Merge remote-tracking branch 'origin/main' into gmp-doc-get-aggregate…

…s-overall-text-col
greenbone · Jul 16, 2024 · 42ae156 · 42ae156
2 parents d3ee908 + 77cfcbd
commit 42ae156
Show file tree

Hide file tree

Showing 16 changed files with 667 additions and 63 deletions.
diff --git a/.github/workflows/build-and-test.yml b/.github/workflows/build-and-test.yml
@@ -48,11 +48,24 @@ jobs:
     runs-on: ubuntu-latest
     container: ${{ vars.IMAGE_REGISTRY }}/greenbone/gvmd-build:stable
     steps:
+      - name: Install git for Codecov uploader
+        run: |
+          apt update
+          apt install --no-install-recommends -y ca-certificates git
+          rm -rf /var/lib/apt/lists/*
       - name: Check out gvmd
         uses: actions/checkout@v4
+      - name: Set git safe.directory
+        run: git config --global --add safe.directory '*'
       - name: Build gvmd
         run: |
           cmake -B build -DCMAKE_BUILD_TYPE=Debug -DENABLE_COVERAGE=1
           cmake --build build
       - name: Configure and run tests
         run: CTEST_OUTPUT_ON_FAILURE=1 cmake --build build -- tests test
+      - name: Upload test coverage to Codecov
+        uses: codecov/codecov-action@v4
+        with:
+          file: build/coverage/coverage.xml
+          token: ${{ secrets.CODECOV_TOKEN }}
+          flags: unittests
diff --git a/.github/workflows/build-container.yml b/.github/workflows/build-container.yml
@@ -52,7 +52,7 @@ jobs:
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
       - name: Build and push
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
         with:
           context: .
           push: true

diff --git a/.github/workflows/build-docs.yml b/.github/workflows/build-docs.yml
@@ -12,6 +12,8 @@ jobs:
     steps:
       - name: Run the c lang coverage action
         uses: greenbone/actions/doc-coverage-clang@v3
+        with:
+          token: ${{ secrets.CODECOV_TOKEN }}
 
   build-gmp-doc:
     name: Build GMP documentation

diff --git a/.github/workflows/container.yml b/.github/workflows/container.yml
@@ -75,7 +75,7 @@ jobs:
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
       - name: Build and push Container image
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
         with:
           context: .
           push: ${{ github.event_name != 'pull_request' && (github.ref_type == 'tag' || github.ref_name == 'main') }}

diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -236,9 +236,17 @@ if (NOT GVM_DEFAULT_DROP_USER)
 endif (NOT GVM_DEFAULT_DROP_USER)
 
 
+# Feature toggles
 if (NOT OPENVASD)
   set (OPENVASD 0)
 endif (NOT OPENVASD)
+add_definitions (-DOPENVASD=${OPENVASD})
+
+if (NOT CVSS3_RATINGS)
+  set (CVSS3_RATINGS 0)
+endif (NOT CVSS3_RATINGS)
+add_definitions (-DCVSS3_RATINGS=${CVSS3_RATINGS})
+
 
 message ("-- Install prefix: ${CMAKE_INSTALL_PREFIX}")
 
@@ -259,16 +267,22 @@ configure_file (tools/greenbone-scapdata-sync.in tools/greenbone-scapdata-sync @
 configure_file (tools/greenbone-certdata-sync.in tools/greenbone-certdata-sync @ONLY)
 configure_file (tools/gvm-manage-certs.in tools/gvm-manage-certs @ONLY)
 
+## Code coverage
+
+OPTION (ENABLE_COVERAGE "Enable support for coverage analysis" OFF)
+if (ENABLE_COVERAGE)
+  set (COVERAGE_FLAGS "--coverage -ftest-coverage -fprofile-arcs")
+  set (COVERAGE_DIR "${CMAKE_BINARY_DIR}/coverage")
+  file (MAKE_DIRECTORY ${COVERAGE_DIR})
+  message ("-- Code Coverage enabled")
+endif (ENABLE_COVERAGE)
+
 ## Testing
 
 enable_testing ()
 
 ## Program
 
-if (ENABLE_COVERAGE)
-  set (COVERAGE_FLAGS "--coverage")
-endif (ENABLE_COVERAGE)
-
 if (DEBUG_FUNCTION_NAMES)
   # The excluded functions are for update_nvti_cache, which fills the log
   # quickly.  Hopefully this internal NVTi cache is removed soon.
@@ -280,7 +294,7 @@ set (HARDENING_FLAGS            "-Wformat -Wformat-security -D_FORTIFY_SOURCE=2
 set (LINKER_HARDENING_FLAGS     "-Wl,-z,relro -Wl,-z,now")
 
