From 423557d80c075b099d151bd6bcb3adf7b3deacf2 Mon Sep 17 00:00:00 2001
From: Juan Jose Nicola <juan.nicola@greenbone.net>
Date: Thu, 18 Oct 2018 09:33:03 -0400
Subject: [PATCH 1/2] Improve the vt selection element in <start_scan>. Rename
 element in start_scan from vts to vt_selection. Rename vt to vt_single.
 Rename vt_param to vt_value. Remove the type attribute. Update documentation.

---
 doc/OSP.xml  | 49 ++++++++++++++++++++------------------------
 ospd/ospd.py | 57 ++++++++++++++++++++++++++--------------------------
 2 files changed, 51 insertions(+), 55 deletions(-)

diff --git a/doc/OSP.xml b/doc/OSP.xml
index ba4e0e90..88064c89 100644
--- a/doc/OSP.xml
+++ b/doc/OSP.xml
@@ -196,14 +196,14 @@ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
   </element>
 
   <element>
-    <name>vts</name>
+    <name>vt_selection</name>
     <summary>Contanins elements that represent Vulnerability Test or a collection of Vulnerability Test to be excecute and their parameters.</summary>
     <pattern>
-      <o><e>vt</e></o>
-      <any><e>vtgroup</e></any>
+      <o><e>vt_single</e></o>
+      <any><e>vt_group</e></any>
     </pattern>
     <ele>
-      <name>vt</name>
+      <name>vt_single</name>
       <summary>Elements that represent Vulnerability Test.</summary>
       <pattern>
         <attrib>
@@ -212,19 +212,14 @@ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
           <type>vt_id</type>
           <required>1</required>
         </attrib>
-        <e>vt_param</e>
+        <e>vt_value</e>
       </pattern>
       <ele>
-        <name>vt_param</name>
+        <name>vt_value</name>
         <summary>Vulnerability Test parameter.</summary>
           <pattern>
             <attrib>
-              <name>name</name>
-              <type>string</type>
-              <required>1</required>
-            </attrib>
-            <attrib>
-              <name>type</name>
+              <name>id</name>
               <type>string</type>
               <required>1</required>
             </attrib>
@@ -233,7 +228,7 @@ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
       </ele>
     </ele>
     <ele>
-      <name>vtgroup</name>
+      <name>vt_group</name>
       <summary>Collection of Vulnerability Test</summary>
       <pattern>
         <attrib>
@@ -246,16 +241,16 @@ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
     <example>
       <summary>VT with parameters and VT group </summary>
       <e>
-        <vts>
-          <vt id='1.3.6.1.4.1.25623.1.0.10662'>
-            <vt_param name='XYZ JKL' type='entry'>200</vt_param>
-            <vt_param name='ABC' type='checkbox'>yes</vt_param>
-          </vt>
-          <vt id='1.3.6.1.4.1.25623.1.0.10330'></vt>
-          <vt id='1.3.6.1.4.1.25623.1.0.100034'></vt>
-          <vtgroup filter='family=general'/>
-          <vtgroup filter='family=debian'/>
-        </vts>
+        <vt_selection>
+          <vt_single id='1.3.6.1.4.1.25623.1.0.10662'>
+            <vt_value id='XYZ JKL'>200</vt_value>
+            <vt_value id='ABC'>yes</vt_value>
+          </vt_single>
+          <vt_single id='1.3.6.1.4.1.25623.1.0.10330'></vt_single>
+          <vt_single id='1.3.6.1.4.1.25623.1.0.100034'></vt_single>
+          <vt_group filter='family=general'/>
+          <vt_group filter='family=debian'/>
+        </vt_selection>
       </e>
     </example>
   </element>
@@ -854,7 +849,7 @@ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
         <type>integer</type>
       </attrib>
       <e>scanner_params</e>
-      <e>vts</e>
+      <e>vt_selection</e>
       <e>targets</e>
     </pattern>
     <ele>
@@ -862,7 +857,7 @@ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
       <summary>Contains elements that represent scanner specific parameters</summary>
     </ele>
     <ele>
-      <name>vts</name>
+      <name>vt_selection</name>
       <summary>Contanins elements that represent Vulnerability Test or a collection of Vulnerability Test to be excecute and their parameters</summary>
     </ele>
     <ele>
@@ -912,9 +907,9 @@ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
           <scanner_params>
             ...
           </scanner_params>
-          <vts>
+          <vt_selection>
             ....
-          </vts>
+          </vt_selection>
           <targets>
             <target>
               ...
diff --git a/ospd/ospd.py b/ospd/ospd.py
index aa514e07..2e695617 100644
--- a/ospd/ospd.py
+++ b/ospd/ospd.py
@@ -398,44 +398,43 @@ def process_vts_params(self, scanner_vts):
                 id attribute. Optinal parameters can be included
                 as vt child.
                 Example form:
-                <vts>
-                  <vt id='vt1' />
-                  <vt id='vt2'>
-                    <vt_param name='param1' type='type'>value</vt_param>
-                  </vt>
-                  <vtgroup filter='family = debian'/>
-                  <vtgroup filter='family = general'/>
-                <vts>
+                <vt_selection>
+                  <vt_single id='vt1' />
+                  <vt_single id='vt2'>
+                    <vt_value id='param1'>value</vt_value>
+                  </vt_single>
+                  <vt_group filter='family=debian'/>
+                  <vt_group filter='family=general'/>
+                </vt_selection>
 
