cvss3

package
v0.0.0-...-e85a4bd Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 10, 2022 License: Apache-2.0 Imports: 3 Imported by: 0

README

CVSS3

This package implements a CVSS v3 specification and provides functions for serialization and deserialization of vectors as well as score calculation (base, temporal and environmental).

Usage

vec, err := cvss3.VectorFromString("CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:H/A:L/E:P/RL:W/RC:R/CR:M/IR:H/AR:L/MAV:N/MAC:H/MPR:L/MUI:R/MS:C/MC:L/MA:N")
if err != nil {
    panic(err)
}
if err := vec.Validate(); err != nil {
    panic(err)
}

fmt.Println(vec, vec.BaseScore(), vec.TemporalScore(), vec.EnvironmentalScore())
// CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:H/A:L/E:P/RL:W/RC:R/CR:M/IR:H/AR:L/MAV:N/MAC:H/MPR:L/MUI:R/MS:C/MC:L/MA:N 6.4 5.7 7.1

vec.EnvironmentalMetrics.ModifiedScope = ScopeUnchanged
fmt.Println(vec, vec.BaseScore(), vec.TemporalScore(), vec.EnvironmentalScore())
// CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:H/A:L/E:P/RL:W/RC:R/CR:M/IR:H/AR:L/MAV:N/MAC:H/MPR:L/MUI:R/MS:U/MC:L/MA:N 6.4, 5.7, 6.1

Documentation

Index

Constants

View Source 
const (
	AttackVectorNotdefined       ModifiedAttackVector = 0
	AttackVectorNotdefinedString string               = "X"
)
View Source 
const (
	AttackComplexityNotdefined       ModifiedAttackComplexity = 0
	AttackComplexityNotdefinedString string                   = "X"
)
View Source 
const (
	PrivilegesRequiredNotdefined       ModifiedPrivilegesRequired = 0
	PrivilegesRequiredNotdefinedString string                     = "X"
)
View Source 
const (
	UserInteractionNotdefined       ModifiedUserInteraction = 0
	UserInteractionNotdefinedString string                  = "X"
)
View Source 
const (
	ScopeNotdefined       ModifiedScope = 0
	ScopeNotdefinedString string        = "X"
)
View Source 
const (
	ConfidentialityNotdefined       ModifiedConfidentiality = 0
	ConfidentialityNotdefinedString string                  = "X"
)
View Source 
const (
	IntegrityNotdefined       ModifiedIntegrity = 0
	IntegrityNotdefinedString string            = "X"
)
View Source 
const (
	AvailabilityNotdefined       ModifiedAvailability = 0
	AvailabilityNotdefinedString string               = "X"
)
View Source 
const (
	ModifiedExploitCodeMaturityNotdefined       ModifiedExploitCodeMaturity = 0
	ModifiedExploitCodeMaturityNotdefinedString string                      = "X"
)
View Source 
const (
	ModifiedRemediationLevelNotdefined       ModifiedRemediationLevel = 0
	ModifiedRemediationLevelNotdefinedString string                   = "X"
)
View Source 
const (
	ModifiedReportConfidenceNotdefined       ModifiedReportConfidence = 0
	ModifiedReportConfidenceNotdefinedString string                   = "X"
)

Variables

This section is empty.

Functions

This section is empty.

Types

type AttackComplexity 

type AttackComplexity int
const (
	AttackComplexityLow AttackComplexity = iota + 1
	AttackComplexityHigh
)

func (AttackComplexity) String 

func (ac AttackComplexity) String() string

type AttackVector 

type AttackVector int
const (
	AttackVectorNetwork AttackVector = iota + 1
	AttackVectorAdjecent
	AttackVectorLocal
	AttackVectorPhysical
)

func (AttackVector) String 

func (av AttackVector) String() string

type Availability 

type Availability int
const (
	AvailabilityHigh Availability = iota + 1
	AvailabilityLow
	AvailabilityNone
)

