diff options
| -rw-r--r-- | internal/cvss/cvss.go | 239 | ||||
| -rw-r--r-- | internal/cvss/v2metric.go | 242 |
2 files changed, 242 insertions, 239 deletions
diff --git a/internal/cvss/cvss.go b/internal/cvss/cvss.go index 41422f7..c56046b 100644 --- a/internal/cvss/cvss.go +++ b/internal/cvss/cvss.go @@ -5,248 +5,9 @@ import ( "strings" ) -//go:generate stringer -linecomment -type=v2Metric //go:generate stringer -linecomment -type=v3Key //go:generate stringer -linecomment -type=v3Metric -// CVSS v2 metric value -type v2Metric byte - -const ( - v2AVNetwork v2Metric = iota // AV:N - v2AVAdjacentNetwork // AV:A - v2AVLocal // AV:L - - v2ACLow // AC:L - v2ACMedium // AC:L - v2ACHigh // AC:H - - v2AuMultiple // Au:M - v2AuSingle // Au:S - v2AuNone // Au:N - - v2CNone // C:N - v2CPartial // C:P - v2CComplete // C:C - - v2INone // I:N - v2IPartial // I:P - v2IComplete // I:C - - v2ANone // A:N - v2APartial // A:P - v2AComplete // A:C - - v2ENotDefined // E:ND - v2EUnproven // E:U - v2EProofOfConcept // E:POC - v2EFunctional // E:F - v2EHigh // E:H - - v2RLOfficialFix // RL:OF - v2RLTemporaryFix // RL:TF - v2RLWorkaround // RL:W - v2RLUnavailable // RL:U - v2RLNotDefined // RL:ND - - v2RCUnconfirmed // RC:UC - v2RCUncorroborated // RC:UR - v2RCConfirmed // RC:C - v2RCNotDefined // RC:ND - - v2CDPNone // CDP:N - v2CDPLow // CDP:L - v2CDPLowMedium // CDP:LM - v2CDPMediumHigh // CDP:MH - v2CDPHigh // CDP:H - v2CDPNotDefined // CDP:ND - - v2TDNone // TD:N - v2TDLow // TD:L - v2TDMedium // TD:M - v2TDHigh // TD:H - v2TDNotDefined // TD:ND - - v2CRLow // CR:L - v2CRMedium // CR:M - v2CRHigh // CR:H - v2CRNotDefined // CR:ND - - v2IRLow // IR:L - v2IRMedium // IR:M - v2IRHigh // IR:H - v2IRNotDefined // IR:ND - - v2ARLow // AR:L - v2ARMedium // AR:M - v2ARHigh // AR:H - v2ARNotDefined // AR:ND - - v2InvalidMetric // invalid -) - -// map of metrics to metric keys -var v2KeyLut = map[v2Metric]v2Key { - v2AVNetwork: v2AccessVector, - v2AVAdjacentNetwork: v2AccessVector, - v2AVLocal: v2AccessVector, - - v2ACLow: v2AccessComplexity, - v2ACMedium: v2AccessComplexity, - v2ACHigh: v2AccessComplexity, - - v2AuMultiple: v2Authentication, - v2AuSingle: v2Authentication, - v2AuNone: v2Authentication, - - v2CNone: v2ConfidentialityImpact, - v2CPartial: v2ConfidentialityImpact, - v2CComplete: v2ConfidentialityImpact, - - v2INone: v2IntegrityImpact, - v2IPartial: v2IntegrityImpact, - v2IComplete: v2IntegrityImpact, - - v2ANone: v2AvailabilityImpact, - v2APartial: v2AvailabilityImpact, - v2AComplete: v2AvailabilityImpact, - - v2ENotDefined: v2Exploitability, - v2EUnproven: v2Exploitability, - v2EProofOfConcept: v2Exploitability, - v2EFunctional: v2Exploitability, - v2EHigh: v2Exploitability, - - v2RLOfficialFix: v2RemediationLevel, - v2RLTemporaryFix: v2RemediationLevel, - v2RLWorkaround: v2RemediationLevel, - v2RLUnavailable: v2RemediationLevel, - v2RLNotDefined: v2RemediationLevel, - - v2RCUnconfirmed: v2ReportConfidence, - v2RCUncorroborated: v2ReportConfidence, - v2RCConfirmed: v2ReportConfidence, - v2RCNotDefined: v2ReportConfidence, - - v2CDPNone: v2CollateralDamagePotential, - v2CDPLow: v2CollateralDamagePotential, - v2CDPLowMedium: v2CollateralDamagePotential, - v2CDPMediumHigh: v2CollateralDamagePotential, - v2CDPHigh: v2CollateralDamagePotential, - v2CDPNotDefined: v2CollateralDamagePotential, - - v2TDNone: v2TargetDistribution, - v2TDLow: v2TargetDistribution, - v2TDMedium: v2TargetDistribution, - v2TDHigh: v2TargetDistribution, - v2TDNotDefined: v2TargetDistribution, - - v2CRLow: v2ConfidentialityRequirement, - v2CRMedium: v2ConfidentialityRequirement, - v2CRHigh: v2ConfidentialityRequirement, - v2CRNotDefined: v2ConfidentialityRequirement, - - v2IRLow: v2IntegrityRequirement, - v2IRMedium: v2IntegrityRequirement, - v2IRHigh: v2IntegrityRequirement, - v2IRNotDefined: v2IntegrityRequirement, - - v2ARLow: v2AvailabilityRequirement, - v2ARMedium: v2AvailabilityRequirement, - v2ARHigh: v2AvailabilityRequirement, - v2ARNotDefined: v2AvailabilityRequirement, -} - -// map of metric strings to metrics -var v2MetricStrLut = map[string]v2Metric { - "AV:N": v2AVNetwork, - "AV:A": v2AVAdjacentNetwork, - "AV:L": v2AVLocal, - - "AC:L": v2ACLow, - "AC:M": v2ACMedium, - "AC:H": v2ACHigh, - - "Au:M": v2AuMultiple, - "Au:S": v2AuSingle, - "Au:N": v2AuNone, - - "C:N": v2CNone, - "C:P": v2CPartial, - "C:C": v2CComplete, - - "I:N": v2INone, - "I:P": v2IPartial, - "I:C": v2IComplete, - - "A:N": v2ANone, - "A:P": v2APartial, - "A:C": v2AComplete, - - "E:ND": v2ENotDefined, - "E:U": v2EUnproven, - "E:POC": v2EProofOfConcept, - "E:F": v2EFunctional, - "E:H": v2EHigh, - - "RL:OF": v2RLOfficialFix, - "RL:TF": v2RLTemporaryFix, - "RL:W": v2RLWorkaround, - "RL:U": v2RLUnavailable, - "RL:ND": v2RLNotDefined, - - "RC:UC": v2RCUnconfirmed, - "RC:UR": v2RCUncorroborated, - "RC:C": v2RCConfirmed, - "RC:ND": v2RCNotDefined, - - "CDP:N": v2CDPNone, - "CDP:L": v2CDPLow, - "CDP:LM": v2CDPLowMedium, - "CDP:MH": v2CDPMediumHigh, - "CDP:H": v2CDPHigh, - "CDP:ND": v2CDPNotDefined, - - "TD:N": v2TDNone, - "TD:L": v2TDLow, - "TD:M": v2TDMedium, - "TD:H": v2TDHigh, - "TD:ND": v2TDNotDefined, - - "CR:L": v2CRLow, - "CR:M": v2CRMedium, - "CR:H": v2CRHigh, - "CR:ND": v2CRNotDefined, - - "IR:L": v2IRLow, - "IR:M": v2IRMedium, - "IR:H": v2IRHigh, - "IR:ND": v2IRNotDefined, - - "AR:L": v2ARLow, - "AR:M": v2ARMedium, - "AR:H": v2ARHigh, - "AR:ND": v2ARNotDefined, -} - -// Convert string to CVSS 2.0 metric. -func getV2MetricFromString(s string) (v2Metric, error) { - // get metric - m, ok := v2MetricStrLut[s] - if !ok { - return v2InvalidMetric, newBadMetric(V20, s) - } - - // return success - return m, nil -} - -// Get