diff --git a/src/manage_sql_nvts.c b/src/manage_sql_nvts.c index 769d9b8ee..13d5381f3 100644 --- a/src/manage_sql_nvts.c +++ b/src/manage_sql_nvts.c @@ -257,9 +257,91 @@ find_nvt (const char* oid, nvt_t* nvt) return FALSE; } +/** + * @brief Insert vt_refs for an NVT. + * + * @param[in] nvti NVT Information. + * @param[in] truncate True if NVT tables were truncated. + */ +static void +insert_vt_refs (const nvti_t *nvti, int truncate) +{ + int i; + + if (truncate == 0) + sql ("DELETE FROM vt_refs where vt_oid = '%s';", nvti_oid (nvti)); + + for (i = 0; i < nvti_vtref_len (nvti); i++) + { + vtref_t *ref; + gchar *quoted_type, *quoted_id, *quoted_text; + + ref = nvti_vtref (nvti, i); + quoted_type = sql_quote (vtref_type (ref)); + quoted_id = sql_quote (vtref_id (ref)); + quoted_text = sql_quote (vtref_text (ref) ? vtref_text (ref) : ""); + + sql ("INSERT into vt_refs (vt_oid, type, ref_id, ref_text)" + " VALUES ('%s', '%s', '%s', '%s');", + nvti_oid (nvti), quoted_type, quoted_id, quoted_text); + + g_free (quoted_type); + g_free (quoted_id); + g_free (quoted_text); + } +} + +/** + * @brief Insert vt_severities for an NVT. + * + * @param[in] nvti NVT Information. + * @param[in] truncate True if NVT tables were truncated. + * + * @return Highest severity. + */ +static double +insert_vt_severities (const nvti_t *nvti, int truncate) +{ + int i; + double highest; + + if (truncate == 0) + sql ("DELETE FROM vt_severities where vt_oid = '%s';", nvti_oid (nvti)); + + highest = 0; + + for (i = 0; i < nvti_vtseverities_len (nvti); i++) + { + vtseverity_t *severity; + gchar *quoted_origin, *quoted_value; + + severity = nvti_vtseverity (nvti, i); + quoted_origin = sql_quote (vtseverity_origin (severity) ? + vtseverity_origin (severity) : ""); + quoted_value = sql_quote (vtseverity_value (severity) ? + vtseverity_value (severity) : ""); + + sql ("INSERT into vt_severities (vt_oid, type, origin, date, score," + " value)" + " VALUES ('%s', '%s', '%s', %i, %0.1f, '%s');", + nvti_oid (nvti), vtseverity_type (severity), + quoted_origin, vtseverity_date (severity), + vtseverity_score (severity), quoted_value); + if (vtseverity_score (severity) > highest) + highest = vtseverity_score (severity); + + g_free (quoted_origin); + g_free (quoted_value); + } + + return highest; +} + /** * @brief Insert an NVT. * + * Always called within a transaction. + * * @param[in] nvti NVT Information. * @param[in] truncate True if NVT tables were truncated. */ @@ -269,9 +351,9 @@ insert_nvt (const nvti_t *nvti, int truncate) gchar *qod_str, *qod_type, *cve; gchar *quoted_name, *quoted_summary, *quoted_insight, *quoted_affected; gchar *quoted_impact, *quoted_detection, *quoted_cve, *quoted_tag; - gchar *quoted_cvss_base, *quoted_qod_type, *quoted_family; + gchar *quoted_qod_type, *quoted_family; gchar *quoted_solution, *quoted_solution_type, *quoted_solution_method; - int qod, i; + int qod; double highest; cve = nvti_refs (nvti, "cve", "", 0); @@ -297,8 +379,6 @@ insert_nvt (const nvti_t *nvti, int truncate) quoted_tag = sql_quote (nvti_tag (nvti) ? nvti_tag (nvti) : ""); - quoted_cvss_base = sql_quote (nvti_cvss_base (nvti) ? nvti_cvss_base (nvti) : ""); - qod_str = nvti_qod (nvti); qod_type = nvti_qod_type (nvti); @@ -309,76 +389,28 @@ insert_nvt (const nvti_t *nvti, int truncate) quoted_family = sql_quote (nvti_family (nvti) ? nvti_family (nvti) : ""); - if (sql_int ("SELECT EXISTS (SELECT * FROM nvts WHERE oid = '%s');", - nvti_oid (nvti))) + if ((truncate == 0) + && sql_int ("SELECT EXISTS (SELECT * FROM nvts WHERE oid = '%s');", + nvti_oid (nvti))) sql ("DELETE FROM nvts WHERE oid = '%s';", nvti_oid (nvti)); + insert_vt_refs(nvti, truncate); + + highest = insert_vt_severities(nvti, truncate); + sql ("INSERT into nvts (oid, name, summary, insight, affected," " impact, cve, tag, category, family, cvss_base," " creation_time, modification_time, uuid, solution_type," " solution_method, solution, detection, qod, qod_type)" " VALUES ('%s', '%s', '%s', '%s', '%s', '%s', '%s'," - " '%s', %i, '%s', '%s', %i, %i, '%s', '%s', '%s', '%s', '%s', %d, '%s');", + " '%s', %i, '%s', %0.1f, %i, %i, '%s', '%s', '%s', '%s', '%s', %d, '%s');", nvti_oid (nvti), quoted_name, quoted_summary, quoted_insight, quoted_affected, quoted_impact, quoted_cve, quoted_tag, - nvti_category (nvti), quoted_family, quoted_cvss_base, + nvti_category (nvti), quoted_family, highest, nvti_creation_time (nvti), nvti_modification_time (nvti), nvti_oid (nvti), quoted_solution_type, quoted_solution_method, quoted_solution, quoted_detection, qod, quoted_qod_type); - sql ("DELETE FROM vt_refs where vt_oid = '%s';", nvti_oid (nvti)); - - for (i = 0; i < nvti_vtref_len (nvti); i++) - { - vtref_t *ref; - gchar *quoted_type, *quoted_id, *quoted_text; - - ref = nvti_vtref (nvti, i); - quoted_type = sql_quote (vtref_type (ref)); - quoted_id = sql_quote (vtref_id (ref)); - quoted_text = sql_quote (vtref_text (ref) ? vtref_text (ref) : ""); - - sql ("INSERT into vt_refs (vt_oid, type, ref_id, ref_text)" - " VALUES ('%s', '%s', '%s', '%s');", - nvti_oid (nvti), quoted_type, quoted_id, quoted_text); - - g_free (quoted_type); - g_free (quoted_id); - g_free (quoted_text); - } - - sql ("DELETE FROM vt_severities where vt_oid = '%s';", nvti_oid (nvti)); - - highest = 0; - - for (i = 0; i < nvti_vtseverities_len (nvti); i++) - { - vtseverity_t *severity; - gchar *quoted_origin, *quoted_value; - - severity = nvti_vtseverity (nvti, i); - quoted_origin = sql_quote (vtseverity_origin (severity) ? - vtseverity_origin (severity) : ""); - quoted_value = sql_quote (vtseverity_value (severity) ? - vtseverity_value (severity) : ""); - - sql ("INSERT into vt_severities (vt_oid, type, origin, date, score," - " value)" - " VALUES ('%s', '%s', '%s', %i, %0.1f, '%s');", - nvti_oid (nvti), vtseverity_type (severity), - quoted_origin, vtseverity_date (severity), - vtseverity_score (severity), quoted_value); - if (vtseverity_score (severity) > highest) - highest = vtseverity_score (severity); - - g_free (quoted_origin); - g_free (quoted_value); - } - - sql ("UPDATE nvts SET cvss_base = %0.1f WHERE oid = '%s';", - highest, - nvti_oid (nvti)); - g_free (quoted_name); g_free (quoted_summary); g_free (quoted_insight); @@ -386,7 +418,6 @@ insert_nvt (const nvti_t *nvti, int truncate) g_free (quoted_impact); g_free (quoted_cve); g_free (quoted_tag); - g_free (quoted_cvss_base); g_free (quoted_family); g_free (quoted_solution); g_free (quoted_solution_type); @@ -1559,8 +1590,9 @@ update_nvts_from_vts (entity_t *get_vts_response, sql_rollback (); return -1; } - sql ("DELETE FROM nvt_preferences WHERE name LIKE '%s:%%';", - nvti_oid (nvti)); + if (truncate == 0) + sql ("DELETE FROM nvt_preferences WHERE name LIKE '%s:%%';", + nvti_oid (nvti)); insert_nvt_preferences_list (preferences); g_list_free_full (preferences, g_free);