OpenVAS Libraries  9.0.1
Data Structures | Macros | Enumerations | Functions
cvss.c File Reference

CVSS utility functions. More...

#include <string.h>
#include <stdio.h>
#include <glib.h>

Data Structures

struct  impact_item
 Describe a CVSS impact element. More...
 
struct  cvss
 Describe a CVSS metrics. More...
 

Macros

#define AV_NETWORK   1.0
 
#define AV_ADJACENT_NETWORK   0.646
 
#define AV_LOCAL   0.395
 
#define AC_LOW   0.71
 
#define AC_MEDIUM   0.61
 
#define AC_HIGH   0.35
 
#define Au_MULTIPLE_INSTANCES   0.45
 
#define Au_SINGLE_INSTANCE   0.56
 
#define Au_NONE   0.704
 
#define C_NONE   0.0
 
#define C_PARTIAL   0.275
 
#define C_COMPLETE   0.660
 
#define I_NONE   0.0
 
#define I_PARTIAL   0.275
 
#define I_COMPLETE   0.660
 
#define A_NONE   0.0
 
#define A_PARTIAL   0.275
 
#define A_COMPLETE   0.660
 

Enumerations

enum  base_metrics {
  A, I, C, Au,
  AC, AV
}
 

Functions

double get_cvss_score_from_base_metrics (const char *cvss_str)
 Calculate CVSS Score. More...
 

Detailed Description

CVSS utility functions.

This file contains utility functions for handling CVSS. Namels a calculator for the CVSS base score from a CVSS base vector.

The base equation is the foundation of CVSS scoring. The base equation is: BaseScore6 = round_to_1_decimal(((0.6*Impact)+(0.4*Exploitability)–1.5)*f(Impact)) Impact = 10.41*(1-(1-ConfImpact)*(1-IntegImpact)*(1-AvailImpact)) Exploitability = 20* AccessVector*AccessComplexity*Authentication

f(impact)= 0 if Impact=0, 1.176 otherwise AccessVector = case AccessVector of requires local access: 0.395 adjacent network accessible: 0.646 network accessible: 1.0 AccessComplexity = case AccessComplexity of high: 0.35 medium: 0.61 low: 0.71 Authentication = case Authentication of requires multiple instances of authentication: 0.45 requires single instance of authentication: 0.56 requires no authentication: 0.704 ConfImpact = case ConfidentialityImpact of none: 0.0 partial: 0.275 complete: 0.660 IntegImpact = case IntegrityImpact of none: 0.0 partial: 0.275 complete: 0.660 AvailImpact = case AvailabilityImpact of none: 0.0 partial: 0.275 complete: 0.660

Macro Definition Documentation

◆ A_COMPLETE

#define A_COMPLETE   0.660

◆ A_NONE

#define A_NONE   0.0

◆ A_PARTIAL

#define A_PARTIAL   0.275

◆ AC_HIGH

#define AC_HIGH   0.35

◆ AC_LOW

#define AC_LOW   0.71

◆ AC_MEDIUM

#define AC_MEDIUM   0.61

◆ Au_MULTIPLE_INSTANCES

#define Au_MULTIPLE_INSTANCES   0.45

◆ Au_NONE

#define Au_NONE   0.704

◆ Au_SINGLE_INSTANCE

#define Au_SINGLE_INSTANCE   0.56

◆ AV_ADJACENT_NETWORK

#define AV_ADJACENT_NETWORK   0.646

◆ AV_LOCAL

#define AV_LOCAL   0.395

◆ AV_NETWORK

#define AV_NETWORK   1.0

◆ C_COMPLETE

#define C_COMPLETE   0.660

◆ C_NONE

#define C_NONE   0.0

◆ C_PARTIAL

#define C_PARTIAL   0.275

◆ I_COMPLETE

#define I_COMPLETE   0.660

◆ I_NONE

#define I_NONE   0.0

◆ I_PARTIAL

#define I_PARTIAL   0.275

Enumeration Type Documentation

◆ base_metrics

Enumerator
Au 
AC 
AV 

Function Documentation

◆ get_cvss_score_from_base_metrics()

double get_cvss_score_from_base_metrics ( const char *  cvss_str)

Calculate CVSS Score.

Parameters
cvss_strBase vector string from which to compute score.
Returns
The resulting score. -1 upon error during parsing.