English | Deutsch
Home »

OpenVAS Change Request #39: Mandatory KB keys

Status: Voted +6. Done. 2009-08-01: All changes are in SVN, including trunk and 2-0 as well as openvas-conpendium.


To allow defining scripts that in no circumstances make sense to be loaded and executed if a specific key in the knowledge base is missing.



Currently, scripts can specify a "required key". The script will not be executed in case the key is missing in the knowledge base. However, this is only true in case the preference "optimize tests" is switched on.

In case of non-optimized tests, the list of required keys is disregarded and the NVTs are executed nonetheless. This does indeed make sense and many scripts rely on this behaviour as they can do something sensible even without the keys.

However, for many scripts it makes no sense to run if a certain key is missing. Such scripts rely entirely on the presense of the key.


New NVTs might use the "script_mandatory_keys()" method in the description sections. Older version of the scanner will send a error message to the log file each time they parse this code line. However, this does not affect the execution of the script, the scanner will just ignore the absence of the function. Alternatively, each call of the that function can be wrapped with "if defined_func()", but that adds only code that later is to be removed again. Decision on wether this is to be used should made upon the number of log that is produced - huge amounts should be avoided.

The information on mandatory keys needs to be stored in the cache as well and thus, the cache needs to be invalidated once to get this new feature working. For 2.0 series, this automatically happens with a new release of openvas-libraries. For 2.1/3.0 releases this is not an issue at all because of the new dynamic cache.

Design and Implementation

The implementation needs to establish the following changes: