It seems the python-gvm library has not incorporated properly the changes made to the GMP protocol with the release of version 8.0 as described here : https://docs.greenbone.net/API/GMP/gmp-8.0.html#changes

More specifically, the change to the "create_target" command has not been implemented properly. As per the resource linked above, GMPv8 has removed the "MAKE_UNIQUE" name from the expected request/response bodies. When trying to call the "create_target" command via python-gvm against a GMPv8 scanning instance, I am presented with the following error :

GvmError: ('Error in response. Bogus element: make_unique')

A call to the scanning instance for its GMP version returns the following :

<get_version_response status="200" status_text="OK">8.0</get_version_response>

It appears that although "MAKE_UNIQUE" was removed from the request validation, it is still returned as part of the response body and therefore fails validation in python-gvm

Description

Hello everybody,

I am currently using a dockerized version of GVM. gvmd is running in the container.

I am trying to connect to gvmd using python-gvm via a TLSConnection object with the following script:

demo.py

from gvm.connections import DebugConnection, TLSConnection
from gvm.protocols.gmp import Gmp
from gvm.transforms import EtreeTransform
from gvm.xml import pretty_print

tls_connection = TLSConnection()
connection = DebugConnection(tls_connection)
transform = EtreeTransform()

with Gmp(connection, transform=transform) as gmp:
    version = gmp.get_version()
    pretty_print(version)

Given that TLSConnection object is using the following default parameters:

class gvm.connections.TLSConnection(*, certfile=None, cafile=None, keyfile=None, hostname='127.0.0.1', port=9390, password=None, timeout=60)

The command I am using to run the container is:

docker run --detach --publish 8080:9390 (.......) --name <CONTAINER_NAME> <IMAGE_NAME>

Expected behavior

I should get the version:

# python3 demo.py
<get_version_response status="200" status_text="OK">
  <version>21.4</version>
</get_version_response>

Current behavior

Instead, I get an error:

# python3 demo.py
Traceback (most recent call last):
  File "/root/res/demo.py", line 19, in <module>
    with Gmp(connection, transform=transform) as gmp:
  File "/root/res/env/lib/python3.9/site-packages/gvm/protocols/gmp.py", line 113, in __enter__
    gmp = self.determine_supported_gmp()
  File "/root/res/env/lib/python3.9/site-packages/gvm/protocols/gmp.py", line 98, in determine_supported_gmp
    version = self.determine_remote_gmp_version()
  File "/root/res/env/lib/python3.9/site-packages/gvm/protocols/gmp.py", line 81, in determine_remote_gmp_version
    self.connect()
  File "/root/res/env/lib/python3.9/site-packages/gvm/protocols/base.py", line 107, in connect
    self._connection.connect()
  File "/root/res/env/lib/python3.9/site-packages/gvm/connections.py", line 557, in connect
    return self._connection.connect()
  File "/root/res/env/lib/python3.9/site-packages/gvm/connections.py", line 467, in connect
    self._socket.connect((self.hostname, int(self.port)))
  File "/usr/lib/python3.9/ssl.py", line 1342, in connect
    self._real_connect(addr, False)
  File "/usr/lib/python3.9/ssl.py", line 1329, in _real_connect
    super().connect(addr)
ConnectionRefusedError: [Errno 111] Connection refused

Steps to reproduce

1. Activate the python virtual environment (with python-gvm)
2. python3 demo.py

Traceback (most recent call last):
  File "/root/res/demo.py", line 19, in <module>
    with Gmp(connection, transform=transform) as gmp:
  File "/root/res/env/lib/python3.9/site-packages/gvm/protocols/gmp.py", line 113, in __enter__
    gmp = self.determine_supported_gmp()
  File "/root/res/env/lib/python3.9/site-packages/gvm/protocols/gmp.py", line 98, in determine_supported_gmp
    version = self.determine_remote_gmp_version()
  File "/root/res/env/lib/python3.9/site-packages/gvm/protocols/gmp.py", line 81, in determine_remote_gmp_version
    self.connect()
  File "/root/res/env/lib/python3.9/site-packages/gvm/protocols/base.py", line 107, in connect
    self._connection.connect()
  File "/root/res/env/lib/python3.9/site-packages/gvm/connections.py", line 557, in connect
    return self._connection.connect()
  File "/root/res/env/lib/python3.9/site-packages/gvm/connections.py", line 467, in connect
    self._socket.connect((self.hostname, int(self.port)))
  File "/usr/lib/python3.9/ssl.py", line 1342, in connect
    self._real_connect(addr, False)
  File "/usr/lib/python3.9/ssl.py", line 1329, in _real_connect
    super().connect(addr)
ConnectionRefusedError: [Errno 111] Connection refused

GVM versions

gsa: Greenbone Security Assistant 21.4.2

gvm: Greenbone Vulnerability Manager 21.4.3

openvas-scanner: ?

gvm-libs: ?

gvm-tools: ?

Environment

Operating system: Arch Linux 5.12.12-arch1-1 x86_64 GNU/Linux

Installation method / source: Docker

In the example in the README.md is seems like these get_ functions should return an xml object.

# Retrieve all tasks
tasks = gmp.get_tasks()

# Get names of tasks
task_names = tasks.xpath('task/name/text()')

But now they seem to return an string
Is this an error or by design?

   def get_tasks_command(self, kwargs):
        """Generates xml string for get tasks on gvmd."""
        cmd = XmlCommand('get_tasks')
        cmd.set_attributes(kwargs)
        return cmd.to_string()

--
Regards Falk

Expected behavior

Trying to use python-gvm within a Docker container. Using python:3.9.

Current behavior

Error: ModuleNotFoundError: No module named 'gvm.connections' but it is installed.

