Cvss4.0 support #208
Cvss4.0 support #208
Conversation
|
Thanks for the updates @unorsk. I'll try and review them this weekend. |
@frasertweedale You can take a look at it if you want, but this isn't ready yet :) There is one thing I commented out in the tests that I am going to fix and lots of other places in the code that need some love. One of the reasons it took me so long is that I made a rewrite of the reference implementation in TypeScript which I used as a reference for my Haskell implementation, that (not surprisingly) isn't very idiomatic. |
| @@ -0,0 +1,325 @@ | |||
| {-# LANGUAGE OverloadedStrings #-} | |||
|
|
|||
| module Security.CVSS40Lookup (lookupScore, maxComposed, maxComposedEQ3, maxSeverityeq3eq6, maxSeverity) where | |||
There was a problem hiding this comment.
(just a code organisation thing) - I would like this module to be beneath Security.CVSS, e.g. Security.CVSS.V4_0.
…p into Security.CVSS.V4_0
|
@frasertweedale, it's kind of ready 🙈 |
Thanks @unorsk. I've had a quick look; I'll need to set aside some time to understand the implementation - perhaps (hopefully!) this weekend. |
|
So, I've had a look and it's a solid start - thanks @unorsk! I'm working on some improvements using sum types for the MicroVectors and a total function for the score lookup, rather than the maps and lookup tables. It seems that the scoring function is underspecified in the spec doc. There are some behaviours in the reference implementation that, from what I can see, aren't explained in the spec but rather fill in gaps or resolve ambiguities. I might be missing something but the spec seems rather poor or at least incomplete. Sigh... |
Yeah, sure.
The spec isn't great 😅 |
Fixing add CVSS 4.0 support