Merge pull request #1288 from janowagner/reduce_severity_classes

Reduce severity classes
greenbone · Sep 22, 2020 · 3909ce4 · 3909ce4
2 parents 9104963 + b41cbce
commit 3909ce4
Show file tree

Hide file tree

Showing 11 changed files with 125 additions and 341 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -13,11 +13,10 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 ### Fixed
 - Use GMP version with leading zero for feed dirs [#1287](https://github.com/greenbone/gvmd/pull/1287)
 
-### Removed
-- Reduce Severity Classes [#1285](https://github.com/greenbone/gvmd/pull/1285)
-
 ### Removed
 - Drop GMP scanners [#1269](https://github.com/greenbone/gvmd/pull/1269)
+- Reduce Severity Classes [#1285](https://github.com/greenbone/gvmd/pull/1285)
+- Removed Severity Classes [#1288](https://github.com/greenbone/gvmd/pull/1288)
 
 [21.4]: https://github.com/greenbone/gvmd/compare/gvmd-20.08...master
 

diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -96,7 +96,7 @@ include (CPack)
 
 ## Variables
 
-set (GVMD_DATABASE_VERSION 234)
+set (GVMD_DATABASE_VERSION 235)
 
 set (GVMD_SCAP_DATABASE_VERSION 16)
 

diff --git a/src/gmp.c b/src/gmp.c
@@ -18561,7 +18561,7 @@ gmp_xml_handle_end_element (/* unused */ GMarkupParseContext* context,
           {
             case 0:   /* Authentication succeeded. */
               {
-                const char *zone, *severity;
+                const char *zone;
                 char *pw_warning;
 
                 zone = (current_credentials.timezone
@@ -18583,7 +18583,6 @@ gmp_xml_handle_end_element (/* unused */ GMarkupParseContext* context,
 
                 manage_session_set_timezone (zone);
 
-                severity = setting_severity ();
                 pw_warning = gvm_validate_password
                               (current_credentials.password,
                                current_credentials.username);
@@ -18595,14 +18594,12 @@ gmp_xml_handle_end_element (/* unused */ GMarkupParseContext* context,
                     " status_text=\"" STATUS_OK_TEXT "\">"
                     "<role>%s</role>"
                     "<timezone>%s</timezone>"
-                    "<severity>%s</severity>"
                     "<password_warning>%s</password_warning>"
                     "</authenticate_response>",
                     current_credentials.role
                       ? current_credentials.role
                       : "",
                     zone,
-                    severity,
                     pw_warning ? pw_warning : "");
                 else
                   SENDF_TO_CLIENT_OR_FAIL
@@ -18611,13 +18608,11 @@ gmp_xml_handle_end_element (/* unused */ GMarkupParseContext* context,
                     " status_text=\"" STATUS_OK_TEXT "\">"
                     "<role>%s</role>"
                     "<timezone>%s</timezone>"
-                    "<severity>%s</severity>"
                     "</authenticate_response>",
                     current_credentials.role
                       ? current_credentials.role
                       : "",
-                    zone,
-                    severity);
+                    zone);
 
                 free (pw_warning);
                 set_client_state (CLIENT_AUTHENTIC);

diff --git a/src/manage.c b/src/manage.c
@@ -1,4 +1,4 @@
-/* Copyright (C) 2009-2019 Greenbone Networks GmbH
+/* Copyright (C) 2009-2020 Greenbone Networks GmbH
  *
  * SPDX-License-Identifier: AGPL-3.0-or-later
  *
@@ -853,32 +853,16 @@ message_type_threat (const char *type)
 int
 severity_in_level (double severity, const char *level)
 {
-  const char *class;
+  if (strcmp (level, "high") == 0)
+    return severity >= 7 && severity <= 10;
+  else if (strcmp (level, "medium") == 0)
+    return severity >= 4 && severity < 7;
+  else if (strcmp (level, "low") == 0)
+    return severity > 0 && severity < 4;
+  else if (strcmp (level, "none") == 0  || strcmp (level, "log") == 0)
+    return severity == 0;
 
-  class = setting_severity ();
-  if (strcmp (class, "pci-dss") == 0)
-    {
-      if (strcmp (level, "high") == 0)
-        return severity >= 4.0;
-      else if (strcmp (level, "none") == 0 || strcmp (level, "log") == 0)
-        return severity >= 0.0 && severity < 4.0;
-      else
-        return 0;
-    }
-  else
-    {
-      /* NIST */
-      if (strcmp (level, "high") == 0)
-        return severity >= 7 && severity <= 10;
-      else if (strcmp (level, "medium") == 0)
-        return severity >= 4 && severity < 7;
-      else if (strcmp (level, "low") == 0)
-        return severity > 0 && severity < 4;
-      else if (strcmp (level, "none") == 0  || strcmp (level, "log") == 0)
-        return severity == 0;
-      else
-        return 0;
-    }
+  return 0;
 }
 
