From e0f38153fb536219e858d46653a13b9b70505605 Mon Sep 17 00:00:00 2001 From: Ahmed Abdelsalam Date: Mon, 15 Jan 2024 19:28:38 +0100 Subject: [PATCH 01/13] Change: Differentiate between audit and scan reports - usage_type can now be used with get_reports GMP command to get audit/scan reports separately. - compliance / compliance count is now used for audit reports instead of severity / result count. --- src/gmp.c | 27 +- src/manage.h | 9 +- src/manage_pg.c | 39 +- src/manage_sql.c | 1443 +++++++++++++++++++++++++++++++++++----------- 4 files changed, 1166 insertions(+), 352 deletions(-) diff --git a/src/gmp.c b/src/gmp.c index 6e8840e2e..e8230922e 100644 --- a/src/gmp.c +++ b/src/gmp.c @@ -5555,6 +5555,14 @@ gmp_xml_handle_start_element (/* unused */ GMarkupParseContext* context, else get_reports_data->ignore_pagination = 0; + if (find_attribute (attribute_names, attribute_values, + "usage_type", &attribute)) + { + get_data_set_extra (&get_reports_data->report_get, + "usage_type", + attribute); + } + set_client_state (CLIENT_GET_REPORTS); } else if (strcasecmp ("GET_REPORT_CONFIGS", element_name) == 0) @@ -14818,7 +14826,7 @@ handle_get_reports (gmp_parser_t *gmp_parser, GError **error) || (strlen (get_reports_data->report_get.id) == 0)) { int overrides, min_qod; - gchar *filter, *levels; + gchar *filter, *levels, *compliance_levels; get_data_t * get; /* For simplicity, use a fixed result filter when filtering @@ -14840,13 +14848,22 @@ handle_get_reports (gmp_parser_t *gmp_parser, GError **error) overrides = filter_term_apply_overrides (filter ? filter : get->filter); min_qod = filter_term_min_qod (filter ? filter : get->filter); levels = filter_term_value (filter ? filter : get->filter, "levels"); + compliance_levels = filter_term_value (filter + ? filter + : get->filter, + "compliance_levels"); g_free (filter); /* Setup result filter from overrides. */ get_reports_data->get.filter - = g_strdup_printf ("apply_overrides=%i min_qod=%i levels=%s", - overrides, min_qod, levels ? levels : "hmlgdf"); + = g_strdup_printf + ("apply_overrides=%i min_qod=%i levels=%s compliance_levels=%s", + overrides, + min_qod, + levels ? levels : "hmlgdf", + compliance_levels ? compliance_levels : "yniu"); g_free (levels); + g_free (compliance_levels); } ret = init_report_iterator (&reports, &get_reports_data->report_get); @@ -16252,6 +16269,7 @@ handle_get_results (gmp_parser_t *gmp_parser, GError **error) NULL, /* result_hosts_only */ NULL, /* min_qod */ NULL, /* levels */ + NULL, /* compliance_levels */ NULL, /* delta_states */ NULL, /* search_phrase */ NULL, /* search_phrase_exact */ @@ -18266,7 +18284,8 @@ handle_get_tasks (gmp_parser_t *gmp_parser, GError **error) report_compliance_by_uuid (last_report_id, &compliance_yes, &compliance_no, - &compliance_incomplete); + &compliance_incomplete, + NULL); last_report = g_strdup_printf ("" diff --git a/src/manage.h b/src/manage.h index 891b3a0c7..dfa832808 100644 --- a/src/manage.h +++ b/src/manage.h @@ -838,6 +838,9 @@ set_task_hosts_ordering (task_t, const char *); void set_task_scanner (task_t, scanner_t); +int +task_usage_type (task_t, char**); + void set_task_usage_type (task_t, const char *); @@ -1328,7 +1331,7 @@ gboolean report_task (report_t, task_t*); void -report_compliance_by_uuid (const char *, int *, int *, int *); +report_compliance_by_uuid (const char *, int *, int *, int *, int *); int report_scan_result_count (report_t, const char*, const char*, int, const char*, @@ -1724,8 +1727,8 @@ manage_filter_controls (const gchar *, int *, int *, gchar **, int *); void manage_report_filter_controls (const gchar *, int *, int *, gchar **, int *, - int *, gchar **, gchar **, gchar **, gchar **, - int *, int *, int *, int *, gchar **); + int *, gchar **, gchar **, gchar **, gchar **, + gchar **, int *, int *, int *, int *, gchar **); gchar * manage_clean_filter (const gchar *); diff --git a/src/manage_pg.c b/src/manage_pg.c index 1f513344e..b9d008142 100644 --- a/src/manage_pg.c +++ b/src/manage_pg.c @@ -895,7 +895,44 @@ manage_create_sql_functions () "$$ LANGUAGE plpgsql" " IMMUTABLE;"); - /* Functions in SQL. */ + sql ("CREATE OR REPLACE FUNCTION compliance_status (" + " report_id integer)" + "RETURNS text AS $$ " + "BEGIN" + " CASE" + " WHEN (SELECT count(*) FROM results" + " WHERE report = report_id" + " AND description LIKE 'Compliant:%%NO%%') > 0" + " THEN RETURN 'no';" + " WHEN (SELECT count(*) FROM results" + " WHERE report = report_id" + " AND description LIKE 'Compliant:%%INCOMPLETE%%') > 0" + " THEN RETURN 'incomplete';" + " WHEN (SELECT count(*) FROM results" + " WHERE report = report_id" + " AND description LIKE 'Compliant:%%YES%%') > 0" + " THEN RETURN 'yes';" + " ELSE RETURN 'undefined';" + " END CASE;" + "END;" + "$$ LANGUAGE plpgsql" + " IMMUTABLE;"); + + sql ("CREATE OR REPLACE FUNCTION compliance_count (report_id integer, compliance text)" + " RETURNS integer AS $$" + " DECLARE count integer := 0;" + " BEGIN" + " WITH compliance_count AS" + " (SELECT count(*) AS total FROM results WHERE report = report_id" + " AND description LIKE 'Compliant:%%' || compliance || '%%')" + " SELECT total FROM compliance_count" + " INTO count;" + " RETURN count;" + " END;" + " $$ LANGUAGE plpgsql" + " IMMUTABLE;"); + + /* Functions in SQL. */ if (sql_int ("SELECT (EXISTS (SELECT * FROM information_schema.tables" " WHERE table_catalog = '%s'" diff --git a/src/manage_sql.c b/src/manage_sql.c index 5c1e760eb..d498e8fbe 100644 --- a/src/manage_sql.c +++ b/src/manage_sql.c @@ -294,6 +294,9 @@ cache_all_permissions_for_users (GArray*); static void report_cache_counts (report_t, int, int, const char*); +static gchar * +reports_extra_where (int, const char *, const char *); + static int report_host_dead (report_host_t); @@ -2033,7 +2036,13 @@ filter_control_str (keyword_t **point, const char *column, gchar **string) * results if NULL. * @param[out] levels String describing threat levels (message types) * to include in count (for example, "hmlg" for - * High, Medium, Low and loG). All levels if NULL. + * High, Medium, Low and loG). All levels if NULL. + * @param[out] comliance_levels String describing compliance levels + * to include in count (for example, "yniu" for + * "yes" (compliant), "n" for "no" (not compliant), + * "i" for "incomplete" and "u" for "undefined" + * (without compliance information). + * All levels if NULL. * @param[out] delta_states String describing delta states to include in count * (for example, "sngc" Same, New, Gone and Changed). * All levels if NULL. @@ -2049,10 +2058,11 @@ void manage_report_filter_controls (const gchar *filter, int *first, int *max, gchar **sort_field, int *sort_order, int *result_hosts_only, gchar **min_qod, - gchar **levels, gchar **delta_states, - gchar **search_phrase, int *search_phrase_exact, - int *notes, int *overrides, - int *apply_overrides, gchar **zone) + gchar **levels, gchar **compliance_levels, + gchar **delta_states, gchar **search_phrase, + int *search_phrase_exact, int *notes, + int *overrides, int *apply_overrides, + gchar **zone) { keyword_t **point; array_t *split; @@ -2211,6 +2221,16 @@ manage_report_filter_controls (const gchar *filter, int *first, int *max, else *apply_overrides = val; } + + if (compliance_levels) + { + if (filter_control_str ((keyword_t **) split->pdata, + "compliance_levels", + &string)) + *compliance_levels = NULL; + else + *compliance_levels = string; + } if (delta_states) { @@ -17781,9 +17801,8 @@ resource_count (const char *type, const get_data_t *get) } else if (strcmp (type, "report") == 0) { - extra_where = g_strdup (" AND (SELECT hidden FROM tasks" - " WHERE tasks.id = task)" - " = 0"); + const gchar *usage_type = get_data_get_extra (get, "usage_type"); + extra_where = reports_extra_where (0, NULL, usage_type); } else if (strcmp (type, "result") == 0) { @@ -18242,6 +18261,25 @@ task_scanner_in_trash (task_t task) " FROM tasks WHERE id = %llu;", task); } +/** + * @brief Return the usage type of a task. + * + * @param[in] task Task. + * @param[out] usage_type Pointer to a newly allocated string. + * + * @return 0 if successful, -1 otherwise. + */ +int +task_usage_type (task_t task, char ** usage_type) +{ + *usage_type = sql_string ("SELECT usage_type FROM tasks WHERE id = %llu;", + task); + if (usage_type == NULL) + return -1; + + return 0; +} + /** * @brief Set the usage_type of a task. * @@ -21483,12 +21521,14 @@ report_task (report_t report, task_t *task) * @param[out] compliance_yes Number of "YES" results. * @param[out] compliance_no Number of "NO" results. * @param[out] compliance_incomplete Number of "INCOMPLETE" results. + * @param[out] compliance_undefined Number of "UNDEFINED" results. */ void report_compliance_by_uuid (const char *report_id, int *compliance_yes, int *compliance_no, - int *compliance_incomplete) + int *compliance_incomplete, + int *compliance_undefined) { report_t report; gchar *quoted_uuid = sql_quote (report_id); @@ -21522,6 +21562,14 @@ report_compliance_by_uuid (const char *report_id, " AND description LIKE 'Compliant:%%INCOMPLETE%%';", report); } + if (compliance_undefined) + { + *compliance_undefined + = sql_int ("SELECT count(*) FROM results" + " WHERE report = %llu" + " AND description NOT LIKE 'Compliant:%%';", + report); + } g_free (quoted_uuid); } @@ -21750,7 +21798,8 @@ report_add_results_array (report_t report, GArray *results) "medium", "high", "hosts", "result_hosts", "fp_per_host", "log_per_host", \ "low_per_host", "medium_per_host", "high_per_host", "duration", \ "duration_per_host", "start_time", "end_time", "scan_start", "scan_end", \ - NULL } + "compliance_yes", "compliance_no", "compliance_incomplete", \ + "compliance_status", NULL } /** * @brief Report iterator columns. @@ -21888,6 +21937,26 @@ report_add_results_array (report_t report, GArray *results) "duration_per_host", \ KEYWORD_TYPE_INTEGER \ }, \ + { \ + "compliance_count (id, 'YES')", \ + "compliance_yes", \ + KEYWORD_TYPE_INTEGER \ + }, \ + { \ + "compliance_count (id, 'NO')", \ + "compliance_no", \ + KEYWORD_TYPE_INTEGER \ + }, \ + { \ + "compliance_count (id, 'INCOMPLETE')", \ + "compliance_incomplete", \ + KEYWORD_TYPE_INTEGER \ + }, \ + { \ + "compliance_status (id)", \ + "compliance_status", \ + KEYWORD_TYPE_STRING \ + }, \ { NULL, NULL, KEYWORD_TYPE_UNKNOWN } \ } @@ -21910,6 +21979,126 @@ report_iterator_opts_table (int override, int min_qod) min_qod); } +/** + * @brief Return SQL WHERE for restricting a SELECT to compliance statuses. + * + * @param[in] compliance String describing compliance statuses of reports + * to include (for example, "yniu" for yes (compliant), + * no (not compliant), i (incomplete) and u (undefined)) + * All compliance statuses if NULL. + * + * @return WHERE clause for compliance if one is required, else NULL. + */ + +static gchar* +where_compliance_status (const char *compliance) +{ + int count; + GString *compliance_sql; + + /* Generate SQL for constraints on compliance status, according to compliance. */ + + compliance_sql = g_string_new (""); + count = 0; + + g_string_append_printf (compliance_sql, " AND compliance_status(reports.id) IN ("); + + if (strchr (compliance, 'y')) + { + g_string_append (compliance_sql, "'yes'"); + count++; + } + if (strchr (compliance, 'n')) + { + g_string_append (compliance_sql, count ? ", 'no'" : "'no'"); + count++; + } + if (strchr (compliance, 'i')) + { + g_string_append (compliance_sql, count ? ", 'incomplete'" : "'incomplete'"); + count++; + } + if (strchr (compliance, 'u')) + { + g_string_append (compliance_sql, count ? ", 'undefined'" : "'undefined'"); + count++; + } + + g_string_append (compliance_sql, ")"); + + if (count == 4) + { + /* All compliance levels selected. */ + g_string_free (compliance_sql, TRUE); + return NULL; + } + + return g_string_free (compliance_sql, FALSE);; +} + + +/** + * @brief Generate an extra WHERE clause for selecting reports + * + * @param[in] trash Whether to get results from trashcan. + * @param[in] filter Filter string. + * @param[in] usage_type The usage type to limit the selection to. + * + * @return Newly allocated where clause string. + */ +static gchar * +reports_extra_where (int trash, const gchar *filter, const char *usage_type) +{ + gchar *extra_where = NULL; + gchar *usage_type_clause, *trash_clause, *compliance_clause = NULL; + gchar *compliance_filter = NULL; + + if (trash) + { + trash_clause = g_strdup_printf (" AND (SELECT hidden FROM tasks" + " WHERE tasks.id = task)" + " = 2"); + } + else + { + trash_clause = g_strdup_printf (" AND (SELECT hidden FROM tasks" + " WHERE tasks.id = task)" + " = 0"); + } + + + if (usage_type && strcmp (usage_type, "")) + { + gchar *quoted_usage_type; + quoted_usage_type = sql_quote (usage_type); + usage_type_clause = g_strdup_printf (" AND task in (SELECT id from tasks" + " WHERE usage_type='%s')", + quoted_usage_type); + + g_free (quoted_usage_type); + } + else + usage_type_clause = NULL; + + if (filter) + compliance_filter = filter_term_value(filter, "compliant"); + + compliance_clause = where_compliance_status (compliance_filter ?: "yniu"); + + + extra_where = g_strdup_printf("%s%s%s", + trash_clause, + usage_type_clause ?: "", + compliance_clause ?: ""); + + g_free (compliance_filter); + g_free (trash_clause); + g_free (compliance_clause); + g_free (usage_type_clause); + + return extra_where; +} + /** * @brief Count number of reports. * @@ -21923,21 +22112,18 @@ report_count (const get_data_t *get) static const char *filter_columns[] = REPORT_ITERATOR_FILTER_COLUMNS; static column_t columns[] = REPORT_ITERATOR_COLUMNS; static column_t where_columns[] = REPORT_ITERATOR_WHERE_COLUMNS; - gchar *extra_tables; + gchar *extra_tables, *extra_where; int ret; extra_tables = report_iterator_opts_table (0, MIN_QOD_DEFAULT); + + const gchar *usage_type = get_data_get_extra (get, "usage_type"); + extra_where = reports_extra_where(get->trash, get->filter, usage_type); ret = count2 ("report", get, columns, NULL, where_columns, NULL, filter_columns, 0, extra_tables, - get->trash - ? " AND (SELECT hidden FROM tasks" - " WHERE tasks.id = task)" - " = 2" - : " AND (SELECT hidden FROM tasks" - " WHERE tasks.id = task)" - " = 0", + extra_where, NULL, TRUE); @@ -21962,7 +22148,8 @@ init_report_iterator (iterator_t* iterator, const get_data_t *get) static column_t where_columns[] = REPORT_ITERATOR_WHERE_COLUMNS; char *filter; int overrides, min_qod; - gchar *extra_tables; + const char *usage_type; + gchar *extra_tables, *extra_where; int ret; if (get->filt_id && strcmp (get->filt_id, FILT_ID_NONE)) @@ -21980,6 +22167,8 @@ init_report_iterator (iterator_t* iterator, const get_data_t *get) free (filter); extra_tables = report_iterator_opts_table (overrides, min_qod); + usage_type = get_data_get_extra (get, "usage_type"); + extra_where = reports_extra_where (get->trash, get->filter, usage_type); ret = init_get_iterator2 (iterator, "report", @@ -21993,13 +22182,7 @@ init_report_iterator (iterator_t* iterator, const get_data_t *get) filter_columns, 0, extra_tables, - get->trash - ? " AND (SELECT hidden FROM tasks" - " WHERE tasks.id = task)" - " = 2" - : " AND (SELECT hidden FROM tasks" - " WHERE tasks.id = task)" - " = 0", + extra_where, NULL, TRUE, FALSE, @@ -23819,6 +24002,20 @@ DEF_ACCESS (result_iterator_nvt_family, GET_ITERATOR_COLUMN_COUNT + 33); */ DEF_ACCESS (result_iterator_nvt_tag, GET_ITERATOR_COLUMN_COUNT + 34); +/** + * @brief Get compliance status from a result iterator. + * + * @param[in] iterator Iterator. + * + * @return The compliance status (yes, no, incomplete or undefined). + */ +const char * +result_iterator_compliance (iterator_t* iterator) +{ + if (iterator->done) return 0; + return iterator_string (iterator, GET_ITERATOR_COLUMN_COUNT + 35); +} + /** * @brief Get EPSS score of highest severity CVE from a result iterator. * @@ -25693,6 +25890,158 @@ report_counts_id_full (report_t report, int* holes, int* infos, return 0; } + +/** + * @brief Get the compliance filtered counts for a report. + * + * @param[in] report Report. + * @param[in] get Get data. + * @param[out] f_compliance_yes Compliant results count after filtering. + * @param[out] f_compliance_no Incompliant results count after filtering. + * @param[out] f_compliance_incomplete Incomplete results count + * after filtering. + * @param[out] f_compliance_undefined Undefined results count + * after filtering. + * @param[out] f_compliance Compliance state after filtering + * + * @return 0 on success, -1 on error. + */ +static int +report_compliance_f_counts (report_t report, + const get_data_t* get, + int* f_compliance_yes, + int* f_compliance_no, + int* f_compliance_incomplete, + int* f_compliance_undefined, + char** f_compliance_status) +{ + if (report == 0) + return -1; + + get_data_t get_filtered; + iterator_t results; + int yes_count, no_count, incomplete_count, undefined_count; + + yes_count = no_count = incomplete_count = undefined_count = 0; + + memset (&get_filtered, 0, sizeof (get_data_t)); + get_filtered.filt_id = get->filt_id; + get_filtered.filter = get->filter; + get_filtered.type = get->type; + get_filtered.ignore_pagination = 1; + + ignore_max_rows_per_page = 1; + init_result_get_iterator (&results, &get_filtered, report, NULL, + NULL); + ignore_max_rows_per_page = 0; + while (next (&results)) + { + const char* compliance; + + compliance = result_iterator_compliance (&results); + + if (strcasecmp (compliance, "yes") == 0) + { + yes_count++; + } + else if (strcasecmp (compliance, "no") == 0) + { + no_count++; + } + else if (strcasecmp (compliance, "incomplete") == 0) + { + incomplete_count++; + } + else if (strcasecmp (compliance, "undefined") == 0) + { + undefined_count++; + } + + } + + if (f_compliance_yes) + *f_compliance_yes = yes_count; + if (f_compliance_no) + *f_compliance_no = no_count; + if (f_compliance_incomplete) + *f_compliance_incomplete = incomplete_count; + if (f_compliance_undefined) + *f_compliance_undefined = undefined_count; + + cleanup_iterator (&results); + + if (f_compliance_status) + { + if (no_count > 0) + { + *f_compliance_status = "not compliant"; + } + else if (incomplete_count > 0) + { + *f_compliance_status = "incomplete"; + } + else if (yes_count > 0) + { + *f_compliance_status = "compliant"; + } + else + { + *f_compliance_status = "undefined"; + } + } + + return 0; +} + +/** + * @brief Get the compliance counts for a report. + * + * @param[in] report Report. + * @param[in] get Get data. + * @param[out] compliance_yes Compliant results