[Openvas-commits] r11679 - in trunk/gsa: . src src/html

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Fri Sep 23 15:41:57 CEST 2011


Author: hdoreau
Date: 2011-09-23 15:41:54 +0200 (Fri, 23 Sep 2011)
New Revision: 11679

Modified:
   trunk/gsa/ChangeLog
   trunk/gsa/src/gsad.c
   trunk/gsa/src/gsad_omp.c
   trunk/gsa/src/gsad_omp.h
   trunk/gsa/src/html/omp.xsl
Log:
Add new CVE and CPE details dialog.

* src/gsad.c (init_validator, exec_omp_get): Add get_info command.

* src/gsad_omp.c (get_info, get_info_omp): New functions.

* src/gsad_omp.h: Update header accordingly.

* src/html/omp.xsl (stylesheet): Add SCAP namespaces.
(get_info_cpe_lnk, get_info_cve_lnk, get_info_response, cve_details)
(cpe_details): Add CVE and CPE details dialog.
(host): Apply get_info_cpe_lnk and get_info_cve_lnk to make CPE and
CVE clickable.


Modified: trunk/gsa/ChangeLog
===================================================================
--- trunk/gsa/ChangeLog	2011-09-23 09:18:45 UTC (rev 11678)
+++ trunk/gsa/ChangeLog	2011-09-23 13:41:54 UTC (rev 11679)
@@ -1,3 +1,19 @@
+2011-09-22  Henri Doreau <henri.doreau at greenbone.net>
+
+	Add new CVE and CPE details dialog.
+
+	* src/gsad.c (init_validator, exec_omp_get): Add get_info command.
+
+	* src/gsad_omp.c (get_info, get_info_omp): New functions.
+
+	* src/gsad_omp.h: Update header accordingly.
+
+	* src/html/omp.xsl (stylesheet): Add SCAP namespaces.
+	(get_info_cpe_lnk, get_info_cve_lnk, get_info_response, cve_details)
+	(cpe_details): Add CVE and CPE details dialog.
+	(host): Apply get_info_cpe_lnk and get_info_cve_lnk to make CPE and
+	CVE clickable.
+
 2011-09-22  Jan-Oliver Wagner <jan-oliver.wagner at greenbone.net>
 
 	* src/html/omp.xsl (task): Slightly improved appearance of icons

Modified: trunk/gsa/src/gsad.c
===================================================================
--- trunk/gsa/src/gsad.c	2011-09-23 09:18:45 UTC (rev 11678)
+++ trunk/gsa/src/gsad.c	2011-09-23 13:41:54 UTC (rev 11679)
@@ -488,6 +488,7 @@
                          "|(get_feed)"
                          "|(get_escalator)"
                          "|(get_escalators)"
+                         "|(get_info)"
                          "|(get_lsc_credential)"
                          "|(get_lsc_credentials)"
                          "|(get_note)"
@@ -595,6 +596,8 @@
   openvas_validator_add (validator, "override_id",    "^[a-z0-9\\-]+$");
   openvas_validator_add (validator, "override_result_id", "^[a-z0-9\\-]*$");
   openvas_validator_add (validator, "name",       "^[-_[:alnum:], \\./]{1,80}$");
+  openvas_validator_add (validator, "info_name",  "^(\\R|.)*$");
+  openvas_validator_add (validator, "info_type",  "^(\\R|.)*$");
   openvas_validator_add (validator, "number",     "^[0-9]+$");
   openvas_validator_add (validator, "observers",       "^[-_ [:alnum:]]*$");
   openvas_validator_add (validator, "optional_number", "^[0-9]*$");
@@ -1505,6 +1508,7 @@
 
   ELSE (get_escalator)
   ELSE (get_escalators)
+  ELSE (get_info)
   ELSE (get_lsc_credential)
   ELSE (get_lsc_credentials)
   ELSE (get_note)

Modified: trunk/gsa/src/gsad_omp.c
===================================================================
--- trunk/gsa/src/gsad_omp.c	2011-09-23 09:18:45 UTC (rev 11678)
+++ trunk/gsa/src/gsad_omp.c	2011-09-23 13:41:54 UTC (rev 11679)
@@ -1490,6 +1490,78 @@
 }
 
