Open SCAP Library
cvss_score.h
Go to the documentation of this file.
1 /*
2  * Copyright 2008-2009 Red Hat Inc., Durham, North Carolina.
3  * All Rights Reserved.
4  *
5  * This library is free software; you can redistribute it and/or
6  * modify it under the terms of the GNU Lesser General Public
7  * License as published by the Free Software Foundation; either
8  * version 2.1 of the License, or (at your option) any later version.
9  *
10  * This library is distributed in the hope that it will be useful,
11  * but WITHOUT ANY WARRANTY; without even the implied warranty of
12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13  * Lesser General Public License for more details.
14  *
15  * You should have received a copy of the GNU Lesser General Public
16  * License along with this library; if not, write to the Free Software
17  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
18  *
19  * Authors:
20  * Tomas Heinrich <theinric@redhat.com>
21  * Peter Vrabec <pvrabec@redhat.com>
22  * Brandon Dixon <Brandon.Dixon@g2-inc.com>
23  * Lukas Kuklinek <lkuklinek@redhat.com>
24  */
35 #ifndef _CVSSCALC_H_
36 #define _CVSSCALC_H_
37 
38 #include <stdbool.h>
39 #include <time.h>
40 #include <stdio.h>
41 #include "oscap_export.h"
42 
43 
45 OSCAP_API const char *cvss_model_supported(void);
46 
49  CVSS_NONE = 0x0000,
50  CVSS_BASE = 0x0100,
51  CVSS_TEMPORAL = 0x0200,
52  CVSS_ENVIRONMENTAL = 0x0300,
53 };
54 
57  CVSS_AV_NOT_SET,
58  CVSS_AV_LOCAL,
59  CVSS_AV_ADJACENT_NETWORK,
60  CVSS_AV_NETWORK,
61  CVSS_AV_END_
62 };
63 
66  CVSS_AC_NOT_SET,
67  CVSS_AC_HIGH,
68  CVSS_AC_MEDIUM,
69  CVSS_AC_LOW,
70  CVSS_AC_END_
71 };
72 
75  CVSS_AU_NOT_SET,
76  CVSS_AU_MULTIPLE,
77  CVSS_AU_SINGLE,
78  CVSS_AU_NONE,
79  CVSS_AU_END_
80 };
81 
84  CVSS_IMP_NOT_SET,
85  CVSS_IMP_NONE,
86  CVSS_IMP_PARTIAL,
87  CVSS_IMP_COMPLETE,
88  CVSS_IMP_END_
89 };
90 
93  CVSS_E_NOT_DEFINED,
94  CVSS_E_UNPROVEN,
95  CVSS_E_PROOF_OF_CONCEPT,
96  CVSS_E_FUNCTIONAL,
97  CVSS_E_HIGH,
98  CVSS_E_END_
99 };
100 
103  CVSS_RL_NOT_DEFINED,
104  CVSS_RL_OFFICIAL_FIX,
105  CVSS_RL_TEMPORARY_FIX,
106  CVSS_RL_WORKAROUND,
107  CVSS_RL_UNAVAILABLE,
108  CVSS_RL_END_
109 };
110 
113  CVSS_RC_NOT_DEFINED,
114  CVSS_RC_UNCONFIRMED,
115  CVSS_RC_UNCORROBORATED,
116  CVSS_RC_CONFIRMED,
117  CVSS_RC_END_
118 };
119 
122  CVSS_CDP_NOT_DEFINED,
123  CVSS_CDP_NONE,
124  CVSS_CDP_LOW,
125  CVSS_CDP_LOW_MEDIUM,
126  CVSS_CDP_MEDIUM_HIGH,
127  CVSS_CDP_HIGH,
128  CVSS_CDP_END_
129 };
130 
133  CVSS_TD_NOT_DEFINED,
134  CVSS_TD_NONE,
135  CVSS_TD_LOW,
136  CVSS_TD_MEDIUM,
137  CVSS_TD_HIGH,
138  CVSS_TD_END_
139 };
140 
143  CVSS_REQ_NOT_DEFINED,
144  CVSS_REQ_LOW,
145  CVSS_REQ_MEDIUM,
146  CVSS_REQ_HIGH,
147  CVSS_REQ_END_
148 };
149 
156 struct cvss_impact;
157 
164 struct cvss_metrics;
165 
167 OSCAP_API float cvss_round(float x);
168 
170 OSCAP_API struct cvss_impact *cvss_impact_new(void);
172 OSCAP_API struct cvss_impact *cvss_impact_new_from_vector(const char *cvss_vector);
174 OSCAP_API struct cvss_impact *cvss_impact_clone(const struct cvss_impact* impact);
176 //struct cvss_impact *cvss_impact_new_parse(const char *filename);
178 OSCAP_API void cvss_impact_free(struct cvss_impact* impact);
185 OSCAP_API void cvss_impact_describe(const struct cvss_impact *impact, FILE *f);
186 
188 OSCAP_API struct cvss_metrics *cvss_impact_get_base_metrics(const struct cvss_impact* impact);
190 OSCAP_API struct cvss_metrics *cvss_impact_get_temporal_metrics(const struct cvss_impact* impact);
192 OSCAP_API struct cvss_metrics *cvss_impact_get_environmental_metrics(const struct cvss_impact* impact);
195 OSCAP_API bool cvss_impact_set_metrics(struct cvss_impact* impact, struct cvss_metrics *metrics);
197 OSCAP_API char *cvss_impact_to_vector(const struct cvss_impact* impact);
198 
220 OSCAP_API float cvss_impact_base_exploitability_subscore(const struct cvss_impact* impact);
221 
230 OSCAP_API float cvss_impact_base_impact_subscore(const struct cvss_impact* impact);
231 
244 OSCAP_API float cvss_impact_base_score(const struct cvss_impact* impact);
