diff --git a/.circleci/config.yml b/.circleci/config.yml deleted file mode 100644 index 260503dc9..000000000 --- a/.circleci/config.yml +++ /dev/null @@ -1,152 +0,0 @@ -version: 2 -jobs: - check_format: - docker: - - image: greenbone/build-env-gvm-libs-master-debian-buster-clang-core - steps: - - checkout - - run: - name: Check Source Format - command: clang-format -i -style=file src/gmp.h src/gmp_base.h src/gmp_delete.h src/gmp_get.h src/gmp_tickets.h src/gmpd.h src/iterator.h src/manage_utils.h src/sql.h src/types.h src/utils.h && git diff --exit-code - test_units: - docker: - - image: greenbone/build-env-gvm-master-debian-stretch-gcc-postgresql - steps: - - run: - working_directory: ~/gvm-libs - name: Checkout gvm-libs - command: git clone --depth 1 https://github.com/greenbone/gvm-libs.git - - run: - working_directory: ~/gvm-libs - name: Configure and compile gvm-libs (Release) - command: pushd gvm-libs && mkdir build && cd build/ && cmake -DCMAKE_BUILD_TYPE=Release .. && make install && popd - - checkout - - run: - name: Configure and run unit tests - command: mkdir build && cd build/ && cmake -DBACKEND=POSTGRESQL -DCMAKE_BUILD_TYPE=Release -DENABLE_COVERAGE=1 .. && make && make tests && CTEST_OUTPUT_ON_FAILURE=1 make test && lcov --directory . --capture --output-file coverage.info && genhtml -o coverage coverage.info - build_postgresql_debug: - docker: - - image: greenbone/build-env-gvm-master-debian-stretch-gcc-postgresql - steps: - - run: - working_directory: ~/gvm-libs - name: Checkout gvm-libs - command: git clone --depth 1 https://github.com/greenbone/gvm-libs.git - - run: - working_directory: ~/gvm-libs - name: Configure and compile gvm-libs (Debug) - command: pushd gvm-libs && mkdir build && cd build/ && cmake -DCMAKE_BUILD_TYPE=Debug .. && make install && popd - - checkout - - run: - name: Configure and Compile (Debug) - command: mkdir build && cd build/ && cmake -DBACKEND=POSTGRESQL -DCMAKE_BUILD_TYPE=Debug .. && make install - build_postgresql_release: - docker: - - image: greenbone/build-env-gvm-master-debian-stretch-gcc-postgresql - steps: - - run: - working_directory: ~/gvm-libs - name: Checkout gvm-libs - command: git clone --depth 1 https://github.com/greenbone/gvm-libs.git - - run: - working_directory: ~/gvm-libs - name: Configure and compile gvm-libs (Release) - command: pushd gvm-libs && mkdir build && cd build/ && cmake -DCMAKE_BUILD_TYPE=Release .. && make install && popd - - checkout - - run: - name: Configure and Compile (Release) - command: mkdir build && cd build/ && cmake -DBACKEND=POSTGRESQL -DCMAKE_BUILD_TYPE=Release .. && make install - build_postgresql_debug_clang: - docker: - - image: greenbone/build-env-gvm-master-debian-stretch-clang-postgresql - steps: - - run: - working_directory: ~/gvm-libs - name: Checkout gvm-libs - command: git clone --depth 1 https://github.com/greenbone/gvm-libs.git - - run: - working_directory: ~/gvm-libs - name: Configure and compile gvm-libs (Release) - command: pushd gvm-libs && mkdir build && cd build/ && cmake -DCMAKE_BUILD_TYPE=Release .. && make install && popd - - checkout - - run: - name: Configure and Compile with Clang (Debug, PostgreSQL) - command: mkdir build && cd build/ && cmake -DCMAKE_C_COMPILER=clang -DCMAKE_C_FLAGS="-Wno-ignored-attributes" -DBACKEND=POSTGRESQL -DCMAKE_BUILD_TYPE=Debug .. && make install - scan_build_postgresql_debug: - docker: - - image: greenbone/build-env-gvm-master-debian-stretch-clang-postgresql - steps: - - run: - working_directory: ~/gvm-libs - name: Checkout gvm-libs - command: git clone --depth 1 https://github.com/greenbone/gvm-libs.git - - run: - working_directory: ~/gvm-libs - name: Configure and compile gvm-libs (Release) - command: pushd gvm-libs && mkdir build && cd build/ && cmake -DCMAKE_BUILD_TYPE=Release .. && make install && popd - - checkout - - run: - name: Configure and Scan Build (Debug, PostgreSQL) - command: mkdir build && cd build/ && scan-build cmake -DBACKEND=POSTGRESQL -DCMAKE_BUILD_TYPE=Debug .. && scan-build -o ~/scan-build-report-postgresql make && [ -z "$(ls -A ~/scan-build-report-postgresql/)" ] - - store_artifacts: - path: ~/scan-build-report-postgresql - build_doc: - docker: - - image: greenbone/code-metrics-doxygen-debian-stretch - steps: - - checkout - - run: - name: Build standard documentation, failing if there are warnings - command: mkdir build && cd build/ && cmake -DSKIP_SRC=1 .. && make doc 2>&1 1>/dev/null | { ! grep --invert-match "CGI::Pretty"; } - gen_xml_doc: - docker: - - image: greenbone/code-metrics-doxygen-debian-stretch - steps: - - checkout - - run: - name: Generate documentation (XML) - command: mkdir build && cd build/ && cmake -DSKIP_SRC=1 .. && make doc-xml 2> ~/doxygen-stderr.txt - - store_artifacts: - path: ~/doxygen-stderr.txt - - persist_to_workspace: - root: ~/project/build/doc/generated/ - paths: - - xml - doc_coverage: - docker: - - image: circleci/python:3.6 - steps: - - attach_workspace: - at: /tmp/workspace - - checkout - - run: - name: Install coverxygen and codecov - command: | - python3 -m venv venv - . venv/bin/activate - pip install 'coverxygen>=1.3.1' codecov - - run: - name: Establish documentation coverage - command: | - . venv/bin/activate - python -m coverxygen --src-dir /root/project --xml-dir /tmp/workspace/xml --output lcov.info - - run: - name: Upload coverage to Codecov - command: | - . venv/bin/activate - codecov -F documentation -X gcov -f lcov.info -workflows: - version: 2 - build: - jobs: - - check_format - - test_units - - build_postgresql_debug - - build_postgresql_release - - build_postgresql_debug_clang - - scan_build_postgresql_debug - - build_doc - - gen_xml_doc - - doc_coverage: - requires: - - gen_xml_doc diff --git a/.docker/build.Dockerfile b/.docker/build.Dockerfile new file mode 100644 index 000000000..e9e53c04b --- /dev/null +++ b/.docker/build.Dockerfile @@ -0,0 +1,35 @@ +# Define ARG we use through the build +ARG VERSION=edge + +# We want gvm-libs to be ready so we use the build docker image of gvm-libs +FROM greenbone/gvm-libs:$VERSION + +# This will make apt-get install without question +ARG DEBIAN_FRONTEND=noninteractive + +# Redefine ARG we use through the build +ARG VERSION + +WORKDIR /usr/local/src + +# Install Debian core dependencies required for building gvm with PostgreSQL +# support and not yet installed as dependencies of gvm-libs-core +RUN apt-get update && \ + apt-get install -y --no-install-recommends \ + build-essential \ + cmake \ + gcc \ + libglib2.0-dev \ + libgnutls28-dev \ + libpq-dev \ + postgresql-server-dev-13 \ + pkg-config \ + libical-dev \ + xsltproc \ + libcgreen1-dev \ + lcov \ + libbsd-dev \ + libgpgme-dev && \ + rm -rf /var/lib/apt/lists/* + +RUN ldconfig diff --git a/.docker/entrypoint.sh b/.docker/entrypoint.sh new file mode 100644 index 000000000..4063de001 --- /dev/null +++ b/.docker/entrypoint.sh @@ -0,0 +1,21 @@ +#!/bin/sh +# Copyright (C) 2022 Greenbone AG +# +# SPDX-License-Identifier: GPL-3.0-or-later +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +#!/bin/bash + +exec gosu gvmd "$@" diff --git a/.docker/prod.Dockerfile b/.docker/prod.Dockerfile new file mode 100644 index 000000000..f9a586ce2 --- /dev/null +++ b/.docker/prod.Dockerfile @@ -0,0 +1,122 @@ +ARG VERSION=unstable +ARG GVM_LIBS_VERSION=edge +ARG DEBIAN_FRONTEND=noninteractive + +FROM greenbone/gvmd-build:${VERSION} as builder + +COPY . /source +WORKDIR /source + +RUN mkdir /build && \ + mkdir /install && \ + cd /build && \ + cmake -DCMAKE_BUILD_TYPE=Release /source && \ + make DESTDIR=/install install + +FROM greenbone/gvm-libs:${GVM_LIBS_VERSION} + +ARG DEBIAN_FRONTEND=noninteractive + +# Runtime dependencies + +# PDF Report +# texlive-fonts-recommended +# texlive-latex-extra + +# HTML Reports, cert data and scan data details +# xsltproc + +# verinice report +# xsltproc +# xmlstarlet +# zip + +# RPM credential packages +# rpm +# fakeroot + +# DEB credential packages +# dpkg +# fakeroot + +# Windows Executable (.exe) credential installer +# nsis + +# signature verification +# gnupg + +# HTTP alerts +# wget + +# SCP alert +# sshpass +# openssh-client + +# Send alert +# socat + +# SNMP alert +# snmp + +# SMB alert +# python3 +# smbclient + +# s/mime email encryption +# gpgsm + +# Loading scap and cert data +# xml-twig-tools + +RUN apt-get update && \ + apt-get install -y --no-install-recommends \ + dpkg \ + fakeroot \ + nsis \ + gosu \ + gnupg \ + gpgsm \ + libbsd0 \ + libgpgme11 \ + libical3 \ + libpq5 \ + openssh-client \ + postgresql-client-13 \ + postgresql-client-common \ + python3 \ + rpm \ + rsync \ + socat \ + smbclient \ + snmp \ + sshpass \ + texlive-fonts-recommended \ + texlive-latex-extra \ + wget \ + xml-twig-tools \ + xmlstarlet \ + xsltproc \ + zip && \ + rm -rf /var/lib/apt/lists/* + +COPY --from=builder /install/ / + +COPY .docker/start-gvmd.sh /usr/local/bin/start-gvmd +COPY .docker/entrypoint.sh /usr/local/bin/entrypoint + +RUN addgroup --gid 1001 --system gvmd && \ + adduser --no-create-home --shell /bin/false --disabled-password --uid 1001 --system --group gvmd + +RUN mkdir -p /run/gvmd && \ + mkdir -p /var/lib/gvm && \ + mkdir -p /var/log/gvm && \ + chown -R gvmd:gvmd /etc/gvm && \ + chown -R gvmd:gvmd /run/gvmd && \ + chown -R gvmd:gvmd /var/lib/gvm && \ + chown -R gvmd:gvmd /var/log/gvm && \ + chmod 755 /usr/local/bin/entrypoint && \ + chmod 755 /usr/local/bin/start-gvmd + +ENTRYPOINT [ "/usr/local/bin/entrypoint" ] + +CMD [ "/usr/local/bin/start-gvmd" ] diff --git a/.docker/start-gvmd.sh b/.docker/start-gvmd.sh new file mode 100644 index 000000000..695e4d51b --- /dev/null +++ b/.docker/start-gvmd.sh @@ -0,0 +1,51 @@ +#!/bin/sh +# Copyright (C) 2022 Greenbone AG +# +# SPDX-License-Identifier: GPL-3.0-or-later +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +#!/bin/sh + +[ -z "$USER" ] && USER="admin" +[ -z "$PASSWORD" ] && PASSWORD="admin" +[ -z "$GVMD_ARGS" ] && GVMD_ARGS="--listen-mode=666" +[ -z "$GVMD_USER" ] && GVMD_USER="gvmd" +[ -z "$PGRES_DATA"] && PGRES_DATA="/var/lib/postgresql" + +# check for psql connection +FILE=$PGRES_DATA/started +until test -f "$FILE"; do + echo "waiting 1 second for ready postgres container" + sleep 1 +done +until psql -U "$GVMD_USER" -d gvmd -c "SELECT 'connected' as connection"; do + echo "waiting 1 second to retry psql connection" + sleep 1 +done + +# migrate db if necessary +gvmd --migrate || true + +gvmd --create-user=$USER --password=$PASSWORD || true + +# set the feed import owner +uid=$(gvmd --get-users --verbose | grep $USER | awk '{print $2}') +gvmd --modify-setting 78eceaec-3385-11ea-b237-28d24461215b --value "$uid" + +echo "starting gvmd" +gvmd $GVMD_ARGS || + (cat /var/log/gvm/gvmd.log && exit 1) + +tail -f /var/log/gvm/gvmd.log diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 000000000..8f8871184 --- /dev/null +++ b/.dockerignore @@ -0,0 +1,4 @@ +.git +.github +.vscode +build diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 8717d5a8d..2277decec 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -1,2 +1,6 @@ # default reviewers -* @timopollmeier @mattmundell +* @greenbone/gvmd-maintainers @mattmundell + +# dev ops +.github/ @greenbone/devops @greenbone/gvmd-maintainers @mattmundell +.docker/ @greenbone/devops @greenbone/gvmd-maintainers @mattmundell diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md deleted file mode 100644 index 4ab5da0de..000000000 --- a/.github/PULL_REQUEST_TEMPLATE.md +++ /dev/null @@ -1,31 +0,0 @@ -**What**: - - - -**Why**: - - - -**How**: - - - -**Checklist**: - - - - - -- [ ] Tests -- [ ] [CHANGELOG](https://github.com/greenbone/gvmd/blob/master/CHANGELOG.md) Entry diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 000000000..5ace4600a --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,6 @@ +version: 2 +updates: + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" diff --git a/.github/workflows/build-and-test.yml b/.github/workflows/build-and-test.yml new file mode 100644 index 000000000..f04cb5078 --- /dev/null +++ b/.github/workflows/build-and-test.yml @@ -0,0 +1,58 @@ +name: 'Build and Test' + +on: + push: + branches: [ main, stable, oldstable ] + pull_request: + branches: [ main, stable, oldstable ] + +jobs: + check-format: + name: Check formatting + runs-on: ubuntu-latest + steps: + - name: Check out gvmd + uses: actions/checkout@v3 + - name: Check Source Format + run: | + clang-format -i -style=file src/gmp_{base,delete,get,tickets}.h \ + src/{gmp,gmpd,iterator,sql,types,utils,manage_utils}.h + git diff --exit-code + + scan-build: + name: scan-build (clang static analyzer) + runs-on: ubuntu-latest + container: greenbone/gvmd-build:unstable + steps: + - name: Check out gvmd + uses: actions/checkout@v3 + - name: Install clang tools + run: | + apt update + apt install --no-install-recommends -y clang clang-format clang-tools + rm -rf /var/lib/apt/lists/* + - name: Configure scan build + run: | + scan-build cmake -B build -DCMAKE_BUILD_TYPE=Debug + scan-build -o ~/scan-build-report cmake --build build + - name: Upload scan-build report + if: failure() + uses: actions/upload-artifact@v3 + with: + name: scan-build-report + path: ~/scan-build-report/ + retention-days: 7 + + test-units: + name: Unit Tests + runs-on: ubuntu-latest + container: greenbone/gvmd-build:unstable + steps: + - name: Check out gvmd + uses: actions/checkout@v3 + - name: Build gvmd + run: | + cmake -B build -DCMAKE_BUILD_TYPE=Debug -DENABLE_COVERAGE=1 + cmake --build build + - name: Configure and run tests + run: CTEST_OUTPUT_ON_FAILURE=1 cmake --build build -- tests test diff --git a/.github/workflows/build-container.yml b/.github/workflows/build-container.yml new file mode 100644 index 000000000..b72900665 --- /dev/null +++ b/.github/workflows/build-container.yml @@ -0,0 +1,73 @@ +name: Build Container Image Builds + +on: + push: + branches: [ main, stable, oldstable ] + tags: ["v*"] + paths: + - .github/workflows/build-container.yml + - .docker/build.Dockerfile + pull_request: + branches: [ main, stable, oldstable ] + paths: + - .github/workflows/build-container.yml + - .docker/build.Dockerfile + workflow_dispatch: + repository_dispatch: + schedule: + # rebuild image every sunday + - cron: "0 0 * * 0" + +jobs: + build-images: + name: "Build Images" + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + - name: Setup container meta information + id: meta + uses: docker/metadata-action@v4 + with: + images: ${{ github.repository }}-build + labels: | + org.opencontainers.image.vendor=Greenbone + org.opencontainers.image.base.name=debian/stable-slim + flavor: latest=false # no latest container tag for git tags + tags: | + # create container tag for git tags + type=ref,event=tag + type=ref,event=pr + # use latest for stable branch + type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'stable') }} + type=raw,value=stable,enable=${{ github.ref == format('refs/heads/{0}', 'stable') }} + type=raw,value=oldstable,enable=${{ github.ref == format('refs/heads/{0}', 'oldstable') }} + # use unstable for main branch + type=raw,value=unstable,enable={{is_default_branch}} + - name: Login to DockerHub + if: github.event_name != 'pull_request' + uses: docker/login-action@v2 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + - run: echo "Build and push ${{ steps.meta.outputs.tags }}" + - name: Set up QEMU + uses: docker/setup-qemu-action@v2 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + - name: Build and push + uses: docker/build-push-action@v4 + with: + context: . + push: ${{ github.event_name != 'pull_request' }} + file: .docker/build.Dockerfile + platforms: