Hi,
sorry for my late, and my apologize to hani, i do not test yet your
work.
I agree on all, and also +1 for an indicator in the NVTI that says
whether we have a "new style" NVT.
BR
Seb
Le 21/02/2013 08:37, Jan-Oliver Wagner a écrit :
Hello,
for the two reference NVTs we have already
implemented most of the description break-up:
* 2013/gb_nero_mediahome_server_mult_dos_vuln.nasl
(OID: 1.3.6.1.4.1.25623.1.0.803150)
* secpod_xpdf_mult_vuln.nasl
(OID: 1.3.6.1.4.1.25623.1.0.900457)
This is done in a way that makes the NVTs be compatible with
pre-OpenVAS-6. Once OpenVAS-5 is deprecated, the scripts can
be quite simplified again.
There are still open issues where I like to propose a solution
with direct examples for the reference NVTs:
IMHO we should have two further tags: summary and
vulnerability-detection.
"summary": A short text describing what the issue and test is about.
It
mentions essentials and gives hints about the affected product or
systems.
It also give a hint on type of vulnerability and criticality.
The text may extend to several lines, but all provided information
should
be condensed and not copy the other tags.
(Note: I choose the term "summary" because "description" would
naturally
be the whole set of meta information)
Example for secpod_xpdf_mult_vuln.nasl:
"The PDF viewer Xpdf is prone to multiple vulnerabilities on Linux
systems
that can lead to arbitrary code execution."
Original "Overview":
This host is installed with Xpdf for Linux and is prone to Multiple
Vulnerabilities.
Which is not so suitable the way it is phrased. It already assumes
the host
is vulnerable.
"vulnerability-detection": A short text that documents how the test
detects the vulnerability.
Example for secpod_xpdf_mult_vuln.nasl:
"This test uses the xpdf detection results and checks version of each
binary
found on the target system. Version 3.02 and prior will raise a
security
alert."
I am aware this means quite some hand-crafting work to get all NVTs
furnished
with adequate texts. I think it is worth the efford in order to get a
really
helpful and consistent documentation for the user.
On the implementation side I imagine (anything I might have missed or
got
wrong?):
- Scanner: While transfering meta data via OTP: Don't send
description if the
new meta-tags are present. We can ignore the old-style "summary" as
well as
it adds no information.
- Scanner: While scanning: In case a empty exit() issued, don't copy
the
description into the result in case the new metatags are present.
- Manager/GSA: In case of empty result display summary, insight,
impact,
solution (nicely arranged). Add a box "Result:" with "Vulnerability
detected.".
In case the result is not empty, but the NVT is "new-style", fill
the
box "Result:" with the returned text. This very text is the only
element
we should display preformatted with enforced linebreak. The rest
can be
directly rendered as those elements can not contain overlong words
or any improper characters.
Note: might make sense to manage a indicator in the NVTI that says
whether
we have a "new style" NVT.
Please share your mind about this proposal.
Best
Jan
--
"Le saviez-vous ? la technologie d'ITrust va sécuriser le cloud
français"
| Sébastien AUCOUTURIER | Responsable R&D
| ITrust | 55 L'Occitane 31670 LABEGE
| Email: [email protected]
| Fixe Sdt. 05.67.34.67.80
| IT Security Services & SaaS Editor
_______________________________________________
Openvas-plugins mailing list
[email protected]
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-plugins
