ctxis / cvsslib Goto Github PK

View Code? Open in Web Editor NEW

30.0 30.0 11.0 3.09 MB

A library implementing CVSS v2 and v3 scores

License: GNU Lesser General Public License v3.0

Python 100.00%

cvsslib's People

Contributors

Stargazers

Watchers

Forkers

pombredanne mohansekar nirizr 0secure abhishekpuranam diganthdr luc-x41 rsrdesarrollo azolson yurifari

cvsslib's Issues

License?

Hi:
I was wondering if you would consider another license such as the LGPL so that this library can be used in other non-GPL tools such as https://github.com/nexB/scancode-toolkit/ ?
Thanks!

Unable to save object via django-admin

When saving a cvss2 object from the django admin interface, an AttributeError is received. This error appears to be because the value (0.35, etc) is being saved as a string instead of a number. If I attempt to save the object via the command line with numeric values, it succeeds. When i attempt to save a value as a string, I receive the same attribute error as I receive via the GUI.

Relevant code:

CVSS2Base = django_mixin(cvss2, attr_name="CVSS2Base")
class CVSS2(models.Model, metaclass=CVSS2Base):
    pass

x = CVSS2()
x.exploitability=0.85
x.save() #works

x.exploitability='0.85'
x.save() #AttributeError, same as django-admin

Traceback below:

Environment:

Request Method: POST
Request URL: http://___.com/vm/admin/vm/cvss2/1/change/

Django Version: 1.11.5
Python Version: 3.6.2
Installed Applications:
['django.contrib.admin',
 'django.contrib.auth',
 'django.contrib.contenttypes',
 'django.contrib.sessions',
 'django.contrib.messages',
 'django.contrib.staticfiles',
 'vm.apps.VMConfig']
Installed Middleware:
['django.middleware.security.SecurityMiddleware',
 'django.contrib.sessions.middleware.SessionMiddleware',
 'django.middleware.common.CommonMiddleware',
 'django.middleware.csrf.CsrfViewMiddleware',
 'django.contrib.auth.middleware.AuthenticationMiddleware',
 'django.contrib.messages.middleware.MessageMiddleware',
 'django.middleware.clickjacking.XFrameOptionsMiddleware']



Traceback:

File "/usr/lib64/python3.6/enum.py" in __getattr__
  322.             return cls._member_map_[name]

During handling of the above exception ('0.35'), another exception occurred:

File "/usr/lib64/python3.6/site-packages/django/core/handlers/exception.py" in inner
  41.             response = get_response(request)

File "/usr/lib64/python3.6/site-packages/django/core/handlers/base.py" in _get_response
  187.                 response = self.process_exception_by_middleware(e, request)

File "/usr/lib64/python3.6/site-packages/django/core/handlers/base.py" in _get_response
  185.                 response = wrapped_callback(request, *callback_args, **callback_kwargs)

File "/usr/lib64/python3.6/site-packages/django/contrib/admin/options.py" in wrapper
  551.                 return self.admin_site.admin_view(view)(*args, **kwargs)

File "/usr/lib64/python3.6/site-packages/django/utils/decorators.py" in _wrapped_view
  149.                     response = view_func(request, *args, **kwargs)

File "/usr/lib64/python3.6/site-packages/django/views/decorators/cache.py" in _wrapped_view_func
  57.         response = view_func(request, *args, **kwargs)

File "/usr/lib64/python3.6/site-packages/django/contrib/admin/sites.py" in inner
  224.             return view(request, *args, **kwargs)

File "/usr/lib64/python3.6/site-packages/django/contrib/admin/options.py" in change_view
  1511.         return self.changeform_view(request, object_id, form_url, extra_context)

File "/usr/lib64/python3.6/site-packages/django/utils/decorators.py" in _wrapper
  67.             return bound_func(*args, **kwargs)

