From 29db4acae4705988e28a007681d831ff84cf27a0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 1 Feb 2023 18:01:05 +0000 Subject: [PATCH 01/11] Bump maven-enforcer-plugin from 3.1.0 to 3.2.1 Bumps [maven-enforcer-plugin](https://github.com/apache/maven-enforcer) from 3.1.0 to 3.2.1. - [Release notes](https://github.com/apache/maven-enforcer/releases) - [Commits](https://github.com/apache/maven-enforcer/compare/enforcer-3.1.0...enforcer-3.2.1) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-enforcer-plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 872d7ac..c3850d9 100644 --- a/pom.xml +++ b/pom.xml @@ -135,7 +135,7 @@ org.apache.maven.plugins maven-enforcer-plugin - 3.1.0 + 3.2.1 enforce-java From 37e5c404460b3b932635e33b9c9622954a7a34ce Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 24 Mar 2023 19:04:38 +0000 Subject: [PATCH 02/11] Bump actions/checkout from 3.2.0 to 3.5.0 Bumps [actions/checkout](https://github.com/actions/checkout) from 3.2.0 to 3.5.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v3.2.0...v3.5.0) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/maven.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml index 4021f26..ef462bc 100644 --- a/.github/workflows/maven.yml +++ b/.github/workflows/maven.yml @@ -8,7 +8,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3.2.0 + - uses: actions/checkout@v3.5.0 - name: Set up JDK 1.8 uses: actions/setup-java@v1 with: From 5479197e2f814c9f179358d101295c0d8fa02da7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 31 Mar 2023 18:56:44 +0000 Subject: [PATCH 03/11] Bump cyclonedx-maven-plugin from 2.7.3 to 2.7.6 Bumps [cyclonedx-maven-plugin](https://github.com/CycloneDX/cyclonedx-maven-plugin) from 2.7.3 to 2.7.6. - [Release notes](https://github.com/CycloneDX/cyclonedx-maven-plugin/releases) - [Commits](https://github.com/CycloneDX/cyclonedx-maven-plugin/compare/cyclonedx-maven-plugin-2.7.3...cyclonedx-maven-plugin-2.7.6) --- updated-dependencies: - dependency-name: org.cyclonedx:cyclonedx-maven-plugin dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 872d7ac..6a653b2 100644 --- a/pom.xml +++ b/pom.xml @@ -27,7 +27,7 @@ UTF-8 false - 2.7.3 + 2.7.6 3.4.0 3.2.1 From 685ab93ec90f74d804b723864738258a632d91f9 Mon Sep 17 00:00:00 2001 From: "ander.ruiz" Date: Sun, 25 Jun 2023 17:48:47 +0200 Subject: [PATCH 04/11] Use equals instead of equalsIgnoreCase as it is already discarted by the matching patterns --- src/main/java/us/springett/cvss/CvssV2.java | 14 +++++++------- src/main/java/us/springett/cvss/CvssV3.java | 18 +++++++++--------- src/main/java/us/springett/cvss/CvssV3_1.java | 18 +++++++++--------- 3 files changed, 25 insertions(+), 25 deletions(-) diff --git a/src/main/java/us/springett/cvss/CvssV2.java b/src/main/java/us/springett/cvss/CvssV2.java index 164c6ed..bfcbc79 100644 --- a/src/main/java/us/springett/cvss/CvssV2.java +++ b/src/main/java/us/springett/cvss/CvssV2.java @@ -92,7 +92,7 @@ public enum AttackVector { } public static AttackVector fromString(String text) { for (AttackVector e : AttackVector.values()) { - if (e.shorthand.equalsIgnoreCase(text)) { + if (e.shorthand.equals(text)) { return e; } } @@ -113,7 +113,7 @@ public enum AttackComplexity { } public static AttackComplexity fromString(String text) { for (AttackComplexity e : AttackComplexity.values()) { - if (e.shorthand.equalsIgnoreCase(text)) { + if (e.shorthand.equals(text)) { return e; } } @@ -134,7 +134,7 @@ public enum Authentication { } public static Authentication fromString(String text) { for (Authentication e : Authentication.values()) { - if (e.shorthand.equalsIgnoreCase(text)) { + if (e.shorthand.equals(text)) { return e; } } @@ -158,7 +158,7 @@ public enum Exploitability { } public static Exploitability fromString(String text) { for (Exploitability e : Exploitability.values()) { - if (e.shorthand.equalsIgnoreCase(text)) { + if (e.shorthand.equals(text)) { return e; } } @@ -181,7 +181,7 @@ public enum RemediationLevel { } public static RemediationLevel fromString(String text) { for (RemediationLevel e : RemediationLevel .values()) { - if (e.shorthand.equalsIgnoreCase(text)) { + if (e.shorthand.equals(text)) { return e; } } @@ -203,7 +203,7 @@ public enum ReportConfidence { } public static ReportConfidence fromString(String text) { for (ReportConfidence e : ReportConfidence .values()) { - if (e.shorthand.equalsIgnoreCase(text)) { + if (e.shorthand.equals(text)) { return e; } } @@ -225,7 +225,7 @@ public enum CIA { } public static CIA fromString(String text) { for (CIA e : CIA.values()) { - if (e.shorthand.equalsIgnoreCase(text)) { + if (e.shorthand.equals(text)) { return e; } } diff --git a/src/main/java/us/springett/cvss/CvssV3.java b/src/main/java/us/springett/cvss/CvssV3.java index 1969f92..8ed8504 100644 --- a/src/main/java/us/springett/cvss/CvssV3.java +++ b/src/main/java/us/springett/cvss/CvssV3.java @@ -108,7 +108,7 @@ public enum AttackVector { } public static AttackVector fromString(String text) { for (AttackVector e : AttackVector.values()) { - if (e.shorthand.equalsIgnoreCase(text)) { + if (e.shorthand.equals(text)) { return e; } } @@ -128,7 +128,7 @@ public enum AttackComplexity { } public static AttackComplexity fromString(String text) { for (AttackComplexity e : AttackComplexity.values()) { - if (e.shorthand.equalsIgnoreCase(text)) { + if (e.shorthand.equals(text)) { return e; } } @@ -151,7 +151,7 @@ public enum PrivilegesRequired { } public static PrivilegesRequired fromString(String text) { for (PrivilegesRequired e : PrivilegesRequired.values()) { - if (e.shorthand.equalsIgnoreCase(text)) { + if (e.shorthand.equals(text)) { return e; } } @@ -171,7 +171,7 @@ public enum UserInteraction { } public static UserInteraction fromString(String text) { for (UserInteraction e : UserInteraction.values()) { - if (e.shorthand.equalsIgnoreCase(text)) { + if (e.shorthand.equals(text)) { return e; } } @@ -191,7 +191,7 @@ public enum Scope { } public static Scope fromString(String text) { for (Scope e : Scope.values()) { - if (e.shorthand.equalsIgnoreCase(text)) { + if (e.shorthand.equals(text)) { return e; } } @@ -215,7 +215,7 @@ public enum Exploitability { } public static Exploitability fromString(String text) { for (Exploitability e : Exploitability.values()) { - if (e.shorthand.equalsIgnoreCase(text)) { + if (e.shorthand.equals(text)) { return e; } } @@ -238,7 +238,7 @@ public enum RemediationLevel { } public static RemediationLevel fromString(String text) { for (RemediationLevel e : RemediationLevel.values()) { - if (e.shorthand.equalsIgnoreCase(text)) { + if (e.shorthand.equals(text)) { return e; } } @@ -260,7 +260,7 @@ public enum ReportConfidence { } public static ReportConfidence fromString(String text) { for (ReportConfidence e : ReportConfidence.values()) { - if (e.shorthand.equalsIgnoreCase(text)) { + if (e.shorthand.equals(text)) { return e; } } @@ -282,7 +282,7 @@ public enum CIA { } public static CIA fromString(String text) { for (CIA e : CIA.values()) { - if (e.shorthand.equalsIgnoreCase(text)) { + if (e.shorthand.equals(text)) { return e; } } diff --git a/src/main/java/us/springett/cvss/CvssV3_1.java b/src/main/java/us/springett/cvss/CvssV3_1.java index 574fa07..ef3999f 100644 --- a/src/main/java/us/springett/cvss/CvssV3_1.java +++ b/src/main/java/us/springett/cvss/CvssV3_1.java @@ -304,7 +304,7 @@ public enum ConfidentialityRequirement { public static ConfidentialityRequirement fromString(String text) { for (ConfidentialityRequirement cr : ConfidentialityRequirement.values()) { - if (cr.shorthand.equalsIgnoreCase(text)) { + if (cr.shorthand.equals(text)) { return cr; } } @@ -328,7 +328,7 @@ public enum