Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Extra TLS certificate info, rename last_collected to last_seen (master) #775

Merged
merged 5 commits into from
Oct 7, 2019
Merged

Extra TLS certificate info, rename last_collected to last_seen (master) #775

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
9a7a489
Add asset and report info to TLS certificates
timopollmeier Oct 2, 2019
8ab3feb
Add doc for TLS certificate helpers and fix typo
timopollmeier Oct 7, 2019
c568911
Rename TLS certificate last_collected to last_seen
timopollmeier Oct 7, 2019
f6cfe37
Amend CHANGELOG for new TLS cert info and rename
timopollmeier Oct 7, 2019
dc7a201
Move tls_certificate_origin_extra_xml function
timopollmeier Oct 7, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
55 changes: 47 additions & 8 deletions src/gmp_tls_certificates.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -254,6 +254,19 @@ get_tls_certificates_run (gmp_parser_t *gmp_parser, GError **error)

while (next (&sources))
{
const char *location_host_ip;
const char *origin_type, *origin_id, *origin_data;

location_host_ip
= tls_certificate_source_iterator_location_host_ip (&sources);

origin_type
= tls_certificate_source_iterator_origin_type (&sources);
origin_id
= tls_certificate_source_iterator_origin_id (&sources);
origin_data
= tls_certificate_source_iterator_origin_data (&sources);

SENDF_TO_CLIENT_OR_FAIL
("<source id=\"%s\">"
"<timestamp>%s</timestamp>"
Expand All @@ -266,31 +279,57 @@ get_tls_certificates_run (gmp_parser_t *gmp_parser, GError **error)

if (tls_certificate_source_iterator_location_uuid (&sources))
{
gchar *asset_id;

asset_id
= tls_certificate_host_asset_id (location_host_ip,
origin_id);

SENDF_TO_CLIENT_OR_FAIL
("<location id=\"%s\">"
"<host><ip>%s</ip></host>"
"<host>"
"<ip>%s</ip>"
"<asset id=\"%s\"/>"
"</host>"
"<port>%s</port>"
"</location>",
tls_certificate_source_iterator_location_uuid
(&sources),
tls_certificate_source_iterator_location_host_ip
(&sources),
location_host_ip,
asset_id ? asset_id : "",
tls_certificate_source_iterator_location_port
(&sources));

free (asset_id);
}

if (tls_certificate_source_iterator_origin_uuid (&sources))
{

gchar *extra_xml;

SENDF_TO_CLIENT_OR_FAIL
("<origin id=\"%s\">"
"<origin_type>%s</origin_type>"
"<origin_id>%s</origin_id>"
"<origin_data>%s</origin_data>"
"</origin>",
"<origin_data>%s</origin_data>",
tls_certificate_source_iterator_origin_uuid (&sources),
tls_certificate_source_iterator_origin_type (&sources),
tls_certificate_source_iterator_origin_id (&sources),
tls_certificate_source_iterator_origin_data (&sources));
origin_type,
origin_id,
origin_data);

extra_xml = tls_certificate_origin_extra_xml (origin_type,
origin_id,
origin_data);
if (extra_xml)
{
SEND_TO_CLIENT_OR_FAIL (extra_xml);
}

SENDF_TO_CLIENT_OR_FAIL
("</origin>");

g_free (extra_xml);
}

SEND_TO_CLIENT_OR_FAIL ("</source>");
Expand Down
77 changes: 77 additions & 0 deletions src/manage_sql_tls_certificates.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@
#include "manage_acl.h"
#include "manage_sql_tls_certificates.h"
#include "manage_sql.h"
#include "utils.h"
#include "sql.h"

