From 73dca8efa22d82f309faecf2f643c618c5239ad2 Mon Sep 17 00:00:00 2001 From: Timo Pollmeier Date: Tue, 18 Jun 2024 09:57:25 +0200 Subject: [PATCH 01/27] Add: EPSS scoring info in results This adds the EPSS scoring information form the VTs and CVEs to the results. --- src/gmp.c | 49 ++++++++++++- src/manage.h | 24 ++++++ src/manage_pg.c | 55 ++++++++++++++ src/manage_sql.c | 154 +++++++++++++++++++++++++++++++++++++-- src/manage_sql.h | 5 +- src/manage_sql_nvts.c | 1 + src/manage_sql_secinfo.c | 2 + 7 files changed, 282 insertions(+), 8 deletions(-) diff --git a/src/gmp.c b/src/gmp.c index e846eec84..1fae7dc4a 100644 --- a/src/gmp.c +++ b/src/gmp.c @@ -9108,6 +9108,42 @@ results_xml_append_cert (GString *buffer, iterator_t *results, const char *oid, } } +/** + * @brief Append an EPSS info element to a results XML buffer. + * + * @param[in] results Results iterator. + * @param[in] buffer XML buffer to add to. + */ +static void +results_xml_append_epss (iterator_t *results, GString *buffer) +{ + buffer_xml_append_printf (buffer, + "" + "" + "%0.5f" + "%0.5f" + "" + "%0.1f" + "" + "" + "" + "%0.5f" + "%0.5f" + "" + "%0.1f" + "" + "" + "", + result_iterator_epss_score (results), + result_iterator_epss_percentile (results), + result_iterator_epss_cve (results), + result_iterator_epss_severity (results), + result_iterator_max_epss_score (results), + result_iterator_max_epss_percentile (results), + result_iterator_max_epss_cve (results), + result_iterator_max_epss_severity (results)); +} + /** * @brief Append an NVT element to an XML buffer. * @@ -9129,6 +9165,7 @@ results_xml_append_nvt (iterator_t *results, GString *buffer, int cert_loaded) { gchar *severity; + // TODO: Add EPSS for CVE results severity = cve_cvss_base (oid); buffer_xml_append_printf (buffer, "" @@ -9138,14 +9175,19 @@ results_xml_append_nvt (iterator_t *results, GString *buffer, int cert_loaded) "" "" "" - "%s" - "", + "%s", oid, oid, severity ? severity : "", severity ? severity : "", result_iterator_port (results), oid); + + if (result_iterator_epss_cve (results)) + results_xml_append_epss (results, buffer); + + buffer_xml_append_printf (buffer, ""); + g_free (severity); return; } @@ -9285,6 +9327,9 @@ results_xml_append_nvt (iterator_t *results, GString *buffer, int cert_loaded) buffer_xml_append_printf (buffer, "/>"); } + if (result_iterator_epss_cve (results)) + results_xml_append_epss (results, buffer); + first = 1; xml_append_nvt_refs (buffer, result_iterator_nvt_oid (results), &first); diff --git a/src/manage.h b/src/manage.h index ce3a5ea6d..9e7bbbce9 100644 --- a/src/manage.h +++ b/src/manage.h @@ -1522,6 +1522,30 @@ result_iterator_may_have_overrides (iterator_t*); int result_iterator_may_have_tickets (iterator_t*); +double +result_iterator_epss_score (iterator_t*); + +double +result_iterator_epss_percentile (iterator_t*); + +const char* +result_iterator_epss_cve (iterator_t*); + +double +result_iterator_epss_severity (iterator_t*); + +double +result_iterator_max_epss_score (iterator_t*); + +double +result_iterator_max_epss_percentile (iterator_t*); + +const char* +result_iterator_max_epss_cve (iterator_t*); + +double +result_iterator_max_epss_severity (iterator_t*); + gchar ** result_iterator_cert_bunds (iterator_t*); diff --git a/src/manage_pg.c b/src/manage_pg.c index 19d3463f7..8c691994e 100644 --- a/src/manage_pg.c +++ b/src/manage_pg.c @@ -1806,6 +1806,59 @@ create_view_vulns () " WHERE uuid in (SELECT * FROM used_nvts)"); } +/** + * @brief Create or replace the result_vt_epss view. + */ +void +create_view_result_vt_epss () +{ + sql ("DROP MATERIALIZED VIEW IF EXISTS result_vt_epss;"); + + if (sql_int ("SELECT EXISTS (SELECT * FROM information_schema.tables" + " WHERE table_catalog = '%s'" + " AND table_schema = 'scap'" + " AND table_name = 'cves')" + " ::integer;", + sql_database ())) + sql ("CREATE MATERIALIZED VIEW result_vt_epss AS (" + " SELECT cve AS vt_id," + " epss AS epss_score," + " percentile AS epss_percentile," + " cve AS epss_cve," + " cves.severity AS epss_severity," + " epss AS max_epss_score," + " percentile AS max_epss_percentile," + " cve AS max_epss_cve," + " cves.severity AS max_epss_severity" + " FROM scap.epss_scores" + " JOIN scap.cves ON cve = cves.uuid" + " UNION ALL" + " SELECT oid AS vt_id," + " epss_score," + " epss_percentile," + " epss_cve," + " epss_severity," + " max_epss_score," + " max_epss_percentile," + " max_epss_cve," + " max_epss_severity" + " FROM