Open SCAP Library
 All Data Structures Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
cvss_score.h
Go to the documentation of this file.
1 /*
2  * Copyright 2008-2009 Red Hat Inc., Durham, North Carolina.
3  * All Rights Reserved.
4  *
5  * This library is free software; you can redistribute it and/or
6  * modify it under the terms of the GNU Lesser General Public
7  * License as published by the Free Software Foundation; either
8  * version 2.1 of the License, or (at your option) any later version.
9  *
10  * This library is distributed in the hope that it will be useful,
11  * but WITHOUT ANY WARRANTY; without even the implied warranty of
12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13  * Lesser General Public License for more details.
14  *
15  * You should have received a copy of the GNU Lesser General Public
16  * License along with this library; if not, write to the Free Software
17  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
18  *
19  * Authors:
20  * Tomas Heinrich <theinric@redhat.com>
21  * Peter Vrabec <pvrabec@redhat.com>
22  * Brandon Dixon <Brandon.Dixon@g2-inc.com>
23  * Lukas Kuklinek <lkuklinek@redhat.com>
24  */
35 #ifndef _CVSSCALC_H_
36 #define _CVSSCALC_H_
37 
38 #include <stdbool.h>
39 #include <time.h>
40 #include <stdio.h>
41 
42 
44 const char *cvss_model_supported(void);
45 
47 enum cvss_category {
48  CVSS_NONE = 0x0000,
49  CVSS_BASE = 0x0100,
50  CVSS_TEMPORAL = 0x0200,
51  CVSS_ENVIRONMENTAL = 0x0300,
52 };
53 
55 enum cvss_access_vector {
56  CVSS_AV_NOT_SET,
57  CVSS_AV_LOCAL,
58  CVSS_AV_ADJACENT_NETWORK,
59  CVSS_AV_NETWORK,
60  CVSS_AV_END_
61 };
62 
64 enum cvss_access_complexity {
65  CVSS_AC_NOT_SET,
66  CVSS_AC_HIGH,
67  CVSS_AC_MEDIUM,
68  CVSS_AC_LOW,
69  CVSS_AC_END_
70 };
71 
73 enum cvss_authentication {
74  CVSS_AU_NOT_SET,
75  CVSS_AU_MULTIPLE,
76  CVSS_AU_SINGLE,
77  CVSS_AU_NONE,
78  CVSS_AU_END_
79 };
80 
82 enum cvss_cia_impact {
83  CVSS_IMP_NOT_SET,
84  CVSS_IMP_NONE,
85  CVSS_IMP_PARTIAL,
86  CVSS_IMP_COMPLETE,
87  CVSS_IMP_END_
88 };
89 
91 enum cvss_exploitability {
92  CVSS_E_NOT_DEFINED,
93  CVSS_E_UNPROVEN,
94  CVSS_E_PROOF_OF_CONCEPT,
95  CVSS_E_FUNCTIONAL,
96  CVSS_E_HIGH,
97  CVSS_E_END_
98 };
99 
101 enum cvss_remediation_level {
102  CVSS_RL_NOT_DEFINED,
103  CVSS_RL_OFFICIAL_FIX,
104  CVSS_RL_TEMPORARY_FIX,
105  CVSS_RL_WORKAROUND,
106  CVSS_RL_UNAVAILABLE,
107  CVSS_RL_END_
108 };
109 
111 enum cvss_report_confidence {
112  CVSS_RC_NOT_DEFINED,
113  CVSS_RC_UNCONFIRMED,
114  CVSS_RC_UNCORROBORATED,
115  CVSS_RC_CONFIRMED,
116  CVSS_RC_END_
117 };
118 
120 enum cvss_collateral_damage_potential {
121  CVSS_CDP_NOT_DEFINED,
122  CVSS_CDP_NONE,
123  CVSS_CDP_LOW,
124  CVSS_CDP_LOW_MEDIUM,
125  CVSS_CDP_MEDIUM_HIGH,
126  CVSS_CDP_HIGH,
127  CVSS_CDP_END_
128 };
129 
131 enum cvss_target_distribution {
132  CVSS_TD_NOT_DEFINED,
133  CVSS_TD_NONE,
134  CVSS_TD_LOW,
135  CVSS_TD_MEDIUM,
136  CVSS_TD_HIGH,
137  CVSS_TD_END_
138 };
