Import of scan config fails with: Error in NVT_SELECTORS element

Hi everybody. First post, please be gentle.

We do a get_configs using gvm_cli with the id of a Scan Config and preferences, families and tasks set to true, it returns a xml string that starts with <get_configs_response> as stated in the documentation.

We save that string to a xml file

Then, we try to import it with a python-gvm script (see below).

The script fails with error: <create_config_response status=“400” status_text=“Error in NVT_SELECTORS element.”/>

Any hints of what’s happening?

We use v22.4 in Kali

userpass = ConfigParser()
userpass.read("/home/sensor/.config/gvm-tools.conf")
sconfig = open("../ScansETIC/ETICComplete.xml", 'r')
txt = sconfig.read()
with Gmp(connection=connection) as gmp:
    gmp.authenticate(userpass['gmp']['username'],userpass['gmp']['password'])
    ret = gmp.import_scan_config(txt)
    print(ret)

Sorry about my previous response, I just saw the import_scan_config() function should accept that <get_configs_response> XML root tag.

Looks like a bug importing. Maybe you can post the XML string for to understand.

However, there also appears to be a clone_scan_config() function which may allow you to complete your whole use-case from within python-gvm?

No offense taken, thank you for your time

The XML is quite large as it is a clone of Full & Fast. Let me think how I post that.

I don’t want to clone an existing Scan Config. We have to sites, and I’m preparing a synchronization script so when we change something both sites scan same things.

Can’t attach as file (I’m a new user) nor send as text as it is too large… just a minute

scanconfig-cef77ced-dc00-497e-972e-5466ec1c6f02.zip

Please, find the Scan Config here

I should say that I guess it is either a bug with the gvm-cli export or python-gvm import.

Can you import other scan-configs that have been exported from gvm-cli such as the Base scan config? I guess that you can since the python-gvm import is complaining about a specific XML element. Perhaps one of the VTs metadata, description, etc has some special character that breaks the standard XML protocol formatting.

Thanks again.
I’ll do some testing with simpler Scan Configs and update.

The whole XML itself is valid and well-formatted.
Here is the extracted <nvt_selectors> section from the XML, I guess it would be a problem with the python-gvm import_scan_config() function. Maybe it cannot read the whole string?

