Skip to content

Commit

Permalink
CVSS 4.0
Browse files Browse the repository at this point in the history 
- addresses parts of oasis-tcs#652, oasis-tcs#341
- add invalid example for 6.1.8
- add valid examples for 6.1.8
- update test 6.1.8
  • Loading branch information
@tschmidtb51
tschmidtb51 committed Feb 16, 2024
1 parent 35278f6 commit efba9ae
Show file tree
Hide file tree
Showing 10 changed files with 386 additions and 3 deletions.
1 change: 1 addition & 0 deletions csaf_2.1/prose/edit/src/tests-01-mndtr-08-invalid-cvss.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ The relevant paths for this test are:
```
/vulnerabilities[]/scores[]/cvss_v2
/vulnerabilities[]/scores[]/cvss_v3
/vulnerabilities[]/scores[]/cvss_v4
```

*Example 1 (which fails the test):*
Expand Down
50 changes: 50 additions & 0 deletions csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-08-02.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
{
"document": {
"category": "csaf_base",
"csaf_version": "2.1",
"publisher": {
"category": "other",
"name": "OASIS CSAF TC",
"namespace": "https://csaf.io"
},
"title": "Mandatory test: Invalid CVSS (failing example 2)",
"tracking": {
"current_release_date": "2024-01-24T10:00:00.000Z",
"id": "OASIS_CSAF_TC-CSAF_2.1-2024-6-1-08-02",
"initial_release_date": "2024-01-24T10:00:00.000Z",
"revision_history": [
{
"date": "2024-01-24T10:00:00.000Z",
"number": "1",
"summary": "Initial version."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"full_product_names": [
{
"product_id": "CSAFPID-9080700",
"name": "Product A"
}
]
},
"vulnerabilities": [
{
"scores": [
{
"products": [
"CSAFPID-9080700"
],
"cvss_v3": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 6.5
}
}
]
}
]
}
49 changes: 49 additions & 0 deletions csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-08-03.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
{
"document": {
"category": "csaf_base",
"csaf_version": "2.1",
"publisher": {
"category": "other",
"name": "OASIS CSAF TC",
"namespace": "https://csaf.io"
},
"title": "Mandatory test: Invalid CVSS (failing example 3)",
"tracking": {
"current_release_date": "2024-01-24T10:00:00.000Z",
"id": "OASIS_CSAF_TC-CSAF_2.1-2024-6-1-08-03",
"initial_release_date": "2024-01-24T10:00:00.000Z",
"revision_history": [
{
"date": "2024-01-24T10:00:00.000Z",
"number": "1",
"summary": "Initial version."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"full_product_names": [
{
"product_id": "CSAFPID-9080700",
"name": "Product A"
}
]
},
"vulnerabilities": [
{
"scores": [
{
"products": [
"CSAFPID-9080700"
],
"cvss_v2": {
"vectorString": "AV:L/AC:L/Au:M/C:C/I:C/A:C",
"baseScore": 6.5
}
}
]
}
]
}
50 changes: 50 additions & 0 deletions csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-08-04.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
{
"document": {
"category": "csaf_base",
"csaf_version": "2.1",
"publisher": {
"category": "other",
"name": "OASIS CSAF TC",
"namespace": "https://csaf.io"
},
"title": "Mandatory test: Invalid CVSS (failing example 4)",
"tracking": {
"current_release_date": "2024-01-24T10:00:00.000Z",
"id": "OASIS_CSAF_TC-CSAF_2.1-2024-6-1-08-04",
"initial_release_date": "2024-01-24T10:00:00.000Z",
"revision_history": [
{
"date": "2024-01-24T10:00:00.000Z",
"number": "1",
"summary": "Initial version."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"full_product_names": [
{
"product_id": "CSAFPID-9080700",
"name": "Product A"
}
]
},
"vulnerabilities": [
{
"scores": [
{
"products": [
"CSAFPID-9080700"
],
"cvss_v4": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L",
"baseScore": 5.4
}
}
]
}
]
}
51 changes: 51 additions & 0 deletions csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-08-11.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
{
"document": {
"category": "csaf_base",
"csaf_version": "2.1",
"publisher": {
"category": "other",
"name": "OASIS CSAF TC",
"namespace": "https://csaf.io"
},
"title": "Mandatory test: Invalid CVSS (valid example 1)",
"tracking": {
"current_release_date": "2024-01-24T10:00:00.000Z",
"id": "OASIS_CSAF_TC-CSAF_2.1-2024-6-1-08-11",
"initial_release_date": "2024-01-24T10:00:00.000Z",
"revision_history": [
{
"date": "2024-01-24T10:00:00.000Z",
"number": "1",
"summary": "Initial version."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"full_product_names": [
{
"product_id": "CSAFPID-9080700",
"name": "Product A"
}
]
},
"vulnerabilities": [
{
"scores": [
{
"products": [
"CSAFPID-9080700"
],
"cvss_v3": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
}
}
]
}
]
}
51 changes: 51 additions & 0 deletions csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-08-12.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
{
"document": {
"category": "csaf_base",
"csaf_version": "2.1",
"publisher": {
"category": "other",
"name": "OASIS CSAF TC",
"namespace": "https://csaf.io"
},
"title": "Mandatory test: Invalid CVSS (valid example 2)",
"tracking": {
"current_release_date": "2024-01-24T10:00:00.000Z",
"id": "OASIS_CSAF_TC-CSAF_2.1-2024-6-1-08-12",
"initial_release_date": "2024-01-24T10:00:00.000Z",
"revision_history": [
{
"date": "2024-01-24T10:00:00.000Z",
"number": "1",
"summary": "Initial version."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"full_product_names": [
{
"product_id": "CSAFPID-9080700",
"name": "Product A"
}
]
},
"vulnerabilities": [
{
"scores": [
{
"products": [
"CSAFPID-9080700"
],
"cvss_v3": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
}
}
]
}
]
}
50 changes: 50 additions & 0 deletions csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-08-13.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
{
"document": {
"category": "csaf_base",
"csaf_version": "2.1",
"publisher": {
"category": "other",
"name": "OASIS CSAF TC",
"namespace": "https://csaf.io"
},
"title": "Mandatory test: Invalid CVSS (valid example 3)",
"tracking": {
"current_release_date": "2024-01-24T10:00:00.000Z",
"id": "OASIS_CSAF_TC-CSAF_2.1-2024-6-1-08-13",
"initial_release_date": "2024-01-24T10:00:00.000Z",
"revision_history": [
{
"date": "2024-01-24T10:00:00.000Z",
"number": "1",
"summary": "Initial version."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"full_product_names": [
{
"product_id": "CSAFPID-9080700",
"name": "Product A"
}
]
},
"vulnerabilities": [
{
"scores": [
{
"products": [
"CSAFPID-9080700"
],
"cvss_v2": {
"version": "2.0",
"vectorString": "AV:L/AC:L/Au:M/C:C/I:C/A:C",
"baseScore": 6.5
}
}
]
}
]
}
51 changes: 51 additions & 0 deletions csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-08-14.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
{
"document": {
"category": "csaf_base",
"csaf_version": "2.1",
"publisher": {
"category": "other",
"name": "OASIS CSAF TC",
"namespace": "https://csaf.io"
},
"title": "Mandatory test: Invalid CVSS (valid example 4)",
"tracking": {
"current_release_date": "2024-01-24T10:00:00.000Z",
"id": "OASIS_CSAF_TC-CSAF_2.1-2024-6-1-08-14",
"initial_release_date": "2024-01-24T10:00:00.000Z",
"revision_history": [
{
"date": "2024-01-24T10:00:00.000Z",
"number": "1",
"summary": "Initial version."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"full_product_names": [
{
"product_id": "CSAFPID-9080700",
"name": "Product A"
}
]
},
"vulnerabilities": [
{
"scores": [
{
"products": [
"CSAFPID-9080700"
],
"cvss_v4": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
}
}
]
}
]
}
Loading

0 comments on commit efba9ae

Please sign in to comment.