linux/amd64,linux/arm64 + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + - name: Trigger libtheia container build + if: github.event_name != 'pull_request' + run: | + curl -X POST https://api.github.com/repos/greenbone/libtheia/actions/workflows/container.yml/dispatches \ + -H "Accept: application/vnd.github.v3+json" \ + -u greenbonebot:${{ secrets.GREENBONE_BOT_TOKEN }} \ + -d '{"ref":"main"}' diff --git a/.github/workflows/build-docs.yml b/.github/workflows/build-docs.yml new file mode 100644 index 000000000..b12a1e991 --- /dev/null +++ b/.github/workflows/build-docs.yml @@ -0,0 +1,34 @@ +name: 'Build Documentation' + +on: + push: + branches: [ main, stable, oldstable ] + +jobs: + generate-doc-and-upload-coverage: + name: Build XML documentation and upload coverage + runs-on: ubuntu-latest + container: greenbone/doxygen + steps: + - name: Run the c lang coverage action + uses: greenbone/actions/doc-coverage-clang@v2 + + build-gmp-doc: + name: Build GMP documentation + runs-on: ubuntu-latest + container: greenbone/gvmd-build:latest + steps: + - name: Check out gvmd + uses: actions/checkout@v3 + - name: Generate GMP documentation (HTML) + run: | + mkdir build + cd build + cmake -DSKIP_SRC=1 .. + make doc-gmp + - name: Upload GMP documentation artifact + uses: actions/upload-artifact@v3 + with: + name: gmp.html + path: build/doc/gmp.html + retention-days: 14 diff --git a/.github/workflows/codeql-analysis-c.yml b/.github/workflows/codeql-analysis-c.yml new file mode 100644 index 000000000..45085db6f --- /dev/null +++ b/.github/workflows/codeql-analysis-c.yml @@ -0,0 +1,45 @@ +name: "CodeQL" + +on: + push: + branches: [ main, stable, oldstable ] + pull_request: + branches: [ main, stable, oldstable ] + paths-ignore: + - '**/*.md' + - '**/*.txt' + schedule: + - cron: '30 5 * * 0' # 5:30h on Sundays + +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + container: greenbone/gvmd-build:unstable + + strategy: + fail-fast: false + matrix: + language: [ 'c' ] + + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Initialize CodeQL + uses: github/codeql-action/init@v2 + with: + languages: ${{ matrix.language }} + # build between init and analyze ... + - name: Configure and compile gvmd + run: | + mkdir build + cd build/ + cmake -DCMAKE_BUILD_TYPE=Debug .. + make install + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v2 diff --git a/.github/workflows/container.yml b/.github/workflows/container.yml new file mode 100644 index 000000000..b122911a5 --- /dev/null +++ b/.github/workflows/container.yml @@ -0,0 +1,61 @@ +name: Container Image Builds + +on: + push: + branches: [main, stable, oldstable] + tags: ["v*"] + pull_request: + branches: [main, stable, oldstable] + workflow_dispatch: + repository_dispatch: + +jobs: + images: + name: Production Images + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v3 + - name: Setup container meta information + id: meta + uses: docker/metadata-action@v4 + with: + images: ${{ github.repository }} + labels: | + org.opencontainers.image.vendor=Greenbone + org.opencontainers.image.base.name=debian/stable-slim + flavor: latest=false # no latest container tag for git tags + tags: | + # use container tag for git tags + type=match,pattern=v(.*),group=1 + # use latest for latest tag from stable branch + type=raw,value=latest,enable=${{ github.ref_type == 'tag' && startsWith(github.ref_name, 'v22.4') }} + # use stable for latest 22.4 tag + type=raw,value=stable,enable=${{ github.ref_type == 'tag' && startsWith(github.ref_name, 'v22.4') }} + # use oldstable for latest 21.4 tag + type=raw,value=oldstable,enable=${{ github.ref_type == 'tag' && startsWith(github.ref_name, 'v21.4') }} + # use edge for default branch + type=edge + # use branch-sha otherwise for pushes to branches other then main (will not be uploaded) + type=raw,value={{branch}}-{{sha}},enable=${{ github.ref_type == 'branch' && github.event_name == 'push' && github.ref_name != 'main' }} + # use pr-$PR_ID for pull requests (will not be uploaded) + type=ref,event=pr + - name: Login to Docker Registry + if: github.event_name != 'pull_request' + uses: docker/login-action@v2 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + - name: Set up QEMU + uses: docker/setup-qemu-action@v2 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + - name: Build and push Container image + uses: docker/build-push-action@v4 + with: + context: . + push: ${{ github.event_name != 'pull_request' && (github.ref_type == 'tag' || github.ref_name == 'main') }} + file: .docker/prod.Dockerfile + platforms: linux/amd64,linux/arm64 + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} diff --git a/.github/workflows/conventional-commits.yml b/.github/workflows/conventional-commits.yml new file mode 100644 index 000000000..9b631f60e --- /dev/null +++ b/.github/workflows/conventional-commits.yml @@ -0,0 +1,15 @@ +name: Conventional Commits + +on: + pull_request: + +permissions: + pull-requests: write + +jobs: + conventional-commits: + name: Conventional Commits + runs-on: ubuntu-latest + steps: + - name: Report Conventional Commits + uses: greenbone/actions/conventional-commits@v2 diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml new file mode 100644 index 000000000..bbc5a50d9 --- /dev/null +++ b/.github/workflows/dependency-review.yml @@ -0,0 +1,12 @@ +name: 'Dependency Review' +on: [pull_request] + +permissions: + contents: read + +jobs: + dependency-review: + runs-on: ubuntu-latest + steps: + - name: 'Dependency Review' + uses: greenbone/actions/dependency-review@v2 diff --git a/.github/workflows/release-pontos.yml b/.github/workflows/release-pontos.yml new file mode 100644 index 000000000..85da7c555 --- /dev/null +++ b/.github/workflows/release-pontos.yml @@ -0,0 +1,34 @@ +name: Release gvmd with pontos + +on: + pull_request: + types: [closed] + workflow_dispatch: + +jobs: + build-and-release: + name: Create a new release with pontos + # If the event is a workflow_dispatch or the label 'make release' is set and PR is closed because of a merge + if: (github.event_name == 'workflow_dispatch') || (contains( github.event.pull_request.labels.*.name, 'make release') && github.event.pull_request.merged == true) + runs-on: "ubuntu-latest" + steps: + - name: Setting the Reference + run: | + if [[ "${{ github.event_name }}" = "workflow_dispatch" ]]; then + echo "RELEASE_REF=${{ github.ref_name }}" >> $GITHUB_ENV + else + echo "RELEASE_REF=${{ github.base_ref }}" >> $GITHUB_ENV + fi + - name: Release with release action + uses: greenbone/actions/release@v2 + with: + python-version: "3.10" + conventional-commits: true + github-user: ${{ secrets.GREENBONE_BOT }} + github-user-mail: ${{ secrets.GREENBONE_BOT_MAIL }} + github-user-token: ${{ secrets.GREENBONE_BOT_TOKEN }} + gpg-key: ${{ secrets.GPG_KEY }} + gpg-fingerprint: ${{ secrets.GPG_FINGERPRINT }} + gpg-passphrase: ${{ secrets.GPG_PASSPHRASE }} + strategy: calendar + ref: ${{ env.RELEASE_REF }} diff --git a/.github/workflows/sbom-upload.yml b/.github/workflows/sbom-upload.yml new file mode 100644 index 000000000..28289bdfe --- /dev/null +++ b/.github/workflows/sbom-upload.yml @@ -0,0 +1,14 @@ +name: SBOM upload +on: + workflow_dispatch: + push: + branches: ["main"] +jobs: + SBOM-upload: + runs-on: ubuntu-latest + permissions: + id-token: write + contents: write + steps: + - name: 'SBOM upload' + uses: greenbone/actions/sbom-upload@v2 diff --git a/.gitignore b/.gitignore index 567609b12..4a7968117 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,4 @@ build/ +tags +.ccls +.vscode diff --git a/.mergify.yml b/.mergify.yml new file mode 100644 index 000000000..70037f949 --- /dev/null +++ b/.mergify.yml @@ -0,0 +1,57 @@ +pull_request_rules: + # backports from main branch + - name: backport main patches to stable branch + conditions: + - base=main + - label=backport-to-stable + actions: + backport: + branches: + - stable + + - name: backport main patches to oldstable branch + conditions: + - base=main + - label=backport-to-oldstable + actions: + backport: + branches: + - oldstable + + # backports from upcoming release branch + - name: backport stable patches to main branch + conditions: + - base=stable + - label=backport-to-main + actions: + backport: + branches: + - main + + - name: backport stable patches to oldstable branch + conditions: + - base=stable + - label=backport-to-oldstable + actions: + backport: + branches: + - oldstable + + # backports from current release branch + - name: backport oldstable patches to main branch + conditions: + - base=oldstable + - label=backport-to-main + actions: + backport: + branches: + - main + + - name: backport oldstable patches to stable branch + conditions: + - base=oldstable + - label=backport-to-stable + actions: + backport: + branches: + - stable diff --git a/CHANGELOG.md b/CHANGELOG.md index 9ace03cfb..adf04ab77 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,33 +4,232 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). -## [21.4] (unreleased) +## [22.4] (unreleased) + +### Added +- Add a new modification_time column to reports [#1513](https://github.com/greenbone/gvmd/pull/1513), [#1519](https://github.com/greenbone/gvmd/pull/1519), [#1590](https://github.com/greenbone/gvmd/pull/1590) +- Add basic Sentry integration and logging [#1550](https://github.com/greenbone/gvmd/pull/1550) +- Add GMP get_license and modify_license [#1642](https://github.com/greenbone/gvmd/pull/1642), [#1692](https://github.com/greenbone/gvmd/pull/1692), [#1696](https://github.com/greenbone/gvmd/pull/1696) +### Changed +- Use pg-gvm extension for C PostgreSQL functions [#1400](https://github.com/greenbone/gvmd/pull/1400), [#1453](https://github.com/greenbone/gvmd/pull/1453) +- Change report timestamp filter and iterator columns [#1512](https://github.com/greenbone/gvmd/pull/1512) +- Rename the date column of reports to creation_time [#1520](https://github.com/greenbone/gvmd/pull/1520) +- Send the script timeout to the scanner as script preferences [#1670](https://github.com/greenbone/gvmd/pull/1670) + +### Fixed +- Improve VT version handling for CVE & OVAL results [#1496](https://github.com/greenbone/gvmd/pull/1496) +- Fix migration to DB version 242 from gvmd 20.08 [#1498](https://github.com/greenbone/gvmd/pull/1498) +- Update subject alternative name in certificate generation [#1503](https://github.com/greenbone/gvmd/pull/1503) + +### Removed +- Remove Network Source Interface from gvmd [#1511](https://github.com/greenbone/gvmd/pull/1511) +- Removed OVAL definitions from gvmd [#1525](https://github.com/greenbone/gvmd/pull/1525) +- Removed OVAL definitions from GMP and gvmd documentation [1551](https://github.com/greenbone/gvmd/pull/1551) +- Removed the Business Process Map from gvmd [1627](https://github.com/greenbone/gvmd/pull/1627) +- Removed ifaces element from users [#1676](https://github.com/greenbone/gvmd/pull/1676) +- Removed OSP scanners from gvmd [#1689](https://github.com/greenbone/gvmd/pull/1689) [#1691](https://github.com/greenbone/gvmd/pull/1691) [#1694](https://github.com/greenbone/gvmd/pull/1694) [#1701](https://github.com/greenbone/gvmd/pull/1701) + +[Unreleased]: https://github.com/greenbone/gvmd/compare/stable...main + +## [21.4.4] (unreleased) +### Added +- Add --rebuild-gvmd-data command line option [#1680](https://github.com/greenbone/gvmd/pull/1680) [#1683](https://github.com/greenbone/gvmd/pull/1683) + +### Changed +### Deprecated +### Removed +### Fixed +- Ensure gvmd sends error messages if gvmcg fails [#1682](https://github.com/greenbone/gvmd/pull/1682) +- Fix resume task. + [#1679](https://github.com/greenbone/gvmd/pull/1679) + [#1695](https://github.com/greenbone/gvmd/pull/1695) +- Added a dedicated error message for the create ticket dialogue when the create permission permission is missing [#1686](https://github.com/greenbone/gvmd/pull/1686) +- Fix import of report results / errors without host [#1687](https://github.com/greenbone/gvmd/pull/1687) + +[Unreleased]: https://github.com/greenbone/gvmd/compare/v21.4.3...HEAD + + +## [21.4.3] - 2021-08-03 +### Fixed +- Fix sending prefs for whole, growing VT families [#1603](https://github.com/greenbone/gvmd/pull/1603) +- Add trash columns for target "elevate" credential [#1636](https://github.com/greenbone/gvmd/pull/1636) + +[21.4.3]: https://github.com/greenbone/gvmd/compare/v21.4.2...stable + +## [21.4.2] - 2021-06-28 +### Fixed +- Amended Test, if the ssh elevate credential is different from the ssh credential [#1586](https://github.com/greenbone/gvmd/pull/1586) +- Added the missing GMP documentation for the ssh elevate credential [#1591](https://github.com/greenbone/gvmd/pull/1591) + +[21.4.2]: https://github.com/greenbone/gvmd/compare/v21.4.1...v21.4.2 + +## [21.4.1] - 2021-06-23 + +### Added +- Add NVT tag "deprecated" [#1536](https://github.com/greenbone/gvmd/pull/1536) +- Extend GMP for new privilege escalation credential [#1535](https://github.com/greenbone/gvmd/pull/1535) +- Include new ssh elevate (escalation) credential in OSP request [#1539](https://github.com/greenbone/gvmd/pull/1539) +- Add test if the ssh elevate credential is different from the ssh credential [#1582](https://github.com/greenbone/gvmd/pull/1582) + +### Changed +- Update default log config [#1501](https://github.com/greenbone/gvmd/pull/1501) + +### Fixed +- Improve VT version handling for CVE & OVAL results [#1496](https://github.com/greenbone/gvmd/pull/1496) +- Fix migration to DB version 242 from gvmd 20.08 [#1498](https://github.com/greenbone/gvmd/pull/1498) +- Update subject alternative name in certificate generation [#1503](https://github.com/greenbone/gvmd/pull/1503) +- Fix whole-only config family selection [#1517](https://github.com/greenbone/gvmd/pull/1517) +- Migrate GMP Scanners to OSP Sensors [#1533](https://github.com/greenbone/gvmd/pull/1533) +- Solved a peformance problem for tasks after scanning lots of hosts [#1567](https://github.com/greenbone/gvmd/pull/1567) + +[21.4.1]: https://github.com/greenbone/gvmd/compare/v21.4.0...v21.4.1 + +## [21.4.0] (2021-04-16) + +### Added +- Extend GMP for extended severities [#1326](https://github.com/greenbone/gvmd/pull/1326) [#1329](https://github.com/greenbone/gvmd/pull/1329) [#1359](https://github.com/greenbone/gvmd/pull/1359) [#1371](https://github.com/greenbone/gvmd/pull/1371) [#1477](https://github.com/greenbone/gvmd/pull/1477) [#1488](https://github.com/greenbone/gvmd/pull/1488) +- Parameter `--db-user` to set a database user [#1327](https://github.com/greenbone/gvmd/pull/1327) +- Add `allow_simultaneous_ips` field for targets [#1346](https://github.com/greenbone/gvmd/pull/1346) [#1396](https://github.com/greenbone/gvmd/pull/1396) +- Speed up GET_VULNS [#1354](https://github.com/greenbone/gvmd/pull/1354) [#1355](https://github.com/greenbone/gvmd/pull/1354) +- Speed up result counting iterator [#1358](https://github.com/greenbone/gvmd/pull/1358) [#1361](https://github.com/greenbone/gvmd/pull/1361) +- Speed up result iterator [#1370](https://github.com/greenbone/gvmd/pull/1358) [#1361](https://github.com/greenbone/gvmd/pull/1370) +- Improve GMP docs around users [#1363](https://github.com/greenbone/gvmd/pull/1363) +- Cache report counts when Dynamic Severity is enabled [#1389](https://github.com/greenbone/gvmd/pull/1389) +- Detection entry detection while importing reports [#1405](https://github.com/greenbone/gvmd/pull/1405) ### Changed - Move EXE credential generation to a Python script [#1260](https://github.com/greenbone/gvmd/pull/1260) [#1262](https://github.com/greenbone/gvmd/pull/1262) - Clarify documentation