CVSS Override: Revert #9744

DefectDojo · Apr 1, 2024 · 1d7f3d1 · 1d7f3d1
1 parent ad13bae
commit 1d7f3d1
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 30 deletions.
diff --git a/dojo/api_v2/serializers.py b/dojo/api_v2/serializers.py
@@ -1719,17 +1719,6 @@ def get_display_status(self, obj) -> str:
 
     # Overriding this to push add Push to JIRA functionality
     def update(self, instance, validated_data):
-        # cvssv3 handling cvssv3 vector takes precedence,
-        # then cvssv3_score and finally severity
-        if validated_data.get("cvssv3"):
-            validated_data["cvssv3_score"] = None
-            validated_data["severity"] = ""
-        elif validated_data.get("cvssv3_score"):
-            validated_data["severity"] = ""
-        elif validated_data.get("severity"):
-            validated_data["cvssv3"] = None
-            validated_data["cvssv3_score"] = None
-
         # remove tags from validated data and store them seperately
         to_be_tagged, validated_data = self._pop_tags(validated_data)
 

diff --git a/dojo/models.py b/dojo/models.py
@@ -3004,32 +3004,17 @@ def save(self, dedupe_option=True, rules_option=True, product_grading_option=Tru
         from titlecase import titlecase
         self.title = titlecase(self.title[:511])
 
-        # Synchronize cvssv3 score and severity using cvssv3 vector
-        # the vector trumps all if we get it
+        # Assign the numerical severity for correct sorting order
+        self.numerical_severity = Finding.get_numerical_severity(self.severity)
+
+        # Synchronize cvssv3 score using cvssv3 vector
         if self.cvssv3:
             try:
                 cvss_object = CVSS3(self.cvssv3)
                 # use the environmental score, which is the most refined score
-                self.severity = cvss_object.severities()[2]
-                if self.severity == "None":
-                    self.severity = "Info"
                 self.cvssv3_score = cvss_object.scores()[2]
             except Exception as ex:
                 logger.error("Can't compute cvssv3 score for finding id %i. Invalid cvssv3 vector found: '%s'. Exception: %s", self.id, self.cvssv3, ex)
-        elif self.cvssv3_score:
-            if self.cvssv3_score < .1:
-                self.severity = "Info"
-            elif self.cvssv3_score <= 3.9:
-                self.severity = "Low"
-            elif self.cvssv3_score <= 6.9:
-                self.severity = "Medium"
-            elif self.cvssv3_score <= 8.9:
-                self.severity = "High"
-            else:
-                self.severity = "Critical"
-
-        # Assign the numerical severity for correct sorting order
-        self.numerical_severity = Finding.get_numerical_severity(self.severity)
 
         # Finding.save is called once from serializers.py with dedupe_option=False because the finding is not ready yet, for example the endpoints are not built
         # It is then called a second time with dedupe_option defaulted to true; now we can compute the hash_code and run the deduplication