Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use CVSS severity in NVTs, vulns and results again #1477

Merged
merged 6 commits into from
Apr 9, 2021
Merged

Use CVSS severity in NVTs, vulns and results again #1477

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
7230380
Use CVSS severity for SCAP and CERT again
timopollmeier Apr 7, 2021
1bd118a
Add SCAP and CERT severity change to CHANGELOG
timopollmeier Apr 8, 2021
1a82bb7
Use severity column in ovaldef_severity
timopollmeier Apr 8, 2021
a2ab477
Use CVSS severity in NVTs, vulns and results again
timopollmeier Apr 8, 2021
e935ff4
Fix severity handling in CVE scan
timopollmeier Apr 8, 2021
5b5a9b8
Amend CHANGELOG for NVT & result severity scoring
timopollmeier Apr 8, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
## [21.4] (unreleased)

### Added
- Extend GMP for extended severities [#1326](https://github.com/greenbone/gvmd/pull/1326) [#1329](https://github.com/greenbone/gvmd/pull/1329) [#1359](https://github.com/greenbone/gvmd/pull/1359) [#1371](https://github.com/greenbone/gvmd/pull/1371)
- Extend GMP for extended severities [#1326](https://github.com/greenbone/gvmd/pull/1326) [#1329](https://github.com/greenbone/gvmd/pull/1329) [#1359](https://github.com/greenbone/gvmd/pull/1359) [#1371](https://github.com/greenbone/gvmd/pull/1371) [#1477](https://github.com/greenbone/gvmd/pull/1477)
- Parameter `--db-user` to set a database user [#1327](https://github.com/greenbone/gvmd/pull/1327)
- Add `allow_simultaneous_ips` field for targets [#1346](https://github.com/greenbone/gvmd/pull/1346) [#1396](https://github.com/greenbone/gvmd/pull/1396)
- Speed up GET_VULNS [#1354](https://github.com/greenbone/gvmd/pull/1354) [#1355](https://github.com/greenbone/gvmd/pull/1354)
Expand All @@ -22,7 +22,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
- Move EXE credential generation to a Python script [#1260](https://github.com/greenbone/gvmd/pull/1260) [#1262](https://github.com/greenbone/gvmd/pull/1262)
- Clarify documentation for --scan-host parameter [#1277](https://github.com/greenbone/gvmd/pull/1277)
- In result iterator access severity directly if possible [#1321](https://github.com/greenbone/gvmd/pull/1321)
- Change SCAP and CERT data to use new severity scoring [#1333](https://github.com/greenbone/gvmd/pull/1333) [#1357](https://github.com/greenbone/gvmd/pull/1357) [#1365](https://github.com/greenbone/gvmd/pull/1365) [#1457](https://github.com/greenbone/gvmd/pull/1457)
- Change SCAP and CERT data to use "severity" consistently [#1333](https://github.com/greenbone/gvmd/pull/1333) [#1357](https://github.com/greenbone/gvmd/pull/1357) [#1365](https://github.com/greenbone/gvmd/pull/1365) [#1457](https://github.com/greenbone/gvmd/pull/1457) [#1476](https://github.com/greenbone/gvmd/pull/1476)
- Expect report format scripts to exit with code 0 [#1383](https://github.com/greenbone/gvmd/pull/1383)
- Send entire families to ospd-openvas using VT_GROUP [#1384](https://github.com/greenbone/gvmd/pull/1384)
- The internal list of current Local Security Checks for the 'Closed CVEs' feature was updated [#1381](https://github.com/greenbone/gvmd/pull/1381)
Expand Down
6 changes: 3 additions & 3 deletions CMakeLists.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -96,11 +96,11 @@ include (CPack)

