From 6c0a0c04bad27227d66c3bbdcb3fcdf2f663c5de Mon Sep 17 00:00:00 2001 From: "ander.ruiz" Date: Mon, 26 Jun 2023 10:08:26 +0200 Subject: [PATCH 1/2] Char based parsing instead of String --- src/main/java/us/springett/cvss/Cvss.java | 101 +++++++------ src/main/java/us/springett/cvss/CvssV2.java | 56 +++---- src/main/java/us/springett/cvss/CvssV3.java | 132 ++++++++--------- src/main/java/us/springett/cvss/CvssV3_1.java | 140 +++++++++--------- 4 files changed, 216 insertions(+), 213 deletions(-) diff --git a/src/main/java/us/springett/cvss/Cvss.java b/src/main/java/us/springett/cvss/Cvss.java index 7c8dadc..9ac6ab7 100644 --- a/src/main/java/us/springett/cvss/Cvss.java +++ b/src/main/java/us/springett/cvss/Cvss.java @@ -15,7 +15,6 @@ */ package us.springett.cvss; -import java.util.StringTokenizer; import java.util.regex.Matcher; import java.util.regex.Pattern; @@ -58,42 +57,40 @@ static Cvss fromVector(String vector) { Matcher v3_1Matcher = CVSSv3_1_PATTERN.matcher(vector); if (v3_1Matcher.find()) { // Found a valid CVSSv3.1 vector - CvssV3_1 cvssV3_1 = getCvssV3_1BaseVector(v3_1Matcher); - - cvssV3_1.exploitability(CvssV3.Exploitability.fromString(v3_1Matcher.group(9))); - cvssV3_1.remediationLevel(CvssV3.RemediationLevel.fromString(v3_1Matcher.group(10))); - cvssV3_1.reportConfidence(CvssV3.ReportConfidence.fromString(v3_1Matcher.group(11))); - cvssV3_1.confidentialityRequirement(CvssV3_1.ConfidentialityRequirement.fromString(v3_1Matcher.group(12))); - cvssV3_1.integrityRequirement(CvssV3_1.IntegrityRequirement.fromString(v3_1Matcher.group(13))); - cvssV3_1.availabilityRequirement(CvssV3_1.AvailabilityRequirement.fromString(v3_1Matcher.group(14))); - cvssV3_1.modifiedAttackVector(CvssV3_1.ModifiedAttackVector.fromString(v3_1Matcher.group(15))); - cvssV3_1.modifiedAttackComplexity(CvssV3_1.ModifiedAttackComplexity.fromString(v3_1Matcher.group(16))); - cvssV3_1.modifiedPrivilegesRequired(CvssV3_1.ModifiedPrivilegesRequired.fromString(v3_1Matcher.group(17))); - cvssV3_1.modifiedUserInteraction(CvssV3_1.ModifiedUserInteraction.fromString(v3_1Matcher.group(18))); - cvssV3_1.modifiedScope(CvssV3_1.ModifiedScope.fromString(v3_1Matcher.group(19))); - cvssV3_1.modifiedConfidentialityImpact(CvssV3_1.ModifiedCIA.fromString(v3_1Matcher.group(20))); - cvssV3_1.modifiedIntegrityImpact(CvssV3_1.ModifiedCIA.fromString(v3_1Matcher.group(21))); - cvssV3_1.modifiedAvailabilityImpact(CvssV3_1.ModifiedCIA.fromString(v3_1Matcher.group(22))); + char [] vectorChars = vector.toCharArray(); + CvssV3_1 cvssV3_1 = getCvssV3_1BaseVector(v3_1Matcher, vectorChars); + fillV3TemporalValues(v3_1Matcher, vectorChars, cvssV3_1); + cvssV3_1.confidentialityRequirement(CvssV3_1.ConfidentialityRequirement.fromChar(vectorChars[v3_1Matcher.start(12)])); + cvssV3_1.integrityRequirement(CvssV3_1.IntegrityRequirement.fromChar(vectorChars[v3_1Matcher.start(13)])); + cvssV3_1.availabilityRequirement(CvssV3_1.AvailabilityRequirement.fromChar(vectorChars[v3_1Matcher.start(14)])); + cvssV3_1.modifiedAttackVector(CvssV3_1.ModifiedAttackVector.fromChar(vectorChars[v3_1Matcher.start(15)])); + cvssV3_1.modifiedAttackComplexity(CvssV3_1.ModifiedAttackComplexity.fromChar(vectorChars[v3_1Matcher.start(16)])); + cvssV3_1.modifiedPrivilegesRequired(CvssV3_1.ModifiedPrivilegesRequired.fromChar(vectorChars[v3_1Matcher.start(17)])); + cvssV3_1.modifiedUserInteraction(CvssV3_1.ModifiedUserInteraction.fromChar(vectorChars[v3_1Matcher.start(18)])); + cvssV3_1.modifiedScope(CvssV3_1.ModifiedScope.fromChar(vectorChars[v3_1Matcher.start(19)])); + cvssV3_1.modifiedConfidentialityImpact(CvssV3_1.ModifiedCIA.fromChar(vectorChars[v3_1Matcher.start(20)])); + cvssV3_1.modifiedIntegrityImpact(CvssV3_1.ModifiedCIA.fromChar(vectorChars[v3_1Matcher.start(21)])); + cvssV3_1.modifiedAvailabilityImpact(CvssV3_1.ModifiedCIA.fromChar(vectorChars[v3_1Matcher.start(22)])); return cvssV3_1; } Matcher v3TemporalMatcher = CVSSv3_PATTERN_TEMPORAL.matcher(vector); if (v3TemporalMatcher.find()) { + char [] vectorChars = vector.toCharArray(); // Found