Skip to content

Commit

Permalink
Merge branch 'stable' into mergify/bp/stable/pr-1938
Browse files Browse the repository at this point in the history
  • Loading branch information
@timopollmeier
timopollmeier authored Apr 26, 2023
2 parents da2fcc6 + 46470c0 commit 93e44c8
Show file tree
Hide file tree
Showing 6 changed files with 280 additions and 121 deletions.
8 changes: 5 additions & 3 deletions src/gmp.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14248,7 +14248,7 @@ handle_get_reports (gmp_parser_t *gmp_parser, GError **error)
|| (strlen (get_reports_data->report_get.id) == 0))
{
int overrides, min_qod;
gchar *filter;
gchar *filter, *levels;
get_data_t * get;

/* For simplicity, use a fixed result filter when filtering
Expand All @@ -14269,12 +14269,14 @@ handle_get_reports (gmp_parser_t *gmp_parser, GError **error)
g_free (get_reports_data->get.filter);
overrides = filter_term_apply_overrides (filter ? filter : get->filter);
min_qod = filter_term_min_qod (filter ? filter : get->filter);
levels = filter_term_value (filter ? filter : get->filter, "levels");
g_free (filter);

/* Setup result filter from overrides. */
get_reports_data->get.filter
= g_strdup_printf ("apply_overrides=%i min_qod=%i",
overrides, min_qod);
= g_strdup_printf ("apply_overrides=%i min_qod=%i levels=%s",
overrides, min_qod, levels ? levels : "hmlgdf");
g_free (levels);
}

ret = init_report_iterator (&reports, &get_reports_data->report_get);
Expand Down
5 changes: 4 additions & 1 deletion src/manage.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -375,6 +375,9 @@ trash_id_exists (const char *, const char *);
gboolean
find_resource (const char*, const char*, resource_t*);

gboolean
find_resource_no_acl (const char*, const char*, resource_t*);

const char *
type_name_plural (const char*);

Expand Down Expand Up @@ -1921,7 +1924,7 @@ nvt_selector_iterator_type (iterator_t*);
/* NVT preferences. */

void
manage_nvt_preference_add (const char*, const char*);
manage_nvt_preference_add (const char*, const char*, int);

void
manage_nvt_preferences_enable ();
Expand Down
103 changes: 58 additions & 45 deletions src/manage_pg.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@


/* Headers */
int
int
check_db_extensions ();


Expand Down Expand Up @@ -1747,6 +1747,62 @@ create_view_vulns ()

#undef VULNS_RESULTS_WHERE

/**
* @brief Create NVT related tables.
*/
void
create_tables_nvt (const gchar *suffix)
{
sql ("CREATE TABLE IF NOT EXISTS vt_refs%s"
" (id SERIAL PRIMARY KEY,"
" vt_oid text NOT NULL,"
" type text NOT NULL,"
" ref_id text NOT NULL,"
" ref_text text);",
suffix);

sql ("CREATE TABLE IF NOT EXISTS vt_severities%s"
" (id SERIAL PRIMARY KEY,"
" vt_oid text NOT NULL,"
" type text NOT NULL,"
" origin text,"
" date integer,"
" score double precision,"
" value text);",
suffix);

sql ("CREATE TABLE IF NOT EXISTS nvt_preferences%s"
" (id SERIAL PRIMARY KEY,"
" name text UNIQUE NOT NULL,"
" value text);",
suffix);

sql ("CREATE TABLE IF NOT EXISTS nvts%s"
" (id SERIAL PRIMARY KEY,"
" uuid text UNIQUE NOT NULL,"
" oid text UNIQUE NOT NULL,"
" name text,"
" comment text,"
" summary text,"
" insight text,"
" affected text,"
" impact text,"
" cve text,"
" tag text,"
" category text,"
" family text,"
" cvss_base text,"
" creation_time integer,"
" modification_time integer,"
" solution text,"
" solution_type text,"
" solution_method text,"
" detection text,"
" qod integer,"
" qod_type text);",
suffix);
}

/**
* @brief Create all tables.
*/
Expand Down Expand Up @@ -2565,50 +2621,7 @@ create_tables ()
" name text,"
" value text);");

sql ("CREATE TABLE IF NOT EXISTS vt_refs"
" (id SERIAL PRIMARY KEY,"
" vt_oid text NOT NULL,"
" type text NOT NULL,"
" ref_id text NOT NULL,"
" ref_text text);");

sql ("CREATE TABLE IF NOT EXISTS vt_severities"
" (id SERIAL PRIMARY KEY,"
" vt_oid text NOT NULL,"
" type text NOT NULL,"
" origin text,"
" date integer,"
" score double precision,"
" value text);");

sql ("CREATE TABLE IF NOT EXISTS nvt_preferences"
" (id SERIAL PRIMARY KEY,"
" name text UNIQUE NOT NULL,"
" value text);");

sql ("CREATE TABLE IF NOT EXISTS nvts"
" (id SERIAL PRIMARY KEY,"
" uuid text UNIQUE NOT NULL,"
" oid text UNIQUE NOT NULL,"
" name text,"
" comment text,"
" summary text,"
" insight text,"
" affected text,"
" impact text,"
" cve text,"
" tag text,"
" category text,"
" family text,"
" cvss_base text,"
" creation_time integer,"
" modification_time integer,"
" solution text,"
" solution_type text,"
" solution_method text,"
" detection text,"
" qod integer,"
" qod_type text);");
create_tables_nvt ("");

sql ("CREATE TABLE IF NOT EXISTS notes"
" (id SERIAL PRIMARY KEY,"
Expand Down
135 changes: 112 additions & 23 deletions src/manage_sql.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4159,6 +4159,46 @@ find_resource (const char* type, const char* uuid, resource_t* resource)
return FALSE;
}