for --scan-host parameter [#1277](https://github.com/greenbone/gvmd/pull/1277) +- In result iterator access severity directly if possible [#1321](https://github.com/greenbone/gvmd/pull/1321) +- Change SCAP and CERT data to use "severity" consistently [#1333](https://github.com/greenbone/gvmd/pull/1333) [#1357](https://github.com/greenbone/gvmd/pull/1357) [#1365](https://github.com/greenbone/gvmd/pull/1365) [#1457](https://github.com/greenbone/gvmd/pull/1457) [#1476](https://github.com/greenbone/gvmd/pull/1476) +- Expect report format scripts to exit with code 0 [#1383](https://github.com/greenbone/gvmd/pull/1383) +- Send entire families to ospd-openvas using VT_GROUP [#1384](https://github.com/greenbone/gvmd/pull/1384) +- Limit "whole-only" config families to "growing" and "every nvt" [#1386](https://github.com/greenbone/gvmd/pull/1386) +- Access current user with an SQL function [#1399](https://github.com/greenbone/gvmd/pull/1399) +- Refactor modify_config, allowing multiple simultaneous changes [#1404](https://github.com/greenbone/gvmd/pull/1404) +- Add retry on a deadlock within sql#sql [#1460](https://github.com/greenbone/gvmd/pull/1460) +- Don't require report format plugin for XML report [#1466](https://github.com/greenbone/gvmd/pull/1466) +- Wording of `Rebuilding NVTs because integrity check failed` [1475](https://github.com/greenbone/gvmd/pull/1475) ### Fixed - Use GMP version with leading zero for feed dirs [#1287](https://github.com/greenbone/gvmd/pull/1287) +- Check db version before creating SQL functions [#1304](https://github.com/greenbone/gvmd/pull/1304) +- Fix severity_in_level SQL function [#1312](https://github.com/greenbone/gvmd/pull/1312) +- Fix and simplify SecInfo migration [#1331](https://github.com/greenbone/gvmd/pull/1331) +- Prevent CPE/NVD_ID from being "(null)" [#1369](https://github.com/greenbone/gvmd/pull/1369) +- Check DB versions before CERT severity updates [#1376](https://github.com/greenbone/gvmd/pull/1376) +- Add owner checks to report_count queries [#1397](https://github.com/greenbone/gvmd/pull/1397) ### Removed +- Remove solution element from VT tags [#886](https://github.com/greenbone/gvmd/pull/886) +- Drop GMP scanners [#1269](https://github.com/greenbone/gvmd/pull/1269) - Reduce Severity Classes [#1285](https://github.com/greenbone/gvmd/pull/1285) +- Removed Severity Classes [#1288](https://github.com/greenbone/gvmd/pull/1288) +- Remove remaining use of "Severity Class" in where_levels_auto [#1311](https://github.com/greenbone/gvmd/pull/1311) +- Remove the functionality "autofp" (Auto False Positives) [#1300](https://github.com/greenbone/gvmd/pull/1300) +- Remove severity type "debug" [#1316](https://github.com/greenbone/gvmd/pull/1316) +- Remove element "threat" of element "notes" [#1324](https://github.com/greenbone/gvmd/pull/1324) + +[21.4.0]: https://github.com/greenbone/gvmd/compare/oldstable...v21.4.0 + +## [20.8.4] - Unreleased +### Added +### Changed +* Changed defaults for installation locations [#1662](https://github.com/greenbone/gvmd/pull/1662) [#1665](https://github.com/greenbone/gvmd/pull/1665) + * SYSCONFDIR is /etc by default now + * LOCALSTATEDIR is /var by default now + * GVM_RUN_DIR is /run/gvm by default now + * OPENVAS_DEFAULT_SOCKET is /run/ospd/ospd-openvas.sock by default now + * SYSTEMD_SERVICE_DIR is /lib/systemd/system by default now + * Removed gvmd.default file and adjusted gvmd.service file accordingly + * GVM_FEED_LOCK_PATH is /var/lib/gvm/feed-update.lock by default now + +### Deprecated +### Removed +* Remove BID from GMP documentation [#1673](https://github.com/greenbone/gvmd/pull/1673) + +### Fixed +- Fixed the lack of the severities in the display of the applications [#1666](https://github.com/greenbone/gvmd/pull/1666) + +[20.8.4]: https://github.com/greenbone/gvmd/compare/v20.8.3...oldstable + + +## [20.8.3] - 2021-08-03 + +### Added +- Add --optimize add-/cleanup-feed-permissions [#1612](https://github.com/greenbone/gvmd/pull/1612) + +### Changed +- Use less report cache SQL when adding results [#1618](https://github.com/greenbone/gvmd/pull/1618) + +### Fixed +- Solved a performance problem when filtering results by tags [#1579](https://github.com/greenbone/gvmd/pull/1579) +- Fix VTs hash check and add --dump-vt-verification + [#1611](https://github.com/greenbone/gvmd/pull/1611) + [#1629](https://github.com/greenbone/gvmd/pull/1629) + [#1641](https://github.com/greenbone/gvmd/pull/1651) + [#1643](https://github.com/greenbone/gvmd/pull/1643) + [#1655](https://github.com/greenbone/gvmd/pull/1655) +- Fix memory errors in modify_permission [#1613](https://github.com/greenbone/gvmd/pull/1613) +- Fix sensor connection for performance reports on failure [#1633](https://github.com/greenbone/gvmd/pull/1633) +- Sort the "host" column by IPv4 address if possible [#1637](https://github.com/greenbone/gvmd/pull/1637) +- Fix for parse_iso_time_tz error with musl library [#1644](https://github.com/greenbone/gvmd/pull/1644) + +[20.8.3]: https://github.com/greenbone/gvmd/compare/v20.8.2...oldstable + +## [20.8.2] - 2021-06-23 + +### Added +- Add standard info elem fields for NVTs in get_info [#1426](https://github.com/greenbone/gvmd/pull/1426) +- Add --ldap-debug option [#1439](https://github.com/greenbone/gvmd/pull/1439) +- Try to install PostgreSQL extensions automatically [#1444](https://github.com/greenbone/gvmd/pull/1444) [#1483](https://github.com/greenbone/gvmd/pull/1483) +- Add auto retry on scanner connection lost during a running task [#1452](https://github.com/greenbone/gvmd/pull/1452) +- Add --feed-lock-timeout option [#1472](https://github.com/greenbone/gvmd/pull/1472) +- datetime parser for `%Y-%m-%dT%Hh%M` for keywords [1518](https://github.com/greenbone/gvmd/pull/1518) + +### Changed +- Improve report counts performance [#1438](https://github.com/greenbone/gvmd/pull/1438) +- Clean up log config, add gvm-libs log domains [#1502](https://github.com/greenbone/gvmd/pull/1502) +- Sort missing severity as lowest value in GMP get [#1508](https://github.com/greenbone/gvmd/pull/1508) +- Use passwordbasedauthentication of gvm-libs instead of auth_utils [#1505](https://github.com/greenbone/gvmd/pull/1505) +- Set file permissions in greenbone-feed-sync [#1575](https://github.com/greenbone/gvmd/pull/1575) + +### Fixed +- Also create owner WITH clause for single resources [#1406](https://github.com/greenbone/gvmd/pull/1406) +- Fix SQL escaping when adding VT references [#1429](https://github.com/greenbone/gvmd/pull/1429) +- Update report run status more consistently [#1434](https://github.com/greenbone/gvmd/pull/1434) +- Improve modify_override errors, fix no NVT case [#1435](https://github.com/greenbone/gvmd/pull/1435) +- Fix size calculation in `--optimize vacuum` [#1447](https://github.com/greenbone/gvmd/pull/1447) +- Fix report host end time check in CVE scans [#1462](https://github.com/greenbone/gvmd/pull/1462) +- Fix "not regexp ..." filters [#1482](https://github.com/greenbone/gvmd/pull/1482) +- Escape TLS certificate DNs that are invalid UTF-8 [#1486](https://github.com/greenbone/gvmd/pull/1486) +- Free alert get data in report_content_for_alert [#1526](https://github.com/greenbone/gvmd/pull/1526) +- Fix erroneous freeing of ical timezone component [#1530](https://github.com/greenbone/gvmd/pull/1530) +- Fixed the sorting / filter by username functionality for remediation tickets [#1546](https://github.com/greenbone/gvmd/pull/1546) +- The alterable indicator is now copied when cloning a task [#1553](https://github.com/greenbone/gvmd/pull/1553) +- Fix stop resume feature. [#1568](https://github.com/greenbone/gvmd/pull/1568) ### Removed -- Drop GMP scanners [#1269](https://github.com/greenbone/gvmd/pull/1269) -[21.4]: https://github.com/greenbone/gvmd/compare/gvmd-20.08...master +[20.8.2]: https://github.com/greenbone/gvmd/compare/v20.8.1...oldstable -## [20.8.1] (unreleased) +## [20.8.1] (2021-02-02) ### Added - Added ability to enter Subject Alternative Names (SAN) when generating a CSR [#1246](https://github.com/greenbone/gvmd/pull/1246) - Add filter term 'predefined' [#1263](https://github.com/greenbone/gvmd/pull/1263) +- Add missing elements in get_nvts and get_preferences GMP doc [#1307](https://github.com/greenbone/gvmd/pull/1307) +- Add command line options db-host and db-port [#1308](https://github.com/greenbone/gvmd/pull/1308) +- Add missing config and target to modify_task GMP doc [#1310](https://github.com/greenbone/gvmd/pull/1310) +- Add version for NVTs and CVEs in make_osp_result [#1335](https://github.com/greenbone/gvmd/pull/1335) +- Add check if gvmd data feed dir exists [#1360](https://github.com/greenbone/gvmd/pull/1360) [#1362](https://github.com/greenbone/gvmd/pull/1362) ### Changed - Extended the output of invalid / missing --feed parameter given to greenbone-feed-sync [#1255](https://github.com/greenbone/gvmd/pull/1255) - The xsltproc binary is now marked as mandatory [#1259](https://github.com/greenbone/gvmd/pull/1259) - Check feed status without acquiring lock [#1266](https://github.com/greenbone/gvmd/pull/1266) +- Use timestamp in automatic sensor task names [#1390](https://github.com/greenbone/gvmd/pull/1390) +- Replace g_file_test with gvm-libs file tests [#1391](https://github.com/greenbone/gvmd/pull/1391) ### Fixed - Add dummy functions to allow restoring old dumps [#1251](https://github.com/greenbone/gvmd/pull/1251) @@ -41,11 +240,39 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Fix alternative options for radio type preferences when exporting a scan_config [#1278](http://github.com/greenbone/gvmd/pull/1278) - Replace deprecated sys_siglist with strsignal [#1280](https://github.com/greenbone/gvmd/pull/1280) - Copy instead of moving when migrating predefined report formats [#1286](https://github.com/greenbone/gvmd/pull/1286) +- Skip DB check in helpers when main process is running [#1291](https://github.com/greenbone/gvmd/pull/1291) +- Recreate vulns after sync [#1292](https://github.com/greenbone/gvmd/pull/1292) +- Add SecInfo case to alert check in MODIFY_FILTER [#1293](https://github.com/greenbone/gvmd/pull/1293) +- For radio prefs in GMP exclude value and include default [#1296](https://github.com/greenbone/gvmd/pull/1296) +- Add permission check on host in OS host count [#1301](https://github.com/greenbone/gvmd/pull/1301) +- Auto delete at the start of scheduling so it always runs [#1302](https://github.com/greenbone/gvmd/pull/1302) +- Fix create_credential for snmpv3. [#1305](https://github.com/greenbone/gvmd/pull/1305) +- Remove extra spaces when parsing report format param type [#1309](https://github.com/greenbone/gvmd/pull/1309) +- Correct arg to alert_uuid [#1313](https://github.com/greenbone/gvmd/pull/1313) +- Switch result filter column 'task' from task ID to name task name [#1317](https://github.com/greenbone/gvmd/pull/1317) +- Correct check of get_certificate_info return [#1318](https://github.com/greenbone/gvmd/pull/1318) +- Fix GMP doc text of `active` elem for notes and overrides [#1323](https://github.com/greenbone/gvmd/pull/1323) +- Move feed object in trash checks to startup [#1325](https://github.com/greenbone/gvmd/pull/1325) +- Do not inherit settings from deleted users [#1328](https://github.com/greenbone/gvmd/pull/1328) +- Delete TLS certificate sources when deleting users [#1334](https://github.com/greenbone/gvmd/pull/1334) +- Fix SQL errors in SCAP and CERT update [#1343](https://github.com/greenbone/gvmd/pull/1343) +- Always check for 'All' when deleting selectors [#1342](https://github.com/greenbone/gvmd/pull/1342) +- Account for -1 of orphans when deleting permission [#1345](https://github.com/greenbone/gvmd/pull/1345) +- Allow config to sync even if NVT family is not available [#1347](https://github.com/greenbone/gvmd/pull/1347) +- Check private key when modifying credential [#1351](https://github.com/greenbone/gvmd/pull/1351) +- Clean up hosts strings before using them [#1352](https://github.com/greenbone/gvmd/pull/1352) +- Improve SCP username and destination path handling [#1350](https://github.com/greenbone/gvmd/pull/1350) +- Fix response memory handling in handle_osp_scan [#1364](https://github.com/greenbone/gvmd/pull/1364) +- Allow config to sync even if NVT family is not available [#1366](https://github.com/greenbone/gvmd/pull/1366) +- Delete report format dirs last when deleting a user [#1368](https://github.com/greenbone/gvmd/pull/1368) +- Fix sorting in get_aggregates and its documentation [#1375](https://github.com/greenbone/gvmd/pull/1375) +- Improve "Failed to find..." messages [#1395](https://github.com/greenbone/gvmd/pull/1395) +- Memory handling in various occasions [#1417](https://github.com/greenbone/gvmd/pull/1417) ### Removed - Remove DROP from vulns creation [#1281](http://github.com/greenbone/gvmd/pull/1281) -[20.8.1]: https://github.com/greenbone/gvmd/compare/v20.8.0...gvmd-20.08 +[20.8.1]: https://github.com/greenbone/gvmd/compare/v20.8.0...gvmd-20.8.1 ## [20.8.0] (2020-08-11) diff --git a/CMakeLists.txt b/CMakeLists.txt index 8143d5587..641416648 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -1,4 +1,4 @@ -# Copyright (C) 2009-2019 Greenbone Networks GmbH +# Copyright (C) 2009-2022 Greenbone AG # # SPDX-License-Identifier: AGPL-3.0-or-later # @@ -20,7 +20,7 @@ cmake_minimum_required (VERSION 3.0) message ("-- Configuring Greenbone Vulnerability Manager...") project (gvm - VERSION 21.4.0 + VERSION 22.4.1 LANGUAGES C) if (POLICY CMP0005) @@ -37,6 +37,8 @@ endif (NOT CMAKE_BUILD_TYPE) OPTION (ENABLE_COVERAGE "Enable support for coverage analysis" OFF) OPTION (DEBUG_FUNCTION_NAMES "Print function names on entry and exit" OFF) +# the shell based scripts got replaced by https://github.com/greenbone/greenbone-feed-sync/ +OPTION (INSTALL_OLD_SYNC_SCRIPTS "Install shell based feed sync scripts" OFF) ## Retrieve git revision (at configure time) include (GetGit) @@ -85,7 +87,7 @@ set (CPACK_PACKAGE_VERSION "${PROJECT_VERSION_STRING}${PROJECT_VERSION_GIT}") set (CPACK_PACKAGE_FILE_NAME "${PROJECT_NAME}-${CPACK_PACKAGE_VERSION}") set (CPACK_SOURCE_PACKAGE_FILE_NAME "${PROJECT_NAME}-${CPACK_PACKAGE_VERSION}") -set (CPACK_PACKAGE_VENDOR "Greenbone Networks GmbH") +set (CPACK_PACKAGE_VENDOR "Greenbone AG") set (CPACK_SOURCE_IGNORE_FILES "${CMAKE_BINARY_DIR}" "/.git/" @@ -96,21 +98,21 @@ include (CPack) ## Variables -set (GVMD_DATABASE_VERSION 234) +set (GVMD_DATABASE_VERSION 253) -set (GVMD_SCAP_DATABASE_VERSION 16) +set (GVMD_SCAP_DATABASE_VERSION 20) -set (GVMD_CERT_DATABASE_VERSION 6) +set (GVMD_CERT_DATABASE_VERSION 8) -set (GMP_VERSION "21.4") -set (GMP_VERSION_FEED "21.04") +set (GMP_VERSION "22.4") +set (GMP_VERSION_FEED "22.04") if (SYSCONF_INSTALL_DIR) set (SYSCONFDIR "${SYSCONF_INSTALL_DIR}") endif (SYSCONF_INSTALL_DIR) if (NOT SYSCONFDIR) - set (SYSCONFDIR "${CMAKE_INSTALL_PREFIX}/etc") + set (SYSCONFDIR "/etc") endif (NOT SYSCONFDIR) if (NOT EXEC_PREFIX) @@ -130,7 +132,7 @@ if (NOT LIBDIR) endif (NOT LIBDIR) if (NOT LOCALSTATEDIR) - set (LOCALSTATEDIR "${CMAKE_INSTALL_PREFIX}/var") + set (LOCALSTATEDIR "/var") endif (NOT LOCALSTATEDIR) if (NOT DATADIR) @@ -180,17 +182,21 @@ set (GVM_CLIENT_CERTIFICATE "${GVM_STATE_DIR}/CA/clientcert.pem") set (GVM_CLIENT_KEY "${GVM_STATE_DIR}/private/CA/clientkey.pem") set (GVM_CA_CERTIFICATE "${GVM_STATE_DIR}/CA/cacert.pem") -if (NOT GVM_RUN_DIR) - set (GVM_RUN_DIR "${LOCALSTATEDIR}/run") -endif (NOT GVM_RUN_DIR) +if (NOT GVMD_RUN_DIR) + set (GVMD_RUN_DIR "/run/gvmd") +endif (NOT GVMD_RUN_DIR) + +if (NOT GVMD_PID_PATH) + set (GVMD_PID_PATH "${GVMD_RUN_DIR}/gvmd.pid") +endif (NOT GVMD_PID_PATH) if (NOT GVM_FEED_LOCK_PATH) - set (GVM_FEED_LOCK_PATH "${GVM_RUN_DIR}/feed-update.lock") + set (GVM_FEED_LOCK_PATH "${GVM_STATE_DIR}/feed-update.lock") endif (NOT GVM_FEED_LOCK_PATH) add_definitions (-DGVM_FEED_LOCK_PATH="${GVM_FEED_LOCK_PATH}") if (NOT OPENVAS_DEFAULT_SOCKET) - set (OPENVAS_DEFAULT_SOCKET "/var/run/ospd/ospd.sock") + set (OPENVAS_DEFAULT_SOCKET "/run/ospd/ospd-openvas.sock") endif (NOT OPENVAS_DEFAULT_SOCKET) add_definitions (-DOPENVAS_DEFAULT_SOCKET="${OPENVAS_DEFAULT_SOCKET}") @@ -206,7 +212,7 @@ if (NOT DATA_OBJECTS_FEED_DIR) endif (NOT DATA_OBJECTS_FEED_DIR) if (NOT GVMD_FEED_DIR) - set (GVMD_FEED_DIR "${DATA_OBJECTS_FEED_DIR}/gvmd") + set (GVMD_FEED_DIR "${DATA_OBJECTS_FEED_DIR}/gvmd/${GMP_VERSION_FEED}") endif (NOT GVMD_FEED_DIR) if (NOT GVM_ACCESS_KEY_DIR) @@ -298,7 +304,7 @@ install (FILES ${CMAKE_SOURCE_DIR}/src/pwpolicy.conf # Schema formats. -install (FILES src/schema_formats/RNC/rnc.xsl +install (FILES src/schema_formats/rnc.xsl src/schema_formats/HTML/HTML.xsl DESTINATION ${GVMD_DATA_DIR}/global_schema_formats/02052818-dab6-11df-9be4-002264764cea/ PERMISSIONS OWNER_WRITE OWNER_READ GROUP_READ WORLD_READ) @@ -307,7 +313,7 @@ install (FILES src/schema_formats/HTML/generate DESTINATION ${GVMD_DATA_DIR}/global_schema_formats/02052818-dab6-11df-9be4-002264764cea/ PERMISSIONS OWNER_WRITE OWNER_READ OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) -install (FILES src/schema_formats/RNC/rnc.xsl +install (FILES src/schema_formats/rnc.xsl src/schema_formats/RNC/RNC.xsl DESTINATION ${GVMD_DATA_DIR}/global_schema_formats/787a4a18-dabc-11df-9486-002264764cea/ PERMISSIONS OWNER_WRITE OWNER_READ GROUP_READ WORLD_READ) @@ -383,7 +389,6 @@ install (FILES src/wizards/quick_first_scan.xml PERMISSIONS OWNER_WRITE OWNER_READ GROUP_READ WORLD_READ) install (FILES tools/cpe_getbyname.xsl tools/cve_getbyname.xsl - tools/ovaldef_getbyname.xsl DESTINATION ${GVM_SCAP_RES_DIR} PERMISSIONS OWNER_WRITE OWNER_READ GROUP_READ WORLD_READ) @@ -391,20 +396,22 @@ install (FILES tools/cert_bund_getbyname.xsl tools/dfn_cert_getbyname.xsl DESTINATION ${GVM_CERT_RES_DIR} PERMISSIONS OWNER_WRITE OWNER_READ GROUP_READ WORLD_READ) -install (FILES ${CMAKE_BINARY_DIR}/tools/greenbone-feed-sync - DESTINATION ${SBINDIR} - PERMISSIONS OWNER_EXECUTE OWNER_READ OWNER_WRITE - GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) - -install (FILES ${CMAKE_BINARY_DIR}/tools/greenbone-scapdata-sync - DESTINATION ${SBINDIR} - PERMISSIONS OWNER_EXECUTE OWNER_READ OWNER_WRITE - GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) - -install (FILES ${CMAKE_BINARY_DIR}/tools/greenbone-certdata-sync - DESTINATION ${SBINDIR} - PERMISSIONS OWNER_EXECUTE OWNER_READ OWNER_WRITE - GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) +if (INSTALL_OLD_SYNC_SCRIPTS) + install (FILES ${CMAKE_BINARY_DIR}/tools/greenbone-feed-sync + DESTINATION ${SBINDIR} + PERMISSIONS OWNER_EXECUTE OWNER_READ OWNER_WRITE + GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) + + install (FILES ${CMAKE_BINARY_DIR}/tools/greenbone-scapdata-sync + DESTINATION ${SBINDIR} + PERMISSIONS OWNER_EXECUTE OWNER_READ OWNER_WRITE + GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) + + install (FILES ${CMAKE_BINARY_DIR}/tools/greenbone-certdata-sync + DESTINATION ${SBINDIR} + PERMISSIONS OWNER_EXECUTE OWNER_READ OWNER_WRITE + GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) +endif (INSTALL_OLD_SYNC_SCRIPTS) install (FILES ${CMAKE_SOURCE_DIR}/tools/gvm-lsc-deb-creator ${CMAKE_SOURCE_DIR}/tools/gvm-lsc-exe-creator diff --git a/INSTALL.md b/INSTALL.md index 0cdaf425c..5832a4fb9 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -16,10 +16,11 @@ Prerequisites: * pkg-config (Debian package: pkg-config) * libical >= 1.0.0 (Debian package: libical-dev) * xsltproc (Debian package: xsltproc) +* gpgme Install these prerequisites on Debian GNU/Linux 'Buster' 10: - apt-get install gcc cmake libglib2.0-dev libgnutls28-dev libpq-dev postgresql-server-dev-11 pkg-config libical-dev xsltproc + apt-get install gcc cmake libglib2.0-dev libgnutls28-dev libpq-dev postgresql-server-dev-11 pkg-config libical-dev xsltproc libgpgme-dev Prerequisites for building documentation: * Doxygen @@ -125,9 +126,14 @@ Certificates`. apt install postgresql postgresql-contrib postgresql-server-dev-all ``` -2. Run cmake and build gvmd as usual. +2. Install the pg-gvm extension. -3. Setup Postgres User and DB (`/usr/share/doc/postgresql-common/README.Debian.gz`) + Install the pg-gvm extension library (https://github.com/greenbone/pg-gvm). + For instructions on how to do this, see the README file there. + +3. Run cmake and build gvmd as usual. + +4. Setup Postgres User and DB (`/usr/share/doc/postgresql-common/README.Debian.gz`) ```sh sudo -u postgres bash @@ -135,22 +141,13 @@ Certificates`. createdb -O mattm gvmd ``` -4. Setup permissions. - - ```sh - sudo -u postgres bash # if you logged out after step 3 - psql gvmd - create role dba with superuser noinherit; - grant dba to mattm; # mattm is the user created in step 3 - ``` - -5. Create DB extensions (also necessary when the database got dropped). +5. Setup permissions. ```sh sudo -u postgres bash # if you logged out after step 4 psql gvmd - create extension "uuid-ossp"; - create extension "pgcrypto"; + create role dba with superuser noinherit; + grant dba to mattm; # mattm is the user created in step 4 ``` 6. Make Postgres aware of the gvm libraries if not installed @@ -159,7 +156,7 @@ Certificates`. 7. Run Manager as usual. -8. To run SQL on the database. +8. To run SQL on the database. ```sh psql gvmd @@ -276,6 +273,7 @@ The `gvmd Data`, `SCAP` and `CERT` Feeds should be kept up-to-date by calling th Please note: The `CERT` feed sync depends on data provided by the `SCAP` feed and should be called after syncing the latter. +You will need the `rsync` tool for a successful synchronization. ## Configure the default OSPD scanner socket path @@ -359,6 +357,16 @@ supported values for `` are: For more information see the documentation for the `ANALYZE` command of the database back-end you are using. +- `add-feed-permissions` + + This option adds new read permissions on all feed data objects for the roles + defined in the "Feed Import Roles" setting if they do not exist. + The new permissions will be owned by the same user as the data objects, + usually the feed import owner. + + This does not affect the command permissions, any permissions created for + users or groups, or other types of permissions like modify or delete. + - `cleanup-config-prefs` This option removes duplicate preferences from Scan Configs and corrects @@ -366,6 +374,14 @@ supported values for `` are: database must be up to date (if Manager and Scanner are both running, then this should happen automatically). +- `cleanup-feed-permissions` + + This option removes permissions on all feed data objects for all roles + that are not defined in the "Feed Import Roles" setting. + + This does not affect the command permissions, any permissions created for + users or groups, or other types of permissions like modify or delete. + - `cleanup-port-names` This cleans up the ports of results as stored in the database by removing @@ -393,6 +409,11 @@ supported values for `` are: older versions, so this function can be used to correct missing severity scores in older reports. +- `cleanup-sequences` + + This cleans up id sequences that are likely to run out due to regular feed + updates like the ids for config preferences. + - `migrate-relay-sensors` If relays are active, this can be used to make sure all sensor type diff --git a/README.md b/README.md index 10e9b4d20..fbf1fb1ec 100644 --- a/README.md +++ b/README.md @@ -1,10 +1,13 @@ -![Greenbone Logo](https://www.greenbone.net/wp-content/uploads/gb_logo_resilience_horizontal.png) +![Greenbone Logo](https://www.greenbone.net/wp-content/uploads/gb_new-logo_horizontal_rgb_small.png) # Greenbone Vulnerability Manager [![GitHub releases](https://img.shields.io/github/release/greenbone/gvmd.svg)](https://github.com/greenbone/gvmd/releases) -[![Code Documentation Coverage](https://img.shields.io/codecov/c/github/greenbone/gvmd.svg?label=Doc%20Coverage&logo=codecov)](https://codecov.io/gh/greenbone/gvmd) -[![CircleCI](https://circleci.com/gh/greenbone/gvmd/tree/master.svg?style=svg)](https://circleci.com/gh/greenbone/gvmd/tree/master) +[![codecov](https://codecov.io/gh/greenbone/gvmd/branch/main/graph/badge.svg?token=y8cY3Pfn7P)](https://codecov.io/gh/greenbone/gvmd) +[![Build and Test](https://github.com/greenbone/gvmd/actions/workflows/build-and-test.yml/badge.svg)](https://github.com/greenbone/gvmd/actions/workflows/build-and-test.yml) +[![Docker Pulls](https://img.shields.io/docker/pulls/greenbone/gvmd.svg)](https://hub.docker.com/r/greenbone/gvmd/) +[![Docker Image Size](https://img.shields.io/docker/image-size/greenbone/gvmd.svg?maxAge=2592000)](https://hub.docker.com/r/greenbone/gvmd/) +[![Twitter Badge](https://badgen.net/badge/icon/twitter?icon=twitter&label)](https://twitter.com/openvas) The Greenbone Vulnerability Manager is the central management service between security scanners and the user clients. @@ -16,7 +19,6 @@ XML-based Greenbone Management Protocol (GMP). Controlling scanners like Protocol (OSP). ## Releases - All [release files](https://github.com/greenbone/gvmd/releases) are signed with the [Greenbone Community Feed integrity key](https://community.greenbone.net/t/gcf-managing-the-digital-signatures/101). This gpg key can be downloaded at https://www.greenbone.net/GBCommunitySigningKey.asc @@ -50,21 +52,21 @@ gvmd --help ``` If you are not familiar or comfortable building from source code, we recommend -that you use the Greenbone Community Edition, a prepared virtual machine with a -readily available setup. Information regarding the virtual machine is available -at . +that you use the Greenbone Enterprise TRIAL, a prepared virtual +machine with a readily available setup. Information regarding the virtual machine +is available at . ## Support For any question on the usage of `gvmd` please use the [Greenbone Community -Portal](https://community.greenbone.net/c/gse). If you found a problem with the +Portal](https://community.greenbone.net/). If you found a problem with the software, please [create an issue](https://github.com/greenbone/gvmd/issues) on GitHub. If you are a Greenbone customer you may alternatively or additionally forward your issue to the Greenbone Support Portal. ## Maintainer -This project is maintained by [Greenbone Networks GmbH](https://www.greenbone.net/). +This project is maintained by [Greenbone AG](https://www.greenbone.net/). ## Contributing @@ -75,6 +77,6 @@ GitHub](https://github.com/greenbone/gvmd/issues) first. ## License -Copyright (C) 2009-2019 [Greenbone Networks GmbH](https://www.greenbone.net/) +Copyright (C) 2009-2022 [Greenbone AG](https://www.greenbone.net/) Licensed under the [GNU Affero General Public License v3.0 or later](COPYING). diff --git a/changelog.toml b/changelog.toml new file mode 100644 index 000000000..9461b83e4 --- /dev/null +++ b/changelog.toml @@ -0,0 +1,11 @@ +commit_types = [ + { message = "^add", group = "Added"}, + { message = "^remove", group = "Removed"}, + { message = "^change", group = "Changed"}, + { message = "^fix", group = "Bug Fixes"}, + { message = "^doc", group = "Documentation"}, + { message = "^refactor", group = "Refactor"}, + { message = "^test", group = "Testing"}, +] + +changelog_dir = "changelog" diff --git a/changelog/v22.4.md b/changelog/v22.4.md new file mode 100644 index 000000000..8f1c7c1eb --- /dev/null +++ b/changelog/v22.4.md @@ -0,0 +1,78 @@ +# Changelog + +All notable changes to this project will be documented in this file. + +## [22.4] - 2022-07-18 + +## Added +* -optimize option "cleanup-sequences" [7e2be3138](https://github.com/greenbone/gvmd/commit/7e2be3138) +* Added the appliance_status response field to the get_license command [c9affb52e](https://github.com/greenbone/gvmd/commit/c9affb52e) +* package_unreliable QOD type translation [85f16f208](https://github.com/greenbone/gvmd/commit/85f16f208) +* package_unreliable QOD type translation [3f438ce22](https://github.com/greenbone/gvmd/commit/3f438ce22) +* Backtrace output when a sigsegv occurs. [8b30cd77f](https://github.com/greenbone/gvmd/commit/8b30cd77f) +* Log failing xsltproc calls as warning #1756 [ef9b4228d](https://github.com/greenbone/gvmd/commit/ef9b4228d) +* -broker-address command line option [ee6123207](https://github.com/greenbone/gvmd/commit/ee6123207) +* -rebuild-gvmd-data to man page [d7a779b8a](https://github.com/greenbone/gvmd/commit/d7a779b8a) +* -optimize add-/cleanup-feed-permissions [9e97c38d4](https://github.com/greenbone/gvmd/commit/9e97c38d4) +* -feed-lock-timeout option [a932f70fb](https://github.com/greenbone/gvmd/commit/a932f70fb) +* -ldap-debug option [b22171baf](https://github.com/greenbone/gvmd/commit/b22171baf) +* Send the script timeout to the scanner as script preferences [#1670](https://github.com/greenbone/gvmd/pull/1670) +* get_license and modify_license [#1642](https://github.com/greenbone/gvmd/pull/1642), [#1692](https://github.com/greenbone/gvmd/pull/1692), [#1696](https://github.com/greenbone/gvmd/pull/1696) +* basic Sentry integration and logging [#1550](https://github.com/greenbone/gvmd/pull/1550) +* new modification_time column for reports [#1513](https://github.com/greenbone/gvmd/pull/1513), [#1519](https://github.com/greenbone/gvmd/pull/1519), [#1590](https://github.com/greenbone/gvmd/pull/1590) + +## Changed +* Allow overriding LOG_CMD for sync script [683b7e1a8](https://github.com/greenbone/gvmd/commit/683b7e1a8) +* Don't create runtime directory with make install #1824 [198c356e3](https://github.com/greenbone/gvmd/commit/198c356e3) +* Automatically update pg-gvm in check_db_extensions [4fbc79395](https://github.com/greenbone/gvmd/commit/4fbc79395) +* Remove EnvironmentFile from gvmd.service file [f2228a320](https://github.com/greenbone/gvmd/commit/f2228a320) +* Use $TMPACCESSKEY when syncing enterprise feed [b3f4c4bf4](https://github.com/greenbone/gvmd/commit/b3f4c4bf4) +* Standardize rsync options [f6c9b66d9](https://github.com/greenbone/gvmd/commit/f6c9b66d9) +* Disable table_driven_lsc in policies [9b15dc865](https://github.com/greenbone/gvmd/commit/9b15dc865) +* Get NVT feed info via OSP [692e21c2a](https://github.com/greenbone/gvmd/commit/692e21c2a) +* Update GVMD_FEED_DIR to /var/lib/gvm/data-objects/gvmd/22.04 [6aa4b2e7a](https://github.com/greenbone/gvmd/commit/6aa4b2e7a) +* Load data objects from new feed paths [51716c88f](https://github.com/greenbone/gvmd/commit/51716c88f) +* Use new feed dir structure in sync scripts [0a769ec3c](https://github.com/greenbone/gvmd/commit/0a769ec3c) +* Improve log message for getting the feed version [0fdb01814](https://github.com/greenbone/gvmd/commit/0fdb01814) +* Improve init_preference_iterator SQL query performance [5a5cbb945](https://github.com/greenbone/gvmd/commit/5a5cbb945) +* Change some migration and OSP warnings to info [b3cced2bc](https://github.com/greenbone/gvmd/commit/b3cced2bc) +* Use GVMD_RUN_DIR instead of GVM_RUN_DIR [e53ae5731](https://github.com/greenbone/gvmd/commit/e53ae5731) +* Use full path GVMD_PID_PATH for PID files [3fea5a9f4](https://github.com/greenbone/gvmd/commit/3fea5a9f4) +* Raise required gvm-libs version to 21.10 [299946bdf](https://github.com/greenbone/gvmd/commit/299946bdf) +* Replace blocking table locks with a non-blocking retry loop [44a054ad3](https://github.com/greenbone/gvmd/commit/44a054ad3) +* Rename