From ea48fe861e99887eb86d26b0c16acd2e11b9c6ec Mon Sep 17 00:00:00 2001
From: Jan-Oliver Wagner <jan-oliver.wagner@greenbone.net>
Date: Wed, 2 Sep 2020 19:40:15 +0200
Subject: [PATCH 01/22] Retrurn only nist classes for XML 'severity_class'

Returns always the same string with the nist classes.
'pci-dss' is removed.
---
 src/manage_sql.c | 29 ++---------------------------
 1 file changed, 2 insertions(+), 27 deletions(-)

diff --git a/src/manage_sql.c b/src/manage_sql.c
index d282ec4e6..aaca6c1a9 100644
--- a/src/manage_sql.c
+++ b/src/manage_sql.c
@@ -26039,34 +26039,11 @@ report_progress (report_t report)
 /**
  * @brief Buffer XML for a severity class.
  *
- * @param[in]  severity  Severity name.
- *
  * @return Freshly allocated XML on success, else NULL.
  */
 static gchar *
-severity_class_xml (const gchar *severity)
+severity_class_xml (void)
 {
-  if (!severity)
-    return NULL;
-
-  if (strcmp (severity, "pci-dss") == 0)
-    return g_strdup_printf ("<severity_class"
-                            " id=\"e442e476-89e1-11e3-bfc6-406186ea4fc5\">"
-                            "<name>pci-dss</name>"
-                            "<full_name>PCI-DSS</full_name>"
-                            "<severity_range>"
-                            "<name>None</name>"
-                            "<min>0.0</min>"
-                            "<max>3.9</max>"
-                            "</severity_range>"
-                            "<severity_range>"
-                            "<name>High</name>"
-                            "<min>4.0</min>"
-                            "<max>10.0</max>"
-                            "</severity_range>"
-                            "</severity_class>");
-
-  /* "nist", any other class defaults to "nist" */
   return g_strdup_printf ("<severity_class"
                           " id=\"d4c74cda-89e1-11e3-9c29-406186ea4fc5\">"
                           "<name>nist</name>"
@@ -27455,11 +27432,9 @@ print_report_xml_start (report_t report, report_t delta, task_t task,
   g_string_free (filters_buffer, TRUE);
 
   {
-    const char *severity_setting;
     gchar *class_xml;
 
-    severity_setting = setting_severity ();
-    class_xml = severity_class_xml (severity_setting);
+    class_xml = severity_class_xml ();
     if (class_xml)
       {
         PRINT_XML (out, class_xml);

From c8378ebb8e502631f4d372781bdf796adbcd36d8 Mon Sep 17 00:00:00 2001
From: Jan-Oliver Wagner <jan-oliver.wagner@greenbone.net>
Date: Wed, 2 Sep 2020 20:02:28 +0200
Subject: [PATCH 02/22] Drop severity computations for class pci-dss

The nist classes are now always applied for the
computations.
---
 src/manage_utils.c | 52 ++++++++++++++--------------------------------
 1 file changed, 16 insertions(+), 36 deletions(-)

diff --git a/src/manage_utils.c b/src/manage_utils.c
index c060b240e..c674c08c8 100644
--- a/src/manage_utils.c
+++ b/src/manage_utils.c
@@ -198,25 +198,15 @@ level_min_severity (const char *level, const char *class)
     return SEVERITY_DEBUG;
   else if (strcasecmp (level, "Error") == 0)
     return SEVERITY_ERROR;
-  else if (strcasecmp (class, "pci-dss") == 0)
-    {
-      if (strcasecmp (level, "high") == 0)
-        return 4.0;
-      else
-        return SEVERITY_UNDEFINED;
-    }
+
+  if (strcasecmp (level, "high") == 0)
+    return 7.0;
+  else if (strcasecmp (level, "medium") == 0)
+    return 4.0;
+  else if (strcasecmp (level, "low") == 0)
+    return 0.1;
   else
-    {
-      /* NIST */
-      if (strcasecmp (level, "high") == 0)
-        return 7.0;
-      else if (strcasecmp (level, "medium") == 0)
-        return 4.0;
-      else if (strcasecmp (level, "low") == 0)
-        return 0.1;
-      else
-        return SEVERITY_UNDEFINED;
-    }
+    return SEVERITY_UNDEFINED;
 }
 
 /**
@@ -241,25 +231,15 @@ level_max_severity (const char *level, const char *class)
     return SEVERITY_DEBUG;
   else if (strcasecmp (level, "Error") == 0)
     return SEVERITY_ERROR;
-  else if (strcasecmp (class, "pci-dss") == 0)
-    {
-      if (strcasecmp (level, "high") == 0)
-        return 10.0;
-      else
-        return SEVERITY_UNDEFINED;
-    }
+
+  if (strcasecmp (level, "high") == 0)
+    return 10.0;
+  else if (strcasecmp (level, "medium") == 0)
+    return 6.9;
+  else if (strcasecmp (level, "low") == 0)
+    return 3.9;
   else
-    {
-      /* NIST */
-      if (strcasecmp (level, "high") == 0)
-        return 10.0;
-      else if (strcasecmp (level, "medium") == 0)
-        return 6.9;
-      else if (strcasecmp (level, "low") == 0)
-        return 3.9;
-      else
-        return SEVERITY_UNDEFINED;
-    }
+    return SEVERITY_UNDEFINED;
 }
 
 /**

From 9331d95fd2da8943f2089378ae49c617296db76d Mon Sep 17 00:00:00 2001
From: Jan-Oliver Wagner <jan-oliver.wagner@greenbone.net>
Date: Wed, 2 Sep 2020 20:13:51 +0200
Subject: [PATCH 03/22] Drop severiy computation for class pci-dss

The computations for class 'nist' are now always
applied.
---
 src/manage.c | 34 +++++++++-------------------------
 1 file changed, 9 insertions(+), 25 deletions(-)

diff --git a/src/manage.c b/src/manage.c
index bbcfb276e..05440324b 100644
--- a/src/manage.c
+++ b/src/manage.c
@@ -853,32 +853,16 @@ message_type_threat (const char *type)
 int
 severity_in_level (double severity, const char *level)
 {
-  const char *class;
+  if (strcmp (level, "high") == 0)
+    return severity >= 7 && severity <= 10;
+  else if (strcmp (level, "medium") == 0)
+    return severity >= 4 && severity < 7;
+  else if (strcmp (level, "low") == 0)
+    return severity > 0 && severity < 4;
+  else if (strcmp (level, "none") == 0  || strcmp (level, "log") == 0)
+    return severity == 0;
 
