Skip to content

Commit

Permalink
Merge pull request #2854 from y0urself/convert-score-to-severity
Browse files Browse the repository at this point in the history 
Revert the changes from severity to score.
  • Loading branch information
@saberlynx
saberlynx authored Apr 14, 2021
2 parents b27da6f + 13ab2ee commit c3064e6
Show file tree
Hide file tree
Showing 15 changed files with 26 additions and 36 deletions.
2 changes: 2 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
- Added the CVSS v3.1 BaseScore calculator to the `/cvsscalculator` page in the Help section. [#2536](https://github.com/greenbone/gsa/pull/2536)

### Changed
- Revert the changes from integer `score` to a float `severity` [#2854](https://github.com/greenbone/gsa/pull/2854)
- Show StartIcon for scheduled tasks [#2840](https://github.com/greenbone/gsa/pull/2840)
- Remove solution from log NVTs [#2792](https://github.com/greenbone/gsa/pull/2792)
- Don't show empty sections in result details [#2791](https://github.com/greenbone/gsa/pull/2791)
Expand All @@ -29,6 +30,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
- CVE Tables Page can now be used with the updated xml-format and CVSSv3(.1). [#2583](https://github.com/greenbone/gsa/pull/2583)
- The CVSS v2 BaseScore calculator calculates the score on the client side now. [#2536](https://github.com/greenbone/gsa/pull/2536)


### Fixed
- Fixed setting comments of business process nodes [#2781](https://github.com/greenbone/gsa/pull/2781)
- Added the deprecatedBy field to CPEs [#2751](https://github.com/greenbone/gsa/pull/2751)
Expand Down
3 changes: 1 addition & 2 deletions gsa/src/gmp/models/__tests__/certbund.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,12 +35,11 @@ describe('CertBundAdv model tests', () => {

test('should parse severity', () => {
const elem = {
score: '85',
severity: '8.5',
};
const certBundAdv = CertBundAdv.fromElement(elem);

expect(certBundAdv.severity).toEqual(8.5);
expect(certBundAdv.score).toBeUndefined();
});

test('should return empty categories array if no advisory is given', () => {
Expand Down
5 changes: 2 additions & 3 deletions gsa/src/gmp/models/__tests__/cpe.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,10 +24,9 @@ testModel(Cpe, 'cpe');

describe('CPE model tests', () => {
test('should parse severity correctly', () => {
const cpe = Cpe.fromElement({score: '50'});
const cpe2 = Cpe.fromElement({score: '100'});
const cpe = Cpe.fromElement({severity: '5.0'});
const cpe2 = Cpe.fromElement({severity: '10.0'});

expect(cpe.score).toBeUndefined();
expect(cpe.severity).toEqual(5.0);
expect(cpe2.severity).toEqual(10);
});
Expand Down
4 changes: 2 additions & 2 deletions gsa/src/gmp/models/__tests__/cve.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,7 @@ describe('CVE model tests', () => {

test('should parse severity', () => {
const elem = {
score: '85',
severity: '8.5',
};
const cve = Cve.fromElement(elem);

Expand Down Expand Up @@ -134,7 +134,7 @@ describe('CVE model tests', () => {
test('should parse CVSS metrics', () => {
const elem = {
cve: {
score: '100',
severity: '10.0',
cvss_vector: 'AV:N/AC:L/Au:N/C:C/I:C/A:C',
},
};
Expand Down
5 changes: 2 additions & 3 deletions gsa/src/gmp/models/__tests__/dfncert.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,10 +30,9 @@ describe('DfnCertAdv model tests', () => {
});

test('should parse severity correctly', () => {
const dfnCertAdv = DfnCertAdv.fromElement({score: '50'});
const dfnCertAdv2 = DfnCertAdv.fromElement({score: '100'});
const dfnCertAdv = DfnCertAdv.fromElement({severity: '5.0'});
const dfnCertAdv2 = DfnCertAdv.fromElement({severity: '10.0'});

expect(dfnCertAdv.score).toBeUndefined();
expect(dfnCertAdv.severity).toEqual(5.0);
expect(dfnCertAdv2.severity).toEqual(10);
});
Expand Down
10 changes: 5 additions & 5 deletions gsa/src/gmp/models/__tests__/nvt.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -161,27 +161,27 @@ describe('nvt Model tests', () => {
const nvt1 = Nvt.fromElement({
severities: {
severity: {
score: 94,
score: 9.4,
origin: 'Vendor',
date: '2021-03-10T06:40:13Z',
},
},
cvss_base: '6.6',
score: '6.6',
});
const nvt2 = Nvt.fromElement({
severities: {
severity: {
score: 74,
score: 7.4,
origin: 'Greenbone',
date: '2020-03-10T06:40:13Z',
},
},
cvss_base: '',
score: '',
});
const nvt3 = Nvt.fromElement({
severities: {
severity: {
score: 10,
score: 1.0,
origin: '',
},
},
Expand Down
3 changes: 1 addition & 2 deletions gsa/src/gmp/models/__tests__/ovaldef.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,10 +29,9 @@ testModel(Ovaldef, 'ovaldef');

