Skip to content

Commit

Permalink
Merge pull request #1478 from greenbone/mergify/bp/master/pr-1477
Browse files Browse the repository at this point in the history 
Use CVSS severity in NVTs, vulns and results again (bp #1477)
  • Loading branch information
@timopollmeier
timopollmeier authored Apr 9, 2021
2 parents f265c61 + 41ed209 commit 95cfed4
Show file tree
Hide file tree
Showing 13 changed files with 235 additions and 356 deletions.
4 changes: 2 additions & 2 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
## [21.4] (unreleased)

### Added
- Extend GMP for extended severities [#1326](https://github.com/greenbone/gvmd/pull/1326) [#1329](https://github.com/greenbone/gvmd/pull/1329) [#1359](https://github.com/greenbone/gvmd/pull/1359) [#1371](https://github.com/greenbone/gvmd/pull/1371)
- Extend GMP for extended severities [#1326](https://github.com/greenbone/gvmd/pull/1326) [#1329](https://github.com/greenbone/gvmd/pull/1329) [#1359](https://github.com/greenbone/gvmd/pull/1359) [#1371](https://github.com/greenbone/gvmd/pull/1371) [#1477](https://github.com/greenbone/gvmd/pull/1477)
- Parameter `--db-user` to set a database user [#1327](https://github.com/greenbone/gvmd/pull/1327)
- Add `allow_simultaneous_ips` field for targets [#1346](https://github.com/greenbone/gvmd/pull/1346) [#1396](https://github.com/greenbone/gvmd/pull/1396)
- Speed up GET_VULNS [#1354](https://github.com/greenbone/gvmd/pull/1354) [#1355](https://github.com/greenbone/gvmd/pull/1354)
Expand All @@ -35,7 +35,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
- Move EXE credential generation to a Python script [#1260](https://github.com/greenbone/gvmd/pull/1260) [#1262](https://github.com/greenbone/gvmd/pull/1262)
- Clarify documentation for --scan-host parameter [#1277](https://github.com/greenbone/gvmd/pull/1277)
- In result iterator access severity directly if possible [#1321](https://github.com/greenbone/gvmd/pull/1321)
- Change SCAP and CERT data to use new severity scoring [#1333](https://github.com/greenbone/gvmd/pull/1333) [#1357](https://github.com/greenbone/gvmd/pull/1357) [#1365](https://github.com/greenbone/gvmd/pull/1365) [#1457](https://github.com/greenbone/gvmd/pull/1457)
- Change SCAP and CERT data to use "severity" consistently [#1333](https://github.com/greenbone/gvmd/pull/1333) [#1357](https://github.com/greenbone/gvmd/pull/1357) [#1365](https://github.com/greenbone/gvmd/pull/1365) [#1457](https://github.com/greenbone/gvmd/pull/1457) [#1476](https://github.com/greenbone/gvmd/pull/1476)
- Expect report format scripts to exit with code 0 [#1383](https://github.com/greenbone/gvmd/pull/1383)
- Send entire families to ospd-openvas using VT_GROUP [#1384](https://github.com/greenbone/gvmd/pull/1384)
- The internal list of current Local Security Checks for the 'Closed CVEs' feature was updated [#1381](https://github.com/greenbone/gvmd/pull/1381)
Expand Down
6 changes: 3 additions & 3 deletions CMakeLists.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -96,11 +96,11 @@ include (CPack)

## Variables

set (GVMD_DATABASE_VERSION 241)
set (GVMD_DATABASE_VERSION 242)

set (GVMD_SCAP_DATABASE_VERSION 17)
set (GVMD_SCAP_DATABASE_VERSION 18)

set (GVMD_CERT_DATABASE_VERSION 7)
set (GVMD_CERT_DATABASE_VERSION 8)

set (GMP_VERSION "21.10")
set (GMP_VERSION_FEED "21.10")
Expand Down
63 changes: 29 additions & 34 deletions src/gmp.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8958,28 +8958,26 @@ results_xml_append_nvt (iterator_t *results, GString *buffer, int cert_loaded)
{
if (g_str_has_prefix (oid, "CVE-"))
{
int score;
gchar *cvss_base;
gchar *severity;