a valid CVSSv3 vector with temporal values - CvssV3 cvssV3 = getCvssV3BaseVector(v3TemporalMatcher); - cvssV3.exploitability(CvssV3.Exploitability.fromString(v3TemporalMatcher.group(9))); - cvssV3.remediationLevel(CvssV3.RemediationLevel.fromString(v3TemporalMatcher.group(10))); - cvssV3.reportConfidence(CvssV3.ReportConfidence.fromString(v3TemporalMatcher.group(11))); + CvssV3 cvssV3 = getCvssV3BaseVector(v3TemporalMatcher, vectorChars); + fillV3TemporalValues(v3TemporalMatcher, vectorChars, cvssV3); return cvssV3; } Matcher v3Matcher = CVSSv3_PATTERN.matcher(vector); if (v3Matcher.find()) { + char [] vectorChars = vector.toCharArray(); // Found a valid CVSSv3 vector - return getCvssV3BaseVector(v3Matcher); + return getCvssV3BaseVector(v3Matcher, vectorChars); } Matcher v2TemporalMatcher = CVSSv2_PATTERN_TEMPORAL.matcher(vector); if (v2TemporalMatcher.find()) { // Found a valid CVSSv2 vector with temporal values - CvssV2 cvssV2 = getCvssV2BaseVector(v2TemporalMatcher); + CvssV2 cvssV2 = getCvssV2BaseVector(v2TemporalMatcher, vector.toCharArray()); cvssV2.exploitability(CvssV2.Exploitability.fromString(v2TemporalMatcher.group(7))); cvssV2.remediationLevel(CvssV2.RemediationLevel.fromString(v2TemporalMatcher.group(8))); cvssV2.reportConfidence(CvssV2.ReportConfidence.fromString(v2TemporalMatcher.group(9))); @@ -102,45 +99,51 @@ static Cvss fromVector(String vector) { Matcher v2Matcher = CVSSv2_PATTERN.matcher(vector); if (v2Matcher.find()) { // Found a valid CVSSv2 vector - return getCvssV2BaseVector(v2Matcher); + return getCvssV2BaseVector(v2Matcher, vector.toCharArray()); } else return null; } - static CvssV2 getCvssV2BaseVector(Matcher st) { + static void fillV3TemporalValues(Matcher v3TemporalMatcher, char[] vectorChars, CvssV3 cvssV3) { + cvssV3.exploitability(CvssV3.Exploitability.fromChar(vectorChars[v3TemporalMatcher.start(9)])); + cvssV3.remediationLevel(CvssV3.RemediationLevel.fromChar(vectorChars[v3TemporalMatcher.start(10)])); + cvssV3.reportConfidence(CvssV3.ReportConfidence.fromChar(vectorChars[v3TemporalMatcher.start(11)])); + } + + static CvssV2 getCvssV2BaseVector(Matcher st, char [] array) { CvssV2 cvssV2 = new CvssV2(); - cvssV2.attackVector(CvssV2.AttackVector.fromString(st.group(1))); - cvssV2.attackComplexity(CvssV2.AttackComplexity.fromString(st.group(2))); - cvssV2.authentication(CvssV2.Authentication.fromString(st.group(3))); - cvssV2.confidentiality(CvssV2.CIA.fromString(st.group(4))); - cvssV2.integrity(CvssV2.CIA.fromString(st.group(5))); - cvssV2.availability(CvssV2.CIA.fromString(st.group(6))); + cvssV2.attackVector(CvssV2.AttackVector.fromChar(array[st.start(1)])); + cvssV2.attackComplexity(CvssV2.AttackComplexity.fromChar(array[st.start(2)])); + cvssV2.authentication(CvssV2.Authentication.fromChar(array[st.start(3)])); + cvssV2.confidentiality(CvssV2.CIA.fromChar(array[st.start(4)])); + cvssV2.integrity(CvssV2.CIA.fromChar(array[st.start(5)])); + cvssV2.availability(CvssV2.CIA.fromChar(array[st.start(6)])); return cvssV2; } - static CvssV3 getCvssV3BaseVector(Matcher st) { + static CvssV3 getCvssV3BaseVector(Matcher st, char [] array) { CvssV3 cvssV3 = new CvssV3(); - cvssV3.attackVector(CvssV3.AttackVector.fromString(st.group(1))); - cvssV3.attackComplexity(CvssV3.AttackComplexity.fromString(st.group(2))); - cvssV3.privilegesRequired(CvssV3.PrivilegesRequired.fromString(st.group(3))); - cvssV3.userInteraction(CvssV3.UserInteraction.fromString(st.group(4))); - cvssV3.scope(CvssV3.Scope.fromString(st.group(5))); - cvssV3.confidentiality(CvssV3.CIA.fromString(st.group(6))); - cvssV3.integrity(CvssV3.CIA.fromString(st.group(7))); - cvssV3.availability(CvssV3.CIA.fromString(st.group(8))); + cvssV3.attackVector(CvssV3.AttackVector.fromChar(array[st.start(1)])); + cvssV3.attackComplexity(CvssV3.AttackComplexity.fromChar(array[st.start(2)])); + cvssV3.privilegesRequired(CvssV3.PrivilegesRequired.fromChar(array[st.start(3)])); + cvssV3.userInteraction(CvssV3.UserInteraction.fromChar(array[st.start(4)])); + cvssV3.scope(CvssV3.Scope.fromChar(array[st.start(5)])); + cvssV3.confidentiality(CvssV3.CIA.fromString(array[st.start(6)])); + cvssV3.integrity(CvssV3.CIA.fromString(array[st.start(7)])); + cvssV3.availability(CvssV3.CIA.fromString(array[st.start(8)])); return