From 4e1254bd6236a296e691be43474009f3da2e10de Mon Sep 17 00:00:00 2001
From: Timo Pollmeier <timo.pollmeier@greenbone.net>
Date: Tue, 2 Jul 2024 09:35:46 +0200
Subject: [PATCH 001/134] Fix: Also create NVT indexes after rebuild

If the nvts, vt_refs and vt_severities tables have been replaced in a
VTs rebuild, indexes are now created for the new tables.

This addresses the the indexes not existing after a rebuild and the
subsequent performance issues.
---
 src/manage_pg.c       | 46 +++++++++++++++++++++++++++----------------
 src/manage_sql.h      |  3 +++
 src/manage_sql_nvts.c |  1 +
 3 files changed, 33 insertions(+), 17 deletions(-)

diff --git a/src/manage_pg.c b/src/manage_pg.c
index 19d3463f7..31d1201c7 100644
--- a/src/manage_pg.c
+++ b/src/manage_pg.c
@@ -1881,6 +1881,33 @@ create_tables_nvt (const gchar *suffix)
        suffix);
 }
 
+/**
+ * @brief Create NVT related indexes.
+ *
+ * @param[in]  suffix  String to append to table names.
+ */
+void
+create_indexes_nvt ()
+{
+  sql ("SELECT create_index ('nvts_by_creation_time',"
+       "                     'nvts',"
+       "                     'creation_time');");
+  sql ("SELECT create_index ('nvts_by_family', 'nvts', 'family');");
+  sql ("SELECT create_index ('nvts_by_name', 'nvts', 'name');");
+  sql ("SELECT create_index ('nvts_by_modification_time',"
+       "                     'nvts', 'modification_time');");
+  sql ("SELECT create_index ('nvts_by_cvss_base',"
+       "                     'nvts', 'cvss_base');");
+  sql ("SELECT create_index ('nvts_by_solution_type',"
+       "                     'nvts', 'solution_type');");
+  
+  sql ("SELECT create_index ('vt_refs_by_vt_oid',"
+       "                     'vt_refs', 'vt_oid');");
+
+  sql ("SELECT create_index ('vt_severities_by_vt_oid',"
+       "                     'vt_severities', 'vt_oid');");
+}
+
 /**
  * @brief Create all tables.
  */
@@ -3021,17 +3048,8 @@ create_tables ()
   sql ("SELECT create_index ('nvt_selectors_by_name',"
        "                     'nvt_selectors',"
        "                     'name');");
-  sql ("SELECT create_index ('nvts_by_creation_time',"
-       "                     'nvts',"
-       "                     'creation_time');");
-  sql ("SELECT create_index ('nvts_by_family', 'nvts', 'family');");
-  sql ("SELECT create_index ('nvts_by_name', 'nvts', 'name');");
-  sql ("SELECT create_index ('nvts_by_modification_time',"
-       "                     'nvts', 'modification_time');");
-  sql ("SELECT create_index ('nvts_by_cvss_base',"
-       "                     'nvts', 'cvss_base');");
-  sql ("SELECT create_index ('nvts_by_solution_type',"
-       "                     'nvts', 'solution_type');");
+
+  create_indexes_nvt ();
 
   sql ("SELECT create_index ('permissions_by_name',"
        "                     'permissions', 'name');");
@@ -3063,12 +3081,6 @@ create_tables ()
        "                     'tls_certificate_origins',"
        "                     'origin_id, origin_type')");
 
-  sql ("SELECT create_index ('vt_refs_by_vt_oid',"
-       "                     'vt_refs', 'vt_oid');");
-
-  sql ("SELECT create_index ('vt_severities_by_vt_oid',"
-       "                     'vt_severities', 'vt_oid');");
-
   /* Previously this included the value column but that can be bigger than 8191,
    * the maximum size that Postgres can handle.  For example, this can happen
    * for "ports".  Mostly value is short, like a CPE for the "App" detail,
diff --git a/src/manage_sql.h b/src/manage_sql.h
index dfe87caa6..9b6c7d81d 100644
--- a/src/manage_sql.h
+++ b/src/manage_sql.h
@@ -505,6 +505,9 @@ add_role_permission_resource (const gchar *, const gchar *, const gchar *,
 void
 create_view_vulns ();
 
+void
+create_indexes_nvt ();
+
 int
 config_family_entire_and_growing (config_t, const char*);
 
diff --git a/src/manage_sql_nvts.c b/src/manage_sql_nvts.c
index ccebce74f..302654bb7 100644
--- a/src/manage_sql_nvts.c
+++ b/src/manage_sql_nvts.c
@@ -1987,6 +1987,7 @@ update_nvts_from_vts (element_t *get_vts_response,
     sql ("ALTER TABLE nvts_rebuild RENAME TO nvts;");
 
     create_view_vulns ();
+    create_indexes_nvt ();
   }
 
   set_nvts_check_time (count_new_vts, count_modified_vts);

From 91f4f5ae9e20221cc5e89464dc2e947e88640be8 Mon Sep 17 00:00:00 2001
From: Matt Mundell <matt@mundell.me>
Date: Sat, 29 Jun 2024 05:51:22 +0200
Subject: [PATCH 002/134] GMP doc: add TEXT to AGGREGATE/OVERALL in
 GET_AGGREGATES

---
 src/schema_formats/XML/GMP.xml.in | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/src/schema_formats/XML/GMP.xml.in b/src/schema_formats/XML/GMP.xml.in
index 770120a01..e2e517f64 100644
--- a/src/schema_formats/XML/GMP.xml.in
+++ b/src/schema_formats/XML/GMP.xml.in
@@ -8115,6 +8115,7 @@ END:VCALENDAR
             <e>count</e>
             <e>c_count</e>
             <any><e>stats</e></any>
+            <any><e>text</e></any>
           </pattern>
           <ele>
             <name>count</name>
@@ -8169,6 +8170,18 @@ END:VCALENDAR
               <pattern><t>text</t></pattern>
             </ele>
           </ele>
+          <ele>
+            <name>text</name>
+            <summary>The value of a simple text column</summary>
+            <pattern>
+              <attrib>
+                <name>name</name>
+                <summary>Name of the text column</summary>
+                <type>text</type>
+              </attrib>
+              text
+            </pattern>
+          </ele>
         </ele>
         <ele>
           <name>subgroups</name>

From 56d8f86e389b8538ea5021e9f2acebb5891a5440 Mon Sep 17 00:00:00 2001
From: Timo Pollmeier <timo.pollmeier@greenbone.net>
Date: Mon, 22 Jul 2024 14:28:16 +0200
Subject: [PATCH 003/134] Add: New --min-mem-feed-update option

A new option is added which will make the automatic feed update wait
until a minimum amount of physical memory is available.

Additionally, the --mem-wait-retries can be used to set the number of
retries waiting for memory to be available in each process.
---
 doc/gvmd.8     |   6 +++
 doc/gvmd.8.xml |  18 +++++++
 doc/gvmd.html  |  18 +++++++
 src/gvmd.c     |  18 +++++++
 src/manage.c   | 143 ++++++++++++++++++++++++++++++++++++++++++++++++-
 src/manage.h   |  15 ++++++
 src/utils.c    |  23 ++++++++
 src/utils.h    |   6 +++
 8 files changed, 245 insertions(+), 2 deletions(-)

diff --git a/doc/gvmd.8 b/doc/gvmd.8
index 7972955c6..7179be5d4 100644
--- a/doc/gvmd.8
+++ b/doc/gvmd.8
@@ -121,9 +121,15 @@ Maximum size of user-defined message text in alert emails, in bytes.
 \fB--max-ips-per-target=\fINUMBER\fB\f1
 Maximum number of IPs per target.
 .TP
+\fB--mem-wait-retries=\fINUMBER\fB\f1
+How often to try waiting for available memory. Default: 30. Each retry will wait for 10 seconds. 
+.TP
 \fB-m, --migrate\f1
 Migrate the database and exit.
 .TP
+\fB--min-mem-feed-update=\fINUMBER\fB\f1
+Minimum memory in MiB for feed updates. Default: 0. Feed updates are skipped if less physical memory is available. 
+.TP
 \fB--modify-scanner=\fISCANNER-UUID\fB\f1
 Modify scanner SCANNER-UUID and exit.
 .TP
diff --git a/doc/gvmd.8.xml b/doc/gvmd.8.xml
index 7c2165808..8e4bca59a 100644
--- a/doc/gvmd.8.xml
+++ b/doc/gvmd.8.xml
@@ -287,12 +287,30 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
         <p>Maximum number of IPs per target.</p>
       </optdesc>
     </option>
+    <option>
+      <p><opt>--mem-wait-retries=<arg>NUMBER</arg></opt></p>
+      <optdesc>
+        <p>
+          How often to try waiting for available memory. Default: 30.
+          Each retry will wait for 10 seconds.
+        </p>
+      </optdesc>
+    </option>
     <option>
       <p><opt>-m, --migrate</opt></p>
       <optdesc>
         <p>Migrate the database and exit.</p>
       </optdesc>
     </option>
+    <option>
+      <p><opt>--min-mem-feed-update=<arg>NUMBER</arg></opt></p>
+      <optdesc>
+        <p>
+          Minimum memory in MiB for feed updates. Default: 0.
+          Feed updates are skipped if less physical memory is available.
+        </p>
+      </optdesc>
+    </option>
     <option>
       <p><opt>--modify-scanner=<arg>SCANNER-UUID</arg></opt></p>
       <optdesc>
diff --git a/doc/gvmd.html b/doc/gvmd.html
index 68913b68a..60ba46fe4 100644
--- a/doc/gvmd.html
+++ b/doc/gvmd.html
@@ -242,12 +242,30 @@ <h2>Options</h2>
       
     
     
+      <p><b>--mem-wait-retries=<em>NUMBER</em></b></p>
+      
+        <p>
+          How often to try waiting for available memory. Default: 30.
+           Each retry will wait for 10 seconds.
+        </p>
+      
+    
+    
       <p><b>-m, --migrate</b></p>
       
         <p>Migrate the database and exit.</p>
       
     
     
+      <p><b>--min-mem-feed-update=<em>NUMBER</em></b></p>
+      
+        <p>
+          Minimum memory in MiB for feed updates. Default: 0.
+          Feed updates are skipped if less physical memory is available.
+        </p>
+      
+    
+    
       <p><b>--modify-scanner=<em>SCANNER-UUID</em></b></p>
       
         <p>Modify scanner SCANNER-UUID and exit.</p>
diff --git a/src/gvmd.c b/src/gvmd.c
index 4ffdab4e8..05bc8c43c 100644
--- a/src/gvmd.c
+++ b/src/gvmd.c
@@ -1895,6 +1895,8 @@ gvmd (int argc, char** argv, char *env[])
   static gchar *broker_address = NULL;
   static gchar *feed_lock_path = NULL;
   static int feed_lock_timeout = 0;
+  static int mem_wait_retries = 30;
+  static int min_mem_feed_update = 0;
   static int vt_ref_insert_size = VT_REF_INSERT_SIZE_DEFAULT;
   static int vt_sev_insert_size = VT_SEV_INSERT_SIZE_DEFAULT;
   static gchar *vt_verification_collation = NULL;
@@ -2088,10 +2090,20 @@ gvmd (int argc, char** argv, char *env[])
           &max_ips_per_target,
           "Maximum number of IPs per target.",
           "<number>" },
+        { "mem-wait-retries", '\0', 0, G_OPTION_ARG_INT,
+          &mem_wait_retries,
+          "How often to try waiting for available memory. Default: 30."
+          " Each retry will wait for 10 seconds.",
+          "<number>" },
         { "migrate", 'm', 0, G_OPTION_ARG_NONE,
           &migrate_database,
           "Migrate the database and exit.",
           NULL },
+        { "min-mem-feed-update", '\0', 0, G_OPTION_ARG_INT,
+          &min_mem_feed_update,
+          "Minimum memory in MiB for feed updates. Default: 0."
+          " Feed updates are skipped if less physical memory is available.",
+          "<number>" },
         { "modify-scanner", '\0', 0, G_OPTION_ARG_STRING,
           &modify_scanner,
           "Modify scanner <scanner-uuid> and exit.",
@@ -2447,6 +2459,12 @@ gvmd (int argc, char** argv, char *env[])
       }
   }
 
+  /* Set number of retries waiting for memory */
+  set_mem_wait_retries (mem_wait_retries);
+  
+  /* Set minimum memory for feed updates */
+  set_min_mem_feed_update (min_mem_feed_update);
+
   /* Set relay mapper */
   if (relay_mapper)
     {
diff --git a/src/manage.c b/src/manage.c
index 0af8a5486..1465ca279 100644
--- a/src/manage.c
+++ b/src/manage.c
@@ -184,6 +184,16 @@ static gchar *feed_lock_path = NULL;
  */
 static int feed_lock_timeout = 0;
 
+/**
+ * @brief Retries for waiting for memory to be available.
+ */
+static int mem_wait_retries = 0;
+
+/**
+ * @brief Minimum available memory in MiB for running a feed update.
+ */
+static int min_mem_feed_update = 0;
+
 /**
  * @brief Path to the relay mapper executable, NULL to disable relays.
  */
@@ -5050,7 +5060,52 @@ feed_sync_required ()
   return FALSE;
 }
 
+/**
+ * @brief Wait for memory
+ * 
+ * @param[in]  check_func  Function to check memory, should return 1 if enough.
+ * @param[in]  retries     Number of retries.
+ * @param[in]  min_mem     Minimum memory in MiB, for logging only
+ * @param[in]  action      Short descriptor of action waiting for memory.
+ * 
+ * @return 0 if enough memory is available, 1 gave up
+ */
+static int
+wait_for_mem (int check_func(),
+              int retries,
+              int min_mem,
+              const char *action)
+{
+  int retry_number = 0;
+  while (check_func () == 0)
+    {
+      if (retry_number == 0)
+        {
+          g_info ("%s: not enough memory for %s"
+                  " (%lld / %d) MiB",
+                  __func__,
+                  action,
+                  phys_mem_available () / 1048576llu,
+                  min_mem);
+        }
+      else
+        {
+          g_debug ("%s: waiting for memory for %s"
+                   " (%lld / %d) MiB",
+                   __func__,
+                   action,
+                   phys_mem_available () / 1048576llu,
+                   min_mem);
+        }
+
+      retry_number ++;
+      if (retry_number > retries)
+        return 1;
 
+      sleep (SCHEDULE_PERIOD);
+    }
+  return 0;
+}
 
 /**
  * @brief Perform any syncing that is due.
@@ -5074,7 +5129,11 @@ manage_sync (sigset_t *sigmask_current,
 
   if (feed_sync_required ())
     {
-      if (feed_lockfile_lock (&lockfile) == 0)
+      if (wait_for_mem (check_min_mem_feed_update,
+                        mem_wait_retries,
+                        min_mem_feed_update,
+                        "SecInfo feed sync") == 0
+          && feed_lockfile_lock (&lockfile) == 0)
         {
           pid_t nvts_pid, scap_pid, cert_pid;
           nvts_pid = manage_sync_nvts (fork_update_nvt_cache);
@@ -5096,7 +5155,11 @@ manage_sync (sigset_t *sigmask_current,
           || should_sync_port_lists ()
           || should_sync_report_formats ()))
     {
-      if (feed_lockfile_lock (&lockfile) == 0)
+      if (wait_for_mem (check_min_mem_feed_update,
+                        mem_wait_retries,
+                        min_mem_feed_update,
+                        "data objects feed sync") == 0
+          && feed_lockfile_lock (&lockfile) == 0)
         {
           manage_sync_configs ();
           manage_sync_port_lists ();
@@ -6352,6 +6415,82 @@ set_feed_lock_timeout (int new_timeout)
     feed_lock_timeout = new_timeout;
 }
 
+/**
+ * @brief Get the number of retries when waiting for memory to be available.
+ *
+ * @return The current number of retries.
+ */
+int
+get_mem_wait_retries()
+{
+  return mem_wait_retries;
+}
+
+/**
+ * @brief Set the number of retries when waiting for memory to be available.
+ *
+ * @param[in]  new_retries The new number of retries.
+ */
+void
+set_mem_wait_retries (int new_retries)
+{
+  if (new_retries < 0)
+    min_mem_feed_update = 0;
+  else
+    min_mem_feed_update = new_retries;
+}
+
+/**
+ * @brief Check if the minimum memory for feed updates is available
+ * 
+ * @return 1 if minimum memory amount is available, 0 if not
+ */
+int
+check_min_mem_feed_update ()
+{
+  if (min_mem_feed_update)
+    {
+      guint64 min_mem_bytes = (guint64)min_mem_feed_update * 1048576llu;
+      return phys_mem_available () >= min_mem_bytes ? 1 : 0;
+    }
+  return 1;
+}
+
+/**
+ * @brief Get the minimum memory for feed updates.
+ *
+ * @return The current minimum memory for feed updates in MiB.
+ */
+int
+get_min_mem_feed_update ()
+{
+  return min_mem_feed_update;
+}
+
+/**
+ * @brief Get the minimum memory for feed updates.
+ *
+ * @param[in]  new_min_mem The new minimum memory for feed updates in MiB.
+ */
+void
+set_min_mem_feed_update (int new_min_mem)
+{
+  guint64 min_mem_bytes = (guint64)new_min_mem * 1048576llu;
+  if (new_min_mem < 0)
+    min_mem_feed_update = 0;
+  else if (min_mem_bytes > phys_mem_total ())
+    {
+      g_warning ("%s: requested feed minimum memory limit (%d MiB)"
+                 " exceeds total physical memory (%lld MiB)."
+                 " The setting is ignored.",
+                 __func__,
+                 new_min_mem,
+                 phys_mem_total () / 1048576llu);
+    }
+  else
+    min_mem_feed_update = new_min_mem;
+}
+
 /**
  * @brief Write start time to sync lock file.
  *
diff --git a/src/manage.h b/src/manage.h
index 9e7bbbce9..b60939d56 100644
--- a/src/manage.h
+++ b/src/manage.h
@@ -3870,6 +3870,21 @@ get_feed_lock_timeout ();
 void
 set_feed_lock_timeout (int);
 
+int
+get_mem_wait_retries ();
+
+void
+set_mem_wait_retries (int);
+
+int
+check_min_mem_feed_update ();
+
+int
+get_min_mem_feed_update ();
+
+void
+set_min_mem_feed_update (int);
+
 void
 write_sync_start (int);
 
diff --git a/src/utils.c b/src/utils.c
index 9c7ceb7cc..38455f2c4 100644
--- a/src/utils.c
+++ b/src/utils.c
@@ -959,3 +959,26 @@ wait_for_pid (pid_t pid, const char *context)
         }
     }
 }
+
+/**
+ * @brief Get the available physical memory in bytes.
+ * 
+ * @return The available memory
+ */
+guint64
+phys_mem_available ()
+{
+  return (unsigned long long)(sysconf(_SC_AVPHYS_PAGES))
+    * sysconf(_SC_PAGESIZE);
+}
+
+/**
+ * @brief Get the total physical memory in bytes.
+ * 
+ * @return The total memory
+ */
+guint64
+phys_mem_total ()
+{
+  return sysconf(_SC_PHYS_PAGES) * sysconf(_SC_PAGESIZE);
+}
diff --git a/src/utils.h b/src/utils.h
index 1054dc0ca..8c3e53ff9 100644
--- a/src/utils.h
+++ b/src/utils.h
@@ -103,4 +103,10 @@ fork_with_handlers ();
 void
 wait_for_pid (pid_t, const char *);
 
+guint64
+phys_mem_available ();
+
+guint64
+phys_mem_total ();
+
 #endif /* not _GVMD_UTILS_H */

From fd961c080c3355abac1e056a0c35a83e6bafbd03 Mon Sep 17 00:00:00 2001
From: Greenbone Bot <github-bot@greenbone.net>
Date: Tue, 23 Jul 2024 08:39:16 +0000
Subject: [PATCH 004/134] Automatic release to 23.8.0

---
 CMakeLists.txt | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index cf44b15e4..ddd2c677b 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -20,7 +20,7 @@ cmake_minimum_required (VERSION 3.0)
 message ("-- Configuring Greenbone Vulnerability Manager...")
 
 project (gvm
-         VERSION 23.7.1
+         VERSION 23.8.0
          LANGUAGES C)
 
 if (POLICY CMP0005)
@@ -58,7 +58,7 @@ endif (NOT CMAKE_BUILD_TYPE MATCHES "Release")
 
 # Set dev version if this is a development version and not a full release,
 # unset (put value 0 or delete line) before a full release and reset after.
-set (PROJECT_DEV_VERSION 1)
+set (PROJECT_DEV_VERSION 0)
 
 # If PROJECT_DEV_VERSION is set, the version string will be set to:
 #   "major.minor.patch~dev${PROJECT_DEV_VERSION}${GIT_REVISION}"

From f99a1b718ef479527fc25993cf98a2aa85963be4 Mon Sep 17 00:00:00 2001
From: Greenbone Bot <github-bot@greenbone.net>
Date: Tue, 23 Jul 2024 08:39:18 +0000
Subject: [PATCH 005/134] Automatic adjustments after release [skip ci]

* Update to version 23.8.1-dev1
---
 CMakeLists.txt | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index ddd2c677b..af0127d25 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -20,7 +20,7 @@ cmake_minimum_required (VERSION 3.0)
 message ("-- Configuring Greenbone Vulnerability Manager...")
 
 project (gvm
-         VERSION 23.8.0
+         VERSION 23.8.1
          LANGUAGES C)
 
 if (POLICY CMP0005)
@@ -58,7 +58,7 @@ endif (NOT CMAKE_BUILD_TYPE MATCHES "Release")
 
 # Set dev version if this is a development version and not a full release,
 # unset (put value 0 or delete line) before a full release and reset after.
-set (PROJECT_DEV_VERSION 0)
+set (PROJECT_DEV_VERSION 1)
 
 # If PROJECT_DEV_VERSION is set, the version string will be set to:
 #   "major.minor.patch~dev${PROJECT_DEV_VERSION}${GIT_REVISION}"

From 336ccf989d78761999f432e2b8b2e49e39fb1394 Mon Sep 17 00:00:00 2001
From: Ahmed Abdelsalam <ahmed.abdelsalam@greenbone.net>
Date: Wed, 24 Jul 2024 11:32:18 +0200
Subject: [PATCH 006/134] Fix: Drop result_vt_epss view when rebuilding nvt
 related tables.

---
 src/manage_sql_nvts.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/manage_sql_nvts.c b/src/manage_sql_nvts.c
index a740fea5e..d43e4b5ae 100644
--- a/src/manage_sql_nvts.c
+++ b/src/manage_sql_nvts.c
@@ -1979,6 +1979,7 @@ update_nvts_from_vts (element_t *get_vts_response,
   if (rebuild) {
     sql ("DROP VIEW IF EXISTS results_autofp;");
     sql ("DROP VIEW vulns;");
+    sql ("DROP MATERIALIZED VIEW IF EXISTS result_vt_epss;");
     sql ("DROP TABLE nvts, nvt_preferences, vt_refs, vt_severities;");
 
     sql ("ALTER TABLE vt_refs_rebuild RENAME TO vt_refs;");

From f9c1baf22389113fc58618e1d4d3da3f7171d996 Mon Sep 17 00:00:00 2001
From: Timo Pollmeier <timo.pollmeier@greenbone.net>
Date: Mon, 29 Jul 2024 12:00:44 +0200
Subject: [PATCH 007/134] Fix: Add missing EPSS columns for "no CVEs" case

The materialized view result_vt_epss now also has the columns
epss_severity and max_epss_severity in case there are no CVEs present
when the view is created.

This fixes SQL errors resulting from those missing columns.
---
 src/manage_pg.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/manage_pg.c b/src/manage_pg.c
index 8c691994e..8f2bcad21 100644
--- a/src/manage_pg.c
+++ b/src/manage_pg.c
@@ -1849,9 +1849,11 @@ create_view_result_vt_epss ()
          "    epss_score,"
          "    epss_percentile,"
          "    epss_cve,"
+         "    epss_severity,"
          "    max_epss_score,"
          "    max_epss_percentile,"
-         "    max_epss_cve"
+         "    max_epss_cve,"
+         "    max_epss_severity"
          "  FROM nvts);");
 
   sql ("SELECT create_index ('result_vt_epss_by_vt_id',"

From de34f19c4a585d0992d89e33af7031636ad6eb5c Mon Sep 17 00:00:00 2001
From: Greenbone Bot <github-bot@greenbone.net>
Date: Mon, 29 Jul 2024 10:18:49 +0000
Subject: [PATCH 008/134] Automatic release to 23.8.1

---
 CMakeLists.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index af0127d25..b88b57fa2 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -58,7 +58,7 @@ endif (NOT CMAKE_BUILD_TYPE MATCHES "Release")
 
 # Set dev version if this is a development version and not a full release,
 # unset (put value 0 or delete line) before a full release and reset after.
-set (PROJECT_DEV_VERSION 1)
+set (PROJECT_DEV_VERSION 0)
 
 # If PROJECT_DEV_VERSION is set, the version string will be set to:
 #   "major.minor.patch~dev${PROJECT_DEV_VERSION}${GIT_REVISION}"

From 5ce67ca0635589f66b5cac1dbda7341d0911a976 Mon Sep 17 00:00:00 2001
From: Greenbone Bot <github-bot@greenbone.net>
Date: Mon, 29 Jul 2024 10:18:50 +0000
Subject: [PATCH 009/134] Automatic adjustments after release [skip ci]

* Update to version 23.8.2-dev1
---
 CMakeLists.txt | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index b88b57fa2..945272c27 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -20,7 +20,7 @@ cmake_minimum_required (VERSION 3.0)
 message ("-- Configuring Greenbone Vulnerability Manager...")
 
 project (gvm
-         VERSION 23.8.1
+         VERSION 23.8.2
          LANGUAGES C)
 
 if (POLICY CMP0005)
@@ -58,7 +58,7 @@ endif (NOT CMAKE_BUILD_TYPE MATCHES "Release")
 
 # Set dev version if this is a development version and not a full release,
 # unset (put value 0 or delete line) before a full release and reset after.
-set (PROJECT_DEV_VERSION 0)
+set (PROJECT_DEV_VERSION 1)
 
 # If PROJECT_DEV_VERSION is set, the version string will be set to:
 #   "major.minor.patch~dev${PROJECT_DEV_VERSION}${GIT_REVISION}"

From 8755c57396756888b753b039efc402bb6ef7253d Mon Sep 17 00:00:00 2001
From: Johannes Helmold <johannes.helmold@greenbone.net>
Date: Wed, 7 Aug 2024 09:31:07 +0200
Subject: [PATCH 010/134] Add: Added the loading of CPE match rules from JSON
 files.

Added the functionality to load the CPE match rules for CVEs from
JSON files and to store them in the database.
---
 src/manage_pg.c          |  16 ++
 src/manage_sql_secinfo.c | 519 ++++++++++++++++++++++++++++++++++++++-
 2 files changed, 522 insertions(+), 13 deletions(-)

diff --git a/src/manage_pg.c b/src/manage_pg.c
index 8f2bcad21..f33f7c35f 100644
--- a/src/manage_pg.c
+++ b/src/manage_pg.c
@@ -3479,6 +3479,22 @@ manage_db_init (const gchar *name)
            "  cve_refs INTEGER DEFAULT 0,"
            "  nvd_id text);");
 
+      sql ("CREATE TABLE scap2.cpe_match_nodes"
+           " (id SERIAL PRIMARY KEY,"
+           "  parent_id INTEGER DEFAULT 0,"
+           "  cve_id INTEGER DEFAULT 0,"
+           "  operator text);");
+
+      sql ("CREATE TABLE scap2.cpe_match_range"
+           " (id SERIAL PRIMARY KEY,"
+           "  node_id INTEGER DEFAULT 0,"
+           "  vulnerable INTEGER DEFAULT 0,"
+           "  cpe text,"
+           "  version_start_incl text,"
+           "  version_start_excl text,"
+           "  version_end_incl text,"
+           "  version_end_excl text);");
+
       sql ("CREATE TABLE scap2.cpe_details"
            " (id SERIAL PRIMARY KEY,"
            "  cpe_id text,"
diff --git a/src/manage_sql_secinfo.c b/src/manage_sql_secinfo.c
index fd8c13c76..17da81634 100644
--- a/src/manage_sql_secinfo.c
+++ b/src/manage_sql_secinfo.c
@@ -52,6 +52,7 @@
 #include <gvm/base/gvm_sentry.h>
 #include <bsd/unistd.h>
 #include <gvm/util/fileutils.h>
+#include <gvm/util/jsonpull.h>
 #include <gvm/util/xmlutils.h>
 
 #undef G_LOG_DOMAIN
@@ -2656,6 +2657,485 @@ insert_cve_from_entry (element_t entry, element_t last_modified,
   return 0;
 }
 
+/**
+ * @brief Get the string value for a specified key from a JSON object.
+ *
+ * @param[in]  object  JSON object
+ * @param[in]  key     The key of the string in the JSON object.
+ *
+ * @return The string out of the JSON object with key "key", if any.
+ *         NULL otherwise.
+ */
+static char*
+json_object_item_string (cJSON *object, char *key)
+{
+  cJSON *value_json;
+
+  value_json = cJSON_GetObjectItemCaseSensitive(object, key);
+  if (cJSON_IsString(value_json))
+    return value_json->valuestring;
+  return NULL;
+}
+
+/**
+ * @brief Get the double value for a specified key from a JSON object.
+ *
+ * @param[in]  object    JSON object
+ * @param[in]  key       The key of the double value in the JSON object.
+ * @param[in]  fallback  The fallback value if the double value is not
+ *                       available.
+ *
+ * @return The double value out of the JSON object with key "key", if any.
+ *         The fallback value otherwise.
+ */
+static double
+json_object_item_double (cJSON *object, char *key, double fallback)
+{
+  cJSON *value_json;
+
+  value_json = cJSON_GetObjectItemCaseSensitive(object, key);
+  if (cJSON_IsNumber(value_json))
+    return value_json->valuedouble;
+  return fallback;
+}
+
+/**
+ * @brief Save the node of a cve match rule tree.
+ *
+ * @param[in]  parent_id  The parent_id of the node. If this value is 0,
+ *                        this node is the root of the tree.
+ * @param[in]  cve_id     The id of the CVE to which the tree belongs.
+ * @param[in]  operator   The operator for the match rules.
+ *
+ * @return The (database) id of the node.
+ */
+static int
+save_node (long int parent_id, long int cve_id, char * operator)
+{
+  long int id;
+
+  id = sql_int64_0
+         ("INSERT INTO scap2.cpe_match_nodes"
+          " (parent_id, cve_id, operator)"
+          " VALUES"
+          " (%i, %i, '%s')"
+          " RETURNING scap2.cpe_match_nodes.id;",
+          parent_id,
+          cve_id,
+          operator);
+
+  return id;
+}
+
+/**
+ * @brief Add match rules to a node of a match rule tree*
+ *
+ * @param[in]  id           The id of the node the rules belong to.
+ * @param[in]  match_rules  The JSON object that contains the rules.
+ */
+static void
+add_cpe_match_rules (long int id, cJSON *match_rules)
+{
+  cJSON *match_rule;
+  cJSON *ver_se;
+  cJSON *cpe_js;
+
+  gboolean vulnerable = FALSE;
+  char * cpe = NULL;
+  char * version_start_incl = NULL;
+  char * version_start_excl = NULL;
+  char * version_end_incl = NULL;
+  char * version_end_excl = NULL;
+
+  cJSON_ArrayForEach(match_rule, match_rules)
+    {
+      char *quoted_cpe;
+      vulnerable = FALSE;
+      cpe = NULL;
+      version_start_incl = NULL;
+      version_start_excl = NULL;
+      version_end_incl = NULL;
+      version_end_excl = NULL;
+
+      if (cJSON_IsTrue(cJSON_GetObjectItemCaseSensitive(match_rule, "vulnerable")))
+        vulnerable = TRUE;
+      else
+        vulnerable = FALSE;
+      cpe_js = cJSON_GetObjectItemCaseSensitive(match_rule, "cpe23Uri");
+      if (cpe_js != NULL)
+        cpe = cpe_js->valuestring;
+      quoted_cpe = sql_quote (cpe);
+      ver_se = cJSON_GetObjectItemCaseSensitive(match_rule, "versionStartIncluding");
+      if (ver_se != NULL)
+        version_start_incl = ver_se->valuestring;
+      ver_se = cJSON_GetObjectItemCaseSensitive(match_rule, "versionStartExcluding");
+      if (ver_se != NULL)
+        version_start_excl = ver_se->valuestring;
+      ver_se = cJSON_GetObjectItemCaseSensitive(match_rule, "versionEndIncluding");
+      if (ver_se != NULL)
+        version_end_incl = ver_se->valuestring;
+      ver_se = cJSON_GetObjectItemCaseSensitive(match_rule, "versionEndExcluding");
+      if (ver_se != NULL)
+        version_end_excl = ver_se->valuestring;
+
+      sql
+       ("INSERT INTO scap2.cpe_match_range"
+        " (node_id, vulnerable, cpe,"
+	"  version_start_incl, version_start_excl,"
+	"  version_end_incl, version_end_excl)"
+        " VALUES"
+        " (%ld, %d, '%s', '%s', '%s', '%s', '%s')",
+        id,
+        vulnerable ? 1 : 0,
+	quoted_cpe,
+        version_start_incl,
+        version_start_excl,
+        version_end_incl,
+        version_end_excl);
+      g_free (quoted_cpe);
+    }
+}
+
+/**
+ * @brief Load and add recursively all nodes of a match rule tree for a
+ *        specific CVE. Build a match rule tree.
+ *
+ * @param[in]  parent_id  The parent_id of the nodes to insert
+ *                        (0 for the root node).
+ * @param[in]  cveid      The id of the CVE the tree belongs to.
+ * @param[in]  nodes      The JSON object that contains the rules for a
+ *                        specific tree level.
+ */
+static void
+load_nodes (long int parent_id, long int cveid, cJSON *nodes)
+{
+  cJSON *node;
+  long int id;
+  cJSON *operator;
+  cJSON *cpe_match_rules;
+  cJSON *child_nodes;
+
+  node = NULL;
+  id = 0;
+  operator = NULL;
+  cpe_match_rules = NULL;
+  child_nodes = NULL;
+
+  cJSON_ArrayForEach(node, nodes)
+    {
+      operator = cJSON_GetObjectItemCaseSensitive(node, "operator");
+      id = save_node (parent_id, cveid, operator->valuestring);
+      cpe_match_rules = cJSON_GetObjectItemCaseSensitive(node, "cpe_match");
+      add_cpe_match_rules (id, cpe_match_rules);
+      child_nodes = cJSON_GetObjectItemCaseSensitive(node, "children");
+      load_nodes (id, cveid, child_nodes);
+    }
+}
+
+/**
+ * @brief Handle a complete CVE item. Gather some required data and load
+ *        all match rules.
+ *
+ * @param[in]  item  The JSON object of the CVE item.
+ *
+ * @return 0 success, -1 error.
+ */
+static int
+handle_json_cve_item (cJSON *item)
+{
+  cJSON *cve_json;
+  cJSON *cve_data_meta_json;
+
+  char *cve_id;
+  long int cve_db_id;
+
+  cve_json = cJSON_GetObjectItemCaseSensitive(item, "cve");
+  cve_data_meta_json = cJSON_GetObjectItemCaseSensitive(cve_json, "CVE_data_meta");
+  cve_id = json_object_item_string (cve_data_meta_json, "ID");
+  if (cve_id == NULL)
+    {
+      g_warning("%s: ID missing.", __func__);
+      return -1;
+    }
+
+  char *published;
+  time_t published_time;
+  published = json_object_item_string (item, "publishedDate");
+  if (published == NULL)
+    {
+      g_warning("%s: publishedDate missing for %s.", __func__, cve_id);
+      return -1;
+    }
+  published_time = parse_iso_time (published);
+
+  char *modified;
+  time_t modified_time;
+  modified = json_object_item_string (item, "lastModifiedDate");
+  if (modified == NULL)
+    {
+      g_warning("%s: lastModifiedDate missing for %s.", __func__, cve_id);
+      return -1;
+    }
+  modified_time = parse_iso_time (modified);
+
+  cJSON *impact_json;
+  cJSON *base_metric_json;
+  char * cvss_key;
+  cJSON *cvss_json;
+  char * vector;
+  double score_dbl;
+
+  impact_json = cJSON_GetObjectItemCaseSensitive(item, "impact");
+  if (impact_json == NULL)
+    {
+      g_warning("%s: Impact missing for %s.", __func__, cve_id);
+      return -1;
+    }
+  base_metric_json = cJSON_GetObjectItemCaseSensitive(impact_json, "baseMetricV4");
+  if (base_metric_json != NULL)
+    cvss_key = "cvssV4";
+  else
+    {
+      base_metric_json = cJSON_GetObjectItemCaseSensitive(impact_json, "baseMetricV3");
+      if (base_metric_json != NULL)
+        cvss_key = "cvssV3";
+      else
+        {
+          base_metric_json = cJSON_GetObjectItemCaseSensitive(impact_json, "baseMetricV2");
+          if (base_metric_json != NULL)
+            cvss_key = "cvssV2";
+          else
+            cvss_key = NULL;
+        }
+    }
+  if (cvss_key != NULL)
+    {
+      cvss_json = cJSON_GetObjectItemCaseSensitive(base_metric_json, cvss_key);
+      if (cvss_json == NULL)
+        {
+          g_warning("%s: %s missing for %s.", __func__, cvss_key, cve_id);
+          return -1;
+        }
+      score_dbl = json_object_item_double (cvss_json, "baseScore", SEVERITY_MISSING);
+      if (score_dbl == SEVERITY_MISSING)
+        {
+          g_warning("%s: baseScore missing in %s for %s.", __func__, cvss_key, cve_id);
+          return -1;
+        }
+      vector = json_object_item_string (cvss_json, "vectorString");
+      if (vector == NULL)
+        {
+          g_warning("%s: vectorString missing for %s.", __func__, cve_id);
+          return -1;
+        }
+    }
+  else
+    {
+      score_dbl = SEVERITY_MISSING;
+      vector = NULL;
+    }
+
+  cJSON *description_json;
+  cJSON *description_data_json;
+  cJSON *description_item_json;
+  char *description_value;
+
+  description_json = cJSON_GetObjectItemCaseSensitive(cve_json, "description");
+  if (description_json == NULL)
+    {
+      g_warning("%s: description missing for %s.", __func__, cve_id);
+      return -1;
+    }
+
+  description_data_json = cJSON_GetObjectItemCaseSensitive(description_json, "description_data");
+  if (description_data_json == NULL)
+    {
+      g_warning("%s: description_data missing for %s.", __func__, cve_id);
+      return -1;
+    }
+  cJSON_ArrayForEach (description_item_json, description_data_json)
+    {
+      char *lang = json_object_item_string (description_item_json, "lang");
+      if (lang != NULL && strcmp(lang, "en") == 0)
+        description_value = json_object_item_string (description_item_json, "value");
+    }
+
+  char *quoted_description = sql_quote (description_value);
+
+  cve_db_id = sql_int64_0
+         ("INSERT INTO scap2.cves"
+          " (uuid, name, creation_time, modification_time,"
+          "  severity, description, cvss_vector, products)"
+          " VALUES"
+          " ('%s', '%s', %i, %i,"
+          "  %0.1f, '%s', '%s', '%s')"
+          " ON CONFLICT (uuid) DO UPDATE"
+          " SET name = EXCLUDED.name,"
+          "     creation_time = EXCLUDED.creation_time,"
+          "     modification_time = EXCLUDED.modification_time,"
+          "     severity = EXCLUDED.severity,"
+          "     description = EXCLUDED.description,"
+          "     cvss_vector = EXCLUDED.cvss_vector,"
+          "     products = EXCLUDED.products"
+          " RETURNING scap2.cves.id;",
+          cve_id,
+          cve_id,
+          published_time,
+          modified_time,
+          score_dbl,
+          quoted_description,
+          vector,
+          "");
+
+  g_free (quoted_description);
+
+  cJSON *configurations_json;
+  cJSON *nodes_json;
+
+  configurations_json =
+       cJSON_GetObjectItemCaseSensitive(item, "configurations");
+  if (configurations_json == NULL)
+    {
+      g_warning("%s: configurations missing for %s.", __func__, cve_id);
+      return -1;
+    }
+  nodes_json =
+       cJSON_GetObjectItemCaseSensitive(configurations_json, "nodes");
+  if (nodes_json == NULL)
+    {
+      g_warning("%s: nodes missing for %s.", __func__, cve_id);
+      return -1;
+    }
+  load_nodes (0, cve_db_id, nodes_json);
+
+  return 0;
+}
+
+/**
+ * @brief Update CVE info from a single JSON feed file.
+ *
+ * @param[in]  cve_path          CVE json file path.
+ * @param[in]  hashed_cpes       Hashed CPEs.
+ *
+ * @return 0 success, -1 error.
+ */
+static int
+update_cve_json (const gchar *cve_path, GHashTable *hashed_cpes)
+{
+  cJSON *entry;
+  FILE *cve_file;
+  gchar *error_message = NULL;
+  gvm_json_pull_event_t event;
+  gvm_json_pull_parser_t parser;
+  gchar *full_path;
+  GStatBuf state;
+  int transaction_size = 0;
+  // int ret;
+
+  full_path = g_build_filename (GVM_SCAP_DATA_DIR, cve_path, NULL);
+
+  if (g_stat (full_path, &state))
+    {
+      g_warning ("%s: Failed to stat SCAP file: %s",
+                 __func__,
+                 strerror (errno));
+      g_free (full_path);
+      return -1;
+    }
+
+  g_info ("Updating %s", full_path);
+
+  cve_file = fopen (full_path, "r");
+  if (cve_file == NULL)
+    {
+      g_warning ("%s: Failed to open CVE file: %s",
+                 __func__,
+                 strerror (errno));
+      g_free (full_path);
+      return -1;
+    }
+
+  g_free (full_path);
+
+  gvm_json_pull_parser_init (&parser, cve_file);
+  gvm_json_pull_event_init (&event);
+  gvm_json_pull_parser_next (&parser, &event);
+
+  if (event.type == GVM_JSON_PULL_EVENT_OBJECT_START)
+    {
+      gboolean cve_items_found = FALSE;
+      while (!cve_items_found)
+        {
+          gvm_json_pull_parser_next (&parser, &event);
+	  gvm_json_path_elem_t *path_tail = g_queue_peek_tail (event.path);
+	  if (event.type == GVM_JSON_PULL_EVENT_ARRAY_START &&
+              strcmp (path_tail->key, "CVE_Items") == 0)
+            {
+              cve_items_found = TRUE;
+            }
+          else if (event.type == GVM_JSON_PULL_EVENT_ERROR)
+            {
+              g_warning ("%s: Parser error: %s", __func__, event.error_message);
+              gvm_json_pull_event_cleanup (&event);
+              gvm_json_pull_parser_cleanup (&parser);
+              fclose (cve_file);
+              return -1;
+            }
+          else if (event.type == GVM_JSON_PULL_EVENT_OBJECT_END)
+            {
+              g_warning ("%s: Unexpected json object end.", __func__);
+              gvm_json_pull_event_cleanup (&event);
+              gvm_json_pull_parser_cleanup (&parser);
+              fclose (cve_file);
+              return -1;
+            }
+        }
+      gvm_json_pull_parser_next (&parser, &event);
+      while (event.type == GVM_JSON_PULL_EVENT_OBJECT_START)
+        {
+          entry = gvm_json_pull_expand_container (&parser, &error_message);
+          if (error_message)
+            {
+              g_warning ("%s: Error expanding CVE item: %s", __func__, error_message);
+              gvm_json_pull_event_cleanup (&event);
+              gvm_json_pull_parser_cleanup (&parser);
+              fclose (cve_file);
+              return -1;
+            }
+          if (handle_json_cve_item (entry))
+            {
+              gvm_json_pull_event_cleanup (&event);
+              gvm_json_pull_parser_cleanup (&parser);
+              fclose (cve_file);
+              return -1;
+            }
+          increment_transaction_size (&transaction_size);
+          gvm_json_pull_parser_next (&parser, &event);
+	}
+    }
+  else if (event.type == GVM_JSON_PULL_EVENT_ERROR)
+    {
+      g_warning ("%s: Parser error: %s", __func__, event.error_message);
+      gvm_json_pull_event_cleanup (&event);
+      gvm_json_pull_parser_cleanup (&parser);
+      fclose (cve_file);
+      return -1;
+    }
+  else
+    {
+      g_warning ("%s: File must contain a JSON object.", __func__);
+      gvm_json_pull_event_cleanup (&event);
+      gvm_json_pull_parser_cleanup (&parser);
+      fclose (cve_file);
+      return -1;
+    }
+
+  gvm_json_pull_event_cleanup (&event);
+  gvm_json_pull_parser_cleanup (&parser);
+  fclose (cve_file);
+  return 0;
+}
+
 /**
  * @brief Update CVE info from a single XML feed file.
  *
@@ -2771,7 +3251,7 @@ update_scap_cves ()
   GError *error;
   int count;
   GDir *dir;
-  const gchar *xml_path;
+  const gchar *cve_path;
   GHashTable *hashed_cpes;
   iterator_t cpes;
 
@@ -2793,18 +3273,31 @@ update_scap_cves ()
                          GINT_TO_POINTER (iterator_int (&cpes, 1)));
 
   count = 0;
-  while ((xml_path = g_dir_read_name (dir)))
-    if (fnmatch ("nvdcve-2.0-*.xml", xml_path, 0) == 0)
-      {
-        if (update_cve_xml (xml_path, hashed_cpes))
-          {
-            g_dir_close (dir);
-            g_hash_table_destroy (hashed_cpes);
-            cleanup_iterator (&cpes);
-            return -1;
-          }
-        count++;
-      }
+  while ((cve_path = g_dir_read_name (dir)))
+    {
+      if (fnmatch ("nvdcve-1.1-*.json", cve_path, 0) == 0)
+        {
+          if (update_cve_json (cve_path, hashed_cpes))
+            {
+              g_dir_close (dir);
+              g_hash_table_destroy (hashed_cpes);
+              cleanup_iterator (&cpes);
+              return -1;
+            }
+          count++;
+        }
+      if (fnmatch ("nvdcve-2.0-*.xml", cve_path, 0) == 0)
+        {
+          if (update_cve_xml (cve_path, hashed_cpes))
+            {
+              g_dir_close (dir);
+              g_hash_table_destroy (hashed_cpes);
+              cleanup_iterator (&cpes);
+              return -1;
+            }
+          count++;
+        }
+    }
 
   if (count == 0)
     g_warning ("No CVEs found in %s", GVM_SCAP_DATA_DIR);

From f05f839313ee8c65d9b82db23407ab40703b6d86 Mon Sep 17 00:00:00 2001
From: Ahmed Abdelsalam <ahmed.abdelsalam@greenbone.net>
Date: Wed, 21 Aug 2024 09:24:54 +0200
Subject: [PATCH 011/134] Add: Add settings for date and time format.

---
 src/manage_sql.c | 48 +++++++++++++++++++++++++++++++++++++++++++++++-
 src/manage_sql.h | 10 ++++++++++
 2 files changed, 57 insertions(+), 1 deletion(-)

diff --git a/src/manage_sql.c b/src/manage_sql.c
index 100030655..1a785e89f 100644
--- a/src/manage_sql.c
+++ b/src/manage_sql.c
@@ -16041,6 +16041,28 @@ check_db_settings ()
          "  || ' in SecInfo updates before the end of the file'"
          "  || ' being processed.',"
          "  '100' );");
+
+  if (sql_int ("SELECT count(*) FROM settings"
+              " WHERE uuid = '" SETTING_UUID_USER_INTERFACE_TIME_FORMAT "'"
+              " AND " ACL_IS_GLOBAL () ";")
+      == 0)
+    sql ("INSERT into settings (uuid, owner, name, comment, value)"
+          " VALUES"
+          " ('" SETTING_UUID_USER_INTERFACE_TIME_FORMAT "', NULL,"
+          "  'User Interface Time Format',"
+          "  'Preferred time format to be used in client user interfaces.',"
+          "  '24' );");
+
+  if (sql_int ("SELECT count(*) FROM settings"
+              " WHERE uuid = '" SETTING_UUID_USER_INTERFACE_DATE_FORMAT "'"
+              " AND " ACL_IS_GLOBAL () ";")
+      == 0)
+    sql ("INSERT into settings (uuid, owner, name, comment, value)"
+          " VALUES"
+          " ('" SETTING_UUID_USER_INTERFACE_DATE_FORMAT "', NULL,"
+          "  'User Interface Date Format',"
+          "  'Preferred date format to be used in client user interfaces.',"
+          "  'wdmy' );");
 }
 
 /**
@@ -52453,7 +52475,9 @@ modify_setting (const gchar *uuid, const gchar *name,
                || strcmp (uuid, "578a1c14-e2dc-45ef-a591-89d31391d007") == 0
                || strcmp (uuid, "02e294fa-061b-11e6-ae64-28d24461215b") == 0
                || strcmp (uuid, "5a9046cc-0628-11e6-ba53-28d24461215b") == 0
-               || strcmp (uuid, "a09285b0-2d47-49b6-a4ef-946ee71f1d5c") == 0))
+               || strcmp (uuid, "a09285b0-2d47-49b6-a4ef-946ee71f1d5c") == 0
+               || strcmp (uuid, "11deb7ff-550b-4950-aacf-06faeb7c61b9") == 0
+               || strcmp (uuid, "d9857b7c-1159-4193-9bc0-18fae5473a69") == 0))
     {
       gsize value_size;
       gchar *value, *quoted_uuid, *quoted_value;
@@ -52591,6 +52615,28 @@ modify_setting (const gchar *uuid, const gchar *name,
             }
         }
 
+      if (strcmp (uuid, "11deb7ff-550b-4950-aacf-06faeb7c61b9") == 0)
+        {
+          int value_int;
+          /* User Interface Time Format */
+          if (sscanf (value, "%d", &value_int) != 1
+              || (strcmp (value, "12") && strcmp (value, "24")))
+            {
+              g_free (value);
+              return 2;
+            }
+        }
+
+      if (strcmp (uuid, "d9857b7c-1159-4193-9bc0-18fae5473a69") == 0)
+        {
+          /* User Interface Date Format */
+          if (strcmp (value, "wmdy") && strcmp (value, "wdmy"))
+            {
+              g_free (value);
+              return 2;
+            }
+        }
+
       quoted_value = sql_quote (value);
       g_free (value);
 
diff --git a/src/manage_sql.h b/src/manage_sql.h
index 29b5988a1..c0626e7ba 100644
--- a/src/manage_sql.h
+++ b/src/manage_sql.h
@@ -147,6 +147,16 @@
  */
 #define SETTING_UUID_SECINFO_SQL_BUFFER_THRESHOLD "316275a9-3629-49ad-9cea-5b3ab155b93f"
 
+/**
+ * @brief UUID of 'User Interface Time Format' setting.
+ */
+#define SETTING_UUID_USER_INTERFACE_TIME_FORMAT "11deb7ff-550b-4950-aacf-06faeb7c61b9"
+
+/**
+ * @brief UUID of 'User Interface Date Format' setting.
+ */
+#define SETTING_UUID_USER_INTERFACE_DATE_FORMAT "d9857b7c-1159-4193-9bc0-18fae5473a69"
+
 /**
  * @brief Trust constant for error.
  */

From 4d1a94320d506060e546e7c7cb1e0092fad04d49 Mon Sep 17 00:00:00 2001
From: Timo Pollmeier <timo.pollmeier@greenbone.net>
Date: Wed, 3 Jul 2024 15:51:15 +0200
Subject: [PATCH 012/134] Fix: Escape control chars in UTF-8 TLS cert DNs

ASCII control characters (0x01 - 0x1F and 0x7F) are now escaped in the
DNs of TLS certficates even they are valid UTF-8.
Characters in the range 0x80 - 0xFF are escaped if the DN is not valid
UTF-8.
This character escaping for TLS certificates is applied more
consistently.

This addresses issues with XML parsers, e.g. ones used by report
formats, not being able to process control characters.
---
 src/gmp.c                         |  6 +++
 src/manage.c                      | 18 ++++++++-
 src/manage.h                      |  1 +
 src/manage_migrators.c            |  2 +
 src/manage_sql.c                  |  4 +-
 src/manage_sql_tls_certificates.c | 35 ++++++++++++++++
 src/sql.c                         | 32 ++++++---------
 src/utils.c                       | 67 +++++++++++++++++++++++++++++++
 src/utils.h                       |  6 +++
 9 files changed, 148 insertions(+), 23 deletions(-)

diff --git a/src/gmp.c b/src/gmp.c
index f98cc69f6..6e8840e2e 100644
--- a/src/gmp.c
+++ b/src/gmp.c
@@ -11498,6 +11498,7 @@ handle_get_alerts (gmp_parser_t *gmp_parser, GError **error)
               if (certificate && strcmp (certificate, "")
                   && get_certificate_info ((gchar*)certificate,
                                            strlen (certificate),
+                                           TRUE,
                                            &activation_time,
                                            &expiration_time,
                                            &md5_fingerprint,
@@ -12345,6 +12346,7 @@ handle_get_credentials (gmp_parser_t *gmp_parser, GError **error)
 
           get_certificate_info (cert,
                                 -1,
+                                TRUE,
                                 &activation_time,
                                 &expiration_time,
                                 &md5_fingerprint,
@@ -16505,6 +16507,7 @@ handle_get_scanners (gmp_parser_t *gmp_parser, GError **error)
 
               get_certificate_info (scanner_iterator_ca_pub (&scanners),
                                     -1,
+                                    TRUE,
                                     &activation_time,
                                     &expiration_time,
                                     &md5_fingerprint,
@@ -16559,6 +16562,7 @@ handle_get_scanners (gmp_parser_t *gmp_parser, GError **error)
 
               get_certificate_info (scanner_iterator_key_pub (&scanners),
                                     -1,
+                                    TRUE,
                                     &activation_time,
                                     &expiration_time,
                                     &md5_fingerprint,
@@ -17143,6 +17147,7 @@ handle_get_settings (gmp_parser_t *gmp_parser, GError **error)
 
           get_certificate_info (setting_iterator_value (&settings),
                                 -1,
+                                TRUE,
                                 &activation_time,
                                 &expiration_time,
                                 &md5_fingerprint,
@@ -19935,6 +19940,7 @@ gmp_xml_handle_end_element (/* unused */ GMarkupParseContext* context,
 
                   get_certificate_info (ldap_cacert,
                                         -1,
+                                        TRUE,
                                         &activation_time,
                                         &expiration_time,
                                         &md5_fingerprint,
diff --git a/src/manage.c b/src/manage.c
index 1465ca279..5e4f754db 100644
--- a/src/manage.c
+++ b/src/manage.c
@@ -362,6 +362,7 @@ truncate_private_key (const gchar* private_key)
  *
  * @param[in]  certificate        The certificate to get data from.
  * @param[in]  certificate_len    Length of certificate, -1: null-terminated
+ * @param[in]  escape_dns         Whether to escape control characters in DNs.
  * @param[out] activation_time    Pointer to write activation time to.
  * @param[out] expiration_time    Pointer to write expiration time to.
  * @param[out] md5_fingerprint    Pointer for newly allocated MD5 fingerprint.
@@ -376,6 +377,7 @@ truncate_private_key (const gchar* private_key)
  */
 int
 get_certificate_info (const gchar* certificate, gssize certificate_len,
+                      gboolean escape_dns,
                       time_t* activation_time, time_t* expiration_time,
                       gchar** md5_fingerprint, gchar **sha256_fingerprint,
                       gchar **subject, gchar** issuer, gchar **serial,
@@ -518,7 +520,13 @@ get_certificate_info (const gchar* certificate, gssize certificate_len,
           buffer = g_malloc (buffer_size);
           gnutls_x509_crt_get_dn (gnutls_cert, buffer, &buffer_size);
 
-          *subject = buffer;
+          if (escape_dns)
+            {
+              *subject = strescape_check_utf8 (buffer, NULL);
+              g_free (buffer);
+            }
+          else
+            *subject = buffer;
         }
 
       if (issuer)
@@ -529,7 +537,13 @@ get_certificate_info (const gchar* certificate, gssize certificate_len,
           buffer = g_malloc (buffer_size);
           gnutls_x509_crt_get_issuer_dn (gnutls_cert, buffer, &buffer_size);
 
-          *issuer = buffer;
+          if (escape_dns)
+            {
+              *issuer = strescape_check_utf8 (buffer, NULL);
+              g_free (buffer);
+            }
+          else
+            *issuer = buffer;
         }
 
       if (serial)
diff --git a/src/manage.h b/src/manage.h
index b60939d56..891b3a0c7 100644
--- a/src/manage.h
+++ b/src/manage.h
@@ -170,6 +170,7 @@ truncate_private_key (const gchar*);
 int
 get_certificate_info (const gchar *,
                       gssize,
+                      gboolean,
                       time_t *,
                       time_t *,
                       gchar **,
diff --git a/src/manage_migrators.c b/src/manage_migrators.c
index 3053fd2fe..78f7eadf4 100644
--- a/src/manage_migrators.c
+++ b/src/manage_migrators.c
@@ -780,6 +780,7 @@ migrate_212_to_213 ()
 
       get_certificate_info ((gchar*)certificate,
                             certificate_size,
+                            FALSE,
                             NULL,   /* activation_time */
                             NULL,   /* expiration_time */
                             NULL,   /* md5_fingerprint */
@@ -1086,6 +1087,7 @@ migrate_213_to_214 ()
           /* Try extracting the data directly from the certificate */
           get_certificate_info ((gchar*)certificate,
                                 certificate_size,
+                                FALSE,
                                 &activation_time,
                                 &expiration_time,
                                 &md5_fingerprint,
diff --git a/src/manage_sql.c b/src/manage_sql.c
index 100030655..961911a40 100644
--- a/src/manage_sql.c
+++ b/src/manage_sql.c
@@ -7317,7 +7317,8 @@ validate_tippingpoint_data (alert_method_t method, const gchar *name,
           int ret;
           gnutls_x509_crt_fmt_t crt_fmt;
 
-          ret = get_certificate_info (*data, strlen(*data), NULL, NULL, NULL,
+          ret = get_certificate_info (*data, strlen(*data), FALSE,
+                                      NULL, NULL, NULL,
                                       NULL, NULL, NULL, NULL, &crt_fmt);
           if (ret || crt_fmt != GNUTLS_X509_FMT_PEM)
             {
@@ -27441,6 +27442,7 @@ print_report_host_tls_certificates_xml (report_host_t report_host,
 
       get_certificate_info ((gchar*)certificate,
                             certificate_size,
+                            TRUE,
                             &activation_time,
                             &expiration_time,
                             &md5_fingerprint,
diff --git a/src/manage_sql_tls_certificates.c b/src/manage_sql_tls_certificates.c
index e10ca729d..c21ab3a6c 100644
--- a/src/manage_sql_tls_certificates.c
+++ b/src/manage_sql_tls_certificates.c
@@ -725,6 +725,7 @@ make_tls_certificate_from_base64 (const char *name,
 
   ret = get_certificate_info (certificate_decoded,
                               certificate_len,
+                              FALSE,
                               &activation_time,
                               &expiration_time,
                               &md5_fingerprint,
@@ -1558,6 +1559,7 @@ add_tls_certificates_from_report_host (report_host_t report_host,
 
       get_certificate_info ((gchar*)certificate,
                             certificate_size,
+                            FALSE,
                             &activation_time,
                             &expiration_time,
                             &md5_fingerprint,
@@ -1725,6 +1727,8 @@ cleanup_tls_certificate_encoding ()
   int changes = 0;
   iterator_t iterator;
 
+  // Clean up names that are not valid UTF-8
+
   init_iterator (&iterator,
                  "SELECT id, subject_dn, issuer_dn"
                  " FROM tls_certificates"
@@ -1757,5 +1761,36 @@ cleanup_tls_certificate_encoding ()
         }
     }
   cleanup_iterator (&iterator);
+
+  // Clean up control characters in remaining UTF-8 DNs
+
+  init_iterator (&iterator,
+                 "SELECT id, subject_dn, issuer_dn"
+                 " FROM tls_certificates"
+                 " WHERE subject_dn ~ '[\\x01-\\x1F\\x7F]'"
+                 "   OR issuer_dn ~ '[\\x01-\\x1F\\x7F]'");
+
+  while (next (&iterator))
+    {
+      tls_certificate_t tls_certificate;
+      const char *subject_dn, *issuer_dn;
+
+      tls_certificate = iterator_int64 (&iterator, 0);
+      subject_dn = iterator_string (&iterator, 1);
+      issuer_dn = iterator_string (&iterator, 2);
+
+      gchar *quoted_subject_dn = sql_ascii_escape_and_quote (subject_dn);
+      gchar *quoted_issuer_dn = sql_ascii_escape_and_quote (issuer_dn);
+
+      sql ("UPDATE tls_certificates"
+            " SET subject_dn = '%s', issuer_dn = '%s'"
+            " WHERE id = %llu",
+            quoted_subject_dn, quoted_issuer_dn, tls_certificate);
+      changes ++;
+
+      g_free (quoted_subject_dn);
+      g_free (quoted_issuer_dn);
+    }
+
   return changes;
 }
diff --git a/src/sql.c b/src/sql.c
index 0f08b56e1..41efb4688 100644
--- a/src/sql.c
+++ b/src/sql.c
@@ -150,38 +150,30 @@ sql_quote (const char* string)
 }
 
 /**
- * @brief Quotes a string for use in SQL statements, also ASCII escaping it
- *         if it is not valid UTF-8.
+ * @brief Quotes a string for use in SQL statements, also ASCII escaping it.
  *
- * @param[in]  string  String to quote, has to be \\0 terminated.
+ * The ASCII escaping excludes characters 0x80 - 0xFF for valid UTF-8 strings
+ * and includes them otherwise.
+ *
+ * @param[in]  string       String to quote, has to be \\0 terminated.
+ * @param[in]  exceptions   Optional exceptions for the escaping.
  *
  * @return Freshly allocated, quoted string. Free with g_free.
  */
 gchar*
 sql_ascii_escape_and_quote (const char* string)
 {
+  gchar *escaped_string;
   gchar *quoted_string;
 
   assert (string);
 
   if (string == NULL)
-    {
-      return NULL;
-    }
-  else if (g_utf8_validate (string, -1, NULL))
-    {
-      // Quote valid UTF-8 without ASCII escaping
-      quoted_string = sql_quote (string);
-    }
-  else
-    {
-      // Assume invalid UTF-8 uses a different, unknown encoding and
-      //  ASCII-escape it.
-      gchar *escaped_string;
-      escaped_string = g_strescape (string, "");
-      quoted_string = sql_quote (escaped_string);
-      g_free (escaped_string);
-    }
+    return NULL;
+
+  escaped_string = strescape_check_utf8 (string, NULL);
+  quoted_string = sql_quote (escaped_string);
+  g_free (quoted_string);
 
   return quoted_string;
 }
diff --git a/src/utils.c b/src/utils.c
index 38455f2c4..a4b5dfb08 100644
--- a/src/utils.c
+++ b/src/utils.c
@@ -770,6 +770,73 @@ is_uuid (const char *uuid)
   return 1;
 }
 
+
+/* Strings. */
+
+/**
+ * @brief Escape a string with exceptions for UTF-8 if it is valid UTF-8.
+ *
+ * If the string is valid UTF-8, characters in the range 0x80 - 0xFF
+ * are excluded so non-ASCII UTF-8 characters and any characters in the
+ * extra_exceptions are not escaped.
+ * This leaves the characters 0x01 - 0x1F and 0x7F to be escaped if they are
+ * not in the given extra_exceptions.
+ *
+ * For strings that are not valid UTF-8 all characters in the ranges
+ *
+ * @param[in]  str               The string to escape.
+ * @param[in]  extra_exceptions  Extra exc.
+ *
+ * @return Newly allocated escaped copy of the string.
+ */
+gchar *
+strescape_check_utf8 (const char *str, const char *extra_exceptions)
+{
+  if (g_utf8_validate (str, 0, NULL))
+    return strescape_without_utf8 (str, extra_exceptions);
+  else
+    return g_strescape (str, extra_exceptions);
+}
+
+/**
+ * @brief Escape control characters in a string with exceptions for UTF-8.
+ *
+ * Characters in the range 0x80 - 0xFF are excluded so non-ASCII UTF-8
+ * characters are not escaped.
+ * This leaves the characters 0x01 - 0x1F and 0x7F to be escaped if they are
+ * not in the given extra_exceptions.
+ *
+ * @param[in]  str               The string to escape.
+ * @param[in]  extra_exceptions  Extra exceptions to the escaping.
+ *
+ * @return Newly allocated escaped copy of the string.
+ */
+gchar *
+strescape_without_utf8 (const char *str, const char *extra_exceptions)
+{
+  static const char *base_exceptions =
+    "\200\201\202\203\204\205\206\207\210\211\212\213\214\215\216\217"
+    "\220\221\222\223\224\225\226\227\230\231\232\233\234\235\236\237"
+    "\240\241\242\243\244\245\246\247\250\251\252\253\254\255\256\257"
+    "\260\261\262\263\264\265\266\267\270\271\272\273\274\275\276\277"
+    "\300\301\302\303\304\305\306\307\310\311\312\313\314\315\316\317"
+    "\320\321\322\323\324\325\326\327\330\331\332\333\334\335\336\337"
+    "\340\341\342\343\344\345\346\347\350\351\352\353\354\355\356\357"
+    "\360\361\362\363\364\365\366\367\370\371\372\373\374\375\376\377";
+  gchar *exceptions = NULL;
+  gchar *escaped;
+
+  if (extra_exceptions && strcmp (extra_exceptions, ""))
+    {
+      exceptions = g_strconcat (base_exceptions,
+                                extra_exceptions ? extra_exceptions : "",
+                                NULL);
+    }
+  escaped = g_strescape (str, exceptions ? exceptions : base_exceptions);
+  g_free (exceptions);
+  return escaped;
+}
+
 
 /* XML. */
 
diff --git a/src/utils.h b/src/utils.h
index 8c3e53ff9..10fcf59d8 100644
--- a/src/utils.h
+++ b/src/utils.h
@@ -88,6 +88,12 @@ lockfile_locked (const gchar *);
 int
 is_uuid (const char *);
 
+gchar *
+strescape_check_utf8 (const char *, const char *);
+
+gchar *
+strescape_without_utf8 (const char *, const char *);
+
 int
 parse_xml_file (const gchar *, entity_t *);
 

From e50c2c8adc3df26b0f7c6eec222749c14979a84c Mon Sep 17 00:00:00 2001
From: Timo Pollmeier <timo.pollmeier@greenbone.net>
Date: Wed, 3 Jul 2024 17:29:40 +0200
Subject: [PATCH 013/134] Fix UTF-8 validation in strescape_check_utf8

---
 src/utils.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/utils.c b/src/utils.c
index a4b5dfb08..5db841129 100644
--- a/src/utils.c
+++ b/src/utils.c
@@ -792,7 +792,7 @@ is_uuid (const char *uuid)
 gchar *
 strescape_check_utf8 (const char *str, const char *extra_exceptions)
 {
-  if (g_utf8_validate (str, 0, NULL))
+  if (g_utf8_validate (str, -1, NULL))
     return strescape_without_utf8 (str, extra_exceptions);
   else
     return g_strescape (str, extra_exceptions);

From c61cf01dab771e2e66d2f28acca153f1e6091bf4 Mon Sep 17 00:00:00 2001
From: Timo Pollmeier <timo.pollmeier@greenbone.net>
Date: Wed, 3 Jul 2024 17:30:13 +0200
Subject: [PATCH 014/134] Add tests for strescape_check_utf8

---
 src/utils_tests.c | 39 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 39 insertions(+)

diff --git a/src/utils_tests.c b/src/utils_tests.c
index 2a252a19d..ad6b8aa3f 100644
--- a/src/utils_tests.c
+++ b/src/utils_tests.c
@@ -109,6 +109,42 @@ Ensure (utils, gvm_sleep_sleep_for_1)
   assert_that (timespec_subtract (&end, &start), is_greater_than (NANOSECONDS - 1));
 }
 
+Ensure (utils, strescape_check_utf_8_no_exceptions) 
+{
+  const char *utf8_input = "Äöü\n123\\UTF-8\x04";
+  const char *utf8_expected = "Äöü\\n123\\\\UTF-8\\004";
+  const char *cp850_input = "\x8E\x94\x81\n123\\CP850\x04";
+  const char *cp850_expected = "\\216\\224\\201\\n123\\\\CP850\\004";
+  
+  assert_that (g_utf8_validate (utf8_input, -1, NULL), is_true);
+  gchar *output = strescape_check_utf8 (utf8_input, NULL);
+  assert_that (output, is_equal_to_string (utf8_expected)); 
+  g_free (output);
+
+  assert_that (g_utf8_validate (cp850_input, -1, NULL), is_false);
+  output = strescape_check_utf8 (cp850_input, NULL);
+  assert_that (output, is_equal_to_string (cp850_expected)); 
+  g_free (output);
+}
+
+Ensure (utils, strescape_check_utf_8_with_exceptions) 
+{
+  const char *utf8_input = "Äöü\n123\\UTF-8\x04";
+  const char *utf8_expected = "Äöü\n123\\\\UTF-8\\004";
+  const char *cp850_input = "\x8E\x94\x81\n123\\CP850\x04";
+  const char *cp850_expected = "\\216\\224\\201\n123\\\\CP850\\004";
+
+  assert_that (g_utf8_validate (utf8_input, -1, NULL), is_true);
+  gchar *output = strescape_check_utf8 (utf8_input, "\t\n\r");
+  assert_that (output, is_equal_to_string (utf8_expected)); 
+  g_free (output);
+
+  assert_that (g_utf8_validate (cp850_input, -1, NULL), is_false);
+  output = strescape_check_utf8 (cp850_input, "\t\n\r");
+  assert_that (output, is_equal_to_string (cp850_expected)); 
+  g_free (output);
+}
+
 /* Test suite. */
 
 int
@@ -128,6 +164,9 @@ main (int argc, char **argv)
   add_test_with_context (suite, utils, parse_iso_time_tz_with_z);
   add_test_with_context (suite, utils, parse_iso_time_tz_with_fallback_tz);
   add_test_with_context (suite, utils, parse_iso_time_tz_variants);
+  
+  add_test_with_context (suite, utils, strescape_check_utf_8_no_exceptions);
+  add_test_with_context (suite, utils, strescape_check_utf_8_with_exceptions);
 
   if (argc > 1)
     return run_single_test (suite, argv[1], create_text_reporter ());

From b19ad67d5176de863c97e1dafd64819a9069c663 Mon Sep 17 00:00:00 2001
From: Timo Pollmeier <timo.pollmeier@greenbone.net>
Date: Tue, 23 Jul 2024 09:21:04 +0200
Subject: [PATCH 015/134] Fix sql_ascii_escape_and_quote

Added the missing exceptions params and fixed the g_free of
escaped_string.
---
 src/manage_migrators.c            |  4 ++--
 src/manage_sql_tls_certificates.c | 14 ++++++++------
 src/sql.c                         |  6 +++---
 src/sql.h                         |  2 +-
 4 files changed, 14 insertions(+), 12 deletions(-)

diff --git a/src/manage_migrators.c b/src/manage_migrators.c
index 78f7eadf4..a9e118528 100644
--- a/src/manage_migrators.c
+++ b/src/manage_migrators.c
@@ -852,9 +852,9 @@ make_tls_certificate_214 (user_t owner,
   quoted_certificate_b64
     = certificate_b64 ? sql_quote (certificate_b64) : NULL;
   quoted_subject_dn
-    = subject_dn ? sql_ascii_escape_and_quote (subject_dn) : NULL;
+    = subject_dn ? sql_ascii_escape_and_quote (subject_dn, NULL) : NULL;
   quoted_issuer_dn
-    = issuer_dn ? sql_ascii_escape_and_quote (issuer_dn) : NULL;
+    = issuer_dn ? sql_ascii_escape_and_quote (issuer_dn, NULL) : NULL;
   quoted_md5_fingerprint
     = md5_fingerprint ? sql_quote (md5_fingerprint) : NULL;
   quoted_sha256_fingerprint
diff --git a/src/manage_sql_tls_certificates.c b/src/manage_sql_tls_certificates.c
index c21ab3a6c..e51f33eee 100644
--- a/src/manage_sql_tls_certificates.c
+++ b/src/manage_sql_tls_certificates.c
@@ -585,9 +585,9 @@ make_tls_certificate (const char *name,
   quoted_sha256_fingerprint
     = sql_quote (sha256_fingerprint ? sha256_fingerprint : "");
   quoted_subject_dn
-    = sql_ascii_escape_and_quote (subject_dn ? subject_dn : "");
+    = sql_ascii_escape_and_quote (subject_dn ? subject_dn : "", NULL);
   quoted_issuer_dn
-    = sql_ascii_escape_and_quote (issuer_dn ? issuer_dn : "");
+    = sql_ascii_escape_and_quote (issuer_dn ? issuer_dn : "", NULL);
   quoted_serial
     = sql_quote (serial ? serial : "");
 
@@ -1747,8 +1747,10 @@ cleanup_tls_certificate_encoding ()
       if (g_utf8_validate (subject_dn, -1, NULL) == FALSE
           || g_utf8_validate (issuer_dn, -1, NULL) == FALSE)
         {
-          gchar *quoted_subject_dn = sql_ascii_escape_and_quote (subject_dn);
-          gchar *quoted_issuer_dn = sql_ascii_escape_and_quote (issuer_dn);
+          gchar *quoted_subject_dn 
+            = sql_ascii_escape_and_quote (subject_dn, NULL);
+          gchar *quoted_issuer_dn 
+            = sql_ascii_escape_and_quote (issuer_dn, NULL);
 
           sql ("UPDATE tls_certificates"
                " SET subject_dn = '%s', issuer_dn = '%s'"
@@ -1779,8 +1781,8 @@ cleanup_tls_certificate_encoding ()
       subject_dn = iterator_string (&iterator, 1);
       issuer_dn = iterator_string (&iterator, 2);
 
-      gchar *quoted_subject_dn = sql_ascii_escape_and_quote (subject_dn);
-      gchar *quoted_issuer_dn = sql_ascii_escape_and_quote (issuer_dn);
+      gchar *quoted_subject_dn = sql_ascii_escape_and_quote (subject_dn, NULL);
+      gchar *quoted_issuer_dn = sql_ascii_escape_and_quote (issuer_dn, NULL);
 
       sql ("UPDATE tls_certificates"
             " SET subject_dn = '%s', issuer_dn = '%s'"
diff --git a/src/sql.c b/src/sql.c
index 41efb4688..efae4de7b 100644
--- a/src/sql.c
+++ b/src/sql.c
@@ -161,7 +161,7 @@ sql_quote (const char* string)
  * @return Freshly allocated, quoted string. Free with g_free.
  */
 gchar*
-sql_ascii_escape_and_quote (const char* string)
+sql_ascii_escape_and_quote (const char* string, const char* exceptions)
 {
   gchar *escaped_string;
   gchar *quoted_string;
@@ -171,9 +171,9 @@ sql_ascii_escape_and_quote (const char* string)
   if (string == NULL)
     return NULL;
 
-  escaped_string = strescape_check_utf8 (string, NULL);
+  escaped_string = strescape_check_utf8 (string, exceptions);
   quoted_string = sql_quote (escaped_string);
-  g_free (quoted_string);
+  g_free (escaped_string);
 
   return quoted_string;
 }
diff --git a/src/sql.h b/src/sql.h
index b0a225eff..08103a959 100644
--- a/src/sql.h
+++ b/src/sql.h
@@ -80,7 +80,7 @@ gchar *
 sql_quote (const char *);
 
 gchar *
-sql_ascii_escape_and_quote (const char *);
+sql_ascii_escape_and_quote (const char *, const char *);
 
 gchar *
 sql_insert (const char *);

From 8ce36d915fb37a280a708959e745bf3cb6f8e4e9 Mon Sep 17 00:00:00 2001
From: Timo Pollmeier <timo.pollmeier@greenbone.net>
Date: Fri, 26 Jul 2024 11:08:46 +0200
Subject: [PATCH 016/134] Change: Retry on deadlocks in sql_x

The sql_x function (and thus functions using it like sql_string) now
also retries executing the statement in case of a deadlock like the
sql function.

This addresses an issue with queries of the auth_cache aborting if there
are too many concurrent ones.
---
 src/sql.c | 28 ++++++++++++++++++++--------
 1 file changed, 20 insertions(+), 8 deletions(-)

diff --git a/src/sql.c b/src/sql.c
index efae4de7b..72043d14b 100644
--- a/src/sql.c
+++ b/src/sql.c
@@ -208,7 +208,7 @@ sql_insert (const char *string)
  *
  * @return 0 success, 1 gave up (even when retry given),
  *         2 reserved (lock unavailable), 3 unique constraint violation,
- *         -1 error.
+ *         4 deadlock, -1 error.
  */
 int
 sqlv (int retry, char* sql, va_list args)
@@ -274,13 +274,14 @@ sql (char* sql, ...)
         continue;
       else if (ret == 4)
         {
-            if (deadlock_amount++ > DEADLOCK_THRESHOLD)
-              {
-                  g_warning("%s: %d deadlocks detected, waiting and retrying %s", __func__, deadlock_amount, sql);
-              }
-            gvm_usleep (DEADLOCK_SLEEP);
-            continue;
-         }
+          if (deadlock_amount++ > DEADLOCK_THRESHOLD)
+            {
+              g_warning("%s: %d deadlocks detected, waiting and retrying %s",
+                        __func__, deadlock_amount, sql);
+            }
+          gvm_usleep (DEADLOCK_SLEEP);
+          continue;
+        }
       else if (ret)
         abort();
       break;
@@ -355,6 +356,7 @@ int
 sql_x (char* sql, va_list args, sql_stmt_t** stmt_return)
 {
   int ret;
+  unsigned int deadlock_amount =  0;
 
   assert (stmt_return);
 
@@ -392,6 +394,16 @@ sql_x (char* sql, va_list args, sql_stmt_t** stmt_return)
           sql_finalize (*stmt_return);
           continue;
         }
+      else if (ret == -5)
+        {
+          if (deadlock_amount++ > DEADLOCK_THRESHOLD)
+            {
+              g_warning("%s: %d deadlocks detected, waiting and retrying %s",
+                        __func__, deadlock_amount, sql);
+            }
+          gvm_usleep (DEADLOCK_SLEEP);
+          continue;
+        }
       break;
     }
   assert (ret == 1);

From 9ac894698595406c1cd56c721be411a3f07544ca Mon Sep 17 00:00:00 2001
From: Timo Pollmeier <timo.pollmeier@greenbone.net>
Date: Mon, 29 Jul 2024 12:16:49 +0200
Subject: [PATCH 017/134] Remove unnecessary else in sql_x

Co-authored-by: Matt Mundell <32057441+mattmundell@users.noreply.github.com>
---
 src/sql.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/sql.c b/src/sql.c
index 72043d14b..33b0de1ca 100644
--- a/src/sql.c
+++ b/src/sql.c
@@ -394,7 +394,7 @@ sql_x (char* sql, va_list args, sql_stmt_t** stmt_return)
           sql_finalize (*stmt_return);
           continue;
         }
-      else if (ret == -5)
+      if (ret == -5)
         {
           if (deadlock_amount++ > DEADLOCK_THRESHOLD)
             {

From e0f38153fb536219e858d46653a13b9b70505605 Mon Sep 17 00:00:00 2001
From: Ahmed Abdelsalam <ahmed.abdelsalam@greenbone.net>
Date: Mon, 15 Jan 2024 19:28:38 +0100
Subject: [PATCH 018/134] Change: Differentiate between audit and scan reports

- usage_type can now be used with get_reports GMP command to get audit/scan reports separately.
- compliance / compliance count is now used for audit reports instead of severity / result count.
---
 src/gmp.c        |   27 +-
 src/manage.h     |    9 +-
 src/manage_pg.c  |   39 +-
 src/manage_sql.c | 1443 +++++++++++++++++++++++++++++++++++-----------
 4 files changed, 1166 insertions(+), 352 deletions(-)

diff --git a/src/gmp.c b/src/gmp.c
index 6e8840e2e..e8230922e 100644
--- a/src/gmp.c
+++ b/src/gmp.c
@@ -5555,6 +5555,14 @@ gmp_xml_handle_start_element (/* unused */ GMarkupParseContext* context,
             else
               get_reports_data->ignore_pagination = 0;
 
+            if (find_attribute (attribute_names, attribute_values,
+                                "usage_type", &attribute))
+              {
+                get_data_set_extra (&get_reports_data->report_get,
+                                    "usage_type",
+                                    attribute);
+              }
+
             set_client_state (CLIENT_GET_REPORTS);
           }
         else if (strcasecmp ("GET_REPORT_CONFIGS", element_name) == 0)
@@ -14818,7 +14826,7 @@ handle_get_reports (gmp_parser_t *gmp_parser, GError **error)
       || (strlen (get_reports_data->report_get.id) == 0))
     {
       int overrides, min_qod;
-      gchar *filter, *levels;
+      gchar *filter, *levels, *compliance_levels;
       get_data_t * get;
 
       /* For simplicity, use a fixed result filter when filtering
@@ -14840,13 +14848,22 @@ handle_get_reports (gmp_parser_t *gmp_parser, GError **error)
       overrides = filter_term_apply_overrides (filter ? filter : get->filter);
       min_qod = filter_term_min_qod (filter ? filter : get->filter);
       levels = filter_term_value (filter ? filter : get->filter, "levels");
+      compliance_levels = filter_term_value (filter 
+                                                ? filter 
+                                                : get->filter,
+                                             "compliance_levels");
       g_free (filter);
 
       /* Setup result filter from overrides. */
       get_reports_data->get.filter
-        = g_strdup_printf ("apply_overrides=%i min_qod=%i levels=%s",
-                           overrides, min_qod, levels ? levels : "hmlgdf");
+        = g_strdup_printf 
+            ("apply_overrides=%i min_qod=%i levels=%s compliance_levels=%s",
+             overrides, 
+             min_qod, 
+             levels ? levels : "hmlgdf", 
+             compliance_levels ? compliance_levels : "yniu");
       g_free (levels);
+      g_free (compliance_levels);
     }
 
   ret = init_report_iterator (&reports, &get_reports_data->report_get);
@@ -16252,6 +16269,7 @@ handle_get_results (gmp_parser_t *gmp_parser, GError **error)
                                       NULL, /* result_hosts_only */
                                       NULL, /* min_qod */
                                       NULL, /* levels */
+                                      NULL, /* compliance_levels */
                                       NULL, /* delta_states */
                                       NULL, /* search_phrase */
                                       NULL, /* search_phrase_exact */
@@ -18266,7 +18284,8 @@ handle_get_tasks (gmp_parser_t *gmp_parser, GError **error)
                   report_compliance_by_uuid (last_report_id,
                                              &compliance_yes,
                                              &compliance_no,
-                                             &compliance_incomplete);
+                                             &compliance_incomplete,
+                                             NULL);
 
                   last_report
                     = g_strdup_printf ("<last_report>"
diff --git a/src/manage.h b/src/manage.h
index 891b3a0c7..dfa832808 100644
--- a/src/manage.h
+++ b/src/manage.h
@@ -838,6 +838,9 @@ set_task_hosts_ordering (task_t, const char *);
 void
 set_task_scanner (task_t, scanner_t);
 
+int
+task_usage_type (task_t, char**);
+
 void
 set_task_usage_type (task_t, const char *);
 
@@ -1328,7 +1331,7 @@ gboolean
 report_task (report_t, task_t*);
 
 void
-report_compliance_by_uuid (const char *, int *, int *, int *);
+report_compliance_by_uuid (const char *, int *, int *, int *, int *);
 
 int
 report_scan_result_count (report_t, const char*, const char*, int, const char*,
@@ -1724,8 +1727,8 @@ manage_filter_controls (const gchar *, int *, int *, gchar **, int *);
 
 void
 manage_report_filter_controls (const gchar *, int *, int *, gchar **, int *,
-                               int *, gchar **, gchar **, gchar **, gchar **,
-                               int *, int *, int *, int *, gchar **);
+                               int *, gchar **, gchar **, gchar **, gchar **, 
+                               gchar **, int *, int *, int *, int *, gchar **);
 
 gchar *
 manage_clean_filter (const gchar *);
diff --git a/src/manage_pg.c b/src/manage_pg.c
index 1f513344e..b9d008142 100644
--- a/src/manage_pg.c
+++ b/src/manage_pg.c
@@ -895,7 +895,44 @@ manage_create_sql_functions ()
        "$$ LANGUAGE plpgsql"
        " IMMUTABLE;");
 
-  /* Functions in SQL. */
+  sql ("CREATE OR REPLACE FUNCTION compliance_status ("
+       "  report_id integer)"
+       "RETURNS text AS $$ "
+       "BEGIN"
+       "  CASE"
+       "  WHEN (SELECT count(*) FROM results"
+       "        WHERE report = report_id"
+       "        AND description LIKE 'Compliant:%%NO%%') > 0"
+       "  THEN RETURN 'no';"
+       "  WHEN (SELECT count(*) FROM results"
+       "        WHERE report = report_id"
+       "        AND description LIKE 'Compliant:%%INCOMPLETE%%') > 0"
+       "  THEN RETURN 'incomplete';"
+       "  WHEN (SELECT count(*) FROM results"
+       "        WHERE report = report_id"
+       "        AND description LIKE 'Compliant:%%YES%%') > 0"
+       "  THEN RETURN 'yes';"
+       "  ELSE RETURN 'undefined';"
+       "  END CASE;" 
+       "END;"
+       "$$ LANGUAGE plpgsql"
+       " IMMUTABLE;");
+
+  sql ("CREATE OR REPLACE FUNCTION compliance_count (report_id integer, compliance text)"
+       " RETURNS integer AS $$"
+       " DECLARE count integer := 0;"
+       " BEGIN"
+       "   WITH compliance_count AS"
+       "   (SELECT count(*) AS total FROM results WHERE report = report_id"                        
+       "        AND description LIKE 'Compliant:%%' || compliance || '%%')"
+       "   SELECT total FROM compliance_count"
+       "   INTO count;"
+       "   RETURN count;"
+       " END;"
+       " $$ LANGUAGE plpgsql"
+       " IMMUTABLE;");
+
+ /* Functions in SQL. */       
 
   if (sql_int ("SELECT (EXISTS (SELECT * FROM information_schema.tables"
                "                WHERE table_catalog = '%s'"
diff --git a/src/manage_sql.c b/src/manage_sql.c
index 5c1e760eb..d498e8fbe 100644
--- a/src/manage_sql.c
+++ b/src/manage_sql.c
@@ -294,6 +294,9 @@ cache_all_permissions_for_users (GArray*);
 static void
 report_cache_counts (report_t, int, int, const char*);
 
+static gchar * 
+reports_extra_where (int, const char *, const char *);
+
 static int
 report_host_dead (report_host_t);
 
@@ -2033,7 +2036,13 @@ filter_control_str (keyword_t **point, const char *column, gchar **string)
  *                              results if NULL.
  * @param[out]  levels         String describing threat levels (message types)
  *                             to include in count (for example, "hmlg" for
- *                             High, Medium, Low and loG).  All levels if NULL.
+ *                             High, Medium, Low and loG). All levels if NULL.
+ * @param[out]  comliance_levels   String describing compliance levels
+ *                             to include in count (for example, "yniu" for
+ *                             "yes" (compliant), "n" for "no" (not compliant),
+ *                             "i" for "incomplete" and "u" for "undefined" 
+ *                              (without compliance information). 
+ *                              All levels if NULL.
  * @param[out]  delta_states   String describing delta states to include in count
  *                             (for example, "sngc" Same, New, Gone and Changed).
  *                             All levels if NULL.
@@ -2049,10 +2058,11 @@ void
 manage_report_filter_controls (const gchar *filter, int *first, int *max,
                                gchar **sort_field, int *sort_order,
                                int *result_hosts_only, gchar **min_qod,
-                               gchar **levels, gchar **delta_states,
-                               gchar **search_phrase, int *search_phrase_exact,
-                               int *notes, int *overrides,
-                               int *apply_overrides, gchar **zone)
+                               gchar **levels, gchar **compliance_levels,
+                               gchar **delta_states, gchar **search_phrase, 
+                               int *search_phrase_exact, int *notes, 
+                               int *overrides, int *apply_overrides, 
+                               gchar **zone)
 {
   keyword_t **point;
   array_t *split;
@@ -2211,6 +2221,16 @@ manage_report_filter_controls (const gchar *filter, int *first, int *max,
       else
         *apply_overrides = val;
     }
+  
+  if (compliance_levels)
+    {
+      if (filter_control_str ((keyword_t **) split->pdata,
+                              "compliance_levels",
+                              &string))
+        *compliance_levels = NULL;
+      else
+        *compliance_levels = string;
+    }
 
   if (delta_states)
     {
@@ -17781,9 +17801,8 @@ resource_count (const char *type, const get_data_t *get)
     }
   else if (strcmp (type, "report") == 0)
     {
-      extra_where = g_strdup (" AND (SELECT hidden FROM tasks"
-                              "      WHERE tasks.id = task)"
-                              "     = 0");
+      const gchar *usage_type = get_data_get_extra (get, "usage_type");
+      extra_where = reports_extra_where (0, NULL, usage_type);
     }
   else if (strcmp (type, "result") == 0)
     {
@@ -18242,6 +18261,25 @@ task_scanner_in_trash (task_t task)
                   " FROM tasks WHERE id = %llu;", task);
 }
 
+/**
+ * @brief Return the usage type of a task.
+ *
+ * @param[in]  task  Task.
+ * @param[out] usage_type  Pointer to a newly allocated string.
+ *
+ * @return 0 if successful, -1 otherwise.
+ */
+int
+task_usage_type (task_t task, char ** usage_type)
+{
+  *usage_type = sql_string ("SELECT usage_type FROM tasks WHERE id = %llu;",
+                            task);
+  if (usage_type == NULL)
+    return -1;
+  
+  return 0;
+}
+
 /**
  * @brief Set the usage_type of a task.
  *
@@ -21483,12 +21521,14 @@ report_task (report_t report, task_t *task)
  * @param[out] compliance_yes         Number of "YES" results.
  * @param[out] compliance_no          Number of "NO" results.
  * @param[out] compliance_incomplete  Number of "INCOMPLETE" results.
+ * @param[out] compliance_undefined   Number of "UNDEFINED" results.
  */
 void
 report_compliance_by_uuid (const char *report_id,
                            int *compliance_yes,
                            int *compliance_no,
-                           int *compliance_incomplete)
+                           int *compliance_incomplete,
+                           int *compliance_undefined)
 {
   report_t report;
   gchar *quoted_uuid = sql_quote (report_id);
@@ -21522,6 +21562,14 @@ report_compliance_by_uuid (const char *report_id,
                    " AND description LIKE 'Compliant:%%INCOMPLETE%%';",
                    report);
     }
+  if (compliance_undefined)
+    {
+      *compliance_undefined
+        = sql_int ("SELECT count(*) FROM results"
+                   " WHERE report = %llu"
+                   " AND description NOT LIKE 'Compliant:%%';",
+                   report);
+    }    
 
   g_free (quoted_uuid);
 }
@@ -21750,7 +21798,8 @@ report_add_results_array (report_t report, GArray *results)
    "medium", "high", "hosts", "result_hosts", "fp_per_host", "log_per_host",   \
    "low_per_host", "medium_per_host", "high_per_host", "duration",             \
    "duration_per_host", "start_time", "end_time", "scan_start", "scan_end",    \
-   NULL }
+   "compliance_yes", "compliance_no", "compliance_incomplete",                 \
+   "compliance_status", NULL }
 
 /**
  * @brief Report iterator columns.
@@ -21888,6 +21937,26 @@ report_add_results_array (report_t report, GArray *results)
      "duration_per_host",                                                    \
      KEYWORD_TYPE_INTEGER                                                    \
    },                                                                        \
+   {                                                                         \
+     "compliance_count (id, 'YES')",                                         \
+     "compliance_yes",                                                       \
+     KEYWORD_TYPE_INTEGER                                                    \
+   },                                                                        \
+   {                                                                         \
+     "compliance_count (id, 'NO')",                                          \
+     "compliance_no",                                                        \
+     KEYWORD_TYPE_INTEGER                                                    \
+   },                                                                        \
+   {                                                                         \
+     "compliance_count (id, 'INCOMPLETE')",                                  \
+     "compliance_incomplete",                                                \
+     KEYWORD_TYPE_INTEGER                                                    \
+   },                                                                        \
+   {                                                                         \
+     "compliance_status (id)",                                               \
+     "compliance_status",                                                    \
+     KEYWORD_TYPE_STRING                                                     \
+   },                                                                        \
    { NULL, NULL, KEYWORD_TYPE_UNKNOWN }                                      \
  }
 
@@ -21910,6 +21979,126 @@ report_iterator_opts_table (int override, int min_qod)
                           min_qod);
 }
 
+/**
+ * @brief Return SQL WHERE for restricting a SELECT to compliance statuses.
+ *
+ * @param[in]  compliance  String describing compliance statuses of reports
+ *                         to include (for example, "yniu" for yes (compliant), 
+ *                         no (not compliant), i (incomplete) and u (undefined))
+ *                         All compliance statuses if NULL.
+ *
+ * @return WHERE clause for compliance if one is required, else NULL.
+ */
+
+static gchar*
+where_compliance_status (const char *compliance)
+{
+  int count;
+  GString *compliance_sql;
+
+  /* Generate SQL for constraints on compliance status, according to compliance. */
+
+  compliance_sql = g_string_new ("");
+  count = 0;
+
+  g_string_append_printf (compliance_sql, " AND compliance_status(reports.id) IN (");
+
+  if (strchr (compliance, 'y'))
+    {
+      g_string_append (compliance_sql, "'yes'");
+      count++;
+    }
+  if (strchr (compliance, 'n'))
+    {
+      g_string_append (compliance_sql, count ? ", 'no'" : "'no'");
+      count++;
+    }
+  if (strchr (compliance, 'i'))
+    {
+      g_string_append (compliance_sql, count ? ", 'incomplete'" : "'incomplete'");
+      count++;
+    }
+  if (strchr (compliance, 'u'))
+    {
+      g_string_append (compliance_sql, count ? ", 'undefined'" : "'undefined'");
+      count++;
+    }
+
+  g_string_append (compliance_sql, ")");
+
+  if (count == 4)
+    {
+      /* All compliance levels selected. */
+      g_string_free (compliance_sql, TRUE);
+      return NULL;
+    }
+
+   return g_string_free (compliance_sql, FALSE);;
+}
+
+
+/**
+ * @brief  Generate an extra WHERE clause for selecting reports
+ *
+ * @param[in]  trash        Whether to get results from trashcan.
+ * @param[in]  filter       Filter string.
+ * @param[in]  usage_type   The usage type to limit the selection to.
+ *
+ * @return Newly allocated where clause string.
+ */
+static gchar *
+reports_extra_where (int trash, const gchar *filter, const char *usage_type)
+{
+  gchar *extra_where = NULL;
+  gchar *usage_type_clause, *trash_clause, *compliance_clause = NULL;
+  gchar *compliance_filter = NULL;
+
+  if (trash)
+    {
+      trash_clause = g_strdup_printf (" AND (SELECT hidden FROM tasks"
+                                      "      WHERE tasks.id = task)"
+                                      "     = 2");    
+    }
+  else
+    {
+      trash_clause = g_strdup_printf (" AND (SELECT hidden FROM tasks"
+                                      "      WHERE tasks.id = task)"
+                                      "     = 0");
+    }
+
+
+  if (usage_type && strcmp (usage_type, ""))
+    {
+      gchar *quoted_usage_type;
+      quoted_usage_type = sql_quote (usage_type);
+      usage_type_clause = g_strdup_printf (" AND task in (SELECT id from tasks"
+                                           "              WHERE usage_type='%s')",
+                                           quoted_usage_type);
+      
+      g_free (quoted_usage_type);
+    }
+  else
+    usage_type_clause = NULL;
+
+  if (filter)
+    compliance_filter = filter_term_value(filter, "compliant");
+
+  compliance_clause = where_compliance_status (compliance_filter ?: "yniu");
+  
+
+  extra_where = g_strdup_printf("%s%s%s",
+                                trash_clause,
+                                usage_type_clause ?: "",
+                                compliance_clause ?: "");
+
+  g_free (compliance_filter);
+  g_free (trash_clause);
+  g_free (compliance_clause);
+  g_free (usage_type_clause);
+
+  return extra_where;
+}
+
 /**
  * @brief Count number of reports.
  *
@@ -21923,21 +22112,18 @@ report_count (const get_data_t *get)
   static const char *filter_columns[] = REPORT_ITERATOR_FILTER_COLUMNS;
   static column_t columns[] = REPORT_ITERATOR_COLUMNS;
   static column_t where_columns[] = REPORT_ITERATOR_WHERE_COLUMNS;
-  gchar *extra_tables;
+  gchar *extra_tables, *extra_where;
   int ret;
 
   extra_tables = report_iterator_opts_table (0, MIN_QOD_DEFAULT);
+  
+  const gchar *usage_type = get_data_get_extra (get, "usage_type");
+  extra_where = reports_extra_where(get->trash, get->filter, usage_type);
 
   ret = count2 ("report", get, columns, NULL, where_columns, NULL,
                 filter_columns, 0,
                 extra_tables,
-                get->trash
-                 ? " AND (SELECT hidden FROM tasks"
-                   "      WHERE tasks.id = task)"
-                   "     = 2"
-                 : " AND (SELECT hidden FROM tasks"
-                   "      WHERE tasks.id = task)"
-                   "     = 0",
+                extra_where,
                 NULL,
                 TRUE);
 
@@ -21962,7 +22148,8 @@ init_report_iterator (iterator_t* iterator, const get_data_t *get)
   static column_t where_columns[] = REPORT_ITERATOR_WHERE_COLUMNS;
   char *filter;
   int overrides, min_qod;
-  gchar *extra_tables;
+  const char *usage_type;
+  gchar *extra_tables, *extra_where;
   int ret;
 
   if (get->filt_id && strcmp (get->filt_id, FILT_ID_NONE))
@@ -21980,6 +22167,8 @@ init_report_iterator (iterator_t* iterator, const get_data_t *get)
   free (filter);
 
   extra_tables = report_iterator_opts_table (overrides, min_qod);
+  usage_type = get_data_get_extra (get, "usage_type");
+  extra_where = reports_extra_where (get->trash, get->filter, usage_type);
 
   ret = init_get_iterator2 (iterator,
                             "report",
@@ -21993,13 +22182,7 @@ init_report_iterator (iterator_t* iterator, const get_data_t *get)
                             filter_columns,
                             0,
                             extra_tables,
-                            get->trash
-                             ? " AND (SELECT hidden FROM tasks"
-                               "      WHERE tasks.id = task)"
-                               "     = 2"
-                             : " AND (SELECT hidden FROM tasks"
-                               "      WHERE tasks.id = task)"
-                               "     = 0",
+                            extra_where,
                             NULL,
                             TRUE,
                             FALSE,
@@ -23819,6 +24002,20 @@ DEF_ACCESS (result_iterator_nvt_family, GET_ITERATOR_COLUMN_COUNT + 33);
  */
 DEF_ACCESS (result_iterator_nvt_tag, GET_ITERATOR_COLUMN_COUNT + 34);
 
+/**
+ * @brief Get compliance status from a result iterator.
+ *
+ * @param[in]  iterator  Iterator.
+ *
+ * @return The compliance status (yes, no, incomplete or undefined).
+ */
+const char *
+result_iterator_compliance (iterator_t* iterator)
+{
+  if (iterator->done) return 0;
+  return iterator_string (iterator, GET_ITERATOR_COLUMN_COUNT + 35);
+}
+
 /**
  * @brief Get EPSS score of highest severity CVE from a result iterator.
  *
@@ -25693,6 +25890,158 @@ report_counts_id_full (report_t report, int* holes, int* infos,
   return 0;
 }
 
+
+/**
+ * @brief Get the compliance filtered counts for a report.
+ *
+ * @param[in]   report               Report.
+ * @param[in]   get                  Get data.
+ * @param[out]  f_compliance_yes     Compliant results count after filtering.
+ * @param[out]  f_compliance_no      Incompliant results count after filtering.
+ * @param[out]  f_compliance_incomplete  Incomplete results count 
+ *                                       after filtering.
+ * @param[out]  f_compliance_undefined   Undefined results count 
+ *                                       after filtering.
+ * @param[out]  f_compliance         Compliance state after filtering
+ *
+ * @return 0 on success, -1 on error.
+ */
+static int
+report_compliance_f_counts (report_t report, 
+                            const get_data_t* get, 
+                            int* f_compliance_yes, 
+                            int* f_compliance_no, 
+                            int* f_compliance_incomplete, 
+                            int* f_compliance_undefined,
+                            char** f_compliance_status)
+{
+  if (report == 0)
+    return -1;
+
+  get_data_t get_filtered;
+  iterator_t results;
+  int yes_count, no_count, incomplete_count, undefined_count;
+
+  yes_count = no_count = incomplete_count = undefined_count = 0;
+
+  memset (&get_filtered, 0, sizeof (get_data_t));
+  get_filtered.filt_id = get->filt_id;
+  get_filtered.filter = get->filter;
+  get_filtered.type = get->type;
+  get_filtered.ignore_pagination = 1;
+
+  ignore_max_rows_per_page = 1;
+  init_result_get_iterator (&results, &get_filtered, report, NULL,
+                            NULL);
+  ignore_max_rows_per_page = 0;
+  while (next (&results))
+    {
+      const char* compliance;
+
+      compliance = result_iterator_compliance (&results);
+
+      if (strcasecmp (compliance, "yes") == 0)
+        {
+          yes_count++;
+        }
+      else if (strcasecmp (compliance, "no") == 0)
+        {
+          no_count++;
+        }      
+      else if (strcasecmp (compliance, "incomplete") == 0)
+        {
+          incomplete_count++;
+        }
+      else if (strcasecmp (compliance, "undefined") == 0)
+        {
+          undefined_count++;
+        }      
+
+    }
+
+  if (f_compliance_yes)
+      *f_compliance_yes = yes_count;
+  if (f_compliance_no)
+      *f_compliance_no = no_count;
+  if (f_compliance_incomplete)
+      *f_compliance_incomplete = incomplete_count;
+  if (f_compliance_undefined)
+      *f_compliance_undefined = undefined_count;
+
+  cleanup_iterator (&results);
+
+  if (f_compliance_status)
+    {
+      if (no_count > 0) 
+        {
+          *f_compliance_status = "not compliant";
+        } 
+      else if (incomplete_count > 0) 
+        {
+          *f_compliance_status = "incomplete";
+        } 
+      else if (yes_count > 0) 
+        {
+          *f_compliance_status = "compliant";
+        } 
+      else 
+        {
+          *f_compliance_status = "undefined";
+        }      
+    }
+
+  return 0;
+}
+
+/**
+ * @brief Get the compliance counts for a report.
+ *
+ * @param[in]   report    Report.
+ * @param[in]   get       Get data.
+ * @param[out]  compliance_yes          Compliant results count.
+ * @param[out]  compliance_no           Incompliant results count.
+ * @param[out]  compliance_incomplete   Incomplete results count.
+ * @param[out]  compliance_undefined    Undefined results count.
+ * @param[out]  f_compliance            Compliance state.
+ *
+ * @return 0 on success, -1 on error.
+ */
+static int
+report_compliance_counts (report_t report, 
+                          const get_data_t* get,
+                          int* compliance_yes, 
+                          int* compliance_no,
+                          int* compliance_incomplete, 
+                          int* compliance_undefined,
+                          char** compliance_status)
+{
+  if (report == 0)
+    return -1;
+
+  report_compliance_by_uuid (report_uuid(report),
+                             compliance_yes,
+                             compliance_no, 
+                             compliance_incomplete,
+                             compliance_undefined);
+
+  if (compliance_status)
+    {
+      if (compliance_no && *compliance_no > 0) {
+        *compliance_status = "not compliant";
+      } else if (compliance_incomplete && *compliance_incomplete > 0) {
+        *compliance_status = "incomplete";
+      } else if (compliance_yes && *compliance_yes > 0) {
+        *compliance_status = "compliant";
+      } else {
+        *compliance_status = "undefined";
+      }      
+    }
+
+  return 0;
+}
+
+
+
 /**
  * @brief Get only the filtered message counts for a report.
  *
@@ -29010,6 +29359,11 @@ print_report_delta_xml (FILE *out, iterator_t *results,
  * @param[in]  f_warnings       Result count.
  * @param[in]  orig_f_false_positives  Result count.
  * @param[in]  f_false_positives       Result count.
+ * @param[in]  f_compliance_yes        filtered compliant count.
+ * @param[in]  f_compliance_no         filtered incompliant count.
+ * @param[in]  f_compliance_incomplete filtered incomplete count.
+ * @param[in]  f_compliance_undefined  filtered undefined count.
+ * @param[in]  f_compliance_count      total filtered compliance count.
  * @param[in]  result_hosts   Result hosts.
  *
  * @return 0 on success, -1 error.
@@ -29028,6 +29382,9 @@ print_v2_report_delta_xml (FILE *out, iterator_t *results,
                         int *orig_f_logs, int *f_logs,
                         int *orig_f_warnings, int *f_warnings,
                         int *orig_f_false_positives, int *f_false_positives,
+                        int *f_compliance_yes, int *f_compliance_no,
+                        int *f_compliance_incomplete, 
+                        int *f_compliance_undefined, int *f_compliance_count,
                         array_t *result_hosts)
 {
   GString *buffer = g_string_new ("");
@@ -29039,6 +29396,9 @@ print_v2_report_delta_xml (FILE *out, iterator_t *results,
   *orig_f_warnings = *f_warnings;
   *orig_f_false_positives = *f_false_positives;
   *orig_filtered_result_count = *filtered_result_count;
+  gchar *usage_type = NULL;
+
+  if (task && task_usage_type(task, &usage_type)) return -1;
 
   ports = g_tree_new_full ((GCompareDataFunc) strcmp, NULL, g_free,
                            (GDestroyNotify) free_host_ports);
@@ -29049,38 +29409,62 @@ print_v2_report_delta_xml (FILE *out, iterator_t *results,
 
     if (strchr (delta_states, state[0]) == NULL) continue;
 
-    const char *level;
-    /* Increase the result count. */
-    level = result_iterator_level (results);
-    (*orig_filtered_result_count)++;
-    (*filtered_result_count)++;
-    if (strcmp (level, "High") == 0)
-      {
-        (*orig_f_holes)++;
-        (*f_holes)++;
-      }
-    else if (strcmp (level, "Medium") == 0)
-      {
-        (*orig_f_warnings)++;
-        (*f_warnings)++;
-      }
-    else if (strcmp (level, "Low") == 0)
+    if (strcmp (usage_type, "audit")) 
       {
-        (*orig_f_infos)++;
-        (*f_infos)++;
-      }
-    else if (strcmp (level, "Log") == 0)
-      {
-        (*orig_f_logs)++;
-        (*f_logs)++;
+        const char *level;
+        /* Increase the result count. */
+        level = result_iterator_level (results);
+        (*orig_filtered_result_count)++;
+        (*filtered_result_count)++;
+        if (strcmp (level, "High") == 0)
+          {
+            (*orig_f_holes)++;
+            (*f_holes)++;
+          }
+        else if (strcmp (level, "Medium") == 0)
+          {
+            (*orig_f_warnings)++;
+            (*f_warnings)++;
+          }
+        else if (strcmp (level, "Low") == 0)
+          {
+            (*orig_f_infos)++;
+            (*f_infos)++;
+          }
+        else if (strcmp (level, "Log") == 0)
+          {
+            (*orig_f_logs)++;
+            (*f_logs)++;
+          }
+        else if (strcmp (level, "False Positive") == 0)
+          {
+            (*orig_f_false_positives)++;
+            (*f_false_positives)++;
+          }
       }
-    else if (strcmp (level, "False Positive") == 0)
+    else
       {
-        (*orig_f_false_positives)++;
-        (*f_false_positives)++;
+          const char* compliance;
+          compliance = result_iterator_compliance (results);
+          (*f_compliance_count)++;
+          if (strcasecmp (compliance, "yes") == 0)
+            {              
+                (*f_compliance_yes)++;
+            }
+          else if (strcasecmp (compliance, "no") == 0)
+            {
+                (*f_compliance_no)++;
+            }      
+          else if (strcasecmp (compliance, "incomplete") == 0)
+            {
+                (*f_compliance_incomplete)++;
+            }
+          else if (strcasecmp (compliance, "undefined") == 0)
+            {
+                (*f_compliance_undefined)++;
+            }            
       }
 
-
     buffer_results_xml (buffer,
                         results,
                         task,
@@ -29111,6 +29495,8 @@ print_v2_report_delta_xml (FILE *out, iterator_t *results,
     g_string_truncate (buffer, 0);
   }
   g_string_free (buffer, TRUE);
+  g_free (usage_type);
+  
   if (fprintf (out, "</results>") < 0)
     {
       g_tree_destroy (ports);
@@ -29185,7 +29571,7 @@ print_report_xml_start (report_t report, report_t delta, task_t task,
 
   FILE *out;
   gchar *clean, *term, *sort_field, *levels, *search_phrase;
-  gchar *min_qod;
+  gchar *min_qod, *compliance_levels;
   gchar *delta_states, *timestamp;
   int min_qod_int;
   char *uuid, *tsk_uuid = NULL, *start_time, *end_time;
@@ -29206,18 +29592,29 @@ print_report_xml_start (report_t report, report_t delta, task_t task,
   GHashTable *f_host_ports;
   GHashTable *f_host_holes, *f_host_warnings, *f_host_infos;
   GHashTable *f_host_logs, *f_host_false_positives;
+  GHashTable *f_host_compliant, *f_host_notcompliant;
+  GHashTable  *f_host_incomplete, *f_host_undefined;
   task_status_t run_status;
+  gchar *tsk_usage_type = NULL;
+  int compliance_yes, compliance_no;
+  int compliance_incomplete, compliance_undefined;
+  int f_compliance_yes, f_compliance_no;
+  int f_compliance_incomplete, f_compliance_undefined;
+  char *compliance_status, *f_compliance_status;
+  int total_compliance_count, f_compliance_count;
 
   int delta_reports_version = 0;
 
   /* Init some vars to prevent warnings from older compilers. */
   max_results = -1;
   levels = NULL;
+  compliance_levels = NULL;
   zone = NULL;
   delta_states = NULL;
   min_qod = NULL;
   search_phrase = NULL;
   total_result_count = filtered_result_count = 0;
+  total_compliance_count = f_compliance_count = 0;
   orig_filtered_result_count = 0;
   orig_f_false_positives = orig_f_warnings = orig_f_logs = orig_f_infos = 0;
   orig_f_holes = 0;
@@ -29227,6 +29624,10 @@ print_report_xml_start (report_t report, report_t delta, task_t task,
   f_host_infos = NULL;
   f_host_logs = NULL;
   f_host_false_positives = NULL;
+  f_host_compliant = NULL;
+  f_host_notcompliant = NULL;
+  f_host_incomplete = NULL;
+  f_host_undefined = NULL;
 
   /** @todo Leaks on error in PRINT and PRINT_XML.  The process normally exits
    *        then anyway. */
@@ -29277,10 +29678,10 @@ print_report_xml_start (report_t report, report_t delta, task_t task,
       manage_report_filter_controls (term ? term : get->filter,
                                      &first_result, &max_results, &sort_field,
                                      &sort_order, &result_hosts_only,
-                                     &min_qod, &levels, &delta_states,
-                                     &search_phrase, &search_phrase_exact,
-                                     &notes, &overrides,
-                                     &apply_overrides, &zone);
+                                     &min_qod, &levels, &compliance_levels,
+                                     &delta_states, &search_phrase, 
+                                     &search_phrase_exact, &notes, 
+                                     &overrides, &apply_overrides, &zone);
     }
   else
     {
@@ -29289,9 +29690,9 @@ print_report_xml_start (report_t report, report_t delta, task_t task,
       manage_report_filter_controls (term,
                                      &first_result, &max_results, &sort_field,
                                      &sort_order, &result_hosts_only,
-                                     &min_qod, &levels, &delta_states,
-                                     &search_phrase, &search_phrase_exact,
-                                     &notes, &overrides,
+                                     &min_qod, &levels, &compliance_levels,
+                                     &delta_states, &search_phrase, 
+                                     &search_phrase_exact, &notes, &overrides,
                                      &apply_overrides, &zone);
     }
 
@@ -29304,11 +29705,14 @@ print_report_xml_start (report_t report, report_t delta, task_t task,
 
   levels = levels ? levels : g_strdup ("hmlgdf");
 
-  if (task && task_uuid (task, &tsk_uuid))
+  compliance_levels = compliance_levels ? compliance_levels : g_strdup ("yniu");
+
+  if (task && (task_uuid (task, &tsk_uuid) || task_usage_type(task, &tsk_usage_type)))
     {
       fclose (out);
       g_free (term);
       g_free (levels);
+      g_free (compliance_levels);
       g_free (search_phrase);
       g_free (min_qod);
       g_free (delta_states);
@@ -29381,6 +29785,7 @@ print_report_xml_start (report_t report, report_t delta, task_t task,
         {
           free (uuid);
           g_free (levels);
+          g_free (compliance_levels);
           g_free (search_phrase);
           g_free (min_qod);
           g_free (delta_states);
@@ -29415,45 +29820,47 @@ print_report_xml_start (report_t report, report_t delta, task_t task,
   if (report)
     {
       /* Get total counts of full results. */
+      if (strcmp (tsk_usage_type, "audit"))
+        {
+          if (delta == 0)
+            {         
+              int total_holes, total_infos, total_logs;
+              int total_warnings, total_false_positives;
+              get_data_t *all_results_get;
+
+              all_results_get = report_results_get_data (1, -1, 0, 0);
+              report_counts_id (report, &total_holes, &total_infos,
+                                &total_logs, &total_warnings,
+                                &total_false_positives, NULL, all_results_get,
+                                NULL);
+              total_result_count = total_holes + total_infos
+                                  + total_logs + total_warnings
+                                  + total_false_positives;
+              get_data_reset (all_results_get);
+              free (all_results_get);
+            }
 
-      if (delta == 0)
-        {
-          int total_holes, total_infos, total_logs;
-          int total_warnings, total_false_positives;
-          get_data_t *all_results_get;
-
-          all_results_get = report_results_get_data (1, -1, 0, 0);
-          report_counts_id (report, &total_holes, &total_infos,
-                            &total_logs, &total_warnings,
-                            &total_false_positives, NULL, all_results_get,
-                            NULL);
-          total_result_count = total_holes + total_infos
-                               + total_logs + total_warnings
-                               + total_false_positives;
-          get_data_reset (all_results_get);
-          free (all_results_get);
-        }
+          /* Get total counts of filtered results. */
 
-      /* Get total counts of filtered results. */
+          if (count_filtered)
+            {
+              /* We're getting all the filtered results, so we can count them as we
+              * print them, to save time. */
 
-      if (count_filtered)
-        {
-          /* We're getting all the filtered results, so we can count them as we
-           * print them, to save time. */
+              filtered_result_count = 0;
+            }
+          else
+            {
+              /* Beware, we're using the full variables temporarily here, but
+              * report_counts_id counts the filtered results. */
+              report_counts_id (report, &holes, &infos, &logs, &warnings,
+                                &false_positives, NULL, get, NULL);
 
-          filtered_result_count = 0;
-        }
-      else
-        {
-          /* Beware, we're using the full variables temporarily here, but
-           * report_counts_id counts the filtered results. */
-          report_counts_id (report, &holes, &infos, &logs, &warnings,
-                            &false_positives, NULL, get, NULL);
+              filtered_result_count = holes + infos + logs + warnings
+                                      + false_positives;
 
-          filtered_result_count = holes + infos + logs + warnings
-                                  + false_positives;
+            }          
         }
-
       /* Get report run status. */
 
       report_scan_run_status (report, &run_status);
@@ -29551,16 +29958,30 @@ print_report_xml_start (report_t report, report_t delta, task_t task,
 
   filters_extra_buffer = g_string_new ("");
 
-  if (strchr (levels, 'h'))
-    g_string_append (filters_extra_buffer, "<filter>High</filter>");
-  if (strchr (levels, 'm'))
-    g_string_append (filters_extra_buffer, "<filter>Medium</filter>");
-  if (strchr (levels, 'l'))
-    g_string_append (filters_extra_buffer, "<filter>Low</filter>");
-  if (strchr (levels, 'g'))
-    g_string_append (filters_extra_buffer, "<filter>Log</filter>");
-  if (strchr (levels, 'f'))
-    g_string_append (filters_extra_buffer, "<filter>False Positive</filter>");
+  if (strcmp (tsk_usage_type, "audit"))
+    {
+      if (strchr (levels, 'h'))
+        g_string_append (filters_extra_buffer, "<filter>High</filter>");
+      if (strchr (levels, 'm'))
+        g_string_append (filters_extra_buffer, "<filter>Medium</filter>");
+      if (strchr (levels, 'l'))
+        g_string_append (filters_extra_buffer, "<filter>Low</filter>");
+      if (strchr (levels, 'g'))
+        g_string_append (filters_extra_buffer, "<filter>Log</filter>");
+      if (strchr (levels, 'f'))
+        g_string_append (filters_extra_buffer, "<filter>False Positive</filter>");
+    }
+  else
+    {
+      if (strchr (compliance_levels, 'y'))
+        g_string_append (filters_extra_buffer, "<filter>Yes</filter>");
+      if (strchr (compliance_levels, 'n'))
+        g_string_append (filters_extra_buffer, "<filter>No</filter>");
+      if (strchr (compliance_levels, 'i'))
+        g_string_append (filters_extra_buffer, "<filter>Incomplete</filter>");
+      if (strchr (compliance_levels, 'u'))
+        g_string_append (filters_extra_buffer, "<filter>Undefined</filter>");
+    }
 
   if (delta)
     {
@@ -29826,24 +30247,57 @@ print_report_xml_start (report_t report, report_t delta, task_t task,
 
   /* Prepare result counts. */
 
-  if (count_filtered)
+  if (strcmp (tsk_usage_type, "audit") == 0)
     {
-      /* We're getting all the filtered results, so we can count them as we
-       * print them, to save time. */
+      report_compliance_counts (report, get, &compliance_yes, &compliance_no,
+                                &compliance_incomplete, &compliance_undefined,
+                                &compliance_status);
 
-      report_counts_id_full (report, &holes, &infos, &logs,
-                             &warnings, &false_positives, &severity,
-                             get, NULL, NULL, NULL, NULL, NULL, NULL, NULL);
+      total_compliance_count = compliance_yes 
+                               + compliance_no 
+                               + compliance_incomplete
+                               + compliance_undefined;
 
-      f_holes = f_infos = f_logs = f_warnings = 0;
-      f_false_positives = f_severity = 0;
+      f_compliance_yes = f_compliance_no = 0;
+      f_compliance_incomplete = f_compliance_undefined = 0;
+
+      if (count_filtered == 0)
+        {
+          report_compliance_f_counts (report, 
+                                      get, 
+                                      &f_compliance_yes,
+                                      &f_compliance_no, 
+                                      &f_compliance_incomplete,
+                                      &f_compliance_undefined,
+                                      &f_compliance_status);
+          
+          f_compliance_count = f_compliance_yes 
+                               + f_compliance_no
+                               + f_compliance_incomplete
+                               + f_compliance_undefined;
+        }
     }
   else
-    report_counts_id_full (report, &holes, &infos, &logs,
-                           &warnings, &false_positives, &severity,
-                           get, NULL,
-                           &f_holes, &f_infos, &f_logs, &f_warnings,
-                           &f_false_positives, &f_severity);
+    {
+      if (count_filtered)
+        {
+          /* We're getting all the filtered results, so we can count them as we
+          * print them, to save time. */
+
+          report_counts_id_full (report, &holes, &infos, &logs,
+                                &warnings, &false_positives, &severity,
+                                get, NULL, NULL, NULL, NULL, NULL, NULL, NULL);
+
+          f_holes = f_infos = f_logs = f_warnings = 0;
+          f_false_positives = f_severity = 0;
+        }
+      else
+          report_counts_id_full (report, &holes, &infos, &logs,
+                                &warnings, &false_positives, &severity,
+                                get, NULL,
+                                &f_holes, &f_infos, &f_logs, &f_warnings,
+                                &f_false_positives, &f_severity);   
+    }
 
   /* Results. */
 
@@ -29908,16 +30362,31 @@ print_report_xml_start (report_t report, report_t delta, task_t task,
     /* Quiet erroneous compiler warning. */
     result_hosts = NULL;
 
-  f_host_holes = g_hash_table_new_full (g_str_hash, g_str_equal,
-                                        g_free, NULL);
-  f_host_warnings = g_hash_table_new_full (g_str_hash, g_str_equal,
-                                           g_free, NULL);
-  f_host_infos = g_hash_table_new_full (g_str_hash, g_str_equal,
-                                      g_free, NULL);
-  f_host_logs = g_hash_table_new_full (g_str_hash, g_str_equal,
-                                      g_free, NULL);
-  f_host_false_positives = g_hash_table_new_full (g_str_hash, g_str_equal,
-                                                  g_free, NULL);
+  if (strcmp (tsk_usage_type, "audit"))
+    {
+      f_host_holes = g_hash_table_new_full (g_str_hash, g_str_equal,
+                                            g_free, NULL);
+      f_host_warnings = g_hash_table_new_full (g_str_hash, g_str_equal,
+                                              g_free, NULL);
+      f_host_infos = g_hash_table_new_full (g_str_hash, g_str_equal,
+                                          g_free, NULL);
+      f_host_logs = g_hash_table_new_full (g_str_hash, g_str_equal,
+                                          g_free, NULL);
+      f_host_false_positives = g_hash_table_new_full (g_str_hash, g_str_equal,
+                                                      g_free, NULL);
+    }
+  else
+    {
+      f_host_compliant = g_hash_table_new_full (g_str_hash, g_str_equal,
+                                                      g_free, NULL);
+      f_host_notcompliant = g_hash_table_new_full (g_str_hash, g_str_equal,
+                                                      g_free, NULL);
+      f_host_incomplete = g_hash_table_new_full (g_str_hash, g_str_equal,
+                                                      g_free, NULL);
+      f_host_undefined = g_hash_table_new_full (g_str_hash, g_str_equal,
+                                                      g_free, NULL);                                                      
+    }
+
 
   if (delta && get->details)
     {
@@ -29944,6 +30413,7 @@ print_report_xml_start (report_t report, report_t delta, task_t task,
               fclose (out);
               g_free (sort_field);
               g_free (levels);
+              g_free (compliance_levels);
               g_free (search_phrase);
               g_free (min_qod);
               g_free (delta_states);
@@ -29951,11 +30421,22 @@ print_report_xml_start (report_t report, report_t delta, task_t task,
               cleanup_iterator (&delta_results);
               tz_revert (zone, tz, old_tz_override);
               g_hash_table_destroy (f_host_ports);
-              g_hash_table_destroy (f_host_holes);
-              g_hash_table_destroy (f_host_warnings);
-              g_hash_table_destroy (f_host_infos);
-              g_hash_table_destroy (f_host_logs);
-              g_hash_table_destroy (f_host_false_positives);
+              if (strcmp (tsk_usage_type, "audit"))
+                {
+                  g_hash_table_destroy (f_host_holes);
+                  g_hash_table_destroy (f_host_warnings);
+                  g_hash_table_destroy (f_host_infos);
+                  g_hash_table_destroy (f_host_logs);
+                  g_hash_table_destroy (f_host_false_positives);
+
+                }
+              else
+                {
+                  g_hash_table_destroy (f_host_compliant);
+                  g_hash_table_destroy (f_host_notcompliant);
+                  g_hash_table_destroy (f_host_incomplete);
+                  g_hash_table_destroy (f_host_undefined);
+                }
               return -1;
             }
         } 
@@ -29976,11 +30457,17 @@ print_report_xml_start (report_t report, report_t delta, task_t task,
                                         &orig_f_warnings, &f_warnings,
                                         &orig_f_false_positives, 
                                         &f_false_positives,
+                                        &f_compliance_yes,
+                                        &f_compliance_no,
+                                        &f_compliance_incomplete,
+                                        &f_compliance_undefined,
+                                        &f_compliance_count,
                                         result_hosts))
             {
               fclose (out);
               g_free (sort_field);
               g_free (levels);
+              g_free (compliance_levels);
               g_free (search_phrase);
               g_free (min_qod);
               g_free (delta_states);
@@ -29988,11 +30475,21 @@ print_report_xml_start (report_t report, report_t delta, task_t task,
               cleanup_iterator (&delta_results);
               tz_revert (zone, tz, old_tz_override);
               g_hash_table_destroy (f_host_ports);
-              g_hash_table_destroy (f_host_holes);
-              g_hash_table_destroy (f_host_warnings);
-              g_hash_table_destroy (f_host_infos);
-              g_hash_table_destroy (f_host_logs);
-              g_hash_table_destroy (f_host_false_positives);
+              if (strcmp (tsk_usage_type, "audit"))
+                {
+                    g_hash_table_destroy (f_host_holes);
+                    g_hash_table_destroy (f_host_warnings);
+                    g_hash_table_destroy (f_host_infos);
+                    g_hash_table_destroy (f_host_logs);
+                    g_hash_table_destroy (f_host_false_positives);
+                }
+              else
+                {
+                    g_hash_table_destroy (f_host_compliant);
+                    g_hash_table_destroy (f_host_notcompliant);
+                    g_hash_table_destroy (f_host_incomplete);
+                    g_hash_table_destroy (f_host_undefined);                
+                }
               return -1;
             }
         }
@@ -30007,7 +30504,6 @@ print_report_xml_start (report_t report, report_t delta, task_t task,
           const char* level;
           GHashTable *f_host_result_counts;
           GString *buffer = g_string_new ("");
-          double result_severity;
 
           buffer_results_xml (buffer,
                               &results,
@@ -30031,54 +30527,106 @@ print_report_xml_start (report_t report, report_t delta, task_t task,
             array_add_new_string (result_hosts,
                                   result_iterator_host (&results));
 
