krel: Support Tempral CVE metrics

This commit modifies our cve package to support temporal CVE scores in our YAML release notes file. Signed-off-by: Adolfo García Veytia (Puerco) <puerco@chainguard.dev>
kubernetes · Sep 14, 2022 · f4e1528 · f4e1528
1 parent 7225a74
commit f4e1528
Showing 1 changed file with 20 additions and 8 deletions.
diff --git a/pkg/cve/cve.go b/pkg/cve/cve.go
@@ -91,14 +91,26 @@ func (cve *CVE) Validate() error {
 		return errors.New("string CVSS vector missing from CVE data")
 	}
 
-	// Parse the vector string to make sure it is well formed
-	bm, err := cvss.NewBase().Decode(cve.CVSSVector)
-	if err != nil {
-		return fmt.Errorf("parsing CVSS vector string: %w", err)
-	}
-	cve.CalcLink = fmt.Sprintf(
-		"https://www.first.org/cvss/calculator/%s#%s", bm.Ver.String(), cve.CVSSVector,
-	)
+	if len(cve.CVSSVector) == 44 {
+
+		// Parse the vector string to make sure it is well formed
+		bm, err := cvss.NewBase().Decode(cve.CVSSVector)
+		if err != nil {
+			return fmt.Errorf("parsing CVSS vector string: %w", err)
+		}
+		cve.CalcLink = fmt.Sprintf(
+			"https://www.first.org/cvss/calculator/%s#%s", bm.Ver.String(), cve.CVSSVector,
+		)
+	} else {
+		// Parse the vector string to make sure it is well formed
+		bm, err := cvss.NewTemporal().Decode(cve.CVSSVector)
+		if err != nil {
+			return fmt.Errorf("parsing CVSS vector string: %w", err)
+		}
+		cve.CalcLink = fmt.Sprintf(
+			"https://www.first.org/cvss/calculator/%s#%s", bm.Ver.String(), cve.CVSSVector,
+		)
+	}
 
 	if cve.CVSSScore == 0 {
 		return errors.New("missing CVSS score from CVE data")