Skip to content

Commit

Permalink
Merge pull request #1436 from greenbone/mergify/bp/gvmd-21.04/pr-1435
Browse files Browse the repository at this point in the history
Improve modify_override errors, fix no NVT case (bp #1435)
  • Loading branch information
bjoernricks authored Mar 8, 2021
2 parents f1a0019 + 52b4bf0 commit 0efcd2d
Show file tree
Hide file tree
Showing 3 changed files with 41 additions and 17 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
### Fixed
- Also create owner WITH clause for single resources [#1406](https://github.com/greenbone/gvmd/pull/1406)
- Fix SQL escaping when adding VT references [#1429](https://github.com/greenbone/gvmd/pull/1429)
- Improve modify_override errors, fix no NVT case [#1435](https://github.com/greenbone/gvmd/pull/1435)

### Removed

Expand Down
32 changes: 32 additions & 0 deletions src/gmp.c
Original file line number Diff line number Diff line change
Expand Up @@ -23489,6 +23489,38 @@ gmp_xml_handle_end_element (/* unused */ GMarkupParseContext* context,
modify_override_data->override_id,
"modified");
break;
case 8:
SEND_TO_CLIENT_OR_FAIL
(XML_ERROR_SYNTAX ("modify_override",
"Error in threat specification"));
log_event_fail ("override", "Override",
modify_override_data->override_id,
"modified");
break;
case 9:
SEND_TO_CLIENT_OR_FAIL
(XML_ERROR_SYNTAX ("modify_override",
"Error in new_threat specification"));
log_event_fail ("override", "Override",
modify_override_data->override_id,
"modified");
break;
case 10:
SEND_TO_CLIENT_OR_FAIL
(XML_ERROR_SYNTAX ("modify_override",
"Error in new_severity specification"));
log_event_fail ("override", "Override",
modify_override_data->override_id,
"modified");
break;
case 11:
SEND_TO_CLIENT_OR_FAIL
(XML_ERROR_SYNTAX ("modify_override",
"new_severity is required"));
log_event_fail ("override", "Override",
modify_override_data->override_id,
"modified");
break;
case -1:
SEND_TO_CLIENT_OR_FAIL
(XML_INTERNAL_ERROR ("modify_override"));
Expand Down
25 changes: 8 additions & 17 deletions src/manage_sql.c
Original file line number Diff line number Diff line change
Expand Up @@ -37035,7 +37035,9 @@ delete_override (const char *override_id, int ultimate)
*
* @return 0 success, -1 error, 1 syntax error in active, 2 invalid port,
* 3 invalid severity score, 4 failed to find NVT, 5 failed to find
* override, 6 failed to find task, 7 failed to find result.
* override, 6 failed to find task, 7 failed to find result,
* 8 invalid threat, 9 invalid new_threat, 10 invalid new_severity,
* 11 missing new_severity.
*/
int
modify_override (const gchar *override_id, const char *active, const char *nvt,
Expand Down Expand Up @@ -37095,17 +37097,6 @@ modify_override (const gchar *override_id, const char *active, const char *nvt,
if (nvt && !nvt_exists (nvt))
return 4;

if (threat && strcmp (threat, "High") && strcmp (threat, "Medium")
&& strcmp (threat, "Low") && strcmp (threat, "Log")
&& strcmp (threat, "Alarm") && strcmp (threat, ""))
return -1;

if (new_threat && strcmp (new_threat, "High") && strcmp (new_threat, "Medium")
&& strcmp (new_threat, "Low") && strcmp (new_threat, "Log")
&& strcmp (new_threat, "False Positive")
&& strcmp (new_threat, "Alarm") && strcmp (new_threat, ""))
return -1;

severity_dbl = 0.0;
if (severity != NULL && strcmp (severity, ""))
{
Expand All @@ -37128,7 +37119,7 @@ modify_override (const gchar *override_id, const char *active, const char *nvt,
else if (strcmp (threat, "Log") == 0)
severity_dbl = SEVERITY_LOG;
else
return -1;
return 8;

quoted_severity = g_strdup_printf ("'%1.1f'", severity_dbl);
}
Expand All @@ -37144,7 +37135,7 @@ modify_override (const gchar *override_id, const char *active, const char *nvt,
&& new_severity_dbl != SEVERITY_FP))
{
g_free (quoted_severity);
return 3;
return 10;
}
}
else if (new_threat != NULL && strcmp (new_threat, ""))
Expand All @@ -37162,19 +37153,19 @@ modify_override (const gchar *override_id, const char *active, const char *nvt,
else
{
g_free (quoted_severity);
return -1;
return 9;
}
}
else
{
g_free (quoted_severity);
return -1;
return 11;
}

quoted_text = sql_insert (text);
quoted_hosts = sql_insert (hosts);
quoted_port = sql_insert (port);
quoted_nvt = sql_quote (nvt);
quoted_nvt = nvt ? sql_quote (nvt) : NULL;

// Tests if a cache rebuild is necessary.
// The "active" status is checked separately
Expand Down

0 comments on commit 0efcd2d

Please sign in to comment.