Add CVSSv4 score

CveXplore/VERSION

@@ -1 +1 @@
-0.3.35
+0.3.36

CveXplore/core/database_indexer/db_indexer.py

@@ -52,6 +52,7 @@ def __init__(self, datasource: DatabaseConnectionBase):
                 MongoAddIndex(index=[("lastModified", ASCENDING)], name="lastModified"),
                 MongoAddIndex(index=[("cvss", ASCENDING)], name="cvss"),
                 MongoAddIndex(index=[("cvss3", ASCENDING)], name="cvss3"),
+                MongoAddIndex(index=[("cvss4", ASCENDING)], name="cvss4"),
                 MongoAddIndex(index=[("summary", TEXT)], name="summary"),
                 MongoAddIndex(index=[("vendors", ASCENDING)], name="vendors"),
                 MongoAddIndex(index=[("products", ASCENDING)], name="products"),

CveXplore/core/database_maintenance/sources_process.py

@@ -403,6 +403,61 @@ def process_the_item(self, item: dict = None):
         if "metrics" in item["cve"]:
             cve["access"] = {}
             cve["impact"] = {}
+            if "cvssMetricV40" in item["cve"]["metrics"]:
+                cve["impact4"] = {}
+                cve["exploitability4"] = {}
+                cve["impact4"]["vulnerable_system_confidentiality"] = item["cve"][
+                    "metrics"
+                ]["cvssMetricV40"][0]["cvssData"]["vulnerableSystemConfidentiality"]
+                cve["impact4"]["vulnerable_system_integrity"] = item["cve"]["metrics"][
+                    "cvssMetricV40"
+                ][0]["cvssData"]["vulnerableSystemIntegrity"]
+                cve["impact4"]["vulnerable_system_availability"] = item["cve"][
+                    "metrics"
+                ]["cvssMetricV40"][0]["cvssData"]["vulnerableSystemAvailability"]
+                cve["impact4"]["subsequent_system_confidentiality"] = item["cve"][
+                    "metrics"
+                ]["cvssMetricV40"][0]["cvssData"]["subsequentSystemConfidentiality"]
+                cve["impact4"]["subsequent_system_integrity"] = item["cve"]["metrics"][
+                    "cvssMetricV40"
+                ][0]["cvssData"]["subsequentSystemIntegrity"]
+                cve["impact4"]["subsequent_system_availability"] = item["cve"][
+                    "metrics"
+                ]["cvssMetricV40"][0]["cvssData"]["subsequentSystemAvailability"]
+                cve["exploitability4"]["attackvector"] = item["cve"]["metrics"][
+                    "cvssMetricV40"
+                ][0]["cvssData"]["attackVector"]
+                cve["exploitability4"]["attackcomplexity"] = item["cve"]["metrics"][
+                    "cvssMetricV40"
+                ][0]["cvssData"]["attackComplexity"]
+                cve["exploitability4"]["attackrequirements"] = item["cve"]["metrics"][
+                    "cvssMetricV40"
+                ][0]["cvssData"]["attackRequirements"]
+                cve["exploitability4"]["privilegesrequired"] = item["cve"]["metrics"][
+                    "cvssMetricV40"
+                ][0]["cvssData"]["privilegesRequired"]
+                cve["exploitability4"]["userinteraction"] = item["cve"]["metrics"][
+                    "cvssMetricV40"
+                ][0]["cvssData"]["userInteraction"]
+                cve["exploitability4"]["exploitmaturity"] = item["cve"]["metrics"][
+                    "cvssMetricV40"
+                ][0]["cvssData"]["exploitMaturity"]
+                cve["cvss4"] = float(
+                    item["cve"]["metrics"]["cvssMetricV40"][0]["cvssData"]["baseScore"]
+                )
+                cve["cvss4Vector"] = item["cve"]["metrics"]["cvssMetricV40"][0][
+                    "cvssData"
+                ]["vectorString"]
+                cve["cvss4Time"] = parse_datetime(
+                    item["cve"]["lastModified"], ignoretz=True
+                )
+                cve["cvss4Type"] = item["cve"]["metrics"]["cvssMetricV40"][0]["type"]
+                cve["cvss4Source"] = item["cve"]["metrics"]["cvssMetricV40"][0][
+                    "source"
+                ]
+            else:
+                cve["cvss4"] = None
+
             if "cvssMetricV31" in item["cve"]["metrics"]:
                 cve["impact3"] = {}
                 cve["exploitability3"] = {}

CveXplore/database/helpers/generic_db.py

@@ -38,6 +38,7 @@ def __init__(self, collection: str):
             "cves": [
                 "cvss",
                 "cvss3",
+                "cvss4",
                 "summary",
                 "vendors",
                 "products",

CveXplore/database/helpers/specific_db.pyi

@@ -4,6 +4,7 @@ class CvesDatabaseFunctions:
     id: GenericDatabaseFieldsFunctions
     cvss: GenericDatabaseFieldsFunctions
     cvss3: GenericDatabaseFieldsFunctions
+    cvss4: GenericDatabaseFieldsFunctions
     summary: GenericDatabaseFieldsFunctions
     vendors: GenericDatabaseFieldsFunctions
     products: GenericDatabaseFieldsFunctions

CveXplore/database_models/models.py

@@ -121,6 +121,7 @@ class Cves(CveXploreBase):
     )
     cvss = Column(Float, index=True, doc="CVSS of the CVE")
     cvss3 = Column(Float, index=True, doc="CVSS3 of the CVE")
+    cvss4 = Column(Float, index=True, doc="CVSS4 of the CVE")
     cvssSource = Column(String(50), doc="Source of the CVSS of the CVE")
     cvssTime = Column(DateTime, doc="Time of the CVSS of the CVE")
     cvssVector = Column(String(100), doc="Vector of the CVSS of the CVE")

CveXplore/main.py

@@ -422,6 +422,9 @@ def get_single_store_entries(
             if "cvss3" in dict_filter:
                 if isinstance(dict_filter["cvss3"], str):
                     dict_filter["cvss3"] = float(dict_filter["cvss3"])
+            if "cvss4" in dict_filter:
+                if isinstance(dict_filter["cvss4"], str):
+                    dict_filter["cvss4"] = float(dict_filter["cvss4"])
 
             if "exploitabilityScore" in dict_filter:
                 if isinstance(dict_filter["exploitabilityScore"], str):

CveXplore/objects/cpe.py

@@ -47,6 +47,7 @@ def to_cve_summary(self, vuln_prod_search: bool = False) -> dict:
                 "id",
                 "cvss",
                 "cvss3",
+                "cvss4",
                 "published",
                 "modified",
                 "summary",