UNPKG

ssvc

Version:

TypeScript implementation of SSVC (Stakeholder-Specific Vulnerability Categorization). A prioritization framework to triage CVE vulnerabilities as an alternative or compliment to CVSS

github.com/trivialsec/typescript-ssvc

trivialsec/typescript-ssvc

77 lines (65 loc) 2.37 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
/** * CISA Plugin Wrapper * * Wraps the generated CISA plugin to integrate with the core plugin system. */ import { SSVCPlugin, SSVCDecision, SSVCOutcome } from '../core'; import { DecisionCisa, OutcomeCisa, ExploitationStatus, AutomatableStatus, TechnicalImpactLevel, MissionWellbeingImpactLevel } from './cisa-generated'; export class CISAPlugin extends SSVCPlugin { readonly name = 'CISA'; readonly description = 'CISA Stakeholder-Specific Vulnerability Categorization'; readonly version = '1.0'; createDecision(options: Record<string, any>): SSVCDecision { return new CISADecisionWrapper(options); } } class CISADecisionWrapper implements SSVCDecision { private decision: DecisionCisa; public outcome?: SSVCOutcome; constructor(options: Record<string, any>) { // Map the generic options to CISA-specific parameters const cisaOptions = { exploitation: this.mapValue(options.exploitation || options.exploitationStatus, ExploitationStatus), automatable: this.mapValue(options.automatable || options.automatableStatus, AutomatableStatus), technicalImpact: this.mapValue(options.technical_impact || options.technicalImpactLevel, TechnicalImpactLevel), missionWellbeingImpact: this.mapValue(options.mission_wellbeing || options.missionWellbeingImpactLevel, MissionWellbeingImpactLevel) }; this.decision = new DecisionCisa(cisaOptions); } evaluate(): SSVCOutcome { const outcome = this.decision.evaluate(); this.outcome = { action: outcome.action, priority: outcome.priority }; return this.outcome; } private mapValue(value: any, enumType: any): any { if (!value) return undefined; // If it's already the right type, return it if (Object.values(enumType).includes(value)) { return value; } // If it's a string, try to find the matching enum value if (typeof value === 'string') { const upperValue = value.toUpperCase(); const enumKey = Object.keys(enumType).find(key => key === upperValue); if (enumKey) { return (enumType as any)[enumKey]; } // Try direct string value match const enumValue = Object.values(enumType).find(v => v === value.toLowerCase()); if (enumValue) { return enumValue; } } return value; } }