count. + * @param[out] compliance_no Incompliant results count. + * @param[out] compliance_incomplete Incomplete results count. + * @param[out] compliance_undefined Undefined results count. + * @param[out] f_compliance Compliance state. + * + * @return 0 on success, -1 on error. + */ +static int +report_compliance_counts (report_t report, + const get_data_t* get, + int* compliance_yes, + int* compliance_no, + int* compliance_incomplete, + int* compliance_undefined, + char** compliance_status) +{ + if (report == 0) + return -1; + + report_compliance_by_uuid (report_uuid(report), + compliance_yes, + compliance_no, + compliance_incomplete, + compliance_undefined); + + if (compliance_status) + { + if (compliance_no && *compliance_no > 0) { + *compliance_status = "not compliant"; + } else if (compliance_incomplete && *compliance_incomplete > 0) { + *compliance_status = "incomplete"; + } else if (compliance_yes && *compliance_yes > 0) { + *compliance_status = "compliant"; + } else { + *compliance_status = "undefined"; + } + } + + return 0; +} + + + /** * @brief Get only the filtered message counts for a report. * @@ -29010,6 +29359,11 @@ print_report_delta_xml (FILE *out, iterator_t *results, * @param[in] f_warnings Result count. * @param[in] orig_f_false_positives Result count. * @param[in] f_false_positives Result count. + * @param[in] f_compliance_yes filtered compliant count. + * @param[in] f_compliance_no filtered incompliant count. + * @param[in] f_compliance_incomplete filtered incomplete count. + * @param[in] f_compliance_undefined filtered undefined count. + * @param[in] f_compliance_count total filtered compliance count. * @param[in] result_hosts Result hosts. * * @return 0 on success, -1 error. @@ -29028,6 +29382,9 @@ print_v2_report_delta_xml (FILE *out, iterator_t *results, int *orig_f_logs, int *f_logs, int *orig_f_warnings, int *f_warnings, int *orig_f_false_positives, int *f_false_positives, + int *f_compliance_yes, int *f_compliance_no, + int *f_compliance_incomplete, + int *f_compliance_undefined, int *f_compliance_count, array_t *result_hosts) { GString *buffer = g_string_new (""); @@ -29039,6 +29396,9 @@ print_v2_report_delta_xml (FILE *out, iterator_t *results, *orig_f_warnings = *f_warnings; *orig_f_false_positives = *f_false_positives; *orig_filtered_result_count = *filtered_result_count; + gchar *usage_type = NULL; + + if (task && task_usage_type(task, &usage_type)) return -1; ports = g_tree_new_full ((GCompareDataFunc) strcmp, NULL, g_free, (GDestroyNotify) free_host_ports); @@ -29049,38 +29409,62 @@ print_v2_report_delta_xml (FILE *out, iterator_t *results, if (strchr (delta_states, state[0]) == NULL) continue; - const char *level; - /* Increase the result count. */ - level = result_iterator_level (results); - (*orig_filtered_result_count)++; - (*filtered_result_count)++; - if (strcmp (level, "High") == 0) - { - (*orig_f_holes)++; - (*f_holes)++; - } - else if (strcmp (level, "Medium") == 0) - { - (*orig_f_warnings)++; - (*f_warnings)++; - } - else if (strcmp (level, "Low") == 0) + if (strcmp (usage_type, "audit")) { - (*orig_f_infos)++; - (*f_infos)++; - } - else if (strcmp (level, "Log") == 0) - { - (*orig_f_logs)++; - (*f_logs)++; + const char *level; + /* Increase the result count. */ + level = result_iterator_level (results); + (*orig_filtered_result_count)++; + (*filtered_result_count)++; + if (strcmp (level, "High") == 0) + { + (*orig_f_holes)++; + (*f_holes)++; + } + else if (strcmp (level, "Medium") == 0) + { + (*orig_f_warnings)++; + (*f_warnings)++; + } + else if (strcmp (level, "Low") == 0) + { + (*orig_f_infos)++; + (*f_infos)++; + } + else if (strcmp (level, "Log") == 0) + { + (*orig_f_logs)++; + (*f_logs)++; + } + else if (strcmp (level, "False Positive") == 0) + { + (*orig_f_false_positives)++; + (*f_false_positives)++; + } } - else if (strcmp (level, "False Positive") == 0) + else { - (*orig_f_false_positives)++; - (*f_false_positives)++; + const char* compliance; + compliance = result_iterator_compliance (results); + (*f_compliance_count)++; + if (strcasecmp (compliance, "yes") == 0) + { + (*f_compliance_yes)++; + } + else if (strcasecmp (compliance, "no") == 0) + { + (*f_compliance_no)++; + } + else if (strcasecmp (compliance, "incomplete") == 0) + { + (*f_compliance_incomplete)++; + } + else if (strcasecmp (compliance, "undefined") == 0) + { + (*f_compliance_undefined)++; + } } - buffer_results_xml (buffer, results, task, @@ -29111,6 +29495,8 @@ print_v2_report_delta_xml (FILE *out, iterator_t *results, g_string_truncate (buffer, 0); } g_string_free (buffer, TRUE); + g_free (usage_type); + if (fprintf (out, "") < 0) { g_tree_destroy (ports); @@ -29185,7 +29571,7 @@ print_report_xml_start (report_t report, report_t delta, task_t task, FILE *out; gchar *clean, *term, *sort_field, *levels, *search_phrase; - gchar *min_qod; + gchar *min_qod, *compliance_levels; gchar *delta_states, *timestamp; int min_qod_int; char *uuid, *tsk_uuid = NULL, *start_time, *end_time; @@ -29206,18 +29592,29 @@ print_report_xml_start (report_t report, report_t delta, task_t task, GHashTable *f_host_ports; GHashTable *f_host_holes, *f_host_warnings, *f_host_infos; GHashTable *f_host_logs, *f_host_false_positives; + GHashTable *f_host_compliant, *f_host_notcompliant; + GHashTable *f_host_incomplete, *f_host_undefined; task_status_t run_status; + gchar *tsk_usage_type = NULL; + int compliance_yes, compliance_no; + int compliance_incomplete, compliance_undefined; + int f_compliance_yes, f_compliance_no; + int f_compliance_incomplete, f_compliance_undefined; + char *compliance_status, *f_compliance_status; + int total_compliance_count, f_compliance_count; int delta_reports_version = 0; /* Init some vars to prevent warnings from older compilers. */ max_results = -1; levels = NULL; + compliance_levels = NULL; zone = NULL; delta_states = NULL; min_qod = NULL; search_phrase = NULL; total_result_count = filtered_result_count = 0; + total_compliance_count = f_compliance_count = 0; orig_filtered_result_count = 0; orig_f_false_positives = orig_f_warnings = orig_f_logs = orig_f_infos = 0; orig_f_holes = 0; @@ -29227,6 +29624,10 @@ print_report_xml_start (report_t report, report_t delta, task_t task, f_host_infos = NULL; f_host_logs = NULL; f_host_false_positives = NULL; + f_host_compliant = NULL; + f_host_notcompliant = NULL; + f_host_incomplete = NULL; + f_host_undefined = NULL; /** @todo Leaks on error in PRINT and PRINT_XML. The process normally exits * then anyway. */ @@ -29277,10 +29678,10 @@ print_report_xml_start (report_t report, report_t delta, task_t task, manage_report_filter_controls (term ? term : get->filter, &first_result, &max_results, &sort_field, &sort_order, &result_hosts_only, - &min_qod, &levels, &delta_states, - &search_phrase, &search_phrase_exact, - ¬es, &overrides, - &apply_overrides, &zone); + &min_qod, &levels, &compliance_levels, + &delta_states, &search_phrase, + &search_phrase_exact, ¬es, + &overrides, &apply_overrides, &zone); } else { @@ -29289,9 +29690,9 @@ print_report_xml_start (report_t report, report_t delta, task_t task, manage_report_filter_controls (term, &first_result, &max_results, &sort_field, &sort_order, &result_hosts_only, - &min_qod, &levels, &delta_states, - &search_phrase, &search_phrase_exact, - ¬es, &overrides, + &min_qod, &levels, &compliance_levels, + &delta_states, &search_phrase, + &search_phrase_exact, ¬es, &overrides, &apply_overrides, &zone); } @@ -29304,11 +29705,14 @@ print_report_xml_start (report_t report, report_t delta, task_t task, levels = levels ? levels : g_strdup ("hmlgdf"); - if (task && task_uuid (task, &tsk_uuid)) + compliance_levels = compliance_levels ? compliance_levels : g_strdup ("yniu"); + + if (task && (task_uuid (task, &tsk_uuid) || task_usage_type(task, &tsk_usage_type))) { fclose (out); g_free (term); g_free (levels); + g_free (compliance_levels); g_free (search_phrase); g_free (min_qod); g_free (delta_states); @@ -29381,6 +29785,7 @@ print_report_xml_start (report_t report, report_t delta, task_t task, { free (uuid); g_free (levels); + g_free (compliance_levels); g_free (search_phrase); g_free (min_qod); g_free (delta_states); @@ -29415,45 +29820,47 @@ print_report_xml_start (report_t report, report_t delta, task_t task, if (report) { /* Get total counts of full results. */ + if (strcmp (tsk_usage_type, "audit")) + { + if (delta == 0) + { + int total_holes, total_infos, total_logs; + int total_warnings, total_false_positives; + get_data_t *all_results_get; + + all_results_get = report_results_get_data (1, -1, 0, 0); + report_counts_id (report, &total_holes, &total_infos, + &total_logs, &total_warnings, + &total_false_positives, NULL, all_results_get, + NULL); + total_result_count = total_holes + total_infos + + total_logs + total_warnings + + total_false_positives; + get_data_reset (all_results_get); + free (all_results_get); + } - if (delta == 0) - { - int total_holes, total_infos, total_logs; - int total_warnings, total_false_positives; - get_data_t *all_results_get; - - all_results_get = report_results_get_data (1, -1, 0, 0); - report_counts_id (report, &total_holes, &total_infos, - &total_logs, &total_warnings, - &total_false_positives, NULL, all_results_get, - NULL); - total_result_count = total_holes + total_infos - + total_logs + total_warnings - + total_false_positives; - get_data_reset (all_results_get); - free (all_results_get); - } + /* Get total counts of filtered results. */ - /* Get total counts of filtered results. */ + if (count_filtered) + { + /* We're getting all the filtered results, so we can count them as we + * print them, to save time. */ - if (count_filtered) - { - /* We're getting all the filtered results, so we can count them as we - * print them, to save time. */ + filtered_result_count = 0; + } + else + { + /* Beware, we're using the full variables temporarily here, but + * report_counts_id counts the filtered results. */ + report_counts_id (report, &holes, &infos, &logs, &warnings, + &false_positives, NULL, get, NULL); - filtered_result_count = 0; - } - else - { - /* Beware, we're using the full variables temporarily here, but - * report_counts_id counts the filtered results. */ - report_counts_id (report, &holes, &infos, &logs, &warnings, - &false_positives, NULL, get, NULL); + filtered_result_count = holes + infos + logs + warnings + + false_positives; - filtered_result_count = holes + infos + logs + warnings - + false_positives; + } } - /* Get report run status. */ report_scan_run_status (report, &run_status); @@ -29551,16 +29958,30 @@ print_report_xml_start (report_t report, report_t delta, task_t task, filters_extra_buffer = g_string_new (""); - if (strchr (levels, 'h')) - g_string_append (filters_extra_buffer, "High"); - if (strchr (levels, 'm')) - g_string_append (filters_extra_buffer, "Medium"); - if (strchr (levels, 'l')) - g_string_append (filters_extra_buffer, "Low"); - if (strchr (levels, 'g')) - g_string_append (filters_extra_buffer, "Log"); - if (strchr (levels, 'f')) - g_string_append (filters_extra_buffer, "False Positive"); + if (strcmp (tsk_usage_type, "audit")) + { + if (strchr (levels, 'h')) + g_string_append (filters_extra_buffer, "High"); + if (strchr (levels, 'm')) + g_string_append (filters_extra_buffer, "Medium"); + if (strchr (levels, 'l')) + g_string_append (filters_extra_buffer, "Low"); + if (strchr (levels, 'g')) + g_string_append (filters_extra_buffer, "Log"); + if (strchr (levels, 'f')) + g_string_append (filters_extra_buffer, "False Positive"); + } + else + { + if (strchr (compliance_levels, 'y')) + g_string_append (filters_extra_buffer, "Yes"); + if (strchr (compliance_levels, 'n')) + g_string_append (filters_extra_buffer, "No"); + if (strchr (compliance_levels, 'i')) + g_string_append (filters_extra_buffer, "Incomplete"); + if (strchr (compliance_levels, 'u')) + g_string_append (filters_extra_buffer, "Undefined"); + } if (delta) { @@ -29826,24 +30247,57 @@ print_report_xml_start (report_t report, report_t delta, task_t task, /* Prepare result counts. */ - if (count_filtered) + if (strcmp (tsk_usage_type, "audit") == 0) { - /* We're getting all the filtered results, so we can count them as we - * print them, to save time. */ + report_compliance_counts (report, get, &compliance_yes, &compliance_no, + &compliance_incomplete, &compliance_undefined, + &compliance_status); - report_counts_id_full (report, &holes, &infos, &logs, - &warnings, &false_positives, &severity, - get, NULL, NULL, NULL, NULL, NULL, NULL, NULL); + total_compliance_count = compliance_yes + + compliance_no + + compliance_incomplete + + compliance_undefined; - f_holes = f_infos = f_logs = f_warnings = 0; - f_false_positives = f_severity = 0; + f_compliance_yes = f_compliance_no = 0; + f_compliance_incomplete = f_compliance_undefined = 0; + + if (count_filtered == 0) + { + report_compliance_f_counts (report, + get, + &f_compliance_yes, + &f_compliance_no, + &f_compliance_incomplete, + &f_compliance_undefined, + &f_compliance_status); + + f_compliance_count = f_compliance_yes + + f_compliance_no + + f_compliance_incomplete + + f_compliance_undefined; + } } else - report_counts_id_full (report, &holes, &infos, &logs, - &warnings, &false_positives, &severity, - get, NULL, - &f_holes, &f_infos, &f_logs, &f_warnings, - &f_false_positives, &f_severity); + { + if (count_filtered) + { + /* We're getting all the filtered results, so we can count them as we + * print them, to save time. */ + + report_counts_id_full (report, &holes, &infos, &logs, + &warnings, &false_positives, &severity, + get, NULL, NULL, NULL, NULL, NULL, NULL, NULL); + + f_holes = f_infos = f_logs = f_warnings = 0; + f_false_positives = f_severity = 0; + } + else + report_counts_id_full (report, &holes, &infos, &logs, + &warnings, &false_positives, &severity, + get, NULL, + &f_holes, &f_infos, &f_logs, &f_warnings, + &f_false_positives, &f_severity); + } /* Results. */ @@ -29908,16 +30362,31 @@ print_report_xml_start (report_t report, report_t delta, task_t task, /* Quiet erroneous compiler warning. */ result_hosts = NULL; - f_host_holes = g_hash_table_new_full (g_str_hash, g_str_equal, - g_free, NULL); - f_host_warnings = g_hash_table_new_full (g_str_hash, g_str_equal, - g_free, NULL); - f_host_infos = g_hash_table_new_full (g_str_hash, g_str_equal, - g_free, NULL); - f_host_logs = g_hash_table_new_full (g_str_hash, g_str_equal, - g_free, NULL); - f_host_false_positives = g_hash_table_new_full (g_str_hash, g_str_equal, - g_free, NULL); + if (strcmp (tsk_usage_type, "audit")) + { + f_host_holes = g_hash_table_new_full (g_str_hash, g_str_equal, + g_free, NULL); + f_host_warnings = g_hash_table_new_full (g_str_hash, g_str_equal, + g_free, NULL); + f_host_infos = g_hash_table_new_full (g_str_hash, g_str_equal, + g_free, NULL); + f_host_logs = g_hash_table_new_full (g_str_hash, g_str_equal, + g_free, NULL); + f_host_false_positives = g_hash_table_new_full (g_str_hash, g_str_equal, + g_free, NULL); + } + else + { + f_host_compliant = g_hash_table_new_full (g_str_hash, g_str_equal, + g_free, NULL); + f_host_notcompliant = g_hash_table_new_full (g_str_hash, g_str_equal, + g_free, NULL); + f_host_incomplete = g_hash_table_new_full (g_str_hash, g_str_equal, + g_free, NULL); + f_host_undefined = g_hash_table_new_full (g_str_hash, g_str_equal, + g_free, NULL); + } + if (delta && get->details) { @@ -29944,6 +30413,7 @@ print_report_xml_start (report_t report, report_t delta, task_t task, fclose (out); g_free (sort_field); g_free (levels); + g_free (compliance_levels); g_free (search_phrase); g_free (min_qod); g_free (delta_states); @@ -29951,11 +30421,22 @@ print_report_xml_start (report_t report, report_t delta, task_t task, cleanup_iterator (&delta_results); tz_revert (zone, tz, old_tz_override); g_hash_table_destroy (f_host_ports); - g_hash_table_destroy (f_host_holes); - g_hash_table_destroy (f_host_warnings); - g_hash_table_destroy (f_host_infos); - g_hash_table_destroy (f_host_logs); - g_hash_table_destroy (f_host_false_positives); + if (strcmp (tsk_usage_type, "audit")) + { + g_hash_table_destroy (f_host_holes); + g_hash_table_destroy (f_host_warnings); + g_hash_table_destroy (f_host_infos); + g_hash_table_destroy (f_host_logs); + g_hash_table_destroy (f_host_false_positives); + + } + else + { + g_hash_table_destroy (f_host_compliant); + g_hash_table_destroy (f_host_notcompliant); + g_hash_table_destroy (f_host_incomplete); + g_hash_table_destroy (f_host_undefined); + } return -1; } } @@ -29976,11 +30457,17 @@ print_report_xml_start (report_t report, report_t delta, task_t task, &orig_f_warnings, &f_warnings, &orig_f_false_positives, &f_false_positives, + &f_compliance_yes, + &f_compliance_no, + &f_compliance_incomplete, + &f_compliance_undefined, + &f_compliance_count, result_hosts)) { fclose (out); g_free (sort_field); g_free (levels); + g_free (compliance_levels); g_free (search_phrase); g_free (min_qod); g_free (delta_states); @@ -29988,11 +30475,21 @@ print_report_xml_start (report_t report, report_t delta, task_t task, cleanup_iterator (&delta_results); tz_revert (zone, tz, old_tz_override); g_hash_table_destroy (f_host_ports); - g_hash_table_destroy (f_host_holes); - g_hash_table_destroy (f_host_warnings); - g_hash_table_destroy (f_host_infos); - g_hash_table_destroy (f_host_logs); - g_hash_table_destroy (f_host_false_positives); + if (strcmp (tsk_usage_type, "audit")) + { + g_hash_table_destroy (f_host_holes); + g_hash_table_destroy (f_host_warnings); + g_hash_table_destroy (f_host_infos); + g_hash_table_destroy (f_host_logs); + g_hash_table_destroy (f_host_false_positives); + } + else + { + g_hash_table_destroy (f_host_compliant); + g_hash_table_destroy (f_host_notcompliant); + g_hash_table_destroy (f_host_incomplete); + g_hash_table_destroy (f_host_undefined); + } return -1; } } @@ -30007,7 +30504,6 @@ print_report_xml_start (report_t report, report_t delta, task_t task, const char* level; GHashTable *f_host_result_counts; GString *buffer = g_string_new (""); - double result_severity; buffer_results_xml (buffer, &results, @@ -30031,54 +30527,106 @@ print_report_xml_start (report_t report, report_t delta, task_t task, array_add_new_string (result_hosts, result_iterator_host (&results)); - result_severity = result_iterator_severity_double (&results); - if (result_severity > f_severity) - f_severity = result_severity; - - level = result_iterator_level (&results); - if (strcasecmp (level, "log") == 0) - { - f_host_result_counts = f_host_logs; - if (count_filtered) - f_logs++; - } - else if (strcasecmp (level, "high") == 0) - { - f_host_result_counts = f_host_holes; - if (count_filtered) - f_holes++; - } - else if (strcasecmp (level, "medium") == 0) + if (strcmp (tsk_usage_type, "audit")) { - f_host_result_counts = f_host_warnings; - if (count_filtered) - f_warnings++; - } - else if (strcasecmp (level, "low") == 0) - { - f_host_result_counts = f_host_infos; - if (count_filtered) - f_infos++; - } - else if (strcasecmp (level, "false positive") == 0) - { - f_host_result_counts = f_host_false_positives; - if (count_filtered) - f_false_positives++; + double result_severity; + result_severity = result_iterator_severity_double (&results); + if (result_severity > f_severity) + f_severity = result_severity; + + level = result_iterator_level (&results); + + if (strcasecmp (level, "log") == 0) + { + f_host_result_counts = f_host_logs; + if (count_filtered) + f_logs++; + } + else if (strcasecmp (level, "high") == 0) + { + f_host_result_counts = f_host_holes; + if (count_filtered) + f_holes++; + } + else if (strcasecmp (level, "medium") == 0) + { + f_host_result_counts = f_host_warnings; + if (count_filtered) + f_warnings++; + } + else if (strcasecmp (level, "low") == 0) + { + f_host_result_counts = f_host_infos; + if (count_filtered) + f_infos++; + } + else if (strcasecmp (level, "false positive") == 0) + { + f_host_result_counts = f_host_false_positives; + if (count_filtered) + f_false_positives++; + } + else + f_host_result_counts = NULL; + + if (f_host_result_counts) + { + const char *result_host = result_iterator_host (&results); + int result_count + = GPOINTER_TO_INT + (g_hash_table_lookup (f_host_result_counts, result_host)); + + g_hash_table_replace (f_host_result_counts, + g_strdup (result_host), + GINT_TO_POINTER (result_count + 1)); + } } else - f_host_result_counts = NULL; - - if (f_host_result_counts) { - const char *result_host = result_iterator_host (&results); - int result_count - = GPOINTER_TO_INT - (g_hash_table_lookup (f_host_result_counts, result_host)); + const char* compliance; + compliance = result_iterator_compliance (&results); + + if (strcasecmp (compliance, "yes") == 0) + { + f_host_result_counts = f_host_compliant; + if (count_filtered) + f_compliance_yes++; + } + else if (strcasecmp (compliance, "no") == 0) + { + f_host_result_counts = f_host_notcompliant; + if (count_filtered) + f_compliance_no++; + } + else if (strcasecmp (compliance, "incomplete") == 0) + { + f_host_result_counts = f_host_incomplete; + if (count_filtered) + f_compliance_incomplete++; + } + else if (strcasecmp (compliance, "undefined") == 0) + { + f_host_result_counts = f_host_undefined; + if (count_filtered) + f_compliance_undefined++; + } + else + { + f_host_result_counts = NULL; + } - g_hash_table_replace (f_host_result_counts, - g_strdup (result_host), - GINT_TO_POINTER (result_count + 1)); + if (f_host_result_counts) + { + const char *result_host = result_iterator_host (&results); + int result_count + = GPOINTER_TO_INT + (g_hash_table_lookup (f_host_result_counts, + result_host)); + + g_hash_table_replace (f_host_result_counts, + g_strdup (result_host), + GINT_TO_POINTER (result_count + 1)); + } } } @@ -30091,68 +30639,146 @@ print_report_xml_start (report_t report, report_t delta, task_t task, /* Print result counts and severity. */ - if (delta) - /** @todo The f_holes, etc. vars are setup to give the page count. */ - PRINT (out, - "" - "%i" - "%i" - "%i" - "%i" - "%i" - "" - "%i" - "" - "", - orig_filtered_result_count, - (strchr (levels, 'h') ? orig_f_holes : 0), - (strchr (levels, 'l') ? orig_f_infos : 0), - (strchr (levels, 'g') ? orig_f_logs : 0), - (strchr (levels, 'm') ? orig_f_warnings : 0), - (strchr (levels, 'f') ? orig_f_false_positives : 0)); + if (strcmp (tsk_usage_type, "audit")) + { + if (delta) + /** @todo The f_holes, etc. vars are setup to give the page count. */ + PRINT (out, + "" + "%i" + "%i" + "%i" + "%i" + "%i" + "" + "%i" + "" + "", + orig_filtered_result_count, + (strchr (levels, 'h') ? orig_f_holes : 0), + (strchr (levels, 'l') ? orig_f_infos : 0), + (strchr (levels, 'g') ? orig_f_logs : 0), + (strchr (levels, 'm') ? orig_f_warnings : 0), + (strchr (levels, 'f') ? orig_f_false_positives : 0)); + else + { + if (count_filtered) + filtered_result_count = f_holes + f_infos + f_logs + + f_warnings + false_positives; + + PRINT (out, + "" + "%i" + "%i" + "%i" + "%i%i" + "%i%i" + "%i%i" + "%i%i" + "" + "%i" + "%i" + "" + "", + total_result_count, + total_result_count, + filtered_result_count, + holes, + (strchr (levels, 'h') ? f_holes : 0), + infos, + (strchr (levels, 'l') ? f_infos : 0), + logs, + (strchr (levels, 'g') ? f_logs : 0), + warnings, + (strchr (levels, 'm') ? f_warnings : 0), + false_positives, + (strchr (levels, 'f') ? f_false_positives : 0)); + + PRINT (out, + "" + "%1.1f" + "%1.1f" + "", + severity, + f_severity); + } + } else { - if (count_filtered) - filtered_result_count = f_holes + f_infos + f_logs - + f_warnings + false_positives; + if (delta) + PRINT (out, + "" + "%i" + "%i" + "%i" + "%i" + "%i" + "", + f_compliance_count, + (strchr (compliance_levels, 'y') ? f_compliance_yes : 0), + (strchr (compliance_levels, 'n') ? f_compliance_no : 0), + (strchr (compliance_levels, 'i') ? f_compliance_incomplete : 0), + (strchr (compliance_levels, 'u') ? f_compliance_undefined : 0)); + else + { + if (count_filtered) + { + f_compliance_count = f_compliance_yes + + f_compliance_no + + f_compliance_incomplete + + f_compliance_undefined; + + if (f_compliance_no > 0) + { + f_compliance_status = "not compliant"; + } + else if (f_compliance_incomplete > 0) + { + f_compliance_status = "incomplete"; + } + else if (f_compliance_yes > 0) + { + f_compliance_status = "compliant"; + } + else + { + f_compliance_status = "undefined"; + } + } - PRINT (out, - "" - "%i" - "%i" - "%i" - "%i%i" - "%i%i" - "%i%i" - "%i%i" - "" - "%i" - "%i" - "" - "", - total_result_count, - total_result_count, - filtered_result_count, - holes, - (strchr (levels, 'h') ? f_holes : 0), - infos, - (strchr (levels, 'l') ? f_infos : 0), - logs, - (strchr (levels, 'g') ? f_logs : 0), - warnings, - (strchr (levels, 'm') ? f_warnings : 0), - false_positives, - (strchr (levels, 'f') ? f_false_positives : 0)); + PRINT (out, + "" + "%i" + "%i" + "%i" + "%i%i" + "%i%i" + "%i%i" + "%i%i" + "", + total_compliance_count, + total_compliance_count, + f_compliance_count, + compliance_yes, + (strchr (compliance_levels, 'y') ? f_compliance_yes : 0), + compliance_no, + (strchr (compliance_levels, 'n') ? f_compliance_no : 0), + compliance_incomplete, + (strchr (compliance_levels, 'i') ? f_compliance_incomplete : 0), + compliance_undefined, + (strchr (compliance_levels, 'i') ? f_compliance_undefined : 0)); - PRINT (out, - "" - "%1.1f" - "%1.1f" - "", - severity, - f_severity); + PRINT (out, + "" + "%s" + "%s" + "", + compliance_status, + f_compliance_status); + } } + if (host_summary) { host_summary_buffer = g_string_new (""); @@ -30184,29 +30810,13 @@ print_report_xml_start (report_t report, report_t delta, task_t task, { const char *current_host; int ports_count; - int holes_count, warnings_count, infos_count; - int logs_count, false_positives_count; - + current_host = host_iterator_host (&hosts); ports_count = GPOINTER_TO_INT (g_hash_table_lookup (f_host_ports, current_host)); - holes_count - = GPOINTER_TO_INT - (g_hash_table_lookup ( f_host_holes, current_host)); - warnings_count - = GPOINTER_TO_INT - (g_hash_table_lookup ( f_host_warnings, current_host)); - infos_count - = GPOINTER_TO_INT - (g_hash_table_lookup ( f_host_infos, current_host)); - logs_count - = GPOINTER_TO_INT - (g_hash_table_lookup ( f_host_logs, current_host)); - false_positives_count - = GPOINTER_TO_INT - (g_hash_table_lookup ( f_host_false_positives, current_host)); + host_summary_append (host_summary_buffer, result_host, @@ -30226,30 +30836,97 @@ print_report_xml_start (report_t report, report_t delta, task_t task, PRINT (out, ""); - PRINT (out, - "%s" - "%s" - "%d" - "" - "%d" - "%d" - "%d" - "%d" - "%d" - "%d" - "", - host_iterator_start_time (&hosts), - host_iterator_end_time (&hosts) - ? host_iterator_end_time (&hosts) - : "", - ports_count, - (holes_count + warnings_count + infos_count - + logs_count + false_positives_count), - holes_count, - warnings_count, - infos_count, - logs_count, - false_positives_count); + if (strcmp (tsk_usage_type, "audit")) + { + int holes_count, warnings_count, infos_count; + int logs_count, false_positives_count; + + holes_count + = GPOINTER_TO_INT + (g_hash_table_lookup ( f_host_holes, current_host)); + warnings_count + = GPOINTER_TO_INT + (g_hash_table_lookup ( f_host_warnings, current_host)); + infos_count + = GPOINTER_TO_INT + (g_hash_table_lookup ( f_host_infos, current_host)); + logs_count + = GPOINTER_TO_INT + (g_hash_table_lookup ( f_host_logs, current_host)); + false_positives_count + = GPOINTER_TO_INT + (g_hash_table_lookup ( f_host_false_positives, + current_host)); + + PRINT (out, + "%s" + "%s" + "%d" + "" + "%d" + "%d" + "%d" + "%d" + "%d" + "%d" + "", + host_iterator_start_time (&hosts), + host_iterator_end_time (&hosts) + ? host_iterator_end_time (&hosts) + : "", + ports_count, + (holes_count + warnings_count + infos_count + + logs_count + false_positives_count), + holes_count, + warnings_count, + infos_count, + logs_count, + false_positives_count); + } + else + { + int yes_count, no_count, incomplete_count, undefined_count; + + yes_count + = GPOINTER_TO_INT + (g_hash_table_lookup ( f_host_compliant, + current_host)); + no_count + = GPOINTER_TO_INT + (g_hash_table_lookup ( f_host_notcompliant, + current_host)); + incomplete_count + = GPOINTER_TO_INT + (g_hash_table_lookup ( f_host_incomplete, + current_host)); + undefined_count + = GPOINTER_TO_INT + (g_hash_table_lookup ( f_host_undefined, + current_host)); + + PRINT (out, + "%s" + "%s" + "%d" + "" + "%d" + "%d" + "%d" + "%d" + "%d" + "", + host_iterator_start_time (&hosts), + host_iterator_end_time (&hosts) + ? host_iterator_end_time (&hosts) + : "", + ports_count, + (yes_count + no_count + + incomplete_count + undefined_count), + yes_count, + no_count, + incomplete_count, + undefined_count); + } if (print_report_host_details_xml (host_iterator_report_host (&hosts), out, lean)) @@ -30258,11 +30935,22 @@ print_report_xml_start (report_t report, report_t delta, task_t task, if (host_summary_buffer) g_string_free (host_summary_buffer, TRUE); g_hash_table_destroy (f_host_ports); - g_hash_table_destroy (f_host_holes); - g_hash_table_destroy (f_host_warnings); - g_hash_table_destroy (f_host_infos); - g_hash_table_destroy (f_host_logs); - g_hash_table_destroy (f_host_false_positives); + if (strcmp (tsk_usage_type, "audit")) + { + g_hash_table_destroy (f_host_holes); + g_hash_table_destroy (f_host_warnings); + g_hash_table_destroy (f_host_infos); + g_hash_table_destroy (f_host_logs); + g_hash_table_destroy (f_host_false_positives); + + } + else + { + g_hash_table_destroy (f_host_compliant); + g_hash_table_destroy (f_host_notcompliant); + g_hash_table_destroy (f_host_incomplete); + g_hash_table_destroy (f_host_undefined); + } return -1; } @@ -30280,29 +30968,12 @@ print_report_xml_start (report_t report, report_t delta, task_t task, { const char *current_host; int ports_count; - int holes_count, warnings_count, infos_count; - int logs_count, false_positives_count; current_host = host_iterator_host (&hosts); ports_count = GPOINTER_TO_INT (g_hash_table_lookup (f_host_ports, current_host)); - holes_count - = GPOINTER_TO_INT - (g_hash_table_lookup (f_host_holes, current_host)); - warnings_count - = GPOINTER_TO_INT - (g_hash_table_lookup (f_host_warnings, current_host)); - infos_count - = GPOINTER_TO_INT - (g_hash_table_lookup (f_host_infos, current_host)); - logs_count - = GPOINTER_TO_INT - (g_hash_table_lookup (f_host_logs, current_host)); - false_positives_count - = GPOINTER_TO_INT - (g_hash_table_lookup (f_host_false_positives, current_host)); host_summary_append (host_summary_buffer, host_iterator_host (&hosts), @@ -30322,30 +30993,92 @@ print_report_xml_start (report_t report, report_t delta, task_t task, PRINT (out, ""); - PRINT (out, - "%s" - "%s" - "%d" - "" - "%d" - "%d" - "%d" - "%d" - "%d" - "%d" - "", - host_iterator_start_time (&hosts), - host_iterator_end_time (&hosts) - ? host_iterator_end_time (&hosts) - : "", - ports_count, - (holes_count + warnings_count + infos_count - + logs_count + false_positives_count), - holes_count, - warnings_count, - infos_count, - logs_count, - false_positives_count); + if (strcmp (tsk_usage_type, "audit")) + { + int holes_count, warnings_count, infos_count; + int logs_count, false_positives_count; + + holes_count + = GPOINTER_TO_INT + (g_hash_table_lookup (f_host_holes, current_host)); + warnings_count + = GPOINTER_TO_INT + (g_hash_table_lookup (f_host_warnings, current_host)); + infos_count + = GPOINTER_TO_INT + (g_hash_table_lookup (f_host_infos, current_host)); + logs_count + = GPOINTER_TO_INT + (g_hash_table_lookup (f_host_logs, current_host)); + false_positives_count + = GPOINTER_TO_INT + (g_hash_table_lookup (f_host_false_positives, current_host)); + + PRINT (out, + "%s" + "%s" + "%d" + "" + "%d" + "%d" + "%d" + "%d" + "%d" + "%d" + "", + host_iterator_start_time (&hosts), + host_iterator_end_time (&hosts) + ? host_iterator_end_time (&hosts) + : "", + ports_count, + (holes_count + warnings_count + infos_count + + logs_count + false_positives_count), + holes_count, + warnings_count, + infos_count, + logs_count, + false_positives_count); + } + else + { + int yes_count, no_count, incomplete_count, undefined_count; + + yes_count + = GPOINTER_TO_INT + (g_hash_table_lookup (f_host_compliant, current_host)); + no_count + = GPOINTER_TO_INT + (g_hash_table_lookup (f_host_notcompliant, current_host)); + incomplete_count + = GPOINTER_TO_INT + (g_hash_table_lookup (f_host_incomplete, current_host)); + undefined_count + = GPOINTER_TO_INT + (g_hash_table_lookup (f_host_undefined, current_host)); + + PRINT (out, + "%s" + "%s" + "%d" + "" + "%d" + "%d" + "%d" + "%d" + "%d" + "", + host_iterator_start_time (&hosts), + host_iterator_end_time (&hosts) + ? host_iterator_end_time (&hosts) + : "", + ports_count, + (yes_count + no_count + + incomplete_count + undefined_count), + yes_count, + no_count, + incomplete_count, + undefined_count); + } if (print_report_host_details_xml (host_iterator_report_host (&hosts), out, lean)) @@ -30354,11 +31087,22 @@ print_report_xml_start (report_t report, report_t delta, task_t task, if (host_summary_buffer) g_string_free (host_summary_buffer, TRUE); g_hash_table_destroy (f_host_ports); - g_hash_table_destroy (f_host_holes); - g_hash_table_destroy (f_host_warnings); - g_hash_table_destroy (f_host_infos); - g_hash_table_destroy (f_host_logs); - g_hash_table_destroy (f_host_false_positives); + if (strcmp (tsk_usage_type, "audit")) + { + g_hash_table_destroy (f_host_holes); + g_hash_table_destroy (f_host_warnings); + g_hash_table_destroy (f_host_infos); + g_hash_table_destroy (f_host_logs); + g_hash_table_destroy (f_host_false_positives); + + } + else + { + g_hash_table_destroy (f_host_compliant); + g_hash_table_destroy (f_host_notcompliant); + g_hash_table_destroy (f_host_incomplete); + g_hash_table_destroy (f_host_undefined); + } return -1; } @@ -30368,13 +31112,23 @@ print_report_xml_start (report_t report, report_t delta, task_t task, cleanup_iterator (&hosts); } - g_hash_table_destroy (f_host_ports); - g_hash_table_destroy (f_host_holes); - g_hash_table_destroy (f_host_warnings); - g_hash_table_destroy (f_host_infos); - g_hash_table_destroy (f_host_logs); - g_hash_table_destroy (f_host_false_positives); + if (strcmp (tsk_usage_type, "audit")) + { + g_hash_table_destroy (f_host_holes); + g_hash_table_destroy (f_host_warnings); + g_hash_table_destroy (f_host_infos); + g_hash_table_destroy (f_host_logs); + g_hash_table_destroy (f_host_false_positives); + } + else + { + g_hash_table_destroy (f_host_compliant); + g_hash_table_destroy (f_host_notcompliant); + g_hash_table_destroy (f_host_incomplete); + g_hash_table_destroy (f_host_undefined); + } + g_hash_table_destroy (f_host_ports); /* Print TLS certificates */ @@ -30454,6 +31208,8 @@ print_report_xml_start (report_t report, report_t delta, task_t task, g_free (search_phrase); g_free (min_qod); g_free (delta_states); + g_free (compliance_levels); + g_free (tsk_usage_type); if (host_summary && host_summary_buffer) *host_summary = g_string_free (host_summary_buffer, FALSE); @@ -58100,14 +58856,13 @@ type_extra_where (const char *type, int trash, const char *filter, } else if (strcasecmp (type, "REPORT") == 0) { - if (trash) - extra_where = g_strdup (" AND (SELECT hidden FROM tasks" - " WHERE tasks.id = task)" - " = 2"); + gchar *usage_type; + if (extra_params) + usage_type = g_hash_table_lookup (extra_params, "usage_type"); else - extra_where = g_strdup (" AND (SELECT hidden FROM tasks" - " WHERE tasks.id = task)" - " = 0"); + usage_type = NULL; + + extra_where = reports_extra_where (trash, NULL, usage_type); } else if (strcasecmp (type, "RESULT") == 0) { From e2119981498902d7d3babc8bfd59f7f3d5c8da6e Mon Sep 17 00:00:00 2001 From: Ahmed Abdelsalam Date: Tue, 16 Jan 2024 15:16:09 +0100 Subject: [PATCH 02/13] Refactor printing the XML for a report host --- src/manage_sql.c | 440 +++++++++++++++++++++-------------------------- 1 file changed, 198 insertions(+), 242 deletions(-) diff --git a/src/manage_sql.c b/src/manage_sql.c index d498e8fbe..ebd39285f 100644 --- a/src/manage_sql.c +++ b/src/manage_sql.c @@ -28298,6 +28298,172 @@ host_summary_append (GString *host_summary_buffer, const char *host, } } +/** + * @brief Print the XML for a report's host to a file stream. + * @param[in] stream File stream to write to. + * @param[in] hosts Host iterator. + * @param[in] host Single host to iterate over. + * All hosts if NULL. + * @param[in] usage_type Report usage type. + * @param[in] lean Whether to return lean report. + * @param[in] host_summary_buffer Host sumary buffer. + * @param[in] f_host_ports Hashtable for host ports. + * @param[in] f_host_holes Hashtable for host holes. + * @param[in] f_host_warnings Hashtable for host host warnings. + * @param[in] f_host_infos Hashtable for host infos. + * @param[in] f_host_logs Hashtable for host logs. + * @param[in] f_host_false_positives Hashtable for host false positives. + * @param[in] f_host_compliant Hashtable for host compliant results. + * @param[in] f_host_notcompliant Hashtable for host non compliant