Util json

CMakeLists.txt

@@ -232,7 +232,7 @@ if (BUILD_TESTS AND NOT SKIP_SRC)
     DEPENDS array-test alivedetection-test boreas_error-test boreas_io-test
             cli-test cpeutils-test cvss-test ping-test sniffer-test util-test networking-test
             passwordbasedauthentication-test xmlutils-test version-test versionutils-test
-            osp-test nvti-test hosts-test jsonpull-test compressutils-test)
+            osp-test nvti-test hosts-test json-test jsonpull-test compressutils-test)
 
 endif (BUILD_TESTS AND NOT SKIP_SRC)
 

openvasd/openvasd.c

@@ -12,6 +12,7 @@
 
 #include "../base/array.h"
 #include "../base/networking.h"
+#include "../util/json.h"
 
 #include <cjson/cJSON.h>
 #include <curl/curl.h>
@@ -1095,7 +1096,6 @@
   const gchar *err = NULL;
   openvasd_resp_t resp = NULL;
   openvasd_result_t result = NULL;
-  unsigned long id = 0;
   gchar *type = NULL;
   gchar *ip_address = NULL;
   gchar *hostname = NULL;
@@ -1133,10 +1133,6 @@
       // error
       goto res_cleanup;
 
-    if ((item = cJSON_GetObjectItem (result_obj, "id")) != NULL
-        && cJSON_IsNumber (item))
-      id = item->valuedouble;
-
     if ((item = cJSON_GetObjectItem (result_obj, "type")) != NULL
         && cJSON_IsString (item))
       type = g_strdup (item->valuestring);
@@ -1193,7 +1189,8 @@
           detail_source_description = g_strdup (detail_obj->valuestring);
       }
 
-    result = openvasd_result_new (id, type, ip_address, hostname, oid, port,
+    result = openvasd_result_new (gvm_json_obj_double (result_obj, "id"),
+                                  type, ip_address, hostname, oid, port,
                                   protocol, message, detail_name, detail_value,
                                   detail_source_type, detail_source_name,
                                   detail_source_description);
@@ -1410,7 +1407,6 @@
   cJSON *status = NULL;
   openvasd_resp_t resp = NULL;
   gchar *status_val = NULL;
-  time_t start_time = 0, end_time = 0;
   int progress = -1;
   openvasd_status_t status_code = OPENVASD_SCAN_STATUS_ERROR;
   openvasd_scan_status_t status_info;
@@ -1433,14 +1429,6 @@
     goto status_cleanup;
   status_val = g_strdup (status->valuestring);
 
-  if ((status = cJSON_GetObjectItem (parser, "start_time")) != NULL
-      && !cJSON_IsNumber (status))
-    start_time = status->valuedouble;
-
-  if ((status = cJSON_GetObjectItem (parser, "end_time")) != NULL
-      && !cJSON_IsNumber (status))
-    end_time = status->valuedouble;
-
   progress = openvasd_get_scan_progress_ext (NULL, resp);
 
 status_cleanup:
@@ -1451,8 +1439,8 @@
   g_free (status_val);
 
   status_info->status = status_code;
-  status_info->end_time = end_time;
-  status_info->start_time = start_time;
+  status_info->end_time = gvm_json_obj_double (parser, "end_time");
+  status_info->start_time = gvm_json_obj_double (parser, "start_time");
   status_info->progress = progress;
 
   return status_info;

openvasd/vtparser.c

@@ -83,13 +83,9 @@
           && cJSON_IsString (item))
         nvti_set_affected (nvt, item->valuestring);
 
-      if ((item = cJSON_GetObjectItem (tag_obj, "creation_date")) != NULL
-          && cJSON_IsNumber (item))
-        nvti_set_creation_time (nvt, item->valuedouble);
+      nvti_set_creation_time (nvt, gvm_json_obj_double (tag_obj, "creation_date"));
 
-      if ((item = cJSON_GetObjectItem (tag_obj, "last_modification")) != NULL
-          && cJSON_IsNumber (item))
-        nvti_set_modification_time (nvt, item->valuedouble);
+      nvti_set_modification_time (nvt, gvm_json_obj_double (tag_obj, "last_modification"));
 
       if ((item = cJSON_GetObjectItem (tag_obj, "insight")) != NULL
           && cJSON_IsString (item))
@@ -150,7 +146,6 @@
           gchar *severity_origin = NULL, *severity_type = NULL;
           gchar *cvss_base;
 
-          time_t severity_date = 0;
           double cvss_base_dbl;
 
           if (g_strrstr (severity_vector, "CVSS:3"))
@@ -160,17 +155,14 @@
 
           cvss_base_dbl = get_cvss_score_from_base_metrics (severity_vector);
 