-          result_severity = result_iterator_severity_double (&results);
-          if (result_severity > f_severity)
-            f_severity = result_severity;
-
-          level = result_iterator_level (&results);
-          if (strcasecmp (level, "log") == 0)
-            {
-              f_host_result_counts = f_host_logs;
-              if (count_filtered)
-                f_logs++;
-            }
-          else if (strcasecmp (level, "high") == 0)
-            {
-              f_host_result_counts = f_host_holes;
-              if (count_filtered)
-                f_holes++;
-            }
-          else if (strcasecmp (level, "medium") == 0)
+          if (strcmp (tsk_usage_type, "audit"))
             {
-              f_host_result_counts = f_host_warnings;
-              if (count_filtered)
-                f_warnings++;
-            }
-          else if (strcasecmp (level, "low") == 0)
-            {
-              f_host_result_counts = f_host_infos;
-              if (count_filtered)
-                f_infos++;
-            }
-          else if (strcasecmp (level, "false positive") == 0)
-            {
-              f_host_result_counts = f_host_false_positives;
-              if (count_filtered)
-                f_false_positives++;
+              double result_severity;
+              result_severity = result_iterator_severity_double (&results);
+              if (result_severity > f_severity)
+                f_severity = result_severity;
+
+              level = result_iterator_level (&results);
+
+              if (strcasecmp (level, "log") == 0)
+                {
+                  f_host_result_counts = f_host_logs;
+                  if (count_filtered)
+                    f_logs++;
+                }
+              else if (strcasecmp (level, "high") == 0)
+                {
+                  f_host_result_counts = f_host_holes;
+                  if (count_filtered)
+                    f_holes++;
+                }
+              else if (strcasecmp (level, "medium") == 0)
+                {
+                  f_host_result_counts = f_host_warnings;
+                  if (count_filtered)
+                    f_warnings++;
+                }
+              else if (strcasecmp (level, "low") == 0)
+                {
+                  f_host_result_counts = f_host_infos;
+                  if (count_filtered)
+                    f_infos++;
+                }
+              else if (strcasecmp (level, "false positive") == 0)
+                {
+                  f_host_result_counts = f_host_false_positives;
+                  if (count_filtered)
+                    f_false_positives++;
+                }
+              else
+                f_host_result_counts = NULL;
+
+              if (f_host_result_counts)
+                {
+                  const char *result_host = result_iterator_host (&results);
+                  int result_count
+                        = GPOINTER_TO_INT
+                            (g_hash_table_lookup (f_host_result_counts, result_host));
+
+                  g_hash_table_replace (f_host_result_counts,
+                                        g_strdup (result_host),
+                                        GINT_TO_POINTER (result_count + 1));
+                }
             }
           else
-            f_host_result_counts = NULL;
-
-          if (f_host_result_counts)
             {
-              const char *result_host = result_iterator_host (&results);
-              int result_count
-                    = GPOINTER_TO_INT
-                        (g_hash_table_lookup (f_host_result_counts, result_host));
+              const char* compliance;
+              compliance = result_iterator_compliance (&results);
+
+              if (strcasecmp (compliance, "yes") == 0)
+                {
+                  f_host_result_counts = f_host_compliant;
+                  if (count_filtered)                  
+                    f_compliance_yes++;
+                }
+              else if (strcasecmp (compliance, "no") == 0)
+                {
+                  f_host_result_counts = f_host_notcompliant;
+                  if (count_filtered)                  
+                    f_compliance_no++;
+                }      
+              else if (strcasecmp (compliance, "incomplete") == 0)
+                {
+                  f_host_result_counts = f_host_incomplete;
+                  if (count_filtered)                  
+                    f_compliance_incomplete++;
+                }
+              else if (strcasecmp (compliance, "undefined") == 0)
+                {
+                  f_host_result_counts = f_host_undefined;
+                  if (count_filtered)                  
+                    f_compliance_undefined++;
+                }                
+              else
+                {
+                  f_host_result_counts = NULL;
+                }
 
-              g_hash_table_replace (f_host_result_counts,
-                                    g_strdup (result_host),
-                                    GINT_TO_POINTER (result_count + 1));
+              if (f_host_result_counts)
+                {
+                  const char *result_host = result_iterator_host (&results);
+                  int result_count
+                        = GPOINTER_TO_INT
+                            (g_hash_table_lookup (f_host_result_counts, 
+                                                  result_host));
+
+                  g_hash_table_replace (f_host_result_counts,
+                                        g_strdup (result_host),
+                                        GINT_TO_POINTER (result_count + 1));
+                }
             }
 
         }
@@ -30091,68 +30639,146 @@ print_report_xml_start (report_t report, report_t delta, task_t task,
 
   /* Print result counts and severity. */
 
-  if (delta)
-    /** @todo The f_holes, etc. vars are setup to give the page count. */
-    PRINT (out,
-           "<result_count>"
-           "<filtered>%i</filtered>"
-           "<hole><filtered>%i</filtered></hole>"
-           "<info><filtered>%i</filtered></info>"
-           "<log><filtered>%i</filtered></log>"
-           "<warning><filtered>%i</filtered></warning>"
-           "<false_positive>"
-           "<filtered>%i</filtered>"
-           "</false_positive>"
-           "</result_count>",
-           orig_filtered_result_count,
-           (strchr (levels, 'h') ? orig_f_holes : 0),
-           (strchr (levels, 'l') ? orig_f_infos : 0),
-           (strchr (levels, 'g') ? orig_f_logs : 0),
-           (strchr (levels, 'm') ? orig_f_warnings : 0),
-           (strchr (levels, 'f') ? orig_f_false_positives : 0));
+  if (strcmp (tsk_usage_type, "audit"))
+    {
+      if (delta)
+        /** @todo The f_holes, etc. vars are setup to give the page count. */
+        PRINT (out,
+              "<result_count>"
+              "<filtered>%i</filtered>"
+              "<hole><filtered>%i</filtered></hole>"
+              "<info><filtered>%i</filtered></info>"
+              "<log><filtered>%i</filtered></log>"
+              "<warning><filtered>%i</filtered></warning>"
+              "<false_positive>"
+              "<filtered>%i</filtered>"
+              "</false_positive>"
+              "</result_count>",
+              orig_filtered_result_count,
+              (strchr (levels, 'h') ? orig_f_holes : 0),
+              (strchr (levels, 'l') ? orig_f_infos : 0),
+              (strchr (levels, 'g') ? orig_f_logs : 0),
+              (strchr (levels, 'm') ? orig_f_warnings : 0),
+              (strchr (levels, 'f') ? orig_f_false_positives : 0));
+      else
+        {
+          if (count_filtered)
+            filtered_result_count = f_holes + f_infos + f_logs
+                                    + f_warnings + false_positives;
+
+          PRINT (out,
+                "<result_count>"
+                "%i"
+                "<full>%i</full>"
+                "<filtered>%i</filtered>"
+                "<hole><full>%i</full><filtered>%i</filtered></hole>"
+                "<info><full>%i</full><filtered>%i</filtered></info>"
+                "<log><full>%i</full><filtered>%i</filtered></log>"
+                "<warning><full>%i</full><filtered>%i</filtered></warning>"
+                "<false_positive>"
+                "<full>%i</full>"
+                "<filtered>%i</filtered>"
+                "</false_positive>"
+                "</result_count>",
+                total_result_count,
+                total_result_count,
+                filtered_result_count,
+                holes,
+                (strchr (levels, 'h') ? f_holes : 0),
+                infos,
+                (strchr (levels, 'l') ? f_infos : 0),
+                logs,
+                (strchr (levels, 'g') ? f_logs : 0),
+                warnings,
+                (strchr (levels, 'm') ? f_warnings : 0),
+                false_positives,
+                (strchr (levels, 'f') ? f_false_positives : 0));
+
+          PRINT (out,
+                "<severity>"
+                "<full>%1.1f</full>"
+                "<filtered>%1.1f</filtered>"
+                "</severity>",
+                severity,
+                f_severity);
+        }
+    }
   else
     {
-      if (count_filtered)
-        filtered_result_count = f_holes + f_infos + f_logs
-                                + f_warnings + false_positives;
+      if (delta)
+        PRINT (out,
+              "<compliance_count>"
+              "<filtered>%i</filtered>"
+              "<yes><filtered>%i</filtered></yes>"
+              "<no><filtered>%i</filtered></no>"
+              "<incomplete><filtered>%i</filtered></incomplete>"
+              "<undefined><filtered>%i</filtered></undefined>"
+              "</compliance_count>",
+              f_compliance_count,
+              (strchr (compliance_levels, 'y') ? f_compliance_yes : 0),
+              (strchr (compliance_levels, 'n') ? f_compliance_no : 0),
+              (strchr (compliance_levels, 'i') ? f_compliance_incomplete : 0),
+              (strchr (compliance_levels, 'u') ? f_compliance_undefined : 0));
+      else
+        {
+          if (count_filtered)
+            {
+              f_compliance_count = f_compliance_yes 
+                                  + f_compliance_no
+                                  + f_compliance_incomplete
+                                  + f_compliance_undefined;
+                                   
+              if (f_compliance_no > 0) 
+                {
+                  f_compliance_status = "not compliant";
+                } 
+              else if (f_compliance_incomplete > 0) 
+                {
+                  f_compliance_status = "incomplete";
+                } 
+              else if (f_compliance_yes > 0) 
+                {
+                  f_compliance_status = "compliant";
+                } 
+              else 
+                {
+                  f_compliance_status = "undefined";
+                }      
+            }
 
-      PRINT (out,
-             "<result_count>"
-             "%i"
-             "<full>%i</full>"
-             "<filtered>%i</filtered>"
-             "<hole><full>%i</full><filtered>%i</filtered></hole>"
-             "<info><full>%i</full><filtered>%i</filtered></info>"
-             "<log><full>%i</full><filtered>%i</filtered></log>"
-             "<warning><full>%i</full><filtered>%i</filtered></warning>"
-             "<false_positive>"
-             "<full>%i</full>"
-             "<filtered>%i</filtered>"
-             "</false_positive>"
-             "</result_count>",
-             total_result_count,
-             total_result_count,
-             filtered_result_count,
-             holes,
-             (strchr (levels, 'h') ? f_holes : 0),
-             infos,
-             (strchr (levels, 'l') ? f_infos : 0),
-             logs,
-             (strchr (levels, 'g') ? f_logs : 0),
-             warnings,
-             (strchr (levels, 'm') ? f_warnings : 0),
-             false_positives,
-             (strchr (levels, 'f') ? f_false_positives : 0));
+          PRINT (out,
+              "<compliance_count>"
+              "%i"
+              "<full>%i</full>"
+              "<filtered>%i</filtered>"
+              "<yes><full>%i</full><filtered>%i</filtered></yes>"
+              "<no><full>%i</full><filtered>%i</filtered></no>"
+              "<incomplete><full>%i</full><filtered>%i</filtered></incomplete>"
+              "<undefined><full>%i</full><filtered>%i</filtered></undefined>"
+              "</compliance_count>",
+              total_compliance_count,
+              total_compliance_count,
+              f_compliance_count,
+              compliance_yes,
+              (strchr (compliance_levels, 'y') ? f_compliance_yes : 0),
+              compliance_no,
+              (strchr (compliance_levels, 'n') ? f_compliance_no : 0),
+              compliance_incomplete,
+              (strchr (compliance_levels, 'i') ? f_compliance_incomplete : 0),
+              compliance_undefined,
+              (strchr (compliance_levels, 'i') ? f_compliance_undefined : 0));
 
-      PRINT (out,
-             "<severity>"
-             "<full>%1.1f</full>"
-             "<filtered>%1.1f</filtered>"
-             "</severity>",
-             severity,
-             f_severity);
+          PRINT (out,
+                "<compliance>"
+                "<full>%s</full>"
+                "<filtered>%s</filtered>"
+                "</compliance>",
+                compliance_status,
+                f_compliance_status);
+        }
     }
 
+
   if (host_summary)
     {
       host_summary_buffer = g_string_new ("");
@@ -30184,29 +30810,13 @@ print_report_xml_start (report_t report, report_t delta, task_t task,
             {
               const char *current_host;
               int ports_count;
-              int holes_count, warnings_count, infos_count;
-              int logs_count, false_positives_count;
-
+                       
               current_host = host_iterator_host (&hosts);
 
               ports_count
                 = GPOINTER_TO_INT
                     (g_hash_table_lookup (f_host_ports, current_host));
-              holes_count
-                = GPOINTER_TO_INT
-                    (g_hash_table_lookup ( f_host_holes, current_host));
-              warnings_count
-                = GPOINTER_TO_INT
-                    (g_hash_table_lookup ( f_host_warnings, current_host));
-              infos_count
-                = GPOINTER_TO_INT
-                    (g_hash_table_lookup ( f_host_infos, current_host));
-              logs_count
-                = GPOINTER_TO_INT
-                    (g_hash_table_lookup ( f_host_logs, current_host));
-              false_positives_count
-                = GPOINTER_TO_INT
-                    (g_hash_table_lookup ( f_host_false_positives, current_host));
+              
 
               host_summary_append (host_summary_buffer,
                                    result_host,
@@ -30226,30 +30836,97 @@ print_report_xml_start (report_t report, report_t delta, task_t task,
                 PRINT (out,
                        "<asset asset_id=\"\"/>");
 
-              PRINT (out,
-                     "<start>%s</start>"
-                     "<end>%s</end>"
-                     "<port_count><page>%d</page></port_count>"
-                     "<result_count>"
-                     "<page>%d</page>"
-                     "<hole><page>%d</page></hole>"
-                     "<warning><page>%d</page></warning>"
-                     "<info><page>%d</page></info>"
-                     "<log><page>%d</page></log>"
-                     "<false_positive><page>%d</page></false_positive>"
-                     "</result_count>",
-                     host_iterator_start_time (&hosts),
-                     host_iterator_end_time (&hosts)
-                       ? host_iterator_end_time (&hosts)
-                       : "",
-                     ports_count,
-                     (holes_count + warnings_count + infos_count
-                      + logs_count + false_positives_count),
-                     holes_count,
-                     warnings_count,
-                     infos_count,
-                     logs_count,
-                     false_positives_count);
+              if (strcmp (tsk_usage_type, "audit"))
+                {
+                  int holes_count, warnings_count, infos_count;
+                  int logs_count, false_positives_count;
+
+                  holes_count
+                    = GPOINTER_TO_INT
+                        (g_hash_table_lookup ( f_host_holes, current_host));
+                  warnings_count
+                    = GPOINTER_TO_INT
+                        (g_hash_table_lookup ( f_host_warnings, current_host));
+                  infos_count
+                    = GPOINTER_TO_INT
+                        (g_hash_table_lookup ( f_host_infos, current_host));
+                  logs_count
+                    = GPOINTER_TO_INT
+                        (g_hash_table_lookup ( f_host_logs, current_host));
+                  false_positives_count
+                    = GPOINTER_TO_INT
+                        (g_hash_table_lookup ( f_host_false_positives, 
+                                               current_host));
+
+                  PRINT (out,
+                        "<start>%s</start>"
+                        "<end>%s</end>"
+                        "<port_count><page>%d</page></port_count>"
+                        "<result_count>"
+                        "<page>%d</page>"
+                        "<hole><page>%d</page></hole>"
+                        "<warning><page>%d</page></warning>"
+                        "<info><page>%d</page></info>"
+                        "<log><page>%d</page></log>"
+                        "<false_positive><page>%d</page></false_positive>"
+                        "</result_count>",
+                        host_iterator_start_time (&hosts),
+                        host_iterator_end_time (&hosts)
+                          ? host_iterator_end_time (&hosts)
+                          : "",
+                        ports_count,
+                        (holes_count + warnings_count + infos_count
+                          + logs_count + false_positives_count),
+                        holes_count,
+                        warnings_count,
+                        infos_count,
+                        logs_count,
+                        false_positives_count);
+                } 
+              else
+                {
+                  int yes_count, no_count, incomplete_count, undefined_count;
+
+                  yes_count
+                    = GPOINTER_TO_INT
+                        (g_hash_table_lookup ( f_host_compliant, 
+                                               current_host));
+                  no_count
+                    = GPOINTER_TO_INT
+                        (g_hash_table_lookup ( f_host_notcompliant,
+                                               current_host));
+                  incomplete_count
+                    = GPOINTER_TO_INT
+                        (g_hash_table_lookup ( f_host_incomplete,
+                                               current_host));
+                  undefined_count
+                    = GPOINTER_TO_INT
+                        (g_hash_table_lookup ( f_host_undefined,
+                                               current_host));
+
+                  PRINT (out,
+                        "<start>%s</start>"
+                        "<end>%s</end>"
+                        "<port_count><page>%d</page></port_count>"
+                        "<compliance_count>"
+                        "<page>%d</page>"
+                        "<yes><page>%d</page></yes>"
+                        "<no><page>%d</page></no>"
+                        "<incomplete><page>%d</page></incomplete>"
+                        "<undefined><page>%d</page></undefined>"
+                        "</compliance_count>",
+                        host_iterator_start_time (&hosts),
+                        host_iterator_end_time (&hosts)
+                          ? host_iterator_end_time (&hosts)
+                          : "",
+                        ports_count,
+                        (yes_count + no_count 
+                          + incomplete_count + undefined_count),
+                        yes_count,
+                        no_count,
+                        incomplete_count,
+                        undefined_count);
+                }
 
               if (print_report_host_details_xml
                    (host_iterator_report_host (&hosts), out, lean))
@@ -30258,11 +30935,22 @@ print_report_xml_start (report_t report, report_t delta, task_t task,
                   if (host_summary_buffer)
                     g_string_free (host_summary_buffer, TRUE);
                   g_hash_table_destroy (f_host_ports);
-                  g_hash_table_destroy (f_host_holes);
-                  g_hash_table_destroy (f_host_warnings);
-                  g_hash_table_destroy (f_host_infos);
-                  g_hash_table_destroy (f_host_logs);
-                  g_hash_table_destroy (f_host_false_positives);
+                  if (strcmp (tsk_usage_type, "audit"))
+                    {
+                      g_hash_table_destroy (f_host_holes);
+                      g_hash_table_destroy (f_host_warnings);
+                      g_hash_table_destroy (f_host_infos);
+                      g_hash_table_destroy (f_host_logs);
+                      g_hash_table_destroy (f_host_false_positives);
+
+                    }
+                  else
+                    {
+                      g_hash_table_destroy (f_host_compliant);
+                      g_hash_table_destroy (f_host_notcompliant);
+                      g_hash_table_destroy (f_host_incomplete);
+                      g_hash_table_destroy (f_host_undefined);
+                    }                  
                   return -1;
                 }
 
@@ -30280,29 +30968,12 @@ print_report_xml_start (report_t report, report_t delta, task_t task,
         {
           const char *current_host;
           int ports_count;
-          int holes_count, warnings_count, infos_count;
-          int logs_count, false_positives_count;
 
           current_host = host_iterator_host (&hosts);
 
           ports_count
             = GPOINTER_TO_INT
                 (g_hash_table_lookup (f_host_ports, current_host));
-          holes_count
-            = GPOINTER_TO_INT
-                (g_hash_table_lookup (f_host_holes, current_host));
-          warnings_count
-            = GPOINTER_TO_INT
-                (g_hash_table_lookup (f_host_warnings, current_host));
-          infos_count
-            = GPOINTER_TO_INT
-                (g_hash_table_lookup (f_host_infos, current_host));
-          logs_count
-            = GPOINTER_TO_INT
-                (g_hash_table_lookup (f_host_logs, current_host));
-          false_positives_count
-            = GPOINTER_TO_INT
-                (g_hash_table_lookup (f_host_false_positives, current_host));
 
           host_summary_append (host_summary_buffer,
                                host_iterator_host (&hosts),
@@ -30322,30 +30993,92 @@ print_report_xml_start (report_t report, report_t delta, task_t task,
             PRINT (out,
                    "<asset asset_id=\"\"/>");
 
-          PRINT (out,
-                 "<start>%s</start>"
-                 "<end>%s</end>"
-                 "<port_count><page>%d</page></port_count>"
-                 "<result_count>"
-                 "<page>%d</page>"
-                 "<hole><page>%d</page></hole>"
-                 "<warning><page>%d</page></warning>"
-                 "<info><page>%d</page></info>"
-                 "<log><page>%d</page></log>"
-                 "<false_positive><page>%d</page></false_positive>"
-                 "</result_count>",
-                 host_iterator_start_time (&hosts),
-                 host_iterator_end_time (&hosts)
-                   ? host_iterator_end_time (&hosts)
-                   : "",
-                 ports_count,
-                 (holes_count + warnings_count + infos_count
-                  + logs_count + false_positives_count),
-                 holes_count,
-                 warnings_count,
-                 infos_count,
-                 logs_count,
-                 false_positives_count);
+          if (strcmp (tsk_usage_type, "audit"))
+            {
+              int holes_count, warnings_count, infos_count;
+              int logs_count, false_positives_count;
+
+              holes_count
+                = GPOINTER_TO_INT
+                    (g_hash_table_lookup (f_host_holes, current_host));
+              warnings_count
+                = GPOINTER_TO_INT
+                    (g_hash_table_lookup (f_host_warnings, current_host));
+              infos_count
+                = GPOINTER_TO_INT
+                    (g_hash_table_lookup (f_host_infos, current_host));
+              logs_count
+                = GPOINTER_TO_INT
+                    (g_hash_table_lookup (f_host_logs, current_host));
+              false_positives_count
+                = GPOINTER_TO_INT
+                    (g_hash_table_lookup (f_host_false_positives, current_host));
+
+              PRINT (out,
+                    "<start>%s</start>"
+                    "<end>%s</end>"
+                    "<port_count><page>%d</page></port_count>"
+                    "<result_count>"
+                    "<page>%d</page>"
+                    "<hole><page>%d</page></hole>"
+                    "<warning><page>%d</page></warning>"
+                    "<info><page>%d</page></info>"
+                    "<log><page>%d</page></log>"
+                    "<false_positive><page>%d</page></false_positive>"
+                    "</result_count>",
+                    host_iterator_start_time (&hosts),
+                    host_iterator_end_time (&hosts)
+                      ? host_iterator_end_time (&hosts)
+                      : "",
+                    ports_count,
+                    (holes_count + warnings_count + infos_count
+                      + logs_count + false_positives_count),
+                    holes_count,
+                    warnings_count,
+                    infos_count,
+                    logs_count,
+                    false_positives_count);
+            }
+          else 
+            {
+              int yes_count, no_count, incomplete_count, undefined_count;
+
+              yes_count
+                = GPOINTER_TO_INT
+                    (g_hash_table_lookup (f_host_compliant, current_host));
+              no_count
+                = GPOINTER_TO_INT
+                    (g_hash_table_lookup (f_host_notcompliant, current_host));
+              incomplete_count
+                = GPOINTER_TO_INT
+                    (g_hash_table_lookup (f_host_incomplete, current_host));
+              undefined_count
+                = GPOINTER_TO_INT
+                    (g_hash_table_lookup (f_host_undefined, current_host));
+
+              PRINT (out,
+                    "<start>%s</start>"
+                    "<end>%s</end>"
+                    "<port_count><page>%d</page></port_count>"
+                    "<compliance_count>"
+                    "<page>%d</page>"
+                    "<yes><page>%d</page></yes>"
+                    "<no><page>%d</page></no>"
+                    "<incomplete><page>%d</page></incomplete>"
+                    "<undefined><page>%d</page></undefined>"
+                    "</compliance_count>",
+                    host_iterator_start_time (&hosts),
+                    host_iterator_end_time (&hosts)
+                      ? host_iterator_end_time (&hosts)
+                      : "",
+                    ports_count,
+                    (yes_count + no_count 
+                        + incomplete_count + undefined_count),
+                    yes_count,
+                    no_count,
+                    incomplete_count,
+                    undefined_count);              
+            }
 
           if (print_report_host_details_xml
                (host_iterator_report_host (&hosts), out, lean))
@@ -30354,11 +31087,22 @@ print_report_xml_start (report_t report, report_t delta, task_t task,
               if (host_summary_buffer)
                 g_string_free (host_summary_buffer, TRUE);
               g_hash_table_destroy (f_host_ports);
-              g_hash_table_destroy (f_host_holes);
-              g_hash_table_destroy (f_host_warnings);
-              g_hash_table_destroy (f_host_infos);
-              g_hash_table_destroy (f_host_logs);
-              g_hash_table_destroy (f_host_false_positives);
+              if (strcmp (tsk_usage_type, "audit"))
+                {
+                  g_hash_table_destroy (f_host_holes);
+                  g_hash_table_destroy (f_host_warnings);
+                  g_hash_table_destroy (f_host_infos);
+                  g_hash_table_destroy (f_host_logs);
+                  g_hash_table_destroy (f_host_false_positives);
+
+                }
+              else
+                {
+                  g_hash_table_destroy (f_host_compliant);
+                  g_hash_table_destroy (f_host_notcompliant);
+                  g_hash_table_destroy (f_host_incomplete);
+                  g_hash_table_destroy (f_host_undefined);
+                }
               return -1;
             }
 
@@ -30368,13 +31112,23 @@ print_report_xml_start (report_t report, report_t delta, task_t task,
       cleanup_iterator (&hosts);
     }
 
-  g_hash_table_destroy (f_host_ports);
-  g_hash_table_destroy (f_host_holes);
-  g_hash_table_destroy (f_host_warnings);
-  g_hash_table_destroy (f_host_infos);
-  g_hash_table_destroy (f_host_logs);
-  g_hash_table_destroy (f_host_false_positives);
+  if (strcmp (tsk_usage_type, "audit"))
+    {
+      g_hash_table_destroy (f_host_holes);
+      g_hash_table_destroy (f_host_warnings);
+      g_hash_table_destroy (f_host_infos);
+      g_hash_table_destroy (f_host_logs);
+      g_hash_table_destroy (f_host_false_positives);
 
+    }
+  else
+    {
+      g_hash_table_destroy (f_host_compliant);
+      g_hash_table_destroy (f_host_notcompliant);
+      g_hash_table_destroy (f_host_incomplete);
+      g_hash_table_destroy (f_host_undefined);  
+    }
+    g_hash_table_destroy (f_host_ports);
 
   /* Print TLS certificates */
 
@@ -30454,6 +31208,8 @@ print_report_xml_start (report_t report, report_t delta, task_t task,
   g_free (search_phrase);
   g_free (min_qod);
   g_free (delta_states);
+  g_free (compliance_levels);
+  g_free (tsk_usage_type);
 
   if (host_summary && host_summary_buffer)
     *host_summary = g_string_free (host_summary_buffer, FALSE);
@@ -58100,14 +58856,13 @@ type_extra_where (const char *type, int trash, const char *filter,
     }
   else if (strcasecmp (type, "REPORT") == 0)
     {
-      if (trash)
-        extra_where = g_strdup (" AND (SELECT hidden FROM tasks"
-                                "      WHERE tasks.id = task)"
-                                "     = 2");
+      gchar *usage_type;
+      if (extra_params)
+        usage_type = g_hash_table_lookup (extra_params, "usage_type");
       else
-        extra_where = g_strdup (" AND (SELECT hidden FROM tasks"
-                                "      WHERE tasks.id = task)"
-                                "     = 0");
+        usage_type = NULL;
+      
+      extra_where = reports_extra_where (trash, NULL, usage_type);
     }
   else if (strcasecmp (type, "RESULT") == 0)
     {

From e2119981498902d7d3babc8bfd59f7f3d5c8da6e Mon Sep 17 00:00:00 2001
From: Ahmed Abdelsalam <ahmed.abdelsalam@greenbone.net>
Date: Tue, 16 Jan 2024 15:16:09 +0100
Subject: [PATCH 019/134] Refactor printing the XML for a report host

---
 src/manage_sql.c | 440 +++++++++++++++++++++--------------------------
 1 file changed, 198 insertions(+), 242 deletions(-)

diff --git a/src/manage_sql.c b/src/manage_sql.c
index d498e8fbe..ebd39285f 100644
--- a/src/manage_sql.c
+++ b/src/manage_sql.c
@@ -28298,6 +28298,172 @@ host_summary_append (GString *host_summary_buffer, const char *host,
     }
 }
 
+/**
+ * @brief Print the XML for a report's host to a file stream.
+ * @param[in]  stream                   File stream to write to.
+ * @param[in]  hosts                    Host iterator.
+ * @param[in]  host                     Single host to iterate over.
+ *                                        All hosts if NULL.
+ * @param[in]  usage_type               Report usage type.
+ * @param[in]  lean                     Whether to return lean report.
+ * @param[in]  host_summary_buffer      Host sumary buffer.
+ * @param[in]  f_host_ports             Hashtable for host ports.
+ * @param[in]  f_host_holes             Hashtable for host holes.
+ * @param[in]  f_host_warnings          Hashtable for host host warnings.
+ * @param[in]  f_host_infos             Hashtable for host infos.
+ * @param[in]  f_host_logs              Hashtable for host logs.
+ * @param[in]  f_host_false_positives   Hashtable for host false positives.
+ * @param[in]  f_host_compliant         Hashtable for host compliant results.
+ * @param[in]  f_host_notcompliant      Hashtable for host non compliant results.
+ * @param[in]  f_host_incomplete        Hashtable for host incomplete resuls.
+ * @param[in]  f_host_undefined         Hashtable for host undefined results.
+ *
+ * @return 0 on success, -1 error.
+ */
+static int
+print_report_host_xml (FILE *stream,
+                       iterator_t *hosts,
+                       const char *host,
+                       gchar *usage_type,
+                       int lean,
+                       GString *host_summary_buffer,
+                       GHashTable *f_host_ports,
+                       GHashTable *f_host_holes,
+                       GHashTable *f_host_warnings,
+                       GHashTable *f_host_infos,
+                       GHashTable *f_host_logs,
+                       GHashTable *f_host_false_positives,
+                       GHashTable *f_host_compliant,
+                       GHashTable *f_host_notcompliant,
+                       GHashTable *f_host_incomplete,
+                       GHashTable *f_host_undefined)
+{
+  const char *current_host;
+  int ports_count;
+
+  current_host = host_iterator_host (hosts);
+
+  ports_count
+    = GPOINTER_TO_INT
+        (g_hash_table_lookup (f_host_ports, current_host));
+
+  host_summary_append (host_summary_buffer,
+                       host ? host : host_iterator_host (hosts),
+                       host_iterator_start_time (hosts),
+                       host_iterator_end_time (hosts));
+  PRINT (stream,
+          "<host>"
+          "<ip>%s</ip>",
+          host ? host : host_iterator_host (hosts));
+
+  if (host_iterator_asset_uuid (hosts)
+      && strlen (host_iterator_asset_uuid (hosts)))
+    PRINT (stream,
+            "<asset asset_id=\"%s\"/>",
+            host_iterator_asset_uuid (hosts));
+  else if (lean == 0)
+    PRINT (stream,
+            "<asset asset_id=\"\"/>");
+
+  if (strcmp (usage_type, "audit"))
+    {
+      int holes_count, warnings_count, infos_count;
+      int logs_count, false_positives_count;
+
+      holes_count
+        = GPOINTER_TO_INT
+            (g_hash_table_lookup ( f_host_holes, current_host));
+      warnings_count
+        = GPOINTER_TO_INT
+            (g_hash_table_lookup ( f_host_warnings, current_host));
+      infos_count
+        = GPOINTER_TO_INT
+            (g_hash_table_lookup ( f_host_infos, current_host));
+      logs_count
+        = GPOINTER_TO_INT
+            (g_hash_table_lookup ( f_host_logs, current_host));
+      false_positives_count
+        = GPOINTER_TO_INT
+            (g_hash_table_lookup ( f_host_false_positives,
+                                    current_host));
+
+      PRINT (stream,
+            "<start>%s</start>"
+            "<end>%s</end>"
+            "<port_count><page>%d</page></port_count>"
+            "<result_count>"
+            "<page>%d</page>"
+            "<hole><page>%d</page></hole>"
+            "<warning><page>%d</page></warning>"
+            "<info><page>%d</page></info>"
+            "<log><page>%d</page></log>"
+            "<false_positive><page>%d</page></false_positive>"
+            "</result_count>",
+            host_iterator_start_time (hosts),
+            host_iterator_end_time (hosts)
+              ? host_iterator_end_time (hosts)
+              : "",
+            ports_count,
+            (holes_count + warnings_count + infos_count
+              + logs_count + false_positives_count),
+            holes_count,
+            warnings_count,
+            infos_count,
+            logs_count,
+            false_positives_count);
+    }
+  else
+    {
+      int yes_count, no_count, incomplete_count, undefined_count;
+
+      yes_count
+        = GPOINTER_TO_INT
+            (g_hash_table_lookup (f_host_compliant, current_host));
+      no_count
+        = GPOINTER_TO_INT
+            (g_hash_table_lookup (f_host_notcompliant, current_host));
+      incomplete_count
+        = GPOINTER_TO_INT
+            (g_hash_table_lookup (f_host_incomplete, current_host));
+      undefined_count
+        = GPOINTER_TO_INT
+            (g_hash_table_lookup (f_host_undefined, current_host));
+
+      PRINT (stream,
+            "<start>%s</start>"
+            "<end>%s</end>"
+            "<port_count><page>%d</page></port_count>"
+            "<compliance_count>"
+            "<page>%d</page>"
+            "<yes><page>%d</page></yes>"
+            "<no><page>%d</page></no>"
+            "<incomplete><page>%d</page></incomplete>"
+            "<undefined><page>%d</page></undefined>"
+            "</compliance_count>",
+            host_iterator_start_time (hosts),
+            host_iterator_end_time (hosts)
+              ? host_iterator_end_time (hosts)
+              : "",
+            ports_count,
+            (yes_count + no_count + incomplete_count + undefined_count),
+            yes_count,
+            no_count,
+            incomplete_count,
+            undefined_count);
+    }
+
+  if (print_report_host_details_xml
+        (host_iterator_report_host (hosts), stream, lean))
+    {
+      return -1;
+    }
+
+  PRINT (stream,
+          "</host>");
+
+  return 0;
+}
+
 /**
  * @brief Init delta iterators for print_report_xml.
  *
@@ -30808,128 +30974,23 @@ print_report_xml_start (report_t report, report_t delta, task_t task,
             }
           if (present)
             {
-              const char *current_host;
-              int ports_count;
-                       
-              current_host = host_iterator_host (&hosts);
-
-              ports_count
-                = GPOINTER_TO_INT
-                    (g_hash_table_lookup (f_host_ports, current_host));
               
-
-              host_summary_append (host_summary_buffer,
-                                   result_host,
-                                   host_iterator_start_time (&hosts),
-                                   host_iterator_end_time (&hosts));
-              PRINT (out,
-                     "<host>"
-                     "<ip>%s</ip>",
-                     result_host);
-
-              if (host_iterator_asset_uuid (&hosts)
-                  && strlen (host_iterator_asset_uuid (&hosts)))
-                PRINT (out,
-                       "<asset asset_id=\"%s\"/>",
-                       host_iterator_asset_uuid (&hosts));
-              else if (lean == 0)
-                PRINT (out,
-                       "<asset asset_id=\"\"/>");
-
-              if (strcmp (tsk_usage_type, "audit"))
-                {
-                  int holes_count, warnings_count, infos_count;
-                  int logs_count, false_positives_count;
-
-                  holes_count
-                    = GPOINTER_TO_INT
-                        (g_hash_table_lookup ( f_host_holes, current_host));
-                  warnings_count
-                    = GPOINTER_TO_INT
-                        (g_hash_table_lookup ( f_host_warnings, current_host));
-                  infos_count
-                    = GPOINTER_TO_INT
-                        (g_hash_table_lookup ( f_host_infos, current_host));
-                  logs_count
-                    = GPOINTER_TO_INT
-                        (g_hash_table_lookup ( f_host_logs, current_host));
-                  false_positives_count
-                    = GPOINTER_TO_INT
-                        (g_hash_table_lookup ( f_host_false_positives, 
-                                               current_host));
-
-                  PRINT (out,
-                        "<start>%s</start>"
-                        "<end>%s</end>"
-                        "<port_count><page>%d</page></port_count>"
-                        "<result_count>"
-                        "<page>%d</page>"
-                        "<hole><page>%d</page></hole>"
-                        "<warning><page>%d</page></warning>"
-                        "<info><page>%d</page></info>"
-                        "<log><page>%d</page></log>"
-                        "<false_positive><page>%d</page></false_positive>"
-                        "</result_count>",
-                        host_iterator_start_time (&hosts),
-                        host_iterator_end_time (&hosts)
-                          ? host_iterator_end_time (&hosts)
-                          : "",
-                        ports_count,
-                        (holes_count + warnings_count + infos_count
-                          + logs_count + false_positives_count),
-                        holes_count,
-                        warnings_count,
-                        infos_count,
-                        logs_count,
-                        false_positives_count);
-                } 
-              else
-                {
-                  int yes_count, no_count, incomplete_count, undefined_count;
-
-                  yes_count
-                    = GPOINTER_TO_INT
-                        (g_hash_table_lookup ( f_host_compliant, 
-                                               current_host));
-                  no_count
-                    = GPOINTER_TO_INT
-                        (g_hash_table_lookup ( f_host_notcompliant,
-                                               current_host));
-                  incomplete_count
-                    = GPOINTER_TO_INT
-                        (g_hash_table_lookup ( f_host_incomplete,
-                                               current_host));
-                  undefined_count
-                    = GPOINTER_TO_INT
-                        (g_hash_table_lookup ( f_host_undefined,
-                                               current_host));
-
-                  PRINT (out,
-                        "<start>%s</start>"
-                        "<end>%s</end>"
-                        "<port_count><page>%d</page></port_count>"
-                        "<compliance_count>"
-                        "<page>%d</page>"
-                        "<yes><page>%d</page></yes>"
-                        "<no><page>%d</page></no>"
-                        "<incomplete><page>%d</page></incomplete>"
-                        "<undefined><page>%d</page></undefined>"
-                        "</compliance_count>",
-                        host_iterator_start_time (&hosts),
-                        host_iterator_end_time (&hosts)
-                          ? host_iterator_end_time (&hosts)
-                          : "",
-                        ports_count,
-                        (yes_count + no_count 
-                          + incomplete_count + undefined_count),
-                        yes_count,
-                        no_count,
-                        incomplete_count,
-                        undefined_count);
-                }
-
-              if (print_report_host_details_xml
-                   (host_iterator_report_host (&hosts), out, lean))
+              if (print_report_host_xml (out,
+                                         &hosts,
+                                         result_host,
+                                         tsk_usage_type,
+                                         lean,
+                                         host_summary_buffer,
+                                         f_host_ports,
+                                         f_host_holes,
+                                         f_host_warnings,
+                                         f_host_infos,
+                                         f_host_logs,
+                                         f_host_false_positives,
+                                         f_host_compliant,
+                                         f_host_notcompliant,
+                                         f_host_incomplete,
+                                         f_host_undefined))
                 {
                   tz_revert (zone, tz, old_tz_override);
                   if (host_summary_buffer)
@@ -30953,9 +31014,6 @@ print_report_xml_start (report_t report, report_t delta, task_t task,
                     }                  
                   return -1;
                 }
-
-              PRINT (out,
-                     "</host>");
             }
           cleanup_iterator (&hosts);
         }
@@ -30966,122 +31024,23 @@ print_report_xml_start (report_t report, report_t delta, task_t task,
       init_report_host_iterator (&hosts, report, NULL, 0);
       while (next (&hosts))
         {
-          const char *current_host;
-          int ports_count;
-
-          current_host = host_iterator_host (&hosts);
-
-          ports_count
-            = GPOINTER_TO_INT
-                (g_hash_table_lookup (f_host_ports, current_host));
-
-          host_summary_append (host_summary_buffer,
-                               host_iterator_host (&hosts),
-                               host_iterator_start_time (&hosts),
-                               host_iterator_end_time (&hosts));
-          PRINT (out,
-                 "<host>"
-                 "<ip>%s</ip>",
-                 host_iterator_host (&hosts));
-
-          if (host_iterator_asset_uuid (&hosts)
-              && strlen (host_iterator_asset_uuid (&hosts)))
-            PRINT (out,
-                   "<asset asset_id=\"%s\"/>",
-                   host_iterator_asset_uuid (&hosts));
-          else if (lean == 0)
-            PRINT (out,
-                   "<asset asset_id=\"\"/>");
-
-          if (strcmp (tsk_usage_type, "audit"))
-            {
-              int holes_count, warnings_count, infos_count;
-              int logs_count, false_positives_count;
-
-              holes_count
-                = GPOINTER_TO_INT
-                    (g_hash_table_lookup (f_host_holes, current_host));
-              warnings_count
-                = GPOINTER_TO_INT
-                    (g_hash_table_lookup (f_host_warnings, current_host));
-              infos_count
-                = GPOINTER_TO_INT
-                    (g_hash_table_lookup (f_host_infos, current_host));
-              logs_count
-                = GPOINTER_TO_INT
-                    (g_hash_table_lookup (f_host_logs, current_host));
-              false_positives_count
-                = GPOINTER_TO_INT
-                    (g_hash_table_lookup (f_host_false_positives, current_host));
-
-              PRINT (out,
-                    "<start>%s</start>"
-                    "<end>%s</end>"
-                    "<port_count><page>%d</page></port_count>"
-                    "<result_count>"
-                    "<page>%d</page>"
-                    "<hole><page>%d</page></hole>"
-                    "<warning><page>%d</page></warning>"
-                    "<info><page>%d</page></info>"
-                    "<log><page>%d</page></log>"
-                    "<false_positive><page>%d</page></false_positive>"
-                    "</result_count>",
-                    host_iterator_start_time (&hosts),
-                    host_iterator_end_time (&hosts)
-                      ? host_iterator_end_time (&hosts)
-                      : "",
-                    ports_count,
-                    (holes_count + warnings_count + infos_count
-                      + logs_count + false_positives_count),
-                    holes_count,
-                    warnings_count,
-                    infos_count,
-                    logs_count,
-                    false_positives_count);
-            }
-          else 
-            {
-              int yes_count, no_count, incomplete_count, undefined_count;
-
-              yes_count
-                = GPOINTER_TO_INT
-                    (g_hash_table_lookup (f_host_compliant, current_host));
-              no_count
-                = GPOINTER_TO_INT
-                    (g_hash_table_lookup (f_host_notcompliant, current_host));
-              incomplete_count
-                = GPOINTER_TO_INT
-                    (g_hash_table_lookup (f_host_incomplete, current_host));
-              undefined_count
-                = GPOINTER_TO_INT
-                    (g_hash_table_lookup (f_host_undefined, current_host));
 
-              PRINT (out,
-                    "<start>%s</start>"
-                    "<end>%s</end>"
-                    "<port_count><page>%d</page></port_count>"
-                    "<compliance_count>"
-                    "<page>%d</page>"
-                    "<yes><page>%d</page></yes>"
-                    "<no><page>%d</page></no>"
-                    "<incomplete><page>%d</page></incomplete>"
-                    "<undefined><page>%d</page></undefined>"
-                    "</compliance_count>",
-                    host_iterator_start_time (&hosts),
-                    host_iterator_end_time (&hosts)
-                      ? host_iterator_end_time (&hosts)
-                      : "",
-                    ports_count,
-                    (yes_count + no_count 
-                        + incomplete_count + undefined_count),
-                    yes_count,
-                    no_count,
-                    incomplete_count,
-                    undefined_count);              
-            }
-
-          if (print_report_host_details_xml
-               (host_iterator_report_host (&hosts), out, lean))
+          if (print_report_host_xml (out,
+                                     &hosts,
+                                     NULL,
+                                     tsk_usage_type,
+                                     lean,
+                                     host_summary_buffer,
+                                     f_host_ports,
+                                     f_host_holes,
+                                     f_host_warnings,
+                                     f_host_infos,
+                                     f_host_logs,
+                                     f_host_false_positives,
+                                     f_host_compliant,
+                                     f_host_notcompliant,
+                                     f_host_incomplete,
+                                     f_host_undefined))
             {
               tz_revert (zone, tz, old_tz_override);
               if (host_summary_buffer)
@@ -31105,9 +31064,6 @@ print_report_xml_start (report_t report, report_t delta, task_t task,
                 }
               return -1;
             }
-
-          PRINT (out,
-                 "</host>");
         }
       cleanup_iterator (&hosts);
     }

From b75f8f09287692880442bea4ad6deaedc965bf7a Mon Sep 17 00:00:00 2001
From: Ahmed Abdelsalam <ahmed.abdelsalam@greenbone.net>
Date: Thu, 18 Jan 2024 17:31:44 +0100
Subject: [PATCH 020/134] Add compliance per host to XML report

---
 src/gmp.c        |   5 ++
 src/manage.h     |   6 ++
 src/manage_sql.c | 158 ++++++++++++++++++++++++-----------------------
 3 files changed, 91 insertions(+), 78 deletions(-)

diff --git a/src/gmp.c b/src/gmp.c
index e8230922e..0aedee961 100644
--- a/src/gmp.c
+++ b/src/gmp.c
@@ -9429,6 +9429,7 @@ buffer_results_xml (GString *buffer, iterator_t *results, task_t task,
   const char *severity, *original_severity, *original_level;
   const char *host, *hostname, *result_id, *port, *path, *asset_id, *qod, *qod_type;
   char *detect_oid, *detect_ref, *detect_cpe, *detect_loc, *detect_name;
+  const char *compliance;
   double severity_double;
   gchar *nl_descr, *nl_descr_escaped;
   result_t result;
@@ -9459,6 +9460,7 @@ buffer_results_xml (GString *buffer, iterator_t *results, task_t task,
       hostname = result_iterator_delta_hostname (results);
       if (host)
         asset_id = result_iterator_delta_host_asset_id (results);
+      compliance = result_iterator_delta_compliance (results);
     }
   else
     {
@@ -9477,6 +9479,7 @@ buffer_results_xml (GString *buffer, iterator_t *results, task_t task,
       hostname = result_iterator_hostname (results);
       if (host)
         asset_id = result_iterator_asset_host_id (results);
+      compliance = result_iterator_compliance (results);
     }
 
 
@@ -9731,6 +9734,8 @@ buffer_results_xml (GString *buffer, iterator_t *results, task_t task,
                               original_level,
                               original_severity);
 
+  buffer_xml_append_printf (buffer, "<compliance>%s</compliance>", compliance);
+
   if (include_notes
       && use_delta_fields 
          ? result_iterator_delta_may_have_notes (results)
diff --git a/src/manage.h b/src/manage.h
index dfa832808..6c59a32fc 100644
--- a/src/manage.h
+++ b/src/manage.h
@@ -1556,6 +1556,9 @@ result_iterator_cert_bunds (iterator_t*);
 gchar **
 result_iterator_dfn_certs (iterator_t*);
 
+const char *
+result_iterator_compliance (iterator_t*);
+
 const char *
 result_iterator_delta_state (iterator_t*);
 
@@ -1568,6 +1571,9 @@ result_iterator_delta_severity (iterator_t*);
 double
 result_iterator_delta_severity_double (iterator_t*);
 
+const char *
+result_iterator_delta_compliance (iterator_t*);
+
 const char*
 result_iterator_delta_level (iterator_t*);
 
diff --git a/src/manage_sql.c b/src/manage_sql.c
index ebd39285f..5c735f4a6 100644
--- a/src/manage_sql.c
+++ b/src/manage_sql.c
@@ -21799,7 +21799,7 @@ report_add_results_array (report_t report, GArray *results)
    "low_per_host", "medium_per_host", "high_per_host", "duration",             \
    "duration_per_host", "start_time", "end_time", "scan_start", "scan_end",    \
    "compliance_yes", "compliance_no", "compliance_incomplete",                 \
-   "compliance_status", NULL }
+   "compliant", NULL }
 
 /**
  * @brief Report iterator columns.
@@ -21954,7 +21954,7 @@ report_add_results_array (report_t report, GArray *results)
    },                                                                        \
    {                                                                         \
      "compliance_status (id)",                                               \
-     "compliance_status",                                                    \
+     "compliant",                                                            \
      KEYWORD_TYPE_STRING                                                     \
    },                                                                        \
    { NULL, NULL, KEYWORD_TYPE_UNKNOWN }                                      \
@@ -22081,7 +22081,7 @@ reports_extra_where (int trash, const gchar *filter, const char *usage_type)
     usage_type_clause = NULL;
 
   if (filter)
-    compliance_filter = filter_term_value(filter, "compliant");
+    compliance_filter = filter_term_value(filter, "report_compliance_levels");
 
   compliance_clause = where_compliance_status (compliance_filter ?: "yniu");
   
@@ -22811,11 +22811,16 @@ where_qod (int min_qod)
       "        END)",                                                         \
       NULL,                                                                   \
       KEYWORD_TYPE_INTEGER },                                                 \
-      { TICKET_SQL_RESULT_MAY_HAVE_TICKETS("result2_id"),                     \
+    { TICKET_SQL_RESULT_MAY_HAVE_TICKETS("result2_id"),                       \
       NULL,                                                                   \
       KEYWORD_TYPE_INTEGER },                                                 \
-      { "delta_hostname", NULL, KEYWORD_TYPE_STRING },                        \
-      { "delta_new_severity", NULL, KEYWORD_TYPE_DOUBLE },
+    { "delta_hostname", NULL, KEYWORD_TYPE_STRING },                          \
+    { "delta_new_severity", NULL, KEYWORD_TYPE_DOUBLE },                      \
+    { "coalesce(lower(substring(comparison.delta_description,"                \
+      "          '^Compliant:[\\s]*([A-Z_]*)')),"                             \
+      "         'undefined')",                                                \
+      "compliant",                                                            \
+      KEYWORD_TYPE_STRING },
 
 /**
  * @brief Delta result iterator columns.
@@ -24537,6 +24542,20 @@ result_iterator_delta_severity_double (iterator_t* iterator)
   return iterator_double (iterator, RESULT_ITERATOR_DELTA_COLUMN_OFFSET + 19);
 }
 
+/**
+ * @brief Get delta compliance from a result iterator.
+ *
+ * @param[in]  iterator  Iterator.
+ *
+ * @return delta compliance if any, else NULL.
+ */
+const char *
+result_iterator_delta_compliance (iterator_t* iterator)
+{
+  if (iterator->done) return 0;
+  return iterator_string (iterator, RESULT_ITERATOR_DELTA_COLUMN_OFFSET + 20);
+}
+
 /**
  * @brief Get the severity/threat level from a delta result iterator.
  *
@@ -25890,6 +25909,38 @@ report_counts_id_full (report_t report, int* holes, int* infos,
   return 0;
 }
 
+/**
+ * @brief Get the compliance state from compliance counts.
+ *
+ * @param[in]  yes_count         Compliant results count.
+ * @param[in]  no_count          Incompliant results count.
+ * @param[in]  incomplete_count  Incomplete results count.
+ * @param[in]  undefined_count   Undefined results count.
+ *
+ * @return 0 on success, -1 on error.
+ */
+const char *
+report_compliance_from_counts (const int* yes_count,
+                               const int* no_count,
+                               const int* incomplete_count,
+                               const int* undefined_count)
+{
+  if (no_count && *no_count > 0)
+    {
+      return "no";
+    }
+  else if (incomplete_count && *incomplete_count > 0)
+    {
+      return "incomplete";
+    }
+  else if (yes_count && *yes_count > 0)
+    {
+      return "yes";
+    }
+
+  return "undefined";
+}
+
 
 /**
  * @brief Get the compliance filtered counts for a report.
@@ -25902,7 +25953,6 @@ report_counts_id_full (report_t report, int* holes, int* infos,
  *                                       after filtering.
  * @param[out]  f_compliance_undefined   Undefined results count 
  *                                       after filtering.
- * @param[out]  f_compliance         Compliance state after filtering
  *
  * @return 0 on success, -1 on error.
  */
@@ -25912,8 +25962,7 @@ report_compliance_f_counts (report_t report,
                             int* f_compliance_yes, 
                             int* f_compliance_no, 
                             int* f_compliance_incomplete, 
-                            int* f_compliance_undefined,
-                            char** f_compliance_status)
+                            int* f_compliance_undefined)
 {
   if (report == 0)
     return -1;
@@ -25970,26 +26019,6 @@ report_compliance_f_counts (report_t report,
 
   cleanup_iterator (&results);
 
-  if (f_compliance_status)
-    {
-      if (no_count > 0) 
-        {
-          *f_compliance_status = "not compliant";
-        } 
-      else if (incomplete_count > 0) 
-        {
-          *f_compliance_status = "incomplete";
-        } 
-      else if (yes_count > 0) 
-        {
-          *f_compliance_status = "compliant";
-        } 
-      else 
-        {
-          *f_compliance_status = "undefined";
-        }      
-    }
-
   return 0;
 }
 
@@ -26002,7 +26031,6 @@ report_compliance_f_counts (report_t report,
  * @param[out]  compliance_no           Incompliant results count.
  * @param[out]  compliance_incomplete   Incomplete results count.
  * @param[out]  compliance_undefined    Undefined results count.
- * @param[out]  f_compliance            Compliance state.
  *
  * @return 0 on success, -1 on error.
  */
@@ -26012,8 +26040,7 @@ report_compliance_counts (report_t report,
                           int* compliance_yes, 
                           int* compliance_no,
                           int* compliance_incomplete, 
-                          int* compliance_undefined,
-                          char** compliance_status)
+                          int* compliance_undefined)
 {
   if (report == 0)
     return -1;
@@ -26024,19 +26051,6 @@ report_compliance_counts (report_t report,
                              compliance_incomplete,
                              compliance_undefined);
 
-  if (compliance_status)
-    {
-      if (compliance_no && *compliance_no > 0) {
-        *compliance_status = "not compliant";
-      } else if (compliance_incomplete && *compliance_incomplete > 0) {
-        *compliance_status = "incomplete";
-      } else if (compliance_yes && *compliance_yes > 0) {
-        *compliance_status = "compliant";
-      } else {
-        *compliance_status = "undefined";
-      }      
-    }
-
   return 0;
 }
 
@@ -28439,7 +28453,8 @@ print_report_host_xml (FILE *stream,
             "<no><page>%d</page></no>"
             "<incomplete><page>%d</page></incomplete>"
             "<undefined><page>%d</page></undefined>"
-            "</compliance_count>",
+            "</compliance_count>"
+            "<host_compliance>%s</host_compliance>",
             host_iterator_start_time (hosts),
             host_iterator_end_time (hosts)
               ? host_iterator_end_time (hosts)
@@ -28449,7 +28464,11 @@ print_report_host_xml (FILE *stream,
             yes_count,
             no_count,
             incomplete_count,
-            undefined_count);
+            undefined_count,
+            report_compliance_from_counts (&yes_count,
+                                           &no_count,
+                                           &incomplete_count,
+                                           &undefined_count));
     }
 
   if (print_report_host_details_xml
@@ -29766,7 +29785,6 @@ print_report_xml_start (report_t report, report_t delta, task_t task,
   int compliance_incomplete, compliance_undefined;
   int f_compliance_yes, f_compliance_no;
   int f_compliance_incomplete, f_compliance_undefined;
-  char *compliance_status, *f_compliance_status;
   int total_compliance_count, f_compliance_count;
 
   int delta_reports_version = 0;
@@ -30416,8 +30434,7 @@ print_report_xml_start (report_t report, report_t delta, task_t task,
   if (strcmp (tsk_usage_type, "audit") == 0)
     {
       report_compliance_counts (report, get, &compliance_yes, &compliance_no,
-                                &compliance_incomplete, &compliance_undefined,
-                                &compliance_status);
+                                &compliance_incomplete, &compliance_undefined);
 
       total_compliance_count = compliance_yes 
                                + compliance_no 
@@ -30434,8 +30451,7 @@ print_report_xml_start (report_t report, report_t delta, task_t task,
                                       &f_compliance_yes,
                                       &f_compliance_no, 
                                       &f_compliance_incomplete,
-                                      &f_compliance_undefined,
-                                      &f_compliance_status);
+                                      &f_compliance_undefined);
           
           f_compliance_count = f_compliance_yes 
                                + f_compliance_no
@@ -30888,30 +30904,10 @@ print_report_xml_start (report_t report, report_t delta, task_t task,
       else
         {
           if (count_filtered)
-            {
-              f_compliance_count = f_compliance_yes 
-                                  + f_compliance_no
-                                  + f_compliance_incomplete
-                                  + f_compliance_undefined;
-                                   
-              if (f_compliance_no > 0) 
-                {
-                  f_compliance_status = "not compliant";
-                } 
-              else if (f_compliance_incomplete > 0) 
-                {
-                  f_compliance_status = "incomplete";
-                } 
-              else if (f_compliance_yes > 0) 
-                {
-                  f_compliance_status = "compliant";
-                } 
-              else 
-                {
-                  f_compliance_status = "undefined";
-                }      
-            }
-
+            f_compliance_count = f_compliance_yes
+                                 + f_compliance_no
+                                 + f_compliance_incomplete
+                                 + f_compliance_undefined;
           PRINT (out,
               "<compliance_count>"
               "%i"
@@ -30939,8 +30935,14 @@ print_report_xml_start (report_t report, report_t delta, task_t task,
                 "<full>%s</full>"
                 "<filtered>%s</filtered>"
                 "</compliance>",
-                compliance_status,
-                f_compliance_status);
+                report_compliance_from_counts (&compliance_yes,
+                                               &compliance_no,
+                                               &compliance_incomplete,
+                                               &compliance_undefined),
+                report_compliance_from_counts (&f_compliance_yes,
+                                               &f_compliance_no,
+                                               &f_compliance_incomplete,
+                                               &f_compliance_undefined));
         }
     }
 

From ec29bbb32da3665ed2e39f3fa0129a70a5b4a9da Mon Sep 17 00:00:00 2001
From: Ahmed Abdelsalam <ahmed.abdelsalam@greenbone.net>
Date: Fri, 26 Jan 2024 16:25:16 +0100
Subject: [PATCH 021/134] Fix the where clause for reports to check for a
 filter given by ID

---
 src/manage_sql.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/src/manage_sql.c b/src/manage_sql.c
index 5c735f4a6..a6dff5d26 100644
--- a/src/manage_sql.c
+++ b/src/manage_sql.c
@@ -22164,11 +22164,14 @@ init_report_iterator (iterator_t* iterator, const get_data_t *get)
   overrides = filter_term_apply_overrides (filter ? filter : get->filter);
   min_qod = filter_term_min_qod (filter ? filter : get->filter);
 
-  free (filter);
-
   extra_tables = report_iterator_opts_table (overrides, min_qod);
   usage_type = get_data_get_extra (get, "usage_type");
-  extra_where = reports_extra_where (get->trash, get->filter, usage_type);
+
+  extra_where = reports_extra_where (get->trash, 
+                                     filter ? filter : get->filter,
+                                     usage_type);
+
+  free (filter);
 
   ret = init_get_iterator2 (iterator,
                             "report",

From 9dd1d6b43b86e6eba6a7766067df10d8db024d06 Mon Sep 17 00:00:00 2001
From: Ahmed Abdelsalam <ahmed.abdelsalam@greenbone.net>
Date: Mon, 29 Jan 2024 11:46:21 +0100
Subject: [PATCH 022/134] Fix compliance filter term not applied in
 get_aggregates

---
 src/manage_sql.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/manage_sql.c b/src/manage_sql.c
index a6dff5d26..bb24b8b4d 100644
--- a/src/manage_sql.c
+++ b/src/manage_sql.c
@@ -58823,7 +58823,7 @@ type_extra_where (const char *type, int trash, const char *filter,
       else
         usage_type = NULL;
       
-      extra_where = reports_extra_where (trash, NULL, usage_type);
+      extra_where = reports_extra_where (trash, filter, usage_type);
     }
   else if (strcasecmp (type, "RESULT") == 0)
     {

From 751948776391bdb8c4405dae0eeddc0ee07587ae Mon Sep 17 00:00:00 2001
From: Ahmed Abdelsalam <ahmed.abdelsalam@greenbone.net>
Date: Fri, 2 Feb 2024 11:10:56 +0100
Subject: [PATCH 023/134] Tags can now work with audit_reports

- Added audit reports filer and dashboard configuration to settings.
---
 src/gmp.c        | 20 ++++++++--
 src/manage_sql.c | 96 +++++++++++++++++++++++++++++++++++++++++++-----
 src/manage_sql.h |  3 ++
 3 files changed, 105 insertions(+), 14 deletions(-)

diff --git a/src/gmp.c b/src/gmp.c
index 0aedee961..4da06e393 100644
--- a/src/gmp.c
+++ b/src/gmp.c
@@ -15914,7 +15914,17 @@ select_resource_iterator (get_resource_names_data_t *resource_names_data,
   else if (g_strcmp0 ("report", resource_names_data->type) == 0)
     {
       *iterator = (int (*) (iterator_t*, get_data_t *))init_report_iterator;
+      get_data_set_extra (&resource_names_data->get, 
+                          "usage_type",
+                          g_strdup ("scan"));
     }                
+  else if (g_strcmp0 ("audit_report", resource_names_data->type) == 0)
+    {
+      *iterator = (int (*) (iterator_t*, get_data_t *))init_report_iterator;
+      get_data_set_extra (&resource_names_data->get, 
+                          "usage_type",
+                          g_strdup ("audit"));
+    }
   else if (g_strcmp0 ("report_config", resource_names_data->type) == 0)
     {
       *iterator = (int (*) (iterator_t*, get_data_t *))init_report_config_iterator;
@@ -15990,7 +16000,8 @@ handle_get_resource_names (gmp_parser_t *gmp_parser, GError **error)
        && (acl_user_may ("get_assets") == 0))
       || ((g_strcmp0 ("result", get_resource_names_data->type) == 0) 
           && (acl_user_may ("get_results") == 0))
-      || ((g_strcmp0 ("report", get_resource_names_data->type) == 0)
+      || (((g_strcmp0 ("report", get_resource_names_data->type) == 0)
+           || (g_strcmp0 ("audit_report", get_resource_names_data->type) == 0))
           && (acl_user_may ("get_reports") == 0))
       || (((g_strcmp0 ("cpe", get_resource_names_data->type) == 0)
            || (g_strcmp0 ("cve", get_resource_names_data->type) == 0)
@@ -22510,8 +22521,8 @@ gmp_xml_handle_end_element (/* unused */ GMarkupParseContext* context,
              (XML_ERROR_SYNTAX ("create_tag",
                                 "RESOURCES requires"
                                 " a TYPE element"));
-          else if (valid_db_resource_type (create_tag_data->resource_type)
-                     == 0)
+          else if (valid_db_resource_type (create_tag_data->resource_type) == 0
+                    && valid_subtype (create_tag_data->resource_type) == 0)
             SEND_TO_CLIENT_OR_FAIL
              (XML_ERROR_SYNTAX ("create_tag",
                                 "TYPE in RESOURCES must be"
@@ -25263,7 +25274,8 @@ gmp_xml_handle_end_element (/* unused */ GMarkupParseContext* context,
                                 "name must be at least one"
                                 " character long or omitted completely"));
           else if (modify_tag_data->resource_type &&
-                   valid_db_resource_type (modify_tag_data->resource_type) == 0)
+                   valid_db_resource_type (modify_tag_data->resource_type) == 0
+                   && valid_subtype (modify_tag_data->resource_type) == 0)
             SEND_TO_CLIENT_OR_FAIL
              (XML_ERROR_SYNTAX ("modify_tag",
                                 "TYPE in RESOURCES must be"
diff --git a/src/manage_sql.c b/src/manage_sql.c
index bb24b8b4d..7c02bb5a4 100644
--- a/src/manage_sql.c
+++ b/src/manage_sql.c
@@ -3970,6 +3970,19 @@ valid_type (const char* type)
          || (strcasecmp (type, "vuln") == 0);
 }
 
+/**
+ * @brief Check whether a resource subtype name is valid.
+ *
+ * @param[in]  subtype  Subtype of resource.
+ *
+ * @return 1 yes, 0 no.
+ */
+int
+valid_subtype (const char* type)
+{
+  return (strcasecmp (type, "audit_report") == 0);
+}
+
 /**
  * @brief Return DB name of type.
  *
@@ -4066,6 +4079,19 @@ type_is_info_subtype (const char *type)
          == 0;
 }
 
+/**
+ * @brief Check whether a resource type is a report subtype.
+ *
+ * @param[in]  type  Type of resource.
+ *
+ * @return 1 yes, 0 no.
+ */
+static int
+type_is_report_subtype (const char *type)
+{
+  return (strcasecmp (type, "audit_report") == 0);
+}
+
 /**
  * @brief Check whether a type has a name and comment.
  *
@@ -48249,14 +48275,18 @@ create_filter (const char *name, const char *comment, const char *type,
                const char *term, filter_t* filter)
 {
   gchar *quoted_name, *quoted_comment, *quoted_term, *clean_term;
+  const char *db_type;
 
   assert (current_credentials.uuid);
 
   if (type && strlen (type))
     {
-      type = type_db_name (type);
-      if (type == NULL || !valid_type (type))
+      db_type = type_db_name (type);
+      if ((db_type == NULL || !valid_type (db_type)) && !valid_subtype (type))
+      {
         return 2;
+      }
+      type = valid_subtype (type) ? type : db_type;
     }
 
   sql_begin_immediate ();
@@ -48851,13 +48881,18 @@ modify_filter (const char *filter_id, const char *name, const char *comment,
 {
   gchar *quoted_name, *quoted_comment, *quoted_term, *quoted_type, *clean_term;
   filter_t filter;
+  const char *db_type;
 
   if (filter_id == NULL)
     return 4;
 
-  type = type_db_name (type);
-  if (type && !((strcmp (type, "") == 0) || valid_type (type)))
-    return 3;
+  db_type = type_db_name (type);
+  if (db_type && !((strcmp (db_type, "") == 0) || valid_type (db_type))) 
+    {
+      if (!valid_subtype (type))
+        return 3;
+    }
+  type = valid_subtype (type) ? type : db_type;
 
   sql_begin_immediate ();
 
@@ -53481,6 +53516,8 @@ modify_setting (const gchar *uuid, const gchar *name,
         setting_name = g_strdup ("Alerts Filter");
       else if (strcmp (uuid, "0f040d06-abf9-43a2-8f94-9de178b0e978") == 0)
         setting_name = g_strdup ("Assets Filter");
+      else if (strcmp (uuid, "45414da7-55f0-44c1-abbb-6b7d1126fbdf") == 0)
+        setting_name = g_strdup ("Audit Reports Filter");
       else if (strcmp (uuid, "1a9fbd91-0182-44cd-bc88-a13a9b3b1bef") == 0)
         setting_name = g_strdup ("Configs Filter");
       else if (strcmp (uuid, "186a5ac8-fe5a-4fb1-aa22-44031fb339f3") == 0)
@@ -53603,6 +53640,10 @@ modify_setting (const gchar *uuid, const gchar *name,
       else if (strcmp (uuid, "e599bb6b-b95a-4bb2-a6bb-fe8ac69bc071") == 0)
         setting_name = g_strdup ("Reports Top Dashboard Configuration");
 
+      /* Audit Reports dashboard settings */
+      else if (strcmp (uuid, "8083d77b-05bb-4b17-ab39-c81175cb512c") == 0)
+        setting_name = g_strdup ("Audit Reports Top Dashboard Configuration");      
+
       /* Results dashboard settings */
       else if (strcmp (uuid, "0b8ae70d-d8fc-4418-8a72-e65ac8d2828e") == 0)
         setting_name = g_strdup ("Results Top Dashboard Configuration");
@@ -57267,6 +57308,11 @@ tag_add_resources_list (tag_t tag, const char *type, array_t *uuids,
     resource_permission = g_strdup ("get_info");
   else if (type_is_asset_subtype (type))
     resource_permission = g_strdup ("get_assets");
+  else if (type_is_report_subtype (type)) 
+  {
+    resource_permission = g_strdup ("get_reports");
+    type = g_strdup("report");
+  }
   else
     resource_permission = g_strdup_printf ("get_%ss", type);
 
@@ -57330,6 +57376,13 @@ tag_add_resources_filter (tag_t tag, const char *type, const char *filter)
     }
   else
     {
+      if (strcasecmp (type, "audit_report") == 0)
+        {
+          type = g_strdup ("report");
+          resources_get.type = g_strdup (type);
+          get_data_set_extra (&resources_get, "usage_type", g_strdup ("audit"));
+        }
+
       gchar *columns;
 
       columns = g_strdup_printf ("%ss.id, %ss.uuid", type, type);
@@ -57359,6 +57412,8 @@ tag_add_resources_filter (tag_t tag, const char *type, const char *filter)
             sql_rollback ();
             g_free (resources_get.filter);
             g_free (resources_get.type);
+            if (resources_get.extra_params)
+              g_hash_table_destroy (resources_get.extra_params);
             return -1;
         }
     }
@@ -57366,6 +57421,8 @@ tag_add_resources_filter (tag_t tag, const char *type, const char *filter)
 
   g_free (resources_get.filter);
   g_free (resources_get.type);
+  if (resources_get.extra_params)
+    g_hash_table_destroy (resources_get.extra_params);
 
   ret = 2;
   while (next (&resources))
@@ -57476,6 +57533,15 @@ tag_remove_resources_filter (tag_t tag, const char *type, const char *filter)
     }
   else
     {
+      if (strcasecmp (type, "audit_report") == 0)
+        {
+          type = g_strdup ("report");
+          resources_get.type = g_strdup (type);
+          get_data_set_extra (&resources_get,
+                              "usage_type",
+                              g_strdup ("audit"));
+        }
+
       gchar *columns;
 
       columns = g_strdup_printf ("%ss.id", type);
@@ -57495,6 +57561,8 @@ tag_remove_resources_filter (tag_t tag, const char *type, const char *filter)
             sql_rollback ();
             g_free (resources_get.filter);
             g_free (resources_get.type);
+            if (resources_get.extra_params)
+              g_hash_table_destroy (resources_get.extra_params);           
             return -1;
         }
     }
@@ -57502,6 +57570,8 @@ tag_remove_resources_filter (tag_t tag, const char *type, const char *filter)
 
   g_free (resources_get.filter);
   g_free (resources_get.type);
+  if (resources_get.extra_params)
+      g_hash_table_destroy (resources_get.extra_params);  
 
   ret = 2;
   while (next (&resources))
@@ -57618,9 +57688,12 @@ create_tag (const char * name, const char * comment, const char * value,
   if (strcmp (lc_resource_type, "")
       && valid_db_resource_type (lc_resource_type) == 0)
     {
-      g_free (lc_resource_type);
-      sql_rollback ();
-      return -1;
+      if (!valid_subtype (lc_resource_type)) 
+        {
+          g_free (lc_resource_type);
+          sql_rollback ();
+          return -1;          
+        }
     }
 
   quoted_name = sql_insert (name);
@@ -57850,8 +57923,11 @@ modify_tag (const char *tag_id, const char *name, const char *comment,
   if (strcmp (lc_resource_type, "")
       && valid_db_resource_type (lc_resource_type) == 0)
     {
-      sql_rollback ();
-      return -1;
+      if (!valid_subtype (lc_resource_type))
+        {
+          sql_rollback ();
+          return -1;          
+        }
     }
 
   quoted_resource_type = sql_insert (lc_resource_type);
diff --git a/src/manage_sql.h b/src/manage_sql.h
index 28a9204ca..b9db9cb99 100644
--- a/src/manage_sql.h
+++ b/src/manage_sql.h
@@ -508,6 +508,9 @@ setting_value (const char *, char **);
 int
 valid_type (const char *);
 
+int
+valid_subtype (const char *);
+
 void
 add_role_permission_resource (const gchar *, const gchar *, const gchar *,
                               const gchar *);

From 094b2516eaf0a274e7e12d1b13c5c6c437dfc7d4 Mon Sep 17 00:00:00 2001
From: Ahmed Abdelsalam <ahmed.abdelsalam@greenbone.net>
Date: Mon, 5 Feb 2024 10:32:14 +0100
Subject: [PATCH 024/134] Tags applied by filter on scan reports exclude audit
 reports.

---
 src/manage_sql.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/manage_sql.c b/src/manage_sql.c
index 7c02bb5a4..b702b4eb4 100644
--- a/src/manage_sql.c
+++ b/src/manage_sql.c
@@ -57382,6 +57382,10 @@ tag_add_resources_filter (tag_t tag, const char *type, const char *filter)
           resources_get.type = g_strdup (type);
           get_data_set_extra (&resources_get, "usage_type", g_strdup ("audit"));
         }
+      else if (strcasecmp (type, "report") == 0)
+        {
+          get_data_set_extra (&resources_get, "usage_type", g_strdup ("scan"));
+        }
 
       gchar *columns;
 

From 3726b9ae177393fe3aa940853f620aaca9daaaff Mon Sep 17 00:00:00 2001
From: Ahmed Abdelsalam <ahmed.abdelsalam@greenbone.net>
Date: Mon, 5 Feb 2024 10:49:12 +0100
Subject: [PATCH 025/134] Exclude audit reports from scan tags filter when
 removing resources

---
 src/manage_sql.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/manage_sql.c b/src/manage_sql.c
index b702b4eb4..b8c55bf06 100644
--- a/src/manage_sql.c
+++ b/src/manage_sql.c
@@ -57545,6 +57545,10 @@ tag_remove_resources_filter (tag_t tag, const char *type, const char *filter)
                               "usage_type",
                               g_strdup ("audit"));
         }
+      else if (strcasecmp (type, "report") == 0)
+        {
+          get_data_set_extra (&resources_get, "usage_type", g_strdup ("scan"));
+        }
 
       gchar *columns;
 

From 0e2b94aac921adc9403d49ca37b44e1332049a87 Mon Sep 17 00:00:00 2001
From: Ahmed Abdelsalam <ahmed.abdelsalam@greenbone.net>
Date: Mon, 5 Feb 2024 17:01:59 +0100
Subject: [PATCH 026/134] Tags can now be used with audit tasks and compliance
 policies

---
 src/gmp.c        | 40 ++++++++++++++++------
 src/manage_sql.c | 88 +++++++++++++++++++++++++++++++++++++++++++++---
 2 files changed, 112 insertions(+), 16 deletions(-)

diff --git a/src/gmp.c b/src/gmp.c
index 4da06e393..196f00f1e 100644
--- a/src/gmp.c
+++ b/src/gmp.c
@@ -15940,7 +15940,17 @@ select_resource_iterator (get_resource_names_data_t *resource_names_data,
   else if (g_strcmp0 ("config", resource_names_data->type) == 0)
     {
       *iterator = (int (*) (iterator_t*, get_data_t *))init_config_iterator;
-    }                
+      get_data_set_extra (&resource_names_data->get,
+                          "usage_type",
+                          g_strdup ("scan"));
+    }
+  else if (g_strcmp0 ("policy", resource_names_data->type) == 0)
+    {
+      *iterator = (int (*) (iterator_t*, get_data_t *))init_config_iterator;
+      get_data_set_extra (&resource_names_data->get,
+                          "usage_type",
+                          g_strdup ("policy"));
+    }
   else if (g_strcmp0 ("scanner", resource_names_data->type) == 0)
     {
       *iterator = (int (*) (iterator_t*, get_data_t *))init_scanner_iterator;
@@ -15956,7 +15966,17 @@ select_resource_iterator (get_resource_names_data_t *resource_names_data,
   else if (g_strcmp0 ("task", resource_names_data->type) == 0)
     {
       *iterator = (int (*) (iterator_t*, get_data_t *))init_task_iterator;
-    } 
+      get_data_set_extra (&resource_names_data->get,
+                    "usage_type",
+                    g_strdup ("scan"));
+    }
+  else if (g_strcmp0 ("audit", resource_names_data->type) == 0)
+    {
+      *iterator = (int (*) (iterator_t*, get_data_t *))init_task_iterator;
+      get_data_set_extra (&resource_names_data->get,
+                    "usage_type",
+                    g_strdup ("audit"));
+    }
   else if (g_strcmp0 ("tls_certificate", resource_names_data->type) == 0)
     {
       *iterator = (int (*) (iterator_t*, get_data_t *))init_tls_certificate_iterator;
@@ -16008,7 +16028,13 @@ handle_get_resource_names (gmp_parser_t *gmp_parser, GError **error)
            || (g_strcmp0 ("nvt", get_resource_names_data->type) == 0)
            || (g_strcmp0 ("cert_bund_adv", get_resource_names_data->type) == 0)
            || (g_strcmp0 ("dfn_cert_adv", get_resource_names_data->type) == 0))
-          && (acl_user_may ("get_info") == 0)))
+          && (acl_user_may ("get_info") == 0))
+      || (((g_strcmp0 ("config", get_resource_names_data->type) == 0)
+          ||(g_strcmp0 ("policy", get_resource_names_data->type) == 0))
+       && (acl_user_may ("get_configs") == 0))
+      || (((g_strcmp0 ("task", get_resource_names_data->type) == 0)
+          ||(g_strcmp0 ("audit", get_resource_names_data->type) == 0))
+       && (acl_user_may ("get_tasks") == 0)))
       {
         SEND_TO_CLIENT_OR_FAIL
           (XML_ERROR_SYNTAX ("get_resource_names",
@@ -16092,14 +16118,6 @@ handle_get_resource_names (gmp_parser_t *gmp_parser, GError **error)
 
   while (next (&resource))
     {
-      if ((g_strcmp0 ("task", get_resource_names_data->type) == 0 
-           && g_strcmp0 ("audit", task_iterator_usage_type(&resource)) == 0)
-          || (g_strcmp0 ("config", get_resource_names_data->type) == 0 
-           && g_strcmp0 ("policy", config_iterator_usage_type(&resource)) == 0))
-      {
-        continue;
-      }
-
       GString *result;
       result = g_string_new ("");
       
diff --git a/src/manage_sql.c b/src/manage_sql.c
index b8c55bf06..bffb14b00 100644
--- a/src/manage_sql.c
+++ b/src/manage_sql.c
@@ -3980,7 +3980,9 @@ valid_type (const char* type)
 int
 valid_subtype (const char* type)
 {
-  return (strcasecmp (type, "audit_report") == 0);
+  return (strcasecmp (type, "audit_report") == 0)
+         || (strcasecmp (type, "audit") == 0)
+         || (strcasecmp (type, "policy") == 0);
 }
 
 /**
@@ -4092,6 +4094,32 @@ type_is_report_subtype (const char *type)
   return (strcasecmp (type, "audit_report") == 0);
 }
 
+/**
+ * @brief Check whether a resource type is a task subtype.
+ *
+ * @param[in]  type  Type of resource.
+ *
+ * @return 1 yes, 0 no.
+ */
+static int
+type_is_task_subtype (const char *type)
+{
+  return (strcasecmp (type, "audit") == 0);
+}
+
+/**
+ * @brief Check whether a resource type is a config subtype.
+ *
+ * @param[in]  type  Type of resource.
+ *
+ * @return 1 yes, 0 no.
+ */
+static int
+type_is_config_subtype (const char *type)
+{
+  return (strcasecmp (type, "policy") == 0);
+}
+
 /**
  * @brief Check whether a type has a name and comment.
  *
@@ -57309,10 +57337,20 @@ tag_add_resources_list (tag_t tag, const char *type, array_t *uuids,
   else if (type_is_asset_subtype (type))
     resource_permission = g_strdup ("get_assets");
   else if (type_is_report_subtype (type)) 
-  {
-    resource_permission = g_strdup ("get_reports");
-    type = g_strdup("report");
-  }
+    {
+      resource_permission = g_strdup ("get_reports");
+      type = g_strdup("report");
+    }
+  else if (type_is_task_subtype (type))
+    {
+      resource_permission = g_strdup ("get_tasks");
+      type = g_strdup("task");
+    }
+  else if (type_is_config_subtype (type))
+    {
+      resource_permission = g_strdup ("get_configs");
+      type = g_strdup("config");
+    }
   else
     resource_permission = g_strdup_printf ("get_%ss", type);
 
@@ -57386,6 +57424,26 @@ tag_add_resources_filter (tag_t tag, const char *type, const char *filter)
         {
           get_data_set_extra (&resources_get, "usage_type", g_strdup ("scan"));
         }
+      else if (strcasecmp (type, "task") == 0)
+        {
+          get_data_set_extra (&resources_get, "usage_type", g_strdup ("scan"));
+        }
+      else if (strcasecmp (type, "audit") == 0)
+        {
+          type = g_strdup ("task");
+          resources_get.type = g_strdup (type);
+          get_data_set_extra (&resources_get, "usage_type", g_strdup ("audit"));
+        }
+      else if (strcasecmp (type, "policy") == 0)
+        {
+          type = g_strdup ("config");
+          resources_get.type = g_strdup (type);
+          get_data_set_extra (&resources_get, "usage_type", g_strdup ("policy"));
+        }
+      else if (strcasecmp (type, "config") == 0)
+        {
+          get_data_set_extra (&resources_get, "usage_type", g_strdup ("scan"));
+        }
 
       gchar *columns;
 
@@ -57549,6 +57607,26 @@ tag_remove_resources_filter (tag_t tag, const char *type, const char *filter)
         {
           get_data_set_extra (&resources_get, "usage_type", g_strdup ("scan"));
         }
+      else if (strcasecmp (type, "task") == 0)
+        {
+          get_data_set_extra (&resources_get, "usage_type", g_strdup ("scan"));
+        }
+      else if (strcasecmp (type, "audit") == 0)
+        {
+          type = g_strdup ("task");
+          resources_get.type = g_strdup (type);
+          get_data_set_extra (&resources_get, "usage_type", g_strdup ("audit"));
+        }
+      else if (strcasecmp (type, "policy") == 0)
+        {
+          type = g_strdup ("config");
+          resources_get.type = g_strdup (type);
+          get_data_set_extra (&resources_get, "usage_type", g_strdup ("policy"));
+        }
+      else if (strcasecmp (type, "config") == 0)
+        {
+          get_data_set_extra (&resources_get, "usage_type", g_strdup ("scan"));
+        }
 
       gchar *columns;
 

From 5b6054d6cda954e414c9c84f7b7e5289c7e4f896 Mon Sep 17 00:00:00 2001
From: Ahmed Abdelsalam <ahmed.abdelsalam@greenbone.net>
Date: Wed, 14 Feb 2024 13:59:39 +0100
Subject: [PATCH 027/134] Updated GMP documentation

---
 src/schema_formats/XML/GMP.xml.in | 292 +++++++++++++++++++++++++++++-
 1 file changed, 283 insertions(+), 9 deletions(-)

diff --git a/src/schema_formats/XML/GMP.xml.in b/src/schema_formats/XML/GMP.xml.in
index 770120a01..96be5f2a4 100644
--- a/src/schema_formats/XML/GMP.xml.in
+++ b/src/schema_formats/XML/GMP.xml.in
@@ -68,6 +68,13 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
     </description>
     <pattern>xsd:token { pattern = "y?n?i?u?" }</pattern>
   </type>
+  <type>
+    <name>compliance_status</name>
+    <summary>A compliance status</summary>
+    <pattern>
+      xsd:token { pattern = "yes|no|incomplete|undefined" }
+    </pattern>
+  </type>  
   <type>
     <name>ctime</name>
     <summary>A date and time, in the C `ctime' format</summary>
@@ -1512,6 +1519,7 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
       <e>qod</e>
       <o><e>original_threat</e></o>
       <o><e>original_severity</e></o>
+      <e>compliance</e>
       <e>description</e>
       <o><e>delta</e></o>
       <o><e>detection</e></o>
@@ -1895,6 +1903,11 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
       <summary>Original severity when overridden</summary>
       <pattern><t>severity</t></pattern>
     </ele>
+    <ele>
+      <name>compliance</name>
+      <summary>Result compliance ("yes", "no", "incomplete" or "undefined")</summary>
+      <pattern><t>compliance_status</t></pattern>
+    </ele>    
     <ele>
       <name>description</name>
       <summary>Description of the result</summary>
@@ -2201,8 +2214,10 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
             <e>permissions</e>
             <o><e>user_tags</e></o>
             <e>scan_run_status</e>
-            <e>result_count</e>
-            <e>severity</e>
+            <o><e>result_count</e></o>
+            <o><e>compliance_count</e></o>
+            <o><e>severity</e></o>
+            <o><e>compliance</e></o>
             <e>task</e>
             <e>ports</e>
             <e>results</e>
@@ -2529,7 +2544,7 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
       </ele>
       <ele>
         <name>result_count</name>
-        <summary>Counts of results produced by scan</summary>
+        <summary>Counts of results produced by scan. Only for reports of a scan task</summary>
         <description>
           <p>
             The text contains the full count -- the total number of results
@@ -2636,6 +2651,114 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
           </ele>
         </ele>
       </ele>
+      <ele>
+        <name>compliance_count</name>
+        <summary>Counts of compliance results. Only for reports of an audit task.</summary>
+        <description>
+          <p>
+            The text contains the full count -- the total number of compliance results.
+          </p>
+        </description>
+        <pattern>
+          text
+          <e>full</e>
+          <e>filtered</e>
+          <e>yes</e>
+          <e>no</e>
+          <e>incomplete</e>
+          <e>undefined</e>
+        </pattern>
+        <ele>
+          <name>full</name>
+          <summary>Total number of compliance results</summary>
+          <pattern><t>integer</t></pattern>
+        </ele>
+        <ele>
+          <name>filtered</name>
+          <summary>Number of compliance results after filtering</summary>
+          <pattern><t>integer</t></pattern>
+        </ele>
+        <ele>
+          <name>yes</name>
+          <summary>
+            Number of "yes" results (compliant)
+          </summary>
+          <pattern>
+            <e>full</e>
+            <e>filtered</e>
+          </pattern>
+          <ele>
+            <name>full</name>
+            <summary>Total number of results</summary>
+            <pattern><t>integer</t></pattern>
+          </ele>
+          <ele>
+            <name>filtered</name>
+            <summary>Number of results after filtering</summary>
+            <pattern><t>integer</t></pattern>
+          </ele>
+        </ele>
+        <ele>
+          <name>no</name>
+          <summary>
+            Number of "no" results (not compliant)
+          </summary>
+          <pattern>
+            <e>full</e>
+            <e>filtered</e>
+          </pattern>
+          <ele>
+            <name>full</name>
+            <summary>Total number of results</summary>
+            <pattern><t>integer</t></pattern>
+          </ele>
+          <ele>
+            <name>filtered</name>
+            <summary>Number of results after filtering</summary>
+            <pattern><t>integer</t></pattern>
+          </ele>
+        </ele>
+        <ele>
+          <name>incomplete</name>
+          <summary>
+            Number of "incomplete" results (incomplete compliance)
+          </summary>
+          <pattern>
+            <e>full</e>
+            <e>filtered</e>
+          </pattern>
+          <ele>
+            <name>full</name>
+            <summary>Total number of results</summary>
+            <pattern><t>integer</t></pattern>
+          </ele>
+          <ele>
+            <name>filtered</name>
+            <summary>Number of results after filtering</summary>
+            <pattern><t>integer</t></pattern>
+          </ele>
+        </ele>
+        <ele>
+          <name>undefined</name>
+          <summary>
+            Number of "undefined" results (undefined compliance)
+          </summary>
+          <pattern>
+            <e>full</e>
+            <e>filtered</e>
+          </pattern>
+          <ele>
+            <name>full</name>
+            <summary>Total number of results</summary>
+            <pattern><t>integer</t></pattern>
+          </ele>
+          <ele>
+            <name>filtered</name>
+            <summary>Number of results after filtering</summary>
+            <pattern><t>integer</t></pattern>
+          </ele>
+        </ele>
+      </ele>      
       <ele>
         <name>severity</name>
         <pattern>
@@ -2653,6 +2776,23 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
           <summary>Maximum severity of the report after filtering</summary>
         </ele>
       </ele>
+      <ele>
+        <name>compliance</name>
+        <pattern>
+          <e>full</e>
+          <e>filtered</e>
+        </pattern>
+        <ele>
+          <name>full</name>
+          <pattern><t>compliance_status</t></pattern>
+          <summary>Compliance of the full report ("yes", "no", "incomplete" or "undefined")</summary>
+        </ele>
+        <ele>
+          <name>filtered</name>
+          <pattern><t>compliance_status</t></pattern>
+          <summary>Compliance of the report after filtering ("yes", "no", "incomplete" or "undefined")</summary>
+        </ele>
+      </ele>      
       <ele>
         <name>task</name>
         <pattern>
@@ -2914,7 +3054,9 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
           <e>start</e>
           <e>end</e>
           <e>port_count</e>
-          <e>result_count</e>
+          <o><e>result_count</e></o>
+          <o><e>compliance_count</e></o>
+          <o><e>host_compliance</e></o>
           <any><e>detail</e></any>
         </pattern>
         <ele>
@@ -2957,7 +3099,7 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
         </ele>
         <ele>
           <name>result_count</name>
-          <summary></summary>
+          <summary>Only for scan reports</summary>
           <pattern>
             <e>page</e>
             <e>hole</e>
@@ -3032,6 +3174,75 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
             </ele>
           </ele>
         </ele>
+        <ele>
+          <name>compliance_count</name>
+          <summary>Only for audit reports</summary>
+          <pattern>
+            <e>page</e>
+            <e>yes</e>
+            <e>no</e>
+            <e>incomplete</e>
+            <e>undefined</e>
+          </pattern>
+          <ele>
+            <name>page</name>
+            <summary>Total number of results for current host on current page</summary>
+            <pattern><t>integer</t></pattern>
+          </ele>
+          <ele>
+            <name>yes</name>
+            <summary>Number of "yes" results (compliant)</summary>
+            <pattern>
+              <e>page</e>
+            </pattern>
+            <ele>
+              <name>page</name>
+              <summary>Number of results on current page</summary>
+              <pattern><t>integer</t></pattern>
+            </ele>
+          </ele>
+          <ele>
+            <name>no</name>
+            <summary>Number of "no" results (not compliant)</summary>
+            <pattern>
+              <e>page</e>
+            </pattern>
+            <ele>
+              <name>page</name>
+              <summary>Number of results on current page</summary>
+              <pattern><t>integer</t></pattern>
+            </ele>
+          </ele>
+          <ele>
+            <name>incomplete</name>
+            <summary>Number of "incomplete" results (incomplete compliance)</summary>
+            <pattern>
+              <e>page</e>
+            </pattern>
+            <ele>
+              <name>page</name>
+              <summary>Number of results on current page</summary>
+              <pattern><t>integer</t></pattern>
+            </ele>
+          </ele>
+          <ele>
+            <name>undefined</name>
+            <summary>Number of "undefined" results (undefined compliance)</summary>
+            <pattern>
+              <e>page</e>
+            </pattern>
+            <ele>
+              <name>page</name>
+              <summary>Number of results on current page</summary>
+              <pattern><t>integer</t></pattern>
+            </ele>
+          </ele>          
+        </ele>
+        <ele>
+          <name>host_compliance</name>
+          <summary>Only for audit reports. Host compliance</summary>
+          <pattern><t>compliance_status</t></pattern>
+        </ele>               
         <ele>
           <name>detail</name>
           <summary>A detail associated with the host</summary>
@@ -17914,6 +18125,11 @@ END:VCALENDAR
             <type>integer</type>
             <summary>Minimum QoD of the results</summary>
           </option>
+          <option>
+            <name>report_compliance_levels</name>
+            <type>compliance_levels</type>
+            <summary>report compliance level to select</summary>
+          </option>          
           <column>
             <name>tag</name>
             <type>text</type>
@@ -18059,6 +18275,26 @@ END:VCALENDAR
             <type>iso_time</type>
             <summary>Scan end time</summary>
           </column>
+          <column>
+            <name>compliance_yes</name>
+            <type>integer</type>
+            <summary>Number of compliance yes results</summary>
+          </column>
+          <column>
+            <name>compliance_no</name>
+            <type>integer</type>
+            <summary>Number of compliance no results</summary>
+          </column>
+          <column>
+            <name>compliance_incomplete</name>
+            <type>integer</type>
+            <summary>Number of compliance incomplete results</summary>
+          </column>
+          <column>
+            <name>compliant</name>
+            <type>compliance_status</type>
+            <summary>Compliance state of the report. Can be yes, no, incomplete or undefined</summary>
+          </column>                      
         </filter_keywords>
       </attrib>
       <attrib>
@@ -18128,6 +18364,17 @@ END:VCALENDAR
         </summary>
         <type>boolean</type>
       </attrib>
+      <attrib>
+          <name>usage_type</name>
+          <summary>Optional usage type to limit the reports to. Affects total count unlike filter</summary>
+          <type>
+            <alts>
+              <alt>scan</alt>
+              <alt>audit</alt>
+              <alt></alt>
+            </alts>
+          </type>
+        </attrib>    
     </pattern>
     <response>
       <pattern>
@@ -22906,8 +23153,9 @@ END:VCALENDAR
               </attrib>
               <e>timestamp</e>
               <e>scan_end</e>
-              <e>result_count</e>
-              <e>severity</e>
+              <o><e>result_count</e></o>
+              <o><e>severity</e></o>
+              <o><e>compliance_count</e></o>
             </pattern>
             <ele>
               <name>timestamp</name>
@@ -22919,7 +23167,7 @@ END:VCALENDAR
             </ele>
             <ele>
               <name>result_count</name>
-              <summary>Result counts for this report</summary>
+              <summary>Result counts for this report. Only for scan tasks</summary>
               <pattern>
                 <e>false_positive</e>
                 <e>log</e>
@@ -22951,8 +23199,34 @@ END:VCALENDAR
             <ele>
               <name>severity</name>
               <pattern><t>severity</t></pattern>
-              <summary>Maximum severity of the report</summary>
+              <summary>Maximum severity of the report. Only for scan tasks</summary>
             </ele>
+            <ele>
+              <name>compliance_count</name>
+              <summary>Complaince counts. Only for audit tasks</summary>
+              <pattern>
+                <e>yes</e>
+                <e>no</e>
+                <e>incomplete</e>
+                <e>undefined</e>
+              </pattern>
+              <ele>
+                <name>yes</name>
+                <pattern><t>integer</t></pattern>
+              </ele>
+              <ele>
+                <name>no</name>
+                <pattern><t>integer</t></pattern>
+              </ele>
+              <ele>
+                <name>incomplete</name>
+                <pattern><t>integer</t></pattern>
+              </ele>
+              <ele>
+                <name>undefined</name>
+                <pattern><t>integer</t></pattern>
+              </ele>
+            </ele>            
           </ele>
         </ele>
         <ele>

From 79bbf68062e82971062eb05d61a57c8e0761a133 Mon Sep 17 00:00:00 2001
From: Ahmed Abdelsalam <ahmed.abdelsalam@greenbone.net>
Date: Tue, 20 Feb 2024 11:03:28 +0100
Subject: [PATCH 028/134] Address review comments

---
 src/manage_pg.c  |  6 ++++--
 src/manage_sql.c | 21 +++++++++++----------
 2 files changed, 15 insertions(+), 12 deletions(-)

diff --git a/src/manage_pg.c b/src/manage_pg.c
index b9d008142..d9d8cc506 100644
--- a/src/manage_pg.c
+++ b/src/manage_pg.c
@@ -895,7 +895,7 @@ manage_create_sql_functions ()
        "$$ LANGUAGE plpgsql"
        " IMMUTABLE;");
 
-  sql ("CREATE OR REPLACE FUNCTION compliance_status ("
+  sql ("CREATE OR REPLACE FUNCTION report_compliance_status ("
        "  report_id integer)"
        "RETURNS text AS $$ "
        "BEGIN"
@@ -918,7 +918,9 @@ manage_create_sql_functions ()
        "$$ LANGUAGE plpgsql"
        " IMMUTABLE;");
 
-  sql ("CREATE OR REPLACE FUNCTION compliance_count (report_id integer, compliance text)"
+  sql ("CREATE OR REPLACE FUNCTION report_compliance_count ("
+       "  report_id integer,"
+       "  compliance text)"
        " RETURNS integer AS $$"
        " DECLARE count integer := 0;"
        " BEGIN"
diff --git a/src/manage_sql.c b/src/manage_sql.c
index bffb14b00..6abe7f43e 100644
--- a/src/manage_sql.c
+++ b/src/manage_sql.c
@@ -2037,7 +2037,7 @@ filter_control_str (keyword_t **point, const char *column, gchar **string)
  * @param[out]  levels         String describing threat levels (message types)
  *                             to include in count (for example, "hmlg" for
  *                             High, Medium, Low and loG). All levels if NULL.
- * @param[out]  comliance_levels   String describing compliance levels
+ * @param[out]  compliance_levels   String describing compliance levels
  *                             to include in count (for example, "yniu" for
  *                             "yes" (compliant), "n" for "no" (not compliant),
  *                             "i" for "incomplete" and "u" for "undefined" 
@@ -21992,22 +21992,22 @@ report_add_results_array (report_t report, GArray *results)
      KEYWORD_TYPE_INTEGER                                                    \
    },                                                                        \
    {                                                                         \
-     "compliance_count (id, 'YES')",                                         \
+     "report_compliance_count (id, 'YES')",                                  \
      "compliance_yes",                                                       \
      KEYWORD_TYPE_INTEGER                                                    \
    },                                                                        \
    {                                                                         \
-     "compliance_count (id, 'NO')",                                          \
+     "report_compliance_count (id, 'NO')",                                   \
      "compliance_no",                                                        \
      KEYWORD_TYPE_INTEGER                                                    \
    },                                                                        \
    {                                                                         \
-     "compliance_count (id, 'INCOMPLETE')",                                  \
+     "report_compliance_count (id, 'INCOMPLETE')",                           \
      "compliance_incomplete",                                                \
      KEYWORD_TYPE_INTEGER                                                    \
    },                                                                        \
    {                                                                         \
-     "compliance_status (id)",                                               \
+     "report_compliance_status (id)",                                        \
      "compliant",                                                            \
      KEYWORD_TYPE_STRING                                                     \
    },                                                                        \
@@ -22055,7 +22055,8 @@ where_compliance_status (const char *compliance)
   compliance_sql = g_string_new ("");
   count = 0;
 
-  g_string_append_printf (compliance_sql, " AND compliance_status(reports.id) IN (");
+  g_string_append_printf (compliance_sql,
+    " AND report_compliance_status(reports.id) IN (");
 
   if (strchr (compliance, 'y'))
     {
@@ -22080,9 +22081,9 @@ where_compliance_status (const char *compliance)
 
   g_string_append (compliance_sql, ")");
 
-  if (count == 4)
+  if ((count == 4) || (count == 0))
     {
-      /* All compliance levels selected. */
+      /* All compliance levels or no valid ones selected. */
       g_string_free (compliance_sql, TRUE);
       return NULL;
     }
@@ -22422,9 +22423,9 @@ where_compliance_levels (const char *levels)
     }
   g_string_append (levels_sql, ")");
 
-  if (count == 4)
+  if ((count == 4) || (count == 0))
     {
-      /* All compliance levels selected, so no restriction is necessary. */
+      /* All compliance levels or none selected, so no restriction is necessary. */
       g_string_free (levels_sql, TRUE);
       return NULL;
     }

From d6a267cae4e004a78e95715c09810bd58ffa6881 Mon Sep 17 00:00:00 2001
From: Ahmed Abdelsalam <ahmed.abdelsalam@greenbone.net>
Date: Tue, 9 Jul 2024 16:18:05 +0200
Subject: [PATCH 029/134] Add feature toggle for compliance reports

---
 CMakeLists.txt                    |   12 +
 src/gmp.c                         |   48 +-
 src/gvmd.c                        |    3 +
 src/manage_sql.c                  | 1071 ++++++++++++++---------------
 src/schema_formats/XML/GMP.xml.in |   70 +-
 5 files changed, 611 insertions(+), 593 deletions(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 945272c27..dd7396c90 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -247,6 +247,10 @@ if (NOT CVSS3_RATINGS)
 endif (NOT CVSS3_RATINGS)
 add_definitions (-DCVSS3_RATINGS=${CVSS3_RATINGS})
 
+if (NOT COMPLIANCE_REPORTS)
+  set (COMPLIANCE_REPORTS 0)
+endif (NOT COMPLIANCE_REPORTS)
+add_definitions (-DCOMPLIANCE_REPORTS=${COMPLIANCE_REPORTS})
 
 message ("-- Install prefix: ${CMAKE_INSTALL_PREFIX}")
 
@@ -254,6 +258,14 @@ message ("-- Install prefix: ${CMAKE_INSTALL_PREFIX}")
 
 set (GVMD_VERSION "${PROJECT_VERSION_STRING}")
 
+if (COMPLIANCE_REPORTS EQUAL 1)
+  set(IF_COMPLIANCE_REPORTS "")
+  set(ENDIF_COMPLIANCE_REPORTS "")
+elseif (COMPLIANCE_REPORTS EQUAL 0)
+  set(IF_COMPLIANCE_REPORTS "<!--")
+  set(ENDIF_COMPLIANCE_REPORTS "-->")
+endif()
+
 # Configure Doxyfile with version number
 configure_file (doc/Doxyfile.in doc/Doxyfile)
 configure_file (doc/Doxyfile_full.in doc/Doxyfile_full)
diff --git a/src/gmp.c b/src/gmp.c
index 196f00f1e..4ae04b006 100644
--- a/src/gmp.c
+++ b/src/gmp.c
@@ -12955,6 +12955,11 @@ handle_get_features (gmp_parser_t *gmp_parser, GError **error)
                           " status=\"" STATUS_OK "\""
                           " status_text=\"" STATUS_OK_TEXT "\">");
 
+  SENDF_TO_CLIENT_OR_FAIL ("<feature enabled=\"%d\">"
+                           "<name>COMPLIANCE_REPORTS</name>"
+                           "</feature>",
+                           COMPLIANCE_REPORTS ? 1 : 0);
+
   SENDF_TO_CLIENT_OR_FAIL ("<feature enabled=\"%d\">"
                            "<name>CVSS3_RATINGS</name>"
                            "</feature>",
@@ -14831,7 +14836,7 @@ handle_get_reports (gmp_parser_t *gmp_parser, GError **error)
       || (strlen (get_reports_data->report_get.id) == 0))
     {
       int overrides, min_qod;
-      gchar *filter, *levels, *compliance_levels;
+      gchar *filter, *levels;
       get_data_t * get;
 
       /* For simplicity, use a fixed result filter when filtering
@@ -14853,22 +14858,33 @@ handle_get_reports (gmp_parser_t *gmp_parser, GError **error)
       overrides = filter_term_apply_overrides (filter ? filter : get->filter);
       min_qod = filter_term_min_qod (filter ? filter : get->filter);
       levels = filter_term_value (filter ? filter : get->filter, "levels");
-      compliance_levels = filter_term_value (filter 
-                                                ? filter 
-                                                : get->filter,
-                                             "compliance_levels");
+      #if COMPLIANCE_REPORTS == 1
+        gchar *compliance_levels;
+        compliance_levels = filter_term_value (filter
+                                                  ? filter
+                                                  : get->filter,
+                                              "compliance_levels");
+
+        /* Setup result filter from overrides. */
+        get_reports_data->get.filter
+          = g_strdup_printf
+              ("apply_overrides=%i min_qod=%i levels=%s compliance_levels=%s",
+              overrides,
+              min_qod,
+              levels ? levels : "hmlgdf",
+              compliance_levels ? compliance_levels : "yniu");
+        g_free (compliance_levels);
+      #else
+        /* Setup result filter from overrides. */
+        get_reports_data->get.filter
+          = g_strdup_printf
+              ("apply_overrides=%i min_qod=%i levels=%s",
+              overrides,
+              min_qod,
+              levels ? levels : "hmlgdf");
+      #endif
       g_free (filter);
-
-      /* Setup result filter from overrides. */
-      get_reports_data->get.filter
-        = g_strdup_printf 
-            ("apply_overrides=%i min_qod=%i levels=%s compliance_levels=%s",
-             overrides, 
-             min_qod, 
-             levels ? levels : "hmlgdf", 
-             compliance_levels ? compliance_levels : "yniu");
       g_free (levels);
-      g_free (compliance_levels);
     }
 
   ret = init_report_iterator (&reports, &get_reports_data->report_get);
@@ -15914,6 +15930,7 @@ select_resource_iterator (get_resource_names_data_t *resource_names_data,
   else if (g_strcmp0 ("report", resource_names_data->type) == 0)
     {
       *iterator = (int (*) (iterator_t*, get_data_t *))init_report_iterator;
+#if COMPLIANCE_REPORTS == 1
       get_data_set_extra (&resource_names_data->get, 
                           "usage_type",
                           g_strdup ("scan"));
@@ -15924,6 +15941,7 @@ select_resource_iterator (get_resource_names_data_t *resource_names_data,
       get_data_set_extra (&resource_names_data->get, 
                           "usage_type",
                           g_strdup ("audit"));
+#endif
     }
   else if (g_strcmp0 ("report_config", resource_names_data->type) == 0)
     {
diff --git a/src/gvmd.c b/src/gvmd.c
index 05bc8c43c..9be3ecc8e 100644
--- a/src/gvmd.c
+++ b/src/gvmd.c
@@ -2317,6 +2317,9 @@ gvmd (int argc, char** argv, char *env[])
 #endif
 #if CVSS3_RATINGS == 1
       printf ("CVSS3 severity ratings enabled\n");
+#endif
+#if COMPLIANCE_REPORTS == 1
+      printf ("Compliance reports enabled\n");
 #endif
       printf ("Copyright (C) 2009-2021 Greenbone AG\n");
       printf ("License: AGPL-3.0-or-later\n");
diff --git a/src/manage_sql.c b/src/manage_sql.c
index 6abe7f43e..83e3ddc6b 100644
--- a/src/manage_sql.c
+++ b/src/manage_sql.c
@@ -3980,9 +3980,14 @@ valid_type (const char* type)
 int
 valid_subtype (const char* type)
 {
-  return (strcasecmp (type, "audit_report") == 0)
-         || (strcasecmp (type, "audit") == 0)
-         || (strcasecmp (type, "policy") == 0);
+  #if COMPLIANCE_REPORTS == 1
+    return (strcasecmp (type, "audit_report") == 0)
+          || (strcasecmp (type, "audit") == 0)
+          || (strcasecmp (type, "policy") == 0);
+  #else
+    return (strcasecmp (type, "audit") == 0)
+          || (strcasecmp (type, "policy") == 0);
+  #endif
 }
 
 /**
@@ -22033,6 +22038,7 @@ report_iterator_opts_table (int override, int min_qod)
                           min_qod);
 }
 
+#if COMPLIANCE_REPORTS == 1
 /**
  * @brief Return SQL WHERE for restricting a SELECT to compliance statuses.
  *
@@ -22090,7 +22096,7 @@ where_compliance_status (const char *compliance)
 
    return g_string_free (compliance_sql, FALSE);;
 }
-
+#endif
 
 /**
  * @brief  Generate an extra WHERE clause for selecting reports
@@ -22104,9 +22110,9 @@ where_compliance_status (const char *compliance)
 static gchar *
 reports_extra_where (int trash, const gchar *filter, const char *usage_type)
 {
-  gchar *extra_where = NULL;
-  gchar *usage_type_clause, *trash_clause, *compliance_clause = NULL;
-  gchar *compliance_filter = NULL;
+
+  GString *extra_where = g_string_new ("");
+  gchar *trash_clause;
 
   if (trash)
     {
@@ -22122,36 +22128,37 @@ reports_extra_where (int trash, const gchar *filter, const char *usage_type)
     }
 
 
-  if (usage_type && strcmp (usage_type, ""))
-    {
-      gchar *quoted_usage_type;
-      quoted_usage_type = sql_quote (usage_type);
-      usage_type_clause = g_strdup_printf (" AND task in (SELECT id from tasks"
-                                           "              WHERE usage_type='%s')",
-                                           quoted_usage_type);
-      
-      g_free (quoted_usage_type);
-    }
-  else
-    usage_type_clause = NULL;
+  g_string_append_printf(extra_where, "%s", trash_clause);
+  g_free (trash_clause);
 
-  if (filter)
-    compliance_filter = filter_term_value(filter, "report_compliance_levels");
+  #if COMPLIANCE_REPORTS == 1
+    gchar *usage_type_clause, *compliance_clause = NULL;
+    gchar *compliance_filter = NULL;
+    if (usage_type && strcmp (usage_type, ""))
+      {
+        gchar *quoted_usage_type;
+        quoted_usage_type = sql_quote (usage_type);
+        usage_type_clause = g_strdup_printf (" AND task in (SELECT id from tasks"
+                                            "              WHERE usage_type='%s')",
+                                            quoted_usage_type);
 
-  compliance_clause = where_compliance_status (compliance_filter ?: "yniu");
-  
+        g_free (quoted_usage_type);
+      }
+    else
+      usage_type_clause = NULL;
 
-  extra_where = g_strdup_printf("%s%s%s",
-                                trash_clause,
-                                usage_type_clause ?: "",
-                                compliance_clause ?: "");
+    if (filter)
+      compliance_filter = filter_term_value(filter, "report_compliance_levels");
 
-  g_free (compliance_filter);
-  g_free (trash_clause);
-  g_free (compliance_clause);
-  g_free (usage_type_clause);
+    compliance_clause = where_compliance_status (compliance_filter ?: "yniu");
 
-  return extra_where;
+    g_string_append_printf (extra_where, "%s%s", usage_type_clause ?: "", compliance_clause ?: "");
+    g_free (compliance_filter);
+    g_free (compliance_clause);
+    g_free (usage_type_clause);
+  #endif
+
+  return g_string_free (extra_where, FALSE);
 }
 
 /**
@@ -25967,6 +25974,7 @@ report_counts_id_full (report_t report, int* holes, int* infos,
   return 0;
 }
 
+#if COMPLIANCE_REPORTS == 1
 /**
  * @brief Get the compliance state from compliance counts.
  *
@@ -26111,7 +26119,7 @@ report_compliance_counts (report_t report,
 
   return 0;
 }
-
+#endif
 
 
 /**
@@ -28437,7 +28445,52 @@ print_report_host_xml (FILE *stream,
     PRINT (stream,
             "<asset asset_id=\"\"/>");
 
-  if (strcmp (usage_type, "audit"))
+  #if COMPLIANCE_REPORTS == 1
+    if (strcmp (usage_type, "audit") == 0)
+      {
+        int yes_count, no_count, incomplete_count, undefined_count;
+
+        yes_count
+          = GPOINTER_TO_INT
+              (g_hash_table_lookup (f_host_compliant, current_host));
+        no_count
+          = GPOINTER_TO_INT
+              (g_hash_table_lookup (f_host_notcompliant, current_host));
+        incomplete_count
+          = GPOINTER_TO_INT
+              (g_hash_table_lookup (f_host_incomplete, current_host));
+        undefined_count
+          = GPOINTER_TO_INT
+              (g_hash_table_lookup (f_host_undefined, current_host));
+
+        PRINT (stream,
+              "<start>%s</start>"
+              "<end>%s</end>"
+              "<port_count><page>%d</page></port_count>"
+              "<compliance_count>"
+              "<page>%d</page>"
+              "<yes><page>%d</page></yes>"
+              "<no><page>%d</page></no>"
+              "<incomplete><page>%d</page></incomplete>"
+              "<undefined><page>%d</page></undefined>"
+              "</compliance_count>"
+              "<host_compliance>%s</host_compliance>",
+              host_iterator_start_time (hosts),
+              host_iterator_end_time (hosts)
+                ? host_iterator_end_time (hosts)
+                : "",
+              ports_count,
+              (yes_count + no_count + incomplete_count + undefined_count),
+              yes_count,
+              no_count,
+              incomplete_count,
+              undefined_count,
+              report_compliance_from_counts (&yes_count,
+                                              &no_count,
+                                              &incomplete_count,
+                                              &undefined_count));
+      } else
+  #endif
     {
       int holes_count, warnings_count, infos_count;
       int logs_count, false_positives_count;
@@ -28484,50 +28537,6 @@ print_report_host_xml (FILE *stream,
             logs_count,
             false_positives_count);
     }
-  else
-    {
-      int yes_count, no_count, incomplete_count, undefined_count;
-
-      yes_count
-        = GPOINTER_TO_INT
-            (g_hash_table_lookup (f_host_compliant, current_host));
-      no_count
-        = GPOINTER_TO_INT
-            (g_hash_table_lookup (f_host_notcompliant, current_host));
-      incomplete_count
-        = GPOINTER_TO_INT
-            (g_hash_table_lookup (f_host_incomplete, current_host));
-      undefined_count
-        = GPOINTER_TO_INT
-            (g_hash_table_lookup (f_host_undefined, current_host));
-
-      PRINT (stream,
-            "<start>%s</start>"
-            "<end>%s</end>"
-            "<port_count><page>%d</page></port_count>"
-            "<compliance_count>"
-            "<page>%d</page>"
-            "<yes><page>%d</page></yes>"
-            "<no><page>%d</page></no>"
-            "<incomplete><page>%d</page></incomplete>"
-            "<undefined><page>%d</page></undefined>"
-            "</compliance_count>"
-            "<host_compliance>%s</host_compliance>",
-            host_iterator_start_time (hosts),
-            host_iterator_end_time (hosts)
-              ? host_iterator_end_time (hosts)
-              : "",
-            ports_count,
-            (yes_count + no_count + incomplete_count + undefined_count),
-            yes_count,
-            no_count,
-            incomplete_count,
-            undefined_count,
-            report_compliance_from_counts (&yes_count,
-                                           &no_count,
-                                           &incomplete_count,
-                                           &undefined_count));
-    }
 
   if (print_report_host_details_xml
         (host_iterator_report_host (hosts), stream, lean))
@@ -29641,7 +29650,8 @@ print_v2_report_delta_xml (FILE *out, iterator_t *results,
   *orig_filtered_result_count = *filtered_result_count;
   gchar *usage_type = NULL;
 
-  if (task && task_usage_type(task, &usage_type)) return -1;
+  if (task && task_usage_type(task, &usage_type))
+    return -1;
 
   ports = g_tree_new_full ((GCompareDataFunc) strcmp, NULL, g_free,
                            (GDestroyNotify) free_host_ports);
@@ -29652,7 +29662,30 @@ print_v2_report_delta_xml (FILE *out, iterator_t *results,
 
     if (strchr (delta_states, state[0]) == NULL) continue;
 
-    if (strcmp (usage_type, "audit")) 
+    #if COMPLIANCE_REPORTS == 1
+      if (strcmp (usage_type, "audit") == 0)
+        {
+            const char* compliance;
+            compliance = result_iterator_compliance (results);
+            (*f_compliance_count)++;
+            if (strcasecmp (compliance, "yes") == 0)
+              {
+                  (*f_compliance_yes)++;
+              }
+            else if (strcasecmp (compliance, "no") == 0)
+              {
+                  (*f_compliance_no)++;
+              }
+            else if (strcasecmp (compliance, "incomplete") == 0)
+              {
+                  (*f_compliance_incomplete)++;
+              }
+            else if (strcasecmp (compliance, "undefined") == 0)
+              {
+                  (*f_compliance_undefined)++;
+              }
+        } else
+    #endif
       {
         const char *level;
         /* Increase the result count. */
@@ -29685,28 +29718,6 @@ print_v2_report_delta_xml (FILE *out, iterator_t *results,
             (*f_false_positives)++;
           }
       }
-    else
-      {
-          const char* compliance;
-          compliance = result_iterator_compliance (results);
-          (*f_compliance_count)++;
-          if (strcasecmp (compliance, "yes") == 0)
-            {              
-                (*f_compliance_yes)++;
-            }
-          else if (strcasecmp (compliance, "no") == 0)
-            {
-                (*f_compliance_no)++;
-            }      
-          else if (strcasecmp (compliance, "incomplete") == 0)
-            {
-                (*f_compliance_incomplete)++;
-            }
-          else if (strcasecmp (compliance, "undefined") == 0)
-            {
-                (*f_compliance_undefined)++;
-            }            
-      }
 
     buffer_results_xml (buffer,
                         results,
@@ -29839,11 +29850,9 @@ print_report_xml_start (report_t report, report_t delta, task_t task,
   GHashTable  *f_host_incomplete, *f_host_undefined;
   task_status_t run_status;
   gchar *tsk_usage_type = NULL;
-  int compliance_yes, compliance_no;
-  int compliance_incomplete, compliance_undefined;
   int f_compliance_yes, f_compliance_no;
   int f_compliance_incomplete, f_compliance_undefined;
-  int total_compliance_count, f_compliance_count;
+  int f_compliance_count;
 
   int delta_reports_version = 0;
 
@@ -29856,7 +29865,7 @@ print_report_xml_start (report_t report, report_t delta, task_t task,
   min_qod = NULL;
   search_phrase = NULL;
   total_result_count = filtered_result_count = 0;
-  total_compliance_count = f_compliance_count = 0;
+  f_compliance_count = 0;
   orig_filtered_result_count = 0;
   orig_f_false_positives = orig_f_warnings = orig_f_logs = orig_f_infos = 0;
   orig_f_holes = 0;
@@ -29947,14 +29956,11 @@ print_report_xml_start (report_t report, report_t delta, task_t task,
 
   levels = levels ? levels : g_strdup ("hmlgdf");
 
-  compliance_levels = compliance_levels ? compliance_levels : g_strdup ("yniu");
-
   if (task && (task_uuid (task, &tsk_uuid) || task_usage_type(task, &tsk_usage_type)))
     {
       fclose (out);
       g_free (term);
       g_free (levels);
-      g_free (compliance_levels);
       g_free (search_phrase);
       g_free (min_qod);
       g_free (delta_states);
@@ -30027,7 +30033,6 @@ print_report_xml_start (report_t report, report_t delta, task_t task,
         {
           free (uuid);
           g_free (levels);
-          g_free (compliance_levels);
           g_free (search_phrase);
           g_free (min_qod);
           g_free (delta_states);
@@ -30062,7 +30067,9 @@ print_report_xml_start (report_t report, report_t delta, task_t task,
   if (report)
     {
       /* Get total counts of full results. */
-      if (strcmp (tsk_usage_type, "audit"))
+      #if COMPLIANCE_REPORTS == 1
+        if (strcmp (tsk_usage_type, "audit"))
+      #endif
         {
           if (delta == 0)
             {         
@@ -30200,7 +30207,22 @@ print_report_xml_start (report_t report, report_t delta, task_t task,
 
   filters_extra_buffer = g_string_new ("");
 
-  if (strcmp (tsk_usage_type, "audit"))
+  #if COMPLIANCE_REPORTS == 1
+    if (strcmp (tsk_usage_type, "audit") == 0)
+      {
+        compliance_levels = compliance_levels ? compliance_levels : g_strdup ("yniu");
+
+        if (strchr (compliance_levels, 'y'))
+          g_string_append (filters_extra_buffer, "<filter>Yes</filter>");
+        if (strchr (compliance_levels, 'n'))
+          g_string_append (filters_extra_buffer, "<filter>No</filter>");
+        if (strchr (compliance_levels, 'i'))
+          g_string_append (filters_extra_buffer, "<filter>Incomplete</filter>");
+        if (strchr (compliance_levels, 'u'))
+          g_string_append (filters_extra_buffer, "<filter>Undefined</filter>");
+      }
+    else
+  #endif
     {
       if (strchr (levels, 'h'))
         g_string_append (filters_extra_buffer, "<filter>High</filter>");
@@ -30213,17 +30235,6 @@ print_report_xml_start (report_t report, report_t delta, task_t task,
       if (strchr (levels, 'f'))
         g_string_append (filters_extra_buffer, "<filter>False Positive</filter>");
     }
-  else
-    {
-      if (strchr (compliance_levels, 'y'))
-        g_string_append (filters_extra_buffer, "<filter>Yes</filter>");
-      if (strchr (compliance_levels, 'n'))
-        g_string_append (filters_extra_buffer, "<filter>No</filter>");
-      if (strchr (compliance_levels, 'i'))
-        g_string_append (filters_extra_buffer, "<filter>Incomplete</filter>");
-      if (strchr (compliance_levels, 'u'))
-        g_string_append (filters_extra_buffer, "<filter>Undefined</filter>");
-    }
 
   if (delta)
     {
@@ -30488,56 +30499,60 @@ print_report_xml_start (report_t report, report_t delta, task_t task,
     }
 
   /* Prepare result counts. */
+  #if COMPLIANCE_REPORTS == 1
+    int compliance_yes, compliance_no;
+    int compliance_incomplete, compliance_undefined;
+    int total_compliance_count = 0;
 
-  if (strcmp (tsk_usage_type, "audit") == 0)
-    {
-      report_compliance_counts (report, get, &compliance_yes, &compliance_no,
-                                &compliance_incomplete, &compliance_undefined);
+    if (strcmp (tsk_usage_type, "audit") == 0)
+      {
+        report_compliance_counts (report, get, &compliance_yes, &compliance_no,
+                                  &compliance_incomplete, &compliance_undefined);
 
-      total_compliance_count = compliance_yes 
-                               + compliance_no 
-                               + compliance_incomplete
-                               + compliance_undefined;
+        total_compliance_count = compliance_yes
+                                + compliance_no
+                                + compliance_incomplete
+                                + compliance_undefined;
 
-      f_compliance_yes = f_compliance_no = 0;
-      f_compliance_incomplete = f_compliance_undefined = 0;
+        f_compliance_yes = f_compliance_no = 0;
+        f_compliance_incomplete = f_compliance_undefined = 0;
 
-      if (count_filtered == 0)
-        {
-          report_compliance_f_counts (report, 
-                                      get, 
-                                      &f_compliance_yes,
-                                      &f_compliance_no, 
-                                      &f_compliance_incomplete,
-                                      &f_compliance_undefined);
-          
-          f_compliance_count = f_compliance_yes 
-                               + f_compliance_no
-                               + f_compliance_incomplete
-                               + f_compliance_undefined;
-        }
-    }
-  else
-    {
-      if (count_filtered)
-        {
-          /* We're getting all the filtered results, so we can count them as we
-          * print them, to save time. */
+        if (count_filtered == 0)
+          {
+            report_compliance_f_counts (report,
+                                        get,
+                                        &f_compliance_yes,
+                                        &f_compliance_no,
+                                        &f_compliance_incomplete,
+                                        &f_compliance_undefined);
 
-          report_counts_id_full (report, &holes, &infos, &logs,
-                                &warnings, &false_positives, &severity,
-                                get, NULL, NULL, NULL, NULL, NULL, NULL, NULL);
+            f_compliance_count = f_compliance_yes
+                                + f_compliance_no
+                                + f_compliance_incomplete
+                                + f_compliance_undefined;
+          }
+      } else
+  #endif
+  {
+    if (count_filtered)
+      {
+        /* We're getting all the filtered results, so we can count them as we
+        * print them, to save time. */
 
-          f_holes = f_infos = f_logs = f_warnings = 0;
-          f_false_positives = f_severity = 0;
-        }
-      else
-          report_counts_id_full (report, &holes, &infos, &logs,
-                                &warnings, &false_positives, &severity,
-                                get, NULL,
-                                &f_holes, &f_infos, &f_logs, &f_warnings,
-                                &f_false_positives, &f_severity);   
-    }
+        report_counts_id_full (report, &holes, &infos, &logs,
+                              &warnings, &false_positives, &severity,
+                              get, NULL, NULL, NULL, NULL, NULL, NULL, NULL);
+
+        f_holes = f_infos = f_logs = f_warnings = 0;
+        f_false_positives = f_severity = 0;
+      }
+    else
+        report_counts_id_full (report, &holes, &infos, &logs,
+                              &warnings, &false_positives, &severity,
+                              get, NULL,
+                              &f_holes, &f_infos, &f_logs, &f_warnings,
+                              &f_false_positives, &f_severity);
+  }
 
   /* Results. */
 
@@ -30602,31 +30617,31 @@ print_report_xml_start (report_t report, report_t delta, task_t task,
     /* Quiet erroneous compiler warning. */
     result_hosts = NULL;
 
-  if (strcmp (tsk_usage_type, "audit"))
-    {
-      f_host_holes = g_hash_table_new_full (g_str_hash, g_str_equal,
-                                            g_free, NULL);
-      f_host_warnings = g_hash_table_new_full (g_str_hash, g_str_equal,
-                                              g_free, NULL);
-      f_host_infos = g_hash_table_new_full (g_str_hash, g_str_equal,
-                                          g_free, NULL);
-      f_host_logs = g_hash_table_new_full (g_str_hash, g_str_equal,
+  #if COMPLIANCE_REPORTS == 1
+    if (strcmp (tsk_usage_type, "audit") == 0)
+      {
+        f_host_compliant = g_hash_table_new_full (g_str_hash, g_str_equal,
+                                                  g_free, NULL);
+        f_host_notcompliant = g_hash_table_new_full (g_str_hash, g_str_equal,
+                                                     g_free, NULL);
+        f_host_incomplete = g_hash_table_new_full (g_str_hash, g_str_equal,
+                                                   g_free, NULL);
+        f_host_undefined = g_hash_table_new_full (g_str_hash, g_str_equal,
+                                                  g_free, NULL);
+      } else
+  #endif
+  {
+    f_host_holes = g_hash_table_new_full (g_str_hash, g_str_equal,
                                           g_free, NULL);
-      f_host_false_positives = g_hash_table_new_full (g_str_hash, g_str_equal,
-                                                      g_free, NULL);
-    }
-  else
-    {
-      f_host_compliant = g_hash_table_new_full (g_str_hash, g_str_equal,
-                                                      g_free, NULL);
-      f_host_notcompliant = g_hash_table_new_full (g_str_hash, g_str_equal,
-                                                      g_free, NULL);
-      f_host_incomplete = g_hash_table_new_full (g_str_hash, g_str_equal,
-                                                      g_free, NULL);
-      f_host_undefined = g_hash_table_new_full (g_str_hash, g_str_equal,
-                                                      g_free, NULL);                                                      
-    }
-
+    f_host_warnings = g_hash_table_new_full (g_str_hash, g_str_equal,
+                                            g_free, NULL);
+    f_host_infos = g_hash_table_new_full (g_str_hash, g_str_equal,
+                                        g_free, NULL);
+    f_host_logs = g_hash_table_new_full (g_str_hash, g_str_equal,
+                                        g_free, NULL);
+    f_host_false_positives = g_hash_table_new_full (g_str_hash, g_str_equal,
+                                                    g_free, NULL);
+  }
 
   if (delta && get->details)
     {
@@ -30649,36 +30664,7 @@ print_report_xml_start (report_t report, report_t delta, task_t task,
                                       &orig_f_false_positives, 
                                       &f_false_positives,
                                       result_hosts))
-            {
-              fclose (out);
-              g_free (sort_field);
-              g_free (levels);
-              g_free (compliance_levels);
-              g_free (search_phrase);
-              g_free (min_qod);
-              g_free (delta_states);
-              cleanup_iterator (&results);
-              cleanup_iterator (&delta_results);
-              tz_revert (zone, tz, old_tz_override);
-              g_hash_table_destroy (f_host_ports);
-              if (strcmp (tsk_usage_type, "audit"))
-                {
-                  g_hash_table_destroy (f_host_holes);
-                  g_hash_table_destroy (f_host_warnings);
-                  g_hash_table_destroy (f_host_infos);
-                  g_hash_table_destroy (f_host_logs);
-                  g_hash_table_destroy (f_host_false_positives);
-
-                }
-              else
-                {
-                  g_hash_table_destroy (f_host_compliant);
-                  g_hash_table_destroy (f_host_notcompliant);
-                  g_hash_table_destroy (f_host_incomplete);
-                  g_hash_table_destroy (f_host_undefined);
-                }
-              return -1;
-            }
+          goto failed_delta_report;
         } 
       else 
         {
@@ -30703,35 +30689,7 @@ print_report_xml_start (report_t report, report_t delta, task_t task,
                                         &f_compliance_undefined,
                                         &f_compliance_count,
                                         result_hosts))
-            {
-              fclose (out);
-              g_free (sort_field);
-              g_free (levels);
-              g_free (compliance_levels);
-              g_free (search_phrase);
-              g_free (min_qod);
-              g_free (delta_states);
-              cleanup_iterator (&results);
-              cleanup_iterator (&delta_results);
-              tz_revert (zone, tz, old_tz_override);
-              g_hash_table_destroy (f_host_ports);
-              if (strcmp (tsk_usage_type, "audit"))
-                {
-                    g_hash_table_destroy (f_host_holes);
-                    g_hash_table_destroy (f_host_warnings);
-                    g_hash_table_destroy (f_host_infos);
-                    g_hash_table_destroy (f_host_logs);
-                    g_hash_table_destroy (f_host_false_positives);
-                }
-              else
-                {
-                    g_hash_table_destroy (f_host_compliant);
-                    g_hash_table_destroy (f_host_notcompliant);
-                    g_hash_table_destroy (f_host_incomplete);
-                    g_hash_table_destroy (f_host_undefined);                
-                }
-              return -1;
-            }
+            goto failed_delta_report;
         }
     }
   else if (get->details)
@@ -30767,107 +30725,108 @@ print_report_xml_start (report_t report, report_t delta, task_t task,
             array_add_new_string (result_hosts,
                                   result_iterator_host (&results));
 
