-
Notifications
You must be signed in to change notification settings - Fork 85
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
cvss: bugs, tests #1386
base: main
Are you sure you want to change the base?
cvss: bugs, tests #1386
Conversation
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #1386 +/- ##
==========================================
- Coverage 55.37% 55.30% -0.07%
==========================================
Files 282 282
Lines 17836 17836
==========================================
- Hits 9876 9864 -12
- Misses 6927 6934 +7
- Partials 1033 1038 +5 ☔ View full report in Codecov by Sentry. |
956cc2b
to
ff5b394
Compare
The previous version was too permissive with allowed orderings. Per spec: > The vector lists these metrics in a predetermined order, using the "/" > (slash) character to separate the metrics. Signed-off-by: Hank Donnay <[email protected]>
Signed-off-by: Hank Donnay <[email protected]>
Putting all the fixtures into separate files makes adding new cases just an `echo` instead of editing go source. Signed-off-by: Hank Donnay <[email protected]>
ff5b394
to
0ec0489
Compare
temporal = e "/" rl "/" rc; | ||
environmental = cdp "/" td "/" cr "/" ir "/" ar; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not as familiar with these. Let's say E
is set. Does that mean RL
and RC
both must also be set?
@@ -62,7 +62,7 @@ func (v *V4) getString(m V4Metric) (string, error) { | |||
// GetScore implements [Vector]. | |||
func (v *V4) getScore(m V4Metric) byte { | |||
b := v.mv[int(m)] | |||
if m >= V4ExploitMaturity && b == 0 { | |||
if m >= V4ExploitMaturity && (b == 0 /* not present */ || b == 'X' /* not defined */) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Are you able to show me where in the spec it says this? The 4.0 spec does not seem to show me a nice formula that v3.1 had
This fixes some bugs and moves the test fixtures to external files (something that was bugging me).
Closes: #1382