nvts);"); + else + sql ("CREATE MATERIALIZED VIEW result_vt_epss AS (" + " SELECT oid AS vt_id," + " epss_score," + " epss_percentile," + " epss_cve," + " max_epss_score," + " max_epss_percentile," + " max_epss_cve" + " FROM nvts);"); + + sql ("SELECT create_index ('result_vt_epss_by_vt_id'," + " 'result_vt_epss', 'vt_id');"); + +} + #undef VULNS_RESULTS_WHERE @@ -2997,6 +3050,8 @@ create_tables () create_view_vulns (); + create_view_result_vt_epss (); + /* Create indexes. */ sql ("SELECT create_index ('config_preferences_by_config'," diff --git a/src/manage_sql.c b/src/manage_sql.c index e6a7e72c1..596f60e38 100644 --- a/src/manage_sql.c +++ b/src/manage_sql.c @@ -22497,6 +22497,32 @@ where_qod (int min_qod) " 'undefined')", \ "compliant", \ KEYWORD_TYPE_STRING }, \ + /* ^ 45 = 35 */ \ + { "result_vt_epss.epss_score", \ + "epss_score", \ + KEYWORD_TYPE_DOUBLE }, \ + { "result_vt_epss.epss_percentile", \ + "epss_percentile", \ + KEYWORD_TYPE_DOUBLE }, \ + { "result_vt_epss.epss_cve", \ + "epss_cve", \ + KEYWORD_TYPE_STRING }, \ + { "result_vt_epss.epss_severity", \ + "epss_severity", \ + KEYWORD_TYPE_DOUBLE }, \ + { "result_vt_epss.max_epss_score", \ + "max_epss_score", \ + KEYWORD_TYPE_DOUBLE }, \ + /* ^ 50 = 40 */ \ + { "result_vt_epss.max_epss_percentile", \ + "max_epss_percentile", \ + KEYWORD_TYPE_DOUBLE }, \ + { "result_vt_epss.max_epss_cve", \ + "max_epss_cve", \ + KEYWORD_TYPE_STRING }, \ + { "result_vt_epss.max_epss_severity", \ + "max_epss_severity", \ + KEYWORD_TYPE_DOUBLE }, \ /** * @brief Result iterator columns. @@ -23196,7 +23222,9 @@ init_result_get_iterator (iterator_t* iterator, const get_data_t *get, "results", "nvts"); - extra_tables = g_strdup_printf (" LEFT OUTER JOIN nvts" + extra_tables = g_strdup_printf (" LEFT OUTER JOIN result_vt_epss" + " ON results.nvt = result_vt_epss.vt_id" + " LEFT OUTER JOIN nvts" " ON results.nvt = nvts.oid %s," " LATERAL %s AS lateral_new_severity", opts_tables, @@ -23300,7 +23328,9 @@ result_count (const get_data_t *get, report_t report, const char* host) "results", "nvts"); - extra_tables = g_strdup_printf (" LEFT OUTER JOIN nvts" + extra_tables = g_strdup_printf (" LEFT OUTER JOIN result_vt_epss" + " ON results.nvt = result_vt_epss.vt_id" + " LEFT OUTER JOIN nvts" " ON results.nvt = nvts.oid %s," " LATERAL %s AS lateral_new_severity", opts_tables, @@ -23765,6 +23795,118 @@ DEF_ACCESS (result_iterator_nvt_family, GET_ITERATOR_COLUMN_COUNT + 33); */ DEF_ACCESS (result_iterator_nvt_tag, GET_ITERATOR_COLUMN_COUNT + 34); +/** + * @brief Get EPSS score of highest severity CVE from a result iterator. + * + * @param[in] iterator Iterator. + * + * @return EPSS score of the highest severity CVE. + */ +double +result_iterator_epss_score (iterator_t* iterator) +{ + if (iterator->done) return 0.0; + return iterator_double (iterator, GET_ITERATOR_COLUMN_COUNT + 36); +} + +/** + * @brief Get EPSS percentile of highest severity CVE from a result iterator. + * + * @param[in] iterator Iterator. + * + * @return EPSS percentile of the highest severity CVE. + */ +double +result_iterator_epss_percentile (iterator_t* iterator) +{ + if (iterator->done) return 0.0; + return iterator_double (iterator, GET_ITERATOR_COLUMN_COUNT + 37); +} + +/** + * @brief Get highest severity CVE with EPSS score from a result iterator. + * + * @param[in] iterator Iterator. + * + * @return Highest severity CVE with EPSS score. + */ +const gchar * +result_iterator_epss_cve (iterator_t* iterator) +{ + if (iterator->done) return NULL; + return iterator_string (iterator, GET_ITERATOR_COLUMN_COUNT + 38); +} + +/** + * @brief Get the highest severity of EPSS CVEs from a result iterator. + * + * @param[in] iterator Iterator. + * + * @return Highest severity of referenced CVEs with EPSS. + */ +double +result_iterator_epss_severity (iterator_t* iterator) +{ + if (iterator->done) return 0.0; + return iterator_double (iterator, GET_ITERATOR_COLUMN_COUNT + 39); +} + +/** + * @brief Get maximum EPSS score of referenced CVEs from a result iterator. + * + * @param[in] iterator Iterator. + * + * @return Maximum EPSS score. + */ +double +result_iterator_max_epss_score (iterator_t* iterator) +{ + if (iterator->done) return 0.0; + return iterator_double (iterator, GET_ITERATOR_COLUMN_COUNT + 40); +} + +/** + * @brief Get maximum EPSS percentile of referenced CVEs from a result