Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Change: Differentiate between audit and scan reports #2125

Merged
merged 13 commits into from
Aug 23, 2024
Merged

Change: Differentiate between audit and scan reports #2125

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
13 commits
Select commit Hold shift + click to select a range
e0f3815
Change: Differentiate between audit and scan reports
a-h-abdelsalam Jan 15, 2024
e211998
Refactor printing the XML for a report host
a-h-abdelsalam Jan 16, 2024
b75f8f0
Add compliance per host to XML report
a-h-abdelsalam Jan 18, 2024
ec29bbb
Fix the where clause for reports to check for a filter given by ID
a-h-abdelsalam Jan 26, 2024
9dd1d6b
Fix compliance filter term not applied in get_aggregates
a-h-abdelsalam Jan 29, 2024
7519487
Tags can now work with audit_reports
a-h-abdelsalam Feb 2, 2024
094b251
Tags applied by filter on scan reports exclude audit reports.
a-h-abdelsalam Feb 5, 2024
3726b9a
Exclude audit reports from scan tags filter when removing resources
a-h-abdelsalam Feb 5, 2024
0e2b94a
Tags can now be used with audit tasks and compliance policies
a-h-abdelsalam Feb 5, 2024
5b6054d
Updated GMP documentation
a-h-abdelsalam Feb 14, 2024
79bbf68
Address review comments
a-h-abdelsalam Feb 20, 2024
d6a267c
Add feature toggle for compliance reports
a-h-abdelsalam Jul 9, 2024
002fe42
Fix missing feature toggle check on add & remove tag resources
a-h-abdelsalam Aug 23, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 12 additions & 0 deletions CMakeLists.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -247,13 +247,25 @@ if (NOT CVSS3_RATINGS)
endif (NOT CVSS3_RATINGS)
add_definitions (-DCVSS3_RATINGS=${CVSS3_RATINGS})

if (NOT COMPLIANCE_REPORTS)
set (COMPLIANCE_REPORTS 0)
endif (NOT COMPLIANCE_REPORTS)
add_definitions (-DCOMPLIANCE_REPORTS=${COMPLIANCE_REPORTS})

message ("-- Install prefix: ${CMAKE_INSTALL_PREFIX}")

## Version

set (GVMD_VERSION "${PROJECT_VERSION_STRING}")

if (COMPLIANCE_REPORTS EQUAL 1)
set(IF_COMPLIANCE_REPORTS "")
set(ENDIF_COMPLIANCE_REPORTS "")
elseif (COMPLIANCE_REPORTS EQUAL 0)
set(IF_COMPLIANCE_REPORTS "<!--")
set(ENDIF_COMPLIANCE_REPORTS "-->")
endif()

# Configure Doxyfile with version number
configure_file (doc/Doxyfile.in doc/Doxyfile)
configure_file (doc/Doxyfile_full.in doc/Doxyfile_full)
Expand Down
114 changes: 93 additions & 21 deletions src/gmp.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5555,6 +5555,14 @@
else
get_reports_data->ignore_pagination = 0;

if (find_attribute (attribute_names, attribute_values,
"usage_type", &attribute))
{
get_data_set_extra (&get_reports_data->report_get,

Check warning on line 5561 in src/gmp.c

View check run for this annotation

Codecov / codecov/patch

src/gmp.c#L5561 

Added line #L5561 was not covered by tests
"usage_type",
attribute);
}

set_client_state (CLIENT_GET_REPORTS);
}
else if (strcasecmp ("GET_REPORT_CONFIGS", element_name) == 0)
Expand Down Expand Up @@ -9421,6 +9429,7 @@
const char *severity, *original_severity, *original_level;
const char *host, *hostname, *result_id, *port, *path, *asset_id, *qod, *qod_type;
char *detect_oid, *detect_ref, *detect_cpe, *detect_loc, *detect_name;
const char *compliance;
double severity_double;
gchar *nl_descr, *nl_descr_escaped;
result_t result;
Expand Down Expand Up @@ -9451,6 +9460,7 @@
hostname = result_iterator_delta_hostname (results);
if (host)
asset_id = result_iterator_delta_host_asset_id (results);
compliance = result_iterator_delta_compliance (results);

