OpenVAS Scanner 23.32.3
table_driven_lsc.h File Reference
#include <glib.h>
#include <gvm/util/kb.h>
Include dependency graph for table_driven_lsc.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Data Structures

struct  fixed_version
 Fixed version. More...
struct  version_range
 Specify a version range. More...
struct  vulnerable_pkg
 Define a vulnerable package. More...
struct  advisory
struct  advisories

Typedefs

typedef struct fixed_version fixed_version_t
typedef struct version_range version_range_t
typedef struct vulnerable_pkg vuln_pkg_t
typedef struct advisory advisory_t
typedef struct advisories advisories_t

Enumerations

enum  fixed_type { UNKNOWN , RANGE , SINGLE }
 Fixed version format. More...

Functions

void advisories_free (advisories_t *advisories)
 Free()'s an advisories.
void set_lsc_flag (void)
 Set lsc_flag to 1.
int lsc_has_run (void)
 Get lsc_flag value.
int run_table_driven_lsc (const char *, const char *, const char *, const char *, const char *)
 Publish the necessary data to start a Table driven LSC scan.
char * notus_get_response (const char *pkg_list, const char *os)
 Sent the installed package list and OS to notus.
advisories_tprocess_notus_response (const gchar *resp, const size_t len)
 Process a json object which contains advisories and vulnerable packages.

Typedef Documentation

◆ advisories_t

typedef struct advisories advisories_t

Definition at line 80 of file table_driven_lsc.h.

◆ advisory_t

typedef struct advisory advisory_t

Definition at line 70 of file table_driven_lsc.h.

◆ fixed_version_t

typedef struct fixed_version fixed_version_t

Definition at line 33 of file table_driven_lsc.h.

◆ version_range_t

typedef struct version_range version_range_t

Definition at line 42 of file table_driven_lsc.h.

◆ vuln_pkg_t

typedef struct vulnerable_pkg vuln_pkg_t

Definition at line 58 of file table_driven_lsc.h.

Enumeration Type Documentation

◆ fixed_type

enum fixed_type

Fixed version format.

Enumerator
UNKNOWN 
RANGE 
SINGLE 

Definition at line 19 of file table_driven_lsc.h.

20{
21 UNKNOWN, // Unknown
22 RANGE, // Range of version which fixed the package
23 SINGLE, // A single version with a specifier (gt or lt)
24};
SINGLE
@ SINGLE
Definition table_driven_lsc.h:23
RANGE
@ RANGE
Definition table_driven_lsc.h:22
UNKNOWN
@ UNKNOWN
Definition table_driven_lsc.h:21

Function Documentation

◆ advisories_free()

void advisories_free ( advisories_t * advisories)

Free()'s an advisories.

Parameters
advisoryThe advisories holder to be free()'ed. It free()'s all advisories members.

Definition at line 549 of file table_driven_lsc.c.

550{
551 if (advisories == NULL)
552 return;
553
554 for (size_t i = 0; i < advisories->count; i++)
555 advisory_free (advisories->advisories[i]);
556 advisories = NULL;
557}
advisories::advisories
advisory_t ** advisories
Definition table_driven_lsc.h:76
advisory_free
static void advisory_free(advisory_t *advisory)
Free()'s an advisory.
Definition table_driven_lsc.c:516

References advisories::advisories, advisory_free(), and advisories::count.

Referenced by call_rs_notus(), Ensure(), nasl_notus(), and process_notus_response().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ lsc_has_run()

int lsc_has_run ( void )

Get lsc_flag value.

Definition at line 48 of file table_driven_lsc.c.

49{
50 return lsc_flag;
51}
lsc_flag
static int lsc_flag
LSC ran or didn't 0 didn't run. 1 ran.
Definition table_driven_lsc.c:35

References lsc_flag.

Referenced by attack_host().

Here is the caller graph for this function:

◆ notus_get_response()

char * notus_get_response ( const char * pkg_list,
const char * os )

Sent the installed package list and OS to notus.

Parameters
pkg_listInstalled package list
osThe target's OS
Returns
String containing the server response or NULL Must be free()'ed by the caller.

Definition at line 918 of file table_driven_lsc.c.

