From 4e1254bd6236a296e691be43474009f3da2e10de Mon Sep 17 00:00:00 2001 From: Timo Pollmeier Date: Tue, 2 Jul 2024 09:35:46 +0200 Subject: [PATCH 01/45] Fix: Also create NVT indexes after rebuild If the nvts, vt_refs and vt_severities tables have been replaced in a VTs rebuild, indexes are now created for the new tables. This addresses the the indexes not existing after a rebuild and the subsequent performance issues. --- src/manage_pg.c | 46 +++++++++++++++++++++++++++---------------- src/manage_sql.h | 3 +++ src/manage_sql_nvts.c | 1 + 3 files changed, 33 insertions(+), 17 deletions(-) diff --git a/src/manage_pg.c b/src/manage_pg.c index 19d3463f7..31d1201c7 100644 --- a/src/manage_pg.c +++ b/src/manage_pg.c @@ -1881,6 +1881,33 @@ create_tables_nvt (const gchar *suffix) suffix); } +/** + * @brief Create NVT related indexes. + * + * @param[in] suffix String to append to table names. + */ +void +create_indexes_nvt () +{ + sql ("SELECT create_index ('nvts_by_creation_time'," + " 'nvts'," + " 'creation_time');"); + sql ("SELECT create_index ('nvts_by_family', 'nvts', 'family');"); + sql ("SELECT create_index ('nvts_by_name', 'nvts', 'name');"); + sql ("SELECT create_index ('nvts_by_modification_time'," + " 'nvts', 'modification_time');"); + sql ("SELECT create_index ('nvts_by_cvss_base'," + " 'nvts', 'cvss_base');"); + sql ("SELECT create_index ('nvts_by_solution_type'," + " 'nvts', 'solution_type');"); + + sql ("SELECT create_index ('vt_refs_by_vt_oid'," + " 'vt_refs', 'vt_oid');"); + + sql ("SELECT create_index ('vt_severities_by_vt_oid'," + " 'vt_severities', 'vt_oid');"); +} + /** * @brief Create all tables. */ @@ -3021,17 +3048,8 @@ create_tables () sql ("SELECT create_index ('nvt_selectors_by_name'," " 'nvt_selectors'," " 'name');"); - sql ("SELECT create_index ('nvts_by_creation_time'," - " 'nvts'," - " 'creation_time');"); - sql ("SELECT create_index ('nvts_by_family', 'nvts', 'family');"); - sql ("SELECT create_index ('nvts_by_name', 'nvts', 'name');"); - sql ("SELECT create_index ('nvts_by_modification_time'," - " 'nvts', 'modification_time');"); - sql ("SELECT create_index ('nvts_by_cvss_base'," - " 'nvts', 'cvss_base');"); - sql ("SELECT create_index ('nvts_by_solution_type'," - " 'nvts', 'solution_type');"); + + create_indexes_nvt (); sql ("SELECT create_index ('permissions_by_name'," " 'permissions', 'name');"); @@ -3063,12 +3081,6 @@ create_tables () " 'tls_certificate_origins'," " 'origin_id, origin_type')"); - sql ("SELECT create_index ('vt_refs_by_vt_oid'," - " 'vt_refs', 'vt_oid');"); - - sql ("SELECT create_index ('vt_severities_by_vt_oid'," - " 'vt_severities', 'vt_oid');"); - /* Previously this included the value column but that can be bigger than 8191, * the maximum size that Postgres can handle. For example, this can happen * for "ports". Mostly value is short, like a CPE for the "App" detail, diff --git a/src/manage_sql.h b/src/manage_sql.h index dfe87caa6..9b6c7d81d 100644 --- a/src/manage_sql.h +++ b/src/manage_sql.h @@ -505,6 +505,9 @@ add_role_permission_resource (const gchar *, const gchar *, const gchar *, void create_view_vulns (); +void +create_indexes_nvt (); + int config_family_entire_and_growing (config_t, const char*); diff --git a/src/manage_sql_nvts.c b/src/manage_sql_nvts.c index ccebce74f..302654bb7 100644 --- a/src/manage_sql_nvts.c +++ b/src/manage_sql_nvts.c @@ -1987,6 +1987,7 @@ update_nvts_from_vts (element_t *get_vts_response, sql ("ALTER TABLE nvts_rebuild RENAME TO nvts;"); create_view_vulns (); + create_indexes_nvt (); } set_nvts_check_time (count_new_vts, count_modified_vts); From 56d8f86e389b8538ea5021e9f2acebb5891a5440 Mon Sep 17 00:00:00 2001 From: Timo Pollmeier Date: Mon, 22 Jul 2024 14:28:16 +0200 Subject: [PATCH 02/45] Add: New --min-mem-feed-update option A new option is added which will make the automatic feed update wait until a minimum amount of physical memory is available. Additionally, the --mem-wait-retries can be used to set the number of retries waiting for memory to be available in each process. --- doc/gvmd.8 | 6 +++ doc/gvmd.8.xml | 18 +++++++ doc/gvmd.html | 18 +++++++ src/gvmd.c | 18 +++++++ src/manage.c | 143 ++++++++++++++++++++++++++++++++++++++++++++++++- src/manage.h | 15 ++++++ src/utils.c | 23 ++++++++ src/utils.h | 6 +++ 8 files changed, 245 insertions(+), 2 deletions(-) diff --git a/doc/gvmd.8 b/doc/gvmd.8 index 7972955c6..7179be5d4 100644 --- a/doc/gvmd.8 +++ b/doc/gvmd.8 @@ -121,9 +121,15 @@ Maximum size of user-defined message text in alert emails, in bytes. \fB--max-ips-per-target=\fINUMBER\fB\f1 Maximum number of IPs per target. .TP +\fB--mem-wait-retries=\fINUMBER\fB\f1 +How often to try waiting for available memory. Default: 30. Each retry will wait for 10 seconds. +.TP \fB-m, --migrate\f1 Migrate the database and exit. .TP +\fB--min-mem-feed-update=\fINUMBER\fB\f1 +Minimum memory in MiB for feed updates. Default: 0. Feed updates are skipped if less physical memory is available. +.TP \fB--modify-scanner=\fISCANNER-UUID\fB\f1 Modify scanner SCANNER-UUID and exit. .TP diff --git a/doc/gvmd.8.xml b/doc/gvmd.8.xml index 7c2165808..8e4bca59a 100644 --- a/doc/gvmd.8.xml +++ b/doc/gvmd.8.xml @@ -287,12 +287,30 @@ along with this program. If not, see .

Maximum number of IPs per target.

