OpenVAS Scanner 23.23.1
table_driven_lsc.c File Reference
#include "table_driven_lsc.h"
#include "base/networking.h"
#include "kb_cache.h"
#include "plugutils.h"
#include <ctype.h>
#include <curl/curl.h>
#include <gnutls/gnutls.h>
#include <gvm/base/prefs.h>
#include <gvm/util/mqtt.h>
#include <gvm/util/uuidutils.h>
#include <json-glib/json-glib.h>
#include <stddef.h>

Go to the source code of this file.

Data Structures

struct  notus_info
 Struct to hold necessary information to call and run notus. More...
struct  fixed_version
 Fixed version. More...
struct  version_range
 Specify a version range. More...
struct  vulnerable_pkg
 Define a vulnerable package. More...
struct  advisory
struct  advisories
struct  string
 Define a string struct for storing the response. More...

Macros

#define G_LOG_DOMAIN   "lib misc"
 GLib logging domain.
#define RSNOTUS

Typedefs

typedef struct notus_infonotus_info_t
typedef struct fixed_version fixed_version_t
typedef struct version_range version_range_t
typedef struct vulnerable_pkg vuln_pkg_t
typedef struct advisory advisory_t
typedef struct advisories advisories_t

Enumerations

enum  fixed_type { UNKNOWN , RANGE , SINGLE }
 Fixed version format. More...

Functions

void set_lsc_flag (void)
 Set lsc_flag to 1.
int lsc_has_run (void)
 Get lsc_flag value.
static JsonBuilder * add_packages_str_to_list (JsonBuilder *builder, const gchar *packages)
 Split the package list string and creates a json array.
static gchar * make_table_driven_lsc_info_json_str (const char *scan_id, const char *ip_str, const char *hostname, const char *os_release, const char *package_list)
 Build a json object with data necessary to start a table drive LSC.
static gchar * get_status_of_table_driven_lsc_from_json (const char *scan_id, const char *host_ip, const char *json, int len)
 Get the status of table driven lsc from json object.
static notus_info_t init_notus_info (const char *server)
 Initialize a notus info struct and stores the server URL.
static void free_notus_info (notus_info_t notusdata)
 Free notus info structure.
static char * help_tolower (char *s)
 helper function to lower case
static gchar * make_package_list_as_json_str (const char *packages)
 Build a json array from the package list to start a table drive LSC.
static int parse_server (notus_info_t *notusdata)
 Parse the server URL.
static advisories_tadvisories_new ()
 Initialize a new adivisories struct with 100 slots.
static void advisories_add (advisories_t *advisories_list, advisory_t *advisory)
 Initialize a new adivisories struct with 100 slots.
static advisory_tadvisory_new (char *oid)
 Initialize a new adivisory.
static void advisory_add_vuln_pkg (advisory_t *adv, vuln_pkg_t *vuln)
 Add a new vulnerability to the advisory.
static void advisory_free (advisory_t *advisory)
 Free()'s an advisory.
static void advisories_free (advisories_t *advisories)
 Free()'s an advisories.
static vuln_pkg_tvulnerable_pkg_new (const char *pkg_name, const char *install_version, enum fixed_type type, char *item1, char *item2)
 Creates a new Vulnerable packages which belongs to an advisory.
static advisories_tprocess_notus_response (const gchar *resp, const size_t len)
 Process a json object which contains advisories and vulnerable packages.
static void init_string (struct string *s)
 Initialize the string struct to hold the response.
static size_t response_callback_fn (void *ptr, size_t size, size_t nmemb, void *struct_string)
 Call back function to stored the response.
static long send_request (notus_info_t notusdata, const char *os, const char *pkg_list, char **response)
 Send a request to the server.
static char * notus_get_response (const char *pkg_list, const char *os)
 Sent the installed package list and OS to notus.
static int call_rs_notus (const char *ip_str, const char *hostname, const char *pkg_list, const char *os)
 Call notus and stores the results.
int run_table_driven_lsc (const char *scan_id, const char *ip_str, const char *hostname, const char *package_list, const char *os_release)
 Publish the necessary data to start a Table driven LSC scan.

Variables

static int lsc_flag = 0
 LSC ran or didn't 0 didn't run. 1 ran.

