From 49d509d62f79062e8d09a8108a8aef20417e691a Mon Sep 17 00:00:00 2001
From: n3rada <72791564+n3rada@users.noreply.github.com>
Date: Fri, 30 Aug 2024 17:09:54 +0200
Subject: [PATCH 1/6] Update README.md

---
 README.md | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index f9ce75b..aa1cd42 100644
--- a/README.md
+++ b/README.md
@@ -1,3 +1,12 @@
 # CVSS v4.0 calculator
+The CVSS v4.0 Calculator is built based on the Common Vulnerability Scoring System (CVSS) version 4.0 [Specification Document](https://www.first.org/cvss/v4.0/specification-document). This document serves as the authoritative reference for understanding how to calculate the severity of vulnerabilities.
 
-Deployed: https://redhatproductsecurity.github.io/cvss-v4-calculator/
\ No newline at end of file
+This project is a web-based application that calculates the CVSS score for a given vulnerability. The core logic is implemented using JavaScript classes that encapsulate the CVSS metrics, scoring calculations, and vector string manipulations:
+
+- The `Vector` class handles the CVSS vector string and the associated metrics. It is the backbone of the application's logic, providing methods to update and validate the vector string, compute equivalent classes, and derive metrics values.
+- The `CVSS40` class is responsible for calculating the CVSS v4.0 score. It interacts with an instance of the `Vector` class to derive the score and determine the severity level.
+
+The application is live and can be accessed at [CVSS v4.0 Calculator](https://redhatproductsecurity.github.io/cvss-v4-calculator/).
+
+## License
+This project is licensed under the BSD-2-Clause License. See the [LICENSE](./LICENSE) file for more information.

From 8dd3c59befef434ee8d10462111e00f6b2439b07 Mon Sep 17 00:00:00 2001
From: n3rada <72791564+n3rada@users.noreply.github.com>
Date: Fri, 30 Aug 2024 18:11:03 +0200
Subject: [PATCH 2/6] Update `severityBreakdown` for issue #33

---
 cvss40.js | 40 +++++++++++++++++++++++++++++-----------
 1 file changed, 29 insertions(+), 11 deletions(-)

diff --git a/cvss40.js b/cvss40.js
index 0e134a7..ddd7408 100644
--- a/cvss40.js
+++ b/cvss40.js
@@ -297,7 +297,8 @@ class Vector {
      */
     get severityBreakdown() {
         const macroVector = this.equivalentClasses;
-
+    
+        // Define the descriptions and their corresponding indices in the equivalent classes string
         const macroVectorDetails = {
             "Exploitability": 0,
             "Complexity": 1,
@@ -306,20 +307,37 @@ class Vector {
             "Exploitation": 4,
             "Security requirements": 5
         };
-
-        const macroVectorValues = {
+    
+        // Lookup table for macrovectors with three possible values
+        const macroVectorValuesThreeOptions = {
             "0": "High",
             "1": "Medium",
-            "2": "Low",
-            "3": "None"
+            "2": "Low"
         };
-
-        // Constructing the detailed breakdown
+    
+        // Lookup table for macrovectors with two possible values
+        const macroVectorValuesTwoOptions = {
+            "0": "High",
+            "1": "Low"
+        };
+    
+        // Define which macrovectors have three values and which have two
+        const threeValueMacrovectors = [0, 2, 3, 4]; // Indices for macrovectors 1, 3, 4, 5 (0-based index)
+        const twoValueMacrovectors = [1, 5]; // Indices for macrovectors 2 and 6 (0-based index)
+    
+        // Construct the detailed breakdown
         return Object.fromEntries(
-            Object.entries(macroVectorDetails).map(([description, index]) => [
-                description,
-                macroVectorValues[macroVector[index]]
-            ])
+            Object.entries(macroVectorDetails).map(([description, index]) => {
+                const currentValue = macroVector[index];
+                // Use the appropriate lookup table based on the macrovector
+                const lookupTable = threeValueMacrovectors.includes(index)
+                    ? macroVectorValuesThreeOptions
+                    : macroVectorValuesTwoOptions;
+                return [
+                    description,
+                    lookupTable[currentValue]
+                ];
+            })
         );
     }
 