245 
259 OSCAP_API float cvss_impact_temporal_multiplier(const struct cvss_impact* impact);
260 
270 OSCAP_API float cvss_impact_temporal_score(const struct cvss_impact* impact);
271 
280 OSCAP_API float cvss_impact_base_adjusted_impact_subscore(const struct cvss_impact* impact);
281 
289 OSCAP_API float cvss_impact_adjusted_base_score(const struct cvss_impact* impact);
290 
298 OSCAP_API float cvss_impact_adjusted_temporal_score(const struct cvss_impact* impact);
299 
311 OSCAP_API float cvss_impact_environmental_score(const struct cvss_impact* impact);
312 
316 OSCAP_API struct cvss_metrics *cvss_metrics_new(enum cvss_category category);
318 OSCAP_API struct cvss_metrics *cvss_metrics_clone(const struct cvss_metrics* metrics);
320 OSCAP_API void cvss_metrics_free(struct cvss_metrics* metrics);
322 OSCAP_API enum cvss_category cvss_metrics_get_category(const struct cvss_metrics* metrics);
324 OSCAP_API const char *cvss_metrics_get_source(const struct cvss_metrics* metrics);
326 OSCAP_API bool cvss_metrics_set_source(struct cvss_metrics* metrics, const char *new_source);
328 OSCAP_API const char *cvss_metrics_get_generated_on_datetime(const struct cvss_metrics* metrics);
330 OSCAP_API bool cvss_metrics_set_generated_on_datetime(struct cvss_metrics* metrics, const char *new_datetime);
332 OSCAP_API const char *cvss_metrics_get_upgraded_from_version(const struct cvss_metrics* metrics);
334 OSCAP_API bool cvss_metrics_set_upgraded_from_version(struct cvss_metrics* metrics, const char *new_upgraded_from_version);
336 OSCAP_API float cvss_metrics_get_score(const struct cvss_metrics* metrics);
338 OSCAP_API bool cvss_metrics_set_score(struct cvss_metrics* metrics, float score);
343 OSCAP_API bool cvss_metrics_is_valid(const struct cvss_metrics* metrics);
344 
356 OSCAP_API enum cvss_access_vector cvss_metrics_get_access_vector(const struct cvss_metrics* metrics);
358 OSCAP_API enum cvss_access_complexity cvss_metrics_get_access_complexity(const struct cvss_metrics* metrics);
360 OSCAP_API enum cvss_authentication cvss_metrics_get_authentication(const struct cvss_metrics* metrics);
362 OSCAP_API enum cvss_cia_impact cvss_metrics_get_confidentiality_impact(const struct cvss_metrics* metrics);
364 OSCAP_API enum cvss_cia_impact cvss_metrics_get_integrity_impact(const struct cvss_metrics* metrics);
366 OSCAP_API enum cvss_cia_impact cvss_metrics_get_availability_impact(const struct cvss_metrics* metrics);
368 OSCAP_API enum cvss_exploitability cvss_metrics_get_exploitability(const struct cvss_metrics* metrics);
370 OSCAP_API enum cvss_remediation_level cvss_metrics_get_remediation_level(const struct cvss_metrics* metrics);
372 OSCAP_API enum cvss_report_confidence cvss_metrics_get_report_confidence(const struct cvss_metrics* metrics);
374 OSCAP_API enum cvss_collateral_damage_potential cvss_metrics_get_collateral_damage_potential(const struct cvss_metrics* metrics);
376 OSCAP_API enum cvss_target_distribution cvss_metrics_get_target_distribution(const struct cvss_metrics* metrics);
378 OSCAP_API enum cvss_cia_requirement cvss_metrics_get_confidentiality_requirement(const struct cvss_metrics* metrics);
380 OSCAP_API enum cvss_cia_requirement cvss_metrics_get_integrity_requirement(const struct cvss_metrics* metrics);
382 OSCAP_API enum cvss_cia_requirement cvss_metrics_get_availability_requirement(const struct cvss_metrics* metrics);
383 
385 OSCAP_API bool cvss_metrics_set_access_vector(struct cvss_metrics* metrics, enum cvss_access_vector);
387 OSCAP_API bool cvss_metrics_set_access_complexity(struct cvss_metrics* metrics, enum cvss_access_complexity);
389 OSCAP_API bool cvss_metrics_set_authentication(struct cvss_metrics* metrics, enum cvss_authentication);
391 OSCAP_API bool cvss_metrics_set_confidentiality_impact(struct cvss_metrics* metrics, enum cvss_cia_impact);
393 OSCAP_API bool cvss_metrics_set_integrity_impact(struct cvss_metrics* metrics, enum cvss_cia_impact);
395 OSCAP_API bool cvss_metrics_set_availability_impact(struct cvss_metrics* metrics, enum cvss_cia_impact);
