From ce92ab3114dc8f5d9654dbfeecefb44049ea1a0c Mon Sep 17 00:00:00 2001 From: Paul Duncan Date: Tue, 1 Feb 2022 23:53:56 -0500 Subject: internal/cvss: add isVectorString tests --- internal/cvss/v30vector.go | 58 ++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 54 insertions(+), 4 deletions(-) (limited to 'internal/cvss/v30vector.go') diff --git a/internal/cvss/v30vector.go b/internal/cvss/v30vector.go index 0d835a0..5ef1ae8 100644 --- a/internal/cvss/v30vector.go +++ b/internal/cvss/v30vector.go @@ -1,6 +1,8 @@ package cvss import ( + // "encoding/json" + "regexp" "strings" ) @@ -43,9 +45,9 @@ func (v v30Vector) Metrics() []Metric { } // Create CVSS 3.0 vector from string. -func newV30Vector(s string) (Vector, error) { +func newV30Vector(s string) (v30Vector, error) { // strip version prefix, split into metric strings - strs := strings.Split(s[len(v31Prefix):], "/") + strs := strings.Split(s[len(v30Prefix):], "/") r := make([]v3Metric, len(strs)) // build results @@ -63,7 +65,55 @@ func newV30Vector(s string) (Vector, error) { return v30Vector(r), nil } -// Is the given string a CVSSv3.0 vector string? +// // Unmarshal CVSS 3.0 vector from JSON string. +// func (me *v30Vector) UnmarshalJSON(b []byte) error { +// // decode string, check for error +// var s string +// if err := json.Unmarshal(b, &s); err != nil { +// return err +// } +// +// // parse vector, check for error +// r, err := newV30Vector(s) +// if err != nil { +// return err +// } +// +// // save result, return success +// *me = r +// return nil +// } + +var v30VecRe = regexp.MustCompile( + "\\ACVSS:3\\.0(?:/(?:" + strings.Join([]string { + "(?:AV:[NALP])", + "(?:AC:[LH])", + "(?:PR:[NLH])", + "(?:UI:[NR])", + "(?:S:[UC])", + "(?:C:[HLN])", + "(?:I:[HLN])", + "(?:A:[HLN])", + "(?:E:[XHFPU])", + "(?:RL:[XUWTO])", + "(?:RC:[XCRU])", + "(?:CR:[XHML])", + "(?:IR:[XHML])", + "(?:AR:[XHML])", + "(?:MAV:[XNALP])", + "(?:MAC:[XLH])", + "(?:MPR:[XNLH])", + "(?:MUI:[XNR])", + "(?:MS:[XUC])", + "(?:MC:[XNLH])", + "(?:MI:[XNLH])", + "(?:MA:[XNLH])", + }, "|") + "))+\\z", +) + +// Is the given string a CVSSv3.1 vector string? func isV30VectorString(s string) bool { - return (len(s) > len(v30Prefix)) && (s[:len(v30Prefix)] == v30Prefix); + return (len(s) > len(v30Prefix)) && + (s[:len(v30Prefix)] == v30Prefix) && + v30VecRe.MatchString(s) } -- cgit v1.2.3