aboutsummaryrefslogtreecommitdiff
path: root/internal/cvss/v3metric.go
diff options
context:
space:
mode:
Diffstat (limited to 'internal/cvss/v3metric.go')
-rw-r--r--internal/cvss/v3metric.go332
1 files changed, 332 insertions, 0 deletions
diff --git a/internal/cvss/v3metric.go b/internal/cvss/v3metric.go
new file mode 100644
index 0000000..8aa86b7
--- /dev/null
+++ b/internal/cvss/v3metric.go
@@ -0,0 +1,332 @@
+// CVSS vector parser.
+package cvss
+
+//go:generate stringer -linecomment -type=v3Metric
+
+// metric value
+type v3Metric byte
+
+const (
+ v3AVNetwork v3Metric = iota // AV:N
+ v3AVAdjacentNetwork // AV:A
+ v3AVLocal // AV:L
+ v3AVPhysical // AV:P
+
+ v3ACLow // AC:L
+ v3ACHigh // AC:H
+
+ v3PRNone // PR:N
+ v3PRLow // PR:L
+ v3PRHigh // PR:H
+
+ v3UINone // UI:N
+ v3UIRequired // UI:R
+
+ v3SUnchanged // S:U
+ v3SChanged // S:C
+
+ v3CHigh // C:H
+ v3CLow // C:L
+ v3CNone // C:N
+
+ v3IHigh // I:H
+ v3ILow // I:L
+ v3INone // I:N
+
+ v3AHigh // A:H
+ v3ALow // A:L
+ v3ANone // A:N
+
+ v3ENotDefined // E:X
+ v3EHigh // E:H
+ v3EFunctional // E:F
+ v3EProofOfConcept // E:P
+ v3EUnproven // E:U
+
+ v3RLNotDefined // RL:X
+ v3RLUnavailable // RL:U
+ v3RLWorkaround // RL:W
+ v3RLTemporaryFix // RL:T
+ v3RLOfficialFix // RL:O
+
+ v3RCNotDefined // RC:X
+ v3RCConfirmed // RC:C
+ v3RCReasonable // RC:R
+ v3RCUnknown // RC:U
+
+ v3CRNotDefined // CR:X
+ v3CRHigh // CR:H
+ v3CRMedium // CR:M
+ v3CRLow // CR:L
+
+ v3IRNotDefined // IR:X
+ v3IRHigh // IR:H
+ v3IRMedium // IR:M
+ v3IRLow // IR:L
+
+ v3ARNotDefined // AR:X
+ v3ARHigh // AR:H
+ v3ARMedium // AR:M
+ v3ARLow // AR:L
+
+ v3MAVNotDefined // MAV:X
+ v3MAVNetwork // MAV:N
+ v3MAVAdjacentNetwork // MAV:A
+ v3MAVLocal // MAV:L
+ v3MAVPhysical // MAV:P
+
+ v3MACNotDefined // MAC:X
+ v3MACLow // MAC:L
+ v3MACHigh // MAC:H
+
+ v3MMRNotDefined // MPR:X
+ v3MPRLow // MPR:L
+ v3MPRHigh // MPR:H
+
+ v3MUINotDefined // MUI:X
+ v3MUINone // MUI:N
+ v3MUIRequired // MUI:R
+
+ v3MSNotDefined // MMS:X
+ v3MSUnchanged // MMS:U
+ v3MSChanged // MMS:C
+
+ v3MCNotDefined // MC:X
+ v3MCHigh // MC:H
+ v3MCLow // MC:L
+ v3MCNone // MC:N
+
+ v3MINotDefined // MI:X
+ v3MIHigh // MI:H
+ v3MILow // MI:L
+ v3MINone // MI:N
+
+ v3MANotDefined // MA:X
+ v3MAHigh // MA:H
+ v3MALow // MA:L
+ v3MANone // MA:N
+
+ v3InvalidMetric // invalid
+)
+
+// map of metrics to metric keys
+var v3KeyLut = map[v3Metric]v3Key {
+ v3AVNetwork: v3AttackVector, // AV:N
+ v3AVAdjacentNetwork: v3AttackVector, // AV:A
+ v3AVLocal: v3AttackVector, // AV:L
+ v3AVPhysical: v3AttackVector, // AV:P
+
+ v3ACLow: v3AttackComplexity, // AC:L
+ v3ACHigh: v3AttackComplexity, // AC:H
+
+ v3PRNone: v3PrivilegesRequired, // PR:N
+ v3PRLow: v3PrivilegesRequired, // PR:L
