Fix: Set the right status when a scan fails because an invalid host l…

…ist (#1657) * Fix: Return with EXIT_FAILURE if the scan fails for any reason. E.g. Invalid target list * Fix: override scan status if the process exit code is not 0
greenbone · Jun 24, 2024 · f6d5f2c · f6d5f2c
1 parent fe205b2
commit f6d5f2c
Show file tree

Hide file tree

Showing 4 changed files with 40 additions and 11 deletions.
diff --git a/rust/openvas/src/openvas.rs b/rust/openvas/src/openvas.rs
@@ -359,7 +359,7 @@ impl ScanResultFetcher for Scanner {
                     host_info: Some(hosts_info),
                 };
 
-                let scan_res = ScanResults {
+                let mut scan_res = ScanResults {
                     id: scan_id.to_string(),
                     status: st,
                     results: all_results
@@ -369,14 +369,23 @@ impl ScanResultFetcher for Scanner {
                         .collect(),
                 };
 
-                // If the scan finished, release
+                // If the scan finished, release. Openvas "finished" status is translated todo
+                // Succeeded. It is necessary to read the exit code to know if it failed.
                 if status == Phase::Succeeded {
                     let mut scan = match self.remove_running(scan_id) {
                         Some(scan) => scan.0,
                         None => return Err(OpenvasError::ScanNotFound(scan_id.to_string()).into()),
                     };
 
-                    scan.wait().map_err(OpenvasError::CmdError)?;
+                    // Read openvas scanner exit code and if failed, reset the status to Failed.
+                    let exit_status = scan.wait().map_err(OpenvasError::CmdError)?;
+                    if let Some(code) = exit_status.code() {
+                        if code != 0 {
+                            scan_res.status.status = Phase::Failed;
+                            scan_res.status.start_time = scan_res.status.end_time;
+                            scan_res.status.host_info = None;
+                        }
+                    }
 
                     redis_help
                         .release()

diff --git a/src/attack.c b/src/attack.c
@@ -1162,8 +1162,9 @@ scan_stop_cleanup ()
 
 /**
  * @brief Attack a whole network.
+ * return 0 on successes, -1 if there was a critical error.
  */
-void
+int
 attack_network (struct scan_globals *globals)
 {
   int max_hosts = 0, max_checks;
@@ -1179,6 +1180,7 @@ attack_network (struct scan_globals *globals)
   kb_t arg_host_kb, main_kb;
   GSList *unresolved;
   char buf[96];
+  int error = 0;
 
   check_deprecated_prefs ();
 
@@ -1191,13 +1193,16 @@ attack_network (struct scan_globals *globals)
   gettimeofday (&then, NULL);
 
   if (check_kb_access ())
-    return;
-
+    {
+      error = -1;
+      return error;
+    }
   /* Init and check Target List */
   hostlist = prefs_get ("TARGET");
   if (hostlist == NULL)
     {
-      return;
+      error = -1;
+      return error;
     }
 
   /* Verify the port range is a valid one */
@@ -1213,7 +1218,8 @@ attack_network (struct scan_globals *globals)
                  "Scan terminated.");
       set_scan_status ("finished");
 
-      return;
+      error = -1;
+      return error;
     }
 
   /* Initialize the attack. */
@@ -1224,7 +1230,9 @@ attack_network (struct scan_globals *globals)
   if (!sched)
     {
       g_message ("Couldn't initialize the plugin scheduler");
-      return;
+
+      error = -1;
+      return error;
     }
 
   if (plugins_init_error > 0)
@@ -1256,6 +1264,8 @@ attack_network (struct scan_globals *globals)
                          "HOSTS_COUNT");
       kb_lnk_reset (main_kb);
       g_warning ("Invalid target list. Scan terminated.");
+
+      error = -1;
       goto stop;
     }
 
@@ -1300,6 +1310,7 @@ attack_network (struct scan_globals *globals)
   host = gvm_hosts_next (hosts);
   if (host == NULL)
     goto stop;
+
   hosts_init (max_hosts);
 
   g_message ("Vulnerability scan %s started: Target has %d hosts: "
@@ -1555,4 +1566,6 @@ attack_network (struct scan_globals *globals)
     gvm_hosts_free (alive_hosts_list);
 
   set_scan_status ("finished");
+
+  return error;
 }
diff --git a/src/attack.h b/src/attack.h
@@ -17,7 +17,7 @@
 
 #include <gvm/util/kb.h>
 
-void
+int
 attack_network (struct scan_globals *);
 
 #endif
diff --git a/src/openvas.c b/src/openvas.c
@@ -625,6 +625,7 @@ openvas (int argc, char *argv[], char *env[])
   /* openvas --scan-start */
   if (scan_id)
     {
+      int attack_error = 0;
       struct scan_globals *globals;
       set_scan_id (g_strdup (scan_id));
       globals = g_malloc0 (sizeof (struct scan_globals));
@@ -635,13 +636,19 @@ openvas (int argc, char *argv[], char *env[])
           destroy_scan_globals (globals);
           return EXIT_FAILURE;
         }
-      attack_network (globals);
+      attack_error = attack_network (globals);
 
       gvm_close_sentry ();
       destroy_scan_globals (globals);
 #ifdef LOG_REFERENCES_AVAILABLE
       free_log_reference ();
 #endif // LOG_REFERENCES_AVAILABLE
+
+      if (attack_error)
+        {
+          g_warning ("Scan ending with FAILURE status");
+          return EXIT_FAILURE;
+        }
       return EXIT_SUCCESS;
     }