From 98a8370413199fac6101d3df8907baed917c7c32 Mon Sep 17 00:00:00 2001
From: n3rada <72791564+n3rada@users.noreply.github.com>
Date: Tue, 3 Sep 2024 09:10:09 +0000
Subject: [PATCH 3/6] Adapting to FIRST commits

---
 index.html | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/index.html b/index.html
index 5c9a801..548d135 100644
--- a/index.html
+++ b/index.html
@@ -27,7 +27,7 @@
 <head>
     <meta charset="utf-8">
     <meta name="viewport" content="width=device-width, initial-scale=1.0, shrink-to-fit=no">
-    <title>CVSS v4.0 calculator</title>
+    <title>Common Vulnerability Scoring System Version 4.0 Calculator</title>
     <!-- External Libraries -->
     <script src="https://unpkg.com/vue@3.2.45/dist/vue.global.prod.js"></script>
     <!-- Stylesheets -->
@@ -41,7 +41,8 @@
     <div id="app" class="container">
         <!-- Header Section -->
         <header id="header">
-            <h4 class="page-title">CVSS v4.0 calculator</h4>
+            <img alt="CVSS logo" src="https://first.org/cvss/identity/cvssv4_web.png" width="125">
+            <h3 class="page-title">Common Vulnerability Scoring System Version 4.0 Calculator</h3>
             <mark
                 class="tooltip c-hand"
                 aria-label="Click to copy vector to clipboard"
@@ -78,11 +79,12 @@ <h5 class="score-line">
 
         <!-- Metrics Section -->
         <main class="columns" :style="{'margin-top': header_height + 10 + 'px'}">
+            <h6 id="cvssReference" style="width: 100%; max-width: 1065px; margin: 10px;"> Hover over metric names and metric values for a summary of the information in the official CVSS v4.0 Specification Document. The Specification is available in the list of links on the left, along with a User Guide providing additional scoring guidance, an Examples document of scored vulnerabilities, a set of Frequently Asked Questions (FAQ), and both JSON and XML Data Representations for all versions of CVSS.</h6>
             <div class="column col-10 col-xl-12">
                 <div class="metric-type" v-for="(metricTypeData, metricType) in cvssConfigData">
                     <h4 class="text-center">
                         {{ metricType }}
-                        <span class="tooltip tooltip-left c-hand text-small" :data-tooltip="'This category is usually filled \n by the ' + metricTypeData.fill">
+                        <span class="tooltip tooltip-left c-hand text-small" :data-tooltip="'This category should be filled \n by the ' + metricTypeData.fill">
                             <sup>?</sup>
                         </span>
                     </h4>

From a28df2a6f3f607dcc317f6500f243c56691cac64 Mon Sep 17 00:00:00 2001
From: n3rada <72791564+n3rada@users.noreply.github.com>
Date: Tue, 3 Sep 2024 09:20:20 +0000
Subject: [PATCH 4/6] `href`

---
 index.html | 22 +++++++++++++++++++++-
 1 file changed, 21 insertions(+), 1 deletion(-)

diff --git a/index.html b/index.html
index 548d135..9285a10 100644
--- a/index.html
+++ b/index.html
@@ -79,7 +79,27 @@ <h5 class="score-line">
 
