Skip to content

Commit

Permalink
Merge pull request #2228 from greenbone/add-epss-to-results
Browse files Browse the repository at this point in the history 
Add: EPSS scoring info in results
  • Loading branch information
@a-h-abdelsalam
a-h-abdelsalam authored Jul 2, 2024
2 parents 95b8ac9 + e21f4f3 commit b8f5561
Show file tree
Hide file tree
Showing 8 changed files with 392 additions and 9 deletions.
48 changes: 46 additions & 2 deletions src/gmp.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9108,6 +9108,42 @@ results_xml_append_cert (GString *buffer, iterator_t *results, const char *oid,
}
}

/**
* @brief Append an EPSS info element to a results XML buffer.
*
* @param[in] results Results iterator.
* @param[in] buffer XML buffer to add to.
*/
static void
results_xml_append_epss (iterator_t *results, GString *buffer)
{
buffer_xml_append_printf (buffer,
"<epss>"
"<max_severity>"
"<score>%0.5f</score>"
"<percentile>%0.5f</percentile>"
"<cve id=\"%s\">"
"<severity>%0.1f</severity>"
"</cve>"
"</max_severity>"
"<max_epss>"
"<score>%0.5f</score>"
"<percentile>%0.5f</percentile>"
"<cve id=\"%s\">"
"<severity>%0.1f</severity>"
"</cve>"
"</max_epss>"
"</epss>",
result_iterator_epss_score (results),
result_iterator_epss_percentile (results),
result_iterator_epss_cve (results),
result_iterator_epss_severity (results),
result_iterator_max_epss_score (results),
result_iterator_max_epss_percentile (results),
result_iterator_max_epss_cve (results),
result_iterator_max_epss_severity (results));
}

/**
* @brief Append an NVT element to an XML buffer.
*
Expand Down Expand Up @@ -9138,14 +9174,19 @@ results_xml_append_nvt (iterator_t *results, GString *buffer, int cert_loaded)
"<severities score=\"%s\">"
"</severities>"
"<cpe id='%s'/>"
"<cve>%s</cve>"
"</nvt>",
"<cve>%s</cve>",
oid,
oid,
severity ? severity : "",
severity ? severity : "",
result_iterator_port (results),
oid);

if (result_iterator_epss_cve (results))
results_xml_append_epss (results, buffer);

buffer_xml_append_printf (buffer, "</nvt>");

g_free (severity);
return;
}
Expand Down Expand Up @@ -9285,6 +9326,9 @@ results_xml_append_nvt (iterator_t *results, GString *buffer, int cert_loaded)
buffer_xml_append_printf (buffer, "/>");
}

if (result_iterator_epss_cve (results))
results_xml_append_epss (results, buffer);

first = 1;
xml_append_nvt_refs (buffer, result_iterator_nvt_oid (results),
&first);
Expand Down
24 changes: 24 additions & 0 deletions src/manage.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1522,6 +1522,30 @@ result_iterator_may_have_overrides (iterator_t*);
int
result_iterator_may_have_tickets (iterator_t*);

double
result_iterator_epss_score (iterator_t*);

double
result_iterator_epss_percentile (iterator_t*);

const char*
result_iterator_epss_cve (iterator_t*);

double
result_iterator_epss_severity (iterator_t*);

double
result_iterator_max_epss_score (iterator_t*);

double
result_iterator_max_epss_percentile (iterator_t*);

const char*
result_iterator_max_epss_cve (iterator_t*);

double
result_iterator_max_epss_severity (iterator_t*);

gchar **
result_iterator_cert_bunds (iterator_t*);

Expand Down
55 changes: 55 additions & 0 deletions src/manage_pg.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1806,6 +1806,59 @@ create_view_vulns ()
" WHERE uuid in (SELECT * FROM used_nvts)");
}

/**
* @brief Create or replace the result_vt_epss view.
*/
void
create_view_result_vt_epss ()
{
sql ("DROP MATERIALIZED VIEW IF EXISTS result_vt_epss;");

if (sql_int ("SELECT EXISTS (SELECT * FROM information_schema.tables"
" WHERE table_catalog = '%s'"
" AND table_schema = 'scap'"
" AND table_name = 'cves')"
" ::integer;",
sql_database ()))
sql ("CREATE MATERIALIZED VIEW result_vt_epss AS ("
" SELECT cve AS vt_id,"
" epss AS epss_score,"
" percentile AS epss_percentile,"
" cve AS epss_cve,"
" cves.severity AS epss_severity,"
" epss AS max_epss_score,"
" percentile AS max_epss_percentile,"
" cve AS max_epss_cve,"
" cves.severity AS max_epss_severity"
" FROM scap.epss_scores"
" JOIN scap.cves ON cve = cves.uuid"
" UNION ALL"
" SELECT oid AS vt_id,"
" epss_score,"
" epss_percentile,"
" epss_cve,"
" epss_severity,"
" max_epss_score,"
" max_epss_percentile,"
" max_epss_cve,"
" max_epss_severity"
" FROM nvts);");
else
sql ("CREATE MATERIALIZED VIEW result_vt_epss AS ("
" SELECT oid AS vt_id,"
" epss_score,"
" epss_percentile,"
" epss_cve,"
" max_epss_score,"
" max_epss_percentile,"
" max_epss_cve"
" FROM nvts);");

sql ("SELECT create_index ('result_vt_epss_by_vt_id',"
" 'result_vt_epss', 'vt_id');");