Steps to reproduce

Dockerfile:

FROM python:3.9
ADD ais/ /code
WORKDIR /code
RUN python -m pip install --upgrade pip
RUN pip install -r requirements.txt

Output:

root@5b82752f17b4:/code# which python
/usr/local/bin/python

root@5b82752f17b4:/code# python
Python 3.9.13 (main, Jul 12 2022, 12:04:02) 
[GCC 10.2.1 20210110] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> from gvm.connections import UnixSocketConnection
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
ModuleNotFoundError: No module named 'gvm.connections'
>>> 

root@5b82752f17b4:/code# stat /usr/local/lib/python3.9/site-packages/gvm/connections.py
  File: /usr/local/lib/python3.9/site-packages/gvm/connections.py
  Size: 18680     	Blocks: 40         IO Block: 4096   regular file
Device: 5fh/95d	Inode: 445449414   Links: 1
Access: (0644/-rw-r--r--)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2022-07-28 18:39:52.905680792 +0000
Modify: 2022-07-28 18:39:42.000000000 +0000
Change: 2022-07-28 18:39:45.277599705 +0000
 Birth: 2022-07-28 18:39:45.273599663 +0000

GVM versions

gvm-tools:
22.6.1

python-gvm:
22.6.1

gsa:
N/A cannot get this far for it to matter

gvm:
N/A cannot get this far for it to matter

openvas-scanner:
N/A cannot get this far for it to matter

gvm-libs:
N/A cannot get this far for it to matter

Environment

Operating system:
Linux 5b82752f17b4 5.4.0-107-generic #121-Ubuntu SMP Thu Mar 24 16:04:27 UTC 2022 x86_64 GNU/Linux

Installation method / source:
pip

Logfiles

N/A

Expected behavior

As is described here, the preferred way (since GMP v8) to get the list of reports without including full results is to specify the undocumented option "details=0" to the XML request. I expect this to be possible in the Python API as well:

gmp.get_reports(details=False)

should return the list of reports, without result details.

Current behavior

Traceback (most recent call last):
  File "/usr/lib/python3.6/code.py", line 91, in runcode
    exec(code, self.locals)
  File "<console>", line 1, in <module>
TypeError: get_reports() got an unexpected keyword argument 'details'

Steps to reproduce

1. bash$ gvm-pyshell
2. >>> gmp.get_reports(details=False)

GVM versions

gvm-tools: gvm-cli 2.0.0.beta1. API version 1.0.0.beta2

Environment

Operating system: Ubuntu 18.04.2 LTS

Installation method / source: pip3 install gvm-tools

Use XmlReader for all GvmConnections. That means merging the XmlReader into GvmConnection and reading the response until the closing root tag arrives or the read_timeout is due. Currently this is only done for the UnixSocketConnection.

See greenbone/gvm-tools#41 for an issues with the TLS Connection

Expected behavior

as described here , get_tasks should accept the ignore_pagination parameter. using python modules the parameter is not recognized

https://docs.greenbone.net/API/GMP/gmp-21.4.html#command_get_tasks
https://greenbone.github.io/python-gvm/api/gmpv224.html#gvm.protocols.gmpv224.Gmp.get_tasks

Current behavior

it's not possible to specify the value as input to the variable, nor is it possible to specify the page to be obtained.

Steps to reproduce

from gvm.connections import UnixSocketConnection
from gvm.protocols.gmp import Gmp
from gvm.transforms import EtreeTransform
from gvm.xml import pretty_print

connection = UnixSocketConnection()
transform = EtreeTransform()

with Gmp(connection, transform=transform) as gmp:
    gmp.authenticate(gmp_user, gmp_password)
    tasks = gmp.get_tasks(ignore_pagination = True)

GVM versions

gmp: 22.4

Hello,

just to let you know that the function "modify_target" requires the "exclude_hosts" parameter if you set the "hosts" parameter. Even if it's supposed to be optional...

e.g. you will get that error if you try to call

gmp.modify_target(target_id, hosts=['192.168.1.2'])

you will get the error:

gvm.errors.GvmError: ('Error in response. HOSTS requires an EXCLUDE_HOSTS', <Element modify_target_response at 0x7fe668f3f588>)

In order to avoid the error you have to use instead:

gmp.modify_target(target_id, hosts=['192.168.1.2'], exclude_hosts=[''])

Good day.
Export of CSV gives XSLX format.
Please check it out and let me know if possible on how to export CSV format, same as we export from panel.
thanks

i want update Openvas Scan Configs NVT Preferences,I called this API "modify_config_set_nvt_preference", but is not effective,who can tell me why ? Thanks !
here is my code:

with Gmp(connection, transform=transform) as gmp:
    gmp.authenticate('admin', 'admin')
    resu = gmp.modify_config_set_nvt_preference("uuid",name="CGI Scanning Consolidation",nvt_oid="oid1", value='90')
    pretty_print(resu)

Expected behavior

SSH host-keys should be stored and retreved as such for connections on non-standard ports:
[ssh.example.com]:2222 ssh-ed25519 ABCDEF`

Current behavior

Connections to non-standard SSH ports are stored without the square brackets and trailing port number.
Similarly, if a host key is stored using the OpenSSH standard (including square brackets and port number), the SSHConnection treats the key as not matching.