<nvt_selectors>
  <nvt_selector>
    <name>ac601cf5-1a5c-447e-be5f-b66d177f4674</name>
    <include>1</include>
    <type>2</type>
    <family_or_nvt>1.3.6.1.4.1.25623.1.0.14272</family_or_nvt>
  </nvt_selector>
  <nvt_selector>
    <name>ac601cf5-1a5c-447e-be5f-b66d177f4674</name>
    <include>1</include>
    <type>2</type>
    <family_or_nvt>1.3.6.1.4.1.25623.1.0.104000</family_or_nvt>
  </nvt_selector>
  <nvt_selector>
    <name>ac601cf5-1a5c-447e-be5f-b66d177f4674</name>
    <include>1</include>
    <type>2</type>
    <family_or_nvt>1.3.6.1.4.1.25623.1.0.14259</family_or_nvt>
  </nvt_selector>
  <nvt_selector>
    <name>ac601cf5-1a5c-447e-be5f-b66d177f4674</name>
    <include>1</include>
    <type>2</type>
    <family_or_nvt>1.3.6.1.4.1.25623.1.0.80001</family_or_nvt>
  </nvt_selector>
  <nvt_selector>
    <name>ac601cf5-1a5c-447e-be5f-b66d177f4674</name>
    <include>1</include>
    <type>2</type>
    <family_or_nvt>1.3.6.1.4.1.25623.1.0.10335</family_or_nvt>
  </nvt_selector>
  <nvt_selector>
    <name>ac601cf5-1a5c-447e-be5f-b66d177f4674</name>
    <include>1</include>
    <type>2</type>
    <family_or_nvt>1.3.6.1.4.1.25623.1.0.10796</family_or_nvt>
  </nvt_selector>
  <nvt_selector>
    <name>ac601cf5-1a5c-447e-be5f-b66d177f4674</name>
    <include>1</include>
    <type>2</type>
    <family_or_nvt>1.3.6.1.4.1.25623.1.0.11219</family_or_nvt>
  </nvt_selector>
  <nvt_selector>
    <name>ac601cf5-1a5c-447e-be5f-b66d177f4674</name>
    <include>1</include>
    <type>2</type>
    <family_or_nvt>1.3.6.1.4.1.25623.1.0.100315</family_or_nvt>
  </nvt_selector>
  <nvt_selector>
    <name>ac601cf5-1a5c-447e-be5f-b66d177f4674</name>
    <include>1</include>
    <type>2</type>
    <family_or_nvt>1.3.6.1.4.1.25623.1.0.14274</family_or_nvt>
  </nvt_selector>
  <nvt_selector>
    <name>ac601cf5-1a5c-447e-be5f-b66d177f4674</name>
    <include>1</include>
    <type>1</type>
    <family_or_nvt>AIX Local Security Checks</family_or_nvt>
  </nvt_selector>
  <nvt_selector>
    <name>ac601cf5-1a5c-447e-be5f-b66d177f4674</name>
    <include>1</include>
    <type>1</type>
    <family_or_nvt>Amazon Linux Local Security Checks</family_or_nvt>
  </nvt_selector>
  <nvt_selector>
    <name>ac601cf5-1a5c-447e-be5f-b66d177f4674</name>
    <include>1</include>
    <type>1</type>
    <family_or_nvt>Brute force attacks</family_or_nvt>
  </nvt_selector>
  <nvt_selector>
    <name>ac601cf5-1a5c-447e-be5f-b66d177f4674</name>
    <include>1</include>
    <type>1</type>
    <family_or_nvt>Buffer overflow</family_or_nvt>
  </nvt_selector>
  <nvt_selector>
    <name>ac601cf5-1a5c-447e-be5f-b66d177f4674</name>
    <include>1</include>
    <type>1</type>
    <family_or_nvt>CISCO</family_or_nvt>
  </nvt_selector>
  <nvt_selector>
    <name>ac601cf5-1a5c-447e-be5f-b66d177f4674</name>
    <include>1</include>
    <type>1</type>
    <family_or_nvt>CentOS Local Security Checks</family_or_nvt>
  </nvt_selector>
  <nvt_selector>
    <name>ac601cf5-1a5c-447e-be5f-b66d177f4674</name>
    <include>1</include>
    <type>1</type>
    <family_or_nvt>Citrix Xenserver Local Security Checks</family_or_nvt>
  </nvt_selector>
  <nvt_selector>
    <name>ac601cf5-1a5c-447e-be5f-b66d177f4674</name>
    <include>1</include>
    <type>1</type>
    <family_or_nvt>Compliance</family_or_nvt>
  </nvt_selector>
  <nvt_selector>
    <name>ac601cf5-1a5c-447e-be5f-b66d177f4674</name>
