Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Show empty scores in SecInfo where appropriate #1457

Merged
merged 2 commits into from
Mar 22, 2021
Merged

Show empty scores in SecInfo where appropriate #1457

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
8cecd38
Show empty scores in SecInfo where appropriate
timopollmeier Mar 19, 2021
4f546a2
Amend CHANGELOG entry to include empty scores fix
timopollmeier Mar 19, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
- Move EXE credential generation to a Python script [#1260](https://github.com/greenbone/gvmd/pull/1260) [#1262](https://github.com/greenbone/gvmd/pull/1262)
- Clarify documentation for --scan-host parameter [#1277](https://github.com/greenbone/gvmd/pull/1277)
- In result iterator access severity directly if possible [#1321](https://github.com/greenbone/gvmd/pull/1321)
- Change SCAP and CERT data to use new severity scoring [#1333](https://github.com/greenbone/gvmd/pull/1333) [#1357](https://github.com/greenbone/gvmd/pull/1357) [#1365](https://github.com/greenbone/gvmd/pull/1365)
- Change SCAP and CERT data to use new severity scoring [#1333](https://github.com/greenbone/gvmd/pull/1333) [#1357](https://github.com/greenbone/gvmd/pull/1357) [#1365](https://github.com/greenbone/gvmd/pull/1365) [#1457](https://github.com/greenbone/gvmd/pull/1457)
- Expect report format scripts to exit with code 0 [#1383](https://github.com/greenbone/gvmd/pull/1383)
- Send entire families to ospd-openvas using VT_GROUP [#1384](https://github.com/greenbone/gvmd/pull/1384)
- The internal list of current Local Security Checks for the 'Closed CVEs' feature was updated [#1381](https://github.com/greenbone/gvmd/pull/1381)
Expand Down
42 changes: 28 additions & 14 deletions src/gmp.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9003,12 +9003,14 @@ results_xml_append_nvt (iterator_t *results, GString *buffer, int cert_loaded)
"<type>ovaldef</type>"
"<name>%s</name>"
"<family/>"
"<severities score=\"%i\">"
"<severities score=\"%s\">"
"</severities>"
"<tags>summary=%s</tags>",
oid,
ovaldef_info_iterator_title (&iterator),
ovaldef_info_iterator_score (&iterator),
ovaldef_info_iterator_score (&iterator)
? ovaldef_info_iterator_score (&iterator)
: "",
ovaldef_info_iterator_description (&iterator));
g_free (get.id);
cleanup_iterator (&iterator);
Expand Down Expand Up @@ -13091,13 +13093,15 @@ handle_get_info (gmp_parser_t *gmp_parser, GError **error)
cpe_info_iterator_title (&info));
xml_string_append (result,
"<nvd_id>%s</nvd_id>"
"<score>%d</score>"
"<score>%s</score>"
"<cve_refs>%s</cve_refs>"
"<status>%s</status>",
cpe_info_iterator_nvd_id (&info)
? cpe_info_iterator_nvd_id (&info)
: "",
cpe_info_iterator_score (&info),
cpe_info_iterator_score (&info)
? cpe_info_iterator_score (&info)
: "",
cpe_info_iterator_cve_refs (&info),
cpe_info_iterator_status (&info)
? cpe_info_iterator_status (&info)
Expand All @@ -13122,13 +13126,15 @@ handle_get_info (gmp_parser_t *gmp_parser, GError **error)
" id=\"%s\">"
"<vuln:cvss>"
"<cvss:base_metrics>"
"<cvss:score>%0.1lf</cvss:score>"
"<cvss:score>%s</cvss:score>"
"</cvss:base_metrics>"
"</vuln:cvss>"
"</entry>"
"</cve>",
cve_iterator_name (&cves),
cve_iterator_score (&cves) / 10.0);
cve_iterator_cvss_score (&cves)
? cve_iterator_cvss_score (&cves)
: "");
cleanup_iterator (&cves);
g_string_append (result, "</cves>");
}
Expand All @@ -13137,11 +13143,13 @@ handle_get_info (gmp_parser_t *gmp_parser, GError **error)
{
xml_string_append (result,
"<cve>"
"<score>%d</score>"
"<score>%s</score>"
"<cvss_vector>%s</cvss_vector>"
"<description>%s</description>"
"<products>%s</products>",
cve_info_iterator_score (&info),
cve_info_iterator_score (&info)
? cve_info_iterator_score (&info)
: "",
cve_info_iterator_vector (&info),
cve_info_iterator_description (&info),
cve_info_iterator_products (&info));
Expand Down Expand Up @@ -13216,15 +13224,17 @@ handle_get_info (gmp_parser_t *gmp_parser, GError **error)
"<status>%s</status>"
"<class>%s</class>"
"<title>%s</title>"
"<score>%d</score>"
"<score>%s</score>"
"<cve_refs>%s</cve_refs>"
"<file>%s</file>",
ovaldef_info_iterator_version (&info),
ovaldef_info_iterator_deprecated (&info),
ovaldef_info_iterator_status (&info),
ovaldef_info_iterator_class (&info),
ovaldef_info_iterator_title (&info),
ovaldef_info_iterator_score (&info),
ovaldef_info_iterator_score (&info)
? ovaldef_info_iterator_score (&info)
: "",
ovaldef_info_iterator_cve_refs (&info),
ovaldef_info_iterator_file (&info));
description = ovaldef_info_iterator_description (&info);
Expand All @@ -13238,22 +13248,26 @@ handle_get_info (gmp_parser_t *gmp_parser, GError **error)
"<cert_bund_adv>"
"<title>%s</title>"
"<summary>%s</summary>"
"<score>%d</score>"
"<score>%s</score>"
"<cve_refs>%s</cve_refs>",
cert_bund_adv_info_iterator_title (&info),
cert_bund_adv_info_iterator_summary (&info),
cert_bund_adv_info_iterator_score(&info),
cert_bund_adv_info_iterator_score(&info)
? cert_bund_adv_info_iterator_score(&info)
: "",
cert_bund_adv_info_iterator_cve_refs (&info));
else if (g_strcmp0 ("dfn_cert_adv", get_info_data->type) == 0)
xml_string_append (result,
"<dfn_cert_adv>"
"<title>%s</title>"
"<summary>%s</summary>"
"<score>%d</score>"
"<score>%s</score>"
"<cve_refs>%s</cve_refs>",
dfn_cert_adv_info_iterator_title (&info),
dfn_cert_adv_info_iterator_summary (&info),
dfn_cert_adv_info_iterator_score(&info),
dfn_cert_adv_info_iterator_score(&info)
? dfn_cert_adv_info_iterator_score(&info)
: "",
dfn_cert_adv_info_iterator_cve_refs (&info));
else if (g_strcmp0 ("nvt", get_info_data->type) == 0)
{
Expand Down
14 changes: 7 additions & 7 deletions src/manage.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3138,7 +3138,7 @@ cpe_info_iterator_title (iterator_t*);
const char*
cpe_info_iterator_status (iterator_t*);

