00001
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00022
00023
00024
00025
00026
00027
00028
00029
00030
00031
00032
00033
00034
00035
00036
00037 #ifndef _CVSSCALC_H_
00038 #define _CVSSCALC_H_
00039
00040 #include <stdbool.h>
00041
00046 struct cvss_entry;
00047
00061 const char* cvss_entry_get_score(const struct cvss_entry * entry);
00068 const char* cvss_entry_get_AV(const struct cvss_entry * entry);
00075 const char* cvss_entry_get_AC(const struct cvss_entry * entry);
00082 const char* cvss_entry_get_authentication(const struct cvss_entry * entry);
00089 const char* cvss_entry_get_imp_confidentiality(const struct cvss_entry * entry);
00096 const char* cvss_entry_get_imp_integrity(const struct cvss_entry * entry);
00103 const char* cvss_entry_get_imp_availability(const struct cvss_entry * entry);
00110 const char* cvss_entry_get_source(const struct cvss_entry * entry);
00117 const char* cvss_entry_get_generated(const struct cvss_entry * entry);
00118
00135 bool cvss_entry_set_score(struct cvss_entry *entry, const char *new_score);
00143 bool cvss_entry_set_AV(struct cvss_entry *entry, const char *new_AV);
00151 bool cvss_entry_set_AC(struct cvss_entry *entry, const char *new_AC);
00159 bool cvss_entry_set_authentication(struct cvss_entry *entry, const char *new_authentication);
00167 bool cvss_entry_set_imp_confidentiality(struct cvss_entry *entry, const char *new_item);
00175 bool cvss_entry_set_imp_integrity(struct cvss_entry *entry, const char *new_item);
00183 bool cvss_entry_set_imp_availability(struct cvss_entry *entry, const char *new_item);
00191 bool cvss_entry_set_source(struct cvss_entry *entry, const char *new_source);
00199 bool cvss_entry_set_generated(struct cvss_entry *entry, const char *new_generated);
00200
00215 struct cvss_entry * cvss_entry_new(void);
00216
00231 void cvss_entry_free(struct cvss_entry * entry);
00232
00235
00236
00237 typedef enum {
00238 AV_LOCAL,
00239 AV_ADJACENT_NETWORK,
00240 AV_NETWORK
00241 } cvss_access_vector_t;
00242
00244
00247 typedef enum {
00248 AC_HIGH,
00249 AC_MEDIUM,
00250 AC_LOW
00251 } cvss_access_complexity_t;
00252
00254
00257 typedef enum {
00258 AU_NONE,
00259 AU_SINGLE_INSTANCE,
00260 AU_MULTIPLE_INSTANCE
00261 } cvss_authentication_t;
00262
00264
00267 typedef enum {
00268 CI_NONE,
00269 CI_PARTIAL,
00270 CI_COMPLETE
00271 } cvss_conf_impact_t;
00272
00274
00277 typedef enum {
00278 II_NONE,
00279 II_PARTIAL,
00280 II_COMPLETE
00281 } cvss_integ_impact_t;
00282
00284
00287 typedef enum {
00288 AI_NONE,
00289 AI_PARTIAL,
00290 AI_COMPLETE
00291 } cvss_avail_impact_t;
00292
00294
00297 typedef enum {
00298 EX_UNPROVEN,
00299 EX_PROOF_OF_CONCEPT,
00300 EX_FUNCTIONAL,
00301 EX_HIGH,
00302 EX_NOT_DEFINED
00303 } cvss_exploitability_t;
00304
00306
00309 typedef enum {
00310 RL_OFFICIAL_FIX,
00311 RL_TEMPORARY_FIX,
00312 RL_WORKAROUND,
00313 RL_UNAVAILABLE,
00314 RL_NOT_DEFINED
00315 } cvss_remediation_level_t;
00316
00318
00322 typedef enum {
00323 RC_UNCONFIRMED,
00324 RC_UNCORROBORATED,
00325 RC_CONFIRMED,
00326 RC_NOT_DEFINED
00327 } cvss_report_confidence_t;
00328
00330
00333 typedef enum {
00334 CD_NONE,
00335 CD_LOW,
00336 CD_LOW_MEDIUM,
00337 CD_MEDIUM_HIGH,
00338 CD_HIGH,
00339 CD_NOT_DEFINED
00340 } cvss_collateral_damage_potential_t;
00341
00343
00347 typedef enum {
00348 TD_NONE,
00349 TD_LOW,
00350 TD_MEDIUM,
00351 TD_HIGH,
00352 TD_NOT_DEFINED
00353 } cvss_target_distribution_t;
00354
00356
00360 typedef enum {
00361 CR_LOW,
00362 CR_MEDIUM,
00363 CR_HIGH,
00364 CR_NOT_DEFINED
00365 } cvss_conf_req_t;
00366
00368
00372 typedef enum {
00373 IR_LOW,
00374 IR_MEDIUM,
00375 IR_HIGH,
00376 IR_NOT_DEFINED
00377 } cvss_integ_req_t;
00378
00380
00384 typedef enum {
00385 AR_LOW,
00386 AR_MEDIUM,
00387 AR_HIGH,
00388 AR_NOT_DEFINED
00389 } cvss_avail_req_t;
00390
00397 int cvss_base_score(cvss_access_vector_t ave, cvss_access_complexity_t ace, cvss_authentication_t aue,
00398 cvss_conf_impact_t cie, cvss_integ_impact_t iie, cvss_avail_impact_t aie,
00399 double *base_score,
00400 double *impact_score,
00401 double *exploitability_score);
00402
00407 int cvss_temp_score(cvss_exploitability_t exe, cvss_remediation_level_t rle,
00408 cvss_report_confidence_t rce, double base_score,
00409 double *temporal_score);
00410
00420 int cvss_env_score(cvss_collateral_damage_potential_t cde, cvss_target_distribution_t tde,
00421 cvss_conf_req_t cre, cvss_integ_req_t ire,
00422 cvss_avail_req_t are, double *enviromental_score,
00423 cvss_access_vector_t ave, cvss_access_complexity_t ace,
00424 cvss_authentication_t aue, cvss_conf_impact_t cie,
00425 cvss_integ_impact_t iie, cvss_avail_impact_t aie,
00426 cvss_exploitability_t exe, cvss_remediation_level_t rle,
00427 cvss_report_confidence_t rce);
00432 int cvss_base_score_struct(const struct cvss_entry * entry,
00433 double *base_score,
00434 double *impact_score,
00435 double *exploitability_score);
00436
00438 #endif