00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00022
00023
00024
00035 #ifndef _CVSSCALC_H_
00036 #define _CVSSCALC_H_
00037
00038 #include <stdbool.h>
00039 #include <time.h>
00040 #include <stdio.h>
00041
00042
00044 const char *cvss_model_supported(void);
00045
00047 enum cvss_category {
00048 CVSS_NONE = 0x0000,
00049 CVSS_BASE = 0x0100,
00050 CVSS_TEMPORAL = 0x0200,
00051 CVSS_ENVIRONMENTAL = 0x0300,
00052 };
00053
00055 enum cvss_access_vector {
00056 CVSS_AV_NOT_SET,
00057 CVSS_AV_LOCAL,
00058 CVSS_AV_ADJACENT_NETWORK,
00059 CVSS_AV_NETWORK,
00060 CVSS_AV_END_
00061 };
00062
00064 enum cvss_access_complexity {
00065 CVSS_AC_NOT_SET,
00066 CVSS_AC_HIGH,
00067 CVSS_AC_MEDIUM,
00068 CVSS_AC_LOW,
00069 CVSS_AC_END_
00070 };
00071
00073 enum cvss_authentication {
00074 CVSS_AU_NOT_SET,
00075 CVSS_AU_MULTIPLE,
00076 CVSS_AU_SINGLE,
00077 CVSS_AU_NONE,
00078 CVSS_AU_END_
00079 };
00080
00082 enum cvss_cia_impact {
00083 CVSS_IMP_NOT_SET,
00084 CVSS_IMP_NONE,
00085 CVSS_IMP_PARTIAL,
00086 CVSS_IMP_COMPLETE,
00087 CVSS_IMP_END_
00088 };
00089
00091 enum cvss_exploitability {
00092 CVSS_E_NOT_DEFINED,
00093 CVSS_E_UNPROVEN,
00094 CVSS_E_PROOF_OF_CONCEPT,
00095 CVSS_E_FUNCTIONAL,
00096 CVSS_E_HIGH,
00097 CVSS_E_END_
00098 };
00099
00101 enum cvss_remediation_level {
00102 CVSS_RL_NOT_DEFINED,
00103 CVSS_RL_OFFICIAL_FIX,
00104 CVSS_RL_TEMPORARY_FIX,
00105 CVSS_RL_WORKAROUND,
00106 CVSS_RL_UNAVAILABLE,
00107 CVSS_RL_END_
00108 };
00109
00111 enum cvss_report_confidence {
00112 CVSS_RC_NOT_DEFINED,
00113 CVSS_RC_UNCONFIRMED,
00114 CVSS_RC_UNCORROBORATED,
00115 CVSS_RC_CONFIRMED,
00116 CVSS_RC_END_
00117 };
00118
00120 enum cvss_collateral_damage_potential {
00121 CVSS_CDP_NOT_DEFINED,
00122 CVSS_CDP_NONE,
00123 CVSS_CDP_LOW,
00124 CVSS_CDP_LOW_MEDIUM,
00125 CVSS_CDP_MEDIUM_HIGH,
00126 CVSS_CDP_HIGH,
00127 CVSS_CDP_END_
00128 };
00129
00131 enum cvss_target_distribution {
00132 CVSS_TD_NOT_DEFINED,
00133 CVSS_TD_NONE,
00134 CVSS_TD_LOW,
00135 CVSS_TD_MEDIUM,
00136 CVSS_TD_HIGH,
00137 CVSS_TD_END_
00138 };
00139
00141 enum cvss_cia_requirement {
00142 CVSS_REQ_NOT_DEFINED,
00143 CVSS_REQ_LOW,
00144 CVSS_REQ_MEDIUM,
00145 CVSS_REQ_HIGH,
00146 CVSS_REQ_END_
00147 };
00148
00155 struct cvss_impact;
00156
00163 struct cvss_metrics;
00164
00166 float cvss_round(float x);
00167
00169 struct cvss_impact *cvss_impact_new(void);
00171 struct cvss_impact *cvss_impact_new_from_vector(const char *cvss_vector);
00173 struct cvss_impact *cvss_impact_clone(const struct cvss_impact* impact);
00175
00177 void cvss_impact_free(struct cvss_impact* impact);
00184 void cvss_impact_describe(const struct cvss_impact *impact, FILE *f);
00185
00187 struct cvss_metrics *cvss_impact_get_base_metrics(const struct cvss_impact* impact);
00189 struct cvss_metrics *cvss_impact_get_temporal_metrics(const struct cvss_impact* impact);
00191 struct cvss_metrics *cvss_impact_get_environmental_metrics(const struct cvss_impact* impact);
00194 bool cvss_impact_set_metrics(struct cvss_impact* impact, struct cvss_metrics *metrics);
00196 char *cvss_impact_to_vector(const struct cvss_impact* impact);
00197
00219 float cvss_impact_base_exploitability_subscore(const struct cvss_impact* impact);
00220
00229 float cvss_impact_base_impact_subscore(const struct cvss_impact* impact);
00230
00243 float cvss_impact_base_score(const struct cvss_impact* impact);
00244
00258 float cvss_impact_temporal_multiplier(const struct cvss_impact* impact);
00259
00269 float cvss_impact_temporal_score(const struct cvss_impact* impact);
00270
00279 float cvss_impact_base_adjusted_impact_subscore(const struct cvss_impact* impact);
00280
00288 float cvss_impact_adjusted_base_score(const struct cvss_impact* impact);
00289
00297 float cvss_impact_adjusted_temporal_score(const struct cvss_impact* impact);
00298
00310 float cvss_impact_environmental_score(const struct cvss_impact* impact);
00311
00314
00315 struct cvss_metrics *cvss_metrics_new(enum cvss_category category);
00317 struct cvss_metrics *cvss_metrics_clone(const struct cvss_metrics* metrics);