-          if (strcmp (tsk_usage_type, "audit"))
-            {
-              double result_severity;
-              result_severity = result_iterator_severity_double (&results);
-              if (result_severity > f_severity)
-                f_severity = result_severity;
+          #if COMPLIANCE_REPORTS == 1
+            if (strcmp (tsk_usage_type, "audit") == 0)
+              {
+                const char* compliance;
+                compliance = result_iterator_compliance (&results);
 
-              level = result_iterator_level (&results);
+                if (strcasecmp (compliance, "yes") == 0)
+                  {
+                    f_host_result_counts = f_host_compliant;
+                    if (count_filtered)
+                      f_compliance_yes++;
+                  }
+                else if (strcasecmp (compliance, "no") == 0)
+                  {
+                    f_host_result_counts = f_host_notcompliant;
+                    if (count_filtered)
+                      f_compliance_no++;
+                  }
+                else if (strcasecmp (compliance, "incomplete") == 0)
+                  {
+                    f_host_result_counts = f_host_incomplete;
+                    if (count_filtered)
+                      f_compliance_incomplete++;
+                  }
+                else if (strcasecmp (compliance, "undefined") == 0)
+                  {
+                    f_host_result_counts = f_host_undefined;
+                    if (count_filtered)
+                      f_compliance_undefined++;
+                  }
+                else
+                  {
+                    f_host_result_counts = NULL;
+                  }
 
-              if (strcasecmp (level, "log") == 0)
-                {
-                  f_host_result_counts = f_host_logs;
-                  if (count_filtered)
-                    f_logs++;
-                }
-              else if (strcasecmp (level, "high") == 0)
-                {
-                  f_host_result_counts = f_host_holes;
-                  if (count_filtered)
-                    f_holes++;
-                }
-              else if (strcasecmp (level, "medium") == 0)
-                {
-                  f_host_result_counts = f_host_warnings;
-                  if (count_filtered)
-                    f_warnings++;
-                }
-              else if (strcasecmp (level, "low") == 0)
-                {
-                  f_host_result_counts = f_host_infos;
-                  if (count_filtered)
-                    f_infos++;
-                }
-              else if (strcasecmp (level, "false positive") == 0)
-                {
-                  f_host_result_counts = f_host_false_positives;
-                  if (count_filtered)
-                    f_false_positives++;
+                if (f_host_result_counts)
+                  {
+                    const char *result_host = result_iterator_host (&results);
+                    int result_count
+                          = GPOINTER_TO_INT
+                              (g_hash_table_lookup (f_host_result_counts,
+                                                    result_host));
+
+                    g_hash_table_replace (f_host_result_counts,
+                                          g_strdup (result_host),
+                                          GINT_TO_POINTER (result_count + 1));
                 }
-              else
-                f_host_result_counts = NULL;
+              } else
+          #endif
+          {
+            double result_severity;
+            result_severity = result_iterator_severity_double (&results);
+            if (result_severity > f_severity)
+              f_severity = result_severity;
 
-              if (f_host_result_counts)
-                {
-                  const char *result_host = result_iterator_host (&results);
-                  int result_count
-                        = GPOINTER_TO_INT
-                            (g_hash_table_lookup (f_host_result_counts, result_host));
-
-                  g_hash_table_replace (f_host_result_counts,
-                                        g_strdup (result_host),
-                                        GINT_TO_POINTER (result_count + 1));
-                }
-            }
-          else
-            {
-              const char* compliance;
-              compliance = result_iterator_compliance (&results);
+            level = result_iterator_level (&results);
 
-              if (strcasecmp (compliance, "yes") == 0)
-                {
-                  f_host_result_counts = f_host_compliant;
-                  if (count_filtered)                  
-                    f_compliance_yes++;
-                }
-              else if (strcasecmp (compliance, "no") == 0)
-                {
-                  f_host_result_counts = f_host_notcompliant;
-                  if (count_filtered)                  
-                    f_compliance_no++;
-                }      
-              else if (strcasecmp (compliance, "incomplete") == 0)
-                {
-                  f_host_result_counts = f_host_incomplete;
-                  if (count_filtered)                  
-                    f_compliance_incomplete++;
-                }
-              else if (strcasecmp (compliance, "undefined") == 0)
-                {
-                  f_host_result_counts = f_host_undefined;
-                  if (count_filtered)                  
-                    f_compliance_undefined++;
-                }                
-              else
-                {
-                  f_host_result_counts = NULL;
-                }
+            if (strcasecmp (level, "log") == 0)
+              {
+                f_host_result_counts = f_host_logs;
+                if (count_filtered)
+                  f_logs++;
+              }
+            else if (strcasecmp (level, "high") == 0)
+              {
+                f_host_result_counts = f_host_holes;
+                if (count_filtered)
+                  f_holes++;
+              }
+            else if (strcasecmp (level, "medium") == 0)
+              {
+                f_host_result_counts = f_host_warnings;
+                if (count_filtered)
+                  f_warnings++;
+              }
+            else if (strcasecmp (level, "low") == 0)
+              {
+                f_host_result_counts = f_host_infos;
+                if (count_filtered)
+                  f_infos++;
+              }
+            else if (strcasecmp (level, "false positive") == 0)
+              {
+                f_host_result_counts = f_host_false_positives;
+                if (count_filtered)
+                  f_false_positives++;
+              }
+            else
+              f_host_result_counts = NULL;
 
-              if (f_host_result_counts)
-                {
-                  const char *result_host = result_iterator_host (&results);
-                  int result_count
-                        = GPOINTER_TO_INT
-                            (g_hash_table_lookup (f_host_result_counts, 
-                                                  result_host));
-
-                  g_hash_table_replace (f_host_result_counts,
-                                        g_strdup (result_host),
-                                        GINT_TO_POINTER (result_count + 1));
-                }
-            }
+            if (f_host_result_counts)
+              {
+                const char *result_host = result_iterator_host (&results);
+                int result_count
+                      = GPOINTER_TO_INT
+                          (g_hash_table_lookup (f_host_result_counts, result_host));
+
+                g_hash_table_replace (f_host_result_counts,
+                                      g_strdup (result_host),
+                                      GINT_TO_POINTER (result_count + 1));
+              }
+          }
 
         }
       PRINT (out, "</results>");
@@ -30879,131 +30838,131 @@ print_report_xml_start (report_t report, report_t delta, task_t task,
 
   /* Print result counts and severity. */
 
-  if (strcmp (tsk_usage_type, "audit"))
-    {
-      if (delta)
-        /** @todo The f_holes, etc. vars are setup to give the page count. */
-        PRINT (out,
-              "<result_count>"
-              "<filtered>%i</filtered>"
-              "<hole><filtered>%i</filtered></hole>"
-              "<info><filtered>%i</filtered></info>"
-              "<log><filtered>%i</filtered></log>"
-              "<warning><filtered>%i</filtered></warning>"
-              "<false_positive>"
-              "<filtered>%i</filtered>"
-              "</false_positive>"
-              "</result_count>",
-              orig_filtered_result_count,
-              (strchr (levels, 'h') ? orig_f_holes : 0),
-              (strchr (levels, 'l') ? orig_f_infos : 0),
-              (strchr (levels, 'g') ? orig_f_logs : 0),
-              (strchr (levels, 'm') ? orig_f_warnings : 0),
-              (strchr (levels, 'f') ? orig_f_false_positives : 0));
-      else
-        {
-          if (count_filtered)
-            filtered_result_count = f_holes + f_infos + f_logs
-                                    + f_warnings + false_positives;
-
+  #if COMPLIANCE_REPORTS == 1
+    if (strcmp (tsk_usage_type, "audit") == 0)
+      {
+        if (delta)
           PRINT (out,
-                "<result_count>"
-                "%i"
-                "<full>%i</full>"
+                "<compliance_count>"
                 "<filtered>%i</filtered>"
-                "<hole><full>%i</full><filtered>%i</filtered></hole>"
-                "<info><full>%i</full><filtered>%i</filtered></info>"
-                "<log><full>%i</full><filtered>%i</filtered></log>"
-                "<warning><full>%i</full><filtered>%i</filtered></warning>"
-                "<false_positive>"
+                "<yes><filtered>%i</filtered></yes>"
+                "<no><filtered>%i</filtered></no>"
+                "<incomplete><filtered>%i</filtered></incomplete>"
+                "<undefined><filtered>%i</filtered></undefined>"
+                "</compliance_count>",
+                f_compliance_count,
+                (strchr (compliance_levels, 'y') ? f_compliance_yes : 0),
+                (strchr (compliance_levels, 'n') ? f_compliance_no : 0),
+                (strchr (compliance_levels, 'i') ? f_compliance_incomplete : 0),
+                (strchr (compliance_levels, 'u') ? f_compliance_undefined : 0));
+        else
+          {
+            if (count_filtered)
+              f_compliance_count = f_compliance_yes
+                                    + f_compliance_no
+                                    + f_compliance_incomplete
+                                    + f_compliance_undefined;
+            PRINT (out,
+                "<compliance_count>"
+                "%i"
                 "<full>%i</full>"
                 "<filtered>%i</filtered>"
-                "</false_positive>"
-                "</result_count>",
-                total_result_count,
-                total_result_count,
-                filtered_result_count,
-                holes,
-                (strchr (levels, 'h') ? f_holes : 0),
-                infos,
-                (strchr (levels, 'l') ? f_infos : 0),
-                logs,
-                (strchr (levels, 'g') ? f_logs : 0),
-                warnings,
-                (strchr (levels, 'm') ? f_warnings : 0),
-                false_positives,
-                (strchr (levels, 'f') ? f_false_positives : 0));
+                "<yes><full>%i</full><filtered>%i</filtered></yes>"
+                "<no><full>%i</full><filtered>%i</filtered></no>"
+                "<incomplete><full>%i</full><filtered>%i</filtered></incomplete>"
+                "<undefined><full>%i</full><filtered>%i</filtered></undefined>"
+                "</compliance_count>",
+                total_compliance_count,
+                total_compliance_count,
+                f_compliance_count,
+                compliance_yes,
+                (strchr (compliance_levels, 'y') ? f_compliance_yes : 0),
+                compliance_no,
+                (strchr (compliance_levels, 'n') ? f_compliance_no : 0),
+                compliance_incomplete,
+                (strchr (compliance_levels, 'i') ? f_compliance_incomplete : 0),
+                compliance_undefined,
+                (strchr (compliance_levels, 'i') ? f_compliance_undefined : 0));
+
+            PRINT (out,
+                  "<compliance>"
+                  "<full>%s</full>"
+                  "<filtered>%s</filtered>"
+                  "</compliance>",
+                  report_compliance_from_counts (&compliance_yes,
+                                                  &compliance_no,
+                                                  &compliance_incomplete,
+                                                  &compliance_undefined),
+                  report_compliance_from_counts (&f_compliance_yes,
+                                                  &f_compliance_no,
+                                                  &f_compliance_incomplete,
+                                                  &f_compliance_undefined));
+          }
+    } else
+  #endif
+  {
+    if (delta)
+      /** @todo The f_holes, etc. vars are setup to give the page count. */
+      PRINT (out,
+            "<result_count>"
+            "<filtered>%i</filtered>"
+            "<hole><filtered>%i</filtered></hole>"
+            "<info><filtered>%i</filtered></info>"
+            "<log><filtered>%i</filtered></log>"
+            "<warning><filtered>%i</filtered></warning>"
+            "<false_positive>"
+            "<filtered>%i</filtered>"
+            "</false_positive>"
+            "</result_count>",
+            orig_filtered_result_count,
+            (strchr (levels, 'h') ? orig_f_holes : 0),
+            (strchr (levels, 'l') ? orig_f_infos : 0),
+            (strchr (levels, 'g') ? orig_f_logs : 0),
+            (strchr (levels, 'm') ? orig_f_warnings : 0),
+            (strchr (levels, 'f') ? orig_f_false_positives : 0));
+    else
+      {
+        if (count_filtered)
+          filtered_result_count = f_holes + f_infos + f_logs
+                                  + f_warnings + false_positives;
 
-          PRINT (out,
-                "<severity>"
-                "<full>%1.1f</full>"
-                "<filtered>%1.1f</filtered>"
-                "</severity>",
-                severity,
-                f_severity);
-        }
-    }
-  else
-    {
-      if (delta)
         PRINT (out,
-              "<compliance_count>"
-              "<filtered>%i</filtered>"
-              "<yes><filtered>%i</filtered></yes>"
-              "<no><filtered>%i</filtered></no>"
-              "<incomplete><filtered>%i</filtered></incomplete>"
-              "<undefined><filtered>%i</filtered></undefined>"
-              "</compliance_count>",
-              f_compliance_count,
-              (strchr (compliance_levels, 'y') ? f_compliance_yes : 0),
-              (strchr (compliance_levels, 'n') ? f_compliance_no : 0),
-              (strchr (compliance_levels, 'i') ? f_compliance_incomplete : 0),
-              (strchr (compliance_levels, 'u') ? f_compliance_undefined : 0));
-      else
-        {
-          if (count_filtered)
-            f_compliance_count = f_compliance_yes
-                                 + f_compliance_no
-                                 + f_compliance_incomplete
-                                 + f_compliance_undefined;
-          PRINT (out,
-              "<compliance_count>"
+              "<result_count>"
               "%i"
               "<full>%i</full>"
               "<filtered>%i</filtered>"
-              "<yes><full>%i</full><filtered>%i</filtered></yes>"
-              "<no><full>%i</full><filtered>%i</filtered></no>"
-              "<incomplete><full>%i</full><filtered>%i</filtered></incomplete>"
-              "<undefined><full>%i</full><filtered>%i</filtered></undefined>"
-              "</compliance_count>",
-              total_compliance_count,
-              total_compliance_count,
-              f_compliance_count,
-              compliance_yes,
-              (strchr (compliance_levels, 'y') ? f_compliance_yes : 0),
-              compliance_no,
-              (strchr (compliance_levels, 'n') ? f_compliance_no : 0),
-              compliance_incomplete,
-              (strchr (compliance_levels, 'i') ? f_compliance_incomplete : 0),
-              compliance_undefined,
-              (strchr (compliance_levels, 'i') ? f_compliance_undefined : 0));
-
-          PRINT (out,
-                "<compliance>"
-                "<full>%s</full>"
-                "<filtered>%s</filtered>"
-                "</compliance>",
-                report_compliance_from_counts (&compliance_yes,
-                                               &compliance_no,
-                                               &compliance_incomplete,
-                                               &compliance_undefined),
-                report_compliance_from_counts (&f_compliance_yes,
-                                               &f_compliance_no,
-                                               &f_compliance_incomplete,
-                                               &f_compliance_undefined));
-        }
-    }
+              "<hole><full>%i</full><filtered>%i</filtered></hole>"
+              "<info><full>%i</full><filtered>%i</filtered></info>"
+              "<log><full>%i</full><filtered>%i</filtered></log>"
+              "<warning><full>%i</full><filtered>%i</filtered></warning>"
+              "<false_positive>"
+              "<full>%i</full>"
+              "<filtered>%i</filtered>"
+              "</false_positive>"
+              "</result_count>",
+              total_result_count,
+              total_result_count,
+              filtered_result_count,
+              holes,
+              (strchr (levels, 'h') ? f_holes : 0),
+              infos,
+              (strchr (levels, 'l') ? f_infos : 0),
+              logs,
+              (strchr (levels, 'g') ? f_logs : 0),
+              warnings,
+              (strchr (levels, 'm') ? f_warnings : 0),
+              false_positives,
+              (strchr (levels, 'f') ? f_false_positives : 0));
 
+        PRINT (out,
+              "<severity>"
+              "<full>%1.1f</full>"
+              "<filtered>%1.1f</filtered>"
+              "</severity>",
+              severity,
+              f_severity);
+      }
+  }
 
   if (host_summary)
     {
@@ -31034,45 +30993,25 @@ print_report_xml_start (report_t report, report_t delta, task_t task,
             }
           if (present)
             {
-              
-              if (print_report_host_xml (out,
-                                         &hosts,
-                                         result_host,
-                                         tsk_usage_type,
-                                         lean,
-                                         host_summary_buffer,
-                                         f_host_ports,
-                                         f_host_holes,
-                                         f_host_warnings,
-                                         f_host_infos,
-                                         f_host_logs,
-                                         f_host_false_positives,
-                                         f_host_compliant,
-                                         f_host_notcompliant,
-                                         f_host_incomplete,
-                                         f_host_undefined))
-                {
-                  tz_revert (zone, tz, old_tz_override);
-                  if (host_summary_buffer)
-                    g_string_free (host_summary_buffer, TRUE);
-                  g_hash_table_destroy (f_host_ports);
-                  if (strcmp (tsk_usage_type, "audit"))
-                    {
-                      g_hash_table_destroy (f_host_holes);
-                      g_hash_table_destroy (f_host_warnings);
-                      g_hash_table_destroy (f_host_infos);
-                      g_hash_table_destroy (f_host_logs);
-                      g_hash_table_destroy (f_host_false_positives);
+                if (print_report_host_xml (out,
+                                          &hosts,
+                                          result_host,
+                                          tsk_usage_type,
+                                          lean,
+                                          host_summary_buffer,
+                                          f_host_ports,
+                                          f_host_holes,
+                                          f_host_warnings,
+                                          f_host_infos,
+                                          f_host_logs,
+                                          f_host_false_positives,
+                                          f_host_compliant,
+                                          f_host_notcompliant,
+                                          f_host_incomplete,
+                                          f_host_undefined))
 
-                    }
-                  else
-                    {
-                      g_hash_table_destroy (f_host_compliant);
-                      g_hash_table_destroy (f_host_notcompliant);
-                      g_hash_table_destroy (f_host_incomplete);
-                      g_hash_table_destroy (f_host_undefined);
-                    }                  
-                  return -1;
+                {
+                    goto failed_print_report_host;
                 }
             }
           cleanup_iterator (&hosts);
@@ -31084,67 +31023,43 @@ print_report_xml_start (report_t report, report_t delta, task_t task,
       init_report_host_iterator (&hosts, report, NULL, 0);
       while (next (&hosts))
         {
-
           if (print_report_host_xml (out,
-                                     &hosts,
-                                     NULL,
-                                     tsk_usage_type,
-                                     lean,
-                                     host_summary_buffer,
-                                     f_host_ports,
-                                     f_host_holes,
-                                     f_host_warnings,
-                                     f_host_infos,
-                                     f_host_logs,
-                                     f_host_false_positives,
-                                     f_host_compliant,
-                                     f_host_notcompliant,
-                                     f_host_incomplete,
-                                     f_host_undefined))
-            {
-              tz_revert (zone, tz, old_tz_override);
-              if (host_summary_buffer)
-                g_string_free (host_summary_buffer, TRUE);
-              g_hash_table_destroy (f_host_ports);
-              if (strcmp (tsk_usage_type, "audit"))
-                {
-                  g_hash_table_destroy (f_host_holes);
-                  g_hash_table_destroy (f_host_warnings);
-                  g_hash_table_destroy (f_host_infos);
-                  g_hash_table_destroy (f_host_logs);
-                  g_hash_table_destroy (f_host_false_positives);
-
-                }
-              else
-                {
-                  g_hash_table_destroy (f_host_compliant);
-                  g_hash_table_destroy (f_host_notcompliant);
-                  g_hash_table_destroy (f_host_incomplete);
-                  g_hash_table_destroy (f_host_undefined);
-                }
-              return -1;
-            }
+                                    &hosts,
+                                    NULL,
+                                    tsk_usage_type,
+                                    lean,
+                                    host_summary_buffer,
+                                    f_host_ports,
+                                    f_host_holes,
+                                    f_host_warnings,
+                                    f_host_infos,
+                                    f_host_logs,
+                                    f_host_false_positives,
+                                    f_host_compliant,
+                                    f_host_notcompliant,
+                                    f_host_incomplete,
+                                    f_host_undefined))
+            goto failed_print_report_host;
         }
       cleanup_iterator (&hosts);
     }
-
-  if (strcmp (tsk_usage_type, "audit"))
-    {
-      g_hash_table_destroy (f_host_holes);
-      g_hash_table_destroy (f_host_warnings);
-      g_hash_table_destroy (f_host_infos);
-      g_hash_table_destroy (f_host_logs);
-      g_hash_table_destroy (f_host_false_positives);
-
-    }
-  else
-    {
-      g_hash_table_destroy (f_host_compliant);
-      g_hash_table_destroy (f_host_notcompliant);
-      g_hash_table_destroy (f_host_incomplete);
-      g_hash_table_destroy (f_host_undefined);  
-    }
-    g_hash_table_destroy (f_host_ports);
+  #if COMPLIANCE_REPORTS == 1
+    if (strcmp (tsk_usage_type, "audit") == 0)
+      {
+        g_hash_table_destroy (f_host_compliant);
+        g_hash_table_destroy (f_host_notcompliant);
+        g_hash_table_destroy (f_host_incomplete);
+        g_hash_table_destroy (f_host_undefined);
+      } else
+  #endif
+  {
+    g_hash_table_destroy (f_host_holes);
+    g_hash_table_destroy (f_host_warnings);
+    g_hash_table_destroy (f_host_infos);
+    g_hash_table_destroy (f_host_logs);
+    g_hash_table_destroy (f_host_false_positives);
+  }
+  g_hash_table_destroy (f_host_ports);
 
   /* Print TLS certificates */
 
@@ -31239,6 +31154,39 @@ print_report_xml_start (report_t report, report_t delta, task_t task,
     }
 
   return 0;
+
+  failed_delta_report:
+     fclose (out);
+     g_free (sort_field);
+     g_free (levels);
+     g_free (search_phrase);
+     g_free (min_qod);
+     g_free (delta_states);
+     cleanup_iterator (&results);
+     cleanup_iterator (&delta_results);
+  failed_print_report_host:
+    if (host_summary_buffer)
+        g_string_free (host_summary_buffer, TRUE);
+    tz_revert (zone, tz, old_tz_override);
+    g_hash_table_destroy (f_host_ports);
+    #if COMPLIANCE_REPORTS == 1
+      g_free (compliance_levels);
+      if (strcmp (tsk_usage_type, "audit") == 0)
+      {
+        g_hash_table_destroy (f_host_compliant);
+        g_hash_table_destroy (f_host_notcompliant);
+        g_hash_table_destroy (f_host_incomplete);
+        g_hash_table_destroy (f_host_undefined);
+      } else
+    #endif
+    {
+      g_hash_table_destroy (f_host_holes);
+      g_hash_table_destroy (f_host_warnings);
+      g_hash_table_destroy (f_host_infos);
+      g_hash_table_destroy (f_host_logs);
+      g_hash_table_destroy (f_host_false_positives);
+    }
+    return -1;
 }
 
 /**
@@ -53545,8 +53493,10 @@ modify_setting (const gchar *uuid, const gchar *name,
         setting_name = g_strdup ("Alerts Filter");
       else if (strcmp (uuid, "0f040d06-abf9-43a2-8f94-9de178b0e978") == 0)
         setting_name = g_strdup ("Assets Filter");
-      else if (strcmp (uuid, "45414da7-55f0-44c1-abbb-6b7d1126fbdf") == 0)
-        setting_name = g_strdup ("Audit Reports Filter");
+      #if COMPLIANCE_REPORTS == 1
+        else if (strcmp (uuid, "45414da7-55f0-44c1-abbb-6b7d1126fbdf") == 0)
+          setting_name = g_strdup ("Audit Reports Filter");
+      #endif
       else if (strcmp (uuid, "1a9fbd91-0182-44cd-bc88-a13a9b3b1bef") == 0)
         setting_name = g_strdup ("Configs Filter");
       else if (strcmp (uuid, "186a5ac8-fe5a-4fb1-aa22-44031fb339f3") == 0)
@@ -53670,9 +53620,10 @@ modify_setting (const gchar *uuid, const gchar *name,
         setting_name = g_strdup ("Reports Top Dashboard Configuration");
 
       /* Audit Reports dashboard settings */
-      else if (strcmp (uuid, "8083d77b-05bb-4b17-ab39-c81175cb512c") == 0)
-        setting_name = g_strdup ("Audit Reports Top Dashboard Configuration");      
-
+      #if COMPLIANCE_REPORTS == 1
+        else if (strcmp (uuid, "8083d77b-05bb-4b17-ab39-c81175cb512c") == 0)
+          setting_name = g_strdup ("Audit Reports Top Dashboard Configuration");
+      #endif
       /* Results dashboard settings */
       else if (strcmp (uuid, "0b8ae70d-d8fc-4418-8a72-e65ac8d2828e") == 0)
         setting_name = g_strdup ("Results Top Dashboard Configuration");
diff --git a/src/schema_formats/XML/GMP.xml.in b/src/schema_formats/XML/GMP.xml.in
index 96be5f2a4..31d24711a 100644
--- a/src/schema_formats/XML/GMP.xml.in
+++ b/src/schema_formats/XML/GMP.xml.in
@@ -68,13 +68,15 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
     </description>
     <pattern>xsd:token { pattern = "y?n?i?u?" }</pattern>
   </type>
+  @IF_COMPLIANCE_REPORTS@
   <type>
     <name>compliance_status</name>
     <summary>A compliance status</summary>
     <pattern>
       xsd:token { pattern = "yes|no|incomplete|undefined" }
     </pattern>
-  </type>  
+  </type>
+  @ENDIF_COMPLIANCE_REPORTS@
   <type>
     <name>ctime</name>
     <summary>A date and time, in the C `ctime' format</summary>
@@ -2214,10 +2216,16 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
             <e>permissions</e>
             <o><e>user_tags</e></o>
             <e>scan_run_status</e>
-            <o><e>result_count</e></o>
+            @IF_COMPLIANCE_REPORTS@
+            <o>
+            @ENDIF_COMPLIANCE_REPORTS@
+            <e>result_count</e>
+            <e>severity</e>
+            @IF_COMPLIANCE_REPORTS@
+            </o>
             <o><e>compliance_count</e></o>
-            <o><e>severity</e></o>
             <o><e>compliance</e></o>
+            @ENDIF_COMPLIANCE_REPORTS@
             <e>task</e>
             <e>ports</e>
             <e>results</e>
@@ -2544,7 +2552,7 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
       </ele>
       <ele>
         <name>result_count</name>
-        <summary>Counts of results produced by scan. Only for reports of a scan task</summary>
+        <summary>Counts of results produced by scan</summary>
         <description>
           <p>
             The text contains the full count -- the total number of results
@@ -2651,12 +2659,13 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
           </ele>
         </ele>
       </ele>
+      @IF_COMPLIANCE_REPORTS@
       <ele>
         <name>compliance_count</name>
         <summary>Counts of compliance results. Only for reports of an audit task.</summary>
         <description>
           <p>
-            The text contains the full count -- the total number of compliance results.
+            The text contains the full count. The total number of compliance results.
           </p>
         </description>
         <pattern>
@@ -2758,7 +2767,8 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
             <pattern><t>integer</t></pattern>
           </ele>
         </ele>
-      </ele>      
+      </ele>
+      @ENDIF_COMPLIANCE_REPORTS@
       <ele>
         <name>severity</name>
         <pattern>
@@ -2776,6 +2786,7 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
           <summary>Maximum severity of the report after filtering</summary>
         </ele>
       </ele>
+      @IF_COMPLIANCE_REPORTS@
       <ele>
         <name>compliance</name>
         <pattern>
@@ -2792,7 +2803,8 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
           <pattern><t>compliance_status</t></pattern>
           <summary>Compliance of the report after filtering ("yes", "no", "incomplete" or "undefined")</summary>
         </ele>
-      </ele>      
+      </ele>
+      @ENDIF_COMPLIANCE_REPORTS@
       <ele>
         <name>task</name>
         <pattern>
@@ -3054,9 +3066,15 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
           <e>start</e>
           <e>end</e>
           <e>port_count</e>
-          <o><e>result_count</e></o>
+          @IF_COMPLIANCE_REPORTS@
+          <o>
+          @ENDIF_COMPLIANCE_REPORTS@
+          <e>result_count</e>
+          @IF_COMPLIANCE_REPORTS@
+          </o>
           <o><e>compliance_count</e></o>
           <o><e>host_compliance</e></o>
+          @ENDIF_COMPLIANCE_REPORTS@
           <any><e>detail</e></any>
         </pattern>
         <ele>
@@ -3099,7 +3117,7 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
         </ele>
         <ele>
           <name>result_count</name>
-          <summary>Only for scan reports</summary>
+          <summary></summary>
           <pattern>
             <e>page</e>
             <e>hole</e>
@@ -3174,6 +3192,7 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
             </ele>
           </ele>
         </ele>
+        @IF_COMPLIANCE_REPORTS@
         <ele>
           <name>compliance_count</name>
           <summary>Only for audit reports</summary>
@@ -3242,7 +3261,8 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
           <name>host_compliance</name>
           <summary>Only for audit reports. Host compliance</summary>
           <pattern><t>compliance_status</t></pattern>
-        </ele>               
+        </ele>
+        @ENDIF_COMPLIANCE_REPORTS@
         <ele>
           <name>detail</name>
           <summary>A detail associated with the host</summary>
@@ -18125,11 +18145,13 @@ END:VCALENDAR
             <type>integer</type>
             <summary>Minimum QoD of the results</summary>
           </option>
+          @IF_COMPLIANCE_REPORTS@
           <option>
             <name>report_compliance_levels</name>
             <type>compliance_levels</type>
             <summary>report compliance level to select</summary>
-          </option>          
+          </option>
+          @ENDIF_COMPLIANCE_REPORTS@   
           <column>
             <name>tag</name>
             <type>text</type>
@@ -18275,6 +18297,7 @@ END:VCALENDAR
             <type>iso_time</type>
             <summary>Scan end time</summary>
           </column>
+          @IF_COMPLIANCE_REPORTS@
           <column>
             <name>compliance_yes</name>
             <type>integer</type>
@@ -18294,7 +18317,8 @@ END:VCALENDAR
             <name>compliant</name>
             <type>compliance_status</type>
             <summary>Compliance state of the report. Can be yes, no, incomplete or undefined</summary>
-          </column>                      
+          </column>
+          @ENDIF_COMPLIANCE_REPORTS@      
         </filter_keywords>
       </attrib>
       <attrib>
@@ -18364,6 +18388,7 @@ END:VCALENDAR
         </summary>
         <type>boolean</type>
       </attrib>
+      @IF_COMPLIANCE_REPORTS@
       <attrib>
           <name>usage_type</name>
           <summary>Optional usage type to limit the reports to. Affects total count unlike filter</summary>
@@ -18374,7 +18399,8 @@ END:VCALENDAR
               <alt></alt>
             </alts>
           </type>
-        </attrib>    
+      </attrib>
+      @ENDIF_COMPLIANCE_REPORTS@
     </pattern>
     <response>
       <pattern>
@@ -23153,9 +23179,15 @@ END:VCALENDAR
               </attrib>
               <e>timestamp</e>
               <e>scan_end</e>
-              <o><e>result_count</e></o>
-              <o><e>severity</e></o>
+              @IF_COMPLIANCE_REPORTS@
+              <o>
+              @ENDIF_COMPLIANCE_REPORTS@
+              <e>result_count</e>
+              <e>severity</e>
+              @IF_COMPLIANCE_REPORTS@
+              </o>
               <o><e>compliance_count</e></o>
+              @ENDIF_COMPLIANCE_REPORTS@
             </pattern>
             <ele>
               <name>timestamp</name>
@@ -23167,7 +23199,7 @@ END:VCALENDAR
             </ele>
             <ele>
               <name>result_count</name>
-              <summary>Result counts for this report. Only for scan tasks</summary>
+              <summary>Result counts for this report</summary>
               <pattern>
                 <e>false_positive</e>
                 <e>log</e>
@@ -23199,8 +23231,9 @@ END:VCALENDAR
             <ele>
               <name>severity</name>
               <pattern><t>severity</t></pattern>
-              <summary>Maximum severity of the report. Only for scan tasks</summary>
+              <summary>Maximum severity of the report</summary>
             </ele>
+            @IF_COMPLIANCE_REPORTS@
             <ele>
               <name>compliance_count</name>
               <summary>Complaince counts. Only for audit tasks</summary>
@@ -23226,7 +23259,8 @@ END:VCALENDAR
                 <name>undefined</name>
                 <pattern><t>integer</t></pattern>
               </ele>
-            </ele>            
+            </ele>
+            @ENDIF_COMPLIANCE_REPORTS@
           </ele>
         </ele>
         <ele>

From 002fe4206e7f5fa7732d7a4be15261affbec61c7 Mon Sep 17 00:00:00 2001
From: Ahmed Abdelsalam <ahmed.abdelsalam@greenbone.net>
Date: Fri, 23 Aug 2024 13:52:12 +0200
Subject: [PATCH 030/134] Fix missing feature toggle check on add & remove tag
 resources

---
 src/manage_sql.c | 52 ++++++++++++++++++++++++++----------------------
 1 file changed, 28 insertions(+), 24 deletions(-)

diff --git a/src/manage_sql.c b/src/manage_sql.c
index 83e3ddc6b..b5829f009 100644
--- a/src/manage_sql.c
+++ b/src/manage_sql.c
@@ -57366,17 +57366,7 @@ tag_add_resources_filter (tag_t tag, const char *type, const char *filter)
     }
   else
     {
-      if (strcasecmp (type, "audit_report") == 0)
-        {
-          type = g_strdup ("report");
-          resources_get.type = g_strdup (type);
-          get_data_set_extra (&resources_get, "usage_type", g_strdup ("audit"));
-        }
-      else if (strcasecmp (type, "report") == 0)
-        {
-          get_data_set_extra (&resources_get, "usage_type", g_strdup ("scan"));
-        }
-      else if (strcasecmp (type, "task") == 0)
+      if (strcasecmp (type, "task") == 0)
         {
           get_data_set_extra (&resources_get, "usage_type", g_strdup ("scan"));
         }
@@ -57396,6 +57386,18 @@ tag_add_resources_filter (tag_t tag, const char *type, const char *filter)
         {
           get_data_set_extra (&resources_get, "usage_type", g_strdup ("scan"));
         }
+      #if COMPLIANCE_REPORTS == 1
+        else if (strcasecmp (type, "audit_report") == 0)
+          {
+            type = g_strdup ("report");
+            resources_get.type = g_strdup (type);
+            get_data_set_extra (&resources_get, "usage_type", g_strdup ("audit"));
+          }
+        else if (strcasecmp (type, "report") == 0)
+          {
+            get_data_set_extra (&resources_get, "usage_type", g_strdup ("scan"));
+          }
+      #endif
 
       gchar *columns;
 
@@ -57547,19 +57549,7 @@ tag_remove_resources_filter (tag_t tag, const char *type, const char *filter)
     }
   else
     {
-      if (strcasecmp (type, "audit_report") == 0)
-        {
-          type = g_strdup ("report");
-          resources_get.type = g_strdup (type);
-          get_data_set_extra (&resources_get,
-                              "usage_type",
-                              g_strdup ("audit"));
-        }
-      else if (strcasecmp (type, "report") == 0)
-        {
-          get_data_set_extra (&resources_get, "usage_type", g_strdup ("scan"));
-        }
-      else if (strcasecmp (type, "task") == 0)
+      if (strcasecmp (type, "task") == 0)
         {
           get_data_set_extra (&resources_get, "usage_type", g_strdup ("scan"));
         }
@@ -57579,6 +57569,20 @@ tag_remove_resources_filter (tag_t tag, const char *type, const char *filter)
         {
           get_data_set_extra (&resources_get, "usage_type", g_strdup ("scan"));
         }
+      #if COMPLIANCE_REPORTS == 1
+        else if (strcasecmp (type, "audit_report") == 0)
+          {
+            type = g_strdup ("report");
+            resources_get.type = g_strdup (type);
+            get_data_set_extra (&resources_get,
+                                "usage_type",
+                                g_strdup ("audit"));
+          }
+        else if (strcasecmp (type, "report") == 0)
+          {
+            get_data_set_extra (&resources_get, "usage_type", g_strdup ("scan"));
+          }
+      #endif
 
       gchar *columns;
 

From 809d69f63c591ae7d0015e5653e50b28dbe726c1 Mon Sep 17 00:00:00 2001
From: Timo Pollmeier <timo.pollmeier@greenbone.net>
Date: Tue, 27 Aug 2024 12:00:25 +0200
Subject: [PATCH 031/134] Fix: Update alive_test pattern in GMP doc

The RNC pattern of the alive_test type in the GMP documentation is
updated to match what is currently accepted by gvmd.
---
 src/schema_formats/XML/GMP.xml.in | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/schema_formats/XML/GMP.xml.in b/src/schema_formats/XML/GMP.xml.in
index 31d24711a..172b845c5 100644
--- a/src/schema_formats/XML/GMP.xml.in
+++ b/src/schema_formats/XML/GMP.xml.in
@@ -31,7 +31,7 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
     <name>alive_test</name>
     <summary>An alive test</summary>
     <pattern>
-      xsd:token { pattern = "ICMP, TCP Service &amp; ARP Ping|TCP Service &amp; ARP Ping|ICMP &amp; ARP Ping|ICMP &amp; TCP Service Ping|ARP Ping|TCP Service Ping|ICMP Ping|Scan Config Default" }
+      xsd:token { pattern = "ICMP, TCP-ACK Service &amp; ARP Ping|TCP-ACK Service &amp; ARP Ping|ICMP &amp; ARP Ping|ICMP &amp; TCP-ACK Service Ping|ARP Ping|TCP-ACK Service Ping|TCP-SYN Service Ping|ICMP Ping|Consider Alive|Scan Config Default" }
     </pattern>
   </type>
   <type>

From 76c28df129d9374ce733fb45588ea6b7b46876b8 Mon Sep 17 00:00:00 2001
From: Timo Pollmeier <timo.pollmeier@greenbone.net>
Date: Thu, 25 Jul 2024 15:28:01 +0200
Subject: [PATCH 032/134] Add: New option --max-concurrent-scan-updates

The new startup option --max-concurrent-scan-updates is added which
allows limiting the number of scan updates which can run at the same
time.

This can be used to limit the peak memory and CPU usage when running
multiple scans at the same time.
---
 doc/gvmd.8     |   3 +
 doc/gvmd.8.xml |   9 ++
 doc/gvmd.html  |   9 ++
 src/gvmd.c     |  12 +++
 src/manage.c   | 264 ++++++++++++++++++++++++++++++++++++++++++++++++-
 src/manage.h   |  19 ++++
 6 files changed, 315 insertions(+), 1 deletion(-)

diff --git a/doc/gvmd.8 b/doc/gvmd.8
index 7179be5d4..1460e997e 100644
--- a/doc/gvmd.8
+++ b/doc/gvmd.8
@@ -109,6 +109,9 @@ File mode of the unix socket
 \fB--listen-owner=\fISTRING\fB\f1
 Owner of the unix socket
 .TP
+\fB--max-concurrent-scan-updates=\fINUMBER\fB\f1
+Maximum number of scan updates that can run at the same time. Default: 0 (unlimited). 
+.TP
 \fB--max-email-attachment-size=\fINUMBER\fB\f1
 Maximum size of alert email attachments, in bytes.
 .TP
diff --git a/doc/gvmd.8.xml b/doc/gvmd.8.xml
index 8e4bca59a..49bed2b70 100644
--- a/doc/gvmd.8.xml
+++ b/doc/gvmd.8.xml
@@ -262,6 +262,15 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
         <p>Owner of the unix socket</p>
       </optdesc>
     </option>
+    <option>
+      <p><opt>--max-concurrent-scan-updates=<arg>NUMBER</arg></opt></p>
+      <optdesc>
+        <p>
+          Maximum number of scan updates that can run at the same time.
+          Default: 0 (unlimited).
+        </p>
+      </optdesc>
+    </option>
     <option>
       <p><opt>--max-email-attachment-size=<arg>NUMBER</arg></opt></p>
       <optdesc>
diff --git a/doc/gvmd.html b/doc/gvmd.html
index 60ba46fe4..2a6b41dbd 100644
--- a/doc/gvmd.html
+++ b/doc/gvmd.html
@@ -217,6 +217,15 @@ <h2>Options</h2>
       
     
     
+      <p><b>--max-concurrent-scan-updates=<em>NUMBER</em></b></p>
+      
+        <p>
+          Maximum number of scan updates that can run at the same time.
+          Default: 0 (unlimited).
+        </p>
+      
+    
+    
       <p><b>--max-email-attachment-size=<em>NUMBER</em></b></p>
       
         <p>Maximum size of alert email attachments, in bytes.</p>
diff --git a/src/gvmd.c b/src/gvmd.c
index 9be3ecc8e..ef9e1ff86 100644
--- a/src/gvmd.c
+++ b/src/gvmd.c
@@ -1895,6 +1895,7 @@ gvmd (int argc, char** argv, char *env[])
   static gchar *broker_address = NULL;
   static gchar *feed_lock_path = NULL;
   static int feed_lock_timeout = 0;
+  static int max_concurrent_scan_updates = 0;
   static int mem_wait_retries = 30;
   static int min_mem_feed_update = 0;
   static int vt_ref_insert_size = VT_REF_INSERT_SIZE_DEFAULT;
@@ -2073,6 +2074,11 @@ gvmd (int argc, char** argv, char *env[])
           &listen_owner,
           "Owner of the unix socket",
           "<string>" },
+        { "max-concurrent-scan-updates", '\0', 0, G_OPTION_ARG_INT,
+          &max_concurrent_scan_updates,
+          "Maximum number of scan updates that can run at the same time."
+          " Default: 0 (unlimited).",
+          "<number>" },
         { "max-email-attachment-size", '\0', 0, G_OPTION_ARG_INT,
           &max_email_attachment_size,
           "Maximum size of alert email attachments, in bytes.",
@@ -2452,6 +2458,12 @@ gvmd (int argc, char** argv, char *env[])
       g_debug ("Sentry support disabled");
     }
 
+  /* Set maximum number of concurrent scan updates */
+  set_max_concurrent_scan_updates (max_concurrent_scan_updates);
+
+  /* Initialize Inter-Process Communication */
+  init_semaphore_set ();
+
   /* Enable GNUTLS debugging if requested via env variable.  */
   {
     const char *s;
diff --git a/src/manage.c b/src/manage.c
index 5e4f754db..889986131 100644
--- a/src/manage.c
+++ b/src/manage.c
@@ -75,6 +75,7 @@
 #include <string.h>
 #include <strings.h>
 #include <sys/file.h>
+#include <sys/sem.h>
 #include <sys/stat.h>
 #include <sys/types.h>
 #include <sys/wait.h>
@@ -184,6 +185,11 @@ static gchar *feed_lock_path = NULL;
  */
 static int feed_lock_timeout = 0;
 
+/**
+ * @brief Maximum number of concurrent scan updates.
+ */
+static int max_concurrent_scan_updates = 0;
+
 /**
  * @brief Retries for waiting for memory to be available.
  */
@@ -215,6 +221,17 @@ static int schedule_timeout = SCHEDULE_TIMEOUT_DEFAULT;
  */
 static int scanner_connection_retry = SCANNER_CONNECTION_RETRY_DEFAULT;
 
+/**
+ * @brief System V semaphore set key for gvmd actions.
+ */
+static key_t semaphore_set_key = -1;
+
+/**
+ * @brief System V semaphore set id for gvmd actions.
+ */
+static int semaphore_set = -1;
+
+
 
 /* Certificate and key management. */
 
@@ -1855,6 +1872,40 @@ get_osp_scan_status (const char *scan_id, const char *host, int port,
   return status;
 }
 
+/**
+ * @brief Handles the semaphore for the end of an OSP scan update.
+ *
+ * @param[in]  add_result_on_error  Whether to create an OSP result on error.
+ * @param[in]  task   The current task (for error result).
+ * @param[in]  report The current report (for error result).
+ *
+ * @return 0 success, -1 error.
+ */
+static int
+osp_scan_semaphore_update_end (int add_result_on_error,
+                               task_t task, report_t report)
+{
+  if (max_concurrent_scan_updates == 0)
+    return 0;
+
+  if (semaphore_op (SEMAPHORE_SCAN_UPDATE, +1, 0))
+    {
+      g_warning ("%s: error signaling scan update semaphore",
+                __func__);
+      if (add_result_on_error)
+        {
+          result_t result = make_osp_result
+            (task, "", "", "",
+              threat_message_type ("Error"),
+              "Error signaling scan update semaphore", "", "",
+              QOD_DEFAULT, NULL, NULL);
+          report_add_result (report, result);
+        }
+      return -1;
+    }
+  return 0;
+}
+
 /**
  * @brief Handle an ongoing OSP scan, until success or failure.
  *
@@ -1888,7 +1939,7 @@ handle_osp_scan (task_t task, report_t report, const char *scan_id)
   rc = -1;
   while (retry >= 0)
     {
-      int run_status, progress;
+      int sem_op_ret, run_status, progress;
       osp_scan_status_t osp_scan_status;
 
       run_status = task_run_status (task);
@@ -1899,6 +1950,28 @@ handle_osp_scan (task_t task, report_t report, const char *scan_id)
           break;
         }
 
+      if (max_concurrent_scan_updates)
+        {
+          sem_op_ret = semaphore_op (SEMAPHORE_SCAN_UPDATE, -1, 5);
+          if (sem_op_ret == 1)
+            continue;
+          else if (sem_op_ret)
+            {
+              g_warning ("%s: error waiting for scan update semaphore",
+                        __func__);
+              result_t result = make_osp_result
+                (task, "", "", "",
+                  threat_message_type ("Error"),
+                  "Error waiting for scan update semaphore", "", "",
+                  QOD_DEFAULT, NULL, NULL);
+              report_add_result (report, result);
+              delete_osp_scan (scan_id, host, port, ca_pub, key_pub,
+                                key_priv);
+              rc = -3;
+              break;
+            }
+        }
+
       /* Get only the progress, without results and details. */
       progress = get_osp_scan_report (scan_id, host, port, ca_pub, key_pub,
                                       key_priv, 0, 0, NULL);
@@ -1911,10 +1984,18 @@ handle_osp_scan (task_t task, report_t report, const char *scan_id)
               g_warning ("Connection lost with the scanner at %s. "
                          "Trying again in 1 second.", host);
               gvm_sleep (1);
+              if (osp_scan_semaphore_update_end (TRUE, task, report))
+                {
+                  delete_osp_scan (scan_id, host, port, ca_pub, key_pub,
+                                   key_priv);
+                  rc = -3;
+                  break;
+                }
               continue;
             }
           else if (progress == -2)
             {
+              osp_scan_semaphore_update_end (FALSE, task, report);
               rc = -2;
               break;
             }
@@ -1924,6 +2005,7 @@ handle_osp_scan (task_t task, report_t report, const char *scan_id)
                               "Erroneous scan progress value", "", "",
                               QOD_DEFAULT, NULL, NULL);
           report_add_result (report, result);
+          osp_scan_semaphore_update_end (FALSE, task, report);
           delete_osp_scan (scan_id, host, port, ca_pub, key_pub,
                            key_priv);
           rc = -1;
@@ -1942,11 +2024,19 @@ handle_osp_scan (task_t task, report_t report, const char *scan_id)
                   retry--;
                   g_warning ("Connection lost with the scanner at %s. "
                              "Trying again in 1 second.", host);
+                  if (osp_scan_semaphore_update_end (TRUE, task, report))
+                    {
+                      delete_osp_scan (scan_id, host, port, ca_pub, key_pub,
+                                       key_priv);
+                      rc = -3;
+                      break;
+                    }
                   gvm_sleep (1);
                   continue;
                 }
               else if (progress == -2)
                 {
+                  osp_scan_semaphore_update_end (FALSE, task, report);
                   rc = -2;
                   break;
                 }
@@ -1957,6 +2047,7 @@ handle_osp_scan (task_t task, report_t report, const char *scan_id)
                                   "Erroneous scan progress value", "", "",
                                   QOD_DEFAULT, NULL, NULL);
               report_add_result (report, result);
+              osp_scan_semaphore_update_end (FALSE, task, report);
               rc = -1;
               break;
             }
@@ -1989,6 +2080,7 @@ handle_osp_scan (task_t task, report_t report, const char *scan_id)
                   report_add_result (report, result);
                   delete_osp_scan (scan_id, host, port, ca_pub, key_pub,
                                    key_priv);
+                  osp_scan_semaphore_update_end (FALSE, task, report);
                   rc = -3;
                   break;
                 }
@@ -2000,6 +2092,13 @@ handle_osp_scan (task_t task, report_t report, const char *scan_id)
                       retry--;
                       g_warning ("Connection lost with the scanner at %s. "
                                  "Trying again in 1 second.", host);
+                      if (osp_scan_semaphore_update_end (TRUE, task, report))
+                        {
+                          delete_osp_scan (scan_id, host, port, ca_pub,
+                                           key_pub, key_priv);
+                          rc = -3;
+                          break;
+                        }
                       gvm_sleep (1);
                       continue;
                     }
@@ -2012,6 +2111,7 @@ handle_osp_scan (task_t task, report_t report, const char *scan_id)
                   report_add_result (report, result);
                   delete_osp_scan (scan_id, host, port, ca_pub, key_pub,
                                    key_priv);
+                  osp_scan_semaphore_update_end (FALSE, task, report);
                   rc = -1;
                   break;
                 }
@@ -2020,6 +2120,7 @@ handle_osp_scan (task_t task, report_t report, const char *scan_id)
                 {
                   delete_osp_scan (scan_id, host, port, ca_pub, key_pub,
                                    key_priv);
+                  osp_scan_semaphore_update_end (FALSE, task, report);
                   rc = 0;
                   break;
                 }
@@ -2034,6 +2135,14 @@ handle_osp_scan (task_t task, report_t report, const char *scan_id)
             }
         }
 
+      if (osp_scan_semaphore_update_end (TRUE, task, report))
+        {
+          delete_osp_scan (scan_id, host, port, ca_pub, key_pub,
+                           key_priv);
+          rc = -3;
+          break;
+        }
+
       retry = connection_retry;
       gvm_sleep (5);
     }
@@ -2901,9 +3010,25 @@ fork_osp_scan_handler (task_t task, target_t target, int from,
       set_task_run_status (task, TASK_STATUS_PROCESSING);
       set_report_scan_run_status (global_current_report,
                                   TASK_STATUS_PROCESSING);
+
+      if (max_concurrent_scan_updates)
+        semaphore_op (SEMAPHORE_SCAN_UPDATE, -1, 0);
       hosts_set_identifiers (global_current_report);
+      if (max_concurrent_scan_updates)
+        semaphore_op (SEMAPHORE_SCAN_UPDATE, +1, 0);
+
+      if (max_concurrent_scan_updates)
+        semaphore_op (SEMAPHORE_SCAN_UPDATE, -1, 0);
       hosts_set_max_severity (global_current_report, NULL, NULL);
+      if (max_concurrent_scan_updates)
+        semaphore_op (SEMAPHORE_SCAN_UPDATE, +1, 0);
+
+      if (max_concurrent_scan_updates)
+        semaphore_op (SEMAPHORE_SCAN_UPDATE, -1, 0);
       hosts_set_details (global_current_report);
+      if (max_concurrent_scan_updates)
+        semaphore_op (SEMAPHORE_SCAN_UPDATE, +1, 0);
+
       set_task_run_status (task, TASK_STATUS_DONE);
       set_report_scan_run_status (global_current_report, TASK_STATUS_DONE);
     }
@@ -6505,6 +6630,31 @@ set_min_mem_feed_update (int new_min_mem)
     min_mem_feed_update = new_min_mem;
 }
 
+/**
+ * @brief Get the maximum number of concurrent scan updates.
+ *
+ * @return The current maximum number of concurrent scan updates.
+ */
+int
+get_max_concurrent_scan_updates ()
+{
+  return max_concurrent_scan_updates;
+}
+
+/**
+ * @brief Set the maximum number of concurrent scan updates.
+ *
+ * @param new_max The new maximum number of concurrent scan updates.
+ */
+void
+set_max_concurrent_scan_updates (int new_max)
+{
+  if (new_max < 0)
+    max_concurrent_scan_updates = 0;
+  else
+    max_concurrent_scan_updates = new_max;
+}
+
 /**
  * @brief Write start time to sync lock file.
  *
@@ -7772,3 +7922,115 @@ delete_resource (const char *type, const char *resource_id, int ultimate)
   assert (0);
   return -1;
 }
+
+
+/* Inter-Process Communication */
+
+/**
+ * @brief Union type for values of semctl actions
+ */
+union semun {
+    int              val;    /* Value for SETVAL */
+    struct semid_ds *buf;    /* Buffer for IPC_STAT, IPC_SET */
+    unsigned short  *array;  /* Array for GETALL, SETALL */
+    struct seminfo  *__buf;  /* Buffer for IPC_INFO
+                                (Linux-specific) */
+};
+
+/**
+ * @brief Initializes the semaphore set for gvmd actions.
+ *
+ * Needs max_concurrent_scan_updates to be set.
+ */
+int
+init_semaphore_set ()
+{
+  // Ensure semaphore set file exists
+  gchar *key_file_name = g_build_filename (GVM_STATE_DIR, "gvmd.sem", NULL);
+  FILE *key_file = fopen (key_file_name, "a");
+  union semun sem_value;
+  if (key_file == NULL)
+    {
+      g_warning ("%s: error creating semaphore file %s: %s",
+                 __func__, key_file_name, strerror (errno));
+      g_free (key_file_name);
+      return -1;
+    }
+  fclose (key_file);
+  semaphore_set_key = ftok (key_file_name, 0);
+  if (semaphore_set_key < 0)
+    {
+      g_warning ("%s: error creating semaphore key for file %s: %s",
+                 __func__, key_file_name, strerror (errno));
+      g_free (key_file_name);
+      return -1;
+    }
+
+  semaphore_set = semget (semaphore_set_key, 1, 0660 | IPC_CREAT);
+  if (semaphore_set < 0)
+    {
+      g_warning ("%s: error getting semaphore set: %s",
+                 __func__, strerror (errno));
+      return -1;
+    }
+
+  g_debug ("%s: Semaphore set created for file '%s', key %x",
+             __func__, key_file_name, semaphore_set_key);
+  g_free (key_file_name);
+
+  sem_value.val = max_concurrent_scan_updates ?: 1;
+  if (semctl (semaphore_set, SEMAPHORE_SCAN_UPDATE, SETVAL, sem_value) == -1)
+    {
+      g_warning ("%s: error initializing scan update semaphore: %s",
+                 __func__, strerror (errno));
+      return -1;
+    }
+
+  return 0;
+}
+
+/**
+ * @brief Performs a semaphore operation (signal or wait).
+ *
+ * A negative op_value will try to decrease the semaphore value
+ *  and wait if needed.
+ * A positive op_value will increase the semaphore value.
+ * Zero as op_value will wait for the semaphore value to become zero.
+ *
+ * (See semop from sys/sem.h)
+ *
+ * @param[in]  semaphore_index  The index of the semaphore in the gvmd set.
+ * @param[in]  op_value   The operation value
+ */
+int
+semaphore_op (semaphore_index_t semaphore_index,
+              short int op_value,
+              time_t timeout)
+{
+  int ret;
+  struct sembuf op = {
+    sem_num: semaphore_index,
+    sem_op: op_value,
+    sem_flg: SEM_UNDO
+  };
+
+  struct timespec ts = {
+    tv_nsec: 0,
+    tv_sec: timeout,
+  };
+
+  ret = semtimedop (semaphore_set, &op, 1, timeout > 0 ? &ts : NULL);
+  if (ret)
+    {
+      if (errno == EAGAIN)
+        return 1;
+      else
+        {
+          g_warning ("%s: semaphore operation failed: %s",
+                     __func__, strerror (errno));
+          return -1;
+        }
+    }
+
+  return 0;
+}
diff --git a/src/manage.h b/src/manage.h
index 6c59a32fc..4bd35c86e 100644
--- a/src/manage.h
+++ b/src/manage.h
@@ -3880,6 +3880,12 @@ get_feed_lock_timeout ();
 void
 set_feed_lock_timeout (int);
 
+int
+get_max_concurrent_scan_updates ();
+
+void
+set_max_concurrent_scan_updates (int);
+
 int
 get_mem_wait_retries ();
 
@@ -3983,4 +3989,17 @@ get_vt_verification_collation ();
 void
 set_vt_verification_collation (const char *);
 
+
+/* Inter-Process communication */
+
+typedef enum {
+  SEMAPHORE_SCAN_UPDATE = 0
+} semaphore_index_t;
+
+int
+init_semaphore_set ();
+
+int
+semaphore_op (semaphore_index_t, short int, time_t);
+
 #endif /* not _GVMD_MANAGE_H */

From 468214e3ab97158bc5ae1e3bd659495417e343c9 Mon Sep 17 00:00:00 2001
From: Timo Pollmeier <timo.pollmeier@greenbone.net>
Date: Tue, 30 Jul 2024 08:46:27 +0200
Subject: [PATCH 033/134] Fix doc comments and missing free for IPC

---
 src/manage.c | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/src/manage.c b/src/manage.c
index 889986131..ee2efda0e 100644
--- a/src/manage.c
+++ b/src/manage.c
@@ -7930,17 +7930,18 @@ delete_resource (const char *type, const char *resource_id, int ultimate)
  * @brief Union type for values of semctl actions
  */
 union semun {
-    int              val;    /* Value for SETVAL */
-    struct semid_ds *buf;    /* Buffer for IPC_STAT, IPC_SET */
-    unsigned short  *array;  /* Array for GETALL, SETALL */
-    struct seminfo  *__buf;  /* Buffer for IPC_INFO
-                                (Linux-specific) */
+    int              val;    ///< Value for SETVAL
+    struct semid_ds *buf;    ///< Buffer for IPC_STAT, IPC_SET
+    unsigned short  *array;  ///< Array for GETALL, SETALL
+    struct seminfo  *__buf;  ///< Buffer for IPC_INFO (Linux-specific)
 };
 
 /**
  * @brief Initializes the semaphore set for gvmd actions.
  *
  * Needs max_concurrent_scan_updates to be set.
+ *
+ * @return 0 success, -1 error
  */
 int
 init_semaphore_set ()
@@ -7971,6 +7972,7 @@ init_semaphore_set ()
     {
       g_warning ("%s: error getting semaphore set: %s",
                  __func__, strerror (errno));
+      g_free (key_file_name);
       return -1;
     }
 
@@ -8001,6 +8003,9 @@ init_semaphore_set ()
  *
  * @param[in]  semaphore_index  The index of the semaphore in the gvmd set.
  * @param[in]  op_value   The operation value
+ * @param[in]  timeout    Timeout in seconds, 0 for unlimited
+ *
+ * @return 0 success, 1 timed out, -1 error
  */
 int
 semaphore_op (semaphore_index_t semaphore_index,

From e2f084d004fb0329904fde46b319404e0b8c0e9f Mon Sep 17 00:00:00 2001
From: Timo Pollmeier <timo.pollmeier@greenbone.net>
Date: Tue, 30 Jul 2024 09:17:32 +0200
Subject: [PATCH 034/134] Move IPC helpers to separate files

---
 src/CMakeLists.txt |   6 ++
 src/gvmd.c         |   1 +
 src/ipc.c          | 160 +++++++++++++++++++++++++++++++++++++++++++++
 src/ipc.h          |  37 +++++++++++
 src/manage.c       | 130 +-----------------------------------
 src/manage.h       |  13 ----
 6 files changed, 205 insertions(+), 142 deletions(-)
 create mode 100644 src/ipc.c
 create mode 100644 src/ipc.h

diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
index 2f27baf66..145e700f4 100644
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@@ -109,6 +109,7 @@ add_executable (manage-utils-test
 
                 debug_utils.c
                 gvmd.c gmpd.c
+                ipc.c
                 manage.c sql.c
                 manage_acl.c manage_configs.c manage_get.c
                 manage_license.c
@@ -140,6 +141,7 @@ add_executable (manage-test
 
                 debug_utils.c
                 gvmd.c gmpd.c
+                ipc.c
                 manage_utils.c sql.c
                 manage_acl.c manage_configs.c manage_get.c
                 manage_license.c
@@ -171,6 +173,7 @@ add_executable (manage-sql-test
 
                 debug_utils.c
                 gvmd.c gmpd.c
+                ipc.c
                 manage_utils.c manage.c sql.c
                 manage_acl.c manage_configs.c manage_get.c
                 manage_license.c
@@ -202,6 +205,7 @@ add_executable (gmp-tickets-test
 
                 debug_utils.c
                 gvmd.c gmpd.c
+                ipc.c
                 manage_utils.c manage.c sql.c
                 manage_acl.c manage_configs.c manage_get.c
                 manage_license.c
@@ -233,6 +237,7 @@ add_executable (utils-test
 
                 debug_utils.c
                 gvmd.c gmpd.c
+                ipc.c
                 manage_utils.c manage.c sql.c
                 manage_acl.c manage_configs.c manage_get.c
                 manage_license.c
@@ -281,6 +286,7 @@ add_executable (gvmd
                 main.c gvmd.c
                 debug_utils.c
                 gmpd.c
+                ipc.c
                 manage_utils.c manage.c sql.c
                 manage_acl.c manage_configs.c manage_get.c
                 manage_license.c
diff --git a/src/gvmd.c b/src/gvmd.c
index ef9e1ff86..0fbe8051b 100644
--- a/src/gvmd.c
+++ b/src/gvmd.c
@@ -102,6 +102,7 @@
 #include <gvm/util/ldaputils.h>
 
 #include "debug_utils.h"
+#include "ipc.h"
 #include "manage.h"
 #include "manage_sql_nvts.h"
 #include "manage_sql_secinfo.h"
diff --git a/src/ipc.c b/src/ipc.c
new file mode 100644
index 000000000..48008d96f
--- /dev/null
+++ b/src/ipc.c
@@ -0,0 +1,160 @@
+/* Copyright (C) 2024 Greenbone AG
+ *
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+/**
+ * @file ipc.c
+ * @brief Inter-process communitcation (IPC)
+ */
+
+/**
+ * @brief Enable extra GNU functions.
+ *
+ * semtimedop needs this
+ */
+#define _GNU_SOURCE
+
+#include <errno.h>
+#include <sys/sem.h>
+
+#include "ipc.h"
+#include "manage.h"
+
+
+/**
+ * @brief System V semaphore set key for gvmd actions.
+ */
+static key_t semaphore_set_key = -1;
+
+/**
+ * @brief System V semaphore set id for gvmd actions.
+ */
+static int semaphore_set = -1;
+
+/**
+ * @brief Union type for values of semctl actions
+ */
+union semun {
+    int              val;    ///< Value for SETVAL
+    struct semid_ds *buf;    ///< Buffer for IPC_STAT, IPC_SET
+    unsigned short  *array;  ///< Array for GETALL, SETALL
+    struct seminfo  *__buf;  ///< Buffer for IPC_INFO (Linux-specific)
+};
+
+/**
+ * @brief Initializes the semaphore set for gvmd actions.
+ *
+ * Needs max_concurrent_scan_updates to be set.
+ *
+ * @return 0 success, -1 error
+ */
+int
+init_semaphore_set ()
+{
+  // Ensure semaphore set file exists
+  gchar *key_file_name = g_build_filename (GVM_STATE_DIR, "gvmd.sem", NULL);
+  FILE *key_file = fopen (key_file_name, "a");
+  union semun sem_value;
+  if (key_file == NULL)
+    {
+      g_warning ("%s: error creating semaphore file %s: %s",
+                 __func__, key_file_name, strerror (errno));
+      g_free (key_file_name);
+      return -1;
+    }
+  fclose (key_file);
+  semaphore_set_key = ftok (key_file_name, 0);
+  if (semaphore_set_key < 0)
+    {
+      g_warning ("%s: error creating semaphore key for file %s: %s",
+                 __func__, key_file_name, strerror (errno));
+      g_free (key_file_name);
+      return -1;
+    }
+
+  semaphore_set = semget (semaphore_set_key, 1, 0660 | IPC_CREAT);
+  if (semaphore_set < 0)
+    {
+      g_warning ("%s: error getting semaphore set: %s",
+                 __func__, strerror (errno));
+      g_free (key_file_name);
+      return -1;
+    }
+
+  g_debug ("%s: Semaphore set created for file '%s', key %x",
+             __func__, key_file_name, semaphore_set_key);
+  g_free (key_file_name);
+
+  sem_value.val = get_max_concurrent_scan_updates () ?: 1;
+  if (semctl (semaphore_set, SEMAPHORE_SCAN_UPDATE, SETVAL, sem_value) == -1)
+    {
+      g_warning ("%s: error initializing scan update semaphore: %s",
+                 __func__, strerror (errno));
+      return -1;
+    }
+
+  return 0;
+}
+
+/**
+ * @brief Performs a semaphore operation (signal or wait).
+ *
+ * A negative op_value will try to decrease the semaphore value
+ *  and wait if needed.
+ * A positive op_value will increase the semaphore value.
+ * Zero as op_value will wait for the semaphore value to become zero.
+ *
+ * (See semop from sys/sem.h)
+ *
+ * @param[in]  semaphore_index  The index of the semaphore in the gvmd set.
+ * @param[in]  op_value   The operation value
+ * @param[in]  timeout    Timeout in seconds, 0 for unlimited
+ *
+ * @return 0 success, 1 timed out, -1 error
+ */
+int
+semaphore_op (semaphore_index_t semaphore_index,
+              short int op_value,
+              time_t timeout)
+{
+  int ret;
+  struct sembuf op = {
+    sem_num: semaphore_index,
+    sem_op: op_value,
+    sem_flg: SEM_UNDO
+  };
+
+  struct timespec ts = {
+    tv_nsec: 0,
+    tv_sec: timeout,
+  };
+
+  ret = semtimedop (semaphore_set, &op, 1, timeout > 0 ? &ts : NULL);
+  if (ret)
+    {
+      if (errno == EAGAIN)
+        return 1;
+      else
+        {
+          g_warning ("%s: semaphore operation failed: %s",
+                     __func__, strerror (errno));
+          return -1;
+        }
+    }
+
+  return 0;
+}
diff --git a/src/ipc.h b/src/ipc.h
new file mode 100644
index 000000000..e11371fdd
--- /dev/null
+++ b/src/ipc.h
@@ -0,0 +1,37 @@
+/* Copyright (C) 2024 Greenbone AG
+ *
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+/**
+ * @file ipc.h
+ * @brief Headers for inter-process communitcation (IPC)
+ */
+
+#ifndef _GVMD_IPC_H
+#define _GVMD_IPC_H
+
+typedef enum {
+  SEMAPHORE_SCAN_UPDATE = 0
+} semaphore_index_t;
+
+int
+init_semaphore_set ();
+
+int
+semaphore_op (semaphore_index_t, short int, time_t);
+
+#endif /* not _GVMD_IPC_H */
diff --git a/src/manage.c b/src/manage.c
index ee2efda0e..ce40a7000 100644
--- a/src/manage.c
+++ b/src/manage.c
@@ -48,6 +48,7 @@
 
 #include "debug_utils.h"
 #include "gmp_base.h"
+#include "ipc.h"
 #include "manage.h"
 #include "manage_acl.h"
 #include "manage_configs.h"
@@ -75,7 +76,6 @@
 #include <string.h>
 #include <strings.h>
 #include <sys/file.h>
-#include <sys/sem.h>
 #include <sys/stat.h>
 #include <sys/types.h>
 #include <sys/wait.h>
@@ -221,17 +221,6 @@ static int schedule_timeout = SCHEDULE_TIMEOUT_DEFAULT;
  */
 static int scanner_connection_retry = SCANNER_CONNECTION_RETRY_DEFAULT;
 
-/**
- * @brief System V semaphore set key for gvmd actions.
- */
-static key_t semaphore_set_key = -1;
-
-/**
- * @brief System V semaphore set id for gvmd actions.
- */
-static int semaphore_set = -1;
-
-
 
 /* Certificate and key management. */
 
@@ -7922,120 +7911,3 @@ delete_resource (const char *type, const char *resource_id, int ultimate)
   assert (0);
   return -1;
 }
-
-
-/* Inter-Process Communication */
-
-/**
- * @brief Union type for values of semctl actions
- */
-union semun {
-    int              val;    ///< Value for SETVAL
-    struct semid_ds *buf;    ///< Buffer for IPC_STAT, IPC_SET
-    unsigned short  *array;  ///< Array for GETALL, SETALL
-    struct seminfo  *__buf;  ///< Buffer for IPC_INFO (Linux-specific)
-};
-
-/**
- * @brief Initializes the semaphore set for gvmd actions.
- *
- * Needs max_concurrent_scan_updates to be set.
- *
- * @return 0 success, -1 error
- */
-int
-init_semaphore_set ()
-{
-  // Ensure semaphore set file exists
-  gchar *key_file_name = g_build_filename (GVM_STATE_DIR, "gvmd.sem", NULL);
-  FILE *key_file = fopen (key_file_name, "a");
-  union semun sem_value;
-  if (key_file == NULL)
-    {
-      g_warning ("%s: error creating semaphore file %s: %s",
-                 __func__, key_file_name, strerror (errno));
-      g_free (key_file_name);
-      return -1;
-    }
-  fclose (key_file);
-  semaphore_set_key = ftok (key_file_name, 0);
-  if (semaphore_set_key < 0)
-    {
-      g_warning ("%s: error creating semaphore key for file %s: %s",
-                 __func__, key_file_name, strerror (errno));
-      g_free (key_file_name);
-      return -1;
-    }
-
-  semaphore_set = semget (semaphore_set_key, 1, 0660 | IPC_CREAT);
-  if (semaphore_set < 0)
-    {
-      g_warning ("%s: error getting semaphore set: %s",
-                 __func__, strerror (errno));
-      g_free (key_file_name);
-      return -1;
-    }
-
-  g_debug ("%s: Semaphore set created for file '%s', key %x",
-             __func__, key_file_name, semaphore_set_key);
-  g_free (key_file_name);
-
-  sem_value.val = max_concurrent_scan_updates ?: 1;
-  if (semctl (semaphore_set, SEMAPHORE_SCAN_UPDATE, SETVAL, sem_value) == -1)
-    {
-      g_warning ("%s: error initializing scan update semaphore: %s",
-                 __func__, strerror (errno));
-      return -1;
-    }
-
-  return 0;
-}
-
-/**
- * @brief Performs a semaphore operation (signal or wait).
- *
- * A negative op_value will try to decrease the semaphore value
- *  and wait if needed.
- * A positive op_value will increase the semaphore value.
- * Zero as op_value will wait for the semaphore value to become zero.
- *
- * (See semop from sys/sem.h)
- *
- * @param[in]  semaphore_index  The index of the semaphore in the gvmd set.
- * @param[in]  op_value   The operation value
- * @param[in]  timeout    Timeout in seconds, 0 for unlimited
- *
- * @return 0 success, 1 timed out, -1 error
- */
-int
-semaphore_op (semaphore_index_t semaphore_index,
-              short int op_value,
-              time_t timeout)
-{
-  int ret;
-  struct sembuf op = {
-    sem_num: semaphore_index,
-    sem_op: op_value,
-    sem_flg: SEM_UNDO
-  };
-
-  struct timespec ts = {
-    tv_nsec: 0,
-    tv_sec: timeout,
-  };
-
-  ret = semtimedop (semaphore_set, &op, 1, timeout > 0 ? &ts : NULL);
-  if (ret)
-    {
-      if (errno == EAGAIN)
-        return 1;
-      else
-        {
-          g_warning ("%s: semaphore operation failed: %s",
-                     __func__, strerror (errno));
-          return -1;
-        }
-    }
-
-  return 0;
-}
diff --git a/src/manage.h b/src/manage.h
index 4bd35c86e..0ee2e9c23 100644
--- a/src/manage.h
+++ b/src/manage.h
@@ -3989,17 +3989,4 @@ get_vt_verification_collation ();
 void
 set_vt_verification_collation (const char *);
 
-
-/* Inter-Process communication */
-
-typedef enum {
-  SEMAPHORE_SCAN_UPDATE = 0
-} semaphore_index_t;
-
-int
-init_semaphore_set ();
-
-int
-semaphore_op (semaphore_index_t, short int, time_t);
-
 #endif /* not _GVMD_MANAGE_H */

From 4cdbd5b43822c45c70cc5ed082fedafda4937b4b Mon Sep 17 00:00:00 2001
From: Timo Pollmeier <timo.pollmeier@greenbone.net>
Date: Wed, 28 Aug 2024 09:51:12 +0200
Subject: [PATCH 035/134] Fix formatting of union semun

The formatting is made more consistent with other type definitions.
---
 src/ipc.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/ipc.c b/src/ipc.c
index 48008d96f..d22cca937 100644
--- a/src/ipc.c
+++ b/src/ipc.c
@@ -49,10 +49,10 @@ static int semaphore_set = -1;
  * @brief Union type for values of semctl actions
  */
 union semun {
-    int              val;    ///< Value for SETVAL
-    struct semid_ds *buf;    ///< Buffer for IPC_STAT, IPC_SET
-    unsigned short  *array;  ///< Array for GETALL, SETALL
-    struct seminfo  *__buf;  ///< Buffer for IPC_INFO (Linux-specific)
+  int val;                ///< Value for SETVAL
+  struct semid_ds *buf;   ///< Buffer for IPC_STAT, IPC_SET
+  unsigned short *array;  ///< Array for GETALL, SETALL
+  struct seminfo *__buf;  ///< Buffer for IPC_INFO (Linux-specific)
 };
 
 /**

From d05370ffc6499dc47884b048a4aced8d63c3874b Mon Sep 17 00:00:00 2001
From: Greenbone Bot <github-bot@greenbone.net>
Date: Thu, 29 Aug 2024 10:01:35 +0000
Subject: [PATCH 036/134] Automatic release to 23.9.0

---
 CMakeLists.txt | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index dd7396c90..b7c6e7350 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -20,7 +20,7 @@ cmake_minimum_required (VERSION 3.0)
 message ("-- Configuring Greenbone Vulnerability Manager...")
 
 project (gvm
-         VERSION 23.8.2
+         VERSION 23.9.0
          LANGUAGES C)
 
 if (POLICY CMP0005)
@@ -58,7 +58,7 @@ endif (NOT CMAKE_BUILD_TYPE MATCHES "Release")
 
 # Set dev version if this is a development version and not a full release,
 # unset (put value 0 or delete line) before a full release and reset after.
-set (PROJECT_DEV_VERSION 1)
+set (PROJECT_DEV_VERSION 0)
 
 # If PROJECT_DEV_VERSION is set, the version string will be set to:
 #   "major.minor.patch~dev${PROJECT_DEV_VERSION}${GIT_REVISION}"

From b4c652c81c5f2bf567c5ce8356a8d7f961e679a2 Mon Sep 17 00:00:00 2001
From: Greenbone Bot <github-bot@greenbone.net>
Date: Thu, 29 Aug 2024 10:01:36 +0000
Subject: [PATCH 037/134] Automatic adjustments after release [skip ci]

* Update to version 23.9.1-dev1
---
 CMakeLists.txt | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index b7c6e7350..9382b7d5a 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -20,7 +20,7 @@ cmake_minimum_required (VERSION 3.0)
 message ("-- Configuring Greenbone Vulnerability Manager...")
 
 project (gvm
-         VERSION 23.9.0
+         VERSION 23.9.1
          LANGUAGES C)
 
 if (POLICY CMP0005)
@@ -58,7 +58,7 @@ endif (NOT CMAKE_BUILD_TYPE MATCHES "Release")
 
 # Set dev version if this is a development version and not a full release,
 # unset (put value 0 or delete line) before a full release and reset after.
-set (PROJECT_DEV_VERSION 0)
+set (PROJECT_DEV_VERSION 1)
 
 # If PROJECT_DEV_VERSION is set, the version string will be set to:
 #   "major.minor.patch~dev${PROJECT_DEV_VERSION}${GIT_REVISION}"

From b2d0270442ca7fd39c9ad37eb1c15de070605ffd Mon Sep 17 00:00:00 2001
From: Timo Pollmeier <timo.pollmeier@greenbone.net>
Date: Fri, 30 Aug 2024 10:31:13 +0200
Subject: [PATCH 038/134] Change: Use new EPSS file name and format

The EPSS scores file is now named "epss-scores-current.json" and
contains a JSON object where the list of scores in in a field named
"epss_scores".

This aligns the update in gvmd with the upcoming feed and allows for an
addition metadata field in the file.
---
 src/manage_sql_secinfo.c | 34 ++++++++++++++++++++++------------
 1 file changed, 22 insertions(+), 12 deletions(-)

diff --git a/src/manage_sql_secinfo.c b/src/manage_sql_secinfo.c
index fd8c13c76..644df250d 100644
--- a/src/manage_sql_secinfo.c
+++ b/src/manage_sql_secinfo.c
@@ -2860,21 +2860,22 @@ static int
 update_epss_scores ()
 {
   GError *error = NULL;
-  gchar *latest_json_path;
+  gchar *current_json_path;
   gchar *file_contents = NULL; 
-  cJSON *parsed, *list_item;
+  cJSON *parsed, *epss_scores_list, *list_item;
   inserts_t inserts;
 
-  latest_json_path = g_build_filename (GVM_SCAP_DATA_DIR, "epss-latest.json",
-                                       NULL);
+  current_json_path = g_build_filename (GVM_SCAP_DATA_DIR,
+                                        "epss-scores-current.json",
+                                        NULL);
 
-  if (! g_file_get_contents (latest_json_path, &file_contents, NULL, &error))
+  if (! g_file_get_contents (current_json_path, &file_contents, NULL, &error))
     {
       int ret;
       if (error->code == G_FILE_ERROR_NOENT)
         {
           g_info ("%s: EPSS scores file '%s' not found",
-                  __func__, latest_json_path);
+                  __func__, current_json_path);
           ret = 0;
         }
       else
@@ -2884,12 +2885,12 @@ update_epss_scores ()
           ret = -1;
         }
       g_error_free (error);
-      g_free (latest_json_path);
+      g_free (current_json_path);
       return ret;
     }
 
-  g_info ("Updating EPSS scores from %s", latest_json_path);
-  g_free (latest_json_path);
+  g_info ("Updating EPSS scores from %s", current_json_path);
+  g_free (current_json_path);
 
   parsed = cJSON_Parse (file_contents);
   g_free (file_contents);
@@ -2900,9 +2901,18 @@ update_epss_scores ()
       return -1;
     }
   
-  if (! cJSON_IsArray (parsed))
+  if (! cJSON_IsObject (parsed))
     {
-      g_warning ("%s: EPSS scores file is not a JSON array", __func__);
+      g_warning ("%s: EPSS scores file is not a JSON object", __func__);
+      cJSON_Delete (parsed);
+      return -1;
+    }
+
+  epss_scores_list = cJSON_GetObjectItem (parsed, "epss_scores");
+  if (epss_scores_list == NULL)
+    {
+      g_warning ("%s: Missing epss_scores field",
+                 __func__);
       cJSON_Delete (parsed);
       return -1;
     }
@@ -2916,7 +2926,7 @@ update_epss_scores ()
                 "  VALUES ",
                 " ON CONFLICT (cve) DO NOTHING");
 
-  cJSON_ArrayForEach (list_item, parsed)
+  cJSON_ArrayForEach (list_item, epss_scores_list)
     {
       cJSON *cve_json, *epss_json, *percentile_json;
       

From 1cc8c6d19148baba1150ebcc3de0afcc010d97b9 Mon Sep 17 00:00:00 2001
From: Ahmed Abdelsalam <ahmed.abdelsalam@greenbone.net>
Date: Fri, 30 Aug 2024 09:47:01 +0200
Subject: [PATCH 039/134] Change: Add system_default value for date and time
 format settings

---
 src/manage_sql.c | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/src/manage_sql.c b/src/manage_sql.c
index b5829f009..c90a3a882 100644
--- a/src/manage_sql.c
+++ b/src/manage_sql.c
@@ -16131,7 +16131,7 @@ check_db_settings ()
           " ('" SETTING_UUID_USER_INTERFACE_TIME_FORMAT "', NULL,"
           "  'User Interface Time Format',"
           "  'Preferred time format to be used in client user interfaces.',"
-          "  '24' );");
+          "  'system_default' );");
 
   if (sql_int ("SELECT count(*) FROM settings"
               " WHERE uuid = '" SETTING_UUID_USER_INTERFACE_DATE_FORMAT "'"
@@ -16142,7 +16142,7 @@ check_db_settings ()
           " ('" SETTING_UUID_USER_INTERFACE_DATE_FORMAT "', NULL,"
           "  'User Interface Date Format',"
           "  'Preferred date format to be used in client user interfaces.',"
-          "  'wdmy' );");
+          "  'system_default' );");
 }
 
 /**
@@ -53348,10 +53348,9 @@ modify_setting (const gchar *uuid, const gchar *name,
 
       if (strcmp (uuid, "11deb7ff-550b-4950-aacf-06faeb7c61b9") == 0)
         {
-          int value_int;
           /* User Interface Time Format */
-          if (sscanf (value, "%d", &value_int) != 1
-              || (strcmp (value, "12") && strcmp (value, "24")))
+          if (strcmp (value, "12") && strcmp (value, "24")
+              && strcmp (value, "system_default"))
             {
               g_free (value);
               return 2;
@@ -53361,7 +53360,8 @@ modify_setting (const gchar *uuid, const gchar *name,
       if (strcmp (uuid, "d9857b7c-1159-4193-9bc0-18fae5473a69") == 0)
         {
           /* User Interface Date Format */
-          if (strcmp (value, "wmdy") && strcmp (value, "wdmy"))
+          if (strcmp (value, "wmdy") && strcmp (value, "wdmy")
+              && strcmp (value, "system_default"))
             {
               g_free (value);
               return 2;

From 70794dbeb040771d2c7482a727866f8c9ac86a93 Mon Sep 17 00:00:00 2001
From: Matt Mundell <matt@mundell.me>
Date: Sat, 29 Jun 2024 08:16:15 +0200
Subject: [PATCH 040/134] Fix: add missing returns in modify_config_run

---
 src/gmp_configs.c | 17 ++++++++++++-----
 1 file changed, 12 insertions(+), 5 deletions(-)

diff --git a/src/gmp_configs.c b/src/gmp_configs.c
index f7d550dd4..b5935f14a 100644
--- a/src/gmp_configs.c
+++ b/src/gmp_configs.c
@@ -1026,12 +1026,18 @@ modify_config_run (gmp_parser_t *gmp_parser, GError **error)
   config_id = attr_or_null (entity, "config_id");
 
   if (config_id == NULL)
-    SEND_TO_CLIENT_OR_FAIL
-     (XML_ERROR_SYNTAX ("modify_config",
-                        "A config_id attribute is required"));
+    {
+      SEND_TO_CLIENT_OR_FAIL
+        (XML_ERROR_SYNTAX ("modify_config",
+                           "A config_id attribute is required"));
+      return;
+    }
   else if (config_predefined_uuid (config_id))
-    SEND_TO_CLIENT_OR_FAIL (XML_ERROR_SYNTAX ("modify_config",
-                                              "Permission denied"));
+    {
+      SEND_TO_CLIENT_OR_FAIL (XML_ERROR_SYNTAX ("modify_config",
+                                                "Permission denied"));
+      return;
+    }
 
   // Find the config
   switch (manage_modify_config_start (config_id, &config))
@@ -1053,6 +1059,7 @@ modify_config_run (gmp_parser_t *gmp_parser, GError **error)
         SEND_TO_CLIENT_OR_FAIL
           (XML_INTERNAL_ERROR ("modify_config"));
         log_event_fail ("config", "Scan Config", config_id, "modified");
+        return;
     }
 
   // Handle basic attributes and elements

From 49cb75a6a6f9f4208880eb50a06b74852598a951 Mon Sep 17 00:00:00 2001
From: Matt Mundell <matt@mundell.me>
Date: Sat, 29 Jun 2024 08:58:03 +0200
Subject: [PATCH 041/134] Change: include predefined in check for WRITABLE in
 GET_CONFIGS

---
 src/manage_sql_configs.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/manage_sql_configs.c b/src/manage_sql_configs.c
index 039cc3f98..28e2bb10e 100644
--- a/src/manage_sql_configs.c
+++ b/src/manage_sql_configs.c
@@ -3316,12 +3316,12 @@ config_in_use (config_t config)
  *
  * @param[in]  config  Config.
  *
- * @return 1.
+ * @return 1 if writable, else 0.
  */
 int
 config_writable (config_t config)
 {
-  return 1;
+  return config_predefined (config) ? 0 : 1;
 }
 
 /**

From b018bf1b6882b03b253029eec7661a1339317e5f Mon Sep 17 00:00:00 2001
From: Matt Mundell <matt@mundell.me>
Date: Sat, 6 Jul 2024 21:58:03 +0200
Subject: [PATCH 042/134] Fix: Use right type for serial buffer

---
 src/manage.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/manage.c b/src/manage.c
index ce40a7000..c924ca36e 100644
--- a/src/manage.c
+++ b/src/manage.c
@@ -556,7 +556,7 @@ get_certificate_info (const gchar* certificate, gssize certificate_len,
         {
           int i;
           size_t buffer_size = 0;
-          gchar* buffer;
+          unsigned char *buffer;
           GString *string;
 
           string = g_string_new ("");

From 1b09ee5f28c3119740d4b652e604685f4e99caf5 Mon Sep 17 00:00:00 2001
From: Matt Mundell <matt@mundell.me>
Date: Tue, 9 Jul 2024 01:42:45 +0200
Subject: [PATCH 043/134] Remove stray details checks from GET_ASSETS

The details attribute is store in get_assets_data->get.details. These
checks on get_assets_data->details are probably copy-paste errors from
GET_INFO. This works in GET_INFO because GET_INFO explicitly sets
details alongside get.details.

As a result the DETAILS element has never been returned from
GET_ASSETS. It's also missing from the docs.

Similarly, ROUTES is only returned from GET_ASSETS when an id
attribute is given, regardless of the value of the details attribute.
---
 src/gmp.c | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/src/gmp.c b/src/gmp.c
index 4ae04b006..31105788a 100644
--- a/src/gmp.c
+++ b/src/gmp.c
@@ -11905,7 +11905,7 @@ handle_get_assets (gmp_parser_t *gmp_parser, GError **error)
                                       (&details));
           cleanup_iterator (&details);
 
-          if (get_assets_data->details || get_assets_data->get.id)
+          if (get_assets_data->get.id)
             {
               routes_xml = host_routes_xml (asset);
               g_string_append (result, routes_xml);
@@ -11923,9 +11923,6 @@ handle_get_assets (gmp_parser_t *gmp_parser, GError **error)
     }
   cleanup_iterator (&assets);
 
-  if (get_assets_data->details == 1)
-    SEND_TO_CLIENT_OR_FAIL ("<details>1</details>");
-
   filtered = get_assets_data->get.id
               ? 1
               : asset_count (&get_assets_data->get);

From f11664a316a69b27601d0e5833d065ba1246530b Mon Sep 17 00:00:00 2001
From: Matt Mundell <matt@mundell.me>
Date: Wed, 31 Jul 2024 14:22:34 +0200
Subject: [PATCH 044/134] Remove redundant note_id field

Field is already available as get.id from get_data_parse_attributes.
---
 src/gmp.c | 11 +++--------
 1 file changed, 3 insertions(+), 8 deletions(-)

diff --git a/src/gmp.c b/src/gmp.c
index 31105788a..b8d035a8a 100644
--- a/src/gmp.c
+++ b/src/gmp.c
@@ -1793,7 +1793,6 @@ get_info_data_reset (get_info_data_t *data)
 typedef struct
 {
   get_data_t get;        ///< Get args.
-  char *note_id;         ///< ID of single note to get.
   char *nvt_oid;         ///< OID of NVT to which to limit listing.
   char *task_id;         ///< ID of task to which to limit listing.
   int result;            ///< Boolean.  Whether to include associated results.
@@ -1807,7 +1806,6 @@ typedef struct
 static void
 get_notes_data_reset (get_notes_data_t *data)
 {
-  free (data->note_id);
   free (data->nvt_oid);
   free (data->task_id);
 
@@ -5332,7 +5330,7 @@ gmp_xml_handle_start_element (/* unused */ GMarkupParseContext* context,
                                attribute_names,
                                attribute_values);
             set_client_state (CLIENT_GET_LICENSE);
-          }      
+          }
         else if (strcasecmp ("GET_NOTES", element_name) == 0)
           {
             const gchar* attribute;
@@ -5341,9 +5339,6 @@ gmp_xml_handle_start_element (/* unused */ GMarkupParseContext* context,
                                        attribute_names,
                                        attribute_values);
 
-            append_attribute (attribute_names, attribute_values, "note_id",
-                              &get_notes_data->note_id);
-
             append_attribute (attribute_names, attribute_values, "nvt_oid",
                               &get_notes_data->nvt_oid);
 
@@ -13648,12 +13643,12 @@ handle_get_notes (gmp_parser_t *gmp_parser, GError **error)
   nvt_t nvt = 0;
   task_t task = 0;
 
-  if (get_notes_data->note_id && get_notes_data->nvt_oid)
+  if (get_notes_data->get.id && get_notes_data->nvt_oid)
     SEND_TO_CLIENT_OR_FAIL
      (XML_ERROR_SYNTAX ("get_notes",
                         "Only one of NVT and the note_id attribute"
                         " may be given"));
-  else if (get_notes_data->note_id && get_notes_data->task_id)
+  else if (get_notes_data->get.id && get_notes_data->task_id)
     SEND_TO_CLIENT_OR_FAIL
      (XML_ERROR_SYNTAX ("get_notes",
                         "Only one of the note_id and task_id"

From 8d01d17f856a9336f382b97d7f4b20ded6607d12 Mon Sep 17 00:00:00 2001
From: Matt Mundell <matt@mundell.me>
Date: Wed, 31 Jul 2024 14:27:29 +0200
Subject: [PATCH 045/134] Remove redundant override_id field

Field is already available as get.id from get_data_parse_attributes.
---
 src/gmp.c | 9 ++-------
 1 file changed, 2 insertions(+), 7 deletions(-)

diff --git a/src/gmp.c b/src/gmp.c
index b8d035a8a..9d3ae94c7 100644
--- a/src/gmp.c
+++ b/src/gmp.c
@@ -1874,7 +1874,6 @@ get_nvt_families_data_reset (get_nvt_families_data_t *data)
 typedef struct
 {
   get_data_t get;      ///< Get args.
-  char *override_id;   ///< ID of override to get.
   char *nvt_oid;       ///< OID of NVT to which to limit listing.
   char *task_id;       ///< ID of task to which to limit listing.
   int result;          ///< Boolean.  Whether to include associated results.
@@ -1888,7 +1887,6 @@ typedef struct
 static void
 get_overrides_data_reset (get_overrides_data_t *data)
 {
-  free (data->override_id);
   free (data->nvt_oid);
   free (data->task_id);
 
@@ -5429,9 +5427,6 @@ gmp_xml_handle_start_element (/* unused */ GMarkupParseContext* context,
                                        attribute_names,
                                        attribute_values);
 
-            append_attribute (attribute_names, attribute_values, "override_id",
-                              &get_overrides_data->override_id);
-
             append_attribute (attribute_names, attribute_values, "nvt_oid",
                               &get_overrides_data->nvt_oid);
 
@@ -14048,12 +14043,12 @@ handle_get_overrides (gmp_parser_t *gmp_parser, GError **error)
   nvt_t nvt = 0;
   task_t task = 0;
 
-  if (get_overrides_data->override_id && get_overrides_data->nvt_oid)
+  if (get_overrides_data->get.id && get_overrides_data->nvt_oid)
     SEND_TO_CLIENT_OR_FAIL
      (XML_ERROR_SYNTAX ("get_overrides",
                         "Only one of NVT and the override_id attribute"
                         " may be given"));
-  else if (get_overrides_data->override_id
+  else if (get_overrides_data->get.id
             && get_overrides_data->task_id)
     SEND_TO_CLIENT_OR_FAIL
      (XML_ERROR_SYNTAX ("get_overrides",

From 7be748610cc3b03adcb449a54530e1689b38b93a Mon Sep 17 00:00:00 2001
From: Matt Mundell <matt@mundell.me>
Date: Mon, 15 Jul 2024 21:43:49 +0200
Subject: [PATCH 046/134] Remove stray space

---
 CMakeLists.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 9382b7d5a..8aa2c55a9 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -414,7 +414,7 @@ install (FILES src/alert_methods/vFire/alert
          DESTINATION ${GVMD_DATA_DIR}/global_alert_methods/159f79a5-fce8-4ec5-aa49-7d17a77739a3/
          PERMISSIONS OWNER_WRITE OWNER_READ OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
 
- install (CODE "file (MAKE_DIRECTORY \$ENV{DESTDIR}${GVMD_DATA_DIR}/wizards)")
+install (CODE "file (MAKE_DIRECTORY \$ENV{DESTDIR}${GVMD_DATA_DIR}/wizards)")
 
 install (FILES src/wizards/quick_first_scan.xml
                src/wizards/get_tasks_deep.xml

From 87802e2c227d778e70fe1efd4ed1330b887520cd Mon Sep 17 00:00:00 2001
From: Matt Mundell <matt@mundell.me>
Date: Mon, 15 Jul 2024 21:46:16 +0200
Subject: [PATCH 047/134] GMP doc: GET_FILTERS: fix summary of IN_USE

---
 src/schema_formats/XML/GMP.xml.in | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/schema_formats/XML/GMP.xml.in b/src/schema_formats/XML/GMP.xml.in
index 172b845c5..75b85660b 100644
--- a/src/schema_formats/XML/GMP.xml.in
+++ b/src/schema_formats/XML/GMP.xml.in
@@ -11990,7 +11990,7 @@ END:VCALENDAR
         </ele>
         <ele>
           <name>in_use</name>
-          <summary>Whether any tasks are using the filter</summary>
+          <summary>Whether any alerts are using the filter</summary>
           <pattern><t>boolean</t></pattern>
         </ele>
         <ele>

From bbcfc495cb705d60353bbd668ffb77551cd4bb62 Mon Sep 17 00:00:00 2001
From: Matt Mundell <matt@mundell.me>
Date: Fri, 16 Aug 2024 12:54:00 +0200
Subject: [PATCH 048/134] GMP doc: GET_OVERRIDES: fix summary

---
 src/schema_formats/XML/GMP.xml.in | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/schema_formats/XML/GMP.xml.in b/src/schema_formats/XML/GMP.xml.in
index a1c504782..619f16e8c 100644
--- a/src/schema_formats/XML/GMP.xml.in
+++ b/src/schema_formats/XML/GMP.xml.in
@@ -1181,7 +1181,7 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
     </pattern>
     <ele>
       <name>permissions</name>
-      <summary>Permissions that the current user has on the note</summary>
+      <summary>Permissions that the current user has on the override</summary>
       <pattern>
         <any><e>permission</e></any>
       </pattern>

From 3cae2fb503333b1fc7b98aed0b9a7b470ae37fde Mon Sep 17 00:00:00 2001
From: Matt Mundell <matt@mundell.me>
Date: Fri, 16 Aug 2024 12:56:42 +0200
Subject: [PATCH 049/134] GMP doc: GET_OVERRIDES: remove duplicate PERMISSIONS
 ref

---
 src/schema_formats/XML/GMP.xml.in | 1 -
 1 file changed, 1 deletion(-)

diff --git a/src/schema_formats/XML/GMP.xml.in b/src/schema_formats/XML/GMP.xml.in
index 619f16e8c..1817e193d 100644
--- a/src/schema_formats/XML/GMP.xml.in
+++ b/src/schema_formats/XML/GMP.xml.in
@@ -1167,7 +1167,6 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
       <e>new_threat</e>
       <e>new_severity</e>
       <e>orphan</e>
-      <e>permissions</e>
       <o><e>user_tags</e></o>
       <o>
         <g>

From 79699d96ab1c8e7bf3515f5c4019381ec17c125a Mon Sep 17 00:00:00 2001
From: Matt Mundell <matt@mundell.me>
Date: Fri, 16 Aug 2024 13:11:22 +0200
Subject: [PATCH 050/134] GMP doc: GET_OVERRIDES: add NAME and TRASH to TASK

---
 src/schema_formats/XML/GMP.xml.in | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/src/schema_formats/XML/GMP.xml.in b/src/schema_formats/XML/GMP.xml.in
index 1817e193d..a192e937c 100644
--- a/src/schema_formats/XML/GMP.xml.in
+++ b/src/schema_formats/XML/GMP.xml.in
@@ -1368,7 +1368,19 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
           <type>uuid</type>
           <required>1</required>
         </attrib>
+        <e>name</e>
+        <e>trash</e>
       </pattern>
+      <ele>
+        <name>name</name>
+        <summary>Task name</summary>
+        <pattern>text</pattern>
+      </ele>
+      <ele>
+        <name>trash</name>
+        <summary>Whether the task is in the trashcan</summary>
+        <type>boolean</type>
+      </ele>
     </ele>
     <ele>
       <name>active</name>

From 9b311d3a8d6c478efb964445d89bd370bb73693b Mon Sep 17 00:00:00 2001
From: Matt Mundell <matt@mundell.me>
Date: Fri, 16 Aug 2024 13:46:41 +0200
Subject: [PATCH 051/134] GMP doc: GET_OVERRIDES: use type for RESULT

---
 src/schema_formats/XML/GMP.xml.in | 109 +-----------------------------
 1 file changed, 1 insertion(+), 108 deletions(-)

diff --git a/src/schema_formats/XML/GMP.xml.in b/src/schema_formats/XML/GMP.xml.in
index a192e937c..ed49cfe98 100644
--- a/src/schema_formats/XML/GMP.xml.in
+++ b/src/schema_formats/XML/GMP.xml.in
@@ -1395,114 +1395,7 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
     <ele>
       <name>result</name>
       <summary>Result to which override applies</summary>
-      <pattern>
-        <attrib>
-          <name>id</name>
-          <type>uuid</type>
-          <required>1</required>
-        </attrib>
-        <e>host</e>
-        <e>port</e>
-        <e>nvt</e>
-        <e>threat</e>
-        <e>severity</e>
-        <e>qod</e>
-        <e>description</e>
-      </pattern>
-      <ele>
-        <name>host</name>
-        <pattern>
-          <e>asset</e>
-          text
-        </pattern>
-        <ele>
-          <name>asset</name>
-          <summary>Asset linked to host</summary>
-          <pattern>
-            <attrib>
-              <name>asset_id</name>
-              <type>uuid</type>
-              <required>1</required>
-            </attrib>
-          </pattern>
-        </ele>
-      </ele>
-      <ele>
-        <name>port</name>
-        <pattern>text</pattern>
-      </ele>
-      <ele>
-        <name>nvt</name>
-        <pattern>
-          <attrib>
-            <name>oid</name>
-            <type>oid</type>
-            <required>1</required>
-          </attrib>
-          <e>name</e>
-          <e>type</e>
-          <e>cvss_base</e>
-          <e>severities</e>
-          <o><e>cve</e></o>
-        </pattern>
-        <ele>
-          <name>name</name>
-          <pattern><t>name</t></pattern>
-        </ele>
-        <ele>
-          <name>type</name>
-          <summary>The type of the NVT: nvt, cve, ...</summary>
-          <pattern>text</pattern>
-        </ele>
-        <ele>
-          <name>cvss_base</name>
-          <pattern>text</pattern>
-        </ele>
-        <ele>
-          <name>severities</name>
-          <summary>Severity score information of the NVT</summary>
-          <type>severities</type>
-        </ele>
-        <ele>
-          <name>cve</name>
-          <summary>CVE value associated with the NVT</summary>
-          <pattern>text</pattern>
-        </ele>
-      </ele>
-      <ele>
-        <name>threat</name>
-        <pattern>
-          <t>threat</t>
-        </pattern>
-      </ele>
-      <ele>
-        <name>severity</name>
-        <pattern>
-          <t>severity</t>
-        </pattern>
-      </ele>
-      <ele>
-        <name>qod</name>
-        <summary>The quality of detection (QoD) of the result</summary>
-        <pattern>
-          <e>value</e>
-          <e>type</e>
-        </pattern>
-        <ele>
-          <name>value</name>
-          <summary>The numeric QoD value</summary>
-          <pattern><t>integer</t></pattern>
-        </ele>
-        <ele>
-          <name>type</name>
-          <summary>The QoD type</summary>
-          <pattern>text</pattern>
-        </ele>
-      </ele>
-      <ele>
-        <name>description</name>
-        <pattern>text</pattern>
-      </ele>
+      <type>result</type>
     </ele>
   </element>
   <element>

From e0453f62fe8e03548f2a9eeacbe4692376d8c14b Mon Sep 17 00:00:00 2001
From: Matt Mundell <matt@mundell.me>
Date: Fri, 16 Aug 2024 13:54:37 +0200
Subject: [PATCH 052/134] GMP doc: GET_OVERRIDES: remove optional from END_TIME

---
 src/schema_formats/XML/GMP.xml.in | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/schema_formats/XML/GMP.xml.in b/src/schema_formats/XML/GMP.xml.in
index ed49cfe98..438f60f0f 100644
--- a/src/schema_formats/XML/GMP.xml.in
+++ b/src/schema_formats/XML/GMP.xml.in
@@ -1173,7 +1173,7 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
           <e>hosts</e>
           <e>port</e>
           <e>task</e>
-          <o><e>end_time</e></o>
+          <e>end_time</e>
           <o><e>result</e></o>
         </g>
       </o>

From ba5817abbf440e49fa28d0e4938ba6fb80e83da1 Mon Sep 17 00:00:00 2001
From: Matt Mundell <matt@mundell.me>
Date: Mon, 22 Jul 2024 18:40:48 +0200
Subject: [PATCH 053/134] GMP doc: GET_NOTES: add NAME and TRASH to TASK

---
 src/schema_formats/XML/GMP.xml.in | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/src/schema_formats/XML/GMP.xml.in b/src/schema_formats/XML/GMP.xml.in
index 438f60f0f..e74d5fd83 100644
--- a/src/schema_formats/XML/GMP.xml.in
+++ b/src/schema_formats/XML/GMP.xml.in
@@ -1019,7 +1019,19 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
           <type>uuid</type>
           <required>1</required>
         </attrib>
+        <e>name</e>
+        <e>trash</e>
       </pattern>
+      <ele>
+        <name>name</name>
+        <summary>Task name</summary>
+        <pattern>text</pattern>
+      </ele>
+      <ele>
+        <name>trash</name>
+        <summary>Whether the task is in the trashcan</summary>
+        <type>boolean</type>
+      </ele>
     </ele>
     <ele>
       <name>active</name>

From 24f3a2925164e7f61f2bb556f91df3abba2a51d9 Mon Sep 17 00:00:00 2001
From: Matt Mundell <matt@mundell.me>
Date: Mon, 22 Jul 2024 18:42:13 +0200
Subject: [PATCH 054/134] GMP doc: GET_NOTES: remove optional from END_TIME

---
 src/schema_formats/XML/GMP.xml.in | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/schema_formats/XML/GMP.xml.in b/src/schema_formats/XML/GMP.xml.in
index e74d5fd83..427d24af3 100644
--- a/src/schema_formats/XML/GMP.xml.in
+++ b/src/schema_formats/XML/GMP.xml.in
@@ -846,7 +846,7 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
           <e>port</e>
           <e>severity</e>
           <e>task</e>
-          <o><e>end_time</e></o>
+          <e>end_time</e>
           <o><e>result</e></o>
         </g>
       </o>

From 3abb6eb0ab61054b3791083acf94eba26436cb7c Mon Sep 17 00:00:00 2001
From: Matt Mundell <matt@mundell.me>
Date: Mon, 22 Jul 2024 19:00:29 +0200
Subject: [PATCH 055/134] GMP doc: GET_NOTES: use type for RESULT

---
 src/schema_formats/XML/GMP.xml.in | 109 +-----------------------------
 1 file changed, 1 insertion(+), 108 deletions(-)

diff --git a/src/schema_formats/XML/GMP.xml.in b/src/schema_formats/XML/GMP.xml.in
index 427d24af3..569c40b80 100644
--- a/src/schema_formats/XML/GMP.xml.in
+++ b/src/schema_formats/XML/GMP.xml.in
@@ -1046,114 +1046,7 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
     <ele>
       <name>result</name>
       <summary>Result to which note applies</summary>
-      <pattern>
-        <attrib>
-          <name>id</name>
-          <type>uuid</type>
-          <required>1</required>
-        </attrib>
-        <e>host</e>
-        <e>port</e>
-        <e>nvt</e>
-        <e>severity</e>
-        <e>threat</e>
-        <e>qod</e>
-        <e>description</e>
-      </pattern>
-      <ele>
-        <name>host</name>
-        <pattern>
-          <e>asset</e>
-          text
-        </pattern>
-        <ele>
-          <name>asset</name>
-          <summary>Asset linked to host</summary>
-          <pattern>
-            <attrib>
-              <name>asset_id</name>
-              <type>uuid</type>
-              <required>1</required>
-            </attrib>
-          </pattern>
-        </ele>
-      </ele>
-      <ele>
-        <name>port</name>
-        <pattern>text</pattern>
-      </ele>
-      <ele>
-        <name>nvt</name>
-        <pattern>
-          <attrib>
-            <name>oid</name>
-            <type>oid</type>
-            <required>1</required>
-          </attrib>
-          <e>name</e>
-          <e>type</e>
-          <e>cvss_base</e>
-          <e>severities</e>
-          <o><e>cve</e></o>
-        </pattern>
-        <ele>
-          <name>name</name>
-          <pattern><t>name</t></pattern>
-        </ele>
-        <ele>
-          <name>type</name>
-          <summary>The type of the NVT: nvt, cve, ...</summary>
-          <pattern>text</pattern>
-        </ele>
-        <ele>
-          <name>cvss_base</name>
-          <pattern>text</pattern>
-        </ele>
-        <ele>
-          <name>severities</name>
-          <summary>Severity info of the NVT</summary>
-          <type>severities</type>
-        </ele>
-        <ele>
-          <name>cve</name>
-          <summary>CVE value associated with the NVT</summary>
-          <pattern>text</pattern>
-        </ele>
-      </ele>
-      <ele>
-        <name>severity</name>
-        <pattern>
-          <t>severity</t>
-        </pattern>
-      </ele>
-      <ele>
-        <name>threat</name>
-        <pattern>
-          <t>threat</t>
-        </pattern>
-      </ele>
-      <ele>
-        <name>qod</name>
-        <summary>The quality of detection (QoD) of the result</summary>
-        <pattern>
-          <e>value</e>
-          <e>type</e>
-        </pattern>
-        <ele>
-          <name>value</name>
-          <summary>The numeric QoD value</summary>
-          <pattern><t>integer</t></pattern>
-        </ele>
-        <ele>
-          <name>type</name>
-          <summary>The QoD type</summary>
-          <pattern>text</pattern>
-        </ele>
-      </ele>
-      <ele>
-        <name>description</name>
-        <pattern>text</pattern>
-      </ele>
+      <type>result</type>
     </ele>
   </element>
   <element>

From b853ed4d36eb1d484fae90170849cbd512d8ce2a Mon Sep 17 00:00:00 2001
From: Matt Mundell <matt@mundell.me>
Date: Thu, 15 Aug 2024 13:44:39 +0200
Subject: [PATCH 056/134] Remove stray semicolons

---
 src/gmp.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/gmp.c b/src/gmp.c
index 9d3ae94c7..df2bc9788 100644
--- a/src/gmp.c
+++ b/src/gmp.c
@@ -10939,7 +10939,7 @@ buffer_aggregate_xml (GString *xml, iterator_t* aggregate, const gchar* type,
       g_array_free (group_c_sums, TRUE);
 
       g_tree_destroy(subgroup_c_counts);
-    };
+    }
 }
 
 /**
@@ -13520,7 +13520,7 @@ handle_get_info (gmp_parser_t *gmp_parser, GError **error)
                          "</cert_ref>",
                          get_iterator_name (&cert_advs),
                          cert_bund_adv_info_iterator_title (&cert_advs));
-                  };
+                    }
                   cleanup_iterator (&cert_advs);
 
                   init_cve_dfn_cert_adv_iterator (&cert_advs,
@@ -13537,7 +13537,7 @@ handle_get_info (gmp_parser_t *gmp_parser, GError **error)
                                          get_iterator_name (&cert_advs),
                                          dfn_cert_adv_info_iterator_title
                                           (&cert_advs));
-                  };
+                    }
                   cleanup_iterator (&cert_advs);
                 }
               else
@@ -16083,7 +16083,7 @@ handle_get_resource_names (gmp_parser_t *gmp_parser, GError **error)
       get_resource_names_data_reset (get_resource_names_data);
       set_client_state (CLIENT_AUTHENTIC);
       return;
-    };
+    }
 
   ret = init_resource_iterator (&resource, &get_resource_names_data->get);
   if (ret)

From 4bf1407f023b3a80b58b10617b1315ab1bfa5d3b Mon Sep 17 00:00:00 2001
From: Matt Mundell <matt@mundell.me>
Date: Thu, 15 Aug 2024 13:58:28 +0200
Subject: [PATCH 057/134] Format blocks consistently in buffer_aggregate_xml

This function is already very long, and the if blocks around single
statements are making it more verbose. It's also more consistent,
because some were already like this.
---
 src/gmp.c | 169 +++++++++++++++++++++++-------------------------------
 1 file changed, 72 insertions(+), 97 deletions(-)

diff --git a/src/gmp.c b/src/gmp.c
index df2bc9788..161850bb8 100644
--- a/src/gmp.c
+++ b/src/gmp.c
@@ -10352,22 +10352,18 @@ buffer_aggregate_xml (GString *xml, iterator_t* aggregate, const gchar* type,
     {
       gchar *column_name = g_array_index (data_columns, gchar*, index);
       if (column_name && strcmp (column_name, ""))
-        {
-          g_string_append_printf (xml,
-                                  "<data_column>%s</data_column>",
-                                  column_name);
-        }
+        g_string_append_printf (xml,
+                                "<data_column>%s</data_column>",
+                                column_name);
     }
 
   for (index = 0; index < text_columns->len ;index ++)
     {
       gchar *column_name = g_array_index (text_columns, gchar*, index);
       if (column_name && strcmp (column_name, ""))
-        {
-          g_string_append_printf (xml,
-                                  "<text_column>%s</text_column>",
-                                  column_name);
-        }
+        g_string_append_printf (xml,
+                                "<text_column>%s</text_column>",
+                                column_name);
     }
 
   if (group_column)
@@ -10394,11 +10390,9 @@ buffer_aggregate_xml (GString *xml, iterator_t* aggregate, const gchar* type,
 
       group_c_sums = g_array_new (TRUE, TRUE, sizeof (GTree*));
       for (index = 0; index < data_columns->len; index++)
-        {
-          g_array_index (group_c_sums, GTree*, index)
-            = g_tree_new_full ((GCompareDataFunc) g_strcmp0, NULL,
-                               g_free, g_free);
-        }
+        g_array_index (group_c_sums, GTree*, index)
+          = g_tree_new_full ((GCompareDataFunc) g_strcmp0, NULL,
+                             g_free, g_free);
 
       subgroup_c_counts = g_tree_new_full ((GCompareDataFunc) g_strcmp0, NULL,
                                            g_free, g_free);
@@ -10620,29 +10614,25 @@ buffer_aggregate_xml (GString *xml, iterator_t* aggregate, const gchar* type,
                                       *subgroup_c_count);
             }
           else
-            {
-              // No subgrouping
-              g_string_append_printf (xml,
-                                      "<group>"
-                                      "<value>%s</value>"
-                                      "<count>%d</count>"
-                                      "<c_count>%ld</c_count>",
-                                      value_escaped ? value_escaped : "",
-                                      aggregate_iterator_count (aggregate),
-                                      c_count);
-            }
+            // No subgrouping
+            g_string_append_printf (xml,
+                                    "<group>"
+                                    "<value>%s</value>"
+                                    "<count>%d</count>"
+                                    "<c_count>%ld</c_count>",
+                                    value_escaped ? value_escaped : "",
+                                    aggregate_iterator_count (aggregate),
+                                    c_count);
 
           previous_c_count = c_count;
         }
       else
-        {
-          g_string_append_printf (xml,
-                                  "<overall>"
-                                  "<count>%d</count>"
-                                  "<c_count>%ld</c_count>",
-                                  aggregate_iterator_count (aggregate),
-                                  c_count);
-        }
+        g_string_append_printf (xml,
+                                "<overall>"
+                                "<count>%d</count>"
+                                "<c_count>%ld</c_count>",
+                                aggregate_iterator_count (aggregate),
+                                c_count);
 
       for (index = 0; index < data_columns->len; index++)
         {
@@ -10695,23 +10685,21 @@ buffer_aggregate_xml (GString *xml, iterator_t* aggregate, const gchar* type,
                                       iso_time (&mean));
             }
           else
-            {
-              g_string_append_printf (xml,
-                                      "<stats column=\"%s\">"
-                                      "<min>%g</min>"
-                                      "<max>%g</max>"
-                                      "<mean>%g</mean>"
-                                      "<sum>%g</sum>"
-                                      "<c_sum>%g</c_sum>"
-                                      "</stats>",
-                                      data_column,
-                                      aggregate_iterator_min (aggregate, index),
-                                      aggregate_iterator_max (aggregate, index),
-                                      aggregate_iterator_mean (aggregate, index),
-                                      aggregate_iterator_sum (aggregate, index),
-                                      subgroup_column && subgroup_c_sum
-                                        ? *subgroup_c_sum : c_sum);
-          }
+            g_string_append_printf (xml,
+                                    "<stats column=\"%s\">"
+                                    "<min>%g</min>"
+                                    "<max>%g</max>"
+                                    "<mean>%g</mean>"
+                                    "<sum>%g</sum>"
+                                    "<c_sum>%g</c_sum>"
+                                    "</stats>",
+                                    data_column,
+                                    aggregate_iterator_min (aggregate, index),
+                                    aggregate_iterator_max (aggregate, index),
+                                    aggregate_iterator_mean (aggregate, index),
+                                    aggregate_iterator_sum (aggregate, index),
+                                    subgroup_column && subgroup_c_sum
+                                    ? *subgroup_c_sum : c_sum);
         }
 
       for (index = 0; index < text_columns->len; index++)
@@ -10742,17 +10730,12 @@ buffer_aggregate_xml (GString *xml, iterator_t* aggregate, const gchar* type,
         }
 
       if (subgroup_column)
-        {
-          g_string_append_printf (xml, "</subgroup>");
-        }
+        g_string_append_printf (xml, "</subgroup>");
       else if (group_column)
-        {
-          g_string_append_printf (xml, "</group>");
-        }
+        g_string_append_printf (xml, "</group>");
       else
-        {
-          g_string_append_printf (xml, "</overall>");
-        }
+        g_string_append_printf (xml, "</overall>");
+
       g_free (value_escaped);
       g_free (subgroup_value_escaped);
     }
@@ -10761,14 +10744,12 @@ buffer_aggregate_xml (GString *xml, iterator_t* aggregate, const gchar* type,
     {
       // Add elements for last group in case subgroups are used
       if (has_groups)
-        {
-          g_string_append_printf (xml,
-                                  "<count>%ld</count>"
-                                  "<c_count>%ld</c_count>"
-                                  "</group>",
-                                  aggregate_group_count,
-                                  previous_c_count);
-        }
+        g_string_append_printf (xml,
+                                "<count>%ld</count>"
+                                "<c_count>%ld</c_count>"
+                                "</group>",
+                                aggregate_group_count,
+                                previous_c_count);
 
       // Also add overview of all subgroup values
       g_string_append_printf (xml,
@@ -10785,34 +10766,30 @@ buffer_aggregate_xml (GString *xml, iterator_t* aggregate, const gchar* type,
   g_string_append (xml, "<column_info>");
 
   if (group_column)
-    {
-      g_string_append_printf (xml,
-                              "<aggregate_column>"
-                              "<name>value</name>"
-                              "<stat>value</stat>"
-                              "<type>%s</type>"
-                              "<column>%s</column>"
-                              "<data_type>%s</data_type>"
-                              "</aggregate_column>",
-                              type,
-                              group_column,
-                              group_column_type);
-    }
+    g_string_append_printf (xml,
+                            "<aggregate_column>"
+                            "<name>value</name>"
+                            "<stat>value</stat>"
+                            "<type>%s</type>"
+                            "<column>%s</column>"
+                            "<data_type>%s</data_type>"
+                            "</aggregate_column>",
+                            type,
+                            group_column,
+                            group_column_type);
 
   if (subgroup_column)
-    {
-      g_string_append_printf (xml,
-                              "<aggregate_column>"
-                              "<name>subgroup_value</name>"
-                              "<stat>value</stat>"
-                              "<type>%s</type>"
-                              "<column>%s</column>"
-                              "<data_type>%s</data_type>"
-                              "</aggregate_column>",
-                              type,
-                              subgroup_column,
-                              subgroup_column_type);
-    }
+    g_string_append_printf (xml,
+                            "<aggregate_column>"
+                            "<name>subgroup_value</name>"
+                            "<stat>value</stat>"
+                            "<type>%s</type>"
+                            "<column>%s</column>"
+                            "<data_type>%s</data_type>"
+                            "</aggregate_column>",
+                            type,
+                            subgroup_column,
+                            subgroup_column_type);
 
   g_string_append_printf (xml,
                           "<aggregate_column>"
@@ -10932,9 +10909,7 @@ buffer_aggregate_xml (GString *xml, iterator_t* aggregate, const gchar* type,
       g_array_free (group_sums, TRUE);
 
       for (index = 0; index < data_columns->len; index++)
-        {
-          g_tree_destroy (g_array_index (group_c_sums, GTree*, index));
-        }
+        g_tree_destroy (g_array_index (group_c_sums, GTree*, index));
 
       g_array_free (group_c_sums, TRUE);
 

From 40ddc0c23565a7113d2392f065d046ef5b16db75 Mon Sep 17 00:00:00 2001
From: Matt Mundell <matt@mundell.me>
Date: Thu, 15 Aug 2024 14:25:10 +0200
Subject: [PATCH 058/134] Use function to buffer column_info in
 buffer_aggregate_xml

---
 src/gmp.c | 301 ++++++++++++++++++++++++++++++------------------------
 1 file changed, 166 insertions(+), 135 deletions(-)

diff --git a/src/gmp.c b/src/gmp.c
index 161850bb8..68902bb48 100644
--- a/src/gmp.c
+++ b/src/gmp.c
@@ -10313,6 +10313,167 @@ buffer_aggregate_subgroup_value (gchar *key,
   return FALSE;
 }
 
+/**
+ * @brief Buffer XML for an aggregate.
+ *
+ * @param[in]  xml                    Buffer into which to buffer aggregate.
+ * @param[in]  type                   The aggregated type.
+ * @param[in]  group_column           Column the data are grouped by.
+ * @param[in]  group_column_type      Type of the group_column.
+ * @param[in]  subgroup_column        Column the data are further grouped by.
+ * @param[in]  subgroup_column_type
+ * @param[in]  data_columns           Columns statistics are calculated for.
+ * @param[in]  data_column_types      Types of the data_columns.
+ * @param[in]  text_columns           Columns used for labels.
+ * @param[in]  text_column_types      Types of the text_columns.
+ */
+static void
+buffer_aggregate_column_info (GString *xml, const gchar *type,
+                              const char *group_column, const char *group_column_type,
+                              const char *subgroup_column,
+                              const char *subgroup_column_type,
+                              GArray *data_columns, GArray *data_column_types,
+                              GArray *text_columns, GArray *text_column_types)
+{
+  int index;
+
+  g_string_append (xml, "<column_info>");
+
+  if (group_column)
+    g_string_append_printf (xml,
+                            "<aggregate_column>"
+                            "<name>value</name>"
+                            "<stat>value</stat>"
+                            "<type>%s</type>"
+                            "<column>%s</column>"
+                            "<data_type>%s</data_type>"
+                            "</aggregate_column>",
+                            type,
+                            group_column,
+                            group_column_type);
+
+  if (subgroup_column)
+    g_string_append_printf (xml,
+                            "<aggregate_column>"
+                            "<name>subgroup_value</name>"
+                            "<stat>value</stat>"
+                            "<type>%s</type>"
+                            "<column>%s</column>"
+                            "<data_type>%s</data_type>"
+                            "</aggregate_column>",
+                            type,
+                            subgroup_column,
+                            subgroup_column_type);
+
+  g_string_append_printf (xml,
+                          "<aggregate_column>"
+                          "<name>count</name>"
+                          "<stat>count</stat>"
+                          "<type>%s</type>"
+                          "<column></column>"
+                          "<data_type>integer</data_type>"
+                          "</aggregate_column>",
+                          type);
+
+  g_string_append_printf (xml,
+                          "<aggregate_column>"
+                          "<name>c_count</name>"
+                          "<stat>c_count</stat>"
+                          "<type>%s</type>"
+                          "<column></column>"
+                          "<data_type>integer</data_type>"
+                          "</aggregate_column>",
+                          type);
+
+  for (index = 0; index < data_columns->len; index++)
+    {
+      gchar *column_name, *column_type;
+      column_name = g_array_index (data_columns, gchar*, index);
+      column_type = g_array_index (data_column_types, gchar*, index);
+      g_string_append_printf (xml,
+                              "<aggregate_column>"
+                              "<name>%s_min</name>"
+                              "<stat>min</stat>"
+                              "<type>%s</type>"
+                              "<column>%s</column>"
+                              "<data_type>%s</data_type>"
+                              "</aggregate_column>",
+                              column_name,
+                              type,
+                              column_name,
+                              column_type);
+      g_string_append_printf (xml,
+                              "<aggregate_column>"
+                              "<name>%s_max</name>"
+                              "<stat>max</stat>"
+                              "<type>%s</type>"
+                              "<column>%s</column>"
+                              "<data_type>%s</data_type>"
+                              "</aggregate_column>",
+                              column_name,
+                              type,
+                              column_name,
+                              column_type);
+      g_string_append_printf (xml,
+                              "<aggregate_column>"
+                              "<name>%s_mean</name>"
+                              "<stat>mean</stat>"
+                              "<type>%s</type>"
+                              "<column>%s</column>"
+                              "<data_type>%s</data_type>"
+                              "</aggregate_column>",
+                              column_name,
+                              type,
+                              column_name,
+                              column_type);
+      g_string_append_printf (xml,
+                              "<aggregate_column>"
+                              "<name>%s_sum</name>"
+                              "<stat>sum</stat>"
+                              "<type>%s</type>"
+                              "<column>%s</column>"
+                              "<data_type>%s</data_type>"
+                              "</aggregate_column>",
+                              column_name,
+                              type,
+                              column_name,
+                              column_type);
+      g_string_append_printf (xml,
+                              "<aggregate_column>"
+                              "<name>%s_c_sum</name>"
+                              "<stat>c_sum</stat>"
+                              "<type>%s</type>"
+                              "<column>%s</column>"
+                              "<data_type>%s</data_type>"
+                              "</aggregate_column>",
+                              column_name,
+                              type,
+                              column_name,
+                              column_type);
+    }
+
+  for (index = 0; index < text_columns->len; index++)
+    {
+      gchar *column_name, *column_type;
+      column_name = g_array_index (text_columns, gchar*, index);
+      column_type = g_array_index (text_column_types, gchar*, index);
+      g_string_append_printf (xml,
+                              "<aggregate_column>"
+                              "<name>%s</name>"
+                              "<stat>text</stat>"
+                              "<type>%s</type>"
+                              "<column>%s</column>"
+                              "<data_type>%s</data_type>"
+                              "</aggregate_column>",
+                              column_name,
+                              type,
+                              column_name,
+                              column_type);
+    }
+
+  g_string_append (xml, "</column_info>");
+}
+
 /**
  * @brief Buffer XML for an aggregate.
  *
@@ -10763,141 +10924,11 @@ buffer_aggregate_xml (GString *xml, iterator_t* aggregate, const gchar* type,
                               "</subgroups>");
     }
 
