Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use CVSS severity in NVTs, vulns and results again #1477

Merged
merged 6 commits into from
Apr 9, 2021
Merged

Use CVSS severity in NVTs, vulns and results again #1477

merged 6 commits into from
Apr 9, 2021

Conversation

timopollmeier
Copy link
Member

@timopollmeier timopollmeier commented Apr 8, 2021
edited
Loading

What:
The integer score elements have been removed and the new severities
element in NVTs now uses the CVSS scale for scores.
An SQL error introduced with renaming the SecInfo severity columns has
also been fixed.

(Requires greenbone/gvm-libs#472 and #1476)

Why:
To keep the severity scores consistent while not having to update the scoring elsewhere
shortly before the release.

How did you test it:

  • checked the XML of the get_... commands for NVTs, results, reports, vulns
  • ran an OpenVAS scan and checked the report
  • ran a CVE scan and checked the report

Checklist:

@timopollmeier
Use CVSS severity for SCAP and CERT again
7230380 
The 0 - 100 integer `score` element is replaced with a CVSS `severity`
one as gvmd will continue using the previous severity scoring system.
This still changes the name of the element compared to 20.08 to make the
element names more consistent.
@timopollmeier
Add SCAP and CERT severity change to CHANGELOG
1bd118a
@timopollmeier
Use severity column in ovaldef_severity
1a82bb7 
The function was still trying to use the score column that was replaced
by severity.
@timopollmeier
Use CVSS severity in NVTs, vulns and results again
a2ab477 
The integer score elements have been removed and the new severities
element in NVTs now uses the CVSS scale for scores.
@timopollmeier
Fix severity handling in CVE scan
e935ff4 
The make_cve_result function still contained parts of SQL for the now
removed score column and init_host_prognosis_iterator was using the
wrong column name for the severity.
@timopollmeier timopollmeier mentioned this pull request Apr 8, 2021
Merged
2 tasks
@timopollmeier timopollmeier marked this pull request as ready for review April 8, 2021 14:26
@timopollmeier timopollmeier requested a review from a team as a code owner April 8, 2021 14:26
@timopollmeier timopollmeier added the backport-to-main This pull request will be ported to the master branch label Apr 8, 2021
@bjoernricks bjoernricks merged commit eff3d49 into greenbone:gvmd-21.04 Apr 9, 2021
@mergify mergify bot mentioned this pull request Apr 9, 2021
Merged
timopollmeier added a commit that referenced this pull request Apr 9, 2021
@timopollmeier
Merge pull request #1478 from greenbone/mergify/bp/master/pr-1477
95cfed4 
Use CVSS severity in NVTs, vulns and results again (bp #1477)
@timopollmeier timopollmeier deleted the revert-integer-scores-nvts branch October 15, 2021 12:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bjoernricks bjoernricks bjoernricks approved these changes

Assignees
No one assigned
Labels
backport-to-main This pull request will be ported to the master branch
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@timopollmeier @bjoernricks