Merge branch 'main' into fix-nvt-indexes

greenbone · Jul 23, 2024 · ca06a8c · ca06a8c
2 parents 4e1254b + 77cfcbd
commit ca06a8c
Show file tree

Hide file tree

Showing 10 changed files with 569 additions and 77 deletions.
diff --git a/.github/workflows/build-container.yml b/.github/workflows/build-container.yml
@@ -52,7 +52,7 @@ jobs:
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
       - name: Build and push
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
         with:
           context: .
           push: true

diff --git a/.github/workflows/container.yml b/.github/workflows/container.yml
@@ -75,7 +75,7 @@ jobs:
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
       - name: Build and push Container image
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
         with:
           context: .
           push: ${{ github.event_name != 'pull_request' && (github.ref_type == 'tag' || github.ref_name == 'main') }}

diff --git a/src/gmp.c b/src/gmp.c
@@ -9108,6 +9108,42 @@ results_xml_append_cert (GString *buffer, iterator_t *results, const char *oid,
     }
 }
 
+/**
+ * @brief Append an EPSS info element to a results XML buffer.
+ *
+ * @param[in]  results  Results iterator.
+ * @param[in]  buffer   XML buffer to add to.
+ */
+static void
+results_xml_append_epss (iterator_t *results, GString *buffer)
+{
+  buffer_xml_append_printf (buffer,
+                            "<epss>"
+                            "<max_severity>"
+                            "<score>%0.5f</score>"
+                            "<percentile>%0.5f</percentile>"
+                            "<cve id=\"%s\">"
+                            "<severity>%0.1f</severity>"
+                            "</cve>"
+                            "</max_severity>"
+                            "<max_epss>"
+                            "<score>%0.5f</score>"
+                            "<percentile>%0.5f</percentile>"
+                            "<cve id=\"%s\">"
+                            "<severity>%0.1f</severity>"
+                            "</cve>"
+                            "</max_epss>"
+                            "</epss>",
+                            result_iterator_epss_score (results),
+                            result_iterator_epss_percentile (results),
+                            result_iterator_epss_cve (results),
+                            result_iterator_epss_severity (results),
+                            result_iterator_max_epss_score (results),
+                            result_iterator_max_epss_percentile (results),
+                            result_iterator_max_epss_cve (results),
+                            result_iterator_max_epss_severity (results));
+}
+
 /**
  * @brief Append an NVT element to an XML buffer.
  *
@@ -9138,14 +9174,19 @@ results_xml_append_nvt (iterator_t *results, GString *buffer, int cert_loaded)
                                     "<severities score=\"%s\">"
                                     "</severities>"
                                     "<cpe id='%s'/>"
-                                    "<cve>%s</cve>"
-                                    "</nvt>",
+                                    "<cve>%s</cve>",
                                     oid,
                                     oid,
                                     severity ? severity : "",
                                     severity ? severity : "",
                                     result_iterator_port (results),
                                     oid);
+
+          if (result_iterator_epss_cve (results))
+            results_xml_append_epss (results, buffer);
+
+          buffer_xml_append_printf (buffer, "</nvt>");
+
           g_free (severity);
           return;
         }
@@ -9285,6 +9326,9 @@ results_xml_append_nvt (iterator_t *results, GString *buffer, int cert_loaded)
               buffer_xml_append_printf (buffer, "/>");
           }
 
+        if (result_iterator_epss_cve (results))
+          results_xml_append_epss (results, buffer);
+
         first = 1;
         xml_append_nvt_refs (buffer, result_iterator_nvt_oid (results),
                              &first);
@@ -11675,7 +11719,6 @@ handle_get_assets (gmp_parser_t *gmp_parser, GError **error)
       gchar *routes_xml;
 
       asset = get_iterator_resource (&assets);
-      /* Assets are currently always writable. */
       if (send_get_common ("asset", &get_assets_data->get, &assets,
                            gmp_parser->client_writer,
                            gmp_parser->client_writer_data,

diff --git a/src/manage.h b/src/manage.h
@@ -1522,6 +1522,30 @@ result_iterator_may_have_overrides (iterator_t*);
 int
 result_iterator_may_have_tickets (iterator_t*);
 
+double
+result_iterator_epss_score (iterator_t*);
+
+double
+result_iterator_epss_percentile (iterator_t*);
+
+const char*
+result_iterator_epss_cve (iterator_t*);
+
+double
+result_iterator_epss_severity (iterator_t*);
+
+double
+result_iterator_max_epss_score (iterator_t*);
+
+double
+result_iterator_max_epss_percentile (iterator_t*);
+
+const char*
+result_iterator_max_epss_cve (iterator_t*);
+
+double
+result_iterator_max_epss_severity (iterator_t*);
+
 gchar **
 result_iterator_cert_bunds (iterator_t*);
 

diff --git a/src/manage_pg.c b/src/manage_pg.c
@@ -1806,6 +1806,59 @@ create_view_vulns ()
          " WHERE uuid in (SELECT * FROM used_nvts)");
 }
 
+/**
+ * @brief Create or replace the result_vt_epss view.
+ */
+void
+create_view_result_vt_epss ()
+{
+  sql ("DROP MATERIALIZED VIEW IF EXISTS result_vt_epss;");
+
+  if (sql_int ("SELECT EXISTS (SELECT * FROM information_schema.tables"
+               "               WHERE table_catalog = '%s'"
+               "               AND table_schema = 'scap'"
+               "               AND table_name = 'cves')"
+               " ::integer;",
+               sql_database ()))
+    sql ("CREATE MATERIALIZED VIEW result_vt_epss AS ("
+         "  SELECT cve AS vt_id,"
+         "    epss AS epss_score,"
+         "    percentile AS epss_percentile,"
+         "    cve AS epss_cve,"
+         "    cves.severity AS epss_severity,"
+         "    epss AS max_epss_score,"
+         "    percentile AS max_epss_percentile,"
+         "    cve AS max_epss_cve,"
+         "    cves.severity AS max_epss_severity"
+         "  FROM scap.epss_scores"
+         "  JOIN scap.cves ON cve = cves.uuid"
+         "  UNION ALL"
+         "  SELECT oid AS vt_id,"
+         "    epss_score,"
+         "    epss_percentile,"
+         "    epss_cve,"
+         "    epss_severity,"
+         "    max_epss_score,"
+         "    max_epss_percentile,"
+         "    max_epss_cve,"
+         "    max_epss_severity"
+         "  FROM nvts);");
+  else
+    sql ("CREATE MATERIALIZED VIEW result_vt_epss AS ("
+         "  SELECT oid AS vt_id,"
+         "    epss_score,"
+         "    epss_percentile,"
+         "    epss_cve,"
+         "    max_epss_score,"
+         "    max_epss_percentile,"
+         "    max_epss_cve"
+         "  FROM nvts);");
+
+  sql ("SELECT create_index ('result_vt_epss_by_vt_id',"
+       "                     'result_vt_epss', 'vt_id');");
+
+}
+
 
 
 #undef VULNS_RESULTS_WHERE
@@ -3024,6 +3077,8 @@ create_tables ()
 
   create_view_vulns ();
 
+  create_view_result_vt_epss ();
+
   /* Create indexes. */
 
   sql ("SELECT create_index ('config_preferences_by_config',"