Extend GMP for extended severities

CMakeLists.txt

@@ -96,7 +96,7 @@ include (CPack)
 
 ## Variables
 
-set (GVMD_DATABASE_VERSION 236)
+set (GVMD_DATABASE_VERSION 237)
 
 set (GVMD_SCAP_DATABASE_VERSION 16)
 

src/gmp.c

@@ -9076,19 +9076,25 @@ results_xml_append_nvt (iterator_t *results, GString *buffer, int cert_loaded)
     {
       if (g_str_has_prefix (oid, "CVE-"))
         {
+          int score;
           gchar *cvss_base;
+
           cvss_base = cve_cvss_base (oid);
+          score = cve_score (oid);
           buffer_xml_append_printf (buffer,
                                     "<nvt oid=\"%s\">"
                                     "<type>cve</type>"
                                     "<name>%s</name>"
                                     "<cvss_base>%s</cvss_base>"
+                                    "<severities score=\"%i\">"
+                                    "</severities>"
                                     "<cpe id='%s'/>"
                                     "<cve>%s</cve>"
                                     "</nvt>",
                                     oid,
                                     oid,
                                     cvss_base,
+                                    score,
                                     result_iterator_port (results),
                                     oid);
           g_free (cvss_base);
@@ -9116,10 +9122,13 @@ results_xml_append_nvt (iterator_t *results, GString *buffer, int cert_loaded)
                                     "<name>%s</name>"
                                     "<family/>"
                                     "<cvss_base>%s</cvss_base>"
+                                    "<severities score=\"%i\">"
+                                    "</severities>"
                                     "<tags>summary=%s</tags>",
                                     oid,
                                     ovaldef_info_iterator_title (&iterator),
                                     ovaldef_info_iterator_max_cvss (&iterator),
+                                    ovaldef_info_iterator_score (&iterator),
                                     ovaldef_info_iterator_description (&iterator));
           g_free (get.id);
           cleanup_iterator (&iterator);
@@ -9241,11 +9250,14 @@ results_xml_append_nvt (iterator_t *results, GString *buffer, int cert_loaded)
                                     "<name>%s</name>"
                                     "<family>%s</family>"
                                     "<cvss_base>%s</cvss_base>"
+                                    "<severities score=\"%i\">"
+                                    "</severities>"
                                     "<tags>%s</tags>",
                                     oid,
                                     result_iterator_nvt_name (results) ?: oid,
                                     result_iterator_nvt_family (results) ?: "",
                                     cvss_base ?: "",
+                                    result_iterator_nvt_score (results),
                                     tags->str ?: "");
 
           if (result_iterator_nvt_solution (results)

src/manage.c

@@ -5444,6 +5444,8 @@ get_nvt_xml (iterator_t *nvts, int details, int pref_count,
                               "<category>%d</category>"
                               "<family>%s</family>"
                               "<cvss_base>%s</cvss_base>"
+                              "<severities score=\"%i\">"
+                              "</severities>"
                               "<qod>"
                               "<value>%s</value>"
                               "<type>%s</type>"
@@ -5467,6 +5469,7 @@ get_nvt_xml (iterator_t *nvts, int details, int pref_count,
                               nvt_iterator_cvss_base (nvts)
                                ? nvt_iterator_cvss_base (nvts)
                                : "",
+                              nvt_iterator_score (nvts),
                               nvt_iterator_qod (nvts),
                               nvt_iterator_qod_type (nvts),
                               refs_str->str,

src/manage.h

@@ -1385,6 +1385,9 @@ result_iterator_nvt_cvss_base (iterator_t *);
 const char*
 result_iterator_nvt_tag (iterator_t *);
 
+int
+result_iterator_nvt_score (iterator_t *);
+
 const char*
 result_iterator_descr (iterator_t*);
 
@@ -1814,6 +1817,9 @@ nvt_iterator_solution_type (iterator_t*);
 const char*
 nvt_iterator_solution_method (iterator_t*);
 
+int
+nvt_iterator_score (iterator_t *);
+
 char*
 nvt_default_timeout (const char *);
 
@@ -3132,6 +3138,9 @@ cve_info_count (const get_data_t *get);
 gchar *
 cve_cvss_base (const gchar *);
 
+int
+cve_score (const gchar *);
+
 /* OVAL definitions */
 int
 init_ovaldef_info_iterator (iterator_t*, get_data_t*, const char*);
@@ -3166,6 +3175,9 @@ ovaldef_info_iterator_max_cvss (iterator_t*);
 const char*
 ovaldef_info_iterator_cve_refs (iterator_t*);
 
+int
+ovaldef_info_iterator_score (iterator_t *);
+
 char *
 ovaldef_severity (const char *);
 

src/manage_migrators.c

@@ -2425,6 +2425,40 @@ migrate_235_to_236 ()
   return 0;
 }
 
+/**
+ * @brief Migrate the database from version 236 to version 237.
+ *
+ * @return 0 success, -1 error.
+ */
+int
+migrate_236_to_237 ()
+{
+  sql_begin_immediate ();
+
+  /* Ensure that the database is currently version 236. */
+
+  if (manage_db_version () != 236)
+    {
+      sql_rollback ();
+      return -1;
+    }
+
+  /* Update the database. */
+
+  /* NVT scores were introduced, for handling extended severities. */
+
+  sql ("ALTER TABLE nvts ADD column score integer;");
+  sql ("UPDATE nvts SET score = (cvss_base::float * 10)::integer;");
+
+  /* Set the database version to 237. */
+
+  set_db_version (237);
+
+  sql_commit ();
+
+  return 0;
+}
+
 #undef UPDATE_DASHBOARD_SETTINGS
 
 /**
@@ -2467,6 +2501,7 @@ static migrator_t database_migrators[] = {
   {234, migrate_233_to_234},
   {235, migrate_234_to_235},
   {236, migrate_235_to_236},
+  {237, migrate_236_to_237},
   /* End marker. */
   {-1, NULL}};