[Openvas-commits] r11660 - in trunk/openvas-manager: . src tools
scm-commit@wald.intevation.org
scm-commit at wald.intevation.org
Thu Sep 22 16:22:41 CEST 2011
Author: hdoreau
Date: 2011-09-22 16:22:40 +0200 (Thu, 22 Sep 2011)
New Revision: 11660
Added:
trunk/openvas-manager/tools/cpe_getbyname.xsl
trunk/openvas-manager/tools/cve_getbyname.xsl
Modified:
trunk/openvas-manager/CMakeLists.txt
trunk/openvas-manager/ChangeLog
trunk/openvas-manager/src/CMakeLists.txt
trunk/openvas-manager/src/manage.c
trunk/openvas-manager/src/manage.h
trunk/openvas-manager/src/omp.c
Log:
Add new get_info command and support to retrieve CPE and CVE details
through OMP.
* src/omp.c (get_info_data_t, get_info_data_reset, command_data_t,
omp_xml_handle_start_element, omp_xml_handle_end_element): Add get_info command.
* src/manage.c (get_cpe_filename, get_cve_filename, xsl_transform,
manage_read_info): New functions.
* src/manage.h: Update header accordingly.
* tools/cpe_getbyname.xsl, tools/cve_getbyname.xsl: New files.
* CMakeLists.txt: Install cpe_getbyname.xsl and cve_getbyname.xsl.
* src/CMakeLists.txt: Export path to the SCAP resource directory as a
preprocessor define.
Modified: trunk/openvas-manager/CMakeLists.txt
===================================================================
--- trunk/openvas-manager/CMakeLists.txt 2011-09-22 14:03:12 UTC (rev 11659)
+++ trunk/openvas-manager/CMakeLists.txt 2011-09-22 14:22:40 UTC (rev 11660)
@@ -326,7 +326,8 @@
install (FILES tools/db_init.sql tools/cpe_update.xsl
tools/cpe_youngerthan.xsl tools/cve_update.xsl
- tools/cve_youngerthan.xsl
+ tools/cve_youngerthan.xsl tools/cpe_getbyname.xsl
+ tools/cve_getbyname.xsl
DESTINATION ${OPENVAS_SCAP_RES_DIR}
PERMISSIONS OWNER_WRITE OWNER_READ GROUP_READ WORLD_READ)
Modified: trunk/openvas-manager/ChangeLog
===================================================================
--- trunk/openvas-manager/ChangeLog 2011-09-22 14:03:12 UTC (rev 11659)
+++ trunk/openvas-manager/ChangeLog 2011-09-22 14:22:40 UTC (rev 11660)
@@ -1,3 +1,23 @@
+2011-09-22 Henri Doreau <henri.doreau at greenbone.net>
+
+ Add new get_info command and support to retrieve CPE and CVE details
+ through OMP.
+
+ * src/omp.c (get_info_data_t, get_info_data_reset, command_data_t,
+ omp_xml_handle_start_element, omp_xml_handle_end_element): Add get_info command.
+
+ * src/manage.c (get_cpe_filename, get_cve_filename, xsl_transform,
+ manage_read_info): New functions.
+
+ * src/manage.h: Update header accordingly.
+
+ * tools/cpe_getbyname.xsl, tools/cve_getbyname.xsl: New files.
+
+ * CMakeLists.txt: Install cpe_getbyname.xsl and cve_getbyname.xsl.
+
+ * src/CMakeLists.txt: Export path to the SCAP resource directory as a
+ preprocessor define.
+
2011-09-19 Matthew Mundell <matthew.mundell at greenbone.net>
* src/schema_formats/XML/OMP.xml (actions, user_list): New types.
