[Openvas-commits] r11660 - in trunk/openvas-manager: . src tools

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Thu Sep 22 16:22:41 CEST 2011


Author: hdoreau
Date: 2011-09-22 16:22:40 +0200 (Thu, 22 Sep 2011)
New Revision: 11660

Added:
   trunk/openvas-manager/tools/cpe_getbyname.xsl
   trunk/openvas-manager/tools/cve_getbyname.xsl
Modified:
   trunk/openvas-manager/CMakeLists.txt
   trunk/openvas-manager/ChangeLog
   trunk/openvas-manager/src/CMakeLists.txt
   trunk/openvas-manager/src/manage.c
   trunk/openvas-manager/src/manage.h
   trunk/openvas-manager/src/omp.c
Log:
Add new get_info command and support to retrieve CPE and CVE details
through OMP.

* src/omp.c (get_info_data_t, get_info_data_reset, command_data_t,
omp_xml_handle_start_element, omp_xml_handle_end_element): Add get_info command.

* src/manage.c (get_cpe_filename, get_cve_filename, xsl_transform,
manage_read_info): New functions.

* src/manage.h: Update header accordingly.

* tools/cpe_getbyname.xsl, tools/cve_getbyname.xsl: New files.

* CMakeLists.txt: Install cpe_getbyname.xsl and cve_getbyname.xsl.

* src/CMakeLists.txt: Export path to the SCAP resource directory as a
preprocessor define.


Modified: trunk/openvas-manager/CMakeLists.txt
===================================================================
--- trunk/openvas-manager/CMakeLists.txt	2011-09-22 14:03:12 UTC (rev 11659)
+++ trunk/openvas-manager/CMakeLists.txt	2011-09-22 14:22:40 UTC (rev 11660)
@@ -326,7 +326,8 @@
 
 install (FILES tools/db_init.sql tools/cpe_update.xsl
          tools/cpe_youngerthan.xsl tools/cve_update.xsl
-         tools/cve_youngerthan.xsl
+         tools/cve_youngerthan.xsl tools/cpe_getbyname.xsl
+         tools/cve_getbyname.xsl
          DESTINATION ${OPENVAS_SCAP_RES_DIR}
          PERMISSIONS OWNER_WRITE OWNER_READ GROUP_READ WORLD_READ)
 

Modified: trunk/openvas-manager/ChangeLog
===================================================================
--- trunk/openvas-manager/ChangeLog	2011-09-22 14:03:12 UTC (rev 11659)
+++ trunk/openvas-manager/ChangeLog	2011-09-22 14:22:40 UTC (rev 11660)
@@ -1,3 +1,23 @@
+2011-09-22  Henri Doreau <henri.doreau at greenbone.net>
+
+	Add new get_info command and support to retrieve CPE and CVE details
+	through OMP.
+
+	* src/omp.c (get_info_data_t, get_info_data_reset, command_data_t,
+	omp_xml_handle_start_element, omp_xml_handle_end_element): Add get_info command.
+
+	* src/manage.c (get_cpe_filename, get_cve_filename, xsl_transform,
+	manage_read_info): New functions.
+
+	* src/manage.h: Update header accordingly.
+
+	* tools/cpe_getbyname.xsl, tools/cve_getbyname.xsl: New files.
+
+	* CMakeLists.txt: Install cpe_getbyname.xsl and cve_getbyname.xsl.
+
+	* src/CMakeLists.txt: Export path to the SCAP resource directory as a
+	preprocessor define.
+
 2011-09-19  Matthew Mundell <matthew.mundell at greenbone.net>
 
 	* src/schema_formats/XML/OMP.xml (actions, user_list): New types.

Modified: trunk/openvas-manager/src/CMakeLists.txt
===================================================================
--- trunk/openvas-manager/src/CMakeLists.txt	2011-09-22 14:03:12 UTC (rev 11659)
+++ trunk/openvas-manager/src/CMakeLists.txt	2011-09-22 14:22:40 UTC (rev 11660)
@@ -66,6 +66,8 @@
 add_definitions (-DOPENVAS_OS_NAME=\\\"${CMAKE_SYSTEM}\\\")
 add_definitions (-DPREFIX=\\\"${CMAKE_INSTALL_PREFIX}\\\")
 
