OpenVAS Change Request #55: Decentralized CPE identification
Status: Voted +4. Implemented in r11631.
Provide a scalable and maintainable way to craft and report CPEs from within the plugins.
Currently CPEs are translated by cpe.inc, using a huge (and growing) list. This system completely hides the relationships between the scripts that perform the detection and the CPE that are finally registered.
The aim would be to get rid of that hardly maintainable list and distribute registration of CPEs by letting detection scripts register them directly. Instead of registering a freeform KB entry, and adding a translator in cpe.inc, script writers should now build CPEs from within the detection script (and register them as host details). Additionally having free-form KB entries is still important though, as it's used by mandatory_keys() for instance.
Given that the regexp-based system which is currently in use is extremely convenient to build CPEs from external sources (like application banners), we propose that script writers use the build_cpe() function from cpe.inc. This function somewhat reproduces the core behavior of cpe.inc: building a CPE from a given value, a regular expression and the base of the CPE.
These changes should ease the integration of CPEs in the system, widen their use and improve maintainability.
Generated CPEs should also be registered as host details, which will let the upper layers know from which script comes a given CPE.
Script writers will be expected to add CPE handling to their scripts when writing new OS/Application detection NVTs.
Design and Implementation
All the side components are already in place. Scripts which set the entries listed in cpe.inc need to be ported to directly register them.
- 2011-10-12 Henri Doreau <henri.doreau at greenbone dot net>:
- 2011-09-16 Henri Doreau <henri.doreau at greenbone dot net>:
- 2011-09-01 Henri Doreau <henri.doreau at greenbone dot net>:
Updated the "Effects" section.
- 2011-08-25 Henri Doreau <henri.doreau at greenbone dot net>: