Skip to content

Commit

Permalink
Add: Severity NONE to cvssV3 model
Browse files Browse the repository at this point in the history
  • Loading branch information
@mbrinkhoff @bjoernricks
mbrinkhoff authored and bjoernricks committed Feb 2, 2023
1 parent 1688f26 commit 7321249
Show file tree
Hide file tree
Showing 2 changed files with 84 additions and 0 deletions.
1 change: 1 addition & 0 deletions pontos/nvd/models/cvss_v3.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@


class Severity(Enum):
NONE = "NONE"
LOW = "LOW"
MEDIUM = "MEDIUM"
HIGH = "HIGH"
Expand Down
83 changes: 83 additions & 0 deletions tests/nvd/models/test_cve.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -399,6 +399,89 @@ def test_metrics_v31(self):
self.assertIsNone(cvss_data.environmental_score)
self.assertIsNone(cvss_data.environmental_severity)

def test_metrics_v31_severity_none(self):
cve = CVE.from_dict(
get_cve_data(
{
"metrics": {
"cvss_metric_v31": [
{
"source": "[email protected]",
"type": "Secondary",
"cvss_data": {
"version": "3.1",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:N",
"attack_vector": "NETWORK",
"attack_complexity": "LOW",
"privileges_required": "NONE",
"user_interaction": "REQUIRED",
"scope": "UNCHANGED",
"confidentiality_impact": "NONE",
"integrity_impact": "NONE",
"availability_impact": "NONE",
"base_score": 0.0,
"base_severity": "NONE",
},
"exploitability_score": 2.8,
"impact_score": 0.0,
}
]
},
}
)
)

self.assertEqual(len(cve.metrics.cvss_metric_v2), 0)
self.assertEqual(len(cve.metrics.cvss_metric_v30), 0)
self.assertEqual(len(cve.metrics.cvss_metric_v31), 1)

cvss_metric = cve.metrics.cvss_metric_v31[0]
self.assertEqual(cvss_metric.source, "[email protected]")
self.assertEqual(cvss_metric.type, CVSSType.SECONDARY)
self.assertEqual(cvss_metric.exploitability_score, 2.8)
self.assertEqual(cvss_metric.impact_score, 0.0)

cvss_data = cvss_metric.cvss_data
self.assertEqual(cvss_data.version, "3.1")
self.assertEqual(
cvss_data.vector_string,
"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:N",
)
self.assertEqual(cvss_data.base_score, 0.0)
self.assertEqual(cvss_data.base_severity, cvss_v3.Severity.NONE)
self.assertEqual(cvss_data.attack_vector, cvss_v3.AttackVector.NETWORK)
self.assertEqual(
cvss_data.attack_complexity, cvss_v3.AttackComplexity.LOW
)
self.assertEqual(
cvss_data.privileges_required, cvss_v3.PrivilegesRequired.NONE
)
self.assertEqual(
cvss_data.user_interaction, cvss_v3.UserInteraction.REQUIRED
)
self.assertEqual(cvss_data.scope, cvss_v3.Scope.UNCHANGED)
self.assertEqual(cvss_data.confidentiality_impact, cvss_v3.Impact.NONE)
self.assertEqual(cvss_data.integrity_impact, cvss_v3.Impact.NONE)
self.assertEqual(cvss_data.availability_impact, cvss_v3.Impact.NONE)
self.assertIsNone(cvss_data.exploit_code_maturity)
self.assertIsNone(cvss_data.remediation_level)
self.assertIsNone(cvss_data.report_confidence)
self.assertIsNone(cvss_data.temporal_score)
self.assertIsNone(cvss_data.temporal_severity)
self.assertIsNone(cvss_data.confidentiality_requirement)
self.assertIsNone(cvss_data.integrity_requirement)
self.assertIsNone(cvss_data.availability_requirement)
self.assertIsNone(cvss_data.modified_attack_vector)
self.assertIsNone(cvss_data.modified_attack_complexity)
self.assertIsNone(cvss_data.modified_privileges_required)
self.assertIsNone(cvss_data.modified_user_interaction)
self.assertIsNone(cvss_data.modified_scope)
self.assertIsNone(cvss_data.modified_confidentiality_impact)
self.assertIsNone(cvss_data.modified_integrity_impact)
self.assertIsNone(cvss_data.modified_availability_impact)
self.assertIsNone(cvss_data.environmental_score)
self.assertIsNone(cvss_data.environmental_severity)

def test_vendor_comments(self):
cve = CVE.from_dict(
get_cve_data(
Expand Down

0 comments on commit 7321249

Please sign in to comment.