diff --git a/.github/workflows/build-and-test.yml b/.github/workflows/build-and-test.yml
index 175d4a263..470a23bb2 100644
--- a/.github/workflows/build-and-test.yml
+++ b/.github/workflows/build-and-test.yml
@@ -48,11 +48,24 @@ jobs:
runs-on: ubuntu-latest
container: ${{ vars.IMAGE_REGISTRY }}/greenbone/gvmd-build:stable
steps:
+ - name: Install git for Codecov uploader
+ run: |
+ apt update
+ apt install --no-install-recommends -y ca-certificates git
+ rm -rf /var/lib/apt/lists/*
- name: Check out gvmd
uses: actions/checkout@v4
+ - name: Set git safe.directory
+ run: git config --global --add safe.directory '*'
- name: Build gvmd
run: |
cmake -B build -DCMAKE_BUILD_TYPE=Debug -DENABLE_COVERAGE=1
cmake --build build
- name: Configure and run tests
run: CTEST_OUTPUT_ON_FAILURE=1 cmake --build build -- tests test
+ - name: Upload test coverage to Codecov
+ uses: codecov/codecov-action@v4
+ with:
+ file: build/coverage/coverage.xml
+ token: ${{ secrets.CODECOV_TOKEN }}
+ flags: unittests
diff --git a/.github/workflows/build-container.yml b/.github/workflows/build-container.yml
index b927fd34d..3133f6ced 100644
--- a/.github/workflows/build-container.yml
+++ b/.github/workflows/build-container.yml
@@ -52,7 +52,7 @@ jobs:
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build and push
- uses: docker/build-push-action@v5
+ uses: docker/build-push-action@v6
with:
context: .
push: true
diff --git a/.github/workflows/build-docs.yml b/.github/workflows/build-docs.yml
index 6557c2ab6..d4a8bb68d 100644
--- a/.github/workflows/build-docs.yml
+++ b/.github/workflows/build-docs.yml
@@ -12,6 +12,8 @@ jobs:
steps:
- name: Run the c lang coverage action
uses: greenbone/actions/doc-coverage-clang@v3
+ with:
+ token: ${{ secrets.CODECOV_TOKEN }}
build-gmp-doc:
name: Build GMP documentation
diff --git a/.github/workflows/container.yml b/.github/workflows/container.yml
index 88aa3ef3e..e59303eff 100644
--- a/.github/workflows/container.yml
+++ b/.github/workflows/container.yml
@@ -75,7 +75,7 @@ jobs:
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build and push Container image
- uses: docker/build-push-action@v5
+ uses: docker/build-push-action@v6
with:
context: .
push: ${{ github.event_name != 'pull_request' && (github.ref_type == 'tag' || github.ref_name == 'main') }}
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 4831fd2ca..cf44b15e4 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -236,9 +236,17 @@ if (NOT GVM_DEFAULT_DROP_USER)
endif (NOT GVM_DEFAULT_DROP_USER)
+# Feature toggles
if (NOT OPENVASD)
set (OPENVASD 0)
endif (NOT OPENVASD)
+add_definitions (-DOPENVASD=${OPENVASD})
+
+if (NOT CVSS3_RATINGS)
+ set (CVSS3_RATINGS 0)
+endif (NOT CVSS3_RATINGS)
+add_definitions (-DCVSS3_RATINGS=${CVSS3_RATINGS})
+
message ("-- Install prefix: ${CMAKE_INSTALL_PREFIX}")
@@ -259,16 +267,22 @@ configure_file (tools/greenbone-scapdata-sync.in tools/greenbone-scapdata-sync @
configure_file (tools/greenbone-certdata-sync.in tools/greenbone-certdata-sync @ONLY)
configure_file (tools/gvm-manage-certs.in tools/gvm-manage-certs @ONLY)
+## Code coverage
+
+OPTION (ENABLE_COVERAGE "Enable support for coverage analysis" OFF)
+if (ENABLE_COVERAGE)
+ set (COVERAGE_FLAGS "--coverage -ftest-coverage -fprofile-arcs")
+ set (COVERAGE_DIR "${CMAKE_BINARY_DIR}/coverage")
+ file (MAKE_DIRECTORY ${COVERAGE_DIR})
+ message ("-- Code Coverage enabled")
+endif (ENABLE_COVERAGE)
+
## Testing
enable_testing ()
## Program
-if (ENABLE_COVERAGE)
- set (COVERAGE_FLAGS "--coverage")
-endif (ENABLE_COVERAGE)
-
if (DEBUG_FUNCTION_NAMES)