919{
920 const char *server = NULL;
921 char *json_pkglist;
922 char *response = NULL;
923 notus_info_t notusdata;
924 long ret;
925
926 // Parse the server and get the port, host, schema
927 // and necessary information to build the message
928 server = prefs_get ("openvasd_server");
929 notusdata = init_notus_info (server);
930
931 if (parse_server (&notusdata) < 0)
932 {
933 free_notus_info (notusdata);
934 return NULL;
935 }
936
937 // Convert the package list string into a string containing json
938 // array of packages
939 if ((json_pkglist = make_package_list_as_json_str (pkg_list)) == NULL)
940 {
941 free_notus_info (notusdata);
942 return NULL;
943 }
944
945 ret = send_request (notusdata, os, json_pkglist, &response);
946 if (ret != 200)
947 g_warning ("%ld: Error sending request to openvasd: %s", ret, response);
948
949 free_notus_info (notusdata);
950 g_free (json_pkglist);
951
952 return response;
953}
init_notus_info
static notus_info_t init_notus_info(const char *server)
Initialize a notus info struct and stores the server URL.
Definition table_driven_lsc.c:261
free_notus_info
static void free_notus_info(notus_info_t notusdata)
Free notus info structure.
Definition table_driven_lsc.c:276
send_request
static long send_request(notus_info_t notusdata, const char *os, const char *pkg_list, char **response)
Send a request to the server.
Definition table_driven_lsc.c:823
parse_server
static int parse_server(notus_info_t *notusdata)
Parse the server URL.
Definition table_driven_lsc.c:359
make_package_list_as_json_str
static gchar * make_package_list_as_json_str(const char *packages)
Build a json array from the package list to start a table drive LSC.
Definition table_driven_lsc.c:312
notus_info_t
struct notus_info * notus_info_t
Definition table_driven_lsc.c:252

References free_notus_info(), init_notus_info(), make_package_list_as_json_str(), parse_server(), and send_request().

Referenced by call_rs_notus(), and nasl_notus().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ process_notus_response()

advisories_t * process_notus_response ( const gchar * resp,
const size_t len )

Process a json object which contains advisories and vulnerable packages.

@description This is the body string in response get from an openvasd server

Parameters
respString containing the json object to be processed.
lenString length.
Returns
a advisories_t struct containing all advisories and vulnerable packages. After usage must be free()'ed with advisories_free().

Definition at line 616 of file table_driven_lsc.c.

