Merge pull request #2300 from greenbone/cves-from-json

Change: Update handling of CVEs for the new JSON API.
greenbone · Nov 6, 2024 · a72ba1d · a72ba1d
2 parents 9b155fb + 4a52a60
commit a72ba1d
Show file tree

Hide file tree

Showing 7 changed files with 1,282 additions and 275 deletions.
diff --git a/src/gmp.c b/src/gmp.c
@@ -101,6 +101,7 @@
 #include "manage_report_configs.h"
 #include "manage_report_formats.h"
 #include "manage_tls_certificates.h"
+#include "sql.h"
 #include "utils.h"
 
 #include <arpa/inet.h>
@@ -128,6 +129,7 @@
 #include <gvm/util/fileutils.h>
 #include <gvm/util/sshutils.h>
 #include <gvm/util/authutils.h>
+#include <gvm/util/cpeutils.h>
 
 #undef G_LOG_DOMAIN
 /**
@@ -13247,6 +13249,209 @@ handle_get_groups (gmp_parser_t *gmp_parser, GError **error)
   set_client_state (CLIENT_AUTHENTIC);
 }
 
+/**
+ * @brief Print CPE match node with its matched CPEs.
+ *
+ * @param[in]  node     CPE match node to print.
+ * @param[in]  buffer   Buffer into which to print match node.
+ */
+static void
+print_cpe_match_nodes_xml (resource_t node, GString *buffer)
+{
+  iterator_t cpe_match_nodes, cpe_match_ranges;
+
+  init_iterator (&cpe_match_nodes,
+                 "SELECT operator, negate"
+                 " FROM scap.cpe_match_nodes WHERE id = %llu;",
+                 node);
+
+  const char *operator = NULL;
+  int negate = 0;
+  while (next (&cpe_match_nodes))
+    {
+      operator = iterator_string (&cpe_match_nodes, 0);
+      negate = iterator_int (&cpe_match_nodes, 1);
+    }
+  cleanup_iterator (&cpe_match_nodes);
+
+  xml_string_append (buffer, "<operator>%s</operator>", operator?: "");
+  xml_string_append (buffer, "<negate>%s</negate>", negate? "1" : "0");
+
+  init_cpe_match_string_iterator (&cpe_match_ranges, node);
+  while (next (&cpe_match_ranges))
+    {
+      const gchar *vsi, *vse, *vei, *vee, *match_criteria_id, *criteria, *status;
+
+      xml_string_append (buffer, "<match_string>");
+      match_criteria_id
+        = cpe_match_string_iterator_match_criteria_id (&cpe_match_ranges);
+      criteria = cpe_match_string_iterator_criteria (&cpe_match_ranges);
+      status = cpe_match_string_iterator_status (&cpe_match_ranges);
+
+      xml_string_append (buffer,
+                         "<criteria>%s</criteria>"
+                         "<vulnerable>%s</vulnerable>"
+                         "<status>%s</status>",
+                         criteria?: "",
+                         cpe_match_string_iterator_vulnerable (&cpe_match_ranges) != 0
+                         ? "1"
+                         : "0",
+                         status?: "");
+
+      vsi = cpe_match_string_iterator_version_start_incl (&cpe_match_ranges);
+      vse = cpe_match_string_iterator_version_start_excl (&cpe_match_ranges);
+      vei = cpe_match_string_iterator_version_end_incl (&cpe_match_ranges);
+      vee = cpe_match_string_iterator_version_end_excl (&cpe_match_ranges);
+
+      xml_string_append (buffer,
+                         "<version_start_including>%s</version_start_including>", 
+                         vsi ?: "");
+      xml_string_append (buffer,
+                         "<version_start_excluding>%s</version_start_excluding>",
+                         vse ?: "");
+      xml_string_append (buffer,
+                         "<version_end_including>%s</version_end_including>",
+                         vei ?: "");
+      xml_string_append (buffer,
+                         "<version_end_excluding>%s</version_end_excluding>",
+                         vee ?: "");
+
+      iterator_t cpe_matches;
+      init_cpe_match_string_matches_iterator (&cpe_matches, match_criteria_id);
+      xml_string_append (buffer, "<matched_cpes>");
+
+      while (next (&cpe_matches))
+        {
+          iterator_t cpes;
+
+          init_iterator (&cpes,
+                         "SELECT deprecated FROM scap.cpes"
+                         " WHERE cpe_name_id = '%s';",
+                         cpe_matches_cpe_name_id(&cpe_matches));
+
+          const char* cpe = cpe_matches_cpe_name (&cpe_matches);
+
+          int deprecated = 0;
+          while (next (&cpes))
+          {
+            deprecated = iterator_int (&cpes, 0);
+          }
+          cleanup_iterator (&cpes);
+
+          xml_string_append (buffer, "<cpe id=\"%s\">", cpe?: "");
+          xml_string_append (buffer,
+                             "<deprecated>%s</deprecated>",
+                             deprecated ? "1" : "0");
+          if (deprecated)
+            {
+              iterator_t deprecated_by;
+              init_cpe_deprecated_by_iterator (&deprecated_by, cpe);
+              while (next (&deprecated_by))