CVSS 2.0 metric key. -func (m v2Metric) Key() Key { - k, _ := v2KeyLut[m] - return k -} - // CVSS 2.0 vector. type v2Vector []v2Metric diff --git a/internal/cvss/v2metric.go b/internal/cvss/v2metric.go new file mode 100644 index 0000000..b2b68d8 --- /dev/null +++ b/internal/cvss/v2metric.go @@ -0,0 +1,242 @@ +// CVSS vector parser. +package cvss + +//go:generate stringer -linecomment -type=v2Metric + +// CVSS v2 metric value +type v2Metric byte + +const ( + v2AVNetwork v2Metric = iota // AV:N + v2AVAdjacentNetwork // AV:A + v2AVLocal // AV:L + + v2ACLow // AC:L + v2ACMedium // AC:L + v2ACHigh // AC:H + + v2AuMultiple // Au:M + v2AuSingle // Au:S + v2AuNone // Au:N + + v2CNone // C:N + v2CPartial // C:P + v2CComplete // C:C + + v2INone // I:N + v2IPartial // I:P + v2IComplete // I:C + + v2ANone // A:N + v2APartial // A:P + v2AComplete // A:C + + v2ENotDefined // E:ND + v2EUnproven // E:U + v2EProofOfConcept // E:POC + v2EFunctional // E:F + v2EHigh // E:H + + v2RLOfficialFix // RL:OF + v2RLTemporaryFix // RL:TF + v2RLWorkaround // RL:W + v2RLUnavailable // RL:U + v2RLNotDefined // RL:ND + + v2RCUnconfirmed // RC:UC + v2RCUncorroborated // RC:UR + v2RCConfirmed // RC:C + v2RCNotDefined // RC:ND + + v2CDPNone // CDP:N + v2CDPLow // CDP:L + v2CDPLowMedium // CDP:LM + v2CDPMediumHigh // CDP:MH + v2CDPHigh // CDP:H + v2CDPNotDefined // CDP:ND + + v2TDNone // TD:N + v2TDLow // TD:L + v2TDMedium // TD:M + v2TDHigh // TD:H + v2TDNotDefined // TD:ND + + v2CRLow // CR:L + v2CRMedium // CR:M + v2CRHigh // CR:H + v2CRNotDefined // CR:ND + + v2IRLow // IR:L + v2IRMedium // IR:M + v2IRHigh // IR:H + v2IRNotDefined // IR:ND + + v2ARLow // AR:L + v2ARMedium // AR:M + v2ARHigh // AR:H + v2ARNotDefined // AR:ND + + v2InvalidMetric // invalid +) + +// map of metrics to metric keys +var v2KeyLut = map[v2Metric]v2Key { + v2AVNetwork: v2AccessVector, + v2AVAdjacentNetwork: v2AccessVector, + v2AVLocal: v2AccessVector, + + v2ACLow: v2AccessComplexity, + v2ACMedium: v2AccessComplexity, + v2ACHigh: v2AccessComplexity, + + v2AuMultiple: v2Authentication, + v2AuSingle: v2Authentication, + v2AuNone: v2Authentication, + + v2CNone: v2ConfidentialityImpact, + v2CPartial: v2ConfidentialityImpact, + v2CComplete: v2ConfidentialityImpact, + + v2INone: v2IntegrityImpact, + v2IPartial: v2IntegrityImpact, + v2IComplete: v2IntegrityImpact, + + v2ANone: v2AvailabilityImpact, + v2APartial: v2AvailabilityImpact, + v2AComplete: v2AvailabilityImpact, + + v2ENotDefined: v2Exploitability, + v2EUnproven: v2Exploitability, + v2EProofOfConcept: v2Exploitability, + v2EFunctional: v2Exploitability, + v2EHigh: v2Exploitability, + + v2RLOfficialFix: v2RemediationLevel, + v2RLTemporaryFix: v2RemediationLevel, + v2RLWorkaround: v2RemediationLevel, + v2RLUnavailable: v2RemediationLevel, + v2RLNotDefined: v2RemediationLevel, + + v2RCUnconfirmed: v2ReportConfidence, + v2RCUncorroborated: v2ReportConfidence, + v2RCConfirmed: v2ReportConfidence, + v2RCNotDefined: v2ReportConfidence, + + v2CDPNone: v2CollateralDamagePotential, + v2CDPLow: v2CollateralDamagePotential, + v2CDPLowMedium: v2CollateralDamagePotential, + v2CDPMediumHigh: v2CollateralDamagePotential, + v2CDPHigh: v2CollateralDamagePotential, + v2CDPNotDefined: v2CollateralDamagePotential, + + v2TDNone: v2TargetDistribution, + v2TDLow: v2TargetDistribution, + v2TDMedium: v2TargetDistribution, + v2TDHigh: v2TargetDistribution, + v2TDNotDefined: v2TargetDistribution, + + v2CRLow: v2ConfidentialityRequirement, + v2CRMedium: v2ConfidentialityRequirement, + v2CRHigh: v2ConfidentialityRequirement, + v2CRNotDefined: v2ConfidentialityRequirement, + + v2IRLow: v2IntegrityRequirement, + v2IRMedium: v2IntegrityRequirement, + v2IRHigh: v2IntegrityRequirement, + v2IRNotDefined: v2IntegrityRequirement, + + v2ARLow: v2AvailabilityRequirement, + v2ARMedium: v2AvailabilityRequirement, + v2ARHigh: v2AvailabilityRequirement, + v2ARNotDefined: v2AvailabilityRequirement, +} + +// map of metric strings to metrics +var v2MetricStrLut = map[string]v2Metric { + "AV:N": v2AVNetwork, + "AV:A": v2AVAdjacentNetwork, + "AV:L": v2AVLocal, + + "AC:L": v2ACLow, + "AC:M": v2ACMedium, + "AC:H": v2ACHigh, + + "Au:M": v2AuMultiple, + "Au:S": v2AuSingle, + "Au:N": v2AuNone, + + "C:N": v2CNone, + "C:P": v2CPartial, + "C:C": v2CComplete, + + "I:N": v2INone, + "I:P": v2IPartial, + "I:C": v2IComplete, + + "A:N": v2ANone, + "A:P": v2APartial, + "A:C": v2AComplete, + + "E:ND": v2ENotDefined, + "E:U": v2EUnproven, + "E:POC": v2EProofOfConcept, + "E:F": v2EFunctional, + "E:H": v2EHigh, + + "RL:OF": v2RLOfficialFix, + "RL:TF": v2RLTemporaryFix, + "RL:W": v2RLWorkaround, + "RL:U": v2RLUnavailable, + "RL:ND": v2RLNotDefined, + + "RC:UC": v2RCUnconfirmed, + "RC:UR": v2RCUncorroborated, + "RC:C": v2RCConfirmed, + "RC:ND": v2RCNotDefined, + + "CDP:N": v2CDPNone, + "CDP:L": v2CDPLow, + "CDP:LM": v2CDPLowMedium, + "CDP:MH": v2CDPMediumHigh, + "CDP:H": v2CDPHigh, + "CDP:ND": v2CDPNotDefined, + + "TD:N": v2TDNone, + "TD:L": v2TDLow, + "TD:M": v2TDMedium, + "TD:H": v2TDHigh, + "TD:ND": v2TDNotDefined, + + "CR:L": v2CRLow, + "CR:M": v2CRMedium, + "CR:H": v2CRHigh, + "CR:ND": v2CRNotDefined, + + "IR:L": v2IRLow, + "IR:M": v2IRMedium, + "IR:H": v2IRHigh, + "IR:ND": v2IRNotDefined, + + "AR:L": v2ARLow, + "AR:M": v2ARMedium, + "AR:H": v2ARHigh, + "AR:ND": v2ARNotDefined, +} + +// Convert string to CVSS 2.0 metric. +func getV2MetricFromString(s string) (v2Metric, error) { + // get metric + m, ok := v2MetricStrLut[s] + if !ok { + return v2InvalidMetric, newBadMetric(V20, s) + } + + // return success + return m, nil +} + +// Get CVSS 2.0 metric key. +func (m v2Metric) Key() Key { + k, _ := v2KeyLut[m] + return k +} |