From f5f74ade1d991ed63a496e69450c52a1c0e78387 Mon Sep 17 00:00:00 2001 From: Matt Mundell Date: Mon, 20 Mar 2023 19:15:56 +0200 Subject: [PATCH 1/4] Skip DELETEs if NVT tables were truncated --- src/manage_sql_nvts.c | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/src/manage_sql_nvts.c b/src/manage_sql_nvts.c index 769d9b8ee..8b1c17d6d 100644 --- a/src/manage_sql_nvts.c +++ b/src/manage_sql_nvts.c @@ -309,8 +309,9 @@ insert_nvt (const nvti_t *nvti, int truncate) quoted_family = sql_quote (nvti_family (nvti) ? nvti_family (nvti) : ""); - if (sql_int ("SELECT EXISTS (SELECT * FROM nvts WHERE oid = '%s');", - nvti_oid (nvti))) + if ((truncate == 0) + && sql_int ("SELECT EXISTS (SELECT * FROM nvts WHERE oid = '%s');", + nvti_oid (nvti))) sql ("DELETE FROM nvts WHERE oid = '%s';", nvti_oid (nvti)); sql ("INSERT into nvts (oid, name, summary, insight, affected," @@ -326,7 +327,8 @@ insert_nvt (const nvti_t *nvti, int truncate) nvti_oid (nvti), quoted_solution_type, quoted_solution_method, quoted_solution, quoted_detection, qod, quoted_qod_type); - sql ("DELETE FROM vt_refs where vt_oid = '%s';", nvti_oid (nvti)); + if (truncate == 0) + sql ("DELETE FROM vt_refs where vt_oid = '%s';", nvti_oid (nvti)); for (i = 0; i < nvti_vtref_len (nvti); i++) { @@ -347,7 +349,8 @@ insert_nvt (const nvti_t *nvti, int truncate) g_free (quoted_text); } - sql ("DELETE FROM vt_severities where vt_oid = '%s';", nvti_oid (nvti)); + if (truncate == 0) + sql ("DELETE FROM vt_severities where vt_oid = '%s';", nvti_oid (nvti)); highest = 0; @@ -1559,8 +1562,9 @@ update_nvts_from_vts (entity_t *get_vts_response, sql_rollback (); return -1; } - sql ("DELETE FROM nvt_preferences WHERE name LIKE '%s:%%';", - nvti_oid (nvti)); + if (truncate == 0) + sql ("DELETE FROM nvt_preferences WHERE name LIKE '%s:%%';", + nvti_oid (nvti)); insert_nvt_preferences_list (preferences); g_list_free_full (preferences, g_free); From 7d33d03bbbc87a837583e354e2398a199d34ef59 Mon Sep 17 00:00:00 2001 From: Matt Mundell Date: Mon, 27 Mar 2023 16:40:07 +0200 Subject: [PATCH 2/4] Move VT parts of insert_nvt to functions --- src/manage_sql_nvts.c | 133 ++++++++++++++++++++++++++---------------- 1 file changed, 83 insertions(+), 50 deletions(-) diff --git a/src/manage_sql_nvts.c b/src/manage_sql_nvts.c index 8b1c17d6d..c1fff0517 100644 --- a/src/manage_sql_nvts.c +++ b/src/manage_sql_nvts.c @@ -257,6 +257,86 @@ find_nvt (const char* oid, nvt_t* nvt) return FALSE; } +/** + * @brief Insert vt_refs for an NVT. + * + * @param[in] nvti NVT Information. + * @param[in] truncate True if NVT tables were truncated. + */ +static void +insert_vt_refs (const nvti_t *nvti, int truncate) +{ + int i; + + if (truncate == 0) + sql ("DELETE FROM vt_refs where vt_oid = '%s';", nvti_oid (nvti)); + + for (i = 0; i < nvti_vtref_len (nvti); i++) + { + vtref_t *ref; + gchar *quoted_type, *quoted_id, *quoted_text; + + ref = nvti_vtref (nvti, i); + quoted_type = sql_quote (vtref_type (ref)); + quoted_id = sql_quote (vtref_id (ref)); + quoted_text = sql_quote (vtref_text (ref) ? vtref_text (ref) : ""); + + sql ("INSERT into vt_refs (vt_oid, type, ref_id, ref_text)" + " VALUES ('%s', '%s', '%s', '%s');", + nvti_oid (nvti), quoted_type, quoted_id, quoted_text); + + g_free (quoted_type); + g_free (quoted_id); + g_free (quoted_text); + } +} + +/** + * @brief Insert vt_severities for an NVT. + * + * @param[in] nvti NVT Information. + * @param[in] truncate True if NVT tables were truncated. + * + * @return Highest severity. + */ +static double +insert_vt_severities (const nvti_t *nvti, int truncate) +{ + int i; + double highest; + + if (truncate == 0) + sql ("DELETE FROM vt_severities where vt_oid = '%s';", nvti_oid (nvti)); + + highest = 0; + + for (i = 0; i < nvti_vtseverities_len (nvti); i++) + { + vtseverity_t *severity; + gchar *quoted_origin, *quoted_value; + + severity = nvti_vtseverity (nvti, i); + quoted_origin = sql_quote (vtseverity_origin (severity) ? + vtseverity_origin (severity) : ""); + quoted_value = sql_quote (vtseverity_value (severity) ? + vtseverity_value (severity) : ""); + + sql ("INSERT into vt_severities (vt_oid, type, origin, date, score," + " value)" + " VALUES ('%s', '%s', '%s', %i, %0.1f, '%s');", + nvti_oid (nvti), vtseverity_type (severity), + quoted_origin, vtseverity_date (severity), + vtseverity_score (severity), quoted_value); + if (vtseverity_score (severity) > highest) + highest = vtseverity_score (severity); + + g_free (quoted_origin); + g_free (quoted_value); + } + + return highest; +} + /** * @brief Insert an NVT. * @@ -271,7 +351,7 @@ insert_nvt (const nvti_t *nvti, int truncate) gchar *quoted_impact, *quoted_detection, *quoted_cve, *quoted_tag; gchar *quoted_cvss_base, *quoted_qod_type, *quoted_family; gchar *quoted_solution, *quoted_solution_type, *quoted_solution_method; - int qod, i; + int qod; double highest; cve = nvti_refs (nvti, "cve", "", 0); @@ -327,56 +407,9 @@ insert_nvt (const nvti_t *nvti, int truncate) nvti_oid (nvti), quoted_solution_type, quoted_solution_method, quoted_solution, quoted_detection, qod, quoted_qod_type); - if (truncate == 0) - sql ("DELETE FROM vt_refs where vt_oid = '%s';", nvti_oid (nvti)); - - for (i = 0; i < nvti_vtref_len (nvti); i++) - { - vtref_t *ref; - gchar *quoted_type, *quoted_id, *quoted_text; - - ref = nvti_vtref (nvti, i); - quoted_type = sql_quote (vtref_type (ref)); - quoted_id = sql_quote (vtref_id (ref)); - quoted_text = sql_quote (vtref_text (ref) ? vtref_text (ref) : ""); - - sql ("INSERT into vt_refs (vt_oid, type, ref_id, ref_text)" - " VALUES ('%s', '%s', '%s', '%s');", - nvti_oid (nvti), quoted_type, quoted_id, quoted_text); - - g_free (quoted_type); - g_free (quoted_id); - g_free (quoted_text); - } - - if (truncate == 0) - sql ("DELETE FROM vt_severities where vt_oid = '%s';", nvti_oid (nvti)); - - highest = 0; - - for (i = 0; i < nvti_vtseverities_len (nvti); i++) - { - vtseverity_t *severity; - gchar *quoted_origin, *quoted_value; - - severity = nvti_vtseverity (nvti, i); - quoted_origin = sql_quote (vtseverity_origin (severity) ? - vtseverity_origin (severity) : ""); - quoted_value = sql_quote (vtseverity_value (severity) ? - vtseverity_value (severity) : ""); - - sql ("INSERT into vt_severities (vt_oid, type, origin, date, score," - " value)" - " VALUES ('%s', '%s', '%s', %i, %0.1f, '%s');", - nvti_oid (nvti), vtseverity_type (severity), - quoted_origin, vtseverity_date (severity), - vtseverity_score (severity), quoted_value); - if (vtseverity_score (severity) > highest) - highest = vtseverity_score (severity); + insert_vt_refs(nvti, truncate); - g_free (quoted_origin); - g_free (quoted_value); - } + highest = insert_vt_severities(nvti, truncate); sql ("UPDATE nvts SET cvss_base = %0.1f WHERE oid = '%s';", highest, From f718c4d972412f7bfe588f4fd19117a5a30a24cd Mon Sep 17 00:00:00 2001 From: Matt Mundell Date: Mon, 27 Mar 2023 16:45:54 +0200 Subject: [PATCH 3/4] Insert NVT after vt_severities --- src/manage_sql_nvts.