617{
618 JsonParser *parser = NULL;
619 JsonReader *reader = NULL;
620 GError *err = NULL;
621
622 advisories_t *advisories = advisories_new ();
623
624 parser = json_parser_new ();
625 if (!json_parser_load_from_data (parser, resp, len, &err))
626 {
627 g_message ("Error parsing");
628 }
629
630 reader = json_reader_new (json_parser_get_root (parser));
631
632 if (!json_reader_is_object (reader))
633 {
634 g_debug ("It is not an object");
635 goto cleanup_advisories;
636 }
637
638 char **members = json_reader_list_members (reader);
639
640 for (int i = 0; members[i]; i++)
641 {
642 advisory_t *advisory;
643
644 if (!json_reader_read_member (reader, members[i]))
645 {
646 g_debug ("No member oid");
647 goto cleanup_advisories;
648 }
649 if (!json_reader_is_array (reader))
650 {
651 g_debug ("Is not an array");
652 goto cleanup_advisories;
653 }
654
655 advisory = advisory_new (g_strdup (members[i]));
656
657 int count_pkgs = json_reader_count_elements (reader);
658 g_debug ("There are %d packages for advisory %s", count_pkgs, members[i]);
659 for (int j = 0; j < count_pkgs; j++)
660 {
661 vuln_pkg_t *pkg = NULL;
662 char *name = NULL;
663 char *installed_version = NULL;
664 char *start = NULL;
665 char *stop = NULL;
666 char *version = NULL;
667 char *specifier = NULL;
668 enum fixed_type type = UNKNOWN;
669
670 json_reader_read_element (reader, j);
671 if (!json_reader_is_object (reader))
672 {
673 g_warning ("%s: Package %d of advisory %s is not an object",
674 __func__, j, members[i]);
675 advisories_free (advisories);
676 goto cleanup_advisories;
677 }
678
679 json_reader_read_member (reader, "name");
680 name = g_strdup (json_reader_get_string_value (reader));
681 json_reader_end_member (reader);
682 g_debug ("name: %s", name);
683
684 json_reader_read_member (reader, "installed_version");
685 installed_version = g_strdup (json_reader_get_string_value (reader));
686 json_reader_end_member (reader);
687 g_debug ("installed_version: %s", installed_version);
688
689 json_reader_read_member (reader, "fixed_version");
690 g_debug ("Fixed_version has %d members",
691 json_reader_count_members (reader));
692
693 // Version Range
694 json_reader_read_member (reader, "start");
695 start = g_strdup (json_reader_get_string_value (reader));
696 json_reader_end_member (reader);
697 json_reader_read_member (reader, "end");
698 stop = g_strdup (json_reader_get_string_value (reader));
699 json_reader_end_member (reader);
700 g_debug ("start %s, end: %s", start, stop);
701
702 // version and specifier
703 json_reader_read_member (reader, "version");
704 version = g_strdup (json_reader_get_string_value (reader));
705 json_reader_end_member (reader);
706 json_reader_read_member (reader, "specifier");
707 specifier = g_strdup (json_reader_get_string_value (reader));
708 json_reader_end_member (reader);
709 g_debug ("version %s, specifier: %s", version, specifier);
710
711 // end read fixes version member
712 json_reader_end_member (reader);
713
714 // end package element
715 json_reader_end_element (reader);
716
717 char *item1 = NULL, *item2 = NULL;
718 if (start && stop)
719 {
720 type = RANGE;
721 item1 = start;
722 item2 = stop;
723 }
724 else if (version && specifier)
725 {
726 type = SINGLE;
727 item1 = version;
728 item2 = specifier;
729 }
730 else
731 {
732 g_warning ("%s: Error parsing json element", __func__);
733 g_free (name);
734 g_free (installed_version);
735 g_free (item1);
736 g_free (item2);
737 advisories_free (advisories);
738 goto cleanup_advisories;
739 }
740
741 pkg =
742 vulnerable_pkg_new (name, installed_version, type, item1, item2);
743 g_free (name);
744 g_free (installed_version);
745 g_free (item1);
746 g_free (item2);
747
748 advisory_add_vuln_pkg (advisory, pkg);
749 }
750 // end advisory
751 json_reader_end_member (reader);
752 advisories_add (advisories, advisory);
753 }
754
755cleanup_advisories:
756 if (reader)
757 g_object_unref (reader);
758 g_object_unref (parser);
759
760 return advisories;
761}
name
const char * name
Definition nasl_init.c:439
len
uint8_t len
Definition nasl_packet_forgery.c:1
advisory_new
static advisory_t * advisory_new(char *oid)
Initialize a new advisory.
Definition table_driven_lsc.c:478
advisories_add
static void advisories_add(advisories_t *advisories_list, advisory_t *advisory)
Initialize a new advisories struct with 100 slots.
Definition table_driven_lsc.c:454
advisories_new
static advisories_t * advisories_new()
Initialize a new advisories struct with 100 slots.
Definition table_driven_lsc.c:436
vulnerable_pkg_new
static vuln_pkg_t * vulnerable_pkg_new(const char *pkg_name, const char *install_version, enum fixed_type type, char *item1, char *item2)
Creates a new Vulnerable packages which belongs to an advisory.
Definition table_driven_lsc.c:574
advisories_free
void advisories_free(advisories_t *advisories)
Free()'s an advisories.
Definition table_driven_lsc.c:549
advisory_add_vuln_pkg
static void advisory_add_vuln_pkg(advisory_t *adv, vuln_pkg_t *vuln)
Add a new vulnerability to the advisory.
Definition table_driven_lsc.c:496
advisories_t
struct advisories advisories_t
Definition table_driven_lsc.h:80
fixed_type
fixed_type
Fixed version format.
Definition table_driven_lsc.h:20
advisory_t
struct advisory advisory_t
Definition table_driven_lsc.h:70
vuln_pkg_t
struct vulnerable_pkg vuln_pkg_t
Definition table_driven_lsc.h:58

References advisories_add(), advisories_free(), advisories_new(), advisory_add_vuln_pkg(), advisory_new(), len, name, RANGE, SINGLE, UNKNOWN, and vulnerable_pkg_new().

Referenced by call_rs_notus(), Ensure(), and nasl_notus().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ run_table_driven_lsc()

int run_table_driven_lsc ( const char * scan_id,
const char * ip_str,
const char * hostname,
const char * package_list,
const char * os_release )

Publish the necessary data to start a Table driven LSC scan.

If the gather-package-list.nasl plugin was launched, and it generated a valid package list for a supported OS, the table driven LSC scan which is subscribed to the topic will perform a scan an publish the the results to be handle by the sensor/client.

Parameters
scan_idScan Id.
kb
ip_strIP string of host.
hostnameName of host.
Returns
0 on success, less than 0 on error.

Definition at line 1057 of file table_driven_lsc.c.