 /**
+ * @brief Requests RAW information details, accepting extra commands.
+ *
+ * @param[in]  credentials  Credentials for the manager connection.
+ * @param[in]  type         Type of the requested information.
+ * @param[in]  name         Name or identifier of the requested information.
+ * @param[in]  commands     Extra commands to run before the others.
+ *
+ * @return XSL transformed NVT details response or error message.
+ */
+static char*
+get_info (credentials_t *credentials, const char *type, const char *name,
+          const char *commands)
+{
+  GString *xml = NULL;
+  gnutls_session_t session;
+  int socket;
+  gchar *html;
+
+  switch (manager_connect (credentials, &socket, &session, &html))
+    {
+      case 0:
+        break;
+      case -1:
+        if (html)
+          return html;
+        /* Fall through. */
+      default:
+        return gsad_message (credentials,
+                             "Internal error", __FUNCTION__, __LINE__,
+                             "An internal error occurred while getting raw information. "
+                             "Diagnostics: Failure to connect to manager daemon.",
+                             "/omp?cmd=get_tasks");
+    }
+
+  if (openvas_server_sendf (&session,
+                            "<commands>"
+                            "%s"
+                            "<get_info"
+                            " type=\"%s\""
+                            " name=\"%s\"/>"
+                            "</commands>",
+                            commands ? commands : "",
+                            type,
+                            name)
+        == -1)
+    {
+      openvas_server_close (socket, session);
+      return gsad_message (credentials,
+                           "Internal error", __FUNCTION__, __LINE__,
+                           "An internal error occurred while getting raw information. "
+                           "Diagnostics: Failure to send command to manager daemon.",
+                           "/omp?cmd=get_tasks");
+    }
+
+  xml = g_string_new ("<get_info>");
+  if (read_string (&session, &xml))
+    {
+      openvas_server_close (socket, session);
+      g_string_free (xml, TRUE);
+      return gsad_message (credentials,
+                           "Internal error", __FUNCTION__, __LINE__,
+                           "An internal error occurred while getting raw information. "
+                           "Diagnostics: Failure to receive response from manager daemon.",
+                           "/omp?cmd=get_tasks");
+    }
+  g_string_append (xml, "</get_info>");
+
+  openvas_server_close (socket, session);
+  return xsl_transform_omp (credentials, g_string_free (xml, FALSE));
+}
+
+/**
  * @brief Requests NVT details, accepting extra commands.
  *
  * @param[in]  credentials  Credentials for the manager connection.
@@ -1568,6 +1640,32 @@
 }
 
 /**
+ * @brief Requests raw information.
+ *
+ * @param[in]  credentials  Credentials for the manager connection.
+ * @param[in]  params       Request parameters.
+ *
+ * @return XSL transformed NVT details response or error message.
+ */
+char*
+get_info_omp (credentials_t *credentials, params_t *params)
+{
+  const char *type, *name;
+
+  type = params_value (params, "info_type");
+  name = params_value (params, "info_name");
+
+  if ((type == NULL) || (name == NULL))
+    return gsad_message (credentials,
+                         "Internal error", __FUNCTION__, __LINE__,
+                         "An internal error occurred while getting raw information. "
+                         "Diagnostics: Required parameter was NULL.",
+                         "/omp?cmd=get_tasks");
+
+  return get_info (credentials, type, name, NULL);
+}
+
+/**
  * @brief Requests NVT details, accepting extra commands.
  *
  * @param[in]  credentials  Credentials for the manager connection.

Modified: trunk/gsa/src/gsad_omp.h
===================================================================
--- trunk/gsa/src/gsad_omp.h	2011-09-23 09:18:45 UTC (rev 11678)
+++ trunk/gsa/src/gsad_omp.h	2011-09-23 13:41:54 UTC (rev 11679)
@@ -161,6 +161,7 @@
 
 int authenticate_omp (const gchar *, const gchar *);
 
+char * get_info_omp (credentials_t *, params_t *);
 char * get_nvts_omp (credentials_t *, params_t *);
 
 #endif /* not _GSAD_OMP_H */

Modified: trunk/gsa/src/html/omp.xsl
===================================================================
--- trunk/gsa/src/html/omp.xsl	2011-09-23 09:18:45 UTC (rev 11678)
+++ trunk/gsa/src/html/omp.xsl	2011-09-23 13:41:54 UTC (rev 11679)
@@ -5,6 +5,18 @@
     xmlns:str="http://exslt.org/strings"
     xmlns:func = "http://exslt.org/functions"
     xmlns:gsa="http://openvas.org"
+    xmlns:vuln="http://scap.nist.gov/schema/vulnerability/0.4"
+    xmlns:cpe-lang="http://cpe.mitre.org/language/2.0"
+    xmlns:scap-core="http://scap.nist.gov/schema/scap-core/0.1"
+    xmlns:cve="http://scap.nist.gov/schema/feed/vulnerability/2.0"
+    xmlns:cvss="http://scap.nist.gov/schema/cvss-v2/0.2"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xmlns:patch="http://scap.nist.gov/schema/patch/0.1"
+    xmlns:meta="http://scap.nist.gov/schema/cpe-dictionary-metadata/0.2"
+    xmlns:ns6="http://scap.nist.gov/schema/scap-core/0.1"
+    xmlns:config="http://scap.nist.gov/schema/configuration/0.1"
+    xmlns:cpe="http://cpe.mitre.org/dictionary/2.0"
+    xsi:schemaLocation="http://scap.nist.gov/schema/configuration/0.1 http://nvd.nist.gov/schema/configuration_0.1.xsd http://scap.nist.gov/schema/scap-core/0.3 http://nvd.nist.gov/schema/scap-core_0.3.xsd http://cpe.mitre.org/dictionary/2.0 http://cpe.mitre.org/files/cpe-dictionary_2.2.xsd http://scap.nist.gov/schema/scap-core/0.1 http://nvd.nist.gov/schema/scap-core_0.1.xsd http://scap.nist.gov/schema/cpe-dictionary-metadata/0.2 http://nvd.nist.gov/schema/cpe-dictionary-metadata_0.2.xsd"
     extension-element-prefixes="str func">
     <xsl:output
       method="html"
@@ -8261,6 +8273,186 @@
 
