@turingpointde/cvss.js/dist/production.min.js

A tiny library to work with cvss vectors

var CVSS;(()=>{var e={10:(e,n,r)=>{const a=r(803);e.exports=a},803:(e,n,r)=>{const a=r(502),i=r(14);e.exports=function(e){function n(){return a.getVersion(e)}function r(){return i.getScore(e)}function t(){return i.getTemporalScore(e)}function c(){return i.getEnvironmentalScore(e)}var o;if(o=e,e=a.parseVectorObjectToString(o),"Error"===n())throw new Error("The vector version is not valid");const b=a.isVectorValid(e);if(!b)throw new Error("The vector format is not valid!");return{vector:e,getScore:r,getTemporalScore:t,getEnvironmentalScore:c,getRating:function(){return a.getRating(r())},getTemporalRating:function(){return a.getRating(t())},getEnvironmentalRating:function(){return a.getRating(c())},getVectorObject:function(){return a.getVectorObject(e)},getDetailedVectorObject:function(){return a.getDetailedVectorObject(e)},getVersion:n,getCleanVectorString:function(){return a.getCleanVectorString(e)},updateVectorValue:function(n,r){return a.updateVectorValue(e,n,r)},isValid:b,getImpactSubScore:function(){return i.getImpactSubScore(e)},getExploitabilitySubScore:function(){return i.getExploitabilitySubScore(e)}}}},14:(e,n,r)=>{const a=r(502);function i(e){const n=a.getVectorObject(e),r="C"===n.S,i=t(n),m=c(i,r,e);if(m<=0)return 0;const u=o(n,r);return b(r?Math.min(1.08*(m+u),10):Math.min(m+u,10),1,e)}const t=function(e){return 1-(1-a.findMetricValue("C",e).numerical)*(1-a.findMetricValue("I",e).numerical)*(1-a.findMetricValue("A",e).numerical)},c=function(e,n,r){return n?"3.0"===a.getVersion(r)||"3.1"===a.getVersion(r)?7.52*(e-.029)-3.25*Math.pow(e-.02,15):void 0:6.42*e},o=function(e,n){const r=a.findMetricValue("AV",e).numerical,i=a.findMetricValue("AC",e).numerical,t=a.findMetricValue("PR",e).numerical,c=a.findMetricValue("UI",e).numerical;return 8.22*r*i*(n?t.changed:t.unchanged)*c};function b(e,n,r){return"3.0"===a.getVersion(r)?a.roundUpApprox(e,n):"3.1"===a.getVersion(r)?a.roundUpExact(e):void 0}e.exports={getScore:i,getTemporalScore:function(e){const n=a.getVectorObject(e),r=i(e),t=a.findMetricValue("E",n),c=t?t.numerical:1,o=a.findMetricValue("RL",n),m=o?o.numerical:1,u=a.findMetricValue("RC",n);return b(r*c*m*(u?u.numerical:1),1,e)},getEnvironmentalScore:function(e){const n=a.getVectorObject(e),r="X"===n.MS?"C"===n.S:"C"===n.MS,i=function(e){let n=a.findMetricValue("MC",e),r=a.findMetricValue("MI",e),i=a.findMetricValue("MA",e);const t=a.findMetricValue("CR",e).numerical,c=a.findMetricValue("IR",e).numerical,o=a.findMetricValue("AR",e).numerical;return n&&"X"!==n.abbr||(n=a.findMetricValue("C",e)),r&&"X"!==r.abbr||(r=a.findMetricValue("I",e)),i&&"X"!==i.abbr||(i=a.findMetricValue("A",e)),Math.min(1-(1-n.numerical*t)*(1-r.numerical*c)*(1-i.numerical*o),.915)}(n),t=function(e,n){let r=a.findMetricValue("MAV",e),i=a.findMetricValue("MAC",e),t=a.findMetricValue("MPR",e),c=a.findMetricValue("MUI",e);r&&"X"!==r.abbr||(r=a.findMetricValue("AV",e)),i&&"X"!==i.abbr||(i=a.findMetricValue("AC",e)),t&&"X"!==t.abbr||(t=a.findMetricValue("PR",e)),c&&"X"!==c.abbr||(c=a.findMetricValue("UI",e));const o=n?t.numerical.changed:t.numerical.unchanged;return 8.22*r.numerical*i.numerical*o*c.numerical}(n,r),c=function(e,n,r){return n?"3.0"===a.getVersion(r)?7.52*(e-.029)-3.25*Math.pow(e-.02,15):"3.1"===a.getVersion(r)?7.52*(e-.029)-3.25*Math.pow(.9731*e-.02,13):void 0:6.42*e}(i,r,e);if(c<=0)return 0;const o=a.findMetricValue("E",n),m=a.findMetricValue("RL",n),u=a.findMetricValue("RC",n),l=o?o.numerical:1,d=m?m.numerical:1,f=u?u.numerical:1;return b(r?b(Math.min(1.08*(c+t),10),1,e)*l*d*f:b(Math.min(c+t,10),1,e)*l*d*f,1,e)},getImpactSubScore:function(e){const n=a.getVectorObject(e),{S:r}=n,i=t(n);return Number(c(i,"C"===r,e).toFixed(1))},getExploitabilitySubScore:function(e){const n=a.getVectorObject(e),{S:r}=n;return Number(o(n,"C"===r).toFixed(1))}}},502:(e,n,r)=>{const a=r(888),i=function(e){return a.definitions.find((n=>n.abbr===e))};function t(e){const n=e.split("/"),r={};a.definitions.forEach((e=>r[e.abbr]="X"));for(const e of n){const n=e.split(":");r[n[0]]=n[1]}return r}function c(e){const n=e.split("/"),r=[];for(const e of n)"X"!