Skip to content

Commit

Permalink
Merge branch 'main' into nasl-rsa-function2
Browse files Browse the repository at this point in the history
  • Loading branch information
puethenn authored Oct 29, 2024
2 parents c7d79b0 + 8e38d9e commit a1fa5ad
Show file tree
Hide file tree
Showing 21 changed files with 163 additions and 114 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/control.yml
Original file line number Diff line number Diff line change
Expand Up @@ -90,7 +90,7 @@ jobs:
dockerhub_token: ${{ secrets.DOCKERHUB_TOKEN}}
cosign_key_opensight: ${{ secrets.COSIGN_KEY_OPENSIGHT }}
cosign_password_opensight: ${{ secrets.COSIGN_KEY_PASSWORD_OPENSIGHT }}
greenbone_registry: ${{ secrets.GREENBONE_REGISTRY }}
greenbone_registry: ${{ vars.GREENBONE_REGISTRY }}
greenbone_registry_user: ${{ secrets.GREENBONE_REGISTRY_USER }}
greenbone_registry_token: ${{ secrets.GREENBONE_REGISTRY_TOKEN }}
mattermost_webhook_url: ${{ secrets.MATTERMOST_WEBHOOK_URL }}
Expand Down
6 changes: 6 additions & 0 deletions rust/Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 1 addition & 3 deletions rust/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,7 @@ This is the rust scanner implementation with the goal to replace the current sca
(openvas-scanner, ospd-openvas, notus-scanner), including the Open Scanner Protocol (OSP). The rust implementation of the new [HTTP scanner API](https://greenbone.github.io/scanner-api/) is called
**openvasd**. It provides an interface to manage scans for vulnerability testing. It currently utilizes the **openvas-scanner** to perform tasks.

This project also consist of a collection of tools called [**scannerctl**](scannerctl/README.md). It contains variety of utilities for different tasks. For more information look into [**scannerctl**](scannerctl/README.md).

This project also consist of a collection of tools called [**scannerctl**](./src/scannerctl/README.md). It contains variety of utilities for different tasks. For more information look into [**scannerctl**](./src/scannerctl/README.md).

# Implementation of the NASL Attack Scripting Language

Expand All @@ -17,7 +16,6 @@ The decision to rewrite certain parts in rust was mainly to have an easier way t

The implementation is split into multiple parts that are reflected in the directory layout.


# Requirements

- rust toolchain
Expand Down
5 changes: 4 additions & 1 deletion rust/crates/nasl-function-proc-macro/src/codegen.rs
Original file line number Diff line number Diff line change
Expand Up @@ -120,7 +120,9 @@ impl<'a> ArgsStruct<'a> {
let fn_args_names = self.get_fn_args_names();
let call_expr = match self.receiver_type {
ReceiverType::None => quote! { #mangled_ident(#fn_args_names) },
ReceiverType::RefSelf => quote! { self.#mangled_ident(#fn_args_names) },
ReceiverType::RefSelf | ReceiverType::RefMutSelf => {
quote! { self.#mangled_ident(#fn_args_names) }
}
};
let await_ = match asyncness {
Some(_) => quote! { .await },
Expand Down Expand Up @@ -176,6 +178,7 @@ impl<'a> ArgsStruct<'a> {
let self_arg = match self.receiver_type {
ReceiverType::None => quote! {},
ReceiverType::RefSelf => quote! {&self,},
ReceiverType::RefMutSelf => quote! {&mut self,},
};
let inputs = quote! {
#self_arg
Expand Down
4 changes: 0 additions & 4 deletions rust/crates/nasl-function-proc-macro/src/error.rs
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,6 @@ pub enum ErrorKind {
OnlyNormalArgumentsAllowed,
WrongArgumentOrder,
MovedReceiverType,
MutableRefReceiverType,
TypedRefReceiverType,
}

