search

greenbone / gvm-tools

Remote control your Greenbone Community Edition or Greenbone Enterprise Appliance
https://greenbone.github.io/gvm-tools/
GNU General Public License v3.0
167 stars 90 forks source link

create_filter is not usable due to destructive if statement in createFilterCommand #69

Closed hacker-h closed 6 years ago

hacker-h commented 6 years ago

It is not possible to use create_filter because createFilterCommand filters the required field 'filter_type' faulty.

If you obey to the if statement in createFilterCommand the OpenVAS Daemon answers: gvm_tools.gmp.gvm_connection.GMPError: Type must be a valid OMP type

If you follow the OMP Documentation createFilterCommand actively raises a ValueError.

This behaviour should be corrected to enable the usage of create_filter at all.

wiegandm commented 6 years ago

This is indeed a bug, looking at the source it seems that createFilterCommand checks the type against the list of types suitable for create_credential, not against the ones suitable for create_filter.

wiegandm commented 6 years ago

As the protocol does not list the permissible type, the best list I could find was the list inside the valid_type() function in src/manage_sql.c (openvas-manager-7.0 branch since we aim for GMP 7.0 here).

Quoting the function verbatim since the file is too big for direct links:

int
valid_type (const char* type) 
{
  return (strcasecmp (type, "agent") == 0) 
         || (strcasecmp (type, "alert") == 0) 
         || (strcasecmp (type, "asset") == 0) 
         || (strcasecmp (type, "config") == 0) 
         || (strcasecmp (type, "credential") == 0) 
         || (strcasecmp (type, "filter") == 0) 
         || (strcasecmp (type, "group") == 0) 
         || (strcasecmp (type, "host") == 0) 
         || (strcasecmp (type, "info") == 0) 
         || (strcasecmp (type, "note") == 0) 
         || (strcasecmp (type, "os") == 0) 
         || (strcasecmp (type, "override") == 0) 
         || (strcasecmp (type, "permission") == 0) 
         || (strcasecmp (type, "port_list") == 0) 
         || (strcasecmp (type, "report") == 0) 
         || (strcasecmp (type, "report_format") == 0) 
         || (strcasecmp (type, "result") == 0) 
         || (strcasecmp (type, "role") == 0) 
         || (strcasecmp (type, "scanner") == 0) 
         || (strcasecmp (type, "schedule") == 0) 
         || (strcasecmp (type, "tag") == 0) 
         || (strcasecmp (type, "target") == 0) 
         || (strcasecmp (type, "task") == 0) 
         || (strcasecmp (type, "user") == 0);
}
hacker-h commented 6 years ago

Please have a look at https://github.com/greenbone/gvm-tools/pull/70

jjnicola commented 6 years ago

Fixed with PR #84