Comments (7)
nickleali
commented on September 23, 2024
2
Appreciate you looking into this!
Would it be useful to have the nomenclature of the JSON match with the CVSS v4.0 schema for consistency?
https://www.first.org/cvss/cvss-v4.0.json
{
"vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"baseScore": 2.3,
"baseSeverity": "low",
}
And potentially adapt the score and severity based on Threat or Environmental metrics?
from cvss-v4-calculator.
nickleali
commented on September 23, 2024
1
I'm certainly not someone who should be doing code review, but something like this would work great as an API to the calculator.
I will have to check about how this is deployed on the FIRST infrastructure for a hosted version.
from cvss-v4-calculator.
pandatix
commented on September 23, 2024
May I suggest another structure for the API call : /api/v1/compute?vector=<cvss_v4_vector_here>
This enable versionning API (good practice) and is more HTML5/REST-full compliant so will enable better software integration.
from cvss-v4-calculator.
skontar
commented on September 23, 2024
Sure thing. This makes perfect sense.
from cvss-v4-calculator.
n3rada
commented on September 23, 2024
Hi @nickleali, if my PR #59 is accepted, It will certainly facilitate the implementation of an API. For example, it could be done with this kind of server.js express file:
const express = require('express');
const app = express();
const port = 3000;
const { CVSS40, Vector } = require('./cvss40');
app.get('/api/v1/compute', (req, res) => {
const vectorString = req.query.vector;
if (!vectorString) {
return res.status(400).json({ error: 'Vector parameter is required' });
}
try {
// Create a new Vector instance with the provided string
const vector = new Vector(vectorString);
// Pass the Vector instance to the CVSS40 constructor
const cvssInstance = new CVSS40(vector);
// Respond with the CVSS instance (including the computed score and severity)
res.json({
score: cvssInstance.score,
severity: cvssInstance.severity,
equivalentClasses: vector.equivalentClasses,
raw: vector.raw,
});
} catch (error) {
console.error('Error processing CVSS vector:', error);
res.status(400).json({ error: 'Invalid CVSS vector', details: error.message });
}
});
app.listen(port, () => {
console.log(`CVSS API listening at http://localhost:${port}`);
});Then, you can request:
http://localhost:3000/api/v1/compute?vector=CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:H/E:A
In order to retrieve the json:
{
"score":9.2,
"severity":"Critical",
"equivalentClasses":"001100",
"raw":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:H/E:A"
}This is just an example, and the implementation needs to be discussed with the people in charge, as I don't know what they prefer for deploying the site. Of course, you'd have to add flow limitation, entry verification, etc.
from cvss-v4-calculator.
n3rada
commented on September 23, 2024
I hope someone who can will read it tho' 😊
from cvss-v4-calculator.
skontar
commented on September 23, 2024
@n3rada I am sorry I missed the PR. I will ask my colleague who is much better at Javascript to have a look.
from cvss-v4-calculator.
Related Issues (20)
- Show macro vector in a more transparent way
- Specific Vector Crashes Calculator HOT 1
- New base scores with "MaxBase" considerations.
- Provider Urgency (U): White → Clear
- Bug/compliance: metrics could be defined more than once
- Bug/compliance: metrics with invalid value gives NaN score
- Question: How do CVSS v4.0 Nomenclatures map to CVSS 3.x score types? HOT 12
- Macrovector=1 does not always mean "Medium" HOT 3
- CVSS vector should be generated in Base/Threat/Environmental/Supplemental order HOT 3
- Bug/compliance: (Non-)mandatory metrics behavior is not implemented
- Incorrect metric order HOT 4
- Invalid vector validation
- Potential Incorrect Rounding For Final Score HOT 7
- Cannot run the code locally. HOT 4
- Refactor to reduce dependency on Vue HOT 5
- Discrepancy on score with certain vectors when compared to FIRST calculator HOT 9
- Unknown variable eq3 / eq6
- CVSS v4.0 should show only one score and call sections "metrics"
- EQ3 needs to be changed to [0-2]
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cvss-v4-calculator.