aboutsummaryrefslogtreecommitdiff
path: root/cvss/v2vector_test.go
diff options
context:
space:
mode:
Diffstat (limited to 'cvss/v2vector_test.go')
-rw-r--r--cvss/v2vector_test.go210
1 files changed, 210 insertions, 0 deletions
diff --git a/cvss/v2vector_test.go b/cvss/v2vector_test.go
index f297ba6..6b3f870 100644
--- a/cvss/v2vector_test.go
+++ b/cvss/v2vector_test.go
@@ -1,6 +1,7 @@
package cvss
import (
+ "reflect"
"testing"
)
@@ -67,3 +68,212 @@ func TestNewV2Vector(t *testing.T) {
})
}
}
+
+func TestV2VectorScores(t *testing.T) {
+ // test vectors from section 3.3
+ passTests := []struct {
+ name string // test name
+ val string // test cvss v2 vector
+ exps []float64 // expected base, temporal, and env scores
+ } {{
+ name: "CVE-2002-0392/base", // 3.3.1
+ val: "AV:N/AC:L/Au:N/C:N/I:N/A:C",
+ exps: []float64 { 7.8, 0.0, 0.0 },
+ }, {
+ name: "CVE-2002-0392/temporal", // 3.3.1
+ val: "AV:N/AC:L/Au:N/C:N/I:N/A:C/E:F/RL:OF/RC:C",
+ exps: []float64 { 7.8, 6.4, 0.0 },
+ }, {
+ name: "CVE-2002-0392/all", // 3.3.1
+ val: "AV:N/AC:L/Au:N/C:N/I:N/A:C/E:F/RL:OF/RC:C/CDP:H/TD:H/CR:M/IR:M/AR:H",
+ exps: []float64 { 7.8, 6.4, 9.2 },
+ }, {
+ name: "CVE-2003-0818/base", // 3.3.2
+ val: "AV:N/AC:L/Au:N/C:C/I:C/A:C",
+ exps: []float64 { 10.0, 0.0, 0.0 },
+ }, {
+ name: "CVE-2003-0818/temporal", // 3.3.2
+ val: "AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C",
+ exps: []float64 { 10.0, 8.3, 0.0 },
+ }, {
+ name: "CVE-2003-0818/all", // 3.3.2
+ val: "AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C/CDP:H/TD:H/CR:M/IR:M/AR:L",
+ exps: []float64 { 10.0, 8.3, 9.0 },
+ }, {
+ name: "CVE-2003-0062/base", // 3.3.3
+ val: "AV:L/AC:H/Au:N/C:C/I:C/A:C",
+ exps: []float64 { 6.2, 0.0, 0.0 },
+ }, {
+ name: "CVE-2003-0062/temporal", // 3.3.3
+ val: "AV:L/AC:H/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C",
+ exps: []float64 { 6.2, 4.9, 0.0 },
+ }, {
+ name: "CVE-2003-0062/all", // 3.3.3
+ val: "AV:L/AC:H/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C/CDP:H/TD:H/CR:M/IR:M/AR:M",
+ exps: []float64 { 6.2, 4.9, 7.5 },
+ }, {
+ name: "A:N", // from nvd v2 calc
+ val: "AV:A/AC:M/Au:M/C:P/I:P/A:N",
+ exps: []float64 { 3.4, 0.0, 0.0 },
+ }, {
+ name: "Au:S", // from nvd v2 calc
+ val: "AV:A/AC:M/Au:S/C:P/I:P/A:P",
+ exps: []float64 { 4.9, 0.0, 0.0 },
+ }, {
+ name: "E:ND", // from nvd v2 calc
+ val: "AV:A/AC:M/Au:S/C:P/I:P/A:P/E:ND",
+ exps: []float64 { 4.9, 0.0, 0.0 },
+ }, {
+ name: "E:U", // from nvd v2 calc
+ val: "AV:A/AC:M/Au:S/C:P/I:P/A:P/E:U/RL:ND/RC:ND",
+ exps: []float64 { 4.9, 4.2, 0.0 },
