Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Reduce severity classes #1288

Merged
merged 22 commits into from
Sep 22, 2020
Merged

Reduce severity classes #1288

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
22 commits
Select commit Hold shift + click to select a range
ea48fe8
Retrurn only nist classes for XML 'severity_class'
janowagner Sep 2, 2020
c8378eb
Drop severity computations for class pci-dss
janowagner Sep 2, 2020
9331d95
Drop severiy computation for class pci-dss
janowagner Sep 2, 2020
ebff096
Drop SQL computations for class 'pci-dss'
janowagner Sep 2, 2020
e55f69a
Fix syntax error in SQL from last commit
janowagner Sep 2, 2020
d32f7b6
Do not retrieve severity class from user settings
janowagner Sep 2, 2020
30caeb2
Do severity class evaluation directly
janowagner Sep 2, 2020
f100ce0
Remove now unused SQL function.
janowagner Sep 2, 2020
889c0b7
Resolve setting_severity().
janowagner Sep 2, 2020
e630516
No need to add the setting about severity classes.
janowagner Sep 3, 2020
4c3f480
No need to handle severity_class setting.
janowagner Sep 3, 2020
40d5069
Substitute a severity_class variable.
janowagner Sep 3, 2020
f3aa67c
Remove param for severity class.
janowagner Sep 3, 2020
1471671
Drop now unused param for severity class.
janowagner Sep 3, 2020
7143676
Resolve one severity class variable.
janowagner Sep 3, 2020
9387e64
Remove element severity from authenticate_response.
janowagner Sep 4, 2020
0c2dc4b
Drop element severity_class from elemnt report
janowagner Sep 4, 2020
db15b5d
Add migrator to drop Severity Class from settings
janowagner Sep 5, 2020
da0c857
Add ChangeLog.
janowagner Sep 5, 2020
c51af02
Fix formatting.
janowagner Sep 16, 2020
3ead67c
Re-add wrongly removed lines about medium level.
janowagner Sep 16, 2020
b41cbce
Update GMP documentation about removal.
janowagner Sep 16, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 2 additions & 3 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,11 +13,10 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
### Fixed
- Use GMP version with leading zero for feed dirs [#1287](https://github.com/greenbone/gvmd/pull/1287)

### Removed
- Reduce Severity Classes [#1285](https://github.com/greenbone/gvmd/pull/1285)

### Removed
- Drop GMP scanners [#1269](https://github.com/greenbone/gvmd/pull/1269)
- Reduce Severity Classes [#1285](https://github.com/greenbone/gvmd/pull/1285)
- Removed Severity Classes [#1288](https://github.com/greenbone/gvmd/pull/1288)

[21.4]: https://github.com/greenbone/gvmd/compare/gvmd-20.08...master

Expand Down
2 changes: 1 addition & 1 deletion CMakeLists.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -96,7 +96,7 @@ include (CPack)

## Variables

set (GVMD_DATABASE_VERSION 234)
set (GVMD_DATABASE_VERSION 235)

set (GVMD_SCAP_DATABASE_VERSION 16)

Expand Down
9 changes: 2 additions & 7 deletions src/gmp.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18561,7 +18561,7 @@ gmp_xml_handle_end_element (/* unused */ GMarkupParseContext* context,
{
case 0: /* Authentication succeeded. */
{
const char *zone, *severity;
const char *zone;
char *pw_warning;

zone = (current_credentials.timezone
Expand All @@ -18583,7 +18583,6 @@ gmp_xml_handle_end_element (/* unused */ GMarkupParseContext* context,

manage_session_set_timezone (zone);

severity = setting_severity ();
pw_warning = gvm_validate_password
(current_credentials.password,
current_credentials.username);
Expand All @@ -18595,14 +18594,12 @@ gmp_xml_handle_end_element (/* unused */ GMarkupParseContext* context,
" status_text=\"" STATUS_OK_TEXT "\">"
"<role>%s</role>"
"<timezone>%s</timezone>"
"<severity>%s</severity>"
"<password_warning>%s</password_warning>"
"</authenticate_response>",
current_credentials.role
? current_credentials.role
: "",
zone,
severity,
pw_warning ? pw_warning : "");
else
SENDF_TO_CLIENT_OR_FAIL
Expand All @@ -18611,13 +18608,11 @@ gmp_xml_handle_end_element (/* unused */ GMarkupParseContext* context,
" status_text=\"" STATUS_OK_TEXT "\">"
"<role>%s</role>"
"<timezone>%s</timezone>"
"<severity>%s</severity>"
"</authenticate_response>",
current_credentials.role
? current_credentials.role
: "",
zone,
severity);
zone);

