aboutsummaryrefslogtreecommitdiff
path: root/internal/cvss
diff options
context:
space:
mode:
authorPaul Duncan <pabs@pablotron.org>2022-01-31 13:59:15 -0500
committerPaul Duncan <pabs@pablotron.org>2022-01-31 13:59:15 -0500
commit02469f18e832eb0a641cc1a5095726b66f56a479 (patch)
treedd8fec89c5f55fd8fb985694e3313dff8a857af9 /internal/cvss
parentb3dc36421f133ea6983574891720e974cf7974dd (diff)
downloadcvez-02469f18e832eb0a641cc1a5095726b66f56a479.tar.bz2
cvez-02469f18e832eb0a641cc1a5095726b66f56a479.zip
internal/cvss/cvss.go: hide internals
Diffstat (limited to 'internal/cvss')
-rw-r--r--internal/cvss/cvss.go1404
1 files changed, 741 insertions, 663 deletions
diff --git a/internal/cvss/cvss.go b/internal/cvss/cvss.go
index e50f718..f260ce2 100644
--- a/internal/cvss/cvss.go
+++ b/internal/cvss/cvss.go
@@ -7,11 +7,11 @@ import (
)
//go:generate stringer -linecomment -type=Version
-//go:generate stringer -linecomment -type=MetricCategory
-//go:generate stringer -linecomment -type=V2MetricKey
-//go:generate stringer -linecomment -type=V2Metric
-//go:generate stringer -linecomment -type=V3MetricKey
-//go:generate stringer -linecomment -type=V3Metric
+//go:generate stringer -linecomment -type=Category
+//go:generate stringer -linecomment -type=v2MetricKey
+//go:generate stringer -linecomment -type=v2Metric
+//go:generate stringer -linecomment -type=v3MetricKey
+//go:generate stringer -linecomment -type=v3Metric
// CVSS version
type Version byte
@@ -23,330 +23,340 @@ const (
)
// CVSS metric category.
-type MetricCategory byte
+type Category byte
const (
- Base MetricCategory = iota // Base
+ Base Category = iota // Base
Temporal // Temporal
Environmental // Environmental
)
-// CVSS metric key
-type V2MetricKey byte
+// CVSS metric key.
+type v2MetricKey byte
const (
- V2AccessVector V2MetricKey = iota // AV
- V2AccessComplexity // AC
- V2Authentication // Au
- V2ConfidentialityImpact // C
- V2IntegrityImpact // I
- V2AvailabilityImpact // A
- V2Exploitability // E
- V2RemediationLevel // RL
- V2ReportConfidence // RC
- V2CollateralDamagePotential // CDP
- V2TargetDistribution // TD
- V2ConfidentialityRequirement // CR
- V2IntegrityRequirement // IR
- V2AvailabilityRequirement // AR
+ v2AccessVector v2MetricKey = iota // AV
+ v2AccessComplexity // AC
+ v2Authentication // Au
+ v2ConfidentialityImpact // C
+ v2IntegrityImpact // I
+ v2AvailabilityImpact // A
+ v2Exploitability // E
+ v2RemediationLevel // RL
+ v2ReportConfidence // RC
+ v2CollateralDamagePotential // CDP
+ v2TargetDistribution // TD
+ v2ConfidentialityRequirement // CR
+ v2IntegrityRequirement // IR
+ v2AvailabilityRequirement // AR
+
+ v2InvalidMetricKey // invalid
)
// CVSS V2 metric key info lut
-var v2MetricKeys = map[V2MetricKey]struct {
+var v2MetricKeys = map[v2MetricKey]struct {
Name string
- Category MetricCategory
+ Category Category
} {
- V2AccessVector: { "Access Vector", Base },
- V2AccessComplexity: { "Access Complexity", Base },
- V2Authentication: { "Authentication", Base },
- V2ConfidentialityImpact: { "Confidentiality Impact", Base },
- V2IntegrityImpact: { "Integrity Impact", Base },
- V2AvailabilityImpact: { "Availability Impact", Base },
- V2Exploitability: { "Exploitability", Temporal },
- V2RemediationLevel: { "Remediation Level", Temporal },
- V2ReportConfidence: { "Report Confidence", Temporal },
- V2CollateralDamagePotential: { "Collateral Damage Potential", Environmental },
- V2TargetDistribution: { "Target Distribution", Environmental },
- V2ConfidentialityRequirement: { "Confidentiality Requirement", Environmental },
- V2IntegrityRequirement: { "Integrity Requirement", Environmental },
- V2AvailabilityRequirement: { "Availability Requirement", Environmental },
+ v2AccessVector: { "Access Vector", Base },
+ v2AccessComplexity: { "Access Complexity", Base },
+ v2Authentication: { "Authentication", Base },
+ v2ConfidentialityImpact: { "Confidentiality Impact", Base },
+ v2IntegrityImpact: { "Integrity Impact", Base },
+ v2AvailabilityImpact: { "Availability Impact", Base },
+ v2Exploitability: { "Exploitability", Temporal },
+ v2RemediationLevel: { "Remediation Level", Temporal },
+ v2ReportConfidence: { "Report Confidence", Temporal },
+ v2CollateralDamagePotential: { "Collateral Damage Potential", Environmental },
+ v2TargetDistribution: { "Target Distribution", Environmental },
+ v2ConfidentialityRequirement: { "Confidentiality Requirement", Environmental },
+ v2IntegrityRequirement: { "Integrity Requirement", Environmental },
+ v2AvailabilityRequirement: { "Availability Requirement", Environmental },
}
// v2 metric key IDs lut
-var v2MetricKeyIds = map[string]V2MetricKey {
- "AV": V2AccessVector,
- "AC": V2AccessComplexity,
- "Au": V2Authentication,
- "C": V2ConfidentialityImpact,
- "I": V2IntegrityImpact,
- "A": V2AvailabilityImpact,
- "E": V2Exploitability,
- "RL": V2RemediationLevel,
- "RC": V2ReportConfidence,
- "CDP": V2CollateralDamagePotential,
- "TD": V2TargetDistribution,
- "CR": V2ConfidentialityRequirement,
- "IR": V2IntegrityRequirement,
- "AR": V2AvailabilityRequirement,
+var v2MetricKeyIds = map[string]v2MetricKey {
+ "AV": v2AccessVector,
+ "AC": v2AccessComplexity,
+ "Au": v2Authentication,
+ "C": v2ConfidentialityImpact,
+ "I": v2IntegrityImpact,
+ "A": v2AvailabilityImpact,
+ "E": v2Exploitability,
+ "RL": v2RemediationLevel,
+ "RC": v2ReportConfidence,
+ "CDP": v2CollateralDamagePotential,
+ "TD": v2TargetDistribution,
+ "CR": v2ConfidentialityRequirement,
+ "IR": v2IntegrityRequirement,
+ "AR": v2AvailabilityRequirement,
}
// Get metric key from string.
-func GetV2MetricKeyFromString(s string) (V2MetricKey, error) {
+func getV2MetricKeyFromString(s string) (v2MetricKey, error) {
k, ok := v2MetricKeyIds[s]
if ok {
return k, nil
} else {
- return V2AccessVector, fmt.Errorf("unknown metric key: %s", s)
+ return v2InvalidMetricKey, fmt.Errorf("invalid metric key: %s", s)
}
}
// Get metric key name.
-func (k V2MetricKey) Name() string {
+func (k v2MetricKey) Name() string {
return v2MetricKeys[k].Name
}
// Get metric key category.