## Variables

set (GVMD_DATABASE_VERSION 241)
set (GVMD_DATABASE_VERSION 242)

set (GVMD_SCAP_DATABASE_VERSION 17)
set (GVMD_SCAP_DATABASE_VERSION 18)

set (GVMD_CERT_DATABASE_VERSION 7)
set (GVMD_CERT_DATABASE_VERSION 8)

set (GMP_VERSION "21.4")
set (GMP_VERSION_FEED "21.04")
Expand Down
63 changes: 29 additions & 34 deletions src/gmp.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8958,28 +8958,26 @@ results_xml_append_nvt (iterator_t *results, GString *buffer, int cert_loaded)
{
if (g_str_has_prefix (oid, "CVE-"))
{
int score;
gchar *cvss_base;
gchar *severity;

cvss_base = cve_cvss_base (oid);
score = cve_score (oid);
severity = cve_cvss_base (oid);
buffer_xml_append_printf (buffer,
"<nvt oid=\"%s\">"
"<type>cve</type>"
"<name>%s</name>"
"<cvss_base>%s</cvss_base>"
"<severities score=\"%i\">"
"<severities score=\"%s\">"
"</severities>"
"<cpe id='%s'/>"
"<cve>%s</cve>"
"</nvt>",
oid,
oid,
cvss_base,
score,
severity ? severity : "",
severity ? severity : "",
result_iterator_port (results),
oid);
g_free (cvss_base);
g_free (severity);
return;
}

Expand All @@ -8990,6 +8988,7 @@ results_xml_append_nvt (iterator_t *results, GString *buffer, int cert_loaded)
gchar **split, **item;
get_data_t get;
iterator_t iterator;
const char *severity;

memset (&get, '\0', sizeof (get));
get.id = g_strdup (oid);
Expand All @@ -8998,19 +8997,19 @@ results_xml_append_nvt (iterator_t *results, GString *buffer, int cert_loaded)
assert (0);
if (!next (&iterator))
abort ();
severity = ovaldef_info_iterator_severity (&iterator);
buffer_xml_append_printf (buffer,
"<nvt oid=\"%s\">"
"<type>ovaldef</type>"
"<name>%s</name>"
"<family/>"
"<cvss_base>%s</cvss_base>"
"<severities score=\"%s\">"
"</severities>"
"<tags>summary=%s</tags>",
oid,
ovaldef_info_iterator_title (&iterator),
ovaldef_info_iterator_score (&iterator)
? ovaldef_info_iterator_score (&iterator)
: "",
severity ? severity : "",
severity ? severity : "",
ovaldef_info_iterator_description (&iterator));
g_free (get.id);
cleanup_iterator (&iterator);
Expand Down Expand Up @@ -9133,12 +9132,12 @@ results_xml_append_nvt (iterator_t *results, GString *buffer, int cert_loaded)
"<name>%s</name>"
"<family>%s</family>"
"<cvss_base>%s</cvss_base>"
"<severities score=\"%i\">",
"<severities score=\"%s\">",
oid,
result_iterator_nvt_name (results) ?: oid,
result_iterator_nvt_family (results) ?: "",
cvss_base ?: "",
result_iterator_nvt_score (results));
cvss_base ?: "");

init_nvt_severity_iterator (&severities, oid);
while (next (&severities))
Expand All @@ -9148,7 +9147,7 @@ results_xml_append_nvt (iterator_t *results, GString *buffer, int cert_loaded)
"<severity type=\"%s\">"
"<origin>%s</origin>"
"<date>%s</date>"
"<score>%i</score>"
"<score>%0.1f</score>"
"<value>%s</value>"
"</severity>",
nvt_severity_iterator_type (&severities),
Expand Down Expand Up @@ -9440,10 +9439,8 @@ buffer_results_xml (GString *buffer, iterator_t *results, task_t task,
buffer_xml_append_printf
(buffer,
"<severity>%.1f</severity>"
"<score>%i</score>"
"<qod><value>%s</value>",
result_iterator_severity_double (results),
result_iterator_score (results),
qod ? qod : "");

