From e1138b554e010bd916fe636d6441cd9b3c457b7b Mon Sep 17 00:00:00 2001 From: Ahmed Abdelsalam Date: Fri, 6 Dec 2024 17:30:54 +0100 Subject: [PATCH 1/3] Change: Adjust all severity ratings to match CVSS 3.1. Mark holes, warnings and infos as deprecated to be removed in the future. Add high, medium and low instead. --- src/gmp.c | 40 +++-- src/manage.c | 19 ++- src/manage.h | 8 +- src/manage_pg.c | 54 +++++-- src/manage_sql.c | 368 +++++++++++++++++++++++++++++++-------------- src/manage_utils.c | 8 +- 6 files changed, 349 insertions(+), 148 deletions(-) diff --git a/src/gmp.c b/src/gmp.c index b26378a66..87ce78b1c 100644 --- a/src/gmp.c +++ b/src/gmp.c @@ -8506,7 +8506,8 @@ buffer_override_xml (GString *buffer, iterator_t *overrides, override_iterator_active (overrides), strlen (excerpt) < strlen (text), excerpt, - override_iterator_threat (overrides) + override_iterator_severity (overrides) + && override_iterator_threat (overrides) ? override_iterator_threat (overrides) : "", override_iterator_severity (overrides) @@ -15194,7 +15195,7 @@ handle_get_reports (gmp_parser_t *gmp_parser, GError **error) ("apply_overrides=%i min_qod=%i levels=%s compliance_levels=%s", overrides, min_qod, - levels ? levels : "hmlgdf", + levels ? levels : "chmlgdf", compliance_levels ? compliance_levels : "yniu"); g_free (compliance_levels); @@ -18490,8 +18491,8 @@ handle_get_tasks (gmp_parser_t *gmp_parser, GError **error) report_t running_report; char *owner, *observers; int target_in_trash, scanner_in_trash; - int holes = 0, infos = 0, logs = 0, warnings = 0; - int holes_2 = 0, infos_2 = 0, warnings_2 = 0; + int criticals = 0, holes = 0, infos = 0, logs = 0, warnings = 0; + int criticals_2 = 0, holes_2 = 0, infos_2 = 0, warnings_2 = 0; int false_positives = 0, task_scanner_type; int target_available, config_available; int scanner_available; @@ -18598,7 +18599,7 @@ handle_get_tasks (gmp_parser_t *gmp_parser, GError **error) { // TODO Could skip this count for tasks page. if (report_counts (first_report_id, - &holes_2, &infos_2, &logs, + &criticals_2, &holes_2, &infos_2, &logs, &warnings_2, &false_positives, &severity_2, apply_overrides, min_qod)) g_error ("%s: GET_TASKS: error getting counts for" @@ -18614,7 +18615,7 @@ handle_get_tasks (gmp_parser_t *gmp_parser, GError **error) if (((first_report_id == NULL) || (strcmp (second_last_report_id, first_report_id))) && report_counts (second_last_report_id, - &holes_2, &infos_2, + &criticals_2, &holes_2, &infos_2, &logs, &warnings_2, &false_positives, &severity_2, apply_overrides, min_qod)) @@ -18668,7 +18669,7 @@ handle_get_tasks (gmp_parser_t *gmp_parser, GError **error) { if (report_counts (last_report_id, - &holes, &infos, &logs, + &criticals, &holes, &infos, &logs, &warnings, &false_positives, &severity, apply_overrides, min_qod)) g_error ("%s: GET_TASKS: error getting counts for" @@ -18677,6 +18678,7 @@ handle_get_tasks (gmp_parser_t *gmp_parser, GError **error) } else { + criticals = criticals_2; holes = holes_2; infos = infos_2; warnings = warnings_2; @@ -18730,10 +18732,14 @@ handle_get_tasks (gmp_parser_t *gmp_parser, GError **error) "%s" "%s" "" - "%i" - "%i" + "%i" + "%i" + "%i" + "%i" + "%i" "%i" - "%i" + "%i" + "%i" "" "%i" "" @@ -18747,10 +18753,14 @@ handle_get_tasks (gmp_parser_t *gmp_parser, GError **error) timestamp, scan_start, scan_end, + criticals, + holes, holes, infos, + infos, logs, warnings, + warnings, false_positives, severity); free (scan_start); @@ -18905,8 +18915,8 @@ handle_get_tasks (gmp_parser_t *gmp_parser, GError **error) get_tasks_data->get.trash ? "" : task_iterator_trend_counts - (&tasks, holes, warnings, infos, severity, - holes_2, warnings_2, infos_2, severity_2), + (&tasks, criticals, holes, warnings, infos, severity, + criticals_2, holes_2, warnings_2, infos_2, severity_2), task_schedule_xml, current_report, last_report); @@ -19700,10 +19710,14 @@ gmp_xml_handle_result () { create_report_data->result_severity = strdup (""); } - else if (strcasecmp (create_report_data->result_threat, "High") == 0) + else if (strcasecmp (create_report_data->result_threat, "Critical") == 0) { create_report_data->result_severity = strdup ("10.0"); } + else if (strcasecmp (create_report_data->result_threat, "High") == 0) + { + create_report_data->result_severity = strdup ("8.9"); + } else if (strcasecmp (create_report_data->result_threat, "Medium") == 0) { create_report_data->result_severity = strdup ("5.0"); diff --git a/src/manage.c b/src/manage.c index 72458dbb1..9b7d0cd71 100644 --- a/src/manage.c +++ b/src/manage.c @@ -860,6 +860,8 @@ scanner_type_valid (scanner_type_t scanner_type) const char * threat_message_type (const char *threat) { + if (strcasecmp (threat, "Critical") == 0) + return "Alarm"; if (strcasecmp (threat, "High") == 0) return "Alarm"; if (strcasecmp (threat, "Medium") == 0) @@ -886,8 +888,10 @@ threat_message_type (const char *threat) int severity_in_level (double severity, const char *level) { - if (strcmp (level, "high") == 0) - return severity >= 7 && severity <= 10; + if (strcmp (level, "critical") == 0) + return severity >= 9 && severity <= 10; + else if (strcmp (level, "high") == 0) + return severity >= 7 && severity < 9; else if (strcmp (level, "medium") == 0) return severity >= 4 && severity < 7; else if (strcmp (level, "low") == 0) @@ -919,6 +923,8 @@ severity_to_level (double severity, int mode) { if (mode == 1) return "Alarm"; + else if (severity_in_level (severity, "critical")) + return "Critical"; else if (severity_in_level (severity, "high")) return "High"; else if (severity_in_level (severity, "medium")) @@ -1300,11 +1306,12 @@ severity_data_range_count (const severity_data_t* severity_data, * @param[out] lows The number of Low severity results. * @param[out] mediums The number of Medium severity results. * @param[out] highs The number of High severity results. + * @param[out] criticals The number of Critical severity results. */ void severity_data_level_counts (const severity_data_t *severity_data, int *errors, int *false_positives, - int *logs, int *lows, int *mediums, int *highs) + int *logs, int *lows, int *mediums, int *highs, int* criticals) { if (errors) *errors @@ -1341,6 +1348,12 @@ severity_data_level_counts (const severity_data_t *severity_data, = severity_data_range_count (severity_data, level_min_severity ("high"), level_max_severity ("high")); + + if (criticals) + *criticals + = severity_data_range_count (severity_data, + level_min_severity ("critical"), + level_max_severity ("critical")); } diff --git a/src/manage.h b/src/manage.h index 680400a76..a2667abaf 100644 --- a/src/manage.h +++ b/src/manage.h @@ -902,7 +902,7 @@ int task_last_report (task_t, report_t*); const char * -task_iterator_trend_counts (iterator_t *, int, int, int, double, int, int, int, +task_iterator_trend_counts (iterator_t *, int, int, int, int, double, int, int, int, int, double); int @@ -1067,7 +1067,7 @@ severity_data_add_count (severity_data_t*, double, int); void severity_data_level_counts (const severity_data_t*, - int*, int*, int*, int*, int*, int*); + int*, int*, int*, int*, int*, int*, int*); /* General task facilities. */ @@ -1338,11 +1338,11 @@ report_scan_result_count (report_t, const char*, const char*, int, const char*, const char*, int, int, int*); int -report_counts (const char*, int*, int*, int*, int*, int*, double*, +report_counts (const char*, int*, int*, int*, int*, int*, int*, double*, int, int); int -report_counts_id (report_t, int*, int*, int*, int*, int*, double*, +report_counts_id (report_t, int*, int*, int*, int*, int*, int*, double*, const get_data_t*, const char*); int diff --git a/src/manage_pg.c b/src/manage_pg.c index dfd272043..704615c5c 100644 --- a/src/manage_pg.c +++ b/src/manage_pg.c @@ -230,8 +230,10 @@ manage_create_sql_functions () " v := " G_STRINGIFY (SEVERITY_ERROR) ";" " ELSE" " CASE" - " WHEN lower (lvl) = 'high' THEN" + " WHEN lower (lvl) = 'critical' THEN" " v := 10.0;" + " WHEN lower (lvl) = 'high' THEN" + " v := 8.9;" " WHEN lower (lvl) = 'medium' THEN" " v := 6.9;" " WHEN lower (lvl) = 'low' THEN" @@ -262,6 +264,8 @@ manage_create_sql_functions () " v := " G_STRINGIFY (SEVERITY_ERROR) ";" " ELSE" " CASE" + " WHEN lower (lvl) = 'critical' THEN" + " v := 9.0;" " WHEN lower (lvl) = 'high' THEN" " v := 7.0;" " WHEN lower (lvl) = 'medium' THEN" @@ -497,20 +501,22 @@ manage_create_sql_functions () sql ("CREATE OR REPLACE FUNCTION order_threat (text)" " RETURNS integer AS $$" " BEGIN" - " IF $1 = 'High' THEN" + " IF $1 = 'Critical' THEN" " RETURN 1;" - " ELSIF $1 = 'Medium' THEN" + " ELSIF $1 = 'High' THEN" " RETURN 2;" - " ELSIF $1 = 'Low' THEN" + " ELSIF $1 = 'Medium' THEN" " RETURN 3;" - " ELSIF $1 = 'Log' THEN" + " ELSIF $1 = 'Low' THEN" " RETURN 4;" - " ELSIF $1 = 'False Positive' THEN" + " ELSIF $1 = 'Log' THEN" " RETURN 5;" - " ELSIF $1 = 'None' THEN" + " ELSIF $1 = 'False Positive' THEN" " RETURN 6;" - " ELSE" + " ELSIF $1 = 'None' THEN" " RETURN 7;" + " ELSE" + " RETURN 8;" " END IF;" " END;" "$$ LANGUAGE plpgsql" @@ -1364,6 +1370,8 @@ manage_create_sql_functions () " second_last_report integer;" " severity_a double precision;" " severity_b double precision;" + " critical_a bigint;" + " critical_b bigint;" " high_a bigint;" " high_b bigint;" " medium_a bigint;" @@ -1399,6 +1407,10 @@ manage_create_sql_functions () " RETURN 'down'::text;" " END IF;" /* Calculate trend. */ + " critical_a := report_severity_count (last_report, $2, $3," + " 'critical');" + " critical_b := report_severity_count (second_last_report, $2, $3," + " 'critical');" " high_a := report_severity_count (last_report, $2, $3," " 'high');" " high_b := report_severity_count (second_last_report, $2, $3," @@ -1411,7 +1423,9 @@ manage_create_sql_functions () " 'low');" " low_b := report_severity_count (second_last_report, $2, $3," " 'low');" - " IF high_a > 0 THEN" + " IF critical_a > 0 THEN" + " threat_a := 5;" + " ELSEIF high_a > 0 THEN" " threat_a := 4;" " ELSIF medium_a > 0 THEN" " threat_a := 3;" @@ -1420,7 +1434,9 @@ manage_create_sql_functions () " ELSE" " threat_a := 1;" " END IF;" - " IF high_b > 0 THEN" + " IF critical_b > 0 THEN" + " threat_b := 5;" + " ELSEIF high_b > 0 THEN" " threat_b := 4;" " ELSIF medium_b > 0 THEN" " threat_b := 3;" @@ -1436,6 +1452,14 @@ manage_create_sql_functions () " RETURN 'down'::text;" " END IF;" /* Check if the threat count changed. */ + " IF critical_a > 0 THEN" + " IF critical_a > critical_b THEN" + " RETURN 'more'::text;" + " ELSIF critical_a < critical_b THEN" + " RETURN 'less'::text;" + " END IF;" + " RETURN 'same'::text;" + " END IF;" " IF high_a > 0 THEN" " IF high_a > high_b THEN" " RETURN 'more'::text;" @@ -1574,9 +1598,12 @@ manage_create_sql_functions () " text)" " RETURNS boolean AS $$" " (SELECT CASE lower ($2)" + " WHEN 'critical'" + " THEN $1 >= 9" + " AND $1 <= 10" " WHEN 'high'" " THEN $1 >= 7" - " AND $1 <= 10" + " AND $1 < 9" " WHEN 'medium'" " THEN $1 >= 4" " AND $1 < 7" @@ -1619,6 +1646,9 @@ manage_create_sql_functions () " WHEN $2 = 1" " THEN 'Alarm'" " WHEN severity_in_level ($1::double precision," + " 'critical')" + " THEN 'Critical'" + " WHEN severity_in_level ($1::double precision," " 'high')" " THEN 'High'" " WHEN severity_in_level ($1::double precision," @@ -1648,6 +1678,8 @@ manage_create_sql_functions () " THEN (SELECT CASE" " WHEN $2 = 1" " THEN 'Alarm'" + " WHEN severity_in_level ($1, 'critical')" + " THEN 'Critical'" " WHEN severity_in_level ($1, 'high')" " THEN 'High'" " WHEN severity_in_level ($1, 'medium')" diff --git a/src/manage_sql.c b/src/manage_sql.c index d24ac857b..134aa8842 100644 --- a/src/manage_sql.c +++ b/src/manage_sql.c @@ -251,9 +251,9 @@ static void check_for_updated_cert (); static int -report_counts_id_full (report_t, int *, int *, int *, int *, int *, +report_counts_id_full (report_t, int *, int *, int *, int *, int *, int *, double *, const get_data_t*, const char* , - int *, int *, int *, int *, int *, double *); + int *, int *, int *, int *, int *, int *, double *); static gboolean find_group_with_permission (const char *, group_t *, const char *); @@ -2604,6 +2604,7 @@ keyword_applies_to_column (keyword_t *keyword, const char* column) && (strstr ("False Positive", keyword->string) == NULL) && (strstr ("Error", keyword->string) == NULL) && (strstr ("Alarm", keyword->string) == NULL) + && (strstr ("Critical", keyword->string) == NULL) && (strstr ("High", keyword->string) == NULL) && (strstr ("Medium", keyword->string) == NULL) && (strstr ("Low", keyword->string) == NULL) @@ -3045,7 +3046,8 @@ filter_clause (const char* type, const char* filter, || strcmp (keyword->string, "log_per_host") == 0 || strcmp (keyword->string, "low_per_host") == 0 || strcmp (keyword->string, "medium_per_host") == 0 - || strcmp (keyword->string, "high_per_host") == 0) + || strcmp (keyword->string, "high_per_host") == 0 + || strcmp (keyword->string, "critical_per_host") == 0) { gchar *column; column = columns_select_column (select_columns, @@ -3082,6 +3084,7 @@ filter_clause (const char* type, const char* filter, || (strcmp (keyword->string, "published") == 0) || (strcmp (keyword->string, "qod") == 0) || (strcmp (keyword->string, "cves") == 0) + || (strcmp (keyword->string, "critical") == 0) || (strcmp (keyword->string, "high") == 0) || (strcmp (keyword->string, "medium") == 0) || (strcmp (keyword->string, "low") == 0) @@ -3238,7 +3241,8 @@ filter_clause (const char* type, const char* filter, || strcmp (keyword->string, "log_per_host") == 0 || strcmp (keyword->string, "low_per_host") == 0 || strcmp (keyword->string, "medium_per_host") == 0 - || strcmp (keyword->string, "high_per_host") == 0) + || strcmp (keyword->string, "high_per_host") == 0 + || strcmp (keyword->string, "critical_per_host") == 0) { gchar *column; column = columns_select_column (select_columns, @@ -3275,6 +3279,7 @@ filter_clause (const char* type, const char* filter, || (strcmp (keyword->string, "published") == 0) || (strcmp (keyword->string, "qod") == 0) || (strcmp (keyword->string, "cves") == 0) + || (strcmp (keyword->string, "critical") == 0) || (strcmp (keyword->string, "high") == 0) || (strcmp (keyword->string, "medium") == 0) || (strcmp (keyword->string, "low") == 0) @@ -14535,7 +14540,7 @@ condition_met (task_t task, report_t report, alert_t alert, { char *filter_id, *count_string; report_t last_report; - int holes, infos, logs, warnings, false_positives; + int criticals, holes, infos, logs, warnings, false_positives; int count; double severity; @@ -14582,11 +14587,11 @@ condition_met (task_t task, report_t report, alert_t alert, memset (&get, 0, sizeof (get_data_t)); get.type = "result"; get.filt_id = filter_id; - report_counts_id (last_report, &holes, &infos, &logs, + report_counts_id (last_report, &criticals, &holes, &infos, &logs, &warnings, &false_positives, &severity, &get, NULL); - db_count = holes + infos + logs + warnings + db_count = criticals + holes + infos + logs + warnings + false_positives; g_debug ("%s: count: %i vs %i", __func__, db_count, count); @@ -14603,7 +14608,7 @@ condition_met (task_t task, report_t report, alert_t alert, { char *direction, *filter_id, *count_string; report_t last_report; - int holes, infos, logs, warnings, false_positives; + int criticals, holes, infos, logs, warnings, false_positives; int count; double severity; @@ -14639,10 +14644,10 @@ condition_met (task_t task, report_t report, alert_t alert, get.type = "result"; get.filt_id = filter_id; - report_counts_id (last_report, &holes, &infos, &logs, + report_counts_id (last_report, &criticals, &holes, &infos, &logs, &warnings, &false_positives, &severity, &get, NULL); - last_count = holes + infos + logs + warnings + last_count = criticals + holes + infos + logs + warnings + false_positives; second_last_report = 0; @@ -14653,10 +14658,10 @@ condition_met (task_t task, report_t report, alert_t alert, { int cmp, second_last_count; - report_counts_id (second_last_report, &holes, &infos, + report_counts_id (second_last_report, &criticals, &holes, &infos, &logs, &warnings, &false_positives, &severity, &get, NULL); - second_last_count = holes + infos + logs + warnings + second_last_count = criticals + holes + infos + logs + warnings + false_positives; cmp = last_count - second_last_count; @@ -15032,9 +15037,9 @@ append_to_task_string (task_t task, const char* field, const char* value) { GET_ITERATOR_FILTER_COLUMNS, "status", "total", "first_report", \ "last_report", "threat", "trend", "severity", "schedule", "next_due", \ "first", "last", "false_positive", "log", "low", "medium", "high", \ - "hosts", "result_hosts", "fp_per_host", "log_per_host", "low_per_host", \ - "medium_per_host", "high_per_host", "target", "usage_type", \ - "first_report_created", "last_report_created", NULL } + "critical", "hosts", "result_hosts", "fp_per_host", "log_per_host", \ + "low_per_host", "medium_per_host", "high_per_host", "critical_per_host", \ + "target", "usage_type", "first_report_created", "last_report_created", NULL } /** * @brief Task iterator columns. @@ -15169,6 +15174,14 @@ append_to_task_string (task_t task, const char* field, const char* value) "high", \ KEYWORD_TYPE_INTEGER \ }, \ + { \ + "CASE WHEN target IS null OR opts.ignore_severity != 0 THEN 0 ELSE" \ + " report_severity_count (task_last_report (id)," \ + " opts.override, opts.min_qod, 'Critical')" \ + " END", \ + "critical", \ + KEYWORD_TYPE_INTEGER \ + }, \ { \ "CASE WHEN target IS null OR opts.ignore_severity != 0 THEN 0 ELSE" \ " report_host_count (task_last_report (id))" \ @@ -15243,6 +15256,18 @@ append_to_task_string (task_t task, const char* field, const char* value) "high_per_host", \ KEYWORD_TYPE_INTEGER \ }, \ + { \ + "CASE WHEN target IS null OR opts.ignore_severity != 0 THEN 0 ELSE" \ + " coalesce (report_severity_count (task_last_report (id)," \ + " opts.override, opts.min_qod," \ + " 'Critical') * 1.0" \ + " / nullif (report_result_host_count (task_last_report (id),"\ + " opts.min_qod), 0)," \ + " 0)" \ + " END", \ + "critical_per_host", \ + KEYWORD_TYPE_INTEGER \ + }, \ { \ "(SELECT name FROM targets WHERE id = target)", \ "target", \ @@ -21119,7 +21144,7 @@ report_cache_counts (report_t report, int clear_original, int clear_overridden, const char* users_where) { iterator_t cache_iterator; - int holes, infos, logs, warnings, false_positives; + int criticals, holes, infos, logs, warnings, false_positives; double severity; get_data_t *get = NULL; gchar *old_user_id; @@ -21151,7 +21176,7 @@ report_cache_counts (report_t report, int clear_original, int clear_overridden, report, user, override, min_qod); } - report_counts_id (report, &holes, &infos, &logs, &warnings, + report_counts_id (report, &criticals, &holes, &infos, &logs, &warnings, &false_positives, &severity, get, NULL); get_data_reset (get); @@ -22110,12 +22135,11 @@ report_add_results_array (report_t report, GArray *results) #define REPORT_ITERATOR_FILTER_COLUMNS \ { ANON_GET_ITERATOR_FILTER_COLUMNS, "task_id", "name", "creation_time", \ "date", "status", "task", "severity", "false_positive", "log", "low", \ - "medium", "high", "hosts", "result_hosts", "fp_per_host", "log_per_host", \ - "low_per_host", "medium_per_host", "high_per_host", "duration", \ - "duration_per_host", "start_time", "end_time", "scan_start", "scan_end", \ - "compliance_yes", "compliance_no", "compliance_incomplete", \ - "compliant", NULL } - + "medium", "high", "critical", "hosts", "result_hosts", "fp_per_host", \ + "log_per_host", "low_per_host", "medium_per_host", "high_per_host", \ + "critical_per_host", "duration", "duration_per_host", "start_time", \ + "end_time", "scan_start", "scan_end", "compliance_yes", "compliance_no", \ + "compliance_incomplete", "compliant", NULL } /** * @brief Report iterator columns. */ @@ -22182,6 +22206,11 @@ report_add_results_array (report_t report, GArray *results) "high", \ KEYWORD_TYPE_INTEGER \ }, \ + { \ + "report_severity_count (id, opts.override, opts.min_qod, 'Critical')", \ + "critical", \ + KEYWORD_TYPE_INTEGER \ + }, \ { \ "(SELECT name FROM users WHERE users.id = reports.owner)", \ "_owner", \ @@ -22237,6 +22266,14 @@ report_add_results_array (report_t report, GArray *results) "high_per_host", \ KEYWORD_TYPE_INTEGER \ }, \ + { \ + "coalesce (report_severity_count (id, opts.override, opts.min_qod," \ + " 'Critical') * 1.0" \ + " / nullif (report_result_host_count (id, opts.min_qod), 0),"\ + " 0)", \ + "critical_per_host", \ + KEYWORD_TYPE_INTEGER \ + }, \ { \ "(CASE WHEN (start_time IS NULL or end_time IS NULL)" \ " THEN NULL ELSE end_time - start_time END)", \ @@ -22584,6 +22621,11 @@ where_levels_auto (const char *levels, const char *new_severity_sql) g_string_append_printf (levels_sql, " AND severity_in_levels (%s", new_severity_sql); + if (strchr (levels, 'c')) + { + g_string_append (levels_sql, ", 'critical'"); + count++; + } if (strchr (levels, 'h')) { g_string_append (levels_sql, ", 'high'"); @@ -22618,7 +22660,7 @@ where_levels_auto (const char *levels, const char *new_severity_sql) g_string_append (levels_sql, ")"); - if (count == 5) + if (count == 6) { /* All levels. */ g_string_free (levels_sql, TRUE); @@ -23312,7 +23354,7 @@ results_extra_where (int trash, report_t report, const gchar* host, min_qod = filter_term_min_qod (filter); levels = filter_term_value (filter, "levels"); if (levels == NULL) - levels = g_strdup ("hmlgdf"); + levels = g_strdup ("chmlgdf"); compliance_levels = filter_term_value (filter, "compliance_levels"); // Build clause fragments @@ -23338,7 +23380,7 @@ results_extra_where (int trash, report_t report, const gchar* host, min_qod_clause = where_qod (min_qod); - levels_clause = where_levels_auto (levels ? levels : "hmlgdf", + levels_clause = where_levels_auto (levels ? levels : "chmlgdf", given_new_severity_sql ? given_new_severity_sql : new_severity_sql); @@ -25840,6 +25882,7 @@ report_severity_data (report_t report, const char *host, * use report_counts_id instead. * * @param[in] report_id ID of report. + * @param[out] criticals Number of critical messages. * @param[out] holes Number of hole messages. * @param[out] infos Number of info messages. * @param[out] logs Number of log messages. @@ -25852,7 +25895,7 @@ report_severity_data (report_t report, const char *host, * @return 0 on success, -1 on error. */ int -report_counts (const char* report_id, int* holes, int* infos, +report_counts (const char* report_id, int* criticals, int* holes, int* infos, int* logs, int* warnings, int* false_positives, double* severity, int override, int min_qod) { @@ -25865,7 +25908,7 @@ report_counts (const char* report_id, int* holes, int* infos, // TODO Check if report was found. get = report_results_get_data (1, -1, override, min_qod); - ret = report_counts_id (report, holes, infos, logs, warnings, + ret = report_counts_id (report, criticals, holes, infos, logs, warnings, false_positives, severity, get, NULL); get_data_reset (get); free (get); @@ -26036,6 +26079,7 @@ cache_report_counts (report_t report, int override, int min_qod, * @brief Get the message counts for a report. * * @param[in] report Report. + * @param[out] criticals Number of critical messages. * @param[out] holes Number of hole messages. * @param[out] infos Number of info messages. * @param[out] logs Number of log messages. @@ -26044,6 +26088,7 @@ cache_report_counts (report_t report, int override, int min_qod, * @param[out] severity Maximum severity of the report. * @param[in] get Get data. * @param[in] host Host to which to limit the count. + * @param[out] filtered_criticals Number of critical messages after filtering. * @param[out] filtered_holes Number of hole messages after filtering. * @param[out] filtered_infos Number of info messages after filtering. * @param[out] filtered_logs Number of log messages after filtering. @@ -26055,11 +26100,11 @@ cache_report_counts (report_t report, int override, int min_qod, * @return 0 on success, -1 on error. */ static int -report_counts_id_full (report_t report, int* holes, int* infos, +report_counts_id_full (report_t report, int* criticals, int* holes, int* infos, int* logs, int* warnings, int* false_positives, double* severity, const get_data_t* get, const char* host, - int* filtered_holes, + int* filtered_criticals, int* filtered_holes, int* filtered_infos, int* filtered_logs, int* filtered_warnings, int* filtered_false_positives, double* filtered_severity) @@ -26071,11 +26116,11 @@ report_counts_id_full (report_t report, int* holes, int* infos, int override, min_qod_int; severity_data_t severity_data, filtered_severity_data; - unfiltered_requested = (holes || warnings || infos || logs || false_positives + unfiltered_requested = (criticals || holes || warnings || infos || logs || false_positives || severity); - filtered_requested = (filtered_holes || filtered_warnings || filtered_infos - || filtered_logs || filtered_false_positives - || filtered_severity); + filtered_requested = (filtered_criticals || filtered_holes || filtered_warnings + || filtered_infos || filtered_logs + || filtered_false_positives || filtered_severity); if (current_credentials.uuid == NULL || strcmp (current_credentials.uuid, "") == 0) @@ -26170,11 +26215,11 @@ report_counts_id_full (report_t report, int* holes, int* infos, severity_data_level_counts (&severity_data, NULL, false_positives, - logs, infos, warnings, holes); + logs, infos, warnings, holes, criticals); severity_data_level_counts (&filtered_severity_data, NULL, filtered_false_positives, filtered_logs, filtered_infos, - filtered_warnings, filtered_holes); + filtered_warnings, filtered_holes, filtered_criticals); if (severity) *severity = severity_data.max; @@ -26345,6 +26390,7 @@ report_compliance_counts (report_t report, * @brief Get only the filtered message counts for a report. * * @param[in] report Report. + * @param[out] criticals Number of critical messages. * @param[out] holes Number of hole messages. * @param[out] infos Number of info messages. * @param[out] logs Number of log messages. @@ -26357,14 +26403,14 @@ report_compliance_counts (report_t report, * @return 0 on success, -1 on error. */ int -report_counts_id (report_t report, int* holes, int* infos, +report_counts_id (report_t report, int* criticals, int* holes, int* infos, int* logs, int* warnings, int* false_positives, double* severity, const get_data_t *get, const char *host) { int ret; - ret = report_counts_id_full (report, NULL, NULL, NULL, NULL, NULL, NULL, - get, host, holes, infos, logs, warnings, - false_positives, severity); + ret = report_counts_id_full (report, NULL, NULL, NULL, NULL, NULL, NULL, NULL, + get, host, criticals, holes, infos, logs, + warnings, false_positives, severity); return ret; } @@ -26407,7 +26453,7 @@ report_severity (report_t report, int overrides, int min_qod) g_debug ("%s: could not get max from cache", __func__); get_data_t *get = report_results_get_data (1, -1, overrides, min_qod); report_counts_id (report, NULL, NULL, NULL, NULL, - NULL, &severity, get, NULL); + NULL, NULL, &severity, get, NULL); get_data_reset (get); free (get); } @@ -28121,6 +28167,7 @@ host_summary_append (GString *host_summary_buffer, const char *host, * @param[in] lean Whether to return lean report. * @param[in] host_summary_buffer Host sumary buffer. * @param[in] f_host_ports Hashtable for host ports. + * @param[in] f_host_criticals Hashtable for host criticals. * @param[in] f_host_holes Hashtable for host holes. * @param[in] f_host_warnings Hashtable for host host warnings. * @param[in] f_host_infos Hashtable for host infos. @@ -28141,6 +28188,7 @@ print_report_host_xml (FILE *stream, int lean, GString *host_summary_buffer, GHashTable *f_host_ports, + GHashTable *f_host_criticals, GHashTable *f_host_holes, GHashTable *f_host_warnings, GHashTable *f_host_infos, @@ -28224,9 +28272,12 @@ print_report_host_xml (FILE *stream, } else { - int holes_count, warnings_count, infos_count; + int criticals_count, holes_count, warnings_count, infos_count; int logs_count, false_positives_count; + criticals_count + = GPOINTER_TO_INT + (g_hash_table_lookup ( f_host_criticals, current_host)); holes_count = GPOINTER_TO_INT (g_hash_table_lookup ( f_host_holes, current_host)); @@ -28250,9 +28301,13 @@ print_report_host_xml (FILE *stream, "%d" "" "%d" - "%d" - "%d" - "%d" + "%d" + "%d" + "%d" + "%d" + "%d" + "%d" + "%d" "%d" "%d" "", @@ -28261,10 +28316,14 @@ print_report_host_xml (FILE *stream, ? host_iterator_end_time (hosts) : "", ports_count, - (holes_count + warnings_count + infos_count + (criticals_count + holes_count + warnings_count + infos_count + logs_count + false_positives_count), + criticals_count, + holes_count, holes_count, warnings_count, + warnings_count, + infos_count, infos_count, logs_count, false_positives_count); @@ -28505,14 +28564,16 @@ init_delta_iterator (report_t report, iterator_t *results, report_t delta, * @param[in] result_hosts_only Whether to only include hosts with results. * @param[in] orig_filtered_result_count Result count. * @param[in] filtered_result_count Result count. - * @param[in] orig_f_holes Result count. - * @param[in] f_holes Result count. - * @param[in] orig_f_infos Result count. - * @param[in] f_infos Result count. - * @param[in] orig_f_logs Result count. - * @param[in] f_logs Result count. - * @param[in] orig_f_warnings Result count. - * @param[in] f_warnings Result count. + * @param[in] orig_f_criticals Result count. + * @param[in] f_criticals Result count. + * @param[in] orig_f_infos Result count. + * @param[in] f_holes Result count. + * @param[in] orig_f_infos Result count. + * @param[in] f_infos Result count. + * @param[in] orig_f_logs Result count. + * @param[in] f_logs Result count. + * @param[in] orig_f_warnings Result count. + * @param[in] f_warnings Result count. * @param[in] orig_f_false_positives Result count. * @param[in] f_false_positives Result count. * @param[in] f_compliance_yes filtered compliant count. @@ -28533,6 +28594,7 @@ print_report_delta_xml (FILE *out, iterator_t *results, const char *sort_field, int result_hosts_only, int *orig_filtered_result_count, int *filtered_result_count, + int *orig_f_criticals, int *f_criticals, int *orig_f_holes, int *f_holes, int *orig_f_infos, int *f_infos, int *orig_f_logs, int *f_logs, @@ -28547,6 +28609,7 @@ print_report_delta_xml (FILE *out, iterator_t *results, GTree *ports; *orig_f_holes = *f_holes; + *orig_f_criticals = *f_criticals; *orig_f_infos = *f_infos; *orig_f_logs = *f_logs; *orig_f_warnings = *f_warnings; @@ -28595,6 +28658,11 @@ print_report_delta_xml (FILE *out, iterator_t *results, level = result_iterator_level (results); (*orig_filtered_result_count)++; (*filtered_result_count)++; + if (strcmp (level, "Critical") == 0) + { + (*orig_f_criticals)++; + (*f_criticals)++; + } if (strcmp (level, "High") == 0) { (*orig_f_holes)++; @@ -28736,9 +28804,9 @@ print_report_xml_start (report_t report, report_t delta, task_t task, array_t *result_hosts; int reuse_result_iterator; iterator_t results, delta_results; - int holes, infos, logs, warnings, false_positives; - int f_holes, f_infos, f_logs, f_warnings, f_false_positives; - int orig_f_holes, orig_f_infos, orig_f_logs; + int criticals, holes, infos, logs, warnings, false_positives; + int f_criticals, f_holes, f_infos, f_logs, f_warnings, f_false_positives; + int orig_f_criticals, orig_f_holes, orig_f_infos, orig_f_logs; int orig_f_warnings, orig_f_false_positives, orig_filtered_result_count; int search_phrase_exact, apply_overrides, count_filtered; double severity, f_severity; @@ -28747,7 +28815,7 @@ print_report_xml_start (report_t report, report_t delta, task_t task, GString *filters_buffer, *filters_extra_buffer, *host_summary_buffer; gchar *term_value; GHashTable *f_host_ports; - GHashTable *f_host_holes, *f_host_warnings, *f_host_infos; + GHashTable *f_host_criticals, *f_host_holes, *f_host_warnings, *f_host_infos; GHashTable *f_host_logs, *f_host_false_positives; GHashTable *f_host_compliant, *f_host_notcompliant; GHashTable *f_host_incomplete, *f_host_undefined; @@ -28769,8 +28837,9 @@ print_report_xml_start (report_t report, report_t delta, task_t task, f_compliance_count = 0; orig_filtered_result_count = 0; orig_f_false_positives = orig_f_warnings = orig_f_logs = orig_f_infos = 0; - orig_f_holes = 0; + orig_f_holes = orig_f_criticals = 0; f_host_ports = NULL; + f_host_criticals = NULL; f_host_holes = NULL; f_host_warnings = NULL; f_host_infos = NULL; @@ -28850,7 +28919,7 @@ print_report_xml_start (report_t report, report_t delta, task_t task, max_results = manage_max_rows (max_results); - levels = levels ? levels : g_strdup ("hmlgdf"); + levels = levels ? levels : g_strdup ("chmlgdf"); if (task && (task_uuid (task, &tsk_uuid) || task_usage_type(task, &tsk_usage_type))) { @@ -28966,16 +29035,16 @@ print_report_xml_start (report_t report, report_t delta, task_t task, { if (delta == 0) { - int total_holes, total_infos, total_logs; + int total_criticals, total_holes, total_infos, total_logs; int total_warnings, total_false_positives; get_data_t *all_results_get; all_results_get = report_results_get_data (1, -1, 0, 0); - report_counts_id (report, &total_holes, &total_infos, - &total_logs, &total_warnings, + report_counts_id (report, &total_criticals, &total_holes, + &total_infos, &total_logs, &total_warnings, &total_false_positives, NULL, all_results_get, NULL); - total_result_count = total_holes + total_infos + total_result_count = total_criticals + total_holes + total_infos + total_logs + total_warnings + total_false_positives; get_data_reset (all_results_get); @@ -28995,10 +29064,10 @@ print_report_xml_start (report_t report, report_t delta, task_t task, { /* Beware, we're using the full variables temporarily here, but * report_counts_id counts the filtered results. */ - report_counts_id (report, &holes, &infos, &logs, &warnings, + report_counts_id (report, &criticals, &holes, &infos, &logs, &warnings, &false_positives, NULL, get, NULL); - filtered_result_count = holes + infos + logs + warnings + filtered_result_count = criticals + holes + infos + logs + warnings + false_positives; } @@ -29065,6 +29134,8 @@ print_report_xml_start (report_t report, report_t delta, task_t task, } else { + if (strchr (levels, 'c')) + g_string_append (filters_extra_buffer, "Critical"); if (strchr (levels, 'h')) g_string_append (filters_extra_buffer, "High"); if (strchr (levels, 'm')) @@ -29379,19 +29450,19 @@ print_report_xml_start (report_t report, report_t delta, task_t task, /* We're getting all the filtered results, so we can count them as we * print them, to save time. */ - report_counts_id_full (report, &holes, &infos, &logs, + report_counts_id_full (report, &criticals, &holes, &infos, &logs, &warnings, &false_positives, &severity, - get, NULL, NULL, NULL, NULL, NULL, NULL, NULL); + get, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL); - f_holes = f_infos = f_logs = f_warnings = 0; + f_criticals = f_holes = f_infos = f_logs = f_warnings = 0; f_false_positives = f_severity = 0; } else - report_counts_id_full (report, &holes, &infos, &logs, + report_counts_id_full (report, &criticals, &holes, &infos, &logs, &warnings, &false_positives, &severity, get, NULL, - &f_holes, &f_infos, &f_logs, &f_warnings, - &f_false_positives, &f_severity); + &f_criticals, &f_holes, &f_infos, &f_logs, + &f_warnings, &f_false_positives, &f_severity); } /* Results. */ @@ -29455,6 +29526,8 @@ print_report_xml_start (report_t report, report_t delta, task_t task, } else { + f_host_criticals = g_hash_table_new_full (g_str_hash, g_str_equal, + g_free, NULL); f_host_holes = g_hash_table_new_full (g_str_hash, g_str_equal, g_free, NULL); f_host_warnings = g_hash_table_new_full (g_str_hash, g_str_equal, @@ -29478,6 +29551,7 @@ print_report_xml_start (report_t report, report_t delta, task_t task, sort_field, result_hosts_only, &orig_filtered_result_count, &filtered_result_count, + &orig_f_criticals, &f_criticals, &orig_f_holes, &f_holes, &orig_f_infos, &f_infos, &orig_f_logs, &f_logs, @@ -29587,6 +29661,12 @@ print_report_xml_start (report_t report, report_t delta, task_t task, if (count_filtered) f_logs++; } + else if (strcasecmp (level, "critical") == 0) + { + f_host_result_counts = f_host_criticals; + if (count_filtered) + f_criticals++; + } else if (strcasecmp (level, "high") == 0) { f_host_result_counts = f_host_holes; @@ -29701,24 +29781,32 @@ print_report_xml_start (report_t report, report_t delta, task_t task, PRINT (out, "" "%i" - "%i" - "%i" + "%i" + "%i" + "%i" + "%i" + "%i" "%i" - "%i" + "%i" + "%i" "" "%i" "" "", orig_filtered_result_count, + (strchr (levels, 'c') ? orig_f_criticals : 0), (strchr (levels, 'h') ? orig_f_holes : 0), + (strchr (levels, 'h') ? orig_f_holes : 0), + (strchr (levels, 'l') ? orig_f_infos : 0), (strchr (levels, 'l') ? orig_f_infos : 0), (strchr (levels, 'g') ? orig_f_logs : 0), (strchr (levels, 'm') ? orig_f_warnings : 0), + (strchr (levels, 'm') ? orig_f_warnings : 0), (strchr (levels, 'f') ? orig_f_false_positives : 0)); else { if (count_filtered) - filtered_result_count = f_holes + f_infos + f_logs + filtered_result_count = f_criticals + f_holes + f_infos + f_logs + f_warnings + false_positives; PRINT (out, @@ -29726,10 +29814,17 @@ print_report_xml_start (report_t report, report_t delta, task_t task, "%i" "%i" "%i" - "%i%i" - "%i%i" + "" + "%i" + "%i" + "" + "%i%i" + "%i%i" + "%i%i" + "%i%i" "%i%i" - "%i%i" + "%i%i" + "%i%i" "" "%i" "%i" @@ -29738,14 +29833,22 @@ print_report_xml_start (report_t report, report_t delta, task_t task, total_result_count, total_result_count, filtered_result_count, + criticals, + (strchr (levels, 'c') ? f_criticals : 0), + holes, + (strchr (levels, 'h') ? f_holes : 0), holes, (strchr (levels, 'h') ? f_holes : 0), infos, (strchr (levels, 'l') ? f_infos : 0), + infos, + (strchr (levels, 'l') ? f_infos : 0), logs, (strchr (levels, 'g') ? f_logs : 0), warnings, (strchr (levels, 'm') ? f_warnings : 0), + warnings, + (strchr (levels, 'm') ? f_warnings : 0), false_positives, (strchr (levels, 'f') ? f_false_positives : 0)); @@ -29789,6 +29892,7 @@ print_report_xml_start (report_t report, report_t delta, task_t task, lean, host_summary_buffer, f_host_ports, + f_host_criticals, f_host_holes, f_host_warnings, f_host_infos, @@ -29819,6 +29923,7 @@ print_report_xml_start (report_t report, report_t delta, task_t task, lean, host_summary_buffer, f_host_ports, + f_host_criticals, f_host_holes, f_host_warnings, f_host_infos, @@ -29841,6 +29946,7 @@ print_report_xml_start (report_t report, report_t delta, task_t task, } else { + g_hash_table_destroy (f_host_criticals); g_hash_table_destroy (f_host_holes); g_hash_table_destroy (f_host_warnings); g_hash_table_destroy (f_host_infos); @@ -29968,6 +30074,7 @@ print_report_xml_start (report_t report, report_t delta, task_t task, } else { + g_hash_table_destroy (f_host_criticals); g_hash_table_destroy (f_host_holes); g_hash_table_destroy (f_host_warnings); g_hash_table_destroy (f_host_infos); @@ -30917,20 +31024,22 @@ parse_osp_report (task_t task, report_t report, const char *report_xml) /** * @brief Return the trend of a task, given counts. * - * @param[in] holes_a Number of holes on earlier report. - * @param[in] warns_a Number of warnings on earlier report. - * @param[in] infos_a Number of infos on earlier report. - * @param[in] severity_a Severity of earlier report. - * @param[in] holes_b Number of holes on later report. - * @param[in] warns_b Number of warnings on later report. - * @param[in] infos_b Number of infos on later report. - * @param[in] severity_b Severity of later report. + * @param[in] criticals_a Number of criticals on earlier report. + * @param[in] holes_a Number of holes on earlier report. + * @param[in] warns_a Number of warnings on earlier report. + * @param[in] infos_a Number of infos on earlier report. + * @param[in] severity_a Severity of earlier report. + * @param[in] criticals_b Number of criticals on later report. + * @param[in] holes_b Number of holes on later report. + * @param[in] warns_b Number of warnings on later report. + * @param[in] infos_b Number of infos on later report. + * @param[in] severity_b Severity of later report. * * @return "up", "down", "more", "less", "same" or if too few reports "". */ static const char * -task_trend_calc (int holes_a, int warns_a, int infos_a, double severity_a, - int holes_b, int warns_b, int infos_b, double severity_b) +task_trend_calc (int criticals_a, int holes_a, int warns_a, int infos_a, double severity_a, + int criticals_b, int holes_b, int warns_b, int infos_b, double severity_b) { int threat_a, threat_b; @@ -30944,7 +31053,9 @@ task_trend_calc (int holes_a, int warns_a, int infos_a, double severity_a, /* Calculate trend. */ - if (holes_a > 0) + if (criticals_a > 0) + threat_a = 5; + else if (holes_a > 0) threat_a = 4; else if (warns_a > 0) threat_a = 3; @@ -30953,7 +31064,9 @@ task_trend_calc (int holes_a, int warns_a, int infos_a, double severity_a, else threat_a = 1; - if (holes_b > 0) + if (criticals_b > 0) + threat_b = 5; + else if (holes_b > 0) threat_b = 4; else if (warns_b > 0) threat_b = 3; @@ -30972,6 +31085,15 @@ task_trend_calc (int holes_a, int warns_a, int infos_a, double severity_a, /* Check if the threat count changed in the highest level. */ + if (criticals_a) + { + if (criticals_a > criticals_b) + return "more"; + if (criticals_a < criticals_b) + return "less"; + return "same"; + } + if (holes_a) { if (holes_a > holes_b) @@ -31005,21 +31127,23 @@ task_trend_calc (int holes_a, int warns_a, int infos_a, double severity_a, /** * @brief Return the trend of a task, given counts. * - * @param[in] iterator Task iterator. - * @param[in] holes_a Number of holes on earlier report. - * @param[in] warns_a Number of warnings on earlier report. - * @param[in] infos_a Number of infos on earlier report. - * @param[in] severity_a Severity score of earlier report. - * @param[in] holes_b Number of holes on later report. - * @param[in] warns_b Number of warnings on later report. - * @param[in] infos_b Number of infos on later report. + * @param[in] iterator Task iterator. + * @param[in] criticals_a Number of criticals on earlier report. + * @param[in] holes_a Number of holes on earlier report. + * @param[in] warns_a Number of warnings on earlier report. + * @param[in] infos_a Number of infos on earlier report. + * @param[in] severity_a Severity score of earlier report. + * @param[in] criticals_b Number of criticals on later report. + * @param[in] holes_b Number of holes on later report. + * @param[in] warns_b Number of warnings on later report. + * @param[in] infos_b Number of infos on later report. * @param[in] severity_b Severity score of later report. * * @return "up", "down", "more", "less", "same" or if too few reports "". */ const char * -task_iterator_trend_counts (iterator_t *iterator, int holes_a, int warns_a, - int infos_a, double severity_a, int holes_b, +task_iterator_trend_counts (iterator_t *iterator, int criticals_a, int holes_a, int warns_a, + int infos_a, double severity_a, int criticals_b, int holes_b, int warns_b, int infos_b, double severity_b) { /* Ensure there are enough reports. */ @@ -31031,8 +31155,8 @@ task_iterator_trend_counts (iterator_t *iterator, int holes_a, int warns_a, if (task_iterator_run_status (iterator) == TASK_STATUS_RUNNING) return ""; - return task_trend_calc (holes_a, warns_a, infos_a, severity_a, - holes_b, warns_b, infos_b, severity_b); + return task_trend_calc (criticals_a, holes_a, warns_a, infos_a, severity_a, + criticals_b, holes_b, warns_b, infos_b, severity_b); } /** @@ -38205,9 +38329,9 @@ create_note (const char* active, const char* nvt, const char* text, if (text == NULL) return -1; - if (threat && strcmp (threat, "High") && strcmp (threat, "Medium") - && strcmp (threat, "Low") && strcmp (threat, "Log") - && strcmp (threat, "")) + if (threat && strcmp (threat, "Critical") && strcmp (threat, "High") + && strcmp (threat, "Medium") && strcmp (threat, "Low") + && strcmp (threat, "Log") && strcmp (threat, "")) return -1; quoted_text = sql_insert (text); @@ -38227,6 +38351,8 @@ create_note (const char* active, const char* nvt, const char* text, { if (strcmp (threat, "Alarm") == 0) severity_dbl = 0.1; + else if (strcmp (threat, "Critical") == 0) + severity_dbl = 0.1; else if (strcmp (threat, "High") == 0) severity_dbl = 0.1; else if (strcmp (threat, "Medium") == 0) @@ -38461,9 +38587,10 @@ modify_note (const gchar *note_id, const char *active, const char *nvt, if (nvt && !nvt_exists (nvt)) return 4; - if (threat && strcmp (threat, "High") && strcmp (threat, "Medium") - && strcmp (threat, "Low") && strcmp (threat, "Log") - && strcmp (threat, "Alarm") && strcmp (threat, "")) + if (threat && strcmp (threat, "Critical") && strcmp (threat, "High") + && strcmp (threat, "Medium") && strcmp (threat, "Low") + && strcmp (threat, "Log") && strcmp (threat, "Alarm") + && strcmp (threat, "")) return -1; if (port && validate_results_port (port)) @@ -38487,6 +38614,8 @@ modify_note (const gchar *note_id, const char *active, const char *nvt, { if (strcmp (threat, "Alarm") == 0) severity_dbl = 0.1; + else if (strcmp (threat, "Critical") == 0) + severity_dbl = 0.1; else if (strcmp (threat, "High") == 0) severity_dbl = 0.1; else if (strcmp (threat, "Medium") == 0) @@ -39193,14 +39322,15 @@ create_override (const char* active, const char* nvt, const char* text, if (port && validate_results_port (port)) return 2; - if (threat && strcmp (threat, "High") && strcmp (threat, "Medium") - && strcmp (threat, "Low") && strcmp (threat, "Log") - && strcmp (threat, "Alarm") && strcmp (threat, "")) + if (threat && strcmp (threat, "Critical") && strcmp (threat, "High") + && strcmp (threat, "Medium") && strcmp (threat, "Low") + && strcmp (threat, "Log") && strcmp (threat, "Alarm") + && strcmp (threat, "")) return -1; - if (new_threat && strcmp (new_threat, "High") && strcmp (new_threat, "Medium") - && strcmp (new_threat, "Low") && strcmp (new_threat, "Log") - && strcmp (new_threat, "False Positive") + if (new_threat && strcmp (threat, "Critical") && strcmp (new_threat, "High") + && strcmp (new_threat, "Medium") && strcmp (new_threat, "Low") + && strcmp (new_threat, "Log") && strcmp (new_threat, "False Positive") && strcmp (new_threat, "Alarm") && strcmp (new_threat, "")) return -1; @@ -39217,6 +39347,8 @@ create_override (const char* active, const char* nvt, const char* text, { if (strcmp (threat, "Alarm") == 0) severity_dbl = 0.1; + else if (strcmp (threat, "Critical") == 0) + severity_dbl = 0.1; else if (strcmp (threat, "High") == 0) severity_dbl = 0.1; else if (strcmp (threat, "Medium") == 0) @@ -39249,6 +39381,8 @@ create_override (const char* active, const char* nvt, const char* text, { if (strcmp (new_threat, "Alarm") == 0) new_severity_dbl = 10.0; + else if (strcmp (new_threat, "Critical") == 0) + new_severity_dbl = 10.0; else if (strcmp (new_threat, "High") == 0) new_severity_dbl = 10.0; else if (strcmp (new_threat, "Medium") == 0) @@ -39567,6 +39701,8 @@ modify_override (const gchar *override_id, const char *active, const char *nvt, { if (strcmp (threat, "Alarm") == 0) severity_dbl = 0.1; + else if (strcmp (threat, "Critical") == 0) + severity_dbl = 0.1; else if (strcmp (threat, "High") == 0) severity_dbl = 0.1; else if (strcmp (threat, "Medium") == 0) @@ -39599,6 +39735,8 @@ modify_override (const gchar *override_id, const char *active, const char *nvt, { if (strcmp (new_threat, "Alarm") == 0) new_severity_dbl = 10.0; + else if (strcmp (new_threat, "Critical") == 0) + new_severity_dbl = 10.0; else if (strcmp (new_threat, "High") == 0) new_severity_dbl = 10.0; else if (strcmp (new_threat, "Medium") == 0) diff --git a/src/manage_utils.c b/src/manage_utils.c index 674eb0008..5bb51df2b 100644 --- a/src/manage_utils.c +++ b/src/manage_utils.c @@ -211,7 +211,9 @@ level_min_severity (const char *level) else if (strcasecmp (level, "Error") == 0) return SEVERITY_ERROR; - if (strcasecmp (level, "high") == 0) + if (strcasecmp (level, "critical") == 0) + return 9.0; + else if (strcasecmp (level, "high") == 0) return 7.0; else if (strcasecmp (level, "medium") == 0) return 4.0; @@ -241,8 +243,10 @@ level_max_severity (const char *level) else if (strcasecmp (level, "Error") == 0) return SEVERITY_ERROR; - if (strcasecmp (level, "high") == 0) + if (strcasecmp (level, "critical") == 0) return 10.0; + else if (strcasecmp (level, "high") == 0) + return 8.9; else if (strcasecmp (level, "medium") == 0) return 6.9; else if (strcasecmp (level, "low") == 0) From a0affb39ca134e3ff8dfe290c705590fb3655664 Mon Sep 17 00:00:00 2001 From: Ahmed Abdelsalam Date: Tue, 10 Dec 2024 19:40:14 +0100 Subject: [PATCH 2/3] Use CVSS3_RATINGS toggle to apply 3.x rating scale. --- src/gmp.c | 74 +++- src/manage.c | 24 +- src/manage.h | 21 +- src/manage_pg.c | 56 ++- src/manage_sql.c | 860 +++++++++++++++++++++++++++++++++++++++------ src/manage_utils.c | 13 +- 6 files changed, 915 insertions(+), 133 deletions(-) diff --git a/src/gmp.c b/src/gmp.c index 87ce78b1c..533026a4f 100644 --- a/src/gmp.c +++ b/src/gmp.c @@ -8506,8 +8506,8 @@ buffer_override_xml (GString *buffer, iterator_t *overrides, override_iterator_active (overrides), strlen (excerpt) < strlen (text), excerpt, - override_iterator_severity (overrides) - && override_iterator_threat (overrides) + (override_iterator_severity (overrides) + && override_iterator_threat (overrides)) ? override_iterator_threat (overrides) : "", override_iterator_severity (overrides) @@ -8601,7 +8601,8 @@ buffer_override_xml (GString *buffer, iterator_t *overrides, ? override_iterator_hosts (overrides) : "", override_iterator_port (overrides) ? override_iterator_port (overrides) : "", - override_iterator_threat (overrides) + (override_iterator_severity (overrides) + && override_iterator_threat (overrides)) ? override_iterator_threat (overrides) : "", override_iterator_severity (overrides) ? override_iterator_severity (overrides) : "", @@ -15195,7 +15196,11 @@ handle_get_reports (gmp_parser_t *gmp_parser, GError **error) ("apply_overrides=%i min_qod=%i levels=%s compliance_levels=%s", overrides, min_qod, +#if CVSS3_RATINGS == 1 levels ? levels : "chmlgdf", +#else + levels ? levels : "hmlgdf", +#endif compliance_levels ? compliance_levels : "yniu"); g_free (compliance_levels); @@ -18491,8 +18496,11 @@ handle_get_tasks (gmp_parser_t *gmp_parser, GError **error) report_t running_report; char *owner, *observers; int target_in_trash, scanner_in_trash; - int criticals = 0, holes = 0, infos = 0, logs = 0, warnings = 0; - int criticals_2 = 0, holes_2 = 0, infos_2 = 0, warnings_2 = 0; + int holes = 0, infos = 0, logs = 0, warnings = 0; + int holes_2 = 0, infos_2 = 0, warnings_2 = 0; +#if CVSS3_RATINGS == 1 + int criticals = 0, criticals_2 = 0; +#endif int false_positives = 0, task_scanner_type; int target_available, config_available; int scanner_available; @@ -18598,13 +18606,20 @@ handle_get_tasks (gmp_parser_t *gmp_parser, GError **error) if (first_report_id && (get_tasks_data->get.trash == 0)) { // TODO Could skip this count for tasks page. +#if CVSS3_RATINGS == 1 if (report_counts (first_report_id, &criticals_2, &holes_2, &infos_2, &logs, &warnings_2, &false_positives, &severity_2, apply_overrides, min_qod)) - g_error ("%s: GET_TASKS: error getting counts for" - " first report, aborting", - __func__); +#else + if (report_counts (first_report_id, + &holes_2, &infos_2, &logs, + &warnings_2, &false_positives, + &severity_2, apply_overrides, min_qod)) +#endif + g_error ("%s: GET_TASKS: error getting counts for" + " first report, aborting", + __func__); } second_last_report_id = task_second_last_report_id (index); @@ -18614,11 +18629,20 @@ handle_get_tasks (gmp_parser_t *gmp_parser, GError **error) * doing the count again. */ if (((first_report_id == NULL) || (strcmp (second_last_report_id, first_report_id))) +#if CVSS3_RATINGS == 1 && report_counts (second_last_report_id, &criticals_2, &holes_2, &infos_2, &logs, &warnings_2, &false_positives, &severity_2, - apply_overrides, min_qod)) + apply_overrides, min_qod) +#else + && report_counts (second_last_report_id, + &holes_2, &infos_2, + &logs, &warnings_2, + &false_positives, &severity_2, + apply_overrides, min_qod) +#endif + ) g_error ("%s: GET_TASKS: error getting counts for" " second report, aborting", __func__); @@ -18667,6 +18691,7 @@ handle_get_tasks (gmp_parser_t *gmp_parser, GError **error) && strcmp (last_report_id, second_last_report_id))) { +#if CVSS3_RATINGS == 1 if (report_counts (last_report_id, &criticals, &holes, &infos, &logs, @@ -18675,10 +18700,22 @@ handle_get_tasks (gmp_parser_t *gmp_parser, GError **error) g_error ("%s: GET_TASKS: error getting counts for" " last report, aborting", __func__); +#else + if (report_counts + (last_report_id, + &holes, &infos, &logs, + &warnings, &false_positives, &severity, + apply_overrides, min_qod)) + g_error ("%s: GET_TASKS: error getting counts for" + " last report, aborting", + __func__); +#endif } else { +#if CVSS3_RATINGS == 1 criticals = criticals_2; +#endif holes = holes_2; infos = infos_2; warnings = warnings_2; @@ -18732,7 +18769,9 @@ handle_get_tasks (gmp_parser_t *gmp_parser, GError **error) "%s" "%s" "" +#if CVSS3_RATINGS == 1 "%i" +#endif "%i" "%i" "%i" @@ -18753,7 +18792,9 @@ handle_get_tasks (gmp_parser_t *gmp_parser, GError **error) timestamp, scan_start, scan_end, +#if CVSS3_RATINGS == 1 criticals, +#endif holes, holes, infos, @@ -18912,11 +18953,19 @@ handle_get_tasks (gmp_parser_t *gmp_parser, GError **error) progress_xml, task_iterator_total_reports (&tasks), task_iterator_finished_reports (&tasks), +#if CVSS3_RATINGS == 1 get_tasks_data->get.trash ? "" : task_iterator_trend_counts (&tasks, criticals, holes, warnings, infos, severity, criticals_2, holes_2, warnings_2, infos_2, severity_2), +#else + get_tasks_data->get.trash + ? "" + : task_iterator_trend_counts + (&tasks, 0, holes, warnings, infos, severity, + 0, holes_2, warnings_2, infos_2, severity_2), +#endif task_schedule_xml, current_report, last_report); @@ -19710,6 +19759,7 @@ gmp_xml_handle_result () { create_report_data->result_severity = strdup (""); } +#if CVSS3_RATINGS == 1 else if (strcasecmp (create_report_data->result_threat, "Critical") == 0) { create_report_data->result_severity = strdup ("10.0"); @@ -19718,6 +19768,12 @@ gmp_xml_handle_result () { create_report_data->result_severity = strdup ("8.9"); } +#else + else if (strcasecmp (create_report_data->result_threat, "High") == 0) + { + create_report_data->result_severity = strdup ("10.0"); + } +#endif else if (strcasecmp (create_report_data->result_threat, "Medium") == 0) { create_report_data->result_severity = strdup ("5.0"); diff --git a/src/manage.c b/src/manage.c index 9b7d0cd71..a9a402045 100644 --- a/src/manage.c +++ b/src/manage.c @@ -860,8 +860,10 @@ scanner_type_valid (scanner_type_t scanner_type) const char * threat_message_type (const char *threat) { +#if CVSS3_RATINGS == 1 if (strcasecmp (threat, "Critical") == 0) return "Alarm"; +#endif if (strcasecmp (threat, "High") == 0) return "Alarm"; if (strcasecmp (threat, "Medium") == 0) @@ -888,10 +890,15 @@ threat_message_type (const char *threat) int severity_in_level (double severity, const char *level) { +#if CVSS3_RATINGS == 1 if (strcmp (level, "critical") == 0) return severity >= 9 && severity <= 10; else if (strcmp (level, "high") == 0) return severity >= 7 && severity < 9; +#else + if (strcmp (level, "high") == 0) + return severity >= 7 && severity <= 10; +#endif else if (strcmp (level, "medium") == 0) return severity >= 4 && severity < 7; else if (strcmp (level, "low") == 0) @@ -923,8 +930,10 @@ severity_to_level (double severity, int mode) { if (mode == 1) return "Alarm"; +#if CVSS3_RATINGS == 1 else if (severity_in_level (severity, "critical")) return "Critical"; +#endif else if (severity_in_level (severity, "high")) return "High"; else if (severity_in_level (severity, "medium")) @@ -1307,11 +1316,20 @@ severity_data_range_count (const severity_data_t* severity_data, * @param[out] mediums The number of Medium severity results. * @param[out] highs The number of High severity results. * @param[out] criticals The number of Critical severity results. + * Only if CVSS3_RATINGS is enabled. */ void severity_data_level_counts (const severity_data_t *severity_data, - int *errors, int *false_positives, - int *logs, int *lows, int *mediums, int *highs, int* criticals) + int *errors, + int *false_positives, + int *logs, + int *lows, + int *mediums, + int *highs +#if CVSS3_RATINGS == 1 + ,int* criticals +#endif + ) { if (errors) *errors @@ -1349,11 +1367,13 @@ severity_data_level_counts (const severity_data_t *severity_data, level_min_severity ("high"), level_max_severity ("high")); +#if CVSS3_RATINGS == 1 if (criticals) *criticals = severity_data_range_count (severity_data, level_min_severity ("critical"), level_max_severity ("critical")); +#endif } diff --git a/src/manage.h b/src/manage.h index a2667abaf..ce073b277 100644 --- a/src/manage.h +++ b/src/manage.h @@ -902,9 +902,8 @@ int task_last_report (task_t, report_t*); const char * -task_iterator_trend_counts (iterator_t *, int, int, int, int, double, int, int, int, int, - double); - +task_iterator_trend_counts (iterator_t *, int, int, int, int, double, int, int, + int, int, double); int task_schedule_periods (task_t); @@ -1065,9 +1064,15 @@ severity_data_add (severity_data_t*, double); void severity_data_add_count (severity_data_t*, double, int); +#if CVSS3_RATINGS == 1 void severity_data_level_counts (const severity_data_t*, int*, int*, int*, int*, int*, int*, int*); +#else +void +severity_data_level_counts (const severity_data_t*, + int*, int*, int*, int*, int*, int*); +#endif /* General task facilities. */ @@ -1337,6 +1342,7 @@ int report_scan_result_count (report_t, const char*, const char*, int, const char*, const char*, int, int, int*); +#if CVSS3_RATINGS == 1 int report_counts (const char*, int*, int*, int*, int*, int*, int*, double*, int, int); @@ -1344,6 +1350,15 @@ report_counts (const char*, int*, int*, int*, int*, int*, int*, double*, int report_counts_id (report_t, int*, int*, int*, int*, int*, int*, double*, const get_data_t*, const char*); +#else +int +report_counts (const char*, int*, int*, int*, int*, int*, double*, + int, int); + +int +report_counts_id (report_t, int*, int*, int*, int*, int*, double*, + const get_data_t*, const char*); +#endif int report_counts_id_no_filt (report_t, int*, int*, int*, int*, int*, int*, diff --git a/src/manage_pg.c b/src/manage_pg.c index 704615c5c..ada46ee6c 100644 --- a/src/manage_pg.c +++ b/src/manage_pg.c @@ -230,10 +230,15 @@ manage_create_sql_functions () " v := " G_STRINGIFY (SEVERITY_ERROR) ";" " ELSE" " CASE" +#if CVSS3_RATINGS == 1 " WHEN lower (lvl) = 'critical' THEN" " v := 10.0;" " WHEN lower (lvl) = 'high' THEN" " v := 8.9;" +#else + " WHEN lower (lvl) = 'high' THEN" + " v := 10.0;" +#endif " WHEN lower (lvl) = 'medium' THEN" " v := 6.9;" " WHEN lower (lvl) = 'low' THEN" @@ -264,8 +269,10 @@ manage_create_sql_functions () " v := " G_STRINGIFY (SEVERITY_ERROR) ";" " ELSE" " CASE" +#if CVSS3_RATINGS == 1 " WHEN lower (lvl) = 'critical' THEN" " v := 9.0;" +#endif " WHEN lower (lvl) = 'high' THEN" " v := 7.0;" " WHEN lower (lvl) = 'medium' THEN" @@ -498,6 +505,7 @@ manage_create_sql_functions () "$$ LANGUAGE plpgsql" " IMMUTABLE;"); +#if CVSS3_RATINGS == 1 sql ("CREATE OR REPLACE FUNCTION order_threat (text)" " RETURNS integer AS $$" " BEGIN" @@ -521,7 +529,29 @@ manage_create_sql_functions () " END;" "$$ LANGUAGE plpgsql" " IMMUTABLE;"); - +#else + sql ("CREATE OR REPLACE FUNCTION order_threat (text)" + " RETURNS integer AS $$" + " BEGIN" + " IF $1 = 'High' THEN" + " RETURN 1;" + " ELSIF $1 = 'Medium' THEN" + " RETURN 2;" + " ELSIF $1 = 'Low' THEN" + " RETURN 3;" + " ELSIF $1 = 'Log' THEN" + " RETURN 4;" + " ELSIF $1 = 'False Positive' THEN" + " RETURN 5;" + " ELSIF $1 = 'None' THEN" + " RETURN 6;" + " ELSE" + " RETURN 7;" + " END IF;" + " END;" + "$$ LANGUAGE plpgsql" + " IMMUTABLE;"); +#endif sql ("CREATE OR REPLACE FUNCTION severity_to_type (double precision)" " RETURNS text AS $$" " BEGIN" @@ -1370,8 +1400,10 @@ manage_create_sql_functions () " second_last_report integer;" " severity_a double precision;" " severity_b double precision;" +#if CVSS3_RATINGS == 1 " critical_a bigint;" " critical_b bigint;" +#endif " high_a bigint;" " high_b bigint;" " medium_a bigint;" @@ -1407,10 +1439,12 @@ manage_create_sql_functions () " RETURN 'down'::text;" " END