iterator. + * + * @param[in] iterator Iterator. + * + * @return Maximum EPSS percentile. + */ +double +result_iterator_max_epss_percentile (iterator_t* iterator) +{ + if (iterator->done) return 0.0; + return iterator_double (iterator, GET_ITERATOR_COLUMN_COUNT + 41); +} + +/** + * @brief Get the CVE with the maximum EPSS score from a result iterator. + * + * @param[in] iterator Iterator. + * + * @return CVE with maximum EPSS score. + */ +const gchar * +result_iterator_max_epss_cve (iterator_t* iterator) +{ + if (iterator->done) return NULL; + return iterator_string (iterator, GET_ITERATOR_COLUMN_COUNT + 42); +} + +/** + * @brief Get severity of CVE with maximum EPSS score from a result iterator. + * + * @param[in] iterator Iterator. + * + * @return Severity of CVE with maximum EPSS score. + */ +double +result_iterator_max_epss_severity (iterator_t* iterator) +{ + if (iterator->done) return 0.0; + return iterator_double (iterator, GET_ITERATOR_COLUMN_COUNT + 43); +} + /** * @brief Get CERT-BUNDs from a result iterator. * @@ -23776,7 +23918,7 @@ gchar ** result_iterator_cert_bunds (iterator_t* iterator) { if (iterator->done) return 0; - return iterator_array (iterator, GET_ITERATOR_COLUMN_COUNT + 36); + return iterator_array (iterator, GET_ITERATOR_COLUMN_COUNT + 44); } /** @@ -23790,7 +23932,7 @@ gchar ** result_iterator_dfn_certs (iterator_t* iterator) { if (iterator->done) return 0; - return iterator_array (iterator, GET_ITERATOR_COLUMN_COUNT + 37); + return iterator_array (iterator, GET_ITERATOR_COLUMN_COUNT + 45); } /** @@ -58055,7 +58197,9 @@ type_build_select (const char *type, const char *columns_str, "results", "nvts"); - opts_table = g_strdup_printf (" LEFT OUTER JOIN nvts" + opts_table = g_strdup_printf (" LEFT OUTER JOIN result_vt_epss" + " ON results.nvt = result_vt_epss.vt_id" + " LEFT OUTER JOIN nvts" " ON results.nvt = nvts.oid %s," " LATERAL %s AS lateral_new_severity", original, diff --git a/src/manage_sql.h b/src/manage_sql.h index dfe87caa6..29b5988a1 100644 --- a/src/manage_sql.h +++ b/src/manage_sql.h @@ -295,7 +295,7 @@ typedef struct /** * @brief Delta results columns offset for result iterator. */ -#define RESULT_ITERATOR_DELTA_COLUMN_OFFSET GET_ITERATOR_COLUMN_COUNT + 38 +#define RESULT_ITERATOR_DELTA_COLUMN_OFFSET GET_ITERATOR_COLUMN_COUNT + 46 /* Variables */ @@ -505,6 +505,9 @@ add_role_permission_resource (const gchar *, const gchar *, const gchar *, void create_view_vulns (); +void +create_view_result_vt_epss (); + int config_family_entire_and_growing (config_t, const char*); diff --git a/src/manage_sql_nvts.c b/src/manage_sql_nvts.c index ccebce74f..a740fea5e 100644 --- a/src/manage_sql_nvts.c +++ b/src/manage_sql_nvts.c @@ -1987,6 +1987,7 @@ update_nvts_from_vts (element_t *get_vts_response, sql ("ALTER TABLE nvts_rebuild RENAME TO nvts;"); create_view_vulns (); + create_view_result_vt_epss (); } set_nvts_check_time (count_new_vts, count_modified_vts); diff --git a/src/manage_sql_secinfo.c b/src/manage_sql_secinfo.c index fdf76db8c..fd8c13c76 100644 --- a/src/manage_sql_secinfo.c +++ b/src/manage_sql_secinfo.c @@ -3707,6 +3707,7 @@ update_scap_end () /* View 'vulns' contains references into the SCAP schema, so it is * removed by the CASCADE. */ create_view_vulns (); + create_view_result_vt_epss (); } else sql ("ALTER SCHEMA scap2 RENAME TO scap;"); @@ -3745,6 +3746,7 @@ abort_scap_update () /* View 'vulns' contains references into the SCAP schema, so it is * removed by the CASCADE. */ create_view_vulns (); + create_view_result_vt_epss (); /* Update CERT data that depends on SCAP. */ update_cert_data (); } From dbe10cca173c3c8a44ec6d15f904c4ea2a9347d4 Mon Sep 17 00:00:00 2001 From: Timo Pollmeier Date: Wed, 19 Jun 2024 08:45:18 +0200 Subject: [PATCH 02/27] Add EPSS result elements to GMP doc --- src/schema_formats/XML/GMP.xml.in | 107 ++++++++++++++++++++++++++++++ 1 file changed, 107 insertions(+) diff --git a/src/schema_formats/XML/GMP.xml.in b/src/schema_formats/XML/GMP.xml.in index 49fe30bff..5d7c32b94 100644 --- a/src/schema_formats/XML/GMP.xml.in +++ b/src/schema_formats/XML/GMP.xml.in @@ -1667,6 +1667,7 @@ along with this program. If not, see . severities cpe tags + epss refs @@ -1704,6 +1705,112 @@ along with this program. If not, see . Tags associated with the NVT text + + epss + Exploit Prediction Scoring System (EPSS) info if available + + max_severity + max_epss + + + max_severity + + EPSS