# The excluded functions are for update_nvti_cache, which fills the log
# quickly. Hopefully this internal NVTi cache is removed soon.
@@ -280,7 +294,7 @@ set (HARDENING_FLAGS "-Wformat -Wformat-security -D_FORTIFY_SOURCE=2
set (LINKER_HARDENING_FLAGS "-Wl,-z,relro -Wl,-z,now")
# To find unused functions, add: -flto -fwhole-program -ffunction-sections -Wl,--gc-sections -Wl,--print-gc-sections
-set (CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -D_BSD_SOURCE -D_ISOC99_SOURCE -D_SVID_SOURCE -D_DEFAULT_SOURCE -D_FILE_OFFSET_BITS=64 -DOPENVASD=${OPENVASD}")
+set (CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -D_BSD_SOURCE -D_ISOC99_SOURCE -D_SVID_SOURCE -D_DEFAULT_SOURCE -D_FILE_OFFSET_BITS=64 ${COVERAGE_FLAGS}")
set (CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} -Werror -Wshadow ${COVERAGE_FLAGS} ${DEBUG_FUNCTION_NAMES_FLAGS}")
set (CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS_RELEASE} ${HARDENING_FLAGS} ${COVERAGE_FLAGS}")
diff --git a/README.md b/README.md
index 2b48ad1c1..b64e6f90b 100644
--- a/README.md
+++ b/README.md
@@ -3,7 +3,6 @@
# Greenbone Vulnerability Manager
[![GitHub releases](https://img.shields.io/github/release/greenbone/gvmd.svg)](https://github.com/greenbone/gvmd/releases)
-[![Code Documentation Coverage](https://img.shields.io/codecov/c/github/greenbone/gvmd.svg?label=Documentation%20Coverage&logo=codecov)](https://codecov.io/gh/greenbone/gvmd)
[![Build and Test](https://github.com/greenbone/gvmd/actions/workflows/build-and-test.yml/badge.svg)](https://github.com/greenbone/gvmd/actions/workflows/build-and-test.yml)
[![Docker Pulls](https://img.shields.io/docker/pulls/greenbone/gvmd.svg)](https://hub.docker.com/r/greenbone/gvmd/)
[![Docker Image Size](https://img.shields.io/docker/image-size/greenbone/gvmd.svg?maxAge=2592000)](https://hub.docker.com/r/greenbone/gvmd/)
diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
index c075bdbdb..2f27baf66 100644
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@@ -262,6 +262,21 @@ add_custom_target (tests
DEPENDS
gmp-tickets-test manage-test manage-sql-test manage-utils-test utils-test)
+if (ENABLE_COVERAGE)
+ add_custom_target (coverage-html
+ COMMAND gcovr --html-details ${COVERAGE_DIR}/coverage.html
+ -r ${CMAKE_SOURCE_DIR} ${CMAKE_BINARY_DIR})
+ add_custom_target (coverage-xml
+ COMMAND gcovr --xml ${COVERAGE_DIR}/coverage.xml
+ -r ${CMAKE_SOURCE_DIR} ${CMAKE_BINARY_DIR})
+ add_custom_target (coverage DEPENDS coverage-xml coverage-html)
+endif (ENABLE_COVERAGE)
+
+add_custom_target (clean-coverage
+ COMMAND find . -name *.gcda -delete -or -name *.gcno -delete
+ COMMAND rm -f ${COVERAGE_DIR}/*)
+
+
add_executable (gvmd
main.c gvmd.c
debug_utils.c
diff --git a/src/gmp.c b/src/gmp.c
index 0e8fda239..f98cc69f6 100644
--- a/src/gmp.c
+++ b/src/gmp.c
@@ -4360,6 +4360,7 @@ typedef enum
CLIENT_GET_ASSETS,
CLIENT_GET_CONFIGS,
CLIENT_GET_CREDENTIALS,
+ CLIENT_GET_FEATURES,
CLIENT_GET_FEEDS,
CLIENT_GET_FILTERS,
CLIENT_GET_GROUPS,
@@ -5295,6 +5296,10 @@ gmp_xml_handle_start_element (/* unused */ GMarkupParseContext* context,
&get_credentials_data->format);
set_client_state (CLIENT_GET_CREDENTIALS);
}
+ else if (strcasecmp ("GET_FEATURES", element_name) == 0)
+ {
+ set_client_state (CLIENT_GET_FEATURES);
+ }
else if (strcasecmp ("GET_FEEDS", element_name) == 0)
{
append_attribute (attribute_names, attribute_values, "type",
@@ -9103,6 +9108,42 @@ results_xml_append_cert (GString *buffer, iterator_t *results, const char *oid,
}
}
+/**
+ * @brief Append an EPSS info element to a results XML buffer.
