Fix typo for the StripedTable.

This is a follow-up of #390 and the PR #397 solving it:

There is another edge/corner case where a NVT is using the script_tag(name:"vuldetect", value:"" tag but is only sending a log_message() (0.0 severity).

Once this is happening instead of the static and already correctly formatted Vulnerability Detection Method a Log Method (static as well) without the formatting is shown like seen below:

It doesn't make sense to use one of these two HOCs independently. Therefore they should be merged into only one HOC. It should also be considered to implement a component using the render props pattern as a base for the new HOC.

Move NvtPreferences from web/scanconfigs/ to web/nvts/

Our current select component (select2) is based on the jquery select2 library. The component has several downsides (besides being based on jquery). Most important it's layout always calculates its width on the size of the content.

We should the replace the component by a new react version. A good starting point would be downshift

https://blog.kentcdodds.com/introducing-downshift-for-react-b1de3fca0817
https://github.com/paypal/downshift

Please keep in mind we use select to as multi select (tag like selection) and dropdown. So actually there are two components to be implemented.

ng contains some old concept of DialogContainers. These container components have been implemented to not having to implement save and create handler several time. But as time goes by this DialogContainer concept has been made obsolete.

Currently there are still

./src/web/components/dialog/container.js
./src/web/pages/targets/dialogcontainer.js
./src/web/pages/tasks/dialogcontainer.js
./src/web/pages/alerts/dialogcontainer.js

They should be replaced with a SaveDialog component in combination with a EntityComponent (e.g. TaskComponent).

At the moment we are using several constants such as NVTS_FILTER_FILTER, CVES_FILTER_FILTER and so on in the filter model.
All of the SecInfo filter types are 'type=info' so it makes sense to merge those constants and use SECINFO_FILTER_FILTER only.
For this, the constants in the model have to be changed and their usage in different displays and possibly other components has to be adjusted.

Set model instance ids to undefined if they contain an empty string. Currently they are set to the value passed from the response 1:1 see https://github.com/greenbone/gsa/blob/master/ng/src/gmp/parser.js#L124

Implementing this may cause regressions because some code may expect that an id is always defined.

A delta view with a current trunk doesn't show the "Result 1", "Result 2" and "Different Lines" like seen on the screenshots below (from GSA 7.0.x). On NG only the newest result is shown in the delta view of a changed item.

The 7.0.3 build fails with:

[ 68%] Generating gsad-ru.json
cd /builddir/build/BUILD/gsa-7.0.3/src/po && /usr/bin/msgfmt /builddir/build/BUILD/gsa-7.0.3/src/po/gsad_xsl-de.po -o /builddir/build/BUILD/gsa-7.0.3/src/po/de/gsad_xsl.mo
cd /builddir/build/BUILD/gsa-7.0.3/src/po && /usr/bin/python /builddir/build/BUILD/gsa-7.0.3/tools/po2json /builddir/build/BUILD/gsa-7.0.3/src/po/gsad_js-ru.po /builddir/build/BUILD/gsa-7.0.3/src/po/gsad-ru.json
Traceback (most recent call last):
File "/builddir/build/BUILD/gsa-7.0.3/tools/po2json", line 66, in
main()
File "/builddir/build/BUILD/gsa-7.0.3/tools/po2json", line 62, in main
convert(sys.argv[1], sys.argv[2])
File "/builddir/build/BUILD/gsa-7.0.3/tools/po2json", line 45, in convert
po_f = polib.pofile(in_name)
File "/usr/lib/python2.7/site-packages/polib.py", line 138, in pofile
return _pofile_or_mofile(pofile, 'pofile', **kwargs)
File "/usr/lib/python2.7/site-packages/polib.py", line 86, in _pofile_or_mofile
instance = parser.parse()
File "/usr/lib/python2.7/site-packages/polib.py", line 1306, in parse
self.process(keywords[tokens[0]])
File "/usr/lib/python2.7/site-packages/polib.py", line 1450, in process
self.current_line)
IOError: Syntax error in po file (line 430)

