Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Change CERT and SCAP back to using CVSS instead of integer scores #1476

Merged
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
- Move EXE credential generation to a Python script [#1260](https://github.com/greenbone/gvmd/pull/1260) [#1262](https://github.com/greenbone/gvmd/pull/1262)
- Clarify documentation for --scan-host parameter [#1277](https://github.com/greenbone/gvmd/pull/1277)
- In result iterator access severity directly if possible [#1321](https://github.com/greenbone/gvmd/pull/1321)
- Change SCAP and CERT data to use new severity scoring [#1333](https://github.com/greenbone/gvmd/pull/1333) [#1357](https://github.com/greenbone/gvmd/pull/1357) [#1365](https://github.com/greenbone/gvmd/pull/1365) [#1457](https://github.com/greenbone/gvmd/pull/1457)
- Change SCAP and CERT data to use "severity" consistently [#1333](https://github.com/greenbone/gvmd/pull/1333) [#1357](https://github.com/greenbone/gvmd/pull/1357) [#1365](https://github.com/greenbone/gvmd/pull/1365) [#1457](https://github.com/greenbone/gvmd/pull/1457) [#1476](https://github.com/greenbone/gvmd/pull/1476)
- Expect report format scripts to exit with code 0 [#1383](https://github.com/greenbone/gvmd/pull/1383)
- Send entire families to ospd-openvas using VT_GROUP [#1384](https://github.com/greenbone/gvmd/pull/1384)
- The internal list of current Local Security Checks for the 'Closed CVEs' feature was updated [#1381](https://github.com/greenbone/gvmd/pull/1381)
Expand Down
4 changes: 2 additions & 2 deletions CMakeLists.txt
Original file line number Diff line number Diff line change
Expand Up @@ -98,9 +98,9 @@ include (CPack)

set (GVMD_DATABASE_VERSION 241)

set (GVMD_SCAP_DATABASE_VERSION 17)
set (GVMD_SCAP_DATABASE_VERSION 18)

set (GVMD_CERT_DATABASE_VERSION 7)
set (GVMD_CERT_DATABASE_VERSION 8)

set (GMP_VERSION "21.4")
set (GMP_VERSION_FEED "21.04")
Expand Down
53 changes: 26 additions & 27 deletions src/gmp.c
Original file line number Diff line number Diff line change
Expand Up @@ -8958,28 +8958,26 @@ results_xml_append_nvt (iterator_t *results, GString *buffer, int cert_loaded)
{
if (g_str_has_prefix (oid, "CVE-"))
{
int score;
gchar *cvss_base;
gchar *severity;

cvss_base = cve_cvss_base (oid);
score = cve_score (oid);
severity = cve_cvss_base (oid);
buffer_xml_append_printf (buffer,
"<nvt oid=\"%s\">"
"<type>cve</type>"
"<name>%s</name>"
"<cvss_base>%s</cvss_base>"
"<severities score=\"%i\">"
"<severities score=\"%s\">"
"</severities>"
"<cpe id='%s'/>"
"<cve>%s</cve>"
"</nvt>",
oid,
oid,
cvss_base,
score,
severity ? severity : "",
severity ? severity : "",
result_iterator_port (results),
oid);
g_free (cvss_base);
g_free (severity);
return;
}

Expand All @@ -8990,6 +8988,7 @@ results_xml_append_nvt (iterator_t *results, GString *buffer, int cert_loaded)
gchar **split, **item;
get_data_t get;
iterator_t iterator;
const char *severity;

