Skip to content

Commit

Permalink
Use CVSS3_RATINGS toggle to apply 3.x rating scale.
Browse files Browse the repository at this point in the history
  • Loading branch information
@a-h-abdelsalam
a-h-abdelsalam committed Dec 11, 2024
1 parent e1138b5 commit a0affb3
Show file tree
Hide file tree
Showing 6 changed files with 915 additions and 133 deletions.
74 changes: 65 additions & 9 deletions src/gmp.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8506,8 +8506,8 @@ buffer_override_xml (GString *buffer, iterator_t *overrides,
override_iterator_active (overrides),
strlen (excerpt) < strlen (text),
excerpt,
override_iterator_severity (overrides)
&& override_iterator_threat (overrides)
(override_iterator_severity (overrides)
&& override_iterator_threat (overrides))
? override_iterator_threat (overrides)
: "",
override_iterator_severity (overrides)
Expand Down Expand Up @@ -8601,7 +8601,8 @@ buffer_override_xml (GString *buffer, iterator_t *overrides,
? override_iterator_hosts (overrides) : "",
override_iterator_port (overrides)
? override_iterator_port (overrides) : "",
override_iterator_threat (overrides)
(override_iterator_severity (overrides)
&& override_iterator_threat (overrides))
? override_iterator_threat (overrides) : "",
override_iterator_severity (overrides)
? override_iterator_severity (overrides) : "",
Expand Down Expand Up @@ -15195,7 +15196,11 @@ handle_get_reports (gmp_parser_t *gmp_parser, GError **error)
("apply_overrides=%i min_qod=%i levels=%s compliance_levels=%s",
overrides,
min_qod,
#if CVSS3_RATINGS == 1
levels ? levels : "chmlgdf",
#else
levels ? levels : "hmlgdf",
#endif
compliance_levels ? compliance_levels : "yniu");
g_free (compliance_levels);

Expand Down Expand Up @@ -18491,8 +18496,11 @@ handle_get_tasks (gmp_parser_t *gmp_parser, GError **error)
report_t running_report;
char *owner, *observers;
int target_in_trash, scanner_in_trash;
int criticals = 0, holes = 0, infos = 0, logs = 0, warnings = 0;
int criticals_2 = 0, holes_2 = 0, infos_2 = 0, warnings_2 = 0;
int holes = 0, infos = 0, logs = 0, warnings = 0;
int holes_2 = 0, infos_2 = 0, warnings_2 = 0;
#if CVSS3_RATINGS == 1
int criticals = 0, criticals_2 = 0;
#endif
int false_positives = 0, task_scanner_type;
int target_available, config_available;
int scanner_available;
Expand Down Expand Up @@ -18598,13 +18606,20 @@ handle_get_tasks (gmp_parser_t *gmp_parser, GError **error)
if (first_report_id && (get_tasks_data->get.trash == 0))
{
// TODO Could skip this count for tasks page.
#if CVSS3_RATINGS == 1
if (report_counts (first_report_id,
&criticals_2, &holes_2, &infos_2, &logs,
&warnings_2, &false_positives,
&severity_2, apply_overrides, min_qod))
g_error ("%s: GET_TASKS: error getting counts for"
" first report, aborting",
__func__);
#else
if (report_counts (first_report_id,
&holes_2, &infos_2, &logs,
&warnings_2, &false_positives,
&severity_2, apply_overrides, min_qod))
#endif
g_error ("%s: GET_TASKS: error getting counts for"
" first report, aborting",
__func__);
}

