Skip to content
This repository has been archived by the owner on Sep 2, 2023. It is now read-only.
/ gocvss Public archive

Library to parse Common Vulnerability Scoring System vectors and generate scores

License

Notifications You must be signed in to change notification settings

attwad/gocvss

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

16 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Build Status GoDoc

gocvss

Library to parse Common Vulnerability Scoring System vectors and generate scores

Usage

Let's take CVE-2002-0392 as an example, suppose you already have a base vector, you can parse it with

var c, err = Parse("AV:N/AC:L/Au:N/C:N/I:N/A:C")
if err != nil {
		t.Errorf("New from vector failed: %v", err)
}

And then add the different vectors based on your environment:

// Temporal vectors
c = append(c, Exploitability_Functional)
c = append(c, RemediationLevel_OfficialFix)
c = append(c, ReportConfidence_Confirmed)
// Environmental vectors
c = append(c, CollateralDamagePotential_High)
c = append(c, TargetDistribution_High)
c = append(c, ConfidentialityRequirement_High)
c = append(c, IntegrityRequirement_High)
c = append(c, AvailabilityRequirement_High)

Then compute the scores and/or display them:

s := c.Score()
//-> Score{7.8, 6.4, 9.2}

fmt.Print(c.String())
        base score                     7.800000
          access vector                1.000000
          access complexity            0.710000
          authentication               0.704000
          confidentiality impact       0.000000
          integrity impact             0.000000
          availability impact          0.660000

        temporal score                 6.400000
          exploitability               0.950000
          remediation level            0.870000
          report confidence            1.000000

        environmental score            9.200000
          collateral damage potential  0.500000
          target distribution          1.000000
          confidentiality requirement  1.000000
          integrity requirement        1.510000
          availability requirement     1.510000

About

Library to parse Common Vulnerability Scoring System vectors and generate scores

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages