Implement Age (Y)

vmayoral · vmayoral · commit d402a122751e · 2018-07-01T11:35:47.000+02:00
diff --git a/cvsslib/base_enum.py b/cvsslib/base_enum.py
@@ -83,6 +83,7 @@ def get_value_from_vector_key(cls, key):
             vector_override = cls._vectors.value
 
         if key in vector_override:
+            # print(getattr(cls, vector_override[key]))
             return getattr(cls, vector_override[key])
 
         # print(cls.members())
diff --git a/cvsslib/cvss3/calculations.py b/cvsslib/cvss3/calculations.py
@@ -26,6 +26,9 @@ def calculate_modified_exploitability_sub_score(vector: ModifiedAttackVector,
                                                 complexity: ModifiedAttackComplexity,
                                                 privilege: ModifiedPrivilegesRequired,
                                                 interaction: ModifiedUserInteraction):
+    # print("modified complexity: " + str(complexity))
+    # print("modified privilege: " + str(privilege))
+    # print("modified interaction: " + str(interaction))
     return EXPLOITABILITY_COEFFECIENT * vector * complexity * privilege * interaction
 
 
diff --git a/cvsslib/example_vectors.py b/cvsslib/example_vectors.py
@@ -62,11 +62,13 @@
     ("AV:N/AC:L/Au:N/C:C/I:C/A:C", (10, None, None))
 ]
 
+# TODO update
 rvss_vectors = [
     ("RVSS:1.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:H/MPR:N", (5.8, 5.8, 7.1)),
     # ("RVSS:1.0/AV:RN/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:H/MPR:N", (5.8, 5.8, 7.1)),
 ]
 
+# TODO update
 rvss_comparison_vectors = [
     ("AV:N/AC:L/Au:N/C:C/I:C/A:C", "AV:N/AC:L/Au:N/C:C/I:C/A:C", (10, None, None))
 ]
diff --git a/cvsslib/rvss/calculations.py b/cvsslib/rvss/calculations.py
@@ -17,15 +17,34 @@ def roundup(num):
 def calculate_exploitability_sub_score(attack_vector: AttackVector,
                                        complexity: AttackComplexity,
                                        privilege: PrivilegeRequired,
-                                       interaction: UserInteraction):
-    return EXPLOITABILITY_COEFFECIENT * attack_vector * complexity * privilege * interaction
+                                       interaction: UserInteraction,
+                                       age:Age):
+    # print("age: " + str(age))
+    return EXPLOITABILITY_COEFFECIENT * attack_vector * complexity * privilege * interaction * age
+
+# def calculate_exploitability_sub_score(attack_vector: AttackVector,
+#                                        complexity: AttackComplexity,
+#                                        privilege: PrivilegeRequired,
+#                                        interaction: UserInteraction):
+#     return EXPLOITABILITY_COEFFECIENT * attack_vector * complexity * privilege * interaction
 
 
 def calculate_modified_exploitability_sub_score(vector: ModifiedAttackVector,
                                                 complexity: ModifiedAttackComplexity,
                                                 privilege: ModifiedPrivilegesRequired,
-                                                interaction: ModifiedUserInteraction):
-    return EXPLOITABILITY_COEFFECIENT * vector * complexity * privilege * interaction
+                                                interaction: ModifiedUserInteraction,
+                                                age: ModifiedAge):
+    # print("modified complexity: " + str(complexity))
+    # print("modified privilege: " + str(privilege))
+    # print("modified interaction: " + str(interaction))
+    # print("modified age: " + str(age))
+    return EXPLOITABILITY_COEFFECIENT * vector * complexity * privilege * interaction * age
+
+# def calculate_modified_exploitability_sub_score(vector: ModifiedAttackVector,
+#                                                 complexity: ModifiedAttackComplexity,
+#                                                 privilege: ModifiedPrivilegesRequired,
+#                                                 interaction: ModifiedUserInteraction):
+#     return EXPLOITABILITY_COEFFECIENT * vector * complexity * privilege * interaction
 
 
 def calculate_impact_sub_score(scope: Scope,
diff --git a/cvsslib/rvss/enums.py b/cvsslib/rvss/enums.py
@@ -91,6 +91,22 @@ class UserInteraction(BaseEnum):
     NONE = D("0.85")
     REQUIRED = D("0.62")
 
+class Age(BaseEnum):
+    """
+    Vector: Y
+    Mandatory: yes
+    """
+    YEAR1 = D("1.5")
+    YEARS3 = D("1.2")
+    MORE3YEARS = D("1.0")
+    UNKNOWN = D("1.0")
+
+    _vectors = {
+        "1": "YEAR1",
+        "3": "YEARS3",
+        "O": "MORE3YEARS",
+        "U": "1YEAR",
+    }
 
 class Scope(BaseEnum):
     """
@@ -208,6 +224,9 @@ class AvailabilityRequirement(BaseEnum):
 ModifiedUserInteraction = UserInteraction.extend("ModifiedUserInteraction", {"NOT_DEFINED": NotDefined()},
                                                  "Vector: MUI")
 
+ModifiedAge = Age.extend("ModifiedAge", {"NOT_DEFINED": NotDefined()},
+                                                 "Vector: MY")
+
 ModifiedScope = Scope.extend("ModifiedScope", {"NOT_DEFINED": NotDefined()}, "Vector: MS")
 
 ModifiedConfidentialityImpact = ConfidentialityImpact.extend("ModifiedConfidentialityImpact",
@@ -220,7 +239,7 @@ class AvailabilityRequirement(BaseEnum):
 
 OPTIONAL_VALUES = {
     ModifiedAttackVector, ModifiedAttackComplexity, ModifiedPrivilegesRequired,
-    ModifiedUserInteraction, ModifiedScope, ModifiedConfidentialityImpact,
+    ModifiedUserInteraction, ModifiedAge, ModifiedScope, ModifiedConfidentialityImpact,
     ModifiedIntegrityImpact, ModifiedAvailabilityImpact
 }
 
@@ -229,6 +248,7 @@ class AvailabilityRequirement(BaseEnum):
     AttackComplexity,
     PrivilegeRequired,
     UserInteraction,
+    Age,
 
     Scope,
     ConfidentialityImpact,
@@ -247,6 +267,7 @@ class AvailabilityRequirement(BaseEnum):
     ModifiedAttackComplexity,
     ModifiedPrivilegesRequired,
     ModifiedUserInteraction,
+    ModifiedAge,
     ModifiedScope,
 
     ModifiedConfidentialityImpact,
diff --git a/tests/test_rvss.py b/tests/test_rvss.py
@@ -6,14 +6,31 @@
 # TODO: bring this vector to "example_vectors.py" file
 rvss_vectors = [
     # Various tests for the attack vector (AV)
-    ("RVSS:1.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:H/MPR:N", (5.8, 5.8, 7.1)),
-    ("RVSS:1.0/AV:RN/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:H/MPR:N", (6.1, 6.1, 8.1)),
-    ("RVSS:1.0/AV:AN/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:H/MPR:N", (5.9, 5.9, 7.3)),
-    ("RVSS:1.0/AV:PP/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:H/MPR:N", (5.9, 5.9, 7.3)),
-    ("RVSS:1.0/AV:PI/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:H/MPR:N", (5.4, 5.4, 5.9)),
+    ("RVSS:1.0/AV:L/AC:L/PR:H/UI:R/Y:U/S:U/C:H/I:N/A:H/MPR:N", (5.8, 5.8, 7.1)),
+    ("RVSS:1.0/AV:RN/AC:L/PR:H/UI:R/Y:U/S:U/C:H/I:N/A:H/MPR:N", (6.1, 6.1, 8.1)),
+    ("RVSS:1.0/AV:AN/AC:L/PR:H/UI:R/Y:U/S:U/C:H/I:N/A:H/MPR:N", (5.9, 5.9, 7.3)),
+    ("RVSS:1.0/AV:PP/AC:L/PR:H/UI:R/Y:U/S:U/C:H/I:N/A:H/MPR:N", (5.9, 5.9, 7.3)),
+    ("RVSS:1.0/AV:PI/AC:L/PR:H/UI:R/Y:U/S:U/C:H/I:N/A:H/MPR:N", (5.4, 5.4, 5.9)),
     # AV combinations
-    ("RVSS:1.0/AV:ANPR/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:H/MPR:N", (5.5, 5.5, 6.1)),
-    ("RVSS:1.0/AV:PPL/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:H/MPR:N", (5.6, 5.6, 6.4)),
+    ("RVSS:1.0/AV:ANPR/AC:L/PR:H/UI:R/Y:U/S:U/C:H/I:N/A:H/MPR:N", (5.5, 5.5, 6.1)),
+    ("RVSS:1.0/AV:PPL/AC:L/PR:H/UI:R/Y:U/S:U/C:H/I:N/A:H/MPR:N", (5.6, 5.6, 6.4)),
+    # Age tests
+    ("RVSS:1.0/AV:L/AC:L/PR:H/UI:R/Y:3/S:U/C:H/I:N/A:H/MPR:N", (5.9, 5.9, 7.4)),
+    ("RVSS:1.0/AV:L/AC:L/PR:H/UI:R/Y:1/S:U/C:H/I:N/A:H/MPR:N", (6.1, 6.1, 8.0)),
+]
+
+test_rvss_vectors = [
+    ("RVSS:1.0/AV:PI/AC:L/PR:H/UI:R/Y:U/S:U/C:H/I:N/A:H/MPR:N"),
+    ("RVSS:1.0/AV:ANPR/AC:L/PR:H/UI:R/Y:U/S:U/C:H/I:N/A:H/MPR:N"),
+    ("RVSS:1.0/AV:PPL/AC:L/PR:H/UI:R/Y:U/S:U/C:H/I:N/A:H/MPR:N"),
+    ("RVSS:1.0/AV:L/AC:L/PR:H/UI:R/Y:3/S:U/C:H/I:N/A:H/MPR:N"),
+    ("RVSS:1.0/AV:L/AC:L/PR:H/UI:R/Y:1/S:U/C:H/I:N/A:H/MPR:N"),
+]
+
+rvss_comparison_vectors = [
+    ("CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:H/MPR:N",
+        "RVSS:1.0/AV:L/AC:L/PR:H/UI:R/Y:U/S:U/C:H/I:N/A:H/MPR:N",
+        (5.8, 5.8, 7.1)),
 ]
 
 def test_v3_vectors():
@@ -30,13 +47,34 @@ def test_rvss_vectors():
         # print(results)
         assert results == score, "Vector {0} failed".format(vector)
 
+def comparison_rvss_vectors():
+    for vector1, vector2, results in rvss_comparison_vectors:
+        score1 = calculate_vector(vector1, cvss3)
+        score2 = calculate_vector(vector2, rvss)
+        # print(score)
+        # print(results)
+        assert results == score1, "Vector {0} failed".format(vector1)
+        assert results == score2, "Vector {0} failed".format(vector2)
+        assert score1 == score2, "CVSS and RVSS vectors' score don't match "
+
 
+## Run tests
 # test_v3_vectors()
-# test_rvss_vectors()
+test_rvss_vectors()
+comparison_rvss_vectors()
 
 ###########
 ## Individual tests
 ###########
 
 # vector_v3 = "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:H/MPR:N"
 # print(calculate_vector(vector_v3, cvss3))
+#
+# vector_rvss = "RVSS:1.0/AV:L/AC:L/PR:H/UI:R/Y:U/S:U/C:H/I:N/A:H/MPR:N"
+# print(calculate_vector(vector_rvss, rvss))
+#
+# vector_rvss = "RVSS:1.0/AV:L/AC:L/PR:H/UI:R/Y:3/S:U/C:H/I:N/A:H/MPR:N"
+# print(calculate_vector(vector_rvss, rvss))
+#
+# vector_rvss = "RVSS:1.0/AV:L/AC:L/PR:H/UI:R/Y:1/S:U/C:H/I:N/A:H/MPR:N"
+# print(calculate_vector(vector_rvss, rvss))

Original file line number	Diff line number	Diff line change
`@@ -62,11 +62,13 @@`
`62`	`62`	`("AV:N/AC:L/Au:N/C:C/I:C/A:C", (10, None, None))`
`63`	`63`	`]`
`64`	`64`
	`65`	`+# TODO update`
`65`	`66`	`rvss_vectors = [`
`66`	`67`	`("RVSS:1.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:H/MPR:N", (5.8, 5.8, 7.1)),`
`67`	`68`	`# ("RVSS:1.0/AV:RN/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:H/MPR:N", (5.8, 5.8, 7.1)),`
`68`	`69`	`]`
`69`	`70`
	`71`	`+# TODO update`
`70`	`72`	`rvss_comparison_vectors = [`
`71`	`73`	`("AV:N/AC:L/Au:N/C:C/I:C/A:C", "AV:N/AC:L/Au:N/C:C/I:C/A:C", (10, None, None))`
`72`	`74`	`]`