<200902170851.37860.jan-oliver.wagner@intevation.de>
Message-ID: <453C6A09-261A-4EF3-ABD6-14FA21F7EB9B@markwallis.id.au>
Hi Jan,
On 17/02/2009, at 6:51 PM, Jan-Oliver Wagner wrote:
> Are you aware of Change Request #18 which is aiming at a similar
> issue?
>
> http://www.openvas.org/openvas-cr-18.html
>
> (It introduces filters for severity and is half-implemented in
> current SVN.)
I wasn't aware of that CR, thanks for the link. I agree those features
would be fantastic - but it's not 100% what I was after. I like to be
able to produce a 'high risk only' report to give people to focus on
without having to 'downgrade' all the other alerts. In a way, I would
like to be able to keep the scan results and the report formatting
separated. I understand though that my needs are probably the edge-
case here.
If there are any changes you want me to make to the patch let me know,
otherwise I might have a look through the other existing change
requests and see if there is anything I can investigate.
Thanks,
Mark.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.wald.intevation.org/pipermail/openvas-devel/attachments/20090217/701a5523/attachment.html
From matt at mundell.ukfsn.org Tue Feb 17 15:10:16 2009
From: matt at mundell.ukfsn.org (Matthew Mundell)
Date: 17 Feb 2009 14:10:16 GMT
Subject: [Openvas-devel] Updated OMP Specification
In-Reply-To: Message of Thu, 29 Jan 2009 10:24:56 +0100.
<20090129092456.GB21185@intevation.de>
Message-ID: <20090217141001.E658CDEB8A@mail.ukfsn.org>
> - The get_nvt_details_oid and get_nvt_details_all commands have been
> merged into the get_nvt_details command which now takes an optional
> oid attribute.
How about merging get_nvt_details and get_nvt_all into a single command?
From openvas-bugs at wald.intevation.org Wed Feb 18 11:10:43 2009
From: openvas-bugs at wald.intevation.org (openvas-bugs@wald.intevation.org)
Date: Wed, 18 Feb 2009 11:10:43 +0100 (CET)
Subject: [Openvas-devel] =?utf-8?q?=5Bopenvas-Bugs=5D=5B891=5D_Client_segf?=
=?utf-8?q?aults_when_reconnecting_to_a_changed_server?=
Message-ID: <20090218101043.B4ECF40732@pyrosoma.intevation.org>
Bugs item #891, was opened at 2009-02-18 11:10
Status: Open
Priority: 3
Submitted By: Michael Wiegand (mwiegand)
Assigned to: Nobody (None)
Summary: Client segfaults when reconnecting to a changed server
Resolution: Accepted As Bug
Severity: minor
Version: v2.0
Component: openvas-client
Operating System: Linux
Product: OpenVAS
Hardware: PC
URL:
Initial Comment:
I've been finally able to get a backtrace for a segfault in the client I've been observing for quite a while. See the attached file for the backtrace.
What I did:
1) Start the server.
2) Start the client.
3) Connect to the server.
4) Disconnect from the server, leave client running.
5) Kill server.
6) Perform a minimal change in the server code; in my case, commenting out one line in openvasd/oval_plugins.c
7) Start the server.
8) Connect to the server using the previous scope.
The client opens the "Connecting..." window and immediately segfaults.
The backtrace looks like the bug might be Gtk-related.
This bug will hardly be an issue in a non-developer environment, this is why I'm setting the severity to "minor".
Has anybody else observed this bug? Questions and suggestions are welcome.
----------------------------------------------------------------------
You can respond by visiting:
http://wald.intevation.org/tracker/?func=detail&atid=220&aid=891&group_id=29
From sgros.ml at gmail.com Thu Feb 19 08:51:06 2009
From: sgros.ml at gmail.com (Stjepan Gros)
Date: Thu, 19 Feb 2009 08:51:06 +0100
Subject: [Openvas-devel] Next steps...
Message-ID: <499D0F6A.7090903@gmail.com>
Well, after patch for plugins has been integrated, I suppose I could try
to do something else. There are three possibilities:
1. there are places where word nessus is still mentioned (licenses
excluded). this should be relatively easily to change and it would be a
short term task
2. i could start with IPv6 implementation. this is a longer term task
and it would require first that we agree on how to abstract IPv4/IPv6
specific code from the majority of the openvas
3. starting to phase out openvas internal implementation of basic
algorithms and data structures and replace them with glib's structures.
this is the most complex task of the three.
