Skip to content

Commit

Permalink
Merge pull request #32 from goark/debug-and-refactoring
Browse files Browse the repository at this point in the history 
Fixed that no error when misordered CVSSv2 vector string (issue #31)
  • Loading branch information
@spiegel-im-spiegel
spiegel-im-spiegel authored Feb 2, 2023
2 parents 99e85cc + 889a2de commit 059836d
Show file tree
Hide file tree
Showing 5 changed files with 33 additions and 7 deletions.
1 change: 1 addition & 0 deletions cvsserr/errors.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ var (
ErrNoBaseMetrics = errors.New("no Base metrics")
ErrNoTemporalMetrics = errors.New("no Temporal metrics")
ErrNoEnvironmentalMetrics = errors.New("no Environmental metrics")
ErrMisordered = errors.New("misordered vector string")
)

/* Copyright 2018-2023 Spiegel
Expand Down
9 changes: 8 additions & 1 deletion v2/metric/base.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,14 @@ func (m *Base) Decode(vector string) (*Base, error) {
if lastErr != nil {
return m, lastErr
}
return m, m.GetError()
enc, err := m.Encode()
if err != nil {
return m, errs.Wrap(err, errs.WithContext("vector", vector))
}
if vector != enc {
return m, errs.Wrap(cvsserr.ErrMisordered, errs.WithContext("vector", vector))
}
return m, nil
}

func (m *Base) decodeOne(str string) error {
Expand Down
12 changes: 9 additions & 3 deletions v2/metric/environmental.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,14 @@ func (m *Environmental) Decode(vector string) (*Environmental, error) {
if lastErr != nil {
return m, lastErr
}
return m, m.GetError()
enc, err := m.Encode()
if err != nil {
return m, errs.Wrap(err, errs.WithContext("vector", vector))
}
if vector != enc {
return m, errs.Wrap(cvsserr.ErrMisordered, errs.WithContext("vector", vector))
}
return m, nil
}

func (m *Environmental) decodeOne(str string) error {
Expand Down Expand Up @@ -141,9 +148,8 @@ func (m *Environmental) Encode() (string, error) {
if m == nil {
return "", errs.Wrap(cvsserr.ErrNoBaseMetrics)
}
ts, _ := m.Temporal.Encode()
r := &strings.Builder{}
r.WriteString(ts) //Vector of Temporal metrics
r.WriteString(m.Temporal.String()) //Vector of Temporal metrics
if m.names[metricCDP] {
r.WriteString(fmt.Sprintf("/%s:%v", metricCDP, m.CDP)) // Collateral Damage Potential
}
Expand Down
6 changes: 6 additions & 0 deletions v2/metric/metric_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ func TestValidationBase(t *testing.T) {
{vec: "AV:N/AC:H/Au:0/C:C/I:N/A:C", err: cvsserr.ErrInvalidValue},
{vec: "AV:N/AC:0/Au:M/C:C/I:N/A:C", err: cvsserr.ErrInvalidValue},
{vec: "AV:0/AC:H/Au:M/C:C/I:N/A:C", err: cvsserr.ErrInvalidValue},
{vec: "AV:N/AC:H/Au:M/C:C/A:C/I:N", err: cvsserr.ErrMisordered},
{vec: "AV:N/AC:L/Au:N/C:N/I:N/A:C", err: nil},
}

Expand All @@ -46,6 +47,8 @@ func TestValidationTemporal(t *testing.T) {
{vec: "AV:N/AC:H/Au:M/C:C/I:N/A:C/E:0/RL:ND/RC:ND", err: cvsserr.ErrInvalidValue},
{vec: "AV:N/AC:H/Au:M/C:C/I:N/A:C/E:U/RL:ND", err: cvsserr.ErrNoTemporalMetrics},
{vec: "AV:N/AC:L/Au:N/C:N/I:N/E:U/RL:ND/RC:ND", err: cvsserr.ErrNoBaseMetrics},
{vec: "AV:N/AC:L/Au:N/C:N/A:C/I:N/E:U/RL:ND/RC:ND", err: cvsserr.ErrMisordered},
{vec: "AV:N/AC:L/Au:N/C:N/I:N/A:C/E:U/RC:ND/RL:ND", err: cvsserr.ErrMisordered},
{vec: "AV:N/AC:L/Au:N/C:N/I:N/A:C/E:U/RL:ND/RC:ND", err: nil},
}

Expand Down Expand Up @@ -75,6 +78,9 @@ func TestValidationEnvironmental(t *testing.T) {
{vec: "AV:N/AC:L/Au:N/C:N/I:N/A:C/E:U/RL:ND/RC:ND/CDP:H/TD:H/CR:M/IR:M", err: cvsserr.ErrNoEnvironmentalMetrics},
{vec: "AV:N/AC:L/Au:N/C:N/I:N/A:C/E:U/RL:ND/CDP:H/TD:H/CR:M/IR:M/AR:H", err: cvsserr.ErrNoTemporalMetrics},
{vec: "AV:N/AC:L/Au:N/C:N/I:N/E:U/RL:ND/RC:ND/CDP:H/TD:H/CR:M/IR:M/AR:H", err: cvsserr.ErrNoBaseMetrics},
{vec: "AV:N/AC:L/Au:N/C:N/A:C/I:N/E:U/RL:ND/RC:ND/CDP:H/TD:H/CR:M/IR:M/AR:H", err: cvsserr.ErrMisordered},
{vec: "AV:N/AC:L/Au:N/C:N/I:N/A:C/E:U/RC:ND/RL:ND/CDP:H/TD:H/CR:M/IR:M/AR:H", err: cvsserr.ErrMisordered},
{vec: "AV:N/AC:L/Au:N/C:N/I:N/A:C/E:U/RL:ND/RC:ND/CDP:H/TD:H/CR:M/AR:H/IR:M", err: cvsserr.ErrMisordered},
{vec: "AV:N/AC:L/Au:N/C:N/I:N/A:C/E:U/RL:ND/RC:ND/CDP:H/TD:H/CR:M/IR:M/AR:H", err: nil},
}

Expand Down
12 changes: 9 additions & 3 deletions v2/metric/temporal.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,14 @@ func (m *Temporal) Decode(vector string) (*Temporal, error) {
if lastErr != nil {
return m, lastErr
}
return m, m.GetError()
enc, err := m.Encode()
if err != nil {
return m, errs.Wrap(err, errs.WithContext("vector", vector))
}
if vector != enc {
return m, errs.Wrap(cvsserr.ErrMisordered, errs.WithContext("vector", vector))
}
return m, nil
}

func (m *Temporal) decodeOne(str string) error {
Expand Down Expand Up @@ -125,9 +132,8 @@ func (m *Temporal) Encode() (string, error) {
if m == nil {
return "", errs.Wrap(cvsserr.ErrNoBaseMetrics)
}
bs, _ := m.Base.Encode()
r := &strings.Builder{}
r.WriteString(bs) //Vector of Base metrics
r.WriteString(m.Base.String()) //Vector of Base metrics
if m.names[metricE] {
r.WriteString(fmt.Sprintf("/%s:%v", metricE, m.E)) // Exploitability
}
Expand Down

0 comments on commit 059836d

Please sign in to comment.