add support for calculating CVSS score from the CVSS vector

Reference: aboutcode-org#713 Signed-off-by: Ziad <[email protected]>
ziadhany · May 21, 2022 · 91fe8d7 · 91fe8d7
1 parent f71776b
commit 91fe8d7
Showing 1 changed file with 13 additions and 3 deletions.
diff --git a/vulnerabilities/severity_systems.py b/vulnerabilities/severity_systems.py
@@ -21,6 +21,10 @@
 #  Visit https://github.com/nexB/vulnerablecode/ for support and download.
 
 import dataclasses
+from decimal import Decimal
+
+from cvss import CVSS2
+from cvss import CVSS3
 
 """
 Vulnerability scoring systems define scales, values and approach to score a
@@ -30,7 +34,6 @@
 
 @dataclasses.dataclass(order=True)
 class ScoringSystem:
-
     # a short identifier for the scoring system.
     identifier: str
     # a name which represents the scoring system such as `RedHat bug severity`.
@@ -41,13 +44,20 @@ class ScoringSystem:
     # notes about that scoring system
     notes: str = ""
 
-    def as_score(self, value):
+    def as_score(self, value) -> Decimal:
         """
         Return a normalized numeric score for this scoring system  given a raw
         value. For instance this can be used to convert a CVSS vector to a base
         score.
         """
-        raise NotImplementedError
+        if self.identifier == "cvssv2_vector":
+            c = CVSS2(value)
+            return c.base_score
+        elif self.identifier in ["cvssv3_vector", "cvssv3.1_vector"]:
+            c = CVSS3(value)
+            return c.base_score
+        else:
+            raise NotImplementedError
 
 
 CVSSV2 = ScoringSystem(