Skip to content

Commit

Permalink
Add: Added functions for the new CPE matching in CVE scans.
Browse files Browse the repository at this point in the history
  • Loading branch information
@jhelmold
jhelmold committed Sep 19, 2024
1 parent e971514 commit a041b8b
Show file tree
Hide file tree
Showing 4 changed files with 206 additions and 79 deletions.
4 changes: 2 additions & 2 deletions CMakeLists.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -230,8 +230,8 @@ if (BUILD_TESTS AND NOT SKIP_SRC)
add_custom_target (tests
DEPENDS array-test alivedetection-test boreas_error-test boreas_io-test
cli-test cpeutils-test cvss-test ping-test sniffer-test util-test networking-test
passwordbasedauthentication-test xmlutils-test version-test osp-test
versionutils-test nvti-test hosts-test jsonpull-test)
passwordbasedauthentication-test xmlutils-test version-test versionutils-test
osp-test nvti-test hosts-test jsonpull-test)

endif (BUILD_TESTS AND NOT SKIP_SRC)

Expand Down
28 changes: 14 additions & 14 deletions util/CMakeLists.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -114,11 +114,11 @@ include_directories (${GLIB_INCLUDE_DIRS} ${GPGME_INCLUDE_DIRS} ${GCRYPT_INCLUDE

set (FILES cpeutils.c passwordbasedauthentication.c compressutils.c fileutils.c gpgmeutils.c kb.c ldaputils.c
nvticache.c mqtt.c radiusutils.c serverutils.c sshutils.c uuidutils.c versionutils.c
xmlutils.c jsonpull.c)
xmlutils.c)

set (HEADERS cpeutils.h passwordbasedauthentication.h authutils.h compressutils.h fileutils.h gpgmeutils.h kb.h
ldaputils.h nvticache.h mqtt.h radiusutils.h serverutils.h sshutils.h
uuidutils.h xmlutils.h jsonpull.h versionutils.h)
uuidutils.h versionutils.h xmlutils.h)

if (BUILD_STATIC)
add_library (gvm_util_static STATIC ${FILES})
Expand Down Expand Up @@ -190,10 +190,10 @@ if (BUILD_TESTS)

target_link_libraries (cpeutils-test ${CGREEN_LIBRARIES}
${GLIB_LDFLAGS} ${GIO_LDFLAGS} ${GPGME_LDFLAGS} ${ZLIB_LDFLAGS}
${RADIUS_LDFLAGS} ${LIBSSH_LDFLAGS} ${GNUTLS_LDFLAGS}
${GCRYPT_LDFLAGS} ${LDAP_LDFLAGS} ${REDIS_LDFLAGS}
${LIBXML2_LDFLAGS} ${UUID_LDFLAGS}
${LINKER_HARDENING_FLAGS})
${RADIUS_LDFLAGS} ${LIBSSH_LDFLAGS} ${GNUTLS_LDFLAGS}
${GCRYPT_LDFLAGS} ${LDAP_LDFLAGS} ${REDIS_LDFLAGS}
${LIBXML2_LDFLAGS} ${UUID_LDFLAGS}
${LINKER_HARDENING_FLAGS})

add_custom_target (tests-cpeutils
DEPENDS cpeutils-test)
Expand All @@ -208,10 +208,10 @@ if (BUILD_TESTS)

target_link_libraries (versionutils-test ${CGREEN_LIBRARIES}
${GLIB_LDFLAGS} ${GIO_LDFLAGS} ${GPGME_LDFLAGS} ${ZLIB_LDFLAGS}
${RADIUS_LDFLAGS} ${LIBSSH_LDFLAGS} ${GNUTLS_LDFLAGS}
${GCRYPT_LDFLAGS} ${LDAP_LDFLAGS} ${REDIS_LDFLAGS}
${LIBXML2_LDFLAGS} ${UUID_LDFLAGS}
${LINKER_HARDENING_FLAGS})
${RADIUS_LDFLAGS} ${LIBSSH_LDFLAGS} ${GNUTLS_LDFLAGS}
${GCRYPT_LDFLAGS} ${LDAP_LDFLAGS} ${REDIS_LDFLAGS}
${LIBXML2_LDFLAGS} ${UUID_LDFLAGS}
${LINKER_HARDENING_FLAGS})

add_custom_target (tests-versionutils
DEPENDS versionutils-test)
Expand All @@ -226,10 +226,10 @@ if (BUILD_TESTS)

