Comments (5)
@adamrdavid I will release the changes within the next days. I think the new version will not break your current code. If you have an invalid cvss vector, the method will just return false without raising the exception anymore. I also improved the handling with params that are no strings. Do you know which cvss_vector gave you the second exception? (bad value for range)
from cvss-suite.
@adamrdavid I was able to reproduce this issue and created a new issue for that #3
from cvss-suite.
Hi @adamrdavid, thank you for bringing up this issue and your pull request.
I agree that specific class errors are more convenient but since we are still throwing exceptions I think it's ok to bump to 1.1.0 what do you think?
Regarding the exception issue you have in your code: If you take a closer look you will notice that these exception are not thrown by the valid? method but on object initializing (self.new). The valid? method itself never throws an exception, it only returns true or false.
This is indeed an issue I have to fix. Please give me a few days (maybe weeks) since I am currently busy and/or traveling. But hopefully I can make this change this month!
You will hear from me soon. Best regards, Oliver
from cvss-suite.
Hi @oliverhamboerger thank you for your response and your time investigating this. Also thank you for this gem, we at /bugcrowd appreciate it! :D
Ya sorry the example I posted was obscuring some details, I have updated it.
I see your point, it does make the most sense for the initialize to raise, and have the instance method #valid?
only return true/false if the instance can be created.
I was thinking a nice addition would be a class method .valid?
that takes a string and returns true/false by attempting to initialize an instance and calling #valid?
. However, this class method may not be the responsibility of the gem and is out of scope of the suggested change.
Regarding the version bump, I agree with whatever you are comfortable with. The only reason I worried it might constitute a major version change, is that if I were to update the gem in my current application, my example method from above CvssVector.valid?
would break. Perhaps if we make the error classes inherit from what they are now (RuntimeError
and ArgumentError
) it would be a more backward compatible change?
No problem, I understand if you are busy. Take your time 👍
Cheers, Adam
from cvss-suite.
Hi @oliverhamboerger,
The input that results in bad value for range
is CvssSuite.new('CVSS:3.0/')
Thanks!
from cvss-suite.
Related Issues (17)
- Example view form using the gem HOT 1
- Unscoped classs HOT 1
- Override Ruby class Float and Integer is a bad pattern HOT 1
- Support only ruby >= 2.4 HOT 1
- Configure a CI HOT 1
- Allow parentheses in CVSS v2 vector HOT 1
- Temporal Score is given even if no temporal metrics are defined HOT 5
- Updated - [Important Information] Repository moved to a new home HOT 14
- CVSS Vector "CVSS:3.0/" raises exception "bad value for range"
- CVSS v3 base metrics are order-dependent HOT 1
- Support for CVSS v4 HOT 10
- CVSS prefix is missing in v3.1.0
- Discussion: Remove of CVSS v2 support
- Fixnum is deprecated warning HOT 1
- Add static parameters for CVSS attributes and their options
- Add Severity Rating Feature Based on CVSS Score
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cvss-suite.