if (qod_type && strlen (qod_type))
Expand Down Expand Up @@ -13093,14 +13090,14 @@ handle_get_info (gmp_parser_t *gmp_parser, GError **error)
cpe_info_iterator_title (&info));
xml_string_append (result,
"<nvd_id>%s</nvd_id>"
"<score>%s</score>"
"<severity>%s</severity>"
"<cve_refs>%s</cve_refs>"
"<status>%s</status>",
cpe_info_iterator_nvd_id (&info)
? cpe_info_iterator_nvd_id (&info)
: "",
cpe_info_iterator_score (&info)
? cpe_info_iterator_score (&info)
cpe_info_iterator_severity (&info)
? cpe_info_iterator_severity (&info)
: "",
cpe_info_iterator_cve_refs (&info),
cpe_info_iterator_status (&info)
Expand Down Expand Up @@ -13143,12 +13140,12 @@ handle_get_info (gmp_parser_t *gmp_parser, GError **error)
{
xml_string_append (result,
"<cve>"
"<score>%s</score>"
"<severity>%s</severity>"
"<cvss_vector>%s</cvss_vector>"
"<description>%s</description>"
"<products>%s</products>",
cve_info_iterator_score (&info)
? cve_info_iterator_score (&info)
cve_info_iterator_severity (&info)
? cve_info_iterator_severity (&info)
: "",
cve_info_iterator_vector (&info),
cve_info_iterator_description (&info),
Expand Down Expand Up @@ -13224,16 +13221,16 @@ handle_get_info (gmp_parser_t *gmp_parser, GError **error)
"<status>%s</status>"
"<class>%s</class>"
"<title>%s</title>"
"<score>%s</score>"
"<severity>%s</severity>"
"<cve_refs>%s</cve_refs>"
"<file>%s</file>",
ovaldef_info_iterator_version (&info),
ovaldef_info_iterator_deprecated (&info),
ovaldef_info_iterator_status (&info),
ovaldef_info_iterator_class (&info),
ovaldef_info_iterator_title (&info),
ovaldef_info_iterator_score (&info)
? ovaldef_info_iterator_score (&info)
ovaldef_info_iterator_severity (&info)
? ovaldef_info_iterator_severity (&info)
: "",
ovaldef_info_iterator_cve_refs (&info),
ovaldef_info_iterator_file (&info));
Expand All @@ -13248,25 +13245,25 @@ handle_get_info (gmp_parser_t *gmp_parser, GError **error)
"<cert_bund_adv>"
"<title>%s</title>"
"<summary>%s</summary>"
"<score>%s</score>"
"<severity>%s</severity>"
"<cve_refs>%s</cve_refs>",
cert_bund_adv_info_iterator_title (&info),
cert_bund_adv_info_iterator_summary (&info),
cert_bund_adv_info_iterator_score(&info)
? cert_bund_adv_info_iterator_score(&info)
cert_bund_adv_info_iterator_severity(&info)
? cert_bund_adv_info_iterator_severity(&info)
: "",
cert_bund_adv_info_iterator_cve_refs (&info));
else if (g_strcmp0 ("dfn_cert_adv", get_info_data->type) == 0)
xml_string_append (result,
"<dfn_cert_adv>"
"<title>%s</title>"
"<summary>%s</summary>"
"<score>%s</score>"
"<severity>%s</severity>"
"<cve_refs>%s</cve_refs>",
dfn_cert_adv_info_iterator_title (&info),
dfn_cert_adv_info_iterator_summary (&info),
dfn_cert_adv_info_iterator_score(&info)
? dfn_cert_adv_info_iterator_score(&info)
dfn_cert_adv_info_iterator_severity(&info)
? dfn_cert_adv_info_iterator_severity(&info)
: "",
dfn_cert_adv_info_iterator_cve_refs (&info));
else if (g_strcmp0 ("nvt", get_info_data->type) == 0)
Expand Down Expand Up @@ -17776,15 +17773,13 @@ handle_get_vulns (gmp_parser_t *gmp_parser, GError **error)
"<creation_time>%s</creation_time>"
"<modification_time>%s</modification_time>"
"<severity>%1.1f</severity>"
"<score>%i</score>"
"<qod>%d</qod>",
get_iterator_uuid (&vulns),
get_iterator_name (&vulns),
vuln_iterator_type (&vulns),
get_iterator_creation_time (&vulns),
get_iterator_modification_time (&vulns),
vuln_iterator_severity (&vulns),
vuln_iterator_score (&vulns),
vuln_iterator_qod (&vulns));

