go.mondoo.com/cnquery@v0.0.0-20231005093811-59568235f6ea/providers-sdk/v1/upstream/mvd/cvss/cvss_test.go (about) 1 // Copyright (c) Mondoo, Inc. 2 // SPDX-License-Identifier: BUSL-1.1 3 4 package cvss 5 6 import ( 7 "testing" 8 9 "github.com/stretchr/testify/assert" 10 ) 11 12 func TestCvss2Parsing(t *testing.T) { 13 c, err := New("1.2/AV:L/AC:H/Au:N/C:N/I:N/A:P") 14 assert.Nil(t, err, "could parse the cvss vector") 15 assert.True(t, c.Verify(), "valid cvss vector") 16 17 assert.Equal(t, float32(1.2), c.Score, "score properly detected") 18 assert.Equal(t, "Low", c.Severity().String(), "severity properly extracted") 19 assert.Equal(t, "2.0", c.Version(), "vector format version") 20 21 metrics, err := c.Metrics() 22 assert.Nil(t, err, "metrics could be extracted") 23 24 assert.Equal(t, "L", metrics["AV"], "AV properly detected") 25 assert.Equal(t, "H", metrics["AC"], "AC properly detected") 26 assert.Equal(t, "N", metrics["AU"], "AU properly detected") 27 assert.Equal(t, "N", metrics["C"], "C properly detected") 28 assert.Equal(t, "N", metrics["I"], "I properly detected") 29 assert.Equal(t, "P", metrics["A"], "A properly detected") 30 } 31 32 func TestCvss2Parsing2(t *testing.T) { 33 c, err := New("7.5/AV:N/AC:L/Au:N/C:P/I:P/A:P") 34 assert.Nil(t, err, "could parse the cvss vector") 35 assert.True(t, c.Verify(), "valid cvss vector") 36 assert.Equal(t, "2.0", c.Version(), "vector format version") 37 38 assert.Equal(t, float32(7.5), c.Score, "score properly detected") 39 assert.Equal(t, "High", c.Severity().String(), "severity properly extracted") 40 } 41 42 func TestCvss2Parsing3(t *testing.T) { 43 c, err := New("7.5/AV:N/AC:L/Au:N/C:P/I:P/A:P") 44 assert.Nil(t, err, "could parse the cvss vector") 45 assert.True(t, c.Verify(), "valid cvss vector") 46 assert.Equal(t, "2.0", c.Version(), "vector format version") 47 48 assert.Equal(t, float32(7.5), c.Score, "score properly detected") 49 assert.Equal(t, "High", c.Severity().String(), "severity properly extracted") 50 } 51 52 func TestCvss30Parsing(t *testing.T) { 53 c, err := New("8.8/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H") 54 assert.Nil(t, err, "could parse the cvss vector") 55 assert.True(t, c.Verify(), "valid cvss vector") 56 57 assert.Equal(t, float32(8.8), c.Score, "score properly detected") 58 assert.Equal(t, "High", c.Severity().String(), "severity properly extracted") 59 assert.Equal(t, "3.0", c.Version(), "vector format version") 60 61 metrics, err := c.Metrics() 62 assert.Nil(t, err, "metrics could be extracted") 63 64 assert.Equal(t, "N", metrics["AV"], "AV properly detected") 65 assert.Equal(t, "L", metrics["AC"], "AC properly detected") 66 assert.Equal(t, "N", metrics["PR"], "PR properly detected") 67 assert.Equal(t, "R", metrics["UI"], "UI properly detected") 68 assert.Equal(t, "U", metrics["S"], "S properly detected") 69 assert.Equal(t, "H", metrics["C"], "C properly detected") 70 assert.Equal(t, "H", metrics["I"], "I properly detected") 71 assert.Equal(t, "H", metrics["A"], "A properly detected") 72 } 73 74 func TestCvss30Parsing2(t *testing.T) { 75 c, err := New("8.1/CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N") 76 assert.Nil(t, err, "could parse the cvss vector") 77 assert.True(t, c.Verify(), "valid cvss vector") 78 79 assert.Equal(t, float32(8.1), c.Score, "score properly detected") 80 assert.Equal(t, "High", c.Severity().String(), "severity properly extracted") 81 assert.Equal(t, "3.0", c.Version(), "vector format version") 82 83 metrics, err := c.Metrics() 84 assert.Nil(t, err, "metrics could be extracted") 85 86 assert.Equal(t, "A", metrics["AV"], "AV properly detected") 87 assert.Equal(t, "L", metrics["AC"], "AC properly detected") 88 assert.Equal(t, "N", metrics["PR"], "PR properly detected") 89 assert.Equal(t, "N", metrics["UI"], "UI properly detected") 90 assert.Equal(t, "U", metrics["S"], "S properly detected") 91 assert.Equal(t, "H", metrics["C"], "C properly detected") 92 assert.Equal(t, "H", metrics["I"], "I properly detected") 93 assert.Equal(t, "N", metrics["A"], "A properly detected") 94 } 95 96 func TestCvss30Parsing3(t *testing.T) { 97 c, err := New("9.8/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H") 98 assert.Nil(t, err, "could parse the cvss vector") 99 assert.True(t, c.Verify(), "valid cvss vector") 100 assert.Equal(t, "3.0", c.Version(), "vector format version") 101 102 assert.Equal(t, float32(9.8), c.Score, "score properly detected") 103 assert.Equal(t, "Critical", c.Severity().String(), "severity properly extracted") 104 } 105 106 func TestCvss31Parsing1(t *testing.T) { 107 c, err := New("7.5/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H") 108 assert.Nil(t, err, "could parse the cvss vector") 109 assert.True(t, c.Verify(), "valid cvss vector") 110 assert.Equal(t, "3.1", c.Version(), "vector format version") 111 112 assert.Equal(t, float32(7.5), c.Score, "score properly detected") 113 assert.Equal(t, "High", c.Severity().String(), "severity properly extracted") 114 } 115 116 func TestCvss3Comparison(t *testing.T) { 117 c, err := New("9.8/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H") 118 assert.Nil(t, err, "could parse the cvss vector") 119 d, err := New("2.8/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H") 120 assert.Nil(t, err, "could parse the cvss vector") 121 122 assert.Equal(t, 1, c.Compare(d), "c > d") 123 assert.Equal(t, -1, d.Compare(c), "d > c") 124 assert.Equal(t, 0, c.Compare(c), "c == c") 125 } 126 127 func TestCvss3ParseEmpty(t *testing.T) { 128 c, err := New("") 129 assert.NotNil(t, err, "could not parse the cvss vector") 130 assert.Nil(t, c, "no object returned") 131 } 132 133 func TestCvssNone(t *testing.T) { 134 c, err := New("0.0/CVSS:3.0") 135 assert.Nil(t, err, "could parse the cvss vector") 136 assert.Equal(t, float32(0.0), c.Score, "score properly detected") 137 assert.Equal(t, "None", c.Severity().String(), "severity properly extracted") 138 assert.Equal(t, "3.0", c.Version(), "vector format version") 139 } 140 141 func TestCvssVector(t *testing.T) { 142 b, err := New("5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N") 143 assert.Nil(t, err, "could parse the cvss vector") 144 145 assert.Equal(t, float32(5.8), b.Score, "score properly detected") 146 assert.Equal(t, "Medium", b.Severity().String(), "severity properly extracted") 147 } 148 149 func TestCvssVectorWithTrailingSlash(t *testing.T) { 150 b, err := New("4.3/AV:N/AC:M/Au:N/C:P/I:N/A:N/") 151 assert.Nil(t, err, "could parse the cvss vector") 152 153 assert.Equal(t, float32(4.3), b.Score, "score properly detected") 154 assert.Equal(t, "Medium", b.Severity().String(), "severity properly extracted") 155 } 156 157 func TestCvssVectorWithTrailingSpace(t *testing.T) { 158 b, err := New("6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P ") 159 assert.Nil(t, err, "could parse the cvss vector") 160 161 assert.Equal(t, float32(6.8), b.Score, "score properly detected") 162 assert.Equal(t, "Medium", b.Severity().String(), "severity properly extracted") 163 } 164 165 func TestMaxCvss(t *testing.T) { 166 b, err := New("1.2/AV:L/AC:H/Au:N/C:N/I:N/A:P") 167 assert.Nil(t, err, "could parse the cvss vector") 168 c, err := New("9.8/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H") 169 assert.Nil(t, err, "could parse the cvss vector") 170 d, err := New("2.8/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H") 171 assert.Nil(t, err, "could parse the cvss vector") 172 173 max, err := MaxScore([]*Cvss{b, c, d}) 174 assert.Nil(t, err, "could determine max cvss vector") 175 176 assert.Equal(t, float32(9.8), max.Score, "score properly detected") 177 assert.Equal(t, "Critical", max.Severity().String(), "severity properly extracted") 178 } 179 180 func TestMaxCvss2(t *testing.T) { 181 list := []*Cvss{ 182 &Cvss{ 183 Vector: "7.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", 184 Source: "cve://nvd/2017", 185 Score: 7.5, 186 }, 187 &Cvss{ 188 Vector: "7.7/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", 189 Source: "cve://nvd/2017", 190 Score: 7.7, 191 }, 192 &Cvss{ 193 Vector: "6.5/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", 194 Source: "cve://nvd/2017", 195 Score: 6.5, 196 }, 197 &Cvss{ 198 Vector: "4.9/CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", 199 Source: "cve://nvd/2017", 200 Score: 4.9, 201 }, 202 &Cvss{ 203 Vector: "4.3/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", 204 Source: "cve://nvd/2017", 205 Score: 4.3, 206 }, 207 &Cvss{ 208 Vector: "6.6/CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", 209 Source: "cve://nvd/2017", 210 Score: 6.6, 211 }, 212 &Cvss{ 213 Vector: "5.3/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", 214 Source: "cve://nvd/2017", 215 Score: 5.3, 216 }, 217 &Cvss{ 218 Vector: "7.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", 219 Source: "cve://nvd/2017", 220 Score: 7.5, 221 }, 222 } 223 224 max, err := MaxScore(list) 225 assert.Nil(t, err, "could determine max cvss vector") 226 assert.Equal(t, float32(7.7), max.Score, "score properly detected") 227 assert.Equal(t, "High", max.Severity().String(), "severity properly extracted") 228 }