Greenbone Vulnerability Manager
9.0.0
|
GVM management layer: SecInfo. More...
#include "manage_sql.h"
#include "manage_sql_secinfo.h"
#include "sql.h"
#include "utils.h"
#include <assert.h>
#include <errno.h>
#include <fcntl.h>
#include <fnmatch.h>
#include <ftw.h>
#include <glib/gstdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/file.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <unistd.h>
#include <gvm/base/proctitle.h>
#include <gvm/util/fileutils.h>
Macros | |
#define | _GNU_SOURCE |
Enable extra GNU functions. | |
#define | G_LOG_DOMAIN "md manage" |
GLib log domain. | |
Functions | |
void | manage_db_remove (const gchar *) |
Attach external databases. More... | |
int | manage_db_init (const gchar *) |
Init external database. More... | |
static gchar * | string_replace (const gchar *string, const gchar *to,...) |
Replace text in a string. More... | |
static void | increment_transaction_size (int *current_size) |
Increment transaction size, commit and reset at secinfo_commit_size. More... | |
int | cpe_info_count (const get_data_t *get) |
Count number of cpe. More... | |
int | init_cpe_info_iterator (iterator_t *iterator, get_data_t *get, const char *name) |
Initialise a info iterator. More... | |
void | init_cpe_cve_iterator (iterator_t *iterator, const char *cve, int ascending, const char *sort_field) |
Initialise an CVE iterator, for CVEs reported for a certain CPE. More... | |
gchar * | cve_cvss_base (const gchar *cve) |
Get the short file name for an OVALDEF. More... | |
int | cve_info_count (const get_data_t *get) |
Count number of cve. More... | |
int | init_cve_info_iterator (iterator_t *iterator, get_data_t *get, const char *name) |
Initialise a info iterator. More... | |
int | init_ovaldef_info_iterator (iterator_t *iterator, get_data_t *get, const char *name) |
Initialise an OVAL definition (ovaldef) info iterator. More... | |
int | ovaldef_info_count (const get_data_t *get) |
Count number of ovaldef. More... | |
gchar * | get_ovaldef_short_filename (char *item_id) |
Get the short file name for an OVALDEF. More... | |
char * | ovaldef_uuid (const char *name, const char *fname) |
Get the uuid for an OVALDEF from a name and file name. More... | |
char * | ovaldef_severity (const char *id) |
Get the severity of an OVALDEF using an ID. More... | |
char * | ovaldef_version (const char *id) |
Get the version of an OVALDEF using an ID. More... | |
char * | ovaldef_cves (const char *id) |
Get the CVE names of an OVALDEF as ", " separated str. More... | |
int | init_cert_bund_adv_info_iterator (iterator_t *iterator, get_data_t *get, const char *name) |
Initialise an CERT-Bund advisory (cert_bund_adv) info iterator. More... | |
int | cert_bund_adv_info_count (const get_data_t *get) |
Count number of cert_bund_adv. More... | |
void | init_cve_cert_bund_adv_iterator (iterator_t *iterator, const char *cve, int ascending, const char *sort_field) |
Initialise CVE iterator, for CVEs referenced by a CERT-Bund advisory. More... | |
void | init_nvt_cert_bund_adv_iterator (iterator_t *iterator, const char *oid, int ascending, const char *sort_field) |
Initialise an CERT-Bund iterator, for advisories relevant to a NVT. More... | |
int | init_dfn_cert_adv_info_iterator (iterator_t *iterator, get_data_t *get, const char *name) |
Initialise an DFN-CERT advisory (dfn_cert_adv) info iterator. More... | |
int | dfn_cert_adv_info_count (const get_data_t *get) |
Count number of dfn_cert_adv. More... | |
void | init_cve_dfn_cert_adv_iterator (iterator_t *iterator, const char *cve, int ascending, const char *sort_field) |
Initialise CVE iterator, for CVEs referenced by a DFN-CERT advisory. More... | |
void | init_nvt_dfn_cert_adv_iterator (iterator_t *iterator, const char *oid, int ascending, const char *sort_field) |
Initialise an DFN-CERT iterator, for advisories relevant to a NVT. More... | |
int | all_info_count (const get_data_t *get) |
Count number of SecInfo entries. More... | |
int | total_info_count (const get_data_t *get, int filtered) |
Count number of all SecInfo entries. More... | |
int | init_all_info_iterator (iterator_t *iterator, get_data_t *get, const char *name) |
Initialise an info iterator. More... | |