IntegrityRequirement { public static IntegrityRequirement fromString(String text) { for (IntegrityRequirement ir : IntegrityRequirement.values()) { - if (ir.shorthand.equalsIgnoreCase(text)) { + if (ir.shorthand.equals(text)) { return ir; } } @@ -352,7 +352,7 @@ public enum AvailabilityRequirement { public static AvailabilityRequirement fromString(String text) { for (AvailabilityRequirement ar : AvailabilityRequirement.values()) { - if (ar.shorthand.equalsIgnoreCase(text)) { + if (ar.shorthand.equals(text)) { return ar; } } @@ -377,7 +377,7 @@ public enum ModifiedAttackVector { public static ModifiedAttackVector fromString(String text) { for (ModifiedAttackVector e : ModifiedAttackVector.values()) { - if (e.shorthand.equalsIgnoreCase(text)) { + if (e.shorthand.equals(text)) { return e; } } @@ -400,7 +400,7 @@ public enum ModifiedAttackComplexity { public static ModifiedAttackComplexity fromString(String text) { for (ModifiedAttackComplexity e : ModifiedAttackComplexity.values()) { - if (e.shorthand.equalsIgnoreCase(text)) { + if (e.shorthand.equals(text)) { return e; } } @@ -426,7 +426,7 @@ public enum ModifiedPrivilegesRequired { public static ModifiedPrivilegesRequired fromString(String text) { for (ModifiedPrivilegesRequired e : ModifiedPrivilegesRequired.values()) { - if (e.shorthand.equalsIgnoreCase(text)) { + if (e.shorthand.equals(text)) { return e; } } @@ -449,7 +449,7 @@ public enum ModifiedUserInteraction { public static ModifiedUserInteraction fromString(String text) { for (ModifiedUserInteraction e : ModifiedUserInteraction.values()) { - if (e.shorthand.equalsIgnoreCase(text)) { + if (e.shorthand.equals(text)) { return e; } } @@ -472,7 +472,7 @@ public enum ModifiedScope { public static ModifiedScope fromString(String text) { for (ModifiedScope e : ModifiedScope.values()) { - if (e.shorthand.equalsIgnoreCase(text)) { + if (e.shorthand.equals(text)) { return e; } } @@ -496,7 +496,7 @@ public enum ModifiedCIA { public static ModifiedCIA fromString(String text) { for (ModifiedCIA e : ModifiedCIA.values()) { - if (e.shorthand.equalsIgnoreCase(text)) { + if (e.shorthand.equals(text)) { return e; } } From c40fea965719b89e9734c01b5ebdac6be2f444af Mon Sep 17 00:00:00 2001 From: "ander.ruiz" Date: Sun, 25 Jun 2023 17:49:53 +0200 Subject: [PATCH 05/11] Use regex based parsing as it is faster and reorder the parsing based on vector usage --- src/main/java/us/springett/cvss/Cvss.java | 151 ++++++++++------------ 1 file changed, 71 insertions(+), 80 deletions(-) diff --git a/src/main/java/us/springett/cvss/Cvss.java b/src/main/java/us/springett/cvss/Cvss.java index 4aab9d4..7c8dadc 100644 --- a/src/main/java/us/springett/cvss/Cvss.java +++ b/src/main/java/us/springett/cvss/Cvss.java @@ -27,12 +27,12 @@ */ public interface Cvss { - String V2_PATTERN = "AV:[NAL]\\/AC:[LMH]\\/A[Uu]:[NSM]\\/C:[NPC]\\/I:[NPC]\\/A:[NPC]"; + String V2_PATTERN = "AV:(N|A|L)\\/AC:(L|M|H)\\/A[Uu]:(N|S|M)\\/C:(N|P|C)\\/I:(N|P|C)\\/A:(N|P|C)"; String V2_TEMPORAL = "\\/E:\\b(F|H|U|POC|ND)\\b\\/RL:\\b(W|U|TF|OF|ND)\\b\\/RC:\\b(C|UR|UC|ND)\\b"; - String V3_PATTERN = "AV:[NALP]\\/AC:[LH]\\/PR:[NLH]\\/UI:[NR]\\/S:[UC]\\/C:[NLH]\\/I:[NLH]\\/A:[NLH]"; - String V3_TEMPORAL = "\\/E:[F|H|U|P|X]\\/RL:[W|U|T|O|X]\\/RC:[C|R|U|X]"; - String V3_1_ENVIRONMENTAL = "\\/CR:[X|L|M|H]\\/IR:[X|L|M|H]\\/AR:[X|L|M|H]\\/MAV:[X|N|A|L|P]\\/MAC:[X|L|H]\\/MPR:[X|N|L|H]\\/MUI:[X|N|R]\\/MS:[X|U|C]\\/MC:[X|N|L|H]\\/MI:[X|N|L|H]\\/MA:[X|N|L|H]"; + String V3_PATTERN = "AV:(N|A|L|P)\\/AC:(L|H)\\/PR:(N|L|H)\\/UI:(N|R)\\/S:(U|C)\\/C:(N|L|H)\\/I:(N|L|H)\\/A:(N|L|H)"; + String V3_TEMPORAL = "\\/E:(F|H|U|P|X)\\/RL:(W|U|T|O|X)\\/RC:(C|R|U|X)"; + String V3_1_ENVIRONMENTAL = "\\/CR:(X|L|M|H)\\/IR:(X|L|M|H)\\/AR:(X|L|M|H)\\/MAV:(X|N|A|L|P)\\/MAC:(X|L|H)\\/MPR:(X|N|L|H)\\/MUI:(X|N|R)\\/MS:(X|U|C)\\/MC:(X|N|L|H)\\/MI:(X|N|L|H)\\/MA:(X|N|L|H)"; Pattern CVSSv2_PATTERN = Pattern.compile(V2_PATTERN); Pattern CVSSv2_PATTERN_TEMPORAL = Pattern.compile(V2_PATTERN + V2_TEMPORAL); @@ -54,102 +54,93 @@ static Cvss fromVector(String vector) { if (vector == null) { return null; } - Matcher v2Matcher = CVSSv2_PATTERN.matcher(vector); - Matcher v2TemporalMatcher = CVSSv2_PATTERN_TEMPORAL.matcher(vector); - Matcher v3Matcher = CVSSv3_PATTERN.matcher(vector); - Matcher v3TemporalMatcher = CVSSv3_PATTERN_TEMPORAL.matcher(vector); - Matcher v3_1Matcher = CVSSv3_1_PATTERN.matcher(vector); - if (v2TemporalMatcher.find()) { - // Found a valid CVSSv2 vector with temporal values - String matchedVector = v2TemporalMatcher.group(0); - StringTokenizer st = new StringTokenizer(matchedVector, "/"); - CvssV2 cvssV2 = getCvssV2BaseVector(st); - cvssV2.exploitability(CvssV2.Exploitability.fromString(st.nextElement().toString().split(":")[1])); - cvssV2.remediationLevel(CvssV2.RemediationLevel.fromString(st.nextElement().toString().split(":")[1])); - cvssV2.reportConfidence(CvssV2.ReportConfidence.fromString(st.nextElement().toString().split(":")[1])); - return cvssV2; - } else if (v2Matcher.find()) { - // Found a valid CVSSv2 vector - String matchedVector = v2Matcher.group(0); - StringTokenizer st = new StringTokenizer(matchedVector, "/"); - return getCvssV2BaseVector(st); - } else if (v3_1Matcher.find()) { + Matcher v3_1Matcher = CVSSv3_1_PATTERN.matcher(vector); + if (v3_1Matcher.find()) { // Found a valid CVSSv3.1 vector - String matchedVector = v3_1Matcher.group(0); - StringTokenizer st = new StringTokenizer(matchedVector, "/"); - CvssV3_1 cvssV3_1 = getCvssV3_1BaseVector(st); + CvssV3_1 cvssV3_1 = getCvssV3_1BaseVector(v3_1Matcher); - cvssV3_1.exploitability(CvssV3.Exploitability.fromString(st.nextElement().toString().split(":")[1])); - cvssV3_1.remediationLevel(CvssV3.RemediationLevel.fromString(st.nextElement().toString().split(":")[1])); - cvssV3_1.reportConfidence(CvssV3.ReportConfidence.fromString(st.nextElement().toString().split(":")[1])); - cvssV3_1.confidentialityRequirement(CvssV3_1.ConfidentialityRequirement.fromString(st.nextElement().toString().split(":")[1])); - cvssV3_1.integrityRequirement(CvssV3_1.IntegrityRequirement.fromString(st.nextElement().toString().split(":")[1])); - cvssV3_1.availabilityRequirement(CvssV3_1.AvailabilityRequirement.fromString(st.nextElement().toString().split(":")[1])); - cvssV3_1.modifiedAttackVector(CvssV3_1.ModifiedAttackVector.fromString(st.nextElement().toString().split(":")[1])); - cvssV3_1.modifiedAttackComplexity(CvssV3_1.ModifiedAttackComplexity.fromString(st.nextElement().toString().split(":")[1])); - cvssV3_1.modifiedPrivilegesRequired(CvssV3_1.ModifiedPrivilegesRequired.fromString(st.nextElement().toString().split(":")[1])); - cvssV3_1.modifiedUserInteraction(CvssV3_1.ModifiedUserInteraction.fromString(st.nextElement().toString().split(":")[1])); - cvssV3_1.modifiedScope(CvssV3_1.ModifiedScope.fromString(st.nextElement().toString().split(":")[1])); - cvssV3_1.modifiedConfidentialityImpact(CvssV3_1.ModifiedCIA.fromString(st.nextElement().toString().split(":")[1])); - cvssV3_1.modifiedIntegrityImpact(CvssV3_1.ModifiedCIA.fromString(st.nextElement().toString().split(":")[1])); - cvssV3_1.modifiedAvailabilityImpact(CvssV3_1.ModifiedCIA.fromString(st.nextElement().toString().split(":")[1])); + cvssV3_1.exploitability(CvssV3.Exploitability.fromString(v3_1Matcher.group(9))); + cvssV3_1.remediationLevel(CvssV3.RemediationLevel.fromString(v3_1Matcher.group(10))); + cvssV3_1.reportConfidence(CvssV3.ReportConfidence.fromString(v3_1Matcher.group(11))); + cvssV3_1.confidentialityRequirement(CvssV3_1.ConfidentialityRequirement.fromString(v3_1Matcher.group(12))); + cvssV3_1.integrityRequirement(CvssV3_1.IntegrityRequirement.fromString(v3_1Matcher.group(13))); + cvssV3_1.availabilityRequirement(CvssV3_1.AvailabilityRequirement.fromString(v3_1Matcher.group(14))); + cvssV3_1.modifiedAttackVector(CvssV3_1.ModifiedAttackVector.fromString(v3_1Matcher.group(15))); + cvssV3_1.modifiedAttackComplexity(CvssV3_1.ModifiedAttackComplexity.fromString(v3_1Matcher.group(16))); + cvssV3_1.modifiedPrivilegesRequired(CvssV3_1.ModifiedPrivilegesRequired.fromString(v3_1Matcher.group(17))); + cvssV3_1.modifiedUserInteraction(CvssV3_1.ModifiedUserInteraction.fromString(v3_1Matcher.group(18))); + cvssV3_1.modifiedScope(CvssV3_1.ModifiedScope.fromString(v3_1Matcher.group(19))); + cvssV3_1.modifiedConfidentialityImpact(CvssV3_1.ModifiedCIA.fromString(v3_1Matcher.group(20))); + cvssV3_1.modifiedIntegrityImpact(CvssV3_1.ModifiedCIA.fromString(v3_1Matcher.group(21))); + cvssV3_1.modifiedAvailabilityImpact(CvssV3_1.ModifiedCIA.fromString(v3_1Matcher.group(22))); return