Merge pull request #331 from ArnoStiefvater/alive-test-xml

Consider individually supplied alive test methods
greenbone · Oct 14, 2020 · c2292d6 · c2292d6
2 parents e1be225 + 2762801
commit c2292d6
Show file tree

Hide file tree

Showing 3 changed files with 443 additions and 26 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -10,6 +10,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 ### Added
 - Add dedicated port list for alive detection (Boreas only) as scanner preference if supplied via OSP. [#327](https://github.com/greenbone/ospd-openvas/pull/327)
 - Add methods for adding VTs to the redis cache.[#337](https://github.com/greenbone/ospd-openvas/pull/337)
+- Add support for supplying alive test methods via seperate elements. [#331](https://github.com/greenbone/ospd-openvas/pull/331)
 
 ### Changed
 - Get all results from main kb. [#285](https://github.com/greenbone/ospd-openvas/pull/285)

diff --git a/ospd_openvas/preferencehandler.py b/ospd_openvas/preferencehandler.py
@@ -62,6 +62,27 @@ class AliveTest(IntEnum):
     ALIVE_TEST_TCP_SYN_SERVICE = 16
 
 
+def alive_test_methods_to_bit_field(
+    icmp: bool, tcp_syn: bool, tcp_ack: bool, arp: bool, consider_alive: bool
+) -> int:
+    """Internally a bit field is used as alive test. This function creates
+    such a bit field out of the supplied alive test methods.
+    """
+
+    icmp_enum = AliveTest.ALIVE_TEST_ICMP if icmp else 0
+    tcp_syn_enum = AliveTest.ALIVE_TEST_TCP_SYN_SERVICE if tcp_syn else 0
+    tcp_ack_enum = AliveTest.ALIVE_TEST_TCP_ACK_SERVICE if tcp_ack else 0
+    arp_enum = AliveTest.ALIVE_TEST_ARP if arp else 0
+    consider_alive_enum = (
+        AliveTest.ALIVE_TEST_CONSIDER_ALIVE if consider_alive else 0
+    )
+
+    bit_field = (
+        icmp_enum | tcp_syn_enum | tcp_ack_enum | arp_enum | consider_alive_enum
+    )
+    return bit_field
+
+
 def _from_bool_to_str(value: int) -> str:
     """The OpenVAS scanner use yes and no as boolean values, whereas ospd
     uses 1 and 0."""
@@ -289,9 +310,26 @@ def build_alive_test_opt_as_prefs(
             in string format to be added to the redis KB.
         """
         target_opt_prefs_list = []
-        if target_options and target_options.get('alive_test'):
+        alive_test = None
+
+        if target_options:
+            # Alive test speciefied as bit field.
+            alive_test = target_options.get('alive_test')
+            # Alive test speciefied as individual methods.
+            alive_test_methods = target_options.get('alive_test_methods')
+            # alive_test takes precedence over alive_test_methods
+            if alive_test is None and alive_test_methods:
+                alive_test = alive_test_methods_to_bit_field(
+                    icmp=target_options.get('icmp') == '1',
+                    tcp_syn=target_options.get('tcp_syn') == '1',
+                    tcp_ack=target_options.get('tcp_ack') == '1',
+                    arp=target_options.get('arp') == '1',
+                    consider_alive=target_options.get('consider_alive') == '1',
+                )
+
+        if target_options and alive_test:
             try:
-                alive_test = int(target_options.get('alive_test'))
+                alive_test = int(alive_test)
             except ValueError:
                 logger.debug(
                     'Alive test settings not applied. '
@@ -387,37 +425,61 @@ def build_alive_test_opt_as_prefs(
     def prepare_alive_test_option_for_openvas(self):
         """ Set alive test option. Overwrite the scan config settings."""
         settings = Openvas.get_settings()
-        if settings and self.target_options.get('alive_test'):
+        if settings and (
+            self.target_options.get('alive_test')
+            or self.target_options.get('alive_test_methods')
+        ):
             alive_test_opt = self.build_alive_test_opt_as_prefs(
                 self.target_options
             )
-            self.kbdb.add_scan_preferences(self.scan_id, alive_test_opt)
+            if alive_test_opt:
+                self.kbdb.add_scan_preferences(self.scan_id, alive_test_opt)
 
     def prepare_boreas_alive_test(self):
         """Set alive_test for Boreas if boreas scanner config
         (BOREAS_SETTING_NAME) was set"""
         settings = Openvas.get_settings()
-        alive_test = -1
+        alive_test = None
         alive_test_ports = None
+        target_options = self.target_options
 
         if settings:
             boreas = settings.get(BOREAS_SETTING_NAME)
             if not boreas:
                 return
-            alive_test_ports = self.target_options.get('alive_test_ports')
-            alive_test_str = self.target_options.get('alive_test')
-            if alive_test_str is not None:
-                try:
-                    alive_test = int(alive_test_str)
-                except ValueError:
-                    logger.debug(
-                        'Alive test preference for Boreas not set. '
-                        'Invalid alive test value %s.',
-                        alive_test_str,
-                    )
-            # ALIVE_TEST_SCAN_CONFIG_DEFAULT if no alive_test provided
-            else:
+        else:
+            return
+
+        if target_options:
+            alive_test_ports = target_options.get('alive_test_ports')
+            # Alive test was speciefied as bit field.
+            alive_test = target_options.get('alive_test')
+            # Alive test was speciefied as individual methods.
+            alive_test_methods = target_options.get('alive_test_methods')
+            # <alive_test> takes precedence over <alive_test_methods>
+            if alive_test is None and alive_test_methods:
+                alive_test = alive_test_methods_to_bit_field(
+                    icmp=target_options.get('icmp') == '1',
+                    tcp_syn=target_options.get('tcp_syn') == '1',
+                    tcp_ack=target_options.get('tcp_ack') == '1',
+                    arp=target_options.get('arp') == '1',
+                    consider_alive=target_options.get('consider_alive') == '1',
+                )
+
+        if alive_test is not None:
+            try:
+                alive_test = int(alive_test)
+            except ValueError:
+                logger.debug(
+                    'Alive test preference for Boreas not set. '
+                    'Invalid alive test value %s.',
+                    alive_test,
+                )
+                # Use default alive test as fall back
                 alive_test = AliveTest.ALIVE_TEST_SCAN_CONFIG_DEFAULT
+        # Use default alive test if no valid alive_test was provided
+        else:
+            alive_test = AliveTest.ALIVE_TEST_SCAN_CONFIG_DEFAULT
 
         # If a valid alive_test was set then the bit mask
         # has value between 31 (11111) and 1 (10000)
@@ -437,7 +499,8 @@ def prepare_boreas_alive_test(self):
         # Add portlist if present. Validity is checked on Boreas side.
         if alive_test_ports is not None:
             pref = "{pref_key}|||{pref_value}".format(
-                pref_key=BOREAS_ALIVE_TEST_PORTS, pref_value=alive_test_ports
+                pref_key=BOREAS_ALIVE_TEST_PORTS,
+                pref_value=alive_test_ports,
             )
             self.kbdb.add_scan_preferences(self.scan_id, [pref])