Expand All @@ -41,9 +40,6 @@ impl Error {
ErrorKind::MovedReceiverType => {
"Receiver argument is of type `self`. Currently, only `&self` receiver types are supported."
}
ErrorKind::MutableRefReceiverType => {
"Receiver argument is of type `&mut self`. Currently, only `&self` receiver types are supported."
}
ErrorKind::TypedRefReceiverType => {
"Specific type specified in receiver argument. Currently, only `&self` is supported."
}
Expand Down
8 changes: 4 additions & 4 deletions rust/crates/nasl-function-proc-macro/src/parse.rs
Original file line number Diff line number Diff line change
Expand Up @@ -152,13 +152,13 @@ impl ReceiverType {
if rec.reference.is_none() {
return make_err(ErrorKind::MovedReceiverType);
}
// `&mut self`
else if rec.mutability.is_some() {
return make_err(ErrorKind::MutableRefReceiverType);
}
// e.g. `self: Box<Self>`
else if rec.colon_token.is_some() {
return make_err(ErrorKind::TypedRefReceiverType);
}
// `&mut self`
else if rec.mutability.is_some() {
ReceiverType::RefMutSelf
} else {
ReceiverType::RefSelf
}
Expand Down
1 change: 1 addition & 0 deletions rust/crates/nasl-function-proc-macro/src/types.rs
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ pub struct ArgsStruct<'a> {
pub enum ReceiverType {
None,
RefSelf,
RefMutSelf,
}

pub struct Arg<'a> {
Expand Down
6 changes: 3 additions & 3 deletions rust/crates/smoketest/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,11 +7,11 @@ To build and run the tests a Makefile is provided:
- make run - runs a scan against an scanner API listening on http://127.0.0.1:3000.

## Configuration
Usage of api-key is optional. For details on how to configure it, see the [openvasd documentation](../openvasd/README.md).
Usage of api-key is optional. For details on how to configure it, see the [openvasd documentation](../../src/openvasd/README.md).

In case of running the test against a mTLS enabled `openvasd`, you need to configure the client key and cert as well in the smoke test environment. For details on how to configure it, see the [openvasd documentation](../openvasd/README.md).
In case of running the test against a mTLS enabled `openvasd`, you need to configure the client key and cert as well in the smoke test environment. For details on how to configure it, see the [openvasd documentation](../../src/openvasd/README.md).

For creation of the key/cert pair for mTLS authentication, see the tls section in the [openvasd documentation](../openvasd/README.md). Also, you find certificate generators in the [examples](../examples/tls)
For creation of the key/cert pair for mTLS authentication, see the tls section in the [openvasd documentation](../../src/openvasd/README.md). Also, you find certificate generators in the [examples](../../examples/tls/)

For authenticated scans, you can set a custom target (default is 127.0.0.1), username and password.

Expand Down
3 changes: 1 addition & 2 deletions rust/doc/misc/progress-calculation-details.md
Original file line number Diff line number Diff line change
Expand Up @@ -74,7 +74,7 @@ scan_progress = (12 + 75 + 100 * 1) / (12 - 2) = 18.7 %

## Special case for resume task

When a resume task, the finished hosts should not be scanned again. Therefore they are sent in the list of excluded hosts. Please read the documentation for [resume scan](resume-scan.md).
When a resume task, the finished hosts should not be scanned again. Therefore they are sent in the list of excluded hosts. Please read the documentation for [resume scan](../faq/resume-scan.md).
In this case, a resume scan with some finished hosts, should not start with a progress with 0%, but a progress according with the already finished hosts.

Then, imagine that the scan of example above, with an initial target of 15 hosts, was stopped/interrupted and you want to resume it. It has an already finished hosts. This hosts is added to the list of `excluded hosts`.
Expand Down Expand Up @@ -111,4 +111,3 @@ Then, the scan progress for a resume task will start from:
```
scan_progress = (0 + 100 * (0 + 1) / (11 + 1 - 2) = 10 %
```

54 changes: 26 additions & 28 deletions rust/doc/openvasd-osp-cmd-equivalence.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,33 +2,33 @@

This document shows the migration of OSP commands (implemented by ospd-openvas) to the new scanner API (implemented by openvasd). It only provides the XML for the command and its corresponding JSON counterpart, as well as the endpoint of the HTTP API. For further information of the commands either see [OSP](https://docs.greenbone.net/API/OSP/osp-22.4.html) or [Scanner API](https://greenbone.github.io/scanner-api/).