Important dependency is not listed in the INSTALL.md

Expected behavior

apt-get install libxslt1-dev

root@greenbone-ubuntu-1604:/tmp/kitchen/cache/assistant/build# cmake -DCMAKE_INSTALL_PREFIX=/opt/greenbone ..
-- Configuring greenbone-security-assistant...
-- Checking for module 'libexslt'
--   Found libexslt, version 0.8.17
-- Checking for module 'libopenvas_omp>=9.0.0'
--   Found libopenvas_omp, version 9.0.2
-- Checking for module 'libopenvas_base>=9.0.0'
--   Found libopenvas_base, version 9.0.2
-- Checking for module 'libopenvas_misc>=9.0.0'
--   Found libopenvas_misc, version 9.0.2
-- Checking for module 'libxslt'
--   Found libxslt, version 1.1.28
-- Checking for module 'gnutls>=3.2.15'
--   Found gnutls, version 3.4.10
-- Looking for libgcrypt...
-- Looking for libgcrypt... /usr/lib/x86_64-linux-gnu/libgcrypt.so
-- Found Git: /usr/bin/git (found version "2.7.4") 
-- Install prefix: /opt/greenbone
-- Looking for pthread.h
-- Looking for pthread.h - found
-- Looking for pthread_create
-- Looking for pthread_create - not found
-- Looking for pthread_create in pthreads
-- Looking for pthread_create in pthreads - not found
-- Looking for pthread_create in pthread
-- Looking for pthread_create in pthread - found
-- Found Threads: TRUE  
-- Static asset serving is builtin, use with care.
-- Internal XSL transformations, with libxslt.
-- Could NOT find Gettext (missing:  GETTEXT_MSGMERGE_EXECUTABLE GETTEXT_MSGFMT_EXECUTABLE) 
-- Found PythonInterp: /usr/bin/python (found version "2.7.12") 
-- Could NOT find PY_polib (missing:  PY_POLIB) 
CMake Warning at src/po/CMakeLists.txt:164 (message):
  Could not build translation files: gettext not found.


-- Found Doxygen: /usr/bin/doxygen (found version "1.8.11") 
-- Looking for xmltoman...
-- Looking for xmltoman... /usr/bin/xmltoman
-- Looking for xmlmantohtml... /usr/bin/xmlmantohtml
-- Configuring done
-- Generating done
-- Build files have been written to: /tmp/kitchen/cache/assistant/build

Current behavior

root@greenbone-ubuntu-1604:/tmp/kitchen/cache/assistant/build# cmake -DCMAKE_INSTALL_PREFIX=/opt/greenbone ..
-- Configuring greenbone-security-assistant...
-- Checking for module 'libexslt'
--   No package 'libexslt' found
CMake Error at /usr/share/cmake-3.5/Modules/FindPkgConfig.cmake:367 (message):
  A required package was not found
Call Stack (most recent call first):
  /usr/share/cmake-3.5/Modules/FindPkgConfig.cmake:532 (_pkg_check_modules_internal)
  CMakeLists.txt:82 (pkg_check_modules)


-- Configuring incomplete, errors occurred!
See also "/tmp/kitchen/cache/assistant/build/CMakeFiles/CMakeOutput.log".

Steps to reproduce

1. Install gvm-libs
2. download gsa source
3. export PKG_CONFIG_PATH and cmake -DCMAKE_INSTALL_PREFIX

GVM versions

gsa: (gsad --version) 7.0.3

gvm-libs: 9.0.2

Environment

Operating system: UBUNTU 16.04 x86_64

Installation method / source: source installation

Logfiles

Expected behavior

The edit filter button should pop up the filter editing modal to allow for easy filter editing.