Check warning on line 9463 in src/gmp.c

View check run for this annotation

Codecov / codecov/patch

src/gmp.c#L9463 

Added line #L9463 was not covered by tests
}
else
{
Expand All @@ -9469,6 +9479,7 @@
hostname = result_iterator_hostname (results);
if (host)
asset_id = result_iterator_asset_host_id (results);
compliance = result_iterator_compliance (results);

Check warning on line 9482 in src/gmp.c

View check run for this annotation

Codecov / codecov/patch

src/gmp.c#L9482 

Added line #L9482 was not covered by tests
}


Expand Down Expand Up @@ -9723,6 +9734,8 @@
original_level,
original_severity);

buffer_xml_append_printf (buffer, "<compliance>%s</compliance>", compliance);

Check warning on line 9737 in src/gmp.c

View check run for this annotation

Codecov / codecov/patch

src/gmp.c#L9737 

Added line #L9737 was not covered by tests

if (include_notes
&& use_delta_fields
? result_iterator_delta_may_have_notes (results)
Expand Down Expand Up @@ -12942,6 +12955,11 @@
" status=\"" STATUS_OK "\""
" status_text=\"" STATUS_OK_TEXT "\">");

SENDF_TO_CLIENT_OR_FAIL ("<feature enabled=\"%d\">"

Check warning on line 12958 in src/gmp.c

View check run for this annotation

Codecov / codecov/patch

src/gmp.c#L12958 

Added line #L12958 was not covered by tests
"<name>COMPLIANCE_REPORTS</name>"
"</feature>",
COMPLIANCE_REPORTS ? 1 : 0);

SENDF_TO_CLIENT_OR_FAIL ("<feature enabled=\"%d\">"
"<name>CVSS3_RATINGS</name>"
"</feature>",
Expand Down Expand Up @@ -14840,12 +14858,32 @@
overrides = filter_term_apply_overrides (filter ? filter : get->filter);
min_qod = filter_term_min_qod (filter ? filter : get->filter);
levels = filter_term_value (filter ? filter : get->filter, "levels");
#if COMPLIANCE_REPORTS == 1
gchar *compliance_levels;
compliance_levels = filter_term_value (filter
? filter
: get->filter,
"compliance_levels");

/* Setup result filter from overrides. */
get_reports_data->get.filter
= g_strdup_printf
("apply_overrides=%i min_qod=%i levels=%s compliance_levels=%s",
overrides,
min_qod,
levels ? levels : "hmlgdf",
compliance_levels ? compliance_levels : "yniu");
g_free (compliance_levels);
#else
/* Setup result filter from overrides. */
get_reports_data->get.filter
= g_strdup_printf

Check warning on line 14880 in src/gmp.c

View check run for this annotation

Codecov / codecov/patch

src/gmp.c#L14879-L14880 

Added lines #L14879 - L14880 were not covered by tests
("apply_overrides=%i min_qod=%i levels=%s",
overrides,
min_qod,
levels ? levels : "hmlgdf");
#endif
g_free (filter);

/* Setup result filter from overrides. */
get_reports_data->get.filter
= g_strdup_printf ("apply_overrides=%i min_qod=%i levels=%s",
overrides, min_qod, levels ? levels : "hmlgdf");
g_free (levels);
}

Expand Down Expand Up @@ -15892,7 +15930,19 @@
else if (g_strcmp0 ("report", resource_names_data->type) == 0)
{
*iterator = (int (*) (iterator_t*, get_data_t *))init_report_iterator;
#if COMPLIANCE_REPORTS == 1
get_data_set_extra (&resource_names_data->get,
"usage_type",
g_strdup ("scan"));
}
else if (g_strcmp0 ("audit_report", resource_names_data->type) == 0)
{
*iterator = (int (*) (iterator_t*, get_data_t *))init_report_iterator;
get_data_set_extra (&resource_names_data->get,
"usage_type",
g_strdup ("audit"));
#endif
}
else if (g_strcmp0 ("report_config", resource_names_data->type) == 0)
{
*iterator = (int (*) (iterator_t*, get_data_t *))init_report_config_iterator;
Expand All @@ -15908,7 +15958,17 @@
else if (g_strcmp0 ("config", resource_names_data->type) == 0)
{
*iterator = (int (*) (iterator_t*, get_data_t *))init_config_iterator;
}
get_data_set_extra (&resource_names_data->get,

