Add: Tooling for documentation manual and NASL man (#1194)

* Initial documentation scheme

This PR introduces a documentation scheme, which has the goal to centralize the documentation of openvas, including a complete description of NASL

* Add: Base documentation Tools

This PR adds tools, which allows to generate a HTML Page from the complete documentation and man pages of NASL library functions and programs within the OpenVAS project

The man-pages for the nasl library can be generated with './man.sh' or 'make nasl-man' (after build).

A HTML documentation can be generated with './html.sh' or 'make manual' (after build). It contains also the man pages as well as the redis documentation. In addition it contains a few discriptions of NASL built-in functions.

CMakeLists.txt

@@ -193,14 +193,12 @@ message ("-- Install prefix: ${CMAKE_INSTALL_PREFIX}")
 set (OPENVAS_VERSION "${PROJECT_VERSION_STRING}")
 
 # Configure Doxyfile with version number
-configure_file (doc/Doxyfile.in doc/Doxyfile @ONLY)
-configure_file (doc/Doxyfile_full.in doc/Doxyfile_full @ONLY)
-configure_file (doc/Doxyfile_xml.in doc/Doxyfile_xml @ONLY)
-configure_file (doc/openvas.8.in doc/openvas.8 @ONLY)
+configure_file (doc/man/openvas.8.in doc/man/openvas.8 @ONLY)
 configure_file (VERSION.in VERSION @ONLY)
 configure_file (tools/greenbone-nvt-sync.in tools/greenbone-nvt-sync @ONLY)
 configure_file (src/openvas_log_conf.cmake_in src/openvas_log.conf)
 
+
 ## Testing
 
 enable_testing ()

INSTALL.md

@@ -29,7 +29,7 @@ Prerequisites:
 
 Prerequisites for building documentation:
 * Doxygen
-* xmltoman (optional, for building man page)
+* pandoc (optional, for building manual and man pages for NASL built-in functions)
 
 Prerequisites for building tests:
 * Cgreen (optional, for building tests)
@@ -83,18 +83,21 @@ This only needs to be done once.
 
 Other cmake variables need to be adjusted as well if you want to have all files in CMAKE_INSTALL_PREFIX or in the default installation path `/usr/local`. They can be added to the `cmake` call with `-D<var_name>=<install_prefix><default_value>`.
 
-| Variable               | Default                              |
-| ---------------------- |:-------------------------------------|
-| SYSCONFDIR             |  `/etc`                              |
-| LOCALSTATEDIR          |  `/var`                              |
-| OPENVAS_FEED_LOCK_PATH |  `/var/lib/openvas/feed-update.lock` |
-| OPENVAS_RUN_DIR        |  `/run/ospd`                         |
+| Variable               | Default                             |
+| ---------------------- | :---------------------------------- |
+| SYSCONFDIR             | `/etc`                              |
+| LOCALSTATEDIR          | `/var`                              |
+| OPENVAS_FEED_LOCK_PATH | `/var/lib/openvas/feed-update.lock` |
+| OPENVAS_RUN_DIR        | `/run/ospd`                         |
 
 Thereafter, the following commands are useful:
 
     make                # build the scanner
-    make doc            # build the documentation
-    make doc-full       # build more developer-oriented documentation
+    make doxygen        # build the documentation
+    make doxygen-full   # build more developer-oriented documentation
+    make doxygen-xml    # build the documentation (XML)
+    make manual         # build a HTML manual
+    make nasl-man       # build man pages for NASL built-in functions
     make tests          # build tests
     make install        # install the build
     make rebuild_cache  # rebuild the cmake cache

doc/CMakeLists.txt

@@ -23,27 +23,46 @@ include (FindDoxygen)
 if (NOT DOXYGEN_EXECUTABLE)
   message (STATUS "WARNING: Doxygen is required to build the HTML docs.")
 else (NOT DOXYGEN_EXECUTABLE)
-  add_custom_target (doc COMMENT "Building documentation..."
+  configure_file (Doxyfile.in Doxyfile @ONLY)
+  configure_file (Doxyfile_full.in Doxyfile_full @ONLY)
+  configure_file (Doxyfile_xml.in Doxyfile_xml @ONLY)
+
+  add_custom_target (doxygen COMMENT "Building documentation..."
     DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/Doxyfile ${CMAKE_CURRENT_BINARY_DIR}/.built-html)
 
   add_custom_command (OUTPUT .built-html
     COMMAND sh
     ARGS -c \"${DOXYGEN_EXECUTABLE} ${CMAKE_CURRENT_BINARY_DIR}/Doxyfile && touch ${CMAKE_CURRENT_BINARY_DIR}/.built-html\;\"
     DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/Doxyfile)
 
