packages feed

cvss 0.1 → 0.2.0.1

raw patch · 5 files changed

+35/−18 lines, 5 filesdep ~tastynew-uploaderPVP ok

version bump matches the API change (PVP)

Dependency ranges changed: tasty

API changes (from Hackage documentation)

+ Security.CVSS: instance GHC.Classes.Eq Security.CVSS.CVSS
+ Security.CVSS: instance GHC.Classes.Eq Security.CVSS.Metric

Files

CHANGELOG.md view
@@ -1,3 +1,11 @@-# 0.1+## 0.2.0.1 -Introduction+* Update `tasty` dependency bounds++## 0.2++* Changed the CVSS v2 parser and printer to omit the "CVSS:2.0/" version prefix according to the spec.++## 0.1++* Introduction
+ README.md view
@@ -0,0 +1,7 @@+# cvss++This project aims to support [Common Vulnerability Scoring System](https://www.first.org/cvss/).++## Building++We aim to support both regular cabal-based and nix-based builds.
cvss.cabal view
@@ -1,6 +1,6 @@ cabal-version:   2.4 name:            cvss-version:         0.1+version:         0.2.0.1 synopsis:        Common Vulnerability Scoring System. description:   Use this library to parse CVSS string and compute its score.@@ -9,8 +9,9 @@ author:          Tristan de Cacqueray maintainer:      tdecacqu@redhat.com category:        Data-extra-doc-files: CHANGELOG.md-tested-with:     GHC ==8.10.7 || ==9.0.2 || ==9.2.8 || ==9.4.8 || ==9.6.3 || ==9.8.1+extra-doc-files: CHANGELOG.md, README.md+tested-with:+  GHC ==8.10.7 || ==9.0.2 || ==9.2.8 || ==9.4.8 || ==9.6.6 || ==9.8.3 || ==9.10.1 || ==9.12.1  library   exposed-modules:  Security.CVSS@@ -31,7 +32,7 @@   build-depends:     , base         <5     , cvss-    , tasty        <1.5+    , tasty        <2     , tasty-hunit  <1.0     , text 
src/Security/CVSS.hs view
@@ -51,6 +51,7 @@     -- | The metrics are stored as provided by the user     cvssMetrics :: [Metric]   }+  deriving stock (Eq)  instance Show CVSS where   show = Text.unpack . cvssVectorString@@ -100,23 +101,23 @@   { mName :: MetricShortName,     mChar :: MetricValueChar   }-  deriving (Show)+  deriving (Eq, Show)  -- example CVSS string: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N  -- | Parse a CVSS string. parseCVSS :: Text -> Either CVSSError CVSS parseCVSS txt-  | "CVSS:3.1/" `Text.isPrefixOf` txt = CVSS CVSS31 <$> validateComponents validateCvss31-  | "CVSS:3.0/" `Text.isPrefixOf` txt = CVSS CVSS30 <$> validateComponents validateCvss30-  | "CVSS:2.0/" `Text.isPrefixOf` txt = CVSS CVSS20 <$> validateComponents validateCvss20-  | otherwise = Left UnknownVersion+  | "CVSS:3.1/" `Text.isPrefixOf` txt = CVSS CVSS31 <$> validateComponents True validateCvss31+  | "CVSS:3.0/" `Text.isPrefixOf` txt = CVSS CVSS30 <$> validateComponents True validateCvss30+  | "CVSS:" `Text.isPrefixOf` txt = Left UnknownVersion+  | otherwise = CVSS CVSS20 <$> validateComponents False validateCvss20   where-    validateComponents validator = do-      metrics <- traverse splitComponent components+    validateComponents withPrefix validator = do+      metrics <- traverse splitComponent $ components withPrefix       validator metrics -    components = drop 1 $ Text.split (== '/') txt+    components withPrefix = (if withPrefix then drop 1 else id) $ Text.split (== '/') txt     splitComponent :: Text -> Either CVSSError Metric     splitComponent componentTxt = case Text.unsnoc componentTxt of       Nothing -> Left EmptyComponent@@ -147,7 +148,7 @@ cvssShow ordered cvss = case cvssVersion cvss of   CVSS31 -> Text.intercalate "/" ("CVSS:3.1" : components)   CVSS30 -> Text.intercalate "/" ("CVSS:3.0" : components)-  CVSS20 -> Text.intercalate "/" ("CVSS:2.0" : components)+  CVSS20 -> Text.intercalate "/" components   where     components = map toComponent (cvssOrder (cvssMetrics cvss))     toComponent :: Metric -> Text
test/Spec.hs view
@@ -30,7 +30,7 @@     , ("CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", 4.0, CVSS.Medium)     , ("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", 9.9, CVSS.Critical)     , ("CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", 4.2, CVSS.Medium)-    , ("CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:C", 7.8, CVSS.High)-    , ("CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C", 10, CVSS.Critical)-    , ("CVSS:2.0/AV:L/AC:H/Au:N/C:C/I:C/A:C", 6.2, CVSS.Medium)+    , ("AV:N/AC:L/Au:N/C:N/I:N/A:C", 7.8, CVSS.High)+    , ("AV:N/AC:L/Au:N/C:C/I:C/A:C", 10, CVSS.Critical)+    , ("AV:L/AC:H/Au:N/C:C/I:C/A:C", 6.2, CVSS.Medium)     ]