基於rule的Vuln set帶來的數據庫存儲變化

內容沒有多大意義，關鍵是打破砂鍋的心。

/****** Script for SelectTopNRows command from SSMS  ******/
SELECT TOP 1000 [VulnSetID]
      ,[VulnsVersion]
      ,[VulnSetVersion]
      ,[Name]
      ,[Unnamed]
      /*,[Description]
      ,[OrgID]
      ,[Creator]
      ,[CreateDate]
      ,[ModifiedDate]
      ,[VulnChecks]
      ,[EnableWhamScan]
      ,[ScanForWireless]
      ,[EnableShellScan]
      ,[StartWebCrawl]
      ,[SourceSifting]
      ,[SmartGuess]
      ,[SqlHack]
      ,[SourceDisclose]
      ,[EnableBruteForcing]
      ,[BruteForcing]
      ,[JavaAppletDecompile]
      ,[DirectoryBrowse]*/
      ,[VulnSetType]
      ,[VulnFilterXML]  //該字段的內容連接到VulnFilter.xml
      ,[VulnFilterProcessedQuery] //該字段存儲的是獲取所有Vulns內容的查詢語句。
      ,[State]
  FROM [faultline].[ScanComponent].[VulnSet]
  where Name='cmb_default'

當初的的Vuln Set的設置是根據樹形結構的勾選，可以通過VulnSetVulns表查詢到Vulnset 所勾選的Vulns，但是當使用基於rule的方法之後，在該表中就沒有了相應的內容。

一度以爲查找錯了表，後續想到和其他的Vulnset的不同點就是基於tree和rule的不同，驗證後確認，詳細查看了Vulnset表，有基於類型不同的字段。

///xml文件的內容

<VulnFilter>
  <Filter expression="( {0}  and  {1} ) and ( {2}  or  {3}  or  {4}  or  {5}  or  {6}  or  {7}  or  {8}  or  {9}  or  {10}  or  {11}  or  {12}  or  {13}  or  {14}  or  {15}  or  {16} ) and ( {17}  and  {18} )">
    <Condition>
      <Column>Intrusive</Column>
      <Operator>equals</Operator>
      <Value>0</Value>
      <ConditionID>0</ConditionID>
    </Condition>
    <Condition>
      <Column>Module</Column>
      <Operator>does not equal</Operator>
      <Value>3</Value>
      <ConditionID>1</ConditionID>
    </Condition>
    <Condition>
      <Column>Category</Column>
      <Operator>equals</Operator>
      <Value>6</Value>
      <ConditionID>2</ConditionID>
    </Condition>
    <Condition>
      <Column>Category</Column>
      <Operator>equals</Operator>
      <Value>10</Value>
      <ConditionID>3</ConditionID>
    </Condition>
    <Condition>
      <Column>Category</Column>
      <Operator>equals</Operator>
      <Value>12</Value>
      <ConditionID>4</ConditionID>
    </Condition>
    <Condition>
      <Column>Category</Column>
      <Operator>equals</Operator>
      <Value>14</Value>
      <ConditionID>5</ConditionID>
    </Condition>
    <Condition>
      <Column>Category</Column>
      <Operator>equals</Operator>
      <Value>31</Value>
      <ConditionID>6</ConditionID>
    </Condition>
    <Condition>
      <Column>Category</Column>
      <Operator>equals</Operator>
      <Value>50</Value>
      <ConditionID>7</ConditionID>
    </Condition>
    <Condition>
      <Column>Category</Column>
      <Operator>equals</Operator>
      <Value>32</Value>
      <ConditionID>8</ConditionID>
    </Condition>
    <Condition>
      <Column>Category</Column>
      <Operator>equals</Operator>
      <Value>115</Value>
      <ConditionID>9</ConditionID>
    </Condition>
    <Condition>
      <Column>Category</Column>
      <Operator>equals</Operator>
      <Value>30</Value>
      <ConditionID>10</ConditionID>
    </Condition>
    <Condition>
      <Column>Category</Column>
      <Operator>equals</Operator>
      <Value>48</Value>
      <ConditionID>11</ConditionID>
    </Condition>
    <Condition>
      <Column>Category</Column>
      <Operator>equals</Operator>
      <Value>16</Value>
      <ConditionID>12</ConditionID>
    </Condition>
    <Condition>
      <Column>Category</Column>
      <Operator>equals</Operator>
      <Value>24</Value>
      <ConditionID>13</ConditionID>
    </Condition>
    <Condition>
      <Column>Category</Column>
      <Operator>equals</Operator>
      <Value>70</Value>
      <ConditionID>14</ConditionID>
    </Condition>
    <Condition>
      <Column>Category</Column>
      <Operator>equals</Operator>
      <Value>19</Value>
      <ConditionID>15</ConditionID>
    </Condition>
    <Condition>
      <Column>Category</Column>
      <Operator>equals</Operator>
      <Value>21</Value>
      <ConditionID>16</ConditionID>
    </Condition>
    <Condition>
      <Column>Vulnerability Name</Column>
      <Operator>does not contain</Operator>
      <Value>SSHv1 Protocol Enabled</Value>
      <ConditionID>17</ConditionID>
    </Condition>
    <Condition>
      <Column>Vulnerability Name</Column>
      <Operator>does not contain</Operator>
      <Value>Microsoft Internet Information Services Remote DoS</Value>
      <ConditionID>18</ConditionID>
    </Condition>
  </Filter>
</VulnFilter>

use faultline
select *  //後邊就是[VulnFilterProcessedQuery]字段的值，對應的是我們建立的過濾規則

FROM Content.vwVulnCategoryVulnSelectable MasterView WHERE 1=1  AND  ( (MasterView.Intrusive = 0)   and  (MasterView.ModuleID <> 3)  ) and ( (MasterView.VulnCategoryID = 6)   or  (MasterView.VulnCategoryID = 10)   or  (MasterView.VulnCategoryID = 12)   or  (MasterView.VulnCategoryID = 14)   or  (MasterView.VulnCategoryID = 31)   or  (MasterView.VulnCategoryID = 50)   or  (MasterView.VulnCategoryID = 32)   or  (MasterView.VulnCategoryID = 115)   or  (MasterView.VulnCategoryID = 30)   or  (MasterView.VulnCategoryID = 48)   or  (MasterView.VulnCategoryID = 16)   or  (MasterView.VulnCategoryID = 24)   or  (MasterView.VulnCategoryID = 70)   or  (MasterView.VulnCategoryID = 19)   or  (MasterView.VulnCategoryID = 21)  ) and ( ( isnull(MasterView.VulnName, '') not like '%SSHv1 Protocol Enabled%' Escape '!' )   and  ( isnull(MasterView.VulnName, '') not like '%Microsoft Internet Information Services Remote DoS%' Escape '!' )  )