Merge branch 'main' into remove-delta-report-non-default-code

CMakeLists.txt

@@ -163,11 +163,13 @@ if (NOT GVMD_STATE_DIR)
   set (GVMD_STATE_DIR  "${GVM_STATE_DIR}/gvmd")
 endif (NOT GVMD_STATE_DIR)
 
-if (NOT GVM_LOG_DIR)
-  set (GVM_LOG_DIR    "${LOCALSTATEDIR}/log/gvm")
-else (NOT GVM_LOG_DIR)
-  set (GVM_LOG_DIR    "${GVM_LOG_DIR}")
-endif (NOT GVM_LOG_DIR)
+if (NOT GVMD_LOG_FILE)
+  if (GVM_LOG_DIR)
+    set (GVMD_LOG_FILE "${GVM_LOG_DIR}/gvmd.log")
+  else (GVM_LOG_DIR)
+    set (GVMD_LOG_FILE "-")
+  endif (GVM_LOG_DIR)
+endif (NOT GVMD_LOG_FILE)
 
 set (GVM_SCAP_RES_DIR "${GVM_DATA_DIR}/scap")
 set (GVM_CERT_RES_DIR "${GVM_DATA_DIR}/cert")
@@ -248,6 +250,7 @@ endif (NOT CVSS3_RATINGS)
 add_definitions (-DCVSS3_RATINGS=${CVSS3_RATINGS})
 
 message ("-- Install prefix: ${CMAKE_INSTALL_PREFIX}")
+message ("-- Log file: ${GVMD_LOG_FILE}")
 
 ## Version
 

src/gvmd_log_conf.cmake_in

@@ -7,63 +7,63 @@
 prepend=%t %s %p
 separator=:
 prepend_time_format=%Y-%m-%d %Hh%M.%S %Z
-file=${GVM_LOG_DIR}/gvmd.log
+file=${GVMD_LOG_FILE}
 level=127
 
 [md manage]
 prepend=%t %s %p
 separator=:
 prepend_time_format=%Y-%m-%d %Hh%M.%S %Z
-file=${GVM_LOG_DIR}/gvmd.log
+file=${GVMD_LOG_FILE}
 level=127
 
 [md    gmp]
 prepend=%t %s %p
 separator=:
 prepend_time_format=%Y-%m-%d %Hh%M.%S %Z
-file=${GVM_LOG_DIR}/gvmd.log
+file=${GVMD_LOG_FILE}
 level=127
 
 [md  crypt]
 prepend=%t %s %p
 separator=:
 prepend_time_format=%Y-%m-%d %Hh%M.%S %Z
-file=${GVM_LOG_DIR}/gvmd.log
+file=${GVMD_LOG_FILE}
 level=127
 
 [md  utils]
 prepend=%t %s %p
 separator=:
 prepend_time_format=%Y-%m-%d %Hh%M.%S %Z
-file=${GVM_LOG_DIR}/gvmd.log
+file=${GVMD_LOG_FILE}
 level=127
 
 [libgvm base]
 prepend=%t %s %p
 separator=:
 prepend_time_format=%Y-%m-%d %Hh%M.%S %Z
-file=${GVM_LOG_DIR}/gvmd.log
+file=${GVMD_LOG_FILE}
 level=127
 
 [libgvm gmp]
 prepend=%t %s %p
 separator=:
 prepend_time_format=%Y-%m-%d %Hh%M.%S %Z
-file=${GVM_LOG_DIR}/gvmd.log
+file=${GVMD_LOG_FILE}
 level=127
 
 [libgvm osp]
 prepend=%t %s %p
 separator=:
 prepend_time_format=%Y-%m-%d %Hh%M.%S %Z
-file=${GVM_LOG_DIR}/gvmd.log
+file=${GVMD_LOG_FILE}
 level=127
 
 [libgvm util]
 prepend=%t %s %p
 separator=:
 prepend_time_format=%Y-%m-%d %Hh%M.%S %Z
-file=${GVM_LOG_DIR}/gvmd.log
+file=${GVMD_LOG_FILE}
 level=127
 
 [event syslog]
@@ -86,5 +86,5 @@ level=128
 prepend=%t %s %p
 separator=:
 prepend_time_format=%Y-%m-%d %Hh%M.%S %Z
-file=${GVM_LOG_DIR}/gvmd.log
+file=${GVMD_LOG_FILE}
 level=127

src/manage_sql.c

@@ -20421,7 +20421,7 @@ init_cpe_match_nodes_iterator (iterator_t* iterator, const char *criteria)
                  " JOIN scap.cpe_nodes_match_criteria c"
                  " ON n.id = c.node_id"
                  " JOIN scap.cpe_match_strings r"
-                 " ON c.match_criteria = r.match_criteria_id"
+                 " ON c.match_criteria_id = r.match_criteria_id"
                  " WHERE criteria like '%s%%';",
                  quoted_criteria);
   g_free (quoted_criteria);

src/manage_sql_secinfo.c

@@ -2081,7 +2081,7 @@ static int
 insert_scap_cpe (inserts_t *inserts, element_t cpe_item, element_t item_metadata,
                  int modification_time)
 {
-  gchar *name, *status, *deprecated, *nvd_id;
+  gchar *name, *status, *nvd_id;
   gchar *quoted_name, *quoted_title, *quoted_status, *quoted_nvd_id;
   element_t title;
   int first;
@@ -2103,27 +2103,12 @@ insert_scap_cpe (inserts_t *inserts, element_t cpe_item, element_t item_metadata
       return -1;
     }
 
