Fix: openvasd doesn't support empty passphrase for usk crendential

SC-1233 With an empty password the scan is stored but when the start command is sent, I got the following: `2025-02-11T15:15:21.349117Z WARN openvasd::controller::results: results sync failed e=storage error occurred: serialization error` If the password field is not sent at all, the scan is even not stored, with the following response: `{"line":1,"column":799,"message":"missing field password at line 1 column 799"}`
greenbone · Feb 27, 2025 · 1ae26b1 · 1ae26b1
1 parent 13006c2
commit 1ae26b1
Show file tree

Hide file tree

Showing 5 changed files with 38 additions and 7 deletions.
diff --git a/rust/src/models/credential.rs b/rust/src/models/credential.rs
@@ -30,6 +30,19 @@ impl Credential {
             credential_type: self.credential_type.map_password(f)?,
         })
     }
+
+    /// Gets the password of the credential.
+    pub fn password(&self) -> &str {
+        match &self.credential_type {
+            CredentialType::UP { password, .. } => password,
+            CredentialType::USK { password, .. } => match password {
+                None => "",
+                Some(p) => p,
+            },
+            CredentialType::SNMP { password, .. } => password,
+            CredentialType::KRB5 { password, .. } => password,
+        }
+    }
 }
 
 impl Default for Credential {
@@ -136,7 +149,12 @@ pub enum CredentialType {
         /// The username for authentication.
         username: String,
         /// The password for authentication.
-        password: String,
+        // A key without passphrase can be expected
+        #[cfg_attr(
+            feature = "serde_support",
+            serde(default, skip_serializing_if = "Option::is_none")
+        )]
+        password: Option<String>,
         #[cfg_attr(feature = "serde_support", serde(rename = "private"))]
         /// The private key for authentication.
         private_key: String,
@@ -200,7 +218,10 @@ impl CredentialType {
                 privilege,
             } => CredentialType::USK {
                 username,
-                password: f(password)?,
+                password: match password {
+                    Some(p) => Some(f(p)?),
+                    None => None,
+                },
                 private_key: f(private_key)?,
                 privilege: match privilege {
                     Some(p) => Some(PrivilegeInformation {

diff --git a/rust/src/openvas/pref_handler.rs b/rust/src/openvas/pref_handler.rs
@@ -443,7 +443,7 @@ where
                         ));
                         credential_preferences.push(format!(
                             "{OID_SSH_AUTH}:2:password:SSH key passphrase:|||{}",
-                            password
+                            password.unwrap_or_default()
                         ));
                         credential_preferences.push(format!(
                             "{OID_SSH_AUTH}:4:file:SSH private key:|||{}",

diff --git a/rust/src/openvasd/storage/inmemory.rs b/rust/src/openvasd/storage/inmemory.rs
@@ -484,9 +484,12 @@ mod tests {
     fn password(c: &Credential) -> &str {
         match &c.credential_type {
             CredentialType::UP { password, .. }
-            | CredentialType::USK { password, .. }
             | CredentialType::SNMP { password, .. }
             | CredentialType::KRB5 { password, .. } => password,
+            CredentialType::USK { password, .. } => match password {
+                Some(p) => p,
+                None => "",
+            }
         }
     }
 

diff --git a/rust/src/osp/commands.rs b/rust/src/osp/commands.rs
@@ -308,7 +308,11 @@ fn write_credentials(scan: &Scan, writer: &mut Writer) -> Result<()> {
                         privilege,
                     } => {
                         write_str_element(writer, "username", username)?;
-                        write_str_element(writer, "password", password)?;
+                        write_str_element(
+                            writer,
+                            "password",
+                            password.clone().unwrap_or_default().as_ref()
+                        )?;
                         write_str_element(writer, "private", private_key)?;
                         if let Some(p) = privilege {
                             write_str_element(writer, "priv_username", &p.username)?;

diff --git a/rust/src/scannerctl/osp/start_scan.rs b/rust/src/scannerctl/osp/start_scan.rs
@@ -50,7 +50,7 @@ impl From<Credentials> for Vec<models::Credential> {
                 let kind = match &x.kind as &str {
                     "usk" => CredentialType::USK {
                         username,
-                        password,
+                        password: Some(password),
                         private_key: key("private", &x.credentials),
                         privilege,
                     },
@@ -581,7 +581,10 @@ impl From<models::Credential> for Credential {
                 privilege,
             } => {
                 credentials.push(("username".to_string(), username));
-                credentials.push(("password".to_string(), password));
+                credentials.push((
+                    "password".to_string(),
+                    password.unwrap_or_default()
+                ));
                 credentials.push(("private".to_string(), private_key));
                 if let Some(p) = privilege {
                     credentials.push(("priv_username".to_string(), p.username));