Gvm-cli / GSA inconsistent results


#1

Dear all,

I’m struggling with gvm-cli which gives me wrong results, so I think I’m doing something wrong but I can’t figure what.

I run the following:
gvm-cli socket --sockpath /var/run/openvasmd.sock --gmp-username admin --gmp-password pass -X ‘<get_reports report_id=“e849335f-0242-418f-b78d-822996ffca9f” levels=“hml” autofp=“0” apply_overrides=“1” notes=“1” overrides=“1” result_hosts_only=“1” format_id=“c1645568-627a-11e3-a660-406186ea4fc5”/>’ | xmlstarlet sel -t -v get_reports_response/report/text() | base64 -i -d > foo.csv

With this command I would expect to get only vulnerabilities of level High, Medium and Low to be reported (levels=“hml”), while I actually end up with all findings (that is including the “Logs” level vulnerability, as if I would have set levels=“hmlg” in my command).

I even tried to set levels=“h” only, but I always get all findings.

What’s wrong with my command ?

Thanks


#2

Hi,

please take a look at

https://docs.greenbone.net/API/GMP/gmp-7.0.html#command_get_reports

levels, autofp, … are parameters for the filter. Therefore your request must be

<get_reports report_id=“e849335f-0242-418f-b78d-822996ffca9f” filter="levels=hml" .../>

#3

Thanks Bricks; can I use one filter statement eg: filter=“levels=hml apply_overrides=1” or one filter statement per parameter: filter=“levels=hml” filter=“apply_overrides=1” etc… ?


#4

It’s one filter statement like filter="levels=hml apply_overrides=1 min_qod=80 notes=1"


#5

Thanks Bricks, that works. But I still have an issue. Now my xml command is:

‘<get_reports report_id=“e849335f-0242-418f-b78d-822996ffca9f” filter=“levels=hml apply_overrides=1” format_id=“c1645568-627a-11e3-a660-406186ea4fc5”/>’ | xmlstarlet sel -t -v get_reports_response/report/text() | base64 -i -d > foo.csv

With this command I get a CSV file containing 48 hosts, 48 medium vulnerabilities and 2 high vulnerabilities.

Now If I use GSA, with same filter, and I download the csv file directly from GSA I have a total of 62 medium vulnerabilities and 2 High. So 4 medium vulnerabilities are missing ?!

Thanks !


#6

Please check the applied filter used in the returned xml. I suppose the defaults for rows are applied here again. You could also try to set ignore_pagination="1"


Gvm-cli simple request
#7

Thanks Bricks, adding ignore_pagination=1 to the xml request seems to work. I need to test it further but on this particular example I get the same results as on GSA.

So for reference my gvm cli looks like:

gvm-cli […] -X ‘<get_reports report_id=“3f62310a-592e-495b-83e2-3591e92d1a5f” format_id=“c1645568-627a-11e3-a660-406186ea4fc5” filter=“apply_overrides=1 overrides=1 levels=hml” ignore_pagination=“1”/>’ | xmlstarlet sel -t -v get_reports_response/report/text() | base64 -i -d >

Thanks for your help