greenbone · nichtsfrei · Jan 16, 2024 · Jan 15, 2024 · Jan 15, 2024 · Jan 15, 2024
@@ -38,6 +38,7 @@ RUN apt-get update && apt-get install --no-install-recommends --no-install-sugge
   libcurl4 \
   libcurl3-gnutls \
   zlib1g \
+  libhiredis0.14 \
   && rm -rf /var/lib/apt/lists/*
 COPY .docker/openvas.conf /etc/openvas/
 # must be pre built within the rust dir and moved to the bin dir

@@ -19,16 +19,7 @@ jobs:
       - name: deploy openvasd
         run: |
           cd rust/examples/tls/Self-Signed\ mTLS\ Method
-          sh server_certificates.sh
-          sh client_certificates.sh
-          kubectl create namespace openvasd || true
-          kubectl create secret generic server-private-key \
-                --from-file=key.pem=./server.rsa \
-                --from-file=certs.pem=./server.pem \
-                --namespace openvasd
-          kubectl create secret generic client-certs \
-                --from-file=client1.pem=./client.pem \
-                --namespace openvasd
+          make delete deploy
           cd -
           helm uninstall openvasd --namespace openvasd|| true
           helm install --namespace openvasd --create-namespace openvasd charts/openvasd/ --values charts/openvasd/values.yaml --values charts/openvasd/mtls-wo-ingress.yaml

@@ -6,12 +6,12 @@ This Helm chart is tested with k3s and Traefik. Note that other options may requ
 
 ## mTLS (Enabled by Default)
 
-To use mTLS, store the server certificate and key as a secret named 'server-private-key', containing key.pem and certs.pem. For example, deploying `openvasd` into the 'openvasd' namespace with a generated certificate:
+To use mTLS, store the server certificate and key as a secret named 'ingress-certificate', containing key.pem and certs.pem. For example, deploying `openvasd` into the 'openvasd' namespace with a generated certificate:
 
 ```bash
 cd ../../rust/examples/tls/Self-Signed\ mTLS\ Method
 sh server_certificates.sh
-kubectl create secret generic server-private-key \
+kubectl create secret generic ingress-certificate \
       --from-file=key.pem=./server.rsa \
       --from-file=certs.pem=./server.pem \
       --namespace openvasd

@@ -43,9 +43,9 @@ spec:
       - name: ospd-logs
         emptyDir: {}
       {{- if eq .Values.openvasd.tls.certificates.deploy_server true }}
-      - name: server-private-key
+      - name: ingress-certificate
         secret:
-          secretName: server-private-key
+          secretName: ingress-certificate
       {{ end }}
       {{- if eq .Values.openvasd.tls.certificates.deploy_client true }}
       - name: client-certs
@@ -59,22 +59,30 @@ spec:
         volumeMounts:
           - name: nasl-plugins
             mountPath: /mnt/nasl
-        command: ['sh', '-c']
-        args: ['cp -rv /var/lib/openvas/22.04/vt-data/nasl/* /mnt/nasl/']
-      - name: notus-advisories
-        image: "{{ .Values.notusdata.repository }}:{{ .Values.notusdata.tag }}"
+        env:
+          - name: MOUNT_PATH 
+            value: "/mnt/nasl"
+      - name: normalize-nasl-feed
+        image: "{{ .Values.vulnerabilitytests.repository }}:{{ .Values.vulnerabilitytests.tag }}"
         imagePullPolicy: Always
         volumeMounts:
-          - name: notus-data
-            mountPath: /mnt/notus
-        command: ['cp', '-rv', '/var/lib/notus/advisories', '/mnt/notus/']
-      - name: notus-products
+          - name: nasl-plugins
+            mountPath: /mnt/nasl
+        command: ['/bin/sh', '-c']
+        # flatten nasl data
+        args:
+          - mv -vf /mnt/nasl/22.04/vt-data/nasl/* /mnt/nasl/;
+            rm -r /mnt/nasl/22.04;
+            rm -r /mnt/nasl/21.04;
+      - name: notus-data
         image: "{{ .Values.notusdata.repository }}:{{ .Values.notusdata.tag }}"
         imagePullPolicy: Always
         volumeMounts:
           - name: notus-data
             mountPath: /mnt/notus
-        command: ['cp', '-rv', '/var/lib/notus/products', '/mnt/notus/']
+        env:
+          - name: MOUNT_PATH 
+            value: "/mnt/notus"
       - name: mqtt-broker-openvas-fix
         image: "{{ .Values.ospd.repository }}:{{ .Values.ospd.tag }}"
         imagePullPolicy: Always
@@ -152,7 +160,7 @@ spec:
           mountPath: /run/ospd/
         {{- if eq .Values.openvasd.tls.certificates.deploy_server true }}
         - mountPath: "/etc/openvasd/tls/"
-          name: server-private-key
+          name: ingress-certificate
           readOnly: true
         {{ end }}
         {{- if eq .Values.openvasd.tls.certificates.deploy_client true }}

@@ -35,12 +35,12 @@ fn add_layer(index: usize, count: usize) -> Vec<Node<String>> {
 pub fn parallel_benchmark(c: &mut Criterion) {
     const NUM_LAYERS: usize = 20;
     #[cfg(feature = "parallel")]
-    fn par_no_op(nodes: &Vec<Node<String>>) {
+    fn par_no_op(nodes: &[Node<String>]) {
         DepGraph::new(nodes)
             .into_par_iter()
             .for_each(|_node| thread::sleep(Duration::from_nanos(100)))