# Table of contents
1. [Help command](#Help-command)
2. [Get memory usage command](#Get-memory-usage-command)
3. [Start a scan](#Start-a-scan)
4. [Stop a scan](#Stop-a-scan)
5. [Delete a scan](#Delete-a-scan)
6. [Fetching results](#Fetching-results)
7. [Scan status and progress](#Scan-status-and-progress)
8. [Feed check](#Feed-check)
9. [Get VTs](#Get-VTs)
10. [Get Version](#Get-Version)
11. [Get scanner details](#Get-scanner-details)
12. [Get sensor performance](#Get-sensor-performance)

### Help command
- [Migration Guide for API usage of previous OSP commands](#migration-guide-for-api-usage-of-previous-osp-commands)
- [Help command](#help-command)
- [Get memory usage command](#get-memory-usage-command)
- [Start a scan](#start-a-scan)
- [Stop a scan](#stop-a-scan)
- [Delete a scan](#delete-a-scan)
- [Fetching results](#fetching-results)
- [Scan status and progress](#scan-status-and-progress)
- [Feed check](#feed-check)
- [Get VTs](#get-vts)
- [Get Version](#get-version)
- [Get scanner details](#get-scanner-details)
- [Get sensor performance](#get-sensor-performance)

## Help command

there is a help command which includes all supported OSP commands and details. There is no equivalent command for Scanner API. Just refer to the Scanner API
``` xml
<help/>
```
### Get memory usage command
## Get memory usage command

This command shows RSS, VMS and shared current memory usage. It is a debugging purpose command. There is no equivalent command for Scanner API.
``` xml
<get_memory_usage unit='mb'/>
```
### Start a scan
## Start a scan

***With OSP***

Expand Down Expand Up @@ -123,7 +123,7 @@ Json body:
{"action": "start"}
```

### Stop a scan
## Stop a scan

As explained in the subsection above, you know the scan ID for OSP, because it is necessary for starting a new scan, while the scan ID is created by Openvasd when using Scanner API. Then the scan_id is necessary for both protocols.

Expand All @@ -143,7 +143,7 @@ Json body:
{"action": "stop"}
```

### Delete a scan
## Delete a scan

With the known scan_id, a scan can be deleted. The scan must not be running. So it must be either stopped before or finished. In case of the new scanner API it could also be in the stored status.

Expand All @@ -162,7 +162,7 @@ Endpoint: /scans/{scan_id}
Parameter scan_id: is de Scan ID
```

### Fetching results
## Fetching results

Knowing the scan id, it is possible to fetch results. This command allows some options, like fetching just an amount of results.

Expand All @@ -186,7 +186,7 @@ Parameter scan_id: is de Scan ID.
Optional Query: ?range=start-end, where end is optional as well.
```

### Scan status and progress
## Scan status and progress

***With OSP***

Expand All @@ -205,7 +205,7 @@ Endpoint: /scans/{scan_id}/status
Parameter scan_id: is de Scan ID
```

### Feed check
## Feed check

***With OSP***

Expand All @@ -223,7 +223,7 @@ Endpoint: /health/ready
or /health/alive
or /health/started
```
### Get VTs
## Get VTs

Get a list of Vulnerability test present in the current feed. This includes Notus and NASL tests.

Expand All @@ -249,7 +249,7 @@ Optional Query: ?information=bool shows the whole feed metadata.
```

### Get Version
## Get Version

***With Osp***

Expand All @@ -266,7 +266,7 @@ Only the feed version and the HTTP version are available.
Method: HEAD
```

### Get scanner details
## Get scanner details

Return details about the scanner

Expand All @@ -285,7 +285,7 @@ Method: GET
Entrypoint: scans/preferences
```

### Get sensor performance
## Get sensor performance

Return system report. There is currently no equivalent command for Scanner API

Expand All @@ -295,5 +295,3 @@ More information about this command GOS GVMCG
``` xml
<get_performance start='1706848198' end='1706848198' title='CPU'/>
```


6 changes: 3 additions & 3 deletions rust/src/feed/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -16,12 +16,12 @@ FEED_NAME = "short name of the feed";
```
## Verify

[Implements](./src/verify/mod.rs) a [HashSumNameLoader](./src/verify/mod.rs#L93) that loads the filenames defined in the sha256sums and verifies the corresponding hashsum.
Also, implements a [signature verifier](./src/verify/mod.rs#L163) for checking the signature of the sha256sums file.
[Implements](./verify/mod.rs) a `HashSumNameLoader` that loads the filenames defined in the sha256sums and verifies the corresponding hashsum.
Also, implements a `signature verifier` for checking the signature of the sha256sums file.