-  g_string_append (xml, "<column_info>");
-
-  if (group_column)
-    g_string_append_printf (xml,
-                            "<aggregate_column>"
-                            "<name>value</name>"
-                            "<stat>value</stat>"
-                            "<type>%s</type>"
-                            "<column>%s</column>"
-                            "<data_type>%s</data_type>"
-                            "</aggregate_column>",
-                            type,
-                            group_column,
-                            group_column_type);
-
-  if (subgroup_column)
-    g_string_append_printf (xml,
-                            "<aggregate_column>"
-                            "<name>subgroup_value</name>"
-                            "<stat>value</stat>"
-                            "<type>%s</type>"
-                            "<column>%s</column>"
-                            "<data_type>%s</data_type>"
-                            "</aggregate_column>",
-                            type,
-                            subgroup_column,
-                            subgroup_column_type);
-
-  g_string_append_printf (xml,
-                          "<aggregate_column>"
-                          "<name>count</name>"
-                          "<stat>count</stat>"
-                          "<type>%s</type>"
-                          "<column></column>"
-                          "<data_type>integer</data_type>"
-                          "</aggregate_column>",
-                          type);
-
-  g_string_append_printf (xml,
-                          "<aggregate_column>"
-                          "<name>c_count</name>"
-                          "<stat>c_count</stat>"
-                          "<type>%s</type>"
-                          "<column></column>"
-                          "<data_type>integer</data_type>"
-                          "</aggregate_column>",
-                          type);
-
-  for (index = 0; index < data_columns->len; index++)
-    {
-      gchar *column_name, *column_type;
-      column_name = g_array_index (data_columns, gchar*, index);
-      column_type = g_array_index (data_column_types, gchar*, index);
-      g_string_append_printf (xml,
-                              "<aggregate_column>"
-                              "<name>%s_min</name>"
-                              "<stat>min</stat>"
-                              "<type>%s</type>"
-                              "<column>%s</column>"
-                              "<data_type>%s</data_type>"
-                              "</aggregate_column>",
-                              column_name,
-                              type,
-                              column_name,
-                              column_type);
-      g_string_append_printf (xml,
-                              "<aggregate_column>"
-                              "<name>%s_max</name>"
-                              "<stat>max</stat>"
-                              "<type>%s</type>"
-                              "<column>%s</column>"
-                              "<data_type>%s</data_type>"
-                              "</aggregate_column>",
-                              column_name,
-                              type,
-                              column_name,
-                              column_type);
-      g_string_append_printf (xml,
-                              "<aggregate_column>"
-                              "<name>%s_mean</name>"
-                              "<stat>mean</stat>"
-                              "<type>%s</type>"
-                              "<column>%s</column>"
-                              "<data_type>%s</data_type>"
-                              "</aggregate_column>",
-                              column_name,
-                              type,
-                              column_name,
-                              column_type);
-      g_string_append_printf (xml,
-                              "<aggregate_column>"
-                              "<name>%s_sum</name>"
-                              "<stat>sum</stat>"
-                              "<type>%s</type>"
-                              "<column>%s</column>"
-                              "<data_type>%s</data_type>"
-                              "</aggregate_column>",
-                              column_name,
-                              type,
-                              column_name,
-                              column_type);
-      g_string_append_printf (xml,
-                              "<aggregate_column>"
-                              "<name>%s_c_sum</name>"
-                              "<stat>c_sum</stat>"
-                              "<type>%s</type>"
-                              "<column>%s</column>"
-                              "<data_type>%s</data_type>"
-                              "</aggregate_column>",
-                              column_name,
-                              type,
-                              column_name,
-                              column_type);
-    }
-
-  for (index = 0; index < text_columns->len; index++)
-    {
-      gchar *column_name, *column_type;
-      column_name = g_array_index (text_columns, gchar*, index);
-      column_type = g_array_index (text_column_types, gchar*, index);
-      g_string_append_printf (xml,
-                              "<aggregate_column>"
-                              "<name>%s</name>"
-                              "<stat>text</stat>"
-                              "<type>%s</type>"
-                              "<column>%s</column>"
-                              "<data_type>%s</data_type>"
-                              "</aggregate_column>",
-                              column_name,
-                              type,
-                              column_name,
-                              column_type);
-    }
-
-  g_string_append (xml, "</column_info>");
+  buffer_aggregate_column_info (xml, type,
+                                group_column, group_column_type,
+                                subgroup_column, subgroup_column_type,
+                                data_columns, data_column_types,
+                                text_columns, text_column_types);
 
   g_string_append (xml, "</aggregate>");
 

From 6c0743df224872b15007a44bf1fef7e4ef55c95c Mon Sep 17 00:00:00 2001
From: Matt Mundell <matt@mundell.me>
Date: Tue, 20 Aug 2024 20:52:43 +0200
Subject: [PATCH 059/134] GMP doc: GET_REPORTS: fix typo in attribute name

---
 src/schema_formats/XML/GMP.xml.in | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/schema_formats/XML/GMP.xml.in b/src/schema_formats/XML/GMP.xml.in
index 569c40b80..44fb9e906 100644
--- a/src/schema_formats/XML/GMP.xml.in
+++ b/src/schema_formats/XML/GMP.xml.in
@@ -18162,7 +18162,7 @@ END:VCALENDAR
         <type>uuid</type>
       </attrib>
       <attrib>
-        <name>format_id</name>
+        <name>config_id</name>
         <summary>ID of requested report config</summary>
         <type>uuid</type>
       </attrib>

From 14b8de5fc446b1f93e7fc56c307884899f0e3071 Mon Sep 17 00:00:00 2001
From: Matt Mundell <matt@mundell.me>
Date: Wed, 24 Jul 2024 23:46:01 +0200
Subject: [PATCH 060/134] Clean alignment in handle_get_nvts

---
 src/gmp.c | 54 +++++++++++++++++++++++++++---------------------------
 1 file changed, 27 insertions(+), 27 deletions(-)

diff --git a/src/gmp.c b/src/gmp.c
index 68902bb48..128ff751a 100644
--- a/src/gmp.c
+++ b/src/gmp.c
@@ -13793,25 +13793,25 @@ handle_get_nvts (gmp_parser_t *gmp_parser, GError **error)
          (XML_ERROR_SYNTAX ("get_nvts",
                             "Too many parameters at once"));
       else if ((get_nvts_data->details == 0)
-                && get_nvts_data->preference_count)
+               && get_nvts_data->preference_count)
         SEND_TO_CLIENT_OR_FAIL
          (XML_ERROR_SYNTAX ("get_nvts",
                             "The preference_count attribute"
                             " requires the details attribute"));
       else if ((get_nvts_data->details == 0)
-                && get_nvts_data->preferences)
+               && get_nvts_data->preferences)
         SEND_TO_CLIENT_OR_FAIL
          (XML_ERROR_SYNTAX ("get_nvts",
                             "The preferences attribute"
                             " requires the details attribute"));
       else if ((get_nvts_data->details == 0)
-                && get_nvts_data->skip_cert_refs)
+               && get_nvts_data->skip_cert_refs)
         SEND_TO_CLIENT_OR_FAIL
          (XML_ERROR_SYNTAX ("get_nvts",
                             "The skip_cert_refs attribute"
                             " requires the details attribute"));
       else if ((get_nvts_data->details == 0)
-                && get_nvts_data->skip_tags)
+               && get_nvts_data->skip_tags)
         SEND_TO_CLIENT_OR_FAIL
          (XML_ERROR_SYNTAX ("get_nvts",
                             "The skip_tags attribute"
@@ -13825,14 +13825,14 @@ handle_get_nvts (gmp_parser_t *gmp_parser, GError **error)
       else if (((get_nvts_data->details == 0)
                 || ((get_nvts_data->config_id == NULL)
                     && (get_nvts_data->preferences_config_id == NULL)))
-                && get_nvts_data->timeout)
+               && get_nvts_data->timeout)
         SEND_TO_CLIENT_OR_FAIL
          (XML_ERROR_SYNTAX ("get_nvts",
                             "The timeout attribute"
                             " requires the details and config_id"
                             " attributes"));
       else if (get_nvts_data->nvt_oid
-                && find_nvt (get_nvts_data->nvt_oid, &nvt))
+               && find_nvt (get_nvts_data->nvt_oid, &nvt))
         SEND_TO_CLIENT_OR_FAIL
           (XML_INTERNAL_ERROR ("get_nvts"));
       else if (get_nvts_data->nvt_oid && nvt == 0)
@@ -13846,15 +13846,15 @@ handle_get_nvts (gmp_parser_t *gmp_parser, GError **error)
             }
         }
       else if (get_nvts_data->config_id
-                && get_nvts_data->preferences_config_id)
+               && get_nvts_data->preferences_config_id)
         SEND_TO_CLIENT_OR_FAIL
          (XML_ERROR_SYNTAX ("get_nvts",
                             "config_id and"
                             " preferences_config_id both given"));
       else if (get_nvts_data->config_id
-                && find_config_with_permission (get_nvts_data->config_id,
-                                                &config,
-                                                NULL))
+               && find_config_with_permission (get_nvts_data->config_id,
+                                               &config,
+                                               NULL))
         SEND_TO_CLIENT_OR_FAIL
           (XML_INTERNAL_ERROR ("get_nvts"));
       else if (get_nvts_data->config_id && (config == 0))
@@ -13868,19 +13868,19 @@ handle_get_nvts (gmp_parser_t *gmp_parser, GError **error)
             }
         }
       else if (get_nvts_data->preferences_config_id
-                && find_config_with_permission
+               && find_config_with_permission
                     (get_nvts_data->preferences_config_id,
-                    &preferences_config,
-                    NULL))
+                     &preferences_config,
+                     NULL))
         SEND_TO_CLIENT_OR_FAIL
           (XML_INTERNAL_ERROR ("get_nvts"));
       else if (get_nvts_data->preferences_config_id
-                && (preferences_config == 0))
+               && (preferences_config == 0))
         {
           if (send_find_error_to_client
                 ("get_nvts", "config",
-                get_nvts_data->preferences_config_id,
-                gmp_parser))
+                 get_nvts_data->preferences_config_id,
+                 gmp_parser))
             {
               error_send_to_client (error);
               return;
@@ -13896,16 +13896,16 @@ handle_get_nvts (gmp_parser_t *gmp_parser, GError **error)
             " status_text=\"" STATUS_OK_TEXT "\">");
 
           init_nvt_iterator (&nvts,
-                              nvt,
-                              get_nvts_data->nvt_oid
-                              /* Presume the NVT is in the config (if
-                                * a config was given). */
-                              ? 0
-                              : config,
-                              get_nvts_data->family,
-                              NULL,
-                              get_nvts_data->sort_order,
-                              get_nvts_data->sort_field);
+                             nvt,
+                             get_nvts_data->nvt_oid
+                             /* Presume the NVT is in the config (if
+                              * a config was given). */
+                             ? 0
+                             : config,
+                             get_nvts_data->family,
+                             NULL,
+                             get_nvts_data->sort_order,
+                             get_nvts_data->sort_field);
           if (preferences_config)
             config = preferences_config;
           if (get_nvts_data->details)
@@ -13921,7 +13921,7 @@ handle_get_nvts (gmp_parser_t *gmp_parser, GError **error)
                 if (get_nvts_data->preferences && (timeout == NULL))
                   timeout = config_nvt_timeout
                               (config,
-                              nvt_iterator_oid (&nvts));
+                               nvt_iterator_oid (&nvts));
 
                 if (get_nvts_data->preference_count)
                   {

From ff50da4847113f96e456042d6f5aaf414bc5ffb1 Mon Sep 17 00:00:00 2001
From: Matt Mundell <matt@mundell.me>
Date: Thu, 25 Jul 2024 00:08:15 +0200
Subject: [PATCH 061/134] GMP doc: add HR_NAME to PREFERENCE in GET_NVTS

---
 src/schema_formats/XML/GMP.xml.in | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/schema_formats/XML/GMP.xml.in b/src/schema_formats/XML/GMP.xml.in
index 44fb9e906..357599d87 100644
--- a/src/schema_formats/XML/GMP.xml.in
+++ b/src/schema_formats/XML/GMP.xml.in
@@ -14618,6 +14618,7 @@ END:VCALENDAR
             <pattern>
               <e>nvt</e>
               <e>name</e>
+              <e>hr_name</e>
               <e>id</e>
               <e>type</e>
               <e>value</e>
@@ -14646,6 +14647,11 @@ END:VCALENDAR
               <summary>The name of the preference</summary>
               <pattern>text</pattern>
             </ele>
+            <ele>
+              <name>hr_name</name>
+              <summary>The human readable name of the preference</summary>
+              <pattern><t>name</t></pattern>
+            </ele>
             <ele>
               <name>id</name>
               <summary>The ID of the preference</summary>

From 26af2722d9e0179f062734400b2b64c7b9ee9c32 Mon Sep 17 00:00:00 2001
From: Matt Mundell <matt@mundell.me>
Date: Thu, 25 Jul 2024 00:18:03 +0200
Subject: [PATCH 062/134] GMP doc: GET_NVTS: move category list into response

---
 src/schema_formats/XML/GMP.xml.in | 35 ++++++++++++++++++++++++++-----
 1 file changed, 30 insertions(+), 5 deletions(-)

diff --git a/src/schema_formats/XML/GMP.xml.in b/src/schema_formats/XML/GMP.xml.in
index 357599d87..f81eaa5f0 100644
--- a/src/schema_formats/XML/GMP.xml.in
+++ b/src/schema_formats/XML/GMP.xml.in
@@ -14200,10 +14200,6 @@ END:VCALENDAR
         NVT information.  If the manager cannot access a list of available
         NVTs at that time, it will reply with the 503 response.
       </p>
-      <p>
-        NVT categories: 0 init, 1 scanner, 2 settings, 3 infos, 4 attack, 5 mixed,
-        6 destructive attack, 7 denial, 8 kill host, 9 flood, 10 end, and 11 unknown.
-      </p>
     </description>
     <pattern>
       <attrib>
@@ -14324,7 +14320,36 @@ END:VCALENDAR
         <ele>
           <name>category</name>
           <summary>The category of the NVT</summary>
-          <pattern><t>integer</t></pattern>
+          <description>
+            <p>0: init</p>
+            <p>1: scanner</p>
+            <p>2: settings</p>
+            <p>3: infos</p>
+            <p>4: attack</p>
+            <p>5: mixed</p>
+            <p>6: destructive attack</p>
+            <p>7: denial</p>
+            <p>8: kill host</p>
+            <p>9: flood</p>
+            <p>10: end</p>
+            <p>11: unknown</p>
+          </description>
+          <pattern>
+            <alts>
+              <alt>0</alt>
+              <alt>1</alt>
+              <alt>2</alt>
+              <alt>3</alt>
+              <alt>4</alt>
+              <alt>5</alt>
+              <alt>6</alt>
+              <alt>7</alt>
+              <alt>8</alt>
+              <alt>9</alt>
+              <alt>10</alt>
+              <alt>11</alt>
+            </alts>
+          </pattern>
         </ele>
         <ele>
           <name>creation_time</name>

From eb43e211f1edf18641271b92031a7664e74be775 Mon Sep 17 00:00:00 2001
From: Matt Mundell <matt@mundell.me>
Date: Thu, 25 Jul 2024 00:24:36 +0200
Subject: [PATCH 063/134] GMP doc: GET_NVTS: remove SUMMARY

---
 src/schema_formats/XML/GMP.xml.in | 7 -------
 1 file changed, 7 deletions(-)

diff --git a/src/schema_formats/XML/GMP.xml.in b/src/schema_formats/XML/GMP.xml.in
index f81eaa5f0..53d71da2b 100644
--- a/src/schema_formats/XML/GMP.xml.in
+++ b/src/schema_formats/XML/GMP.xml.in
@@ -14296,7 +14296,6 @@ END:VCALENDAR
               <e>creation_time</e>
               <e>modification_time</e>
               <e>category</e>
-              <e>summary</e>
               <e>family</e>
               <e>cvss_base</e>
               <e>severities</e>
@@ -14407,11 +14406,6 @@ END:VCALENDAR
             </ele>
           </ele>
         </ele>
-        <ele>
-          <name>summary</name>
-          <summary>Short description of the NVT</summary>
-          <pattern>text</pattern>
-        </ele>
         <ele>
           <name>family</name>
           <summary>Name of the family the NVT belongs to</summary>
@@ -14719,7 +14713,6 @@ END:VCALENDAR
             <creation_time>2011-01-14T10:12:23+01:00</creation_time>
             <modification_time>2012-09-19T20:56:15+02:00</modification_time>
             <category>3</category>
-            <summary>Find what is listening on which port</summary>
             <family>Service detection</family>
             <cvss_base></cvss_base>
             <severities score="0"/>

From 7ef7d13d849d4b510f5925db52fae87eb4b0c1bd Mon Sep 17 00:00:00 2001
From: Matt Mundell <matt@mundell.me>
Date: Wed, 21 Aug 2024 17:38:16 +0200
Subject: [PATCH 064/134] GMP doc: GET_REPORT_CONFIGS: remove ALERTS

This is a copy paste error from GET_REPORT_FORMATS.
GET_REPORT_CONFIGS does not send ALERTS.
---
 src/schema_formats/XML/GMP.xml.in | 31 -------------------------------
 1 file changed, 31 deletions(-)

diff --git a/src/schema_formats/XML/GMP.xml.in b/src/schema_formats/XML/GMP.xml.in
index 53d71da2b..4c660adfd 100644
--- a/src/schema_formats/XML/GMP.xml.in
+++ b/src/schema_formats/XML/GMP.xml.in
@@ -16519,7 +16519,6 @@ END:VCALENDAR
           <o><e>user_tags</e></o>
           <e>report_format</e>
           <o><e>orphan</e></o>
-          <o><e>alerts</e></o>
           <any><e>param</e></any>
         </pattern>
         <ele>
@@ -16659,36 +16658,6 @@ END:VCALENDAR
             <t>boolean</t>
           </pattern>
         </ele>
-        <ele>
-          <name>alerts</name>
-          <summary>Alerts using the report config</summary>
-          <pattern>
-            <any><e>alert</e></any>
-          </pattern>
-          <ele>
-            <name>alert</name>
-            <pattern>
-              <attrib>
-                <name>id</name>
-                <type>uuid</type>
-                <summary>UUID of the alert</summary>
-                <required>1</required>
-              </attrib>
-              <e>name</e>
-              <o><e>permissions</e></o>
-            </pattern>
-            <ele>
-              <name>name</name>
-              <summary>Name of the alert</summary>
-              <pattern><t>name</t></pattern>
-            </ele>
-            <ele>
-              <name>permissions</name>
-              <summary>Permissions the user has on the alert</summary>
-              <pattern></pattern>
-            </ele>
-          </ele>
-        </ele>
         <ele>
           <name>param</name>
           <pattern>

From f5a194e0a4c55405587404a3250e30be366f7a98 Mon Sep 17 00:00:00 2001
From: Matt Mundell <matt@mundell.me>
Date: Wed, 21 Aug 2024 17:43:01 +0200
Subject: [PATCH 065/134] GMP doc: GET_REPORT_CONFIGS: move OPTIONS to right
 level

---
 src/schema_formats/XML/GMP.xml.in | 22 +++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/src/schema_formats/XML/GMP.xml.in b/src/schema_formats/XML/GMP.xml.in
index 4c660adfd..fc96ee67e 100644
--- a/src/schema_formats/XML/GMP.xml.in
+++ b/src/schema_formats/XML/GMP.xml.in
@@ -16665,6 +16665,7 @@ END:VCALENDAR
             <e>type</e>
             <e>value</e>
             <e>default</e>
+            <o><e>options</e></o>
           </pattern>
           <ele>
             <name>name</name>
@@ -16677,7 +16678,6 @@ END:VCALENDAR
             <pattern>
               <o><e>min</e></o>
               <o><e>max</e></o>
-              <o><e>options</e></o>
               <alts>
                 <alt>boolean</alt>
                 <alt>integer</alt>
@@ -16698,16 +16698,6 @@ END:VCALENDAR
               <summary>Maximum</summary>
               <pattern>text</pattern>
             </ele>
-            <ele>
-              <name>options</name>
-              <summary>Selection options</summary>
-              <pattern><any><e>option</e></any></pattern>
-              <ele>
-                <name>option</name>
-                <summary>Option value</summary>
-                <pattern>text</pattern>
-              </ele>
-            </ele>
           </ele>
           <ele>
             <name>value</name>
@@ -16738,6 +16728,16 @@ END:VCALENDAR
             <summary>The fallback value of the param</summary>
             <pattern>text</pattern>
           </ele>
+          <ele>
+            <name>options</name>
+            <summary>Selection options</summary>
+            <pattern><any><e>option</e></any></pattern>
+            <ele>
+              <name>option</name>
+              <summary>Option value</summary>
+              <pattern>text</pattern>
+            </ele>
+          </ele>
         </ele>
         <ele>
           <name>file</name>

From 9b2b090d7a6bb99281bea06345b651c631ea4260 Mon Sep 17 00:00:00 2001
From: Matt Mundell <matt@mundell.me>
Date: Wed, 21 Aug 2024 21:28:42 +0200
Subject: [PATCH 066/134] GMP doc: GET_REPORT_CONFIGS: add REPORT_FORMAT to
 DEFAULT

---
 src/schema_formats/XML/GMP.xml.in | 22 +++++++++++++++++++++-
 1 file changed, 21 insertions(+), 1 deletion(-)

diff --git a/src/schema_formats/XML/GMP.xml.in b/src/schema_formats/XML/GMP.xml.in
index fc96ee67e..dda911239 100644
--- a/src/schema_formats/XML/GMP.xml.in
+++ b/src/schema_formats/XML/GMP.xml.in
@@ -16726,7 +16726,27 @@ END:VCALENDAR
           <ele>
             <name>default</name>
             <summary>The fallback value of the param</summary>
-            <pattern>text</pattern>
+            <pattern>
+              text
+              <any><e>report_format</e></any>
+            </pattern>
+            <ele>
+              <name>report_format</name>
+              <summary>Report format info if type is report_format_list</summary>
+              <pattern>
+                <attrib>
+                  <name>id</name>
+                  <type>uuid</type>
+                  <required>1</required>
+                </attrib>
+                <e>name</e>
+              </pattern>
+              <ele>
+                <name>name</name>
+                <summary>Name of the report format if available</summary>
+                <pattern>text</pattern>
+              </ele>
+            </ele>
           </ele>
           <ele>
             <name>options</name>

From 2f693a48875e3d677abfcf8b8eff64bcaaee5962 Mon Sep 17 00:00:00 2001
From: Matt Mundell <matt@mundell.me>
Date: Wed, 21 Aug 2024 21:32:48 +0200
Subject: [PATCH 067/134] GMP doc: GET_REPORT_CONFIGS: add attrib using_default
 to VALUE

---
 src/schema_formats/XML/GMP.xml.in | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/schema_formats/XML/GMP.xml.in b/src/schema_formats/XML/GMP.xml.in
index dda911239..1db7d847d 100644
--- a/src/schema_formats/XML/GMP.xml.in
+++ b/src/schema_formats/XML/GMP.xml.in
@@ -16703,6 +16703,12 @@ END:VCALENDAR
             <name>value</name>
             <summary>The value of the param</summary>
             <pattern>
+              <attrib>
+                <name>using_default</name>
+                <summary>Whether this is the default value</summary>
+                <type>boolean</type>
+                <required>1</required>
+              </attrib>
               <any><e>report_format</e></any>
             </pattern>
             <ele>

From 13db38a035ebf0e33eecd688d75ed682ed811f5b Mon Sep 17 00:00:00 2001
From: Matt Mundell <matt@mundell.me>
Date: Mon, 26 Aug 2024 19:53:14 +0200
Subject: [PATCH 068/134] GMP doc: GET_REPORT_FORMATS: remove PERMISSIONS

---
 src/schema_formats/XML/GMP.xml.in | 12 ------------
 1 file changed, 12 deletions(-)

diff --git a/src/schema_formats/XML/GMP.xml.in b/src/schema_formats/XML/GMP.xml.in
index 1db7d847d..901b69927 100644
--- a/src/schema_formats/XML/GMP.xml.in
+++ b/src/schema_formats/XML/GMP.xml.in
@@ -17293,18 +17293,12 @@ END:VCALENDAR
                 <required>1</required>
               </attrib>
               <e>name</e>
-              <o><e>permissions</e></o>
             </pattern>
             <ele>
               <name>name</name>
               <summary>Name of the alert</summary>
               <pattern><t>name</t></pattern>
             </ele>
-            <ele>
-              <name>permissions</name>
-              <summary>Permissions the user has on the permission</summary>
-              <pattern></pattern>
-            </ele>
           </ele>
         </ele>
         <ele>
@@ -17328,18 +17322,12 @@ END:VCALENDAR
                 <required>1</required>
               </attrib>
               <e>name</e>
-              <o><e>permissions</e></o>
             </pattern>
             <ele>
               <name>name</name>
               <summary>Name of the report config</summary>
               <pattern><t>name</t></pattern>
             </ele>
-            <ele>
-              <name>permissions</name>
-              <summary>Permissions the user has on the report config</summary>
-              <pattern></pattern>
-            </ele>
           </ele>
         </ele>
         <ele>

From 59cc3cf1dbf434ff50b226ab3cabd113d1858510 Mon Sep 17 00:00:00 2001
From: Matt Mundell <matt@mundell.me>
Date: Tue, 20 Aug 2024 22:40:04 +0200
Subject: [PATCH 069/134] GMP doc: GET_REPORTS: remove stray FILTER elements

---
 src/schema_formats/XML/GMP.xml.in | 58 -------------------------------
 1 file changed, 58 deletions(-)

diff --git a/src/schema_formats/XML/GMP.xml.in b/src/schema_formats/XML/GMP.xml.in
index 901b69927..91860510f 100644
--- a/src/schema_formats/XML/GMP.xml.in
+++ b/src/schema_formats/XML/GMP.xml.in
@@ -18269,9 +18269,6 @@ END:VCALENDAR
           </attrib>
           <e>term</e>
           <o><e>name</e></o>
-          <any><e>filter</e></any>
-          <o><e>host</e></o>
-          <o><e>delta</e></o>
           <e>keywords</e>
         </pattern>
         <ele>
@@ -18284,61 +18281,6 @@ END:VCALENDAR
           <summary>Filter name, if applicable</summary>
           <pattern>text</pattern>
         </ele>
-        <ele>
-          <name>filter</name>
-          <summary>A severity level that is included in the report</summary>
-          <pattern>
-            <alts>
-              <alt>High</alt>
-              <alt>Medium</alt>
-              <alt>Low</alt>
-              <alt>Log</alt>
-            </alts>
-          </pattern>
-        </ele>
-        <ele>
-          <name>host</name>
-          <summary>Single host selected for delta report</summary>
-          <pattern>
-            <e>ip</e>
-          </pattern>
-          <ele>
-            <name>ip</name>
-            <summary>IP address of the host</summary>
-            <pattern>text</pattern>
-          </ele>
-        </ele>
-        <ele>
-          <name>delta</name>
-          <summary>Delta states</summary>
-          <pattern>
-            text
-            <e>changed</e>
-            <e>gone</e>
-            <e>new</e>
-            <e>same</e>
-          </pattern>
-          <ele>
-            <name>changed</name>
-            <summary>Whether changed results are included</summary>
-            <pattern><t>boolean</t></pattern>
-          </ele>
-          <ele>
-            <name>gone</name>
-            <summary>Whether results that have vanished are included</summary>
-            <pattern><t>boolean</t></pattern>
-          </ele>
-          <ele>
-            <name>new</name>
-            <summary>Whether new results are included</summary>
-            <pattern><t>boolean</t></pattern>
-          </ele>
-          <ele>
-            <name>same</name>
-            <summary>Whether results that are equal are included</summary>
-            <pattern><t>boolean</t></pattern>
-          </ele>
-        </ele>
         <ele>
           <name>keywords</name>
           <summary>Filter broken down into keywords</summary>

From 4ce59dab9f38e36f09f260cd5431ffd25c6dbb4c Mon Sep 17 00:00:00 2001
From: Ahmed Abdelsalam <ahmed.abdelsalam@greenbone.net>
Date: Fri, 6 Sep 2024 16:48:19 +0200
Subject: [PATCH 070/134] Fix: Add missing log domain for ipc

---
 src/ipc.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/ipc.c b/src/ipc.c
index d22cca937..c87f84f3d 100644
--- a/src/ipc.c
+++ b/src/ipc.c
@@ -34,6 +34,11 @@
 #include "ipc.h"
 #include "manage.h"
 
+#undef G_LOG_DOMAIN
+/**
+ * @brief GLib log domain.
+ */
+#define G_LOG_DOMAIN "md   main"
 
 /**
  * @brief System V semaphore set key for gvmd actions.

From 218c8c782f64da9c8243d14728d4efde3a1ad1de Mon Sep 17 00:00:00 2001
From: Greenbone Bot <github-bot@greenbone.net>
Date: Wed, 11 Sep 2024 09:00:14 +0000
Subject: [PATCH 071/134] Automatic release to 23.10.0

---
 CMakeLists.txt | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 8aa2c55a9..c093380da 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -20,7 +20,7 @@ cmake_minimum_required (VERSION 3.0)
 message ("-- Configuring Greenbone Vulnerability Manager...")
 
 project (gvm
-         VERSION 23.9.1
+         VERSION 23.10.0
          LANGUAGES C)
 
 if (POLICY CMP0005)
@@ -58,7 +58,7 @@ endif (NOT CMAKE_BUILD_TYPE MATCHES "Release")
 
 # Set dev version if this is a development version and not a full release,
 # unset (put value 0 or delete line) before a full release and reset after.
-set (PROJECT_DEV_VERSION 1)
+set (PROJECT_DEV_VERSION 0)
 
 # If PROJECT_DEV_VERSION is set, the version string will be set to:
 #   "major.minor.patch~dev${PROJECT_DEV_VERSION}${GIT_REVISION}"

From 16c0a972dc91f9c6ff784161a65dbe8f547f5277 Mon Sep 17 00:00:00 2001
From: Greenbone Bot <github-bot@greenbone.net>
Date: Wed, 11 Sep 2024 09:00:15 +0000
Subject: [PATCH 072/134] Automatic adjustments after release [skip ci]

* Update to version 23.10.1-dev1
---
 CMakeLists.txt | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index c093380da..f646ba2a4 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -20,7 +20,7 @@ cmake_minimum_required (VERSION 3.0)
 message ("-- Configuring Greenbone Vulnerability Manager...")
 
 project (gvm
-         VERSION 23.10.0
+         VERSION 23.10.1
          LANGUAGES C)
 
 if (POLICY CMP0005)
@@ -58,7 +58,7 @@ endif (NOT CMAKE_BUILD_TYPE MATCHES "Release")
 
 # Set dev version if this is a development version and not a full release,
 # unset (put value 0 or delete line) before a full release and reset after.
-set (PROJECT_DEV_VERSION 0)
+set (PROJECT_DEV_VERSION 1)
 
 # If PROJECT_DEV_VERSION is set, the version string will be set to:
 #   "major.minor.patch~dev${PROJECT_DEV_VERSION}${GIT_REVISION}"

From 360f50ef6e33cd24b64ac8437b058c1a98740a52 Mon Sep 17 00:00:00 2001
From: Johannes Helmold <johannes.helmold@greenbone.net>
Date: Mon, 16 Sep 2024 17:34:26 +0200
Subject: [PATCH 073/134] Raised version of libgvm_util.

---
 src/CMakeLists.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
index 2f27baf66..f54365cd5 100644
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@@ -28,7 +28,7 @@ find_package (Threads)
 
 pkg_check_modules (CJSON REQUIRED libcjson>=1.7.14)
 pkg_check_modules (LIBGVM_BASE REQUIRED libgvm_base>=22.10)
-pkg_check_modules (LIBGVM_UTIL REQUIRED libgvm_util>=22.10)
+pkg_check_modules (LIBGVM_UTIL REQUIRED libgvm_util>=22.10.1)
 pkg_check_modules (LIBGVM_OSP REQUIRED libgvm_osp>=22.10)
 pkg_check_modules (LIBGVM_GMP REQUIRED libgvm_gmp>=22.10)
 pkg_check_modules (GNUTLS REQUIRED gnutls>=3.2.15)

From d3e931d536b59e5e7d92e887b16a8a8c81019880 Mon Sep 17 00:00:00 2001
From: Johannes Helmold <johannes.helmold@greenbone.net>
Date: Mon, 16 Sep 2024 17:41:21 +0200
Subject: [PATCH 074/134] Raised version of libgvm_util.

---
 src/CMakeLists.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
index 1dab19b7d..74a57fec9 100644
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@@ -28,7 +28,7 @@ find_package (Threads)
 
 pkg_check_modules (CJSON REQUIRED libcjson>=1.7.14)
 pkg_check_modules (LIBGVM_BASE REQUIRED libgvm_base>=22.10)
-pkg_check_modules (LIBGVM_UTIL REQUIRED libgvm_util>=22.10.1)
+pkg_check_modules (LIBGVM_UTIL REQUIRED libgvm_util>=22.12)
 pkg_check_modules (LIBGVM_OSP REQUIRED libgvm_osp>=22.10)
 pkg_check_modules (LIBGVM_GMP REQUIRED libgvm_gmp>=22.10)
 pkg_check_modules (GNUTLS REQUIRED gnutls>=3.2.15)

From 9e82c6a7da76262f16f83c97a480bfcb4dd705bc Mon Sep 17 00:00:00 2001
From: Johannes Helmold <johannes.helmold@greenbone.net>
Date: Tue, 17 Sep 2024 09:17:19 +0200
Subject: [PATCH 075/134] Raised version of libgvm release.

---
 src/CMakeLists.txt | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
index 74a57fec9..d5e8c79c0 100644
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@@ -27,10 +27,10 @@ find_package (Threads)
 ## might occur.
 
 pkg_check_modules (CJSON REQUIRED libcjson>=1.7.14)
-pkg_check_modules (LIBGVM_BASE REQUIRED libgvm_base>=22.10)
+pkg_check_modules (LIBGVM_BASE REQUIRED libgvm_base>=22.12)
 pkg_check_modules (LIBGVM_UTIL REQUIRED libgvm_util>=22.12)
-pkg_check_modules (LIBGVM_OSP REQUIRED libgvm_osp>=22.10)
-pkg_check_modules (LIBGVM_GMP REQUIRED libgvm_gmp>=22.10)
+pkg_check_modules (LIBGVM_OSP REQUIRED libgvm_osp>=22.12)
+pkg_check_modules (LIBGVM_GMP REQUIRED libgvm_gmp>=22.12)
 pkg_check_modules (GNUTLS REQUIRED gnutls>=3.2.15)
 pkg_check_modules (GLIB REQUIRED glib-2.0>=2.42)
 pkg_check_modules (LIBBSD REQUIRED libbsd)

From 00228d69e4439b0d04dade1bd5b0bf74ac3e8ecd Mon Sep 17 00:00:00 2001
From: Johannes Helmold <johannes.helmold@greenbone.net>
Date: Wed, 18 Sep 2024 16:11:51 +0200
Subject: [PATCH 076/134] Some amendments.

---
 src/manage_sql_secinfo.c | 64 ++++++++++++++++++++++------------------
 1 file changed, 36 insertions(+), 28 deletions(-)

diff --git a/src/manage_sql_secinfo.c b/src/manage_sql_secinfo.c
index c043f73ff..af08792c2 100644
--- a/src/manage_sql_secinfo.c
+++ b/src/manage_sql_secinfo.c
@@ -2712,19 +2712,15 @@ json_object_item_double (cJSON *object, char *key, double fallback)
 static int
 save_node (long int parent_id, long int cve_id, char * operator)
 {
-  long int id;
-
-  id = sql_int64_0
-         ("INSERT INTO scap2.cpe_match_nodes"
-          " (parent_id, cve_id, operator)"
-          " VALUES"
-          " (%i, %i, '%s')"
-          " RETURNING scap2.cpe_match_nodes.id;",
-          parent_id,
-          cve_id,
-          operator);
-
-  return id;
+  return sql_int64_0
+           ("INSERT INTO scap2.cpe_match_nodes"
+            " (parent_id, cve_id, operator)"
+            " VALUES"
+            " (%i, %i, '%s')"
+            " RETURNING scap2.cpe_match_nodes.id;",
+            parent_id,
+            cve_id,
+            operator);
 }
 
 /**
@@ -2781,8 +2777,8 @@ add_cpe_match_rules (long int id, cJSON *match_rules)
       sql
        ("INSERT INTO scap2.cpe_match_range"
         " (node_id, vulnerable, cpe,"
-	"  version_start_incl, version_start_excl,"
-	"  version_end_incl, version_end_excl)"
+        "  version_start_incl, version_start_excl,"
+        "  version_end_incl, version_end_excl)"
         " VALUES"
         " (%ld, %d, '%s', '%s', '%s', '%s', '%s')",
         id,
@@ -2821,12 +2817,17 @@ load_nodes (long int parent_id, long int cveid, cJSON *nodes)
   cpe_match_rules = NULL;
   child_nodes = NULL;
 
+  if (nodes == NULL)
+    return;
+
   cJSON_ArrayForEach(node, nodes)
     {
       operator = cJSON_GetObjectItemCaseSensitive(node, "operator");
-      id = save_node (parent_id, cveid, operator->valuestring);
+      if (operator)
+        id = save_node (parent_id, cveid, operator->valuestring);
       cpe_match_rules = cJSON_GetObjectItemCaseSensitive(node, "cpe_match");
-      add_cpe_match_rules (id, cpe_match_rules);
+      if (cpe_match_rules)
+        add_cpe_match_rules (id, cpe_match_rules);
       child_nodes = cJSON_GetObjectItemCaseSensitive(node, "children");
       load_nodes (id, cveid, child_nodes);
     }
@@ -2847,7 +2848,7 @@ handle_json_cve_item (cJSON *item)
   cJSON *cve_data_meta_json;
 
   char *cve_id;
-  long int cve_db_id;
+  resource_t cve_db_id;
 
   cve_json = cJSON_GetObjectItemCaseSensitive(item, "cve");
   cve_data_meta_json = cJSON_GetObjectItemCaseSensitive(cve_json, "CVE_data_meta");
@@ -3028,15 +3029,15 @@ update_cve_json (const gchar *cve_path, GHashTable *hashed_cpes)
   gvm_json_pull_event_t event;
   gvm_json_pull_parser_t parser;
   gchar *full_path;
-  GStatBuf state;
   int transaction_size = 0;
-  // int ret;
 
   full_path = g_build_filename (GVM_SCAP_DATA_DIR, cve_path, NULL);
 
-  if (g_stat (full_path, &state))
+  int fd = open (full_path, O_RDONLY);
+
+  if (fd < 0)
     {
-      g_warning ("%s: Failed to stat SCAP file: %s",
+      g_warning ("%s: Failed to open CVE file: %s",
                  __func__,
                  strerror (errno));
       g_free (full_path);
@@ -3045,7 +3046,7 @@ update_cve_json (const gchar *cve_path, GHashTable *hashed_cpes)
 
   g_info ("Updating %s", full_path);
 
-  cve_file = fopen (full_path, "r");
+  cve_file = fdopen (fd, "r");
   if (cve_file == NULL)
     {
       g_warning ("%s: Failed to open CVE file: %s",
@@ -3067,9 +3068,9 @@ update_cve_json (const gchar *cve_path, GHashTable *hashed_cpes)
       while (!cve_items_found)
         {
           gvm_json_pull_parser_next (&parser, &event);
-	  gvm_json_path_elem_t *path_tail = g_queue_peek_tail (event.path);
-	  if (event.type == GVM_JSON_PULL_EVENT_ARRAY_START &&
-              strcmp (path_tail->key, "CVE_Items") == 0)
+          gvm_json_path_elem_t *path_tail = g_queue_peek_tail (event.path);
+          if (event.type == GVM_JSON_PULL_EVENT_ARRAY_START && path_tail &&
+              path_tail->key && strcmp (path_tail->key, "CVE_Items") == 0)
             {
               cve_items_found = TRUE;
             }
@@ -3091,6 +3092,7 @@ update_cve_json (const gchar *cve_path, GHashTable *hashed_cpes)
             }
         }
       gvm_json_pull_parser_next (&parser, &event);
+      sql_begin_immediate ();
       while (event.type == GVM_JSON_PULL_EVENT_OBJECT_START)
         {
           entry = gvm_json_pull_expand_container (&parser, &error_message);
@@ -3099,19 +3101,25 @@ update_cve_json (const gchar *cve_path, GHashTable *hashed_cpes)
               g_warning ("%s: Error expanding CVE item: %s", __func__, error_message);
               gvm_json_pull_event_cleanup (&event);
               gvm_json_pull_parser_cleanup (&parser);
+              cJSON_Delete (entry);
               fclose (cve_file);
+              sql_commit ();
               return -1;
             }
           if (handle_json_cve_item (entry))
             {
               gvm_json_pull_event_cleanup (&event);
               gvm_json_pull_parser_cleanup (&parser);
+              cJSON_Delete (entry);
               fclose (cve_file);
+              sql_commit ();
               return -1;
             }
           increment_transaction_size (&transaction_size);
+          cJSON_Delete (entry);
           gvm_json_pull_parser_next (&parser, &event);
-	}
+        }
+      sql_commit ();
     }
   else if (event.type == GVM_JSON_PULL_EVENT_ERROR)
     {
@@ -3286,7 +3294,7 @@ update_scap_cves ()
             }
           count++;
         }
-      if (fnmatch ("nvdcve-2.0-*.xml", cve_path, 0) == 0)
+      else if (fnmatch ("nvdcve-2.0-*.xml", cve_path, 0) == 0)
         {
           if (update_cve_xml (cve_path, hashed_cpes))
             {

From 0b94d1b0136c7fbff855bc68e7c0633ca79e0ba4 Mon Sep 17 00:00:00 2001
From: Johannes Helmold <johannes.helmold@greenbone.net>
Date: Wed, 18 Sep 2024 18:04:53 +0200
Subject: [PATCH 077/134] Some further amendments.

---
 src/manage_sql_secinfo.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/manage_sql_secinfo.c b/src/manage_sql_secinfo.c
index af08792c2..e7db58691 100644
--- a/src/manage_sql_secinfo.c
+++ b/src/manage_sql_secinfo.c
@@ -2709,8 +2709,8 @@ json_object_item_double (cJSON *object, char *key, double fallback)
  *
  * @return The (database) id of the node.
  */
-static int
-save_node (long int parent_id, long int cve_id, char * operator)
+static resource_t
+save_node (resource_t parent_id, resource_t cve_id, char *operator)
 {
   return sql_int64_0
            ("INSERT INTO scap2.cpe_match_nodes"
@@ -2803,7 +2803,7 @@ add_cpe_match_rules (long int id, cJSON *match_rules)
  *                        specific tree level.
  */
 static void
-load_nodes (long int parent_id, long int cveid, cJSON *nodes)
+load_nodes (resource_t parent_id, resource_t cveid, cJSON *nodes)
 {
   cJSON *node;
   long int id;

From 78a45e365fa3e016b4d687bce3b350bd4da0fe89 Mon Sep 17 00:00:00 2001
From: Johannes Helmold <johannes.helmold@greenbone.net>
Date: Thu, 19 Sep 2024 10:57:04 +0200
Subject: [PATCH 078/134] Added some necessary amendments.

---
 src/manage_sql_secinfo.c | 25 ++++++++++++++++++-------
 1 file changed, 18 insertions(+), 7 deletions(-)

diff --git a/src/manage_sql_secinfo.c b/src/manage_sql_secinfo.c
index e7db58691..d189d83bb 100644
--- a/src/manage_sql_secinfo.c
+++ b/src/manage_sql_secinfo.c
@@ -2716,7 +2716,7 @@ save_node (resource_t parent_id, resource_t cve_id, char *operator)
            ("INSERT INTO scap2.cpe_match_nodes"
             " (parent_id, cve_id, operator)"
             " VALUES"
-            " (%i, %i, '%s')"
+            " (%llu, %llu, '%s')"
             " RETURNING scap2.cpe_match_nodes.id;",
             parent_id,
             cve_id,
@@ -2730,7 +2730,7 @@ save_node (resource_t parent_id, resource_t cve_id, char *operator)
  * @param[in]  match_rules  The JSON object that contains the rules.
  */
 static void
-add_cpe_match_rules (long int id, cJSON *match_rules)
+add_cpe_match_rules (result_t id, cJSON *match_rules)
 {
   cJSON *match_rule;
   cJSON *ver_se;
@@ -2780,10 +2780,10 @@ add_cpe_match_rules (long int id, cJSON *match_rules)
         "  version_start_incl, version_start_excl,"
         "  version_end_incl, version_end_excl)"
         " VALUES"
-        " (%ld, %d, '%s', '%s', '%s', '%s', '%s')",
+        " (%llu, %d, '%s', '%s', '%s', '%s', '%s')",
         id,
         vulnerable ? 1 : 0,
-	quoted_cpe,
+        quoted_cpe,
         version_start_incl,
         version_start_excl,
         version_end_incl,
@@ -2806,7 +2806,7 @@ static void
 load_nodes (resource_t parent_id, resource_t cveid, cJSON *nodes)
 {
   cJSON *node;
-  long int id;
+  resource_t id;
   cJSON *operator;
   cJSON *cpe_match_rules;
   cJSON *child_nodes;
@@ -3280,10 +3280,21 @@ update_scap_cves ()
                          (gpointer*) g_strdup (iterator_string (&cpes, 0)),
                          GINT_TO_POINTER (iterator_int (&cpes, 1)));
 
-  count = 0;
+  gboolean read_json = FALSE;
   while ((cve_path = g_dir_read_name (dir)))
     {
       if (fnmatch ("nvdcve-1.1-*.json", cve_path, 0) == 0)
+        {
+          read_json = TRUE;
+          break;
+        }
+    }
+  g_dir_rewind (dir);
+
+  count = 0;
+  while ((cve_path = g_dir_read_name (dir)))
+    {
+      if ((fnmatch ("nvdcve-1.1-*.json", cve_path, 0) == 0) && read_json)
         {
           if (update_cve_json (cve_path, hashed_cpes))
             {
@@ -3294,7 +3305,7 @@ update_scap_cves ()
             }
           count++;
         }
-      else if (fnmatch ("nvdcve-2.0-*.xml", cve_path, 0) == 0)
+      else if ((fnmatch ("nvdcve-2.0-*.xml", cve_path, 0) == 0) && !read_json)
         {
           if (update_cve_xml (cve_path, hashed_cpes))
             {

From 2406b534a86e4932681a51e99cce4583dd20dee3 Mon Sep 17 00:00:00 2001
From: Ahmed Abdelsalam <ahmed.abdelsalam@greenbone.net>
Date: Tue, 17 Sep 2024 17:23:29 +0200
Subject: [PATCH 079/134] Change: Use JSON streaming parser for EPSS

---
 src/manage_sql_secinfo.c | 180 +++++++++++++++++++++++++--------------
 1 file changed, 117 insertions(+), 63 deletions(-)

diff --git a/src/manage_sql_secinfo.c b/src/manage_sql_secinfo.c
index d189d83bb..0170c3da0 100644
--- a/src/manage_sql_secinfo.c
+++ b/src/manage_sql_secinfo.c
@@ -3371,20 +3371,23 @@ if (failure_condition) {                                          \
 static int
 update_epss_scores ()
 {
-  GError *error = NULL;
+  GStatBuf state;
   gchar *current_json_path;
-  gchar *file_contents = NULL; 
-  cJSON *parsed, *epss_scores_list, *list_item;
+  gchar *error_message = NULL;
+  FILE *epss_scores_file;
+  cJSON *epss_entry;
+  gvm_json_pull_event_t event;
+  gvm_json_pull_parser_t parser;
+  gvm_json_path_elem_t *path_tail = NULL;
   inserts_t inserts;
 
   current_json_path = g_build_filename (GVM_SCAP_DATA_DIR,
                                         "epss-scores-current.json",
                                         NULL);
-
-  if (! g_file_get_contents (current_json_path, &file_contents, NULL, &error))
+  if (g_stat (current_json_path, &state))
     {
       int ret;
-      if (error->code == G_FILE_ERROR_NOENT)
+      if (errno == ENOENT)
         {
           g_info ("%s: EPSS scores file '%s' not found",
                   __func__, current_json_path);
@@ -3392,45 +3395,65 @@ update_epss_scores ()
         }
       else
         {
-          g_warning ("%s: Error loading EPSS scores file: %s",
-                     __func__, error->message);
+          g_warning ("%s: Failed to stat EPSS scores file: %s",
+                     __func__, strerror (errno));
           ret = -1;
         }
-      g_error_free (error);
       g_free (current_json_path);
       return ret;
     }
 
+  epss_scores_file = fopen (current_json_path, "r");
+  if (epss_scores_file == NULL)
+    {
+      g_warning ("%s: Failed to open EPSS scores file: %s",
+                 __func__,
+                 strerror (errno));
+      g_free (current_json_path);
+      return -1;
+    }
+
   g_info ("Updating EPSS scores from %s", current_json_path);
   g_free (current_json_path);
 
-  parsed = cJSON_Parse (file_contents);
-  g_free (file_contents);
+  gvm_json_pull_event_init (&event);
+  gvm_json_pull_parser_init (&parser, epss_scores_file);
 
-  if (parsed == NULL)
-    {
-      g_warning ("%s: EPSS scores file is not valid JSON", __func__);
-      return -1;
-    }
-  
-  if (! cJSON_IsObject (parsed))
-    {
-      g_warning ("%s: EPSS scores file is not a JSON object", __func__);
-      cJSON_Delete (parsed);
-      return -1;
-    }
+  gvm_json_pull_parser_next (&parser, &event);
 
-  epss_scores_list = cJSON_GetObjectItem (parsed, "epss_scores");
-  if (epss_scores_list == NULL)
+  if (event.type == GVM_JSON_PULL_EVENT_OBJECT_START)
     {
-      g_warning ("%s: Missing epss_scores field",
-                 __func__);
-      cJSON_Delete (parsed);
-      return -1;
-    }
+      gboolean epss_scores_found = FALSE;
+      while (!epss_scores_found)
+        {
+          gvm_json_pull_parser_next (&parser, &event);
+	        path_tail = g_queue_peek_tail (event.path);
+	        if (event.type == GVM_JSON_PULL_EVENT_ARRAY_START
+              && path_tail && strcmp (path_tail->key, "epss_scores") == 0)
+            {
+              epss_scores_found = TRUE;
+            }
+          else if (event.type == GVM_JSON_PULL_EVENT_ERROR)
+            {
+              g_warning ("%s: Parser error: %s", __func__, event.error_message);
+              gvm_json_pull_event_cleanup (&event);
+              gvm_json_pull_parser_cleanup (&parser);
+              fclose (epss_scores_file);
+              return -1;
+            }
+          else if (event.type == GVM_JSON_PULL_EVENT_OBJECT_END
+                   && g_queue_is_empty (event.path))
+            {
+              g_warning ("%s: Unexpected json object end. Missing epss_scores field", __func__);
+              gvm_json_pull_event_cleanup (&event);
+              gvm_json_pull_parser_cleanup (&parser);
+              fclose (epss_scores_file);
+              return -1;
+            }
+        }
 
-  sql_begin_immediate ();
-  inserts_init (&inserts,
+      sql_begin_immediate ();
+      inserts_init (&inserts,
                 EPSS_MAX_CHUNK_SIZE,
                 setting_secinfo_sql_buffer_threshold_bytes (),
                 "INSERT INTO scap2.epss_scores"
@@ -3438,54 +3461,85 @@ update_epss_scores ()
                 "  VALUES ",
                 " ON CONFLICT (cve) DO NOTHING");
 
-  cJSON_ArrayForEach (list_item, epss_scores_list)
-    {
-      cJSON *cve_json, *epss_json, *percentile_json;
-      
-      EPSS_JSON_FAIL_IF (! cJSON_IsObject (list_item),
-                         "Unexpected non-object item in EPSS scores file")
+      gvm_json_pull_parser_next (&parser, &event);
+      while (event.type == GVM_JSON_PULL_EVENT_OBJECT_START)
+        {
+          cJSON *cve_json, *epss_json, *percentile_json;
 
-      cve_json = cJSON_GetObjectItem (list_item, "cve");
-      epss_json = cJSON_GetObjectItem (list_item, "epss");
-      percentile_json = cJSON_GetObjectItem (list_item, "percentile");
+          epss_entry = gvm_json_pull_expand_container (&parser, &error_message);
 
-      EPSS_JSON_FAIL_IF (cve_json == NULL,
-                         "Item missing mandatory 'cve' field");
+          if (error_message)
+            {
+              g_warning ("%s: Error expanding EPSS item: %s", __func__, error_message);
+              g_free (error_message);
+              goto fail_insert;
+            }
 
-      EPSS_JSON_FAIL_IF (epss_json == NULL,
-                         "Item missing mandatory 'epss' field");
-      
-      EPSS_JSON_FAIL_IF (percentile_json == NULL,
-                         "Item missing mandatory 'percentile' field");
+          cve_json = cJSON_GetObjectItemCaseSensitive (epss_entry, "cve");
+          epss_json = cJSON_GetObjectItemCaseSensitive (epss_entry, "epss");
+          percentile_json = cJSON_GetObjectItemCaseSensitive (epss_entry, "percentile");
 
-      EPSS_JSON_FAIL_IF (! cJSON_IsString (cve_json),
-                         "Field 'cve' in item is not a string");
+          EPSS_JSON_FAIL_IF (cve_json == NULL,
+                            "Item missing mandatory 'cve' field");
 
-      EPSS_JSON_FAIL_IF (! cJSON_IsNumber(epss_json),
-                         "Field 'epss' in item is not a number");
-      
-      EPSS_JSON_FAIL_IF (! cJSON_IsNumber(percentile_json),
-                         "Field 'percentile' in item is not a number");
+          EPSS_JSON_FAIL_IF (epss_json == NULL,
+                            "Item missing mandatory 'epss' field");
+
+          EPSS_JSON_FAIL_IF (percentile_json == NULL,
+                            "Item missing mandatory 'percentile' field");
+
+          EPSS_JSON_FAIL_IF (! cJSON_IsString (cve_json),
+                            "Field 'cve' in item is not a string");
+
+          EPSS_JSON_FAIL_IF (! cJSON_IsNumber(epss_json),
+                            "Field 'epss' in item is not a number");
+
+          EPSS_JSON_FAIL_IF (! cJSON_IsNumber(percentile_json),
+                            "Field 'percentile' in item is not a number");
 
-      insert_epss_score_entry (&inserts,
-                               cve_json->valuestring,
-                               epss_json->valuedouble,
-                               percentile_json->valuedouble);
+          insert_epss_score_entry (&inserts,
+                                  cve_json->valuestring,
+                                  epss_json->valuedouble,
+                                  percentile_json->valuedouble);
+
+          gvm_json_pull_parser_next (&parser, &event);
+          cJSON_Delete (epss_entry);
+	      }
+    }
+  else if (event.type == GVM_JSON_PULL_EVENT_ERROR)
+    {
+      g_warning ("%s: Parser error: %s", __func__, event.error_message);
+      gvm_json_pull_event_cleanup (&event);
+      gvm_json_pull_parser_cleanup (&parser);
+      fclose (epss_scores_file);
+      return -1;
+    }
+  else
+    {
+      g_warning ("%s: EPSS scores file is not a JSON object.", __func__);
+      gvm_json_pull_event_cleanup (&event);
+      gvm_json_pull_parser_cleanup (&parser);
+      fclose (epss_scores_file);
+      return -1;
     }
 
   inserts_run (&inserts, TRUE);
   sql_commit ();
-  cJSON_Delete (parsed);
-
+  gvm_json_pull_event_cleanup (&event);
+  gvm_json_pull_parser_cleanup (&parser);
+  fclose (epss_scores_file);
   return 0;
 
 fail_insert:
   inserts_free (&inserts);
   sql_rollback ();
-  char *printed_item = cJSON_Print (list_item);
+  char *printed_item = cJSON_Print (epss_entry);
   g_message ("%s: invalid item: %s", __func__, printed_item);
+  cJSON_Delete (epss_entry);
   free (printed_item);
-  cJSON_Delete (parsed);
+  gvm_json_pull_event_cleanup (&event);
+  gvm_json_pull_parser_cleanup (&parser);
+  fclose (epss_scores_file);
   return -1;
 }
 

From 1b45c1b3e4fabd4203d611d9153ad9d3b7cc8681 Mon Sep 17 00:00:00 2001
From: Ahmed Abdelsalam <ahmed.abdelsalam@greenbone.net>
Date: Wed, 18 Sep 2024 10:36:12 +0200
Subject: [PATCH 080/134] Use open then fdopen to avoid TOCTOU code scanning
 alert.

---
 src/manage_sql_secinfo.c | 19 ++++++++++---------
 1 file changed, 10 insertions(+), 9 deletions(-)

diff --git a/src/manage_sql_secinfo.c b/src/manage_sql_secinfo.c
index 0170c3da0..a12e4f256 100644
--- a/src/manage_sql_secinfo.c
+++ b/src/manage_sql_secinfo.c
@@ -3371,20 +3371,20 @@ if (failure_condition) {                                          \
 static int
 update_epss_scores ()
 {
-  GStatBuf state;
   gchar *current_json_path;
   gchar *error_message = NULL;
   FILE *epss_scores_file;
   cJSON *epss_entry;
   gvm_json_pull_event_t event;
   gvm_json_pull_parser_t parser;
-  gvm_json_path_elem_t *path_tail = NULL;
   inserts_t inserts;
 
   current_json_path = g_build_filename (GVM_SCAP_DATA_DIR,
                                         "epss-scores-current.json",
                                         NULL);
-  if (g_stat (current_json_path, &state))
+  int fd = open(current_json_path, O_RDONLY);
+
+  if (fd < 0)
     {
       int ret;
       if (errno == ENOENT)
@@ -3395,21 +3395,22 @@ update_epss_scores ()
         }
       else
         {
-          g_warning ("%s: Failed to stat EPSS scores file: %s",
-                     __func__, strerror (errno));
+          g_warning ("%s: Failed to open EPSS scores file: %s",
+                    __func__, strerror (errno));
           ret = -1;
         }
-      g_free (current_json_path);
+        g_free (current_json_path);
       return ret;
     }
 
-  epss_scores_file = fopen (current_json_path, "r");
+  epss_scores_file = fdopen(fd, "r");
   if (epss_scores_file == NULL)
     {
-      g_warning ("%s: Failed to open EPSS scores file: %s",
+      g_warning ("%s: Failed to convert file descriptor to FILE*: %s",
                  __func__,
                  strerror (errno));
       g_free (current_json_path);
+      close(fd);
       return -1;
     }
 
@@ -3427,7 +3428,7 @@ update_epss_scores ()
       while (!epss_scores_found)
         {
           gvm_json_pull_parser_next (&parser, &event);
-	        path_tail = g_queue_peek_tail (event.path);
+	        gvm_json_path_elem_t *path_tail = g_queue_peek_tail (event.path);
 	        if (event.type == GVM_JSON_PULL_EVENT_ARRAY_START
               && path_tail && strcmp (path_tail->key, "epss_scores") == 0)
             {

From 7a018fedbb10b7f2d15dd900ab2667343382f82e Mon Sep 17 00:00:00 2001
From: Johannes Helmold <johannes.helmold@greenbone.net>
Date: Mon, 16 Sep 2024 09:13:30 +0200
Subject: [PATCH 081/134] Fix: Fixed signal when choosing an unsupported levels
 filter option.

---
 src/manage_sql.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/manage_sql.c b/src/manage_sql.c
index c90a3a882..eb5a7b429 100644
--- a/src/manage_sql.c
+++ b/src/manage_sql.c
@@ -22358,6 +22358,8 @@ where_levels_auto (const char *levels, const char *new_severity_sql)
       count++;
     }
 
+  // HIERHIERHIER
+
   if (count == 0)
     {
       g_string_free (levels_sql, TRUE);
@@ -23099,7 +23101,8 @@ results_extra_where (int trash, report_t report, const gchar* host,
   extra_where = g_strdup_printf("%s%s%s%s%s",
                                 report_clause ? report_clause : "",
                                 host_clause ? host_clause : "",
-                                levels_clause->str,
+                                (levels_clause && levels_clause->str) ?
+                                  levels_clause->str : "",
                                 min_qod_clause ? min_qod_clause : "",
                                 compliance_levels_clause ?: "");
 

From 6589a197dd043502000fd568317c5ad7b52323a3 Mon Sep 17 00:00:00 2001
From: Johannes Helmold <johannes.helmold@greenbone.net>
Date: Mon, 16 Sep 2024 09:24:30 +0200
Subject: [PATCH 082/134] Removed useless comment.

---
 src/manage_sql.c | 2 --
 1 file changed, 2 deletions(-)

diff --git a/src/manage_sql.c b/src/manage_sql.c
index eb5a7b429..2b87ba8ac 100644
--- a/src/manage_sql.c
+++ b/src/manage_sql.c
@@ -22358,8 +22358,6 @@ where_levels_auto (const char *levels, const char *new_severity_sql)
       count++;
     }
 
-  // HIERHIERHIER
-
   if (count == 0)
     {
       g_string_free (levels_sql, TRUE);

From f7e50860d24afa7cae4817494d65f20c35158112 Mon Sep 17 00:00:00 2001
From: Johannes Helmold <johannes.helmold@greenbone.net>
Date: Mon, 23 Sep 2024 11:08:55 +0200
Subject: [PATCH 083/134] Add: Added the new CVE scan method with the new CPE
 matching.

---
 src/manage.c             | 398 ++++++++++++++++++++++++++++++++-------
 src/manage.h             |  47 ++++-
 src/manage_pg.c          |  13 +-
 src/manage_sql.c         | 206 +++++++++++++++++++-
 src/manage_sql_secinfo.c | 105 ++++++++---
 5 files changed, 667 insertions(+), 102 deletions(-)

diff --git a/src/manage.c b/src/manage.c
index c924ca36e..97688b391 100644
--- a/src/manage.c
+++ b/src/manage.c
@@ -60,6 +60,7 @@
 #include "manage_sql_nvts.h"
 #include "manage_sql_tickets.h"
 #include "manage_sql_tls_certificates.h"
+#include "sql.h"
 #include "utils.h"
 
 #include <assert.h>
@@ -86,9 +87,11 @@
 #include <gvm/base/hosts.h>
 #include <bsd/unistd.h>
 #include <gvm/osp/osp.h>
+#include <gvm/util/cpeutils.h>
 #include <gvm/util/fileutils.h>
 #include <gvm/util/serverutils.h>
 #include <gvm/util/uuidutils.h>
+#include <gvm/util/versionutils.h>
 #include <gvm/gmp/gmp.h>
 
 #undef G_LOG_DOMAIN
@@ -3106,6 +3109,138 @@ set_scanner_connection_retry (int new_retry)
 
 /* CVE tasks. */
 
+static int
+check_version (const gchar *target, const gchar *start_incl, const gchar *start_excl, const gchar *end_incl, const gchar *end_excl)
+{
+  int result;
+
+  if (start_incl != NULL)
+    {
+      result = cmp_versions (start_incl, target);
+      if (result == -5)
+        return -1;
+      if (result > 0)
+        {
+          return 0;
+        }
+    }
+  if (start_excl != NULL)
+    {
+      result = cmp_versions (start_excl, target);
+      if (result == -5)
+        return -1;
+      if (result >= 0)
+        {
+          return 0;
+        }
+    }
+
+  if (end_incl != NULL)
+    {
+      result = cmp_versions (end_incl, target);
+      if (result == -5)
+        return -1;
+      if (result < 0)
+        {
+          return 0;
+        }
+    }
+
+  if (end_excl != NULL)
+    {
+      result = cmp_versions (end_excl, target);
+      if (result == -5)
+        return -1;
+      if (result <= 0)
+        {
+          return 0;
+        }
+    }
+
+  return (1);
+}
+
+static void
+check_cpe_match_rule (long long int node, gboolean *match, gboolean *vulnerable, report_host_t report_host, const char *host_cpe)
+{
+  iterator_t cpe_match_node_childs;
+  gchar *operator;
+  operator = sql_string ("SELECT operator FROM scap.cpe_match_nodes WHERE id = %llu", node);
+  init_cpe_match_node_childs_iterator (&cpe_match_node_childs, node);
+  while (next (&cpe_match_node_childs))
+    {
+      long long int child_node;
+      child_node = cpe_match_node_childs_iterator_id (&cpe_match_node_childs);
+      check_cpe_match_rule (child_node, match, vulnerable, report_host, host_cpe);
+      if (strcmp (operator, "AND") == 0 && !(*match))
+        return;
+      if (strcmp (operator, "OR") == 0 && (*match) && (*vulnerable))
+        return;
+    }
+  iterator_t cpe_match_ranges;
+  init_cpe_match_range_iterator (&cpe_match_ranges, node);
+  while (next (&cpe_match_ranges))
+    {
+      iterator_t cpe_host_details_products;
+      gchar *range_fs_cpe;
+      gchar *range_uri_product;
+      gchar *vsi, *vse, *vei, *vee;
+      range_fs_cpe = vsi = vse = vei = vee = NULL;
+      range_fs_cpe = g_strdup (cpe_match_range_iterator_cpe (&cpe_match_ranges));
+      vsi = (gchar*) cpe_match_range_iterator_version_start_incl(&cpe_match_ranges);
+      if (vsi != NULL)
+        vsi = g_strdup (cpe_match_range_iterator_version_start_incl(&cpe_match_ranges));
+      vse = g_strdup (cpe_match_range_iterator_version_start_excl(&cpe_match_ranges));
+      vei = g_strdup (cpe_match_range_iterator_version_end_incl(&cpe_match_ranges));
+      vee = g_strdup (cpe_match_range_iterator_version_end_excl(&cpe_match_ranges));
+      range_uri_product = fs_cpe_to_uri_product (range_fs_cpe);
+      init_host_details_cpe_product_iterator (&cpe_host_details_products, range_uri_product, report_host);
+      while (next (&cpe_host_details_products))
+        {
+          cpe_struct_t source, target;
+          const char *host_details_cpe;
+          gboolean matches;
+          host_details_cpe = host_details_cpe_product_iterator_value(&cpe_host_details_products);
+          cpe_struct_init (&source);
+          cpe_struct_init (&target);
+          fs_cpe_to_cpe_struct (range_fs_cpe, &source);
+          uri_cpe_to_cpe_struct (host_details_cpe, &target);
+          matches = cpe_struct_match (source, target);
+          if (matches)
+            {
+              int result;
+              result = check_version (target.version, vsi, vse, vei, vee);
+              if (result == 1)
+                *match = TRUE;
+            }
+          cpe_struct_free (&source);
+          cpe_struct_free (&target);
+        }
+      if (*match && cpe_match_range_iterator_vulnerable(&cpe_match_ranges) == 1)
+          {
+            cpe_struct_t source, target;
+            cpe_struct_init (&source);
+            cpe_struct_init (&target);
+            fs_cpe_to_cpe_struct (range_fs_cpe, &source);
+            uri_cpe_to_cpe_struct (host_cpe, &target);
+            if (cpe_struct_match (source, target))
+              *vulnerable = TRUE;
+            cpe_struct_free (&source);
+            cpe_struct_free (&target);
+          }
+      g_free (range_uri_product);
+      g_free (range_fs_cpe);
+      g_free (vsi);
+      g_free (vse);
+      g_free (vei);
+      g_free (vee);
+      if (strcmp (operator, "AND") == 0 && !(*match))
+        return;
+      if (strcmp (operator, "OR") == 0 && (*match) && (*vulnerable))
+        return;
+    }
+}
+
 /**
  * @brief Perform a CVE "scan" on a host.
  *
@@ -3161,89 +3296,218 @@ cve_scan_host (task_t task, report_t report, gvm_host_t *gvm_host)
           results = g_array_new (TRUE, TRUE, sizeof (result_t));
           start_time = time (NULL);
           prognosis_report_host = 0;
-          init_host_prognosis_iterator (&prognosis, report_host);
-          while (next (&prognosis))
+
+          gboolean use_json = FALSE;
+          if (sql_int64_0 ("SELECT count(*) FROM scap.cpe_match_nodes") > 0)
+            use_json = TRUE;
+
+          if (use_json)
             {
-              const char *app, *cve;
-              double severity;
-              gchar *desc;
-              iterator_t locations_iter;
-              GString *locations;
-              result_t result;
+              iterator_t host_details_cpe;
+              init_host_details_cpe_iterator (&host_details_cpe, report_host);
+              while (next (&host_details_cpe))
+                {
+                  iterator_t cpe_match_root_node;
+                  iterator_t locations_iter;
+                  result_t result;
+                  char *cpe_product;
+                  const char *host_cpe;
+                  double severity;
+
+                  host_cpe = host_details_cpe_iterator_cpe (&host_details_cpe);
+                  cpe_product = uri_cpe_to_fs_product (host_cpe);
+                  init_cpe_match_nodes_iterator (&cpe_match_root_node, cpe_product);
+                  while (next (&cpe_match_root_node))
+                    {
+                      result_t root_node;
+                      gboolean match, vulnerable;
+                      const char *app, *cve;
+
+                      vulnerable = FALSE;
+                      match = FALSE;
+                      root_node = cpe_match_nodes_iterator_root_id (&cpe_match_root_node);
+                      check_cpe_match_rule (root_node, &match, &vulnerable, report_host, host_cpe);
+                      if (match && vulnerable)
+                        {
+                          GString *locations;
+                          gchar *desc;
+
+                          if (prognosis_report_host == 0)
+                            prognosis_report_host = manage_report_host_add (report,
+                                                                            ip,
+                                                                            start_time,
+                                                                            0);
+
+                          severity = sql_double ("SELECT severity FROM scap.cves, scap.cpe_match_nodes"
+                                                 " WHERE scap.cves.id = scap.cpe_match_nodes.cve_id"
+                                                 " AND scap.cpe_match_nodes.id = %llu;",
+                                                 root_node);
+
+                          app = host_cpe;
+                          cve = sql_string ("SELECT name FROM scap.cves, scap.cpe_match_nodes"
+                                            " WHERE scap.cves.id = cpe_match_nodes.cve_id"
+                                            " AND scap.cpe_match_nodes.id = %llu;",
+                                            root_node);
+                          locations = g_string_new("");
+
+                          insert_report_host_detail (global_current_report, ip, "cve", cve,
+                                                     "CVE Scanner", "App", app, NULL);
+
+                          init_app_locations_iterator (&locations_iter, report_host, app);
+
+                          while (next (&locations_iter))
+                            {
+                              const char *location;
+                              location = app_locations_iterator_location (&locations_iter);
+
+                              if (location == NULL)
+                                {
+                                  g_warning ("%s: Location is null for ip %s, app %s",
+                                             __func__, ip, app);
+                                  continue;
+                                }
+
+                              if (locations->len)
+                                {
+                                  g_string_append (locations, ", ");
+                                }
+                              g_string_append (locations, location);
+
+                              insert_report_host_detail (report, ip, "cve", cve,
+                                                         "CVE Scanner", app, location, NULL);
+
+                              insert_report_host_detail (report, ip, "cve", cve,
+                                                         "CVE Scanner", "detected_at",
+                                                         location, NULL);
+
+                              insert_report_host_detail (report, ip, "cve", cve,
+                                                         "CVE Scanner", "detected_by",
+                                                         /* Detected by itself. */
+                                                         cve, NULL);
+                            }
+
+                          const char *description;
+                          description = sql_string ("SELECT description FROM scap.cves, scap.cpe_match_nodes"
+                                                    " WHERE scap.cves.id = scap.cpe_match_nodes.cve_id"
+                                                    " AND scap.cpe_match_nodes.id = %llu;",
+                                                    root_node);
 
-              if (prognosis_report_host == 0)
-                prognosis_report_host = manage_report_host_add (report,
-                                                                ip,
-                                                                start_time,
-                                                                0);
+                          desc = g_strdup_printf ("The host carries the product: %s\n"
+                                                  "It is vulnerable according to: %s.\n"
+                                                  "%s%s%s"
+                                                  "\n"
+                                                  "%s",
+                                                  app,
+                                                  cve,
+                                                  locations->len
+                                                   ? "The product was found at: "
+                                                   : "",
+                                                  locations->len ? locations->str : "",
+                                                  locations->len ? ".\n" : "",
+                                                  description);
 
-              severity = prognosis_iterator_cvss_double (&prognosis);
+                          g_debug ("%s: making result with severity %1.1f desc [%s]",
+                           __func__, severity, desc);
 
-              app = prognosis_iterator_cpe (&prognosis);
-              cve = prognosis_iterator_cve (&prognosis);
-              locations = g_string_new("");
+                          result = make_cve_result (task, ip, cve, severity, desc);
+                          g_free (desc);
 
-              insert_report_host_detail (global_current_report, ip, "cve", cve,
-                                         "CVE Scanner", "App", app, NULL);
+                          g_array_append_val (results, result);
 
-              init_app_locations_iterator (&locations_iter, report_host, app);
+                          g_string_free (locations, TRUE);
 
-              while (next (&locations_iter))
+                        }
+                    }
+                  g_free (cpe_product);
+                }
+              cleanup_iterator (&host_details_cpe);
+            }
+
+          if (!use_json)
+            {
+              init_host_prognosis_iterator (&prognosis, report_host);
+              while (next (&prognosis))
                 {
-                  const char *location;
-                  location = app_locations_iterator_location (&locations_iter);
+                  const char *app, *cve;
+                  double severity;
+                  gchar *desc;
+                  iterator_t locations_iter;
+                  GString *locations;
+                  result_t result;
+
+                  if (prognosis_report_host == 0)
+                    prognosis_report_host = manage_report_host_add (report,
+                                                                    ip,
+                                                                    start_time,
+                                                                    0);
+
+                  severity = prognosis_iterator_cvss_double (&prognosis);
+
+                  app = prognosis_iterator_cpe (&prognosis);
+                  cve = prognosis_iterator_cve (&prognosis);
+                  locations = g_string_new("");
+
+                  insert_report_host_detail (global_current_report, ip, "cve", cve,
+                                             "CVE Scanner", "App", app, NULL);
 
-                  if (location == NULL)
+                  init_app_locations_iterator (&locations_iter, report_host, app);
+
+                  while (next (&locations_iter))
                     {
-                      g_warning ("%s: Location is null for ip %s, app %s",
-                                 __func__, ip, app);
-                      continue;
-                    }
+                      const char *location;
+                      location = app_locations_iterator_location (&locations_iter);
+
+                      if (location == NULL)
+                        {
+                          g_warning ("%s: Location is null for ip %s, app %s",
+                                     __func__, ip, app);
+                          continue;
+                        }
 
-                  if (locations->len)
-                    g_string_append (locations, ", ");
-                  g_string_append (locations, location);
+                      if (locations->len)
+                        g_string_append (locations, ", ");
+                      g_string_append (locations, location);
 
-                  insert_report_host_detail (report, ip, "cve", cve,
-                                             "CVE Scanner", app, location, NULL);
+                      insert_report_host_detail (report, ip, "cve", cve,
+                                                 "CVE Scanner", app, location, NULL);
 
-                  insert_report_host_detail (report, ip, "cve", cve,
-                                             "CVE Scanner", "detected_at",
-                                             location, NULL);
+                      insert_report_host_detail (report, ip, "cve", cve,
+                                                 "CVE Scanner", "detected_at",
+                                                 location, NULL);
 
-                  insert_report_host_detail (report, ip, "cve", cve,
-                                             "CVE Scanner", "detected_by",
-                                             /* Detected by itself. */
-                                             cve, NULL);
-                }
+                      insert_report_host_detail (report, ip, "cve", cve,
+                                                 "CVE Scanner", "detected_by",
+                                                 /* Detected by itself. */
+                                                 cve, NULL);
+                    }
 
-              desc = g_strdup_printf ("The host carries the product: %s\n"
-                                      "It is vulnerable according to: %s.\n"
-                                      "%s%s%s"
-                                      "\n"
-                                      "%s",
-                                      app,
-                                      cve,
-                                      locations->len
-                                       ? "The product was found at: "
-                                       : "",
-                                      locations->len ? locations->str : "",
-                                      locations->len ? ".\n" : "",
-                                      prognosis_iterator_description
-                                       (&prognosis));
-
-              g_debug ("%s: making result with severity %1.1f desc [%s]",
-                       __func__, severity, desc);
-
-              result = make_cve_result (task, ip, cve, severity, desc);
-              g_free (desc);
-
-              g_array_append_val (results, result);
-
-              g_string_free (locations, TRUE);
+                  desc = g_strdup_printf ("The host carries the product: %s\n"
+                                          "It is vulnerable according to: %s.\n"
+                                          "%s%s%s"
+                                          "\n"
+                                          "%s",
+                                          app,
+                                          cve,
+                                          locations->len
+                                           ? "The product was found at: "
+                                           : "",
+                                          locations->len ? locations->str : "",
+                                          locations->len ? ".\n" : "",
+                                          prognosis_iterator_description
+                                           (&prognosis));
+
+                  g_debug ("%s: making result with severity %1.1f desc [%s]",
+                           __func__, severity, desc);
+
+                  result = make_cve_result (task, ip, cve, severity, desc);
+                  g_free (desc);
+
+                  g_array_append_val (results, result);
+
+                  g_string_free (locations, TRUE);
+                }
+              cleanup_iterator (&prognosis);
             }
-          cleanup_iterator (&prognosis);
-
           report_add_results_array (report, results);
           g_array_free (results, TRUE);
 
diff --git a/src/manage.h b/src/manage.h
index 0ee2e9c23..226f56753 100644
--- a/src/manage.h
+++ b/src/manage.h
@@ -1688,7 +1688,52 @@ void
 init_app_locations_iterator (iterator_t*, report_host_t, const gchar *);
 
 const char *
-app_locations_iterator_location (iterator_t *);
+app_locations_iterator_location (iterator_t*);
+
+void
+init_cpe_match_nodes_iterator (iterator_t*, const char *);
+
+long long int
+cpe_match_nodes_iterator_root_id (iterator_t*);
+
+void
+init_host_details_cpe_iterator (iterator_t*, report_host_t);
+
+const char*
+host_details_cpe_iterator_cpe (iterator_t*);
+
+void
+init_cpe_match_node_childs_iterator (iterator_t*, long long int);
+
+long long int
+cpe_match_node_childs_iterator_id (iterator_t*);
+
+void
+init_cpe_match_range_iterator (iterator_t*, long long int);
+
+const char*
+cpe_match_range_iterator_cpe (iterator_t*);
+
+const char*
+cpe_match_range_iterator_version_start_incl (iterator_t*);
+
+const char*
+cpe_match_range_iterator_version_start_excl (iterator_t*);
+
+const char*
+cpe_match_range_iterator_version_end_incl (iterator_t*);
+
+const char*
+cpe_match_range_iterator_version_end_excl (iterator_t*);
+
+int
+cpe_match_range_iterator_vulnerable (iterator_t*);
+
+void
+init_host_details_cpe_product_iterator (iterator_t*, const char *, report_host_t);
+
+const char*
+host_details_cpe_product_iterator_value (iterator_t*);
 
 void
 init_host_prognosis_iterator (iterator_t*, report_host_t);
diff --git a/src/manage_pg.c b/src/manage_pg.c
index dba91d68f..e4e8ca4b8 100644
--- a/src/manage_pg.c
+++ b/src/manage_pg.c
@@ -1589,6 +1589,8 @@ manage_create_sql_functions ()
            "         THEN $1 = 0"
            "         WHEN 'false'"
            "         THEN $1 = -1"
+           "         WHEN 'error'"
+           "         THEN $1 = -3"
            "         ELSE 0::boolean"
            "         END);"
            "$$ LANGUAGE SQL"
@@ -3533,6 +3535,7 @@ manage_db_init (const gchar *name)
       sql ("CREATE TABLE scap2.cpe_match_nodes"
            " (id SERIAL PRIMARY KEY,"
            "  parent_id INTEGER DEFAULT 0,"
+           "  root_id INTEGER DEFAULT 0,"
            "  cve_id INTEGER DEFAULT 0,"
            "  operator text);");
 
@@ -3540,11 +3543,11 @@ manage_db_init (const gchar *name)
            " (id SERIAL PRIMARY KEY,"
            "  node_id INTEGER DEFAULT 0,"
            "  vulnerable INTEGER DEFAULT 0,"
-           "  cpe text,"
-           "  version_start_incl text,"
-           "  version_start_excl text,"
-           "  version_end_incl text,"
-           "  version_end_excl text);");
+           "  cpe text DEFAULT NULL,"
+           "  version_start_incl text DEFAULT NULL,"
+           "  version_start_excl text DEFAULT NULL,"
+           "  version_end_incl text DEFAULT NULL,"
+           "  version_end_excl text DEFAULT NULL);");
 
       sql ("CREATE TABLE scap2.cpe_details"
            " (id SERIAL PRIMARY KEY,"
diff --git a/src/manage_sql.c b/src/manage_sql.c
index c90a3a882..a3b67eb7b 100644
--- a/src/manage_sql.c
+++ b/src/manage_sql.c
@@ -20446,6 +20446,198 @@ app_locations_iterator_location (iterator_t *iterator)
   return iterator_string (iterator, 0);
 }
 
+/**
+ * @brief Initialize an iterator of CPEs for a report's host.
+ *
+ * @param[in]  iterator     Iterator.
+ * @param[in]  report_host  Report host.
+ */
+void
+init_host_details_cpe_iterator (iterator_t* iterator, report_host_t report_host)
+{
+  init_iterator (iterator,
+                 "SELECT LOWER (value) FROM report_host_details"
+                 " WHERE name = 'App' and report_host = %llu;",
+                 report_host);
+}
+
+/**
+ * @brief Get a CPE from an CPE iterator.
+ *
+ * @param[in]  iterator   Iterator.
+ *
+ * @return  The CPE.
+ */
+DEF_ACCESS (host_details_cpe_iterator_cpe, 0);
+
+/**
+ * @brief Initialize an iterator of CPEs for a product of a report's host.
+ *
+ * @param[in]  iterator     Iterator.
+ * @param[in]  product      The product for which to get the CPEs.
+ * @param[in]  report_host  Report host.
+ */
+void
+init_host_details_cpe_product_iterator (iterator_t* iterator, const char *product, report_host_t report_host)
+{
+  gchar *quoted_product;
+  quoted_product = sql_quote (product);
+  init_iterator (iterator,
+                 "SELECT DISTINCT LOWER (value) FROM report_host_details"
+                 " WHERE name = 'App' AND report_host = %llu"
+                 " AND value like '%s%s';",
+                 report_host, quoted_product, "%");
+  g_free (quoted_product);
+}
+
+/**
+ * @brief Get a CPE from an CPE product iterator.
+ *
+ * @param[in]  iterator   Iterator.
+ *
+ * @return  The CPE.
+ */
+DEF_ACCESS (host_details_cpe_product_iterator_value, 0);
+
+/**
+ * @brief Initialize an iterator of root_ids of CPE match nodes.
+ *
+ * @param[in]  iterator  Iterator.
+ * @param[in]  cpe       The cpe contained in the match nodes.
+ */
+void
+init_cpe_match_nodes_iterator (iterator_t* iterator, const char *cpe)
+{
+  gchar *quoted_cpe;
+  quoted_cpe = sql_quote (cpe);
+  init_iterator (iterator,
+                 "SELECT DISTINCT root_id"
+                 " FROM scap.cpe_match_nodes, scap.cpe_match_range"
+                 " WHERE cpe like '%s%s' AND scap.cpe_match_nodes.id = node_id;",
+                 quoted_cpe, "%");
+  g_free (quoted_cpe);
+}
+
+/**
+ * @brief Get a root id from an CPE match node iterator.
+ *
+ * @param[in]  iterator   Iterator.
+ *
+ * @return  The root id.
+ */
+long long int
+cpe_match_nodes_iterator_root_id (iterator_t* iterator)
+{
+  return iterator_int64 (iterator, 0);
+}
+
+/**
+ * @brief Initialize an iterator of childs of an CPE match node.
+ *
+ * @param[in]  iterator  Iterator.
+ * @param[in]  node      The match node with the childs.
+ */
+void
+init_cpe_match_node_childs_iterator (iterator_t* iterator, long long int node)
+{
+  init_iterator (iterator,
+                 "SELECT id FROM scap.cpe_match_nodes"
+                 " WHERE parent_id = %llu;",
+                 node);
+}
+
+/**
+ * @brief Get a child from an CPE match node childs iterator.
+ *
+ * @param[in]  iterator   Iterator.
+ *
+ * @return  The id of the child node.
+ */
+long long int
+cpe_match_node_childs_iterator_id (iterator_t* iterator)
+{
+  return iterator_int64 (iterator, 0);
+}
+
+/**
+ * @brief Initialize an iterator of match ranges of an CPE match node.
+ *
+ * @param[in]  iterator  Iterator.
+ * @param[in]  node      The match node with match ranges.
+ */
+void
+init_cpe_match_range_iterator (iterator_t* iterator, long long int node)
+{
+  init_iterator (iterator,
+                 "SELECT vulnerable, cpe, version_start_incl,"
+                 " version_start_excl, version_end_incl, version_end_excl"
+                 " FROM scap.cpe_match_range"
+                 " WHERE node_id = %llu;",
+                 node);
+}
+
+/**
+ * @brief Return if the CPE of the actual match node is vulnerable.
+ *
+ * @param[in]  iterator   Iterator.
+ *
+ * @return  1 if the match node is vulnerable, 0 otherwise.
+ */
+int
+cpe_match_range_iterator_vulnerable (iterator_t* iterator)
+{
+  return iterator_int64 (iterator, 0);
+}
+
+/**
+ * @brief Return the CPE of the actual match node.
+ *
+ * @param[in]  iterator   Iterator.
+ *
+ * @return   The CPE of the actual match node.
+ */
+DEF_ACCESS (cpe_match_range_iterator_cpe, 1);
+
+/**
+ * @brief Return the start included version of the actual match node.
+ *
+ * @param[in]  iterator   Iterator.
+ *
+ * @return   The start included version of the actual match node, if any.
+ *           NULL otherwise.
+ */
+DEF_ACCESS (cpe_match_range_iterator_version_start_incl, 2);
+
+/**
+ * @brief Return the start excluded version of the actual match node.
+ *
+ * @param[in]  iterator   Iterator.
+ *
+ * @return   The start excluded version of the actual match node, if any.
+ *           NULL otherwise.
+ */
+DEF_ACCESS (cpe_match_range_iterator_version_start_excl, 3);
+
+/**
+ * @brief Return the end included version of the actual match node.
+ *
+ * @param[in]  iterator   Iterator.
+ *
+ * @return   The end included version of the actual match node, if any.
+ *           NULL otherwise.
+ */
+DEF_ACCESS (cpe_match_range_iterator_version_end_incl, 4);
+
+/**
+ * @brief Return the end excluded version of the actual match node.
+ *
+ * @param[in]  iterator   Iterator.
+ *
+ * @return   The end excluded version of the actual match node, if any.
+ *           NULL otherwise.
+ */
+DEF_ACCESS (cpe_match_range_iterator_version_end_excl, 5);
+
 /**
  * @brief Initialise a report host prognosis iterator.
  *
@@ -22357,6 +22549,16 @@ where_levels_auto (const char *levels, const char *new_severity_sql)
       g_string_append (levels_sql, ", 'false'");
       count++;
     }
+  if (strchr (levels, 'e'))
+    {
+      g_string_append (levels_sql, ", 'error'");
+      count++;
+    }
+  if (strchr (levels, 'd'))
+    {
+      g_string_append (levels_sql, ", 'error'");
+      count++;
+    }
 
   if (count == 0)
     {
@@ -23086,6 +23288,8 @@ results_extra_where (int trash, report_t report, const gchar* host,
 
   min_qod_clause = where_qod (min_qod);
 
+  g_message ("PROTO1: %s", levels);
+  fflush (NULL);
   levels_clause = where_levels_auto (levels ? levels : "hmlgdf",
                                      given_new_severity_sql
                                       ? given_new_severity_sql
@@ -23099,7 +23303,7 @@ results_extra_where (int trash, report_t report, const gchar* host,
   extra_where = g_strdup_printf("%s%s%s%s%s",
                                 report_clause ? report_clause : "",
                                 host_clause ? host_clause : "",
-                                levels_clause->str,
+                                (levels_clause && levels_clause->str) ? levels_clause->str : "",
                                 min_qod_clause ? min_qod_clause : "",
                                 compliance_levels_clause ?: "");
 
diff --git a/src/manage_sql_secinfo.c b/src/manage_sql_secinfo.c
index d189d83bb..e592f4606 100644
--- a/src/manage_sql_secinfo.c
+++ b/src/manage_sql_secinfo.c
@@ -2703,7 +2703,9 @@ json_object_item_double (cJSON *object, char *key, double fallback)
  * @brief Save the node of a cve match rule tree.
  *
  * @param[in]  parent_id  The parent_id of the node. If this value is 0,
- *                        this node is the root of the tree.
+ *                        the node is the root of the tree.
+ * @param[in]  root_id    The id of the root of the tree. If this value
+ *                        is 0, the node is the root of the tree.
  * @param[in]  cve_id     The id of the CVE to which the tree belongs.
  * @param[in]  operator   The operator for the match rules.
  *
@@ -2737,7 +2739,6 @@ add_cpe_match_rules (result_t id, cJSON *match_rules)
   cJSON *cpe_js;
 
   gboolean vulnerable = FALSE;
-  char * cpe = NULL;
   char * version_start_incl = NULL;
   char * version_start_excl = NULL;
   char * version_end_incl = NULL;
@@ -2745,9 +2746,9 @@ add_cpe_match_rules (result_t id, cJSON *match_rules)
 
   cJSON_ArrayForEach(match_rule, match_rules)
     {
-      char *quoted_cpe;
+      char *quoted_cpe = NULL;
+      char *sql_cpe = NULL;
       vulnerable = FALSE;
-      cpe = NULL;
       version_start_incl = NULL;
       version_start_excl = NULL;
       version_end_incl = NULL;
@@ -2757,22 +2758,40 @@ add_cpe_match_rules (result_t id, cJSON *match_rules)
         vulnerable = TRUE;
       else
         vulnerable = FALSE;
+
       cpe_js = cJSON_GetObjectItemCaseSensitive(match_rule, "cpe23Uri");
-      if (cpe_js != NULL)
-        cpe = cpe_js->valuestring;
-      quoted_cpe = sql_quote (cpe);
+      if (cpe_js != NULL && strcmp (cpe_js->valuestring, "(null)"))
+        {
+          quoted_cpe = sql_quote (cpe_js->valuestring);
+          sql_cpe = g_strdup_printf ("'%s'", quoted_cpe);
+          g_free (quoted_cpe);
+        }
+      else
+        sql_cpe = g_strdup ("NULL");
+
       ver_se = cJSON_GetObjectItemCaseSensitive(match_rule, "versionStartIncluding");
-      if (ver_se != NULL)
-        version_start_incl = ver_se->valuestring;
+      if (ver_se != NULL && strcmp (ver_se->valuestring, "(null)"))
+        version_start_incl = g_strdup_printf ("'%s'", ver_se->valuestring);
+      else
+        version_start_incl = g_strdup ("NULL");
+
       ver_se = cJSON_GetObjectItemCaseSensitive(match_rule, "versionStartExcluding");
-      if (ver_se != NULL)
-        version_start_excl = ver_se->valuestring;
+      if (ver_se != NULL && strcmp (ver_se->valuestring, "(null)"))
+        version_start_excl = g_strdup_printf ("'%s'", ver_se->valuestring);
+      else
+        version_start_excl = g_strdup ("NULL");
+
       ver_se = cJSON_GetObjectItemCaseSensitive(match_rule, "versionEndIncluding");
-      if (ver_se != NULL)
-        version_end_incl = ver_se->valuestring;
+      if (ver_se != NULL && strcmp (ver_se->valuestring, "(null)"))
+        version_end_incl = g_strdup_printf ("'%s'", ver_se->valuestring);
+      else
+        version_end_incl = g_strdup ("NULL");
+
       ver_se = cJSON_GetObjectItemCaseSensitive(match_rule, "versionEndExcluding");
-      if (ver_se != NULL)
-        version_end_excl = ver_se->valuestring;
+      if (ver_se != NULL && strcmp (ver_se->valuestring, "(null)"))
+        version_end_excl = g_strdup_printf ("'%s'", ver_se->valuestring);
+      else
+        version_end_excl = g_strdup ("NULL");
 
       sql
        ("INSERT INTO scap2.cpe_match_range"
@@ -2780,30 +2799,51 @@ add_cpe_match_rules (result_t id, cJSON *match_rules)
         "  version_start_incl, version_start_excl,"
         "  version_end_incl, version_end_excl)"
         " VALUES"
-        " (%llu, %d, '%s', '%s', '%s', '%s', '%s')",
+        " (%llu, %d, %s, %s, %s, %s, %s)",
         id,
         vulnerable ? 1 : 0,
-        quoted_cpe,
-        version_start_incl,
-        version_start_excl,
-        version_end_incl,
-        version_end_excl);
-      g_free (quoted_cpe);
+        sql_cpe ? sql_cpe : "",
+        version_start_incl ? version_start_incl : "",
+        version_start_excl ? version_start_excl : "",
+        version_end_incl ? version_end_incl : "",
+        version_end_excl ? version_end_excl : "");
+
+      g_free (sql_cpe);
+      g_free (version_start_incl);
+      g_free (version_start_excl);
+      g_free (version_end_incl);
+      g_free (version_end_excl);
     }
 }
 
+/**
+ * @brief Set the root id for a node of a cve match rule tree.
+ *
+ * @param[in]  id       The id of the node for which the root id is to be set.
+ * @param[in]  root_id  The id of the root of the tree this node belongs to.
+ */
+static void
+set_root_id (long int id, long int root_id)
+{
+  sql ("UPDATE scap2.cpe_match_nodes set root_id = %i"
+       " WHERE id = %i;",
+       root_id,
+       id);
+}
+
 /**
  * @brief Load and add recursively all nodes of a match rule tree for a
  *        specific CVE. Build a match rule tree.
  *
- * @param[in]  parent_id  The parent_id of the nodes to insert
+ * @param[in]  parent_id  The parent id of the nodes to insert
  *                        (0 for the root node).
+ * @param[in]  root_id    The root id of the nodes to insert
  * @param[in]  cveid      The id of the CVE the tree belongs to.
  * @param[in]  nodes      The JSON object that contains the rules for a
  *                        specific tree level.
  */
 static void
-load_nodes (resource_t parent_id, resource_t cveid, cJSON *nodes)
+load_nodes (resource_t parent_id, resource_t cveid, resource_t root_id, cJSON *nodes)
 {
   cJSON *node;
   resource_t id;
@@ -2823,13 +2863,22 @@ load_nodes (resource_t parent_id, resource_t cveid, cJSON *nodes)
   cJSON_ArrayForEach(node, nodes)
     {
       operator = cJSON_GetObjectItemCaseSensitive(node, "operator");
-      if (operator)
-        id = save_node (parent_id, cveid, operator->valuestring);
+      if (operator && operator->valuestring)
+        {
+          id = save_node (parent_id, cveid, operator->valuestring);
+        }
+      else
+        return;
+
+      if (parent_id == 0)
+          root_id = id;
+      set_root_id (id, root_id);
+
       cpe_match_rules = cJSON_GetObjectItemCaseSensitive(node, "cpe_match");
       if (cpe_match_rules)
         add_cpe_match_rules (id, cpe_match_rules);
       child_nodes = cJSON_GetObjectItemCaseSensitive(node, "children");
-      load_nodes (id, cveid, child_nodes);
+      load_nodes (id, cveid, root_id, child_nodes);
     }
 }
 
@@ -3007,7 +3056,7 @@ handle_json_cve_item (cJSON *item)
       g_warning("%s: nodes missing for %s.", __func__, cve_id);
       return -1;
     }
-  load_nodes (0, cve_db_id, nodes_json);
+  load_nodes (0, cve_db_id, 0, nodes_json);
 
   return 0;
 }

From d0c6ffd8c925476de5a50bc89bcd171896f0f85f Mon Sep 17 00:00:00 2001
From: Johannes Helmold <johannes.helmold@greenbone.net>
Date: Tue, 24 Sep 2024 10:14:33 +0200
Subject: [PATCH 084/134] Small amendment.

---
 src/manage.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/manage.c b/src/manage.c
index 97688b391..54b549754 100644
--- a/src/manage.c
+++ b/src/manage.c
@@ -3298,7 +3298,9 @@ cve_scan_host (task_t task, report_t report, gvm_host_t *gvm_host)
           prognosis_report_host = 0;
 
           gboolean use_json = FALSE;
-          if (sql_int64_0 ("SELECT count(*) FROM scap.cpe_match_nodes") > 0)
+          if (sql_int64_0 ("SELECT count(1) FROM information_schema.tables"
+                           " WHERE table_schema = 'scap'"
+                           " AND table_name = 'cpe_match_nodes';") > 0)
             use_json = TRUE;
 
           if (use_json)

From 271bd1e7ad20292afb2c5c4aaee0d1eba3775343 Mon Sep 17 00:00:00 2001
From: Johannes Helmold <johannes.helmold@greenbone.net>
Date: Wed, 25 Sep 2024 13:24:27 +0200
Subject: [PATCH 085/134] Small amendment.

---
 src/manage_sql.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/manage_sql.c b/src/manage_sql.c
index 5b19f2237..c468b3b5e 100644
--- a/src/manage_sql.c
+++ b/src/manage_sql.c
@@ -20453,10 +20453,10 @@ app_locations_iterator_location (iterator_t *iterator)
  * @param[in]  report_host  Report host.
  */
 void
-init_host_details_cpe_iterator (iterator_t* iterator, report_host_t report_host)
+init_host_details_cpe_iterator (iterator_t *iterator, report_host_t report_host)
 {
   init_iterator (iterator,
-                 "SELECT LOWER (value) FROM report_host_details"
+                 "SELECT DISTINCT LOWER (value) FROM report_host_details"
                  " WHERE name = 'App' and report_host = %llu;",
                  report_host);
 }

From d9f568d5b600a7c3fe2907f0e5bd5e1fecb5d7c7 Mon Sep 17 00:00:00 2001
From: robert-schardt <robert.schardt@greenbone.net>
Date: Fri, 27 Sep 2024 07:26:28 +0200
Subject: [PATCH 086/134] Change: Update gvm-libs image in prod.Dockerfile and
 build.Dockerfile (#2295)

Co-authored-by: Robert Schardt <robert.schardt@Macbook-Robert-Schardt.local>
---
 .docker/build.Dockerfile | 2 +-
 .docker/prod.Dockerfile  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.docker/build.Dockerfile b/.docker/build.Dockerfile
index a3fcbb304..885201235 100644
--- a/.docker/build.Dockerfile
+++ b/.docker/build.Dockerfile
@@ -2,7 +2,7 @@
 ARG GVM_LIBS_VERSION=oldstable
 
 # We want gvm-libs to be ready so we use the build docker image of gvm-libs
-FROM greenbone/gvm-libs:$GVM_LIBS_VERSION
+FROM registry.community.greenbone.net/community/gvm-libs:${GVM_LIBS_VERSION}
 
 # This will make apt-get install without question
 ARG DEBIAN_FRONTEND=noninteractive
diff --git a/.docker/prod.Dockerfile b/.docker/prod.Dockerfile
index 204d14036..1872962b8 100644
--- a/.docker/prod.Dockerfile
+++ b/.docker/prod.Dockerfile
@@ -20,7 +20,7 @@ RUN mkdir /build && \
     cmake -DCMAKE_BUILD_TYPE=Release $FEATURE_TOGGLE /source && \
     make DESTDIR=/install install
 
-FROM greenbone/gvm-libs:${GVM_LIBS_VERSION}
+FROM registry.community.greenbone.net/community/gvm-libs:${GVM_LIBS_VERSION}
 
 ARG DEBIAN_FRONTEND=noninteractive
 

From f2a941ce9751585c72a0d485cc0a4399c0108016 Mon Sep 17 00:00:00 2001
From: Jaspar Stach <jaspar.stach@greenbone.net>
Date: Fri, 27 Sep 2024 08:36:56 +0200
Subject: [PATCH 087/134] Update INSTALL.md

---
 INSTALL.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/INSTALL.md b/INSTALL.md
index ff9f1b144..a7b36c2bf 100644
--- a/INSTALL.md
+++ b/INSTALL.md
@@ -21,7 +21,7 @@ Prerequisites:
 
 Install these prerequisites on Debian GNU/Linux 'Buster' 10:
 
-    apt-get install gcc cmake libglib2.0-dev libgnutls28-dev libpq-dev postgresql-server-dev-11 pkg-config libical-dev xsltproc libgpgme-dev
+    apt-get install gcc cmake libcjson-dev libglib2.0-dev libgnutls28-dev libpq-dev postgresql-server-dev-11 pkg-config libical-dev xsltproc libgpgme-dev
 
 Prerequisites for building documentation:
 * Doxygen

From 5a7e62c5100be7511d3f7a50359f949f6f86d065 Mon Sep 17 00:00:00 2001
From: Ahmed Abdelsalam <ahmed.abdelsalam@greenbone.net>
Date: Tue, 8 Oct 2024 11:13:35 +0200
Subject: [PATCH 088/134] Change: Extend get_feeds GMP command. Added
 information on whether the feed owner and feed import roles are set and
 whether the user has access to feed resources.

---
 src/gmp.c                         | 50 +++++++++++++++++++++++++++++++
 src/manage_acl.c                  | 29 ++++++++++++++++++
 src/manage_acl.h                  |  3 ++
 src/schema_formats/XML/GMP.xml.in | 21 +++++++++++++
 4 files changed, 103 insertions(+)

diff --git a/src/gmp.c b/src/gmp.c
index 128ff751a..652e144db 100644
--- a/src/gmp.c
+++ b/src/gmp.c
@@ -12976,6 +12976,7 @@ static void
 handle_get_feeds (gmp_parser_t *gmp_parser, GError **error)
 {
   assert (current_credentials.username);
+  assert (current_credentials.uuid);
 
   if (acl_user_may ("get_feeds") == 0)
     {
@@ -12986,10 +12987,59 @@ handle_get_feeds (gmp_parser_t *gmp_parser, GError **error)
       return;
     }
 
+  char *feed_owner_uuid, *feed_roles;
+  gboolean feed_owner_set, feed_import_roles_set, feed_resources_access;
+
+  feed_owner_set = feed_import_roles_set = feed_resources_access = FALSE;
+
+  setting_value (SETTING_UUID_FEED_IMPORT_OWNER, &feed_owner_uuid);
+
+  if (feed_owner_uuid != NULL && strlen (feed_owner_uuid) > 0)
+    feed_owner_set = TRUE;
+  else
+    g_warning ("%s: No feed owner set.", __func__);
+
+  setting_value (SETTING_UUID_FEED_IMPORT_ROLES, &feed_roles);
+
+  if (feed_roles != NULL && strlen (feed_roles) > 0)
+    feed_import_roles_set = TRUE;
+  else
+    g_warning ("%s: No feed import roles set.", __func__);
+
+  if (feed_owner_uuid != NULL && strcmp (feed_owner_uuid, current_credentials.uuid) == 0)
+    feed_resources_access = TRUE;
+  else if (feed_roles != NULL)
+    {
+      gchar **roles = g_strsplit (feed_roles, ",", -1);
+      gchar **role = roles;
+      while (*role)
+      {
+        if (acl_user_has_role (current_credentials.uuid, *role))
+          {
+            feed_resources_access = TRUE;
+            break;
+          }
+        role++;
+      }
+      g_strfreev (roles);
+    }
+
+  free (feed_roles);
+  free (feed_owner_uuid);
+
   SEND_TO_CLIENT_OR_FAIL ("<get_feeds_response"
                           " status=\"" STATUS_OK "\""
                           " status_text=\"" STATUS_OK_TEXT "\">");
 
+  SENDF_TO_CLIENT_OR_FAIL ("<feed_owner_set>%s</feed_owner_set>",
+                           feed_owner_set ? "1" : "0");
+
+  SENDF_TO_CLIENT_OR_FAIL ("<feed_roles_set>%s</feed_roles_set>",
+                           feed_import_roles_set ? "1" : "0");
+
+  SENDF_TO_CLIENT_OR_FAIL ("<feed_resources_access>%s</feed_resources_access>",
+                           feed_resources_access ? "1" : "0");
+
   if ((get_feeds_data->type == NULL)
       || (strcasecmp (get_feeds_data->type, "nvt") == 0))
     get_feed (gmp_parser, error, NVT_FEED);
diff --git a/src/manage_acl.c b/src/manage_acl.c
index e2953d8f1..1041d564b 100644
--- a/src/manage_acl.c
+++ b/src/manage_acl.c
@@ -462,6 +462,35 @@ acl_user_is_user (const char *uuid)
   return ret;
 }
 
+/**
+ * @brief Check whether a user has a given role.
+ *
+ * @param[in]  user_uuid  UUID of the user.
+ * @param[in]  role_uuid  UUID of the role.
+ *
+ * @return 1 if user has the given role, else 0.
+ */
+int
+acl_user_has_role (const char *user_uuid, const char *role_uuid)
+{
+  int ret;
+  gchar *quoted_role_uuid, *quoted_user_uuid;
+
+  quoted_role_uuid = sql_quote (role_uuid);
+  quoted_user_uuid = sql_quote (user_uuid);
+
+  ret = sql_int ("SELECT count (*) FROM role_users"
+                 " WHERE role = (SELECT id FROM roles"
+                 "               WHERE uuid = '%s')"
+                 " AND \"user\" = (SELECT id FROM users WHERE uuid = '%s');",
+                 quoted_role_uuid, quoted_user_uuid);
+
+  g_free (quoted_role_uuid);
+  g_free (quoted_user_uuid);
+  return ret;
+}
+
+
 /* TODO This is only predicatable for unique fields like "id".  If the field
  *      is "name" then "SELECT ... format" will choose arbitrarily between
  *      the resources that have the same name. */
diff --git a/src/manage_acl.h b/src/manage_acl.h
index 3655ee10f..bb1a78b40 100644
--- a/src/manage_acl.h
+++ b/src/manage_acl.h
@@ -155,6 +155,9 @@ acl_user_is_super_admin (const char *);
 int
 acl_user_is_observer (const char *);
 
+int
+acl_user_has_role (const char *, const char *);
+
 int
 acl_user_owns (const char *, resource_t, int);
 
diff --git a/src/schema_formats/XML/GMP.xml.in b/src/schema_formats/XML/GMP.xml.in
index 91860510f..3218e237a 100644
--- a/src/schema_formats/XML/GMP.xml.in
+++ b/src/schema_formats/XML/GMP.xml.in
@@ -11525,8 +11525,26 @@ END:VCALENDAR
           <type>text</type>
           <required>1</required>
         </attrib>
+        <e>feed_owner_set</e>
+        <e>feed_roles_set</e>
+        <e>feed_resources_access</e>
         <any><e>feed</e></any>
       </pattern>
+      <ele>
+        <name>feed_owner_set</name>
+        <summary>Whether the feed owner is set</summary>
+        <pattern><t>boolean</t></pattern>
+      </ele>
+      <ele>
+        <name>feed_roles_set</name>
+        <summary>Whether the feed roles are set</summary>
+        <pattern><t>boolean</t></pattern>
+      </ele>
+      <ele>
+        <name>feed_resources_access</name>
+        <summary>Whether the user has access to feed resources</summary>
+        <pattern><t>boolean</t></pattern>
+      </ele>
       <ele>
         <name>feed</name>
         <pattern>
@@ -11590,6 +11608,9 @@ END:VCALENDAR
       </request>
       <response>
         <get_feeds_response status_text="OK" status="200">
+          <feed_owner_set>1</feed_owner_set>
+          <feed_roles_set>1</feed_roles_set>
+          <feed_resources_access>1</feed_resources_access>
           <feed>
             <type>NVT</type>
             <name>Greenbone Security Feed</name>

From 0761c87f5ab359b6cb3ab691215a63a04e2da2e2 Mon Sep 17 00:00:00 2001
From: Ahmed Abdelsalam <ahmed.abdelsalam@greenbone.net>
Date: Tue, 8 Oct 2024 11:50:26 +0200
Subject: [PATCH 089/134] Address review comments

---
 src/gmp.c | 16 +++++-----------
 1 file changed, 5 insertions(+), 11 deletions(-)

diff --git a/src/gmp.c b/src/gmp.c
index 652e144db..c9659aef6 100644
--- a/src/gmp.c
+++ b/src/gmp.c
@@ -12996,15 +12996,11 @@ handle_get_feeds (gmp_parser_t *gmp_parser, GError **error)
 
   if (feed_owner_uuid != NULL && strlen (feed_owner_uuid) > 0)
     feed_owner_set = TRUE;
-  else
-    g_warning ("%s: No feed owner set.", __func__);
 
   setting_value (SETTING_UUID_FEED_IMPORT_ROLES, &feed_roles);
 
   if (feed_roles != NULL && strlen (feed_roles) > 0)
     feed_import_roles_set = TRUE;
-  else
-    g_warning ("%s: No feed import roles set.", __func__);
 
   if (feed_owner_uuid != NULL && strcmp (feed_owner_uuid, current_credentials.uuid) == 0)
     feed_resources_access = TRUE;
@@ -13031,13 +13027,11 @@ handle_get_feeds (gmp_parser_t *gmp_parser, GError **error)
                           " status=\"" STATUS_OK "\""
                           " status_text=\"" STATUS_OK_TEXT "\">");
 
-  SENDF_TO_CLIENT_OR_FAIL ("<feed_owner_set>%s</feed_owner_set>",
-                           feed_owner_set ? "1" : "0");
-
-  SENDF_TO_CLIENT_OR_FAIL ("<feed_roles_set>%s</feed_roles_set>",
-                           feed_import_roles_set ? "1" : "0");
-
-  SENDF_TO_CLIENT_OR_FAIL ("<feed_resources_access>%s</feed_resources_access>",
+  SENDF_TO_CLIENT_OR_FAIL ("<feed_owner_set>%s</feed_owner_set>"
+                           "<feed_roles_set>%s</feed_roles_set>"
+                           "<feed_resources_access>%s</feed_resources_access>",
+                           feed_owner_set ? "1" : "0",
+                           feed_import_roles_set ? "1" : "0",
                            feed_resources_access ? "1" : "0");
 
   if ((get_feeds_data->type == NULL)

From 13d9083d5b94dc4fe77d85b224561870415bfb01 Mon Sep 17 00:00:00 2001
From: Matt Mundell <matt@mundell.me>
Date: Mon, 24 Jun 2024 22:19:03 +0200
Subject: [PATCH 090/134] Fix: Add DATA_TYPE back to GET_AGGREGATES/AGGREGATE

---
 src/gmp.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/gmp.c b/src/gmp.c
index c9659aef6..b45465aa5 100644
--- a/src/gmp.c
+++ b/src/gmp.c
@@ -10192,6 +10192,10 @@ buffer_aggregate_wc_xml (GString *xml, iterator_t* aggregate,
 
   g_string_append_printf (xml, "<aggregate>");
 
+  g_string_append_printf (xml,
+                          "<data_type>%s</data_type>",
+                          type);
+
   g_string_append_printf (xml,
                           "<group_column>%s</group_column>",
                           group_column);
@@ -10509,6 +10513,10 @@ buffer_aggregate_xml (GString *xml, iterator_t* aggregate, const gchar* type,
 
   g_string_append_printf (xml, "<aggregate>");
 
+  g_string_append_printf (xml,
+                          "<data_type>%s</data_type>",
+                          type);
+
   for (index = 0; index < data_columns->len ;index ++)
     {
       gchar *column_name = g_array_index (data_columns, gchar*, index);

From c0aa006509eb920ae08956ffeeea777c3d9fab2e Mon Sep 17 00:00:00 2001
From: Ahmed Abdelsalam <ahmed.abdelsalam@greenbone.net>
Date: Wed, 9 Oct 2024 11:40:16 +0200
Subject: [PATCH 091/134] Fix: Fix the check for including notes and overrides
 in results

---
 src/gmp.c | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/src/gmp.c b/src/gmp.c
index b45465aa5..4b73e9d1e 100644
--- a/src/gmp.c
+++ b/src/gmp.c
@@ -9727,16 +9727,16 @@ buffer_results_xml (GString *buffer, iterator_t *results, task_t task,
   buffer_xml_append_printf (buffer, "<compliance>%s</compliance>", compliance);
 
   if (include_notes
-      && use_delta_fields 
-         ? result_iterator_delta_may_have_notes (results)
-         : result_iterator_may_have_notes (results))
-    buffer_result_notes_xml (buffer, result,
-                             selected_task, include_notes_details, lean);
+      && (use_delta_fields
+          ? result_iterator_delta_may_have_notes (results)
+          : result_iterator_may_have_notes (results)))
+      buffer_result_notes_xml (buffer, result,
+                              selected_task, include_notes_details, lean);
 
   if (include_overrides
-      && use_delta_fields 
-         ? result_iterator_delta_may_have_overrides (results) 
-         : result_iterator_may_have_overrides (results))
+      && (use_delta_fields
+          ? result_iterator_delta_may_have_overrides (results)
+          : result_iterator_may_have_overrides (results)))
     buffer_result_overrides_xml (buffer, result,
                                  selected_task, include_overrides_details,
                                  lean);

From 6c3ea692e2906dcfb9b53c44a8ecc9976ea210d8 Mon Sep 17 00:00:00 2001
From: Ahmed Abdelsalam <ahmed.abdelsalam@greenbone.net>
Date: Wed, 9 Oct 2024 11:58:19 +0200
Subject: [PATCH 092/134] Fix indentation

---
 src/gmp.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/gmp.c b/src/gmp.c
index 4b73e9d1e..8ede8d6a9 100644
--- a/src/gmp.c
+++ b/src/gmp.c
@@ -9730,8 +9730,8 @@ buffer_results_xml (GString *buffer, iterator_t *results, task_t task,
       && (use_delta_fields
           ? result_iterator_delta_may_have_notes (results)
           : result_iterator_may_have_notes (results)))
-      buffer_result_notes_xml (buffer, result,
-                              selected_task, include_notes_details, lean);
+    buffer_result_notes_xml (buffer, result,
+                             selected_task, include_notes_details, lean);
 
   if (include_overrides
       && (use_delta_fields

From a9c5a08d61f0feeacc8151a8be47659e4d7a6be5 Mon Sep 17 00:00:00 2001
From: Ahmed Abdelsalam <ahmed.abdelsalam@greenbone.net>
Date: Tue, 15 Oct 2024 15:08:21 +0200
Subject: [PATCH 093/134] Change: Enable feature toggle for compliance reports
 by default

---
 CMakeLists.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index f646ba2a4..bc7b71249 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -248,7 +248,7 @@ endif (NOT CVSS3_RATINGS)
 add_definitions (-DCVSS3_RATINGS=${CVSS3_RATINGS})
 
 if (NOT COMPLIANCE_REPORTS)
-  set (COMPLIANCE_REPORTS 0)
+  set (COMPLIANCE_REPORTS 1)
 endif (NOT COMPLIANCE_REPORTS)
 add_definitions (-DCOMPLIANCE_REPORTS=${COMPLIANCE_REPORTS})
 

From 821576749702907b03ae1c8f17b9e49867fac86a Mon Sep 17 00:00:00 2001
From: Greenbone Bot <github-bot@greenbone.net>
Date: Thu, 17 Oct 2024 09:55:36 +0000
Subject: [PATCH 094/134] Automatic release to 24.0.0

---
 CMakeLists.txt | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index bc7b71249..6ffdec4a2 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -20,7 +20,7 @@ cmake_minimum_required (VERSION 3.0)
 message ("-- Configuring Greenbone Vulnerability Manager...")
 
 project (gvm
-         VERSION 23.10.1
+         VERSION 24.0.0
          LANGUAGES C)
 
 if (POLICY CMP0005)
@@ -58,7 +58,7 @@ endif (NOT CMAKE_BUILD_TYPE MATCHES "Release")
 
 # Set dev version if this is a development version and not a full release,
 # unset (put value 0 or delete line) before a full release and reset after.
-set (PROJECT_DEV_VERSION 1)
+set (PROJECT_DEV_VERSION 0)
 
 # If PROJECT_DEV_VERSION is set, the version string will be set to:
 #   "major.minor.patch~dev${PROJECT_DEV_VERSION}${GIT_REVISION}"

From 88cdf82af784e57ee65eea936b94044c663c7b3b Mon Sep 17 00:00:00 2001
From: Greenbone Bot <github-bot@greenbone.net>
Date: Thu, 17 Oct 2024 09:55:38 +0000
Subject: [PATCH 095/134] Automatic adjustments after release [skip ci]

* Update to version 24.0.1-dev1
---
 CMakeLists.txt | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 6ffdec4a2..9d3b36a5a 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -20,7 +20,7 @@ cmake_minimum_required (VERSION 3.0)
 message ("-- Configuring Greenbone Vulnerability Manager...")
 
 project (gvm
-         VERSION 24.0.0
+         VERSION 24.0.1
          LANGUAGES C)
 
 if (POLICY CMP0005)
@@ -58,7 +58,7 @@ endif (NOT CMAKE_BUILD_TYPE MATCHES "Release")
 
 # Set dev version if this is a development version and not a full release,
 # unset (put value 0 or delete line) before a full release and reset after.
-set (PROJECT_DEV_VERSION 0)
+set (PROJECT_DEV_VERSION 1)
 
 # If PROJECT_DEV_VERSION is set, the version string will be set to:
 #   "major.minor.patch~dev${PROJECT_DEV_VERSION}${GIT_REVISION}"

From ed5123e29077dd2a5e73fc81326f3e2cab33ad31 Mon Sep 17 00:00:00 2001
From: Johannes Helmold <johannes.helmold@greenbone.net>
Date: Fri, 18 Oct 2024 16:06:09 +0200
Subject: [PATCH 096/134] Some amendments.

---
 src/manage.c             | 316 +++++++++++++++++++++------------------
 src/manage_sql.c         |  11 +-
 src/manage_sql_secinfo.c |  10 +-
 3 files changed, 176 insertions(+), 161 deletions(-)

diff --git a/src/manage.c b/src/manage.c
index 54b549754..159d5fa60 100644
--- a/src/manage.c
+++ b/src/manage.c
@@ -3165,6 +3165,8 @@ check_cpe_match_rule (long long int node, gboolean *match, gboolean *vulnerable,
 {
   iterator_t cpe_match_node_childs;
   gchar *operator;
+  iterator_t cpe_match_ranges;
+
   operator = sql_string ("SELECT operator FROM scap.cpe_match_nodes WHERE id = %llu", node);
   init_cpe_match_node_childs_iterator (&cpe_match_node_childs, node);
   while (next (&cpe_match_node_childs))
@@ -3177,7 +3179,7 @@ check_cpe_match_rule (long long int node, gboolean *match, gboolean *vulnerable,
       if (strcmp (operator, "OR") == 0 && (*match) && (*vulnerable))
         return;
     }
-  iterator_t cpe_match_ranges;
+
   init_cpe_match_range_iterator (&cpe_match_ranges, node);
   while (next (&cpe_match_ranges))
     {
@@ -3187,12 +3189,10 @@ check_cpe_match_rule (long long int node, gboolean *match, gboolean *vulnerable,
       gchar *vsi, *vse, *vei, *vee;
       range_fs_cpe = vsi = vse = vei = vee = NULL;
       range_fs_cpe = g_strdup (cpe_match_range_iterator_cpe (&cpe_match_ranges));
-      vsi = (gchar*) cpe_match_range_iterator_version_start_incl(&cpe_match_ranges);
-      if (vsi != NULL)
-        vsi = g_strdup (cpe_match_range_iterator_version_start_incl(&cpe_match_ranges));
-      vse = g_strdup (cpe_match_range_iterator_version_start_excl(&cpe_match_ranges));
-      vei = g_strdup (cpe_match_range_iterator_version_end_incl(&cpe_match_ranges));
-      vee = g_strdup (cpe_match_range_iterator_version_end_excl(&cpe_match_ranges));
+      vsi = g_strdup (cpe_match_range_iterator_version_start_incl (&cpe_match_ranges));
+      vse = g_strdup (cpe_match_range_iterator_version_start_excl (&cpe_match_ranges));
+      vei = g_strdup (cpe_match_range_iterator_version_end_incl (&cpe_match_ranges));
+      vee = g_strdup (cpe_match_range_iterator_version_end_excl (&cpe_match_ranges));
       range_uri_product = fs_cpe_to_uri_product (range_fs_cpe);
       init_host_details_cpe_product_iterator (&cpe_host_details_products, range_uri_product, report_host);
       while (next (&cpe_host_details_products))
@@ -3200,12 +3200,12 @@ check_cpe_match_rule (long long int node, gboolean *match, gboolean *vulnerable,
           cpe_struct_t source, target;
           const char *host_details_cpe;
           gboolean matches;
-          host_details_cpe = host_details_cpe_product_iterator_value(&cpe_host_details_products);
+          host_details_cpe = host_details_cpe_product_iterator_value (&cpe_host_details_products);
           cpe_struct_init (&source);
           cpe_struct_init (&target);
           fs_cpe_to_cpe_struct (range_fs_cpe, &source);
           uri_cpe_to_cpe_struct (host_details_cpe, &target);
-          matches = cpe_struct_match (source, target);
+          matches = cpe_struct_match (&source, &target);
           if (matches)
             {
               int result;
@@ -3216,18 +3216,18 @@ check_cpe_match_rule (long long int node, gboolean *match, gboolean *vulnerable,
           cpe_struct_free (&source);
           cpe_struct_free (&target);
         }
-      if (*match && cpe_match_range_iterator_vulnerable(&cpe_match_ranges) == 1)
-          {
-            cpe_struct_t source, target;
-            cpe_struct_init (&source);
-            cpe_struct_init (&target);
-            fs_cpe_to_cpe_struct (range_fs_cpe, &source);
-            uri_cpe_to_cpe_struct (host_cpe, &target);
-            if (cpe_struct_match (source, target))
-              *vulnerable = TRUE;
-            cpe_struct_free (&source);
-            cpe_struct_free (&target);
-          }
+      if (*match && cpe_match_range_iterator_vulnerable (&cpe_match_ranges) == 1)
+        {
+          cpe_struct_t source, target;
+          cpe_struct_init (&source);
+          cpe_struct_init (&target);
+          fs_cpe_to_cpe_struct (range_fs_cpe, &source);
+          uri_cpe_to_cpe_struct (host_cpe, &target);
+          if (cpe_struct_match (&source, &target))
+            *vulnerable = TRUE;
+          cpe_struct_free (&source);
+          cpe_struct_free (&target);
+        }
       g_free (range_uri_product);
       g_free (range_fs_cpe);
       g_free (vsi);
@@ -3241,6 +3241,150 @@ check_cpe_match_rule (long long int node, gboolean *match, gboolean *vulnerable,
     }
 }
 
+/**
+ * @brief Perform the json CVE "scan" for the found report host.
+ *
+ * @param[in]  task        Task.
+ * @param[in]  report      The report to add the host, results and details to.
+ * @param[in]  report_host The report host.
+ * @param[in]  ip          The ip of the report host.
+ * @param[in]  start_time  The start time of the scan.
+ *
+ * @param[out] prognosis_report_host  The report_host with prognosis results
+ *                                    and host details.
+ * @param[out] results                The results of the scan.
+ */
+static void
+cve_scan_report_host_json (task_t task,
+                           report_t report,
+                           report_host_t report_host,
+                           gchar *ip,
+                           int start_time,
+                           int *prognosis_report_host,
+                           GArray *results)
+{
+  iterator_t host_details_cpe;
+  init_host_details_cpe_iterator (&host_details_cpe, report_host);
+  while (next (&host_details_cpe))
+    {
+      iterator_t cpe_match_root_node;
+      iterator_t locations_iter;
+      result_t result;
+      char *cpe_product;
+      const char *host_cpe;
+      double severity;
+
+      g_message ("PROTO1: WHILE1");
+
+      host_cpe = host_details_cpe_iterator_cpe (&host_details_cpe);
+      cpe_product = uri_cpe_to_fs_product (host_cpe);
+      init_cpe_match_nodes_iterator (&cpe_match_root_node, cpe_product);
+      while (next (&cpe_match_root_node))
+        {
+          result_t root_node;
+          gboolean match, vulnerable;
+          const char *app, *cve;
+
+          vulnerable = FALSE;
+          match = FALSE;
+          root_node = cpe_match_nodes_iterator_root_id (&cpe_match_root_node);
+          check_cpe_match_rule (root_node, &match, &vulnerable, report_host, host_cpe);
+          if (match && vulnerable)
+            {
+              GString *locations;
+              gchar *desc;
+
+              if (*prognosis_report_host == 0)
+                *prognosis_report_host = manage_report_host_add (report,
+                                                                 ip,
+                                                                 start_time,
+                                                                 0);
+
+              severity = sql_double ("SELECT severity FROM scap.cves, scap.cpe_match_nodes"
+                                     " WHERE scap.cves.id = scap.cpe_match_nodes.cve_id"
+                                     " AND scap.cpe_match_nodes.id = %llu;",
+                                     root_node);
+
+              app = host_cpe;
+              cve = sql_string ("SELECT name FROM scap.cves, scap.cpe_match_nodes"
+                                " WHERE scap.cves.id = cpe_match_nodes.cve_id"
+                                " AND scap.cpe_match_nodes.id = %llu;",
+                                root_node);
+              locations = g_string_new ("");
+
+              insert_report_host_detail (global_current_report, ip, "cve", cve,
+                                         "CVE Scanner", "App", app, NULL);
+
+              init_app_locations_iterator (&locations_iter, report_host, app);
+
+              while (next (&locations_iter))
+                {
+                  const char *location;
+                  location = app_locations_iterator_location (&locations_iter);
+
+                  if (location == NULL)
+                    {
+                      g_warning ("%s: Location is null for ip %s, app %s",
+                                 __func__, ip, app);
+                      continue;
+                    }
+
+                  if (locations->len)
+                    {
+                      g_string_append (locations, ", ");
+                    }
+                  g_string_append (locations, location);
+
+                  insert_report_host_detail (report, ip, "cve", cve,
+                                             "CVE Scanner", app, location, NULL);
+
+                  insert_report_host_detail (report, ip, "cve", cve,
+                                             "CVE Scanner", "detected_at",
+                                             location, NULL);
+
+                  insert_report_host_detail (report, ip, "cve", cve,
+                                             "CVE Scanner", "detected_by",
+                                             /* Detected by itself. */
+                                             cve, NULL);
+                }
+
+              const char *description;
+              description = sql_string ("SELECT description FROM scap.cves, scap.cpe_match_nodes"
+                                        " WHERE scap.cves.id = scap.cpe_match_nodes.cve_id"
+                                        " AND scap.cpe_match_nodes.id = %llu;",
+                                        root_node);
+
+              desc = g_strdup_printf ("The host carries the product: %s\n"
+                                      "It is vulnerable according to: %s.\n"
+                                      "%s%s%s"
+                                      "\n"
+                                      "%s",
+                                      app,
+                                      cve,
+                                      locations->len
+                                       ? "The product was found at: "
+                                       : "",
+                                      locations->len ? locations->str : "",
+                                      locations->len ? ".\n" : "",
+                                      description);
+
+              g_debug ("%s: making result with severity %1.1f desc [%s]",
+                       __func__, severity, desc);
+
+              result = make_cve_result (task, ip, cve, severity, desc);
+              g_free (desc);
+
+              g_array_append_val (results, result);
+
+              g_string_free (locations, TRUE);
+
+            }
+        }
+      g_free (cpe_product);
+    }
+  cleanup_iterator (&host_details_cpe);
+}
+
 /**
  * @brief Perform a CVE "scan" on a host.
  *
@@ -3297,136 +3441,18 @@ cve_scan_host (task_t task, report_t report, gvm_host_t *gvm_host)
           start_time = time (NULL);
           prognosis_report_host = 0;
 
-          gboolean use_json = FALSE;
           if (sql_int64_0 ("SELECT count(1) FROM information_schema.tables"
                            " WHERE table_schema = 'scap'"
                            " AND table_name = 'cpe_match_nodes';") > 0)
-            use_json = TRUE;
-
-          if (use_json)
             {
-              iterator_t host_details_cpe;
-              init_host_details_cpe_iterator (&host_details_cpe, report_host);
-              while (next (&host_details_cpe))
-                {
-                  iterator_t cpe_match_root_node;
-                  iterator_t locations_iter;
-                  result_t result;
-                  char *cpe_product;
-                  const char *host_cpe;
-                  double severity;
-
-                  host_cpe = host_details_cpe_iterator_cpe (&host_details_cpe);
-                  cpe_product = uri_cpe_to_fs_product (host_cpe);
-                  init_cpe_match_nodes_iterator (&cpe_match_root_node, cpe_product);
-                  while (next (&cpe_match_root_node))
-                    {
-                      result_t root_node;
-                      gboolean match, vulnerable;
-                      const char *app, *cve;
-
-                      vulnerable = FALSE;
-                      match = FALSE;
-                      root_node = cpe_match_nodes_iterator_root_id (&cpe_match_root_node);
-                      check_cpe_match_rule (root_node, &match, &vulnerable, report_host, host_cpe);
-                      if (match && vulnerable)
-                        {
-                          GString *locations;
-                          gchar *desc;
-
-                          if (prognosis_report_host == 0)
-                            prognosis_report_host = manage_report_host_add (report,
-                                                                            ip,
-                                                                            start_time,
-                                                                            0);
-
-                          severity = sql_double ("SELECT severity FROM scap.cves, scap.cpe_match_nodes"
-                                                 " WHERE scap.cves.id = scap.cpe_match_nodes.cve_id"
-                                                 " AND scap.cpe_match_nodes.id = %llu;",
-                                                 root_node);
-
-                          app = host_cpe;
-                          cve = sql_string ("SELECT name FROM scap.cves, scap.cpe_match_nodes"
-                                            " WHERE scap.cves.id = cpe_match_nodes.cve_id"
-                                            " AND scap.cpe_match_nodes.id = %llu;",
-                                            root_node);
-                          locations = g_string_new("");
-
-                          insert_report_host_detail (global_current_report, ip, "cve", cve,
-                                                     "CVE Scanner", "App", app, NULL);
-
-                          init_app_locations_iterator (&locations_iter, report_host, app);
-
-                          while (next (&locations_iter))
-                            {
-                              const char *location;
-                              location = app_locations_iterator_location (&locations_iter);
-
-                              if (location == NULL)
-                                {
-                                  g_warning ("%s: Location is null for ip %s, app %s",
-                                             __func__, ip, app);
-                                  continue;
-                                }
-
-                              if (locations->len)
-                                {
-                                  g_string_append (locations, ", ");
-                                }
-                              g_string_append (locations, location);
-
-                              insert_report_host_detail (report, ip, "cve", cve,
-                                                         "CVE Scanner", app, location, NULL);
-
-                              insert_report_host_detail (report, ip, "cve", cve,
-                                                         "CVE Scanner", "detected_at",
-                                                         location, NULL);
-
-                              insert_report_host_detail (report, ip, "cve", cve,
-                                                         "CVE Scanner", "detected_by",
-                                                         /* Detected by itself. */
-                                                         cve, NULL);
-                            }
-
-                          const char *description;
-                          description = sql_string ("SELECT description FROM scap.cves, scap.cpe_match_nodes"
-                                                    " WHERE scap.cves.id = scap.cpe_match_nodes.cve_id"
-                                                    " AND scap.cpe_match_nodes.id = %llu;",
-                                                    root_node);
-
-                          desc = g_strdup_printf ("The host carries the product: %s\n"
-                                                  "It is vulnerable according to: %s.\n"
-                                                  "%s%s%s"
-                                                  "\n"
-                                                  "%s",
-                                                  app,
-                                                  cve,
-                                                  locations->len
-                                                   ? "The product was found at: "
-                                                   : "",
-                                                  locations->len ? locations->str : "",
-                                                  locations->len ? ".\n" : "",
-                                                  description);
-
-                          g_debug ("%s: making result with severity %1.1f desc [%s]",
-                           __func__, severity, desc);
-
-                          result = make_cve_result (task, ip, cve, severity, desc);
-                          g_free (desc);
-
-                          g_array_append_val (results, result);
-
-                          g_string_free (locations, TRUE);
-
-                        }
-                    }
-                  g_free (cpe_product);
-                }
-              cleanup_iterator (&host_details_cpe);
+              // Use new JSON CVE scan
+              cve_scan_report_host_json (task, report, report_host, ip,
+                                         start_time, &prognosis_report_host,
+                                         results);
             }
-
-          if (!use_json)
+          else
             {
+              // Use XML CVE scan
               init_host_prognosis_iterator (&prognosis, report_host);
               while (next (&prognosis))
                 {
diff --git a/src/manage_sql.c b/src/manage_sql.c
index c468b3b5e..d0746a186 100644
--- a/src/manage_sql.c
+++ b/src/manage_sql.c
@@ -20513,8 +20513,8 @@ init_cpe_match_nodes_iterator (iterator_t* iterator, const char *cpe)
   init_iterator (iterator,
                  "SELECT DISTINCT root_id"
                  " FROM scap.cpe_match_nodes, scap.cpe_match_range"
-                 " WHERE cpe like '%s%s' AND scap.cpe_match_nodes.id = node_id;",
-                 quoted_cpe, "%");
+                 " WHERE cpe like '%s%%' AND scap.cpe_match_nodes.id = node_id;",
+                 quoted_cpe);
   g_free (quoted_cpe);
 }
 
@@ -22554,11 +22554,6 @@ where_levels_auto (const char *levels, const char *new_severity_sql)
       g_string_append (levels_sql, ", 'error'");
       count++;
     }
-  if (strchr (levels, 'd'))
-    {
-      g_string_append (levels_sql, ", 'error'");
-      count++;
-    }
 
   if (count == 0)
     {
@@ -23288,8 +23283,6 @@ results_extra_where (int trash, report_t report, const gchar* host,
 
   min_qod_clause = where_qod (min_qod);
 
-  g_message ("PROTO1: %s", levels);
-  fflush (NULL);
   levels_clause = where_levels_auto (levels ? levels : "hmlgdf",
                                      given_new_severity_sql
                                       ? given_new_severity_sql
diff --git a/src/manage_sql_secinfo.c b/src/manage_sql_secinfo.c
index 6b552f035..2ecf26ec3 100644
--- a/src/manage_sql_secinfo.c
+++ b/src/manage_sql_secinfo.c
@@ -2704,8 +2704,6 @@ json_object_item_double (cJSON *object, char *key, double fallback)
  *
  * @param[in]  parent_id  The parent_id of the node. If this value is 0,
  *                        the node is the root of the tree.
- * @param[in]  root_id    The id of the root of the tree. If this value
- *                        is 0, the node is the root of the tree.
  * @param[in]  cve_id     The id of the CVE to which the tree belongs.
  * @param[in]  operator   The operator for the match rules.
  *
@@ -2837,8 +2835,8 @@ set_root_id (long int id, long int root_id)
  *
  * @param[in]  parent_id  The parent id of the nodes to insert
  *                        (0 for the root node).
- * @param[in]  root_id    The root id of the nodes to insert
  * @param[in]  cveid      The id of the CVE the tree belongs to.
+ * @param[in]  root_id    The root id of the nodes to insert.
  * @param[in]  nodes      The JSON object that contains the rules for a
  *                        specific tree level.
  */
@@ -2864,14 +2862,12 @@ load_nodes (resource_t parent_id, resource_t cveid, resource_t root_id, cJSON *n
     {
       operator = cJSON_GetObjectItemCaseSensitive(node, "operator");
       if (operator && operator->valuestring)
-        {
-          id = save_node (parent_id, cveid, operator->valuestring);
-        }
+        id = save_node (parent_id, cveid, operator->valuestring);
       else
         return;
 
       if (parent_id == 0)
-          root_id = id;
+        root_id = id;
       set_root_id (id, root_id);
 
       cpe_match_rules = cJSON_GetObjectItemCaseSensitive(node, "cpe_match");

From 94377da9dc8e81e49906b38ae0b6246698b022e8 Mon Sep 17 00:00:00 2001
From: Johannes Helmold <johannes.helmold@greenbone.net>
Date: Fri, 18 Oct 2024 17:18:12 +0200
Subject: [PATCH 097/134] Removed stray (debug) message.

