def test_safety_rvss():
vector1, vector2 = safety_rvss_vectors[0]
score1 = calculate_vector(vector1, rvss)
score2 = calculate_vector(vector2, rvss)
assert score1 == score2, "Test for NONE and UNKNOWN failed"
vector1, vector2 = safety_rvss_vectors[1]
score1 = calculate_vector(vector1, rvss)
score2 = calculate_vector(vector2, rvss)
assert score1 < score2, "Test for NONE and ENVIRONMENTAL failed"
vector1, vector2 = safety_rvss_vectors[2]
score1 = calculate_vector(vector1, rvss)
score2 = calculate_vector(vector2, rvss)
assert score1 < score2, "Test for ENVIRONMENTAL and HUMAN failed"
vector1, vector2 = safety_rvss_vectors[3]
score1 = calculate_vector(vector1, rvss)
score2 = calculate_vector(vector2, rvss)
assert max(score1) == max(score2), "Test for HUMAN and ENVIRONMENTAL+MODIFIED/HUMAN failed"
vector1, vector2 = safety_rvss_vectors[4]
score1 = calculate_vector(vector1, rvss)
score2 = calculate_vector(vector2, rvss)
assert max(score1) < max(score2), "Test for HUMAN and HUMAN+SAFETY-REQUIREMENT/HIGH failed"
def analysis_cvss3_rvss_vector():
for description, vector_cvss3, vector_rvss in analysis_vectors:
score_cvss3 = calculate_vector(vector_cvss3, cvss3)
score_rvss = calculate_vector(vector_rvss, rvss)
print("---------------------------------------------------------------")
print(description)
print("CVSSv3: ",score_cvss3)
print("RVSSv1: ",score_rvss)
def comparison_rvss_vectors():
for vector1, vector2, results in rvss_comparison_vectors:
score1 = calculate_vector(vector1, cvss3)
score2 = calculate_vector(vector2, rvss)
# print(score)
# print(results)
assert results == score1, "Vector {0} failed".format(vector1)
assert results == score2, "Vector {0} failed".format(vector2)
assert score1 == score2, "CVSS and RVSS vectors' score don't match "
def test_age_rvss():
score1 = calculate_vector("RVSS:1.0/AV:L/AC:L/PR:H/UI:R/Y:T/S:U/C:H/I:N/A:H/H:N/MPR:N", rvss)
score2 = calculate_vector("RVSS:1.0/AV:L/AC:L/PR:H/UI:R/Y:O/S:U/C:H/I:N/A:H/H:N/MPR:N", rvss)
assert max(score1) < max(score2), "Age test failed, Y:T is not less than Y:O"
score1 = calculate_vector("RVSS:1.0/AV:L/AC:L/PR:H/UI:R/Y:O/S:U/C:H/I:N/A:H/H:U", rvss)
# print(score1, max(score1))
score2 = calculate_vector("RVSS:1.0/AV:L/AC:L/PR:H/UI:R/Y:T/S:U/C:H/I:N/A:H/H:U/MY:O", rvss)
# print(score2, max(score2))
assert max(score1) == max(score2), "Age test failed, Y:O is not equal to Y:T/MY:O"
def main():
parser = argparse.ArgumentParser(
description="Calculate RVSS scores from a vector")
parser.add_argument('vector')
parser.add_argument('-v',
default=None,
dest="version",
type=int,
help="RVSS version to use (default: autodetect)")
args = parser.parse_args()
module = None
if args.version is not None:
module = {2: cvss2, 3: cvss3}[args.version]
else:
module = detect_vector(args.vector)
if not (module):
raise NotImplementedError("module not detected")
try:
results = calculate_vector(args.vector, module)
except VectorError as e:
print("Error parsing vector: {0}".format(e.message))
else:
print("Base Score:\t{0}".format(results[0]))
print("Temporal:\t{0}".format(results[1]))
print("Environment:\t{0}".format(results[2]))
def test_v2_vector_files():
for name in ("vectors_random2", "vectors_simple2"):
with (data_dir / name).open() as fd:
for line in fd:
vector, score = split_vector(line)
parsed = calculate_vector(vector, cvss2)
assert parsed == score
def test_v2_vector_files():
for name in ("vectors_random2", "vectors_simple2"):
with (data_dir / name).open() as fd:
for line in fd:
vector, score = split_vector(line)
parsed = calculate_vector(vector, cvss2)
assert parsed == score
def main():
parser = argparse.ArgumentParser(description="Calculate CVSS scores from a vector")
parser.add_argument('vector')
parser.add_argument('-v', default=None, dest="version", type=int, help="CVSS version to use (default: autodetect)")
args = parser.parse_args()
module = None
if args.version is not None:
module = {2: cvss2, 3: cvss3}[args.version]
else:
module = detect_vector(args.vector)
try:
results = calculate_vector(args.vector, module)
except VectorError as e:
print("Error parsing vector: {0}".format(e.message))
else:
print("Base Score:\t{0}".format(results[0]))
print("Temporal:\t{0}".format(results[1]))
print("Environment:\t{0}".format(results[2]))
def cvss_vector_extract(self, vector, element):
"""
This method extracts "element" from "vector" and
returns it a CVE JSON-familiar format
:param vector str, the CVSS vector
:param element str, the element from the CVSS vector we wish to extract
:returns str
"""
if not element in self.elements:
red("Element '" + str(element) + "' not registered")
sys.exit(1)
if element == "severity":
module = detect_vector(vector)
base, e, c = calculate_vector(vector, module)
base = float(base)
if base > 9.0:
return "critical"
elif base > 7.0:
return "high"
elif base > 4.0:
return "medium"
elif base > 0.1:
return "low"
else:
return "none"
for elem in vector.split("/")[1:]:
if element == "A":
if element + ":" in elem:
return self.elements_components[elem.split(":")[0]][
elem.split(":")[1]
]
else:
if element in elem:
return self.elements_components[elem.split(":")[0]][
elem.split(":")[1]
]
def test_v2_vector(vector, results):
score = calculate_vector(vector, cvss2)
assert results == score, "Vector {0} failed".format(vector)
def test_v3_vector_files_random2(line):
vector, score = split_vector(line)
parsed = calculate_vector(vector, cvss2)
assert parsed == score
def test_v3_vector_files_simple3(line):
vector, score = split_vector(line)
parsed = calculate_vector(vector)
assert parsed == score
def test_vector_file(path):
for line in (data_dir / path).read_text().splitlines():
vector, score = split_vector(line)
parsed = calculate_vector(vector)
assert parsed == score
def test_v2_vector():
for vector, results in v2_vectors:
score = calculate_vector(vector, cvss2)
assert results == score, "Vector {0} failed".format(vector)
def test_rvss_vectors():
for vector, results in rvss_vectors:
score = calculate_vector(vector, rvss)
# print(score)
# print(results)
assert results == score, "Vector {0} failed".format(vector)
def test_v3_vector():
for vector, results in v3_vectors:
score = calculate_vector(vector, cvss3)
assert results == score, "Vector {0} failed".format(vector)