Current behavior

The button throws a javascript exection :
Uncaught TypeError: this.filter_dialog.show is not a function
at t.value (detailspage.js:350)
at t.value (icon.js:52)
at Object.a (react-dom.production.min.js:15)
at Object.invokeGuardedCallback (react-dom.production.min.js:16)
at Object.invokeGuardedCallbackAndCatchFirstError (react-dom.production.min.js:16)
at u (react-dom.production.min.js:20)
at p (react-dom.production.min.js:22)
at m (react-dom.production.min.js:22)
at d (react-dom.production.min.js:21)
at v (react-dom.production.min.js:24)

Steps to reproduce

1. Navigate to any report in GSA
2. Click on the "Edit Filter" (wrench) button
3. Check the javascript console

GVM versions

gsa: GIT revision b54fb58-master

gvm: GIT revision 578d030c-master

openvas-scanner: GIT revision e2e20fd-master

Environment

Operating system: Debian Linux x64

Installation method / source: Git source

Return http 404 if an entity couldn't be found for a specific id. Currently an unknown id will cause an error in ng.

Several action icons (in lists and page toolbars) don't have a margin between them currently. They should be put into an IconDivider.

The old version (gsa 7.0) has a slider component based on jquery. This component hasn't been used by intention in ng. We should implement/find a suitable slider component base on react for ng.

Hint: if I remember correctly the slider component is used for setting the min qod in the powerfilter dialogs.

It seems glamorous will be deprecated paypal/glamorous#419
So we need to investigate howto migrate to another CSS-in-JS solution like https://emotion.sh/

When I try to build the gsa-7.0.3, I get the following error:

Scanning dependencies of target gettext-json
[ 80%] Generating gsad-zh_CN.json
[ 82%] Generating gsad-ar.json
[ 85%] Generating gsad-de.json
[ 88%] Generating gsad-fr.json
Traceback (most recent call last):
File "/home/openvas/src/gsa-7.0.3/tools/po2json", line 66, in
main()
File "/home/openvas/src/gsa-7.0.3/tools/po2json", line 62, in main
convert(sys.argv[1], sys.argv[2])
File "/home/openvas/src/gsa-7.0.3/tools/po2json", line 45, in convert
po_f = polib.pofile(in_name)
File "/usr/lib/python2.7/dist-packages/polib.py", line 138, in pofile
return _pofile_or_mofile(pofile, 'pofile', **kwargs)
File "/usr/lib/python2.7/dist-packages/polib.py", line 86, in _pofile_or_mofile
instance = parser.parse()
File "/usr/lib/python2.7/dist-packages/polib.py", line 1320, in parse
self.process(keywords[tokens[0]])
File "/usr/lib/python2.7/dist-packages/polib.py", line 1464, in process
self.current_line)
IOError: Syntax error in po file (line 430)
src/po/CMakeFiles/gettext-json.dir/build.make:74: recipe for target 'src/po/gsad-fr.json' failed
make[2]: *** [src/po/gsad-fr.json] Error 1
CMakeFiles/Makefile2:1020: recipe for target 'src/po/CMakeFiles/gettext-json.dir/all' failed
make[1]: *** [src/po/CMakeFiles/gettext-json.dir/all] Error 2
Makefile:149: recipe for target 'all' failed
make: *** [all] Error 2

Currently in the gmp apis it's not clear which parameters are mandatory any optional. Therefore we should set sane defaults as much as possible.

E.g. gmp.xyz.save({abc = 'mydefault'})

If a dialog needs some time to save the data no indicator is shown that the dialog is still busy in the background. Even the save button is not disabled. Therefore a use might click several times on the save button and create several objects at the backend.

Currently for being able to render divided rows all rows of these lists are put into an tbody element, because before React 16 it wasn't possible to return several elements from a components render method.

This has the side effect that the details are added as a tr child of the table without a tbody in between. Therefore react issues a warning when opening the details.

By using https://reactjs.org/docs/react-component.html#fragments it should be fixed to only have one tbody for all rows.