File "/usr/lib64/python3.6/site-packages/django/utils/decorators.py" in _wrapped_view
  149.                     response = view_func(request, *args, **kwargs)

File "/usr/lib64/python3.6/site-packages/django/utils/decorators.py" in bound_func
  63.                 return func.__get__(self, type(self))(*args2, **kwargs2)

File "/usr/lib64/python3.6/site-packages/django/contrib/admin/options.py" in changeform_view
  1408.             return self._changeform_view(request, object_id, form_url, extra_context)

File "/usr/lib64/python3.6/site-packages/django/contrib/admin/options.py" in _changeform_view
  1440.             if form.is_valid():

File "/usr/lib64/python3.6/site-packages/django/forms/forms.py" in is_valid
  183.         return self.is_bound and not self.errors

File "/usr/lib64/python3.6/site-packages/django/forms/forms.py" in errors
  175.             self.full_clean()

File "/usr/lib64/python3.6/site-packages/django/forms/forms.py" in full_clean
  384.         self._clean_fields()

File "/usr/lib64/python3.6/site-packages/django/forms/forms.py" in _clean_fields
  402.                     value = field.clean(value)

File "/usr/lib64/python3.6/site-packages/django/forms/fields.py" in clean
  864.         return self._coerce(value)

File "/usr/lib64/python3.6/site-packages/django/forms/fields.py" in _coerce
  853.             value = self.coerce(value)

File "/usr/lib/python3.6/site-packages/cvsslib/contrib/django_model.py" in to_python
  23.             return getattr(self.enum, value)

File "/usr/lib64/python3.6/enum.py" in __getattr__
  324.             raise AttributeError(name) from None

Exception Type: AttributeError at /vm/admin/vm/cvss2/1/change/
Exception Value: 0.35

Error calculating CVSS3 when Integrity Requirement is set to High

When IR:H is included in the CVSS3 vector, an exception is thrown. This does not occur for IR:L, IR:M, or IR:X

from cvsslib import cvss2, cvss3, calculate_vector
v = 'CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/IR:L'
calculate_vector(v,cvss3)
(7.5, 7.5, 7.2)
v = 'CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/IR:M'
calculate_vector(v,cvss3)
(7.5, 7.5, 7.5)
v = 'CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/IR:H'
calculate_vector(v,cvss3)
Traceback (most recent call last):
File "", line 1, in
File "/home/st07572/dev/vmenv/lib/python3.6/site-packages/cvsslib/vector.py", line 62, in calculate_vector
return run_calc(module.calculate, getter=_getter)
File "/home/st07572/dev/vmenv/lib/python3.6/site-packages/cvsslib/utils.py", line 91, in run_calc
result = function(*call_args, **kwargs)
File "/home/st07572/dev/vmenv/lib/python3.6/site-packages/cvsslib/cvss3/calculations.py", line 145, in calculate
environment_score = run_calculation(calculate_environmental_score, override=override)
File "/home/st07572/dev/vmenv/lib/python3.6/site-packages/cvsslib/utils.py", line 91, in run_calc
result = function(*call_args, **kwargs)
File "/home/st07572/dev/vmenv/lib/python3.6/site-packages/cvsslib/cvss3/calculations.py", line 105, in calculate_environmental_score
modified_impact_sub_score = run_calculation(calculate_modified_impact_sub_score)
File "/home/st07572/dev/vmenv/lib/python3.6/site-packages/cvsslib/utils.py", line 91, in run_calc
result = function(*call_args, **kwargs)
File "/home/st07572/dev/vmenv/lib/python3.6/site-packages/cvsslib/cvss3/calculations.py", line 62, in calculate_modified_impact_sub_score
return IMPACT_UNCHANGED_COEFFECIENT * modified
TypeError: unsupported operand type(s) for *: 'decimal.Decimal' and 'float'

add cvss 3.1 support

https://www.first.org/cvss/user-guide#CVSS-Version-3-1-Release

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.