libopenscap-dev 0.8.0-4build1 / usr / include / openscap / cvss.h

This file is indexed.

/usr/include/openscap/cvss.h is in libopenscap-dev 0.8.0-4build1.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below. 

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
/*
 * Copyright 2008-2009 Red Hat Inc., Durham, North Carolina.
 * All Rights Reserved.
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
 * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this library; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 *
 * Authors:
 *      Tomas Heinrich <theinric@redhat.com>
 *      Peter Vrabec   <pvrabec@redhat.com>
 *      Brandon Dixon  <Brandon.Dixon@g2-inc.com>
 *      Lukas Kuklinek <lkuklinek@redhat.com>
 */
/**
 * @addtogroup CVSS
 * @{
 *
 * @file cvss.h
 *  \brief Interface to Common Vulnerability Scoring System Version 2
 *
 */


#ifndef _CVSSCALC_H_
#define _CVSSCALC_H_

#include <stdbool.h>
#include <time.h>
#include <stdio.h>


/// Get supported version of CVSS XML
const char *cvss_model_supported(void);

/// CVSS score category
enum cvss_category {
    CVSS_NONE          = 0x0000,
    CVSS_BASE          = 0x0100,
    CVSS_TEMPORAL      = 0x0200,
    CVSS_ENVIRONMENTAL = 0x0300,
};

/// CVSS access vector
enum cvss_access_vector {
    CVSS_AV_NOT_SET,
    CVSS_AV_LOCAL,
    CVSS_AV_ADJACENT_NETWORK,
    CVSS_AV_NETWORK,
    CVSS_AV_END_
};

/// CVSS access complexity
enum cvss_access_complexity {
    CVSS_AC_NOT_SET,
    CVSS_AC_HIGH,
    CVSS_AC_MEDIUM,
    CVSS_AC_LOW,
    CVSS_AC_END_
};

/// CVSS Authentication
enum cvss_authentication {
    CVSS_AU_NOT_SET,
    CVSS_AU_MULTIPLE,
    CVSS_AU_SINGLE,
    CVSS_AU_NONE,
    CVSS_AU_END_
};

/// CVSS Confidentiality/Integrity/Availibility impact
enum cvss_cia_impact {
    CVSS_IMP_NOT_SET,
    CVSS_IMP_NONE,
    CVSS_IMP_PARTIAL,
    CVSS_IMP_COMPLETE,
    CVSS_IMP_END_
};

/// CVSS Exploitability
enum cvss_exploitability {
    CVSS_E_NOT_DEFINED,
    CVSS_E_UNPROVEN,
    CVSS_E_PROOF_OF_CONCEPT,
    CVSS_E_FUNCTIONAL,
    CVSS_E_HIGH,
    CVSS_E_END_
};

/// CVSS Remediation Level
enum cvss_remediation_level {
    CVSS_RL_NOT_DEFINED,
    CVSS_RL_OFFICIAL_FIX,
    CVSS_RL_TEMPORARY_FIX,
    CVSS_RL_WORKAROUND,
    CVSS_RL_UNAVAILABLE,
    CVSS_RL_END_
};

/// CVSS Report Confidence
enum cvss_report_confidence {
    CVSS_RC_NOT_DEFINED,
    CVSS_RC_UNCONFIRMED,
    CVSS_RC_UNCORROBORATED,
    CVSS_RC_CONFIRMED,
    CVSS_RC_END_
};

/// CVSS Collateral Damage Potential
enum cvss_collateral_damage_potential {
    CVSS_CDP_NOT_DEFINED,
    CVSS_CDP_NONE,
    CVSS_CDP_LOW,
    CVSS_CDP_LOW_MEDIUM,
    CVSS_CDP_MEDIUM_HIGH,
    CVSS_CDP_HIGH,
    CVSS_CDP_END_
};

/// CVSS Target Distribution
enum cvss_target_distribution {
    CVSS_TD_NOT_DEFINED,
    CVSS_TD_NONE,
    CVSS_TD_LOW,
    CVSS_TD_MEDIUM,
    CVSS_TD_HIGH,
    CVSS_TD_END_
};

