Merge branch 'main' into differentiate-audit-and-scan-reports

greenbone · Mar 13, 2024 · 38bea61 · 38bea61
2 parents a1cb092 + 38c6d31
commit 38bea61
Show file tree

Hide file tree

Showing 27 changed files with 788 additions and 613 deletions.
diff --git a/.docker/prod.Dockerfile b/.docker/prod.Dockerfile
@@ -1,8 +1,9 @@
 ARG VERSION=edge
 ARG GVM_LIBS_VERSION=oldstable
 ARG DEBIAN_FRONTEND=noninteractive
+ARG IMAGE_REGISTRY=ghcr.io
 
-FROM greenbone/gvmd-build:${VERSION} as builder
+FROM ${IMAGE_REGISTRY}/greenbone/gvmd-build:${VERSION} as builder
 
 COPY . /source
 WORKDIR /source
@@ -99,7 +100,6 @@ RUN apt-get update && \
     texlive-fonts-recommended \
     texlive-latex-extra \
     wget \
-    xml-twig-tools \
     xmlstarlet \
     xsltproc \
     zip && \

diff --git a/.docker/start-gvmd.sh b/.docker/start-gvmd.sh
@@ -16,28 +16,26 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-#!/bin/sh
-
 [ -z "$USER" ] && USER="admin"
 [ -z "$PASSWORD" ] && PASSWORD="admin"
 [ -z "$GVMD_ARGS" ] && GVMD_ARGS="--listen-mode=666"
 [ -z "$GVMD_USER" ] && GVMD_USER="gvmd"
-[ -z "$PGRES_DATA"] && PGRES_DATA="/var/lib/postgresql"
+[ -z "$PGRES_DATA" ] && PGRES_DATA="/var/lib/postgresql"
 
 if [ -n "$GVM_CERTS" ] && [ "$GVM_CERTS" = true ]; then
-	echo "Generating certs"
-	gvm-manage-certs -a
+    echo "Generating certs"
+    gvm-manage-certs -a
 fi
 
 # check for psql connection
 FILE=$PGRES_DATA/started
 until test -f "$FILE"; do
-	echo "waiting 1 second for ready postgres container"
+    echo "waiting 1 second for ready postgres container"
     sleep 1
 done
 until psql -U "$GVMD_USER" -d gvmd -c "SELECT 'connected' as connection"; do
-	echo "waiting 1 second to retry psql connection"
-	sleep 1
+    echo "waiting 1 second to retry psql connection"
+    sleep 1
 done
 
 # migrate db if necessary
@@ -46,11 +44,11 @@ gvmd --migrate || true
 gvmd --create-user=$USER --password=$PASSWORD || true
 
 # set the feed import owner
-uid=$(gvmd --get-users --verbose | grep $USER | awk '{print $2}')
+uid=$(gvmd --get-users --verbose | grep "^$USER " | awk '{print $2}')
 gvmd --modify-setting 78eceaec-3385-11ea-b237-28d24461215b --value "$uid"
 
 echo "starting gvmd"
 gvmd $GVMD_ARGS ||
-	(cat /var/log/gvm/gvmd.log && exit 1)
+    (cat /var/log/gvm/gvmd.log && exit 1)
 
 tail -f /var/log/gvm/gvmd.log
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
@@ -1,6 +1,6 @@
 # default reviewers
-*                 @greenbone/gvmd-maintainers @mattmundell
+*                 @greenbone/gvmd-maintainers
 
 # dev ops
-.github/          @greenbone/devops @greenbone/gvmd-maintainers @mattmundell
-.docker/          @greenbone/devops @greenbone/gvmd-maintainers @mattmundell
+.github/          @greenbone/devops @greenbone/gvmd-maintainers
+.docker/          @greenbone/devops @greenbone/gvmd-maintainers
diff --git a/.github/workflows/build-and-test.yml b/.github/workflows/build-and-test.yml
@@ -22,7 +22,7 @@ jobs:
   scan-build:
     name: scan-build (clang static analyzer)
     runs-on: ubuntu-latest
-    container: greenbone/gvmd-build:stable
+    container: ${{ vars.IMAGE_REGISTRY }}/greenbone/gvmd-build:stable
     steps:
       - name: Check out gvmd
         uses: actions/checkout@v4
@@ -46,7 +46,7 @@ jobs:
   test-units:
     name: Unit Tests
     runs-on: ubuntu-latest
-    container: greenbone/gvmd-build:stable
+    container: ${{ vars.IMAGE_REGISTRY }}/greenbone/gvmd-build:stable
     steps:
       - name: Check out gvmd
         uses: actions/checkout@v4

diff --git a/.github/workflows/build-container.yml b/.github/workflows/build-container.yml
@@ -1,19 +1,6 @@
 name: Build Container Image Builds
 