+              {
+                xml_string_append (buffer,
+                                   "<deprecated_by cpe_id=\"%s\"/>",
+                                   cpe_deprecated_by_iterator_deprecated_by
+                                    (&deprecated_by));
+              }
+              cleanup_iterator (&deprecated_by);
+            }
+          xml_string_append (buffer, "</cpe>");
+        }
+      xml_string_append (buffer, "</matched_cpes>");
+      xml_string_append (buffer, "</match_string>");
+      cleanup_iterator (&cpe_matches);
+    }
+  cleanup_iterator (&cpe_match_ranges);
+}
+/**
+ * @brief Print CVE affected software configurations
+ *
+ * @param[in]   cve_uuid  uuid of the CVE.
+ * @param[out]  result    Buffer into which to print.
+ *
+ */
+static void
+print_cve_configurations_xml (const gchar *cve_uuid, GString *result)
+{
+  iterator_t cpe_match_root_nodes;
+  xml_string_append (result, "<configuration_nodes>");
+  init_cve_cpe_match_nodes_iterator (&cpe_match_root_nodes, cve_uuid);
+  while (next (&cpe_match_root_nodes))
+    {
+        result_t root_node;
+        iterator_t cpe_match_node_childs;
+        root_node = cpe_match_nodes_iterator_root_id (&cpe_match_root_nodes);
+        xml_string_append (result, "<node>");
+        print_cpe_match_nodes_xml (root_node, result);
+        init_cpe_match_node_childs_iterator (&cpe_match_node_childs, root_node);
+        while (next (&cpe_match_node_childs))
+          {
+            resource_t child_node;
+            child_node =
+              cpe_match_node_childs_iterator_id (&cpe_match_node_childs);
+            xml_string_append (result, "<node>");
+            print_cpe_match_nodes_xml (child_node, result);
+            xml_string_append (result, "</node>");
+          }
+        xml_string_append (result, "</node>");
+        cleanup_iterator (&cpe_match_node_childs);
+    }
+    xml_string_append (result, "</configuration_nodes>");
+    cleanup_iterator (&cpe_match_root_nodes);
+}
+
+/**
+ * @brief Print CVE references
+ *
+ * @param[in]   cve_uuid  uuid of the CVE.
+ * @param[out]  result    Buffer into which to print.
+ *
+ */
+static void
+print_cve_references_xml (const gchar *cve_uuid, GString *result)
+{
+  iterator_t references;
+  init_cve_reference_iterator (&references, cve_uuid);
+  xml_string_append (result, "<references>");
+  while (next (&references))
+    {
+      xml_string_append (result, "<reference>");
+      xml_string_append (result,
+                         "<url>%s</url>",
+                         cve_reference_iterator_url (&references));
+      xml_string_append (result, "<tags>");
+      const char * tags_array = cve_reference_iterator_tags (&references);
+      if(tags_array && strlen (tags_array) > 2)
+        {
+          char *trimmed_array
+            = g_strndup (tags_array + 1, strlen (tags_array) - 2);
+          gchar **tags, **current_tag;
+          tags = g_strsplit (trimmed_array, ",", -1);
+          current_tag = tags;
+          while (*current_tag)
+            {
+              if (strlen (*current_tag) > 2
+                  && (*current_tag)[0] == '"'
+                  && (*current_tag)[strlen (*current_tag) - 1] == '"')
+                {
+                  char *trimmed_tag = g_strndup (*current_tag + 1,
+                                                 strlen (*current_tag) - 2);
+                  xml_string_append (result, "<tag>%s</tag>", trimmed_tag);
+                  g_free (trimmed_tag);
+                }
+              else
+                xml_string_append (result, "<tag>%s</tag>", *current_tag);
+              current_tag++;
+            }
+          g_strfreev (tags);
+          g_free (trimmed_array);
+        }
+      xml_string_append (result, "</tags>");
+      xml_string_append (result, "</reference>");
+    }
+  xml_string_append (result, "</references>");
+  cleanup_iterator (&references);
+}
 /**
  * @brief Handle end of GET_INFO element.
  *
@@ -13622,6 +13827,10 @@ handle_get_info (gmp_parser_t *gmp_parser, GError **error)
                                           "</warning>");
                 }
               g_string_append (result, "</cert>");
+
+              const gchar *cve_uuid = get_iterator_uuid (&info);
+              print_cve_configurations_xml (cve_uuid, result);
+              print_cve_references_xml (cve_uuid, result);
             }
         }
       else if (g_strcmp0 ("cert_bund_adv", get_info_data->type) == 0)

diff --git a/src/manage.c b/src/manage.c
@@ -3180,19 +3180,19 @@ check_cpe_match_rule (long long int node, gboolean *match, gboolean *vulnerable,
         return;
     }
 
