From e76cc69150531b119ad19130b6707657ddd8a62f Mon Sep 17 00:00:00 2001
From: Johannes Helmold <johannes.helmold@greenbone.net>
Date: Mon, 21 Oct 2024 15:43:02 +0200
Subject: [PATCH 1/6] Change: Log to stderr, new log file build option.

Now the log messages are logged to stderr by default. The log file
for the generated gvmd_log.conf can now be set by a new build option
GVMD_LOG_FILE.
---
 CMakeLists.txt             | 15 ++++++++++-----
 src/gvmd_log_conf.cmake_in | 20 ++++++++++----------
 2 files changed, 20 insertions(+), 15 deletions(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 9d3b36a5a..ec0d19b3b 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -163,11 +163,15 @@ if (NOT GVMD_STATE_DIR)
   set (GVMD_STATE_DIR  "${GVM_STATE_DIR}/gvmd")
 endif (NOT GVMD_STATE_DIR)
 
-if (NOT GVM_LOG_DIR)
-  set (GVM_LOG_DIR    "${LOCALSTATEDIR}/log/gvm")
-else (NOT GVM_LOG_DIR)
-  set (GVM_LOG_DIR    "${GVM_LOG_DIR}")
-endif (NOT GVM_LOG_DIR)
+if (NOT GVMD_LOG_FILE)
+  if (GVM_LOG_DIR)
+    set (GVMD_LOG_FILE    "${GVM_LOG_DIR}/gvmd.log")
+  else (GVM_LOG_DIR)
+    set (GVMD_LOG_FILE    "-")
+  endif (GVMD_LOG_DIR)
+else (NOT GVMD_LOG_FILE)
+  set (GVMD_LOG_FILE    "${GVMD_LOG_FILE}")
+endif (NOT GVMD_LOG_FILE)
 
 set (GVM_SCAP_RES_DIR "${GVM_DATA_DIR}/scap")
 set (GVM_CERT_RES_DIR "${GVM_DATA_DIR}/cert")
@@ -253,6 +257,7 @@ endif (NOT COMPLIANCE_REPORTS)
 add_definitions (-DCOMPLIANCE_REPORTS=${COMPLIANCE_REPORTS})
 
 message ("-- Install prefix: ${CMAKE_INSTALL_PREFIX}")
+message ("-- Log file: ${GVMD_LOG_FILE}")
 
 ## Version
 
diff --git a/src/gvmd_log_conf.cmake_in b/src/gvmd_log_conf.cmake_in
index fd0c375a0..e5dcc3d73 100644
--- a/src/gvmd_log_conf.cmake_in
+++ b/src/gvmd_log_conf.cmake_in
@@ -7,63 +7,63 @@
 prepend=%t %s %p
 separator=:
 prepend_time_format=%Y-%m-%d %Hh%M.%S %Z
-file=${GVM_LOG_DIR}/gvmd.log
+file=${GVMD_LOG_FILE}
 level=127
 
 [md manage]
 prepend=%t %s %p
 separator=:
 prepend_time_format=%Y-%m-%d %Hh%M.%S %Z
-file=${GVM_LOG_DIR}/gvmd.log
+file=${GVMD_LOG_FILE}
 level=127
 
 [md    gmp]
 prepend=%t %s %p
 separator=:
 prepend_time_format=%Y-%m-%d %Hh%M.%S %Z
-file=${GVM_LOG_DIR}/gvmd.log
+file=${GVMD_LOG_FILE}
 level=127
 
 [md  crypt]
 prepend=%t %s %p
 separator=:
 prepend_time_format=%Y-%m-%d %Hh%M.%S %Z
-file=${GVM_LOG_DIR}/gvmd.log
+file=${GVMD_LOG_FILE}
 level=127
 
 [md  utils]
 prepend=%t %s %p
 separator=:
 prepend_time_format=%Y-%m-%d %Hh%M.%S %Z
-file=${GVM_LOG_DIR}/gvmd.log
+file=${GVMD_LOG_FILE}
 level=127
 
 [libgvm base]
 prepend=%t %s %p
 separator=:
 prepend_time_format=%Y-%m-%d %Hh%M.%S %Z
-file=${GVM_LOG_DIR}/gvmd.log
+file=${GVMD_LOG_FILE}
 level=127
 
