Skip to content

Commit

Permalink
Improved 6.1.9 mandatory test
Browse files Browse the repository at this point in the history
  • Loading branch information
@giterlizzi
giterlizzi committed Oct 7, 2024
1 parent 509e67d commit c9c2bae
Show file tree
Hide file tree
Showing 2 changed files with 32 additions and 9 deletions.
36 changes: 27 additions & 9 deletions lib/CSAF/Validator/MandatoryTests.pm
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ use CSAF::Util::CVSS qw(decode_cvss_vector_string);
use CSAF::Util qw(collect_product_ids product_in_group_exists);
use CSAF::Schema;

use CVSS;
use List::MoreUtils qw(uniq duplicates);
use List::Util qw(first);
use URI::PackageURL;
Expand Down Expand Up @@ -509,15 +510,10 @@ sub TEST_6_1_8 {

}

sub TEST_6_1_9 { # TODO INCOMPLETE
sub TEST_6_1_9 {

my $self = shift;

DEBUG and $self->log->warn('Incomplete Mandatory Test 6.1.9');

my $cvss2_severity = {LOW => [0, 3.9], MEDIUM => [4, 6.9], HIGH => [7, 10]};
my $cvss3_severity = {LOW => [0, 3.9], MEDIUM => [4, 6.9], HIGH => [7, 8.9], CRITICAL => [9, 10]};

$self->csaf->vulnerabilities->each(sub {

my ($vulnerability, $vuln_idx) = @_;
Expand All @@ -526,13 +522,35 @@ sub TEST_6_1_9 { # TODO INCOMPLETE

my ($score, $score_idx) = @_;

if (my $cvss2 = $score->cvss_v2) {

my $cvss = CVSS->from_vector_string($cvss2->vectorString);

if ($cvss2->baseScore && $cvss->baseScore ne $cvss2->baseScore) {
$self->add_message(
category => 'mandatory',
path => "/vulnerabilities/$vuln_idx/score/$score_idx/cvss_v2",
code => '6.1.9',
message => 'Invalid CVSS computation'
);
}

}

if (my $cvss3 = $score->cvss_v3) {

return if (!$cvss3->baseSeverity);
my $cvss = CVSS->from_vector_string($cvss3->vectorString);

my ($score_min, $score_max) = @{$cvss3_severity->{$cvss3->baseSeverity}};
if ($cvss3->baseSeverity && $cvss->baseSeverity ne $cvss3->baseSeverity) {
$self->add_message(
category => 'mandatory',
path => "/vulnerabilities/$vuln_idx/score/$score_idx/cvss_v3",
code => '6.1.9',
message => 'Invalid CVSS computation'
);
}

unless ($cvss3->baseScore >= $score_min && $cvss3->baseScore <= $score_max) {
if ($cvss3->baseScore && $cvss->baseScore ne $cvss3->baseScore) {
$self->add_message(
category => 'mandatory',
path => "/vulnerabilities/$vuln_idx/score/$score_idx/cvss_v3",
Expand Down
5 changes: 5 additions & 0 deletions t/10-mandatory-6.1.9.t
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,5 +51,10 @@ $vuln->scores->add(
{baseScore => 10.0, baseSeverity => 'LOW', vectorString => 'CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H'}
);

$vuln->scores->add(
products => ['CSAFPID-9080700'],
cvss_v2 => {baseScore => 10.0, vectorString => 'AV:N/AC:L/Au:N/C:C/I:C/A:C'}
);

exec_validator_mandatory_test($csaf, '6.1.9');
done_testing;

0 comments on commit c9c2bae

Please sign in to comment.