greenbone · timopollmeier · Sep 24, 2020 · Sep 9, 2020 · Sep 9, 2020 · Sep 9, 2020
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -25,6 +25,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 - Replace deprecated sys_siglist with strsignal [#1280](https://github.com/greenbone/gvmd/pull/1280)
 - Copy instead of moving when migrating predefined report formats [#1286](https://github.com/greenbone/gvmd/pull/1286)
 - Skip DB check in helpers when main process is running [#1291](https://github.com/greenbone/gvmd/pull/1291)
+- Add SecInfo case to alert check in MODIFY_FILTER [#1293](https://github.com/greenbone/gvmd/pull/1293)
 - Recreate vulns after sync [#1292](https://github.com/greenbone/gvmd/pull/1292)
 - For radio prefs in GMP exclude value and include default [#1296](https://github.com/greenbone/gvmd/pull/1296)
 - Auto delete at the start of scheduling so it always runs [#1302](https://github.com/greenbone/gvmd/pull/1302)

diff --git a/src/gmp.c b/src/gmp.c
@@ -23548,6 +23548,14 @@ gmp_xml_handle_end_element (/* unused */ GMarkupParseContext* context,
                 log_event_fail ("filter", "Filter",
                                 modify_filter_data->filter_id, "modified");
                 break;
+              case 6:
+                SEND_TO_CLIENT_OR_FAIL
+                 (XML_ERROR_SYNTAX ("modify_filter",
+                                    "Filter is used by an alert so type must be"
+                                    " 'info' if specified"));
+                log_event_fail ("filter", "Filter",
+                                modify_filter_data->filter_id, "modified");
+                break;
               case 99:
                 SEND_TO_CLIENT_OR_FAIL
                  (XML_ERROR_SYNTAX ("modify_filter",

diff --git a/src/manage_sql.c b/src/manage_sql.c
@@ -45877,7 +45877,9 @@ int
 filter_in_use (filter_t filter)
 {
   return !!sql_int ("SELECT count (*) FROM alerts"
+                    /* Filter applied to results passed to alert's "generate". */
                     " WHERE filter = %llu"
+                    /* Filter applied to check alert condition. */
                     "   OR (EXISTS (SELECT * FROM alert_condition_data"
                     "             WHERE name = 'filter_id'"
                     "             AND data = (SELECT uuid FROM filters"
@@ -45890,6 +45892,70 @@ filter_in_use (filter_t filter)
                     ALERT_CONDITION_FILTER_COUNT_CHANGED);
 }
 
+/**
+ * @brief Check whether a filter is in use for the output of any alert.
+ *
+ * @param[in]  filter  Filter.
+ *
+ * @return 1 yes, 0 no.
+ */
+static int
+filter_in_use_for_output (filter_t filter)
+{
+  return !!sql_int ("SELECT count (*) FROM alerts"
+                    " WHERE filter = %llu;",
+                    filter);
+}
+
+/**
+ * @brief Check whether a filter is in use by any result alert conditions.
+ *
+ * @param[in]  filter  Filter.
+ *
+ * @return 1 yes, 0 no.
+ */
+static int
+filter_in_use_for_result_event (filter_t filter)
+{
+  return !!sql_int ("SELECT count (*) FROM alerts"
+                    " WHERE event = %llu"
+                    " AND (EXISTS (SELECT * FROM alert_condition_data"
+                    "              WHERE name = 'filter_id'"
+                    "              AND data = (SELECT uuid FROM filters"
+                    "                          WHERE id = %llu)"
+                    "              AND alert = alerts.id)"
+                    " AND (condition = %i OR condition = %i))",
+                    EVENT_TASK_RUN_STATUS_CHANGED,
+                    filter,
+                    ALERT_CONDITION_FILTER_COUNT_AT_LEAST,
+                    ALERT_CONDITION_FILTER_COUNT_CHANGED);
+}
+
+/**
+ * @brief Check whether a filter is in use by any secinfo alert conditions.
+ *
+ * @param[in]  filter  Filter.
+ *
+ * @return 1 yes, 0 no.
+ */
+static int
+filter_in_use_for_secinfo_event (filter_t filter)
+{
+  return !!sql_int ("SELECT count (*) FROM alerts"
+                    " WHERE (event = %llu OR event = %llu)"
+                    " AND (EXISTS (SELECT * FROM alert_condition_data"
+                    "              WHERE name = 'filter_id'"
+                    "              AND data = (SELECT uuid FROM filters"
+                    "                          WHERE id = %llu)"
+                    "              AND alert = alerts.id)"
+                    " AND (condition = %i OR condition = %i))",
+                    EVENT_NEW_SECINFO,
+                    EVENT_UPDATED_SECINFO,
+                    filter,
+                    ALERT_CONDITION_FILTER_COUNT_AT_LEAST,
+                    ALERT_CONDITION_FILTER_COUNT_CHANGED);
+}
+
 /**
  * @brief Check whether a trashcan filter is in use.
  *
@@ -46135,8 +46201,8 @@ filter_alert_iterator_readable (iterator_t* iterator)
  *
  * @return 0 success, 1 failed to find filter, 2 filter with new name exists,
  *         3 error in type name, 4 filter_id required, 5 filter is in use so
- *         type must be "result" if specified, 99 permission denied,
- *         -1 internal error.
+ *         type must be "result", 6 filter is in use so type must be "info",
+ *         99 permission denied, -1 internal error.
  */
 int
 modify_filter (const char *filter_id, const char *name, const char *comment,
@@ -46176,14 +46242,24 @@ modify_filter (const char *filter_id, const char *name, const char *comment,
     }
 
   /* If the filter is linked to an alert, check that the type is valid. */
-  if (filter_in_use (filter)
+
+  if ((filter_in_use_for_output (filter)
+       || filter_in_use_for_result_event (filter))
       && type
       && strcasecmp (type, "result"))
     {
       sql_rollback ();
       return 5;
     }
 
+  if (filter_in_use_for_secinfo_event (filter)
+      && type
+      && strcasecmp (type, "info"))
+    {
+      sql_rollback ();
+      return 6;
+    }
+
   /* Check whether a filter with the same name exists already. */
   if (name)
     {