Add receipt input JSON and SHA256 hash for CVSS policy scoring tests
- Introduced a new JSON fixture `receipt-input.json` containing base, environmental, and threat metrics for CVSS scoring. - Added corresponding SHA256 hash file `receipt-input.sha256` to ensure integrity of the JSON fixture.
This commit is contained in:
StellaOps Bot
@@ -0,0 +1,14 @@
|
||||
source_field,target_field,rule,notes
|
||||
AV,AV,"Network->N, Adjacent->A, Local->L, Physical->P","Preserve mapping; CVSS 4 AT handled separately"
|
||||
AC,AC,"Low->L, High->H",""
|
||||
PR,PR,"None->N, Low->L, High->H",""
|
||||
UI,UI,"None->N, Passive->P, Active->A","CVSS3 has R (Required) approximate with A"
|
||||
VC,C,"High->H, Low->L, None->N","Impact mapping: VC→Confidentiality"
|
||||
VI,I,"High->H, Low->L, None->N",""
|
||||
VA,A,"High->H, Low->L, None->N",""
|
||||
SC,S,"High->C, Low->C, None->U","Scoped impact collapses to Scope Changed/Unchanged; default Changed when SC>None"
|
||||
SI,S,"High->C, Low->C, None->U","Same as SC"
|
||||
SA,S,"High->C, Low->C, None->U","Same as SC"
|
||||
AT,N/A,"drop","Attack requirements not represented in CVSS3"
|
||||
Threat,Temporal,"map to E: NotDefined","Threat metrics not supported; set Temporal NotDefined"
|
||||
Environmental,Environmental,"map CR/IR/AR to CR/IR/AR; map MV* to unchanged"
|
||||
|
Can't render this file because it has a wrong number of fields in line 14.
|
Reference in New Issue
Block a user