Here is a quick python script to recreate the issue:

from paramiko.client import SSHClient, AutoAddPolicy
from gvm.connections import SSHConnection

# Using Paramiko to store the key for the example
client = SSHClient()
client.load_host_keys(os.path.expanduser('~/.ssh/known_hosts'))
client.set_missing_host_key_policy(AutoAddPolicy())
client.connect(hostname="ssh.example.com, port=2222, username="username, password="password)
client.close()

# The resulting known_hosts file looks like this after the above commands:
# [ssh.example.com]:2222ssh-ed25519 ABCDEF

# Now using GVM
gvm_connection = SSHConnection(hostname="ssh.example.com", port=2222, username="username", password="password", known_hosts_file=(os.path.expanduser('~/.ssh/known_hosts')))

with Gmp(connection=gvm_connection) as gmp:
    print(gmp.get_version())

The resulting known_hosts file looks like this:

[ssh.example.com]:2222ssh-ed25519 ABCDEF
ssh.example.com ssh-ed25519 ABCDEF

Where the first line is the key stored by OpenSSH, and the second line is that stored by python-gvm.

Steps to reproduce

1. See above script.

GVM versions

Latest pull of Greenbone Community Containers.
Python-GVM v22.9.1

Environment

Ubuntu, with Greenbone Community Containers using (mostly) the docker-compose.yml from here
Changes include installing OpenSSH on the GVMD container and exposing gvmd.sock over SSH.

Installation method / source: As above.

Logfiles

See example Python script above and the resulting known_hosts file output above.

On 1.4.0 the setup.py file was removed.
But the build for rpm packages relay on it.
And no hint is in the release notes how to generate now setup.py.

Support remediation tickets for gvm 10

When I call get_report function with XML report_format_id I got this error:

Traceback (most recent call last):
  File "/usr/local/lib/python3.6/dist-packages/gvm/connections.py", line 71, in _feed_xml
    self._parser.feed(data)
  File "src/lxml/parser.pxi", line 1242, in lxml.etree._FeedParser.feed
  File "src/lxml/parser.pxi", line 1364, in lxml.etree._FeedParser.feed
  File "src/lxml/parser.pxi", line 592, in lxml.etree._ParserContext._handleParseResult
  File "src/lxml/parser.pxi", line 601, in lxml.etree._ParserContext._handleParseResultDoc
  File "src/lxml/parser.pxi", line 711, in lxml.etree._handleParseResult
  File "src/lxml/parser.pxi", line 640, in lxml.etree._raiseParseError
  File "<string>", line 1
lxml.etree.XMLSyntaxError: XML declaration allowed only at the start of the document, line 1, column 578

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/home/mehdi/PycharmProjects/openvas/Main2.py", line 53, in <module>
    print(gmp.get_report(report_id=report_id,report_format_id=xml))
  File "/usr/local/lib/python3.6/dist-packages/gvm/protocols/gmpv7.py", line 3445, in get_report
    return self._send_xml_command(cmd)
  File "/usr/local/lib/python3.6/dist-packages/gvm/protocols/base.py", line 78, in _send_xml_command
    return self.send_command(xmlcmd.to_string())
  File "/usr/local/lib/python3.6/dist-packages/gvm/protocols/base.py", line 133, in send_command
    raise e
  File "/usr/local/lib/python3.6/dist-packages/gvm/protocols/base.py", line 130, in send_command
    response = self._read()
  File "/usr/local/lib/python3.6/dist-packages/gvm/protocols/base.py", line 55, in _read
    return self._connection.read()
  File "/usr/local/lib/python3.6/dist-packages/gvm/connections.py", line 135, in read
    self._feed_xml(data)
  File "/usr/local/lib/python3.6/dist-packages/gvm/connections.py", line 76, in _feed_xml
    e,
gvm.errors.GvmError: ('Cannot parse XML response. Response data read b\'<get_reports_response status="200" status_text="OK"><report type="scan" id="5bf1505e-e4fd-4f72-babd-2d4e1955ce03" format_id="5057e5cc-b825-11e4-9d0e-28d24461215b" extension="xml" content_type="text/xml"><owner><name>admin</name></owner><name>2019-05-02T08:07:41Z</name><comment></comment><creation_time>2019-05-02T08:07:41Z</creation_time><modification_time></modification_time><writable>0</writable><in_use>0</in_use><task id="2180d963-d4a4-4f6f-aa68-90a1e39f6899"></task><report_format id="5057e5cc-b825-11e4-9d0e-28d24461215b"><name>Anonymous XML</name></report_format><?xml version="1.0" encoding="UTF-8"?>\\n<report id="5bf1505e-e4fd-4f72-babd-2d4e1955ce03">\\n  <omp>\\n    <version>7.0</version>\\n  </omp>\\n  <sort>\\n    <field>type<order>ascending</order></field>\\n  </sort>\\n  <filters id="">\\n    <term>apply_overrides=0 min_qod=70 first=1 rows=1000 sort=name</term>\\n    <filter>High</filter>\\n    <filter>Medium</filter>\\n    <filter>Low</filter>\\n    <filter>Log</filter>\\n    <filter>Debug</filter>\\n    <keywords>\\n      <keywor\'', XMLSyntaxError('XML declaration allowed only at the start of the document, line 1, column 578',))

And this is my code:

x = gvm.connections.TLSConnection(hostname='192.168.29.138')
gmp = Gmp(connection=x)
username = 'admin'
password = '123'
gmp.authenticate(username=username, password=password)
xml='5057e5cc-b825-11e4-9d0e-28d24461215b'
print(gmp.get_report(report_id=report_id,report_format_id=xml))

GVM versions

gsa: (gsad --version)
Greenbone Security Assistant 7.0.3

gvm: (gvmd --version)
-bash: gvmd: command not found

openvas-scanner: (openvassd --version)
OpenVAS Scanner 5.1.3

gvm-libs:

mport gvm
from gvm.connections import UnixSocketConnection, DebugConnection
from gvm.protocols.latest import Gmp

gvm-tools: (gvm-cli --version)
gvm-cli 2.0.0.beta1. API version 1.0.0.beta2

Environment

Operating system:
kalli linux
Installation method / source: (packages, source installation)
apt-get install openvas