target_link_libraries (xmlutils-test ${CGREEN_LIBRARIES}
${GLIB_LDFLAGS} ${GIO_LDFLAGS} ${GPGME_LDFLAGS} ${ZLIB_LDFLAGS}
${RADIUS_LDFLAGS} ${LIBSSH_LDFLAGS} ${GNUTLS_LDFLAGS}
${GCRYPT_LDFLAGS} ${LDAP_LDFLAGS} ${REDIS_LDFLAGS}
${LIBXML2_LDFLAGS} ${UUID_LDFLAGS}
${LINKER_HARDENING_FLAGS})
${RADIUS_LDFLAGS} ${LIBSSH_LDFLAGS} ${GNUTLS_LDFLAGS}
${GCRYPT_LDFLAGS} ${LDAP_LDFLAGS} ${REDIS_LDFLAGS}
${LIBXML2_LDFLAGS} ${UUID_LDFLAGS}
${LINKER_HARDENING_FLAGS})

add_custom_target (tests-xmlutils
DEPENDS xmlutils-test)
Expand Down
177 changes: 177 additions & 0 deletions util/cpeutils.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,69 @@
*/
#define G_LOG_DOMAIN "libgvm util"

static enum set_relation
compare_component (const char *, const char *);

static enum set_relation
compare_strings (const char *, const char *);

static int
count_escapes (const char *, int, int);

static gboolean
is_even_wildcards (const char *, int);

static gboolean
has_wildcards (const char *);

static int
index_of (const char *, const char *, int);

static gboolean
is_string (const char *);

static char *
get_uri_component (const char *, int);

static char *
decode_uri_component (const char *);

static void
unpack_sixth_uri_component (const char *, cpe_struct_t *);

static char *
get_fs_component (const char *, int);

static char *
unbind_fs_component (char *);

static char *
add_quoting (const char *);

static char *
bind_cpe_component_for_uri (const char *);

static char *
transform_for_uri (const char *);

static char *
pack_sixth_uri_component (const cpe_struct_t *);

static char *
bind_cpe_component_for_fs (const char *);

static char *
process_quoted_chars (const char *);

static void
trim_pct (char *);

static void
get_code (char *, const char *);

static void
str_cpy (char **, const char *, int);

/**
* @brief Convert a URI CPE to a formatted string CPE.
*
Expand All @@ -49,6 +112,26 @@ uri_cpe_to_fs_cpe (const char *uri_cpe)
return (fs_cpe);
}

/**
* @brief Convert a URI CPE to a formatted string product.
*
* @param[in] uri_cpe A CPE v2.2-conformant URI.
*
* @return A formatted string product.
*/
char *
uri_cpe_to_fs_product (const char *uri_cpe)

Check warning on line 123 in util/cpeutils.c

View check run for this annotation

Codecov / codecov/patch

util/cpeutils.c#L123 

Added line #L123 was not covered by tests
{
cpe_struct_t cpe;
char *fs_cpe;

cpe_struct_init (&cpe);
uri_cpe_to_cpe_struct (uri_cpe, &cpe);
fs_cpe = cpe_struct_to_fs_product (&cpe);
cpe_struct_free (&cpe);
return (fs_cpe);

Check warning on line 132 in util/cpeutils.c

View check run for this annotation

Codecov / codecov/patch

util/cpeutils.c#L128-L132 

Added lines #L128 - L132 were not covered by tests
}

/**
* @brief Convert a formatted string CPE to a URI CPE.
*
Expand All @@ -69,6 +152,26 @@ fs_cpe_to_uri_cpe (const char *fs_cpe)
return (uri_cpe);
}

/**
* @brief Convert a formatted string CPE to an URI product.
*
* @param[in] fs_cpe A formatted string CPE.
*
* @return An URI product.
*/
char *
fs_cpe_to_uri_product (const char *fs_cpe)

Check warning on line 163 in util/cpeutils.c

View check run for this annotation

Codecov / codecov/patch

util/cpeutils.c#L163 

Added line #L163 was not covered by tests
{
cpe_struct_t cpe;
char *uri_cpe;

cpe_struct_init (&cpe);
fs_cpe_to_cpe_struct (fs_cpe, &cpe);
uri_cpe = cpe_struct_to_uri_product (&cpe);
cpe_struct_free (&cpe);
return (uri_cpe);