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/src/manage_sql_nvts.c b/src/manage_sql_nvts.c index c1fff0517..112f1f556 100644 --- a/src/manage_sql_nvts.c +++ b/src/manage_sql_nvts.c @@ -340,6 +340,8 @@ insert_vt_severities (const nvti_t *nvti, int truncate) /** * @brief Insert an NVT. * + * Always called within a transaction. + * * @param[in] nvti NVT Information. * @param[in] truncate True if NVT tables were truncated. */ @@ -394,6 +396,10 @@ insert_nvt (const nvti_t *nvti, int truncate) nvti_oid (nvti))) sql ("DELETE FROM nvts WHERE oid = '%s';", nvti_oid (nvti)); + insert_vt_refs(nvti, truncate); + + highest = insert_vt_severities(nvti, truncate); + sql ("INSERT into nvts (oid, name, summary, insight, affected," " impact, cve, tag, category, family, cvss_base," " creation_time, modification_time, uuid, solution_type," @@ -407,10 +413,6 @@ insert_nvt (const nvti_t *nvti, int truncate) nvti_oid (nvti), quoted_solution_type, quoted_solution_method, quoted_solution, quoted_detection, qod, quoted_qod_type); - insert_vt_refs(nvti, truncate); - - highest = insert_vt_severities(nvti, truncate); - sql ("UPDATE nvts SET cvss_base = %0.1f WHERE oid = '%s';", highest, nvti_oid (nvti)); From 212cbae5c6588eec09ecd1a7e437bedfe2590321 Mon Sep 17 00:00:00 2001 From: Matt Mundell Date: Mon, 27 Mar 2023 16:55:54 +0200 Subject: [PATCH 4/4] Move highest from dedicated UPDATE to the NVT INSERT --- src/manage_sql_nvts.c | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-) diff --git a/src/manage_sql_nvts.c b/src/manage_sql_nvts.c index 112f1f556..13d5381f3 100644 --- a/src/manage_sql_nvts.c +++ b/src/manage_sql_nvts.c @@ -351,7 +351,7 @@ insert_nvt (const nvti_t *nvti, int truncate) gchar *qod_str, *qod_type, *cve; gchar *quoted_name, *quoted_summary, *quoted_insight, *quoted_affected; gchar *quoted_impact, *quoted_detection, *quoted_cve, *quoted_tag; - gchar *quoted_cvss_base, *quoted_qod_type, *quoted_family; + gchar *quoted_qod_type, *quoted_family; gchar *quoted_solution, *quoted_solution_type, *quoted_solution_method; int qod; double highest; @@ -379,8 +379,6 @@ insert_nvt (const nvti_t *nvti, int truncate) quoted_tag = sql_quote (nvti_tag (nvti) ? nvti_tag (nvti) : ""); - quoted_cvss_base = sql_quote (nvti_cvss_base (nvti) ? nvti_cvss_base (nvti) : ""); - qod_str = nvti_qod (nvti); qod_type = nvti_qod_type (nvti); @@ -405,18 +403,14 @@ insert_nvt (const nvti_t *nvti, int truncate) " creation_time, modification_time, uuid, solution_type," " solution_method, solution, detection, qod, qod_type)" " VALUES ('%s', '%s', '%s', '%s', '%s', '%s', '%s'," - " '%s', %i, '%s', '%s', %i, %i, '%s', '%s', '%s', '%s', '%s', %d, '%s');", + " '%s', %i, '%s', %0.1f, %i, %i, '%s', '%s', '%s', '%s', '%s', %d, '%s');", nvti_oid (nvti), quoted_name, quoted_summary, quoted_insight, quoted_affected, quoted_impact, quoted_cve, quoted_tag, - nvti_category (nvti), quoted_family, quoted_cvss_base, + nvti_category (nvti), quoted_family, highest, nvti_creation_time (nvti), nvti_modification_time (nvti), nvti_oid (nvti), quoted_solution_type, quoted_solution_method, quoted_solution, quoted_detection, qod, quoted_qod_type); - sql ("UPDATE nvts SET cvss_base = %0.1f WHERE oid = '%s';", - highest, - nvti_oid (nvti)); - g_free (quoted_name); g_free (quoted_summary); g_free (quoted_insight); @@ -424,7 +418,6 @@ insert_nvt (const nvti_t *nvti, int truncate) g_free (quoted_impact); g_free (quoted_cve); g_free (quoted_tag); - g_free (quoted_cvss_base); g_free (quoted_family); g_free (quoted_solution); g_free (quoted_solution_type);