From a0affb39ca134e3ff8dfe290c705590fb3655664 Mon Sep 17 00:00:00 2001 From: Ahmed Abdelsalam Date: Tue, 10 Dec 2024 19:40:14 +0100 Subject: [PATCH] Use CVSS3_RATINGS toggle to apply 3.x rating scale. --- src/gmp.c | 74 +++- src/manage.c | 24 +- src/manage.h | 21 +- src/manage_pg.c | 56 ++- src/manage_sql.c | 860 +++++++++++++++++++++++++++++++++++++++------ src/manage_utils.c | 13 +- 6 files changed, 915 insertions(+), 133 deletions(-) diff --git a/src/gmp.c b/src/gmp.c index 87ce78b1c..533026a4f 100644 --- a/src/gmp.c +++ b/src/gmp.c @@ -8506,8 +8506,8 @@ buffer_override_xml (GString *buffer, iterator_t *overrides, override_iterator_active (overrides), strlen (excerpt) < strlen (text), excerpt, - override_iterator_severity (overrides) - && override_iterator_threat (overrides) + (override_iterator_severity (overrides) + && override_iterator_threat (overrides)) ? override_iterator_threat (overrides) : "", override_iterator_severity (overrides) @@ -8601,7 +8601,8 @@ buffer_override_xml (GString *buffer, iterator_t *overrides, ? override_iterator_hosts (overrides) : "", override_iterator_port (overrides) ? override_iterator_port (overrides) : "", - override_iterator_threat (overrides) + (override_iterator_severity (overrides) + && override_iterator_threat (overrides)) ? override_iterator_threat (overrides) : "", override_iterator_severity (overrides) ? override_iterator_severity (overrides) : "", @@ -15195,7 +15196,11 @@ handle_get_reports (gmp_parser_t *gmp_parser, GError **error) ("apply_overrides=%i min_qod=%i levels=%s compliance_levels=%s", overrides, min_qod, +#if CVSS3_RATINGS == 1 levels ? levels : "chmlgdf", +#else + levels ? levels : "hmlgdf", +#endif compliance_levels ? compliance_levels : "yniu"); g_free (compliance_levels); @@ -18491,8 +18496,11 @@ handle_get_tasks (gmp_parser_t *gmp_parser, GError **error) report_t running_report; char *owner, *observers; int target_in_trash, scanner_in_trash; - int criticals = 0, holes = 0, infos = 0, logs = 0, warnings = 0; - int criticals_2 = 0, holes_2 = 0, infos_2 = 0, warnings_2 = 0; + int holes = 0, infos = 0, logs = 0, warnings = 0; + int holes_2 = 0, infos_2 = 0, warnings_2 = 0; +#if CVSS3_RATINGS == 1 + int criticals = 0, criticals_2 = 0; +#endif int false_positives = 0, task_scanner_type; int target_available, config_available; int scanner_available; @@ -18598,13 +18606,20 @@ handle_get_tasks (gmp_parser_t *gmp_parser, GError **error) if (first_report_id && (get_tasks_data->get.trash == 0)) { // TODO Could skip this count for tasks page. +#if CVSS3_RATINGS == 1 if (report_counts (first_report_id, &criticals_2, &holes_2, &infos_2, &logs, &warnings_2, &false_positives, &severity_2, apply_overrides, min_qod)) - g_error ("%s: GET_TASKS: error getting counts for" - " first report, aborting", - __func__); +#else + if (report_counts (first_report_id, + &holes_2, &infos_2, &logs, + &warnings_2, &false_positives, + &severity_2, apply_overrides, min_qod)) +#endif + g_error ("%s: GET_TASKS: error getting counts for" + " first report, aborting", + __func__); } second_last_report_id = task_second_last_report_id (index); @@ -18614,11 +18629,20 @@ handle_get_tasks (gmp_parser_t *gmp_parser, GError **error) * doing the count again. */ if (((first_report_id == NULL) || (strcmp (second_last_report_id, first_report_id))) +#if CVSS3_RATINGS == 1 && report_counts (second_last_report_id, &criticals_2, &holes_2, &infos_2, &logs, &warnings_2, &false_positives, &severity_2, - apply_overrides, min_qod)) + apply_overrides, min_qod) +#else + && report_counts (second_last_report_id, + &holes_2, &infos_2, + &logs, &warnings_2, + &false_positives, &severity_2, + apply_overrides, min_qod) +#endif + ) g_error ("%s: GET_TASKS: error getting counts for" " second report, aborting", __func__); @@ -18667,6 +18691,7 @@ handle_get_tasks (gmp_parser_t *gmp_parser, GError **error) && strcmp (last_report_id, second_last_report_id))) { +#if CVSS3_RATINGS == 1 if (report_counts (last_report_id, &criticals, &holes, &infos, &logs, @@ -18675,10 +18700,22 @@ handle_get_tasks (gmp_parser_t *gmp_parser, GError **error) g_error ("%s: GET_TASKS: error getting counts for" " last report, aborting", __func__); +#else + if (report_counts + (last_report_id, + &holes, &infos, &logs, + &warnings, &false_positives, &severity, + apply_overrides, min_qod)) + g_error ("%s: GET_TASKS: error getting counts for" + " last report, aborting", + __func__); +#endif } else { +#if CVSS3_RATINGS == 1 criticals = criticals_2; +#endif holes = holes_2; infos = infos_2; warnings = warnings_2; @@ -18732,7 +18769,9 @@ handle_get_tasks (gmp_parser_t *gmp_parser, GError **error) "%s" "%s" "" +#if CVSS3_RATINGS == 1 "%i" +#endif "%i" "%i" "%i" @@ -18753,7 +18792,9 @@ handle_get_tasks (gmp_parser_t *gmp_parser, GError **error) timestamp, scan_start, scan_end, +#if CVSS3_RATINGS == 1 criticals, +#endif holes, holes, infos, @@ -18912,11 +18953,19 @@ handle_get_tasks (gmp_parser_t *gmp_parser, GError **error) progress_xml, task_iterator_total_reports (&tasks), task_iterator_finished_reports (&tasks), +#if CVSS3_RATINGS == 1 get_tasks_data->get.trash ? "" : task_iterator_trend_counts (&tasks, criticals, holes, warnings, infos, severity, criticals_2, holes_2, warnings_2, infos_2, severity_2), +#else + get_tasks_data->get.trash + ? "" + : task_iterator_trend_counts + (&tasks, 0, holes, warnings, infos, severity, + 0, holes_2, warnings_2, infos_2, severity_2), +#endif task_schedule_xml, current_report, last_report); @@ -19710,6 +19759,7 @@ gmp_xml_handle_result () { create_report_data->result_severity = strdup (""); } +#if CVSS3_RATINGS == 1 else if (strcasecmp (create_report_data->result_threat, "Critical") == 0) { create_report_data->result_severity = strdup ("10.0"); @@ -19718,6 +19768,12 @@ gmp_xml_handle_result () { create_report_data->result_severity = strdup ("8.9"); } +#else + else if (strcasecmp (create_report_data->result_threat, "High") == 0) + { + create_report_data->result_severity = strdup ("10.0"); + } +#endif else if (strcasecmp (create_report_data->result_threat, "Medium") == 0) { create_report_data->result_severity = strdup ("5.0"); diff --git a/src/manage.c b/src/manage.c index 9b7d0cd71..a9a402045 100644 --- a/src/manage.c +++ b/src/manage.c @@ -860,8 +860,10 @@ scanner_type_valid (scanner_type_t scanner_type) const char * threat_message_type (const char *threat) { +#if CVSS3_RATINGS == 1 if (strcasecmp (threat, "Critical") == 0) return "Alarm"; +#endif if (strcasecmp (threat, "High") == 0) return "Alarm"; if (strcasecmp (threat, "Medium") == 0) @@ -888,10 +890,15 @@ threat_message_type (const char *threat) int severity_in_level (double severity, const char *level) { +#if CVSS3_RATINGS == 1 if (strcmp (level, "critical") == 0) return severity >= 9 && severity <= 10; else if (strcmp (level, "high") == 0) return severity >= 7 && severity < 9; +#else + if (strcmp (level, "high") == 0) + return severity >= 7 && severity <= 10; +#endif else if (strcmp (level, "medium") == 0) return severity >= 4 && severity < 7; else if (strcmp (level, "low") == 0) @@ -923,8 +930,10 @@ severity_to_level (double severity, int mode) { if (mode == 1) return "Alarm"; +#if CVSS3_RATINGS == 1 else if (severity_in_level (severity, "critical")) return "Critical"; +#endif else if (severity_in_level (severity, "high")) return "High"; else if (severity_in_level (severity, "medium")) @@ -1307,11 +1316,20 @@ severity_data_range_count (const severity_data_t* severity_data, * @param[out] mediums The number of Medium severity results. * @param[out] highs The number of High severity results. * @param[out] criticals The number of Critical severity results. + * Only if CVSS3_RATINGS is enabled. */ void severity_data_level_counts (const severity_data_t *severity_data, - int *errors, int *false_positives, - int *logs, int *lows, int *mediums, int *highs, int* criticals) + int *errors, + int *false_positives, + int *logs, + int *lows, + int *mediums, + int *highs +#if CVSS3_RATINGS == 1 + ,int* criticals +#endif + ) { if (errors) *errors @@ -1349,11 +1367,13 @@ severity_data_level_counts (const severity_data_t *severity_data, level_min_severity ("high"), level_max_severity ("high")); +#if CVSS3_RATINGS == 1 if (criticals) *criticals = severity_data_range_count (severity_data, level_min_severity ("critical"), level_max_severity ("critical")); +#endif } diff --git a/src/manage.h b/src/manage.h index a2667abaf..ce073b277 100644 --- a/src/manage.h +++ b/src/manage.h @@ -902,9 +902,8 @@ int task_last_report (task_t, report_t*); const char * -task_iterator_trend_counts (iterator_t *, int, int, int, int, double, int, int, int, int, - double); - +task_iterator_trend_counts (iterator_t *, int, int, int, int, double, int, int, + int, int, double); int task_schedule_periods (task_t); @@ -1065,9 +1064,15 @@ severity_data_add (severity_data_t*, double); void severity_data_add_count (severity_data_t*, double, int); +#if CVSS3_RATINGS == 1 void severity_data_level_counts (const severity_data_t*, int*, int*, int*, int*, int*, int*, int*); +#else +void +severity_data_level_counts (const severity_data_t*, + int*, int*, int*, int*, int*, int*); +#endif /* General task facilities. */ @@ -1337,6 +1342,7 @@ int report_scan_result_count (report_t, const char*, const char*, int, const char*, const char*, int, int, int*); +#if CVSS3_RATINGS == 1 int report_counts (const char*, int*, int*, int*, int*, int*, int*, double*, int, int); @@ -1344,6 +1350,15 @@ report_counts (const char*, int*, int*, int*, int*, int*, int*, double*, int report_counts_id (report_t, int*, int*, int*, int*, int*, int*, double*, const get_data_t*, const char*); +#else +int +report_counts (const char*, int*, int*, int*, int*, int*, double*, + int, int); + +int +report_counts_id (report_t, int*, int*, int*, int*, int*, double*, + const get_data_t*, const char*); +#endif int report_counts_id_no_filt (report_t, int*, int*, int*, int*, int*, int*, diff --git a/src/manage_pg.c b/src/manage_pg.c index 704615c5c..ada46ee6c 100644 --- a/src/manage_pg.c +++ b/src/manage_pg.c @@ -230,10 +230,15 @@ manage_create_sql_functions () " v := " G_STRINGIFY (SEVERITY_ERROR) ";" " ELSE" " CASE" +#if CVSS3_RATINGS == 1 " WHEN lower (lvl) = 'critical' THEN" " v := 10.0;" " WHEN lower (lvl) = 'high' THEN" " v := 8.9;" +#else + " WHEN lower (lvl) = 'high' THEN" + " v := 10.0;" +#endif " WHEN lower (lvl) = 'medium' THEN" " v := 6.9;" " WHEN lower (lvl) = 'low' THEN" @@ -264,8 +269,10 @@ manage_create_sql_functions () " v := " G_STRINGIFY (SEVERITY_ERROR) ";" " ELSE" " CASE" +#if CVSS3_RATINGS == 1 " WHEN lower (lvl) = 'critical' THEN" " v := 9.0;" +#endif " WHEN lower (lvl) = 'high' THEN" " v := 7.0;" " WHEN lower (lvl) = 'medium' THEN" @@ -498,6 +505,7 @@ manage_create_sql_functions () "$$ LANGUAGE plpgsql" " IMMUTABLE;"); +#if CVSS3_RATINGS == 1 sql ("CREATE OR REPLACE FUNCTION order_threat (text)" " RETURNS integer AS $$" " BEGIN" @@ -521,7 +529,29 @@ manage_create_sql_functions () " END;" "$$ LANGUAGE plpgsql" " IMMUTABLE;"); - +#else + sql ("CREATE OR REPLACE FUNCTION order_threat (text)" + " RETURNS integer AS $$" + " BEGIN" + " IF $1 = 'High' THEN" + " RETURN 1;" + " ELSIF $1 = 'Medium' THEN" + " RETURN 2;" + " ELSIF $1 = 'Low' THEN" + " RETURN 3;" + " ELSIF $1 = 'Log' THEN" + " RETURN 4;" + " ELSIF $1 = 'False Positive' THEN" + " RETURN 5;" + " ELSIF $1 = 'None' THEN" + " RETURN 6;" + " ELSE" + " RETURN 7;" + " END IF;" + " END;" + "$$ LANGUAGE plpgsql" + " IMMUTABLE;"); +#endif sql ("CREATE OR REPLACE FUNCTION severity_to_type (double precision)" " RETURNS text AS $$" " BEGIN" @@ -1370,8 +1400,10 @@ manage_create_sql_functions () " second_last_report integer;" " severity_a double precision;" " severity_b double precision;" +#if CVSS3_RATINGS == 1 " critical_a bigint;" " critical_b bigint;" +#endif " high_a bigint;" " high_b bigint;" " medium_a bigint;" @@ -1407,10 +1439,12 @@ manage_create_sql_functions () " RETURN 'down'::text;" " END IF;" /* Calculate trend. */ +#if CVSS3_RATINGS == 1 " critical_a := report_severity_count (last_report, $2, $3," " 'critical');" " critical_b := report_severity_count (second_last_report, $2, $3," " 'critical');" +#endif " high_a := report_severity_count (last_report, $2, $3," " 'high');" " high_b := report_severity_count (second_last_report, $2, $3," @@ -1423,9 +1457,13 @@ manage_create_sql_functions () " 'low');" " low_b := report_severity_count (second_last_report, $2, $3," " 'low');" +#if CVSS3_RATINGS == 1 " IF critical_a > 0 THEN" " threat_a := 5;" " ELSEIF high_a > 0 THEN" +#else + " IF high_a > 0 THEN" +#endif " threat_a := 4;" " ELSIF medium_a > 0 THEN" " threat_a := 3;" @@ -1434,9 +1472,13 @@ manage_create_sql_functions () " ELSE" " threat_a := 1;" " END IF;" +#if CVSS3_RATINGS == 1 " IF critical_b > 0 THEN" " threat_b := 5;" " ELSEIF high_b > 0 THEN" +#else + " IF high_b > 0 THEN" +#endif " threat_b := 4;" " ELSIF medium_b > 0 THEN" " threat_b := 3;" @@ -1452,6 +1494,7 @@ manage_create_sql_functions () " RETURN 'down'::text;" " END IF;" /* Check if the threat count changed. */ +#if CVSS3_RATINGS == 1 " IF critical_a > 0 THEN" " IF critical_a > critical_b THEN" " RETURN 'more'::text;" @@ -1460,6 +1503,7 @@ manage_create_sql_functions () " END IF;" " RETURN 'same'::text;" " END IF;" +#endif " IF high_a > 0 THEN" " IF high_a > high_b THEN" " RETURN 'more'::text;" @@ -1598,12 +1642,18 @@ manage_create_sql_functions () " text)" " RETURNS boolean AS $$" " (SELECT CASE lower ($2)" +#if CVSS3_RATINGS == 1 " WHEN 'critical'" " THEN $1 >= 9" " AND $1 <= 10" " WHEN 'high'" " THEN $1 >= 7" " AND $1 < 9" +#else + " WHEN 'high'" + " THEN $1 >= 7" + " AND $1 <= 10" +#endif " WHEN 'medium'" " THEN $1 >= 4" " AND $1 < 7" @@ -1645,9 +1695,11 @@ manage_create_sql_functions () " THEN (SELECT CASE" " WHEN $2 = 1" " THEN 'Alarm'" +#if CVSS3_RATINGS == 1 " WHEN severity_in_level ($1::double precision," " 'critical')" " THEN 'Critical'" +#endif " WHEN severity_in_level ($1::double precision," " 'high')" " THEN 'High'" @@ -1678,8 +1730,10 @@ manage_create_sql_functions () " THEN (SELECT CASE" " WHEN $2 = 1" " THEN 'Alarm'" +#if CVSS3_RATINGS == 1 " WHEN severity_in_level ($1, 'critical')" " THEN 'Critical'" +#endif " WHEN severity_in_level ($1, 'high')" " THEN 'High'" " WHEN severity_in_level ($1, 'medium')" diff --git a/src/manage_sql.c b/src/manage_sql.c index 134aa8842..4578ce058 100644 --- a/src/manage_sql.c +++ b/src/manage_sql.c @@ -250,10 +250,17 @@ check_for_updated_scap (); static void check_for_updated_cert (); +#if CVSS3_RATINGS == 1 static int report_counts_id_full (report_t, int *, int *, int *, int *, int *, int *, double *, const get_data_t*, const char* , int *, int *, int *, int *, int *, int *, double *); +#else +static int +report_counts_id_full (report_t, int *, int *, int *, int *, int *, + double *, const get_data_t*, const char* , + int *, int *, int *, int *, int *, double *); +#endif static gboolean find_group_with_permission (const char *, group_t *, const char *); @@ -2604,7 +2611,9 @@ keyword_applies_to_column (keyword_t *keyword, const char* column) && (strstr ("False Positive", keyword->string) == NULL) && (strstr ("Error", keyword->string) == NULL) && (strstr ("Alarm", keyword->string) == NULL) +#if CVSS3_RATINGS == 1 && (strstr ("Critical", keyword->string) == NULL) +#endif && (strstr ("High", keyword->string) == NULL) && (strstr ("Medium", keyword->string) == NULL) && (strstr ("Low", keyword->string) == NULL) @@ -3047,7 +3056,10 @@ filter_clause (const char* type, const char* filter, || strcmp (keyword->string, "low_per_host") == 0 || strcmp (keyword->string, "medium_per_host") == 0 || strcmp (keyword->string, "high_per_host") == 0 - || strcmp (keyword->string, "critical_per_host") == 0) +#if CVSS3_RATINGS == 1 + || strcmp (keyword->string, "critical_per_host") == 0 +#endif + ) { gchar *column; column = columns_select_column (select_columns, @@ -3084,7 +3096,9 @@ filter_clause (const char* type, const char* filter, || (strcmp (keyword->string, "published") == 0) || (strcmp (keyword->string, "qod") == 0) || (strcmp (keyword->string, "cves") == 0) +#if CVSS3_RATINGS == 1 || (strcmp (keyword->string, "critical") == 0) +#endif || (strcmp (keyword->string, "high") == 0) || (strcmp (keyword->string, "medium") == 0) || (strcmp (keyword->string, "low") == 0) @@ -3242,7 +3256,10 @@ filter_clause (const char* type, const char* filter, || strcmp (keyword->string, "low_per_host") == 0 || strcmp (keyword->string, "medium_per_host") == 0 || strcmp (keyword->string, "high_per_host") == 0 - || strcmp (keyword->string, "critical_per_host") == 0) +#if CVSS3_RATINGS == 1 + || strcmp (keyword->string, "critical_per_host") == 0 +#endif + ) { gchar *column; column = columns_select_column (select_columns, @@ -3279,7 +3296,9 @@ filter_clause (const char* type, const char* filter, || (strcmp (keyword->string, "published") == 0) || (strcmp (keyword->string, "qod") == 0) || (strcmp (keyword->string, "cves") == 0) +#if CVSS3_RATINGS == 1 || (strcmp (keyword->string, "critical") == 0) +#endif || (strcmp (keyword->string, "high") == 0) || (strcmp (keyword->string, "medium") == 0) || (strcmp (keyword->string, "low") == 0) @@ -14540,7 +14559,7 @@ condition_met (task_t task, report_t report, alert_t alert, { char *filter_id, *count_string; report_t last_report; - int criticals, holes, infos, logs, warnings, false_positives; + int criticals = 0, holes, infos, logs, warnings, false_positives; int count; double severity; @@ -14587,10 +14606,15 @@ condition_met (task_t task, report_t report, alert_t alert, memset (&get, 0, sizeof (get_data_t)); get.type = "result"; get.filt_id = filter_id; +#if CVSS3_RATINGS == 1 report_counts_id (last_report, &criticals, &holes, &infos, &logs, &warnings, &false_positives, &severity, &get, NULL); - +#else + report_counts_id (last_report, &holes, &infos, &logs, + &warnings, &false_positives, &severity, + &get, NULL); +#endif db_count = criticals + holes + infos + logs + warnings + false_positives; @@ -14608,7 +14632,7 @@ condition_met (task_t task, report_t report, alert_t alert, { char *direction, *filter_id, *count_string; report_t last_report; - int criticals, holes, infos, logs, warnings, false_positives; + int criticals = 0, holes, infos, logs, warnings, false_positives; int count; double severity; @@ -14643,10 +14667,15 @@ condition_met (task_t task, report_t report, alert_t alert, get_data_t get; get.type = "result"; get.filt_id = filter_id; - +#if CVSS3_RATINGS == 1 report_counts_id (last_report, &criticals, &holes, &infos, &logs, &warnings, &false_positives, &severity, &get, NULL); +#else + report_counts_id (last_report, &holes, &infos, &logs, + &warnings, &false_positives, &severity, + &get, NULL); +#endif last_count = criticals + holes + infos + logs + warnings + false_positives; @@ -14657,10 +14686,15 @@ condition_met (task_t task, report_t report, alert_t alert, if (second_last_report) { int cmp, second_last_count; - +#if CVSS3_RATINGS == 1 report_counts_id (second_last_report, &criticals, &holes, &infos, &logs, &warnings, &false_positives, &severity, &get, NULL); +#else + report_counts_id (second_last_report, &holes, &infos, + &logs, &warnings, &false_positives, + &severity, &get, NULL); +#endif second_last_count = criticals + holes + infos + logs + warnings + false_positives; @@ -15033,13 +15067,23 @@ append_to_task_string (task_t task, const char* field, const char* value) /** * @brief Filter columns for task iterator. */ +#if CVSS3_RATINGS == 1 + #define TASK_ITERATOR_FILTER_COLUMNS \ + { GET_ITERATOR_FILTER_COLUMNS, "status", "total", "first_report", \ + "last_report", "threat", "trend", "severity", "schedule", "next_due", \ + "first", "last", "false_positive", "log", "low", "medium", "high", \ + "critical", "hosts", "result_hosts", "fp_per_host", "log_per_host", \ + "low_per_host", "medium_per_host", "high_per_host", "critical_per_host", \ + "target", "usage_type", "first_report_created", "last_report_created", NULL } +#else #define TASK_ITERATOR_FILTER_COLUMNS \ { GET_ITERATOR_FILTER_COLUMNS, "status", "total", "first_report", \ "last_report", "threat", "trend", "severity", "schedule", "next_due", \ "first", "last", "false_positive", "log", "low", "medium", "high", \ - "critical", "hosts", "result_hosts", "fp_per_host", "log_per_host", \ - "low_per_host", "medium_per_host", "high_per_host", "critical_per_host", \ - "target", "usage_type", "first_report_created", "last_report_created", NULL } + "hosts", "result_hosts", "fp_per_host", "log_per_host", "low_per_host", \ + "medium_per_host", "high_per_host", "target", "usage_type", \ + "first_report_created", "last_report_created", NULL } +#endif /** * @brief Task iterator columns. @@ -15083,6 +15127,7 @@ append_to_task_string (task_t task, const char* field, const char* value) /** * @brief Task iterator WHERE columns. */ +#if CVSS3_RATINGS == 1 #define TASK_ITERATOR_WHERE_COLUMNS_INNER \ { \ "task_threat_level (id, opts.override, opts.min_qod)", \ @@ -15288,8 +15333,195 @@ append_to_task_string (task_t task, const char* field, const char* value) " ORDER BY creation_time DESC LIMIT 1)", \ "last_report_created", \ KEYWORD_TYPE_INTEGER \ - } \ - + } +#else +#define TASK_ITERATOR_WHERE_COLUMNS_INNER \ + { \ + "task_threat_level (id, opts.override, opts.min_qod)", \ + "threat", \ + KEYWORD_TYPE_STRING \ + }, \ + { \ + "task_trend (id, opts.override, opts.min_qod)", \ + "trend", \ + KEYWORD_TYPE_STRING \ + }, \ + { \ + "task_severity (id, opts.override, opts.min_qod)", \ + "severity", \ + KEYWORD_TYPE_DOUBLE \ + }, \ + { \ + "(SELECT schedules.name FROM schedules" \ + " WHERE schedules.id = tasks.schedule)", \ + "schedule", \ + KEYWORD_TYPE_STRING \ + }, \ + { \ + "(CASE WHEN schedule_next_time IS NULL" \ + " THEN -1" \ + " WHEN schedule_next_time = 0 AND tasks.schedule > 0" \ + " THEN (SELECT first_time" \ + " FROM schedules" \ + " WHERE schedules.id = tasks.schedule)" \ + " ELSE schedule_next_time" \ + " END)", \ + "next_due", \ + KEYWORD_TYPE_INTEGER \ + }, \ + { \ + "(SELECT creation_time FROM reports WHERE task = tasks.id" \ + /* TODO 1 == TASK_STATUS_DONE */ \ + " AND scan_run_status = 1" \ + " ORDER BY creation_time ASC LIMIT 1)", \ + "first", \ + KEYWORD_TYPE_INTEGER \ + }, \ + { \ + "(SELECT creation_time FROM reports WHERE task = tasks.id" \ + /* TODO 1 == TASK_STATUS_DONE */ \ + " AND scan_run_status = 1" \ + " ORDER BY creation_time DESC LIMIT 1)", \ + "last", \ + KEYWORD_TYPE_INTEGER \ + }, \ + { \ + "CASE WHEN target IS null OR opts.ignore_severity != 0 THEN 0 ELSE" \ + " report_severity_count (task_last_report (id)," \ + " opts.override, opts.min_qod," \ + " 'False Positive')" \ + " END", \ + "false_positive", \ + KEYWORD_TYPE_INTEGER \ + }, \ + { \ + "CASE WHEN target IS null OR opts.ignore_severity != 0 THEN 0 ELSE" \ + " report_severity_count (task_last_report (id)," \ + " opts.override, opts.min_qod, 'Log')" \ + " END", \ + "log", \ + KEYWORD_TYPE_INTEGER \ + }, \ + { \ + "CASE WHEN target IS null OR opts.ignore_severity != 0 THEN 0 ELSE" \ + " report_severity_count (task_last_report (id)," \ + " opts.override, opts.min_qod, 'Low')" \ + " END", \ + "low", \ + KEYWORD_TYPE_INTEGER \ + }, \ + { \ + "CASE WHEN target IS null OR opts.ignore_severity != 0 THEN 0 ELSE" \ + " report_severity_count (task_last_report (id)," \ + " opts.override, opts.min_qod, 'Medium')" \ + " END", \ + "medium", \ + KEYWORD_TYPE_INTEGER \ + }, \ + { \ + "CASE WHEN target IS null OR opts.ignore_severity != 0 THEN 0 ELSE" \ + " report_severity_count (task_last_report (id)," \ + " opts.override, opts.min_qod, 'High')" \ + " END", \ + "high", \ + KEYWORD_TYPE_INTEGER \ + }, \ + { \ + "CASE WHEN target IS null