Check warning on line 15961 in src/gmp.c

View check run for this annotation

Codecov / codecov/patch

src/gmp.c#L15961 

Added line #L15961 was not covered by tests
"usage_type",
g_strdup ("scan"));

Check warning on line 15963 in src/gmp.c

View check run for this annotation

Codecov / codecov/patch

src/gmp.c#L15963 

Added line #L15963 was not covered by tests
}
else if (g_strcmp0 ("policy", resource_names_data->type) == 0)

Check warning on line 15965 in src/gmp.c

View check run for this annotation

Codecov / codecov/patch

src/gmp.c#L15965 

Added line #L15965 was not covered by tests
{
*iterator = (int (*) (iterator_t*, get_data_t *))init_config_iterator;
get_data_set_extra (&resource_names_data->get,

Check warning on line 15968 in src/gmp.c

View check run for this annotation

Codecov / codecov/patch

src/gmp.c#L15967-L15968 

Added lines #L15967 - L15968 were not covered by tests
"usage_type",
g_strdup ("policy"));

Check warning on line 15970 in src/gmp.c

View check run for this annotation

Codecov / codecov/patch

src/gmp.c#L15970 

Added line #L15970 was not covered by tests
}
else if (g_strcmp0 ("scanner", resource_names_data->type) == 0)
{
*iterator = (int (*) (iterator_t*, get_data_t *))init_scanner_iterator;
Expand All @@ -15924,7 +15984,17 @@
else if (g_strcmp0 ("task", resource_names_data->type) == 0)
{
*iterator = (int (*) (iterator_t*, get_data_t *))init_task_iterator;
}
get_data_set_extra (&resource_names_data->get,

Check warning on line 15987 in src/gmp.c

View check run for this annotation

Codecov / codecov/patch

src/gmp.c#L15987 

Added line #L15987 was not covered by tests
"usage_type",
g_strdup ("scan"));

Check warning on line 15989 in src/gmp.c

View check run for this annotation

Codecov / codecov/patch

src/gmp.c#L15989 

Added line #L15989 was not covered by tests
}
else if (g_strcmp0 ("audit", resource_names_data->type) == 0)

Check warning on line 15991 in src/gmp.c

View check run for this annotation

Codecov / codecov/patch

src/gmp.c#L15991 

Added line #L15991 was not covered by tests
{
*iterator = (int (*) (iterator_t*, get_data_t *))init_task_iterator;
get_data_set_extra (&resource_names_data->get,

Check warning on line 15994 in src/gmp.c

View check run for this annotation

Codecov / codecov/patch

src/gmp.c#L15993-L15994 

Added lines #L15993 - L15994 were not covered by tests
"usage_type",
g_strdup ("audit"));

Check warning on line 15996 in src/gmp.c

View check run for this annotation

Codecov / codecov/patch

src/gmp.c#L15996 

Added line #L15996 was not covered by tests
}
else if (g_strcmp0 ("tls_certificate", resource_names_data->type) == 0)
{
*iterator = (int (*) (iterator_t*, get_data_t *))init_tls_certificate_iterator;
Expand Down Expand Up @@ -15968,14 +16038,21 @@
&& (acl_user_may ("get_assets") == 0))
|| ((g_strcmp0 ("result", get_resource_names_data->type) == 0)
&& (acl_user_may ("get_results") == 0))
|| ((g_strcmp0 ("report", get_resource_names_data->type) == 0)
|| (((g_strcmp0 ("report", get_resource_names_data->type) == 0)
|| (g_strcmp0 ("audit_report", get_resource_names_data->type) == 0))