Macro Definition Documentation

◆ G_LOG_DOMAIN

#define G_LOG_DOMAIN   "lib misc"

GLib logging domain.

◆ RSNOTUS

#define RSNOTUS

Typedef Documentation

◆ advisories_t

typedef struct advisories advisories_t

◆ advisory_t

typedef struct advisory advisory_t

◆ fixed_version_t

◆ notus_info_t

typedef struct notus_info* notus_info_t

◆ version_range_t

◆ vuln_pkg_t

typedef struct vulnerable_pkg vuln_pkg_t

Enumeration Type Documentation

◆ fixed_type

enum fixed_type

Fixed version format.

Enumerator
UNKNOWN 
RANGE 
SINGLE 

Function Documentation

◆ add_packages_str_to_list()

JsonBuilder * add_packages_str_to_list ( JsonBuilder * builder,
const gchar * packages )
static

Split the package list string and creates a json array.

JSON result consists of scan_id, message type, host ip, hostname, port together with proto, OID, result message and uri.

Parameters
[in/out]builder The Json builder to add the array to.
[in]packagesThe installed package list as string
Returns
JSON builder including the package list as array.

◆ advisories_add()

void advisories_add ( advisories_t * advisories_list,
advisory_t * advisory )
static

Initialize a new adivisories struct with 100 slots.

Parameters
advisories_list[in/out]An advisories holder to add new advisories into.
advisory[in]the new advisory to add in the list

◆ advisories_free()

void advisories_free ( advisories_t * advisories)
static

Free()'s an advisories.

Parameters
advisoryThe adviosories holder to be free()'ed. It free()'s all advisories members.

◆ advisories_new()

advisories_t * advisories_new ( )
static

Initialize a new adivisories struct with 100 slots.

Returns
initialized advisories_t struct. It must be free by the caller with advisories_free()

◆ advisory_add_vuln_pkg()

void advisory_add_vuln_pkg ( advisory_t * adv,
vuln_pkg_t * vuln )
static

Add a new vulnerability to the advisory.

@description Each advisory can have multiple vulnerable packages This structure can hold up to 100 packages.

Parameters
adv[in/out]The advisory to add the vulnerable package into
vuln[in]The vulnerable package to add.

◆ advisory_free()

void advisory_free ( advisory_t * advisory)
static

Free()'s an advisory.

Parameters
advisoryThe adviosory to be free()'ed. It free()'s all vulnerable packages that belong to this advisory.

◆ advisory_new()

advisory_t * advisory_new ( char * oid)
static

Initialize a new adivisory.

Parameters
oidThe advisory's OID
Returns
initialized advisory_t struct

◆ call_rs_notus()

int call_rs_notus ( const char * ip_str,
const char * hostname,
const char * pkg_list,
const char * os )
static

Call notus and stores the results.

Parameters
ip_strTarget's IP address.
hostnameTarger's hostname.
pkg_listList of packages installed in the target. The packages are "\n" separated.
osName of the target's operative sistem.
Returns
Count of stored results. -1 on error.

◆ free_notus_info()

void free_notus_info ( notus_info_t notusdata)
static

Free notus info structure.

Parameters
notusdataThe data to free()

◆ get_status_of_table_driven_lsc_from_json()

gchar * get_status_of_table_driven_lsc_from_json ( const char * scan_id,
const char * host_ip,
const char * json,
int len )
static

Get the status of table driven lsc from json object.

Checks for the corresponding status inside the JSON. If the status does not belong the the scan or host, NULL is returned instead. NULL is also returned if message JSON cannot be parsed correctly. Return value has to be freed by caller.

Parameters
scan_idid of scan
host_ipip of host
jsonjson to get information from
lenlength of json
Returns
gchar* Status of table driven lsc or NULL

◆ help_tolower()

char * help_tolower ( char * s)
static

helper function to lower case

Parameters
sthe string to lower case
Returns
pointer to the modified string.

◆ init_notus_info()

notus_info_t init_notus_info ( const char * server)
static

Initialize a notus info struct and stores the server URL.

Parameters
serverOriginal server to store and to get the info from
Returns
the initialized struct. NULL on error.