info of the referenced CVE with the highest severity + + + In case there are multiple CVEs referenced by the NVT tied for the + highest severity, they are also sorted by EPSS score and modification + time and the first one is chosen. + + + score + percentile + cve + + + score + EPSS score of the CVE + + decimal + + + + percentile + EPSS percentile of the CVE + + decimal + + + + cve + The representative CVE chosen + + + id + CVE-ID of the CVE + text + + severity + + + severity + Severity (CVSS) score of the CVE if available + + severity + + + + + + max_epss + + EPSS info of the referenced CVE with the highest EPSS score + + + In case there are multiple CVEs referenced by the NVT tied for the + highest EPSS score, they are also sorted by severity and modification + time and the first one is chosen. + + + score + percentile + cve + + + score + EPSS score of the CVE + + decimal + + + + percentile + EPSS percentile of the CVE + + decimal + + + + cve + The representative CVE chosen + + + id + CVE-ID of the CVE + text + + severity + + + severity + Severity (CVSS) score of the CVE if available + + severity + + + + + refs List of references of various types for this vulnerability test From 6676735bb116a2ba7c3b9539760dd2d50c1fd3bf Mon Sep 17 00:00:00 2001 From: Timo Pollmeier Date: Wed, 19 Jun 2024 09:34:44 +0200 Subject: [PATCH 03/27] Remove TODO comment for CVE result EPSS --- src/gmp.c | 1 - 1 file changed, 1 deletion(-) diff --git a/src/gmp.c b/src/gmp.c index 1fae7dc4a..1587fe6e3 100644 --- a/src/gmp.c +++ b/src/gmp.c @@ -9165,7 +9165,6 @@ results_xml_append_nvt (iterator_t *results, GString *buffer, int cert_loaded) { gchar *severity; - // TODO: Add EPSS for CVE results severity = cve_cvss_base (oid); buffer_xml_append_printf (buffer, "" From 2eb2fe3852e39aecdcbb072102c1d8284455b4bb Mon Sep 17 00:00:00 2001 From: Timo Pollmeier Date: Wed, 19 Jun 2024 10:38:42 +0200 Subject: [PATCH 04/27] Make result EPSS score/percentile filterable --- src/manage_sql.c | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/src/manage_sql.c b/src/manage_sql.c index 596f60e38..d7b539aef 100644 --- a/src/manage_sql.c +++ b/src/manage_sql.c @@ -22198,7 +22198,8 @@ where_qod (int min_qod) "description", "task", "report", "cvss_base", "nvt_version", \ "severity", "original_severity", "vulnerability", "date", "report_id", \ "solution_type", "qod", "qod_type", "task_id", "cve", "hostname", \ - "path", "compliant", NULL } + "path", "compliant", "epss_score", "epss_percentile", "max_epss_score", \ + "max_epss_percentile", NULL } // TODO Combine with RESULT_ITERATOR_COLUMNS. /** @@ -22498,29 +22499,29 @@ where_qod (int min_qod) "compliant", \ KEYWORD_TYPE_STRING }, \ /* ^ 45 = 35 */ \ - { "result_vt_epss.epss_score", \ + { "coalesce (result_vt_epss.epss_score, 0.0)", \ "epss_score", \ KEYWORD_TYPE_DOUBLE }, \ - { "result_vt_epss.epss_percentile", \ + { "coalesce (result_vt_epss.epss_percentile, 0.0)", \ "epss_percentile", \ KEYWORD_TYPE_DOUBLE }, \ { "result_vt_epss.epss_cve", \ "epss_cve", \ KEYWORD_TYPE_STRING }, \ - { "result_vt_epss.epss_severity", \ + { "coalesce (result_vt_epss.epss_severity, 0.0)", \ "epss_severity", \ KEYWORD_TYPE_DOUBLE }, \ - { "result_vt_epss.max_epss_score", \ + { "coalesce (result_vt_epss.max_epss_score, 0.0)", \ "max_epss_score", \ KEYWORD_TYPE_DOUBLE }, \ /* ^ 50 = 40 */ \ - { "result_vt_epss.max_epss_percentile", \ + { "coalesce (result_vt_epss.max_epss_percentile, 0.0)", \ "max_epss_percentile", \ KEYWORD_TYPE_DOUBLE }, \ { "result_vt_epss.max_epss_cve", \ "max_epss_cve", \ KEYWORD_TYPE_STRING }, \ - { "result_vt_epss.max_epss_severity", \ + { "coalesce (result_vt_epss.max_epss_severity, 0.0)", \ "max_epss_severity", \ KEYWORD_TYPE_DOUBLE }, \ From e21f4f3d83965a985c212d0d4279ece2bde6ff27 Mon Sep 17 00:00:00 2001 From: Timo Pollmeier Date: Fri, 21 Jun 2024 10:02:08 +0200 Subject: [PATCH 05/27] Add result_vt_epss join to delta result iterators --- src/manage_sql.