+add_definitions (-DSCAP_RES_DIR=\\\"${OPENVAS_SCAP_RES_DIR}\\\")
+
 if (OPENVAS_USERS_DIR)
   add_definitions (-DOPENVAS_USERS_DIR=\\\"${OPENVAS_USERS_DIR}\\\")
 endif (OPENVAS_USERS_DIR)

Modified: trunk/openvas-manager/src/manage.c
===================================================================
--- trunk/openvas-manager/src/manage.c	2011-09-22 14:03:12 UTC (rev 11659)
+++ trunk/openvas-manager/src/manage.c	2011-09-22 14:22:40 UTC (rev 11660)
@@ -69,7 +69,31 @@
  */
 #define G_LOG_DOMAIN "md manage"
 
+
 /**
+ * @brief CPE selection stylesheet location.
+ */
+#define CPE_GETBYNAME_XSL SCAP_RES_DIR "/cpe_getbyname.xsl"
+
+/**
+ * @brief CVE selection stylesheet location.
+ */
+#define CVE_GETBYNAME_XSL SCAP_RES_DIR "/cve_getbyname.xsl"
+
+/**
+ * @brief CPE dictionary location.
+ */
+#define CPE_DICT_FILENAME SCAP_RES_DIR "/official-cpe-dictionary_v2.2.xml"
+
+/**
+ * @brief CVE data files location format string.
+ *
+ * %d should be the year expressed as YYYY.
+ */
+#define CVE_FILENAME_FMT SCAP_RES_DIR "/nvdcve-2.0-%d.xml"
+
+
+/**
  * @brief Information about the scanner.
  */
 scanner_t scanner = { NULL, NULL, NULL, NULL, 0 };
@@ -3894,3 +3918,177 @@
   openvas_server_close (socket, session);
   return -1;
 }
+
+/**
+ * @brief Return the path to the CPE dictionary.
+ *
+ * @return A dynamically allocated string (to be g_free'd) containing the
+ *         path to the desired file.
+ */
+static char *
+get_cpe_filename ()
+{
+  return g_strdup (CPE_DICT_FILENAME);
+}
+
+/**
+ * @brief Compute the filename where a given CVE can be found.
+ *
+ * @param[in] item_id   Full CVE identifier ("CVE-YYYY-ZZZZ").
+ *
+ * @return A dynamically allocated string (to be g_free'd) containing the
+ *         path to the desired file or NULL on error.
+ */
+static char *
+get_cve_filename (char *item_id)
+{
+  int year;
+
+  if (sscanf (item_id, "%*3s-%d-%*d", &year) == 1)
+    {
+      /* CVEs before 2002 are stored in the 2002 file. */
+      if (year <= 2002)
+        year = 2002;
+      return g_strdup_printf (CVE_FILENAME_FMT, year);
+    }
+  return NULL;
+}
+
+/**
+ * @brief Run xsltproc in an external process.
+ *
+ * @param[in] stylesheet    XSL stylesheet to use.
+ * @param[in] xmlfile       XML file to process.
+ * @param[in] param_names   NULL terminated array of stringparam names (can
+ *                          be NULL).
+ * @param[in] param_values  NULL terminated array of stringparam values (can
+ *                          be NULL).
+ *
+ * @return A dynamically allocated (to be g_free'd) string containing the
+ *         result of the operation of NULL on failure.
+ */
+static gchar *
+xsl_transform (gchar *stylesheet, gchar *xmlfile, gchar **param_names, gchar **param_values)
+{
+  int i, param_idx;
+  gchar **cmd, *cmd_full;
+  gint exit_status;
+  gboolean success;
+  gchar *standard_out = NULL, *standard_err = NULL;
+
+  param_idx = 0;
+  if (param_names && param_values)
+    while (param_names[param_idx] && param_values[param_idx])
+      param_idx++;
+
+  cmd = (gchar **)g_malloc ((4 + param_idx * 3) * sizeof (gchar *));
+
+  i = 0;
+  cmd[i++] = "xsltproc";
+  if (param_idx)
+    {
+      int j;
+
+      for (j = 0; j < param_idx; j++)
+        {
+          cmd[i++] = "--stringparam";
+          cmd[i++] = param_names[j];
+          cmd[i++] = param_values[j];
+        }
+    }
+  cmd[i++] = stylesheet;
+  cmd[i++] = xmlfile;
+  cmd[i] = NULL;
+
+
+  /* DEBUG: display the final command line. */
+  cmd_full = g_strjoinv (" ", cmd);
+  g_debug ("%s: Spawning in parent dir: %s\n",
+           __FUNCTION__, cmd_full);
+  g_free (cmd_full);
+  /* --- */
+
+  if ((g_spawn_sync (NULL,
+                     cmd,
+                     NULL,                  /* Environment. */
+                     G_SPAWN_SEARCH_PATH,
+                     NULL,                  /* Setup function. */
+                     NULL,
+                     &standard_out,
+                     &standard_err,
+                     &exit_status,
+                     NULL)
+       == FALSE)
+      || (WIFEXITED (exit_status) == 0)
+      || WEXITSTATUS (exit_status))
+    {
+      g_debug ("%s: failed to transform the xml: %d (WIF %i, WEX %i)",
+               __FUNCTION__,
+               exit_status,
+               WIFEXITED (exit_status),
+               WEXITSTATUS (exit_status));
+      g_debug ("%s: stderr: %s\n", __FUNCTION__, standard_err);
+      g_debug ("%s: stdout: %s\n", __FUNCTION__, standard_out);
+      success = FALSE;
+    }
+  else if (strlen (standard_out) == 0)
+    success = FALSE; /* execution succeeded but nothing was found */
+  else
+    success = TRUE; /* execution succeeded and we have a result */
+
+  /* Cleanup. */
+  g_free (cmd);
+  g_free (standard_err);
+
+  if (success)
+    return standard_out;
+
+  g_free (standard_out);
+  return NULL;
+}
+
+/**
+ * @brief Read raw information.
+ *
+ * @param[in]   type    Type of the requested information.
+ * @param[in]   name    Name or identifier of the requested information.
+ * @param[out]  result  Pointer to the read information location. Will point
+ *                      to NULL on error.
+ *
+ * @return 1 success, -1 error.
+ */
+int
+manage_read_info (gchar *type, gchar *name, gchar **result)
+{
+  gchar *fname;
+  gchar *pnames[2] = { "refname", NULL };
+  gchar *pvalues[2] = { name, NULL };
+
+  assert (result != NULL);
+  *result = NULL;
+
+  if (g_strcasecmp ("CPE", type) == 0)
+    {
+      fname = get_cpe_filename ();
+      if (fname)
+        {
+          *result = xsl_transform (CPE_GETBYNAME_XSL, fname, pnames, pvalues);
+          g_free (fname);
+        }
+    }
+  else if (g_strcasecmp ("CVE", type) == 0)
+    {
+      fname = get_cve_filename (name);
+      if (fname)
+        {
+          *result = xsl_transform (CVE_GETBYNAME_XSL, fname, pnames, pvalues);
+          g_free (fname);
+        }
+    }
+
+  if (*result == NULL)
+    return -1;
+
+  return 1;
+}
+