void | init_ovaldi_file_iterator (iterator_t *iterator) |
Initialise an ovaldi file iterator. More... | |
static int | update_dfn_xml (const gchar *xml_path, int last_cert_update, int last_dfn_update) |
Update DFN-CERT info from a single XML feed file. More... | |
static int | update_dfn_cert_advisories (int last_cert_update) |
Update DFN-CERTs. More... | |
static int | update_bund_xml (const gchar *xml_path, int last_cert_update, int last_bund_update) |
Update CERT-Bund info from a single XML feed file. More... | |
static int | update_cert_bund_advisories (int last_cert_update) |
Update CERT-Bunds. More... | |
static int | update_scap_cpes (int last_scap_update) |
Update SCAP CPEs. More... | |
static int | update_cve_xml (const gchar *xml_path, int last_scap_update, int last_cve_update) |
Update CVE info from a single XML feed file. More... | |
static int | update_scap_cves (int last_scap_update) |
Update SCAP CVEs. More... | |
static void | oval_definition_dates (entity_t definition, int *definition_date_newest, int *definition_date_oldest) |
Get last date from definition entity. More... | |
static void | oval_oval_definitions_date (entity_t entity, int *file_timestamp) |
Get generator/timestamp from main oval_definitions entity. More... | |
static int | verify_oval_file (const gchar *full_path) |
Verify a OVAL definitions file. More... | |
static int | update_ovaldef_xml (gchar **file_and_date, int last_scap_update, int last_ovaldef_update, int private) |
Update OVALDEF info from a single XML feed file. More... | |
static gchar * | oval_generator_timestamp (entity_t entity) |
Extract generator timestamp from OVAL element. More... | |
static gchar * | oval_timestamp (const gchar *xml) |
Extract timestamp from OVAL XML. More... | |
static int | oval_files_add (const char *path, const struct stat *stat, int flag, struct FTW *traversal) |
Add an OVAL file to oval_files. More... | |
static gint | oval_files_compare (gconstpointer one, gconstpointer two) |
Compare OVAL files. More... | |
static void | oval_files_free () |
Free oval_files. | |
static int | update_scap_ovaldefs (int last_scap_update, int private) |
Update SCAP OVALDEFs. More... | |
static void | write_sync_start (int lockfile) |
Write start time to sync lock file. More... | |
static int | manage_db_reinit (const gchar *name) |
Reinit a db. More... | |
static void | sync_secinfo (sigset_t *sigmask_current, int(*update)(int), const gchar *process_title, const gchar *lockfile_basename) |
Sync a SecInfo DB. More... | |
static int | manage_feed_timestamp (const gchar *name) |
Get the feed timestamp. More... | |
int | check_cert_db_version () |
Ensure CERT db is at the right version, and in the right mode. More... | |
static int | update_cert_timestamp () |
Update timestamp in CERT db from feed timestamp. More... | |
static void | update_cvss_dfn_cert (int updated_dfn_cert, int last_cert_update, int last_scap_update) |
Update DFN-CERT Max CVSS. More... | |
static void | update_cvss_cert_bund (int updated_cert_bund, int last_cert_update, int last_scap_update) |
Update CERT-Bund Max CVSS. More... | |
static int | sync_cert (int lockfile) |
Sync the CERT DB. More... | |
void | manage_sync_cert (sigset_t *sigmask_current) |
Sync the CERT DB. More... | |
int | check_scap_db_version () |
Ensure SCAP db is at the right version, and in the right mode. More... | |
static int | update_scap_timestamp () |
Update timestamp in SCAP db from feed timestamp. More... | |
static void | update_scap_cvss (int updated_cves, int updated_cpes, int updated_ovaldefs) |
Update CERT-Bund Max CVSS. More... | |
static void | update_scap_placeholders (int updated_cves) |
Update SCAP placeholder CVES. More... | |
static int | sync_scap (int lockfile) |
Sync the SCAP DB. More... | |
void | manage_sync_scap (sigset_t *sigmask_current) |
Sync the SCAP DB. More... | |
void | set_secinfo_commit_size (int new_commit_size) |
Set the SecInfo update commit size. More... | |
Variables | |
static int | secinfo_commit_size = SECINFO_COMMIT_SIZE_DEFAULT |
Commit size for updates. | |
static array_t * | oval_files = NULL |
Files for update_scap_ovaldefs. | |
GVM management layer: SecInfo.
