Hello, I have been working with Jan-Oliver Wagner on implementing CR#57[1] to link vulnerability detection results to the corresponding product detection results. Please find the corresponding patches attached, for comments:
- The host details patch extends the register_product() function and exports a new one: get_app() - The first manager patch adds a detection section in the results, to correlate vulnerability detection results with the corresponding product detection result. - The second manager patch filters out some host details which are used by the scanner and the manager but that shouldn't end up in the final reports (that would be redundant as the information they carry is represented within the new detection blocks). - The GSA patch is a simple GUI improvement to visually represent this link between results. I have also added a modified NVT that makes use of the new system. We would like to get rid of the extra KB items that also represent the detected products, but they're required by the scheduler. Currently we don't have any clean solution for this. Regards. [1] http://openvas.org/openvas-cr-57.html -- Henri Doreau | Greenbone Networks GmbH | http://www.greenbone.net Neuer Graben 17, 49074 Osnabrueck, Germany | AG Osnabrueck, HR B 202460 Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner
Index: src/html/omp.xsl
===================================================================
--- src/html/omp.xsl (revision 12155)
+++ src/html/omp.xsl (working copy)
@@ -11898,6 +11898,21 @@
</xsl:choose>
</div>
</div>
+ <xsl:if test="count (detection)">
+ <div class="issue_box_box">
+ Product detection result:
+ <xsl:call-template name="get_info_cpe_lnk">
+ <xsl:with-param name="cpe" select="detection/result/details/detail[name = 'product']/value/text()"/>
+ </xsl:call-template>
+ by <a href="?cmd=get_nvts&oid={detection/result/details/detail[name = 'source_oid']/value/text()}&token={/envelope/token}">
+ <xsl:value-of select="detection/result/details/detail[name = 'source_name']/value/text()"/>
+ </a>
+ <a href="/omp?cmd=get_result&result_id={detection/result/@id}&apply_overrides={../../filters/apply_overrides}&task_id={../../task/@id}&name={../../task/name}&report_id={../../../report/@id}&delta_report_id={../../../report/delta/report/@id}&delta_states={../../filters/delta/text()}&first_result={../../../report/results/@start}&max_results={../../../report/results/@max}&levels={../../filters/text()}&search_phrase={../../filters/phrase}&notes={../../filters/notes}&overrides={../../filters/overrides}&apply_min_cvss_base={string-length (../../filters/min_cvss_base) > 0}&min_cvss_base={../../filters/min_cvss_base}&result_hosts_only={../../filters/result_hosts_only}&sort_field={../../sort/field/text()}&sort_order={../../sort/field/order}&token={/envelope/token}"
+ title="Product detection results" style="margin-left:6px;">
+ <img src="/img/details.png" border="0" alt="Details"/>
+ </a>
+ </div>
+ </xsl:if>
<div class="issue_box_box">
<xsl:if test="$details-button = 1">
<xsl:choose>
Index: src/manage_sql.c
===================================================================
--- src/manage_sql.c (revision 12155)
+++ src/manage_sql.c (working copy)
@@ -10970,6 +10970,75 @@
return 0;
}
+
+int
+result_detection_reference (result_t result, char **ref, char **product,
+ char **location, char **oid, char **name)
+{
+ char *report, *host;
+
+ if (!ref || !product || !location || !oid || !name)
+ return -1;
+
+ report = NULL;
+ host = NULL;
+