Modified: trunk/openvas-manager/src/CMakeLists.txt
===================================================================
--- trunk/openvas-manager/src/CMakeLists.txt 2011-09-22 14:03:12 UTC (rev 11659)
+++ trunk/openvas-manager/src/CMakeLists.txt 2011-09-22 14:22:40 UTC (rev 11660)
@@ -66,6 +66,8 @@
add_definitions (-DOPENVAS_OS_NAME=\\\"${CMAKE_SYSTEM}\\\")
add_definitions (-DPREFIX=\\\"${CMAKE_INSTALL_PREFIX}\\\")
+add_definitions (-DSCAP_RES_DIR=\\\"${OPENVAS_SCAP_RES_DIR}\\\")
+
if (OPENVAS_USERS_DIR)
add_definitions (-DOPENVAS_USERS_DIR=\\\"${OPENVAS_USERS_DIR}\\\")
endif (OPENVAS_USERS_DIR)
Modified: trunk/openvas-manager/src/manage.c
===================================================================
--- trunk/openvas-manager/src/manage.c 2011-09-22 14:03:12 UTC (rev 11659)
+++ trunk/openvas-manager/src/manage.c 2011-09-22 14:22:40 UTC (rev 11660)
@@ -69,7 +69,31 @@
*/
#define G_LOG_DOMAIN "md manage"
+
/**
+ * @brief CPE selection stylesheet location.
+ */
+#define CPE_GETBYNAME_XSL SCAP_RES_DIR "/cpe_getbyname.xsl"
+
+/**
+ * @brief CVE selection stylesheet location.
+ */
+#define CVE_GETBYNAME_XSL SCAP_RES_DIR "/cve_getbyname.xsl"
+
+/**
+ * @brief CPE dictionary location.
+ */
+#define CPE_DICT_FILENAME SCAP_RES_DIR "/official-cpe-dictionary_v2.2.xml"
+
+/**
+ * @brief CVE data files location format string.
+ *
+ * %d should be the year expressed as YYYY.
+ */
+#define CVE_FILENAME_FMT SCAP_RES_DIR "/nvdcve-2.0-%d.xml"
+
+
+/**
* @brief Information about the scanner.
*/
scanner_t scanner = { NULL, NULL, NULL, NULL, 0 };
@@ -3894,3 +3918,177 @@
openvas_server_close (socket, session);
return -1;
}
+
+/**
+ * @brief Return the path to the CPE dictionary.
+ *
+ * @return A dynamically allocated string (to be g_free'd) containing the
+ * path to the desired file.
+ */
+static char *
+get_cpe_filename ()
+{
+ return g_strdup (CPE_DICT_FILENAME);
+}
+
+/**
+ * @brief Compute the filename where a given CVE can be found.
+ *
+ * @param[in] item_id Full CVE identifier ("CVE-YYYY-ZZZZ").
+ *
+ * @return A dynamically allocated string (to be g_free'd) containing the
+ * path to the desired file or NULL on error.
+ */
+static char *
+get_cve_filename (char *item_id)
+{
+ int year;
+
+ if (sscanf (item_id, "%*3s-%d-%*d", &year) == 1)
+ {
+ /* CVEs before 2002 are stored in the 2002 file. */
+ if (year <= 2002)
+ year = 2002;
+ return g_strdup_printf (CVE_FILENAME_FMT, year);
+ }
+ return NULL;
+}
+
+/**
+ * @brief Run xsltproc in an external process.
+ *
+ * @param[in] stylesheet XSL stylesheet to use.
+ * @param[in] xmlfile XML file to process.
+ * @param[in] param_names NULL terminated array of stringparam names (can
+ * be NULL).
+ * @param[in] param_values NULL terminated array of stringparam values (can
+ * be NULL).
+ *
+ * @return A dynamically allocated (to be g_free'd) string containing the
+ * result of the operation of NULL on failure.