describe('Ovaldef model tests', () => {
test('should parse severity', () => {
const ovaldef = Ovaldef.fromElement({score: '85'});
const ovaldef = Ovaldef.fromElement({severity: '8.5'});

expect(ovaldef.severity).toEqual(8.5);
expect(ovaldef.score).toBeUndefined();
});

test('should parse deprecated', () => {
Expand Down
3 changes: 1 addition & 2 deletions gsa/src/gmp/models/certbund.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,8 +28,7 @@ class CertBundAdv extends Info {
static parseElement(element) {
const ret = super.parseElement(element, 'cert_bund_adv');

ret.severity = parseSeverity(ret.score / 10);
delete ret.score;
ret.severity = parseSeverity(ret.severity);

ret.categories = [];
ret.description = [];
Expand Down
4 changes: 1 addition & 3 deletions gsa/src/gmp/models/cpe.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,9 +29,7 @@ class Cpe extends Info {

static parseElement(element) {
const ret = super.parseElement(element, 'cpe');

ret.severity = parseSeverity(ret.score / 10);
delete ret.score;
ret.severity = parseSeverity(ret.severity);

if (isDefined(ret.cves) && isDefined(ret.cves.cve)) {
ret.cves = map(ret.cves.cve, cve => ({
Expand Down
4 changes: 1 addition & 3 deletions gsa/src/gmp/models/cve.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,9 +38,7 @@ class Cve extends Info {
ret.updateTime = parseDate(ret.update_time);
delete ret.update_time;
}
// divide by ten because we now use integer 0-100 in cves
ret.severity = parseSeverity(ret.score / 10);
delete ret.cvss;
ret.severity = parseSeverity(ret.severity);

if (isDefined(ret.nvts)) {
ret.nvts = map(ret.nvts.nvt, nvt => {
Expand Down
4 changes: 1 addition & 3 deletions gsa/src/gmp/models/dfncert.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,9 +27,7 @@ class DfnCertAdv extends Info {

static parseElement(element) {
const ret = super.parseElement(element, 'dfn_cert_adv');

ret.severity = parseSeverity(ret.score / 10);
delete ret.score;
ret.severity = parseSeverity(ret.severity);

const {raw_data} = ret;

Expand Down
6 changes: 3 additions & 3 deletions gsa/src/gmp/models/nvt.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -142,8 +142,8 @@ class Nvt extends Info {

if (isDefined(ret.severities)) {
const {severity} = ret.severities;
ret.severity = parseSeverity(severity?.score / 10);
ret.severityOrigin = parseText(severity?.origin);
ret.severity = parseSeverity(severity.score);
ret.severityOrigin = parseText(severity.origin);
ret.severityDate = parseDate(severity.date);
} else {
ret.severity = parseSeverity(ret.cvss_base);
Expand All @@ -156,7 +156,7 @@ class Nvt extends Info {
const solutionMethod = ret.solution._method;
ret.solution = {
type: isEmpty(solutionType) ? undefined : solutionType,
description: isEmpty(solutionText) ? undefined : solutionText,
description: isEmpty(solutionText) ? undefined : solutionText,
method: isEmpty(solutionMethod) ? undefined : solutionMethod,
};
}
Expand Down
3 changes: 1 addition & 2 deletions gsa/src/gmp/models/ovaldef.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -74,8 +74,7 @@ class Ovaldef extends Info {
static parseElement(element) {
const ret = super.parseElement(element, 'ovaldef');

ret.severity = parseSeverity(ret.score / 10);
delete ret.score;
ret.severity = parseSeverity(ret.severity);

const {raw_data} = ret;

Expand Down
2 changes: 1 addition & 1 deletion gsa/src/web/pages/cves/__tests__/detailspage.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@ const entity_v2 = Cve.fromElement({
permissions: '',
update_time: '2020-10-30T11:44:00.000+0000',
cve: {
score: 55,
severity: 5.5,
cvss_vector: 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N',
description:
'An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.6, watchOS 6.2.8. A malicious application may disclose restricted memory.',
Expand Down
4 changes: 2 additions & 2 deletions gsa/src/web/pages/cves/__tests__/row.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ const entity = Cve.fromElement({
name: 'CVE-2020-9992',
cvss_vector: 'AV:N/AC:M/Au:N/C:C/I:C/A:C',
creationTime: '2020-10-22T19:15:00Z',
score: '93',
severity: '9.3',
description: 'foo bar baz',
usage_type: 'cve',
});
Expand Down Expand Up @@ -127,7 +127,7 @@ const entity_v3 = Cve.fromElement({
name: 'CVE-2020-9992',
cvss_vector: 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H',
creationTime: '2020-10-22T19:15:00Z',
score: '71',
severity: '7.1',
description: 'foo bar baz',
usage_type: 'cve',
});
Expand Down

0 comments on commit c3064e6

Please sign in to comment.