+ *
+ * @param[in] results Results iterator.
+ * @param[in] buffer XML buffer to add to.
+ */
+static void
+results_xml_append_epss (iterator_t *results, GString *buffer)
+{
+ buffer_xml_append_printf (buffer,
+ ""
+ ""
+ "%0.5f"
+ "%0.5f"
+ ""
+ "%0.1f"
+ ""
+ ""
+ ""
+ "%0.5f"
+ "%0.5f"
+ ""
+ "%0.1f"
+ ""
+ ""
+ "",
+ result_iterator_epss_score (results),
+ result_iterator_epss_percentile (results),
+ result_iterator_epss_cve (results),
+ result_iterator_epss_severity (results),
+ result_iterator_max_epss_score (results),
+ result_iterator_max_epss_percentile (results),
+ result_iterator_max_epss_cve (results),
+ result_iterator_max_epss_severity (results));
+}
+
/**
* @brief Append an NVT element to an XML buffer.
*
@@ -9133,14 +9174,19 @@ results_xml_append_nvt (iterator_t *results, GString *buffer, int cert_loaded)
""
""
""
- "%s"
- "",
+ "%s",
oid,
oid,
severity ? severity : "",
severity ? severity : "",
result_iterator_port (results),
oid);
+
+ if (result_iterator_epss_cve (results))
+ results_xml_append_epss (results, buffer);
+
+ buffer_xml_append_printf (buffer, "");
+
g_free (severity);
return;
}
@@ -9280,6 +9326,9 @@ results_xml_append_nvt (iterator_t *results, GString *buffer, int cert_loaded)
buffer_xml_append_printf (buffer, "/>");
}
+ if (result_iterator_epss_cve (results))
+ results_xml_append_epss (results, buffer);
+
first = 1;
xml_append_nvt_refs (buffer, result_iterator_nvt_oid (results),
&first);
@@ -11670,7 +11719,6 @@ handle_get_assets (gmp_parser_t *gmp_parser, GError **error)
gchar *routes_xml;
asset = get_iterator_resource (&assets);
- /* Assets are currently always writable. */
if (send_get_common ("asset", &get_assets_data->get, &assets,
gmp_parser->client_writer,
gmp_parser->client_writer_data,
@@ -12879,6 +12927,32 @@ get_feed (gmp_parser_t *gmp_parser, GError **error, int feed_type)
SEND_TO_CLIENT_OR_FAIL ("");
}
+/**
+ * @brief Handle end of GET_FEATURES element.
+ *
+ * @param[in] gmp_parser GMP parser.
+ * @param[in] error Error parameter.
+ */
+static void
+handle_get_features (gmp_parser_t *gmp_parser, GError **error)
+{
+ SEND_TO_CLIENT_OR_FAIL ("");
+
+ SENDF_TO_CLIENT_OR_FAIL (""
+ "CVSS3_RATINGS"
+ "",
+ CVSS3_RATINGS ? 1 : 0);
+
+ SENDF_TO_CLIENT_OR_FAIL (""
+ "OPENVASD"
+ "",
+ OPENVASD ? 1 : 0);
+
+ SEND_TO_CLIENT_OR_FAIL ("");
+}
+
/**
* @brief Handle end of GET_FEEDS element.
*
@@ -19960,6 +20034,10 @@ gmp_xml_handle_end_element (/* unused */ GMarkupParseContext* context,
handle_get_credentials (gmp_parser, error);
break;
+ case CLIENT_GET_FEATURES:
+ handle_get_features (gmp_parser, error);
+ break;
+
case CLIENT_GET_FEEDS:
handle_get_feeds (gmp_parser, error);
break;
diff --git a/src/gvmd.c b/src/gvmd.c
index d2492c407..4ffdab4e8 100644
--- a/src/gvmd.c
+++ b/src/gvmd.c
@@ -2302,6 +2302,9 @@ gvmd (int argc, char** argv, char *env[])
}
#if OPENVASD == 1
printf ("OpenVASD is enabled\n");
+#endif
+#if CVSS3_RATINGS == 1
+ printf ("CVSS3 severity ratings enabled\n");
#endif
printf ("Copyright (C) 2009-2021 Greenbone AG\n");
printf ("License: AGPL-3.0-or-later\n");
diff --git a/src/manage.h b/src/manage.h
index ce3a5ea6d..9e7bbbce9 100644
--- a/src/manage.h
+++ b/src/manage.h
@@ -1522,6 +1522,30 @@ result_iterator_may_have_overrides (iterator_t*);
int
result_iterator_may_have_tickets (iterator_t*);
+double
+result_iterator_epss_score (iterator_t*);
+
+double
+result_iterator_epss_percentile (iterator_t*);
+
+const char*
+result_iterator_epss_cve (iterator_t*);
+
+double
+result_iterator_epss_severity (iterator_t*);
+
+double
+result_iterator_max_epss_score (iterator_t*);
+
+double
+result_iterator_max_epss_percentile (iterator_t*);
+
+const char*
+result_iterator_max_epss_cve (iterator_t*);
+
+double
+result_iterator_max_epss_severity (iterator_t*);
+
gchar **
result_iterator_cert_bunds (iterator_t*);
diff --git a/src/manage_pg.c b/src/manage_pg.c
index 19d3463f7..8c691994e 100644
--- a/src/manage_pg.c
+++ b/src/manage_pg.c
@@ -1806,6 +1806,59 @@ create_view_vulns ()
" WHERE uuid in (SELECT * FROM used_nvts)");
}
+/**
+ * @brief Create or replace the result_vt_epss view.