cvssV3_1; - } else if (v3TemporalMatcher.find()) { + } + Matcher v3TemporalMatcher = CVSSv3_PATTERN_TEMPORAL.matcher(vector); + if (v3TemporalMatcher.find()) { // Found a valid CVSSv3 vector with temporal values - String matchedVector = v3TemporalMatcher.group(0); - StringTokenizer st = new StringTokenizer(matchedVector, "/"); - CvssV3 cvssV3; - cvssV3 = getCvssV3BaseVector(st); - - cvssV3.exploitability(CvssV3.Exploitability.fromString(st.nextElement().toString().split(":")[1])); - cvssV3.remediationLevel(CvssV3.RemediationLevel.fromString(st.nextElement().toString().split(":")[1])); - cvssV3.reportConfidence(CvssV3.ReportConfidence.fromString(st.nextElement().toString().split(":")[1])); + CvssV3 cvssV3 = getCvssV3BaseVector(v3TemporalMatcher); + cvssV3.exploitability(CvssV3.Exploitability.fromString(v3TemporalMatcher.group(9))); + cvssV3.remediationLevel(CvssV3.RemediationLevel.fromString(v3TemporalMatcher.group(10))); + cvssV3.reportConfidence(CvssV3.ReportConfidence.fromString(v3TemporalMatcher.group(11))); return cvssV3; - } else if (v3Matcher.find()) { + } + Matcher v3Matcher = CVSSv3_PATTERN.matcher(vector); + if (v3Matcher.find()) { // Found a valid CVSSv3 vector - String matchedVector = v3Matcher.group(0); - StringTokenizer st = new StringTokenizer(matchedVector, "/"); - - return getCvssV3BaseVector(st); + return getCvssV3BaseVector(v3Matcher); } + Matcher v2TemporalMatcher = CVSSv2_PATTERN_TEMPORAL.matcher(vector); + if (v2TemporalMatcher.find()) { + // Found a valid CVSSv2 vector with temporal values + CvssV2 cvssV2 = getCvssV2BaseVector(v2TemporalMatcher); + cvssV2.exploitability(CvssV2.Exploitability.fromString(v2TemporalMatcher.group(7))); + cvssV2.remediationLevel(CvssV2.RemediationLevel.fromString(v2TemporalMatcher.group(8))); + cvssV2.reportConfidence(CvssV2.ReportConfidence.fromString(v2TemporalMatcher.group(9))); + return cvssV2; + } + Matcher v2Matcher = CVSSv2_PATTERN.matcher(vector); + if (v2Matcher.find()) { + // Found a valid CVSSv2 vector + return getCvssV2BaseVector(v2Matcher); + } else return null; } - static CvssV2 getCvssV2BaseVector(StringTokenizer st) { + static CvssV2 getCvssV2BaseVector(Matcher st) { CvssV2 cvssV2 = new CvssV2(); - cvssV2.attackVector(CvssV2.AttackVector.fromString(st.nextElement().toString().split(":")[1])); - cvssV2.attackComplexity(CvssV2.AttackComplexity.fromString(st.nextElement().toString().split(":")[1])); - cvssV2.authentication(CvssV2.Authentication.fromString(st.nextElement().toString().split(":")[1])); - cvssV2.confidentiality(CvssV2.CIA.fromString(st.nextElement().toString().split(":")[1])); - cvssV2.integrity(CvssV2.CIA.fromString(st.nextElement().toString().split(":")[1])); - cvssV2.availability(CvssV2.CIA.fromString(st.nextElement().toString().split(":")[1])); + cvssV2.attackVector(CvssV2.AttackVector.fromString(st.group(1))); + cvssV2.attackComplexity(CvssV2.AttackComplexity.fromString(st.group(2))); + cvssV2.authentication(CvssV2.Authentication.fromString(st.group(3))); + cvssV2.confidentiality(CvssV2.CIA.fromString(st.group(4))); + cvssV2.integrity(CvssV2.CIA.fromString(st.group(5))); + cvssV2.availability(CvssV2.CIA.fromString(st.group(6))); return cvssV2; } - static CvssV3 getCvssV3BaseVector(StringTokenizer st) { + static CvssV3 getCvssV3BaseVector(Matcher st) { CvssV3 cvssV3 = new CvssV3(); - cvssV3.attackVector(CvssV3.AttackVector.fromString(st.nextElement().toString().split(":")[1])); - cvssV3.attackComplexity(CvssV3.AttackComplexity.fromString(st.nextElement().toString().split(":")[1])); - cvssV3.privilegesRequired(CvssV3.PrivilegesRequired.fromString(st.nextElement().toString().split(":")[1])); - cvssV3.userInteraction(CvssV3.UserInteraction.fromString(st.nextElement().toString().split(":")[1])); - cvssV3.scope(CvssV3.Scope.fromString(st.nextElement().toString().split(":")[1])); - cvssV3.confidentiality(CvssV3.CIA.fromString(st.nextElement().toString().split(":")[1])); - cvssV3.integrity(CvssV3.CIA.fromString(st.nextElement().toString().split(":")[1])); - cvssV3.availability(CvssV3.CIA.fromString(st.nextElement().toString().split(":")[1])); + cvssV3.attackVector(CvssV3.AttackVector.fromString(st.group(1))); + cvssV3.attackComplexity(CvssV3.AttackComplexity.fromString(st.group(2))); + cvssV3.privilegesRequired(CvssV3.PrivilegesRequired.fromString(st.group(3))); + cvssV3.userInteraction(CvssV3.UserInteraction.fromString(st.group(4))); + cvssV3.scope(CvssV3.Scope.fromString(st.group(5))); + cvssV3.confidentiality(CvssV3.CIA.fromString(st.group(6))); + cvssV3.integrity(CvssV3.CIA.fromString(st.group(7))); + cvssV3.availability(CvssV3.CIA.fromString(st.group(8))); return cvssV3; } - static CvssV3_1 getCvssV3_1BaseVector(StringTokenizer st) { + static CvssV3_1 getCvssV3_1BaseVector(Matcher st) { CvssV3_1 cvssV3_1 = new CvssV3_1(); - cvssV3_1.attackVector(CvssV3.AttackVector.fromString(st.nextElement().toString().split(":")[1])); - cvssV3_1.attackComplexity(CvssV3.AttackComplexity.fromString(st.nextElement().toString().split(":")[1])); - cvssV3_1.privilegesRequired(CvssV3.PrivilegesRequired.fromString(st.nextElement().toString().split(":")[1])); - cvssV3_1.userInteraction(CvssV3.UserInteraction.fromString(st.nextElement().toString().split(":")[1])); - cvssV3_1.scope(CvssV3.Scope.fromString(st.nextElement().toString().split(":")[1])); - cvssV3_1.confidentiality(CvssV3.CIA.fromString(st.nextElement().toString().split(":")[1])); - cvssV3_1.integrity(CvssV3.CIA.fromString(st.nextElement().toString().split(":")[1])); - cvssV3_1.availability(CvssV3.CIA.fromString(st.nextElement().toString().split(":")[1])); + cvssV3_1.attackVector(CvssV3.AttackVector.fromString(st.group(1))); + cvssV3_1.attackComplexity(CvssV3.AttackComplexity.fromString(st.group(2))); + cvssV3_1.privilegesRequired(CvssV3.PrivilegesRequired.fromString(st.group(3))); + cvssV3_1.userInteraction(CvssV3.UserInteraction.fromString(st.group(4))); + cvssV3_1.scope(CvssV3.Scope.fromString(st.group(5))); + cvssV3_1.confidentiality(CvssV3.CIA.fromString(st.group(6))); + cvssV3_1.integrity(CvssV3.CIA.fromString(st.group(7))); + cvssV3_1.availability(CvssV3.CIA.fromString(st.group(8))); return cvssV3_1; } From 6c0a0c04bad27227d66c3bbdcb3fcdf2f663c5de Mon Sep 17 00:00:00 2001 From: "ander.ruiz" Date: Mon, 26 Jun 2023 10:08:26 +0200 Subject: [PATCH 06/11] Char based parsing instead of String --- src/main/java/us/springett/cvss/Cvss.java | 101 +++++++------ src/main/java/us/springett/cvss/CvssV2.java | 56 +++---- src/main/java/us/springett/cvss/CvssV3.java | 132 ++++++++--------- src/main/java/us/springett/cvss/CvssV3_1.java | 140 +++++++++--------- 4 files changed, 216 insertions(+), 213 deletions(-) diff --git a/src/main/java/us/springett/cvss/Cvss.java b/src/main/java/us/springett/cvss/Cvss.java index 7c8dadc..9ac6ab7 100644 --- a/src/main/java/us/springett/cvss/Cvss.java +++ b/src/main/java/us/springett/cvss/Cvss.java @@ -15,7 +15,6 @@ */ package us.springett.cvss; -import java.util.StringTokenizer; import java.util.regex.Matcher; import java.util.regex.Pattern; @@ -58,42 +57,40 @@ static Cvss fromVector(String vector) { Matcher v3_1Matcher = CVSSv3_1_PATTERN.matcher(vector); if (v3_1Matcher.find()) { // Found a valid CVSSv3.1 vector - CvssV3_1 cvssV3_1 = getCvssV3_1BaseVector(v3_1Matcher); - - cvssV3_1.exploitability(CvssV3.Exploitability.fromString(v3_1Matcher.group(9))); - cvssV3_1.remediationLevel(CvssV3.RemediationLevel.fromString(v3_1Matcher.group(10))); - cvssV3_1.reportConfidence(CvssV3.ReportConfidence.fromString(v3_1Matcher.group(11))); - cvssV3_1.confidentialityRequirement(CvssV3_1.ConfidentialityRequirement.fromString(v3_1Matcher.group(12))); - cvssV3_1.integrityRequirement(CvssV3_1.IntegrityRequirement.fromString(v3_1Matcher.group(13))); - cvssV3_1.availabilityRequirement(CvssV3_1.AvailabilityRequirement.fromString(v3_1Matcher.group(14))); - cvssV3_1.modifiedAttackVector(CvssV3_1.ModifiedAttackVector.fromString(v3_1Matcher.group(15))); - cvssV3_1.modifiedAttackComplexity(CvssV3_1.ModifiedAttackComplexity.fromString(v3_1Matcher.group(16))); - cvssV3_1.modifiedPrivilegesRequired(CvssV3_1.ModifiedPrivilegesRequired.fromString(v3_1Matcher.group(17))); - cvssV3_1.modifiedUserInteraction(CvssV3_1.ModifiedUserInteraction.fromString(v3_1Matcher.group(18))); - cvssV3_1.modifiedScope(CvssV3_1.ModifiedScope.fromString(v3_1Matcher.group(19))); - cvssV3_1.modifiedConfidentialityImpact(CvssV3_1.ModifiedCIA.fromString(v3_1Matcher.group(20))); - cvssV3_1.modifiedIntegrityImpact(CvssV3_1.ModifiedCIA.fromString(v3_1Matcher.group(21))); - cvssV3_1.modifiedAvailabilityImpact(CvssV3_1.ModifiedCIA.fromString(v3_1Matcher.group(22))); + char [] vectorChars = vector.toCharArray(); + CvssV3_1 cvssV3_1 = getCvssV3_1BaseVector(v3_1Matcher, vectorChars); + fillV3TemporalValues(v3_1Matcher, vectorChars, cvssV3_1); + cvssV3_1.confidentialityRequirement(CvssV3_1.ConfidentialityRequirement.fromChar(vectorChars[v3_1Matcher.start(12)])); + cvssV3_1.integrityRequirement(CvssV3_1.IntegrityRequirement.fromChar(vectorChars[v3_1Matcher.start(13)])); + cvssV3_1.availabilityRequirement(CvssV3_1.AvailabilityRequirement.fromChar(vectorChars[v3_1Matcher.start(14)])); + cvssV3_1.modifiedAttackVector(CvssV3_1.ModifiedAttackVector.fromChar(vectorChars[v3_1Matcher.start(15)])); + cvssV3_1.modifiedAttackComplexity(CvssV3_1.ModifiedAttackComplexity.fromChar(vectorChars[v3_1Matcher.start(16)])); + cvssV3_1.modifiedPrivilegesRequired(CvssV3_1.ModifiedPrivilegesRequired.fromChar(vectorChars[v3_1Matcher.start(17)])); + cvssV3_1.modifiedUserInteraction(CvssV3_1.ModifiedUserInteraction.fromChar(vectorChars[v3_1Matcher.start(18)])); + cvssV3_1.modifiedScope(CvssV3_1.ModifiedScope.fromChar(vectorChars[v3_1Matcher.start(19)])); + cvssV3_1.modifiedConfidentialityImpact(CvssV3_1.ModifiedCIA.fromChar(vectorChars[v3_1Matcher.start(20)])); + cvssV3_1.modifiedIntegrityImpact(CvssV3_1.ModifiedCIA.fromChar(vectorChars[v3_1Matcher.start(21)])); + cvssV3_1.modifiedAvailabilityImpact(CvssV3_1.ModifiedCIA.fromChar(vectorChars[v3_1Matcher.start(22)])); return cvssV3_1; } Matcher v3TemporalMatcher = CVSSv3_PATTERN_TEMPORAL.matcher(vector); if (v3TemporalMatcher.find()) { + char [] vectorChars = vector.toCharArray(); // Found a valid CVSSv3 vector with temporal values - CvssV3 cvssV3 = getCvssV3BaseVector(v3TemporalMatcher); - cvssV3.exploitability(CvssV3.Exploitability.fromString(v3TemporalMatcher.group(9))); - cvssV3.remediationLevel(CvssV3.RemediationLevel.fromString(v3TemporalMatcher.group(10))); - cvssV3.reportConfidence(CvssV3.ReportConfidence.fromString(v3TemporalMatcher.group(11))); + CvssV3 cvssV3 = getCvssV3BaseVector(v3TemporalMatcher, vectorChars); + fillV3TemporalValues(v3TemporalMatcher, vectorChars, cvssV3); return cvssV3; } Matcher v3Matcher = CVSSv3_PATTERN.matcher(vector); if (v3Matcher.find()) { + char [] vectorChars = vector.toCharArray(); // Found a valid CVSSv3 vector - return getCvssV3BaseVector(v3Matcher); + return getCvssV3BaseVector(v3Matcher, vectorChars); } Matcher v2TemporalMatcher = CVSSv2_PATTERN_TEMPORAL.matcher(vector); if (v2TemporalMatcher.find()) { // Found a valid CVSSv2 vector with temporal values - CvssV2 cvssV2 = getCvssV2BaseVector(v2TemporalMatcher); + CvssV2 cvssV2 = getCvssV2BaseVector(v2TemporalMatcher, vector.toCharArray()); cvssV2.exploitability(CvssV2.Exploitability.fromString(v2TemporalMatcher.group(7))); cvssV2.remediationLevel(CvssV2.RemediationLevel.fromString(v2TemporalMatcher.group(8))); cvssV2.reportConfidence(CvssV2.ReportConfidence.fromString(v2TemporalMatcher.group(9))); @@ -102,45 +99,51 @@ static Cvss fromVector(String vector) { Matcher v2Matcher = CVSSv2_PATTERN.matcher(vector); if (v2Matcher.find()) { // Found a valid CVSSv2 vector - return getCvssV2BaseVector(v2Matcher); + return getCvssV2BaseVector(v2Matcher, vector.toCharArray()); } else return null; } - static CvssV2 getCvssV2BaseVector(Matcher st) { + static void fillV3TemporalValues(Matcher v3TemporalMatcher, char[] vectorChars, CvssV3 cvssV3) { + cvssV3.exploitability(CvssV3.Exploitability.fromChar(vectorChars[v3TemporalMatcher.start(9)])); + cvssV3.remediationLevel(CvssV3.RemediationLevel.fromChar(vectorChars[v3TemporalMatcher.start(10)])); + cvssV3.reportConfidence(CvssV3.ReportConfidence.fromChar(vectorChars[v3TemporalMatcher.start(11)])); + } + + static CvssV2 getCvssV2BaseVector(Matcher st, char [] array) { CvssV2 cvssV2 = new CvssV2(); - cvssV2.attackVector(CvssV2.AttackVector.fromString(st.group(1))); - cvssV2.attackComplexity(CvssV2.AttackComplexity.fromString(st.group(2))); - cvssV2.authentication(CvssV2.Authentication.fromString(st.group(3))); - cvssV2.confidentiality(CvssV2.CIA.fromString(st.group(4))); - cvssV2.integrity(CvssV2.CIA.fromString(st.group(5))); - cvssV2.availability(CvssV2.CIA.fromString(st.group(6))); + cvssV2.attackVector(CvssV2.AttackVector.fromChar(array[st.start(1)])); + cvssV2.attackComplexity(CvssV2.AttackComplexity.fromChar(array[st.start(2)])); + cvssV2.authentication(CvssV2.Authentication.fromChar(array[st.start(3)])); + cvssV2.confidentiality(CvssV2.CIA.fromChar(array[st.start(4)])); + cvssV2.integrity(CvssV2.CIA.fromChar(array[st.start(5)])); + cvssV2.availability(CvssV2.CIA.fromChar(array[st.start(6)])); return cvssV2; } - static CvssV3 getCvssV3BaseVector(Matcher st) { + static CvssV3 getCvssV3BaseVector(Matcher st, char [] array) { CvssV3 cvssV3 = new CvssV3(); - cvssV3.attackVector(CvssV3.AttackVector.fromString(st.group(1))); - cvssV3.attackComplexity(CvssV3.AttackComplexity.fromString(st.group(2))); - cvssV3.privilegesRequired(CvssV3.PrivilegesRequired.fromString(st.group(3))); - cvssV3.userInteraction(CvssV3.UserInteraction.fromString(st.group(4))); - cvssV3.scope(CvssV3.Scope.fromString(st.group(5))); - cvssV3.confidentiality(CvssV3.CIA.fromString(st.group(6))); - cvssV3.integrity(CvssV3.CIA.fromString(st.group(7))); - cvssV3.availability(CvssV3.CIA.fromString(st.group(8))); + cvssV3.attackVector(CvssV3.AttackVector.fromChar(array[st.start(1)])); + cvssV3.attackComplexity(CvssV3.AttackComplexity.fromChar(array[st.start(2)])); + cvssV3.privilegesRequired(CvssV3.PrivilegesRequired.fromChar(array[st.start(3)])); + cvssV3.userInteraction(CvssV3.UserInteraction.fromChar(array[st.start(4)])); + cvssV3.scope(CvssV3.Scope.fromChar(array[st.start(5)])); + cvssV3.confidentiality(CvssV3.CIA.fromString(array[st.start(6)])); + cvssV3.integrity(CvssV3.CIA.fromString(array[st.start(7)])); + cvssV3.availability(CvssV3.CIA.fromString(array[st.start(8)])); return