diff --git a/src/manage_pg.c b/src/manage_pg.c index a393355c3..a72f83137 100644 --- a/src/manage_pg.c +++ b/src/manage_pg.c @@ -2499,6 +2499,15 @@ create_tables () " ref_id text NOT NULL," " ref_text text);"); + sql ("CREATE TABLE IF NOT EXISTS vt_severities" + " (id SERIAL PRIMARY KEY," + " vt_oid text NOT NULL," + " type text NOT NULL," + " origin text," + " date integer," + " score integer," + " value text);"); + sql ("CREATE TABLE IF NOT EXISTS nvt_preferences" " (id SERIAL PRIMARY KEY," " name text UNIQUE NOT NULL," @@ -2810,6 +2819,8 @@ create_tables () sql ("SELECT create_index ('vt_refs_by_vt_oid'," " 'vt_refs', 'vt_oid');"); + sql ("SELECT create_index ('vt_severities_by_vt_oid'," + " 'vt_severities', 'vt_oid');"); #if 0 /* TODO The value column can be bigger than 8191, the maximum size that diff --git a/src/manage_sql.c b/src/manage_sql.c index 62faff074..26c940a38 100644 --- a/src/manage_sql.c +++ b/src/manage_sql.c @@ -21277,12 +21277,6 @@ where_qod (int min_qod) return qod_sql; } -/** - * @brief SQL for retrieving CVSS base. - */ -#define CVSS_BASE_SQL \ - "(SELECT cvss_base FROM nvts WHERE nvts.oid = results.nvt)" - /** * @brief Filter columns for result iterator. */ diff --git a/src/manage_sql_nvts.c b/src/manage_sql_nvts.c index 26907729c..a541d77f4 100644 --- a/src/manage_sql_nvts.c +++ b/src/manage_sql_nvts.c @@ -1,4 +1,4 @@ -/* Copyright (C) 2009-2019 Greenbone Networks GmbH +/* Copyright (C) 2009-2020 Greenbone Networks GmbH * * SPDX-License-Identifier: AGPL-3.0-or-later * @@ -341,6 +341,29 @@ insert_nvt (const nvti_t *nvti) g_free (quoted_text); } + sql ("DELETE FROM vt_severities where vt_oid = '%s';", nvti_oid (nvti)); + + for (i = 0; i < nvti_vtseverities_len (nvti); i++) + { + vtseverity_t *severity; + gchar *quoted_origin, *quoted_value; + + severity = nvti_vtseverity (nvti, i); + quoted_origin = sql_quote (vtseverity_origin (severity) ? + vtseverity_origin (severity) : ""); + quoted_value = sql_quote (vtseverity_value (severity) ? + vtseverity_value (severity) : ""); + + sql ("INSERT into vt_severities (vt_oid, type, origin, date, score, value)" + " VALUES ('%s', '%s', '%s', %i, %i, '%s');", + nvti_oid (nvti), vtseverity_type (severity), + quoted_origin, vtseverity_date (severity), + vtseverity_score (severity), quoted_value); + + g_free (quoted_origin); + g_free (quoted_value); + } + g_free (quoted_name); g_free (quoted_summary); g_free (quoted_insight); @@ -1207,7 +1230,7 @@ nvti_from_vt (entity_t vt) entity_t name, summary, insight, affected, impact, detection, solution; entity_t creation_time, modification_time; entity_t refs, ref, custom, family, category; - entity_t severities; + entity_t severities, severity; entities_t children; @@ -1287,6 +1310,66 @@ nvti_from_vt (entity_t vt) nvti_set_solution_method (nvti, method); } + severities = entity_child (vt, "severities"); + if (severities == NULL) + { + g_warning ("%s: VT missing SEVERITIES", __func__); + nvti_free (nvti); + return NULL; + } + + children = severities->entities; + while ((severity = first_entity (children))) + { + const gchar *severity_type; + + severity_type = entity_attribute (severity, "type"); + + if (severity_type == NULL) + { + GString *debug = g_string_new (""); + g_warning ("%s: SEVERITY missing type attribute", __func__); + print_entity_to_string (severity, debug); + g_warning ("%s: severity: %s", __func__, debug->str); + g_string_free (debug, TRUE); + } + else + { + entity_t value; + + value = entity_child (severity, "value"); + + if (!value) + { + GString *debug = g_string_new (""); + g_warning ("%s: SEVERITY missing value element", __func__); + print_entity_to_string (severity, debug); + g_warning ("%s: severity: %s", __func__, debug->str); + g_string_free (debug, TRUE); + } + else + { + gchar * cvss_base; + + nvti_add_vtseverity (nvti, + vtseverity_new (severity_type, + NULL /* origin */, + nvti_modification_time (nvti), + get_cvss_score_from_base_metrics (entity_text (value)) * 10, + entity_text (value))); + + nvti_add_tag (nvti, "cvss_base_vector", entity_text (value)); + + cvss_base = g_strdup_printf ("%.1f", + get_cvss_score_from_base_metrics (entity_text (value))); + nvti_set_cvss_base (nvti, cvss_base); + g_free (cvss_base); + } + } + + children = next_entities (children); + } + refs = entity_child (vt, "refs"); if (refs) { @@ -1327,33 +1410,6 @@ nvti_from_vt (entity_t vt) } } - severities = entity_child (vt, "severities"); - if (severities) - { - entity_t severity; - - severity = entity_child (severities, "severity"); - if (severity - && entity_attribute (severity, "type") - && (strcmp (entity_attribute (severity, "type"), - "cvss_base_v2") - == 0)) - { - gchar * cvss_base; - - nvti_add_tag (nvti, "cvss_base_vector", entity_text (severity)); - - cvss_base = g_strdup_printf ("%.1f", - get_cvss_score_from_base_metrics (entity_text (severity))); - nvti_set_cvss_base (nvti, cvss_base); - g_free (cvss_base); - } - else - g_warning ("%s: no severity", __func__); - } - else - g_warning ("%s: no severities", __func__); - custom = entity_child (vt, "custom"); if (custom == NULL) {