the date column of reports to creation_time [#1520](https://github.com/greenbone/gvmd/pull/1520) +* Change report timestamp filter and iterator columns [#1512](https://github.com/greenbone/gvmd/pull/1512) +* Use pg-gvm extension for C PostgreSQL functions [#1400](https://github.com/greenbone/gvmd/pull/1400), [#1453](https://github.com/greenbone/gvmd/pull/1453) + +## Bug Fixes +* Return the correct error message, when wrong severity input is send to overrides (#1843) [1a96ac530](https://github.com/greenbone/gvmd/commit/1a96ac530) +* Fix logging in sync script if no syslog is available [a726dfdf1](https://github.com/greenbone/gvmd/commit/a726dfdf1) +* Use g_memdup2 instead of the deprecated g_memdup [4ad2491fd](https://github.com/greenbone/gvmd/commit/4ad2491fd) +* Fix handling of SSH keys in modify_credential [7b16d2e6f](https://github.com/greenbone/gvmd/commit/7b16d2e6f) +* Trigger libtheia container build (#1817) [26bc13aa7](https://github.com/greenbone/gvmd/commit/26bc13aa7) +* Fix iCal next time calculation, use new SQL func [aa4f9a925](https://github.com/greenbone/gvmd/commit/aa4f9a925) +* Fix GMP doc for get_assets command [006c130be](https://github.com/greenbone/gvmd/commit/006c130be) +* task status overwrite when a task is stopped and quickly restarted (not resumed) #1779 [a34fa7050](https://github.com/greenbone/gvmd/commit/a34fa7050) +* Avoid closing manager socket FDs twice [12c700331](https://github.com/greenbone/gvmd/commit/12c700331) +* Initialize roles with NULL [705ce8a51](https://github.com/greenbone/gvmd/commit/705ce8a51) +* Test if location is null in cve_scan_host to prevent an assertion error [d979e4580](https://github.com/greenbone/gvmd/commit/d979e4580) +* -dump-vt-verification error message [ca30e3856](https://github.com/greenbone/gvmd/commit/ca30e3856) +* Update subject alternative name in certificate generation [#1503](https://github.com/greenbone/gvmd/pull/1503) +* Fix migration to DB version 242 from gvmd 20.08 [#1498](https://github.com/greenbone/gvmd/pull/1498) +* Improve VT version handling for CVE & OVAL results [#1496](https://github.com/greenbone/gvmd/pull/1496) + +## Refactor +* move from gvm-lib proctitle-set to libbsd setproctitle [98b537078](https://github.com/greenbone/gvmd/commit/98b537078) +* add lib version [85a1000f4](https://github.com/greenbone/gvmd/commit/85a1000f4) +* switch from tab to space [0016553a0](https://github.com/greenbone/gvmd/commit/0016553a0) +* Add libbsd to docker images [95f182dd2](https://github.com/greenbone/gvmd/commit/95f182dd2) + +### Removed +* Remove Network Source Interface from gvmd [#1511](https://github.com/greenbone/gvmd/pull/1511) +* Removed OVAL definitions from gvmd [#1525](https://github.com/greenbone/gvmd/pull/1525) +* Removed OVAL definitions from GMP and gvmd documentation [1551](https://github.com/greenbone/gvmd/pull/1551) +* Removed the Business Process Map from gvmd [1627](https://github.com/greenbone/gvmd/pull/1627) +* Removed ifaces element from users [#1676](https://github.com/greenbone/gvmd/pull/1676) +* Removed OSP scanners from gvmd [#1689](https://github.com/greenbone/gvmd/pull/1689) [#1691](https://github.com/greenbone/gvmd/pull/1691) [#1694](https://github.com/greenbone/gvmd/pull/1694) [#1701](https://github.com/greenbone/gvmd/pull/1701) + +[22.4]: https://github.com/greenbone/gvmd/compare/22.4...22.4 diff --git a/cmake/FindPackageHandleStandardArgs.cmake b/cmake/FindPackageHandleStandardArgs.cmake new file mode 100644 index 000000000..4fb08259a --- /dev/null +++ b/cmake/FindPackageHandleStandardArgs.cmake @@ -0,0 +1,466 @@ +# Distributed under the OSI-approved BSD 3-Clause License. See accompanying +# file Copyright.txt or https://cmake.org/licensing for details. + +#[=======================================================================[.rst: +FindPackageHandleStandardArgs +----------------------------- + +This module provides a function intended to be used in :ref:`Find Modules` +implementing :command:`find_package()` calls. It handles the +``REQUIRED``, ``QUIET`` and version-related arguments of ``find_package``. +It also sets the ``_FOUND`` variable. The package is +considered found if all variables listed contain valid results, e.g. +valid filepaths. + +.. command:: find_package_handle_standard_args + + There are two signatures:: + + find_package_handle_standard_args( + (DEFAULT_MSG|) + ... + ) + + find_package_handle_standard_args( + [FOUND_VAR ] + [REQUIRED_VARS ...] + [VERSION_VAR ] + [HANDLE_COMPONENTS] + [CONFIG_MODE] + [NAME_MISMATCHED] + [REASON_FAILURE_MESSAGE ] + [FAIL_MESSAGE ] + ) + + The ``_FOUND`` variable will be set to ``TRUE`` if all + the variables ``...`` are valid and any optional + constraints are satisfied, and ``FALSE`` otherwise. A success or + failure message may be displayed based on the results and on + whether the ``REQUIRED`` and/or ``QUIET`` option was given to + the :command:`find_package` call. + + The options are: + + ``(DEFAULT_MSG|)`` + In the simple signature this specifies the failure message. + Use ``DEFAULT_MSG`` to ask for a default message to be computed + (recommended). Not valid in the full signature. + + ``FOUND_VAR `` + Obsolete. Specifies either ``_FOUND`` or + ``_FOUND`` as the result variable. This exists only + for compatibility with older versions of CMake and is now ignored. + Result variables of both names are always set for compatibility. + + ``REQUIRED_VARS ...`` + Specify the variables which are required for this package. + These may be named in the generated failure message asking the + user to set the missing variable values. Therefore these should + typically be cache entries such as ``FOO_LIBRARY`` and not output + variables like ``FOO_LIBRARIES``. This option is mandatory if + ``HANDLE_COMPONENTS`` is not specified. + + ``VERSION_VAR `` + Specify the name of a variable that holds the version of the package + that has been found. This version will be checked against the + (potentially) specified required version given to the + :command:`find_package` call, including its ``EXACT`` option. + The default messages include information about the required + version and the version which has been actually found, both + if the version is ok or not. + + ``HANDLE_COMPONENTS`` + Enable handling of package components. In this case, the command + will report which components have been found and which are missing, + and the ``_FOUND`` variable will be set to ``FALSE`` + if any of the required components (i.e. not the ones listed after + the ``OPTIONAL_COMPONENTS`` option of :command:`find_package`) are + missing. + + ``CONFIG_MODE`` + Specify that the calling find module is a wrapper around a + call to ``find_package( NO_MODULE)``. This implies + a ``VERSION_VAR`` value of ``_VERSION``. The command + will automatically check whether the package configuration file + was found. + + ``REASON_FAILURE_MESSAGE `` + Specify a custom message of the reason for the failure which will be + appended to the default generated message. + + ``FAIL_MESSAGE `` + Specify a custom failure message instead of using the default + generated message. Not recommended. + + ``NAME_MISMATCHED`` + Indicate that the ```` does not match + ``${CMAKE_FIND_PACKAGE_NAME}``. This is usually a mistake and raises a + warning, but it may be intentional for usage of the command for components + of a larger package. + +Example for the simple signature: + +.. code-block:: cmake + + find_package_handle_standard_args(LibXml2 DEFAULT_MSG + LIBXML2_LIBRARY LIBXML2_INCLUDE_DIR) + +The ``LibXml2`` package is considered to be found if both +``LIBXML2_LIBRARY`` and ``LIBXML2_INCLUDE_DIR`` are valid. +Then also ``LibXml2_FOUND`` is set to ``TRUE``. If it is not found +and ``REQUIRED`` was used, it fails with a +:command:`message(FATAL_ERROR)`, independent whether ``QUIET`` was +used or not. If it is found, success will be reported, including +the content of the first ````. On repeated CMake runs, +the same message will not be printed again. + +.. note:: + + If ```` does not match ``CMAKE_FIND_PACKAGE_NAME`` for the + calling module, a warning that there is a mismatch is given. The + ``FPHSA_NAME_MISMATCHED`` variable may be set to bypass the warning if using + the old signature and the ``NAME_MISMATCHED`` argument using the new + signature. To avoid forcing the caller to require newer versions of CMake for + usage, the variable's value will be used if defined when the + ``NAME_MISMATCHED`` argument is not passed for the new signature (but using + both is an error).. + +Example for the full signature: + +.. code-block:: cmake + + find_package_handle_standard_args(LibArchive + REQUIRED_VARS LibArchive_LIBRARY LibArchive_INCLUDE_DIR + VERSION_VAR LibArchive_VERSION) + +In this case, the ``LibArchive`` package is considered to be found if +both ``LibArchive_LIBRARY`` and ``LibArchive_INCLUDE_DIR`` are valid. +Also the version of ``LibArchive`` will be checked by using the version +contained in ``LibArchive_VERSION``. Since no ``FAIL_MESSAGE`` is given, +the default messages will be printed. + +Another example for the full signature: + +.. code-block:: cmake + + find_package(Automoc4 QUIET NO_MODULE HINTS /opt/automoc4) + find_package_handle_standard_args(Automoc4 CONFIG_MODE) + +In this case, a ``FindAutmoc4.cmake`` module wraps a call to +``find_package(Automoc4 NO_MODULE)`` and adds an additional search +directory for ``automoc4``. Then the call to +``find_package_handle_standard_args`` produces a proper success/failure +message. +#]=======================================================================] + +include(${CMAKE_CURRENT_LIST_DIR}/FindPackageMessage.cmake) + +# internal helper macro +macro(_FPHSA_FAILURE_MESSAGE _msg) + set (__msg "${_msg}") + if (FPHSA_REASON_FAILURE_MESSAGE) + string(APPEND __msg "\n Reason given by package: ${FPHSA_REASON_FAILURE_MESSAGE}\n") + endif() + if (${_NAME}_FIND_REQUIRED) + message(FATAL_ERROR "${__msg}") + else () + if (NOT ${_NAME}_FIND_QUIETLY) + message(STATUS "${__msg}") + endif () + endif () +endmacro() + + +# internal helper macro to generate the failure message when used in CONFIG_MODE: +macro(_FPHSA_HANDLE_FAILURE_CONFIG_MODE) + # _CONFIG is set, but FOUND is false, this means that some other of the REQUIRED_VARS was not found: + if(${_NAME}_CONFIG) + _FPHSA_FAILURE_MESSAGE("${FPHSA_FAIL_MESSAGE}: missing:${MISSING_VARS} (found ${${_NAME}_CONFIG} ${VERSION_MSG})") + else() + # If _CONSIDERED_CONFIGS is set, the config-file has been found, but no suitable version. + # List them all in the error message: + if(${_NAME}_CONSIDERED_CONFIGS) + set(configsText "") + list(LENGTH ${_NAME}_CONSIDERED_CONFIGS configsCount) + math(EXPR configsCount "${configsCount} - 1") + foreach(currentConfigIndex RANGE ${configsCount}) + list(GET ${_NAME}_CONSIDERED_CONFIGS ${currentConfigIndex} filename) + list(GET ${_NAME}_CONSIDERED_VERSIONS ${currentConfigIndex} version) + string(APPEND configsText "\n ${filename} (version ${version})") + endforeach() + if (${_NAME}_NOT_FOUND_MESSAGE) + if (FPHSA_REASON_FAILURE_MESSAGE) + string(PREPEND FPHSA_REASON_FAILURE_MESSAGE "${${_NAME}_NOT_FOUND_MESSAGE}\n ") + else() + set(FPHSA_REASON_FAILURE_MESSAGE "${${_NAME}_NOT_FOUND_MESSAGE}") + endif() + else() + string(APPEND configsText "\n") + endif() + _FPHSA_FAILURE_MESSAGE("${FPHSA_FAIL_MESSAGE} ${VERSION_MSG}, checked the following files:${configsText}") + + else() + # Simple case: No Config-file was found at all: + _FPHSA_FAILURE_MESSAGE("${FPHSA_FAIL_MESSAGE}: found neither ${_NAME}Config.cmake nor ${_NAME_LOWER}-config.cmake ${VERSION_MSG}") + endif() + endif() +endmacro() + + +function(FIND_PACKAGE_HANDLE_STANDARD_ARGS _NAME _FIRST_ARG) + + # Set up the arguments for `cmake_parse_arguments`. + set(options CONFIG_MODE HANDLE_COMPONENTS NAME_MISMATCHED) + set(oneValueArgs FAIL_MESSAGE REASON_FAILURE_MESSAGE VERSION_VAR FOUND_VAR) + set(multiValueArgs REQUIRED_VARS) + + # Check whether we are in 'simple' or 'extended' mode: + set(_KEYWORDS_FOR_EXTENDED_MODE ${options} ${oneValueArgs} ${multiValueArgs} ) + list(FIND _KEYWORDS_FOR_EXTENDED_MODE "${_FIRST_ARG}" INDEX) + + unset(FPHSA_NAME_MISMATCHED_override) + if (DEFINED FPHSA_NAME_MISMATCHED) + # If the variable NAME_MISMATCHED variable is set, error if it is passed as + # an argument. The former is for old signatures, the latter is for new + # signatures. + list(FIND ARGN "NAME_MISMATCHED" name_mismatched_idx) + if (NOT name_mismatched_idx EQUAL "-1") + message(FATAL_ERROR + "The `NAME_MISMATCHED` argument may only be specified by the argument or " + "the variable, not both.") + endif () + + # But use the variable if it is not an argument to avoid forcing minimum + # CMake version bumps for calling modules. + set(FPHSA_NAME_MISMATCHED_override "${FPHSA_NAME_MISMATCHED}") + endif () + + if(${INDEX} EQUAL -1) + set(FPHSA_FAIL_MESSAGE ${_FIRST_ARG}) + set(FPHSA_REQUIRED_VARS ${ARGN}) + set(FPHSA_VERSION_VAR) + else() + cmake_parse_arguments(FPHSA "${options}" "${oneValueArgs}" "${multiValueArgs}" ${_FIRST_ARG} ${ARGN}) + + if(FPHSA_UNPARSED_ARGUMENTS) + message(FATAL_ERROR "Unknown keywords given to FIND_PACKAGE_HANDLE_STANDARD_ARGS(): \"${FPHSA_UNPARSED_ARGUMENTS}\"") + endif() + + if(NOT FPHSA_FAIL_MESSAGE) + set(FPHSA_FAIL_MESSAGE "DEFAULT_MSG") + endif() + + # In config-mode, we rely on the variable _CONFIG, which is set by find_package() + # when it successfully found the config-file, including version checking: + if(FPHSA_CONFIG_MODE) + list(INSERT FPHSA_REQUIRED_VARS 0 ${_NAME}_CONFIG) + list(REMOVE_DUPLICATES FPHSA_REQUIRED_VARS) + set(FPHSA_VERSION_VAR ${_NAME}_VERSION) + endif() + + if(NOT FPHSA_REQUIRED_VARS AND NOT FPHSA_HANDLE_COMPONENTS) + message(FATAL_ERROR "No REQUIRED_VARS specified for FIND_PACKAGE_HANDLE_STANDARD_ARGS()") + endif() + endif() + + if (DEFINED FPHSA_NAME_MISMATCHED_override) + set(FPHSA_NAME_MISMATCHED "${FPHSA_NAME_MISMATCHED_override}") + endif () + + if (DEFINED CMAKE_FIND_PACKAGE_NAME + AND NOT FPHSA_NAME_MISMATCHED + AND NOT _NAME STREQUAL CMAKE_FIND_PACKAGE_NAME) + message(AUTHOR_WARNING + "The package name passed to `find_package_handle_standard_args` " + "(${_NAME}) does not match the name of the calling package " + "(${CMAKE_FIND_PACKAGE_NAME}). This can lead to problems in calling " + "code that expects `find_package` result variables (e.g., `_FOUND`) " + "to follow a certain pattern.") + endif () + +# now that we collected all arguments, process them + + if("x${FPHSA_FAIL_MESSAGE}" STREQUAL "xDEFAULT_MSG") + set(FPHSA_FAIL_MESSAGE "Could NOT find ${_NAME}") + endif() + + if (FPHSA_REQUIRED_VARS) + list(GET FPHSA_REQUIRED_VARS 0 _FIRST_REQUIRED_VAR) + endif() + + string(TOUPPER ${_NAME} _NAME_UPPER) + string(TOLOWER ${_NAME} _NAME_LOWER) + + if(FPHSA_FOUND_VAR) + set(_FOUND_VAR_UPPER ${_NAME_UPPER}_FOUND) + set(_FOUND_VAR_MIXED ${_NAME}_FOUND) + if(FPHSA_FOUND_VAR STREQUAL _FOUND_VAR_MIXED OR FPHSA_FOUND_VAR STREQUAL _FOUND_VAR_UPPER) + set(_FOUND_VAR ${FPHSA_FOUND_VAR}) + else() + message(FATAL_ERROR "The argument for FOUND_VAR is \"${FPHSA_FOUND_VAR}\", but only \"${_FOUND_VAR_MIXED}\" and \"${_FOUND_VAR_UPPER}\" are valid names.") + endif() + else() + set(_FOUND_VAR ${_NAME_UPPER}_FOUND) + endif() + + # collect all variables which were not found, so they can be printed, so the + # user knows better what went wrong (#6375) + set(MISSING_VARS "") + set(DETAILS "") + # check if all passed variables are valid + set(FPHSA_FOUND_${_NAME} TRUE) + foreach(_CURRENT_VAR ${FPHSA_REQUIRED_VARS}) + if(NOT ${_CURRENT_VAR}) + set(FPHSA_FOUND_${_NAME} FALSE) + string(APPEND MISSING_VARS " ${_CURRENT_VAR}") + else() + string(APPEND DETAILS "[${${_CURRENT_VAR}}]") + endif() + endforeach() + if(FPHSA_FOUND_${_NAME}) + set(${_NAME}_FOUND TRUE) + set(${_NAME_UPPER}_FOUND TRUE) + else() + set(${_NAME}_FOUND FALSE) + set(${_NAME_UPPER}_FOUND FALSE) + endif() + + # component handling + unset(FOUND_COMPONENTS_MSG) + unset(MISSING_COMPONENTS_MSG) + + if(FPHSA_HANDLE_COMPONENTS) + foreach(comp ${${_NAME}_FIND_COMPONENTS}) + if(${_NAME}_${comp}_FOUND) + + if(NOT DEFINED FOUND_COMPONENTS_MSG) + set(FOUND_COMPONENTS_MSG "found components:") + endif() + string(APPEND FOUND_COMPONENTS_MSG " ${comp}") + + else() + + if(NOT DEFINED MISSING_COMPONENTS_MSG) + set(MISSING_COMPONENTS_MSG "missing components:") + endif() + string(APPEND MISSING_COMPONENTS_MSG " ${comp}") + + if(${_NAME}_FIND_REQUIRED_${comp}) + set(${_NAME}_FOUND FALSE) + string(APPEND MISSING_VARS " ${comp}") + endif() + + endif() + endforeach() + set(COMPONENT_MSG "${FOUND_COMPONENTS_MSG} ${MISSING_COMPONENTS_MSG}") + string(APPEND DETAILS "[c${COMPONENT_MSG}]") + endif() + + # version handling: + set(VERSION_MSG "") + set(VERSION_OK TRUE) + + # check with DEFINED here as the requested or found version may be "0" + if (DEFINED ${_NAME}_FIND_VERSION) + if(DEFINED ${FPHSA_VERSION_VAR}) + set(_FOUND_VERSION ${${FPHSA_VERSION_VAR}}) + + if(${_NAME}_FIND_VERSION_EXACT) # exact version required + # count the dots in the version string + string(REGEX REPLACE "[^.]" "" _VERSION_DOTS "${_FOUND_VERSION}") + # add one dot because there is one dot more than there are components + string(LENGTH "${_VERSION_DOTS}." _VERSION_DOTS) + if (_VERSION_DOTS GREATER ${_NAME}_FIND_VERSION_COUNT) + # Because of the C++ implementation of find_package() ${_NAME}_FIND_VERSION_COUNT + # is at most 4 here. Therefore a simple lookup table is used. + if (${_NAME}_FIND_VERSION_COUNT EQUAL 1) + set(_VERSION_REGEX "[^.]