 [libgvm gmp]
 prepend=%t %s %p
 separator=:
 prepend_time_format=%Y-%m-%d %Hh%M.%S %Z
-file=${GVM_LOG_DIR}/gvmd.log
+file=${GVMD_LOG_FILE}
 level=127
 
 [libgvm osp]
 prepend=%t %s %p
 separator=:
 prepend_time_format=%Y-%m-%d %Hh%M.%S %Z
-file=${GVM_LOG_DIR}/gvmd.log
+file=${GVMD_LOG_FILE}
 level=127
 
 [libgvm util]
 prepend=%t %s %p
 separator=:
 prepend_time_format=%Y-%m-%d %Hh%M.%S %Z
-file=${GVM_LOG_DIR}/gvmd.log
+file=${GVMD_LOG_FILE}
 level=127
 
 [event syslog]
@@ -86,5 +86,5 @@ level=128
 prepend=%t %s %p
 separator=:
 prepend_time_format=%Y-%m-%d %Hh%M.%S %Z
-file=${GVM_LOG_DIR}/gvmd.log
+file=${GVMD_LOG_FILE}
 level=127

From fc1ed180fcb82b29b93129dacde6f7c10ce70ee7 Mon Sep 17 00:00:00 2001
From: Johannes Helmold <johannes.helmold@greenbone.net>
Date: Tue, 5 Nov 2024 14:55:20 +0100
Subject: [PATCH 2/6] Small optimization of setting the log file.

---
 CMakeLists.txt | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index ec0d19b3b..17f6af582 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -165,12 +165,10 @@ endif (NOT GVMD_STATE_DIR)
 
 if (NOT GVMD_LOG_FILE)
   if (GVM_LOG_DIR)
-    set (GVMD_LOG_FILE    "${GVM_LOG_DIR}/gvmd.log")
+    set (GVMD_LOG_FILE "${GVM_LOG_DIR}/gvmd.log")
   else (GVM_LOG_DIR)
-    set (GVMD_LOG_FILE    "-")
-  endif (GVMD_LOG_DIR)
-else (NOT GVMD_LOG_FILE)
-  set (GVMD_LOG_FILE    "${GVMD_LOG_FILE}")
+    set (GVMD_LOG_FILE "-")
+  endif (GVM_LOG_DIR)
 endif (NOT GVMD_LOG_FILE)
 
 set (GVM_SCAP_RES_DIR "${GVM_DATA_DIR}/scap")

From d22536008eb33e9f7b0a8a09209cfbf313c278f2 Mon Sep 17 00:00:00 2001
From: Johannes Helmold <johannes.helmold@greenbone.net>
Date: Thu, 7 Nov 2024 16:23:10 +0100
Subject: [PATCH 3/6] Add: The table scap.affected_products is filled for the
 new JSON feed.

This commit contains the filling of the table scap.affected_products
and a small bug-fix for the CVE scan.
---
 src/manage_sql.c         |  2 +-
 src/manage_sql_secinfo.c | 34 ++++++++++++++++++++++++++++++++++
 2 files changed, 35 insertions(+), 1 deletion(-)

diff --git a/src/manage_sql.c b/src/manage_sql.c
index be266c79a..613775b10 100644
--- a/src/manage_sql.c
+++ b/src/manage_sql.c
@@ -20511,7 +20511,7 @@ init_cpe_match_nodes_iterator (iterator_t* iterator, const char *criteria)
                  " JOIN scap.cpe_nodes_match_criteria c"
                  " ON n.id = c.node_id"
                  " JOIN scap.cpe_match_strings r"
-                 " ON c.match_criteria = r.match_criteria_id"
+                 " ON c.match_criteria_id = r.match_criteria_id"
                  " WHERE criteria like '%s%%';",
                  quoted_criteria);
   g_free (quoted_criteria);
diff --git a/src/manage_sql_secinfo.c b/src/manage_sql_secinfo.c
index 4e6d3d6fc..ed4903771 100644
--- a/src/manage_sql_secinfo.c
+++ b/src/manage_sql_secinfo.c
@@ -4043,6 +4043,31 @@ update_scap_cves ()
   return 0;
 }
 