I could start with 1, as it is the easiest task. Is that ok?
Stjepan
From jan-oliver.wagner at intevation.de Thu Feb 19 09:09:44 2009
From: jan-oliver.wagner at intevation.de (Jan-Oliver Wagner)
Date: Thu, 19 Feb 2009 09:09:44 +0100
Subject: [Openvas-devel] Next steps...
In-Reply-To: <499D0F6A.7090903@gmail.com>
References: <499D0F6A.7090903@gmail.com>
Message-ID: <200902190909.47359.jan-oliver.wagner@intevation.de>
On Donnerstag, 19. Februar 2009, Stjepan Gros wrote:
> Well, after patch for plugins has been integrated, I suppose I could try
> to do something else. There are three possibilities:
>
> 1. there are places where word nessus is still mentioned (licenses
> excluded). this should be relatively easily to change and it would be a
> short term task
I prefer to have this done for the next major release.
There are many function names etc. that contain "nessus".
Renaming them would mean to break API.
So, probably it is better to begin the tabula rasa after the 2.0 series is
branched and trunk heading for 3.0.
> 2. i could start with IPv6 implementation. this is a longer term task
> and it would require first that we agree on how to abstract IPv4/IPv6
> specific code from the majority of the openvas
That'll be a good new feature. You could start with further analysis and
first small patches (please keep them as small at possible ;-).
> 3. starting to phase out openvas internal implementation of basic
> algorithms and data structures and replace them with glib's structures.
> this is the most complex task of the three.
I am moving my mind here and have the idea to start another
library inside openvas-libraries: "libopenvascommon".
My hope is to have a sample and RFC within the next weeks.
However, other aspects come immediatley to my mind that
could be done independent of larger strategies:
For example
* use the glib ini-file API for all .conf files.
* have timestamps for the openvasd.dump file
> I could start with 1, as it is the easiest task. Is that ok?
Most intersting/challenging is probably 2.
3 allows for some simpler, "programming" tasks.
1 should be postponed.
Of course we like to have all of them to be worked on :-)
Best
Jan
--
Dr. Jan-Oliver Wagner | ++49-541-335083-0 | http://www.intevation.de/
Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 18998
Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
From jan-oliver.wagner at intevation.de Thu Feb 19 09:57:39 2009
From: jan-oliver.wagner at intevation.de (Jan-Oliver Wagner)
Date: Thu, 19 Feb 2009 09:57:39 +0100
Subject: [Openvas-devel] Planning openvas-client 2.0.2
Message-ID: <200902190957.41483.jan-oliver.wagner@intevation.de>
Hello,
now that the server modules are updated, it is also time to release
a new version of the openvas-client with all the accumulated fixes
and improvements.
I'd like to have the new release happen in February.
We need you for:
* translations (please simply ask how to do it if you don't know and
let us know anyway if you start to work on a specific translation to avoid
doubled effords)
* testing, testing, testing - as usual ;-)
Most shiny new feature:
* The SSH key management and its use for ssh_authorization
(I will send a separate email to describe how to use it)
What might still be done before actual release:
* integer widgets ("spinners") for further values where integer is requested
* perhaps: the GUI for false positive management (which would be the second
shiny new feature then :-)
* Anything I forgot?
Changes that happened so far:
* Improved buggy timeout-setting functionality
(made the timout setting robust against misuse (only integers allowed now)
and moved it into the plugin details dialog in order to avoid extra-clicks
and in order to allow for a more holistic overview on a plugin.
* Added counter column for log messages.
* Fixed bug #867 (http://bugs.openvas.org/867) which caused a corrupted protocol
attribute when service names contained slashes. This also fixes another
bug which caused service names to show up in the protocol attribute.
NB: This causes some port elements to have empty protocol attributes
when the protocol information was not sent correctly by the server. This
appens when then messages does not relate to a specific port, but to
the attacked host in general (port 0 in NASL).
* First step for false positives management (according to CR#18,
http://www.openvas.org/openvas-cr-18.html).
You will notice a column "FP", but there is no GUI yet that allows
for easy management of False Positives.
* Fixed bug: When no_nasl_check==no, signatures were not found due to
sometimes different "fingerprint" length.
* Fixed bug: Server preference setting did (and partially still does) not
override values local to the client, making it impossible to read the real
servers value. Fixed for nasl_no_signature_check.
