VulnerabilityScoreSource.get_from_vector() does not return CVSS_V3_1 and CVSS_V4

[DerDakon]

These cases are not handled, or not handled correctly. "3.1" will be matched to CVSS_V3, "4*" will be matched to OTHER.

[jkowalleck]

@DerDakon , please provide a reproducible example.
some complete python code that showcases the behaviour.

[DerDakon]

print(VulnerabilityScoreSource.get_from_vector("CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"))

[jkowalleck]

@DerDakon , please provide a reproducible example.
some complete python code that showcases the behaviour -- not just a sniped that lacks all imports and everything else.

[jkowalleck]

complete reproducible examples

from cyclonedx.model.vulnerability import VulnerabilityScoreSource
vec = VulnerabilityScoreSource.get_from_vector("CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H")
assert vec is VulnerabilityScoreSource.CVSS_V3_1

# AssertionError

from cyclonedx.model.vulnerability import VulnerabilityScoreSource
vec = VulnerabilityScoreSource.get_from_vector("CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U")
assert vec is VulnerabilityScoreSource.CVSS_V4


# AssertionError

[jkowalleck]

working on a fix - #824

[jkowalleck]

this fix was released in https://github.com/CycloneDX/cyclonedx-python-lib/releases/tag/v10.2.0