Skip to content

Commit

Permalink
Add: EPSS scoring info in results
Browse files Browse the repository at this point in the history 
This adds the EPSS scoring information form the VTs and CVEs to the
results.
  • Loading branch information
@timopollmeier @a-h-abdelsalam
timopollmeier authored and a-h-abdelsalam committed Jul 2, 2024
1 parent 95b8ac9 commit 73dca8e
Show file tree
Hide file tree
Showing 7 changed files with 282 additions and 8 deletions.
49 changes: 47 additions & 2 deletions src/gmp.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9108,6 +9108,42 @@ results_xml_append_cert (GString *buffer, iterator_t *results, const char *oid,
}
}

/**
* @brief Append an EPSS info element to a results XML buffer.
*
* @param[in] results Results iterator.
* @param[in] buffer XML buffer to add to.
*/
static void
results_xml_append_epss (iterator_t *results, GString *buffer)
{
buffer_xml_append_printf (buffer,
"<epss>"
"<max_severity>"
"<score>%0.5f</score>"
"<percentile>%0.5f</percentile>"
"<cve id=\"%s\">"
"<severity>%0.1f</severity>"
"</cve>"
"</max_severity>"
"<max_epss>"
"<score>%0.5f</score>"
"<percentile>%0.5f</percentile>"
"<cve id=\"%s\">"
"<severity>%0.1f</severity>"
"</cve>"
"</max_epss>"
"</epss>",
result_iterator_epss_score (results),
result_iterator_epss_percentile (results),
result_iterator_epss_cve (results),
result_iterator_epss_severity (results),
result_iterator_max_epss_score (results),
result_iterator_max_epss_percentile (results),
result_iterator_max_epss_cve (results),
result_iterator_max_epss_severity (results));
}

/**
* @brief Append an NVT element to an XML buffer.
*
Expand All @@ -9129,6 +9165,7 @@ results_xml_append_nvt (iterator_t *results, GString *buffer, int cert_loaded)
{
gchar *severity;

// TODO: Add EPSS for CVE results
severity = cve_cvss_base (oid);
buffer_xml_append_printf (buffer,
"<nvt oid=\"%s\">"
Expand All @@ -9138,14 +9175,19 @@ results_xml_append_nvt (iterator_t *results, GString *buffer, int cert_loaded)
"<severities score=\"%s\">"
"</severities>"
"<cpe id='%s'/>"
"<cve>%s</cve>"
"</nvt>",
"<cve>%s</cve>",
oid,
oid,
severity ? severity : "",
severity ? severity : "",
result_iterator_port (results),
oid);

if (result_iterator_epss_cve (results))
results_xml_append_epss (results, buffer);

buffer_xml_append_printf (buffer, "</nvt>");

g_free (severity);
return;
}
Expand Down Expand Up @@ -9285,6 +9327,9 @@ results_xml_append_nvt (iterator_t *results, GString *buffer, int cert_loaded)
buffer_xml_append_printf (buffer, "/>");
}

if (result_iterator_epss_cve (results))
results_xml_append_epss (results, buffer);

first = 1;
xml_append_nvt_refs (buffer, result_iterator_nvt_oid (results),
&first);
Expand Down
24 changes: 24 additions & 0 deletions src/manage.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1522,6 +1522,30 @@ result_iterator_may_have_overrides (iterator_t*);
int
result_iterator_may_have_tickets (iterator_t*);

double
result_iterator_epss_score (iterator_t*);

double
result_iterator_epss_percentile (iterator_t*);

const char*
result_iterator_epss_cve (iterator_t*);

double
result_iterator_epss_severity (iterator_t*);

double
result_iterator_max_epss_score (iterator_t*);

double
result_iterator_max_epss_percentile (iterator_t*);

const char*
result_iterator_max_epss_cve (iterator_t*);

double
result_iterator_max_epss_severity (iterator_t*);

gchar **
result_iterator_cert_bunds (iterator_t*);

Expand Down
55 changes: 55 additions & 0 deletions src/manage_pg.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1806,6 +1806,59 @@ create_view_vulns ()
" WHERE uuid in (SELECT * FROM used_nvts)");
}

