aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--internal/cvss/cvss.go239
-rw-r--r--internal/cvss/v2metric.go242
2 files changed, 242 insertions, 239 deletions
diff --git a/internal/cvss/cvss.go b/internal/cvss/cvss.go
index 41422f7..c56046b 100644
--- a/internal/cvss/cvss.go
+++ b/internal/cvss/cvss.go
@@ -5,248 +5,9 @@ import (
"strings"
)
-//go:generate stringer -linecomment -type=v2Metric
//go:generate stringer -linecomment -type=v3Key
//go:generate stringer -linecomment -type=v3Metric
-// CVSS v2 metric value
-type v2Metric byte
-
-const (
- v2AVNetwork v2Metric = iota // AV:N
- v2AVAdjacentNetwork // AV:A
- v2AVLocal // AV:L
-
- v2ACLow // AC:L
- v2ACMedium // AC:L
- v2ACHigh // AC:H
-
- v2AuMultiple // Au:M
- v2AuSingle // Au:S
- v2AuNone // Au:N
-
- v2CNone // C:N
- v2CPartial // C:P
- v2CComplete // C:C
-
- v2INone // I:N
- v2IPartial // I:P
- v2IComplete // I:C
-
- v2ANone // A:N
- v2APartial // A:P
- v2AComplete // A:C
-
- v2ENotDefined // E:ND
- v2EUnproven // E:U
- v2EProofOfConcept // E:POC
- v2EFunctional // E:F
- v2EHigh // E:H
-
- v2RLOfficialFix // RL:OF
- v2RLTemporaryFix // RL:TF
- v2RLWorkaround // RL:W
- v2RLUnavailable // RL:U
- v2RLNotDefined // RL:ND
-
- v2RCUnconfirmed // RC:UC
- v2RCUncorroborated // RC:UR
- v2RCConfirmed // RC:C
- v2RCNotDefined // RC:ND
-
- v2CDPNone // CDP:N
- v2CDPLow // CDP:L
- v2CDPLowMedium // CDP:LM
- v2CDPMediumHigh // CDP:MH
- v2CDPHigh // CDP:H
- v2CDPNotDefined // CDP:ND
-
- v2TDNone // TD:N
- v2TDLow // TD:L
- v2TDMedium // TD:M
- v2TDHigh // TD:H
- v2TDNotDefined // TD:ND
-
- v2CRLow // CR:L
- v2CRMedium // CR:M
- v2CRHigh // CR:H
- v2CRNotDefined // CR:ND
-
- v2IRLow // IR:L
- v2IRMedium // IR:M
- v2IRHigh // IR:H
- v2IRNotDefined // IR:ND
-
- v2ARLow // AR:L
- v2ARMedium // AR:M
- v2ARHigh // AR:H
- v2ARNotDefined // AR:ND
-
- v2InvalidMetric // invalid
-)
-
-// map of metrics to metric keys
-var v2KeyLut = map[v2Metric]v2Key {
- v2AVNetwork: v2AccessVector,
- v2AVAdjacentNetwork: v2AccessVector,
- v2AVLocal: v2AccessVector,
-
- v2ACLow: v2AccessComplexity,
- v2ACMedium: v2AccessComplexity,
- v2ACHigh: v2AccessComplexity,
-
- v2AuMultiple: v2Authentication,
- v2AuSingle: v2Authentication,
- v2AuNone: v2Authentication,
-
- v2CNone: v2ConfidentialityImpact,
- v2CPartial: v2ConfidentialityImpact,
- v2CComplete: v2ConfidentialityImpact,
-
- v2INone: v2IntegrityImpact,
- v2IPartial: v2IntegrityImpact,
- v2IComplete: v2IntegrityImpact,
-
- v2ANone: v2AvailabilityImpact,
- v2APartial: v2AvailabilityImpact,
- v2AComplete: v2AvailabilityImpact,
-
- v2ENotDefined: v2Exploitability,
- v2EUnproven: v2Exploitability,
- v2EProofOfConcept: v2Exploitability,
- v2EFunctional: v2Exploitability,
- v2EHigh: v2Exploitability,
-
- v2RLOfficialFix: v2RemediationLevel,
- v2RLTemporaryFix: v2RemediationLevel,
- v2RLWorkaround: v2RemediationLevel,
- v2RLUnavailable: v2RemediationLevel,
- v2RLNotDefined: v2RemediationLevel,
-
- v2RCUnconfirmed: v2ReportConfidence,
- v2RCUncorroborated: v2ReportConfidence,