* Fixed bug: unknown nvt signatures were not always listed in plugin info dialog
* Made the SSH key manager dialog ready for production mode (a new ssh_authorization.nasl is
required for this feature which will be send to this list shortly)
This relates to CR#20 (http://www.openvas.org/openvas-cr-20.html)
* Default port changed from 1241 to 9390 (which was recently assigned by IANA)
* Numerous code cleanups and code documentations effords
* Automated source code documentation procedure via doxygen
* Fixed bug #858 (http://bugs.openvas.org/858) which cause a segmentation fault when
trying to list preferences or plugins without enabling batch mode.
Please let us know if you want anything in this module before the release.
It is planned to have the release by end of february.
Best
Jan
--
Dr. Jan-Oliver Wagner | ++49-541-335083-0 | http://www.intevation.de/
Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 18998
Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
From jan-oliver.wagner at intevation.de Thu Feb 19 11:34:15 2009
From: jan-oliver.wagner at intevation.de (Jan-Oliver Wagner)
Date: Thu, 19 Feb 2009 11:34:15 +0100
Subject: [Openvas-devel] About the new SSH management and per-target feature
and its effects
Message-ID: <200902191134.17394.jan-oliver.wagner@intevation.de>
Hi,
with the upcoming 2.0.2 release of openvas-client we will
introduce a shiny new feature: the SSH key managment
according to CR#20, http://www.openvas.org/openvas-cr-20.html.
It is in SVN already of course.
The server side (openvas-server 2.0.1) is already prepared for the
new plugin preferences.
Whats missing is a new "ssh_authorization.nasl".
It is attached to this email but not yet checked in.
!!!!!!!!!!
It is highly appreciated if some of you could test this feature,
preferable those of you who do local security checks.
And especially those who use also direct login/password methods.
!!!!!!!!!!
Can we live with the effects of this new version?
Effects for OpenVAS 1.0 users:
The client plugin prefrences for ssh_authorization have a additional parameter
"Use per-target login information". In case they check it, local security checks won't
work anymore.
Effects for openvas-server <= 2.0.0 and OpenVAS-Client <= 2.0.1 users:
The client will pop up warnings about an unknown preference type.
And also the same is true as for OpenVAS 1.0 users.
Effects for openvas-server >=2.0.1 and OpenVAS-Client >= 2.0.2 users:
You can check "Use per-target login information" and then use the SSH keys
configured in the OpenVAS SSH-key manager (accessible via File->Preferences).
Note for login/password users (i.e. no key-based log-in): This currently conflicts
with the SSH-key-based per-host method. You need to decide whether
to use direct login or to use key-base login - you can't mix the methods
Best
Jan
--
Dr. Jan-Oliver Wagner | ++49-541-335083-0 | http://www.intevation.de/
Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 18998
Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ssh_authorization.nasl
Type: text/x-java
Size: 4049 bytes
Desc: not available
Url : http://lists.wald.intevation.org/pipermail/openvas-devel/attachments/20090219/cd51a8b3/ssh_authorization.java
From jan-oliver.wagner at intevation.de Thu Feb 19 14:28:29 2009
From: jan-oliver.wagner at intevation.de (Jan-Oliver Wagner)
Date: Thu, 19 Feb 2009 14:28:29 +0100
Subject: [Openvas-devel] Patch to overcome store failures
Message-ID: <200902191428.35234.jan-oliver.wagner@intevation.de>
Hi,
attached is a simple patch (that I never tried!) to allow to use
a script that exceeds some of the size limits of the store.
Sample case is that you have required_keys (in total!) exceed 128
characters.
Perhaps it helps. Let me know.
Best
Jan
--
Dr. Jan-Oliver Wagner | ++49-541-335083-0 | http://www.intevation.de/
Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 18998
Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openvasd-overcome-store-failure.patch
Type: text/x-diff
Size: 659 bytes
Desc: not available
Url : http://lists.wald.intevation.org/pipermail/openvas-devel/attachments/20090219/aeed3bf2/openvasd-overcome-store-failure.bin
From openvas-bugs at wald.intevation.org Fri Feb 20 09:27:16 2009
From: openvas-bugs at wald.intevation.org (openvas-bugs@wald.intevation.org)
Date: Fri, 20 Feb 2009 09:27:16 +0100 (CET)
Subject: [Openvas-devel] =?utf-8?q?=5Bopenvas-Bugs=5D=5B893=5D_openvasd_do?=
=?utf-8?q?es_not_warn_about_missing_certificate_started_in_daemon_?=
=?utf-8?q?mode?=
Message-ID: <20090220082716.EE64C4077A@pyrosoma.intevation.org>
Bugs item #893, was opened at 2009-02-20 08:27
Status: Open
Priority: 3
Submitted By: Felix Wolfsteller (felix)
Assigned to: Nobody (None)
Summary: openvasd does not warn about missing certificate started in daemon mode
Resolution: None
Severity: trivial
Version: v2.0
Component: None
Operating System: Linux
Product: OpenVAS
Hardware: None
URL:
Initial Comment:
1) install fresh server, but no certificate or user
2) start in daemon mode
| user at host:~# openvasd -D
| All plugins loaded
3) server is not actually running, warning appears only in non-daemon mode
| user at host:~# openvasd
| All plugins loaded
| *** 'ca_file' is not set - did you run openvas-mkcert?
