### Run Tests with Tox Source: https://github.com/redhatproductsecurity/cvss/blob/master/README.rst Shows how to execute tests for the CVSS package using the 'tox' tool. This includes running all tests across supported Python versions and targeting a specific Python version for testing. Requires 'tox' to be installed. ```bash $ tox $ tox -e py311 ``` -------------------------------- ### Compute CVSS Scores using Python Source: https://github.com/redhatproductsecurity/cvss/blob/master/README.rst Demonstrates how to use the CVSS library to compute scores for CVSS v2, v3, and v4 vectors. It shows instantiation of different CVSS versions, cleaning vectors, and retrieving scores and severities. Requires the 'cvss' package to be installed. ```python from cvss import CVSS2, CVSS3, CVSS4 vector = 'AV:L/AC:L/Au:M/C:N/I:P/A:C/E:U/RL:W/RC:ND/CDP:L/TD:H/CR:ND/IR:ND/AR:M' c = CVSS2(vector) print(vector) print(c.clean_vector()) print(c.scores()) print(c.severities()) print() vector = 'CVSS:3.0/S:C/C:H/I:H/A:N/AV:P/AC:H/PR:H/UI:R/E:H/RL:O/RC:R/CR:H/IR:X/AR:X/MAC:H/MPR:X/MUI:X/MC:L/MA:X' c = CVSS3(vector) print(vector) print(c.clean_vector()) print(c.scores()) print(c.severities()) print() vector = 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:N' c = CVSS4(vector) print(vector) print(c.clean_vector()) print(c.scores()) print(c.severities()) ``` -------------------------------- ### Parse and Compute CVSS v2 Scores with Python Source: https://context7.com/redhatproductsecurity/cvss/llms.txt Demonstrates parsing a CVSS v2.0 vector string, computing base, temporal, and environmental scores, and retrieving severity levels. It also shows how to get a cleaned vector, Red Hat notation, and export to JSON. Requires the 'cvss' library. ```python from cvss import CVSS2 # Parse a CVSS2 vector with base, temporal, and environmental metrics vector = "AV:L/AC:L/Au:M/C:N/I:P/A:C/E:U/RL:W/RC:ND/CDP:L/TD:H/CR:ND/IR:ND/AR:M" cvss2 = CVSS2(vector) # Get computed scores (Base, Temporal, Environmental) print(cvss2.scores()) # Output: (5.0, 4.0, 4.6) # Get severity levels for each score print(cvss2.severities()) # Output: ('Medium', 'Medium', 'Medium') # Get cleaned vector (removes ND values, orders metrics correctly) print(cvss2.clean_vector()) # Output: AV:L/AC:L/Au:M/C:N/I:P/A:C/E:U/RL:W/CDP:L/TD:H/AR:M # Get Red Hat notation (score/vector) print(cvss2.rh_vector()) # Output: 5.0/AV:L/AC:L/Au:M/C:N/I:P/A:C/E:U/RL:W/CDP:L/TD:H/AR:M # Export to JSON (FIRST.org schema compatible) import json print(json.dumps(cvss2.as_json(sort=True, minimal=True), indent=2)) # Output: {"accessComplexity": "LOW", "accessVector": "LOCAL", ...} # Parse from Red Hat notation with score validation from cvss import CVSS2 rh_cvss = CVSS2.from_rh_vector("5.0/AV:L/AC:L/Au:M/C:N/I:P/A:C") print(rh_cvss.scores()[0]) # Output: 5.0 ``` -------------------------------- ### Run Interactive CVSS Calculator Source: https://github.com/redhatproductsecurity/cvss/blob/master/README.rst Provides instructions on how to launch the interactive CVSS calculator from the command line. This tool allows for interactive calculation of CVSS scores. No specific code is shown, but command-line usage is demonstrated. ```bash $ cvss_calculator $ cvss_calculator --help ``` -------------------------------- ### CVSS Exception Handling Source: https://context7.com/redhatproductsecurity/cvss/llms.txt Demonstrates how to handle exceptions raised by the CVSS library for malformed vectors, missing mandatory metrics, or score validation errors. It shows specific exception classes for different CVSS versions. ```python from cvss import CVSS2, CVSS3, CVSS4 from cvss.exceptions import ( CVSSError, CVSS2Error, CVSS2MalformedError, CVSS2MandatoryError, CVSS3Error, CVSS3MalformedError, CVSS3MandatoryError, CVSS4Error, CVSS4MalformedError, CVSS4MandatoryError, CVSS2RHScoreDoesNotMatch, CVSS3RHScoreDoesNotMatch, CVSS4RHScoreDoesNotMatch ) # Handle malformed vector try: cvss = CVSS3("CVSS:3.1/AV:INVALID/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H") except CVSS3MalformedError as e: print(f"Malformed vector: {e}") # Output: Malformed vector: Unknown value "INVALID" in field "AV:INVALID" ``` -------------------------------- ### Interactive