+ */
+static gchar *
+xsl_transform (gchar *stylesheet, gchar *xmlfile, gchar **param_names, gchar **param_values)
+{
+ int i, param_idx;
+ gchar **cmd, *cmd_full;
+ gint exit_status;
+ gboolean success;
+ gchar *standard_out = NULL, *standard_err = NULL;
+
+ param_idx = 0;
+ if (param_names && param_values)
+ while (param_names[param_idx] && param_values[param_idx])
+ param_idx++;
+
+ cmd = (gchar **)g_malloc ((4 + param_idx * 3) * sizeof (gchar *));
+
+ i = 0;
+ cmd[i++] = "xsltproc";
+ if (param_idx)
+ {
+ int j;
+
+ for (j = 0; j < param_idx; j++)
+ {
+ cmd[i++] = "--stringparam";
+ cmd[i++] = param_names[j];
+ cmd[i++] = param_values[j];
+ }
+ }
+ cmd[i++] = stylesheet;
+ cmd[i++] = xmlfile;
+ cmd[i] = NULL;
+
+
+ /* DEBUG: display the final command line. */
+ cmd_full = g_strjoinv (" ", cmd);
+ g_debug ("%s: Spawning in parent dir: %s\n",
+ __FUNCTION__, cmd_full);
+ g_free (cmd_full);
+ /* --- */
+
+ if ((g_spawn_sync (NULL,
+ cmd,
+ NULL, /* Environment. */
+ G_SPAWN_SEARCH_PATH,
+ NULL, /* Setup function. */
+ NULL,
+ &standard_out,
+ &standard_err,
+ &exit_status,
+ NULL)
+ == FALSE)
+ || (WIFEXITED (exit_status) == 0)
+ || WEXITSTATUS (exit_status))
+ {
+ g_debug ("%s: failed to transform the xml: %d (WIF %i, WEX %i)",
+ __FUNCTION__,
+ exit_status,
+ WIFEXITED (exit_status),
+ WEXITSTATUS (exit_status));
+ g_debug ("%s: stderr: %s\n", __FUNCTION__, standard_err);
+ g_debug ("%s: stdout: %s\n", __FUNCTION__, standard_out);
+ success = FALSE;
+ }
+ else if (strlen (standard_out) == 0)
+ success = FALSE; /* execution succeeded but nothing was found */
+ else
+ success = TRUE; /* execution succeeded and we have a result */
+
+ /* Cleanup. */
+ g_free (cmd);
+ g_free (standard_err);
+
+ if (success)
+ return standard_out;
+
+ g_free (standard_out);
+ return NULL;
+}
+
+/**
+ * @brief Read raw information.
+ *
+ * @param[in] type Type of the requested information.
+ * @param[in] name Name or identifier of the requested information.
+ * @param[out] result Pointer to the read information location. Will point
+ * to NULL on error.
+ *
+ * @return 1 success, -1 error.
+ */
+int
+manage_read_info (gchar *type, gchar *name, gchar **result)
+{
+ gchar *fname;
+ gchar *pnames[2] = { "refname", NULL };
+ gchar *pvalues[2] = { name, NULL };
+
+ assert (result != NULL);
+ *result = NULL;
+
+ if (g_strcasecmp ("CPE", type) == 0)
+ {
+ fname = get_cpe_filename ();
+ if (fname)
+ {
+ *result = xsl_transform (CPE_GETBYNAME_XSL, fname, pnames, pvalues);
+ g_free (fname);
+ }
+ }
+ else if (g_strcasecmp ("CVE", type) == 0)
+ {
+ fname = get_cve_filename (name);
+ if (fname)
+ {
+ *result = xsl_transform (CVE_GETBYNAME_XSL, fname, pnames, pvalues);
+ g_free (fname);
+ }
+ }
+
+ if (*result == NULL)
+ return -1;
+
+ return 1;
+}
+
Modified: trunk/openvas-manager/src/manage.h
===================================================================
--- trunk/openvas-manager/src/manage.h 2011-09-22 14:03:12 UTC (rev 11659)
+++ trunk/openvas-manager/src/manage.h 2011-09-22 14:22:40 UTC (rev 11660)
@@ -1953,4 +1953,10 @@
void
parse_tags (const char *, gchar **, gchar **, gchar **);
+�
+/* SCAP files parsing. */
+
+int
+manage_read_info (gchar *, gchar *, gchar **);
+
#endif /* not OPENVAS_MANAGER_MANAGE_H */
Modified: trunk/openvas-manager/src/omp.c
===================================================================
--- trunk/openvas-manager/src/omp.c 2011-09-22 14:03:12 UTC (rev 11659)
+++ trunk/openvas-manager/src/omp.c 2011-09-22 14:22:40 UTC (rev 11660)
@@ -420,6 +420,7 @@
" GET_TARGETS Get all targets.\n"
" GET_TASKS Get all tasks.\n"
" GET_VERSION Get the OpenVAS Manager Protocol version.\n"
+" GET_INFO Get raw information for a given item.\n"
" HELP Get this help text.\n"
" MODIFY_CONFIG Update an existing config.\n"
" MODIFY_LSC_CREDENTIAL Modify an existing LSC credential.\n"
@@ -2054,6 +2055,29 @@
}
/**
+ * @brief Command data for the get_info command.
