Skip to content

Commit

Permalink
Merge pull request #1285 from janowagner/reduce_severity_classes
Browse files Browse the repository at this point in the history 
Reduce severity classes
  • Loading branch information
@mattmundell
mattmundell authored Sep 2, 2020
2 parents a32b361 + f4c170a commit 606b2e7
Show file tree
Hide file tree
Showing 5 changed files with 56 additions and 70 deletions.
3 changes: 3 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,9 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
- Move EXE credential generation to a Python script [#1260](https://github.com/greenbone/gvmd/pull/1260) [#1262](https://github.com/greenbone/gvmd/pull/1262)
- Clarify documentation for --scan-host parameter [#1277](https://github.com/greenbone/gvmd/pull/1277)

### Removed
- Reduce Severity Classes [#1285](https://github.com/greenbone/gvmd/pull/1285)

[21.4]: https://github.com/greenbone/gvmd/compare/gvmd-20.08...master

## [20.8.1] (unreleased)
Expand Down
17 changes: 2 additions & 15 deletions src/manage.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -839,20 +839,7 @@ severity_in_level (double severity, const char *level)
const char *class;

class = setting_severity ();
if (strcmp (class, "classic") == 0)
{
if (strcmp (level, "high") == 0)
return severity > 5 && severity <= 10;
else if (strcmp (level, "medium") == 0)
return severity > 2 && severity <= 5;
else if (strcmp (level, "low") == 0)
return severity > 0 && severity <= 2;
else if (strcmp (level, "none") == 0 || strcmp (level, "log") == 0)
return severity == 0;
else
return 0;
}
else if (strcmp (class, "pci-dss") == 0)
if (strcmp (class, "pci-dss") == 0)
{
if (strcmp (level, "high") == 0)
return severity >= 4.0;
Expand All @@ -863,7 +850,7 @@ severity_in_level (double severity, const char *level)
}
else
{
/* NIST/BSI. */
/* NIST */
if (strcmp (level, "high") == 0)
return severity >= 7 && severity <= 10;
else if (strcmp (level, "medium") == 0)
Expand Down
6 changes: 3 additions & 3 deletions src/manage_pg.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -237,7 +237,7 @@ manage_create_sql_functions ()
" ELSE"
" v := " G_STRINGIFY (SEVERITY_UNDEFINED) ";"
" END CASE;"
" ELSE" // NIST/BSI.
" ELSE" // NIST.
" CASE"
" WHEN lower (lvl) = 'high' THEN"
" v := 10.0;"
Expand Down Expand Up @@ -278,7 +278,7 @@ manage_create_sql_functions ()
" ELSE"
" v := " G_STRINGIFY (SEVERITY_UNDEFINED) ";"
" END CASE;"
" ELSE" // NIST/BSI.
" ELSE" // NIST.
" CASE"
" WHEN lower (lvl) = 'high' THEN"
" v := 7.0;"
Expand Down Expand Up @@ -1473,7 +1473,7 @@ manage_create_sql_functions ()
" THEN $1 >= 0.0 AND $1 < 4.0"
" ELSE 0::boolean"
" END)"
" ELSE " /* NIST/BSI */
" ELSE " /* NIST */
" (CASE lower ($2)"
" WHEN 'high'"
" THEN $1 >= 7"
Expand Down
96 changes: 46 additions & 50 deletions src/manage_sql.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26456,56 +26456,52 @@ report_progress (report_t report)
static gchar *
severity_class_xml (const gchar *severity)
{
if (severity)
{
if ((strcmp (severity, "nist") == 0)
|| (strcmp (severity, "bsi") == 0))
return g_strdup_printf ("<severity_class"
" id=\"d4c74cda-89e1-11e3-9c29-406186ea4fc5\">"
"<name>nist</name>"
"<full_name>%s</full_name>"
"<severity_range>"
"<name>None</name>"
"<min>0.0</min>"
"<max>0.0</max>"
"</severity_range>"
"<severity_range>"
"<name>Low</name>"
"<min>0.1</min>"
"<max>3.9</max>"
"</severity_range>"
"<severity_range>"
"<name>Medium</name>"
"<min>4.0</min>"
"<max>6.9</max>"
"</severity_range>"
"<severity_range>"
"<name>High</name>"
"<min>7.0</min>"
"<max>10.0</max>"
"</severity_range>"
"</severity_class>",
strcmp (severity, "nist") == 0
? "NVD Vulnerability Severity Ratings"
: "BSI Schwachstellenampel (Germany)");
else if (strcmp (severity, "pci-dss") == 0)
return g_strdup_printf ("<severity_class"
" id=\"e442e476-89e1-11e3-bfc6-406186ea4fc5\">"
"<name>pci-dss</name>"
"<full_name>PCI-DSS</full_name>"
"<severity_range>"
"<name>None</name>"
"<min>0.0</min>"
"<max>3.9</max>"
"</severity_range>"
"<severity_range>"
"<name>High</name>"
"<min>4.0</min>"
"<max>10.0</max>"
"</severity_range>"
"</severity_class>");
}
return NULL;
if (!severity)
return NULL;

if (strcmp (severity, "pci-dss") == 0)
return g_strdup_printf ("<severity_class"
" id=\"e442e476-89e1-11e3-bfc6-406186ea4fc5\">"
"<name>pci-dss</name>"
"<full_name>PCI-DSS</full_name>"
"<severity_range>"
"<name>None</name>"
"<min>0.0</min>"
"<max>3.9</max>"
"</severity_range>"
"<severity_range>"
"<name>High</name>"
"<min>4.0</min>"
"<max>10.0</max>"
"</severity_range>"
"</severity_class>");

/* "nist", any other class defaults to "nist" */
return g_strdup_printf ("<severity_class"
" id=\"d4c74cda-89e1-11e3-9c29-406186ea4fc5\">"
"<name>nist</name>"
"<full_name>NVD Vulnerability Severity Ratings</full_name>"
"<severity_range>"
"<name>None</name>"
"<min>0.0</min>"
"<max>0.0</max>"
"</severity_range>"
"<severity_range>"
"<name>Low</name>"
"<min>0.1</min>"
"<max>3.9</max>"
"</severity_range>"
"<severity_range>"
"<name>Medium</name>"
"<min>4.0</min>"
"<max>6.9</max>"
"</severity_range>"
"<severity_range>"
"<name>High</name>"
"<min>7.0</min>"
"<max>10.0</max>"
"</severity_range>"
"</severity_class>");
}

/**
Expand Down
4 changes: 2 additions & 2 deletions src/manage_utils.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -207,7 +207,7 @@ level_min_severity (const char *level, const char *class)
}
else
{
/* NIST/BSI. */
/* NIST */
if (strcasecmp (level, "high") == 0)
return 7.0;
else if (strcasecmp (level, "medium") == 0)
Expand Down Expand Up @@ -250,7 +250,7 @@ level_max_severity (const char *level, const char *class)
}
else
{
/* NIST/BSI. */
/* NIST */
if (strcasecmp (level, "high") == 0)
return 10.0;
else if (strcasecmp (level, "medium") == 0)
Expand Down

0 comments on commit 606b2e7

Please sign in to comment.