English | Deutsch
Home »

OpenVAS Change Request #56: NVT Feed Meta Data Improvements

Status: Voted +6. Done.

References

Purpose

Provide more helpful meta information about NVTs and reduce some redundant information.

Rationale

This change request intends the following modifications to any NVT present in the Feed:

Effects

OpenVAS tool chain can rely on presence of a version number for any NVT.

OpenVAS tool chain can rely on presence of creation and last modification timestamps.

More tags will appear in the meta data of NVTs, so automatically generated dialogs for the NVT meta information might grow in size.

The memory footprint might grow with the additional tags. The shortened description texts might balance this a little bit, but likely not entirely.

Old processing chains that rely on the presence of the risk factor inside the description text will fail. No such processing chains are known, though.

Design and Implementation

Version tag: The SVN "Revision" tag is used for the version. Therefore the script files need to be prepared for this for SVN and the script_version() command in the NVTs must be present and contain the correct "Revision" SVN tag. Henri Doreau already started to fix various scripts. This activity can be continued in conjunction with the other changes.

Creation time stamp and last modification time stamp: This information can be pulled from SVN. A couple of thousand NVTs are older than the SVN history. So these will all get the time stamp of starting the SVN repository. For some it might possible to derive at least the year from copyright or CVEs, but this not systematically and reliably possible. Perhaps it is better to stick with the rule that the OpenVAS NVT feed started at a specific date. Thomas Reinke offered some information from his own repository about the creation timestamps. However, it is to be decided whether to undertake the effort to merge the timestamp or whether to simply use what SVN offers (consistently).

For new scripts, the creation date can be generated using the date command:
LC_ALL=C date +"%F %T %z (%a, %d %b %Y)"

The last modification date and the last revision number can be set automatically by SVN. The following fields must be provided as is:
script_version("$Revision$");
script_tag(name:"last_modification", value:"$Date$");

With the SVN keywords "Revision" and "Date" set for new scripts:
svn propset svn:keywords 'Revision Date' <filename>

Removal of "Risk factor" from description: This should be possible mostly automatically by text pattern matching. It should be taken care that unneeded newlines are then also removed.

History