public override int GetHashCode()
{
int hash = 1;
if (BaseScore != 0F)
{
hash ^= pbc::ProtobufEqualityComparers.BitwiseSingleEqualityComparer.GetHashCode(BaseScore);
}
if (ExploitabilityScore != 0F)
{
hash ^= pbc::ProtobufEqualityComparers.BitwiseSingleEqualityComparer.GetHashCode(ExploitabilityScore);
}
if (ImpactScore != 0F)
{
hash ^= pbc::ProtobufEqualityComparers.BitwiseSingleEqualityComparer.GetHashCode(ImpactScore);
}
if (AttackVector != global::Grafeas.V1.CVSSv3.Types.AttackVector.Unspecified)
{
hash ^= AttackVector.GetHashCode();
}
if (AttackComplexity != global::Grafeas.V1.CVSSv3.Types.AttackComplexity.Unspecified)
{
hash ^= AttackComplexity.GetHashCode();
}
if (PrivilegesRequired != global::Grafeas.V1.CVSSv3.Types.PrivilegesRequired.Unspecified)
{
hash ^= PrivilegesRequired.GetHashCode();
}
if (UserInteraction != global::Grafeas.V1.CVSSv3.Types.UserInteraction.Unspecified)
{
hash ^= UserInteraction.GetHashCode();
}
if (Scope != global::Grafeas.V1.CVSSv3.Types.Scope.Unspecified)
{
hash ^= Scope.GetHashCode();
}
if (ConfidentialityImpact != global::Grafeas.V1.CVSSv3.Types.Impact.Unspecified)
{
hash ^= ConfidentialityImpact.GetHashCode();
}
if (IntegrityImpact != global::Grafeas.V1.CVSSv3.Types.Impact.Unspecified)
{
hash ^= IntegrityImpact.GetHashCode();
}
if (AvailabilityImpact != global::Grafeas.V1.CVSSv3.Types.Impact.Unspecified)
{
hash ^= AvailabilityImpact.GetHashCode();
}
if (_unknownFields != null)
{
hash ^= _unknownFields.GetHashCode();
}
return(hash);
}
private string BuildNormalizedVector(bool addEmptyValues)
{
var param = new List <string>
{
$"AV:{AttackVector.StringValue()}",
$"AC:{AttackComplexity.StringValue()}",
$"PR:{PrivilegesRequired.StringValue()}",
$"UI:{UserInteraction.StringValue()}",
$"S:{Scope.StringValue()}",
$"C:{ConfidentialityImpact.StringValue()}",
$"I:{IntegrityImpact.StringValue()}",
$"A:{AvailabilityImpact.StringValue()}"
};
void AddConditional(string key, string value)
{
if (!string.IsNullOrEmpty(value))
{
param.Add($"{key}:{value}");
}
else if (addEmptyValues)
{
param.Add($"{key}:X");
}
}
AddConditional("E", ExploitCodeMaturity?.StringValue());
AddConditional("RL", RemediationLevel?.StringValue());
AddConditional("RC", ReportConfidence?.StringValue());
AddConditional("CR", ConfidentialityRequirement?.StringValue());
AddConditional("IR", IntegrityRequirement?.StringValue());
AddConditional("AR", AvailabilityRequirement?.StringValue());
AddConditional("MAV", ModifiedAttackVector?.StringValue());
AddConditional("MAC", ModifiedAttackComplexity?.StringValue());
AddConditional("MPR", ModifiedPrivilegesRequired?.StringValue());
AddConditional("MUI", ModifiedUserInteraction?.StringValue());
AddConditional("MS", ModifiedScope?.StringValue());
AddConditional("MC", ModifiedConfidentialityImpact?.StringValue());
AddConditional("MI", ModifiedIntegrityImpact?.StringValue());
AddConditional("MA", ModifiedAvailabilityImpact?.StringValue());
StringBuilder sb = new StringBuilder();
sb.Append(VectorPrefix);
foreach (var current in param)
{
sb.Append('/');
sb.Append(current);
}
return(sb.ToString());
}
private void fillVectors()
{
//AttackVector A = new AttackVector(1, 1, 1);
//AttackVector B = new AttackVector(2, 3, 1);
//AttackVector C = new AttackVector(2, 1, 2);
AttackVector newAttack = new AttackVector((int)aDropList.SelectedIndex, (int)rDropList.SelectedIndex, (int)tDropList.SelectedIndex);
List <AttackVector> attacks = new List <AttackVector> {
newAttack
};
foreach (AttackVector X in attacks)
{
ClientScript.RegisterArrayDeclaration("input", JsonConvert.SerializeObject(X));
}
}
public static double NumericValue(this AttackVector attackVector)
{
switch (attackVector)
{
case AttackVector.Network: return(0.85);
case AttackVector.Adjacent: return(0.62);
case AttackVector.Local: return(0.55);
case AttackVector.Physical: return(0.2);
default:
throw new ArgumentOutOfRangeException(nameof(attackVector), attackVector, null);
}
}
public static string StringValue(this AttackVector attackVector)
{
switch (attackVector)
{
case AttackVector.Network: return("N");
case AttackVector.Adjacent: return("A");