Check warning on line 172 in util/cpeutils.c

View check run for this annotation

Codecov / codecov/patch

util/cpeutils.c#L168-L172 

Added lines #L168 - L172 were not covered by tests
}

/**
* @brief Read a URI CPE into the CPE struct.
*
Expand Down Expand Up @@ -171,6 +274,44 @@ cpe_struct_to_uri_cpe (const cpe_struct_t *cpe)
return (result);
}

/**
* @brief Convert a CPE struct into a URI product.
*
* @param[in] cpe A pointer to the CPE struct.
*
* @return A CPE v2.2-conformant URI product.
*/
char *
cpe_struct_to_uri_product (const cpe_struct_t *cpe)

Check warning on line 285 in util/cpeutils.c

View check run for this annotation

Codecov / codecov/patch

util/cpeutils.c#L285 

Added line #L285 was not covered by tests
{
GString *uri_cpe;
char *bind_cpe_component;
uri_cpe = g_string_new ("cpe:/");

Check warning on line 289 in util/cpeutils.c

View check run for this annotation

Codecov / codecov/patch

util/cpeutils.c#L289 

Added line #L289 was not covered by tests

bind_cpe_component = bind_cpe_component_for_uri (cpe->part);

Check warning on line 291 in util/cpeutils.c

View check run for this annotation

Codecov / codecov/patch

util/cpeutils.c#L291 

Added line #L291 was not covered by tests
if (bind_cpe_component)
{
g_string_append_printf (uri_cpe, "%s:", bind_cpe_component);
g_free (bind_cpe_component);

Check warning on line 295 in util/cpeutils.c

View check run for this annotation

Codecov / codecov/patch

util/cpeutils.c#L294-L295 

Added lines #L294 - L295 were not covered by tests
}
bind_cpe_component = bind_cpe_component_for_uri (cpe->vendor);

Check warning on line 297 in util/cpeutils.c

View check run for this annotation

Codecov / codecov/patch

util/cpeutils.c#L297 

Added line #L297 was not covered by tests
if (bind_cpe_component)
{
g_string_append_printf (uri_cpe, "%s:", bind_cpe_component);
g_free (bind_cpe_component);

Check warning on line 301 in util/cpeutils.c

View check run for this annotation

Codecov / codecov/patch

util/cpeutils.c#L300-L301 

Added lines #L300 - L301 were not covered by tests
}
bind_cpe_component = bind_cpe_component_for_uri (cpe->product);

Check warning on line 303 in util/cpeutils.c

View check run for this annotation

Codecov / codecov/patch

util/cpeutils.c#L303 

Added line #L303 was not covered by tests
if (bind_cpe_component)
{
g_string_append_printf (uri_cpe, "%s:", bind_cpe_component);
g_free (bind_cpe_component);

Check warning on line 307 in util/cpeutils.c

View check run for this annotation

Codecov / codecov/patch

util/cpeutils.c#L306-L307 

Added lines #L306 - L307 were not covered by tests
}

char *result = g_string_free (uri_cpe, FALSE);
trim_pct (result);
return (result);

Check warning on line 312 in util/cpeutils.c

View check run for this annotation

Codecov / codecov/patch

util/cpeutils.c#L310-L312 

Added lines #L310 - L312 were not covered by tests
}

/**
* @brief Read a formatted string CPE into the CPE struct.
*
Expand Down Expand Up @@ -301,6 +442,42 @@ cpe_struct_to_fs_cpe (const cpe_struct_t *cpe)
return (g_string_free (fs_cpe, FALSE));
}

/**
* @brief Convert a CPE struct into a formatted string product.
*
* @param[in] cpe A pointer to the CPE struct.
*
* @return A formatted string product.
*/
char *
cpe_struct_to_fs_product (const cpe_struct_t *cpe)

Check warning on line 453 in util/cpeutils.c

View check run for this annotation

Codecov / codecov/patch

util/cpeutils.c#L453 

Added line #L453 was not covered by tests
{
GString *fs_cpe;
char *bind_cpe_component;

fs_cpe = g_string_new ("cpe:2.3:");

Check warning on line 458 in util/cpeutils.c

View check run for this annotation

Codecov / codecov/patch

util/cpeutils.c#L458 

Added line #L458 was not covered by tests

bind_cpe_component = bind_cpe_component_for_fs (cpe->part);