139 
141 enum cvss_cia_requirement {
142  CVSS_REQ_NOT_DEFINED,
143  CVSS_REQ_LOW,
144  CVSS_REQ_MEDIUM,
145  CVSS_REQ_HIGH,
146  CVSS_REQ_END_
147 };
148 
155 struct cvss_impact;
156 
163 struct cvss_metrics;
164 
166 float cvss_round(float x);
167 
169 struct cvss_impact *cvss_impact_new(void);
171 struct cvss_impact *cvss_impact_new_from_vector(const char *cvss_vector);
173 struct cvss_impact *cvss_impact_clone(const struct cvss_impact* impact);
175 //struct cvss_impact *cvss_impact_new_parse(const char *filename);
177 void cvss_impact_free(struct cvss_impact* impact);
184 void cvss_impact_describe(const struct cvss_impact *impact, FILE *f);
185 
187 struct cvss_metrics *cvss_impact_get_base_metrics(const struct cvss_impact* impact);
189 struct cvss_metrics *cvss_impact_get_temporal_metrics(const struct cvss_impact* impact);
191 struct cvss_metrics *cvss_impact_get_environmental_metrics(const struct cvss_impact* impact);
194 bool cvss_impact_set_metrics(struct cvss_impact* impact, struct cvss_metrics *metrics);
196 char *cvss_impact_to_vector(const struct cvss_impact* impact);
197 
219 float cvss_impact_base_exploitability_subscore(const struct cvss_impact* impact);
220 
229 float cvss_impact_base_impact_subscore(const struct cvss_impact* impact);
230 
243 float cvss_impact_base_score(const struct cvss_impact* impact);
244 
258 float cvss_impact_temporal_multiplier(const struct cvss_impact* impact);
259 
269 float cvss_impact_temporal_score(const struct cvss_impact* impact);
270 
279 float cvss_impact_base_adjusted_impact_subscore(const struct cvss_impact* impact);
280 
288 float cvss_impact_adjusted_base_score(const struct cvss_impact* impact);
289 
297 float cvss_impact_adjusted_temporal_score(const struct cvss_impact* impact);
298 
310 float cvss_impact_environmental_score(const struct cvss_impact* impact);
311 
314 struct cvss_metrics *cvss_metrics_new(enum cvss_category category);
317 struct cvss_metrics *cvss_metrics_clone(const struct cvss_metrics* metrics);
319 void cvss_metrics_free(struct cvss_metrics* metrics);
321 enum cvss_category cvss_metrics_get_category(const struct cvss_metrics* metrics);
323 const char *cvss_metrics_get_source(const struct cvss_metrics* metrics);
325 bool cvss_metrics_set_source(struct cvss_metrics* metrics, const char *new_source);
327 const char *cvss_metrics_get_generated_on_datetime(const struct cvss_metrics* metrics);
329 bool cvss_metrics_set_generated_on_datetime(struct cvss_metrics* metrics, const char *new_datetime);
331 const char *cvss_metrics_get_upgraded_from_version(const struct cvss_metrics* metrics);
333 bool cvss_metrics_set_upgraded_from_version(struct cvss_metrics* metrics, const char *new_upgraded_from_version);
335 float cvss_metrics_get_score(const struct cvss_metrics* metrics);
337 bool cvss_metrics_set_score(struct cvss_metrics* metrics, float score);
342 bool cvss_metrics_is_valid(const struct cvss_metrics* metrics);
343 
