Use CVSS severity in NVTs, vulns and results again

The integer score elements have been removed and the new severities
element in NVTs now uses the CVSS scale for scores.

CMakeLists.txt

@@ -96,7 +96,7 @@ include (CPack)
 
 ## Variables
 
-set (GVMD_DATABASE_VERSION 241)
+set (GVMD_DATABASE_VERSION 242)
 
 set (GVMD_SCAP_DATABASE_VERSION 18)
 

src/gmp.c

@@ -9132,12 +9132,12 @@ results_xml_append_nvt (iterator_t *results, GString *buffer, int cert_loaded)
                                     "<name>%s</name>"
                                     "<family>%s</family>"
                                     "<cvss_base>%s</cvss_base>"
-                                    "<severities score=\"%i\">",
+                                    "<severities score=\"%s\">",
                                     oid,
                                     result_iterator_nvt_name (results) ?: oid,
                                     result_iterator_nvt_family (results) ?: "",
                                     cvss_base ?: "",
-                                    result_iterator_nvt_score (results));
+                                    cvss_base ?: "");
 
           init_nvt_severity_iterator (&severities, oid);
           while (next (&severities))
@@ -9147,7 +9147,7 @@ results_xml_append_nvt (iterator_t *results, GString *buffer, int cert_loaded)
                    "<severity type=\"%s\">"
                    "<origin>%s</origin>"
                    "<date>%s</date>"
-                   "<score>%i</score>"
+                   "<score>%0.1f</score>"
                    "<value>%s</value>"
                    "</severity>",
                    nvt_severity_iterator_type (&severities),
@@ -9439,10 +9439,8 @@ buffer_results_xml (GString *buffer, iterator_t *results, task_t task,
   buffer_xml_append_printf
    (buffer,
     "<severity>%.1f</severity>"
-    "<score>%i</score>"
     "<qod><value>%s</value>",
     result_iterator_severity_double (results),
-    result_iterator_score (results),
     qod ? qod : "");
 
   if (qod_type && strlen (qod_type))
@@ -17775,15 +17773,13 @@ handle_get_vulns (gmp_parser_t *gmp_parser, GError **error)
                                "<creation_time>%s</creation_time>"
                                "<modification_time>%s</modification_time>"
                                "<severity>%1.1f</severity>"
-                               "<score>%i</score>"
                                "<qod>%d</qod>",
                                get_iterator_uuid (&vulns),
                                get_iterator_name (&vulns),
                                vuln_iterator_type (&vulns),
                                get_iterator_creation_time (&vulns),
                                get_iterator_modification_time (&vulns),
                                vuln_iterator_severity (&vulns),
-                               vuln_iterator_score (&vulns),
                                vuln_iterator_qod (&vulns));
 
       // results for the vulnerability

src/manage.c

@@ -5575,7 +5575,7 @@ get_nvt_xml (iterator_t *nvts, int details, int pref_count,
                               "<category>%d</category>"
                               "<family>%s</family>"
                               "<cvss_base>%s</cvss_base>"
-                              "<severities score=\"%i\">",
+                              "<severities score=\"%s\">",
                               oid,
                               name_text,
                               get_iterator_creation_time (nvts)
@@ -5590,7 +5590,9 @@ get_nvt_xml (iterator_t *nvts, int details, int pref_count,
                               nvt_iterator_cvss_base (nvts)
                                ? nvt_iterator_cvss_base (nvts)
                                : "",
-                              nvt_iterator_score (nvts));
+                              nvt_iterator_cvss_base (nvts)
+                               ? nvt_iterator_cvss_base (nvts)
+                               : "");
 
       init_nvt_severity_iterator (&severities, oid);
       while (next (&severities))
@@ -5600,7 +5602,7 @@ get_nvt_xml (iterator_t *nvts, int details, int pref_count,
                "<severity type=\"%s\">"
                "<origin>%s</origin>"
                "<date>%s</date>"
-               "<score>%i</score>"
+               "<score>%0.1f</score>"
                "<value>%s</value>"
                "</severity>",
                nvt_severity_iterator_type (&severities),

src/manage.h

@@ -1409,9 +1409,6 @@ result_iterator_nvt_cvss_base (iterator_t *);
 const char*
 result_iterator_nvt_tag (iterator_t *);
 
-int
-result_iterator_nvt_score (iterator_t *);
-
 const char*
 result_iterator_descr (iterator_t*);
 
@@ -1433,9 +1430,6 @@ result_iterator_severity (iterator_t *);
 double
 result_iterator_severity_double (iterator_t *);
 
-int
-result_iterator_score (iterator_t *);
-
 const char*
 result_iterator_original_level (iterator_t*);
 
@@ -1851,9 +1845,6 @@ nvt_iterator_solution_type (iterator_t*);
 const char*
 nvt_iterator_solution_method (iterator_t*);
 
-int
-nvt_iterator_score (iterator_t *);
-
 char*
 nvt_default_timeout (const char *);
 
@@ -1992,7 +1983,7 @@ nvt_severity_iterator_origin (iterator_t *);
 const char *
 nvt_severity_iterator_date (iterator_t *);
 
-int
+double
 nvt_severity_iterator_score (iterator_t *);
 
 const char *
@@ -3511,9 +3502,6 @@ vuln_iterator_hosts (iterator_t*);
 double
 vuln_iterator_severity (iterator_t*);
 