+ v3PRHigh: v3PrivilegesRequired, // PR:H
+
+ v3UINone: v3UserInteraction, // UI:N
+ v3UIRequired: v3UserInteraction, // UI:R
+
+ v3SUnchanged: v3Scope, // S:U
+ v3SChanged: v3Scope, // S:C
+
+ v3CHigh: v3Confidentiality, // C:H
+ v3CLow: v3Confidentiality, // C:L
+ v3CNone: v3Confidentiality, // C:N
+
+ v3IHigh: v3Integrity, // I:H
+ v3ILow: v3Integrity, // I:L
+ v3INone: v3Integrity, // I:N
+
+ v3AHigh: v3Availability, // A:H
+ v3ALow: v3Availability, // A:L
+ v3ANone: v3Availability, // A:N
+
+ v3ENotDefined: v3ExploitCodeMaturity, // E:X
+ v3EHigh: v3ExploitCodeMaturity, // E:H
+ v3EFunctional: v3ExploitCodeMaturity, // E:F
+ v3EProofOfConcept: v3ExploitCodeMaturity, // E:P
+ v3EUnproven: v3ExploitCodeMaturity, // E:U
+
+ v3RLNotDefined: v3RemediationLevel, // RL:X
+ v3RLUnavailable: v3RemediationLevel, // RL:U
+ v3RLWorkaround: v3RemediationLevel, // RL:W
+ v3RLTemporaryFix: v3RemediationLevel, // RL:T
+ v3RLOfficialFix: v3RemediationLevel, // RL:O
+
+ v3RCNotDefined: v3ReportConfidence, // RC:X
+ v3RCConfirmed: v3ReportConfidence, // RC:C
+ v3RCReasonable: v3ReportConfidence, // RC:R
+ v3RCUnknown: v3ReportConfidence, // RC:U
+
+ v3CRNotDefined: v3ConfidentialityRequirement, // CR:X
+ v3CRHigh: v3ConfidentialityRequirement, // CR:H
+ v3CRMedium: v3ConfidentialityRequirement, // CR:M
+ v3CRLow: v3ConfidentialityRequirement, // CR:L
+
+ v3IRNotDefined: v3IntegrityRequirement, // IR:X
+ v3IRHigh: v3IntegrityRequirement, // IR:H
+ v3IRMedium: v3IntegrityRequirement, // IR:M
+ v3IRLow: v3IntegrityRequirement, // IR:L
+
+ v3ARNotDefined: v3AvailabilityRequirement, // AR:X
+ v3ARHigh: v3AvailabilityRequirement, // AR:H
+ v3ARMedium: v3AvailabilityRequirement, // AR:M
+ v3ARLow: v3AvailabilityRequirement, // AR:L
+
+ v3MAVNotDefined: v3ModifiedAttackVector, // MAV:X
+ v3MAVNetwork: v3ModifiedAttackVector, // MAV:N
+ v3MAVAdjacentNetwork: v3ModifiedAttackVector, // MAV:A
+ v3MAVLocal: v3ModifiedAttackVector, // MAV:L
+ v3MAVPhysical: v3ModifiedAttackVector, // MAV:P
+
+ v3MACNotDefined: v3ModifiedAttackComplexity, // MAC:X
+ v3MACLow: v3ModifiedAttackComplexity, // MAC:L
+ v3MACHigh: v3ModifiedAttackComplexity, // MAC:H
+
+ v3MMRNotDefined: v3ModifiedPrivilegesRequired, // MPR:X
+ v3MPRLow: v3ModifiedPrivilegesRequired, // MPR:L
+ v3MPRHigh: v3ModifiedPrivilegesRequired, // MPR:H
+
+ v3MUINotDefined: v3ModifiedUserInteraction, // MUI:X
+ v3MUINone: v3ModifiedUserInteraction, // MUI:N
+ v3MUIRequired: v3ModifiedUserInteraction, // MUI:R
+
+ v3MSNotDefined: v3ModifiedScope, // MMS:X
+ v3MSUnchanged: v3ModifiedConfidentiality, // MMS:U
+ v3MSChanged: v3ModifiedIntegrity, // MMS:C
+
+ v3MCNotDefined: v3ModifiedConfidentiality, // MC:X
+ v3MCHigh: v3ModifiedConfidentiality, // MC:H
