Fix result fetching in monthly-report script

timopollmeier · timopollmeier · commit 5a1e625a8d7e · 2025-08-20T15:00:08.000+02:00
The result fetching in the monthly-report script is adjusted in the
following ways:
- The selected hosts now also include ones that were last updated
  after the requested month. Otherwise they would be missing
  even if they were also updated in the requested month.
- The number of results for a host is no longer limited by the
  "Rows per page" setting.
- Instead of counting all results, only the distinct vulnerabilities
  (VTs) are counted. The new counting method also considers only the
  latest occurrence of a vulnerability in case the severity level
  has changed in the meantime.

Overall, this should make the script behave more as expected.
The new result counts by distinct VT should be more informative than the
previous number that could be influenced by how many times a host was
scanned.
diff --git a/scripts/monthly-report-gos24.10.gmp.py b/scripts/monthly-report-gos24.10.gmp.py
@@ -36,7 +36,7 @@ def check_args(args: Namespace) -> None:
 def print_reports(gmp: Gmp, from_date: date, to_date: date) -> None:
     host_filter = (
         f"rows=-1 and modified>{from_date.isoformat()} "
-        f"and modified<{to_date.isoformat()}"
+        f"and created<{to_date.isoformat()}"
     )
 
     hosts_xml = gmp.get_hosts(filter_string=host_filter)
@@ -62,21 +62,37 @@ def print_reports(gmp: Gmp, from_date: date, to_date: date) -> None:
         hostname = hostnames[0]
 
         results = gmp.get_results(
-            details=False, filter_string=f"host={ip} and severity>0.0"
+            details=False,
+            filter_string=(
+                f"rows=-1 host={ip} and severity>0.0"
+                f" and modified>{from_date.isoformat()}"
+                f" and modified<{to_date.isoformat()}"
+            ),
         )
 
-        low = int(results.xpath('count(//result/threat[text()="Low"])'))
-        sum_low += low
+        unique_vt_results = results.xpath(
+            "result["
+            "  not (./nvt/@oid = preceding-sibling::result/nvt/@oid)"
+            "]"
+        )
+        if len(unique_vt_results) == 0:
+            continue
 
-        medium = int(results.xpath('count(//result/threat[text()="Medium"])'))
-        sum_medium += medium
+        low = medium = high = critical = 0
+        for result in unique_vt_results:
+            threat = result.findtext("threat")
+            if threat == "Critical":
+                critical += 1
+            elif threat == "High":
+                high += 1
+            elif threat == "Medium":
+                medium += 1
+            elif threat == "Low":
+                low += 1
 
-        high = int(results.xpath('count(//result/threat[text()="High"])'))
+        sum_low += low
+        sum_medium += medium
         sum_high += high
-
-        critical = int(
-            results.xpath('count(//result/threat[text()="Critical"])')
-        )
         sum_critical += critical
 
         best_os_cpe_report_id = host.xpath(