+ */
+void
+create_view_result_vt_epss ()
+{
+ sql ("DROP MATERIALIZED VIEW IF EXISTS result_vt_epss;");
+
+ if (sql_int ("SELECT EXISTS (SELECT * FROM information_schema.tables"
+ " WHERE table_catalog = '%s'"
+ " AND table_schema = 'scap'"
+ " AND table_name = 'cves')"
+ " ::integer;",
+ sql_database ()))
+ sql ("CREATE MATERIALIZED VIEW result_vt_epss AS ("
+ " SELECT cve AS vt_id,"
+ " epss AS epss_score,"
+ " percentile AS epss_percentile,"
+ " cve AS epss_cve,"
+ " cves.severity AS epss_severity,"
+ " epss AS max_epss_score,"
+ " percentile AS max_epss_percentile,"
+ " cve AS max_epss_cve,"
+ " cves.severity AS max_epss_severity"
+ " FROM scap.epss_scores"
+ " JOIN scap.cves ON cve = cves.uuid"
+ " UNION ALL"
+ " SELECT oid AS vt_id,"
+ " epss_score,"
+ " epss_percentile,"
+ " epss_cve,"
+ " epss_severity,"
+ " max_epss_score,"
+ " max_epss_percentile,"
+ " max_epss_cve,"
+ " max_epss_severity"
+ " FROM nvts);");
+ else
+ sql ("CREATE MATERIALIZED VIEW result_vt_epss AS ("
+ " SELECT oid AS vt_id,"
+ " epss_score,"
+ " epss_percentile,"
+ " epss_cve,"
+ " max_epss_score,"
+ " max_epss_percentile,"
+ " max_epss_cve"
+ " FROM nvts);");
+
+ sql ("SELECT create_index ('result_vt_epss_by_vt_id',"
+ " 'result_vt_epss', 'vt_id');");
+
+}
+
#undef VULNS_RESULTS_WHERE
@@ -2997,6 +3050,8 @@ create_tables ()
create_view_vulns ();
+ create_view_result_vt_epss ();
+
/* Create indexes. */
sql ("SELECT create_index ('config_preferences_by_config',"
diff --git a/src/manage_sql.c b/src/manage_sql.c
index e6a7e72c1..100030655 100644
--- a/src/manage_sql.c
+++ b/src/manage_sql.c
@@ -5266,7 +5266,7 @@ append_column (GArray *columns, const gchar *column_name,
* resource.
*
* @return 0 success, 1 failed to find resource, 2 failed to find filter,
- * 3 invalid stat_column, 4 invalid group_column, 5 invalid type,
+ * 3 invalid data_column, 4 invalid group_column, 5 invalid type,
* 6 trashcan not used by type, 7 invalid text column, 8 invalid
* subgroup_column, -1 error.
*/
@@ -22198,7 +22198,8 @@ where_qod (int min_qod)
"description", "task", "report", "cvss_base", "nvt_version", \
"severity", "original_severity", "vulnerability", "date", "report_id", \
"solution_type", "qod", "qod_type", "task_id", "cve", "hostname", \
- "path", "compliant", NULL }
+ "path", "compliant", "epss_score", "epss_percentile", "max_epss_score", \
+ "max_epss_percentile", NULL }
// TODO Combine with RESULT_ITERATOR_COLUMNS.