    <include>1</include>
    <type>1</type>
    <family_or_nvt>Databases</family_or_nvt>
  </nvt_selector>
  <nvt_selector>
    <name>ac601cf5-1a5c-447e-be5f-b66d177f4674</name>
    <include>1</include>
    <type>1</type>
    <family_or_nvt>Debian Local Security Checks</family_or_nvt>
  </nvt_selector>
  <nvt_selector>
    <name>ac601cf5-1a5c-447e-be5f-b66d177f4674</name>
    <include>1</include>
    <type>1</type>
    <family_or_nvt>Default Accounts</family_or_nvt>
  </nvt_selector>
  <nvt_selector>
    <name>ac601cf5-1a5c-447e-be5f-b66d177f4674</name>
    <include>1</include>
    <type>1</type>
    <family_or_nvt>Denial of Service</family_or_nvt>
  </nvt_selector>
  <nvt_selector>
    <name>ac601cf5-1a5c-447e-be5f-b66d177f4674</name>
    <include>1</include>
    <type>1</type>
    <family_or_nvt>F5 Local Security Checks</family_or_nvt>
  </nvt_selector>
  <nvt_selector>
    <name>ac601cf5-1a5c-447e-be5f-b66d177f4674</name>
    <include>1</include>
    <type>1</type>
    <family_or_nvt>FTP</family_or_nvt>
  </nvt_selector>
  <nvt_selector>
    <name>ac601cf5-1a5c-447e-be5f-b66d177f4674</name>
    <include>1</include>
    <type>1</type>
    <family_or_nvt>Fedora Local Security Checks</family_or_nvt>
  </nvt_selector>
  <nvt_selector>
    <name>ac601cf5-1a5c-447e-be5f-b66d177f4674</name>
    <include>1</include>
    <type>1</type>
    <family_or_nvt>FortiOS Local Security Checks</family_or_nvt>
  </nvt_selector>
  <nvt_selector>
    <name>ac601cf5-1a5c-447e-be5f-b66d177f4674</name>
    <include>1</include>
    <type>1</type>
    <family_or_nvt>FreeBSD Local Security Checks</family_or_nvt>
  </nvt_selector>
  <nvt_selector>
    <name>ac601cf5-1a5c-447e-be5f-b66d177f4674</name>
    <include>1</include>
    <type>1</type>
    <family_or_nvt>Gain a shell remotely</family_or_nvt>
  </nvt_selector>
  <nvt_selector>
    <name>ac601cf5-1a5c-447e-be5f-b66d177f4674</name>
    <include>1</include>
    <type>1</type>
    <family_or_nvt>Gentoo Local Security Checks</family_or_nvt>
  </nvt_selector>
  <nvt_selector>
    <name>ac601cf5-1a5c-447e-be5f-b66d177f4674</name>
    <include>1</include>
    <type>1</type>
    <family_or_nvt>HP-UX Local Security Checks</family_or_nvt>
  </nvt_selector>
  <nvt_selector>
    <name>ac601cf5-1a5c-447e-be5f-b66d177f4674</name>
    <include>1</include>
    <type>1</type>
    <family_or_nvt>Huawei</family_or_nvt>
  </nvt_selector>
  <nvt_selector>
    <name>ac601cf5-1a5c-447e-be5f-b66d177f4674</name>
    <include>1</include>
    <type>1</type>
    <family_or_nvt>Huawei EulerOS Local Security Checks</family_or_nvt>
  </nvt_selector>
  <nvt_selector>
    <name>ac601cf5-1a5c-447e-be5f-b66d177f4674</name>
    <include>1</include>
    <type>1</type>
    <family_or_nvt>IT-Grundschutz</family_or_nvt>
  </nvt_selector>
  <nvt_selector>
    <name>ac601cf5-1a5c-447e-be5f-b66d177f4674</name>
    <include>1</include>
    <type>1</type>
    <family_or_nvt>IT-Grundschutz-15</family_or_nvt>
  </nvt_selector>
  <nvt_selector>
    <name>ac601cf5-1a5c-447e-be5f-b66d177f4674</name>
    <include>1</include>
    <type>1</type>
    <family_or_nvt>IT-Grundschutz-deprecated</family_or_nvt>
  </nvt_selector>
  <nvt_selector>
    <name>ac601cf5-1a5c-447e-be5f-b66d177f4674</name>
    <include>1</include>
    <type>1</type>
    <family_or_nvt>JunOS Local Security Checks</family_or_nvt>
  </nvt_selector>
  <nvt_selector>