IF;" /* Calculate trend. */ +#if CVSS3_RATINGS == 1 " critical_a := report_severity_count (last_report, $2, $3," " 'critical');" " critical_b := report_severity_count (second_last_report, $2, $3," " 'critical');" +#endif " high_a := report_severity_count (last_report, $2, $3," " 'high');" " high_b := report_severity_count (second_last_report, $2, $3," @@ -1423,9 +1457,13 @@ manage_create_sql_functions () " 'low');" " low_b := report_severity_count (second_last_report, $2, $3," " 'low');" +#if CVSS3_RATINGS == 1 " IF critical_a > 0 THEN" " threat_a := 5;" " ELSEIF high_a > 0 THEN" +#else + " IF high_a > 0 THEN" +#endif " threat_a := 4;" " ELSIF medium_a > 0 THEN" " threat_a := 3;" @@ -1434,9 +1472,13 @@ manage_create_sql_functions () " ELSE" " threat_a := 1;" " END IF;" +#if CVSS3_RATINGS == 1 " IF critical_b > 0 THEN" " threat_b := 5;" " ELSEIF high_b > 0 THEN" +#else + " IF high_b > 0 THEN" +#endif " threat_b := 4;" " ELSIF medium_b > 0 THEN" " threat_b := 3;" @@ -1452,6 +1494,7 @@ manage_create_sql_functions () " RETURN 'down'::text;" " END IF;" /* Check if the threat count changed. */ +#if CVSS3_RATINGS == 1 " IF critical_a > 0 THEN" " IF critical_a > critical_b THEN" " RETURN 'more'::text;" @@ -1460,6 +1503,7 @@ manage_create_sql_functions () " END IF;" " RETURN 'same'::text;" " END IF;" +#endif " IF high_a > 0 THEN" " IF high_a > high_b THEN" " RETURN 'more'::text;" @@ -1598,12 +1642,18 @@ manage_create_sql_functions () " text)" " RETURNS boolean AS $$" " (SELECT CASE lower ($2)" +#if CVSS3_RATINGS == 1 " WHEN 'critical'" " THEN $1 >= 9" " AND $1 <= 10" " WHEN 'high'" " THEN $1 >= 7" " AND $1 < 9" +#else + " WHEN 'high'" + " THEN $1 >= 7" + " AND $1 <= 10" +#endif " WHEN 'medium'" " THEN $1 >= 4" " AND $1 < 7" @@ -1645,9 +1695,11 @@ manage_create_sql_functions () " THEN (SELECT CASE" " WHEN $2 = 1" " THEN 'Alarm'" +#if CVSS3_RATINGS == 1 " WHEN severity_in_level ($1::double precision," " 'critical')" " THEN 'Critical'" +#endif " WHEN severity_in_level ($1::double precision," " 'high')" " THEN 'High'" @@ -1678,8 +1730,10 @@ manage_create_sql_functions () " THEN (SELECT CASE" " WHEN $2 = 1" " THEN 'Alarm'" +#if CVSS3_RATINGS == 1 " WHEN severity_in_level ($1, 'critical')" " THEN 'Critical'" +#endif " WHEN severity_in_level ($1, 'high')" " THEN 'High'" " WHEN severity_in_level ($1, 'medium')" diff --git a/src/manage_sql.c b/src/manage_sql.c index 134aa8842..4578ce058 100644 --- a/src/manage_sql.c +++ b/src/manage_sql.c @@ -250,10 +250,17 @@ check_for_updated_scap (); static void check_for_updated_cert (); +#if CVSS3_RATINGS == 1 static int report_counts_id_full (report_t, int *, int *, int *, int *, int *, int *, double *, const get_data_t*, const char* , int *, int *, int *, int *, int *, int *, double *); +#else +static int +report_counts_id_full (report_t, int *, int *, int *, int *, int *, + double *, const get_data_t*, const char* , + int *, int *, int *, int *, int *, double *); +#endif static gboolean find_group_with_permission (const char *, group_t *, const char *); @@ -2604,7 +2611,9 @@ keyword_applies_to_column (keyword_t *keyword, const char* column) && (strstr ("False Positive", keyword->string) == NULL) && (strstr ("Error", keyword->string) == NULL) && (strstr ("Alarm", keyword->string) == NULL) +#if CVSS3_RATINGS == 1 && (strstr ("Critical", keyword->string) == NULL) +#endif && (strstr ("High", keyword->string) == NULL) && (strstr ("Medium", keyword->string) == NULL) && (strstr ("Low", keyword->string) == NULL) @@ -3047,7 +3056,10 @@ filter_clause (const char* type, const char* filter, || strcmp (keyword->string, "low_per_host") == 0 || strcmp (keyword->string, "medium_per_host") == 0 || strcmp (keyword->string, "high_per_host") == 0 - || strcmp (keyword->string, "critical_per_host") == 0) +#if CVSS3_RATINGS == 1 + || strcmp (keyword->string, "critical_per_host") == 0 +#endif + ) { gchar *column; column = columns_select_column (select_columns, @@ -3084,7 +3096,9 @@ filter_clause (const char* type, const char* filter, || (strcmp (keyword->string, "published") == 0) || (strcmp (keyword->string, "qod") == 0) || (strcmp (keyword->string, "cves") == 0) +#if CVSS3_RATINGS == 1 || (strcmp (keyword->string, "critical") == 0) +#endif || (strcmp (keyword->string, "high") == 0) || (strcmp (keyword->string, "medium") == 0) || (strcmp (keyword->string, "low") == 0) @@ -3242,7 +3256,10 @@ filter_clause (const char* type, const char* filter, || strcmp (keyword->string, "low_per_host") == 0 || strcmp (keyword->string, "medium_per_host") == 0 || strcmp (keyword->string, "high_per_host") == 0 - || strcmp (keyword->string, "critical_per_host") == 0) +#if CVSS3_RATINGS == 1 + || strcmp (keyword->string, "critical_per_host") == 0 +#endif + ) { gchar *column; column = columns_select_column (select_columns, @@ -3279,7 +3296,9 @@ filter_clause (const char* type, const char* filter, || (strcmp (keyword->string, "published") == 0) || (strcmp (keyword->string, "qod") == 0) || (strcmp (keyword->string, "cves") == 0) +#if CVSS3_RATINGS == 1 || (strcmp (keyword->string, "critical") == 0) +#endif || (strcmp (keyword->string, "high") == 0) || (strcmp (keyword->string, "medium") == 0) || (strcmp (keyword->string, "low") == 0) @@ -14540,7 +14559,7 @@ condition_met (task_t task, report_t report, alert_t alert, { char *filter_id, *count_string; report_t last_report; - int criticals, holes, infos, logs, warnings, false_positives; + int criticals = 0, holes, infos, logs, warnings, false_positives; int count; double severity; @@ -14587,10 +14606,15 @@ condition_met (task_t task, report_t report, alert_t alert, memset (&get, 0, sizeof (get_data_t)); get.type = "result"; get.filt_id = filter_id; +#if CVSS3_RATINGS == 1 report_counts_id (last_report, &criticals, &holes, &infos, &logs, &warnings, &false_positives, &severity, &get, NULL); - +#else + report_counts_id (last_report, &holes, &infos, &logs, + &warnings, &false_positives, &severity, + &get, NULL); +#endif db_count = criticals + holes + infos + logs + warnings + false_positives; @@ -14608,7 +14632,7 @@ condition_met (task_t task, report_t report, alert_t alert, { char *direction, *filter_id, *count_string; report_t last_report; - int criticals, holes, infos, logs, warnings, false_positives; + int criticals = 0, holes, infos, logs, warnings, false_positives; int count; double severity; @@ -14643,10 +14667,15 @@ condition_met (task_t task, report_t report, alert_t alert, get_data_t get; get.type = "result"; get.filt_id = filter_id; - +#if CVSS3_RATINGS == 1 report_counts_id (last_report, &criticals, &holes, &infos, &logs, &warnings, &false_positives, &severity, &get, NULL); +#else + report_counts_id (last_report, &holes, &infos, &logs, + &warnings, &false_positives, &severity, + &get, NULL); +#endif last_count = criticals + holes + infos + logs + warnings + false_positives; @@ -14657,10 +14686,15 @@ condition_met (task_t task, report_t report, alert_t alert, if (second_last_report) { int cmp, second_last_count; - +#if CVSS3_RATINGS == 1 report_counts_id (second_last_report, &criticals, &holes, &infos, &logs, &warnings, &false_positives, &severity, &get, NULL); +#else + report_counts_id (second_last_report, &holes, &infos, + &logs, &warnings, &false_positives, + &severity, &get, NULL); +#endif second_last_count = criticals + holes + infos + logs + warnings + false_positives; @@ -15033,13 +15067,23 @@ append_to_task_string (task_t task, const char* field, const char* value) /** * @brief Filter columns for task iterator. */ +#if CVSS3_RATINGS == 1 + #define TASK_ITERATOR_FILTER_COLUMNS \ + { GET_ITERATOR_FILTER_COLUMNS, "status", "total", "first_report", \ + "last_report", "threat", "trend", "severity", "schedule", "next_due", \ + "first", "last", "false_positive", "log", "low", "medium", "high", \ + "critical", "hosts", "result_hosts", "fp_per_host", "log_per_host", \ + "low_per_host", "medium_per_host", "high_per_host", "critical_per_host", \ + "target", "usage_type", "first_report_created", "last_report_created", NULL } +#else #define TASK_ITERATOR_FILTER_COLUMNS \ { GET_ITERATOR_FILTER_COLUMNS, "status", "total", "first_report", \ "last_report", "threat", "trend", "severity", "schedule", "next_due", \ "first", "last", "false_positive", "log", "low", "medium", "high", \ - "critical", "hosts", "result_hosts", "fp_per_host", "log_per_host", \ - "low_per_host", "medium_per_host", "high_per_host", "critical_per_host", \ - "target", "usage_type", "first_report_created", "last_report_created", NULL } + "hosts", "result_hosts", "fp_per_host", "log_per_host", "low_per_host", \ + "medium_per_host", "high_per_host", "target", "usage_type", \ + "first_report_created", "last_report_created", NULL } +#endif /** * @brief Task iterator columns. @@ -15083,6 +15127,7 @@ append_to_task_string (task_t task, const char* field, const char* value) /** * @brief Task iterator WHERE columns. */ +#if CVSS3_RATINGS == 1 #define TASK_ITERATOR_WHERE_COLUMNS_INNER \ { \ "task_threat_level (id, opts.override, opts.min_qod)", \ @@ -15288,8 +15333,195 @@ append_to_task_string (task_t task, const char* field, const char* value) " ORDER BY creation_time DESC LIMIT 1)", \ "last_report_created", \ KEYWORD_TYPE_INTEGER \ - } \ - + } +#else +#define TASK_ITERATOR_WHERE_COLUMNS_INNER \ + { \ + "task_threat_level (id, opts.override, opts.min_qod)", \ + "threat", \ + KEYWORD_TYPE_STRING \ + }, \ + { \ + "task_trend (id, opts.override, opts.min_qod)", \ + "trend", \ + KEYWORD_TYPE_STRING \ + }, \ + { \ + "task_severity (id, opts.override, opts.min_qod)", \ + "severity", \ + KEYWORD_TYPE_DOUBLE \ + }, \ + { \ + "(SELECT schedules.name FROM schedules" \ + " WHERE schedules.id = tasks.schedule)", \ + "schedule", \ + KEYWORD_TYPE_STRING \ + }, \ + { \ + "(CASE WHEN schedule_next_time IS NULL" \ + " THEN -1" \ + " WHEN schedule_next_time = 0 AND tasks.schedule > 0" \ + " THEN (SELECT first_time" \ + " FROM schedules" \ + " WHERE schedules.id = tasks.schedule)" \ + " ELSE schedule_next_time" \ + " END)", \ + "next_due", \ + KEYWORD_TYPE_INTEGER \ + }, \ + { \ + "(SELECT creation_time FROM reports WHERE task = tasks.id" \ + /* TODO 1 == TASK_STATUS_DONE */ \ + " AND scan_run_status = 1" \ + " ORDER BY creation_time ASC LIMIT 1)", \ + "first", \ + KEYWORD_TYPE_INTEGER \ + }, \ + { \ + "(SELECT creation_time FROM reports WHERE task = tasks.id" \ + /* TODO 1 == TASK_STATUS_DONE */ \ + " AND scan_run_status = 1" \ + " ORDER BY creation_time DESC LIMIT 1)", \ + "last", \ + KEYWORD_TYPE_INTEGER \ + }, \ + { \ + "CASE WHEN target IS null OR opts.ignore_severity != 0 THEN 0 ELSE" \ + " report_severity_count (task_last_report (id)," \ + " opts.override, opts.min_qod," \ + " 'False Positive')" \ + " END", \ + "false_positive", \ + KEYWORD_TYPE_INTEGER \ + }, \ + { \ + "CASE WHEN target IS null OR opts.ignore_severity != 0 THEN 0 ELSE" \ + " report_severity_count (task_last_report (id)," \ + " opts.override, opts.min_qod, 'Log')" \ + " END", \ + "log", \ + KEYWORD_TYPE_INTEGER \ + }, \ + { \ + "CASE WHEN target IS null OR opts.ignore_severity != 0 THEN 0 ELSE" \ + " report_severity_count (task_last_report (id)," \ + " opts.override, opts.min_qod, 'Low')" \ + " END", \ + "low", \ + KEYWORD_TYPE_INTEGER \ + }, \ + { \ + "CASE WHEN target IS null OR opts.ignore_severity != 0 THEN 0 ELSE" \ + " report_severity_count (task_last_report (id)," \ + " opts.override, opts.min_qod, 'Medium')" \ + " END", \ + "medium", \ + KEYWORD_TYPE_INTEGER \ + }, \ + { \ + "CASE WHEN target IS null OR opts.ignore_severity != 0 THEN 0 ELSE" \ + " report_severity_count (task_last_report (id)," \ + " opts.override, opts.min_qod, 'High')" \ + " END", \ + "high", \ + KEYWORD_TYPE_INTEGER \ + }, \ + { \ + "CASE WHEN target IS null OR opts.ignore_severity != 0 THEN 0 ELSE" \ + " report_host_count (task_last_report (id))" \ + " END", \ + "hosts", \ + KEYWORD_TYPE_INTEGER \ + }, \ + { \ + "CASE WHEN target IS null OR opts.ignore_severity != 0 THEN 0 ELSE" \ + " report_result_host_count (task_last_report (id), opts.min_qod)" \ + " END", \ + "result_hosts", \ + KEYWORD_TYPE_INTEGER \ + }, \ + { \ + "CASE WHEN target IS null OR opts.ignore_severity != 0 THEN 0 ELSE" \ + " coalesce (report_severity_count (task_last_report (id)," \ + " opts.override, opts.min_qod," \ + " 'False Positive') * 1.0" \ + " / nullif (report_result_host_count (task_last_report (id),"\ + " opts.min_qod), 0)," \ + " 0)" \ + " END", \ + "fp_per_host", \ + KEYWORD_TYPE_INTEGER \ + }, \ + { \ + "CASE WHEN target IS null OR opts.ignore_severity != 0 THEN 0 ELSE" \ + " coalesce (report_severity_count (task_last_report (id)," \ + " opts.override, opts.min_qod," \ + " 'Log') * 1.0" \ + " / nullif (report_result_host_count (task_last_report (id),"\ + " opts.min_qod), 0)," \ + " 0)" \ + " END", \ + "log_per_host", \ + KEYWORD_TYPE_INTEGER \ + }, \ + { \ + "CASE WHEN target IS null OR opts.ignore_severity != 0 THEN 0 ELSE" \ + " coalesce (report_severity_count (task_last_report (id)," \ + " opts.override, opts.min_qod," \ + " 'Low') * 1.0" \ + " / nullif (report_result_host_count (task_last_report (id),"\ + " opts.min_qod), 0)," \ + " 0)" \ + " END", \ + "low_per_host", \ + KEYWORD_TYPE_INTEGER \ + }, \ + { \ + "CASE WHEN target IS null OR opts.ignore_severity != 0 THEN 0 ELSE" \ + " coalesce (report_severity_count (task_last_report (id)," \ + " opts.override, opts.min_qod," \ + " 'Medium') * 1.0" \ + " / nullif (report_result_host_count (task_last_report (id),"\ + " opts.min_qod), 0)," \ + " 0)" \ + " END", \ + "medium_per_host", \ + KEYWORD_TYPE_INTEGER \ + }, \ + { \ + "CASE WHEN target IS null OR opts.ignore_severity != 0 THEN 0 ELSE" \ + " coalesce (report_severity_count (task_last_report (id)," \ + " opts.override, opts.min_qod," \ + " 'High') * 1.0" \ + " / nullif (report_result_host_count (task_last_report (id),"\ + " opts.min_qod), 0)," \ + " 0)" \ + " END", \ + "high_per_host", \ + KEYWORD_TYPE_INTEGER \ + }, \ + { \ + "(SELECT name FROM targets WHERE id = target)", \ + "target", \ + KEYWORD_TYPE_STRING \ + }, \ + { \ + "(SELECT creation_time FROM reports WHERE task = tasks.id" \ + /* TODO 1 == TASK_STATUS_DONE */ \ + " AND scan_run_status = 1" \ + " ORDER BY creation_time ASC LIMIT 1)", \ + "first_report_created", \ + KEYWORD_TYPE_INTEGER \ + }, \ + { \ + "(SELECT creation_time FROM reports WHERE task = tasks.id" \ + /* TODO 1 == TASK_STATUS_DONE */ \ + " AND scan_run_status = 1" \ + " ORDER BY creation_time DESC LIMIT 1)", \ + "last_report_created", \ + KEYWORD_TYPE_INTEGER \ + } +#endif /** * @brief Task iterator WHERE columns. */ @@ -21144,7 +21376,7 @@ report_cache_counts (report_t report, int clear_original, int clear_overridden, const char* users_where) { iterator_t cache_iterator; - int criticals, holes, infos, logs, warnings, false_positives; + int holes, infos, logs, warnings, false_positives; double severity; get_data_t *get = NULL; gchar *old_user_id; @@ -21175,9 +21407,14 @@ report_cache_counts (report_t report, int clear_original, int clear_overridden, " AND min_qod = %d", report, user, override, min_qod); } - +#if CVSS3_RATINGS == 1 + int criticals; report_counts_id (report, &criticals, &holes, &infos, &logs, &warnings, &false_positives, &severity, get, NULL); +#else + report_counts_id (report, &holes, &infos, &logs, &warnings, + &false_positives, &severity, get, NULL); +#endif get_data_reset (get); g_free (get); @@ -22132,6 +22369,7 @@ report_add_results_array (report_t report, GArray *results) /** * @brief Filter columns for report iterator. */ +#if CVSS3_RATINGS == 1 #define REPORT_ITERATOR_FILTER_COLUMNS \ { ANON_GET_ITERATOR_FILTER_COLUMNS, "task_id", "name", "creation_time", \ "date", "status", "task", "severity", "false_positive", "log", "low", \ @@ -22140,6 +22378,16 @@ report_add_results_array (report_t report, GArray *results) "critical_per_host", "duration", "duration_per_host", "start_time", \ "end_time", "scan_start", "scan_end", "compliance_yes", "compliance_no", \ "compliance_incomplete", "compliant", NULL } +#else +#define REPORT_ITERATOR_FILTER_COLUMNS \ + { ANON_GET_ITERATOR_FILTER_COLUMNS, "task_id", "name", "creation_time", \ + "date", "status", "task", "severity", "false_positive", "log", "low", \ + "medium", "high", "hosts", "result_hosts", "fp_per_host", "log_per_host", \ + "low_per_host", "medium_per_host", "high_per_host", "duration", \ + "duration_per_host", "start_time", "end_time", "scan_start", "scan_end", \ + "compliance_yes", "compliance_no", "compliance_incomplete", \ + "compliant", NULL } +#endif /** * @brief Report iterator columns. */ @@ -22165,6 +22413,7 @@ report_add_results_array (report_t report, GArray *results) /** * @brief Report iterator columns. */ +#if CVSS3_RATINGS == 1 #define REPORT_ITERATOR_WHERE_COLUMNS \ { \ { "run_status_name (scan_run_status)", "status", KEYWORD_TYPE_STRING }, \ @@ -22311,7 +22560,141 @@ report_add_results_array (report_t report, GArray *results) }, \ { NULL, NULL, KEYWORD_TYPE_UNKNOWN } \ } - +#else +#define REPORT_ITERATOR_WHERE_COLUMNS \ + { \ + { "run_status_name (scan_run_status)", "status", KEYWORD_TYPE_STRING }, \ + { \ + "(SELECT uuid FROM tasks WHERE tasks.id = task)", \ + "task_id", \ + KEYWORD_TYPE_STRING \ + }, \ + { "creation_time", "date", KEYWORD_TYPE_INTEGER }, \ + { "(SELECT name FROM tasks WHERE tasks.id = task)", "task" }, \ + { \ + "report_severity (id, opts.override, opts.min_qod)", \ + "severity", \ + KEYWORD_TYPE_DOUBLE \ + }, \ + { \ + "report_severity_count (id, opts.override, opts.min_qod," \ + " 'False Positive')", \ + "false_positive", \ + KEYWORD_TYPE_INTEGER \ + }, \ + { \ + "report_severity_count (id, opts.override, opts.min_qod, 'Log')", \ + "log", \ + KEYWORD_TYPE_INTEGER \ + }, \ + { \ + "report_severity_count (id, opts.override, opts.min_qod, 'Low')", \ + "low", \ + KEYWORD_TYPE_INTEGER \ + }, \ + { \ + "report_severity_count (id, opts.override, opts.min_qod, 'Medium')", \ + "medium", \ + KEYWORD_TYPE_INTEGER \ + }, \ + { \ + "report_severity_count (id, opts.override, opts.min_qod, 'High')", \ + "high", \ + KEYWORD_TYPE_INTEGER \ + }, \ + { \ + "(SELECT name FROM users WHERE users.id = reports.owner)", \ + "_owner", \ + KEYWORD_TYPE_STRING \ + }, \ + { \ + "report_host_count (id)", \ + "hosts", \ + KEYWORD_TYPE_INTEGER \ + }, \ + { \ + "report_result_host_count (id, opts.min_qod)", \ + "result_hosts", \ + KEYWORD_TYPE_INTEGER \ + }, \ + { \ + "coalesce (report_severity_count (id, opts.override, opts.min_qod," \ + " 'False Positive') * 1.0" \ + " / nullif (report_result_host_count (id, opts.min_qod), 0),"\ + " 0)", \ + "fp_per_host", \ + KEYWORD_TYPE_INTEGER \ + }, \ + { \ + "coalesce (report_severity_count (id, opts.override, opts.min_qod," \ + " 'Log') * 1.0" \ + " / nullif (report_result_host_count (id, opts.min_qod), 0),"\ + " 0)", \ + "log_per_host", \ + KEYWORD_TYPE_INTEGER \ + }, \ + { \ + "coalesce (report_severity_count (id, opts.override, opts.min_qod," \ + " 'Low') * 1.0" \ + " / nullif (report_result_host_count (id, opts.min_qod), 0),"\ + " 0)", \ + "low_per_host", \ + KEYWORD_TYPE_INTEGER \ + }, \ + { \ + "coalesce (report_severity_count (id, opts.override, opts.min_qod," \ + " 'Medium') * 1.0" \ + " / nullif (report_result_host_count (id, opts.min_qod), 0),"\ + " 0)", \ + "medium_per_host", \ + KEYWORD_TYPE_INTEGER \ + }, \ + { \ + "coalesce (report_severity_count (id, opts.override, opts.min_qod," \ + " 'High') * 1.0" \ + " / nullif (report_result_host_count (id, opts.min_qod), 0),"\ + " 0)", \ + "high_per_host", \ + KEYWORD_TYPE_INTEGER \ + }, \ + { \ + "(CASE WHEN (start_time IS NULL or end_time IS NULL)" \ + " THEN NULL ELSE end_time - start_time END)", \ + "duration", \ + KEYWORD_TYPE_INTEGER \ + }, \ + { \ + "(CASE WHEN (start_time IS NULL or end_time IS NULL" \ + " or report_result_host_count (id, opts.min_qod) = 0)" \ + " THEN NULL" \ + " ELSE (end_time - start_time)" \ + " / report_result_host_count (id, opts.min_qod) END)", \ + "duration_per_host", \ + KEYWORD_TYPE_INTEGER \ + }, \ + { \ + "report_compliance_count (id, 'YES')", \ + "compliance_yes", \ + KEYWORD_TYPE_INTEGER \ + }, \ + { \ + "report_compliance_count (id, 'NO')", \ + "compliance_no", \ + KEYWORD_TYPE_INTEGER \ + }, \ + { \ + "report_compliance_count (id, 'INCOMPLETE')", \ + "compliance_incomplete", \ + KEYWORD_TYPE_INTEGER \ + }, \ + { \ + "report_compliance_status (id)", \ + "compliant", \ + KEYWORD_TYPE_STRING \ + }, \ + { NULL, NULL, KEYWORD_TYPE_UNKNOWN } \ + } +#endif /** * @brief Generate the extra_tables string for a report iterator. * @@ -22621,11 +23004,13 @@ where_levels_auto (const char *levels, const char *new_severity_sql) g_string_append_printf (levels_sql, " AND severity_in_levels (%s", new_severity_sql); +#if CVSS3_RATINGS == 1 if (strchr (levels, 'c')) { g_string_append (levels_sql, ", 'critical'"); count++; } +#endif if (strchr (levels, 'h')) { g_string_append (levels_sql, ", 'high'"); @@ -22660,7 +23045,11 @@ where_levels_auto (const char *levels, const char *new_severity_sql) g_string_append (levels_sql, ")"); +#if CVSS3_RATINGS == 1 if (count == 6) +#else + if (count == 5) +#endif { /* All levels. */ g_string_free (levels_sql, TRUE); @@ -23354,7 +23743,11 @@ results_extra_where (int trash, report_t report, const gchar* host, min_qod = filter_term_min_qod (filter); levels = filter_term_value (filter, "levels"); if (levels == NULL) +#if CVSS3_RATINGS == 1 levels = g_strdup ("chmlgdf"); +#else + levels = g_strdup ("hmlgdf"); +#endif compliance_levels = filter_term_value (filter, "compliance_levels"); // Build clause fragments @@ -23380,7 +23773,7 @@ results_extra_where (int trash, report_t report, const gchar* host, min_qod_clause = where_qod (min_qod); - levels_clause = where_levels_auto (levels ? levels : "chmlgdf", + levels_clause = where_levels_auto (levels, given_new_severity_sql ? given_new_severity_sql : new_severity_sql); @@ -25883,6 +26276,7 @@ report_severity_data (report_t report, const char *host, * * @param[in] report_id ID of report. * @param[out] criticals Number of critical messages. + * Only if CVSS3_RATINGS is enabled. * @param[out] holes Number of hole messages. * @param[out] infos Number of info messages. * @param[out] logs Number of log messages. @@ -25895,8 +26289,16 @@ report_severity_data (report_t report, const char *host, * @return 0 on success, -1 on error. */ int -report_counts (const char* report_id, int* criticals, int* holes, int* infos, - int* logs, int* warnings, int* false_positives, double* severity, +report_counts (const char* report_id, +#if CVSS3_RATINGS == 1 + int* criticals, +#endif + int* holes, + int* infos, + int* logs, + int* warnings, + int* false_positives, + double* severity, int override, int min_qod) { report_t report; @@ -25908,8 +26310,13 @@ report_counts (const char* report_id, int* criticals, int* holes, int* infos, // TODO Check if report was found. get = report_results_get_data (1, -1, override, min_qod); +#if CVSS3_RATINGS == 1 ret = report_counts_id (report, criticals, holes, infos, logs, warnings, false_positives, severity, get, NULL); +#else + ret = report_counts_id (report, holes, infos, logs, warnings, + false_positives, severity, get, NULL); +#endif get_data_reset (get); free (get); return ret; @@ -26080,6 +26487,7 @@ cache_report_counts (report_t report, int override, int min_qod, * * @param[in] report Report. * @param[out] criticals Number of critical messages. + * Only if CVSS3_RATINGS is enabled. * @param[out] holes Number of hole messages. * @param[out] infos Number of info messages. * @param[out] logs Number of log messages. @@ -26089,6 +26497,7 @@ cache_report_counts (report_t report, int override, int min_qod, * @param[in] get Get data. * @param[in] host Host to which to limit the count. * @param[out] filtered_criticals Number of critical messages after filtering. + * Only if CVSS3_RATINGS is enabled. * @param[out] filtered_holes Number of hole messages after filtering. * @param[out] filtered_infos Number of info messages after filtering. * @param[out] filtered_logs Number of log messages after filtering. @@ -26100,13 +26509,26 @@ cache_report_counts (report_t report, int override, int min_qod, * @return 0 on success, -1 on error. */ static int -report_counts_id_full (report_t report, int* criticals, int* holes, int* infos, - int* logs, int* warnings, int* false_positives, +report_counts_id_full (report_t report, +#if CVSS3_RATINGS == 1 + int* criticals, +#endif + int* holes, + int* infos, + int* logs, + int* warnings, + int* false_positives, double* severity, - const get_data_t* get, const char* host, - int* filtered_criticals, int* filtered_holes, - int* filtered_infos, int* filtered_logs, - int* filtered_warnings, int* filtered_false_positives, + const get_data_t* get, + const char* host, +#if CVSS3_RATINGS == 1 + int* filtered_criticals, +#endif + int* filtered_holes, + int* filtered_infos, + int* filtered_logs, + int* filtered_warnings, + int* filtered_false_positives, double* filtered_severity) { const char *filter; @@ -26115,13 +26537,19 @@ report_counts_id_full (report_t report, int* criticals, int* holes, int* infos, int filter_cacheable, unfiltered_requested, filtered_requested, cache_exists; int override, min_qod_int; severity_data_t severity_data, filtered_severity_data; - +#if CVSS3_RATINGS == 1 unfiltered_requested = (criticals || holes || warnings || infos || logs || false_positives || severity); filtered_requested = (filtered_criticals || filtered_holes || filtered_warnings || filtered_infos || filtered_logs || filtered_false_positives || filtered_severity); - +#else + unfiltered_requested = (holes || warnings || infos || logs || false_positives + || severity); + filtered_requested = (filtered_holes || filtered_warnings || filtered_infos + || filtered_logs || filtered_false_positives + || filtered_severity); +#endif if (current_credentials.uuid == NULL || strcmp (current_credentials.uuid, "") == 0) g_warning ("%s: called by NULL or dummy user", __func__); @@ -26213,6 +26641,7 @@ report_counts_id_full (report_t report, int* criticals, int* holes, int* infos, ? &filtered_severity_data : NULL); } +#if CVSS3_RATINGS == 1 severity_data_level_counts (&severity_data, NULL, false_positives, logs, infos, warnings, holes, criticals); @@ -26220,6 +26649,15 @@ report_counts_id_full (report_t report, int* criticals, int* holes, int* infos, NULL, filtered_false_positives, filtered_logs, filtered_infos, filtered_warnings, filtered_holes, filtered_criticals); +#else + severity_data_level_counts (&severity_data, + NULL, false_positives, + logs, infos, warnings, holes); + severity_data_level_counts (&filtered_severity_data, + NULL, filtered_false_positives, + filtered_logs, filtered_infos, + filtered_warnings, filtered_holes); +#endif if (severity) *severity = severity_data.max; @@ -26391,6 +26829,7 @@ report_compliance_counts (report_t report, * * @param[in] report Report. * @param[out] criticals Number of critical messages. + * Only if CVSS3_RATINGS is enabled. * @param[out] holes Number of hole messages. * @param[out] infos Number of info messages. * @param[out] logs Number of log messages. @@ -26403,14 +26842,29 @@ report_compliance_counts (report_t report, * @return 0 on success, -1 on error. */ int -report_counts_id (report_t report, int* criticals, int* holes, int* infos, - int* logs, int* warnings, int* false_positives, - double* severity, const get_data_t *get, const char *host) +report_counts_id (report_t report, +#if CVSS3_RATINGS == 1 + int* criticals, +#endif + int* holes, + int* infos, + int* logs, + int* warnings, + int* false_positives, + double* severity, + const get_data_t *get, + const char *host) { int ret; +#if CVSS3_RATINGS == 1 ret = report_counts_id_full (report, NULL, NULL, NULL, NULL, NULL, NULL, NULL, get, host, criticals, holes, infos, logs, warnings, false_positives, severity); +#else + ret = report_counts_id_full (report, NULL, NULL, NULL, NULL, NULL, NULL, + get, host, holes, infos, logs, warnings, + false_positives, severity); +#endif return ret; } @@ -26452,8 +26906,13 @@ report_severity (report_t report, int overrides, int min_qod) { g_debug ("%s: could not get max from cache", __func__); get_data_t *get = report_results_get_data (1, -1, overrides, min_qod); +#if CVSS3_RATINGS == 1 report_counts_id (report, NULL, NULL, NULL, NULL, NULL, NULL, &severity, get, NULL); +#else + report_counts_id (report, NULL, NULL, NULL, NULL, + NULL, &severity, get, NULL); +#endif get_data_reset (get); free (get); } @@ -28168,6 +28627,7 @@ host_summary_append (GString *host_summary_buffer, const char *host, * @param[in] host_summary_buffer Host sumary buffer. * @param[in] f_host_ports Hashtable for host ports. * @param[in] f_host_criticals Hashtable for host criticals. + * Only available if CVSS3_RATINGS is enabled. * @param[in] f_host_holes Hashtable for host holes. * @param[in] f_host_warnings Hashtable for host host warnings. * @param[in] f_host_infos Hashtable for host infos. @@ -28188,7 +28648,9 @@ print_report_host_xml (FILE *stream, int lean, GString *host_summary_buffer, GHashTable *f_host_ports, +#if CVSS3_RATINGS == 1 GHashTable *f_host_criticals, +#endif GHashTable *f_host_holes, GHashTable *f_host_warnings, GHashTable *f_host_infos, @@ -28272,12 +28734,15 @@ print_report_host_xml (FILE *stream, } else { - int criticals_count, holes_count, warnings_count, infos_count; + int holes_count, warnings_count, infos_count; int logs_count, false_positives_count; + int criticals_count = 0; +#if CVSS3_RATINGS == 1 criticals_count = GPOINTER_TO_INT (g_hash_table_lookup ( f_host_criticals, current_host)); +#endif holes_count = GPOINTER_TO_INT (g_hash_table_lookup ( f_host_holes, current_host)); @@ -28301,7 +28766,9 @@ print_report_host_xml (FILE *stream, "%d" "" "%d" +#if CVSS3_RATINGS == 1 "%d" +#endif "%d" "%d" "%d" @@ -28318,7 +28785,9 @@ print_report_host_xml (FILE *stream, ports_count, (criticals_count + holes_count + warnings_count + infos_count + logs_count + false_positives_count), +#if CVSS3_RATINGS == 1 criticals_count, +#endif holes_count, holes_count, warnings_count, @@ -28564,24 +29033,26 @@ init_delta_iterator (report_t report, iterator_t *results, report_t delta, * @param[in] result_hosts_only Whether to only include hosts with results. * @param[in] orig_filtered_result_count Result count. * @param[in] filtered_result_count Result count. - * @param[in] orig_f_criticals Result count. - * @param[in] f_criticals Result count. - * @param[in] orig_f_infos Result count. - * @param[in] f_holes Result count. - * @param[in] orig_f_infos Result count. - * @param[in] f_infos Result count. - * @param[in] orig_f_logs Result count. - * @param[in] f_logs Result count. - * @param[in] orig_f_warnings Result count. - * @param[in] f_warnings Result count. - * @param[in] orig_f_false_positives Result count. - * @param[in] f_false_positives Result count. - * @param[in] f_compliance_yes filtered compliant count. - * @param[in] f_compliance_no filtered incompliant count. - * @param[in] f_compliance_incomplete filtered incomplete count. - * @param[in] f_compliance_undefined filtered undefined count. - * @param[in] f_compliance_count total filtered compliance count. - * @param[in] result_hosts Result hosts. + * @param[in] orig_f_criticals Result count. + * Only available if CVSS3_RATINGS is enabled. + * @param[in] f_criticals Result count. + * Only available if CVSS3_RATINGS is enabled. + * @param[in] orig_f_infos Result count. + * @param[in] f_holes Result count. + * @param[in] orig_f_infos Result count. + * @param[in] f_infos Result count. + * @param[in] orig_f_logs Result count. + * @param[in] f_logs Result count. + * @param[in] orig_f_warnings Result count. + * @param[in] f_warnings Result count. + * @param[in] orig_f_false_positives Result count. + * @param[in] f_false_positives Result count. + * @param[in] f_compliance_yes filtered compliant count. + * @param[in] f_compliance_no filtered incompliant count. + * @param[in] f_compliance_incomplete filtered incomplete count. + * @param[in] f_compliance_undefined filtered undefined count. + * @param[in] f_compliance_count total filtered compliance count. + * @param[in] result_hosts Result hosts. * * @return 0 on success, -1 error. */ @@ -28594,7 +29065,9 @@ print_report_delta_xml (FILE *out, iterator_t *results, const char *sort_field, int result_hosts_only, int *orig_filtered_result_count, int *filtered_result_count, +#if CVSS3_RATINGS == 1 int *orig_f_criticals, int *f_criticals, +#endif int *orig_f_holes, int *f_holes, int *orig_f_infos, int *f_infos, int *orig_f_logs, int *f_logs, @@ -28607,9 +29080,10 @@ print_report_delta_xml (FILE *out, iterator_t *results, { GString *buffer = g_string_new (""); GTree *ports; - *orig_f_holes = *f_holes; +#if CVSS3_RATINGS == 1 *orig_f_criticals = *f_criticals; +#endif *orig_f_infos = *f_infos; *orig_f_logs = *f_logs; *orig_f_warnings = *f_warnings; @@ -28658,11 +29132,13 @@ print_report_delta_xml (FILE *out, iterator_t *results, level = result_iterator_level (results); (*orig_filtered_result_count)++; (*filtered_result_count)++; +#if CVSS3_RATINGS == 1 if (strcmp (level, "Critical") == 0) { (*orig_f_criticals)++; (*f_criticals)++; } +#endif if (strcmp (level, "High") == 0) { (*orig_f_holes)++; @@ -28804,8 +29280,8 @@ print_report_xml_start (report_t report, report_t delta, task_t task, array_t *result_hosts; int reuse_result_iterator; iterator_t results, delta_results; - int criticals, holes, infos, logs, warnings, false_positives; - int f_criticals, f_holes, f_infos, f_logs, f_warnings, f_false_positives; + int criticals = 0, holes, infos, logs, warnings, false_positives; + int f_criticals = 0, f_holes, f_infos, f_logs, f_warnings, f_false_positives; int orig_f_criticals, orig_f_holes, orig_f_infos, orig_f_logs; int orig_f_warnings, orig_f_false_positives, orig_filtered_result_count; int search_phrase_exact, apply_overrides, count_filtered; @@ -28815,10 +29291,13 @@ print_report_xml_start (report_t report, report_t delta, task_t task, GString *filters_buffer, *filters_extra_buffer, *host_summary_buffer; gchar *term_value; GHashTable *f_host_ports; - GHashTable *f_host_criticals, *f_host_holes, *f_host_warnings, *f_host_infos; + GHashTable *f_host_holes, *f_host_warnings, *f_host_infos; GHashTable *f_host_logs, *f_host_false_positives; GHashTable *f_host_compliant, *f_host_notcompliant; GHashTable *f_host_incomplete, *f_host_undefined; + #if CVSS3_RATINGS == 1 + GHashTable *f_host_criticals = NULL; + #endif task_status_t run_status; gchar *tsk_usage_type = NULL; int f_compliance_yes, f_compliance_no; @@ -28839,7 +29318,6 @@ print_report_xml_start (report_t report, report_t delta, task_t task, orig_f_false_positives = orig_f_warnings = orig_f_logs = orig_f_infos = 0; orig_f_holes = orig_f_criticals = 0; f_host_ports = NULL; - f_host_criticals = NULL; f_host_holes = NULL; f_host_warnings = NULL; f_host_infos = NULL; @@ -28919,7 +29397,11 @@ print_report_xml_start (report_t report, report_t delta, task_t task, max_results = manage_max_rows (max_results); + #if CVSS3_RATINGS == 1 levels = levels ? levels : g_strdup ("chmlgdf"); + #else + levels = levels ? levels : g_strdup ("hmlgdf"); + #endif if (task && (task_uuid (task, &tsk_uuid) || task_usage_type(task, &tsk_usage_type))) { @@ -29035,15 +29517,22 @@ print_report_xml_start (report_t report, report_t delta, task_t task, { if (delta == 0) { - int total_criticals, total_holes, total_infos, total_logs; + int total_criticals = 0, total_holes, total_infos, total_logs; int total_warnings, total_false_positives; get_data_t *all_results_get; all_results_get = report_results_get_data (1, -1, 0, 0); +#if CVSS3_RATINGS == 1 report_counts_id (report, &total_criticals, &total_holes, &total_infos, &total_logs, &total_warnings, &total_false_positives, NULL, all_results_get, NULL); +#else + report_counts_id (report, &total_holes, &total_infos, + &total_logs, &total_warnings, + &total_false_positives, NULL, all_results_get, + NULL); +#endif total_result_count = total_criticals + total_holes + total_infos + total_logs + total_warnings + total_false_positives; @@ -29064,8 +29553,13 @@ print_report_xml_start (report_t report, report_t delta, task_t task, { /* Beware, we're using the full variables temporarily here, but * report_counts_id counts the filtered results. */ +#if CVSS3_RATINGS == 1 report_counts_id (report, &criticals, &holes, &infos, &logs, &warnings, &false_positives, NULL, get, NULL); +#else + report_counts_id (report, &holes, &infos, &logs, &warnings, + &false_positives, NULL, get, NULL); +#endif filtered_result_count = criticals + holes + infos + logs + warnings + false_positives; @@ -29134,8 +29628,10 @@ print_report_xml_start (report_t report, report_t delta, task_t task, } else { +#if CVSS3_RATINGS == 1 if (strchr (levels, 'c')) g_string_append (filters_extra_buffer, "Critical"); +#endif if (strchr (levels, 'h')) g_string_append (filters_extra_buffer, "High"); if (strchr (levels, 'm')) @@ -29449,20 +29945,34 @@ print_report_xml_start (report_t report, report_t delta, task_t task, { /* We're getting all the filtered results, so we can count them as we * print them, to save time. */ - +#if CVSS3_RATINGS == 1 report_counts_id_full (report, &criticals, &holes, &infos, &logs, - &warnings, &false_positives, &severity, - get, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL); + &warnings, &false_positives, &severity, + get, NULL, NULL, NULL, NULL, NULL, + NULL, NULL, NULL); +#else + report_counts_id_full (report, &holes, &infos, &logs, + &warnings, &false_positives, &severity, + get, NULL, NULL, NULL, NULL, NULL, + NULL, NULL); +#endif f_criticals = f_holes = f_infos = f_logs = f_warnings = 0; f_false_positives = f_severity = 0; } else +#if CVSS3_RATINGS == 1 report_counts_id_full (report, &criticals, &holes, &infos, &logs, - &warnings, &false_positives, &severity, - get, NULL, - &f_criticals, &f_holes, &f_infos, &f_logs, - &f_warnings, &f_false_positives, &f_severity); + &warnings, &false_positives, &severity, + get, NULL, + &f_criticals, &f_holes, &f_infos, &f_logs, + &f_warnings, &f_false_positives, &f_severity); +#else + report_counts_id_full (report, &holes, &infos, &logs, + &warnings, &false_positives, &severity, + get, NULL, &f_holes, &f_infos, &f_logs, + &f_warnings, &f_false_positives, &f_severity); +#endif } /* Results. */ @@ -29526,8 +30036,10 @@ print_report_xml_start (report_t report, report_t delta, task_t task, } else { +#if CVSS3_RATINGS == 1 f_host_criticals = g_hash_table_new_full (g_str_hash, g_str_equal, g_free, NULL); +#endif f_host_holes = g_hash_table_new_full (g_str_hash, g_str_equal, g_free, NULL); f_host_warnings = g_hash_table_new_full (g_str_hash, g_str_equal, @@ -29542,6 +30054,7 @@ print_report_xml_start (report_t report, report_t delta, task_t task, if (delta && get->details) { +#if CVSS3_RATINGS == 1 if (print_report_delta_xml (out, &results, delta_states, ignore_pagination ? 0 : first_result, ignore_pagination ? -1 : max_results, @@ -29564,6 +30077,29 @@ print_report_xml_start (report_t report, report_t delta, task_t task, &f_compliance_undefined, &f_compliance_count, result_hosts)) +#else + if (print_report_delta_xml (out, &results, delta_states, + ignore_pagination ? 0 : first_result, + ignore_pagination ? -1 : max_results, + task, notes, + notes_details, overrides, + overrides_details, sort_order, + sort_field, result_hosts_only, + &orig_filtered_result_count, + &filtered_result_count, + &orig_f_holes, &f_holes, + &orig_f_infos, &f_infos, + &orig_f_logs, &f_logs, + &orig_f_warnings, &f_warnings, + &orig_f_false_positives, + &f_false_positives, + &f_compliance_yes, + &f_compliance_no, + &f_compliance_incomplete, + &f_compliance_undefined, + &f_compliance_count, + result_hosts)) +#endif goto failed_delta_report; } else if (get->details) @@ -29661,12 +30197,14 @@ print_report_xml_start (report_t report, report_t delta, task_t task, if (count_filtered) f_logs++; } +#if CVSS3_RATINGS == 1 else if (strcasecmp (level, "critical") == 0) { f_host_result_counts = f_host_criticals; if (count_filtered) f_criticals++; } +#endif else if (strcasecmp (level, "high") == 0) { f_host_result_counts = f_host_holes; @@ -29781,7 +30319,9 @@ print_report_xml_start (report_t report, report_t delta, task_t task, PRINT (out, "" "%i" +#if CVSS3_RATINGS == 1 "%i" +#endif "%i" "%i" "%i" @@ -29794,7 +30334,9 @@ print_report_xml_start (report_t report, report_t delta, task_t task, "" "", orig_filtered_result_count, +#if CVSS3_RATINGS == 1 (strchr (levels, 'c') ? orig_f_criticals : 0), +#endif (strchr (levels, 'h') ? orig_f_holes : 0), (strchr (levels, 'h') ? orig_f_holes : 0), (strchr (levels, 'l') ? orig_f_infos : 0), @@ -29814,10 +30356,12 @@ print_report_xml_start (report_t report, report_t delta, task_t task, "%i" "%i" "%i" +#if CVSS3_RATINGS == 1 "" "%i" "%i" "" +#endif "%i%i" "%i%i" "%i%i" @@ -29833,8 +30377,10 @@ print_report_xml_start (report_t report, report_t delta, task_t task, total_result_count, total_result_count, filtered_result_count, +#if CVSS3_RATINGS == 1 criticals, (strchr (levels, 'c') ? f_criticals : 0), +#endif holes, (strchr (levels, 'h') ? f_holes : 0), holes, @@ -29885,26 +30431,44 @@ print_report_xml_start (report_t report, report_t delta, task_t task, present = next (&hosts); if (present) { - if (print_report_host_xml (out, - &hosts, - result_host, - tsk_usage_type, - lean, - host_summary_buffer, - f_host_ports, - f_host_criticals, - f_host_holes, - f_host_warnings, - f_host_infos, - f_host_logs, - f_host_false_positives, - f_host_compliant, - f_host_notcompliant, - f_host_incomplete, - f_host_undefined)) - +#if CVSS3_RATINGS == 1 + if (print_report_host_xml (out, + &hosts, + result_host, + tsk_usage_type, + lean, + host_summary_buffer, + f_host_ports, + f_host_criticals, + f_host_holes, + f_host_warnings, + f_host_infos, + f_host_logs, + f_host_false_positives, + f_host_compliant, + f_host_notcompliant, + f_host_incomplete, + f_host_undefined)) +#else + if (print_report_host_xml (out, + &hosts, + result_host, + tsk_usage_type, + lean, + host_summary_buffer, + f_host_ports, + f_host_holes, + f_host_warnings, + f_host_infos, + f_host_logs, + f_host_false_positives, + f_host_compliant, + f_host_notcompliant, + f_host_incomplete, + f_host_undefined)) +#endif { - goto failed_print_report_host; + goto failed_print_report_host; } } cleanup_iterator (&hosts); @@ -29916,23 +30480,42 @@ print_report_xml_start (report_t report, report_t delta, task_t task, init_report_host_iterator (&hosts, report, NULL, 0); while (next (&hosts)) { +#if CVSS3_RATINGS == 1 if (print_report_host_xml (out, - &hosts, - NULL, - tsk_usage_type, - lean, - host_summary_buffer, - f_host_ports, - f_host_criticals, - f_host_holes, - f_host_warnings, - f_host_infos, - f_host_logs, - f_host_false_positives, - f_host_compliant, - f_host_notcompliant, - f_host_incomplete, - f_host_undefined)) + &hosts, + NULL, + tsk_usage_type, + lean, + host_summary_buffer, + f_host_ports, + f_host_criticals, + f_host_holes, + f_host_warnings, + f_host_infos, + f_host_logs, + f_host_false_positives, + f_host_compliant, + f_host_notcompliant, + f_host_incomplete, + f_host_undefined)) +#else + if (print_report_host_xml (out, + &hosts, + NULL, + tsk_usage_type, + lean, + host_summary_buffer, + f_host_ports, + f_host_holes, + f_host_warnings, + f_host_infos, + f_host_logs, + f_host_false_positives, + f_host_compliant, + f_host_notcompliant, + f_host_incomplete, + f_host_undefined)) +#endif goto failed_print_report_host; } cleanup_iterator (&hosts); @@ -29946,7 +30529,9 @@ print_report_xml_start (report_t report, report_t delta, task_t task, } else { +#if CVSS3_RATINGS == 1 g_hash_table_destroy (f_host_criticals); +#endif g_hash_table_destroy (f_host_holes); g_hash_table_destroy (f_host_warnings); g_hash_table_destroy (f_host_infos); @@ -30074,7 +30659,9 @@ print_report_xml_start (report_t report, report_t delta, task_t task, } else { +#if CVSS3_RATINGS == 1 g_hash_table_destroy (f_host_criticals); +#endif g_hash_table_destroy (f_host_holes); g_hash_table_destroy (f_host_warnings); g_hash_table_destroy (f_host_infos); @@ -31038,8 +31625,9 @@ parse_osp_report (task_t task, report_t report, const char *report_xml) * @return "up", "down", "more", "less", "same" or if too few reports "". */ static const char * -task_trend_calc (int criticals_a, int holes_a, int warns_a, int infos_a, double severity_a, - int criticals_b, int holes_b, int warns_b, int infos_b, double severity_b) +task_trend_calc (int criticals_a, int holes_a, int warns_a, int infos_a, + double severity_a, int criticals_b, int holes_b, int warns_b, + int infos_b, double severity_b) { int threat_a, threat_b; @@ -31142,9 +31730,10 @@ task_trend_calc (int criticals_a, int holes_a, int warns_a, int infos_a, double * @return "up", "down", "more", "less", "same" or if too few reports "". */ const char * -task_iterator_trend_counts (iterator_t *iterator, int criticals_a, int holes_a, int warns_a, - int infos_a, double severity_a, int criticals_b, int holes_b, - int warns_b, int infos_b, double severity_b) +task_iterator_trend_counts (iterator_t *iterator, int criticals_a, int holes_a, + int warns_a, int infos_a, double severity_a, + int criticals_b, int holes_b, int warns_b, + int infos_b, double severity_b) { /* Ensure there are enough reports. */ if (task_iterator_finished_reports (iterator) <= 