Ejemplo n.º 1
0
        public override int GetHashCode()
        {
            int hash = 1;

            if (BaseScore != 0F)
            {
                hash ^= pbc::ProtobufEqualityComparers.BitwiseSingleEqualityComparer.GetHashCode(BaseScore);
            }
            if (ExploitabilityScore != 0F)
            {
                hash ^= pbc::ProtobufEqualityComparers.BitwiseSingleEqualityComparer.GetHashCode(ExploitabilityScore);
            }
            if (ImpactScore != 0F)
            {
                hash ^= pbc::ProtobufEqualityComparers.BitwiseSingleEqualityComparer.GetHashCode(ImpactScore);
            }
            if (AttackVector != global::Grafeas.V1.CVSSv3.Types.AttackVector.Unspecified)
            {
                hash ^= AttackVector.GetHashCode();
            }
            if (AttackComplexity != global::Grafeas.V1.CVSSv3.Types.AttackComplexity.Unspecified)
            {
                hash ^= AttackComplexity.GetHashCode();
            }
            if (PrivilegesRequired != global::Grafeas.V1.CVSSv3.Types.PrivilegesRequired.Unspecified)
            {
                hash ^= PrivilegesRequired.GetHashCode();
            }
            if (UserInteraction != global::Grafeas.V1.CVSSv3.Types.UserInteraction.Unspecified)
            {
                hash ^= UserInteraction.GetHashCode();
            }
            if (Scope != global::Grafeas.V1.CVSSv3.Types.Scope.Unspecified)
            {
                hash ^= Scope.GetHashCode();
            }
            if (ConfidentialityImpact != global::Grafeas.V1.CVSSv3.Types.Impact.Unspecified)
            {
                hash ^= ConfidentialityImpact.GetHashCode();
            }
            if (IntegrityImpact != global::Grafeas.V1.CVSSv3.Types.Impact.Unspecified)
            {
                hash ^= IntegrityImpact.GetHashCode();
            }
            if (AvailabilityImpact != global::Grafeas.V1.CVSSv3.Types.Impact.Unspecified)
            {
                hash ^= AvailabilityImpact.GetHashCode();
            }
            if (_unknownFields != null)
            {
                hash ^= _unknownFields.GetHashCode();
            }
            return(hash);
        }
Ejemplo n.º 2
0
        public static string StringValue(this AttackComplexity attackComplexity)
        {
            switch (attackComplexity)
            {
            case AttackComplexity.Low: return("L");

            case AttackComplexity.High: return("H");

            default:
                throw new ArgumentOutOfRangeException(nameof(attackComplexity), attackComplexity, null);
            }
        }
Ejemplo n.º 3
0
        public static double NumericValue(this AttackComplexity attackComplexity)
        {
            switch (attackComplexity)
            {
            case AttackComplexity.Low: return(0.77);

            case AttackComplexity.High: return(0.44);

            default:
                throw new ArgumentOutOfRangeException(nameof(attackComplexity), attackComplexity, null);
            }
        }
Ejemplo n.º 4
0
        private string BuildNormalizedVector(bool addEmptyValues)
        {
            var param = new List <string>
            {
                $"AV:{AttackVector.StringValue()}",
                $"AC:{AttackComplexity.StringValue()}",
                $"PR:{PrivilegesRequired.StringValue()}",
                $"UI:{UserInteraction.StringValue()}",
                $"S:{Scope.StringValue()}",
                $"C:{ConfidentialityImpact.StringValue()}",
                $"I:{IntegrityImpact.StringValue()}",
                $"A:{AvailabilityImpact.StringValue()}"
            };

            void AddConditional(string key, string value)
            {
                if (!string.IsNullOrEmpty(value))
                {
                    param.Add($"{key}:{value}");
                }
                else if (addEmptyValues)
                {
                    param.Add($"{key}:X");
                }
            }

            AddConditional("E", ExploitCodeMaturity?.StringValue());
            AddConditional("RL", RemediationLevel?.StringValue());
            AddConditional("RC", ReportConfidence?.StringValue());

            AddConditional("CR", ConfidentialityRequirement?.StringValue());
            AddConditional("IR", IntegrityRequirement?.StringValue());
            AddConditional("AR", AvailabilityRequirement?.StringValue());
            AddConditional("MAV", ModifiedAttackVector?.StringValue());
            AddConditional("MAC", ModifiedAttackComplexity?.StringValue());
            AddConditional("MPR", ModifiedPrivilegesRequired?.StringValue());
            AddConditional("MUI", ModifiedUserInteraction?.StringValue());
            AddConditional("MS", ModifiedScope?.StringValue());
            AddConditional("MC", ModifiedConfidentialityImpact?.StringValue());
            AddConditional("MI", ModifiedIntegrityImpact?.StringValue());
            AddConditional("MA", ModifiedAvailabilityImpact?.StringValue());