+ */
+typedef struct
+{
+ char *type; ///< Requested information type.
+ char *name; ///< Requested information identifier.
+} get_info_data_t;
+
+/**
+ * @brief Reset command data.
+ *
+ * @param[in] data Command data.
+ */
+static void
+get_info_data_reset (get_info_data_t *data)
+{
+ free (data->type);
+ free (data->name);
+
+ memset (data, 0, sizeof (get_info_data_t));
+}
+
+/**
* @brief Command data for the help command.
*/
typedef struct
@@ -2576,6 +2600,7 @@
get_system_reports_data_t get_system_reports; ///< get_system_reports
get_targets_data_t get_targets; ///< get_targets
get_tasks_data_t get_tasks; ///< get_tasks
+ get_info_data_t get_info; ///< get_info
help_data_t help; ///< help
modify_config_data_t modify_config; ///< modify_config
modify_lsc_credential_data_t modify_lsc_credential; ///< modify_lsc_credential
@@ -2870,6 +2895,12 @@
= &(command_data.get_tasks);
/**
+ * @brief Parser callback data for GET_INFO.
+ */
+get_info_data_t *get_info_data
+ = &(command_data.get_info);
+
+/**
* @brief Parser callback data for HELP.
*/
help_data_t *help_data
@@ -3253,6 +3284,7 @@
CLIENT_GET_TASKS,
CLIENT_GET_VERSION,
CLIENT_GET_VERSION_AUTHENTIC,
+ CLIENT_GET_INFO,
CLIENT_HELP,
CLIENT_MODIFY_LSC_CREDENTIAL,
CLIENT_MODIFY_LSC_CREDENTIAL_NAME,
@@ -4595,6 +4627,14 @@
set_client_state (CLIENT_GET_TASKS);
}
+ else if (strcasecmp ("GET_INFO", element_name) == 0)
+ {
+ append_attribute (attribute_names, attribute_values, "type",
+ &get_info_data->type);
+ append_attribute (attribute_names, attribute_values, "name",
+ &get_info_data->name);
+ set_client_state (CLIENT_GET_INFO);
+ }
else if (strcasecmp ("GET_VERSION", element_name) == 0)
set_client_state (CLIENT_GET_VERSION_AUTHENTIC);
else if (strcasecmp ("HELP", element_name) == 0)
@@ -5425,6 +5465,23 @@
G_MARKUP_ERROR_UNKNOWN_ELEMENT,
"Error");
break;
+
+ case CLIENT_GET_INFO:
+ {
+ if (send_element_error_to_client ("get_info", element_name,
+ write_to_client,
+ write_to_client_data))
+ {
+ error_send_to_client (error);
+ return;
+ }
+ set_client_state (CLIENT_AUTHENTIC);
+ g_set_error (error,
+ G_MARKUP_ERROR,
+ G_MARKUP_ERROR_UNKNOWN_ELEMENT,
+ "Error");
+ }
+ break;
case CLIENT_HELP:
{
@@ -17303,7 +17360,40 @@
get_tasks_data_reset (get_tasks_data);
set_client_state (CLIENT_AUTHENTIC);
break;
+
+ case CLIENT_GET_INFO:
+ {
+ gchar *result;
+ result = NULL;
+
+ manage_read_info (get_info_data->type, get_info_data->name, &result);
+ if (result)
+ {
+ SEND_TO_CLIENT_OR_FAIL ("<get_info_response>"
+ " status=\"" STATUS_OK "\""
+ " status_text=\"" STATUS_OK_TEXT "\">");
+ SEND_TO_CLIENT_OR_FAIL (result ? result : "");
+ SEND_TO_CLIENT_OR_FAIL ("</get_info_response>");
+
+ g_free (result);
+ }
+ else
+ {
+ if (send_find_error_to_client ("get_info", "name",
+ get_info_data->name,
+ write_to_client,
+ write_to_client_data))
+ {
+ error_send_to_client (error);
+ return;
+ }
+ }
+ get_info_data_reset (get_info_data);
+ set_client_state (CLIENT_AUTHENTIC);
+ break;
+ }
+
case CLIENT_VERIFY_AGENT:
assert (strcasecmp ("VERIFY_AGENT", element_name) == 0);
if (verify_agent_data->agent_id)
Added: trunk/openvas-manager/tools/cpe_getbyname.xsl
===================================================================
--- trunk/openvas-manager/tools/cpe_getbyname.xsl 2011-09-22 14:03:12 UTC (rev 11659)
+++ trunk/openvas-manager/tools/cpe_getbyname.xsl 2011-09-22 14:22:40 UTC (rev 11660)
@@ -0,0 +1,43 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+OpenVAS
+$Id$
+Description: Select a CPE item by name.