free (pw_warning);
set_client_state (CLIENT_AUTHENTIC);
Expand Down
80 changes: 24 additions & 56 deletions src/manage.c
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
/* Copyright (C) 2009-2019 Greenbone Networks GmbH
/* Copyright (C) 2009-2020 Greenbone Networks GmbH
*
* SPDX-License-Identifier: AGPL-3.0-or-later
*
Expand Down Expand Up @@ -853,32 +853,16 @@ message_type_threat (const char *type)
int
severity_in_level (double severity, const char *level)
{
const char *class;
if (strcmp (level, "high") == 0)
return severity >= 7 && severity <= 10;
else if (strcmp (level, "medium") == 0)
return severity >= 4 && severity < 7;
else if (strcmp (level, "low") == 0)
return severity > 0 && severity < 4;
else if (strcmp (level, "none") == 0 || strcmp (level, "log") == 0)
return severity == 0;

class = setting_severity ();
if (strcmp (class, "pci-dss") == 0)
{
if (strcmp (level, "high") == 0)
return severity >= 4.0;
else if (strcmp (level, "none") == 0 || strcmp (level, "log") == 0)
return severity >= 0.0 && severity < 4.0;
else
return 0;
}
else
{
/* NIST */
if (strcmp (level, "high") == 0)
return severity >= 7 && severity <= 10;
else if (strcmp (level, "medium") == 0)
return severity >= 4 && severity < 7;
else if (strcmp (level, "low") == 0)
return severity > 0 && severity < 4;
else if (strcmp (level, "none") == 0 || strcmp (level, "log") == 0)
return severity == 0;
else
return 0;
}
return 0;
}

/**
Expand Down Expand Up @@ -1176,7 +1160,6 @@ severity_data_range_count (const severity_data_t* severity_data,
* @brief Count the occurrences of severities in the levels.
*
* @param[in] severity_data The severity counts data to evaluate.
* @param[in] severity_class The severity class setting to use.
* @param[out] errors The number of error messages.
* @param[out] debugs The number of debug messages.
* @param[out] false_positives The number of False Positives.
Expand All @@ -1187,65 +1170,50 @@ severity_data_range_count (const severity_data_t* severity_data,
*/
void
severity_data_level_counts (const severity_data_t *severity_data,
const gchar *severity_class,
int *errors, int *debugs, int *false_positives,
int *logs, int *lows, int *mediums, int *highs)
{
if (errors)
*errors
= severity_data_range_count (severity_data,
level_min_severity ("Error",
severity_class),
level_max_severity ("Error",
severity_class));
level_min_severity ("Error"),
level_max_severity ("Error"));

if (debugs)
*debugs
= severity_data_range_count (severity_data,
level_min_severity ("Debug",
severity_class),
level_max_severity ("Debug",
severity_class));
level_min_severity ("Debug"),
level_max_severity ("Debug"));

if (false_positives)
*false_positives
= severity_data_range_count (severity_data,
level_min_severity ("False Positive",
severity_class),
level_max_severity ("False Positive",
severity_class));
level_min_severity ("False Positive"),
level_max_severity ("False Positive"));

if (logs)
*logs
= severity_data_range_count (severity_data,
level_min_severity ("Log",
severity_class),
level_max_severity ("Log",
severity_class));
level_min_severity ("Log"),
level_max_severity ("Log"));

if (lows)
*lows
= severity_data_range_count (severity_data,
level_min_severity ("low",
severity_class),
level_max_severity ("low",
severity_class));
level_min_severity ("low"),
level_max_severity ("low"));

if (mediums)
*mediums
= severity_data_range_count (severity_data,
level_min_severity ("medium",
severity_class),
level_max_severity ("medium",
severity_class));
level_min_severity ("medium"),
level_max_severity ("medium"));

if (highs)
*highs
= severity_data_range_count (severity_data,
level_min_severity ("high",
severity_class),
level_max_severity ("high",
severity_class));
level_min_severity ("high"),
level_max_severity ("high"));
}


Expand Down
5 changes: 1 addition & 4 deletions src/manage.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1019,7 +1019,7 @@ void
severity_data_add_count (severity_data_t*, double, int);

void
severity_data_level_counts (const severity_data_t*, const gchar*,
severity_data_level_counts (const severity_data_t*,
int*, int*, int*, int*, int*, int*, int*);


Expand Down Expand Up @@ -3259,9 +3259,6 @@ setting_is_default_ca_cert (const gchar *);
char *
setting_filter (const char *);

const char *
setting_severity ();

void
init_setting_iterator (iterator_t *, const char *, const char *, int, int, int,
const char *);
Expand Down
39 changes: 38 additions & 1 deletion src/manage_migrators.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2346,7 +2346,7 @@ migrate_233_to_234 ()
sql ("UPDATE scanners SET type = 2 WHERE type = 4;");
sql ("UPDATE scanners_trash SET type = 2 WHERE type = 4;");

/* Set the database version to 233. */
/* Set the database version to 234. */

set_db_version (234);

Expand All @@ -2355,6 +2355,42 @@ migrate_233_to_234 ()
return 0;
}

/**
* @brief Migrate the database from version 234 to version 235.
*
* @return 0 success, -1 error.
*/
int
migrate_234_to_235 ()
{
sql_begin_immediate ();

