Merge pull request #2664 from puerco/metric-temporal

krel: Support Tempral CVE metrics
kubernetes · Sep 14, 2022 · 6726748 · 6726748
2 parents 7225a74 + 746139f
commit 6726748
Showing 1 changed file with 19 additions and 8 deletions.
diff --git a/pkg/cve/cve.go b/pkg/cve/cve.go
@@ -91,14 +91,25 @@ func (cve *CVE) Validate() error {
 		return errors.New("string CVSS vector missing from CVE data")
 	}
 
-	// Parse the vector string to make sure it is well formed
-	bm, err := cvss.NewBase().Decode(cve.CVSSVector)
-	if err != nil {
-		return fmt.Errorf("parsing CVSS vector string: %w", err)
-	}
-	cve.CalcLink = fmt.Sprintf(
-		"https://www.first.org/cvss/calculator/%s#%s", bm.Ver.String(), cve.CVSSVector,
-	)
+	if len(cve.CVSSVector) == 44 {
+		// Parse the vector string to make sure it is well formed
+		bm, err := cvss.NewBase().Decode(cve.CVSSVector)
+		if err != nil {
+			return fmt.Errorf("parsing CVSS vector string: %w", err)
+		}
+		cve.CalcLink = fmt.Sprintf(
+			"https://www.first.org/cvss/calculator/%s#%s", bm.Ver.String(), cve.CVSSVector,
+		)
+	} else {
+		// Parse the vector string to make sure it is well formed
+		bm, err := cvss.NewTemporal().Decode(cve.CVSSVector)
+		if err != nil {
+			return fmt.Errorf("parsing CVSS vector string: %w", err)
+		}
+		cve.CalcLink = fmt.Sprintf(
+			"https://www.first.org/cvss/calculator/%s#%s", bm.Ver.String(), cve.CVSSVector,
+		)
+	}
 
 	if cve.CVSSScore == 0 {
 		return errors.New("missing CVSS score from CVE data")