Fix build and code structure improvements. New but essential UI functionality. CI improvements. Documentation improvements. AI module improvements.
This commit is contained in:
StellaOps Bot
@@ -560,15 +560,62 @@ public sealed partial class CvssV4Engine : ICvssV4Engine
|
||||
|
||||
private static void AppendEnvironmentalMetrics(StringBuilder sb, CvssEnvironmentalMetrics env)
|
||||
{
|
||||
// Security Requirements (CR, IR, AR)
|
||||
if (env.ConfidentialityRequirement is not null and not SecurityRequirement.NotDefined)
|
||||
sb.Append($"/CR:{SecurityRequirementToString(env.ConfidentialityRequirement.Value)}");
|
||||
if (env.IntegrityRequirement is not null and not SecurityRequirement.NotDefined)
|
||||
sb.Append($"/IR:{SecurityRequirementToString(env.IntegrityRequirement.Value)}");
|
||||
if (env.AvailabilityRequirement is not null and not SecurityRequirement.NotDefined)
|
||||
sb.Append($"/AR:{SecurityRequirementToString(env.AvailabilityRequirement.Value)}");
|
||||
// Add modified metrics (MAV, MAC, etc.) similarly...
|
||||
|
||||
// Modified Attack Metrics (MAV, MAC, MAT, MPR, MUI)
|
||||
if (env.ModifiedAttackVector is not null and not ModifiedAttackVector.NotDefined)
|
||||
sb.Append($"/MAV:{ModifiedAttackVectorToString(env.ModifiedAttackVector.Value)}");
|
||||
if (env.ModifiedAttackComplexity is not null and not ModifiedAttackComplexity.NotDefined)
|
||||
sb.Append($"/MAC:{ModifiedAttackComplexityToString(env.ModifiedAttackComplexity.Value)}");
|
||||
if (env.ModifiedAttackRequirements is not null and not ModifiedAttackRequirements.NotDefined)
|
||||
sb.Append($"/MAT:{ModifiedAttackRequirementsToString(env.ModifiedAttackRequirements.Value)}");
|
||||
if (env.ModifiedPrivilegesRequired is not null and not ModifiedPrivilegesRequired.NotDefined)
|
||||
sb.Append($"/MPR:{ModifiedPrivilegesRequiredToString(env.ModifiedPrivilegesRequired.Value)}");
|
||||
if (env.ModifiedUserInteraction is not null and not ModifiedUserInteraction.NotDefined)
|
||||
sb.Append($"/MUI:{ModifiedUserInteractionToString(env.ModifiedUserInteraction.Value)}");
|
||||
|
||||
// Modified Impact Metrics (MVC, MVI, MVA, MSC, MSI, MSA)
|
||||
if (env.ModifiedVulnerableSystemConfidentiality is not null and not ModifiedImpactMetricValue.NotDefined)
|
||||
sb.Append($"/MVC:{ModifiedImpactToString(env.ModifiedVulnerableSystemConfidentiality.Value)}");
|
||||
if (env.ModifiedVulnerableSystemIntegrity is not null and not ModifiedImpactMetricValue.NotDefined)
|
||||
sb.Append($"/MVI:{ModifiedImpactToString(env.ModifiedVulnerableSystemIntegrity.Value)}");
|
||||
if (env.ModifiedVulnerableSystemAvailability is not null and not ModifiedImpactMetricValue.NotDefined)
|
||||
sb.Append($"/MVA:{ModifiedImpactToString(env.ModifiedVulnerableSystemAvailability.Value)}");
|
||||
if (env.ModifiedSubsequentSystemConfidentiality is not null and not ModifiedImpactMetricValue.NotDefined)
|
||||
sb.Append($"/MSC:{ModifiedImpactToString(env.ModifiedSubsequentSystemConfidentiality.Value)}");
|
||||
if (env.ModifiedSubsequentSystemIntegrity is not null and not ModifiedSubsequentImpact.NotDefined)
|
||||
sb.Append($"/MSI:{ModifiedSubsequentImpactToString(env.ModifiedSubsequentSystemIntegrity.Value)}");
|
||||
if (env.ModifiedSubsequentSystemAvailability is not null and not ModifiedSubsequentImpact.NotDefined)
|
||||
sb.Append($"/MSA:{ModifiedSubsequentImpactToString(env.ModifiedSubsequentSystemAvailability.Value)}");
|
||||
}
|
||||
|
||||
private static string ModifiedAttackVectorToString(ModifiedAttackVector mav) =>
|
||||
mav switch { ModifiedAttackVector.Network => "N", ModifiedAttackVector.Adjacent => "A", ModifiedAttackVector.Local => "L", ModifiedAttackVector.Physical => "P", _ => "X" };
|
||||
|
||||
private static string ModifiedAttackComplexityToString(ModifiedAttackComplexity mac) =>