That behaviour is a bit misleading, openvas-server should emit warning about missing ca_file also in daemon mode and in both cases make clear that it cant live without.
----------------------------------------------------------------------
You can respond by visiting:
http://wald.intevation.org/tracker/?func=detail&atid=220&aid=893&group_id=29
From meyer at strato-rz.de Sun Feb 22 16:45:49 2009
From: meyer at strato-rz.de (Michael Meyer)
Date: Sun, 22 Feb 2009 16:45:49 +0100
Subject: [Openvas-devel] [openvas-libraries] www_funcs.c -> httpver is
reduced
Message-ID: <20090222154549.GA22543@strato-rz.de>
Hello,
,---[ openvas-libnasl/nasl/nasl_http.c
| [...]
| 127 url = build_encode_URL(script_infos, keyword, NULL, item, "HTTP/1.1");
| [...]
| 144 url = build_encode_URL(script_infos, keyword, NULL, item, "HTTP/1.0\r\n");
| [...]
`---|
This sets HTTP-Version to 1.1 or 1.0. So far so good.
,---[ test.nasl ]
| [...]
| url = string(dir, "/index.php");
| req = http_get(item:url, port:port);
| buf = http_keepalive_send_recv(port:port, data:req, bodyonly:FALSE);
| display(req, "-->\n", buf);
| [...]
`---|
,---[ openvas-nasl -X -t ... test.nasl ]
| GET /index.php HTTP/1.
| Connection: Close
| Host: xxxxxxxxxxx.xx
| Pragma: no-cache
| User-Agent: Mozilla/4.75 [en] (X11, U; Nessus)
| Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*
| Accept-Language: en
| Accept-Charset: iso-8859-1,*,utf-8
| -->
| HTTP/1.1 400 Bad Request
| Date: Sun, 22 Feb 2009 15:15:22 GMT
| Server: Apache
| Connection: close
| Content-Type: text/html; charset=iso-8859-1
|
|
|
| 400 Bad Request
|
| Bad Request
| Your browser sent a request that this server could not understand.
| The request line contained invalid characters following the protocol string.
|
|
`---|
As you can see, HTTP-Version is reduced from "HTTP/1.1" to "HTTP/1.". On some webservers
this leads in a "400 Bad Request".
###########################################################################################
--- openvas-libraries-2.0.1/libopenvas/www_funcs.c 2009-01-26 08:21:07.000000000 +0100
+++ openvas-libraries-2.0.1.1/libopenvas/www_funcs.c
2009-02-22 15:37:55.000000000 +0100
@@ -467,7 +467,7 @@
fprintf(stderr, "NIDS/HTTP/protocol_string = %s\n", s);
#endif
}
- l += strlen(httpver) + 1;
+ l += strlen(httpver) + 2;
}
###########################################################################################
I have not really an idea why (;-)), but this patch helps to solve this issue.
Micha
From d.jagdmann at dn-systems.de Sun Feb 22 16:58:48 2009
From: d.jagdmann at dn-systems.de (Dirk Jagdmann)
Date: Sun, 22 Feb 2009 07:58:48 -0800
Subject: [Openvas-devel] [openvas-libraries] www_funcs.c -> httpver is
reduced
In-Reply-To: <20090222154549.GA22543@strato-rz.de>
References: <20090222154549.GA22543@strato-rz.de>
Message-ID: <49A17638.5020304@dn-systems.de>
> ###########################################################################################
> --- openvas-libraries-2.0.1/libopenvas/www_funcs.c 2009-01-26 08:21:07.000000000 +0100
> +++ openvas-libraries-2.0.1.1/libopenvas/www_funcs.c
> 2009-02-22 15:37:55.000000000 +0100
> @@ -467,7 +467,7 @@
> fprintf(stderr, "NIDS/HTTP/protocol_string = %s\n", s);
> #endif
> }
> - l += strlen(httpver) + 1;
> + l += strlen(httpver) + 2;
> }
> ###########################################################################################
>
> I have not really an idea why (;-)), but this patch helps to solve this issue.
