Greenbone Vulnerability Management Libraries
11.0.0
|
CVSS utility functions. More...
#include <glib.h>
#include <string.h>
Go to the source code of this file.
Data Structures | |
struct | impact_item |
Describe a CVSS impact element. More... | |
struct | cvss |
Describe a CVSS metrics. More... | |
Macros | |
#define | AV_NETWORK 1.0 |
AccessVector (AV) Constants. More... | |
#define | AV_ADJACENT_NETWORK 0.646 |
#define | AV_LOCAL 0.395 |
#define | AC_LOW 0.71 |
AccessComplexity (AC) Constants. More... | |
#define | AC_MEDIUM 0.61 |
#define | AC_HIGH 0.35 |
#define | Au_MULTIPLE_INSTANCES 0.45 |
Authentication (Au) Constants. More... | |
#define | Au_SINGLE_INSTANCE 0.56 |
#define | Au_NONE 0.704 |
#define | C_NONE 0.0 |
ConfidentialityImpact (C) Constants. More... | |
#define | C_PARTIAL 0.275 |
#define | C_COMPLETE 0.660 |
#define | I_NONE 0.0 |
IntegrityImpact (I) Constants. More... | |
#define | I_PARTIAL 0.275 |
#define | I_COMPLETE 0.660 |
#define | A_NONE 0.0 |
AvailabilityImpact (A) Constants. More... | |
#define | A_PARTIAL 0.275 |
#define | A_COMPLETE 0.660 |
Enumerations | |
enum | base_metrics { A, I, C, Au, AC, AV } |
Base metrics. More... | |
Functions | |
static int | toenum (const char *str, enum base_metrics *res) |
Determine base metric enumeration from a string. More... | |
static double | get_impact_subscore (const struct cvss *cvss) |
Calculate Impact Sub Score. More... | |
static double | get_exploitability_subscore (const struct cvss *cvss) |
Calculate Exploitability Sub Score. More... | |
static int | set_impact_from_str (const char *value, enum base_metrics metric, struct cvss *cvss) |
Set impact score from string representation. More... | |
static double | __get_cvss_score (struct cvss *cvss) |
Final CVSS score computation helper. More... | |
double | get_cvss_score_from_base_metrics (const char *cvss_str) |
Calculate CVSS Score. More... | |
Variables | |
static const struct impact_item | impact_map [][3] |
CVSS utility functions.
This file contains utility functions for handling CVSS. Namels a calculator for the CVSS base score from a CVSS base vector.
The base equation is the foundation of CVSS scoring. The base equation is: BaseScore6 = round_to_1_decimal(((0.6*Impact)+(0.4*Exploitability)–1.5)*f(Impact))
Impact = 10.41*(1-(1-ConfImpact)*(1-IntegImpact)*(1-AvailImpact))
Exploitability = 20* AccessVector*AccessComplexity*Authentication
f(impact)= 0 if Impact=0, 1.176 otherwise AccessVector = case AccessVector of requires local access: 0.395 adjacent network accessible: 0.646 network accessible: 1.0 AccessComplexity = case AccessComplexity of high: 0.35 medium: 0.61 low: 0.71 Authentication = case Authentication of requires multiple instances of authentication: 0.45 requires single instance of authentication: 0.56 requires no authentication: 0.704 ConfImpact = case ConfidentialityImpact of none: 0.0 partial: 0.275 complete: 0.660 IntegImpact = case IntegrityImpact of none: 0.0 partial: 0.275 complete: 0.660 AvailImpact = case AvailabilityImpact of none: 0.0 partial: 0.275 complete: 0.660
Definition in file cvss.c.
#define A_NONE 0.0 |
#define AC_LOW 0.71 |
#define Au_MULTIPLE_INSTANCES 0.45 |
#define Au_SINGLE_INSTANCE 0.56 |
#define AV_ADJACENT_NETWORK 0.646 |
#define AV_NETWORK 1.0 |
#define C_NONE 0.0 |
#define I_NONE 0.0 |
enum base_metrics |
|
static |
Final CVSS score computation helper.
[in] | cvss | The CVSS structure that contains the different metrics and associated scores. |
Definition at line 318 of file cvss.c.
References get_exploitability_subscore(), and get_impact_subscore().
Referenced by get_cvss_score_from_base_metrics().
double get_cvss_score_from_base_metrics | ( | const char * | cvss_str | ) |
Calculate CVSS Score.
cvss_str | Base vector string from which to compute score. |
Definition at line 342 of file cvss.c.
References __get_cvss_score(), set_impact_from_str(), and toenum().
|
static |
Calculate Exploitability Sub Score.
[in] | cvss | Contains the subscores associated to the metrics. |
Definition at line 245 of file cvss.c.
References cvss::access_complexity, cvss::access_vector, and cvss::authentication.
Referenced by __get_cvss_score().
|
static |
Calculate Impact Sub Score.
[in] | cvss | Contains the subscores associated to the metrics. |
Definition at line 228 of file cvss.c.
References cvss::avail_impact, cvss::conf_impact, and cvss::integ_impact.
Referenced by __get_cvss_score().
|
inlinestatic |
Set impact score from string representation.
[in] | value | The literal value associated to the metric. |
[in] | metric | The enumeration constant identifying the metric. |
[out] | cvss | The structure to update with the score. |
Definition at line 261 of file cvss.c.
References A, AC, cvss::access_complexity, cvss::access_vector, Au, cvss::authentication, AV, cvss::avail_impact, C, cvss::conf_impact, I, impact_map, cvss::integ_impact, impact_item::name, and impact_item::nvalue.
Referenced by get_cvss_score_from_base_metrics().
|
static |
Determine base metric enumeration from a string.
[in] | str | Base metric in string form, for example "A". |
[out] | res | Where to write the desired value. |
Definition at line 195 of file cvss.c.
References A, AC, Au, AV, C, and I.
Referenced by get_cvss_score_from_base_metrics().
|
static |
Definition at line 147 of file cvss.c.
Referenced by set_impact_from_str().