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/manage_sql.c b/src/manage_sql.c index d7b539aef..c9f1a68d8 100644 --- a/src/manage_sql.c +++ b/src/manage_sql.c @@ -28097,6 +28097,8 @@ init_v2_delta_iterator (report_t report, iterator_t *results, report_t delta, extra_tables = g_strdup_printf (" JOIN comparison " " ON results.id = COALESCE (result1_id," " result2_id)" + " LEFT OUTER JOIN result_vt_epss" + " ON results.nvt = result_vt_epss.vt_id" " LEFT OUTER JOIN nvts" " ON results.nvt = nvts.oid %s," " LATERAL %s AS lateral_new_severity", From e6fd780bd6d94602cc9f3dd9d01a4dc1d578b057 Mon Sep 17 00:00:00 2001 From: Matt Mundell Date: Tue, 9 Jul 2024 15:20:06 +0200 Subject: [PATCH 06/27] GMP doc: add details attribute to GET_CREDENTIALS --- src/schema_formats/XML/GMP.xml.in | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/schema_formats/XML/GMP.xml.in b/src/schema_formats/XML/GMP.xml.in index 5d7c32b94..2cd6d36b1 100644 --- a/src/schema_formats/XML/GMP.xml.in +++ b/src/schema_formats/XML/GMP.xml.in @@ -10682,6 +10682,11 @@ END:VCALENDAR ID of filter to use to filter query uuid + + details + Whether to include certificate info + boolean + scanners Whether to include a list of scanners using the credentials From 61914200fbbf914940c6948d88914b93ef076476 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 10 Jul 2024 12:11:25 +0000 Subject: [PATCH 07/27] Bump docker/build-push-action from 5 to 6 Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 5 to 6. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/v5...v6) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/build-container.yml | 2 +- .github/workflows/container.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build-container.yml b/.github/workflows/build-container.yml index b927fd34d..3133f6ced 100644 --- a/.github/workflows/build-container.yml +++ b/.github/workflows/build-container.yml @@ -52,7 +52,7 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - name: Build and push - uses: docker/build-push-action@v5 + uses: docker/build-push-action@v6 with: context: . push: true diff --git a/.github/workflows/container.yml b/.github/workflows/container.yml index 88aa3ef3e..e59303eff 100644 --- a/.github/workflows/container.yml +++ b/.github/workflows/container.yml @@ -75,7 +75,7 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - name: Build and push Container image - uses: docker/build-push-action@v5 + uses: docker/build-push-action@v6 with: context: . push: ${{ github.event_name != 'pull_request' && (github.ref_type == 'tag' || github.ref_name == 'main') }} From 37e6cc5f551a12c27a26dc342e4adb34a1542107 Mon Sep 17 00:00:00 2001 From: Matt Mundell Date: Tue, 9 Jul 2024 16:24:08 +0200 Subject: [PATCH 08/27] GMP doc: add GVMD_DATA to feed types --- src/schema_formats/XML/GMP.xml.in | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/schema_formats/XML/GMP.xml.in b/src/schema_formats/XML/GMP.xml.in index 5d7c32b94..a8f4c3050 100644 --- a/src/schema_formats/XML/GMP.xml.in +++ b/src/schema_formats/XML/GMP.xml.in @@ -11342,7 +11342,7 @@ END:VCALENDAR type - Type of single feed to get: NVT, CERT or SCAP + Type of single feed to get: NVT, CERT, SCAP or GVMD_DATA text @@ -11372,7 +11372,7 @@ END:VCALENDAR type - The type of feed: NVT, CERT or SCAP + The type of feed: NVT, CERT, SCAP or GVMD_DATA text From 86de30b7106761c22f8d302937c31d340df61520 Mon Sep 17 00:00:00 2001 From: Matt Mundell Date: Tue, 9 Jul 2024 16:40:49 +0200 Subject: [PATCH 09/27] GMP doc: remove USER from CURRENTLY_SYNCING in GET_FEEDS --- src/schema_formats/XML/GMP.xml.in | 6 ------ 1 file changed, 6 deletions(-) diff --git a/src/schema_formats/XML/GMP.xml.in b/src/schema_formats/XML/GMP.xml.in index a8f4c3050..54efe4a1a 100644 --- a/src/schema_formats/XML/GMP.xml.in +++ b/src/schema_formats/XML/GMP.xml.in @@ -11406,18 +11406,12 @@ END:VCALENDAR Present if a sync of this type is underway timestamp - user timestamp Time sync started text - - user - Name of user who is performing sync - text - From 2b79857ebce21731b72256824ad7f92bd447c891 Mon Sep 17 00:00:00 2001 From: Matt Mundell Date: Tue, 9 Jul 2024 15:49:20 +0200 Subject: [PATCH 10/27] GMP doc: make key/package/cert element optional in GET_CREDENTIALS --- src/schema_formats/XML/GMP.xml.in | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/src/schema_formats/XML/GMP.xml.in b/src/schema_formats/XML/GMP.xml.in index 54efe4a1a..57b89d709 100644 --- a/src/schema_formats/XML/GMP.xml.in +++ b/src/schema_formats/XML/GMP.xml.in @@ -10755,11 +10755,13 @@ END:VCALENDAR certificate_info scanners targets - - public_key - package - certificate - + + + public_key + package + certificate + + owner From 3a2030f80a231e7185ca189e9f42c54b3183a1ef Mon Sep 17 00:00:00 2001 From: Matt Mundell Date: Mon, 8 Jul 2024 20:56:20 +0200 Subject: [PATCH 11/27] GMP doc: correct summary of IN_USE in GET_ASSETS --- src/schema_formats/XML/GMP.xml.in | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/schema_formats/XML/GMP.xml.in b/src/schema_formats/XML/GMP.xml.in index 09195497c..a44b82c12 100644 --- a/src/schema_formats/XML/GMP.xml.in +++ b/src/schema_formats/XML/GMP.xml.in @@ -9150,7 +9150,7 @@ END:VCALENDAR details - Whether to include additional information (e.g., tags) + Whether to include additional information (e.g. tags) boolean @@ -9515,7 +9515,7 @@ END:VCALENDAR in_use - Whether any tasks are using the asset + Whether the asset is in use boolean From 2a1a18c47cc3c818aec321c8e234a6a89f74ce85 Mon Sep 17 00:00:00 2001 From: Matt Mundell Date: Mon, 8 Jul 2024 20:57:13 +0200 Subject: [PATCH 12/27] Remove out of date comment WRITABLE is 0 for OS assets. --- src/gmp.c | 1 - 1 file changed, 1 deletion(-) diff --git a/src/gmp.c b/src/gmp.c index 1587fe6e3..f98cc69f6 100644 --- a/src/gmp.c +++ b/src/gmp.c @@ -11719,7 +11719,6 @@ handle_get_assets (gmp_parser_t *gmp_parser, GError **error) gchar *routes_xml; asset = get_iterator_resource (&assets); - /* Assets are currently always writable. */ if (send_get_common ("asset", &get_assets_data->get, &assets, gmp_parser->client_writer, gmp_parser->client_writer_data, From dd403a928cd9b4fc5b98d5ed9a4c4301f96cb08a Mon Sep 17 00:00:00 2001 From: Matt Mundell Date: Mon, 8 Jul 2024 21:11:38 +0200 Subject: [PATCH 13/27] GMP doc: add NAME to SOURCE in GET_ASSETS response --- src/schema_formats/XML/GMP.xml.in | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/schema_formats/XML/GMP.xml.in b/src/schema_formats/XML/GMP.xml.in index a44b82c12..3e5e38672 100644 --- a/src/schema_formats/XML/GMP.xml.in +++ b/src/schema_formats/XML/GMP.xml.in @@ -9276,6 +9276,7 @@ END:VCALENDAR type data deleted + name type @@ -9292,6 +9293,11 @@ END:VCALENDAR Whether the source has been deleted boolean + + name + User name when source type is User, else empty + boolean + os From 0eaef8fe36dbfca72433d1c4b85d5e28021ed33f Mon Sep 17 00:00:00 2001 From: Matt Mundell Date: Mon, 8 Jul 2024 21:20:34 +0200 Subject: [PATCH 14/27] GMP doc: add TYPE to GET_ASSETS response --- src/schema_formats/XML/GMP.xml.in | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/src/schema_formats/XML/GMP.xml.in b/src/schema_formats/XML/GMP.xml.in index 3e5e38672..0beea5e20 100644 --- a/src/schema_formats/XML/GMP.xml.in +++ b/src/schema_formats/XML/GMP.xml.in @@ -9190,6 +9190,7 @@ END:VCALENDAR permissions user_tags identifiers + type host os @@ -9317,6 +9318,13 @@ END:VCALENDAR + + type + Either "host" or "os" + + xsd:token { pattern = "host|os" } + + host A host From bb5000af3d09111b6534fe676ed4dd9d5694cab5 Mon Sep 17 00:00:00 2001 From: Matt Mundell Date: Mon, 8 Jul 2024 21:27:19 +0200 Subject: [PATCH 15/27] GMP doc: Make ROUTES optional in GET_ASSETS response --- src/schema_formats/XML/GMP.xml.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/schema_formats/XML/GMP.xml.in b/src/schema_formats/XML/GMP.xml.in index 0beea5e20..c5b2585be 100644 --- a/src/schema_formats/XML/GMP.xml.in +++ b/src/schema_formats/XML/GMP.xml.in @@ -9331,7 +9331,7 @@ END:VCALENDAR severity detail - routes + routes severity From 98fe33de4896c7029fd8adbf2dbd6f91b55de5d5 Mon Sep 17 00:00:00 2001 From: Matt Mundell Date: Mon, 8 Jul 2024 21:29:30 +0200 Subject: [PATCH 16/27] GMP doc: HOSTS in GET_ASSETS can have many ASSETS --- src/schema_formats/XML/GMP.xml.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/schema_formats/XML/GMP.xml.in b/src/schema_formats/XML/GMP.xml.in index c5b2585be..dcd4ab731 100644 --- a/src/schema_formats/XML/GMP.xml.in +++ b/src/schema_formats/XML/GMP.xml.in @@ -9494,7 +9494,7 @@ END:VCALENDAR Hosts on which this OS has been detected as the best match - asset + asset asset From 430a01f473bcb15588e94ab40f487aac2b64232f Mon Sep 17 00:00:00 2001 From: Matt Mundell Date: Sat, 6 Jul 2024 19:40:02 +0200 Subject: [PATCH 17/27] GMP doc: add alert fields to element CERTIFICATE_INFO --- src/schema_formats/XML/GMP.xml.in | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/src/schema_formats/XML/GMP.xml.in b/src/schema_formats/XML/GMP.xml.in index dcd4ab731..46a130fb4 100644 --- a/src/schema_formats/XML/GMP.xml.in +++ b/src/schema_formats/XML/GMP.xml.in @@ -523,6 +523,9 @@ along with this program. If not, see . expiration_time issuer md5_fingerprint + sha256_fingerprint + subject + serial time_status @@ -558,6 +561,21 @@ along with this program. If