English | Deutsch
Home »

OpenVAS Change Request #22: OpenVAS-libnasl: Introduce new script_tag Command

Status: Voted +3. Done. The script_tag command is available starting with OPENVAS_NASL_LEVEL 2310 (OpenVAS 2.0.0).

Purpose

To make NVT descriptions more flexible, thus enabling a more flexible NVT handling in both client and server.

To enable NVT developers to add tags to their NVTs and define new properties without extensive changes to the OpenVAS codebase.

References

Rationale

Currently, a number of commands are used to set the individual properties of an NVT, e.g. script_cve_id, script_bugtraq_id, script_family and so on. These commands set the value of certain fixed-length fields in the NVT structure.

This approach is very inflexible; in order to make even small changes to a property setting command or to add a new one, a lot of code has to be changed in a number of spaces as well as (possibly) protocol specifications.

This change request proposes to add a script_tag command which would complement the existing property setting commands. The parameters for the script_tag command would consist of a property name and a list of values for this property as in the following example:

script_tag(name:"cvss", value:"6.8");
script_tag(name:"cvss_base", value:"(AV:N/AC:L/Au:N/C:N/I:N/A:P)");
script_tag(name:"risk_factor", value:"high");

By adding support for script_tags to OTP and the OpenVAS-Client, it could be possible for users to define their own sorting scheme apart from the current scheme of sorting NVTs by family.

Effects

This would allow script authors to easily add new properties and to extend existing properties without extensive knowledge of the inner workings of openvas-libnasl and openvas-libraries.

Design and Implementation

Adding script_tag would require changes in openvas-libraries and openvas-libnasl as well as changes to the NVT data structure and the OTP protocol specification. Initially, the script_tag command would be modeled close to the existing script_xref command and thus require only minor changes in openvas-libraries, openvas-libnasl and openvas-server.

Proper support for tags would likely lead to a considerable amount of changes in the client GUI; initials support will most likely consist of simply displaying the tags of individual NVTs in their information dialog.

The active NASL developers should agree on a core set of tags to standardize the tags in use. This core set will be documented in the OpenVAS compendium and a QA script will be generated to check the NVTs for uses of non-standard tags.

History