cvss_base = cve_cvss_base (oid);
score = cve_score (oid);
severity = cve_cvss_base (oid);
buffer_xml_append_printf (buffer,
"<nvt oid=\"%s\">"
"<type>cve</type>"
"<name>%s</name>"
"<cvss_base>%s</cvss_base>"
"<severities score=\"%i\">"
"<severities score=\"%s\">"
"</severities>"
"<cpe id='%s'/>"
"<cve>%s</cve>"
"</nvt>",
oid,
oid,
cvss_base,
score,
severity ? severity : "",
severity ? severity : "",
result_iterator_port (results),
oid);
g_free (cvss_base);
g_free (severity);
return;
}

Expand All @@ -8990,6 +8988,7 @@ results_xml_append_nvt (iterator_t *results, GString *buffer, int cert_loaded)
gchar **split, **item;
get_data_t get;
iterator_t iterator;
const char *severity;

memset (&get, '\0', sizeof (get));
get.id = g_strdup (oid);
Expand All @@ -8998,19 +8997,19 @@ results_xml_append_nvt (iterator_t *results, GString *buffer, int cert_loaded)
assert (0);
if (!next (&iterator))
abort ();
severity = ovaldef_info_iterator_severity (&iterator);
buffer_xml_append_printf (buffer,
"<nvt oid=\"%s\">"
"<type>ovaldef</type>"
"<name>%s</name>"
"<family/>"
"<cvss_base>%s</cvss_base>"
"<severities score=\"%s\">"
"</severities>"
"<tags>summary=%s</tags>",
oid,
ovaldef_info_iterator_title (&iterator),
ovaldef_info_iterator_score (&iterator)
? ovaldef_info_iterator_score (&iterator)
: "",
severity ? severity : "",
severity ? severity : "",
ovaldef_info_iterator_description (&iterator));
g_free (get.id);
cleanup_iterator (&iterator);
Expand Down Expand Up @@ -9133,12 +9132,12 @@ results_xml_append_nvt (iterator_t *results, GString *buffer, int cert_loaded)
"<name>%s</name>"
"<family>%s</family>"
"<cvss_base>%s</cvss_base>"
"<severities score=\"%i\">",
"<severities score=\"%s\">",
oid,
result_iterator_nvt_name (results) ?: oid,
result_iterator_nvt_family (results) ?: "",
cvss_base ?: "",
result_iterator_nvt_score (results));
cvss_base ?: "");

init_nvt_severity_iterator (&severities, oid);
while (next (&severities))
Expand All @@ -9148,7 +9147,7 @@ results_xml_append_nvt (iterator_t *results, GString *buffer, int cert_loaded)
"<severity type=\"%s\">"
"<origin>%s</origin>"
"<date>%s</date>"
"<score>%i</score>"
"<score>%0.1f</score>"
"<value>%s</value>"
"</severity>",
nvt_severity_iterator_type (&severities),
Expand Down Expand Up @@ -9440,10 +9439,8 @@ buffer_results_xml (GString *buffer, iterator_t *results, task_t task,
buffer_xml_append_printf
(buffer,
"<severity>%.1f</severity>"
"<score>%i</score>"
"<qod><value>%s</value>",
result_iterator_severity_double (results),
result_iterator_score (results),
qod ? qod : "");