cvssV3; } - static CvssV3_1 getCvssV3_1BaseVector(Matcher st) { + static CvssV3_1 getCvssV3_1BaseVector(Matcher st, char [] array) { CvssV3_1 cvssV3_1 = new CvssV3_1(); - cvssV3_1.attackVector(CvssV3.AttackVector.fromString(st.group(1))); - cvssV3_1.attackComplexity(CvssV3.AttackComplexity.fromString(st.group(2))); - cvssV3_1.privilegesRequired(CvssV3.PrivilegesRequired.fromString(st.group(3))); - cvssV3_1.userInteraction(CvssV3.UserInteraction.fromString(st.group(4))); - cvssV3_1.scope(CvssV3.Scope.fromString(st.group(5))); - cvssV3_1.confidentiality(CvssV3.CIA.fromString(st.group(6))); - cvssV3_1.integrity(CvssV3.CIA.fromString(st.group(7))); - cvssV3_1.availability(CvssV3.CIA.fromString(st.group(8))); + cvssV3_1.attackVector(CvssV3.AttackVector.fromChar(array[st.start(1)])); + cvssV3_1.attackComplexity(CvssV3.AttackComplexity.fromChar(array[st.start(2)])); + cvssV3_1.privilegesRequired(CvssV3.PrivilegesRequired.fromChar(array[st.start(3)])); + cvssV3_1.userInteraction(CvssV3.UserInteraction.fromChar(array[st.start(4)])); + cvssV3_1.scope(CvssV3.Scope.fromChar(array[st.start(5)])); + cvssV3_1.confidentiality(CvssV3.CIA.fromString(array[st.start(6)])); + cvssV3_1.integrity(CvssV3.CIA.fromString(array[st.start(7)])); + cvssV3_1.availability(CvssV3.CIA.fromString(array[st.start(8)])); return cvssV3_1; } diff --git a/src/main/java/us/springett/cvss/CvssV2.java b/src/main/java/us/springett/cvss/CvssV2.java index bfcbc79..381bc9d 100644 --- a/src/main/java/us/springett/cvss/CvssV2.java +++ b/src/main/java/us/springett/cvss/CvssV2.java @@ -80,19 +80,19 @@ public CvssV2 reportConfidence(ReportConfidence rc) { } public enum AttackVector { - NETWORK(1.0, "N"), - ADJACENT(0.646, "A"), - LOCAL(0.395, "L"); + NETWORK(1.0, 'N'), + ADJACENT(0.646, 'A'), + LOCAL(0.395, 'L'); private final double weight; - private final String shorthand; - AttackVector(double weight, String shorthand) { + private final char shorthand; + AttackVector(double weight, char shorthand) { this.weight = weight; this.shorthand = shorthand; } - public static AttackVector fromString(String text) { + public static AttackVector fromChar(char c) { for (AttackVector e : AttackVector.values()) { - if (e.shorthand.equals(text)) { + if (e.shorthand==c) { return e; } } @@ -101,19 +101,19 @@ public static AttackVector fromString(String text) { } public enum AttackComplexity { - LOW(0.71, "L"), - MEDIUM(0.61, "M"), - HIGH(0.35, "H"); + LOW(0.71, 'L'), + MEDIUM(0.61, 'M'), + HIGH(0.35, 'H'); private final double weight; - private final String shorthand; - AttackComplexity(double weight, String shorthand) { + private final char shorthand; + AttackComplexity(double weight, char shorthand) { this.weight = weight; this.shorthand = shorthand; } - public static AttackComplexity fromString(String text) { + public static AttackComplexity fromChar(char c) { for (AttackComplexity e : AttackComplexity.values()) { - if (e.shorthand.equals(text)) { + if (e.shorthand==c) { return e; } } @@ -122,19 +122,19 @@ public static AttackComplexity fromString(String text) { } public enum Authentication { - NONE(0.704, "N"), - SINGLE(0.56, "S"), - MULTIPLE(0.45, "M"); + NONE(0.704, 'N'), + SINGLE(0.56, 'S'), + MULTIPLE(0.45, 'M'); private final double weight; - private final String shorthand; - Authentication(double weight, String shorthand) { + private final char shorthand; + Authentication(double weight, char shorthand) { this.weight = weight; this.shorthand = shorthand; } - public static Authentication fromString(String text) { + public static Authentication fromChar(char c) { for (Authentication e : Authentication.values()) { - if (e.shorthand.equals(text)) { + if (e.shorthand==c) { return e; } } @@ -213,19 +213,19 @@ public static ReportConfidence fromString(String text) { // End-Temporal