            StringBuilder sb = new StringBuilder();

            sb.Append(VectorPrefix);
            foreach (var current in param)
            {
                sb.Append('/');
                sb.Append(current);
            }
            return(sb.ToString());
        }
Ejemplo n.º 5
0
        public CvssV3(AttackVector attackVector, AttackComplexity attackComplexity, PrivilegesRequired privilegesRequired,
                      UserInteraction userInteraction, Scope scope, Impact confidentialityImpact, Impact integrityImpact,
                      Impact availabilityImpact, ExploitCodeMaturity?exploitCodeMaturity = default(ExploitCodeMaturity?),
                      RemediationLevel?remediationLevel = default(RemediationLevel?), ReportConfidence?reportConfidence = default(ReportConfidence?),
                      SecurityRequirement?confidentialityRequirement = default(SecurityRequirement?),
                      SecurityRequirement?integrityRequirement       = default(SecurityRequirement?),
                      SecurityRequirement?availabilityRequirement    = default(SecurityRequirement?),
                      AttackVector?modifiedAttackVector             = default(AttackVector?), AttackComplexity?modifiedAttackComplexity = default(AttackComplexity?),
                      PrivilegesRequired?modifiedPrivilegesRequired = default(PrivilegesRequired?),
                      UserInteraction?modifiedUserInteraction       = default(UserInteraction?), Scope?modifiedScope   = default(Scope?),
                      Impact?modifiedConfidentialityImpact          = default(Impact?), Impact?modifiedIntegrityImpact = default(Impact?),
                      Impact?modifiedAvailabilityImpact             = default(Impact?))
        {
            AttackVector       = attackVector;
            AttackComplexity   = attackComplexity;
            PrivilegesRequired = privilegesRequired;
            UserInteraction    = userInteraction;
            Scope = scope;
            ConfidentialityImpact      = confidentialityImpact;
            IntegrityImpact            = integrityImpact;
            AvailabilityImpact         = availabilityImpact;
            ExploitCodeMaturity        = exploitCodeMaturity;
            RemediationLevel           = remediationLevel;
            ReportConfidence           = reportConfidence;
            ConfidentialityRequirement = confidentialityRequirement;
            IntegrityRequirement       = integrityRequirement;
            AvailabilityRequirement    = availabilityRequirement;
            ModifiedAttackVector       = modifiedAttackVector;
            ModifiedAttackComplexity   = modifiedAttackComplexity;
            ModifiedPrivilegesRequired = modifiedPrivilegesRequired;
            ModifiedUserInteraction    = modifiedUserInteraction;
            ModifiedScope = modifiedScope;
            ModifiedConfidentialityImpact = modifiedConfidentialityImpact;
            ModifiedIntegrityImpact       = modifiedIntegrityImpact;
            ModifiedAvailabilityImpact    = modifiedAvailabilityImpact;

            CalculateScores();
        }
Ejemplo n.º 6
0
 public CvssV3Builder AttackComplexity(AttackComplexity param)
 {
     UsedMetrics.Add("AC"); Cvss.AttackComplexity = param; return(this);
 }
Ejemplo n.º 7
0
        internal void CalculateScores()
        {
            double ImpactSubScore(Scope scope, double subScore)
            {
                switch (scope)
                {
                case Scope.Unchanged:
                    return(6.42 * subScore);

                case Scope.Changed:
                    return(7.52 * (subScore - 0.029) - 3.25 * Math.Pow(subScore - 0.02, 15));

                default:
                    throw new ArgumentOutOfRangeException(nameof(Scope), Scope, "Invalid scope");
                }
            }

            double Score(Scope scope, double impactSub, double exploitSub)
            {
                if (impactSub <= 0)
                {
                    return(0);
                }
                switch (scope)
                {
                case Scope.Unchanged:
                    return(Math.Min(impactSub + exploitSub, 10).RoundUp(1));

                case Scope.Changed:
                    return(Math.Min(1.08 * (impactSub + exploitSub), 10).RoundUp(1));

                default:
                    throw new ArgumentOutOfRangeException(nameof(Scope), Scope, "Invalid scope");
                }
            }

            double TempScore(double baseScore)
            {
                return((baseScore * ExploitCodeMaturity.NumericValue() * RemediationLevel.NumericValue() *
                        ReportConfidence.NumericValue()).RoundUp(1));
            }

            var impactSubScoreBase = 1 - (1 - ConfidentialityImpact.NumericValue()) * (1 - IntegrityImpact.NumericValue()) *
                                     (1 - AvailabilityImpact.NumericValue());
            var impactSubScore         = ImpactSubScore(Scope, impactSubScoreBase);
            var exploitabilitySubScore = 8.22 * AttackVector.NumericValue() * AttackComplexity.NumericValue() *
                                         PrivilegesRequired.NumericValue(Scope) * UserInteraction.NumericValue();

            BaseScore = Score(Scope, impactSubScore, exploitabilitySubScore);

            //Temporal
            TemporalScore = TempScore(BaseScore);

            //Environmental
            var impactSubScoreModified = Math.Min(0.915,
                                                  1 - (1 - ModifiedConfidentialityImpact.Modified(ConfidentialityImpact, EnumExtensions.NumericValue) *
                                                       ConfidentialityRequirement.NumericValue()) * (1 - ModifiedIntegrityImpact.Modified(IntegrityImpact,
                                                                                                                                          EnumExtensions
                                                                                                                                          .NumericValue) *
                                                                                                     IntegrityRequirement.NumericValue()) *
                                                  (1 - ModifiedAvailabilityImpact.Modified(AvailabilityImpact, EnumExtensions.NumericValue) *
                                                   AvailabilityRequirement.NumericValue()));
            var modifiedImpactSubScore         = ImpactSubScore(ModifiedScope ?? Scope, impactSubScoreModified);
            var modifiedExploitabilitySubScore =
                8.22 * ModifiedAttackVector.Modified(AttackVector, EnumExtensions.NumericValue) *
                ModifiedAttackComplexity.Modified(AttackComplexity, EnumExtensions.NumericValue) *
                ModifiedPrivilegesRequired.Modified(PrivilegesRequired, required => required.NumericValue(ModifiedScope ?? Scope)) *
                ModifiedUserInteraction.Modified(UserInteraction, EnumExtensions.NumericValue);

            EnvironmentalScore = TempScore(
                Score(ModifiedScope ?? Scope, modifiedImpactSubScore, modifiedExploitabilitySubScore));
        }