The SecInfo parts of the GVM management layer.
int all_info_count | ( | const get_data_t * | get | ) |
Count number of SecInfo entries.
[in] | get | GET params. |
int cert_bund_adv_info_count | ( | const get_data_t * | get | ) |
Count number of cert_bund_adv.
[in] | get | GET params. |
int check_cert_db_version | ( | ) |
Ensure CERT db is at the right version, and in the right mode.
int check_scap_db_version | ( | ) |
Ensure SCAP db is at the right version, and in the right mode.
int cpe_info_count | ( | const get_data_t * | get | ) |
Count number of cpe.
[in] | get | GET params. |
gchar* cve_cvss_base | ( | const gchar * | cve | ) |
Get the short file name for an OVALDEF.
[in] | cve | Full OVAL identifier with file suffix. |
int cve_info_count | ( | const get_data_t * | get | ) |
Count number of cve.
[in] | get | GET params. |
int dfn_cert_adv_info_count | ( | const get_data_t * | get | ) |
Count number of dfn_cert_adv.
[in] | get | GET params. |
gchar* get_ovaldef_short_filename | ( | char * | item_id | ) |
Get the short file name for an OVALDEF.
[in] | item_id | Full OVAL identifier with file suffix. |
|
inlinestatic |
Increment transaction size, commit and reset at secinfo_commit_size.
[in,out] | current_size | Pointer to current size to increment and compare. |
int init_all_info_iterator | ( | iterator_t * | iterator, |
get_data_t * | get, | ||
const char * | name | ||
) |
Initialise an info iterator.
[in] | iterator | Iterator. |
[in] | get | GET data. |
[in] | name | Name of the info |
int init_cert_bund_adv_info_iterator | ( | iterator_t * | iterator, |
get_data_t * | get, | ||
const char * | name | ||
) |
Initialise an CERT-Bund advisory (cert_bund_adv) info iterator.
[in] | iterator | Iterator. |
[in] | get | GET data. |
[in] | name | Name of the info |
void init_cpe_cve_iterator | ( | iterator_t * | iterator, |
const char * | cve, | ||
int | ascending, | ||
const char * | sort_field | ||
) |
Initialise an CVE iterator, for CVEs reported for a certain CPE.
[in] | iterator | Iterator. |
[in] | cve | CVE. |
[in] | ascending | Whether to sort ascending or descending. |
[in] | sort_field | Field to sort on, or NULL for "id". |
int init_cpe_info_iterator | ( | iterator_t * | iterator, |
get_data_t * | get, | ||
const char * | name | ||
) |
Initialise a info iterator.
[in] | iterator | Iterator. |
[in] | get | GET data. |
[in] | name | Name of the info |
void init_cve_cert_bund_adv_iterator | ( | iterator_t * | iterator, |
const char * | cve, | ||
int | ascending, | ||
const char * | sort_field | ||
) |
Initialise CVE iterator, for CVEs referenced by a CERT-Bund advisory.
[in] | iterator | Iterator. |
[in] | cve | Name of the CVE. |
[in] | ascending | Whether to sort ascending or descending. |
[in] | sort_field | Field to sort on, or NULL for "id". |
void init_cve_dfn_cert_adv_iterator | ( | iterator_t * | iterator, |
const char * | cve, | ||
int | ascending, | ||
const char * | sort_field | ||
) |
Initialise CVE iterator, for CVEs referenced by a DFN-CERT advisory.
