Fixes vs alert not triggered

2026-04-29 15:39:33 +00:00 · 2023-10-02 10:13:53 +00:00 · 2023-10-02 10:13:53 +00:00 · 21129f81e4
commit 21129f81e4
parent 4fa0f46c8b
1 changed files with 21 additions and 18 deletions
--- a/scripts/lua/modules/vulnerability_scan/vs_utils.lua
+++ b/scripts/lua/modules/vulnerability_scan/vs_utils.lua
@ -330,34 +330,37 @@ function vs_utils.save_host_to_scan(scan_type, host, scan_result, last_scan_time
 				    is_ok_last_scan, ports, scan_frequency, num_open_ports,
 				     num_vulnerabilities_found, cve, id, is_edit, udp_ports, tcp_ports)
   local checks = require "checks"
-   local host_name = ""
   local trigger_alert = checks.isCheckEnabled("system", "vulnerability_scan") or false
   local host_hash_key = vs_utils.get_host_hash_key(host, scan_type)
   local old_data_string = ntop.getHashCache(host_to_scan_key, host_hash_key)
   local old_data = json.decode(old_data_string)
   -- Getting the hostname, the only way is to scan all the interfaces and retrieve it
-   host_name = ntop.resolveName(host)
+   local host_name = ntop.resolveName(host)
   if host_name == host then
      host_name = ""
   end
   -- In case the alert needs to be triggered, save the differences in order to lessen
   -- the info dropped on redis
-   -- if is_ok_last_scan is nil then no prior scan was done, so do not trigger the alert
-   if trigger_alert and old_data and (old_data.is_ok_last_scan == vs_utils.scan_status.ok) then
-      local host_info_to_cache = check_differences(host, host_name,
-                                    scan_type,
-                                    {
-                                       vulnerabilities = old_data.num_vulnerabilities_found,
-                                       ports = old_data.num_open_ports,
-                                       cve = old_data.cve,
-                                    },
-                                    {
-                                       vulnerabilities = num_vulnerabilities_found,
-                                       ports = num_open_ports,
-                                       cve = cve,
-                                    })
-      if host_info_to_cache then
-         ntop.rpushCache(scanned_hosts_changes_key, json.encode(host_info_to_cache))
+   if trigger_alert and old_data then
+      -- If this host was already scanned in the past, then it needs to have some of these data
+      local already_scanned = (old_data.ports) or (old_data.num_open_ports)
+                     or (old_data.num_vulnerabilities_found)
+      if already_scanned then
+         local host_info_to_cache = check_differences(host, host_name,
+                                       scan_type,
+                                       {
+                                          vulnerabilities = old_data.num_vulnerabilities_found,
+                                          ports = old_data.num_open_ports,
+                                          cve = old_data.cve,
+                                       },
+                                       {
+                                          vulnerabilities = num_vulnerabilities_found,
+                                          ports = num_open_ports,
+                                          cve = cve,
+                                       })
+         if host_info_to_cache then
+            ntop.rpushCache(scanned_hosts_changes_key, json.encode(host_info_to_cache))
+         end
      end
   end