Merge pull request RedHatProductSecurity#20 from skontar/skontar_fix_…

…mandatory_scope Fix KeyError thrown for missing mandatory metric
HuangRongcun · May 31, 2019 · ef810d2 · ef810d2
2 parents d4ed55a + e4f8f60
commit ef810d2
Show file tree

Hide file tree

Showing 5 changed files with 32 additions and 12 deletions.
diff --git a/.travis.yml b/.travis.yml
@@ -3,14 +3,25 @@ language: python
 notifications:
   email: false
 
-python:
-  - "2.6"
-  - "2.7"
-  - "3.2"
-  - "3.3"
-  - "3.4"
-  - "3.5"
-  - "3.6"
+matrix:
+  include:
+    - name: "Python 2.6"
+      python: 2.6
+    - name: "Python 2.7"
+      python: 2.7
+    - name: "Python 3.2"
+      python: 3.2
+    - name: "Python 3.3"
+      python: 3.3
+    - name: "Python 3.4"
+      python: 3.4
+    - name: "Python 3.5"
+      python: 3.5
+    - name: "Python 3.6"
+      python: 3.6
+    - name: "Python 3.7"
+      python: 3.7
+      dist: xenial          # required for Python >= 3.7
 
 install:
   - pip install -e .

diff --git a/cvss/__init__.py b/cvss/__init__.py
@@ -8,4 +8,4 @@
 from .interactive import ask_interactively
 
 
-__version__ = '1.9'
+__version__ = '1.10'
diff --git a/cvss/cvss3.py b/cvss/cvss3.py
@@ -93,6 +93,7 @@ def __init__(self, vector):
 
         self.parse_vector()
         self.check_mandatory()
+        self.handle_scope()
         self.add_missing_optional()
         self.compute_base_score()
         self.compute_temporal_score()
@@ -143,7 +144,10 @@ def parse_vector(self):
                 raise CVSS3MalformedError('Unknown metric "{0}" in field "{1}"'.format(metric,
                                                                                        field))
 
-        # Handle scope
+    def handle_scope(self):
+        """
+        Sets scope and modified scope variables based on S and MS metrics
+        """
         self.scope = self.metrics['S']
         self.modified_scope = self.metrics.get('MS', None)
         if self.modified_scope in [None, 'X']:

diff --git a/setup.py b/setup.py
@@ -18,7 +18,7 @@
 
 setup(
     name='cvss',
-    version='1.9',
+    version='1.10',
     description='CVSS2/3 library with interactive calculator for Python 2 and Python 3',
     long_description=long_description,
     url='https://github.com/skontar/cvss',
@@ -39,6 +39,7 @@
         'Programming Language :: Python :: 3.4',
         'Programming Language :: Python :: 3.5',
         'Programming Language :: Python :: 3.6',
+        'Programming Language :: Python :: 3.7',
     ],
     keywords='security cvss score calculator',
     packages=find_packages(),

diff --git a/tests/test_cvss3.py b/tests/test_cvss3.py
@@ -149,10 +149,14 @@ def test_exceptions(self):
         v = 'CVSS:3.0/AV:P/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N/E:H/RL:O/RC:R/CR:H/MAC:H/MC:L'
         self.assertRaises(CVSS3MalformedError, CVSS3, v)
 
-        # Missing mandatory
+        # Missing mandatory metric PR
         v = 'CVSS:3.0/AV:P/AC:H/UI:R/S:C/C:H/I:H/A:N/E:H/RL:O/RC:R/CR:H/MAC:H/MC:L'
         self.assertRaises(CVSS3MandatoryError, CVSS3, v)
 
+        # Missing mandatory metric S
+        v = 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/C:H/I:H/A:H'
+        self.assertRaises(CVSS3MandatoryError, CVSS3, v)
+
         # Missing prefix
         v = 'AV:P/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N/E:H/RL:O/RC:R/CR:H/MAC:H/MC:L'
         self.assertRaises(CVSS3MalformedError, CVSS3, v)
Original file line number	Diff line number	Diff line change
Expand Up		@@ -8,4 +8,4 @@
		from .interactive import ask_interactively


		__version__ = '1.9'
		__version__ = '1.10'