I guest because \r\n will be added to the request line.
--
Dirk Jagdmann : Coder
Tel. +49-5121-28989-15
--
DN-Systems Enterprise Internet Solutions GmbH
Hornemannstr. 11 31137 Hildesheim, Germany
Tel. +49-5121-28989-0 Fax. +49-5121-28989-11
Handelsregister HRB-3213 Amtsgericht Hildesheim
Gesch?ftsf?hrer: Lukas Grunwald
From jan-oliver.wagner at intevation.de Sun Feb 22 18:55:03 2009
From: jan-oliver.wagner at intevation.de (Jan-Oliver Wagner)
Date: Sun, 22 Feb 2009 18:55:03 +0100
Subject: [Openvas-devel] [openvas-libraries] www_funcs.c -> httpver is
reduced
In-Reply-To: <20090222154549.GA22543@strato-rz.de>
References: <20090222154549.GA22543@strato-rz.de>
Message-ID: <200902221855.03493.jan-oliver.wagner@intevation.de>
On Sunday 22 February 2009 16:45:49 Michael Meyer wrote:
> I have not really an idea why (;-)), but this patch helps to solve this
> issue.
well, it is not the first time such a wrong length calculation is detected
in the old Nessus code. Thanks for spotting this!
Best
Jan
--
Dr. Jan-Oliver Wagner | ++49-541-335 08 30 | http://www.intevation.de/
Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 18998
Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
From felix.wolfsteller at intevation.de Mon Feb 23 10:33:37 2009
From: felix.wolfsteller at intevation.de (Felix Wolfsteller)
Date: Mon, 23 Feb 2009 10:33:37 +0100
Subject: [Openvas-devel] [RFC PATCH] Allowing filtering of issues during
report export
In-Reply-To: <453C6A09-261A-4EF3-ABD6-14FA21F7EB9B@markwallis.id.au>
References:
<200902170851.37860.jan-oliver.wagner@intevation.de>
<453C6A09-261A-4EF3-ABD6-14FA21F7EB9B@markwallis.id.au>
Message-ID: <200902231033.37382.felix.wolfsteller@intevation.de>
Hi Mark
I took a quick, second look at your patch.
What is missing imho:
* The filter does not effect nbe and pdf export if i am not mistaken. Quite
important.
* A solution with bit sets instead of defines (SAVE_DETAIL_ALL,
SAVE_DETAIL_HIGHMED) might make it easier to incorporate other levels at a
later stage. This could be reflected in the GUI by checkboxes (so that you
could en/disable every level for itself), but I find atm the combobox work
equally fine. I was sure that the GLib brings a handy support for bit
sets/masks, but I do not find it right now.
Other than that I find its a nice feature.
But I also see that report generation needs a lot of care.
-- felix
On Tuesday 17 February 2009 13:13:38 Mark Wallis wrote:
> Hi Jan,
>
> On 17/02/2009, at 6:51 PM, Jan-Oliver Wagner wrote:
> > Are you aware of Change Request #18 which is aiming at a similar
> > issue?
> >
> > http://www.openvas.org/openvas-cr-18.html
> >
> > (It introduces filters for severity and is half-implemented in
> > current SVN.)
>
> I wasn't aware of that CR, thanks for the link. I agree those features
> would be fantastic - but it's not 100% what I was after. I like to be
> able to produce a 'high risk only' report to give people to focus on
> without having to 'downgrade' all the other alerts. In a way, I would
> like to be able to keep the scan results and the report formatting
> separated. I understand though that my needs are probably the edge-
> case here.
>
> If there are any changes you want me to make to the patch let me know,
> otherwise I might have a look through the other existing change
> requests and see if there is anything I can investigate.
>
> Thanks,
> Mark.
