Greenbone Vulnerability Management Libraries 22.8.0
|
CVSS utility functions. More...
Go to the source code of this file.
Data Structures | |
struct | impact_item |
Describe a CVSS impact element. More... | |
struct | cvss |
Describe a CVSS metrics. More... | |
Macros | |
#define | G_LOG_DOMAIN "libgvm base" |
GLib log domain. | |
#define | AV_NETWORK 1.0 |
AccessVector (AV) Constants. | |
#define | AV_ADJACENT_NETWORK 0.646 |
#define | AV_LOCAL 0.395 |
#define | AC_LOW 0.71 |
AccessComplexity (AC) Constants. | |
#define | AC_MEDIUM 0.61 |
#define | AC_HIGH 0.35 |
#define | Au_MULTIPLE_INSTANCES 0.45 |
Authentication (Au) Constants. | |
#define | Au_SINGLE_INSTANCE 0.56 |
#define | Au_NONE 0.704 |
#define | C_NONE 0.0 |
ConfidentialityImpact (C) Constants. | |
#define | C_PARTIAL 0.275 |
#define | C_COMPLETE 0.660 |
#define | I_NONE 0.0 |
IntegrityImpact (I) Constants. | |
#define | I_PARTIAL 0.275 |
#define | I_COMPLETE 0.660 |
#define | A_NONE 0.0 |
AvailabilityImpact (A) Constants. | |
#define | A_PARTIAL 0.275 |
#define | A_COMPLETE 0.660 |
Enumerations | |
enum | base_metrics { A , I , C , Au , AC , AV } |
Base metrics. More... | |
Functions | |
static double | get_cvss_score_from_base_metrics_v3 (const char *cvss_str) |
Calculate CVSS Score. | |
static int | toenum (const char *str, enum base_metrics *res) |
Determine base metric enumeration from a string. | |
static double | get_impact_subscore (const struct cvss *cvss) |
Calculate Impact Sub Score. | |
static double | get_exploitability_subscore (const struct cvss *cvss) |
Calculate Exploitability Sub Score. | |
static int | set_impact_from_str (const char *value, enum base_metrics metric, struct cvss *cvss) |
Set impact score from string representation. | |
static double | __get_cvss_score (struct cvss *cvss) |
Final CVSS score computation helper. | |
double | get_cvss_score_from_base_metrics (const char *cvss_str) |
Calculate CVSS Score. | |
static double | roundup (double cvss) |
Round final score as in spec. | |
static double | v3_impact (const char *value) |
Get impact. | |
Variables | |
static const struct impact_item | impact_map [][3] |
CVSS utility functions.
This file contains utility functions for handling CVSS v2 and v3. get_cvss_score_from_base_metrics calculates the CVSS base score from a CVSS base vector.
CVSS v3.1:
See equations at https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator and constants at https://www.first.org/cvss/v3.1/specification-document (section 7.4. Metric Values).
CVSS v3.0:
See equations at https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator and constants at https://www.first.org/cvss/v3.0/specification-document (section 8.4. Metric Levels).
CVSS v2:
The base equation is the foundation of CVSS scoring. The base equation is: BaseScore6 = round_to_1_decimal(((0.6*Impact)+(0.4*Exploitability)–1.5)*f(Impact))
Impact = 10.41*(1-(1-ConfImpact)*(1-IntegImpact)*(1-AvailImpact))
Exploitability = 20* AccessVector*AccessComplexity*Authentication
f(impact)= 0 if Impact=0, 1.176 otherwise AccessVector = case AccessVector of requires local access: 0.395 adjacent network accessible: 0.646 network accessible: 1.0 AccessComplexity = case AccessComplexity of high: 0.35 medium: 0.61 low: 0.71 Authentication = case Authentication of requires multiple instances of authentication: 0.45 requires single instance of authentication: 0.56 requires no authentication: 0.704 ConfImpact = case ConfidentialityImpact of none: 0.0 partial: 0.275 complete: 0.660 IntegImpact = case IntegrityImpact of none: 0.0 partial: 0.275 complete: 0.660 AvailImpact = case AvailabilityImpact of none: 0.0 partial: 0.275 complete: 0.660
#define A_COMPLETE 0.660 |
Complete Availability Impact.
#define A_NONE 0.0 |
AvailabilityImpact (A) Constants.
No Availability Impact.
#define A_PARTIAL 0.275 |
Partial Availability Impact.
#define AC_HIGH 0.35 |
Access Complexity High.
#define AC_LOW 0.71 |
AccessComplexity (AC) Constants.
Access Complexity Low.
#define AC_MEDIUM 0.61 |
Access Complexity Medium.
#define Au_MULTIPLE_INSTANCES 0.45 |
Authentication (Au) Constants.
Authentication multiple instances.
#define Au_NONE 0.704 |
No Authentication.
#define Au_SINGLE_INSTANCE 0.56 |
Authentication single instances.
#define AV_ADJACENT_NETWORK 0.646 |
Access Vector Adjacent Network.
#define AV_LOCAL 0.395 |
Access Vector Local.
#define AV_NETWORK 1.0 |
AccessVector (AV) Constants.
Access Vector Network.
#define C_COMPLETE 0.660 |
Complete Confidentiality Impact.
#define C_NONE 0.0 |
ConfidentialityImpact (C) Constants.
No Confidentiality Impact.
#define C_PARTIAL 0.275 |
Partial Confidentiality Impact.
#define G_LOG_DOMAIN "libgvm base" |
GLib log domain.
#define I_COMPLETE 0.660 |
Complete Integrity Impact.
#define I_NONE 0.0 |
IntegrityImpact (I) Constants.
No Integrity Impact.
#define I_PARTIAL 0.275 |
Partial Integrity Impact.
enum base_metrics |
|
static |
Final CVSS score computation helper.
[in] | cvss | The CVSS structure that contains the different metrics and associated scores. |
double get_cvss_score_from_base_metrics | ( | const char * | cvss_str | ) |
Calculate CVSS Score.
cvss_str | Base vector string from which to compute score. |
|
static |
Calculate CVSS Score.
cvss_str | Vector from which to compute score, without prefix. |
|
static |
Calculate Exploitability Sub Score.
[in] | cvss | Contains the subscores associated to the metrics. |
|
static |
Calculate Impact Sub Score.
[in] | cvss | Contains the subscores associated to the metrics. |
|
static |
Round final score as in spec.
cvss | CVSS score. |
|
inlinestatic |
Set impact score from string representation.
[in] | value | The literal value associated to the metric. |
[in] | metric | The enumeration constant identifying the metric. |
[out] | cvss | The structure to update with the score. |
|
static |
Determine base metric enumeration from a string.
[in] | str | Base metric in string form, for example "A". |
[out] | res | Where to write the desired value. |
|
static |
Get impact.
value | Metric value. |
|
static |