Anchors such as help/users.html#peruserldapauthentication are not supported.

The # gets parsed to %23 and is not located at the end of the URL. Changes might need to be done to the HelpIcon component, but it's more likely that gmp.buildUrl() needs adjustments.

The current datepicker uses jquery-ui datepicker and should be replaced by a plain react version.

I want to use gsad behind an Apache reverse proxy, in a subdirectory of the root of a domain. This mostly works with this Apache configuration:

<Location /openvas>
        ProxyPass http://localhost:9392
	ProxyPassReverse http://localhost:9392
        ProxyHTMLEnable On
        ProxyHTMLURLMap /       /openvas/
	ProxyAddHeaders On
</Location>

However even then there are some places where ProxyHTMLURLMap fails to rewrite the path of some image resources (maybe in Javascript?). It would be useful if there were a way to define a base path in gsad itself, and that it would automatically make all resources available in that path instead of in the root directory.

When using the last version of libmicrohttpd, the following warning will shown on start up:

gsad: Warning: MHD_USE_THREAD_PER_CONNECTION must be used only with MHD_USE_INTERNAL_POLLING_THREAD. Flag MHD_USE_INTERNAL_POLLING_THREAD was added. Consider setting MHD_USE_INTERNAL_POLLING_THREAD explicitly.

Currently the initialData of the new SaveDialog is only set when the SaveDialog class is created (the state is state to contain the props in the constructor). This may lead to issues when not all initalData is loaded yet and the user want's to open the dialog.

Therefore it should be allowed to change the initialData.

Hello,
There is no signed tarball for gsa 7.0.3. Could you please add it? Thanks!

The two settings "Default OSP Scan Config" and "Default OSP Scanner" don't have any options from which to select. Missing data in the setup don't allow me to figure out which data needs to be send and how. Therefore, they are not yet included in the user settings.
This concerns pages/usersettings/dialog.js ll. 296 and 309.

The currently set timezone will not update after it is changed in usersettings. Only after logging out and then in again, the new timezone is actually set and displayed.

When adding a tag to a secinfo entity (e.g. NVTs, CPEs, CVEs...) via the details page tab, an "internal error" 500 is thrown. A faulty resourceType might be the cause for this.

Hello. In version 7.0.3, access to GSA through the hostname was lost. The web interface is accessible only by IP address. Error: "The request contained an unknown or invalid host header. If you are trying to access GSA through your host name or proxy server, make sure that the GSA is configured this way." This is a bug or feature ?

Expected behavior

Access to WEB-console GSA via hostname.

Current behavior

Access to WEB-console GSA via IP address.

Steps to reproduce

1. Open URL https://scan01.local:4444
2. Error.
3. Open URL https://10.0.0.10:4444
4. No error.

OpenVAS / GVM versions

gsa: (7.0.3)

gvm: (7.0.3 / -)

openvas-scanner: (5.1.2)

gvm-libs: -

openvas-smb: -

Environment

Operating system: Ubuntu 16.04 LTS

Installation method / source: (packages)

Logfiles

gsad main:  DEBUG:2018-04-09 13h46.14 utc:35837: - fe80::215:5dff:fe96:fa5c%eth0
gsad main:  DEBUG:2018-04-09 13h46.14 utc:35837: - 127.0.0.1
gsad main:  DEBUG:2018-04-09 13h46.14 utc:35837: - 10.0.0.10
gsad main:  DEBUG:2018-04-09 13h46.14 utc:35837: - localhost
gsad main:  DEBUG:2018-04-09 13h46.14 utc:35837: - ::1
gsad main:  DEBUG:2018-04-09 13h46.14 utc:35837: GSAD started successfully and is listening on port 4444
gsad main:  DEBUG:2018-04-10 06h36.22 utc:35829: ============= url: /?r=1
gsad main:  DEBUG:2018-04-10 06h36.22 utc:35829: validate_host_header: header: 'scan01.local:4444' -> host: 'scan01.local'
gsad main:  DEBUG:2018-04-10 06h36.22 utc:35829: connectiontype=2