 # To find unused functions, add: -flto -fwhole-program -ffunction-sections -Wl,--gc-sections -Wl,--print-gc-sections
-set (CMAKE_C_FLAGS              "${CMAKE_C_FLAGS} -Wall -D_BSD_SOURCE -D_ISOC99_SOURCE -D_SVID_SOURCE -D_DEFAULT_SOURCE -D_FILE_OFFSET_BITS=64 -DOPENVASD=${OPENVASD}")
+set (CMAKE_C_FLAGS              "${CMAKE_C_FLAGS} -Wall -D_BSD_SOURCE -D_ISOC99_SOURCE -D_SVID_SOURCE -D_DEFAULT_SOURCE -D_FILE_OFFSET_BITS=64 ${COVERAGE_FLAGS}")
 
 set (CMAKE_C_FLAGS_DEBUG        "${CMAKE_C_FLAGS_DEBUG} -Werror -Wshadow ${COVERAGE_FLAGS} ${DEBUG_FUNCTION_NAMES_FLAGS}")
 set (CMAKE_C_FLAGS_RELEASE      "${CMAKE_C_FLAGS_RELEASE} ${HARDENING_FLAGS} ${COVERAGE_FLAGS}")

diff --git a/README.md b/README.md
@@ -3,7 +3,6 @@
 # Greenbone Vulnerability Manager
 
 [![GitHub releases](https://img.shields.io/github/release/greenbone/gvmd.svg)](https://github.com/greenbone/gvmd/releases)
-[![Code Documentation Coverage](https://img.shields.io/codecov/c/github/greenbone/gvmd.svg?label=Documentation%20Coverage&logo=codecov)](https://codecov.io/gh/greenbone/gvmd)
 [![Build and Test](https://github.com/greenbone/gvmd/actions/workflows/build-and-test.yml/badge.svg)](https://github.com/greenbone/gvmd/actions/workflows/build-and-test.yml)
 [![Docker Pulls](https://img.shields.io/docker/pulls/greenbone/gvmd.svg)](https://hub.docker.com/r/greenbone/gvmd/)
 [![Docker Image Size](https://img.shields.io/docker/image-size/greenbone/gvmd.svg?maxAge=2592000)](https://hub.docker.com/r/greenbone/gvmd/)

diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
@@ -262,6 +262,21 @@ add_custom_target (tests
                    DEPENDS
                    gmp-tickets-test manage-test manage-sql-test manage-utils-test utils-test)
 
+if (ENABLE_COVERAGE)
+  add_custom_target (coverage-html
+                     COMMAND gcovr --html-details ${COVERAGE_DIR}/coverage.html
+                     -r ${CMAKE_SOURCE_DIR} ${CMAKE_BINARY_DIR})
+  add_custom_target (coverage-xml
+                     COMMAND gcovr --xml ${COVERAGE_DIR}/coverage.xml
+                     -r ${CMAKE_SOURCE_DIR} ${CMAKE_BINARY_DIR})
+  add_custom_target (coverage DEPENDS coverage-xml coverage-html)
+endif (ENABLE_COVERAGE)
+
+add_custom_target (clean-coverage
+                   COMMAND find . -name *.gcda -delete -or -name *.gcno -delete
+                   COMMAND rm -f ${COVERAGE_DIR}/*)
+
+
 add_executable (gvmd
                 main.c gvmd.c
                 debug_utils.c

diff --git a/src/gmp.c b/src/gmp.c
@@ -4360,6 +4360,7 @@ typedef enum
   CLIENT_GET_ASSETS,
   CLIENT_GET_CONFIGS,
   CLIENT_GET_CREDENTIALS,
+  CLIENT_GET_FEATURES,
   CLIENT_GET_FEEDS,
   CLIENT_GET_FILTERS,
   CLIENT_GET_GROUPS,
@@ -5295,6 +5296,10 @@ gmp_xml_handle_start_element (/* unused */ GMarkupParseContext* context,
                               &get_credentials_data->format);
             set_client_state (CLIENT_GET_CREDENTIALS);
           }
+        else if (strcasecmp ("GET_FEATURES", element_name) == 0)
+          {
+            set_client_state (CLIENT_GET_FEATURES);
+          }
         else if (strcasecmp ("GET_FEEDS", element_name) == 0)
           {
             append_attribute (attribute_names, attribute_values, "type",
@@ -9103,6 +9108,42 @@ results_xml_append_cert (GString *buffer, iterator_t *results, const char *oid,
     }
 }
 
