From 5aa1fd3ea2282b3de2a5c91a917f1124a7dfe384 Mon Sep 17 00:00:00 2001 From: Timo Pollmeier Date: Mon, 3 Feb 2020 16:47:01 +0100 Subject: [PATCH 01/11] Fix count in "Filter count at least ..." text The alert_condition_description function did not get the expected count for the text. --- src/manage.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/manage.c b/src/manage.c index 021d065c7..81800bb88 100644 --- a/src/manage.c +++ b/src/manage.c @@ -1357,13 +1357,13 @@ alert_condition_description (alert_condition_t condition, return g_strdup ("Always"); case ALERT_CONDITION_FILTER_COUNT_AT_LEAST: { - char *level; + char *count; gchar *ret; - level = alert_data (alert, "condition", "severity"); + count = alert_data (alert, "condition", "count"); ret = g_strdup_printf ("Filter count at least %s", - level ? level : "0"); - free (level); + count ? count : "0"); + free (count); return ret; } case ALERT_CONDITION_FILTER_COUNT_CHANGED: From 690786888049ff952903c320652865fd574c5576 Mon Sep 17 00:00:00 2001 From: Timo Pollmeier Date: Mon, 3 Feb 2020 16:53:40 +0100 Subject: [PATCH 02/11] Get filter info for SecInfo alert emails This makes the $f and $F placeholders in the email body work. --- src/manage_sql.c | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) diff --git a/src/manage_sql.c b/src/manage_sql.c index 339ee52b7..72a8b2ee8 100644 --- a/src/manage_sql.c +++ b/src/manage_sql.c @@ -11769,8 +11769,9 @@ email_secinfo (alert_t alert, task_t task, event_t event, const gchar *from_address) { gchar *alert_subject, *message, *subject, *example, *list, *type, *base64; - gchar *body; - char *notice, *recipient_credential_id; + gchar *term, *body; + char *notice, *recipient_credential_id, *condition_filter_id; + filter_t condition_filter; credential_t recipient_credential; int ret, count; @@ -11824,10 +11825,24 @@ email_secinfo (alert_t alert, task_t task, event_t event, strlen (list)); } + condition_filter = 0; + term = NULL; + condition_filter_id = alert_data (alert, "condition", "filter_id"); + if (condition_filter_id) + { + gchar *quoted_filter_id; + quoted_filter_id = sql_quote (condition_filter_id); + sql_int64 (&condition_filter, + "SELECT id FROM filters WHERE uuid = '%s'", + quoted_filter_id); + term = filter_term (condition_filter_id); + } + free (condition_filter_id); + if (message && strlen (message)) body = alert_message_print (message, event, type, task, alert, condition, - NULL, 0, NULL, NULL, NULL, + NULL, condition_filter, term, NULL, NULL, list, list ? strlen (list) : 0, 0, count, 0); @@ -11845,6 +11860,7 @@ email_secinfo (alert_t alert, task_t task, event_t event, free (condition_desc); } + g_free (term); g_free (message); g_free (list); From 385bfa247e6d71ecefe4dca61b599b711b2e288a Mon Sep 17 00:00:00 2001 From: Timo Pollmeier Date: Tue, 4 Feb 2020 11:19:25 +0100 Subject: [PATCH 03/11] Count only new/modified NVTs for alert conditions The filter conditions previously counted all the NVTs for the "New/Updated SecInfo arrived" events, not just new or modified ones. --- src/manage.h | 3 ++ src/manage_sql.c | 72 ++++++++++++++++++++++++++++++------------- src/manage_sql_nvts.c | 32 +++++++++++++++++++ 3 files changed, 85 insertions(+), 22 deletions(-) diff --git a/src/manage.h b/src/manage.h index dbf835c26..2c2bfe891 100644 --- a/src/manage.h +++ b/src/manage.h @@ -1971,6 +1971,9 @@ init_nvt_info_iterator (iterator_t*, get_data_t*, const char*); int nvt_info_count (const get_data_t *); +int +nvt_info_count_after (const get_data_t *, time_t, gboolean); + void init_nvt_iterator (iterator_t*, nvt_t, config_t, const char*, const char*, int, const char*); diff --git a/src/manage_sql.c b/src/manage_sql.c