     }
-    fn seq_no_op(nodes: &Vec<Node<String>>) {
+    fn seq_no_op(nodes: &[Node<String>]) {
         DepGraph::new(nodes)
             .into_iter()
             .for_each(|_node| thread::sleep(Duration::from_nanos(100)))

@@ -269,8 +269,8 @@ mod tests {
     #[test]
     fn iter_thousand_graph() {
         let mut nodes: Vec<Node<_>> = (0..1000).map(|i| Node::new(format!("{}", i))).collect();
-        for i in 1..1000 {
-            nodes[i].add_dep("0".to_string());
+        for item in nodes.iter_mut().take(1000).skip(1) {
+            item.add_dep("0".to_string());
         }
 
         let r = DepGraph::new(&nodes);

@@ -0,0 +1,27 @@
+.PHONY: client server namespace delete deploy
+
+server:
+	# only when server.rsa is not available
+	[ ! -f server.rsa ] && sh server_certificates.sh || true
+client:
+	# only when client.rsa is not available
+	[ ! -f client.rsa ] && sh client_certificates.sh || true
+
+namespace:
+	kubectl create namespace openvasd || true
+
+delete: 
+	kubectl delete secret ingress-certificate --namespace openvasd || true
+	kubectl delete secret client-certs --namespace openvasd || true
+
+
+
+deploy: namespace server client
+	kubectl create secret generic ingress-certificate \
+		--from-file=key.pem=./server.rsa \
+		--from-file=certs.pem=./server.pem \
+		--namespace openvasd
+	kubectl create secret generic client-certs \
+		--from-file=client1.pem=./client.pem \
+		--namespace openvasd
+
@@ -101,7 +101,7 @@ mod test {
         store.append(key, serialized).unwrap();
         let results: Vec<super::Serialization<Test>> = store.by_range(key, Range::All).unwrap();
         assert_eq!(results.len(), 1);
-        let test2 = match results.get(0).unwrap() {
+        let test2 = match results.first().unwrap() {
             super::Serialization::Deserialized(t) => t.clone(),
             _ => panic!("Serialization::try_from failed"),
         };

@@ -103,7 +103,7 @@ mod test {
         store.append(key, serialized).unwrap();
         let results: Vec<super::Serialization<Test>> = store.by_range(key, Range::All).unwrap();
         assert_eq!(results.len(), 1);
-        let test2 = match results.get(0).unwrap() {
+        let test2 = match results.first().unwrap() {
             super::Serialization::Deserialized(t) => t.clone(),
             _ => panic!("Serialization::try_from failed"),
         };

@@ -286,7 +286,7 @@ where
 {
     let positional = resolve_positional_arguments(register);
 
-    Ok(match positional.get(0) {
+    Ok(match positional.first() {
         Some(NaslValue::String(x)) => match register.named(x) {
             Some(ContextType::Function(_, _)) => true.into(),
             _ => ctx.nasl_fn_defined(x).into(),

@@ -141,7 +141,7 @@ fn write_nasl_string_value(s: &mut String, value: &NaslValue) -> Result<(), Func
 /// If this function retrieves anything but a string it returns NULL
 fn toupper<K>(register: &Register, _: &Context<K>) -> Result<NaslValue, FunctionErrorKind> {
     let positional = resolve_positional_arguments(register);
-    Ok(match positional.get(0) {
+    Ok(match positional.first() {
         Some(NaslValue::String(x)) => x.to_uppercase().into(),
         Some(NaslValue::Data(x)) => x
             .iter()
@@ -158,7 +158,7 @@ fn toupper<K>(register: &Register, _: &Context<K>) -> Result<NaslValue, Function
 /// If this function retrieves anything but a string it returns NULL
 fn tolower<K>(register: &Register, _: &Context<K>) -> Result<NaslValue, FunctionErrorKind> {
     let positional = resolve_positional_arguments(register);
-    Ok(match positional.get(0) {
+    Ok(match positional.first() {
         Some(NaslValue::String(x)) => x.to_lowercase().into(),
         Some(NaslValue::Data(x)) => x
             .iter()
@@ -175,7 +175,7 @@ fn tolower<K>(register: &Register, _: &Context<K>) -> Result<NaslValue, Function
 /// If this function retrieves anything but a string it returns 0
 fn strlen<K>(register: &Register, _: &Context<K>) -> Result<NaslValue, FunctionErrorKind> {
     let positional = resolve_positional_arguments(register);
-    Ok(match positional.get(0) {
+    Ok(match positional.first() {
         Some(NaslValue::String(x)) => x.len().into(),
         Some(NaslValue::Data(x)) => x.len().into(),
         _ => 0_i64.into(),
@@ -224,7 +224,7 @@ fn hexstr<K>(register: &Register, _: &Context<K>) -> Result<NaslValue, FunctionE
         }
         Ok(s.into())
     };
-    match positional.get(0) {
+    match positional.first() {
         Some(NaslValue::String(x)) => hexler(x),
         Some(NaslValue::Data(x)) => hexler(&x.iter().map(|x| *x as char).collect::<String>()),
         _ => Ok(NaslValue::Null),
@@ -235,7 +235,7 @@ fn hexstr<K>(register: &Register, _: &Context<K>) -> Result<NaslValue, FunctionE
 ///
 /// The first positional argument must be a string, all other arguments are ignored. If either the no argument was given or the first positional is not a string, a error is returned.