Check warning on line 16042 in src/gmp.c

View check run for this annotation

Codecov / codecov/patch

src/gmp.c#L16041-L16042 

Added lines #L16041 - L16042 were not covered by tests
&& (acl_user_may ("get_reports") == 0))
|| (((g_strcmp0 ("cpe", get_resource_names_data->type) == 0)
|| (g_strcmp0 ("cve", get_resource_names_data->type) == 0)
|| (g_strcmp0 ("nvt", get_resource_names_data->type) == 0)
|| (g_strcmp0 ("cert_bund_adv", get_resource_names_data->type) == 0)
|| (g_strcmp0 ("dfn_cert_adv", get_resource_names_data->type) == 0))
&& (acl_user_may ("get_info") == 0)))
&& (acl_user_may ("get_info") == 0))
|| (((g_strcmp0 ("config", get_resource_names_data->type) == 0)
||(g_strcmp0 ("policy", get_resource_names_data->type) == 0))
&& (acl_user_may ("get_configs") == 0))
|| (((g_strcmp0 ("task", get_resource_names_data->type) == 0)
||(g_strcmp0 ("audit", get_resource_names_data->type) == 0))
&& (acl_user_may ("get_tasks") == 0)))

Check warning on line 16055 in src/gmp.c

View check run for this annotation

Codecov / codecov/patch

src/gmp.c#L16049-L16055 

Added lines #L16049 - L16055 were not covered by tests
{
SEND_TO_CLIENT_OR_FAIL
(XML_ERROR_SYNTAX ("get_resource_names",
Expand Down Expand Up @@ -16059,14 +16136,6 @@

while (next (&resource))
{
if ((g_strcmp0 ("task", get_resource_names_data->type) == 0
&& g_strcmp0 ("audit", task_iterator_usage_type(&resource)) == 0)
|| (g_strcmp0 ("config", get_resource_names_data->type) == 0
&& g_strcmp0 ("policy", config_iterator_usage_type(&resource)) == 0))
{
continue;
}

GString *result;
result = g_string_new ("");

Expand Down Expand Up @@ -16252,6 +16321,7 @@
NULL, /* result_hosts_only */
NULL, /* min_qod */
NULL, /* levels */
NULL, /* compliance_levels */
NULL, /* delta_states */
NULL, /* search_phrase */
NULL, /* search_phrase_exact */
Expand Down Expand Up @@ -18266,7 +18336,8 @@
report_compliance_by_uuid (last_report_id,
&compliance_yes,
&compliance_no,
&compliance_incomplete);
&compliance_incomplete,
NULL);

last_report
= g_strdup_printf ("<last_report>"
Expand Down Expand Up @@ -22486,8 +22557,8 @@
(XML_ERROR_SYNTAX ("create_tag",
"RESOURCES requires"
" a TYPE element"));
else if (valid_db_resource_type (create_tag_data->resource_type)
== 0)
else if (valid_db_resource_type (create_tag_data->resource_type) == 0
&& valid_subtype (create_tag_data->resource_type) == 0)

Check warning on line 22561 in src/gmp.c

View check run for this annotation

Codecov / codecov/patch

src/gmp.c#L22560-L22561 

Added lines #L22560 - L22561 were not covered by tests
SEND_TO_CLIENT_OR_FAIL
(XML_ERROR_SYNTAX ("create_tag",
"TYPE in RESOURCES must be"
Expand Down Expand Up @@ -25239,7 +25310,8 @@
"name must be at least one"
" character long or omitted completely"));
else if (modify_tag_data->resource_type &&
valid_db_resource_type (modify_tag_data->resource_type) == 0)
valid_db_resource_type (modify_tag_data->resource_type) == 0
&& valid_subtype (modify_tag_data->resource_type) == 0)

Check warning on line 25314 in src/gmp.c

View check run for this annotation

Codecov / codecov/patch

src/gmp.c#L25313-L25314 

Added lines #L25313 - L25314 were not covered by tests
SEND_TO_CLIENT_OR_FAIL
(XML_ERROR_SYNTAX ("modify_tag",
"TYPE in RESOURCES must be"
Expand Down
3 changes: 3 additions & 0 deletions src/gvmd.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2317,6 +2317,9 @@ gvmd (int argc, char** argv, char *env[])
#endif
#if CVSS3_RATINGS == 1
printf ("CVSS3 severity ratings enabled\n");
#endif
#if COMPLIANCE_REPORTS == 1
printf ("Compliance reports enabled\n");
#endif
printf ("Copyright (C) 2009-2021 Greenbone AG\n");
printf ("License: AGPL-3.0-or-later\n");
Expand Down
15 changes: 12 additions & 3 deletions src/manage.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -838,6 +838,9 @@ set_task_hosts_ordering (task_t, const char *);
void
set_task_scanner (task_t, scanner_t);

int
task_usage_type (task_t, char**);

void
set_task_usage_type (task_t, const char *);