OR opts.ignore_severity != 0 THEN 0 ELSE" \ + " report_host_count (task_last_report (id))" \ + " END", \ + "hosts", \ + KEYWORD_TYPE_INTEGER \ + }, \ + { \ + "CASE WHEN target IS null OR opts.ignore_severity != 0 THEN 0 ELSE" \ + " report_result_host_count (task_last_report (id), opts.min_qod)" \ + " END", \ + "result_hosts", \ + KEYWORD_TYPE_INTEGER \ + }, \ + { \ + "CASE WHEN target IS null OR opts.ignore_severity != 0 THEN 0 ELSE" \ + " coalesce (report_severity_count (task_last_report (id)," \ + " opts.override, opts.min_qod," \ + " 'False Positive') * 1.0" \ + " / nullif (report_result_host_count (task_last_report (id),"\ + " opts.min_qod), 0)," \ + " 0)" \ + " END", \ + "fp_per_host", \ + KEYWORD_TYPE_INTEGER \ + }, \ + { \ + "CASE WHEN target IS null OR opts.ignore_severity != 0 THEN 0 ELSE" \ + " coalesce (report_severity_count (task_last_report (id)," \ + " opts.override, opts.min_qod," \ + " 'Log') * 1.0" \ + " / nullif (report_result_host_count (task_last_report (id),"\ + " opts.min_qod), 0)," \ + " 0)" \ + " END", \ + "log_per_host", \ + KEYWORD_TYPE_INTEGER \ + }, \ + { \ + "CASE WHEN target IS null OR opts.ignore_severity != 0 THEN 0 ELSE" \ + " coalesce (report_severity_count (task_last_report (id)," \ + " opts.override, opts.min_qod," \ + " 'Low') * 1.0" \ + " / nullif (report_result_host_count (task_last_report (id),"\ + " opts.min_qod), 0)," \ + " 0)" \ + " END", \ + "low_per_host", \ + KEYWORD_TYPE_INTEGER \ + }, \ + { \ + "CASE WHEN target IS null OR opts.ignore_severity != 0 THEN 0 ELSE" \ + " coalesce (report_severity_count (task_last_report (id)," \ + " opts.override, opts.min_qod," \ + " 'Medium') * 1.0" \ + " / nullif (report_result_host_count (task_last_report (id),"\ + " opts.min_qod), 0)," \ + " 0)" \ + " END", \ + "medium_per_host", \ + KEYWORD_TYPE_INTEGER \ + }, \ + { \ + "CASE WHEN target IS null OR opts.ignore_severity != 0 THEN 0 ELSE" \ + " coalesce (report_severity_count (task_last_report (id)," \ + " opts.override, opts.min_qod," \ + " 'High') * 1.0" \ + " / nullif (report_result_host_count (task_last_report (id),"\ + " opts.min_qod), 0)," \ + " 0)" \ + " END", \ + "high_per_host", \ + KEYWORD_TYPE_INTEGER \ + }, \ + { \ + "(SELECT name FROM targets WHERE id = target)", \ + "target", \ + KEYWORD_TYPE_STRING \ + }, \ + { \ + "(SELECT creation_time FROM reports WHERE task = tasks.id" \ + /* TODO 1 == TASK_STATUS_DONE */ \ + " AND scan_run_status = 1" \ + " ORDER BY creation_time ASC LIMIT 1)", \ + "first_report_created", \ + KEYWORD_TYPE_INTEGER \ + }, \ + { \ + "(SELECT creation_time FROM reports WHERE task = tasks.id" \ + /* TODO 1 == TASK_STATUS_DONE */ \ + " AND scan_run_status = 1" \ + " ORDER BY creation_time DESC LIMIT 1)", \ + "last_report_created", \ + KEYWORD_TYPE_INTEGER \ + } +#endif /** * @brief Task iterator WHERE columns. */ @@ -21144,7 +21376,7 @@ report_cache_counts (report_t report, int clear_original, int clear_overridden, const char* users_where) { iterator_t cache_iterator; - int criticals, holes, infos, logs, warnings, false_positives; + int holes, infos, logs, warnings, false_positives; double severity; get_data_t *get = NULL; gchar *old_user_id; @@ -21175,9 +21407,14 @@ report_cache_counts (report_t report, int clear_original, int clear_overridden, " AND min_qod = %d", report, user, override, min_qod); } - +#if CVSS3_RATINGS == 1 + int criticals; report_counts_id (report, &criticals, &holes, &infos, &logs, &warnings, &false_positives, &severity, get, NULL); +#else + report_counts_id (report, &holes, &infos, &logs, &warnings, + &false_positives, &severity, get, NULL); +#endif get_data_reset (get); g_free (get); @@ -22132,6 +22369,7 @@ report_add_results_array (report_t report, GArray *results) /** * @brief Filter columns for report iterator. */ +#if CVSS3_RATINGS == 1 #define REPORT_ITERATOR_FILTER_COLUMNS \ { ANON_GET_ITERATOR_FILTER_COLUMNS, "task_id", "name", "creation_time", \ "date", "status", "task", "severity", "false_positive", "log", "low", \ @@ -22140,6 +22378,16 @@ report_add_results_array (report_t report, GArray *results) "critical_per_host", "duration", "duration_per_host", "start_time", \ "end_time", "scan_start", "scan_end", "compliance_yes", "compliance_no", \ "compliance_incomplete", "compliant", NULL } +#else +#define REPORT_ITERATOR_FILTER_COLUMNS \ + { ANON_GET_ITERATOR_FILTER_COLUMNS, "task_id", "name", "creation_time", \ + "date", "status", "task", "severity", "false_positive", "log", "low", \ + "medium", "high", "hosts", "result_hosts", "fp_per_host", "log_per_host", \ + "low_per_host", "medium_per_host", "high_per_host", "duration", \ + "duration_per_host", "start_time", "end_time", "scan_start", "scan_end", \ + "compliance_yes", "compliance_no", "compliance_incomplete", \ + "compliant", NULL } +#endif /** * @brief Report iterator columns. */ @@ -22165,6 +22413,7 @@ report_add_results_array (report_t report, GArray *results) /** * @brief Report iterator columns. */ +#if CVSS3_RATINGS == 1 #define REPORT_ITERATOR_WHERE_COLUMNS \ { \ { "run_status_name (scan_run_status)", "status", KEYWORD_TYPE_STRING }, \ @@ -22311,7 +22560,141 @@ report_add_results_array (report_t report, GArray *results) }, \ { NULL, NULL, KEYWORD_TYPE_UNKNOWN } \ } - +#else +#define REPORT_ITERATOR_WHERE_COLUMNS \ + { \ + { "run_status_name (scan_run_status)", "status", KEYWORD_TYPE_STRING }, \ + { \ + "(SELECT uuid FROM tasks WHERE tasks.id = task)", \ + "task_id", \ + KEYWORD_TYPE_STRING \ + }, \ + { "creation_time", "date", KEYWORD_TYPE_INTEGER }, \ + { "(SELECT name FROM tasks WHERE tasks.id = task)", "task" }, \ + { \ + "report_severity (id, opts.override, opts.min_qod)", \ + "severity", \ + KEYWORD_TYPE_DOUBLE \ + }, \ + { \ + "report_severity_count (id, opts.override, opts.min_qod," \ + " 'False Positive')", \ + "false_positive", \ + KEYWORD_TYPE_INTEGER \ + }, \ + { \ + "report_severity_count (id, opts.override, opts.min_qod, 'Log')", \ + "log", \ + KEYWORD_TYPE_INTEGER \ + }, \ + { \ + "report_severity_count (id, opts.override, opts.min_qod, 'Low')", \ + "low", \ + KEYWORD_TYPE_INTEGER \ + }, \ + { \ + "report_severity_count (id, opts.override, opts.min_qod, 'Medium')", \ + "medium", \ + KEYWORD_TYPE_INTEGER \ + }, \ + { \ + "report_severity_count (id, opts.override, opts.min_qod, 'High')", \ + "high", \ + KEYWORD_TYPE_INTEGER \ + }, \ + { \ + "(SELECT name FROM users WHERE users.id = reports.owner)", \ + "_owner", \ + KEYWORD_TYPE_STRING \ + }, \ + { \ + "report_host_count (id)", \ + "hosts", \ + KEYWORD_TYPE_INTEGER \ + }, \ + { \ + "report_result_host_count (id, opts.min_qod)", \ + "result_hosts", \ + KEYWORD_TYPE_INTEGER \ + }, \ + { \ + "coalesce (report_severity_count (id, opts.override, opts.min_qod," \ + " 'False Positive') * 1.0" \ + " / nullif (report_result_host_count (id, opts.min_qod), 0),"\ + " 0)", \ + "fp_per_host", \ + KEYWORD_TYPE_INTEGER \ + }, \ + { \ + "coalesce (report_severity_count (id, opts.override, opts.min_qod," \ + " 'Log') * 1.0" \ + " / nullif (report_result_host_count (id, opts.min_qod), 0),"\ + " 0)", \ + "log_per_host", \ + KEYWORD_TYPE_INTEGER \ + }, \ + { \ + "coalesce (report_severity_count (id, opts.override, opts.min_qod," \ + " 'Low') * 1.0" \ + " / nullif (report_result_host_count (id, opts.min_qod), 0),"\ + " 0)", \ + "low_per_host", \ + KEYWORD_TYPE_INTEGER \ + }, \ + { \ + "coalesce (report_severity_count (id, opts.override, opts.min_qod," \ + " 'Medium') * 1.0" \ + " / nullif (report_result_host_count (id, opts.min_qod), 0),"\ + " 0)", \ + "medium_per_host", \ + KEYWORD_TYPE_INTEGER \ + }, \ + { \ + "coalesce (report_severity_count (id, opts.override, opts.min_qod," \ + " 'High') * 1.0" \ + " / nullif (report_result_host_count (id, opts.min_qod), 0),"\ + " 0)", \ + "high_per_host", \ + KEYWORD_TYPE_INTEGER \ + }, \ + { \ + "(CASE WHEN (start_time IS NULL or end_time IS NULL)" \ + " THEN NULL ELSE end_time - start_time END)", \ + "duration", \ + KEYWORD_TYPE_INTEGER \ + }, \ + { \ + "(CASE WHEN (start_time IS NULL or end_time IS NULL" \ + " or report_result_host_count (id, opts.min_qod) = 0)" \ + " THEN NULL" \ + " ELSE (end_time - start_time)" \ + " / report_result_host_count (id, opts.min_qod) END)", \ + "duration_per_host", \ + KEYWORD_TYPE_INTEGER \ + }, \ + { \ + "report_compliance_count (id, 'YES')", \ + "compliance_yes", \ + KEYWORD_TYPE_INTEGER \ + }, \ + { \ + "report_compliance_count (id, 'NO')", \ + "compliance_no", \ + KEYWORD_TYPE_INTEGER \ + }, \ + { \ + "report_compliance_count (id, 'INCOMPLETE')", \ + "compliance_incomplete", \ + KEYWORD_TYPE_INTEGER \ + }, \ + { \ + "report_compliance_status (id)", \ + "compliant", \ + KEYWORD_TYPE_STRING \ + }, \ + { NULL, NULL, KEYWORD_TYPE_UNKNOWN } \ + } +#endif /** * @brief Generate the extra_tables string for a report iterator. * @@ -22621,11 +23004,13 @@ where_levels_auto (const char *levels, const char *new_severity_sql) g_string_append_printf (levels_sql, " AND severity_in_levels (%s", new_severity_sql); +#if CVSS3_RATINGS == 1 if (strchr (levels, 'c')) { g_string_append (levels_sql, ", 'critical'"); count++; } +#endif if (strchr (levels, 'h')) { g_string_append (levels_sql, ", 'high'"); @@ -22660,7 +23045,11 @@ where_levels_auto (const char *levels, const char *new_severity_sql) g_string_append (levels_sql, ")"); +#if CVSS3_RATINGS == 1 if (count == 6) +#else + if (count == 5) +#endif { /* All levels. */ g_string_free (levels_sql, TRUE); @@ -23354,7 +23743,11 @@ results_extra_where (int trash, report_t report, const gchar* host, min_qod = filter_term_min_qod (filter); levels = filter_term_value (filter, "levels"); if (levels == NULL) +#if CVSS3_RATINGS == 1 levels = g_strdup ("chmlgdf"); +#else + levels = g_strdup ("hmlgdf"); +#endif compliance_levels = filter_term_value (filter, "compliance_levels"); // Build clause fragments @@ -23380,7 +23773,7 @@ results_extra_where (int trash, report_t report, const gchar* host, min_qod_clause = where_qod (min_qod); - levels_clause = where_levels_auto (levels ? levels : "chmlgdf", + levels_clause = where_levels_auto (levels, given_new_severity_sql ? given_new_severity_sql : new_severity_sql); @@ -25883,6 +26276,7 @@ report_severity_data (report_t report, const char *host, * * @param[in] report_id ID of report. * @param[out] criticals Number of critical messages. + * Only if CVSS3_RATINGS is enabled. * @param[out] holes Number of hole messages. * @param[out] infos Number of info messages. * @param[out] logs Number of log messages. @@ -25895,8 +26289,16 @@ report_severity_data (report_t report, const char *host, * @return 0 on success, -1 on error. */ int -report_counts (const char* report_id, int* criticals, int* holes, int* infos, - int* logs, int* warnings, int* false_positives, double* severity, +report_counts (const char* report_id, +#if CVSS3_RATINGS == 1 + int* criticals, +#endif + int* holes, + int* infos, + int* logs, + int* warnings, + int* false_positives, + double* severity, int override, int min_qod) { report_t report; @@ -25908,8 +26310,13 @@ report_counts (const char* report_id, int* criticals, int* holes, int* infos, // TODO Check if report was found. get = report_results_get_data (1, -1, override, min_qod); +#if CVSS3_RATINGS == 1 ret = report_counts_id (report, criticals, holes, infos, logs, warnings, false_positives, severity, get, NULL); +#else + ret = report_counts_id (report, holes, infos, logs, warnings, + false_positives, severity, get, NULL); +#endif get_data_reset (get); free (get); return ret; @@ -26080,6 +26487,7 @@ cache_report_counts (report_t report, int override, int min_qod, * * @param[in] report Report. * @param[out] criticals Number of critical messages. + * Only if CVSS3_RATINGS is enabled. * @param[out] holes Number of hole messages. * @param[out] infos Number of info messages. * @param[out] logs Number of log messages. @@ -26089,6 +26497,7 @@ cache_report_counts (report_t report, int override, int min_qod, * @param[in] get Get data. * @param[in] host Host to which to limit the count. * @param[out] filtered_criticals Number of critical messages after filtering. + * Only if CVSS3_RATINGS is enabled. * @param[out] filtered_holes Number of hole messages after filtering. * @param[out] filtered_infos Number of info messages after filtering. * @param[out] filtered_logs Number of log messages after filtering. @@ -26100,13 +26509,26 @@ cache_report_counts (report_t report, int override, int min_qod, * @return 0 on success, -1 on error. */ static int -report_counts_id_full (report_t report, int* criticals, int* holes, int* infos, - int* logs, int* warnings, int* false_positives, +report_counts_id_full (report_t report, +#if CVSS3_RATINGS == 1 + int* criticals, +#endif + int* holes, + int* infos, + int* logs, + int* warnings, + int* false_positives, double* severity, - const get_data_t* get, const char* host, - int* filtered_criticals, int* filtered_holes, - int* filtered_infos, int* filtered_logs, - int* filtered_warnings, int* filtered_false_positives, + const get_data_t* get, + const char* host, +#if CVSS3_RATINGS == 1 + int* filtered_criticals, +#endif + int* filtered_holes, + int* filtered_infos, + int* filtered_logs, + int* filtered_warnings, + int* filtered_false_positives, double* filtered_severity) { const char *filter; @@ -26115,13 +26537,19 @@ report_counts_id_full (report_t report, int* criticals, int* holes, int* infos, int filter_cacheable, unfiltered_requested, filtered_requested, cache_exists; int override, min_qod_int; severity_data_t severity_data, filtered_severity_data; - +#if CVSS3_RATINGS == 1 unfiltered_requested = (criticals || holes || warnings || infos || logs || false_positives || severity); filtered_requested = (filtered_criticals || filtered_holes || filtered_warnings || filtered_infos || filtered_logs || filtered_false_positives || filtered_severity); - +#else + unfiltered_requested = (holes || warnings || infos || logs || false_positives + || severity); + filtered_requested = (filtered_holes || filtered_warnings || filtered_infos + || filtered_logs || filtered_false_positives + || filtered_severity); +#endif if (current_credentials.uuid == NULL || strcmp (current_credentials.uuid, "") == 0) g_warning ("%s: called by NULL or dummy user", __func__); @@ -26213,6 +26641,7 @@ report_counts_id_full (report_t report, int* criticals, int* holes, int* infos, ? &filtered_severity_data : NULL); } +#if CVSS3_RATINGS == 1 severity_data_level_counts (&severity_data, NULL, false_positives, logs, infos, warnings, holes, criticals); @@ -26220,6 +26649,15 @@ report_counts_id_full (report_t report, int* criticals, int* holes, int* infos, NULL, filtered_false_positives, filtered_logs, filtered_infos, filtered_warnings, filtered_holes, filtered_criticals); +#else + severity_data_level_counts (&severity_data, + NULL, false_positives, + logs, infos, warnings, holes); + severity_data_level_counts (&filtered_severity_data, + NULL, filtered_false_positives, + filtered_logs, filtered_infos, + filtered_warnings, filtered_holes); +#endif if (severity) *severity = severity_data.max; @@ -26391,6 +26829,7 @@ report_compliance_counts (report_t report, * * @param[in] report Report. * @param[out] criticals Number of critical messages. + * Only if CVSS3_RATINGS is enabled. * @param[out] holes Number of hole messages. * @param[out] infos Number of info messages. * @param[out] logs Number of log messages. @@ -26403,14 +26842,29 @@ report_compliance_counts (report_t report, * @return 0 on success, -1 on error. */ int -report_counts_id (report_t report, int* criticals, int* holes, int* infos, - int* logs, int* warnings, int* false_positives, - double* severity, const get_data_t *get, const char *host) +report_counts_id (report_t report, +#if CVSS3_RATINGS == 1 + int* criticals, +#endif + int* holes, + int* infos, + int* logs, + int* warnings, + int* false_positives, + double* severity, + const get_data_t *get, + const char *host) { int ret; +#if CVSS3_RATINGS == 1 ret = report_counts_id_full (report, NULL, NULL, NULL, NULL, NULL, NULL, NULL, get, host, criticals, holes, infos, logs, warnings, false_positives, severity); +#else + ret = report_counts_id_full (report, NULL, NULL, NULL, NULL, NULL, NULL, + get, host, holes, infos, logs, warnings, + false_positives, severity); +#endif return ret; } @@ -26452,8 +26906,13 @@ report_severity (report_t report, int overrides, int min_qod) { g_debug ("%s: could not get max from cache", __func__); get_data_t *get = report_results_get_data (1, -1, overrides, min_qod); +#if CVSS3_RATINGS == 1 report_counts_id (report, NULL, NULL, NULL, NULL, NULL, NULL, &severity, get, NULL); +#else + report_counts_id (report, NULL, NULL, NULL, NULL, + NULL, &severity, get, NULL); +#endif get_data_reset (get); free (get); } @@ -28168,6 +28627,7 @@ host_summary_append (GString *host_summary_buffer, const char *host, * @param[in] host_summary_buffer Host sumary buffer. * @param[in] f_host_ports Hashtable for host ports. * @param[in] f_host_criticals Hashtable for host criticals. + * Only available if CVSS3_RATINGS is enabled. * @param[in] f_host_holes Hashtable for host holes. * @param[in] f_host_warnings Hashtable for host host warnings. * @param[in] f_host_infos Hashtable for host infos. @@ -28188,7 +28648,9 @@ print_report_host_xml (FILE *stream, int lean, GString *host_summary_buffer, GHashTable *f_host_ports, +#if CVSS3_RATINGS == 1 GHashTable *f_host_criticals, +#endif GHashTable *f_host_holes, GHashTable *f_host_warnings, GHashTable *f_host_infos, @@ -28272,12 +28734,15 @@ print_report_host_xml (FILE *stream, } else { - int criticals_count, holes_count, warnings_count, infos_count; + int holes_count, warnings_count, infos_count; int logs_count, false_positives_count; + int criticals_count = 0; +#if CVSS3_RATINGS == 1 criticals_count = GPOINTER_TO_INT (g_hash_table_lookup ( f_host_criticals, current_host)); +#endif holes_count = GPOINTER_TO_INT (g_hash_table_lookup ( f_host_holes, current_host)); @@ -28301,7 +28766,9 @@ print_report_host_xml (FILE *stream, "%d" "" "%d" +#if CVSS3_RATINGS == 1 "%d" +#endif "%d" "%d" "%d" @@ -28318,7 +28785,9 @@ print_report_host_xml (FILE *stream, ports_count, (criticals_count + holes_count + warnings_count + infos_count + logs_count + false_positives_count), +#if CVSS3_RATINGS == 1 criticals_count, +#endif holes_count, holes_count, warnings_count, @@ -28564,24 +29033,26 @@ init_delta_iterator (report_t report, iterator_t *results, report_t delta, * @param[in] result_hosts_only Whether to only include hosts with results. * @param[in] orig_filtered_result_count Result count. * @param[in] filtered_result_count Result count. - * @param[in] orig_f_criticals Result count. - * @param[in] f_criticals Result count. - * @param[in] orig_f_infos Result count. - * @param[in] f_holes Result count. - * @param[in] orig_f_infos Result count. - * @param[in] f_infos Result count. - * @param[in] orig_f_logs Result count. - * @param[in] f_logs Result count. - * @param[in] orig_f_warnings Result count. - * @param[in] f_warnings Result count. - * @param[in] orig_f_false_positives Result count. - * @param[in] f_false_positives Result count. - * @param[in] f_compliance_yes filtered compliant count. - * @param[in] f_compliance_no filtered incompliant count. - * @param[in] f_compliance_incomplete filtered incomplete count. - * @param[in] f_compliance_undefined filtered undefined count. - * @param[in] f_compliance_count total filtered compliance count. - * @param[in] result_hosts Result hosts. + * @param[in] orig_f_criticals Result count. + * Only available if CVSS3_RATINGS is enabled. + * @param[in] f_criticals Result count. + * Only available if CVSS3_RATINGS is enabled. + * @param[in] orig_f_infos Result count. + * @param[in] f_holes Result count. + * @param[in] orig_f_infos Result count. + * @param[in] f_infos Result count. + * @param[in] orig_f_logs Result count. + * @param[in] f_logs Result count. + * @param[in] orig_f_warnings Result count. + * @param[in] f_warnings Result count. + * @param[in] orig_f_false_positives Result count. + * @param[in] f_false_positives Result count. + * @param[in] f_compliance_yes filtered compliant count. + * @param[in] f_compliance_no filtered incompliant count. + * @param[in] f_compliance_incomplete filtered incomplete count. + * @param[in] f_compliance_undefined filtered undefined count. + * @param[in] f_compliance_count total filtered compliance count. + * @param[in] result_hosts Result hosts. * * @return 0 on success, -1 error. */ @@ -28594,7 +29065,9 @@ print_report_delta_xml (FILE *out, iterator_t *results, const char *sort_field, int result_hosts_only, int *orig_filtered_result_count, int *filtered_result_count, +#if CVSS3_RATINGS == 1 int *orig_f_criticals, int *f_criticals, +#endif int *orig_f_holes, int *f_holes, int *orig_f_infos, int *f_infos, int *orig_f_logs, int *f_logs, @@ -28607,9 +29080,10 @@ print_report_delta_xml (FILE *out, iterator_t *results, { GString *buffer = g_string_new (""); GTree *ports; - *orig_f_holes = *f_holes; +#if CVSS3_RATINGS == 1 *orig_f_criticals = *f_criticals; +#endif *orig_f_infos = *f_infos; *orig_f_logs = *f_logs; *orig_f_warnings = *f_warnings; @@ -28658,11 +29132,13 @@ print_report_delta_xml (FILE *out, iterator_t *results, level = result_iterator_level (results); (*orig_filtered_result_count)++; (*filtered_result_count)++; +#if CVSS3_RATINGS == 1 if (strcmp (level, "Critical") == 0) { (*orig_f_criticals)++; (*f_criticals)++; } +#endif if (strcmp (level, "High") == 0) { (*orig_f_holes)++; @@ -28804,8 +29280,8 @@ print_report_xml_start (report_t report, report_t delta, task_t task, array_t *result_hosts; int reuse_result_iterator; iterator_t results, delta_results; - int criticals, holes, infos, logs, warnings, false_positives; - int f_criticals, f_holes, f_infos, f_logs, f_warnings, f_false_positives; + int criticals = 0, holes, infos, logs, warnings, false_positives; + int f_criticals = 0, f_holes, f_infos, f_logs, f_warnings, f_false_positives; int orig_f_criticals, orig_f_holes, orig_f_infos, orig_f_logs; int orig_f_warnings, orig_f_false_positives, orig_filtered_result_count; int search_phrase_exact, apply_overrides, count_filtered; @@ -28815,10 +29291,13 @@ print_report_xml_start (report_t report, report_t delta, task_t task, GString *filters_buffer, *filters_extra_buffer, *host_summary_buffer; gchar *term_value; GHashTable *f_host_ports; - GHashTable *f_host_criticals, *f_host_holes, *f_host_warnings, *f_host_infos; + GHashTable *f_host_holes, *f_host_warnings, *f_host_infos; GHashTable *f_host_logs, *f_host_false_positives; GHashTable *f_host_compliant, *f_host_notcompliant; GHashTable *f_host_incomplete, *f_host_undefined; + #if CVSS3_RATINGS == 1 + GHashTable *f_host_criticals = NULL; + #endif task_status_t run_status; gchar *tsk_usage_type = NULL; int f_compliance_yes, f_compliance_no; @@ -28839,7 +29318,6 @@ print_report_xml_start (report_t report, report_t delta, task_t task, orig_f_false_positives = orig_f_warnings = orig_f_logs = orig_f_infos = 0; orig_f_holes = orig_f_criticals = 0; f_host_ports = NULL; - f_host_criticals = NULL; f_host_holes = NULL; f_host_warnings = NULL; f_host_infos = NULL; @@ -28919,7 +29397,11 @@ print_report_xml_start (report_t report, report_t delta, task_t task, max_results = manage_max_rows (max_results); + #if CVSS3_RATINGS == 1 levels = levels ? levels : g_strdup ("chmlgdf"); + #else + levels = levels ? levels : g_strdup ("hmlgdf"); + #endif if (task && (task_uuid (task, &tsk_uuid) || task_usage_type(task, &tsk_usage_type))) { @@ -29035,15 +29517,22 @@ print_report_xml_start (report_t report, report_t delta, task_t task, { if (delta == 0) { - int total_criticals, total_holes, total_infos, total_logs; + int