-          if ((item = cJSON_GetObjectItem (tag_obj, "severity_date")) != NULL
-              && cJSON_IsNumber (item))
-            severity_date = item->valuedouble;
-
           if ((item = cJSON_GetObjectItem (tag_obj, "severity_origin")) != NULL
               && cJSON_IsString (item))
             severity_origin = item->valuestring;
 
-          nvti_add_vtseverity (
-            nvt, vtseverity_new (severity_type, severity_origin, severity_date,
-                                 cvss_base_dbl, severity_vector));
+          nvti_add_vtseverity (nvt,
+                               vtseverity_new (severity_type, severity_origin,
+                                               gvm_json_obj_double (tag_obj, "severity_date"),
+                                               cvss_base_dbl, severity_vector));
 
           nvti_add_tag (nvt, "cvss_base_vector", severity_vector);
 

util/CMakeLists.txt

@@ -112,12 +112,12 @@ endif (BUILD_WITH_LDAP)
 include_directories (${GLIB_INCLUDE_DIRS} ${GPGME_INCLUDE_DIRS} ${GCRYPT_INCLUDE_DIRS}
                      ${LIBXML2_INCLUDE_DIRS})
 
-set (FILES cpeutils.c passwordbasedauthentication.c compressutils.c fileutils.c gpgmeutils.c jsonpull.c kb.c
+set (FILES cpeutils.c passwordbasedauthentication.c compressutils.c fileutils.c gpgmeutils.c json.c jsonpull.c kb.c
            ldaputils.c nvticache.c mqtt.c radiusutils.c serverutils.c sshutils.c uuidutils.c versionutils.c
            xmlutils.c)
 
 set (HEADERS cpeutils.h passwordbasedauthentication.h authutils.h compressutils.h fileutils.h gpgmeutils.h
-             jsonpull.h kb.h ldaputils.h nvticache.h mqtt.h radiusutils.h serverutils.h sshutils.h
+             json.h jsonpull.h kb.h ldaputils.h nvticache.h mqtt.h radiusutils.h serverutils.h sshutils.h
              uuidutils.h versionutils.h xmlutils.h)
 
 if (BUILD_STATIC)
@@ -148,6 +148,21 @@ endif (BUILD_SHARED)
 ## Tests
 
 if (BUILD_TESTS)
+  add_executable (json-test
+                  EXCLUDE_FROM_ALL
+                  json_tests.c)
+
+  add_test (json-test json-test)
+
+  target_include_directories (json-test PRIVATE ${CGREEN_INCLUDE_DIRS})
+
+  target_link_libraries (json-test ${CGREEN_LIBRARIES}
+                         ${GLIB_LDFLAGS} ${CJSON_LDFLAGS})
+
+  add_custom_target (tests-json
+                     DEPENDS json-test)
+
+
   add_executable (jsonpull-test
                   EXCLUDE_FROM_ALL
                   jsonpull_tests.c)

util/json.c

@@ -0,0 +1,84 @@
+/* SPDX-FileCopyrightText: 2024 Greenbone AG
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+
+#include "json.h"
+
+/**
+ * @brief Escapes a string according to the JSON or JSONPath standard
+ *
+ * @param[in]  string         The string to escape
+ * @param[in]  single_quote   Whether to escape single quotes
+ *
+ * @return The escaped string
+ */
+gchar *
+gvm_json_string_escape (const char *string, gboolean single_quote)
+{
+  gchar *point;
+  if (string == NULL)
+    return NULL;
+
+  GString *escaped = g_string_sized_new (strlen (string));
+  for (point = (char *) string; *point != 0; point++)
+    {
+      unsigned char character = *point;
+
+      if ((character > 31) && (character != '\\')
+          && (single_quote ? (character != '\'') : (character != '\"')))
+        {
+          g_string_append_c (escaped, character);
+        }
+      else
+        {
+          g_string_append_c (escaped, '\\');
+          switch (*point)
+            {
+            case '\\':
+            case '\'':
+            case '\"':
+              g_string_append_c (escaped, *point);
+              break;
+            case '\b':
+              g_string_append_c (escaped, 'b');
+              break;
+            case '\f':
+              g_string_append_c (escaped, 'f');
+              break;
+            case '\n':
+              g_string_append_c (escaped, 'n');
+              break;
+            case '\r':
+              g_string_append_c (escaped, 'r');
+              break;
+            case '\t':
+              g_string_append_c (escaped, 't');
+              break;
+            default:
+              g_string_append_printf (escaped, "u%04x", character);
+            }
+        }
+    }
+  return g_string_free (escaped, FALSE);
+}
+
+/**
+ * @brief Get a double field from a JSON object.
+ *
+ * @param[in]  obj  Object
+ * @param[in]  key  Field name.
+ *
+ * @return A double.
+ */
+double
+gvm_json_obj_double (cJSON *obj, const gchar *key)
+{
+  cJSON *item;
+
+  item = cJSON_GetObjectItem (obj, key);
+  if (item && cJSON_IsNumber (item))
+    return item->valuedouble;
+
+  return 0;
+}

