/usr/share/openvas/scap/cve_update.xsl is in openvas-manager-common 6.0.9-2.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 | <?xml version="1.0" encoding="UTF-8"?>
<!--
OpenVAS
$Id: cve_update.xsl 20229 2014-09-01 13:13:29Z mwiegand $
Description: Generate SQL (SQLite compatible) queries to update the CVE
database.
Authors:
Henri Doreau <henri.doreau@greenbone.net>
Timo Pollmeier <timo.pollmeier@greenbone.net>
Copyright:
Copyright (C) 2011, 2013 Greenbone Networks GmbH
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-->
<xsl:stylesheet version="1.0"
xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
xmlns:vuln="http://scap.nist.gov/schema/vulnerability/0.4"
xmlns:cpe-lang="http://cpe.mitre.org/language/2.0"
xmlns:scap-core="http://scap.nist.gov/schema/scap-core/0.1"
xmlns:cve="http://scap.nist.gov/schema/feed/vulnerability/2.0"
xmlns:cvss="http://scap.nist.gov/schema/cvss-v2/0.2"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:str="http://exslt.org/strings"
xmlns:patch="http://scap.nist.gov/schema/patch/0.1"
extension-element-prefixes="str"
>
<xsl:output method="text"/>
<xsl:template match="cve:entry">
INSERT OR REPLACE INTO cves (
uuid,
name,
creation_time,
modification_time,
cvss,
description,
vector,
complexity,
authentication,
confidentiality_impact,
integrity_impact,
availability_impact,
products) VALUES (
'<xsl:value-of select="@id"/>',
'<xsl:value-of select="@id"/>',
strftime('%s', '<xsl:value-of select="vuln:published-datetime"/>'),
strftime('%s', '<xsl:value-of select="vuln:last-modified-datetime"/>'),
'<xsl:value-of select="vuln:cvss/cvss:base_metrics/cvss:score"/>',
'<xsl:value-of select='str:replace(vuln:summary/text(), "'", "''")'/>',
'<xsl:value-of select="vuln:cvss/cvss:base_metrics/cvss:access-vector"/>',
'<xsl:value-of select="vuln:cvss/cvss:base_metrics/cvss:access-complexity"/>',
'<xsl:value-of select="vuln:cvss/cvss:base_metrics/cvss:authentication"/>',
'<xsl:value-of select="vuln:cvss/cvss:base_metrics/cvss:confidentiality-impact"/>',
'<xsl:value-of select="vuln:cvss/cvss:base_metrics/cvss:integrity-impact"/>',
'<xsl:value-of select="vuln:cvss/cvss:base_metrics/cvss:availability-impact"/>',
'<xsl:for-each select="vuln:vulnerable-software-list/vuln:product">
<xsl:value-of select='str:replace(str:replace(
str:decode-uri(text()), "%7E", "~"),
"'", "''")'/>
<xsl:text> </xsl:text>
</xsl:for-each>');
<xsl:for-each select="vuln:vulnerable-software-list/vuln:product">
<xsl:variable name="decoded_cpe" select='
str:replace(
str:replace(
str:decode-uri(text()), "%7E", "~"),
"'", "''")'/>
INSERT OR IGNORE INTO cpes (uuid, name) VALUES ('<xsl:value-of select="$decoded_cpe"/>', '<xsl:value-of select="$decoded_cpe"/>');
INSERT OR REPLACE INTO affected_products (cve,cpe) VALUES ((SELECT id FROM cves WHERE uuid='<xsl:value-of select="../../@id"/>'),
(SELECT id FROM cpes WHERE name='<xsl:value-of select="$decoded_cpe"/>'));
</xsl:for-each>
</xsl:template>
<xsl:template match="/">
<!-- Activate delete triggers for replace -->
PRAGMA recursive_triggers='ON';
BEGIN TRANSACTION;
<xsl:apply-templates/>
COMMIT;
</xsl:template>
</xsl:stylesheet>
|