Change: Adjust loading of CPEs to new JSON API

CPEs can now be loaded from JSON files based on the NVD API. As some fields in the old XML differ the JSON API, they are replaced by similar fields: "nvd_id" is replaced by "cpe_name_id" and "status" is replaced by "deprecated". The "raw_data" will no longer be available after switching to JSON, so the references are and "deprecated_by" element are handled explictly. These changes are made because the XML-based data feeds have been deprecated by NVD.
greenbone · Sep 30, 2024 · 00dbe56 · 00dbe56
1 parent 6589a19
commit 00dbe56
Show file tree

Hide file tree

Showing 7 changed files with 650 additions and 83 deletions.
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -103,7 +103,7 @@ include (CPack)
 
 set (GVMD_DATABASE_VERSION 256)
 
-set (GVMD_SCAP_DATABASE_VERSION 21)
+set (GVMD_SCAP_DATABASE_VERSION 22)
 
 set (GVMD_CERT_DATABASE_VERSION 8)
 

diff --git a/src/gmp.c b/src/gmp.c
@@ -13421,24 +13421,33 @@ handle_get_info (gmp_parser_t *gmp_parser, GError **error)
                                "<title>%s</title>",
                                cpe_info_iterator_title (&info));
           xml_string_append (result,
-                             "<nvd_id>%s</nvd_id>"
+                             "<cpe_name_id>%s</cpe_name_id>"
                              "<severity>%s</severity>"
                              "<cve_refs>%s</cve_refs>"
-                             "<status>%s</status>",
-                             cpe_info_iterator_nvd_id (&info)
-                              ? cpe_info_iterator_nvd_id (&info)
+                             "<deprecated>%s</deprecated>",
+                             cpe_info_iterator_cpe_name_id (&info)
+                              ? cpe_info_iterator_cpe_name_id (&info)
                               : "",
                              cpe_info_iterator_severity (&info)
                               ? cpe_info_iterator_severity (&info)
                               : "",
                              cpe_info_iterator_cve_refs (&info),
-                             cpe_info_iterator_status (&info)
-                              ? cpe_info_iterator_status (&info)
-                              : "");
+                             cpe_info_iterator_deprecated (&info)
+                              ? cpe_info_iterator_deprecated (&info)
+                              : "0");
 
           if (get_info_data->details == 1)
             {
-              iterator_t cves;
+              const char *deprecated_by_id
+                = cpe_info_iterator_deprecated_by_id (&info);
+              if (deprecated_by_id && strcmp (deprecated_by_id, ""))
+                {
+                  xml_string_append (result,
+                                     "<deprecated_by>%s</deprecated_by>",
+                                     deprecated_by_id);
+                }
+
+              iterator_t cves, refs;
               g_string_append (result, "<cves>");
               init_cpe_cve_iterator (&cves, get_iterator_name (&info), 0, NULL);
               while (next (&cves))
@@ -13466,6 +13475,16 @@ handle_get_info (gmp_parser_t *gmp_parser, GError **error)
                                     : "");
               cleanup_iterator (&cves);
               g_string_append (result, "</cves>");
+
+              g_string_append (result, "<references>");
+              init_cpe_reference_iterator (&refs, get_iterator_name (&info));
+              while (next (&refs))
+                xml_string_append (result,
+                                   "<reference href=\"%s\">%s</reference>",
+                                   cpe_reference_iterator_href (&refs),
+                                   cpe_reference_iterator_type (&refs));
+              cleanup_iterator (&refs);
+              g_string_append (result, "</references>");
             }
         }
       else if (g_strcmp0 ("cve", get_info_data->type) == 0)

diff --git a/src/manage.h b/src/manage.h
@@ -3355,23 +3355,33 @@ const char*
 cpe_info_iterator_title (iterator_t*);
 
 const char*
-cpe_info_iterator_status (iterator_t*);
+cpe_info_iterator_deprecated (iterator_t*);
 
 const char *
 cpe_info_iterator_severity (iterator_t*);
 
 const char*
-cpe_info_iterator_deprecated_by_id (iterator_t*);
+cpe_info_iterator_cve_refs (iterator_t*);
 
 const char*
-cpe_info_iterator_cve_refs (iterator_t*);
+cpe_info_iterator_cpe_name_id (iterator_t*);
 
 const char*
-cpe_info_iterator_nvd_id (iterator_t*);
+cpe_info_iterator_deprecated_by_id (iterator_t*);
 
 gchar *
 cpe_details_xml (const char*);
 
+void
+init_cpe_reference_iterator (iterator_t *, const char *);
+
+const char*
+cpe_reference_iterator_href (iterator_t *);
+
+const char*
+cpe_reference_iterator_type (iterator_t *);
+
+
 /* CVE. */
 
 const char*

diff --git a/src/manage_pg.c b/src/manage_pg.c
@@ -3525,10 +3525,18 @@ manage_db_init (const gchar *name)
            "  modification_time integer,"
            "  title text,"
            "  status text,"
-           "  deprecated_by_id INTEGER,"
+           "  deprecated_by_id TEXT,"
            "  severity DOUBLE PRECISION DEFAULT 0,"
            "  cve_refs INTEGER DEFAULT 0,"
-           "  nvd_id text);");
+           "  nvd_id text,"
+           "  deprecated integer,"
+           "  cpe_name_id text);");
+
+      sql ("CREATE TABLE scap2.cpe_refs"
+           " (id SERIAL PRIMARY KEY,"
+           "  cpe INTEGER,"
+           "  ref TEXT,"
+           "  type TEXT);");
 
       sql ("CREATE TABLE scap2.cpe_match_nodes"
            " (id SERIAL PRIMARY KEY,"