if (qod_type && strlen (qod_type))
Expand Down Expand Up @@ -13093,14 +13090,14 @@ handle_get_info (gmp_parser_t *gmp_parser, GError **error)
cpe_info_iterator_title (&info));
xml_string_append (result,
"<nvd_id>%s</nvd_id>"
"<score>%s</score>"
"<severity>%s</severity>"
"<cve_refs>%s</cve_refs>"
"<status>%s</status>",
cpe_info_iterator_nvd_id (&info)
? cpe_info_iterator_nvd_id (&info)
: "",
cpe_info_iterator_score (&info)
? cpe_info_iterator_score (&info)
cpe_info_iterator_severity (&info)
? cpe_info_iterator_severity (&info)
: "",
cpe_info_iterator_cve_refs (&info),
cpe_info_iterator_status (&info)
Expand Down Expand Up @@ -13143,12 +13140,12 @@ handle_get_info (gmp_parser_t *gmp_parser, GError **error)
{
xml_string_append (result,
"<cve>"
"<score>%s</score>"
"<severity>%s</severity>"
"<cvss_vector>%s</cvss_vector>"
"<description>%s</description>"
"<products>%s</products>",
cve_info_iterator_score (&info)
? cve_info_iterator_score (&info)
cve_info_iterator_severity (&info)
? cve_info_iterator_severity (&info)
: "",
cve_info_iterator_vector (&info),
cve_info_iterator_description (&info),
Expand Down Expand Up @@ -13224,16 +13221,16 @@ handle_get_info (gmp_parser_t *gmp_parser, GError **error)
"<status>%s</status>"
"<class>%s</class>"
"<title>%s</title>"
"<score>%s</score>"
"<severity>%s</severity>"
"<cve_refs>%s</cve_refs>"
"<file>%s</file>",
ovaldef_info_iterator_version (&info),
ovaldef_info_iterator_deprecated (&info),
ovaldef_info_iterator_status (&info),
ovaldef_info_iterator_class (&info),
ovaldef_info_iterator_title (&info),
ovaldef_info_iterator_score (&info)
? ovaldef_info_iterator_score (&info)
ovaldef_info_iterator_severity (&info)
? ovaldef_info_iterator_severity (&info)
: "",
ovaldef_info_iterator_cve_refs (&info),
ovaldef_info_iterator_file (&info));
Expand All @@ -13248,25 +13245,25 @@ handle_get_info (gmp_parser_t *gmp_parser, GError **error)
"<cert_bund_adv>"
"<title>%s</title>"
"<summary>%s</summary>"
"<score>%s</score>"
"<severity>%s</severity>"
"<cve_refs>%s</cve_refs>",
cert_bund_adv_info_iterator_title (&info),
cert_bund_adv_info_iterator_summary (&info),
cert_bund_adv_info_iterator_score(&info)
? cert_bund_adv_info_iterator_score(&info)
cert_bund_adv_info_iterator_severity(&info)
? cert_bund_adv_info_iterator_severity(&info)
: "",
cert_bund_adv_info_iterator_cve_refs (&info));
else if (g_strcmp0 ("dfn_cert_adv", get_info_data->type) == 0)
xml_string_append (result,
"<dfn_cert_adv>"
"<title>%s</title>"
"<summary>%s</summary>"
"<score>%s</score>"
"<severity>%s</severity>"
"<cve_refs>%s</cve_refs>",
dfn_cert_adv_info_iterator_title (&info),
dfn_cert_adv_info_iterator_summary (&info),
dfn_cert_adv_info_iterator_score(&info)
? dfn_cert_adv_info_iterator_score(&info)
dfn_cert_adv_info_iterator_severity(&info)
? dfn_cert_adv_info_iterator_severity(&info)
: "",
dfn_cert_adv_info_iterator_cve_refs (&info));
else if (g_strcmp0 ("nvt", get_info_data->type) == 0)
Expand Down Expand Up @@ -17776,15 +17773,13 @@ handle_get_vulns (gmp_parser_t *gmp_parser, GError **error)
"<creation_time>%s</creation_time>"
"<modification_time>%s</modification_time>"
"<severity>%1.1f</severity>"
"<score>%i</score>"
"<qod>%d</qod>",
get_iterator_uuid (&vulns),
get_iterator_name (&vulns),
vuln_iterator_type (&vulns),
get_iterator_creation_time (&vulns),
get_iterator_modification_time (&vulns),
vuln_iterator_severity (&vulns),
vuln_iterator_score (&vulns),
vuln_iterator_qod (&vulns));

