File: redhat-v4.rs

package info (click to toggle)
rust-cvss 2.1.1-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 560 kB
  • sloc: makefile: 4
file content (59 lines) | stat: -rw-r--r-- 2,095 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
 
#![cfg(all(feature = "v4", feature = "std"))]

use cvss::v4::Vector;
use std::{fs, str::FromStr};

// We run the test set from Red Hat's Security Python implementation: https://github.com/RedHatProductSecurity/cvss
// It seems to be the best test set available (at least for CVSS v4.0).

fn run_tests_from_file(name: &str, test_serialization: bool) {
    let content = fs::read_to_string(format!("tests/cvss-redhat/tests/{}", name)).unwrap();
    for l in content.lines() {
        let parts = l.split(" - ").collect::<Vec<&str>>();
        let cvss = Vector::from_str(parts[0]).unwrap();
        if test_serialization {
            // Test correct serialization.
            assert_eq!(cvss.to_string(), parts[0]);
        }
        assert!(cvss.score().value() >= 0.0);
        assert!(cvss.score().value() <= 10.0);
        let diff: f64 = cvss.score().value() - parts[1].parse::<f64>().unwrap();
        assert!(diff.abs() < 0.0001);
    }
}

// #[test] disabled due to missing testdata
fn cvss_v4_base() {
    // All vector combinations with only mandatory fields, 104,976 vectors.
    run_tests_from_file("vectors_base4", true);
}

// #[test] disabled due to missing testdata
fn cvss_v4_modified() {
    // All vector combinations of modified environmental fields, 373,248 vectors.
    run_tests_from_file("vectors_modified4", true);
}

// #[test] disabled due to missing testdata
fn cvss_v4_supplemental() {
    // All vector combinations of supplemental fields, 576 vectors.
    run_tests_from_file("vectors_supplemental4", true);
}

// #[test] disabled due to missing testdata
fn cvss_v4_security() {
    // All vector combinations of security fields, 54 vectors.
    run_tests_from_file("vectors_security4", true);
}

// #[test] disabled due to missing testdata
fn cvss_v4_threat() {
    // All vector combinations of threat fields, 6 vectors.
    run_tests_from_file("vectors_threat4", true);
}

// #[test] disabled due to missing testdata
fn cvss_v4_random() {
    // Random vector combinations across all fields, 10,000 vectors.
    run_tests_from_file("vectors_random4", false);
}