English | Deutsch
Home »

OpenVAS Change Request #55: Decentralized CPE identification

Status: Voted +4. Implemented in r11631.

References

Purpose

Provide a scalable and maintainable way to craft and report CPEs from within the plugins.

Rationale

Currently CPEs are translated by cpe.inc, using a huge (and growing) list. This system completely hides the relationships between the scripts that perform the detection and the CPE that are finally registered.

The aim would be to get rid of that hardly maintainable list and distribute registration of CPEs by letting detection scripts register them directly. Instead of registering a freeform KB entry, and adding a translator in cpe.inc, script writers should now build CPEs from within the detection script (and register them as host details). Additionally having free-form KB entries is still important though, as it's used by mandatory_keys() for instance.

Given that the regexp-based system which is currently in use is extremely convenient to build CPEs from external sources (like application banners), we propose that script writers use the build_cpe() function from cpe.inc. This function somewhat reproduces the core behavior of cpe.inc: building a CPE from a given value, a regular expression and the base of the CPE.

Effects

These changes should ease the integration of CPEs in the system, widen their use and improve maintainability.

Generated CPEs should also be registered as host details, which will let the upper layers know from which script comes a given CPE.

Script writers will be expected to add CPE handling to their scripts when writing new OS/Application detection NVTs.

Design and Implementation

All the side components are already in place. Scripts which set the entries listed in cpe.inc need to be ported to directly register them.

History