second_last_report_id = task_second_last_report_id (index);
Expand All @@ -18614,11 +18629,20 @@ handle_get_tasks (gmp_parser_t *gmp_parser, GError **error)
* doing the count again. */
if (((first_report_id == NULL)
|| (strcmp (second_last_report_id, first_report_id)))
#if CVSS3_RATINGS == 1
&& report_counts (second_last_report_id,
&criticals_2, &holes_2, &infos_2,
&logs, &warnings_2,
&false_positives, &severity_2,
apply_overrides, min_qod))
apply_overrides, min_qod)
#else
&& report_counts (second_last_report_id,
&holes_2, &infos_2,
&logs, &warnings_2,
&false_positives, &severity_2,
apply_overrides, min_qod)
#endif
)
g_error ("%s: GET_TASKS: error getting counts for"
" second report, aborting",
__func__);
Expand Down Expand Up @@ -18667,6 +18691,7 @@ handle_get_tasks (gmp_parser_t *gmp_parser, GError **error)
&& strcmp (last_report_id,
second_last_report_id)))
{
#if CVSS3_RATINGS == 1
if (report_counts
(last_report_id,
&criticals, &holes, &infos, &logs,
Expand All @@ -18675,10 +18700,22 @@ handle_get_tasks (gmp_parser_t *gmp_parser, GError **error)
g_error ("%s: GET_TASKS: error getting counts for"
" last report, aborting",
__func__);
#else
if (report_counts
(last_report_id,
&holes, &infos, &logs,
&warnings, &false_positives, &severity,
apply_overrides, min_qod))
g_error ("%s: GET_TASKS: error getting counts for"
" last report, aborting",
__func__);
#endif
}
else
{
#if CVSS3_RATINGS == 1
criticals = criticals_2;
#endif
holes = holes_2;
infos = infos_2;
warnings = warnings_2;
Expand Down Expand Up @@ -18732,7 +18769,9 @@ handle_get_tasks (gmp_parser_t *gmp_parser, GError **error)
"<scan_start>%s</scan_start>"
"<scan_end>%s</scan_end>"
"<result_count>"
#if CVSS3_RATINGS == 1
"<critical>%i</critical>"
#endif
"<hole deprecated='1'>%i</hole>"
"<high>%i</high>"
"<info deprecated='1'>%i</info>"
Expand All @@ -18753,7 +18792,9 @@ handle_get_tasks (gmp_parser_t *gmp_parser, GError **error)
timestamp,
scan_start,
scan_end,
#if CVSS3_RATINGS == 1
criticals,
#endif
holes,
holes,
infos,
Expand Down Expand Up @@ -18912,11 +18953,19 @@ handle_get_tasks (gmp_parser_t *gmp_parser, GError **error)
progress_xml,
task_iterator_total_reports (&tasks),
task_iterator_finished_reports (&tasks),
#if CVSS3_RATINGS == 1
get_tasks_data->get.trash
? ""
: task_iterator_trend_counts
(&tasks, criticals, holes, warnings, infos, severity,
criticals_2, holes_2, warnings_2, infos_2, severity_2),
#else
get_tasks_data->get.trash
? ""
: task_iterator_trend_counts
(&tasks, 0, holes, warnings, infos, severity,
0, holes_2, warnings_2, infos_2, severity_2),
#endif
task_schedule_xml,
current_report,
last_report);
Expand Down Expand Up @@ -19710,6 +19759,7 @@ gmp_xml_handle_result ()
{
create_report_data->result_severity = strdup ("");
}
#if CVSS3_RATINGS == 1
else if (strcasecmp (create_report_data->result_threat, "Critical") == 0)
{
create_report_data->result_severity = strdup ("10.0");
Expand All @@ -19718,6 +19768,12 @@ gmp_xml_handle_result ()
{
create_report_data->result_severity = strdup ("8.9");
}
#else
else if (strcasecmp (create_report_data->result_threat, "High") == 0)
{
create_report_data->result_severity = strdup ("10.0");
}
#endif
else if (strcasecmp (create_report_data->result_threat, "Medium") == 0)
{
create_report_data->result_severity = strdup ("5.0");
Expand Down
24 changes: 22 additions & 2 deletions src/manage.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -860,8 +860,10 @@ scanner_type_valid (scanner_type_t scanner_type)
const char *
threat_message_type (const char *threat)
{
#if CVSS3_RATINGS == 1
if (strcasecmp (threat, "Critical") == 0)
return "Alarm";
#endif
if (strcasecmp (threat, "High") == 0)
return "Alarm";
if (strcasecmp (threat, "Medium") == 0)
Expand All @@ -888,10 +890,15 @@ threat_message_type (const char *threat)
int
severity_in_level (double severity, const char *level)
{
#if CVSS3_RATINGS == 1
if (strcmp (level, "critical") == 0)
return severity >= 9 && severity <= 10;
else if (strcmp (level, "high") == 0)
return severity >= 7 && severity < 9;
#else
if (strcmp (level, "high") == 0)
return severity >= 7 && severity <= 10;
#endif
else if (strcmp (level, "medium") == 0)
return severity >= 4 && severity < 7;
else if (strcmp (level, "low") == 0)
Expand Down Expand Up @@ -923,8 +930,10 @@ severity_to_level (double severity, int mode)
{
if (mode == 1)
return "Alarm";
#if CVSS3_RATINGS == 1
else if (severity_in_level (severity, "critical"))
return "Critical";
#endif
else if (severity_in_level (severity, "high"))
return "High";
else if (severity_in_level (severity, "medium"))
Expand Down Expand Up @@ -1307,11 +1316,20 @@ severity_data_range_count (const severity_data_t* severity_data,
* @param[out] mediums The number of Medium severity results.
* @param[out] highs The number of High severity results.
* @param[out] criticals The number of Critical severity results.
* Only if CVSS3_RATINGS is enabled.
*/
void
severity_data_level_counts (const severity_data_t *severity_data,
int *errors, int *false_positives,
int *logs, int *lows, int *mediums, int *highs, int* criticals)
int *errors,
int *false_positives,
int *logs,
int *lows,
int *mediums,
int *highs
#if CVSS3_RATINGS == 1
,int* criticals
#endif
)
{
if (errors)
*errors
Expand Down Expand Up @@ -1349,11 +1367,13 @@ severity_data_level_counts (const severity_data_t *severity_data,
level_min_severity ("high"),
level_max_severity ("high"));