index 72a8b2ee8..ab2513916 100644 --- a/src/manage_sql.c +++ b/src/manage_sql.c @@ -14172,6 +14172,52 @@ event_applies (event_t event, const void *event_data, } } +/** + * @brief Return the SecInfo count . + * + * @param[in] alert Alert. + * @param[in] filter_id Condition filter id. + * + * @return 1 if met, else 0. + */ +static time_t +alert_secinfo_count (alert_t alert, char *filter_id) +{ + get_data_t get; + int db_count, uuid_was_null; + event_t event; + gboolean get_modified; + time_t feed_version_epoch; + + event = alert_event (alert); + get_modified = (event == EVENT_UPDATED_SECINFO); + + if (current_credentials.uuid == NULL) + { + current_credentials.uuid = alert_owner_uuid (alert); + uuid_was_null = 1; + } + else + uuid_was_null = 0; + + memset (&get, '\0', sizeof (get)); + if (filter_id && strlen (filter_id) && strcmp (filter_id, "0")) + get.filt_id = filter_id; + + feed_version_epoch = nvts_feed_version_epoch (); + db_count = nvt_info_count_after (&get, + feed_version_epoch, + get_modified); + + if (uuid_was_null) + { + free (current_credentials.uuid); + current_credentials.uuid = NULL; + } + + return db_count; +} + /** * @brief Return whether the condition of an alert is met by a task. * @@ -14214,28 +14260,10 @@ condition_met (task_t task, report_t report, alert_t alert, if (task == 0) { - get_data_t get; - int db_count, uuid_was_null; - - /* NVT event. */ - - if (current_credentials.uuid == NULL) - { - current_credentials.uuid = alert_owner_uuid (alert); - uuid_was_null = 1; - } - else - uuid_was_null = 0; - - memset (&get, '\0', sizeof (get)); - if (filter_id && strlen (filter_id) && strcmp (filter_id, "0")) - get.filt_id = filter_id; - db_count = nvt_info_count (&get); - if (uuid_was_null) - { - free (current_credentials.uuid); - current_credentials.uuid = NULL; - } + /* SecInfo event. */ + int db_count; + db_count = alert_secinfo_count (alert, filter_id); + if (db_count >= count) return 1; break; diff --git a/src/manage_sql_nvts.c b/src/manage_sql_nvts.c index 031ebec81..926bf793d 100644 --- a/src/manage_sql_nvts.c +++ b/src/manage_sql_nvts.c @@ -443,6 +443,38 @@ nvt_info_count (const get_data_t *get) FALSE); } +/** + * @brief Count number of nvts created or modified after a given time. + * + * @param[in] get GET params. + * @param[in] count_time Time NVTs must be created or modified after. + * @param[in] get_modified Whether to get the modification time. + * + * @return Total number of nvts in filtered set. + */ +int +nvt_info_count_after (const get_data_t *get, time_t count_time, + gboolean get_modified) +{ + static const char *filter_columns[] = NVT_INFO_ITERATOR_FILTER_COLUMNS; + static column_t columns[] = NVT_ITERATOR_COLUMNS; + gchar *extra_where; + int ret; + + if (get_modified) + extra_where = g_strdup_printf (" AND modification_time > %ld", + count_time); + else + extra_where = g_strdup_printf (" AND creation_time > %ld", + count_time); + + ret = count ("nvt", get, columns, NULL, filter_columns, 0, 0, extra_where, + FALSE); + + g_free (extra_where); + return ret; +} + /** * @brief Return SQL for selecting NVT's of a config from one family. * From 758ef593228d6d9891dcf518d0fa43e60a790211 Mon Sep 17 00:00:00 2001 From: Timo Pollmeier Date: Tue, 4 Feb 2020 12:49:59 +0100 Subject: [PATCH 04/11] Consider SecInfo type in alert filter condition When checking if a filter count is met for SecInfo events, the SecInfo type given in the event data is counted instead of always counting NVTs. --- src/manage.h | 3 + src/manage_sql.c | 32 ++++++- src/manage_sql_secinfo.c | 187 +++++++++++++++++++++++++++++++++++++++ 3 files changed, 218 insertions(+), 4 deletions(-) diff --git a/src/manage.h