Merge pull request #1477 from timopollmeier/revert-integer-scores-nvts

Use CVSS severity in NVTs, vulns and results again
greenbone · Apr 9, 2021 · eff3d49 · eff3d49
2 parents db55d6b + 5b5a9b8
commit eff3d49
Show file tree

Hide file tree

Showing 11 changed files with 101 additions and 192 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,7 +7,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 ## [21.4] (unreleased)
 
 ### Added
-- Extend GMP for extended severities [#1326](https://github.com/greenbone/gvmd/pull/1326) [#1329](https://github.com/greenbone/gvmd/pull/1329) [#1359](https://github.com/greenbone/gvmd/pull/1359) [#1371](https://github.com/greenbone/gvmd/pull/1371)
+- Extend GMP for extended severities [#1326](https://github.com/greenbone/gvmd/pull/1326) [#1329](https://github.com/greenbone/gvmd/pull/1329) [#1359](https://github.com/greenbone/gvmd/pull/1359) [#1371](https://github.com/greenbone/gvmd/pull/1371) [#1477](https://github.com/greenbone/gvmd/pull/1477)
 - Parameter `--db-user` to set a database user [#1327](https://github.com/greenbone/gvmd/pull/1327)
 - Add `allow_simultaneous_ips` field for targets [#1346](https://github.com/greenbone/gvmd/pull/1346) [#1396](https://github.com/greenbone/gvmd/pull/1396)
 - Speed up GET_VULNS [#1354](https://github.com/greenbone/gvmd/pull/1354) [#1355](https://github.com/greenbone/gvmd/pull/1354)

diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -96,7 +96,7 @@ include (CPack)
 
 ## Variables
 
-set (GVMD_DATABASE_VERSION 241)
+set (GVMD_DATABASE_VERSION 242)
 
 set (GVMD_SCAP_DATABASE_VERSION 18)
 

diff --git a/src/gmp.c b/src/gmp.c
@@ -9132,12 +9132,12 @@ results_xml_append_nvt (iterator_t *results, GString *buffer, int cert_loaded)
                                     "<name>%s</name>"
                                     "<family>%s</family>"
                                     "<cvss_base>%s</cvss_base>"
-                                    "<severities score=\"%i\">",
+                                    "<severities score=\"%s\">",
                                     oid,
                                     result_iterator_nvt_name (results) ?: oid,
                                     result_iterator_nvt_family (results) ?: "",
                                     cvss_base ?: "",
-                                    result_iterator_nvt_score (results));
+                                    cvss_base ?: "");
 
           init_nvt_severity_iterator (&severities, oid);
           while (next (&severities))
@@ -9147,7 +9147,7 @@ results_xml_append_nvt (iterator_t *results, GString *buffer, int cert_loaded)
                    "<severity type=\"%s\">"
                    "<origin>%s</origin>"
                    "<date>%s</date>"
-                   "<score>%i</score>"
+                   "<score>%0.1f</score>"
                    "<value>%s</value>"
                    "</severity>",
                    nvt_severity_iterator_type (&severities),
@@ -9439,10 +9439,8 @@ buffer_results_xml (GString *buffer, iterator_t *results, task_t task,
   buffer_xml_append_printf
    (buffer,
     "<severity>%.1f</severity>"
-    "<score>%i</score>"
     "<qod><value>%s</value>",
     result_iterator_severity_double (results),
-    result_iterator_score (results),
     qod ? qod : "");
 
   if (qod_type && strlen (qod_type))
@@ -17775,15 +17773,13 @@ handle_get_vulns (gmp_parser_t *gmp_parser, GError **error)
                                "<creation_time>%s</creation_time>"
                                "<modification_time>%s</modification_time>"
                                "<severity>%1.1f</severity>"
-                               "<score>%i</score>"
                                "<qod>%d</qod>",
                                get_iterator_uuid (&vulns),
                                get_iterator_name (&vulns),
                                vuln_iterator_type (&vulns),
                                get_iterator_creation_time (&vulns),
                                get_iterator_modification_time (&vulns),
                                vuln_iterator_severity (&vulns),
-                               vuln_iterator_score (&vulns),
                                vuln_iterator_qod (&vulns));
 
