def calculate_base_score_v3(cve: CveDocument) -> float:
isc = impact_sub_score_v3(cve)
exploitability = exploitability_v3(cve)
if isc <= 0:
return 0
if ScopeV3(cve.scope_v3) == ScopeV3.UNCHANGED:
base = min(isc + exploitability, 10)
else:
base = min(1.08 * (isc + exploitability), 10)
return float(
decimal.Decimal(base).quantize(decimal.Decimal('0.1'),
rounding=decimal.ROUND_UP))
def environmental_score_v3(cve: Cve, asset: Asset) -> float:
isc = impact_sub_score_v3(cve, asset)
exploitability = exploitability_v3(cve)
if isc <= 0:
return 0
if ScopeV3(cve.scope_v3) == ScopeV3.UNCHANGED:
score = isc + exploitability
else:
score = 1.08 * (isc + exploitability)
return float(decimal.Decimal(min(score, 10) *
exploit_code_maturity_v3() *
remediation_level_v3() *
report_confidence_v3())
.quantize(decimal.Decimal('0.1'), rounding=decimal.ROUND_UP))
def calculate_environmental_score_v3(vuln) -> (float, str):
if vuln.cve.base_score_v3:
isc = impact_sub_score_v3(vuln.cve, vuln.asset)
exploitability = exploitability_v3(vuln.cve)
if isc <= 0:
return 0
if ScopeV3(vuln.cve.scope_v3) == ScopeV3.UNCHANGED:
score = isc + exploitability
else:
score = 1.08 * (isc + exploitability)
return float(
decimal.Decimal(
min(score, 10) * exploit_code_maturity_v3() *
remediation_level_v3() * report_confidence_v3()).quantize(
decimal.Decimal('0.1'),
rounding=decimal.ROUND_UP)), cvss_vector_v3(vuln)
return 0.0, '-'
def impact_sub_score_v3(cve: Cve, asset: Asset) -> float:
isc = impact_sub_score_base_v3(cve, asset)
if ScopeV3(cve.scope_v3) == ScopeV3.UNCHANGED:
return 6.42 * isc
return 7.52 * (isc - 0.029) - 3.25 * pow(isc - 0.02, 15)
def impact_sub_score_v3(cve: CveDocument) -> float:
isc_base = impact_sub_score_base_v3(cve)
if ScopeV3(cve.scope_v3) == ScopeV3.UNCHANGED:
return 6.42 * isc_base
return 7.52 * (isc_base - 0.029) - 3.25 * pow(isc_base - 0.02, 15)