-  deprecated = element_attribute (item_metadata,
-                                 "deprecated-by-nvd-id");
-  if (deprecated
-      && (g_regex_match_simple ("^[0-9]+$", (gchar *) deprecated, 0, 0)
-          == 0))
-    {
-      g_warning ("%s: invalid deprecated-by-nvd-id: %s",
-                 __func__,
-                 deprecated);
-      g_free (name);
-      g_free (status);
-      return -1;
-    }
-
   nvd_id = element_attribute (item_metadata, "nvd-id");
   if (nvd_id == NULL)
     {
       g_warning ("%s: nvd_id missing", __func__);
       g_free (name);
       g_free (status);
-      g_free (deprecated);
       return -1;
     }
 
@@ -2163,15 +2148,14 @@ insert_scap_cpe (inserts_t *inserts, element_t cpe_item, element_t item_metadata
   first = inserts_check_size (inserts);
 
   g_string_append_printf (inserts->statement,
-                          "%s ('%s', '%s', '%s', %i, %i, '%s', %s, '%s')",
+                          "%s ('%s', '%s', '%s', %i, %i, '%s', '%s')",
                           first ? "" : ",",
                           quoted_name,
                           quoted_name,
                           quoted_title,
                           modification_time,
                           modification_time,
                           quoted_status,
-                          deprecated ? deprecated : "NULL",
                           quoted_nvd_id);
 
   inserts->current_chunk_size++;
@@ -2180,7 +2164,6 @@ insert_scap_cpe (inserts_t *inserts, element_t cpe_item, element_t item_metadata
   g_free (quoted_name);
   g_free (quoted_status);
   g_free (quoted_nvd_id);
-  g_free (deprecated);
 
   return 0;
 }
@@ -3423,6 +3406,7 @@ handle_cve_configurations (resource_t cve_db_id, char * cve_id,
                            cJSON* configurations_json)
 {
   cJSON *configuration_item;
+  GString *software = g_string_new ("");
 
   cJSON_ArrayForEach (configuration_item, configurations_json)
     {
@@ -3512,11 +3496,30 @@ handle_cve_configurations (resource_t cve_db_id, char * cve_id,
                   id,
                   vulnerable ? 1 : 0,
                   quoted_match_criteria_id);
-
+
+              if (vulnerable)
+                {
+                  iterator_t cpe_matches;
+                  init_cpe_match_string_matches_iterator (&cpe_matches, quoted_match_criteria_id);
+                  while (next (&cpe_matches))
+                    g_string_append_printf (software, "%s ", cpe_matches_cpe_name (&cpe_matches));
+                  cleanup_iterator (&cpe_matches);
+                }
               g_free (quoted_match_criteria_id);          
             }
         }
     }
+    if (software->len > 0)
+      {
+        gchar *quoted_software = sql_quote (software->str);
+        sql ("UPDATE scap2.cves"
+             " SET products = '%s'"
+             " WHERE id = %llu;",
+             quoted_software, cve_db_id);
+        g_free (quoted_software);
+      }
+    g_string_free (software, TRUE);
+
  return 0;
 }
 
@@ -4043,6 +4046,27 @@ update_scap_cves ()
   return 0;
 }
 
+/**
+ * @brief Update SCAP affected products.
+ *
+ * Assume that the databases are attached.
+ */
+static void
+update_scap_affected_products ()
+{
+  g_info ("Updating affected products");
+
+  sql ("INSERT INTO scap2.affected_products"
+       "  SELECT DISTINCT scap2.cpe_match_nodes.cve_id, scap2.cpes.id"
+       "    FROM scap2.cpe_match_nodes, scap2.cpe_nodes_match_criteria,"
+       "         scap2.cpe_matches, scap2.cpes"
+       "    WHERE scap2.cpe_match_nodes.id = scap2.cpe_nodes_match_criteria.node_id"
+       "      AND scap2.cpe_nodes_match_criteria.vulnerable = 1"
+       "      AND scap2.cpe_nodes_match_criteria.match_criteria_id ="
+       "            scap2.cpe_matches.match_criteria_id"
+       "      AND scap2.cpe_matches.cpe_name_id = scap2.cpes.cpe_name_id;");
+}
+
 /**
  * @brief Insert a SCAP CPE match string from JSON.
  *
@@ -5606,6 +5630,11 @@ update_scap (gboolean reset_scap_db)
       return -1;
     }
 
+  g_debug ("%s: update affected_products", __func__);
+  setproctitle ("Syncing SCAP: Updating affected products");
+
+  update_scap_affected_products ();
+
   g_debug ("%s: updating user defined data", __func__);
 
   g_debug ("%s: update epss", __func__);