--
Felix Wolfsteller | ++49-541-335 08 3451 | http://www.intevation.de/
PGP Key: 39DE0100
Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 18998
Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
From openvas at markwallis.id.au Tue Feb 24 14:05:52 2009
From: openvas at markwallis.id.au (Mark Wallis)
Date: Wed, 25 Feb 2009 00:05:52 +1100
Subject: [Openvas-devel] [RFC PATCH] Allowing filtering of issues during
report export
In-Reply-To: <200902231033.37382.felix.wolfsteller@intevation.de>
References:
<200902170851.37860.jan-oliver.wagner@intevation.de>
<453C6A09-261A-4EF3-ABD6-14FA21F7EB9B@markwallis.id.au>
<200902231033.37382.felix.wolfsteller@intevation.de>
Message-ID: <3289CBE5-7B13-4FC4-9C5C-7D266D4D58F5@markwallis.id.au>
On 23/02/2009, at 8:33 PM, Felix Wolfsteller wrote:
> I took a quick, second look at your patch.
Thanks Felix.
> What is missing imho:
> * The filter does not effect nbe and pdf export if i am not
> mistaken. Quite
> important.
The filter as it stands does not affect NBE, XML or PDF. I agree that
I should get this working for PDF.
For NBE/XML though I feel these are a special case. The format types,
to me, can be broken into two groups.
HTML, Latex, Text, HTML_Graph and PDF all represents "reports" that
can you generate from the data.
NBE and XML though represent exports of the data itself into another
raw format.
I'm thinking, perhaps we should be breaking these into two separate
menu items. A 'Report' feature and an 'Export' feature. I cannot see
the business case where filtering data out of an NBE/XML export would
be beneficial.
Worst case, perhaps I should gray the new combo box out when NBE or
XML is selected as the format ?
> * A solution with bit sets instead of defines (SAVE_DETAIL_ALL,
> SAVE_DETAIL_HIGHMED) might make it easier to incorporate other
> levels at a
> later stage. This could be reflected in the GUI by checkboxes (so
> that you
> could en/disable every level for itself), but I find atm the
> combobox work
> equally fine. I was sure that the GLib brings a handy support for bit
> sets/masks, but I do not find it right now.
Good idea. I can rework things to use bitmasks behind the scene's. I
suggest though leaving the combo box as is rather than replacing it
with a list of check box's. At this stage, with only three levels of
detail, I think the dropdown box is usable enough without making the
page any more cluttered.
> But I also see that report generation needs a lot of care.
The switch() in report-save.c:file_save_ok_callback does seem a little
confusing to me in the way that each report type is generated slightly
differently. For example, the HTML and latex types both use the
backend_convert function and then pass the returned arglist through
another function which does the formatting. The XML_NG clause though
uses a specialised backend_to_xml_ng function, and the PDF clause uses
a completely different method all together.
Perhaps there is a way that we can clean this area of code up to allow
us to easily add new report types down the track ?
Regards,
Mark Wallis
mwallis at serialmonkey.com
From jan-oliver.wagner at intevation.de Tue Feb 24 20:10:25 2009
From: jan-oliver.wagner at intevation.de (Jan-Oliver Wagner)
Date: Tue, 24 Feb 2009 20:10:25 +0100
Subject: [Openvas-devel] [RFC PATCH] Allowing filtering of issues during
report export
In-Reply-To: <3289CBE5-7B13-4FC4-9C5C-7D266D4D58F5@markwallis.id.au>
References:
<200902231033.37382.felix.wolfsteller@intevation.de>
<3289CBE5-7B13-4FC4-9C5C-7D266D4D58F5@markwallis.id.au>
Message-ID: <200902242010.29019.jan-oliver.wagner@intevation.de>
On Dienstag, 24. Februar 2009, Mark Wallis wrote:
> The switch() in report-save.c:file_save_ok_callback does seem a little ?
> confusing to me in the way that each report type is generated slightly ?
> differently. For example, the HTML and latex types both use the ?
> backend_convert function and then pass the returned arglist through ?
> another function which does the formatting. The XML_NG clause though ?
> uses a specialised backend_to_xml_ng function, and the PDF clause uses ?
> a completely different method all together.
>
> Perhaps there is a way that we can clean this area of code up to allow ?
> us to easily add new report types down the track ?
we inherited this "programming style & design" from Nessus.
Cleaning up, improving, generalizing are all very welcome
activities :-)
Best
Jan
--
Dr. Jan-Oliver Wagner | ++49-541-335083-0 | http://www.intevation.de/
Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 18998
Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
From stripes at tigerlair.com Wed Feb 25 01:50:59 2009
From: stripes at tigerlair.com (stripes)
Date: Tue, 24 Feb 2009 19:50:59 -0500
Subject: [Openvas-devel] Any doc work needed?
