def calculate_base_score_v3(cve: CveDocument) -> float: isc = impact_sub_score_v3(cve) exploitability = exploitability_v3(cve) if isc <= 0: return 0 if ScopeV3(cve.scope_v3) == ScopeV3.UNCHANGED: base = min(isc + exploitability, 10) else: base = min(1.08 * (isc + exploitability), 10) return float( decimal.Decimal(base).quantize(decimal.Decimal('0.1'), rounding=decimal.ROUND_UP))
def environmental_score_v3(cve: Cve, asset: Asset) -> float: isc = impact_sub_score_v3(cve, asset) exploitability = exploitability_v3(cve) if isc <= 0: return 0 if ScopeV3(cve.scope_v3) == ScopeV3.UNCHANGED: score = isc + exploitability else: score = 1.08 * (isc + exploitability) return float(decimal.Decimal(min(score, 10) * exploit_code_maturity_v3() * remediation_level_v3() * report_confidence_v3()) .quantize(decimal.Decimal('0.1'), rounding=decimal.ROUND_UP))
def calculate_environmental_score_v3(vuln) -> (float, str): if vuln.cve.base_score_v3: isc = impact_sub_score_v3(vuln.cve, vuln.asset) exploitability = exploitability_v3(vuln.cve) if isc <= 0: return 0 if ScopeV3(vuln.cve.scope_v3) == ScopeV3.UNCHANGED: score = isc + exploitability else: score = 1.08 * (isc + exploitability) return float( decimal.Decimal( min(score, 10) * exploit_code_maturity_v3() * remediation_level_v3() * report_confidence_v3()).quantize( decimal.Decimal('0.1'), rounding=decimal.ROUND_UP)), cvss_vector_v3(vuln) return 0.0, '-'
def impact_sub_score_v3(cve: Cve, asset: Asset) -> float: isc = impact_sub_score_base_v3(cve, asset) if ScopeV3(cve.scope_v3) == ScopeV3.UNCHANGED: return 6.42 * isc return 7.52 * (isc - 0.029) - 3.25 * pow(isc - 0.02, 15)
def impact_sub_score_v3(cve: CveDocument) -> float: isc_base = impact_sub_score_base_v3(cve) if ScopeV3(cve.scope_v3) == ScopeV3.UNCHANGED: return 6.42 * isc_base return 7.52 * (isc_base - 0.029) - 3.25 * pow(isc_base - 0.02, 15)