-  add_custom_target (doc-full COMMENT "Building documentation..."
+  add_custom_target (doxygen-full COMMENT "Building documentation..."
     DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/Doxyfile_full ${CMAKE_CURRENT_BINARY_DIR}/.built-html_full)
 
   add_custom_command (OUTPUT .built-html_full
     COMMAND sh
     ARGS -c \"${DOXYGEN_EXECUTABLE} ${CMAKE_CURRENT_BINARY_DIR}/Doxyfile_full && touch ${CMAKE_CURRENT_BINARY_DIR}/.built-html_full\;\"
     DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/Doxyfile_full)
 
-  add_custom_target (doc-xml COMMENT "Building documentation (XML)..."
+  add_custom_target (doxygen-xml COMMENT "Building documentation (XML)..."
     DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/Doxyfile_xml ${CMAKE_CURRENT_BINARY_DIR}/.built-xml)
 
   add_custom_command (OUTPUT .built-xml
     COMMAND sh
     ARGS -c \"${DOXYGEN_EXECUTABLE} ${CMAKE_CURRENT_BINARY_DIR}/Doxyfile_xml && touch ${CMAKE_CURRENT_BINARY_DIR}/.built-xml\;\"
     DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/Doxyfile_xml)
 endif (NOT DOXYGEN_EXECUTABLE)
+
+
+find_program(PANDOC pandoc)
+
+if (NOT PANDOC)
+  message(STATUS "WARNING: pandoc is required to build the HTML user manual.")
+else (NOT PANDOC)
+  configure_file(man.sh man.sh @ONLY)
+  configure_file(html.sh html.sh @ONLY)
+  file(COPY manual DESTINATION .)
+  file(COPY templates DESTINATION .)
+
+  add_custom_target(manual COMMAND ${CMAKE_CURRENT_BINARY_DIR}/html.sh)
+  add_custom_target(nasl-man COMMAND ${CMAKE_CURRENT_BINARY_DIR}/man.sh)
+endif (NOT PANDOC)

doc/README.md

@@ -0,0 +1,12 @@
+# OpenVAS Documentation (WORK IN PROGRESS)
+The new documentation is still a WORK IN PROGRESS!!
+
+The documentation of this project contains three parts:
+1. Doxygen
+It is used as a documentation of the internal c library. To build the doxygen documentation call `make doxygen-full`.
+
+2. Man
+In the man folder you can find man pages of the executables of the project. These are automatically installed when calling `make install`. Additionally it is possible to generate man pages of the built-in nasl functions. These can be generated with `make nasl-man`. Be aware that those are currently not automatically installed and pandoc is required in order to be able to generate those.
+
+3. Manual
+It is also possible to generate a general purpose manual of the openvas project. The manual can be generated with `make manual` and contains various information about the OpenVAS project including the NASL-documentation. Also for this pandoc is required.