/// CVSS Confidentiality/Integrity/Availibility requirement
enum cvss_cia_requirement {
    CVSS_REQ_NOT_DEFINED,
    CVSS_REQ_LOW,
    CVSS_REQ_MEDIUM,
    CVSS_REQ_HIGH,
    CVSS_REQ_END_
};

/**
 * @struct cvss_impact
 * CVSS impact
 *
 * Contains a base metric and optionally temporal and/or environmental metric.
 */
struct cvss_impact;

/**
 * @struct cvss_metrics
 * CVSS metrics
 *
 * base, temporal or environmental metrics
 */
struct cvss_metrics;

/// Round @a x to one decimal place as described in CVSS standard
float cvss_round(float x);

/// @memberof cvss_impact
struct cvss_impact *cvss_impact_new(void);
/// @memberof cvss_impact
struct cvss_impact *cvss_impact_new_from_vector(const char *cvss_vector);
/// @memberof cvss_impact
struct cvss_impact *cvss_impact_clone(const struct cvss_impact* impact);
/// @memberof cvss_impact
//struct cvss_impact *cvss_impact_new_parse(const char *filename);
/// @memberof cvss_impact
void cvss_impact_free(struct cvss_impact* impact);
/**
 * Write out a human-readable textual description of CVSS impact contents.
 * @param impact Impact to describe
 * @param f file handle to write the description to
 * @memberof cvss_impact
 */
void cvss_impact_describe(const struct cvss_impact *impact, FILE *f);

/// @memberof cvss_impact
struct cvss_metrics *cvss_impact_get_base_metrics(const struct cvss_impact* impact);
/// @memberof cvss_impact
struct cvss_metrics *cvss_impact_get_temporal_metrics(const struct cvss_impact* impact);
/// @memberof cvss_impact
struct cvss_metrics *cvss_impact_get_environmental_metrics(const struct cvss_impact* impact);
/// Set base, temporal, or environmental metrics (type is determined from the metrics itself)
/// @memberof cvss_impact
bool cvss_impact_set_metrics(struct cvss_impact* impact, struct cvss_metrics *metrics);
/// @memberof cvss_impact
char *cvss_impact_to_vector(const struct cvss_impact* impact);

/**
 * @name Score calculators
 * Functions to calculate CVSS score.
 *
 * Functions return special float value of NAN on failure.
 *
 * Particularly interesting are:
 *   - cvss_impact_base_score()
 *   - cvss_impact_temporal_score()
 *   - cvss_impact_environmental_score()
 * @{
 */

/**
 * Calculate exploitability subscore of base score.
 *
 * Requires base metrics to be set.
 * @see cvss_impact_base_score()
 * @see cvss_impact_adjusted_base_score()
 * @memberof cvss_impact
 */
float cvss_impact_base_exploitability_subscore(const struct cvss_impact* impact);

/**
 * Calculate impact subscore of base score.
 *
 * Requires base metrics to be set.
 * @see cvss_impact_base_adjusted_impact_subscore()
 * @see cvss_impact_base_score()
 * @memberof cvss_impact
 */
float cvss_impact_base_impact_subscore(const struct cvss_impact* impact);

/**
 * Calculate base score.
 *
 * The base metric group captures the characteristics of a vulnerability that
 * are constant with time and across user environments.
 *
 * Requires base metrics to be set.
 * @see cvss_impact_base_exploitability_subscore()
 * @see cvss_impact_base_impact_subscore()
 * @see cvss_impact_base_adjusted_impact_subscore()
 * @memberof cvss_impact
 */
float cvss_impact_base_score(const struct cvss_impact* impact);

/**
 * Calculate temporal multiplier.
 *
 * Multiply base score by this number and round to one decimal place to get
 * temporal score. This function is intended to get the multiplier itself.
 * To calculate temporal score, use cvss_impact_temporal_score() or
 * cvss_impact_adjusted_temporal_score() instead.
 *
 * Requires temporal metrics to be set.
 * @see cvss_impact_temporal_score()
 * @see cvss_impact_adjusted_temporal_score()
 * @memberof cvss_impact
 */
float cvss_impact_temporal_multiplier(const struct cvss_impact* impact);