total_criticals = 0, total_holes, total_infos, total_logs; int total_warnings, total_false_positives; get_data_t *all_results_get; all_results_get = report_results_get_data (1, -1, 0, 0); +#if CVSS3_RATINGS == 1 report_counts_id (report, &total_criticals, &total_holes, &total_infos, &total_logs, &total_warnings, &total_false_positives, NULL, all_results_get, NULL); +#else + report_counts_id (report, &total_holes, &total_infos, + &total_logs, &total_warnings, + &total_false_positives, NULL, all_results_get, + NULL); +#endif total_result_count = total_criticals + total_holes + total_infos + total_logs + total_warnings + total_false_positives; @@ -29064,8 +29553,13 @@ print_report_xml_start (report_t report, report_t delta, task_t task, { /* Beware, we're using the full variables temporarily here, but * report_counts_id counts the filtered results. */ +#if CVSS3_RATINGS == 1 report_counts_id (report, &criticals, &holes, &infos, &logs, &warnings, &false_positives, NULL, get, NULL); +#else + report_counts_id (report, &holes, &infos, &logs, &warnings, + &false_positives, NULL, get, NULL); +#endif filtered_result_count = criticals + holes + infos + logs + warnings + false_positives; @@ -29134,8 +29628,10 @@ print_report_xml_start (report_t report, report_t delta, task_t task, } else { +#if CVSS3_RATINGS == 1 if (strchr (levels, 'c')) g_string_append (filters_extra_buffer, "Critical"); +#endif if (strchr (levels, 'h')) g_string_append (filters_extra_buffer, "High"); if (strchr (levels, 'm')) @@ -29449,20 +29945,34 @@ print_report_xml_start (report_t report, report_t delta, task_t task, { /* We're getting all the filtered results, so we can count them as we * print them, to save time. */ - +#if CVSS3_RATINGS == 1 report_counts_id_full (report, &criticals, &holes, &infos, &logs, - &warnings, &false_positives, &severity, - get, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL); + &warnings, &false_positives, &severity, + get, NULL, NULL, NULL, NULL, NULL, + NULL, NULL, NULL); +#else + report_counts_id_full (report, &holes, &infos, &logs, + &warnings, &false_positives, &severity, + get, NULL, NULL, NULL, NULL, NULL, + NULL, NULL); +#endif f_criticals = f_holes = f_infos = f_logs = f_warnings = 0; f_false_positives = f_severity = 0; } else +#if CVSS3_RATINGS == 1 report_counts_id_full (report, &criticals, &holes, &infos, &logs, - &warnings, &false_positives, &severity, - get, NULL, - &f_criticals, &f_holes, &f_infos, &f_logs, - &f_warnings, &f_false_positives, &f_severity); + &warnings, &false_positives, &severity, + get, NULL, + &f_criticals, &f_holes, &f_infos, &f_logs, + &f_warnings, &f_false_positives, &f_severity); +#else + report_counts_id_full (report, &holes, &infos, &logs, + &warnings, &false_positives, &severity, + get, NULL, &f_holes, &f_infos, &f_logs, + &f_warnings, &f_false_positives, &f_severity); +#endif } /* Results. */ @@ -29526,8 +30036,10 @@ print_report_xml_start (report_t report, report_t delta, task_t task, } else { +#if CVSS3_RATINGS == 1 f_host_criticals = g_hash_table_new_full (g_str_hash, g_str_equal, g_free, NULL); +#endif f_host_holes = g_hash_table_new_full (g_str_hash, g_str_equal, g_free, NULL); f_host_warnings = g_hash_table_new_full (g_str_hash, g_str_equal, @@ -29542,6 +30054,7 @@ print_report_xml_start (report_t report, report_t delta, task_t task, if (delta && get->details) { +#if CVSS3_RATINGS == 1 if (print_report_delta_xml (out, &results, delta_states, ignore_pagination ? 0 : first_result, ignore_pagination ? -1 : max_results, @@ -29564,6 +30077,29 @@ print_report_xml_start (report_t report, report_t delta, task_t task, &f_compliance_undefined, &f_compliance_count, result_hosts)) +#else + if (print_report_delta_xml (out, &results, delta_states, + ignore_pagination ? 0 : first_result, + ignore_pagination ? -1 : max_results, + task, notes, + notes_details, overrides, + overrides_details, sort_order, + sort_field, result_hosts_only, + &orig_filtered_result_count, + &filtered_result_count, + &orig_f_holes, &f_holes, + &orig_f_infos, &f_infos, + &orig_f_logs, &f_logs, + &orig_f_warnings, &f_warnings, + &orig_f_false_positives, + &f_false_positives, + &f_compliance_yes, + &f_compliance_no, + &f_compliance_incomplete, + &f_compliance_undefined, + &f_compliance_count, + result_hosts)) +#endif goto failed_delta_report; } else if (get->details) @@ -29661,12 +30197,14 @@ print_report_xml_start (report_t report, report_t delta, task_t task, if (count_filtered) f_logs++; } +#if CVSS3_RATINGS == 1 else if (strcasecmp (level, "critical") == 0) { f_host_result_counts = f_host_criticals; if (count_filtered) f_criticals++; } +#endif else if (strcasecmp (level, "high") == 0) { f_host_result_counts = f_host_holes; @@ -29781,7 +30319,9 @@ print_report_xml_start (report_t report, report_t delta, task_t task, PRINT (out, "" "%i" +#if CVSS3_RATINGS == 1 "%i" +#endif "%i" "%i" "%i" @@ -29794,7 +30334,9 @@ print_report_xml_start (report_t report, report_t delta, task_t task, "" "", orig_filtered_result_count, +#if CVSS3_RATINGS == 1 (strchr (levels, 'c') ? orig_f_criticals : 0), +#endif (strchr (levels, 'h') ? orig_f_holes : 0), (strchr (levels, 'h') ? orig_f_holes : 0), (strchr (levels, 'l') ? orig_f_infos : 0), @@ -29814,10 +30356,12 @@ print_report_xml_start (report_t report, report_t delta, task_t task, "%i" "%i" "%i" +#if CVSS3_RATINGS == 1 "" "%i" "%i" "" +#endif "%i%i" "%i%i" "%i%i" @@ -29833,8 +30377,10 @@ print_report_xml_start (report_t report, report_t delta, task_t task, total_result_count, total_result_count, filtered_result_count, +#if CVSS3_RATINGS == 1 criticals, (strchr (levels, 'c') ? f_criticals : 0), +#endif holes, (strchr (levels, 'h') ? f_holes : 0), holes, @@ -29885,26 +30431,44 @@ print_report_xml_start (report_t report, report_t delta, task_t task, present = next (&hosts); if (present) { - if (print_report_host_xml (out, - &hosts, - result_host, - tsk_usage_type, - lean, - host_summary_buffer, - f_host_ports, - f_host_criticals, - f_host_holes, - f_host_warnings, - f_host_infos, - f_host_logs, - f_host_false_positives, - f_host_compliant, - f_host_notcompliant, - f_host_incomplete, - f_host_undefined)) - +#if CVSS3_RATINGS == 1 + if (print_report_host_xml (out, + &hosts, + result_host, + tsk_usage_type, + lean, + host_summary_buffer, + f_host_ports, + f_host_criticals, + f_host_holes, + f_host_warnings, + f_host_infos, + f_host_logs, + f_host_false_positives, + f_host_compliant, + f_host_notcompliant, + f_host_incomplete, + f_host_undefined)) +#else + if (print_report_host_xml (out, + &hosts, + result_host, + tsk_usage_type, + lean, + host_summary_buffer, + f_host_ports, + f_host_holes, + f_host_warnings, + f_host_infos, + f_host_logs, + f_host_false_positives, + f_host_compliant, + f_host_notcompliant, + f_host_incomplete, + f_host_undefined)) +#endif { - goto failed_print_report_host; + goto failed_print_report_host; } } cleanup_iterator (&hosts); @@ -29916,23 +30480,42 @@ print_report_xml_start (report_t report, report_t delta, task_t task, init_report_host_iterator (&hosts, report, NULL, 0); while (next (&hosts)) { +#if CVSS3_RATINGS == 1 if (print_report_host_xml (out, - &hosts, - NULL, - tsk_usage_type, - lean, - host_summary_buffer, - f_host_ports, - f_host_criticals, - f_host_holes, - f_host_warnings, - f_host_infos, - f_host_logs, - f_host_false_positives, - f_host_compliant, - f_host_notcompliant, - f_host_incomplete, - f_host_undefined)) + &hosts, + NULL, + tsk_usage_type, + lean, + host_summary_buffer, + f_host_ports, + f_host_criticals, + f_host_holes, + f_host_warnings, + f_host_infos, + f_host_logs, + f_host_false_positives, + f_host_compliant, + f_host_notcompliant, + f_host_incomplete, + f_host_undefined)) +#else + if (print_report_host_xml (out, + &hosts, + NULL, + tsk_usage_type, + lean, + host_summary_buffer, + f_host_ports, + f_host_holes, + f_host_warnings, + f_host_infos, + f_host_logs, + f_host_false_positives, + f_host_compliant, + f_host_notcompliant, + f_host_incomplete, + f_host_undefined)) +#endif