-  class = setting_severity ();
-  if (strcmp (class, "pci-dss") == 0)
-    {
-      if (strcmp (level, "high") == 0)
-        return severity >= 4.0;
-      else if (strcmp (level, "none") == 0 || strcmp (level, "log") == 0)
-        return severity >= 0.0 && severity < 4.0;
-      else
-        return 0;
-    }
-  else
-    {
-      /* NIST */
-      if (strcmp (level, "high") == 0)
-        return severity >= 7 && severity <= 10;
-      else if (strcmp (level, "medium") == 0)
-        return severity >= 4 && severity < 7;
-      else if (strcmp (level, "low") == 0)
-        return severity > 0 && severity < 4;
-      else if (strcmp (level, "none") == 0  || strcmp (level, "log") == 0)
-        return severity == 0;
-      else
-        return 0;
-    }
+  return 0;
 }
 
 /**

From ebff096f01221cf7beb617fc53ade12be4dba398 Mon Sep 17 00:00:00 2001
From: Jan-Oliver Wagner <jan-oliver.wagner@greenbone.net>
Date: Wed, 2 Sep 2020 20:42:00 +0200
Subject: [PATCH 04/22] Drop SQL computations for class 'pci-dss'

Now always the nist classes are applied.
---
 src/manage_pg.c | 35 ++++-------------------------------
 1 file changed, 4 insertions(+), 31 deletions(-)

diff --git a/src/manage_pg.c b/src/manage_pg.c
index 97754de77..605deeed8 100644
--- a/src/manage_pg.c
+++ b/src/manage_pg.c
@@ -1,4 +1,4 @@
-/* Copyright (C) 2014-2019 Greenbone Networks GmbH
+/* Copyright (C) 2014-2020 Greenbone Networks GmbH
  *
  * SPDX-License-Identifier: AGPL-3.0-or-later
  *
@@ -230,14 +230,7 @@ manage_create_sql_functions ()
        "      v := " G_STRINGIFY (SEVERITY_DEBUG) ";"
        "    WHEN lower (lvl) = 'error' THEN"
        "      v :=  " G_STRINGIFY (SEVERITY_ERROR) ";"
-       "    WHEN cls = 'pci-dss' THEN"
-       "      CASE"
-       "        WHEN  lower (lvl) = 'high' THEN"
-       "          v := 10.0;"
-       "        ELSE"
-       "          v := " G_STRINGIFY (SEVERITY_UNDEFINED) ";"
-       "        END CASE;"
-       "    ELSE" // NIST.
+       "    ELSE"
        "      CASE"
        "        WHEN lower (lvl) = 'high' THEN"
        "          v := 10.0;"
@@ -271,14 +264,7 @@ manage_create_sql_functions ()
        "      v := " G_STRINGIFY (SEVERITY_DEBUG) ";"
        "    WHEN lower (lvl) = 'error' THEN"
        "      v :=  " G_STRINGIFY (SEVERITY_ERROR) ";"
-       "    WHEN cls = 'pci-dss' THEN"
-       "      CASE"
-       "        WHEN  lower (lvl) = 'high' THEN"
-       "          v := 4.0;"
-       "        ELSE"
-       "          v := " G_STRINGIFY (SEVERITY_UNDEFINED) ";"
-       "        END CASE;"
-       "    ELSE" // NIST.
+       "    ELSE"
        "      CASE"
        "        WHEN lower (lvl) = 'high' THEN"
        "          v := 7.0;"
@@ -1457,18 +1443,6 @@ manage_create_sql_functions ()
            "                                              text,"
            "                                              text)"
            " RETURNS boolean AS $$"
-           "  SELECT CASE $3"
-           "         WHEN 'pci-dss'"
-           "         THEN (CASE lower ($2)"
-           "               WHEN 'high'"
-           "               THEN $1 >= 4.0"
-           "               WHEN 'none'"
-           "               THEN $1 >= 0.0 AND $1 < 4.0"
-           "               WHEN 'log'"
-           "               THEN $1 >= 0.0 AND $1 < 4.0"
-           "               ELSE 0::boolean"
-           "               END)"
-           "         ELSE " /* NIST */
            "              (CASE lower ($2)"
            "               WHEN 'high'"
            "               THEN $1 >= 7"
@@ -1484,8 +1458,7 @@ manage_create_sql_functions ()
            "               WHEN 'log'"
            "               THEN $1 = 0"
            "               ELSE 0::boolean"
-           "               END)"
-           "         END;"
+           "               END);"
            "$$ LANGUAGE SQL;");
 
       sql ("CREATE OR REPLACE FUNCTION severity_in_level (double precision,"

From e55f69a4b68297ef8857dac24cbac46df7d7eb5b Mon Sep 17 00:00:00 2001
From: Jan-Oliver Wagner <jan-oliver.wagner@greenbone.net>
Date: Wed, 2 Sep 2020 22:18:04 +0200
Subject: [PATCH 05/22] Fix syntax error in SQL from last commit

---
 src/manage_pg.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/src/manage_pg.c b/src/manage_pg.c
index 605deeed8..b2afd4614 100644
--- a/src/manage_pg.c
+++ b/src/manage_pg.c
@@ -1443,12 +1443,10 @@ manage_create_sql_functions ()
            "                                              text,"
            "                                              text)"
            " RETURNS boolean AS $$"
-           "              (CASE lower ($2)"
+           "              (SELECT CASE lower ($2)"
            "               WHEN 'high'"
            "               THEN $1 >= 7"
            "                    AND $1 <= 10"
-           "               WHEN 'medium'"
-           "               THEN $1 >= 4"
            "                    AND $1 < 7"
            "               WHEN 'low'"
            "               THEN $1 > 0"