-func (k V2MetricKey) Category() MetricCategory {
+func (k v2MetricKey) Category() Category {
return v2MetricKeys[k].Category
}
// CVSS v2 metric value
-type V2Metric byte
+type v2Metric byte
const (
- V2AVNetwork V2Metric = iota // AV:N
- V2AVAdjacentNetwork // AV:A
- V2AVLocal // AV:L
-
- V2ACLow // AC:L
- V2ACMedium // AC:L
- V2ACHigh // AC:H
-
- V2AuMultiple // Au:M
- V2AuSingle // Au:S
- V2AuNone // Au:N
-
- V2CNone // C:N
- V2CPartial // C:P
- V2CComplete // C:C
-
- V2INone // I:N
- V2IPartial // I:P
- V2IComplete // I:C
-
- V2ANone // A:N
- V2APartial // A:P
- V2AComplete // A:C
-
- V2ENotDefined // E:ND
- V2EUnproven // E:U
- V2EProofOfConcept // E:POC
- V2EFunctional // E:F
- V2EHigh // E:H
-
- V2RLOfficialFix // RL:OF
- V2RLTemporaryFix // RL:TF
- V2RLWorkaround // RL:W
- V2RLUnavailable // RL:U
- V2RLNotDefined // RL:ND
-
- V2RCUnconfirmed // RC:UC
- V2RCUncorroborated // RC:UR
- V2RCConfirmed // RC:C
- V2RCNotDefined // RC:ND
-
- V2CDPNone // CDP:N
- V2CDPLow // CDP:L
- V2CDPLowMedium // CDP:LM
- V2CDPMediumHigh // CDP:MH
- V2CDPHigh // CDP:H
- V2CDPNotDefined // CDP:ND
-
- V2TDNone // TD:N
- V2TDLow // TD:L
- V2TDMedium // TD:M
- V2TDHigh // TD:H
- V2TDNotDefined // TD:ND
-
- V2CRLow // CR:L
- V2CRMedium // CR:M
- V2CRHigh // CR:H
- V2CRNotDefined // CR:ND
-
- V2IRLow // IR:L
- V2IRMedium // IR:M
- V2IRHigh // IR:H
- V2IRNotDefined // IR:ND
-
- V2ARLow // AR:L
- V2ARMedium // AR:M
- V2ARHigh // AR:H
- V2ARNotDefined // AR:ND
+ v2AVNetwork v2Metric = iota // AV:N
+ v2AVAdjacentNetwork // AV:A
+ v2AVLocal // AV:L
+
+ v2ACLow // AC:L
+ v2ACMedium // AC:L
+ v2ACHigh // AC:H
+
+ v2AuMultiple // Au:M
+ v2AuSingle // Au:S
+ v2AuNone // Au:N
+
+ v2CNone // C:N
+ v2CPartial // C:P
+ v2CComplete // C:C
+
+ v2INone // I:N
+ v2IPartial // I:P
+ v2IComplete // I:C
+
+ v2ANone // A:N
+ v2APartial // A:P
+ v2AComplete // A:C
+
+ v2ENotDefined // E:ND
+ v2EUnproven // E:U
+ v2EProofOfConcept // E:POC
+ v2EFunctional // E:F
+ v2EHigh // E:H
+
+ v2RLOfficialFix // RL:OF
+ v2RLTemporaryFix // RL:TF
+ v2RLWorkaround // RL:W
+ v2RLUnavailable // RL:U
+ v2RLNotDefined // RL:ND
+
+ v2RCUnconfirmed // RC:UC
+ v2RCUncorroborated // RC:UR
+ v2RCConfirmed // RC:C
+ v2RCNotDefined // RC:ND
+
+ v2CDPNone // CDP:N
+ v2CDPLow // CDP:L
+ v2CDPLowMedium // CDP:LM
+ v2CDPMediumHigh // CDP:MH
+ v2CDPHigh // CDP:H
+ v2CDPNotDefined // CDP:ND
+
+ v2TDNone // TD:N
+ v2TDLow // TD:L
+ v2TDMedium // TD:M
+ v2TDHigh // TD:H
+ v2TDNotDefined // TD:ND
+
+ v2CRLow // CR:L
+ v2CRMedium // CR:M
+ v2CRHigh // CR:H
+ v2CRNotDefined // CR:ND
+
+ v2IRLow // IR:L
+ v2IRMedium // IR:M
+ v2IRHigh // IR:H
+ v2IRNotDefined // IR:ND
+
+ v2ARLow // AR:L
+ v2ARMedium // AR:M
+ v2ARHigh // AR:H
+ v2ARNotDefined // AR:ND
+
+ v2InvalidMetric // invalid
)
// map of metrics to metric keys
-var v2MetricKeyLut = map[V2Metric]V2MetricKey {
- V2AVNetwork: V2AccessVector,
- V2AVAdjacentNetwork: V2AccessVector,
- V2AVLocal: V2AccessVector,
-
- V2ACLow: V2AccessComplexity,
- V2ACMedium: V2AccessComplexity,
- V2ACHigh: V2AccessComplexity,
-
- V2AuMultiple: V2Authentication,
- V2AuSingle: V2Authentication,
- V2AuNone: V2Authentication,
-
- V2CNone: V2ConfidentialityImpact,
- V2CPartial: V2ConfidentialityImpact,
- V2CComplete: V2ConfidentialityImpact,
-
- V2INone: V2IntegrityImpact,
- V2IPartial: V2IntegrityImpact,
- V2IComplete: V2IntegrityImpact,
-
- V2ANone: V2AvailabilityImpact,
- V2APartial: V2AvailabilityImpact,
- V2AComplete: V2AvailabilityImpact,
-
- V2ENotDefined: V2Exploitability,
- V2EUnproven: V2Exploitability,
- V2EProofOfConcept: V2Exploitability,
- V2EFunctional: V2Exploitability,
- V2EHigh: V2Exploitability,
-
- V2RLOfficialFix: V2RemediationLevel,
- V2RLTemporaryFix: V2RemediationLevel,
- V2RLWorkaround: V2RemediationLevel,
- V2RLUnavailable: V2RemediationLevel,
- V2RLNotDefined: V2RemediationLevel,
-
- V2RCUnconfirmed: V2ReportConfidence,
- V2RCUncorroborated: V2ReportConfidence,
- V2RCConfirmed: V2ReportConfidence,
- V2RCNotDefined: V2ReportConfidence,
-
- V2CDPNone: V2CollateralDamagePotential,
- V2CDPLow: V2CollateralDamagePotential,
- V2CDPLowMedium: V2CollateralDamagePotential,
- V2CDPMediumHigh: V2CollateralDamagePotential,
- V2CDPHigh: V2CollateralDamagePotential,
- V2CDPNotDefined: V2CollateralDamagePotential,
-
- V2TDNone: V2TargetDistribution,
- V2TDLow: V2TargetDistribution,
- V2TDMedium: V2TargetDistribution,
- V2TDHigh: V2TargetDistribution,
- V2TDNotDefined: V2TargetDistribution,
-
- V2CRLow: V2ConfidentialityRequirement,
- V2CRMedium: V2ConfidentialityRequirement,
- V2CRHigh: V2ConfidentialityRequirement,
- V2CRNotDefined: V2ConfidentialityRequirement,
-
- V2IRLow: V2IntegrityRequirement,
- V2IRMedium: V2IntegrityRequirement,
- V2IRHigh: V2IntegrityRequirement,
- V2IRNotDefined: V2IntegrityRequirement,
-
- V2ARLow: V2AvailabilityRequirement,
- V2ARMedium: V2AvailabilityRequirement,
- V2ARHigh: V2AvailabilityRequirement,
- V2ARNotDefined: V2AvailabilityRequirement,