Check warning on line 460 in util/cpeutils.c

View check run for this annotation

Codecov / codecov/patch

util/cpeutils.c#L460 

Added line #L460 was not covered by tests
if (bind_cpe_component)
{
g_string_append_printf (fs_cpe, "%s:", bind_cpe_component);
g_free (bind_cpe_component);

Check warning on line 464 in util/cpeutils.c

View check run for this annotation

Codecov / codecov/patch

util/cpeutils.c#L463-L464 

Added lines #L463 - L464 were not covered by tests
}
bind_cpe_component = bind_cpe_component_for_fs (cpe->vendor);

Check warning on line 466 in util/cpeutils.c

View check run for this annotation

Codecov / codecov/patch

util/cpeutils.c#L466 

Added line #L466 was not covered by tests
if (bind_cpe_component)
{
g_string_append_printf (fs_cpe, "%s:", bind_cpe_component);
g_free (bind_cpe_component);

Check warning on line 470 in util/cpeutils.c

View check run for this annotation

Codecov / codecov/patch

util/cpeutils.c#L469-L470 

Added lines #L469 - L470 were not covered by tests
}
bind_cpe_component = bind_cpe_component_for_fs (cpe->product);

Check warning on line 472 in util/cpeutils.c

View check run for this annotation

Codecov / codecov/patch

util/cpeutils.c#L472 

Added line #L472 was not covered by tests
if (bind_cpe_component)
{
g_string_append_printf (fs_cpe, "%s:", bind_cpe_component);
g_free (bind_cpe_component);

Check warning on line 476 in util/cpeutils.c

View check run for this annotation

Codecov / codecov/patch

util/cpeutils.c#L475-L476 

Added lines #L475 - L476 were not covered by tests
}
return (g_string_free (fs_cpe, FALSE));

Check warning on line 478 in util/cpeutils.c

View check run for this annotation

Codecov / codecov/patch

util/cpeutils.c#L478 

Added line #L478 was not covered by tests
}

/**
* @brief Get the indexth component of a URI CPE.
*
Expand Down
76 changes: 13 additions & 63 deletions util/cpeutils.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,68 +37,41 @@ typedef struct
char *
uri_cpe_to_fs_cpe (const char *);

char *
uri_cpe_to_fs_product (const char *);

char *
fs_cpe_to_uri_cpe (const char *);

char *
fs_cpe_to_uri_product (const char *);

void
uri_cpe_to_cpe_struct (const char *, cpe_struct_t *);

char *
cpe_struct_to_uri_cpe (const cpe_struct_t *);

char *
cpe_struct_to_uri_product (const cpe_struct_t *);

void
fs_cpe_to_cpe_struct (const char *, cpe_struct_t *);

char *
cpe_struct_to_fs_cpe (const cpe_struct_t *);

static char *
get_uri_component (const char *, int);

static char *
decode_uri_component (const char *);

static void
unpack_sixth_uri_component (const char *, cpe_struct_t *);

static char *
get_fs_component (const char *, int);

static char *
unbind_fs_component (char *);

static char *
add_quoting (const char *);

static char *
bind_cpe_component_for_uri (const char *);

static char *
transform_for_uri (const char *);

static char *
pack_sixth_uri_component (const cpe_struct_t *);

static char *
bind_cpe_component_for_fs (const char *);

static char *
process_quoted_chars (const char *);
char *
cpe_struct_to_fs_product (const cpe_struct_t *);

void
cpe_struct_init (cpe_struct_t *);

void
cpe_struct_free (cpe_struct_t *);

static void
trim_pct (char *);

static void
get_code (char *, const char *);

static void
str_cpy (char **, const char *, int);
gboolean
cpe_struct_match (cpe_struct_t source, cpe_struct_t target);

enum set_relation
{
Expand All @@ -109,27 +82,4 @@ enum set_relation
UNDEFINED
};

gboolean
cpe_struct_match (cpe_struct_t source, cpe_struct_t target);

static enum set_relation
compare_component (const char *, const char *);

static enum set_relation
compare_strings (const char *, const char *);

static int
count_escapes (const char *, int, int);

static gboolean
is_even_wildcards (const char *, int);

static gboolean
has_wildcards (const char *);

static int
index_of (const char *, const char *, int);

static gboolean
is_string (const char *);
#endif

0 comments on commit a041b8b

Please sign in to comment.