#include <stdlib.h>
Expand Down Expand Up @@ -1647,3 +1648,79 @@ add_tls_certificates_from_report_host (report_host_t report_host,

return 0;
}

gchar *
tls_certificate_origin_extra_xml (const char *origin_type,
mattmundell marked this conversation as resolved.
Show resolved Hide resolved
const char *origin_id,
const char *orgin_data)
{
gchar *ret;

ret = NULL;

if (strcasecmp (origin_type, "Report") == 0)
{
report_t report;

report = 0;
if (find_report_with_permission (origin_id, &report, "get_reports"))
{
g_warning ("%s : error getting report", __FUNCTION__);
}

if (report)
{
task_t task;
gchar *timestamp, *report_task_id, *report_task_name;

timestamp = NULL;
report_task_id = NULL;
report_task_name = NULL;
report_timestamp (origin_id, &timestamp);

task = 0;
if (report_task (report, &task))
{
g_warning ("%s : error getting report task", __FUNCTION__);
}

if (task)
{
task_uuid (task, &report_task_id);
report_task_name = task_name (task);
}

ret = g_strdup_printf ("<report id=\"%s\">"
"<date>%s</date>"
"<task id=\"%s\">"
"<name>%s</name>"
"</task>"
"</report>",
origin_id,
timestamp ? timestamp : "",
report_task_id ? report_task_id : "",
report_task_name ? report_task_name : "");

g_free (timestamp);
g_free (report_task_id);
g_free (report_task_name);
}
}

return ret;
}

char *
tls_certificate_host_asset_id (const char *host_ip, const char *origin_id)
{
return sql_string ("SELECT hosts.uuid"
" FROM host_identifiers"
" JOIN hosts ON hosts.id = host_identifiers.host"
" WHERE host_identifiers.name='ip'"
" AND host_identifiers.value='%s'"
" AND host_identifiers.source_id='%s'"
" ORDER BY host_identifiers.modification_time DESC"
" LIMIT 1;",
host_ip,
origin_id);
}
6 changes: 6 additions & 0 deletions src/manage_tls_certificates.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -142,4 +142,10 @@ get_or_make_tls_certificate_source (tls_certificate_t,
const char *,
const char *);

gchar *
tls_certificate_origin_extra_xml (const char *, const char *, const char *);

char *
tls_certificate_host_asset_id (const char *, const char *);

#endif /* not _GVMD_MANAGE_TLS_CERTIFICATES_H */
53 changes: 53 additions & 0 deletions src/schema_formats/XML/GMP.xml.in
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23236,12 +23236,25 @@ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
<summary>Host where the certificate was found</summary>
<pattern>
<e>ip</e>
<e>asset</e>
</pattern>
<ele>
<name>ip</name>
<summary>IP address of the host</summary>
<pattern>text</pattern>
</ele>
<ele>
<name>asset</name>
<summary>Host asset</summary>
<pattern>
<attrib>
<name>id</name>
<summary>UUID of the host asset</summary>
<type>uuid</type>
<required>0</required>
</attrib>
</pattern>
</ele>
</ele>
<ele>
<name>port</name>
Expand All @@ -23262,6 +23275,7 @@ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
<e>origin_type</e>
<e>origin_id</e>
<e>origin_data</e>
<o><e>report</e></o>
</pattern>
<ele>
<name>origin_type</name>
Expand All @@ -23278,6 +23292,45 @@ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
<summary>Extra origin data, e.g. OID of the detection NVT</summary>
<pattern>text</pattern>
</ele>
<ele>
<name>report</name>
<summary>Report data if the origin is a report</summary>
<pattern>
<attrib>
<name>id</name>
<summary>UUID of the report</summary>
<type>uuid</type>
<required>0</required>
</attrib>
<e>date</e>
<e>task</e>
</pattern>
<ele>
<name>date</name>
<summary>Timestamp of the report</summary>
<pattern>
<t>iso_time</t>
</pattern>
</ele>
<ele>
<name>task</name>
<summary>Task the report belongs to</summary>
<pattern>
<attrib>
<name>id</name>
<summary>UUID of the task</summary>
<type>uuid</type>
<required>1</required>
</attrib>
<e>name</e>
</pattern>
<ele>
<name>name</name>
<summary>Name of the task</summary>
<pattern>text</pattern>
</ele>
</ele>
</ele>
</ele>
</ele>
</ele>
Expand Down