During the make process I got the following error

Traceback (most recent call last):
File "/openvas/update/gsa/tools/po2json", line 66, in
main()
File "/openvas/update/gsa/tools/po2json", line 62, in main
convert(sys.argv[1], sys.argv[2])
File "/openvas/update/gsa/tools/po2json", line 45, in convert
po_f = polib.pofile(in_name)
File "/usr/local/lib/python2.7/dist-packages/polib.py", line 138, in pofile
return _pofile_or_mofile(pofile, 'pofile', **kwargs)
File "/usr/local/lib/python2.7/dist-packages/polib.py", line 86, in _pofile_or_mofile
instance = parser.parse()
File "/usr/local/lib/python2.7/dist-packages/polib.py", line 1320, in parse
self.process(keywords[tokens[0]])
File "/usr/local/lib/python2.7/dist-packages/polib.py", line 1464, in process
self.current_line)
IOError: Syntax error in po file (line 430)
src/po/CMakeFiles/gettext-json.dir/build.make:74: recipe for target 'src/po/gsad-fr.json' failed
make[2]: *** [src/po/gsad-fr.json] Error 1
CMakeFiles/Makefile2:1020: recipe for target 'src/po/CMakeFiles/gettext-json.dir/all' failed
make[1]: *** [src/po/CMakeFiles/gettext-json.dir/all] Error 2
Makefile:149: recipe for target 'all' failed
make: *** [all] Error 2

How to fix it.

In the https://github.com/greenbone/gsa/blob/gsa-7.0/src/po/gsad_js-fr.po line 430 you need to have msgstr instead of msgid

( Ubuntu 16.04.4 LTS, build from source)

An role can exported as an xml file, but there is no import function in the roles menu.

Code analysis with cppcheck shows four functions in GSA which are
defined, but never used:

• gsad/src/gsad_cmd.c: cmd_response_data_set_redirect ()
• gsad/src/xslt_i18n.c: get_ext_gettext_enabled ()
• gsad/src/gsad_http_handler.c: handle_login_page ()
• gsad/src/gsad_http.c: is_export ()

It should check whether this is indeed dead code or code waiting to be
used.

All parsing related code should be in gmp/parser.js now. Currently parse_yesno, YES_VALUE and NO_VALUE are already imported and exported at gmp/parser.js but many code still uses gmp/utils.js to import them. Therefore the imports should be rewritten to use gmp/parser.js instead.

As it is in gsa-7.0 clicking on an ExternalLink should show a disclaimer dialog if the user really would like to open the external page first.

The current gmp api uses the term token for the session token because the http "protocol" to gsad uses this variable. I fear the term token might be to generic in future and it may be better to use sessionToken instead.

The term token is used in gmp/gmp.js and gmp/http.js

We are using the CSS-in-JS solution glamorous which is much nicer to encapsulate styles in components. But there are still some components that use css files directly from the before glamorous era.

src/web/components/dashboard/css/dashboard.css
src/web/components/folding/css/folding.css
src/web/components/menu/css/menu.css
src/web/components/form/css/select2.css
src/web/components/form/css/form.css
src/web/components/form/css/button.css
src/web/components/form/css/datepicker.css
src/web/components/form/css/checkboxradio.css
src/web/components/form/css/spinner.css
src/web/components/form/css/formgroup.css
src/web/pages/users/css/row.css
src/web/wizard/css/wizard.css
src/web/css/app.css
src/web/css/gsa-base.css
src/web/css/gsa-style.css
src/web/css/gsa-login.css
src/web/entities/css/component.css
src/web/entities/css/footer.css

These files should be replaced by using glamorous instead as possible.