*") + elseif (${_NAME}_FIND_VERSION_COUNT EQUAL 2) + set(_VERSION_REGEX "[^.]*\\.[^.]*") + elseif (${_NAME}_FIND_VERSION_COUNT EQUAL 3) + set(_VERSION_REGEX "[^.]*\\.[^.]*\\.[^.]*") + else () + set(_VERSION_REGEX "[^.]*\\.[^.]*\\.[^.]*\\.[^.]*") + endif () + string(REGEX REPLACE "^(${_VERSION_REGEX})\\..*" "\\1" _VERSION_HEAD "${_FOUND_VERSION}") + unset(_VERSION_REGEX) + if (NOT ${_NAME}_FIND_VERSION VERSION_EQUAL _VERSION_HEAD) + set(VERSION_MSG "Found unsuitable version \"${_FOUND_VERSION}\", but required is exact version \"${${_NAME}_FIND_VERSION}\"") + set(VERSION_OK FALSE) + else () + set(VERSION_MSG "(found suitable exact version \"${_FOUND_VERSION}\")") + endif () + unset(_VERSION_HEAD) + else () + if (NOT ${_NAME}_FIND_VERSION VERSION_EQUAL _FOUND_VERSION) + set(VERSION_MSG "Found unsuitable version \"${_FOUND_VERSION}\", but required is exact version \"${${_NAME}_FIND_VERSION}\"") + set(VERSION_OK FALSE) + else () + set(VERSION_MSG "(found suitable exact version \"${_FOUND_VERSION}\")") + endif () + endif () + unset(_VERSION_DOTS) + + else() # minimum version specified: + if (${_NAME}_FIND_VERSION VERSION_GREATER _FOUND_VERSION) + set(VERSION_MSG "Found unsuitable version \"${_FOUND_VERSION}\", but required is at least \"${${_NAME}_FIND_VERSION}\"") + set(VERSION_OK FALSE) + else () + set(VERSION_MSG "(found suitable version \"${_FOUND_VERSION}\", minimum required is \"${${_NAME}_FIND_VERSION}\")") + endif () + endif() + + else() + + # if the package was not found, but a version was given, add that to the output: + if(${_NAME}_FIND_VERSION_EXACT) + set(VERSION_MSG "(Required is exact version \"${${_NAME}_FIND_VERSION}\")") + else() + set(VERSION_MSG "(Required is at least version \"${${_NAME}_FIND_VERSION}\")") + endif() + + endif() + else () + # Check with DEFINED as the found version may be 0. + if(DEFINED ${FPHSA_VERSION_VAR}) + set(VERSION_MSG "(found version \"${${FPHSA_VERSION_VAR}}\")") + endif() + endif () + + if(VERSION_OK) + string(APPEND DETAILS "[v${${FPHSA_VERSION_VAR}}(${${_NAME}_FIND_VERSION})]") + else() + set(${_NAME}_FOUND FALSE) + endif() + + + # print the result: + if (${_NAME}_FOUND) + FIND_PACKAGE_MESSAGE(${_NAME} "Found ${_NAME}: ${${_FIRST_REQUIRED_VAR}} ${VERSION_MSG} ${COMPONENT_MSG}" "${DETAILS}") + else () + + if(FPHSA_CONFIG_MODE) + _FPHSA_HANDLE_FAILURE_CONFIG_MODE() + else() + if(NOT VERSION_OK) + set(RESULT_MSG) + if (_FIRST_REQUIRED_VAR) + string (APPEND RESULT_MSG "found ${${_FIRST_REQUIRED_VAR}}") + endif() + if (COMPONENT_MSG) + if (RESULT_MSG) + string (APPEND RESULT_MSG ", ") + endif() + string (APPEND RESULT_MSG "${FOUND_COMPONENTS_MSG}") + endif() + _FPHSA_FAILURE_MESSAGE("${FPHSA_FAIL_MESSAGE}: ${VERSION_MSG} (${RESULT_MSG})") + else() + _FPHSA_FAILURE_MESSAGE("${FPHSA_FAIL_MESSAGE} (missing:${MISSING_VARS}) ${VERSION_MSG}") + endif() + endif() + + endif () + + set(${_NAME}_FOUND ${${_NAME}_FOUND} PARENT_SCOPE) + set(${_NAME_UPPER}_FOUND ${${_NAME}_FOUND} PARENT_SCOPE) +endfunction() diff --git a/cmake/FindPackageMessage.cmake b/cmake/FindPackageMessage.cmake new file mode 100644 index 000000000..0628b9816 --- /dev/null +++ b/cmake/FindPackageMessage.cmake @@ -0,0 +1,48 @@ +# Distributed under the OSI-approved BSD 3-Clause License. See accompanying +# file Copyright.txt or https://cmake.org/licensing for details. + +#[=======================================================================[.rst: +FindPackageMessage +------------------ + +.. code-block:: cmake + + find_package_message( "message for user" "find result details") + +This function is intended to be used in FindXXX.cmake modules files. +It will print a message once for each unique find result. This is +useful for telling the user where a package was found. The first +argument specifies the name (XXX) of the package. The second argument +specifies the message to display. The third argument lists details +about the find result so that if they change the message will be +displayed again. The macro also obeys the QUIET argument to the +find_package command. + +Example: + +.. code-block:: cmake + + if(X11_FOUND) + find_package_message(X11 "Found X11: ${X11_X11_LIB}" + "[${X11_X11_LIB}][${X11_INCLUDE_DIR}]") + else() + ... + endif() +#]=======================================================================] + +function(find_package_message pkg msg details) + # Avoid printing a message repeatedly for the same find result. + if(NOT ${pkg}_FIND_QUIETLY) + string(REPLACE "\n" "" details "${details}") + set(DETAILS_VAR FIND_PACKAGE_MESSAGE_DETAILS_${pkg}) + if(NOT "${details}" STREQUAL "${${DETAILS_VAR}}") + # The message has not yet been printed. + message(STATUS "${msg}") + + # Save the find details in the cache to avoid printing the same + # message again. + set("${DETAILS_VAR}" "${details}" + CACHE INTERNAL "Details about finding ${pkg}") + endif() + endif() +endfunction() diff --git a/cmake/FindPostgreSQL.cmake b/cmake/FindPostgreSQL.cmake new file mode 100644 index 000000000..a9f3fbc27 --- /dev/null +++ b/cmake/FindPostgreSQL.cmake @@ -0,0 +1,284 @@ +# Distributed under the OSI-approved BSD 3-Clause License. See accompanying +# file Copyright.txt or https://cmake.org/licensing for details. + +#[=======================================================================[.rst: +FindPostgreSQL +-------------- + +Find the PostgreSQL installation. + +IMPORTED Targets +^^^^^^^^^^^^^^^^ + +This module defines :prop_tgt:`IMPORTED` target ``PostgreSQL::PostgreSQL`` +if PostgreSQL has been found. + +Result Variables +^^^^^^^^^^^^^^^^ + +This module will set the following variables in your project: + +``PostgreSQL_FOUND`` + True if PostgreSQL is found. +``PostgreSQL_LIBRARIES`` + the PostgreSQL libraries needed for linking +``PostgreSQL_INCLUDE_DIRS`` + the directories of the PostgreSQL headers +``PostgreSQL_LIBRARY_DIRS`` + the link directories for PostgreSQL libraries +``PostgreSQL_VERSION_STRING`` + the version of PostgreSQL found +#]=======================================================================] + +# ---------------------------------------------------------------------------- +# History: +# This module is derived from the module originally found in the VTK source tree. +# +# ---------------------------------------------------------------------------- +# Note: +# PostgreSQL_ADDITIONAL_VERSIONS is a variable that can be used to set the +# version number of the implementation of PostgreSQL. +# In Windows the default installation of PostgreSQL uses that as part of the path. +# E.g C:\Program Files\PostgreSQL\8.4. +# Currently, the following version numbers are known to this module: +# "11" "10" "9.6" "9.5" "9.4" "9.3" "9.2" "9.1" "9.0" "8.4" "8.3" "8.2" "8.1" "8.0" +# +# To use this variable just do something like this: +# set(PostgreSQL_ADDITIONAL_VERSIONS "9.2" "8.4.4") +# before calling find_package(PostgreSQL) in your CMakeLists.txt file. +# This will mean that the versions you set here will be found first in the order +# specified before the default ones are searched. +# +# ---------------------------------------------------------------------------- +# You may need to manually set: +# PostgreSQL_INCLUDE_DIR - the path to where the PostgreSQL include files are. +# PostgreSQL_LIBRARY_DIR - The path to where the PostgreSQL library files are. +# If FindPostgreSQL.cmake cannot find the include files or the library files. +# +# ---------------------------------------------------------------------------- +# The following variables are set if PostgreSQL is found: +# PostgreSQL_FOUND - Set to true when PostgreSQL is found. +# PostgreSQL_INCLUDE_DIRS - Include directories for PostgreSQL +# PostgreSQL_LIBRARY_DIRS - Link directories for PostgreSQL libraries +# PostgreSQL_LIBRARIES - The PostgreSQL libraries. +# +# The ``PostgreSQL::PostgreSQL`` imported target is also created. +# +# ---------------------------------------------------------------------------- +# If you have installed PostgreSQL in a non-standard location. +# (Please note that in the following comments, it is assumed that +# points to the root directory of the include directory of PostgreSQL.) +# Then you have three options. +# 1) After CMake runs, set PostgreSQL_INCLUDE_DIR to /include and +# PostgreSQL_LIBRARY_DIR to wherever the library pq (or libpq in windows) is +# 2) Use CMAKE_INCLUDE_PATH to set a path to /PostgreSQL<-version>. This will allow find_path() +# to locate PostgreSQL_INCLUDE_DIR by utilizing the PATH_SUFFIXES option. e.g. In your CMakeLists.txt file +# set(CMAKE_INCLUDE_PATH ${CMAKE_INCLUDE_PATH} "/include") +# 3) Set an environment variable called ${PostgreSQL_ROOT} that points to the root of where you have +# installed PostgreSQL, e.g. . +# +# ---------------------------------------------------------------------------- + +set(PostgreSQL_INCLUDE_PATH_DESCRIPTION "top-level directory containing the PostgreSQL include directories. E.g /usr/local/include/PostgreSQL/8.4 or C:/Program Files/PostgreSQL/8.4/include") +set(PostgreSQL_INCLUDE_DIR_MESSAGE "Set the PostgreSQL_INCLUDE_DIR cmake cache entry to the ${PostgreSQL_INCLUDE_PATH_DESCRIPTION}") +set(PostgreSQL_LIBRARY_PATH_DESCRIPTION "top-level directory containing the PostgreSQL libraries.") +set(PostgreSQL_LIBRARY_DIR_MESSAGE "Set the PostgreSQL_LIBRARY_DIR cmake cache entry to the ${PostgreSQL_LIBRARY_PATH_DESCRIPTION}") +set(PostgreSQL_ROOT_DIR_MESSAGE "Set the PostgreSQL_ROOT system variable to where PostgreSQL is found on the machine E.g C:/Program Files/PostgreSQL/8.4") + + +set(PostgreSQL_KNOWN_VERSIONS ${PostgreSQL_ADDITIONAL_VERSIONS} + "14" "13" "12" "11" "10" "9.6" "9.5" "9.4" "9.3" "9.2" "9.1" "9.0" "8.4" "8.3" "8.2" "8.1" "8.0") + +# Define additional search paths for root directories. +set( PostgreSQL_ROOT_DIRECTORIES + ENV PostgreSQL_ROOT + ${PostgreSQL_ROOT} +) +foreach(suffix ${PostgreSQL_KNOWN_VERSIONS}) + if(WIN32) + list(APPEND PostgreSQL_LIBRARY_ADDITIONAL_SEARCH_SUFFIXES + "PostgreSQL/${suffix}/lib") + list(APPEND PostgreSQL_INCLUDE_ADDITIONAL_SEARCH_SUFFIXES + "PostgreSQL/${suffix}/include") + list(APPEND PostgreSQL_TYPE_ADDITIONAL_SEARCH_SUFFIXES + "PostgreSQL/${suffix}/include/server") + endif() + if(UNIX) + list(APPEND PostgreSQL_LIBRARY_ADDITIONAL_SEARCH_SUFFIXES + "postgresql${suffix}" + "pgsql-${suffix}/lib") + list(APPEND PostgreSQL_INCLUDE_ADDITIONAL_SEARCH_SUFFIXES + "postgresql${suffix}" + "postgresql/${suffix}" + "pgsql-${suffix}/include") + list(APPEND PostgreSQL_TYPE_ADDITIONAL_SEARCH_SUFFIXES + "postgresql${suffix}/server" + "postgresql/${suffix}/server" + "pgsql-${suffix}/include/server") + endif() +endforeach() + +# +# Look for an installation. +# +find_path(PostgreSQL_INCLUDE_DIR + NAMES libpq-fe.h + PATHS + # Look in other places. + ${PostgreSQL_ROOT_DIRECTORIES} + PATH_SUFFIXES + pgsql + postgresql + include + ${PostgreSQL_INCLUDE_ADDITIONAL_SEARCH_SUFFIXES} + # Help the user find it if we cannot. + DOC "The ${PostgreSQL_INCLUDE_DIR_MESSAGE}" +) + +find_path(PostgreSQL_TYPE_INCLUDE_DIR + NAMES catalog/pg_type.h + PATHS + # Look in other places. + ${PostgreSQL_ROOT_DIRECTORIES} + PATH_SUFFIXES + postgresql + pgsql/server + postgresql/server + include/server + ${PostgreSQL_TYPE_ADDITIONAL_SEARCH_SUFFIXES} + # Help the user find it if we cannot. + DOC "The ${PostgreSQL_INCLUDE_DIR_MESSAGE}" +) + +# The PostgreSQL library. +set (PostgreSQL_LIBRARY_TO_FIND pq) +# Setting some more prefixes for the library +set (PostgreSQL_LIB_PREFIX "") +if ( WIN32 ) + set (PostgreSQL_LIB_PREFIX ${PostgreSQL_LIB_PREFIX} "lib") + set (PostgreSQL_LIBRARY_TO_FIND ${PostgreSQL_LIB_PREFIX}${PostgreSQL_LIBRARY_TO_FIND}) +endif() + +function(__postgresql_find_library _name) + find_library(${_name} + NAMES ${ARGN} + PATHS + ${PostgreSQL_ROOT_DIRECTORIES} + PATH_SUFFIXES + lib + ${PostgreSQL_LIBRARY_ADDITIONAL_SEARCH_SUFFIXES} + # Help the user find it if we cannot. + DOC "The ${PostgreSQL_LIBRARY_DIR_MESSAGE}" + ) +endfunction() + +# For compatibility with versions prior to this multi-config search, honor +# any PostgreSQL_LIBRARY that is already specified and skip the search. +if(PostgreSQL_LIBRARY) + set(PostgreSQL_LIBRARIES "${PostgreSQL_LIBRARY}") + get_filename_component(PostgreSQL_LIBRARY_DIR "${PostgreSQL_LIBRARY}" PATH) +else() + __postgresql_find_library(PostgreSQL_LIBRARY_RELEASE ${PostgreSQL_LIBRARY_TO_FIND}) + __postgresql_find_library(PostgreSQL_LIBRARY_DEBUG ${PostgreSQL_LIBRARY_TO_FIND}d) + include(${CMAKE_CURRENT_LIST_DIR}/SelectLibraryConfigurations.cmake) + select_library_configurations(PostgreSQL) + mark_as_advanced(PostgreSQL_LIBRARY_RELEASE PostgreSQL_LIBRARY_DEBUG) + if(PostgreSQL_LIBRARY_RELEASE) + get_filename_component(PostgreSQL_LIBRARY_DIR "${PostgreSQL_LIBRARY_RELEASE}" PATH) + elseif(PostgreSQL_LIBRARY_DEBUG) + get_filename_component(PostgreSQL_LIBRARY_DIR "${PostgreSQL_LIBRARY_DEBUG}" PATH) + else() + set(PostgreSQL_LIBRARY_DIR "") + endif() +endif() + +if (PostgreSQL_INCLUDE_DIR) + # Some platforms include multiple pg_config.hs for multi-lib configurations + # This is a temporary workaround. A better solution would be to compile + # a dummy c file and extract the value of the symbol. + file(GLOB _PG_CONFIG_HEADERS "${PostgreSQL_INCLUDE_DIR}/pg_config*.h") + foreach(_PG_CONFIG_HEADER ${_PG_CONFIG_HEADERS}) + if(EXISTS "${_PG_CONFIG_HEADER}") + file(STRINGS "${_PG_CONFIG_HEADER}" pgsql_version_str + REGEX "^#define[\t ]+PG_VERSION_NUM[\t ]+.*") + if(pgsql_version_str) + string(REGEX REPLACE "^#define[\t ]+PG_VERSION_NUM[\t ]+([0-9]*).