[Openvas-commits] r11584 - in trunk/openvas-manager: . src
scm-commit@wald.intevation.org
scm-commit at wald.intevation.org
Wed Sep 7 17:57:08 CEST 2011
Author: mattm
Date: 2011-09-07 17:57:07 +0200 (Wed, 07 Sep 2011)
New Revision: 11584
Modified:
trunk/openvas-manager/ChangeLog
trunk/openvas-manager/src/manage_sql.c
Log:
* src/manage_sql.c (cvss_threat): New function.
(init_manage_process): Attach SCAP database.
(DEF_ACCESS): New macro.
(init_prognosis_iterator, prognosis_iterator_cve)
(prognosis_iterator_cvss, prognosis_iterator_cvss_int): New functions.
(print_report_xml): Include SCAP info for each App.
Modified: trunk/openvas-manager/ChangeLog
===================================================================
--- trunk/openvas-manager/ChangeLog 2011-09-07 13:40:02 UTC (rev 11583)
+++ trunk/openvas-manager/ChangeLog 2011-09-07 15:57:07 UTC (rev 11584)
@@ -1,5 +1,14 @@
2011-09-07 Matthew Mundell <matthew.mundell at greenbone.net>
+ * src/manage_sql.c (cvss_threat): New function.
+ (init_manage_process): Attach SCAP database.
+ (DEF_ACCESS): New macro.
+ (init_prognosis_iterator, prognosis_iterator_cve)
+ (prognosis_iterator_cvss, prognosis_iterator_cvss_int): New functions.
+ (print_report_xml): Include SCAP info for each App.
+
+2011-09-07 Matthew Mundell <matthew.mundell at greenbone.net>
+
* src/manage_sql.c (manage_set_config_name, manage_set_config_comment)
(manage_set_config_name_comment): New functions.
Modified: trunk/openvas-manager/src/manage_sql.c
===================================================================
--- trunk/openvas-manager/src/manage_sql.c 2011-09-07 13:40:02 UTC (rev 11583)
+++ trunk/openvas-manager/src/manage_sql.c 2011-09-07 15:57:07 UTC (rev 11584)
@@ -836,6 +836,25 @@
/* General helpers. */
/**
+ * @brief Get the threat of a CVSS.
+ *
+ * @param cvss Rounded down CVSS.
+ *
+ * @return Static threat name.
+ */
+static const char *
+cvss_threat (int cvss)
+{
+ if (cvss < 0 || cvss > 10)
+ return "";
+ if (cvss < 3)
+ return "Low";
+ if (cvss < 6)
+ return "Medium";
+ return "High";
+}
+
+/**
* @brief Test whether a string equal to a given string exists in an array.
*
* @param[in] array Array of gchar* pointers.
@@ -7533,6 +7552,8 @@
}
#endif /* not S_SPLINT_S */
+ /* Attach the SCAP database. */
+
if (update_nvt_cache)
{
if (update_nvt_cache == -2)
@@ -7547,6 +7568,9 @@
{
/* Define functions for SQL. */
+ sql ("ATTACH database '" OPENVAS_STATE_DIR "/scap-data/scap.db'"
+ " AS scap;");
+
if (sqlite3_create_collation (task_db,
"collate_message_type",
SQLITE_UTF8,
@@ -9927,6 +9951,58 @@
}
�
+/* Prognostics. */
+
+#define DEF_ACCESS(name, col) \
+const char* \
+name (iterator_t* iterator) \
+{ \
+ const char *ret; \
+ if (iterator->done) return NULL; \
+ ret = (const char*) sqlite3_column_text (iterator->stmt, col); \
+ return ret; \
+}
+
+/**
+ * @brief Initialise a prognosis iterator.
+ *
+ * @param[in] iterator Iterator.
+ * @param[in] cpe CPE.
+ */
+void
+init_prognosis_iterator (iterator_t *iterator, const char *cpe)
+{
+ gchar *quoted_cpe;
+ quoted_cpe = sql_quote (cpe);
+ init_iterator (iterator,
+ "SELECT cves.cve, cves.cvss"
+ " FROM scap.cves, scap.cpes, scap.affected_products"
+ " WHERE cpes.name='%s'"
+ " AND cpes.id=affected_products.cpe"
+ " AND cves.id=affected_products.cve"
+ " ORDER BY CAST (cves.cvss AS INTEGER) DESC;",
+ quoted_cpe);
+ g_free (quoted_cpe);
+}
+
+DEF_ACCESS (prognosis_iterator_cve, 0);
+DEF_ACCESS (prognosis_iterator_cvss, 1);
+
+/**
+ * @brief Get the CVSS from a result iterator as an integer.
+ *
+ * @param[in] iterator Iterator.
+ *
+ * @return CVSS.
+ */
+int
+prognosis_iterator_cvss_int (iterator_t* iterator)
+{
+ if (iterator->done) return 0;
+ return (int) sqlite3_column_int64 (iterator->stmt, 1);
+}
+
+�
/* Reports. */
/**
@@ -10306,6 +10382,8 @@
*/
#endif
+#undef DEF_ACCESS
+
/**
* @brief Generate accessor for an SQL iterator.
*
@@ -14884,21 +14962,73 @@
init_report_host_details_iterator
(&details, report_host);
while (next (&details))
- PRINT (out,
- "<detail>"
- "<name>%s</name>"
- "<value>%s</value>"
- "<source>"
- "<type>%s</type>"
- "<name>%s</name>"
- "<description>%s</description>"
- "</source>"
- "</detail>",
- report_host_details_iterator_name (&details),
- report_host_details_iterator_value (&details),
- report_host_details_iterator_source_type (&details),
- report_host_details_iterator_source_name (&details),
- report_host_details_iterator_source_desc (&details));
+ {
+ const char *value;
+ value = report_host_details_iterator_value (&details);
+
+ PRINT (out,
+ "<detail>"
+ "<name>%s</name>"
+ "<value>%s</value>"
+ "<source>"
+ "<type>%s</type>"
+ "<name>%s</name>"
+ "<description>%s</description>"
+ "</source>"
+ "</detail>",
+ report_host_details_iterator_name (&details),
+ value,
+ report_host_details_iterator_source_type (&details),
+ report_host_details_iterator_source_name (&details),
+ report_host_details_iterator_source_desc (&details));
+
+ if (strcmp (report_host_details_iterator_name (&details),
+ "App")
+ == 0)
+ {
+ iterator_t prognosis;
+ int cvss;
+ int first;
+
+ first = 1;
+ cvss = -1;
+ init_prognosis_iterator (&prognosis, value);
+ while (next (&prognosis))
+ {
+ if (first)
+ {
+ cvss = prognosis_iterator_cvss_int
+ (&prognosis);
+ first = 0;
+ }
+
+ PRINT (out,
+ "<detail>"
+ "<name>%s/CVE</name>"
+ "<value>%s</value>"
+ "</detail>"
+ "<detail>"
+ "<name>%s/%s/CVSS</name>"
+ "<value>%s</value>"
+ "</detail>",
+ value,
+ prognosis_iterator_cve (&prognosis),
+ value,
+ prognosis_iterator_cve (&prognosis),
+ prognosis_iterator_cvss (&prognosis));
+ }
+ if (cvss >= 0)
+ PRINT (out,
+ "<detail>"
+ "<name>%s/threat</name>"
+ "<value>%s</value>"
+ "</detail>",
+ value,
+ cvss_threat (cvss));
+ cleanup_iterator (&prognosis);
+ }
+ }
+
cleanup_iterator (&details);
PRINT (out,
More information about the Openvas-commits
mailing list