[in] | iterator | Iterator. |
[in] | cve | Name of the CVE. |
[in] | ascending | Whether to sort ascending or descending. |
[in] | sort_field | Field to sort on, or NULL for "id". |
int init_cve_info_iterator | ( | iterator_t * | iterator, |
get_data_t * | get, | ||
const char * | name | ||
) |
Initialise a info iterator.
[in] | iterator | Iterator. |
[in] | get | GET data. |
[in] | name | Name of the info |
int init_dfn_cert_adv_info_iterator | ( | iterator_t * | iterator, |
get_data_t * | get, | ||
const char * | name | ||
) |
Initialise an DFN-CERT advisory (dfn_cert_adv) info iterator.
[in] | iterator | Iterator. |
[in] | get | GET data. |
[in] | name | Name of the info |
void init_nvt_cert_bund_adv_iterator | ( | iterator_t * | iterator, |
const char * | oid, | ||
int | ascending, | ||
const char * | sort_field | ||
) |
Initialise an CERT-Bund iterator, for advisories relevant to a NVT.
[in] | iterator | Iterator. |
[in] | oid | OID of the NVT. |
[in] | ascending | Whether to sort ascending or descending. |
[in] | sort_field | Field to sort on, or NULL for "id". |
void init_nvt_dfn_cert_adv_iterator | ( | iterator_t * | iterator, |
const char * | oid, | ||
int | ascending, | ||
const char * | sort_field | ||
) |
Initialise an DFN-CERT iterator, for advisories relevant to a NVT.
[in] | iterator | Iterator. |
[in] | oid | OID of the NVT. |
[in] | ascending | Whether to sort ascending or descending. |
[in] | sort_field | Field to sort on, or NULL for "id". |
int init_ovaldef_info_iterator | ( | iterator_t * | iterator, |
get_data_t * | get, | ||
const char * | name | ||
) |
Initialise an OVAL definition (ovaldef) info iterator.
[in] | iterator | Iterator. |
[in] | get | GET data. |
[in] | name | Name of the info |
void init_ovaldi_file_iterator | ( | iterator_t * | iterator | ) |
Initialise an ovaldi file iterator.
[in] | iterator | Iterator. |
int manage_db_init | ( | const gchar * | name | ) |
Init external database.
[in] | name | Name. "cert" or "scap". |
|
static |
Reinit a db.
[in] | name | Name of db. |
void manage_db_remove | ( | const gchar * | name | ) |
Attach external databases.
[in] | name | Database name. |
|
static |
Get the feed timestamp.
[in] | name | Feed type: SCAP or CERT. |
void manage_sync_cert | ( | sigset_t * | sigmask_current | ) |
Sync the CERT DB.
[in] | sigmask_current | Sigmask to restore in child. |
void manage_sync_scap | ( | sigset_t * | sigmask_current | ) |
Sync the SCAP DB.
[in] | sigmask_current | Sigmask to restore in child. |
|
static |
Get last date from definition entity.
[in] | definition | Definition. |
[out] | definition_date_newest | Newest date. |
[out] | definition_date_oldest | Oldest date. |
|
static |
Add an OVAL file to oval_files.
[in] | path | Path of file. |
[in] | stat | Status of file. |
[in] | flag | Dummy arg for nftw. |
[in] | traversal | Dummy arg for nftw. |
|
static |
Compare OVAL files.
[in] | one | First file. |
[in] | two | Second file. |
|
static |
Extract generator timestamp from OVAL element.
[in] | entity | OVAL element. |
|
static |
Get generator/timestamp from main oval_definitions entity.
[in] | entity | Entity. |
[out] | file_timestamp | Timestamp. |
|
static |
Extract timestamp from OVAL XML.
[in] | xml | OVAL XML. |
char* ovaldef_cves | ( | const char * | id | ) |
Get the CVE names of an OVALDEF as ", " separated str.
[in] | id | Oval definition ID. |
int ovaldef_info_count | ( | const get_data_t * | get | ) |
Count number of ovaldef.
[in] | get | GET params. |
char* ovaldef_severity | ( | const char * | id | ) |
Get the severity of an OVALDEF using an ID.
