Send entire families to ospd-openvas using VT_GROUP

CHANGELOG.md

@@ -20,6 +20,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 - Clarify documentation for --scan-host parameter [#1277](https://github.com/greenbone/gvmd/pull/1277)
 - In result iterator access severity directly if possible [#1321](https://github.com/greenbone/gvmd/pull/1321)
 - Change SCAP and CERT data to use new severity scoring [#1333](https://github.com/greenbone/gvmd/pull/1333) [#1357](https://github.com/greenbone/gvmd/pull/1357) [#1365](https://github.com/greenbone/gvmd/pull/1365)
+- Send entire families to ospd-openvas using VT_GROUP [#1384](https://github.com/greenbone/gvmd/pull/1384)
 - The internal list of current Local Security Checks for the 'Closed CVEs' feature was updated [#1381](https://github.com/greenbone/gvmd/pull/1381)
 
 ### Fixed

src/manage.c

@@ -2411,7 +2411,7 @@ launch_osp_openvas_task (task_t task, target_t target, const char *scan_id,
   gchar *clean_hosts, *clean_exclude_hosts;
   int alive_test, reverse_lookup_only, reverse_lookup_unify;
   osp_target_t *osp_target;
-  GSList *osp_targets, *vts;
+  GSList *osp_targets, *vts, *vt_groups;
   GHashTable *vts_hash_table;
   osp_credential_t *ssh_credential, *smb_credential, *esxi_credential;
   osp_credential_t *snmp_credential;
@@ -2552,6 +2552,7 @@ launch_osp_openvas_task (task_t task, target_t target, const char *scan_id,
 
   /* Setup vulnerability tests (without preferences) */
   vts = NULL;
+  vt_groups = NULL;
   vts_hash_table
     = g_hash_table_new_full (g_str_hash, g_str_equal, g_free,
                              /* Value is freed in vts list. */
@@ -2561,7 +2562,18 @@ launch_osp_openvas_task (task_t task, target_t target, const char *scan_id,
   while (next (&families))
     {
       const char *family = family_iterator_name (&families);
-      if (family)
+      if (family && config_family_entire_and_growing (config, family))
+        {
+          gchar *filter;
+          osp_vt_group_t *vt_group;
+
+          filter = g_strdup_printf ("filter=%s", family);
+          vt_group = osp_vt_group_new (filter);
+          g_free (filter);
+
+          vt_groups = g_slist_prepend (vt_groups, vt_group);
+        }
+      else if (family)
         {
           iterator_t nvts;
           init_nvt_iterator (&nvts, 0, config, family, NULL, 1, NULL);
@@ -2639,12 +2651,13 @@ launch_osp_openvas_task (task_t task, target_t target, const char *scan_id,
       g_slist_free_full (osp_targets, (GDestroyNotify) osp_target_free);
       // Credentials are freed with target
       g_slist_free_full (vts, (GDestroyNotify) osp_vt_single_free);
+      g_slist_free_full (vt_groups, (GDestroyNotify) osp_vt_group_free);
       g_hash_table_destroy (scanner_options);
       return -1;
     }
 
   start_scan_opts.targets = osp_targets;
-  start_scan_opts.vt_groups = NULL;
+  start_scan_opts.vt_groups = vt_groups;
   start_scan_opts.vts = vts;
   start_scan_opts.scanner_params = scanner_options;
   start_scan_opts.scan_id = scan_id;
@@ -2657,6 +2670,7 @@ launch_osp_openvas_task (task_t task, target_t target, const char *scan_id,
   g_slist_free_full (osp_targets, (GDestroyNotify) osp_target_free);
   // Credentials are freed with target
   g_slist_free_full (vts, (GDestroyNotify) osp_vt_single_free);
+  g_slist_free_full (vt_groups, (GDestroyNotify) osp_vt_group_free);
   g_hash_table_destroy (scanner_options);
   return ret;
 }

src/manage_sql.h

@@ -473,4 +473,7 @@ add_role_permission_resource (const gchar *, const gchar *, const gchar *,
 void
 create_view_vulns ();
 
+int
+config_family_entire_and_growing (config_t, const char*);
+
 #endif /* not _GVMD_MANAGE_SQL_H */

src/manage_sql_configs.c

@@ -449,6 +449,110 @@ init_family_iterator (iterator_t* iterator, int all, const char* selector,
  */
 DEF_ACCESS (family_iterator_name, 0);
 