/**
 * Calculate temporal score.
 *
 * Temporal metrics capture how the threat posed by a vulnerability may change over time.
 *
 * Requires base and temporal metrics to be set.
 * @see cvss_impact_adjusted_temporal_score()
 * @memberof cvss_impact
 */
float cvss_impact_temporal_score(const struct cvss_impact* impact);

/**
 * Calculate impact subscore of base score adjusted to particular environment.
 *
 * Requires base and environmental metrics to be set.
 * @see cvss_impact_base_impact_subscore()
 * @see cvss_impact_adjusted_base_score()
 * @memberof cvss_impact
 */
float cvss_impact_base_adjusted_impact_subscore(const struct cvss_impact* impact);

/**
 * Calculate base score adjusted to particular environment.
 *
 * Requires base and environmental metrics to be set.
 * @see cvss_impact_base_score()
 * @memberof cvss_impact
 */
float cvss_impact_adjusted_base_score(const struct cvss_impact* impact);

/**
 * Calculate temporal score adjusted to particular environment.
 *
 * Requires base, temporal and environmental metrics to be set.
 * @see cvss_impact_temporal_score()
 * @memberof cvss_impact
 */
float cvss_impact_adjusted_temporal_score(const struct cvss_impact* impact);

/**
 * Calculate environmental score.
 *
 * Different environments can have an immense bearing on the risk that a vulnerability poses to
 * an organization and its stakeholders. The CVSS environmental metric group captures the characteristics
 * of a vulnerability that are associated with a user’s IT environment.
 *
 * Requires base, temporal and environmental metrics to be set.
 * @see cvss_impact_adjusted_temporal_score()
 * @memberof cvss_impact
 */
float cvss_impact_environmental_score(const struct cvss_impact* impact);

/** @} */

/// @memberof cvss_metrics
struct cvss_metrics *cvss_metrics_new(enum cvss_category category);
/// @memberof cvss_metrics
struct cvss_metrics *cvss_metrics_clone(const struct cvss_metrics* metrics);
/// @memberof cvss_metrics
void cvss_metrics_free(struct cvss_metrics* metrics);
/// @memberof cvss_metrics
enum cvss_category cvss_metrics_get_category(const struct cvss_metrics* metrics);
/// @memberof cvss_metrics
const char *cvss_metrics_get_source(const struct cvss_metrics* metrics);
/// @memberof cvss_metrics
bool cvss_metrics_set_source(struct cvss_metrics* metrics, const char *new_source);
/// @memberof cvss_metrics
const char *cvss_metrics_get_generated_on_datetime(const struct cvss_metrics* metrics);
/// @memberof cvss_metrics
bool cvss_metrics_set_generated_on_datetime(struct cvss_metrics* metrics, const char *new_datetime);
/// @memberof cvss_metrics
const char *cvss_metrics_get_upgraded_from_version(const struct cvss_metrics* metrics);
/// @memberof cvss_metrics
bool cvss_metrics_set_upgraded_from_version(struct cvss_metrics* metrics, const char *new_upgraded_from_version);
/// @memberof cvss_metrics
float cvss_metrics_get_score(const struct cvss_metrics* metrics);
/// @memberof cvss_metrics
bool cvss_metrics_set_score(struct cvss_metrics* metrics, float score);
/**
 * Validate CVSS metrics completeness
 * @memberof cvss_metrics
 */
bool cvss_metrics_is_valid(const struct cvss_metrics* metrics);

/**
 * @name Vector values
 * Functions to get or set individual CVSS vector values.
 * Functions check for correct type of metrics (base/temporal/environmental).
 * Setters return false and getters undefined/default value when attempted
 * to query wrong type of metrics.
 * @todo Getters/setters for the "approximated" flag
 * @{
 */

