From d0775ecafba404ffd2492c60076bc11d5270ad1c Mon Sep 17 00:00:00 2001 From: Matt Mundell Date: Wed, 9 Sep 2020 13:17:34 +0200 Subject: [PATCH 1/4] In modify_filter make alert check specific to type 'result' --- src/manage_sql.c | 44 +++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 43 insertions(+), 1 deletion(-) diff --git a/src/manage_sql.c b/src/manage_sql.c index f9399c506..abce32f20 100644 --- a/src/manage_sql.c +++ b/src/manage_sql.c @@ -45866,7 +45866,9 @@ int filter_in_use (filter_t filter) { return !!sql_int ("SELECT count (*) FROM alerts" + /* Filter applied to results passed to alert's "generate". */ " WHERE filter = %llu" + /* Filter applied to check alert condition. */ " OR (EXISTS (SELECT * FROM alert_condition_data" " WHERE name = 'filter_id'" " AND data = (SELECT uuid FROM filters" @@ -45879,6 +45881,45 @@ filter_in_use (filter_t filter) ALERT_CONDITION_FILTER_COUNT_CHANGED); } +/** + * @brief Check whether a filter is in use for the output of any alert. + * + * @param[in] filter Filter. + * + * @return 1 yes, 0 no. + */ +static int +filter_in_use_for_output (filter_t filter) +{ + return !!sql_int ("SELECT count (*) FROM alerts" + " WHERE filter = %llu;", + filter); +} + +/** + * @brief Check whether a filter is in use by any result alert conditions. + * + * @param[in] filter Filter. + * + * @return 1 yes, 0 no. + */ +static int +filter_in_use_for_result_event (filter_t filter) +{ + return !!sql_int ("SELECT count (*) FROM alerts" + " WHERE event = %llu" + " AND (EXISTS (SELECT * FROM alert_condition_data" + " WHERE name = 'filter_id'" + " AND data = (SELECT uuid FROM filters" + " WHERE id = %llu)" + " AND alert = alerts.id)" + " AND (condition = %i OR condition = %i))", + EVENT_TASK_RUN_STATUS_CHANGED, + filter, + ALERT_CONDITION_FILTER_COUNT_AT_LEAST, + ALERT_CONDITION_FILTER_COUNT_CHANGED); +} + /** * @brief Check whether a trashcan filter is in use. * @@ -46165,7 +46206,8 @@ modify_filter (const char *filter_id, const char *name, const char *comment, } /* If the filter is linked to an alert, check that the type is valid. */ - if (filter_in_use (filter) + if ((filter_in_use_for_output (filter) + || filter_in_use_for_result_event (filter)) && type && strcasecmp (type, "result")) { From 1e7c555b77aad18aa827e46b6c7c9688cbd95be0 Mon Sep 17 00:00:00 2001 From: Matt Mundell Date: Wed, 9 Sep 2020 13:34:25 +0200 Subject: [PATCH 2/4] In modify_filter add an alert check for type 'info' --- src/manage_sql.c | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/src/manage_sql.c b/src/manage_sql.c index abce32f20..8781e1c28 100644 --- a/src/manage_sql.c +++ b/src/manage_sql.c @@ -45920,6 +45920,31 @@ filter_in_use_for_result_event (filter_t filter) ALERT_CONDITION_FILTER_COUNT_CHANGED); } +/** + * @brief Check whether a filter is in use by any secinfo alert conditions. + * + * @param[in] filter Filter. + * + * @return 1 yes, 0 no. + */ +static int +filter_in_use_for_secinfo_event (filter_t filter) +{ + return !!sql_int ("SELECT count (*) FROM alerts" + " WHERE (event = %llu OR event = %llu)" + " AND (EXISTS (SELECT * FROM alert_condition_data" + " WHERE name = 'filter_id'" + " AND data = (SELECT uuid FROM filters" + " WHERE id = %llu)" + " AND alert = alerts.id)" + " AND (condition = %i OR condition = %i))", + EVENT_NEW_SECINFO, + EVENT_UPDATED_SECINFO, + filter, + ALERT_CONDITION_FILTER_COUNT_AT_LEAST, + ALERT_CONDITION_FILTER_COUNT_CHANGED); +} + /** * @brief