+var v2MetricKeyLut = map[v2Metric]v2MetricKey {
+ v2AVNetwork: v2AccessVector,
+ v2AVAdjacentNetwork: v2AccessVector,
+ v2AVLocal: v2AccessVector,
+
+ v2ACLow: v2AccessComplexity,
+ v2ACMedium: v2AccessComplexity,
+ v2ACHigh: v2AccessComplexity,
+
+ v2AuMultiple: v2Authentication,
+ v2AuSingle: v2Authentication,
+ v2AuNone: v2Authentication,
+
+ v2CNone: v2ConfidentialityImpact,
+ v2CPartial: v2ConfidentialityImpact,
+ v2CComplete: v2ConfidentialityImpact,
+
+ v2INone: v2IntegrityImpact,
+ v2IPartial: v2IntegrityImpact,
+ v2IComplete: v2IntegrityImpact,
+
+ v2ANone: v2AvailabilityImpact,
+ v2APartial: v2AvailabilityImpact,
+ v2AComplete: v2AvailabilityImpact,
+
+ v2ENotDefined: v2Exploitability,
+ v2EUnproven: v2Exploitability,
+ v2EProofOfConcept: v2Exploitability,
+ v2EFunctional: v2Exploitability,
+ v2EHigh: v2Exploitability,
+
+ v2RLOfficialFix: v2RemediationLevel,
+ v2RLTemporaryFix: v2RemediationLevel,
+ v2RLWorkaround: v2RemediationLevel,
+ v2RLUnavailable: v2RemediationLevel,
+ v2RLNotDefined: v2RemediationLevel,
+
+ v2RCUnconfirmed: v2ReportConfidence,
+ v2RCUncorroborated: v2ReportConfidence,
+ v2RCConfirmed: v2ReportConfidence,
+ v2RCNotDefined: v2ReportConfidence,
+
+ v2CDPNone: v2CollateralDamagePotential,
+ v2CDPLow: v2CollateralDamagePotential,
+ v2CDPLowMedium: v2CollateralDamagePotential,
+ v2CDPMediumHigh: v2CollateralDamagePotential,
+ v2CDPHigh: v2CollateralDamagePotential,
+ v2CDPNotDefined: v2CollateralDamagePotential,
+
+ v2TDNone: v2TargetDistribution,
+ v2TDLow: v2TargetDistribution,
+ v2TDMedium: v2TargetDistribution,
+ v2TDHigh: v2TargetDistribution,
+ v2TDNotDefined: v2TargetDistribution,
+
+ v2CRLow: v2ConfidentialityRequirement,
+ v2CRMedium: v2ConfidentialityRequirement,
+ v2CRHigh: v2ConfidentialityRequirement,
+ v2CRNotDefined: v2ConfidentialityRequirement,
+
+ v2IRLow: v2IntegrityRequirement,
+ v2IRMedium: v2IntegrityRequirement,
+ v2IRHigh: v2IntegrityRequirement,
+ v2IRNotDefined: v2IntegrityRequirement,
+
+ v2ARLow: v2AvailabilityRequirement,
+ v2ARMedium: v2AvailabilityRequirement,
+ v2ARHigh: v2AvailabilityRequirement,
+ v2ARNotDefined: v2AvailabilityRequirement,
}
// map of metric strings to metrics
-var v2MetricStrLut = map[string]V2Metric {
- "AV:N": V2AVNetwork,
- "AV:A": V2AVAdjacentNetwork,
- "AV:L": V2AVLocal,
-
- "AC:L": V2ACLow,
- "AC:M": V2ACMedium,
- "AC:H": V2ACHigh,
-
- "Au:M": V2AuMultiple,
- "Au:S": V2AuSingle,
- "Au:N": V2AuNone,
-
- "C:N": V2CNone,
- "C:P": V2CPartial,
- "C:C": V2CComplete,
-
- "I:N": V2INone,
- "I:P": V2IPartial,
- "I:C": V2IComplete,
-
- "A:N": V2ANone,
- "A:P": V2APartial,
- "A:C": V2AComplete,
-
- "E:ND": V2ENotDefined,
- "E:U": V2EUnproven,
- "E:POC": V2EProofOfConcept,
- "E:F": V2EFunctional,
- "E:H": V2EHigh,
-
- "RL:OF": V2RLOfficialFix,
- "RL:TF": V2RLTemporaryFix,
- "RL:W": V2RLWorkaround,
- "RL:U": V2RLUnavailable,
- "RL:ND": V2RLNotDefined,
-
- "RC:UC": V2RCUnconfirmed,
- "RC:UR": V2RCUncorroborated,
- "RC:C": V2RCConfirmed,
- "RC:ND": V2RCNotDefined,
-
- "CDP:N": V2CDPNone,
- "CDP:L": V2CDPLow,
- "CDP:LM": V2CDPLowMedium,
- "CDP:MH": V2CDPMediumHigh,
- "CDP:H": V2CDPHigh,
- "CDP:ND": V2CDPNotDefined,
-
- "TD:N": V2TDNone,
- "TD:L": V2TDLow,
- "TD:M": V2TDMedium,
- "TD:H": V2TDHigh,
- "TD:ND": V2TDNotDefined,
-
- "CR:L": V2CRLow,
- "CR:M": V2CRMedium,
- "CR:H": V2CRHigh,
- "CR:ND": V2CRNotDefined,
-
- "IR:L": V2IRLow,
- "IR:M": V2IRMedium,
- "IR:H": V2IRHigh,
- "IR:ND": V2IRNotDefined,
-
- "AR:L": V2ARLow,
- "AR:M": V2ARMedium,
- "AR:H": V2ARHigh,
- "AR:ND": V2ARNotDefined,
+var v2MetricStrLut = map[string]v2Metric {
+ "AV:N": v2AVNetwork,
+ "AV:A": v2AVAdjacentNetwork,
+ "AV:L": v2AVLocal,
+
+ "AC:L": v2ACLow,
+ "AC:M": v2ACMedium,
+ "AC:H": v2ACHigh,
+
+ "Au:M": v2AuMultiple,
+ "Au:S": v2AuSingle,
+ "Au:N": v2AuNone,
+
+ "C:N": v2CNone,
+ "C:P": v2CPartial,
+ "C:C": v2CComplete,
+
+ "I:N": v2INone,
+ "I:P": v2IPartial,
+ "I:C": v2IComplete,
+
+ "A:N": v2ANone,
+ "A:P": v2APartial,
+ "A:C": v2AComplete,
+
+ "E:ND": v2ENotDefined,
+ "E:U": v2EUnproven,
+ "E:POC": v2EProofOfConcept,
+ "E:F": v2EFunctional,
+ "E:H": v2EHigh,
+
+ "RL:OF": v2RLOfficialFix,
+ "RL:TF": v2RLTemporaryFix,
+ "RL:W": v2RLWorkaround,
+ "RL:U": v2RLUnavailable,
+ "RL:ND": v2RLNotDefined,
+
+ "RC:UC": v2RCUnconfirmed,
+ "RC:UR": v2RCUncorroborated,
+ "RC:C": v2RCConfirmed,
+ "RC:ND": v2RCNotDefined,
+
+ "CDP:N": v2CDPNone,
+ "CDP:L": v2CDPLow,
+ "CDP:LM": v2CDPLowMedium,
+ "CDP:MH": v2CDPMediumHigh,
+ "CDP:H": v2CDPHigh,
+ "CDP:ND": v2CDPNotDefined,
+
+ "TD:N": v2TDNone,
+ "TD:L": v2TDLow,
+ "TD:M": v2TDMedium,
+ "TD:H": v2TDHigh,
+ "TD:ND": v2TDNotDefined,
+
+ "CR:L": v2CRLow,
+ "CR:M": v2CRMedium,
+ "CR:H": v2CRHigh,
+ "CR:ND": v2CRNotDefined,
+
+ "IR:L": v2IRLow,
+ "IR:M": v2IRMedium,
+ "IR:H": v2IRHigh,
+ "IR:ND": v2IRNotDefined,
+
+ "AR:L": v2ARLow,
+ "AR:M": v2ARMedium,
+ "AR:H": v2ARHigh,
+ "AR:ND": v2ARNotDefined,
}
// Convert string to CVSS 2.0 metric.