+/**
+ * @brief Append an EPSS info element to a results XML buffer.
+ *
+ * @param[in]  results  Results iterator.
+ * @param[in]  buffer   XML buffer to add to.
+ */
+static void
+results_xml_append_epss (iterator_t *results, GString *buffer)
+{
+  buffer_xml_append_printf (buffer,
+                            "<epss>"
+                            "<max_severity>"
+                            "<score>%0.5f</score>"
+                            "<percentile>%0.5f</percentile>"
+                            "<cve id=\"%s\">"
+                            "<severity>%0.1f</severity>"
+                            "</cve>"
+                            "</max_severity>"
+                            "<max_epss>"
+                            "<score>%0.5f</score>"
+                            "<percentile>%0.5f</percentile>"
+                            "<cve id=\"%s\">"
+                            "<severity>%0.1f</severity>"
+                            "</cve>"
+                            "</max_epss>"
+                            "</epss>",
+                            result_iterator_epss_score (results),
+                            result_iterator_epss_percentile (results),
+                            result_iterator_epss_cve (results),
+                            result_iterator_epss_severity (results),
+                            result_iterator_max_epss_score (results),
+                            result_iterator_max_epss_percentile (results),
+                            result_iterator_max_epss_cve (results),
+                            result_iterator_max_epss_severity (results));
+}
+
 /**
  * @brief Append an NVT element to an XML buffer.
  *
@@ -9133,14 +9174,19 @@ results_xml_append_nvt (iterator_t *results, GString *buffer, int cert_loaded)
                                     "<severities score=\"%s\">"
                                     "</severities>"
                                     "<cpe id='%s'/>"
-                                    "<cve>%s</cve>"
-                                    "</nvt>",
+                                    "<cve>%s</cve>",
                                     oid,
                                     oid,
                                     severity ? severity : "",
                                     severity ? severity : "",
                                     result_iterator_port (results),
                                     oid);
+
+          if (result_iterator_epss_cve (results))
+            results_xml_append_epss (results, buffer);
+
+          buffer_xml_append_printf (buffer, "</nvt>");
+
           g_free (severity);
           return;
         }
@@ -9280,6 +9326,9 @@ results_xml_append_nvt (iterator_t *results, GString *buffer, int cert_loaded)
               buffer_xml_append_printf (buffer, "/>");
           }
 
+        if (result_iterator_epss_cve (results))
+          results_xml_append_epss (results, buffer);
+
         first = 1;
         xml_append_nvt_refs (buffer, result_iterator_nvt_oid (results),
                              &first);
@@ -11670,7 +11719,6 @@ handle_get_assets (gmp_parser_t *gmp_parser, GError **error)
       gchar *routes_xml;
 
       asset = get_iterator_resource (&assets);
-      /* Assets are currently always writable. */
       if (send_get_common ("asset", &get_assets_data->get, &assets,
                            gmp_parser->client_writer,
                            gmp_parser->client_writer_data,
@@ -12879,6 +12927,32 @@ get_feed (gmp_parser_t *gmp_parser, GError **error, int feed_type)
   SEND_TO_CLIENT_OR_FAIL ("</feed>");
 }
 
+/**
+ * @brief Handle end of GET_FEATURES element.
+ *
+ * @param[in]  gmp_parser   GMP parser.
+ * @param[in]  error        Error parameter.
+ */
+static void
+handle_get_features (gmp_parser_t *gmp_parser, GError **error)
+{
+  SEND_TO_CLIENT_OR_FAIL ("<get_features_response"
+                          " status=\"" STATUS_OK "\""
+                          " status_text=\"" STATUS_OK_TEXT "\">");
+
+  SENDF_TO_CLIENT_OR_FAIL ("<feature enabled=\"%d\">"
+                           "<name>CVSS3_RATINGS</name>"
+                           "</feature>",
+                           CVSS3_RATINGS ? 1 : 0);
+
+  SENDF_TO_CLIENT_OR_FAIL ("<feature enabled=\"%d\">"
+                           "<name>OPENVASD</name>"
+                           "</feature>",
+                           OPENVASD ? 1 : 0);
+
+  SEND_TO_CLIENT_OR_FAIL ("</get_features_response>");
+}
+
 /**
  * @brief Handle end of GET_FEEDS element.
  *
@@ -19960,6 +20034,10 @@ gmp_xml_handle_end_element (/* unused */ GMarkupParseContext* context,
         handle_get_credentials (gmp_parser, error);
         break;
 