public enum CIA { - NONE(0.0, "N"), - PARTIAL(0.275, "P"), - COMPLETE(0.660, "C"); + NONE(0.0, 'N'), + PARTIAL(0.275, 'P'), + COMPLETE(0.660, 'C'); private final double weight; - private final String shorthand; - CIA(double weight, String shorthand) { + private final char shorthand; + CIA(double weight, char shorthand) { this.weight = weight; this.shorthand = shorthand; } - public static CIA fromString(String text) { + public static CIA fromChar(char c) { for (CIA e : CIA.values()) { - if (e.shorthand.equals(text)) { + if (e.shorthand==c) { return e; } } diff --git a/src/main/java/us/springett/cvss/CvssV3.java b/src/main/java/us/springett/cvss/CvssV3.java index 8ed8504..f4a7f6b 100644 --- a/src/main/java/us/springett/cvss/CvssV3.java +++ b/src/main/java/us/springett/cvss/CvssV3.java @@ -95,20 +95,20 @@ public CvssV3 reportConfidence(ReportConfidence rc) { } public enum AttackVector { - NETWORK(0.85, "N"), - ADJACENT(0.62, "A"), - LOCAL(0.55, "L"), - PHYSICAL(0.2, "P"); + NETWORK(0.85, 'N'), + ADJACENT(0.62, 'A'), + LOCAL(0.55, 'L'), + PHYSICAL(0.2, 'P'); protected final double weight; - protected final String shorthand; - AttackVector(double weight, String shorthand) { + protected final char shorthand; + AttackVector(double weight, char shorthand) { this.weight = weight; this.shorthand = shorthand; } - public static AttackVector fromString(String text) { + public static AttackVector fromChar(char c) { for (AttackVector e : AttackVector.values()) { - if (e.shorthand.equals(text)) { + if (e.shorthand==c) { return e; } } @@ -117,18 +117,18 @@ public static AttackVector fromString(String text) { } public enum AttackComplexity { - LOW(0.77, "L"), - HIGH(0.44, "H"); + LOW(0.77, 'L'), + HIGH(0.44, 'H'); protected final double weight; - protected final String shorthand; - AttackComplexity(double weight, String shorthand) { + protected final char shorthand; + AttackComplexity(double weight, char shorthand) { this.weight = weight; this.shorthand = shorthand; } - public static AttackComplexity fromString(String text) { + public static AttackComplexity fromChar(char c) { for (AttackComplexity e : AttackComplexity.values()) { - if (e.shorthand.equals(text)) { + if (e.shorthand==c) { return e; } } @@ -137,21 +137,21 @@ public static AttackComplexity fromString(String text) { } public enum PrivilegesRequired { - NONE(0.85, 0.85, "N"), - LOW(0.62, 0.68, "L"), - HIGH(0.27, 0.5, "H"); + NONE(0.85, 0.85, 'N'), + LOW(0.62, 0.68, 'L'), + HIGH(0.27, 0.5, 'H'); protected final double weight; protected final double scopeChangedWeight; - protected final String shorthand; - PrivilegesRequired(double weight, double scopeChangedWeight, String shorthand) { + protected final char shorthand; + PrivilegesRequired(double weight, double scopeChangedWeight, char shorthand) { this.weight = weight; this.scopeChangedWeight = scopeChangedWeight; this.shorthand = shorthand; } - public static PrivilegesRequired fromString(String text) { + public static PrivilegesRequired fromChar(char c) { for (PrivilegesRequired e : PrivilegesRequired.values()) { - if (e.shorthand.equals(text)) { + if (e.shorthand==c) { return e; } } @@ -160,18 +160,18 @@ public static PrivilegesRequired fromString(String text) { } public enum UserInteraction { - NONE(0.85, "N"), - REQUIRED(0.62, "R"); + NONE(0.85, 'N'), + REQUIRED(0.62, 'R'); protected final double weight; - protected final String shorthand; - UserInteraction(double weight, String shorthand) { + protected final char shorthand; + UserInteraction(double weight, char shorthand) { this.weight = weight; this.shorthand = shorthand; } - public static UserInteraction fromString(String text) { + public static UserInteraction fromChar(char c) { for (UserInteraction e : UserInteraction.values()) { - if (e.shorthand.equals(text)) { + if (e.shorthand==c) { return e; } } @@ -180,18 +180,18 @@ public static UserInteraction fromString(String text) { } public enum Scope { - UNCHANGED(6.42, "U"), - CHANGED(7.52, "C"); + UNCHANGED(6.42, 'U'), + CHANGED(7.52, 'C'); protected