+ *ref = *product = *location = *oid = *name = NULL;
+
+ if ((report = sql_string (0, 0,
+ "SELECT report FROM report_results where result = %llu;",
+ result)) == NULL)
+ goto detect_cleanup;
+
+ if ((host = sql_string (0, 0,
+ "SELECT host FROM results where ROWID = %llu;",
+ result)) == NULL)
+ goto detect_cleanup;
+
+ if ((*oid = sql_string (0, 0,
+ "SELECT value FROM report_host_details WHERE report_host = ("
+ " SELECT ROWID FROM report_hosts WHERE report = %s AND host = '%s')"
+ " AND name = 'detected_by'"
+ " AND source_name = (SELECT nvt FROM results where ROWID = %llu);",
+ report, host, result)) == NULL)
+ goto detect_cleanup;
+
+ if ((*location = sql_string(0, 0,
+ "SELECT value FROM report_host_details WHERE report_host = ("
+ " SELECT ROWID FROM report_hosts WHERE report = %s AND host = '%s')"
+ " AND name = 'detected_at'"
+ " AND source_name = (SELECT nvt FROM results where ROWID = %llu);",
+ report, host, result)) == NULL)
+ goto detect_cleanup;
+
+ if ((*product = sql_string(0, 0,
+ "SELECT name FROM report_host_details WHERE report_host = ("
+ " SELECT ROWID FROM report_hosts WHERE report = %s AND host = '%s')"
+ " AND source_name = '%s'"
+ " AND value = '%s';",
+ report, host, *oid, *location)) == NULL)
+ goto detect_cleanup;
+
+ if ((*name = sql_string(0, 0, "SELECT name FROM nvts WHERE oid = '%s';", *oid)) == NULL)
+ goto detect_cleanup;
+
+ if ((*ref = sql_string (0, 0,
+ "SELECT uuid FROM results WHERE ROWID IN ("
+ " SELECT result FROM report_results WHERE report = %s)"
+ " AND host = '%s'"
+ " AND nvt = '%s'"
+ " AND (description LIKE '%%%s%%' OR port LIKE '%%%s%%');",
+ report, host, *oid, *location, *location)) == NULL)
+ goto detect_cleanup;
+
+detect_cleanup:
+ g_free (report);
+ g_free (host);
+
+ return (*ref && *product && *location && *oid && *name) ? 0 : -1;
+}
+
+
/* Prognostics. */
Index: src/omp.c
===================================================================
--- src/omp.c (revision 12155)
+++ src/omp.c (working copy)
@@ -8687,13 +8687,55 @@
const char *risk_factor = result_iterator_nvt_risk_factor (results);
const char *cve = result_iterator_nvt_cve (results);
const char *bid = result_iterator_nvt_bid (results);
+ result_t result = result_iterator_result (results);
char *uuid;
+ char *d_ref, *d_cpe, *d_loc, *d_oid, *d_name;
- result_uuid (result_iterator_result (results), &uuid);
+ result_uuid (result, &uuid);
+ buffer_xml_append_printf (buffer, "<result id=\"%s\">", uuid);
+
+
+ d_ref = d_cpe = d_loc = d_oid = d_name = NULL;
+ if (result_detection_reference (result, &d_ref, &d_cpe, &d_loc, &d_oid,
+ &d_name) == 0)
+ {
+ buffer_xml_append_printf (buffer,
+ "<detection>"
+ "<result id=\"%s\">"
+ "<details>",
+ d_ref);
+
+#define ADD_DETAIL(buff, dname, dvalue) do { \
+ buffer_xml_append_printf (buffer, \
+ "<detail>" \
+ "<name>%s</name>" \
+ "<value>%s</value>" \
+ "</detail>", \
+ dname, \
+ dvalue); \
+ } while (0)
+
+ ADD_DETAIL(buffer, "product", d_cpe);
+ ADD_DETAIL(buffer, "location", d_loc);
+ ADD_DETAIL(buffer, "source_oid", d_oid);
+ ADD_DETAIL(buffer, "source_name", d_name);
+
+#undef ADD_DETAIL
+
+ buffer_xml_append_printf (buffer,
+ "</details>"
+ "</result>"
+ "</detection>");
+ }
+ g_free (d_ref);
+ g_free (d_cpe);
+ g_free (d_loc);
+ g_free (d_oid);
+ g_free (d_name);
+
buffer_xml_append_printf
(buffer,
- "<result id=\"%s\">"
"<subnet>%s</subnet>"
"<host>%s</host>"
"<port>%s</port>"
@@ -8706,7 +8748,6 @@
"</nvt>"
"<threat>%s</threat>"
"<description>%s</description>",
- uuid,
result_iterator_subnet (results),