    <name>ac601cf5-1a5c-447e-be5f-b66d177f4674</name>
    <include>1</include>
    <type>1</type>
    <family_or_nvt>Mac OS X Local Security Checks</family_or_nvt>
  </nvt_selector>
  <nvt_selector>
    <name>ac601cf5-1a5c-447e-be5f-b66d177f4674</name>
    <include>1</include>
    <type>1</type>
    <family_or_nvt>Mageia Linux Local Security Checks</family_or_nvt>
  </nvt_selector>
  <nvt_selector>
    <name>ac601cf5-1a5c-447e-be5f-b66d177f4674</name>
    <include>1</include>
    <type>1</type>
    <family_or_nvt>Malware</family_or_nvt>
  </nvt_selector>
  <nvt_selector>
    <name>ac601cf5-1a5c-447e-be5f-b66d177f4674</name>
    <include>1</include>
    <type>1</type>
    <family_or_nvt>Mandrake Local Security Checks</family_or_nvt>
  </nvt_selector>
  <nvt_selector>
    <name>ac601cf5-1a5c-447e-be5f-b66d177f4674</name>
    <include>1</include>
    <type>1</type>
    <family_or_nvt>Nmap NSE</family_or_nvt>
  </nvt_selector>
  <nvt_selector>
    <name>ac601cf5-1a5c-447e-be5f-b66d177f4674</name>
    <include>1</include>
    <type>1</type>
    <family_or_nvt>Nmap NSE net</family_or_nvt>
  </nvt_selector>
  <nvt_selector>
    <name>ac601cf5-1a5c-447e-be5f-b66d177f4674</name>
    <include>1</include>
    <type>1</type>
    <family_or_nvt>Oracle Linux Local Security Checks</family_or_nvt>
  </nvt_selector>
  <nvt_selector>
    <name>ac601cf5-1a5c-447e-be5f-b66d177f4674</name>
    <include>1</include>
    <type>1</type>
    <family_or_nvt>Palo Alto PAN-OS Local Security Checks</family_or_nvt>
  </nvt_selector>
  <nvt_selector>
    <name>ac601cf5-1a5c-447e-be5f-b66d177f4674</name>
    <include>1</include>
    <type>1</type>
    <family_or_nvt>Peer-To-Peer File Sharing</family_or_nvt>
  </nvt_selector>
  <nvt_selector>
    <name>ac601cf5-1a5c-447e-be5f-b66d177f4674</name>
    <include>1</include>
    <type>1</type>
    <family_or_nvt>Policy</family_or_nvt>
  </nvt_selector>
  <nvt_selector>
    <name>ac601cf5-1a5c-447e-be5f-b66d177f4674</name>
    <include>1</include>
    <type>1</type>
    <family_or_nvt>Privilege escalation</family_or_nvt>
  </nvt_selector>
  <nvt_selector>
    <name>ac601cf5-1a5c-447e-be5f-b66d177f4674</name>
    <include>1</include>
    <type>1</type>
    <family_or_nvt>Product detection</family_or_nvt>
  </nvt_selector>
  <nvt_selector>
    <name>ac601cf5-1a5c-447e-be5f-b66d177f4674</name>
    <include>1</include>
    <type>1</type>
    <family_or_nvt>RPC</family_or_nvt>
  </nvt_selector>
  <nvt_selector>
    <name>ac601cf5-1a5c-447e-be5f-b66d177f4674</name>
    <include>1</include>
    <type>1</type>
    <family_or_nvt>Red Hat Local Security Checks</family_or_nvt>
  </nvt_selector>
  <nvt_selector>
    <name>ac601cf5-1a5c-447e-be5f-b66d177f4674</name>
    <include>1</include>
    <type>1</type>
    <family_or_nvt>Remote file access</family_or_nvt>
  </nvt_selector>
  <nvt_selector>
    <name>ac601cf5-1a5c-447e-be5f-b66d177f4674</name>
    <include>1</include>
    <type>1</type>
    <family_or_nvt>SMTP problems</family_or_nvt>
  </nvt_selector>
  <nvt_selector>
    <name>ac601cf5-1a5c-447e-be5f-b66d177f4674</name>
    <include>1</include>
    <type>1</type>
    <family_or_nvt>SNMP</family_or_nvt>
  </nvt_selector>
  <nvt_selector>
    <name>ac601cf5-1a5c-447e-be5f-b66d177f4674</name>
    <include>1</include>
    <type>1</type>
    <family_or_nvt>SSL and TLS</family_or_nvt>
  </nvt_selector>
  <nvt_selector>
