search

greenbone / gvmd

Greenbone Vulnerability Manager - The database backend for the Greenbone Community Edition
GNU Affero General Public License v3.0
286 stars 153 forks source link

It is not possible to change scanner_id, target_id or config_id with modify_task #1305

Closed y0urself closed 4 years ago

y0urself commented 4 years ago

It is not possible to change scanner_id, target_id or config_id with modify_task. This effect might also appear in other modify functions of python-gvm ... This also relates to modify_target and the Ports and Credential fields.

It seems to be an expected behaviour, that these values are immutable (and thus ignored) if the task is scheduled. E.g.: the GSA-UI marks these fields as immutable, too: gsa

If a task is not scheduled, these fields can be changed ...

gsa2

Assuming the task is immutable, this is what happens, if you try to change immutable fields with python-gvm:

$ gvm-xml '<modify_task task_id="foo" config_id="bar"/>'
<modify_task_response status="200" status_text="OK"/>
$ gvm-xml '<modify_task task_id="foo" scanner_id="bar2"/>'
<modify_task_response status="200" status_text="OK"/>
$ gvm-xml '<modify_task task_id="foo" target_id="bar3"/>'
<modify_task_response status="200" status_text="OK"/>
$ gvm-xml '<get_tasks task_id="foo"/>'
<get_tasks_response status="200" status_text="OK">...<task id="foo">...<config id="qux">...</config><target id="qux3">...</target>...<scanner id='qux2>...</scanner>...</get_tasks_response>

(The values don't change)

Expected behavior

Response with an error or info from gvmd if a field is currently immutable ..

Like for deletes:

~/Documents/greenbone$ gvm-xml 192.168.212.49 '<delete_target target_id="a1f478c1-27d0-4d8c-959f-150625186421"/>'
Response Error 400. Target is in use
~/Documents/greenbone$ gvm-xml 192.168.212.49 '<modify_target target_id="a1f478c1-27d0-4d8c-959f-150625186421" port_list_id="33d0cd82-57c6-11e1-8ed1-406186ea4fc5"/>'
<modify_target_response status="200" status_text="OK"/>
~/Documents/greenbone$ gvm-xml 192.168.212.49 '<modify_target target_id="a1f478c1-27d0-4d8c-959f-150625186421" port_list_id="1a7539e0-13fa-4a90-9110-178bf0dc8681"/>'
<modify_target_response status="200" status_text="OK"/>

Current behavior

gvmd responses with an "OK" but the value is not changed ...

GVM versions

any

Environment

Operating system:

any

Installation method / source: (packages, source installation)

any

timopollmeier commented 4 years ago

Instead of using an attribute for the config id in the GMP command (<modify_task task_id="foo" config_id="bar"/>) you should be using an element with an id attribute like this: <modify_task task id="foo"><config id="bar"/></modify_task>

In this case the modification should either work if the task is new or modifiable or the command should fail with an error response. The same applies to setting the scanner and target of a task.

y0urself commented 4 years ago

Oh yes. This works. Thanks!

 '<modify_task task_id="0efdaac6-a2de-4156-acee-d41cde37e754"><target id="5ca97fe1-694d-4e4a-bd4c-55529719d17e"/></modify_task>'
Response Error 400. Status must be New to edit Target