Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix: Use CPE v2.2 in new CVE scanner, add indexes #2365

Merged
merged 2 commits into from
Feb 7, 2025
Merged

Fix: Use CPE v2.2 in new CVE scanner, add indexes #2365

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
8c198e9
Fix: Use CPE v2.2 in new CVE scanner, add indexes
timopollmeier Jan 31, 2025
aa80fe7
Change required gvm-libs version to 22.17
timopollmeier Jan 31, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 4 additions & 4 deletions src/CMakeLists.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,10 +27,10 @@ find_package (Threads)
## might occur.

pkg_check_modules (CJSON REQUIRED libcjson>=1.7.14)
pkg_check_modules (LIBGVM_BASE REQUIRED libgvm_base>=22.12)
pkg_check_modules (LIBGVM_UTIL REQUIRED libgvm_util>=22.12)
pkg_check_modules (LIBGVM_OSP REQUIRED libgvm_osp>=22.12)
pkg_check_modules (LIBGVM_GMP REQUIRED libgvm_gmp>=22.12)
pkg_check_modules (LIBGVM_BASE REQUIRED libgvm_base>=22.17)
pkg_check_modules (LIBGVM_UTIL REQUIRED libgvm_util>=22.17)
pkg_check_modules (LIBGVM_OSP REQUIRED libgvm_osp>=22.17)
pkg_check_modules (LIBGVM_GMP REQUIRED libgvm_gmp>=22.17)
pkg_check_modules (GNUTLS REQUIRED gnutls>=3.2.15)
pkg_check_modules (GLIB REQUIRED glib-2.0>=2.42)
pkg_check_modules (LIBBSD REQUIRED libbsd)
Expand Down
16 changes: 8 additions & 8 deletions src/manage.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3284,16 +3284,16 @@ check_cpe_match_rule (long long int node, gboolean *match, gboolean *vulnerable,
while (next (&cpe_match_ranges))
{
iterator_t cpe_host_details_products;
gchar *range_fs_cpe;
gchar *range_uri_cpe;
gchar *range_uri_product;
gchar *vsi, *vse, *vei, *vee;
range_fs_cpe = vsi = vse = vei = vee = NULL;
range_fs_cpe = g_strdup (cpe_match_string_iterator_criteria (&cpe_match_ranges));
range_uri_cpe = vsi = vse = vei = vee = NULL;
range_uri_cpe = g_strdup (cpe_match_string_iterator_criteria (&cpe_match_ranges));
vsi = g_strdup (cpe_match_string_iterator_version_start_incl (&cpe_match_ranges));
vse = g_strdup (cpe_match_string_iterator_version_start_excl (&cpe_match_ranges));
vei = g_strdup (cpe_match_string_iterator_version_end_incl (&cpe_match_ranges));
vee = g_strdup (cpe_match_string_iterator_version_end_excl (&cpe_match_ranges));
range_uri_product = fs_cpe_to_uri_product (range_fs_cpe);
range_uri_product = uri_cpe_to_uri_product (range_uri_cpe);
init_host_details_cpe_product_iterator (&cpe_host_details_products, range_uri_product, report_host);
while (next (&cpe_host_details_products))
{
Expand All @@ -3303,7 +3303,7 @@ check_cpe_match_rule (long long int node, gboolean *match, gboolean *vulnerable,
host_details_cpe = host_details_cpe_product_iterator_value (&cpe_host_details_products);
cpe_struct_init (&source);
cpe_struct_init (&target);
fs_cpe_to_cpe_struct (range_fs_cpe, &source);
uri_cpe_to_cpe_struct (range_uri_cpe, &source);
uri_cpe_to_cpe_struct (host_details_cpe, &target);
matches = cpe_struct_match (&source, &target);
if (matches)
Expand All @@ -3321,15 +3321,15 @@ check_cpe_match_rule (long long int node, gboolean *match, gboolean *vulnerable,
cpe_struct_t source, target;
cpe_struct_init (&source);
cpe_struct_init (&target);
fs_cpe_to_cpe_struct (range_fs_cpe, &source);
uri_cpe_to_cpe_struct (range_uri_cpe, &source);
uri_cpe_to_cpe_struct (host_cpe, &target);
if (cpe_struct_match (&source, &target))
*vulnerable = TRUE;
cpe_struct_free (&source);
cpe_struct_free (&target);
}
g_free (range_uri_product);
g_free (range_fs_cpe);
g_free (range_uri_cpe);
g_free (vsi);
g_free (vse);
g_free (vei);
Expand Down Expand Up @@ -3375,7 +3375,7 @@ cve_scan_report_host_json (task_t task,
double severity;

host_cpe = host_details_cpe_iterator_cpe (&host_details_cpe);
cpe_product = uri_cpe_to_fs_product (host_cpe);
cpe_product = uri_cpe_to_uri_product (host_cpe);
init_cpe_match_nodes_iterator (&cpe_match_root_node, cpe_product);
while (next (&cpe_match_root_node))
{
Expand Down
6 changes: 6 additions & 0 deletions src/manage_pg.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3784,6 +3784,12 @@ manage_db_init_indexes (const gchar *name)
sql ("CREATE INDEX cpes_by_cpe_name_id"
" ON scap2.cpes(cpe_name_id);");

sql ("CREATE INDEX cpe_match_nodes_by_root_id"
" ON scap2.cpe_match_nodes(root_id);");

sql ("CREATE INDEX cpe_nodes_match_criteria_by_node_id"
" ON scap2.cpe_nodes_match_criteria(node_id);");

sql ("CREATE INDEX afp_cpe_idx"
" ON scap2.affected_products (cpe);");
sql ("CREATE INDEX afp_cve_idx"
Expand Down
Loading