Greenbone Vulnerability Manager
22.4.0~dev1
|
GVM management layer: SecInfo. More...
#include "debug_utils.h"
#include "manage_sql.h"
#include "manage_sql_secinfo.h"
#include "sql.h"
#include "utils.h"
#include <assert.h>
#include <errno.h>
#include <fcntl.h>
#include <fnmatch.h>
#include <ftw.h>
#include <glib/gstdio.h>
#include <math.h>
#include <stdlib.h>
#include <string.h>
#include <sys/file.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <unistd.h>
#include <gvm/base/gvm_sentry.h>
#include <bsd/unistd.h>
#include <gvm/util/fileutils.h>
Data Structures | |
struct | inserts_t |
Buffer for INSERT statements. More... | |
Macros | |
#define | _GNU_SOURCE |
Enable extra GNU functions. | |
#define | G_LOG_DOMAIN "md manage" |
GLib log domain. | |
#define | CPE_MAX_CHUNK_SIZE 10000 |
Maximum number of rows in an INSERT. | |
Functions | |
void | manage_db_remove (const gchar *) |
Attach external databases. More... | |
int | manage_db_init (const gchar *) |
Init external database. More... | |
int | manage_db_init_indexes (const gchar *) |
Init external database. More... | |
int | manage_db_add_constraints (const gchar *) |
Init external database. More... | |
static int | sync_cert () |
Sync the CERT DB. More... | |
static int | update_scap (gboolean reset_scap_db) |
Update all data in the SCAP DB. More... | |
static gchar * | sql_quote_element_text (element_t element) |
Get SQL quoted version of element's text. More... | |
static int | parse_iso_time_element_text (element_t element) |
Get ISO time from element's text. More... | |
static gchar * | string_replace (const gchar *string, const gchar *to,...) |
Replace text in a string. More... | |
static void | increment_transaction_size (int *current_size) |
Increment transaction size, commit and reset at secinfo_commit_size. More... | |
static const gchar * | split_xml_file (gchar *path, const gchar *size, const gchar *tail) |
Split a file. More... | |
static void | inserts_init (inserts_t *inserts, int max_chunk_size, const gchar *open_sql, const gchar *close_sql) |
Check size of current statement. More... | |
static void | inserts_statement_close (inserts_t *inserts) |
Close the current statement. More... | |
static int | inserts_check_size (inserts_t *inserts) |
Check size of current statement. More... | |
static void | inserts_free (inserts_t *inserts) |
Free everything. More... | |
static void | inserts_run (inserts_t *inserts) |
Run the INSERT SQL, freeing the buffers. More... | |
static const column_t * | cpe_info_select_columns () |
Gets the SELECT columns for CPE iterators and counts. More... | |
static const char ** | cpe_info_filter_columns () |
Gets the filter columns for CPE iterators and counts. More... | |
int | cpe_info_count (const get_data_t *get) |
Count number of cpe. More... | |
int | init_cpe_info_iterator (iterator_t *iterator, get_data_t *get, const char *name) |
Initialise a info iterator. More... | |
static const column_t * | cve_info_select_columns () |
Gets the SELECT columns for CVE iterators and counts. More... | |
static const char ** | cve_info_filter_columns () |
Gets the filter columns for CVE iterators and counts. More... | |
void | init_cpe_cve_iterator (iterator_t *iterator, const char *cve, int ascending, const char *sort_field) |
Initialise an CVE iterator, for CVEs reported for a certain CPE. More... | |
gchar * | cve_cvss_base (const gchar *cve) |
Get the CVSS score for a CVE. More... | |
int | cve_info_count (const get_data_t *get) |
Count number of cve. More... | |
int | init_cve_info_iterator (iterator_t *iterator, get_data_t *get, const char *name) |
Initialise a info iterator. More... | |
static const column_t * | cert_bund_adv_info_select_columns () |
Gets the SELECT columns for CERT-Bund advisory iterators and counts. More... | |
static const char ** | cert_bund_adv_info_filter_columns () |
Gets the filter columns for CERT-Bund advisory iterators and counts. More... | |