/**
@@ -22497,6 +22498,32 @@ where_qod (int min_qod)
" 'undefined')", \
"compliant", \
KEYWORD_TYPE_STRING }, \
+ /* ^ 45 = 35 */ \
+ { "coalesce (result_vt_epss.epss_score, 0.0)", \
+ "epss_score", \
+ KEYWORD_TYPE_DOUBLE }, \
+ { "coalesce (result_vt_epss.epss_percentile, 0.0)", \
+ "epss_percentile", \
+ KEYWORD_TYPE_DOUBLE }, \
+ { "result_vt_epss.epss_cve", \
+ "epss_cve", \
+ KEYWORD_TYPE_STRING }, \
+ { "coalesce (result_vt_epss.epss_severity, 0.0)", \
+ "epss_severity", \
+ KEYWORD_TYPE_DOUBLE }, \
+ { "coalesce (result_vt_epss.max_epss_score, 0.0)", \
+ "max_epss_score", \
+ KEYWORD_TYPE_DOUBLE }, \
+ /* ^ 50 = 40 */ \
+ { "coalesce (result_vt_epss.max_epss_percentile, 0.0)", \
+ "max_epss_percentile", \
+ KEYWORD_TYPE_DOUBLE }, \
+ { "result_vt_epss.max_epss_cve", \
+ "max_epss_cve", \
+ KEYWORD_TYPE_STRING }, \
+ { "coalesce (result_vt_epss.max_epss_severity, 0.0)", \
+ "max_epss_severity", \
+ KEYWORD_TYPE_DOUBLE }, \
/**
* @brief Result iterator columns.
@@ -23196,7 +23223,9 @@ init_result_get_iterator (iterator_t* iterator, const get_data_t *get,
"results",
"nvts");
- extra_tables = g_strdup_printf (" LEFT OUTER JOIN nvts"
+ extra_tables = g_strdup_printf (" LEFT OUTER JOIN result_vt_epss"
+ " ON results.nvt = result_vt_epss.vt_id"
+ " LEFT OUTER JOIN nvts"
" ON results.nvt = nvts.oid %s,"
" LATERAL %s AS lateral_new_severity",
opts_tables,
@@ -23300,7 +23329,9 @@ result_count (const get_data_t *get, report_t report, const char* host)
"results",
"nvts");
- extra_tables = g_strdup_printf (" LEFT OUTER JOIN nvts"
+ extra_tables = g_strdup_printf (" LEFT OUTER JOIN result_vt_epss"
+ " ON results.nvt = result_vt_epss.vt_id"
+ " LEFT OUTER JOIN nvts"
" ON results.nvt = nvts.oid %s,"
" LATERAL %s AS lateral_new_severity",
opts_tables,
@@ -23765,6 +23796,118 @@ DEF_ACCESS (result_iterator_nvt_family, GET_ITERATOR_COLUMN_COUNT + 33);
*/
DEF_ACCESS (result_iterator_nvt_tag, GET_ITERATOR_COLUMN_COUNT + 34);
+/**
+ * @brief Get EPSS score of highest severity CVE from a result iterator.
+ *
+ * @param[in] iterator Iterator.
+ *
+ * @return EPSS score of the highest severity CVE.
+ */
+double
+result_iterator_epss_score (iterator_t* iterator)
+{
+ if (iterator->done) return 0.0;
+ return iterator_double (iterator, GET_ITERATOR_COLUMN_COUNT + 36);
+}
+
+/**
+ * @brief Get EPSS percentile of highest severity CVE from a result iterator.
+ *
+ * @param[in] iterator Iterator.
+ *
+ * @return EPSS percentile of the highest severity CVE.
+ */
+double
+result_iterator_epss_percentile (iterator_t* iterator)
+{
+ if (iterator->done) return 0.0;
+ return iterator_double (iterator, GET_ITERATOR_COLUMN_COUNT + 37);
+}
+
+/**
+ * @brief Get highest severity CVE with EPSS score from a result iterator.
+ *
+ * @param[in] iterator Iterator.
+ *
+ * @return Highest severity CVE with EPSS score.
+ */
+const gchar *
+result_iterator_epss_cve (iterator_t* iterator)
+{
+ if (iterator->done) return NULL;
+ return iterator_string (iterator, GET_ITERATOR_COLUMN_COUNT + 38);
+}
+
+/**
+ * @brief Get the highest severity of EPSS CVEs from a result iterator.
+ *
+ * @param[in] iterator Iterator.
+ *
+ * @return Highest severity of referenced CVEs with EPSS.
+ */
+double
+result_iterator_epss_severity (iterator_t* iterator)
+{
+ if (iterator->done) return 0.0;
+ return iterator_double (iterator, GET_ITERATOR_COLUMN_COUNT + 39);
+}
+
+/**
+ * @brief Get maximum EPSS score of referenced CVEs from a result iterator.
+ *
+ * @param[in] iterator Iterator.
+ *
+ * @return Maximum EPSS score.