354 enum cvss_access_vector cvss_metrics_get_access_vector(const struct cvss_metrics* metrics);
357 enum cvss_access_complexity cvss_metrics_get_access_complexity(const struct cvss_metrics* metrics);
359 enum cvss_authentication cvss_metrics_get_authentication(const struct cvss_metrics* metrics);
361 enum cvss_cia_impact cvss_metrics_get_confidentiality_impact(const struct cvss_metrics* metrics);
363 enum cvss_cia_impact cvss_metrics_get_integrity_impact(const struct cvss_metrics* metrics);
365 enum cvss_cia_impact cvss_metrics_get_availability_impact(const struct cvss_metrics* metrics);
367 enum cvss_exploitability cvss_metrics_get_exploitability(const struct cvss_metrics* metrics);
369 enum cvss_remediation_level cvss_metrics_get_remediation_level(const struct cvss_metrics* metrics);
371 enum cvss_report_confidence cvss_metrics_get_report_confidence(const struct cvss_metrics* metrics);
373 enum cvss_collateral_damage_potential cvss_metrics_get_collateral_damage_potential(const struct cvss_metrics* metrics);
375 enum cvss_target_distribution cvss_metrics_get_target_distribution(const struct cvss_metrics* metrics);
377 enum cvss_cia_requirement cvss_metrics_get_confidentiality_requirement(const struct cvss_metrics* metrics);
379 enum cvss_cia_requirement cvss_metrics_get_integrity_requirement(const struct cvss_metrics* metrics);
381 enum cvss_cia_requirement cvss_metrics_get_availability_requirement(const struct cvss_metrics* metrics);
382 
384 bool cvss_metrics_set_access_vector(struct cvss_metrics* metrics, enum cvss_access_vector);
386 bool cvss_metrics_set_access_complexity(struct cvss_metrics* metrics, enum cvss_access_complexity);
388 bool cvss_metrics_set_authentication(struct cvss_metrics* metrics, enum cvss_authentication);
390 bool cvss_metrics_set_confidentiality_impact(struct cvss_metrics* metrics, enum cvss_cia_impact);
392 bool cvss_metrics_set_integrity_impact(struct cvss_metrics* metrics, enum cvss_cia_impact);
394 bool cvss_metrics_set_availability_impact(struct cvss_metrics* metrics, enum cvss_cia_impact);
396 bool cvss_metrics_set_exploitability(struct cvss_metrics* metrics, enum cvss_exploitability);
398 bool cvss_metrics_set_remediation_level(struct cvss_metrics* metrics, enum cvss_remediation_level);
400 bool cvss_metrics_set_report_confidence(struct cvss_metrics* metrics, enum cvss_report_confidence);
402 bool cvss_metrics_set_collateral_damage_potential(struct cvss_metrics* metrics, enum cvss_collateral_damage_potential);
404 bool cvss_metrics_set_target_distribution(struct cvss_metrics* metrics, enum cvss_target_distribution);
406 bool cvss_metrics_set_confidentiality_requirement(struct cvss_metrics* metrics, enum cvss_cia_requirement);
408 bool cvss_metrics_set_integrity_requirement(struct cvss_metrics* metrics, enum cvss_cia_requirement);
410 bool cvss_metrics_set_availability_requirement(struct cvss_metrics* metrics, enum cvss_cia_requirement);
411 
412 
416 #endif // _CVSSCALC_H_
cvss_impact
CVSS impact.