From d32f7b6c754baeefe7bf594fe702ac0f4b6e64c9 Mon Sep 17 00:00:00 2001
From: Jan-Oliver Wagner <jan-oliver.wagner@greenbone.net>
Date: Wed, 2 Sep 2020 22:40:27 +0200
Subject: [PATCH 06/22] Do not retrieve severity class from user settings

The nist classes are applied anway, so do not pull
the user setting about classes.
---
 src/manage_pg.c | 9 +--------
 1 file changed, 1 insertion(+), 8 deletions(-)

diff --git a/src/manage_pg.c b/src/manage_pg.c
index b2afd4614..9fc5bf12d 100644
--- a/src/manage_pg.c
+++ b/src/manage_pg.c
@@ -1465,14 +1465,7 @@ manage_create_sql_functions ()
            " SELECT severity_in_level"
            "         ($1,"
            "          $2,"
-           "          (SELECT value FROM settings"
-           "           WHERE name = 'Severity Class'"
-           "           AND ((owner IS NULL)"
-           "                OR (owner = (SELECT id FROM users"
-           "                             WHERE users.uuid"
-           "                                   = (SELECT current_setting"
-           "                                              ('gvmd.user.uuid')))))"
-           "           ORDER BY coalesce (owner, 0) DESC LIMIT 1))"
+           "          'dummy')"
            "$$ LANGUAGE SQL"
            " STABLE;");
 

From 30caeb2b73f50cceb43730bc2f66cc61351d0249 Mon Sep 17 00:00:00 2001
From: Jan-Oliver Wagner <jan-oliver.wagner@greenbone.net>
Date: Wed, 2 Sep 2020 22:59:04 +0200
Subject: [PATCH 07/22] Do severity class evaluation directly

Copy over the actual evaluation into the main severity_in_level
SQL function.
---
 src/manage_pg.c | 18 ++++++++++++++----
 1 file changed, 14 insertions(+), 4 deletions(-)

diff --git a/src/manage_pg.c b/src/manage_pg.c
index 9fc5bf12d..d63e1ee05 100644
--- a/src/manage_pg.c
+++ b/src/manage_pg.c
@@ -1462,10 +1462,20 @@ manage_create_sql_functions ()
       sql ("CREATE OR REPLACE FUNCTION severity_in_level (double precision,"
            "                                              text)"
            " RETURNS boolean AS $$"
-           " SELECT severity_in_level"
-           "         ($1,"
-           "          $2,"
-           "          'dummy')"
+           "              (SELECT CASE lower ($2)"
+           "               WHEN 'high'"
+           "               THEN $1 >= 7"
+           "                    AND $1 <= 10"
+           "                    AND $1 < 7"
+           "               WHEN 'low'"
+           "               THEN $1 > 0"
+           "                    AND $1 < 4"
+           "               WHEN 'none'"
+           "               THEN $1 = 0"
+           "               WHEN 'log'"
+           "               THEN $1 = 0"
+           "               ELSE 0::boolean"
+           "               END);"
            "$$ LANGUAGE SQL"
            " STABLE;");
 

From f100ce064a78f418f0cb247793fcbaa8c1bec2d5 Mon Sep 17 00:00:00 2001
From: Jan-Oliver Wagner <jan-oliver.wagner@greenbone.net>
Date: Wed, 2 Sep 2020 23:12:57 +0200
Subject: [PATCH 08/22] Remove now unused SQL function.

---
 src/manage_pg.c | 20 --------------------
 1 file changed, 20 deletions(-)

diff --git a/src/manage_pg.c b/src/manage_pg.c
index d63e1ee05..55cdb63fc 100644
--- a/src/manage_pg.c
+++ b/src/manage_pg.c
@@ -1439,26 +1439,6 @@ manage_create_sql_functions ()
                " ::integer;",
                sql_database ()))
     {
-      sql ("CREATE OR REPLACE FUNCTION severity_in_level (double precision,"
-           "                                              text,"
-           "                                              text)"
-           " RETURNS boolean AS $$"
-           "              (SELECT CASE lower ($2)"
-           "               WHEN 'high'"
-           "               THEN $1 >= 7"
-           "                    AND $1 <= 10"
-           "                    AND $1 < 7"
-           "               WHEN 'low'"
-           "               THEN $1 > 0"
-           "                    AND $1 < 4"
-           "               WHEN 'none'"
-           "               THEN $1 = 0"
-           "               WHEN 'log'"
-           "               THEN $1 = 0"
-           "               ELSE 0::boolean"
-           "               END);"
-           "$$ LANGUAGE SQL;");
-
       sql ("CREATE OR REPLACE FUNCTION severity_in_level (double precision,"
            "                                              text)"
            " RETURNS boolean AS $$"

From 889c0b71a031eb2cc91352196ee9d76e8f0ff606 Mon Sep 17 00:00:00 2001
From: Jan-Oliver Wagner <jan-oliver.wagner@greenbone.net>
Date: Thu, 3 Sep 2020 00:12:26 +0200
Subject: [PATCH 09/22] Resolve setting_severity().

The places where it was called use the default string
'nist' directly.
---
 src/gmp.c        |  2 +-
 src/manage.h     |  3 ---
 src/manage_sql.c | 15 +--------------
 3 files changed, 2 insertions(+), 18 deletions(-)

diff --git a/src/gmp.c b/src/gmp.c
index 79adf4341..58901987f 100644
--- a/src/gmp.c
+++ b/src/gmp.c
@@ -18583,7 +18583,7 @@ gmp_xml_handle_end_element (/* unused */ GMarkupParseContext* context,
 
                 manage_session_set_timezone (zone);
 
-                severity = setting_severity ();
+                severity = "nist";
                 pw_warning = gvm_validate_password
                               (current_credentials.password,
                                current_credentials.username);
diff --git a/src/manage.h b/src/manage.h
index 11572d36b..a239cfb5c 100644
--- a/src/manage.h
+++ b/src/manage.h
@@ -3259,9 +3259,6 @@ setting_is_default_ca_cert (const gchar *);
 char *
 setting_filter (const char *);
 
