OpenVAS Libraries  4.0+rc3.SVN
Defines | Functions | Variables
base/severity_filter.c File Reference
#include "severity_filter.h"
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <fcntl.h>

Defines

#define XML_ELEM_SEVERITY_FILTER   "severity_filter"
#define XML_ELEM_SEVERITY_OVERRIDE   "severity_override"
#define XML_ELEM_REASON   "reason"
#define XML_ATTR_NAME   "name"
#define XML_ATTR_HOST   "host"
#define XML_ATTR_PORT   "port"
#define XML_ATTR_OID   "OID"
#define XML_ATTR_SEVERITY_FROM   "severity_from"
#define XML_ATTR_SEVERITY_TO   "severity_to"
#define XML_ATTR_ACTIVE   "active"
#define XML_ATTR_ACTIVE_TRUE   "true"
#define _(abc)   abc

Functions

const severity_override_tseverity_override_new (const gchar *name, const gchar *host, const gchar *port, const gchar *oid, const gchar *reason, const gchar *severity_from, const gchar *severity_to, gboolean active)
 Creates a new severity override.
const severity_override_tseverity_override_duplicate (const severity_override_t *override)
 Duplicates a severity_override.
void severity_override_free (severity_override_t *override)
 Frees the severity_override and all its associated data.
severity_filter_tseverity_filter_new (const gchar *name, const gchar *filename)
 Creates a new empty severity_filter with a name.
void severity_filter_free (severity_filter_t *filter)
 Frees the severity filter and all overrides it contains.
const gchar * severity_filter_apply (const gchar *host, const gchar *port, const gchar *oid, const gchar *severity)
 Applies the global filter to the given alert.
gboolean severity_filter_contains_conflicting_override (const severity_filter_t *filter, const severity_override_t *override)
 Returns TRUE if a similar (in the sense of the.
gboolean severity_filter_contains_conflicting (const severity_filter_t *filter, const gchar *host, const gchar *port, const gchar *oid, const gchar *from)
 Returns TRUE if a severity_override with given parameters exist.
gboolean severity_filter_add (severity_filter_t *filter, const severity_override_t *override)
 Adds a severity_override to a severity_filter and saves its.
gboolean severity_filter_remove (severity_filter_t *filter, severity_override_t *override)
 Removes and frees a override from a filter and saves the filter to.
severity_filter_tseverity_filter_from_xml (const gchar *filename)
 Imports a severity_filter from an xml file that has been written by.

Variables

severity_filter_tglobal_filter = NULL

Detailed Description

Implementaiton of Severity Filters.

Severity filters consist of a set of severity overrides. The data is stored in a xml file, here is a sample:

<severity_filter name="My Severity Filter">
  <severity_override name="SeverityOverride1"
                     host="localhost"
                     port="general/tcp"
                     OID="1.3.6.1.4.1.25623.1.0.19506"
                     severity_from="warning"
                     severity_to="FP"
                     active="true">
    <reason>
      This is just a test-override.
    </reason>
  </severity_override>
  <severity_override name="SeverityOverride2"
                     host="localhost"
                     port="general/tcp"
                     OID="1.3.6.1.4.1.25623.1.0.19507"
                     severity_from="warning"
                     severity_to="FP"
                     active="true">
    <reason>
      This is just another test-override.
      With some more reasons.
    </reason>
  </severity_override>
</severity_filter>

The file is tried to be in sync with the filter, every call to severity_filter_add or severity_filter_remove will also save the file.


Define Documentation

#define _ (   abc)    abc
Todo:
Resolve workaround, real i18n

Function Documentation

gboolean severity_filter_add ( severity_filter_t filter,
const severity_override_t override 
)

Adds a severity_override to a severity_filter and saves its.

representation to disk.

It is assumed that an override is added only once to a filter

  • severity_filter_remove might otherwise create a mess.
Parameters:
filterThe severity_filter to add a override to.
overrideThe severity_override to add to the filter. The object is used directly, no copy created. Upon free'ing the filter, the override will be free'd as well.
Returns:
FALSE in case the add operation failed (e.g. file not found), else
TRUE.
const gchar* severity_filter_apply ( const gchar *  host,
const gchar *  port,
const gchar *  oid,
const gchar *  severity 
)

Applies the global filter to the given alert.

Parameters:
hostName of the host for the alert.
portPort of the alert.
oidOID of the NVT that produced the alert.
severitySeverity that was given by the NVT.

This function iterates over all severity overrides of the global filter. If a match of host, port, oid and severity is found, then the overriding severity is returned.

Returns:
NULL in case no suitable filter rule was found or any parameter equals NULL. Else a string with the new severity is returned.
gboolean severity_filter_contains_conflicting ( const severity_filter_t filter,
const gchar *  host,
const gchar *  port,
const gchar *  oid,
const gchar *  from 
)

Returns TRUE if a severity_override with given parameters exist.

already in a filter.

Parameters:
filterThe filter to ask if its overrides conflict against the override.
hostHostname of eventually conflicting severity_override.
portPort of eventually conflicting severity_override.
oidOID of NVT in eventually conflicting severity_override.
fromSeverity-to-be-overriden of eventually conflicting severity_override.
Returns:
TRUE if an override wiht given parameter should not be added because of a conflict-to-be, FALSE otherwise or if one of the arguments is NULL.
gboolean severity_filter_contains_conflicting_override ( const severity_filter_t filter,
const severity_override_t override 
)

Returns TRUE if a similar (in the sense of the.

severity_override_similarity_predicate) override is contained in a filter.

Parameters:
filterThe filter to ask if its overrides conflict against the override.
overrideThe questinable override.
Returns:
TRUE if the override should not be added because of a conflict-to-be, FALSE otherwise or if one of the arguments is NULL.
void severity_filter_free ( severity_filter_t filter)

Frees the severity filter and all overrides it contains.

Parameters:
filterThe filter to be free'd.
severity_filter_t* severity_filter_from_xml ( const gchar *  filename)

Imports a severity_filter from an xml file that has been written by.

severity_filter_to_xml.

An examplary xml file is included in the documentation for this file.

Parameters:
filenamePath of file to parse.
Returns:
If the file exists and error while parsing occured, a fresh severity_filter as described in the file (parameter), NULL otherwise.
severity_filter_t* severity_filter_new ( const gchar *  name,
const gchar *  filename 
)

Creates a new empty severity_filter with a name.

Note that if a file with the filename parameter already exists, the file will be overwritten.

Parameters:
nameUser-defined name for the severity_filter.
filnameStorage location for the severity_filter (no checks performed).
Returns:
Fresh, named severity_filter.
gboolean severity_filter_remove ( severity_filter_t filter,
severity_override_t override 
)

Removes and frees a override from a filter and saves the filter to.

disk.

Note that is assumed that the same override has not been added twice to a severity_filter.

Parameters:
filterThe filter from wich to remove the override.
overrideThe override to remove from the filter.
Returns:
TRUE if file-writing was successfull, FALSE otherwise.
const severity_override_t* severity_override_duplicate ( const severity_override_t override)

Duplicates a severity_override.

Parameters:
overrideThe severity_override to duplicate.
Returns:
Duplicate of override or NULL if override is underspecified.
const severity_override_t* severity_override_new ( const gchar *  name,
const gchar *  host,
const gchar *  port,
const gchar *  oid,
const gchar *  reason,
const gchar *  severity_from,
const gchar *  severity_to,
gboolean  active 
)

Creates a new severity override.

If any of the parameter equals NULL, NULL will be returned. The severity_override will be returned enabled (active == TRUE).

Returns:
If none of the parameters equalled NULL, returns fresh severity_override, NULL otherwise.