Change: Disable table_driven_lsc in policies

This disables notus LSCs in compliance scans where their results are not wanted. Merge pull request #1802 from timopollmeier/disable-table_driven_lsc
greenbone · Apr 11, 2022 · 9b15dc8 · 9b15dc8
2 parents 692e21c + 1d41c7e
commit 9b15dc8
Show file tree

Hide file tree

Showing 3 changed files with 90 additions and 1 deletion.
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -96,7 +96,7 @@ include (CPack)
 
 ## Variables
 
-set (GVMD_DATABASE_VERSION 249)
+set (GVMD_DATABASE_VERSION 250)
 
 set (GVMD_SCAP_DATABASE_VERSION 19)
 

diff --git a/src/manage_migrators.c b/src/manage_migrators.c
@@ -2892,6 +2892,55 @@ migrate_248_to_249 ()
   return 0;
 }
 
+/**
+ * @brief Migrate the database from version 249 to version 250.
+ *
+ * @return 0 success, -1 error.
+ */
+int
+migrate_249_to_250 ()
+{
+  sql_begin_immediate ();
+
+  /* Ensure that the database is currently version 249. */
+
+  if (manage_db_version () != 249)
+    {
+      sql_rollback ();
+      return -1;
+    }
+
+  /* Update the database. */
+
+  /* Disable the "table_based_lsc" scanner preference for all policies */
+  sql ("INSERT INTO config_preferences (config, type, name, value)"
+       " SELECT id, 'SERVER_PREFS', 'table_driven_lsc', '0'"
+       "    FROM configs"
+       "   WHERE usage_type='policy'"
+       "     AND configs.id NOT IN"
+       "          (SELECT config FROM config_preferences"
+       "           WHERE name = 'table_driven_lsc'"
+       "           AND type = 'SERVER_PREFS');");
+
+  /* Disable the "table_based_lsc" scanner preference for all policies 
+   * in the trashcan. */
+  sql ("INSERT INTO config_preferences_trash (config, type, name, value)"
+       " SELECT id, 'SERVER_PREFS', 'table_driven_lsc', '0'"
+       "    FROM configs_trash"
+       "   WHERE usage_type='policy'"
+       "     AND configs_trash.id NOT IN"
+       "          (SELECT config FROM config_preferences_trash"
+       "           WHERE name = 'table_driven_lsc'"
+       "           AND type = 'SERVER_PREFS');");
+
+  /* Set the database version to 250. */
+
+  set_db_version (250);
+
+  sql_commit ();
+
+  return 0;
+}
 
 #undef UPDATE_DASHBOARD_SETTINGS
 
@@ -2948,6 +2997,7 @@ static migrator_t database_migrators[] = {
   {247, migrate_246_to_247},
   {248, migrate_247_to_248},
   {249, migrate_248_to_249},
+  {250, migrate_249_to_250},
   /* End marker. */
   {-1, NULL}};
 

diff --git a/src/manage_sql_configs.c b/src/manage_sql_configs.c
@@ -2546,6 +2546,19 @@ create_config_internal (int check_access, const char *config_id,
 
   update_config_caches (*config);
 
+  /* Workaround to disable notus checks in compliance policies */
+
+  sql ("INSERT INTO config_preferences (config, type, name, value)"
+       " SELECT id, 'SERVER_PREFS', 'table_driven_lsc', '0'"
+       "    FROM configs"
+       "   WHERE configs.id = %llu"
+       "     AND usage_type='policy'"
+       "     AND configs.id NOT IN"
+       "          (SELECT config FROM config_preferences"
+       "           WHERE name = 'table_driven_lsc'"
+       "           AND type = 'SERVER_PREFS');",
+       *config);
+
   sql_commit ();
   *name = candidate_name;
   return 0;
@@ -2884,6 +2897,19 @@ copy_config (const char* name, const char* comment, const char *config_id,
        quoted_config_selector);
   g_free (quoted_config_selector);
 
+  /* Workaround to disable notus checks in compliance policies */
+
+  sql ("INSERT INTO config_preferences (config, type, name, value)"
+       " SELECT id, 'SERVER_PREFS', 'table_driven_lsc', '0'"
+       "    FROM configs"
+       "   WHERE configs.id = %llu"
+       "     AND usage_type='policy'"
+       "     AND configs.id NOT IN"
+       "          (SELECT config FROM config_preferences"
+       "           WHERE name = 'table_driven_lsc'"
+       "           AND type = 'SERVER_PREFS');",
+       new);
+
   sql_commit ();
   if (new_config) *new_config = new;
   return 0;
@@ -4415,6 +4441,19 @@ update_config (config_t config, const gchar *name,
       return;
     }
 
+  /* Workaround to disable notus checks in compliance policies */
+
+  sql ("INSERT INTO config_preferences (config, type, name, value)"
+       " SELECT id, 'SERVER_PREFS', 'table_driven_lsc', '0'"
+       "    FROM configs"
+       "   WHERE configs.id = %llu"
+       "     AND usage_type='policy'"
+       "     AND configs.id NOT IN"
+       "          (SELECT config FROM config_preferences"
+       "           WHERE name = 'table_driven_lsc'"
+       "           AND type = 'SERVER_PREFS');",
+       config);
+
   sql_commit ();
 }