File tree Expand file tree Collapse file tree 3 files changed +20
-1
lines changed Expand file tree Collapse file tree 3 files changed +20
-1
lines changed Original file line number Diff line number Diff line change @@ -49,8 +49,11 @@ bundle exec rspec
4949* `date` \[Date\]: Disclosure date of the advisory.
5050* `description` \[String\]: Multi-paragraph description of the vulnerability.
5151* `cvss_v2` \[Float\]: The [CVSSv2] score for the vulnerability.
52+ * `cvss_v3` \[Float\]: The [CVSSv3] score for the vulnerability.
5253* `unaffected_versions` \[Array\<String\>\] (optional): The version requirements for the
5354 unaffected versions of the Ruby library.
5455* `patched_versions` \[Array\<String\>\]: The version requirements for the
5556 patched versions of the Ruby library.
5657
58+ [CVSSv2] : https://www.first.org/cvss/v2/guide
59+ [CVSSv3] : https://www.first.org/cvss/user-guide
Original file line number Diff line number Diff line change @@ -61,6 +61,7 @@ Each advisory file contains the advisory information in [YAML] format:
6161* ` date ` \[ Date\] : Disclosure date of the advisory.
6262* ` description ` \[ String\] : Multi-paragraph description of the vulnerability.
6363* ` cvss_v2 ` \[ Float\] : The [ CVSSv2] score for the vulnerability.
64+ * ` cvss_v3 ` \[ Float\] : The [ CVSSv3] score for the vulnerability.
6465* ` unaffected_versions ` \[ Array\< String\>\] (optional): The version requirements for the
6566 unaffected versions of the Ruby library.
6667* ` patched_versions ` \[ Array\< String\>\] : The version requirements for the
@@ -77,6 +78,6 @@ developed by the Open Security Foundation (OSF) and its contributors.
7778[ CVE ] : http://cve.mitre.org/
7879[ OSVDB ] : http://www.osvdb.org/
7980[ CVSSv2 ] : https://www.first.org/cvss/v2/guide
80- [ OSVDB ] : http ://www.osvdb .org/
81+ [ CVSSv3 ] : https ://www.first .org/cvss/user-guide
8182[ YAML ] : http://www.yaml.org/
8283[ CONTRIBUTORS.md ] : https://github.com/rubysec/ruby-advisory-db/blob/master/CONTRIBUTORS.md
Original file line number Diff line number Diff line change 112112 end
113113 end
114114
115+ describe "cvss_v3" do
116+ subject { advisory [ 'cvss_v3' ] }
117+
118+ it "may be nil or a Float" do
119+ expect ( subject ) . to be_kind_of ( Float ) . or ( be_nil )
120+ end
121+
122+ case advisory [ 'cvss_v3' ]
123+ when Float
124+ context "when a Float" do
125+ it { expect ( ( 0.0 ) ..( 10.0 ) ) . to include ( subject ) }
126+ end
127+ end
128+ end
129+
115130 describe "patched_versions" do
116131 subject { advisory [ 'patched_versions' ] }
117132
You can’t perform that action at this time.
0 commit comments