 on:
-  push:
-    branches:
-      - main
-    tags: ["v*"]
-    paths:
-      - .github/workflows/build-container.yml
-      - .docker/build.Dockerfile
-  pull_request:
-    branches:
-      - main
-    paths:
-      - .github/workflows/build-container.yml
-      - .docker/build.Dockerfile
   workflow_dispatch:
   repository_dispatch:
   schedule:
@@ -22,51 +9,43 @@ on:
 
 jobs:
   build-images:
+    strategy:
+      matrix:
+        build:
+          - stable
+          - edge
     name: "Build Images"
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
         uses: actions/checkout@v4
-      - uses: greenbone/actions/is-latest-tag@v3
-        id: latest
       - name: Setup container meta information
         id: meta
         uses: docker/metadata-action@v5
         with:
-          images: ${{ github.repository }}-build
+          images: ${{ vars.IMAGE_REGISTRY }}/${{ github.repository }}-build
           labels: |
             org.opencontainers.image.vendor=Greenbone
             org.opencontainers.image.base.name=greenbone/gvm-libs
           flavor: latest=false # no latest container tag for git tags
           tags: |
-            # use version, major.minor and major  for tags
-            type=semver,pattern={{version}}
-            type=semver,pattern={{major}}.{{minor}}
-            type=semver,pattern={{major}}
-
-            # use edge for default branch
-            type=edge
-
-            # set label for non-published pull request builds
-            type=ref,event=pr
-
-            # when a new git tag is created set stable and a latest tags
-            type=raw,value=latest,enable=${{ steps.latest.outputs.is-latest-tag == 'true' }}
-            type=raw,value=stable,enable=${{ steps.latest.outputs.is-latest-tag == 'true' }}
+            type=raw,value=latest,enable=${{ matrix.build == 'stable' }}
+            type=raw,value=stable,enable=${{ matrix.build == 'stable' }}
+            type=raw,value=edge,enable=${{ matrix.build == 'edge' }}
       - name: Set container build options
         id: container-opts
         run: |
-          if [[ "${{ github.ref_type }}" = 'tag' ]]; then
+          if [[ "${{ matrix.build }}" = 'stable' ]]; then
             echo "gvm-libs-version=oldstable" >> $GITHUB_OUTPUT
           else
             echo "gvm-libs-version=oldstable-edge" >> $GITHUB_OUTPUT
           fi
-      - name: Login to DockerHub
-        if: github.event_name != 'pull_request'
+      - name: Login to GitHub Docker registry
         uses: docker/login-action@v3
         with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
+            registry: ghcr.io
+            username: ${{ secrets.GREENBONE_BOT }}
+            password: ${{ secrets.GREENBONE_BOT_PACKAGES_WRITE_TOKEN }}
       - run: echo "Build and push ${{ steps.meta.outputs.tags }}"
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v3
@@ -76,17 +55,10 @@ jobs:
         uses: docker/build-push-action@v5
         with:
           context: .
-          push: ${{ github.event_name != 'pull_request' }}
+          push: true
           build-args: |
             GVM_LIBS_VERSION=${{ steps.container-opts.outputs.gvm-libs-version }}
           file: .docker/build.Dockerfile
           platforms: linux/amd64,linux/arm64
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
-      - name: Trigger libtheia container build
-        if: github.event_name != 'pull_request'
-        run: |
-          curl -X POST https://api.github.com/repos/greenbone/libtheia/actions/workflows/container.yml/dispatches \
-          -H "Accept: application/vnd.github.v3+json" \
-          -u greenbonebot:${{ secrets.GREENBONE_BOT_TOKEN }} \
-          -d '{"ref":"main"}'
diff --git a/.github/workflows/build-docs.yml b/.github/workflows/build-docs.yml
@@ -16,7 +16,7 @@ jobs:
   build-gmp-doc:
     name: Build GMP documentation
     runs-on: ubuntu-latest
-    container: greenbone/gvmd-build:stable
+    container: ${{ vars.IMAGE_REGISTRY }}/greenbone/gvmd-build:stable
     steps:
       - name: Check out gvmd
         uses: actions/checkout@v4

diff --git a/.github/workflows/codeql-analysis-c.yml b/.github/workflows/codeql-analysis-c.yml
@@ -19,7 +19,7 @@ jobs:
       actions: read
       contents: read
       security-events: write
-    container: greenbone/gvmd-build:stable
+    container: ${{ vars.IMAGE_REGISTRY }}/greenbone/gvmd-build:stable
 
     strategy:
       fail-fast: false

diff --git a/.github/workflows/container.yml b/.github/workflows/container.yml
@@ -71,6 +71,7 @@ jobs:
           build-args: |
             VERSION=${{ steps.container-opts.outputs.version }}
             GVM_LIBS_VERSION=${{ steps.container-opts.outputs.gvm-libs-version }}
+            IMAGE_REGISTRY=${{ vars.IMAGE_REGISTRY }}
           file: .docker/prod.Dockerfile
           platforms: linux/amd64,linux/arm64
           tags: ${{ steps.meta.outputs.tags }}

diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -20,7 +20,7 @@ cmake_minimum_required (VERSION 3.0)
 message ("-- Configuring Greenbone Vulnerability Manager...")
 