When creating a schedule with value 0 in either minutes or hour such as '2019-04-03T12:00:00.000Z' if we call the following method(line 1152 in gmpv7.py)

Gmp.create_schedule(name=schedule_name,
                                      first_time_minute=0,
                                      first_time_hour=12,
                                      first_time_day_of_month=3,
                                      first_time_month=4,
                                      first_time_year=2019,
                                      period=0,
                                      period_unit='hour',
                                      timezone='UTC'
                                       )

it raises an exception such as

raise RequiredArgument(
                    'Setting first_time requires first_time_minute argument')

Few issues here:

• Although the documentation says the first time minute, first time hour, first time moth, year and day should all be an int, they convert it to string regardless before making request to openvas to create schedule. In my current code I've fixed by sending minute and hour as string, although that is not proper way of implementing it.

• following is appropriate way for checking if argument is not none.

            if first_time_minute is not None:
                raise RequiredArgument(
                    'Setting first_time requires first_time_minute argument')

instead of

          if not first_time_minute:
               raise RequiredArgument(
                   'Setting first_time requires first_time_minute argument')

which will always be false if first_time_minute is 0 hence raises an argument

It seems to be impossible to remove a certain field of an entity in the modify functions.
See this Issue for more information ...

Expected behaviour

Remove the Field from the Entity.

Current behaviour

Treated as None, what leads to remain the Field untouched in that Entity.

Steps to reproduce

• Using gmp.modify_task(task_id=id, schedule_id="") will be treated as None
• Using gmp.modify_task(task_id=id) will be treated as None

GVM versions

all?!

Environment

Operating system:
all

Installation method / source: (packages, source installation)
all

Expected behavior

Target is created using the desired alive option.

Current behavior

An error is reported from gvm.errors.InvalidArgument: Invalid argument alive_test for create_target

Steps to reproduce

1. call gmp.create_target with alive_test set.

GVM versions

gsad: Greenbone Security Assistant 8.0.0~git

gvm: Greenbone Vulnerability Manager 8.0.0

openvas-scanner: OpenVAS Scanner 6.0.0

gvm-libs: gvm-libs-10.0.0

gvm-tools: python-gvm 1.0.0b3

Environment

Operating system: Ubuntu 18.04

Installation method / source: source installation

Fix

The bug exists, because alive_test is a string.
This bug can be fixed by calling "get_alive_test_from_string(alive_test)".

diff --git a/gvm/protocols/gmpv7/__init__.py b/gvm/protocols/gmpv7/__init__.py
index 09ae5f0..0c5fbf5 100644
--- a/gvm/protocols/gmpv7/__init__.py
+++ b/gvm/protocols/gmpv7/__init__.py
@@ -1769,6 +1769,7 @@ class Gmp(GvmProtocol):
             cmd.add_element("snmp_credential", attrs={"id": snmp_credential_id})

         if alive_test:
+            alive_test = get_alive_test_from_string(alive_test)
             if not isinstance(alive_test, AliveTest):
                 raise InvalidArgument(
                     function="create_target", argument="alive_test"

see greenbone/gvmd#369

basic example in readme

complete doc in sphinx docu

Allow to pass the argument names and maybe optional the called function name to the exceptions. This would allow to generate a common error message and also to evaluate the cause of the error for library users.

The latest python-gvm documentation misses the create_task() command:

• https://python-gvm.readthedocs.io/en/latest/search.html?q=create_task

Hello, I encountered some problems when I used python-gvm, so I would like to ask you for advice.
When I use modify_permission to modify an existing permission, it doesn't work as expected.

1. When I passed in the permission_id and comment values, it did not successfully modify the comment corresponding to the permission, but reported an error: <modify_permission_response status="400" status_text="Error in SUBJECT">
   The code shows as below:

path = '/run/gvmd/gvmd.sock'
connection = UnixSocketConnection(path=path)
with Gmp(connection=connection) as gmp:
    gmp.authenticate('admin','199954')
    print(gmp.modify_permission(
        permission_id='d140d640-01f1-4c98-8fe8-616e8829e55d',             #The id of authenticate
        # name='authenticate',
        comment='010203040000',
        # resource_type=EntityType.SCAN_CONFIG,
        # resource_id='d21f6c81-2b88-4ac1-b7b4-a2a9f2ad4663',
        # resource_type=None,
        # resource_id=None,
        # subject_id='c3de57e6-6678-4a06-9866-47e43321fa77',             #The id of an USER
        # subject_type=PermissionSubjectType.USER
    ))

2. When I passed in the subject corresponding to the permission, it reported another error: "gvm.errors.GvmError: Remote closed the connection"

path = '/run/gvmd/gvmd.sock'
connection = UnixSocketConnection(path=path)
with Gmp(connection=connection) as gmp:
    gmp.authenticate('admin','199954')
    print(gmp.modify_permission(
        permission_id='d140d640-01f1-4c98-8fe8-616e8829e55d',             #The id of authenticate
        # name='authenticate',
        comment='010203040000',
        # resource_type=EntityType.SCAN_CONFIG,
        # resource_id='d21f6c81-2b88-4ac1-b7b4-a2a9f2ad4663',
        # resource_type=None,
        # resource_id=None,
        subject_id='c3de57e6-6678-4a06-9866-47e43321fa77',             #The id of an USER
        subject_type=PermissionSubjectType.USER
    ))

3. Only when all the parameters are passed in can the modification be successful.But I don't know what parameter should be passed in those permissions don't have Resource.

