Closed hacker-h closed 6 years ago
This is indeed a bug, looking at the source it seems that createFilterCommand
checks the type
against the list of types suitable for create_credential
, not against the ones suitable for create_filter
.
As the protocol does not list the permissible type, the best list I could find was the list inside the valid_type()
function in src/manage_sql.c
(openvas-manager-7.0
branch since we aim for GMP 7.0 here).
Quoting the function verbatim since the file is too big for direct links:
int
valid_type (const char* type)
{
return (strcasecmp (type, "agent") == 0)
|| (strcasecmp (type, "alert") == 0)
|| (strcasecmp (type, "asset") == 0)
|| (strcasecmp (type, "config") == 0)
|| (strcasecmp (type, "credential") == 0)
|| (strcasecmp (type, "filter") == 0)
|| (strcasecmp (type, "group") == 0)
|| (strcasecmp (type, "host") == 0)
|| (strcasecmp (type, "info") == 0)
|| (strcasecmp (type, "note") == 0)
|| (strcasecmp (type, "os") == 0)
|| (strcasecmp (type, "override") == 0)
|| (strcasecmp (type, "permission") == 0)
|| (strcasecmp (type, "port_list") == 0)
|| (strcasecmp (type, "report") == 0)
|| (strcasecmp (type, "report_format") == 0)
|| (strcasecmp (type, "result") == 0)
|| (strcasecmp (type, "role") == 0)
|| (strcasecmp (type, "scanner") == 0)
|| (strcasecmp (type, "schedule") == 0)
|| (strcasecmp (type, "tag") == 0)
|| (strcasecmp (type, "target") == 0)
|| (strcasecmp (type, "task") == 0)
|| (strcasecmp (type, "user") == 0);
}
Please have a look at https://github.com/greenbone/gvm-tools/pull/70
Fixed with PR #84
It is not possible to use create_filter because createFilterCommand filters the required field 'filter_type' faulty.
If you obey to the if statement in createFilterCommand the OpenVAS Daemon answers: gvm_tools.gmp.gvm_connection.GMPError: Type must be a valid OMP type
If you follow the OMP Documentation createFilterCommand actively raises a ValueError.
This behaviour should be corrected to enable the usage of create_filter at all.