not, see . MD5 fingerprint of the certificate text + + sha256_fingerprint + SHA-256 fingerprint of the certificate + text + + + subject + Name of the certificate + text + + + serial + Serial number of certificate + text + nvt From f3f3f726c62d2d410313c25fe895298843a59ce1 Mon Sep 17 00:00:00 2001 From: Matt Mundell Date: Sat, 6 Jul 2024 19:48:56 +0200 Subject: [PATCH 18/27] GMP doc: add ACTIVE to GET_ALERTS response --- src/schema_formats/XML/GMP.xml.in | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/schema_formats/XML/GMP.xml.in b/src/schema_formats/XML/GMP.xml.in index 46a130fb4..5f11daca1 100644 --- a/src/schema_formats/XML/GMP.xml.in +++ b/src/schema_formats/XML/GMP.xml.in @@ -8519,6 +8519,7 @@ END:VCALENDAR method filter tasks + active owner @@ -8785,6 +8786,11 @@ END:VCALENDAR + + active + Whether the alert is active + boolean + filters From 130e45764d20c6f5ed04fc62f76320e2cd6c04fd Mon Sep 17 00:00:00 2001 From: Matt Mundell Date: Sat, 6 Jul 2024 20:48:21 +0200 Subject: [PATCH 19/27] GMP doc: typo in summary --- src/schema_formats/XML/GMP.xml.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/schema_formats/XML/GMP.xml.in b/src/schema_formats/XML/GMP.xml.in index 5f11daca1..42ce44154 100644 --- a/src/schema_formats/XML/GMP.xml.in +++ b/src/schema_formats/XML/GMP.xml.in @@ -8679,7 +8679,7 @@ END:VCALENDAR method - The method by which he alert must occur + The method by which the alert must occur text data From d1266493744a9a51e05e7ee0a64718761584c783 Mon Sep 17 00:00:00 2001 From: Matt Mundell Date: Thu, 4 Jul 2024 12:15:40 +0200 Subject: [PATCH 20/27] GMP doc: update GET_CONFIGS examples --- src/schema_formats/XML/GMP.xml.in | 79 +++++++++++++++++++++---------- 1 file changed, 55 insertions(+), 24 deletions(-) diff --git a/src/schema_formats/XML/GMP.xml.in b/src/schema_formats/XML/GMP.xml.in index 42ce44154..653899d1c 100644 --- a/src/schema_formats/XML/GMP.xml.in +++ b/src/schema_formats/XML/GMP.xml.in @@ -10539,20 +10539,31 @@ END:VCALENDAR + + mabel + Full and fast - All NVT's; optimized by using previously collected information. - 2012-11-23T10:44:00+01:00 - 2013-01-23T10:44:00+01:00 + Most NVT's; optimized by using previously collected information. Version 20201215. + 2023-03-06T11:26:30-05:00 + 2024-01-23T10:02:26-05:00 + 0 + 1 + + + Everything + + - 4 + 56 1 - 12 + 88005 1 - 1 - 0 + 0 + scan + 0 ... @@ -10567,44 +10578,64 @@ END:VCALENDAR + + mabel + Full and fast - All NVT's; optimized by using previously collected information. + + Most NVT's; optimized by using previously collected information. Version 20201215. + + 2023-03-06T11:26:30-05:00 + 2024-01-23T10:02:26-05:00 + 0 + 1 + + + Everything + + - 4 + 56 1 - 12 + 88005 1 - 1 - - - Web Servers - - ... - + 0 + scan + 0 - Credentials - 8 - 8 + AIX Local Security Checks + 1 + 1 1 ... + 88014 + 88005 - - Services + + PostgreSQL Detection (TCP) 1 - Network connection timeout : + Postgres Username: + Postgres Username: entry - 5 + postgres + postgres ... + + + Web Servers + + ... + ... From 9571f0a4f79d5a4253d015bfac6f81952bdc0235 Mon Sep 17 00:00:00 2001 From: Matt Mundell Date: Thu, 4 Jul 2024 11:14:24 +0200 Subject: [PATCH 21/27] GMP doc: make DEFAULT optional in PREFERENCE in GET_CONFIGS response --- src/schema_formats/XML/GMP.xml.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/schema_formats/XML/GMP.xml.in b/src/schema_formats/XML/GMP.xml.in index 653899d1c..65f28badc 100644 --- a/src/schema_formats/XML/GMP.xml.in +++ b/src/schema_formats/XML/GMP.xml.in @@ -10310,7 +10310,7 @@ END:VCALENDAR id type value - default + default alt From db66056b9288f799eedc43f826d5614cdc240714 Mon Sep 17 00:00:00 2001 From: Matt Mundell Date: Thu, 4 Jul 2024 11:17:18 +0200 Subject: [PATCH 22/27] GMP doc: add HR_NAME to PREFERENCE in GET_CONFIGS response --- src/schema_formats/XML/GMP.xml.in | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/schema_formats/XML/GMP.xml.in b/src/schema_formats/XML/GMP.xml.in index 65f28badc..413b88b02 100644 --- a/src/schema_formats/XML/GMP.xml.in +++ b/src/schema_formats/XML/GMP.xml.in @@ -10307,6 +10307,7 @@ END:VCALENDAR nvt name + hr_name id type value @@ -10335,6 +10336,11 @@ END:VCALENDAR The compact name of the preference as used by the scanner name + + hr_name + The human readable name of the preference + name + id The ID of the preference From 4f378db40055b2faf1430dfc28e1b76e794d5316 Mon Sep 17 00:00:00 2001 From: Matt Mundell Date: Sat, 29 Jun 2024 07:55:40 +0200 Subject: [PATCH 23/27] GMP doc: simplify summary of GET_CONFIGS/CONFIG/WRITABLE --- src/schema_formats/XML/GMP.xml.