+ + + tag text @@ -18059,6 +18275,26 @@ END:VCALENDAR iso_time Scan end time + + compliance_yes + integer + Number of compliance yes results + + + compliance_no + integer + Number of compliance no results + + + compliance_incomplete + integer + Number of compliance incomplete results + + + compliant + compliance_status + Compliance state of the report. Can be yes, no, incomplete or undefined + @@ -18128,6 +18364,17 @@ END:VCALENDAR boolean + + usage_type + Optional usage type to limit the reports to. Affects total count unlike filter + + + scan + audit + + + + @@ -22906,8 +23153,9 @@ END:VCALENDAR timestamp scan_end - result_count - severity + result_count + severity + compliance_count timestamp @@ -22919,7 +23167,7 @@ END:VCALENDAR result_count - Result counts for this report + Result counts for this report. Only for scan tasks false_positive log @@ -22951,8 +23199,34 @@ END:VCALENDAR severity severity - Maximum severity of the report + Maximum severity of the report. Only for scan tasks + + compliance_count + Complaince counts. Only for audit tasks + + yes + no + incomplete + undefined + + + yes + integer + + + no + integer + + + incomplete + integer + + + undefined + integer + + From 79bbf68062e82971062eb05d61a57c8e0761a133 Mon Sep 17 00:00:00 2001 From: Ahmed Abdelsalam Date: Tue, 20 Feb 2024 11:03:28 +0100 Subject: [PATCH 26/45] Address review comments --- src/manage_pg.c | 6 ++++-- src/manage_sql.c | 21 +++++++++++---------- 2 files changed, 15 insertions(+), 12 deletions(-) diff --git a/src/manage_pg.c b/src/manage_pg.c index b9d008142..d9d8cc506 100644 --- a/src/manage_pg.c +++ b/src/manage_pg.c @@ -895,7 +895,7 @@ manage_create_sql_functions () "$$ LANGUAGE plpgsql" " IMMUTABLE;"); - sql ("CREATE OR REPLACE FUNCTION compliance_status (" + sql ("CREATE OR REPLACE FUNCTION report_compliance_status (" " report_id integer)" "RETURNS text AS $$ " "BEGIN" @@ -918,7 +918,9 @@ manage_create_sql_functions () "$$ LANGUAGE plpgsql" " IMMUTABLE;"); - sql ("CREATE OR REPLACE FUNCTION compliance_count (report_id integer, compliance text)" + sql ("CREATE OR REPLACE FUNCTION report_compliance_count (" + " report_id integer," + " compliance text)" " RETURNS integer AS $$" " DECLARE count integer := 0;" " BEGIN" diff --git a/src/manage_sql.c b/src/manage_sql.c index bffb14b00..6abe7f43e 100644 --- a/src/manage_sql.c +++ b/src/manage_sql.c @@ -2037,7 +2037,7 @@ filter_control_str (keyword_t **point, const char *column, gchar **string) * @param[out] levels String describing threat levels (message types) * to include in count (for example, "hmlg" for * High, Medium, Low and loG). All levels if NULL. - * @param[out] comliance_levels String describing compliance levels + * @param[out] compliance_levels String describing compliance levels * to include in count (for example, "yniu" for * "yes" (compliant), "n" for "no" (not compliant), * "i" for "incomplete" and "u" for "undefined" @@ -21992,22 +21992,22 @@ report_add_results_array (report_t report, GArray *results) KEYWORD_TYPE_INTEGER \ }, \ { \ - "compliance_count (id, 'YES')", \ + "report_compliance_count (id, 'YES')", \ "compliance_yes", \ KEYWORD_TYPE_INTEGER \ }, \ { \ - "compliance_count (id, 'NO')", \ + "report_compliance_count (id, 'NO')", \ "compliance_no", \ KEYWORD_TYPE_INTEGER \ }, \ { \ - "compliance_count (id, 'INCOMPLETE')", \ + "report_compliance_count (id, 'INCOMPLETE')", \ "compliance_incomplete", \ KEYWORD_TYPE_INTEGER \ }, \ { \ - "compliance_status (id)", \ + "report_compliance_status (id)", \ "compliant", \ KEYWORD_TYPE_STRING \ }, \ @@ -22055,7 +22055,8 @@ where_compliance_status (const char *compliance) compliance_sql = g_string_new (""); count = 0; - g_string_append_printf (compliance_sql, " AND compliance_status(reports.id) IN ("); + g_string_append_printf (compliance_sql, + " AND report_compliance_status(reports.id) IN ("); if (strchr (compliance, 'y')) { @@ -22080,9 +22081,9 @@ where_compliance_status (const char *compliance) g_string_append (compliance_sql, ")"); - if (count == 4) + if ((count == 4) || (count == 0)) { - /* All compliance levels selected. */ + /* All compliance levels or no valid ones selected. */ g_string_free (compliance_sql, TRUE); return NULL; } @@ -22422,9 +22423,9 @@ where_compliance_levels (const char *levels) } g_string_append (levels_sql, ")"); - if (count == 4) + if ((count == 4) || (count == 0)) { - /* All compliance levels selected, so no restriction is necessary. */ + /* All compliance levels or none selected, so no restriction is necessary. */ g_string_free (levels_sql, TRUE); return NULL; } From d6a267cae4e004a78e95715c09810bd58ffa6881 Mon Sep 17 00:00:00 2001 From: Ahmed Abdelsalam Date: Tue, 9 Jul 2024 16:18:05 +0200 Subject: [PATCH 27/45] Add feature toggle for compliance reports --- CMakeLists.txt | 12 + src/gmp.c | 48 +- src/gvmd.c | 3 + src/manage_sql.c | 1071 ++++++++++++++--------------- src/schema_formats/XML/GMP.xml.in | 70 +- 5 files changed, 611 insertions(+), 593 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 945272c27..dd7396c90 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -247,6 +247,10 @@ if (NOT CVSS3_RATINGS) endif (NOT CVSS3_RATINGS) add_definitions (-DCVSS3_RATINGS=${CVSS3_RATINGS}) +if (NOT COMPLIANCE_REPORTS) + set (COMPLIANCE_REPORTS 0) +endif (NOT COMPLIANCE_REPORTS) +add_definitions (-DCOMPLIANCE_REPORTS=${COMPLIANCE_REPORTS}) message ("-- Install prefix: ${CMAKE_INSTALL_PREFIX}") @@ -254,6 +258,14 @@ message ("-- Install prefix: ${CMAKE_INSTALL_PREFIX}") set (GVMD_VERSION "${PROJECT_VERSION_STRING}") +if (COMPLIANCE_REPORTS EQUAL 1) + set(IF_COMPLIANCE_REPORTS "") + set(ENDIF_COMPLIANCE_REPORTS "") +elseif (COMPLIANCE_REPORTS EQUAL 0) + set(IF_COMPLIANCE_REPORTS "") +endif() + # Configure Doxyfile with version number configure_file (doc/Doxyfile.in doc/Doxyfile) configure_file (doc/Doxyfile_full.in doc/Doxyfile_full) diff --git a/src/gmp.c b/src/gmp.c index 196f00f1e..4ae04b006 100644 --- a/src/gmp.c +++ b/src/gmp.c @@ -12955,6 +12955,11 @@ handle_get_features (gmp_parser_t *gmp_parser, GError **error) " status=\"" STATUS_OK "\"" " status_text=\"" STATUS_OK_TEXT "\">"); + SENDF_TO_CLIENT_OR_FAIL ("" + "COMPLIANCE_REPORTS" + "", + COMPLIANCE_REPORTS ? 1 : 0); + SENDF_TO_CLIENT_OR_FAIL ("" "CVSS3_RATINGS" "", @@ -14831,7 +14836,7 @@ handle_get_reports (gmp_parser_t *gmp_parser, GError **error) || (strlen (get_reports_data->report_get.id) == 0)) { int overrides, min_qod; - gchar *filter, *levels, *compliance_levels; + gchar *filter, *levels; get_data_t * get; /* For simplicity, use a fixed result filter when filtering @@ -14853,22 +14858,33 @@ handle_get_reports (gmp_parser_t *gmp_parser, GError **error) overrides = filter_term_apply_overrides (filter ? filter : get->filter); min_qod = filter_term_min_qod (filter ? filter : get->filter); levels = filter_term_value (filter ? filter : get->filter, "levels"); - compliance_levels = filter_term_value (filter - ? filter - : get->filter, - "compliance_levels"); + #if COMPLIANCE_REPORTS == 1 + gchar *compliance_levels; + compliance_levels = filter_term_value (filter + ? filter + : get->filter, + "compliance_levels"); + + /* Setup result filter from overrides. */ + get_reports_data->get.filter + = g_strdup_printf + ("apply_overrides=%i min_qod=%i levels=%s compliance_levels=%s", + overrides, + min_qod, + levels ? levels : "hmlgdf", + compliance_levels ? compliance_levels : "yniu"); + g_free (compliance_levels); + #else + /* Setup result filter from overrides. */ + get_reports_data->get.filter + = g_strdup_printf + ("apply_overrides=%i min_qod=%i levels=%s", + overrides, + min_qod, + levels ? levels : "hmlgdf"); + #endif g_free (filter); - - /* Setup result filter from overrides. */ - get_reports_data->get.filter - = g_strdup_printf - ("apply_overrides=%i min_qod=%i levels=%s compliance_levels=%s", - overrides, - min_qod, - levels ? levels : "hmlgdf", - compliance_levels ? compliance_levels : "yniu"); g_free (levels); - g_free (compliance_levels); } ret = init_report_iterator (&reports, &get_reports_data->report_get); @@ -15914,6 +15930,7 @@ select_resource_iterator (get_resource_names_data_t *resource_names_data, else if (g_strcmp0 ("report", resource_names_data->type) == 0) { *iterator = (int (*) (iterator_t*, get_data_t *))init_report_iterator; +#if COMPLIANCE_REPORTS == 1 get_data_set_extra (&resource_names_data->get, "usage_type", g_strdup ("scan")); @@ -15924,6 +15941,7 @@ select_resource_iterator (get_resource_names_data_t *resource_names_data, get_data_set_extra (&resource_names_data->get, "usage_type", g_strdup ("audit")); +#endif } else if (g_strcmp0 ("report_config", resource_names_data->type) == 0) { diff --git a/src/gvmd.c b/src/gvmd.c index 05bc8c43c..9be3ecc8e 100644 --- a/src/gvmd.c +++ b/src/gvmd.c @@ -2317,6 +2317,9 @@ gvmd (int argc, char** argv, char *env[]) #endif #if CVSS3_RATINGS == 1 printf ("CVSS3 severity ratings enabled\n"); +#endif +#if COMPLIANCE_REPORTS == 1 + printf ("Compliance reports enabled\n"); #endif printf ("Copyright (C) 2009-2021 Greenbone AG\n"); printf ("License: AGPL-3.0-or-later\n"); diff --git a/src/manage_sql.c b/src/manage_sql.c index 6abe7f43e..83e3ddc6b 100644 --- a/src/manage_sql.c +++ b/src/manage_sql.c @@ -3980,9 +3980,14 @@ valid_type (const char* type) int valid_subtype (const char* type) { - return (strcasecmp (type, "audit_report") == 0) - || (strcasecmp (type, "audit") == 0) - || (strcasecmp (type, "policy") == 0); + #if COMPLIANCE_REPORTS == 1 + return (strcasecmp (type, "audit_report") == 0) + || (strcasecmp (type, "audit") == 0) + || (strcasecmp (type, "policy") == 0); + #else + return (strcasecmp (type, "audit") == 0) + || (strcasecmp (type, "policy") == 0); + #endif } /** @@ -22033,6 +22038,7 @@ report_iterator_opts_table (int override, int min_qod) min_qod); } +#if COMPLIANCE_REPORTS == 1 /** * @brief Return SQL WHERE for restricting a SELECT to compliance statuses. * @@ -22090,7 +22096,7 @@ where_compliance_status (const char *compliance) return g_string_free (compliance_sql, FALSE);; } - +#endif /** * @brief Generate an extra WHERE clause for selecting reports @@ -22104,9 +22110,9 @@ where_compliance_status (const char *compliance) static gchar * reports_extra_where (int trash, const gchar *filter, const char *usage_type) { - gchar *extra_where = NULL; - gchar *usage_type_clause, *trash_clause, *compliance_clause = NULL; - gchar *compliance_filter = NULL; + + GString *extra_where = g_string_new (""); + gchar *trash_clause; if (trash) { @@ -22122,36 +22128,37 @@ reports_extra_where (int trash, const gchar *filter, const char *usage_type) } - if (usage_type && strcmp (usage_type, "")) - { - gchar *quoted_usage_type; - quoted_usage_type = sql_quote (usage_type); - usage_type_clause = g_strdup_printf (" AND task in (SELECT id from tasks" - " WHERE usage_type='%s')", - quoted_usage_type); - - g_free (quoted_usage_type); - } - else - usage_type_clause = NULL; + g_string_append_printf(extra_where, "%s", trash_clause); + g_free (trash_clause); - if (filter) - compliance_filter = filter_term_value(filter, "report_compliance_levels"); + #if COMPLIANCE_REPORTS == 1 + gchar *usage_type_clause, *compliance_clause = NULL; + gchar *compliance_filter = NULL; + if (usage_type && strcmp (usage_type, "")) + { + gchar *quoted_usage_type; + quoted_usage_type = sql_quote (usage_type); + usage_type_clause = g_strdup_printf (" AND task in (SELECT id from tasks" + " WHERE usage_type='%s')", + quoted_usage_type); - compliance_clause = where_compliance_status (compliance_filter ?: "yniu"); - + g_free (quoted_usage_type); + } + else + usage_type_clause = NULL; - extra_where = g_strdup_printf("%s%s%s", - trash_clause, - usage_type_clause ?: "", - compliance_clause ?: ""); + if (filter) + compliance_filter = filter_term_value(filter, "report_compliance_levels"); - g_free (compliance_filter); - g_free (trash_clause); - g_free (compliance_clause); - g_free (usage_type_clause); + compliance_clause = where_compliance_status (compliance_filter ?: "yniu"); - return extra_where; + g_string_append_printf (extra_where, "%s%s", usage_type_clause ?: "", compliance_clause ?: ""); + g_free (compliance_filter); + g_free (compliance_clause); + g_free (usage_type_clause); + #endif + + return g_string_free (extra_where, FALSE); } /** @@ -25967,6 +25974,7 @@ report_counts_id_full (report_t report, int* holes, int* infos, return 0; } +#if COMPLIANCE_REPORTS == 1 /** * @brief Get the compliance state from compliance counts. * @@ -26111,7 +26119,7 @@ report_compliance_counts (report_t report, return 0; } - +#endif /** @@ -28437,7 +28445,52 @@ print_report_host_xml (FILE *stream, PRINT (stream, ""); - if (strcmp (usage_type, "audit")) + #if COMPLIANCE_REPORTS == 1 + if (strcmp (usage_type, "audit") == 0) + { + int yes_count, no_count, incomplete_count, undefined_count; + + yes_count + = GPOINTER_TO_INT + (g_hash_table_lookup (f_host_compliant, current_host)); + no_count + = GPOINTER_TO_INT + (g_hash_table_lookup (f_host_notcompliant, current_host)); + incomplete_count + = GPOINTER_TO_INT + (g_hash_table_lookup (f_host_incomplete, current_host)); + undefined_count + = GPOINTER_TO_INT + (g_hash_table_lookup (f_host_undefined, current_host)); + + PRINT (stream, + "%s" + "%s" + "%d" + "" + "%d" + "%d" + "%d" + "%d" + "%d" + "" + "%s", + host_iterator_start_time (hosts), + host_iterator_end_time (hosts) + ? host_iterator_end_time (hosts) + : "", + ports_count, + (yes_count + no_count + incomplete_count + undefined_count), + yes_count, + no_count, + incomplete_count, + undefined_count, + report_compliance_from_counts (&yes_count, + &no_count, + &incomplete_count, + &undefined_count)); + } else + #endif { int holes_count, warnings_count, infos_count; int logs_count, false_positives_count; @@ -28484,50 +28537,6 @@ print_report_host_xml (FILE *stream, logs_count, false_positives_count); } - else - { - int yes_count, no_count, incomplete_count, undefined_count; - - yes_count - = GPOINTER_TO_INT - (g_hash_table_lookup (f_host_compliant, current_host)); - no_count - = GPOINTER_TO_INT - (g_hash_table_lookup (f_host_notcompliant, current_host)); - incomplete_count - = GPOINTER_TO_INT - (g_hash_table_lookup (f_host_incomplete, current_host)); - undefined_count - = GPOINTER_TO_INT - (g_hash_table_lookup (f_host_undefined, current_host)); - - PRINT (stream, - "%s" - "%s" - "%d" - "" - "%d" - "%d" - "%d" - "%d" - "%d" - "" - "%s", - host_iterator_start_time (hosts), - host_iterator_end_time (hosts) - ? host_iterator_end_time (hosts) - : "", - ports_count, - (yes_count + no_count + incomplete_count + undefined_count), - yes_count, - no_count, - incomplete_count, - undefined_count, - report_compliance_from_counts (&yes_count, - &no_count, - &incomplete_count, - &undefined_count)); - } if (print_report_host_details_xml (host_iterator_report_host (hosts), stream, lean)) @@ -29641,7 +29650,8 @@ print_v2_report_delta_xml (FILE *out, iterator_t *results, *orig_filtered_result_count = *filtered_result_count; gchar *usage_type = NULL; - if (task && task_usage_type(task, &usage_type)) return -1; + if (task && task_usage_type(task, &usage_type)) + return -1; ports = g_tree_new_full ((GCompareDataFunc) strcmp, NULL, g_free, (GDestroyNotify) free_host_ports); @@ -29652,7 +29662,30 @@ print_v2_report_delta_xml (FILE *out, iterator_t *results, if (strchr (delta_states, state[0]) == NULL) continue; - if (strcmp (usage_type, "audit")) + #if COMPLIANCE_REPORTS == 1 + if (strcmp (usage_type, "audit") == 0) + { + const char* compliance; + compliance = result_iterator_compliance (results); + (*f_compliance_count)++; + if (strcasecmp (compliance, "yes") == 0) + { + (*f_compliance_yes)++; + } + else if (strcasecmp (compliance, "no") == 0) + { + (*f_compliance_no)++; + } + else if (strcasecmp (compliance, "incomplete") == 0) + { + (*f_compliance_incomplete)++; + } + else if (strcasecmp (compliance, "undefined") == 0) + { + (*f_compliance_undefined)++; + } + } else + #endif { const char *level; /* Increase the result count. */ @@ -29685,28 +29718,6 @@ print_v2_report_delta_xml (FILE *out, iterator_t *results, (*f_false_positives)++; } } - else - { - const char* compliance; - compliance = result_iterator_compliance (results); - (*f_compliance_count)++; - if (strcasecmp (compliance, "yes") == 0) - { - (*f_compliance_yes)++; - } - else if (strcasecmp (compliance, "no") == 0) - { - (*f_compliance_no)++; - } - else if (strcasecmp (compliance, "incomplete") == 0) - { - (*f_compliance_incomplete)++; - } - else if (strcasecmp (compliance, "undefined") == 0) - { - (*f_compliance_undefined)++; - } - } buffer_results_xml (buffer, results, @@ -29839,11 +29850,9 @@ print_report_xml_start (report_t report, report_t delta, task_t task, GHashTable *f_host_incomplete, *f_host_undefined; task_status_t run_status; gchar *tsk_usage_type = NULL; - int compliance_yes, compliance_no; - int compliance_incomplete, compliance_undefined; int f_compliance_yes, f_compliance_no; int f_compliance_incomplete, f_compliance_undefined; - int total_compliance_count, f_compliance_count; + int f_compliance_count; int delta_reports_version = 0; @@ -29856,7 +29865,7 @@ print_report_xml_start (report_t report, report_t delta, task_t task, min_qod = NULL; search_phrase = NULL; total_result_count = filtered_result_count = 0; - total_compliance_count = f_compliance_count = 0; + f_compliance_count = 0; orig_filtered_result_count = 0; orig_f_false_positives = orig_f_warnings = orig_f_logs = orig_f_infos = 0; orig_f_holes = 0; @@ -29947,14 +29956,11 @@ print_report_xml_start (report_t report, report_t delta, task_t task, levels = levels ? levels : g_strdup ("hmlgdf"); - compliance_levels = compliance_levels ? compliance_levels : g_strdup ("yniu"); - if (task && (task_uuid (task, &tsk_uuid) || task_usage_type(task, &tsk_usage_type))) { fclose (out); g_free (term); g_free (levels); - g_free (compliance_levels); g_free (search_phrase); g_free (min_qod); g_free (delta_states); @@ -30027,7 +30033,6 @@ print_report_xml_start (report_t report, report_t delta, task_t task, { free (uuid); g_free (levels); - g_free (compliance_levels); g_free (search_phrase); g_free (min_qod); g_free (delta_states); @@ -30062,7 +30067,9 @@ print_report_xml_start (report_t report, report_t delta, task_t task, if (report) { /* Get total counts of full results. */ - if (strcmp (tsk_usage_type, "audit")) + #if COMPLIANCE_REPORTS == 1 + if (strcmp (tsk_usage_type, "audit")) + #endif { if (delta == 0) { @@ -30200,7 +30207,22 @@ print_report_xml_start (report_t report, report_t delta, task_t task, filters_extra_buffer = g_string_new (""); - if (strcmp (tsk_usage_type, "audit")) + #if COMPLIANCE_REPORTS == 1 + if (strcmp (tsk_usage_type, "audit") == 0) + { + compliance_levels = compliance_levels ? compliance_levels : g_strdup ("yniu"); + + if (strchr (compliance_levels, 'y')) + g_string_append (filters_extra_buffer, "Yes"); + if (strchr (compliance_levels, 'n')) + g_string_append (filters_extra_buffer, "No"); + if (strchr (compliance_levels, 'i')) + g_string_append (filters_extra_buffer, "Incomplete"); + if (strchr (compliance_levels, 'u')) + g_string_append (filters_extra_buffer, "Undefined"); + } + else + #endif { if (strchr (levels, 'h')) g_string_append (filters_extra_buffer, "High"); @@ -30213,17 +30235,6 @@ print_report_xml_start (report_t report, report_t delta, task_t task, if (strchr (levels, 'f')) g_string_append (filters_extra_buffer, "False Positive"); } - else - { - if (strchr (compliance_levels, 'y')) - g_string_append (filters_extra_buffer, "Yes"); - if (strchr (compliance_levels, 'n')) - g_string_append (filters_extra_buffer, "No"); - if (strchr (compliance_levels, 'i')) - g_string_append (filters_extra_buffer, "Incomplete"); - if (strchr (compliance_levels, 'u')) - g_string_append (filters_extra_buffer, "Undefined"); - } if (delta) { @@ -30488,56 +30499,60 @@ print_report_xml_start (report_t report, report_t delta, task_t task, } /* Prepare result counts. */ + #if COMPLIANCE_REPORTS == 1 + int compliance_yes, compliance_no; + int compliance_incomplete, compliance_undefined; + int total_compliance_count = 0; - if (strcmp (tsk_usage_type, "audit") == 0) - { - report_compliance_counts (report, get, &compliance_yes, &compliance_no, - &compliance_incomplete, &compliance_undefined); + if (strcmp (tsk_usage_type, "audit") == 0) + { + report_compliance_counts (report, get, &compliance_yes, &compliance_no, + &compliance_incomplete, &compliance_undefined); - total_compliance_count = compliance_yes - + compliance_no - + compliance_incomplete - + compliance_undefined; + total_compliance_count = compliance_yes + + compliance_no + + compliance_incomplete + + compliance_undefined; - f_compliance_yes = f_compliance_no = 0; - f_compliance_incomplete = f_compliance_undefined = 0; + f_compliance_yes = f_compliance_no = 0; + f_compliance_incomplete = f_compliance_undefined = 0; - if (count_filtered == 0) - { - report_compliance_f_counts (report, - get, - &f_compliance_yes, - &f_compliance_no, - &f_compliance_incomplete, - &f_compliance_undefined); - - f_compliance_count = f_compliance_yes - + f_compliance_no - + f_compliance_incomplete - + f_compliance_undefined; - } - } - else - { - if (count_filtered) - { - /* We're getting all the filtered results, so we can count them as we - * print them, to save time. */ + if (count_filtered == 0) + { + report_compliance_f_counts (report, + get, + &f_compliance_yes, + &f_compliance_no, + &f_compliance_incomplete, + &f_compliance_undefined); - report_counts_id_full (report, &holes, &infos, &logs, - &warnings, &false_positives, &severity, - get, NULL, NULL, NULL, NULL, NULL, NULL, NULL); + f_compliance_count = f_compliance_yes + + f_compliance_no + + f_compliance_incomplete + + f_compliance_undefined; + } + } else + #endif + { + if (count_filtered) + { + /* We're getting all the filtered results, so we can count them as we + * print them, to save time. */ - f_holes = f_infos = f_logs = f_warnings = 0; - f_false_positives = f_severity = 0; - } - else - report_counts_id_full (report, &holes, &infos, &logs, - &warnings, &false_positives, &severity, - get, NULL, - &f_holes, &f_infos, &f_logs, &f_warnings, - &f_false_positives, &f_severity); - } + report_counts_id_full (report, &holes, &infos, &logs, + &warnings, &false_positives, &severity, + get, NULL, NULL, NULL, NULL, NULL, NULL, NULL); + + f_holes = f_infos = f_logs = f_warnings = 0; + f_false_positives = f_severity = 0; + } + else + report_counts_id_full (report, &holes, &infos, &logs, + &warnings, &false_positives, &severity, + get, NULL, + &f_holes, &f_infos, &f_logs, &f_warnings, + &f_false_positives, &f_severity); + } /* Results. */ @@ -30602,31 +30617,31 @@ print_report_xml_start (report_t report, report_t delta, task_t task, /* Quiet erroneous compiler warning. */ result_hosts = NULL; - if (strcmp (tsk_usage_type, "audit")) - { - f_host_holes = g_hash_table_new_full (g_str_hash, g_str_equal, - g_free, NULL); - f_host_warnings = g_hash_table_new_full (g_str_hash, g_str_equal, - g_free, NULL); - f_host_infos = g_hash_table_new_full (g_str_hash, g_str_equal, - g_free, NULL); - f_host_logs = g_hash_table_new_full (g_str_hash, g_str_equal, + #if COMPLIANCE_REPORTS == 1 + if (strcmp (tsk_usage_type, "audit") == 0) + { + f_host_compliant = g_hash_table_new_full (g_str_hash, g_str_equal, + g_free, NULL); + f_host_notcompliant = g_hash_table_new_full (g_str_hash, g_str_equal, + g_free, NULL); + f_host_incomplete = g_hash_table_new_full (g_str_hash, g_str_equal, + g_free, NULL); + f_host_undefined = g_hash_table_new_full (g_str_hash, g_str_equal, + g_free, NULL); + } else + #endif + { + f_host_holes = g_hash_table_new_full (g_str_hash, g_str_equal, g_free, NULL); - f_host_false_positives = g_hash_table_new_full (g_str_hash, g_str_equal, - g_free, NULL); - } - else - { - f_host_compliant = g_hash_table_new_full (g_str_hash, g_str_equal, - g_free, NULL); - f_host_notcompliant = g_hash_table_new_full (g_str_hash, g_str_equal, - g_free, NULL); - f_host_incomplete = g_hash_table_new_full (g_str_hash, g_str_equal, - g_free, NULL); - f_host_undefined = g_hash_table_new_full (g_str_hash, g_str_equal, - g_free, NULL); - } - + f_host_warnings = g_hash_table_new_full (g_str_hash, g_str_equal, + g_free, NULL); + f_host_infos = g_hash_table_new_full (g_str_hash, g_str_equal, + g_free, NULL); + f_host_logs = g_hash_table_new_full (g_str_hash, g_str_equal, + g_free, NULL); + f_host_false_positives = g_hash_table_new_full (g_str_hash, g_str_equal, + g_free, NULL); + } if (delta && get->details) { @@ -30649,36 +30664,7 @@ print_report_xml_start (report_t report, report_t delta, task_t task, &orig_f_false_positives, &f_false_positives, result_hosts)) - { - fclose (out); - g_free (sort_field); - g_free (levels); - g_free (compliance_levels); - g_free (search_phrase); - g_free (min_qod); - g_free (delta_states); - cleanup_iterator (&results); - cleanup_iterator (&delta_results); - tz_revert (zone, tz, old_tz_override); - g_hash_table_destroy (f_host_ports); - if (strcmp (tsk_usage_type, "audit")) - { - g_hash_table_destroy (f_host_holes); - g_hash_table_destroy (f_host_warnings); - g_hash_table_destroy (f_host_infos); - g_hash_table_destroy (f_host_logs); - g_hash_table_destroy (f_host_false_positives); - - } - else - { - g_hash_table_destroy (f_host_compliant); - g_hash_table_destroy (f_host_notcompliant); - g_hash_table_destroy (f_host_incomplete); - g_hash_table_destroy (f_host_undefined); - } - return -1; - } + goto failed_delta_report; } else { @@ -30703,35 +30689,7 @@ print_report_xml_start (report_t report, report_t delta, task_t task, &f_compliance_undefined, &f_compliance_count, result_hosts)) - { - fclose (out); - g_free (sort_field); - g_free (levels); - g_free (compliance_levels); - g_free (search_phrase); - g_free (min_qod); - g_free (delta_states); - cleanup_iterator (&results); - cleanup_iterator (&delta_results); - tz_revert (zone, tz, old_tz_override); - g_hash_table_destroy (f_host_ports); - if (strcmp (tsk_usage_type, "audit")) - { - g_hash_table_destroy (f_host_holes); - g_hash_table_destroy (f_host_warnings); - g_hash_table_destroy (f_host_infos); - g_hash_table_destroy (f_host_logs); - g_hash_table_destroy (f_host_false_positives); - } - else - { - g_hash_table_destroy (f_host_compliant); - g_hash_table_destroy (f_host_notcompliant); - g_hash_table_destroy (f_host_incomplete); - g_hash_table_destroy (f_host_undefined); - } - return -1; - } + goto failed_delta_report; } } else if (get->details) @@ -30767,107 +30725,108 @@ print_report_xml_start (report_t report, report_t delta, task_t task, array_add_new_string (result_hosts, result_iterator_host (&results)); - if (strcmp (tsk_usage_type, "audit")) - { - double result_severity; - result_severity = result_iterator_severity_double (&results); - if (result_severity > f_severity) - f_severity = result_severity; + #if COMPLIANCE_REPORTS == 1 + if (strcmp (tsk_usage_type, "audit") == 0) + { + const char* compliance; + compliance = result_iterator_compliance (&results); - level = result_iterator_level (&results); + if (strcasecmp (compliance, "yes") == 0) + { + f_host_result_counts = f_host_compliant; + if (count_filtered) + f_compliance_yes++; + } + else if (strcasecmp (compliance, "no") == 0) + { + f_host_result_counts = f_host_notcompliant; + if (count_filtered) + f_compliance_no++; + } + else if (strcasecmp (compliance, "incomplete") == 0) + { + f_host_result_counts = f_host_incomplete; + if (count_filtered) + f_compliance_incomplete++; + } + else if (strcasecmp (compliance, "undefined") == 0) + { + f_host_result_counts = f_host_undefined; + if (count_filtered) + f_compliance_undefined++; + } + else + { + f_host_result_counts = NULL; + } - if (strcasecmp (level, "log") == 0) - { - f_host_result_counts = f_host_logs; - if (count_filtered) - f_logs++; - } - else if (strcasecmp (level, "high") == 0) - { - f_host_result_counts = f_host_holes; - if (count_filtered) - f_holes++; - } - else if (strcasecmp (level, "medium") == 0) - { - f_host_result_counts = f_host_warnings; - if (count_filtered) - f_warnings++; - } - else if (strcasecmp (level, "low") == 0) - { - f_host_result_counts = f_host_infos; - if (count_filtered) - f_infos++; - } - else if (strcasecmp (level, "false positive") == 0) - { - f_host_result_counts = f_host_false_positives; - if (count_filtered) - f_false_positives++; + if (f_host_result_counts) + { + const char *result_host = result_iterator_host (&results); + int result_count + = GPOINTER_TO_INT + (g_hash_table_lookup (f_host_result_counts, + result_host)); + + g_hash_table_replace (f_host_result_counts, + g_strdup (result_host), + GINT_TO_POINTER (result_count + 1)); } - else - f_host_result_counts = NULL; + } else + #endif + { + double result_severity; + result_severity = result_iterator_severity_double (&results); + if (result_severity > f_severity) + f_severity = result_severity; - if (f_host_result_counts) - { - const char *result_host = result_iterator_host (&results); - int result_count - = GPOINTER_TO_INT - (g_hash_table_lookup (f_host_result_counts, result_host)); - - g_hash_table_replace (f_host_result_counts, - g_strdup (result_host), - GINT_TO_POINTER (result_count + 1)); - } - } - else - { - const char* compliance; - compliance = result_iterator_compliance (&results); + level = result_iterator_level (&results); - if (strcasecmp (compliance, "yes") == 0) - { - f_host_result_counts = f_host_compliant; - if (count_filtered) - f_compliance_yes++; - } - else if (strcasecmp (compliance, "no") == 0) - { - f_host_result_counts = f_host_notcompliant; - if (count_filtered) - f_compliance_no++; - } - else if (strcasecmp (compliance, "incomplete") == 0) - { - f_host_result_counts = f_host_incomplete; - if (count_filtered) - f_compliance_incomplete++; - } - else if (strcasecmp (compliance, "undefined") == 0) - { - f_host_result_counts = f_host_undefined; - if (count_filtered) - f_compliance_undefined++; - } - else - { - f_host_result_counts = NULL; - } + if (strcasecmp (level, "log") == 0) + { + f_host_result_counts = f_host_logs; + if (count_filtered) + f_logs++; + } + else if (strcasecmp (level, "high") == 0) + { + f_host_result_counts = f_host_holes; + if (count_filtered) + f_holes++; + } + else if (strcasecmp (level, "medium") == 0) + { + f_host_result_counts = f_host_warnings; + if (count_filtered) + f_warnings++; + } + else if (strcasecmp (level, "low") == 0) + { + f_host_result_counts = f_host_infos; + if (count_filtered) + f_infos++; + } + else if (strcasecmp (level, "false positive") == 0) + { + f_host_result_counts = f_host_false_positives; + if (count_filtered) + f_false_positives++; + } + else + f_host_result_counts = NULL; - if (f_host_result_counts) - { - const char *result_host = result_iterator_host (&results); - int result_count - = GPOINTER_TO_INT - (g_hash_table_lookup (f_host_result_counts, - result_host)); - - g_hash_table_replace (f_host_result_counts, - g_strdup (result_host), - GINT_TO_POINTER (result_count + 1)); - } - } + if (f_host_result_counts) + { + const char *result_host = result_iterator_host (&results); + int result_count + = GPOINTER_TO_INT + (g_hash_table_lookup (f_host_result_counts, result_host)); + + g_hash_table_replace (f_host_result_counts, + g_strdup (result_host), + GINT_TO_POINTER (result_count + 1)); + } + } } PRINT (out, ""); @@ -30879,131 +30838,131 @@ print_report_xml_start (report_t report, report_t delta, task_t task, /* Print result counts and severity. */ - if (strcmp (tsk_usage_type, "audit")) - { - if (delta) - /** @todo The f_holes, etc. vars are setup to give the page count. */ - PRINT (out, - "" - "%i" - "%i" - "%i" - "%i" - "%i" - "" - "%i" - "" - "", - orig_filtered_result_count, - (strchr (levels, 'h') ? orig_f_holes : 0), - (strchr (levels, 'l') ? orig_f_infos : 0), - (strchr (levels, 'g') ? orig_f_logs : 0), - (strchr (levels, 'm') ? orig_f_warnings : 0), - (strchr (levels, 'f') ? orig_f_false_positives : 0)); - else - { - if (count_filtered) - filtered_result_count = f_holes + f_infos + f_logs - + f_warnings + false_positives; - + #if COMPLIANCE_REPORTS == 1 + if (strcmp (tsk_usage_type, "audit") == 0) + { + if (delta) PRINT (out, - "" - "%i" - "%i" + "" "%i" - "%i%i" - "%i%i" - "%i%i" - "%i%i" - "" + "%i" + "%i" + "%i" + "%i" + "", + f_compliance_count, + (strchr (compliance_levels, 'y') ? f_compliance_yes : 0), + (strchr (compliance_levels, 'n') ? f_compliance_no : 0), + (strchr (compliance_levels, 'i') ? f_compliance_incomplete : 0), + (strchr (compliance_levels, 'u') ? f_compliance_undefined : 0)); + else + { + if (count_filtered) + f_compliance_count = f_compliance_yes + + f_compliance_no + + f_compliance_incomplete + + f_compliance_undefined; + PRINT (out, + "" + "%i" "%i" "%i" - "" - "", - total_result_count, - total_result_count, - filtered_result_count, - holes, - (strchr (levels, 'h') ? f_holes : 0), - infos, - (strchr (levels, 'l') ? f_infos : 0), - logs, - (strchr (levels, 'g') ? f_logs : 0), - warnings, - (strchr (levels, 'm') ? f_warnings : 0), - false_positives, - (strchr (levels, 'f') ? f_false_positives : 0)); + "%i%i" + "%i%i" + "%i%i" + "%i%i" + "", + total_compliance_count, + total_compliance_count, + f_compliance_count, + compliance_yes, + (strchr (compliance_levels, 'y') ? f_compliance_yes : 0), + compliance_no, + (strchr (compliance_levels, 'n') ? f_compliance_no : 0), + compliance_incomplete, + (strchr (compliance_levels, 'i') ? f_compliance_incomplete : 0), + compliance_undefined, + (strchr (compliance_levels, 'i') ? f_compliance_undefined : 0)); + + PRINT (out, + "" + "%s" + "%s" + "", + report_compliance_from_counts (&compliance_yes, + &compliance_no, + &compliance_incomplete, + &compliance_undefined), + report_compliance_from_counts (&f_compliance_yes, + &f_compliance_no, + &f_compliance_incomplete, + &f_compliance_undefined)); + } + } else + #endif + { + if (delta) + /** @todo The f_holes, etc. vars are setup to give the page count. */ + PRINT (out, + "" + "%i" + "%i" + "%i" + "%i" + "%i" + "" + "%i" + "" + "", + orig_filtered_result_count, + (strchr (levels, 'h') ? orig_f_holes : 0), + (strchr (levels, 'l') ? orig_f_infos : 0), + (strchr (levels, 'g') ? orig_f_logs : 0), + (strchr (levels, 'm') ? orig_f_warnings : 0), + (strchr (levels, 'f') ? orig_f_false_positives : 0)); + else + { + if (count_filtered) + filtered_result_count = f_holes + f_infos + f_logs + + f_warnings + false_positives; - PRINT (out, - "" - "%1.1f" - "%1.1f" - "", - severity, - f_severity); - } - } - else - { - if (delta) PRINT (out, - "" - "%i" - "%i" - "%i" - "%i" - "%i" - "", - f_compliance_count, - (strchr (compliance_levels, 'y') ? f_compliance_yes : 0), - (strchr (compliance_levels, 'n') ? f_compliance_no : 0), - (strchr (compliance_levels, 'i') ? f_compliance_incomplete : 0), - (strchr (compliance_levels, 'u') ? f_compliance_undefined : 0)); - else - { - if (count_filtered) - f_compliance_count = f_compliance_yes - + f_compliance_no - + f_compliance_incomplete - + f_compliance_undefined; - PRINT (out, - "" + "" "%i" "%i" "%i" - "%i%i" - "%i%i" - "%i%i" - "%i%i" - "", - total_compliance_count, - total_compliance_count, - f_compliance_count, - compliance_yes, - (strchr (compliance_levels, 'y') ? f_compliance_yes : 0), - compliance_no, - (strchr (compliance_levels, 'n') ? f_compliance_no : 0), - compliance_incomplete, - (strchr (compliance_levels, 'i') ? f_compliance_incomplete : 0), - compliance_undefined, - (strchr (compliance_levels, 'i') ? f_compliance_undefined : 0)); - - PRINT (out, - "" - "%s" - "%s" - "", - report_compliance_from_counts (&compliance_yes, - &compliance_no, - &compliance_incomplete, - &compliance_undefined), - report_compliance_from_counts (&f_compliance_yes, - &f_compliance_no, - &f_compliance_incomplete, - &f_compliance_undefined)); - } - } + "%i%i" + "%i%i" + "%i%i" + "%i%i" + "" + "%i" + "%i" + "" + "", + total_result_count, + total_result_count, + filtered_result_count, + holes, + (strchr (levels, 'h') ? f_holes : 0), + infos, + (strchr (levels, 'l') ? f_infos : 0), + logs, + (strchr (levels, 'g') ? f_logs : 0), + warnings, + (strchr (levels, 'm') ? f_warnings : 0), + false_positives, + (strchr (levels, 'f') ? f_false_positives : 0)); + PRINT (out, + "" + "%1.1f" + "%1.1f" + "", + severity, + f_severity); + } + } if (host_summary) { @@ -31034,45 +30993,25 @@ print_report_xml_start (report_t report, report_t delta, task_t task, } if (present) { - - if (print_report_host_xml (out, - &hosts, - result_host, - tsk_usage_type, - lean, - host_summary_buffer, - f_host_ports, - f_host_holes, - f_host_warnings, - f_host_infos, - f_host_logs, - f_host_false_positives, - f_host_compliant, - f_host_notcompliant, - f_host_incomplete, - f_host_undefined)) - { - tz_revert (zone, tz, old_tz_override); - if (host_summary_buffer) - g_string_free (host_summary_buffer, TRUE); - g_hash_table_destroy (f_host_ports); - if (strcmp (tsk_usage_type, "audit")) - { - g_hash_table_destroy (f_host_holes); - g_hash_table_destroy (f_host_warnings); - g_hash_table_destroy (f_host_infos); - g_hash_table_destroy (f_host_logs); - g_hash_table_destroy (f_host_false_positives); + if (print_report_host_xml (out, + &hosts, + result_host, + tsk_usage_type, + lean, + host_summary_buffer, + f_host_ports, + f_host_holes, + f_host_warnings, + f_host_infos, + f_host_logs, + f_host_false_positives, + f_host_compliant, + f_host_notcompliant, + f_host_incomplete, + f_host_undefined)) - } - else - { - g_hash_table_destroy (f_host_compliant); - g_hash_table_destroy (f_host_notcompliant); - g_hash_table_destroy (f_host_incomplete); - g_hash_table_destroy (f_host_undefined); - } - return -1; + { + goto failed_print_report_host; } } cleanup_iterator (&hosts); @@ -31084,67 +31023,43 @@ print_report_xml_start (report_t report, report_t delta, task_t task, init_report_host_iterator (&hosts, report, NULL, 0); while (next (&hosts)) { - if (print_report_host_xml (out, - &hosts, - NULL, - tsk_usage_type, - lean, - host_summary_buffer, - f_host_ports, - f_host_holes, - f_host_warnings, - f_host_infos, - f_host_logs, - f_host_false_positives, - f_host_compliant, - f_host_notcompliant, - f_host_incomplete, - f_host_undefined)) - { - tz_revert (zone, tz, old_tz_override); - if (host_summary_buffer) - g_string_free (host_summary_buffer, TRUE); - g_hash_table_destroy (f_host_ports); - if (strcmp (tsk_usage_type, "audit")) - { - g_hash_table_destroy (f_host_holes); - g_hash_table_destroy (f_host_warnings); - g_hash_table_destroy (f_host_infos); - g_hash_table_destroy (f_host_logs); - g_hash_table_destroy (f_host_false_positives); - - } - else - { - g_hash_table_destroy (f_host_compliant); - g_hash_table_destroy (f_host_notcompliant); - g_hash_table_destroy (f_host_incomplete); - g_hash_table_destroy (f_host_undefined); - } - return -1; - } + &hosts, + NULL, + tsk_usage_type, + lean, + host_summary_buffer, + f_host_ports, + f_host_holes, + f_host_warnings, + f_host_infos, + f_host_logs, + f_host_false_positives, + f_host_compliant, + f_host_notcompliant, + f_host_incomplete, + f_host_undefined)) + goto failed_print_report_host; } cleanup_iterator (&hosts); } - - if (strcmp (tsk_usage_type, "audit")) - { - g_hash_table_destroy (f_host_holes); - g_hash_table_destroy (f_host_warnings); - g_hash_table_destroy (f_host_infos); - g_hash_table_destroy (f_host_logs); - g_hash_table_destroy (f_host_false_positives); - - } - else - { - g_hash_table_destroy (f_host_compliant); - g_hash_table_destroy (f_host_notcompliant); - g_hash_table_destroy (f_host_incomplete); - g_hash_table_destroy (f_host_undefined); - } - g_hash_table_destroy (f_host_ports); + #if COMPLIANCE_REPORTS == 1 + if (strcmp (tsk_usage_type, "audit") == 0) + { + g_hash_table_destroy (f_host_compliant); + g_hash_table_destroy (f_host_notcompliant); + g_hash_table_destroy (f_host_incomplete); + g_hash_table_destroy (f_host_undefined); + } else + #endif + { + g_hash_table_destroy (f_host_holes); + g_hash_table_destroy (f_host_warnings); + g_hash_table_destroy (f_host_infos); + g_hash_table_destroy (f_host_logs); + g_hash_table_destroy (f_host_false_positives); + } + g_hash_table_destroy (f_host_ports); /* Print TLS certificates */ @@ -31239,6 +31154,39 @@ print_report_xml_start (report_t report, report_t delta, task_t task, } return 0; + + failed_delta_report: + fclose (out); + g_free (sort_field); + g_free (levels); + g_free (search_phrase); + g_free (min_qod); + g_free (delta_states); + cleanup_iterator (&results); + cleanup_iterator (&delta_results); + failed_print_report_host: + if (host_summary_buffer) + g_string_free (host_summary_buffer, TRUE); + tz_revert (zone, tz, old_tz_override); + g_hash_table_destroy (f_host_ports); + #if COMPLIANCE_REPORTS == 1 + g_free (compliance_levels); + if (strcmp (tsk_usage_type, "audit") == 0) + { + g_hash_table_destroy (f_host_compliant); + g_hash_table_destroy (f_host_notcompliant); + g_hash_table_destroy (f_host_incomplete); + g_hash_table_destroy (f_host_undefined); + } else + #endif + { + g_hash_table_destroy (f_host_holes); + g_hash_table_destroy (f_host_warnings); + g_hash_table_destroy (f_host_infos); + g_hash_table_destroy (f_host_logs); + g_hash_table_destroy (f_host_false_positives); + } + return -1; } /** @@ -53545,8 +53493,10 @@ modify_setting (const gchar *uuid, const gchar *name, setting_name = g_strdup ("Alerts Filter"); else if (strcmp (uuid, "0f040d06-abf9-43a2-8f94-9de178b0e978") == 0) setting_name = g_strdup ("Assets Filter"); - else if (strcmp (uuid, "45414da7-55f0-44c1-abbb-6b7d1126fbdf") == 0) - setting_name = g_strdup ("Audit Reports Filter"); + #if COMPLIANCE_REPORTS == 1 + else if (strcmp (uuid, "45414da7-55f0-44c1-abbb-6b7d1126fbdf") == 0) + setting_name = g_strdup ("Audit Reports Filter"); + #endif else if (strcmp (uuid, "1a9fbd91-0182-44cd-bc88-a13a9b3b1bef") == 0) setting_name = g_strdup ("Configs Filter"); else if (strcmp (uuid, "186a5ac8-fe5a-4fb1-aa22-44031fb339f3") == 0) @@ -53670,9 +53620,10 @@ modify_setting (const gchar *uuid, const gchar *name, setting_name = g_strdup ("Reports Top Dashboard Configuration"); /* Audit Reports dashboard settings */ - else if (strcmp (uuid, "8083d77b-05bb-4b17-ab39-c81175cb512c") == 0) - setting_name = g_strdup ("Audit Reports Top Dashboard Configuration"); - + #if COMPLIANCE_REPORTS == 1 + else if (strcmp (uuid, "8083d77b-05bb-4b17-ab39-c81175cb512c") == 0) + setting_name = g_strdup ("Audit Reports Top Dashboard Configuration"); + #endif /* Results dashboard settings */ else if (strcmp (uuid, "0b8ae70d-d8fc-4418-8a72-e65ac8d2828e") == 0) setting_name = g_strdup ("Results Top Dashboard Configuration"); diff --git a/src/schema_formats/XML/GMP.xml.in b/src/schema_formats/XML/GMP.xml.in index 96be5f2a4..31d24711a 100644 --- a/src/schema_formats/XML/GMP.xml.in +++ b/src/schema_formats/XML/GMP.xml.in @@ -68,13 +68,15 @@ along with this program. If not, see . xsd:token { pattern = "y?n?i?u?" } + @IF_COMPLIANCE_REPORTS@ compliance_status A compliance status xsd:token { pattern = "yes|no|incomplete|undefined" } - + + @ENDIF_COMPLIANCE_REPORTS@ ctime A date and time, in the C `ctime' format @@ -2214,10 +2216,16 @@ along with this program. If not, see . permissions user_tags scan_run_status - result_count + @IF_COMPLIANCE_REPORTS@ + + @ENDIF_COMPLIANCE_REPORTS@ + result_count + severity + @IF_COMPLIANCE_REPORTS@ + compliance_count - severity compliance + @ENDIF_COMPLIANCE_REPORTS@ task ports results @@ -2544,7 +2552,7 @@ along with this program. If not, see . result_count - Counts of results produced by scan. Only for reports of a scan task + Counts of results produced by scan

The text contains the full count -- the total number of results @@ -2651,12 +2659,13 @@ along with this program. If not, see . + @IF_COMPLIANCE_REPORTS@ compliance_count

Counts of compliance results. Only for reports of an audit task.

- The text contains the full count -- the total number of compliance results. + The text contains the full count. The total number of compliance results.

@@ -2758,7 +2767,8 @@ along with this program. If not, see . integer - + + @ENDIF_COMPLIANCE_REPORTS@ severity @@ -2776,6 +2786,7 @@ along with this program. If not, see . Maximum severity of the report after filtering + @IF_COMPLIANCE_REPORTS@ compliance @@ -2792,7 +2803,8 @@ along with this program. If not, see . compliance_status Compliance of the report after filtering ("yes", "no", "incomplete" or "undefined") - + + @ENDIF_COMPLIANCE_REPORTS@ task @@ -3054,9 +3066,15 @@ along with this program. If not, see . start end port_count - result_count + @IF_COMPLIANCE_REPORTS@ + + @ENDIF_COMPLIANCE_REPORTS@ + result_count + @IF_COMPLIANCE_REPORTS@ + compliance_count host_compliance + @ENDIF_COMPLIANCE_REPORTS@ detail @@ -3099,7 +3117,7 @@ along with this program. If not, see . result_count - Only for scan reports + page hole @@ -3174,6 +3192,7 @@ along with this program. If not, see . + @IF_COMPLIANCE_REPORTS@ compliance_count Only for audit reports @@ -3242,7 +3261,8 @@ along with this program. If not, see . host_compliance Only for audit reports. Host compliance compliance_status - + + @ENDIF_COMPLIANCE_REPORTS@ detail A detail associated with the host @@ -18125,11 +18145,13 @@ END:VCALENDAR integer Minimum QoD of the results + @IF_COMPLIANCE_REPORTS@ + + @ENDIF_COMPLIANCE_REPORTS@ tag text @@ -18275,6 +18297,7 @@ END:VCALENDAR iso_time Scan end time + @IF_COMPLIANCE_REPORTS@ compliance_yes integer @@ -18294,7 +18317,8 @@ END:VCALENDAR compliant compliance_status Compliance state of the report. Can be yes, no, incomplete or undefined - + + @ENDIF_COMPLIANCE_REPORTS@ @@ -18364,6 +18388,7 @@ END:VCALENDAR boolean + @IF_COMPLIANCE_REPORTS@ usage_type Optional usage type to limit the reports to. Affects total count unlike filter @@ -18374,7 +18399,8 @@ END:VCALENDAR - + + @ENDIF_COMPLIANCE_REPORTS@ @@ -23153,9 +23179,15 @@ END:VCALENDAR timestamp scan_end - result_count - severity + @IF_COMPLIANCE_REPORTS@ + + @ENDIF_COMPLIANCE_REPORTS@ + result_count + severity + @IF_COMPLIANCE_REPORTS@ + compliance_count + @ENDIF_COMPLIANCE_REPORTS@ timestamp @@ -23167,7 +23199,7 @@ END:VCALENDAR result_count - Result counts for this report. Only for scan tasks + Result counts for this report false_positive log @@ -23199,8 +23231,9 @@ END:VCALENDAR severity severity - Maximum severity of the report. Only for scan tasks + Maximum severity of the report + @IF_COMPLIANCE_REPORTS@ compliance_count Complaince counts. Only for audit tasks @@ -23226,7 +23259,8 @@ END:VCALENDAR undefined integer - + + @ENDIF_COMPLIANCE_REPORTS@ From 002fe4206e7f5fa7732d7a4be15261affbec61c7 Mon Sep 17 00:00:00 2001 From: Ahmed Abdelsalam Date: Fri, 23 Aug 2024 13:52:12 +0200 Subject: [PATCH 28/45] Fix missing feature toggle check on add & remove tag resources --- src/manage_sql.c | 52 ++++++++++++++++++++++++++---------------------- 1 file changed, 28 insertions(+), 24 deletions(-) diff --git a/src/manage_sql.c b/src/manage_sql.c index 83e3ddc6b..b5829f009 100644 --- a/src/manage_sql.c +++ b/src/manage_sql.c @@ -57366,17 +57366,7 @@ tag_add_resources_filter (tag_t tag, const char *type, const char *filter) } else { - if (strcasecmp (type, "audit_report") == 0) - { - type = g_strdup ("report"); - resources_get.type = g_strdup (type); - get_data_set_extra (&resources_get, "usage_type", g_strdup ("audit")); - } - else if (strcasecmp (type, "report") == 0) - { - get_data_set_extra (&resources_get, "usage_type", g_strdup ("scan")); - } - else if (strcasecmp (type, "task") == 0) + if (strcasecmp (type, "task") == 0) { get_data_set_extra (&resources_get, "usage_type", g_strdup ("scan")); } @@ -57396,6 +57386,18 @@ tag_add_resources_filter (tag_t tag, const char *type, const char *filter) { get_data_set_extra (&resources_get, "usage_type", g_strdup ("scan")); } + #if COMPLIANCE_REPORTS == 1 + else if (strcasecmp (type, "audit_report") == 0) + { + type = g_strdup ("report"); + resources_get.type = g_strdup (type); + get_data_set_extra (&resources_get, "usage_type", g_strdup ("audit")); + } + else if (strcasecmp (type, "report") == 0) + { + get_data_set_extra (&resources_get, "usage_type", g_strdup ("scan")); + } + #endif gchar *columns; @@ -57547,19 +57549,7 @@ tag_remove_resources_filter (tag_t tag, const char *type, const char *filter) } else { - if (strcasecmp (type, "audit_report") == 0) - { - type = g_strdup ("report"); - resources_get.type = g_strdup (type); - get_data_set_extra (&resources_get, - "usage_type", - g_strdup ("audit")); - } - else if (strcasecmp (type, "report") == 0) - { - get_data_set_extra (&resources_get, "usage_type", g_strdup ("scan")); - } - else if (strcasecmp (type, "task") == 0) + if (strcasecmp (type, "task") == 0) { get_data_set_extra (&resources_get, "usage_type", g_strdup ("scan")); } @@ -57579,6 +57569,20 @@ tag_remove_resources_filter (tag_t tag, const char *type, const char *filter) { get_data_set_extra (&resources_get, "usage_type", g_strdup ("scan")); } + #if COMPLIANCE_REPORTS == 1 + else if (strcasecmp (type, "audit_report") == 0) + { + type = g_strdup ("report"); + resources_get.type = g_strdup (type); + get_data_set_extra (&resources_get, + "usage_type", + g_strdup ("audit")); + } + else if (strcasecmp (type, "report") == 0) + { + get_data_set_extra (&resources_get, "usage_type", g_strdup ("scan")); + } + #endif gchar *columns; From 809d69f63c591ae7d0015e5653e50b28dbe726c1 Mon Sep 17 00:00:00 2001 From: Timo Pollmeier Date: Tue, 27 Aug 2024 12:00:25 +0200 Subject: [PATCH 29/45] Fix: Update alive_test pattern in GMP doc The RNC pattern of the alive_test type in the GMP documentation is updated to match what is currently accepted by gvmd. --- src/schema_formats/XML/GMP.xml.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/schema_formats/XML/GMP.xml.in b/src/schema_formats/XML/GMP.xml.in index 31d24711a..172b845c5 100644 --- a/src/schema_formats/XML/GMP.xml.in +++ b/src/schema_formats/XML/GMP.xml.in @@ -31,7 +31,7 @@ along with this program. If not, see . alive_test An alive test - xsd:token { pattern = "ICMP, TCP Service & ARP Ping|TCP Service & ARP Ping|ICMP & ARP Ping|ICMP & TCP Service Ping|ARP Ping|TCP Service Ping|ICMP Ping|Scan Config Default" } + xsd:token { pattern = "ICMP, TCP-ACK Service & ARP Ping|TCP-ACK Service & ARP Ping|ICMP & ARP Ping|ICMP & TCP-ACK Service Ping|ARP Ping|TCP-ACK Service Ping|TCP-SYN Service Ping|ICMP Ping|Consider Alive|Scan Config Default" } From 76c28df129d9374ce733fb45588ea6b7b46876b8 Mon Sep 17 00:00:00 2001 From: Timo Pollmeier Date: Thu, 25 Jul 2024 15:28:01 +0200 Subject: [PATCH 30/45] Add: New option --max-concurrent-scan-updates The new startup option --max-concurrent-scan-updates is added which allows limiting the number of scan updates which can run at the same time. This can be used to limit the peak memory and CPU usage when running multiple scans at the same time. --- doc/gvmd.8 | 3 + doc/gvmd.8.xml | 9 ++ doc/gvmd.html | 9 ++ src/gvmd.c | 12 +++ src/manage.c | 264 ++++++++++++++++++++++++++++++++++++++++++++++++- src/manage.h | 19 ++++ 6 files changed, 315 insertions(+), 1 deletion(-) diff --git a/doc/gvmd.8 b/doc/gvmd.8 index 7179be5d4..1460e997e 100644 --- a/doc/gvmd.8 +++ b/doc/gvmd.8 @@ -109,6 +109,9 @@ File mode of the unix socket \fB--listen-owner=\fISTRING\fB\f1 Owner of the unix socket .TP +\fB--max-concurrent-scan-updates=\fINUMBER\fB\f1 +Maximum number of scan updates that can run at the same time. Default: 0 (unlimited). +.TP \fB--max-email-attachment-size=\fINUMBER\fB\f1 Maximum size of alert email attachments, in bytes. .TP diff --git a/doc/gvmd.8.xml b/doc/gvmd.8.xml index 8e4bca59a..49bed2b70 100644 --- a/doc/gvmd.8.xml +++ b/doc/gvmd.8.xml @@ -262,6 +262,15 @@ along with this program. If not, see .

Owner of the unix socket

+ in_use - Whether any tasks are using the filter + Whether any alerts are using the filter boolean