From e24e6af76a1dcd64889f47e3fae03d7c3fa6f7a3 Mon Sep 17 00:00:00 2001
From: Paul Duncan <pabs@pablotron.org>
Date: Mon, 7 Feb 2022 12:09:55 -0500
Subject: cvss: add score severity and tests

---
 cvss/score.go | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)

(limited to 'cvss/score.go')

diff --git a/cvss/score.go b/cvss/score.go
index e6a6faa..94a15a5 100644
--- a/cvss/score.go
+++ b/cvss/score.go
@@ -30,3 +30,33 @@ func (s Score) String() string {
 func (s Score) Float() float32 {
   return float32(s) / 10.0
 }
+
+// Score to severity mapping.
+var scoreSeverities = []struct {
+  min       uint8     // min score (inclusive)
+  max       uint8     // max score (inclusive)
+  severity  Severity  // severity
+} {
+  {  0,   0, None },
+  {  1,  39, Low },
+  { 40,  69, Medium },
+  { 70,  89, High },
+  { 90, 100, Critical },
+}
+
+// Return score severity.
+//
+// Returns Unknown if the score does not map to a known severity.
+//
+// Score severity is based on mapping from section 5 of CVSS 3.1
+// specification.
+func (s Score) Severity() Severity {
+  for _, row := range(scoreSeverities) {
+    if uint8(s) >= row.min && uint8(s) <= row.max {
+      return row.severity
+    }
+  }
+
+  // return unknown severity
+  return Unknown
+}
-- 
cgit v1.2.3