From 1d7f3d16c6c919b3e53779396eb829f98c19f35d Mon Sep 17 00:00:00 2001
From: Cody Maffucci <46459665+Maffooch@users.noreply.github.com>
Date: Mon, 1 Apr 2024 13:34:16 -0500
Subject: [PATCH] CVSS Override: Revert #9744

---
 dojo/api_v2/serializers.py | 11 -----------
 dojo/models.py             | 23 ++++-------------------
 2 files changed, 4 insertions(+), 30 deletions(-)

diff --git a/dojo/api_v2/serializers.py b/dojo/api_v2/serializers.py
index d82476e8b59..01d6a816c1e 100644
--- a/dojo/api_v2/serializers.py
+++ b/dojo/api_v2/serializers.py
@@ -1719,17 +1719,6 @@ def get_display_status(self, obj) -> str:
 
     # Overriding this to push add Push to JIRA functionality
     def update(self, instance, validated_data):
-        # cvssv3 handling cvssv3 vector takes precedence,
-        # then cvssv3_score and finally severity
-        if validated_data.get("cvssv3"):
-            validated_data["cvssv3_score"] = None
-            validated_data["severity"] = ""
-        elif validated_data.get("cvssv3_score"):
-            validated_data["severity"] = ""
-        elif validated_data.get("severity"):
-            validated_data["cvssv3"] = None
-            validated_data["cvssv3_score"] = None
-
         # remove tags from validated data and store them seperately
         to_be_tagged, validated_data = self._pop_tags(validated_data)
 
diff --git a/dojo/models.py b/dojo/models.py
index 850fbd2b8e4..a59af55ee9a 100755
--- a/dojo/models.py
+++ b/dojo/models.py
@@ -3004,32 +3004,17 @@ def save(self, dedupe_option=True, rules_option=True, product_grading_option=Tru
         from titlecase import titlecase
         self.title = titlecase(self.title[:511])
 
-        # Synchronize cvssv3 score and severity using cvssv3 vector
-        # the vector trumps all if we get it
+        # Assign the numerical severity for correct sorting order
+        self.numerical_severity = Finding.get_numerical_severity(self.severity)
+
+        # Synchronize cvssv3 score using cvssv3 vector
         if self.cvssv3:
             try:
                 cvss_object = CVSS3(self.cvssv3)
                 # use the environmental score, which is the most refined score
-                self.severity = cvss_object.severities()[2]
-                if self.severity == "None":
-                    self.severity = "Info"
                 self.cvssv3_score = cvss_object.scores()[2]
             except Exception as ex:
                 logger.error("Can't compute cvssv3 score for finding id %i. Invalid cvssv3 vector found: '%s'. Exception: %s", self.id, self.cvssv3, ex)
-        elif self.cvssv3_score:
-            if self.cvssv3_score < .1:
-                self.severity = "Info"
-            elif self.cvssv3_score <= 3.9:
-                self.severity = "Low"
-            elif self.cvssv3_score <= 6.9:
-                self.severity = "Medium"
-            elif self.cvssv3_score <= 8.9:
-                self.severity = "High"
-            else:
-                self.severity = "Critical"
-
-        # Assign the numerical severity for correct sorting order
-        self.numerical_severity = Finding.get_numerical_severity(self.severity)
 
         # Finding.save is called once from serializers.py with dedupe_option=False because the finding is not ready yet, for example the endpoints are not built
         # It is then called a second time with dedupe_option defaulted to true; now we can compute the hash_code and run the deduplication