result_iterator_host (results),
result_iterator_port (results),
@@ -8728,11 +8769,11 @@
free (uuid);
if (include_notes)
- buffer_result_notes_xml (buffer, result_iterator_result (results),
+ buffer_result_notes_xml (buffer, result,
task, include_notes_details);
if (include_overrides)
- buffer_result_overrides_xml (buffer, result_iterator_result (results),
+ buffer_result_overrides_xml (buffer, result,
task, include_overrides_details);
if (delta_state || delta_results)
Index: src/manage.h
===================================================================
--- src/manage.h (revision 12155)
+++ src/manage.h (working copy)
@@ -638,6 +638,10 @@
int
result_uuid (result_t, /*@out@*/ char **);
+int
+result_detection_reference (result_t, char **, char **, char **, char **,
+ char **);
+
const char*
manage_result_type_threat (const char*);
--- src/manage_sql.c 2011-11-23 09:43:55.000000000 +0100
+++ src/manage_sql.c 2011-11-23 09:41:46.000000000 +0100
@@ -12750,7 +12750,8 @@
init_iterator (iterator,
"SELECT ROWID, name, value, source_type, source_name,"
" source_description"
- " FROM report_host_details WHERE report_host = %llu;",
+ " FROM report_host_details WHERE report_host = %llu"
+ " AND NOT name IN ('detected_at', 'detected_by');",
report_host);
}
--- /home/henri/openvas/openvas-plugins/scripts/host_details.inc 2011-11-28 14:11:59.116841844 +0100
+++ host_details.inc 2011-11-23 09:44:51.000000000 +0100
@@ -96,6 +96,7 @@
function register_product(cpe, location, nvt) {
register_host_detail(name:"App", value:cpe, nvt:nvt);
+ register_host_detail(name:cpe, value:location, nvt:nvt);
}
# provided for conveniency: host_details_list("OS")
@@ -134,6 +135,8 @@
report += xml_tagline(tag:'name', value:nvt);
if (!isnull(desc))
report += xml_tagline(tag:'description', value:desc);
+ else
+ report += '<description/>';
report += xml_close_tag(tag:'source');
report += xml_close_tag(tag:'detail');
}
@@ -225,6 +228,8 @@
desc = get_kb_item("HostDetails/NVT/" + oid);
if (!isnull(desc))
report += xml_tagline(tag:'description', value:desc);
+ else
+ report += '<description/>';
report += xml_close_tag(tag:'source');
report += xml_close_tag(tag:'detail');
@@ -264,6 +269,8 @@
desc = get_kb_item("HostDetails/NVT/" + oid);
if (!isnull(desc))
report += xml_tagline(tag:'description', value:desc);
+ else
+ report += '<description/>';
report += xml_close_tag(tag:'source');
report += xml_close_tag(tag:'detail');
@@ -317,3 +324,39 @@
return FALSE;
}
+function get_app(cpe, nvt) {
+ local_var infolist, oid, res, candidate_cpe;
+
+ infolist = host_details_list(key:"App");
+ if (isnull(infolist)) {
+ return NULL;
+ }
+
+ res = make_array();
+
+ foreach key (keys(infolist)) {
+ candidate_cpe = infolist[key];
+
+ if (eregmatch(pattern:cpe, string:candidate_cpe, icase:TRUE)) {
+ oid = eregmatch(pattern:"([0-9.]+)", string:key);
+ if (!isnull(oid)) {
+ oid = oid[1];
+
+ res["OID"] = oid;
+ res["CPE"] = candidate_cpe;
+
+ # Fork if several instances were detected (multiple locations)
+ location = get_kb_item("HostDetails/NVT/" + oid + "/" + candidate_cpe);
+ res["LOCATION"] = location;
+
+ # store relationship between scripts
+ register_host_detail(name:"detected_by", value:oid, nvt:nvt);
+ register_host_detail(name:"detected_at", value:location, nvt:nvt);
+
+ return res;
+ }
+ }
+ }
+
+ return NULL;
+}
gb_wireshark_mult_vuln_apr09_lin.nasl
Description: Binary data
_______________________________________________ Openvas-devel mailing list Openvas-devel@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-devel
