> > The detection NVT is using the host details to pass info about the result
> > to the Manager. ??I wonder if this is going to work in all cases. ??For
> > example, when an NVT detects multiple versions of a program. ??Will the
> > Manager be able to tell which detection result is associated with which
> > vulnerability result? ??Also I wonder if the host details can be used this
> > way in general, to pass result-specific info (as opposed to host-specific
> > info).
> >
> In the proposed implementation I assume that every (CPE, location)
> combo is unique for a host. The 'detected_at' and 'detectec_by' host
> details help selecting the correct result. In case several ones are
> available (multiple instances of a same product detected) I filter
> with the presence of the location in the port or the description. This
> should work in any case, provided the detection script explicitly
> reports the location.
OK, I understand a bit better.
> > This is why I'm asking on openvas-plugins if we need a result details
> > concept analogous to the host details.
> >
> > From what I understand, a result detail would provide a direct way for
> > Henri's patch to present the location and product to clients in this
> > situation, instead of Manager having to dig around for this special case.
> >
> That would probably be cleaner and more efficient, but more intrusive.
> That could also prevent from bloating the host details (that reach the
> user) with some information originating from the scanner and intended
> to the manager only.
Yes, host details could get big if a host has many results.
I was thinking about having it like this in OMP.
<detection>
<result id="%s">
<details>
<detail>
<name>product</name>
<value>%s</value>
</detail>
<detail>
<name>location</name>
<value>%s</value>
</detail>
</details>
...
</result>
</detection>
We could easily have this on the Manager side for now.
Will be interesting to see if there will be other cases that require these
result details.
I wonder if there's a minimally intrusive way to associate the result and
"result detail" on the Scanner side.
I thought of recording the sequence number of results in the Scanner. Then
the current result would have an ID which could link it to the details
(like ResultDetails/Result/ID/detail_name/value). Manager could keep count
of the incoming results to know their position in the sequence, and hence
their ID. Maybe this could be done easily on the Scanner side by storing
something like "current_sequence_number" in the kb or globals. It could
get intrusive though.
--
Greenbone Networks GmbH
Neuer Graben 17, 49074 Osnabrueck, Germany | AG Osnabrueck, HR B 202460
Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner
_______________________________________________
Openvas-devel mailing list
Openvas-devel@wald.intevation.org
http://lists.wald.intevation.org/mailman/listinfo/openvas-devel
