00001
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00022
00023
00024
00025
00026
00027
00028
00029
00030
00031
00032
00033
00034
00035 #ifndef _CVSSCALC_H_
00036 #define _CVSSCALC_H_
00037
00038 #include <stdbool.h>
00039
00044 struct cvss_entry;
00045
00046
00060 const char* cvss_entry_get_score(const struct cvss_entry * entry);
00067 const char* cvss_entry_get_AV(const struct cvss_entry * entry);
00074 const char* cvss_entry_get_AC(const struct cvss_entry * entry);
00081 const char* cvss_entry_get_authentication(const struct cvss_entry * entry);
00088 const char* cvss_entry_get_imp_confidentiality(const struct cvss_entry * entry);
00095 const char* cvss_entry_get_imp_integrity(const struct cvss_entry * entry);
00102 const char* cvss_entry_get_imp_availability(const struct cvss_entry * entry);
00109 const char* cvss_entry_get_source(const struct cvss_entry * entry);
00116 const char* cvss_entry_get_generated(const struct cvss_entry * entry);
00117
00118
00121
00136 bool cvss_entry_set_score(struct cvss_entry *entry, const char *new_score);
00144 bool cvss_entry_set_AV(struct cvss_entry *entry, const char *new_AV);
00152 bool cvss_entry_set_AC(struct cvss_entry *entry, const char *new_AC);
00160 bool cvss_entry_set_authentication(struct cvss_entry *entry, const char *new_authentication);
00168 bool cvss_entry_set_imp_confidentiality(struct cvss_entry *entry, const char *new_item);
00176 bool cvss_entry_set_imp_integrity(struct cvss_entry *entry, const char *new_item);
00184 bool cvss_entry_set_imp_availability(struct cvss_entry *entry, const char *new_item);
00192 bool cvss_entry_set_source(struct cvss_entry *entry, const char *new_source);
00200 bool cvss_entry_set_generated(struct cvss_entry *entry, const char *new_generated);
00201
00202
00210 struct cvss_entry * cvss_entry_new(void);
00211
00217 void cvss_entry_free(struct cvss_entry * entry);
00218
00220
00221 typedef enum {
00222 AV_LOCAL,
00223 AV_ADJACENT_NETWORK,
00224 AV_NETWORK
00225 } cvss_access_vector_t;
00226
00228
00231 typedef enum {
00232 AC_HIGH,
00233 AC_MEDIUM,
00234 AC_LOW
00235 } cvss_access_complexity_t;
00236
00238
00241 typedef enum {
00242 AU_NONE,
00243 AU_SINGLE_INSTANCE,
00244 AU_MULTIPLE_INSTANCE
00245 } cvss_authentication_t;
00246
00248
00251 typedef enum {
00252 CI_NONE,
00253 CI_PARTIAL,
00254 CI_COMPLETE
00255 } cvss_conf_impact_t;
00256
00258
00261 typedef enum {
00262 II_NONE,
00263 II_PARTIAL,
00264 II_COMPLETE
00265 } cvss_integ_impact_t;
00266
00268
00271 typedef enum {
00272 AI_NONE,
00273 AI_PARTIAL,
00274 AI_COMPLETE
00275 } cvss_avail_impact_t;
00276
00278
00281 typedef enum {
00282 EX_UNPROVEN,
00283 EX_PROOF_OF_CONCEPT,
00284 EX_FUNCTIONAL,
00285 EX_HIGH,
00286 EX_NOT_DEFINED
00287 } cvss_exploitability_t;
00288
00290
00293 typedef enum {
00294 RL_OFFICIAL_FIX,
00295 RL_TEMPORARY_FIX,
00296 RL_WORKAROUND,
00297 RL_UNAVAILABLE,
00298 RL_NOT_DEFINED
00299 } cvss_remediation_level_t;
00300
00302
00306 typedef enum {
00307 RC_UNCONFIRMED,
00308 RC_UNCORROBORATED,
00309 RC_CONFIRMED,
00310 RC_NOT_DEFINED
00311 } cvss_report_confidence_t;
00312
00314
00317 typedef enum {
00318 CD_NONE,
00319 CD_LOW,
00320 CD_LOW_MEDIUM,
00321 CD_MEDIUM_HIGH,
00322 CD_HIGH,
00323 CD_NOT_DEFINED
00324 } cvss_collateral_damage_potential_t;
00325
00327
00331 typedef enum {
00332 TD_NONE,
00333 TD_LOW,
00334 TD_MEDIUM,
00335 TD_HIGH,
00336 TD_NOT_DEFINED
00337 } cvss_target_distribution_t;
00338
00340
00344 typedef enum {
00345 CR_LOW,
00346 CR_MEDIUM,
00347 CR_HIGH,
00348 CR_NOT_DEFINED
00349 } cvss_conf_req_t;
00350
00352
00356 typedef enum {
00357 IR_LOW,
00358 IR_MEDIUM,
00359 IR_HIGH,
00360 IR_NOT_DEFINED
00361 } cvss_integ_req_t;
00362
00364
00368 typedef enum {
00369 AR_LOW,
00370 AR_MEDIUM,
00371 AR_HIGH,
00372 AR_NOT_DEFINED
00373 } cvss_avail_req_t;
00374
00375
00376
00389 int cvss_base_score(cvss_access_vector_t ave, cvss_access_complexity_t ace, cvss_authentication_t aue,
00390 cvss_conf_impact_t cie, cvss_integ_impact_t iie, cvss_avail_impact_t aie,
00391 double *base_score,
00392 double *impact_score,
00393 double *exploitability_score);
00394
00399 int cvss_temp_score(cvss_exploitability_t exe, cvss_remediation_level_t rle,
00400 cvss_report_confidence_t rce, double base_score,
00401 double *temporal_score);
00402
00412 int cvss_env_score(cvss_collateral_damage_potential_t cde, cvss_target_distribution_t tde,
00413 cvss_conf_req_t cre, cvss_integ_req_t ire,
00414 cvss_avail_req_t are, cvss_access_vector_t ave,
00415 cvss_access_complexity_t ace, cvss_authentication_t aue,
00416 cvss_conf_impact_t cie, cvss_integ_impact_t iie,
00417 cvss_avail_impact_t aie, cvss_exploitability_t exe,
00418 cvss_remediation_level_t rle, cvss_report_confidence_t rce,
00419 double *enviromental_score);
00424 int cvss_base_score_struct(const struct cvss_entry * entry,
00425 double *base_score,
00426 double *impact_score,
00427 double *exploitability_score);
00428
00434 const char * cvss_model_supported(void);
00435
00436
00440 #endif