results. + * @param[in] f_host_incomplete Hashtable for host incomplete resuls. + * @param[in] f_host_undefined Hashtable for host undefined results. + * + * @return 0 on success, -1 error. + */ +static int +print_report_host_xml (FILE *stream, + iterator_t *hosts, + const char *host, + gchar *usage_type, + int lean, + GString *host_summary_buffer, + GHashTable *f_host_ports, + GHashTable *f_host_holes, + GHashTable *f_host_warnings, + GHashTable *f_host_infos, + GHashTable *f_host_logs, + GHashTable *f_host_false_positives, + GHashTable *f_host_compliant, + GHashTable *f_host_notcompliant, + GHashTable *f_host_incomplete, + GHashTable *f_host_undefined) +{ + const char *current_host; + int ports_count; + + current_host = host_iterator_host (hosts); + + ports_count + = GPOINTER_TO_INT + (g_hash_table_lookup (f_host_ports, current_host)); + + host_summary_append (host_summary_buffer, + host ? host : host_iterator_host (hosts), + host_iterator_start_time (hosts), + host_iterator_end_time (hosts)); + PRINT (stream, + "" + "%s", + host ? host : host_iterator_host (hosts)); + + if (host_iterator_asset_uuid (hosts) + && strlen (host_iterator_asset_uuid (hosts))) + PRINT (stream, + "", + host_iterator_asset_uuid (hosts)); + else if (lean == 0) + PRINT (stream, + ""); + + if (strcmp (usage_type, "audit")) + { + int holes_count, warnings_count, infos_count; + int logs_count, false_positives_count; + + holes_count + = GPOINTER_TO_INT + (g_hash_table_lookup ( f_host_holes, current_host)); + warnings_count + = GPOINTER_TO_INT + (g_hash_table_lookup ( f_host_warnings, current_host)); + infos_count + = GPOINTER_TO_INT + (g_hash_table_lookup ( f_host_infos, current_host)); + logs_count + = GPOINTER_TO_INT + (g_hash_table_lookup ( f_host_logs, current_host)); + false_positives_count + = GPOINTER_TO_INT + (g_hash_table_lookup ( f_host_false_positives, + current_host)); + + PRINT (stream, + "%s" + "%s" + "%d" + "" + "%d" + "%d" + "%d" + "%d" + "%d" + "%d" + "", + host_iterator_start_time (hosts), + host_iterator_end_time (hosts) + ? host_iterator_end_time (hosts) + : "", + ports_count, + (holes_count + warnings_count + infos_count + + logs_count + false_positives_count), + holes_count, + warnings_count, + infos_count, + logs_count, + false_positives_count); + } + else + { + int yes_count, no_count, incomplete_count, undefined_count; + + yes_count + = GPOINTER_TO_INT + (g_hash_table_lookup (f_host_compliant, current_host)); + no_count + = GPOINTER_TO_INT + (g_hash_table_lookup (f_host_notcompliant, current_host)); + incomplete_count + = GPOINTER_TO_INT + (g_hash_table_lookup (f_host_incomplete, current_host)); + undefined_count + = GPOINTER_TO_INT + (g_hash_table_lookup (f_host_undefined, current_host)); + + PRINT (stream, + "%s" + "%s" + "%d" + "" + "%d" + "%d" + "%d" + "%d" + "%d" + "", + host_iterator_start_time (hosts), + host_iterator_end_time (hosts) + ? host_iterator_end_time (hosts) + : "", + ports_count, + (yes_count + no_count + incomplete_count + undefined_count), + yes_count, + no_count, + incomplete_count, + undefined_count); + } + + if (print_report_host_details_xml + (host_iterator_report_host (hosts), stream, lean)) + { + return -1; + } + + PRINT (stream, + ""); + + return 0; +} + /** * @brief Init delta iterators for print_report_xml. * @@ -30808,128 +30974,23 @@ print_report_xml_start (report_t report, report_t delta, task_t task, } if (present) { - const char *current_host; - int ports_count; - - current_host = host_iterator_host (&hosts); - - ports_count - = GPOINTER_TO_INT - (g_hash_table_lookup (f_host_ports, current_host)); - - host_summary_append (host_summary_buffer, - result_host, - host_iterator_start_time (&hosts), - host_iterator_end_time (&hosts)); - PRINT (out, - "" - "%s", - result_host); - - if (host_iterator_asset_uuid (&hosts) - && strlen (host_iterator_asset_uuid (&hosts))) - PRINT (out, - "", - host_iterator_asset_uuid (&hosts)); - else if (lean == 0) - PRINT (out, - ""); - - if (strcmp (tsk_usage_type, "audit")) - { - int holes_count, warnings_count, infos_count; - int logs_count, false_positives_count; - - holes_count - = GPOINTER_TO_INT - (g_hash_table_lookup ( f_host_holes, current_host)); - warnings_count - = GPOINTER_TO_INT - (g_hash_table_lookup ( f_host_warnings, current_host)); - infos_count - = GPOINTER_TO_INT - (g_hash_table_lookup ( f_host_infos, current_host)); - logs_count - = GPOINTER_TO_INT - (g_hash_table_lookup ( f_host_logs, current_host)); - false_positives_count - = GPOINTER_TO_INT - (g_hash_table_lookup ( f_host_false_positives, - current_host)); - - PRINT (out, - "%s" - "%s" - "%d" - "" - "%d" - "%d" - "%d" - "%d" - "%d" - "%d" - "", - host_iterator_start_time (&hosts), - host_iterator_end_time (&hosts) - ? host_iterator_end_time (&hosts) - : "", - ports_count, - (holes_count + warnings_count + infos_count - + logs_count + false_positives_count), - holes_count, - warnings_count, - infos_count, - logs_count, - false_positives_count); - } - else - { - int yes_count, no_count, incomplete_count, undefined_count; - - yes_count - = GPOINTER_TO_INT - (g_hash_table_lookup ( f_host_compliant, - current_host)); - no_count - = GPOINTER_TO_INT - (g_hash_table_lookup ( f_host_notcompliant, - current_host)); - incomplete_count - = GPOINTER_TO_INT - (g_hash_table_lookup ( f_host_incomplete, - current_host)); - undefined_count - = GPOINTER_TO_INT - (g_hash_table_lookup ( f_host_undefined, - current_host)); - - PRINT (out, - "%s" - "%s" - "%d" - "" - "%d" - "%d" - "%d" - "%d" - "%d" - "", - host_iterator_start_time (&hosts), - host_iterator_end_time (&hosts) - ? host_iterator_end_time (&hosts) - : "", - ports_count, - (yes_count + no_count - + incomplete_count + undefined_count), - yes_count, - no_count, - incomplete_count, - undefined_count); - } - - if (print_report_host_details_xml - (host_iterator_report_host (&hosts), out, lean)) + if (print_report_host_xml (out, + &hosts, + result_host, + tsk_usage_type, + lean, + host_summary_buffer, + f_host_ports, + f_host_holes, + f_host_warnings, + f_host_infos, + f_host_logs, + f_host_false_positives, + f_host_compliant, + f_host_notcompliant, + f_host_incomplete, + f_host_undefined)) { tz_revert (zone, tz, old_tz_override); if (host_summary_buffer) @@ -30953,9 +31014,6 @@ print_report_xml_start (report_t report, report_t delta, task_t task, } return -1; } - - PRINT (out, - ""); } cleanup_iterator (&hosts); } @@ -30966,122 +31024,23 @@ print_report_xml_start (report_t report, report_t delta, task_t task, init_report_host_iterator (&hosts, report, NULL, 0); while (next (&hosts)) { - const char *current_host; - int ports_count; - - current_host = host_iterator_host (&hosts); - - ports_count - = GPOINTER_TO_INT - (g_hash_table_lookup (f_host_ports, current_host)); - - host_summary_append (host_summary_buffer, - host_iterator_host (&hosts), - host_iterator_start_time (&hosts), - host_iterator_end_time (&hosts)); - PRINT (out, - "" - "%s", - host_iterator_host (&hosts)); - - if (host_iterator_asset_uuid (&hosts) - && strlen (host_iterator_asset_uuid (&hosts))) - PRINT (out, - "", - host_iterator_asset_uuid (&hosts)); - else if (lean == 0) - PRINT (out, - ""); - - if (strcmp (tsk_usage_type, "audit")) - { - int holes_count, warnings_count, infos_count; - int logs_count, false_positives_count; - - holes_count - = GPOINTER_TO_INT - (g_hash_table_lookup (f_host_holes, current_host)); - warnings_count - = GPOINTER_TO_INT - (g_hash_table_lookup (f_host_warnings, current_host)); - infos_count - = GPOINTER_TO_INT - (g_hash_table_lookup (f_host_infos, current_host)); - logs_count - = GPOINTER_TO_INT - (g_hash_table_lookup (f_host_logs, current_host)); - false_positives_count - = GPOINTER_TO_INT - (g_hash_table_lookup (f_host_false_positives, current_host)); - - PRINT (out, - "%s" - "%s" - "%d" - "" - "%d" - "%d" - "%d" - "%d" - "%d" - "%d" - "", - host_iterator_start_time (&hosts), - host_iterator_end_time (&hosts) - ? host_iterator_end_time (&hosts) - : "", - ports_count, - (holes_count + warnings_count + infos_count - + logs_count + false_positives_count), - holes_count, - warnings_count, - infos_count, - logs_count, - false_positives_count); - } - else - { - int yes_count, no_count, incomplete_count, undefined_count; - - yes_count - = GPOINTER_TO_INT - (g_hash_table_lookup (f_host_compliant, current_host)); - no_count - = GPOINTER_TO_INT - (g_hash_table_lookup (f_host_notcompliant, current_host)); - incomplete_count - = GPOINTER_TO_INT - (g_hash_table_lookup (f_host_incomplete, current_host)); - undefined_count - = GPOINTER_TO_INT - (g_hash_table_lookup (f_host_undefined, current_host)); - PRINT (out, - "%s" - "%s" - "%d" - "" - "%d" - "%d" - "%d" - "%d" - "%d" - "", - host_iterator_start_time (&hosts), - host_iterator_end_time (&hosts) - ? host_iterator_end_time (&hosts) - : "", - ports_count, - (yes_count + no_count - + incomplete_count + undefined_count), - yes_count, - no_count, - incomplete_count, - undefined_count); - } - - if (print_report_host_details_xml - (host_iterator_report_host (&hosts), out, lean)) + if (print_report_host_xml (out, + &hosts, + NULL, + tsk_usage_type, + lean, + host_summary_buffer, + f_host_ports, + f_host_holes, + f_host_warnings, + f_host_infos, + f_host_logs, + f_host_false_positives, + f_host_compliant, + f_host_notcompliant, + f_host_incomplete, + f_host_undefined)) { tz_revert (zone, tz, old_tz_override); if (host_summary_buffer) @@ -31105,9 +31064,6 @@ print_report_xml_start (report_t report, report_t delta, task_t task, } return -1; } - - PRINT (out, - ""); } cleanup_iterator (&hosts); } From b75f8f09287692880442bea4ad6deaedc965bf7a Mon Sep 17 00:00:00 2001 From: Ahmed Abdelsalam Date: Thu, 18 Jan 2024 17:31:44 +0100 Subject: [PATCH 03/13] Add compliance per host to XML report --- src/gmp.c | 5 ++ src/manage.h | 6 ++ src/manage_sql.c | 158 ++++++++++++++++++++++++----------------------- 3 files changed, 91 insertions(+), 78 deletions(-) diff --git a/src/gmp.c b/src/gmp.c index e8230922e..0aedee961 100644 --- a/src/gmp.c +++ b/src/gmp.c @@ -9429,6 +9429,7 @@ buffer_results_xml (GString *buffer, iterator_t *results, task_t task, const char *severity, *original_severity, *original_level; const char *host, *hostname, *result_id, *port, *path, *asset_id, *qod, *qod_type; char *detect_oid, *detect_ref, *detect_cpe, *detect_loc, *detect_name; + const char *compliance; double severity_double; gchar *nl_descr, *nl_descr_escaped; result_t result; @@ -9459,6 +9460,7 @@ buffer_results_xml (GString *buffer, iterator_t *results, task_t task, hostname = result_iterator_delta_hostname (results); if (host) asset_id = result_iterator_delta_host_asset_id (results); + compliance = result_iterator_delta_compliance (results); } else { @@ -9477,6 +9479,7 @@ buffer_results_xml (GString *buffer, iterator_t *results, task_t task, hostname = result_iterator_hostname (results); if (host) asset_id = result_iterator_asset_host_id (results); + compliance = result_iterator_compliance (results); } @@ -9731,6 +9734,8 @@ buffer_results_xml (GString *buffer, iterator_t *results, task_t task, original_level, original_severity); + buffer_xml_append_printf (buffer, "%s", compliance); + if (include_notes && use_delta_fields ? result_iterator_delta_may_have_notes (results) diff --git a/src/manage.h b/src/manage.h index dfa832808..6c59a32fc 100644 --- a/src/manage.h +++ b/src/manage.h @@ -1556,6 +1556,9 @@ result_iterator_cert_bunds (iterator_t*); gchar ** result_iterator_dfn_certs (iterator_t*); +const char * +result_iterator_compliance (iterator_t*); + const char * result_iterator_delta_state (iterator_t*); @@ -1568,6 +1571,9 @@ result_iterator_delta_severity (iterator_t*); double result_iterator_delta_severity_double (iterator_t*); +const char * +result_iterator_delta_compliance (iterator_t*); + const char* result_iterator_delta_level (iterator_t*); diff --git a/src/manage_sql.c b/src/manage_sql.c index ebd39285f..5c735f4a6 100644 --- a/src/manage_sql.c +++ b/src/manage_sql.c @@ -21799,7 +21799,7 @@ report_add_results_array (report_t report, GArray *results) "low_per_host", "medium_per_host", "high_per_host", "duration", \ "duration_per_host", "start_time", "end_time", "scan_start", "scan_end", \ "compliance_yes", "compliance_no", "compliance_incomplete", \ - "compliance_status", NULL } + "compliant", NULL } /** * @brief Report iterator columns. @@ -21954,7 +21954,7 @@ report_add_results_array (report_t report, GArray *results) }, \ { \ "compliance_status (id)", \ - "compliance_status", \ + "compliant", \ KEYWORD_TYPE_STRING \ }, \ { NULL, NULL, KEYWORD_TYPE_UNKNOWN } \ @@ -22081,7 +22081,7 @@ reports_extra_where (int trash, const gchar *filter, const char *usage_type) usage_type_clause = NULL; if (filter) - compliance_filter = filter_term_value(filter, "compliant"); + compliance_filter = filter_term_value(filter, "report_compliance_levels"); compliance_clause = where_compliance_status (compliance_filter ?: "yniu"); @@ -22811,11 +22811,16 @@ where_qod (int min_qod) " END)", \ NULL, \ KEYWORD_TYPE_INTEGER }, \ - { TICKET_SQL_RESULT_MAY_HAVE_TICKETS("result2_id"), \ + { TICKET_SQL_RESULT_MAY_HAVE_TICKETS("result2_id"), \ NULL, \ KEYWORD_TYPE_INTEGER }, \ - { "delta_hostname", NULL, KEYWORD_TYPE_STRING }, \ - { "delta_new_severity", NULL, KEYWORD_TYPE_DOUBLE }, + { "delta_hostname", NULL, KEYWORD_TYPE_STRING }, \ + { "delta_new_severity", NULL, KEYWORD_TYPE_DOUBLE }, \ + { "coalesce(lower(substring(comparison.delta_description," \ + " '^Compliant:[\\s]*([A-Z_]*)'))," \ + " 'undefined')", \ + "compliant", \ + KEYWORD_TYPE_STRING }, /** * @brief Delta result iterator columns. @@ -24537,6 +24542,20 @@ result_iterator_delta_severity_double (iterator_t* iterator) return iterator_double (iterator, RESULT_ITERATOR_DELTA_COLUMN_OFFSET + 19); } +/** + * @brief Get delta compliance from a result iterator. + * + * @param[in] iterator Iterator. + * + * @return delta compliance if any, else NULL. + */ +const char * +result_iterator_delta_compliance (iterator_t* iterator) +{ + if (iterator->done) return 0; + return iterator_string (iterator, RESULT_ITERATOR_DELTA_COLUMN_OFFSET + 20); +} + /** * @brief Get the severity/threat level from a delta result iterator. * @@ -25890,6 +25909,38 @@ report_counts_id_full (report_t report, int* holes, int* infos, return 0; } +/** + * @brief Get the compliance state from compliance counts. + * + * @param[in] yes_count Compliant results count. + * @param[in] no_count Incompliant results count. + * @param[in] incomplete_count Incomplete results count. + * @param[in] undefined_count Undefined results count. + * + * @return 0 on success, -1 on error. + */ +const char * +report_compliance_from_counts (const int* yes_count, + const int* no_count, + const int* incomplete_count, + const int* undefined_count) +{ + if (no_count && *no_count > 0) + { + return "no"; + } + else if (incomplete_count && *incomplete_count > 0) + { + return "incomplete"; + } + else if (yes_count && *yes_count > 0) + { + return "yes"; + } + + return "undefined"; +} + /** * @brief Get the compliance filtered counts for a report. @@ -25902,7 +25953,6 @@ report_counts_id_full (report_t report, int* holes, int* infos, * after filtering. * @param[out] f_compliance_undefined Undefined results count * after filtering. - * @param[out] f_compliance Compliance state after filtering * * @return 0 on success, -1 on error. */ @@ -25912,8 +25962,7 @@ report_compliance_f_counts (report_t report, int* f_compliance_yes, int* f_compliance_no, int* f_compliance_incomplete, - int* f_compliance_undefined, - char** f_compliance_status) + int* f_compliance_undefined) { if (report == 0) return -1; @@ -25970,26 +26019,6 @@ report_compliance_f_counts (report_t report, cleanup_iterator (&results); - if (f_compliance_status) - { - if (no_count > 0) - { - *f_compliance_status = "not compliant"; - } - else if (incomplete_count > 0) - { - *f_compliance_status = "incomplete"; - } - else if (yes_count > 0) - { - *f_compliance_status = "compliant"; - } - else - { - *f_compliance_status = "undefined"; - } - } - return 0; } @@ -26002,7 +26031,6 @@ report_compliance_f_counts (report_t report, * @param[out] compliance_no Incompliant results count. * @param[out] compliance_incomplete Incomplete results count. * @param[out] compliance_undefined Undefined results count. - * @param[out] f_compliance Compliance state. * * @return 0 on success, -1 on error. */ @@ -26012,8 +26040,7 @@ report_compliance_counts (report_t report, int* compliance_yes, int* compliance_no, int* compliance_incomplete, - int* compliance_undefined, - char** compliance_status) + int* compliance_undefined) { if (report == 0) return -1; @@ -26024,19 +26051,6 @@ report_compliance_counts (report_t report, compliance_incomplete, compliance_undefined); - if (compliance_status) - { - if (compliance_no && *compliance_no > 0) { - *compliance_status = "not compliant"; - } else if (compliance_incomplete && *compliance_incomplete > 0) { - *compliance_status = "incomplete"; - } else if (compliance_yes && *compliance_yes > 0) { - *compliance_status = "compliant"; - } else { - *compliance_status = "undefined"; - } - } - return 0; } @@ -28439,7 +28453,8 @@ print_report_host_xml (FILE *stream, "%d" "%d" "%d" - "", + "" + "%s", host_iterator_start_time (hosts), host_iterator_end_time (hosts) ? host_iterator_end_time (hosts) @@ -28449,7 +28464,11 @@ print_report_host_xml (FILE *stream, yes_count, no_count, incomplete_count, - undefined_count); + undefined_count, + report_compliance_from_counts (&yes_count, + &no_count, + &incomplete_count, + &undefined_count)); } if (print_report_host_details_xml @@ -29766,7 +29785,6 @@ print_report_xml_start (report_t report, report_t delta, task_t task, int compliance_incomplete, compliance_undefined; int f_compliance_yes, f_compliance_no; int f_compliance_incomplete, f_compliance_undefined; - char *compliance_status, *f_compliance_status; int total_compliance_count, f_compliance_count; int delta_reports_version = 0; @@ -30416,8 +30434,7 @@ print_report_xml_start (report_t report, report_t delta, task_t task, if (strcmp (tsk_usage_type, "audit") == 0) { report_compliance_counts (report, get, &compliance_yes, &compliance_no, - &compliance_incomplete, &compliance_undefined, - &compliance_status); + &compliance_incomplete, &compliance_undefined); total_compliance_count = compliance_yes + compliance_no @@ -30434,8 +30451,7 @@ print_report_xml_start (report_t report, report_t delta, task_t task, &f_compliance_yes, &f_compliance_no, &f_compliance_incomplete, - &f_compliance_undefined, - &f_compliance_status); + &f_compliance_undefined); f_compliance_count = f_compliance_yes + f_compliance_no @@ -30888,30 +30904,10 @@ print_report_xml_start (report_t report, report_t delta, task_t task, else { if (count_filtered) - { - f_compliance_count = f_compliance_yes - + f_compliance_no - + f_compliance_incomplete - + f_compliance_undefined; - - if (f_compliance_no > 0) - { - f_compliance_status = "not compliant"; - } - else if (f_compliance_incomplete > 0) - { - f_compliance_status = "incomplete"; - } - else if (f_compliance_yes > 0) - { - f_compliance_status = "compliant"; - } - else - { - f_compliance_status = "undefined"; - } - } - + f_compliance_count = f_compliance_yes + + f_compliance_no + + f_compliance_incomplete + + f_compliance_undefined; PRINT (out, "" "%i" @@ -30939,8 +30935,14 @@ print_report_xml_start (report_t report, report_t delta, task_t task, "%s" "%s" "", - compliance_status, - f_compliance_status); + report_compliance_from_counts (&compliance_yes, + &compliance_no, + &compliance_incomplete, + &compliance_undefined), + report_compliance_from_counts (&f_compliance_yes, + &f_compliance_no, + &f_compliance_incomplete, + &f_compliance_undefined)); } } From ec29bbb32da3665ed2e39f3fa0129a70a5b4a9da Mon Sep 17 00:00:00 2001 From: Ahmed Abdelsalam Date: Fri, 26 Jan 2024 16:25:16 +0100 Subject: [PATCH 04/13] Fix the where clause for reports to check for a filter given by ID --- src/manage_sql.