UNPKG

@neuralegion/cvss

Version:

The Common Vulnerability Scoring System ([CVSS](https://www.first.org/cvss/)) [score](https://www.first.org/cvss/specification-document#1-2-Scoring) calculator and validator library written in [TypeScript](https://www.typescriptlang.org/).

github.com/NeuraLegion/cvss

NeuraLegion/cvss

125 lines (124 loc) 5.27 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
import { createCvssCalculator } from './factory'; import { validate as validateV2 } from './versions/v2/validator'; import { validate as validateV3 } from './versions/v3/validator'; import { parseMetricsAsMap as parseMetricsAsMapString } from './parser'; import { parseVersion } from './parser'; export const validate = (cvssString) => { if (!cvssString || !cvssString.startsWith('CVSS:')) { throw new Error('CVSS vector must start with "CVSS:"'); } const versionStr = parseVersion(cvssString); const validateString = versionStr === '2.0' ? validateV2 : validateV3; validateString(cvssString); }; function calculateCvss(cvssString) { const version = parseVersion(cvssString); if (!version) { throw new Error('Invalid CVSS string: unable to detect version'); } validate(cvssString); return createCvssCalculator(version).calculate(cvssString); } /** * Calculate the base score for a CVSS string * @param cvssString - The CVSS vector string * @returns The base score (0-10) */ export const calculateBaseScore = (cvssString) => calculateCvss(cvssString).baseScore; /** * Calculate the temporal score for a CVSS string * @param cvssString - The CVSS vector string * @returns The temporal score (0-10) */ export const calculateTemporalScore = (cvssString) => { var _a; const res = calculateCvss(cvssString); return (_a = res.temporalScore) !== null && _a !== void 0 ? _a : res.baseScore; }; /** * Calculate the environmental score for a CVSS string * @param cvssString - The CVSS vector string * @returns The environmental score (0-10) */ export const calculateEnvironmentalScore = (cvssString) => { var _a, _b; const res = calculateCvss(cvssString); return (_b = (_a = res.environmentalScore) !== null && _a !== void 0 ? _a : res.temporalScore) !== null && _b !== void 0 ? _b : res.baseScore; }; /** * Calculate base score with impact and exploitability * @param cvssString - The CVSS vector string * @returns Score result with impact and exploitability */ export const calculateBaseResult = (cvssString) => { const res = calculateCvss(cvssString); return { score: res.baseScore, impact: res.baseImpact, exploitability: res.baseExploitability, metricsMap: res.metrics }; }; /** * Calculate temporal score with impact and exploitability * @param cvssString - The CVSS vector string * @returns Score result with impact and exploitability */ export const calculateTemporalResult = (cvssString) => { var _a; const res = calculateCvss(cvssString); return { score: (_a = res.temporalScore) !== null && _a !== void 0 ? _a : res.baseScore, impact: res.baseImpact, exploitability: res.baseExploitability, metricsMap: res.metrics }; }; /** * Calculate environmental score with impact and exploitability * @param cvssString - The CVSS vector string * @returns Score result with impact and exploitability */ export const calculateEnvironmentalResult = (cvssString) => { var _a, _b, _c, _d; const res = calculateCvss(cvssString); return { score: (_b = (_a = res.environmentalScore) !== null && _a !== void 0 ? _a : res.temporalScore) !== null && _b !== void 0 ? _b : res.baseScore, impact: res.version === '2.0' ? res.baseImpact : (_c = res.modifiedImpact) !== null && _c !== void 0 ? _c : res.baseImpact, exploitability: res.version === '2.0' ? res.baseExploitability : (_d = res.modifiedExploitability) !== null && _d !== void 0 ? _d : res.baseExploitability, metricsMap: res.metrics }; }; export const parseMetricsAsMap = (cvssStr) => parseMetricsAsMapString(cvssStr); export const validateVersion = (versionStr) => { if (!versionStr) { throw new Error('Invalid CVSS string. Example: CVSS:3.0/AV:A/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L'); } if (versionStr !== '2.0' && versionStr !== '3.0' && versionStr !== '3.1') { throw new Error(`Unsupported CVSS version: ${versionStr}. Only 2.0, 3.0 and 3.1 are supported.`); } }; /** * Stringify a score into a qualitative severity rating string * @param score */ export const humanizeScore = (score) => score <= 0 ? 'None' : score <= 3.9 ? 'Low' : score <= 6.9 ? 'Medium' : score <= 8.9 ? 'High' : 'Critical'; // ============================================================================ // Re-exports for backward compatibility // ============================================================================ export { calculateIss, calculateMiss, calculateExploitability, calculateModifiedExploitability, calculateImpact, calculateModifiedImpact, modifiedMetricsMap, populateTemporalMetricDefaults, populateEnvironmentalMetricDefaults, roundUp } from './versions/v3/calculator'; export { humanizeBaseMetric, humanizeBaseMetricValue } from './versions/v3/humanizer'; export { BaseMetric, TemporalMetric, EnvironmentalMetric, baseMetrics, temporalMetrics, environmentalMetrics, baseMetricValues, temporalMetricValues, environmentalMetricValues } from './versions/v3/models'; export { parseVector, parseVersion, parseMetrics } from './parser';