// results for the vulnerability
Expand Down
8 changes: 5 additions & 3 deletions src/manage.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5575,7 +5575,7 @@ get_nvt_xml (iterator_t *nvts, int details, int pref_count,
"<category>%d</category>"
"<family>%s</family>"
"<cvss_base>%s</cvss_base>"
"<severities score=\"%i\">",
"<severities score=\"%s\">",
oid,
name_text,
get_iterator_creation_time (nvts)
Expand All @@ -5590,7 +5590,9 @@ get_nvt_xml (iterator_t *nvts, int details, int pref_count,
nvt_iterator_cvss_base (nvts)
? nvt_iterator_cvss_base (nvts)
: "",
nvt_iterator_score (nvts));
nvt_iterator_cvss_base (nvts)
? nvt_iterator_cvss_base (nvts)
: "");

init_nvt_severity_iterator (&severities, oid);
while (next (&severities))
Expand All @@ -5600,7 +5602,7 @@ get_nvt_xml (iterator_t *nvts, int details, int pref_count,
"<severity type=\"%s\">"
"<origin>%s</origin>"
"<date>%s</date>"
"<score>%i</score>"
"<score>%0.1f</score>"
"<value>%s</value>"
"</severity>",
nvt_severity_iterator_type (&severities),
Expand Down
27 changes: 6 additions & 21 deletions src/manage.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1409,9 +1409,6 @@ result_iterator_nvt_cvss_base (iterator_t *);
const char*
result_iterator_nvt_tag (iterator_t *);

int
result_iterator_nvt_score (iterator_t *);

const char*
result_iterator_descr (iterator_t*);

Expand All @@ -1433,9 +1430,6 @@ result_iterator_severity (iterator_t *);
double
result_iterator_severity_double (iterator_t *);

int
result_iterator_score (iterator_t *);

const char*
result_iterator_original_level (iterator_t*);

Expand Down Expand Up @@ -1851,9 +1845,6 @@ nvt_iterator_solution_type (iterator_t*);
const char*
nvt_iterator_solution_method (iterator_t*);

int
nvt_iterator_score (iterator_t *);

char*
nvt_default_timeout (const char *);

Expand Down Expand Up @@ -1992,7 +1983,7 @@ nvt_severity_iterator_origin (iterator_t *);
const char *
nvt_severity_iterator_date (iterator_t *);

int
double
nvt_severity_iterator_score (iterator_t *);

const char *
Expand Down Expand Up @@ -3150,7 +3141,7 @@ const char*
cpe_info_iterator_status (iterator_t*);

const char *
cpe_info_iterator_score (iterator_t*);
cpe_info_iterator_severity (iterator_t*);

const char*
cpe_info_iterator_deprecated_by_id (iterator_t*);
Expand All @@ -3170,7 +3161,7 @@ const char*
cve_iterator_cvss_score (iterator_t*);

const char*
cve_info_iterator_score (iterator_t*);
cve_info_iterator_severity (iterator_t*);

const char*
cve_info_iterator_vector (iterator_t*);
Expand All @@ -3190,9 +3181,6 @@ cve_info_count (const get_data_t *get);
gchar *
cve_cvss_base (const gchar *);

int
cve_score (const gchar *);

/* OVAL definitions */
int
init_ovaldef_info_iterator (iterator_t*, get_data_t*, const char*);
Expand Down Expand Up @@ -3222,7 +3210,7 @@ const char*
ovaldef_info_iterator_status (iterator_t*);

const char*
ovaldef_info_iterator_score (iterator_t*);
ovaldef_info_iterator_severity (iterator_t*);

const char*
ovaldef_info_iterator_cve_refs (iterator_t*);
Expand Down Expand Up @@ -3261,7 +3249,7 @@ const char*
cert_bund_adv_info_iterator_cve_refs (iterator_t*);

const char*
cert_bund_adv_info_iterator_score (iterator_t*);
cert_bund_adv_info_iterator_severity (iterator_t*);

void
init_cve_cert_bund_adv_iterator (iterator_t*, const char*, int, const char*);
Expand Down Expand Up @@ -3290,7 +3278,7 @@ const char*
dfn_cert_adv_info_iterator_cve_refs (iterator_t*);

const char*
dfn_cert_adv_info_iterator_score (iterator_t*);
dfn_cert_adv_info_iterator_severity (iterator_t*);

void
init_cve_dfn_cert_adv_iterator (iterator_t*, const char*, int, const char*);
Expand Down Expand Up @@ -3514,9 +3502,6 @@ vuln_iterator_hosts (iterator_t*);
double
vuln_iterator_severity (iterator_t*);

int
vuln_iterator_score (iterator_t*);

int
vuln_iterator_qod (iterator_t*);

Expand Down
Loading

0 comments on commit 95cfed4

Please sign in to comment.