 /**
@@ -1176,7 +1160,6 @@ severity_data_range_count (const severity_data_t* severity_data,
  * @brief Count the occurrences of severities in the levels.
  *
  * @param[in] severity_data    The severity counts data to evaluate.
- * @param[in] severity_class   The severity class setting to use.
  * @param[out] errors          The number of error messages.
  * @param[out] debugs          The number of debug messages.
  * @param[out] false_positives The number of False Positives.
@@ -1187,65 +1170,50 @@ severity_data_range_count (const severity_data_t* severity_data,
  */
 void
 severity_data_level_counts (const severity_data_t *severity_data,
-                            const gchar *severity_class,
                             int *errors, int *debugs, int *false_positives,
                             int *logs, int *lows, int *mediums, int *highs)
 {
   if (errors)
     *errors
       = severity_data_range_count (severity_data,
-                                   level_min_severity ("Error",
-                                                       severity_class),
-                                   level_max_severity ("Error",
-                                                       severity_class));
+                                   level_min_severity ("Error"),
+                                   level_max_severity ("Error"));
 
   if (debugs)
     *debugs
       = severity_data_range_count (severity_data,
-                                   level_min_severity ("Debug",
-                                                       severity_class),
-                                   level_max_severity ("Debug",
-                                                       severity_class));
+                                   level_min_severity ("Debug"),
+                                   level_max_severity ("Debug"));
 
   if (false_positives)
     *false_positives
       = severity_data_range_count (severity_data,
-                                   level_min_severity ("False Positive",
-                                                       severity_class),
-                                   level_max_severity ("False Positive",
-                                                       severity_class));
+                                   level_min_severity ("False Positive"),
+                                   level_max_severity ("False Positive"));
 
   if (logs)
     *logs
       = severity_data_range_count (severity_data,
-                                   level_min_severity ("Log",
-                                                       severity_class),
-                                   level_max_severity ("Log",
-                                                       severity_class));
+                                   level_min_severity ("Log"),
+                                   level_max_severity ("Log"));
 
   if (lows)
     *lows
       = severity_data_range_count (severity_data,
-                                   level_min_severity ("low",
-                                                       severity_class),
-                                   level_max_severity ("low",
-                                                       severity_class));
+                                   level_min_severity ("low"),
+                                   level_max_severity ("low"));
 
   if (mediums)
     *mediums
       = severity_data_range_count (severity_data,
-                                   level_min_severity ("medium",
-                                                       severity_class),
-                                   level_max_severity ("medium",
-                                                       severity_class));
+                                   level_min_severity ("medium"),
+                                   level_max_severity ("medium"));
 
   if (highs)
     *highs
       = severity_data_range_count (severity_data,
-                                   level_min_severity ("high",
-                                                       severity_class),
-                                   level_max_severity ("high",
-                                                       severity_class));
+                                   level_min_severity ("high"),
+                                   level_max_severity ("high"));
 }
 
 

diff --git a/src/manage.h b/src/manage.h
@@ -1019,7 +1019,7 @@ void
 severity_data_add_count (severity_data_t*, double, int);
 
 void
-severity_data_level_counts (const severity_data_t*, const gchar*,
+severity_data_level_counts (const severity_data_t*,
                             int*, int*, int*, int*, int*, int*, int*);
 
 
@@ -3259,9 +3259,6 @@ setting_is_default_ca_cert (const gchar *);
 char *
 setting_filter (const char *);
 
-const char *
-setting_severity ();
-
 void
 init_setting_iterator (iterator_t *, const char *, const char *, int, int, int,
                        const char *);

diff --git a/src/manage_migrators.c b/src/manage_migrators.c
@@ -2346,7 +2346,7 @@ migrate_233_to_234 ()
   sql ("UPDATE scanners SET type = 2 WHERE type = 4;");
   sql ("UPDATE scanners_trash SET type = 2 WHERE type = 4;");
 
-  /* Set the database version to 233. */
+  /* Set the database version to 234. */
 
   set_db_version (234);
 
@@ -2355,6 +2355,42 @@ migrate_233_to_234 ()
   return 0;
 }
 
+/**
+ * @brief Migrate the database from version 234 to version 235.
+ *
+ * @return 0 success, -1 error.
+ */
+int
+migrate_234_to_235 ()
+{
+  sql_begin_immediate ();
+
+  /* Ensure that the database is currently version 234. */
+
+  if (manage_db_version () != 234)
+    {
+      sql_rollback ();
+      return -1;
+    }
+
+  /* Update the database. */
+
+  /* Support of multiple individual selectable severity classification ranges
+   * was removed. Therefore any entry in settings table where "Severity Class"
+   * is configured, can be removed. This setting has a specific uuid. */
+
+  /* Delete any setting for "Severity Class" . */
+  sql ("DELETE FROM settings WHERE uuid = 'f16bb236-a32d-4cd5-a880-e0fcf2599f59';");
+
+  /* Set the database version to 235. */
+
+  set_db_version (235);
+
+  sql_commit ();
+
+  return 0;
+}
+
 #undef UPDATE_DASHBOARD_SETTINGS
 
