|
Greenbone Vulnerability Management Libraries 21.4.4
|
CVSS utility functions. More...
#include <glib.h>#include <math.h>#include <string.h>Data Structures | |
| struct | impact_item |
| Describe a CVSS impact element. More... | |
| struct | cvss |
| Describe a CVSS metrics. More... | |
Macros | |
| #define | G_LOG_DOMAIN "libgvm base" |
| GLib log domain. More... | |
| #define | AV_NETWORK 1.0 |
| AccessVector (AV) Constants. More... | |
| #define | AV_ADJACENT_NETWORK 0.646 |
| #define | AV_LOCAL 0.395 |
| #define | AC_LOW 0.71 |
| AccessComplexity (AC) Constants. More... | |
| #define | AC_MEDIUM 0.61 |
| #define | AC_HIGH 0.35 |
| #define | Au_MULTIPLE_INSTANCES 0.45 |
| Authentication (Au) Constants. More... | |
| #define | Au_SINGLE_INSTANCE 0.56 |
| #define | Au_NONE 0.704 |
| #define | C_NONE 0.0 |
| ConfidentialityImpact (C) Constants. More... | |
| #define | C_PARTIAL 0.275 |
| #define | C_COMPLETE 0.660 |
| #define | I_NONE 0.0 |
| IntegrityImpact (I) Constants. More... | |
| #define | I_PARTIAL 0.275 |
| #define | I_COMPLETE 0.660 |
| #define | A_NONE 0.0 |
| AvailabilityImpact (A) Constants. More... | |
| #define | A_PARTIAL 0.275 |
| #define | A_COMPLETE 0.660 |
Enumerations | |
| enum | base_metrics { A , I , C , Au , AC , AV } |
| Base metrics. More... | |
Functions | |
| static double | get_cvss_score_from_base_metrics_v3 (const char *cvss_str) |
| Calculate CVSS Score. More... | |
| static int | toenum (const char *str, enum base_metrics *res) |
| Determine base metric enumeration from a string. More... | |
| static double | get_impact_subscore (const struct cvss *cvss) |
| Calculate Impact Sub Score. More... | |
| static double | get_exploitability_subscore (const struct cvss *cvss) |
| Calculate Exploitability Sub Score. More... | |
| static int | set_impact_from_str (const char *value, enum base_metrics metric, struct cvss *cvss) |
| Set impact score from string representation. More... | |
| static double | __get_cvss_score (struct cvss *cvss) |
| Final CVSS score computation helper. More... | |
| double | get_cvss_score_from_base_metrics (const char *cvss_str) |
| Calculate CVSS Score. More... | |
| static double | roundup (double cvss) |
| Round final score as in spec. More... | |
| static double | v3_impact (const char *value) |
| Get impact. More... | |
Variables | |
| static const struct impact_item | impact_map [][3] |
CVSS utility functions.
This file contains utility functions for handling CVSS v2 and v3. get_cvss_score_from_base_metrics calculates the CVSS base score from a CVSS base vector.
CVSS v3.1:
See equations at https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator and constants at https://www.first.org/cvss/v3.1/specification-document (section 7.4. Metric Values).
CVSS v3.0:
See equations at https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator and constants at https://www.first.org/cvss/v3.0/specification-document (section 8.4. Metric Levels).
CVSS v2:
The base equation is the foundation of CVSS scoring. The base equation is: BaseScore6 = round_to_1_decimal(((0.6*Impact)+(0.4*Exploitability)–1.5)*f(Impact))
Impact = 10.41*(1-(1-ConfImpact)*(1-IntegImpact)*(1-AvailImpact))
Exploitability = 20* AccessVector*AccessComplexity*Authentication
f(impact)= 0 if Impact=0, 1.176 otherwise AccessVector = case AccessVector of requires local access: 0.395 adjacent network accessible: 0.646 network accessible: 1.0 AccessComplexity = case AccessComplexity of high: 0.35 medium: 0.61 low: 0.71 Authentication = case Authentication of requires multiple instances of authentication: 0.45 requires single instance of authentication: 0.56 requires no authentication: 0.704 ConfImpact = case ConfidentialityImpact of none: 0.0 partial: 0.275 complete: 0.660 IntegImpact = case IntegrityImpact of none: 0.0 partial: 0.275 complete: 0.660 AvailImpact = case AvailabilityImpact of none: 0.0 partial: 0.275 complete: 0.660
| #define A_COMPLETE 0.660 |
Complete Availability Impact.
| #define A_NONE 0.0 |
AvailabilityImpact (A) Constants.
No Availability Impact.
| #define A_PARTIAL 0.275 |
Partial Availability Impact.
| #define AC_HIGH 0.35 |
Access Complexity High.
| #define AC_LOW 0.71 |
AccessComplexity (AC) Constants.
Access Complexity Low.
| #define AC_MEDIUM 0.61 |
Access Complexity Medium.
| #define Au_MULTIPLE_INSTANCES 0.45 |
Authentication (Au) Constants.
Authentication multiple instances.
| #define Au_NONE 0.704 |
No Authentication.
| #define Au_SINGLE_INSTANCE 0.56 |
Authentication single instances.
| #define AV_ADJACENT_NETWORK 0.646 |
Access Vector Adjacent Network.
| #define AV_LOCAL 0.395 |
Access Vector Local.
| #define AV_NETWORK 1.0 |
AccessVector (AV) Constants.
Access Vector Network.
| #define C_COMPLETE 0.660 |
Complete Confidentiality Impact.
| #define C_NONE 0.0 |
ConfidentialityImpact (C) Constants.
No Confidentiality Impact.
| #define C_PARTIAL 0.275 |
Partial Confidentiality Impact.
| #define G_LOG_DOMAIN "libgvm base" |
GLib log domain.
| #define I_COMPLETE 0.660 |
Complete Integrity Impact.
| #define I_NONE 0.0 |
IntegrityImpact (I) Constants.
No Integrity Impact.
| #define I_PARTIAL 0.275 |
Partial Integrity Impact.
| enum base_metrics |
|
static |
Final CVSS score computation helper.
| [in] | cvss | The CVSS structure that contains the different metrics and associated scores. |
| double get_cvss_score_from_base_metrics | ( | const char * | cvss_str | ) |
Calculate CVSS Score.
| cvss_str | Base vector string from which to compute score. |
|
static |
Calculate CVSS Score.
| cvss_str | Vector from which to compute score, without prefix. |
|
static |
Calculate Exploitability Sub Score.
| [in] | cvss | Contains the subscores associated to the metrics. |
|
static |
Calculate Impact Sub Score.
| [in] | cvss | Contains the subscores associated to the metrics. |
|
static |
Round final score as in spec.
| cvss | CVSS score. |
|
inlinestatic |
Set impact score from string representation.
| [in] | value | The literal value associated to the metric. |
| [in] | metric | The enumeration constant identifying the metric. |
| [out] | cvss | The structure to update with the score. |
|
static |
Determine base metric enumeration from a string.
| [in] | str | Base metric in string form, for example "A". |
| [out] | res | Where to write the desired value. |
|
static |
Get impact.
| value | Metric value. |
|
static |