- v2RCConfirmed: v2ReportConfidence,
- v2RCNotDefined: v2ReportConfidence,
-
- v2CDPNone: v2CollateralDamagePotential,
- v2CDPLow: v2CollateralDamagePotential,
- v2CDPLowMedium: v2CollateralDamagePotential,
- v2CDPMediumHigh: v2CollateralDamagePotential,
- v2CDPHigh: v2CollateralDamagePotential,
- v2CDPNotDefined: v2CollateralDamagePotential,
-
- v2TDNone: v2TargetDistribution,
- v2TDLow: v2TargetDistribution,
- v2TDMedium: v2TargetDistribution,
- v2TDHigh: v2TargetDistribution,
- v2TDNotDefined: v2TargetDistribution,
-
- v2CRLow: v2ConfidentialityRequirement,
- v2CRMedium: v2ConfidentialityRequirement,
- v2CRHigh: v2ConfidentialityRequirement,
- v2CRNotDefined: v2ConfidentialityRequirement,
-
- v2IRLow: v2IntegrityRequirement,
- v2IRMedium: v2IntegrityRequirement,
- v2IRHigh: v2IntegrityRequirement,
- v2IRNotDefined: v2IntegrityRequirement,
-
- v2ARLow: v2AvailabilityRequirement,
- v2ARMedium: v2AvailabilityRequirement,
- v2ARHigh: v2AvailabilityRequirement,
- v2ARNotDefined: v2AvailabilityRequirement,
-}
-
-// map of metric strings to metrics
-var v2MetricStrLut = map[string]v2Metric {
- "AV:N": v2AVNetwork,
- "AV:A": v2AVAdjacentNetwork,
- "AV:L": v2AVLocal,
-
- "AC:L": v2ACLow,
- "AC:M": v2ACMedium,
- "AC:H": v2ACHigh,
-
- "Au:M": v2AuMultiple,
- "Au:S": v2AuSingle,
- "Au:N": v2AuNone,
-
- "C:N": v2CNone,
- "C:P": v2CPartial,
- "C:C": v2CComplete,
-
- "I:N": v2INone,
- "I:P": v2IPartial,
- "I:C": v2IComplete,
-
- "A:N": v2ANone,
- "A:P": v2APartial,
- "A:C": v2AComplete,
-
- "E:ND": v2ENotDefined,
- "E:U": v2EUnproven,
- "E:POC": v2EProofOfConcept,
- "E:F": v2EFunctional,
- "E:H": v2EHigh,
-
- "RL:OF": v2RLOfficialFix,
- "RL:TF": v2RLTemporaryFix,
- "RL:W": v2RLWorkaround,
- "RL:U": v2RLUnavailable,
- "RL:ND": v2RLNotDefined,
-
- "RC:UC": v2RCUnconfirmed,
- "RC:UR": v2RCUncorroborated,
- "RC:C": v2RCConfirmed,
- "RC:ND": v2RCNotDefined,
-
- "CDP:N": v2CDPNone,
- "CDP:L": v2CDPLow,
- "CDP:LM": v2CDPLowMedium,
- "CDP:MH": v2CDPMediumHigh,
- "CDP:H": v2CDPHigh,
- "CDP:ND": v2CDPNotDefined,
-
- "TD:N": v2TDNone,
- "TD:L": v2TDLow,
- "TD:M": v2TDMedium,
- "TD:H": v2TDHigh,
- "TD:ND": v2TDNotDefined,
-
- "CR:L": v2CRLow,
- "CR:M": v2CRMedium,
- "CR:H": v2CRHigh,
- "CR:ND": v2CRNotDefined,
-
- "IR:L": v2IRLow,
- "IR:M": v2IRMedium,
- "IR:H": v2IRHigh,
- "IR:ND": v2IRNotDefined,
-
- "AR:L": v2ARLow,
- "AR:M": v2ARMedium,
- "AR:H": v2ARHigh,
- "AR:ND": v2ARNotDefined,
-}
-
-// Convert string to CVSS 2.0 metric.
-func getV2MetricFromString(s string) (v2Metric, error) {
- // get metric
- m, ok := v2MetricStrLut[s]
- if !ok {
- return v2InvalidMetric, newBadMetric(V20, s)
- }
-
- // return success
- return m, nil
-}
-
-// Get CVSS 2.0 metric key.
-func (m v2Metric) Key() Key {
- k, _ := v2KeyLut[m]
- return k
-}
-
// CVSS 2.0 vector.
type v2Vector []v2Metric
diff --git a/internal/cvss/v2metric.go b/internal/cvss/v2metric.go
new file mode 100644
index 0000000..b2b68d8
--- /dev/null
+++ b/internal/cvss/v2metric.go
@@ -0,0 +1,242 @@
+// CVSS vector parser.
