From d155547eb29dd000b419c08145972331d40def05 Mon Sep 17 00:00:00 2001 From: Christoph Hartmann Date: Wed, 25 Sep 2024 12:32:23 +0200 Subject: [PATCH] =?UTF-8?q?=F0=9F=A7=B9=20improve=20cvss=20version=20detec?= =?UTF-8?q?tion?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- providers-sdk/v1/upstream/mvd/cvss/cvss.go | 2 +- providers-sdk/v1/upstream/mvd/cvss/cvss_test.go | 13 ++++++++++++- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/providers-sdk/v1/upstream/mvd/cvss/cvss.go b/providers-sdk/v1/upstream/mvd/cvss/cvss.go index 87730779a2..7d273d9dfa 100644 --- a/providers-sdk/v1/upstream/mvd/cvss/cvss.go +++ b/providers-sdk/v1/upstream/mvd/cvss/cvss.go @@ -122,7 +122,7 @@ func init() { const NoneVector = "0.0/CVSS:3.0" -var CVSS_VERSION = regexp.MustCompile(`^.*\/CVSS:([\d.]+)(?:\/.*)*$`) +var CVSS_VERSION = regexp.MustCompile(`^(?:.*\/)?CVSS:([\d.]+)(?:\/.*)*$`) func New(vector string) (*Cvss, error) { if len(vector) == 0 { diff --git a/providers-sdk/v1/upstream/mvd/cvss/cvss_test.go b/providers-sdk/v1/upstream/mvd/cvss/cvss_test.go index 131250724c..9ca89a457f 100644 --- a/providers-sdk/v1/upstream/mvd/cvss/cvss_test.go +++ b/providers-sdk/v1/upstream/mvd/cvss/cvss_test.go @@ -5,8 +5,9 @@ package cvss import ( "testing" - + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" ) func TestCvss2Parsing(t *testing.T) { @@ -113,6 +114,16 @@ func TestCvss31Parsing1(t *testing.T) { assert.Equal(t, "High", c.Severity().String(), "severity properly extracted") } +func TestCvss31WithoutScoreParsing(t *testing.T) { + c, err := New("CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H") + require.NoError(t, err, "could parse the cvss vector") + assert.True(t, c.Verify(), "valid cvss vector") + assert.Equal(t, "3.1", c.Version(), "vector format version") + + // TODO: when the score prefix is missing we need to calculate the score + //assert.Equal(t, float32(7.5), c.Score, "score properly detected") +} + func TestCvss3Comparison(t *testing.T) { c, err := New("9.8/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H") assert.Nil(t, err, "could parse the cvss vector")