On macos 10.15, python-gvm 21.6.0, lxml 4.6.3:

__________________ GvmConnectionTestCase.test_feed_xml_error ___________________

self = <tests.connections.test_gvm_connection.GvmConnectionTestCase testMethod=test_feed_xml_error>

    def test_feed_xml_error(self):
        connection = GvmConnection()
        connection._start_xml()
        with self.assertRaises(
            GvmError, msg='Cannot parse XML response. Response data read bla'
        ):
>           connection._feed_xml("bla")

tests/connections/test_gvm_connection.py:58: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
gvm/connections.py:83: in _feed_xml
    self._parser.feed(data)
src/lxml/parser.pxi:1256: in lxml.etree._FeedParser.feed
    ???
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

>   ???
E   lxml.etree.ParserError: Unicode parsing is not supported on this platform

src/lxml/parser.pxi:1291: ParserError

I think all that needs to be done here is feed "bla" in as a bytestring instead of a unicode string, because of https://lxml.de/FAQ.html#why-can-t-lxml-parse-my-xml-from-unicode-strings

I've implemented an etree abstraction called XmlCommand in gmp.xml. Also I've started to convert GmpCommandFactory to use this new abstraction.

All methods of GmpCommandFactory should be converted to use XmlCommand.

Expected behavior

The function get_info_list mentions ALLINFO. But the enum InfoType doesn't know ALLINFO.

Current behavior

ValueError: 'ALLINFO' is not a valid InfoType

Steps to reproduce

pretty_print(gmp.get_info_list(InfoType("ALLINFO"))

GVM versions

gsa: (gsad --version)
Greenbone Security Assistant 21.4.3

gvm: (gvmd --version)
Greenbone Vulnerability Manager 21.4.4

Environment

Operating system: ubuntu-20.04

Installation method / source: (packages, source installation)

python-gvm==21.11.0 with pip

GVM versions

gvm-tools:
gvm-tools==2.0.0b1
python-gvm==1.0.0b1

Line 2202

get_configs method

cmd = XmlCommand('get_credentials') # mistake
↓
cmd = XmlCommand('get_configs') #correct

The ; seem to be a typo.

https://python-gvm.readthedocs.io/en/latest/api/gmpv9.html#gvm.protocols.gmpv9.Gmp.create_credential

I don't see where it is in the code, so i can't fix it myself.

Hi everyone. I am having troubles with this call (all components such as config_id was received from api itself):

response = self._gmp.create_task(name=name, config_id=config_id, target_id=target_id,  scanner_id=scanner_id)

I am getting this error:

<create_task_response status="400" status_text="Bogus element: usage_type"/>

In openvasmd.log:

event task:MESSAGE:2019-12-02 09h33.39 UTC:1461: Status of task (a0ac8fa1-97d2-40ed-980e-7dcdf8bcabd3) has changed to New
md omp: INFO:2019-12-02 09h33.39 UTC:1461: Failed to parse client XML: Error

And then my connection stops at the next step:

self._gmp.get_tasks()

gvm.errors.GvmError: Remote closed the connection

Expected behavior

Creation and reading of tasks works fine.

Current behavior

Getting 400 status code when trying to create task.

GVM versions

gsa: (gsad --version)
Greenbone Security Assistant 7.0.3

gvm: (gvmd --version)
gvmd: command not found

openvas-scanner: (openvassd --version)
OpenVAS Scanner 5.1.3

Libs versions

python-gvm in c:\users\dyablochkin\appdata\local\programs\python\python37\lib\site-packages (1.1.0)
lxml in c:\users\dyablochkin\appdata\local\programs\python\python37\lib\site-packages (from python-gvm) (4.4.1)
paramiko in c:\users\dyablochkin\appdata\local\programs\python\python37\lib\site-packages (from python-gvm) (2.6.0)
defusedxml in c:\users\dyablochkin\appdata\local\programs\python\python37\lib\site-packages (from python-gvm) (0.6.0)
bcrypt>=3.1.3 in c:\users\dyablochkin\appdata\local\programs\python\python37\lib\site-packages (from paramiko->python-gvm) (3.1.7)
cryptography>=2.5 in c:\users\dyablochkin\appdata\local\programs\python\python37\lib\site-packages (from paramiko->python-gvm) (2.7)
pynacl>=1.0.1 in c:\users\dyablochkin\appdata\local\programs\python\python37\lib\site-packages (from paramiko->python-gvm) (1.3.0)
six>=1.4.1 in c:\users\dyablochkin\appdata\roaming\python\python37\site-packages (from bcrypt>=3.1.3->paramiko->python-gvm) (1.12.0)
cffi>=1.1 in c:\users\dyablochkin\appdata\local\programs\python\python37\lib\site-packages (from bcrypt>=3.1.3->paramiko->python-gvm) (1.12.3)
asn1crypto>=0.21.0 in c:\users\dyablochkin\appdata\local\programs\python\python37\lib\site-packages (from cryptography>=2.5->paramiko->python-gvm) (1.0.1)
pycparser in c:\users\dyablochkin\appdata\local\programs\python\python37\lib\site-packages (from cffi>=1.1->bcrypt>=3.1.3->paramiko->python-gvm) (2.19)

Environment

Operating system:
Python-gvm on Windows 10 (from pip) and OpenVAS in Docker container on Debian 9.

Installation method / source:
https://hub.docker.com/r/mikesplain/openvas

Logfiles

openvasmd.log
gsad.log

Python sources

test.py.txt

When trying to send a command to a UnixSocketConnection closed e.g. by gvmd after an error response a IOError is returned. In this case the socket must be re-opened. Maybe it would also be possible to check if the connection is closed.