1060{
1061 int err = 0;
1062 if (!os_release || !package_list)
1063 return 0;
1064
1065 if (prefs_get ("openvasd_server"))
1066 {
1067 g_message ("Running Notus for %s via openvasd", ip_str);
1068 err = call_rs_notus (ip_str, hostname, package_list, os_release);
1069
1070 return err;
1071 }
1072 else
1073 {
1074 gchar *json_str;
1075 gchar *topic;
1076 gchar *payload;
1077 gchar *status = NULL;
1078 int topic_len;
1079 int payload_len;
1080
1081 // Subscribe to status topic
1082 err = mqtt_subscribe ("scanner/status");
1083 if (err)
1084 {
1085 g_warning ("%s: Error starting lsc. Unable to subscribe", __func__);
1086 return -1;
1087 }
1088 /* Get the OS release. TODO: have a list with supported OS. */
1089
1090 json_str = make_table_driven_lsc_info_json_str (scan_id, ip_str, hostname,
1091 os_release, package_list);
1092
1093 // Run table driven lsc
1094 if (json_str == NULL)
1095 return -1;
1096
1097 g_message ("Running Notus for %s", ip_str);
1098 err = mqtt_publish ("scanner/package/cmd/notus", json_str);
1099 if (err)
1100 {
1101 g_warning ("%s: Error publishing message for Notus.", __func__);
1102 g_free (json_str);
1103 return -1;
1104 }
1105
1106 g_free (json_str);
1107
1108 // Wait for Notus scanner to start or interrupt
1109 while (!status)
1110 {
1111 err = mqtt_retrieve_message (&topic, &topic_len, &payload,
1112 &payload_len, 60000);
1113 if (err == -1 || err == 1)
1114 {
1115 g_warning ("%s: Unable to retrieve status message from notus. %s",
1116 __func__, err == 1 ? "Timeout after 60 s." : "");
1117 return -1;
1118 }
1119
1120 // Get status if it belongs to corresponding scan and host
1121 // Else wait for next status message
1122 status = get_status_of_table_driven_lsc_from_json (
1123 scan_id, ip_str, payload, payload_len);
1124
1125 g_free (topic);
1126 g_free (payload);
1127 }
1128 // If started wait for it to finish or interrupt
1129 if (!g_strcmp0 (status, "running"))
1130 {
1131 g_debug ("%s: table driven LSC with scan id %s successfully started "
1132 "for host %s",
1133 __func__, scan_id, ip_str);
1134 g_free (status);
1135 status = NULL;
1136 while (!status)
1137 {
1138 err = mqtt_retrieve_message (&topic, &topic_len, &payload,
1139 &payload_len, 60000);
1140 if (err == -1)
1141 {
1142 g_warning (
1143 "%s: Unable to retrieve status message from notus.",
1144 __func__);
1145 return -1;
1146 }
1147 if (err == 1)
1148 {
1149 g_warning (
1150 "%s: Unable to retrieve message. Timeout after 60s.",
1151 __func__);
1152 return -1;
1153 }
1154
1155 status = get_status_of_table_driven_lsc_from_json (
1156 scan_id, ip_str, payload, payload_len);
1157 g_free (topic);
1158 g_free (payload);
1159 }
1160 }
1161 else
1162 {
1163 g_warning ("%s: Unable to start lsc. Got status: %s", __func__,
1164 status);
1165 g_free (status);
1166 return -1;
1167 }
1168
1169 if (g_strcmp0 (status, "finished"))
1170 {
1171 g_warning (
1172 "%s: table driven lsc with scan id %s did not finish successfully "
1173 "for host %s. Last status was %s",
1174 __func__, scan_id, ip_str, status);
1175 err = -1;
1176 }
1177 else
1178 g_debug ("%s: table driven lsc with scan id %s successfully finished "
1179 "for host %s",
1180 __func__, scan_id, ip_str);
1181 g_free (status);
1182 }
1183 return err;
1184}
payload
u_char * payload
Definition nasl_frame_forgery.c:1
hostname
const char * hostname
Definition pluginlaunch.c:68
scan_id
const char * scan_id
Definition scan_id.c:10
make_table_driven_lsc_info_json_str
static gchar * make_table_driven_lsc_info_json_str(const char *scan_id, const char *ip_str, const char *hostname, const char *os_release, const char *package_list)
Build a json object with data necessary to start a table drive LSC.
Definition table_driven_lsc.c:102
get_status_of_table_driven_lsc_from_json
static gchar * get_status_of_table_driven_lsc_from_json(const char *scan_id, const char *host_ip, const char *json, int len)
Get the status of table driven lsc from json object.
Definition table_driven_lsc.c:175
call_rs_notus
static int call_rs_notus(const char *ip_str, const char *hostname, const char *pkg_list, const char *os)
Call notus and stores the results.
Definition table_driven_lsc.c:966

References call_rs_notus(), get_status_of_table_driven_lsc_from_json(), hostname, make_table_driven_lsc_info_json_str(), payload, and scan_id.

Referenced by call_lsc().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ set_lsc_flag()

void set_lsc_flag ( void )

Set lsc_flag to 1.

Definition at line 40 of file table_driven_lsc.c.

41{
42 lsc_flag = 1;
43}

References lsc_flag.

Referenced by process_ipc_data().

Here is the caller graph for this function: