[Openvas-commits] r11584 - in trunk/openvas-manager: . src

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Wed Sep 7 17:57:08 CEST 2011


Author: mattm
Date: 2011-09-07 17:57:07 +0200 (Wed, 07 Sep 2011)
New Revision: 11584

Modified:
   trunk/openvas-manager/ChangeLog
   trunk/openvas-manager/src/manage_sql.c
Log:
	* src/manage_sql.c (cvss_threat): New function.
	(init_manage_process): Attach SCAP database.
	(DEF_ACCESS): New macro.
	(init_prognosis_iterator, prognosis_iterator_cve)
	(prognosis_iterator_cvss, prognosis_iterator_cvss_int): New functions.
	(print_report_xml): Include SCAP info for each App.

Modified: trunk/openvas-manager/ChangeLog
===================================================================
--- trunk/openvas-manager/ChangeLog	2011-09-07 13:40:02 UTC (rev 11583)
+++ trunk/openvas-manager/ChangeLog	2011-09-07 15:57:07 UTC (rev 11584)
@@ -1,5 +1,14 @@
 2011-09-07  Matthew Mundell <matthew.mundell at greenbone.net>
 
+	* src/manage_sql.c (cvss_threat): New function.
+	(init_manage_process): Attach SCAP database.
+	(DEF_ACCESS): New macro.
+	(init_prognosis_iterator, prognosis_iterator_cve)
+	(prognosis_iterator_cvss, prognosis_iterator_cvss_int): New functions.
+	(print_report_xml): Include SCAP info for each App.
+
+2011-09-07  Matthew Mundell <matthew.mundell at greenbone.net>
+
 	* src/manage_sql.c (manage_set_config_name, manage_set_config_comment)
 	(manage_set_config_name_comment): New functions.
 

Modified: trunk/openvas-manager/src/manage_sql.c
===================================================================
--- trunk/openvas-manager/src/manage_sql.c	2011-09-07 13:40:02 UTC (rev 11583)
+++ trunk/openvas-manager/src/manage_sql.c	2011-09-07 15:57:07 UTC (rev 11584)
@@ -836,6 +836,25 @@
 /* General helpers. */
 
 /**
+ * @brief Get the threat of a CVSS.
+ *
+ * @param  cvss  Rounded down CVSS.
+ *
+ * @return Static threat name.
+ */
+static const char *
+cvss_threat (int cvss)
+{
+  if (cvss < 0 || cvss > 10)
+    return "";
+  if (cvss < 3)
+    return "Low";
+  if (cvss < 6)
+    return "Medium";
+  return "High";
+}
+
+/**
  * @brief Test whether a string equal to a given string exists in an array.
  *
  * @param[in]  array   Array of gchar* pointers.
@@ -7533,6 +7552,8 @@
     }
 #endif /* not S_SPLINT_S */
 
+  /* Attach the SCAP database. */
+
   if (update_nvt_cache)
     {
       if (update_nvt_cache == -2)
@@ -7547,6 +7568,9 @@
     {
       /* Define functions for SQL. */
 
+      sql ("ATTACH database '" OPENVAS_STATE_DIR "/scap-data/scap.db'"
+           " AS scap;");
+
       if (sqlite3_create_collation (task_db,
                                     "collate_message_type",
                                     SQLITE_UTF8,
@@ -9927,6 +9951,58 @@
 }
 