Modified: trunk/openvas-manager/src/manage.h
===================================================================
--- trunk/openvas-manager/src/manage.h	2011-09-22 14:03:12 UTC (rev 11659)
+++ trunk/openvas-manager/src/manage.h	2011-09-22 14:22:40 UTC (rev 11660)
@@ -1953,4 +1953,10 @@
 void
 parse_tags (const char *, gchar **, gchar **, gchar **);
 
+
+/* SCAP files parsing. */
+
+int
+manage_read_info (gchar *, gchar *, gchar **);
+
 #endif /* not OPENVAS_MANAGER_MANAGE_H */

Modified: trunk/openvas-manager/src/omp.c
===================================================================
--- trunk/openvas-manager/src/omp.c	2011-09-22 14:03:12 UTC (rev 11659)
+++ trunk/openvas-manager/src/omp.c	2011-09-22 14:22:40 UTC (rev 11660)
@@ -420,6 +420,7 @@
 "    GET_TARGETS            Get all targets.\n"
 "    GET_TASKS              Get all tasks.\n"
 "    GET_VERSION            Get the OpenVAS Manager Protocol version.\n"
+"    GET_INFO               Get raw information for a given item.\n"
 "    HELP                   Get this help text.\n"
 "    MODIFY_CONFIG          Update an existing config.\n"
 "    MODIFY_LSC_CREDENTIAL  Modify an existing LSC credential.\n"
@@ -2054,6 +2055,29 @@
 }
 