}



#undef VULNS_RESULTS_WHERE
Expand Down Expand Up @@ -2997,6 +3050,8 @@ create_tables ()

create_view_vulns ();

create_view_result_vt_epss ();

/* Create indexes. */

sql ("SELECT create_index ('config_preferences_by_config',"
Expand Down
159 changes: 153 additions & 6 deletions src/manage_sql.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22198,7 +22198,8 @@ where_qod (int min_qod)
"description", "task", "report", "cvss_base", "nvt_version", \
"severity", "original_severity", "vulnerability", "date", "report_id", \
"solution_type", "qod", "qod_type", "task_id", "cve", "hostname", \
"path", "compliant", NULL }
"path", "compliant", "epss_score", "epss_percentile", "max_epss_score", \
"max_epss_percentile", NULL }

// TODO Combine with RESULT_ITERATOR_COLUMNS.
/**
Expand Down Expand Up @@ -22497,6 +22498,32 @@ where_qod (int min_qod)
" 'undefined')", \
"compliant", \
KEYWORD_TYPE_STRING }, \
/* ^ 45 = 35 */ \
{ "coalesce (result_vt_epss.epss_score, 0.0)", \
"epss_score", \
KEYWORD_TYPE_DOUBLE }, \
{ "coalesce (result_vt_epss.epss_percentile, 0.0)", \
"epss_percentile", \
KEYWORD_TYPE_DOUBLE }, \
{ "result_vt_epss.epss_cve", \
"epss_cve", \
KEYWORD_TYPE_STRING }, \
{ "coalesce (result_vt_epss.epss_severity, 0.0)", \
"epss_severity", \
KEYWORD_TYPE_DOUBLE }, \
{ "coalesce (result_vt_epss.max_epss_score, 0.0)", \
"max_epss_score", \
KEYWORD_TYPE_DOUBLE }, \
/* ^ 50 = 40 */ \
{ "coalesce (result_vt_epss.max_epss_percentile, 0.0)", \
"max_epss_percentile", \
KEYWORD_TYPE_DOUBLE }, \
{ "result_vt_epss.max_epss_cve", \
"max_epss_cve", \
KEYWORD_TYPE_STRING }, \
{ "coalesce (result_vt_epss.max_epss_severity, 0.0)", \
"max_epss_severity", \
KEYWORD_TYPE_DOUBLE }, \

/**
* @brief Result iterator columns.
Expand Down Expand Up @@ -23196,7 +23223,9 @@ init_result_get_iterator (iterator_t* iterator, const get_data_t *get,
"results",
"nvts");

extra_tables = g_strdup_printf (" LEFT OUTER JOIN nvts"
extra_tables = g_strdup_printf (" LEFT OUTER JOIN result_vt_epss"
" ON results.nvt = result_vt_epss.vt_id"
" LEFT OUTER JOIN nvts"
" ON results.nvt = nvts.oid %s,"
" LATERAL %s AS lateral_new_severity",
opts_tables,
Expand Down Expand Up @@ -23300,7 +23329,9 @@ result_count (const get_data_t *get, report_t report, const char* host)
"results",
"nvts");

extra_tables = g_strdup_printf (" LEFT OUTER JOIN nvts"
extra_tables = g_strdup_printf (" LEFT OUTER JOIN result_vt_epss"
" ON results.nvt = result_vt_epss.vt_id"
" LEFT OUTER JOIN nvts"
" ON results.nvt = nvts.oid %s,"
" LATERAL %s AS lateral_new_severity",
opts_tables,
Expand Down Expand Up @@ -23765,6 +23796,118 @@ DEF_ACCESS (result_iterator_nvt_family, GET_ITERATOR_COLUMN_COUNT + 33);
*/
DEF_ACCESS (result_iterator_nvt_tag, GET_ITERATOR_COLUMN_COUNT + 34);

/**
* @brief Get EPSS score of highest severity CVE from a result iterator.
*
* @param[in] iterator Iterator.
*
* @return EPSS score of the highest severity CVE.
*/
double
result_iterator_epss_score (iterator_t* iterator)
{
if (iterator->done) return 0.0;
return iterator_double (iterator, GET_ITERATOR_COLUMN_COUNT + 36);
}