 <!-- END SLAVES MANAGEMENT -->
 
+<!-- BEGIN GET RAW INFO -->
+
+<xsl:template name="get_info_cpe_lnk">
+  <xsl:param name="cpe"/>
+  <a href="/omp?cmd=get_info&amp;info_type=cpe&amp;info_name={$cpe}&amp;token={/envelope/token}"
+     title="Details"><xsl:value-of select="$cpe"/></a>
+</xsl:template>
+
+<xsl:template name="get_info_cve_lnk">
+  <xsl:param name="cve"/>
+  <a href="/omp?cmd=get_info&amp;info_type=cve&amp;info_name={$cve}&amp;token={/envelope/token}"
+     title="Details"><xsl:value-of select="$cve"/></a>
+</xsl:template>
+
+<xsl:template match="get_info_response">
+  <div class="gb_window">
+    <div class="gb_window_part_left"></div>
+    <div class="gb_window_part_right"></div>
+    <xsl:choose>
+      <xsl:when test="count (cve:entry) > 0">
+        <xsl:call-template name="cve-details"/>
+      </xsl:when>
+      <xsl:when test="count (cpe:cpe-item) > 0">
+        <xsl:call-template name="cpe-details"/>
+      </xsl:when>
+      <xsl:otherwise>
+        <div class="gb_window_part_center">Get details</div>
+        <div class="gb_window_part_content">
+          <h1>Information unavailable (unknown element)</h1>
+        </div>
+      </xsl:otherwise>
+    </xsl:choose>
+  </div>
+</xsl:template>
+
+<xsl:template name="cve-details">
+  <div class="gb_window_part_center">CVE Details</div>
+  <div class="gb_window_part_content">
+    <h1>CVE Details</h1>
+    <table>
+      <tr>
+        <td><b>ID</b></td>
+        <td><b>
+          <xsl:call-template name="get_info_cve_lnk">
+            <xsl:with-param name="cve">
+              <xsl:value-of select="cve:entry/@id"/>
+            </xsl:with-param>
+          </xsl:call-template>
+        </b></td>
+
+      </tr>
+      <tr>
+        <td><b>Published</b></td>
+        <td><xsl:value-of select="cve:entry/vuln:published-datetime"/></td>
+      </tr>
+      <tr>
+        <td><b>Last modified</b></td>
+        <td><xsl:value-of select="cve:entry/vuln:last-modified-datetime"/></td>
+      </tr>
+      <tr>
+        <td><b>CWE ID</b></td>
+        <td><xsl:value-of select="cve:entry/vuln:cwe/@id"/></td>
+      </tr>
+    </table>
+
+    <h2>Description</h2>
+    <xsl:value-of select="cve:entry/vuln:summary/text()"/>
+
+    <h2>CVSS</h2>
+    <table>
+      <tr>
+        <td><b>Base score</b></td>
+        <td><xsl:value-of select="cve:entry/vuln:cvss/cvss:base_metrics/cvss:score"/></td>
+      </tr>
+      <tr>
+        <td><b>Access vector</b></td>
+        <td><xsl:value-of select="cve:entry/vuln:cvss/cvss:base_metrics/cvss:access-vector"/></td>
+      </tr>
+      <tr>
+        <td><b>Access Complexity</b></td>
+        <td><xsl:value-of select="cve:entry/vuln:cvss/cvss:base_metrics/cvss:access-complexity"/></td>
+      </tr>
+      <tr>
+        <td><b>Authentication</b></td>
+        <td><xsl:value-of select="cve:entry/vuln:cvss/cvss:base_metrics/cvss:authentication"/></td>
+      </tr>
+      <tr>
+        <td><b>Confidentiality impact</b></td>
+        <td><xsl:value-of select="cve:entry/vuln:cvss/cvss:base_metrics/cvss:confidentiality-impact"/></td>
+      </tr>
+      <tr>
+        <td><b>Integrity impact</b></td>
+        <td><xsl:value-of select="cve:entry/vuln:cvss/cvss:base_metrics/cvss:integrity-impact"/></td>
+      </tr>
+      <tr>
+        <td><b>Availability impact</b></td>
+        <td><xsl:value-of select="cve:entry/vuln:cvss/cvss:base_metrics/cvss:availability-impact"/></td>
+      </tr>
+      <tr>
+        <td><b>Source</b></td>
+        <td><xsl:value-of select="cve:entry/vuln:cvss/cvss:base_metrics/cvss:source"/></td>
+      </tr>
+      <tr>
+        <td><b>Generated</b></td>
+        <td><xsl:value-of select="cve:entry/vuln:cvss/cvss:base_metrics/cvss:generated-on-datetime"/></td>
+      </tr>
+    </table>
+
+    <h2>References</h2>
+    <table>
+      <xsl:for-each select="cve:entry/vuln:references">
+        <tr>
+          <td><xsl:value-of select="vuln:source/text()"/></td>
+        </tr>
+        <tr>
+          <td></td>
+          <td><xsl:value-of select="vuln:reference/text()"/></td>
+        </tr>
+        <tr>
+          <td></td>
+          <td><xsl:value-of select="vuln:reference/@href"/></td>
+        </tr>
+      </xsl:for-each>
+    </table>
+
+    <h2>Vulnerable products</h2>
+    <table>
+      <xsl:for-each select="cve:entry/vuln:vulnerable-software-list/vuln:product">
+        <tr><td>
+          <xsl:call-template name="get_info_cpe_lnk">
+            <xsl:with-param name="cpe">
+              <xsl:value-of select="text()"/>
+            </xsl:with-param>
+          </xsl:call-template>
+        </td></tr>
+      </xsl:for-each>
+    </table>
+  </div>
+</xsl:template>
+
+<xsl:template name="cpe-details">
+  <div class="gb_window_part_center">CPE Details</div>
+  <div class="gb_window_part_content">
+    <h1>CPE Details</h1>
+    <table>
+      <tr>
+        <td><b>Name</b></td>
+        <td><b>
+          <xsl:call-template name="get_info_cpe_lnk">
+            <xsl:with-param name="cpe">
+              <xsl:value-of select="cpe:cpe-item/@name"/>
+            </xsl:with-param>
+          </xsl:call-template>
+        </b></td>
+      </tr>
+      <xsl:for-each select="cpe:cpe-item/cpe:title">
+        <tr>
+          <td>Title (<xsl:value-of select="@xml:lang"/>)</td>
+          <td><xsl:value-of select="text()"/></td>
+        </tr>
+      </xsl:for-each>
+      <tr>
+        <td>NVD ID</td>
+        <td><xsl:value-of select="cpe:cpe-item/meta:item-metadata/@nvd-id"/></td>
+      </tr>
+      <tr>
+        <td>Last modified</td>
+        <td><xsl:value-of select="cpe:cpe-item/meta:item-metadata/@modification-date"/></td>
+      </tr>
+      <xsl:if test="cpe:cpe-item/@deprecated='true'">
+        <tr>
+          <td>Deprecated by</td>
+          <td><xsl:value-of select="cpe:cpe-item/@deprecated_by"/></td>
+        </tr>
+      </xsl:if>
+    </table>
+  </div>
+</xsl:template>
+
+
 <!-- BEGIN NVT DETAILS -->
 