Example code for catching such an exception

except IOError as e:
    if e.errno == errno.EPIPE:

Expected behavior

Call get_credentials and get a response with all credentials

Current behavior

call get_credentials and get a TypeError

Traceback (most recent call last):
  File "testvas.py", line 20, in <module>
    tasks = gmp.get_credentials()
  File "/usr/local/lib/python3.5/dist-packages/gvm/protocols/gmpv7.py", line 2188, in get_credentials
    return self.send_command(cmd)
  File "/usr/local/lib/python3.5/dist-packages/gvm/protocols/base.py", line 131, in send_command
    raise e
  File "/usr/local/lib/python3.5/dist-packages/gvm/protocols/base.py", line 127, in send_command
    self._send(cmd)
  File "/usr/local/lib/python3.5/dist-packages/gvm/protocols/base.py", line 63, in _send
    self._connection.send(data)
  File "/usr/local/lib/python3.5/dist-packages/gvm/connections.py", line 103, in send
    self._socket.sendall(data)
  File "/usr/lib/python3.5/ssl.py", line 888, in sendall
    amount = len(data)
TypeError: object of type 'XmlCommand' has no len()

Steps to reproduce

1. Try to call get_credentials

Sample code

from gvm.connections import TLSConnection
from gvm.protocols.latest import Gmp
from gvm.xml import pretty_print

connection = TLSConnection(hostname='127.0.0.1', port=9390)
gmp = Gmp(connection)

# Login
gmp.authenticate('admin', 'password')

# Get all credentials
creds = gmp.create_credentials()
pretty_print(creds)

GVM versions

gvm: (gvmd --version)

root@openvas:/openvas# gvmd --version
Greenbone Vulnerability Manager 9.0+alpha~git-845cadcd-master
GIT revision 845cadcd-master
Manager DB revision 207
Copyright (C) 2010-2017 Greenbone Networks GmbH
License GPLv2+: GNU GPL version 2 or later
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

gvm-tools: (gvm-cli --version)

gvm-cli 2.0.0.beta1. API version 1.0.0.beta2

Environment

Operating system:
Ubuntu 18.04
Installation method / source: (packages, source installation)
source (git master)

Logfiles

md   main:WARNING:2019-05-03 13h54.57 UTC:30775: read_from_client_tls: failed to read from client: The TLS connection was non-properly terminated.
md   main:WARNING:2019-05-03 13h55.38 UTC:30812: read_from_client_tls: failed to read from client: The TLS connection was non-properly terminated.

I've been able to run other functions successfully such as create_credential and get_tasks using the sample code above

With up to date python-gvm (python_gvm-24.1.0-py3-none-any.whl), I have:
An error occurred Remote manager daemon uses an unsupported version of GMP. The GMP version was 22.5
when doing
with Gmp(connection=connection, transform=transform) as gmp:
gmp.authenticate(username, password)

The running openvas is up to date using the official docker-compose.yml

Expected behavior

The method create_tag should be able to create a tag without an resource_id
argument. The protocol specification states that only the name and the
resource_type are mandatory:

A name and the resource type must be provided. If a resource ID is also given,
it must refer to an existing resource.

(https://docs.greenbone.net/API/GMP/gmp-7.0.html#command_create_tag)

Current behavior

The method checks for a resource_id argument and raises a RequiredArgument
expection if it is not present.

May I ask:

When using the python-gvm, how to use the configuration tasks create_task API "Maximum concurrently executed NVTs per host" attribute.

I am very confused, if you know, please tell me, thank you!

As title, I'd like to change the default User-agent which contains OpenVAS-VT to another value

I also want my scans to run through an HTTP Proxy, is this possible?

Expected behavior

I expect the python-gvm library to validate the name of new targets when using Gmp.create_target().

Current behavior

At the moment I can create new targets via python-gvm with names that contain characters that are not allowed when creating targets via the WebUI.

Steps to reproduce

1. Create a new target via python-gvm (Gmp.create_target()) with a target name containing the '@' symbol (e.g. [email protected])
2. Open the newly created target via the WebUI and try to save it.

GVM versions

gsa: Greenbone Security Assistant 22.04.0

gvm: Greenbone Vulnerability Manager 22.4.2

openvas-scanner: OpenVAS 22.4.1

gvm-libs: gvm-libs 22.4.1~dev1

gvm-tools: gvm-cli 23.2.0 (API version 23.2.0)

Environment

Operating system: Debian docker host

Installation method / source: community container

Logfiles

When trying to automate the OpenVAS9 scanning there are many references to omp, python-gvm, gvm-cli, and gmp. Why all the variants?

It is my understanding that omp is now deprecated, I (and I assume others) was redirected to this repo instead. There is a wide array of documentation that exists on how to use omp and traditional cli calls. This does not exist for gvm-cli or python-gvm. The example given shows how to make connections via a UnixSocketConnection with basic get_task requests against the localhost. It appears that documentation around executing commands from a remote host does not exist. If users are being redirected to these tools and support of omp is being dropped, it would be appreciated it documentation around automating components of OpenVAS 9 was enhanced. Particularly around execution from a remote host.

Expected behavior

When creating a new ticket with function gmp.create_ticket it should verify if the assigned user has already read permission to the task

Current behavior

When creating a new ticket with function gmp.create_ticket it adds a new ACL on ticket with read permission to user, without verifying if the user had already read permission to the task.