-func GetV2MetricFromString(s string) (V2Metric, error) {
+func getV2MetricFromString(s string) (v2Metric, error) {
// get metric
m, ok := v2MetricStrLut[s]
if !ok {
- return V2AVNetwork, fmt.Errorf("invalid metric: %s", s)
+ return v2InvalidMetric, fmt.Errorf("invalid metric: %s", s)
}
// return success
return m, nil
}
+// Get CVSS 2.0 metric key.
+func (m v2Metric) Key() MetricKey {
+ k, _ := v2MetricKeyLut[m]
+ return k
+}
+
// CVSS 2.0 vector.
-type v2Vector []V2Metric
+type v2Vector []v2Metric
// Convert vector to string
func (v v2Vector) String() string {
// convert to slice of metrics
- metrics := []V2Metric(v)
+ metrics := []v2Metric(v)
// build vector
r := make([]string, len(metrics))
@@ -362,16 +372,27 @@ func (v v2Vector) String() string {
func (v2Vector) Version() Version {
return V20
}
+// Return metrics in this vector.
+func (v v2Vector) Metrics() []Metric {
+ // build result
+ r := make([]Metric, len(v))
+ for i, m := range(v) {
+ r[i] = m
+ }
+
+ // return result
+ return r
+}
// create CVSS 2.0 vector from string
-func NewV2VectorFromString(s string) (Vector, error) {
+func newV2Vector(s string) (Vector, error) {
strs := strings.Split(s, "/")
- r := make([]V2Metric, len(strs))
+ r := make([]v2Metric, len(strs))
// walk metric strings
for i, ms := range(strs) {
// convert string to vector
- m, err := GetV2MetricFromString(ms)
+ m, err := getV2MetricFromString(ms)
if err != nil {
return nil, err
}
@@ -385,423 +406,432 @@ func NewV2VectorFromString(s string) (Vector, error) {
}
// CVSS v3 metric key
-type V3MetricKey byte
+type v3MetricKey byte
const (
- V3AttackVector V3MetricKey = iota // AV
- V3AttackComplexity // AC
- V3PrivilegesRequired // PR
- V3UserInteraction // UI
- V3Scope // S
- V3Confidentiality // C
- V3Integrity // I
- V3Availability // A
- V3ExploitCodeMaturity // E
- V3RemediationLevel // RL
- V3ReportConfidence // RC
- V3ConfidentialityRequirement // CR
- V3IntegrityRequirement // IR
- V3AvailabilityRequirement // AR
- V3ModifiedAttackVector // MAV
- V3ModifiedAttackComplexity // MAC
- V3ModifiedPrivilegesRequired // MPR
- V3ModifiedUserInteraction // MUI
- V3ModifiedScope // MS
- V3ModifiedConfidentiality // MC
- V3ModifiedIntegrity // MI
- V3ModifiedAvailability // MA
+ v3AttackVector v3MetricKey = iota // AV
+ v3AttackComplexity // AC
+ v3PrivilegesRequired // PR
+ v3UserInteraction // UI
+ v3Scope // S
+ v3Confidentiality // C
+ v3Integrity // I
+ v3Availability // A
+ v3ExploitCodeMaturity // E
+ v3RemediationLevel // RL
+ v3ReportConfidence // RC
+ v3ConfidentialityRequirement // CR
+ v3IntegrityRequirement // IR
+ v3AvailabilityRequirement // AR
+ v3ModifiedAttackVector // MAV
+ v3ModifiedAttackComplexity // MAC
+ v3ModifiedPrivilegesRequired // MPR
+ v3ModifiedUserInteraction // MUI
+ v3ModifiedScope // MS
+ v3ModifiedConfidentiality // MC
+ v3ModifiedIntegrity // MI
+ v3ModifiedAvailability // MA
+
+ v3InvalidMetricKey // invalid
)
-// CVSS V3 metric key info lut
-var v3MetricKeys = map[V3MetricKey]struct {
+// CVSS v3 metric key info lut
+var v3MetricKeys = map[v3MetricKey]struct {
Name string
- Category MetricCategory
+ Category Category
} {
- V3AttackVector: { "Attack Vector", Base },
- V3AttackComplexity: { "Attack Complexity", Base },
- V3PrivilegesRequired: { "Privileges Required", Base },
- V3UserInteraction: { "User Interaction", Base },
- V3Scope: { "Scope", Base },
- V3Confidentiality: { "Confidentiality", Base },
- V3Integrity: { "Integrity", Base },
- V3Availability: { "Availability", Base },
- V3ExploitCodeMaturity: { "Exploit Code Maturity", Temporal },
- V3RemediationLevel: { "Remediation Level", Temporal },
- V3ReportConfidence: { "Report Confidence", Temporal },
- V3ConfidentialityRequirement: { "Confidentiality Requirement", Environmental },
- V3IntegrityRequirement: { "Integrity Requirement", Environmental },
- V3AvailabilityRequirement: { "Availability Requirement", Environmental },
- V3ModifiedAttackVector: { "Modified Attack Vector", Environmental },
- V3ModifiedAttackComplexity: { "Modified Attack Complexity", Environmental },
- V3ModifiedPrivilegesRequired: { "Modified Privileges Required", Environmental },
- V3ModifiedUserInteraction: { "Modified User Interaction", Environmental },
- V3ModifiedScope: { "Modified Scope", Environmental },
- V3ModifiedConfidentiality: { "Modified Confidentiality", Environmental },
- V3ModifiedIntegrity: { "Modified Integrity", Environmental },
- V3ModifiedAvailability: { "Modified Availability", Environmental },
+ v3AttackVector: { "Attack Vector", Base },
+ v3AttackComplexity: { "Attack Complexity", Base },
+ v3PrivilegesRequired: { "Privileges Required", Base },
+ v3UserInteraction: { "User Interaction", Base },
+ v3Scope: { "Scope", Base },
+ v3Confidentiality: { "Confidentiality", Base },
+ v3Integrity: { "Integrity", Base },
+ v3Availability: { "Availability", Base },
+ v3ExploitCodeMaturity: { "Exploit Code Maturity", Temporal },
+ v3RemediationLevel: { "Remediation Level", Temporal },
+ v3ReportConfidence: { "Report Confidence", Temporal },
+ v3ConfidentialityRequirement: { "Confidentiality Requirement", Environmental },
+ v3IntegrityRequirement: { "Integrity Requirement", Environmental },
+ v3AvailabilityRequirement: { "Availability Requirement", Environmental },
+ v3ModifiedAttackVector: { "Modified Attack Vector", Environmental },
+ v3ModifiedAttackComplexity: { "Modified Attack Complexity", Environmental },
+ v3ModifiedPrivilegesRequired: { "Modified Privileges Required", Environmental },
+ v3ModifiedUserInteraction: { "Modified User Interaction", Environmental },
+ v3ModifiedScope: { "Modified Scope", Environmental },
+ v3ModifiedConfidentiality: { "Modified Confidentiality", Environmental },
+ v3ModifiedIntegrity: { "Modified Integrity", Environmental },
+ v3ModifiedAvailability: { "Modified Availability", Environmental },
}
// metric key IDs lut
-var v3MetricKeyIds = map[string]V3MetricKey {
- "AV": V3AttackVector,
- "AC": V3AttackComplexity,
- "PR": V3PrivilegesRequired,
- "UI": V3UserInteraction,
- "S": V3Scope,
- "C": V3Confidentiality,
- "I": V3Integrity,
- "A": V3Availability,
- "E": V3ExploitCodeMaturity,
- "RL": V3RemediationLevel,
- "RC": V3ReportConfidence,
- "CR": V3ConfidentialityRequirement,
- "IR": V3IntegrityRequirement,
- "AR": V3AvailabilityRequirement,
- "MAV": V3ModifiedAttackVector,
- "MAC": V3ModifiedAttackComplexity,
- "MPR": V3ModifiedPrivilegesRequired,
- "MUI": V3ModifiedUserInteraction,
- "MS": V3ModifiedScope,
- "MC": V3ModifiedConfidentiality,
- "MI": V3ModifiedIntegrity,
- "MA": V3ModifiedAvailability,
+var v3MetricKeyIds = map[string]v3MetricKey {
+ "AV": v3AttackVector,
+ "AC": v3AttackComplexity,
+ "PR": v3PrivilegesRequired,
+ "UI": v3UserInteraction,
+ "S": v3Scope,
+ "C": v3Confidentiality,
+ "I": v3Integrity,
+ "A": v3Availability,
+ "E": v3ExploitCodeMaturity,
+ "RL": v3RemediationLevel,
+ "RC": v3ReportConfidence,
+ "CR": v3ConfidentialityRequirement,
+ "IR": v3IntegrityRequirement,
+ "AR": v3AvailabilityRequirement,
+ "MAV": v3ModifiedAttackVector,
+ "MAC": v3ModifiedAttackComplexity,
+ "MPR": v3ModifiedPrivilegesRequired,
+ "MUI": v3ModifiedUserInteraction,
+ "MS": v3ModifiedScope,
+ "MC": v3ModifiedConfidentiality,
+ "MI": v3ModifiedIntegrity,
+ "MA": v3ModifiedAvailability,
}
// Get metric key from string.
