Add CVSS v3.1 support #8
Conversation
Tests were taken, like the existing ones, from skontar/cvss. The only difference between 3.0 and 3.1 is one line of code, so this basically added an if-statement and a way to signal which line it should use plus a lot of code to handle and test the different versions.
|
Hi, thanks for the PR. In general it looks good but the use of the integer |
|
I agree - can we use Overall this looks excellent, however I don't have permission to merge this anymore, let alone publish it :( Edit: I can publish it, but I can't merge to this repository anymore. Perhaps we should fork it to somewhere we both control? |
|
I don't have write permissions either, I think forking it is a good idea as I doubt anyone at Context will be working on this |
|
Ok, I can fork this to my account and merge later today/tomorrow, but if you want to fork it to your account and do the same then be my guest 👍 |
|
Go ahead, it's your baby after all 😀 |
|
Hey guys, thanks for the replies :) You mean the The class name or directory name can't be 3.1 by the way: while python supports importing from subfolders with a Let me know in which repo to do the new pull request :) |
|
Yes, I don't mind the modules / classes being named cvss31, but |
|
Pushed the version change :) @orf Could you create the fork? |
|
Done! https://github.com/orf/cvsslib If you could make the PR there that would make things simpler, otherwise I will merge it manually tonight and do a release 👍 |
|
This is now merged to https://github.com/orf/cvsslib. I'll do a release soon, can you close this MR please? 👍 |
This commit adds support for CVSS v3.1 with tests.
The test data was taken, like the existing ones, from https://github.com/skontar/cvss (as well as locally running millions of random tests generated using the JavaScript code on
first.org).The difference between 3.0 and 3.1 is one line of code, so this basically added an if-statement in
cvss3/calculations.pyto avoid duplication and a way for the code to know which line it should use, plus a lot of code to handle and test everything around the different versions.Fixes #7