397 OSCAP_API bool cvss_metrics_set_exploitability(struct cvss_metrics* metrics, enum cvss_exploitability);
399 OSCAP_API bool cvss_metrics_set_remediation_level(struct cvss_metrics* metrics, enum cvss_remediation_level);
401 OSCAP_API bool cvss_metrics_set_report_confidence(struct cvss_metrics* metrics, enum cvss_report_confidence);
403 OSCAP_API bool cvss_metrics_set_collateral_damage_potential(struct cvss_metrics* metrics, enum cvss_collateral_damage_potential);
405 OSCAP_API bool cvss_metrics_set_target_distribution(struct cvss_metrics* metrics, enum cvss_target_distribution);
407 OSCAP_API bool cvss_metrics_set_confidentiality_requirement(struct cvss_metrics* metrics, enum cvss_cia_requirement);
409 OSCAP_API bool cvss_metrics_set_integrity_requirement(struct cvss_metrics* metrics, enum cvss_cia_requirement);
411 OSCAP_API bool cvss_metrics_set_availability_requirement(struct cvss_metrics* metrics, enum cvss_cia_requirement);
412 
413 
417 #endif // _CVSSCALC_H_
OSCAP_API bool cvss_impact_set_metrics(struct cvss_impact *impact, struct cvss_metrics *metrics)
Set base, temporal, or environmental metrics (type is determined from the metrics itself)
Definition: cvss.c:392
OSCAP_API float cvss_impact_base_score(const struct cvss_impact *impact)
Calculate base score.
Definition: cvss.c:432
OSCAP_API float cvss_impact_adjusted_temporal_score(const struct cvss_impact *impact)
Calculate temporal score adjusted to particular environment.
Definition: cvss.c:471
cvss_exploitability
CVSS Exploitability.
Definition: cvss_score.h:92
cvss_remediation_level
CVSS Remediation Level.
Definition: cvss_score.h:102
cvss_cia_requirement
CVSS Confidentiality/Integrity/Availibility requirement.
Definition: cvss_score.h:142
OSCAP_API float cvss_impact_temporal_score(const struct cvss_impact *impact)
Calculate temporal score.
Definition: cvss.c:445
OSCAP_API float cvss_impact_adjusted_base_score(const struct cvss_impact *impact)
Calculate base score adjusted to particular environment.
Definition: cvss.c:465
OSCAP_API float cvss_impact_base_impact_subscore(const struct cvss_impact *impact)
Calculate impact subscore of base score.
Definition: cvss.c:416
cvss_report_confidence
CVSS Report Confidence.
Definition: cvss_score.h:112
OSCAP_API bool cvss_metrics_is_valid(const struct cvss_metrics *metrics)
Validate CVSS metrics completeness.
Definition: cvss.c:326
cvss_collateral_damage_potential
CVSS Collateral Damage Potential.
Definition: cvss_score.h:121
OSCAP_API float cvss_impact_base_exploitability_subscore(const struct cvss_impact *impact)
Calculate exploitability subscore of base score.
Definition: cvss.c:410
cvss_cia_impact
CVSS Confidentiality/Integrity/Availibility impact.
Definition: cvss_score.h:83
cvss_access_vector
CVSS access vector.
Definition: cvss_score.h:56
OSCAP_API const char * cvss_model_supported(void)
Get supported version of CVSS XML.
Definition: cvss.c:69
OSCAP_API void cvss_impact_describe(const struct cvss_impact *impact, FILE *f)
Write out a human-readable textual description of CVSS impact contents.
Definition: cvss.c:497
cvss_access_complexity
CVSS access complexity.
Definition: cvss_score.h:65
OSCAP_API float cvss_impact_temporal_multiplier(const struct cvss_impact *impact)
Calculate temporal multiplier.
Definition: cvss.c:438
cvss_target_distribution
CVSS Target Distribution.
Definition: cvss_score.h:132
cvss_authentication
CVSS Authentication.
Definition: cvss_score.h:74
OSCAP_API float cvss_impact_base_adjusted_impact_subscore(const struct cvss_impact *impact)
Calculate impact subscore of base score adjusted to particular environment.
Definition: cvss.c:452
OSCAP_API float cvss_impact_environmental_score(const struct cvss_impact *impact)
Calculate environmental score.
Definition: cvss.c:477
OSCAP_API float cvss_round(float x)
Round x to one decimal place as described in CVSS standard.
Definition: cvss.c:406
cvss_category
CVSS score category.
Definition: cvss_score.h:48
CVSS impact.
Definition: cvss_priv.h:80
CVSS metrics.
Definition: cvss_priv.h:86