b/src/manage.h index 2c2bfe891..66a3064cc 100644 --- a/src/manage.h +++ b/src/manage.h @@ -3488,6 +3488,9 @@ nvt_dfn_cert_adv_iterator_name (iterator_t*); /* All SecInfo Data */ +int +secinfo_count_after (const get_data_t *, const char *, time_t, gboolean); + void init_ovaldi_file_iterator (iterator_t*); diff --git a/src/manage_sql.c b/src/manage_sql.c index ab2513916..7f3a1d9fa 100644 --- a/src/manage_sql.c +++ b/src/manage_sql.c @@ -14188,6 +14188,7 @@ alert_secinfo_count (alert_t alert, char *filter_id) event_t event; gboolean get_modified; time_t feed_version_epoch; + char *secinfo_type; event = alert_event (alert); get_modified = (event == EVENT_UPDATED_SECINFO); @@ -14204,10 +14205,33 @@ alert_secinfo_count (alert_t alert, char *filter_id) if (filter_id && strlen (filter_id) && strcmp (filter_id, "0")) get.filt_id = filter_id; - feed_version_epoch = nvts_feed_version_epoch (); - db_count = nvt_info_count_after (&get, - feed_version_epoch, - get_modified); + secinfo_type = alert_data (alert, "event", "secinfo_type"); + printf ("secinfo_type: %s\n", secinfo_type); + + if (strcmp (secinfo_type, "nvt") == 0) + { + feed_version_epoch = nvts_feed_version_epoch (); + db_count = nvt_info_count_after (&get, + feed_version_epoch, + get_modified); + } + else if (strcmp (secinfo_type, "cert_bund_adv") == 0 + || strcmp (secinfo_type, "dfn_cert_adv") == 0) + { + feed_version_epoch = cert_check_time (); + db_count = secinfo_count_after (&get, + secinfo_type, + feed_version_epoch, + get_modified); + } + else // assume SCAP data + { + feed_version_epoch = scap_check_time (); + db_count = secinfo_count_after (&get, + secinfo_type, + feed_version_epoch, + get_modified); + } if (uuid_was_null) { diff --git a/src/manage_sql_secinfo.c b/src/manage_sql_secinfo.c index fe54daeaf..ff7673c46 100644 --- a/src/manage_sql_secinfo.c +++ b/src/manage_sql_secinfo.c @@ -429,6 +429,30 @@ inserts_run (inserts_t *inserts) /* CPE data. */ +/** + * @brief Gets the SELECT columns for CPE iterators and counts. + * + * @return The SELECT columns. + */ +static const column_t* +cpe_info_select_columns () +{ + static column_t columns[] = CPE_INFO_ITERATOR_COLUMNS; + return columns; +} + +/** + * @brief Gets the filter columns for CPE iterators and counts. + * + * @return The filter columns. + */ +static const char ** +cpe_info_filter_columns () +{ + static const char *filter_columns[] = CPE_INFO_ITERATOR_FILTER_COLUMNS; + return filter_columns; +} + /** * @brief Count number of cpe. * @@ -547,6 +571,30 @@ DEF_ACCESS (cpe_info_iterator_nvd_id, GET_ITERATOR_COLUMN_COUNT + 5); /* CVE data. */ +/** + * @brief Gets the SELECT columns for CVE iterators and counts. + * + * @return The SELECT columns. + */ +static const column_t* +cve_info_select_columns () +{ + static column_t columns[] = CVE_INFO_ITERATOR_COLUMNS; + return columns; +} + +/** + * @brief Gets the filter columns for CVE iterators and counts. + * + * @return The filter columns. + */ +static const char ** +cve_info_filter_columns () +{ + static const char *filter_columns[] = CVE_INFO_ITERATOR_FILTER_COLUMNS; + return filter_columns; +} + /** * @brief Initialise an CVE iterator, for CVEs reported for a certain CPE. * @@ -771,6 +819,30 @@ DEF_ACCESS (cve_info_iterator_description, GET_ITERATOR_COLUMN_COUNT + 8); /* OVAL data. */ +/** + * @brief Gets the SELECT columns for OVAL definition iterators and counts. + * + * @return The SELECT columns. + */ +static const column_t* +ovaldef_info_select_columns () +{ + static column_t columns[] = OVALDEF_INFO_ITERATOR_COLUMNS; + return columns; +} + +/** + * @brief Gets the filter columns for OVAL definition iterators and counts. + * + * @return