Check whether a trashcan filter is in use. * @@ -46206,6 +46231,7 @@ modify_filter (const char *filter_id, const char *name, const char *comment, } /* If the filter is linked to an alert, check that the type is valid. */ + if ((filter_in_use_for_output (filter) || filter_in_use_for_result_event (filter)) && type @@ -46215,6 +46241,14 @@ modify_filter (const char *filter_id, const char *name, const char *comment, return 5; } + if (filter_in_use_for_secinfo_event (filter) + && type + && strcasecmp (type, "info")) + { + sql_rollback (); + return 5; + } + /* Check whether a filter with the same name exists already. */ if (name) { From 45231364b247c05d465c4718700ce8938c5e40d7 Mon Sep 17 00:00:00 2001 From: Matt Mundell Date: Wed, 9 Sep 2020 13:38:00 +0200 Subject: [PATCH 3/4] Use separate return for modify_filter info alert check --- src/gmp.c | 8 ++++++++ src/manage_sql.c | 6 +++--- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/src/gmp.c b/src/gmp.c index d4bb696ac..111a69a50 100644 --- a/src/gmp.c +++ b/src/gmp.c @@ -23536,6 +23536,14 @@ gmp_xml_handle_end_element (/* unused */ GMarkupParseContext* context, log_event_fail ("filter", "Filter", modify_filter_data->filter_id, "modified"); break; + case 6: + SEND_TO_CLIENT_OR_FAIL + (XML_ERROR_SYNTAX ("modify_filter", + "Filter is used by an alert so type must be" + " 'info' if specified")); + log_event_fail ("filter", "Filter", + modify_filter_data->filter_id, "modified"); + break; case 99: SEND_TO_CLIENT_OR_FAIL (XML_ERROR_SYNTAX ("modify_filter", diff --git a/src/manage_sql.c b/src/manage_sql.c index 8781e1c28..de285459e 100644 --- a/src/manage_sql.c +++ b/src/manage_sql.c @@ -46190,8 +46190,8 @@ filter_alert_iterator_readable (iterator_t* iterator) * * @return 0 success, 1 failed to find filter, 2 filter with new name exists, * 3 error in type name, 4 filter_id required, 5 filter is in use so - * type must be "result" if specified, 99 permission denied, - * -1 internal error. + * type must be "result", 6 filter is in use so type must be "info", + * 99 permission denied, -1 internal error. */ int modify_filter (const char *filter_id, const char *name, const char *comment, @@ -46246,7 +46246,7 @@ modify_filter (const char *filter_id, const char *name, const char *comment, && strcasecmp (type, "info")) { sql_rollback (); - return 5; + return 6; } /* Check whether a filter with the same name exists already. */ From c1089aa5dff51bfa63b73b9c171d7144b967fa92 Mon Sep 17 00:00:00 2001 From: Matt Mundell Date: Wed, 9 Sep 2020 13:40:08 +0200 Subject: [PATCH 4/4] Update changelog --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index feb6dde17..5bd74bfb0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -24,6 +24,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Fix alternative options for radio type preferences when exporting a scan_config [#1278](http://github.com/greenbone/gvmd/pull/1278) - Replace deprecated sys_siglist with strsignal [#1280](https://github.com/greenbone/gvmd/pull/1280) - Copy instead of moving when migrating predefined report formats [#1286](https://github.com/greenbone/gvmd/pull/1286) +- Add SecInfo case to alert check in MODIFY_FILTER [#1293](https://github.com/greenbone/gvmd/pull/1293) ### Removed - Remove DROP from vulns creation [#1281](http://github.com/greenbone/gvmd/pull/1281)