1) @@ -38329,9 +38918,15 @@ create_note (const char* active, const char* nvt, const char* text, if (text == NULL) return -1; - if (threat && strcmp (threat, "Critical") && strcmp (threat, "High") - && strcmp (threat, "Medium") && strcmp (threat, "Low") - && strcmp (threat, "Log") && strcmp (threat, "")) + if (threat +#if CVSS3_RATINGS == 1 + && strcmp (threat, "Critical") +#endif + && strcmp (threat, "High") + && strcmp (threat, "Medium") + && strcmp (threat, "Low") + && strcmp (threat, "Log") + && strcmp (threat, "")) return -1; quoted_text = sql_insert (text); @@ -38351,8 +38946,10 @@ create_note (const char* active, const char* nvt, const char* text, { if (strcmp (threat, "Alarm") == 0) severity_dbl = 0.1; +#if CVSS3_RATINGS == 1 else if (strcmp (threat, "Critical") == 0) severity_dbl = 0.1; +#endif else if (strcmp (threat, "High") == 0) severity_dbl = 0.1; else if (strcmp (threat, "Medium") == 0) @@ -38587,9 +39184,15 @@ modify_note (const gchar *note_id, const char *active, const char *nvt, if (nvt && !nvt_exists (nvt)) return 4; - if (threat && strcmp (threat, "Critical") && strcmp (threat, "High") - && strcmp (threat, "Medium") && strcmp (threat, "Low") - && strcmp (threat, "Log") && strcmp (threat, "Alarm") + if (threat +#if CVSS3_RATINGS == 1 + && strcmp (threat, "Critical") +#endif + && strcmp (threat, "High") + && strcmp (threat, "Medium") + && strcmp (threat, "Low") + && strcmp (threat, "Log") + && strcmp (threat, "Alarm") && strcmp (threat, "")) return -1; @@ -38614,8 +39217,10 @@ modify_note (const gchar *note_id, const char *active, const char *nvt, { if (strcmp (threat, "Alarm") == 0) severity_dbl = 0.1; +#if CVSS3_RATINGS == 1 else if (strcmp (threat, "Critical") == 0) severity_dbl = 0.1; +#endif else if (strcmp (threat, "High") == 0) severity_dbl = 0.1; else if (strcmp (threat, "Medium") == 0) @@ -39322,16 +39927,29 @@ create_override (const char* active, const char* nvt, const char* text, if (port && validate_results_port (port)) return 2; - if (threat && strcmp (threat, "Critical") && strcmp (threat, "High") - && strcmp (threat, "Medium") && strcmp (threat, "Low") - && strcmp (threat, "Log") && strcmp (threat, "Alarm") + if (threat +#if CVSS3_RATINGS == 1 + && strcmp (threat, "Critical") +#endif + && strcmp (threat, "High") + && strcmp (threat, "Medium") + && strcmp (threat, "Low") + && strcmp (threat, "Log") + && strcmp (threat, "Alarm") && strcmp (threat, "")) return -1; - if (new_threat && strcmp (threat, "Critical") && strcmp (new_threat, "High") - && strcmp (new_threat, "Medium") && strcmp (new_threat, "Low") - && strcmp (new_threat, "Log") && strcmp (new_threat, "False Positive") - && strcmp (new_threat, "Alarm") && strcmp (new_threat, "")) + if (new_threat +#if CVSS3_RATINGS == 1 + && strcmp (new_threat, "Critical") +#endif + && strcmp (new_threat, "High") + && strcmp (new_threat, "Medium") + && strcmp (new_threat, "Low") + && strcmp (new_threat, "Log") + && strcmp (new_threat, "False Positive") + && strcmp (new_threat, "Alarm") + && strcmp (new_threat, "")) return -1; severity_dbl = 0.0; @@ -39347,8 +39965,10 @@ create_override (const char* active, const char* nvt, const char* text, { if (strcmp (threat, "Alarm") == 0) severity_dbl = 0.1; +#if CVSS3_RATINGS == 1 else if (strcmp (threat, "Critical") == 0) severity_dbl = 0.1; +#endif else if (strcmp (threat, "High") == 0) severity_dbl = 0.1; else if (strcmp (threat, "Medium") == 0) @@ -39381,10 +40001,15 @@ create_override (const char* active, const char* nvt, const char* text, { if (strcmp (new_threat, "Alarm") == 0) new_severity_dbl = 10.0; +#if CVSS3_RATINGS == 1 else if (strcmp (new_threat, "Critical") == 0) new_severity_dbl = 10.0; + else if (strcmp (new_threat, "High") == 0) + new_severity_dbl = 8.9; +#else else if (strcmp (new_threat, "High") == 0) new_severity_dbl = 10.0; +#endif else if (strcmp (new_threat, "Medium") == 0) new_severity_dbl = 5.0; else if (strcmp (new_threat, "Low") == 0) @@ -39701,8 +40326,10 @@ modify_override (const gchar *override_id, const char *active, const char *nvt, { if (strcmp (threat, "Alarm") == 0) severity_dbl = 0.1; +#if CVSS3_RATINGS == 1 else if (strcmp (threat, "Critical") == 0) severity_dbl = 0.1; +#endif else if (strcmp (threat, "High") == 0) severity_dbl = 0.1; else if (strcmp (threat, "Medium") == 0) @@ -39735,10 +40362,15 @@ modify_override (const gchar *override_id, const char *active, const char *nvt, { if (strcmp (new_threat, "Alarm") == 0) new_severity_dbl = 10.0; +#if CVSS3_RATINGS == 1 else if (strcmp (new_threat, "Critical") == 0) new_severity_dbl = 10.0; + else if (strcmp (new_threat, "High") == 0) + new_severity_dbl = 8.9; +#else else if (strcmp (new_threat, "High") == 0) new_severity_dbl = 10.0; +#endif else if (strcmp (new_threat, "Medium") == 0) new_severity_dbl = 5.0; else if (strcmp (new_threat, "Low") == 0) diff --git a/src/manage_utils.c b/src/manage_utils.c index 5bb51df2b..569ac8e36 100644 --- a/src/manage_utils.c +++ b/src/manage_utils.c @@ -210,9 +210,10 @@ level_min_severity (const char *level) return SEVERITY_FP; else if (strcasecmp (level, "Error") == 0) return SEVERITY_ERROR; - - if (strcasecmp (level, "critical") == 0) +#if CVSS3_RATINGS == 1 + else if (strcasecmp (level, "critical") == 0) return 9.0; +#endif else if (strcasecmp (level, "high") == 0) return 7.0; else if (strcasecmp (level, "medium") == 0) @@ -242,11 +243,15 @@ level_max_severity (const char *level) return SEVERITY_FP; else if (strcasecmp (level, "Error") == 0) return SEVERITY_ERROR; - - if (strcasecmp (level, "critical") == 0) +#if CVSS3_RATINGS == 1 + else if (strcasecmp (level, "critical") == 0) return 10.0; else if (strcasecmp (level, "high") == 0) return 8.9; +#else + else if (strcasecmp (level, "high") == 0) + return 10.0; +#endif else if (strcasecmp (level, "medium") == 0) return 6.9; else if (strcasecmp (level, "low") == 0) From 26590f496969ca9a0223127b21ad1c832156d517 Mon Sep 17 00:00:00 2001 From: Ahmed Abdelsalam Date: Thu, 12 Dec 2024 12:10:31 +0100 Subject: [PATCH 3/3] Update GMP documentation conditionally on feature switch --- CMakeLists.txt | 12 + src/schema_formats/XML/GMP.xml.in | 393 +++++++++++++++++++++++++++++- 2 files changed, 401 insertions(+), 4 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 0f91fd6af..e6c9eb3a5 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -249,6 +249,18 @@ if (NOT CVSS3_RATINGS) endif (NOT CVSS3_RATINGS) add_definitions (-DCVSS3_RATINGS=${CVSS3_RATINGS}) +if (CVSS3_RATINGS EQUAL 1) + set(IF_CVSS3_RATINGS "") + set(ENDIF_CVSS3_RATINGS "") + set(IF_NOT_CVSS3_RATINGS "") +elseif (CVSS3_RATINGS EQUAL 0) + set(IF_CVSS3_RATINGS "") + set(IF_NOT_CVSS3_RATINGS "") + set(ENDIF_NOT_CVSS3_RATINGS "") +endif() + message ("-- Install prefix: ${CMAKE_INSTALL_PREFIX}") message ("-- Log file: ${GVMD_LOG_FILE}") diff --git a/src/schema_formats/XML/GMP.xml.in b/src/schema_formats/XML/GMP.xml.in index 7b2bfc493..97b37fec4 100644 --- a/src/schema_formats/XML/GMP.xml.in +++ b/src/schema_formats/XML/GMP.xml.in @@ -115,6 +115,19 @@ along with this program. If not, see . text + @IF_CVSS3_RATINGS@ + + levels + A string selecting severity levels that may include the characters c, h, m, l, g and f + + The meanings of the letters for each level are: "c" for "critical", + "h" for "high", "m" for "medium", "l" for "low", "g" for "log" and + "f" for "false positive". + + xsd:token { pattern = "c?h?m?l?g?f?" } + + @ENDIF_CVSS3_RATINGS@ + @IF_NOT_CVSS3_RATINGS@ levels A string selecting severity levels that may include the characters h, m, l, g and f @@ -125,6 +138,7 @@ along with this program. If not, see . xsd:token { pattern = "h?m?l?g?f?" } + @ENDIF_NOT_CVSS3_RATINGS@ name A name @@ -2231,6 +2245,9 @@ along with this program. If not, see . Level filter + @IF_CVSS3_RATINGS@ + Critical + @ENDIF_CVSS3_RATINGS@ High Medium Low @@ -2366,10 +2383,22 @@ along with this program. If not, see . text full filtered + @IF_CVSS3_RATINGS@ + critical + @ENDIF_CVSS3_RATINGS@ hole + @IF_CVSS3_RATINGS@ + high + @ENDIF_CVSS3_RATINGS@ info + @IF_CVSS3_RATINGS@ + low + @ENDIF_CVSS3_RATINGS@ log warning + @IF_CVSS3_RATINGS@ + medium + @ENDIF_CVSS3_RATINGS@ full @@ -2381,10 +2410,35 @@ along with this program. If not, see . Number of results after filtering integer + @IF_CVSS3_RATINGS@ + + critical + + Number of "critical" results (threat level critical) + + + full + filtered + + + full + Total number of results + integer + + + filtered + Number of results after filtering + integer + + + @ENDIF_CVSS3_RATINGS@ hole Number of "hole" results (threat level High) + @IF_CVSS3_RATINGS@ + ,will be deprecated. Use high instead + @ENDIF_CVSS3_RATINGS@ full @@ -2401,10 +2455,35 @@ along with this program. If not, see . integer + @IF_CVSS3_RATINGS@ + + high + + Number of "high" results (threat level High) + + + full + filtered + + + full + Total number of results + integer + + + filtered + Number of results after filtering + integer + + + @ENDIF_CVSS3_RATINGS@ info Number of "info" results (threat level Low) + @IF_CVSS3_RATINGS@ + ,will be deprecated. Use low instead + @ENDIF_CVSS3_RATINGS@ full @@ -2421,6 +2500,28 @@ along with this program. If not, see . integer + @IF_CVSS3_RATINGS@ + + low + + Number of "low" results (threat level Low) + + + full + filtered + + + full + Total number of results + integer + + + filtered + Number of results after filtering + integer + + + @ENDIF_CVSS3_RATINGS@ log @@ -2445,6 +2546,30 @@ along with this program. If not, see . warning Number of "warning" results (threat level Medium) + @IF_CVSS3_RATINGS@ + ,will be deprecated. Use medium instead + @ENDIF_CVSS3_RATINGS@ + + + full + filtered + + + full + Total number of results + integer + + + filtered + Number of results after filtering + integer + + + @IF_CVSS3_RATINGS@ + + medium + + Number of "medium" results (threat level Medium) full @@ -2461,6 +2586,7 @@ along with this program. If not, see . integer + @ENDIF_CVSS3_RATINGS@ compliance_count @@ -2915,10 +3041,22 @@ along with this program. If not, see . page + @IF_CVSS3_RATINGS@ + critical + @ENDIF_CVSS3_RATINGS@ hole - warning + @IF_CVSS3_RATINGS@ + high + @ENDIF_CVSS3_RATINGS@ info + @IF_CVSS3_RATINGS@ + low + @ENDIF_CVSS3_RATINGS@ log + warning + @IF_CVSS3_RATINGS@ + medium + @ENDIF_CVSS3_RATINGS@ false_positive @@ -2926,9 +3064,30 @@ along with this program. If not, see . Total number of results for current host on current page integer + @IF_CVSS3_RATINGS@ + + critical + + Number of "critical" results (level "Critical") + + + page + + + page + Number of results on current page + integer + + + @ENDIF_CVSS3_RATINGS@ hole - Number of "hole" results (level "High") + + Number of "hole" results (level "High") + @IF_CVSS3_RATINGS@ + ,will be deprecated. Use high instead + @ENDIF_CVSS3_RATINGS@ + page @@ -2938,9 +3097,30 @@ along with this program. If not, see . integer + @IF_CVSS3_RATINGS@ + + high + + Number of "high" results (level "High") + + + page + + + page + Number of results on current page + integer + + + @ENDIF_CVSS3_RATINGS@ warning - Number of "warning" results (level "Medium") + + Number of "warning" results (level "Medium") + @IF_CVSS3_RATINGS@ + ,will be deprecated. Use medium instead + @ENDIF_CVSS3_RATINGS@ + page @@ -2950,9 +3130,43 @@ along with this program. If not, see . integer + @IF_CVSS3_RATINGS@ + + medium + + Number of "medium" results (level "Medium") + + + page + + + page + Number of results on current page + integer + + + @ENDIF_CVSS3_RATINGS@ info - Number of "info" results (level "Low") + + Number of "info" results (level "Low") + @IF_CVSS3_RATINGS@ + ,will be deprecated. Use low instead + @ENDIF_CVSS3_RATINGS@ + + + page + + + page + Number of results on current page + integer + + + @IF_CVSS3_RATINGS@ + + low + Number of "low" results (level "Low") page @@ -2962,6 +3176,7 @@ along with this program. If not, see . integer + @ENDIF_CVSS3_RATINGS@ log Number of "log" results @@ -18319,6 +18534,13 @@ END:VCALENDAR integer Number of high severity results + @IF_CVSS3_RATINGS@ + + critical + integer + Number of critical severity results + + @ENDIF_CVSS3_RATINGS@ hosts integer @@ -18354,6 +18576,13 @@ END:VCALENDAR integer Number of high severity results per host with results + @IF_CVSS3_RATINGS@ + + critical_per_host + integer + Number of critical severity results per host with results + + @ENDIF_CVSS3_RATINGS@ start_time iso_time @@ -18661,6 +18890,9 @@ END:VCALENDAR first=1 rows=-1 sort=name + @IF_CVSS3_RATINGS@ + Critical + @ENDIF_CVSS3_RATINGS@ High Medium Low @@ -18705,6 +18937,41 @@ END:VCALENDAR 10 10 + @IF_CVSS3_RATINGS@ + + 0 + 0 + + + 0 + 0 + + + 0 + 0 + + + 7 + 7 + + + 7 + 7 + + + 0 + 0 + + + 3 + 3 + + + 3 + 3 + + @ENDIF_CVSS3_RATINGS@ + @IF_NOT_CVSS3_RATINGS@ 0 0 @@ -18721,6 +18988,7 @@ END:VCALENDAR 3 3 + @ENDIF_NOT_CVSS3_RATINGS@ dik mm @@ -22666,6 +22934,13 @@ END:VCALENDAR integer Number of high severity results + @IF_CVSS3_RATINGS@ + + critical + integer + Number of critical severity results + + @ENDIF_CVSS3_RATINGS@ hosts integer @@ -22701,6 +22976,13 @@ END:VCALENDAR integer Number of high severity results per host with results + @IF_CVSS3_RATINGS@ + + critical_per_host + integer + Number of critical severity results per host with results + + @ENDIF_CVSS3_RATINGS@ target name @@ -23246,9 +23528,20 @@ END:VCALENDAR false_positive log + @IF_CVSS3_RATINGS@ info + low warning + medium hole + high + critical + @ENDIF_CVSS3_RATINGS@ + @IF_NOT_CVSS3_RATINGS@ + info + warning + hole + @ENDIF_NOT_CVSS3_RATINGS@ false_positive @@ -23261,15 +23554,46 @@ END:VCALENDAR info integer + @IF_CVSS3_RATINGS@ + This will be deprecated. Use low instead + @ENDIF_CVSS3_RATINGS@ + + @IF_CVSS3_RATINGS@ + + low + integer + @ENDIF_CVSS3_RATINGS@ warning integer + @IF_CVSS3_RATINGS@ + This will be deprecated. Use medium instead + @ENDIF_CVSS3_RATINGS@ + @IF_CVSS3_RATINGS@ + + medium + integer + + @ENDIF_CVSS3_RATINGS@ hole integer + @IF_CVSS3_RATINGS@ + This will be deprecated. Use high instead + @ENDIF_CVSS3_RATINGS@ + @IF_CVSS3_RATINGS@ + + high + integer + + + critical + integer + + @ENDIF_CVSS3_RATINGS@ severity @@ -23502,10 +23826,22 @@ END:VCALENDAR Mon Feb 1 19:11:20 2010 + @IF_CVSS3_RATINGS@ + 0 0 + 0 7 + 7 0 3 + 3 + @ENDIF_CVSS3_RATINGS@ + @IF_NOT_CVSS3_RATINGS@ + 0 + 7 + 0 + 3 + @ENDIF_NOT_CVSS3_RATINGS@ 5.0 @@ -23577,10 +23913,22 @@ END:VCALENDAR Mon Feb 1 19:11:20 2010 + @IF_CVSS3_RATINGS@ + 0 0 + 0 7 + 7 0 3 + 3 + @ENDIF_CVSS3_RATINGS@ + @IF_NOT_CVSS3_RATINGS@ + 0 + 7 + 0 + 3 + @ENDIF_NOT_CVSS3_RATINGS@ 5.0 @@ -23593,20 +23941,44 @@ END:VCALENDAR Mon Feb 1 18:51:38 2010 Done + @IF_CVSS3_RATINGS@ + 0 0 + 0 7 + 7 0 3 + 3 + @ENDIF_CVSS3_RATINGS@ + @IF_NOT_CVSS3_RATINGS@ + 0 + 7 + 0 + 3 + @ENDIF_NOT_CVSS3_RATINGS@ Mon Feb 1 19:11:20 2010 Done + @IF_CVSS3_RATINGS@ + 0 0 + 0 7 + 7 0 3 + 3 + @ENDIF_CVSS3_RATINGS@ + @IF_NOT_CVSS3_RATINGS@ + 0 + 7 + 0 + 3 + @ENDIF_NOT_CVSS3_RATINGS@ 5.0 @@ -23697,11 +24069,24 @@ END:VCALENDAR 2019-04-24T14:26:01+02:00 2019-04-24T14:50:59+02:00 + @IF_CVSS3_RATINGS@ + 0 1 + 1 0 + 0 77 8 + 8 + 0 + @ENDIF_CVSS3_RATINGS@ + @IF_NOT_CVSS3_RATINGS@ + 1 + 0 + 77 + 8 0 + @ENDIF_NOT_CVSS3_RATINGS@ 9.0