Message-ID: <20090224195059.A14058@tigerlair.com>
Hi everyone,
I'm willing to lend a hand with the documentation. Is there anything you need help with?
Cheers,
-Anne
--
Gomez: I have seen the unholy (\`--/') _ _______ .-r-.
maggots which feast in the dark >.~.\ `` ` `,`,`. ,'_'~`.
recesses of the human soul! (v_," ; `,-\ ; : ; \/,-~) \
Morticia: They're at camp. `--'_..),-/ ' ' '_.>-' )`.`.__.')
stripes at tigerlair dot com ((,((,__..'~~~~~~((,__..' `-..-'fL
From michael.wiegand at intevation.de Wed Feb 25 08:52:58 2009
From: michael.wiegand at intevation.de (Michael Wiegand)
Date: Wed, 25 Feb 2009 08:52:58 +0100
Subject: [Openvas-devel] Any doc work needed?
In-Reply-To: <20090224195059.A14058@tigerlair.com>
References: <20090224195059.A14058@tigerlair.com>
Message-ID: <20090225075258.GB28021@intevation.de>
* stripes [25. Feb 2009]:
> Hi everyone,
>
> I'm willing to lend a hand with the documentation. Is there anything you need help with?
Thank you very much for your offer! :)
One area where we could definitely use help is the English version of
the compendium. The English version was written by Felix and myself and
even though it seems to get the message across, proofreading by a native
speaker would certainly improve the quality.
Other areas would include updating the section on OpenVAS-Client with
the new features and making sure the client documentation actually makes
sense from an user perspective -- the existing documentation suffers
from our developer POV in some places.
Does that sound like something you would like to do? If you have any
questions or areas where you'd rather work on, feel free to let me know.
Again, thanks a lot for your offer.
Regards,
Michael
--
Michael Wiegand | OpenPGP key: D7D049EC | http://www.intevation.de/
Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 18998
Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 206 bytes
Desc: not available
Url : http://lists.wald.intevation.org/pipermail/openvas-devel/attachments/20090225/9f7a32e6/attachment.pgp
From felix.wolfsteller at intevation.de Wed Feb 25 09:57:02 2009
From: felix.wolfsteller at intevation.de (Felix Wolfsteller)
Date: Wed, 25 Feb 2009 09:57:02 +0100
Subject: [Openvas-devel] [RFC PATCH] Allowing filtering of issues during
report export
In-Reply-To: <200902242010.29019.jan-oliver.wagner@intevation.de>
References:
<3289CBE5-7B13-4FC4-9C5C-7D266D4D58F5@markwallis.id.au>
<200902242010.29019.jan-oliver.wagner@intevation.de>
Message-ID: <200902250957.02361.felix.wolfsteller@intevation.de>
> On Dienstag, 24. Februar 2009, Mark Wallis wrote:
> > The switch() in report-save.c:file_save_ok_callback does seem a little ?
> > confusing to me in the way that each report type is generated slightly ?
> > differently. For example, the HTML and latex types both use the ?
> > backend_convert function and then pass the returned arglist through ?
> > another function which does the formatting. The XML_NG clause though ?
> > uses a specialised backend_to_xml_ng function, and the PDF clause uses ?
> > a completely different method all together.
> >
> > Perhaps there is a way that we can clean this area of code up to allow ?
> > us to easily add new report types down the track ?
Definately.
A couple of unordered words from my side:
Besides code and report consistency issues I also find the current export-
dialog quite unhandy, as it does not memorize the type selection or location
and will e.g. create "report.pdf.nbe" if you forgot to select pdf as type.
Imho the direction to go is to generate all reports from one 'base' format but
using syntactical rules only. The wording should be kept exchangable (look
e.g. at the latex_output's introductions, I see no reason for that being
hard-wired in the latex_output module).
Apparently quite some users rely on the nbe format so that we cannot drop
support for it. Otherwise I would go for using xml as standard format.
Your point about 'data' and 'report' is correct, although I think we could
easily generate fancy reports from xml using xslt (and afaict filter them as
well!).
Maybe an extended menu (but keeping the old item items) would make sense, too:
* export as
* export -> pdf- report
-> html-report
-> ...
-> nbe-data
-> xml-data
felix
--
Felix Wolfsteller | ++49-541-335 08 3451 | http://www.intevation.de/
PGP Key: 39DE0100
Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 18998
Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
From michael.wiegand at intevation.de Thu Feb 26 07:59:58 2009
From: michael.wiegand at intevation.de (Michael Wiegand)
Date: Thu, 26 Feb 2009 07:59:58 +0100
Subject: [Openvas-devel] Any doc work needed?
