cvss2

package
v0.1.5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 6, 2021 License: Apache-2.0 Imports: 3 Imported by: 0

README

CVSS2

This package implements a CVSS v2 specification and provides functions for serialization and deserialization of vectors as well as score calculation (base, temporal and environmental).

Usage

vec, err := cvss2.VectorFromString("(AV:N/AC:M/Au:M/C:P/I:N/A:N/E:F/RL:W/RC:UR/CDP:LM/TD:M/CR:M/IR:H/AR:M)")
if err != nil {
    panic(err)
}
if err := vec.Validate(); err != nil {
    panic(err)
}

fmt.Println(vec, vec.BaseScore(), vec.TemporalScore(), vec.EnvironmentalScore())
// (AV:N/AC:M/Au:M/C:P/I:N/A:N/E:F/RL:W/RC:UR/CDP:LM/TD:M/CR:M/IR:H/AR:M) 2.8 2.4 3.5

vec.BaseMetrics.Authentification = AuthentificationSingle
fmt.Println(vec, vec.BaseScore(), vec.TemporalScore(), vec.EnvironmentalScore())
// (AV:N/AC:M/Au:S/C:P/I:N/A:N/E:F/RL:W/RC:UR/CDP:LM/TD:M/CR:M/IR:H/AR:M) 3.5 2.9 6.8

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AccessComplexity 

type AccessComplexity int
const (
	AccessComplexityHigh AccessComplexity = iota + 1
	AccessComplexityMedium
	AccessComplexityLow
)

func (AccessComplexity) String 

func (ac AccessComplexity) String() string

type AccessVector 

type AccessVector int
const (
	AccessVectorLocal AccessVector = iota + 1
	AccessVectorAdjecentNetwork
	AccessVectorNetwork
)

func (AccessVector) String 

func (av AccessVector) String() string

type Authentication 

type Authentication int
const (
	AuthenticationMultiple Authentication = iota + 1
	AuthenticationSingle
	AuthenticationNone
)

func (Authentication) String 

func (au Authentication) String() string

type AvailabilityImpact 

type AvailabilityImpact int
const (
	AvailabilityImpactNone AvailabilityImpact = iota + 1
	AvailabilityImpactPartial
	AvailabilityImpactComplete
)

func (AvailabilityImpact) String 

func (ai AvailabilityImpact) String() string

type AvailabilityRequirement 

type AvailabilityRequirement int
const (
	AvailabilityRequirementNotdefined AvailabilityRequirement = iota
	AvailabilityRequirementLow
	AvailabilityRequirementMedium
	AvailabilityRequirementHigh
)

func (AvailabilityRequirement) String 

func (ar AvailabilityRequirement) String() string

type BaseMetrics 

type BaseMetrics struct {
	AccessVector
	AccessComplexity
	Authentication
	ConfidentialityImpact
	IntegrityImpact
	AvailabilityImpact
}

type CollateralDamagePotential 

type CollateralDamagePotential int
const (
	CollateralDamagePotentialNotDefined CollateralDamagePotential = iota
	CollateralDamagePotentialNone
	CollateralDamagePotentialLow
	CollateralDamagePotentialLowMedium
	CollateralDamagePotentialMediumHigh
	CollateralDamagePotentialHigh
)

func (CollateralDamagePotential) String 

func (cdp CollateralDamagePotential) String() string

type ConfidentialityImpact 

type ConfidentialityImpact int
const (
	ConfidentialityImpactNone ConfidentialityImpact = iota + 1
	ConfidentialityImpactPartial
	ConfidentialityImpactComplete
)

func (ConfidentialityImpact) String 

func (ci ConfidentialityImpact) String() string

type ConfidentialityRequirement 

type ConfidentialityRequirement int
const (
	ConfidentialityRequirementNotdefined ConfidentialityRequirement = iota
	ConfidentialityRequirementLow
	ConfidentialityRequirementMedium
	ConfidentialityRequirementHigh
)

func (ConfidentialityRequirement) String 

func (cr ConfidentialityRequirement) String() string

type EnvironmentalMetrics 

type EnvironmentalMetrics struct {
	CollateralDamagePotential
	TargetDistribution
	ConfidentialityRequirement
	IntegrityRequirement
	AvailabilityRequirement
	ModifiedExploitablity
	ModifiedRemediationLevel
	ModifiedReportConfidence
}

