From a88d56a8287a3ed56c7f7d893682332a9ba0f015 Mon Sep 17 00:00:00 2001 From: Paul Duncan Date: Mon, 31 Jan 2022 14:32:30 -0500 Subject: add internal/cvss/v3metric.go --- internal/cvss/v3metric.go | 332 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 332 insertions(+) create mode 100644 internal/cvss/v3metric.go (limited to 'internal/cvss/v3metric.go') diff --git a/internal/cvss/v3metric.go b/internal/cvss/v3metric.go new file mode 100644 index 0000000..8aa86b7 --- /dev/null +++ b/internal/cvss/v3metric.go @@ -0,0 +1,332 @@ +// CVSS vector parser. +package cvss + +//go:generate stringer -linecomment -type=v3Metric + +// metric value +type v3Metric byte + +const ( + v3AVNetwork v3Metric = iota // AV:N + v3AVAdjacentNetwork // AV:A + v3AVLocal // AV:L + v3AVPhysical // AV:P + + v3ACLow // AC:L + v3ACHigh // AC:H + + v3PRNone // PR:N + v3PRLow // PR:L + v3PRHigh // PR:H + + v3UINone // UI:N + v3UIRequired // UI:R + + v3SUnchanged // S:U + v3SChanged // S:C + + v3CHigh // C:H + v3CLow // C:L + v3CNone // C:N + + v3IHigh // I:H + v3ILow // I:L + v3INone // I:N + + v3AHigh // A:H + v3ALow // A:L + v3ANone // A:N + + v3ENotDefined // E:X + v3EHigh // E:H + v3EFunctional // E:F + v3EProofOfConcept // E:P + v3EUnproven // E:U + + v3RLNotDefined // RL:X + v3RLUnavailable // RL:U + v3RLWorkaround // RL:W + v3RLTemporaryFix // RL:T + v3RLOfficialFix // RL:O + + v3RCNotDefined // RC:X + v3RCConfirmed // RC:C + v3RCReasonable // RC:R + v3RCUnknown // RC:U + + v3CRNotDefined // CR:X + v3CRHigh // CR:H + v3CRMedium // CR:M + v3CRLow // CR:L + + v3IRNotDefined // IR:X + v3IRHigh // IR:H + v3IRMedium // IR:M + v3IRLow // IR:L + + v3ARNotDefined // AR:X + v3ARHigh // AR:H + v3ARMedium // AR:M + v3ARLow // AR:L + + v3MAVNotDefined // MAV:X + v3MAVNetwork // MAV:N + v3MAVAdjacentNetwork // MAV:A + v3MAVLocal // MAV:L + v3MAVPhysical // MAV:P + + v3MACNotDefined // MAC:X + v3MACLow // MAC:L + v3MACHigh // MAC:H + + v3MMRNotDefined // MPR:X + v3MPRLow // MPR:L + v3MPRHigh // MPR:H + + v3MUINotDefined // MUI:X + v3MUINone // MUI:N + v3MUIRequired // MUI:R + + v3MSNotDefined // MMS:X + v3MSUnchanged // MMS:U + v3MSChanged // MMS:C + + v3MCNotDefined // MC:X + v3MCHigh // MC:H + v3MCLow // MC:L + v3MCNone // MC:N + + v3MINotDefined // MI:X + v3MIHigh // MI:H + v3MILow // MI:L + v3MINone // MI:N + + v3MANotDefined // MA:X + v3MAHigh // MA:H + v3MALow // MA:L + v3MANone // MA:N + + v3InvalidMetric // invalid +) + +// map of metrics to metric keys +var v3KeyLut = map[v3Metric]v3Key { + v3AVNetwork: v3AttackVector, // AV:N + v3AVAdjacentNetwork: v3AttackVector, // AV:A + v3AVLocal: v3AttackVector, // AV:L + v3AVPhysical: v3AttackVector, // AV:P + + v3ACLow: v3AttackComplexity, // AC:L + v3ACHigh: v3AttackComplexity, // AC:H + + v3PRNone: v3PrivilegesRequired, // PR:N + v3PRLow: v3PrivilegesRequired, // PR:L + v3PRHigh: v3PrivilegesRequired, // PR:H + + v3UINone: v3UserInteraction, // UI:N + v3UIRequired: v3UserInteraction, // UI:R + + v3SUnchanged: v3Scope, // S:U + v3SChanged: v3Scope, // S:C + + v3CHigh: v3Confidentiality, // C:H + v3CLow: v3Confidentiality, // C:L + v3CNone: v3Confidentiality, // C:N + + v3IHigh: v3Integrity, // I:H + v3ILow: v3Integrity, // I:L + v3INone: v3Integrity, // I:N + + v3AHigh: v3Availability, // A:H + v3ALow: v3Availability, // A:L + v3ANone: v3Availability, // A:N + + v3ENotDefined: v3ExploitCodeMaturity, // E:X + v3EHigh: v3ExploitCodeMaturity, // E:H + v3EFunctional: v3ExploitCodeMaturity, // E:F + v3EProofOfConcept: v3ExploitCodeMaturity, // E:P + v3EUnproven: v3ExploitCodeMaturity, // E:U + + v3RLNotDefined: v3RemediationLevel, // RL:X + v3RLUnavailable: v3RemediationLevel, // RL:U + v3RLWorkaround: v3RemediationLevel, // RL:W + v3RLTemporaryFix: v3RemediationLevel, // RL:T + v3RLOfficialFix: v3RemediationLevel, // RL:O + + v3RCNotDefined: v3ReportConfidence, // RC:X + v3RCConfirmed: v3ReportConfidence, // RC:C + v3RCReasonable: v3ReportConfidence, // RC:R + v3RCUnknown: v3ReportConfidence, // RC:U + + v3CRNotDefined: v3ConfidentialityRequirement, // CR:X + v3CRHigh: v3ConfidentialityRequirement, // CR:H + v3CRMedium: v3ConfidentialityRequirement, // CR:M + v3CRLow: v3ConfidentialityRequirement, // CR:L + + v3IRNotDefined: v3IntegrityRequirement, // IR:X + v3IRHigh: v3IntegrityRequirement, // IR:H + v3IRMedium: v3IntegrityRequirement, // IR:M + v3IRLow: v3IntegrityRequirement, // IR:L + + v3ARNotDefined: v3AvailabilityRequirement, // AR:X + v3ARHigh: v3AvailabilityRequirement, // AR:H + v3ARMedium: v3AvailabilityRequirement, // AR:M + v3ARLow: v3AvailabilityRequirement, // AR:L + + v3MAVNotDefined: v3ModifiedAttackVector, // MAV:X + v3MAVNetwork: v3ModifiedAttackVector, // MAV:N + v3MAVAdjacentNetwork: v3ModifiedAttackVector, // MAV:A + v3MAVLocal: v3ModifiedAttackVector, // MAV:L + v3MAVPhysical: v3ModifiedAttackVector, // MAV:P + + v3MACNotDefined: v3ModifiedAttackComplexity, // MAC:X + v3MACLow: v3ModifiedAttackComplexity, // MAC:L + v3MACHigh: v3ModifiedAttackComplexity, // MAC:H + + v3MMRNotDefined: v3ModifiedPrivilegesRequired, // MPR:X + v3MPRLow: v3ModifiedPrivilegesRequired, // MPR:L + v3MPRHigh: v3ModifiedPrivilegesRequired, // MPR:H + + v3MUINotDefined: v3ModifiedUserInteraction, // MUI:X + v3MUINone: v3ModifiedUserInteraction, // MUI:N + v3MUIRequired: v3ModifiedUserInteraction, // MUI:R + + v3MSNotDefined: v3ModifiedScope, // MMS:X + v3MSUnchanged: v3ModifiedConfidentiality, // MMS:U + v3MSChanged: v3ModifiedIntegrity, // MMS:C + + v3MCNotDefined: v3ModifiedConfidentiality, // MC:X + v3MCHigh: v3ModifiedConfidentiality, // MC:H + v3MCLow: v3ModifiedConfidentiality, // MC:L + v3MCNone: v3ModifiedConfidentiality, // MC:N + + v3MINotDefined: v3ModifiedIntegrity, // MI:X + v3MIHigh: v3ModifiedIntegrity, // MI:H + v3MILow: v3ModifiedIntegrity, // MI:L + v3MINone: v3ModifiedIntegrity, // MI:N + + v3MANotDefined: v3ModifiedAvailability, // MA:X + v3MAHigh: v3ModifiedAvailability, // MA:H + v3MALow: v3ModifiedAvailability, // MA:L + v3MANone: v3ModifiedAvailability, // MA:N +} + +// map of metric strings to metrics +var v3MetricStrLut = map[string]v3Metric { + "AV:N": v3AVNetwork, + "AV:A": v3AVAdjacentNetwork, + "AV:L": v3AVLocal, + "AV:P": v3AVPhysical, + + "AC:L": v3ACLow, + "AC:H": v3ACHigh, + + "PR:N": v3PRNone, + "PR:L": v3PRLow, + "PR:H": v3PRHigh, + + "UI:N": v3UINone, + "UI:R": v3UIRequired, + + "S:U": v3SUnchanged, + "S:C": v3SChanged, + + "C:H": v3CHigh, + "C:L": v3CLow, + "C:N": v3CNone, + + "I:H": v3IHigh, + "I:L": v3ILow, + "I:N": v3INone, + + "A:H": v3AHigh, + "A:L": v3ALow, + "A:N": v3ANone, + + "E:X": v3ENotDefined, + "E:H": v3EHigh, + "E:F": v3EFunctional, + "E:P": v3EProofOfConcept, + "E:U": v3EUnproven, + + "RL:X": v3RLNotDefined, + "RL:U": v3RLUnavailable, + "RL:W": v3RLWorkaround, + "RL:T": v3RLTemporaryFix, + "RL:O": v3RLOfficialFix, + + "RC:X": v3RCNotDefined, + "RC:C": v3RCConfirmed, + "RC:R": v3RCReasonable, + "RC:U": v3RCUnknown, + + "CR:X": v3CRNotDefined, + "CR:H": v3CRHigh, + "CR:M": v3CRMedium, + "CR:L": v3CRLow, + + "IR:X": v3IRNotDefined, + "IR:H": v3IRHigh, + "IR:M": v3IRMedium, + "IR:L": v3IRLow, + + "AR:X": v3ARNotDefined, + "AR:H": v3ARHigh, + "AR:M": v3ARMedium, + "AR:L": v3ARLow, + + "MAV:X": v3MAVNotDefined, + "MAV:N": v3MAVNetwork, + "MAV:A": v3MAVAdjacentNetwork, + "MAV:L": v3MAVLocal, + "MAV:P": v3MAVPhysical, + + "MAC:X": v3MACNotDefined, + "MAC:L": v3MACLow, + "MAC:H": v3MACHigh, + + "MPR:X": v3MMRNotDefined, + "MPR:L": v3MPRLow, + "MPR:H": v3MPRHigh, + + "MUI:X": v3MUINotDefined, + "MUI:N": v3MUINone, + "MUI:R": v3MUIRequired, + + "MMS:X": v3MSNotDefined, + "MMS:U": v3MSUnchanged, + "MMS:C": v3MSChanged, + + "MC:X": v3MCNotDefined, + "MC:H": v3MCHigh, + "MC:L": v3MCLow, + "MC:N": v3MCNone, + + "MI:X": v3MINotDefined, + "MI:H": v3MIHigh, + "MI:L": v3MILow, + "MI:N": v3MINone, + + "MA:X": v3MANotDefined, + "MA:H": v3MAHigh, + "MA:L": v3MALow, + "MA:N": v3MANone, +} + +// Get CVSS 3.x metric key. +func (m v3Metric) Key() Key { + k, _ := v3KeyLut[m] + return k +} + +// Convert string to CVSS 3.1 metric. +func getV3Metric(version Version, s string) (v3Metric, error) { + // get metric + m, ok := v3MetricStrLut[s] + if !ok { + return v3InvalidMetric, newBadMetric(version, s) + } + + // return success + return m, nil +} -- cgit v1.2.3