-const char *
-setting_severity ();
-
 void
 init_setting_iterator (iterator_t *, const char *, const char *, int, int, int,
                        const char *);
diff --git a/src/manage_sql.c b/src/manage_sql.c
index aaca6c1a9..00249862a 100644
--- a/src/manage_sql.c
+++ b/src/manage_sql.c
@@ -23955,7 +23955,7 @@ report_counts_id_full (report_t report, int* debugs, int* holes, int* infos,
   filtered_requested = (filtered_holes || filtered_warnings || filtered_infos
                         || filtered_logs || filtered_false_positives
                         || filtered_severity);
-  severity_class = setting_severity ();
+  severity_class = "nist";
 
   if (current_credentials.uuid == NULL
       || strcmp (current_credentials.uuid, "") == 0)
@@ -48828,19 +48828,6 @@ setting_filter (const char *resource)
                      current_credentials.uuid);
 }
 
-/**
- * @brief Return the Severity Class user setting.
- *
- * @return User Severity Class in settings if it exists, "" otherwise.
- */
-const char *
-setting_severity ()
-{
-  if (current_credentials.severity_class)
-    return current_credentials.severity_class;
-  return "nist";
-}
-
 /**
  * @brief Return the Default Severity user setting as a double.
  *

From e630516bcf9a18f4a79660bb2589879cead184a3 Mon Sep 17 00:00:00 2001
From: Jan-Oliver Wagner <jan-oliver.wagner@greenbone.net>
Date: Thu, 3 Sep 2020 23:15:43 +0200
Subject: [PATCH 10/22] No need to add the setting about severity classes.

---
 src/manage_sql.c | 10 ----------
 1 file changed, 10 deletions(-)

diff --git a/src/manage_sql.c b/src/manage_sql.c
index 00249862a..f8a72f464 100644
--- a/src/manage_sql.c
+++ b/src/manage_sql.c
@@ -15367,16 +15367,6 @@ check_db_settings ()
          "  'The default maximum number of rows displayed in any listing.',"
          "  1000);");
 
-  if (sql_int ("SELECT count(*) FROM settings"
-               " WHERE uuid = 'f16bb236-a32d-4cd5-a880-e0fcf2599f59'"
-               " AND " ACL_IS_GLOBAL () ";")
-      == 0)
-    sql ("INSERT into settings (uuid, owner, name, comment, value)"
-         " VALUES"
-         " ('f16bb236-a32d-4cd5-a880-e0fcf2599f59', NULL, 'Severity Class',"
-         "  'Severity class used for severity bars.',"
-         "  'nist');");
-
   if (sql_int ("SELECT count(*) FROM settings"
                " WHERE uuid = '77ec2444-e7f2-4a80-a59b-f4237782d93f'"
                " AND " ACL_IS_GLOBAL () ";")

From 4c3f4801e03628e9dd9735db4396114e8f295983 Mon Sep 17 00:00:00 2001
From: Jan-Oliver Wagner <jan-oliver.wagner@greenbone.net>
Date: Thu, 3 Sep 2020 23:21:15 +0200
Subject: [PATCH 11/22] No need to handle severity_class setting.

---
 src/manage_sql.c | 8 --------
 1 file changed, 8 deletions(-)

diff --git a/src/manage_sql.c b/src/manage_sql.c
index f8a72f464..d836248b4 100644
--- a/src/manage_sql.c
+++ b/src/manage_sql.c
@@ -49171,7 +49171,6 @@ modify_setting (const gchar *uuid, const gchar *name,
     }
 
   if (uuid && (strcmp (uuid, SETTING_UUID_ROWS_PER_PAGE) == 0
-               || strcmp (uuid, "f16bb236-a32d-4cd5-a880-e0fcf2599f59") == 0
                || strcmp (uuid, "6765549a-934e-11e3-b358-406186ea4fc5") == 0
                || strcmp (uuid, "77ec2444-e7f2-4a80-a59b-f4237782d93f") == 0
                || strcmp (uuid, "7eda49c5-096c-4bef-b1ab-d080d87300df") == 0
@@ -49277,13 +49276,6 @@ modify_setting (const gchar *uuid, const gchar *name,
             }
         }
 
-      if (strcmp (uuid, "f16bb236-a32d-4cd5-a880-e0fcf2599f59") == 0)
-        {
-          /* Severity Class */
-          g_free (current_credentials.severity_class);
-          current_credentials.severity_class = g_strdup (value);
-        }
-
       if (strcmp (uuid, "77ec2444-e7f2-4a80-a59b-f4237782d93f") == 0)
         {
           /* Dynamic Severity */

From 40d50695d14367de336c0f632b8976b2d5c364a4 Mon Sep 17 00:00:00 2001
From: Jan-Oliver Wagner <jan-oliver.wagner@greenbone.net>
Date: Thu, 3 Sep 2020 23:28:43 +0200
Subject: [PATCH 12/22] Substitute a severity_class variable.

---
 src/manage_sql.c | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/src/manage_sql.c b/src/manage_sql.c
index d836248b4..00a8aa9e1 100644
--- a/src/manage_sql.c
+++ b/src/manage_sql.c
@@ -23936,7 +23936,6 @@ report_counts_id_full (report_t report, int* debugs, int* holes, int* infos,
   keyword_t **point;
   array_t *split;
   int filter_cacheable, unfiltered_requested, filtered_requested, cache_exists;
-  const char *severity_class;
   int override, min_qod_int;
   severity_data_t severity_data, filtered_severity_data;
 
@@ -23945,7 +23944,6 @@ report_counts_id_full (report_t report, int* debugs, int* holes, int* infos,
   filtered_requested = (filtered_holes || filtered_warnings || filtered_infos
                         || filtered_logs || filtered_false_positives
                         || filtered_severity);
-  severity_class = "nist";
 
   if (current_credentials.uuid == NULL
       || strcmp (current_credentials.uuid, "") == 0)
@@ -24054,10 +24052,10 @@ report_counts_id_full (report_t report, int* debugs, int* holes, int* infos,
                               ? &filtered_severity_data : NULL);
     }
 
-  severity_data_level_counts (&severity_data, severity_class,
+  severity_data_level_counts (&severity_data, "nist",
                               NULL, NULL, false_positives,
                               logs, infos, warnings, holes);
-  severity_data_level_counts (&filtered_severity_data, severity_class,
+  severity_data_level_counts (&filtered_severity_data, "nist",
                               NULL, NULL, filtered_false_positives,
                               filtered_logs, filtered_infos,
                               filtered_warnings, filtered_holes);

From f3aa67c487f14d9506e6cd02d7545bb99df39759 Mon Sep 17 00:00:00 2001
From: Jan-Oliver Wagner <jan-oliver.wagner@greenbone.net>
Date: Thu, 3 Sep 2020 23:36:53 +0200
Subject: [PATCH 13/22] Remove param for severity class.