type Exploitablity 

type Exploitablity int
const (
	ExploitablityNotDefined Exploitablity = iota
	ExploitablityUnproven
	ExploitablityProofOfConcept
	ExploitablityFunctional
	ExploitablityHigh
)

func (Exploitablity) String 

func (e Exploitablity) String() string

type IntegrityImpact 

type IntegrityImpact int
const (
	IntegerityImpactNone IntegrityImpact = iota + 1
	IntegrityImpactPartial
	IntegrityImpactComplete
)

func (IntegrityImpact) String 

func (ii IntegrityImpact) String() string

type IntegrityRequirement 

type IntegrityRequirement int
const (
	IntegrityRequirementNotdefined IntegrityRequirement = iota
	IntegrityRequirementLow
	IntegrityRequirementMedium
	IntegrityRequirementHigh
)

func (IntegrityRequirement) String 

func (ir IntegrityRequirement) String() string

type ModifiedExploitablity 

type ModifiedExploitablity Exploitablity

func (ModifiedExploitablity) String 

func (mecm ModifiedExploitablity) String() string

type ModifiedRemediationLevel 

type ModifiedRemediationLevel RemediationLevel

func (ModifiedRemediationLevel) String 

func (mrl ModifiedRemediationLevel) String() string

type ModifiedReportConfidence 

type ModifiedReportConfidence ReportConfidence

func (ModifiedReportConfidence) String 

func (mrc ModifiedReportConfidence) String() string

type RemediationLevel 

type RemediationLevel int
const (
	RemediationLevelNotDefined RemediationLevel = iota
	RemediationLevelOfficialFix
	RemediationLevelTemporaryFix
	RemediationLevelWorkaround
	RemediationLevelUnavailable
)

func (RemediationLevel) String 

func (rl RemediationLevel) String() string

type ReportConfidence 

type ReportConfidence int
const (
	ReportConfidenceNotDefined ReportConfidence = iota
	ReportConfidenceUnconfirmed
	ReportConfidenceUncorroborated
	ReportConfidenceConfirmed
)

func (ReportConfidence) String 

func (rc ReportConfidence) String() string

type TargetDistribution 

type TargetDistribution int
const (
	TargetDistributionNotDefined TargetDistribution = iota
	TargetDistributionNone
	TargetDistributionLow
	TargetDistributionMedium
	TargetDistributionHigh
)

func (TargetDistribution) String 

func (td TargetDistribution) String() string

type TemporalMetrics 

type TemporalMetrics struct {
	Exploitablity
	RemediationLevel
	ReportConfidence
}

type Vector 

type Vector struct {
	BaseMetrics
	TemporalMetrics
	EnvironmentalMetrics
}

Vector represents a CVSSv3 vector, holds all metrics inside (base, temporal and environmental)

func VectorFromString 

func VectorFromString(str string) (Vector, error)

VectorFromString will parse a string into a Vector, or return an error if it can't be parsed

func (*Vector) Absorb 

func (v *Vector) Absorb(other Vector)

Absorb will override only metrics in the current vector from the one given which are defined If the other vector specifies only a single metric with all others undefined, the resulting vector will contain all metrics it previously did, with only the new one overriden

func (*Vector) AbsorbIfDefined added in v0.1.5 

func (v *Vector) AbsorbIfDefined(other Vector)

AbsorbIfDefined is like Absorb but will not override vector components that are not present in v.

func (Vector) BaseScore 

func (v Vector) BaseScore() float64

BaseScore returns base score of the vector

func (Vector) EnvironmentalScore 

func (v Vector) EnvironmentalScore() float64

EnvironmentalScore returns environmental score of the vector

func (Vector) Score 

func (v Vector) Score() float64

Score = combined score for the whole Vector

func (Vector) String 

func (v Vector) String() string

String returns this vectors representation as a string it shouldn't depend on the order of metrics

func (Vector) TemporalScore 

func (v Vector) TemporalScore() float64

TemporalScore returns temporal score of the vector

func (Vector) Validate 

func (v Vector) Validate() error

Validate should be called before calculating any scores on vector If there's an error, there's no guarantee that a call to *Score() won't panic

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.