◆ init_string()

void init_string ( struct string * s)
static

Initialize the string struct to hold the response.

Parameters
s[in/out]The string struct to be initialized

◆ lsc_has_run()

int lsc_has_run ( void )

Get lsc_flag value.

◆ make_package_list_as_json_str()

gchar * make_package_list_as_json_str ( const char * packages)
static

Build a json array from the package list to start a table drive LSC.

Parameters
packagesThe installed package list in the target system to be evaluated
Returns
String in json format on success. Must be freed by caller. NULL on error.

◆ make_table_driven_lsc_info_json_str()

gchar * make_table_driven_lsc_info_json_str ( const char * scan_id,
const char * ip_str,
const char * hostname,
const char * os_release,
const char * package_list )
static

Build a json object with data necessary to start a table drive LSC.

JSON result consists of scan_id, message type, host ip, hostname, port together with proto, OID, result message and uri.

Parameters
scan_idScan Id.
ip_strIP string of host.
hostnameName of host.
os_releaseOS release
package_listThe installed package list in the target system to be evaluated
Returns
JSON string on success. Must be freed by caller. NULL on error.

◆ notus_get_response()

char * notus_get_response ( const char * pkg_list,
const char * os )
static

Sent the installed package list and OS to notus.

Parameters
pkg_listInstalled package list
osThe target's OS
Returns
String containing the server response or NULL Must be free()'ed by the caller.

◆ parse_server()

int parse_server ( notus_info_t * notusdata)
static

Parse the server URL.

Parameters
[in]serverString containing the server URL Valid is http://example.com:1234 or https://example.com.1234. @notusdata[out] Structure to store information from the URL
Returns
0 on success, -1 on error.

◆ process_notus_response()

advisories_t * process_notus_response ( const gchar * resp,
const size_t len )
static

Process a json object which contains advisories and vulnerable packages.

@description This is the body string in response get from an openvasd server

Parameters
respString containing the json object to be processed.
lenString lenght.
Returns
a advisories_t struct containing all advisories and vulnerable packages. After usage must be free()'ed with advisories_free().

◆ response_callback_fn()

size_t response_callback_fn ( void * ptr,
size_t size,
size_t nmemb,
void * struct_string )
static

Call back function to stored the response.

@description The function signature is the necessary to work with libcurl. It stores the response in s. It reallocate memory if necessary.

◆ run_table_driven_lsc()

int run_table_driven_lsc ( const char * scan_id,
const char * ip_str,
const char * hostname,
const char * package_list,
const char * os_release )

Publish the necessary data to start a Table driven LSC scan.

If the gather-package-list.nasl plugin was launched, and it generated a valid package list for a supported OS, the table driven LSC scan which is subscribed to the topic will perform a scan an publish the the results to be handle by the sensor/client.

Parameters
scan_idScan Id.
kb
ip_strIP string of host.
hostnameName of host.
Returns
0 on success, less than 0 on error.

◆ send_request()

long send_request ( notus_info_t notusdata,
const char * os,
const char * pkg_list,
char ** response )
static

Send a request to the server.

Parameters
[in]notusdataStructure containing information necessary for the request
[in]osTarget's operative system. Necessary for the URL path part.
[in]pkg_listThe package list installed in the target, to be checked
[out]responseThe string containing the results in json format.
Returns
the http code or -1 on error

◆ set_lsc_flag()

void set_lsc_flag ( void )

Set lsc_flag to 1.

◆ vulnerable_pkg_new()

vuln_pkg_t * vulnerable_pkg_new ( const char * pkg_name,
const char * install_version,
enum fixed_type type,
char * item1,
char * item2 )
static

Creates a new Vulnerable packages which belongs to an advisory.

Parameters
pkg_name
install_version
typeData type specifying how the fixed version is stored. Can be RANGE or SINGLE
item1Depending on the type is the "version" for SINGLE type, or the "less than" for RANGE type
item2Depending on the type is the "specifer" for SINGLE type, or the "greather than" for RANGE type
Returns
a vulnerable packages struct. Members are a copy of the passed parametes. They must be free separately.

Variable Documentation

◆ lsc_flag

int lsc_flag = 0
static

LSC ran or didn't 0 didn't run. 1 ran.