 fn hexstr_to_data<K>(register: &Register, _: &Context<K>) -> Result<NaslValue, FunctionErrorKind> {
-    match resolve_positional_arguments(register).get(0) {
+    match resolve_positional_arguments(register).first() {
         Some(NaslValue::String(x)) => match decode_hex(x) {
             Ok(y) => Ok(NaslValue::Data(y)),
             Err(_) => Err((
@@ -259,7 +259,7 @@ fn hexstr_to_data<K>(register: &Register, _: &Context<K>) -> Result<NaslValue, F
 ///
 /// The first positional argument must be byte data, all other arguments are ignored. If either the no argument was given or the first positional is not byte data, a error is returned.
 fn data_to_hexstr<K>(register: &Register, _: &Context<K>) -> Result<NaslValue, FunctionErrorKind> {
-    match resolve_positional_arguments(register).get(0) {
+    match resolve_positional_arguments(register).first() {
         Some(NaslValue::Data(x)) => Ok(encode_hex(x)?.into()),
         Some(x) => Err(("first positional argument", "data", x.to_string().as_str()).into()),
         None => Err("0".into()),
@@ -285,7 +285,7 @@ fn crap<K>(register: &Register, _: &Context<K>) -> Result<NaslValue, FunctionErr
     match register.named("length") {
         None => {
             let positional = resolve_positional_arguments(register);
-            match positional.get(0) {
+            match positional.first() {
                 Some(NaslValue::Number(x)) => Ok(NaslValue::String(data.repeat(*x as usize))),
                 x => Err(("0", "numeric", x).into()),
             }
@@ -302,7 +302,7 @@ fn crap<K>(register: &Register, _: &Context<K>) -> Result<NaslValue, FunctionErr
 /// Takes one required positional argument of string type.
 fn chomp<K>(register: &Register, _: &Context<K>) -> Result<NaslValue, FunctionErrorKind> {
     let positional = resolve_positional_arguments(register);
-    match positional.get(0) {
+    match positional.first() {
         Some(NaslValue::String(x)) => Ok(x.trim_end().to_owned().into()),
         Some(NaslValue::Data(x)) => Ok(x
             .iter()
@@ -322,7 +322,7 @@ fn chomp<K>(register: &Register, _: &Context<K>) -> Result<NaslValue, FunctionEr
 /// The optional third positional argument is an *int* containing an offset from where to start the search.
 fn stridx<K>(register: &Register, _: &Context<K>) -> Result<NaslValue, FunctionErrorKind> {
     let positional = resolve_positional_arguments(register);
-    let haystack = match positional.get(0) {
+    let haystack = match positional.first() {
         Some(NaslValue::String(x)) => x,
         x => return Err(("0", "string", x).into()),
     };

@@ -3,7 +3,7 @@ use std::{io, path::PathBuf};
 
 use clap::{arg, value_parser, ArgAction, Command};
 // re-export to work around name conflict
-pub use feed::transpile;
+
 use storage::StorageError;
 
 use crate::{get_path_from_openvas, read_openvas_config, CliError, CliErrorKind};

@@ -8,14 +8,22 @@ use nasl_syntax::parse;
 pub fn simple_parse_benchmark(c: &mut Criterion) {
     let code = include_str!("simple_parse.nasl");
     c.bench_function("simple_parse", |b| {
-        b.iter(|| parse(black_box(&code)).map(|x| x.unwrap()).count())
+        b.iter(|| {
+            if let Some(err) = parse(black_box(code)).find_map(|x| x.err()) {
+                panic!("Unexpected error: {err}");
+            }
+        })
     });
 }
 
 pub fn parse_large_benchmark(c: &mut Criterion) {
     let code = include_str!("smb_nt.inc");
     c.bench_function(&format!("smb_nt.inc {}", code.len()), |b| {
-        b.iter(|| parse(black_box(&code)).map(|x| x.unwrap()).count())
+        b.iter(|| {
+            if let Some(err) = parse(black_box(code)).find_map(|x| x.err()) {
+                panic!("Unexpected error: {err}");
+            }
+        })
     });
 }