+ }, {
+ name: "E:H", // from nvd v2 calc
+ val: "AV:A/AC:M/Au:S/C:P/I:P/A:P/E:H/RL:ND/RC:ND",
+ exps: []float64 { 4.9, 4.9, 0.0 },
+ }, {
+ name: "RL:TF", // from nvd v2 calc
+ val: "AV:A/AC:M/Au:S/C:P/I:P/A:P/E:H/RL:TF/RC:ND",
+ exps: []float64 { 4.9, 4.4, 0.0 },
+ }, {
+ name: "RL:W", // from nvd v2 calc
+ val: "AV:A/AC:M/Au:S/C:P/I:P/A:P/E:H/RL:W/RC:ND",
+ exps: []float64 { 4.9, 4.7, 0.0 },
+ }, {
+ name: "RL:U", // from nvd v2 calc
+ val: "AV:A/AC:M/Au:S/C:P/I:P/A:P/E:H/RL:U/RC:ND",
+ exps: []float64 { 4.9, 4.9, 0.0 },
+ }, {
+ name: "RC:UC", // from nvd v2 calc
+ val: "AV:A/AC:M/Au:S/C:P/I:P/A:P/E:H/RL:U/RC:UC",
+ exps: []float64 { 4.9, 4.4, 0.0 },
+ }, {
+ name: "RC:UR", // from nvd v2 calc
+ val: "AV:A/AC:M/Au:S/C:P/I:P/A:P/E:H/RL:U/RC:UR",
+ exps: []float64 { 4.9, 4.7, 0.0 },
+ }, {
+ name: "CDP:ND", // from nvd v2 calc
+ val: "AV:A/AC:M/Au:S/C:P/I:P/A:P/E:H/RL:W/RC:ND/CDP:ND/TD:H/CR:L/IR:L/AR:L",
+ exps: []float64 { 4.9, 4.7, 2.8 },
+ }, {
+ name: "CDP:N", // from nvd v2 calc
+ val: "AV:A/AC:M/Au:S/C:P/I:P/A:P/E:H/RL:W/RC:ND/CDP:N/TD:H/CR:L/IR:L/AR:L",
+ exps: []float64 { 4.9, 4.7, 2.8 },
+ }, {
+ name: "CDP:L", // from nvd v2 calc
+ val: "AV:A/AC:M/Au:S/C:P/I:P/A:P/E:H/RL:W/RC:ND/CDP:L/TD:H/CR:L/IR:L/AR:L",
+ exps: []float64 { 4.9, 4.7, 3.5 },
+ }, {
+ name: "CDP:LM", // from nvd v2 calc
+ val: "AV:A/AC:M/Au:S/C:P/I:P/A:P/E:H/RL:W/RC:ND/CDP:LM/TD:H/CR:L/IR:L/AR:L",
+ exps: []float64 { 4.9, 4.7, 5.0 },
+ }, {
+ name: "CDP:MH", // from nvd v2 calc
+ val: "AV:A/AC:M/Au:S/C:P/I:P/A:P/E:H/RL:W/RC:ND/CDP:MH/TD:H/CR:L/IR:L/AR:L",
+ exps: []float64 { 4.9, 4.7, 5.7 },
+ }, {
+ name: "CDP:H", // from nvd v2 calc
+ val: "AV:A/AC:M/Au:S/C:P/I:P/A:P/E:H/RL:W/RC:ND/CDP:H/TD:H/CR:L/IR:L/AR:L",
+ exps: []float64 { 4.9, 4.7, 6.4 },
+ }, {
+ name: "TD:ND", // from nvd v2 calc
+ val: "AV:A/AC:M/Au:S/C:P/I:P/A:P/E:H/RL:W/RC:ND/CDP:H/TD:ND/CR:L/IR:L/AR:L",
+ exps: []float64 { 4.9, 4.7, 6.4 },
+ }, {
+ name: "TD:N", // from nvd v2 calc
+ val: "AV:A/AC:M/Au:S/C:P/I:P/A:P/E:H/RL:W/RC:ND/CDP:H/TD:N/CR:L/IR:L/AR:L",
+ exps: []float64 { 4.9, 4.7, 0.0 },
+ }, {
+ name: "TD:L", // from nvd v2 calc
+ val: "AV:A/AC:M/Au:S/C:P/I:P/A:P/E:H/RL:W/RC:ND/CDP:H/TD:L/CR:L/IR:L/AR:L",
+ exps: []float64 { 4.9, 4.7, 1.6 },
+ }, {
+ name: "TD:M", // from nvd v2 calc
+ val: "AV:A/AC:M/Au:S/C:P/I:P/A:P/E:H/RL:W/RC:ND/CDP:H/TD:M/CR:L/IR:L/AR:L",
+ exps: []float64 { 4.9, 4.7, 4.8 },
+ }, {
+ name: "TD:H", // from nvd v2 calc
+ val: "AV:A/AC:M/Au:S/C:P/I:P/A:P/E:H/RL:W/RC:ND/CDP:H/TD:H/CR:L/IR:L/AR:L",
+ exps: []float64 { 4.9, 4.7, 6.4 },