The filter columns. + */ +static const char ** +ovaldef_info_filter_columns () +{ + static const char *filter_columns[] = OVALDEF_INFO_ITERATOR_FILTER_COLUMNS; + return filter_columns; +} + /** * @brief Initialise an OVAL definition (ovaldef) info iterator. * @@ -1053,6 +1125,31 @@ ovaldef_cves (const char *id) /* CERT-Bund data. */ +/** + * @brief Gets the SELECT columns for CERT-Bund advisory iterators and counts. + * + * @return The SELECT columns. + */ +static const column_t* +cert_bund_adv_info_select_columns () +{ + static column_t columns[] = CERT_BUND_ADV_INFO_ITERATOR_COLUMNS; + return columns; +} + +/** + * @brief Gets the filter columns for CERT-Bund advisory iterators and counts. + * + * @return The filter columns. + */ +static const char ** +cert_bund_adv_info_filter_columns () +{ + static const char *filter_columns[] + = CERT_BUND_ADV_INFO_ITERATOR_FILTER_COLUMNS; + return filter_columns; +} + /** * @brief Initialise an CERT-Bund advisory (cert_bund_adv) info iterator. * @@ -1236,6 +1333,31 @@ DEF_ACCESS (nvt_cert_bund_adv_iterator_name, 0); /* DFN-CERT data. */ +/** + * @brief Gets the SELECT columns for DFN-CERT advisory iterators and counts. + * + * @return The SELECT columns. + */ +static const column_t* +dfn_cert_adv_info_select_columns () +{ + static column_t columns[] = DFN_CERT_ADV_INFO_ITERATOR_COLUMNS; + return columns; +} + +/** + * @brief Gets the filter columns for DFN-CERT advisory iterators and counts. + * + * @return The filter columns. + */ +static const char ** +dfn_cert_adv_info_filter_columns () +{ + static const char *filter_columns[] + = DFN_CERT_ADV_INFO_ITERATOR_FILTER_COLUMNS; + return filter_columns; +} + /** * @brief Initialise an DFN-CERT advisory (dfn_cert_adv) info iterator. * @@ -1415,6 +1537,71 @@ DEF_ACCESS (nvt_dfn_cert_adv_iterator_name, 0); /* All SecInfo data. */ +/** + * @brief Count number of SecInfo items created or modified after a given time. + * + * @param[in] get GET params. + * @param[in] count_time Time SecInfo must be created or modified after. + * @param[in] get_modified Whether to get the modification time. + * + * @return Total number of items in filtered set. + */ +int +secinfo_count_after (const get_data_t *get, + const char *type, + time_t count_time, + gboolean get_modified) +{ + const char **filter_columns; + const column_t *columns; + gchar *extra_where; + int ret; + + if (strcmp (type, "cpe") == 0) + { + columns = cpe_info_select_columns (); + filter_columns = cpe_info_filter_columns (); + } + else if (strcmp (type, "cve") == 0) + { + columns = cve_info_select_columns (); + filter_columns = cve_info_filter_columns (); + } + else if (strcmp (type, "ovaldef") == 0) + { + columns = ovaldef_info_select_columns (); + filter_columns = ovaldef_info_filter_columns (); + } + else if (strcmp (type, "cert_bund_adv") == 0) + { + columns = cert_bund_adv_info_select_columns (); + filter_columns = cert_bund_adv_info_filter_columns (); + } + else if (strcmp (type, "dfn_cert_adv") == 0) + { + columns = dfn_cert_adv_info_select_columns (); + filter_columns = dfn_cert_adv_info_filter_columns (); + } + else + { + g_warning ("%s: Unexpected type %s", __func__, type); + return 0; + } + + if (get_modified) + extra_where = g_strdup_printf (" AND modification_time > %ld", + count_time); + else + extra_where = g_strdup_printf (" AND creation_time > %ld", + count_time); + + ret = count (type, get, (column_t*)columns, NULL, filter_columns, + 0, 0, extra_where, FALSE); + + g_free (extra_where); + return ret; +} + /** * @brief Initialise an ovaldi file iterator. * From f9a831026ca1c6a35c2b18ba3698722b4f99945a Mon Sep 17 00:00:00 2001 From: Timo Pollmeier