e1262eb916
- Introduced a new JSON fixture `receipt-input.json` containing base, environmental, and threat metrics for CVSS scoring. - Added corresponding SHA256 hash file `receipt-input.sha256` to ensure integrity of the JSON fixture.
866 B
866 B
| 1 | source_field | target_field | rule | notes |
|---|---|---|---|---|
| 2 | AV | AV | Network->N, Adjacent->A, Local->L, Physical->P | Preserve mapping; CVSS 4 AT handled separately |
| 3 | AC | AC | Low->L, High->H | |
| 4 | PR | PR | None->N, Low->L, High->H | |
| 5 | UI | UI | None->N, Passive->P, Active->A | CVSS3 has R (Required) approximate with A |
| 6 | VC | C | High->H, Low->L, None->N | Impact mapping: VC→Confidentiality |
| 7 | VI | I | High->H, Low->L, None->N | |
| 8 | VA | A | High->H, Low->L, None->N | |
| 9 | SC | S | High->C, Low->C, None->U | Scoped impact collapses to Scope Changed/Unchanged; default Changed when SC>None |
| 10 | SI | S | High->C, Low->C, None->U | Same as SC |
| 11 | SA | S | High->C, Low->C, None->U | Same as SC |
| 12 | AT | N/A | drop | Attack requirements not represented in CVSS3 |
| 13 | Threat | Temporal | map to E: NotDefined | Threat metrics not supported; set Temporal NotDefined |