gvm 21 support

Author: =

pom.xml

@@ -5,7 +5,7 @@
 
 	<groupId>io.mixeway</groupId>
 	<artifactId>MixewayOpenVasRestAPI</artifactId>
-	<version>1.1.0-SNAPSHOT</version>
+	<version>1.2.0-SNAPSHOT</version>
 	<packaging>jar</packaging>
 
 	<name>MixewayOpenVasRestAPI</name>
@@ -92,6 +92,11 @@
 			<groupId>junit</groupId>
 			<artifactId>junit</artifactId>
 		</dependency>
+		<dependency>
+			<groupId>org.apache.commons</groupId>
+			<artifactId>commons-lang3</artifactId>
+			<version>3.12.0</version>
+		</dependency>
 
 
 	</dependencies>

src/main/java/pl/orange/bst/mixer/Test.java

@@ -39,6 +39,15 @@ public void createTask() throws JAXBException {
         System.out.println("Create task:");
         System.out.println(buildCommandPrefix(user) + "'"+xob.buildGetReport(user, params)+"'");
     }
+    @org.junit.Test
+    public void getReport() throws JAXBException {
+        XmlOperationBuilder xob = new XmlOperationBuilder();
+        User user = new User("gvmadmin","1qaz@WSX");
+        HashMap<String, String> params =new HashMap<>();
+        params.put("report_id","c9299f55-c17f-4e33-a3b0-48809213ee6d");
+        System.out.println("Create task:");
+        System.out.println(buildCommandPrefix(user) + "'"+xob.buildGetReport(user, params)+"'");
+    }
 
 
 

src/main/java/pl/orange/bst/mixer/openvas/OpenVasClient.java

@@ -11,6 +11,7 @@
 import javax.xml.parsers.ParserConfigurationException;
 
 import org.apache.commons.io.IOUtils;
+import org.apache.commons.lang3.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Value;
@@ -33,6 +34,8 @@
 public class OpenVasClient {
 	@Value("${openvasmd.socket}")
 	private String socket;
+	@Value("${gvm-cli.exec}")
+	private String gvmCli;
 
 	XmlOperationBuilder xob = new XmlOperationBuilder();
 	private static final Logger log = LoggerFactory.getLogger(OpenVasClient.class);
@@ -98,7 +101,12 @@ private List<Vuln> loadVulns(User user, HashMap<String, String> params, int star
 						v.setHost(el.getElementsByTagName("host").item(0).getFirstChild().getTextContent());
 						v.setDesc(el.getElementsByTagName("description").item(0).getTextContent());
 						v.setPort(el.getElementsByTagName("port").item(0).getTextContent());
-						v.setThreat(getThreat(el.getElementsByTagName("severity").item(0).getTextContent()));
+						if(StringUtils.isNumeric(el.getElementsByTagName("severity").item(0).getTextContent())) {
+							v.setThreat(getThreat(el.getElementsByTagName("severity").item(0).getTextContent()));
+						} else {
+							Element severityNvt = (Element) el.getElementsByTagName("severity").item(0);
+							v.setThreat(getThreat(severityNvt.getElementsByTagName("score").item(0).getTextContent()));
+						}
 						vulns.add(v);
 					} catch (NullPointerException n) {
 						//n.printStackTrace();
@@ -192,6 +200,8 @@ private String getTaskStatusResponse(User user, HashMap<String, String> params)
 	private String getRunTask(User user, HashMap<String, String> params) throws JAXBException, SAXException, IOException, ParserConfigurationException {
 		ProcessBuilder pb = new ProcessBuilder("bash", "-c", buildCommandPrefix(user) + "'"+xob.buildStartTask(user, params)+"'");
 		String output = IOUtils.toString(pb.start().getInputStream());
+		log.debug("Request for starttask is {}",  buildCommandPrefix(user) + "'"+xob.buildStartTask(user, params)+"'");
+		log.debug("Output for starttask is {}", output);
 		Document doc = DocumentBuilderFactory.newInstance()
                 .newDocumentBuilder()
                 .parse(new InputSource(new StringReader(output)));
@@ -229,6 +239,7 @@ private String getCreateTaskResponse(User user, HashMap<String, String> params)
 			return null;
 	}
 	private String getConfigResponse(User user) throws SAXException, IOException, ParserConfigurationException, JAXBException {
+		log.info("About to execute: {} {} {} '{}'","bash","-c", buildCommandPrefix(user),xob.buildGetConfig(user) );
 		ProcessBuilder pb = new ProcessBuilder("bash", "-c",  buildCommandPrefix(user) + "'"+xob.buildGetConfig(user)+"'");
 		String output = IOUtils.toString(pb.start().getInputStream());
 		Document doc = DocumentBuilderFactory.newInstance()
@@ -273,6 +284,8 @@ private String getCreateTargetRespnse(User user, HashMap<String, String> params)
 
 		ProcessBuilder pb = new ProcessBuilder("bash", "-c", buildCommandPrefix(user) + "'"+xob.buildCreateTarget(user, params)+"'");
 		String output = IOUtils.toString(pb.start().getInputStream());
+		log.debug("Request for createtarget is {}",  buildCommandPrefix(user) + "'"+xob.buildCreateTarget(user, params)+"'");
+		log.debug("Output for createtarget is {}", output);
 		Document doc = DocumentBuilderFactory.newInstance()
                 .newDocumentBuilder()
                 .parse(new InputSource(new StringReader(output)));
@@ -285,6 +298,6 @@ private String getCreateTargetRespnse(User user, HashMap<String, String> params)
 	}
 
 	public String buildCommandPrefix(User user){
-		return String.format("gvm-cli --timeout 600 --gmp-username=%s --gmp-password=%s socket --socketpath %s --xml ",user.getUsername(), user.getPassword(), socket);
+		return String.format("%s --timeout 600 --gmp-username=%s --gmp-password=%s socket --socketpath %s --xml ",gvmCli,user.getUsername(), user.getPassword(), socket);
 	}
 }

src/main/resources/application.properties

@@ -1,10 +1,12 @@
 server.port: 8444
-server.ssl.key-store: pki/localhost.p12
-server.ssl.key-store-password: changeit
+server.ssl.key-store: /Users/gs/pki/new.p12
+server.ssl.key-store-password: 1qaz@WSX
 server.ssl.keyStoreType: PKCS12
-server.ssl.key-alias=mixer
-server.ssl.trust-store=etc/pki/trust.jks
+server.ssl.key-alias=mixeway
+server.ssl.trust-store=/Users/gs/pki/trust.jks
 server.ssl.trust-store-password=changeit
 server.ssl.client-auth=want
-openvasmd.socket=/usr/local/var/run/openvasmd.sock
-allowed.users=localhost,127.0.0.1
+openvasmd.socket=/Users/gs/gvm/gvmd.sock
+allowed.users=localhost,127.0.0.1
+gvm-cli.exec=gvm-cli
+logging.level.root=WARN