Adjust to use new API for vt references.

CMakeLists.txt

@@ -1,4 +1,4 @@
-# Copyright (C) 2009-2018 Greenbone Networks GmbH
+# Copyright (C) 2009-2019 Greenbone Networks GmbH
 #
 # SPDX-License-Identifier: GPL-2.0-or-later
 #
@@ -117,7 +117,7 @@ include (CPack)
 
 ## Variables
 
-set (GVMD_DATABASE_VERSION 207)
+set (GVMD_DATABASE_VERSION 208)
 
 set (GVMD_SCAP_DATABASE_VERSION 15)
 

src/manage.h

@@ -1431,12 +1431,6 @@ result_iterator_nvt_family (iterator_t *);
 const char*
 result_iterator_nvt_cvss_base (iterator_t *);
 
-const char*
-result_iterator_nvt_cve (iterator_t *);
-
-const char*
-result_iterator_nvt_xref (iterator_t *);
-
 void
 result_iterator_nvt_refs_append (GString *, iterator_t *);
 

src/manage_migrators.c

@@ -1667,6 +1667,43 @@ migrate_206_to_207 ()
   return 0;
 }
 
+/**
+ * @brief Migrate the database from version 207 to version 208.
+ *
+ * @return 0 success, -1 error.
+ */
+int
+migrate_207_to_208 ()
+{
+  sql_begin_immediate ();
+
+  /* Ensure that the database is currently version 207. */
+
+  if (manage_db_version () != 207)
+    {
+      sql_rollback ();
+      return -1;
+    }
+
+  /* Update the database. */
+
+  /* Remove NOBID, NOCVE and NOXREF entries. An empty string will
+   * from now on indicate that there is no reference of the
+   * respective type. */
+
+  sql ("UPDATE nvts SET bid = '' WHERE bid LIKE 'NOBID';");
+  sql ("UPDATE nvts SET cve = '' WHERE cve LIKE 'NOCVE';");
+  sql ("UPDATE nvts SET xref = '' WHERE xref LIKE 'NOXREF';");
+
+  /* Set the database version to 208. */
+
+  set_db_version (208);
+
+  sql_commit ();
+
+  return 0;
+}
+
 #undef UPDATE_DASHBOARD_SETTINGS
 
 /**
@@ -1701,6 +1738,7 @@ static migrator_t database_migrators[] = {
   {205, migrate_204_to_205}, // v8.0: rev 205
   {206, migrate_205_to_206},
   {207, migrate_206_to_207},
+  {208, migrate_207_to_208},
   /* End marker. */
   {-1, NULL}};
 

src/manage_pg.c

@@ -3099,7 +3099,7 @@ create_tables ()
        "              (SELECT id FROM nvts"
        "               WHERE oid = results.nvt"
        "               AND"
-       "                (cve = 'NOCVE'"
+       "                (cve = ''"
        "                 OR cve NOT IN (SELECT cve FROM nvts"
        "                                WHERE oid"
        "                                      IN (SELECT source_name"
@@ -3125,7 +3125,7 @@ create_tables ()
        "             (SELECT id FROM nvts AS outer_nvts"
        "              WHERE oid = results.nvt"
        "              AND"
-       "              (cve = 'NOCVE'"
+       "              (cve = ''"
        "               OR NOT EXISTS"
        "                  (SELECT cve FROM nvts"
        "                   WHERE oid IN (SELECT source_name"

src/manage_sql.c

@@ -15439,9 +15439,9 @@ update_nvti_cache ()
       nvti_set_name (nvti, iterator_string (&nvts, 1));
       nvti_set_family (nvti, iterator_string (&nvts, 2));
       nvti_set_cvss_base (nvti, iterator_string (&nvts, 3));
-      nvti_set_cve (nvti, iterator_string (&nvts, 4));
-      nvti_set_bid (nvti, iterator_string (&nvts, 5));
-      nvti_set_xref (nvti, iterator_string (&nvts, 6));
+      nvti_add_refs (nvti, "cve", iterator_string (&nvts, 4), "");
+      nvti_add_refs (nvti, "bid", iterator_string (&nvts, 5), "");
+      nvti_add_refs (nvti, NULL, iterator_string (&nvts, 6), "");
       nvti_set_tag (nvti, iterator_string (&nvts, 7));
       nvtis_add (nvti_cache, nvti);
     }
@@ -24564,42 +24564,6 @@ result_iterator_nvt_cvss_base (iterator_t *iterator)
   return NULL;
 }
 
