Hi, i've stumbled over this older mailing list post which seems to got lost back then in 2017.
> I've noticed that in many cases, the key name is very similar to the > InstallName value, apart from the '.mum' on the end, would it not be > better to just use the key name value for the 'egrep' ? While doing a review of the mentioned code part i have seen quite a lot room for improvements: It seems the only place where this collected info is used is the "hotfix_missing" function of secpod_reg.inc. As the mentioned function is only evaluating registry items matching the following pattern: "[P|p]ackage.?[0-9]*.?for.?KB.*" (which exists in each of the called registry keys and not only in the "InstallName" sub key) there is indeed absolutely no reason to do another request for the "InstallName" of each sub key (which could be quite a lot) and just use the previously enumerated item name instead. I've just commited some code changes related to secpod_reg_enum.nasl and some additional improvements to secpod_reg.inc into our SCM system a few minutes ago. Those changes should hit the feeds around Tuesday next week. > Not sure if this is the correct place to post about this, but let me > know if not. It was indeed the correct place back then in 2017. Starting from tomorrow (30.09.) the openvas-plugins is shut down [1] and we're happy to receive such reports in the "Vulnerability tests" category of the new community platform [2]. [1] http://lists.wald.intevation.org/pipermail/openvas-plugins/2018-August/001408.html [2] https://community.greenbone.net/c/vulnerability-tests Regards, -- Christian Fischer | PGP Key: 0x54F3CE5B76C597AD Greenbone Networks GmbH | https://www.greenbone.net Neumarkt 12, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner On 27.07.2017 11:50, Roger Davies wrote: > Hi > > Not sure if this is the correct place to post about this, but let me > know if not. > > I've noticed that a particular script; secpod_reg_enum.nasl; is taking > an innordinate length of time to complete. I have set the timeout to > various values and can get the script to complete, but this script alone > is taking over 12 minutes to run. > > So, I had a look at it. What it seems to do; and please correct me if > I'm wrong; is scan the registry and make a list of all entries in the > hotfix registry key, whatever that is. It then goes through that list, > one by one, and extracts the 'InstallName' key value for each. > > foreach item (registry_enum_keys(key:key)) > { > Name = registry_get_sz(key:key + item , item:"InstallName"); > if(egrep(pattern:"\KB[0-9]+", string:Name)) > { > path = key +item + Name ; > Name = str_replace(find:"\", replace:"/", string:path); > name = "SMB/Registry/HKLM/" + Name ; > set_kb_item(name:name, value:TRUE); > } > } > > I've noticed that in many cases, the key name is very similar to the > InstallName value, apart from the '.mum' on the end, would it not be > better to just use the key name value for the 'egrep' ? > > Regards > > Roger _______________________________________________ Openvas-plugins mailing list Openvas-plugins@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-plugins