Steps to reproduce

1. Give read permission to USER1 for task TASK1
2. Run task TASK1
3. Pick a result (UUIDRES1) of TASK1 and use the function gmp.create_ticket (gmp.create_ticket(result_id = UUIDRES1, assigned_to_user_id = USER1)
4. Go to permission tab of TASK1 and observe a new read ACL for user USER1 with label "Automatically created for ticket"

GVM versions

gsa: (gsad --version)

gvm: (gvmd --version)

openvas-scanner: (openvassd --version)

gvm-libs:

gvm-tools: (gvm-cli --version)

gvm-cli 24.1.0 (API version 24.1.0)

Environment

Operating system:

RHEL8.10

Installation method / source: (packages, source installation)

Installed from pip

Logfiles

Expected behavior

Find Source Distribution for 23.5.0 on PyPI https://pypi.org/project/python-gvm/23.5.0/#files like for previous versions, e.g. 23.4.2:

Source Distribution
python_gvm-23.4.2.tar.gz (174.8 kB view hashes)
Uploaded 26. Apr. 2023 source

Current behavior

Source Distribution for 23.5.0 missing on PyPI.

Steps to reproduce

1. https://pypi.org/project/python-gvm/23.5.0/#files

GVM versions

gsa: Greenbone Security Assistant 22.04.1
gvm: Greenbone Vulnerability Manager 22.4.2
openvas: OpenVAS 22.5.0
gvm-libs: gvm-libs 22.5.1

Environment

Operating system: Exherbo Linux
Installation method / source: source-based package installation

Logfiles

Could you please make python-gvm compatible with PEP-561? As far as I can see from the source code you already have type annotations in most files. So I think this should be done by adding a py.typed file to the package.

Without compatibility to PEP-561 using python-gvm in a project with mandantory type checking is a mess, because types always fall back to "Any" instead of the annotated types. The consequence is also that there is no autocompletion in VSCode (with Pylance) at development time and no type checking for Pylance and MyPy available.

Not sure if this issue belongs here, but I suspect python-gvm/gvm/connections.py to be the cause of this.

I just upgraded python-gvm and gvm-tools today. After the upgrade, many gvm-cli socket commands will hang and timeout with "Connection was closed by remote server". No other errors are thrown and openvasmd log is empty. Looks like these commands do not reach openvasmd.

openvasmd, openvassd and gsad are however working correctly.

To reproduce, some examples:

$ gvm-cli socket -c --xml "<get_version>"
Connection was closed by remote server

$ gvm-cli socket -c --xml "<get_port_lists>"
Connection was closed by remote server

$ gvm-cli socket -c --xml "<get_configs>"
Connection was closed by remote server

gvm-cli socket -c --xml "<get_scanners>"
Connection was closed by remote server

$ openvasmd --get-scanners
08b69003-5fc2-4037-a479-93b440211c73  OpenVAS Default
6acd0832-df90-11e4-b9d5-28d24461215b  CVE

$ gvm-cli socket -c --xml "<get_users>"
Connection was closed by remote server

$ openvasmd --get-users
admin

Some commands however will work correctly:

$ gvm-cli socket -c --xml "<get_nvts family=\"IT-Grundschutz-12\" details=\"1\"/>"
<get_nvts_response status="200" status_text="OK">...</get_nvts_response>

$ gvm-cli socket -c --xml "<get_xxx>"
('Error in response. Bogus command name', <Element omp_response at 0x7f09f6462488>)

GVM versions

gsa: (gsad --version)
Greenbone Security Assistant 7.0.4
GIT revision 8bc4902b7-gsa-7.0

openvasmd: (openvasmd --version)
OpenVAS Manager 7.0.4
GIT revision a8d29fc4-openvas-manager-7.0
Manager DB revision 184

openvas-scanner: (openvassd --version)
OpenVAS Scanner 5.1.3

gvm-libs: (git log)
commit 745eee685f57ee56292f53c31137b92b5e84c7e7 (HEAD -> openvas-libraries-9.0, origin/openvas-libraries-9.0)

gvm-tools: (gvm-cli --version)
gvm-cli 2.0.0.beta1. API version 1.0.0.dev1

gvm-tools: (git log)
commit e9dabe9ba46f0cc929c5f63bf42d52a50961a8ac (HEAD -> master, origin/master, origin/HEAD)

python-gvm: (git log)
commit 0953fa2 (HEAD -> master, origin/master, origin/HEAD)

Environment

Operating system:
$ uname -a
Linux xxx 4.15.0-38-generic #41-Ubuntu SMP Wed Oct 10 10:59:38 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux

Installation method / source: (packages, source installation)
sudo -H pip3 install .

The Python Gmp. delete_scanner() API always returns 404 when deleting a OSP-Sensor instance.
This is either a python-gvm API bug for not sending the correct command to GVMD or a GVMD bug for not implementing the delete_scanner request correctly.

Expected behavior

OSP-Scanner deleted the same as if gvmd --delete-scanner was invoked

Current behavior

gmp.delete_scanner() failed: Response Error 404. Failed to find scanner '4693f870-774e-4441-bde5-b694ace9c887'

Steps to reproduce

1. create certificates for scanner docker-compose exec -u gvmd gvmd gvm-manage-certs -a -q -f
2. create OSP-Sensor with:
   docker-compose $OPTIONS exec -u gvmd gvmd gvmd --create-scanner=TEST
   --scanner-host=hostname
   --scanner-port=9390
   --scanner-type=OSP-Sensor
   --scanner-ca-pub=/var/lib/gvm/CA/cacert.pem
   --scanner-key-pub=/var/lib/gvm/CA/clientcert.pem
   --scanner-key-priv=/var/lib/gvm/private/CA/clientkey.pem
3. get the scanner id:
   docker-compose $OPTIONS exec -u gvmd gvmd --get-scanners | grep OSP-Sensor
   5 delete the scanner id reported in step 4 with the following command:
   docker compose $OPTIONS run -it --rm -v $PWD:$PWD -w $PWD gvm-tools socket $PWD/delete-fails.py --scanner_id=XXX

GVM versions

gsa: (gsad --version)
22.5.3
gvm: (gvmd --version)
22.6.0
openvas-scanner: (openvassd --version)
22.5.3
gvm-libs:
22.6.3
gvm-tools: (gvm-cli --version)
23.4.0
delete-fails.py,txt