util/json.h

@@ -0,0 +1,21 @@
+/* SPDX-FileCopyrightText: 2024 Greenbone AG
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+
+#ifndef _GVM_JSON_H
+#define _GVM_JSON_H
+
+#define _GNU_SOURCE
+
+#include <cjson/cJSON.h>
+
+#include <glib.h>
+
+gchar *
+gvm_json_string_escape (const char *, gboolean);
+
+double
+gvm_json_obj_double (cJSON *, const gchar *);
+
+#endif /* _GVM_JSON_H */

util/json_tests.c

@@ -0,0 +1,51 @@
+/* SPDX-FileCopyrightText: 2019-2023 Greenbone AG
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+
+#include "json.c"
+
+#include <cgreen/cgreen.h>
+#include <cgreen/mocks.h>
+#include <stdio.h>
+
+Describe (json);
+BeforeEach (json)
+{
+}
+AfterEach (json)
+{
+}
+
+Ensure (json, can_json_escape_strings)
+{
+  const char *unescaped_string = "\"'Abc\\\b\f\n\r\t\001Äöü'\"";
+  const char *escaped_string_dq = "\\\"'Abc\\\\\\b\\f\\n\\r\\t\\u0001Äöü'\\\"";
+  const char *escaped_string_sq = "\"\\'Abc\\\\\\b\\f\\n\\r\\t\\u0001Äöü\\'\"";
+
+  gchar *escaped_string = NULL;
+  escaped_string = gvm_json_string_escape (NULL, FALSE);
+  assert_that (escaped_string, is_null);
+
+  escaped_string = gvm_json_string_escape (unescaped_string, FALSE);
+  assert_that (escaped_string, is_equal_to_string (escaped_string_dq));
+  g_free (escaped_string);
+
+  escaped_string = gvm_json_string_escape (unescaped_string, TRUE);
+  assert_that (escaped_string, is_equal_to_string (escaped_string_sq));
+  g_free (escaped_string);
+}
+
+int
+main (int argc, char **argv)
+{
+  TestSuite *suite;
+
+  suite = create_test_suite ();
+
+  add_test_with_context (suite, json, can_json_escape_strings);
+
+  if (argc > 1)
+    return run_single_test (suite, argv[1], create_text_reporter ());
+  return run_test_suite (suite, create_text_reporter ());
+}

util/jsonpull.c

@@ -11,64 +11,6 @@
 #define GVM_JSON_CHAR_ERROR -2     ///< Error reading file
 #define GVM_JSON_CHAR_UNDEFINED -3 ///< Undefined state
 
-/**
- * @brief Escapes a string according to the JSON or JSONPath standard
- *
- * @param[in]  string         The string to escape
- * @param[in]  single_quote   Whether to escape single quotes
- *
- * @return The escaped string
- */
-gchar *
-gvm_json_string_escape (const char *string, gboolean single_quote)
-{
-  gchar *point;
-  if (string == NULL)
-    return NULL;
-
-  GString *escaped = g_string_sized_new (strlen (string));
-  for (point = (char *) string; *point != 0; point++)
-    {
-      unsigned char character = *point;
-
-      if ((character > 31) && (character != '\\')
-          && (single_quote ? (character != '\'') : (character != '\"')))
-        {
-          g_string_append_c (escaped, character);
-        }
-      else
-        {
-          g_string_append_c (escaped, '\\');
-          switch (*point)
-            {
-            case '\\':
-            case '\'':
-            case '\"':
-              g_string_append_c (escaped, *point);
-              break;
-            case '\b':
-              g_string_append_c (escaped, 'b');
-              break;
-            case '\f':
-              g_string_append_c (escaped, 'f');
-              break;
-            case '\n':
-              g_string_append_c (escaped, 'n');
-              break;
-            case '\r':
-              g_string_append_c (escaped, 'r');
-              break;
-            case '\t':
-              g_string_append_c (escaped, 't');
-              break;
-            default:
-              g_string_append_printf (escaped, "u%04x", character);
-            }
-        }
-    }
-  return g_string_free (escaped, FALSE);
-}
-
 /**
  * @brief Creates a new JSON path element.
  *