Skip to content

Commit

Permalink
Merge pull request #2125 from greenbone/differentiate-audit-and-scan-…
Browse files Browse the repository at this point in the history 
…reports

Change: Differentiate between audit and scan reports
  • Loading branch information
@a-h-abdelsalam
a-h-abdelsalam authored Aug 23, 2024
2 parents 14ab614 + 002fe42 commit c60c689
Show file tree
Hide file tree
Showing 8 changed files with 1,778 additions and 498 deletions.
12 changes: 12 additions & 0 deletions CMakeLists.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -247,13 +247,25 @@ if (NOT CVSS3_RATINGS)
endif (NOT CVSS3_RATINGS)
add_definitions (-DCVSS3_RATINGS=${CVSS3_RATINGS})

if (NOT COMPLIANCE_REPORTS)
set (COMPLIANCE_REPORTS 0)
endif (NOT COMPLIANCE_REPORTS)
add_definitions (-DCOMPLIANCE_REPORTS=${COMPLIANCE_REPORTS})

message ("-- Install prefix: ${CMAKE_INSTALL_PREFIX}")

## Version

set (GVMD_VERSION "${PROJECT_VERSION_STRING}")

if (COMPLIANCE_REPORTS EQUAL 1)
set(IF_COMPLIANCE_REPORTS "")
set(ENDIF_COMPLIANCE_REPORTS "")
elseif (COMPLIANCE_REPORTS EQUAL 0)
set(IF_COMPLIANCE_REPORTS "<!--")
set(ENDIF_COMPLIANCE_REPORTS "-->")
endif()

# Configure Doxyfile with version number
configure_file (doc/Doxyfile.in doc/Doxyfile)
configure_file (doc/Doxyfile_full.in doc/Doxyfile_full)
Expand Down
114 changes: 93 additions & 21 deletions src/gmp.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5555,6 +5555,14 @@ gmp_xml_handle_start_element (/* unused */ GMarkupParseContext* context,
else
get_reports_data->ignore_pagination = 0;

if (find_attribute (attribute_names, attribute_values,
"usage_type", &attribute))
{
get_data_set_extra (&get_reports_data->report_get,
"usage_type",
attribute);
}

set_client_state (CLIENT_GET_REPORTS);
}
else if (strcasecmp ("GET_REPORT_CONFIGS", element_name) == 0)
Expand Down Expand Up @@ -9421,6 +9429,7 @@ buffer_results_xml (GString *buffer, iterator_t *results, task_t task,
const char *severity, *original_severity, *original_level;
const char *host, *hostname, *result_id, *port, *path, *asset_id, *qod, *qod_type;
char *detect_oid, *detect_ref, *detect_cpe, *detect_loc, *detect_name;
const char *compliance;
double severity_double;
gchar *nl_descr, *nl_descr_escaped;
result_t result;
Expand Down Expand Up @@ -9451,6 +9460,7 @@ buffer_results_xml (GString *buffer, iterator_t *results, task_t task,
hostname = result_iterator_delta_hostname (results);
if (host)
asset_id = result_iterator_delta_host_asset_id (results);
compliance = result_iterator_delta_compliance (results);
}
else
{
Expand All @@ -9469,6 +9479,7 @@ buffer_results_xml (GString *buffer, iterator_t *results, task_t task,
hostname = result_iterator_hostname (results);
if (host)
asset_id = result_iterator_asset_host_id (results);
compliance = result_iterator_compliance (results);
}


Expand Down Expand Up @@ -9723,6 +9734,8 @@ buffer_results_xml (GString *buffer, iterator_t *results, task_t task,
original_level,
original_severity);

buffer_xml_append_printf (buffer, "<compliance>%s</compliance>", compliance);

if (include_notes
&& use_delta_fields
? result_iterator_delta_may_have_notes (results)
Expand Down Expand Up @@ -12942,6 +12955,11 @@ handle_get_features (gmp_parser_t *gmp_parser, GError **error)
" status=\"" STATUS_OK "\""
" status_text=\"" STATUS_OK_TEXT "\">");

SENDF_TO_CLIENT_OR_FAIL ("<feature enabled=\"%d\">"
"<name>COMPLIANCE_REPORTS</name>"
"</feature>",
COMPLIANCE_REPORTS ? 1 : 0);