*" + "\\1" _PostgreSQL_VERSION_NUM "${pgsql_version_str}") + break() + endif() + endif() + endforeach() + if (_PostgreSQL_VERSION_NUM) + # 9.x and older encoding + if (_PostgreSQL_VERSION_NUM LESS 100000) + math(EXPR _PostgreSQL_major_version "${_PostgreSQL_VERSION_NUM} / 10000") + math(EXPR _PostgreSQL_minor_version "${_PostgreSQL_VERSION_NUM} % 10000 / 100") + math(EXPR _PostgreSQL_patch_version "${_PostgreSQL_VERSION_NUM} % 100") + set(PostgreSQL_VERSION_STRING "${_PostgreSQL_major_version}.${_PostgreSQL_minor_version}.${_PostgreSQL_patch_version}") + unset(_PostgreSQL_major_version) + unset(_PostgreSQL_minor_version) + unset(_PostgreSQL_patch_version) + else () + math(EXPR _PostgreSQL_major_version "${_PostgreSQL_VERSION_NUM} / 10000") + math(EXPR _PostgreSQL_minor_version "${_PostgreSQL_VERSION_NUM} % 10000") + set(PostgreSQL_VERSION_STRING "${_PostgreSQL_major_version}.${_PostgreSQL_minor_version}") + unset(_PostgreSQL_major_version) + unset(_PostgreSQL_minor_version) + endif () + else () + foreach(_PG_CONFIG_HEADER ${_PG_CONFIG_HEADERS}) + if(EXISTS "${_PG_CONFIG_HEADER}") + file(STRINGS "${_PG_CONFIG_HEADER}" pgsql_version_str + REGEX "^#define[\t ]+PG_VERSION[\t ]+\".*\"") + if(pgsql_version_str) + string(REGEX REPLACE "^#define[\t ]+PG_VERSION[\t ]+\"([^\"]*)\".*" + "\\1" PostgreSQL_VERSION_STRING "${pgsql_version_str}") + break() + endif() + endif() + endforeach() + endif () + unset(_PostgreSQL_VERSION_NUM) + unset(pgsql_version_str) +endif() + +# Did we find anything? +include(${CMAKE_CURRENT_LIST_DIR}/FindPackageHandleStandardArgs.cmake) +find_package_handle_standard_args(PostgreSQL + REQUIRED_VARS PostgreSQL_LIBRARY PostgreSQL_INCLUDE_DIR PostgreSQL_TYPE_INCLUDE_DIR + VERSION_VAR PostgreSQL_VERSION_STRING) +set(PostgreSQL_FOUND ${POSTGRESQL_FOUND}) + +function(__postgresql_import_library _target _var _config) + if(_config) + set(_config_suffix "_${_config}") + else() + set(_config_suffix "") + endif() + + set(_lib "${${_var}${_config_suffix}}") + if(EXISTS "${_lib}") + if(_config) + set_property(TARGET ${_target} APPEND PROPERTY + IMPORTED_CONFIGURATIONS ${_config}) + endif() + set_target_properties(${_target} PROPERTIES + IMPORTED_LOCATION${_config_suffix} "${_lib}") + endif() +endfunction() + +# Now try to get the include and library path. +if(PostgreSQL_FOUND) + if (NOT TARGET PostgreSQL::PostgreSQL) + add_library(PostgreSQL::PostgreSQL UNKNOWN IMPORTED) + set_target_properties(PostgreSQL::PostgreSQL PROPERTIES + INTERFACE_INCLUDE_DIRECTORIES "${PostgreSQL_INCLUDE_DIR};${PostgreSQL_TYPE_INCLUDE_DIR}") + __postgresql_import_library(PostgreSQL::PostgreSQL PostgreSQL_LIBRARY "") + __postgresql_import_library(PostgreSQL::PostgreSQL PostgreSQL_LIBRARY "RELEASE") + __postgresql_import_library(PostgreSQL::PostgreSQL PostgreSQL_LIBRARY "DEBUG") + endif () + set(PostgreSQL_INCLUDE_DIRS ${PostgreSQL_INCLUDE_DIR} ${PostgreSQL_TYPE_INCLUDE_DIR} ) + set(PostgreSQL_LIBRARY_DIRS ${PostgreSQL_LIBRARY_DIR} ) +endif() + +mark_as_advanced(PostgreSQL_INCLUDE_DIR PostgreSQL_TYPE_INCLUDE_DIR) diff --git a/cmake/GetGit.cmake b/cmake/GetGit.cmake index ff4a4307d..3391fd3f2 100644 --- a/cmake/GetGit.cmake +++ b/cmake/GetGit.cmake @@ -1,4 +1,4 @@ -# Copyright (C) 2018 Greenbone Networks GmbH +# Copyright (C) 2018-2022 Greenbone AG # # SPDX-License-Identifier: GPL-2.0-or-later # diff --git a/cmake/SelectLibraryConfigurations.cmake b/cmake/SelectLibraryConfigurations.cmake new file mode 100644 index 000000000..4c0e9a8c0 --- /dev/null +++ b/cmake/SelectLibraryConfigurations.cmake @@ -0,0 +1,80 @@ +# Distributed under the OSI-approved BSD 3-Clause License. See accompanying +# file Copyright.txt or https://cmake.org/licensing for details. + +#[=======================================================================[.rst: +SelectLibraryConfigurations +--------------------------- + +.. code-block:: cmake + + select_library_configurations(basename) + +This macro takes a library base name as an argument, and will choose +good values for the variables + +:: + + basename_LIBRARY + basename_LIBRARIES + basename_LIBRARY_DEBUG + basename_LIBRARY_RELEASE + +depending on what has been found and set. + +If only ``basename_LIBRARY_RELEASE`` is defined, ``basename_LIBRARY`` will +be set to the release value, and ``basename_LIBRARY_DEBUG`` will be set +to ``basename_LIBRARY_DEBUG-NOTFOUND``. If only ``basename_LIBRARY_DEBUG`` +is defined, then ``basename_LIBRARY`` will take the debug value, and +``basename_LIBRARY_RELEASE`` will be set to ``basename_LIBRARY_RELEASE-NOTFOUND``. + +If the generator supports configuration types, then ``basename_LIBRARY`` +and ``basename_LIBRARIES`` will be set with debug and optimized flags +specifying the library to be used for the given configuration. If no +build type has been set or the generator in use does not support +configuration types, then ``basename_LIBRARY`` and ``basename_LIBRARIES`` +will take only the release value, or the debug value if the release one +is not set. +#]=======================================================================] + +# This macro was adapted from the FindQt4 CMake module and is maintained by Will +# Dicharry . + +macro(select_library_configurations basename) + if(NOT ${basename}_LIBRARY_RELEASE) + set(${basename}_LIBRARY_RELEASE "${basename}_LIBRARY_RELEASE-NOTFOUND" CACHE FILEPATH "Path to a library.") + endif() + if(NOT ${basename}_LIBRARY_DEBUG) + set(${basename}_LIBRARY_DEBUG "${basename}_LIBRARY_DEBUG-NOTFOUND" CACHE FILEPATH "Path to a library.") + endif() + + get_property(_isMultiConfig GLOBAL PROPERTY GENERATOR_IS_MULTI_CONFIG) + if( ${basename}_LIBRARY_DEBUG AND ${basename}_LIBRARY_RELEASE AND + NOT ${basename}_LIBRARY_DEBUG STREQUAL ${basename}_LIBRARY_RELEASE AND + ( _isMultiConfig OR CMAKE_BUILD_TYPE ) ) + # if the generator is multi-config or if CMAKE_BUILD_TYPE is set for + # single-config generators, set optimized and debug libraries + set( ${basename}_LIBRARY "" ) + foreach( _libname IN LISTS ${basename}_LIBRARY_RELEASE ) + list( APPEND ${basename}_LIBRARY optimized "${_libname}" ) + endforeach() + foreach( _libname IN LISTS ${basename}_LIBRARY_DEBUG ) + list( APPEND ${basename}_LIBRARY debug "${_libname}" ) + endforeach() + elseif( ${basename}_LIBRARY_RELEASE ) + set( ${basename}_LIBRARY ${${basename}_LIBRARY_RELEASE} ) + elseif( ${basename}_LIBRARY_DEBUG ) + set( ${basename}_LIBRARY ${${basename}_LIBRARY_DEBUG} ) + else() + set( ${basename}_LIBRARY "${basename}_LIBRARY-NOTFOUND") + endif() + + set( ${basename}_LIBRARIES "${${basename}_LIBRARY}" ) + + if( ${basename}_LIBRARY ) + set( ${basename}_FOUND TRUE ) + endif() + + mark_as_advanced( ${basename}_LIBRARY_RELEASE + ${basename}_LIBRARY_DEBUG + ) +endmacro() diff --git a/config/CMakeLists.txt b/config/CMakeLists.txt index b0524aba8..a9c1ce686 100644 --- a/config/CMakeLists.txt +++ b/config/CMakeLists.txt @@ -1,4 +1,4 @@ -# Copyright (C) 2020 Greenbone Networks GmbH +# Copyright (C) 2020-2022 Greenbone AG # # SPDX-License-Identifier: AGPL-3.0-or-later # @@ -17,26 +17,18 @@ if (NOT SYSTEMD_SERVICE_DIR) - set (SYSTEMD_SERVICE_DIR "${CMAKE_INSTALL_PREFIX}/lib/systemd/system") + set (SYSTEMD_SERVICE_DIR "/lib/systemd/system") endif (NOT SYSTEMD_SERVICE_DIR) -if (NOT DEFAULT_CONFIG_DIR) - set (DEFAULT_CONFIG_DIR "${CMAKE_INSTALL_PREFIX}/etc/default") -endif (NOT DEFAULT_CONFIG_DIR) - if (NOT LOGROTATE_DIR) - set (LOGROTATE_DIR "${CMAKE_INSTALL_PREFIX}/etc/logrotate.d") + set (LOGROTATE_DIR "${SYSCONFDIR}/logrotate.d") endif (NOT LOGROTATE_DIR) configure_file (gvmd.service.in gvmd.service) configure_file (gvmd.logrotate.in gvmd.logrotate) -configure_file (gvmd.default.in gvmd.default) install (FILES ${CMAKE_CURRENT_BINARY_DIR}/gvmd.service DESTINATION ${SYSTEMD_SERVICE_DIR}/) -install (FILES ${CMAKE_CURRENT_BINARY_DIR}/gvmd.default - DESTINATION ${DEFAULT_CONFIG_DIR}/ RENAME gvmd) - install (FILES ${CMAKE_CURRENT_BINARY_DIR}/gvmd.logrotate DESTINATION ${LOGROTATE_DIR}/ RENAME gvmd) diff --git a/config/gvmd.default.in b/config/gvmd.default.in deleted file mode 100644 index 28c96744b..000000000 --- a/config/gvmd.default.in +++ /dev/null @@ -1,19 +0,0 @@ -# -# The user for running the gvmd in the gvmd.service systemd file -# -GVMD_USER="gvm" - -# -# The group for running the gvmd in the gvmd.service systemd file -# -GVMD_GROUP="gvm" - -# -# Unix socket for OSP NVT update (--osp-vt-update) -# -OSP_VT_UPDATE="${OPENVAS_DEFAULT_SOCKET}" - -# -# Additional options -# -OPTIONS="" diff --git a/config/gvmd.service.in b/config/gvmd.service.in index 3f47b8639..12f511625 100644 --- a/config/gvmd.service.in +++ b/config/gvmd.service.in @@ -7,11 +7,11 @@ ConditionKernelCommandLine=!recovery [Service] Type=forking -User=$GVMD_USER -Group=$GVMD_GROUP -PIDFile=${GVM_RUN_DIR}/gvmd.pid -EnvironmentFile=${DEFAULT_CONFIG_DIR}/gvmd -ExecStart=${SBINDIR}/gvmd --osp-vt-update=$OSP_VT_UPDATE $OPTIONS +User=gvm +PIDFile=${GVMD_PID_PATH} +RuntimeDirectory=gvmd +RuntimeDirectoryMode=2775 +ExecStart=${SBINDIR}/gvmd --osp-vt-update=/run/ospd/ospd-openvas.sock --listen-group=gvm Restart=always TimeoutStopSec=10 diff --git a/doc/CMakeLists.txt b/doc/CMakeLists.txt index 04a4fd4a6..88928c5f8 100644 --- a/doc/CMakeLists.txt +++ b/doc/CMakeLists.txt @@ -1,4 +1,4 @@ -# Copyright (C) 2009-2019 Greenbone Networks GmbH +# Copyright (C) 2009-2022 Greenbone AG # # SPDX-License-Identifier: AGPL-3.0-or-later # @@ -92,7 +92,7 @@ else (NOT XSLTPROC_EXECUTABLE) ${CMAKE_BINARY_DIR}/src/schema_formats/XML/GMP.xml ${CMAKE_SOURCE_DIR}/src/schema_formats/RNC/generate ${CMAKE_SOURCE_DIR}/src/schema_formats/RNC/RNC.xsl - ${CMAKE_SOURCE_DIR}/src/schema_formats/RNC/rnc.xsl) + ${CMAKE_SOURCE_DIR}/src/schema_formats/rnc.xsl) add_custom_command (OUTPUT gmp.html COMMAND sh @@ -101,38 +101,23 @@ else (NOT XSLTPROC_EXECUTABLE) ${CMAKE_BINARY_DIR}/src/schema_formats/XML/GMP.xml ${CMAKE_SOURCE_DIR}/src/schema_formats/HTML/generate ${CMAKE_SOURCE_DIR}/src/schema_formats/HTML/HTML.xsl - ${CMAKE_SOURCE_DIR}/src/schema_formats/HTML/rnc.xsl) + ${CMAKE_SOURCE_DIR}/src/schema_formats/rnc.xsl) endif (NOT XSLTPROC_EXECUTABLE) if (XMLTOMAN_EXECUTABLE) add_custom_target (man COMMENT "Building manual page..." - DEPENDS gvmd.8 greenbone-certdata-sync.8 greenbone-scapdata-sync.8) + DEPENDS gvmd.8) add_custom_command (OUTPUT gvmd.8 COMMAND sh ARGS -c \"${XMLTOMAN_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/gvmd.8.xml > ${CMAKE_CURRENT_BINARY_DIR}/gvmd.8\;\" DEPENDS gvmd.8.xml) - add_custom_command (OUTPUT greenbone-certdata-sync.8 - COMMAND sh - ARGS -c \"${XMLTOMAN_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/greenbone-certdata-sync.8.xml > ${CMAKE_CURRENT_BINARY_DIR}/greenbone-certdata-sync.8\;\" - DEPENDS greenbone-certdata-sync.8.xml) - - add_custom_command (OUTPUT greenbone-scapdata-sync.8 - COMMAND sh - ARGS -c \"${XMLTOMAN_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/greenbone-scapdata-sync.8.xml > ${CMAKE_CURRENT_BINARY_DIR}/greenbone-scapdata-sync.8\;\" - DEPENDS greenbone-scapdata-sync.8.xml) else (XMLTOMAN_EXECUTABLE) message (STATUS "WARNING: xmltoman is required to generate manpage.") add_custom_command (OUTPUT gvmd.8 COMMAND echo "[Error: xmltoman required to see manpage here]" > gvmd.8) - add_custom_command (OUTPUT greenbone-certdata-sync.8 - COMMAND echo "[Error: xmltoman required to see manpage here]" - > greenbone-certdata-sync.8) - add_custom_command (OUTPUT greenbone-scapdata-sync.8 - COMMAND echo "[Error: xmltoman required to see manpage here]" - > greenbone-scapdata-sync.8) endif (XMLTOMAN_EXECUTABLE) if (XMLMANTOHTML_EXECUTABLE) @@ -158,6 +143,6 @@ if (XSLTPROC_EXECUTABLE) COMPONENT doc) endif (XSLTPROC_EXECUTABLE) -install (FILES gvmd.8 greenbone-certdata-sync.8 greenbone-scapdata-sync.8 +install (FILES gvmd.8 DESTINATION share/man/man8/ COMPONENT doc) diff --git a/doc/greenbone-certdata-sync.8.xml b/doc/greenbone-certdata-sync.8.xml index fd1e1fd03..93e028876 100644 --- a/doc/greenbone-certdata-sync.8.xml +++ b/doc/greenbone-certdata-sync.8.xml @@ -3,7 +3,7 @@ 0 - + @@ -427,6 +427,16 @@ along with this program. If not, see . + + One of: + + +
+ +
+ + + diff --git a/src/schema_formats/HTML/generate b/src/schema_formats/HTML/generate index e58a13980..f22cffca8 100755 --- a/src/schema_formats/HTML/generate +++ b/src/schema_formats/HTML/generate @@ -1,5 +1,5 @@ #!/bin/sh -# Copyright (C) 2010-2018 Greenbone Networks GmbH +# Copyright (C) 2010-2022 Greenbone AG # # SPDX-License-Identifier: AGPL-3.0-or-later # diff --git a/src/schema_formats/HTML/rnc.xsl b/src/schema_formats/HTML/rnc.xsl deleted file mode 100644 index 9ffa04000..000000000 --- a/src/schema_formats/HTML/rnc.xsl +++ /dev/null @@ -1,464 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ↵ - - - - - - - - - - - - - - - - ↵ - - - - - - - - - - - - - ### Preamble - -start = command | response - -command - = - - - - - | - - - - -response - = - - - _response - - - | - - - - - - - - - - - - - - | - - - - | - - " } - - - xsd:token { pattern = " - - - - - - - - - - - - - - # - - . - - - - attribute - - { - - - - } - - - ? - - - - - - - - - - - - - - - - - - - - - - - - - - - _response - - - - - - - - - | - - - - | - - " } - - - xsd:token { pattern = " - - - - - - - - - - - - - - - - - - - - - - - * - - - - - - - - - - - - - - - ( - - - - & - - - - - - - - - - - - - ) - - - - - - - - - ? - - - ( - - - - | - - - - - - - - - - - - - ) - - - - - - - - - - ERROR - - - - - - - - - - "" - - - - - - - - - - - - - - - - - text # RNC limitation: - - - - - - - - - - - - - & - - - - - - & - - - - - - - - - - - - - - # - - . - - - - - - - - = element - - # type - - - { - - - - - - - - - - } - - - - - - - - - - - - - - - - - - = element - - - { - - - - - - - - } - - - - - - - - - - - - - - - - = element - - - { - - - - - - - - } - - - - - - - - - - diff --git a/src/schema_formats/RNC/RNC.xsl b/src/schema_formats/RNC/RNC.xsl index b27538b89..29846804a 100644 --- a/src/schema_formats/RNC/RNC.xsl +++ b/src/schema_formats/RNC/RNC.xsl @@ -8,7 +8,7 @@ 1 - + diff --git a/src/schema_formats/RNC/generate b/src/schema_formats/RNC/generate index e36f767bf..84e6caaa8 100755 --- a/src/schema_formats/RNC/generate +++ b/src/schema_formats/RNC/generate @@ -1,5 +1,5 @@ #!/bin/sh -# Copyright (C) 2010-2018 Greenbone Networks GmbH +# Copyright (C) 2010-2022 Greenbone AG # # SPDX-License-Identifier: AGPL-3.0-or-later # diff --git a/src/schema_formats/XML-brief/GMP.xsl b/src/schema_formats/XML-brief/GMP.xsl index e794e4077..9b0067546 100644 --- a/src/schema_formats/XML-brief/GMP.xsl +++ b/src/schema_formats/XML-brief/GMP.xsl @@ -7,7 +7,7 @@ extension-element-prefixes="str func"> @@ -3558,12 +3478,10 @@ along with this program. If not, see . usage_type Usage type (scan or policy) for the config. Can overwrite the one in get_configs_response - - - scan - policy - - + + scan + policy + @@ -3751,12 +3669,10 @@ along with this program. If not, see . auth_algorithm Authentication algorithm for SNMP, either md5 or sha1 - - - md5 - sha1 - - + + md5 + sha1 + @@ -3769,12 +3685,10 @@ along with this program. If not, see . algorithm The SNMP privacy algorithm, either aes or des - - - aes - des - - + + aes + des + @@ -3789,17 +3703,15 @@ along with this program. If not, see . type The type of credential to create - - - cc - pgp - pw - smime - snmp - up - usk - - + + cc + pgp + pw + smime + snmp + up + usk + @@ -4093,7 +4005,7 @@ along with this program. If not, see . active - Seconds note will be active. -1 on always, 0 off + Days note will be active. -1 on always, 0 off integer @@ -4222,7 +4134,7 @@ along with this program. If not, see . active - Seconds override will be active. -1 on always, 0 off + Days override will be active. -1 on always, 0 off integer @@ -5201,6 +5113,11 @@ along with this program. If not, see . If the list of hosts is empty, the command must also include a target locator.