/**
* @brief Find a resource given a UUID.
*
* @param[in] type Type of resource.
* @param[in] uuid UUID of resource.
* @param[out] resource Resource return, 0 if successfully failed to find resource.
*
* @return FALSE on success (including if failed to find resource), TRUE on error.
*/
gboolean
find_resource_no_acl (const char* type, const char* uuid, resource_t* resource)
{
gchar *quoted_uuid;
quoted_uuid = sql_quote (uuid);

// TODO should really check type
switch (sql_int64 (resource,
"SELECT id FROM %ss WHERE uuid = '%s'%s;",
type,
quoted_uuid,
strcmp (type, "task") ? "" : " AND hidden < 2"))
{
case 0:
break;
case 1: /* Too few rows in result of query. */
*resource = 0;
break;
default: /* Programming error. */
assert (0);
case -1:
g_free (quoted_uuid);
return TRUE;
break;
}

g_free (quoted_uuid);
return FALSE;
}


/**
* @brief Find a resource given a UUID and a permission.
*
Expand Down Expand Up @@ -27395,7 +27435,7 @@ print_report_xml_start (report_t report, report_t delta, task_t task,

max_results = manage_max_rows (max_results);

levels = levels ? levels : g_strdup ("hmlgd");
levels = levels ? levels : g_strdup ("hmlgdf");

if (task && task_uuid (task, &tsk_uuid))
{
Expand Down Expand Up @@ -42479,6 +42519,8 @@ find_permission (const char* uuid, permission_t* permission)
/**
* @brief Check args for create_permission or modify_permission.
*
* @param[in] check_access Whether to check if user may get resource and
* subject.
* @param[in] name_arg Name of permission.
* @param[in] resource_type_arg Type of resource, for special permissions.
* @param[in] resource_id_arg UUID of resource.
Expand All @@ -42496,7 +42538,8 @@ find_permission (const char* uuid, permission_t* permission)
* 99 permission denied, -1 error.
*/
static int
check_permission_args (const char *name_arg, const char *resource_type_arg,
check_permission_args (gboolean check_access, const char *name_arg,
const char *resource_type_arg,
const char *resource_id_arg, const char *subject_type,
const char *subject_id, gchar **name,
resource_t *resource, char **resource_type,
Expand Down Expand Up @@ -42565,24 +42608,57 @@ check_permission_args (const char *name_arg, const char *resource_type_arg,
{
g_free (*resource_type);
*resource_type = g_strdup ("host");
if (find_resource (*resource_type, resource_id_arg, resource))
if (check_access == FALSE)
{
g_free (*name);
g_free (*resource_type);
return -1;
if (find_resource_no_acl (*resource_type, resource_id_arg, resource))
{
g_free (*name);
g_free (*resource_type);
return -1;
}
}

if (*resource == 0)
else
{
g_free (*resource_type);
*resource_type = g_strdup ("os");
if (find_resource (*resource_type, resource_id_arg, resource))
{
g_free (*name);
g_free (*resource_type);
return -1;
}
}

if (*resource == 0)
{
g_free (*resource_type);
*resource_type = g_strdup ("os");
if (check_access == FALSE)
{
if (find_resource_no_acl (*resource_type, resource_id_arg, resource))
{
g_free (*name);
g_free (*resource_type);
return -1;
}
}
else
{
if (find_resource (*resource_type, resource_id_arg, resource))
{
g_free (*name);
g_free (*resource_type);
return -1;
}
}
}
}
else if (check_access == FALSE)
{
if (find_resource_no_acl (*resource_type, resource_id_arg, resource))
{
g_free (*name);
g_free (*resource_type);
return -1;
}
}
else
{
Expand Down Expand Up @@ -42656,16 +42732,27 @@ check_permission_args (const char *name_arg, const char *resource_type_arg,
{
/* Permission on a particular resource. Only need read access to the
* subject. */

if (find_resource_with_permission (subject_type,
subject_id,
subject,
NULL, /* GET permission. */
0)) /* Trash. */
if (check_access)
{
g_free (*name);
g_free (*resource_type);
return -1;
if (find_resource_with_permission (subject_type,
subject_id,
subject,
NULL, /* GET permission. */
0)) /* Trash. */
{
g_free (*name);
g_free (*resource_type);
return -1;
}
}
else
{
if (find_resource_no_acl (subject_type, subject_id, subject))
{
g_free (*name);
g_free (*resource_type);
return -1;
}
}
}
else
Expand Down Expand Up @@ -42787,9 +42874,11 @@ create_permission_internal (int check_access, const char *name_arg,
if (check_access && (acl_user_may ("create_permission") == 0))
return 99;

ret = check_permission_args (name_arg, resource_type_arg, resource_id_arg,
subject_type, subject_id, &name, &resource,
&resource_type, &resource_id, &subject);
ret = check_permission_args (check_access, name_arg, resource_type_arg,
resource_id_arg, subject_type, subject_id, &name,
&resource, &resource_type, &resource_id,
&subject);

if (ret)
return ret;

Expand Down Expand Up @@ -43925,7 +44014,7 @@ modify_permission (const char *permission_id, const char *name_arg,
new_subject_id = subject_id ? NULL : permission_subject_id (permission);

ret = check_permission_args
(new_name ? new_name : name_arg,
(TRUE, new_name ? new_name : name_arg,
new_resource_type ? new_resource_type : resource_type_arg,
new_resource_id ? new_resource_id : resource_id_arg,
new_subject_type ? new_subject_type : subject_type,
Expand Down
Loading

0 comments on commit 93e44c8

Please sign in to comment.