==e.split(":")[1]&&r.push(e);return r.join("/")}function o(e){if("string"==typeof e)return e;let n=`CVSS:${e.CVSS}/`;for(const r of a.definitions){const a=r.abbr;Object.prototype.hasOwnProperty.call(e,a)&&(n+=`${a}:${e[a]}/`)}return n=n.slice(0,-1),n}e.exports={roundUpExact:function(e){const n=Math.round(1e5*e);return n%1e4==0?n/1e5:(Math.floor(n/1e4)+1)/10},roundUpApprox:function(e,n){return n=Math.pow(10,n),Math.ceil(e*n)/n},getVectorObject:t,getDetailedVectorObject:function(e){return e.split("/").reduce(((e,n,r)=>{const a=n.split(":"),t={...e.metrics};if(r){const n=i(a[0]),r={name:n.name,abbr:n.abbr,fullName:`${n.name} (${n.abbr})`,value:n.metrics.find((e=>e.abbr===a[1])).name,valueAbbr:a[1]};return Object.assign(e,{metrics:Object.assign(t,{[a[0].trim()]:r})})}return Object.assign(e,{[a[0].trim()]:a[1]})}),{metrics:{}})},findMetric:i,findMetricValue:function(e,n){const r=i(e);return r.metrics.find((e=>e.abbr===n[r.abbr]))},getRating:function(e){let n="None";return n=0===e?"None":e<=3.9?"Low":e<=6.9?"Medium":e<=8.9?"High":"Critical",n},updateVectorValue:function(e,n,r){const a=t(e);return a[n]=r,c(o(a))},isVectorValid:function(e){const n=a.definitions.reduce(((e,n,r)=>{const a=`${n.abbr}:[${n.metrics.reduce(((e,n)=>e+n.abbr),"")}]`;return 0!==r?`(${e}|${a})`:a}),"");if(!new RegExp("^CVSS:3.(0|1)(/"+n+")+$").test(e))return!1;const r=a.definitions.map((e=>new RegExp(`/${e.abbr}:[${e.metrics.reduce(((e,n)=>e+n.abbr),"")}]`,"g")));for(const n of r)if((e.match(n)||[]).length>1)return!1;const i=[/\/AV:[NALP]/g,/\/AC:[LH]/g,/\/PR:[NLH]/g,/\/UI:[NR]/g,/\/S:[UC]/g,/\/C:[NLH]/g,/\/I:[NLH]/g,/\/A:[NLH]/g];for(const n of i)if((e.match(n)||[]).length<1)return!1;return!0},parseVectorObjectToString:o,getVersion:function(e){const n=e.split("/");return"CVSS:3.0"===n[0]?"3.0":"CVSS:3.1"===n[0]?"3.1":"Error"},getCleanVectorString:c}},888:e=>{"use strict";e.exports=JSON.parse('{"version":"3.0","definitions":[{"name":"Attack Vector","abbr":"AV","metrics":[{"name":"Network","abbr":"N","numerical":0.85},{"name":"Adjacent","abbr":"A","numerical":0.62},{"name":"Local","abbr":"L","numerical":0.55},{"name":"Physical","abbr":"P","numerical":0.2}]},{"name":"Attack Complexity","abbr":"AC","metrics":[{"name":"Low","abbr":"L","numerical":0.77},{"name":"High","abbr":"H","numerical":0.44}]},{"name":"Privileges Required","abbr":"PR","metrics":[{"name":"None","abbr":"N","numerical":{"changed":0.85,"unchanged":0.85}},{"name":"Low","abbr":"L","numerical":{"changed":0.68,"unchanged":0.62}},{"name":"High","abbr":"H","numerical":{"changed":0.5,"unchanged":0.27}}]},{"name":"User Interaction","abbr":"UI","metrics":[{"name":"None","abbr":"N","numerical":0.85},{"name":"Required","abbr":"R","numerical":0.62}]},{"name":"Scope","abbr":"S","metrics":[{"name":"Unchanged","abbr":"U"},{"name":"Changed","abbr":"C"}]},{"name":"Confidentiality","abbr":"C","metrics":[{"name":"None","abbr":"N","numerical":0},{"name":"Low","abbr":"L","numerical":0.22},{"name":"High","abbr":"H","numerical":0.56}]},{"name":"Integrity","abbr":"I","metrics":[{"name":"None","abbr":"N","numerical":0},{"name":"Low","abbr":"L","numerical":0.22},{"name":"High","abbr":"H","numerical":0.56}]},{"name":"Availability","abbr":"A","metrics":[{"name":"None","abbr":"N","numerical":0},{"name":"Low","abbr":"L","numerical":0.22},{"name":"High","abbr":"H","numerical":0.56}]},{"name":"Exploit