 <xsl:template match="nvt">
@@ -10674,8 +10866,14 @@
                               select="count (../detail[name = concat ($app, '/CVE')])"/>
                 <xsl:variable name="cvss"
                               select="../detail[name = concat ($app, '/', $cve, '/CVSS')]/value"/>
-                <td><xsl:value-of select="$app"/></td>
                 <td>
+                  <xsl:call-template name="get_info_cpe_lnk">
+                    <xsl:with-param name="cpe">
+                      <xsl:value-of select="$app"/>
+                    </xsl:with-param>
+                  </xsl:call-template>
+                </td>
+                <td>
                   <xsl:variable name="threat"
                                 select="../detail[name = concat ($app, '/threat')]/value"/>
                   <xsl:choose>
@@ -10694,8 +10892,14 @@
                   </xsl:choose>
                 </td>
                 <td><xsl:value-of select="$cvss"/></td>
-                <td><xsl:value-of select="$cve"/></td>
                 <td>
+                  <xsl:call-template name="get_info_cve_lnk">
+                    <xsl:with-param name="cve">
+                      <xsl:value-of select="$cve"/>
+                    </xsl:with-param>
+                  </xsl:call-template>
+                </td>
+                <td>
                   <xsl:choose>
                     <xsl:when test="$threats &gt; 0">
                       <xsl:value-of select="$threats"/>



More information about the Openvas-commits mailing list