Definition: cvss_priv.h:81
cvss_metrics::cvss_metrics_set_exploitability
bool cvss_metrics_set_exploitability(struct cvss_metrics *metrics, enum cvss_exploitability)
cvss_metrics::cvss_metrics_new
struct cvss_metrics * cvss_metrics_new(enum cvss_category category)
Definition: cvss.c:536
cvss_metrics::cvss_metrics_set_integrity_requirement
bool cvss_metrics_set_integrity_requirement(struct cvss_metrics *metrics, enum cvss_cia_requirement)
cvss_impact::cvss_impact_new
struct cvss_impact * cvss_impact_new(void)
Definition: cvss.c:83
cvss_metrics::cvss_metrics_set_confidentiality_requirement
bool cvss_metrics_set_confidentiality_requirement(struct cvss_metrics *metrics, enum cvss_cia_requirement)
cvss_impact::cvss_impact_new_from_vector
struct cvss_impact * cvss_impact_new_from_vector(const char *cvss_vector)
Definition: cvss.c:230
cvss_impact::cvss_impact_clone
struct cvss_impact * cvss_impact_clone(const struct cvss_impact *impact)
Definition: cvss.c:290
cvss_metrics::cvss_metrics_set_availability_requirement
bool cvss_metrics_set_availability_requirement(struct cvss_metrics *metrics, enum cvss_cia_requirement)
cvss_impact::cvss_impact_get_environmental_metrics
struct cvss_metrics * cvss_impact_get_environmental_metrics(const struct cvss_impact *impact)
cvss_metrics::cvss_metrics_get_authentication
enum cvss_authentication cvss_metrics_get_authentication(const struct cvss_metrics *metrics)
cvss_metrics::cvss_metrics_clone
struct cvss_metrics * cvss_metrics_clone(const struct cvss_metrics *metrics)
Definition: cvss.c:579
cvss_impact::cvss_impact_base_exploitability_subscore
float cvss_impact_base_exploitability_subscore(const struct cvss_impact *impact)
Calculate exploitability subscore of base score.
Definition: cvss.c:409
cvss_exploitability
cvss_exploitability
CVSS Exploitability.
Definition: cvss_score.h:91
cvss_authentication
cvss_authentication
CVSS Authentication.
Definition: cvss_score.h:73
cvss_metrics::cvss_metrics_get_remediation_level
enum cvss_remediation_level cvss_metrics_get_remediation_level(const struct cvss_metrics *metrics)
cvss_metrics::cvss_metrics_set_confidentiality_impact
bool cvss_metrics_set_confidentiality_impact(struct cvss_metrics *metrics, enum cvss_cia_impact)
cvss_cia_impact
cvss_cia_impact
CVSS Confidentiality/Integrity/Availibility impact.
Definition: cvss_score.h:82
cvss_collateral_damage_potential
cvss_collateral_damage_potential
CVSS Collateral Damage Potential.
Definition: cvss_score.h:120
cvss_metrics::cvss_metrics_get_source
const char * cvss_metrics_get_source(const struct cvss_metrics *metrics)
cvss_metrics::cvss_metrics_free
void cvss_metrics_free(struct cvss_metrics *metrics)
Definition: cvss.c:631
cvss_metrics::cvss_metrics_set_access_complexity
bool cvss_metrics_set_access_complexity(struct cvss_metrics *metrics, enum cvss_access_complexity)
cvss_impact::cvss_impact_environmental_score
float cvss_impact_environmental_score(const struct cvss_impact *impact)
Calculate environmental score.
Definition: cvss.c:476
cvss_impact::cvss_impact_adjusted_base_score
float cvss_impact_adjusted_base_score(const struct cvss_impact *impact)
Calculate base score adjusted to particular environment.
Definition: cvss.c:464
cvss_metrics::cvss_metrics_is_valid
bool cvss_metrics_is_valid(const struct cvss_metrics *metrics)
Validate CVSS metrics completeness.
Definition: cvss.c:325
cvss_metrics::cvss_metrics_get_category
enum cvss_category cvss_metrics_get_category(const struct cvss_metrics *metrics)
cvss_metrics::cvss_metrics_get_upgraded_from_version
const char * cvss_metrics_get_upgraded_from_version(const struct cvss_metrics *metrics)
cvss_metrics::cvss_metrics_set_report_confidence
bool cvss_metrics_set_report_confidence(struct cvss_metrics *metrics, enum cvss_report_confidence)
cvss_metrics::cvss_metrics_set_availability_impact
bool cvss_metrics_set_availability_impact(struct cvss_metrics *metrics, enum cvss_cia_impact)
cvss_metrics
CVSS metrics.