         <!-- Metrics Section -->
         <main class="columns" :style="{'margin-top': header_height + 10 + 'px'}">
-            <h6 id="cvssReference" style="width: 100%; max-width: 1065px; margin: 10px;"> Hover over metric names and metric values for a summary of the information in the official CVSS v4.0 Specification Document. The Specification is available in the list of links on the left, along with a User Guide providing additional scoring guidance, an Examples document of scored vulnerabilities, a set of Frequently Asked Questions (FAQ), and both JSON and XML Data Representations for all versions of CVSS.</h6>
+            <h6 id="cvssReference" style="width: 100%; max-width: 1065px; margin: 10px;">
+                Hover over metric names and metric values for a summary of the information in the official
+                <a href="https://www.first.org/cvss/v4.0/specification-document" target="_blank">
+                    CVSS v4.0 Specification Document
+                </a>.
+                The Specification is available along with a
+                <a href="https://www.first.org/cvss/v4.0/user-guide" target="_blank">
+                    User Guide
+                </a>
+                providing additional scoring guidance, an
+                <a href="https://www.first.org/cvss/v4.0/examples" target="_blank">
+                    Examples document
+                </a>
+                of scored vulnerabilities, a set of
+                <a href="https://www.first.org/cvss/v4.0/faq" target="_blank">
+                    Frequently Asked Questions (FAQ)
+                </a>, and both JSON and XML Data Representations for all versions of CVSS, including the
+                <a href="https://www.first.org/cvss/cvss-v4.0.json" target="_blank">
+                    JSON format
+                </a>.
+            </h6>
             <div class="column col-10 col-xl-12">
                 <div class="metric-type" v-for="(metricTypeData, metricType) in cvssConfigData">
                     <h4 class="text-center">

From 2b0032f11d8ecd7b469d322f7f4f2c2007907cc3 Mon Sep 17 00:00:00 2001
From: n3rada <72791564+n3rada@users.noreply.github.com>
Date: Wed, 4 Sep 2024 20:06:10 +0000
Subject: [PATCH 5/6] Enhance `severityBreakdown` method

---
 cvss40.js | 76 +++++++++++++++++++++++++++----------------------------
 1 file changed, 38 insertions(+), 38 deletions(-)

diff --git a/cvss40.js b/cvss40.js
index ddd7408..338618c 100644
--- a/cvss40.js
+++ b/cvss40.js
@@ -285,8 +285,9 @@ class Vector {
     /**
      * Generates a detailed breakdown of equivalent classes with their associated severity levels.
      *
-     * This method returns an object where each key is a metric description (e.g., "Exploitability")
-     * and each value is the corresponding severity level (e.g., "High", "Medium").
+     * This method analyzes a vector string representing various dimensions of a vulnerability
+     * (known as macrovectors) and maps them to their corresponding human-readable severity levels
+     * ("High", "Medium", "Low").
      *
      * @example
      * const breakdown = vectorInstance.severityBreakdown();
@@ -297,50 +298,49 @@ class Vector {
      */
     get severityBreakdown() {
         const macroVector = this.equivalentClasses;
-    
-        // Define the descriptions and their corresponding indices in the equivalent classes string
+
+        // Include the number of options directly in macroVectorDetails
+        // An index, which tells us the position of the macrovector in the macroVector string.
+        // An options value, which tells us how many severity levels it can have (either 2 or 3).
         const macroVectorDetails = {
-            "Exploitability": 0,
-            "Complexity": 1,
-            "Vulnerable system": 2,
-            "Subsequent system": 3,
-            "Exploitation": 4,
-            "Security requirements": 5
-        };
-    
-        // Lookup table for macrovectors with three possible values
-        const macroVectorValuesThreeOptions = {
-            "0": "High",
-            "1": "Medium",
-            "2": "Low"
+            "Exploitability": { index: 0, options: 3 },
+            "Complexity": { index: 1, options: 2 },
+            "Vulnerable system": { index: 2, options: 3 },
+            "Subsequent system": { index: 3, options: 3 },
+            "Exploitation": { index: 4, options: 3 },
+            "Security requirements": { index: 5, options: 2 }
         };
-    
-        // Lookup table for macrovectors with two possible values
-        const macroVectorValuesTwoOptions = {
-            "0": "High",
-            "1": "Low"
+
+
+        // 3 levels: High, Medium, Low
+        // 2 levels: High, Low
+        const generateLookupTable = (options) => {
+            if (options === 2) {
+                return {
+                    "0": "High",
+                    "1": "Low"
+                };
+            } else if (options === 3) {
+                return {
+                    "0": "High",
+                    "1": "Medium",
+                    "2": "Low"
+                };
+            }
+            return {}; // Default case (not expected to be used)
         };
-    
-        // Define which macrovectors have three values and which have two
-        const threeValueMacrovectors = [0, 2, 3, 4]; // Indices for macrovectors 1, 3, 4, 5 (0-based index)
-        const twoValueMacrovectors = [1, 5]; // Indices for macrovectors 2 and 6 (0-based index)
-    
-        // Construct the detailed breakdown
+
+        // Constructing the detailed breakdown
         return Object.fromEntries(
-            Object.entries(macroVectorDetails).map(([description, index]) => {
-                const currentValue = macroVector[index];
-                // Use the appropriate lookup table based on the macrovector
-                const lookupTable = threeValueMacrovectors.includes(index)
-                    ? macroVectorValuesThreeOptions
-                    : macroVectorValuesTwoOptions;
-                return [
-                    description,
-                    lookupTable[currentValue]
-                ];
+            Object.entries(macroVectorDetails).map(([description, { index, options }]) => {
+                const lookupTable = generateLookupTable(options);
+                return [description, lookupTable[macroVector[index]]];
             })
         );
     }
 