final double weight; - protected final String shorthand; - Scope(double weight, String shorthand) { + protected final char shorthand; + Scope(double weight, char shorthand) { this.weight = weight; this.shorthand = shorthand; } - public static Scope fromString(String text) { + public static Scope fromChar(char c) { for (Scope e : Scope.values()) { - if (e.shorthand.equals(text)) { + if (e.shorthand==c) { return e; } } @@ -201,21 +201,21 @@ public static Scope fromString(String text) { // Temporal public enum Exploitability { - UNPROVEN(0.91, "U"), - POC(0.94, "P"), - FUNCTIONAL(0.97, "F"), - HIGH(1.0, "H"), - NOT_DEFINED(1.0, "X"),; + UNPROVEN(0.91, 'U'), + POC(0.94, 'P'), + FUNCTIONAL(0.97, 'F'), + HIGH(1.0, 'H'), + NOT_DEFINED(1.0, 'X'),; protected final double weight; - protected final String shorthand; - Exploitability(double weight, String shorthand) { + protected final char shorthand; + Exploitability(double weight, char shorthand) { this.weight = weight; this.shorthand = shorthand; } - public static Exploitability fromString(String text) { + public static Exploitability fromChar(char c) { for (Exploitability e : Exploitability.values()) { - if (e.shorthand.equals(text)) { + if (e.shorthand==c) { return e; } } @@ -224,21 +224,21 @@ public static Exploitability fromString(String text) { } public enum RemediationLevel { - UNAVAILABLE(1.0, "U"), - WORKAROUND(0.97, "W"), - TEMPORARY(0.96, "T"), - OFFICIAL(0.95, "O"), - NOT_DEFINED(1.0, "X"),; + UNAVAILABLE(1.0, 'U'), + WORKAROUND(0.97, 'W'), + TEMPORARY(0.96, 'T'), + OFFICIAL(0.95, 'O'), + NOT_DEFINED(1.0, 'X'),; protected final double weight; - protected final String shorthand; - RemediationLevel (double weight, String shorthand) { + protected final char shorthand; + RemediationLevel (double weight, char shorthand) { this.weight = weight; this.shorthand = shorthand; } - public static RemediationLevel fromString(String text) { + public static RemediationLevel fromChar(char c) { for (RemediationLevel e : RemediationLevel.values()) { - if (e.shorthand.equals(text)) { + if (e.shorthand==c) { return e; } } @@ -247,20 +247,20 @@ public static RemediationLevel fromString(String text) { } public enum ReportConfidence { - UNKNOWN(0.92, "U"), - REASONABLE(0.96, "R"), - CONFIRMED(1.0, "C"), - NOT_DEFINED(1.0, "X"),; + UNKNOWN(0.92, 'U'), + REASONABLE(0.96, 'R'), + CONFIRMED(1.0, 'C'), + NOT_DEFINED(1.0, 'X'),; protected final double weight; - protected final String shorthand; - ReportConfidence (double weight, String shorthand) { + protected final char shorthand; + ReportConfidence (double weight, char shorthand) { this.weight = weight; this.shorthand = shorthand; } - public static ReportConfidence fromString(String text) { + public static ReportConfidence fromChar(char c) { for (ReportConfidence e : ReportConfidence.values()) { - if (e.shorthand.equals(text)) { + if (e.shorthand==c) { return e; } } @@ -270,19 +270,19 @@ public static ReportConfidence fromString(String text) { // End-Temporal public enum CIA { - NONE(0, "N"), - LOW(0.22, "L"), - HIGH(0.56, "H"); + NONE(0, 'N'), + LOW(0.22, 'L'), + HIGH(0.56, 'H'); protected final double weight; - protected final String shorthand; - CIA(double weight, String shorthand) { + protected final char shorthand; + CIA(double weight, char shorthand) { this.weight = weight; this.shorthand = shorthand; } - public static CIA fromString(String text) { + public static CIA fromString(char c) { for (CIA e : CIA.values()) { - if (e.shorthand.equals(text)) { + if (e.shorthand==c) { return e; } } diff --git a/src/main/java/us/springett/cvss/CvssV3_1.java b/src/main/java/us/springett/cvss/CvssV3_1.java index ef3999f..e16ed48 100644 --- a/src/main/java/us/springett/cvss/CvssV3_1.java +++ b/src/main/java/us/springett/cvss/CvssV3_1.java @@ -289,22 +289,22 @@ public AvailabilityRequirement getAvailabilityRequirement() { } public enum ConfidentialityRequirement { - NOT_DEFINED(1.0, "X"), - LOW(0.5, "L"), - MEDIUM(1.0, "M"), - HIGH(1.5, "H"); + NOT_DEFINED(1.0, 'X'), + LOW(0.5, 'L'), + MEDIUM(1.0, 