    <name>ac601cf5-1a5c-447e-be5f-b66d177f4674</name>
    <include>1</include>
    <type>1</type>
    <family_or_nvt>Service detection</family_or_nvt>
  </nvt_selector>
  <nvt_selector>
    <name>ac601cf5-1a5c-447e-be5f-b66d177f4674</name>
    <include>1</include>
    <type>1</type>
    <family_or_nvt>Settings</family_or_nvt>
  </nvt_selector>
  <nvt_selector>
    <name>ac601cf5-1a5c-447e-be5f-b66d177f4674</name>
    <include>1</include>
    <type>1</type>
    <family_or_nvt>Slackware Local Security Checks</family_or_nvt>
  </nvt_selector>
  <nvt_selector>
    <name>ac601cf5-1a5c-447e-be5f-b66d177f4674</name>
    <include>1</include>
    <type>1</type>
    <family_or_nvt>Solaris Local Security Checks</family_or_nvt>
  </nvt_selector>
  <nvt_selector>
    <name>ac601cf5-1a5c-447e-be5f-b66d177f4674</name>
    <include>1</include>
    <type>1</type>
    <family_or_nvt>SuSE Local Security Checks</family_or_nvt>
  </nvt_selector>
  <nvt_selector>
    <name>ac601cf5-1a5c-447e-be5f-b66d177f4674</name>
    <include>1</include>
    <type>1</type>
    <family_or_nvt>Ubuntu Local Security Checks</family_or_nvt>
  </nvt_selector>
  <nvt_selector>
    <name>ac601cf5-1a5c-447e-be5f-b66d177f4674</name>
    <include>1</include>
    <type>1</type>
    <family_or_nvt>Useless services</family_or_nvt>
  </nvt_selector>
  <nvt_selector>
    <name>ac601cf5-1a5c-447e-be5f-b66d177f4674</name>
    <include>1</include>
    <type>1</type>
    <family_or_nvt>VMware Local Security Checks</family_or_nvt>
  </nvt_selector>
  <nvt_selector>
    <name>ac601cf5-1a5c-447e-be5f-b66d177f4674</name>
    <include>1</include>
    <type>1</type>
    <family_or_nvt>Web Servers</family_or_nvt>
  </nvt_selector>
  <nvt_selector>
    <name>ac601cf5-1a5c-447e-be5f-b66d177f4674</name>
    <include>1</include>
    <type>1</type>
    <family_or_nvt>Web application abuses</family_or_nvt>
  </nvt_selector>
  <nvt_selector>
    <name>ac601cf5-1a5c-447e-be5f-b66d177f4674</name>
    <include>1</include>
    <type>1</type>
    <family_or_nvt>Windows</family_or_nvt>
  </nvt_selector>
  <nvt_selector>
    <name>ac601cf5-1a5c-447e-be5f-b66d177f4674</name>
    <include>1</include>
    <type>1</type>
    <family_or_nvt>Windows : Microsoft Bulletins</family_or_nvt>
  </nvt_selector>
  <nvt_selector>
    <name>ac601cf5-1a5c-447e-be5f-b66d177f4674</name>
    <include>1</include>
    <type>1</type>
    <family_or_nvt>General</family_or_nvt>
  </nvt_selector>
</nvt_selectors>

I don’t know if this will be helpful to you as the OP, but…

So, as for a traceback on this error: Error in NVT_SELECTORS element. - it looks like that GVMD will return this error when the error code is -3 as seen in the link.

Traceback on that will point to the /gvmd/src/manage_sql_configs.c => insert_nvt_selectors() function. It will return -3 error code when selectors == NULL or when a selector doesn’t have a type set. Looking at the XML there is a type set for all items.

The config data is parsed from the XML content from the function parse_config_entity() to the variable import_nvt_selectors.

Maybe some problem parsing the nvt_selectors in that code That’s all I can figure out so far. :D.

Your time is much appreciated. Thanks!
We have solved it by exporting with gvm-script instead of gvm-cli. Don’t really know what was the difference. It can easily be something on our code.

Regards,
Àlex

Glad to hear it’s resolved.