Date: Tue, 4 Feb 2020 13:03:22 +0100 Subject: [PATCH 05/11] Include new SecInfo in "updated" lists When generating the lists of updated SecInfo for alerts all recently modified items are now added, no longer excluding new ones. --- src/manage_sql.c | 30 ------------------------------ 1 file changed, 30 deletions(-) diff --git a/src/manage_sql.c b/src/manage_sql.c index 7f3a1d9fa..d462f958a 100644 --- a/src/manage_sql.c +++ b/src/manage_sql.c @@ -33466,12 +33466,6 @@ new_cves_list (event_t event, const void* event_data, alert_t alert, " = 'scap_check_time')" " AS INTEGER)," " 0)" - " AND creation_time" - " <= coalesce (CAST ((SELECT value FROM meta" - " WHERE name" - " = 'scap_check_time')" - " AS INTEGER)," - " 0)" " ORDER BY modification_time DESC;"); while (next (&rows)) @@ -33557,12 +33551,6 @@ new_cpes_list (event_t event, const void* event_data, alert_t alert, " = 'scap_check_time')" " AS INTEGER)," " 0)" - " AND creation_time" - " <= coalesce (CAST ((SELECT value FROM meta" - " WHERE name" - " = 'scap_check_time')" - " AS INTEGER)," - " 0)" " ORDER BY modification_time DESC;"); while (next (&rows)) @@ -33647,12 +33635,6 @@ new_cert_bunds_list (event_t event, const void* event_data, alert_t alert, " = 'cert_check_time')" " AS INTEGER)," " 0)" - " AND creation_time" - " <= coalesce (CAST ((SELECT value FROM meta" - " WHERE name" - " = 'cert_check_time')" - " AS INTEGER)," - " 0)" " ORDER BY modification_time DESC;"); while (next (&rows)) @@ -33734,12 +33716,6 @@ new_dfn_certs_list (event_t event, const void* event_data, alert_t alert, " = 'cert_check_time')" " AS INTEGER)," " 0)" - " AND creation_time" - " <= coalesce (CAST ((SELECT value FROM meta" - " WHERE name" - " = 'cert_check_time')" - " AS INTEGER)," - " 0)" " ORDER BY modification_time DESC;"); while (next (&rows)) @@ -33821,12 +33797,6 @@ new_oval_defs_list (event_t event, const void* event_data, alert_t alert, " = 'scap_check_time')" " AS INTEGER)," " 0)" - " AND creation_time" - " <= coalesce (CAST ((SELECT value FROM meta" - " WHERE name" - " = 'scap_check_time')" - " AS INTEGER)," - " 0)" " ORDER BY modification_time DESC;"); while (next (&rows)) From 381ca6123d60c7670bae3666c322c7d487c9ee39 Mon Sep 17 00:00:00 2001 From: Timo Pollmeier Date: Tue, 4 Feb 2020 14:25:38 +0100 Subject: [PATCH 06/11] Add alert filter condition fixes to CHANGELOG --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 021a3d5b2..763a18c3f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -71,6 +71,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Fix Verinice ISM report format and update version [#962](https://github.com/greenbone/gvmd/pull/962) - Always use details testing alerts with a report [#964](https://github.com/greenbone/gvmd/pull/964) - Remove extra XML declaration in Anonymous XML [#965](https://github.com/greenbone/gvmd/pull/965) +- Fix SecInfo alert filter conditions [#971](https://github.com/greenbone/gvmd/pull/971) ### Removed - Remove support for "All SecInfo": removal of "allinfo" for type in get_info [#790](https://github.com/greenbone/gvmd/pull/790) From c4cc815a6f1c820ef90f1e952d7d4c9aab05a925 Mon Sep 17 00:00:00 2001 From: Timo Pollmeier Date: Tue, 4 Feb 2020 14:31:40 +0100 Subject: [PATCH 07/11] Add missing param in doc of secinfo_count_after --- src/manage_sql_secinfo.