func (Availability) String 

func (a Availability) String() string

type AvailabilityRequirement 

type AvailabilityRequirement int
const (
	AvailabilityRequirementNotdefined AvailabilityRequirement = iota
	AvailabilityRequirementHigh
	AvailabilityRequirementMedium
	AvailabilityRequirementLow
)

func (AvailabilityRequirement) String 

func (ar AvailabilityRequirement) String() string

type BaseMetrics 

type BaseMetrics struct {
	AttackVector
	AttackComplexity
	PrivilegesRequired
	UserInteraction
	Scope
	Confidentiality
	Integrity
	Availability
}

type Confidentiality 

type Confidentiality int
const (
	ConfidentialityHigh Confidentiality = iota + 1
	ConfidentialityLow
	ConfidentialityNone
)

func (Confidentiality) String 

func (c Confidentiality) String() string

type ConfidentialityRequirement 

type ConfidentialityRequirement int
const (
	ConfidentialityRequirementNotdefined ConfidentialityRequirement = iota
	ConfidentialityRequirementHigh
	ConfidentialityRequirementMedium
	ConfidentialityRequirementLow
)

func (ConfidentialityRequirement) String 

func (cr ConfidentialityRequirement) String() string

type EnvironmentalMetrics 

type EnvironmentalMetrics struct {
	ConfidentialityRequirement
	IntegrityRequirement
	AvailabilityRequirement
	ModifiedAttackVector
	ModifiedAttackComplexity
	ModifiedPrivilegesRequired
	ModifiedUserInteraction
	ModifiedScope
	ModifiedConfidentiality
	ModifiedIntegrity
	ModifiedAvailability
	ModifiedExploitCodeMaturity
	ModifiedRemediationLevel
	ModifiedReportConfidence
}

type ExploitCodeMaturity 

type ExploitCodeMaturity int
const (
	ExploitCodeMaturityNotdefined ExploitCodeMaturity = iota
	ExploitCodeMaturityHigh
	ExploitCodeMaturityFunctional
	ExploitCodeMaturityProofOfConcept
	ExploitCodeMaturityUnproven
)

func (ExploitCodeMaturity) String 

func (ecm ExploitCodeMaturity) String() string

type Integrity 

type Integrity int
const (
	IntegrityHigh Integrity = iota + 1
	IntegrityLow
	IntegrityNone
)

func (Integrity) String 

func (i Integrity) String() string

type IntegrityRequirement 

type IntegrityRequirement int
const (
	IntegrityRequirementNotdefined IntegrityRequirement = iota
	IntegrityRequirementHigh
	IntegrityRequirementMedium
	IntegrityRequirementLow
)

