From 5369e055fc4869e14668c3a27441d1ddf84916d1 Mon Sep 17 00:00:00 2001
From: Juan Jose Nicola <juan.nicola@greenbone.net>
Date: Mon, 26 Apr 2021 07:44:56 -0500
Subject: [PATCH 1/3] Add port list validation. Validate the port list to be
 sent to openvas. If it is not a valid port list, it logs an error and send a
 error message to the client

---
 CHANGELOG.md                      | 2 ++
 ospd_openvas/daemon.py            | 2 +-
 ospd_openvas/preferencehandler.py | 4 ++++
 3 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 5ee2a793..801cf10b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,6 +7,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 ## [21.10] (unreleased)
 
 ### Added
+- Validate port list to be sent to openvas. [#411](https://github.com/greenbone/ospd-openvas/pull/411)
+
 ### Changed
 ### Removed
 ### Fixed
diff --git a/ospd_openvas/daemon.py b/ospd_openvas/daemon.py
index 8191bd2b..a7d7685f 100644
--- a/ospd_openvas/daemon.py
+++ b/ospd_openvas/daemon.py
@@ -1258,7 +1258,7 @@ def exec_scan(self, scan_id: str):
 
         if not scan_prefs.prepare_ports_for_openvas():
             self.add_scan_error(
-                scan_id, name='', host='', value='No port list defined.'
+                scan_id, name='', host='', value='Invalid port list.'
             )
             do_not_launch = True
 
diff --git a/ospd_openvas/preferencehandler.py b/ospd_openvas/preferencehandler.py
index e992914e..0254dda0 100644
--- a/ospd_openvas/preferencehandler.py
+++ b/ospd_openvas/preferencehandler.py
@@ -32,6 +32,7 @@
 
 from ospd.scan import ScanCollection
 from ospd.ospd import BASE_SCANNER_PARAMS
+from ospd.network import valid_port_list
 from ospd_openvas.openvas import Openvas
 from ospd_openvas.db import KbDB
 from ospd_openvas.nvticache import NVTICache
@@ -528,6 +529,9 @@ def prepare_ports_for_openvas(self) -> str:
         """Get the port list from the scan collection and store the list
         in the kb."""
         ports = self.scan_collection.get_ports(self.scan_id)
+        if not valid_port_list(ports):
+            return False
+
         port_range = 'port_range|||%s' % ports
         self.kbdb.add_scan_preferences(self.scan_id, [port_range])
 

From 8a4f2c59b88f8096e75037704430ba0816770f77 Mon Sep 17 00:00:00 2001
From: Juan Jose Nicola <juan.nicola@greenbone.net>
Date: Mon, 26 Apr 2021 08:05:32 -0500
Subject: [PATCH 2/3] Add tests

---
 tests/test_preferencehandler.py | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/tests/test_preferencehandler.py b/tests/test_preferencehandler.py
index 3160fabc..c480efe8 100644
--- a/tests/test_preferencehandler.py
+++ b/tests/test_preferencehandler.py
@@ -280,6 +280,17 @@ def test_set_ports(self, mock_kb):
             ['port_range|||80,443'],
         )
 
+    @patch('ospd_openvas.db.KbDB')
+    def test_set_ports_invalid(self, mock_kb):
+        w = DummyDaemon()
+
+        w.scan_collection.get_ports = MagicMock(return_value='2,-9,4')
+
+        p = PreferenceHandler('1234-1234', mock_kb, w.scan_collection, None)
+        p.scan_id = '456-789'
+        p.kbdb.add_scan_preferences = MagicMock()
+        self.assertFalse(p.prepare_ports_for_openvas())
+
     @patch('ospd_openvas.db.KbDB')
     def test_set_main_kbindex(self, mock_kb):
         w = DummyDaemon()

From 2f27fef8ddd434d1a2daeb3701f12a571da0e8eb Mon Sep 17 00:00:00 2001
From: Juan Jose Nicola <juan.nicola@greenbone.net>
Date: Tue, 27 Apr 2021 08:42:52 -0500
Subject: [PATCH 3/3] Update poetry.lock

---
 poetry.lock | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/poetry.lock b/poetry.lock
index 916faad0..860bb26d 100644
--- a/poetry.lock
+++ b/poetry.lock
@@ -269,7 +269,7 @@ psutil = "^5.7.2"
 type = "git"
 url = "https://github.com/greenbone/ospd.git"
 reference = "master"
-resolved_reference = "1fcaa8eb20b7767d2e0dd66d8868529743847b57"
+resolved_reference = "21a832d2a7a581247caa816d231c01fec3909246"
 
 [[package]]
 name = "packaging"
@@ -343,7 +343,7 @@ python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*"
 
 [[package]]
 name = "pylint"
-version = "2.8.1"
+version = "2.8.2"
 description = "python code static checker"
 category = "dev"
 optional = false
@@ -739,8 +739,8 @@ pycparser = [
     {file = "pycparser-2.20.tar.gz", hash = "sha256:2d475327684562c3a96cc71adf7dc8c4f0565175cf86b6d7a404ff4c771f15f0"},
 ]
 pylint = [
-    {file = "pylint-2.8.1-py3-none-any.whl", hash = "sha256:4236b7284853b779a8add49aca287a5899245894995c5591d2b5839a32482330"},
-    {file = "pylint-2.8.1.tar.gz", hash = "sha256:ad1bff19c46bfc6d2aeba4de5f76570d253df4915d2043ba61dc6a96233c4bd6"},
+    {file = "pylint-2.8.2-py3-none-any.whl", hash = "sha256:f7e2072654a6b6afdf5e2fb38147d3e2d2d43c89f648637baab63e026481279b"},
+    {file = "pylint-2.8.2.tar.gz", hash = "sha256:586d8fa9b1891f4b725f587ef267abe2a1bad89d6b184520c7f07a253dd6e217"},
 ]
 pynacl = [
     {file = "PyNaCl-1.4.0-cp27-cp27m-macosx_10_10_x86_64.whl", hash = "sha256:ea6841bc3a76fa4942ce00f3bda7d436fda21e2d91602b9e21b7ca9ecab8f3ff"},