-func GetV3MetricKeyFromString(s string) (V3MetricKey, error) {
+func getV3MetricKeyFromString(s string) (v3MetricKey, error) {
k, ok := v3MetricKeyIds[s]
if ok {
return k, nil
} else {
- return V3AttackVector, fmt.Errorf("unknown metric key: %s", s)
+ return v3InvalidMetricKey, fmt.Errorf("invalid metric key: %s", s)
}
}
// Get metric key name.
-func (k V3MetricKey) Name() string {
+func (k v3MetricKey) Name() string {
return v3MetricKeys[k].Name
}
// Get metric key category.
-func (k V3MetricKey) Category() MetricCategory {
+func (k v3MetricKey) Category() Category {
return v3MetricKeys[k].Category
}
// metric value
-type V3Metric byte
+type v3Metric byte
const (
- V3AVNetwork V3Metric = iota // AV:N
- V3AVAdjacentNetwork // AV:A
- V3AVLocal // AV:L
- V3AVPhysical // AV:P
-
- V3ACLow // AC:L
- V3ACHigh // AC:H
-
- V3PRNone // PR:N
- V3PRLow // PR:L
- V3PRHigh // PR:H
-
- V3UINone // UI:N
- V3UIRequired // UI:R
-
- V3SUnchanged // S:U
- V3SChanged // S:C
-
- V3CHigh // C:H
- V3CLow // C:L
- V3CNone // C:N
-
- V3IHigh // I:H
- V3ILow // I:L
- V3INone // I:N
-
- V3AHigh // A:H
- V3ALow // A:L
- V3ANone // A:N
-
- V3ENotDefined // E:X
- V3EHigh // E:H
- V3EFunctional // E:F
- V3EProofOfConcept // E:P
- V3EUnproven // E:U
-
- V3RLNotDefined // RL:X
- V3RLUnavailable // RL:U
- V3RLWorkaround // RL:W
- V3RLTemporaryFix // RL:T
- V3RLOfficialFix // RL:O
-
- V3RCNotDefined // RC:X
- V3RCConfirmed // RC:C
- V3RCReasonable // RC:R
- V3RCUnknown // RC:U
-
- V3CRNotDefined // CR:X
- V3CRHigh // CR:H
- V3CRMedium // CR:M
- V3CRLow // CR:L
-
- V3IRNotDefined // IR:X
- V3IRHigh // IR:H
- V3IRMedium // IR:M
- V3IRLow // IR:L
-
- V3ARNotDefined // AR:X
- V3ARHigh // AR:H
- V3ARMedium // AR:M
- V3ARLow // AR:L
-
- V3MAVNotDefined // MAV:X
- V3MAVNetwork // MAV:N
- V3MAVAdjacentNetwork // MAV:A
- V3MAVLocal // MAV:L
- V3MAVPhysical // MAV:P
-
- V3MACNotDefined // MAC:X
- V3MACLow // MAC:L
- V3MACHigh // MAC:H
-
- V3MMRNotDefined // MPR:X
- V3MPRLow // MPR:L
- V3MPRHigh // MPR:H
-
- V3MUINotDefined // MUI:X
- V3MUINone // MUI:N
- V3MUIRequired // MUI:R
-
- V3MSNotDefined // MMS:X
- V3MSUnchanged // MMS:U
- V3MSChanged // MMS:C
-
- V3MCNotDefined // MC:X
- V3MCHigh // MC:H
- V3MCLow // MC:L
- V3MCNone // MC:N
-
- V3MINotDefined // MI:X
- V3MIHigh // MI:H
- V3MILow // MI:L
- V3MINone // MI:N
-
- V3MANotDefined // MA:X
- V3MAHigh // MA:H
- V3MALow // MA:L
- V3MANone // MA:N
- V3UnknownMetric // unknown
+ v3AVNetwork v3Metric = iota // AV:N
+ v3AVAdjacentNetwork // AV:A
+ v3AVLocal // AV:L
+ v3AVPhysical // AV:P
+
+ v3ACLow // AC:L
+ v3ACHigh // AC:H
+
+ v3PRNone // PR:N
+ v3PRLow // PR:L
+ v3PRHigh // PR:H
+
+ v3UINone // UI:N
+ v3UIRequired // UI:R
+
+ v3SUnchanged // S:U
+ v3SChanged // S:C
+
+ v3CHigh // C:H
+ v3CLow // C:L
+ v3CNone // C:N
+
+ v3IHigh // I:H
+ v3ILow // I:L
+ v3INone // I:N
+
+ v3AHigh // A:H
+ v3ALow // A:L
+ v3ANone // A:N
+
+ v3ENotDefined // E:X
+ v3EHigh // E:H
+ v3EFunctional // E:F
+ v3EProofOfConcept // E:P
+ v3EUnproven // E:U
+
+ v3RLNotDefined // RL:X
+ v3RLUnavailable // RL:U
+ v3RLWorkaround // RL:W
+ v3RLTemporaryFix // RL:T
+ v3RLOfficialFix // RL:O
+
+ v3RCNotDefined // RC:X
+ v3RCConfirmed // RC:C
+ v3RCReasonable // RC:R
+ v3RCUnknown // RC:U
+
+ v3CRNotDefined // CR:X
+ v3CRHigh // CR:H
+ v3CRMedium // CR:M
+ v3CRLow // CR:L
+
+ v3IRNotDefined // IR:X
+ v3IRHigh // IR:H
+ v3IRMedium // IR:M
+ v3IRLow // IR:L
+
+ v3ARNotDefined // AR:X
+ v3ARHigh // AR:H
+ v3ARMedium // AR:M
+ v3ARLow // AR:L
+
+ v3MAVNotDefined // MAV:X
+ v3MAVNetwork // MAV:N
+ v3MAVAdjacentNetwork // MAV:A
+ v3MAVLocal // MAV:L
+ v3MAVPhysical // MAV:P
+
+ v3MACNotDefined // MAC:X
+ v3MACLow // MAC:L
+ v3MACHigh // MAC:H
+
+ v3MMRNotDefined // MPR:X
+ v3MPRLow // MPR:L
+ v3MPRHigh // MPR:H
+
+ v3MUINotDefined // MUI:X
+ v3MUINone // MUI:N
+ v3MUIRequired // MUI:R
+
+ v3MSNotDefined // MMS:X
+ v3MSUnchanged // MMS:U
+ v3MSChanged // MMS:C
+
+ v3MCNotDefined // MC:X
+ v3MCHigh // MC:H
+ v3MCLow // MC:L
+ v3MCNone // MC:N
+
+ v3MINotDefined // MI:X
+ v3MIHigh // MI:H
+ v3MILow // MI:L
+ v3MINone // MI:N
+
+ v3MANotDefined // MA:X
+ v3MAHigh // MA:H
+ v3MALow // MA:L
+ v3MANone // MA:N
+
+ v3InvalidMetric // invalid
)
// map of metrics to metric keys
-var v3MetricKeyLut = map[V3Metric]V3MetricKey {
- V3AVNetwork: V3AttackVector, // AV:N
- V3AVAdjacentNetwork: V3AttackVector, // AV:A
- V3AVLocal: V3AttackVector, // AV:L
- V3AVPhysical: V3AttackVector, // AV:P
-
- V3ACLow: V3AttackComplexity, // AC:L
- V3ACHigh: V3AttackComplexity, // AC:H
-
- V3PRNone: V3PrivilegesRequired, // PR:N
- V3PRLow: V3PrivilegesRequired, // PR:L
- V3PRHigh: V3PrivilegesRequired, // PR:H
-
- V3UINone: V3UserInteraction, // UI:N
- V3UIRequired: V3UserInteraction, // UI:R
-
