Skip to content

VS-326/SYN-5379: Update $lib.infosec.cvss.calculate to support new CVSS props schemas and calculating v2.0 and v3.0 scores #3171

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
6 commits merged into from
Jun 8, 2023
Merged

VS-326/SYN-5379: Update $lib.infosec.cvss.calculate to support new CVSS props schemas and calculating v2.0 and v3.0 scores #3171

6 commits merged into from
Jun 8, 2023

Conversation

ghost
Copy link

@ghost ghost commented Jun 7, 2023

  • Added vectToScore which includes support for CVSS2, CVSS3.0, and CVSS3.1
  • Added tests for new code

ghost
ghost commented Jun 7, 2023
View reviewed changes
invisig0th
invisig0th requested changes Jun 7, 2023
View reviewed changes
Copy link
Contributor

@invisig0th invisig0th left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

classes may be a bit overkill, but loving the scoring logic. We can discuss in goback :) Very clean/clear implementation and great "best effort" logic on version detection 👍

@ghost ghost marked this pull request as ready for review June 7, 2023 18:20
@vEpiphyte vEpiphyte added this to the v2.13x.x milestone Jun 7, 2023
invisig0th
invisig0th requested changes Jun 7, 2023
View reviewed changes
Copy link
Contributor

@invisig0th invisig0th left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looking excellent. Couple nits and it'll be about ready to go 👍

@invisig0th
Copy link
Contributor

( oh, and the CI issue obvs :D )

@ghost ghost force-pushed the blackout/VS-326/cvss-vectToScore branch from 0fd68f9 to b53da79 Compare June 7, 2023 21:09
@codecov
Copy link

codecov bot commented Jun 7, 2023
edited
Loading

Codecov Report

Patch coverage: 100.00% and project coverage change: -0.09 ⚠️

Comparison is base (891f58b) 97.32% compared to head (4f3a9d3) 97.23%.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #3171      +/-   ##
==========================================
- Coverage   97.32%   97.23%   -0.09%     
==========================================
  Files         224      224              
  Lines       44549    44762     +213     
==========================================
+ Hits        43357    43526     +169     
- Misses       1192     1236      +44
Flag Coverage Δ
linux 97.23% <100.00%> (+0.01%) ⬆️
linux_replay ?

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
synapse/lib/stormlib/infosec.py 99.42% <100.00%> (+0.88%) ⬆️

... and 9 files with indirect coverage changes

☔ View full report in Codecov by Sentry.
📢 Do you have feedback about the report comment? Let us know in this issue.

@MichaelSquires
Autodoc formatting
8e9b5ef
@MichaelSquires
Increase code coverage
4f3a9d3 
- Added a couple vectors to get some edge cases in the code coverage
- Updated CVSS2 calculations to distinguish None temporal scores vs 0.0
@ghost ghost changed the title VS-326: Update $lib.infosec.cvss.calculate to support new CVSS props schemas and calculating v2.0 and v3.0 scores VS-326/SYN-5379: Update $lib.infosec.cvss.calculate to support new CVSS props schemas and calculating v2.0 and v3.0 scores Jun 8, 2023
@ghost ghost requested a review from invisig0th June 8, 2023 13:59
@ghost ghost merged commit bd33b91 into master Jun 8, 2023
@ghost ghost deleted the blackout/VS-326/cvss-vectToScore branch June 8, 2023 14:49
This pull request was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
v2.137.0
Development

Successfully merging this pull request may close these issues.
3 participants
@invisig0th @vEpiphyte @MichaelSquires