 /**
@@ -2395,6 +2431,7 @@ static migrator_t database_migrators[] = {
   {232, migrate_231_to_232},
   {233, migrate_232_to_233},
   {234, migrate_233_to_234},
+  {235, migrate_234_to_235},
   /* End marker. */
   {-1, NULL}};
 

diff --git a/src/manage_pg.c b/src/manage_pg.c
@@ -1,4 +1,4 @@
-/* Copyright (C) 2014-2019 Greenbone Networks GmbH
+/* Copyright (C) 2014-2020 Greenbone Networks GmbH
  *
  * SPDX-License-Identifier: AGPL-3.0-or-later
  *
@@ -230,14 +230,7 @@ manage_create_sql_functions ()
        "      v := " G_STRINGIFY (SEVERITY_DEBUG) ";"
        "    WHEN lower (lvl) = 'error' THEN"
        "      v :=  " G_STRINGIFY (SEVERITY_ERROR) ";"
-       "    WHEN cls = 'pci-dss' THEN"
-       "      CASE"
-       "        WHEN  lower (lvl) = 'high' THEN"
-       "          v := 10.0;"
-       "        ELSE"
-       "          v := " G_STRINGIFY (SEVERITY_UNDEFINED) ";"
-       "        END CASE;"
-       "    ELSE" // NIST.
+       "    ELSE"
        "      CASE"
        "        WHEN lower (lvl) = 'high' THEN"
        "          v := 10.0;"
@@ -271,14 +264,7 @@ manage_create_sql_functions ()
        "      v := " G_STRINGIFY (SEVERITY_DEBUG) ";"
        "    WHEN lower (lvl) = 'error' THEN"
        "      v :=  " G_STRINGIFY (SEVERITY_ERROR) ";"
-       "    WHEN cls = 'pci-dss' THEN"
-       "      CASE"
-       "        WHEN  lower (lvl) = 'high' THEN"
-       "          v := 4.0;"
-       "        ELSE"
-       "          v := " G_STRINGIFY (SEVERITY_UNDEFINED) ";"
-       "        END CASE;"
-       "    ELSE" // NIST.
+       "    ELSE"
        "      CASE"
        "        WHEN lower (lvl) = 'high' THEN"
        "          v := 7.0;"
@@ -1453,55 +1439,26 @@ manage_create_sql_functions ()
                " ::integer;",
                sql_database ()))
     {
-      sql ("CREATE OR REPLACE FUNCTION severity_in_level (double precision,"
-           "                                              text,"
-           "                                              text)"
-           " RETURNS boolean AS $$"
-           "  SELECT CASE $3"
-           "         WHEN 'pci-dss'"
-           "         THEN (CASE lower ($2)"
-           "               WHEN 'high'"
-           "               THEN $1 >= 4.0"
-           "               WHEN 'none'"
-           "               THEN $1 >= 0.0 AND $1 < 4.0"
-           "               WHEN 'log'"
-           "               THEN $1 >= 0.0 AND $1 < 4.0"
-           "               ELSE 0::boolean"
-           "               END)"
-           "         ELSE " /* NIST */
-           "              (CASE lower ($2)"
-           "               WHEN 'high'"
-           "               THEN $1 >= 7"
-           "                    AND $1 <= 10"
-           "               WHEN 'medium'"
-           "               THEN $1 >= 4"
-           "                    AND $1 < 7"
-           "               WHEN 'low'"
-           "               THEN $1 > 0"
-           "                    AND $1 < 4"
-           "               WHEN 'none'"
-           "               THEN $1 = 0"
-           "               WHEN 'log'"
-           "               THEN $1 = 0"
-           "               ELSE 0::boolean"
-           "               END)"
-           "         END;"
-           "$$ LANGUAGE SQL;");
-
       sql ("CREATE OR REPLACE FUNCTION severity_in_level (double precision,"
            "                                              text)"
            " RETURNS boolean AS $$"
-           " SELECT severity_in_level"
-           "         ($1,"
-           "          $2,"
-           "          (SELECT value FROM settings"
-           "           WHERE name = 'Severity Class'"
-           "           AND ((owner IS NULL)"
-           "                OR (owner = (SELECT id FROM users"
-           "                             WHERE users.uuid"
-           "                                   = (SELECT current_setting"
-           "                                              ('gvmd.user.uuid')))))"
-           "           ORDER BY coalesce (owner, 0) DESC LIMIT 1))"
+           "  (SELECT CASE lower ($2)"
+           "         WHEN 'high'"
+           "         THEN $1 >= 7"
+           "              AND $1 <= 10"
+           "              AND $1 < 7"
+           "         WHEN 'medium'"
+           "         THEN $1 >= 4"
+           "              AND $1 < 7"
+           "         WHEN 'low'"
+           "         THEN $1 > 0"
+           "              AND $1 < 4"
+           "         WHEN 'none'"
+           "         THEN $1 = 0"
+           "         WHEN 'log'"
+           "         THEN $1 = 0"
+           "         ELSE 0::boolean"
+           "         END);"
            "$$ LANGUAGE SQL"
            " STABLE;");