+ }, {
+ name: "CR:ND", // from nvd v2 calc
+ val: "AV:A/AC:M/Au:S/C:P/I:P/A:P/E:H/RL:W/RC:ND/CDP:H/TD:H/CR:ND/IR:L/AR:L",
+ exps: []float64 { 4.9, 4.7, 6.8 },
+ }, {
+ name: "CR:L", // from nvd v2 calc
+ val: "AV:A/AC:M/Au:S/C:P/I:P/A:P/E:H/RL:W/RC:ND/CDP:H/TD:H/CR:L/IR:L/AR:L",
+ exps: []float64 { 4.9, 4.7, 6.4 },
+ }, {
+ name: "CR:M", // from nvd v2 calc
+ val: "AV:A/AC:M/Au:S/C:P/I:P/A:P/E:H/RL:W/RC:ND/CDP:H/TD:H/CR:M/IR:L/AR:L",
+ exps: []float64 { 4.9, 4.7, 6.8 },
+ }, {
+ name: "CR:H", // from nvd v2 calc
+ val: "AV:A/AC:M/Au:S/C:P/I:P/A:P/E:H/RL:W/RC:ND/CDP:H/TD:H/CR:H/IR:L/AR:L",
+ exps: []float64 { 4.9, 4.7, 7.1 },
+ }, {
+ name: "IR:ND", // from nvd v2 calc
+ val: "AV:A/AC:M/Au:S/C:P/I:P/A:P/E:H/RL:W/RC:ND/CDP:H/TD:H/CR:L/IR:ND/AR:L",
+ exps: []float64 { 4.9, 4.7, 6.8 },
+ }, {
+ name: "IR:L", // from nvd v2 calc
+ val: "AV:A/AC:M/Au:S/C:P/I:P/A:P/E:H/RL:W/RC:ND/CDP:H/TD:H/CR:L/IR:L/AR:L",
+ exps: []float64 { 4.9, 4.7, 6.4 },
+ }, {
+ name: "IR:M", // from nvd v2 calc
+ val: "AV:A/AC:M/Au:S/C:P/I:P/A:P/E:H/RL:W/RC:ND/CDP:H/TD:H/CR:L/IR:M/AR:L",
+ exps: []float64 { 4.9, 4.7, 6.8 },
+ }, {
+ name: "IR:H", // from nvd v2 calc
+ val: "AV:A/AC:M/Au:S/C:P/I:P/A:P/E:H/RL:W/RC:ND/CDP:H/TD:H/CR:L/IR:H/AR:L",
+ exps: []float64 { 4.9, 4.7, 7.1 },
+ }, {
+ name: "AR:ND", // from nvd v2 calc
+ val: "AV:A/AC:M/Au:S/C:P/I:P/A:P/E:H/RL:W/RC:ND/CDP:H/TD:H/CR:L/IR:L/AR:ND",
+ exps: []float64 { 4.9, 4.7, 6.8 },
+ }, {
+ name: "AR:L", // from nvd v2 calc
+ val: "AV:A/AC:M/Au:S/C:P/I:P/A:P/E:H/RL:W/RC:ND/CDP:H/TD:H/CR:L/IR:L/AR:L",
+ exps: []float64 { 4.9, 4.7, 6.4 },
+ }, {
+ name: "AR:M", // from nvd v2 calc
+ val: "AV:A/AC:M/Au:S/C:P/I:P/A:P/E:H/RL:W/RC:ND/CDP:H/TD:H/CR:L/IR:L/AR:M",
+ exps: []float64 { 4.9, 4.7, 6.8 },
+ }, {
+ name: "AR:H", // from nvd v2 calc
+ val: "AV:A/AC:M/Au:S/C:P/I:P/A:P/E:H/RL:W/RC:ND/CDP:H/TD:H/CR:L/IR:L/AR:H",
+ exps: []float64 { 4.9, 4.7, 7.1 },
+ }}
+ // TODO: add additional test vectors using v2 calc
+
+ for _, test := range(passTests) {
+ t.Run(test.name, func(t *testing.T) {
+ // build expected result
+ exp, err := NewScores(test.exps[0], test.exps[1], test.exps[2])
+ if err != nil {
+ t.Error(err)
+ return
+ }
+
+ // create vector, check for error
+ vec, err := newV2Vector(test.val)
+ if err != nil {
+ t.Error(err)
+ return
+ }
+
+ // get scores
+ got, err := vec.Scores()
+ if err != nil {
+ t.Error(err)
+ return
+ }
+
+ // compare to expected scores
+ if !reflect.DeepEqual(got, exp) {
+ t.Errorf("got %v, exp %v", got, exp)
+ return
+ }
+ })
+ }
+}