Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GMP: Consolidate NVT references into unified "refs" element #427

Merged
merged 28 commits into from
Apr 28, 2019
Merged

GMP: Consolidate NVT references into unified "refs" element #427

merged 28 commits into from
Apr 28, 2019

Conversation

janowagner
Copy link
Member

@janowagner janowagner commented Mar 16, 2019
edited
Loading

The GMP element "nvt" uses various explicit elements for references: "bid", "cve", "xrefs" and "cert".

This is all consolidated into a "refs" section like this:

<refs>
  <ref type="cve" id="CVE-2010-4480"/>
  <ref type="url" id="http://www.exploit-db.com/exploits/15699/"/>
  <ref type="url" id="http://www.vupen.com/english/advisories/2010/3133">
    Vendor Advisory
  </ref>
  <ref type="dfn-cert" id="DFN-CERT-2011-0467"/>
  <ref type="dfn-cert" id="DFN-CERT-2011-0451"/>
  <ref type="dfn-cert" id="DFN-CERT-2011-0016"/>
  <ref type="dfn-cert" id="DFN-CERT-2011-0002"/>
</refs>

This affects the commands get_nvts, get_results, get_info and get_reports.

@janowagner janowagner requested a review from a team March 16, 2019 14:16
@janowagner janowagner added the work in progress This pull request should not be merged yet, more commits are expected label Mar 16, 2019
@janowagner janowagner force-pushed the work branch 2 times, most recently from e065583 to bfb9d2c Compare March 31, 2019 19:31
@janowagner janowagner removed the work in progress This pull request should not be merged yet, more commits are expected label Apr 11, 2019
mattmundell
mattmundell requested changes Apr 18, 2019
View reviewed changes
Copy link
Contributor

@mattmundell mattmundell left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good change this.

Really great how the PR is broken down step by step.

src/gmp.c Show resolved Hide resolved
src/manage_sql.c Show resolved Hide resolved
src/manage_sql.c Show resolved Hide resolved
src/report_formats/LaTeX/latex.xsl Outdated Show resolved Hide resolved
src/report_formats/CSV_Results/CSV_Results.xsl Outdated Show resolved Hide resolved
src/manage_sql_nvts.c Show resolved Hide resolved
@janowagner janowagner force-pushed the work branch 2 times, most recently from e76081e to 1f1de66 Compare April 25, 2019 18:28
janowagner added 20 commits April 26, 2019 20:15
@janowagner
Replace nvt XML element cert_refs by refs.
2f0f65d 
This applies for the get_info response for an NVT.
It is the first step to consolidate all of the references
into the single element "refs".

The reference types are lower-cased now: CERT-Bund becomes
cert-bund and DFN-CERT becomes dfn-cert.
@janowagner
Update GMP documentation about cert_refs to refs.
a4f1fbf
@janowagner
Rename result/nvt/cert to result/nvt/refs.
a47e88d 
The cert references are turned into the general references
element. The type is lower-cased.
The element of cert are renamed from cert_ref to just ref.

This makes the cert references in line with the response of get_nvts.
@janowagner
GMP doc cert to refs in get_results/get_reports
510de0f
@janowagner
Update according to cert to refs change
29fe844 
Call new section "References" because eventually all of
them will be in "refs".
@janowagner
Consider cert to refs change.
2b8f2a1
@janowagner
Consider cert to refs change.
12e5a39
@janowagner
Consider cert to refs change.
90fb34b
@janowagner
Move bid into refs for get_reports/get_results.
54c52c4 
Also surpress NOBID as it makes no sense anymore in refs.
@janowagner
Remove empty "bid" element from ovaldef nvt type.
0eb0cd5
@janowagner
Move CVE in cve element into refs element.
5857e47
@janowagner
Move xref into refs element for nvt in result.
d2830ef 
The type from xref is directly applied as type for ref 1:1.
Also, NOXREF will not appear anymore.
@janowagner
Update get_results/get_reports for new refs.
8856658 
This adds the consolidation of cve, bid and xref into refs
for the two commands.
@janowagner
Isolate xml refs creation based on oid.
f83c7b3 
This move the xml creation part out of the results iterator in
order to make it accesible to other functions.
This generalizes on oid, so you neither need a iterator nor
a nvti object.
This prepares ground to use the same xml assembly routine also
for get_nvts.
@janowagner
Move cve_id, bugtraq_id and xrefs into refs XML.
3b0488f 
This is for the get_nvts command.
@janowagner
Remove unused nvt iterator functions.
449df33 
We do not need them anymore and eventually the references
will be managed with a different data model anyway.
@janowagner
Update GMP documentation about refs in get_nvts.
e40266e
@janowagner
Consider new nvt refs in RFP TXT.
1910c33
@janowagner
Remove uneeded variables.
f8a26d3
@janowagner
Re-add a change entry for GMP documentation.
1bdc812
@janowagner
Update references handling to new format.
c363e5d
@janowagner
NBE: update for new references syntax.
bd6297d
@janowagner
Update CSV Results for new references.
782f193 
This involves a slight change of the CSV format:
The columns for CVEs, BIDs, CERTs and Other References used
a comma as a separator inside the cell, Not instead of a comma
a newline is used as a separator.
The comma was a left-over convenience from the old references format.
@janowagner
Update TP alert for new CVE references location.
08bbef9
@janowagner
Minor code formatting improvements.
ca1c232
@janowagner
Apply new refs format for nvt type ovaldef.
2f77357 
This converts the CVE list of a ovaldef into the new
refs format.
@janowagner
Use comma instead of newline for references in CSV.
2504d7e 
This change establishes the previous behaviour.
@mattmundell mattmundell merged commit 577f1b4 into greenbone:master Apr 28, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mattmundell mattmundell mattmundell approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@janowagner @mattmundell