Skip to content

Commit

Permalink
cvss: v4: tolerate abnormal vectors in scoring
Browse files Browse the repository at this point in the history
Signed-off-by: Hank Donnay <[email protected]>
  • Loading branch information
hdonnay committed Dec 23, 2024
1 parent 03fe8c0 commit abd7b89
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 1 deletion.
2 changes: 1 addition & 1 deletion toolkit/types/cvss/cvss_v4.go
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,7 @@ func (v *V4) getString(m V4Metric) (string, error) {
// GetScore implements [Vector].
func (v *V4) getScore(m V4Metric) byte {
b := v.mv[int(m)]
if m >= V4ExploitMaturity && b == 0 {
if m >= V4ExploitMaturity && (b == 0 /* not present */ || b == 'X' /* not defined */) {
switch m {
case V4ExploitMaturity:
b = 'A'
Expand Down
2 changes: 2 additions & 0 deletions toolkit/types/cvss/cvss_v4_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -168,6 +168,8 @@ func TestV4(t *testing.T) {
{Vector: "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/MSI:S/S:P", Score: 9.7},
{Vector: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/V:C", Score: 8.7},
{Vector: "CVSS:4.0/AV:A/AC:H/AT:N/PR:H/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U", Score: 0.1},
{Vector: "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:H", Score: 4.1},
{Vector: "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:H/CR:X", Score: 4.1}, // previous, in abnormal form
}
Score[V4, V4Metric, *V4](t, tt)
})
Expand Down

0 comments on commit abd7b89

Please sign in to comment.