#if CVSS3_RATINGS == 1
if (criticals)
*criticals
= severity_data_range_count (severity_data,
level_min_severity ("critical"),
level_max_severity ("critical"));
#endif
}


Expand Down
21 changes: 18 additions & 3 deletions src/manage.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -902,9 +902,8 @@ int
task_last_report (task_t, report_t*);

const char *
task_iterator_trend_counts (iterator_t *, int, int, int, int, double, int, int, int, int,
double);

task_iterator_trend_counts (iterator_t *, int, int, int, int, double, int, int,
int, int, double);
int
task_schedule_periods (task_t);

Expand Down Expand Up @@ -1065,9 +1064,15 @@ severity_data_add (severity_data_t*, double);
void
severity_data_add_count (severity_data_t*, double, int);

#if CVSS3_RATINGS == 1
void
severity_data_level_counts (const severity_data_t*,
int*, int*, int*, int*, int*, int*, int*);
#else
void
severity_data_level_counts (const severity_data_t*,
int*, int*, int*, int*, int*, int*);
#endif


/* General task facilities. */
Expand Down Expand Up @@ -1337,13 +1342,23 @@ int
report_scan_result_count (report_t, const char*, const char*, int, const char*,
const char*, int, int, int*);

#if CVSS3_RATINGS == 1
int
report_counts (const char*, int*, int*, int*, int*, int*, int*, double*,
int, int);

int
report_counts_id (report_t, int*, int*, int*, int*, int*, int*, double*,
const get_data_t*, const char*);
#else
int
report_counts (const char*, int*, int*, int*, int*, int*, double*,
int, int);

int
report_counts_id (report_t, int*, int*, int*, int*, int*, double*,
const get_data_t*, const char*);
#endif

int
report_counts_id_no_filt (report_t, int*, int*, int*, int*, int*, int*,
Expand Down
Loading

0 comments on commit a0affb3

Please sign in to comment.