---
 src/manage.c       | 44 +++++++++++++++-----------------------------
 src/manage_utils.c | 12 +++++-------
 src/manage_utils.h |  6 +++---
 3 files changed, 23 insertions(+), 39 deletions(-)

diff --git a/src/manage.c b/src/manage.c
index 05440324b..4062cf858 100644
--- a/src/manage.c
+++ b/src/manage.c
@@ -1,4 +1,4 @@
-/* Copyright (C) 2009-2019 Greenbone Networks GmbH
+/* Copyright (C) 2009-2020 Greenbone Networks GmbH
  *
  * SPDX-License-Identifier: AGPL-3.0-or-later
  *
@@ -1178,58 +1178,44 @@ severity_data_level_counts (const severity_data_t *severity_data,
   if (errors)
     *errors
       = severity_data_range_count (severity_data,
-                                   level_min_severity ("Error",
-                                                       severity_class),
-                                   level_max_severity ("Error",
-                                                       severity_class));
+                                   level_min_severity ("Error"),
+                                   level_max_severity ("Error"));
 
   if (debugs)
     *debugs
       = severity_data_range_count (severity_data,
-                                   level_min_severity ("Debug",
-                                                       severity_class),
-                                   level_max_severity ("Debug",
-                                                       severity_class));
+                                   level_min_severity ("Debug"),
+                                   level_max_severity ("Debug"));
 
   if (false_positives)
     *false_positives
       = severity_data_range_count (severity_data,
-                                   level_min_severity ("False Positive",
-                                                       severity_class),
-                                   level_max_severity ("False Positive",
-                                                       severity_class));
+                                   level_min_severity ("False Positive"),
+                                   level_max_severity ("False Positive"));
 
   if (logs)
     *logs
       = severity_data_range_count (severity_data,
-                                   level_min_severity ("Log",
-                                                       severity_class),
-                                   level_max_severity ("Log",
-                                                       severity_class));
+                                   level_min_severity ("Log"),
+                                   level_max_severity ("Log"));
 
   if (lows)
     *lows
       = severity_data_range_count (severity_data,
-                                   level_min_severity ("low",
-                                                       severity_class),
-                                   level_max_severity ("low",
-                                                       severity_class));
+                                   level_min_severity ("low"),
+                                   level_max_severity ("low"));
 
   if (mediums)
     *mediums
       = severity_data_range_count (severity_data,
-                                   level_min_severity ("medium",
-                                                       severity_class),
-                                   level_max_severity ("medium",
-                                                       severity_class));
+                                   level_min_severity ("medium"),
+                                   level_max_severity ("medium"));
 
   if (highs)
     *highs
       = severity_data_range_count (severity_data,
-                                   level_min_severity ("high",
-                                                       severity_class),
-                                   level_max_severity ("high",
-                                                       severity_class));
+                                   level_min_severity ("high"),
+                                   level_max_severity ("high"));
 }
 
 
diff --git a/src/manage_utils.c b/src/manage_utils.c
index c674c08c8..2385cf7c3 100644
--- a/src/manage_utils.c
+++ b/src/manage_utils.c
@@ -177,18 +177,17 @@ manage_count_hosts_max (const char *given_hosts, const char *exclude_hosts,
 }
 
 /**
- * @brief Get the minimum severity for a severity level and class.
+ * @brief Get the minimum severity for a severity level.
  *
  * This function has a database equivalent in manage_pg_server.c.
  * These two functions must stay in sync.
  *
  * @param[in] level  The name of the severity level.
- * @param[in] class  The severity class, NULL to get from current user setting.
  *
  * @return The minimum severity.
  */
 double
-level_min_severity (const char *level, const char *class)
+level_min_severity (const char *level)
 {
   if (strcasecmp (level, "Log") == 0)
     return SEVERITY_LOG;
@@ -210,18 +209,17 @@ level_min_severity (const char *level, const char *class)
 }
 
 /**
- * @brief Get the minimum severity for a severity level and class.
+ * @brief Get the maximum severity for a severity level.
  *
  * This function has a database equivalent in manage_pg_server.c.
  * These two functions must stay in sync.
  *
  * @param[in] level  The name of the severity level.
- * @param[in] class  The severity class.
  *
- * @return The minimum severity.
+ * @return The maximunm severity.
  */
 double
-level_max_severity (const char *level, const char *class)
+level_max_severity (const char *level)
 {
   if (strcasecmp (level, "Log") == 0)
     return SEVERITY_LOG;
diff --git a/src/manage_utils.h b/src/manage_utils.h
index c47795de4..8894fe6f6 100644
--- a/src/manage_utils.h
+++ b/src/manage_utils.h
@@ -1,4 +1,4 @@
-/* Copyright (C) 2014-2018 Greenbone Networks GmbH
+/* Copyright (C) 2014-2020 Greenbone Networks GmbH
  *
  * SPDX-License-Identifier: AGPL-3.0-or-later
  *
@@ -61,10 +61,10 @@ int
 manage_count_hosts_max (const char *, const char *, int);
 
 double
-level_min_severity (const char *, const char *);
+level_min_severity (const char *);
 
 double
-level_max_severity (const char *, const char *);
+level_max_severity (const char *);
 
 int
 valid_db_resource_type (const char *);

From 1471671f0699b3b5d0ecc84597eba9819825b1a0 Mon Sep 17 00:00:00 2001
From: Jan-Oliver Wagner <jan-oliver.wagner@greenbone.net>
Date: Thu, 3 Sep 2020 23:42:10 +0200
Subject: [PATCH 14/22] Drop now unused param for severity class.