+

+ If the SSH elevate credential is set, the SSH credential must + also be set. The SSH elevate credential and the SSH credential + must differ. +

name @@ -5212,6 +5129,7 @@ along with this program. If not, see . exclude_hosts ssh_credential + ssh_elevate_credential smb_credential esxi_credential snmp_credential @@ -5219,6 +5137,7 @@ along with this program. If not, see . smb_lsc_credential esxi_lsc_credential alive_tests + allow_simultaneous_ips reverse_lookup_only reverse_lookup_unify @@ -5290,6 +5209,17 @@ along with this program. If not, see . text + + ssh_elevate_credential + SSH elevate credentials for target + + + id + uuid + 1 + + + smb_credential SMB login credentials for target @@ -5369,6 +5299,13 @@ along with this program. If not, see . alive_test + + allow_simultaneous_ips + + Whether to scan multiple IPs of the same host simultaneously + + boolean + reverse_lookup_only Whether to scan only hosts that have names @@ -5502,12 +5439,10 @@ along with this program. If not, see . usage_type Usage type for the task (scan or audit), defaulting to scan - - - scan - audit - - + + scan + audit + @@ -5868,7 +5803,6 @@ along with this program. If not, see . copy comment hosts - ifaces password role @@ -5901,18 +5835,6 @@ along with this program. If not, see . text - - ifaces - User access rules: a comma-separated list of ifaces - - - allow - If 1, allow only listed, otherwise forbid listed - boolean - - text - - password The password for the user @@ -7288,7 +7210,7 @@ along with this program. If not, see . details - Whether to get config families, preferences, nvt selectors and tasks + Whether to get config families, preferences and nvt selectors boolean @@ -7433,24 +7355,20 @@ along with this program. If not, see . type The type of the config (0 = OpenVAS, 1 OSP) - - - 0 - 1 - - + + 0 + 1 + usage_type The usage type of the config (scan or policy) - - - scan - policy - - + + scan + policy + @@ -7646,7 +7564,6 @@ along with this program. If not, see . preference nvt - hr_name name id type @@ -7671,11 +7588,6 @@ along with this program. If not, see . name - - hr_name - The full, more "human readable" name of the preference - name - name The compact name of the preference as used by the scanner @@ -7829,12 +7741,10 @@ along with this program. If not, see . order - - - ascending - descending - - + + ascending + descending + @@ -8071,13 +7981,13 @@ along with this program. If not, see . Optional tuples of sort criteria - sort_field + field The column to sort the aggregated rows by. - With a subgroup column, groups will be sorted by the group_column first. + With a subgroup column, groups will be sorted by the group_column first text - sort_order + order The order to sort by @@ -8087,7 +7997,7 @@ along with this program. If not, see . - sort_stat + stat The statistic to sort the aggregated rows by @@ -9022,12 +8932,10 @@ along with this program. If not, see . order - - - ascending - descending - - + + ascending + descending + @@ -9166,6 +9074,19 @@ along with this program. If not, see . type is "host" + + + best_os_cpe + text + CPE-ID of best matching OS + severity severity @@ -9174,7 +9095,7 @@ along with this program. If not, see . os text - Best matching OS + Best matching OS, either name or CPE-ID oss @@ -9188,12 +9109,20 @@ along with this program. If not, see . ip - ip + text IP address type is "os" + + all_hosts + integer + + Number of all hosts using the asset, even if the OS + is not the best match + + title text @@ -9202,7 +9131,7 @@ along with this program. If not, see . hosts integer - Number of hosts using the asset + Number of hosts using the asset as best OS match latest_severity @@ -9244,6 +9173,11 @@ along with this program. If not, see . + + details + Whether to include additional information (e.g., tags) + boolean + @@ -9505,6 +9439,7 @@ along with this program. If not, see . title installs + all_installs latest_severity highest_severity average_severity @@ -9518,7 +9453,17 @@ along with this program. If not, see . installs - Number of hosts on which OS has been detected + + Number of hosts on which OS has been detected as the best match + + integer + + + all_installs + + Number of hosts on which OS has been detected, + not necessarily as the best match + integer @@ -9556,7 +9501,9 @@ along with this program. If not, see . hosts - Hosts on which this OS has been detected + + Hosts on which this OS has been detected as the best match + asset @@ -9740,12 +9687,10 @@ along with this program. If not, see . order - - - ascending - descending - - + + ascending + descending + @@ -10126,17 +10071,15 @@ along with this program. If not, see . type The type of the credential - - - cc - pgp - pw - smime - snmp - up - usk - - + + cc + pgp + pw + smime + snmp + up + usk + @@ -10156,15 +10099,13 @@ along with this program. If not, see . format Format as used in the command - - - key - rpm - deb - exe - pem - - + + key + rpm + deb + exe + pem + @@ -10172,12 +10113,10 @@ along with this program. If not, see . auth_algorithm The SNMP authentication algorithm - - - md5 - sha1 - - + + md5 + sha1 + @@ -10189,12 +10128,10 @@ along with this program. If not, see . algorithm The SNMP privacy algorithm - - - aes - des - - + + aes + des + @@ -10363,12 +10300,10 @@ along with this program. If not, see . order - - - ascending - descending - - + + ascending + descending + @@ -10972,12 +10907,10 @@ along with this program. If not, see . order - - - ascending - descending - - + + ascending + descending + @@ -11353,12 +11286,10 @@ along with this program. If not, see . order - - - ascending - descending - - + + ascending + descending + @@ -11454,7 +11385,7 @@ along with this program. If not, see . type - Type must be either CERT_BUND_ADV, CPE, CVE, DFN_CERT_ADV, OVALDEF or NVT + Type must be either CERT_BUND_ADV, CPE, CVE, DFN_CERT_ADV or NVT text 1 @@ -11506,7 +11437,7 @@ along with this program. If not, see . severity severity - Severity of the SecInfo + CVSS severity score of the SecInfo @@ -11649,55 +11580,7 @@ along with this program. If not, see . - type is "ovaldef" - - version - integer - Version number of the OVAL Definition - - - deprecated - boolean - Whether the OVAL Definition is deprecated - - - class - text - Class of the OVAL Definition - - - title - text - Title of the OVAL Definition - - - description - text - Longer description of the OVAL Definition - - - file - text - Name of the file containing the OVAL Definition - - - status - text - Status of the OVAL Definition - - - max_cvss - severity - Alias for severity - - - cves - integer - Number of CVEs referencing this CPE - - - - type is either "cert_bund_adv" or "dfn_cert_adv" + type is either "cert_bund_adv" or "dfn_cert_adv" title text @@ -11770,7 +11653,6 @@ along with this program. If not, see . cpe cve dfn_cert_adv - ovaldef nvt @@ -11880,7 +11762,7 @@ along with this program. If not, see . title summary - max_cvss + severity cve_refs raw_data @@ -11900,9 +11782,11 @@ along with this program. If not, see . - max_cvss - Highest CVSS score of CVEs referenced by the advisory - text + severity + Highest CVSS severity score of CVEs referenced by the advisory + + severity + cve_refs @@ -11924,7 +11808,7 @@ along with this program. If not, see . nvd_id title - max_cvss + severity cve_refs status cves @@ -11946,10 +11830,10 @@ along with this program. If not, see . - max_cvss - The highest CVSS recorder for this CPE + severity + The highest CVSS severity score recorded for this CPE - integer + severity @@ -11998,13 +11882,8 @@ along with this program. If not, see . cve - cvss - vector - complexity - authentication - confidentiality_impact - integrity_impact - availability_impact + severity + cvss_vector description products nvts @@ -12013,50 +11892,15 @@ along with this program. If not, see . A CVE info element - cvss - CVSS Base Score - - text - - - - vector - CVSS Access Vector metric - - text - - - - complexity - CVSS Attack Complexity metric - - text - - - - authentication - CVSS Authentication metric - - text - - - - confidentiality_impact - CVSS Confidentiality impact metric - - text - - - - integrity_impact - CVSS Integrity impact metric + severity + CVSS severity score of the CVE - text + severity - availability_impact - CVSS Availability impact metric + cvss_vector + CVSS base vector string text @@ -12155,7 +11999,7 @@ along with this program. If not, see . title summary - max_cvss + severity cve_refs raw_data @@ -12175,97 +12019,17 @@ along with this program. If not, see . - max_cvss - Highest CVSS score of CVEs referenced by the advisory - text - - - cve_refs - Number of CVEs referenced by this advisory - - integer - - - - raw_data - Source representation of the information. Only when details were requested - - text - - - - - ovaldef - - version - deprecated - status - class - title - max_cvss - cve_refs - file - description - raw_data - - An OVAL definition info element - - version - Version number of the OVAL definition - - integer - - - - deprecated - Whether the definition is deprecated - - boolean - - - - status - Lifecycle status text of the definition - - text - - - - class - Definition class of the definition - - text - - - - title - Title of the definition + severity + Highest CVSS severity score of CVEs referenced by the advisory - text + severity - - max_cvss - Highest CVSS score of CVEs referenced by the definition - text - cve_refs - Number of CVEs referenced by the definition - integer - - - file - Path to the source xml file, relative to the SCAP data directory - - text - - - - description - Longer description of the definition. Only when details were requested + Number of CVEs referenced by this advisory - text + integer @@ -12351,12 +12115,10 @@ along with this program. If not, see . order - - - ascending - descending - - + + ascending + descending + @@ -12401,7 +12163,7 @@ along with this program. If not, see . 2012-10-26T13:18:00.000+0000 GNU Gzip 1.3.3 - 10.0 + 100 5 DRAFT @@ -12526,18 +12288,14 @@ along with this program. If not, see . CVE-2011-0018 2011-01-28T16:00:02Z - 2011-02-05T07:01:22Z + 2018-10-10T20:09:00Z + 2020-11-13T02:30:00.000+0000 0 0 2012-10-26T13:18:00.000+0000 - 9.0 - NETWORK - LOW - SINGLE_INSTANCE - COMPLETE - COMPLETE - COMPLETE + 90 + AV:N/AC:L/Au:S/C:C/I:C/A:C The email function in manage_sql.c in ...(truncated for example) cpe:/a:openvas:openvas_manager:1.0.1 ...(truncated for example) @@ -12767,12 +12525,10 @@ along with this program. If not, see . order - - - ascending - descending - - + + ascending + descending + @@ -12860,7 +12616,6 @@ along with this program. If not, see . note fixed to result 127.0.0.1 general/tcp - Medium test @@ -12870,9 +12625,9 @@ along with this program. If not, see . general/tcp Test NVT: control chars in report result - + 5 + - Medium Warning with control char between fullstops: . . @@ -12883,6 +12638,211 @@ along with this program. If not, see . + + get_license + Get the current license + +

+ The client uses the get_license command to get the current license. +

+

+ This command is only available if gvmd is built with the licensing + library (libtheia). +

+ + + + + + + status + status + 1 + + + status_text + text + 1 + + license + + + license + The license information + + status + content + + + status + Status of the license + text + + + content + The main content of the license file + + meta + appliance + keys + signatures + + + meta + License metadata + + version + id + comment + type + customer_name + created + begins + expires + + + version + Version of the license file schema + text + + + id + Unique Identifier of the license + text + + + comment + Short comment summarizing the license + text + + + type + License type, e.g. "trial" or "commercial" + text + + + customer_name + Name of the customer the license is issued for + text + + + created + Time the license was created + iso_time + + + begins + Time after which the license is valid + iso_time + + + expires + Time the license expires + iso_time + + + + appliance + Hardware and appliance information + + model + model_type + + + model + Appliance model, e.g. "one" + text + + + model_type + Appliance model type, e.g. "virtual" or "hardware" + text + + + sensor + Whether the license is applied to a sensor or not + boolean + + + + keys + Base64 encoded access keys, e.g. feed keys + + key + + + key + A Base64 encoded access key + + + name + Name of the key + text + + text + + + + + signatures + Signatures of the license + + signature + + + signature + A signature info item + + + name + Name of the signature + text + + text + + + + + + + + Get the current license + + + + + + + + active + + + 4711 + 1.0.0 + Test License + trial + Jane Doe + 2021-08-27T06:05:21Z + 2021-08-27T07:05:21Z + 2021-09-04T07:05:21Z + + + trial + virtual + 0 + + + *base64 GSF key* + + + *base64 signature* + + + + + + + get_nvts Get one or many NVTs @@ -13005,12 +12965,14 @@ along with this program. If not, see . summary family cvss_base + severities qod refs tags preference_count timeout default_timeout + solution preferences @@ -13096,6 +13058,11 @@ along with this program. If not, see . CVSS base score of the NVT text + + severities + Severity information of the NVT + severities + qod The quality of detection (QoD) of the NVT @@ -13132,7 +13099,7 @@ along with this program. If not, see . type - Type of the reference, for example "cve", "bid", "dfn-cert", "cert-bund" + Type of the reference, for example "cve", "dfn-cert", "cert-bund" text @@ -13165,6 +13132,23 @@ along with this program. If not, see . The default_timeout of the NVT text + + solution + Solution for the vulnerability + + + type + The solution type, for example "VendorFix" + text + + + method + The solution method, for example "DebianAPTUpgrade" + text + + text + + preferences List of preferences of the NVT @@ -13189,6 +13173,7 @@ along with this program. If not, see . nvt name + id type value alt @@ -13216,6 +13201,11 @@ along with this program. If not, see . The name of the preference text + + id + The ID of the preference + text + type The type of the preference @@ -13256,6 +13246,7 @@ along with this program. If not, see . Find what is listening on which port Service detection + NOTAG -1 @@ -13602,12 +13593,10 @@ along with this program. If not, see . order - - - ascending - descending - - + + ascending + descending + @@ -14102,12 +14091,10 @@ along with this program. If not, see . order - - - ascending - descending - - + + ascending + descending + @@ -14602,12 +14589,10 @@ along with this program. If not, see . order - - - ascending - descending - - + + ascending + descending + @@ -14915,18 +14900,6 @@ along with this program. If not, see . boolean Whether to apply Overrides - - + + modify_license + Modify the existing license + +

+ The client uses the modify_license command to change the current + license. +

+

+ The license has to be provided as a valid base64 encoded license + file. +

+

+ This command is only available if gvmd is built with the licensing + library (libtheia). +

+ + + + allow_empty + Whether to allow an empty file + boolean + 0 + + file + + + file + The license file in base64 encoded form + text + + + + + status + status + 1 + + + status_text + text + 1 + + + + + Upload an new license file + + + [...] + + + + + + + + modify_note Modify an existing note @@ -23943,11 +23939,10 @@ along with this program. If not, see . severity task text - threat active - Seconds note will be active. -1 on always, 0 off + Days note will be active. -1 on always, 0 off integer @@ -23989,13 +23984,6 @@ along with this program. If not, see . text - - threat - Threat level to which note applies - - threat - - task Task to which note applies @@ -24080,7 +24068,7 @@ along with this program. If not, see . active - Seconds override will be active. -1 on always, 0 off + Days override will be active. -1 on always, 0 off integer @@ -24732,6 +24720,10 @@ along with this program. If not, see .

The client uses the modify_target command to change an existing target.

+

+ If the SSH elevate credential is set, the SSH credential must also be + set. The SSH elevate credential and the SSH credential must differ. +

@@ -24746,6 +24738,7 @@ along with this program. If not, see . hosts_ordering exclude_hosts ssh_credential + ssh_elevate_credential smb_credential esxi_credential snmp_credential @@ -24756,6 +24749,7 @@ along with this program. If not, see . alive_tests reverse_lookup_only reverse_lookup_unify + allow_simultaneous_ips comment @@ -24795,6 +24789,17 @@ along with this program. If not, see . + + ssh_elevate_credential + SSH elevate credential to use on target + + + id + uuid + 1 + + + smb_credential SMB credential to use on target @@ -24891,6 +24896,13 @@ along with this program. If not, see . boolean + + allow_simultaneous_ips + + Whether to scan multiple IPs of the same host simultaneously + + boolean + @@ -25049,12 +25061,14 @@ along with this program. If not, see . comment alert + config name observers preferences schedule schedule_periods scanner + target file @@ -25076,6 +25090,17 @@ along with this program. If not, see . + + config + The scan configuration used by the task + + + id + uuid + 1 + + + name The name of the task @@ -25139,6 +25164,17 @@ along with this program. If not, see . + + target + The hosts scanned by the task + + + id + uuid + 1 + + + file File to attach to task @@ -25381,7 +25417,6 @@ along with this program. If not, see . password role hosts - ifaces sources @@ -25415,21 +25450,16 @@ along with this program. If not, see . - ifaces - User access rules: a comma-separated list of ifaces + password + The password for the user - allow - If 1, allow only listed, otherwise forbid listed + modify + If 0 then password is left alone, otherwise password is modified boolean - text - - - - password - The password for the user - text + text + role @@ -25445,7 +25475,20 @@ along with this program. If not, see . sources List of authentication sources for this user (if omitted, no changes) - sources + + source + + + source + Authentication source + + + file + ldap_connect + radius_connect + + + @@ -25987,6 +26030,89 @@ along with this program. If not, see . + + CREATE_TASK, CREATE_USER, GET_TASKS, GET_USERS, MODIFY_TASK, MODIFY_USER + Removed network interface (iface) options + +

+ The option to choose the source interface in the form of the task + preference "source_iface" has been removed as well as + the "ifaces" element of users to limit the allowed network + interfaces. +

+ + 22.4 + + + GET_INFO + Removed the Secinfo-type OVALDEF from the GET_INFO command + + +

+ The type OVALDEF is removed from the list of possible types for + the GET_INFO command. +

+

+ OVAL Definitions are no longer supported. +

+ + 22.4 + + + GET_INFO + Replaced CVSS score elements by integer score + +

+ The elements CVSS and MAX_CVSS of CPEs, CVEs, OVAL definitions and + CERT advisories are replaced by the SEVERITY element. +

+

+ NVTs still contain the CVSS_BASE element for backward compatibility + of reports. However, the use of the CVSS_BASE element is deprecated + and the score attribute of the new SEVERITIES element should be used + instead. +

+ + 21.4 + + + GET_INFO + Replaced CVSS vector components of CVEs with vector string + +

+ The elements VECTOR, COMPLEXITY, AUTHENTICATION, + CONFIDENTIALITY_IMPACT, INTEGRITY_IMPACT and AVAILABILITY_IMPACT + are replaced by the CVSS_VECTOR element that contains the CVSS base + vector in a shorter string representation. +

+

+ This vector string can also use newer CVSS versions like 3.1 if + available. +

+ + 21.4 + + + GET_REPORTS + Removed element SEVERITY_CLASS from element REPORT + +

+ The element SEVERITY_CLASS contained the range specification for the applied classification scheme. + There is only fixed scheme left, so the specificion is not needed anymore. +

+ + 21.4 + + + GET_REPORTS, GET_RESULTS + Remove elements AUTOFP and AUTO_TYPE from element FILTERS + +

+ The element to specify the autofp value and the related auto_type for a filter is removed. +

+ + 21.4 + CREATE_SCANNER, MODIFY_SCANNER, GET_REPORTS GMP scanners have been removed @@ -26015,6 +26141,31 @@ along with this program. If not, see . 21.4 + + GET_REPORTS + Removed element RESULT_COUNT/DEBUG from element REPORT + +

+ The element DEBUG inside RESULT_COUNT is removed. Vulnerability tests do + not produce debug messages since 2012. +

+ + 21.4 + + + GET_NOTES + Element THREAT has been removed + +

+ The element "THREAT" of element "NOTE" is removed. +

+

+ This information is redundant with the element "SEVERITY". +

+ + 21.4 + + CREATE_TARGET, RUN_WIZARD Default port list removed from CREATE_TARGET diff --git a/src/schema_formats/XML/generate b/src/schema_formats/XML/generate index 1daa46967..6c5c2e4c5 100755 --- a/src/schema_formats/XML/generate +++ b/src/schema_formats/XML/generate @@ -1,5 +1,5 @@ #!/bin/sh -# Copyright (C) 2010-2018 Greenbone Networks GmbH +# Copyright (C) 2010-2022 Greenbone AG # # SPDX-License-Identifier: AGPL-3.0-or-later # diff --git a/src/schema_formats/RNC/rnc.xsl b/src/schema_formats/rnc.xsl similarity index 99% rename from src/schema_formats/RNC/rnc.xsl rename to src/schema_formats/rnc.xsl index 9ffa04000..5a688481d 100644 --- a/src/schema_formats/RNC/rnc.xsl +++ b/src/schema_formats/rnc.xsl @@ -7,7 +7,7 @@ - - - - - - - - - - - - - diff --git a/tools/template.nsis b/tools/template.nsis index 8e05e66e9..5b9b5a2b0 100644 --- a/tools/template.nsis +++ b/tools/template.nsis @@ -1,4 +1,4 @@ -; Copyright (C) 2020 Greenbone Networks GmbH +; Copyright (C) 2020-2022 Greenbone AG ; ; SPDX-License-Identifier: AGPL-3.0-or-later ;