-  init_cpe_match_range_iterator (&cpe_match_ranges, node);
+  init_cpe_match_string_iterator (&cpe_match_ranges, node);
   while (next (&cpe_match_ranges))
     {
       iterator_t cpe_host_details_products;
       gchar *range_fs_cpe;
       gchar *range_uri_product;
       gchar *vsi, *vse, *vei, *vee;
       range_fs_cpe = vsi = vse = vei = vee = NULL;
-      range_fs_cpe = g_strdup (cpe_match_range_iterator_cpe (&cpe_match_ranges));
-      vsi = g_strdup (cpe_match_range_iterator_version_start_incl (&cpe_match_ranges));
-      vse = g_strdup (cpe_match_range_iterator_version_start_excl (&cpe_match_ranges));
-      vei = g_strdup (cpe_match_range_iterator_version_end_incl (&cpe_match_ranges));
-      vee = g_strdup (cpe_match_range_iterator_version_end_excl (&cpe_match_ranges));
+      range_fs_cpe = g_strdup (cpe_match_string_iterator_criteria (&cpe_match_ranges));
+      vsi = g_strdup (cpe_match_string_iterator_version_start_incl (&cpe_match_ranges));
+      vse = g_strdup (cpe_match_string_iterator_version_start_excl (&cpe_match_ranges));
+      vei = g_strdup (cpe_match_string_iterator_version_end_incl (&cpe_match_ranges));
+      vee = g_strdup (cpe_match_string_iterator_version_end_excl (&cpe_match_ranges));
       range_uri_product = fs_cpe_to_uri_product (range_fs_cpe);
       init_host_details_cpe_product_iterator (&cpe_host_details_products, range_uri_product, report_host);
       while (next (&cpe_host_details_products))
@@ -3216,7 +3216,7 @@ check_cpe_match_rule (long long int node, gboolean *match, gboolean *vulnerable,
           cpe_struct_free (&source);
           cpe_struct_free (&target);
         }
-      if (*match && cpe_match_range_iterator_vulnerable (&cpe_match_ranges) == 1)
+      if (*match && cpe_match_string_iterator_vulnerable (&cpe_match_ranges) == 1)
         {
           cpe_struct_t source, target;
           cpe_struct_init (&source);

diff --git a/src/manage.h b/src/manage.h
@@ -1693,6 +1693,21 @@ app_locations_iterator_location (iterator_t*);
 void
 init_cpe_match_nodes_iterator (iterator_t*, const char *);
 
+void
+init_cve_cpe_match_nodes_iterator (iterator_t*, const char *);
+
+void
+init_cve_reference_iterator (iterator_t*, const char *);
+
+const char*
+cve_reference_iterator_url (iterator_t*);
+
+const char*
+cve_reference_iterator_tags (iterator_t*);
+
+const char*
+cve_reference_iterator_tags_count (iterator_t*);
+
 long long int
 cpe_match_nodes_iterator_root_id (iterator_t*);
 
@@ -1709,25 +1724,40 @@ long long int
 cpe_match_node_childs_iterator_id (iterator_t*);
 
 void
-init_cpe_match_range_iterator (iterator_t*, long long int);
+init_cpe_match_string_iterator (iterator_t*, long long int);
 
 const char*
-cpe_match_range_iterator_cpe (iterator_t*);
+cpe_match_string_iterator_criteria (iterator_t*);
 
 const char*
-cpe_match_range_iterator_version_start_incl (iterator_t*);
+cpe_match_string_iterator_match_criteria_id (iterator_t*);
 
 const char*
-cpe_match_range_iterator_version_start_excl (iterator_t*);
+cpe_match_string_iterator_status (iterator_t*);
 
 const char*
-cpe_match_range_iterator_version_end_incl (iterator_t*);
+cpe_match_string_iterator_version_start_incl (iterator_t*);
 
 const char*
-cpe_match_range_iterator_version_end_excl (iterator_t*);
+cpe_match_string_iterator_version_start_excl (iterator_t*);
+
+const char*
+cpe_match_string_iterator_version_end_incl (iterator_t*);
+
+const char*
+cpe_match_string_iterator_version_end_excl (iterator_t*);
 
 int
-cpe_match_range_iterator_vulnerable (iterator_t*);
+cpe_match_string_iterator_vulnerable (iterator_t*);
+
+void
+init_cpe_match_string_matches_iterator (iterator_t*, const char *);
+
+const char*
+cpe_matches_cpe_name_id (iterator_t*);
+
+const char*
+cpe_matches_cpe_name (iterator_t*);
 
 void
 init_host_details_cpe_product_iterator (iterator_t*, const char *, report_host_t);