goto failed_print_report_host; } cleanup_iterator (&hosts); @@ -29946,7 +30529,9 @@ print_report_xml_start (report_t report, report_t delta, task_t task, } else { +#if CVSS3_RATINGS == 1 g_hash_table_destroy (f_host_criticals); +#endif g_hash_table_destroy (f_host_holes); g_hash_table_destroy (f_host_warnings); g_hash_table_destroy (f_host_infos); @@ -30074,7 +30659,9 @@ print_report_xml_start (report_t report, report_t delta, task_t task, } else { +#if CVSS3_RATINGS == 1 g_hash_table_destroy (f_host_criticals); +#endif g_hash_table_destroy (f_host_holes); g_hash_table_destroy (f_host_warnings); g_hash_table_destroy (f_host_infos); @@ -31038,8 +31625,9 @@ parse_osp_report (task_t task, report_t report, const char *report_xml) * @return "up", "down", "more", "less", "same" or if too few reports "". */ static const char * -task_trend_calc (int criticals_a, int holes_a, int warns_a, int infos_a, double severity_a, - int criticals_b, int holes_b, int warns_b, int infos_b, double severity_b) +task_trend_calc (int criticals_a, int holes_a, int warns_a, int infos_a, + double severity_a, int criticals_b, int holes_b, int warns_b, + int infos_b, double severity_b) { int threat_a, threat_b; @@ -31142,9 +31730,10 @@ task_trend_calc (int criticals_a, int holes_a, int warns_a, int infos_a, double * @return "up", "down", "more", "less", "same" or if too few reports "". */ const char * -task_iterator_trend_counts (iterator_t *iterator, int criticals_a, int holes_a, int warns_a, - int infos_a, double severity_a, int criticals_b, int holes_b, - int warns_b, int infos_b, double severity_b) +task_iterator_trend_counts (iterator_t *iterator, int criticals_a, int holes_a, + int warns_a, int infos_a, double severity_a, + int criticals_b, int holes_b, int warns_b, + int infos_b, double severity_b) { /* Ensure there are enough reports. */ if (task_iterator_finished_reports (iterator) <= 1) @@ -38329,9 +38918,15 @@ create_note (const char* active, const char* nvt, const char* text, if (text == NULL) return -1; - if (threat && strcmp (threat, "Critical") && strcmp (threat, "High") - && strcmp (threat, "Medium") && strcmp (threat, "Low") - && strcmp (threat, "Log") && strcmp (threat, "")) + if (threat +#if CVSS3_RATINGS == 1 + && strcmp (threat, "Critical") +#endif + && strcmp (threat, "High") + && strcmp (threat, "Medium") + && strcmp (threat, "Low") + && strcmp (threat, "Log") + && strcmp (threat, "")) return -1; quoted_text = sql_insert (text); @@ -38351,8 +38946,10 @@ create_note (const char* active, const char* nvt, const char* text, { if (strcmp (threat, "Alarm") == 0) severity_dbl = 0.1; +#if CVSS3_RATINGS == 1 else if (strcmp (threat, "Critical") == 0) severity_dbl = 0.1; +#endif else if (strcmp (threat, "High") == 0) severity_dbl = 0.1; else if (strcmp (threat, "Medium") == 0) @@ -38587,9 +39184,15 @@ modify_note (const gchar *note_id, const char *active, const char *nvt, if (nvt && !nvt_exists (nvt)) return 4; - if (threat && strcmp (threat, "Critical") && strcmp (threat, "High") - && strcmp (threat, "Medium") && strcmp (threat, "Low") - && strcmp (threat, "Log") && strcmp (threat, "Alarm") + if (threat +#if CVSS3_RATINGS == 1 + && strcmp (threat, "Critical") +#endif + && strcmp (threat, "High") + && strcmp (threat, "Medium") + && strcmp (threat, "Low") + && strcmp (threat, "Log") + && strcmp (threat, "Alarm") && strcmp (threat, "")) return -1; @@ -38614,8 +39217,10 @@ modify_note (const gchar *note_id, const char *active, const char *nvt, { if (strcmp (threat, "Alarm") == 0) severity_dbl = 0.1; +#if CVSS3_RATINGS == 1 else if (strcmp (threat, "Critical") == 0) severity_dbl = 0.1; +#endif else if (strcmp (threat, "High") == 0) severity_dbl = 0.1; else if (strcmp (threat, "Medium") == 0) @@ -39322,16 +39927,29 @@ create_override (const char* active, const char* nvt, const char* text, if (port && validate_results_port (port)) return 2; - if (threat && strcmp (threat, "Critical") && strcmp (threat, "High") - && strcmp (threat, "Medium") && strcmp (threat, "Low") - && strcmp (threat, "Log") && strcmp (threat, "Alarm") + if (threat +#if CVSS3_RATINGS == 1 + && strcmp (threat, "Critical") +#endif + && strcmp (threat, "High") + && strcmp (threat, "Medium") + && strcmp (threat, "Low") + && strcmp (threat, "Log") + && strcmp (threat, "Alarm") && strcmp (threat, "")) return -1; - if (new_threat && strcmp (threat, "Critical") && strcmp (new_threat, "High") - && strcmp (new_threat, "Medium") && strcmp (new_threat, "Low") - && strcmp (new_threat, "Log") && strcmp (new_threat, "False Positive") - && strcmp (new_threat, "Alarm") && strcmp (new_threat, "")) + if (new_threat +#if CVSS3_RATINGS == 1 + && strcmp (new_threat, "Critical") +#endif + && strcmp (new_threat, "High") + && strcmp (new_threat, "Medium") + && strcmp (new_threat, "Low") + && strcmp (new_threat, "Log") + && strcmp (new_threat, "False Positive") + && strcmp (new_threat, "Alarm") + && strcmp (new_threat, "")) return -1; severity_dbl = 0.0; @@ -39347,8 +39965,10 @@ create_override (const char* active, const char* nvt, const char* text, { if (strcmp (threat, "Alarm") == 0) severity_dbl = 0.1; +#if CVSS3_RATINGS == 1 else if (strcmp (threat, "Critical") == 0) severity_dbl = 0.1; +#endif else if (strcmp (threat, "High") == 0) severity_dbl = 0.1; else if (strcmp (threat, "Medium") == 0) @@ -39381,10 +40001,15 @@ create_override (const char* active, const char* nvt, const char* text, { if (strcmp (new_threat, "Alarm") == 0) new_severity_dbl = 10.0; +#if CVSS3_RATINGS == 1 else if (strcmp (new_threat, "Critical") == 0) new_severity_dbl = 10.0; + else if (strcmp (new_threat, "High") == 0) + new_severity_dbl = 8.9; +#else else if (strcmp (new_threat, "High") == 0) new_severity_dbl = 10.0; +#endif else if (strcmp (new_threat, "Medium") == 0) new_severity_dbl = 5.0; else if (strcmp (new_threat, "Low") == 0) @@ -39701,8 +40326,10 @@ modify_override (const gchar *override_id, const char *active, const char *nvt, { if (strcmp (threat, "Alarm") == 0) severity_dbl = 0.1; +#if CVSS3_RATINGS == 1 else if (strcmp (threat, "Critical") == 0) severity_dbl = 0.1; +#endif else if (strcmp (threat, "High") == 0) severity_dbl = 0.1; else if (strcmp (threat, "Medium") == 0) @@ -39735,10 +40362,15 @@ modify_override (const gchar *override_id, const char *active, const char *nvt, { if (strcmp (new_threat, "Alarm") == 0) new_severity_dbl = 10.0; +#if CVSS3_RATINGS == 1 else if (strcmp (new_threat, "Critical") == 0) new_severity_dbl = 10.0; + else if (strcmp (new_threat, "High") == 0) + new_severity_dbl = 8.9; +#else else if (strcmp (new_threat, "High") == 0) new_severity_dbl = 10.0; +#endif else if (strcmp (new_threat, "Medium") == 0) new_severity_dbl = 5.0; else if (strcmp (new_threat, "Low") == 0) diff --git a/src/manage_utils.c b/src/manage_utils.c index 5bb51df2b..569ac8e36 100644 --- a/src/manage_utils.c +++ b/src/manage_utils.c @@ -210,9 +210,10 @@ level_min_severity (const char *level) return SEVERITY_FP; else if (strcasecmp (level, "Error") == 0) return SEVERITY_ERROR; - - if (strcasecmp (level, "critical") == 0) +#if CVSS3_RATINGS == 1 + else if (strcasecmp (level, "critical") == 0) return 9.0; +#endif else if (strcasecmp (level, "high") == 0) return 7.0; else if (strcasecmp (level, "medium") == 0) @@ -242,11 +243,15 @@ level_max_severity (const char *level) return SEVERITY_FP; else if (strcasecmp (level, "Error") == 0) return SEVERITY_ERROR; - - if (strcasecmp (level, "critical") == 0) +#if CVSS3_RATINGS == 1 + else if (strcasecmp (level, "critical") == 0) return 10.0; else if (strcasecmp (level, "high") == 0) return 8.9; +#else + else if (strcasecmp (level, "high") == 0) + return 10.0; +#endif else if (strcasecmp (level, "medium") == 0) return 6.9; else if (strcasecmp (level, "low") == 0)