fix(parsing): fix #36 by checking (non-)mandatory metrics

RedHatProductSecurity · Oct 18, 2023 · 65566cf · 65566cf
1 parent d487f41
commit 65566cf
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 10 deletions.
diff --git a/app.js b/app.js
@@ -83,16 +83,32 @@ const app = Vue.createApp({
             oi = 0
             for(index in metrics) {
                 [key, value] = metrics[index].split(":")
+
                 expected = Object.entries(this.expectedMetricOrder)[oi++]
-                // There should not be any remaining metrics, or the metric is
-                // not at the right place
-                if(expected == undefined || key != expected[0]) {
-                    console.log("Error invalid vector")
-                    return
+                while(true) {
+                    // If out of possible metrics ordering, it not a valid value thus
+                    // the vector is invalid
+                    if(expected == undefined) {
+                        console.log("Error invalid vector, too many metric values")
+                        return
+                    }
+                    if(key != expected[0]) {
+                        // If not this metric but is mandatory, the vector is invalid
+                        // As the only mandatory ones are from the Base group, 11 is the
+                        // number of metrics part of it.
+                        if(oi <= 11) {
+                            console.log("Error invalid vector, missing mandatory metrics")
+                            return
+                        }
+                        // If a non-mandatory, retry
+                        expected = Object.entries(this.expectedMetricOrder)[oi++]
+                        continue
+                    }
+                    break
                 }
                 // The value MUST be part of the metric's values, case insensitive
                 if(!expected[1].includes(value)) {
-                    console.log("Error invalid vector")
+                    console.log("Error invalid vector, for key " + key + ", value " + value + " is not in " +expected[1])
                     return
                 }
                 if(key in this.cvssSelected) {

diff --git a/metrics.js b/metrics.js
@@ -1,6 +1,6 @@
 // CVSS v4.0 metrics ordering and valid values
 expectedMetricOrder = {
-    // Base
+    // Base (11 metrics)
     "AV": ["N", "A", "L", "P"],
     "AC": ["L", "H"],
     "AT": ["N", "P"],
@@ -12,9 +12,9 @@ expectedMetricOrder = {
     "SC": ["H", "L", "N"],
     "SI": ["H", "L", "N"],
     "SA": ["H", "L", "N"],
-    // Threat
+    // Threat (1 metric)
     "E": ["X", "A", "P", "U"],
-    // Environmental
+    // Environmental (14 metrics)
     "CR":  ["X", "H", "M", "L"],
     "IR":  ["X", "H", "M", "L"],
     "AR":  ["X", "H", "M", "L"],
@@ -29,7 +29,7 @@ expectedMetricOrder = {
     "MSC": ["X", "H", "L", "N"],
     "MSI": ["X", "S", "H", "L", "N"],
     "MSA": ["X", "S", "H", "L", "N"],
-    // Supplemental
+    // Supplemental (6 metrics)
     "S":  ["X", "N", "P"],
     "AU": ["X", "N", "Y"],
     "R":  ["X", "A", "U", "I"],