func (IntegrityRequirement) String 

func (ir IntegrityRequirement) String() string

type ModifiedAttackComplexity 

type ModifiedAttackComplexity AttackComplexity

func (ModifiedAttackComplexity) String 

func (mac ModifiedAttackComplexity) String() string

type ModifiedAttackVector 

type ModifiedAttackVector AttackVector

func (ModifiedAttackVector) String 

func (mav ModifiedAttackVector) String() string

type ModifiedAvailability 

type ModifiedAvailability Availability

func (ModifiedAvailability) String 

func (ma ModifiedAvailability) String() string

type ModifiedConfidentiality 

type ModifiedConfidentiality Confidentiality

func (ModifiedConfidentiality) String 

func (mc ModifiedConfidentiality) String() string

type ModifiedExploitCodeMaturity 

type ModifiedExploitCodeMaturity ExploitCodeMaturity

func (ModifiedExploitCodeMaturity) String 

func (mecm ModifiedExploitCodeMaturity) String() string

type ModifiedIntegrity 

type ModifiedIntegrity Integrity

func (ModifiedIntegrity) String 

func (mi ModifiedIntegrity) String() string

type ModifiedPrivilegesRequired 

type ModifiedPrivilegesRequired PrivilegesRequired

func (ModifiedPrivilegesRequired) String 

func (mpr ModifiedPrivilegesRequired) String() string

type ModifiedRemediationLevel 

type ModifiedRemediationLevel RemediationLevel

func (ModifiedRemediationLevel) String 

func (mrl ModifiedRemediationLevel) String() string

type ModifiedReportConfidence 

type ModifiedReportConfidence ReportConfidence

func (ModifiedReportConfidence) String 

func (mrc ModifiedReportConfidence) String() string

type ModifiedScope 

type ModifiedScope Scope

func (ModifiedScope) String 

func (ms ModifiedScope) String() string

type ModifiedUserInteraction 

type ModifiedUserInteraction UserInteraction

func (ModifiedUserInteraction) String 

func (mui ModifiedUserInteraction) String() string

type PrivilegesRequired 

type PrivilegesRequired int
const (
	PrivilegesRequiredNone PrivilegesRequired = iota + 1
	PrivilegesRequiredLow
	PrivilegesRequiredHigh
)

func (PrivilegesRequired) String 

func (pr PrivilegesRequired) String() string

type RemediationLevel 

type RemediationLevel int
const (
	RemediationLevelNotdefined RemediationLevel = iota
	RemediationLevelUnavailable
	RemediationLevelWorkaround
	RemediationLevelTemporaryFix
	RemediationLevelOfficialFix
)

func (RemediationLevel) String 

func (rl RemediationLevel) String() string

type ReportConfidence 

type ReportConfidence int
const (
	ReportConfidenceNotdefined ReportConfidence = iota
	ReportConfidenceConfirmed
	ReportConfidenceReasonable
	ReportConfidenceUnknown
)

func (ReportConfidence) String 

func (rc ReportConfidence) String() string

type Scope 

type Scope int
const (
	ScopeUnchanged Scope = iota + 1
	ScopeChanged
)

func (Scope) String 

func (s Scope) String() string

type TemporalMetrics 

type TemporalMetrics struct {
	ExploitCodeMaturity
	RemediationLevel
	ReportConfidence
}

type UserInteraction 

type UserInteraction int
const (
	UserInteractionNone UserInteraction = iota + 1
	UserInteractionRequired
)

func (UserInteraction) String 

func (ui UserInteraction) String() string

type Vector 

type Vector struct {
	BaseMetrics
	TemporalMetrics
	EnvironmentalMetrics
	// contains filtered or unexported fields
}

Vector represents a CVSSv3 vector, holds all metrics inside (base, temporal and environmental)

func VectorFromString 

func VectorFromString(str string) (Vector, error)

VectorFromString will parse a string into a Vector, or return an error if it can't be parsed

func (*Vector) Absorb 

func (v *Vector) Absorb(other Vector)

Absorb will override only metrics in the current vector from the one given which are defined If the other vector specifies only a single metric with all others undefined, the resulting vector will contain all metrics it previously did, with only the new one overriden

func (*Vector) AbsorbIfDefined 

func (v *Vector) AbsorbIfDefined(other Vector)

AbsorbIfDefined is like Absorb but will not override vector components that are not present in v.

func (Vector) BaseScore 

func (v Vector) BaseScore() float64

BaseScore returns base score of the vector

func (Vector) EnvironmentalScore 

func (v Vector) EnvironmentalScore() float64

EnvironmentalScore returns environmental score of the vector

func (Vector) Equal 

func (v Vector) Equal(o Vector) bool

Equal returns true if o represents the same vector as v.

Note that the definition of equal here means that two vectors with different string representations can still be equal. For instance RL:X is defined as the same as RL:U. From the spec: 

Assigning this value indicates there is insufficient information to choose
one of the other values, and has no impact on the overall Temporal Score,
i.e., it has the same effect on scoring as assigning Unavailable.

https://www.first.org/cvss/specification-document:

func (Vector) Score 

func (v Vector) Score() float64

Score = combined score for the whole Vector

func (Vector) String 

func (v Vector) String() string

String returns this vectors representation as a string it shouldn't depend on the order of metrics

func (Vector) TemporalScore 

func (v Vector) TemporalScore() float64

TemporalScore returns temporal score of the vector

func (Vector) Validate 

func (v Vector) Validate() error

Validate should be called before calculating any scores on vector If there's an error, there's no guarantee that a call to *Score() won't panic

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.