memset (&get, '\0', sizeof (get));
get.id = g_strdup (oid);
Expand All @@ -8998,19 +8997,19 @@ results_xml_append_nvt (iterator_t *results, GString *buffer, int cert_loaded)
assert (0);
if (!next (&iterator))
abort ();
severity = ovaldef_info_iterator_severity (&iterator);
buffer_xml_append_printf (buffer,
"<nvt oid=\"%s\">"
"<type>ovaldef</type>"
"<name>%s</name>"
"<family/>"
bjoernricks marked this conversation as resolved.
Show resolved Hide resolved
"<cvss_base>%s</cvss_base>"
bjoernricks marked this conversation as resolved.
Show resolved Hide resolved
"<severities score=\"%s\">"
"</severities>"
"<tags>summary=%s</tags>",
oid,
ovaldef_info_iterator_title (&iterator),
ovaldef_info_iterator_score (&iterator)
? ovaldef_info_iterator_score (&iterator)
: "",
severity ? severity : "",
severity ? severity : "",
ovaldef_info_iterator_description (&iterator));
g_free (get.id);
cleanup_iterator (&iterator);
Expand Down Expand Up @@ -13093,14 +13092,14 @@ handle_get_info (gmp_parser_t *gmp_parser, GError **error)
cpe_info_iterator_title (&info));
xml_string_append (result,
"<nvd_id>%s</nvd_id>"
"<score>%s</score>"
"<severity>%s</severity>"
"<cve_refs>%s</cve_refs>"
"<status>%s</status>",
cpe_info_iterator_nvd_id (&info)
? cpe_info_iterator_nvd_id (&info)
: "",
cpe_info_iterator_score (&info)
? cpe_info_iterator_score (&info)
cpe_info_iterator_severity (&info)
? cpe_info_iterator_severity (&info)
: "",
cpe_info_iterator_cve_refs (&info),
cpe_info_iterator_status (&info)
Expand Down Expand Up @@ -13143,12 +13142,12 @@ handle_get_info (gmp_parser_t *gmp_parser, GError **error)
{
xml_string_append (result,
"<cve>"
"<score>%s</score>"
"<severity>%s</severity>"
"<cvss_vector>%s</cvss_vector>"
"<description>%s</description>"
"<products>%s</products>",
cve_info_iterator_score (&info)
? cve_info_iterator_score (&info)
cve_info_iterator_severity (&info)
? cve_info_iterator_severity (&info)
: "",
cve_info_iterator_vector (&info),
cve_info_iterator_description (&info),
Expand Down Expand Up @@ -13224,16 +13223,16 @@ handle_get_info (gmp_parser_t *gmp_parser, GError **error)
"<status>%s</status>"
"<class>%s</class>"
"<title>%s</title>"
"<score>%s</score>"
"<severity>%s</severity>"
"<cve_refs>%s</cve_refs>"
"<file>%s</file>",
ovaldef_info_iterator_version (&info),
ovaldef_info_iterator_deprecated (&info),
ovaldef_info_iterator_status (&info),
ovaldef_info_iterator_class (&info),
ovaldef_info_iterator_title (&info),
ovaldef_info_iterator_score (&info)
? ovaldef_info_iterator_score (&info)
ovaldef_info_iterator_severity (&info)
? ovaldef_info_iterator_severity (&info)
: "",
ovaldef_info_iterator_cve_refs (&info),
ovaldef_info_iterator_file (&info));
Expand All @@ -13248,25 +13247,25 @@ handle_get_info (gmp_parser_t *gmp_parser, GError **error)
"<cert_bund_adv>"
"<title>%s</title>"
"<summary>%s</summary>"
"<score>%s</score>"
"<severity>%s</severity>"
"<cve_refs>%s</cve_refs>",
cert_bund_adv_info_iterator_title (&info),
cert_bund_adv_info_iterator_summary (&info),
cert_bund_adv_info_iterator_score(&info)
? cert_bund_adv_info_iterator_score(&info)
cert_bund_adv_info_iterator_severity(&info)
? cert_bund_adv_info_iterator_severity(&info)
: "",
cert_bund_adv_info_iterator_cve_refs (&info));
else if (g_strcmp0 ("dfn_cert_adv", get_info_data->type) == 0)
xml_string_append (result,
"<dfn_cert_adv>"
"<title>%s</title>"
"<summary>%s</summary>"
"<score>%s</score>"
"<severity>%s</severity>"
"<cve_refs>%s</cve_refs>",
dfn_cert_adv_info_iterator_title (&info),
dfn_cert_adv_info_iterator_summary (&info),
dfn_cert_adv_info_iterator_score(&info)
? dfn_cert_adv_info_iterator_score(&info)
dfn_cert_adv_info_iterator_severity(&info)
? dfn_cert_adv_info_iterator_severity(&info)
: "",
dfn_cert_adv_info_iterator_cve_refs (&info));
else if (g_strcmp0 ("nvt", get_info_data->type) == 0)
Expand Down
13 changes: 5 additions & 8 deletions src/manage.h
Original file line number Diff line number Diff line change
Expand Up @@ -3150,7 +3150,7 @@ const char*
cpe_info_iterator_status (iterator_t*);