int
const char *
cpe_info_iterator_score (iterator_t*);

const char*
Expand All @@ -3155,10 +3155,10 @@ cpe_info_iterator_nvd_id (iterator_t*);
const char*
cve_iterator_name (iterator_t*);

int
cve_iterator_score (iterator_t*);
const char*
cve_iterator_cvss_score (iterator_t*);

int
const char*
cve_info_iterator_score (iterator_t*);

const char*
Expand Down Expand Up @@ -3210,7 +3210,7 @@ ovaldef_info_iterator_file (iterator_t*);
const char*
ovaldef_info_iterator_status (iterator_t*);

int
const char*
ovaldef_info_iterator_score (iterator_t*);

const char*
Expand Down Expand Up @@ -3249,7 +3249,7 @@ cert_bund_adv_info_iterator_summary (iterator_t*);
const char*
cert_bund_adv_info_iterator_cve_refs (iterator_t*);

int
const char*
cert_bund_adv_info_iterator_score (iterator_t*);

void
Expand Down Expand Up @@ -3278,7 +3278,7 @@ dfn_cert_adv_info_iterator_summary (iterator_t*);
const char*
dfn_cert_adv_info_iterator_cve_refs (iterator_t*);

int
const char*
dfn_cert_adv_info_iterator_score (iterator_t*);

void
Expand Down
59 changes: 15 additions & 44 deletions src/manage_sql_secinfo.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -554,14 +554,9 @@ DEF_ACCESS (cpe_info_iterator_status, GET_ITERATOR_COLUMN_COUNT + 1);
* @param[in] iterator Iterator.
*
* @return The highest severity score (10 * CVSS score) of the CPE,
* or -1 if iteration is complete. Freed by cleanup_iterator.
* or NULL if iteration is complete. Freed by cleanup_iterator.
*/
int
cpe_info_iterator_score (iterator_t *iterator)
{
if (iterator->done) return -1;
return iterator_int (iterator, GET_ITERATOR_COLUMN_COUNT + 3);
}
DEF_ACCESS (cpe_info_iterator_score, GET_ITERATOR_COLUMN_COUNT + 3);