+/**
+ * @brief Update SCAP affected products.
+ *
+ * Assume that the databases are attached.
+ *
+ * @return 0 success, -1 error.
+ */
+static int
+update_scap_affected_products ()
+{
+  g_info ("Updating affected products");
+
+  sql ("INSERT INTO scap2.affected_products"
+       "  SELECT DISTINCT scap2.cpe_match_nodes.cve_id, scap2.cpes.id"
+       "    FROM scap2.cpe_match_nodes, scap2.cpe_nodes_match_criteria,"
+       "         scap2.cpe_matches, scap2.cpes"
+       "    WHERE scap2.cpe_match_nodes.id = scap2.cpe_nodes_match_criteria.node_id"
+       "      AND scap2.cpe_nodes_match_criteria.vulnerable = 1"
+       "      AND scap2.cpe_nodes_match_criteria.match_criteria_id ="
+       "            scap2.cpe_matches.match_criteria_id"
+       "      AND scap2.cpe_matches.cpe_name_id = scap2.cpes.cpe_name_id;");
+
+  return 0;
+}
+
 /**
  * @brief Insert a SCAP CPE match string from JSON.
  *
@@ -5606,6 +5631,15 @@ update_scap (gboolean reset_scap_db)
       return -1;
     }
 
+  g_debug ("%s: update affected_products", __func__);
+  setproctitle ("Syncing SCAP: Updating affected products");
+
+  if (update_scap_affected_products () == -1)
+    {
+      abort_scap_update ();
+      return -1;
+    }
+
   g_debug ("%s: updating user defined data", __func__);
 
   g_debug ("%s: update epss", __func__);

From b3ff0ab4d139f99cf8905d3bbaf4089661d1c2dd Mon Sep 17 00:00:00 2001
From: Johannes Helmold <johannes.helmold@greenbone.net>
Date: Mon, 11 Nov 2024 10:03:19 +0100
Subject: [PATCH 4/6] Small amendment.

---
 src/manage_sql_secinfo.c | 12 ++----------
 1 file changed, 2 insertions(+), 10 deletions(-)

diff --git a/src/manage_sql_secinfo.c b/src/manage_sql_secinfo.c
index ed4903771..fead001e6 100644
--- a/src/manage_sql_secinfo.c
+++ b/src/manage_sql_secinfo.c
@@ -4047,10 +4047,8 @@ update_scap_cves ()
  * @brief Update SCAP affected products.
  *
  * Assume that the databases are attached.
- *
- * @return 0 success, -1 error.
  */
-static int
+static void
 update_scap_affected_products ()
 {
   g_info ("Updating affected products");
@@ -4064,8 +4062,6 @@ update_scap_affected_products ()
        "      AND scap2.cpe_nodes_match_criteria.match_criteria_id ="
        "            scap2.cpe_matches.match_criteria_id"
        "      AND scap2.cpe_matches.cpe_name_id = scap2.cpes.cpe_name_id;");
-
-  return 0;
 }
 
 /**
@@ -5634,11 +5630,7 @@ update_scap (gboolean reset_scap_db)
   g_debug ("%s: update affected_products", __func__);
   setproctitle ("Syncing SCAP: Updating affected products");
 
-  if (update_scap_affected_products () == -1)
-    {
-      abort_scap_update ();
-      return -1;
-    }
+  update_scap_affected_products ();
 
   g_debug ("%s: updating user defined data", __func__);
 

From 7cb34b7d3b36f68f3164f20988a6aa5ffc4801f6 Mon Sep 17 00:00:00 2001
From: Ahmed Abdelsalam <ahmed.abdelsalam@greenbone.net>
Date: Fri, 8 Nov 2024 15:18:40 +0100
Subject: [PATCH 5/6] Fix: Remove the insertion of unused deprecated-by-id from
 XML CPE feed files

---
 src/manage_sql_secinfo.c | 21 ++-------------------
 1 file changed, 2 insertions(+), 19 deletions(-)

diff --git a/src/manage_sql_secinfo.c b/src/manage_sql_secinfo.c
index fead001e6..70b819944 100644
--- a/src/manage_sql_secinfo.c
+++ b/src/manage_sql_secinfo.c
@@ -2081,7 +2081,7 @@ static int
 insert_scap_cpe (inserts_t *inserts, element_t cpe_item, element_t item_metadata,
                  int modification_time)
 {
-  gchar *name, *status, *deprecated, *nvd_id;
+  gchar *name, *status, *nvd_id;
   gchar *quoted_name, *quoted_title, *quoted_status, *quoted_nvd_id;
   element_t title;
   int first;
@@ -2103,27 +2103,12 @@ insert_scap_cpe (inserts_t *inserts, element_t cpe_item, element_t item_metadata
       return -1;
     }
 
