Skip to content

Commit

Permalink
Merge pull request #2336 from greenbone/adjust-severity-ratings-to-cv…
Browse files Browse the repository at this point in the history 
…ss-3.1

Adjust severity ratings to cvss 3.1
  • Loading branch information
@a-h-abdelsalam
a-h-abdelsalam authored Dec 17, 2024
2 parents 483d658 + 26590f4 commit f2409c1
Show file tree
Hide file tree
Showing 8 changed files with 1,545 additions and 165 deletions.
12 changes: 12 additions & 0 deletions CMakeLists.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -249,6 +249,18 @@ if (NOT CVSS3_RATINGS)
endif (NOT CVSS3_RATINGS)
add_definitions (-DCVSS3_RATINGS=${CVSS3_RATINGS})

if (CVSS3_RATINGS EQUAL 1)
set(IF_CVSS3_RATINGS "")
set(ENDIF_CVSS3_RATINGS "")
set(IF_NOT_CVSS3_RATINGS "<!--")
set(ENDIF_NOT_CVSS3_RATINGS "-->")
elseif (CVSS3_RATINGS EQUAL 0)
set(IF_CVSS3_RATINGS "<!--")
set(ENDIF_CVSS3_RATINGS "-->")
set(IF_NOT_CVSS3_RATINGS "")
set(ENDIF_NOT_CVSS3_RATINGS "")
endif()

message ("-- Install prefix: ${CMAKE_INSTALL_PREFIX}")
message ("-- Log file: ${GVMD_LOG_FILE}")

Expand Down
92 changes: 81 additions & 11 deletions src/gmp.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8506,7 +8506,8 @@ buffer_override_xml (GString *buffer, iterator_t *overrides,
override_iterator_active (overrides),
strlen (excerpt) < strlen (text),
excerpt,
override_iterator_threat (overrides)
(override_iterator_severity (overrides)
&& override_iterator_threat (overrides))
? override_iterator_threat (overrides)
: "",
override_iterator_severity (overrides)
Expand Down Expand Up @@ -8600,7 +8601,8 @@ buffer_override_xml (GString *buffer, iterator_t *overrides,
? override_iterator_hosts (overrides) : "",
override_iterator_port (overrides)
? override_iterator_port (overrides) : "",
override_iterator_threat (overrides)
(override_iterator_severity (overrides)
&& override_iterator_threat (overrides))
? override_iterator_threat (overrides) : "",
override_iterator_severity (overrides)
? override_iterator_severity (overrides) : "",
Expand Down Expand Up @@ -15194,7 +15196,11 @@ handle_get_reports (gmp_parser_t *gmp_parser, GError **error)
("apply_overrides=%i min_qod=%i levels=%s compliance_levels=%s",
overrides,
min_qod,
#if CVSS3_RATINGS == 1
levels ? levels : "chmlgdf",
#else
levels ? levels : "hmlgdf",
#endif
compliance_levels ? compliance_levels : "yniu");
g_free (compliance_levels);

Expand Down Expand Up @@ -18492,6 +18498,9 @@ handle_get_tasks (gmp_parser_t *gmp_parser, GError **error)
int target_in_trash, scanner_in_trash;
int holes = 0, infos = 0, logs = 0, warnings = 0;
int holes_2 = 0, infos_2 = 0, warnings_2 = 0;
#if CVSS3_RATINGS == 1
int criticals = 0, criticals_2 = 0;
#endif
int false_positives = 0, task_scanner_type;
int target_available, config_available;
int scanner_available;
Expand Down Expand Up @@ -18597,13 +18606,20 @@ handle_get_tasks (gmp_parser_t *gmp_parser, GError **error)
if (first_report_id && (get_tasks_data->get.trash == 0))
{
// TODO Could skip this count for tasks page.
#if CVSS3_RATINGS == 1
if (report_counts (first_report_id,
&criticals_2, &holes_2, &infos_2, &logs,
&warnings_2, &false_positives,
&severity_2, apply_overrides, min_qod))
#else
if (report_counts (first_report_id,
&holes_2, &infos_2, &logs,
&warnings_2, &false_positives,
&severity_2, apply_overrides, min_qod))
g_error ("%s: GET_TASKS: error getting counts for"
" first report, aborting",
__func__);
#endif
g_error ("%s: GET_TASKS: error getting counts for"
" first report, aborting",
__func__);
}