/**
* @brief Get the Number of CVE's referencing this cpe from a CPE iterator.
Expand Down Expand Up @@ -626,7 +621,8 @@ init_cpe_cve_iterator (iterator_t *iterator, const char *cve, int ascending,
assert (cve);
quoted_cpe = sql_quote (cve);
init_iterator (iterator,
"SELECT id, name, score FROM cves WHERE id IN"
"SELECT id, name, round(score / 10.0, 1) FROM cves"
" WHERE id IN"
" (SELECT cve FROM affected_products"
" WHERE cpe ="
" (SELECT id FROM cpes WHERE name = '%s'))"
Expand All @@ -652,15 +648,10 @@ DEF_ACCESS (cve_iterator_name, 1);
*
* @param[in] iterator Iterator.
*
* @return The severity score (10 * CVSS score) of the CVE,
* or -1 if iteration is complete. Freed by cleanup_iterator.
* @return The CVSS score of the CVE,
* or NULL if iteration is complete. Freed by cleanup_iterator.
*/
int
cve_iterator_score (iterator_t* iterator)
{
if (iterator->done) return -1;
return iterator_int (iterator, 2);
}
DEF_ACCESS (cve_iterator_cvss_score, 2);

/**
* @brief Get the CVSS score for a CVE.
Expand Down Expand Up @@ -801,14 +792,9 @@ DEF_ACCESS (cve_info_iterator_products, GET_ITERATOR_COLUMN_COUNT + 1);
* @param[in] iterator Iterator.
*
* @return The severity score (10 * CVSS score) of this CVE,
* or -1 if iteration is complete. Freed by cleanup_iterator.
* or NULL if iteration is complete. Freed by cleanup_iterator.
*/
int
cve_info_iterator_score (iterator_t* iterator)
{
if (iterator->done) return -1;
return iterator_int (iterator, GET_ITERATOR_COLUMN_COUNT + 2);
}
DEF_ACCESS (cve_info_iterator_score, GET_ITERATOR_COLUMN_COUNT + 2);

/**
* @brief Get the Summary for this CVE.
Expand Down Expand Up @@ -996,15 +982,10 @@ DEF_ACCESS (ovaldef_info_iterator_status, GET_ITERATOR_COLUMN_COUNT + 6);
* @param[in] iterator Iterator.
*
* @return The maximum severity score (10 * CVSS score) of the OVAL
* definition, or -1 if iteration is complete.
* definition, or NULL if iteration is complete.
* Freed by cleanup_iterator.
*/
int
ovaldef_info_iterator_score (iterator_t* iterator)
{
if (iterator->done) return -1;
return iterator_int (iterator, GET_ITERATOR_COLUMN_COUNT + 7);
}
DEF_ACCESS (ovaldef_info_iterator_score, GET_ITERATOR_COLUMN_COUNT + 7);

/**
* @brief Get number of referenced CVEs from an OVALDEF iterator.
Expand Down Expand Up @@ -1271,15 +1252,10 @@ DEF_ACCESS (cert_bund_adv_info_iterator_cve_refs,
* @param[in] iterator Iterator.
*
* @return The maximum severity score (10 * CVSS score) of the CVEs referenced
* in the CERT-Bund advisory, or -1 if iteration is complete.
* in the CERT-Bund advisory, or NULL if iteration is complete.
* Freed by cleanup_iterator.
*/
int
cert_bund_adv_info_iterator_score (iterator_t* iterator)
{
if (iterator->done) return -1;
return iterator_int (iterator, GET_ITERATOR_COLUMN_COUNT + 3);
}
DEF_ACCESS (cert_bund_adv_info_iterator_score, GET_ITERATOR_COLUMN_COUNT + 3);

/**
* @brief Initialise CVE iterator, for CVEs referenced by a CERT-Bund advisory.
Expand Down Expand Up @@ -1480,15 +1456,10 @@ DEF_ACCESS (dfn_cert_adv_info_iterator_cve_refs, GET_ITERATOR_COLUMN_COUNT + 2);
* @param[in] iterator Iterator.
*
* @return The maximum score (10 * CVSS score) of the CVEs referenced
* in the DFN-CERT advisory, or -1 if iteration is complete.
* in the DFN-CERT advisory, or NULL if iteration is complete.
* Freed by cleanup_iterator.
*/
int
dfn_cert_adv_info_iterator_score (iterator_t* iterator)
{
if (iterator->done) return -1;
return iterator_int (iterator, GET_ITERATOR_COLUMN_COUNT + 3);
}
DEF_ACCESS (dfn_cert_adv_info_iterator_score, GET_ITERATOR_COLUMN_COUNT + 3);

/**
* @brief Initialise CVE iterator, for CVEs referenced by a DFN-CERT advisory.
Expand Down