+/**
+ * @brief Get whether an NVT selector selects every NVT in a family.
+ *
+ * @param[in]  selector  NVT selector.
+ * @param[in]  family    Family name.
+ * @param[in]  all       True if selector is an "all" selector, else 0.
+ *
+ * @return 1 yes, 0 no.
+ */
+static int
+nvt_selector_entire_and_growing (const char *selector,
+                                 const char *family,
+                                 int all)
+{
+  int ret;
+  gchar *quoted_family;
+  gchar *quoted_selector;
+
+  quoted_selector = sql_quote (selector);
+  quoted_family = sql_quote (family);
+
+  if (all)
+    {
+      /* Constraining the universe. */
+
+      ret = sql_int ("SELECT COUNT(*) FROM nvt_selectors"
+                     " WHERE name = '%s'"
+                     " AND type = " G_STRINGIFY (NVT_SELECTOR_TYPE_FAMILY)
+                     " AND family_or_nvt = '%s'"
+                     " AND exclude = 1"
+                     " LIMIT 1;",
+                     quoted_selector,
+                     quoted_family);
+
+      if (ret)
+        /* There's an exclude for the family, so family is static. */
+        ret = 0;
+      else
+        {
+          ret = sql_int ("SELECT COUNT(*) FROM nvt_selectors"
+                         " WHERE name = '%s'"
+                         " AND type = " G_STRINGIFY (NVT_SELECTOR_TYPE_NVT)
+                         " AND exclude = 1"
+                         /* And NVT is in family. */
+                         " AND EXISTS (SELECT * FROM nvts"
+                         "             WHERE oid = family_or_nvt"
+                         "             AND family = '%s')"
+                         " LIMIT 1;",
+                         quoted_selector,
+                         quoted_family);
+          if (ret)
+            /* Growing, but some NVTs excluded. */
+            ret = 0;
+          else
+            /* Growing, every NVT included. */
+            ret = 1;
+        }
+
+      g_free (quoted_selector);
+      g_free (quoted_family);
+
+      return ret;
+    }
+
+  /* Generating from empty. */
+
+  ret = sql_int ("SELECT COUNT(*) FROM nvt_selectors"
+                 " WHERE name = '%s'"
+                 " AND type = " G_STRINGIFY (NVT_SELECTOR_TYPE_FAMILY)
+                 " AND family_or_nvt = '%s'"
+                 " AND exclude = 0"
+                 " LIMIT 1;",
+                 quoted_selector,
+                 quoted_family);
+
+  if (ret)
+    {
+      if (sql_int ("SELECT COUNT(*) FROM nvt_selectors"
+                   " WHERE name = '%s'"
+                   " AND type = " G_STRINGIFY (NVT_SELECTOR_TYPE_NVT)
+                   " AND exclude = 1"
+                   /* And NVT is in family. */
+                   " AND EXISTS (SELECT * FROM nvts"
+                   "             WHERE oid = family_or_nvt"
+                   "             AND family = '%s')"
+                   " LIMIT 1;",
+                   quoted_selector,
+                   quoted_family))
+        /* Growing, but some NVTs excluded. */
+        ret = 0;
+      else
+        /* Growing, every NVT included. */
+        ret = 1;
+    }
+  else
+    /* Family is not included, so family is static. */
+    ret = 0;
+
+  g_free (quoted_selector);
+  g_free (quoted_family);
+
+  return ret;
+}
+
 /**
  * @brief Get whether an NVT selector family is growing.
  *
@@ -4102,6 +4206,38 @@ manage_set_config (const gchar *config_id, const char*name, const char *comment,
   return 0;
 }
 
+/**
+ * @brief Get whether a config selects every NVT in a given family.
+ *
+ * @param[in]  config      Config.
+ * @param[in]  family      Family name.
+ *
+ * @return 0 no, 1 yes, -1 error.
+ */
+int
+config_family_entire_and_growing (config_t config, const char* family)
+{
+  char *selector;
+  int ret;
+
+  if (config == 0)
+    return 0;
+
+  selector = config_nvt_selector (config);
+  if (selector == NULL)
+    {
+      /* The config should always have a selector. */
+      return -1;
+    }
+
+  ret = nvt_selector_entire_and_growing (selector,
+                                         family,
+                                         config_families_growing (config));
+  free (selector);
+
+  return ret;
+}
+
 /**
  * @brief Set the NVT's selected for a single family of a config.
  *