       // results for the vulnerability

diff --git a/src/manage.c b/src/manage.c
@@ -5575,7 +5575,7 @@ get_nvt_xml (iterator_t *nvts, int details, int pref_count,
                               "<category>%d</category>"
                               "<family>%s</family>"
                               "<cvss_base>%s</cvss_base>"
-                              "<severities score=\"%i\">",
+                              "<severities score=\"%s\">",
                               oid,
                               name_text,
                               get_iterator_creation_time (nvts)
@@ -5590,7 +5590,9 @@ get_nvt_xml (iterator_t *nvts, int details, int pref_count,
                               nvt_iterator_cvss_base (nvts)
                                ? nvt_iterator_cvss_base (nvts)
                                : "",
-                              nvt_iterator_score (nvts));
+                              nvt_iterator_cvss_base (nvts)
+                               ? nvt_iterator_cvss_base (nvts)
+                               : "");
 
       init_nvt_severity_iterator (&severities, oid);
       while (next (&severities))
@@ -5600,7 +5602,7 @@ get_nvt_xml (iterator_t *nvts, int details, int pref_count,
                "<severity type=\"%s\">"
                "<origin>%s</origin>"
                "<date>%s</date>"
-               "<score>%i</score>"
+               "<score>%0.1f</score>"
                "<value>%s</value>"
                "</severity>",
                nvt_severity_iterator_type (&severities),

diff --git a/src/manage.h b/src/manage.h
@@ -1409,9 +1409,6 @@ result_iterator_nvt_cvss_base (iterator_t *);
 const char*
 result_iterator_nvt_tag (iterator_t *);
 
-int
-result_iterator_nvt_score (iterator_t *);
-
 const char*
 result_iterator_descr (iterator_t*);
 
@@ -1433,9 +1430,6 @@ result_iterator_severity (iterator_t *);
 double
 result_iterator_severity_double (iterator_t *);
 
-int
-result_iterator_score (iterator_t *);
-
 const char*
 result_iterator_original_level (iterator_t*);
 
@@ -1851,9 +1845,6 @@ nvt_iterator_solution_type (iterator_t*);
 const char*
 nvt_iterator_solution_method (iterator_t*);
 
-int
-nvt_iterator_score (iterator_t *);
-
 char*
 nvt_default_timeout (const char *);
 
@@ -1992,7 +1983,7 @@ nvt_severity_iterator_origin (iterator_t *);
 const char *
 nvt_severity_iterator_date (iterator_t *);
 
-int
+double
 nvt_severity_iterator_score (iterator_t *);
 
 const char *
@@ -3511,9 +3502,6 @@ vuln_iterator_hosts (iterator_t*);
 double
 vuln_iterator_severity (iterator_t*);
 
-int
-vuln_iterator_score (iterator_t*);
-
 int
 vuln_iterator_qod (iterator_t*);
 

diff --git a/src/manage_migrators.c b/src/manage_migrators.c
@@ -2445,10 +2445,7 @@ migrate_236_to_237 ()
 
   /* Update the database. */
 
-  /* NVT scores were introduced, for handling extended severities. */
-
-  sql ("ALTER TABLE nvts ADD column score integer;");
-  sql ("UPDATE nvts SET score = (cvss_base::float * 10)::integer;");
+  /* This previously added a "score" column to the nvts table */
 
   /* Set the database version to 237. */
 
@@ -2479,13 +2476,8 @@ migrate_237_to_238 ()
 
   /* Update the database. */
 
-  /* Table results also got a score column, for extended severities. */
-
-  sql ("ALTER TABLE results ADD column score integer;");
-  sql ("UPDATE results SET score = (severity::float * 10)::integer;");
-
-  sql ("ALTER TABLE results_trash ADD column score integer;");
-  sql ("UPDATE results_trash SET score = (severity::float * 10)::integer;");
+  /* This previously added a "score" column to the results and results_trash
+   * tables. */
 