+ */
+double
+result_iterator_max_epss_score (iterator_t* iterator)
+{
+ if (iterator->done) return 0.0;
+ return iterator_double (iterator, GET_ITERATOR_COLUMN_COUNT + 40);
+}
+
+/**
+ * @brief Get maximum EPSS percentile of referenced CVEs from a result iterator.
+ *
+ * @param[in] iterator Iterator.
+ *
+ * @return Maximum EPSS percentile.
+ */
+double
+result_iterator_max_epss_percentile (iterator_t* iterator)
+{
+ if (iterator->done) return 0.0;
+ return iterator_double (iterator, GET_ITERATOR_COLUMN_COUNT + 41);
+}
+
+/**
+ * @brief Get the CVE with the maximum EPSS score from a result iterator.
+ *
+ * @param[in] iterator Iterator.
+ *
+ * @return CVE with maximum EPSS score.
+ */
+const gchar *
+result_iterator_max_epss_cve (iterator_t* iterator)
+{
+ if (iterator->done) return NULL;
+ return iterator_string (iterator, GET_ITERATOR_COLUMN_COUNT + 42);
+}
+
+/**
+ * @brief Get severity of CVE with maximum EPSS score from a result iterator.
+ *
+ * @param[in] iterator Iterator.
+ *
+ * @return Severity of CVE with maximum EPSS score.
+ */
+double
+result_iterator_max_epss_severity (iterator_t* iterator)
+{
+ if (iterator->done) return 0.0;
+ return iterator_double (iterator, GET_ITERATOR_COLUMN_COUNT + 43);
+}
+
/**
* @brief Get CERT-BUNDs from a result iterator.
*
@@ -23776,7 +23919,7 @@ gchar **
result_iterator_cert_bunds (iterator_t* iterator)
{
if (iterator->done) return 0;
- return iterator_array (iterator, GET_ITERATOR_COLUMN_COUNT + 36);
+ return iterator_array (iterator, GET_ITERATOR_COLUMN_COUNT + 44);
}
/**
@@ -23790,7 +23933,7 @@ gchar **
result_iterator_dfn_certs (iterator_t* iterator)
{
if (iterator->done) return 0;
- return iterator_array (iterator, GET_ITERATOR_COLUMN_COUNT + 37);
+ return iterator_array (iterator, GET_ITERATOR_COLUMN_COUNT + 45);
}
/**
@@ -27954,6 +28097,8 @@ init_v2_delta_iterator (report_t report, iterator_t *results, report_t delta,
extra_tables = g_strdup_printf (" JOIN comparison "
" ON results.id = COALESCE (result1_id,"
" result2_id)"
+ " LEFT OUTER JOIN result_vt_epss"
+ " ON results.nvt = result_vt_epss.vt_id"
" LEFT OUTER JOIN nvts"
" ON results.nvt = nvts.oid %s,"
" LATERAL %s AS lateral_new_severity",
@@ -58055,7 +58200,9 @@ type_build_select (const char *type, const char *columns_str,
"results",
"nvts");
- opts_table = g_strdup_printf (" LEFT OUTER JOIN nvts"
+ opts_table = g_strdup_printf (" LEFT OUTER JOIN result_vt_epss"
+ " ON results.nvt = result_vt_epss.vt_id"
+ " LEFT OUTER JOIN nvts"
" ON results.nvt = nvts.oid %s,"
" LATERAL %s AS lateral_new_severity",
original,
diff --git a/src/manage_sql.h b/src/manage_sql.h
index dfe87caa6..29b5988a1 100644
--- a/src/manage_sql.h
+++ b/src/manage_sql.h
@@ -295,7 +295,7 @@ typedef struct
/**
* @brief Delta results columns offset for result iterator.