second_last_report_id = task_second_last_report_id (index);
Expand All @@ -18613,11 +18629,20 @@ handle_get_tasks (gmp_parser_t *gmp_parser, GError **error)
* doing the count again. */
if (((first_report_id == NULL)
|| (strcmp (second_last_report_id, first_report_id)))
#if CVSS3_RATINGS == 1
&& report_counts (second_last_report_id,
&criticals_2, &holes_2, &infos_2,
&logs, &warnings_2,
&false_positives, &severity_2,
apply_overrides, min_qod)
#else
&& report_counts (second_last_report_id,
&holes_2, &infos_2,
&logs, &warnings_2,
&false_positives, &severity_2,
apply_overrides, min_qod))
apply_overrides, min_qod)
#endif
)
g_error ("%s: GET_TASKS: error getting counts for"
" second report, aborting",
__func__);
Expand Down Expand Up @@ -18666,6 +18691,16 @@ handle_get_tasks (gmp_parser_t *gmp_parser, GError **error)
&& strcmp (last_report_id,
second_last_report_id)))
{
#if CVSS3_RATINGS == 1
if (report_counts
(last_report_id,
&criticals, &holes, &infos, &logs,
&warnings, &false_positives, &severity,
apply_overrides, min_qod))
g_error ("%s: GET_TASKS: error getting counts for"
" last report, aborting",
__func__);
#else
if (report_counts
(last_report_id,
&holes, &infos, &logs,
Expand All @@ -18674,9 +18709,13 @@ handle_get_tasks (gmp_parser_t *gmp_parser, GError **error)
g_error ("%s: GET_TASKS: error getting counts for"
" last report, aborting",
__func__);
#endif
}
else
{
#if CVSS3_RATINGS == 1
criticals = criticals_2;
#endif
holes = holes_2;
infos = infos_2;
warnings = warnings_2;
Expand Down Expand Up @@ -18730,10 +18769,16 @@ handle_get_tasks (gmp_parser_t *gmp_parser, GError **error)
"<scan_start>%s</scan_start>"
"<scan_end>%s</scan_end>"
"<result_count>"
"<hole>%i</hole>"
"<info>%i</info>"
#if CVSS3_RATINGS == 1
"<critical>%i</critical>"
#endif
"<hole deprecated='1'>%i</hole>"
"<high>%i</high>"
"<info deprecated='1'>%i</info>"
"<low>%i</low>"
"<log>%i</log>"
"<warning>%i</warning>"
"<warning deprecated='1'>%i</warning>"
"<medium>%i</medium>"
"<false_positive>"
"%i"
"</false_positive>"
Expand All @@ -18747,10 +18792,16 @@ handle_get_tasks (gmp_parser_t *gmp_parser, GError **error)
timestamp,
scan_start,
scan_end,
#if CVSS3_RATINGS == 1
criticals,
#endif
holes,
holes,
infos,
infos,
logs,
warnings,
warnings,
false_positives,
severity);
free (scan_start);
Expand Down Expand Up @@ -18902,11 +18953,19 @@ handle_get_tasks (gmp_parser_t *gmp_parser, GError **error)
progress_xml,
task_iterator_total_reports (&tasks),
task_iterator_finished_reports (&tasks),
#if CVSS3_RATINGS == 1
get_tasks_data->get.trash
? ""
: task_iterator_trend_counts
(&tasks, criticals, holes, warnings, infos, severity,
criticals_2, holes_2, warnings_2, infos_2, severity_2),
#else
get_tasks_data->get.trash
? ""
: task_iterator_trend_counts
(&tasks, holes, warnings, infos, severity,
holes_2, warnings_2, infos_2, severity_2),
(&tasks, 0, holes, warnings, infos, severity,
0, holes_2, warnings_2, infos_2, severity_2),
#endif
task_schedule_xml,
current_report,
last_report);
Expand Down Expand Up @@ -19700,10 +19759,21 @@ gmp_xml_handle_result ()
{
create_report_data->result_severity = strdup ("");
}
#if CVSS3_RATINGS == 1
else if (strcasecmp (create_report_data->result_threat, "Critical") == 0)
{
create_report_data->result_severity = strdup ("10.0");
}
else if (strcasecmp (create_report_data->result_threat, "High") == 0)
{
create_report_data->result_severity = strdup ("8.9");
}
#else
else if (strcasecmp (create_report_data->result_threat, "High") == 0)
{
create_report_data->result_severity = strdup ("10.0");
}
#endif
else if (strcasecmp (create_report_data->result_threat, "Medium") == 0)
{
create_report_data->result_severity = strdup ("5.0");
Expand Down
37 changes: 35 additions & 2 deletions src/manage.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -860,6 +860,10 @@ scanner_type_valid (scanner_type_t scanner_type)
const char *
threat_message_type (const char *threat)
{
#if CVSS3_RATINGS == 1
if (strcasecmp (threat, "Critical") == 0)
return "Alarm";
#endif
if (strcasecmp (threat, "High") == 0)
return "Alarm";
if (strcasecmp (threat, "Medium") == 0)
Expand All @@ -886,8 +890,15 @@ threat_message_type (const char *threat)
int
severity_in_level (double severity, const char *level)
{
#if CVSS3_RATINGS == 1
if (strcmp (level, "critical") == 0)
return severity >= 9 && severity <= 10;
else if (strcmp (level, "high") == 0)
return severity >= 7 && severity < 9;
#else
if (strcmp (level, "high") == 0)
return severity >= 7 && severity <= 10;
#endif
else if (strcmp (level, "medium") == 0)
return severity >= 4 && severity < 7;
else if (strcmp (level, "low") == 0)
Expand Down Expand Up @@ -919,6 +930,10 @@ severity_to_level (double severity, int mode)
{
if (mode == 1)
return "Alarm";
#if CVSS3_RATINGS == 1
else if (severity_in_level (severity, "critical"))
return "Critical";
#endif
else if (severity_in_level (severity, "high"))
return "High";
else if (severity_in_level (severity, "medium"))
Expand Down Expand Up @@ -1300,11 +1315,21 @@ severity_data_range_count (const severity_data_t* severity_data,
* @param[out] lows The number of Low severity results.
* @param[out] mediums The number of Medium severity results.
* @param[out] highs The number of High severity results.
* @param[out] criticals The number of Critical severity results.
* Only if CVSS3_RATINGS is enabled.
*/
void
severity_data_level_counts (const severity_data_t *severity_data,
int *errors, int *false_positives,
int *logs, int *lows, int *mediums, int *highs)
int *errors,
int *false_positives,
int *logs,
int *lows,
int *mediums,
int *highs
#if CVSS3_RATINGS == 1
,int* criticals
#endif
)
{
if (errors)
*errors
Expand Down Expand Up @@ -1341,6 +1366,14 @@ severity_data_level_counts (const severity_data_t *severity_data,
= severity_data_range_count (severity_data,
level_min_severity ("high"),
level_max_severity ("high"));