         @return: Dictionary containing the vts attribute and subelements,
                  like the VT's id and VT's parameters.
                  Example form:
-                 {'v1',
-                  'vt2': {param1: {'type': type', 'value': value}},
-                  'vtgroups': ['family = debian', 'family = general']}
+                 {'vt1': {},
+                  'vt2': {'value_id': 'value'},
+                  'vt_groups': ['family=debian', 'family=general']}
         """
-        vts = {}
+        vt_selection = {}
         filters = list()
         for vt in scanner_vts:
-            if vt.tag == 'vt':
+            if vt.tag == 'vt_single':
                 vt_id = vt.attrib.get('id')
-                vts[vt_id] = {}
-                for param in vt:
-                    if not param.attrib.get('name'):
-                        raise OSPDError('Invalid VT parameter. No parameter name',
+                vt_selection[vt_id] = {}
+                for vt_value in vt:
+                    if not vt_value.attrib.get('id'):
+                        raise OSPDError('Invalid VT preference. No attribute id',
                                         'start_scan')
-                    ptype = param.attrib.get('type', 'entry')
-                    pvalue = param.text if param.text else ''
-                    pname = param.attrib.get('name')
-                    vts[vt_id][pname] = {'type': ptype, 'value': pvalue}
-            if vt.tag == 'vtgroup':
+                    vt_value_id = vt_value.attrib.get('id')
+                    vt_value_value = vt_value.text if vt_value.text else ''
+                    vt_selection[vt_id][vt_value_id] = vt_value_value
+            if vt.tag == 'vt_group':
                 vts_filter = vt.attrib.get('filter', None)
                 if vts_filter is None:
                     raise OSPDError('Invalid VT group. No filter given.',
                                     'start_scan')
                 filters.append(vts_filter)
-        vts['vtgroups'] = filters
-        return vts
+        vt_selection['vt_groups'] = filters
+        return vt_selection
 
     @staticmethod
     def process_credentials_elements(cred_tree):
@@ -580,13 +579,13 @@ def handle_start_scan_command(self, scan_et):
         params = self._preprocess_scan_params(scanner_params)
 
         # VTS is an optional element. If present should not be empty.
-        vts = {}
-        scanner_vts = scan_et.find('vts')
+        vt_selection = {}
+        scanner_vts = scan_et.find('vt_selection')
         if scanner_vts is not None:
             if not scanner_vts:
                 raise OSPDError('VTs list is empty', 'start_scan')
             else:
-                vts = self.process_vts_params(scanner_vts)
+                vt_selection = self.process_vts_params(scanner_vts)
 
         # Dry run case.
         if 'dry_run' in params and int(params['dry_run']):
@@ -596,7 +595,9 @@ def handle_start_scan_command(self, scan_et):
             scan_func = self.start_scan
             scan_params = self.process_scan_params(params)
 
-        scan_id = self.create_scan(scan_id, scan_targets, target_str, scan_params, vts)
+        scan_id = self.create_scan(scan_id, scan_targets,
+                                   target_str, scan_params,
+                                   vt_selection)
         scan_process = multiprocessing.Process(target=scan_func,
                                                args=(scan_id,
                                                      scan_targets,

From 86197b9fad00cf20c1fae255764f7f6b10b8e3d1 Mon Sep 17 00:00:00 2001
From: Juan Jose Nicola <juan.nicola@greenbone.net>
Date: Fri, 19 Oct 2018 07:31:45 -0400
Subject: [PATCH 2/2] Fix unit tests for vt_selection changes.