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/src/manage_sql.c b/src/manage_sql.c index 5c735f4a6..a6dff5d26 100644 --- a/src/manage_sql.c +++ b/src/manage_sql.c @@ -22164,11 +22164,14 @@ init_report_iterator (iterator_t* iterator, const get_data_t *get) overrides = filter_term_apply_overrides (filter ? filter : get->filter); min_qod = filter_term_min_qod (filter ? filter : get->filter); - free (filter); - extra_tables = report_iterator_opts_table (overrides, min_qod); usage_type = get_data_get_extra (get, "usage_type"); - extra_where = reports_extra_where (get->trash, get->filter, usage_type); + + extra_where = reports_extra_where (get->trash, + filter ? filter : get->filter, + usage_type); + + free (filter); ret = init_get_iterator2 (iterator, "report", From 9dd1d6b43b86e6eba6a7766067df10d8db024d06 Mon Sep 17 00:00:00 2001 From: Ahmed Abdelsalam Date: Mon, 29 Jan 2024 11:46:21 +0100 Subject: [PATCH 05/13] Fix compliance filter term not applied in get_aggregates --- src/manage_sql.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/manage_sql.c b/src/manage_sql.c index a6dff5d26..bb24b8b4d 100644 --- a/src/manage_sql.c +++ b/src/manage_sql.c @@ -58823,7 +58823,7 @@ type_extra_where (const char *type, int trash, const char *filter, else usage_type = NULL; - extra_where = reports_extra_where (trash, NULL, usage_type); + extra_where = reports_extra_where (trash, filter, usage_type); } else if (strcasecmp (type, "RESULT") == 0) { From 751948776391bdb8c4405dae0eeddc0ee07587ae Mon Sep 17 00:00:00 2001 From: Ahmed Abdelsalam Date: Fri, 2 Feb 2024 11:10:56 +0100 Subject: [PATCH 06/13] Tags can now work with audit_reports - Added audit reports filer and dashboard configuration to settings. --- src/gmp.c | 20 ++++++++-- src/manage_sql.c | 96 +++++++++++++++++++++++++++++++++++++++++++----- src/manage_sql.h | 3 ++ 3 files changed, 105 insertions(+), 14 deletions(-) diff --git a/src/gmp.c b/src/gmp.c index 0aedee961..4da06e393 100644 --- a/src/gmp.c +++ b/src/gmp.c @@ -15914,7 +15914,17 @@ select_resource_iterator (get_resource_names_data_t *resource_names_data, else if (g_strcmp0 ("report", resource_names_data->type) == 0) { *iterator = (int (*) (iterator_t*, get_data_t *))init_report_iterator; + get_data_set_extra (&resource_names_data->get, + "usage_type", + g_strdup ("scan")); } + else if (g_strcmp0 ("audit_report", resource_names_data->type) == 0) + { + *iterator = (int (*) (iterator_t*, get_data_t *))init_report_iterator; + get_data_set_extra (&resource_names_data->get, + "usage_type", + g_strdup ("audit")); + } else if (g_strcmp0 ("report_config", resource_names_data->type) == 0) { *iterator = (int (*) (iterator_t*, get_data_t *))init_report_config_iterator; @@ -15990,7 +16000,8 @@ handle_get_resource_names (gmp_parser_t *gmp_parser, GError **error) && (acl_user_may ("get_assets") == 0)) || ((g_strcmp0 ("result", get_resource_names_data->type) == 0) && (acl_user_may ("get_results") == 0)) - || ((g_strcmp0 ("report", get_resource_names_data->type) == 0) + || (((g_strcmp0 ("report", get_resource_names_data->type) == 0) + || (g_strcmp0 ("audit_report", get_resource_names_data->type) == 0)) && (acl_user_may ("get_reports") == 0)) || (((g_strcmp0 ("cpe", get_resource_names_data->type) == 0) || (g_strcmp0 ("cve", get_resource_names_data->type) == 0) @@ -22510,8 +22521,8 @@ gmp_xml_handle_end_element (/* unused */ GMarkupParseContext* context, (XML_ERROR_SYNTAX ("create_tag", "RESOURCES requires" " a TYPE element")); - else if (valid_db_resource_type (create_tag_data->resource_type) - == 0) + else if (valid_db_resource_type (create_tag_data->resource_type) == 0 + && valid_subtype (create_tag_data->resource_type) == 0) SEND_TO_CLIENT_OR_FAIL (XML_ERROR_SYNTAX ("create_tag", "TYPE in RESOURCES must be" @@ -25263,7 +25274,8 @@ gmp_xml_handle_end_element (/* unused */ GMarkupParseContext* context, "name must be at least one" " character long or omitted completely")); else if (modify_tag_data->resource_type && - valid_db_resource_type (modify_tag_data->resource_type) == 0) + valid_db_resource_type (modify_tag_data->resource_type) == 0 + && valid_subtype (modify_tag_data->resource_type) == 0) SEND_TO_CLIENT_OR_FAIL (XML_ERROR_SYNTAX ("modify_tag", "TYPE in RESOURCES must be" diff --git a/src/manage_sql.c b/src/manage_sql.c index bb24b8b4d..7c02bb5a4 100644 --- a/src/manage_sql.c +++ b/src/manage_sql.c @@ -3970,6 +3970,19 @@ valid_type (const char* type) || (strcasecmp (type, "vuln") == 0); } +/** + * @brief Check whether a resource subtype name is valid. + * + * @param[in] subtype Subtype of resource. + * + * @return 1 yes, 0 no. + */ +int +valid_subtype (const char* type) +{ + return (strcasecmp (type, "audit_report") == 0); +} + /** * @brief Return DB name of type. * @@ -4066,6 +4079,19 @@ type_is_info_subtype (const char *type) == 0; } +/** + * @brief Check whether a resource type is a report subtype. + * + * @param[in] type Type of resource. + * + * @return 1 yes, 0 no. + */ +static int +type_is_report_subtype (const char *type) +{ + return (strcasecmp (type, "audit_report") == 0); +} + /** * @brief Check whether a type has a name and comment. * @@ -48249,14 +48275,18 @@ create_filter (const char *name, const char *comment, const char *type, const char *term, filter_t* filter) { gchar *quoted_name, *quoted_comment, *quoted_term, *clean_term; + const char *db_type; assert (current_credentials.uuid); if (type && strlen (type)) { - type = type_db_name (type); - if (type == NULL || !valid_type (type)) + db_type = type_db_name (type); + if ((db_type == NULL || !valid_type (db_type)) && !valid_subtype (type)) + { return 2; + } + type = valid_subtype (type) ? type : db_type; } sql_begin_immediate (); @@ -48851,13 +48881,18 @@ modify_filter (const char *filter_id, const char *name, const char *comment, { gchar *quoted_name, *quoted_comment, *quoted_term, *quoted_type, *clean_term; filter_t filter; + const char *db_type; if (filter_id == NULL) return 4; - type = type_db_name (type); - if (type && !((strcmp (type, "") == 0) || valid_type (type))) - return 3; + db_type = type_db_name (type); + if (db_type && !((strcmp (db_type, "") == 0) || valid_type (db_type))) + { + if (!valid_subtype (type)) + return 3; + } + type = valid_subtype (type) ? type : db_type; sql_begin_immediate (); @@ -53481,6 +53516,8 @@ modify_setting (const gchar *uuid, const gchar *name, setting_name = g_strdup ("Alerts Filter"); else if (strcmp (uuid, "0f040d06-abf9-43a2-8f94-9de178b0e978") == 0) setting_name = g_strdup ("Assets Filter"); + else if (strcmp (uuid, "45414da7-55f0-44c1-abbb-6b7d1126fbdf") == 0) + setting_name = g_strdup ("Audit Reports Filter"); else if (strcmp (uuid, "1a9fbd91-0182-44cd-bc88-a13a9b3b1bef") == 0) setting_name = g_strdup ("Configs Filter"); else if (strcmp (uuid, "186a5ac8-fe5a-4fb1-aa22-44031fb339f3") == 0) @@ -53603,6 +53640,10 @@ modify_setting (const gchar *uuid, const gchar *name, else if (strcmp (uuid, "e599bb6b-b95a-4bb2-a6bb-fe8ac69bc071") == 0) setting_name = g_strdup ("Reports Top Dashboard Configuration"); + /* Audit Reports dashboard settings */ + else if (strcmp (uuid, "8083d77b-05bb-4b17-ab39-c81175cb512c") == 0) + setting_name = g_strdup ("Audit Reports Top Dashboard Configuration"); + /* Results dashboard settings */ else if (strcmp (uuid, "0b8ae70d-d8fc-4418-8a72-e65ac8d2828e") == 0) setting_name = g_strdup ("Results Top Dashboard Configuration"); @@ -57267,6 +57308,11 @@ tag_add_resources_list (tag_t tag, const char *type, array_t *uuids, resource_permission = g_strdup ("get_info"); else if (type_is_asset_subtype (type)) resource_permission = g_strdup ("get_assets"); + else if (type_is_report_subtype (type)) + { + resource_permission = g_strdup ("get_reports"); + type = g_strdup("report"); + } else resource_permission = g_strdup_printf ("get_%ss", type); @@ -57330,6 +57376,13 @@ tag_add_resources_filter (tag_t tag, const char *type, const char *filter) } else { + if (strcasecmp (type, "audit_report") == 0) + { + type = g_strdup ("report"); + resources_get.type = g_strdup (type); + get_data_set_extra (&resources_get, "usage_type", g_strdup ("audit")); + } + gchar *columns; columns = g_strdup_printf ("%ss.id, %ss.uuid", type, type); @@ -57359,6 +57412,8 @@ tag_add_resources_filter (tag_t tag, const char *type, const char *filter) sql_rollback (); g_free (resources_get.filter); g_free (resources_get.type); + if (resources_get.extra_params) + g_hash_table_destroy (resources_get.extra_params); return -1; } } @@ -57366,6 +57421,8 @@ tag_add_resources_filter (tag_t tag, const char *type, const char *filter) g_free (resources_get.filter); g_free (resources_get.type); + if (resources_get.extra_params) + g_hash_table_destroy (resources_get.extra_params); ret = 2; while (next (&resources)) @@ -57476,6 +57533,15 @@ tag_remove_resources_filter (tag_t tag, const char *type, const char *filter) } else { + if (strcasecmp (type, "audit_report") == 0) + { + type = g_strdup ("report"); + resources_get.type = g_strdup (type); + get_data_set_extra (&resources_get, + "usage_type", + g_strdup ("audit")); + } + gchar *columns; columns = g_strdup_printf ("%ss.id", type); @@ -57495,6 +57561,8 @@ tag_remove_resources_filter (tag_t tag, const char *type, const char *filter) sql_rollback (); g_free (resources_get.filter); g_free (resources_get.type); + if (resources_get.extra_params) + g_hash_table_destroy (resources_get.extra_params); return -1; } } @@ -57502,6 +57570,8 @@ tag_remove_resources_filter (tag_t tag, const char *type, const char *filter) g_free (resources_get.filter); g_free (resources_get.type); + if (resources_get.extra_params) + g_hash_table_destroy (resources_get.extra_params); ret = 2; while (next (&resources)) @@ -57618,9 +57688,12 @@ create_tag (const char * name, const char * comment, const char * value, if (strcmp (lc_resource_type, "") && valid_db_resource_type (lc_resource_type) == 0) { - g_free (lc_resource_type); - sql_rollback (); - return -1; + if (!valid_subtype (lc_resource_type)) + { + g_free (lc_resource_type); + sql_rollback (); + return -1; + } } quoted_name = sql_insert (name); @@ -57850,8 +57923,11 @@ modify_tag (const char *tag_id, const char *name, const char *comment, if (strcmp (lc_resource_type, "") && valid_db_resource_type (lc_resource_type) == 0) { - sql_rollback (); - return -1; + if (!valid_subtype (lc_resource_type)) + { + sql_rollback (); + return -1; + } } quoted_resource_type = sql_insert (lc_resource_type); diff --git a/src/manage_sql.h b/src/manage_sql.h index 28a9204ca..b9db9cb99 100644 --- a/src/manage_sql.h +++ b/src/manage_sql.h @@ -508,6 +508,9 @@ setting_value (const char *, char **); int valid_type (const char *); +int +valid_subtype (const char *); + void add_role_permission_resource (const gchar *, const gchar *, const gchar *, const gchar *); From 094b2516eaf0a274e7e12d1b13c5c6c437dfc7d4 Mon Sep 17 00:00:00 2001 From: Ahmed Abdelsalam Date: Mon, 5 Feb 2024 10:32:14 +0100 Subject: [PATCH 07/13] Tags applied by filter on scan reports exclude audit reports. --- src/manage_sql.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/manage_sql.c b/src/manage_sql.c index 7c02bb5a4..b702b4eb4 100644 --- a/src/manage_sql.c +++ b/src/manage_sql.c @@ -57382,6 +57382,10 @@ tag_add_resources_filter (tag_t tag, const char *type, const char *filter) resources_get.type = g_strdup (type); get_data_set_extra (&resources_get, "usage_type", g_strdup ("audit")); } + else if (strcasecmp (type, "report") == 0) + { + get_data_set_extra (&resources_get, "usage_type", g_strdup ("scan")); + } gchar *columns; From 3726b9ae177393fe3aa940853f620aaca9daaaff Mon Sep 17 00:00:00 2001 From: Ahmed Abdelsalam Date: Mon, 5 Feb 2024 10:49:12 +0100 Subject: [PATCH 08/13] Exclude audit reports from scan tags filter when removing resources --- src/manage_sql.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/manage_sql.c b/src/manage_sql.c index b702b4eb4..b8c55bf06 100644 --- a/src/manage_sql.c +++ b/src/manage_sql.c @@ -57545,6 +57545,10 @@ tag_remove_resources_filter (tag_t tag, const char *type, const char *filter) "usage_type", g_strdup ("audit")); } + else if (strcasecmp (type, "report") == 0) + { + get_data_set_extra (&resources_get, "usage_type", g_strdup ("scan")); + } gchar *columns; From 0e2b94aac921adc9403d49ca37b44e1332049a87 Mon Sep 17 00:00:00 2001 From: Ahmed Abdelsalam Date: Mon, 5 Feb 2024 17:01:59 +0100 Subject: [PATCH 09/13] Tags can now be used with audit tasks and compliance policies --- src/gmp.c | 40 ++++++++++++++++------ src/manage_sql.c | 88 +++++++++++++++++++++++++++++++++++++++++++++--- 2 files changed, 112 insertions(+), 16 deletions(-) diff --git a/src/gmp.c b/src/gmp.c index 4da06e393..196f00f1e 100644 --- a/src/gmp.c +++ b/src/gmp.c @@ -15940,7 +15940,17 @@ select_resource_iterator (get_resource_names_data_t *resource_names_data, else if (g_strcmp0 ("config", resource_names_data->type) == 0) { *iterator = (int (*) (iterator_t*, get_data_t *))init_config_iterator; - } + get_data_set_extra (&resource_names_data->get, + "usage_type", + g_strdup ("scan")); + } + else if (g_strcmp0 ("policy", resource_names_data->type) == 0) + { + *iterator = (int (*) (iterator_t*, get_data_t *))init_config_iterator; + get_data_set_extra (&resource_names_data->get, + "usage_type", + g_strdup ("policy")); + } else if (g_strcmp0 ("scanner", resource_names_data->type) == 0) { *iterator = (int (*) (iterator_t*, get_data_t *))init_scanner_iterator; @@ -15956,7 +15966,17 @@ select_resource_iterator (get_resource_names_data_t *resource_names_data, else if (g_strcmp0 ("task", resource_names_data->type) == 0) { *iterator = (int (*) (iterator_t*, get_data_t *))init_task_iterator; - } + get_data_set_extra (&resource_names_data->get, + "usage_type", + g_strdup ("scan")); + } + else if (g_strcmp0 ("audit", resource_names_data->type) == 0) + { + *iterator = (int (*) (iterator_t*, get_data_t *))init_task_iterator; + get_data_set_extra (&resource_names_data->get, + "usage_type", + g_strdup ("audit")); + } else if (g_strcmp0 ("tls_certificate", resource_names_data->type) == 0) { *iterator = (int (*) (iterator_t*, get_data_t *))init_tls_certificate_iterator; @@ -16008,7 +16028,13 @@ handle_get_resource_names (gmp_parser_t *gmp_parser, GError **error) || (g_strcmp0 ("nvt", get_resource_names_data->type) == 0) || (g_strcmp0 ("cert_bund_adv", get_resource_names_data->type) == 0) || (g_strcmp0 ("dfn_cert_adv", get_resource_names_data->type) == 0)) - && (acl_user_may ("get_info") == 0))) + && (acl_user_may ("get_info") == 0)) + || (((g_strcmp0 ("config", get_resource_names_data->type) == 0) + ||(g_strcmp0 ("policy", get_resource_names_data->type) == 0)) + && (acl_user_may ("get_configs") == 0)) + || (((g_strcmp0 ("task", get_resource_names_data->type) == 0) + ||(g_strcmp0 ("audit", get_resource_names_data->type) == 0)) + && (acl_user_may ("get_tasks") == 0))) { SEND_TO_CLIENT_OR_FAIL (XML_ERROR_SYNTAX ("get_resource_names", @@ -16092,14 +16118,6 @@ handle_get_resource_names (gmp_parser_t *gmp_parser, GError **error) while (next (&resource)) { - if ((g_strcmp0 ("task", get_resource_names_data->type) == 0 - && g_strcmp0 ("audit", task_iterator_usage_type(&resource)) == 0) - || (g_strcmp0 ("config", get_resource_names_data->type) == 0 - && g_strcmp0 ("policy", config_iterator_usage_type(&resource)) == 0)) - { - continue; - } - GString *result; result = g_string_new (""); diff --git a/src/manage_sql.c b/src/manage_sql.c index b8c55bf06..bffb14b00 100644 --- a/src/manage_sql.c +++ b/src/manage_sql.c @@ -3980,7 +3980,9 @@ valid_type (const char* type) int valid_subtype (const char* type) { - return (strcasecmp (type, "audit_report") == 0); + return (strcasecmp (type, "audit_report") == 0) + || (strcasecmp (type, "audit") == 0) + || (strcasecmp (type, "policy") == 0); } /** @@ -4092,6 +4094,32 @@ type_is_report_subtype (const char *type) return (strcasecmp (type, "audit_report") == 0); } +/** + * @brief Check whether a resource type is a task subtype. + * + * @param[in] type Type of resource. + * + * @return 1 yes, 0 no. + */ +static int +type_is_task_subtype (const char *type) +{ + return (strcasecmp (type, "audit") == 0); +} + +/** + * @brief Check whether a resource type is a config subtype. + * + * @param[in] type Type of resource. + * + * @return 1 yes, 0 no. + */ +static int +type_is_config_subtype (const char *type) +{ + return (strcasecmp (type, "policy") == 0); +} + /** * @brief Check whether a type has a name and comment. * @@ -57309,10 +57337,20 @@ tag_add_resources_list (tag_t tag, const char *type, array_t *uuids, else if (type_is_asset_subtype (type)) resource_permission = g_strdup ("get_assets"); else if (type_is_report_subtype (type)) - { - resource_permission = g_strdup ("get_reports"); - type = g_strdup("report"); - } + { + resource_permission = g_strdup ("get_reports"); + type = g_strdup("report"); + } + else if (type_is_task_subtype (type)) + { + resource_permission = g_strdup ("get_tasks"); + type = g_strdup("task"); + } + else if (type_is_config_subtype (type)) + { + resource_permission = g_strdup ("get_configs"); + type = g_strdup("config"); + } else resource_permission = g_strdup_printf ("get_%ss", type); @@ -57386,6 +57424,26 @@ tag_add_resources_filter (tag_t tag, const char *type, const char *filter) { get_data_set_extra (&resources_get, "usage_type", g_strdup ("scan")); } + else if (strcasecmp (type, "task") == 0) + { + get_data_set_extra (&resources_get, "usage_type", g_strdup ("scan")); + } + else if (strcasecmp (type, "audit") == 0) + { + type = g_strdup ("task"); + resources_get.type = g_strdup (type); + get_data_set_extra (&resources_get, "usage_type", g_strdup ("audit")); + } + else if (strcasecmp (type, "policy") == 0) + { + type = g_strdup ("config"); + resources_get.type = g_strdup (type); + get_data_set_extra (&resources_get, "usage_type", g_strdup ("policy")); + } + else if (strcasecmp (type, "config") == 0) + { + get_data_set_extra (&resources_get, "usage_type", g_strdup ("scan")); + } gchar *columns; @@ -57549,6 +57607,26 @@ tag_remove_resources_filter (tag_t tag, const char *type, const char *filter) { get_data_set_extra (&resources_get, "usage_type", g_strdup ("scan")); } + else if (strcasecmp (type, "task") == 0) + { + get_data_set_extra (&resources_get, "usage_type", g_strdup ("scan")); + } + else if (strcasecmp (type, "audit") == 0) + { + type = g_strdup ("task"); + resources_get.type = g_strdup (type); + get_data_set_extra (&resources_get, "usage_type", g_strdup ("audit")); + } + else if (strcasecmp (type, "policy") == 0) + { + type = g_strdup ("config"); + resources_get.type = g_strdup (type); + get_data_set_extra (&resources_get, "usage_type", g_strdup ("policy")); + } + else if (strcasecmp (type, "config") == 0) + { + get_data_set_extra (&resources_get, "usage_type", g_strdup ("scan")); + } gchar *columns; From 5b6054d6cda954e414c9c84f7b7e5289c7e4f896 Mon Sep 17 00:00:00 2001 From: Ahmed Abdelsalam Date: Wed, 14 Feb 2024 13:59:39 +0100 Subject: [PATCH 10/13] Updated GMP documentation --- src/schema_formats/XML/GMP.xml.in | 292 +++++++++++++++++++++++++++++- 1 file changed, 283 insertions(+), 9 deletions(-) diff --git a/src/schema_formats/XML/GMP.xml.in b/src/schema_formats/XML/GMP.xml.in index 770120a01..96be5f2a4 100644 --- a/src/schema_formats/XML/GMP.xml.in +++ b/src/schema_formats/XML/GMP.xml.in @@ -68,6 +68,13 @@ along with this program. If not, see . xsd:token { pattern = "y?n?i?u?" } + + compliance_status + A compliance status + + xsd:token { pattern = "yes|no|incomplete|undefined" } + + ctime A date and time, in the C `ctime' format @@ -1512,6 +1519,7 @@ along with this program. If not, see . qod original_threat original_severity + compliance description delta detection @@ -1895,6 +1903,11 @@ along with this program. If not, see . Original severity when overridden severity + + compliance + Result compliance ("yes", "no", "incomplete" or "undefined") + compliance_status + description Description of the result @@ -2201,8 +2214,10 @@ along with this program. If not, see . permissions user_tags scan_run_status - result_count - severity + result_count + compliance_count + severity + compliance task ports results @@ -2529,7 +2544,7 @@ along with this program. If not, see . result_count - Counts of results produced by scan + Counts of results produced by scan. Only for reports of a scan task

The text contains the full count -- the total number of results @@ -2636,6 +2651,114 @@ along with this program. If not, see . + + compliance_count +

Counts of compliance results. Only for reports of an audit task. + +

+ The text contains the full count -- the total number of compliance results. +

+ + + text + full + filtered + yes + no + incomplete + undefined + + + full + Total number of compliance results + integer + + + filtered + Number of compliance results after filtering + integer + + + yes + + Number of "yes" results (compliant) + + + full + filtered + + + full + Total number of results + integer + + + filtered + Number of results after filtering + integer + + + + no + + Number of "no" results (not compliant) + + + full + filtered + + + full + Total number of results + integer + + + filtered + Number of results after filtering + integer + + + + incomplete + + Number of "incomplete" results (incomplete compliance) + + + full + filtered + + + full + Total number of results + integer + + + filtered + Number of results after filtering + integer + + + + undefined + + Number of "undefined" results (undefined compliance) + + + full + filtered + + + full + Total number of results + integer + + + filtered + Number of results after filtering + integer + + + severity @@ -2653,6 +2776,23 @@ along with this program. If not, see . Maximum severity of the report after filtering + + compliance + + full + filtered + + + full + compliance_status + Compliance of the full report ("yes", "no", "incomplete" or "undefined") + + + filtered + compliance_status + Compliance of the report after filtering ("yes", "no", "incomplete" or "undefined") + + task @@ -2914,7 +3054,9 @@ along with this program. If not, see . start end port_count - result_count + result_count + compliance_count + host_compliance detail @@ -2957,7 +3099,7 @@ along with this program. If not, see . result_count - + Only for scan reports page hole @@ -3032,6 +3174,75 @@ along with this program. If not, see . + + compliance_count + Only for audit reports + + page + yes + no + incomplete + undefined + + + page + Total number of results for current host on current page + integer + + + yes + Number of "yes" results (compliant) + + page + + + page + Number of results on current page + integer + + + + no + Number of "no" results (not compliant) + + page + + + page + Number of results on current page + integer + + + + incomplete + Number of "incomplete" results (incomplete compliance) + + page + + + page + Number of results on current page + integer + + + + undefined + Number of "undefined" results (undefined compliance) + + page + + + page + Number of results on current page + integer + + + + + host_compliance + Only for audit reports. Host compliance + compliance_status + detail A detail associated with the host @@ -17914,6 +18125,11 @@ END:VCALENDAR integer Minimum QoD of the results + tag text @@ -18059,6 +18275,26 @@ END:VCALENDAR iso_time Scan end time + + compliance_yes + integer + Number of compliance yes results + + + compliance_no + integer + Number of compliance no results + + + compliance_incomplete + integer + Number of compliance incomplete results + + + compliant + compliance_status + Compliance state of the report. Can be yes, no, incomplete or undefined + @@ -18128,6 +18364,17 @@ END:VCALENDAR boolean + + usage_type + Optional usage type to limit the reports to. Affects total count unlike filter + + + scan + audit + + + + @@ -22906,8 +23153,9 @@ END:VCALENDAR timestamp scan_end - result_count - severity + result_count + severity + compliance_count timestamp @@ -22919,7 +23167,7 @@ END:VCALENDAR result_count - Result counts for this report + Result counts for this report. Only for scan tasks false_positive log @@ -22951,8 +23199,34 @@ END:VCALENDAR severity severity - Maximum severity of the report + Maximum severity of the report. Only for scan tasks + + compliance_count + Complaince counts. Only for audit tasks + + yes + no + incomplete + undefined + + + yes + integer + + + no + integer + + + incomplete + integer + + + undefined + integer + + From 79bbf68062e82971062eb05d61a57c8e0761a133 Mon Sep 17 00:00:00 2001 From: Ahmed Abdelsalam Date: Tue, 20 Feb 2024 11:03:28 +0100 Subject: [PATCH 11/13] Address review comments --- src/manage_pg.c | 6 ++++-- src/manage_sql.c | 21 +++++++++++---------- 2 files changed, 15 insertions(+), 12 deletions(-) diff --git a/src/manage_pg.c b/src/manage_pg.c index b9d008142..d9d8cc506 100644 --- a/src/manage_pg.c +++ b/src/manage_pg.c @@ -895,7 +895,7 @@ manage_create_sql_functions () "$$ LANGUAGE plpgsql" " IMMUTABLE;"); - sql ("CREATE OR REPLACE FUNCTION compliance_status (" + sql ("CREATE OR REPLACE FUNCTION report_compliance_status (" " report_id integer)" "RETURNS text AS $$ " "BEGIN" @@ -918,7 +918,9 @@ manage_create_sql_functions () "$$ LANGUAGE plpgsql" " IMMUTABLE;"); - sql ("CREATE OR REPLACE FUNCTION compliance_count (report_id integer, compliance text)" + sql ("CREATE OR REPLACE FUNCTION report_compliance_count (" + " report_id integer," + " compliance text)" " RETURNS integer AS $$" " DECLARE count integer := 0;" " BEGIN" diff --git a/src/manage_sql.c b/src/manage_sql.c index bffb14b00..6abe7f43e 100644 --- a/src/manage_sql.c +++ b/src/manage_sql.c @@ -2037,7 +2037,7 @@ filter_control_str (keyword_t **point, const char *column, gchar **string) * @param[out] levels String describing threat levels (message types) * to include in count (for example, "hmlg" for * High, Medium, Low and loG). All levels if NULL. - * @param[out] comliance_levels String describing compliance levels + * @param[out] compliance_levels String describing compliance levels * to include in count (for example, "yniu" for * "yes" (compliant), "n" for "no" (not compliant), * "i" for "incomplete" and "u" for "undefined" @@ -21992,22 +21992,22 @@ report_add_results_array (report_t report, GArray *results) KEYWORD_TYPE_INTEGER \ }, \ { \ - "compliance_count (id, 'YES')", \ + "report_compliance_count (id, 'YES')", \ "compliance_yes", \ KEYWORD_TYPE_INTEGER \ }, \ { \ - "compliance_count (id, 'NO')", \ + "report_compliance_count (id, 'NO')", \ "compliance_no", \ KEYWORD_TYPE_INTEGER \ }, \ { \ - "compliance_count (id, 'INCOMPLETE')", \ + "report_compliance_count (id, 'INCOMPLETE')", \ "compliance_incomplete", \ KEYWORD_TYPE_INTEGER \ }, \ { \ - "compliance_status (id)", \ + "report_compliance_status (id)", \ "compliant", \ KEYWORD_TYPE_STRING \ }, \ @@ -22055,7 +22055,8 @@ where_compliance_status (const char *compliance) compliance_sql = g_string_new (""); count = 0; - g_string_append_printf (compliance_sql, " AND compliance_status(reports.id) IN ("); + g_string_append_printf (compliance_sql, + " AND report_compliance_status(reports.id) IN ("); if (strchr (compliance, 'y')) { @@ -22080,9 +22081,9 @@ where_compliance_status (const char *compliance) g_string_append (compliance_sql, ")"); - if (count == 4) + if ((count == 4) || (count == 0)) { - /* All compliance levels selected. */ + /* All compliance levels or no valid ones selected. */ g_string_free (compliance_sql, TRUE); return NULL; } @@ -22422,9 +22423,9 @@ where_compliance_levels (const char *levels) } g_string_append (levels_sql, ")"); - if (count == 4) + if ((count == 4) || (count == 0)) { - /* All compliance levels selected, so no restriction is necessary. */ + /* All compliance levels or none selected, so no restriction is necessary. */ g_string_free (levels_sql, TRUE); return NULL; } From d6a267cae4e004a78e95715c09810bd58ffa6881 Mon Sep 17 00:00:00 2001 From: Ahmed Abdelsalam Date: Tue, 9 Jul 2024 16:18:05 +0200 Subject: [PATCH 12/13] Add feature toggle for compliance reports --- CMakeLists.txt | 12 + src/gmp.c | 48 +- src/gvmd.c | 3 + src/manage_sql.c | 1071 ++++++++++++++--------------- src/schema_formats/XML/GMP.xml.in | 70 +- 5 files changed, 611 insertions(+), 593 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 945272c27..dd7396c90 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -247,6 +247,10 @@ if (NOT CVSS3_RATINGS) endif (NOT CVSS3_RATINGS) add_definitions (-DCVSS3_RATINGS=${CVSS3_RATINGS}) +if (NOT COMPLIANCE_REPORTS) + set (COMPLIANCE_REPORTS 0) +endif (NOT COMPLIANCE_REPORTS) +add_definitions (-DCOMPLIANCE_REPORTS=${COMPLIANCE_REPORTS}) message ("-- Install prefix: ${CMAKE_INSTALL_PREFIX}") @@ -254,6 +258,14 @@ message ("-- Install prefix: ${CMAKE_INSTALL_PREFIX}") set (GVMD_VERSION "${PROJECT_VERSION_STRING}") +if (COMPLIANCE_REPORTS EQUAL 1) + set(IF_COMPLIANCE_REPORTS "") + set(ENDIF_COMPLIANCE_REPORTS "") +elseif (COMPLIANCE_REPORTS EQUAL 0) + set(IF_COMPLIANCE_REPORTS "") +endif() + # Configure Doxyfile with version number configure_file (doc/Doxyfile.in doc/Doxyfile) configure_file (doc/Doxyfile_full.in doc/Doxyfile_full) diff --git a/src/gmp.c b/src/gmp.c index 196f00f1e..4ae04b006 100644 --- a/src/gmp.c +++ b/src/gmp.c @@ -12955,6 +12955,11 @@ handle_get_features (gmp_parser_t *gmp_parser, GError **error) " status=\"" STATUS_OK "\"" " status_text=\"" STATUS_OK_TEXT "\">"); + SENDF_TO_CLIENT_OR_FAIL ("" + "COMPLIANCE_REPORTS" + "", + COMPLIANCE_REPORTS ? 1 : 0); + SENDF_TO_CLIENT_OR_FAIL ("" "CVSS3_RATINGS" "", @@ -14831,7 +14836,7 @@ handle_get_reports (gmp_parser_t *gmp_parser, GError **error) || (strlen (get_reports_data->report_get.id) == 0)) { int overrides, min_qod; - gchar *filter, *levels, *compliance_levels; + gchar *filter, *levels; get_data_t * get; /* For simplicity, use a fixed result filter when filtering @@ -14853,22 +14858,33 @@ handle_get_reports (gmp_parser_t *gmp_parser, GError **error) overrides = filter_term_apply_overrides (filter ? filter : get->filter); min_qod = filter_term_min_qod (filter ? filter : get->filter); levels = filter_term_value (filter ? filter : get->filter, "levels"); - compliance_levels = filter_term_value (filter - ? filter - : get->filter, - "compliance_levels"); + #if COMPLIANCE_REPORTS == 1 + gchar *compliance_levels; + compliance_levels = filter_term_value (filter + ? filter + : get->filter, + "compliance_levels"); + + /* Setup result filter from overrides. */ + get_reports_data->get.filter + = g_strdup_printf + ("apply_overrides=%i min_qod=%i levels=%s compliance_levels=%s", + overrides, + min_qod, + levels ? levels : "hmlgdf", + compliance_levels ? compliance_levels : "yniu"); + g_free (compliance_levels); + #else + /* Setup result filter from overrides. */ + get_reports_data->get.filter + = g_strdup_printf + ("apply_overrides=%i min_qod=%i levels=%s", + overrides, + min_qod, + levels ? levels : "hmlgdf"); + #endif g_free (filter); - - /* Setup result filter from overrides. */ - get_reports_data->get.filter - = g_strdup_printf - ("apply_overrides=%i min_qod=%i levels=%s compliance_levels=%s", - overrides, - min_qod, - levels ? levels : "hmlgdf", - compliance_levels ? compliance_levels : "yniu"); g_free (levels); - g_free (compliance_levels); } ret = init_report_iterator (&reports, &get_reports_data->report_get); @@ -15914,6 +15930,7 @@ select_resource_iterator (get_resource_names_data_t *resource_names_data, else if (g_strcmp0 ("report", resource_names_data->type) == 0) { *iterator = (int (*) (iterator_t*, get_data_t *))init_report_iterator; +#if COMPLIANCE_REPORTS == 1 get_data_set_extra (&resource_names_data->get, "usage_type", g_strdup ("scan")); @@ -15924,6 +15941,7 @@ select_resource_iterator (get_resource_names_data_t *resource_names_data, get_data_set_extra (&resource_names_data->get, "usage_type", g_strdup ("audit")); +#endif } else if (g_strcmp0 ("report_config", resource_names_data->type) == 0) { diff --git a/src/gvmd.c b/src/gvmd.c index 05bc8c43c..9be3ecc8e 100644 --- a/src/gvmd.c +++ b/src/gvmd.c @@ -2317,6 +2317,9 @@ gvmd (int argc, char** argv, char *env[]) #endif #if CVSS3_RATINGS == 1 printf ("CVSS3 severity ratings enabled\n"); +#endif +#if COMPLIANCE_REPORTS == 1 + printf ("Compliance reports enabled\n"); #endif printf ("Copyright (C) 2009-2021 Greenbone AG\n"); printf ("License: AGPL-3.0-or-later\n"); diff --git a/src/manage_sql.c b/src/manage_sql.c index 6abe7f43e..83e3ddc6b 100644 --- a/src/manage_sql.c +++ b/src/manage_sql.c @@ -3980,9 +3980,14 @@ valid_type (const char* type) int valid_subtype (const char* type) { - return (strcasecmp (type, "audit_report") == 0) - || (strcasecmp (type, "audit") == 0) - || (strcasecmp (type, "policy") == 0); + #if COMPLIANCE_REPORTS == 1 + return (strcasecmp (type, "audit_report") == 0) + || (strcasecmp (type, "audit") == 0) + || (strcasecmp (type, "policy") == 0); + #else + return (strcasecmp (type, "audit") == 0) + || (strcasecmp (type, "policy") == 0); + #endif } /** @@ -22033,6 +22038,7 @@ report_iterator_opts_table (int override, int min_qod) min_qod); } +#if COMPLIANCE_REPORTS == 1 /** * @brief Return SQL WHERE for restricting a SELECT to compliance statuses. * @@ -22090,7 +22096,7 @@ where_compliance_status (const char *compliance) return g_string_free (compliance_sql, FALSE);; } - +#endif /** * @brief Generate an extra WHERE clause for selecting reports @@ -22104,9 +22110,9 @@ where_compliance_status (const char *compliance) static gchar * reports_extra_where (int trash, const gchar *filter, const char *usage_type) { - gchar *extra_where = NULL; - gchar *usage_type_clause, *trash_clause, *compliance_clause = NULL; - gchar *compliance_filter = NULL; + + GString *extra_where = g_string_new (""); + gchar *trash_clause; if (trash) { @@ -22122,36 +22128,37 @@ reports_extra_where (int trash, const gchar *filter, const char *usage_type) } - if (usage_type && strcmp (usage_type, "")) - { - gchar *quoted_usage_type; - quoted_usage_type = sql_quote (usage_type); - usage_type_clause = g_strdup_printf (" AND task in (SELECT id from tasks" - " WHERE usage_type='%s')", - quoted_usage_type); - - g_free (quoted_usage_type); - } - else - usage_type_clause = NULL; + g_string_append_printf(extra_where, "%s", trash_clause); + g_free (trash_clause); - if (filter) - compliance_filter = filter_term_value(filter, "report_compliance_levels"); + #if COMPLIANCE_REPORTS == 1 + gchar *usage_type_clause, *compliance_clause = NULL; + gchar *compliance_filter = NULL; + if (usage_type && strcmp (usage_type, "")) + { + gchar *quoted_usage_type; + quoted_usage_type = sql_quote (usage_type); + usage_type_clause = g_strdup_printf (" AND task in (SELECT id from tasks" + " WHERE usage_type='%s')", + quoted_usage_type); - compliance_clause = where_compliance_status (compliance_filter ?: "yniu"); - + g_free (quoted_usage_type); + } + else + usage_type_clause = NULL; - extra_where = g_strdup_printf("%s%s%s", - trash_clause, - usage_type_clause ?: "", - compliance_clause ?: ""); + if (filter) + compliance_filter = filter_term_value(filter, "report_compliance_levels"); - g_free (compliance_filter); - g_free (trash_clause); - g_free (compliance_clause); - g_free (usage_type_clause); + compliance_clause = where_compliance_status (compliance_filter ?: "yniu"); - return extra_where; + g_string_append_printf (extra_where, "%s%s", usage_type_clause ?: "", compliance_clause ?: ""); + g_free (compliance_filter); + g_free (compliance_clause); + g_free (usage_type_clause); + #endif + + return g_string_free (extra_where, FALSE); } /** @@ -25967,6 +25974,7 @@ report_counts_id_full (report_t report, int* holes, int* infos, return 0; } +#if COMPLIANCE_REPORTS == 1 /** * @brief Get the compliance state from compliance counts. * @@ -26111,7 +26119,7 @@ report_compliance_counts (report_t report, return 0; } - +#endif /** @@ -28437,7 +28445,52 @@ print_report_host_xml (FILE *stream, PRINT (stream, ""); - if (strcmp (usage_type, "audit")) + #if COMPLIANCE_REPORTS == 1 + if (strcmp (usage_type, "audit") == 0) + { + int yes_count, no_count, incomplete_count, undefined_count; + + yes_count + = GPOINTER_TO_INT + (g_hash_table_lookup (f_host_compliant, current_host)); + no_count + = GPOINTER_TO_INT + (g_hash_table_lookup (f_host_notcompliant, current_host)); + incomplete_count + = GPOINTER_TO_INT + (g_hash_table_lookup (f_host_incomplete, current_host)); + undefined_count + = GPOINTER_TO_INT + (g_hash_table_lookup (f_host_undefined, current_host)); + + PRINT (stream, + "%s" + "%s" + "%d" + "" + "%d" + "%d" + "%d" + "%d" + "%d" + "" + "%s", + host_iterator_start_time (hosts), + host_iterator_end_time (hosts) + ? host_iterator_end_time (hosts) + : "", + ports_count, + (yes_count + no_count + incomplete_count + undefined_count), + yes_count, + no_count, + incomplete_count, + undefined_count, + report_compliance_from_counts (&yes_count, + &no_count, + &incomplete_count, + &undefined_count)); + } else + #endif { int holes_count, warnings_count, infos_count; int logs_count, false_positives_count; @@ -28484,50 +28537,6 @@ print_report_host_xml (FILE *stream, logs_count, false_positives_count); } - else - { - int yes_count, no_count, incomplete_count, undefined_count; - - yes_count - = GPOINTER_TO_INT - (g_hash_table_lookup (f_host_compliant, current_host)); - no_count - = GPOINTER_TO_INT - (g_hash_table_lookup (f_host_notcompliant, current_host)); - incomplete_count - = GPOINTER_TO_INT - (g_hash_table_lookup (f_host_incomplete, current_host)); - undefined_count - = GPOINTER_TO_INT - (g_hash_table_lookup (f_host_undefined, current_host)); - - PRINT (stream, - "%s" - "%s" - "%d" - "" - "%d" - "%d" - "%d" - "%d" - "%d" - "" - "%s", - host_iterator_start_time (hosts), - host_iterator_end_time (hosts) - ? host_iterator_end_time (hosts) - : "", - ports_count, - (yes_count + no_count + incomplete_count + undefined_count), - yes_count, - no_count, - incomplete_count, - undefined_count, - report_compliance_from_counts (&yes_count, - &no_count, - &incomplete_count, - &undefined_count)); - } if (print_report_host_details_xml (host_iterator_report_host (hosts), stream, lean)) @@ -29641,7 +29650,8 @@ print_v2_report_delta_xml (FILE *out, iterator_t *results, *orig_filtered_result_count = *filtered_result_count; gchar *usage_type = NULL; - if (task && task_usage_type(task, &usage_type)) return -1; + if (task && task_usage_type(task, &usage_type)) + return -1; ports = g_tree_new_full ((GCompareDataFunc) strcmp, NULL, g_free, (GDestroyNotify) free_host_ports); @@ -29652,7 +29662,30 @@ print_v2_report_delta_xml (FILE *out, iterator_t *results, if (strchr (delta_states, state[0]) == NULL) continue; - if (strcmp (usage_type, "audit")) + #if COMPLIANCE_REPORTS == 1 + if (strcmp (usage_type, "audit") == 0) + { + const char* compliance; + compliance = result_iterator_compliance (results); + (*f_compliance_count)++; + if (strcasecmp (compliance, "yes") == 0) + { + (*f_compliance_yes)++; + } + else if (strcasecmp (compliance, "no") == 0) + { + (*f_compliance_no)++; + } + else if (strcasecmp (compliance, "incomplete") == 0) + { + (*f_compliance_incomplete)++; + } + else if (strcasecmp (compliance, "undefined") == 0) + { + (*f_compliance_undefined)++; + } + } else + #endif { const char *level; /* Increase the result count. */ @@ -29685,28 +29718,6 @@ print_v2_report_delta_xml (FILE *out, iterator_t *results, (*f_false_positives)++; } } - else - { - const char* compliance; - compliance = result_iterator_compliance (results); - (*f_compliance_count)++; - if (strcasecmp (compliance, "yes") == 0) - { - (*f_compliance_yes)++; - } - else if (strcasecmp (compliance, "no") == 0) - { - (*f_compliance_no)++; - } - else if (strcasecmp (compliance, "incomplete") == 0) - { - (*f_compliance_incomplete)++; - } - else if (strcasecmp (compliance, "undefined") == 0) - { - (*f_compliance_undefined)++; - } - } buffer_results_xml (buffer, results, @@ -29839,11 +29850,9 @@ print_report_xml_start (report_t report, report_t delta, task_t task, GHashTable *f_host_incomplete, *f_host_undefined; task_status_t run_status; gchar *tsk_usage_type = NULL; - int compliance_yes, compliance_no; - int compliance_incomplete, compliance_undefined; int f_compliance_yes, f_compliance_no; int f_compliance_incomplete, f_compliance_undefined; - int total_compliance_count, f_compliance_count; + int f_compliance_count; int delta_reports_version = 0; @@ -29856,7 +29865,7 @@ print_report_xml_start (report_t report, report_t delta, task_t task, min_qod = NULL; search_phrase = NULL; total_result_count = filtered_result_count = 0; - total_compliance_count = f_compliance_count = 0; + f_compliance_count = 0; orig_filtered_result_count = 0; orig_f_false_positives = orig_f_warnings = orig_f_logs = orig_f_infos = 0; orig_f_holes = 0; @@ -29947,14 +29956,11 @@ print_report_xml_start (report_t report, report_t delta, task_t task, levels = levels ? levels : g_strdup ("hmlgdf"); - compliance_levels = compliance_levels ? compliance_levels : g_strdup ("yniu"); - if (task && (task_uuid (task, &tsk_uuid) || task_usage_type(task, &tsk_usage_type))) { fclose (out); g_free (term); g_free (levels); - g_free (compliance_levels); g_free (search_phrase); g_free (min_qod); g_free (delta_states); @@ -30027,7 +30033,6 @@ print_report_xml_start (report_t report, report_t delta, task_t task, { free (uuid); g_free (levels); - g_free (compliance_levels); g_free (search_phrase); g_free (min_qod); g_free (delta_states); @@ -30062,7 +30067,9 @@ print_report_xml_start (report_t report, report_t delta, task_t task, if (report) { /* Get total counts of full results. */ - if (strcmp (tsk_usage_type, "audit")) + #if COMPLIANCE_REPORTS == 1 + if (strcmp (tsk_usage_type, "audit")) + #endif { if (delta == 0) { @@ -30200,7 +30207,22 @@ print_report_xml_start (report_t report, report_t delta, task_t task, filters_extra_buffer = g_string_new (""); - if (strcmp (tsk_usage_type, "audit")) + #if COMPLIANCE_REPORTS == 1 + if (strcmp (tsk_usage_type, "audit") == 0) + { + compliance_levels = compliance_levels ? compliance_levels : g_strdup ("yniu"); + + if (strchr (compliance_levels, 'y')) + g_string_append (filters_extra_buffer, "Yes"); + if (strchr (compliance_levels, 'n')) + g_string_append (filters_extra_buffer, "No"); + if (strchr (compliance_levels, 'i')) + g_string_append (filters_extra_buffer, "Incomplete"); + if (strchr (compliance_levels, 'u')) + g_string_append (filters_extra_buffer, "Undefined"); + } + else + #endif { if (strchr (levels, 'h')) g_string_append (filters_extra_buffer, "High"); @@ -30213,17 +30235,6 @@ print_report_xml_start (report_t report, report_t delta, task_t task, if (strchr (levels, 'f')) g_string_append (filters_extra_buffer, "False Positive"); } - else - { - if (strchr (compliance_levels, 'y')) - g_string_append (filters_extra_buffer, "Yes"); - if (strchr (compliance_levels, 'n')) - g_string_append (filters_extra_buffer, "No"); - if (strchr (compliance_levels, 'i')) - g_string_append (filters_extra_buffer, "Incomplete"); - if (strchr (compliance_levels, 'u')) - g_string_append (filters_extra_buffer, "Undefined"); - } if (delta) { @@ -30488,56 +30499,60 @@ print_report_xml_start (report_t report, report_t delta, task_t task, } /* Prepare result counts. */ + #if COMPLIANCE_REPORTS == 1 + int compliance_yes, compliance_no; + int compliance_incomplete, compliance_undefined; + int total_compliance_count = 0; - if (strcmp (tsk_usage_type, "audit") == 0) - { - report_compliance_counts (report, get, &compliance_yes, &compliance_no, - &compliance_incomplete, &compliance_undefined); + if (strcmp (tsk_usage_type, "audit") == 0) + { + report_compliance_counts (report, get, &compliance_yes, &compliance_no, + &compliance_incomplete, &compliance_undefined); - total_compliance_count = compliance_yes - + compliance_no - + compliance_incomplete - + compliance_undefined; + total_compliance_count = compliance_yes + + compliance_no + + compliance_incomplete + + compliance_undefined; - f_compliance_yes = f_compliance_no = 0; - f_compliance_incomplete = f_compliance_undefined = 0; + f_compliance_yes = f_compliance_no = 0; + f_compliance_incomplete = f_compliance_undefined = 0; - if (count_filtered == 0) - { - report_compliance_f_counts (report, - get, - &f_compliance_yes, - &f_compliance_no, - &f_compliance_incomplete, - &f_compliance_undefined); - - f_compliance_count = f_compliance_yes - + f_compliance_no - + f_compliance_incomplete - + f_compliance_undefined; - } - } - else - { - if (count_filtered) - { - /* We're getting all the filtered results, so we can count them as we - * print them, to save time. */ + if (count_filtered == 0) + { + report_compliance_f_counts (report, + get, + &f_compliance_yes, + &f_compliance_no, + &f_compliance_incomplete, + &f_compliance_undefined); - report_counts_id_full (report, &holes, &infos, &logs, - &warnings, &false_positives, &severity, - get, NULL, NULL, NULL, NULL, NULL, NULL, NULL); + f_compliance_count = f_compliance_yes + + f_compliance_no + + f_compliance_incomplete + + f_compliance_undefined; + } + } else + #endif + { + if (count_filtered) + { + /* We're getting all the filtered results, so we can count them as we + * print them, to save time. */ - f_holes = f_infos = f_logs = f_warnings = 0; - f_false_positives = f_severity = 0; - } - else - report_counts_id_full (report, &holes, &infos, &logs, - &warnings, &false_positives, &severity, - get, NULL, - &f_holes, &f_infos, &f_logs, &f_warnings, - &f_false_positives, &f_severity); - } + report_counts_id_full (report, &holes, &infos, &logs, + &warnings, &false_positives, &severity, + get, NULL, NULL, NULL, NULL, NULL, NULL, NULL); + + f_holes = f_infos = f_logs = f_warnings = 0; + f_false_positives = f_severity = 0; + } + else + report_counts_id_full (report, &holes, &infos, &logs, + &warnings, &false_positives, &severity, + get, NULL, + &f_holes, &f_infos, &f_logs, &f_warnings, + &f_false_positives, &f_severity); + } /* Results. */ @@ -30602,31 +30617,31 @@ print_report_xml_start (report_t report, report_t delta, task_t task, /* Quiet erroneous compiler warning. */ result_hosts = NULL; - if (strcmp (tsk_usage_type, "audit")) - { - f_host_holes = g_hash_table_new_full (g_str_hash, g_str_equal, - g_free, NULL); - f_host_warnings = g_hash_table_new_full (g_str_hash, g_str_equal, - g_free, NULL); - f_host_infos = g_hash_table_new_full (g_str_hash, g_str_equal, - g_free, NULL); - f_host_logs = g_hash_table_new_full (g_str_hash, g_str_equal, + #if COMPLIANCE_REPORTS == 1 + if (strcmp (tsk_usage_type, "audit") == 0) + { + f_host_compliant = g_hash_table_new_full (g_str_hash, g_str_equal, + g_free, NULL); + f_host_notcompliant = g_hash_table_new_full (g_str_hash, g_str_equal, + g_free, NULL); + f_host_incomplete = g_hash_table_new_full (g_str_hash, g_str_equal, + g_free, NULL); + f_host_undefined = g_hash_table_new_full (g_str_hash, g_str_equal, + g_free, NULL); + } else + #endif + { + f_host_holes = g_hash_table_new_full (g_str_hash, g_str_equal, g_free, NULL); - f_host_false_positives = g_hash_table_new_full (g_str_hash, g_str_equal, - g_free, NULL); - } - else - { - f_host_compliant = g_hash_table_new_full (g_str_hash, g_str_equal, - g_free, NULL); - f_host_notcompliant = g_hash_table_new_full (g_str_hash, g_str_equal, - g_free, NULL); - f_host_incomplete = g_hash_table_new_full (g_str_hash, g_str_equal, - g_free, NULL); - f_host_undefined = g_hash_table_new_full (g_str_hash, g_str_equal, - g_free, NULL); - } - + f_host_warnings = g_hash_table_new_full (g_str_hash, g_str_equal, + g_free, NULL); + f_host_infos = g_hash_table_new_full (g_str_hash, g_str_equal, + g_free, NULL); + f_host_logs = g_hash_table_new_full (g_str_hash, g_str_equal, + g_free, NULL); + f_host_false_positives = g_hash_table_new_full (g_str_hash, g_str_equal, + g_free, NULL); + } if (delta && get->details) { @@ -30649,36 +30664,7 @@ print_report_xml_start (report_t report, report_t delta, task_t task, &orig_f_false_positives, &f_false_positives, result_hosts)) - { - fclose (out); - g_free (sort_field); - g_free (levels); - g_free (compliance_levels); - g_free (search_phrase); - g_free (min_qod); - g_free (delta_states); - cleanup_iterator (&results); - cleanup_iterator (&delta_results); - tz_revert (zone, tz, old_tz_override); - g_hash_table_destroy (f_host_ports); - if (strcmp (tsk_usage_type, "audit")) - { - g_hash_table_destroy (f_host_holes); - g_hash_table_destroy (f_host_warnings); - g_hash_table_destroy (f_host_infos); - g_hash_table_destroy (f_host_logs); - g_hash_table_destroy (f_host_false_positives); - - } - else - { - g_hash_table_destroy (f_host_compliant); - g_hash_table_destroy (f_host_notcompliant); - g_hash_table_destroy (f_host_incomplete); - g_hash_table_destroy (f_host_undefined); - } - return -1; - } + goto failed_delta_report; } else { @@ -30703,35 +30689,7 @@ print_report_xml_start (report_t report, report_t delta, task_t task, &f_compliance_undefined, &f_compliance_count, result_hosts)) - { - fclose (out); - g_free (sort_field); - g_free (levels); - g_free (compliance_levels); - g_free (search_phrase); - g_free (min_qod); - g_free (delta_states); - cleanup_iterator (&results); - cleanup_iterator (&delta_results); - tz_revert (zone, tz, old_tz_override); - g_hash_table_destroy (f_host_ports); - if (strcmp (tsk_usage_type, "audit")) - { - g_hash_table_destroy (f_host_holes); - g_hash_table_destroy (f_host_warnings); - g_hash_table_destroy (f_host_infos); - g_hash_table_destroy (f_host_logs); - g_hash_table_destroy (f_host_false_positives); - } - else - { - g_hash_table_destroy (f_host_compliant); - g_hash_table_destroy (f_host_notcompliant); - g_hash_table_destroy (f_host_incomplete); - g_hash_table_destroy (f_host_undefined); - } - return -1; - } + goto failed_delta_report; } } else if (get->details) @@ -30767,107 +30725,108 @@ print_report_xml_start (report_t report, report_t delta, task_t task, array_add_new_string (result_hosts, result_iterator_host (&results)); - if (strcmp (tsk_usage_type, "audit")) - { - double result_severity; - result_severity = result_iterator_severity_double (&results); - if (result_severity > f_severity) - f_severity = result_severity; + #if COMPLIANCE_REPORTS == 1 + if (strcmp (tsk_usage_type, "audit") == 0) + { + const char* compliance; + compliance = result_iterator_compliance (&results); - level = result_iterator_level (&results); + if (strcasecmp (compliance, "yes") == 0) + { + f_host_result_counts = f_host_compliant; + if (count_filtered) + f_compliance_yes++; + } + else if (strcasecmp (compliance, "no") == 0) + { + f_host_result_counts = f_host_notcompliant; + if (count_filtered) + f_compliance_no++; + } + else if (strcasecmp (compliance, "incomplete") == 0) + { + f_host_result_counts = f_host_incomplete; + if (count_filtered) + f_compliance_incomplete++; + } + else if (strcasecmp (compliance, "undefined") == 0) + { + f_host_result_counts = f_host_undefined; + if (count_filtered) + f_compliance_undefined++; + } + else + { + f_host_result_counts = NULL; + } - if (strcasecmp (level, "log") == 0) - { - f_host_result_counts = f_host_logs; - if (count_filtered) - f_logs++; - } - else if (strcasecmp (level, "high") == 0) - { - f_host_result_counts = f_host_holes; - if (count_filtered) - f_holes++; - } - else if (strcasecmp (level, "medium") == 0) - { - f_host_result_counts = f_host_warnings; - if (count_filtered) - f_warnings++; - } - else if (strcasecmp (level, "low") == 0) - { - f_host_result_counts = f_host_infos; - if (count_filtered) - f_infos++; - } - else if (strcasecmp (level, "false positive") == 0) - { - f_host_result_counts = f_host_false_positives; - if (count_filtered) - f_false_positives++; + if (f_host_result_counts) + { + const char *result_host = result_iterator_host (&results); + int result_count + = GPOINTER_TO_INT + (g_hash_table_lookup (f_host_result_counts, + result_host)); + + g_hash_table_replace (f_host_result_counts, + g_strdup (result_host), + GINT_TO_POINTER (result_count + 1)); } - else - f_host_result_counts = NULL; + } else + #endif + { + double result_severity; + result_severity = result_iterator_severity_double (&results); + if (result_severity > f_severity) + f_severity = result_severity; - if (f_host_result_counts) - { - const char *result_host = result_iterator_host (&results); - int result_count - = GPOINTER_TO_INT - (g_hash_table_lookup (f_host_result_counts, result_host)); - - g_hash_table_replace (f_host_result_counts, - g_strdup (result_host), - GINT_TO_POINTER (result_count + 1)); - } - } - else - { - const char* compliance; - compliance = result_iterator_compliance (&results); + level = result_iterator_level (&results); - if (strcasecmp (compliance, "yes") == 0) - { - f_host_result_counts = f_host_compliant; - if (count_filtered) - f_compliance_yes++; - } - else if (strcasecmp (compliance, "no") == 0) - { - f_host_result_counts = f_host_notcompliant; - if (count_filtered) - f_compliance_no++; - } - else if (strcasecmp (compliance, "incomplete") == 0) - { - f_host_result_counts = f_host_incomplete; - if (count_filtered) - f_compliance_incomplete++; - } - else if (strcasecmp (compliance, "undefined") == 0) - { - f_host_result_counts = f_host_undefined; - if (count_filtered) - f_compliance_undefined++; - } - else - { - f_host_result_counts = NULL; - } + if (strcasecmp (level, "log") == 0) + { + f_host_result_counts = f_host_logs; + if (count_filtered) + f_logs++; + } + else if (strcasecmp (level, "high") == 0) + { + f_host_result_counts = f_host_holes; + if (count_filtered) + f_holes++; + } + else if (strcasecmp (level, "medium") == 0) + { + f_host_result_counts = f_host_warnings; + if (count_filtered) + f_warnings++; + } + else if (strcasecmp (level, "low") == 0) + { + f_host_result_counts = f_host_infos; + if (count_filtered) + f_infos++; + } + else if (strcasecmp (level, "false positive") == 0) + { + f_host_result_counts = f_host_false_positives; + if (count_filtered) + f_false_positives++; + } + else + f_host_result_counts = NULL; - if (f_host_result_counts) - { - const char *result_host = result_iterator_host (&results); - int