*/
-#define RESULT_ITERATOR_DELTA_COLUMN_OFFSET GET_ITERATOR_COLUMN_COUNT + 38
+#define RESULT_ITERATOR_DELTA_COLUMN_OFFSET GET_ITERATOR_COLUMN_COUNT + 46
/* Variables */
@@ -505,6 +505,9 @@ add_role_permission_resource (const gchar *, const gchar *, const gchar *,
void
create_view_vulns ();
+void
+create_view_result_vt_epss ();
+
int
config_family_entire_and_growing (config_t, const char*);
diff --git a/src/manage_sql_nvts.c b/src/manage_sql_nvts.c
index ccebce74f..a740fea5e 100644
--- a/src/manage_sql_nvts.c
+++ b/src/manage_sql_nvts.c
@@ -1987,6 +1987,7 @@ update_nvts_from_vts (element_t *get_vts_response,
sql ("ALTER TABLE nvts_rebuild RENAME TO nvts;");
create_view_vulns ();
+ create_view_result_vt_epss ();
}
set_nvts_check_time (count_new_vts, count_modified_vts);
diff --git a/src/manage_sql_secinfo.c b/src/manage_sql_secinfo.c
index fdf76db8c..fd8c13c76 100644
--- a/src/manage_sql_secinfo.c
+++ b/src/manage_sql_secinfo.c
@@ -3707,6 +3707,7 @@ update_scap_end ()
/* View 'vulns' contains references into the SCAP schema, so it is
* removed by the CASCADE. */
create_view_vulns ();
+ create_view_result_vt_epss ();
}
else
sql ("ALTER SCHEMA scap2 RENAME TO scap;");
@@ -3745,6 +3746,7 @@ abort_scap_update ()
/* View 'vulns' contains references into the SCAP schema, so it is
* removed by the CASCADE. */
create_view_vulns ();
+ create_view_result_vt_epss ();
/* Update CERT data that depends on SCAP. */
update_cert_data ();
}
diff --git a/src/schema_formats/XML/GMP.xml.in b/src/schema_formats/XML/GMP.xml.in
index cd86aada2..e2e517f64 100644
--- a/src/schema_formats/XML/GMP.xml.in
+++ b/src/schema_formats/XML/GMP.xml.in
@@ -523,6 +523,9 @@ along with this program. If not, see .
expiration_timeissuermd5_fingerprint
+ sha256_fingerprint
+ subject
+ serialtime_status
@@ -558,6 +561,21 @@ along with this program. If not, see .
MD5 fingerprint of the certificatetext
+
+ sha256_fingerprint
+ SHA-256 fingerprint of the certificate
+ text
+
+
+ subject
+ Name of the certificate
+ text
+
+
+ serial
+ Serial number of certificate
+ text
+ nvt
@@ -1667,6 +1685,7 @@ along with this program. If not, see .
severitiescpetags
+ epssrefs
@@ -1704,6 +1723,112 @@ along with this program. If not, see .
Tags associated with the NVTtext
+
+ epss
+ Exploit Prediction Scoring System (EPSS) info if available
+
+ max_severity
+ max_epss
+
+
+ max_severity
+
+ EPSS info of the referenced CVE with the highest severity
+
+
+ In case there are multiple CVEs referenced by the NVT tied for the
+ highest severity, they are also sorted by EPSS score and modification
+ time and the first one is chosen.
+
+
+ score
+ percentile
+ cve
+
+
+ score
+ EPSS score of the CVE
+
+ decimal
+
+
+
+ percentile
+ EPSS percentile of the CVE
+
+ decimal
+
+
+
+ cve
+ The representative CVE chosen
+
+
+ id
+ CVE-ID of the CVE
+ text
+
+ severity
+
+
+ severity
+ Severity (CVSS) score of the CVE if available
+
+ severity
+
+
+
+
+
+ max_epss
+
+ EPSS info of the referenced CVE with the highest EPSS score
+
+
+ In case there are multiple CVEs referenced by the NVT tied for the
+ highest EPSS score, they are also sorted by severity and modification
+ time and the first one is chosen.
+
+
+ score
+ percentile
+ cve
+
+
+ score
+ EPSS score of the CVE
+
+ decimal
+
+
+
+ percentile
+ EPSS percentile of the CVE
+
+ decimal
+
+
+
+ cve
+ The representative CVE chosen
+
+
+ id
+ CVE-ID of the CVE
+ text
+
+ severity
+
+
+ severity
+ Severity (CVSS) score of the CVE if available
+
+ severity
+
+
+
+
+ refsList of references of various types for this vulnerability test
@@ -7803,6 +7928,7 @@ END:VCALENDAR
data_typedata_columngroup_column
+ subgroup_columntext_columngroup
@@ -7826,6 +7952,11 @@ END:VCALENDAR
The column the data is grouped bytext
+
+ subgroup_column
+ The column to further group the resources by
+ text
+ text_columnA simple text column
@@ -8433,6 +8564,7 @@ END:VCALENDAR
methodfiltertasks
+ activeowner
@@ -8592,7 +8724,7 @@ END:VCALENDAR
method