### Example

```no_run
```rs,no_run
use scannerlib::nasl::FSPluginLoader;
// needs to be path that contains a sha256sums file otherwise
// it will throw an exception.
Expand Down
4 changes: 2 additions & 2 deletions rust/src/nasl/builtin/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

Contains functions that are within the std library of nasl.

To use the std functions it is recommended to use the defined [ContextFactory] as it sets the function register to the one created in [nasl_std_functions] automatically.
To use the std functions it is recommended to use the defined `ContextFactory` as it sets the function register to the one created in `nasl_std_functions` automatically.

All you have to do as a user is to create the builder

Expand All @@ -29,7 +29,7 @@ To add a function to std you have to add function crate to the Cargo.toml
nasl-builtin-string = {path = "../nasl-builtin-string"}
```

and then extend the builder within [nasl_std_functions] with the implementation of [nasl_builtin_utils::NaslFunctionExecuter] of those functions:
and then extend the builder within `nasl_std_functions` with the implementation of `nasl_builtin_utils::NaslFunctionExecuter` of those functions:

```text
builder = builder.push_register(nasl_builtin_string::NaslString)
Expand Down
13 changes: 5 additions & 8 deletions rust/src/nasl/interpreter/README.md
Original file line number Diff line number Diff line change
@@ -1,11 +1,10 @@
# nasl-interpreter

Is a library that is utilizing [nasl-syntax](../syntax/) and [storage](../../openvasd/storage/) to execute statements.

Is a library that is utilizing [nasl-syntax](../nasl-syntax/) and [storage](../storage/) to execute statements.
The core part is written in [interpreter.rs](./interpreter.rs) and is separated into various extensions to execute a given `Statement` when `resolve` is called.

The core part is written in [interpreter.rs](./src/interpreter.rs) and is separated into various extensions to execute a given `Statement` when `resolve` is called.

Each resolve call will result in a [NaslValue](./src/naslvalue.rs) or an [InterpretError](./src/error.rs) return value.
Each resolve call will result in a [NaslValue](../syntax/naslvalue.rs) or an [InterpretError](../syntax/error.rs) return value.

An interpreter requires:

Expand All @@ -16,7 +15,6 @@ An interpreter requires:
- `loader: &'a dyn Loader` - is used to load script dependencies on `include`,
- `logger: Box<dyn NaslLogger>` - the default logger


## Example

```
Expand All @@ -30,18 +28,17 @@ let code = "display('hi');";
let mut parser = CodeInterpreter::new(code, register, &context);
```


## Built in functions

It provides a set of builtin functionality within [built_in_functions](./src/built_in_functions/) to add a new functionality you have to enhance the lookup function within [lib.rs](./src/lib.rs).
It provides a set of builtin functionality within [built_in_functions](../builtin/) to add a new functionality you have to enhance the lookup function within [lib.rs](../../lib.rs).

Each builtin function follow the syntax of:

```text
fn(&str, &dyn storage, &Register) -> Result<NaslValue, FunctionError>
```

An example of how to write a new builtin function can be found in [misc](./src/built_in_functions/misc.rs).
An example of how to write a new builtin function can be found in [misc](../builtin/misc/).

## Build

Expand Down
1 change: 1 addition & 0 deletions rust/src/nasl/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@ pub use prelude::*;
pub mod test_prelude {
pub use super::prelude::*;
pub use super::test_utils::check_code_result;
pub use super::test_utils::DefaultTestBuilder;
pub use super::test_utils::TestBuilder;
pub use crate::check_code_result_matches;
pub use crate::check_err_matches;
Expand Down
2 changes: 1 addition & 1 deletion rust/src/nasl/syntax/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

`nasl-syntax` is a library to provide structured representation of NASL code.

It will return an Iterator with either a [statement](./src/statement.rs) for further execution or an [error](./src/error.rs) if the given code was incorrect.
It will return an Iterator with either a [statement](./statement.rs) for further execution or an [error](./error.rs) if the given code was incorrect.

Each statement is self contained and it is expected to be executed iteratively and therefore there is no visitor implementation.

Expand Down
Loading

0 comments on commit a1fa5ad

Please sign in to comment.