const char *
cpe_info_iterator_score (iterator_t*);
cpe_info_iterator_severity (iterator_t*);

const char*
cpe_info_iterator_deprecated_by_id (iterator_t*);
Expand All @@ -3170,7 +3170,7 @@ const char*
cve_iterator_cvss_score (iterator_t*);

const char*
cve_info_iterator_score (iterator_t*);
cve_info_iterator_severity (iterator_t*);

const char*
cve_info_iterator_vector (iterator_t*);
Expand All @@ -3190,9 +3190,6 @@ cve_info_count (const get_data_t *get);
gchar *
cve_cvss_base (const gchar *);

int
cve_score (const gchar *);

/* OVAL definitions */
int
init_ovaldef_info_iterator (iterator_t*, get_data_t*, const char*);
Expand Down Expand Up @@ -3222,7 +3219,7 @@ const char*
ovaldef_info_iterator_status (iterator_t*);

const char*
ovaldef_info_iterator_score (iterator_t*);
ovaldef_info_iterator_severity (iterator_t*);

const char*
ovaldef_info_iterator_cve_refs (iterator_t*);
Expand Down Expand Up @@ -3261,7 +3258,7 @@ const char*
cert_bund_adv_info_iterator_cve_refs (iterator_t*);

const char*
cert_bund_adv_info_iterator_score (iterator_t*);
cert_bund_adv_info_iterator_severity (iterator_t*);

void
init_cve_cert_bund_adv_iterator (iterator_t*, const char*, int, const char*);
Expand Down Expand Up @@ -3290,7 +3287,7 @@ const char*
dfn_cert_adv_info_iterator_cve_refs (iterator_t*);

const char*
dfn_cert_adv_info_iterator_score (iterator_t*);
dfn_cert_adv_info_iterator_severity (iterator_t*);

void
init_cve_dfn_cert_adv_iterator (iterator_t*, const char*, int, const char*);
Expand Down
34 changes: 19 additions & 15 deletions src/manage_pg.c
Original file line number Diff line number Diff line change
Expand Up @@ -1628,6 +1628,8 @@ manage_create_result_indexes ()
void
create_view_vulns ()
{
sql ("DROP VIEW IF EXISTS vulns;");

if (sql_int ("SELECT EXISTS (SELECT * FROM information_schema.tables"
" WHERE table_catalog = '%s'"
" AND table_schema = 'scap'"
Expand All @@ -1639,17 +1641,17 @@ create_view_vulns ()
" AS (SELECT DISTINCT nvt FROM results"
" WHERE (results.severity != " G_STRINGIFY (SEVERITY_ERROR) "))"
" SELECT id, uuid, name, creation_time, modification_time,"
" score, qod, 'nvt' AS type"
" score / 10.0 AS severity, qod, 'nvt' AS type"
" FROM nvts"
" WHERE uuid in (SELECT * FROM used_nvts)"
" UNION SELECT id, uuid, name, creation_time, modification_time,"
" score, "
" severity, "
G_STRINGIFY (QOD_DEFAULT) " AS qod,"
" 'cve' AS type"
" FROM cves"
" WHERE uuid in (SELECT * FROM used_nvts)"
" UNION SELECT id, uuid, name, creation_time, modification_time,"
" score, "
" severity, "
G_STRINGIFY (QOD_DEFAULT) " AS qod,"
" 'ovaldef' AS type"
" FROM ovaldefs"
Expand All @@ -1660,7 +1662,7 @@ create_view_vulns ()
" AS (SELECT DISTINCT nvt FROM results"
" WHERE (results.severity != " G_STRINGIFY (SEVERITY_ERROR) "))"
" SELECT id, uuid, name, creation_time, modification_time,"
" score, qod, 'nvt' AS type"
" score / 10.0 AS severity, qod, 'nvt' AS type"
bjoernricks marked this conversation as resolved.
Show resolved Hide resolved
" FROM nvts"
" WHERE uuid in (SELECT * FROM used_nvts)");
}
Expand Down Expand Up @@ -3029,7 +3031,7 @@ manage_db_init (const gchar *name)
" title TEXT,"
" summary TEXT,"
" cve_refs INTEGER,"
" score INTEGER);");
" severity DOUBLE PRECISION);");
sql ("CREATE UNIQUE INDEX cert_bund_advs_idx"
" ON cert.cert_bund_advs (name);");
sql ("CREATE INDEX cert_bund_advs_by_creation_time"
Expand All @@ -3053,7 +3055,7 @@ manage_db_init (const gchar *name)
" title TEXT,"
" summary TEXT,"
" cve_refs INTEGER,"
" score INTEGER);");
" severity DOUBLE PRECISION);");
sql ("CREATE UNIQUE INDEX dfn_cert_advs_idx"
" ON cert.dfn_cert_advs (name);");
sql ("CREATE INDEX dfn_cert_advs_by_creation_time"
Expand Down Expand Up @@ -3096,7 +3098,8 @@ manage_db_init (const gchar *name)
/* Init tables. */