/**
* @brief Create or replace the result_vt_epss view.
*/
void
create_view_result_vt_epss ()
{
sql ("DROP MATERIALIZED VIEW IF EXISTS result_vt_epss;");

if (sql_int ("SELECT EXISTS (SELECT * FROM information_schema.tables"
" WHERE table_catalog = '%s'"
" AND table_schema = 'scap'"
" AND table_name = 'cves')"
" ::integer;",
sql_database ()))
sql ("CREATE MATERIALIZED VIEW result_vt_epss AS ("
" SELECT cve AS vt_id,"
" epss AS epss_score,"
" percentile AS epss_percentile,"
" cve AS epss_cve,"
" cves.severity AS epss_severity,"
" epss AS max_epss_score,"
" percentile AS max_epss_percentile,"
" cve AS max_epss_cve,"
" cves.severity AS max_epss_severity"
" FROM scap.epss_scores"
" JOIN scap.cves ON cve = cves.uuid"
" UNION ALL"
" SELECT oid AS vt_id,"
" epss_score,"
" epss_percentile,"
" epss_cve,"
" epss_severity,"
" max_epss_score,"
" max_epss_percentile,"
" max_epss_cve,"
" max_epss_severity"
" FROM nvts);");
else
sql ("CREATE MATERIALIZED VIEW result_vt_epss AS ("
" SELECT oid AS vt_id,"
" epss_score,"
" epss_percentile,"
" epss_cve,"
" max_epss_score,"
" max_epss_percentile,"
" max_epss_cve"
" FROM nvts);");

sql ("SELECT create_index ('result_vt_epss_by_vt_id',"
" 'result_vt_epss', 'vt_id');");

}



#undef VULNS_RESULTS_WHERE
Expand Down Expand Up @@ -2997,6 +3050,8 @@ create_tables ()

create_view_vulns ();

create_view_result_vt_epss ();

/* Create indexes. */

sql ("SELECT create_index ('config_preferences_by_config',"
Expand Down
154 changes: 149 additions & 5 deletions src/manage_sql.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22497,6 +22497,32 @@ where_qod (int min_qod)
" 'undefined')", \
"compliant", \
KEYWORD_TYPE_STRING }, \
/* ^ 45 = 35 */ \
{ "result_vt_epss.epss_score", \
"epss_score", \
KEYWORD_TYPE_DOUBLE }, \
{ "result_vt_epss.epss_percentile", \
"epss_percentile", \
KEYWORD_TYPE_DOUBLE }, \
{ "result_vt_epss.epss_cve", \
"epss_cve", \
KEYWORD_TYPE_STRING }, \
{ "result_vt_epss.epss_severity", \
"epss_severity", \
KEYWORD_TYPE_DOUBLE }, \
{ "result_vt_epss.max_epss_score", \
"max_epss_score", \
KEYWORD_TYPE_DOUBLE }, \
/* ^ 50 = 40 */ \
{ "result_vt_epss.max_epss_percentile", \
"max_epss_percentile", \
KEYWORD_TYPE_DOUBLE }, \
{ "result_vt_epss.max_epss_cve", \
"max_epss_cve", \
KEYWORD_TYPE_STRING }, \
{ "result_vt_epss.max_epss_severity", \
"max_epss_severity", \
KEYWORD_TYPE_DOUBLE }, \

/**
* @brief Result iterator columns.
Expand Down Expand Up @@ -23196,7 +23222,9 @@ init_result_get_iterator (iterator_t* iterator, const get_data_t *get,
"results",
"nvts");

extra_tables = g_strdup_printf (" LEFT OUTER JOIN nvts"
extra_tables = g_strdup_printf (" LEFT OUTER JOIN result_vt_epss"
" ON results.nvt = result_vt_epss.vt_id"
" LEFT OUTER JOIN nvts"
" ON results.nvt = nvts.oid %s,"
" LATERAL %s AS lateral_new_severity",
opts_tables,
Expand Down Expand Up @@ -23300,7 +23328,9 @@ result_count (const get_data_t *get, report_t report, const char* host)
"results",
"nvts");

extra_tables = g_strdup_printf (" LEFT OUTER JOIN nvts"
extra_tables = g_strdup_printf (" LEFT OUTER JOIN result_vt_epss"
" ON results.nvt = result_vt_epss.vt_id"
" LEFT OUTER JOIN nvts"
" ON results.nvt = nvts.oid %s,"
" LATERAL %s AS lateral_new_severity",
opts_tables,
Expand Down Expand Up @@ -23765,6 +23795,118 @@ DEF_ACCESS (result_iterator_nvt_family, GET_ITERATOR_COLUMN_COUNT + 33);
*/
DEF_ACCESS (result_iterator_nvt_tag, GET_ITERATOR_COLUMN_COUNT + 34);