 /**
+ * @brief Command data for the get_info command.
+ */
+typedef struct
+{
+  char *type;         ///< Requested information type.
+  char *name;         ///< Requested information identifier.
+} get_info_data_t;
+
+/**
+ * @brief Reset command data.
+ *
+ * @param[in]  data  Command data.
+ */
+static void
+get_info_data_reset (get_info_data_t *data)
+{
+  free (data->type);
+  free (data->name);
+
+  memset (data, 0, sizeof (get_info_data_t));
+}
+
+/**
  * @brief Command data for the help command.
  */
 typedef struct
@@ -2576,6 +2600,7 @@
   get_system_reports_data_t get_system_reports;       ///< get_system_reports
   get_targets_data_t get_targets;                     ///< get_targets
   get_tasks_data_t get_tasks;                         ///< get_tasks
+  get_info_data_t get_info;                           ///< get_info
   help_data_t help;                                   ///< help
   modify_config_data_t modify_config;                 ///< modify_config
   modify_lsc_credential_data_t modify_lsc_credential; ///< modify_lsc_credential
@@ -2870,6 +2895,12 @@
  = &(command_data.get_tasks);
 
 /**
+ * @brief Parser callback data for GET_INFO.
+ */
+get_info_data_t *get_info_data
+ = &(command_data.get_info);
+
+/**
  * @brief Parser callback data for HELP.
  */
 help_data_t *help_data
@@ -3253,6 +3284,7 @@
   CLIENT_GET_TASKS,
   CLIENT_GET_VERSION,
   CLIENT_GET_VERSION_AUTHENTIC,
+  CLIENT_GET_INFO,
   CLIENT_HELP,
   CLIENT_MODIFY_LSC_CREDENTIAL,
   CLIENT_MODIFY_LSC_CREDENTIAL_NAME,
@@ -4595,6 +4627,14 @@
 
             set_client_state (CLIENT_GET_TASKS);
           }
+        else if (strcasecmp ("GET_INFO", element_name) == 0)
+          {
+            append_attribute (attribute_names, attribute_values, "type",
+                              &get_info_data->type);
+            append_attribute (attribute_names, attribute_values, "name",
+                              &get_info_data->name);
+            set_client_state (CLIENT_GET_INFO);
+          }
         else if (strcasecmp ("GET_VERSION", element_name) == 0)
           set_client_state (CLIENT_GET_VERSION_AUTHENTIC);
         else if (strcasecmp ("HELP", element_name) == 0)
@@ -5425,6 +5465,23 @@
                      G_MARKUP_ERROR_UNKNOWN_ELEMENT,
                      "Error");
         break;
+      
+      case CLIENT_GET_INFO:
+          {
+            if (send_element_error_to_client ("get_info", element_name,
+                                              write_to_client,
+                                              write_to_client_data))
+              {
+                error_send_to_client (error);
+                return;
+              }
+            set_client_state (CLIENT_AUTHENTIC);
+            g_set_error (error,
+                         G_MARKUP_ERROR,
+                         G_MARKUP_ERROR_UNKNOWN_ELEMENT,
+                         "Error");
+          }
+        break;
 
       case CLIENT_HELP:
         {
@@ -17303,7 +17360,40 @@
         get_tasks_data_reset (get_tasks_data);
         set_client_state (CLIENT_AUTHENTIC);
         break;
+      
+      case CLIENT_GET_INFO:
+        {
+          gchar *result;
 
+          result = NULL;
+
+          manage_read_info (get_info_data->type, get_info_data->name, &result);
+          if (result)
+            {
+              SEND_TO_CLIENT_OR_FAIL ("<get_info_response>"
+                                      " status=\"" STATUS_OK "\""
+                                      " status_text=\"" STATUS_OK_TEXT "\">");
+              SEND_TO_CLIENT_OR_FAIL (result ? result : "");
+              SEND_TO_CLIENT_OR_FAIL ("</get_info_response>");
+
+              g_free (result);
+            }
+          else
+            {
+              if (send_find_error_to_client ("get_info", "name",
+                                             get_info_data->name,
+                                             write_to_client,
+                                             write_to_client_data))
+                {
+                  error_send_to_client (error);
+                  return;
+                }
+            }
+          get_info_data_reset (get_info_data);
+          set_client_state (CLIENT_AUTHENTIC);
+          break;
+        }
+
       case CLIENT_VERIFY_AGENT:
         assert (strcasecmp ("VERIFY_AGENT", element_name) == 0);
         if (verify_agent_data->agent_id)