/* Ensure that the database is currently version 234. */

if (manage_db_version () != 234)
{
sql_rollback ();
return -1;
}

/* Update the database. */

/* Support of multiple individual selectable severity classification ranges
* was removed. Therefore any entry in settings table where "Severity Class"
* is configured, can be removed. This setting has a specific uuid. */

/* Delete any setting for "Severity Class" . */
sql ("DELETE FROM settings WHERE uuid = 'f16bb236-a32d-4cd5-a880-e0fcf2599f59';");

/* Set the database version to 235. */

set_db_version (235);

sql_commit ();

return 0;
}

#undef UPDATE_DASHBOARD_SETTINGS

/**
Expand Down Expand Up @@ -2395,6 +2431,7 @@ static migrator_t database_migrators[] = {
{232, migrate_231_to_232},
{233, migrate_232_to_233},
{234, migrate_233_to_234},
{235, migrate_234_to_235},
/* End marker. */
{-1, NULL}};

Expand Down
83 changes: 20 additions & 63 deletions src/manage_pg.c
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
/* Copyright (C) 2014-2019 Greenbone Networks GmbH
/* Copyright (C) 2014-2020 Greenbone Networks GmbH
*
* SPDX-License-Identifier: AGPL-3.0-or-later
*
Expand Down Expand Up @@ -230,14 +230,7 @@ manage_create_sql_functions ()
" v := " G_STRINGIFY (SEVERITY_DEBUG) ";"
" WHEN lower (lvl) = 'error' THEN"
" v := " G_STRINGIFY (SEVERITY_ERROR) ";"
" WHEN cls = 'pci-dss' THEN"
" CASE"
" WHEN lower (lvl) = 'high' THEN"
" v := 10.0;"
" ELSE"
" v := " G_STRINGIFY (SEVERITY_UNDEFINED) ";"
" END CASE;"
" ELSE" // NIST.
" ELSE"
" CASE"
" WHEN lower (lvl) = 'high' THEN"
" v := 10.0;"
Expand Down Expand Up @@ -271,14 +264,7 @@ manage_create_sql_functions ()
" v := " G_STRINGIFY (SEVERITY_DEBUG) ";"
" WHEN lower (lvl) = 'error' THEN"
" v := " G_STRINGIFY (SEVERITY_ERROR) ";"
" WHEN cls = 'pci-dss' THEN"
" CASE"
" WHEN lower (lvl) = 'high' THEN"
" v := 4.0;"
" ELSE"
" v := " G_STRINGIFY (SEVERITY_UNDEFINED) ";"
" END CASE;"
" ELSE" // NIST.
" ELSE"
" CASE"
" WHEN lower (lvl) = 'high' THEN"
" v := 7.0;"
Expand Down Expand Up @@ -1453,55 +1439,26 @@ manage_create_sql_functions ()
" ::integer;",
sql_database ()))
{
sql ("CREATE OR REPLACE FUNCTION severity_in_level (double precision,"
" text,"
" text)"
" RETURNS boolean AS $$"
" SELECT CASE $3"
" WHEN 'pci-dss'"
" THEN (CASE lower ($2)"
" WHEN 'high'"
" THEN $1 >= 4.0"
" WHEN 'none'"
" THEN $1 >= 0.0 AND $1 < 4.0"
" WHEN 'log'"
" THEN $1 >= 0.0 AND $1 < 4.0"
" ELSE 0::boolean"
" END)"
" ELSE " /* NIST */
" (CASE lower ($2)"
" WHEN 'high'"
" THEN $1 >= 7"
" AND $1 <= 10"
" WHEN 'medium'"
janowagner marked this conversation as resolved.
Show resolved Hide resolved
" THEN $1 >= 4"
" AND $1 < 7"
" WHEN 'low'"
" THEN $1 > 0"
" AND $1 < 4"
" WHEN 'none'"
" THEN $1 = 0"
" WHEN 'log'"
" THEN $1 = 0"
" ELSE 0::boolean"
" END)"
" END;"
"$$ LANGUAGE SQL;");

sql ("CREATE OR REPLACE FUNCTION severity_in_level (double precision,"
" text)"
" RETURNS boolean AS $$"
" SELECT severity_in_level"
" ($1,"
" $2,"
" (SELECT value FROM settings"
" WHERE name = 'Severity Class'"
" AND ((owner IS NULL)"
" OR (owner = (SELECT id FROM users"
" WHERE users.uuid"
" = (SELECT current_setting"
" ('gvmd.user.uuid')))))"
" ORDER BY coalesce (owner, 0) DESC LIMIT 1))"
" (SELECT CASE lower ($2)"
" WHEN 'high'"
" THEN $1 >= 7"
" AND $1 <= 10"
" AND $1 < 7"
" WHEN 'medium'"
" THEN $1 >= 4"
" AND $1 < 7"
" WHEN 'low'"
" THEN $1 > 0"
" AND $1 < 4"
" WHEN 'none'"
" THEN $1 = 0"
" WHEN 'log'"
" THEN $1 = 0"
" ELSE 0::boolean"
" END);"
"$$ LANGUAGE SQL"
" STABLE;");

Expand Down
Loading