00319 void cvss_metrics_free(struct cvss_metrics* metrics);
00321 enum cvss_category cvss_metrics_get_category(const struct cvss_metrics* metrics);
00323 const char *cvss_metrics_get_source(const struct cvss_metrics* metrics);
00325 bool cvss_metrics_set_source(struct cvss_metrics* metrics, const char *new_source);
00327 const char *cvss_metrics_get_generated_on_datetime(const struct cvss_metrics* metrics);
00329 bool cvss_metrics_set_generated_on_datetime(struct cvss_metrics* metrics, const char *new_datetime);
00331 const char *cvss_metrics_get_upgraded_from_version(const struct cvss_metrics* metrics);
00333 bool cvss_metrics_set_upgraded_from_version(struct cvss_metrics* metrics, const char *new_upgraded_from_version);
00335 float cvss_metrics_get_score(const struct cvss_metrics* metrics);
00337 bool cvss_metrics_set_score(struct cvss_metrics* metrics, float score);
00342 bool cvss_metrics_is_valid(const struct cvss_metrics* metrics);
00343
00354
00355 enum cvss_access_vector cvss_metrics_get_access_vector(const struct cvss_metrics* metrics);
00357 enum cvss_access_complexity cvss_metrics_get_access_complexity(const struct cvss_metrics* metrics);
00359 enum cvss_authentication cvss_metrics_get_authentication(const struct cvss_metrics* metrics);
00361 enum cvss_cia_impact cvss_metrics_get_confidentiality_impact(const struct cvss_metrics* metrics);
00363 enum cvss_cia_impact cvss_metrics_get_integrity_impact(const struct cvss_metrics* metrics);
00365 enum cvss_cia_impact cvss_metrics_get_availability_impact(const struct cvss_metrics* metrics);
00367 enum cvss_exploitability cvss_metrics_get_exploitability(const struct cvss_metrics* metrics);
00369 enum cvss_remediation_level cvss_metrics_get_remediation_level(const struct cvss_metrics* metrics);
00371 enum cvss_report_confidence cvss_metrics_get_report_confidence(const struct cvss_metrics* metrics);
00373 enum cvss_collateral_damage_potential cvss_metrics_get_collateral_damage_potential(const struct cvss_metrics* metrics);
00375 enum cvss_target_distribution cvss_metrics_get_target_distribution(const struct cvss_metrics* metrics);
00377 enum cvss_cia_requirement cvss_metrics_get_confidentiality_requirement(const struct cvss_metrics* metrics);
00379 enum cvss_cia_requirement cvss_metrics_get_integrity_requirement(const struct cvss_metrics* metrics);
00381 enum cvss_cia_requirement cvss_metrics_get_availability_requirement(const struct cvss_metrics* metrics);
00382
00384 bool cvss_metrics_set_access_vector(struct cvss_metrics* metrics, enum cvss_access_vector);
00386 bool cvss_metrics_set_access_complexity(struct cvss_metrics* metrics, enum cvss_access_complexity);
00388 bool cvss_metrics_set_authentication(struct cvss_metrics* metrics, enum cvss_authentication);
00390 bool cvss_metrics_set_confidentiality_impact(struct cvss_metrics* metrics, enum cvss_cia_impact);
00392 bool cvss_metrics_set_integrity_impact(struct cvss_metrics* metrics, enum cvss_cia_impact);
00394 bool cvss_metrics_set_availability_impact(struct cvss_metrics* metrics, enum cvss_cia_impact);
00396 bool cvss_metrics_set_exploitability(struct cvss_metrics* metrics, enum cvss_exploitability);
00398 bool cvss_metrics_set_remediation_level(struct cvss_metrics* metrics, enum cvss_remediation_level);
00400 bool cvss_metrics_set_report_confidence(struct cvss_metrics* metrics, enum cvss_report_confidence);
00402 bool cvss_metrics_set_collateral_damage_potential(struct cvss_metrics* metrics, enum cvss_collateral_damage_potential);
00404 bool cvss_metrics_set_target_distribution(struct cvss_metrics* metrics, enum cvss_target_distribution);
00406 bool cvss_metrics_set_confidentiality_requirement(struct cvss_metrics* metrics, enum cvss_cia_requirement);
00408 bool cvss_metrics_set_integrity_requirement(struct cvss_metrics* metrics, enum cvss_cia_requirement);
00410 bool cvss_metrics_set_availability_requirement(struct cvss_metrics* metrics, enum cvss_cia_requirement);
00411
00412
00416 #endif // _CVSSCALC_H_