+package cvss
+
+//go:generate stringer -linecomment -type=v2Metric
+
+// CVSS v2 metric value
+type v2Metric byte
+
+const (
+ v2AVNetwork v2Metric = iota // AV:N
+ v2AVAdjacentNetwork // AV:A
+ v2AVLocal // AV:L
+
+ v2ACLow // AC:L
+ v2ACMedium // AC:L
+ v2ACHigh // AC:H
+
+ v2AuMultiple // Au:M
+ v2AuSingle // Au:S
+ v2AuNone // Au:N
+
+ v2CNone // C:N
+ v2CPartial // C:P
+ v2CComplete // C:C
+
+ v2INone // I:N
+ v2IPartial // I:P
+ v2IComplete // I:C
+
+ v2ANone // A:N
+ v2APartial // A:P
+ v2AComplete // A:C
+
+ v2ENotDefined // E:ND
+ v2EUnproven // E:U
+ v2EProofOfConcept // E:POC
+ v2EFunctional // E:F
+ v2EHigh // E:H
+
+ v2RLOfficialFix // RL:OF
+ v2RLTemporaryFix // RL:TF
+ v2RLWorkaround // RL:W
+ v2RLUnavailable // RL:U
+ v2RLNotDefined // RL:ND
+
+ v2RCUnconfirmed // RC:UC
+ v2RCUncorroborated // RC:UR
+ v2RCConfirmed // RC:C
+ v2RCNotDefined // RC:ND
+
+ v2CDPNone // CDP:N
+ v2CDPLow // CDP:L
+ v2CDPLowMedium // CDP:LM
+ v2CDPMediumHigh // CDP:MH
+ v2CDPHigh // CDP:H
+ v2CDPNotDefined // CDP:ND
+
+ v2TDNone // TD:N
+ v2TDLow // TD:L
+ v2TDMedium // TD:M
+ v2TDHigh // TD:H
+ v2TDNotDefined // TD:ND
+
+ v2CRLow // CR:L
+ v2CRMedium // CR:M
+ v2CRHigh // CR:H
+ v2CRNotDefined // CR:ND
+
+ v2IRLow // IR:L
+ v2IRMedium // IR:M
+ v2IRHigh // IR:H
+ v2IRNotDefined // IR:ND
+
+ v2ARLow // AR:L
+ v2ARMedium // AR:M
+ v2ARHigh // AR:H
+ v2ARNotDefined // AR:ND
+
+ v2InvalidMetric // invalid
+)
+
+// map of metrics to metric keys
+var v2KeyLut = map[v2Metric]v2Key {
+ v2AVNetwork: v2AccessVector,
+ v2AVAdjacentNetwork: v2AccessVector,
+ v2AVLocal: v2AccessVector,
+
+ v2ACLow: v2AccessComplexity,
+ v2ACMedium: v2AccessComplexity,
+ v2ACHigh: v2AccessComplexity,
+
+ v2AuMultiple: v2Authentication,
+ v2AuSingle: v2Authentication,
+ v2AuNone: v2Authentication,
+
+ v2CNone: v2ConfidentialityImpact,
+ v2CPartial: v2ConfidentialityImpact,
+ v2CComplete: v2ConfidentialityImpact,
+
+ v2INone: v2IntegrityImpact,
+ v2IPartial: v2IntegrityImpact,
+ v2IComplete: v2IntegrityImpact,
+
+ v2ANone: v2AvailabilityImpact,
+ v2APartial: v2AvailabilityImpact,
+ v2AComplete: v2AvailabilityImpact,
+
+ v2ENotDefined: v2Exploitability,
+ v2EUnproven: v2Exploitability,
+ v2EProofOfConcept: v2Exploitability,
+ v2EFunctional: v2Exploitability,
+ v2EHigh: v2Exploitability,
+
+ v2RLOfficialFix: v2RemediationLevel,
+ v2RLTemporaryFix: v2RemediationLevel,
+ v2RLWorkaround: v2RemediationLevel,
+ v2RLUnavailable: v2RemediationLevel,
+ v2RLNotDefined: v2RemediationLevel,
+
+ v2RCUnconfirmed: v2ReportConfidence,
+ v2RCUncorroborated: v2ReportConfidence,
+ v2RCConfirmed: v2ReportConfidence,
+ v2RCNotDefined: v2ReportConfidence,
+