Added: trunk/openvas-manager/tools/cpe_getbyname.xsl
===================================================================
--- trunk/openvas-manager/tools/cpe_getbyname.xsl	2011-09-22 14:03:12 UTC (rev 11659)
+++ trunk/openvas-manager/tools/cpe_getbyname.xsl	2011-09-22 14:22:40 UTC (rev 11660)
@@ -0,0 +1,43 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+OpenVAS
+$Id$
+Description: Select a CPE item by name.
+
+Authors:
+Henri Doreau <henri.doreau at greenbone.net>
+
+Copyright:
+Copyright (C) 2011 Greenbone Networks GmbH
+
+This program is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License version 2,
+or, at your option, any later version as published by the Free
+Software Foundation
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program; if not, write to the Free Software
+Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+-->
+<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
+  xmlns:scap-core="http://scap.nist.gov/schema/scap-core/0.3"
+  xmlns:meta="http://scap.nist.gov/schema/cpe-dictionary-metadata/0.2"
+  xmlns:ns6="http://scap.nist.gov/schema/scap-core/0.1"
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xmlns:config="http://scap.nist.gov/schema/configuration/0.1"
+  xmlns:cpe="http://cpe.mitre.org/dictionary/2.0"
+  xsi:schemaLocation="http://scap.nist.gov/schema/configuration/0.1 http://nvd.nist.gov/schema/configuration_0.1.xsd http://scap.nist.gov/schema/scap-core/0.3 http://nvd.nist.gov/schema/scap-core_0.3.xsd http://cpe.mitre.org/dictionary/2.0 http://cpe.mitre.org/files/cpe-dictionary_2.2.xsd http://scap.nist.gov/schema/scap-core/0.1 http://nvd.nist.gov/schema/scap-core_0.1.xsd http://scap.nist.gov/schema/cpe-dictionary-metadata/0.2 http://nvd.nist.gov/schema/cpe-dictionary-metadata_0.2.xsd">
+
+<xsl:output method="html"/>
+
+<xsl:template match="cpe:cpe-list">
+  <xsl:copy-of select="cpe:cpe-item[@name = $refname]"/>
+</xsl:template>
+
+</xsl:stylesheet>
+


Property changes on: trunk/openvas-manager/tools/cpe_getbyname.xsl
___________________________________________________________________
Name: svn:keywords
   + Author Date Id Revision

Added: trunk/openvas-manager/tools/cve_getbyname.xsl
===================================================================
--- trunk/openvas-manager/tools/cve_getbyname.xsl	2011-09-22 14:03:12 UTC (rev 11659)
+++ trunk/openvas-manager/tools/cve_getbyname.xsl	2011-09-22 14:22:40 UTC (rev 11660)
@@ -0,0 +1,43 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+OpenVAS
+$Id$
+Description: Select a CVE item by name.
+
+Authors:
+Henri Doreau <henri.doreau at greenbone.net>
+
+Copyright:
+Copyright (C) 2011 Greenbone Networks GmbH
+
+This program is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License version 2,
+or, at your option, any later version as published by the Free
+Software Foundation
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program; if not, write to the Free Software
+Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+-->
+<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
+  xmlns:vuln="http://scap.nist.gov/schema/vulnerability/0.4"
+  xmlns:cpe-lang="http://cpe.mitre.org/language/2.0"
+  xmlns:scap-core="http://scap.nist.gov/schema/scap-core/0.1"
+  xmlns:cve="http://scap.nist.gov/schema/feed/vulnerability/2.0"
+  xmlns:cvss="http://scap.nist.gov/schema/cvss-v2/0.2"
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xmlns:patch="http://scap.nist.gov/schema/patch/0.1">
+
+<xsl:output method="html"/>
+
+<xsl:template match="cve:nvd">
+  <xsl:copy-of select="cve:entry[@id = $refname]"/>
+</xsl:template>
+
+</xsl:stylesheet>
+


Property changes on: trunk/openvas-manager/tools/cve_getbyname.xsl
___________________________________________________________________
Name: svn:keywords
   + Author Date Id Revision



More information about the Openvas-commits mailing list