   /* Set the database version to 238. */
 
@@ -2603,6 +2595,52 @@ migrate_240_to_241 ()
   return 0;
 }
 
+/**
+ * @brief Migrate the database from version 241 to version 242.
+ *
+ * @return 0 success, -1 error.
+ */
+int
+migrate_241_to_242 ()
+{
+  sql_begin_immediate ();
+
+  /* Ensure that the database is currently version 241. */
+
+  if (manage_db_version () != 241)
+    {
+      sql_rollback ();
+      return -1;
+    }
+
+  /* Update the database. */
+
+  /* Remove score columns from results and nvts if they were added in
+   *  migrations to previous versions.
+   */
+
+  sql ("DROP VIEW IF EXISTS vulns;");
+
+  sql ("ALTER TABLE nvts DROP COLUMN IF EXISTS score;");
+
+  sql ("ALTER TABLE results DROP COLUMN IF EXISTS score;");
+
+  sql ("ALTER TABLE results_trash DROP COLUMN IF EXISTS score;");
+
+  /* Change the vt_severities table to a CVSS score */
+  sql ("ALTER TABLE vt_severities ALTER COLUMN score"
+       " SET DATA TYPE double precision;");
+  sql ("UPDATE vt_severities SET score = round(score / 10.0, 1);");
+
+  /* Set the database version to 242. */
+
+  set_db_version (242);
+
+  sql_commit ();
+
+  return 0;
+}
+
 #undef UPDATE_DASHBOARD_SETTINGS
 
 /**
@@ -2650,6 +2688,7 @@ static migrator_t database_migrators[] = {
   {239, migrate_238_to_239},
   {240, migrate_239_to_240},
   {241, migrate_240_to_241},
+  {242, migrate_241_to_242},
   /* End marker. */
   {-1, NULL}};
 

diff --git a/src/manage_pg.c b/src/manage_pg.c
@@ -1641,7 +1641,7 @@ create_view_vulns ()
          " AS (SELECT DISTINCT nvt FROM results"
          "     WHERE (results.severity != " G_STRINGIFY (SEVERITY_ERROR) "))"
          " SELECT id, uuid, name, creation_time, modification_time,"
-         "        score / 10.0 AS severity, qod, 'nvt' AS type"
+         "        cvss_base::double precision AS severity, qod, 'nvt' AS type"
          " FROM nvts"
          " WHERE uuid in (SELECT * FROM used_nvts)"
          " UNION SELECT id, uuid, name, creation_time, modification_time,"
@@ -1662,7 +1662,7 @@ create_view_vulns ()
          " AS (SELECT DISTINCT nvt FROM results"
          "     WHERE (results.severity != " G_STRINGIFY (SEVERITY_ERROR) "))"
          " SELECT id, uuid, name, creation_time, modification_time,"
-         "        score / 10.0 AS severity, qod, 'nvt' AS type"
+         "        cvss_base::double precision AS severity, qod, 'nvt' AS type"
          " FROM nvts"
          " WHERE uuid in (SELECT * FROM used_nvts)");
 }
@@ -2358,7 +2358,6 @@ create_tables ()
        "  report integer REFERENCES reports (id) ON DELETE RESTRICT,"
        "  nvt_version text,"
        "  severity real,"
-       "  score integer,"
        "  qod integer,"
        "  qod_type text,"
        "  owner integer REFERENCES users (id) ON DELETE RESTRICT,"
@@ -2379,7 +2378,6 @@ create_tables ()
        "  report integer REFERENCES reports (id) ON DELETE RESTRICT,"
        "  nvt_version text,"
        "  severity real,"
-       "  score integer,"
        "  qod integer,"
        "  qod_type text,"
        "  owner integer REFERENCES users (id) ON DELETE RESTRICT,"
@@ -2510,7 +2508,7 @@ create_tables ()
        "  type text NOT NULL,"
        "  origin text,"
        "  date integer,"
-       "  score integer,"
+       "  score double precision,"
        "  value text);");
 
   sql ("CREATE TABLE IF NOT EXISTS nvt_preferences"
@@ -2533,7 +2531,6 @@ create_tables ()
        "  category text,"
        "  family text,"
        "  cvss_base text,"
-       "  score integer,"
        "  creation_time integer,"
        "  modification_time integer,"
        "  solution text,"