Special Negative Severity Values in Greenbone OpenVAS

csalt · July 2, 2024, 9:32am

Hello team,

From documentation we found the below for the Severity Score:
“A severity score is a decimal number between 0.0 and 10.0 (inclusive) with one digit after the decimal point or a special negative value (-1.0, -2.0 or -3.0). If a single severity score defines a constraint, e.g. on whether an override applies, for values 0.0 and lower the severity must be equal to match while for > 0.0 the compared value must be greater or equal.”

Unfortunately, I was not able to spot somewhere in documentation what is the meaning of the special negative severity values?

Any idea about this? Maybe some links that provide explanation?

Thank you!!

Martin · July 3, 2024, 2:23pm

Negative severity values are used for special cases such as false positive results or error messages.

For details you can have a look at the corresponding code at gvmd/src/manage_utils.h at b8f5561e5a9ee3b54bf9bfe0011018efe5a20cb3 · greenbone/gvmd · GitHub.

I’ll also check whether we can improve the API documentation in the future.

csalt · July 3, 2024, 2:34pm

Thank you @Martin,

So based on the code, we don’t have severity score -2 right?

Martin · July 3, 2024, 2:43pm

Currently not, no. It used to be for debug messages, see gvmd/src/manage_utils.h at 195c64e4216a762ecda0d6664c06df425a7565ea · greenbone/gvmd · GitHub, but was removed for GVM 21.04 (we are at 22.04 currently). I cannot recall the reason at the moment.