cvssV3; } - static CvssV3_1 getCvssV3_1BaseVector(Matcher st) { + static CvssV3_1 getCvssV3_1BaseVector(Matcher st, char [] array) { CvssV3_1 cvssV3_1 = new CvssV3_1(); - cvssV3_1.attackVector(CvssV3.AttackVector.fromString(st.group(1))); - cvssV3_1.attackComplexity(CvssV3.AttackComplexity.fromString(st.group(2))); - cvssV3_1.privilegesRequired(CvssV3.PrivilegesRequired.fromString(st.group(3))); - cvssV3_1.userInteraction(CvssV3.UserInteraction.fromString(st.group(4))); - cvssV3_1.scope(CvssV3.Scope.fromString(st.group(5))); - cvssV3_1.confidentiality(CvssV3.CIA.fromString(st.group(6))); - cvssV3_1.integrity(CvssV3.CIA.fromString(st.group(7))); - cvssV3_1.availability(CvssV3.CIA.fromString(st.group(8))); + cvssV3_1.attackVector(CvssV3.AttackVector.fromChar(array[st.start(1)])); + cvssV3_1.attackComplexity(CvssV3.AttackComplexity.fromChar(array[st.start(2)])); + cvssV3_1.privilegesRequired(CvssV3.PrivilegesRequired.fromChar(array[st.start(3)])); + cvssV3_1.userInteraction(CvssV3.UserInteraction.fromChar(array[st.start(4)])); + cvssV3_1.scope(CvssV3.Scope.fromChar(array[st.start(5)])); + cvssV3_1.confidentiality(CvssV3.CIA.fromString(array[st.start(6)])); + cvssV3_1.integrity(CvssV3.CIA.fromString(array[st.start(7)])); + cvssV3_1.availability(CvssV3.CIA.fromString(array[st.start(8)])); return cvssV3_1; } diff --git a/src/main/java/us/springett/cvss/CvssV2.java b/src/main/java/us/springett/cvss/CvssV2.java index bfcbc79..381bc9d 100644 --- a/src/main/java/us/springett/cvss/CvssV2.java +++ b/src/main/java/us/springett/cvss/CvssV2.java @@ -80,19 +80,19 @@ public CvssV2 reportConfidence(ReportConfidence rc) { } public enum AttackVector { - NETWORK(1.0, "N"), - ADJACENT(0.646, "A"), - LOCAL(0.395, "L"); + NETWORK(1.0, 'N'), + ADJACENT(0.646, 'A'), + LOCAL(0.395, 'L'); private final double weight; - private final String shorthand; - AttackVector(double weight, String shorthand) { + private final char shorthand; + AttackVector(double weight, char shorthand) { this.weight = weight; this.shorthand = shorthand; } - public static AttackVector fromString(String text) { + public static AttackVector fromChar(char c) { for (AttackVector e : AttackVector.values()) { - if (e.shorthand.equals(text)) { + if (e.shorthand==c) { return e; } } @@ -101,19 +101,19 @@ public static AttackVector fromString(String text) { } public enum AttackComplexity { - LOW(0.71, "L"), - MEDIUM(0.61, "M"), - HIGH(0.35, "H"); + LOW(0.71, 'L'), + MEDIUM(0.61, 'M'), + HIGH(0.35, 'H'); private final double weight; - private final String shorthand; - AttackComplexity(double weight, String shorthand) { + private final char shorthand; + AttackComplexity(double weight, char shorthand) { this.weight = weight; this.shorthand = shorthand; } - public static AttackComplexity fromString(String text) { + public static AttackComplexity fromChar(char c) { for (AttackComplexity e : AttackComplexity.values()) { - if (e.shorthand.equals(text)) { + if (e.shorthand==c) { return e; } } @@ -122,19 +122,19 @@ public static AttackComplexity fromString(String text) { } public enum Authentication { - NONE(0.704, "N"), - SINGLE(0.56, "S"), - MULTIPLE(0.45, "M"); + NONE(0.704, 'N'), + SINGLE(0.56, 'S'), + MULTIPLE(0.45, 'M'); private final double weight; - private final String shorthand; - Authentication(double weight, String shorthand) { + private final char shorthand; + Authentication(double weight, char shorthand) { this.weight = weight; this.shorthand = shorthand; } - public static Authentication fromString(String text) { + public static Authentication fromChar(char c) { for (Authentication e : Authentication.values()) { - if (e.shorthand.equals(text)) { + if (e.shorthand==c) { return e; } } @@ -213,19 +213,19 @@ public static ReportConfidence fromString(String text) { // End-Temporal public enum CIA { - NONE(0.0, "N"), - PARTIAL(0.275, "P"), - COMPLETE(0.660, "C"); + NONE(0.0, 'N'), + PARTIAL(0.275, 'P'), + COMPLETE(0.660, 'C'); private final double weight; - private final String shorthand; - CIA(double weight, String shorthand) { + private final char shorthand; + CIA(double weight, char shorthand) { this.weight = weight; this.shorthand = shorthand; } - public static CIA fromString(String text) { + public static CIA fromChar(char c) { for (CIA e : CIA.values()) { - if (e.shorthand.equals(text)) { + if (e.shorthand==c) { return e; } } diff --git a/src/main/java/us/springett/cvss/CvssV3.java b/src/main/java/us/springett/cvss/CvssV3.java index 8ed8504..f4a7f6b 100644 --- a/src/main/java/us/springett/cvss/CvssV3.java +++ b/src/main/java/us/springett/cvss/CvssV3.java @@ -95,20 +95,20 @@ public CvssV3 reportConfidence(ReportConfidence rc) { } public enum AttackVector { - NETWORK(0.85, "N"), - ADJACENT(0.62, "A"), - LOCAL(0.55, "L"), - PHYSICAL(0.2, "P"); + NETWORK(0.85, 'N'), + ADJACENT(0.62, 'A'), + LOCAL(0.55, 'L'), + PHYSICAL(0.2, 'P'); protected final double weight; - protected final String shorthand; - AttackVector(double weight, String shorthand) { + protected final char shorthand; + AttackVector(double weight, char shorthand) { this.weight = weight; this.shorthand = shorthand; } - public static AttackVector fromString(String text) { + public static AttackVector fromChar(char c) { for (AttackVector e : AttackVector.values()) { - if (e.shorthand.equals(text)) { + if (e.shorthand==c) { return e; } } @@ -117,18 +117,18 @@ public static AttackVector fromString(String text) { } public enum AttackComplexity { - LOW(0.77, "L"), - HIGH(0.44, "H"); + LOW(0.77, 'L'), + HIGH(0.44, 'H'); protected final double weight; - protected final String shorthand; - AttackComplexity(double weight, String shorthand) { + protected final char shorthand; + AttackComplexity(double weight, char shorthand) { this.weight = weight; this.shorthand = shorthand; } - public static AttackComplexity fromString(String text) { + public static AttackComplexity fromChar(char c) { for (AttackComplexity e : AttackComplexity.values()) { - if (e.shorthand.equals(text)) { + if (e.shorthand==c) { return e; } } @@ -137,21 +137,21 @@ public static AttackComplexity fromString(String text) { } public enum PrivilegesRequired { - NONE(0.85, 0.85, "N"), - LOW(0.62, 0.68, "L"), - HIGH(0.27, 0.5, "H"); + NONE(0.85, 0.85, 'N'), + LOW(0.62, 0.68, 'L'), + HIGH(0.27, 0.5, 'H'); protected final double weight; protected final double scopeChangedWeight; - protected final String shorthand; - PrivilegesRequired(double weight, double scopeChangedWeight, String shorthand) { + protected final char shorthand; + PrivilegesRequired(double weight, double scopeChangedWeight, char shorthand) { this.weight = weight; this.scopeChangedWeight = scopeChangedWeight; this.shorthand = shorthand; } - public static PrivilegesRequired fromString(String text) { + public static PrivilegesRequired fromChar(char c) { for (PrivilegesRequired e : PrivilegesRequired.values()) { - if (e.shorthand.equals(text)) { + if (e.shorthand==c) { return e; } } @@ -160,18 +160,18 @@ public static PrivilegesRequired fromString(String text) { } public enum UserInteraction { - NONE(0.85, "N"), - REQUIRED(0.62, "R"); + NONE(0.85, 'N'), + REQUIRED(0.62, 'R'); protected final double weight; - protected final String shorthand; - UserInteraction(double weight, String shorthand) { + protected final char shorthand; + UserInteraction(double weight, char shorthand) { this.weight = weight; this.shorthand = shorthand; } - public static UserInteraction fromString(String text) { + public static UserInteraction fromChar(char c) { for (UserInteraction e : UserInteraction.values()) { - if (e.shorthand.equals(text)) { + if (e.shorthand==c) { return e; } } @@ -180,18 +180,18 @@ public static UserInteraction fromString(String text) { } public enum Scope { - UNCHANGED(6.42, "U"), - CHANGED(7.52, "C"); + UNCHANGED(6.42, 'U'), + CHANGED(7.52, 'C'); protected final double weight; - protected final String shorthand; - Scope(double weight, String shorthand) { + protected final char shorthand; + Scope(double weight, char shorthand) { this.weight = weight; this.shorthand = shorthand; } - public static Scope fromString(String text) { + public static Scope fromChar(char c) { for (Scope e : Scope.values()) { - if (e.shorthand.equals(text)) { + if (e.shorthand==c) { return e; } } @@ -201,21 +201,21 @@ public static Scope fromString(String text) { // Temporal public enum Exploitability { - UNPROVEN(0.91, "U"), - POC(0.94, "P"), - FUNCTIONAL(0.97, "F"), - HIGH(1.0, "H"), - NOT_DEFINED(1.0, "X"),; + UNPROVEN(0.91, 'U'), + POC(0.94, 'P'), + FUNCTIONAL(0.97, 'F'), + HIGH(1.0, 'H'), + NOT_DEFINED(1.0, 'X'),; protected final double weight; - protected final String shorthand; - Exploitability(double weight, String shorthand) { + protected final char shorthand; + Exploitability(double weight, char shorthand) { this.weight = weight; this.shorthand = shorthand; } - public static Exploitability fromString(String text) { + public static Exploitability fromChar(char c) { for (Exploitability e : Exploitability.values()) { - if (e.shorthand.equals(text)) { + if (e.shorthand==c) { return e; } } @@ -224,21 +224,21 @@ public static Exploitability fromString(String text) { } public enum RemediationLevel { - UNAVAILABLE(1.0, "U"), - WORKAROUND(0.97, "W"), - TEMPORARY(0.96, "T"), - OFFICIAL(0.95, "O"), - NOT_DEFINED(1.0, "X"),; + UNAVAILABLE(1.0, 'U'), + WORKAROUND(0.97, 'W'), + TEMPORARY(0.96, 'T'), + OFFICIAL(0.95, 'O'), + NOT_DEFINED(1.0, 'X'),; protected final double weight; - protected final String shorthand; - RemediationLevel (double weight, String shorthand) { + protected final char shorthand; + RemediationLevel (double weight, char shorthand) { this.weight = weight; this.shorthand = shorthand; } - public static RemediationLevel fromString(String text) { + public static RemediationLevel fromChar(char c) { for (RemediationLevel e : RemediationLevel.values()) { - if (e.shorthand.equals(text)) { + if (e.shorthand==c) { return e; } } @@ -247,20 +247,20 @@ public static RemediationLevel fromString(String text) { } public enum ReportConfidence { - UNKNOWN(0.92, "U"), - REASONABLE(0.96, "R"), - CONFIRMED(1.0, "C"), - NOT_DEFINED(1.0, "X"),; + UNKNOWN(0.92, 'U'), + REASONABLE(0.96, 'R'), + CONFIRMED(1.0, 'C'), + NOT_DEFINED(1.0, 'X'),; protected final double weight; - protected final String shorthand; - ReportConfidence (double weight, String shorthand) { + protected final char shorthand; + ReportConfidence (double weight, char shorthand) { this.weight = weight; this.shorthand = shorthand; } - public static ReportConfidence fromString(String text) { + public static ReportConfidence fromChar(char c) { for (ReportConfidence e : ReportConfidence.values()) { - if (e.shorthand.equals(text)) { + if (e.shorthand==c) { return e; } } @@ -270,19 +270,19 @@ public static ReportConfidence fromString(String text) { // End-Temporal public enum CIA { - NONE(0, "N"), - LOW(0.22, "L"), - HIGH(0.56, "H"); + NONE(0, 'N'), + LOW(0.22, 'L'), + HIGH(0.56, 'H'); protected final double weight; - protected final String shorthand; - CIA(double weight, String shorthand) { + protected final char shorthand; + CIA(double weight, char shorthand) { this.weight = weight; this.shorthand = shorthand; } - public static CIA fromString(String text) { + public static CIA fromString(char c) { for (CIA e : CIA.values()) { - if (e.shorthand.equals(text)) { + if (e.shorthand==c) { return e; } } diff --git a/src/main/java/us/springett/cvss/CvssV3_1.java b/src/main/java/us/springett/cvss/CvssV3_1.java index ef3999f..e16ed48 100644 --- a/src/main/java/us/springett/cvss/CvssV3_1.java +++ b/src/main/java/us/springett/cvss/CvssV3_1.java @@ -289,22 +289,22 @@ public AvailabilityRequirement getAvailabilityRequirement() { } public enum ConfidentialityRequirement { - NOT_DEFINED(1.0, "X"), - LOW(0.5, "L"), - MEDIUM(1.0, "M"), - HIGH(1.5, "H"); + NOT_DEFINED(1.0, 'X'), + LOW(0.5, 'L'), + MEDIUM(1.0, 'M'), + HIGH(1.5, 'H'); protected final double weight; - protected final String shorthand; + protected final char shorthand; - ConfidentialityRequirement(double weight, String shorthand) { + ConfidentialityRequirement(double weight, char shorthand) { this.weight = weight; this.shorthand = shorthand; } - public static ConfidentialityRequirement fromString(String text) { + public static ConfidentialityRequirement fromChar(char c) { for (ConfidentialityRequirement cr : ConfidentialityRequirement.values()) { - if (cr.shorthand.equals(text)) { + if (cr.shorthand==c) { return cr; } } @@ -313,22 +313,22 @@ public static ConfidentialityRequirement fromString(String text) { } public enum IntegrityRequirement { - NOT_DEFINED(1.0, "X"), - LOW(0.5, "L"), - MEDIUM(1.0, "M"), - HIGH(1.5, "H"); + NOT_DEFINED(1.0, 'X'), + LOW(0.5, 'L'), + MEDIUM(1.0, 'M'), + HIGH(1.5, 'H'); protected final double weight; - protected final String shorthand; + protected final char shorthand; - IntegrityRequirement(double weight, String shorthand) { + IntegrityRequirement(double weight, char shorthand) { this.weight = weight; this.shorthand = shorthand; } - public static IntegrityRequirement fromString(String text) { + public static IntegrityRequirement fromChar(char c) { for (IntegrityRequirement ir : IntegrityRequirement.values()) { - if (ir.shorthand.equals(text)) { + if (ir.shorthand==c) { return ir; } } @@ -337,22 +337,22 @@ public static IntegrityRequirement fromString(String text) { } public enum AvailabilityRequirement { - NOT_DEFINED(1.0, "X"), - LOW(0.5, "L"), - MEDIUM(1.0, "M"), - HIGH(1.5, "H"); + NOT_DEFINED(1.0, 'X'), + LOW(0.5, 'L'), + MEDIUM(1.0, 'M'), + HIGH(1.5, 'H'); protected final double weight; - protected final String shorthand; + protected final char shorthand; - AvailabilityRequirement(double weight, String shorthand) { + AvailabilityRequirement(double weight, char shorthand) { this.weight = weight; this.shorthand = shorthand; } - public static AvailabilityRequirement fromString(String text) { + public static AvailabilityRequirement fromChar(char c) { for (AvailabilityRequirement ar : AvailabilityRequirement.values()) { - if (ar.shorthand.equals(text)) { + if (ar.shorthand==c) { return ar; } } @@ -361,23 +361,23 @@ public static AvailabilityRequirement fromString(String text) { } public enum ModifiedAttackVector { - NOT_DEFINED(0.0, "X"), - NETWORK(0.85, "N"), - ADJACENT(0.62, "A"), - LOCAL(0.55, "L"), - PHYSICAL(0.2, "P"); + NOT_DEFINED(0.0, 'X'), + NETWORK(0.85, 'N'), + ADJACENT(0.62, 'A'), + LOCAL(0.55, 'L'), + PHYSICAL(0.2, 'P'); protected final double weight; - protected final String shorthand; + protected final char shorthand; - ModifiedAttackVector(double weight, String shorthand) { + ModifiedAttackVector(double weight, char shorthand) { this.weight = weight; this.shorthand = shorthand; } - public static ModifiedAttackVector fromString(String text) { + public static ModifiedAttackVector fromChar(char c) { for (ModifiedAttackVector e : ModifiedAttackVector.values()) { - if (e.shorthand.equals(text)) { + if (e.shorthand==c) { return e; } } @@ -386,21 +386,21 @@ public static ModifiedAttackVector fromString(String text) { } public enum ModifiedAttackComplexity { - NOT_DEFINED(0.0, "X"), - LOW(0.77, "L"), - HIGH(0.44, "H"); + NOT_DEFINED(0.0, 'X'), + LOW(0.77, 'L'), + HIGH(0.44, 'H'); protected final double weight; - protected final String shorthand; + protected final char