Fix SecInfo alert filter conditions (master)

CHANGELOG.md

@@ -71,6 +71,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 - Fix Verinice ISM report format and update version [#962](https://github.com/greenbone/gvmd/pull/962)
 - Always use details testing alerts with a report [#964](https://github.com/greenbone/gvmd/pull/964)
 - Remove extra XML declaration in Anonymous XML [#965](https://github.com/greenbone/gvmd/pull/965)
+- Fix SecInfo alert filter conditions [#971](https://github.com/greenbone/gvmd/pull/971)
 
 ### Removed
 - Remove support for "All SecInfo": removal of "allinfo" for type in get_info [#790](https://github.com/greenbone/gvmd/pull/790)

src/manage.c

@@ -1358,13 +1358,13 @@ alert_condition_description (alert_condition_t condition,
         return g_strdup ("Always");
       case ALERT_CONDITION_FILTER_COUNT_AT_LEAST:
         {
-          char *level;
+          char *count;
           gchar *ret;
 
-          level = alert_data (alert, "condition", "severity");
+          count = alert_data (alert, "condition", "count");
           ret = g_strdup_printf ("Filter count at least %s",
-                                 level ? level : "0");
-          free (level);
+                                 count ? count : "0");
+          free (count);
           return ret;
         }
       case ALERT_CONDITION_FILTER_COUNT_CHANGED:

src/manage.h

@@ -1971,6 +1971,9 @@ init_nvt_info_iterator (iterator_t*, get_data_t*, const char*);
 int
 nvt_info_count (const get_data_t *);
 
+int
+nvt_info_count_after (const get_data_t *, time_t, gboolean);
+
 void
 init_nvt_iterator (iterator_t*, nvt_t, config_t, const char*, const char*, int,
                    const char*);
@@ -3485,6 +3488,9 @@ nvt_dfn_cert_adv_iterator_name (iterator_t*);
 
 /* All SecInfo Data */
 
+int
+secinfo_count_after (const get_data_t *, const char *, time_t, gboolean);
+
 void
 init_ovaldi_file_iterator (iterator_t*);
 

src/manage_sql.c

@@ -11769,8 +11769,9 @@ email_secinfo (alert_t alert, task_t task, event_t event,
                const gchar *from_address)
 {
   gchar *alert_subject, *message, *subject, *example, *list, *type, *base64;
-  gchar *body;
-  char *notice, *recipient_credential_id;
+  gchar *term, *body;
+  char *notice, *recipient_credential_id, *condition_filter_id;
+  filter_t condition_filter;
   credential_t recipient_credential;
   int ret, count;
 
@@ -11824,10 +11825,25 @@ email_secinfo (alert_t alert, task_t task, event_t event,
                                   strlen (list));
     }
 
+  condition_filter = 0;
+  term = NULL;
+  condition_filter_id = alert_data (alert, "condition", "filter_id");
+  if (condition_filter_id)
+    {
+      gchar *quoted_filter_id;
+      quoted_filter_id = sql_quote (condition_filter_id);
+      sql_int64 (&condition_filter,
+                 "SELECT id FROM filters WHERE uuid = '%s'",
+                 quoted_filter_id);
+      term = filter_term (condition_filter_id);
+      g_free (quoted_filter_id);
+    }
+  free (condition_filter_id);
+
   if (message && strlen (message))
     body = alert_message_print (message, event, type,
                                 task, alert, condition,
-                                NULL, 0, NULL, NULL, NULL,
+                                NULL, condition_filter, term, NULL, NULL,
                                 list,
                                 list ? strlen (list) : 0,
                                 0, count, 0);
@@ -11845,6 +11861,7 @@ email_secinfo (alert_t alert, task_t task, event_t event,
       free (condition_desc);
     }
 
+  g_free (term);
   g_free (message);
   g_free (list);
 
@@ -14156,6 +14173,75 @@ event_applies (event_t event, const void *event_data,
     }
 }
 