'M'), + HIGH(1.5, 'H'); protected final double weight; - protected final String shorthand; + protected final char shorthand; - ConfidentialityRequirement(double weight, String shorthand) { + ConfidentialityRequirement(double weight, char shorthand) { this.weight = weight; this.shorthand = shorthand; } - public static ConfidentialityRequirement fromString(String text) { + public static ConfidentialityRequirement fromChar(char c) { for (ConfidentialityRequirement cr : ConfidentialityRequirement.values()) { - if (cr.shorthand.equals(text)) { + if (cr.shorthand==c) { return cr; } } @@ -313,22 +313,22 @@ public static ConfidentialityRequirement fromString(String text) { } public enum IntegrityRequirement { - NOT_DEFINED(1.0, "X"), - LOW(0.5, "L"), - MEDIUM(1.0, "M"), - HIGH(1.5, "H"); + NOT_DEFINED(1.0, 'X'), + LOW(0.5, 'L'), + MEDIUM(1.0, 'M'), + HIGH(1.5, 'H'); protected final double weight; - protected final String shorthand; + protected final char shorthand; - IntegrityRequirement(double weight, String shorthand) { + IntegrityRequirement(double weight, char shorthand) { this.weight = weight; this.shorthand = shorthand; } - public static IntegrityRequirement fromString(String text) { + public static IntegrityRequirement fromChar(char c) { for (IntegrityRequirement ir : IntegrityRequirement.values()) { - if (ir.shorthand.equals(text)) { + if (ir.shorthand==c) { return ir; } } @@ -337,22 +337,22 @@ public static IntegrityRequirement fromString(String text) { } public enum AvailabilityRequirement { - NOT_DEFINED(1.0, "X"), - LOW(0.5, "L"), - MEDIUM(1.0, "M"), - HIGH(1.5, "H"); + NOT_DEFINED(1.0, 'X'), + LOW(0.5, 'L'), + MEDIUM(1.0, 'M'), + HIGH(1.5, 'H'); protected final double weight; - protected final String shorthand; + protected final char shorthand; - AvailabilityRequirement(double weight, String shorthand) { + AvailabilityRequirement(double weight, char shorthand) { this.weight = weight; this.shorthand = shorthand; } - public static AvailabilityRequirement fromString(String text) { + public static AvailabilityRequirement fromChar(char c) { for (AvailabilityRequirement ar : AvailabilityRequirement.values()) { - if (ar.shorthand.equals(text)) { + if (ar.shorthand==c) { return ar; } } @@ -361,23 +361,23 @@ public static AvailabilityRequirement fromString(String text) { } public enum ModifiedAttackVector { - NOT_DEFINED(0.0, "X"), - NETWORK(0.85, "N"), - ADJACENT(0.62, "A"), - LOCAL(0.55, "L"), - PHYSICAL(0.2, "P"); + NOT_DEFINED(0.0, 'X'), + NETWORK(0.85, 'N'), + ADJACENT(0.62, 'A'), + LOCAL(0.55, 'L'), + PHYSICAL(0.2, 'P'); protected final double weight; - protected final String shorthand; + protected final char shorthand; - ModifiedAttackVector(double weight, String shorthand) { + ModifiedAttackVector(double weight, char shorthand) { this.weight = weight; this.shorthand = shorthand; } - public static ModifiedAttackVector fromString(String text) { + public static ModifiedAttackVector fromChar(char c) { for (ModifiedAttackVector e : ModifiedAttackVector.values()) { - if (e.shorthand.equals(text)) { + if (e.shorthand==c) { return e; } } @@ -386,21 +386,21 @@ public static ModifiedAttackVector fromString(String text) { } public enum ModifiedAttackComplexity { - NOT_DEFINED(0.0, "X"), - LOW(0.77, "L"), - HIGH(0.44, "H"); + NOT_DEFINED(0.0, 'X'), + LOW(0.77, 'L'), + HIGH(0.44, 'H'); protected final double weight; - protected final String shorthand; + protected final char shorthand; - ModifiedAttackComplexity(double weight, String shorthand) { + ModifiedAttackComplexity(double weight, char shorthand) { this.weight = weight; this.shorthand = shorthand; } - public static ModifiedAttackComplexity fromString(String text) { + public static ModifiedAttackComplexity fromChar(char c) { for (ModifiedAttackComplexity e : ModifiedAttackComplexity.values()) { - if (e.shorthand.equals(text)) { + if (e.shorthand==c) { return e; } } @@ -409,24 +409,24 @@ public static ModifiedAttackComplexity fromString(String text) { } public enum ModifiedPrivilegesRequired { - NOT_DEFINED(0.0, 