/// @memberof cvss_metrics
enum cvss_access_vector cvss_metrics_get_access_vector(const struct cvss_metrics* metrics);
/// @memberof cvss_metrics
enum cvss_access_complexity cvss_metrics_get_access_complexity(const struct cvss_metrics* metrics);
/// @memberof cvss_metrics
enum cvss_authentication cvss_metrics_get_authentication(const struct cvss_metrics* metrics);
/// @memberof cvss_metrics
enum cvss_cia_impact cvss_metrics_get_confidentiality_impact(const struct cvss_metrics* metrics);
/// @memberof cvss_metrics
enum cvss_cia_impact cvss_metrics_get_integrity_impact(const struct cvss_metrics* metrics);
/// @memberof cvss_metrics
enum cvss_cia_impact cvss_metrics_get_availability_impact(const struct cvss_metrics* metrics);
/// @memberof cvss_metrics
enum cvss_exploitability cvss_metrics_get_exploitability(const struct cvss_metrics* metrics);
/// @memberof cvss_metrics
enum cvss_remediation_level cvss_metrics_get_remediation_level(const struct cvss_metrics* metrics);
/// @memberof cvss_metrics
enum cvss_report_confidence cvss_metrics_get_report_confidence(const struct cvss_metrics* metrics);
/// @memberof cvss_metrics
enum cvss_collateral_damage_potential cvss_metrics_get_collateral_damage_potential(const struct cvss_metrics* metrics);
/// @memberof cvss_metrics
enum cvss_target_distribution cvss_metrics_get_target_distribution(const struct cvss_metrics* metrics);
/// @memberof cvss_metrics
enum cvss_cia_requirement cvss_metrics_get_confidentiality_requirement(const struct cvss_metrics* metrics);
/// @memberof cvss_metrics
enum cvss_cia_requirement cvss_metrics_get_integrity_requirement(const struct cvss_metrics* metrics);
/// @memberof cvss_metrics
enum cvss_cia_requirement cvss_metrics_get_availability_requirement(const struct cvss_metrics* metrics);

/// @memberof cvss_metrics
bool cvss_metrics_set_access_vector(struct cvss_metrics* metrics, enum cvss_access_vector);
/// @memberof cvss_metrics
bool cvss_metrics_set_access_complexity(struct cvss_metrics* metrics, enum cvss_access_complexity);
/// @memberof cvss_metrics
bool cvss_metrics_set_authentication(struct cvss_metrics* metrics, enum cvss_authentication);
/// @memberof cvss_metrics
bool cvss_metrics_set_confidentiality_impact(struct cvss_metrics* metrics, enum cvss_cia_impact);
/// @memberof cvss_metrics
bool cvss_metrics_set_integrity_impact(struct cvss_metrics* metrics, enum cvss_cia_impact);
/// @memberof cvss_metrics
bool cvss_metrics_set_availability_impact(struct cvss_metrics* metrics, enum cvss_cia_impact);
/// @memberof cvss_metrics
bool cvss_metrics_set_exploitability(struct cvss_metrics* metrics, enum cvss_exploitability);
/// @memberof cvss_metrics
bool cvss_metrics_set_remediation_level(struct cvss_metrics* metrics, enum cvss_remediation_level);
/// @memberof cvss_metrics
bool cvss_metrics_set_report_confidence(struct cvss_metrics* metrics, enum cvss_report_confidence);
/// @memberof cvss_metrics
bool cvss_metrics_set_collateral_damage_potential(struct cvss_metrics* metrics, enum cvss_collateral_damage_potential);
/// @memberof cvss_metrics
bool cvss_metrics_set_target_distribution(struct cvss_metrics* metrics, enum cvss_target_distribution);
/// @memberof cvss_metrics
bool cvss_metrics_set_confidentiality_requirement(struct cvss_metrics* metrics, enum cvss_cia_requirement);
/// @memberof cvss_metrics
bool cvss_metrics_set_integrity_requirement(struct cvss_metrics* metrics, enum cvss_cia_requirement);
/// @memberof cvss_metrics
bool cvss_metrics_set_availability_requirement(struct cvss_metrics* metrics, enum cvss_cia_requirement);


/** @} */

/*@}*/
#endif // _CVSSCALC_H_

APT Browse - Built by Thomas Orozco.