int | init_cert_bund_adv_info_iterator (iterator_t *iterator, get_data_t *get, const char *name) |
Initialise an CERT-Bund advisory (cert_bund_adv) info iterator. More... | |
int | cert_bund_adv_info_count (const get_data_t *get) |
Count number of cert_bund_adv. More... | |
void | init_cve_cert_bund_adv_iterator (iterator_t *iterator, const char *cve, int ascending, const char *sort_field) |
Initialise CVE iterator, for CVEs referenced by a CERT-Bund advisory. More... | |
void | init_nvt_cert_bund_adv_iterator (iterator_t *iterator, const char *oid) |
Initialise an CERT-Bund iterator, for advisories relevant to a NVT. More... | |
static const column_t * | dfn_cert_adv_info_select_columns () |
Gets the SELECT columns for DFN-CERT advisory iterators and counts. More... | |
static const char ** | dfn_cert_adv_info_filter_columns () |
Gets the filter columns for DFN-CERT advisory iterators and counts. More... | |
int | init_dfn_cert_adv_info_iterator (iterator_t *iterator, get_data_t *get, const char *name) |
Initialise an DFN-CERT advisory (dfn_cert_adv) info iterator. More... | |
int | dfn_cert_adv_info_count (const get_data_t *get) |
Count number of dfn_cert_adv. More... | |
void | init_cve_dfn_cert_adv_iterator (iterator_t *iterator, const char *cve, int ascending, const char *sort_field) |
Initialise CVE iterator, for CVEs referenced by a DFN-CERT advisory. More... | |
void | init_nvt_dfn_cert_adv_iterator (iterator_t *iterator, const char *oid) |
Initialise an DFN-CERT iterator, for advisories relevant to a NVT. More... | |
int | secinfo_count_after (const get_data_t *get, const char *type, time_t count_time, gboolean get_modified) |
Count number of SecInfo items created or modified after a given time. More... | |
static int | update_dfn_xml (const gchar *xml_path, int last_cert_update, int last_dfn_update) |
Update DFN-CERT info from a single XML feed file. More... | |
static int | update_dfn_cert_advisories (int last_cert_update) |
Update DFN-CERTs. More... | |
static int | update_bund_xml (const gchar *xml_path, int last_cert_update, int last_bund_update) |
Update CERT-Bund info from a single XML feed file. More... | |
static int | update_cert_bund_advisories (int last_cert_update) |
Update CERT-Bunds. More... | |
static int | insert_scap_cpe (inserts_t *inserts, element_t cpe_item, element_t item_metadata, int modification_time) |
Insert a SCAP CPE. More... | |
static int | update_scap_cpes_from_file (const gchar *path) |
Update SCAP CPEs from a file. More... | |
static int | update_scap_cpes () |
Update SCAP CPEs. More... | |
static int | last_appearance (element_t product) |
Check if this is the last appearance of a product in its siblings. More... | |
static int | hashed_cpes_cpe_id (GHashTable *hashed_cpes, const gchar *product_tilde) |
Get the ID of a CPE from a hashtable. More... | |
static void | insert_cve_products (element_t list, resource_t cve, int time_modified, int time_published, GHashTable *hashed_cpes, int *transaction_size) |
Insert products for a CVE. More... | |
static int | insert_cve_from_entry (element_t entry, element_t last_modified, GHashTable *hashed_cpes, int *transaction_size) |
Insert a CVE. More... | |
static int | update_cve_xml (const gchar *xml_path, GHashTable *hashed_cpes) |
Update CVE info from a single XML feed file. More... | |
static int | update_scap_cves () |
Update SCAP CVEs. More... | |
static int | manage_db_reinit (const gchar *name) |
Reinit a db. More... | |
static void | sync_secinfo (sigset_t *sigmask_current, int(*update)(void), const gchar *process_title) |
Sync a SecInfo DB. More... | |
static int | manage_feed_timestamp (const gchar *name) |
Get the feed timestamp. More... | |
int | secinfo_feed_version_status (const char *feed_type) |
Gets the SCAP or CERT database version status. More... | |
int | check_cert_db_version () |
Ensure CERT db is at the right version, and in the right mode. More... | |
static int | update_cert_timestamp () |
Update timestamp in CERT db from feed timestamp. More... | |
static void | update_cvss_dfn_cert (int updated_dfn_cert, int last_cert_update, int last_scap_update) |
Update DFN-CERT Max CVSS. More... | |
static void | update_cvss_cert_bund (int updated_cert_bund, int last_cert_update, int last_scap_update) |
Update CERT-Bund Max CVSS. More... | |
void | manage_sync_cert (sigset_t *sigmask_current) |
Sync the CERT DB. More... | |
int | check_scap_db_version () |
Ensure SCAP db is at the right version, and in the right mode. More... | |
static int | update_scap_timestamp () |
Update timestamp in SCAP db from feed timestamp. More... | |
static void | update_scap_cvss () |
Update SCAP Max CVSS. | |
static void | update_scap_placeholders () |
Update SCAP placeholder CVES. | |
static int | update_scap_end () |
Finish scap update. More... | |
static int | try_load_csv () |
Try load the feed from feed CSV files. More... | |
static int | sync_scap () |
Sync the SCAP DB. More... | |
void | manage_sync_scap (sigset_t *sigmask_current) |
Sync the SCAP DB. More... | |
static int | rebuild_scap () |
Rebuild the entire SCAP DB. More... | |
int | manage_rebuild_scap (GSList *log_config, const db_conn_info_t *database) |
Rebuild part of the SCAP DB. More... | |
void | set_secinfo_commit_size (int new_commit_size) |
Set the SecInfo update commit size. More... | |
Variables | |
static int | secinfo_commit_size = SECINFO_COMMIT_SIZE_DEFAULT |
Commit size for updates. | |
GVM management layer: SecInfo.
The SecInfo parts of the GVM management layer.
int cert_bund_adv_info_count | ( | const get_data_t * | get | ) |
Count number of cert_bund_adv.
[in] | get | GET params. |
|
static |
Gets the filter columns for CERT-Bund advisory iterators and counts.
|
static |
Gets the SELECT columns for CERT-Bund advisory iterators and counts.
int check_cert_db_version | ( | ) |
Ensure CERT db is at the right version, and in the right mode.
int check_scap_db_version | ( | ) |
Ensure SCAP db is at the right version, and in the right mode.
int cpe_info_count | ( | const get_data_t * | get | ) |
Count number of cpe.
[in] | get | GET params. |
|
static |
Gets the filter columns for CPE iterators and counts.
|
static |
Gets the SELECT columns for CPE iterators and counts.
gchar* cve_cvss_base | ( | const gchar * | cve | ) |
Get the CVSS score for a CVE.
[in] | cve | CVE-ID of the CVE to get the score of. |
int cve_info_count | ( | const get_data_t * | get | ) |
Count number of cve.
[in] | get | GET params. |
|
static |
Gets the filter columns for CVE iterators and counts.
|
static |
Gets the SELECT columns for CVE iterators and counts.
int dfn_cert_adv_info_count | ( | const get_data_t * | get | ) |
Count number of dfn_cert_adv.
[in] | get | GET params. |
|
static |
Gets the filter columns for DFN-CERT advisory iterators and counts.
|
static |
Gets the SELECT columns for DFN-CERT advisory iterators and counts.
|
static |
Get the ID of a CPE from a hashtable.
[in] | hashed_cpes | CPEs. |
[in] | product_tilde | UUID/Name. |
|
inlinestatic |
Increment transaction size, commit and reset at secinfo_commit_size.
[in,out] | current_size | Pointer to current size to increment and compare. |
int init_cert_bund_adv_info_iterator | ( | iterator_t * | iterator, |
get_data_t * | get, | ||
const char * | name | ||
) |
Initialise an CERT-Bund advisory (cert_bund_adv) info iterator.
[in] | iterator | Iterator. |
[in] | get | GET data. |
[in] | name | Name of the info |
void init_cpe_cve_iterator | ( | iterator_t * | iterator, |
const char * | cve, | ||
int | ascending, | ||
const char * | sort_field | ||
) |
Initialise an CVE iterator, for CVEs reported for a certain CPE.
[in] | iterator | Iterator. |
[in] | cve | CVE. |
[in] | ascending | Whether to sort ascending or descending. |
[in] | sort_field | Field to sort on, or NULL for "id". |
int init_cpe_info_iterator | ( | iterator_t * | iterator, |
get_data_t * | get, | ||
const char * | name | ||
) |
Initialise a info iterator.