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/manage_sql_secinfo.c b/src/manage_sql_secinfo.c index ff7673c46..553870b70 100644 --- a/src/manage_sql_secinfo.c +++ b/src/manage_sql_secinfo.c @@ -1541,6 +1541,7 @@ DEF_ACCESS (nvt_dfn_cert_adv_iterator_name, 0); * @brief Count number of SecInfo items created or modified after a given time. * * @param[in] get GET params. + * @param[in] type The type of SecInfo to count. * @param[in] count_time Time SecInfo must be created or modified after. * @param[in] get_modified Whether to get the modification time. * From ee5ab499971c9c5bce7283350a52fe3fa6e1e0e2 Mon Sep 17 00:00:00 2001 From: Timo Pollmeier Date: Tue, 11 Feb 2020 16:14:18 +0100 Subject: [PATCH 08/11] Add missing g_free and remove stray debug printf In email_secinfo, quoted_filter_id needs to be freed and alert_secinfo_count contained a stray printf call. --- src/manage_sql.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/manage_sql.c b/src/manage_sql.c index d462f958a..952971791 100644 --- a/src/manage_sql.c +++ b/src/manage_sql.c @@ -11836,6 +11836,7 @@ email_secinfo (alert_t alert, task_t task, event_t event, "SELECT id FROM filters WHERE uuid = '%s'", quoted_filter_id); term = filter_term (condition_filter_id); + g_free (quoted_filter_id); } free (condition_filter_id); @@ -14206,7 +14207,6 @@ alert_secinfo_count (alert_t alert, char *filter_id) get.filt_id = filter_id; secinfo_type = alert_data (alert, "event", "secinfo_type"); - printf ("secinfo_type: %s\n", secinfo_type); if (strcmp (secinfo_type, "nvt") == 0) { From 041e4bb54bd836761c67a2ad2548955108b5e801 Mon Sep 17 00:00:00 2001 From: Timo Pollmeier Date: Tue, 11 Feb 2020 16:40:54 +0100 Subject: [PATCH 09/11] Fix formatting in SecInfo alert changes --- src/manage_sql.c | 6 ++++-- src/manage_sql_secinfo.c | 2 +- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/src/manage_sql.c b/src/manage_sql.c index 952971791..18775a60b 100644 --- a/src/manage_sql.c +++ b/src/manage_sql.c @@ -14174,7 +14174,7 @@ event_applies (event_t event, const void *event_data, } /** - * @brief Return the SecInfo count . + * @brief Return the SecInfo count. * * @param[in] alert Alert. * @param[in] filter_id Condition filter id. @@ -14284,8 +14284,10 @@ condition_met (task_t task, report_t report, alert_t alert, if (task == 0) { - /* SecInfo event. */ int db_count; + + /* SecInfo event. */ + db_count = alert_secinfo_count (alert, filter_id); if (db_count >= count) diff --git a/src/manage_sql_secinfo.c b/src/manage_sql_secinfo.c index 553870b70..bf6e052cf 100644 --- a/src/manage_sql_secinfo.c +++ b/src/manage_sql_secinfo.c @@ -1596,7 +1596,7 @@ secinfo_count_after (const get_data_t *get, extra_where = g_strdup_printf (" AND creation_time > %ld", count_time); - ret = count (type, get, (column_t*)columns, NULL, filter_columns, + ret = count (type, get, (column_t*) columns, NULL, filter_columns, 0, 0, extra_where, FALSE); g_free (extra_where); From 725c25db6530244ce958c96ccbbbf357b021851e Mon Sep 17 00:00:00 2001 From: Timo Pollmeier Date: Tue, 11 Feb 2020 16:55:45 +0100 Subject: [PATCH 10/11] Revert "Include new SecInfo in "updated" lists" This reverts commit f9a831026ca1c6a35c2b18ba3698722b4f99945a because omitting the existing items is the intended behavior. --- src/manage_sql.c | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/src/manage_sql.c b/src/manage_sql.c index d005d5cc3..9aa113c61 100644 --- a/src/manage_sql.c +++ b/src/manage_sql.c @@ -33401,6 +33401,12 @@ new_cves_list (event_t event, const void* event_data, alert_t alert, " = 'scap_check_time')" " AS INTEGER)," " 0)" + " AND creation_time" + " <= coalesce (CAST ((SELECT value FROM meta" + " WHERE name" + " = 'scap_check_time')" + " AS INTEGER)," + " 0)" " ORDER BY modification_time DESC;"); while (next (&rows)) @@ -33486,6 +33492,12 @@ new_cpes_list (event_t event, const void* event_data, alert_t alert, " = 'scap_check_time')" " AS INTEGER)," " 0)" + " AND creation_time" + " <= coalesce (CAST ((SELECT value FROM meta" + " WHERE name" + " = 