/**
* @brief Get EPSS score of highest severity CVE from a result iterator.
*
* @param[in] iterator Iterator.
*
* @return EPSS score of the highest severity CVE.
*/
double
result_iterator_epss_score (iterator_t* iterator)
{
if (iterator->done) return 0.0;
return iterator_double (iterator, GET_ITERATOR_COLUMN_COUNT + 36);
}

/**
* @brief Get EPSS percentile of highest severity CVE from a result iterator.
*
* @param[in] iterator Iterator.
*
* @return EPSS percentile of the highest severity CVE.
*/
double
result_iterator_epss_percentile (iterator_t* iterator)
{
if (iterator->done) return 0.0;
return iterator_double (iterator, GET_ITERATOR_COLUMN_COUNT + 37);
}

/**
* @brief Get highest severity CVE with EPSS score from a result iterator.
*
* @param[in] iterator Iterator.
*
* @return Highest severity CVE with EPSS score.
*/
const gchar *
result_iterator_epss_cve (iterator_t* iterator)
{
if (iterator->done) return NULL;
return iterator_string (iterator, GET_ITERATOR_COLUMN_COUNT + 38);
}

/**
* @brief Get the highest severity of EPSS CVEs from a result iterator.
*
* @param[in] iterator Iterator.
*
* @return Highest severity of referenced CVEs with EPSS.
*/
double
result_iterator_epss_severity (iterator_t* iterator)
{
if (iterator->done) return 0.0;
return iterator_double (iterator, GET_ITERATOR_COLUMN_COUNT + 39);
}

/**
* @brief Get maximum EPSS score of referenced CVEs from a result iterator.
*
* @param[in] iterator Iterator.
*
* @return Maximum EPSS score.
*/
double
result_iterator_max_epss_score (iterator_t* iterator)
{
if (iterator->done) return 0.0;
return iterator_double (iterator, GET_ITERATOR_COLUMN_COUNT + 40);
}

/**
* @brief Get maximum EPSS percentile of referenced CVEs from a result iterator.
*
* @param[in] iterator Iterator.
*
* @return Maximum EPSS percentile.
*/
double
result_iterator_max_epss_percentile (iterator_t* iterator)
{
if (iterator->done) return 0.0;
return iterator_double (iterator, GET_ITERATOR_COLUMN_COUNT + 41);
}

/**
* @brief Get the CVE with the maximum EPSS score from a result iterator.
*
* @param[in] iterator Iterator.
*
* @return CVE with maximum EPSS score.
*/
const gchar *
result_iterator_max_epss_cve (iterator_t* iterator)
{
if (iterator->done) return NULL;
return iterator_string (iterator, GET_ITERATOR_COLUMN_COUNT + 42);
}

/**
* @brief Get severity of CVE with maximum EPSS score from a result iterator.
*
* @param[in] iterator Iterator.
*
* @return Severity of CVE with maximum EPSS score.
*/
double
result_iterator_max_epss_severity (iterator_t* iterator)
{
if (iterator->done) return 0.0;
return iterator_double (iterator, GET_ITERATOR_COLUMN_COUNT + 43);
}

/**
* @brief Get CERT-BUNDs from a result iterator.
*
Expand All @@ -23776,7 +23918,7 @@ gchar **
result_iterator_cert_bunds (iterator_t* iterator)
{
if (iterator->done) return 0;
return iterator_array (iterator, GET_ITERATOR_COLUMN_COUNT + 36);
return iterator_array (iterator, GET_ITERATOR_COLUMN_COUNT + 44);
}

/**
Expand All @@ -23790,7 +23932,7 @@ gchar **
result_iterator_dfn_certs (iterator_t* iterator)
{
if (iterator->done) return 0;
return iterator_array (iterator, GET_ITERATOR_COLUMN_COUNT + 37);
return iterator_array (iterator, GET_ITERATOR_COLUMN_COUNT + 45);
}

/**
Expand Down Expand Up @@ -58055,7 +58197,9 @@ type_build_select (const char *type, const char *columns_str,
"results",
"nvts");

opts_table = g_strdup_printf (" LEFT OUTER JOIN nvts"
opts_table = g_strdup_printf (" LEFT OUTER JOIN result_vt_epss"
" ON results.nvt = result_vt_epss.vt_id"
" LEFT OUTER JOIN nvts"
" ON results.nvt = nvts.oid %s,"
" LATERAL %s AS lateral_new_severity",
original,
Expand Down
Loading

0 comments on commit 73dca8e

Please sign in to comment.