+
+
     /**
      * Gets the effective value for a given CVSS metric.
      *

From 0e8b0c4cb9431d82a6d074a312d70ee1cf0fbd2d Mon Sep 17 00:00:00 2001
From: n3rada <72791564+n3rada@users.noreply.github.com>
Date: Fri, 6 Sep 2024 08:07:19 +0000
Subject: [PATCH 6/6] Correct `severityBreakdown`

---
 cvss40.js | 55 ++++++++++++++++++++++---------------------------------
 1 file changed, 22 insertions(+), 33 deletions(-)

diff --git a/cvss40.js b/cvss40.js
index 338618c..fe2def2 100644
--- a/cvss40.js
+++ b/cvss40.js
@@ -299,48 +299,37 @@ class Vector {
     get severityBreakdown() {
         const macroVector = this.equivalentClasses;
 
-        // Include the number of options directly in macroVectorDetails
-        // An index, which tells us the position of the macrovector in the macroVector string.
-        // An options value, which tells us how many severity levels it can have (either 2 or 3).
-        const macroVectorDetails = {
-            "Exploitability": { index: 0, options: 3 },
-            "Complexity": { index: 1, options: 2 },
-            "Vulnerable system": { index: 2, options: 3 },
-            "Subsequent system": { index: 3, options: 3 },
-            "Exploitation": { index: 4, options: 3 },
-            "Security requirements": { index: 5, options: 2 }
-        };
+        // Define the macrovectors and their positions
+        const macroVectorDetails = [
+            "Exploitability",
+            "Complexity",
+            "Vulnerable system",
+            "Subsequent system",
+            "Exploitation",
+            "Security requirements"
+        ];
 
+        // Define which macrovectors have only two severity options
+        const macroVectorsWithTwoSeverities = ["Complexity", "Security requirements"];
 
-        // 3 levels: High, Medium, Low
-        // 2 levels: High, Low
-        const generateLookupTable = (options) => {
-            if (options === 2) {
-                return {
-                    "0": "High",
-                    "1": "Low"
-                };
-            } else if (options === 3) {
-                return {
-                    "0": "High",
-                    "1": "Medium",
-                    "2": "Low"
-                };
-            }
-            return {}; // Default case (not expected to be used)
-        };
+        // Lookup tables for macrovectors with two and three possible severity levels
+        const threeSeverities = ["High", "Medium", "Low"];
+        const twoSeverities = ["High", "Low"];
 
-        // Constructing the detailed breakdown
+        // Construct the detailed breakdown
         return Object.fromEntries(
-            Object.entries(macroVectorDetails).map(([description, { index, options }]) => {
-                const lookupTable = generateLookupTable(options);
-                return [description, lookupTable[macroVector[index]]];
+            macroVectorDetails.map((description, index) => {
+                // Determine which lookup table to use based on the macrovector description
+                const macroVectorValueOptions = macroVectorsWithTwoSeverities.includes(description)
+                    ? twoSeverities
+                    : threeSeverities;
+
+                return [description, macroVectorValueOptions[macroVector[index]]];
             })
         );
     }
 
 
-
     /**
      * Gets the effective value for a given CVSS metric.
      *