-/**
- * @brief Get the NVT CVE from a result iterator.
- *
- * @param[in]  iterator  Iterator.
- *
- * @return The CVE of the NVT that produced the result, or NULL on error.
- */
-const char*
-result_iterator_nvt_cve (iterator_t *iterator)
-{
-  nvti_t *nvti;
-  if (iterator->done) return NULL;
-  nvti = nvtis_lookup (nvti_cache, result_iterator_nvt_oid (iterator));
-  if (nvti)
-    return nvti_cve (nvti);
-  return NULL;
-}
-
-/**
- * @brief Get the NVT XREF from a result iterator.
- *
- * @param[in]  iterator  Iterator.
- *
- * @return The XREF of the NVT that produced the result, or NULL on error.
- */
-const char*
-result_iterator_nvt_xref (iterator_t *iterator)
-{
-  nvti_t *nvti;
-  if (iterator->done) return NULL;
-  nvti = nvtis_lookup (nvti_cache, result_iterator_nvt_oid (iterator));
-  if (nvti)
-    return nvti_xref (nvti);
-  return NULL;
-}
-
 /**
  * @brief Get the NVT's references in XML format from a nvti object via oid.
  *
@@ -24609,80 +24573,17 @@ result_iterator_nvt_xref (iterator_t *iterator)
 void
 nvti_refs_append_xml (GString *xml, const char *oid)
 {
-  gchar **split, **item, *str;
   nvti_t *nvti = nvtis_lookup (nvti_cache, oid);
+  int i;
 
   if (!nvti)
     return;
 
-  str = nvti_bid (nvti);
-  split = g_strsplit (str, ",", 0);
-  item = split;
-  while (*item)
+  for (i = 0; i < nvti_vtref_len (nvti); i++)
     {
-      gchar *id;
-
-      id = *item;
-      g_strstrip (id);
-
-      if ((strcmp (id, "") == 0) || (strcmp (id, "NOBID")) == 0)
-        {
-          item++;
-          continue;
-        }
-
-      xml_string_append (xml, "<ref type=\"bid\" id=\"%s\"/>", id);
-
-      item++;
+      vtref_t *ref = nvti_vtref (nvti, i);
+      xml_string_append (xml, "<ref type=\"%s\" id=\"%s\"/>", vtref_type (ref), vtref_id (ref));
     }
-  g_strfreev (split);
-
-  str = nvti_cve (nvti);
-  split = g_strsplit (str, ",", 0);
-  item = split;
-  while (*item)
-    {
-      gchar *id;
-
-      id = *item;
-      g_strstrip (id);
-
-      if ((strcmp (id, "") == 0) || (strcmp (id, "NOCVE")) == 0)
-        {
-          item++;
-          continue;
-        }
-
-      xml_string_append (xml, "<ref type=\"cve\" id=\"%s\"/>", id);
-
-      item++;
-    }
-  g_strfreev (split);
-
-  str = nvti_xref (nvti);
-  split = g_strsplit (str, ",", 0);
-  item = split;
-  while (*item)
-    {
-      gchar *type_and_id;
-      gchar **split2;
-
-      type_and_id = *item;
-      g_strstrip (type_and_id);
-
-      if ((strcmp (type_and_id, "") == 0) || (strcmp (type_and_id, "NOXREF")) == 0)
-        {
-          item++;
-          continue;
-        }
-
-      split2 = g_strsplit (type_and_id, ":", 2);
-      if (split2[0] && split2[1])
-        xml_string_append (xml, "<ref type=\"%s\" id=\"%s\"/>", split2[0], split2[1]);
-
-      item++;
-    }
-  g_strfreev (split);
 }
 