- V3SUnchanged: V3Scope, // S:U
- V3SChanged: V3Scope, // S:C
-
- V3CHigh: V3Confidentiality, // C:H
- V3CLow: V3Confidentiality, // C:L
- V3CNone: V3Confidentiality, // C:N
-
- V3IHigh: V3Integrity, // I:H
- V3ILow: V3Integrity, // I:L
- V3INone: V3Integrity, // I:N
-
- V3AHigh: V3Availability, // A:H
- V3ALow: V3Availability, // A:L
- V3ANone: V3Availability, // A:N
-
- V3ENotDefined: V3ExploitCodeMaturity, // E:X
- V3EHigh: V3ExploitCodeMaturity, // E:H
- V3EFunctional: V3ExploitCodeMaturity, // E:F
- V3EProofOfConcept: V3ExploitCodeMaturity, // E:P
- V3EUnproven: V3ExploitCodeMaturity, // E:U
-
- V3RLNotDefined: V3RemediationLevel, // RL:X
- V3RLUnavailable: V3RemediationLevel, // RL:U
- V3RLWorkaround: V3RemediationLevel, // RL:W
- V3RLTemporaryFix: V3RemediationLevel, // RL:T
- V3RLOfficialFix: V3RemediationLevel, // RL:O
-
- V3RCNotDefined: V3ReportConfidence, // RC:X
- V3RCConfirmed: V3ReportConfidence, // RC:C
- V3RCReasonable: V3ReportConfidence, // RC:R
- V3RCUnknown: V3ReportConfidence, // RC:U
-
- V3CRNotDefined: V3ConfidentialityRequirement, // CR:X
- V3CRHigh: V3ConfidentialityRequirement, // CR:H
- V3CRMedium: V3ConfidentialityRequirement, // CR:M
- V3CRLow: V3ConfidentialityRequirement, // CR:L
-
- V3IRNotDefined: V3IntegrityRequirement, // IR:X
- V3IRHigh: V3IntegrityRequirement, // IR:H
- V3IRMedium: V3IntegrityRequirement, // IR:M
- V3IRLow: V3IntegrityRequirement, // IR:L
-
- V3ARNotDefined: V3AvailabilityRequirement, // AR:X
- V3ARHigh: V3AvailabilityRequirement, // AR:H
- V3ARMedium: V3AvailabilityRequirement, // AR:M
- V3ARLow: V3AvailabilityRequirement, // AR:L
-
- V3MAVNotDefined: V3ModifiedAttackVector, // MAV:X
- V3MAVNetwork: V3ModifiedAttackVector, // MAV:N
- V3MAVAdjacentNetwork: V3ModifiedAttackVector, // MAV:A
- V3MAVLocal: V3ModifiedAttackVector, // MAV:L
- V3MAVPhysical: V3ModifiedAttackVector, // MAV:P
-
- V3MACNotDefined: V3ModifiedAttackComplexity, // MAC:X
- V3MACLow: V3ModifiedAttackComplexity, // MAC:L
- V3MACHigh: V3ModifiedAttackComplexity, // MAC:H
-
- V3MMRNotDefined: V3ModifiedPrivilegesRequired, // MPR:X
- V3MPRLow: V3ModifiedPrivilegesRequired, // MPR:L
- V3MPRHigh: V3ModifiedPrivilegesRequired, // MPR:H
-
- V3MUINotDefined: V3ModifiedUserInteraction, // MUI:X
- V3MUINone: V3ModifiedUserInteraction, // MUI:N
- V3MUIRequired: V3ModifiedUserInteraction, // MUI:R
-
- V3MSNotDefined: V3ModifiedScope, // MMS:X
- V3MSUnchanged: V3ModifiedConfidentiality, // MMS:U
- V3MSChanged: V3ModifiedIntegrity, // MMS:C
-
- V3MCNotDefined: V3ModifiedConfidentiality, // MC:X
- V3MCHigh: V3ModifiedConfidentiality, // MC:H
- V3MCLow: V3ModifiedConfidentiality, // MC:L
- V3MCNone: V3ModifiedConfidentiality, // MC:N
-
- V3MINotDefined: V3ModifiedIntegrity, // MI:X
- V3MIHigh: V3ModifiedIntegrity, // MI:H
- V3MILow: V3ModifiedIntegrity, // MI:L
- V3MINone: V3ModifiedIntegrity, // MI:N
-
- V3MANotDefined: V3ModifiedAvailability, // MA:X
- V3MAHigh: V3ModifiedAvailability, // MA:H
- V3MALow: V3ModifiedAvailability, // MA:L
- V3MANone: V3ModifiedAvailability, // MA:N
+var v3MetricKeyLut = map[v3Metric]v3MetricKey {
+ v3AVNetwork: v3AttackVector, // AV:N
+ v3AVAdjacentNetwork: v3AttackVector, // AV:A
+ v3AVLocal: v3AttackVector, // AV:L
+ v3AVPhysical: v3AttackVector, // AV:P
+
+ v3ACLow: v3AttackComplexity, // AC:L
+ v3ACHigh: v3AttackComplexity, // AC:H
+
+ v3PRNone: v3PrivilegesRequired, // PR:N
+ v3PRLow: v3PrivilegesRequired, // PR:L
+ v3PRHigh: v3PrivilegesRequired, // PR:H
+
+ v3UINone: v3UserInteraction, // UI:N
+ v3UIRequired: v3UserInteraction, // UI:R
+
+ v3SUnchanged: v3Scope, // S:U
+ v3SChanged: v3Scope, // S:C
+
+ v3CHigh: v3Confidentiality, // C:H
+ v3CLow: v3Confidentiality, // C:L
+ v3CNone: v3Confidentiality, // C:N
+
+ v3IHigh: v3Integrity, // I:H
+ v3ILow: v3Integrity, // I:L
+ v3INone: v3Integrity, // I:N
+
+ v3AHigh: v3Availability, // A:H
+ v3ALow: v3Availability, // A:L
+ v3ANone: v3Availability, // A:N
+
+ v3ENotDefined: v3ExploitCodeMaturity, // E:X
+ v3EHigh: v3ExploitCodeMaturity, // E:H
+ v3EFunctional: v3ExploitCodeMaturity, // E:F
+ v3EProofOfConcept: v3ExploitCodeMaturity, // E:P
+ v3EUnproven: v3ExploitCodeMaturity, // E:U
+
+ v3RLNotDefined: v3RemediationLevel, // RL:X
+ v3RLUnavailable: v3RemediationLevel, // RL:U
+ v3RLWorkaround: v3RemediationLevel, // RL:W
+ v3RLTemporaryFix: v3RemediationLevel, // RL:T
+ v3RLOfficialFix: v3RemediationLevel, // RL:O
+
+ v3RCNotDefined: v3ReportConfidence, // RC:X
+ v3RCConfirmed: v3ReportConfidence, // RC:C
+ v3RCReasonable: v3ReportConfidence, // RC:R
+ v3RCUnknown: v3ReportConfidence, // RC:U
+
+ v3CRNotDefined: v3ConfidentialityRequirement, // CR:X
+ v3CRHigh: v3ConfidentialityRequirement, // CR:H
+ v3CRMedium: v3ConfidentialityRequirement, // CR:M
