Skip to content

Commit

Permalink
🧹 improve cvss version detection (#4692)
Browse files Browse the repository at this point in the history
  • Loading branch information
chris-rock authored Sep 25, 2024
1 parent 77779d0 commit fc20edb
Show file tree
Hide file tree
Showing 2 changed files with 12 additions and 1 deletion.
2 changes: 1 addition & 1 deletion providers-sdk/v1/upstream/mvd/cvss/cvss.go
Original file line number Diff line number Diff line change
Expand Up @@ -122,7 +122,7 @@ func init() {

const NoneVector = "0.0/CVSS:3.0"

var CVSS_VERSION = regexp.MustCompile(`^.*\/CVSS:([\d.]+)(?:\/.*)*$`)
var CVSS_VERSION = regexp.MustCompile(`^(?:.*\/)?CVSS:([\d.]+)(?:\/.*)*$`)

func New(vector string) (*Cvss, error) {
if len(vector) == 0 {
Expand Down
11 changes: 11 additions & 0 deletions providers-sdk/v1/upstream/mvd/cvss/cvss_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ import (
"testing"

"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)

func TestCvss2Parsing(t *testing.T) {
Expand Down Expand Up @@ -113,6 +114,16 @@ func TestCvss31Parsing1(t *testing.T) {
assert.Equal(t, "High", c.Severity().String(), "severity properly extracted")
}

func TestCvss31WithoutScoreParsing(t *testing.T) {
c, err := New("CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H")
require.NoError(t, err, "could parse the cvss vector")
assert.True(t, c.Verify(), "valid cvss vector")
assert.Equal(t, "3.1", c.Version(), "vector format version")

// TODO: when the score prefix is missing we need to calculate the score
//assert.Equal(t, float32(7.5), c.Score, "score properly detected")
}

func TestCvss3Comparison(t *testing.T) {
c, err := New("9.8/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H")
assert.Nil(t, err, "could parse the cvss vector")
Expand Down

0 comments on commit fc20edb

Please sign in to comment.