[in] | id | Oval definition ID. |
char* ovaldef_uuid | ( | const char * | name, |
const char * | fname | ||
) |
Get the uuid for an OVALDEF from a name and file name.
[in] | name | Oval definition name. |
[in] | fname | Oval definition file name. |
char* ovaldef_version | ( | const char * | id | ) |
Get the version of an OVALDEF using an ID.
[in] | id | Oval definition ID. |
void set_secinfo_commit_size | ( | int | new_commit_size | ) |
Set the SecInfo update commit size.
new_commit_size | The new SecInfo update commit size. |
|
static |
Replace text in a string.
[in] | string | String to replace in. |
[in] | to | Replacement text. |
|
static |
Sync the CERT DB.
[in] | lockfile | Lock file. |
|
static |
Sync the SCAP DB.
[in] | lockfile | Lock file. |
|
static |
Sync a SecInfo DB.
[in] | sigmask_current | Sigmask to restore in child. |
[in] | update | Function to do the sync. |
[in] | process_title | Process title. |
[in] | lockfile_basename | Basename for lockfile. |
int total_info_count | ( | const get_data_t * | get, |
int | filtered | ||
) |
Count number of all SecInfo entries.
[in] | get | GET params. |
[in] | filtered | Whether to count entries in filtered set only. |
|
static |
Update CERT-Bund info from a single XML feed file.
[in] | xml_path | XML path. |
[in] | last_cert_update | Time of last CERT update. |
[in] | last_bund_update | Time of last update to a DFN. |
|
static |
Update CERT-Bunds.
Assume that the databases are attached.
[in] | last_cert_update | Time of last CERT update from meta. |
|
static |
Update timestamp in CERT db from feed timestamp.
|
static |
Update CVE info from a single XML feed file.
[in] | xml_path | XML path. |
[in] | last_scap_update | Time of last SCAP update. |
[in] | last_cve_update | Time of last update to a DFN. |
|
static |
Update CERT-Bund Max CVSS.
[in] | updated_cert_bund | Whether CERT-Bund updated. |
[in] | last_cert_update | Time of last CERT update. |
[in] | last_scap_update | Time of last SCAP update. |
|
static |
Update DFN-CERT Max CVSS.
[in] | updated_dfn_cert | Whether CERT-Bund updated. |
[in] | last_cert_update | Time of last CERT update. |
[in] | last_scap_update | Time of last SCAP update. |
|
static |
Update DFN-CERTs.
Assume that the databases are attached.
[in] | last_cert_update | Time of last CERT update from meta. |
|
static |
Update DFN-CERT info from a single XML feed file.
[in] | xml_path | XML path. |
[in] | last_cert_update | Time of last CERT update. |
[in] | last_dfn_update | Time of last update to a DFN. |
|
static |
Update OVALDEF info from a single XML feed file.
[in] | file_and_date | Array containing XML path and timestamp. |
[in] | last_scap_update | Time of last SCAP update. |
[in] | last_ovaldef_update | Time of last update to an ovaldef. |
[in] | private | Whether this is from the user's private dir. |
|
static |
Update SCAP CPEs.
[in] | last_scap_update | Time of last SCAP update. |
|
static |
Update SCAP CVEs.
Assume that the databases are attached.
[in] | last_scap_update | Time of last SCAP update from meta. |
|
static |
Update CERT-Bund Max CVSS.
[in] | updated_cves | Whether CVEs were updated. |
[in] | updated_cpes | Whether CPEs were updated. |
[in] | updated_ovaldefs | Whether OVAL defs were updated. |
|
static |
Update SCAP OVALDEFs.
Assume that the databases are attached.
[in] | last_scap_update | Time of last SCAP update from meta. |
[in] | private | Whether to update private SCAP data, instead of the feed data. |
|
static |
Update SCAP placeholder CVES.
[in] | updated_cves | Whether the CVEs were updated. |
|
static |
Update timestamp in SCAP db from feed timestamp.
|
static |
Verify a OVAL definitions file.
[in] | full_path | Full path to the OVAL definitions file to verify. |
|
static |
Write start time to sync lock file.
[in] | lockfile | Lock file. |