Skip to content

Commit

Permalink
CVSS 4.0
Browse files Browse the repository at this point in the history 
- addresses parts of oasis-tcs#652, oasis-tcs#341
- add invalid examples for 6.1.10
- add valid examples for 6.1.10
- update test description 6.1.10
  • Loading branch information
@tschmidtb51
tschmidtb51 committed Feb 16, 2024
1 parent 740aa8f commit 28f0c4c
Show file tree
Hide file tree
Showing 8 changed files with 416 additions and 0 deletions.
1 change: 1 addition & 0 deletions csaf_2.1/prose/edit/src/tests-01-mndtr-10-inconsistent-cvss.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ The relevant paths for this test are:
```
/vulnerabilities[]/scores[]/cvss_v2
/vulnerabilities[]/scores[]/cvss_v3
/vulnerabilities[]/scores[]/cvss_v4
```

*Example 1 (which fails the test):*
Expand Down
59 changes: 59 additions & 0 deletions csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-10-02.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
{
"document": {
"category": "csaf_base",
"csaf_version": "2.1",
"publisher": {
"category": "other",
"name": "OASIS CSAF TC",
"namespace": "https://csaf.io"
},
"title": "Mandatory test: Inconsistent CVSS (failing example 2)",
"tracking": {
"current_release_date": "2024-01-24T10:00:00.000Z",
"id": "OASIS_CSAF_TC-CSAF_2.1-2024-6-1-10-02",
"initial_release_date": "2024-01-24T10:00:00.000Z",
"revision_history": [
{
"date": "2024-01-24T10:00:00.000Z",
"number": "1",
"summary": "Initial version."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"full_product_names": [
{
"product_id": "CSAFPID-9080700",
"name": "Product A"
}
]
},
"vulnerabilities": [
{
"scores": [
{
"products": [
"CSAFPID-9080700"
],
"cvss_v3": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
}
}
]
}
]
}
57 changes: 57 additions & 0 deletions csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-10-03.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,57 @@
{
"document": {
"category": "csaf_base",
"csaf_version": "2.1",
"publisher": {
"category": "other",
"name": "OASIS CSAF TC",
"namespace": "https://csaf.io"
},
"title": "Mandatory test: Inconsistent CVSS (failing example 3)",
"tracking": {
"current_release_date": "2024-01-24T10:00:00.000Z",
"id": "OASIS_CSAF_TC-CSAF_2.1-2024-6-1-10-03",
"initial_release_date": "2024-01-24T10:00:00.000Z",
"revision_history": [
{
"date": "2024-01-24T10:00:00.000Z",
"number": "1",
"summary": "Initial version."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"full_product_names": [
{
"product_id": "CSAFPID-9080700",
"name": "Product A"
}
]
},
"vulnerabilities": [
{
"scores": [
{
"products": [
"CSAFPID-9080700"
],
"cvss_v2": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C/E:POC",
"baseScore": 9.0,
"accessVector": "NETWORK",
"accessComplexity": "HIGH",
"authentication": "MULTIPLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"availabilityImpact": "COMPLETE",
"exploitability": "FUNCTIONAL"
}
}
]
}
]
}
62 changes: 62 additions & 0 deletions csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-10-04.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,62 @@
{
"document": {
"category": "csaf_base",
"csaf_version": "2.1",
"publisher": {
"category": "other",
"name": "OASIS CSAF TC",
"namespace": "https://csaf.io"
},
"title": "Mandatory test: Inconsistent CVSS (failing example 4)",
"tracking": {
"current_release_date": "2024-01-24T10:00:00.000Z",
"id": "OASIS_CSAF_TC-CSAF_2.1-2024-6-1-10-04",
"initial_release_date": "2024-01-24T10:00:00.000Z",
"revision_history": [
{
"date": "2024-01-24T10:00:00.000Z",
"number": "1",
"summary": "Initial version."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"full_product_names": [
{
"product_id": "CSAFPID-9080700",
"name": "Product A"
}
]
},
"vulnerabilities": [
{
"scores": [
{
"products": [
"CSAFPID-9080700"
],
"cvss_v4": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"privilegesRequired": "NONE",
"userInteraction": "PASSIVE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "HIGH",
"subAvailabilityImpact": "NONE"
}
}
]
}
]
}
59 changes: 59 additions & 0 deletions csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-10-11.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
{
"document": {
"category": "csaf_base",
"csaf_version": "2.1",
"publisher": {
"category": "other",
"name": "OASIS CSAF TC",
"namespace": "https://csaf.io"
},
"title": "Mandatory test: Inconsistent CVSS (valid example 1)",
"tracking": {
"current_release_date": "2024-01-24T10:00:00.000Z",
"id": "OASIS_CSAF_TC-CSAF_2.1-2024-6-1-10-11",
"initial_release_date": "2024-01-24T10:00:00.000Z",
"revision_history": [
{
"date": "2024-01-24T10:00:00.000Z",
"number": "1",
"summary": "Initial version."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"full_product_names": [
{
"product_id": "CSAFPID-9080700",
"name": "Product A"
}
]
},
"vulnerabilities": [
{
"scores": [
{
"products": [
"CSAFPID-9080700"
],
"cvss_v3": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
}
}
]
}
]
}
59 changes: 59 additions & 0 deletions csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-10-12.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
{
"document": {
"category": "csaf_base",
"csaf_version": "2.1",
"publisher": {
"category": "other",
"name": "OASIS CSAF TC",
"namespace": "https://csaf.io"
},
"title": "Mandatory test: Inconsistent CVSS (valid example 2)",
"tracking": {
"current_release_date": "2024-01-24T10:00:00.000Z",
"id": "OASIS_CSAF_TC-CSAF_2.1-2024-6-1-10-12",
"initial_release_date": "2024-01-24T10:00:00.000Z",
"revision_history": [
{
"date": "2024-01-24T10:00:00.000Z",
"number": "1",
"summary": "Initial version."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"full_product_names": [
{
"product_id": "CSAFPID-9080700",
"name": "Product A"
}
]
},
"vulnerabilities": [
{
"scores": [
{
"products": [
"CSAFPID-9080700"
],
"cvss_v3": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
}
}
]
}
]
}
57 changes: 57 additions & 0 deletions csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-10-13.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,57 @@
{
"document": {
"category": "csaf_base",
"csaf_version": "2.1",
"publisher": {
"category": "other",
"name": "OASIS CSAF TC",
"namespace": "https://csaf.io"
},
"title": "Mandatory test: Inconsistent CVSS (valid example 3)",
"tracking": {
"current_release_date": "2024-01-24T10:00:00.000Z",
"id": "OASIS_CSAF_TC-CSAF_2.1-2024-6-1-10-13",
"initial_release_date": "2024-01-24T10:00:00.000Z",
"revision_history": [
{
"date": "2024-01-24T10:00:00.000Z",
"number": "1",
"summary": "Initial version."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"full_product_names": [
{
"product_id": "CSAFPID-9080700",
"name": "Product A"
}
]
},
"vulnerabilities": [
{
"scores": [
{
"products": [
"CSAFPID-9080700"
],
"cvss_v2": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C/E:POC",
"baseScore": 9.0,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"availabilityImpact": "COMPLETE",
"exploitability": "PROOF_OF_CONCEPT"
}
}
]
}
]
}
Loading

0 comments on commit 28f0c4c

Please sign in to comment.