'scap_check_time')" + " AS INTEGER)," + " 0)" " ORDER BY modification_time DESC;"); while (next (&rows)) @@ -33570,6 +33582,12 @@ new_cert_bunds_list (event_t event, const void* event_data, alert_t alert, " = 'cert_check_time')" " AS INTEGER)," " 0)" + " AND creation_time" + " <= coalesce (CAST ((SELECT value FROM meta" + " WHERE name" + " = 'cert_check_time')" + " AS INTEGER)," + " 0)" " ORDER BY modification_time DESC;"); while (next (&rows)) @@ -33651,6 +33669,12 @@ new_dfn_certs_list (event_t event, const void* event_data, alert_t alert, " = 'cert_check_time')" " AS INTEGER)," " 0)" + " AND creation_time" + " <= coalesce (CAST ((SELECT value FROM meta" + " WHERE name" + " = 'cert_check_time')" + " AS INTEGER)," + " 0)" " ORDER BY modification_time DESC;"); while (next (&rows)) @@ -33732,6 +33756,12 @@ new_oval_defs_list (event_t event, const void* event_data, alert_t alert, " = 'scap_check_time')" " AS INTEGER)," " 0)" + " AND creation_time" + " <= coalesce (CAST ((SELECT value FROM meta" + " WHERE name" + " = 'scap_check_time')" + " AS INTEGER)," + " 0)" " ORDER BY modification_time DESC;"); while (next (&rows)) From dd8274ce9fb2629e843c4effe4a14787730ad410 Mon Sep 17 00:00:00 2001 From: Timo Pollmeier Date: Thu, 13 Feb 2020 11:45:14 +0100 Subject: [PATCH 11/11] Make SecInfo alert condition and lists consistent The functions counting the SecInfo items for the filter condition and the ones generating the list for alert messages now all use the same conditions for the selection in the "Updated" case: The modification time must be newer than the feed time while the creation time must be older or the same. --- src/manage_sql.c | 12 ++++++++---- src/manage_sql_nvts.c | 4 +++- src/manage_sql_secinfo.c | 4 +++- 3 files changed, 14 insertions(+), 6 deletions(-) diff --git a/src/manage_sql.c b/src/manage_sql.c index 9aa113c61..c21e4effa 100644 --- a/src/manage_sql.c +++ b/src/manage_sql.c @@ -33310,13 +33310,17 @@ new_nvts_list (event_t event, const void* event_data, alert_t alert, else if (event == EVENT_NEW_SECINFO) init_iterator (&rows, "SELECT oid, name, solution_type, cvss_base, qod FROM nvts" - " WHERE creation_time > %d" - " ORDER BY creation_time DESC;", (int)feed_version_epoch); + " WHERE creation_time > %ld" + " ORDER BY creation_time DESC;", + feed_version_epoch); else init_iterator (&rows, "SELECT oid, name, solution_type, cvss_base, qod FROM nvts" - " WHERE modification_time > %d" - " ORDER BY modification_time DESC;", (int)feed_version_epoch); + " WHERE modification_time > %ld" + " AND creation_time <= %ld" + " ORDER BY modification_time DESC;", + feed_version_epoch, + feed_version_epoch); while (next (&rows)) { diff --git a/src/manage_sql_nvts.c b/src/manage_sql_nvts.c index 926bf793d..bfe883819 100644 --- a/src/manage_sql_nvts.c +++ b/src/manage_sql_nvts.c @@ -462,7 +462,9 @@ nvt_info_count_after (const get_data_t *get, time_t count_time, int ret; if (get_modified) - extra_where = g_strdup_printf (" AND modification_time > %ld", + extra_where = g_strdup_printf (" AND modification_time > %ld" + " AND creation_time <= %ld", + count_time, count_time); else extra_where = g_strdup_printf (" AND creation_time > %ld", diff --git a/src/manage_sql_secinfo.c b/src/manage_sql_secinfo.c index bf6e052cf..8549e4b49 100644 --- a/src/manage_sql_secinfo.c +++ b/src/manage_sql_secinfo.c @@ -1590,7 +1590,9 @@ secinfo_count_after (const get_data_t *get, } if (get_modified) - extra_where = g_strdup_printf (" AND modification_time > %ld", + extra_where = g_strdup_printf (" AND modification_time > %ld" + " AND creation_time <= %ld", + count_time, count_time); else extra_where = g_strdup_printf (" AND creation_time > %ld",