Definition: cvss_priv.h:87
cvss_impact::cvss_impact_get_temporal_metrics
struct cvss_metrics * cvss_impact_get_temporal_metrics(const struct cvss_impact *impact)
cvss_metrics::cvss_metrics_set_authentication
bool cvss_metrics_set_authentication(struct cvss_metrics *metrics, enum cvss_authentication)
cvss_metrics::cvss_metrics_set_collateral_damage_potential
bool cvss_metrics_set_collateral_damage_potential(struct cvss_metrics *metrics, enum cvss_collateral_damage_potential)
cvss_metrics::cvss_metrics_set_access_vector
bool cvss_metrics_set_access_vector(struct cvss_metrics *metrics, enum cvss_access_vector)
cvss_impact::cvss_impact_describe
void cvss_impact_describe(const struct cvss_impact *impact, FILE *f)
Write out a human-readable textual description of CVSS impact contents.
Definition: cvss.c:496
cvss_metrics::cvss_metrics_get_access_vector
enum cvss_access_vector cvss_metrics_get_access_vector(const struct cvss_metrics *metrics)
cvss_metrics::cvss_metrics_set_score
bool cvss_metrics_set_score(struct cvss_metrics *metrics, float score)
cvss_metrics::cvss_metrics_get_integrity_requirement
enum cvss_cia_requirement cvss_metrics_get_integrity_requirement(const struct cvss_metrics *metrics)
cvss_metrics::cvss_metrics_get_collateral_damage_potential
enum cvss_collateral_damage_potential cvss_metrics_get_collateral_damage_potential(const struct cvss_metrics *metrics)
cvss_impact::cvss_impact_base_impact_subscore
float cvss_impact_base_impact_subscore(const struct cvss_impact *impact)
Calculate impact subscore of base score.
Definition: cvss.c:415
cvss_cia_requirement
cvss_cia_requirement
CVSS Confidentiality/Integrity/Availibility requirement.
Definition: cvss_score.h:141
cvss_metrics::cvss_metrics_set_generated_on_datetime
bool cvss_metrics_set_generated_on_datetime(struct cvss_metrics *metrics, const char *new_datetime)
cvss_metrics::cvss_metrics_get_score
float cvss_metrics_get_score(const struct cvss_metrics *metrics)
cvss_impact::cvss_impact_get_base_metrics
struct cvss_metrics * cvss_impact_get_base_metrics(const struct cvss_impact *impact)
cvss_metrics::cvss_metrics_get_confidentiality_requirement
enum cvss_cia_requirement cvss_metrics_get_confidentiality_requirement(const struct cvss_metrics *metrics)
cvss_target_distribution
cvss_target_distribution
CVSS Target Distribution.
Definition: cvss_score.h:131
cvss_metrics::cvss_metrics_get_generated_on_datetime
const char * cvss_metrics_get_generated_on_datetime(const struct cvss_metrics *metrics)
cvss_access_vector
cvss_access_vector
CVSS access vector.
Definition: cvss_score.h:55
cvss_metrics::cvss_metrics_set_integrity_impact
bool cvss_metrics_set_integrity_impact(struct cvss_metrics *metrics, enum cvss_cia_impact)
cvss_impact::cvss_impact_base_adjusted_impact_subscore
float cvss_impact_base_adjusted_impact_subscore(const struct cvss_impact *impact)
Calculate impact subscore of base score adjusted to particular environment.
Definition: cvss.c:451
cvss_impact::cvss_impact_set_metrics
bool cvss_impact_set_metrics(struct cvss_impact *impact, struct cvss_metrics *metrics)
Set base, temporal, or environmental metrics (type is determined from the metrics itself) ...