---
 src/manage.c | 2 --
 src/manage.h | 2 +-
 2 files changed, 1 insertion(+), 3 deletions(-)

diff --git a/src/manage.c b/src/manage.c
index 4062cf858..8929fa673 100644
--- a/src/manage.c
+++ b/src/manage.c
@@ -1160,7 +1160,6 @@ severity_data_range_count (const severity_data_t* severity_data,
  * @brief Count the occurrences of severities in the levels.
  *
  * @param[in] severity_data    The severity counts data to evaluate.
- * @param[in] severity_class   The severity class setting to use.
  * @param[out] errors          The number of error messages.
  * @param[out] debugs          The number of debug messages.
  * @param[out] false_positives The number of False Positives.
@@ -1171,7 +1170,6 @@ severity_data_range_count (const severity_data_t* severity_data,
  */
 void
 severity_data_level_counts (const severity_data_t *severity_data,
-                            const gchar *severity_class,
                             int *errors, int *debugs, int *false_positives,
                             int *logs, int *lows, int *mediums, int *highs)
 {
diff --git a/src/manage.h b/src/manage.h
index a239cfb5c..b1c3be71e 100644
--- a/src/manage.h
+++ b/src/manage.h
@@ -1019,7 +1019,7 @@ void
 severity_data_add_count (severity_data_t*, double, int);
 
 void
-severity_data_level_counts (const severity_data_t*, const gchar*,
+severity_data_level_counts (const severity_data_t*,
                             int*, int*, int*, int*, int*, int*, int*);
 
 

From 7143676074d4b96bcebecf2131ee226522a63a77 Mon Sep 17 00:00:00 2001
From: Jan-Oliver Wagner <jan-oliver.wagner@greenbone.net>
Date: Thu, 3 Sep 2020 23:48:37 +0200
Subject: [PATCH 15/22] Resolve one severity class variable.

---
 src/gmp.c        | 11 ++++-------
 src/manage_sql.c |  4 ++--
 2 files changed, 6 insertions(+), 9 deletions(-)

diff --git a/src/gmp.c b/src/gmp.c
index 58901987f..20407d43b 100644
--- a/src/gmp.c
+++ b/src/gmp.c
@@ -18561,7 +18561,7 @@ gmp_xml_handle_end_element (/* unused */ GMarkupParseContext* context,
           {
             case 0:   /* Authentication succeeded. */
               {
-                const char *zone, *severity;
+                const char *zone;
                 char *pw_warning;
 
                 zone = (current_credentials.timezone
@@ -18583,7 +18583,6 @@ gmp_xml_handle_end_element (/* unused */ GMarkupParseContext* context,
 
                 manage_session_set_timezone (zone);
 
-                severity = "nist";
                 pw_warning = gvm_validate_password
                               (current_credentials.password,
                                current_credentials.username);
@@ -18595,14 +18594,13 @@ gmp_xml_handle_end_element (/* unused */ GMarkupParseContext* context,
                     " status_text=\"" STATUS_OK_TEXT "\">"
                     "<role>%s</role>"
                     "<timezone>%s</timezone>"
-                    "<severity>%s</severity>"
+                    "<severity>nist</severity>"
                     "<password_warning>%s</password_warning>"
                     "</authenticate_response>",
                     current_credentials.role
                       ? current_credentials.role
                       : "",
                     zone,
-                    severity,
                     pw_warning ? pw_warning : "");
                 else
                   SENDF_TO_CLIENT_OR_FAIL
@@ -18611,13 +18609,12 @@ gmp_xml_handle_end_element (/* unused */ GMarkupParseContext* context,
                     " status_text=\"" STATUS_OK_TEXT "\">"
                     "<role>%s</role>"
                     "<timezone>%s</timezone>"
-                    "<severity>%s</severity>"
+                    "<severity>nist</severity>"
                     "</authenticate_response>",
                     current_credentials.role
                       ? current_credentials.role
                       : "",
-                    zone,
-                    severity);
+                    zone);
 
                 free (pw_warning);
                 set_client_state (CLIENT_AUTHENTIC);
diff --git a/src/manage_sql.c b/src/manage_sql.c
index 00a8aa9e1..e6360e385 100644
--- a/src/manage_sql.c
+++ b/src/manage_sql.c
@@ -24052,10 +24052,10 @@ report_counts_id_full (report_t report, int* debugs, int* holes, int* infos,
                               ? &filtered_severity_data : NULL);
     }
 
-  severity_data_level_counts (&severity_data, "nist",
+  severity_data_level_counts (&severity_data,
                               NULL, NULL, false_positives,
                               logs, infos, warnings, holes);
-  severity_data_level_counts (&filtered_severity_data, "nist",
+  severity_data_level_counts (&filtered_severity_data,
                               NULL, NULL, filtered_false_positives,
                               filtered_logs, filtered_infos,
                               filtered_warnings, filtered_holes);

From 9387e648235294e17b9e4ddf85ce3ebaba66a574 Mon Sep 17 00:00:00 2001
From: Jan-Oliver Wagner <jan-oliver.wagner@greenbone.net>
Date: Fri, 4 Sep 2020 20:26:09 +0200
Subject: [PATCH 16/22] Remove element severity from authenticate_response.

The element "severity" with its meanwhile static value "nist"
is removed from the element "authenticate_response".
---
 src/gmp.c | 2 --
 1 file changed, 2 deletions(-)

diff --git a/src/gmp.c b/src/gmp.c
index 20407d43b..3595d0e0c 100644
--- a/src/gmp.c
+++ b/src/gmp.c
@@ -18594,7 +18594,6 @@ gmp_xml_handle_end_element (/* unused */ GMarkupParseContext* context,
                     " status_text=\"" STATUS_OK_TEXT "\">"
                     "<role>%s</role>"
                     "<timezone>%s</timezone>"
-                    "<severity>nist</severity>"
                     "<password_warning>%s</password_warning>"
                     "</authenticate_response>",
                     current_credentials.role
@@ -18609,7 +18608,6 @@ gmp_xml_handle_end_element (/* unused */ GMarkupParseContext* context,
                     " status_text=\"" STATUS_OK_TEXT "\">"
                     "<role>%s</role>"
                     "<timezone>%s</timezone>"
-                    "<severity>nist</severity>"
                     "</authenticate_response>",
                     current_credentials.role
                       ? current_credentials.role