[in] | iterator | Iterator. |
[in] | get | GET data. |
[in] | name | Name of the info |
void init_cve_cert_bund_adv_iterator | ( | iterator_t * | iterator, |
const char * | cve, | ||
int | ascending, | ||
const char * | sort_field | ||
) |
Initialise CVE iterator, for CVEs referenced by a CERT-Bund advisory.
[in] | iterator | Iterator. |
[in] | cve | Name of the CVE. |
[in] | ascending | Whether to sort ascending or descending. |
[in] | sort_field | Field to sort on, or NULL for "id". |
void init_cve_dfn_cert_adv_iterator | ( | iterator_t * | iterator, |
const char * | cve, | ||
int | ascending, | ||
const char * | sort_field | ||
) |
Initialise CVE iterator, for CVEs referenced by a DFN-CERT advisory.
[in] | iterator | Iterator. |
[in] | cve | Name of the CVE. |
[in] | ascending | Whether to sort ascending or descending. |
[in] | sort_field | Field to sort on, or NULL for "id". |
int init_cve_info_iterator | ( | iterator_t * | iterator, |
get_data_t * | get, | ||
const char * | name | ||
) |
Initialise a info iterator.
[in] | iterator | Iterator. |
[in] | get | GET data. |
[in] | name | Name of the info |
int init_dfn_cert_adv_info_iterator | ( | iterator_t * | iterator, |
get_data_t * | get, | ||
const char * | name | ||
) |
Initialise an DFN-CERT advisory (dfn_cert_adv) info iterator.
[in] | iterator | Iterator. |
[in] | get | GET data. |
[in] | name | Name of the info |
void init_nvt_cert_bund_adv_iterator | ( | iterator_t * | iterator, |
const char * | oid | ||
) |
Initialise an CERT-Bund iterator, for advisories relevant to a NVT.
[in] | iterator | Iterator. |
[in] | oid | OID of the NVT. |
void init_nvt_dfn_cert_adv_iterator | ( | iterator_t * | iterator, |
const char * | oid | ||
) |
Initialise an DFN-CERT iterator, for advisories relevant to a NVT.
[in] | iterator | Iterator. |
[in] | oid | OID of the NVT. |
|
static |
Insert a CVE.
[in] | entry | XML entry. |
[in] | last_modified | XML last_modified element. |
[in] | transaction_size | Statement counter for batching. |
[in] | hashed_cpes | Hashed CPEs. |
|
static |
Insert products for a CVE.
[in] | list | XML product list. |
[in] | cve | CVE. |
[in] | time_published | Time published. |
[in] | time_modified | Time modified. |
[in] | hashed_cpes | Hashed CPEs. |
[in] | transaction_size | Statement counter for batching. |
|
static |
Insert a SCAP CPE.
[in] | inserts | Pointer to SQL buffer. |
[in] | cpe_item | CPE item XML element. |
[in] | item_metadata | Item's metadata element. |
[in] | modification_time | Modification time of item. |
|
static |
Check size of current statement.
[in] | inserts | Insert buffer. |
|
static |
Free everything.
[in] | inserts | Insert buffer. |
|
static |
Check size of current statement.
[in] | inserts | Insert buffer. |
[in] | max_chunk_size | Max chunk size. |
[in] | open_sql | SQL to to start each statement. |
[in] | close_sql | SQL to append to the end of each statement. |
|
static |
Run the INSERT SQL, freeing the buffers.
[in] | inserts | Insert buffer. |
|
static |
Close the current statement.
[in] | inserts | Insert buffer. |
|
static |
Check if this is the last appearance of a product in its siblings.
[in] | product | Product. |
int manage_db_add_constraints | ( | const gchar * | name | ) |
Init external database.
[in] | name | Name. Currently only "scap". |
int manage_db_init | ( | const gchar * | name | ) |
Init external database.
[in] | name | Name. "cert" or "scap". |
int manage_db_init_indexes | ( | const gchar * | name | ) |
Init external database.
[in] | name | Name. Currently only "scap". |
|
static |
Reinit a db.