shorthand; - ModifiedAttackComplexity(double weight, String shorthand) { + ModifiedAttackComplexity(double weight, char shorthand) { this.weight = weight; this.shorthand = shorthand; } - public static ModifiedAttackComplexity fromString(String text) { + public static ModifiedAttackComplexity fromChar(char c) { for (ModifiedAttackComplexity e : ModifiedAttackComplexity.values()) { - if (e.shorthand.equals(text)) { + if (e.shorthand==c) { return e; } } @@ -409,24 +409,24 @@ public static ModifiedAttackComplexity fromString(String text) { } public enum ModifiedPrivilegesRequired { - NOT_DEFINED(0.0, 0.0, "X"), - NONE(0.85, 0.85, "N"), - LOW(0.62, 0.68, "L"), - HIGH(0.27, 0.5, "H"); + NOT_DEFINED(0.0, 0.0, 'X'), + NONE(0.85, 0.85, 'N'), + LOW(0.62, 0.68, 'L'), + HIGH(0.27, 0.5, 'H'); protected final double weight; protected final double scopeChangedWeight; - protected final String shorthand; + protected final char shorthand; - ModifiedPrivilegesRequired(double weight, double scopeChangedWeight, String shorthand) { + ModifiedPrivilegesRequired(double weight, double scopeChangedWeight, char shorthand) { this.weight = weight; this.scopeChangedWeight = scopeChangedWeight; this.shorthand = shorthand; } - public static ModifiedPrivilegesRequired fromString(String text) { + public static ModifiedPrivilegesRequired fromChar(char c) { for (ModifiedPrivilegesRequired e : ModifiedPrivilegesRequired.values()) { - if (e.shorthand.equals(text)) { + if (e.shorthand==c) { return e; } } @@ -435,21 +435,21 @@ public static ModifiedPrivilegesRequired fromString(String text) { } public enum ModifiedUserInteraction { - NOT_DEFINED(0.0, "X"), - NONE(0.85, "N"), - REQUIRED(0.62, "R"); + NOT_DEFINED(0.0, 'X'), + NONE(0.85, 'N'), + REQUIRED(0.62, 'R'); protected final double weight; - protected final String shorthand; + protected final char shorthand; - ModifiedUserInteraction(double weight, String shorthand) { + ModifiedUserInteraction(double weight, char shorthand) { this.weight = weight; this.shorthand = shorthand; } - public static ModifiedUserInteraction fromString(String text) { + public static ModifiedUserInteraction fromChar(char c) { for (ModifiedUserInteraction e : ModifiedUserInteraction.values()) { - if (e.shorthand.equals(text)) { + if (e.shorthand==c) { return e; } } @@ -458,21 +458,21 @@ public static ModifiedUserInteraction fromString(String text) { } public enum ModifiedScope { - NOT_DEFINED(0.0, "X"), - UNCHANGED(6.42, "U"), - CHANGED(7.52, "C"); + NOT_DEFINED(0.0, 'X'), + UNCHANGED(6.42, 'U'), + CHANGED(7.52, 'C'); protected final double weight; - protected final String shorthand; + protected final char shorthand; - ModifiedScope(double weight, String shorthand) { + ModifiedScope(double weight, char shorthand) { this.weight = weight; this.shorthand = shorthand; } - public static ModifiedScope fromString(String text) { + public static ModifiedScope fromChar(char c) { for (ModifiedScope e : ModifiedScope.values()) { - if (e.shorthand.equals(text)) { + if (e.shorthand==c) { return e; } } @@ -481,22 +481,22 @@ public static ModifiedScope fromString(String text) { } public enum ModifiedCIA { - NOT_DEFINED(0.0, "X"), - NONE(0.0, "N"), - LOW(0.22, "L"), - HIGH(0.56, "H"); + NOT_DEFINED(0.0, 'X'), + NONE(0.0, 'N'), + LOW(0.22, 'L'), + HIGH(0.56, 'H'); protected final double weight; - protected final String shorthand; + protected final char shorthand; - ModifiedCIA(double weight, String shorthand) { + ModifiedCIA(double weight, char shorthand) { this.weight = weight; this.shorthand = shorthand; } - public static ModifiedCIA fromString(String text) { + public static ModifiedCIA fromChar(char c) { for (ModifiedCIA e : ModifiedCIA.values()) { - if (e.shorthand.equals(text)) { + if (e.shorthand==c) { return e; } } From 02f5157d7d33db371c0748f15f4b34e08446044c Mon Sep 17 00:00:00 2001 From: "ander.ruiz" Date: Mon, 26 Jun 2023 10:08:41 +0200 Subject: [PATCH 07/11] Include additional tests --- .../java/us/springett/cvss/CvssV3_1Test.java | 48 ++++++++++++++++++- 1 file changed, 46 insertions(+), 2 deletions(-) diff --git a/src/test/java/us/springett/cvss/CvssV3_1Test.java b/src/test/java/us/springett/cvss/CvssV3_1Test.java index 9e80963..1c92e00 100644 --- a/src/test/java/us/springett/cvss/CvssV3_1Test.java +++ b/src/test/java/us/springett/cvss/CvssV3_1Test.java @@ -1020,18 +1020,62 @@ public void testRegexPattern() { String cvss3Vector = "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"; Cvss cvssV3 = Cvss.fromVector(cvss3Vector); Assert.assertNotNull(cvssV3); + CvssV3 v3 = (CvssV3)cvssV3; + Assert.assertEquals(CvssV3.AttackVector.NETWORK, v3.getAttackVector()); + Assert.assertEquals(CvssV3.AttackComplexity.LOW, v3.getAttackComplexity()); + Assert.assertEquals(CvssV3.PrivilegesRequired.HIGH, v3.getPrivilegesRequired()); + Assert.assertEquals(CvssV3.UserInteraction.NONE, v3.getUserInteraction()); + Assert.assertEquals(CvssV3.Scope.UNCHANGED, v3.getScope()); + Assert.assertEquals(CvssV3.CIA.HIGH, v3.getConfidentiality()); + Assert.assertEquals(CvssV3.CIA.HIGH, v3.getIntegrity()); + Assert.assertEquals(CvssV3.CIA.HIGH, v3.getAvailability()); assertEquals(cvss3Vector, cvssV3.getVector()); // With temporal vector elements - cvss3Vector = "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:C"; + cvss3Vector = "CVSS:3.0/AV:A/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:L/E:X/RL:X/RC:C"; cvssV3 = Cvss.fromVector(cvss3Vector); Assert.assertNotNull(cvssV3); + v3 = (CvssV3)cvssV3; + Assert.assertEquals(CvssV3.AttackVector.ADJACENT, v3.getAttackVector()); + Assert.assertEquals(CvssV3.AttackComplexity.HIGH, v3.getAttackComplexity()); + Assert.assertEquals(CvssV3.PrivilegesRequired.LOW, v3.getPrivilegesRequired()); + Assert.assertEquals(CvssV3.UserInteraction.REQUIRED, v3.getUserInteraction()); + Assert.assertEquals(CvssV3.Scope.CHANGED, v3.getScope()); + Assert.assertEquals(CvssV3.CIA.LOW, v3.getConfidentiality()); + Assert.assertEquals(CvssV3.CIA.HIGH, v3.getIntegrity()); + Assert.assertEquals(CvssV3.CIA.LOW, v3.getAvailability()); + Assert.assertEquals(CvssV3.Exploitability.NOT_DEFINED, v3.getExploitability()); + Assert.assertEquals(CvssV3.RemediationLevel.NOT_DEFINED, v3.getRemediationLevel()); + Assert.assertEquals(CvssV3.ReportConfidence.CONFIRMED, v3.getReportConfidence()); assertEquals(cvss3Vector, cvssV3.getVector()); // With environmental vector elements - cvss3Vector = "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:C/CR:L/IR:M/AR:L/MAV:P/MAC:H/MPR:N/MUI:R/MS:U/MC:L/MI:L/MA:L"; + cvss3Vector = "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:T/RC:R/CR:L/IR:M/AR:L/MAV:P/MAC:H/MPR:N/MUI:R/MS:U/MC:L/MI:L/MA:L"; cvssV3 = Cvss.fromVector(cvss3Vector); Assert.assertNotNull(cvssV3); + CvssV3_1 v3_1 = (CvssV3_1)cvssV3; + Assert.assertEquals(CvssV3.AttackVector.NETWORK, v3_1.getAttackVector()); + Assert.assertEquals(CvssV3.AttackComplexity.LOW, v3_1.getAttackComplexity()); + Assert.assertEquals(CvssV3.PrivilegesRequired.HIGH, v3_1.getPrivilegesRequired()); + Assert.assertEquals(CvssV3.UserInteraction.NONE, v3_1.getUserInteraction()); + Assert.assertEquals(CvssV3.Scope.UNCHANGED, v3_1.getScope()); + Assert.assertEquals(CvssV3.CIA.HIGH, v3_1.getConfidentiality()); + Assert.assertEquals(CvssV3.CIA.HIGH, v3_1.getIntegrity()); + Assert.assertEquals(CvssV3.CIA.HIGH, v3_1.getAvailability()); + Assert.assertEquals(CvssV3.Exploitability.UNPROVEN, v3_1.getExploitability()); + Assert.assertEquals(CvssV3.RemediationLevel.TEMPORARY, v3_1.getRemediationLevel()); + Assert.assertEquals(CvssV3.ReportConfidence.REASONABLE, v3_1.getReportConfidence()); + Assert.assertEquals(CvssV3_1.ConfidentialityRequirement.LOW, v3_1.getConfidentialityRequirement()); + Assert.assertEquals(CvssV3_1.IntegrityRequirement.MEDIUM, v3_1.getIntegrityRequirement()); + Assert.assertEquals(CvssV3_1.AvailabilityRequirement.LOW, v3_1.getAvailabilityRequirement()); + Assert.assertEquals(CvssV3_1.ModifiedAttackVector.PHYSICAL, v3_1.getModifiedAttackVector()); + Assert.assertEquals(CvssV3_1.ModifiedAttackComplexity.HIGH, v3_1.getModifiedAttackComplexity()); + Assert.assertEquals(CvssV3_1.ModifiedPrivilegesRequired.NONE, v3_1.getModifiedPrivilegesRequired()); + Assert.assertEquals(CvssV3_1.ModifiedUserInteraction.REQUIRED, v3_1.getModifiedUserInteraction()); + Assert.assertEquals(CvssV3_1.ModifiedScope.UNCHANGED, v3_1.getModifiedScope()); + Assert.assertEquals(CvssV3_1.ModifiedCIA.LOW, v3_1.getModifiedConfidentialityImpact()); + Assert.assertEquals(CvssV3_1.ModifiedCIA.LOW, v3_1.getModifiedIntegrityImpact()); + Assert.assertEquals(CvssV3_1.ModifiedCIA.LOW, v3_1.getModifiedAvailabilityImpact()); assertEquals(cvss3Vector, cvssV3.getVector()); } } From 0eefbe6d99816a52b1381f13eced877310788af2 Mon Sep 17 00:00:00 2001 From: "ander.ruiz" Date: Mon, 26 Jun 2023 10:08:41 +0200 Subject: [PATCH 08/11] Include additional tests --- .../java/us/springett/cvss/CvssV3_1Test.java | 48 ++++++++++++++++++- 1 file changed, 46 insertions(+), 2 deletions(-) diff --git a/src/test/java/us/springett/cvss/CvssV3_1Test.java b/src/test/java/us/springett/cvss/CvssV3_1Test.java index 9e80963..1c92e00 100644 --- a/src/test/java/us/springett/cvss/CvssV3_1Test.java +++ b/src/test/java/us/springett/cvss/CvssV3_1Test.java @@ -1020,18 +1020,62 @@ public void testRegexPattern() { String cvss3Vector = "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"; Cvss cvssV3 = Cvss.fromVector(cvss3Vector); Assert.assertNotNull(cvssV3); + CvssV3 v3 = (CvssV3)cvssV3; + Assert.assertEquals(CvssV3.AttackVector.NETWORK, v3.getAttackVector()); + Assert.assertEquals(CvssV3.AttackComplexity.LOW, v3.getAttackComplexity()); + Assert.assertEquals(CvssV3.PrivilegesRequired.HIGH, v3.getPrivilegesRequired()); + Assert.assertEquals(CvssV3.UserInteraction.NONE, v3.getUserInteraction()); + Assert.assertEquals(CvssV3.Scope.UNCHANGED, v3.getScope()); + Assert.assertEquals(CvssV3.CIA.HIGH, v3.getConfidentiality()); + Assert.assertEquals(CvssV3.CIA.HIGH, v3.getIntegrity()); + Assert.assertEquals(CvssV3.CIA.HIGH, v3.getAvailability()); assertEquals(cvss3Vector, cvssV3.getVector()); // With temporal vector elements - cvss3Vector = "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:C"; + cvss3Vector = "CVSS:3.0/AV:A/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:L/E:X/RL:X/RC:C"; cvssV3 = Cvss.fromVector(cvss3Vector); Assert.assertNotNull(cvssV3); + v3 = (CvssV3)cvssV3; + Assert.assertEquals(CvssV3.AttackVector.ADJACENT, v3.getAttackVector()); + Assert.assertEquals(CvssV3.AttackComplexity.HIGH, v3.getAttackComplexity()); + Assert.assertEquals(CvssV3.PrivilegesRequired.LOW, v3.getPrivilegesRequired()); + Assert.assertEquals(CvssV3.UserInteraction.REQUIRED, v3.getUserInteraction()); + Assert.assertEquals(CvssV3.Scope.CHANGED, v3.getScope()); + Assert.assertEquals(CvssV3.CIA.LOW, v3.getConfidentiality()); + Assert.assertEquals(CvssV3.CIA.HIGH, v3.getIntegrity()); + Assert.assertEquals(CvssV3.CIA.LOW, v3.getAvailability()); + Assert.assertEquals(CvssV3.Exploitability.NOT_DEFINED, v3.getExploitability()); + Assert.assertEquals(CvssV3.RemediationLevel.NOT_DEFINED, v3.getRemediationLevel()); + Assert.assertEquals(CvssV3.ReportConfidence.CONFIRMED, v3.getReportConfidence()); assertEquals(cvss3Vector, cvssV3.getVector()); // With environmental vector elements - cvss3Vector = "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:C/CR:L/IR:M/AR:L/MAV:P/MAC:H/MPR:N/MUI:R/MS:U/MC:L/MI:L/MA:L"; + cvss3Vector = "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:T/RC:R/CR:L/IR:M/AR:L/MAV:P/MAC:H/MPR:N/MUI:R/MS:U/MC:L/MI:L/MA:L"; cvssV3 = Cvss.fromVector(cvss3Vector); Assert.assertNotNull(cvssV3); + CvssV3_1 v3_1 = (CvssV3_1)cvssV3; + Assert.assertEquals(CvssV3.AttackVector.NETWORK, v3_1.getAttackVector()); + Assert.assertEquals(CvssV3.AttackComplexity.LOW, v3_1.getAttackComplexity()); + Assert.assertEquals(CvssV3.PrivilegesRequired.HIGH, v3_1.getPrivilegesRequired()); + Assert.assertEquals(CvssV3.UserInteraction.NONE, v3_1.getUserInteraction()); + Assert.assertEquals(CvssV3.Scope.UNCHANGED, v3_1.getScope()); + Assert.assertEquals(CvssV3.CIA.HIGH, v3_1.getConfidentiality()); + Assert.assertEquals(CvssV3.CIA.HIGH, v3_1.getIntegrity()); + Assert.assertEquals(CvssV3.CIA.HIGH, v3_1.getAvailability()); + Assert.assertEquals(CvssV3.Exploitability.UNPROVEN, v3_1.getExploitability()); + Assert.assertEquals(CvssV3.RemediationLevel.TEMPORARY, v3_1.getRemediationLevel()); + Assert.assertEquals(CvssV3.ReportConfidence.REASONABLE, v3_1.getReportConfidence()); + Assert.assertEquals(CvssV3_1.ConfidentialityRequirement.LOW, v3_1.getConfidentialityRequirement()); + Assert.assertEquals(CvssV3_1.IntegrityRequirement.MEDIUM, v3_1.getIntegrityRequirement()); + Assert.assertEquals(CvssV3_1.AvailabilityRequirement.LOW, v3_1.getAvailabilityRequirement()); + Assert.assertEquals(CvssV3_1.ModifiedAttackVector.PHYSICAL, v3_1.getModifiedAttackVector()); + Assert.assertEquals(CvssV3_1.ModifiedAttackComplexity.HIGH, v3_1.getModifiedAttackComplexity()); + Assert.assertEquals(CvssV3_1.ModifiedPrivilegesRequired.NONE, v3_1.getModifiedPrivilegesRequired()); + Assert.assertEquals(CvssV3_1.ModifiedUserInteraction.REQUIRED, v3_1.getModifiedUserInteraction()); + Assert.assertEquals(CvssV3_1.ModifiedScope.UNCHANGED, v3_1.getModifiedScope()); + Assert.assertEquals(CvssV3_1.ModifiedCIA.LOW, v3_1.getModifiedConfidentialityImpact()); + Assert.assertEquals(CvssV3_1.ModifiedCIA.LOW, v3_1.getModifiedIntegrityImpact()); + Assert.assertEquals(CvssV3_1.ModifiedCIA.LOW, v3_1.getModifiedAvailabilityImpact()); assertEquals(cvss3Vector, cvssV3.getVector()); } } From 7f197e1a086d76c828d0307fe91c04f36974bd76 Mon Sep 17 00:00:00 2001 From: Steve Springett Date: Fri, 28 Jul 2023 17:56:09 -0500 Subject: [PATCH 09/11] bump --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 3cad537..a396338 100644 --- a/README.md +++ b/README.md @@ -44,7 +44,7 @@ CVSS Calculator is available in the Maven Central Repository. us.springett cvss-calculator - 1.4.1 + 1.4.2 ``` From 0622d8a61ce83cce8e5de554ed74de1d7a9b2323 Mon Sep 17 00:00:00 2001 From: Steve Springett Date: Fri, 28 Jul 2023 17:57:10 -0500 Subject: [PATCH 10/11] [maven-release-plugin] prepare release cvss-calculator-1.4.2 --- pom.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pom.xml b/pom.xml index 872d7ac..b98f44c 100644 --- a/pom.xml +++ b/pom.xml @@ -4,7 +4,7 @@ us.springett cvss-calculator - 1.4.2-SNAPSHOT + 1.4.2 jar CVSS Calculator @@ -47,7 +47,7 @@ scm:git:git@github.com:stevespringett/cvss-calculator.git https://github.com/stevespringett/cvss-calculator.git scm:git:git@github.com:stevespringett/cvss-calculator.git - cvss-calculator-1.1.0 + cvss-calculator-1.4.2 From 6119fe2e9c4a1ffd096b2680b73409c7e0a90108 Mon Sep 17 00:00:00 2001 From: Steve Springett Date: Fri, 28 Jul 2023 17:57:12 -0500 Subject: [PATCH 11/11] [maven-release-plugin] prepare for next development iteration --- pom.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pom.xml b/pom.xml index b98f44c..441d518 100644 --- a/pom.xml +++ b/pom.xml @@ -4,7 +4,7 @@ us.springett cvss-calculator - 1.4.2 + 1.4.3-SNAPSHOT jar CVSS Calculator @@ -47,7 +47,7 @@ scm:git:git@github.com:stevespringett/cvss-calculator.git https://github.com/stevespringett/cvss-calculator.git scm:git:git@github.com:stevespringett/cvss-calculator.git - cvss-calculator-1.4.2 + cvss-calculator-1.1.0