---
 tests/testScanAndResult.py | 36 ++++++++++++++++++------------------
 1 file changed, 18 insertions(+), 18 deletions(-)

diff --git a/tests/testScanAndResult.py b/tests/testScanAndResult.py
index ede1b842..65a5b7d2 100644
--- a/tests/testScanAndResult.py
+++ b/tests/testScanAndResult.py
@@ -252,7 +252,7 @@ def testScanWithVTs(self):
         daemon = DummyWrapper([])
         cmd = secET.fromstring('<start_scan ' +
                                'target="localhost" ports="80, 443">' +
-                               '<scanner_params /><vts /></start_scan>')
+                               '<scanner_params /><vt_selection /></start_scan>')
         print(ET.tostring(cmd))
         self.assertRaises(OSPDError, daemon.handle_start_scan_command, cmd)
 
@@ -260,12 +260,12 @@ def testScanWithVTs(self):
         response = secET.fromstring(
             daemon.handle_command('<start_scan ' +
                                   'target="localhost" ports="80, 443">' +
-                                  '<scanner_params /><vts><vt id="1.2.3.4" />' +
-                                  '</vts></start_scan>'))
+                                  '<scanner_params /><vt_selection><vt_single id="1.2.3.4" />' +
+                                  '</vt_selection></start_scan>'))
         print(ET.tostring(response))
         scan_id = response.findtext('id')
         time.sleep(0.01)
-        self.assertEqual(daemon.get_scan_vts(scan_id), {'1.2.3.4': {}, 'vtgroups': []})
+        self.assertEqual(daemon.get_scan_vts(scan_id), {'1.2.3.4': {}, 'vt_groups': []})
         self.assertNotEqual(daemon.get_scan_vts(scan_id), {'1.2.3.6': {}})
 
         # With out VTS
@@ -281,12 +281,12 @@ def testScanWithVTs(self):
     def testScanWithVTs_and_param(self):
         daemon = DummyWrapper([])
 
-        # Raise because no vt_param name attribute
+        # Raise because no vt_param id attribute
         cmd = secET.fromstring('<start_scan ' +
                                'target="localhost" ports="80, 443">' +
-                               '<scanner_params /><vts><vt id="1234">' +
-                               '<vt_param type="entry">200</vt_param>' +
-                               '</vt></vts></start_scan>')
+                               '<scanner_params /><vt_selection><vt_single id="1234">' +
+                               '<vt_value>200</vt_value>' +
+                               '</vt_single></vt_selection></start_scan>')
         print(ET.tostring(cmd))
         self.assertRaises(OSPDError, daemon.handle_start_scan_command, cmd)
 
@@ -294,21 +294,21 @@ def testScanWithVTs_and_param(self):
         response = secET.fromstring(
             daemon.handle_command('<start_scan ' +
                                   'target="localhost" ports="80, 443">' +
-                                  '<scanner_params /><vts><vt id="1234">' +
-                                  '<vt_param name="ABC" type="entry">200' +
-                                  '</vt_param></vt></vts></start_scan>'))
+                                  '<scanner_params /><vt_selection><vt_single id="1234">' +
+                                  '<vt_value id="ABC">200' +
+                                  '</vt_value></vt_single></vt_selection></start_scan>'))
         print(ET.tostring(response))
         scan_id = response.findtext('id')
         time.sleep(0.01)
         self.assertEqual(daemon.get_scan_vts(scan_id),
-                         {'1234': {'ABC': {'type': 'entry', 'value': '200'}}, 'vtgroups': []})
+                         {'1234': {'ABC': '200'}, 'vt_groups': []})
 
 
         # Raise because no vtgroup filter attribute
         cmd = secET.fromstring('<start_scan ' +
                                'target="localhost" ports="80, 443">' +
-                               '<scanner_params /><vts><vtgroup/>' +
-                               '</vts></start_scan>')
+                               '<scanner_params /><vt_selection><vt_group/>' +
+                               '</vt_selection></start_scan>')
         print(ET.tostring(cmd))
         self.assertRaises(OSPDError, daemon.handle_start_scan_command, cmd)
 
@@ -316,14 +316,14 @@ def testScanWithVTs_and_param(self):
         response = secET.fromstring(
             daemon.handle_command('<start_scan ' +
                                   'target="localhost" ports="80, 443">' +
-                                  '<scanner_params /><vts>' +
-                                  '<vtgroup filter="a"/>' +
-                                  '</vts></start_scan>'))
+                                  '<scanner_params /><vt_selection>' +
+                                  '<vt_group filter="a"/>' +
+                                  '</vt_selection></start_scan>'))
         print(ET.tostring(response))
         scan_id = response.findtext('id')
         time.sleep(0.01)
         self.assertEqual(daemon.get_scan_vts(scan_id),
-                         {'vtgroups': ['a']})
+                         {'vt_groups': ['a']})
 
 
     def testBillonLaughs(self):