In the early beginnings of I have implemented a autobind function to bind handler functions for react component automatically based on their name prefix. This violates the explicit is better the implicit rule and therefore autobind isn't used very much (if at all now). Therefore autobind should be removed completely from the ng code. It lives in gmp/utils.js at the moment.

Currently our http cache stores all requests as long as the user reloads the page. This might be to much data at the end because our responses are really big. Therefore we should use a LRU strategy instead.

It should be possible to resize all dialogs via mouse or at least to allow resizing by setting a prop. The resizing is already possible at the old version of the dialogs in gsa-7.0 with the jquery-ui dialog component.

Currently all plural commands (commands to return lists like gmp.tasks.get()) return CollectionLists
directly. The collection list had the intention to provide the list counts at first and got extended to also provide meta information about the http response. Afterwards getting meta info got also necessary for single commands (for a specific entity like gmp.taks.get({id})). As a result single commands return a Response class instead of the entity model directly.

To have a more consistent API it may be better to also return Response objects for plural commands. The API would change from

gmp.tasks.get().then(collectionlist => {
  const data = collectionslist;
  const {meta, counts} = data;
});

to

gmp.tasks.get().then(response => {
  const {meta, data: collectionlist} = response;
  const {counts} = collectionlist;
});

which is more aligned to the single command API

gmp.task.get({id: 1}).then(response => {
  const {meta, data: task} = response;
});

Currently it is not possible to link from an Override or Note to the result details because the result name is missing in both data responses.

Not sure if that is a problem in gsad or gvmd yet.

in gsad_gmp.c the download_ssl_cert, download_ca_pub and download_key_pub are posting user data back to the browser without ever checking if the data is valid. This is a no-go and can/has been replaced with js code. Therefore theses functions should be removed from gsad.

Hi,
I am not accessing my gsa. I get error it say "The request contained an unknown or invalid Host header. If you are trying to access GSA via its hostname or a proxy, make sure GSA is set up to allow it."

I connected from my browser with https://172.17.6.150:4000 to openvas.

help me please.

The current dialogs are implemented using the withDialog HOC. The API to use these dialogs is based on react refs and the show() methods. refs are a bit problematic because they might already be removed when a promise of the dialog is fulfilled and this can cause serious bugs.

Therefore all dialogs using withDialog should be replaced with a version using the new SaveDialog component.

Expected behavior

I should be able to edit the Openvas Dashboard and see the "Hosts by Modification Time"-Graph

Current behavior

The "Hosts by Modification Time"-Graph is loading forever and breaks the option to edit the dashboard.

Steps to reproduce

It happened after a restore of openvas from a backup. (whole VM snapshot backup)

GVM versions

gsa: 7.0.2

gvm: 7.0.2

openvas-scanner: 5.1.1

gvm-libs: no idea

openvas-smb: no idea

Environment

Operating system: CentOS7 with Atomicorps Sources

Installation method / source: (packages, source installation)

Packages via Atomicorp Openvas RPMs

Logfiles

No idea which logs you want..

Screencast

Here is a Screencast of the issue. You might need Chromium/Chrome to play the video: https://paste.xinu.at/WIHv/

The page prop has become obsolete. It was used for checking user capabilities if the entity type was not equal to the page name. This problem has been improved at the Capabilities class directly.

The component was intended to add a marging after a text. Adding margins has been improved by the introduction of the Divider components. Therefore gsa/src/html/classic/ng/src/web/components/form/text.js is completely useless now.

When the font size in the browser is changed (e.g. via Ctrl++ or Ctrl+-) the checkboxes within dialogs do not change size. So depending on the direction of change of font size they either look very big or very tiny.
This is a minor issue, though, as it gets really visible only with very huge or very tiny fonts.

Running the current trunk there is a difference in the formatting of the text on the two mentioned pages (havn't checked any others so far). The screenshots below are from results of the NVT with the OID 1.3.6.1.4.1.25623.1.0.902909: