-
Notifications
You must be signed in to change notification settings - Fork 456
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: modernize cvss score loading #4373
Conversation
* fixes intel#4370 Turns out our cvss score loading code was out of date and thus wasn't loading scores correctly and was throwing off a lot of log messages. Signed-off-by: Terri Oda <terri.oda@intel.com>
Signed-off-by: Terri Oda <terri.oda@intel.com>
Added some basic input validation on score/severity. The CVSS parsing library we're using will handle some input validation, but I'm doing some research to do some basic character filtering here before I declare this done. |
Signed-off-by: Terri Oda <terri@toybox.ca>
Character filtering done! I think this is ready for review. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Change use of isdecimal() to validate basescore as basescore is a float.
@anthonyharrison I have done some more research and it turns out other than |
score validation fixed as recommended.
Turns out our cvss score loading code was out of date and thus wasn't loading scores correctly and was throwing off a lot of log messages.