|
||||
mac switch { ModifiedAttackComplexity.Low => "L", ModifiedAttackComplexity.High => "H", _ => "X" };
|
||||
|
||||
private static string ModifiedAttackRequirementsToString(ModifiedAttackRequirements mat) =>
|
||||
mat switch { ModifiedAttackRequirements.None => "N", ModifiedAttackRequirements.Present => "P", _ => "X" };
|
||||
|
||||
private static string ModifiedPrivilegesRequiredToString(ModifiedPrivilegesRequired mpr) =>
|
||||
mpr switch { ModifiedPrivilegesRequired.None => "N", ModifiedPrivilegesRequired.Low => "L", ModifiedPrivilegesRequired.High => "H", _ => "X" };
|
||||
|
||||
private static string ModifiedUserInteractionToString(ModifiedUserInteraction mui) =>
|
||||
mui switch { ModifiedUserInteraction.None => "N", ModifiedUserInteraction.Passive => "P", ModifiedUserInteraction.Active => "A", _ => "X" };
|
||||
|
||||
private static string ModifiedImpactToString(ModifiedImpactMetricValue impact) =>
|
||||
impact switch { ModifiedImpactMetricValue.None => "N", ModifiedImpactMetricValue.Low => "L", ModifiedImpactMetricValue.High => "H", _ => "X" };
|
||||
|
||||
private static string ModifiedSubsequentImpactToString(ModifiedSubsequentImpact impact) =>
|
||||
impact switch { ModifiedSubsequentImpact.Negligible => "N", ModifiedSubsequentImpact.Low => "L", ModifiedSubsequentImpact.High => "H", ModifiedSubsequentImpact.Safety => "S", _ => "X" };
|
||||
|
||||
private static void AppendSupplementalMetrics(StringBuilder sb, CvssSupplementalMetrics supp)
|
||||
{
|
||||
if (supp.Safety is not null and not Safety.NotDefined)
|
||||
@@ -610,7 +657,7 @@ public sealed partial class CvssV4Engine : ICvssV4Engine
|
||||
|
||||
#region Vector String Parsing
|
||||
|
||||
[GeneratedRegex(@"([A-Z]+):([A-Za-z]+)", RegexOptions.Compiled)]
|
||||
[GeneratedRegex(@"([A-Za-z]+):([A-Za-z]+)", RegexOptions.Compiled | RegexOptions.IgnoreCase)]
|
||||
private static partial Regex MetricPairRegex();
|
||||
|
||||
private static Dictionary<string, string> ParseMetricsFromVector(string vectorPart)
|
||||
@@ -710,13 +757,98 @@ public sealed partial class CvssV4Engine : ICvssV4Engine
|
||||
|
||||
return new CvssEnvironmentalMetrics
|
||||
{
|
||||
// Security Requirements (CR, IR, AR)
|
||||
ConfidentialityRequirement = metrics.TryGetValue("CR", out var cr) ? ParseSecurityRequirement(cr) : null,
|
||||
IntegrityRequirement = metrics.TryGetValue("IR", out var ir) ? ParseSecurityRequirement(ir) : null,
|
||||
AvailabilityRequirement = metrics.TryGetValue("AR", out var ar) ? ParseSecurityRequirement(ar) : null
|
||||
// Add other environmental metrics parsing as needed
|
||||
AvailabilityRequirement = metrics.TryGetValue("AR", out var ar) ? ParseSecurityRequirement(ar) : null,
|
||||
|
||||
// Modified Attack Metrics (MAV, MAC, MAT, MPR, MUI)
|
||||
ModifiedAttackVector = metrics.TryGetValue("MAV", out var mav) ? ParseModifiedAttackVector(mav) : null,
|
||||
ModifiedAttackComplexity = metrics.TryGetValue("MAC", out var mac) ? ParseModifiedAttackComplexity(mac) : null,
|
||||
ModifiedAttackRequirements = metrics.TryGetValue("MAT", out var mat) ? ParseModifiedAttackRequirements(mat) : null,
|
||||
ModifiedPrivilegesRequired = metrics.TryGetValue("MPR", out var mpr) ? ParseModifiedPrivilegesRequired(mpr) : null,
|
||||
ModifiedUserInteraction = metrics.TryGetValue("MUI", out var mui) ? ParseModifiedUserInteraction(mui) : null,
|
||||
|
||||
// Modified Impact Metrics (MVC, MVI, MVA, MSC, MSI, MSA)
|
||||
ModifiedVulnerableSystemConfidentiality = metrics.TryGetValue("MVC", out var mvc) ? ParseModifiedImpactMetric(mvc) : null,
|
||||
ModifiedVulnerableSystemIntegrity = metrics.TryGetValue("MVI", out var mvi) ? ParseModifiedImpactMetric(mvi) : null,
|
||||
ModifiedVulnerableSystemAvailability = metrics.TryGetValue("MVA", out var mva) ? ParseModifiedImpactMetric(mva) : null,
|
||||
ModifiedSubsequentSystemConfidentiality = metrics.TryGetValue("MSC", out var msc) ? ParseModifiedImpactMetric(msc) : null,
|
||||
ModifiedSubsequentSystemIntegrity = metrics.TryGetValue("MSI", out var msi) ? ParseModifiedSubsequentImpact(msi) : null,
|
||||
ModifiedSubsequentSystemAvailability = metrics.TryGetValue("MSA", out var msa) ? ParseModifiedSubsequentImpact(msa) : null
|
||||
};
|
||||
}
|
||||
|
||||
private static ModifiedAttackVector ParseModifiedAttackVector(string value) =>
|
||||
value.ToUpperInvariant() switch
|
||||
{
|
||||
"N" => ModifiedAttackVector.Network,
|
||||
"A" => ModifiedAttackVector.Adjacent,
|
||||
"L" => ModifiedAttackVector.Local,
|
||||
"P" => ModifiedAttackVector.Physical,
|
||||
"X" => ModifiedAttackVector.NotDefined,
|
||||
_ => ModifiedAttackVector.NotDefined
|
||||
};
|
||||
|
||||
private static ModifiedAttackComplexity ParseModifiedAttackComplexity(string value) =>
|
||||
value.ToUpperInvariant() switch
|
||||
{
|
||||
"L" => ModifiedAttackComplexity.Low,
|
||||
"H" => ModifiedAttackComplexity.High,
|
||||
"X" => ModifiedAttackComplexity.NotDefined,
|
||||
_ => ModifiedAttackComplexity.NotDefined
|
||||
};
|
||||
|
||||
private static ModifiedAttackRequirements ParseModifiedAttackRequirements(string value) =>
|
||||
value.ToUpperInvariant() switch
|
||||
{
|
||||
"N" => ModifiedAttackRequirements.None,
|
||||
"P" => ModifiedAttackRequirements.Present,
|
||||
"X" => ModifiedAttackRequirements.NotDefined,
|
||||
_ => ModifiedAttackRequirements.NotDefined
|
||||
};
|
||||
|
||||
private static ModifiedPrivilegesRequired ParseModifiedPrivilegesRequired(string value) =>
|
||||
value.ToUpperInvariant() switch
|
||||
{
|
||||
"N" => ModifiedPrivilegesRequired.None,
|
||||
"L" => ModifiedPrivilegesRequired.Low,
|
||||
"H" => ModifiedPrivilegesRequired.High,
|
||||
"X" => ModifiedPrivilegesRequired.NotDefined,
|
||||
_ => ModifiedPrivilegesRequired.NotDefined
|
||||
};
|
||||
|
||||
private static ModifiedUserInteraction ParseModifiedUserInteraction(string value) =>
|
||||
value.ToUpperInvariant() switch
|
||||
{
|
||||
"N" => ModifiedUserInteraction.None,
|
||||
"P" => ModifiedUserInteraction.Passive,
|
||||
"A" => ModifiedUserInteraction.Active,
|
||||
"X" => ModifiedUserInteraction.NotDefined,
|
||||
_ => ModifiedUserInteraction.NotDefined
|
||||
};
|
||||
|
||||
private static ModifiedImpactMetricValue ParseModifiedImpactMetric(string value) =>
|
||||
value.ToUpperInvariant() switch
|
||||
{
|
||||
"N" => ModifiedImpactMetricValue.None,
|
||||
"L" => ModifiedImpactMetricValue.Low,
|
||||
"H" => ModifiedImpactMetricValue.High,
|
||||
"X" => ModifiedImpactMetricValue.NotDefined,
|
||||
_ => ModifiedImpactMetricValue.NotDefined
|
||||
};
|
||||
|
||||
private static ModifiedSubsequentImpact ParseModifiedSubsequentImpact(string value) =>
|
||||
value.ToUpperInvariant() switch
|
||||
{
|
||||
"N" => ModifiedSubsequentImpact.Negligible,
|
||||
"L" => ModifiedSubsequentImpact.Low,
|
||||
"H" => ModifiedSubsequentImpact.High,
|
||||
"S" => ModifiedSubsequentImpact.Safety,
|
||||
"X" => ModifiedSubsequentImpact.NotDefined,
|
||||
_ => ModifiedSubsequentImpact.NotDefined
|
||||
};
|
||||
|
||||
private static SecurityRequirement ParseSecurityRequirement(string value) =>
|
||||
value.ToUpperInvariant() switch
|
||||
{
|
||||
|
||||
@@ -13,7 +13,7 @@
|
||||
</ItemGroup>
|
||||
|
||||
<ItemGroup>
|
||||
<PackageReference Include="JsonSchema.Net" Version="7.3.2" />
|
||||
<PackageReference Include="JsonSchema.Net" />
|
||||
<ProjectReference Include="..\..\Attestor\StellaOps.Attestor.Envelope\StellaOps.Attestor.Envelope.csproj" />
|
||||
</ItemGroup>
|
||||
|
||||
|
||||
Reference in New Issue
Block a user