result_count - = GPOINTER_TO_INT - (g_hash_table_lookup (f_host_result_counts, - result_host)); - - g_hash_table_replace (f_host_result_counts, - g_strdup (result_host), - GINT_TO_POINTER (result_count + 1)); - } - } + if (f_host_result_counts) + { + const char *result_host = result_iterator_host (&results); + int result_count + = GPOINTER_TO_INT + (g_hash_table_lookup (f_host_result_counts, result_host)); + + g_hash_table_replace (f_host_result_counts, + g_strdup (result_host), + GINT_TO_POINTER (result_count + 1)); + } + } } PRINT (out, ""); @@ -30879,131 +30838,131 @@ print_report_xml_start (report_t report, report_t delta, task_t task, /* Print result counts and severity. */ - if (strcmp (tsk_usage_type, "audit")) - { - if (delta) - /** @todo The f_holes, etc. vars are setup to give the page count. */ - PRINT (out, - "" - "%i" - "%i" - "%i" - "%i" - "%i" - "" - "%i" - "" - "", - orig_filtered_result_count, - (strchr (levels, 'h') ? orig_f_holes : 0), - (strchr (levels, 'l') ? orig_f_infos : 0), - (strchr (levels, 'g') ? orig_f_logs : 0), - (strchr (levels, 'm') ? orig_f_warnings : 0), - (strchr (levels, 'f') ? orig_f_false_positives : 0)); - else - { - if (count_filtered) - filtered_result_count = f_holes + f_infos + f_logs - + f_warnings + false_positives; - + #if COMPLIANCE_REPORTS == 1 + if (strcmp (tsk_usage_type, "audit") == 0) + { + if (delta) PRINT (out, - "" - "%i" - "%i" + "" "%i" - "%i%i" - "%i%i" - "%i%i" - "%i%i" - "" + "%i" + "%i" + "%i" + "%i" + "", + f_compliance_count, + (strchr (compliance_levels, 'y') ? f_compliance_yes : 0), + (strchr (compliance_levels, 'n') ? f_compliance_no : 0), + (strchr (compliance_levels, 'i') ? f_compliance_incomplete : 0), + (strchr (compliance_levels, 'u') ? f_compliance_undefined : 0)); + else + { + if (count_filtered) + f_compliance_count = f_compliance_yes + + f_compliance_no + + f_compliance_incomplete + + f_compliance_undefined; + PRINT (out, + "" + "%i" "%i" "%i" - "" - "", - total_result_count, - total_result_count, - filtered_result_count, - holes, - (strchr (levels, 'h') ? f_holes : 0), - infos, - (strchr (levels, 'l') ? f_infos : 0), - logs, - (strchr (levels, 'g') ? f_logs : 0), - warnings, - (strchr (levels, 'm') ? f_warnings : 0), - false_positives, - (strchr (levels, 'f') ? f_false_positives : 0)); + "%i%i" + "%i%i" + "%i%i" + "%i%i" + "", + total_compliance_count, + total_compliance_count, + f_compliance_count, + compliance_yes, + (strchr (compliance_levels, 'y') ? f_compliance_yes : 0), + compliance_no, + (strchr (compliance_levels, 'n') ? f_compliance_no : 0), + compliance_incomplete, + (strchr (compliance_levels, 'i') ? f_compliance_incomplete : 0), + compliance_undefined, + (strchr (compliance_levels, 'i') ? f_compliance_undefined : 0)); + + PRINT (out, + "" + "%s" + "%s" + "", + report_compliance_from_counts (&compliance_yes, + &compliance_no, + &compliance_incomplete, + &compliance_undefined), + report_compliance_from_counts (&f_compliance_yes, + &f_compliance_no, + &f_compliance_incomplete, + &f_compliance_undefined)); + } + } else + #endif + { + if (delta) + /** @todo The f_holes, etc. vars are setup to give the page count. */ + PRINT (out, + "" + "%i" + "%i" + "%i" + "%i" + "%i" + "" + "%i" + "" + "", + orig_filtered_result_count, + (strchr (levels, 'h') ? orig_f_holes : 0), + (strchr (levels, 'l') ? orig_f_infos : 0), + (strchr (levels, 'g') ? orig_f_logs : 0), + (strchr (levels, 'm') ? orig_f_warnings : 0), + (strchr (levels, 'f') ? orig_f_false_positives : 0)); + else + { + if (count_filtered) + filtered_result_count = f_holes + f_infos + f_logs + + f_warnings + false_positives; - PRINT (out, - "" - "%1.1f" - "%1.1f" - "", - severity, - f_severity); - } - } - else - { - if (delta) PRINT (out, - "" - "%i" - "%i" - "%i" - "%i" - "%i" - "", - f_compliance_count, - (strchr (compliance_levels, 'y') ? f_compliance_yes : 0), - (strchr (compliance_levels, 'n') ? f_compliance_no : 0), - (strchr (compliance_levels, 'i') ? f_compliance_incomplete : 0), - (strchr (compliance_levels, 'u') ? f_compliance_undefined : 0)); - else - { - if (count_filtered) - f_compliance_count = f_compliance_yes - + f_compliance_no - + f_compliance_incomplete - + f_compliance_undefined; - PRINT (out, - "" + "" "%i" "%i" "%i" - "%i%i" - "%i%i" - "%i%i" - "%i%i" - "", - total_compliance_count, - total_compliance_count, - f_compliance_count, - compliance_yes, - (strchr (compliance_levels, 'y') ? f_compliance_yes : 0), - compliance_no, - (strchr (compliance_levels, 'n') ? f_compliance_no : 0), - compliance_incomplete, - (strchr (compliance_levels, 'i') ? f_compliance_incomplete : 0), - compliance_undefined, - (strchr (compliance_levels, 'i') ? f_compliance_undefined : 0)); - - PRINT (out, - "" - "%s" - "%s" - "", - report_compliance_from_counts (&compliance_yes, - &compliance_no, - &compliance_incomplete, - &compliance_undefined), - report_compliance_from_counts (&f_compliance_yes, - &f_compliance_no, - &f_compliance_incomplete, - &f_compliance_undefined)); - } - } + "%i%i" + "%i%i" + "%i%i" + "%i%i" + "" + "%i" + "%i" + "" + "", + total_result_count, + total_result_count, + filtered_result_count, + holes, + (strchr (levels, 'h') ? f_holes : 0), + infos, + (strchr (levels, 'l') ? f_infos : 0), + logs, + (strchr (levels, 'g') ? f_logs : 0), + warnings, + (strchr (levels, 'm') ? f_warnings : 0), + false_positives, + (strchr (levels, 'f') ? f_false_positives : 0)); + PRINT (out, + "" + "%1.1f" + "%1.1f" + "", + severity, + f_severity); + } + } if (host_summary) { @@ -31034,45 +30993,25 @@ print_report_xml_start (report_t report, report_t delta, task_t task, } if (present) { - - if (print_report_host_xml (out, - &hosts, - result_host, - tsk_usage_type, - lean, - host_summary_buffer, - f_host_ports, - f_host_holes, - f_host_warnings, - f_host_infos, - f_host_logs, - f_host_false_positives, - f_host_compliant, - f_host_notcompliant, - f_host_incomplete, - f_host_undefined)) - { - tz_revert (zone, tz, old_tz_override); - if (host_summary_buffer) - g_string_free (host_summary_buffer, TRUE); - g_hash_table_destroy (f_host_ports); - if (strcmp (tsk_usage_type, "audit")) - { - g_hash_table_destroy (f_host_holes); - g_hash_table_destroy (f_host_warnings); - g_hash_table_destroy (f_host_infos); - g_hash_table_destroy (f_host_logs); - g_hash_table_destroy (f_host_false_positives); + if (print_report_host_xml (out, + &hosts, + result_host, + tsk_usage_type, + lean, + host_summary_buffer, + f_host_ports, + f_host_holes, + f_host_warnings, + f_host_infos, + f_host_logs, + f_host_false_positives, + f_host_compliant, + f_host_notcompliant, + f_host_incomplete, + f_host_undefined)) - } - else - { - g_hash_table_destroy (f_host_compliant); - g_hash_table_destroy (f_host_notcompliant); - g_hash_table_destroy (f_host_incomplete); - g_hash_table_destroy (f_host_undefined); - } - return -1; + { + goto failed_print_report_host; } } cleanup_iterator (&hosts); @@ -31084,67 +31023,43 @@ print_report_xml_start (report_t report, report_t delta, task_t task, init_report_host_iterator (&hosts, report, NULL, 0); while (next (&hosts)) { - if (print_report_host_xml (out, - &hosts, - NULL, - tsk_usage_type, - lean, - host_summary_buffer, - f_host_ports, - f_host_holes, - f_host_warnings, - f_host_infos, - f_host_logs, - f_host_false_positives, - f_host_compliant, - f_host_notcompliant, - f_host_incomplete, - f_host_undefined)) - { - tz_revert (zone, tz, old_tz_override); - if (host_summary_buffer) - g_string_free (host_summary_buffer, TRUE); - g_hash_table_destroy (f_host_ports); - if (strcmp (tsk_usage_type, "audit")) - { - g_hash_table_destroy (f_host_holes); - g_hash_table_destroy (f_host_warnings); - g_hash_table_destroy (f_host_infos); - g_hash_table_destroy (f_host_logs); - g_hash_table_destroy (f_host_false_positives); - - } - else - { - g_hash_table_destroy (f_host_compliant); - g_hash_table_destroy (f_host_notcompliant); - g_hash_table_destroy (f_host_incomplete); - g_hash_table_destroy (f_host_undefined); - } - return -1; - } + &hosts, + NULL, + tsk_usage_type, + lean, + host_summary_buffer, + f_host_ports, + f_host_holes, + f_host_warnings, + f_host_infos, + f_host_logs, + f_host_false_positives, + f_host_compliant, + f_host_notcompliant, + f_host_incomplete, + f_host_undefined)) + goto failed_print_report_host; } cleanup_iterator (&hosts); } - - if (strcmp (tsk_usage_type, "audit")) - { - g_hash_table_destroy (f_host_holes); - g_hash_table_destroy (f_host_warnings); - g_hash_table_destroy (f_host_infos); - g_hash_table_destroy (f_host_logs); - g_hash_table_destroy (f_host_false_positives); - - } - else - { - g_hash_table_destroy (f_host_compliant); - g_hash_table_destroy (f_host_notcompliant); - g_hash_table_destroy (f_host_incomplete); - g_hash_table_destroy (f_host_undefined); - } - g_hash_table_destroy (f_host_ports); + #if COMPLIANCE_REPORTS == 1 + if (strcmp (tsk_usage_type, "audit") == 0) + { + g_hash_table_destroy (f_host_compliant); + g_hash_table_destroy (f_host_notcompliant); + g_hash_table_destroy (f_host_incomplete); + g_hash_table_destroy (f_host_undefined); + } else + #endif + { + g_hash_table_destroy (f_host_holes); + g_hash_table_destroy (f_host_warnings); + g_hash_table_destroy (f_host_infos); + g_hash_table_destroy (f_host_logs); + g_hash_table_destroy (f_host_false_positives); + } + g_hash_table_destroy (f_host_ports); /* Print TLS certificates */ @@ -31239,6 +31154,39 @@ print_report_xml_start (report_t report, report_t delta, task_t task, } return 0; + + failed_delta_report: + fclose (out); + g_free (sort_field); + g_free (levels); + g_free (search_phrase); + g_free (min_qod); + g_free (delta_states); + cleanup_iterator (&results); + cleanup_iterator (&delta_results); + failed_print_report_host: + if (host_summary_buffer) + g_string_free (host_summary_buffer, TRUE); + tz_revert (zone, tz, old_tz_override); + g_hash_table_destroy (f_host_ports); + #if COMPLIANCE_REPORTS == 1 + g_free (compliance_levels); + if (strcmp (tsk_usage_type, "audit") == 0) + { + g_hash_table_destroy (f_host_compliant); + g_hash_table_destroy (f_host_notcompliant); + g_hash_table_destroy (f_host_incomplete); + g_hash_table_destroy (f_host_undefined); + } else + #endif + { + g_hash_table_destroy (f_host_holes); + g_hash_table_destroy (f_host_warnings); + g_hash_table_destroy (f_host_infos); + g_hash_table_destroy (f_host_logs); + g_hash_table_destroy (f_host_false_positives); + } + return -1; } /** @@ -53545,8 +53493,10 @@ modify_setting (const gchar *uuid, const gchar *name, setting_name = g_strdup ("Alerts Filter"); else if (strcmp (uuid, "0f040d06-abf9-43a2-8f94-9de178b0e978") == 0) setting_name = g_strdup ("Assets Filter"); - else if (strcmp (uuid, "45414da7-55f0-44c1-abbb-6b7d1126fbdf") == 0) - setting_name = g_strdup ("Audit Reports Filter"); + #if COMPLIANCE_REPORTS == 1 + else if (strcmp (uuid, "45414da7-55f0-44c1-abbb-6b7d1126fbdf") == 0) + setting_name = g_strdup ("Audit Reports Filter"); + #endif else if (strcmp (uuid, "1a9fbd91-0182-44cd-bc88-a13a9b3b1bef") == 0) setting_name = g_strdup ("Configs Filter"); else if (strcmp (uuid, "186a5ac8-fe5a-4fb1-aa22-44031fb339f3") == 0) @@ -53670,9 +53620,10 @@ modify_setting (const gchar *uuid, const gchar *name, setting_name = g_strdup ("Reports Top Dashboard Configuration"); /* Audit Reports dashboard settings */ - else if (strcmp (uuid, "8083d77b-05bb-4b17-ab39-c81175cb512c") == 0) - setting_name = g_strdup ("Audit Reports Top Dashboard Configuration"); - + #if COMPLIANCE_REPORTS == 1 + else if (strcmp (uuid, "8083d77b-05bb-4b17-ab39-c81175cb512c") == 0) + setting_name = g_strdup ("Audit Reports Top Dashboard Configuration"); + #endif /* Results dashboard settings */ else if (strcmp (uuid, "0b8ae70d-d8fc-4418-8a72-e65ac8d2828e") == 0) setting_name = g_strdup ("Results Top Dashboard Configuration"); diff --git a/src/schema_formats/XML/GMP.xml.in b/src/schema_formats/XML/GMP.xml.in index 96be5f2a4..31d24711a 100644 --- a/src/schema_formats/XML/GMP.xml.in +++ b/src/schema_formats/XML/GMP.xml.in @@ -68,13 +68,15 @@ along with this program. If not, see . xsd:token { pattern = "y?n?i?u?" } + @IF_COMPLIANCE_REPORTS@ compliance_status A compliance status xsd:token { pattern = "yes|no|incomplete|undefined" } - + + @ENDIF_COMPLIANCE_REPORTS@ ctime A date and time, in the C `ctime' format @@ -2214,10 +2216,16 @@ along with this program. If not, see . permissions user_tags scan_run_status - result_count + @IF_COMPLIANCE_REPORTS@ + + @ENDIF_COMPLIANCE_REPORTS@ + result_count + severity + @IF_COMPLIANCE_REPORTS@ + compliance_count - severity compliance + @ENDIF_COMPLIANCE_REPORTS@ task ports results @@ -2544,7 +2552,7 @@ along with this program. If not, see . result_count - Counts of results produced by scan. Only for reports of a scan task + Counts of results produced by scan

The text contains the full count -- the total number of results @@ -2651,12 +2659,13 @@ along with this program. If not, see . + @IF_COMPLIANCE_REPORTS@ compliance_count

Counts of compliance results. Only for reports of an audit task.

- The text contains the full count -- the total number of compliance results. + The text contains the full count. The total number of compliance results.

@@ -2758,7 +2767,8 @@ along with this program. If not, see . integer - + + @ENDIF_COMPLIANCE_REPORTS@ severity @@ -2776,6 +2786,7 @@ along with this program. If not, see . Maximum severity of the report after filtering + @IF_COMPLIANCE_REPORTS@ compliance @@ -2792,7 +2803,8 @@ along with this program. If not, see . compliance_status Compliance of the report after filtering ("yes", "no", "incomplete" or "undefined") - + + @ENDIF_COMPLIANCE_REPORTS@ task @@ -3054,9 +3066,15 @@ along with this program. If not, see . start end port_count - result_count + @IF_COMPLIANCE_REPORTS@ + + @ENDIF_COMPLIANCE_REPORTS@ + result_count + @IF_COMPLIANCE_REPORTS@ + compliance_count host_compliance + @ENDIF_COMPLIANCE_REPORTS@ detail @@ -3099,7 +3117,7 @@ along with this program. If not, see . result_count - Only for scan reports + page hole @@ -3174,6 +3192,7 @@ along with this program. If not, see . + @IF_COMPLIANCE_REPORTS@ compliance_count Only for audit reports @@ -3242,7 +3261,8 @@ along with this program. If not, see . host_compliance Only for audit reports. Host compliance compliance_status - + + @ENDIF_COMPLIANCE_REPORTS@ detail A detail associated with the host @@ -18125,11 +18145,13 @@ END:VCALENDAR integer Minimum QoD of the results + @IF_COMPLIANCE_REPORTS@ + + @ENDIF_COMPLIANCE_REPORTS@ tag text @@ -18275,6 +18297,7 @@ END:VCALENDAR iso_time Scan end time + @IF_COMPLIANCE_REPORTS@ compliance_yes integer @@ -18294,7 +18317,8 @@ END:VCALENDAR compliant compliance_status Compliance state of the report. Can be yes, no, incomplete or undefined - + + @ENDIF_COMPLIANCE_REPORTS@ @@ -18364,6 +18388,7 @@ END:VCALENDAR boolean + @IF_COMPLIANCE_REPORTS@ usage_type Optional usage type to limit the reports to. Affects total count unlike filter @@ -18374,7 +18399,8 @@ END:VCALENDAR - + + @ENDIF_COMPLIANCE_REPORTS@ @@ -23153,9 +23179,15 @@ END:VCALENDAR timestamp scan_end - result_count - severity + @IF_COMPLIANCE_REPORTS@ + + @ENDIF_COMPLIANCE_REPORTS@ + result_count + severity + @IF_COMPLIANCE_REPORTS@ + compliance_count + @ENDIF_COMPLIANCE_REPORTS@ timestamp @@ -23167,7 +23199,7 @@ END:VCALENDAR result_count - Result counts for this report. Only for scan tasks + Result counts for this report false_positive log @@ -23199,8 +23231,9 @@ END:VCALENDAR severity severity - Maximum severity of the report. Only for scan tasks + Maximum severity of the report + @IF_COMPLIANCE_REPORTS@ compliance_count Complaince counts. Only for audit tasks @@ -23226,7 +23259,8 @@ END:VCALENDAR undefined integer - + + @ENDIF_COMPLIANCE_REPORTS@ From 002fe4206e7f5fa7732d7a4be15261affbec61c7 Mon Sep 17 00:00:00 2001 From: Ahmed Abdelsalam Date: Fri, 23 Aug 2024 13:52:12 +0200 Subject: [PATCH 13/13] Fix missing feature toggle check on add & remove tag resources --- src/manage_sql.c | 52 ++++++++++++++++++++++++++---------------------- 1 file changed, 28 insertions(+), 24 deletions(-) diff --git a/src/manage_sql.c b/src/manage_sql.c index 83e3ddc6b..b5829f009 100644 --- a/src/manage_sql.c +++ b/src/manage_sql.c @@ -57366,17 +57366,7 @@ tag_add_resources_filter (tag_t tag, const char *type, const char *filter) } else { - if (strcasecmp (type, "audit_report") == 0) - { - type = g_strdup ("report"); - resources_get.type = g_strdup (type); - get_data_set_extra (&resources_get, "usage_type", g_strdup ("audit")); - } - else if (strcasecmp (type, "report") == 0) - { - get_data_set_extra (&resources_get, "usage_type", g_strdup ("scan")); - } - else if (strcasecmp (type, "task") == 0) + if (strcasecmp (type, "task") == 0) { get_data_set_extra (&resources_get, "usage_type", g_strdup ("scan")); } @@ -57396,6 +57386,18 @@ tag_add_resources_filter (tag_t tag, const char *type, const char *filter) { get_data_set_extra (&resources_get, "usage_type", g_strdup ("scan")); } + #if COMPLIANCE_REPORTS == 1 + else if (strcasecmp (type, "audit_report") == 0) + { + type = g_strdup ("report"); + resources_get.type = g_strdup (type); + get_data_set_extra (&resources_get, "usage_type", g_strdup ("audit")); + } + else if (strcasecmp (type, "report") == 0) + { + get_data_set_extra (&resources_get, "usage_type", g_strdup ("scan")); + } + #endif gchar *columns; @@ -57547,19 +57549,7 @@ tag_remove_resources_filter (tag_t tag, const char *type, const char *filter) } else { - if (strcasecmp (type, "audit_report") == 0) - { - type = g_strdup ("report"); - resources_get.type = g_strdup (type); - get_data_set_extra (&resources_get, - "usage_type", - g_strdup ("audit")); - } - else if (strcasecmp (type, "report") == 0) - { - get_data_set_extra (&resources_get, "usage_type", g_strdup ("scan")); - } - else if (strcasecmp (type, "task") == 0) + if (strcasecmp (type, "task") == 0) { get_data_set_extra (&resources_get, "usage_type", g_strdup ("scan")); } @@ -57579,6 +57569,20 @@ tag_remove_resources_filter (tag_t tag, const char *type, const char *filter) { get_data_set_extra (&resources_get, "usage_type", g_strdup ("scan")); } + #if COMPLIANCE_REPORTS == 1 + else if (strcasecmp (type, "audit_report") == 0) + { + type = g_strdup ("report"); + resources_get.type = g_strdup (type); + get_data_set_extra (&resources_get, + "usage_type", + g_strdup ("audit")); + } + else if (strcasecmp (type, "report") == 0) + { + get_data_set_extra (&resources_get, "usage_type", g_strdup ("scan")); + } + #endif gchar *columns;