Skip to content

Commit

Permalink
Swap CVSS Scores to Decimal to preserve accuracy
Browse files Browse the repository at this point in the history 
Found in some reports and cases CVSS SCores were losing enough accuracy to slip under some thresholds. These are typically numbers only with 1 decimal point
  • Loading branch information
@digitalcoyote
digitalcoyote committed Jun 1, 2024
1 parent 530bf5b commit 686e2b8
Show file tree
Hide file tree
Showing 3 changed files with 6 additions and 6 deletions.
2 changes: 1 addition & 1 deletion Src/CoreTests/VulnerabilityDataTests.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -87,7 +87,7 @@ public void IgnoreCves()
"CVE-Test",
new Vulnerability(
"CVE-Test",
4.0,
4.0M,
"Test-CWE",
"Test Description",
new[] {"Test Reference"},
Expand Down
6 changes: 3 additions & 3 deletions Src/NuGetDefense.Core/NuGetDefense.Core.csproj
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,9 +3,9 @@
<PropertyGroup>
<LangVersion>12</LangVersion>
<GeneratePackageOnBuild>true</GeneratePackageOnBuild>
<PackageVersion>2.0.12</PackageVersion>
<AssemblyVersion>2.0.12</AssemblyVersion>
<PackageVersion>2.0.12</PackageVersion>
<PackageVersion>2.0.13</PackageVersion>
<AssemblyVersion>2.0.13</AssemblyVersion>
<PackageVersion>2.0.13</PackageVersion>
<TargetFrameworks>net6.0;net8.0</TargetFrameworks>
<Nullable>enable</Nullable>
<Copyright>Curtis Carter 2024</Copyright>
Expand Down
4 changes: 2 additions & 2 deletions Src/NuGetDefense.Core/Vulnerability.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,14 +12,14 @@ public enum AccessVectorType
}

public readonly string Cve;
public readonly double CvssScore;
public readonly decimal CvssScore;
public readonly string Cwe;
public readonly string Description;
public readonly string[] References;
public readonly AccessVectorType Vector;
public readonly string Vendor;

public Vulnerability(string cve, double cvssScore, string cwe, string description, string[] references, AccessVectorType vector, string vendor)
public Vulnerability(string cve, decimal cvssScore, string cwe, string description, string[] references, AccessVectorType vector, string vendor)
{
Cve = cve;
CvssScore = cvssScore;
Expand Down

0 comments on commit 686e2b8

Please sign in to comment.