+ v3CRLow: v3ConfidentialityRequirement, // CR:L
+
+ v3IRNotDefined: v3IntegrityRequirement, // IR:X
+ v3IRHigh: v3IntegrityRequirement, // IR:H
+ v3IRMedium: v3IntegrityRequirement, // IR:M
+ v3IRLow: v3IntegrityRequirement, // IR:L
+
+ v3ARNotDefined: v3AvailabilityRequirement, // AR:X
+ v3ARHigh: v3AvailabilityRequirement, // AR:H
+ v3ARMedium: v3AvailabilityRequirement, // AR:M
+ v3ARLow: v3AvailabilityRequirement, // AR:L
+
+ v3MAVNotDefined: v3ModifiedAttackVector, // MAV:X
+ v3MAVNetwork: v3ModifiedAttackVector, // MAV:N
+ v3MAVAdjacentNetwork: v3ModifiedAttackVector, // MAV:A
+ v3MAVLocal: v3ModifiedAttackVector, // MAV:L
+ v3MAVPhysical: v3ModifiedAttackVector, // MAV:P
+
+ v3MACNotDefined: v3ModifiedAttackComplexity, // MAC:X
+ v3MACLow: v3ModifiedAttackComplexity, // MAC:L
+ v3MACHigh: v3ModifiedAttackComplexity, // MAC:H
+
+ v3MMRNotDefined: v3ModifiedPrivilegesRequired, // MPR:X
+ v3MPRLow: v3ModifiedPrivilegesRequired, // MPR:L
+ v3MPRHigh: v3ModifiedPrivilegesRequired, // MPR:H
+
+ v3MUINotDefined: v3ModifiedUserInteraction, // MUI:X
+ v3MUINone: v3ModifiedUserInteraction, // MUI:N
+ v3MUIRequired: v3ModifiedUserInteraction, // MUI:R
+
+ v3MSNotDefined: v3ModifiedScope, // MMS:X
+ v3MSUnchanged: v3ModifiedConfidentiality, // MMS:U
+ v3MSChanged: v3ModifiedIntegrity, // MMS:C
+
+ v3MCNotDefined: v3ModifiedConfidentiality, // MC:X
+ v3MCHigh: v3ModifiedConfidentiality, // MC:H
+ v3MCLow: v3ModifiedConfidentiality, // MC:L
+ v3MCNone: v3ModifiedConfidentiality, // MC:N
+
+ v3MINotDefined: v3ModifiedIntegrity, // MI:X
+ v3MIHigh: v3ModifiedIntegrity, // MI:H
+ v3MILow: v3ModifiedIntegrity, // MI:L
+ v3MINone: v3ModifiedIntegrity, // MI:N
+
+ v3MANotDefined: v3ModifiedAvailability, // MA:X
+ v3MAHigh: v3ModifiedAvailability, // MA:H
+ v3MALow: v3ModifiedAvailability, // MA:L
+ v3MANone: v3ModifiedAvailability, // MA:N
}
// map of metric strings to metrics
-var v3MetricStrLut = map[string]V3Metric {
- "AV:N": V3AVNetwork,
- "AV:A": V3AVAdjacentNetwork,
- "AV:L": V3AVLocal,
- "AV:P": V3AVPhysical,
-
- "AC:L": V3ACLow,
- "AC:H": V3ACHigh,
-
- "PR:N": V3PRNone,
- "PR:L": V3PRLow,
- "PR:H": V3PRHigh,
-
- "UI:N": V3UINone,
- "UI:R": V3UIRequired,
-
- "S:U": V3SUnchanged,
- "S:C": V3SChanged,
-
- "C:H": V3CHigh,
- "C:L": V3CLow,
- "C:N": V3CNone,
-
- "I:H": V3IHigh,
- "I:L": V3ILow,
- "I:N": V3INone,
-
- "A:H": V3AHigh,
- "A:L": V3ALow,
- "A:N": V3ANone,
-
- "E:X": V3ENotDefined,
- "E:H": V3EHigh,
- "E:F": V3EFunctional,
- "E:P": V3EProofOfConcept,
- "E:U": V3EUnproven,
-
- "RL:X": V3RLNotDefined,
- "RL:U": V3RLUnavailable,
- "RL:W": V3RLWorkaround,
- "RL:T": V3RLTemporaryFix,
- "RL:O": V3RLOfficialFix,
-
- "RC:X": V3RCNotDefined,
- "RC:C": V3RCConfirmed,
- "RC:R": V3RCReasonable,
- "RC:U": V3RCUnknown,
-
- "CR:X": V3CRNotDefined,
- "CR:H": V3CRHigh,
- "CR:M": V3CRMedium,
- "CR:L": V3CRLow,
-
- "IR:X": V3IRNotDefined,
- "IR:H": V3IRHigh,
- "IR:M": V3IRMedium,
- "IR:L": V3IRLow,
-
- "AR:X": V3ARNotDefined,
- "AR:H": V3ARHigh,
- "AR:M": V3ARMedium,
- "AR:L": V3ARLow,
-
- "MAV:X": V3MAVNotDefined,
- "MAV:N": V3MAVNetwork,
- "MAV:A": V3MAVAdjacentNetwork,
- "MAV:L": V3MAVLocal,
- "MAV:P": V3MAVPhysical,
-
- "MAC:X": V3MACNotDefined,
- "MAC:L": V3MACLow,
- "MAC:H": V3MACHigh,
-
- "MPR:X": V3MMRNotDefined,
- "MPR:L": V3MPRLow,
- "MPR:H": V3MPRHigh,
-
- "MUI:X": V3MUINotDefined,
- "MUI:N": V3MUINone,
- "MUI:R": V3MUIRequired,
-
- "MMS:X": V3MSNotDefined,
- "MMS:U": V3MSUnchanged,
- "MMS:C": V3MSChanged,
-
- "MC:X": V3MCNotDefined,
- "MC:H": V3MCHigh,
- "MC:L": V3MCLow,
- "MC:N": V3MCNone,
-
- "MI:X": V3MINotDefined,
- "MI:H": V3MIHigh,
- "MI:L": V3MILow,
- "MI:N": V3MINone,
-
- "MA:X": V3MANotDefined,
- "MA:H": V3MAHigh,
- "MA:L": V3MALow,
- "MA:N": V3MANone,
+var v3MetricStrLut = map[string]v3Metric {
+ "AV:N": v3AVNetwork,
+ "AV:A": v3AVAdjacentNetwork,
+ "AV:L": v3AVLocal,
+ "AV:P": v3AVPhysical,
+
+ "AC:L": v3ACLow,
+ "AC:H": v3ACHigh,
+
+ "PR:N": v3PRNone,
+ "PR:L": v3PRLow,
+ "PR:H": v3PRHigh,
+
+ "UI:N": v3UINone,
+ "UI:R": v3UIRequired,
+
+ "S:U": v3SUnchanged,
+ "S:C": v3SChanged,
+
+ "C:H": v3CHigh,
+ "C:L": v3CLow,
+ "C:N": v3CNone,
+
+ "I:H": v3IHigh,
+ "I:L": v3ILow,
+ "I:N": v3INone,
+
+ "A:H": v3AHigh,
+ "A:L": v3ALow,
+ "A:N": v3ANone,
+
+ "E:X": v3ENotDefined,
+ "E:H": v3EHigh,
+ "E:F": v3EFunctional,
+ "E:P": v3EProofOfConcept,
+ "E:U": v3EUnproven,
+
+ "RL:X": v3RLNotDefined,
+ "RL:U": v3RLUnavailable,
+ "RL:W": v3RLWorkaround,
+ "RL:T": v3RLTemporaryFix,
+ "RL:O": v3RLOfficialFix,
+
+ "RC:X": v3RCNotDefined,
+ "RC:C": v3RCConfirmed,
+ "RC:R": v3RCReasonable,
+ "RC:U": v3RCUnknown,
+
+ "CR:X": v3CRNotDefined,
+ "CR:H": v3CRHigh,
+ "CR:M": v3CRMedium,
+ "CR:L": v3CRLow,
+
+ "IR:X": v3IRNotDefined,
