ext: pass through CVSSv3 impact and exploitability score

quay · Oct 19, 2018 · 4f0da12 · 4f0da12
1 parent 8efc3e4
commit 4f0da12
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 7 deletions.
diff --git a/ext/vulnmdsrc/nvd/json.go b/ext/vulnmdsrc/nvd/json.go
@@ -59,7 +59,9 @@ type nvdCVSSv2 struct {
 }
 
 type nvdBaseMetricV3 struct {
-	CVSSv3 nvdCVSSv3 `json:"cvssV3"`
+	CVSSv3              nvdCVSSv3 `json:"cvssV3"`
+	ExploitabilityScore float64   `json:"exploitabilityScore"`
+	ImpactScore         float64   `json:"impactScore"`
 }
 
 type nvdCVSSv3 struct {
@@ -123,8 +125,10 @@ func (n nvdEntry) Metadata() *NVDMetadata {
 			Score:             n.Impact.BaseMetricV2.CVSSv2.Score,
 		},
 		CVSSv3: NVDmetadataCVSSv3{
-			Vectors: n.Impact.BaseMetricV3.CVSSv3.String(),
-			Score:   n.Impact.BaseMetricV3.CVSSv3.Score,
+			Vectors:             n.Impact.BaseMetricV3.CVSSv3.String(),
+			Score:               n.Impact.BaseMetricV3.CVSSv3.Score,
+			ExploitabilityScore: n.Impact.BaseMetricV3.ExploitabilityScore,
+			ImpactScore:         n.Impact.BaseMetricV3.ImpactScore,
 		},
 	}
 

diff --git a/ext/vulnmdsrc/nvd/nvd.go b/ext/vulnmdsrc/nvd/nvd.go
@@ -65,8 +65,10 @@ type NVDmetadataCVSSv2 struct {
 }
 
 type NVDmetadataCVSSv3 struct {
-	Vectors string
-	Score   float64
+	Vectors             string
+	Score               float64
+	ExploitabilityScore float64
+	ImpactScore         float64
 }
 
 func init() {

diff --git a/ext/vulnmdsrc/nvd/nvd_test.go b/ext/vulnmdsrc/nvd/nvd_test.go
@@ -69,8 +69,10 @@ func TestNVDParser(t *testing.T) {
 			Score:   7.5,
 		},
 		CVSSv3: NVDmetadataCVSSv3{
-			Vectors: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
-			Score:   9.8,
+			Vectors:             "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+			Score:               9.8,
+			ExploitabilityScore: 3.9,
+			ImpactScore:         5.9,
 		},
 	}
 	assert.Equal(t, wantMetadata, gotMetadata)