0.0, "X"), - NONE(0.85, 0.85, "N"), - LOW(0.62, 0.68, "L"), - HIGH(0.27, 0.5, "H"); + NOT_DEFINED(0.0, 0.0, 'X'), + NONE(0.85, 0.85, 'N'), + LOW(0.62, 0.68, 'L'), + HIGH(0.27, 0.5, 'H'); protected final double weight; protected final double scopeChangedWeight; - protected final String shorthand; + protected final char shorthand; - ModifiedPrivilegesRequired(double weight, double scopeChangedWeight, String shorthand) { + ModifiedPrivilegesRequired(double weight, double scopeChangedWeight, char shorthand) { this.weight = weight; this.scopeChangedWeight = scopeChangedWeight; this.shorthand = shorthand; } - public static ModifiedPrivilegesRequired fromString(String text) { + public static ModifiedPrivilegesRequired fromChar(char c) { for (ModifiedPrivilegesRequired e : ModifiedPrivilegesRequired.values()) { - if (e.shorthand.equals(text)) { + if (e.shorthand==c) { return e; } } @@ -435,21 +435,21 @@ public static ModifiedPrivilegesRequired fromString(String text) { } public enum ModifiedUserInteraction { - NOT_DEFINED(0.0, "X"), - NONE(0.85, "N"), - REQUIRED(0.62, "R"); + NOT_DEFINED(0.0, 'X'), + NONE(0.85, 'N'), + REQUIRED(0.62, 'R'); protected final double weight; - protected final String shorthand; + protected final char shorthand; - ModifiedUserInteraction(double weight, String shorthand) { + ModifiedUserInteraction(double weight, char shorthand) { this.weight = weight; this.shorthand = shorthand; } - public static ModifiedUserInteraction fromString(String text) { + public static ModifiedUserInteraction fromChar(char c) { for (ModifiedUserInteraction e : ModifiedUserInteraction.values()) { - if (e.shorthand.equals(text)) { + if (e.shorthand==c) { return e; } } @@ -458,21 +458,21 @@ public static ModifiedUserInteraction fromString(String text) { } public enum ModifiedScope { - NOT_DEFINED(0.0, "X"), - UNCHANGED(6.42, "U"), - CHANGED(7.52, "C"); + NOT_DEFINED(0.0, 'X'), + UNCHANGED(6.42, 'U'), + CHANGED(7.52, 'C'); protected final double weight; - protected final String shorthand; + protected final char shorthand; - ModifiedScope(double weight, String shorthand) { + ModifiedScope(double weight, char shorthand) { this.weight = weight; this.shorthand = shorthand; } - public static ModifiedScope fromString(String text) { + public static ModifiedScope fromChar(char c) { for (ModifiedScope e : ModifiedScope.values()) { - if (e.shorthand.equals(text)) { + if (e.shorthand==c) { return e; } } @@ -481,22 +481,22 @@ public static ModifiedScope fromString(String text) { } public enum ModifiedCIA { - NOT_DEFINED(0.0, "X"), - NONE(0.0, "N"), - LOW(0.22, "L"), - HIGH(0.56, "H"); + NOT_DEFINED(0.0, 'X'), + NONE(0.0, 'N'), + LOW(0.22, 'L'), + HIGH(0.56, 'H'); protected final double weight; - protected final String shorthand; + protected final char shorthand; - ModifiedCIA(double weight, String shorthand) { + ModifiedCIA(double weight, char shorthand) { this.weight = weight; this.shorthand = shorthand; } - public static ModifiedCIA fromString(String text) { + public static ModifiedCIA fromChar(char c) { for (ModifiedCIA e : ModifiedCIA.values()) { - if (e.shorthand.equals(text)) { + if (e.shorthand==c) { return e; } } From 02f5157d7d33db371c0748f15f4b34e08446044c Mon Sep 17 00:00:00 2001 From: "ander.ruiz" Date: Mon, 26 Jun 2023 10:08:41 +0200 Subject: [PATCH 2/2] Include additional tests --- .../java/us/springett/cvss/CvssV3_1Test.java | 48 ++++++++++++++++++- 1 file changed, 46 insertions(+), 2 deletions(-) diff --git a/src/test/java/us/springett/cvss/CvssV3_1Test.java b/src/test/java/us/springett/cvss/CvssV3_1Test.java index 9e80963..1c92e00 100644 --- a/src/test/java/us/springett/cvss/CvssV3_1Test.java +++ b/src/test/java/us/springett/cvss/CvssV3_1Test.java @@ -1020,18 +1020,62 @@ public void testRegexPattern() { String cvss3Vector = "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"; Cvss cvssV3 = Cvss.fromVector(cvss3Vector); Assert.assertNotNull(cvssV3); + CvssV3 v3 = (CvssV3)cvssV3; + Assert.assertEquals(CvssV3.AttackVector.NETWORK, v3.getAttackVector()); + Assert.assertEquals(CvssV3.AttackComplexity.LOW, v3.getAttackComplexity()); + Assert.assertEquals(CvssV3.PrivilegesRequired.HIGH, v3.getPrivilegesRequired()); + Assert.assertEquals(CvssV3.UserInteraction.NONE, v3.getUserInteraction()); + Assert.assertEquals(CvssV3.Scope.UNCHANGED, v3.getScope()); + Assert.assertEquals(CvssV3.CIA.HIGH, v3.getConfidentiality()); + Assert.assertEquals(CvssV3.CIA.HIGH, v3.getIntegrity()); + Assert.assertEquals(CvssV3.CIA.HIGH, v3.getAvailability()); assertEquals(cvss3Vector, cvssV3.getVector()); // With temporal vector elements - cvss3Vector = "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:C"; + cvss3Vector = "CVSS:3.0/AV:A/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:L/E:X/RL:X/RC:C"; cvssV3 = Cvss.fromVector(cvss3Vector); Assert.assertNotNull(cvssV3); + v3 = (CvssV3)cvssV3; + Assert.assertEquals(CvssV3.AttackVector.ADJACENT, v3.getAttackVector()); + Assert.assertEquals(CvssV3.AttackComplexity.HIGH, v3.getAttackComplexity()); + Assert.assertEquals(CvssV3.PrivilegesRequired.LOW, v3.getPrivilegesRequired()); + Assert.assertEquals(CvssV3.UserInteraction.REQUIRED, v3.getUserInteraction()); + Assert.assertEquals(CvssV3.Scope.CHANGED, v3.getScope()); + Assert.assertEquals(CvssV3.CIA.LOW, v3.getConfidentiality()); + Assert.assertEquals(CvssV3.CIA.HIGH, v3.getIntegrity()); + Assert.assertEquals(CvssV3.CIA.LOW, v3.getAvailability()); + Assert.assertEquals(CvssV3.Exploitability.NOT_DEFINED, v3.getExploitability()); + Assert.assertEquals(CvssV3.RemediationLevel.NOT_DEFINED, v3.getRemediationLevel()); + Assert.assertEquals(CvssV3.ReportConfidence.CONFIRMED, v3.getReportConfidence()); assertEquals(cvss3Vector, cvssV3.getVector()); // With environmental vector elements - cvss3Vector = "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:C/CR:L/IR:M/AR:L/MAV:P/MAC:H/MPR:N/MUI:R/MS:U/MC:L/MI:L/MA:L"; + cvss3Vector = "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:T/RC:R/CR:L/IR:M/AR:L/MAV:P/MAC:H/MPR:N/MUI:R/MS:U/MC:L/MI:L/MA:L"; cvssV3 = Cvss.fromVector(cvss3Vector); Assert.assertNotNull(cvssV3); + CvssV3_1 v3_1 = (CvssV3_1)cvssV3; + Assert.assertEquals(CvssV3.AttackVector.NETWORK, v3_1.getAttackVector()); + Assert.assertEquals(CvssV3.AttackComplexity.LOW, v3_1.getAttackComplexity()); + Assert.assertEquals(CvssV3.PrivilegesRequired.HIGH, v3_1.getPrivilegesRequired()); + Assert.assertEquals(CvssV3.UserInteraction.NONE, v3_1.getUserInteraction()); + Assert.assertEquals(CvssV3.Scope.UNCHANGED, v3_1.getScope()); + Assert.assertEquals(CvssV3.CIA.HIGH, v3_1.getConfidentiality()); + Assert.assertEquals(CvssV3.CIA.HIGH, v3_1.getIntegrity()); + Assert.assertEquals(CvssV3.CIA.HIGH, v3_1.getAvailability()); + Assert.assertEquals(CvssV3.Exploitability.UNPROVEN, v3_1.getExploitability()); + Assert.assertEquals(CvssV3.RemediationLevel.TEMPORARY, v3_1.getRemediationLevel()); + Assert.assertEquals(CvssV3.ReportConfidence.REASONABLE, v3_1.getReportConfidence()); + Assert.assertEquals(CvssV3_1.ConfidentialityRequirement.LOW, v3_1.getConfidentialityRequirement()); + Assert.assertEquals(CvssV3_1.IntegrityRequirement.MEDIUM, v3_1.getIntegrityRequirement()); + Assert.assertEquals(CvssV3_1.AvailabilityRequirement.LOW, v3_1.getAvailabilityRequirement()); + Assert.assertEquals(CvssV3_1.ModifiedAttackVector.PHYSICAL, v3_1.getModifiedAttackVector()); + Assert.assertEquals(CvssV3_1.ModifiedAttackComplexity.HIGH, v3_1.getModifiedAttackComplexity()); + Assert.assertEquals(CvssV3_1.ModifiedPrivilegesRequired.NONE, v3_1.getModifiedPrivilegesRequired()); + Assert.assertEquals(CvssV3_1.ModifiedUserInteraction.REQUIRED, v3_1.getModifiedUserInteraction()); + Assert.assertEquals(CvssV3_1.ModifiedScope.UNCHANGED, v3_1.getModifiedScope()); + Assert.assertEquals(CvssV3_1.ModifiedCIA.LOW, v3_1.getModifiedConfidentialityImpact()); + Assert.assertEquals(CvssV3_1.ModifiedCIA.LOW, v3_1.getModifiedIntegrityImpact()); + Assert.assertEquals(CvssV3_1.ModifiedCIA.LOW, v3_1.getModifiedAvailabilityImpact()); assertEquals(cvss3Vector, cvssV3.getVector()); } }