---
 src/manage.c | 2 --
 1 file changed, 2 deletions(-)

diff --git a/src/manage.c b/src/manage.c
index 159d5fa60..fca82209f 100644
--- a/src/manage.c
+++ b/src/manage.c
@@ -3274,8 +3274,6 @@ cve_scan_report_host_json (task_t task,
       const char *host_cpe;
       double severity;
 
-      g_message ("PROTO1: WHILE1");
-
       host_cpe = host_details_cpe_iterator_cpe (&host_details_cpe);
       cpe_product = uri_cpe_to_fs_product (host_cpe);
       init_cpe_match_nodes_iterator (&cpe_match_root_node, cpe_product);

From 02cb67fd6983ae792946081149b9824187952397 Mon Sep 17 00:00:00 2001
From: Johannes Helmold <johannes.helmold@greenbone.net>
Date: Mon, 21 Oct 2024 13:20:59 +0200
Subject: [PATCH 098/134] Add: Added reading of gzip files for CVEs and EPSS.

---
 src/manage_sql_secinfo.c | 23 ++++++++++++++++++-----
 1 file changed, 18 insertions(+), 5 deletions(-)

diff --git a/src/manage_sql_secinfo.c b/src/manage_sql_secinfo.c
index a12e4f256..9496964c1 100644
--- a/src/manage_sql_secinfo.c
+++ b/src/manage_sql_secinfo.c
@@ -51,6 +51,7 @@
 #include <cjson/cJSON.h>
 #include <gvm/base/gvm_sentry.h>
 #include <bsd/unistd.h>
+#include <gvm/util/compressutils.h>
 #include <gvm/util/fileutils.h>
 #include <gvm/util/jsonpull.h>
 #include <gvm/util/xmlutils.h>
@@ -3046,7 +3047,7 @@ update_cve_json (const gchar *cve_path, GHashTable *hashed_cpes)
 
   g_info ("Updating %s", full_path);
 
-  cve_file = fdopen (fd, "r");
+  cve_file = gvm_gzip_open_file_reader_fd (fd);
   if (cve_file == NULL)
     {
       g_warning ("%s: Failed to open CVE file: %s",
@@ -3283,7 +3284,8 @@ update_scap_cves ()
   gboolean read_json = FALSE;
   while ((cve_path = g_dir_read_name (dir)))
     {
-      if (fnmatch ("nvdcve-1.1-*.json", cve_path, 0) == 0)
+      if (fnmatch ("nvdcve-1.1-*.json.gz", cve_path, 0) == 0 ||
+          fnmatch ("nvdcve-1.1-*.json", cve_path, 0) == 0)
         {
           read_json = TRUE;
           break;
@@ -3294,7 +3296,9 @@ update_scap_cves ()
   count = 0;
   while ((cve_path = g_dir_read_name (dir)))
     {
-      if ((fnmatch ("nvdcve-1.1-*.json", cve_path, 0) == 0) && read_json)
+      if ((fnmatch ("nvdcve-1.1-*.json.gz", cve_path, 0) == 0 ||
+           fnmatch ("nvdcve-1.1-*.json", cve_path, 0) == 0)
+          && read_json)
         {
           if (update_cve_json (cve_path, hashed_cpes))
             {
@@ -3380,10 +3384,19 @@ update_epss_scores ()
   inserts_t inserts;
 
   current_json_path = g_build_filename (GVM_SCAP_DATA_DIR,
-                                        "epss-scores-current.json",
+                                        "epss-scores-current.json.gz",
                                         NULL);
   int fd = open(current_json_path, O_RDONLY);
 
+  if (fd < 0 && errno == ENOENT)
+    {
+      g_free (current_json_path);
+      current_json_path = g_build_filename (GVM_SCAP_DATA_DIR,
+                                            "epss-scores-current.json",
+                                            NULL);
+      fd = open(current_json_path, O_RDONLY);
+    }
+
   if (fd < 0)
     {
       int ret;
@@ -3403,7 +3416,7 @@ update_epss_scores ()
       return ret;
     }
 
-  epss_scores_file = fdopen(fd, "r");
+  epss_scores_file = gvm_gzip_open_file_reader_fd (fd);
   if (epss_scores_file == NULL)
     {
       g_warning ("%s: Failed to convert file descriptor to FILE*: %s",

From e76cc69150531b119ad19130b6707657ddd8a62f Mon Sep 17 00:00:00 2001
From: Johannes Helmold <johannes.helmold@greenbone.net>
Date: Mon, 21 Oct 2024 15:43:02 +0200
Subject: [PATCH 099/134] Change: Log to stderr, new log file build option.

Now the log messages are logged to stderr by default. The log file
for the generated gvmd_log.conf can now be set by a new build option
GVMD_LOG_FILE.
---
 CMakeLists.txt             | 15 ++++++++++-----
 src/gvmd_log_conf.cmake_in | 20 ++++++++++----------
 2 files changed, 20 insertions(+), 15 deletions(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 9d3b36a5a..ec0d19b3b 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -163,11 +163,15 @@ if (NOT GVMD_STATE_DIR)
   set (GVMD_STATE_DIR  "${GVM_STATE_DIR}/gvmd")
 endif (NOT GVMD_STATE_DIR)
 
-if (NOT GVM_LOG_DIR)
-  set (GVM_LOG_DIR    "${LOCALSTATEDIR}/log/gvm")
-else (NOT GVM_LOG_DIR)
-  set (GVM_LOG_DIR    "${GVM_LOG_DIR}")
-endif (NOT GVM_LOG_DIR)
+if (NOT GVMD_LOG_FILE)
+  if (GVM_LOG_DIR)
+    set (GVMD_LOG_FILE    "${GVM_LOG_DIR}/gvmd.log")
+  else (GVM_LOG_DIR)
+    set (GVMD_LOG_FILE    "-")
+  endif (GVMD_LOG_DIR)
+else (NOT GVMD_LOG_FILE)
+  set (GVMD_LOG_FILE    "${GVMD_LOG_FILE}")
+endif (NOT GVMD_LOG_FILE)
 
 set (GVM_SCAP_RES_DIR "${GVM_DATA_DIR}/scap")
 set (GVM_CERT_RES_DIR "${GVM_DATA_DIR}/cert")
@@ -253,6 +257,7 @@ endif (NOT COMPLIANCE_REPORTS)
 add_definitions (-DCOMPLIANCE_REPORTS=${COMPLIANCE_REPORTS})
 
 message ("-- Install prefix: ${CMAKE_INSTALL_PREFIX}")
+message ("-- Log file: ${GVMD_LOG_FILE}")
 
 ## Version
 
diff --git a/src/gvmd_log_conf.cmake_in b/src/gvmd_log_conf.cmake_in
index fd0c375a0..e5dcc3d73 100644
--- a/src/gvmd_log_conf.cmake_in
+++ b/src/gvmd_log_conf.cmake_in
@@ -7,63 +7,63 @@
 prepend=%t %s %p
 separator=:
 prepend_time_format=%Y-%m-%d %Hh%M.%S %Z
-file=${GVM_LOG_DIR}/gvmd.log
+file=${GVMD_LOG_FILE}
 level=127
 
 [md manage]
 prepend=%t %s %p
 separator=:
 prepend_time_format=%Y-%m-%d %Hh%M.%S %Z
-file=${GVM_LOG_DIR}/gvmd.log
+file=${GVMD_LOG_FILE}
 level=127
 
 [md    gmp]
 prepend=%t %s %p
 separator=:
 prepend_time_format=%Y-%m-%d %Hh%M.%S %Z
-file=${GVM_LOG_DIR}/gvmd.log
+file=${GVMD_LOG_FILE}
 level=127
 
 [md  crypt]
 prepend=%t %s %p
 separator=:
 prepend_time_format=%Y-%m-%d %Hh%M.%S %Z
-file=${GVM_LOG_DIR}/gvmd.log
+file=${GVMD_LOG_FILE}
 level=127
 
 [md  utils]
 prepend=%t %s %p
 separator=:
 prepend_time_format=%Y-%m-%d %Hh%M.%S %Z
-file=${GVM_LOG_DIR}/gvmd.log
+file=${GVMD_LOG_FILE}
 level=127
 
 [libgvm base]
 prepend=%t %s %p
 separator=:
 prepend_time_format=%Y-%m-%d %Hh%M.%S %Z
-file=${GVM_LOG_DIR}/gvmd.log
+file=${GVMD_LOG_FILE}
 level=127
 
 [libgvm gmp]
 prepend=%t %s %p
 separator=:
 prepend_time_format=%Y-%m-%d %Hh%M.%S %Z
-file=${GVM_LOG_DIR}/gvmd.log
+file=${GVMD_LOG_FILE}
 level=127
 
 [libgvm osp]
 prepend=%t %s %p
 separator=:
 prepend_time_format=%Y-%m-%d %Hh%M.%S %Z
-file=${GVM_LOG_DIR}/gvmd.log
+file=${GVMD_LOG_FILE}
 level=127
 
 [libgvm util]
 prepend=%t %s %p
 separator=:
 prepend_time_format=%Y-%m-%d %Hh%M.%S %Z
-file=${GVM_LOG_DIR}/gvmd.log
+file=${GVMD_LOG_FILE}
 level=127
 
 [event syslog]
@@ -86,5 +86,5 @@ level=128
 prepend=%t %s %p
 separator=:
 prepend_time_format=%Y-%m-%d %Hh%M.%S %Z
-file=${GVM_LOG_DIR}/gvmd.log
+file=${GVMD_LOG_FILE}
 level=127

From cfc885af072e6a6e0804116d7022f4141c8320a8 Mon Sep 17 00:00:00 2001
From: Johannes Helmold <johannes.helmold@greenbone.net>
Date: Tue, 22 Oct 2024 10:13:56 +0200
Subject: [PATCH 100/134] Changed location of initialization of "*quoted_cpe".

---
 src/manage_sql_secinfo.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/src/manage_sql_secinfo.c b/src/manage_sql_secinfo.c
index 2ecf26ec3..6230408de 100644
--- a/src/manage_sql_secinfo.c
+++ b/src/manage_sql_secinfo.c
@@ -2744,7 +2744,6 @@ add_cpe_match_rules (result_t id, cJSON *match_rules)
 
   cJSON_ArrayForEach(match_rule, match_rules)
     {
-      char *quoted_cpe = NULL;
       char *sql_cpe = NULL;
       vulnerable = FALSE;
       version_start_incl = NULL;
@@ -2760,7 +2759,7 @@ add_cpe_match_rules (result_t id, cJSON *match_rules)
       cpe_js = cJSON_GetObjectItemCaseSensitive(match_rule, "cpe23Uri");
       if (cpe_js != NULL && strcmp (cpe_js->valuestring, "(null)"))
         {
-          quoted_cpe = sql_quote (cpe_js->valuestring);
+          char *quoted_cpe = sql_quote (cpe_js->valuestring);
           sql_cpe = g_strdup_printf ("'%s'", quoted_cpe);
           g_free (quoted_cpe);
         }

From 2168aa40aca3266fe64e538ee6bed4756b7e1535 Mon Sep 17 00:00:00 2001
From: Johannes Helmold <johannes.helmold@greenbone.net>
Date: Tue, 22 Oct 2024 10:22:26 +0200
Subject: [PATCH 101/134] Removed the option "e" for the display of errors.

---
 src/manage_sql.c | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/src/manage_sql.c b/src/manage_sql.c
index d0746a186..fc1bf3905 100644
--- a/src/manage_sql.c
+++ b/src/manage_sql.c
@@ -22549,11 +22549,6 @@ where_levels_auto (const char *levels, const char *new_severity_sql)
       g_string_append (levels_sql, ", 'false'");
       count++;
     }
-  if (strchr (levels, 'e'))
-    {
-      g_string_append (levels_sql, ", 'error'");
-      count++;
-    }
 
   if (count == 0)
     {

From d0f409e1f496ccdeb10516a6ae8f5b476d8423f5 Mon Sep 17 00:00:00 2001
From: Timo Pollmeier <timo.pollmeier@greenbone.net>
Date: Mon, 30 Sep 2024 11:36:22 +0200
Subject: [PATCH 102/134] Change: Adjust loading of CPEs to new JSON API

CPEs can now be loaded from JSON files based on the NVD API.

As some fields in the old XML differ the JSON API, they are replaced
by similar fields:
"nvd_id" is replaced by "cpe_name_id" and "status" is replaced by
"deprecated".

The "raw_data" will no longer be available after switching to JSON,
so the references are and "deprecated_by" element are handled explictly.

These changes are made because the XML-based data feeds have been
deprecated by NVD.
---
 CMakeLists.txt                    |   2 +-
 src/gmp.c                         |  35 +-
 src/manage.h                      |  18 +-
 src/manage_pg.c                   |  12 +-
 src/manage_sql_secinfo.c          | 619 +++++++++++++++++++++++++++---
 src/manage_sql_secinfo.h          |   6 +-
 src/schema_formats/XML/GMP.xml.in |  41 +-
 7 files changed, 650 insertions(+), 83 deletions(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 9d3b36a5a..eb6b215d2 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -103,7 +103,7 @@ include (CPack)
 
 set (GVMD_DATABASE_VERSION 256)
 
-set (GVMD_SCAP_DATABASE_VERSION 21)
+set (GVMD_SCAP_DATABASE_VERSION 22)
 
 set (GVMD_CERT_DATABASE_VERSION 8)
 
diff --git a/src/gmp.c b/src/gmp.c
index 8ede8d6a9..ac95a6f67 100644
--- a/src/gmp.c
+++ b/src/gmp.c
@@ -13473,24 +13473,33 @@ handle_get_info (gmp_parser_t *gmp_parser, GError **error)
                                "<title>%s</title>",
                                cpe_info_iterator_title (&info));
           xml_string_append (result,
-                             "<nvd_id>%s</nvd_id>"
+                             "<cpe_name_id>%s</cpe_name_id>"
                              "<severity>%s</severity>"
                              "<cve_refs>%s</cve_refs>"
-                             "<status>%s</status>",
-                             cpe_info_iterator_nvd_id (&info)
-                              ? cpe_info_iterator_nvd_id (&info)
+                             "<deprecated>%s</deprecated>",
+                             cpe_info_iterator_cpe_name_id (&info)
+                              ? cpe_info_iterator_cpe_name_id (&info)
                               : "",
                              cpe_info_iterator_severity (&info)
                               ? cpe_info_iterator_severity (&info)
                               : "",
                              cpe_info_iterator_cve_refs (&info),
-                             cpe_info_iterator_status (&info)
-                              ? cpe_info_iterator_status (&info)
-                              : "");
+                             cpe_info_iterator_deprecated (&info)
+                              ? cpe_info_iterator_deprecated (&info)
+                              : "0");
 
           if (get_info_data->details == 1)
             {
-              iterator_t cves;
+              const char *deprecated_by_id
+                = cpe_info_iterator_deprecated_by_id (&info);
+              if (deprecated_by_id && strcmp (deprecated_by_id, ""))
+                {
+                  xml_string_append (result,
+                                     "<deprecated_by>%s</deprecated_by>",
+                                     deprecated_by_id);
+                }
+
+              iterator_t cves, refs;
               g_string_append (result, "<cves>");
               init_cpe_cve_iterator (&cves, get_iterator_name (&info), 0, NULL);
               while (next (&cves))
@@ -13518,6 +13527,16 @@ handle_get_info (gmp_parser_t *gmp_parser, GError **error)
                                     : "");
               cleanup_iterator (&cves);
               g_string_append (result, "</cves>");
+
+              g_string_append (result, "<references>");
+              init_cpe_reference_iterator (&refs, get_iterator_name (&info));
+              while (next (&refs))
+                xml_string_append (result,
+                                   "<reference href=\"%s\">%s</reference>",
+                                   cpe_reference_iterator_href (&refs),
+                                   cpe_reference_iterator_type (&refs));
+              cleanup_iterator (&refs);
+              g_string_append (result, "</references>");
             }
         }
       else if (g_strcmp0 ("cve", get_info_data->type) == 0)
diff --git a/src/manage.h b/src/manage.h
index 0ee2e9c23..6d34f02f9 100644
--- a/src/manage.h
+++ b/src/manage.h
@@ -3355,23 +3355,33 @@ const char*
 cpe_info_iterator_title (iterator_t*);
 
 const char*
-cpe_info_iterator_status (iterator_t*);
+cpe_info_iterator_deprecated (iterator_t*);
 
 const char *
 cpe_info_iterator_severity (iterator_t*);
 
 const char*
-cpe_info_iterator_deprecated_by_id (iterator_t*);
+cpe_info_iterator_cve_refs (iterator_t*);
 
 const char*
-cpe_info_iterator_cve_refs (iterator_t*);
+cpe_info_iterator_cpe_name_id (iterator_t*);
 
 const char*
-cpe_info_iterator_nvd_id (iterator_t*);
+cpe_info_iterator_deprecated_by_id (iterator_t*);
 
 gchar *
 cpe_details_xml (const char*);
 
+void
+init_cpe_reference_iterator (iterator_t *, const char *);
+
+const char*
+cpe_reference_iterator_href (iterator_t *);
+
+const char*
+cpe_reference_iterator_type (iterator_t *);
+
+
 /* CVE. */
 
 const char*
diff --git a/src/manage_pg.c b/src/manage_pg.c
index dba91d68f..7088a4e9c 100644
--- a/src/manage_pg.c
+++ b/src/manage_pg.c
@@ -3525,10 +3525,18 @@ manage_db_init (const gchar *name)
            "  modification_time integer,"
            "  title text,"
            "  status text,"
-           "  deprecated_by_id INTEGER,"
+           "  deprecated_by_id TEXT,"
            "  severity DOUBLE PRECISION DEFAULT 0,"
            "  cve_refs INTEGER DEFAULT 0,"
-           "  nvd_id text);");
+           "  nvd_id text,"
+           "  deprecated integer,"
+           "  cpe_name_id text);");
+
+      sql ("CREATE TABLE scap2.cpe_refs"
+           " (id SERIAL PRIMARY KEY,"
+           "  cpe INTEGER,"
+           "  ref TEXT,"
+           "  type TEXT);");
 
       sql ("CREATE TABLE scap2.cpe_match_nodes"
            " (id SERIAL PRIMARY KEY,"
diff --git a/src/manage_sql_secinfo.c b/src/manage_sql_secinfo.c
index a12e4f256..b03413453 100644
--- a/src/manage_sql_secinfo.c
+++ b/src/manage_sql_secinfo.c
@@ -51,6 +51,7 @@
 #include <cjson/cJSON.h>
 #include <gvm/base/gvm_sentry.h>
 #include <bsd/unistd.h>
+#include <gvm/util/cpeutils.h>
 #include <gvm/util/fileutils.h>
 #include <gvm/util/jsonpull.h>
 #include <gvm/util/xmlutils.h>
@@ -377,6 +378,72 @@ inserts_run (inserts_t *inserts, gboolean finalize)
     inserts_free_statements (inserts);
 }
 
+/**
+ * @brief Get the string value for a specified key from a JSON object.
+ *
+ * @param[in]  object  JSON object
+ * @param[in]  key     The key of the string in the JSON object.
+ *
+ * @return The string out of the JSON object with key "key", if any.
+ *         NULL otherwise.
+ */
+static char*
+json_object_item_string (cJSON *object, char *key)
+{
+  cJSON *value_json;
+
+  value_json = cJSON_GetObjectItemCaseSensitive(object, key);
+  if (cJSON_IsString(value_json))
+    return value_json->valuestring;
+  return NULL;
+}
+
+/**
+ * @brief Get the double value for a specified key from a JSON object.
+ *
+ * @param[in]  object    JSON object
+ * @param[in]  key       The key of the double value in the JSON object.
+ * @param[in]  fallback  The fallback value if the double value is not
+ *                       available.
+ *
+ * @return The double value out of the JSON object with key "key", if any.
+ *         The fallback value otherwise.
+ */
+static double
+json_object_item_double (cJSON *object, char *key, double fallback)
+{
+  cJSON *value_json;
+
+  value_json = cJSON_GetObjectItemCaseSensitive(object, key);
+  if (cJSON_IsNumber(value_json))
+    return value_json->valuedouble;
+  return fallback;
+}
+
+/**
+ * @brief Get the boolean value for a specified key from a JSON object.
+ *
+ * @param[in]  object    JSON object
+ * @param[in]  key       The key of the double value in the JSON object.
+ * @param[in]  fallback  The fallback value if the boolean value is not
+ *                       available.
+ *
+ * @return The double value out of the JSON object with key "key", if any.
+ *         The fallback value otherwise.
+ */
+static int
+json_object_item_boolean (cJSON *object, char *key, int fallback)
+{
+  cJSON *value_json;
+
+  value_json = cJSON_GetObjectItemCaseSensitive(object, key);
+  if (cJSON_IsTrue(value_json))
+    return 1;
+  else if (cJSON_IsFalse(value_json))
+    return 0;
+  return fallback;
+}
+
 
 /* CPE data. */
 
@@ -495,14 +562,25 @@ init_cpe_info_iterator_all (iterator_t* iterator, get_data_t *get)
 DEF_ACCESS (cpe_info_iterator_title, GET_ITERATOR_COLUMN_COUNT);
 
 /**
- * @brief Get the status from a CPE iterator.
+ * @brief Get the deprecation status from a CPE iterator.
  *
  * @param[in]  iterator  Iterator.
  *
- * @return The Status of the CPE, or NULL if iteration is complete.  Freed by
- *         cleanup_iterator.
+ * @return The deprecation status of the CPE, or NULL if iteration is complete.
+ *         Freed by cleanup_iterator.
+ */
+DEF_ACCESS (cpe_info_iterator_deprecated, GET_ITERATOR_COLUMN_COUNT + 1);
+
+/**
+ * @brief Get the first CPE the current one is deprecated by
+ *        from a CPE iterator.
+ *
+ * @param[in]  iterator  Iterator.
+ *
+ * @return The first CPE the current one is deprecated by,
+ *         or NULL if iteration is complete. Freed by cleanup_iterator.
  */
-DEF_ACCESS (cpe_info_iterator_status, GET_ITERATOR_COLUMN_COUNT + 1);
+DEF_ACCESS (cpe_info_iterator_deprecated_by_id, GET_ITERATOR_COLUMN_COUNT + 2);
 
 /**
  * @brief Get the highest severity Score of all CVE's referencing this cpe.
@@ -525,14 +603,14 @@ DEF_ACCESS (cpe_info_iterator_severity, GET_ITERATOR_COLUMN_COUNT + 3);
 DEF_ACCESS (cpe_info_iterator_cve_refs, GET_ITERATOR_COLUMN_COUNT + 4);
 
 /**
- * @brief Get the NVD ID for this CPE.
+ * @brief Get the NVD assigned cpeNameId for this CPE.
  *
  * @param[in]  iterator  Iterator.
  *
  * @return The NVD ID of this CPE, or NULL if iteration is
  *         complete. Freed by cleanup_iterator.
  */
-DEF_ACCESS (cpe_info_iterator_nvd_id, GET_ITERATOR_COLUMN_COUNT + 5);
+DEF_ACCESS (cpe_info_iterator_cpe_name_id, GET_ITERATOR_COLUMN_COUNT + 5);
 
 /**
  * @brief Get the XML details / raw data for a given CPE ID.
@@ -553,6 +631,44 @@ cpe_details_xml (const char *cpe_id) {
   return details_xml;
 }
 
+/**
+ * @brief Initialise a CPE refrerences iterator.
+ *
+ * @param[in]  iterator    Iterator.
+ * @param[in]  cpe         CPE to get references of.
+ */
+void
+init_cpe_reference_iterator (iterator_t *iterator, const char *cpe)
+{
+  gchar *quoted_cpe;
+  quoted_cpe = sql_quote (cpe);
+  init_iterator (iterator,
+                 "SELECT ref, type FROM cpe_refs"
+                 " WHERE cpe = (SELECT id FROM cpes WHERE uuid = '%s');",
+                 quoted_cpe);
+  g_free (quoted_cpe);
+}
+
+/**
+ * @brief Get the reference URL from CPE reference iterator.
+ *
+ * @param[in]  iterator  Iterator.
+ *
+ * @return The reference URL, or NULL if iteration is complete.  Freed by
+ *         cleanup_iterator.
+ */
+DEF_ACCESS (cpe_reference_iterator_href, 0);
+
+/**
+ * @brief Get the reference type from CPE reference iterator.
+ *
+ * @param[in]  iterator  Iterator.
+ *
+ * @return The reference type, or NULL if iteration is complete.  Freed by
+ *         cleanup_iterator.
+ */
+DEF_ACCESS (cpe_reference_iterator_type, 1);
+
 
 /* CVE data. */
 
@@ -1895,6 +2011,29 @@ update_cert_bund_advisories (int last_cert_update)
 
 /* SCAP update: CPEs. */
 
+/**
+ * @brief Convert a CPE name from formatted string to URI and SQL quote it.
+ *
+ * @param[in]  name  Name.
+ *
+ * @return URI converted uoted name.
+ */
+static gchar *
+fs_to_uri_convert_and_quote_cpe_name (const char *name)
+{
+  gchar *name_converted, *name_decoded, *name_tilde, *quoted_name;
+
+  name_converted = fs_cpe_to_uri_cpe (name);
+  name_decoded = g_uri_unescape_string (name_converted, NULL);
+  name_tilde = string_replace (name_decoded,
+                               "~", "%7E", "%7e", NULL);
+  g_free (name_decoded);
+  g_free (name_converted);
+  quoted_name = sql_quote (name_tilde);
+  g_free (name_tilde);
+  return quoted_name;
+}
+
 /**
  * @brief Decode and SQL quote a CPE name.
  *
@@ -1917,7 +2056,7 @@ decode_and_quote_cpe_name (const char *name)
 }
 
 /**
- * @brief Insert a SCAP CPE.
+ * @brief Insert a SCAP CPE from XML.
  *
  * @param[in]  inserts            Pointer to SQL buffer.
  * @param[in]  cpe_item           CPE item XML element.
@@ -2081,14 +2220,408 @@ insert_scap_cpe_details (inserts_t *inserts, element_t cpe_item)
 }
 
 /**
- * @brief Update SCAP CPEs from a file.
+ * @brief Try to skip to the products list in a CPEs JSON parser.
+ *
+ * @param[in]  parser      Parser to skip elements in.
+ * @param[in]  event       Parser event structure.
+ *
+ * @return 0 success, -1 error.
+ */
+static int
+scap_cpes_json_skip_to_products (gvm_json_pull_parser_t *parser,
+                                 gvm_json_pull_event_t *event)
+{
+  gvm_json_pull_parser_next (parser, event);
+  if (event->type == GVM_JSON_PULL_EVENT_ERROR)
+    {
+      g_warning ("%s: Parser error: %s", __func__, event->error_message);
+      return -1;
+    }
+  else if (event->type != GVM_JSON_PULL_EVENT_OBJECT_START)
+    {
+      g_warning ("%s: CPEs file content is not a JSON object.", __func__);
+      return -1;
+    }
+
+  gboolean products_found = FALSE;
+  while (!products_found)
+    {
+      gvm_json_pull_parser_next (parser, event);
+      gvm_json_path_elem_t *path_tail = g_queue_peek_tail (event->path);
+      if (event->type == GVM_JSON_PULL_EVENT_ARRAY_START && path_tail &&
+          path_tail->key && strcmp (path_tail->key, "products") == 0)
+        {
+          products_found = TRUE;
+        }
+      else if (event->type == GVM_JSON_PULL_EVENT_ERROR)
+        {
+          g_warning ("%s: Parser error: %s", __func__, event->error_message);
+          return -1;
+        }
+      else if (event->type == GVM_JSON_PULL_EVENT_OBJECT_END)
+        {
+          g_warning ("%s: Unexpected json object end.", __func__);
+          return -1;
+        }
+    }
+  gvm_json_pull_parser_next (parser, event);
+
+  return 0;
+}
+
+/**
+ * @brief Insert a SCAP CPE from JSON.
+ *
+ * @param[in]  inserts            Pointer to SQL buffer.
+ * @param[in]  product_item       JSON object from the products list.
+ *
+ * @return 0 success, -1 error.
+ */
+static int
+handle_json_cpe_item (inserts_t *inserts, cJSON *product_item)
+{
+  cJSON *cpe_item;
+  char *name, *cpe_name_id, *last_modified, *title_text;
+  char *deprecated_by;
+  gchar *quoted_name, *quoted_title, *quoted_cpe_name_id;
+  gchar *quoted_deprecated_by;
+  cJSON *titles, *title;
+  time_t modification_time;
+  int deprecated;
+  int first;
+
+  assert (inserts);
+
+  cpe_item = cJSON_GetObjectItemCaseSensitive (product_item, "cpe");
+  if (! cJSON_IsObject (cpe_item))
+    {
+      g_warning ("%s: 'cpe' field in product missing or not an object",
+                 __func__);
+      return -1;
+    }
+
+  name = json_object_item_string (cpe_item, "cpeName");
+  if (name == NULL)
+    {
+      g_warning ("%s: 'cpeName' field missing or not a string", __func__);
+      return -1;
+    }
+
+  cpe_name_id = json_object_item_string (cpe_item, "cpeNameId");
+  if (cpe_name_id == NULL)
+    {
+      g_warning ("%s: 'cpeNameId' field missing or not a string", __func__);
+      return -1;
+    }
+
+  last_modified = json_object_item_string (cpe_item, "lastModified");
+  if (last_modified == NULL)
+    {
+      g_warning ("%s: 'lastModified' field missing or not a string", __func__);
+      return -1;
+    }
+  modification_time = parse_iso_time (last_modified);
+
+  titles = cJSON_GetObjectItemCaseSensitive (cpe_item, "titles");
+  if (! cJSON_IsArray (titles))
+    {
+      g_warning ("%s: 'titles' field missing or not an array", __func__);
+      return -1;
+    }
+
+  title_text = NULL;
+  cJSON_ArrayForEach (title, titles)
+    {
+      gchar *lang = json_object_item_string (title, "lang");
+      if (lang && strcmp (lang, "en") == 0)
+        {
+          title_text = json_object_item_string (title, "title");
+          break;
+        }
+    }
+
+  deprecated = json_object_item_boolean (cpe_item, "deprecated", -1);
+  if (deprecated == -1)
+    {
+      g_warning ("%s: 'deprecated' field missing or not a boolean", __func__);
+      return -1;
+    }
+
+  deprecated_by = NULL;
+  if (deprecated)
+    {
+      /* CPEs can have multiple deprecatedBy entries,
+       *  but for the GMP field only the first one is used */
+      cJSON *deprecated_by_array, *first_deprecated_by;
+      deprecated_by_array = cJSON_GetObjectItemCaseSensitive (cpe_item,
+                                                              "deprecatedBy");
+      if (! cJSON_IsArray (deprecated_by_array))
+        {
+          g_warning ("%s: 'deprecatedBy' field missing or not an array",
+                     __func__);
+          return -1;
+        }
+      else if (cJSON_GetArraySize (deprecated_by_array) == 0)
+        {
+          g_warning ("%s: 'deprecatedBy' array is empty",
+                     __func__);
+          return -1;
+        }
+
+      first_deprecated_by = cJSON_GetArrayItem (deprecated_by_array, 0);
+      deprecated_by = json_object_item_string (first_deprecated_by, "cpeName");
+      if (deprecated_by == NULL)
+        {
+          g_warning ("%s: Could not get 'cpeName' string from 'deprecatedBy'",
+                     __func__);
+          return -1;
+        }
+    }
+
+  quoted_name = fs_to_uri_convert_and_quote_cpe_name (name);
+  quoted_cpe_name_id = sql_quote (cpe_name_id);
+  quoted_title = sql_quote (title_text ? title_text : "");
+  quoted_deprecated_by
+    = deprecated_by ? fs_to_uri_convert_and_quote_cpe_name (deprecated_by)
+                    : NULL;
+
+  first = inserts_check_size (inserts);
+
+  g_string_append_printf (inserts->statement,
+                          "%s ('%s', '%s', '%s', %li, %li, %d, '%s', '%s')",
+                          first ? "" : ",",
+                          quoted_name,
+                          quoted_name,
+                          quoted_title,
+                          modification_time,
+                          modification_time,
+                          deprecated,
+                          quoted_deprecated_by ? quoted_deprecated_by : "",
+                          quoted_cpe_name_id);
+
+  inserts->current_chunk_size++;
+
+  g_free (quoted_title);
+  g_free (quoted_name);
+  g_free (quoted_cpe_name_id);
+  g_free (quoted_deprecated_by);
+
+  return 0;
+}
+
+/**
+ * @brief Insert a SCAP CPE from JSON.
+ *
+ * @param[in]  inserts            Pointer to SQL buffer.
+ * @param[in]  product_item       JSON object from the products list.
+ *
+ * @return 0 success, -1 error.
+ */
+static int
+handle_json_cpe_refs (inserts_t *inserts, cJSON *product_item)
+{
+  cJSON *cpe_item, *refs, *refs_item;
+  gchar *name, *quoted_name;
+
+  assert (inserts);
+
+  cpe_item = cJSON_GetObjectItemCaseSensitive (product_item, "cpe");
+  if (! cJSON_IsObject (cpe_item))
+    {
+      g_warning ("%s: 'cpe' field in product missing or not an object",
+                 __func__);
+      return -1;
+    }
+
+  name = json_object_item_string (cpe_item, "cpeName");
+  if (name == NULL)
+    {
+      g_warning ("%s: 'cpeName' field missing or not a string", __func__);
+      return -1;
+    }
+
+  refs = cJSON_GetObjectItemCaseSensitive (cpe_item, "refs");
+  if (! cJSON_IsArray (refs))
+    {
+      g_debug ("%s: 'refs' field missing or not an array", __func__);
+      return 0;
+    }
+
+  quoted_name = fs_to_uri_convert_and_quote_cpe_name (name);
+  cJSON_ArrayForEach (refs_item, refs)
+    {
+      int first;
+      char *ref, *type;
+      gchar *quoted_ref, *quoted_type;
+      ref = json_object_item_string (refs_item, "ref");
+      if (ref == NULL)
+        {
+          g_warning ("%s: 'ref' field missing or not a string", __func__);
+          g_free (quoted_name);
+          return -1;
+        }
+      type = json_object_item_string (refs_item, "type");
+      quoted_ref = sql_quote (ref ? ref : "");
+      quoted_type = sql_quote (type ? type : "");
+      
+      first = inserts_check_size (inserts);
+
+      g_string_append_printf (inserts->statement,
+                              "%s ('%s', '%s', '%s')",
+                              first ? "" : ",",
+                              quoted_name,
+                              quoted_ref,
+                              quoted_type);
+
+      inserts->current_chunk_size++;
+    }
+  g_free (quoted_name);
+
+  return 0;
+}
+
+/**
+ * @brief Update SCAP CPEs from a JSON file.
  *
  * @param[in]  path             Path to file.
  *
  * @return 0 success, -1 error.
  */
 static int
-update_scap_cpes_from_file (const gchar *path)
+update_scap_cpes_from_json_file (const gchar *path)
+{
+  inserts_t inserts;
+  gvm_json_pull_parser_t parser;
+  gvm_json_pull_event_t event;
+  FILE *json_stream = fopen (path, "r");
+  if (json_stream == NULL)
+    {
+      g_warning ("%s: Could not open file '%s': %s",
+                 __func__, path, strerror(errno));
+      return -1;
+    }
+
+  gvm_json_pull_parser_init (&parser, json_stream);
+  gvm_json_pull_event_init (&event);
+  if (scap_cpes_json_skip_to_products (&parser, &event))
+    {
+      gvm_json_pull_event_cleanup (&event);
+      gvm_json_pull_parser_cleanup (&parser);
+      fclose (json_stream);
+      return -1;
+    }
+
+  sql_begin_immediate ();
+  inserts_init (&inserts,
+                CPE_MAX_CHUNK_SIZE,
+                setting_secinfo_sql_buffer_threshold_bytes (),
+                "INSERT INTO scap2.cpes"
+                " (uuid, name, title, creation_time,"
+                "  modification_time, deprecated, deprecated_by_id,"
+                "  cpe_name_id)"
+                " VALUES",
+                " ON CONFLICT (uuid) DO UPDATE"
+                " SET name = EXCLUDED.name,"
+                "     title = EXCLUDED.title,"
+                "     creation_time = EXCLUDED.creation_time,"
+                "     modification_time = EXCLUDED.modification_time,"
+                "     deprecated = EXCLUDED.deprecated,"
+                "     deprecated_by_id = EXCLUDED.deprecated_by_id,"
+                "     cpe_name_id = EXCLUDED.cpe_name_id");
+
+  while (event.type == GVM_JSON_PULL_EVENT_OBJECT_START)
+    {
+      gchar *error_message;
+      cJSON *entry = gvm_json_pull_expand_container (&parser, &error_message);
+      if (error_message)
+        {
+          g_warning ("%s: Error expanding CVE item: %s", __func__, error_message);
+          gvm_json_pull_event_cleanup (&event);
+          gvm_json_pull_parser_cleanup (&parser);
+          cJSON_Delete (entry);
+          fclose (json_stream);
+          sql_commit ();
+          return -1;
+        }
+      if (handle_json_cpe_item (&inserts, entry))
+        {
+          gvm_json_pull_event_cleanup (&event);
+          gvm_json_pull_parser_cleanup (&parser);
+          cJSON_Delete (entry);
+          fclose (json_stream);
+          sql_commit ();
+          return -1;
+        }
+      cJSON_Delete (entry);
+      gvm_json_pull_parser_next (&parser, &event);
+    }
+  inserts_run (&inserts, TRUE);
+  sql_commit ();
+  gvm_json_pull_parser_cleanup (&parser);
+
+  // Reset and insert refs
+  fseek (json_stream, 0, SEEK_SET);
+  gvm_json_pull_parser_init (&parser, json_stream);
+
+  if (scap_cpes_json_skip_to_products (&parser, &event))
+    {
+      gvm_json_pull_event_cleanup (&event);
+      gvm_json_pull_parser_cleanup (&parser);
+      fclose (json_stream);
+      return -1;
+    }
+
+  sql_begin_immediate ();
+  inserts_init (&inserts, 10,
+                setting_secinfo_sql_buffer_threshold_bytes (),
+                "INSERT INTO scap2.cpe_refs (cpe, ref, type)"
+                " SELECT scap2.cpes.id, new_refs.ref, new_refs.type"
+                " FROM scap2.cpes JOIN (VALUES ",
+                ") AS new_refs (cpe_name, ref, type)"
+                " ON scap2.cpes.name = cpe_name;");
+
+  while (event.type == GVM_JSON_PULL_EVENT_OBJECT_START)
+    {
+      gchar *error_message;
+      cJSON *entry = gvm_json_pull_expand_container (&parser, &error_message);
+      if (error_message)
+        {
+          g_warning ("%s: Error expanding CVE item: %s", __func__, error_message);
+          gvm_json_pull_event_cleanup (&event);
+          gvm_json_pull_parser_cleanup (&parser);
+          cJSON_Delete (entry);
+          fclose (json_stream);
+          sql_commit ();
+          return -1;
+        }
+      if (handle_json_cpe_refs (&inserts, entry))
+        {
+          gvm_json_pull_event_cleanup (&event);
+          gvm_json_pull_parser_cleanup (&parser);
+          cJSON_Delete (entry);
+          fclose (json_stream);
+          sql_commit ();
+          return -1;
+        }
+      cJSON_Delete (entry);
+      gvm_json_pull_parser_next (&parser, &event);
+    }
+  inserts_run (&inserts, TRUE);
+  sql_commit ();
+  gvm_json_pull_parser_cleanup (&parser);
+
+  return 0;
+}
+
+/**
+ * @brief Update SCAP CPEs from an XML file.
+ *
+ * @param[in]  path             Path to file.
+ *
+ * @return 0 success, -1 error.
+ */
+static int
+update_scap_cpes_from_xml_file (const gchar *path)
 {
   int ret;
   element_t cpe_item;
@@ -2287,21 +2820,39 @@ update_scap_cpes ()
   int ret;
 
   full_path = g_build_filename (GVM_SCAP_DATA_DIR,
-                                "official-cpe-dictionary_v2.2.xml",
+                                "nvd-cpes.json",
                                 NULL);
 
   if (g_stat (full_path, &state))
     {
-      g_warning ("%s: No CPE dictionary found at %s",
+      g_warning ("%s: No JSON CPE dictionary found at %s",
                  __func__,
                  full_path);
       g_free (full_path);
-      return -1;
+
+      full_path = g_build_filename (GVM_SCAP_DATA_DIR,
+                                    "official-cpe-dictionary_v2.2.xml",
+                                    NULL);
+
+      if (g_stat (full_path, &state))
+        {
+          g_warning ("%s: No CPE dictionary found at %s",
+                    __func__,
+                    full_path);
+          g_free (full_path);
+          return -1;
+        }
+
+      ret = update_scap_cpes_from_xml_file (full_path);
+      if (ret)
+        return -1;
+
+      return 0;
     }
 
   g_info ("Updating CPEs");
 
-  ret = update_scap_cpes_from_file (full_path);
+  ret = update_scap_cpes_from_json_file (full_path);
   if (ret)
     return -1;
 
@@ -2657,48 +3208,6 @@ insert_cve_from_entry (element_t entry, element_t last_modified,
   return 0;
 }
 
-/**
- * @brief Get the string value for a specified key from a JSON object.
- *
- * @param[in]  object  JSON object
- * @param[in]  key     The key of the string in the JSON object.
- *
- * @return The string out of the JSON object with key "key", if any.
- *         NULL otherwise.
- */
-static char*
-json_object_item_string (cJSON *object, char *key)
-{
-  cJSON *value_json;
-
-  value_json = cJSON_GetObjectItemCaseSensitive(object, key);
-  if (cJSON_IsString(value_json))
-    return value_json->valuestring;
-  return NULL;
-}
-
-/**
- * @brief Get the double value for a specified key from a JSON object.
- *
- * @param[in]  object    JSON object
- * @param[in]  key       The key of the double value in the JSON object.
- * @param[in]  fallback  The fallback value if the double value is not
- *                       available.
- *
- * @return The double value out of the JSON object with key "key", if any.
- *         The fallback value otherwise.
- */
-static double
-json_object_item_double (cJSON *object, char *key, double fallback)
-{
-  cJSON *value_json;
-
-  value_json = cJSON_GetObjectItemCaseSensitive(object, key);
-  if (cJSON_IsNumber(value_json))
-    return value_json->valuedouble;
-  return fallback;
-}
-
 /**
  * @brief Save the node of a cve match rule tree.
  *
diff --git a/src/manage_sql_secinfo.h b/src/manage_sql_secinfo.h
index 5e8ad4761..656f240eb 100644
--- a/src/manage_sql_secinfo.h
+++ b/src/manage_sql_secinfo.h
@@ -102,7 +102,7 @@
  */
 #define CPE_INFO_ITERATOR_FILTER_COLUMNS                    \
  { GET_ITERATOR_FILTER_COLUMNS, "title", "status",          \
-   "deprecated_by_id", "severity", "cves", "nvd_id",        \
+   "deprecated_by_id", "severity", "cves", "cpe_name_id",        \
    NULL }
 
 /**
@@ -114,11 +114,11 @@
    { "''", "_owner", KEYWORD_TYPE_STRING },                     \
    { "0", NULL, KEYWORD_TYPE_INTEGER },                         \
    { "title", NULL, KEYWORD_TYPE_STRING },                      \
-   { "status", NULL, KEYWORD_TYPE_STRING },                     \
+   { "deprecated", NULL, KEYWORD_TYPE_INTEGER },                \
    { "deprecated_by_id", NULL, KEYWORD_TYPE_INTEGER },          \
    { "severity", NULL, KEYWORD_TYPE_DOUBLE },                   \
    { "cve_refs", "cves", KEYWORD_TYPE_INTEGER },                \
-   { "nvd_id", NULL, KEYWORD_TYPE_INTEGER },                    \
+   { "cpe_name_id", NULL, KEYWORD_TYPE_STRING },                \
    { NULL, NULL, KEYWORD_TYPE_UNKNOWN }                         \
  }
 
diff --git a/src/schema_formats/XML/GMP.xml.in b/src/schema_formats/XML/GMP.xml.in
index 3218e237a..7ba7b8b05 100644
--- a/src/schema_formats/XML/GMP.xml.in
+++ b/src/schema_formats/XML/GMP.xml.in
@@ -12785,9 +12785,9 @@ END:VCALENDAR
             <summary>Number of CVEs referencing this CPE</summary>
           </column>
           <column>
-            <name>nvd_id</name>
-            <type>integer</type>
-            <summary>NVD ID of the CVE</summary>
+            <name>cpe_name_id</name>
+            <type>uuid</type>
+            <summary>NVD assigned cpeNameId of the CPE</summary>
           </column>
         </filter_keywords>
         <filter_keywords>
@@ -13012,18 +13012,19 @@ END:VCALENDAR
         <ele>
           <name>cpe</name>
           <pattern>
-            <e>nvd_id</e>
+            <e>cpe_name_id</e>
             <o><e>title</e></o>
             <e>severity</e>
             <e>cve_refs</e>
-            <e>status</e>
+            <e>deprecated</e>
             <o><e>cves</e></o>
+            <o><e>references</e></o>
             <o><e>raw_data</e></o>
           </pattern>
           <summary>A CPE info element</summary>
           <ele>
-            <name>nvd_id</name>
-            <summary>The NVD ID of the CPE</summary>
+            <name>cpe_name_id</name>
+            <summary>NVD assigned cpeNameId of the CPE</summary>
             <pattern>
               text
             </pattern>
@@ -13050,10 +13051,10 @@ END:VCALENDAR
             </pattern>
           </ele>
           <ele>
-            <name>status</name>
-            <summary>The status of this CPE</summary>
+            <name>deprecated</name>
+            <summary>Whether the CPE is deprecated</summary>
             <pattern>
-              text
+              <t>boolean</t>
             </pattern>
           </ele>
           <ele>
@@ -13070,6 +13071,26 @@ END:VCALENDAR
               </pattern>
             </ele>
           </ele>
+          <ele>
+            <name>references</name>
+            <summary>References of this CPE. Only when details were requested</summary>
+            <pattern>
+              <any><e>reference</e></any>
+            </pattern>
+            <ele>
+              <name>reference</name>
+              <summary>Reference of the CPE. Text contains type</summary>
+              <pattern>
+                <attrib>
+                  <name>href</name>
+                  <type>text</type>
+                  <summary>Reference URL</summary>
+                  <required>1</required>
+                </attrib>
+                text
+              </pattern>
+            </ele>
+          </ele>
           <ele>
             <name>raw_data</name>
             <summary>Source representation of the information. Only when details were requested</summary>

From 1012034fef29b8717a89c5f575979621b2313c49 Mon Sep 17 00:00:00 2001
From: Timo Pollmeier <timo.pollmeier@greenbone.net>
Date: Wed, 2 Oct 2024 11:51:30 +0200
Subject: [PATCH 103/134] Change deprecated_by of CPEs to a list.

---
 src/gmp.c                         | 14 +++--
 src/manage.h                      |  6 ++
 src/manage_pg.c                   |  5 ++
 src/manage_sql_secinfo.c          | 93 +++++++++++++++++++++++--------
 src/schema_formats/XML/GMP.xml.in | 13 +++++
 5 files changed, 103 insertions(+), 28 deletions(-)

diff --git a/src/gmp.c b/src/gmp.c
index ac95a6f67..2b179fa4e 100644
--- a/src/gmp.c
+++ b/src/gmp.c
@@ -13490,16 +13490,18 @@ handle_get_info (gmp_parser_t *gmp_parser, GError **error)
 
           if (get_info_data->details == 1)
             {
-              const char *deprecated_by_id
-                = cpe_info_iterator_deprecated_by_id (&info);
-              if (deprecated_by_id && strcmp (deprecated_by_id, ""))
+              iterator_t deprecated_by, cves, refs;
+
+              init_cpe_deprecated_by_iterator (&deprecated_by,
+                                               get_iterator_name (&info));
+              while (next (&deprecated_by))
                 {
                   xml_string_append (result,
-                                     "<deprecated_by>%s</deprecated_by>",
-                                     deprecated_by_id);
+                                     "<deprecated_by cpe_id=\"%s\"/>",
+                                     cpe_deprecated_by_iterator_deprecated_by
+                                      (&deprecated_by));
                 }
 
-              iterator_t cves, refs;
               g_string_append (result, "<cves>");
               init_cpe_cve_iterator (&cves, get_iterator_name (&info), 0, NULL);
               while (next (&cves))
diff --git a/src/manage.h b/src/manage.h
index 6d34f02f9..9d2434292 100644
--- a/src/manage.h
+++ b/src/manage.h
@@ -3339,6 +3339,12 @@ manage_scap_update_time ();
 
 /* CPE. */
 
+void
+init_cpe_deprecated_by_iterator (iterator_t *, const char *);
+
+const char *
+cpe_deprecated_by_iterator_deprecated_by (iterator_t *);
+
 void
 init_cpe_cve_iterator (iterator_t *, const char *, int, const char *);
 
diff --git a/src/manage_pg.c b/src/manage_pg.c
index 7088a4e9c..0cad6c0af 100644
--- a/src/manage_pg.c
+++ b/src/manage_pg.c
@@ -3538,6 +3538,11 @@ manage_db_init (const gchar *name)
            "  ref TEXT,"
            "  type TEXT);");
 
+      sql ("CREATE TABLE scap2.cpes_deprecated_by"
+           " (id SERIAL PRIMARY KEY,"
+           "  cpe TEXT,"
+           "  deprecated_by TEXT);");
+
       sql ("CREATE TABLE scap2.cpe_match_nodes"
            " (id SERIAL PRIMARY KEY,"
            "  parent_id INTEGER DEFAULT 0,"
diff --git a/src/manage_sql_secinfo.c b/src/manage_sql_secinfo.c
index b03413453..680602322 100644
--- a/src/manage_sql_secinfo.c
+++ b/src/manage_sql_secinfo.c
@@ -696,6 +696,28 @@ cve_info_filter_columns ()
   return filter_columns;
 }
 
+/**
+ * @brief Initialise an iterator listing CPEs another CPE is deprecated_by.
+ *
+ * @param[in]  iterator    Iterator.
+ * @param[in]  cpe         CPE to get which other CPEs it's deprecated by.
+ */
+void
+init_cpe_deprecated_by_iterator (iterator_t *iterator, const char *cpe)
+{
+  gchar *quoted_cpe;
+  assert (cpe);
+  quoted_cpe = sql_quote (cpe);
+  init_iterator (iterator,
+                 "SELECT deprecated_by FROM cpes_deprecated_by"
+                 " WHERE cpe = '%s'"
+                 " ORDER BY deprecated_by;",
+                 quoted_cpe);
+  g_free (quoted_cpe);
+}
+
+DEF_ACCESS (cpe_deprecated_by_iterator_deprecated_by, 0);
+
 /**
  * @brief Initialise an CVE iterator, for CVEs reported for a certain CPE.
  *
@@ -2272,19 +2294,19 @@ scap_cpes_json_skip_to_products (gvm_json_pull_parser_t *parser,
 /**
  * @brief Insert a SCAP CPE from JSON.
  *
- * @param[in]  inserts            Pointer to SQL buffer.
+ * @param[in]  inserts            Pointer to SQL buffer for main CPE entries.
+ * @param[in]  deprecated_by_inserts  Pointer to SQL buffer for deprecated_by.
  * @param[in]  product_item       JSON object from the products list.
  *
  * @return 0 success, -1 error.
  */
 static int
-handle_json_cpe_item (inserts_t *inserts, cJSON *product_item)
+handle_json_cpe_item (inserts_t *inserts, inserts_t *deprecated_by_inserts,
+                      cJSON *product_item)
 {
   cJSON *cpe_item;
   char *name, *cpe_name_id, *last_modified, *title_text;
-  char *deprecated_by;
   gchar *quoted_name, *quoted_title, *quoted_cpe_name_id;
-  gchar *quoted_deprecated_by;
   cJSON *titles, *title;
   time_t modification_time;
   int deprecated;
@@ -2347,48 +2369,70 @@ handle_json_cpe_item (inserts_t *inserts, cJSON *product_item)
       return -1;
     }
 
-  deprecated_by = NULL;
+  quoted_name = fs_to_uri_convert_and_quote_cpe_name (name);
   if (deprecated)
     {
       /* CPEs can have multiple deprecatedBy entries,
        *  but for the GMP field only the first one is used */
-      cJSON *deprecated_by_array, *first_deprecated_by;
+      cJSON *deprecated_by_array, *deprecated_by_item;
+      char *deprecated_by_id;
+      gchar *quoted_deprecated_by_id;
       deprecated_by_array = cJSON_GetObjectItemCaseSensitive (cpe_item,
                                                               "deprecatedBy");
       if (! cJSON_IsArray (deprecated_by_array))
         {
           g_warning ("%s: 'deprecatedBy' field missing or not an array",
                      __func__);
+          g_free (quoted_name);
           return -1;
         }
       else if (cJSON_GetArraySize (deprecated_by_array) == 0)
         {
           g_warning ("%s: 'deprecatedBy' array is empty",
                      __func__);
+          g_free (quoted_name);
           return -1;
         }
 
-      first_deprecated_by = cJSON_GetArrayItem (deprecated_by_array, 0);
-      deprecated_by = json_object_item_string (first_deprecated_by, "cpeName");
-      if (deprecated_by == NULL)
+      cJSON_ArrayForEach (deprecated_by_item, deprecated_by_array)
         {
-          g_warning ("%s: Could not get 'cpeName' string from 'deprecatedBy'",
-                     __func__);
-          return -1;
+          deprecated_by_id = json_object_item_string (deprecated_by_item,
+                                                      "cpeName");
+          if (deprecated_by_id == NULL)
+            {
+              g_warning ("%s: 'cpeName' field in 'deprecatedBy' missing or not"
+                         " a string",
+                         __func__);
+              g_free (quoted_name);
+              return -1;
+            }
+
+          quoted_deprecated_by_id
+            = fs_to_uri_convert_and_quote_cpe_name (deprecated_by_id);
+
+          g_message ("%s deprecated by %s", quoted_name, quoted_deprecated_by_id);
+
+          first = inserts_check_size (deprecated_by_inserts);
+
+          g_string_append_printf (deprecated_by_inserts->statement,
+                                  "%s ('%s', '%s')",
+                                  first ? "" : ",",
+                                  quoted_name,
+                                  quoted_deprecated_by_id);
+
+          deprecated_by_inserts->current_chunk_size++;
+
+          g_free (quoted_deprecated_by_id);
         }
     }
 
-  quoted_name = fs_to_uri_convert_and_quote_cpe_name (name);
   quoted_cpe_name_id = sql_quote (cpe_name_id);
   quoted_title = sql_quote (title_text ? title_text : "");
-  quoted_deprecated_by
-    = deprecated_by ? fs_to_uri_convert_and_quote_cpe_name (deprecated_by)
-                    : NULL;
 
   first = inserts_check_size (inserts);
 
   g_string_append_printf (inserts->statement,
-                          "%s ('%s', '%s', '%s', %li, %li, %d, '%s', '%s')",
+                          "%s ('%s', '%s', '%s', %li, %li, %d, '%s')",
                           first ? "" : ",",
                           quoted_name,
                           quoted_name,
@@ -2396,7 +2440,6 @@ handle_json_cpe_item (inserts_t *inserts, cJSON *product_item)
                           modification_time,
                           modification_time,
                           deprecated,
-                          quoted_deprecated_by ? quoted_deprecated_by : "",
                           quoted_cpe_name_id);
 
   inserts->current_chunk_size++;
@@ -2404,7 +2447,6 @@ handle_json_cpe_item (inserts_t *inserts, cJSON *product_item)
   g_free (quoted_title);
   g_free (quoted_name);
   g_free (quoted_cpe_name_id);
-  g_free (quoted_deprecated_by);
 
   return 0;
 }
@@ -2490,7 +2532,7 @@ handle_json_cpe_refs (inserts_t *inserts, cJSON *product_item)
 static int
 update_scap_cpes_from_json_file (const gchar *path)
 {
-  inserts_t inserts;
+  inserts_t inserts, deprecated_by_inserts;
   gvm_json_pull_parser_t parser;
   gvm_json_pull_event_t event;
   FILE *json_stream = fopen (path, "r");
@@ -2517,7 +2559,7 @@ update_scap_cpes_from_json_file (const gchar *path)
                 setting_secinfo_sql_buffer_threshold_bytes (),
                 "INSERT INTO scap2.cpes"
                 " (uuid, name, title, creation_time,"
-                "  modification_time, deprecated, deprecated_by_id,"
+                "  modification_time, deprecated,"
                 "  cpe_name_id)"
                 " VALUES",
                 " ON CONFLICT (uuid) DO UPDATE"
@@ -2529,6 +2571,12 @@ update_scap_cpes_from_json_file (const gchar *path)
                 "     deprecated_by_id = EXCLUDED.deprecated_by_id,"
                 "     cpe_name_id = EXCLUDED.cpe_name_id");
 
+  inserts_init (&deprecated_by_inserts, 10,
+                setting_secinfo_sql_buffer_threshold_bytes (),
+                "INSERT INTO scap2.cpes_deprecated_by (cpe, deprecated_by)"
+                " VALUES ",
+                "");
+
   while (event.type == GVM_JSON_PULL_EVENT_OBJECT_START)
     {
       gchar *error_message;
@@ -2543,7 +2591,7 @@ update_scap_cpes_from_json_file (const gchar *path)
           sql_commit ();
           return -1;
         }
-      if (handle_json_cpe_item (&inserts, entry))
+      if (handle_json_cpe_item (&inserts, &deprecated_by_inserts, entry))
         {
           gvm_json_pull_event_cleanup (&event);
           gvm_json_pull_parser_cleanup (&parser);
@@ -2556,6 +2604,7 @@ update_scap_cpes_from_json_file (const gchar *path)
       gvm_json_pull_parser_next (&parser, &event);
     }
   inserts_run (&inserts, TRUE);
+  inserts_run (&deprecated_by_inserts, TRUE);
   sql_commit ();
   gvm_json_pull_parser_cleanup (&parser);
 
diff --git a/src/schema_formats/XML/GMP.xml.in b/src/schema_formats/XML/GMP.xml.in
index 7ba7b8b05..eb2feaf73 100644
--- a/src/schema_formats/XML/GMP.xml.in
+++ b/src/schema_formats/XML/GMP.xml.in
@@ -13017,6 +13017,7 @@ END:VCALENDAR
             <e>severity</e>
             <e>cve_refs</e>
             <e>deprecated</e>
+            <any><e>deprecated_by</e></any>
             <o><e>cves</e></o>
             <o><e>references</e></o>
             <o><e>raw_data</e></o>
@@ -13057,6 +13058,18 @@ END:VCALENDAR
               <t>boolean</t>
             </pattern>
           </ele>
+          <ele>
+            <name>deprecated_by</name>
+            <summary>Another CPE the current one is deprecated by</summary>
+            <pattern>
+              <attrib>
+                <name>cpe_id</name>
+                <type>uuid</type>
+                <summary>CPE id the current CPE is deprecated by</summary>
+                <required>1</required>
+              </attrib>
+            </pattern>
+          </ele>
           <ele>
             <name>cves</name>
             <summary>CVEs referring to this CPE. Only when details were requested</summary>

From 96208aa4724978f7ef1296d87b66a0f94f2372dc Mon Sep 17 00:00:00 2001
From: Timo Pollmeier <timo.pollmeier@greenbone.net>
Date: Fri, 18 Oct 2024 09:44:18 +0200
Subject: [PATCH 104/134] Apply review suggestions for JSON CPEs

Add missing cleanup, fix comments and remove leftover test log output.
---
 src/gmp.c                |  1 +
 src/manage_sql_secinfo.c | 13 +++++--------
 2 files changed, 6 insertions(+), 8 deletions(-)

diff --git a/src/gmp.c b/src/gmp.c
index 2b179fa4e..b90c1ff54 100644
--- a/src/gmp.c
+++ b/src/gmp.c
@@ -13501,6 +13501,7 @@ handle_get_info (gmp_parser_t *gmp_parser, GError **error)
                                      cpe_deprecated_by_iterator_deprecated_by
                                       (&deprecated_by));
                 }
+              cleanup_iterator (&deprecated_by);
 
               g_string_append (result, "<cves>");
               init_cpe_cve_iterator (&cves, get_iterator_name (&info), 0, NULL);
diff --git a/src/manage_sql_secinfo.c b/src/manage_sql_secinfo.c
index 680602322..d8bbe4ec3 100644
--- a/src/manage_sql_secinfo.c
+++ b/src/manage_sql_secinfo.c
@@ -424,11 +424,11 @@ json_object_item_double (cJSON *object, char *key, double fallback)
  * @brief Get the boolean value for a specified key from a JSON object.
  *
  * @param[in]  object    JSON object
- * @param[in]  key       The key of the double value in the JSON object.
+ * @param[in]  key       The key of the boolean value in the JSON object.
  * @param[in]  fallback  The fallback value if the boolean value is not
  *                       available.
  *
- * @return The double value out of the JSON object with key "key", if any.
+ * @return The boolean value out of the JSON object with key "key", if any.
  *         The fallback value otherwise.
  */
 static int
@@ -2372,8 +2372,6 @@ handle_json_cpe_item (inserts_t *inserts, inserts_t *deprecated_by_inserts,
   quoted_name = fs_to_uri_convert_and_quote_cpe_name (name);
   if (deprecated)
     {
-      /* CPEs can have multiple deprecatedBy entries,
-       *  but for the GMP field only the first one is used */
       cJSON *deprecated_by_array, *deprecated_by_item;
       char *deprecated_by_id;
       gchar *quoted_deprecated_by_id;
@@ -2410,8 +2408,6 @@ handle_json_cpe_item (inserts_t *inserts, inserts_t *deprecated_by_inserts,
           quoted_deprecated_by_id
             = fs_to_uri_convert_and_quote_cpe_name (deprecated_by_id);
 
-          g_message ("%s deprecated by %s", quoted_name, quoted_deprecated_by_id);
-
           first = inserts_check_size (deprecated_by_inserts);
 
           g_string_append_printf (deprecated_by_inserts->statement,
@@ -2420,8 +2416,7 @@ handle_json_cpe_item (inserts_t *inserts, inserts_t *deprecated_by_inserts,
                                   quoted_name,
                                   quoted_deprecated_by_id);
 
-          deprecated_by_inserts->current_chunk_size++;
-
+          deprecated_by_inserts->current_chunk_size++;   
           g_free (quoted_deprecated_by_id);
         }
     }
@@ -2516,6 +2511,8 @@ handle_json_cpe_refs (inserts_t *inserts, cJSON *product_item)
                               quoted_type);
 
       inserts->current_chunk_size++;
+      g_free (quoted_ref);
+      g_free (quoted_type); 
     }
   g_free (quoted_name);
 

From 8a1c684a36c6ba3d24058295f27f97dd232d88cb Mon Sep 17 00:00:00 2001
From: Timo Pollmeier <timo.pollmeier@greenbone.net>
Date: Fri, 18 Oct 2024 10:52:27 +0200
Subject: [PATCH 105/134] Remove: Drop unused deprecated_by column of CPEs

The column has been replaced by a table to allow multiple
deprecated_by entries per CPE.
---
 src/manage.h             |  3 ---
 src/manage_pg.c          |  1 -
 src/manage_sql_secinfo.c | 23 +++++------------------
 src/manage_sql_secinfo.h |  5 ++---
 4 files changed, 7 insertions(+), 25 deletions(-)

diff --git a/src/manage.h b/src/manage.h
index 9d2434292..a2cfc5775 100644
--- a/src/manage.h
+++ b/src/manage.h
@@ -3372,9 +3372,6 @@ cpe_info_iterator_cve_refs (iterator_t*);
 const char*
 cpe_info_iterator_cpe_name_id (iterator_t*);
 
-const char*
-cpe_info_iterator_deprecated_by_id (iterator_t*);
-
 gchar *
 cpe_details_xml (const char*);
 
diff --git a/src/manage_pg.c b/src/manage_pg.c
index 0cad6c0af..4bc218524 100644
--- a/src/manage_pg.c
+++ b/src/manage_pg.c
@@ -3525,7 +3525,6 @@ manage_db_init (const gchar *name)
            "  modification_time integer,"
            "  title text,"
            "  status text,"
-           "  deprecated_by_id TEXT,"
            "  severity DOUBLE PRECISION DEFAULT 0,"
            "  cve_refs INTEGER DEFAULT 0,"
            "  nvd_id text,"
diff --git a/src/manage_sql_secinfo.c b/src/manage_sql_secinfo.c
index d8bbe4ec3..f0a87c63c 100644
--- a/src/manage_sql_secinfo.c
+++ b/src/manage_sql_secinfo.c
@@ -571,17 +571,6 @@ DEF_ACCESS (cpe_info_iterator_title, GET_ITERATOR_COLUMN_COUNT);
  */
 DEF_ACCESS (cpe_info_iterator_deprecated, GET_ITERATOR_COLUMN_COUNT + 1);
 
-/**
- * @brief Get the first CPE the current one is deprecated by
- *        from a CPE iterator.
- *
- * @param[in]  iterator  Iterator.
- *
- * @return The first CPE the current one is deprecated by,
- *         or NULL if iteration is complete. Freed by cleanup_iterator.
- */
-DEF_ACCESS (cpe_info_iterator_deprecated_by_id, GET_ITERATOR_COLUMN_COUNT + 2);
-
 /**
  * @brief Get the highest severity Score of all CVE's referencing this cpe.
  *
@@ -590,7 +579,7 @@ DEF_ACCESS (cpe_info_iterator_deprecated_by_id, GET_ITERATOR_COLUMN_COUNT + 2);
  * @return The highest severity score of the CPE,
  *         or NULL if iteration is complete. Freed by cleanup_iterator.
  */
-DEF_ACCESS (cpe_info_iterator_severity, GET_ITERATOR_COLUMN_COUNT + 3);
+DEF_ACCESS (cpe_info_iterator_severity, GET_ITERATOR_COLUMN_COUNT + 2);
 
 /**
  * @brief Get the Number of CVE's referencing this cpe from a CPE iterator.
@@ -600,7 +589,7 @@ DEF_ACCESS (cpe_info_iterator_severity, GET_ITERATOR_COLUMN_COUNT + 3);
  * @return The Number of references to the CPE, or NULL if iteration is
  *         complete. Freed by cleanup_iterator.
  */
-DEF_ACCESS (cpe_info_iterator_cve_refs, GET_ITERATOR_COLUMN_COUNT + 4);
+DEF_ACCESS (cpe_info_iterator_cve_refs, GET_ITERATOR_COLUMN_COUNT + 3);
 
 /**
  * @brief Get the NVD assigned cpeNameId for this CPE.
@@ -610,7 +599,7 @@ DEF_ACCESS (cpe_info_iterator_cve_refs, GET_ITERATOR_COLUMN_COUNT + 4);
  * @return The NVD ID of this CPE, or NULL if iteration is
  *         complete. Freed by cleanup_iterator.
  */
-DEF_ACCESS (cpe_info_iterator_cpe_name_id, GET_ITERATOR_COLUMN_COUNT + 5);
+DEF_ACCESS (cpe_info_iterator_cpe_name_id, GET_ITERATOR_COLUMN_COUNT + 4);
 
 /**
  * @brief Get the XML details / raw data for a given CPE ID.
@@ -2373,7 +2362,6 @@ handle_json_cpe_item (inserts_t *inserts, inserts_t *deprecated_by_inserts,
   if (deprecated)
     {
       cJSON *deprecated_by_array, *deprecated_by_item;
-      char *deprecated_by_id;
       gchar *quoted_deprecated_by_id;
       deprecated_by_array = cJSON_GetObjectItemCaseSensitive (cpe_item,
                                                               "deprecatedBy");
@@ -2394,6 +2382,7 @@ handle_json_cpe_item (inserts_t *inserts, inserts_t *deprecated_by_inserts,
 
       cJSON_ArrayForEach (deprecated_by_item, deprecated_by_array)
         {
+          char *deprecated_by_id;
           deprecated_by_id = json_object_item_string (deprecated_by_item,
                                                       "cpeName");
           if (deprecated_by_id == NULL)
@@ -2565,7 +2554,6 @@ update_scap_cpes_from_json_file (const gchar *path)
                 "     creation_time = EXCLUDED.creation_time,"
                 "     modification_time = EXCLUDED.modification_time,"
                 "     deprecated = EXCLUDED.deprecated,"
-                "     deprecated_by_id = EXCLUDED.deprecated_by_id,"
                 "     cpe_name_id = EXCLUDED.cpe_name_id");
 
   inserts_init (&deprecated_by_inserts, 10,
@@ -2705,7 +2693,7 @@ update_scap_cpes_from_xml_file (const gchar *path)
                 setting_secinfo_sql_buffer_threshold_bytes (),
                 "INSERT INTO scap2.cpes"
                 " (uuid, name, title, creation_time,"
-                "  modification_time, status, deprecated_by_id,"
+                "  modification_time, status,"
                 "  nvd_id)"
                 " VALUES",
                 " ON CONFLICT (uuid) DO UPDATE"
@@ -2714,7 +2702,6 @@ update_scap_cpes_from_xml_file (const gchar *path)
                 "     creation_time = EXCLUDED.creation_time,"
                 "     modification_time = EXCLUDED.modification_time,"
                 "     status = EXCLUDED.status,"
-                "     deprecated_by_id = EXCLUDED.deprecated_by_id,"
                 "     nvd_id = EXCLUDED.nvd_id");
 
   cpe_item = xml_file_iterator_next (file_iterator, &error_message);
diff --git a/src/manage_sql_secinfo.h b/src/manage_sql_secinfo.h
index 656f240eb..71f00c091 100644
--- a/src/manage_sql_secinfo.h
+++ b/src/manage_sql_secinfo.h
@@ -101,8 +101,8 @@
  * @brief Filter columns for CVE iterator.
  */
 #define CPE_INFO_ITERATOR_FILTER_COLUMNS                    \
- { GET_ITERATOR_FILTER_COLUMNS, "title", "status",          \
-   "deprecated_by_id", "severity", "cves", "cpe_name_id",        \
+ { GET_ITERATOR_FILTER_COLUMNS, "title", "deprecated",      \
+   "severity", "cves", "cpe_name_id",                       \
    NULL }
 
 /**
@@ -115,7 +115,6 @@
    { "0", NULL, KEYWORD_TYPE_INTEGER },                         \
    { "title", NULL, KEYWORD_TYPE_STRING },                      \
    { "deprecated", NULL, KEYWORD_TYPE_INTEGER },                \
-   { "deprecated_by_id", NULL, KEYWORD_TYPE_INTEGER },          \
    { "severity", NULL, KEYWORD_TYPE_DOUBLE },                   \
    { "cve_refs", "cves", KEYWORD_TYPE_INTEGER },                \
    { "cpe_name_id", NULL, KEYWORD_TYPE_STRING },                \

From 624f1444d87aa26e6b488b86e7ce85a2437558e5 Mon Sep 17 00:00:00 2001
From: Johannes Helmold <johannes.helmold@greenbone.net>
Date: Thu, 24 Oct 2024 11:56:09 +0200
Subject: [PATCH 106/134] Add: Added reading of gzip files for CPEs.

---
 src/manage_sql_secinfo.c | 71 ++++++++++++++++++++++++++++++++--------
 1 file changed, 57 insertions(+), 14 deletions(-)

diff --git a/src/manage_sql_secinfo.c b/src/manage_sql_secinfo.c
index 71cc6e055..0f5527da6 100644
--- a/src/manage_sql_secinfo.c
+++ b/src/manage_sql_secinfo.c
@@ -2522,21 +2522,35 @@ update_scap_cpes_from_json_file (const gchar *path)
   inserts_t inserts, deprecated_by_inserts;
   gvm_json_pull_parser_t parser;
   gvm_json_pull_event_t event;
-  FILE *json_stream = fopen (path, "r");
-  if (json_stream == NULL)
+  FILE *cpe_file;
+
+  int fd = open (path, O_RDONLY);
+
+  if (fd < 0)
     {
-      g_warning ("%s: Could not open file '%s': %s",
+      g_warning ("%s: Failed to open CPE file '%s': %s",
                  __func__, path, strerror(errno));
       return -1;
     }
 
-  gvm_json_pull_parser_init (&parser, json_stream);
+  g_info ("Updating %s", path);
+
+  cpe_file = gvm_gzip_open_file_reader_fd (fd);
+  if (cpe_file == NULL)
+    {
+      g_warning ("%s: Failed to open CPE file: %s",
+                 __func__,
+                 strerror (errno));
+      return -1;
+    }
+
+  gvm_json_pull_parser_init (&parser, cpe_file);
   gvm_json_pull_event_init (&event);
   if (scap_cpes_json_skip_to_products (&parser, &event))
     {
       gvm_json_pull_event_cleanup (&event);
       gvm_json_pull_parser_cleanup (&parser);
-      fclose (json_stream);
+      fclose (cpe_file);
       return -1;
     }
 
@@ -2573,7 +2587,7 @@ update_scap_cpes_from_json_file (const gchar *path)
           gvm_json_pull_event_cleanup (&event);
           gvm_json_pull_parser_cleanup (&parser);
           cJSON_Delete (entry);
-          fclose (json_stream);
+          fclose (cpe_file);
           sql_commit ();
           return -1;
         }
@@ -2582,7 +2596,7 @@ update_scap_cpes_from_json_file (const gchar *path)
           gvm_json_pull_event_cleanup (&event);
           gvm_json_pull_parser_cleanup (&parser);
           cJSON_Delete (entry);
-          fclose (json_stream);
+          fclose (cpe_file);
           sql_commit ();
           return -1;
         }
@@ -2595,14 +2609,31 @@ update_scap_cpes_from_json_file (const gchar *path)
   gvm_json_pull_parser_cleanup (&parser);
 
   // Reset and insert refs
-  fseek (json_stream, 0, SEEK_SET);
-  gvm_json_pull_parser_init (&parser, json_stream);
+  fclose (cpe_file);
+  fd = open (path, O_RDONLY);
+
+  if (fd < 0)
+    {
+      g_warning ("%s: Failed to open CPE file '%s': %s",
+                 __func__, path, strerror(errno));
+      return -1;
+    }
+
+  cpe_file = gvm_gzip_open_file_reader_fd (fd);
+  if (cpe_file == NULL)
+    {
+      g_warning ("%s: Failed to open CPE file: %s",
+                 __func__,
+                 strerror (errno));
+      return -1;
+    }
+  gvm_json_pull_parser_init (&parser, cpe_file);
 
   if (scap_cpes_json_skip_to_products (&parser, &event))
     {
       gvm_json_pull_event_cleanup (&event);
       gvm_json_pull_parser_cleanup (&parser);
-      fclose (json_stream);
+      fclose (cpe_file);
       return -1;
     }
 
@@ -2625,7 +2656,7 @@ update_scap_cpes_from_json_file (const gchar *path)
           gvm_json_pull_event_cleanup (&event);
           gvm_json_pull_parser_cleanup (&parser);
           cJSON_Delete (entry);
-          fclose (json_stream);
+          fclose (cpe_file);
           sql_commit ();
           return -1;
         }
@@ -2634,7 +2665,7 @@ update_scap_cpes_from_json_file (const gchar *path)
           gvm_json_pull_event_cleanup (&event);
           gvm_json_pull_parser_cleanup (&parser);
           cJSON_Delete (entry);
-          fclose (json_stream);
+          fclose (cpe_file);
           sql_commit ();
           return -1;
         }
@@ -2645,6 +2676,7 @@ update_scap_cpes_from_json_file (const gchar *path)
   sql_commit ();
   gvm_json_pull_parser_cleanup (&parser);
 
+  fclose (cpe_file);
   return 0;
 }
 
@@ -2854,8 +2886,15 @@ update_scap_cpes ()
   int ret;
 
   full_path = g_build_filename (GVM_SCAP_DATA_DIR,
-                                "nvd-cpes.json",
+                                "nvd-cpes.json.gz",
                                 NULL);
+  if (g_stat (full_path, &state))
+    {
+      g_free (full_path);
+      full_path = g_build_filename (GVM_SCAP_DATA_DIR,
+                                    "nvd-cpes.json",
+                                    NULL);
+    }
 
   if (g_stat (full_path, &state))
     {
@@ -2888,8 +2927,12 @@ update_scap_cpes ()
 
   ret = update_scap_cpes_from_json_file (full_path);
   if (ret)
-    return -1;
+    {
+      g_free (full_path);
+      return -1;
+    }
 
+  g_free (full_path);
   return 0;
 }
 

From f5f77acec7ba290f146ac7af2ddc8ebee87d88f4 Mon Sep 17 00:00:00 2001
From: Johannes Helmold <johannes.helmold@greenbone.net>
Date: Mon, 28 Oct 2024 16:01:30 +0100
Subject: [PATCH 107/134] Very small optimization.

---
 src/manage_sql_secinfo.c | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/src/manage_sql_secinfo.c b/src/manage_sql_secinfo.c
index 0f5527da6..998ccf891 100644
--- a/src/manage_sql_secinfo.c
+++ b/src/manage_sql_secinfo.c
@@ -2926,13 +2926,12 @@ update_scap_cpes ()
   g_info ("Updating CPEs");
 
   ret = update_scap_cpes_from_json_file (full_path);
-  if (ret)
-    {
-      g_free (full_path);
-      return -1;
-    }
 
   g_free (full_path);
+
+  if (ret)
+    return -1;
+
   return 0;
 }
 

From 3d75038b71ece78869244b50017a3f496569492f Mon Sep 17 00:00:00 2001
From: Ahmed Abdelsalam <ahmed.abdelsalam@greenbone.net>
Date: Fri, 4 Oct 2024 17:38:52 +0200
Subject: [PATCH 108/134] Change: Update handling of CVEs for the new JSON API.

- Handle references explicitly to remove raw_data.
- Add affected software configurations and references to the
response of get_info for CVEs when details are enabled.
---
 src/gmp.c                         | 195 ++++++++
 src/manage.h                      |  27 +
 src/manage_pg.c                   |  39 +-
 src/manage_sql.c                  | 160 +++++-
 src/manage_sql_secinfo.c          | 797 ++++++++++++++++++++++--------
 src/schema_formats/XML/GMP.xml.in | 157 ++++++
 6 files changed, 1138 insertions(+), 237 deletions(-)

diff --git a/src/gmp.c b/src/gmp.c
index b90c1ff54..fe766df12 100644
--- a/src/gmp.c
+++ b/src/gmp.c
@@ -101,6 +101,7 @@
 #include "manage_report_configs.h"
 #include "manage_report_formats.h"
 #include "manage_tls_certificates.h"
+#include "sql.h"
 #include "utils.h"
 
 #include <arpa/inet.h>
@@ -128,6 +129,7 @@
 #include <gvm/util/fileutils.h>
 #include <gvm/util/sshutils.h>
 #include <gvm/util/authutils.h>
+#include <gvm/util/cpeutils.h>
 
 #undef G_LOG_DOMAIN
 /**
@@ -13252,6 +13254,194 @@ handle_get_groups (gmp_parser_t *gmp_parser, GError **error)
   set_client_state (CLIENT_AUTHENTIC);
 }
 
+/**
+ * @brief Print CPE match node with its matched CPEs.
+ *
+ * @param[in]  node     CPE match node to print.
+ * @param[in]  buffer   Buffer into which to print match node.
+ */
+static void
+print_cpe_match_nodes_xml(resource_t node, GString *buffer)
+{
+  iterator_t cpe_match_nodes, cpe_match_ranges;
+  const char *operator = NULL;
+  int negate = 0;
+
+  init_iterator (&cpe_match_nodes,
+                 "SELECT operator, negate FROM scap.cpe_match_nodes WHERE id = %llu;", 
+                 node);
+  while (next (&cpe_match_nodes))
+    {
+      operator = iterator_string (&cpe_match_nodes, 0);
+      negate = iterator_int (&cpe_match_nodes, 1);
+    }
+  cleanup_iterator (&cpe_match_nodes);
+
+  xml_string_append (buffer, "<operator>%s</operator>", operator?: "");
+  xml_string_append (buffer, "<negate>%s</negate>", negate? "1" : "0");
+
+  init_cpe_match_range_iterator (&cpe_match_ranges, node);
+  while (next (&cpe_match_ranges))
+    {
+      const gchar *vsi, *vse, *vei, *vee, *match_criteria_id, *range_uri_product;
+
+      xml_string_append (buffer, "<match_criteria>");
+      match_criteria_id = cpe_match_range_iterator_match_criteria_id (&cpe_match_ranges);
+      range_uri_product 
+        = fs_cpe_to_uri_cpe (cpe_match_range_iterator_cpe (&cpe_match_ranges));
+      xml_string_append (buffer, "<match_string>%s</match_string>", range_uri_product?: "");
+      xml_string_append (buffer, "<vulnerable>%s</vulnerable>",
+                         cpe_match_range_iterator_vulnerable (&cpe_match_ranges) != 0
+                         ? "1"
+                         : "0");
+      vsi = cpe_match_range_iterator_version_start_incl(&cpe_match_ranges);
+      vse = cpe_match_range_iterator_version_start_excl(&cpe_match_ranges);
+      vei = cpe_match_range_iterator_version_end_incl(&cpe_match_ranges);
+      vee = cpe_match_range_iterator_version_end_excl(&cpe_match_ranges);
+
+      xml_string_append (buffer,
+                         "<version_start_including>%s</version_start_including>", 
+                         vsi ?: "");
+      xml_string_append (buffer,
+                         "<version_start_excluding>%s</version_start_excluding>",
+                         vse ?: "");
+      xml_string_append (buffer,
+                         "<version_end_including>%s</version_end_including>",
+                         vei ?: "");
+      xml_string_append (buffer,
+                         "<version_end_excluding>%s</version_end_excluding>",
+                         vee ?: "");
+
+      iterator_t cpe_matches;
+      init_cpe_match_range_matches_iterator (&cpe_matches, match_criteria_id);
+      xml_string_append (buffer, "<matched_cpes>");
+
+      while (next (&cpe_matches))
+        {
+          iterator_t cpes;
+
+          init_iterator (&cpes,
+                         "SELECT name, deprecated FROM scap.cpes"
+                         " WHERE cpe_name_id = '%s';",
+                         cpe_matches_cpe_name_id(&cpe_matches));
+
+          const char* cpe = NULL;
+          int deprecated = 0;
+          while (next (&cpes))
+          {
+            cpe = iterator_string (&cpes, 0);
+            deprecated = iterator_int (&cpes, 1);
+          }
+          cleanup_iterator (&cpes);
+
+          xml_string_append (buffer, "<cpe>");
+          xml_string_append (buffer, "<name>%s</name>", cpe?: "");
+          xml_string_append (buffer,
+                            "<deprecated>%s</deprecated>",
+                             deprecated ? "1" : "0");
+          if (deprecated)
+            {
+              iterator_t deprecated_by;
+              init_cpe_deprecated_by_iterator (&deprecated_by, cpe);
+              while (next (&deprecated_by))
+              {
+                xml_string_append (buffer,
+                                   "<deprecated_by cpe_id=\"%s\"/>",
+                                   cpe_deprecated_by_iterator_deprecated_by
+                                    (&deprecated_by));
+              }
+              cleanup_iterator (&deprecated_by);
+            }
+          xml_string_append (buffer, "</cpe>");
+        }
+      xml_string_append (buffer, "</matched_cpes>");
+      xml_string_append (buffer, "</match_criteria>");
+      cleanup_iterator (&cpe_matches);
+    }
+  cleanup_iterator (&cpe_match_ranges);
+}
+/**
+ * @brief Print CVE affected software configurations
+ *
+ * @param[in]   cve_uuid  uuid of the CVE.
+ * @param[out]  result    Buffer into which to print.
+ *
+ */
+static void
+print_cve_affected_software_configs_xml (gchar *cve_uuid, GString *result)
+{
+  iterator_t cpe_match_root_nodes;
+  xml_string_append (result, "<configuration_nodes>");
+  init_cve_cpe_match_nodes_iterator (&cpe_match_root_nodes, cve_uuid);
+  while (next (&cpe_match_root_nodes))
+    {
+        result_t root_node;
+        iterator_t cpe_match_node_childs;
+        root_node = cpe_match_nodes_iterator_root_id (&cpe_match_root_nodes);
+        xml_string_append (result, "<node>");
+        print_cpe_match_nodes_xml(root_node, result);
+        init_cpe_match_node_childs_iterator (&cpe_match_node_childs, root_node);
+        while (next (&cpe_match_node_childs))
+          {
+            resource_t child_node;
+            child_node = cpe_match_node_childs_iterator_id (&cpe_match_node_childs);
+            xml_string_append (result, "<node>");
+            print_cpe_match_nodes_xml(child_node, result);
+            xml_string_append (result, "</node>");
+          }
+        xml_string_append (result, "</node>");
+        cleanup_iterator (&cpe_match_node_childs);
+    }
+    xml_string_append (result, "</configuration_nodes>");
+    cleanup_iterator (&cpe_match_root_nodes);
+}
+
+/**
+ * @brief Print CVE references
+ *
+ * @param[in]   cve_uuid  uuid of the CVE.
+ * @param[out]  result    Buffer into which to print.
+ *
+ */
+static void
+print_cve_references_xml (gchar *cve_uuid, GString *result)
+{
+  iterator_t references;
+  init_cve_reference_iterator (&references, cve_uuid);
+  xml_string_append (result, "<references>");
+  while (next (&references))
+    {
+      xml_string_append (result, "<reference>");
+      xml_string_append (result, "<url>%s</url>", cve_reference_iterator_url (&references));
+      xml_string_append (result, "<tags>");
+      const char * tags_array = cve_reference_iterator_tags (&references);
+      if(tags_array && strlen(tags_array) > 2)
+        {
+          char *trimmed_array = g_strndup (tags_array + 1, strlen (tags_array) - 2);
+          gchar **tags, **current_tag;
+          tags = g_strsplit (trimmed_array, ",", -1);
+          current_tag = tags;
+          while (*current_tag)
+            {
+              if (strlen (*current_tag) > 2 && (*current_tag)[0] == '"' && (*current_tag)[strlen (*current_tag) - 1] == '"')
+                {
+                  char *trimmed_tag = g_strndup (*current_tag + 1, strlen (*current_tag) - 2);
+                  xml_string_append (result, "<tag>%s</tag>", trimmed_tag);
+                  g_free (trimmed_tag);
+                }
+              else
+                xml_string_append (result, "<tag>%s</tag>", *current_tag);
+              current_tag++;
+            }
+          g_strfreev (tags);
+          g_free (trimmed_array);
+        }
+      xml_string_append (result, "</tags>");
+      xml_string_append (result, "</reference>");
+    }
+  xml_string_append (result, "</references>");
+  cleanup_iterator (&references);
+}
 /**
  * @brief Handle end of GET_INFO element.
  *
@@ -13627,6 +13817,11 @@ handle_get_info (gmp_parser_t *gmp_parser, GError **error)
                                           "</warning>");
                 }
               g_string_append (result, "</cert>");
+
+              gchar *cve_uuid = g_strdup(get_iterator_uuid (&info));
+              print_cve_affected_software_configs_xml (cve_uuid, result);
+              print_cve_references_xml (cve_uuid, result);
+              g_free(cve_uuid);
             }
         }
       else if (g_strcmp0 ("cert_bund_adv", get_info_data->type) == 0)
diff --git a/src/manage.h b/src/manage.h
index df8f144a4..93cbb01e2 100644
--- a/src/manage.h
+++ b/src/manage.h
@@ -1693,6 +1693,21 @@ app_locations_iterator_location (iterator_t*);
 void
 init_cpe_match_nodes_iterator (iterator_t*, const char *);
 
+void
+init_cve_cpe_match_nodes_iterator (iterator_t*, const char *);
+
+void
+init_cve_reference_iterator (iterator_t*, const char *);
+
+const char*
+cve_reference_iterator_url (iterator_t*);
+
+const char*
+cve_reference_iterator_tags (iterator_t*);
+
+const char*
+cve_reference_iterator_tags_count (iterator_t*);
+
 long long int
 cpe_match_nodes_iterator_root_id (iterator_t*);
 
@@ -1714,6 +1729,12 @@ init_cpe_match_range_iterator (iterator_t*, long long int);
 const char*
 cpe_match_range_iterator_cpe (iterator_t*);
 
+const char*
+cpe_match_range_iterator_match_criteria_id (iterator_t*);
+
+const char*
+cpe_match_range_iterator_status (iterator_t*);
+
 const char*
 cpe_match_range_iterator_version_start_incl (iterator_t*);
 
@@ -1729,6 +1750,12 @@ cpe_match_range_iterator_version_end_excl (iterator_t*);
 int
 cpe_match_range_iterator_vulnerable (iterator_t*);
 
+void
+init_cpe_match_range_matches_iterator (iterator_t*, const char *);
+
+const char*
+cpe_matches_cpe_name_id (iterator_t*);
+
 void
 init_host_details_cpe_product_iterator (iterator_t*, const char *, report_host_t);
 
diff --git a/src/manage_pg.c b/src/manage_pg.c
index f53b9f601..893d3e240 100644
--- a/src/manage_pg.c
+++ b/src/manage_pg.c
@@ -3546,20 +3546,31 @@ manage_db_init (const gchar *name)
 
       sql ("CREATE TABLE scap2.cpe_match_nodes"
            " (id SERIAL PRIMARY KEY,"
-           "  parent_id INTEGER DEFAULT 0,"
-           "  root_id INTEGER DEFAULT 0,"
-           "  cve_id INTEGER DEFAULT 0,"
-           "  operator text);");
+           "  root_id integer DEFAULT 0,"
+           "  cve_id integer DEFAULT 0,"
+           "  operator text,"
+           "  negate integer DEFAULT 0);");
+
+      sql ("CREATE TABLE scap2.cpe_nodes_match_criteria"
+           " (id SERIAL PRIMARY KEY,"
+           "  node_id integer DEFAULT 0,"
+           "  vulnerable integer DEFAULT 0,"
+           "  match_criteria_id text);");
 
       sql ("CREATE TABLE scap2.cpe_match_range"
            " (id SERIAL PRIMARY KEY,"
-           "  node_id INTEGER DEFAULT 0,"
-           "  vulnerable INTEGER DEFAULT 0,"
+           "  match_criteria_id text,"
            "  cpe text DEFAULT NULL,"
            "  version_start_incl text DEFAULT NULL,"
            "  version_start_excl text DEFAULT NULL,"
            "  version_end_incl text DEFAULT NULL,"
-           "  version_end_excl text DEFAULT NULL);");
+           "  version_end_excl text DEFAULT NULL,"
+           "  status text);");
+
+      sql ("CREATE TABLE scap2.cpe_matches"
+           " (id SERIAL PRIMARY KEY,"
+           "  match_criteria_id text,"               
+           "  cpe_name_id text);");
 
       sql ("CREATE TABLE scap2.cpe_details"
            " (id SERIAL PRIMARY KEY,"
@@ -3575,6 +3586,11 @@ manage_db_init (const gchar *name)
            "  epss DOUBLE PRECISION,"
            "  percentile DOUBLE PRECISION);");
 
+      sql ("CREATE TABLE scap2.cve_references"
+           " (id SERIAL PRIMARY KEY,"
+           "  cve_id INTEGER,"
+           "  url text,"
+           "  tags text[]);");
 
       /* Init tables. */
 
@@ -3624,6 +3640,15 @@ manage_db_add_constraints (const gchar *name)
       sql ("ALTER TABLE scap2.epss_scores"
            " ALTER cve SET NOT NULL,"
            " ADD UNIQUE (cve);");
+
+      sql ("ALTER TABLE scap2.cve_references"
+           " ALTER cve_id SET NOT NULL,"
+           " ALTER url SET NOT NULL,"
+           " ADD UNIQUE (cve_id, url);");
+
+      sql ("ALTER TABLE scap2.cpe_match_range"
+           " ADD UNIQUE (match_criteria_id);");
+
     }
   else
     {
diff --git a/src/manage_sql.c b/src/manage_sql.c
index fc1bf3905..71461dc00 100644
--- a/src/manage_sql.c
+++ b/src/manage_sql.c
@@ -20511,13 +20511,80 @@ init_cpe_match_nodes_iterator (iterator_t* iterator, const char *cpe)
   gchar *quoted_cpe;
   quoted_cpe = sql_quote (cpe);
   init_iterator (iterator,
-                 "SELECT DISTINCT root_id"
-                 " FROM scap.cpe_match_nodes, scap.cpe_match_range"
-                 " WHERE cpe like '%s%%' AND scap.cpe_match_nodes.id = node_id;",
+                 " SELECT DISTINCT n.root_id"
+                 " FROM scap.cpe_match_nodes n"
+                 " JOIN scap.cpe_nodes_match_criteria c ON n.id = c.node_id"
+                 " JOIN scap.cpe_match_range r ON c.match_criteria = r.match_criteria_id"
+                 " WHERE cpe like '%s%%';",
                  quoted_cpe);
   g_free (quoted_cpe);
 }
 
+/**
+ * @brief Initialize an iterator of CPE match nodes root_ids for a CVE.
+ *
+ * @param[in]  iterator  Iterator.
+ * @param[in]  cve       The CVE contained in the match nodes.
+ */
+void
+init_cve_cpe_match_nodes_iterator (iterator_t* iterator, const char *cve)
+{
+  gchar *quoted_cve;
+  quoted_cve = sql_quote (cve);
+  init_iterator (iterator,
+                 "SELECT DISTINCT root_id"
+                 " FROM scap.cpe_match_nodes"
+                 " WHERE cve_id = (SELECT id from scap.cves where uuid = '%s');",
+                 quoted_cve);
+  g_free (quoted_cve);
+}
+
+/**
+ * @brief Initialize an iterator of references for a CVE.
+ *
+ * @param[in]  iterator  Iterator.
+ * @param[in]  cve       The CVE with the references.
+ */
+void
+init_cve_reference_iterator (iterator_t* iterator, const char *cve)
+{
+  gchar *quoted_cve;
+  quoted_cve = sql_quote (cve);
+  init_iterator (iterator,
+                 "SELECT url, array_length(tags, 1), tags"
+                 " FROM scap.cve_references"
+                 " WHERE cve_id = (SELECT id from scap.cves where uuid = '%s');",
+                 quoted_cve);
+  g_free (quoted_cve);
+}
+
+/**
+ * @brief Get a URL from a CVE reference iterator.
+ *
+ * @param[in]  iterator   Iterator.
+ *
+ * @return  The URL.
+ */
+DEF_ACCESS (cve_reference_iterator_url, 0);
+
+/**
+ * @brief Get the length of the tags array from a CVE reference iterator.
+ *
+ * @param[in]  iterator   Iterator.
+ *
+ * @return  Length of the tags array.
+ */
+DEF_ACCESS (cve_reference_iterator_tags_count, 1);
+
+/**
+ * @brief Get the tags array from a CVE reference iterator.
+ *
+ * @param[in]  iterator   Iterator.
+ *
+ * @return  The tags array.
+ */
+DEF_ACCESS (cve_reference_iterator_tags, 2);
+
 /**
  * @brief Get a root id from an CPE match node iterator.
  *
@@ -20542,7 +20609,8 @@ init_cpe_match_node_childs_iterator (iterator_t* iterator, long long int node)
 {
   init_iterator (iterator,
                  "SELECT id FROM scap.cpe_match_nodes"
-                 " WHERE parent_id = %llu;",
+                 " WHERE root_id = %llu"
+                 " AND root_id <> id;",
                  node);
 }
 
@@ -20569,10 +20637,13 @@ void
 init_cpe_match_range_iterator (iterator_t* iterator, long long int node)
 {
   init_iterator (iterator,
-                 "SELECT vulnerable, cpe, version_start_incl,"
-                 " version_start_excl, version_end_incl, version_end_excl"
-                 " FROM scap.cpe_match_range"
-                 " WHERE node_id = %llu;",
+                 "SELECT n.vulnerable, r.cpe, r.match_criteria_id, r.status,"
+                 " r.version_start_incl, r.version_start_excl,"
+                 " r.version_end_incl, r.version_end_excl"
+                 " FROM scap.cpe_match_range r"
+                 " JOIN scap.cpe_nodes_match_criteria n"
+                 " ON r.match_criteria_id = n.match_criteria_id"
+                 " WHERE n.node_id = %llu;",
                  node);
 }
 
@@ -20599,44 +20670,93 @@ cpe_match_range_iterator_vulnerable (iterator_t* iterator)
 DEF_ACCESS (cpe_match_range_iterator_cpe, 1);
 
 /**
- * @brief Return the start included version of the actual match node.
+ * @brief Return the match criteria id of the CPE match range.
+ *
+ * @param[in]  iterator   Iterator.
+ *
+ * @return   The match criteria id, if any. NULL otherwise.
+ */
+DEF_ACCESS (cpe_match_range_iterator_match_criteria_id, 2);
+
+/**
+ * @brief Return the status of the CPE match range.
  *
  * @param[in]  iterator   Iterator.
  *
- * @return   The start included version of the actual match node, if any.
+ * @return   The status of the CPE match range, if any.
  *           NULL otherwise.
  */
-DEF_ACCESS (cpe_match_range_iterator_version_start_incl, 2);
+DEF_ACCESS (cpe_match_range_iterator_status, 3);
 
 /**
- * @brief Return the start excluded version of the actual match node.
+ * @brief Return the start included version of the match range.
  *
  * @param[in]  iterator   Iterator.
  *
- * @return   The start excluded version of the actual match node, if any.
+ * @return   The start included version of the match range, if any.
  *           NULL otherwise.
  */
-DEF_ACCESS (cpe_match_range_iterator_version_start_excl, 3);
+DEF_ACCESS (cpe_match_range_iterator_version_start_incl, 4);
 
 /**
- * @brief Return the end included version of the actual match node.
+ * @brief Return the start excluded version of the match range.
  *
  * @param[in]  iterator   Iterator.
  *
- * @return   The end included version of the actual match node, if any.
+ * @return   The start excluded version of the match range, if any.
  *           NULL otherwise.
  */
-DEF_ACCESS (cpe_match_range_iterator_version_end_incl, 4);
+DEF_ACCESS (cpe_match_range_iterator_version_start_excl, 5);
 
 /**
- * @brief Return the end excluded version of the actual match node.
+ * @brief Return the end included version of the match range.
  *
  * @param[in]  iterator   Iterator.
  *
- * @return   The end excluded version of the actual match node, if any.
+ * @return   The end included version of the match range, if any.
  *           NULL otherwise.
  */
-DEF_ACCESS (cpe_match_range_iterator_version_end_excl, 5);
+DEF_ACCESS (cpe_match_range_iterator_version_end_incl, 6);
+
+/**
+ * @brief Return the end excluded version of the match range.
+ *
+ * @param[in]  iterator   Iterator.
+ *
+ * @return   The end excluded version of the match range, if any.
+ *           NULL otherwise.
+ */
+DEF_ACCESS (cpe_match_range_iterator_version_end_excl, 7);
+
+/**
+ * @brief Initialize an iterator of CPE matches for a match range
+ *        given a match criteria id.
+ *
+ * @param[in]  iterator           Iterator.
+ * @param[in]  match_criteria_id  The match criteria id to get the matches for.
+ */
+void
+init_cpe_match_range_matches_iterator (iterator_t* iterator, const char *match_criteria_id)
+{
+  init_iterator (iterator,
+                 "SELECT cpe_name_id"
+                 " FROM scap.cpe_matches"
+                 " WHERE match_criteria_id = '%s'",
+                 match_criteria_id);
+}
+
+/**
+ * @brief Get the CPE name id from a CPE match range matches iterator.
+ *
+ * @param[in]  iterator   Iterator.
+ *
+ * @return  The CPE name id.
+ */
+const char *
+cpe_matches_cpe_name_id (iterator_t* iterator)
+{
+  return iterator_string (iterator, 0);
+}
 
 /**
  * @brief Initialise a report host prognosis iterator.
diff --git a/src/manage_sql_secinfo.c b/src/manage_sql_secinfo.c
index cd95c4aff..3eee935c7 100644
--- a/src/manage_sql_secinfo.c
+++ b/src/manage_sql_secinfo.c
@@ -3245,115 +3245,24 @@ insert_cve_from_entry (element_t entry, element_t last_modified,
 /**
  * @brief Save the node of a cve match rule tree.
  *
- * @param[in]  parent_id  The parent_id of the node. If this value is 0,
- *                        the node is the root of the tree.
  * @param[in]  cve_id     The id of the CVE to which the tree belongs.
  * @param[in]  operator   The operator for the match rules.
+ * @param[in]  negate     Whether the match rules are negated.
  *
  * @return The (database) id of the node.
  */
 static resource_t
-save_node (resource_t parent_id, resource_t cve_id, char *operator)
+save_node (resource_t cve_id, char *operator, gboolean negate)
 {
   return sql_int64_0
            ("INSERT INTO scap2.cpe_match_nodes"
-            " (parent_id, cve_id, operator)"
+            " (cve_id, operator, negate)"
             " VALUES"
-            " (%llu, %llu, '%s')"
+            " (%llu, '%s', %d)"
             " RETURNING scap2.cpe_match_nodes.id;",
-            parent_id,
             cve_id,
-            operator);
-}
-
-/**
- * @brief Add match rules to a node of a match rule tree*
- *
- * @param[in]  id           The id of the node the rules belong to.
- * @param[in]  match_rules  The JSON object that contains the rules.
- */
-static void
-add_cpe_match_rules (result_t id, cJSON *match_rules)
-{
-  cJSON *match_rule;
-  cJSON *ver_se;
-  cJSON *cpe_js;
-
-  gboolean vulnerable = FALSE;
-  char * version_start_incl = NULL;
-  char * version_start_excl = NULL;
-  char * version_end_incl = NULL;
-  char * version_end_excl = NULL;
-
-  cJSON_ArrayForEach(match_rule, match_rules)
-    {
-      char *sql_cpe = NULL;
-      vulnerable = FALSE;
-      version_start_incl = NULL;
-      version_start_excl = NULL;
-      version_end_incl = NULL;
-      version_end_excl = NULL;
-
-      if (cJSON_IsTrue(cJSON_GetObjectItemCaseSensitive(match_rule, "vulnerable")))
-        vulnerable = TRUE;
-      else
-        vulnerable = FALSE;
-
-      cpe_js = cJSON_GetObjectItemCaseSensitive(match_rule, "cpe23Uri");
-      if (cpe_js != NULL && strcmp (cpe_js->valuestring, "(null)"))
-        {
-          char *quoted_cpe = sql_quote (cpe_js->valuestring);
-          sql_cpe = g_strdup_printf ("'%s'", quoted_cpe);
-          g_free (quoted_cpe);
-        }
-      else
-        sql_cpe = g_strdup ("NULL");
-
-      ver_se = cJSON_GetObjectItemCaseSensitive(match_rule, "versionStartIncluding");
-      if (ver_se != NULL && strcmp (ver_se->valuestring, "(null)"))
-        version_start_incl = g_strdup_printf ("'%s'", ver_se->valuestring);
-      else
-        version_start_incl = g_strdup ("NULL");
-
-      ver_se = cJSON_GetObjectItemCaseSensitive(match_rule, "versionStartExcluding");
-      if (ver_se != NULL && strcmp (ver_se->valuestring, "(null)"))
-        version_start_excl = g_strdup_printf ("'%s'", ver_se->valuestring);
-      else
-        version_start_excl = g_strdup ("NULL");
-
-      ver_se = cJSON_GetObjectItemCaseSensitive(match_rule, "versionEndIncluding");
-      if (ver_se != NULL && strcmp (ver_se->valuestring, "(null)"))
-        version_end_incl = g_strdup_printf ("'%s'", ver_se->valuestring);
-      else
-        version_end_incl = g_strdup ("NULL");
-
-      ver_se = cJSON_GetObjectItemCaseSensitive(match_rule, "versionEndExcluding");
-      if (ver_se != NULL && strcmp (ver_se->valuestring, "(null)"))
-        version_end_excl = g_strdup_printf ("'%s'", ver_se->valuestring);
-      else
-        version_end_excl = g_strdup ("NULL");
-
-      sql
-       ("INSERT INTO scap2.cpe_match_range"
-        " (node_id, vulnerable, cpe,"
-        "  version_start_incl, version_start_excl,"
-        "  version_end_incl, version_end_excl)"
-        " VALUES"
-        " (%llu, %d, %s, %s, %s, %s, %s)",
-        id,
-        vulnerable ? 1 : 0,
-        sql_cpe ? sql_cpe : "",
-        version_start_incl ? version_start_incl : "",
-        version_start_excl ? version_start_excl : "",
-        version_end_incl ? version_end_incl : "",
-        version_end_excl ? version_end_excl : "");
-
-      g_free (sql_cpe);
-      g_free (version_start_incl);
-      g_free (version_start_excl);
-      g_free (version_end_incl);
-      g_free (version_end_excl);
-    }
+            operator,
+            negate ? 1 : 0);
 }
 
 /**
@@ -3372,52 +3281,185 @@ set_root_id (long int id, long int root_id)
 }
 
 /**
- * @brief Load and add recursively all nodes of a match rule tree for a
- *        specific CVE. Build a match rule tree.
+ * @brief Handle the references of a CVE.
+ *
+ * @param[in]  cve_db_id            The id of the CVE the references belong to.
+ * @param[in]  cve_id               The id of the CVE.
+ * @param[in]  reference_json       JSON array containing the references.
  *
- * @param[in]  parent_id  The parent id of the nodes to insert
- *                        (0 for the root node).
- * @param[in]  cveid      The id of the CVE the tree belongs to.
- * @param[in]  root_id    The root id of the nodes to insert.
- * @param[in]  nodes      The JSON object that contains the rules for a
- *                        specific tree level.
+ * @return 0 on success, -1 on error.
  */
-static void
-load_nodes (resource_t parent_id, resource_t cveid, resource_t root_id, cJSON *nodes)
+static int
+handle_cve_references (resource_t cve_db_id, char * cve_id, cJSON* reference_json)
 {
-  cJSON *node;
-  resource_t id;
-  cJSON *operator;
-  cJSON *cpe_match_rules;
-  cJSON *child_nodes;
-
-  node = NULL;
-  id = 0;
-  operator = NULL;
-  cpe_match_rules = NULL;
-  child_nodes = NULL;
-
-  if (nodes == NULL)
-    return;
+    cJSON *reference_data;
+    cJSON *tags;
 
-  cJSON_ArrayForEach(node, nodes)
+    cJSON_ArrayForEach(reference_data, reference_json)
     {
-      operator = cJSON_GetObjectItemCaseSensitive(node, "operator");
-      if (operator && operator->valuestring)
-        id = save_node (parent_id, cveid, operator->valuestring);
-      else
-        return;
+      GString *tags_string;
+      char *url_value = json_object_item_string (reference_data, "url");
+      if (url_value == NULL)
+      {
+          g_warning("%s: url missing in reference for %s.", __func__, cve_id);
+          return -1;
+      }
+
+      tags = cJSON_GetObjectItemCaseSensitive(reference_data, "tags");
+      if (cJSON_IsArray(tags))
+        {
+          array_t *tags_array = make_array ();
+          tags_string = g_string_new ("{");
+
+          for (int i = 0; i < cJSON_GetArraySize(tags); i++)
+            {
+              cJSON *tag = cJSON_GetArrayItem(tags, i);
+              if (!cJSON_IsString(tag))
+                {
+                  g_warning("%s: tag for %s is NULL or not a string.", __func__, cve_id);
+                  return -1;
+                }
+              if ((strcmp (tag->valuestring, "(null)") == 0) || strlen(tag->valuestring) == 0)
+                {
+                  g_warning("%s: tag for %s is an empty string or has value (null).", __func__, cve_id);
+                  return -1;
+                }
+              array_add (tags_array, tag->valuestring);
+            }
+
+          for (int i = 0; i < tags_array->len; i++)
+            {
+              gchar *tag = g_ptr_array_index (tags_array, i);
+              gchar *quoted_tag = sql_quote (tag);
 
-      if (parent_id == 0)
-        root_id = id;
-      set_root_id (id, root_id);
+              g_string_append (tags_string, quoted_tag);
 
-      cpe_match_rules = cJSON_GetObjectItemCaseSensitive(node, "cpe_match");
-      if (cpe_match_rules)
-        add_cpe_match_rules (id, cpe_match_rules);
-      child_nodes = cJSON_GetObjectItemCaseSensitive(node, "children");
-      load_nodes (id, cveid, root_id, child_nodes);
+              if (i < tags_array->len - 1)
+                g_string_append (tags_string, ",");
+
+              g_free (quoted_tag);
+            }
+          g_string_append (tags_string, "}");
+          g_ptr_array_free (tags_array, TRUE);
+        }
+
+        gchar *quoted_url = sql_quote (url_value);
+
+        sql("INSERT INTO scap2.cve_references"
+            " (cve_id, url, tags)"
+            " VALUES"
+            " (%llu, '%s', '%s')"
+            " ON CONFLICT (cve_id, url) DO UPDATE"
+            " SET tags = EXCLUDED.tags;",
+            cve_db_id,
+            quoted_url,
+            tags_string->str ?: "{}");
+
+      g_free (quoted_url);
+      if (tags_string)
+        g_string_free (tags_string, TRUE);
+    }
+    return 0;
+}
+
+/**
+ * @brief Handle the configurations of a CVE.
+ *
+ * @param[in]  cve_db_id            The id of the CVE the configurations belong to.
+ * @param[in]  cve_id               The id of the CVE.
+ * @param[in]  configurations_json  JSON array containing the configurations.
+ *
+ * @return 0 on success, -1 on error.
+ */
+static int
+handle_cve_configurations (resource_t cve_db_id, char * cve_id, cJSON* configurations_json)
+{
+  cJSON *configuration_item;
+
+  cJSON_ArrayForEach (configuration_item, configurations_json)
+    {
+      cJSON *nodes_array, *node_item;
+      resource_t id, root_id;
+      char *config_operator;
+      int negate;
+      
+      nodes_array = cJSON_GetObjectItemCaseSensitive (configuration_item, "nodes");
+      if (!cJSON_IsArray (nodes_array))
+        {
+          g_warning("%s: 'nodes' field missing or not an array for %s.",
+                    __func__, cve_id);
+          return -1;
+        }
+
+      root_id = -1;
+      config_operator = json_object_item_string (configuration_item, "operator");
+      if (config_operator)
+        {
+          negate = json_object_item_boolean (configuration_item, "negate", 0);
+          id = save_node (cve_db_id, config_operator, negate);
+          set_root_id (id, id);
+          root_id = id;
+        }
+
+      char *node_operator;
+      cJSON_ArrayForEach(node_item, nodes_array)
+        {
+          node_operator = json_object_item_string (node_item, "operator");
+          if (node_operator == NULL)
+            {
+              g_warning("%s: operator missing for %s.", __func__, cve_id);
+              return -1;
+            }
+          
+          negate = json_object_item_boolean (node_item, "negate", 0);
+
+          cJSON *cpe_matches_array;
+          cpe_matches_array = cJSON_GetObjectItemCaseSensitive (node_item, "cpeMatch");
+          if (!cJSON_IsArray (cpe_matches_array))
+            {
+              g_warning("%s: cpeMatch missing or not an array for %s.", __func__, cve_id);
+              return -1;
+            }
+
+          id = save_node (cve_db_id, node_operator, negate);
+          if(root_id < 0)
+            root_id = id;
+          set_root_id (id, root_id);
+          
+          cJSON *cpe_match_item;
+          cJSON_ArrayForEach(cpe_match_item, cpe_matches_array)
+            {
+              char *match_criteria_id;
+              int vulnerable;
+              gchar *quoted_match_criteria_id;
+
+              vulnerable = json_object_item_boolean (cpe_match_item, "vulnerable", -1);
+              if (vulnerable == -1)
+                {
+                  g_warning("%s: vulnerable missing in cpeMatch for %s.", __func__, cve_id);
+                  return -1;
+                }
+              match_criteria_id = json_object_item_string (cpe_match_item, "matchCriteriaId");
+              if (match_criteria_id == NULL)
+                {
+                  g_warning("%s: matchCriteriaId missing in cpeMatch for %s.", __func__, cve_id);
+                  return -1;
+                }
+              quoted_match_criteria_id = sql_quote (match_criteria_id);
+
+              sql("INSERT INTO scap2.cpe_nodes_match_criteria"
+                  " (node_id, vulnerable, match_criteria_id)"
+                  " VALUES"
+                  " (%llu, %d, lower ('%s'))",
+                  id,
+                  vulnerable ? 1 : 0,
+                  quoted_match_criteria_id);
+              
+              g_free (quoted_match_criteria_id);          
+            }
+        }
     }
+ return 0;
 }
 
 /**
@@ -3432,23 +3474,26 @@ static int
 handle_json_cve_item (cJSON *item)
 {
   cJSON *cve_json;
-  cJSON *cve_data_meta_json;
-
-  char *cve_id;
+  char *cve_id, *vector;
+  double score_dbl;
   resource_t cve_db_id;
 
-  cve_json = cJSON_GetObjectItemCaseSensitive(item, "cve");
-  cve_data_meta_json = cJSON_GetObjectItemCaseSensitive(cve_json, "CVE_data_meta");
-  cve_id = json_object_item_string (cve_data_meta_json, "ID");
+  cve_json = cJSON_GetObjectItemCaseSensitive (item, "cve");
+  if (!cJSON_IsObject (cve_json))
+    {
+      g_warning("%s: 'cve' field is missing or not an object.", __func__);
+      return -1;
+    }
+  cve_id = json_object_item_string (cve_json, "id");
   if (cve_id == NULL)
     {
-      g_warning("%s: ID missing.", __func__);
+      g_warning("%s: cve id missing.", __func__);
       return -1;
     }
 
   char *published;
   time_t published_time;
-  published = json_object_item_string (item, "publishedDate");
+  published = json_object_item_string (cve_json, "published");
   if (published == NULL)
     {
       g_warning("%s: publishedDate missing for %s.", __func__, cve_id);
@@ -3458,7 +3503,7 @@ handle_json_cve_item (cJSON *item)
 
   char *modified;
   time_t modified_time;
-  modified = json_object_item_string (item, "lastModifiedDate");
+  modified = json_object_item_string (cve_json, "lastModified");
   if (modified == NULL)
     {
       g_warning("%s: lastModifiedDate missing for %s.", __func__, cve_id);
@@ -3466,55 +3511,64 @@ handle_json_cve_item (cJSON *item)
     }
   modified_time = parse_iso_time (modified);
 
-  cJSON *impact_json;
-  cJSON *base_metric_json;
-  char * cvss_key;
-  cJSON *cvss_json;
-  char * vector;
-  double score_dbl;
+  cJSON *metrics_json;
+  cJSON *cvss_metric_array;
 
-  impact_json = cJSON_GetObjectItemCaseSensitive(item, "impact");
-  if (impact_json == NULL)
+  metrics_json = cJSON_GetObjectItemCaseSensitive(cve_json, "metrics");
+  if (!cJSON_IsObject (metrics_json))
     {
-      g_warning("%s: Impact missing for %s.", __func__, cve_id);
+      g_warning("%s: Metrics missing or not an object for %s.", __func__, cve_id);
       return -1;
     }
-  base_metric_json = cJSON_GetObjectItemCaseSensitive(impact_json, "baseMetricV4");
-  if (base_metric_json != NULL)
-    cvss_key = "cvssV4";
-  else
+
+  gboolean cvss_metric_found = FALSE;
+  
+  const char *cvss_metric_keys[] = {"cvssMetricV40", "cvssMetricV31", "cvssMetricV30", "cvssMetricV2"};
+  for (int i = 0; i < 4; i++)
     {
-      base_metric_json = cJSON_GetObjectItemCaseSensitive(impact_json, "baseMetricV3");
-      if (base_metric_json != NULL)
-        cvss_key = "cvssV3";
-      else
+      cvss_metric_array = cJSON_GetObjectItemCaseSensitive(metrics_json, cvss_metric_keys[i]);
+      if (cJSON_IsArray (cvss_metric_array) && cJSON_GetArraySize(cvss_metric_array) > 0)
         {
-          base_metric_json = cJSON_GetObjectItemCaseSensitive(impact_json, "baseMetricV2");
-          if (base_metric_json != NULL)
-            cvss_key = "cvssV2";
-          else
-            cvss_key = NULL;
+          cvss_metric_found = TRUE;
+          break;
         }
     }
-  if (cvss_key != NULL)
+
+  if (cvss_metric_found)
     {
-      cvss_json = cJSON_GetObjectItemCaseSensitive(base_metric_json, cvss_key);
-      if (cvss_json == NULL)
-        {
-          g_warning("%s: %s missing for %s.", __func__, cvss_key, cve_id);
-          return -1;
-        }
-      score_dbl = json_object_item_double (cvss_json, "baseScore", SEVERITY_MISSING);
-      if (score_dbl == SEVERITY_MISSING)
-        {
-          g_warning("%s: baseScore missing in %s for %s.", __func__, cvss_key, cve_id);
-          return -1;
-        }
-      vector = json_object_item_string (cvss_json, "vectorString");
-      if (vector == NULL)
+      cJSON *cvss_json;
+      cJSON *cvss_metric_item;
+      char *source_type;
+
+      cJSON_ArrayForEach (cvss_metric_item, cvss_metric_array)
         {
-          g_warning("%s: vectorString missing for %s.", __func__, cve_id);
-          return -1;
+          source_type = json_object_item_string (cvss_metric_item, "type");
+          if (source_type == NULL)
+            {
+              g_warning("%s: type missing in CVSS metric for %s.", __func__, cve_id);
+              return -1;
+            }
+          else if (strcmp (source_type, "Primary"))
+            continue;
+
+          cvss_json = cJSON_GetObjectItemCaseSensitive(cvss_metric_item, "cvssData");
+          if (!cJSON_IsObject (cvss_json))
+            {
+              g_warning("%s: cvssData missing or not an object for %s.", __func__, cve_id);
+              return -1;
+            }
+          score_dbl = json_object_item_double (cvss_json, "baseScore", SEVERITY_MISSING);
+          if (score_dbl == SEVERITY_MISSING)
+            {
+              g_warning("%s: baseScore missing for %s.", __func__, cve_id);
+              return -1;
+            }
+          vector = json_object_item_string (cvss_json, "vectorString");
+          if (vector == NULL)
+            {
+              g_warning("%s: vectorString missing for %s.", __func__, cve_id);
+              return -1;
+            }
         }
     }
   else
@@ -3523,25 +3577,17 @@ handle_json_cve_item (cJSON *item)
       vector = NULL;
     }
 
-  cJSON *description_json;
-  cJSON *description_data_json;
+  cJSON *descriptions_json;
   cJSON *description_item_json;
   char *description_value;
 
-  description_json = cJSON_GetObjectItemCaseSensitive(cve_json, "description");
-  if (description_json == NULL)
+  descriptions_json = cJSON_GetObjectItemCaseSensitive(cve_json, "descriptions");
+  if (!cJSON_IsArray(descriptions_json))
     {
-      g_warning("%s: description missing for %s.", __func__, cve_id);
+      g_warning("%s: descriptions for %s is missing or not an array.", __func__, cve_id);
       return -1;
     }
-
-  description_data_json = cJSON_GetObjectItemCaseSensitive(description_json, "description_data");
-  if (description_data_json == NULL)
-    {
-      g_warning("%s: description_data missing for %s.", __func__, cve_id);
-      return -1;
-    }
-  cJSON_ArrayForEach (description_item_json, description_data_json)
+  cJSON_ArrayForEach (description_item_json, descriptions_json)
     {
       char *lang = json_object_item_string (description_item_json, "lang");
       if (lang != NULL && strcmp(lang, "en") == 0)
@@ -3577,24 +3623,27 @@ handle_json_cve_item (cJSON *item)
 
   g_free (quoted_description);
 
-  cJSON *configurations_json;
-  cJSON *nodes_json;
-
-  configurations_json =
-       cJSON_GetObjectItemCaseSensitive(item, "configurations");
-  if (configurations_json == NULL)
+  cJSON *configurations_array;
+  configurations_array = cJSON_GetObjectItemCaseSensitive(cve_json, "configurations");
+  if (! cJSON_IsArray(configurations_array))
     {
-      g_warning("%s: configurations missing for %s.", __func__, cve_id);
+      g_warning("%s: configurations for %s is missing or not an array.", __func__, cve_id);
       return -1;
     }
-  nodes_json =
-       cJSON_GetObjectItemCaseSensitive(configurations_json, "nodes");
-  if (nodes_json == NULL)
+
+  if (handle_cve_configurations (cve_db_id, cve_id, configurations_array))
+    return -1;
+
+  cJSON *references_array;
+  references_array = cJSON_GetObjectItemCaseSensitive(cve_json, "references");
+  if (!cJSON_IsArray(references_array))
     {
-      g_warning("%s: nodes missing for %s.", __func__, cve_id);
+      g_warning("%s: references for %s is missing or not an array.", __func__, cve_id);
       return -1;
     }
-  load_nodes (0, cve_db_id, 0, nodes_json);
+
+  if (handle_cve_references (cve_db_id, cve_id, references_array))
+    return -1;
 
   return 0;
 }
@@ -3657,7 +3706,7 @@ update_cve_json (const gchar *cve_path, GHashTable *hashed_cpes)
           gvm_json_pull_parser_next (&parser, &event);
           gvm_json_path_elem_t *path_tail = g_queue_peek_tail (event.path);
           if (event.type == GVM_JSON_PULL_EVENT_ARRAY_START && path_tail &&
-              path_tail->key && strcmp (path_tail->key, "CVE_Items") == 0)
+              path_tail->key && strcmp (path_tail->key, "vulnerabilities") == 0)
             {
               cve_items_found = TRUE;
             }
@@ -3685,7 +3734,7 @@ update_cve_json (const gchar *cve_path, GHashTable *hashed_cpes)
           entry = gvm_json_pull_expand_container (&parser, &error_message);
           if (error_message)
             {
-              g_warning ("%s: Error expanding CVE item: %s", __func__, error_message);
+              g_warning ("%s: Error expanding vulnerability item: %s", __func__, error_message);
               gvm_json_pull_event_cleanup (&event);
               gvm_json_pull_parser_cleanup (&parser);
               cJSON_Delete (entry);
@@ -3917,6 +3966,325 @@ update_scap_cves ()
   return 0;
 }
 
+/**
+ * @brief Insert a SCAP CPE match string from JSON.
+ *
+ * @param[in]  inserts          Pointer to SQL buffer for match string entries.
+ * @param[in]  matches_inserts  Pointer to SQL buffer for match string matches.
+ * @param[in]  match_string_item   JSON object from the matchStrings list.
+ *
+ * @return 0 success, -1 error.
+ */
+static int
+handle_json_cpe_match_string (inserts_t *inserts, inserts_t *matches_inserts,
+                              cJSON *match_string_item)
+{
+  cJSON *match_string, *matches_array;
+  char *criteria, *match_criteria_id, *status, *ver_se;
+  gchar *quoted_version_start_incl, *quoted_version_start_excl;
+  gchar *quoted_version_end_incl, *quoted_version_end_excl;
+  gchar *quoted_criteria, *quoted_match_criteria_id, *quoted_cpe_name_id;
+  int first;
+
+  assert (inserts);
+  assert (matches_inserts);
+
+  match_string = cJSON_GetObjectItemCaseSensitive (match_string_item, "matchString");
+  if (!cJSON_IsObject (match_string))
+    {
+      g_warning ("%s: 'matchString' field is missing or not an object",
+                 __func__);
+      return -1;
+    }
+
+  criteria = json_object_item_string (match_string, "criteria");
+  if (criteria == NULL)
+    {
+      g_warning ("%s: 'criteria' field missing or not a string", __func__);
+      return -1;
+    }
+
+  match_criteria_id = json_object_item_string (match_string, "matchCriteriaId");
+  if (match_criteria_id == NULL)
+    {
+      g_warning ("%s: 'matchCriteriaId' field missing or not a string", __func__);
+      return -1;
+    }
+
+  status = json_object_item_string (match_string, "status");
+  if (status == NULL)
+    {
+      g_warning ("%s: 'status' field missing or not a string", __func__);
+      return -1;
+    }
+
+  ver_se = json_object_item_string (match_string, "versionStartIncluding");
+  if (ver_se == NULL)
+    quoted_version_start_incl = g_strdup ("NULL");
+  else
+    quoted_version_start_incl = g_strdup_printf ("'%s'", ver_se);
+    
+  ver_se = json_object_item_string (match_string, "versionStartExcluding");
+  if (ver_se == NULL)
+    quoted_version_start_excl = g_strdup ("NULL");
+  else
+    quoted_version_start_excl = g_strdup_printf ("'%s'", ver_se);
+
+  ver_se = json_object_item_string (match_string, "versionEndIncluding");
+  if (ver_se == NULL)
+    quoted_version_end_incl = g_strdup ("NULL");
+  else
+    quoted_version_end_incl = g_strdup_printf ("'%s'", ver_se);
+
+  ver_se = json_object_item_string (match_string, "versionEndExcluding");
+  if (ver_se == NULL)
+    quoted_version_end_excl = g_strdup ("NULL");
+  else
+    quoted_version_end_excl = g_strdup_printf ("'%s'", ver_se);
+
+  quoted_match_criteria_id = sql_quote (match_criteria_id);
+  quoted_criteria = sql_quote (criteria);
+
+  first = inserts_check_size (inserts);
+
+  g_string_append_printf (inserts->statement,
+                          "%s (lower('%s'), '%s', %s, %s, %s, %s, '%s')",
+                          first ? "" : ",",
+                          quoted_match_criteria_id,
+                          quoted_criteria,
+                          quoted_version_start_incl,
+                          quoted_version_start_excl,
+                          quoted_version_end_incl,
+                          quoted_version_end_excl,
+                          status);
+
+  inserts->current_chunk_size++;
+
+  g_free (quoted_criteria);
+  g_free (quoted_version_start_incl);
+  g_free (quoted_version_start_excl);
+  g_free (quoted_version_end_incl);
+  g_free (quoted_version_end_excl);
+
+  matches_array = cJSON_GetObjectItemCaseSensitive (match_string, "matches");
+  
+  if (cJSON_IsArray (matches_array) && cJSON_GetArraySize (matches_array) > 0)
+    {
+      cJSON *match_item;
+      cJSON_ArrayForEach (match_item, matches_array)
+        {
+          char *cpe_name_id;
+
+          cpe_name_id = json_object_item_string (match_item, "cpeNameId");
+          if (cpe_name_id == NULL)
+            {
+              g_warning ("%s: 'cpeNameId' field missing or not a string", __func__);
+              g_free (quoted_match_criteria_id);
+              return -1;
+            }
+
+          quoted_cpe_name_id = sql_quote (cpe_name_id);
+
+          first = inserts_check_size (matches_inserts);
+
+          g_string_append_printf (matches_inserts->statement,
+                                "%s (lower('%s'), lower('%s'))",
+                                first ? "" : ",",
+                                quoted_match_criteria_id,
+                                quoted_cpe_name_id);
+
+          matches_inserts->current_chunk_size++;
+
+          g_free (quoted_cpe_name_id);
+        }
+    }
+
+  g_free (quoted_match_criteria_id);
+  return 0;
+}
+
+/**
+ * @brief Updates the CPE match strings in the SCAP database.
+ *
+ * @return 0 success, -1 error.
+ */
+static int
+update_scap_cpe_match_strings ()
+{
+  gchar *current_json_path;
+  FILE *cpe_match_strings_file;
+  gvm_json_pull_event_t event;
+  gvm_json_pull_parser_t parser;
+  inserts_t inserts, matches_inserts;
+
+  current_json_path = g_build_filename (GVM_SCAP_DATA_DIR,
+                                        "cpe_match_strings.json.gz",
+                                        NULL);
+  int fd = open(current_json_path, O_RDONLY);
+
+  if (fd < 0 && errno == ENOENT)
+  {
+    g_free (current_json_path);
+    current_json_path = g_build_filename (GVM_SCAP_DATA_DIR,
+                                          "cpe_match_strings.json",
+                                          NULL);
+    fd = open(current_json_path, O_RDONLY);
+  }
+
+  if (fd < 0)
+    {
+      int ret;
+      if (errno == ENOENT)
+        {
+          g_info ("%s: CPE match strings file '%s' not found",
+                  __func__, current_json_path);
+          ret = 0;
+        }
+      else
+        {
+          g_warning ("%s: Failed to open CPE match strings file: %s",
+                    __func__, strerror (errno));
+          ret = -1;
+        }
+        g_free (current_json_path);
+      return ret;
+    }
+
+  cpe_match_strings_file = gvm_gzip_open_file_reader_fd (fd);
+
+  if (cpe_match_strings_file == NULL)
+    {
+      g_warning ("%s: Failed to convert file descriptor to FILE*: %s",
+                 __func__,
+                 strerror (errno));
+      g_free (current_json_path);
+      close (fd);
+      return -1;
+    }
+
+  g_info ("Updating CPE match strings from %s", current_json_path);
+  g_free (current_json_path);
+
+  gvm_json_pull_event_init (&event);
+  gvm_json_pull_parser_init (&parser, cpe_match_strings_file);
+
+  gvm_json_pull_parser_next (&parser, &event);
+
+  if (event.type == GVM_JSON_PULL_EVENT_OBJECT_START)
+    {
+      gboolean cpe_match_strings_found = FALSE;
+      while (!cpe_match_strings_found)
+        {
+          gvm_json_pull_parser_next (&parser, &event);
+	        gvm_json_path_elem_t *path_tail = g_queue_peek_tail (event.path);
+	        if (event.type == GVM_JSON_PULL_EVENT_ARRAY_START
+              && path_tail && strcmp (path_tail->key, "matchStrings") == 0)
+            {
+              cpe_match_strings_found = TRUE;
+            }
+          else if (event.type == GVM_JSON_PULL_EVENT_ERROR)
+            {
+              g_warning ("%s: Parser error: %s", __func__, event.error_message);
+              gvm_json_pull_event_cleanup (&event);
+              gvm_json_pull_parser_cleanup (&parser);
+              fclose (cpe_match_strings_file);
+              return -1;
+            }
+          else if (event.type == GVM_JSON_PULL_EVENT_OBJECT_END
+                   && g_queue_is_empty (event.path))
+            {
+              g_warning ("%s: Unexpected json object end. Missing CPE matched strings field", __func__);
+              gvm_json_pull_event_cleanup (&event);
+              gvm_json_pull_parser_cleanup (&parser);
+              fclose (cpe_match_strings_file);
+              return -1;
+            }
+        }
+
+      sql_begin_immediate ();
+      inserts_init (&inserts,
+                CPE_MAX_CHUNK_SIZE,
+                setting_secinfo_sql_buffer_threshold_bytes (),
+                "INSERT INTO scap2.cpe_match_range"
+                "  (match_criteria_id, cpe, version_start_incl,"
+                "   version_start_excl, version_end_incl, version_end_excl,"
+                "   status)"
+                "  VALUES ",
+                " ON CONFLICT (match_criteria_id) DO UPDATE"
+                " SET cpe = EXCLUDED.cpe,"                
+                "     version_start_incl = EXCLUDED.version_start_incl,"
+                "     version_start_excl = EXCLUDED.version_start_excl,"
+                "     version_end_incl = EXCLUDED.version_end_incl,"
+                "     version_end_excl = EXCLUDED.version_end_excl,"
+                "     status = EXCLUDED.status");
+
+      inserts_init (&matches_inserts, 10,
+                setting_secinfo_sql_buffer_threshold_bytes (),
+                "INSERT INTO scap2.cpe_matches" 
+                "  (match_criteria_id, cpe_name_id)"
+                "  VALUES ",              
+                "");
+
+      gvm_json_pull_parser_next (&parser, &event);
+      while (event.type == GVM_JSON_PULL_EVENT_OBJECT_START)
+        {
+          gchar *error_message;
+          cJSON *cpe_match_string_item = gvm_json_pull_expand_container (&parser, &error_message);
+          if (error_message)
+            {
+              g_warning ("%s: Error expanding match string item: %s", __func__, error_message);
+              cJSON_Delete (cpe_match_string_item);
+              inserts_free (&inserts);
+              inserts_free (&matches_inserts);
+              sql_commit ();
+              g_warning ("Update of cpe match strings failed");
+              gvm_json_pull_event_cleanup (&event);
+              gvm_json_pull_parser_cleanup (&parser);
+              fclose (cpe_match_strings_file);
+              return -1;
+            }
+          if (handle_json_cpe_match_string (&inserts, &matches_inserts, cpe_match_string_item))
+            {
+              cJSON_Delete (cpe_match_string_item);
+              inserts_free (&inserts);
+              inserts_free (&matches_inserts);
+              sql_commit ();
+              g_warning ("Update of cpe match strings failed");
+              gvm_json_pull_event_cleanup (&event);
+              gvm_json_pull_parser_cleanup (&parser);
+              fclose (cpe_match_strings_file);
+              return -1;            
+            }
+          cJSON_Delete (cpe_match_string_item);
+          gvm_json_pull_parser_next (&parser, &event);
+	      }
+    }
+  else if (event.type == GVM_JSON_PULL_EVENT_ERROR)
+    {
+      g_warning ("%s: Parser error: %s", __func__, event.error_message);
+      gvm_json_pull_event_cleanup (&event);
+      gvm_json_pull_parser_cleanup (&parser);
+      fclose (cpe_match_strings_file);
+      return -1;
+    }
+  else
+    {
+      g_warning ("%s: CVE affected products file is not a JSON object.", __func__);
+      gvm_json_pull_event_cleanup (&event);
+      gvm_json_pull_parser_cleanup (&parser);
+      fclose (cpe_match_strings_file);
+      return -1;
+    }
+
+  inserts_run (&inserts, TRUE);
+  inserts_run (&matches_inserts, TRUE);
+  sql_commit ();
+  gvm_json_pull_event_cleanup (&event);
+  gvm_json_pull_parser_cleanup (&parser);
+  fclose (cpe_match_strings_file);
+  return 0;
+}
+
 /**
  * @brief Adds a EPSS score entry to an SQL inserts buffer.
  *
@@ -5120,6 +5488,15 @@ update_scap (gboolean reset_scap_db)
       return -1;
     }
 
+  g_debug ("%s: update cpe match strings", __func__);
+  setproctitle ("Syncing SCAP: Updating CPE Match Strings");
+
+  if (update_scap_cpe_match_strings () == -1)
+    {
+      abort_scap_update ();
+      return -1;
+    }
+
   g_debug ("%s: update cves", __func__);
   setproctitle ("Syncing SCAP: Updating CVEs");
 
diff --git a/src/schema_formats/XML/GMP.xml.in b/src/schema_formats/XML/GMP.xml.in
index eb2feaf73..216f603d5 100644
--- a/src/schema_formats/XML/GMP.xml.in
+++ b/src/schema_formats/XML/GMP.xml.in
@@ -13129,6 +13129,8 @@ END:VCALENDAR
             <o><e>epss</e></o>
             <o><e>nvts</e></o>
             <o><e>cert</e></o>
+            <o><e>configuration_nodes</e></o>
+            <o><e>references</e></o>
             <o><e>raw_data</e></o>
           </pattern>
           <summary>A CVE info element</summary>
@@ -13249,6 +13251,161 @@ END:VCALENDAR
               </pattern>
             </ele>
           </ele>
+          <ele>
+            <name>configuration_nodes</name>
+            <summary>List of configuration nodes. Only when details were requested</summary>
+            <pattern>
+              <any><e>node</e></any>
+            </pattern>
+            <ele>
+              <name>node</name>
+              <summary>A configuration node for the CVE</summary>
+              <pattern>
+                <e>operator</e>
+                <o><e>match_criteria</e></o>
+                <o><any><e>node</e></any></o>
+              </pattern>
+              <ele>
+                <name>operator</name>
+                <summary>The operator for the match criteria</summary>
+                <pattern>
+                  text
+                </pattern>
+              </ele>
+              <ele>
+                <name>match_criteria</name>
+                <summary>The match criteria for the node</summary>
+                <pattern>
+                  <e>match_string</e>
+                  <e>vulnerable</e>
+                  <e>version_start_including</e>
+                  <e>version_start_excluding</e>
+                  <e>version_end_including</e>
+                  <e>version_end_excluding</e>
+                  <e>matched_cpes</e>
+                </pattern>
+                <ele>
+                  <name>match_string</name>
+                  <summary>A CPE Match string</summary>
+                  <pattern>
+                    text
+                  </pattern>
+                </ele>
+                <ele>
+                  <name>vulnerable</name>
+                  <summary>A true or false value, whether matching CPEs are considered vulnerable</summary>
+                  <pattern>
+                    text
+                  </pattern>
+                </ele>
+                <ele>
+                  <name>version_start_including</name>
+                  <summary>From version (including)</summary>
+                  <pattern>
+                    text
+                  </pattern>
+                </ele>
+                <ele>
+                  <name>version_start_excluding</name>
+                  <summary>From version (excluding)</summary>
+                  <pattern>
+                    text
+                  </pattern>
+                </ele>
+                <ele>
+                  <name>version_end_including</name>
+                  <summary>Up to version (including)</summary>
+                  <pattern>
+                    text
+                  </pattern>
+                </ele>
+                <ele>
+                  <name>version_end_excluding</name>
+                  <summary>Up to version (exluding)</summary>
+                  <pattern>
+                    text
+                  </pattern>
+                </ele>
+                <ele>
+                  <name>matched_cpes</name>
+                  <summary>List of matching CPEs</summary>
+                  <pattern>
+                    <e>name</e>
+                    <e>deprecated</e>
+                    <o><e>deprecated_by</e></o>
+                  </pattern>
+                  <ele>
+                    <name>name</name>
+                    <summary>Name of the matching CPE</summary>
+                    <pattern>
+                      text
+                    </pattern>
+                  </ele>
+                  <ele>
+                    <name>deprecated</name>
+                    <summary>A true or false value, whether the CPE is deprecated</summary>
+                    <pattern>
+                      text
+                    </pattern>
+                  </ele>
+                  <ele>
+                    <name>deprecated_by</name>
+                    <summary>CPE ID the current CPE is deprecated by. Only when the CPE is deprecated</summary>
+                    <pattern>
+                      <attrib>
+                        <name>cpe_id</name>
+                        <type>uuid</type>
+                        <summary>CPE ID the current CPE is deprecated by</summary>
+                      </attrib>
+                    </pattern>
+                  </ele>
+                </ele>
+              </ele>
+              <ele>
+                <name>node</name>
+                <summary>Nodes can contain other nested nodes</summary>
+                <pattern>
+                  node
+                </pattern>
+              </ele>
+            </ele>
+          </ele>
+          <ele>
+            <name>references</name>
+            <summary>References of this CVE. Only when details were requested</summary>
+            <pattern>
+              <any><e>reference</e></any>
+            </pattern>
+            <ele>
+              <name>reference</name>
+              <summary>Reference of the CVE</summary>
+              <pattern>
+                <e>url</e>
+                <e>tags</e>
+              </pattern>
+              <ele>
+                <name>url</name>
+                <summary>The URL of the reference</summary>
+                <pattern>
+                  text
+                </pattern>
+              </ele>
+              <ele>
+                <name>tags</name>
+                <summary>List of tags for the reference</summary>
+                <pattern>
+                  <o><any><e>tag</e></any></o>
+                </pattern>
+                <ele>
+                  <name>tag</name>
+                  <summary>Tag for a reference</summary>
+                  <pattern>
+                    text
+                  </pattern>
+                </ele>
+              </ele>
+            </ele>
+          </ele>
           <ele>
             <name>raw_data</name>
             <summary>Source representation of the information. Only when details were requested</summary>

From ba2dcd533f7d8dca8a56b1587f36ec982fd8ee85 Mon Sep 17 00:00:00 2001
From: Ahmed Abdelsalam <ahmed.abdelsalam@greenbone.net>
Date: Fri, 1 Nov 2024 17:39:00 +0100
Subject: [PATCH 109/134] Address minor issues

---
 src/gmp.c                | 10 ++++------
 src/manage_sql_secinfo.c |  8 ++++----
 2 files changed, 8 insertions(+), 10 deletions(-)

diff --git a/src/gmp.c b/src/gmp.c
index fe766df12..9857f9825 100644
--- a/src/gmp.c
+++ b/src/gmp.c
@@ -13283,13 +13283,12 @@ print_cpe_match_nodes_xml(resource_t node, GString *buffer)
   init_cpe_match_range_iterator (&cpe_match_ranges, node);
   while (next (&cpe_match_ranges))
     {
-      const gchar *vsi, *vse, *vei, *vee, *match_criteria_id, *range_uri_product;
+      const gchar *vsi, *vse, *vei, *vee, *match_criteria_id, *match_string;
 
       xml_string_append (buffer, "<match_criteria>");
       match_criteria_id = cpe_match_range_iterator_match_criteria_id (&cpe_match_ranges);
-      range_uri_product 
-        = fs_cpe_to_uri_cpe (cpe_match_range_iterator_cpe (&cpe_match_ranges));
-      xml_string_append (buffer, "<match_string>%s</match_string>", range_uri_product?: "");
+      match_string = cpe_match_range_iterator_cpe (&cpe_match_ranges);
+      xml_string_append (buffer, "<match_string>%s</match_string>", match_string?: "");
       xml_string_append (buffer, "<vulnerable>%s</vulnerable>",
                          cpe_match_range_iterator_vulnerable (&cpe_match_ranges) != 0
                          ? "1"
@@ -13334,8 +13333,7 @@ print_cpe_match_nodes_xml(resource_t node, GString *buffer)
           }
           cleanup_iterator (&cpes);
 
-          xml_string_append (buffer, "<cpe>");
-          xml_string_append (buffer, "<name>%s</name>", cpe?: "");
+          xml_string_append (buffer, "<cpe id=\"%s\">", cpe?: "");
           xml_string_append (buffer,
                             "<deprecated>%s</deprecated>",
                              deprecated ? "1" : "0");
diff --git a/src/manage_sql_secinfo.c b/src/manage_sql_secinfo.c
index 8b3cdbde0..2fd61350e 100644
--- a/src/manage_sql_secinfo.c
+++ b/src/manage_sql_secinfo.c
@@ -3492,7 +3492,7 @@ handle_cve_configurations (resource_t cve_db_id, char * cve_id, cJSON* configura
               sql("INSERT INTO scap2.cpe_nodes_match_criteria"
                   " (node_id, vulnerable, match_criteria_id)"
                   " VALUES"
-                  " (%llu, %d, lower ('%s'))",
+                  " (%llu, %d, '%s')",
                   id,
                   vulnerable ? 1 : 0,
                   quoted_match_criteria_id);
@@ -4085,12 +4085,12 @@ handle_json_cpe_match_string (inserts_t *inserts, inserts_t *matches_inserts,
     quoted_version_end_excl = g_strdup_printf ("'%s'", ver_se);
 
   quoted_match_criteria_id = sql_quote (match_criteria_id);
-  quoted_criteria = sql_quote (criteria);
+  quoted_criteria = fs_to_uri_convert_and_quote_cpe_name (criteria);
 
   first = inserts_check_size (inserts);
 
   g_string_append_printf (inserts->statement,
-                          "%s (lower('%s'), '%s', %s, %s, %s, %s, '%s')",
+                          "%s ('%s', '%s', %s, %s, %s, %s, '%s')",
                           first ? "" : ",",
                           quoted_match_criteria_id,
                           quoted_criteria,
@@ -4130,7 +4130,7 @@ handle_json_cpe_match_string (inserts_t *inserts, inserts_t *matches_inserts,
           first = inserts_check_size (matches_inserts);
 
           g_string_append_printf (matches_inserts->statement,
-                                "%s (lower('%s'), lower('%s'))",
+                                "%s ('%s', '%s')",
                                 first ? "" : ",",
                                 quoted_match_criteria_id,
                                 quoted_cpe_name_id);

From 03f546ad9b58bd3648fc3e8ab9319d9599c2081f Mon Sep 17 00:00:00 2001
From: Ahmed Abdelsalam <ahmed.abdelsalam@greenbone.net>
Date: Fri, 1 Nov 2024 17:41:53 +0100
Subject: [PATCH 110/134] Update names of CVE JSON feed files

---
 src/manage_sql_secinfo.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/manage_sql_secinfo.c b/src/manage_sql_secinfo.c
index 2fd61350e..19bea8b35 100644
--- a/src/manage_sql_secinfo.c
+++ b/src/manage_sql_secinfo.c
@@ -3961,8 +3961,8 @@ update_scap_cves ()
   gboolean read_json = FALSE;
   while ((cve_path = g_dir_read_name (dir)))
     {
-      if (fnmatch ("nvdcve-1.1-*.json.gz", cve_path, 0) == 0 ||
-          fnmatch ("nvdcve-1.1-*.json", cve_path, 0) == 0)
+      if (fnmatch ("nvdcve-2.0-*.json.gz", cve_path, 0) == 0 ||
+          fnmatch ("nvdcve-2.0-*.json", cve_path, 0) == 0)
         {
           read_json = TRUE;
           break;
@@ -3973,8 +3973,8 @@ update_scap_cves ()
   count = 0;
   while ((cve_path = g_dir_read_name (dir)))
     {
-      if ((fnmatch ("nvdcve-1.1-*.json.gz", cve_path, 0) == 0 ||
-           fnmatch ("nvdcve-1.1-*.json", cve_path, 0) == 0)
+      if ((fnmatch ("nvdcve-2.0-*.json.gz", cve_path, 0) == 0 ||
+           fnmatch ("nvdcve-2.0-*.json", cve_path, 0) == 0)
           && read_json)
         {
           if (update_cve_json (cve_path, hashed_cpes))

From 64983cac2ae8d8cc66234ab078e159c5236b35e6 Mon Sep 17 00:00:00 2001
From: Ahmed Abdelsalam <ahmed.abdelsalam@greenbone.net>
Date: Mon, 4 Nov 2024 14:13:16 +0100
Subject: [PATCH 111/134] Minor code changes and adjusting formatting

---
 src/gmp.c                         |  64 ++++---
 src/manage_pg.c                   |   4 +
 src/manage_sql.c                  |  17 +-
 src/manage_sql_secinfo.c          | 267 +++++++++++++++++-------------
 src/schema_formats/XML/GMP.xml.in |   8 +
 5 files changed, 218 insertions(+), 142 deletions(-)

diff --git a/src/gmp.c b/src/gmp.c
index 9857f9825..833434055 100644
--- a/src/gmp.c
+++ b/src/gmp.c
@@ -13261,15 +13261,17 @@ handle_get_groups (gmp_parser_t *gmp_parser, GError **error)
  * @param[in]  buffer   Buffer into which to print match node.
  */
 static void
-print_cpe_match_nodes_xml(resource_t node, GString *buffer)
+print_cpe_match_nodes_xml (resource_t node, GString *buffer)
 {
   iterator_t cpe_match_nodes, cpe_match_ranges;
-  const char *operator = NULL;
-  int negate = 0;
 
   init_iterator (&cpe_match_nodes,
-                 "SELECT operator, negate FROM scap.cpe_match_nodes WHERE id = %llu;", 
+                 "SELECT operator, negate"
+                 " FROM scap.cpe_match_nodes WHERE id = %llu;",
                  node);
+
+  const char *operator = NULL;
+  int negate = 0;
   while (next (&cpe_match_nodes))
     {
       operator = iterator_string (&cpe_match_nodes, 0);
@@ -13286,17 +13288,23 @@ print_cpe_match_nodes_xml(resource_t node, GString *buffer)
       const gchar *vsi, *vse, *vei, *vee, *match_criteria_id, *match_string;
 
       xml_string_append (buffer, "<match_criteria>");
-      match_criteria_id = cpe_match_range_iterator_match_criteria_id (&cpe_match_ranges);
+      match_criteria_id
+        = cpe_match_range_iterator_match_criteria_id (&cpe_match_ranges);
       match_string = cpe_match_range_iterator_cpe (&cpe_match_ranges);
-      xml_string_append (buffer, "<match_string>%s</match_string>", match_string?: "");
-      xml_string_append (buffer, "<vulnerable>%s</vulnerable>",
+
+      xml_string_append (buffer,
+                         "<match_string>%s</match_string>",
+                         match_string?: "");
+      xml_string_append (buffer,
+                         "<vulnerable>%s</vulnerable>",
                          cpe_match_range_iterator_vulnerable (&cpe_match_ranges) != 0
                          ? "1"
                          : "0");
-      vsi = cpe_match_range_iterator_version_start_incl(&cpe_match_ranges);
-      vse = cpe_match_range_iterator_version_start_excl(&cpe_match_ranges);
-      vei = cpe_match_range_iterator_version_end_incl(&cpe_match_ranges);
-      vee = cpe_match_range_iterator_version_end_excl(&cpe_match_ranges);
+
+      vsi = cpe_match_range_iterator_version_start_incl (&cpe_match_ranges);
+      vse = cpe_match_range_iterator_version_start_excl (&cpe_match_ranges);
+      vei = cpe_match_range_iterator_version_end_incl (&cpe_match_ranges);
+      vee = cpe_match_range_iterator_version_end_excl (&cpe_match_ranges);
 
       xml_string_append (buffer,
                          "<version_start_including>%s</version_start_including>", 
@@ -13335,7 +13343,7 @@ print_cpe_match_nodes_xml(resource_t node, GString *buffer)
 
           xml_string_append (buffer, "<cpe id=\"%s\">", cpe?: "");
           xml_string_append (buffer,
-                            "<deprecated>%s</deprecated>",
+                             "<deprecated>%s</deprecated>",
                              deprecated ? "1" : "0");
           if (deprecated)
             {
@@ -13366,7 +13374,7 @@ print_cpe_match_nodes_xml(resource_t node, GString *buffer)
  *
  */
 static void
-print_cve_affected_software_configs_xml (gchar *cve_uuid, GString *result)
+print_cve_configurations_xml (const gchar *cve_uuid, GString *result)
 {
   iterator_t cpe_match_root_nodes;
   xml_string_append (result, "<configuration_nodes>");
@@ -13377,14 +13385,15 @@ print_cve_affected_software_configs_xml (gchar *cve_uuid, GString *result)
         iterator_t cpe_match_node_childs;
         root_node = cpe_match_nodes_iterator_root_id (&cpe_match_root_nodes);
         xml_string_append (result, "<node>");
-        print_cpe_match_nodes_xml(root_node, result);
+        print_cpe_match_nodes_xml (root_node, result);
         init_cpe_match_node_childs_iterator (&cpe_match_node_childs, root_node);
         while (next (&cpe_match_node_childs))
           {
             resource_t child_node;
-            child_node = cpe_match_node_childs_iterator_id (&cpe_match_node_childs);
+            child_node =
+              cpe_match_node_childs_iterator_id (&cpe_match_node_childs);
             xml_string_append (result, "<node>");
-            print_cpe_match_nodes_xml(child_node, result);
+            print_cpe_match_nodes_xml (child_node, result);
             xml_string_append (result, "</node>");
           }
         xml_string_append (result, "</node>");
@@ -13402,7 +13411,7 @@ print_cve_affected_software_configs_xml (gchar *cve_uuid, GString *result)
  *
  */
 static void
-print_cve_references_xml (gchar *cve_uuid, GString *result)
+print_cve_references_xml (const gchar *cve_uuid, GString *result)
 {
   iterator_t references;
   init_cve_reference_iterator (&references, cve_uuid);
@@ -13410,20 +13419,26 @@ print_cve_references_xml (gchar *cve_uuid, GString *result)
   while (next (&references))
     {
       xml_string_append (result, "<reference>");
-      xml_string_append (result, "<url>%s</url>", cve_reference_iterator_url (&references));
+      xml_string_append (result,
+                         "<url>%s</url>",
+                         cve_reference_iterator_url (&references));
       xml_string_append (result, "<tags>");
       const char * tags_array = cve_reference_iterator_tags (&references);
-      if(tags_array && strlen(tags_array) > 2)
+      if(tags_array && strlen (tags_array) > 2)
         {
-          char *trimmed_array = g_strndup (tags_array + 1, strlen (tags_array) - 2);
+          char *trimmed_array
+            = g_strndup (tags_array + 1, strlen (tags_array) - 2);
           gchar **tags, **current_tag;
           tags = g_strsplit (trimmed_array, ",", -1);
           current_tag = tags;
           while (*current_tag)
             {
-              if (strlen (*current_tag) > 2 && (*current_tag)[0] == '"' && (*current_tag)[strlen (*current_tag) - 1] == '"')
+              if (strlen (*current_tag) > 2
+                  && (*current_tag)[0] == '"'
+                  && (*current_tag)[strlen (*current_tag) - 1] == '"')
                 {
-                  char *trimmed_tag = g_strndup (*current_tag + 1, strlen (*current_tag) - 2);
+                  char *trimmed_tag = g_strndup (*current_tag + 1,
+                                                 strlen (*current_tag) - 2);
                   xml_string_append (result, "<tag>%s</tag>", trimmed_tag);
                   g_free (trimmed_tag);
                 }
@@ -13816,10 +13831,9 @@ handle_get_info (gmp_parser_t *gmp_parser, GError **error)
                 }
               g_string_append (result, "</cert>");
 
-              gchar *cve_uuid = g_strdup(get_iterator_uuid (&info));
-              print_cve_affected_software_configs_xml (cve_uuid, result);
+              const gchar *cve_uuid = get_iterator_uuid (&info);
+              print_cve_configurations_xml (cve_uuid, result);
               print_cve_references_xml (cve_uuid, result);
-              g_free(cve_uuid);
             }
         }
       else if (g_strcmp0 ("cert_bund_adv", get_info_data->type) == 0)
diff --git a/src/manage_pg.c b/src/manage_pg.c
index 893d3e240..da79adb05 100644
--- a/src/manage_pg.c
+++ b/src/manage_pg.c
@@ -3649,6 +3649,10 @@ manage_db_add_constraints (const gchar *name)
       sql ("ALTER TABLE scap2.cpe_match_range"
            " ADD UNIQUE (match_criteria_id);");
 
+      sql ("ALTER TABLE scap2.cpe_matches"
+           " ALTER match_criteria_id SET NOT NULL,"
+           " ALTER cpe_name_id SET NOT NULL,"
+           " ADD UNIQUE (match_criteria_id, cpe_name_id);");
     }
   else
     {
diff --git a/src/manage_sql.c b/src/manage_sql.c
index 71461dc00..ef9cb24e4 100644
--- a/src/manage_sql.c
+++ b/src/manage_sql.c
@@ -20511,10 +20511,12 @@ init_cpe_match_nodes_iterator (iterator_t* iterator, const char *cpe)
   gchar *quoted_cpe;
   quoted_cpe = sql_quote (cpe);
   init_iterator (iterator,
-                 " SELECT DISTINCT n.root_id"
+                 "SELECT DISTINCT n.root_id"
                  " FROM scap.cpe_match_nodes n"
-                 " JOIN scap.cpe_nodes_match_criteria c ON n.id = c.node_id"
-                 " JOIN scap.cpe_match_range r ON c.match_criteria = r.match_criteria_id"
+                 " JOIN scap.cpe_nodes_match_criteria c"
+                 " ON n.id = c.node_id"
+                 " JOIN scap.cpe_match_range r"
+                 " ON c.match_criteria = r.match_criteria_id"
                  " WHERE cpe like '%s%%';",
                  quoted_cpe);
   g_free (quoted_cpe);
@@ -20534,7 +20536,8 @@ init_cve_cpe_match_nodes_iterator (iterator_t* iterator, const char *cve)
   init_iterator (iterator,
                  "SELECT DISTINCT root_id"
                  " FROM scap.cpe_match_nodes"
-                 " WHERE cve_id = (SELECT id from scap.cves where uuid = '%s');",
+                 " WHERE cve_id = (SELECT id FROM scap.cves"
+                 " WHERE uuid = '%s');",
                  quoted_cve);
   g_free (quoted_cve);
 }
@@ -20553,7 +20556,8 @@ init_cve_reference_iterator (iterator_t* iterator, const char *cve)
   init_iterator (iterator,
                  "SELECT url, array_length(tags, 1), tags"
                  " FROM scap.cve_references"
-                 " WHERE cve_id = (SELECT id from scap.cves where uuid = '%s');",
+                 " WHERE cve_id = (SELECT id FROM scap.cves"
+                 " WHERE uuid = '%s');",
                  quoted_cve);
   g_free (quoted_cve);
 }
@@ -20736,7 +20740,8 @@ DEF_ACCESS (cpe_match_range_iterator_version_end_excl, 7);
  * @param[in]  match_criteria_id  The match criteria id to get the matches for.
  */
 void
-init_cpe_match_range_matches_iterator (iterator_t* iterator, const char *match_criteria_id)
+init_cpe_match_range_matches_iterator (iterator_t* iterator,
+                                       const char *match_criteria_id)
 {
   init_iterator (iterator,
                  "SELECT cpe_name_id"
diff --git a/src/manage_sql_secinfo.c b/src/manage_sql_secinfo.c
index 19bea8b35..b7b421ce6 100644
--- a/src/manage_sql_secinfo.c
+++ b/src/manage_sql_secinfo.c
@@ -3289,7 +3289,7 @@ insert_cve_from_entry (element_t entry, element_t last_modified,
  *
  * @param[in]  cve_id     The id of the CVE to which the tree belongs.
  * @param[in]  operator   The operator for the match rules.
- * @param[in]  negate     Whether the match rules are negated.
+ * @param[in]  negate     Whether the operator is negated.
  *
  * @return The (database) id of the node.
  */
@@ -3332,75 +3332,80 @@ set_root_id (long int id, long int root_id)
  * @return 0 on success, -1 on error.
  */
 static int
-handle_cve_references (resource_t cve_db_id, char * cve_id, cJSON* reference_json)
+handle_cve_references (resource_t cve_db_id, char * cve_id,
+                       cJSON* reference_json)
 {
     cJSON *reference_data;
     cJSON *tags;
 
-    cJSON_ArrayForEach(reference_data, reference_json)
-    {
-      GString *tags_string;
-      char *url_value = json_object_item_string (reference_data, "url");
-      if (url_value == NULL)
+    cJSON_ArrayForEach (reference_data, reference_json)
       {
-          g_warning("%s: url missing in reference for %s.", __func__, cve_id);
-          return -1;
-      }
-
-      tags = cJSON_GetObjectItemCaseSensitive(reference_data, "tags");
-      if (cJSON_IsArray(tags))
+        GString *tags_string;
+        char *url_value = json_object_item_string (reference_data, "url");
+        if (url_value == NULL)
         {
-          array_t *tags_array = make_array ();
-          tags_string = g_string_new ("{");
-
-          for (int i = 0; i < cJSON_GetArraySize(tags); i++)
-            {
-              cJSON *tag = cJSON_GetArrayItem(tags, i);
-              if (!cJSON_IsString(tag))
-                {
-                  g_warning("%s: tag for %s is NULL or not a string.", __func__, cve_id);
-                  return -1;
-                }
-              if ((strcmp (tag->valuestring, "(null)") == 0) || strlen(tag->valuestring) == 0)
-                {
-                  g_warning("%s: tag for %s is an empty string or has value (null).", __func__, cve_id);
-                  return -1;
-                }
-              array_add (tags_array, tag->valuestring);
-            }
-
-          for (int i = 0; i < tags_array->len; i++)
-            {
-              gchar *tag = g_ptr_array_index (tags_array, i);
-              gchar *quoted_tag = sql_quote (tag);
-
-              g_string_append (tags_string, quoted_tag);
-
-              if (i < tags_array->len - 1)
-                g_string_append (tags_string, ",");
-
-              g_free (quoted_tag);
-            }
-          g_string_append (tags_string, "}");
-          g_ptr_array_free (tags_array, TRUE);
+            g_warning ("%s: url missing in reference for %s.",
+                       __func__, cve_id);
+            return -1;
         }
 
-        gchar *quoted_url = sql_quote (url_value);
-
-        sql("INSERT INTO scap2.cve_references"
-            " (cve_id, url, tags)"
-            " VALUES"
-            " (%llu, '%s', '%s')"
-            " ON CONFLICT (cve_id, url) DO UPDATE"
-            " SET tags = EXCLUDED.tags;",
-            cve_db_id,
-            quoted_url,
-            tags_string->str ?: "{}");
+        tags = cJSON_GetObjectItemCaseSensitive (reference_data, "tags");
+        if (cJSON_IsArray (tags))
+          {
+            array_t *tags_array = make_array ();
+            tags_string = g_string_new ("{");
+
+            for (int i = 0; i < cJSON_GetArraySize (tags); i++)
+              {
+                cJSON *tag = cJSON_GetArrayItem (tags, i);
+                if (!cJSON_IsString (tag))
+                  {
+                    g_warning ("%s: tag for %s is NULL or not a string.",
+                               __func__, cve_id);
+                    return -1;
+                  }
+                if ((strcmp (tag->valuestring, "(null)") == 0)
+                     || strlen (tag->valuestring) == 0)
+                  {
+                    g_warning ("%s: tag for %s is empty string or NULL.",
+                               __func__, cve_id);
+                    return -1;
+                  }
+                array_add (tags_array, tag->valuestring);
+              }
+
+            for (int i = 0; i < tags_array->len; i++)
+              {
+                gchar *tag = g_ptr_array_index (tags_array, i);
+                gchar *quoted_tag = sql_quote (tag);
+
+                g_string_append (tags_string, quoted_tag);
+
+                if (i < tags_array->len - 1)
+                  g_string_append (tags_string, ",");
+
+                g_free (quoted_tag);
+              }
+            g_string_append (tags_string, "}");
+            g_ptr_array_free (tags_array, TRUE);
+          }
 
-      g_free (quoted_url);
-      if (tags_string)
-        g_string_free (tags_string, TRUE);
-    }
+          gchar *quoted_url = sql_quote (url_value);
+
+          sql ("INSERT INTO scap2.cve_references"
+               " (cve_id, url, tags)"
+               " VALUES"
+               " (%llu, '%s', '%s')"
+               " ON CONFLICT (cve_id, url) DO UPDATE"
+               " SET tags = EXCLUDED.tags;",
+               cve_db_id,
+               quoted_url,
+               tags_string->str ?: "{}");
+
+        g_free (quoted_url);
+        if (tags_string)
+          g_string_free (tags_string, TRUE);
+      }
     return 0;
 }
 
@@ -3414,7 +3419,8 @@ handle_cve_references (resource_t cve_db_id, char * cve_id, cJSON* reference_jso
  * @return 0 on success, -1 on error.
  */
 static int
-handle_cve_configurations (resource_t cve_db_id, char * cve_id, cJSON* configurations_json)
+handle_cve_configurations (resource_t cve_db_id, char * cve_id,
+                           cJSON* configurations_json)
 {
   cJSON *configuration_item;
 
@@ -3425,16 +3431,18 @@ handle_cve_configurations (resource_t cve_db_id, char * cve_id, cJSON* configura
       char *config_operator;
       int negate;
       
-      nodes_array = cJSON_GetObjectItemCaseSensitive (configuration_item, "nodes");
+      nodes_array = cJSON_GetObjectItemCaseSensitive (configuration_item,
+                                                      "nodes");
       if (!cJSON_IsArray (nodes_array))
         {
-          g_warning("%s: 'nodes' field missing or not an array for %s.",
+          g_warning ("%s: 'nodes' field missing or not an array for %s.",
                     __func__, cve_id);
           return -1;
         }
 
       root_id = -1;
-      config_operator = json_object_item_string (configuration_item, "operator");
+      config_operator = json_object_item_string (configuration_item,
+                                                 "operator");
       if (config_operator)
         {
           negate = json_object_item_boolean (configuration_item, "negate", 0);
@@ -3449,47 +3457,55 @@ handle_cve_configurations (resource_t cve_db_id, char * cve_id, cJSON* configura
           node_operator = json_object_item_string (node_item, "operator");
           if (node_operator == NULL)
             {
-              g_warning("%s: operator missing for %s.", __func__, cve_id);
+              g_warning ("%s: operator missing for %s.", __func__, cve_id);
               return -1;
             }
           
           negate = json_object_item_boolean (node_item, "negate", 0);
 
           cJSON *cpe_matches_array;
-          cpe_matches_array = cJSON_GetObjectItemCaseSensitive (node_item, "cpeMatch");
+          cpe_matches_array = cJSON_GetObjectItemCaseSensitive (node_item,
+                                                                "cpeMatch");
           if (!cJSON_IsArray (cpe_matches_array))
             {
-              g_warning("%s: cpeMatch missing or not an array for %s.", __func__, cve_id);
+              g_warning ("%s: cpeMatch missing or not an array for %s.",
+                         __func__, cve_id);
               return -1;
             }
 
           id = save_node (cve_db_id, node_operator, negate);
-          if(root_id < 0)
+
+          if (root_id < 0)
             root_id = id;
+
           set_root_id (id, root_id);
           
           cJSON *cpe_match_item;
-          cJSON_ArrayForEach(cpe_match_item, cpe_matches_array)
+          cJSON_ArrayForEach (cpe_match_item, cpe_matches_array)
             {
               char *match_criteria_id;
               int vulnerable;
               gchar *quoted_match_criteria_id;
 
-              vulnerable = json_object_item_boolean (cpe_match_item, "vulnerable", -1);
+              vulnerable = json_object_item_boolean (cpe_match_item,
+                                                     "vulnerable", -1);
               if (vulnerable == -1)
                 {
-                  g_warning("%s: vulnerable missing in cpeMatch for %s.", __func__, cve_id);
+                  g_warning ("%s: vulnerable missing in cpeMatch for %s.",
+                             __func__, cve_id);
                   return -1;
                 }
-              match_criteria_id = json_object_item_string (cpe_match_item, "matchCriteriaId");
+              match_criteria_id = json_object_item_string (cpe_match_item,
+                                                           "matchCriteriaId");
               if (match_criteria_id == NULL)
                 {
-                  g_warning("%s: matchCriteriaId missing in cpeMatch for %s.", __func__, cve_id);
+                  g_warning ("%s: matchCriteriaId missing in cpeMatch for %s.",
+                             __func__, cve_id);
                   return -1;
                 }
               quoted_match_criteria_id = sql_quote (match_criteria_id);
 
-              sql("INSERT INTO scap2.cpe_nodes_match_criteria"
+              sql ("INSERT INTO scap2.cpe_nodes_match_criteria"
                   " (node_id, vulnerable, match_criteria_id)"
                   " VALUES"
                   " (%llu, %d, '%s')",
@@ -3523,13 +3539,13 @@ handle_json_cve_item (cJSON *item)
   cve_json = cJSON_GetObjectItemCaseSensitive (item, "cve");
   if (!cJSON_IsObject (cve_json))
     {
-      g_warning("%s: 'cve' field is missing or not an object.", __func__);
+      g_warning ("%s: 'cve' field is missing or not an object.", __func__);
       return -1;
     }
   cve_id = json_object_item_string (cve_json, "id");
   if (cve_id == NULL)
     {
-      g_warning("%s: cve id missing.", __func__);
+      g_warning ("%s: cve id missing.", __func__);
       return -1;
     }
 
@@ -3548,7 +3564,7 @@ handle_json_cve_item (cJSON *item)
   modified = json_object_item_string (cve_json, "lastModified");
   if (modified == NULL)
     {
-      g_warning("%s: lastModifiedDate missing for %s.", __func__, cve_id);
+      g_warning ("%s: lastModifiedDate missing for %s.", __func__, cve_id);
       return -1;
     }
   modified_time = parse_iso_time (modified);
@@ -3556,20 +3572,28 @@ handle_json_cve_item (cJSON *item)
   cJSON *metrics_json;
   cJSON *cvss_metric_array;
 
-  metrics_json = cJSON_GetObjectItemCaseSensitive(cve_json, "metrics");
+  metrics_json = cJSON_GetObjectItemCaseSensitive (cve_json, "metrics");
   if (!cJSON_IsObject (metrics_json))
     {
-      g_warning("%s: Metrics missing or not an object for %s.", __func__, cve_id);
+      g_warning ("%s: Metrics missing or not an object for %s.",
+                 __func__, cve_id);
       return -1;
     }
 
   gboolean cvss_metric_found = FALSE;
   
-  const char *cvss_metric_keys[] = {"cvssMetricV40", "cvssMetricV31", "cvssMetricV30", "cvssMetricV2"};
+  const char *cvss_metric_keys[] = {
+    "cvssMetricV40",
+    "cvssMetricV31",
+    "cvssMetricV30",
+    "cvssMetricV2"};
+
   for (int i = 0; i < 4; i++)
     {
-      cvss_metric_array = cJSON_GetObjectItemCaseSensitive(metrics_json, cvss_metric_keys[i]);
-      if (cJSON_IsArray (cvss_metric_array) && cJSON_GetArraySize(cvss_metric_array) > 0)
+      cvss_metric_array
+        = cJSON_GetObjectItemCaseSensitive (metrics_json, cvss_metric_keys[i]);
+      if (cJSON_IsArray (cvss_metric_array)
+          && cJSON_GetArraySize (cvss_metric_array) > 0)
         {
           cvss_metric_found = TRUE;
           break;
@@ -3587,28 +3611,33 @@ handle_json_cve_item (cJSON *item)
           source_type = json_object_item_string (cvss_metric_item, "type");
           if (source_type == NULL)
             {
-              g_warning("%s: type missing in CVSS metric for %s.", __func__, cve_id);
+              g_warning ("%s: type missing in CVSS metric for %s.",
+                         __func__, cve_id);
               return -1;
             }
           else if (strcmp (source_type, "Primary"))
             continue;
 
-          cvss_json = cJSON_GetObjectItemCaseSensitive(cvss_metric_item, "cvssData");
+          cvss_json = cJSON_GetObjectItemCaseSensitive (cvss_metric_item,
+                                                        "cvssData");
           if (!cJSON_IsObject (cvss_json))
             {
-              g_warning("%s: cvssData missing or not an object for %s.", __func__, cve_id);
+              g_warning ("%s: cvssData missing or not an object for %s.",
+                         __func__, cve_id);
               return -1;
             }
-          score_dbl = json_object_item_double (cvss_json, "baseScore", SEVERITY_MISSING);
+          score_dbl = json_object_item_double (cvss_json,
+                                               "baseScore",
+                                               SEVERITY_MISSING);
           if (score_dbl == SEVERITY_MISSING)
             {
-              g_warning("%s: baseScore missing for %s.", __func__, cve_id);
+              g_warning ("%s: baseScore missing for %s.", __func__, cve_id);
               return -1;
             }
           vector = json_object_item_string (cvss_json, "vectorString");
           if (vector == NULL)
             {
-              g_warning("%s: vectorString missing for %s.", __func__, cve_id);
+              g_warning ("%s: vectorString missing for %s.", __func__, cve_id);
               return -1;
             }
         }
@@ -3623,17 +3652,20 @@ handle_json_cve_item (cJSON *item)
   cJSON *description_item_json;
   char *description_value;
 
-  descriptions_json = cJSON_GetObjectItemCaseSensitive(cve_json, "descriptions");
-  if (!cJSON_IsArray(descriptions_json))
+  descriptions_json = cJSON_GetObjectItemCaseSensitive (cve_json,
+                                                        "descriptions");
+  if (!cJSON_IsArray (descriptions_json))
     {
-      g_warning("%s: descriptions for %s is missing or not an array.", __func__, cve_id);
+      g_warning ("%s: descriptions for %s is missing or not an array.",
+                 __func__, cve_id);
       return -1;
     }
   cJSON_ArrayForEach (description_item_json, descriptions_json)
     {
       char *lang = json_object_item_string (description_item_json, "lang");
-      if (lang != NULL && strcmp(lang, "en") == 0)
-        description_value = json_object_item_string (description_item_json, "value");
+      if (lang != NULL && strcmp (lang, "en") == 0)
+        description_value = json_object_item_string (description_item_json,
+                                                     "value");
     }
 
   char *quoted_description = sql_quote (description_value);
@@ -3666,10 +3698,12 @@ handle_json_cve_item (cJSON *item)
   g_free (quoted_description);
 
   cJSON *configurations_array;
-  configurations_array = cJSON_GetObjectItemCaseSensitive(cve_json, "configurations");
-  if (! cJSON_IsArray(configurations_array))
+  configurations_array = cJSON_GetObjectItemCaseSensitive (cve_json,
+                                                           "configurations");
+  if (!cJSON_IsArray (configurations_array))
     {
-      g_warning("%s: configurations for %s is missing or not an array.", __func__, cve_id);
+      g_warning ("%s: configurations for %s is missing or not an array.",
+                 __func__, cve_id);
       return -1;
     }
 
@@ -3677,10 +3711,11 @@ handle_json_cve_item (cJSON *item)
     return -1;
 
   cJSON *references_array;
-  references_array = cJSON_GetObjectItemCaseSensitive(cve_json, "references");
-  if (!cJSON_IsArray(references_array))
+  references_array = cJSON_GetObjectItemCaseSensitive (cve_json, "references");
+  if (!cJSON_IsArray (references_array))
     {
-      g_warning("%s: references for %s is missing or not an array.", __func__, cve_id);
+      g_warning ("%s: references for %s is missing or not an array.",
+                 __func__, cve_id);
       return -1;
     }
 
@@ -4031,7 +4066,8 @@ handle_json_cpe_match_string (inserts_t *inserts, inserts_t *matches_inserts,
   assert (inserts);
   assert (matches_inserts);
 
-  match_string = cJSON_GetObjectItemCaseSensitive (match_string_item, "matchString");
+  match_string = cJSON_GetObjectItemCaseSensitive (match_string_item,
+                                                   "matchString");
   if (!cJSON_IsObject (match_string))
     {
       g_warning ("%s: 'matchString' field is missing or not an object",
@@ -4046,10 +4082,12 @@ handle_json_cpe_match_string (inserts_t *inserts, inserts_t *matches_inserts,
       return -1;
     }
 
-  match_criteria_id = json_object_item_string (match_string, "matchCriteriaId");
+  match_criteria_id = json_object_item_string (match_string,
+                                               "matchCriteriaId");
   if (match_criteria_id == NULL)
     {
-      g_warning ("%s: 'matchCriteriaId' field missing or not a string", __func__);
+      g_warning ("%s: 'matchCriteriaId' field missing or not a string",
+                 __func__);
       return -1;
     }
 
@@ -4120,7 +4158,8 @@ handle_json_cpe_match_string (inserts_t *inserts, inserts_t *matches_inserts,
           cpe_name_id = json_object_item_string (match_item, "cpeNameId");
           if (cpe_name_id == NULL)
             {
-              g_warning ("%s: 'cpeNameId' field missing or not a string", __func__);
+              g_warning ("%s: 'cpeNameId' field missing or not a string",
+                         __func__);
               g_free (quoted_match_criteria_id);
               return -1;
             }
@@ -4235,7 +4274,8 @@ update_scap_cpe_match_strings ()
           else if (event.type == GVM_JSON_PULL_EVENT_OBJECT_END
                    && g_queue_is_empty (event.path))
             {
-              g_warning ("%s: Unexpected json object end. Missing CPE matched strings field", __func__);
+              g_warning ("%s: Unexpected json object end. Missing matchStrings field",
+                         __func__);
               gvm_json_pull_event_cleanup (&event);
               gvm_json_pull_parser_cleanup (&parser);
               fclose (cpe_match_strings_file);
@@ -4271,27 +4311,31 @@ update_scap_cpe_match_strings ()
       while (event.type == GVM_JSON_PULL_EVENT_OBJECT_START)
         {
           gchar *error_message;
-          cJSON *cpe_match_string_item = gvm_json_pull_expand_container (&parser, &error_message);
+          cJSON *cpe_match_string_item
+            = gvm_json_pull_expand_container (&parser, &error_message);
           if (error_message)
             {
-              g_warning ("%s: Error expanding match string item: %s", __func__, error_message);
+              g_warning ("%s: Error expanding match string item: %s",
+                         __func__, error_message);
               cJSON_Delete (cpe_match_string_item);
               inserts_free (&inserts);
               inserts_free (&matches_inserts);
               sql_commit ();
-              g_warning ("Update of cpe match strings failed");
+              g_warning ("Update of CPE match strings failed");
               gvm_json_pull_event_cleanup (&event);
               gvm_json_pull_parser_cleanup (&parser);
               fclose (cpe_match_strings_file);
               return -1;
             }
-          if (handle_json_cpe_match_string (&inserts, &matches_inserts, cpe_match_string_item))
+          if (handle_json_cpe_match_string (&inserts,
+                                            &matches_inserts,
+                                            cpe_match_string_item))
             {
               cJSON_Delete (cpe_match_string_item);
               inserts_free (&inserts);
               inserts_free (&matches_inserts);
               sql_commit ();
-              g_warning ("Update of cpe match strings failed");
+              g_warning ("Update of CPE match strings failed");
               gvm_json_pull_event_cleanup (&event);
               gvm_json_pull_parser_cleanup (&parser);
               fclose (cpe_match_strings_file);
@@ -4311,7 +4355,8 @@ update_scap_cpe_match_strings ()
     }
   else
     {
-      g_warning ("%s: CVE affected products file is not a JSON object.", __func__);
+      g_warning ("%s: CVE match strings file is not a JSON object.",
+                 __func__);
       gvm_json_pull_event_cleanup (&event);
       gvm_json_pull_parser_cleanup (&parser);
       fclose (cpe_match_strings_file);
diff --git a/src/schema_formats/XML/GMP.xml.in b/src/schema_formats/XML/GMP.xml.in
index 216f603d5..17b1381f5 100644
--- a/src/schema_formats/XML/GMP.xml.in
+++ b/src/schema_formats/XML/GMP.xml.in
@@ -13262,6 +13262,7 @@ END:VCALENDAR
               <summary>A configuration node for the CVE</summary>
               <pattern>
                 <e>operator</e>
+                <e>negate</e>
                 <o><e>match_criteria</e></o>
                 <o><any><e>node</e></any></o>
               </pattern>
@@ -13272,6 +13273,13 @@ END:VCALENDAR
                   text
                 </pattern>
               </ele>
+              <ele>
+                <name>negate</name>
+                <summary>A true or false value, whether the operator is negated</summary>
+                <pattern>
+                  text
+                </pattern>
+              </ele>
               <ele>
                 <name>match_criteria</name>
                 <summary>The match criteria for the node</summary>

From 6ff3d18c121a928b406a02b43ca3159d8641bb85 Mon Sep 17 00:00:00 2001
From: Ahmed Abdelsalam <ahmed.abdelsalam@greenbone.net>
Date: Tue, 5 Nov 2024 11:44:09 +0100
Subject: [PATCH 112/134] Code refactoring - Rename scap.cpe_match_range to
 scap.cpe_match_strings - Rename cpe in cpe_match_range to criteria - Add
 cpe_name to scap.cpe_matches - Add status to the configuration nodes in the
 response of get_info command

---
 src/gmp.c                         | 44 ++++++++-------
 src/manage.c                      | 14 ++---
 src/manage.h                      | 23 ++++----
 src/manage_pg.c                   |  9 +--
 src/manage_sql.c                  | 93 ++++++++++++++++++-------------
 src/manage_sql_secinfo.c          | 29 +++++++---
 src/schema_formats/XML/GMP.xml.in | 12 ++--
 7 files changed, 128 insertions(+), 96 deletions(-)

diff --git a/src/gmp.c b/src/gmp.c
index 833434055..462a7ed07 100644
--- a/src/gmp.c
+++ b/src/gmp.c
@@ -13282,29 +13282,31 @@ print_cpe_match_nodes_xml (resource_t node, GString *buffer)
   xml_string_append (buffer, "<operator>%s</operator>", operator?: "");
   xml_string_append (buffer, "<negate>%s</negate>", negate? "1" : "0");
 
-  init_cpe_match_range_iterator (&cpe_match_ranges, node);
+  init_cpe_match_string_iterator (&cpe_match_ranges, node);
   while (next (&cpe_match_ranges))
     {
-      const gchar *vsi, *vse, *vei, *vee, *match_criteria_id, *match_string;
+      const gchar *vsi, *vse, *vei, *vee, *match_criteria_id, *criteria, *status;
 
-      xml_string_append (buffer, "<match_criteria>");
+      xml_string_append (buffer, "<match_string>");
       match_criteria_id
-        = cpe_match_range_iterator_match_criteria_id (&cpe_match_ranges);
-      match_string = cpe_match_range_iterator_cpe (&cpe_match_ranges);
+        = cpe_match_string_iterator_match_criteria_id (&cpe_match_ranges);
+      criteria = cpe_match_string_iterator_criteria (&cpe_match_ranges);
+      status = cpe_match_string_iterator_status (&cpe_match_ranges);
 
       xml_string_append (buffer,
-                         "<match_string>%s</match_string>",
-                         match_string?: "");
-      xml_string_append (buffer,
-                         "<vulnerable>%s</vulnerable>",
-                         cpe_match_range_iterator_vulnerable (&cpe_match_ranges) != 0
+                         "<criteria>%s</criteria>"
+                         "<vulnerable>%s</vulnerable>"
+                         "<status>%s</status>",
+                         criteria?: "",
+                         cpe_match_string_iterator_vulnerable (&cpe_match_ranges) != 0
                          ? "1"
-                         : "0");
+                         : "0",
+                         status?: "");
 
-      vsi = cpe_match_range_iterator_version_start_incl (&cpe_match_ranges);
-      vse = cpe_match_range_iterator_version_start_excl (&cpe_match_ranges);
-      vei = cpe_match_range_iterator_version_end_incl (&cpe_match_ranges);
-      vee = cpe_match_range_iterator_version_end_excl (&cpe_match_ranges);
+      vsi = cpe_match_string_iterator_version_start_incl (&cpe_match_ranges);
+      vse = cpe_match_string_iterator_version_start_excl (&cpe_match_ranges);
+      vei = cpe_match_string_iterator_version_end_incl (&cpe_match_ranges);
+      vee = cpe_match_string_iterator_version_end_excl (&cpe_match_ranges);
 
       xml_string_append (buffer,
                          "<version_start_including>%s</version_start_including>", 
@@ -13320,7 +13322,7 @@ print_cpe_match_nodes_xml (resource_t node, GString *buffer)
                          vee ?: "");
 
       iterator_t cpe_matches;
-      init_cpe_match_range_matches_iterator (&cpe_matches, match_criteria_id);
+      init_cpe_match_string_matches_iterator (&cpe_matches, match_criteria_id);
       xml_string_append (buffer, "<matched_cpes>");
 
       while (next (&cpe_matches))
@@ -13328,16 +13330,16 @@ print_cpe_match_nodes_xml (resource_t node, GString *buffer)
           iterator_t cpes;
 
           init_iterator (&cpes,
-                         "SELECT name, deprecated FROM scap.cpes"
+                         "SELECT deprecated FROM scap.cpes"
                          " WHERE cpe_name_id = '%s';",
                          cpe_matches_cpe_name_id(&cpe_matches));
 
-          const char* cpe = NULL;
+          const char* cpe = cpe_matches_cpe_name (&cpe_matches);
+
           int deprecated = 0;
           while (next (&cpes))
           {
-            cpe = iterator_string (&cpes, 0);
-            deprecated = iterator_int (&cpes, 1);
+            deprecated = iterator_int (&cpes, 0);
           }
           cleanup_iterator (&cpes);
 
@@ -13361,7 +13363,7 @@ print_cpe_match_nodes_xml (resource_t node, GString *buffer)
           xml_string_append (buffer, "</cpe>");
         }
       xml_string_append (buffer, "</matched_cpes>");
-      xml_string_append (buffer, "</match_criteria>");
+      xml_string_append (buffer, "</match_string>");
       cleanup_iterator (&cpe_matches);
     }
   cleanup_iterator (&cpe_match_ranges);
diff --git a/src/manage.c b/src/manage.c
index fca82209f..f61426986 100644
--- a/src/manage.c
+++ b/src/manage.c
@@ -3180,7 +3180,7 @@ check_cpe_match_rule (long long int node, gboolean *match, gboolean *vulnerable,
         return;
     }
 
-  init_cpe_match_range_iterator (&cpe_match_ranges, node);
+  init_cpe_match_string_iterator (&cpe_match_ranges, node);
   while (next (&cpe_match_ranges))
     {
       iterator_t cpe_host_details_products;
@@ -3188,11 +3188,11 @@ check_cpe_match_rule (long long int node, gboolean *match, gboolean *vulnerable,
       gchar *range_uri_product;
       gchar *vsi, *vse, *vei, *vee;
       range_fs_cpe = vsi = vse = vei = vee = NULL;
-      range_fs_cpe = g_strdup (cpe_match_range_iterator_cpe (&cpe_match_ranges));
-      vsi = g_strdup (cpe_match_range_iterator_version_start_incl (&cpe_match_ranges));
-      vse = g_strdup (cpe_match_range_iterator_version_start_excl (&cpe_match_ranges));
-      vei = g_strdup (cpe_match_range_iterator_version_end_incl (&cpe_match_ranges));
-      vee = g_strdup (cpe_match_range_iterator_version_end_excl (&cpe_match_ranges));
+      range_fs_cpe = g_strdup (cpe_match_string_iterator_criteria (&cpe_match_ranges));
+      vsi = g_strdup (cpe_match_string_iterator_version_start_incl (&cpe_match_ranges));
+      vse = g_strdup (cpe_match_string_iterator_version_start_excl (&cpe_match_ranges));
+      vei = g_strdup (cpe_match_string_iterator_version_end_incl (&cpe_match_ranges));
+      vee = g_strdup (cpe_match_string_iterator_version_end_excl (&cpe_match_ranges));
       range_uri_product = fs_cpe_to_uri_product (range_fs_cpe);
       init_host_details_cpe_product_iterator (&cpe_host_details_products, range_uri_product, report_host);
       while (next (&cpe_host_details_products))
@@ -3216,7 +3216,7 @@ check_cpe_match_rule (long long int node, gboolean *match, gboolean *vulnerable,
           cpe_struct_free (&source);
           cpe_struct_free (&target);
         }
-      if (*match && cpe_match_range_iterator_vulnerable (&cpe_match_ranges) == 1)
+      if (*match && cpe_match_string_iterator_vulnerable (&cpe_match_ranges) == 1)
         {
           cpe_struct_t source, target;
           cpe_struct_init (&source);
diff --git a/src/manage.h b/src/manage.h
index 93cbb01e2..2930789b9 100644
--- a/src/manage.h
+++ b/src/manage.h
@@ -1724,38 +1724,41 @@ long long int
 cpe_match_node_childs_iterator_id (iterator_t*);
 
 void
-init_cpe_match_range_iterator (iterator_t*, long long int);
+init_cpe_match_string_iterator (iterator_t*, long long int);
 
 const char*
-cpe_match_range_iterator_cpe (iterator_t*);
+cpe_match_string_iterator_criteria (iterator_t*);
 
 const char*
-cpe_match_range_iterator_match_criteria_id (iterator_t*);
+cpe_match_string_iterator_match_criteria_id (iterator_t*);
 
 const char*
-cpe_match_range_iterator_status (iterator_t*);
+cpe_match_string_iterator_status (iterator_t*);
 
 const char*
-cpe_match_range_iterator_version_start_incl (iterator_t*);
+cpe_match_string_iterator_version_start_incl (iterator_t*);
 
 const char*
-cpe_match_range_iterator_version_start_excl (iterator_t*);
+cpe_match_string_iterator_version_start_excl (iterator_t*);
 
 const char*
-cpe_match_range_iterator_version_end_incl (iterator_t*);
+cpe_match_string_iterator_version_end_incl (iterator_t*);
 
 const char*
-cpe_match_range_iterator_version_end_excl (iterator_t*);
+cpe_match_string_iterator_version_end_excl (iterator_t*);
 
 int
-cpe_match_range_iterator_vulnerable (iterator_t*);
+cpe_match_string_iterator_vulnerable (iterator_t*);
 
 void
-init_cpe_match_range_matches_iterator (iterator_t*, const char *);
+init_cpe_match_string_matches_iterator (iterator_t*, const char *);
 
 const char*
 cpe_matches_cpe_name_id (iterator_t*);
 
+const char*
+cpe_matches_cpe_name (iterator_t*);
+
 void
 init_host_details_cpe_product_iterator (iterator_t*, const char *, report_host_t);
 
diff --git a/src/manage_pg.c b/src/manage_pg.c
index da79adb05..43e031b99 100644
--- a/src/manage_pg.c
+++ b/src/manage_pg.c
@@ -3557,10 +3557,10 @@ manage_db_init (const gchar *name)
            "  vulnerable integer DEFAULT 0,"
            "  match_criteria_id text);");
 
-      sql ("CREATE TABLE scap2.cpe_match_range"
+      sql ("CREATE TABLE scap2.cpe_match_strings"
            " (id SERIAL PRIMARY KEY,"
            "  match_criteria_id text,"
-           "  cpe text DEFAULT NULL,"
+           "  criteria text DEFAULT NULL,"
            "  version_start_incl text DEFAULT NULL,"
            "  version_start_excl text DEFAULT NULL,"
            "  version_end_incl text DEFAULT NULL,"
@@ -3570,7 +3570,8 @@ manage_db_init (const gchar *name)
       sql ("CREATE TABLE scap2.cpe_matches"
            " (id SERIAL PRIMARY KEY,"
            "  match_criteria_id text,"               
-           "  cpe_name_id text);");
+           "  cpe_name_id text,"
+           "  cpe_name text);");
 
       sql ("CREATE TABLE scap2.cpe_details"
            " (id SERIAL PRIMARY KEY,"
@@ -3646,7 +3647,7 @@ manage_db_add_constraints (const gchar *name)
            " ALTER url SET NOT NULL,"
            " ADD UNIQUE (cve_id, url);");
 
-      sql ("ALTER TABLE scap2.cpe_match_range"
+      sql ("ALTER TABLE scap2.cpe_match_strings"
            " ADD UNIQUE (match_criteria_id);");
 
       sql ("ALTER TABLE scap2.cpe_matches"
diff --git a/src/manage_sql.c b/src/manage_sql.c
index ef9cb24e4..3f47b535a 100644
--- a/src/manage_sql.c
+++ b/src/manage_sql.c
@@ -20503,23 +20503,23 @@ DEF_ACCESS (host_details_cpe_product_iterator_value, 0);
  * @brief Initialize an iterator of root_ids of CPE match nodes.
  *
  * @param[in]  iterator  Iterator.
- * @param[in]  cpe       The cpe contained in the match nodes.
+ * @param[in]  criteria  The criteria for the match nodes.
  */
 void
-init_cpe_match_nodes_iterator (iterator_t* iterator, const char *cpe)
+init_cpe_match_nodes_iterator (iterator_t* iterator, const char *criteria)
 {
-  gchar *quoted_cpe;
-  quoted_cpe = sql_quote (cpe);
+  gchar *quoted_criteria;
+  quoted_criteria = sql_quote (criteria);
   init_iterator (iterator,
                  "SELECT DISTINCT n.root_id"
                  " FROM scap.cpe_match_nodes n"
                  " JOIN scap.cpe_nodes_match_criteria c"
                  " ON n.id = c.node_id"
-                 " JOIN scap.cpe_match_range r"
+                 " JOIN scap.cpe_match_strings r"
                  " ON c.match_criteria = r.match_criteria_id"
-                 " WHERE cpe like '%s%%';",
-                 quoted_cpe);
-  g_free (quoted_cpe);
+                 " WHERE criteria like '%s%%';",
+                 quoted_criteria);
+  g_free (quoted_criteria);
 }
 
 /**
@@ -20632,19 +20632,19 @@ cpe_match_node_childs_iterator_id (iterator_t* iterator)
 }
 
 /**
- * @brief Initialize an iterator of match ranges of an CPE match node.
+ * @brief Initialize an iterator of match strings of an CPE match node.
  *
  * @param[in]  iterator  Iterator.
- * @param[in]  node      The match node with match ranges.
+ * @param[in]  node      The match node with match strings.
  */
 void
-init_cpe_match_range_iterator (iterator_t* iterator, long long int node)
+init_cpe_match_string_iterator (iterator_t* iterator, long long int node)
 {
   init_iterator (iterator,
-                 "SELECT n.vulnerable, r.cpe, r.match_criteria_id, r.status,"
+                 "SELECT n.vulnerable, r.criteria, r.match_criteria_id, r.status,"
                  " r.version_start_incl, r.version_start_excl,"
                  " r.version_end_incl, r.version_end_excl"
-                 " FROM scap.cpe_match_range r"
+                 " FROM scap.cpe_match_strings r"
                  " JOIN scap.cpe_nodes_match_criteria n"
                  " ON r.match_criteria_id = n.match_criteria_id"
                  " WHERE n.node_id = %llu;",
@@ -20652,106 +20652,106 @@ init_cpe_match_range_iterator (iterator_t* iterator, long long int node)
 }
 
 /**
- * @brief Return if the CPE of the actual match node is vulnerable.
+ * @brief Return if the match criteria is vulnerable.
  *
  * @param[in]  iterator   Iterator.
  *
- * @return  1 if the match node is vulnerable, 0 otherwise.
+ * @return  1 if the match criteria is vulnerable, 0 otherwise.
  */
 int
-cpe_match_range_iterator_vulnerable (iterator_t* iterator)
+cpe_match_string_iterator_vulnerable (iterator_t* iterator)
 {
   return iterator_int64 (iterator, 0);
 }
 
 /**
- * @brief Return the CPE of the actual match node.
+ * @brief Return the criteria of the CPE match string.
  *
  * @param[in]  iterator   Iterator.
  *
- * @return   The CPE of the actual match node.
+ * @return   The criteria of the match string.
  */
-DEF_ACCESS (cpe_match_range_iterator_cpe, 1);
+DEF_ACCESS (cpe_match_string_iterator_criteria, 1);
 
 /**
- * @brief Return the match criteria id of the CPE match range.
+ * @brief Return the match criteria id of the CPE match string.
  *
  * @param[in]  iterator   Iterator.
  *
  * @return   The match criteria id, if any. NULL otherwise.
  */
-DEF_ACCESS (cpe_match_range_iterator_match_criteria_id, 2);
+DEF_ACCESS (cpe_match_string_iterator_match_criteria_id, 2);
 
 /**
- * @brief Return the status of the CPE match range.
+ * @brief Return the status of the CPE match criteria.
  *
  * @param[in]  iterator   Iterator.
  *
- * @return   The status of the CPE match range, if any.
+ * @return   The status of the CPE match criteria, if any.
  *           NULL otherwise.
  */
-DEF_ACCESS (cpe_match_range_iterator_status, 3);
+DEF_ACCESS (cpe_match_string_iterator_status, 3);
 
 /**
- * @brief Return the start included version of the match range.
+ * @brief Return the start included version of the match criteria.
  *
  * @param[in]  iterator   Iterator.
  *
- * @return   The start included version of the match range, if any.
+ * @return   The start included version of the match criteria, if any.
  *           NULL otherwise.
  */
-DEF_ACCESS (cpe_match_range_iterator_version_start_incl, 4);
+DEF_ACCESS (cpe_match_string_iterator_version_start_incl, 4);
 
 /**
- * @brief Return the start excluded version of the match range.
+ * @brief Return the start excluded version of the match criteria.
  *
  * @param[in]  iterator   Iterator.
  *
- * @return   The start excluded version of the match range, if any.
+ * @return   The start excluded version of the match criteria, if any.
  *           NULL otherwise.
  */
-DEF_ACCESS (cpe_match_range_iterator_version_start_excl, 5);
+DEF_ACCESS (cpe_match_string_iterator_version_start_excl, 5);
 
 /**
- * @brief Return the end included version of the match range.
+ * @brief Return the end included version of the match criteria.
  *
  * @param[in]  iterator   Iterator.
  *
- * @return   The end included version of the match range, if any.
+ * @return   The end included version of the match criteria, if any.
  *           NULL otherwise.
  */
-DEF_ACCESS (cpe_match_range_iterator_version_end_incl, 6);
+DEF_ACCESS (cpe_match_string_iterator_version_end_incl, 6);
 
 /**
- * @brief Return the end excluded version of the match range.
+ * @brief Return the end excluded version of the match criteria.
  *
  * @param[in]  iterator   Iterator.
  *
- * @return   The end excluded version of the match range, if any.
+ * @return   The end excluded version of the match criteria, if any.
  *           NULL otherwise.
  */
-DEF_ACCESS (cpe_match_range_iterator_version_end_excl, 7);
+DEF_ACCESS (cpe_match_string_iterator_version_end_excl, 7);
 
 /**
- * @brief Initialize an iterator of CPE matches for a match range
+ * @brief Initialize an iterator of CPE matches for a match string
  *        given a match criteria id.
  *
  * @param[in]  iterator           Iterator.
  * @param[in]  match_criteria_id  The match criteria id to get the matches for.
  */
 void
-init_cpe_match_range_matches_iterator (iterator_t* iterator,
+init_cpe_match_string_matches_iterator (iterator_t* iterator,
                                        const char *match_criteria_id)
 {
   init_iterator (iterator,
-                 "SELECT cpe_name_id"
+                 "SELECT cpe_name_id, cpe_name"
                  " FROM scap.cpe_matches"
                  " WHERE match_criteria_id = '%s'",
                  match_criteria_id);
 }
 
 /**
- * @brief Get the CPE name id from a CPE match range matches iterator.
+ * @brief Get the CPE name id from a CPE match string matches iterator.
  *
  * @param[in]  iterator   Iterator.
  *
@@ -20763,6 +20763,19 @@ cpe_matches_cpe_name_id (iterator_t* iterator)
   return iterator_string (iterator, 0);
 }
 
+/**
+ * @brief Get the CPE name from a CPE match string matches iterator.
+ *
+ * @param[in]  iterator   Iterator.
+ *
+ * @return  The CPE name id.
+ */
+const char *
+cpe_matches_cpe_name (iterator_t* iterator)
+{
+  return iterator_string (iterator, 1);
+}
+
 /**
  * @brief Initialise a report host prognosis iterator.
  *
diff --git a/src/manage_sql_secinfo.c b/src/manage_sql_secinfo.c
index b7b421ce6..4e6d3d6fc 100644
--- a/src/manage_sql_secinfo.c
+++ b/src/manage_sql_secinfo.c
@@ -4060,7 +4060,7 @@ handle_json_cpe_match_string (inserts_t *inserts, inserts_t *matches_inserts,
   char *criteria, *match_criteria_id, *status, *ver_se;
   gchar *quoted_version_start_incl, *quoted_version_start_excl;
   gchar *quoted_version_end_incl, *quoted_version_end_excl;
-  gchar *quoted_criteria, *quoted_match_criteria_id, *quoted_cpe_name_id;
+  gchar *quoted_criteria, *quoted_match_criteria_id;
   int first;
 
   assert (inserts);
@@ -4153,7 +4153,8 @@ handle_json_cpe_match_string (inserts_t *inserts, inserts_t *matches_inserts,
       cJSON *match_item;
       cJSON_ArrayForEach (match_item, matches_array)
         {
-          char *cpe_name_id;
+          char *cpe_name_id, *cpe_name;
+          gchar *quoted_cpe_name_id, *quoted_cpe_name;
 
           cpe_name_id = json_object_item_string (match_item, "cpeNameId");
           if (cpe_name_id == NULL)
@@ -4164,19 +4165,31 @@ handle_json_cpe_match_string (inserts_t *inserts, inserts_t *matches_inserts,
               return -1;
             }
 
+          cpe_name = json_object_item_string (match_item, "cpeName");
+          if (cpe_name == NULL)
+            {
+              g_warning ("%s: 'cpe_name' field missing or not a string",
+                         __func__);
+              g_free (quoted_match_criteria_id);
+              return -1;
+            }
+
           quoted_cpe_name_id = sql_quote (cpe_name_id);
+          quoted_cpe_name = fs_to_uri_convert_and_quote_cpe_name (cpe_name);
 
           first = inserts_check_size (matches_inserts);
 
           g_string_append_printf (matches_inserts->statement,
-                                "%s ('%s', '%s')",
+                                "%s ('%s', '%s', '%s')",
                                 first ? "" : ",",
                                 quoted_match_criteria_id,
-                                quoted_cpe_name_id);
+                                quoted_cpe_name_id,
+                                quoted_cpe_name);
 
           matches_inserts->current_chunk_size++;
 
           g_free (quoted_cpe_name_id);
+          g_free (quoted_cpe_name);
         }
     }
 
@@ -4287,13 +4300,13 @@ update_scap_cpe_match_strings ()
       inserts_init (&inserts,
                 CPE_MAX_CHUNK_SIZE,
                 setting_secinfo_sql_buffer_threshold_bytes (),
-                "INSERT INTO scap2.cpe_match_range"
-                "  (match_criteria_id, cpe, version_start_incl,"
+                "INSERT INTO scap2.cpe_match_strings"
+                "  (match_criteria_id, criteria, version_start_incl,"
                 "   version_start_excl, version_end_incl, version_end_excl,"
                 "   status)"
                 "  VALUES ",
                 " ON CONFLICT (match_criteria_id) DO UPDATE"
-                " SET cpe = EXCLUDED.cpe,"                
+                " SET criteria = EXCLUDED.criteria,"
                 "     version_start_incl = EXCLUDED.version_start_incl,"
                 "     version_start_excl = EXCLUDED.version_start_excl,"
                 "     version_end_incl = EXCLUDED.version_end_incl,"
@@ -4303,7 +4316,7 @@ update_scap_cpe_match_strings ()
       inserts_init (&matches_inserts, 10,
                 setting_secinfo_sql_buffer_threshold_bytes (),
                 "INSERT INTO scap2.cpe_matches" 
-                "  (match_criteria_id, cpe_name_id)"
+                "  (match_criteria_id, cpe_name_id, cpe_name)"
                 "  VALUES ",              
                 "");
 
diff --git a/src/schema_formats/XML/GMP.xml.in b/src/schema_formats/XML/GMP.xml.in
index 17b1381f5..5bb6e166d 100644
--- a/src/schema_formats/XML/GMP.xml.in
+++ b/src/schema_formats/XML/GMP.xml.in
@@ -13263,7 +13263,7 @@ END:VCALENDAR
               <pattern>
                 <e>operator</e>
                 <e>negate</e>
-                <o><e>match_criteria</e></o>
+                <o><e>match_string</e></o>
                 <o><any><e>node</e></any></o>
               </pattern>
               <ele>
@@ -13281,10 +13281,10 @@ END:VCALENDAR
                 </pattern>
               </ele>
               <ele>
-                <name>match_criteria</name>
-                <summary>The match criteria for the node</summary>
+                <name>match_string</name>
+                <summary>The match string for the node</summary>
                 <pattern>
-                  <e>match_string</e>
+                  <e>criteria</e>
                   <e>vulnerable</e>
                   <e>version_start_including</e>
                   <e>version_start_excluding</e>
@@ -13293,8 +13293,8 @@ END:VCALENDAR
                   <e>matched_cpes</e>
                 </pattern>
                 <ele>
-                  <name>match_string</name>
-                  <summary>A CPE Match string</summary>
+                  <name>criteria</name>
+                  <summary>A CPE match criteria</summary>
                   <pattern>
                     text
                   </pattern>

From 9b43edec2328de3b6b9f8ac564bc64d6c1f8b343 Mon Sep 17 00:00:00 2001
From: Johannes Helmold <johannes.helmold@greenbone.net>
Date: Mon, 28 Oct 2024 09:49:26 +0100
Subject: [PATCH 113/134] Remove: Removed feature toggle for compliance report
 views.

Removed the feature toggle for the dedicated compliance
report views.
---
 CMakeLists.txt   |  13 -
 src/gmp.c        |  49 +--
 src/gvmd.c       |   2 -
 src/manage_sql.c | 910 +++++++++++++++++++++++------------------------
 4 files changed, 456 insertions(+), 518 deletions(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index eb6b215d2..d5c958a34 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -247,25 +247,12 @@ if (NOT CVSS3_RATINGS)
 endif (NOT CVSS3_RATINGS)
 add_definitions (-DCVSS3_RATINGS=${CVSS3_RATINGS})
 
-if (NOT COMPLIANCE_REPORTS)
-  set (COMPLIANCE_REPORTS 1)
-endif (NOT COMPLIANCE_REPORTS)
-add_definitions (-DCOMPLIANCE_REPORTS=${COMPLIANCE_REPORTS})
-
 message ("-- Install prefix: ${CMAKE_INSTALL_PREFIX}")
 
 ## Version
 
 set (GVMD_VERSION "${PROJECT_VERSION_STRING}")
 
-if (COMPLIANCE_REPORTS EQUAL 1)
-  set(IF_COMPLIANCE_REPORTS "")
-  set(ENDIF_COMPLIANCE_REPORTS "")
-elseif (COMPLIANCE_REPORTS EQUAL 0)
-  set(IF_COMPLIANCE_REPORTS "<!--")
-  set(ENDIF_COMPLIANCE_REPORTS "-->")
-endif()
-
 # Configure Doxyfile with version number
 configure_file (doc/Doxyfile.in doc/Doxyfile)
 configure_file (doc/Doxyfile_full.in doc/Doxyfile_full)
diff --git a/src/gmp.c b/src/gmp.c
index b90c1ff54..ae84d3e58 100644
--- a/src/gmp.c
+++ b/src/gmp.c
@@ -12956,11 +12956,6 @@ handle_get_features (gmp_parser_t *gmp_parser, GError **error)
                           " status=\"" STATUS_OK "\""
                           " status_text=\"" STATUS_OK_TEXT "\">");
 
-  SENDF_TO_CLIENT_OR_FAIL ("<feature enabled=\"%d\">"
-                           "<name>COMPLIANCE_REPORTS</name>"
-                           "</feature>",
-                           COMPLIANCE_REPORTS ? 1 : 0);
-
   SENDF_TO_CLIENT_OR_FAIL ("<feature enabled=\"%d\">"
                            "<name>CVSS3_RATINGS</name>"
                            "</feature>",
@@ -14925,31 +14920,23 @@ handle_get_reports (gmp_parser_t *gmp_parser, GError **error)
       overrides = filter_term_apply_overrides (filter ? filter : get->filter);
       min_qod = filter_term_min_qod (filter ? filter : get->filter);
       levels = filter_term_value (filter ? filter : get->filter, "levels");
-      #if COMPLIANCE_REPORTS == 1
-        gchar *compliance_levels;
-        compliance_levels = filter_term_value (filter
-                                                  ? filter
-                                                  : get->filter,
-                                              "compliance_levels");
-
-        /* Setup result filter from overrides. */
-        get_reports_data->get.filter
-          = g_strdup_printf
-              ("apply_overrides=%i min_qod=%i levels=%s compliance_levels=%s",
-              overrides,
-              min_qod,
-              levels ? levels : "hmlgdf",
-              compliance_levels ? compliance_levels : "yniu");
-        g_free (compliance_levels);
-      #else
-        /* Setup result filter from overrides. */
-        get_reports_data->get.filter
-          = g_strdup_printf
-              ("apply_overrides=%i min_qod=%i levels=%s",
-              overrides,
-              min_qod,
-              levels ? levels : "hmlgdf");
-      #endif
+
+      gchar *compliance_levels;
+      compliance_levels = filter_term_value (filter
+                                                ? filter
+                                                : get->filter,
+                                            "compliance_levels");
+
+      /* Setup result filter from overrides. */
+      get_reports_data->get.filter
+        = g_strdup_printf
+            ("apply_overrides=%i min_qod=%i levels=%s compliance_levels=%s",
+            overrides,
+            min_qod,
+            levels ? levels : "hmlgdf",
+            compliance_levels ? compliance_levels : "yniu");
+      g_free (compliance_levels);
+
       g_free (filter);
       g_free (levels);
     }
@@ -15997,7 +15984,6 @@ select_resource_iterator (get_resource_names_data_t *resource_names_data,
   else if (g_strcmp0 ("report", resource_names_data->type) == 0)
     {
       *iterator = (int (*) (iterator_t*, get_data_t *))init_report_iterator;
-#if COMPLIANCE_REPORTS == 1
       get_data_set_extra (&resource_names_data->get, 
                           "usage_type",
                           g_strdup ("scan"));
@@ -16008,7 +15994,6 @@ select_resource_iterator (get_resource_names_data_t *resource_names_data,
       get_data_set_extra (&resource_names_data->get, 
                           "usage_type",
                           g_strdup ("audit"));
-#endif
     }
   else if (g_strcmp0 ("report_config", resource_names_data->type) == 0)
     {
diff --git a/src/gvmd.c b/src/gvmd.c
index 0fbe8051b..722ea2022 100644
--- a/src/gvmd.c
+++ b/src/gvmd.c
@@ -2325,9 +2325,7 @@ gvmd (int argc, char** argv, char *env[])
 #if CVSS3_RATINGS == 1
       printf ("CVSS3 severity ratings enabled\n");
 #endif
-#if COMPLIANCE_REPORTS == 1
       printf ("Compliance reports enabled\n");
-#endif
       printf ("Copyright (C) 2009-2021 Greenbone AG\n");
       printf ("License: AGPL-3.0-or-later\n");
       printf
diff --git a/src/manage_sql.c b/src/manage_sql.c
index fc1bf3905..9e33f3277 100644
--- a/src/manage_sql.c
+++ b/src/manage_sql.c
@@ -2221,7 +2221,7 @@ manage_report_filter_controls (const gchar *filter, int *first, int *max,
       else
         *apply_overrides = val;
     }
-  
+
   if (compliance_levels)
     {
       if (filter_control_str ((keyword_t **) split->pdata,
@@ -3980,14 +3980,9 @@ valid_type (const char* type)
 int
 valid_subtype (const char* type)
 {
-  #if COMPLIANCE_REPORTS == 1
     return (strcasecmp (type, "audit_report") == 0)
           || (strcasecmp (type, "audit") == 0)
           || (strcasecmp (type, "policy") == 0);
-  #else
-    return (strcasecmp (type, "audit") == 0)
-          || (strcasecmp (type, "policy") == 0);
-  #endif
 }
 
 /**
@@ -14406,7 +14401,7 @@ manage_test_alert (const char *alert_id, gchar **script_message)
                         NULL);
   if (result)
     report_add_result (report, result);
-  
+
 
   result = make_result (
               task, "127.0.0.1", "localhost", "general/tcp",
@@ -18335,7 +18330,7 @@ task_usage_type (task_t task, char ** usage_type)
                             task);
   if (usage_type == NULL)
     return -1;
-  
+
   return 0;
 }
 
@@ -22230,7 +22225,6 @@ report_iterator_opts_table (int override, int min_qod)
                           min_qod);
 }
 
-#if COMPLIANCE_REPORTS == 1
 /**
  * @brief Return SQL WHERE for restricting a SELECT to compliance statuses.
  *
@@ -22288,7 +22282,6 @@ where_compliance_status (const char *compliance)
 
    return g_string_free (compliance_sql, FALSE);;
 }
-#endif
 
 /**
  * @brief  Generate an extra WHERE clause for selecting reports
@@ -22323,32 +22316,30 @@ reports_extra_where (int trash, const gchar *filter, const char *usage_type)
   g_string_append_printf(extra_where, "%s", trash_clause);
   g_free (trash_clause);
 
-  #if COMPLIANCE_REPORTS == 1
-    gchar *usage_type_clause, *compliance_clause = NULL;
-    gchar *compliance_filter = NULL;
-    if (usage_type && strcmp (usage_type, ""))
-      {
-        gchar *quoted_usage_type;
-        quoted_usage_type = sql_quote (usage_type);
-        usage_type_clause = g_strdup_printf (" AND task in (SELECT id from tasks"
-                                            "              WHERE usage_type='%s')",
-                                            quoted_usage_type);
+  gchar *usage_type_clause, *compliance_clause = NULL;
+  gchar *compliance_filter = NULL;
+  if (usage_type && strcmp (usage_type, ""))
+    {
+      gchar *quoted_usage_type;
+      quoted_usage_type = sql_quote (usage_type);
+      usage_type_clause = g_strdup_printf (" AND task in (SELECT id from tasks"
+                                          "              WHERE usage_type='%s')",
+                                          quoted_usage_type);
 
-        g_free (quoted_usage_type);
-      }
-    else
-      usage_type_clause = NULL;
+      g_free (quoted_usage_type);
+    }
+  else
+    usage_type_clause = NULL;
 
-    if (filter)
-      compliance_filter = filter_term_value(filter, "report_compliance_levels");
+  if (filter)
+    compliance_filter = filter_term_value(filter, "report_compliance_levels");
 
-    compliance_clause = where_compliance_status (compliance_filter ?: "yniu");
+  compliance_clause = where_compliance_status (compliance_filter ?: "yniu");
 
-    g_string_append_printf (extra_where, "%s%s", usage_type_clause ?: "", compliance_clause ?: "");
-    g_free (compliance_filter);
-    g_free (compliance_clause);
-    g_free (usage_type_clause);
-  #endif
+  g_string_append_printf (extra_where, "%s%s", usage_type_clause ?: "", compliance_clause ?: "");
+  g_free (compliance_filter);
+  g_free (compliance_clause);
+  g_free (usage_type_clause);
 
   return g_string_free (extra_where, FALSE);
 }
@@ -22370,7 +22361,7 @@ report_count (const get_data_t *get)
   int ret;
 
   extra_tables = report_iterator_opts_table (0, MIN_QOD_DEFAULT);
-  
+
   const gchar *usage_type = get_data_get_extra (get, "usage_type");
   extra_where = reports_extra_where(get->trash, get->filter, usage_type);
 
@@ -23797,7 +23788,7 @@ result_count (const get_data_t *get, report_t report, const char* host)
                                             dynamic_severity,
                                             "results",
                                             "nvts");
-  
+
   extra_tables = g_strdup_printf (" LEFT OUTER JOIN result_vt_epss"
                                   " ON results.nvt = result_vt_epss.vt_id"
                                   " LEFT OUTER JOIN nvts"
@@ -26167,7 +26158,6 @@ report_counts_id_full (report_t report, int* holes, int* infos,
   return 0;
 }
 
-#if COMPLIANCE_REPORTS == 1
 /**
  * @brief Get the compliance state from compliance counts.
  *
@@ -26312,8 +26302,6 @@ report_compliance_counts (report_t report,
 
   return 0;
 }
-#endif
-
 
 /**
  * @brief Get only the filtered message counts for a report.
@@ -28052,7 +28040,7 @@ print_report_host_tls_certificates_xml (report_host_t report_host,
                  "   AND (source_description = 'SSL/TLS Certificate'"
                  "        OR source_description = 'SSL Certificate')",
                  report_host);
-  
+
   while (next (&tls_certs)) 
     {
       const char *certificate_prefixed, *certificate_b64;
@@ -28636,54 +28624,53 @@ print_report_host_xml (FILE *stream,
             host_iterator_asset_uuid (hosts));
   else if (lean == 0)
     PRINT (stream,
-            "<asset asset_id=\"\"/>");
+           "<asset asset_id=\"\"/>");
 
-  #if COMPLIANCE_REPORTS == 1
-    if (strcmp (usage_type, "audit") == 0)
-      {
-        int yes_count, no_count, incomplete_count, undefined_count;
-
-        yes_count
-          = GPOINTER_TO_INT
-              (g_hash_table_lookup (f_host_compliant, current_host));
-        no_count
-          = GPOINTER_TO_INT
-              (g_hash_table_lookup (f_host_notcompliant, current_host));
-        incomplete_count
-          = GPOINTER_TO_INT
-              (g_hash_table_lookup (f_host_incomplete, current_host));
-        undefined_count
-          = GPOINTER_TO_INT
-              (g_hash_table_lookup (f_host_undefined, current_host));
-
-        PRINT (stream,
-              "<start>%s</start>"
-              "<end>%s</end>"
-              "<port_count><page>%d</page></port_count>"
-              "<compliance_count>"
-              "<page>%d</page>"
-              "<yes><page>%d</page></yes>"
-              "<no><page>%d</page></no>"
-              "<incomplete><page>%d</page></incomplete>"
-              "<undefined><page>%d</page></undefined>"
-              "</compliance_count>"
-              "<host_compliance>%s</host_compliance>",
-              host_iterator_start_time (hosts),
-              host_iterator_end_time (hosts)
-                ? host_iterator_end_time (hosts)
-                : "",
-              ports_count,
-              (yes_count + no_count + incomplete_count + undefined_count),
-              yes_count,
-              no_count,
-              incomplete_count,
-              undefined_count,
-              report_compliance_from_counts (&yes_count,
-                                              &no_count,
-                                              &incomplete_count,
-                                              &undefined_count));
-      } else
-  #endif
+  if (strcmp (usage_type, "audit") == 0)
+    {
+      int yes_count, no_count, incomplete_count, undefined_count;
+
+      yes_count
+        = GPOINTER_TO_INT
+            (g_hash_table_lookup (f_host_compliant, current_host));
+      no_count
+        = GPOINTER_TO_INT
+            (g_hash_table_lookup (f_host_notcompliant, current_host));
+      incomplete_count
+        = GPOINTER_TO_INT
+            (g_hash_table_lookup (f_host_incomplete, current_host));
+      undefined_count
+        = GPOINTER_TO_INT
+            (g_hash_table_lookup (f_host_undefined, current_host));
+
+      PRINT (stream,
+            "<start>%s</start>"
+            "<end>%s</end>"
+            "<port_count><page>%d</page></port_count>"
+            "<compliance_count>"
+            "<page>%d</page>"
+            "<yes><page>%d</page></yes>"
+            "<no><page>%d</page></no>"
+            "<incomplete><page>%d</page></incomplete>"
+            "<undefined><page>%d</page></undefined>"
+            "</compliance_count>"
+            "<host_compliance>%s</host_compliance>",
+            host_iterator_start_time (hosts),
+            host_iterator_end_time (hosts)
+              ? host_iterator_end_time (hosts)
+              : "",
+            ports_count,
+            (yes_count + no_count + incomplete_count + undefined_count),
+            yes_count,
+            no_count,
+            incomplete_count,
+            undefined_count,
+            report_compliance_from_counts (&yes_count,
+                                            &no_count,
+                                            &incomplete_count,
+                                            &undefined_count));
+    }
+  else
     {
       int holes_count, warnings_count, infos_count;
       int logs_count, false_positives_count;
@@ -28703,7 +28690,7 @@ print_report_host_xml (FILE *stream,
       false_positives_count
         = GPOINTER_TO_INT
             (g_hash_table_lookup ( f_host_false_positives,
-                                    current_host));
+                                  current_host));
 
       PRINT (stream,
             "<start>%s</start>"
@@ -29855,30 +29842,29 @@ print_v2_report_delta_xml (FILE *out, iterator_t *results,
 
     if (strchr (delta_states, state[0]) == NULL) continue;
 
-    #if COMPLIANCE_REPORTS == 1
-      if (strcmp (usage_type, "audit") == 0)
-        {
-            const char* compliance;
-            compliance = result_iterator_compliance (results);
-            (*f_compliance_count)++;
-            if (strcasecmp (compliance, "yes") == 0)
-              {
-                  (*f_compliance_yes)++;
-              }
-            else if (strcasecmp (compliance, "no") == 0)
-              {
-                  (*f_compliance_no)++;
-              }
-            else if (strcasecmp (compliance, "incomplete") == 0)
-              {
-                  (*f_compliance_incomplete)++;
-              }
-            else if (strcasecmp (compliance, "undefined") == 0)
-              {
-                  (*f_compliance_undefined)++;
-              }
-        } else
-    #endif
+    if (strcmp (usage_type, "audit") == 0)
+      {
+          const char* compliance;
+          compliance = result_iterator_compliance (results);
+          (*f_compliance_count)++;
+          if (strcasecmp (compliance, "yes") == 0)
+            {
+                (*f_compliance_yes)++;
+            }
+          else if (strcasecmp (compliance, "no") == 0)
+            {
+                (*f_compliance_no)++;
+            }
+          else if (strcasecmp (compliance, "incomplete") == 0)
+            {
+                (*f_compliance_incomplete)++;
+            }
+          else if (strcasecmp (compliance, "undefined") == 0)
+            {
+                (*f_compliance_undefined)++;
+            }
+      }
+    else
       {
         const char *level;
         /* Increase the result count. */
@@ -29943,7 +29929,7 @@ print_v2_report_delta_xml (FILE *out, iterator_t *results,
   }
   g_string_free (buffer, TRUE);
   g_free (usage_type);
-  
+
   if (fprintf (out, "</results>") < 0)
     {
       g_tree_destroy (ports);
@@ -30260,9 +30246,7 @@ print_report_xml_start (report_t report, report_t delta, task_t task,
   if (report)
     {
       /* Get total counts of full results. */
-      #if COMPLIANCE_REPORTS == 1
-        if (strcmp (tsk_usage_type, "audit"))
-      #endif
+      if (strcmp (tsk_usage_type, "audit"))
         {
           if (delta == 0)
             {         
@@ -30400,22 +30384,20 @@ print_report_xml_start (report_t report, report_t delta, task_t task,
 
   filters_extra_buffer = g_string_new ("");
 
-  #if COMPLIANCE_REPORTS == 1
-    if (strcmp (tsk_usage_type, "audit") == 0)
-      {
-        compliance_levels = compliance_levels ? compliance_levels : g_strdup ("yniu");
-
-        if (strchr (compliance_levels, 'y'))
-          g_string_append (filters_extra_buffer, "<filter>Yes</filter>");
-        if (strchr (compliance_levels, 'n'))
-          g_string_append (filters_extra_buffer, "<filter>No</filter>");
-        if (strchr (compliance_levels, 'i'))
-          g_string_append (filters_extra_buffer, "<filter>Incomplete</filter>");
-        if (strchr (compliance_levels, 'u'))
-          g_string_append (filters_extra_buffer, "<filter>Undefined</filter>");
-      }
-    else
-  #endif
+  if (strcmp (tsk_usage_type, "audit") == 0)
+    {
+      compliance_levels = compliance_levels ? compliance_levels : g_strdup ("yniu");
+
+      if (strchr (compliance_levels, 'y'))
+        g_string_append (filters_extra_buffer, "<filter>Yes</filter>");
+      if (strchr (compliance_levels, 'n'))
+        g_string_append (filters_extra_buffer, "<filter>No</filter>");
+      if (strchr (compliance_levels, 'i'))
+        g_string_append (filters_extra_buffer, "<filter>Incomplete</filter>");
+      if (strchr (compliance_levels, 'u'))
+        g_string_append (filters_extra_buffer, "<filter>Undefined</filter>");
+    }
+  else
     {
       if (strchr (levels, 'h'))
         g_string_append (filters_extra_buffer, "<filter>High</filter>");
@@ -30692,41 +30674,40 @@ print_report_xml_start (report_t report, report_t delta, task_t task,
     }
 
   /* Prepare result counts. */
-  #if COMPLIANCE_REPORTS == 1
-    int compliance_yes, compliance_no;
-    int compliance_incomplete, compliance_undefined;
-    int total_compliance_count = 0;
+  int compliance_yes, compliance_no;
+  int compliance_incomplete, compliance_undefined;
+  int total_compliance_count = 0;
 
-    if (strcmp (tsk_usage_type, "audit") == 0)
-      {
-        report_compliance_counts (report, get, &compliance_yes, &compliance_no,
-                                  &compliance_incomplete, &compliance_undefined);
+  if (strcmp (tsk_usage_type, "audit") == 0)
+    {
+      report_compliance_counts (report, get, &compliance_yes, &compliance_no,
+                                &compliance_incomplete, &compliance_undefined);
 
-        total_compliance_count = compliance_yes
-                                + compliance_no
-                                + compliance_incomplete
-                                + compliance_undefined;
+      total_compliance_count = compliance_yes
+                              + compliance_no
+                              + compliance_incomplete
+                              + compliance_undefined;
 
-        f_compliance_yes = f_compliance_no = 0;
-        f_compliance_incomplete = f_compliance_undefined = 0;
+      f_compliance_yes = f_compliance_no = 0;
+      f_compliance_incomplete = f_compliance_undefined = 0;
 
-        if (count_filtered == 0)
-          {
-            report_compliance_f_counts (report,
-                                        get,
-                                        &f_compliance_yes,
-                                        &f_compliance_no,
-                                        &f_compliance_incomplete,
-                                        &f_compliance_undefined);
+       if (count_filtered == 0)
+         {
+           report_compliance_f_counts (report,
+                                       get,
+                                       &f_compliance_yes,
+                                       &f_compliance_no,
+                                       &f_compliance_incomplete,
+                                       &f_compliance_undefined);
 
-            f_compliance_count = f_compliance_yes
-                                + f_compliance_no
-                                + f_compliance_incomplete
-                                + f_compliance_undefined;
-          }
-      } else
-  #endif
-  {
+           f_compliance_count = f_compliance_yes
+                               + f_compliance_no
+                               + f_compliance_incomplete
+                               + f_compliance_undefined;
+         }
+    }
+  else
+    {
     if (count_filtered)
       {
         /* We're getting all the filtered results, so we can count them as we
@@ -30740,12 +30721,12 @@ print_report_xml_start (report_t report, report_t delta, task_t task,
         f_false_positives = f_severity = 0;
       }
     else
-        report_counts_id_full (report, &holes, &infos, &logs,
-                              &warnings, &false_positives, &severity,
-                              get, NULL,
-                              &f_holes, &f_infos, &f_logs, &f_warnings,
-                              &f_false_positives, &f_severity);
-  }
+      report_counts_id_full (report, &holes, &infos, &logs,
+                            &warnings, &false_positives, &severity,
+                            get, NULL,
+                            &f_holes, &f_infos, &f_logs, &f_warnings,
+                            &f_false_positives, &f_severity);
+    }
 
   /* Results. */
 
@@ -30810,31 +30791,30 @@ print_report_xml_start (report_t report, report_t delta, task_t task,
     /* Quiet erroneous compiler warning. */
     result_hosts = NULL;
 
-  #if COMPLIANCE_REPORTS == 1
-    if (strcmp (tsk_usage_type, "audit") == 0)
-      {
-        f_host_compliant = g_hash_table_new_full (g_str_hash, g_str_equal,
-                                                  g_free, NULL);
-        f_host_notcompliant = g_hash_table_new_full (g_str_hash, g_str_equal,
-                                                     g_free, NULL);
-        f_host_incomplete = g_hash_table_new_full (g_str_hash, g_str_equal,
+  if (strcmp (tsk_usage_type, "audit") == 0)
+    {
+      f_host_compliant = g_hash_table_new_full (g_str_hash, g_str_equal,
+                                                g_free, NULL);
+      f_host_notcompliant = g_hash_table_new_full (g_str_hash, g_str_equal,
                                                    g_free, NULL);
-        f_host_undefined = g_hash_table_new_full (g_str_hash, g_str_equal,
-                                                  g_free, NULL);
-      } else
-  #endif
-  {
-    f_host_holes = g_hash_table_new_full (g_str_hash, g_str_equal,
-                                          g_free, NULL);
-    f_host_warnings = g_hash_table_new_full (g_str_hash, g_str_equal,
+      f_host_incomplete = g_hash_table_new_full (g_str_hash, g_str_equal,
+                                                 g_free, NULL);
+      f_host_undefined = g_hash_table_new_full (g_str_hash, g_str_equal,
+                                                g_free, NULL);
+    }
+  else
+    {
+      f_host_holes = g_hash_table_new_full (g_str_hash, g_str_equal,
                                             g_free, NULL);
-    f_host_infos = g_hash_table_new_full (g_str_hash, g_str_equal,
-                                        g_free, NULL);
-    f_host_logs = g_hash_table_new_full (g_str_hash, g_str_equal,
-                                        g_free, NULL);
-    f_host_false_positives = g_hash_table_new_full (g_str_hash, g_str_equal,
-                                                    g_free, NULL);
-  }
+      f_host_warnings = g_hash_table_new_full (g_str_hash, g_str_equal,
+                                               g_free, NULL);
+      f_host_infos = g_hash_table_new_full (g_str_hash, g_str_equal,
+                                            g_free, NULL);
+      f_host_logs = g_hash_table_new_full (g_str_hash, g_str_equal,
+                                           g_free, NULL);
+      f_host_false_positives = g_hash_table_new_full (g_str_hash, g_str_equal,
+                                                      g_free, NULL);
+    }
 
   if (delta && get->details)
     {
@@ -30918,109 +30898,107 @@ print_report_xml_start (report_t report, report_t delta, task_t task,
             array_add_new_string (result_hosts,
                                   result_iterator_host (&results));
 
-          #if COMPLIANCE_REPORTS == 1
-            if (strcmp (tsk_usage_type, "audit") == 0)
-              {
-                const char* compliance;
-                compliance = result_iterator_compliance (&results);
-
-                if (strcasecmp (compliance, "yes") == 0)
-                  {
-                    f_host_result_counts = f_host_compliant;
-                    if (count_filtered)
-                      f_compliance_yes++;
-                  }
-                else if (strcasecmp (compliance, "no") == 0)
-                  {
-                    f_host_result_counts = f_host_notcompliant;
-                    if (count_filtered)
-                      f_compliance_no++;
-                  }
-                else if (strcasecmp (compliance, "incomplete") == 0)
-                  {
-                    f_host_result_counts = f_host_incomplete;
-                    if (count_filtered)
-                      f_compliance_incomplete++;
-                  }
-                else if (strcasecmp (compliance, "undefined") == 0)
-                  {
-                    f_host_result_counts = f_host_undefined;
-                    if (count_filtered)
-                      f_compliance_undefined++;
-                  }
-                else
-                  {
-                    f_host_result_counts = NULL;
-                  }
+          if (strcmp (tsk_usage_type, "audit") == 0)
+            {
+              const char* compliance;
+              compliance = result_iterator_compliance (&results);
 
-                if (f_host_result_counts)
-                  {
-                    const char *result_host = result_iterator_host (&results);
-                    int result_count
-                          = GPOINTER_TO_INT
-                              (g_hash_table_lookup (f_host_result_counts,
-                                                    result_host));
-
-                    g_hash_table_replace (f_host_result_counts,
-                                          g_strdup (result_host),
-                                          GINT_TO_POINTER (result_count + 1));
+              if (strcasecmp (compliance, "yes") == 0)
+                {
+                  f_host_result_counts = f_host_compliant;
+                  if (count_filtered)
+                    f_compliance_yes++;
+                }
+              else if (strcasecmp (compliance, "no") == 0)
+                {
+                  f_host_result_counts = f_host_notcompliant;
+                  if (count_filtered)
+                    f_compliance_no++;
+                }
+              else if (strcasecmp (compliance, "incomplete") == 0)
+                {
+                  f_host_result_counts = f_host_incomplete;
+                  if (count_filtered)
+                    f_compliance_incomplete++;
+                }
+              else if (strcasecmp (compliance, "undefined") == 0)
+                {
+                  f_host_result_counts = f_host_undefined;
+                  if (count_filtered)
+                    f_compliance_undefined++;
+                }
+              else
+                {
+                  f_host_result_counts = NULL;
                 }
-              } else
-          #endif
-          {
-            double result_severity;
-            result_severity = result_iterator_severity_double (&results);
-            if (result_severity > f_severity)
-              f_severity = result_severity;
-
-            level = result_iterator_level (&results);
 
-            if (strcasecmp (level, "log") == 0)
-              {
-                f_host_result_counts = f_host_logs;
-                if (count_filtered)
-                  f_logs++;
-              }
-            else if (strcasecmp (level, "high") == 0)
-              {
-                f_host_result_counts = f_host_holes;
-                if (count_filtered)
-                  f_holes++;
-              }
-            else if (strcasecmp (level, "medium") == 0)
-              {
-                f_host_result_counts = f_host_warnings;
-                if (count_filtered)
-                  f_warnings++;
-              }
-            else if (strcasecmp (level, "low") == 0)
-              {
-                f_host_result_counts = f_host_infos;
-                if (count_filtered)
-                  f_infos++;
-              }
-            else if (strcasecmp (level, "false positive") == 0)
-              {
-                f_host_result_counts = f_host_false_positives;
-                if (count_filtered)
-                  f_false_positives++;
+              if (f_host_result_counts)
+                {
+                  const char *result_host = result_iterator_host (&results);
+                  int result_count
+                        = GPOINTER_TO_INT
+                            (g_hash_table_lookup (f_host_result_counts,
+                                                  result_host));
+
+                  g_hash_table_replace (f_host_result_counts,
+                                        g_strdup (result_host),
+                                        GINT_TO_POINTER (result_count + 1));
               }
-            else
-              f_host_result_counts = NULL;
+            }
+          else
+            {
+              double result_severity;
+              result_severity = result_iterator_severity_double (&results);
+              if (result_severity > f_severity)
+                f_severity = result_severity;
 
-            if (f_host_result_counts)
-              {
-                const char *result_host = result_iterator_host (&results);
-                int result_count
-                      = GPOINTER_TO_INT
-                          (g_hash_table_lookup (f_host_result_counts, result_host));
-
-                g_hash_table_replace (f_host_result_counts,
-                                      g_strdup (result_host),
-                                      GINT_TO_POINTER (result_count + 1));
-              }
-          }
+              level = result_iterator_level (&results);
 
+              if (strcasecmp (level, "log") == 0)
+                {
+                  f_host_result_counts = f_host_logs;
+                  if (count_filtered)
+                    f_logs++;
+                }
+              else if (strcasecmp (level, "high") == 0)
+                {
+                  f_host_result_counts = f_host_holes;
+                  if (count_filtered)
+                    f_holes++;
+                }
+              else if (strcasecmp (level, "medium") == 0)
+                {
+                  f_host_result_counts = f_host_warnings;
+                  if (count_filtered)
+                    f_warnings++;
+                }
+              else if (strcasecmp (level, "low") == 0)
+                {
+                  f_host_result_counts = f_host_infos;
+                  if (count_filtered)
+                    f_infos++;
+                }
+              else if (strcasecmp (level, "false positive") == 0)
+                {
+                  f_host_result_counts = f_host_false_positives;
+                  if (count_filtered)
+                    f_false_positives++;
+                }
+              else
+                f_host_result_counts = NULL;
+
+              if (f_host_result_counts)
+                {
+                  const char *result_host = result_iterator_host (&results);
+                  int result_count
+                        = GPOINTER_TO_INT
+                            (g_hash_table_lookup (f_host_result_counts, result_host));
+
+                  g_hash_table_replace (f_host_result_counts,
+                                        g_strdup (result_host),
+                                        GINT_TO_POINTER (result_count + 1));
+                }
+           }
         }
       PRINT (out, "</results>");
     }
@@ -31031,131 +31009,130 @@ print_report_xml_start (report_t report, report_t delta, task_t task,
 
   /* Print result counts and severity. */
 
-  #if COMPLIANCE_REPORTS == 1
-    if (strcmp (tsk_usage_type, "audit") == 0)
-      {
-        if (delta)
+  if (strcmp (tsk_usage_type, "audit") == 0)
+    {
+      if (delta)
+        PRINT (out,
+              "<compliance_count>"
+              "<filtered>%i</filtered>"
+              "<yes><filtered>%i</filtered></yes>"
+              "<no><filtered>%i</filtered></no>"
+              "<incomplete><filtered>%i</filtered></incomplete>"
+              "<undefined><filtered>%i</filtered></undefined>"
+              "</compliance_count>",
+              f_compliance_count,
+              (strchr (compliance_levels, 'y') ? f_compliance_yes : 0),
+              (strchr (compliance_levels, 'n') ? f_compliance_no : 0),
+              (strchr (compliance_levels, 'i') ? f_compliance_incomplete : 0),
+              (strchr (compliance_levels, 'u') ? f_compliance_undefined : 0));
+      else
+        {
+          if (count_filtered)
+            f_compliance_count = f_compliance_yes
+                                  + f_compliance_no
+                                  + f_compliance_incomplete
+                                  + f_compliance_undefined;
           PRINT (out,
-                "<compliance_count>"
-                "<filtered>%i</filtered>"
-                "<yes><filtered>%i</filtered></yes>"
-                "<no><filtered>%i</filtered></no>"
-                "<incomplete><filtered>%i</filtered></incomplete>"
-                "<undefined><filtered>%i</filtered></undefined>"
-                "</compliance_count>",
-                f_compliance_count,
-                (strchr (compliance_levels, 'y') ? f_compliance_yes : 0),
-                (strchr (compliance_levels, 'n') ? f_compliance_no : 0),
-                (strchr (compliance_levels, 'i') ? f_compliance_incomplete : 0),
-                (strchr (compliance_levels, 'u') ? f_compliance_undefined : 0));
-        else
-          {
-            if (count_filtered)
-              f_compliance_count = f_compliance_yes
-                                    + f_compliance_no
-                                    + f_compliance_incomplete
-                                    + f_compliance_undefined;
-            PRINT (out,
-                "<compliance_count>"
-                "%i"
-                "<full>%i</full>"
-                "<filtered>%i</filtered>"
-                "<yes><full>%i</full><filtered>%i</filtered></yes>"
-                "<no><full>%i</full><filtered>%i</filtered></no>"
-                "<incomplete><full>%i</full><filtered>%i</filtered></incomplete>"
-                "<undefined><full>%i</full><filtered>%i</filtered></undefined>"
-                "</compliance_count>",
-                total_compliance_count,
-                total_compliance_count,
-                f_compliance_count,
-                compliance_yes,
-                (strchr (compliance_levels, 'y') ? f_compliance_yes : 0),
-                compliance_no,
-                (strchr (compliance_levels, 'n') ? f_compliance_no : 0),
-                compliance_incomplete,
-                (strchr (compliance_levels, 'i') ? f_compliance_incomplete : 0),
-                compliance_undefined,
-                (strchr (compliance_levels, 'i') ? f_compliance_undefined : 0));
-
-            PRINT (out,
-                  "<compliance>"
-                  "<full>%s</full>"
-                  "<filtered>%s</filtered>"
-                  "</compliance>",
-                  report_compliance_from_counts (&compliance_yes,
-                                                  &compliance_no,
-                                                  &compliance_incomplete,
-                                                  &compliance_undefined),
-                  report_compliance_from_counts (&f_compliance_yes,
-                                                  &f_compliance_no,
-                                                  &f_compliance_incomplete,
-                                                  &f_compliance_undefined));
-          }
-    } else
-  #endif
-  {
-    if (delta)
-      /** @todo The f_holes, etc. vars are setup to give the page count. */
-      PRINT (out,
-            "<result_count>"
-            "<filtered>%i</filtered>"
-            "<hole><filtered>%i</filtered></hole>"
-            "<info><filtered>%i</filtered></info>"
-            "<log><filtered>%i</filtered></log>"
-            "<warning><filtered>%i</filtered></warning>"
-            "<false_positive>"
-            "<filtered>%i</filtered>"
-            "</false_positive>"
-            "</result_count>",
-            orig_filtered_result_count,
-            (strchr (levels, 'h') ? orig_f_holes : 0),
-            (strchr (levels, 'l') ? orig_f_infos : 0),
-            (strchr (levels, 'g') ? orig_f_logs : 0),
-            (strchr (levels, 'm') ? orig_f_warnings : 0),
-            (strchr (levels, 'f') ? orig_f_false_positives : 0));
-    else
-      {
-        if (count_filtered)
-          filtered_result_count = f_holes + f_infos + f_logs
-                                  + f_warnings + false_positives;
+              "<compliance_count>"
+              "%i"
+              "<full>%i</full>"
+              "<filtered>%i</filtered>"
+              "<yes><full>%i</full><filtered>%i</filtered></yes>"
+              "<no><full>%i</full><filtered>%i</filtered></no>"
+              "<incomplete><full>%i</full><filtered>%i</filtered></incomplete>"
+              "<undefined><full>%i</full><filtered>%i</filtered></undefined>"
+              "</compliance_count>",
+              total_compliance_count,
+              total_compliance_count,
+              f_compliance_count,
+              compliance_yes,
+              (strchr (compliance_levels, 'y') ? f_compliance_yes : 0),
+              compliance_no,
+              (strchr (compliance_levels, 'n') ? f_compliance_no : 0),
+              compliance_incomplete,
+              (strchr (compliance_levels, 'i') ? f_compliance_incomplete : 0),
+              compliance_undefined,
+              (strchr (compliance_levels, 'i') ? f_compliance_undefined : 0));
 
+          PRINT (out,
+                "<compliance>"
+                "<full>%s</full>"
+                "<filtered>%s</filtered>"
+                "</compliance>",
+                report_compliance_from_counts (&compliance_yes,
+                                                &compliance_no,
+                                                &compliance_incomplete,
+                                                &compliance_undefined),
+                report_compliance_from_counts (&f_compliance_yes,
+                                                &f_compliance_no,
+                                                &f_compliance_incomplete,
+                                                &f_compliance_undefined));
+        }
+    }
+  else
+    {
+      if (delta)
+        /** @todo The f_holes, etc. vars are setup to give the page count. */
         PRINT (out,
               "<result_count>"
-              "%i"
-              "<full>%i</full>"
               "<filtered>%i</filtered>"
-              "<hole><full>%i</full><filtered>%i</filtered></hole>"
-              "<info><full>%i</full><filtered>%i</filtered></info>"
-              "<log><full>%i</full><filtered>%i</filtered></log>"
-              "<warning><full>%i</full><filtered>%i</filtered></warning>"
+              "<hole><filtered>%i</filtered></hole>"
+              "<info><filtered>%i</filtered></info>"
+              "<log><filtered>%i</filtered></log>"
+              "<warning><filtered>%i</filtered></warning>"
               "<false_positive>"
-              "<full>%i</full>"
               "<filtered>%i</filtered>"
               "</false_positive>"
               "</result_count>",
-              total_result_count,
-              total_result_count,
-              filtered_result_count,
-              holes,
-              (strchr (levels, 'h') ? f_holes : 0),
-              infos,
-              (strchr (levels, 'l') ? f_infos : 0),
-              logs,
-              (strchr (levels, 'g') ? f_logs : 0),
-              warnings,
-              (strchr (levels, 'm') ? f_warnings : 0),
-              false_positives,
-              (strchr (levels, 'f') ? f_false_positives : 0));
+              orig_filtered_result_count,
+              (strchr (levels, 'h') ? orig_f_holes : 0),
+              (strchr (levels, 'l') ? orig_f_infos : 0),
+              (strchr (levels, 'g') ? orig_f_logs : 0),
+              (strchr (levels, 'm') ? orig_f_warnings : 0),
+              (strchr (levels, 'f') ? orig_f_false_positives : 0));
+      else
+        {
+          if (count_filtered)
+            filtered_result_count = f_holes + f_infos + f_logs
+                                    + f_warnings + false_positives;
 
-        PRINT (out,
-              "<severity>"
-              "<full>%1.1f</full>"
-              "<filtered>%1.1f</filtered>"
-              "</severity>",
-              severity,
-              f_severity);
-      }
-  }
+          PRINT (out,
+                "<result_count>"
+                "%i"
+                "<full>%i</full>"
+                "<filtered>%i</filtered>"
+                "<hole><full>%i</full><filtered>%i</filtered></hole>"
+                "<info><full>%i</full><filtered>%i</filtered></info>"
+                "<log><full>%i</full><filtered>%i</filtered></log>"
+                "<warning><full>%i</full><filtered>%i</filtered></warning>"
+                "<false_positive>"
+                "<full>%i</full>"
+                "<filtered>%i</filtered>"
+                "</false_positive>"
+                "</result_count>",
+                total_result_count,
+                total_result_count,
+                filtered_result_count,
+                holes,
+                (strchr (levels, 'h') ? f_holes : 0),
+                infos,
+                (strchr (levels, 'l') ? f_infos : 0),
+                logs,
+                (strchr (levels, 'g') ? f_logs : 0),
+                warnings,
+                (strchr (levels, 'm') ? f_warnings : 0),
+                false_positives,
+                (strchr (levels, 'f') ? f_false_positives : 0));
+
+          PRINT (out,
+                "<severity>"
+                "<full>%1.1f</full>"
+                "<filtered>%1.1f</filtered>"
+                "</severity>",
+                severity,
+                f_severity);
+        }
+    }
 
   if (host_summary)
     {
@@ -31236,22 +31213,21 @@ print_report_xml_start (report_t report, report_t delta, task_t task,
         }
       cleanup_iterator (&hosts);
     }
-  #if COMPLIANCE_REPORTS == 1
-    if (strcmp (tsk_usage_type, "audit") == 0)
-      {
-        g_hash_table_destroy (f_host_compliant);
-        g_hash_table_destroy (f_host_notcompliant);
-        g_hash_table_destroy (f_host_incomplete);
-        g_hash_table_destroy (f_host_undefined);
-      } else
-  #endif
-  {
-    g_hash_table_destroy (f_host_holes);
-    g_hash_table_destroy (f_host_warnings);
-    g_hash_table_destroy (f_host_infos);
-    g_hash_table_destroy (f_host_logs);
-    g_hash_table_destroy (f_host_false_positives);
-  }
+  if (strcmp (tsk_usage_type, "audit") == 0)
+    {
+      g_hash_table_destroy (f_host_compliant);
+      g_hash_table_destroy (f_host_notcompliant);
+      g_hash_table_destroy (f_host_incomplete);
+      g_hash_table_destroy (f_host_undefined);
+    }
+  else
+    {
+      g_hash_table_destroy (f_host_holes);
+      g_hash_table_destroy (f_host_warnings);
+      g_hash_table_destroy (f_host_infos);
+      g_hash_table_destroy (f_host_logs);
+      g_hash_table_destroy (f_host_false_positives);
+    }
   g_hash_table_destroy (f_host_ports);
 
   /* Print TLS certificates */
@@ -31349,36 +31325,36 @@ print_report_xml_start (report_t report, report_t delta, task_t task,
   return 0;
 
   failed_delta_report:
-     fclose (out);
-     g_free (sort_field);
-     g_free (levels);
-     g_free (search_phrase);
-     g_free (min_qod);
-     g_free (delta_states);
-     cleanup_iterator (&results);
-     cleanup_iterator (&delta_results);
+    fclose (out);
+    g_free (sort_field);
+    g_free (levels);
+    g_free (search_phrase);
+    g_free (min_qod);
+    g_free (delta_states);
+    cleanup_iterator (&results);
+    cleanup_iterator (&delta_results);
   failed_print_report_host:
     if (host_summary_buffer)
         g_string_free (host_summary_buffer, TRUE);
     tz_revert (zone, tz, old_tz_override);
     g_hash_table_destroy (f_host_ports);
-    #if COMPLIANCE_REPORTS == 1
-      g_free (compliance_levels);
-      if (strcmp (tsk_usage_type, "audit") == 0)
+
+    g_free (compliance_levels);
+    if (strcmp (tsk_usage_type, "audit") == 0)
       {
         g_hash_table_destroy (f_host_compliant);
         g_hash_table_destroy (f_host_notcompliant);
         g_hash_table_destroy (f_host_incomplete);
         g_hash_table_destroy (f_host_undefined);
-      } else
-    #endif
-    {
-      g_hash_table_destroy (f_host_holes);
-      g_hash_table_destroy (f_host_warnings);
-      g_hash_table_destroy (f_host_infos);
-      g_hash_table_destroy (f_host_logs);
-      g_hash_table_destroy (f_host_false_positives);
-    }
+      }
+    else
+      {
+        g_hash_table_destroy (f_host_holes);
+        g_hash_table_destroy (f_host_warnings);
+        g_hash_table_destroy (f_host_infos);
+        g_hash_table_destroy (f_host_logs);
+        g_hash_table_destroy (f_host_false_positives);
+      }
     return -1;
 }
 
@@ -53686,10 +53662,8 @@ modify_setting (const gchar *uuid, const gchar *name,
         setting_name = g_strdup ("Alerts Filter");
       else if (strcmp (uuid, "0f040d06-abf9-43a2-8f94-9de178b0e978") == 0)
         setting_name = g_strdup ("Assets Filter");
-      #if COMPLIANCE_REPORTS == 1
-        else if (strcmp (uuid, "45414da7-55f0-44c1-abbb-6b7d1126fbdf") == 0)
-          setting_name = g_strdup ("Audit Reports Filter");
-      #endif
+      else if (strcmp (uuid, "45414da7-55f0-44c1-abbb-6b7d1126fbdf") == 0)
+        setting_name = g_strdup ("Audit Reports Filter");
       else if (strcmp (uuid, "1a9fbd91-0182-44cd-bc88-a13a9b3b1bef") == 0)
         setting_name = g_strdup ("Configs Filter");
       else if (strcmp (uuid, "186a5ac8-fe5a-4fb1-aa22-44031fb339f3") == 0)
@@ -53813,10 +53787,8 @@ modify_setting (const gchar *uuid, const gchar *name,
         setting_name = g_strdup ("Reports Top Dashboard Configuration");
 
       /* Audit Reports dashboard settings */
-      #if COMPLIANCE_REPORTS == 1
-        else if (strcmp (uuid, "8083d77b-05bb-4b17-ab39-c81175cb512c") == 0)
-          setting_name = g_strdup ("Audit Reports Top Dashboard Configuration");
-      #endif
+      else if (strcmp (uuid, "8083d77b-05bb-4b17-ab39-c81175cb512c") == 0)
+        setting_name = g_strdup ("Audit Reports Top Dashboard Configuration");
       /* Results dashboard settings */
       else if (strcmp (uuid, "0b8ae70d-d8fc-4418-8a72-e65ac8d2828e") == 0)
         setting_name = g_strdup ("Results Top Dashboard Configuration");
@@ -57579,18 +57551,16 @@ tag_add_resources_filter (tag_t tag, const char *type, const char *filter)
         {
           get_data_set_extra (&resources_get, "usage_type", g_strdup ("scan"));
         }
-      #if COMPLIANCE_REPORTS == 1
-        else if (strcasecmp (type, "audit_report") == 0)
-          {
-            type = g_strdup ("report");
-            resources_get.type = g_strdup (type);
-            get_data_set_extra (&resources_get, "usage_type", g_strdup ("audit"));
-          }
-        else if (strcasecmp (type, "report") == 0)
-          {
-            get_data_set_extra (&resources_get, "usage_type", g_strdup ("scan"));
-          }
-      #endif
+      else if (strcasecmp (type, "audit_report") == 0)
+        {
+          type = g_strdup ("report");
+          resources_get.type = g_strdup (type);
+          get_data_set_extra (&resources_get, "usage_type", g_strdup ("audit"));
+        }
+      else if (strcasecmp (type, "report") == 0)
+        {
+          get_data_set_extra (&resources_get, "usage_type", g_strdup ("scan"));
+        }
 
       gchar *columns;
 
@@ -57762,20 +57732,18 @@ tag_remove_resources_filter (tag_t tag, const char *type, const char *filter)
         {
           get_data_set_extra (&resources_get, "usage_type", g_strdup ("scan"));
         }
-      #if COMPLIANCE_REPORTS == 1
-        else if (strcasecmp (type, "audit_report") == 0)
-          {
-            type = g_strdup ("report");
-            resources_get.type = g_strdup (type);
-            get_data_set_extra (&resources_get,
-                                "usage_type",
-                                g_strdup ("audit"));
-          }
-        else if (strcasecmp (type, "report") == 0)
-          {
-            get_data_set_extra (&resources_get, "usage_type", g_strdup ("scan"));
-          }
-      #endif
+      else if (strcasecmp (type, "audit_report") == 0)
+        {
+          type = g_strdup ("report");
+          resources_get.type = g_strdup (type);
+          get_data_set_extra (&resources_get,
+                              "usage_type",
+                              g_strdup ("audit"));
+        }
+      else if (strcasecmp (type, "report") == 0)
+        {
+          get_data_set_extra (&resources_get, "usage_type", g_strdup ("scan"));
+        }
 
       gchar *columns;
 

From 4e12e124e8a5d81e4a378d6db788f9f225bb1c1c Mon Sep 17 00:00:00 2001
From: Johannes Helmold <johannes.helmold@greenbone.net>
Date: Mon, 4 Nov 2024 17:48:21 +0100
Subject: [PATCH 114/134] Dropped the dump that compliance reports are enabled.