- The method by which he alert must occur
+ The method by which the alert must occur
text
data
@@ -8699,6 +8831,11 @@ END:VCALENDAR
+
+ active
+ Whether the alert is active
+ boolean
+ filters
@@ -9082,7 +9219,7 @@ END:VCALENDAR
details
- Whether to include additional information (e.g., tags)
+ Whether to include additional information (e.g. tags)boolean
@@ -9122,6 +9259,7 @@ END:VCALENDAR
permissionsuser_tagsidentifiers
+ typehostos
@@ -9208,6 +9346,7 @@ END:VCALENDAR
typedatadeleted
+ nametype
@@ -9224,6 +9363,11 @@ END:VCALENDAR
Whether the source has been deletedboolean
+
+ name
+ User name when source type is User, else empty
+ boolean
+ os
@@ -9243,13 +9387,20 @@ END:VCALENDAR
+
+ type
+ Either "host" or "os"
+
+ xsd:token { pattern = "host|os" }
+
+ hostA hostseveritydetail
- routes
+ routesseverity
@@ -9412,7 +9563,7 @@ END:VCALENDAR
Hosts on which this OS has been detected as the best match
- asset
+ assetasset
@@ -9447,7 +9598,7 @@ END:VCALENDAR
in_use
- Whether any tasks are using the asset
+ Whether the asset is in useboolean
@@ -10050,7 +10201,7 @@ END:VCALENDAR
writable
- Whether any tasks are using the config, including trashcan tasks
+ Whether the config may be modified
boolean
@@ -10201,10 +10352,11 @@ END:VCALENDAR
nvtname
+ hr_nameidtypevalue
- default
+ defaultalt
@@ -10229,6 +10381,11 @@ END:VCALENDAR
The compact name of the preference as used by the scannername
+
+ hr_name
+ The human readable name of the preference
+ name
+ idThe ID of the preference
@@ -10433,20 +10590,31 @@ END:VCALENDAR
+
+ mabel
+ Full and fast
- All NVT's; optimized by using previously collected information.
- 2012-11-23T10:44:00+01:00
- 2013-01-23T10:44:00+01:00
+ Most NVT's; optimized by using previously collected information. Version 20201215.
+ 2023-03-06T11:26:30-05:00
+ 2024-01-23T10:02:26-05:00
+ 0
+ 1
+
+
+ Everything
+
+
- 4
+ 56
1
- 12
+ 88005
1
- 1
- 0
+ 0
+ scan
+ 0...
@@ -10461,44 +10629,64 @@ END:VCALENDAR
+
+ mabel
+ Full and fast
- All NVT's; optimized by using previously collected information.
+
+ Most NVT's; optimized by using previously collected information. Version 20201215.
+
+ 2023-03-06T11:26:30-05:00
+ 2024-01-23T10:02:26-05:00
+ 0
+ 1
+
+
+ Everything
+
+
- 4
+ 56
1
- 12
+ 88005
1
- 1
-
-
- Web Servers
-
- ...
-
+ 0
+ scan
+ 0
- Credentials
- 8
- 8
+ AIX Local Security Checks
+ 1
+ 11...
+ 88014
+ 88005
-
- Services
+
+ PostgreSQL Detection (TCP)1
- Network connection timeout :
+ Postgres Username:
+ Postgres Username:entry
- 5
+ postgres
+ postgres...
+
+
+ Web Servers
+
+ ...
+ ...
@@ -10614,6 +10802,11 @@ END:VCALENDAR
ID of filter to use to filter queryuuid
+
+ details
+ Whether to include certificate info
+ boolean
+ scannersWhether to include a list of scanners using the credentials
@@ -10687,11 +10880,13 @@ END:VCALENDAR
certificate_infoscannerstargets
-
- public_key
- package
- certificate
-
+
+
+ public_key
+ package
+ certificate
+
+ owner
@@ -11202,6 +11397,65 @@ END:VCALENDAR
+
+ get_features
+ Get a list of optional features
+
+
+ The client uses the get_features command to get a list of optional
+ features.
+ If the command sent by the client was valid, the manager will
+ reply with a list of features to the client.
+
+
+
+
+
+
+ status
+ status
+ 1
+
+
+ status_text
+ text
+ 1
+
+ feature
+
+
+ feature
+
+
+ enabled
+ boolean
+ Whether the feature is enabled
+ 1
+
+ name
+
+
+ name
+ The name of the feature
+ text
+
+
+
+
+ Get the optional features
+
+
+
+
+
+
+
+ OPENVASD
+
+
+
+
+ get_feedsGet one or many feeds
@@ -11215,7 +11469,7 @@ END:VCALENDAR
type
- Type of single feed to get: NVT, CERT or SCAP
+ Type of single feed to get: NVT, CERT, SCAP or GVMD_DATAtext
@@ -11245,7 +11499,7 @@ END:VCALENDAR
type
- The type of feed: NVT, CERT or SCAP
+ The type of feed: NVT, CERT, SCAP or GVMD_DATAtext
@@ -11279,18 +11533,12 @@ END:VCALENDAR
Present if a sync of this type is underwaytimestamp
- usertimestampTime sync startedtext
-
- user
- Name of user who is performing sync
- text
-