Add: option to use nasl-cli instead of openvas for feed update

nichtsfrei · nichtsfrei · commit 2b0aea1bb307 · 2023-03-02T09:21:01.000+01:00
Adds a new option `--feed-updater` to switch between `openvas -u` and
`nasl-cli feed update`.

With this ospd-openvas can use the newly created `nasl-cli` to improve
the speed of importing nasl feed.
diff --git a/ospd/parser.py b/ospd/parser.py
@@ -219,6 +219,16 @@ def __init__(self, description: str) -> None:
                 'Default %(default)s'
             ),
         )
+        parser.add_argument(
+            '--feed-updater',
+            default="openvas",
+            choices=['openvas', 'nasl-cli'],
+            help=(
+                'Sets the method of updating the feed.'
+                ' Can either be openvas or nasl-cli.'
+                ' Default: %(default)s.'
+            ),
+        )
 
         self.parser = parser
 
diff --git a/ospd_openvas/daemon.py b/ospd_openvas/daemon.py
@@ -50,7 +50,7 @@
 from ospd_openvas.db import MainDB, BaseDB
 from ospd_openvas.lock import LockFile
 from ospd_openvas.preferencehandler import PreferenceHandler
-from ospd_openvas.openvas import Openvas
+from ospd_openvas.openvas import NASLCli, Openvas
 from ospd_openvas.vthelper import VtHelper
 from ospd_openvas.messaging.mqtt import MQTTClient, MQTTDaemon, MQTTSubscriber
 from ospd_openvas.feed import Feed
@@ -472,6 +472,7 @@ def __init__(
         lock_file_dir='/var/lib/openvas',
         mqtt_broker_address="localhost",
         mqtt_broker_port=1883,
+        feed_updater="openvas",
         disable_notus_hashsum_verification=False,
         **kwargs,
     ):
@@ -488,6 +489,7 @@ def __init__(
                 disable_notus_hashsum_verification,
             )
 
+        self.feed_updater = feed_updater
         self.nvti = NVTICache(self.main_db)
 
         super().__init__(
@@ -670,8 +672,13 @@ def update_vts(self):
         # reload notus cache
         if self.notus:
             self.notus.reload_cache()
+        loaded = False
+        if self.feed_updater == "nasl-cli":
+            loaded = NASLCli.load_vts_into_redis()
+        else:
+            loaded = Openvas.load_vts_into_redis()
 
-        if Openvas.load_vts_into_redis():
+        if loaded:
             new = self.nvti.get_feed_version()
             if new != old:
                 logger.info(
diff --git a/ospd_openvas/openvas.py b/ospd_openvas/openvas.py
@@ -28,6 +28,22 @@
 _BOOL_DICT = {'no': 0, 'yes': 1}
 
 
+class NASLCli:
+    """Class for calling nasl-cli executable"""
+
+    @staticmethod
+    def load_vts_into_redis() -> bool:
+        """Loads all VTs into the redis database"""
+        try:
+            subprocess.check_call(
+                ['nasl-cli', 'feed', 'update'], stdout=subprocess.DEVNULL
+            )
+            return True
+        except (subprocess.SubprocessError, OSError) as err:
+            logger.error('nasl-cli failed to load VTs. %s', err)
+            return False
+
+
 class Openvas:
     """Class for calling the openvas executable"""
 