doc/html.sh

@@ -0,0 +1,118 @@
+#!/bin/bash
+
+make_entry() {
+    toc="$toc<li>"
+
+    line=$(head -n 1 "$entry")
+    title=${line:2}
+
+    link=$entry
+    link=${link//manual/html}
+    link=${link//.md/.html}
+    link=${link#"$root_dir_prefix"}
+
+    toc="$toc<a href=%ROOT%$link>$title</a>"
+
+    toc="$toc</li>"
+}
+
+recursive_toc() {
+    if [ $first == 0 ]; then
+        first=1
+        toc="$toc<ul class=\"collapsible\">" 
+        entry="$search_dir"/index.md
+        make_entry
+        toc="$toc</ul>"
+    fi
+    for entry in "$search_dir"/*
+    do
+        toc="$toc<ul class=\"collapsible\">"     
+        # In case of folder iterate through it
+        if [[ -d $entry ]]; then
+            search_dir="$entry"
+            entry="$entry"/index.md
+            make_entry
+            entry=${entry//\/index.md/""}
+            recursive_toc
+        # Else make an entry for the file
+        elif [[ -f $entry ]]; then
+            filename="$(basename -- $entry)"
+            if [ $filename != index.md ]; then
+                make_entry
+            fi
+        fi
+        toc="$toc</ul>"
+    done
+}
+
+create_html_dict() {
+    dict=$entry
+    dict=${dict//manual/html}
+    mkdir $dict
+}
+
+make_html() {
+    content=$(pandoc -f markdown -t html $entry)
+    content=${content//.md/.html}
+
+    head_name=$(head -n 1 $entry)
+    head_name=${head_name//\# /}
+
+    html=$template
+    html=${html//\%TITLE\%/${head_name}}
+    html=${html//\%CSS\%/${root_dir}${css_path}}
+    html=${html//\%JS\%/${root_dir}${js_path}}
+    toc_relative=${toc//\%ROOT\%/${root_dir}}
+    html=${html//\%TOC\%/${toc_relative}}
+    html=${html//\%CONTENT\%/${content}}
+
+    file=$entry
+    file=${file//manual/html}
+    file=${file//.md/.html}
+
+    echo "$html" > "$file"
+}
+
+recursive_html() {
+    for entry in "$search_dir"/*
+    do 
+        # In case of folder iterate through it
+        if [[ -d $entry ]]; then
+            create_html_dict
+            search_dir="$entry"
+            root_dir="$root_dir../"
+            recursive_html
+            root_dir=${root_dir%"../"}
+        # Else make an entry for the file
+        elif [[ -f $entry ]]; then
+            filename="$(basename -- $entry)"
+            make_html
+        fi
+    done
+}
+
+rm -rf html
+mkdir html
+mkdir html/css
+mkdir html/js
+
+first=0
+base_dir=$( cd "$(dirname "${BASH_SOURCE[0]}")" ; pwd -P )/
+template=$(<templates/template.html)
+root_dir=""
+root_dir_prefix="$base_dir"html/
+
+cp templates/style.css html/css/
+css_path=css/style.css
+cp templates/script.js html/js/
+js_path=js/script.js
+
+toc=""
+
+search_dir="$base_dir"manual
+recursive_toc
+
+search_dir="$base_dir"manual
+recursive_html
+
+exit 0

doc/man.sh

@@ -0,0 +1,45 @@
+#!/bin/bash
+
+version=0.1
+date=$(date +"%B %Y")
+
+make_man () {
+    head_name=$(head -n 1 $entry)
+    head_name=${head_name//\# /}
+
+    file=$(tail -n +3 $entry)
+    file=${file//\#\# /\# }
+    file="% $head_name($file_ext) Version 1.0 | OpenVAS User Manual"$'\n'$file
+
+    filename=${filename//.md/.${file_ext}}
+
+    echo "$file" | pandoc --standalone -f markdown -t man -o $man_dir/$filename /dev/stdin
+}
+
+recursive_functions () {
+    for entry in "$search_dir"/*
+    do 
+        # In case of folder iterate through it
+        if [[ -d $entry ]]; then
+            search_dir="$entry"
+            recursive_functions
+        # Else make an entry for the file
+        elif [[ -f $entry ]]; then
+            filename="$(basename -- $entry)"
+            if [ $filename != index.md ] && [ $filename ]; then
+                make_man
+            fi
+        fi
+    done
+}
+
+rm -rf man
+mkdir man
+
+base_dir=$( cd "$(dirname "${BASH_SOURCE[0]}")" ; pwd -P )
+search_dir="$base_dir"/manual/nasl/built-in-functions
+man_dir="$base_dir"/man
+file_ext="3"
+recursive_functions
+
+exit 0

doc/openvas.8.in → doc/man/openvas.8.in

@@ -100,12 +100,6 @@ This is the default range of ports that the scanner plugins will probe. The synt
 .IP test_alive_hosts_only
 If this option is set to 'yes', openvas will scan the target list for alive hosts in a separate process while only testing those hosts which are identified as alive. This boosts the scan speed of target ranges with a high amount of dead hosts significantly.   
 