Environment

Operating system:
Rocky Linux
Installation method / source: (packages, source installation)
docker containers/source

Logfiles

greenbone-community-scanner-gvmd-1 | event scanner:MESSAGE:2023-08-23 18h45.40 UTC:2546: Scanner TEST(4693f870-774e-4441-bde5-b694ace9c887) could not be deleted by XXXX

Script to reproduce the bug: rename to delete-fails.py to be able to use it.
delete-fails.py,txt

Expected behavior

Passing None as Port in the constructor of gvm.connections.SSHConnection should not throw an TypeError. Because the type is Optional. So you should not worry about it if None is passed. https://docs.python.org/3/library/typing.html#typing.Optional. Also if you pass None as Port to gvm.connections.TLSConnection or gvm.connections.UnixSocketConnection then no errror is thrown.

Current behavior

If you pass None to gvm.connections.SSHConnection, TypeError is thrown. Because of converting it to int.

class SSHConnection(GvmConnection):
    def __init__(
        self,
        *,
        timeout: Optional[int] = DEFAULT_TIMEOUT,
        hostname: Optional[str] = DEFAULT_HOSTNAME,
        port: Optional[int] = DEFAULT_SSH_PORT,
        username: Optional[str] = "gmp",
        password: Optional[str] = ""
    ):
        super().__init__(timeout=timeout)

        self.hostname = hostname
        self.port = int(port)

Steps to reproduce

I've found this during writing tests for the parser in gvm-tools repository. This code will throw this error:
SSHConnection(port=None)

GVM versions

gsa: (gsad --version)
Not installed

gvm: (gvmd --version)
20.9.1

gvm-tools: (gvm-cli --version)
gvm-cli 20.10.2.dev1 (API version 20.9.1)

Environment

Operating system:
Linux Mint 20

Installation method / source: (packages, source installation)
Packages. I have cloned the gvm-tools repository and installed the dependencies.

Logfiles

Not the Logfile but the Traceback, after I have run my test:

Traceback (most recent call last):
  File "/usr/lib/python3.8/unittest/mock.py", line 1325, in patched
    return func(*newargs, **newkeywargs)
  File "/home/fox/Git/gvm-tools/tests/test_parser.py", line 478, in test_create_ssh_connection
    self.perform_create_connection_test('ssh', SSHConnection)
  File "/home/fox/Git/gvm-tools/tests/test_parser.py", line 481, in perform_create_connection_test
    connection = create_connection(connection_type)
  File "/home/fox/Git/gvm-tools/gvmtools/parser.py", line 336, in create_connection
    return SSHConnection(
  File "/home/fox/Git/gvm-tools/.venv/lib/python3.8/site-packages/gvm/connections.py", line 195, in __init__
    self.port = int(port)
TypeError: int() argument must be a string, a bytes-like object or a number, not 'NoneType'

Expected behavior

https://pypi.org/project/python-gvm/#Install-using-pip
Given command should work.
Correct command: pip3 install --user python-gvm

Current behavior

root@openvas:~# pip install --user python-gvm
Collecting python-gvm
  Could not find a version that satisfies the requirement python-gvm (from versions: )
No matching distribution found for python-gvm

Steps to reproduce

1. Try to install python-gvm accroding to the instructiuons

GVM versions

gsa: (gsad --version)
Not important
gvm: (gvmd --version)
Not important
openvas-scanner: (openvassd --version)
Not important
gvm-libs:
Not important
gvm-tools: (gvm-cli --version)
Not important

Environment

Operating system:
Ubuntu 18.04
Installation method / source: (packages, source installation)
https://pypi.org/project/python-gvm/#Install-using-pip

Logfiles

Background:
I would like to pull all tls certificates discovered by gvm by using the gmp api, with the optional sources as it will form an incredibly useful way of alerting about certificates which are expiring/expired.
Looking at the logs, gsad seems to pull certificates with the source data included using the xml "<get_tls_certificates details="1"/>.
This works fine with using gvm-cli, although the api here:

https://docs.greenbone.net/API/GMP/gmp-20.08.html#command_get_tls_certificates

doesn't seem to mention the @details option, just the not dissimilar option of @include_certificate_data which also works to fetch the actual certificate within the xml via gvm-cli.

Within gvm-script or gvm-pyshell, the optional @include_certificate_data functions fine - the same data is fetched as with gvm-cli using that option, but the python module does not recognise the "details=1" or "details=True" boolean option which seems undocumented but which gsad uses.

The docs do mention the element and underlying data, but I can't work out how to pull them in with any other method apart from the details option, and would prefer not to parse the xml from gvm-cli if I can use Python instead.

Thank you
Andy

Expected behavior

Certificate detail (sources etc) are fetched as part of the query, using the option details="1"

Current behavior

python produces an error :
get_tls_certificates() got an unexpected keyword argument 'details'

Steps to reproduce

I'm using gvm-script with something like:
def main(gmp, args):
certs=gmp.get_tls_certificates(details='1')
..

other options do work as noted, e.g.
def main(gmp, args):
cert_filter='rows=-1'
certs=gmp.get_tls_certificates(include_certificate_data='1',filter=cert_filter)

..without issue.

GVM versions

Greenbone Security Assistant 20.08.0git-d26e061f9-gsa-20.08
Greenbone Vulnerability Manager 20.08.0git-c04cad16-gvmd-20.08
OpenVAS 20.8.0
gvm-libs 20.8.0~git-c316e62-gvm-libs-20.08
gvm-cli 2.2.0.dev1 (API version 20.8.1)

Environment

Ubuntu 20.04
Source installation