/**
* @brief Get EPSS percentile of highest severity CVE from a result iterator.
*
* @param[in] iterator Iterator.
*
* @return EPSS percentile of the highest severity CVE.
*/
double
result_iterator_epss_percentile (iterator_t* iterator)
{
if (iterator->done) return 0.0;
return iterator_double (iterator, GET_ITERATOR_COLUMN_COUNT + 37);
}

/**
* @brief Get highest severity CVE with EPSS score from a result iterator.
*
* @param[in] iterator Iterator.
*
* @return Highest severity CVE with EPSS score.
*/
const gchar *
result_iterator_epss_cve (iterator_t* iterator)
{
if (iterator->done) return NULL;
return iterator_string (iterator, GET_ITERATOR_COLUMN_COUNT + 38);
}

/**
* @brief Get the highest severity of EPSS CVEs from a result iterator.
*
* @param[in] iterator Iterator.
*
* @return Highest severity of referenced CVEs with EPSS.
*/
double
result_iterator_epss_severity (iterator_t* iterator)
{
if (iterator->done) return 0.0;
return iterator_double (iterator, GET_ITERATOR_COLUMN_COUNT + 39);
}

/**
* @brief Get maximum EPSS score of referenced CVEs from a result iterator.
*
* @param[in] iterator Iterator.
*
* @return Maximum EPSS score.
*/
double
result_iterator_max_epss_score (iterator_t* iterator)
{
if (iterator->done) return 0.0;
return iterator_double (iterator, GET_ITERATOR_COLUMN_COUNT + 40);
}

/**
* @brief Get maximum EPSS percentile of referenced CVEs from a result iterator.
*
* @param[in] iterator Iterator.
*
* @return Maximum EPSS percentile.
*/
double
result_iterator_max_epss_percentile (iterator_t* iterator)
{
if (iterator->done) return 0.0;
return iterator_double (iterator, GET_ITERATOR_COLUMN_COUNT + 41);
}

/**
* @brief Get the CVE with the maximum EPSS score from a result iterator.
*
* @param[in] iterator Iterator.
*
* @return CVE with maximum EPSS score.
*/
const gchar *
result_iterator_max_epss_cve (iterator_t* iterator)
{
if (iterator->done) return NULL;
return iterator_string (iterator, GET_ITERATOR_COLUMN_COUNT + 42);
}

/**
* @brief Get severity of CVE with maximum EPSS score from a result iterator.
*
* @param[in] iterator Iterator.
*
* @return Severity of CVE with maximum EPSS score.
*/
double
result_iterator_max_epss_severity (iterator_t* iterator)
{
if (iterator->done) return 0.0;
return iterator_double (iterator, GET_ITERATOR_COLUMN_COUNT + 43);
}

/**
* @brief Get CERT-BUNDs from a result iterator.
*
Expand All @@ -23776,7 +23919,7 @@ gchar **
result_iterator_cert_bunds (iterator_t* iterator)
{
if (iterator->done) return 0;
return iterator_array (iterator, GET_ITERATOR_COLUMN_COUNT + 36);
return iterator_array (iterator, GET_ITERATOR_COLUMN_COUNT + 44);
}

/**
Expand All @@ -23790,7 +23933,7 @@ gchar **
result_iterator_dfn_certs (iterator_t* iterator)
{
if (iterator->done) return 0;
return iterator_array (iterator, GET_ITERATOR_COLUMN_COUNT + 37);
return iterator_array (iterator, GET_ITERATOR_COLUMN_COUNT + 45);
}

/**
Expand Down Expand Up @@ -27954,6 +28097,8 @@ init_v2_delta_iterator (report_t report, iterator_t *results, report_t delta,
extra_tables = g_strdup_printf (" JOIN comparison "
" ON results.id = COALESCE (result1_id,"
" result2_id)"
" LEFT OUTER JOIN result_vt_epss"
" ON results.nvt = result_vt_epss.vt_id"
" LEFT OUTER JOIN nvts"
" ON results.nvt = nvts.oid %s,"
" LATERAL %s AS lateral_new_severity",
Expand Down Expand Up @@ -58055,7 +58200,9 @@ type_build_select (const char *type, const char *columns_str,
"results",
"nvts");

opts_table = g_strdup_printf (" LEFT OUTER JOIN nvts"
opts_table = g_strdup_printf (" LEFT OUTER JOIN result_vt_epss"
" ON results.nvt = result_vt_epss.vt_id"
" LEFT OUTER JOIN nvts"
" ON results.nvt = nvts.oid %s,"
" LATERAL %s AS lateral_new_severity",
original,
Expand Down
Loading

0 comments on commit b8f5561

Please sign in to comment.