ssvc-calc: support URL parameters

[zmanion]

Similar to this: https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

[sei-vsarvepalli]

This already exists. Are you thinking of enhancements?

https://democert.org/ssvc/#SSVCv2/E:N/A:N/T:P/P:M/B:M/M:L/D:T/2022-03-30T21:48:51Z/

Current the URI Hash parameters can also accept Vulnerability-Id and Role.
https://democert.org/ssvc/#SSVCv2/E:N/A:N/T:P/P:M/B:M/M:L/D:T/2022-03-30T21:48:51Z/&VU#112233&Coordinator

There is a pending enhancement to accept also a specific version of the tree - once we have all the trees loaded that will get tested and released.

Vijay

[zmanion]

Sorry I really did try/look first and didn't see it/it didn't work.

Do vulnerability ID and role do anything? Just populate something on the calculator page? Same question for time?

Specifying tree will be good/needed when that is ready.

[sei-vsarvepalli]

We can keep this open so I can track some of the updates that are pending - SSVC Role/DecisionTree selector being the biggest one.

For the vulnerability ID:

If the vulnerability has a CVE-ID, the exported PDF and JSON has embedded CVE "description" field in English "en" is copied as part of the exported data.

The Role is less relevant at this time. It can be used eventually to track a same vulnerability that is being scored by various SSVC Roles. That is at least the plan for now.

Vijay

[sei-vsarvepalli]

All URL parameters are now supported with use of URI Fragment or hash to support. Current parameter are
https://democert.org/ssvc/#${SSVC_Vector}&${CVE||Vul-Identifier}&${Role}&${Mode}

• SSVC_Vector example SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2022-09-18T03:27:01Z/
• CVE or Vul-Identifier like CVE-2014-01-01
• Role - Coordinator or Supplier or Deployer (others can be added using JSON import)
• Mode - Analyst mode is non-graphical mode where the SSVC calculator is presented as a radio option without D3-Entity tree model

[sei-vsarvepalli]

This has been resolved in PR #157