diff --git a/CMakeLists.txt b/CMakeLists.txt index d5c958a34..a279ac168 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -163,11 +163,13 @@ if (NOT GVMD_STATE_DIR) set (GVMD_STATE_DIR "${GVM_STATE_DIR}/gvmd") endif (NOT GVMD_STATE_DIR) -if (NOT GVM_LOG_DIR) - set (GVM_LOG_DIR "${LOCALSTATEDIR}/log/gvm") -else (NOT GVM_LOG_DIR) - set (GVM_LOG_DIR "${GVM_LOG_DIR}") -endif (NOT GVM_LOG_DIR) +if (NOT GVMD_LOG_FILE) + if (GVM_LOG_DIR) + set (GVMD_LOG_FILE "${GVM_LOG_DIR}/gvmd.log") + else (GVM_LOG_DIR) + set (GVMD_LOG_FILE "-") + endif (GVM_LOG_DIR) +endif (NOT GVMD_LOG_FILE) set (GVM_SCAP_RES_DIR "${GVM_DATA_DIR}/scap") set (GVM_CERT_RES_DIR "${GVM_DATA_DIR}/cert") @@ -248,6 +250,7 @@ endif (NOT CVSS3_RATINGS) add_definitions (-DCVSS3_RATINGS=${CVSS3_RATINGS}) message ("-- Install prefix: ${CMAKE_INSTALL_PREFIX}") +message ("-- Log file: ${GVMD_LOG_FILE}") ## Version diff --git a/src/gvmd_log_conf.cmake_in b/src/gvmd_log_conf.cmake_in index fd0c375a0..e5dcc3d73 100644 --- a/src/gvmd_log_conf.cmake_in +++ b/src/gvmd_log_conf.cmake_in @@ -7,63 +7,63 @@ prepend=%t %s %p separator=: prepend_time_format=%Y-%m-%d %Hh%M.%S %Z -file=${GVM_LOG_DIR}/gvmd.log +file=${GVMD_LOG_FILE} level=127 [md manage] prepend=%t %s %p separator=: prepend_time_format=%Y-%m-%d %Hh%M.%S %Z -file=${GVM_LOG_DIR}/gvmd.log +file=${GVMD_LOG_FILE} level=127 [md gmp] prepend=%t %s %p separator=: prepend_time_format=%Y-%m-%d %Hh%M.%S %Z -file=${GVM_LOG_DIR}/gvmd.log +file=${GVMD_LOG_FILE} level=127 [md crypt] prepend=%t %s %p separator=: prepend_time_format=%Y-%m-%d %Hh%M.%S %Z -file=${GVM_LOG_DIR}/gvmd.log +file=${GVMD_LOG_FILE} level=127 [md utils] prepend=%t %s %p separator=: prepend_time_format=%Y-%m-%d %Hh%M.%S %Z -file=${GVM_LOG_DIR}/gvmd.log +file=${GVMD_LOG_FILE} level=127 [libgvm base] prepend=%t %s %p separator=: prepend_time_format=%Y-%m-%d %Hh%M.%S %Z -file=${GVM_LOG_DIR}/gvmd.log +file=${GVMD_LOG_FILE} level=127 [libgvm gmp] prepend=%t %s %p separator=: prepend_time_format=%Y-%m-%d %Hh%M.%S %Z -file=${GVM_LOG_DIR}/gvmd.log +file=${GVMD_LOG_FILE} level=127 [libgvm osp] prepend=%t %s %p separator=: prepend_time_format=%Y-%m-%d %Hh%M.%S %Z -file=${GVM_LOG_DIR}/gvmd.log +file=${GVMD_LOG_FILE} level=127 [libgvm util] prepend=%t %s %p separator=: prepend_time_format=%Y-%m-%d %Hh%M.%S %Z -file=${GVM_LOG_DIR}/gvmd.log +file=${GVMD_LOG_FILE} level=127 [event syslog] @@ -86,5 +86,5 @@ level=128 prepend=%t %s %p separator=: prepend_time_format=%Y-%m-%d %Hh%M.%S %Z -file=${GVM_LOG_DIR}/gvmd.log +file=${GVMD_LOG_FILE} level=127 diff --git a/src/manage_sql.c b/src/manage_sql.c index 2a9482e74..32f797a13 100644 --- a/src/manage_sql.c +++ b/src/manage_sql.c @@ -20421,7 +20421,7 @@ init_cpe_match_nodes_iterator (iterator_t* iterator, const char *criteria) " JOIN scap.cpe_nodes_match_criteria c" " ON n.id = c.node_id" " JOIN scap.cpe_match_strings r" - " ON c.match_criteria = r.match_criteria_id" + " ON c.match_criteria_id = r.match_criteria_id" " WHERE criteria like '%s%%';", quoted_criteria); g_free (quoted_criteria); diff --git a/src/manage_sql_secinfo.c b/src/manage_sql_secinfo.c index 4e6d3d6fc..cf13bf215 100644 --- a/src/manage_sql_secinfo.c +++ b/src/manage_sql_secinfo.c @@ -2081,7 +2081,7 @@ static int insert_scap_cpe (inserts_t *inserts, element_t cpe_item, element_t item_metadata, int modification_time) { - gchar *name, *status, *deprecated, *nvd_id; + gchar *name, *status, *nvd_id; gchar *quoted_name, *quoted_title, *quoted_status, *quoted_nvd_id; element_t title; int first; @@ -2103,27 +2103,12 @@ insert_scap_cpe (inserts_t *inserts, element_t cpe_item, element_t item_metadata return -1; } - deprecated = element_attribute (item_metadata, - "deprecated-by-nvd-id"); - if (deprecated - && (g_regex_match_simple ("^[0-9]+$", (gchar *) deprecated, 0, 0) - == 0)) - { - g_warning ("%s: invalid deprecated-by-nvd-id: %s", - __func__, - deprecated); - g_free (name); - g_free (status); - return -1; - } - nvd_id = element_attribute (item_metadata, "nvd-id"); if (nvd_id == NULL) { g_warning ("%s: nvd_id missing", __func__); g_free (name); g_free (status); - g_free (deprecated); return -1; } @@ -2163,7 +2148,7 @@ insert_scap_cpe (inserts_t *inserts, element_t cpe_item, element_t item_metadata first = inserts_check_size (inserts); g_string_append_printf (inserts->statement, - "%s ('%s', '%s', '%s', %i, %i, '%s', %s, '%s')", + "%s ('%s', '%s', '%s', %i, %i, '%s', '%s')", first ? "" : ",", quoted_name, quoted_name, @@ -2171,7 +2156,6 @@ insert_scap_cpe (inserts_t *inserts, element_t cpe_item, element_t item_metadata modification_time, modification_time, quoted_status, - deprecated ? deprecated : "NULL", quoted_nvd_id); inserts->current_chunk_size++; @@ -2180,7 +2164,6 @@ insert_scap_cpe (inserts_t *inserts, element_t cpe_item, element_t item_metadata g_free (quoted_name); g_free (quoted_status); g_free (quoted_nvd_id); - g_free (deprecated); return 0; } @@ -3423,6 +3406,7 @@ handle_cve_configurations (resource_t cve_db_id, char * cve_id, cJSON* configurations_json) { cJSON *configuration_item; + GString *software = g_string_new (""); cJSON_ArrayForEach (configuration_item, configurations_json) { @@ -3512,11 +3496,30 @@ handle_cve_configurations (resource_t cve_db_id, char * cve_id, id, vulnerable ? 1 : 0, quoted_match_criteria_id); - + + if (vulnerable) + { + iterator_t cpe_matches; + init_cpe_match_string_matches_iterator (&cpe_matches, quoted_match_criteria_id); + while (next (&cpe_matches)) + g_string_append_printf (software, "%s ", cpe_matches_cpe_name (&cpe_matches)); + cleanup_iterator (&cpe_matches); + } g_free (quoted_match_criteria_id); } } } + if (software->len > 0) + { + gchar *quoted_software = sql_quote (software->str); + sql ("UPDATE scap2.cves" + " SET products = '%s'" + " WHERE id = %llu;", + quoted_software, cve_db_id); + g_free (quoted_software); + } + g_string_free (software, TRUE); + return 0; } @@ -4043,6 +4046,27 @@ update_scap_cves () return 0; } +/** + * @brief Update SCAP affected products. + * + * Assume that the databases are attached. + */ +static void +update_scap_affected_products () +{ + g_info ("Updating affected products"); + + sql ("INSERT INTO scap2.affected_products" + " SELECT DISTINCT scap2.cpe_match_nodes.cve_id, scap2.cpes.id" + " FROM scap2.cpe_match_nodes, scap2.cpe_nodes_match_criteria," + " scap2.cpe_matches, scap2.cpes" + " WHERE scap2.cpe_match_nodes.id = scap2.cpe_nodes_match_criteria.node_id" + " AND scap2.cpe_nodes_match_criteria.vulnerable = 1" + " AND scap2.cpe_nodes_match_criteria.match_criteria_id =" + " scap2.cpe_matches.match_criteria_id" + " AND scap2.cpe_matches.cpe_name_id = scap2.cpes.cpe_name_id;"); +} + /** * @brief Insert a SCAP CPE match string from JSON. * @@ -5606,6 +5630,11 @@ update_scap (gboolean reset_scap_db) return -1; } + g_debug ("%s: update affected_products", __func__); + setproctitle ("Syncing SCAP: Updating affected products"); + + update_scap_affected_products (); + g_debug ("%s: updating user defined data", __func__); g_debug ("%s: update epss", __func__);