CVSS Vector Calculator Source: https://context7.com/redhatproductsecurity/cvss/llms.txt The `ask_interactively` function provides a command-line interface to build CVSS vectors by prompting the user for each metric. It supports CVSS versions 2, 3.0, 3.1, and 4.0, with options for including all metrics and disabling color output. ```python from cvss import ask_interactively, CVSS2, CVSS3, CVSS4 # Interactive CVSS3.1 calculator (base metrics only) # This will prompt for: AV, AC, PR, UI, S, C, I, A vector = ask_interactively(version=3.1, all_metrics=False) cvss = CVSS3(vector) print(f"Generated vector: {vector}") print(f"Score: {cvss.scores()[0]}") # Interactive CVSS4 calculator with all metrics vector = ask_interactively(version=4.0, all_metrics=True, no_colors=True) cvss = CVSS4(vector) print(f"Score: {cvss.scores()[0]}") # Interactive CVSS2 calculator vector = ask_interactively(version=2, all_metrics=False) cvss = CVSS2(vector) print(f"Score: {cvss.scores()[0]}") # Command-line usage: # $ cvss_calculator # Defaults to CVSS 3.1 # $ cvss_calculator -2 # CVSS 2.0 # $ cvss_calculator -3 # CVSS 3.0 # $ cvss_calculator -4 # CVSS 4.0 # $ cvss_calculator -a # Include all metrics (temporal, environmental) # $ cvss_calculator --no-colors # Disable terminal colors ``` -------------------------------- ### Handle General CVSS Errors Source: https://context7.com/redhatproductsecurity/cvss/llms.txt Illustrates catching a general `CVSSError` for malformed CVSS vectors, such as an invalid CVSS4 vector missing its mandatory prefix. This provides a fallback for unexpected CVSS parsing issues. ```python try: cvss = CVSS4("invalid") except CVSSError as e: print(f"CVSS Error: {e}") ``` -------------------------------- ### Handle CVSS3 Red Hat Score Mismatch Error Source: https://context7.com/redhatproductsecurity/cvss/llms.txt Shows how to catch `CVSS3RHScoreDoesNotMatch` when the score derived from a Red Hat notation CVSS3 vector does not match the explicitly provided score. This ensures score consistency. ```python try: cvss = CVSS3.from_rh_vector("10.0/CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L") except CVSS3RHScoreDoesNotMatch as e: print(f"Score mismatch: {e}") ``` -------------------------------- ### Parse and Compute CVSS v3.0/v3.1 Scores with Python Source: https://context7.com/redhatproductsecurity/cvss/llms.txt Shows how to parse CVSS v3.0 and v3.1 vectors using the `CVSS3` class, which automatically detects the version. It demonstrates calculating base, temporal, and environmental scores, retrieving severity levels, cleaning vectors, and exporting to JSON. Requires the 'cvss' library. ```python from cvss import CVSS3 # CVSS 3.0 vector with all metric types vector_30 = "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" cvss30 = CVSS3(vector_30) print(f"CVSS 3.0 Base Score: {cvss30.scores()[0]}") # Output: CVSS 3.0 Base Score: 10.0 print(f"Severity: {cvss30.severities()[0]}") # Output: Severity: Critical # CVSS 3.1 vector with temporal and environmental metrics vector_31 = "CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N/E:H/RL:O/RC:R/CR:H/MAC:H/MC:L" cvss31 = CVSS3(vector_31) # Get all three scores (Base, Temporal, Environmental) base, temporal, environmental = cvss31.scores() print(f"Base: {base}, Temporal: {temporal}, Environmental: {environmental}") # Output: Base: 6.5, Temporal: 6.0, Environmental: 5.3 # Get severities for all scores print(cvss31.severities()) # Output: ('Medium', 'Medium', 'Medium') # Get cleaned vector with proper metric ordering print(cvss31.clean_vector()) # Output: CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N/E:H/RL:O/RC:R/CR:H/MAC:H/MC:L # Export to JSON following FIRST.org schema import json json_output = cvss31.as_json(sort=True) print(json.dumps(json_output, indent=2)) # Output: {"attackComplexity": "HIGH", "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", ...