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/schema_formats/XML/GMP.xml.in b/src/schema_formats/XML/GMP.xml.in index 413b88b02..6d3241b5d 100644 --- a/src/schema_formats/XML/GMP.xml.in +++ b/src/schema_formats/XML/GMP.xml.in @@ -10156,7 +10156,7 @@ END:VCALENDAR writable - Whether any tasks are using the config, including trashcan tasks + Whether the config may be modified boolean From 156028af4b80cde10ba5ffed8f73e9a0ab834d84 Mon Sep 17 00:00:00 2001 From: Matt Mundell Date: Wed, 26 Jun 2024 01:53:28 +0200 Subject: [PATCH 24/27] GMP doc: add C_COUNT to AGGREGATE/OVERALL in GET_AGGREGATES --- src/schema_formats/XML/GMP.xml.in | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/schema_formats/XML/GMP.xml.in b/src/schema_formats/XML/GMP.xml.in index 6d3241b5d..22221b195 100644 --- a/src/schema_formats/XML/GMP.xml.in +++ b/src/schema_formats/XML/GMP.xml.in @@ -8107,6 +8107,7 @@ END:VCALENDAR Aggregate data for all resources of the selected type count + c_count min max mean @@ -8117,6 +8118,12 @@ END:VCALENDAR Overall number of resources integer + + c_count + Cumulative number of resources + For overall this is always the same as count. + integer + min Overall minimum value of the data column From c8c397fc8ca8ee3b4ea4d205d3554947b72502a7 Mon Sep 17 00:00:00 2001 From: Matt Mundell Date: Wed, 26 Jun 2024 02:24:57 +0200 Subject: [PATCH 25/27] GMP doc: add STATS to AGGREGATE/OVERALL in GET_AGGREGATES --- src/schema_formats/XML/GMP.xml.in | 63 ++++++++++++++++++++----------- 1 file changed, 41 insertions(+), 22 deletions(-) diff --git a/src/schema_formats/XML/GMP.xml.in b/src/schema_formats/XML/GMP.xml.in index 22221b195..96c32a796 100644 --- a/src/schema_formats/XML/GMP.xml.in +++ b/src/schema_formats/XML/GMP.xml.in @@ -8108,10 +8108,7 @@ END:VCALENDAR count c_count - min - max - mean - sum + stats count @@ -8125,24 +8122,46 @@ END:VCALENDAR integer - min - Overall minimum value of the data column - text - - - max - Overall maximum value of the data column - text - - - mean - Overall arithmetic mean of the numeric values of the data - text - - - sum - Overall sum of the numeric values of the data column - text + stats + Statistics of a data column + + + column + Name of the column the stats apply to + text + + min + max + mean + sum + c_sum + + + min + Overall minimum value of the data column + text + + + max + Overall maximum value of the data column + text + + + mean + Overall arithmetic mean of the numeric values of the data + text + + + sum + Overall sum of the numeric values of the data column + text + + + c_sum + Cumulative sum of the numeric values of the data column + For overall this is always the same as sum. + text + From 537c354857da94074d7b1608e2575d47aee22f7e Mon Sep 17 00:00:00 2001 From: Matt Mundell Date: Fri, 21 Jun 2024 16:45:11 +0200 Subject: [PATCH 26/27] GMP doc: add missing SUBGROUP_COLUMN to GET_AGGREGATES response --- src/schema_formats/XML/GMP.xml.in | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/schema_formats/XML/GMP.xml.in b/src/schema_formats/XML/GMP.xml.in index 96c32a796..770120a01 100644 --- a/src/schema_formats/XML/GMP.xml.in +++ b/src/schema_formats/XML/GMP.xml.in @@ -7928,6 +7928,7 @@ END:VCALENDAR data_type data_column group_column + subgroup_column text_column group @@ -7951,6 +7952,11 @@ END:VCALENDAR The column the data is grouped by text + + subgroup_column + The column to further group the resources by + text + text_column A simple text column From a477a0f08522e18e7b40b5abe2b5e8d8153acbca Mon Sep 17 00:00:00 2001 From: Matt Mundell Date: Wed, 26 Jun 2024 02:41:24 +0200 Subject: [PATCH 27/27] Doc: correct init_aggregate_iterator return --- src/manage_sql.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/manage_sql.c b/src/manage_sql.c index c9f1a68d8..100030655 100644 --- a/src/manage_sql.c +++ b/src/manage_sql.c @@ -5266,7 +5266,7 @@ append_column (GArray *columns, const gchar *column_name, * resource. * * @return 0 success, 1 failed to find resource, 2 failed to find filter, - * 3 invalid stat_column, 4 invalid group_column, 5 invalid type, + * 3 invalid data_column, 4 invalid group_column, 5 invalid type, * 6 trashcan not used by type, 7 invalid text column, 8 invalid * subgroup_column, -1 error. */