 /**
@@ -25425,7 +25326,7 @@ init_report_host_details_iterator (iterator_t* iterator,
                  " UNION SELECT 0, 'Closed CVE', cve, 'openvasmd', oid,"
                  "              nvts.name, cvss_base"
                  "       FROM nvts, report_host_details"
-                 "       WHERE cve != 'NOCVE'"
+                 "       WHERE cve != ''"
                  "       AND family IN (" LSC_FAMILY_LIST ")"
                  "       AND nvts.oid = report_host_details.source_name"
                  "       AND report_host = %llu"
@@ -28489,7 +28390,7 @@ static int
 report_closed_cve_count (report_t report)
 {
   return sql_int (" SELECT count(id) FROM nvts"
-                  " WHERE cve != 'NOCVE'"
+                  " WHERE cve != ''"
                   " AND family IN (" LSC_FAMILY_LIST ")"
                   " AND oid IN"
                   " (SELECT source_name FROM report_host_details"

src/manage_sql_nvts.c

@@ -193,6 +193,7 @@ make_nvt_from_nvti (const nvti_t *nvti)
   gchar *quoted_cve, *quoted_bid, *quoted_xref, *quoted_tag;
   gchar *quoted_cvss_base, *quoted_qod_type, *quoted_family, *value;
   gchar *quoted_solution_type;
+  gchar *cve, *bid, *xref;
 
   int creation_time, modification_time, qod;
 
@@ -206,10 +207,16 @@ make_nvt_from_nvti (const nvti_t *nvti)
   else
     chunk_count++;
 
+  cve = nvti_refs (nvti, "cve", "", 0);
+  bid = nvti_refs (nvti, "bid", "", 0);
+  xref = nvti_refs (nvti, NULL, "cve,bid", 1);
   quoted_name = sql_quote (nvti_name (nvti) ? nvti_name (nvti) : "");
-  quoted_cve = sql_quote (nvti_cve (nvti) ? nvti_cve (nvti) : "");
-  quoted_bid = sql_quote (nvti_bid (nvti) ? nvti_bid (nvti) : "");
-  quoted_xref = sql_quote (nvti_xref (nvti) ? nvti_xref (nvti) : "");
+  quoted_cve = sql_quote (cve ? cve : "");
+  quoted_bid = sql_quote (bid ? bid : "");
+  quoted_xref = sql_quote (xref ? xref : "");
+  g_free (cve);
+  g_free (bid);
+  g_free (xref);
   if (nvti_tag (nvti))
     {
       const char *tags;

src/manage_sqlite3.c

@@ -4009,7 +4009,7 @@ create_tables ()
        "              (SELECT id FROM nvts"
        "               WHERE oid = results.nvt"
        "               AND"
-       "               (cve = 'NOCVE'"
+       "               (cve = ''"
        "                 OR cve NOT IN (SELECT cve FROM nvts"
        "                                WHERE oid IN (SELECT source_name"
        "                                    FROM report_host_details"
@@ -4033,7 +4033,7 @@ create_tables ()
        "             (SELECT id FROM nvts AS outer_nvts"
        "              WHERE oid = results.nvt"
        "              AND"
-       "              (cve = 'NOCVE'"
+       "              (cve = ''"
        "               OR NOT EXISTS"
        "                  (SELECT cve FROM nvts"
        "                   WHERE oid IN (SELECT source_name"

src/otp.c

@@ -1260,19 +1260,25 @@ process_otp_scanner_input ()
                 }
               case SCANNER_PLUGIN_LIST_CVE_ID:
                 {
-                  nvti_set_cve (current_plugin, field);
+                  if (strcmp (field, "NOCVE"))
+                    nvti_add_refs (current_plugin, "cve", field, "");
+
                   set_scanner_state (SCANNER_PLUGIN_LIST_BUGTRAQ_ID);
                   break;
                 }
               case SCANNER_PLUGIN_LIST_BUGTRAQ_ID:
                 {
-                  nvti_set_bid (current_plugin, field);
+                  if (strcmp (field, "NOBID"))
+                    nvti_add_refs (current_plugin, "bid", field, "");
+
                   set_scanner_state (SCANNER_PLUGIN_LIST_XREFS);
                   break;
                 }
               case SCANNER_PLUGIN_LIST_XREFS:
                 {
-                  nvti_set_xref (current_plugin, field);
+                  if (strcmp (field, "NOXREF"))
+                    nvti_add_refs (current_plugin, NULL, field, "");
+
                   set_scanner_state (SCANNER_PLUGIN_LIST_TAGS);
                   switch (parse_scanner_plugin_list_tags (&messages))
                     {