Definition: cvss.c:391
cvss_category
cvss_category
CVSS score category.
Definition: cvss_score.h:47
cvss_access_complexity
cvss_access_complexity
CVSS access complexity.
Definition: cvss_score.h:64
cvss_metrics::cvss_metrics_set_upgraded_from_version
bool cvss_metrics_set_upgraded_from_version(struct cvss_metrics *metrics, const char *new_upgraded_from_version)
cvss_metrics::cvss_metrics_get_access_complexity
enum cvss_access_complexity cvss_metrics_get_access_complexity(const struct cvss_metrics *metrics)
cvss_metrics::cvss_metrics_get_target_distribution
enum cvss_target_distribution cvss_metrics_get_target_distribution(const struct cvss_metrics *metrics)
cvss_report_confidence
cvss_report_confidence
CVSS Report Confidence.
Definition: cvss_score.h:111
cvss_remediation_level
cvss_remediation_level
CVSS Remediation Level.
Definition: cvss_score.h:101
cvss_metrics::cvss_metrics_get_availability_impact
enum cvss_cia_impact cvss_metrics_get_availability_impact(const struct cvss_metrics *metrics)
cvss_metrics::cvss_metrics_set_source
bool cvss_metrics_set_source(struct cvss_metrics *metrics, const char *new_source)
cvss_metrics::cvss_metrics_get_report_confidence
enum cvss_report_confidence cvss_metrics_get_report_confidence(const struct cvss_metrics *metrics)
cvss_impact::cvss_impact_free
void cvss_impact_free(struct cvss_impact *impact)
Definition: cvss.c:379
cvss_impact::cvss_impact_temporal_multiplier
float cvss_impact_temporal_multiplier(const struct cvss_impact *impact)
Calculate temporal multiplier.
Definition: cvss.c:437
cvss_metrics::cvss_metrics_get_integrity_impact
enum cvss_cia_impact cvss_metrics_get_integrity_impact(const struct cvss_metrics *metrics)
cvss_impact::cvss_impact_base_score
float cvss_impact_base_score(const struct cvss_impact *impact)
Calculate base score.
Definition: cvss.c:431
cvss_impact::cvss_impact_to_vector
char * cvss_impact_to_vector(const struct cvss_impact *impact)
Definition: cvss.c:347
cvss_metrics::cvss_metrics_get_availability_requirement
enum cvss_cia_requirement cvss_metrics_get_availability_requirement(const struct cvss_metrics *metrics)
cvss_model_supported
const char * cvss_model_supported(void)
Get supported version of CVSS XML.
Definition: cvss.c:68
cvss_impact::cvss_impact_temporal_score
float cvss_impact_temporal_score(const struct cvss_impact *impact)
Calculate temporal score.
Definition: cvss.c:444
cvss_metrics::cvss_metrics_set_remediation_level
bool cvss_metrics_set_remediation_level(struct cvss_metrics *metrics, enum cvss_remediation_level)
cvss_round
float cvss_round(float x)
Round x to one decimal place as described in CVSS standard.
Definition: cvss.c:405
cvss_impact::cvss_impact_adjusted_temporal_score
float cvss_impact_adjusted_temporal_score(const struct cvss_impact *impact)
Calculate temporal score adjusted to particular environment.
Definition: cvss.c:470
cvss_metrics::cvss_metrics_get_confidentiality_impact
enum cvss_cia_impact cvss_metrics_get_confidentiality_impact(const struct cvss_metrics *metrics)
cvss_metrics::cvss_metrics_get_exploitability
enum cvss_exploitability cvss_metrics_get_exploitability(const struct cvss_metrics *metrics)
cvss_metrics::cvss_metrics_set_target_distribution
bool cvss_metrics_set_target_distribution(struct cvss_metrics *metrics, enum cvss_target_distribution)
Generated by   doxygen 1.8.5