Skip to content

Commit

Permalink
refactor(model): Extract vulnerability rating code to a function
Browse files Browse the repository at this point in the history
This is a preparation for exclusively using the `getQualitativeRating()`
function going forward.

Signed-off-by: Sebastian Schuberth <sebastian@doubleopen.org>
  • Loading branch information
sschuberth committed Sep 18, 2024
1 parent 61eb5c1 commit d1fa1f2
Showing 1 changed file with 14 additions and 6 deletions.
20 changes: 14 additions & 6 deletions model/src/main/kotlin/vulnerabilities/VulnerabilityReference.kt
Original file line number Diff line number Diff line change
Expand Up @@ -54,16 +54,24 @@ data class VulnerabilityReference(
companion object {
private val CVSS3_SEVERITIES = Cvss3Rating.entries.map { it.name }

/**
* Return a qualitative rating that is determined based on the given [scoringSystem] and [score].
*/
fun getQualitativeRating(scoringSystem: String?, score: Float?): Enum<*>? =
when (scoringSystem?.uppercase()) {
in Cvss2Rating.NAMES -> score?.let { Cvss2Rating.fromScore(it) }
in Cvss3Rating.NAMES -> score?.let { Cvss3Rating.fromScore(it) }
in Cvss4Rating.NAMES -> score?.let { Cvss4Rating.fromScore(it) }
else -> null
}

/**
* Return a human-readable string that is determined based on the given [scoringSystem] and [severity].
*/
fun getSeverityString(scoringSystem: String?, severity: String?): String =
when (scoringSystem?.uppercase()) {
in Cvss2Rating.NAMES -> severity?.toFloatOrNull()?.let { Cvss2Rating.fromScore(it) }?.toString()
in Cvss3Rating.NAMES -> severity?.toFloatOrNull()?.let { Cvss3Rating.fromScore(it) }?.toString()
in Cvss4Rating.NAMES -> severity?.toFloatOrNull()?.let { Cvss4Rating.fromScore(it) }?.toString()
else -> severity?.uppercase()?.takeIf { it in CVSS3_SEVERITIES }
} ?: "UNKNOWN"
severity?.toFloatOrNull()?.let { getQualitativeRating(scoringSystem, it)?.name }
?: severity?.uppercase()?.takeIf { it in CVSS3_SEVERITIES }
?: "UNKNOWN"
}

/**
Expand Down

0 comments on commit d1fa1f2

Please sign in to comment.