+ "IR:H": v3IRHigh,
+ "IR:M": v3IRMedium,
+ "IR:L": v3IRLow,
+
+ "AR:X": v3ARNotDefined,
+ "AR:H": v3ARHigh,
+ "AR:M": v3ARMedium,
+ "AR:L": v3ARLow,
+
+ "MAV:X": v3MAVNotDefined,
+ "MAV:N": v3MAVNetwork,
+ "MAV:A": v3MAVAdjacentNetwork,
+ "MAV:L": v3MAVLocal,
+ "MAV:P": v3MAVPhysical,
+
+ "MAC:X": v3MACNotDefined,
+ "MAC:L": v3MACLow,
+ "MAC:H": v3MACHigh,
+
+ "MPR:X": v3MMRNotDefined,
+ "MPR:L": v3MPRLow,
+ "MPR:H": v3MPRHigh,
+
+ "MUI:X": v3MUINotDefined,
+ "MUI:N": v3MUINone,
+ "MUI:R": v3MUIRequired,
+
+ "MMS:X": v3MSNotDefined,
+ "MMS:U": v3MSUnchanged,
+ "MMS:C": v3MSChanged,
+
+ "MC:X": v3MCNotDefined,
+ "MC:H": v3MCHigh,
+ "MC:L": v3MCLow,
+ "MC:N": v3MCNone,
+
+ "MI:X": v3MINotDefined,
+ "MI:H": v3MIHigh,
+ "MI:L": v3MILow,
+ "MI:N": v3MINone,
+
+ "MA:X": v3MANotDefined,
+ "MA:H": v3MAHigh,
+ "MA:L": v3MALow,
+ "MA:N": v3MANone,
+}
+
+// Get CVSS 3.x metric key.
+func (m v3Metric) Key() MetricKey {
+ k, _ := v3MetricKeyLut[m]
+ return k
}
// Convert string to CVSS 3.1 metric.
-func GetV3MetricFromString(s string) (V3Metric, error) {
+func getV3Metric(s string) (v3Metric, error) {
// get metric
m, ok := v3MetricStrLut[s]
if !ok {
- return V3AVNetwork, fmt.Errorf("invalid metric: %s", s)
+ return v3InvalidMetric, fmt.Errorf("invalid metric: %s", s)
}
// return success
@@ -812,12 +842,12 @@ func GetV3MetricFromString(s string) (V3Metric, error) {
var v30Prefix = "CVSS:3.0/"
// CVSS 3.0 vector.
-type v30Vector []V3Metric
+type v30Vector []v3Metric
// Convert vector to string
func (v v30Vector) String() string {
// convert to slice of metrics
- metrics := []V3Metric(v)
+ metrics := []v3Metric(v)
// build vector
r := make([]string, len(metrics))
@@ -834,15 +864,27 @@ func (v30Vector) Version() Version {
return V30
}
+// Return metrics in this vector.
+func (v v30Vector) Metrics() []Metric {
+ // build result
+ r := make([]Metric, len(v))
+ for i, m := range(v) {
+ r[i] = m
+ }
+
+ // return result
+ return r
+}
+
// create CVSS 3.0 vector from string
-func NewV30VectorFromString(s string) (Vector, error) {
+func newV30Vector(s string) (Vector, error) {
strs := strings.Split(s, "/")
- r := make([]V3Metric, len(strs))
+ r := make([]v3Metric, len(strs))
// walk metric strings
for i, ms := range(strs) {
- // convert string to vector
- m, err := GetV3MetricFromString(ms)
+ // convert metric string to metric
+ m, err := getV3Metric(ms)
if err != nil {
return nil, err
}
@@ -859,12 +901,12 @@ func NewV30VectorFromString(s string) (Vector, error) {
var v31Prefix = "CVSS:3.1/"
// CVSS 3.1 vector.
-type v31Vector []V3Metric
+type v31Vector []v3Metric
// Convert vector to string
func (v v31Vector) String() string {
// convert to slice of metrics
- metrics := []V3Metric(v)
+ metrics := []v3Metric(v)
// build vector
r := make([]string, len(metrics))
@@ -881,15 +923,27 @@ func (v31Vector) Version() Version {
return V31
}
+// Return metrics in this vector.
+func (v v31Vector) Metrics() []Metric {
+ // build result
+ r := make([]Metric, len(v))
+ for i, m := range(v) {
+ r[i] = m
+ }
+
+ // return result
+ return r
+}
+
// create CVSS 3.1 vector from string
-func NewV31VectorFromString(s string) (Vector, error) {
+func newV31Vector(s string) (Vector, error) {
strs := strings.Split(s, "/")
- r := make([]V3Metric, len(strs))
+ r := make([]v3Metric, len(strs))
// walk metric strings
for i, ms := range(strs) {
- // convert string to vector
- m, err := GetV3MetricFromString(ms)
+ // get metric from string
+ m, err := getV3Metric(ms)
if err != nil {
return nil, err
}
@@ -902,25 +956,49 @@ func NewV31VectorFromString(s string) (Vector, error) {
return v31Vector(r), nil
}
-// CVSS vector
+// Metric key.
+type MetricKey interface {
+ // Get full name.
+ Name() string
+
+ // Get category.
+ Category() Category
+
+ // Return string representation.
+ String() string
+}
+
+// CVSS metric.
+type Metric interface {
+ // Get metric key.
+ Key() MetricKey
+
+ // Return string representation of metric.
+ String() string
+}
+
+// CVSS metric vector.
type Vector interface {
// Get CVSS version.
Version() Version
// Get CVSS vector string.
String() string
+
+ // Return metrics in this vector.
+ Metrics() []Metric
}
// Create new CVSS vector from vector string.
func NewVector(s string) (Vector, error) {
if len(s) > len(v31Prefix) && s[:len(v31Prefix)] == v31Prefix {
// create CVSS v2.0 vector.
- return NewV31VectorFromString(s[len(v31Prefix):])
+ return newV31Vector(s[len(v31Prefix):])
} else if len(s) > len(v30Prefix) && s[:len(v30Prefix)] == v30Prefix {
// create CVSS v3.0 vector.
- return NewV30VectorFromString(s[len(v30Prefix):])
+ return newV30Vector(s[len(v30Prefix):])
} else {
// create CVSS V2 vector
- return NewV2VectorFromString(s)
+ return newV2Vector(s)
}
}