1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
|
package cvss
//go:generate stringer -linecomment -type=v3Key
// CVSS v3 metric key
type v3Key byte
const (
v3AttackVector v3Key = iota // AV
v3AttackComplexity // AC
v3PrivilegesRequired // PR
v3UserInteraction // UI
v3Scope // S
v3Confidentiality // C
v3Integrity // I
v3Availability // A
v3ExploitCodeMaturity // E
v3RemediationLevel // RL
v3ReportConfidence // RC
v3ConfidentialityRequirement // CR
v3IntegrityRequirement // IR
v3AvailabilityRequirement // AR
v3ModifiedAttackVector // MAV
v3ModifiedAttackComplexity // MAC
v3ModifiedPrivilegesRequired // MPR
v3ModifiedUserInteraction // MUI
v3ModifiedScope // MS
v3ModifiedConfidentiality // MC
v3ModifiedIntegrity // MI
v3ModifiedAvailability // MA
v3InvalidKey // invalid
)
// CVSS v3 metric key info lut
var v3Keys = map[v3Key]struct {
Name string
Category Category
} {
v3AttackVector: { "Attack Vector", Base },
v3AttackComplexity: { "Attack Complexity", Base },
v3PrivilegesRequired: { "Privileges Required", Base },
v3UserInteraction: { "User Interaction", Base },
v3Scope: { "Scope", Base },
v3Confidentiality: { "Confidentiality", Base },
v3Integrity: { "Integrity", Base },
v3Availability: { "Availability", Base },
v3ExploitCodeMaturity: { "Exploit Code Maturity", Temporal },
v3RemediationLevel: { "Remediation Level", Temporal },
v3ReportConfidence: { "Report Confidence", Temporal },
v3ConfidentialityRequirement: { "Confidentiality Requirement", Environmental },
v3IntegrityRequirement: { "Integrity Requirement", Environmental },
v3AvailabilityRequirement: { "Availability Requirement", Environmental },
v3ModifiedAttackVector: { "Modified Attack Vector", Environmental },
v3ModifiedAttackComplexity: { "Modified Attack Complexity", Environmental },
v3ModifiedPrivilegesRequired: { "Modified Privileges Required", Environmental },
v3ModifiedUserInteraction: { "Modified User Interaction", Environmental },
v3ModifiedScope: { "Modified Scope", Environmental },
v3ModifiedConfidentiality: { "Modified Confidentiality", Environmental },
v3ModifiedIntegrity: { "Modified Integrity", Environmental },
v3ModifiedAvailability: { "Modified Availability", Environmental },
}
// metric key IDs lut
var v3KeyIds = map[string]v3Key {
"AV": v3AttackVector,
"AC": v3AttackComplexity,
"PR": v3PrivilegesRequired,
"UI": v3UserInteraction,
"S": v3Scope,
"C": v3Confidentiality,
"I": v3Integrity,
"A": v3Availability,
"E": v3ExploitCodeMaturity,
"RL": v3RemediationLevel,
"RC": v3ReportConfidence,
"CR": v3ConfidentialityRequirement,
"IR": v3IntegrityRequirement,
"AR": v3AvailabilityRequirement,
"MAV": v3ModifiedAttackVector,
"MAC": v3ModifiedAttackComplexity,
"MPR": v3ModifiedPrivilegesRequired,
"MUI": v3ModifiedUserInteraction,
"MS": v3ModifiedScope,
"MC": v3ModifiedConfidentiality,
"MI": v3ModifiedIntegrity,
"MA": v3ModifiedAvailability,
}
// // Get metric key from string.
// func getV3KeyFromString(s string) (v3Key, error) {
// k, ok := v3KeyIds[s]
// if ok {
// return k, nil
// } else {
// return v3InvalidKey, newBadKey(V30, s)
// }
// }
// Get metric key name.
func (k v3Key) Name() string {
return v3Keys[k].Name
}
// Get metric key category.
func (k v3Key) Category() Category {
return v3Keys[k].Category
}
|