} # Access individual metric components print(cvss31.temporal_vector()) # Output: E:H/RL:O/RC:R print(cvss31.environmental_vector()) # Output: CR:H/IR:X/AR:X/MAV:P/MAC:H/MPR:H/MUI:R/MS:C/MC:L/MI:H/MA:N ``` -------------------------------- ### Handle CVSS3 Missing Mandatory Metrics Error Source: https://context7.com/redhatproductsecurity/cvss/llms.txt Demonstrates how to catch and handle `CVSS3MandatoryError` when a CVSS3 vector is missing mandatory metrics. This is useful for validating input vectors. ```python try: cvss = CVSS3("CVSS:3.1/AV:N/AC:L") # Missing PR, UI, S, C, I, A except CVSS3MandatoryError as e: print(f"Missing metrics: {e}") ``` -------------------------------- ### Calculate CVSS 4.0 Scores and Severities Source: https://context7.com/redhatproductsecurity/cvss/llms.txt Demonstrates how to calculate the numerical score and severity level for a CVSS 4.0 vector. It also shows how to clean and reformat vectors, export to JSON, and parse from Red Hat's notation. ```python from cvss import CVSS4 # Example CVSS 4.0 vector vector_str = "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:N" cvss4 = CVSS4(vector_str) # Get score and severity print(f"Score: {cvss4.scores()[0]}") # Output: Score: 9.9 print(f"Severity: {cvss4.severities()[0]}") # Output: Severity: Critical # Get cleaned vector with proper ordering print(cvss4.clean_vector()) # Output: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:N # CVSS 4.0 vector with supplemental and environmental metrics complex_vector = "CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:P/CR:M/IR:H/AR:L" cvss4_complex = CVSS4(complex_vector) print(f"Score: {cvss4_complex.scores()[0]}, Severity: {cvss4_complex.severities()[0]}") # Output: Score: 2.1, Severity: Low # Export to JSON (FIRST.org v4.0 schema) import json json_output = cvss4_complex.as_json(sort=True) print(json.dumps(json_output, indent=2)) # Output: {"attackComplexity": "HIGH", "attackRequirements": "PRESENT", ...} # Red Hat notation with score prefix print(cvss4_complex.rh_vector()) # Output: 2.1/CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:P/CR:M/IR:H/AR:L # Parse from Red Hat notation validated = CVSS4.from_rh_vector("9.9/CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:N") print(validated.scores()[0]) # Output: 9.9 ``` -------------------------------- ### Compute CVSS v4.0 Scores with Python Source: https://context7.com/redhatproductsecurity/cvss/llms.txt Demonstrates using the `CVSS4` class to parse and compute scores for CVSS v4.0 vectors. This version includes expanded metrics like Attack Requirements and Subsequent System impacts. The `CVSS4` class returns a single base score, adhering to API compatibility by returning it in a tuple. ```python from cvss import CVSS4 # CVSS 4.0 vector - critical vulnerability vector = "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:N" cvss4 = CVSS4(vector) # CVSS4 returns a single score (tuple for API compatibility) print(f"Score: {cvss4.scores()[0]}") ``` -------------------------------- ### Parse CVSS Vectors from Text Source: https://context7.com/redhatproductsecurity/cvss/llms.txt The `parse_cvss_from_text` function extracts CVSS vectors (v2, v3.0, v3.1, v4.0) from any given text. This is useful for processing security advisories or reports containing vulnerability information. ```python from cvss.parser import parse_cvss_from_text # Extract CVSS vectors from a security advisory text advisory_text = """ Security Advisory: Multiple Vulnerabilities Found CVE-2024-1234: Remote Code Execution CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H This critical vulnerability allows unauthenticated remote attackers to execute arbitrary code. CVE-2024-5678: Information Disclosure CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N A moderate information disclosure vulnerability. CVE-2024-9999: Local Privilege Escalation AV:L/AC:L/Au:S/C:C/I:C/A:C Legacy CVSS v2 vector for local privilege escalation. """ cvss_objects = parse_cvss_from_text(advisory_text) for cvss in cvss_objects: if hasattr(cvss, 'minor_version'): # CVSS3 print(f"CVSS 3.{cvss.minor_version}: {cvss.scores()[0]} ({cvss.severities()[0]})") elif hasattr(cvss, 'severity'): # CVSS4 print(f"CVSS 4.0: {cvss.scores()[0]} ({cvss.severity})") else: # CVSS2 print(f"CVSS 2.0: {cvss.scores()[0]} ({cvss.severities()[0]})") # Output (order may vary due to set): # CVSS 3.1: 9.8 (Critical) # CVSS 4.0: 7.1 (High) # CVSS 2.0: 6.8 (Medium) ``` === COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.