+
+Authors:
+Henri Doreau <henri.doreau at greenbone.net>
+
+Copyright:
+Copyright (C) 2011 Greenbone Networks GmbH
+
+This program is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License version 2,
+or, at your option, any later version as published by the Free
+Software Foundation
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program; if not, write to the Free Software
+Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+-->
+<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
+ xmlns:scap-core="http://scap.nist.gov/schema/scap-core/0.3"
+ xmlns:meta="http://scap.nist.gov/schema/cpe-dictionary-metadata/0.2"
+ xmlns:ns6="http://scap.nist.gov/schema/scap-core/0.1"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:config="http://scap.nist.gov/schema/configuration/0.1"
+ xmlns:cpe="http://cpe.mitre.org/dictionary/2.0"
+ xsi:schemaLocation="http://scap.nist.gov/schema/configuration/0.1 http://nvd.nist.gov/schema/configuration_0.1.xsd http://scap.nist.gov/schema/scap-core/0.3 http://nvd.nist.gov/schema/scap-core_0.3.xsd http://cpe.mitre.org/dictionary/2.0 http://cpe.mitre.org/files/cpe-dictionary_2.2.xsd http://scap.nist.gov/schema/scap-core/0.1 http://nvd.nist.gov/schema/scap-core_0.1.xsd http://scap.nist.gov/schema/cpe-dictionary-metadata/0.2 http://nvd.nist.gov/schema/cpe-dictionary-metadata_0.2.xsd">
+
+<xsl:output method="html"/>
+
+<xsl:template match="cpe:cpe-list">
+ <xsl:copy-of select="cpe:cpe-item[@name = $refname]"/>
+</xsl:template>
+
+</xsl:stylesheet>
+
Property changes on: trunk/openvas-manager/tools/cpe_getbyname.xsl
___________________________________________________________________
Name: svn:keywords
+ Author Date Id Revision
Added: trunk/openvas-manager/tools/cve_getbyname.xsl
===================================================================
--- trunk/openvas-manager/tools/cve_getbyname.xsl 2011-09-22 14:03:12 UTC (rev 11659)
+++ trunk/openvas-manager/tools/cve_getbyname.xsl 2011-09-22 14:22:40 UTC (rev 11660)
@@ -0,0 +1,43 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+OpenVAS
+$Id$
+Description: Select a CVE item by name.
+
+Authors:
+Henri Doreau <henri.doreau at greenbone.net>
+
+Copyright:
+Copyright (C) 2011 Greenbone Networks GmbH
+
+This program is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License version 2,
+or, at your option, any later version as published by the Free
+Software Foundation
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program; if not, write to the Free Software
+Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+-->
+<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
+ xmlns:vuln="http://scap.nist.gov/schema/vulnerability/0.4"
+ xmlns:cpe-lang="http://cpe.mitre.org/language/2.0"
+ xmlns:scap-core="http://scap.nist.gov/schema/scap-core/0.1"
+ xmlns:cve="http://scap.nist.gov/schema/feed/vulnerability/2.0"
+ xmlns:cvss="http://scap.nist.gov/schema/cvss-v2/0.2"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:patch="http://scap.nist.gov/schema/patch/0.1">
+
+<xsl:output method="html"/>
+
+<xsl:template match="cve:nvd">
+ <xsl:copy-of select="cve:entry[@id = $refname]"/>
+</xsl:template>
+
+</xsl:stylesheet>
+
Property changes on: trunk/openvas-manager/tools/cve_getbyname.xsl
___________________________________________________________________
Name: svn:keywords
+ Author Date Id Revision
More information about the Openvas-commits
mailing list