cvss4
Version:
The **Common Vulnerability Scoring System (CVSS)** is a [scoring framework](https://www.first.org/cvss/) that provides numerical scores to assess the severity of software vulnerabilities. This TypeScript-based library offers support for CVSS versions **3.
60 lines (59 loc) • 1.74 kB
JavaScript
import { BaseMetric } from './models';
export const humanizeBaseMetric = (metric) => {
switch (metric) {
case BaseMetric.ATTACK_VECTOR:
return 'Attack Vector';
case BaseMetric.ATTACK_COMPLEXITY:
return 'Attack Complexity';
case BaseMetric.PRIVILEGES_REQUIRED:
return 'Privileges Required';
case BaseMetric.USER_INTERACTION:
return 'User Interaction';
case BaseMetric.SCOPE:
return 'Scope';
case BaseMetric.CONFIDENTIALITY:
return 'Confidentiality';
case BaseMetric.INTEGRITY:
return 'Integrity';
case BaseMetric.AVAILABILITY:
return 'Availability';
default:
return 'Unknown';
}
};
// eslint-disable-next-line complexity
export const humanizeBaseMetricValue = (value, metric) => {
switch (value) {
case 'A':
return 'Adjacent';
case 'C':
return 'Changed';
case 'H':
return 'High';
case 'L':
return metric === BaseMetric.ATTACK_VECTOR ? 'Local' : 'Low';
case 'N':
return metric === BaseMetric.ATTACK_VECTOR ? 'Network' : 'None';
case 'P':
return 'Physical';
case 'R':
return 'Required';
case 'U':
return 'Unchanged';
default:
return 'Unknown';
}
};
/**
* Stringify a score into a qualitative severity rating string
* @param score
*/
export const humanizeScore = (score) => score <= 0
? 'None'
: score <= 3.9
? 'Low'
: score <= 6.9
? 'Medium'
: score <= 8.9
? 'High'
: 'Critical';