Expand Down Expand Up @@ -1328,7 +1331,7 @@ gboolean
report_task (report_t, task_t*);

void
report_compliance_by_uuid (const char *, int *, int *, int *);
report_compliance_by_uuid (const char *, int *, int *, int *, int *);

int
report_scan_result_count (report_t, const char*, const char*, int, const char*,
Expand Down Expand Up @@ -1553,6 +1556,9 @@ result_iterator_cert_bunds (iterator_t*);
gchar **
result_iterator_dfn_certs (iterator_t*);

const char *
result_iterator_compliance (iterator_t*);

const char *
result_iterator_delta_state (iterator_t*);

Expand All @@ -1565,6 +1571,9 @@ result_iterator_delta_severity (iterator_t*);
double
result_iterator_delta_severity_double (iterator_t*);

const char *
result_iterator_delta_compliance (iterator_t*);

const char*
result_iterator_delta_level (iterator_t*);

Expand Down Expand Up @@ -1724,8 +1733,8 @@ manage_filter_controls (const gchar *, int *, int *, gchar **, int *);

void
manage_report_filter_controls (const gchar *, int *, int *, gchar **, int *,
int *, gchar **, gchar **, gchar **, gchar **,
int *, int *, int *, int *, gchar **);
int *, gchar **, gchar **, gchar **, gchar **,
gchar **, int *, int *, int *, int *, gchar **);

gchar *
manage_clean_filter (const gchar *);
Expand Down
41 changes: 40 additions & 1 deletion src/manage_pg.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -895,7 +895,46 @@
"$$ LANGUAGE plpgsql"
" IMMUTABLE;");

/* Functions in SQL. */
sql ("CREATE OR REPLACE FUNCTION report_compliance_status ("

Check warning on line 898 in src/manage_pg.c

View check run for this annotation

Codecov / codecov/patch

src/manage_pg.c#L898 

Added line #L898 was not covered by tests
" report_id integer)"
"RETURNS text AS $$ "
"BEGIN"
" CASE"
" WHEN (SELECT count(*) FROM results"
" WHERE report = report_id"
" AND description LIKE 'Compliant:%%NO%%') > 0"
" THEN RETURN 'no';"
" WHEN (SELECT count(*) FROM results"
" WHERE report = report_id"
" AND description LIKE 'Compliant:%%INCOMPLETE%%') > 0"
" THEN RETURN 'incomplete';"
" WHEN (SELECT count(*) FROM results"
" WHERE report = report_id"
" AND description LIKE 'Compliant:%%YES%%') > 0"
" THEN RETURN 'yes';"
" ELSE RETURN 'undefined';"
" END CASE;"
"END;"
"$$ LANGUAGE plpgsql"
" IMMUTABLE;");

sql ("CREATE OR REPLACE FUNCTION report_compliance_count ("

Check warning on line 921 in src/manage_pg.c

View check run for this annotation

Codecov / codecov/patch

src/manage_pg.c#L921 

Added line #L921 was not covered by tests
" report_id integer,"
" compliance text)"
" RETURNS integer AS $$"
" DECLARE count integer := 0;"
" BEGIN"
" WITH compliance_count AS"
" (SELECT count(*) AS total FROM results WHERE report = report_id"
" AND description LIKE 'Compliant:%%' || compliance || '%%')"
" SELECT total FROM compliance_count"
" INTO count;"
" RETURN count;"
" END;"
" $$ LANGUAGE plpgsql"
" IMMUTABLE;");

/* Functions in SQL. */

if (sql_int ("SELECT (EXISTS (SELECT * FROM information_schema.tables"
" WHERE table_catalog = '%s'"
Expand Down
Loading
Loading