Code Maturity","abbr":"E","metrics":[{"name":"Not Defined","abbr":"X","numerical":1},{"name":"High","abbr":"H","numerical":1},{"name":"Functional","abbr":"F","numerical":0.97},{"name":"Proof of Concept","abbr":"P","numerical":0.94},{"name":"Unproven","abbr":"U","numerical":0.91}]},{"name":"Remediation Level","abbr":"RL","metrics":[{"name":"Not Defined","abbr":"X","numerical":1},{"name":"Unavailable","abbr":"U","numerical":1},{"name":"Workaround","abbr":"W","numerical":0.97},{"name":"Temporary Fix","abbr":"T","numerical":0.96},{"name":"Official Fix","abbr":"O","numerical":0.95}]},{"name":"Report Confidence","abbr":"RC","metrics":[{"name":"Not Defined","abbr":"X","numerical":1},{"name":"Confirmed","abbr":"C","numerical":1},{"name":"Reasonable","abbr":"R","numerical":0.96},{"name":"Unknown","abbr":"U","numerical":0.92}]},{"name":"Confidentiality Req.","abbr":"CR","metrics":[{"name":"Not Defined","abbr":"X","numerical":1},{"name":"High","abbr":"H","numerical":1.5},{"name":"Medium","abbr":"M","numerical":1},{"name":"Low","abbr":"L","numerical":0.5}]},{"name":"Integrity Req.","abbr":"IR","metrics":[{"name":"Not Defined","abbr":"X","numerical":1},{"name":"High","abbr":"H","numerical":1.5},{"name":"Medium","abbr":"M","numerical":1},{"name":"Low","abbr":"L","numerical":0.5}]},{"name":"Availability Req.","abbr":"AR","metrics":[{"name":"Not Defined","abbr":"X","numerical":1},{"name":"High","abbr":"H","numerical":1.5},{"name":"Medium","abbr":"M","numerical":1},{"name":"Low","abbr":"L","numerical":0.5}]},{"name":"Modified Attack Vector","abbr":"MAV","metrics":[{"name":"Not Defined","abbr":"X","numerical":1},{"name":"Network","abbr":"N","numerical":0.85},{"name":"Adjacent","abbr":"A","numerical":0.62},{"name":"Local","abbr":"L","numerical":0.55},{"name":"Physical","abbr":"P","numerical":0.2}]},{"name":"Modified Attack Complexity","abbr":"MAC","metrics":[{"name":"Not Defined","abbr":"X","numerical":1},{"name":"Low","abbr":"L","numerical":0.77},{"name":"High","abbr":"H","numerical":0.44}]},{"name":"Modified Privileges Required","abbr":"MPR","metrics":[{"name":"Not Defined","abbr":"X","numerical":{"changed":1,"unchanged":1}},{"name":"None","abbr":"N","numerical":{"changed":0.85,"unchanged":0.85}},{"name":"Low","abbr":"L","numerical":{"changed":0.68,"unchanged":0.62}},{"name":"High","abbr":"H","numerical":{"changed":0.5,"unchanged":0.27}}]},{"name":"Modified User Interaction","abbr":"MUI","metrics":[{"name":"Not Defined","abbr":"X","numerical":1},{"name":"None","abbr":"N","numerical":0.85},{"name":"Required","abbr":"R","numerical":0.62}]},{"name":"Modified Scope","abbr":"MS","metrics":[{"name":"Not Defined","abbr":"X"},{"name":"Unchanged","abbr":"U"},{"name":"Changed","abbr":"C"}]},{"name":"Modified Confidentiality","abbr":"MC","metrics":[{"name":"Not Defined","abbr":"X","numerical":1},{"name":"None","abbr":"N","numerical":0},{"name":"Low","abbr":"L","numerical":0.22},{"name":"High","abbr":"H","numerical":0.56}]},{"name":"Modified Integrity","abbr":"MI","metrics":[{"name":"Not Defined","abbr":"X","numerical":1},{"name":"None","abbr":"N","numerical":0},{"name":"Low","abbr":"L","numerical":0.22},{"name":"High","abbr":"H","numerical":0.56}]},{"name":"Modified Availability","abbr":"MA","metrics":[{"name":"Not Defined","abbr":"X","numerical":1},{"name":"None","abbr":"N","numerical":0},{"name":"Low","abbr":"L","numerical":0.22},{"name":"High","abbr":"H","numerical":0.56}]}]}')}},n={},r=function r(a){var i=n[a];if(void 0!==i)return i.exports;var t=n[a]={exports:{}};return e[a](t,t.exports,r),t.exports}(10);CVSS=r})();