-  deprecated = element_attribute (item_metadata,
-                                 "deprecated-by-nvd-id");
-  if (deprecated
-      && (g_regex_match_simple ("^[0-9]+$", (gchar *) deprecated, 0, 0)
-          == 0))
-    {
-      g_warning ("%s: invalid deprecated-by-nvd-id: %s",
-                 __func__,
-                 deprecated);
-      g_free (name);
-      g_free (status);
-      return -1;
-    }
-
   nvd_id = element_attribute (item_metadata, "nvd-id");
   if (nvd_id == NULL)
     {
       g_warning ("%s: nvd_id missing", __func__);
       g_free (name);
       g_free (status);
-      g_free (deprecated);
       return -1;
     }
 
@@ -2163,7 +2148,7 @@ insert_scap_cpe (inserts_t *inserts, element_t cpe_item, element_t item_metadata
   first = inserts_check_size (inserts);
 
   g_string_append_printf (inserts->statement,
-                          "%s ('%s', '%s', '%s', %i, %i, '%s', %s, '%s')",
+                          "%s ('%s', '%s', '%s', %i, %i, '%s', '%s')",
                           first ? "" : ",",
                           quoted_name,
                           quoted_name,
@@ -2171,7 +2156,6 @@ insert_scap_cpe (inserts_t *inserts, element_t cpe_item, element_t item_metadata
                           modification_time,
                           modification_time,
                           quoted_status,
-                          deprecated ? deprecated : "NULL",
                           quoted_nvd_id);
 
   inserts->current_chunk_size++;
@@ -2180,7 +2164,6 @@ insert_scap_cpe (inserts_t *inserts, element_t cpe_item, element_t item_metadata
   g_free (quoted_name);
   g_free (quoted_status);
   g_free (quoted_nvd_id);
-  g_free (deprecated);
 
   return 0;
 }

From 2ed6a1b7844c45c7dc3cab126994f5b4766d4bb7 Mon Sep 17 00:00:00 2001
From: Ahmed Abdelsalam <ahmed.abdelsalam@greenbone.net>
Date: Mon, 11 Nov 2024 16:53:44 +0100
Subject: [PATCH 6/6] Change: Insert CVEs products from CPE matches table

---
 src/manage_sql_secinfo.c | 22 +++++++++++++++++++++-
 1 file changed, 21 insertions(+), 1 deletion(-)

diff --git a/src/manage_sql_secinfo.c b/src/manage_sql_secinfo.c
index 70b819944..cf13bf215 100644
--- a/src/manage_sql_secinfo.c
+++ b/src/manage_sql_secinfo.c
@@ -3406,6 +3406,7 @@ handle_cve_configurations (resource_t cve_db_id, char * cve_id,
                            cJSON* configurations_json)
 {
   cJSON *configuration_item;
+  GString *software = g_string_new ("");
 
   cJSON_ArrayForEach (configuration_item, configurations_json)
     {
@@ -3495,11 +3496,30 @@ handle_cve_configurations (resource_t cve_db_id, char * cve_id,
                   id,
                   vulnerable ? 1 : 0,
                   quoted_match_criteria_id);
-              
+
+              if (vulnerable)
+                {
+                  iterator_t cpe_matches;
+                  init_cpe_match_string_matches_iterator (&cpe_matches, quoted_match_criteria_id);
+                  while (next (&cpe_matches))
+                    g_string_append_printf (software, "%s ", cpe_matches_cpe_name (&cpe_matches));
+                  cleanup_iterator (&cpe_matches);
+                }
               g_free (quoted_match_criteria_id);          
             }
         }
     }
+    if (software->len > 0)
+      {
+        gchar *quoted_software = sql_quote (software->str);
+        sql ("UPDATE scap2.cves"
+             " SET products = '%s'"
+             " WHERE id = %llu;",
+             quoted_software, cve_db_id);
+        g_free (quoted_software);
+      }
+    g_string_free (software, TRUE);
+
  return 0;
 }