-.IP alive_test_ports
-Preference to set the port list for the TCP SYN and TCP ACK alive test methods. This setting overwrites the default port list: "21-23,25,53,80,110-111,135,139,143,443,445,993,995,1723,3306,3389,5900,8080".
-
-.IP test_alive_wait_timeout
-This option is to set how long (in sec) Boreas (alive test) waits for replies after last packet was sent. Default: 3 seconds
-
 .IP optimize_test
 By default, optimize_test is enabled which means openvas does trust the remote host banners and is only launching plugins against the services they have been designed to check. For example it will check a web server claiming to be IIS only for IIS related flaws but will skip plugins testing for Apache flaws, and so on. This default behavior is used to optimize the scanning performance and to avoid false positives. If you are not sure that the banners of the remote host have been tampered with, you can disable this option.
 

doc/manual/greenbone-nvt-sync.md

@@ -0,0 +1,38 @@
+# greenbone-nvt-sync
+
+## NAME
+
+greenbone-nvt-sync - updates the OpenVAS NVTs from Greenbone Security
+Feed or Community Feed
+
+## SYNOPSIS
+
+**greenbone-nvt-sync**
+
+## DESCRIPTION
+
+The **OpenVAS Scanner** performs several security checks. These are
+called Network Vulnerability Tests (NVTs) and are implemented in the
+programming language NASL. Some NVTs are wrappers for external tools. As
+new vulnerabilities are published every day, new NVTs appear in the
+Greenbone Security Feed. This feed is commercial and requires a
+respective subscription key. In case no subscription key is present, the
+update synchronisation will use the Community Feed instead.
+
+\
+The script **greenbone-nvt-sync** will fetch all new and updated
+security checks and install them at the proper location. Once this is
+done OpenVAS Scanner, openvas(1) will automatically detect that new and
+updated NVTs are present and consider them for next activities.
+
+## SEE ALSO
+
+**[openvas(1)](openvas/openvas.md)**
+
+## AUTHOR
+
+This manual page was written by Jan-Oliver Wagner
+\<jan-oliver.wagner@greenbone.net\>.
+
+The **greenbone-nvt-sync** script was written by Greenbone Networks
+GmbH.

doc/manual/index.md

@@ -0,0 +1,15 @@
+# Introduction
+
+## GENERAL
+
+This documentation is meant to get the new standard for the OpenVAS documentation. It will contain general information about different parts of the project, as well as a technical description of the language NASL with its grammar and library functions. In the current state this documentation is far from complete and will fill up by time.
+
+## SUMMARY
+
+OpenVAS is a project containing several parts and programs. In general there are two main parts: the OpenVAS Scanner and NASL. The OpenVAS Scanner is more like an engine consisting of a scan management part, which manages different hosts and plugins. Plugins are scripts, interpreted by the NASL interpreter. There is also a standalone program, which allows to run NASL scripts directly without having a running scan.
+
+To run a scan additional programs are needed. Currently the best way is to use the [Greenbone Vulnerability Manager](https://github.com/greenbone/gvmd), [Greenbone Security Assistant](https://github.com/greenbone/gsa)/[Greenbone Security Assistant HTTP server](https://github.com/greenbone/gsad) and [OSPD-OpenVAS](https://github.com/greenbone/ospd-openvas)
+
+## SEE ALSO
+
+**[openvas](openvas/index.md)**, **[NASL](nasl/index.md)**

doc/manual/nasl/built-in-functions/index.md

@@ -0,0 +1,5 @@
+# Built-in Functions
+
+## GENERAL
+
+The NASL language contains a collection of built-in functions to provide many tools to detect vulnerabilities of a network device.

doc/manual/nasl/built-in-functions/knowledge-base/get_host_kb_index.md

@@ -0,0 +1,26 @@
+# get_host_kb_index
+
+## NAME
+
+**get_host_kb_index** - Get the KB index of the host running the current script
+
+## SYNOPSIS
+
+*int* **get_host_kb_index**(name: *string*, value: *any*);
+
+**get_host_kb_index** takes no arguments
+
+
+## DESCRIPTION
+
+This function will return the index number of the currently used Redis Database. This index belongs to the host, which is currently scanned.
+
+
+## RETURN VALUE
+
+KB index, *int* or None, when redis index cannot be determined
+
+
+## SEE ALSO
+
+**[get_kb_item(3)](get_kb_item.md)**, **[get_kb_list(3)](get_kb_list.md)**, **[replace_kb_item(3)](replace_kb_item.md)**, **[set_kb_item(3)](set_kb_item.md)**, **[openvas-nasl(1)](../../openvas-nasl.md)**