Removed the dump that compliance reports are enabled, because
that is alway the case from now on.
---
 src/gvmd.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/src/gvmd.c b/src/gvmd.c
index 722ea2022..99f8e1fa1 100644
--- a/src/gvmd.c
+++ b/src/gvmd.c
@@ -2325,7 +2325,6 @@ gvmd (int argc, char** argv, char *env[])
 #if CVSS3_RATINGS == 1
       printf ("CVSS3 severity ratings enabled\n");
 #endif
-      printf ("Compliance reports enabled\n");
       printf ("Copyright (C) 2009-2021 Greenbone AG\n");
       printf ("License: AGPL-3.0-or-later\n");
       printf

From fcb7397ab49be6026d37a7349f30a2ba99312d5e Mon Sep 17 00:00:00 2001
From: Johannes Helmold <johannes.helmold@greenbone.net>
Date: Tue, 5 Nov 2024 10:37:54 +0100
Subject: [PATCH 115/134] Removed variables @IF_COMPLIANCE_REPORTS@,
 @ENDIF_COMPLIANCE_REPORTS@.

---
 src/schema_formats/XML/GMP.xml.in | 28 ----------------------------
 1 file changed, 28 deletions(-)

diff --git a/src/schema_formats/XML/GMP.xml.in b/src/schema_formats/XML/GMP.xml.in
index eb2feaf73..5f2ca6573 100644
--- a/src/schema_formats/XML/GMP.xml.in
+++ b/src/schema_formats/XML/GMP.xml.in
@@ -68,7 +68,6 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
     </description>
     <pattern>xsd:token { pattern = "y?n?i?u?" }</pattern>
   </type>
-  @IF_COMPLIANCE_REPORTS@
   <type>
     <name>compliance_status</name>
     <summary>A compliance status</summary>
@@ -76,7 +75,6 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
       xsd:token { pattern = "yes|no|incomplete|undefined" }
     </pattern>
   </type>
-  @ENDIF_COMPLIANCE_REPORTS@
   <type>
     <name>ctime</name>
     <summary>A date and time, in the C `ctime' format</summary>
@@ -2025,16 +2023,12 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
             <e>permissions</e>
             <o><e>user_tags</e></o>
             <e>scan_run_status</e>
-            @IF_COMPLIANCE_REPORTS@
             <o>
-            @ENDIF_COMPLIANCE_REPORTS@
             <e>result_count</e>
             <e>severity</e>
-            @IF_COMPLIANCE_REPORTS@
             </o>
             <o><e>compliance_count</e></o>
             <o><e>compliance</e></o>
-            @ENDIF_COMPLIANCE_REPORTS@
             <e>task</e>
             <e>ports</e>
             <e>results</e>
@@ -2468,7 +2462,6 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
           </ele>
         </ele>
       </ele>
-      @IF_COMPLIANCE_REPORTS@
       <ele>
         <name>compliance_count</name>
         <summary>Counts of compliance results. Only for reports of an audit task.</summary>
@@ -2577,7 +2570,6 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
           </ele>
         </ele>
       </ele>
-      @ENDIF_COMPLIANCE_REPORTS@
       <ele>
         <name>severity</name>
         <pattern>
@@ -2595,7 +2587,6 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
           <summary>Maximum severity of the report after filtering</summary>
         </ele>
       </ele>
-      @IF_COMPLIANCE_REPORTS@
       <ele>
         <name>compliance</name>
         <pattern>
@@ -2613,7 +2604,6 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
           <summary>Compliance of the report after filtering ("yes", "no", "incomplete" or "undefined")</summary>
         </ele>
       </ele>
-      @ENDIF_COMPLIANCE_REPORTS@
       <ele>
         <name>task</name>
         <pattern>
@@ -2875,15 +2865,11 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
           <e>start</e>
           <e>end</e>
           <e>port_count</e>
-          @IF_COMPLIANCE_REPORTS@
           <o>
-          @ENDIF_COMPLIANCE_REPORTS@
           <e>result_count</e>
-          @IF_COMPLIANCE_REPORTS@
           </o>
           <o><e>compliance_count</e></o>
           <o><e>host_compliance</e></o>
-          @ENDIF_COMPLIANCE_REPORTS@
           <any><e>detail</e></any>
         </pattern>
         <ele>
@@ -3001,7 +2987,6 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
             </ele>
           </ele>
         </ele>
-        @IF_COMPLIANCE_REPORTS@
         <ele>
           <name>compliance_count</name>
           <summary>Only for audit reports</summary>
@@ -3071,7 +3056,6 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
           <summary>Only for audit reports. Host compliance</summary>
           <pattern><t>compliance_status</t></pattern>
         </ele>
-        @ENDIF_COMPLIANCE_REPORTS@
         <ele>
           <name>detail</name>
           <summary>A detail associated with the host</summary>
@@ -18029,13 +18013,11 @@ END:VCALENDAR
             <type>integer</type>
             <summary>Minimum QoD of the results</summary>
           </option>
-          @IF_COMPLIANCE_REPORTS@
           <option>
             <name>report_compliance_levels</name>
             <type>compliance_levels</type>
             <summary>report compliance level to select</summary>
           </option>
-          @ENDIF_COMPLIANCE_REPORTS@   
           <column>
             <name>tag</name>
             <type>text</type>
@@ -18181,7 +18163,6 @@ END:VCALENDAR
             <type>iso_time</type>
             <summary>Scan end time</summary>
           </column>
-          @IF_COMPLIANCE_REPORTS@
           <column>
             <name>compliance_yes</name>
             <type>integer</type>
@@ -18202,7 +18183,6 @@ END:VCALENDAR
             <type>compliance_status</type>
             <summary>Compliance state of the report. Can be yes, no, incomplete or undefined</summary>
           </column>
-          @ENDIF_COMPLIANCE_REPORTS@      
         </filter_keywords>
       </attrib>
       <attrib>
@@ -18272,7 +18252,6 @@ END:VCALENDAR
         </summary>
         <type>boolean</type>
       </attrib>
-      @IF_COMPLIANCE_REPORTS@
       <attrib>
           <name>usage_type</name>
           <summary>Optional usage type to limit the reports to. Affects total count unlike filter</summary>
@@ -18284,7 +18263,6 @@ END:VCALENDAR
             </alts>
           </type>
       </attrib>
-      @ENDIF_COMPLIANCE_REPORTS@
     </pattern>
     <response>
       <pattern>
@@ -23005,15 +22983,11 @@ END:VCALENDAR
               </attrib>
               <e>timestamp</e>
               <e>scan_end</e>
-              @IF_COMPLIANCE_REPORTS@
               <o>
-              @ENDIF_COMPLIANCE_REPORTS@
               <e>result_count</e>
               <e>severity</e>
-              @IF_COMPLIANCE_REPORTS@
               </o>
               <o><e>compliance_count</e></o>
-              @ENDIF_COMPLIANCE_REPORTS@
             </pattern>
             <ele>
               <name>timestamp</name>
@@ -23059,7 +23033,6 @@ END:VCALENDAR
               <pattern><t>severity</t></pattern>
               <summary>Maximum severity of the report</summary>
             </ele>
-            @IF_COMPLIANCE_REPORTS@
             <ele>
               <name>compliance_count</name>
               <summary>Complaince counts. Only for audit tasks</summary>
@@ -23086,7 +23059,6 @@ END:VCALENDAR
                 <pattern><t>integer</t></pattern>
               </ele>
             </ele>
-            @ENDIF_COMPLIANCE_REPORTS@
           </ele>
         </ele>
         <ele>

From fc1ed180fcb82b29b93129dacde6f7c10ce70ee7 Mon Sep 17 00:00:00 2001
From: Johannes Helmold <johannes.helmold@greenbone.net>
Date: Tue, 5 Nov 2024 14:55:20 +0100
Subject: [PATCH 116/134] Small optimization of setting the log file.

---
 CMakeLists.txt | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index ec0d19b3b..17f6af582 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -165,12 +165,10 @@ endif (NOT GVMD_STATE_DIR)
 
 if (NOT GVMD_LOG_FILE)
   if (GVM_LOG_DIR)
-    set (GVMD_LOG_FILE    "${GVM_LOG_DIR}/gvmd.log")
+    set (GVMD_LOG_FILE "${GVM_LOG_DIR}/gvmd.log")
   else (GVM_LOG_DIR)
-    set (GVMD_LOG_FILE    "-")
-  endif (GVMD_LOG_DIR)
-else (NOT GVMD_LOG_FILE)
-  set (GVMD_LOG_FILE    "${GVMD_LOG_FILE}")
+    set (GVMD_LOG_FILE "-")
+  endif (GVM_LOG_DIR)
 endif (NOT GVMD_LOG_FILE)
 
 set (GVM_SCAP_RES_DIR "${GVM_DATA_DIR}/scap")

From c86349ac666ff3c038422dcff421b1f84bcd6cb8 Mon Sep 17 00:00:00 2001
From: Ahmed Abdelsalam <ahmed.abdelsalam@greenbone.net>
Date: Thu, 7 Nov 2024 11:27:46 +0100
Subject: [PATCH 117/134] Remove: Remove delta reports non-default code and
 feature toggle

---
 src/manage_sql.c       | 1623 +---------------------------------------
 src/manage_sql.h       |    5 -
 src/manage_sql_tests.c |  104 ---
 3 files changed, 28 insertions(+), 1704 deletions(-)

diff --git a/src/manage_sql.c b/src/manage_sql.c
index be266c79a..a70d9068f 100644
--- a/src/manage_sql.c
+++ b/src/manage_sql.c
@@ -340,9 +340,6 @@ setting_dynamic_severity_int ();
 static char *
 setting_timezone ();
 
-static int
-setting_delta_reports_version_int ();
-
 static double
 task_severity_double (task_t, int, int, int);
 
@@ -6537,82 +6534,6 @@ set_current_encryption_key_uid (const char *new_uid)
   g_free (quoted_new_uid);
 }
 
-
-
-/* Collation. */
-
-/**
- * @brief Compare two number strings for collate_ip.
- *
- * @param[in]  one_arg  First string.
- * @param[in]  two_arg  Second string.
- *
- * @return -1, 0 or 1 if first is less than, equal to or greater than second.
- */
-static int
-collate_ip_compare (const char *one_arg, const char *two_arg)
-{
-  int one = atoi (one_arg);
-  int two = atoi (two_arg);
-  return one == two ? 0 : (one < two ? -1 : 1);
-}
-
-/**
- * @brief Collate two IP addresses.
- *
- * For example, 127.0.0.2 is less than 127.0.0.3 and 127.0.0.10.
- *
- * Only works correctly for IPv4 addresses.
- *
- * @param[in]  data     Dummy for callback.
- * @param[in]  one_len  Length of first IP (a string).
- * @param[in]  arg_one  First string.
- * @param[in]  two_len  Length of second IP (a string).
- * @param[in]  arg_two  Second string.
- *
- * @return -1, 0 or 1 if first is less than, equal to or greater than second.
- */
-static int
-collate_ip (void* data,
-            int one_len, const void* arg_one,
-            int two_len, const void* arg_two)
-{
-  int ret, one_dot, two_dot;
-  char one_a[4], one_b[4], one_c[4], one_d[4];
-  char two_a[4], two_b[4], two_c[4], two_d[4];
-  const char* one = (const char*) arg_one;
-  const char* two = (const char*) arg_two;
-
-  if ((sscanf (one, "%3[0-9].%3[0-9].%3[0-9].%n%3[0-9]",
-               one_a, one_b, one_c, &one_dot, one_d)
-       == 4)
-      && (sscanf (two, "%3[0-9].%3[0-9].%3[0-9].%n%3[0-9]",
-                  two_a, two_b, two_c, &two_dot, two_d)
-          == 4))
-    {
-      ret = collate_ip_compare (one_a, two_a);
-      if (ret) return ret < 0 ? -1 : 1;
-
-      ret = collate_ip_compare (one_b, two_b);
-      if (ret) return ret < 0 ? -1 : 1;
-
-      ret = collate_ip_compare (one_c, two_c);
-      if (ret) return ret < 0 ? -1 : 1;
-
-      /* Ensure that the last number is limited to digits in the arg. */
-      one_d[one_len - one_dot] = '\0';
-      two_d[two_len - two_dot] = '\0';
-
-      ret = collate_ip_compare (one_d, two_d);
-      if (ret) return ret < 0 ? -1 : 1;
-
-      return 0;
-    }
-
-  ret = strncmp (one, two, MIN (one_len, two_len));
-  return ret == 0 ? 0 : (ret < 0 ? -1 : 1);
-}
-
 
 /* Task subject iterators. */
 
@@ -16093,17 +16014,6 @@ check_db_settings ()
          "  'Roles given access to new resources from feed.',"
          "  '" ROLE_UUID_ADMIN "," ROLE_UUID_USER "');");
 
-  if (sql_int ("SELECT count(*) FROM settings"
-               " WHERE uuid = '" SETTING_UUID_DELTA_REPORTS_VERSION "'"
-               " AND " ACL_IS_GLOBAL () ";")
-      == 0)
-    sql ("INSERT into settings (uuid, owner, name, comment, value)"
-         " VALUES"
-         " ('" SETTING_UUID_DELTA_REPORTS_VERSION "', NULL,"
-         "  'Delta Reports Version',"
-         "  'Version of the generation of the Delta Reports.',"
-         "  '2' );");
-
   if (sql_int ("SELECT count(*) FROM settings"
                " WHERE uuid = '" SETTING_UUID_SECINFO_SQL_BUFFER_THRESHOLD "'"
                " AND " ACL_IS_GLOBAL () ";")
@@ -23998,37 +23908,6 @@ DEF_ACCESS (result_iterator_port, GET_ITERATOR_COLUMN_COUNT + 1);
  */
 DEF_ACCESS (result_iterator_nvt_oid, GET_ITERATOR_COLUMN_COUNT + 2);
 
-/**
- * @brief Get the original type from a result iterator.
- *
- * This is the column 'type'.
- *
- * @param[in]  iterator  Iterator.
- *
- * @return The original type of the result.  Caller must only use before calling
- *         cleanup_iterator.
- */
-static
-DEF_ACCESS (result_iterator_original_type, GET_ITERATOR_COLUMN_COUNT + 3);
-
-/**
- * @brief Get the type from a result iterator.
- *
- * This is the overridden type.
- *
- * @param[in]  iterator  Iterator.
- *
- * @return The type of the result.  Caller must only use before calling
- *         cleanup_iterator.
- */
-static const char*
-result_iterator_type (iterator_t *iterator)
-{
-  if (iterator->done) return NULL;
-  /* new_type */
-  return iterator_string (iterator, GET_ITERATOR_COLUMN_COUNT + 4);
-}
-
 /**
  * @brief Get the descr from a result iterator.
  *
@@ -26978,492 +26857,6 @@ void buffer_results_xml (GString *, iterator_t *, task_t, int, int, int,
                          int, int, int, int, const char *, iterator_t *,
                          int, int, int, int);
 
-/**
- * @brief Comparison returns.
- */
-typedef enum
-{
-  COMPARE_RESULTS_CHANGED,
-  COMPARE_RESULTS_ERROR,
-  COMPARE_RESULTS_GONE,
-  COMPARE_RESULTS_NEW,
-  COMPARE_RESULTS_SAME
-} compare_results_t;
-
-/**
- * @brief Return the sort order of two results.
- *
- * @param[in]  results        Iterator containing first result.
- * @param[in]  delta_results  Iterator containing second result.
- * @param[in]  sort_order     Whether to sort ascending or descending.
- * @param[in]  sort_field     Field to sort on, or NULL for "type".
- *
- * @return < 0 if first comes before second, 0 if equal, > 0 if first comes
- *         after second.
- */
-static compare_results_t
-result_cmp (iterator_t *results, iterator_t *delta_results, int sort_order,
-            const char* sort_field)
-{
-  const char *host, *delta_host, *port, *delta_port;
-  const char *nvt, *delta_nvt, *name, *delta_name, *descr, *delta_descr;
-  int ret;
-  double severity, delta_severity;
-
-  if (sort_field == NULL)
-    sort_field = "type";
-
-  g_debug ("   delta: %s: sort_order: %i", __func__, sort_order);
-  g_debug ("   delta: %s: sort_field: %s", __func__, sort_field);
-
-  host = result_iterator_host (results);
-  delta_host = result_iterator_host (delta_results);
-
-  port = result_iterator_port (results);
-  delta_port = result_iterator_port (delta_results);
-
-  severity = result_iterator_severity_double (results);
-  delta_severity = result_iterator_severity_double (delta_results);
-
-  nvt = result_iterator_nvt_oid (results);
-  delta_nvt = result_iterator_nvt_oid (delta_results);
-
-  name = result_iterator_nvt_name (results);
-  delta_name = result_iterator_nvt_name (delta_results);
-
-  descr = result_iterator_descr (results);
-  delta_descr = result_iterator_descr (delta_results);
-
-  /* For delta reports to work correctly, the order must be the same as in
-   * init_delta_iterators, except that description should not be checked
-   * unless it is the sort_field.
-   *
-   * If description is not the sort_field it is checked after the result_cmp
-   * in compare_results. */
-
-  /* Check sort_field first, also using sort_order (0 is descending). */
-  if (strcmp (sort_field, "host") == 0)
-    {
-      ret = collate_ip (NULL,
-                        strlen (host), host, strlen (delta_host), delta_host);
-      if (sort_order == 0)
-        ret = -ret;
-      g_debug ("   delta: %s: host (%s): %s VS %s (%i)",
-               __func__, sort_order ? "desc" : "asc",
-               host, delta_host, ret);
-      if (ret)
-        return ret;
-    }
-  else if (strcmp (sort_field, "port") == 0
-           || strcmp (sort_field, "location") == 0)
-    {
-      ret = strcmp (port, delta_port);
-      if (sort_order == 0)
-        ret = -ret;
-      g_debug ("   delta: %s: port (%s): %s VS %s (%i)",
-               __func__, sort_order ? "desc" : "asc",
-               port, delta_port, ret);
-      if (ret)
-        return ret;
-    }
-  else if (strcmp (sort_field, "severity") == 0)
-    {
-      if (severity > delta_severity)
-        ret = sort_order ? 1 : -1;
-      else if (severity < delta_severity)
-        ret = sort_order ? -1 : 1;
-      else
-        ret = 0;
-      g_debug ("   delta: %s: severity (%s): %f VS %f (%i)",
-               __func__, sort_order ? "desc" : "asc",
-               severity, delta_severity, ret);
-      if (ret)
-        return ret;
-    }
-  /* NVT OID, not name/vulnerability. */
-  else if (strcmp (sort_field, "nvt") == 0)
-    {
-      ret = strcmp (nvt, delta_nvt);
-      if (sort_order)
-        ret = -ret;
-      g_debug ("   delta: %s: nvt (%s): %s VS %s (%i)",
-               __func__, sort_order ? "desc" : "asc",
-               nvt, delta_nvt, ret);
-      if (ret)
-        return ret;
-    }
-  else if (strcmp (sort_field, "description") == 0)
-    {
-      ret = strcmp (descr, delta_descr);
-      if (sort_order == 0)
-        ret = -ret;
-      g_debug ("   delta: %s: description (%s): %s VS %s (%i)",
-               __func__, sort_order ? "desc" : "asc",
-               descr, delta_descr, ret);
-      if (ret)
-        return ret;
-    }
-  else if (strcmp (sort_field, "type") == 0)
-    {
-      const char *type, *delta_type;
-
-      type = result_iterator_type (results);
-      delta_type = result_iterator_type (delta_results);
-
-      ret = strcmp (type, delta_type);
-      if (sort_order == 0)
-        ret = -ret;
-      g_debug ("   delta: %s: type (%s): %s VS %s (%i)",
-               __func__, sort_order ? "desc" : "asc",
-               descr, delta_descr, ret);
-      if (ret)
-        return ret;
-    }
-  else if (strcmp (sort_field, "original_type") == 0)
-    {
-      const char *type, *delta_type;
-
-      type = result_iterator_original_type (results);
-      delta_type = result_iterator_original_type (delta_results);
-
-      ret = strcmp (type, delta_type);
-      if (sort_order == 0)
-        ret = -ret;
-      g_debug ("   delta: %s: original_type (%s): %s VS %s (%i)",
-               __func__, sort_order ? "desc" : "asc",
-               descr, delta_descr, ret);
-      if (ret)
-        return ret;
-    }
-  else
-    {
-      /* Default to "vulnerability" (a.k.a "name") for unknown sort fields.
-       *
-       * Also done in print_report_xml_start, so this is just a safety check. */
-      ret = strcmp (name ? name : "", delta_name ? delta_name : "");
-      if (sort_order == 0)
-        ret = -ret;
-      if (ret)
-        return ret;
-    }
-
-  /* Check remaining fields */
-  if (strcmp (sort_field, "host"))
-    {
-      ret = collate_ip (NULL,
-                        strlen (host), host, strlen (delta_host), delta_host);
-      g_debug ("   delta: %s: host: %s VS %s (%i)",
-               __func__, host, delta_host, ret);
-      if (ret)
-        return ret;
-    }
-  if (strcmp (sort_field, "port")
-      && strcmp (sort_field, "location"))
-    {
-      ret = strcmp (port, delta_port);
-      g_debug ("   delta: %s: port: %s VS %s (%i)",
-               __func__, port, delta_port, ret);
-      if (ret)
-        return ret;
-    }
-  if (strcmp (sort_field, "severity"))
-    {
-      if (severity > delta_severity)
-        ret = 1;
-      else if (severity < delta_severity)
-        ret = -1;
-      else
-        ret = 0;
-      g_debug ("   delta: %s: severity: %f VS %f (%i)",
-               __func__, severity, delta_severity, ret);
-      if (ret)
-        return ret;
-    }
-  if (strcmp (sort_field, "nvt"))
-    {
-      ret = strcmp (nvt, delta_nvt);
-      g_debug ("   delta: %s: nvt: %s VS %s (%i)",
-               __func__, nvt, delta_nvt, ret);
-      if (ret)
-        return ret;
-    }
-
-  return 0;
-}
-
-/**
- * @brief Test if two strings are equal, ignoring whitespace.
- *
- * @param[in]  one  First string.
- * @param[in]  two  Second string.
- *
- * @return 1 if equal, else 0.
- */
-static int
-streq_ignore_ws (const gchar *one, const gchar *two)
-{
-  if (one == NULL)
-    return two == NULL;
-  if (two == NULL)
-    return 0;
-
-  while (1)
-    {
-      /* Skip space in both. */
-      while (isspace (*one))
-        one++;
-      while (isspace (*two))
-        two++;
-
-      /* Check for end. */
-      if (*one == '\0')
-        break;
-      if (*two == '\0')
-        return 0;
-
-      /* Compare. */
-      if (*one != *two)
-        return 0;
-
-      /* Next. */
-      one++;
-      two++;
-    }
-  if (*two)
-    return 0;
-  return 1;
-}
-
-/**
- * @brief Compare two results.
- *
- * @param[in]  results        Iterator containing first result.
- * @param[in]  delta_results  Iterator containing second result.
- * @param[in]  sort_order     Whether to sort ascending or descending.
- * @param[in]  sort_field     Field to sort on, or NULL for "type".
- *
- * @return Result of comparison.
- */
-static compare_results_t
-compare_results (iterator_t *results, iterator_t *delta_results, int sort_order,
-                 const char* sort_field)
-{
-  int ret;
-  const char *descr, *delta_descr;
-
-  g_debug ("   delta: %s", __func__);
-
-  ret = result_cmp (results, delta_results, sort_order, sort_field);
-  if (ret > 0)
-    /* The delta result sorts first, so it is new. */
-    return COMPARE_RESULTS_NEW;
-  if (ret < 0)
-    /* The 'results' result sorts first, so it has gone. */
-    return COMPARE_RESULTS_GONE;
-
-  descr = result_iterator_descr (results);
-  delta_descr = result_iterator_descr (delta_results);
-
-  g_debug ("   delta: %s: descr: %s VS %s (%i)",
-          __func__,
-          descr ? descr : "NULL",
-          delta_descr ? delta_descr : "NULL",
-          (descr && delta_descr) ? strcmp (descr, delta_descr) : 0);
-
-  /* This comparison ignores whitespace to match the diff output created by
-   * strdiff in gmp.c.  The down side of this is that the comparison may be
-   * affected by the locale.
-   *
-   * An alternate would be to use the strdiff result as the comparison, but
-   * strdiff is only called for the results on the page (and not for the
-   * rest of the results, which must also be compared for the counts).
-   * Using strdiff for all results could also be slow, because it's running
-   * the diff command. */
-  if (descr && delta_descr && (streq_ignore_ws (descr, delta_descr) == 0))
-    return COMPARE_RESULTS_CHANGED;
-
-  return COMPARE_RESULTS_SAME;
-}
-
-/**
- * @brief Compare two results, optionally writing associated XML to a buffer.
- *
- * This is called with buffer NULL to compare results after the page limit
- * (filter keyword "max") is reached.  These results need to be compared to be
- * included in the counts.
- *
- * @param[in]  buffer         Buffer.  NULL to skip writing to buffer.
- * @param[in]  results        Iterator containing first result.
- * @param[in]  delta_results  Iterator containing second result.
- * @param[in]  task           Task associated with report.
- * @param[in]  notes              Whether to include notes.
- * @param[in]  notes_details      If notes, Whether to include details.
- * @param[in]  overrides          Whether to include overrides.
- * @param[in]  overrides_details  If overrides, Whether to include details.
- * @param[in]  sort_order     Whether to sort ascending or descending.
- * @param[in]  sort_field     Field to sort on, or NULL for "type".
- * @param[in]  changed        Whether to include changed results.
- * @param[in]  gone           Whether to include gone results.
- * @param[in]  new            Whether to include new results.
- * @param[in]  same           Whether to include same results.
- * @param[in]  max_results    Value to decrement if result is buffered.
- * @param[in]  first_result   Skip result and decrement if positive.
- * @param[in]  used           0 if used, 1 if skipped.
- * @param[in]  would_use      0 if would use (first_result aside), 1 if skipped.
- *
- * @return Result of comparison.
- */
-static compare_results_t
-compare_and_buffer_results (GString *buffer, iterator_t *results,
-                            iterator_t *delta_results, task_t task, int notes,
-                            int notes_details, int overrides,
-                            int overrides_details, int sort_order,
-                            const char* sort_field, int changed, int gone,
-                            int new, int same, int *max_results,
-                            int *first_result, int *used, int *would_use)
-{
-  compare_results_t state;
-  state = compare_results (results, delta_results, sort_order, sort_field);
-  *used = 0;
-  *would_use = 0;
-  switch (state)
-    {
-      case COMPARE_RESULTS_CHANGED:
-        if (changed)
-          {
-            *would_use = 1;
-            if (*first_result)
-              {
-                g_debug ("   delta: skip");
-                (*first_result)--;
-                break;
-              }
-            *used = 1;
-            (*max_results)--;
-            if (buffer)
-              buffer_results_xml (buffer,
-                                  results,
-                                  task,
-                                  notes,
-                                  notes_details,
-                                  overrides,
-                                  overrides_details,
-                                  0,
-                                  0,
-                                  0,
-                                  "changed",
-                                  delta_results,
-                                  /* This is the only case that uses 1. */
-                                  1,  /* Whether result is "changed". */
-                                  -1,
-                                  0,  /* Lean. */
-                                  0); /* Delta fields. */
-          }
-        break;
-
-      case COMPARE_RESULTS_GONE:
-        if (gone)
-          {
-            *would_use = 1;
-            if (*first_result)
-              {
-                g_debug ("   delta: skip");
-                (*first_result)--;
-                break;
-              }
-            *used = 1;
-            (*max_results)--;
-            if (buffer)
-              buffer_results_xml (buffer,
-                                  results,
-                                  task,
-                                  notes,
-                                  notes_details,
-                                  overrides,
-                                  overrides_details,
-                                  0,
-                                  0,
-                                  0,
-                                  "gone",
-                                  delta_results,
-                                  0,
-                                  -1,
-                                  0,  /* Lean. */
-                                  0); /* Delta fields. */
-          }
-        break;
-
-      case COMPARE_RESULTS_NEW:
-        if (new)
-          {
-            *would_use = 1;
-            if (*first_result)
-              {
-                g_debug ("   delta: skip");
-                (*first_result)--;
-                break;
-              }
-            *used = 1;
-            (*max_results)--;
-            if (buffer)
-              buffer_results_xml (buffer,
-                                  delta_results,
-                                  task,
-                                  notes,
-                                  notes_details,
-                                  overrides,
-                                  overrides_details,
-                                  0,
-                                  0,
-                                  0,
-                                  "new",
-                                  delta_results,
-                                  0,
-                                  -1,
-                                  0,  /* Lean. */
-                                  0); /* Delta fields. */
-          }
-        break;
-
-      case COMPARE_RESULTS_SAME:
-        if (same)
-          {
-            *would_use = 1;
-            if (*first_result)
-              {
-                g_debug ("   delta: skip");
-                (*first_result)--;
-                break;
-              }
-            *used = 1;
-            (*max_results)--;
-            if (buffer)
-              buffer_results_xml (buffer,
-                                  results,
-                                  task,
-                                  notes,
-                                  notes_details,
-                                  overrides,
-                                  overrides_details,
-                                  0,
-                                  0,
-                                  0,
-                                  "same",
-                                  delta_results,
-                                  0,
-                                  -1,
-                                  0,  /* Lean. */
-                                  0); /* Delta fields. */
-          }
-        break;
-
-      default:
-        return COMPARE_RESULTS_ERROR;
-    }
-
-  return state;
-}
-
 /**
  * @brief Write XML to a file or close stream and return.
  *
@@ -28868,114 +28261,6 @@ print_report_host_xml (FILE *stream,
   return 0;
 }
 
-/**
- * @brief Init delta iterators for print_report_xml.
- *
- * @param[in]  report         The report.
- * @param[in]  results        Report result iterator.
- * @param[in]  delta          Delta report.
- * @param[in]  delta_results  Delta report result iterator.
- * @param[in]  get            GET command data.
- * @param[in]  term           Filter term.
- * @param[out] sort_field     Sort field.
- *
- * @return 0 on success, -1 error.
- */
-static int
-init_delta_iterators (report_t report, iterator_t *results, report_t delta,
-                      iterator_t *delta_results, const get_data_t *get,
-                      const char *term, const char *sort_field)
-{
-  int res;
-  gchar *order;
-  get_data_t delta_get;
-
-  /*
-   * Order must be the same as in result_cmp, except for description
-   *  which isn't checked there.
-   */
-  if ((strcmp (sort_field, "name") == 0)
-      || (strcmp (sort_field, "vulnerability") == 0))
-    order = g_strdup (", host, port, severity, nvt, description");
-  else if (strcmp (sort_field, "host") == 0)
-    order = g_strdup (", port, severity, nvt, description");
-  else if ((strcmp (sort_field, "port") == 0)
-           || (strcmp (sort_field, "location") == 0))
-    order = g_strdup (", host, severity, nvt, description");
-  else if (strcmp (sort_field, "severity") == 0)
-    order = g_strdup (", host, port, nvt, description");
-  else if (strcmp (sort_field, "nvt") == 0)
-    order = g_strdup (", host, port, severity, description");
-  else
-    order = g_strdup (", host, port, severity, nvt, description");
-
-  delta_get = *get;
-  delta_get.filt_id = NULL;
-  delta_get.filter = g_strdup_printf ("rows=-1 first=1 sort=%s %s",
-                                      sort_field, term);
-  ignore_max_rows_per_page = 1;
-
-#if 0
-  /* For debugging. */
-
-  iterator_t results2;
-
-  res = init_result_get_iterator (results, &delta_get, report, NULL, order);
-  if (res)
-    return -1;
-
-  res = init_result_get_iterator (&results2, &delta_get, delta, NULL, order);
-  if (res)
-    return -1;
-
-  g_debug ("   delta: %s: REPORT 1:", __func__);
-  while (next (results))
-    g_debug ("   delta: %s: %s   %s   %s   %s   %.30s",
-            __func__,
-            result_iterator_nvt_name (results),
-            result_iterator_host (results),
-            result_iterator_type (results),
-            result_iterator_port (results),
-            result_iterator_descr (results));
-  cleanup_iterator (results);
-  g_debug ("   delta: %s: REPORT 1 END", __func__);
-
-  g_debug ("   delta: %s: REPORT 2:", __func__);
-  while (next (&results2))
-    g_debug ("   delta: %s: %s   %s   %s   %s   %.30s",
-            __func__,
-            result_iterator_nvt_name (&results2),
-            result_iterator_host (&results2),
-            result_iterator_type (&results2),
-            result_iterator_port (&results2),
-            result_iterator_descr (&results2));
-  cleanup_iterator (&results2);
-  g_debug ("   delta: %s: REPORT 2 END", __func__);
-#endif
-
-  res = init_result_get_iterator (results, &delta_get, report, NULL, order);
-  if (res)
-    {
-      ignore_max_rows_per_page = 0;
-      g_free (order);
-      return -1;
-    }
-
-  res = init_result_get_iterator (delta_results, &delta_get, delta, NULL, order);
-  if (res)
-    {
-      ignore_max_rows_per_page = 0;
-      g_free (order);
-      return -1;
-    }
-
-  g_free (delta_get.filter);
-  ignore_max_rows_per_page = 0;
-  g_free (order);
-
-  return 0;
-}
-
 /**
  * @brief Init v2 delta iterator for print_report_xml.
  *
@@ -29179,726 +28464,6 @@ init_v2_delta_iterator (report_t report, iterator_t *results, report_t delta,
   return ret;
 }
 
-/**
- * @brief Print delta results for print_report_xml.
- *
- * @param[in]  out            File stream to write to.
- * @param[in]  results        Report result iterator.
- * @param[in]  delta_results  Delta report result iterator.
- * @param[in]  delta_states   String describing delta states to include in count
- *                            (for example, "sngc" Same, New, Gone and Changed).
- *                            All levels if NULL.
- * @param[in]  first_result   First result.
- * @param[in]  max_results    Max results.
- * @param[in]  task           The task.
- * @param[in]  notes          Whether to include notes.
- * @param[in]  notes_details  Whether to include note details.
- * @param[in]  overrides          Whether to include overrides.
- * @param[in]  overrides_details  Whether to include override details.
- * @param[in]  sort_order         Sort order.
- * @param[in]  sort_field         Sort field.
- * @param[in]  result_hosts_only  Whether to only include hosts with results.
- * @param[in]  orig_filtered_result_count  Result count.
- * @param[in]  filtered_result_count       Result count.
- * @param[in]  orig_f_holes   Result count.
- * @param[in]  f_holes        Result count.
- * @param[in]  orig_f_infos   Result count.
- * @param[in]  f_infos        Result count.
- * @param[in]  orig_f_logs    Result count.
- * @param[in]  f_logs         Result count.
- * @param[in]  orig_f_warnings  Result count.
- * @param[in]  f_warnings       Result count.
- * @param[in]  orig_f_false_positives  Result count.
- * @param[in]  f_false_positives       Result count.
- * @param[in]  result_hosts   Result hosts.
- *
- * @return 0 on success, -1 error.
- */
-static int
-print_report_delta_xml (FILE *out, iterator_t *results,
-                        iterator_t *delta_results, const char *delta_states,
-                        int first_result, int max_results, task_t task,
-                        int notes, int notes_details, int overrides,
-                        int overrides_details, int sort_order,
-                        const char *sort_field, int result_hosts_only,
-                        int *orig_filtered_result_count,
-                        int *filtered_result_count,
-                        int *orig_f_holes, int *f_holes,
-                        int *orig_f_infos, int *f_infos,
-                        int *orig_f_logs, int *f_logs,
-                        int *orig_f_warnings, int *f_warnings,
-                        int *orig_f_false_positives, int *f_false_positives,
-                        array_t *result_hosts)
-{
-  gboolean done, delta_done;
-  int changed, gone, new, same;
-  /* A tree of host, tree pairs, where the inner tree is a sorted tree
-   * of port, threat pairs. */
-  GTree *ports;
-  gchar *msg;
-
-  *orig_f_holes = *f_holes;
-  *orig_f_infos = *f_infos;
-  *orig_f_logs = *f_logs;
-  *orig_f_warnings = *f_warnings;
-  *orig_f_false_positives = *f_false_positives;
-  *orig_filtered_result_count = *filtered_result_count;
-
-  changed = (strchr (delta_states, 'c') != NULL);
-  gone = (strchr (delta_states, 'g') != NULL);
-  new = (strchr (delta_states, 'n') != NULL);
-  same = (strchr (delta_states, 's') != NULL);
-
-  ports = g_tree_new_full ((GCompareDataFunc) strcmp, NULL, g_free,
-                           (GDestroyNotify) free_host_ports);
-
-  /* Compare the results in the two iterators, which are sorted. */
-
-  g_debug ("   delta: %s: start", __func__);
-  g_debug ("   delta: %s: sort_field: %s", __func__, sort_field);
-  g_debug ("   delta: %s: sort_order: %i", __func__, sort_order);
-  g_debug ("   delta: %s: max_results: %i", __func__, max_results);
-  done = !next (results);
-  delta_done = !next (delta_results);
-  while (1)
-    {
-      GString *buffer;
-      compare_results_t state;
-      int used, would_use;
-
-      if (max_results == 0)
-        break;
-
-      if (done)
-        {
-          if (delta_done)
-            break;
-          if (new)
-            /* Extra results in 'delta_results'. */
-            do
-              {
-                const char *level;
-
-                g_debug ("   delta: %s: extra from report 2: %s",
-                        __func__,
-                        result_iterator_nvt_oid (results));
-
-                if (first_result)
-                  {
-                    g_debug ("   delta: skip");
-                    first_result--;
-                    continue;
-                  }
-
-                /* Increase the result count. */
-                level = result_iterator_level (delta_results);
-                (*orig_filtered_result_count)++;
-                (*filtered_result_count)++;
-                if (strcmp (level, "High") == 0)
-                  {
-                    (*orig_f_holes)++;
-                    (*f_holes)++;
-                  }
-                else if (strcmp (level, "Medium") == 0)
-                  {
-                    (*orig_f_warnings)++;
-                    (*f_warnings)++;
-                  }
-                else if (strcmp (level, "Low") == 0)
-                  {
-                    (*orig_f_infos)++;
-                    (*f_infos)++;
-                  }
-                else if (strcmp (level, "Log") == 0)
-                  {
-                    (*orig_f_logs)++;
-                    (*f_logs)++;
-                  }
-                else if (strcmp (level, "False Positive") == 0)
-                  {
-                    (*orig_f_false_positives)++;
-                    (*f_false_positives)++;
-                  }
-
-                g_debug ("   delta: %s: extra from report 2: %s",
-                        __func__,
-                        result_iterator_nvt_oid (delta_results));
-                buffer = g_string_new ("");
-                buffer_results_xml (buffer,
-                                    delta_results,
-                                    task,
-                                    notes,
-                                    notes_details,
-                                    overrides,
-                                    overrides_details,
-                                    0,
-                                    0,
-                                    0,
-                                    "new",
-                                    NULL,
-                                    0,
-                                    -1,
-                                    0,  /* Lean. */
-                                    0); /* Delta fields. */
-                if (fprintf (out, "%s", buffer->str) < 0)
-                  return -1;
-                g_string_free (buffer, TRUE);
-                if (result_hosts_only)
-                  array_add_new_string (result_hosts,
-                                        result_iterator_host (delta_results));
-                add_port (ports, delta_results);
-                max_results--;
-                if (max_results == 0)
-                  break;
-              }
-            while (next (delta_results));
-          delta_done = TRUE;
-          break;
-        }
-
-      if (delta_done)
-        {
-          /* Extra results in 'results'. */
-          if (gone)
-            do
-              {
-                g_debug ("   delta: %s: extra from report 1: %s",
-                        __func__,
-                        result_iterator_nvt_oid (results));
-                if (first_result)
-                  {
-                    g_debug ("   delta: skip");
-                    first_result--;
-                    continue;
-                  }
-                buffer = g_string_new ("");
-                buffer_results_xml (buffer,
-                                    results,
-                                    task,
-                                    notes,
-                                    notes_details,
-                                    overrides,
-                                    overrides_details,
-                                    0,
-                                    0,
-                                    0,
-                                    "gone",
-                                    NULL,
-                                    0,
-                                    -1,
-                                    0,  /* Lean. */
-                                    0); /* Delta fields. */
-                if (fprintf (out, "%s", buffer->str) < 0)
-                  return -1;
-                g_string_free (buffer, TRUE);
-                if (result_hosts_only)
-                  array_add_new_string (result_hosts,
-                                        result_iterator_host (results));
-                add_port (ports, results);
-                max_results--;
-                if (max_results == 0)
-                  break;
-              }
-            while (next (results));
-          else
-            do
-              {
-                const char *level;
-
-                /* Decrease the result count. */
-                level = result_iterator_level (results);
-                (*orig_filtered_result_count)--;
-                (*filtered_result_count)--;
-                if (strcmp (level, "High") == 0)
-                  {
-                    (*orig_f_holes)--;
-                    (*f_holes)--;
-                  }
-                else if (strcmp (level, "Medium") == 0)
-                  {
-                    (*orig_f_warnings)--;
-                    (*f_warnings)--;
-                  }
-                else if (strcmp (level, "Low") == 0)
-                  {
-                    (*orig_f_infos)--;
-                    (*f_infos)--;
-                  }
-                else if (strcmp (level, "Log") == 0)
-                  {
-                    (*orig_f_logs)--;
-                    (*f_logs)--;
-                  }
-                else if (strcmp (level, "False Positive") == 0)
-                  {
-                    (*orig_f_false_positives)--;
-                    (*f_false_positives)--;
-                  }
-              }
-            while (next (results));
-          done = TRUE;
-          break;
-        }
-
-      /* Compare the two results. */
-
-      buffer = g_string_new ("");
-      state = compare_and_buffer_results (buffer,
-                                          results,
-                                          delta_results,
-                                          task,
-                                          notes,
-                                          notes_details,
-                                          overrides,
-                                          overrides_details,
-                                          sort_order,
-                                          sort_field,
-                                          changed,
-                                          gone,
-                                          new,
-                                          same,
-                                          &max_results,
-                                          &first_result,
-                                          &used,
-                                          &would_use);
-      if (state == COMPARE_RESULTS_ERROR)
-        {
-          g_warning ("%s: compare_and_buffer_results failed",
-                     __func__);
-          return -1;
-        }
-      if (fprintf (out, "%s", buffer->str) < 0)
-        return -1;
-      g_string_free (buffer, TRUE);
-
-      if ((used == 0)
-          && ((state == COMPARE_RESULTS_GONE)
-              || (state == COMPARE_RESULTS_SAME)
-              || (state == COMPARE_RESULTS_CHANGED)))
-        {
-          const char *level;
-
-          /* Decrease the result count. */
-          level = result_iterator_level (results);
-          (*filtered_result_count)--;
-          if (strcmp (level, "High") == 0)
-            {
-              (*f_holes)--;
-            }
-          else if (strcmp (level, "Medium") == 0)
-            {
-              (*f_warnings)--;
-            }
-          else if (strcmp (level, "Low") == 0)
-            {
-              (*f_infos)--;
-            }
-          else if (strcmp (level, "Log") == 0)
-            {
-              (*f_logs)--;
-            }
-          else if (strcmp (level, "False Positive") == 0)
-            {
-              (*f_false_positives)--;
-            }
-        }
-
-      if ((would_use == 0)
-          && ((state == COMPARE_RESULTS_GONE)
-              || (state == COMPARE_RESULTS_SAME)
-              || (state == COMPARE_RESULTS_CHANGED)))
-        {
-          const char *level;
-
-          /* Decrease the result count. */
-          level = result_iterator_level (results);
-          (*orig_filtered_result_count)--;
-          if (strcmp (level, "High") == 0)
-            {
-              (*orig_f_holes)--;
-            }
-          else if (strcmp (level, "Medium") == 0)
-            {
-              (*orig_f_warnings)--;
-            }
-          else if (strcmp (level, "Low") == 0)
-            {
-              (*orig_f_infos)--;
-            }
-          else if (strcmp (level, "Log") == 0)
-            {
-              (*orig_f_logs)--;
-            }
-          else if (strcmp (level, "False Positive") == 0)
-            {
-              (*orig_f_false_positives)--;
-            }
-        }
-
-      /* Move on to the next. */
-
-      if (state == COMPARE_RESULTS_GONE)
-        {
-          /* "Used" just the 'results' result. */
-          if (used)
-            {
-              if (result_hosts_only)
-                array_add_new_string (result_hosts,
-                                      result_iterator_host (results));
-              add_port (ports, results);
-            }
-          done = !next (results);
-        }
-      else if ((state == COMPARE_RESULTS_SAME)
-               || (state == COMPARE_RESULTS_CHANGED))
-        {
-          /* "Used" both results. */
-          if (used)
-            {
-              if (result_hosts_only)
-                array_add_new_string (result_hosts,
-                                      result_iterator_host (results));
-              add_port (ports, results);
-            }
-          done = !next (results);
-          delta_done = !next (delta_results);
-        }
-      else if (state == COMPARE_RESULTS_NEW)
-        {
-          if (would_use)
-            {
-              const char *level;
-
-              /* Would have "used" just the 'delta_results' result, on
-               * an earlier page. */
-
-              /* Increase the result count. */
-              level = result_iterator_level (delta_results);
-              (*orig_filtered_result_count)++;
-              if (strcmp (level, "High") == 0)
-                {
-                  (*orig_f_holes)++;
-                }
-              else if (strcmp (level, "Medium") == 0)
-                {
-                  (*orig_f_warnings)++;
-                }
-              else if (strcmp (level, "Low") == 0)
-                {
-                  (*orig_f_infos)++;
-                }
-              else if (strcmp (level, "Log") == 0)
-                {
-                  (*orig_f_logs)++;
-                }
-              else if (strcmp (level, "False Positive") == 0)
-                {
-                  (*orig_f_false_positives)++;
-                }
-            }
-
-          if (used)
-            {
-              const char *level;
-
-              /* "Used" just the 'delta_results' result. */
-
-              /* Increase the result count. */
-              level = result_iterator_level (delta_results);
-              (*filtered_result_count)++;
-              if (strcmp (level, "High") == 0)
-                {
-                  (*f_holes)++;
-                }
-              else if (strcmp (level, "Medium") == 0)
-                {
-                  (*f_warnings)++;
-                }
-              else if (strcmp (level, "Low") == 0)
-                {
-                  (*f_infos)++;
-                }
-              else if (strcmp (level, "Log") == 0)
-                {
-                  (*f_logs)++;
-                }
-              else if (strcmp (level, "False Positive") == 0)
-                {
-                  (*f_false_positives)++;
-                }
-
-              if (result_hosts_only)
-                array_add_new_string (result_hosts,
-                                      result_iterator_host
-                                       (delta_results));
-
-              add_port (ports, delta_results);
-            }
-          delta_done = !next (delta_results);
-        }
-      else
-        assert (0);
-    }
-
-  /* Compare remaining results, for the filtered report counts. */
-
-  g_debug ("   delta: %s: counting rest", __func__);
-  while (1)
-    {
-      compare_results_t state;
-      int used, would_use;
-
-      if (done)
-        {
-          if (delta_done)
-            break;
-          if (new)
-            /* Extra results in 'delta_results'. */
-            do
-              {
-                const char *level;
-
-                g_debug ("   delta: %s: extra from report 2: %s",
-                        __func__,
-                        result_iterator_nvt_oid (delta_results));
-
-                /* Increase the result count. */
-                level = result_iterator_level (delta_results);
-                (*orig_filtered_result_count)++;
-                if (strcmp (level, "High") == 0)
-                  {
-                    (*orig_f_holes)++;
-                  }
-                else if (strcmp (level, "Medium") == 0)
-                  {
-                    (*orig_f_warnings)++;
-                  }
-                else if (strcmp (level, "Low") == 0)
-                  {
-                    (*orig_f_infos)++;
-                  }
-                else if (strcmp (level, "Log") == 0)
-                  {
-                    (*orig_f_logs)++;
-                  }
-                else if (strcmp (level, "False Positive") == 0)
-                  {
-                    (*orig_f_false_positives)++;
-                  }
-              }
-            while (next (delta_results));
-          break;
-        }
-
-      if (delta_done)
-        {
-          /* Extra results in 'results'. */
-          if (gone)
-            do
-              {
-                g_debug ("   delta: %s: extra from report 1: %s",
-                        __func__,
-                        result_iterator_nvt_oid (results));
-
-                /* It's in the count already. */
-              }
-            while (next (results));
-          else
-            do
-              {
-                const char *level;
-
-                /* Decrease the result count. */
-                level = result_iterator_level (results);
-                (*orig_filtered_result_count)--;
-                if (strcmp (level, "High") == 0)
-                  {
-                    (*orig_f_holes)--;
-                  }
-                else if (strcmp (level, "Medium") == 0)
-                  {
-                    (*orig_f_warnings)--;
-                  }
-                else if (strcmp (level, "Low") == 0)
-                  {
-                    (*orig_f_infos)--;
-                  }
-                else if (strcmp (level, "Log") == 0)
-                  {
-                    (*orig_f_logs)--;
-                  }
-                else if (strcmp (level, "False Positive") == 0)
-                  {
-                    (*orig_f_false_positives)--;
-                  }
-              }
-            while (next (results));
-          break;
-        }
-
-      /* Compare the two results. */
-
-      state = compare_and_buffer_results (NULL,
-                                          results,
-                                          delta_results,
-                                          task,
-                                          notes,
-                                          notes_details,
-                                          overrides,
-                                          overrides_details,
-                                          sort_order,
-                                          sort_field,
-                                          changed,
-                                          gone,
-                                          new,
-                                          same,
-                                          &max_results,
-                                          &first_result,
-                                          &used,
-                                          &would_use);
-      if (state == COMPARE_RESULTS_ERROR)
-        {
-          g_warning ("%s: compare_and_buffer_results failed",
-                     __func__);
-          return -1;
-        }
-
-      if (state == COMPARE_RESULTS_NEW)
-        {
-          if (used)
-            {
-              const char *level;
-
-              /* "Used" just the 'delta_results' result. */
-
-              /* Increase the result count. */
-              level = result_iterator_level (delta_results);
-              (*orig_filtered_result_count)++;
-              if (strcmp (level, "High") == 0)
-                {
-                  (*orig_f_holes)++;
-                }
-              else if (strcmp (level, "Medium") == 0)
-                {
-                  (*orig_f_warnings)++;
-                }
-              else if (strcmp (level, "Low") == 0)
-                {
-                  (*orig_f_infos)++;
-                }
-              else if (strcmp (level, "Log") == 0)
-                {
-                  (*orig_f_logs)++;
-                }
-              else if (strcmp (level, "False Positive") == 0)
-                {
-                  (*orig_f_false_positives)++;
-                }
-            }
-        }
-      else if (used)
-        {
-          /* It's in the count already. */
-        }
-      else
-        {
-          const char *level;
-
-          /* Decrease the result count. */
-          level = result_iterator_level (results);
-          (*orig_filtered_result_count)--;
-          if (strcmp (level, "High") == 0)
-            {
-              (*orig_f_holes)--;
-            }
-          else if (strcmp (level, "Medium") == 0)
-            {
-              (*orig_f_warnings)--;
-            }
-          else if (strcmp (level, "Low") == 0)
-            {
-              (*orig_f_infos)--;
-            }
-          else if (strcmp (level, "Log") == 0)
-            {
-              (*orig_f_logs)--;
-            }
-          else if (strcmp (level, "False Positive") == 0)
-            {
-              (*orig_f_false_positives)--;
-            }
-        }
-
-      /* Move on to the next. */
-
-      if (state == COMPARE_RESULTS_GONE)
-        {
-          /* "Used" just the 'results' result. */
-          done = !next (results);
-        }
-      else if ((state == COMPARE_RESULTS_SAME)
-               || (state == COMPARE_RESULTS_CHANGED))
-        {
-          /* "Used" both results. */
-          done = !next (results);
-          delta_done = !next (delta_results);
-        }
-      else if (state == COMPARE_RESULTS_NEW)
-        {
-          /* "Used" just the 'delta_results' result. */
-          delta_done = !next (delta_results);
-        }
-      else
-        assert (0);
-    }
-  msg = g_markup_printf_escaped ("</results>");
-  if (fprintf (out, "%s", msg) < 0)
-    {
-      g_free (msg);
-      fclose (out);
-      return -1;
-    }
-  g_free (msg);
-
-  /* Write ports to file. */
-
-  msg = g_markup_printf_escaped ("<ports"
-                                 " start=\"%i\""
-                                 " max=\"%i\">",
-                                 /* Add 1 for 1 indexing. */
-                                 first_result + 1,
-                                 max_results);
-  if (fprintf (out, "%s", msg) < 0)
-    {
-      g_free (msg);
-      fclose (out);
-      return -1;
-    }
-  g_free (msg);
-  if (sort_field == NULL || strcmp (sort_field, "port"))
-    {
-      if (sort_order)
-        g_tree_foreach (ports, print_host_ports_by_severity_asc, out);
-      else
-        g_tree_foreach (ports, print_host_ports_by_severity_desc, out);
-    }
-  else if (sort_order)
-    g_tree_foreach (ports, print_host_ports, out);
-  else
-    g_tree_foreach (ports, print_host_ports_desc, out);
-  g_tree_destroy (ports);
-  msg = g_markup_printf_escaped ("</ports>");
-  if (fprintf (out, "%s", msg) < 0)
-    {
-      g_free (msg);
-      fclose (out);
-      return -1;
-    }
-  g_free (msg);
-
-  return 0;
-}
-
 /**
  * @brief Print v2 delta results for print_report_xml.
  *
@@ -29953,7 +28518,7 @@ print_v2_report_delta_xml (FILE *out, iterator_t *results,
                         int *orig_f_warnings, int *f_warnings,
                         int *orig_f_false_positives, int *f_false_positives,
                         int *f_compliance_yes, int *f_compliance_no,
-                        int *f_compliance_incomplete, 
+                        int *f_compliance_incomplete,
                         int *f_compliance_undefined, int *f_compliance_count,
                         array_t *result_hosts)
 {
@@ -30171,8 +28736,6 @@ print_report_xml_start (report_t report, report_t delta, task_t task,
   int f_compliance_incomplete, f_compliance_undefined;
   int f_compliance_count;
 
-  int delta_reports_version = 0;
-
   /* Init some vars to prevent warnings from older compilers. */
   max_results = -1;
   levels = NULL;
@@ -30264,11 +28827,6 @@ print_report_xml_start (report_t report, report_t delta, task_t task,
                                      &apply_overrides, &zone);
     }
 
-  if (delta) {
-    delta_reports_version = setting_delta_reports_version_int ();
-    g_debug ("%s: delta reports version %d", __func__, delta_reports_version);
-  }
-
   max_results = manage_max_rows (max_results);
 
   levels = levels ? levels : g_strdup ("hmlgdf");
@@ -30378,8 +28936,7 @@ print_report_xml_start (report_t report, report_t delta, task_t task,
              "</delta>");
     }
 
-  count_filtered = (delta == 0 && ignore_pagination && get->details)
-                   || (delta_reports_version == 2);
+  count_filtered = (delta || (ignore_pagination && get->details));
 
   if (report)
     {
@@ -30461,56 +29018,6 @@ print_report_xml_start (report_t report, report_t delta, task_t task,
   g_free (term);
   term = clean;
 
-  if (delta
-      && sort_field 
-      && (delta_reports_version == 1)
-      /* These are all checked in result_cmp. */
-      && strcmp (sort_field, "name")
-      && strcmp (sort_field, "vulnerability")
-      && strcmp (sort_field, "host")
-      && strcmp (sort_field, "port")
-      && strcmp (sort_field, "location")
-      && strcmp (sort_field, "severity")
-      && strcmp (sort_field, "nvt")
-      && strcmp (sort_field, "description")
-      && strcmp (sort_field, "type")
-      && strcmp (sort_field, "original_type"))
-    {
-      gchar *new_term;
-
-      if ((strcmp (sort_field, "task") == 0)
-          || (strcmp (sort_field, "task_id") == 0)
-          || (strcmp (sort_field, "report_id") == 0))
-        {
-          /* These don't affect delta report, so sort by vulnerability. */
-          g_free (sort_field);
-          sort_field = g_strdup ("vulnerability");
-        }
-      else
-        {
-          /* The remaining filterable fields for the result iterator, all of
-           * which may be used as a sort field.  These could be added to
-           * result_cmp.  For now sort by vulnerability. */
-#if 0
-          "uuid", "comment", "created", "modified", "_owner",
-          "cvss_base", "nvt_version", "original_severity", "date",
-          "solution_type", "qod", "qod_type", "cve", "hostname", "path"
-#endif
-          g_free (sort_field);
-          sort_field = g_strdup ("vulnerability");
-        }
-
-      /* Adjust "term" to match sort_field, because "term" will be used in the
-       * REPORT XML FILTERS (sent by buffer_get_filter_xml below). */
-      new_term = g_strdup_printf ("sort=%s %s",
-                                  sort_field,
-                                  term);
-      g_free (term);
-      term = new_term;
-      /* Similarly, the order will now be ascending. */
-      sort_order = 1;
-    }
-
   if (filter_term_return)
     *filter_term_return = g_strdup (term);
 
@@ -30873,27 +29380,12 @@ print_report_xml_start (report_t report, report_t delta, task_t task,
 
   if (delta && get->details)
     {
-      if (delta_reports_version == 1) 
+      if (init_v2_delta_iterator (report, &results, delta,
+                                  get, term, sort_field))
         {
-          if (init_delta_iterators (report, &results, delta, 
-                                    &delta_results, get, 
-                                    term, sort_field))
-            {
-              g_free (term);
-              g_hash_table_destroy (f_host_ports);
-              return -1;
-            }
           g_free (term);
-        } 
-      else 
-        {      
-          if (init_v2_delta_iterator (report, &results, delta,
-                                      get, term, sort_field))
-            {
-              g_free (term);
-              g_hash_table_destroy (f_host_ports);
-              return -1;
-            }
+          g_hash_table_destroy (f_host_ports);
+          return -1;
         }
     }
   else if (get->details)
@@ -30956,52 +29448,28 @@ print_report_xml_start (report_t report, report_t delta, task_t task,
 
   if (delta && get->details)
     {
-      if (delta_reports_version == 1) 
-        {
-          if (print_report_delta_xml (out, &results, &delta_results, 
-                                      delta_states,
-                                      ignore_pagination ? 0 : first_result,
-                                      ignore_pagination ? -1 : max_results,
-                                      task, notes,
-                                      notes_details, overrides, 
-                                      overrides_details, sort_order,
-                                      sort_field, result_hosts_only,
-                                      &orig_filtered_result_count,
-                                      &filtered_result_count,
-                                      &orig_f_holes, &f_holes,
-                                      &orig_f_infos, &f_infos,
-                                      &orig_f_logs, &f_logs,
-                                      &orig_f_warnings, &f_warnings,
-                                      &orig_f_false_positives, 
-                                      &f_false_positives,
-                                      result_hosts))
-          goto failed_delta_report;
-        } 
-      else 
-        {
-          if (print_v2_report_delta_xml (out, &results, delta_states,
-                                        ignore_pagination ? 0 : first_result,
-                                        ignore_pagination ? -1 : max_results,
-                                        task, notes,
-                                        notes_details, overrides, 
-                                        overrides_details, sort_order, 
-                                        sort_field, result_hosts_only,
-                                        &orig_filtered_result_count,
-                                        &filtered_result_count,
-                                        &orig_f_holes, &f_holes,
-                                        &orig_f_infos, &f_infos,
-                                        &orig_f_logs, &f_logs,
-                                        &orig_f_warnings, &f_warnings,
-                                        &orig_f_false_positives, 
-                                        &f_false_positives,
-                                        &f_compliance_yes,
-                                        &f_compliance_no,
-                                        &f_compliance_incomplete,
-                                        &f_compliance_undefined,
-                                        &f_compliance_count,
-                                        result_hosts))
-            goto failed_delta_report;
-        }
+      if (print_v2_report_delta_xml (out, &results, delta_states,
+                                    ignore_pagination ? 0 : first_result,
+                                    ignore_pagination ? -1 : max_results,
+                                    task, notes,
+                                    notes_details, overrides,
+                                    overrides_details, sort_order,
+                                    sort_field, result_hosts_only,
+                                    &orig_filtered_result_count,
+                                    &filtered_result_count,
+                                    &orig_f_holes, &f_holes,
+                                    &orig_f_infos, &f_infos,
+                                    &orig_f_logs, &f_logs,
+                                    &orig_f_warnings, &f_warnings,
+                                    &orig_f_false_positives,
+                                    &f_false_positives,
+                                    &f_compliance_yes,
+                                    &f_compliance_no,
+                                    &f_compliance_incomplete,
+                                    &f_compliance_undefined,
+                                    &f_compliance_count,
+                                    result_hosts))
+        goto failed_delta_report;
     }
   else if (get->details)
     {
@@ -31142,8 +29610,6 @@ print_report_xml_start (report_t report, report_t delta, task_t task,
     }
   if (get->details)
     cleanup_iterator (&results);
-  if (delta && get->details && delta_reports_version == 1)
-    cleanup_iterator (&delta_results);
 
   /* Print result counts and severity. */
 
@@ -31293,12 +29759,6 @@ print_report_xml_start (report_t report, report_t delta, task_t task,
           iterator_t hosts;
           init_report_host_iterator (&hosts, report, result_host, 0);
           present = next (&hosts);
-          if (delta && (present == FALSE) && delta_reports_version == 1)
-            {
-              cleanup_iterator (&hosts);
-              init_report_host_iterator (&hosts, delta, result_host, 0);
-              present = next (&hosts);
-            }
           if (present)
             {
                 if (print_report_host_xml (out,
@@ -53190,21 +51650,6 @@ setting_auto_cache_rebuild_int ()
                   current_credentials.uuid);
 }
 
-/**
- * @brief Return user setting as int.
- *
- * @return User setting.
- */
-static int
-setting_delta_reports_version_int ()
-{
-  int version;
-
-  setting_value_int (SETTING_UUID_DELTA_REPORTS_VERSION, &version);
-
-  return version;
-}
-
 /**
  * @brief Initialise a setting iterator, including observed settings.
  *
@@ -54108,8 +52553,6 @@ setting_name (const gchar *uuid)
     return "Feed Import Owner";
   if (strcmp (uuid, SETTING_UUID_FEED_IMPORT_ROLES) == 0)
     return "Feed Import Roles";
-  if (strcmp (uuid, SETTING_UUID_DELTA_REPORTS_VERSION) == 0)
-    return "Delta Reports Version";
   if (strcmp (uuid, SETTING_UUID_SECINFO_SQL_BUFFER_THRESHOLD) == 0)
     return "SecInfo SQL Buffer Threshold";
 
@@ -54149,8 +52592,6 @@ setting_description (const gchar *uuid)
     return "User who is given ownership of new resources from feed.";
   if (strcmp (uuid, SETTING_UUID_FEED_IMPORT_ROLES) == 0)
     return "Roles given access to new resources from feed.";
-  if (strcmp (uuid, SETTING_UUID_DELTA_REPORTS_VERSION) == 0)
-    return "Version of the generation of the Delta Reports.";
   if (strcmp (uuid, SETTING_UUID_SECINFO_SQL_BUFFER_THRESHOLD) == 0)
     return "Buffer size threshold in MiB for running buffered SQL statements"
            " in SecInfo updates before the end of the file being processed.";
@@ -54241,12 +52682,6 @@ setting_verify (const gchar *uuid, const gchar *value, const gchar *user)
       g_strfreev (split);
     }
 
-  if (strcmp (uuid, SETTING_UUID_DELTA_REPORTS_VERSION) == 0)
-    {
-      if (strcmp(value, "1") != 0 && strcmp(value, "2") != 0)
-        return 1;
-    }
-
   if (strcmp (uuid, SETTING_UUID_SECINFO_SQL_BUFFER_THRESHOLD) == 0)
     {
       int threshold;
@@ -54349,7 +52784,6 @@ manage_modify_setting (GSList *log_config, const db_conn_info_t *database,
       && strcmp (uuid, SETTING_UUID_LSC_DEB_MAINTAINER)
       && strcmp (uuid, SETTING_UUID_FEED_IMPORT_OWNER)
       && strcmp (uuid, SETTING_UUID_FEED_IMPORT_ROLES)
-      && strcmp (uuid, SETTING_UUID_DELTA_REPORTS_VERSION)
       && strcmp (uuid, SETTING_UUID_SECINFO_SQL_BUFFER_THRESHOLD))
     {
       fprintf (stderr, "Error in setting UUID.\n");
@@ -54377,7 +52811,6 @@ manage_modify_setting (GSList *log_config, const db_conn_info_t *database,
       if ((strcmp (uuid, SETTING_UUID_DEFAULT_CA_CERT) == 0)
           || (strcmp (uuid, SETTING_UUID_FEED_IMPORT_OWNER) == 0)
           || (strcmp (uuid, SETTING_UUID_FEED_IMPORT_ROLES) == 0)
-          || (strcmp (uuid, SETTING_UUID_DELTA_REPORTS_VERSION) == 0)
           || (strcmp (uuid, SETTING_UUID_SECINFO_SQL_BUFFER_THRESHOLD) == 0))
         {
           sql_rollback ();
diff --git a/src/manage_sql.h b/src/manage_sql.h
index b9db9cb99..c98e15adc 100644
--- a/src/manage_sql.h
+++ b/src/manage_sql.h
@@ -137,11 +137,6 @@
  */
 #define SETTING_UUID_FEED_IMPORT_ROLES "ff000362-338f-11ea-9051-28d24461215b"
 
-/**
- * @brief UUID of 'Delta Reports Version' setting.
- */
-#define SETTING_UUID_DELTA_REPORTS_VERSION "985a0c05-2140-4e66-9989-ce9a0906a5a9"
-
 /**
  * @brief UUID of 'SecInfo SQL Buffer Threshold' setting.
  */
diff --git a/src/manage_sql_tests.c b/src/manage_sql_tests.c
index d6b5e4e1a..a547b983c 100644
--- a/src/manage_sql_tests.c
+++ b/src/manage_sql_tests.c
@@ -61,104 +61,6 @@ Ensure (manage_sql, validate_results_port_validates)
   FAIL ("udp");
 }
 
-#define CMP(one, two, ret) assert_that (streq_ignore_ws (one, two), is_equal_to (ret))
-
-#define EQ2(one, two) CMP(one, two, 1); CMP(two, one, 1)
-#define EQ(string) CMP(string, string, 1)
-
-Ensure (manage_sql, streq_ignore_ws_finds_equal)
-{
-  EQ ("abc");
-  EQ (" abc");
-  EQ ("abc ");
-  EQ ("ab c");
-  EQ ("");
-  EQ (".");
-  EQ (" abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+-=_)(*&^%$#@!~\"':}{<>?");
-  EQ ("three little words");
-}
-
-Ensure (manage_sql, streq_ignore_ws_finds_equal_despite_ws)
-{
-  EQ2 ("abc", " abc");
-  EQ2 ("abc", "abc ");
-  EQ2 ("abc", "ab c");
-  EQ2 ("abc", " a b    c ");
-
-  EQ2 ("abc", "\nabc");
-  EQ2 ("abc", "abc\n");
-  EQ2 ("abc", "ab\nc");
-  EQ2 ("abc", "\na\nb\n\n\n\nc\n");
-
-  EQ2 ("abc", "\tabc");
-  EQ2 ("abc", "abc\t");
-  EQ2 ("abc", "ab\tc");
-  EQ2 ("abc", "\ta\tb\t\t\t\tc\t");
-
-  EQ2 ("abcd", "\ta\nb \t\nc  \t\t\n\nd\t\n ");
-
-  EQ2 ("", " ");
-  EQ2 ("", "\t");
-  EQ2 ("", "\n");
-  EQ2 ("", "  ");
-  EQ2 ("", "\t\t");
-  EQ2 ("", "\n\n");
-  EQ2 ("", " \n\t  \n\n\t\t");
-
-  EQ2 (" \n\t  \n\n\t\t", " \n\t  \n\n\t\t");
-}
-
-#define DIFF(one, two) CMP(one, two, 0); CMP(two, one, 0)
-
-Ensure (manage_sql, streq_ignore_ws_finds_diff)
-{
-  DIFF ("abc", "abcd");
-  DIFF ("abc", "dabc");
-  DIFF ("abc", "abdc");
-  DIFF ("abc", "xyz");
-  DIFF ("abc", "");
-  DIFF ("abc", ".");
-  DIFF ("abc", "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+-=_)(*&^%$#@!~\"':}{<>?");
-}
-
-Ensure (manage_sql, streq_ignore_ws_finds_diff_incl_ws)
-{
-  DIFF ("zabc", " abc");
-  DIFF ("zabc", "abc ");
-  DIFF ("zabc", "ab c");
-  DIFF ("zabc", " a b    c ");
-
-  DIFF ("zabc", "\nabc");
-  DIFF ("zabc", "abc\n");
-  DIFF ("zabc", "ab\nc");
-  DIFF ("zabc", "\na\nb\n\n\n\nc\n");
-
-  DIFF ("zabc", "\tabc");
-  DIFF ("zabc", "abc\t");
-  DIFF ("zabc", "ab\tc");
-  DIFF ("zabc", "\ta\tb\t\t\t\tc\t");
-
-  DIFF ("zabcd", "\ta\nb \t\nc  \t\t\n\nd\t\n ");
-
-  DIFF ("a", " ");
-  DIFF ("a", "\t");
-  DIFF ("a", "\n");
-  DIFF ("a", "  ");
-  DIFF ("a", "\t\t");
-  DIFF ("a", "\n\n");
-  DIFF ("a", " \n\t  \n\n\t\t");
-
-  DIFF ("a \n\t  \n\n\t\t", " \n\t  \n\n\t\t");
-  DIFF (" \n\t  \na\n\t\t", " \n\t  \n\n\t\t");
-  DIFF (" \n\t  \n\n\t\ta", " \n\t  \n\n\t\t");
-}
-
-Ensure (manage_sql, streq_ignore_ws_handles_null)
-{
-  EQ (NULL);
-  DIFF ("abc", NULL);
-}
-
 /* Test suite. */
 
 int
@@ -170,12 +72,6 @@ main (int argc, char **argv)
 
   add_test_with_context (suite, manage_sql, validate_results_port_validates);
 
-  add_test_with_context (suite, manage_sql, streq_ignore_ws_finds_equal);
-  add_test_with_context (suite, manage_sql, streq_ignore_ws_finds_equal_despite_ws);
-  add_test_with_context (suite, manage_sql, streq_ignore_ws_finds_diff);
-  add_test_with_context (suite, manage_sql, streq_ignore_ws_finds_diff_incl_ws);
-  add_test_with_context (suite, manage_sql, streq_ignore_ws_handles_null);
-
   if (argc > 1)
     return run_single_test (suite, argv[1], create_text_reporter ());
 

From 93b3c8f7a68f66cf56cb2dfecea4c6a7d48e62ce Mon Sep 17 00:00:00 2001
From: Ahmed Abdelsalam <ahmed.abdelsalam@greenbone.net>
Date: Thu, 7 Nov 2024 11:40:07 +0100
Subject: [PATCH 118/134] Rename functions with v2 delta in their name to delta

---
 src/manage_sql.c | 56 ++++++++++++++++++++++++------------------------
 1 file changed, 28 insertions(+), 28 deletions(-)

diff --git a/src/manage_sql.c b/src/manage_sql.c
index a70d9068f..2a9482e74 100644
--- a/src/manage_sql.c
+++ b/src/manage_sql.c
@@ -28262,7 +28262,7 @@ print_report_host_xml (FILE *stream,
 }
 
 /**
- * @brief Init v2 delta iterator for print_report_xml.
+ * @brief Init delta iterator for print_report_xml.
  *
  * @param[in]  report         The report.
  * @param[in]  results        Report result iterator.
@@ -28274,9 +28274,9 @@ print_report_host_xml (FILE *stream,
  * @return 0 on success, -1 error.
  */
 static int
-init_v2_delta_iterator (report_t report, iterator_t *results, report_t delta, 
-                      const get_data_t *get, const char *term,
-                      const char *sort_field)
+init_delta_iterator (report_t report, iterator_t *results, report_t delta,
+                     const get_data_t *get, const char *term,
+                     const char *sort_field)
 {
   int ret;
   static const char *filter_columns[] = RESULT_ITERATOR_FILTER_COLUMNS;
@@ -28465,7 +28465,7 @@ init_v2_delta_iterator (report_t report, iterator_t *results, report_t delta,
 }
 
 /**
- * @brief Print v2 delta results for print_report_xml.
+ * @brief Print delta results for print_report_xml.
  *
  * @param[in]  out            File stream to write to.
  * @param[in]  results        Report result iterator.
@@ -28504,7 +28504,7 @@ init_v2_delta_iterator (report_t report, iterator_t *results, report_t delta,
  * @return 0 on success, -1 error.
  */
 static int
-print_v2_report_delta_xml (FILE *out, iterator_t *results,
+print_report_delta_xml (FILE *out, iterator_t *results,
                         const char *delta_states,
                         int first_result, int max_results, task_t task,
                         int notes, int notes_details, int overrides,
@@ -29380,7 +29380,7 @@ print_report_xml_start (report_t report, report_t delta, task_t task,
 
   if (delta && get->details)
     {
-      if (init_v2_delta_iterator (report, &results, delta,
+      if (init_delta_iterator (report, &results, delta,
                                   get, term, sort_field))
         {
           g_free (term);
@@ -29448,27 +29448,27 @@ print_report_xml_start (report_t report, report_t delta, task_t task,
 
   if (delta && get->details)
     {
-      if (print_v2_report_delta_xml (out, &results, delta_states,
-                                    ignore_pagination ? 0 : first_result,
-                                    ignore_pagination ? -1 : max_results,
-                                    task, notes,
-                                    notes_details, overrides,
-                                    overrides_details, sort_order,
-                                    sort_field, result_hosts_only,
-                                    &orig_filtered_result_count,
-                                    &filtered_result_count,
-                                    &orig_f_holes, &f_holes,
-                                    &orig_f_infos, &f_infos,
-                                    &orig_f_logs, &f_logs,
-                                    &orig_f_warnings, &f_warnings,
-                                    &orig_f_false_positives,
-                                    &f_false_positives,
-                                    &f_compliance_yes,
-                                    &f_compliance_no,
-                                    &f_compliance_incomplete,
-                                    &f_compliance_undefined,
-                                    &f_compliance_count,
-                                    result_hosts))
+      if (print_report_delta_xml (out, &results, delta_states,
+                                  ignore_pagination ? 0 : first_result,
+                                  ignore_pagination ? -1 : max_results,
+                                  task, notes,
+                                  notes_details, overrides,
+                                  overrides_details, sort_order,
+                                  sort_field, result_hosts_only,
+                                  &orig_filtered_result_count,
+                                  &filtered_result_count,
+                                  &orig_f_holes, &f_holes,
+                                  &orig_f_infos, &f_infos,
+                                  &orig_f_logs, &f_logs,
+                                  &orig_f_warnings, &f_warnings,
+                                  &orig_f_false_positives,
+                                  &f_false_positives,
+                                  &f_compliance_yes,
+                                  &f_compliance_no,
+                                  &f_compliance_incomplete,
+                                  &f_compliance_undefined,
+                                  &f_compliance_count,
+                                  result_hosts))
         goto failed_delta_report;
     }
   else if (get->details)

From d22536008eb33e9f7b0a8a09209cfbf313c278f2 Mon Sep 17 00:00:00 2001
From: Johannes Helmold <johannes.helmold@greenbone.net>
Date: Thu, 7 Nov 2024 16:23:10 +0100
Subject: [PATCH 119/134] Add: The table scap.affected_products is filled for
 the new JSON feed.

This commit contains the filling of the table scap.affected_products
and a small bug-fix for the CVE scan.
---
 src/manage_sql.c         |  2 +-
 src/manage_sql_secinfo.c | 34 ++++++++++++++++++++++++++++++++++
 2 files changed, 35 insertions(+), 1 deletion(-)

diff --git a/src/manage_sql.c b/src/manage_sql.c
index be266c79a..613775b10 100644
--- a/src/manage_sql.c
+++ b/src/manage_sql.c
@@ -20511,7 +20511,7 @@ init_cpe_match_nodes_iterator (iterator_t* iterator, const char *criteria)
                  " JOIN scap.cpe_nodes_match_criteria c"
                  " ON n.id = c.node_id"
                  " JOIN scap.cpe_match_strings r"
-                 " ON c.match_criteria = r.match_criteria_id"
+                 " ON c.match_criteria_id = r.match_criteria_id"
                  " WHERE criteria like '%s%%';",
                  quoted_criteria);
   g_free (quoted_criteria);
diff --git a/src/manage_sql_secinfo.c b/src/manage_sql_secinfo.c
index 4e6d3d6fc..ed4903771 100644
--- a/src/manage_sql_secinfo.c
+++ b/src/manage_sql_secinfo.c
@@ -4043,6 +4043,31 @@ update_scap_cves ()
   return 0;
 }
 
+/**
+ * @brief Update SCAP affected products.
+ *
+ * Assume that the databases are attached.
+ *
+ * @return 0 success, -1 error.
+ */
+static int
+update_scap_affected_products ()
+{
+  g_info ("Updating affected products");
+
+  sql ("INSERT INTO scap2.affected_products"
+       "  SELECT DISTINCT scap2.cpe_match_nodes.cve_id, scap2.cpes.id"
+       "    FROM scap2.cpe_match_nodes, scap2.cpe_nodes_match_criteria,"
+       "         scap2.cpe_matches, scap2.cpes"
+       "    WHERE scap2.cpe_match_nodes.id = scap2.cpe_nodes_match_criteria.node_id"
+       "      AND scap2.cpe_nodes_match_criteria.vulnerable = 1"
+       "      AND scap2.cpe_nodes_match_criteria.match_criteria_id ="
+       "            scap2.cpe_matches.match_criteria_id"
+       "      AND scap2.cpe_matches.cpe_name_id = scap2.cpes.cpe_name_id;");
+
+  return 0;
+}
+
 /**
  * @brief Insert a SCAP CPE match string from JSON.
  *
@@ -5606,6 +5631,15 @@ update_scap (gboolean reset_scap_db)
       return -1;
     }
 
+  g_debug ("%s: update affected_products", __func__);
+  setproctitle ("Syncing SCAP: Updating affected products");
+
+  if (update_scap_affected_products () == -1)
+    {
+      abort_scap_update ();
+      return -1;
+    }
+
   g_debug ("%s: updating user defined data", __func__);
 
   g_debug ("%s: update epss", __func__);

From b3ff0ab4d139f99cf8905d3bbaf4089661d1c2dd Mon Sep 17 00:00:00 2001
From: Johannes Helmold <johannes.helmold@greenbone.net>
Date: Mon, 11 Nov 2024 10:03:19 +0100
Subject: [PATCH 120/134] Small amendment.

---
 src/manage_sql_secinfo.c | 12 ++----------
 1 file changed, 2 insertions(+), 10 deletions(-)

diff --git a/src/manage_sql_secinfo.c b/src/manage_sql_secinfo.c
index ed4903771..fead001e6 100644
--- a/src/manage_sql_secinfo.c
+++ b/src/manage_sql_secinfo.c
@@ -4047,10 +4047,8 @@ update_scap_cves ()
  * @brief Update SCAP affected products.
  *
  * Assume that the databases are attached.
- *
- * @return 0 success, -1 error.
  */
-static int
+static void
 update_scap_affected_products ()
 {
   g_info ("Updating affected products");
@@ -4064,8 +4062,6 @@ update_scap_affected_products ()
        "      AND scap2.cpe_nodes_match_criteria.match_criteria_id ="
        "            scap2.cpe_matches.match_criteria_id"
        "      AND scap2.cpe_matches.cpe_name_id = scap2.cpes.cpe_name_id;");
-
-  return 0;
 }
 
 /**
@@ -5634,11 +5630,7 @@ update_scap (gboolean reset_scap_db)
   g_debug ("%s: update affected_products", __func__);
   setproctitle ("Syncing SCAP: Updating affected products");
 
-  if (update_scap_affected_products () == -1)
-    {
-      abort_scap_update ();
-      return -1;
-    }
+  update_scap_affected_products ();
 
   g_debug ("%s: updating user defined data", __func__);
 

From 7cb34b7d3b36f68f3164f20988a6aa5ffc4801f6 Mon Sep 17 00:00:00 2001
From: Ahmed Abdelsalam <ahmed.abdelsalam@greenbone.net>
Date: Fri, 8 Nov 2024 15:18:40 +0100
Subject: [PATCH 121/134] Fix: Remove the insertion of unused deprecated-by-id
 from XML CPE feed files

---
 src/manage_sql_secinfo.c | 21 ++-------------------
 1 file changed, 2 insertions(+), 19 deletions(-)

diff --git a/src/manage_sql_secinfo.c b/src/manage_sql_secinfo.c
index fead001e6..70b819944 100644
--- a/src/manage_sql_secinfo.c
+++ b/src/manage_sql_secinfo.c
@@ -2081,7 +2081,7 @@ static int
 insert_scap_cpe (inserts_t *inserts, element_t cpe_item, element_t item_metadata,
                  int modification_time)
 {
-  gchar *name, *status, *deprecated, *nvd_id;
+  gchar *name, *status, *nvd_id;
   gchar *quoted_name, *quoted_title, *quoted_status, *quoted_nvd_id;
   element_t title;
   int first;
@@ -2103,27 +2103,12 @@ insert_scap_cpe (inserts_t *inserts, element_t cpe_item, element_t item_metadata
       return -1;
     }
 
-  deprecated = element_attribute (item_metadata,
-                                 "deprecated-by-nvd-id");
-  if (deprecated
-      && (g_regex_match_simple ("^[0-9]+$", (gchar *) deprecated, 0, 0)
-          == 0))
-    {
-      g_warning ("%s: invalid deprecated-by-nvd-id: %s",
-                 __func__,
-                 deprecated);
-      g_free (name);
-      g_free (status);
-      return -1;
-    }
-
   nvd_id = element_attribute (item_metadata, "nvd-id");
   if (nvd_id == NULL)
     {
       g_warning ("%s: nvd_id missing", __func__);
       g_free (name);
       g_free (status);
-      g_free (deprecated);
       return -1;
     }
 
@@ -2163,7 +2148,7 @@ insert_scap_cpe (inserts_t *inserts, element_t cpe_item, element_t item_metadata
   first = inserts_check_size (inserts);
 
   g_string_append_printf (inserts->statement,
-                          "%s ('%s', '%s', '%s', %i, %i, '%s', %s, '%s')",
+                          "%s ('%s', '%s', '%s', %i, %i, '%s', '%s')",
                           first ? "" : ",",
                           quoted_name,
                           quoted_name,
@@ -2171,7 +2156,6 @@ insert_scap_cpe (inserts_t *inserts, element_t cpe_item, element_t item_metadata
                           modification_time,
                           modification_time,
                           quoted_status,
-                          deprecated ? deprecated : "NULL",
                           quoted_nvd_id);
 
   inserts->current_chunk_size++;
@@ -2180,7 +2164,6 @@ insert_scap_cpe (inserts_t *inserts, element_t cpe_item, element_t item_metadata
   g_free (quoted_name);
   g_free (quoted_status);
   g_free (quoted_nvd_id);
-  g_free (deprecated);
 
   return 0;
 }

From 2ed6a1b7844c45c7dc3cab126994f5b4766d4bb7 Mon Sep 17 00:00:00 2001
From: Ahmed Abdelsalam <ahmed.abdelsalam@greenbone.net>
Date: Mon, 11 Nov 2024 16:53:44 +0100
Subject: [PATCH 122/134] Change: Insert CVEs products from CPE matches table

---
 src/manage_sql_secinfo.c | 22 +++++++++++++++++++++-
 1 file changed, 21 insertions(+), 1 deletion(-)

diff --git a/src/manage_sql_secinfo.c b/src/manage_sql_secinfo.c
index 70b819944..cf13bf215 100644
--- a/src/manage_sql_secinfo.c
+++ b/src/manage_sql_secinfo.c
@@ -3406,6 +3406,7 @@ handle_cve_configurations (resource_t cve_db_id, char * cve_id,
                            cJSON* configurations_json)
 {
   cJSON *configuration_item;
+  GString *software = g_string_new ("");
 
   cJSON_ArrayForEach (configuration_item, configurations_json)
     {
@@ -3495,11 +3496,30 @@ handle_cve_configurations (resource_t cve_db_id, char * cve_id,
                   id,
                   vulnerable ? 1 : 0,
                   quoted_match_criteria_id);
-              
+
+              if (vulnerable)
+                {
+                  iterator_t cpe_matches;
+                  init_cpe_match_string_matches_iterator (&cpe_matches, quoted_match_criteria_id);
+                  while (next (&cpe_matches))
+                    g_string_append_printf (software, "%s ", cpe_matches_cpe_name (&cpe_matches));
+                  cleanup_iterator (&cpe_matches);
+                }
               g_free (quoted_match_criteria_id);          
             }
         }
     }
+    if (software->len > 0)
+      {
+        gchar *quoted_software = sql_quote (software->str);
+        sql ("UPDATE scap2.cves"
+             " SET products = '%s'"
+             " WHERE id = %llu;",
+             quoted_software, cve_db_id);
+        g_free (quoted_software);
+      }
+    g_string_free (software, TRUE);
+
  return 0;
 }
 

From 53f503efe9e12176e74d16e78534095e24b2ebd5 Mon Sep 17 00:00:00 2001
From: Matt Mundell <matt@mundell.me>
Date: Wed, 13 Nov 2024 23:42:57 +0200
Subject: [PATCH 123/134] Flush trailing whitespace

---
 src/gmp.c                         | 116 +++++++++++-----------
 src/gmp_report_configs.c          |  10 +-
 src/gvmd.c                        |   2 +-
 src/manage.c                      |  16 +--
 src/manage.h                      |   6 +-
 src/manage_configs.c              |   2 +-
 src/manage_pg.c                   |  16 +--
 src/manage_port_lists.c           |   2 +-
 src/manage_report_configs.c       |   2 +-
 src/manage_report_formats.c       |   2 +-
 src/manage_sql.c                  | 156 +++++++++++++++---------------
 src/manage_sql_report_configs.c   |  10 +-
 src/manage_sql_report_formats.c   |   6 +-
 src/manage_sql_secinfo.c          |  40 ++++----
 src/manage_sql_tls_certificates.c |   4 +-
 src/sql_pg.c                      |   6 +-
 src/utils.c                       |   4 +-
 src/utils_tests.c                 |  16 +--
 18 files changed, 208 insertions(+), 208 deletions(-)

diff --git a/src/gmp.c b/src/gmp.c
index 5fb9ec15b..2084b8a6a 100644
--- a/src/gmp.c
+++ b/src/gmp.c
@@ -5513,7 +5513,7 @@ gmp_xml_handle_start_element (/* unused */ GMarkupParseContext* context,
 
             append_attribute (attribute_names, attribute_values, "config_id",
                               &get_reports_data->config_id);
-            
+
             append_attribute (attribute_names, attribute_values, "format_id",
                               &get_reports_data->format_id);
 
@@ -5604,7 +5604,7 @@ gmp_xml_handle_start_element (/* unused */ GMarkupParseContext* context,
                                 "type", &typebuf))
               get_resource_names_data->type = g_ascii_strdown (typebuf, -1);
             set_client_state (CLIENT_GET_RESOURCE_NAMES);
-          }             
+          }
         else if (strcasecmp ("GET_RESULTS", element_name) == 0)
           {
             const gchar* attribute;
@@ -8451,7 +8451,7 @@ buffer_override_xml (GString *buffer, iterator_t *overrides,
       buffer_xml_append_printf (buffer,
                                 "<creation_time>%s</creation_time>",
                                 iso_if_time (get_iterator_creation_time (overrides)));
-                                    
+
       buffer_xml_append_printf (buffer,
                                 "<modification_time>%s</modification_time>",
                                 iso_if_time (get_iterator_modification_time (overrides)));
@@ -9353,9 +9353,9 @@ results_xml_append_nvt (iterator_t *results, GString *buffer, int cert_loaded)
  *
  */
 void
-buffer_diff(GString *buffer, const char *descr, const char *delta_descr) 
+buffer_diff(GString *buffer, const char *descr, const char *delta_descr)
 {
-  
+
   gchar *diff = strdiff (descr ? descr : "",
                   delta_descr ? delta_descr : "");
   if (diff)
@@ -9428,7 +9428,7 @@ buffer_results_xml (GString *buffer, iterator_t *results, task_t task,
   report_t report;
   task_t selected_task;
   time_t creation_time;
-  
+
   comment = get_iterator_comment (results);
   name = get_iterator_name (results);
   host = result_iterator_host (results);
@@ -9503,7 +9503,7 @@ buffer_results_xml (GString *buffer, iterator_t *results, task_t task,
     {
       const char *owner_name;
       time_t modification_time;
-     
+
       if (use_delta_fields)
         {
           owner_name = result_iterator_delta_owner_name (results);
@@ -9545,7 +9545,7 @@ buffer_results_xml (GString *buffer, iterator_t *results, task_t task,
         {
           if (task == 0)
             selected_task = result_iterator_delta_task (results);
-          
+
           result_task_name = task_name(result_iterator_delta_task (results));
           result_report_id = report_uuid(result_iterator_delta_report (results));
         }
@@ -9553,7 +9553,7 @@ buffer_results_xml (GString *buffer, iterator_t *results, task_t task,
         {
           if (task == 0)
             selected_task = result_iterator_task (results);
-          
+
           result_task_name = task_name (result_iterator_task (results));
           result_report_id = report_uuid (result_iterator_report (results));
         }
@@ -9674,14 +9674,14 @@ buffer_results_xml (GString *buffer, iterator_t *results, task_t task,
       const char *nvt_version, *level;
       if (use_delta_fields)
         {
-          nvt_version = result_iterator_delta_nvt_version (results); 
+          nvt_version = result_iterator_delta_nvt_version (results);
           level = result_iterator_delta_level (results);
-        } 
+        }
       else
         {
           nvt_version = result_iterator_scan_nvt_version (results);
           level = result_iterator_level (results);
-        }     
+        }
       buffer_xml_append_printf
       (buffer,
         "<scan_nvt_version>%s</scan_nvt_version>"
@@ -9712,7 +9712,7 @@ buffer_results_xml (GString *buffer, iterator_t *results, task_t task,
     {
       /* Only send the original severity if it has changed. */
       if (strncmp (original_severity,
-                    severity,          
+                    severity,
                     /* Avoid rounding differences. */
                     3))
         buffer_xml_append_printf (buffer,
@@ -9749,7 +9749,7 @@ buffer_results_xml (GString *buffer, iterator_t *results, task_t task,
       if (delta_state)
         g_string_append_printf (buffer, "%s", delta_state);
 
-      if(delta_results) { 
+      if(delta_results) {
         /* delta reports version 1 */
         if (changed)
           {
@@ -9768,8 +9768,8 @@ buffer_results_xml (GString *buffer, iterator_t *results, task_t task,
             g_free (delta_nl_descr);
           }
       } else {
-        /* delta reports version 2 */        
-        if (changed) 
+        /* delta reports version 2 */
+        if (changed)
           {
             gchar *delta_nl_descr;
             const char *delta_descr;
@@ -9812,8 +9812,8 @@ buffer_results_xml (GString *buffer, iterator_t *results, task_t task,
       g_free (nl_descr_escaped);
     }
 
-  if (use_delta_fields 
-      ? result_iterator_delta_may_have_tickets (results) 
+  if (use_delta_fields
+      ? result_iterator_delta_may_have_tickets (results)
       : result_iterator_may_have_tickets (results))
     buffer_result_tickets_xml (buffer, result);
 
@@ -13304,7 +13304,7 @@ print_cpe_match_nodes_xml (resource_t node, GString *buffer)
       vee = cpe_match_string_iterator_version_end_excl (&cpe_match_ranges);
 
       xml_string_append (buffer,
-                         "<version_start_including>%s</version_start_including>", 
+                         "<version_start_including>%s</version_start_including>",
                          vsi ?: "");
       xml_string_append (buffer,
                          "<version_start_excluding>%s</version_start_excluding>",
@@ -15536,7 +15536,7 @@ print_report_config_params (gmp_parser_t *gmp_parser, GError **error,
 
           SENDF_TO_CLIENT_OR_FAIL
             ("</type><value using_default=\"%d\">%s",
-              report_config_param_iterator_using_default (&params), 
+              report_config_param_iterator_using_default (&params),
               value ? value : "");
           if (value)
             {
@@ -15711,27 +15711,27 @@ handle_get_report_configs (gmp_parser_t *gmp_parser, GError **error)
         {
           SEND_TO_CLIENT_OR_FAIL ("<orphan>1</orphan>");
         }
-      
-      SENDF_TO_CLIENT_OR_FAIL 
+
+      SENDF_TO_CLIENT_OR_FAIL
         ("<report_format id=\"%s\">",
           report_config_iterator_report_format_id (&report_configs)
         );
-      
+
       if (!orphan)
         {
-          SENDF_TO_CLIENT_OR_FAIL 
+          SENDF_TO_CLIENT_OR_FAIL
             ("<name>%s</name>",
               report_config_iterator_report_format_name (&report_configs)
             );
-            
+
           if (report_config_iterator_report_format_readable (&report_configs) == 0)
             {
               SENDF_TO_CLIENT_OR_FAIL ("<permissions/>");
             }
         }
-      
+
       SENDF_TO_CLIENT_OR_FAIL ("</report_format>");
-      
+
       print_report_config_params (gmp_parser, error,
                                   report_config_param_iterator_rowid (
                                     &report_configs
@@ -16114,16 +16114,16 @@ handle_get_report_formats (gmp_parser_t *gmp_parser, GError **error)
 }
 
 /**
- * @brief Assign resource iterator with an init iterator based on the type 
+ * @brief Assign resource iterator with an init iterator based on the type
  * in the get command data.
  *
  * @param[in]  resource_names_data   data for get_resource_names command.
  * @param[out] iterator              address of iterator function pointer.
- * 
+ *
  * @return 1 if type is invalid, else 0.
  */
 int
-select_resource_iterator (get_resource_names_data_t *resource_names_data, 
+select_resource_iterator (get_resource_names_data_t *resource_names_data,
                           int (**iterator) (iterator_t*, get_data_t *))
 {
     if (g_strcmp0 ("cpe", resource_names_data->type) == 0)
@@ -16173,7 +16173,7 @@ select_resource_iterator (get_resource_names_data_t *resource_names_data,
   else if (g_strcmp0 ("group", resource_names_data->type) == 0)
     {
       *iterator = (int (*) (iterator_t*, get_data_t *))init_group_iterator;
-    }                
+    }
   else if (g_strcmp0 ("note", resource_names_data->type) == 0)
     {
       *iterator = init_note_iterator_all;
@@ -16181,41 +16181,41 @@ select_resource_iterator (get_resource_names_data_t *resource_names_data,
   else if (g_strcmp0 ("override", resource_names_data->type) == 0)
     {
       *iterator = init_override_iterator_all;
-    }                
+    }
   else if (g_strcmp0 ("permission", resource_names_data->type) == 0)
     {
       *iterator = (int (*) (iterator_t*, get_data_t *))init_permission_iterator;
-    }                
+    }
   else if (g_strcmp0 ("port_list", resource_names_data->type) == 0)
     {
       *iterator = (int (*) (iterator_t*, get_data_t *))init_port_list_iterator;
-    }                
+    }
   else if (g_strcmp0 ("report", resource_names_data->type) == 0)
     {
       *iterator = (int (*) (iterator_t*, get_data_t *))init_report_iterator;
-      get_data_set_extra (&resource_names_data->get, 
+      get_data_set_extra (&resource_names_data->get,
                           "usage_type",
                           g_strdup ("scan"));
-    }                
+    }
   else if (g_strcmp0 ("audit_report", resource_names_data->type) == 0)
     {
       *iterator = (int (*) (iterator_t*, get_data_t *))init_report_iterator;
-      get_data_set_extra (&resource_names_data->get, 
+      get_data_set_extra (&resource_names_data->get,
                           "usage_type",
                           g_strdup ("audit"));
     }
   else if (g_strcmp0 ("report_config", resource_names_data->type) == 0)
     {
       *iterator = (int (*) (iterator_t*, get_data_t *))init_report_config_iterator;
-    }                
+    }
   else if (g_strcmp0 ("report_format", resource_names_data->type) == 0)
     {
       *iterator = (int (*) (iterator_t*, get_data_t *))init_report_format_iterator;
-    }                
+    }
   else if (g_strcmp0 ("role", resource_names_data->type) == 0)
     {
       *iterator = (int (*) (iterator_t*, get_data_t *))init_role_iterator;
-    }                
+    }
   else if (g_strcmp0 ("config", resource_names_data->type) == 0)
     {
       *iterator = (int (*) (iterator_t*, get_data_t *))init_config_iterator;
@@ -16233,15 +16233,15 @@ select_resource_iterator (get_resource_names_data_t *resource_names_data,
   else if (g_strcmp0 ("scanner", resource_names_data->type) == 0)
     {
       *iterator = (int (*) (iterator_t*, get_data_t *))init_scanner_iterator;
-    }                
+    }
   else if (g_strcmp0 ("schedule", resource_names_data->type) == 0)
     {
       *iterator = (int (*) (iterator_t*, get_data_t *))init_schedule_iterator;
-    }                
+    }
   else if (g_strcmp0 ("target", resource_names_data->type) == 0)
     {
       *iterator = (int (*) (iterator_t*, get_data_t *))init_target_iterator;
-    }                
+    }
   else if (g_strcmp0 ("task", resource_names_data->type) == 0)
     {
       *iterator = (int (*) (iterator_t*, get_data_t *))init_task_iterator;
@@ -16259,11 +16259,11 @@ select_resource_iterator (get_resource_names_data_t *resource_names_data,
   else if (g_strcmp0 ("tls_certificate", resource_names_data->type) == 0)
     {
       *iterator = (int (*) (iterator_t*, get_data_t *))init_tls_certificate_iterator;
-    } 
+    }
   else if (g_strcmp0 ("user", resource_names_data->type) == 0)
     {
       *iterator = (int (*) (iterator_t*, get_data_t *))init_user_iterator;
-    }         
+    }
   else
     {
       return 1;
@@ -16294,10 +16294,10 @@ handle_get_resource_names (gmp_parser_t *gmp_parser, GError **error)
       return;
     }
 
-  if ((((g_strcmp0 ("host", get_resource_names_data->type) == 0) 
+  if ((((g_strcmp0 ("host", get_resource_names_data->type) == 0)
           ||(g_strcmp0 ("os", get_resource_names_data->type) == 0))
        && (acl_user_may ("get_assets") == 0))
-      || ((g_strcmp0 ("result", get_resource_names_data->type) == 0) 
+      || ((g_strcmp0 ("result", get_resource_names_data->type) == 0)
           && (acl_user_may ("get_results") == 0))
       || (((g_strcmp0 ("report", get_resource_names_data->type) == 0)
            || (g_strcmp0 ("audit_report", get_resource_names_data->type) == 0))
@@ -16345,9 +16345,9 @@ handle_get_resource_names (gmp_parser_t *gmp_parser, GError **error)
         get_resource_names_data_reset (get_resource_names_data);
         set_client_state (CLIENT_AUTHENTIC);
         return;
-    }    
+    }
 
-  if (select_resource_iterator(get_resource_names_data, &init_resource_iterator)) 
+  if (select_resource_iterator(get_resource_names_data, &init_resource_iterator))
     {
       if (send_find_error_to_client ("get_resource_names", "type",
                                      get_resource_names_data->type, gmp_parser))
@@ -16372,7 +16372,7 @@ handle_get_resource_names (gmp_parser_t *gmp_parser, GError **error)
               error_send_to_client (error);
               return;
             }
-          break;          
+          break;
         case 2:
           if (send_find_error_to_client
                ("get_resource_names", "filter", get_resource_names_data->get.filt_id,
@@ -16391,7 +16391,7 @@ handle_get_resource_names (gmp_parser_t *gmp_parser, GError **error)
       set_client_state (CLIENT_AUTHENTIC);
       return;
     }
-  
+
   SEND_GET_START ("resource_name");
   SENDF_TO_CLIENT_OR_FAIL ("<type>%s</type>", get_resource_names_data->type);
 
@@ -16399,8 +16399,8 @@ handle_get_resource_names (gmp_parser_t *gmp_parser, GError **error)
     {
       GString *result;
       result = g_string_new ("");
-      
-      if(g_strcmp0 ("tls_certificate", get_resource_names_data->type) == 0) 
+
+      if(g_strcmp0 ("tls_certificate", get_resource_names_data->type) == 0)
         {
             buffer_xml_append_printf (result,
                                       "<resource id=\"%s\">"
@@ -16410,8 +16410,8 @@ handle_get_resource_names (gmp_parser_t *gmp_parser, GError **error)
                                         : "",
                                       tls_certificate_iterator_subject_dn (&resource)
                                         ? tls_certificate_iterator_subject_dn (&resource)
-                                        : "");          
-        } 
+                                        : "");
+        }
       else if (g_strcmp0 ("override", get_resource_names_data->type) == 0)
         {
             buffer_xml_append_printf (result,
@@ -16422,9 +16422,9 @@ handle_get_resource_names (gmp_parser_t *gmp_parser, GError **error)
                                           : "",
                                         override_iterator_nvt_name (&resource)
                                           ? override_iterator_nvt_name (&resource)
-                                          : "");          
+                                          : "");
         }
-      else 
+      else
         {
             buffer_xml_append_printf (result,
                                         "<resource id=\"%s\">"
@@ -20443,7 +20443,7 @@ gmp_xml_handle_end_element (/* unused */ GMarkupParseContext* context,
 
       case CLIENT_GET_RESOURCE_NAMES:
         handle_get_resource_names (gmp_parser, error);
-        break;        
+        break;
 
       case CLIENT_GET_RESULTS:
         handle_get_results (gmp_parser, error);
diff --git a/src/gmp_report_configs.c b/src/gmp_report_configs.c
index 5a471b05b..9fcb44c87 100644
--- a/src/gmp_report_configs.c
+++ b/src/gmp_report_configs.c
@@ -38,7 +38,7 @@
 
 /**
  * @brief Collect params from entity.
- * 
+ *
  * @param[in] entity  Entity to check for param elements.
  *
  * @return Array of params
@@ -49,7 +49,7 @@ params_from_entity (entity_t entity)
   array_t *params;
   entities_t children;
   entity_t param_entity;
-  
+
   params = make_array ();
   children = entity->entities;
   while ((param_entity = first_entity (children)))
@@ -85,7 +85,7 @@ params_from_entity (entity_t entity)
           if (param_value)
             {
               const char *use_default_str;
-              
+
               param->value = g_strdup (entity_text (param_value));
               use_default_str = entity_attribute (param_value, "use_default");
               if (use_default_str)
@@ -100,7 +100,7 @@ params_from_entity (entity_t entity)
               report_config_param_data_free (param);
               continue;
             }
-            
+
 
           array_add (params, param);
         }
@@ -529,7 +529,7 @@ modify_report_config_run (gmp_parser_t *gmp_parser, GError **error)
                               comment ? comment->text : NULL,
                               params,
                               &error_message);
-  
+
   switch (ret)
     {
       case 0:
diff --git a/src/gvmd.c b/src/gvmd.c
index 99f8e1fa1..f5c0100b0 100644
--- a/src/gvmd.c
+++ b/src/gvmd.c
@@ -2474,7 +2474,7 @@ gvmd (int argc, char** argv, char *env[])
 
   /* Set number of retries waiting for memory */
   set_mem_wait_retries (mem_wait_retries);
-  
+
   /* Set minimum memory for feed updates */
   set_min_mem_feed_update (min_mem_feed_update);
 
diff --git a/src/manage.c b/src/manage.c
index f61426986..c194bae68 100644
--- a/src/manage.c
+++ b/src/manage.c
@@ -3672,12 +3672,12 @@ fork_cve_scan_handler (task_t task, target_t target)
 
   gvm_hosts = gvm_hosts_new (hosts);
   free (hosts);
-  
+
   if (gvm_hosts_exclude (gvm_hosts, exclude_hosts ?: "") < 0)
     {
       set_task_interrupted (task,
                               "Failed to exclude hosts."
-                              "  Interrupting scan.");      
+                              "  Interrupting scan.");
       set_report_scan_run_status (global_current_report, TASK_STATUS_INTERRUPTED);
       gvm_hosts_free (gvm_hosts);
       free (exclude_hosts);
@@ -5480,12 +5480,12 @@ feed_sync_required ()
 
 /**
  * @brief Wait for memory
- * 
+ *
  * @param[in]  check_func  Function to check memory, should return 1 if enough.
  * @param[in]  retries     Number of retries.
  * @param[in]  min_mem     Minimum memory in MiB, for logging only
  * @param[in]  action      Short descriptor of action waiting for memory.
- * 
+ *
  * @return 0 if enough memory is available, 1 gave up
  */
 static int
@@ -6462,7 +6462,7 @@ get_nvt_xml (iterator_t *nvts, int details, int pref_count,
 
       if (nvt_iterator_epss_cve (nvts))
         {
-          buffer_xml_append_printf 
+          buffer_xml_append_printf
              (buffer,
               "<epss>"
               "<max_severity>"
@@ -6475,7 +6475,7 @@ get_nvt_xml (iterator_t *nvts, int details, int pref_count,
 
           if (nvt_iterator_has_epss_severity (nvts))
             {
-              buffer_xml_append_printf 
+              buffer_xml_append_printf
                  (buffer,
                   "<severity>%0.1f</severity>",
                   nvt_iterator_epss_severity (nvts));
@@ -6495,7 +6495,7 @@ get_nvt_xml (iterator_t *nvts, int details, int pref_count,
 
           if (nvt_iterator_has_max_epss_severity (nvts))
             {
-              buffer_xml_append_printf 
+              buffer_xml_append_printf
                  (buffer,
                   "<severity>%0.1f</severity>",
                   nvt_iterator_max_epss_severity (nvts));
@@ -6860,7 +6860,7 @@ set_mem_wait_retries (int new_retries)
 
 /**
  * @brief Check if the minimum memory for feed updates is available
- * 
+ *
  * @return 1 if minimum memory amount is available, 0 if not
  */
 int
diff --git a/src/manage.h b/src/manage.h
index 2930789b9..0285d708d 100644
--- a/src/manage.h
+++ b/src/manage.h
@@ -1416,7 +1416,7 @@ int
 init_result_get_iterator (iterator_t*, const get_data_t *, report_t,
                           const char*, const gchar *);
 int
-init_result_get_iterator_all (iterator_t* iterator, get_data_t *get);                         
+init_result_get_iterator_all (iterator_t* iterator, get_data_t *get);
 
 gboolean
 next_report (iterator_t*, report_t*);
@@ -1808,7 +1808,7 @@ manage_filter_controls (const gchar *, int *, int *, gchar **, int *);
 
 void
 manage_report_filter_controls (const gchar *, int *, int *, gchar **, int *,
-                               int *, gchar **, gchar **, gchar **, gchar **, 
+                               int *, gchar **, gchar **, gchar **, gchar **,
                                gchar **, int *, int *, int *, int *, gchar **);
 
 gchar *
@@ -2664,7 +2664,7 @@ init_override_iterator (iterator_t*, const get_data_t*, nvt_t, result_t,
                         task_t);
 
 int
-init_override_iterator_all (iterator_t* iterator, get_data_t *get);                        
+init_override_iterator_all (iterator_t* iterator, get_data_t *get);
 
 const char*
 override_iterator_nvt_oid (iterator_t*);
diff --git a/src/manage_configs.c b/src/manage_configs.c
index d7de250af..1eeba26f7 100644
--- a/src/manage_configs.c
+++ b/src/manage_configs.c
@@ -343,7 +343,7 @@ should_sync_config_from_path (const char *path, gboolean rebuild,
   if (resource_id_deprecated ("config", uuid))
     {
       find_config_no_acl (uuid, config);
-      
+
       if (rebuild)
         {
           g_free (uuid);
diff --git a/src/manage_pg.c b/src/manage_pg.c
index 43e031b99..56ea9f7e0 100644
--- a/src/manage_pg.c
+++ b/src/manage_pg.c
@@ -871,13 +871,13 @@ manage_create_sql_functions ()
        "       OR qod2 is null"
        "  THEN RETURN 'new';"
        "  WHEN description1 != description2"
-       "       OR severity1 != severity2" 
+       "       OR severity1 != severity2"
        "       OR qod1 != qod2"
        "       OR hostname1 != hostname2"
        "       OR path1 != path2"
        "  THEN RETURN 'changed';"
        "  ELSE RETURN 'same';"
-       "  END CASE;" 
+       "  END CASE;"
        "END;"
        "$$ LANGUAGE plpgsql"
        " IMMUTABLE;");
@@ -890,7 +890,7 @@ manage_create_sql_functions ()
        "  WHEN port = 'package'"
        "  THEN RETURN 'general/tcp';"
        "  ELSE RETURN port;"
-       "  END CASE;" 
+       "  END CASE;"
        "END;"
        "$$ LANGUAGE plpgsql"
        " IMMUTABLE;");
@@ -913,7 +913,7 @@ manage_create_sql_functions ()
        "        AND description LIKE 'Compliant:%%YES%%') > 0"
        "  THEN RETURN 'yes';"
        "  ELSE RETURN 'undefined';"
-       "  END CASE;" 
+       "  END CASE;"
        "END;"
        "$$ LANGUAGE plpgsql"
        " IMMUTABLE;");
@@ -925,7 +925,7 @@ manage_create_sql_functions ()
        " DECLARE count integer := 0;"
        " BEGIN"
        "   WITH compliance_count AS"
-       "   (SELECT count(*) AS total FROM results WHERE report = report_id"                        
+       "   (SELECT count(*) AS total FROM results WHERE report = report_id"
        "        AND description LIKE 'Compliant:%%' || compliance || '%%')"
        "   SELECT total FROM compliance_count"
        "   INTO count;"
@@ -934,7 +934,7 @@ manage_create_sql_functions ()
        " $$ LANGUAGE plpgsql"
        " IMMUTABLE;");
 
- /* Functions in SQL. */       
+ /* Functions in SQL. */
 
   if (sql_int ("SELECT (EXISTS (SELECT * FROM information_schema.tables"
                "                WHERE table_catalog = '%s'"
@@ -1996,7 +1996,7 @@ create_indexes_nvt ()
        "                     'nvts', 'cvss_base');");
   sql ("SELECT create_index ('nvts_by_solution_type',"
        "                     'nvts', 'solution_type');");
-  
+
   sql ("SELECT create_index ('vt_refs_by_vt_oid',"
        "                     'vt_refs', 'vt_oid');");
 
@@ -3569,7 +3569,7 @@ manage_db_init (const gchar *name)
 
       sql ("CREATE TABLE scap2.cpe_matches"
            " (id SERIAL PRIMARY KEY,"
-           "  match_criteria_id text,"               
+           "  match_criteria_id text,"
            "  cpe_name_id text,"
            "  cpe_name text);");
 
diff --git a/src/manage_port_lists.c b/src/manage_port_lists.c
index 26f7c8cc5..2c66aadf5 100644
--- a/src/manage_port_lists.c
+++ b/src/manage_port_lists.c
@@ -280,7 +280,7 @@ should_sync_port_list_from_path (const char *path, gboolean rebuild,
   if (resource_id_deprecated ("port_list", uuid))
     {
       find_port_list_no_acl (uuid, port_list);
-      
+
       if (rebuild)
         {
           return 1;
diff --git a/src/manage_report_configs.c b/src/manage_report_configs.c
index 277f2592d..ff2c7add2 100644
--- a/src/manage_report_configs.c
+++ b/src/manage_report_configs.c
@@ -54,7 +54,7 @@ find_report_config_with_permission (const char *uuid,
 
 /**
  * @brief Free a report config parameter data struct.
- * 
+ *
  * @param[in]  param  The parameter to free.
  */
 void
diff --git a/src/manage_report_formats.c b/src/manage_report_formats.c
index 8cc94feb0..8e66ad395 100644
--- a/src/manage_report_formats.c
+++ b/src/manage_report_formats.c
@@ -645,7 +645,7 @@ should_sync_report_format_from_path (const char *path,
   if (resource_id_deprecated ("report_format", uuid))
     {
       find_report_format_no_acl (uuid, report_format);
-      
+
       if (rebuild)
         {
           g_free (uuid);
diff --git a/src/manage_sql.c b/src/manage_sql.c
index 32f797a13..945ae9aa0 100644
--- a/src/manage_sql.c
+++ b/src/manage_sql.c
@@ -294,7 +294,7 @@ cache_all_permissions_for_users (GArray*);
 static void
 report_cache_counts (report_t, int, int, const char*);
 
-static gchar * 
+static gchar *
 reports_extra_where (int, const char *, const char *);
 
 static int
@@ -2037,8 +2037,8 @@ filter_control_str (keyword_t **point, const char *column, gchar **string)
  * @param[out]  compliance_levels   String describing compliance levels
  *                             to include in count (for example, "yniu" for
  *                             "yes" (compliant), "n" for "no" (not compliant),
- *                             "i" for "incomplete" and "u" for "undefined" 
- *                              (without compliance information). 
+ *                             "i" for "incomplete" and "u" for "undefined"
+ *                              (without compliance information).
  *                              All levels if NULL.
  * @param[out]  delta_states   String describing delta states to include in count
  *                             (for example, "sngc" Same, New, Gone and Changed).
@@ -2056,9 +2056,9 @@ manage_report_filter_controls (const gchar *filter, int *first, int *max,
                                gchar **sort_field, int *sort_order,
                                int *result_hosts_only, gchar **min_qod,
                                gchar **levels, gchar **compliance_levels,
-                               gchar **delta_states, gchar **search_phrase, 
-                               int *search_phrase_exact, int *notes, 
-                               int *overrides, int *apply_overrides, 
+                               gchar **delta_states, gchar **search_phrase,
+                               int *search_phrase_exact, int *notes,
+                               int *overrides, int *apply_overrides,
                                gchar **zone)
 {
   keyword_t **point;
@@ -16177,7 +16177,7 @@ check_db_versions ()
   else
     {
       int supported;
-      
+
       supported = manage_scap_db_supported_version ();
       if (scap_db_version != supported)
         {
@@ -21863,7 +21863,7 @@ report_compliance_by_uuid (const char *report_id,
                    " WHERE report = %llu"
                    " AND description NOT LIKE 'Compliant:%%';",
                    report);
-    }    
+    }
 
   g_free (quoted_uuid);
 }
@@ -22277,7 +22277,7 @@ report_iterator_opts_table (int override, int min_qod)
  * @brief Return SQL WHERE for restricting a SELECT to compliance statuses.
  *
  * @param[in]  compliance  String describing compliance statuses of reports
- *                         to include (for example, "yniu" for yes (compliant), 
+ *                         to include (for example, "yniu" for yes (compliant),
  *                         no (not compliant), i (incomplete) and u (undefined))
  *                         All compliance statuses if NULL.
  *
@@ -22351,7 +22351,7 @@ reports_extra_where (int trash, const gchar *filter, const char *usage_type)
     {
       trash_clause = g_strdup_printf (" AND (SELECT hidden FROM tasks"
                                       "      WHERE tasks.id = task)"
-                                      "     = 2");    
+                                      "     = 2");
     }
   else
     {
@@ -22460,7 +22460,7 @@ init_report_iterator (iterator_t* iterator, const get_data_t *get)
   extra_tables = report_iterator_opts_table (overrides, min_qod);
   usage_type = get_data_get_extra (get, "usage_type");
 
-  extra_where = reports_extra_where (get->trash, 
+  extra_where = reports_extra_where (get->trash,
                                      filter ? filter : get->filter,
                                      usage_type);
 
@@ -22616,7 +22616,7 @@ where_levels_auto (const char *levels, const char *new_severity_sql)
 /**
  * @brief Return SQL WHERE for restricting a SELECT to compliance levels.
  *
- * @param[in]  levels  String describing compliance levels to include in 
+ * @param[in]  levels  String describing compliance levels to include in
  *                     report (for example, "yniu" for "yes, "no", "incomplete"
  *                     and "undefined").  All levels if NULL.
  *
@@ -23620,14 +23620,14 @@ init_result_get_iterator_severity (iterator_t* iterator, const get_data_t *get,
  * @param[in]  apply_overrides   Whether to apply overrides.
  * @param[in]  dynamic_severity  Whether to use dynamic severity.
  * @param[in]  nvts_table        NVTS table.
- * @param[in]  results_table     Results table. 
+ * @param[in]  results_table     Results table.
  *
  * @return SQL clause for FROM.
  */
 static gchar *
-result_iterator_lateral (int apply_overrides, 
-                         int dynamic_severity, 
-                         const char *results_table, 
+result_iterator_lateral (int apply_overrides,
+                         int dynamic_severity,
+                         const char *results_table,
                          const char *nvts_table)
 {
   if (apply_overrides && dynamic_severity)
@@ -23642,11 +23642,11 @@ result_iterator_lateral (int apply_overrides,
       "                         ov_old_severity)"
       "                   LIMIT 1),"
       "                  (SELECT curr_severity FROM curr LIMIT 1))"
-      " AS new_severity)", 
+      " AS new_severity)",
       results_table,
       nvts_table,
       results_table,
-      results_table, 
+      results_table,
       results_table);
 
   if (apply_overrides)
@@ -23832,7 +23832,7 @@ result_count (const get_data_t *get, report_t report, const char* host)
 
   opts_tables = result_iterator_opts_table (apply_overrides, dynamic_severity);
 
-  lateral_clause = result_iterator_lateral (apply_overrides, 
+  lateral_clause = result_iterator_lateral (apply_overrides,
                                             dynamic_severity,
                                             "results",
                                             "nvts");
@@ -26215,19 +26215,19 @@ report_compliance_from_counts (const int* yes_count,
  * @param[in]   get                  Get data.
  * @param[out]  f_compliance_yes     Compliant results count after filtering.
  * @param[out]  f_compliance_no      Incompliant results count after filtering.
- * @param[out]  f_compliance_incomplete  Incomplete results count 
+ * @param[out]  f_compliance_incomplete  Incomplete results count
  *                                       after filtering.
- * @param[out]  f_compliance_undefined   Undefined results count 
+ * @param[out]  f_compliance_undefined   Undefined results count
  *                                       after filtering.
  *
  * @return 0 on success, -1 on error.
  */
 static int
-report_compliance_f_counts (report_t report, 
-                            const get_data_t* get, 
-                            int* f_compliance_yes, 
-                            int* f_compliance_no, 
-                            int* f_compliance_incomplete, 
+report_compliance_f_counts (report_t report,
+                            const get_data_t* get,
+                            int* f_compliance_yes,
+                            int* f_compliance_no,
+                            int* f_compliance_incomplete,
                             int* f_compliance_undefined)
 {
   if (report == 0)
@@ -26262,7 +26262,7 @@ report_compliance_f_counts (report_t report,
       else if (strcasecmp (compliance, "no") == 0)
         {
           no_count++;
-        }      
+        }
       else if (strcasecmp (compliance, "incomplete") == 0)
         {
           incomplete_count++;
@@ -26270,7 +26270,7 @@ report_compliance_f_counts (report_t report,
       else if (strcasecmp (compliance, "undefined") == 0)
         {
           undefined_count++;
-        }      
+        }
 
     }
 
@@ -26301,11 +26301,11 @@ report_compliance_f_counts (report_t report,
  * @return 0 on success, -1 on error.
  */
 static int
-report_compliance_counts (report_t report, 
+report_compliance_counts (report_t report,
                           const get_data_t* get,
-                          int* compliance_yes, 
+                          int* compliance_yes,
                           int* compliance_no,
-                          int* compliance_incomplete, 
+                          int* compliance_incomplete,
                           int* compliance_undefined)
 {
   if (report == 0)
@@ -26313,7 +26313,7 @@ report_compliance_counts (report_t report,
 
   report_compliance_by_uuid (report_uuid(report),
                              compliance_yes,
-                             compliance_no, 
+                             compliance_no,
                              compliance_incomplete,
                              compliance_undefined);
 
