feat(CVSSv4): Add support for CVSSv4 to cve-bin-tool #4944
Conversation
|
resolved the merge conflict here |
JigyasuRajput
force-pushed
the
feat/add-support-cvssv4
branch
from
4e769ca to
acfc7e8
Compare
Co-authored-by: Terri Oda <[email protected]>
|
I've fixed the test which was causing problem, also resolved the merge conflict. |
|
I've re-enabled the CI tests, and I've flagged @mastersans and @anthonyharrison for review, since both of them have touched this stuff more recently than I have. |
There was a problem hiding this comment.
You've got a failing test:
FAILED test/test_cvedb.py::TestCVEDB::test_new_database_schema - AssertionError: CVSS v4 metric name is not correct
assert 'CVSS-4' == 'CVSS_4'
- CVSS_4
? ^
+ CVSS-4
? ^
======= 1 failed, 31 passed, 4 skipped, 4 warnings in 296.51s (0:04:56) ========
Probably we want all the identifiers to use either - or _ but I don't think it much matters which one we use and why you made just the one different, so I'll leave that to you to look at.
Co-authored-by: Terri Oda <[email protected]>
|
I need to take a look at this, I committed the suggestions directly from GUI here. Most likely the tests would fail (forgot to put a comment after committing) |
|
the tests also needed update to use "CVSS-4", It should be working fine now |
Add CVSSv4 Support to CVE Binary Tool
Fixes #4238
Description
This PR introduces support for CVSS version 4.0, the latest iteration of the Common Vulnerability Scoring System. With NVD now including CVSSv4 data, this update ensures the tool uses the most accurate and up-to-date severity metrics for vulnerability assessments.
Key Changes
Core Functionality
baseMetricV4andcvssMetricV4)Testing
Verification Steps
CVSS_4metric entries.Future Work
updating the docs for this feature is required, I'll create an issue for the same