[in] | name | Name of db. |
void manage_db_remove | ( | const gchar * | name | ) |
Attach external databases.
[in] | name | Database name. |
|
static |
Get the feed timestamp.
[in] | name | Feed type: SCAP or CERT. |
int manage_rebuild_scap | ( | GSList * | log_config, |
const db_conn_info_t * | database | ||
) |
Rebuild part of the SCAP DB.
[in] | log_config | Log configuration. |
[in] | database | Location of manage database. |
void manage_sync_cert | ( | sigset_t * | sigmask_current | ) |
Sync the CERT DB.
[in] | sigmask_current | Sigmask to restore in child. |
void manage_sync_scap | ( | sigset_t * | sigmask_current | ) |
Sync the SCAP DB.
[in] | sigmask_current | Sigmask to restore in child. |
|
static |
Get ISO time from element's text.
[in] | element | Element. |
|
static |
Rebuild the entire SCAP DB.
int secinfo_count_after | ( | const get_data_t * | get, |
const char * | type, | ||
time_t | count_time, | ||
gboolean | get_modified | ||
) |
Count number of SecInfo items created or modified after a given time.
[in] | get | GET params. |
[in] | type | The type of SecInfo to count. |
[in] | count_time | Time SecInfo must be created or modified after. |
[in] | get_modified | Whether to get the modification time. |
int secinfo_feed_version_status | ( | const char * | feed_type | ) |
Gets the SCAP or CERT database version status.
[in] | feed_type | The feed type to check. Must be "cert" or "scap". |
void set_secinfo_commit_size | ( | int | new_commit_size | ) |
Set the SecInfo update commit size.
new_commit_size | The new SecInfo update commit size. |
|
static |
Split a file.
[in] | path | Path to file. |
[in] | size | Approx size of split files. In same format that xml_split accepts, eg "200Kb". |
[in] | tail | Text to replace last line of split files. |
|
static |
Get SQL quoted version of element's text.
[in] | element | Element. |
|
static |
Replace text in a string.
[in] | string | String to replace in. |
[in] | to | Replacement text. |
|
static |
Sync the CERT DB.
|
static |
Sync the SCAP DB.
|
static |
Sync a SecInfo DB.
[in] | sigmask_current | Sigmask to restore in child. |
[in] | update | Function to do the sync. |
[in] | process_title | Process title. |
|
static |
Try load the feed from feed CSV files.
|
static |
Update CERT-Bund info from a single XML feed file.
[in] | xml_path | XML path. |
[in] | last_cert_update | Time of last CERT update. |
[in] | last_bund_update | Time of last update to a DFN. |
|
static |
Update CERT-Bunds.
Assume that the databases are attached.
[in] | last_cert_update | Time of last CERT update from meta. |
|
static |
Update timestamp in CERT db from feed timestamp.
|
static |
Update CVE info from a single XML feed file.
[in] | xml_path | XML path. |
[in] | hashed_cpes | Hashed CPEs. |
|
static |
Update CERT-Bund Max CVSS.
[in] | updated_cert_bund | Whether CERT-Bund updated. |
[in] | last_cert_update | Time of last CERT update. |
[in] | last_scap_update | Time of last SCAP update. |
|
static |
Update DFN-CERT Max CVSS.
[in] | updated_dfn_cert | Whether CERT-Bund updated. |
[in] | last_cert_update | Time of last CERT update. |
[in] | last_scap_update | Time of last SCAP update. |
|
static |
Update DFN-CERTs.
Assume that the databases are attached.
[in] | last_cert_update | Time of last CERT update from meta. |
|
static |
Update DFN-CERT info from a single XML feed file.
[in] | xml_path | XML path. |
[in] | last_cert_update | Time of last CERT update. |
[in] | last_dfn_update | Time of last update to a DFN. |
|
static |
Update all data in the SCAP DB.
[in] | reset_scap_db | Whether to rebuild regardless of last_scap_update. |
|
static |
Update SCAP CPEs.
|
static |
Update SCAP CPEs from a file.
[in] | path | Path to file. |
|
static |
Update SCAP CVEs.
Assume that the databases are attached.
|
static |
Finish scap update.
|
static |
Update timestamp in SCAP db from feed timestamp.