From 0c2dc4b687fbe3714edfc38759e2d9d77d29a5d6 Mon Sep 17 00:00:00 2001
From: Jan-Oliver Wagner <jan-oliver.wagner@greenbone.net>
Date: Fri, 4 Sep 2020 20:41:31 +0200
Subject: [PATCH 17/22] Drop element severity_class from elemnt report

Since there is only a single static classes, it does not
need to be send anymore with its range details.
---
 src/manage_sql.c | 46 ----------------------------------------------
 1 file changed, 46 deletions(-)

diff --git a/src/manage_sql.c b/src/manage_sql.c
index e6360e385..ef41787c1 100644
--- a/src/manage_sql.c
+++ b/src/manage_sql.c
@@ -26024,41 +26024,6 @@ report_progress (report_t report)
   return report_slave_progress (report);
 }
 
-/**
- * @brief Buffer XML for a severity class.
- *
- * @return Freshly allocated XML on success, else NULL.
- */
-static gchar *
-severity_class_xml (void)
-{
-  return g_strdup_printf ("<severity_class"
-                          " id=\"d4c74cda-89e1-11e3-9c29-406186ea4fc5\">"
-                          "<name>nist</name>"
-                          "<full_name>NVD Vulnerability Severity Ratings</full_name>"
-                          "<severity_range>"
-                          "<name>None</name>"
-                          "<min>0.0</min>"
-                          "<max>0.0</max>"
-                          "</severity_range>"
-                          "<severity_range>"
-                          "<name>Low</name>"
-                          "<min>0.1</min>"
-                          "<max>3.9</max>"
-                          "</severity_range>"
-                          "<severity_range>"
-                          "<name>Medium</name>"
-                          "<min>4.0</min>"
-                          "<max>6.9</max>"
-                          "</severity_range>"
-                          "<severity_range>"
-                          "<name>High</name>"
-                          "<min>7.0</min>"
-                          "<max>10.0</max>"
-                          "</severity_range>"
-                          "</severity_class>");
-}
-
 /**
  * @brief Restore original TZ.
  *
@@ -27419,17 +27384,6 @@ print_report_xml_start (report_t report, report_t delta, task_t task,
   PRINT_XML (out, filters_buffer->str);
   g_string_free (filters_buffer, TRUE);
 
-  {
-    gchar *class_xml;
-
-    class_xml = severity_class_xml ();
-    if (class_xml)
-      {
-        PRINT_XML (out, class_xml);
-        g_free (class_xml);
-      }
-  }
-
   if (report)
     {
       int tag_count = resource_tag_count ("report", report, 1);

From db15b5dfbd130b5fc98b5040ce70be6a4d929815 Mon Sep 17 00:00:00 2001
From: Jan-Oliver Wagner <jan-oliver.wagner@greenbone.net>
Date: Sat, 5 Sep 2020 16:58:59 +0200
Subject: [PATCH 18/22] Add migrator to drop Severity Class from settings

---
 CMakeLists.txt         |  2 +-
 src/manage_migrators.c | 39 ++++++++++++++++++++++++++++++++++++++-
 2 files changed, 39 insertions(+), 2 deletions(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 8143d5587..d32761036 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -96,7 +96,7 @@ include (CPack)
 
 ## Variables
 
-set (GVMD_DATABASE_VERSION 234)
+set (GVMD_DATABASE_VERSION 235)
 
 set (GVMD_SCAP_DATABASE_VERSION 16)
 
diff --git a/src/manage_migrators.c b/src/manage_migrators.c
index f91ec7ac1..079c3b452 100644
--- a/src/manage_migrators.c
+++ b/src/manage_migrators.c
@@ -2346,7 +2346,7 @@ migrate_233_to_234 ()
   sql ("UPDATE scanners SET type = 2 WHERE type = 4;");
   sql ("UPDATE scanners_trash SET type = 2 WHERE type = 4;");
 
-  /* Set the database version to 233. */
+  /* Set the database version to 234. */
 
   set_db_version (234);
 
@@ -2355,6 +2355,42 @@ migrate_233_to_234 ()
   return 0;
 }
 
+/**
+ * @brief Migrate the database from version 234 to version 235.
+ *
+ * @return 0 success, -1 error.
+ */
+int
+migrate_234_to_235 ()
+{
+  sql_begin_immediate ();
+
+  /* Ensure that the database is currently version 234. */
+
+  if (manage_db_version () != 234)
+    {
+      sql_rollback ();
+      return -1;
+    }
+
+  /* Update the database. */
+
+  /* Support of multiple individual selectable severity classification ranges
+   * was removed. Therefore any entry in settings table where "Severity Class"
+   * is configured, can be removed. This setting has a specific uuid. */
+
+  /* Delete any setting for "Severity Class" . */
+  sql ("DELETE FROM settings WHERE uuid = 'f16bb236-a32d-4cd5-a880-e0fcf2599f59';");
+
+  /* Set the database version to 235. */
+
+  set_db_version (235);
+
+  sql_commit ();
+
+  return 0;
+}
+
 #undef UPDATE_DASHBOARD_SETTINGS
 
 /**
@@ -2395,6 +2431,7 @@ static migrator_t database_migrators[] = {
   {232, migrate_231_to_232},
   {233, migrate_232_to_233},
   {234, migrate_233_to_234},
+  {235, migrate_234_to_235},
   /* End marker. */
   {-1, NULL}};
 

From da0c857f578521732235f3fb244568c10626af18 Mon Sep 17 00:00:00 2001
From: Jan-Oliver Wagner <jan-oliver.wagner@greenbone.net>
Date: Sat, 5 Sep 2020 17:29:16 +0200
Subject: [PATCH 19/22] Add ChangeLog.

---
 CHANGELOG.md | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index f1134d7d5..dc68128b0 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -13,11 +13,10 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 ### Fixed
 - Use GMP version with leading zero for feed dirs [#1287](https://github.com/greenbone/gvmd/pull/1287)
 
-### Removed
-- Reduce Severity Classes [#1285](https://github.com/greenbone/gvmd/pull/1285)
-
 ### Removed
 - Drop GMP scanners [#1269](https://github.com/greenbone/gvmd/pull/1269)
+- Reduce Severity Classes [#1285](https://github.com/greenbone/gvmd/pull/1285)
+- Removed Severity Classes [#1288](https://github.com/greenbone/gvmd/pull/1288)
 
 [21.4]: https://github.com/greenbone/gvmd/compare/gvmd-20.08...master
 

From c51af025214143c001b80b3043020b05ae3fda33 Mon Sep 17 00:00:00 2001
From: Jan-Oliver Wagner <jan-oliver.wagner@greenbone.net>
Date: Wed, 16 Sep 2020 15:21:06 +0200
Subject: [PATCH 20/22] Fix formatting.