+/**
+ * @brief Return the SecInfo count.
+ *
+ * @param[in]  alert      Alert.
+ * @param[in]  filter_id  Condition filter id.
+ *
+ * @return 1 if met, else 0.
+ */
+static time_t
+alert_secinfo_count (alert_t alert, char *filter_id)
+{
+  get_data_t get;
+  int db_count, uuid_was_null;
+  event_t event;
+  gboolean get_modified;
+  time_t feed_version_epoch;
+  char *secinfo_type;
+
+  event = alert_event (alert);
+  get_modified = (event == EVENT_UPDATED_SECINFO);
+
+  if (current_credentials.uuid == NULL)
+    {
+      current_credentials.uuid = alert_owner_uuid (alert);
+      uuid_was_null = 1;
+    }
+  else
+    uuid_was_null = 0;
+
+  memset (&get, '\0', sizeof (get));
+  if (filter_id && strlen (filter_id) && strcmp (filter_id, "0"))
+    get.filt_id = filter_id;
+
+  secinfo_type = alert_data (alert, "event", "secinfo_type");
+
+  if (strcmp (secinfo_type, "nvt") == 0)
+    {
+      feed_version_epoch = nvts_feed_version_epoch ();
+      db_count = nvt_info_count_after (&get,
+                                       feed_version_epoch,
+                                       get_modified);
+    }
+  else if (strcmp (secinfo_type, "cert_bund_adv") == 0
+           || strcmp (secinfo_type, "dfn_cert_adv") == 0)
+    {
+      feed_version_epoch = cert_check_time ();
+      db_count = secinfo_count_after (&get,
+                                      secinfo_type,
+                                      feed_version_epoch,
+                                      get_modified);
+    }
+  else // assume SCAP data
+    {
+      feed_version_epoch = scap_check_time ();
+      db_count = secinfo_count_after (&get,
+                                      secinfo_type,
+                                      feed_version_epoch,
+                                      get_modified);
+    }
+
+  if (uuid_was_null)
+    {
+      free (current_credentials.uuid);
+      current_credentials.uuid = NULL;
+    }
+
+  return db_count;
+}
+
 /**
  * @brief Return whether the condition of an alert is met by a task.
  *
@@ -14198,28 +14284,12 @@ condition_met (task_t task, report_t report, alert_t alert,
 
           if (task == 0)
             {
-              get_data_t get;
-              int db_count, uuid_was_null;
+              int db_count;
 
-              /* NVT event. */
+              /* SecInfo event. */
 
-              if (current_credentials.uuid == NULL)
-                {
-                  current_credentials.uuid = alert_owner_uuid (alert);
-                  uuid_was_null = 1;
-                }
-              else
-                uuid_was_null = 0;
-
-              memset (&get, '\0', sizeof (get));
-              if (filter_id && strlen (filter_id) && strcmp (filter_id, "0"))
-                get.filt_id = filter_id;
-              db_count = nvt_info_count (&get);
-              if (uuid_was_null)
-                {
-                  free (current_credentials.uuid);
-                  current_credentials.uuid = NULL;
-                }
+              db_count = alert_secinfo_count (alert, filter_id);
+
               if (db_count >= count)
                 return 1;
               break;
@@ -33240,13 +33310,17 @@ new_nvts_list (event_t event, const void* event_data, alert_t alert,
   else if (event == EVENT_NEW_SECINFO)
     init_iterator (&rows,
                    "SELECT oid, name, solution_type, cvss_base, qod FROM nvts"
-                   " WHERE creation_time > %d"
-                   " ORDER BY creation_time DESC;", (int)feed_version_epoch);
+                   " WHERE creation_time > %ld"
+                   " ORDER BY creation_time DESC;",
+                   feed_version_epoch);
   else
     init_iterator (&rows,
                    "SELECT oid, name, solution_type, cvss_base, qod FROM nvts"
-                   " WHERE modification_time > %d"
-                   " ORDER BY modification_time DESC;", (int)feed_version_epoch);
+                   " WHERE modification_time > %ld"
+                   "   AND creation_time <= %ld"
+                   " ORDER BY modification_time DESC;",
+                   feed_version_epoch,
+                   feed_version_epoch);
 
   while (next (&rows))
     {

src/manage_sql_nvts.c

@@ -443,6 +443,40 @@ nvt_info_count (const get_data_t *get)
                 FALSE);
 }
 
+/**
+ * @brief Count number of nvts created or modified after a given time.
+ *
+ * @param[in]  get            GET params.
+ * @param[in]  count_time     Time NVTs must be created or modified after.
+ * @param[in]  get_modified   Whether to get the modification time.
+ *
+ * @return Total number of nvts in filtered set.
+ */
+int
+nvt_info_count_after (const get_data_t *get, time_t count_time,
+                      gboolean get_modified)
+{
+  static const char *filter_columns[] = NVT_INFO_ITERATOR_FILTER_COLUMNS;
+  static column_t columns[] = NVT_ITERATOR_COLUMNS;
+  gchar *extra_where;
+  int ret;
+
+  if (get_modified)
+    extra_where = g_strdup_printf (" AND modification_time > %ld"
+                                   " AND creation_time <= %ld",
+                                   count_time,
+                                   count_time);
+  else
+    extra_where = g_strdup_printf (" AND creation_time > %ld",
+                                   count_time);
+
+  ret = count ("nvt", get, columns, NULL, filter_columns, 0, 0, extra_where,
+               FALSE);
+
+  g_free (extra_where);
+  return ret;
+}
+
 /**
  * @brief Return SQL for selecting NVT's of a config from one family.
  *