In-Reply-To:
References: <20090224195059.A14058@tigerlair.com>
<20090225075258.GB28021@intevation.de>
Message-ID: <20090226065958.GA7863@intevation.de>
* Jon Bebeau [25. Feb 2009]:
> Hi,
>
> I can help proof the copy too. I'm a US native and write well (at least IMHO).
Thank you as well for your offer, your help is appreciated! You might
want to coordinate your efforts with Anne so you two don't do the same
work twice.
Let me know if you have any questions.
Regards,
Michael
--
Michael Wiegand | OpenPGP key: D7D049EC | http://www.intevation.de/
Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 18998
Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 206 bytes
Desc: not available
Url : http://lists.wald.intevation.org/pipermail/openvas-devel/attachments/20090226/928b0728/attachment.pgp
From michael.wiegand at intevation.de Thu Feb 26 08:06:15 2009
From: michael.wiegand at intevation.de (Michael Wiegand)
Date: Thu, 26 Feb 2009 08:06:15 +0100
Subject: [Openvas-devel] Any doc work needed?
In-Reply-To: <20090225115604.A12746@tigerlair.com>
References: <20090224195059.A14058@tigerlair.com>
<20090225075258.GB28021@intevation.de>
<20090225115604.A12746@tigerlair.com>
Message-ID: <20090226070615.GB7863@intevation.de>
* stripes [25. Feb 2009]:
> On Wed, Feb 25, 2009 at 08:52:58AM +0100, Michael Wiegand wrote:
> > Does that sound like something you would like to do? If you have any
> > questions or areas where you'd rather work on, feel free to let me know.
>
> Absolutely! Thanks. I have a significant amount of experience with
> Nessus. Since I'm not writing proprietary plugins and I finally have
> the time, I can help with the documents here.
Sounds great! The compendium itself is in (Hyper)LaTeX, you can edit it
directly if you are comfortable with that -- but you can send us your
suggestion in any other way as well, just use what is easiest for you.
Regards,
Michael
--
Michael Wiegand | OpenPGP key: D7D049EC | http://www.intevation.de/
Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 18998
Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 206 bytes
Desc: not available
Url : http://lists.wald.intevation.org/pipermail/openvas-devel/attachments/20090226/77cce449/attachment.pgp
From labeneator at gmail.com Thu Feb 26 09:21:46 2009
From: labeneator at gmail.com (Laban Mwangi)
Date: Thu, 26 Feb 2009 11:21:46 +0300
Subject: [Openvas-devel] [Patch for 828]
Message-ID: <1235636506.3866.9.camel@hyperion.penguinlabs.co.ke>
Hi all,
Please find a patch for bugid: 828. It essentially stores the client
certifcate hash against a hostname,port pair instead of just the
hostname. This allows one to run multiple OpenVASd instances each with
different certificates. I didn't want to commit because it will prompt
clients about "new certificates" i.e. the current .openvasrc.cert data
is invalidated. While we are applying this, can we also move .openvasrc
and .openvasrc.cert to .openvas directory?
Regards,
--
Laban
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
Url : http://lists.wald.intevation.org/pipermail/openvas-devel/attachments/20090226/e3ebffd1/attachment.pgp
From labeneator at gmail.com Thu Feb 26 09:28:41 2009
From: labeneator at gmail.com (Laban Mwangi)
Date: Thu, 26 Feb 2009 11:28:41 +0300
Subject: [Openvas-devel] [Patch for 828] - Resend
Message-ID: <1235636921.3866.11.camel@hyperion.penguinlabs.co.ke>
Hi all,
Please find a patch for bugid: 828. It essentially stores the client
certifcate hash against a hostname,port pair instead of just the
hostname. This allows one to run multiple OpenVASd instances each with
different certificates. I didn't want to commit because it will prompt
clients about "new certificates" i.e. the current .openvasrc.cert data
is invalidated. While we are applying this, can we also move .openvasrc
and .openvasrc.cert to .openvas directory?
Regards,
--
Laban
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 828.patch
Type: text/x-patch
Size: 1570 bytes
Desc: not available
Url : http://lists.wald.intevation.org/pipermail/openvas-devel/attachments/20090226/aaf6ddb2/828.bin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
Url : http://lists.wald.intevation.org/pipermail/openvas-devel/attachments/20090226/aaf6ddb2/attachment.pgp