SENDF_TO_CLIENT_OR_FAIL ("<feature enabled=\"%d\">"
"<name>CVSS3_RATINGS</name>"
"</feature>",
Expand Down Expand Up @@ -14840,12 +14858,32 @@ handle_get_reports (gmp_parser_t *gmp_parser, GError **error)
overrides = filter_term_apply_overrides (filter ? filter : get->filter);
min_qod = filter_term_min_qod (filter ? filter : get->filter);
levels = filter_term_value (filter ? filter : get->filter, "levels");
#if COMPLIANCE_REPORTS == 1
gchar *compliance_levels;
compliance_levels = filter_term_value (filter
? filter
: get->filter,
"compliance_levels");

/* Setup result filter from overrides. */
get_reports_data->get.filter
= g_strdup_printf
("apply_overrides=%i min_qod=%i levels=%s compliance_levels=%s",
overrides,
min_qod,
levels ? levels : "hmlgdf",
compliance_levels ? compliance_levels : "yniu");
g_free (compliance_levels);
#else
/* Setup result filter from overrides. */
get_reports_data->get.filter
= g_strdup_printf
("apply_overrides=%i min_qod=%i levels=%s",
overrides,
min_qod,
levels ? levels : "hmlgdf");
#endif
g_free (filter);

/* Setup result filter from overrides. */
get_reports_data->get.filter
= g_strdup_printf ("apply_overrides=%i min_qod=%i levels=%s",
overrides, min_qod, levels ? levels : "hmlgdf");
g_free (levels);
}

Expand Down Expand Up @@ -15892,7 +15930,19 @@ select_resource_iterator (get_resource_names_data_t *resource_names_data,
else if (g_strcmp0 ("report", resource_names_data->type) == 0)
{
*iterator = (int (*) (iterator_t*, get_data_t *))init_report_iterator;
#if COMPLIANCE_REPORTS == 1
get_data_set_extra (&resource_names_data->get,
"usage_type",
g_strdup ("scan"));
}
else if (g_strcmp0 ("audit_report", resource_names_data->type) == 0)
{
*iterator = (int (*) (iterator_t*, get_data_t *))init_report_iterator;
get_data_set_extra (&resource_names_data->get,
"usage_type",
g_strdup ("audit"));
#endif
}
else if (g_strcmp0 ("report_config", resource_names_data->type) == 0)
{
*iterator = (int (*) (iterator_t*, get_data_t *))init_report_config_iterator;
Expand All @@ -15908,7 +15958,17 @@ select_resource_iterator (get_resource_names_data_t *resource_names_data,
else if (g_strcmp0 ("config", resource_names_data->type) == 0)
{
*iterator = (int (*) (iterator_t*, get_data_t *))init_config_iterator;
}
get_data_set_extra (&resource_names_data->get,
"usage_type",
g_strdup ("scan"));
}
else if (g_strcmp0 ("policy", resource_names_data->type) == 0)
{
*iterator = (int (*) (iterator_t*, get_data_t *))init_config_iterator;
get_data_set_extra (&resource_names_data->get,
"usage_type",
g_strdup ("policy"));
}
else if (g_strcmp0 ("scanner", resource_names_data->type) == 0)
{
*iterator = (int (*) (iterator_t*, get_data_t *))init_scanner_iterator;
Expand All @@ -15924,7 +15984,17 @@ select_resource_iterator (get_resource_names_data_t *resource_names_data,
else if (g_strcmp0 ("task", resource_names_data->type) == 0)
{
*iterator = (int (*) (iterator_t*, get_data_t *))init_task_iterator;
}
get_data_set_extra (&resource_names_data->get,
"usage_type",
g_strdup ("scan"));
}
else if (g_strcmp0 ("audit", resource_names_data->type) == 0)
{
*iterator = (int (*) (iterator_t*, get_data_t *))init_task_iterator;
get_data_set_extra (&resource_names_data->get,
"usage_type",
g_strdup ("audit"));
}
else if (g_strcmp0 ("tls_certificate", resource_names_data->type) == 0)
{
*iterator = (int (*) (iterator_t*, get_data_t *))init_tls_certificate_iterator;
Expand Down Expand Up @@ -15968,14 +16038,21 @@ handle_get_resource_names (gmp_parser_t *gmp_parser, GError **error)
&& (acl_user_may ("get_assets") == 0))
|| ((g_strcmp0 ("result", get_resource_names_data->type) == 0)
&& (acl_user_may ("get_results") == 0))
|| ((g_strcmp0 ("report", get_resource_names_data->type) == 0)
|| (((g_strcmp0 ("report", get_resource_names_data->type) == 0)
|| (g_strcmp0 ("audit_report", get_resource_names_data->type) == 0))
&& (acl_user_may ("get_reports") == 0))
|| (((g_strcmp0 ("cpe", get_resource_names_data->type) == 0)
|| (g_strcmp0 ("cve", get_resource_names_data->type) == 0)
|| (g_strcmp0 ("nvt", get_resource_names_data->type) == 0)
|| (g_strcmp0 ("cert_bund_adv", get_resource_names_data->type) == 0)
|| (g_strcmp0 ("dfn_cert_adv", get_resource_names_data->type) == 0))
&& (acl_user_may ("get_info") == 0)))
&& (acl_user_may ("get_info") == 0))
|| (((g_strcmp0 ("config", get_resource_names_data->type) == 0)
||(g_strcmp0 ("policy", get_resource_names_data->type) == 0))
&& (acl_user_may ("get_configs") == 0))
|| (((g_strcmp0 ("task", get_resource_names_data->type) == 0)
||(g_strcmp0 ("audit", get_resource_names_data->type) == 0))
&& (acl_user_may ("get_tasks") == 0)))
{
SEND_TO_CLIENT_OR_FAIL
(XML_ERROR_SYNTAX ("get_resource_names",
Expand Down Expand Up @@ -16059,14 +16136,6 @@ handle_get_resource_names (gmp_parser_t *gmp_parser, GError **error)