-int
-vuln_iterator_score (iterator_t*);
-
 int
 vuln_iterator_qod (iterator_t*);
 

src/manage_migrators.c

@@ -2445,10 +2445,7 @@ migrate_236_to_237 ()
 
   /* Update the database. */
 
-  /* NVT scores were introduced, for handling extended severities. */
-
-  sql ("ALTER TABLE nvts ADD column score integer;");
-  sql ("UPDATE nvts SET score = (cvss_base::float * 10)::integer;");
+  /* This previously added a "score" column to the nvts table */
 
   /* Set the database version to 237. */
 
@@ -2479,13 +2476,8 @@ migrate_237_to_238 ()
 
   /* Update the database. */
 
-  /* Table results also got a score column, for extended severities. */
-
-  sql ("ALTER TABLE results ADD column score integer;");
-  sql ("UPDATE results SET score = (severity::float * 10)::integer;");
-
-  sql ("ALTER TABLE results_trash ADD column score integer;");
-  sql ("UPDATE results_trash SET score = (severity::float * 10)::integer;");
+  /* This previously added a "score" column to the results and results_trash
+   * tables. */
 
   /* Set the database version to 238. */
 
@@ -2603,6 +2595,52 @@ migrate_240_to_241 ()
   return 0;
 }
 
+/**
+ * @brief Migrate the database from version 241 to version 242.
+ *
+ * @return 0 success, -1 error.
+ */
+int
+migrate_241_to_242 ()
+{
+  sql_begin_immediate ();
+
+  /* Ensure that the database is currently version 241. */
+
+  if (manage_db_version () != 241)
+    {
+      sql_rollback ();
+      return -1;
+    }
+
+  /* Update the database. */
+
+  /* Remove score columns from results and nvts if they were added in
+   *  migrations to previous versions.
+   */
+
+  sql ("DROP VIEW IF EXISTS vulns;");
+
+  sql ("ALTER TABLE nvts DROP COLUMN IF EXISTS score;");
+
+  sql ("ALTER TABLE results DROP COLUMN IF EXISTS score;");
+
+  sql ("ALTER TABLE results_trash DROP COLUMN IF EXISTS score;");
+
+  /* Change the vt_severities table to a CVSS score */
+  sql ("ALTER TABLE vt_severities ALTER COLUMN score"
+       " SET DATA TYPE double precision;");
+  sql ("UPDATE vt_severities SET score = round(score / 10.0, 1);");
+
+  /* Set the database version to 242. */
+
+  set_db_version (242);
+
+  sql_commit ();
+
+  return 0;
+}
+
 #undef UPDATE_DASHBOARD_SETTINGS
 
 /**
@@ -2650,6 +2688,7 @@ static migrator_t database_migrators[] = {
   {239, migrate_238_to_239},
   {240, migrate_239_to_240},
   {241, migrate_240_to_241},
+  {242, migrate_241_to_242},
   /* End marker. */
   {-1, NULL}};
 

src/manage_pg.c

@@ -1641,7 +1641,7 @@ create_view_vulns ()
          " AS (SELECT DISTINCT nvt FROM results"
          "     WHERE (results.severity != " G_STRINGIFY (SEVERITY_ERROR) "))"
          " SELECT id, uuid, name, creation_time, modification_time,"
-         "        score / 10.0 AS severity, qod, 'nvt' AS type"
+         "        cvss_base::double precision AS severity, qod, 'nvt' AS type"
          " FROM nvts"
          " WHERE uuid in (SELECT * FROM used_nvts)"
          " UNION SELECT id, uuid, name, creation_time, modification_time,"
@@ -1662,7 +1662,7 @@ create_view_vulns ()
          " AS (SELECT DISTINCT nvt FROM results"
          "     WHERE (results.severity != " G_STRINGIFY (SEVERITY_ERROR) "))"
          " SELECT id, uuid, name, creation_time, modification_time,"
-         "        score / 10.0 AS severity, qod, 'nvt' AS type"
+         "        cvss_base::double precision AS severity, qod, 'nvt' AS type"
          " FROM nvts"
          " WHERE uuid in (SELECT * FROM used_nvts)");
 }
@@ -2358,7 +2358,6 @@ create_tables ()
        "  report integer REFERENCES reports (id) ON DELETE RESTRICT,"
        "  nvt_version text,"
        "  severity real,"
-       "  score integer,"
        "  qod integer,"
        "  qod_type text,"
        "  owner integer REFERENCES users (id) ON DELETE RESTRICT,"
@@ -2379,7 +2378,6 @@ create_tables ()
        "  report integer REFERENCES reports (id) ON DELETE RESTRICT,"
        "  nvt_version text,"
        "  severity real,"
-       "  score integer,"
        "  qod integer,"
        "  qod_type text,"
        "  owner integer REFERENCES users (id) ON DELETE RESTRICT,"
@@ -2510,7 +2508,7 @@ create_tables ()
        "  type text NOT NULL,"
        "  origin text,"
        "  date integer,"
-       "  score integer,"
+       "  score double precision,"
        "  value text);");
 
   sql ("CREATE TABLE IF NOT EXISTS nvt_preferences"
@@ -2533,7 +2531,6 @@ create_tables ()
        "  category text,"
        "  family text,"
        "  cvss_base text,"
-       "  score integer,"
        "  creation_time integer,"
        "  modification_time integer,"
        "  solution text,"