// results for the vulnerability
Expand Down
8 changes: 5 additions & 3 deletions src/manage.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5575,7 +5575,7 @@ get_nvt_xml (iterator_t *nvts, int details, int pref_count,
"<category>%d</category>"
"<family>%s</family>"
"<cvss_base>%s</cvss_base>"
"<severities score=\"%i\">",
"<severities score=\"%s\">",
oid,
name_text,
get_iterator_creation_time (nvts)
Expand All @@ -5590,7 +5590,9 @@ get_nvt_xml (iterator_t *nvts, int details, int pref_count,
nvt_iterator_cvss_base (nvts)
? nvt_iterator_cvss_base (nvts)
: "",
nvt_iterator_score (nvts));
nvt_iterator_cvss_base (nvts)
? nvt_iterator_cvss_base (nvts)
: "");

init_nvt_severity_iterator (&severities, oid);
while (next (&severities))
Expand All @@ -5600,7 +5602,7 @@ get_nvt_xml (iterator_t *nvts, int details, int pref_count,
"<severity type=\"%s\">"
"<origin>%s</origin>"
"<date>%s</date>"
"<score>%i</score>"
"<score>%0.1f</score>"
"<value>%s</value>"
"</severity>",
nvt_severity_iterator_type (&severities),
Expand Down
27 changes: 6 additions & 21 deletions src/manage.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1409,9 +1409,6 @@ result_iterator_nvt_cvss_base (iterator_t *);
const char*
result_iterator_nvt_tag (iterator_t *);

int
result_iterator_nvt_score (iterator_t *);

const char*
result_iterator_descr (iterator_t*);

Expand All @@ -1433,9 +1430,6 @@ result_iterator_severity (iterator_t *);
double
result_iterator_severity_double (iterator_t *);

int
result_iterator_score (iterator_t *);

const char*
result_iterator_original_level (iterator_t*);

Expand Down Expand Up @@ -1851,9 +1845,6 @@ nvt_iterator_solution_type (iterator_t*);
const char*
nvt_iterator_solution_method (iterator_t*);

int
nvt_iterator_score (iterator_t *);

char*
nvt_default_timeout (const char *);

Expand Down Expand Up @@ -1992,7 +1983,7 @@ nvt_severity_iterator_origin (iterator_t *);
const char *
nvt_severity_iterator_date (iterator_t *);

int
double
nvt_severity_iterator_score (iterator_t *);

const char *
Expand Down Expand Up @@ -3150,7 +3141,7 @@ const char*
cpe_info_iterator_status (iterator_t*);

const char *
cpe_info_iterator_score (iterator_t*);
cpe_info_iterator_severity (iterator_t*);

const char*
cpe_info_iterator_deprecated_by_id (iterator_t*);
Expand All @@ -3170,7 +3161,7 @@ const char*
cve_iterator_cvss_score (iterator_t*);

const char*
cve_info_iterator_score (iterator_t*);
cve_info_iterator_severity (iterator_t*);

const char*
cve_info_iterator_vector (iterator_t*);
Expand All @@ -3190,9 +3181,6 @@ cve_info_count (const get_data_t *get);
gchar *
cve_cvss_base (const gchar *);

int
cve_score (const gchar *);

/* OVAL definitions */
int
init_ovaldef_info_iterator (iterator_t*, get_data_t*, const char*);
Expand Down Expand Up @@ -3222,7 +3210,7 @@ const char*
ovaldef_info_iterator_status (iterator_t*);

const char*
ovaldef_info_iterator_score (iterator_t*);
ovaldef_info_iterator_severity (iterator_t*);

const char*
ovaldef_info_iterator_cve_refs (iterator_t*);
Expand Down Expand Up @@ -3261,7 +3249,7 @@ const char*
cert_bund_adv_info_iterator_cve_refs (iterator_t*);

const char*
cert_bund_adv_info_iterator_score (iterator_t*);
cert_bund_adv_info_iterator_severity (iterator_t*);

void
init_cve_cert_bund_adv_iterator (iterator_t*, const char*, int, const char*);
Expand Down Expand Up @@ -3290,7 +3278,7 @@ const char*
dfn_cert_adv_info_iterator_cve_refs (iterator_t*);

const char*
dfn_cert_adv_info_iterator_score (iterator_t*);
dfn_cert_adv_info_iterator_severity (iterator_t*);

void
init_cve_dfn_cert_adv_iterator (iterator_t*, const char*, int, const char*);
Expand Down Expand Up @@ -3514,9 +3502,6 @@ vuln_iterator_hosts (iterator_t*);
double
vuln_iterator_severity (iterator_t*);

int
vuln_iterator_score (iterator_t*);

int
vuln_iterator_qod (iterator_t*);

Expand Down
Loading