while (next (&resource))
{
if ((g_strcmp0 ("task", get_resource_names_data->type) == 0
&& g_strcmp0 ("audit", task_iterator_usage_type(&resource)) == 0)
|| (g_strcmp0 ("config", get_resource_names_data->type) == 0
&& g_strcmp0 ("policy", config_iterator_usage_type(&resource)) == 0))
{
continue;
}

GString *result;
result = g_string_new ("");

Expand Down Expand Up @@ -16252,6 +16321,7 @@ handle_get_results (gmp_parser_t *gmp_parser, GError **error)
NULL, /* result_hosts_only */
NULL, /* min_qod */
NULL, /* levels */
NULL, /* compliance_levels */
NULL, /* delta_states */
NULL, /* search_phrase */
NULL, /* search_phrase_exact */
Expand Down Expand Up @@ -18266,7 +18336,8 @@ handle_get_tasks (gmp_parser_t *gmp_parser, GError **error)
report_compliance_by_uuid (last_report_id,
&compliance_yes,
&compliance_no,
&compliance_incomplete);
&compliance_incomplete,
NULL);

last_report
= g_strdup_printf ("<last_report>"
Expand Down Expand Up @@ -22486,8 +22557,8 @@ gmp_xml_handle_end_element (/* unused */ GMarkupParseContext* context,
(XML_ERROR_SYNTAX ("create_tag",
"RESOURCES requires"
" a TYPE element"));
else if (valid_db_resource_type (create_tag_data->resource_type)
== 0)
else if (valid_db_resource_type (create_tag_data->resource_type) == 0
&& valid_subtype (create_tag_data->resource_type) == 0)
SEND_TO_CLIENT_OR_FAIL
(XML_ERROR_SYNTAX ("create_tag",
"TYPE in RESOURCES must be"
Expand Down Expand Up @@ -25239,7 +25310,8 @@ gmp_xml_handle_end_element (/* unused */ GMarkupParseContext* context,
"name must be at least one"
" character long or omitted completely"));
else if (modify_tag_data->resource_type &&
valid_db_resource_type (modify_tag_data->resource_type) == 0)
valid_db_resource_type (modify_tag_data->resource_type) == 0
&& valid_subtype (modify_tag_data->resource_type) == 0)
SEND_TO_CLIENT_OR_FAIL
(XML_ERROR_SYNTAX ("modify_tag",
"TYPE in RESOURCES must be"
Expand Down
3 changes: 3 additions & 0 deletions src/gvmd.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2317,6 +2317,9 @@ gvmd (int argc, char** argv, char *env[])
#endif
#if CVSS3_RATINGS == 1
printf ("CVSS3 severity ratings enabled\n");
#endif
#if COMPLIANCE_REPORTS == 1
printf ("Compliance reports enabled\n");
#endif
printf ("Copyright (C) 2009-2021 Greenbone AG\n");
printf ("License: AGPL-3.0-or-later\n");
Expand Down
15 changes: 12 additions & 3 deletions src/manage.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -838,6 +838,9 @@ set_task_hosts_ordering (task_t, const char *);
void
set_task_scanner (task_t, scanner_t);

