Add: option to enable feed signature check when using 'nasl-cli' as f…

…eed updater (#940)
greenbone · Oct 24, 2023 · 28837db · 28837db
1 parent cdd05f9
commit 28837db
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 5 deletions.
diff --git a/ospd/parser.py b/ospd/parser.py
@@ -217,6 +217,13 @@ def __init__(self, description: str) -> None:
                 ' Default: %(default)s.'
             ),
         )
+        parser.add_argument(
+            '-x',
+            '--signature-check',
+            default=False,
+            action='store_true',
+            help=('Enable feed signature check.' ' Default: %(default)s.'),
+        )
 
         self.parser = parser
 

diff --git a/ospd_openvas/daemon.py b/ospd_openvas/daemon.py
@@ -463,6 +463,7 @@ def __init__(
             )
 
         self.feed_updater = feed_updater
+        self.signature_check = kwargs.get('signature_check')
         self.nvti = NVTICache(self.main_db)
 
         super().__init__(
@@ -647,7 +648,7 @@ def update_vts(self):
             self.notus.reload_cache()
         loaded = False
         if self.feed_updater == "nasl-cli":
-            loaded = NASLCli.load_vts_into_redis()
+            loaded = NASLCli.load_vts_into_redis(self.signature_check)
         else:
             loaded = Openvas.load_vts_into_redis()
 

diff --git a/ospd_openvas/openvas.py b/ospd_openvas/openvas.py
@@ -19,12 +19,18 @@ class NASLCli:
     """Class for calling nasl-cli executable"""
 
     @staticmethod
-    def load_vts_into_redis() -> bool:
+    def load_vts_into_redis(signature_check: bool) -> bool:
         """Loads all VTs into the redis database"""
         try:
-            subprocess.check_call(
-                ['nasl-cli', 'feed', 'update'], stdout=subprocess.DEVNULL
-            )
+            if signature_check:
+                subprocess.check_call(
+                    ['nasl-cli', 'feed', 'update', '-x'],
+                    stdout=subprocess.DEVNULL,
+                )
+            else:
+                subprocess.check_call(
+                    ['nasl-cli', 'feed', 'update'], stdout=subprocess.DEVNULL
+                )
             return True
         except (subprocess.SubprocessError, OSError) as err:
             logger.error('nasl-cli failed to load VTs. %s', err)