@@ -27550,7 +27550,7 @@ print_report_host_details_xml (report_host_t report_host, FILE *stream,
  * @return 0 on success, -1 error.
  */
 static int
-print_report_host_tls_certificates_xml (report_host_t report_host, 
+print_report_host_tls_certificates_xml (report_host_t report_host,
                                         const char *host_ip,
                                         FILE *stream)
 {
@@ -27572,14 +27572,14 @@ print_report_host_tls_certificates_xml (report_host_t report_host,
                  "        OR source_description = 'SSL Certificate')",
                  report_host);
 
-  while (next (&tls_certs)) 
+  while (next (&tls_certs))
     {
       const char *certificate_prefixed, *certificate_b64;
       gsize certificate_size;
       unsigned char *certificate;
       const char *scanner_fpr_prefixed, *scanner_fpr;
       gchar *quoted_scanner_fpr;
-      char *ssldetails;       
+      char *ssldetails;
       iterator_t ports;
       gboolean valid;
       time_t now;
@@ -27642,7 +27642,7 @@ print_report_host_tls_certificates_xml (report_host_t report_host,
 
       now = time (NULL);
 
-      if((expiration_time >= now || expiration_time == -1) 
+      if((expiration_time >= now || expiration_time == -1)
          && (activation_time <= now || activation_time == -1))
         {
           valid = TRUE;
@@ -27692,7 +27692,7 @@ print_report_host_tls_certificates_xml (report_host_t report_host,
       g_free (serial);
 
       free (hostname);
-    
+
       init_iterator (&ports,
                      "SELECT value FROM report_host_details"
                      " WHERE report_host = %llu"
@@ -27700,7 +27700,7 @@ print_report_host_tls_certificates_xml (report_host_t report_host,
                      "   AND value LIKE '%%:%%:%s'",
                      report_host,
                      quoted_scanner_fpr);
-     
+
       PRINT (stream, "<ports>");
 
       while (next (&ports))
@@ -27719,10 +27719,10 @@ print_report_host_tls_certificates_xml (report_host_t report_host,
       PRINT (stream, "</ports>");
 
       PRINT (stream, "</tls_certificate>");
-      
+
       g_free (quoted_scanner_fpr);
-      cleanup_iterator (&ports);   
-    
+      cleanup_iterator (&ports);
+
     }
     cleanup_iterator (&tls_certs);
 
@@ -28331,7 +28331,7 @@ init_delta_iterator (report_t report, iterator_t *results, report_t delta,
                                   " ON results.nvt = nvts.oid %s,"
                                   " LATERAL %s AS lateral_new_severity",
                                   opts_tables,
-                                  lateral_clause);                                                         
+                                  lateral_clause);
 
   g_free (lateral_clause);
 
@@ -28355,24 +28355,24 @@ init_delta_iterator (report_t report, iterator_t *results, report_t delta,
 
   extra_with = g_strdup_printf(" comparison AS ("
     " WITH r1a as (SELECT results.id, description, host, report, port,"
-    "              severity, nvt, results.qod, results.uuid, hostname," 
+    "              severity, nvt, results.qod, results.uuid, hostname,"
     "              path, r1_lateral.new_severity as new_severity "
     "       FROM results "
     "       LEFT JOIN (SELECT cvss_base, oid AS nvts_oid FROM nvts)"
     "       AS nvts_cols"
     "       ON nvts_cols.nvts_oid = results.nvt"
-    "       %s, LATERAL %s AS r1_lateral" 
+    "       %s, LATERAL %s AS r1_lateral"
     "       WHERE report = %llu),"
-    " r2a as (SELECT results.*, r2_lateral.new_severity AS new_severity" 
-    "        FROM results" 
+    " r2a as (SELECT results.*, r2_lateral.new_severity AS new_severity"
+    "        FROM results"
     "        LEFT JOIN (SELECT cvss_base, oid AS nvts_oid FROM nvts)"
-    "        AS nvts_cols" 
-    "        ON nvts_cols.nvts_oid = results.nvt" 
-    "        %s, LATERAL %s AS r2_lateral" 
+    "        AS nvts_cols"
+    "        ON nvts_cols.nvts_oid = results.nvt"
+    "        %s, LATERAL %s AS r2_lateral"
     "        WHERE report = %llu),"
     " r1 as (SELECT DISTINCT ON (r1a.id) r1a.*, r2a.id as r2id, row_number() over w1 as r1_rank"
     "        FROM r1a LEFT JOIN r2a ON r1a.host = r2a.host"
-    "        AND normalize_port(r1a.port) = normalize_port(r2a.port)" 
+    "        AND normalize_port(r1a.port) = normalize_port(r2a.port)"
     "        AND r1a.nvt = r2a.nvt "
     "        AND (r1a.new_severity = 0) = (r2a.new_severity = 0)"
     "        AND (r1a.description = r2a.description)"
@@ -28381,15 +28381,15 @@ init_delta_iterator (report_t report, iterator_t *results, report_t delta,
     "        ORDER BY r1a.id),"
     " r2 as (SELECT DISTINCT ON (r2a.id) r2a.*, r1a.id as r1id, row_number() over w2 as r2_rank"
     "        FROM r2a LEFT JOIN r1a ON r2a.host = r1a.host"
-    "        AND normalize_port(r2a.port) = normalize_port(r1a.port)" 
+    "        AND normalize_port(r2a.port) = normalize_port(r1a.port)"
     "        AND r2a.nvt = r1a.nvt "
     "        AND (r2a.new_severity = 0) = (r1a.new_severity = 0)"
     "        AND (r2a.description = r1a.description)"
     "        WINDOW w2 AS (PARTITION BY r2a.host, normalize_port(r2a.port),"
     "                      r2a.nvt, r2a.new_severity = 0, r1a.id is null ORDER BY r1a.id)"
     "        ORDER BY r2a.id)"
-    " (SELECT r1.id AS result1_id," 
-    " r2.id AS result2_id," 
+    " (SELECT r1.id AS result1_id,"
+    " r2.id AS result2_id,"
     " compare_results("
     "  r1.description,"
     "  r2.description,"
@@ -28413,13 +28413,13 @@ init_delta_iterator (report_t report, iterator_t *results, report_t delta,
     " r2.owner AS delta_owner,"
     " r2.path AS delta_path,"
     " r2.host AS delta_host,"
-      RESULT_HOSTNAME_SQL("r2.hostname", "r2.host", "r2.report") 
+      RESULT_HOSTNAME_SQL("r2.hostname", "r2.host", "r2.report")
     "   AS delta_hostname,"
     " r2.nvt_version AS delta_nvt_version"
     " FROM r1"
     " FULL OUTER JOIN r2"
     " ON r1.host = r2.host"
-    " AND normalize_port(r1.port) = normalize_port(r2.port)" 
+    " AND normalize_port(r1.port) = normalize_port(r2.port)"
     " AND r1.nvt = r2.nvt "
     " AND (r1.new_severity = 0) = (r2.new_severity = 0)"
     " AND ((r1id IS NULL AND r2id IS NULL) OR"
@@ -28613,12 +28613,12 @@ print_report_delta_xml (FILE *out, iterator_t *results,
                         0,
                         state,
                         NULL,
-                        (strcmp (state, "changed") == 0), 
+                        (strcmp (state, "changed") == 0),
                         -1,
                         0,  /* Lean. */
                         0); /* Delta fields. */
- 
-    if (fprintf (out, "%s", buffer->str) < 0) 
+
+    if (fprintf (out, "%s", buffer->str) < 0)
       {
         g_string_free (buffer, TRUE);
         g_tree_destroy (ports);
@@ -28810,8 +28810,8 @@ print_report_xml_start (report_t report, report_t delta, task_t task,
                                      &first_result, &max_results, &sort_field,
                                      &sort_order, &result_hosts_only,
                                      &min_qod, &levels, &compliance_levels,
-                                     &delta_states, &search_phrase, 
-                                     &search_phrase_exact, &notes, 
+                                     &delta_states, &search_phrase,
+                                     &search_phrase_exact, &notes,
                                      &overrides, &apply_overrides, &zone);
     }
   else
@@ -28822,7 +28822,7 @@ print_report_xml_start (report_t report, report_t delta, task_t task,
                                      &first_result, &max_results, &sort_field,
                                      &sort_order, &result_hosts_only,
                                      &min_qod, &levels, &compliance_levels,
-                                     &delta_states, &search_phrase, 
+                                     &delta_states, &search_phrase,
                                      &search_phrase_exact, &notes, &overrides,
                                      &apply_overrides, &zone);
     }
@@ -28944,7 +28944,7 @@ print_report_xml_start (report_t report, report_t delta, task_t task,
       if (strcmp (tsk_usage_type, "audit"))
         {
           if (delta == 0)
-            {         
+            {
               int total_holes, total_infos, total_logs;
               int total_warnings, total_false_positives;
               get_data_t *all_results_get;
@@ -28980,7 +28980,7 @@ print_report_xml_start (report_t report, report_t delta, task_t task,
               filtered_result_count = holes + infos + logs + warnings
                                       + false_positives;
 
-            }          
+            }
         }
       /* Get report run status. */
 
@@ -29845,7 +29845,7 @@ print_report_xml_start (report_t report, report_t delta, task_t task,
             {
               report_host_t report_host = host_iterator_report_host(&hosts);
 
-              if (print_report_host_tls_certificates_xml(report_host, 
+              if (print_report_host_tls_certificates_xml(report_host,
                                                          result_host,
                                                          out))
                 {
@@ -29865,15 +29865,15 @@ print_report_xml_start (report_t report, report_t delta, task_t task,
       const char *host;
       iterator_t hosts;
       init_report_host_iterator (&hosts, report, NULL, 0);
-      
+
       PRINT (out, "<tls_certificates>");
-      
+
       while (next (&hosts))
         {
           report_host_t report_host = host_iterator_report_host(&hosts);
           host = host_iterator_host (&hosts);
 
-          if (print_report_host_tls_certificates_xml(report_host, 
+          if (print_report_host_tls_certificates_xml(report_host,
                                                      host,
                                                      out))
             {
@@ -47631,7 +47631,7 @@ modify_filter (const char *filter_id, const char *name, const char *comment,
     return 4;
 
   db_type = type_db_name (type);
-  if (db_type && !((strcmp (db_type, "") == 0) || valid_type (db_type))) 
+  if (db_type && !((strcmp (db_type, "") == 0) || valid_type (db_type)))
     {
       if (!valid_subtype (type))
         return 3;
@@ -56024,7 +56024,7 @@ tag_add_resources_list (tag_t tag, const char *type, array_t *uuids,
     resource_permission = g_strdup ("get_info");
   else if (type_is_asset_subtype (type))
     resource_permission = g_strdup ("get_assets");
-  else if (type_is_report_subtype (type)) 
+  else if (type_is_report_subtype (type))
     {
       resource_permission = g_strdup ("get_reports");
       type = g_strdup("report");
@@ -56336,7 +56336,7 @@ tag_remove_resources_filter (tag_t tag, const char *type, const char *filter)
             g_free (resources_get.filter);
             g_free (resources_get.type);
             if (resources_get.extra_params)
-              g_hash_table_destroy (resources_get.extra_params);           
+              g_hash_table_destroy (resources_get.extra_params);
             return -1;
         }
     }
@@ -56345,7 +56345,7 @@ tag_remove_resources_filter (tag_t tag, const char *type, const char *filter)
   g_free (resources_get.filter);
   g_free (resources_get.type);
   if (resources_get.extra_params)
-      g_hash_table_destroy (resources_get.extra_params);  
+      g_hash_table_destroy (resources_get.extra_params);
 
   ret = 2;
   while (next (&resources))
@@ -56462,11 +56462,11 @@ create_tag (const char * name, const char * comment, const char * value,
   if (strcmp (lc_resource_type, "")
       && valid_db_resource_type (lc_resource_type) == 0)
     {
-      if (!valid_subtype (lc_resource_type)) 
+      if (!valid_subtype (lc_resource_type))
         {
           g_free (lc_resource_type);
           sql_rollback ();
-          return -1;          
+          return -1;
         }
     }
 
@@ -56700,7 +56700,7 @@ modify_tag (const char *tag_id, const char *name, const char *comment,
       if (!valid_subtype (lc_resource_type))
         {
           sql_rollback ();
-          return -1;          
+          return -1;
         }
     }
 
@@ -57672,7 +57672,7 @@ type_extra_where (const char *type, int trash, const char *filter,
         usage_type = g_hash_table_lookup (extra_params, "usage_type");
       else
         usage_type = NULL;
-      
+
       extra_where = reports_extra_where (trash, filter, usage_type);
     }
   else if (strcasecmp (type, "RESULT") == 0)
@@ -57809,9 +57809,9 @@ type_build_select (const char *type, const char *columns_str,
 
       original = opts_table;
 
-      lateral_clause = result_iterator_lateral (overrides, 
-                                                dynamic, 
-                                                "results", 
+      lateral_clause = result_iterator_lateral (overrides,
+                                                dynamic,
+                                                "results",
                                                 "nvts");
 
       opts_table = g_strdup_printf (" LEFT OUTER JOIN result_vt_epss"
diff --git a/src/manage_sql_report_configs.c b/src/manage_sql_report_configs.c
index 88d8fc542..3599d3f3a 100644
--- a/src/manage_sql_report_configs.c
+++ b/src/manage_sql_report_configs.c
@@ -242,7 +242,7 @@ create_report_config (const char *name, const char *comment,
   g_free (quoted_comment);
   g_free (quoted_report_format_id);
 
-  for (int i = 0; g_ptr_array_index (params, i); i++) 
+  for (int i = 0; g_ptr_array_index (params, i); i++)
     {
       report_config_param_data_t *param;
       param = g_ptr_array_index (params, i);
@@ -266,7 +266,7 @@ create_report_config (const char *name, const char *comment,
 
 /**
  * @brief Modify a report config.
- * 
+ *
  * @param[in]   report_config_id  UUID of report config to modify.
  * @param[in]   new_name          Name of report config.
  * @param[in]   new_comment       Comment of report config.
@@ -352,7 +352,7 @@ modify_report_config (const char *report_config_id,
           return 3;
         }
 
-      for (int i = 0; g_ptr_array_index (params, i); i++) 
+      for (int i = 0; g_ptr_array_index (params, i); i++)
         {
           report_config_param_data_t *param;
           param = g_ptr_array_index (params, i);
@@ -797,7 +797,7 @@ report_config_iterator_report_format_readable (iterator_t* iterator)
 
   if (iterator->done) return 0;
 
-  report_format_id 
+  report_format_id
     = report_config_iterator_report_format_id (iterator);
 
   if (report_format_id)
@@ -855,7 +855,7 @@ init_report_config_param_iterator (iterator_t *iterator,
                                    int trash)
 {
   report_format_t report_format;
-  
+
   report_format = report_config_report_format (report_config);
 
   init_iterator (iterator,
diff --git a/src/manage_sql_report_formats.c b/src/manage_sql_report_formats.c
index 1579b3a71..becfcb4c5 100644
--- a/src/manage_sql_report_formats.c
+++ b/src/manage_sql_report_formats.c
@@ -2409,10 +2409,10 @@ report_format_param_type_min (report_format_t report_format, const char *name)
 
 /**
  * @brief Checks if the value of a report format param is a valid option.
- * 
+ *
  * @param[in]  param  The report format param to check.
  * @param[in]  value  The value to check.
- * 
+ *
  * @return 1 if the value is one of the allowed options, 0 if not.
  */
 static int
@@ -2983,7 +2983,7 @@ report_format_iterator_trust_time (iterator_t* iterator)
  *
  * @return Time report format was verified.
  */
-int 
+int
 report_format_iterator_configurable (iterator_t* iterator)
 {
   int ret;
diff --git a/src/manage_sql_secinfo.c b/src/manage_sql_secinfo.c
index cf13bf215..48cf21772 100644
--- a/src/manage_sql_secinfo.c
+++ b/src/manage_sql_secinfo.c
@@ -291,7 +291,7 @@ inserts_check_size (inserts_t *inserts)
       inserts->statements_size += inserts->statement->len;
       inserts->statement = NULL;
       inserts->current_chunk_size = 0;
-      
+
       if (inserts->max_statements_size
           && inserts-> statements_size >= inserts->max_statements_size)
         {
@@ -1019,7 +1019,7 @@ init_cert_bund_adv_info_iterator (iterator_t* iterator, get_data_t *get,
 }
 
 /**
- * @brief Initialise an CERT-Bund advisory (cert_bund_adv) info iterator not 
+ * @brief Initialise an CERT-Bund advisory (cert_bund_adv) info iterator not
  *        limited to a name.
  *
  * @param[in]  iterator        Iterator.
@@ -1243,7 +1243,7 @@ init_dfn_cert_adv_info_iterator (iterator_t* iterator, get_data_t *get,
 }
 
 /**
- * @brief Initialise an DFN-CERT advisory (dfn_cert_adv) info iterator 
+ * @brief Initialise an DFN-CERT advisory (dfn_cert_adv) info iterator
  *        not limited to a name.
  *
  * @param[in]  iterator        Iterator.
@@ -2389,7 +2389,7 @@ handle_json_cpe_item (inserts_t *inserts, inserts_t *deprecated_by_inserts,
                                   quoted_name,
                                   quoted_deprecated_by_id);
 
-          deprecated_by_inserts->current_chunk_size++;   
+          deprecated_by_inserts->current_chunk_size++;
           g_free (quoted_deprecated_by_id);
         }
     }
@@ -2473,7 +2473,7 @@ handle_json_cpe_refs (inserts_t *inserts, cJSON *product_item)
       type = json_object_item_string (refs_item, "type");
       quoted_ref = sql_quote (ref ? ref : "");
       quoted_type = sql_quote (type ? type : "");
-      
+
       first = inserts_check_size (inserts);
 
       g_string_append_printf (inserts->statement,
@@ -2485,7 +2485,7 @@ handle_json_cpe_refs (inserts_t *inserts, cJSON *product_item)
 
       inserts->current_chunk_size++;
       g_free (quoted_ref);
-      g_free (quoted_type); 
+      g_free (quoted_type);
     }
   g_free (quoted_name);
 
@@ -3005,7 +3005,7 @@ insert_cve_products (element_t list, resource_t cve,
 
       product_element = element_next (product_element);
     }
-  
+
   /* Add new CPEs. */
 
   first_product = first_affected = 1;
@@ -3031,7 +3031,7 @@ insert_cve_products (element_t list, resource_t cve,
 
   if (first_product == 0)
     {
-      /* Run the SQL for inserting new CPEs and add them to hashed_cpes 
+      /* Run the SQL for inserting new CPEs and add them to hashed_cpes
        * so they can be looked up quickly when adding affected_products.
        */
       iterator_t inserted_cpes;
@@ -3414,7 +3414,7 @@ handle_cve_configurations (resource_t cve_db_id, char * cve_id,
       resource_t id, root_id;
       char *config_operator;
       int negate;
-      
+
       nodes_array = cJSON_GetObjectItemCaseSensitive (configuration_item,
                                                       "nodes");
       if (!cJSON_IsArray (nodes_array))
@@ -3444,7 +3444,7 @@ handle_cve_configurations (resource_t cve_db_id, char * cve_id,
               g_warning ("%s: operator missing for %s.", __func__, cve_id);
               return -1;
             }
-          
+
           negate = json_object_item_boolean (node_item, "negate", 0);
 
           cJSON *cpe_matches_array;
@@ -3463,7 +3463,7 @@ handle_cve_configurations (resource_t cve_db_id, char * cve_id,
             root_id = id;
 
           set_root_id (id, root_id);
-          
+
           cJSON *cpe_match_item;
           cJSON_ArrayForEach (cpe_match_item, cpe_matches_array)
             {
@@ -3505,7 +3505,7 @@ handle_cve_configurations (resource_t cve_db_id, char * cve_id,
                     g_string_append_printf (software, "%s ", cpe_matches_cpe_name (&cpe_matches));
                   cleanup_iterator (&cpe_matches);
                 }
-              g_free (quoted_match_criteria_id);          
+              g_free (quoted_match_criteria_id);
             }
         }
     }
@@ -3584,7 +3584,7 @@ handle_json_cve_item (cJSON *item)
     }
 
   gboolean cvss_metric_found = FALSE;
-  
+
   const char *cvss_metric_keys[] = {
     "cvssMetricV40",
     "cvssMetricV31",
@@ -4127,7 +4127,7 @@ handle_json_cpe_match_string (inserts_t *inserts, inserts_t *matches_inserts,
     quoted_version_start_incl = g_strdup ("NULL");
   else
     quoted_version_start_incl = g_strdup_printf ("'%s'", ver_se);
-    
+
   ver_se = json_object_item_string (match_string, "versionStartExcluding");
   if (ver_se == NULL)
     quoted_version_start_excl = g_strdup ("NULL");
@@ -4171,7 +4171,7 @@ handle_json_cpe_match_string (inserts_t *inserts, inserts_t *matches_inserts,
   g_free (quoted_version_end_excl);
 
   matches_array = cJSON_GetObjectItemCaseSensitive (match_string, "matches");
-  
+
   if (cJSON_IsArray (matches_array) && cJSON_GetArraySize (matches_array) > 0)
     {
       cJSON *match_item;
@@ -4339,9 +4339,9 @@ update_scap_cpe_match_strings ()
 
       inserts_init (&matches_inserts, 10,
                 setting_secinfo_sql_buffer_threshold_bytes (),
-                "INSERT INTO scap2.cpe_matches" 
+                "INSERT INTO scap2.cpe_matches"
                 "  (match_criteria_id, cpe_name_id, cpe_name)"
-                "  VALUES ",              
+                "  VALUES ",
                 "");
 
       gvm_json_pull_parser_next (&parser, &event);
@@ -4376,7 +4376,7 @@ update_scap_cpe_match_strings ()
               gvm_json_pull_event_cleanup (&event);
               gvm_json_pull_parser_cleanup (&parser);
               fclose (cpe_match_strings_file);
-              return -1;            
+              return -1;
             }
           cJSON_Delete (cpe_match_string_item);
           gvm_json_pull_parser_next (&parser, &event);
@@ -4447,7 +4447,7 @@ if (failure_condition) {                                          \
 
 /**
  * @brief Updates the base EPSS scores table in the SCAP database.
- * 
+ *
  * @return 0 success, -1 error.
  */
 static int
@@ -5311,7 +5311,7 @@ update_vt_scap_extra_data ()
        " WHERE epss_candidates.vt_oid = nvts.oid"
        "   AND epss_candidates.rank = 1;");
 }
- 
+
 /**
  * @brief Update CERT data that depends on SCAP.
  */
diff --git a/src/manage_sql_tls_certificates.c b/src/manage_sql_tls_certificates.c
index e51f33eee..5fa63dcd6 100644
--- a/src/manage_sql_tls_certificates.c
+++ b/src/manage_sql_tls_certificates.c
@@ -1747,9 +1747,9 @@ cleanup_tls_certificate_encoding ()
       if (g_utf8_validate (subject_dn, -1, NULL) == FALSE
           || g_utf8_validate (issuer_dn, -1, NULL) == FALSE)
         {
-          gchar *quoted_subject_dn 
+          gchar *quoted_subject_dn
             = sql_ascii_escape_and_quote (subject_dn, NULL);
-          gchar *quoted_issuer_dn 
+          gchar *quoted_issuer_dn
             = sql_ascii_escape_and_quote (issuer_dn, NULL);
 
           sql ("UPDATE tls_certificates"
diff --git a/src/sql_pg.c b/src/sql_pg.c
index cf8ed82c8..7f87cc1c9 100644
--- a/src/sql_pg.c
+++ b/src/sql_pg.c
@@ -607,7 +607,7 @@ sql_rollback ()
  *
  * @param[in]  table         The table to lock.
  * @param[in]  lock_timeout  The lock timeout in milliseconds, 0 for unlimited.
- * 
+ *
  * @return 1 if locked, 0 if failed / timed out.
  */
 int
@@ -615,10 +615,10 @@ sql_table_lock_wait (const char *table, int lock_timeout)
 {
   int old_lock_timeout = sql_int ("SHOW lock_timeout;");
   sql ("SET LOCAL lock_timeout = %d;", lock_timeout);
-  
+
   // This requires the gvmd functions to be defined first.
   int ret = sql_int ("SELECT try_exclusive_lock_wait ('%s');", table);
-  
+
   sql ("SET LOCAL lock_timeout = %d;", old_lock_timeout);
   return ret;
 }
diff --git a/src/utils.c b/src/utils.c
index 5db841129..32588497b 100644
--- a/src/utils.c
+++ b/src/utils.c
@@ -1029,7 +1029,7 @@ wait_for_pid (pid_t pid, const char *context)
 
 /**
  * @brief Get the available physical memory in bytes.
- * 
+ *
  * @return The available memory
  */
 guint64
@@ -1041,7 +1041,7 @@ phys_mem_available ()
 
 /**
  * @brief Get the total physical memory in bytes.
- * 
+ *
  * @return The total memory
  */
 guint64
diff --git a/src/utils_tests.c b/src/utils_tests.c
index ad6b8aa3f..46ff41bb4 100644
--- a/src/utils_tests.c
+++ b/src/utils_tests.c
@@ -109,25 +109,25 @@ Ensure (utils, gvm_sleep_sleep_for_1)
   assert_that (timespec_subtract (&end, &start), is_greater_than (NANOSECONDS - 1));
 }
 
-Ensure (utils, strescape_check_utf_8_no_exceptions) 
+Ensure (utils, strescape_check_utf_8_no_exceptions)
 {
   const char *utf8_input = "Äöü\n123\\UTF-8\x04";
   const char *utf8_expected = "Äöü\\n123\\\\UTF-8\\004";
   const char *cp850_input = "\x8E\x94\x81\n123\\CP850\x04";
   const char *cp850_expected = "\\216\\224\\201\\n123\\\\CP850\\004";
-  
+
   assert_that (g_utf8_validate (utf8_input, -1, NULL), is_true);
   gchar *output = strescape_check_utf8 (utf8_input, NULL);
-  assert_that (output, is_equal_to_string (utf8_expected)); 
+  assert_that (output, is_equal_to_string (utf8_expected));
   g_free (output);
 
   assert_that (g_utf8_validate (cp850_input, -1, NULL), is_false);
   output = strescape_check_utf8 (cp850_input, NULL);
-  assert_that (output, is_equal_to_string (cp850_expected)); 
+  assert_that (output, is_equal_to_string (cp850_expected));
   g_free (output);
 }
 
-Ensure (utils, strescape_check_utf_8_with_exceptions) 
+Ensure (utils, strescape_check_utf_8_with_exceptions)
 {
   const char *utf8_input = "Äöü\n123\\UTF-8\x04";
   const char *utf8_expected = "Äöü\n123\\\\UTF-8\\004";
@@ -136,12 +136,12 @@ Ensure (utils, strescape_check_utf_8_with_exceptions)
 
   assert_that (g_utf8_validate (utf8_input, -1, NULL), is_true);
   gchar *output = strescape_check_utf8 (utf8_input, "\t\n\r");
-  assert_that (output, is_equal_to_string (utf8_expected)); 
+  assert_that (output, is_equal_to_string (utf8_expected));
   g_free (output);
 
   assert_that (g_utf8_validate (cp850_input, -1, NULL), is_false);
   output = strescape_check_utf8 (cp850_input, "\t\n\r");
-  assert_that (output, is_equal_to_string (cp850_expected)); 
+  assert_that (output, is_equal_to_string (cp850_expected));
   g_free (output);
 }
 
@@ -164,7 +164,7 @@ main (int argc, char **argv)
   add_test_with_context (suite, utils, parse_iso_time_tz_with_z);
   add_test_with_context (suite, utils, parse_iso_time_tz_with_fallback_tz);
   add_test_with_context (suite, utils, parse_iso_time_tz_variants);
-  
+
   add_test_with_context (suite, utils, strescape_check_utf_8_no_exceptions);
   add_test_with_context (suite, utils, strescape_check_utf_8_with_exceptions);
 

From b3c8abf2c41106ff510878dab0550df360516a94 Mon Sep 17 00:00:00 2001
From: Ahmed Abdelsalam <ahmed.abdelsalam@greenbone.net>
Date: Fri, 15 Nov 2024 09:52:45 +0100
Subject: [PATCH 124/134] Fix: Remove tail command from gvmd startup script.
 Remove tail command since messages are now logged to stderr by default

---
 .docker/start-gvmd.sh | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/.docker/start-gvmd.sh b/.docker/start-gvmd.sh
index 7083b8f81..61bd5cf21 100644
--- a/.docker/start-gvmd.sh
+++ b/.docker/start-gvmd.sh
@@ -49,6 +49,4 @@ gvmd --modify-setting 78eceaec-3385-11ea-b237-28d24461215b --value "$uid"
 
 echo "starting gvmd"
 gvmd $GVMD_ARGS ||
-    (cat /var/log/gvm/gvmd.log && exit 1)
-
-tail -f /var/log/gvm/gvmd.log
+    (echo "Starting gvmd failed" && exit 1)
\ No newline at end of file

From 4a50a7f053d84afddd90e709ecb4cda60605b038 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 18 Nov 2024 05:03:29 +0000
Subject: [PATCH 125/134] Bump codecov/codecov-action from 4 to 5

Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 4 to 5.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/codecov/codecov-action/compare/v4...v5)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/build-and-test.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/build-and-test.yml b/.github/workflows/build-and-test.yml
index 470a23bb2..c74217b0c 100644
--- a/.github/workflows/build-and-test.yml
+++ b/.github/workflows/build-and-test.yml
@@ -64,7 +64,7 @@ jobs:
       - name: Configure and run tests
         run: CTEST_OUTPUT_ON_FAILURE=1 cmake --build build -- tests test
       - name: Upload test coverage to Codecov
-        uses: codecov/codecov-action@v4
+        uses: codecov/codecov-action@v5
         with:
           file: build/coverage/coverage.xml
           token: ${{ secrets.CODECOV_TOKEN }}

From 25d41dea4af00e72fd7759c46c76cc1d39ef728d Mon Sep 17 00:00:00 2001
From: Ahmed Abdelsalam <ahmed.abdelsalam@greenbone.net>
Date: Tue, 19 Nov 2024 09:54:49 +0100
Subject: [PATCH 126/134] Change: Run gvmd in foreground in the docker
 container. To keep the container alive after removing the tail command

---
 .docker/start-gvmd.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.docker/start-gvmd.sh b/.docker/start-gvmd.sh
index 61bd5cf21..a05ca0824 100644
--- a/.docker/start-gvmd.sh
+++ b/.docker/start-gvmd.sh
@@ -18,7 +18,7 @@
 
 [ -z "$USER" ] && USER="admin"
 [ -z "$PASSWORD" ] && PASSWORD="admin"
-[ -z "$GVMD_ARGS" ] && GVMD_ARGS="--listen-mode=666"
+[ -z "$GVMD_ARGS" ] && GVMD_ARGS="-f --listen-mode=666"
 [ -z "$GVMD_USER" ] && GVMD_USER="gvmd"
 [ -z "$PGRES_DATA" ] && PGRES_DATA="/var/lib/postgresql"
 

From a1e1df0886b6a17d6a1bc3788f6c48f94166c2b8 Mon Sep 17 00:00:00 2001
From: Timo Pollmeier <timo.pollmeier@greenbone.net>
Date: Fri, 22 Nov 2024 12:25:24 +0100
Subject: [PATCH 127/134] Fix: Rollback on create_credential privkey error

If the private key checks in create_credential fail, the SQL
transaction is now rolled back.

This fixes SQL transaction errors and possible incomplete
credentials being created if there are multiple GMP commands per
connection and one of them is create_credential failing because of
the private key.
---
 src/manage_sql.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/manage_sql.c b/src/manage_sql.c
index 945ae9aa0..66dafb594 100644
--- a/src/manage_sql.c
+++ b/src/manage_sql.c
@@ -35916,7 +35916,10 @@ create_credential (const char* name, const char* comment, const char* login,
       if (key_private)
         key_private_truncated = truncate_private_key (key_private);
       else
-        return 3;
+        {
+          sql_rollback ();
+          return 3;
+        }
 
       generated_key_public = gvm_ssh_public_from_private
                                 (key_private_truncated
@@ -35926,6 +35929,7 @@ create_credential (const char* name, const char* comment, const char* login,
       if (generated_key_public == NULL)
         {
           g_free (key_private_truncated);
+          sql_rollback ();
           return 3;
         }
       g_free (generated_key_public);

From 705c6c2569b88970bcdc2af08c2f3ca25c87c39b Mon Sep 17 00:00:00 2001
From: Timo Pollmeier <timo.pollmeier@greenbone.net>
Date: Tue, 26 Nov 2024 10:12:32 +0100
Subject: [PATCH 128/134] Fix: Avoid DB check inserts in cleanup-sequences

When running gvmd with the --optimize=cleanup-sequences option, the
database checks during initialization will avoid most inserts.
Setting database_version and max_hosts in the meta table now uses
INSERT ... ON CONFLICT instead of deleting the previous entry.

Skipping the inserts prevents the cleanup failing if one of the
sequence has already run out of ids.
The change to the meta table update reduces the risk of the meta table
id sequence running out.
---
 src/manage.c                    |   9 +-
 src/manage.h                    |   2 +-
 src/manage_sql.c                | 142 ++++++++++++++++++++++----------
 src/manage_sql.h                |   2 +-
 src/manage_sql_configs.c        |   7 +-
 src/manage_sql_configs.h        |   2 +-
 src/manage_sql_nvts.c           |   6 +-
 src/manage_sql_port_lists.c     |   7 +-
 src/manage_sql_report_formats.c |  11 ++-
 src/manage_sql_report_formats.h |   2 +-
 src/manage_sql_secinfo.c        |   3 +-
 11 files changed, 135 insertions(+), 58 deletions(-)

diff --git a/src/manage.c b/src/manage.c
index c194bae68..f9e0899c4 100644
--- a/src/manage.c
+++ b/src/manage.c
@@ -978,7 +978,8 @@ int
 manage_create_encryption_key (GSList *log_config,
                               const db_conn_info_t *database)
 {
-  int ret = manage_option_setup (log_config, database);
+  int ret = manage_option_setup (log_config, database,
+                                 0 /* avoid_db_check_inserts */);
   if (ret)
     {
       printf ("Error setting up log config or database connection.");
@@ -1042,7 +1043,8 @@ manage_set_encryption_key (GSList *log_config,
                            const db_conn_info_t *database,
                            const char *uid)
 {
-  int ret = manage_option_setup (log_config, database);
+  int ret = manage_option_setup (log_config, database,
+                                 0 /* avoid_db_check_inserts */);
   if (ret)
     {
       printf ("Error setting up log config or database connection.\n");
@@ -5707,7 +5709,8 @@ manage_rebuild_gvmd_data_from_feed (const char *types,
       return -1;
     }
 
-  ret = manage_option_setup (log_config, database);
+  ret = manage_option_setup (log_config, database,
+                             0 /* avoid_db_check_inserts */);
   if (ret)
     {
       if (error_msg)
diff --git a/src/manage.h b/src/manage.h
index 0285d708d..8882d7a52 100644
--- a/src/manage.h
+++ b/src/manage.h
@@ -127,7 +127,7 @@ init_manage (GSList*, const db_conn_info_t *, int, int, int, int,
              manage_connection_forker_t, int);
 
 int
-init_manage_helper (GSList *, const db_conn_info_t *, int);
+init_manage_helper (GSList *, const db_conn_info_t *, int, int);
 
 void
 init_manage_process (const db_conn_info_t*);
diff --git a/src/manage_sql.c b/src/manage_sql.c
index 945ae9aa0..6e653b13d 100644
--- a/src/manage_sql.c
+++ b/src/manage_sql.c
@@ -930,13 +930,15 @@ cert_check_time ()
  *
  * @param[in]  log_config  Log configuration.
  * @param[in]  database    Database.
+ * @param[in]  avoid_db_check_inserts  Whether to avoid inserts in DB check.
  *
  * @return 0 success, -1 error, -2 database is too old,
  *         -3 database needs to be initialised from server,
  *         -5 database is too new.
  */
 int
-manage_option_setup (GSList *log_config, const db_conn_info_t *database)
+manage_option_setup (GSList *log_config, const db_conn_info_t *database,
+                     int avoid_db_check_inserts)
 {
   int ret;
 
@@ -947,7 +949,8 @@ manage_option_setup (GSList *log_config, const db_conn_info_t *database)
     }
 
   ret = init_manage_helper (log_config, database,
-                            MANAGE_ABSOLUTE_MAX_IPS_PER_TARGET);
+                            MANAGE_ABSOLUTE_MAX_IPS_PER_TARGET,
+                            avoid_db_check_inserts);
   assert (ret != -4);
   switch (ret)
     {
@@ -6159,10 +6162,9 @@ manage_cert_db_version ()
 void
 set_db_version (int version)
 {
-  sql ("DELETE FROM %s.meta WHERE name = 'database_version';",
-       sql_schema ());
   sql ("INSERT INTO %s.meta (name, value)"
-       " VALUES ('database_version', '%i');",
+       " VALUES ('database_version', '%i')"
+       " ON CONFLICT (name) DO UPDATE SET value = EXCLUDED.value;",
        sql_schema (),
        version);
 }
@@ -6408,7 +6410,8 @@ manage_encrypt_all_credentials (GSList *log_config,
 
   g_info ("   (Re-)encrypting all credentials.");
 
-  ret = manage_option_setup (log_config, database);
+  ret = manage_option_setup (log_config, database,
+                             0 /* avoid_db_check_inserts */);
   if (ret)
     return ret;
 
@@ -6449,7 +6452,8 @@ manage_decrypt_all_credentials (GSList *log_config,
 
   g_info ("   Decrypting all credentials.");
 
-  ret = manage_option_setup (log_config, database);
+  ret = manage_option_setup (log_config, database,
+                             0 /* avoid_db_check_inserts */);
   if (ret)
     return ret;
 
@@ -6712,7 +6716,8 @@ manage_check_alerts (GSList *log_config, const db_conn_info_t *database)
 
   g_info ("   Checking alerts.");
 
-  ret = manage_option_setup (log_config, database);
+  ret = manage_option_setup (log_config, database,
+                             0 /* avoid_db_check_inserts */);
   if (ret)
     return ret;
 
@@ -15835,11 +15840,16 @@ manage_update_nvti_cache ()
 /**
  * @brief Ensure the predefined scanner exists.
  *
+ * @param[in]  avoid_db_check_inserts  Whether to avoid inserts.
+ *
  * @return 0 if success, -1 if error.
  */
 static int
-check_db_scanners ()
+check_db_scanners (int avoid_db_check_inserts)
 {
+  if (avoid_db_check_inserts)
+    return 0;
+  
   if (sql_int ("SELECT count(*) FROM scanners WHERE uuid = '%s';",
                SCANNER_UUID_DEFAULT) == 0)
     {
@@ -15868,11 +15878,16 @@ check_db_scanners ()
 /**
  * @brief Initialize the default settings.
  *
+ * @param[in]  avoid_db_check_inserts  Whether to avoid inserts.
+ *
  * Ensure all the default manager settings exist.
  */
 static void
-check_db_settings ()
+check_db_settings (int avoid_db_check_inserts)
 {
+  if (avoid_db_check_inserts)
+    return;
+
   if (sql_int ("SELECT count(*) FROM settings"
                " WHERE uuid = '6765549a-934e-11e3-b358-406186ea4fc5'"
                " AND " ACL_IS_GLOBAL () ";")
@@ -16219,10 +16234,15 @@ check_db_versions ()
 
 /**
  * @brief Ensures the sanity of nvts cache in DB.
+ *
+ * @param[in]  avoid_db_check_inserts  Whether to avoid inserts.
  */
 static void
-check_db_nvt_selectors ()
+check_db_nvt_selectors (int avoid_db_check_inserts)
 {
+  if (avoid_db_check_inserts)
+    return;
+
   /* Ensure every part of the predefined selector exists.
    * This restores entries lost due to the error solved 2010-08-13 by r8805. */
   if (sql_int ("SELECT count(*) FROM nvt_selectors WHERE name ="
@@ -16359,10 +16379,15 @@ add_permissions_on_globals (const gchar *role_uuid)
 
 /**
  * @brief Ensure the predefined permissions exists.
+ *
+ * @param[in]  avoid_db_check_inserts  Whether to avoid inserts.
  */
 static void
-check_db_permissions ()
+check_db_permissions (int avoid_db_check_inserts)
 {
+  if (avoid_db_check_inserts)
+    return;
+  
   command_t *command;
 
   if (sql_int ("SELECT count(*) FROM permissions"
@@ -16521,10 +16546,15 @@ check_db_permissions ()
 
 /**
  * @brief Ensure the predefined roles exists.
+ *
+ * @param[in]  avoid_db_check_inserts  Whether to avoid inserts.
  */
 static void
-check_db_roles ()
+check_db_roles (int avoid_db_check_inserts)
 {
+  if (avoid_db_check_inserts)
+    return;
+  
   if (sql_int ("SELECT count(*) FROM roles WHERE uuid = '" ROLE_UUID_ADMIN "';")
       == 0)
     sql ("INSERT INTO roles"
@@ -16680,11 +16710,11 @@ manage_migrate_relay_sensors ()
  * Only called by init_manage_internal, and ultimately only by the main process.
  *
  * @param[in]  check_encryption_key  Whether to check encryption key.
- *
+ * @param[in]  avoid_db_check_inserts  Whether to avoid inserts in DB check.
  * @return 0 success, -1 error.
  */
 static int
-check_db (int check_encryption_key)
+check_db (int check_encryption_key, int avoid_db_check_inserts)
 {
   /* The file locks managed at startup ensure that this is the only Manager
    * process accessing the db.  Nothing else should be accessing the db, access
@@ -16695,19 +16725,19 @@ check_db (int check_encryption_key)
   create_tables ();
   check_db_sequences ();
   set_db_version (GVMD_DATABASE_VERSION);
-  check_db_roles ();
-  check_db_nvt_selectors ();
+  check_db_roles (avoid_db_check_inserts);
+  check_db_nvt_selectors (avoid_db_check_inserts);
   check_db_nvts ();
-  check_db_port_lists ();
+  check_db_port_lists (avoid_db_check_inserts);
   clean_auth_cache ();
-  if (check_db_scanners ())
+  if (check_db_scanners (avoid_db_check_inserts))
     goto fail;
-  if (check_db_report_formats ())
+  if (check_db_report_formats (avoid_db_check_inserts))
     goto fail;
   if (check_db_report_formats_trash ())
     goto fail;
-  check_db_permissions ();
-  check_db_settings ();
+  check_db_permissions (avoid_db_check_inserts);
+  check_db_settings (avoid_db_check_inserts);
   cleanup_schedule_times ();
   if (check_encryption_key && check_db_encryption_key ())
     goto fail;
@@ -16874,6 +16904,7 @@ cleanup_tables ()
  *                                 with GMP when an alert occurs.
  * @param[in]  skip_db_check       Skip DB check.
  * @param[in]  check_encryption_key  Check encryption key if doing DB check.
+ * @param[in]  avoid_db_check_inserts  Whether to avoid inserts in DB check.
  *
  * @return 0 success, -1 error, -2 database is too old,
  *         -4 max_ips_per_target out of range, -5 database is too new.
@@ -16888,7 +16919,8 @@ init_manage_internal (GSList *log_config,
                       int stop_tasks,
                       manage_connection_forker_t fork_connection,
                       int skip_db_check,
-                      int check_encryption_key)
+                      int check_encryption_key,
+                      int avoid_db_check_inserts)
 {
   int ret;
 
@@ -16974,7 +17006,7 @@ init_manage_internal (GSList *log_config,
        *   2 a helper processes (--create-user, --get-users, etc) when the
        *     main process is not running. */
 
-      ret = check_db (check_encryption_key);
+      ret = check_db (check_encryption_key, avoid_db_check_inserts);
       if (ret)
         return ret;
 
@@ -16982,8 +17014,10 @@ init_manage_internal (GSList *log_config,
 
       /* Set max_hosts in db, so database server side can access it. */
 
-      sql ("DELETE FROM meta WHERE name = 'max_hosts';");
-      sql ("INSERT INTO meta (name, value) VALUES ('max_hosts', %i);", max_hosts);
+      sql ("INSERT INTO meta (name, value)"
+           " VALUES ('max_hosts', %i)"
+           " ON CONFLICT (name) DO UPDATE SET value = EXCLUDED.value;",
+           max_hosts);
     }
 
   if (stop_tasks)
@@ -16997,7 +17031,7 @@ init_manage_internal (GSList *log_config,
 
   if (skip_db_check == 0)
     /* Requires NVT cache. */
-    check_db_configs ();
+    check_db_configs (avoid_db_check_inserts);
 
   sql_close ();
   gvmd_db_conn_info.name = database->name ? g_strdup (database->name) : NULL;
@@ -17051,7 +17085,8 @@ init_manage (GSList *log_config, const db_conn_info_t *database,
                                1,  /* Stop active tasks. */
                                fork_connection,
                                skip_db_check,
-                               1); /* Check encryption key if checking db. */
+                               1, /* Check encryption key if checking db. */
+                               0  /* Do not avoid inserts if checking db. */); 
 }
 
 /**
@@ -17063,7 +17098,8 @@ init_manage (GSList *log_config, const db_conn_info_t *database,
  *
  * @param[in]  log_config      Log configuration.
  * @param[in]  database        Location of database.
- * @param[in]  max_ips_per_target  Max number of IPs per target.
+ * @param[in]  max_ips_per_target   Max number of IPs per target.
+ * @param[in]  avoid_db_check_inserts  Whether to avoid inserts in DB check.
  *
  * @return 0 success, -1 error, -2 database is too old, -3 database needs
  *         to be initialised from server, -4 max_ips_per_target out of range,
@@ -17071,7 +17107,7 @@ init_manage (GSList *log_config, const db_conn_info_t *database,
  */
 int
 init_manage_helper (GSList *log_config, const db_conn_info_t *database,
-                    int max_ips_per_target)
+                    int max_ips_per_target, int avoid_db_check_inserts)
 {
   return init_manage_internal (log_config,
                                database,
@@ -17088,7 +17124,8 @@ init_manage_helper (GSList *log_config, const db_conn_info_t *database,
                                lockfile_locked ("gvm-serving")
                                 ? 1    /* Skip DB check. */
                                 : 0,   /* Do DB check. */
-                               0);  /* Dummy. */
+                               0, /* Dummy. */
+                               avoid_db_check_inserts);  
 }
 
 /**
@@ -40245,7 +40282,8 @@ manage_create_scanner (GSList *log_config, const db_conn_info_t *database,
 
   g_info ("   Creating scanner.");
 
-  ret = manage_option_setup (log_config, database);
+  ret = manage_option_setup (log_config, database,
+                             0 /* avoid_db_check_inserts */);
   if (ret)
     return ret;
 
@@ -40434,7 +40472,8 @@ manage_delete_scanner (GSList *log_config, const db_conn_info_t *database,
       return 3;
     }
 
-  ret = manage_option_setup (log_config, database);
+  ret = manage_option_setup (log_config, database,
+                             0 /* avoid_db_check_inserts */);
   if (ret)
     return ret;
 
@@ -40502,7 +40541,8 @@ manage_modify_scanner (GSList *log_config, const db_conn_info_t *database,
 
   g_info ("   Modifying scanner.");
 
-  ret = manage_option_setup (log_config, database);
+  ret = manage_option_setup (log_config, database,
+                             0 /* avoid_db_check_inserts */);
   if (ret)
     return ret;
 
@@ -40721,7 +40761,8 @@ manage_verify_scanner (GSList *log_config, const db_conn_info_t *database,
 
   g_info ("   Verifying scanner.");
 
-  ret = manage_option_setup (log_config, database);
+  ret = manage_option_setup (log_config, database,
+                             0 /* avoid_db_check_inserts */);
   if (ret)
     return ret;
 
@@ -42206,7 +42247,8 @@ manage_get_scanners (GSList *log_config, const db_conn_info_t *database)
 
   g_info ("   Getting scanners.");
 
-  ret = manage_option_setup (log_config, database);
+  ret = manage_option_setup (log_config, database,
+                             0 /* avoid_db_check_inserts */);
   if (ret)
     return ret;
 
@@ -46145,7 +46187,8 @@ manage_get_roles (GSList *log_config, const db_conn_info_t *database,
 
   g_info ("   Getting roles.");
 
-  ret = manage_option_setup (log_config, database);
+  ret = manage_option_setup (log_config, database,
+                             0 /* avoid_db_check_inserts */);
   if (ret)
     return ret;
 
@@ -52790,7 +52833,8 @@ manage_modify_setting (GSList *log_config, const db_conn_info_t *database,
       return 3;
     }
 
-  ret = manage_option_setup (log_config, database);
+  ret = manage_option_setup (log_config, database,
+                             0 /* avoid_db_check_inserts */);
   if (ret)
     return ret;
 
@@ -52944,7 +52988,8 @@ manage_create_user (GSList *log_config, const db_conn_info_t *database,
 
   g_info ("   Creating user.");
 
-  ret = manage_option_setup (log_config, database);
+  ret = manage_option_setup (log_config, database,
+                             0 /* avoid_db_check_inserts */);
   if (ret)
     return ret;
 
@@ -53034,7 +53079,8 @@ manage_delete_user (GSList *log_config, const db_conn_info_t *database,
 
   g_info ("   Deleting user.");
 
-  ret = manage_option_setup (log_config, database);
+  ret = manage_option_setup (log_config, database,
+                             0 /* avoid_db_check_inserts */);
   if (ret)
     return ret;
 
@@ -53099,7 +53145,8 @@ manage_get_users (GSList *log_config, const db_conn_info_t *database,
 
   g_info ("   Getting users.");
 
-  ret = manage_option_setup (log_config, database);
+  ret = manage_option_setup (log_config, database,
+                             0 /* avoid_db_check_inserts */);
   if (ret)
     return ret;
 
@@ -53203,7 +53250,8 @@ manage_set_password (GSList *log_config, const db_conn_info_t *database,
       return -1;
     }
 
-  ret = manage_option_setup (log_config, database);
+  ret = manage_option_setup (log_config, database,
+                             0 /* avoid_db_check_inserts */);
   if (ret)
     return ret;
 
@@ -58214,7 +58262,15 @@ manage_optimize (GSList *log_config, const db_conn_info_t *database,
       return 1;
     }
 
-  ret = manage_option_setup (log_config, database);
+  int avoid_db_check_inserts = 0;
+  /* The optimize=cleanup-sequences option may be used if a sequence has
+   * already reached its maximum value, so avoid any inserts that may cause
+   * a sequence maximum error. *
+   */
+  if (strcasecmp (name, "cleanup-sequences") == 0)
+    avoid_db_check_inserts = 1;
+  
+  ret = manage_option_setup (log_config, database, avoid_db_check_inserts);
   if (ret)
     return ret;
 
diff --git a/src/manage_sql.h b/src/manage_sql.h
index c98e15adc..d24868e61 100644
--- a/src/manage_sql.h
+++ b/src/manage_sql.h
@@ -448,7 +448,7 @@ void
 check_alerts ();
 
 int
-manage_option_setup (GSList *, const db_conn_info_t *);
+manage_option_setup (GSList *, const db_conn_info_t *, int);
 
 void
 manage_option_cleanup ();
diff --git a/src/manage_sql_configs.c b/src/manage_sql_configs.c
index 28e2bb10e..07e25734e 100644
--- a/src/manage_sql_configs.c
+++ b/src/manage_sql_configs.c
@@ -4532,12 +4532,17 @@ update_config (config_t config, const gchar *name,
 
 /**
  * @brief Check configs, for startup.
+ *
+ * @param[in] avoid_db_check_inserts  Whether to avoid inserts.
  */
 void
-check_db_configs ()
+check_db_configs (int avoid_db_check_inserts)
 {
   migrate_predefined_configs ();
 
+  if (avoid_db_check_inserts)
+    return;
+
   if (sync_configs_with_feed (FALSE) <= -1)
     g_warning ("%s: Failed to sync configs with feed", __func__);
 
diff --git a/src/manage_sql_configs.h b/src/manage_sql_configs.h
index 888d4e4fb..901878423 100644
--- a/src/manage_sql_configs.h
+++ b/src/manage_sql_configs.h
@@ -97,7 +97,7 @@ update_config (config_t, const gchar *, const gchar *, const gchar *,
                int, const array_t*, const array_t*, const gchar *);
 
 void
-check_db_configs ();
+check_db_configs (int);
 
 void
 check_whole_only_in_configs ();
diff --git a/src/manage_sql_nvts.c b/src/manage_sql_nvts.c
index 04e9cf3c8..73aab286c 100644
--- a/src/manage_sql_nvts.c
+++ b/src/manage_sql_nvts.c
@@ -2654,7 +2654,8 @@ manage_rebuild (GSList *log_config, const db_conn_info_t *database)
         return -1;
     }
 
-  ret = manage_option_setup (log_config, database);
+  ret = manage_option_setup (log_config, database,
+                             0 /* avoid_db_check_inserts */);
   if (ret)
     {
       feed_lockfile_unlock (&lockfile);
@@ -2727,7 +2728,8 @@ manage_dump_vt_verification (GSList *log_config,
         return -1;
     }
 
-  ret = manage_option_setup (log_config, database);
+  ret = manage_option_setup (log_config, database,
+                             0 /* avoid_db_check_inserts */);
   if (ret)
     {
       feed_lockfile_unlock (&lockfile);
diff --git a/src/manage_sql_port_lists.c b/src/manage_sql_port_lists.c
index c24abaea6..b56b9fcc2 100644
--- a/src/manage_sql_port_lists.c
+++ b/src/manage_sql_port_lists.c
@@ -2652,12 +2652,17 @@ update_port_list (port_list_t port_list, const gchar *name,
 
 /**
  * @brief Check port lists, for startup.
+ *
+ * @param[in]  avoid_db_check_inserts  Whether to avoid inserts.
  */
 void
-check_db_port_lists ()
+check_db_port_lists (int avoid_db_check_inserts)
 {
   migrate_predefined_port_lists ();
 
+  if (avoid_db_check_inserts)
+    return;
+
   if (sync_port_lists_with_feed (FALSE) <= -1)
     g_warning ("%s: Failed to sync port lists with feed", __func__);
 
diff --git a/src/manage_sql_report_formats.c b/src/manage_sql_report_formats.c
index becfcb4c5..0a1b49b39 100644
--- a/src/manage_sql_report_formats.c
+++ b/src/manage_sql_report_formats.c
@@ -4895,16 +4895,21 @@ check_db_trash_report_formats ()
 /**
  * @brief Ensure the predefined report formats exist.
  *
+ * @param[in]  avoid_db_check_inserts  Whether to avoid inserts.
+ *
  * @return 0 success, -1 error.
  */
 int
-check_db_report_formats ()
+check_db_report_formats (int avoid_db_check_inserts)
 {
   if (migrate_predefined_report_formats ())
     return -1;
 
-  if (sync_report_formats_with_feed (FALSE) <= -1)
-    g_warning ("%s: Failed to sync report formats with feed", __func__);
+  if (avoid_db_check_inserts == 0)
+    {
+      if (sync_report_formats_with_feed (FALSE) <= -1)
+        g_warning ("%s: Failed to sync report formats with feed", __func__);
+    }
 
   if (check_db_trash_report_formats ())
     return -1;
diff --git a/src/manage_sql_report_formats.h b/src/manage_sql_report_formats.h
index 1ea556752..de7a04be2 100644
--- a/src/manage_sql_report_formats.h
+++ b/src/manage_sql_report_formats.h
@@ -83,7 +83,7 @@ int
 migrate_predefined_report_formats ();
 
 int
-check_db_report_formats ();
+check_db_report_formats (int);
 
 int
 check_db_report_formats_trash ();
diff --git a/src/manage_sql_secinfo.c b/src/manage_sql_secinfo.c
index 48cf21772..c80247780 100644
--- a/src/manage_sql_secinfo.c
+++ b/src/manage_sql_secinfo.c
@@ -5754,7 +5754,8 @@ manage_rebuild_scap (GSList *log_config, const db_conn_info_t *database)
 
   g_info ("   Rebuilding SCAP data");
 
-  ret = manage_option_setup (log_config, database);
+  ret = manage_option_setup (log_config, database,
+                             0 /* avoid_db_check_inserts */);
   if (ret)
     return -1;
 

From 16ef4c47e64a39de8cbd7c245d827b68a8fc50f1 Mon Sep 17 00:00:00 2001
From: Timo Pollmeier <timo.pollmeier@greenbone.net>
Date: Thu, 28 Nov 2024 10:09:42 +0100
Subject: [PATCH 129/134] Add: New Kerberos credential type

The new type "krb5" is added to the create_credential, modify_credential
and get_credentials commands.

This will later be usable in scan targets for Kerberos 5 authentication.
---
 src/gmp.c                         | 67 +++++++++++++++++++++++++++
 src/manage.c                      |  2 +
 src/manage.h                      | 10 +++-
 src/manage_sql.c                  | 77 +++++++++++++++++++++++++++----
 src/schema_formats/XML/GMP.xml.in | 40 ++++++++++++++++
 5 files changed, 185 insertions(+), 11 deletions(-)

diff --git a/src/gmp.c b/src/gmp.c
index 2084b8a6a..231e40eaa 100644
--- a/src/gmp.c
+++ b/src/gmp.c
@@ -449,6 +449,7 @@ typedef struct
   char *certificate;       ///< Certificate for client certificate auth.
   char *comment;           ///< Comment.
   char *copy;              ///< UUID of resource to copy.
+  char *kdc;               ///< Kerberos KDC (key distribution centers).
   int key;                 ///< Whether the command included a key element.
   char *key_phrase;        ///< Passphrase for key.
   char *key_private;       ///< Private key from key.
@@ -460,6 +461,7 @@ typedef struct
   char *auth_algorithm;    ///< SNMP Authentication algorithm.
   char *privacy_password;  ///< SNMP Privacy password.
   char *privacy_algorithm; ///< SNMP Privacy algorithm.
+  char *realm;             ///< Kerberos realm.
   char *type;              ///< Type of credential.
 } create_credential_data_t;
 
@@ -475,6 +477,7 @@ create_credential_data_reset (create_credential_data_t *data)
   free (data->certificate);
   free (data->comment);
   free (data->copy);
+  free (data->kdc);
   free (data->key_phrase);
   free (data->key_private);
   free (data->key_public);
@@ -485,6 +488,7 @@ create_credential_data_reset (create_credential_data_t *data)
   free (data->auth_algorithm);
   free (data->privacy_password);
   free (data->privacy_algorithm);
+  free (data->realm);
   free (data->type);
 
   memset (data, 0, sizeof (create_credential_data_t));
@@ -2515,6 +2519,7 @@ typedef struct
   char *comment;              ///< Comment.
   char *community;            ///< SNMP Community string.
   char *credential_id;        ///< ID of credential to modify.
+  char *kdc;                  ///< Kerberos KDC (key distribution centers).
   int key;                    ///< Whether the command included a key element.
   char *key_phrase;           ///< Passphrase for key.
   char *key_private;          ///< Private key from key.
@@ -2524,6 +2529,7 @@ typedef struct
   char *password;             ///< Password associated with login name.
   char *privacy_algorithm;    ///< SNMP Privacy algorithm.
   char *privacy_password;     ///< SNMP Privacy password.
+  char *realm;                ///< Kerberos realm.
 } modify_credential_data_t;
 
 /**
@@ -2540,6 +2546,7 @@ modify_credential_data_reset (modify_credential_data_t *data)
   free (data->comment);
   free (data->community);
   free (data->credential_id);
+  free (data->kdc);
   free (data->key_phrase);
   free (data->key_private);
   free (data->key_public);
@@ -2548,6 +2555,7 @@ modify_credential_data_reset (modify_credential_data_t *data)
   free (data->password);
   free (data->privacy_algorithm);
   free (data->privacy_password);
+  free (data->realm);
 
   memset (data, 0, sizeof (modify_credential_data_t));
 }
@@ -4088,6 +4096,7 @@ typedef enum
   CLIENT_CREATE_CREDENTIAL_COMMENT,
   CLIENT_CREATE_CREDENTIAL_COMMUNITY,
   CLIENT_CREATE_CREDENTIAL_COPY,
+  CLIENT_CREATE_CREDENTIAL_KDC,
   CLIENT_CREATE_CREDENTIAL_KEY,
   CLIENT_CREATE_CREDENTIAL_KEY_PHRASE,
   CLIENT_CREATE_CREDENTIAL_KEY_PRIVATE,
@@ -4098,6 +4107,7 @@ typedef enum
   CLIENT_CREATE_CREDENTIAL_PRIVACY,
   CLIENT_CREATE_CREDENTIAL_PRIVACY_ALGORITHM,
   CLIENT_CREATE_CREDENTIAL_PRIVACY_PASSWORD,
+  CLIENT_CREATE_CREDENTIAL_REALM,
   CLIENT_CREATE_CREDENTIAL_TYPE,
   CLIENT_CREATE_FILTER,
   CLIENT_CREATE_FILTER_COMMENT,
@@ -4420,6 +4430,7 @@ typedef enum
   CLIENT_MODIFY_CREDENTIAL_CERTIFICATE,
   CLIENT_MODIFY_CREDENTIAL_COMMENT,
   CLIENT_MODIFY_CREDENTIAL_COMMUNITY,
+  CLIENT_MODIFY_CREDENTIAL_KDC,
   CLIENT_MODIFY_CREDENTIAL_KEY,
   CLIENT_MODIFY_CREDENTIAL_KEY_PHRASE,
   CLIENT_MODIFY_CREDENTIAL_KEY_PRIVATE,
@@ -4430,6 +4441,7 @@ typedef enum
   CLIENT_MODIFY_CREDENTIAL_PRIVACY,
   CLIENT_MODIFY_CREDENTIAL_PRIVACY_ALGORITHM,
   CLIENT_MODIFY_CREDENTIAL_PRIVACY_PASSWORD,
+  CLIENT_MODIFY_CREDENTIAL_REALM,
   CLIENT_MODIFY_FILTER,
   CLIENT_MODIFY_FILTER_COMMENT,
   CLIENT_MODIFY_FILTER_NAME,
@@ -6283,6 +6295,10 @@ gmp_xml_handle_start_element (/* unused */ GMarkupParseContext* context,
             gvm_append_string (&modify_credential_data->community, "");
             set_client_state (CLIENT_MODIFY_CREDENTIAL_COMMUNITY);
           }
+        else if (strcasecmp ("KDC", element_name) == 0)
+          {
+            set_client_state (CLIENT_MODIFY_CREDENTIAL_KDC);
+          }
         else if (strcasecmp ("KEY", element_name) == 0)
           {
             modify_credential_data->key = 1;
@@ -6302,6 +6318,10 @@ gmp_xml_handle_start_element (/* unused */ GMarkupParseContext* context,
             gvm_append_string (&modify_credential_data->privacy_algorithm,
                                    "");
           }
+        else if (strcasecmp ("REALM", element_name) == 0)
+          {
+            set_client_state (CLIENT_MODIFY_CREDENTIAL_REALM);
+          }
         ELSE_READ_OVER;
 
       case CLIENT_MODIFY_CREDENTIAL_KEY:
@@ -6962,6 +6982,8 @@ gmp_xml_handle_start_element (/* unused */ GMarkupParseContext* context,
           set_client_state (CLIENT_CREATE_CREDENTIAL_COMMENT);
         else if (strcasecmp ("COMMUNITY", element_name) == 0)
           set_client_state (CLIENT_CREATE_CREDENTIAL_COMMUNITY);
+        else if (strcasecmp ("KDC", element_name) == 0)
+          set_client_state (CLIENT_CREATE_CREDENTIAL_KDC);
         else if (strcasecmp ("KEY", element_name) == 0)
           {
             create_credential_data->key = 1;
@@ -6980,6 +7002,8 @@ gmp_xml_handle_start_element (/* unused */ GMarkupParseContext* context,
           }
         else if (strcasecmp ("PRIVACY", element_name) == 0)
           set_client_state (CLIENT_CREATE_CREDENTIAL_PRIVACY);
+        else if (strcasecmp ("REALM", element_name) == 0)
+          set_client_state (CLIENT_CREATE_CREDENTIAL_REALM);
         else if (strcasecmp ("TYPE", element_name) == 0)
           set_client_state (CLIENT_CREATE_CREDENTIAL_TYPE);
         ELSE_READ_OVER;
@@ -12338,6 +12362,19 @@ handle_get_credentials (gmp_parser_t *gmp_parser, GError **error)
       SEND_TO_CLIENT_OR_FAIL (formats_xml);
       g_free (formats_xml);
 
+      if (type && (strcmp (type, "krb5") == 0))
+        {
+          const char *kdc, *realm;
+          kdc = credential_iterator_kdc (&credentials);
+          realm = credential_iterator_realm (&credentials);
+
+          SENDF_TO_CLIENT_OR_FAIL
+           ("<kdc>%s</kdc>"
+            "<realm>%s</realm>",
+            kdc ? kdc : "",
+            realm ? realm : "");
+        }
+
       if (type && (strcmp (type, "snmp") == 0))
         {
           const char *auth_algorithm, *privacy_algorithm;
@@ -21333,6 +21370,8 @@ gmp_xml_handle_end_element (/* unused */ GMarkupParseContext* context,
                          create_credential_data->auth_algorithm,
                          create_credential_data->privacy_password,
                          create_credential_data->privacy_algorithm,
+                         create_credential_data->kdc,
+                         create_credential_data->realm,
                          create_credential_data->type,
                          create_credential_data->allow_insecure,
                          &new_credential))
@@ -21440,6 +21479,16 @@ gmp_xml_handle_end_element (/* unused */ GMarkupParseContext* context,
                  (XML_ERROR_SYNTAX ("create_credential",
                                     "Cannot determine type for new credential"));
                 break;
+              case 19:
+                SEND_TO_CLIENT_OR_FAIL
+                 (XML_ERROR_SYNTAX ("create_credential",
+                                    "Selected type requires a kdc"));
+                break;
+              case 20:
+                SEND_TO_CLIENT_OR_FAIL
+                 (XML_ERROR_SYNTAX ("create_credential",
+                                    "Selected type requires a realm"));
+                break;
               case 99:
                 SEND_TO_CLIENT_OR_FAIL
                  (XML_ERROR_SYNTAX ("create_credential",
@@ -21462,6 +21511,7 @@ gmp_xml_handle_end_element (/* unused */ GMarkupParseContext* context,
       CLOSE (CLIENT_CREATE_CREDENTIAL, COMMENT);
       CLOSE (CLIENT_CREATE_CREDENTIAL, COMMUNITY);
       CLOSE (CLIENT_CREATE_CREDENTIAL, COPY);
+      CLOSE (CLIENT_CREATE_CREDENTIAL, KDC);
       CLOSE (CLIENT_CREATE_CREDENTIAL, KEY);
       CLOSE (CLIENT_CREATE_CREDENTIAL_KEY, PHRASE);
       CLOSE (CLIENT_CREATE_CREDENTIAL_KEY, PRIVATE);
@@ -21472,6 +21522,7 @@ gmp_xml_handle_end_element (/* unused */ GMarkupParseContext* context,
       CLOSE (CLIENT_CREATE_CREDENTIAL, PRIVACY);
       CLOSE (CLIENT_CREATE_CREDENTIAL_PRIVACY, ALGORITHM);
       CLOSE (CLIENT_CREATE_CREDENTIAL_PRIVACY, PASSWORD);
+      CLOSE (CLIENT_CREATE_CREDENTIAL, REALM);
       CLOSE (CLIENT_CREATE_CREDENTIAL, TYPE);
 
       case CLIENT_CREATE_FILTER:
@@ -24527,6 +24578,8 @@ gmp_xml_handle_end_element (/* unused */ GMarkupParseContext* context,
                     modify_credential_data->auth_algorithm,
                     modify_credential_data->privacy_password,
                     modify_credential_data->privacy_algorithm,
+                    modify_credential_data->kdc,
+                    modify_credential_data->realm,
                     modify_credential_data->allow_insecure))
             {
               case 0:
@@ -24649,6 +24702,7 @@ gmp_xml_handle_end_element (/* unused */ GMarkupParseContext* context,
       CLOSE (CLIENT_MODIFY_CREDENTIAL, CERTIFICATE);
       CLOSE (CLIENT_MODIFY_CREDENTIAL, COMMENT);
       CLOSE (CLIENT_MODIFY_CREDENTIAL, COMMUNITY);
+      CLOSE (CLIENT_MODIFY_CREDENTIAL, KDC);
       CLOSE (CLIENT_MODIFY_CREDENTIAL, KEY);
       CLOSE (CLIENT_MODIFY_CREDENTIAL_KEY, PHRASE);
       CLOSE (CLIENT_MODIFY_CREDENTIAL_KEY, PRIVATE);
@@ -24659,6 +24713,7 @@ gmp_xml_handle_end_element (/* unused */ GMarkupParseContext* context,
       CLOSE (CLIENT_MODIFY_CREDENTIAL, PRIVACY);
       CLOSE (CLIENT_MODIFY_CREDENTIAL_PRIVACY, ALGORITHM);
       CLOSE (CLIENT_MODIFY_CREDENTIAL_PRIVACY, PASSWORD);
+      CLOSE (CLIENT_MODIFY_CREDENTIAL, REALM);
 
       case CLIENT_MODIFY_FILTER:
         {
@@ -27309,6 +27364,9 @@ gmp_xml_handle_text (/* unused */ GMarkupParseContext* context,
       APPEND (CLIENT_MODIFY_CREDENTIAL_COMMUNITY,
               &modify_credential_data->community);
 
+      APPEND (CLIENT_MODIFY_CREDENTIAL_KDC,
+              &modify_credential_data->kdc);
+
       APPEND (CLIENT_MODIFY_CREDENTIAL_KEY_PHRASE,
               &modify_credential_data->key_phrase);
 
@@ -27333,6 +27391,9 @@ gmp_xml_handle_text (/* unused */ GMarkupParseContext* context,
       APPEND (CLIENT_MODIFY_CREDENTIAL_PRIVACY_PASSWORD,
               &modify_credential_data->privacy_password);
 
+      APPEND (CLIENT_MODIFY_CREDENTIAL_REALM,
+              &modify_credential_data->realm);
+
 
       case CLIENT_MODIFY_REPORT_CONFIG:
         modify_report_config_element_text (text, text_len);
@@ -27440,6 +27501,9 @@ gmp_xml_handle_text (/* unused */ GMarkupParseContext* context,
       APPEND (CLIENT_CREATE_CREDENTIAL_COPY,
               &create_credential_data->copy);
 
+      APPEND (CLIENT_CREATE_CREDENTIAL_KDC,
+              &create_credential_data->kdc);
+
       APPEND (CLIENT_CREATE_CREDENTIAL_KEY_PHRASE,
               &create_credential_data->key_phrase);
 
@@ -27464,6 +27528,9 @@ gmp_xml_handle_text (/* unused */ GMarkupParseContext* context,
       APPEND (CLIENT_CREATE_CREDENTIAL_PRIVACY_PASSWORD,
               &create_credential_data->privacy_password);
 
+      APPEND (CLIENT_CREATE_CREDENTIAL_REALM,
+              &create_credential_data->realm);
+
       APPEND (CLIENT_CREATE_CREDENTIAL_TYPE,
               &create_credential_data->type);
 
diff --git a/src/manage.c b/src/manage.c
index c194bae68..682124c79 100644
--- a/src/manage.c
+++ b/src/manage.c
@@ -4416,6 +4416,8 @@ credential_full_type (const char* abbreviation)
     return NULL;
   else if (strcasecmp (abbreviation, "cc") == 0)
     return "client certificate";
+  else if (strcasecmp (abbreviation, "krb5") == 0)
+    return "Kerberos 5";
   else if (strcasecmp (abbreviation, "pw") == 0)
     return "password only";
   else if (strcasecmp (abbreviation, "snmp") == 0)
diff --git a/src/manage.h b/src/manage.h
index 0285d708d..ea42e6154 100644
--- a/src/manage.h
+++ b/src/manage.h
@@ -2293,7 +2293,7 @@ int
 create_credential (const char*, const char*, const char*, const char*,
                    const char*, const char*, const char*, const char*,
                    const char*, const char*, const char*, const char*,
-                   const char*, credential_t*);
+                   const char*, const char*, const char*, credential_t*);
 
 int
 copy_credential (const char*, const char*, const char*,
@@ -2303,7 +2303,7 @@ int
 modify_credential (const char*, const char*, const char*, const char*,
                    const char*, const char*, const char*, const char*,
                    const char*, const char*, const char*, const char*,
-                   const char*);
+                   const char*, const char*, const char*);
 
 int
 delete_credential (const char *, int);
@@ -2344,6 +2344,12 @@ credential_iterator_privacy_password (iterator_t*);
 const char*
 credential_iterator_public_key (iterator_t*);
 
+const char*
+credential_iterator_kdc (iterator_t*);
+
+const char*
+credential_iterator_realm (iterator_t*);
+
 const char*
 credential_iterator_private_key (iterator_t*);
 
diff --git a/src/manage_sql.c b/src/manage_sql.c
index 945ae9aa0..af10ceb59 100644
--- a/src/manage_sql.c
+++ b/src/manage_sql.c
@@ -35670,6 +35670,8 @@ validate_credential_username_for_format (const gchar *username,
  * @param[in]  auth_algorithm     SNMP authentication algorithm, or NULL.
  * @param[in]  privacy_password   SNMP privacy password.
  * @param[in]  privacy_algorithm  SNMP privacy algorithm.
+ * @param[in]  kdc             Kerberos KDC (key distribution centers).
+ * @param[in]  realm           Kerberos realm.
  * @param[in]  given_type      Credential type or NULL.
  * @param[in]  allow_insecure  Whether to allow insecure uses.
  * @param[out] credential      Created Credential.
@@ -35683,6 +35685,7 @@ validate_credential_username_for_format (const gchar *username,
  *         14 privacy algorithm missing,
  *         15 invalid auth algorithm, 16 invalid privacy algorithm,
  *         17 invalid certificate, 18 cannot determine type,
+ *         19 key distribution center missing, 20 realm missing,
  *         99 permission denied, -1 error.
  */
 int
@@ -35692,6 +35695,7 @@ create_credential (const char* name, const char* comment, const char* login,
                    const char* certificate, const char* community,
                    const char* auth_algorithm, const char* privacy_password,
                    const char* privacy_algorithm,
+                   const char* kdc, const char *realm,
                    const char* given_type, const char* allow_insecure,
                    credential_t *credential)
 {
@@ -35738,7 +35742,8 @@ create_credential (const char* name, const char* comment, const char* login,
           && strcmp (given_type, "snmp")
           && strcmp (given_type, "smime")
           && strcmp (given_type, "up")
-          && strcmp (given_type, "usk"))
+          && strcmp (given_type, "usk")
+          && strcmp (given_type, "krb5"))
         {
           sql_rollback ();
           return 4;
@@ -35753,6 +35758,8 @@ create_credential (const char* name, const char* comment, const char* login,
     quoted_type = g_strdup ("cc");
   else if (login && key_private)
     quoted_type = g_strdup ("usk");
+  else if (login && given_password && (realm || kdc))
+    quoted_type = g_strdup ("krb5");
   else if (login && given_password)
     quoted_type = g_strdup ("up");
   else if (login && key_private == NULL && given_password == NULL)
@@ -35773,7 +35780,8 @@ create_credential (const char* name, const char* comment, const char* login,
       && (strcmp (quoted_type, "cc") == 0
           || strcmp (quoted_type, "pgp") == 0
           || strcmp (quoted_type, "smime") == 0
-          || strcmp (quoted_type, "snmp") == 0))
+          || strcmp (quoted_type, "snmp") == 0
+          || strcmp (quoted_type, "krb5") == 0))
     ret = 10; // Type does not support autogenerate
 
   using_snmp_v3 = 0;
@@ -35787,7 +35795,8 @@ create_credential (const char* name, const char* comment, const char* login,
     ret = 5;
   else if (given_password == NULL && auto_generate == 0
            && (strcmp (quoted_type, "up") == 0
-               || strcmp (quoted_type, "pw") == 0))
+               || strcmp (quoted_type, "pw") == 0
+               || strcmp (quoted_type, "krb5") == 0))
       // (username) password requires a password
     ret = 6;
   else if (key_private == NULL && auto_generate == 0
@@ -35801,6 +35810,12 @@ create_credential (const char* name, const char* comment, const char* login,
   else if (key_public == NULL && auto_generate == 0
            && strcmp (quoted_type, "pgp") == 0)
     ret = 9;
+  else if (kdc == NULL && auto_generate == 0
+           && strcmp (quoted_type, "krb5") == 0)
+    ret = 19;
+  else if (realm == NULL && auto_generate == 0
+           && strcmp (quoted_type, "krb5") == 0)
+    ret = 20;
   else if (strcmp (quoted_type, "snmp") == 0)
     {
       if (login || given_password || auth_algorithm
@@ -35876,9 +35891,10 @@ create_credential (const char* name, const char* comment, const char* login,
                            "username", login);
     }
 
+  if (kdc)
+    set_credential_data (new_credential, "kdc", kdc);
   if (key_public)
     set_credential_data (new_credential, "public_key", key_public);
-
   if (certificate)
     {
       gchar *certificate_truncated;
@@ -35899,6 +35915,8 @@ create_credential (const char* name, const char* comment, const char* login,
   if (privacy_algorithm)
     set_credential_data (new_credential,
                          "privacy_algorithm", privacy_algorithm);
+  if (realm)
+    set_credential_data (new_credential, "realm", realm);
 
   g_free (quoted_type);
 
@@ -36177,6 +36195,8 @@ copy_credential (const char* name, const char* comment,
  * @param[in]   auth_algorithm      Authentication algorithm of Credential.
  * @param[in]   privacy_password    Privacy password of Credential.
  * @param[in]   privacy_algorithm   Privacy algorithm of Credential.
+ * @param[in]   kdc                 Kerberos KDC (key distribution centers).
+ * @param[in]   realm               Kerberos realm.
  * @param[in]   allow_insecure      Whether to allow insecure use.
  *
  * @return 0 success, 1 failed to find credential, 2 credential with new name
@@ -36196,6 +36216,7 @@ modify_credential (const char *credential_id,
                    const char* certificate,
                    const char* community, const char* auth_algorithm,
                    const char* privacy_password, const char* privacy_algorithm,
+                   const char* kdc, const char* realm,
                    const char* allow_insecure)
 {
   credential_t credential;
@@ -36471,6 +36492,15 @@ modify_credential (const char *credential_id,
         {
           set_credential_data (credential, "secret", "");
         }
+      else if (strcmp (type, "krb5") == 0)
+        {
+          if (password)
+            set_credential_password (credential, password);
+          if (kdc)
+            set_credential_data (credential, "kdc", kdc);
+          if (realm)
+            set_credential_data (credential, "realm", realm);
+        }
       else
         {
           g_warning ("%s: Unknown credential type: %s", __func__, type);
@@ -36666,6 +36696,14 @@ delete_credential (const char *credential_id, int ultimate)
      " WHERE credential = credentials.id AND type = 'public_key')",           \
      NULL,                                                                    \
      KEYWORD_TYPE_STRING },                                                   \
+   { "(SELECT value FROM credentials_data"                                    \
+     " WHERE credential = credentials.id AND type = 'kdc')"       ,           \
+     "kdc",                                                                   \
+     KEYWORD_TYPE_STRING },                                                   \
+   { "(SELECT value FROM credentials_data"                                    \
+     " WHERE credential = credentials.id AND type = 'realm')",                \
+     "realm",                                                                 \
+     KEYWORD_TYPE_STRING },                                                   \
    /* private data */                                                         \
    { "(SELECT value FROM credentials_data"                                    \
      " WHERE credential = credentials.id AND type = 'secret')",               \
@@ -37248,20 +37286,20 @@ credential_iterator_encrypted_data (iterator_t* iterator, const char* type)
 
   if (iterator->done)
     return NULL;
-  secret = iterator_string (iterator, GET_ITERATOR_COLUMN_COUNT + 7);
+  secret = iterator_string (iterator, GET_ITERATOR_COLUMN_COUNT + 9);
   if (type == NULL)
     {
       g_warning ("%s: NULL data type given", __func__);
       return NULL;
     }
   else if (strcmp (type, "password") == 0)
-    unencrypted = iterator_string (iterator, GET_ITERATOR_COLUMN_COUNT + 8);
+    unencrypted = iterator_string (iterator, GET_ITERATOR_COLUMN_COUNT + 10);
   else if (strcmp (type, "private_key") == 0)
-    unencrypted  = iterator_string (iterator, GET_ITERATOR_COLUMN_COUNT + 9);
+    unencrypted  = iterator_string (iterator, GET_ITERATOR_COLUMN_COUNT + 11);
   else if (strcmp (type, "community") == 0)
-    unencrypted  = iterator_string (iterator, GET_ITERATOR_COLUMN_COUNT + 10);
+    unencrypted  = iterator_string (iterator, GET_ITERATOR_COLUMN_COUNT + 12);
   else if (strcmp (type, "privacy_password") == 0)
-    unencrypted  = iterator_string (iterator, GET_ITERATOR_COLUMN_COUNT + 11);
+    unencrypted  = iterator_string (iterator, GET_ITERATOR_COLUMN_COUNT + 13);
   else
     {
       g_warning ("%s: unknown data type \"%s\"", __func__, type);
@@ -37362,6 +37400,27 @@ DEF_ACCESS (credential_iterator_privacy_algorithm,
 DEF_ACCESS (credential_iterator_public_key,
             GET_ITERATOR_COLUMN_COUNT + 6);
 
+/**
+ * @brief Get the key distribution center from an LSC credential iterator.
+ *
+ * @param[in]  iterator  Iterator.
+ *
+ * @return Key distribution center, or NULL if iteration is complete.  Freed by
+ *         cleanup_iterator.
+ */
+DEF_ACCESS (credential_iterator_kdc,
+            GET_ITERATOR_COLUMN_COUNT + 7);
+
+/**
+ * @brief Get the realm from an LSC credential iterator.
+ *
+ * @param[in]  iterator  Iterator.
+ *
+ * @return Realm, or NULL if iteration is complete.  Freed by cleanup_iterator.
+ */
+DEF_ACCESS (credential_iterator_realm,
+            GET_ITERATOR_COLUMN_COUNT + 8);
+
 /**
  * @brief Get the password from a Credential iterator.
  *
diff --git a/src/schema_formats/XML/GMP.xml.in b/src/schema_formats/XML/GMP.xml.in
index 986a61a21..5225f9350 100644
--- a/src/schema_formats/XML/GMP.xml.in
+++ b/src/schema_formats/XML/GMP.xml.in
@@ -3987,12 +3987,14 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
       <o><e>copy</e></o>
       <o><e>allow_insecure</e></o>
       <o><e>certificate</e></o>
+      <o><e>kdc</e></o>
       <o><e>key</e></o>
       <o><e>login</e></o>
       <o><e>password</e></o>
       <o><e>auth_algorithm</e></o>
       <o><e>community</e></o>
       <o><e>privacy</e></o>
+      <o><e>realm</e></o>
       <o><e>type</e></o>
     </pattern>
     <ele>
@@ -4028,6 +4030,11 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
         text
       </pattern>
     </ele>
+    <ele>
+      <name>kdc</name>
+      <pattern>text</pattern>
+      <summary>The Kerberos KDC (key distribution center(s))</summary>
+    </ele>
     <ele>
       <name>key</name>
       <pattern>
@@ -4114,11 +4121,17 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
         </pattern>
       </ele>
     </ele>
+    <ele>
+      <name>realm</name>
+      <pattern>text</pattern>
+      <summary>The Kerberos realm</summary>
+    </ele>
     <ele>
       <name>type</name>
       <summary>The type of credential to create</summary>
       <description>
         <p>cc: Client certificate</p>
+        <p>krb5: Kerberos 5</p>
         <p>pgp: PGP encryption key</p>
         <p>pw: Password only</p>
         <p>smime: S/MIME certificate</p>
@@ -4129,6 +4142,7 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
       <pattern>
         <alts>
           <alt>cc</alt>
+          <alt>krb5</alt>
           <alt>pgp</alt>
           <alt>pw</alt>
           <alt>smime</alt>
@@ -10911,6 +10925,8 @@ END:VCALENDAR
               <e>certificate</e>
             </or>
           </o>
+          <o><e>kdc</e></o>
+          <o><e>realm</e></o>
         </pattern>
         <ele>
           <name>owner</name>
@@ -11037,6 +11053,7 @@ END:VCALENDAR
           <summary>The type of the credential</summary>
           <description>
             <p>cc: Client certificate</p>
+            <p>krb5: Kerberos 5</p>
             <p>pgp: PGP encryption key</p>
             <p>pw: Password only</p>
             <p>smime: S/MIME certificate</p>
@@ -11047,6 +11064,7 @@ END:VCALENDAR
           <pattern>
             <alts>
               <alt>cc</alt>
+              <alt>krb5</alt>
               <alt>pgp</alt>
               <alt>pw</alt>
               <alt>smime</alt>
@@ -11199,6 +11217,16 @@ END:VCALENDAR
           <name>certificate</name>
           <pattern>text</pattern>
         </ele>
+        <ele>
+          <name>kdc</name>
+          <pattern>text</pattern>
+          <summary>The Kerberos KDC (key distribution center(s))</summary>
+        </ele>
+        <ele>
+          <name>realm</name>
+          <pattern>text</pattern>
+          <summary>The Kerberos realm</summary>
+        </ele>
       </ele>
       <ele>
         <name>filters</name>
@@ -26744,12 +26772,14 @@ END:VCALENDAR
       <o><e>name</e></o>
       <o><e>allow_insecure</e></o>
       <o><e>certificate</e></o>
+      <o><e>kdc</e></o>
       <o><e>key</e></o>
       <o><e>login</e></o>
       <o><e>password</e></o>
       <o><e>community</e></o>
       <o><e>auth_algorithm</e></o>
       <o><e>privacy</e></o>
+      <o><e>realm</e></o>
     </pattern>
     <ele>
       <name>name</name>
@@ -26777,6 +26807,11 @@ END:VCALENDAR
         text
       </pattern>
     </ele>
+    <ele>
+      <name>kdc</name>
+      <pattern>text</pattern>
+      <summary>The Kerberos KDC (key distribution center(s))</summary>
+    </ele>
     <ele>
       <name>key</name>
       <pattern>
@@ -26863,6 +26898,11 @@ END:VCALENDAR
         </pattern>
       </ele>
     </ele>
+    <ele>
+      <name>realm</name>
+      <pattern>text</pattern>
+      <summary>The Kerberos realm</summary>
+    </ele>
     <response>
       <pattern>
         <attrib>

From 5bcc39e0b4f73a85665553a3301d0aeeea2a9cb6 Mon Sep 17 00:00:00 2001
From: Timo Pollmeier <timo.pollmeier@greenbone.net>
Date: Thu, 28 Nov 2024 10:09:42 +0100
Subject: [PATCH 130/134] Add: New Kerberos credential type

The new type "krb5" is added to the create_credential, modify_credential
and get_credentials commands.

This will later be usable in scan targets for Kerberos 5 authentication.
---
 src/gmp.c                         | 67 +++++++++++++++++++++++++++
 src/manage.c                      |  2 +
 src/manage.h                      | 10 +++-
 src/manage_sql.c                  | 77 +++++++++++++++++++++++++++----
 src/schema_formats/XML/GMP.xml.in | 40 ++++++++++++++++
 5 files changed, 185 insertions(+), 11 deletions(-)

diff --git a/src/gmp.c b/src/gmp.c
index 2084b8a6a..231e40eaa 100644
--- a/src/gmp.c
+++ b/src/gmp.c
@@ -449,6 +449,7 @@ typedef struct
   char *certificate;       ///< Certificate for client certificate auth.
   char *comment;           ///< Comment.
   char *copy;              ///< UUID of resource to copy.
+  char *kdc;               ///< Kerberos KDC (key distribution centers).
   int key;                 ///< Whether the command included a key element.
   char *key_phrase;        ///< Passphrase for key.
   char *key_private;       ///< Private key from key.
@@ -460,6 +461,7 @@ typedef struct
   char *auth_algorithm;    ///< SNMP Authentication algorithm.
   char *privacy_password;  ///< SNMP Privacy password.
   char *privacy_algorithm; ///< SNMP Privacy algorithm.
+  char *realm;             ///< Kerberos realm.
   char *type;              ///< Type of credential.
 } create_credential_data_t;
 
@@ -475,6 +477,7 @@ create_credential_data_reset (create_credential_data_t *data)
   free (data->certificate);
   free (data->comment);
   free (data->copy);
+  free (data->kdc);
   free (data->key_phrase);
   free (data->key_private);
   free (data->key_public);
@@ -485,6 +488,7 @@ create_credential_data_reset (create_credential_data_t *data)
   free (data->auth_algorithm);
   free (data->privacy_password);
   free (data->privacy_algorithm);
+  free (data->realm);
   free (data->type);
 
   memset (data, 0, sizeof (create_credential_data_t));
@@ -2515,6 +2519,7 @@ typedef struct
   char *comment;              ///< Comment.
   char *community;            ///< SNMP Community string.
   char *credential_id;        ///< ID of credential to modify.
+  char *kdc;                  ///< Kerberos KDC (key distribution centers).
   int key;                    ///< Whether the command included a key element.
   char *key_phrase;           ///< Passphrase for key.
   char *key_private;          ///< Private key from key.
@@ -2524,6 +2529,7 @@ typedef struct
   char *password;             ///< Password associated with login name.
   char *privacy_algorithm;    ///< SNMP Privacy algorithm.
   char *privacy_password;     ///< SNMP Privacy password.
+  char *realm;                ///< Kerberos realm.
 } modify_credential_data_t;
 
 /**
@@ -2540,6 +2546,7 @@ modify_credential_data_reset (modify_credential_data_t *data)
   free (data->comment);
   free (data->community);
   free (data->credential_id);
+  free (data->kdc);
   free (data->key_phrase);
   free (data->key_private);
   free (data->key_public);
@@ -2548,6 +2555,7 @@ modify_credential_data_reset (modify_credential_data_t *data)
   free (data->password);
   free (data->privacy_algorithm);
   free (data->privacy_password);
+  free (data->realm);
 
   memset (data, 0, sizeof (modify_credential_data_t));
 }
@@ -4088,6 +4096,7 @@ typedef enum
   CLIENT_CREATE_CREDENTIAL_COMMENT,
   CLIENT_CREATE_CREDENTIAL_COMMUNITY,
   CLIENT_CREATE_CREDENTIAL_COPY,
+  CLIENT_CREATE_CREDENTIAL_KDC,
   CLIENT_CREATE_CREDENTIAL_KEY,
   CLIENT_CREATE_CREDENTIAL_KEY_PHRASE,
   CLIENT_CREATE_CREDENTIAL_KEY_PRIVATE,
@@ -4098,6 +4107,7 @@ typedef enum
   CLIENT_CREATE_CREDENTIAL_PRIVACY,
   CLIENT_CREATE_CREDENTIAL_PRIVACY_ALGORITHM,
   CLIENT_CREATE_CREDENTIAL_PRIVACY_PASSWORD,
+  CLIENT_CREATE_CREDENTIAL_REALM,
   CLIENT_CREATE_CREDENTIAL_TYPE,
   CLIENT_CREATE_FILTER,
   CLIENT_CREATE_FILTER_COMMENT,
@@ -4420,6 +4430,7 @@ typedef enum
   CLIENT_MODIFY_CREDENTIAL_CERTIFICATE,
   CLIENT_MODIFY_CREDENTIAL_COMMENT,
   CLIENT_MODIFY_CREDENTIAL_COMMUNITY,
+  CLIENT_MODIFY_CREDENTIAL_KDC,
   CLIENT_MODIFY_CREDENTIAL_KEY,
   CLIENT_MODIFY_CREDENTIAL_KEY_PHRASE,
   CLIENT_MODIFY_CREDENTIAL_KEY_PRIVATE,
@@ -4430,6 +4441,7 @@ typedef enum
   CLIENT_MODIFY_CREDENTIAL_PRIVACY,
   CLIENT_MODIFY_CREDENTIAL_PRIVACY_ALGORITHM,
   CLIENT_MODIFY_CREDENTIAL_PRIVACY_PASSWORD,
+  CLIENT_MODIFY_CREDENTIAL_REALM,
   CLIENT_MODIFY_FILTER,
   CLIENT_MODIFY_FILTER_COMMENT,
   CLIENT_MODIFY_FILTER_NAME,
@@ -6283,6 +6295,10 @@ gmp_xml_handle_start_element (/* unused */ GMarkupParseContext* context,
             gvm_append_string (&modify_credential_data->community, "");
             set_client_state (CLIENT_MODIFY_CREDENTIAL_COMMUNITY);
           }
+        else if (strcasecmp ("KDC", element_name) == 0)
+          {
+            set_client_state (CLIENT_MODIFY_CREDENTIAL_KDC);
+          }
         else if (strcasecmp ("KEY", element_name) == 0)
           {
             modify_credential_data->key = 1;
@@ -6302,6 +6318,10 @@ gmp_xml_handle_start_element (/* unused */ GMarkupParseContext* context,
             gvm_append_string (&modify_credential_data->privacy_algorithm,
                                    "");
           }
+        else if (strcasecmp ("REALM", element_name) == 0)
+          {
+            set_client_state (CLIENT_MODIFY_CREDENTIAL_REALM);
+          }
         ELSE_READ_OVER;
 
       case CLIENT_MODIFY_CREDENTIAL_KEY:
@@ -6962,6 +6982,8 @@ gmp_xml_handle_start_element (/* unused */ GMarkupParseContext* context,
           set_client_state (CLIENT_CREATE_CREDENTIAL_COMMENT);
         else if (strcasecmp ("COMMUNITY", element_name) == 0)
           set_client_state (CLIENT_CREATE_CREDENTIAL_COMMUNITY);
+        else if (strcasecmp ("KDC", element_name) == 0)
+          set_client_state (CLIENT_CREATE_CREDENTIAL_KDC);
         else if (strcasecmp ("KEY", element_name) == 0)
           {
             create_credential_data->key = 1;
@@ -6980,6 +7002,8 @@ gmp_xml_handle_start_element (/* unused */ GMarkupParseContext* context,
           }
         else if (strcasecmp ("PRIVACY", element_name) == 0)
           set_client_state (CLIENT_CREATE_CREDENTIAL_PRIVACY);
+        else if (strcasecmp ("REALM", element_name) == 0)
+          set_client_state (CLIENT_CREATE_CREDENTIAL_REALM);
         else if (strcasecmp ("TYPE", element_name) == 0)
           set_client_state (CLIENT_CREATE_CREDENTIAL_TYPE);
         ELSE_READ_OVER;
@@ -12338,6 +12362,19 @@ handle_get_credentials (gmp_parser_t *gmp_parser, GError **error)
       SEND_TO_CLIENT_OR_FAIL (formats_xml);
       g_free (formats_xml);
 
+      if (type && (strcmp (type, "krb5") == 0))
+        {
+          const char *kdc, *realm;
+          kdc = credential_iterator_kdc (&credentials);
+          realm = credential_iterator_realm (&credentials);
+
+          SENDF_TO_CLIENT_OR_FAIL
+           ("<kdc>%s</kdc>"
+            "<realm>%s</realm>",
+            kdc ? kdc : "",
+            realm ? realm : "");
+        }
+
       if (type && (strcmp (type, "snmp") == 0))
         {
           const char *auth_algorithm, *privacy_algorithm;
@@ -21333,6 +21370,8 @@ gmp_xml_handle_end_element (/* unused */ GMarkupParseContext* context,
                          create_credential_data->auth_algorithm,
                          create_credential_data->privacy_password,
                          create_credential_data->privacy_algorithm,
+                         create_credential_data->kdc,
+                         create_credential_data->realm,
                          create_credential_data->type,
                          create_credential_data->allow_insecure,
                          &new_credential))
@@ -21440,6 +21479,16 @@ gmp_xml_handle_end_element (/* unused */ GMarkupParseContext* context,
                  (XML_ERROR_SYNTAX ("create_credential",
                                     "Cannot determine type for new credential"));
                 break;
+              case 19:
+                SEND_TO_CLIENT_OR_FAIL
+                 (XML_ERROR_SYNTAX ("create_credential",
+                                    "Selected type requires a kdc"));
+                break;
+              case 20:
+                SEND_TO_CLIENT_OR_FAIL
+                 (XML_ERROR_SYNTAX ("create_credential",
+                                    "Selected type requires a realm"));
+                break;
               case 99:
                 SEND_TO_CLIENT_OR_FAIL
                  (XML_ERROR_SYNTAX ("create_credential",
@@ -21462,6 +21511,7 @@ gmp_xml_handle_end_element (/* unused */ GMarkupParseContext* context,
       CLOSE (CLIENT_CREATE_CREDENTIAL, COMMENT);
       CLOSE (CLIENT_CREATE_CREDENTIAL, COMMUNITY);
       CLOSE (CLIENT_CREATE_CREDENTIAL, COPY);
+      CLOSE (CLIENT_CREATE_CREDENTIAL, KDC);
       CLOSE (CLIENT_CREATE_CREDENTIAL, KEY);
       CLOSE (CLIENT_CREATE_CREDENTIAL_KEY, PHRASE);
       CLOSE (CLIENT_CREATE_CREDENTIAL_KEY, PRIVATE);
@@ -21472,6 +21522,7 @@ gmp_xml_handle_end_element (/* unused */ GMarkupParseContext* context,
       CLOSE (CLIENT_CREATE_CREDENTIAL, PRIVACY);
       CLOSE (CLIENT_CREATE_CREDENTIAL_PRIVACY, ALGORITHM);
       CLOSE (CLIENT_CREATE_CREDENTIAL_PRIVACY, PASSWORD);
+      CLOSE (CLIENT_CREATE_CREDENTIAL, REALM);
       CLOSE (CLIENT_CREATE_CREDENTIAL, TYPE);
 
       case CLIENT_CREATE_FILTER:
@@ -24527,6 +24578,8 @@ gmp_xml_handle_end_element (/* unused */ GMarkupParseContext* context,
                     modify_credential_data->auth_algorithm,
                     modify_credential_data->privacy_password,
                     modify_credential_data->privacy_algorithm,
+                    modify_credential_data->kdc,
+                    modify_credential_data->realm,
                     modify_credential_data->allow_insecure))
             {
               case 0:
@@ -24649,6 +24702,7 @@ gmp_xml_handle_end_element (/* unused */ GMarkupParseContext* context,
       CLOSE (CLIENT_MODIFY_CREDENTIAL, CERTIFICATE);
       CLOSE (CLIENT_MODIFY_CREDENTIAL, COMMENT);
       CLOSE (CLIENT_MODIFY_CREDENTIAL, COMMUNITY);
+      CLOSE (CLIENT_MODIFY_CREDENTIAL, KDC);
       CLOSE (CLIENT_MODIFY_CREDENTIAL, KEY);
       CLOSE (CLIENT_MODIFY_CREDENTIAL_KEY, PHRASE);
       CLOSE (CLIENT_MODIFY_CREDENTIAL_KEY, PRIVATE);
@@ -24659,6 +24713,7 @@ gmp_xml_handle_end_element (/* unused */ GMarkupParseContext* context,
       CLOSE (CLIENT_MODIFY_CREDENTIAL, PRIVACY);
       CLOSE (CLIENT_MODIFY_CREDENTIAL_PRIVACY, ALGORITHM);
       CLOSE (CLIENT_MODIFY_CREDENTIAL_PRIVACY, PASSWORD);
+      CLOSE (CLIENT_MODIFY_CREDENTIAL, REALM);
 
       case CLIENT_MODIFY_FILTER:
         {
@@ -27309,6 +27364,9 @@ gmp_xml_handle_text (/* unused */ GMarkupParseContext* context,
       APPEND (CLIENT_MODIFY_CREDENTIAL_COMMUNITY,
               &modify_credential_data->community);
 
+      APPEND (CLIENT_MODIFY_CREDENTIAL_KDC,
+              &modify_credential_data->kdc);
+
       APPEND (CLIENT_MODIFY_CREDENTIAL_KEY_PHRASE,
               &modify_credential_data->key_phrase);
 
@@ -27333,6 +27391,9 @@ gmp_xml_handle_text (/* unused */ GMarkupParseContext* context,
       APPEND (CLIENT_MODIFY_CREDENTIAL_PRIVACY_PASSWORD,
               &modify_credential_data->privacy_password);
 
+      APPEND (CLIENT_MODIFY_CREDENTIAL_REALM,
+              &modify_credential_data->realm);
+
 
       case CLIENT_MODIFY_REPORT_CONFIG:
         modify_report_config_element_text (text, text_len);
@@ -27440,6 +27501,9 @@ gmp_xml_handle_text (/* unused */ GMarkupParseContext* context,
       APPEND (CLIENT_CREATE_CREDENTIAL_COPY,
               &create_credential_data->copy);
 
+      APPEND (CLIENT_CREATE_CREDENTIAL_KDC,
+              &create_credential_data->kdc);
+
       APPEND (CLIENT_CREATE_CREDENTIAL_KEY_PHRASE,
               &create_credential_data->key_phrase);
 
@@ -27464,6 +27528,9 @@ gmp_xml_handle_text (/* unused */ GMarkupParseContext* context,
       APPEND (CLIENT_CREATE_CREDENTIAL_PRIVACY_PASSWORD,
               &create_credential_data->privacy_password);
 
+      APPEND (CLIENT_CREATE_CREDENTIAL_REALM,
+              &create_credential_data->realm);
+
       APPEND (CLIENT_CREATE_CREDENTIAL_TYPE,
               &create_credential_data->type);
 
diff --git a/src/manage.c b/src/manage.c
index f9e0899c4..1878928ba 100644
--- a/src/manage.c
+++ b/src/manage.c
@@ -4418,6 +4418,8 @@ credential_full_type (const char* abbreviation)
     return NULL;
   else if (strcasecmp (abbreviation, "cc") == 0)
     return "client certificate";
+  else if (strcasecmp (abbreviation, "krb5") == 0)
+    return "Kerberos 5";
   else if (strcasecmp (abbreviation, "pw") == 0)
     return "password only";
   else if (strcasecmp (abbreviation, "snmp") == 0)
diff --git a/src/manage.h b/src/manage.h
index 8882d7a52..b5e1711cc 100644
--- a/src/manage.h
+++ b/src/manage.h
@@ -2293,7 +2293,7 @@ int
 create_credential (const char*, const char*, const char*, const char*,
                    const char*, const char*, const char*, const char*,
                    const char*, const char*, const char*, const char*,
-                   const char*, credential_t*);
+                   const char*, const char*, const char*, credential_t*);
 
 int
 copy_credential (const char*, const char*, const char*,
@@ -2303,7 +2303,7 @@ int
 modify_credential (const char*, const char*, const char*, const char*,
                    const char*, const char*, const char*, const char*,
                    const char*, const char*, const char*, const char*,
-                   const char*);
+                   const char*, const char*, const char*);
 
 int
 delete_credential (const char *, int);
@@ -2344,6 +2344,12 @@ credential_iterator_privacy_password (iterator_t*);
 const char*
 credential_iterator_public_key (iterator_t*);
 
+const char*
+credential_iterator_kdc (iterator_t*);
+
+const char*
+credential_iterator_realm (iterator_t*);
+
 const char*
 credential_iterator_private_key (iterator_t*);
 
diff --git a/src/manage_sql.c b/src/manage_sql.c
index 6e653b13d..6f2daa2b1 100644
--- a/src/manage_sql.c
+++ b/src/manage_sql.c
@@ -35707,6 +35707,8 @@ validate_credential_username_for_format (const gchar *username,
  * @param[in]  auth_algorithm     SNMP authentication algorithm, or NULL.
  * @param[in]  privacy_password   SNMP privacy password.
  * @param[in]  privacy_algorithm  SNMP privacy algorithm.
+ * @param[in]  kdc             Kerberos KDC (key distribution centers).
+ * @param[in]  realm           Kerberos realm.
  * @param[in]  given_type      Credential type or NULL.
  * @param[in]  allow_insecure  Whether to allow insecure uses.
  * @param[out] credential      Created Credential.
@@ -35720,6 +35722,7 @@ validate_credential_username_for_format (const gchar *username,
  *         14 privacy algorithm missing,
  *         15 invalid auth algorithm, 16 invalid privacy algorithm,
  *         17 invalid certificate, 18 cannot determine type,
+ *         19 key distribution center missing, 20 realm missing,
  *         99 permission denied, -1 error.
  */
 int
@@ -35729,6 +35732,7 @@ create_credential (const char* name, const char* comment, const char* login,
                    const char* certificate, const char* community,
                    const char* auth_algorithm, const char* privacy_password,
                    const char* privacy_algorithm,
+                   const char* kdc, const char *realm,
                    const char* given_type, const char* allow_insecure,
                    credential_t *credential)
 {
@@ -35775,7 +35779,8 @@ create_credential (const char* name, const char* comment, const char* login,
           && strcmp (given_type, "snmp")
           && strcmp (given_type, "smime")
           && strcmp (given_type, "up")
-          && strcmp (given_type, "usk"))
+          && strcmp (given_type, "usk")
+          && strcmp (given_type, "krb5"))
         {
           sql_rollback ();
           return 4;
@@ -35790,6 +35795,8 @@ create_credential (const char* name, const char* comment, const char* login,
     quoted_type = g_strdup ("cc");
   else if (login && key_private)
     quoted_type = g_strdup ("usk");
+  else if (login && given_password && (realm || kdc))
+    quoted_type = g_strdup ("krb5");
   else if (login && given_password)
     quoted_type = g_strdup ("up");
   else if (login && key_private == NULL && given_password == NULL)
@@ -35810,7 +35817,8 @@ create_credential (const char* name, const char* comment, const char* login,
       && (strcmp (quoted_type, "cc") == 0
           || strcmp (quoted_type, "pgp") == 0
           || strcmp (quoted_type, "smime") == 0
-          || strcmp (quoted_type, "snmp") == 0))
+          || strcmp (quoted_type, "snmp") == 0
+          || strcmp (quoted_type, "krb5") == 0))
     ret = 10; // Type does not support autogenerate
 
   using_snmp_v3 = 0;
@@ -35824,7 +35832,8 @@ create_credential (const char* name, const char* comment, const char* login,
     ret = 5;
   else if (given_password == NULL && auto_generate == 0
            && (strcmp (quoted_type, "up") == 0
-               || strcmp (quoted_type, "pw") == 0))
+               || strcmp (quoted_type, "pw") == 0
+               || strcmp (quoted_type, "krb5") == 0))
       // (username) password requires a password
     ret = 6;
   else if (key_private == NULL && auto_generate == 0
@@ -35838,6 +35847,12 @@ create_credential (const char* name, const char* comment, const char* login,
   else if (key_public == NULL && auto_generate == 0
            && strcmp (quoted_type, "pgp") == 0)
     ret = 9;
+  else if (kdc == NULL && auto_generate == 0
+           && strcmp (quoted_type, "krb5") == 0)
+    ret = 19;
+  else if (realm == NULL && auto_generate == 0
+           && strcmp (quoted_type, "krb5") == 0)
+    ret = 20;
   else if (strcmp (quoted_type, "snmp") == 0)
     {
       if (login || given_password || auth_algorithm
@@ -35913,9 +35928,10 @@ create_credential (const char* name, const char* comment, const char* login,
                            "username", login);
     }
 
+  if (kdc)
+    set_credential_data (new_credential, "kdc", kdc);
   if (key_public)
     set_credential_data (new_credential, "public_key", key_public);
-
   if (certificate)
     {
       gchar *certificate_truncated;
@@ -35936,6 +35952,8 @@ create_credential (const char* name, const char* comment, const char* login,
   if (privacy_algorithm)
     set_credential_data (new_credential,
                          "privacy_algorithm", privacy_algorithm);
+  if (realm)
+    set_credential_data (new_credential, "realm", realm);
 
   g_free (quoted_type);
 
@@ -36214,6 +36232,8 @@ copy_credential (const char* name, const char* comment,
  * @param[in]   auth_algorithm      Authentication algorithm of Credential.
  * @param[in]   privacy_password    Privacy password of Credential.
  * @param[in]   privacy_algorithm   Privacy algorithm of Credential.
+ * @param[in]   kdc                 Kerberos KDC (key distribution centers).
+ * @param[in]   realm               Kerberos realm.
  * @param[in]   allow_insecure      Whether to allow insecure use.
  *
  * @return 0 success, 1 failed to find credential, 2 credential with new name
@@ -36233,6 +36253,7 @@ modify_credential (const char *credential_id,
                    const char* certificate,
                    const char* community, const char* auth_algorithm,
                    const char* privacy_password, const char* privacy_algorithm,
+                   const char* kdc, const char* realm,
                    const char* allow_insecure)
 {
   credential_t credential;
@@ -36508,6 +36529,15 @@ modify_credential (const char *credential_id,
         {
           set_credential_data (credential, "secret", "");
         }
+      else if (strcmp (type, "krb5") == 0)
+        {
+          if (password)
+            set_credential_password (credential, password);
+          if (kdc)
+            set_credential_data (credential, "kdc", kdc);
+          if (realm)
+            set_credential_data (credential, "realm", realm);
+        }
       else
         {
           g_warning ("%s: Unknown credential type: %s", __func__, type);
@@ -36703,6 +36733,14 @@ delete_credential (const char *credential_id, int ultimate)
      " WHERE credential = credentials.id AND type = 'public_key')",           \
      NULL,                                                                    \
      KEYWORD_TYPE_STRING },                                                   \
+   { "(SELECT value FROM credentials_data"                                    \
+     " WHERE credential = credentials.id AND type = 'kdc')"       ,           \
+     "kdc",                                                                   \
+     KEYWORD_TYPE_STRING },                                                   \
+   { "(SELECT value FROM credentials_data"                                    \
+     " WHERE credential = credentials.id AND type = 'realm')",                \
+     "realm",                                                                 \
+     KEYWORD_TYPE_STRING },                                                   \
    /* private data */                                                         \
    { "(SELECT value FROM credentials_data"                                    \
      " WHERE credential = credentials.id AND type = 'secret')",               \
@@ -37285,20 +37323,20 @@ credential_iterator_encrypted_data (iterator_t* iterator, const char* type)
 
   if (iterator->done)
     return NULL;
-  secret = iterator_string (iterator, GET_ITERATOR_COLUMN_COUNT + 7);
+  secret = iterator_string (iterator, GET_ITERATOR_COLUMN_COUNT + 9);
   if (type == NULL)
     {
       g_warning ("%s: NULL data type given", __func__);
       return NULL;
     }
   else if (strcmp (type, "password") == 0)
-    unencrypted = iterator_string (iterator, GET_ITERATOR_COLUMN_COUNT + 8);
+    unencrypted = iterator_string (iterator, GET_ITERATOR_COLUMN_COUNT + 10);
   else if (strcmp (type, "private_key") == 0)
-    unencrypted  = iterator_string (iterator, GET_ITERATOR_COLUMN_COUNT + 9);
+    unencrypted  = iterator_string (iterator, GET_ITERATOR_COLUMN_COUNT + 11);
   else if (strcmp (type, "community") == 0)
-    unencrypted  = iterator_string (iterator, GET_ITERATOR_COLUMN_COUNT + 10);
+    unencrypted  = iterator_string (iterator, GET_ITERATOR_COLUMN_COUNT + 12);
   else if (strcmp (type, "privacy_password") == 0)
-    unencrypted  = iterator_string (iterator, GET_ITERATOR_COLUMN_COUNT + 11);
+    unencrypted  = iterator_string (iterator, GET_ITERATOR_COLUMN_COUNT + 13);
   else
     {
       g_warning ("%s: unknown data type \"%s\"", __func__, type);
@@ -37399,6 +37437,27 @@ DEF_ACCESS (credential_iterator_privacy_algorithm,
 DEF_ACCESS (credential_iterator_public_key,
             GET_ITERATOR_COLUMN_COUNT + 6);
 
+/**
+ * @brief Get the key distribution center from an LSC credential iterator.
+ *
+ * @param[in]  iterator  Iterator.
+ *
+ * @return Key distribution center, or NULL if iteration is complete.  Freed by
+ *         cleanup_iterator.
+ */
+DEF_ACCESS (credential_iterator_kdc,
+            GET_ITERATOR_COLUMN_COUNT + 7);
+
+/**
+ * @brief Get the realm from an LSC credential iterator.
+ *
+ * @param[in]  iterator  Iterator.
+ *
+ * @return Realm, or NULL if iteration is complete.  Freed by cleanup_iterator.
+ */
+DEF_ACCESS (credential_iterator_realm,
+            GET_ITERATOR_COLUMN_COUNT + 8);
+
 /**
  * @brief Get the password from a Credential iterator.
  *
diff --git a/src/schema_formats/XML/GMP.xml.in b/src/schema_formats/XML/GMP.xml.in
index 986a61a21..5225f9350 100644
--- a/src/schema_formats/XML/GMP.xml.in
+++ b/src/schema_formats/XML/GMP.xml.in
@@ -3987,12 +3987,14 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
       <o><e>copy</e></o>
       <o><e>allow_insecure</e></o>
       <o><e>certificate</e></o>
+      <o><e>kdc</e></o>
       <o><e>key</e></o>
       <o><e>login</e></o>
       <o><e>password</e></o>
       <o><e>auth_algorithm</e></o>
       <o><e>community</e></o>
       <o><e>privacy</e></o>
+      <o><e>realm</e></o>
       <o><e>type</e></o>
     </pattern>
     <ele>
@@ -4028,6 +4030,11 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
         text
       </pattern>
     </ele>
+    <ele>
+      <name>kdc</name>
+      <pattern>text</pattern>
+      <summary>The Kerberos KDC (key distribution center(s))</summary>
+    </ele>
     <ele>
       <name>key</name>
       <pattern>
@@ -4114,11 +4121,17 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
         </pattern>
       </ele>
     </ele>
+    <ele>
+      <name>realm</name>
+      <pattern>text</pattern>
+      <summary>The Kerberos realm</summary>
+    </ele>
     <ele>
       <name>type</name>
       <summary>The type of credential to create</summary>
       <description>
         <p>cc: Client certificate</p>
+        <p>krb5: Kerberos 5</p>
         <p>pgp: PGP encryption key</p>
         <p>pw: Password only</p>
         <p>smime: S/MIME certificate</p>
@@ -4129,6 +4142,7 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
       <pattern>
         <alts>
           <alt>cc</alt>
+          <alt>krb5</alt>
           <alt>pgp</alt>
           <alt>pw</alt>
           <alt>smime</alt>
@@ -10911,6 +10925,8 @@ END:VCALENDAR
               <e>certificate</e>
             </or>
           </o>
+          <o><e>kdc</e></o>
+          <o><e>realm</e></o>
         </pattern>
         <ele>
           <name>owner</name>
@@ -11037,6 +11053,7 @@ END:VCALENDAR
           <summary>The type of the credential</summary>
           <description>
             <p>cc: Client certificate</p>
+            <p>krb5: Kerberos 5</p>
             <p>pgp: PGP encryption key</p>
             <p>pw: Password only</p>
             <p>smime: S/MIME certificate</p>
@@ -11047,6 +11064,7 @@ END:VCALENDAR
           <pattern>
             <alts>
               <alt>cc</alt>
+              <alt>krb5</alt>
               <alt>pgp</alt>
               <alt>pw</alt>
               <alt>smime</alt>
@@ -11199,6 +11217,16 @@ END:VCALENDAR
           <name>certificate</name>
           <pattern>text</pattern>
         </ele>
+        <ele>
+          <name>kdc</name>
+          <pattern>text</pattern>
+          <summary>The Kerberos KDC (key distribution center(s))</summary>
+        </ele>
+        <ele>
+          <name>realm</name>
+          <pattern>text</pattern>
+          <summary>The Kerberos realm</summary>
+        </ele>
       </ele>
       <ele>
         <name>filters</name>
@@ -26744,12 +26772,14 @@ END:VCALENDAR
       <o><e>name</e></o>
       <o><e>allow_insecure</e></o>
       <o><e>certificate</e></o>
+      <o><e>kdc</e></o>
       <o><e>key</e></o>
       <o><e>login</e></o>
       <o><e>password</e></o>
       <o><e>community</e></o>
       <o><e>auth_algorithm</e></o>
       <o><e>privacy</e></o>
+      <o><e>realm</e></o>
     </pattern>
     <ele>
       <name>name</name>
@@ -26777,6 +26807,11 @@ END:VCALENDAR
         text
       </pattern>
     </ele>
+    <ele>
+      <name>kdc</name>
+      <pattern>text</pattern>
+      <summary>The Kerberos KDC (key distribution center(s))</summary>
+    </ele>
     <ele>
       <name>key</name>
       <pattern>
@@ -26863,6 +26898,11 @@ END:VCALENDAR
         </pattern>
       </ele>
     </ele>
+    <ele>
+      <name>realm</name>
+      <pattern>text</pattern>
+      <summary>The Kerberos realm</summary>
+    </ele>
     <response>
       <pattern>
         <attrib>

From 5c0d5fa8887acea08473cb623de322991ad12b1e Mon Sep 17 00:00:00 2001
From: Timo Pollmeier <timo.pollmeier@greenbone.net>
Date: Fri, 29 Nov 2024 09:38:41 +0100
Subject: [PATCH 131/134] Fix prototype and simplify check_db_... functions

The new parameter has been added to the check_db_port_lists prototype
and various check_db_... functions that would only return if
the avoid_db_check_inserts parameter is true have the parameter removed
and are instead wrapped in if conditions.
---
 src/manage_sql.c            | 57 +++++++++++++------------------------
 src/manage_sql_port_lists.h |  2 +-
 2 files changed, 20 insertions(+), 39 deletions(-)

diff --git a/src/manage_sql.c b/src/manage_sql.c
index 6f2daa2b1..d79371261 100644
--- a/src/manage_sql.c
+++ b/src/manage_sql.c
@@ -15840,16 +15840,11 @@ manage_update_nvti_cache ()
 /**
  * @brief Ensure the predefined scanner exists.
  *
- * @param[in]  avoid_db_check_inserts  Whether to avoid inserts.
- *
  * @return 0 if success, -1 if error.
  */
 static int
-check_db_scanners (int avoid_db_check_inserts)
+check_db_scanners ()
 {
-  if (avoid_db_check_inserts)
-    return 0;
-  
   if (sql_int ("SELECT count(*) FROM scanners WHERE uuid = '%s';",
                SCANNER_UUID_DEFAULT) == 0)
     {
@@ -15878,16 +15873,11 @@ check_db_scanners (int avoid_db_check_inserts)
 /**
  * @brief Initialize the default settings.
  *
- * @param[in]  avoid_db_check_inserts  Whether to avoid inserts.
- *
  * Ensure all the default manager settings exist.
  */
 static void
-check_db_settings (int avoid_db_check_inserts)
+check_db_settings ()
 {
-  if (avoid_db_check_inserts)
-    return;
-
   if (sql_int ("SELECT count(*) FROM settings"
                " WHERE uuid = '6765549a-934e-11e3-b358-406186ea4fc5'"
                " AND " ACL_IS_GLOBAL () ";")
@@ -16234,15 +16224,10 @@ check_db_versions ()
 
 /**
  * @brief Ensures the sanity of nvts cache in DB.
- *
- * @param[in]  avoid_db_check_inserts  Whether to avoid inserts.
  */
 static void
-check_db_nvt_selectors (int avoid_db_check_inserts)
+check_db_nvt_selectors ()
 {
-  if (avoid_db_check_inserts)
-    return;
-
   /* Ensure every part of the predefined selector exists.
    * This restores entries lost due to the error solved 2010-08-13 by r8805. */
   if (sql_int ("SELECT count(*) FROM nvt_selectors WHERE name ="
@@ -16379,15 +16364,10 @@ add_permissions_on_globals (const gchar *role_uuid)
 
 /**
  * @brief Ensure the predefined permissions exists.
- *
- * @param[in]  avoid_db_check_inserts  Whether to avoid inserts.
  */
 static void
-check_db_permissions (int avoid_db_check_inserts)
+check_db_permissions ()
 {
-  if (avoid_db_check_inserts)
-    return;
-  
   command_t *command;
 
   if (sql_int ("SELECT count(*) FROM permissions"
@@ -16546,15 +16526,10 @@ check_db_permissions (int avoid_db_check_inserts)
 
 /**
  * @brief Ensure the predefined roles exists.
- *
- * @param[in]  avoid_db_check_inserts  Whether to avoid inserts.
  */
 static void
-check_db_roles (int avoid_db_check_inserts)
+check_db_roles ()
 {
-  if (avoid_db_check_inserts)
-    return;
-  
   if (sql_int ("SELECT count(*) FROM roles WHERE uuid = '" ROLE_UUID_ADMIN "';")
       == 0)
     sql ("INSERT INTO roles"
@@ -16725,19 +16700,25 @@ check_db (int check_encryption_key, int avoid_db_check_inserts)
   create_tables ();
   check_db_sequences ();
   set_db_version (GVMD_DATABASE_VERSION);
-  check_db_roles (avoid_db_check_inserts);
-  check_db_nvt_selectors (avoid_db_check_inserts);
+  if (avoid_db_check_inserts == 0)
+    {
+      check_db_roles ();
+      check_db_nvt_selectors ();
+    }
   check_db_nvts ();
   check_db_port_lists (avoid_db_check_inserts);
   clean_auth_cache ();
-  if (check_db_scanners (avoid_db_check_inserts))
+  if (avoid_db_check_inserts == 0 && check_db_scanners ())
     goto fail;
   if (check_db_report_formats (avoid_db_check_inserts))
     goto fail;
   if (check_db_report_formats_trash ())
     goto fail;
-  check_db_permissions (avoid_db_check_inserts);
-  check_db_settings (avoid_db_check_inserts);
+  if (avoid_db_check_inserts == 0)
+    {
+      check_db_permissions ();
+      check_db_settings ();
+    }
   cleanup_schedule_times ();
   if (check_encryption_key && check_db_encryption_key ())
     goto fail;
@@ -17086,7 +17067,7 @@ init_manage (GSList *log_config, const db_conn_info_t *database,
                                fork_connection,
                                skip_db_check,
                                1, /* Check encryption key if checking db. */
-                               0  /* Do not avoid inserts if checking db. */); 
+                               0  /* Do not avoid inserts if checking db. */);
 }
 
 /**
@@ -17125,7 +17106,7 @@ init_manage_helper (GSList *log_config, const db_conn_info_t *database,
                                 ? 1    /* Skip DB check. */
                                 : 0,   /* Do DB check. */
                                0, /* Dummy. */
-                               avoid_db_check_inserts);  
+                               avoid_db_check_inserts);
 }
 
 /**
@@ -58328,7 +58309,7 @@ manage_optimize (GSList *log_config, const db_conn_info_t *database,
    */
   if (strcasecmp (name, "cleanup-sequences") == 0)
     avoid_db_check_inserts = 1;
-  
+
   ret = manage_option_setup (log_config, database, avoid_db_check_inserts);
   if (ret)
     return ret;
diff --git a/src/manage_sql_port_lists.h b/src/manage_sql_port_lists.h
index 9d20c199c..0539cf253 100644
--- a/src/manage_sql_port_lists.h
+++ b/src/manage_sql_port_lists.h
@@ -74,6 +74,6 @@ update_port_list (port_list_t, const gchar *, const gchar *, array_t *,
                   const gchar *);
 
 void
-check_db_port_lists ();
+check_db_port_lists (int);
 
 #endif /* not _GVMD_MANAGE_SQL_PORT_LISTS_H */

From 9613a4858c67332689e56a532e7c46bd33edd24e Mon Sep 17 00:00:00 2001
From: Timo Pollmeier <timo.pollmeier@greenbone.net>
Date: Mon, 2 Dec 2024 12:02:46 +0100
Subject: [PATCH 132/134] Add another sql_rollback in create_credential

---
 src/manage_sql.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/manage_sql.c b/src/manage_sql.c
index 66dafb594..133e9f05a 100644
--- a/src/manage_sql.c
+++ b/src/manage_sql.c
@@ -35760,6 +35760,7 @@ create_credential (const char* name, const char* comment, const char* login,
   else
     {
       g_warning ("%s: Cannot determine type of new credential", __func__);
+      sql_rollback ();
       return 18;
     }
 

From 3a252c6415a6dd2b7bc26270bda8cced52e8ce52 Mon Sep 17 00:00:00 2001
From: Matt Mundell <matt@mundell.me>
Date: Tue, 20 Aug 2024 19:55:19 +0200
Subject: [PATCH 133/134] Remove resource_id field from get_permissions_data_t

---
 src/gmp.c | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/src/gmp.c b/src/gmp.c
index 231e40eaa..03219f1d5 100644
--- a/src/gmp.c
+++ b/src/gmp.c
@@ -1905,7 +1905,6 @@ get_overrides_data_reset (get_overrides_data_t *data)
 typedef struct
 {
   get_data_t get;     ///< Get args.
-  char *resource_id;  ///< Resource whose permissions to get.
 } get_permissions_data_t;
 
 /**
@@ -1916,8 +1915,6 @@ typedef struct
 static void
 get_permissions_data_reset (get_permissions_data_t *data)
 {
-  free (data->resource_id);
-
   get_data_reset (&data->get);
   memset (data, 0, sizeof (get_permissions_data_t));
 }
@@ -5475,8 +5472,6 @@ gmp_xml_handle_start_element (/* unused */ GMarkupParseContext* context,
             get_data_parse_attributes (&get_permissions_data->get, "permission",
                                        attribute_names,
                                        attribute_values);
-            append_attribute (attribute_names, attribute_values, "resource_id",
-                              &get_permissions_data->resource_id);
             set_client_state (CLIENT_GET_PERMISSIONS);
           }
         else if (strcasecmp ("GET_PREFERENCES", element_name) == 0)

From 21dec6c2c754bcb1e9c1be8ce2debf3b8cbb994b Mon Sep 17 00:00:00 2001
From: Matt Mundell <matt@mundell.me>
Date: Tue, 8 Oct 2024 11:15:04 +0200
Subject: [PATCH 134/134] Fix: add LIBDIR to SYSTEMD_SERVICE_DIR config

---
 config/CMakeLists.txt | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/config/CMakeLists.txt b/config/CMakeLists.txt
index a9c1ce686..5756751d5 100644
--- a/config/CMakeLists.txt
+++ b/config/CMakeLists.txt
@@ -15,9 +15,8 @@
 # You should have received a copy of the GNU Affero General Public License
 # along with this program. If not, see <http://www.gnu.org/licenses/>.
 
-
 if (NOT SYSTEMD_SERVICE_DIR)
-  set (SYSTEMD_SERVICE_DIR "/lib/systemd/system")
+  set (SYSTEMD_SERVICE_DIR "${LIBDIR}/systemd/system")
 endif (NOT SYSTEMD_SERVICE_DIR)
 
 if (NOT LOGROTATE_DIR)