VTs XML.

Parameters

[in]	get_vts_response	OSP GET_VTS response.
[in]	scanner_feed_version	Version of feed from scanner.

Returns: 0 success, 1 VT integrity check failed, -1 error

◆ update_or_rebuild_nvts()

int update_or_rebuild_nvts ( int update )

Update or rebuild NVT db.

Caller must get the lock.

Parameters

[in] update 0 rebuild, else update.

Returns: 0 success, -1 error, -1 no osp update socket, -2 could not connect to osp update socket -3 failed to get scanner version

◆ update_preferences_from_vt()

static int update_preferences_from_vt	(	entity_t	vt,
		const gchar *	oid,
		GList **	preferences
	)

static

Update NVT from VT XML.

Parameters

[in]	vt	OSP GET_VTS VT element.
[in]	oid	OID of NVT.
[in]	preferences	All NVT preferences.

Returns: 0 success, -1 error.

Macros

Functions

Variables

Detailed Description

Function Documentation

◆ check_old_preference_names()

◆ check_osp_vt_update_socket()

◆ check_preference_names()

◆ cleanup_nvt_sequences()

◆ family_count()

◆ family_nvt_count()

◆ find_nvt()

◆ get_osp_vt_update_socket()

◆ init_cve_nvt_iterator()

◆ init_nvt_info_iterator()

◆ init_nvt_iterator()

◆ init_nvt_severity_iterator()

◆ insert_nvt()

◆ insert_nvt_preference()

◆ insert_nvt_preferences_list()

◆ manage_dump_vt_verification()

◆ manage_nvt_name()

◆ manage_rebuild()

◆ manage_sync_nvts()

◆ manage_update_nvt_cache_osp()

◆ nvt_default_timeout()

◆ nvt_family()

◆ nvt_info_count()

◆ nvt_info_count_after()

◆ nvt_iterator_category()

◆ nvt_iterator_columns()

◆ nvt_iterator_columns_nvts()

◆ nvt_name()

◆ nvt_severity_iterator_score()

◆ nvti_from_vt()

◆ nvts_feed_version()

◆ nvts_feed_version_epoch()

◆ nvts_feed_version_status()

◆ nvts_feed_version_status_internal()

◆ osp_scanner_feed_version()

◆ select_config_nvts()

◆ set_nvts_check_time()

◆ set_nvts_feed_version()

◆ set_osp_vt_update_socket()

◆ update_nvt_cache_osp()

◆ update_nvts_from_vts()

◆ update_or_rebuild_nvts()

◆ update_preferences_from_vt()