+ v3MCLow: v3ModifiedConfidentiality, // MC:L
+ v3MCNone: v3ModifiedConfidentiality, // MC:N
+
+ v3MINotDefined: v3ModifiedIntegrity, // MI:X
+ v3MIHigh: v3ModifiedIntegrity, // MI:H
+ v3MILow: v3ModifiedIntegrity, // MI:L
+ v3MINone: v3ModifiedIntegrity, // MI:N
+
+ v3MANotDefined: v3ModifiedAvailability, // MA:X
+ v3MAHigh: v3ModifiedAvailability, // MA:H
+ v3MALow: v3ModifiedAvailability, // MA:L
+ v3MANone: v3ModifiedAvailability, // MA:N
+}
+
+// map of metric strings to metrics
+var v3MetricStrLut = map[string]v3Metric {
+ "AV:N": v3AVNetwork,
+ "AV:A": v3AVAdjacentNetwork,
+ "AV:L": v3AVLocal,
+ "AV:P": v3AVPhysical,
+
+ "AC:L": v3ACLow,
+ "AC:H": v3ACHigh,
+
+ "PR:N": v3PRNone,
+ "PR:L": v3PRLow,
+ "PR:H": v3PRHigh,
+
+ "UI:N": v3UINone,
+ "UI:R": v3UIRequired,
+
+ "S:U": v3SUnchanged,
+ "S:C": v3SChanged,
+
+ "C:H": v3CHigh,
+ "C:L": v3CLow,
+ "C:N": v3CNone,
+
+ "I:H": v3IHigh,
+ "I:L": v3ILow,
+ "I:N": v3INone,
+
+ "A:H": v3AHigh,
+ "A:L": v3ALow,
+ "A:N": v3ANone,
+
+ "E:X": v3ENotDefined,
+ "E:H": v3EHigh,
+ "E:F": v3EFunctional,
+ "E:P": v3EProofOfConcept,
+ "E:U": v3EUnproven,
+
+ "RL:X": v3RLNotDefined,
+ "RL:U": v3RLUnavailable,
+ "RL:W": v3RLWorkaround,
+ "RL:T": v3RLTemporaryFix,
+ "RL:O": v3RLOfficialFix,
+
+ "RC:X": v3RCNotDefined,
+ "RC:C": v3RCConfirmed,
+ "RC:R": v3RCReasonable,
+ "RC:U": v3RCUnknown,
+
+ "CR:X": v3CRNotDefined,
+ "CR:H": v3CRHigh,
+ "CR:M": v3CRMedium,
+ "CR:L": v3CRLow,
+
+ "IR:X": v3IRNotDefined,
+ "IR:H": v3IRHigh,
+ "IR:M": v3IRMedium,
+ "IR:L": v3IRLow,
+
+ "AR:X": v3ARNotDefined,
+ "AR:H": v3ARHigh,
+ "AR:M": v3ARMedium,
+ "AR:L": v3ARLow,
+
+ "MAV:X": v3MAVNotDefined,
+ "MAV:N": v3MAVNetwork,
+ "MAV:A": v3MAVAdjacentNetwork,
+ "MAV:L": v3MAVLocal,
+ "MAV:P": v3MAVPhysical,
+
+ "MAC:X": v3MACNotDefined,
+ "MAC:L": v3MACLow,
+ "MAC:H": v3MACHigh,
+
+ "MPR:X": v3MMRNotDefined,
+ "MPR:L": v3MPRLow,
+ "MPR:H": v3MPRHigh,
+
+ "MUI:X": v3MUINotDefined,
+ "MUI:N": v3MUINone,
+ "MUI:R": v3MUIRequired,
+
+ "MMS:X": v3MSNotDefined,
+ "MMS:U": v3MSUnchanged,
+ "MMS:C": v3MSChanged,
+
+ "MC:X": v3MCNotDefined,
+ "MC:H": v3MCHigh,
+ "MC:L": v3MCLow,
+ "MC:N": v3MCNone,
+
+ "MI:X": v3MINotDefined,
+ "MI:H": v3MIHigh,
+ "MI:L": v3MILow,
+ "MI:N": v3MINone,
+
+ "MA:X": v3MANotDefined,
+ "MA:H": v3MAHigh,
+ "MA:L": v3MALow,
+ "MA:N": v3MANone,
+}
+
+// Get CVSS 3.x metric key.
+func (m v3Metric) Key() Key {
+ k, _ := v3KeyLut[m]
+ return k
+}
+
+// Convert string to CVSS 3.1 metric.
+func getV3Metric(version Version, s string) (v3Metric, error) {
+ // get metric
+ m, ok := v3MetricStrLut[s]
+ if !ok {
+ return v3InvalidMetric, newBadMetric(version, s)
+ }
+
+ // return success
+ return m, nil
+}
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-20 13:29:10 +0000