 
+/* Prognostics. */
+
+#define DEF_ACCESS(name, col) \
+const char* \
+name (iterator_t* iterator) \
+{ \
+  const char *ret; \
+  if (iterator->done) return NULL; \
+  ret = (const char*) sqlite3_column_text (iterator->stmt, col); \
+  return ret; \
+}
+
+/**
+ * @brief Initialise a prognosis iterator.
+ *
+ * @param[in]  iterator  Iterator.
+ * @param[in]  cpe       CPE.
+ */
+void
+init_prognosis_iterator (iterator_t *iterator, const char *cpe)
+{
+  gchar *quoted_cpe;
+  quoted_cpe = sql_quote (cpe);
+  init_iterator (iterator,
+                 "SELECT cves.cve, cves.cvss"
+                 " FROM scap.cves, scap.cpes, scap.affected_products"
+                 " WHERE cpes.name='%s'"
+                 " AND cpes.id=affected_products.cpe"
+                 " AND cves.id=affected_products.cve"
+                 " ORDER BY CAST (cves.cvss AS INTEGER) DESC;",
+                 quoted_cpe);
+  g_free (quoted_cpe);
+}
+
+DEF_ACCESS (prognosis_iterator_cve, 0);
+DEF_ACCESS (prognosis_iterator_cvss, 1);
+
+/**
+ * @brief Get the CVSS from a result iterator as an integer.
+ *
+ * @param[in]  iterator  Iterator.
+ *
+ * @return CVSS.
+ */
+int
+prognosis_iterator_cvss_int (iterator_t* iterator)
+{
+  if (iterator->done) return 0;
+  return (int) sqlite3_column_int64 (iterator->stmt, 1);
+}
+
+
 /* Reports. */
 
 /**
@@ -10306,6 +10382,8 @@
  */
 #endif
 
+#undef DEF_ACCESS
+
 /**
  * @brief Generate accessor for an SQL iterator.
  *
@@ -14884,21 +14962,73 @@
                   init_report_host_details_iterator
                    (&details, report_host);
                   while (next (&details))
-                    PRINT (out,
-                           "<detail>"
-                           "<name>%s</name>"
-                           "<value>%s</value>"
-                           "<source>"
-                           "<type>%s</type>"
-                           "<name>%s</name>"
-                           "<description>%s</description>"
-                           "</source>"
-                           "</detail>",
-                           report_host_details_iterator_name (&details),
-                           report_host_details_iterator_value (&details),
-                           report_host_details_iterator_source_type (&details),
-                           report_host_details_iterator_source_name (&details),
-                           report_host_details_iterator_source_desc (&details));
+                    {
+                      const char *value;
+                      value = report_host_details_iterator_value (&details);
+
+                      PRINT (out,
+                             "<detail>"
+                             "<name>%s</name>"
+                             "<value>%s</value>"
+                             "<source>"
+                             "<type>%s</type>"
+                             "<name>%s</name>"
+                             "<description>%s</description>"
+                             "</source>"
+                             "</detail>",
+                             report_host_details_iterator_name (&details),
+                             value,
+                             report_host_details_iterator_source_type (&details),
+                             report_host_details_iterator_source_name (&details),
+                             report_host_details_iterator_source_desc (&details));
+
+                      if (strcmp (report_host_details_iterator_name (&details),
+                                  "App")
+                          == 0)
+                        {
+                          iterator_t prognosis;
+                          int cvss;
+                          int first;
+
+                          first = 1;
+                          cvss = -1;
+                          init_prognosis_iterator (&prognosis, value);
+                          while (next (&prognosis))
+                            {
+                              if (first)
+                                {
+                                  cvss = prognosis_iterator_cvss_int
+                                          (&prognosis);
+                                  first = 0;
+                                }
+
+                              PRINT (out,
+                                     "<detail>"
+                                     "<name>%s/CVE</name>"
+                                     "<value>%s</value>"
+                                     "</detail>"
+                                     "<detail>"
+                                     "<name>%s/%s/CVSS</name>"
+                                     "<value>%s</value>"
+                                     "</detail>",
+                                     value,
+                                     prognosis_iterator_cve (&prognosis),
+                                     value,
+                                     prognosis_iterator_cve (&prognosis),
+                                     prognosis_iterator_cvss (&prognosis));
+                            }
+                          if (cvss >= 0)
+                            PRINT (out,
+                                   "<detail>"
+                                   "<name>%s/threat</name>"
+                                   "<value>%s</value>"
+                                   "</detail>",
+                                   value,
+                                   cvss_threat (cvss));
+                          cleanup_iterator (&prognosis);
+                        }
+                    }
+
                   cleanup_iterator (&details);
 
                   PRINT (out,



More information about the Openvas-commits mailing list