---
 src/manage_pg.c | 28 ++++++++++++++--------------
 1 file changed, 14 insertions(+), 14 deletions(-)

diff --git a/src/manage_pg.c b/src/manage_pg.c
index 55cdb63fc..3d7302cde 100644
--- a/src/manage_pg.c
+++ b/src/manage_pg.c
@@ -1442,20 +1442,20 @@ manage_create_sql_functions ()
       sql ("CREATE OR REPLACE FUNCTION severity_in_level (double precision,"
            "                                              text)"
            " RETURNS boolean AS $$"
-           "              (SELECT CASE lower ($2)"
-           "               WHEN 'high'"
-           "               THEN $1 >= 7"
-           "                    AND $1 <= 10"
-           "                    AND $1 < 7"
-           "               WHEN 'low'"
-           "               THEN $1 > 0"
-           "                    AND $1 < 4"
-           "               WHEN 'none'"
-           "               THEN $1 = 0"
-           "               WHEN 'log'"
-           "               THEN $1 = 0"
-           "               ELSE 0::boolean"
-           "               END);"
+           "  (SELECT CASE lower ($2)"
+           "         WHEN 'high'"
+           "         THEN $1 >= 7"
+           "              AND $1 <= 10"
+           "              AND $1 < 7"
+           "         WHEN 'low'"
+           "         THEN $1 > 0"
+           "              AND $1 < 4"
+           "         WHEN 'none'"
+           "         THEN $1 = 0"
+           "         WHEN 'log'"
+           "         THEN $1 = 0"
+           "         ELSE 0::boolean"
+           "         END);"
            "$$ LANGUAGE SQL"
            " STABLE;");
 

From 3ead67c25ca216d028b29d0846f1db223345113e Mon Sep 17 00:00:00 2001
From: Jan-Oliver Wagner <jan-oliver.wagner@greenbone.net>
Date: Wed, 16 Sep 2020 15:26:06 +0200
Subject: [PATCH 21/22] Re-add wrongly removed lines about medium level.

---
 src/manage_pg.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/manage_pg.c b/src/manage_pg.c
index 3d7302cde..e11265254 100644
--- a/src/manage_pg.c
+++ b/src/manage_pg.c
@@ -1447,6 +1447,9 @@ manage_create_sql_functions ()
            "         THEN $1 >= 7"
            "              AND $1 <= 10"
            "              AND $1 < 7"
+           "         WHEN 'medium'"
+           "         THEN $1 >= 4"
+           "              AND $1 < 7"
            "         WHEN 'low'"
            "         THEN $1 > 0"
            "              AND $1 < 4"

From b41cbceb7f7fa48bbeafb81edfb0c42cb1ccb967 Mon Sep 17 00:00:00 2001
From: Jan-Oliver Wagner <jan-oliver.wagner@greenbone.net>
Date: Wed, 16 Sep 2020 15:36:38 +0200
Subject: [PATCH 22/22] Update GMP documentation about removal.

---
 src/schema_formats/XML/GMP.xml.in | 65 ++++++-------------------------
 1 file changed, 11 insertions(+), 54 deletions(-)

diff --git a/src/schema_formats/XML/GMP.xml.in b/src/schema_formats/XML/GMP.xml.in
index 4fdc11298..490bf0968 100644
--- a/src/schema_formats/XML/GMP.xml.in
+++ b/src/schema_formats/XML/GMP.xml.in
@@ -1905,7 +1905,6 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
         <e>report_format</e>
         <e>sort</e>
         <e>filters</e>
-        <e>severity_class</e>
         <o><e>delta</e></o>
         <o>
           <g>
@@ -2400,59 +2399,6 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
           <summary>Maximum severity of the report after filtering</summary>
         </ele>
       </ele>
-      <ele>
-        <name>severity_class</name>
-        <pattern>
-          <e>name</e>
-          <e>full_name</e>
-          <any><e>severity_range</e></any>
-        </pattern>
-        <ele>
-          <name>name</name>
-          <pattern>
-            <alts>
-              <alt>nist</alt>
-              <alt>pci-dss</alt>
-            </alts>
-          </pattern>
-          <summary>Short severity class name</summary>
-        </ele>
-        <ele>
-          <name>full_name</name>
-          <pattern>text</pattern>
-          <summary>Full severity class name</summary>
-        </ele>
-        <ele>
-          <name>severity_range</name>
-          <summary>Severity range</summary>
-          <pattern>
-            <e>name</e>
-            <e>min</e>
-            <e>max</e>
-          </pattern>
-          <ele>
-            <name>name</name>
-            <summary>Name of severity range</summary>
-            <pattern>
-              <t>name</t>
-            </pattern>
-          </ele>
-          <ele>
-            <name>min</name>
-            <summary>Minimum CVSS value</summary>
-            <pattern>
-              <t>integer</t>
-            </pattern>
-          </ele>
-          <ele>
-            <name>max</name>
-            <summary>Maximum CVSS value</summary>
-            <pattern>
-              <t>integer</t>
-            </pattern>
-          </ele>
-        </ele>
-      </ele>
       <ele>
         <name>task</name>
         <pattern>
@@ -25987,6 +25933,17 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
   <!-- Compatibility changes between versions. -->
 
+  <change>
+    <command>GET_REPORTS</command>
+    <summary>Removed element SEVERITY_CLASS from element REPORT</summary>
+    <description>
+      <p>
+        The element SEVERITY_CLASS contained the range specification for the applied classification scheme.
+        There is only fixed scheme left, so the specificion is not needed anymore.
+      </p>
+    </description>
+    <version>21.4</version>
+  </change>
   <change>
     <command>CREATE_SCANNER, MODIFY_SCANNER, GET_REPORTS</command>
     <summary>GMP scanners have been removed</summary>