#if CVSS3_RATINGS == 1
if (criticals)
*criticals
= severity_data_range_count (severity_data,
level_min_severity ("critical"),
level_max_severity ("critical"));
#endif
}


Expand Down
21 changes: 18 additions & 3 deletions src/manage.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -902,9 +902,8 @@ int
task_last_report (task_t, report_t*);

const char *
task_iterator_trend_counts (iterator_t *, int, int, int, double, int, int, int,
double);

task_iterator_trend_counts (iterator_t *, int, int, int, int, double, int, int,
int, int, double);
int
task_schedule_periods (task_t);

Expand Down Expand Up @@ -1065,9 +1064,15 @@ severity_data_add (severity_data_t*, double);
void
severity_data_add_count (severity_data_t*, double, int);

#if CVSS3_RATINGS == 1
void
severity_data_level_counts (const severity_data_t*,
int*, int*, int*, int*, int*, int*, int*);
#else
void
severity_data_level_counts (const severity_data_t*,
int*, int*, int*, int*, int*, int*);
#endif


/* General task facilities. */
Expand Down Expand Up @@ -1337,13 +1342,23 @@ int
report_scan_result_count (report_t, const char*, const char*, int, const char*,
const char*, int, int, int*);

#if CVSS3_RATINGS == 1
int
report_counts (const char*, int*, int*, int*, int*, int*, int*, double*,
int, int);

int
report_counts_id (report_t, int*, int*, int*, int*, int*, int*, double*,
const get_data_t*, const char*);
#else
int
report_counts (const char*, int*, int*, int*, int*, int*, double*,
int, int);

int
report_counts_id (report_t, int*, int*, int*, int*, int*, double*,
const get_data_t*, const char*);
#endif

int
report_counts_id_no_filt (report_t, int*, int*, int*, int*, int*, int*,
Expand Down
Loading

0 comments on commit f2409c1

Please sign in to comment.