 project (gvm
-         VERSION 23.3.1
+         VERSION 23.5.1
          LANGUAGES C)
 
 if (POLICY CMP0005)

diff --git a/INSTALL.md b/INSTALL.md
@@ -705,9 +705,6 @@ Prerequisites for S/MIME support (e.g. email encryption):
 Prerequisites for certificate generation:
 * GnuTLS certtool (Debian package: gnutls-bin)
 
-Prerequisites (recommended) to lower sync RAM usage
-* xml_split (Debian package: xml-twig-tools)
-
 ## Static code analysis with the Clang Static Analyzer
 
 If you want to use the Clang Static Analyzer (https://clang-analyzer.llvm.org/)

diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
@@ -26,10 +26,10 @@ find_package (Threads)
 ## list and throw an error, otherwise long install-cmake-install-cmake cycles
 ## might occur.
 
-pkg_check_modules (LIBGVM_BASE REQUIRED libgvm_base>=22.8)
-pkg_check_modules (LIBGVM_UTIL REQUIRED libgvm_util>=22.8)
-pkg_check_modules (LIBGVM_OSP REQUIRED libgvm_osp>=22.8)
-pkg_check_modules (LIBGVM_GMP REQUIRED libgvm_gmp>=22.8)
+pkg_check_modules (LIBGVM_BASE REQUIRED libgvm_base>=22.9)
+pkg_check_modules (LIBGVM_UTIL REQUIRED libgvm_util>=22.9)
+pkg_check_modules (LIBGVM_OSP REQUIRED libgvm_osp>=22.9)
+pkg_check_modules (LIBGVM_GMP REQUIRED libgvm_gmp>=22.9)
 pkg_check_modules (GNUTLS REQUIRED gnutls>=3.2.15)
 pkg_check_modules (GLIB REQUIRED glib-2.0>=2.42)
 pkg_check_modules (LIBBSD REQUIRED libbsd)
@@ -55,14 +55,6 @@ elseif ((CMAKE_MATCH_1 EQUAL 9 AND CMAKE_MATCH_2 LESS 6)
   message (STATUS "PostgreSQL version ${CMAKE_MATCH_1}.${CMAKE_MATCH_2}${CMAKE_MATCH_3}")
 endif (NOT CMAKE_MATCH_1)
 
-message (STATUS "Looking for xml_split...")
-find_program (XML_SPLIT_EXECUTABLE xml_split DOC "xml_split")
-if (NOT XML_SPLIT_EXECUTABLE)
-  message (WARNING "xml_split is recommended to reduce SCAP sync memory usage (Debian package xml-twig-tools).")
-else (NOT XML_SPLIT_EXECUTABLE)
-  message (STATUS "Looking for xml_split... ${XML_SPLIT_EXECUTABLE}")
-endif (NOT XML_SPLIT_EXECUTABLE)
-
 message (STATUS "Looking for xsltproc...")
 find_program (XSLTPROC_EXECUTABLE xsltproc DOC "xsltproc")
 if (NOT XSLTPROC_EXECUTABLE)

diff --git a/src/alert_methods/TippingPoint/alert b/src/alert_methods/TippingPoint/alert
@@ -25,12 +25,6 @@ CONVERT_SCRIPT=$4
 AUTH_PATH=$5
 REPORT_PATH=$6
 
-# Function to encode for URL
-urlencode () {
-  RET=$(python -c "import urllib, sys; print urllib.quote(sys.argv[1])" "$1")
-  echo "$RET"
-}
-
 # Create temp file for converted report
 REPORT_DATE=$(xmlstarlet sel -t -v "report/timestamp" < $REPORT_PATH)
 EXIT_CODE=$?
@@ -76,9 +70,9 @@ END_TIME=$(TZ=UTC date -d "$END_TIME" +%Y-%m-%dT%H:%M:%S.000Z)
 RUNTIME="$START_TIME/$END_TIME"
 
 # Upload the report
-VENDOR=$(urlencode "Greenbone")
-PRODUCT=$(urlencode "Greenbone Vulnerability Manager")
-FORMAT_VERSION=$(urlencode "1.0.0")
+VENDOR="Greenbone"
+PRODUCT="Greenbone%20Vulnerability%20Manager"
+FORMAT_VERSION="1.0.0"
 CN_REPLACEMENT="Tippingpoint"
 
 if [ "1" = $CERT_WORKAROUND ]

diff --git a/src/alert_methods/TippingPoint/report-convert.py b/src/alert_methods/TippingPoint/report-convert.py
@@ -137,6 +137,10 @@ def convert (xml_tree, out_file):
     nvt_cve = '';
     nvt_elem = result_elem.find ('nvt')
     nvt_refs = nvt_elem.find ('refs');
+
+    if (nvt_refs is None):
+      continue
+
     for ref in nvt_refs.findall('ref'):
       if (ref.attrib['type'] == 'cve'):
         if (nvt_cve == ''):