+      case CLIENT_GET_FEATURES:
+        handle_get_features (gmp_parser, error);
+        break;
+
       case CLIENT_GET_FEEDS:
         handle_get_feeds (gmp_parser, error);
         break;

diff --git a/src/gvmd.c b/src/gvmd.c
@@ -2302,6 +2302,9 @@ gvmd (int argc, char** argv, char *env[])
         }
 #if OPENVASD == 1
       printf ("OpenVASD is enabled\n");
+#endif
+#if CVSS3_RATINGS == 1
+      printf ("CVSS3 severity ratings enabled\n");
 #endif
       printf ("Copyright (C) 2009-2021 Greenbone AG\n");
       printf ("License: AGPL-3.0-or-later\n");

diff --git a/src/manage.h b/src/manage.h
@@ -1522,6 +1522,30 @@ result_iterator_may_have_overrides (iterator_t*);
 int
 result_iterator_may_have_tickets (iterator_t*);
 
+double
+result_iterator_epss_score (iterator_t*);
+
+double
+result_iterator_epss_percentile (iterator_t*);
+
+const char*
+result_iterator_epss_cve (iterator_t*);
+
+double
+result_iterator_epss_severity (iterator_t*);
+
+double
+result_iterator_max_epss_score (iterator_t*);
+
+double
+result_iterator_max_epss_percentile (iterator_t*);
+
+const char*
+result_iterator_max_epss_cve (iterator_t*);
+
+double
+result_iterator_max_epss_severity (iterator_t*);
+
 gchar **
 result_iterator_cert_bunds (iterator_t*);
 

diff --git a/src/manage_pg.c b/src/manage_pg.c
@@ -1806,6 +1806,59 @@ create_view_vulns ()
          " WHERE uuid in (SELECT * FROM used_nvts)");
 }
 
+/**
+ * @brief Create or replace the result_vt_epss view.
+ */
+void
+create_view_result_vt_epss ()
+{
+  sql ("DROP MATERIALIZED VIEW IF EXISTS result_vt_epss;");
+
+  if (sql_int ("SELECT EXISTS (SELECT * FROM information_schema.tables"
+               "               WHERE table_catalog = '%s'"
+               "               AND table_schema = 'scap'"
+               "               AND table_name = 'cves')"
+               " ::integer;",
+               sql_database ()))
+    sql ("CREATE MATERIALIZED VIEW result_vt_epss AS ("
+         "  SELECT cve AS vt_id,"
+         "    epss AS epss_score,"
+         "    percentile AS epss_percentile,"
+         "    cve AS epss_cve,"
+         "    cves.severity AS epss_severity,"
+         "    epss AS max_epss_score,"
+         "    percentile AS max_epss_percentile,"
+         "    cve AS max_epss_cve,"
+         "    cves.severity AS max_epss_severity"
+         "  FROM scap.epss_scores"
+         "  JOIN scap.cves ON cve = cves.uuid"
+         "  UNION ALL"
+         "  SELECT oid AS vt_id,"
+         "    epss_score,"
+         "    epss_percentile,"
+         "    epss_cve,"
+         "    epss_severity,"
+         "    max_epss_score,"
+         "    max_epss_percentile,"
+         "    max_epss_cve,"
+         "    max_epss_severity"
+         "  FROM nvts);");
+  else
+    sql ("CREATE MATERIALIZED VIEW result_vt_epss AS ("
+         "  SELECT oid AS vt_id,"
+         "    epss_score,"
+         "    epss_percentile,"
+         "    epss_cve,"
+         "    max_epss_score,"
+         "    max_epss_percentile,"
+         "    max_epss_cve"
+         "  FROM nvts);");
+
+  sql ("SELECT create_index ('result_vt_epss_by_vt_id',"
+       "                     'result_vt_epss', 'vt_id');");
+
+}
+
 
 
 #undef VULNS_RESULTS_WHERE
@@ -2997,6 +3050,8 @@ create_tables ()
 
   create_view_vulns ();
 
+  create_view_result_vt_epss ();
+
   /* Create indexes. */
 
   sql ("SELECT create_index ('config_preferences_by_config',"