int
task_usage_type (task_t, char**);

void
set_task_usage_type (task_t, const char *);

Expand Down Expand Up @@ -1328,7 +1331,7 @@ gboolean
report_task (report_t, task_t*);

void
report_compliance_by_uuid (const char *, int *, int *, int *);
report_compliance_by_uuid (const char *, int *, int *, int *, int *);

int
report_scan_result_count (report_t, const char*, const char*, int, const char*,
Expand Down Expand Up @@ -1553,6 +1556,9 @@ result_iterator_cert_bunds (iterator_t*);
gchar **
result_iterator_dfn_certs (iterator_t*);

const char *
result_iterator_compliance (iterator_t*);

const char *
result_iterator_delta_state (iterator_t*);

Expand All @@ -1565,6 +1571,9 @@ result_iterator_delta_severity (iterator_t*);
double
result_iterator_delta_severity_double (iterator_t*);

const char *
result_iterator_delta_compliance (iterator_t*);

const char*
result_iterator_delta_level (iterator_t*);

Expand Down Expand Up @@ -1724,8 +1733,8 @@ manage_filter_controls (const gchar *, int *, int *, gchar **, int *);

void
manage_report_filter_controls (const gchar *, int *, int *, gchar **, int *,
int *, gchar **, gchar **, gchar **, gchar **,
int *, int *, int *, int *, gchar **);
int *, gchar **, gchar **, gchar **, gchar **,
gchar **, int *, int *, int *, int *, gchar **);

gchar *
manage_clean_filter (const gchar *);
Expand Down
41 changes: 40 additions & 1 deletion src/manage_pg.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -895,7 +895,46 @@ manage_create_sql_functions ()
"$$ LANGUAGE plpgsql"
" IMMUTABLE;");

/* Functions in SQL. */
sql ("CREATE OR REPLACE FUNCTION report_compliance_status ("
" report_id integer)"
"RETURNS text AS $$ "
"BEGIN"
" CASE"
" WHEN (SELECT count(*) FROM results"
" WHERE report = report_id"
" AND description LIKE 'Compliant:%%NO%%') > 0"
" THEN RETURN 'no';"
" WHEN (SELECT count(*) FROM results"
" WHERE report = report_id"
" AND description LIKE 'Compliant:%%INCOMPLETE%%') > 0"
" THEN RETURN 'incomplete';"
" WHEN (SELECT count(*) FROM results"
" WHERE report = report_id"
" AND description LIKE 'Compliant:%%YES%%') > 0"
" THEN RETURN 'yes';"
" ELSE RETURN 'undefined';"
" END CASE;"
"END;"
"$$ LANGUAGE plpgsql"
" IMMUTABLE;");

sql ("CREATE OR REPLACE FUNCTION report_compliance_count ("
" report_id integer,"
" compliance text)"
" RETURNS integer AS $$"
" DECLARE count integer := 0;"
" BEGIN"
" WITH compliance_count AS"
" (SELECT count(*) AS total FROM results WHERE report = report_id"
" AND description LIKE 'Compliant:%%' || compliance || '%%')"
" SELECT total FROM compliance_count"
" INTO count;"
" RETURN count;"
" END;"
" $$ LANGUAGE plpgsql"
" IMMUTABLE;");

/* Functions in SQL. */

if (sql_int ("SELECT (EXISTS (SELECT * FROM information_schema.tables"
" WHERE table_catalog = '%s'"
Expand Down
Loading

0 comments on commit c60c689

Please sign in to comment.