UNPKG

@neuralegion/cvss

Version:

The Common Vulnerability Scoring System ([CVSS](https://www.first.org/cvss/)) [score](https://www.first.org/cvss/specification-document#1-2-Scoring) calculator and validator library written in [TypeScript](https://www.typescriptlang.org/).

github.com/NeuraLegion/cvss

NeuraLegion/cvss

70 lines (69 loc) 2.92 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
import { parseMetricsAsMap, parseVector, parseVersion } from '../parser'; const validateVector = (vectorStr) => { if (!vectorStr || vectorStr.includes('//')) { throw new Error('Invalid CVSS string'); } }; const checkUnknownMetrics = (metricsMap, knownMetrics) => { [...metricsMap.keys()].forEach((userMetric) => { if (!knownMetrics.includes(userMetric)) { throw new Error(`Unknown CVSS metric "${userMetric}". Allowed metrics: ${knownMetrics.join(', ')}`); } }); }; const checkMandatoryMetrics = (metricsMap, metrics, humanizer) => { metrics.forEach((metric) => { if (!metricsMap.has(metric)) { const metricName = humanizer ? humanizer.humanizeMetric(metric) : metric; throw new Error(`Missing mandatory CVSS metric ${metricName}`); } }); }; const checkMetricsValues = (metricsMap, metrics, metricsValues, humanizer) => { metrics.forEach((metric) => { const userValue = metricsMap.get(metric); if (!userValue) { return; } if (!metricsValues[metric].includes(userValue)) { let errorMsg = ''; if (humanizer) { const allowedValuesHumanized = metricsValues[metric] .map((value) => `${value} (${humanizer.humanizeMetricValue(value, metric)})`) .join(', '); errorMsg = `Invalid value for CVSS metric ${metric} (${humanizer.humanizeMetric(metric)})${userValue ? `: ${userValue}` : ''}. Allowed values: ${allowedValuesHumanized}`; } else { const allowedValues = metricsValues[metric].join(', '); errorMsg = `Invalid value for CVSS metric ${metric}: ${userValue}. Allowed values: ${allowedValues}`; } throw new Error(errorMsg); } }); }; export const validateByKnownMaps = (cvssStr, validateVersion, metrics, knownMetricsValues, humanizer) => { if (!cvssStr || !cvssStr.startsWith('CVSS:')) { throw new Error('CVSS vector must start with "CVSS:"'); } const versionStr = parseVersion(cvssStr); validateVersion(versionStr); const vectorStr = parseVector(cvssStr); validateVector(vectorStr); const allMetrics = [ ...metrics.base, ...metrics.temporal, ...metrics.environmental ]; const metricsMap = parseMetricsAsMap(cvssStr); checkMandatoryMetrics(metricsMap, metrics.base, humanizer); checkUnknownMetrics(metricsMap, allMetrics); checkMetricsValues(metricsMap, allMetrics, knownMetricsValues, humanizer); const isTemporal = [...metricsMap.keys()].some((metric) => metrics.temporal.includes(metric)); const isEnvironmental = [...metricsMap.keys()].some((metric) => metrics.environmental.includes(metric)); return { metricsMap, isTemporal, isEnvironmental, versionStr }; };