sql ("INSERT INTO cert.meta (name, value)"
" VALUES ('database_version', '7');");
" VALUES ('database_version', '%i');",
GVMD_CERT_DATABASE_VERSION);
sql ("INSERT INTO cert.meta (name, value)"
" VALUES ('last_update', '0');");
}
Expand Down Expand Up @@ -3138,7 +3141,7 @@ manage_db_init (const gchar *name)
" modification_time integer,"
" cvss_vector text,"
" products text,"
" score integer DEFAULT 0);");
" severity DOUBLE PRECISION DEFAULT 0);");

sql ("CREATE TABLE scap2.cpes"
" (id SERIAL PRIMARY KEY,"
Expand All @@ -3150,7 +3153,7 @@ manage_db_init (const gchar *name)
" title text,"
" status text,"
" deprecated_by_id INTEGER,"
" score integer DEFAULT 0,"
" severity DOUBLE PRECISION DEFAULT 0,"
" cve_refs INTEGER DEFAULT 0,"
" nvd_id text);");

Expand All @@ -3172,7 +3175,7 @@ manage_db_init (const gchar *name)
" description TEXT,"
" xml_file TEXT,"
" status TEXT,"
" score integer DEFAULT 0,"
" severity DOUBLE PRECISION DEFAULT 0,"
" cve_refs INTEGER DEFAULT 0);");

sql ("CREATE TABLE scap2.ovalfiles"
Expand All @@ -3186,7 +3189,8 @@ manage_db_init (const gchar *name)
/* Init tables. */

sql ("INSERT INTO scap2.meta (name, value)"
" VALUES ('database_version', '17');");
" VALUES ('database_version', '%i');",
GVMD_SCAP_DATABASE_VERSION);
sql ("INSERT INTO scap2.meta (name, value)"
" VALUES ('last_update', '0');");
}
Expand Down Expand Up @@ -3263,17 +3267,17 @@ manage_db_init_indexes (const gchar *name)
" ON scap2.cves (creation_time);");
sql ("CREATE INDEX cves_by_modification_time_idx"
" ON scap2.cves (modification_time);");
sql ("CREATE INDEX cves_by_score"
" ON scap2.cves (score);");
sql ("CREATE INDEX cves_by_severity"
" ON scap2.cves (severity);");

sql ("CREATE UNIQUE INDEX cpe_idx"
" ON scap2.cpes (name);");
sql ("CREATE INDEX cpes_by_creation_time_idx"
" ON scap2.cpes (creation_time);");
sql ("CREATE INDEX cpes_by_modification_time_idx"
" ON scap2.cpes (modification_time);");
sql ("CREATE INDEX cpes_by_score"
" ON scap2.cpes (score);");
bjoernricks marked this conversation as resolved.
Show resolved Hide resolved
sql ("CREATE INDEX cpes_by_severity"
" ON scap2.cpes (severity);");
sql ("CREATE INDEX cpes_by_uuid"
" ON scap2.cpes (uuid);");

Expand Down
Loading