+ v2CDPNone: v2CollateralDamagePotential,
+ v2CDPLow: v2CollateralDamagePotential,
+ v2CDPLowMedium: v2CollateralDamagePotential,
+ v2CDPMediumHigh: v2CollateralDamagePotential,
+ v2CDPHigh: v2CollateralDamagePotential,
+ v2CDPNotDefined: v2CollateralDamagePotential,
+
+ v2TDNone: v2TargetDistribution,
+ v2TDLow: v2TargetDistribution,
+ v2TDMedium: v2TargetDistribution,
+ v2TDHigh: v2TargetDistribution,
+ v2TDNotDefined: v2TargetDistribution,
+
+ v2CRLow: v2ConfidentialityRequirement,
+ v2CRMedium: v2ConfidentialityRequirement,
+ v2CRHigh: v2ConfidentialityRequirement,
+ v2CRNotDefined: v2ConfidentialityRequirement,
+
+ v2IRLow: v2IntegrityRequirement,
+ v2IRMedium: v2IntegrityRequirement,
+ v2IRHigh: v2IntegrityRequirement,
+ v2IRNotDefined: v2IntegrityRequirement,
+
+ v2ARLow: v2AvailabilityRequirement,
+ v2ARMedium: v2AvailabilityRequirement,
+ v2ARHigh: v2AvailabilityRequirement,
+ v2ARNotDefined: v2AvailabilityRequirement,
+}
+
+// map of metric strings to metrics
+var v2MetricStrLut = map[string]v2Metric {
+ "AV:N": v2AVNetwork,
+ "AV:A": v2AVAdjacentNetwork,
+ "AV:L": v2AVLocal,
+
+ "AC:L": v2ACLow,
+ "AC:M": v2ACMedium,
+ "AC:H": v2ACHigh,
+
+ "Au:M": v2AuMultiple,
+ "Au:S": v2AuSingle,
+ "Au:N": v2AuNone,
+
+ "C:N": v2CNone,
+ "C:P": v2CPartial,
+ "C:C": v2CComplete,
+
+ "I:N": v2INone,
+ "I:P": v2IPartial,
+ "I:C": v2IComplete,
+
+ "A:N": v2ANone,
+ "A:P": v2APartial,
+ "A:C": v2AComplete,
+
+ "E:ND": v2ENotDefined,
+ "E:U": v2EUnproven,
+ "E:POC": v2EProofOfConcept,
+ "E:F": v2EFunctional,
+ "E:H": v2EHigh,
+
+ "RL:OF": v2RLOfficialFix,
+ "RL:TF": v2RLTemporaryFix,
+ "RL:W": v2RLWorkaround,
+ "RL:U": v2RLUnavailable,
+ "RL:ND": v2RLNotDefined,
+
+ "RC:UC": v2RCUnconfirmed,
+ "RC:UR": v2RCUncorroborated,
+ "RC:C": v2RCConfirmed,
+ "RC:ND": v2RCNotDefined,
+
+ "CDP:N": v2CDPNone,
+ "CDP:L": v2CDPLow,
+ "CDP:LM": v2CDPLowMedium,
+ "CDP:MH": v2CDPMediumHigh,
+ "CDP:H": v2CDPHigh,
+ "CDP:ND": v2CDPNotDefined,
+
+ "TD:N": v2TDNone,
+ "TD:L": v2TDLow,
+ "TD:M": v2TDMedium,
+ "TD:H": v2TDHigh,
+ "TD:ND": v2TDNotDefined,
+
+ "CR:L": v2CRLow,
+ "CR:M": v2CRMedium,
+ "CR:H": v2CRHigh,
+ "CR:ND": v2CRNotDefined,
+
+ "IR:L": v2IRLow,
+ "IR:M": v2IRMedium,
+ "IR:H": v2IRHigh,
+ "IR:ND": v2IRNotDefined,
+
+ "AR:L": v2ARLow,
+ "AR:M": v2ARMedium,
+ "AR:H": v2ARHigh,
+ "AR:ND": v2ARNotDefined,
+}
+
+// Convert string to CVSS 2.0 metric.
+func getV2MetricFromString(s string) (v2Metric, error) {
+ // get metric
+ m, ok := v2MetricStrLut[s]
+ if !ok {
+ return v2InvalidMetric, newBadMetric(V20, s)
+ }
+
+ // return success
+ return m, nil
+}
+
+// Get CVSS 2.0 metric key.
+func (m v2Metric) Key() Key {
+ k, _ := v2KeyLut[m]
+ return k
+}