case AttackVector.Local: return("L");
case AttackVector.Physical: return("P");
default:
throw new ArgumentOutOfRangeException(nameof(attackVector), attackVector, null);
}
}
/// <summary>
/// Converts the Attack Vector from the native type to XML
/// </summary>
/// <param name="xInput">The XML node to start deserialization</param>
/// <param name="AnonProxies">Any anonymous proxies being used</param>
public void DeserializeAttackVector(ref XmlNode xInput, Queue AnonProxies)
{
string FullUrl;
if (!_UseSSL)
{
FullUrl = "http://" + _TargetURL;
}
else
{
FullUrl = "https://" + _TargetURL;
}
XmlNode n = xInput.SelectSingleNode("attackvector");
if (n == null)
{
return;
}
InjectionOptions opts;
if (_IsBlind)
{
opts = new BlindInjectionOptions();
((BlindInjectionOptions)opts).Delimiter = _FilterDelimiter;
((BlindInjectionOptions)opts).Tolerance = _Tolerance;
((BlindInjectionOptions)opts).Throttle = _ThrottleValue;
}
else
{
opts = new ErrorInjectionOptions();
}
opts.TerminateQuery = _TerminateQuery;
opts.WebProxies = AnonProxies;
AttackVectorFactory avf = new AttackVectorFactory(FullUrl, "", "", _ParamList, _ConnectionMethod, opts);
_TargetAttackVector = avf.BuildFromXml(n, opts, _Plugins.GetPluginByName(_LoadedPluginName));
_TargetAttackVector.UserStatus += new UserEvents.UserStatusEventHandler(BubbleUserStatus);
}
public CvssV3(AttackVector attackVector, AttackComplexity attackComplexity, PrivilegesRequired privilegesRequired,
UserInteraction userInteraction, Scope scope, Impact confidentialityImpact, Impact integrityImpact,
Impact availabilityImpact, ExploitCodeMaturity?exploitCodeMaturity = default(ExploitCodeMaturity?),
RemediationLevel?remediationLevel = default(RemediationLevel?), ReportConfidence?reportConfidence = default(ReportConfidence?),
SecurityRequirement?confidentialityRequirement = default(SecurityRequirement?),
SecurityRequirement?integrityRequirement = default(SecurityRequirement?),
SecurityRequirement?availabilityRequirement = default(SecurityRequirement?),
AttackVector?modifiedAttackVector = default(AttackVector?), AttackComplexity?modifiedAttackComplexity = default(AttackComplexity?),
PrivilegesRequired?modifiedPrivilegesRequired = default(PrivilegesRequired?),
UserInteraction?modifiedUserInteraction = default(UserInteraction?), Scope?modifiedScope = default(Scope?),
Impact?modifiedConfidentialityImpact = default(Impact?), Impact?modifiedIntegrityImpact = default(Impact?),
Impact?modifiedAvailabilityImpact = default(Impact?))
{
AttackVector = attackVector;
AttackComplexity = attackComplexity;
PrivilegesRequired = privilegesRequired;
UserInteraction = userInteraction;
Scope = scope;
ConfidentialityImpact = confidentialityImpact;
IntegrityImpact = integrityImpact;
AvailabilityImpact = availabilityImpact;
ExploitCodeMaturity = exploitCodeMaturity;
RemediationLevel = remediationLevel;
ReportConfidence = reportConfidence;
ConfidentialityRequirement = confidentialityRequirement;
IntegrityRequirement = integrityRequirement;
AvailabilityRequirement = availabilityRequirement;
ModifiedAttackVector = modifiedAttackVector;
ModifiedAttackComplexity = modifiedAttackComplexity;
ModifiedPrivilegesRequired = modifiedPrivilegesRequired;
ModifiedUserInteraction = modifiedUserInteraction;
ModifiedScope = modifiedScope;
ModifiedConfidentialityImpact = modifiedConfidentialityImpact;
ModifiedIntegrityImpact = modifiedIntegrityImpact;
ModifiedAvailabilityImpact = modifiedAvailabilityImpact;
CalculateScores();
}
public CvssV3Builder AttackVector(AttackVector param)
{
UsedMetrics.Add("AV"); Cvss.AttackVector = param; return(this);
}
internal void CalculateScores()
{
double ImpactSubScore(Scope scope, double subScore)
{
switch (scope)
{
case Scope.Unchanged:
return(6.42 * subScore);
case Scope.Changed:
return(7.52 * (subScore - 0.029) - 3.25 * Math.Pow(subScore - 0.02, 15));
default:
throw new ArgumentOutOfRangeException(nameof(Scope), Scope, "Invalid scope");
}
}
double Score(Scope scope, double impactSub, double exploitSub)
{
if (impactSub <= 0)
{
return(0);
}
switch (scope)
{
case Scope.Unchanged:
return(Math.Min(impactSub + exploitSub, 10).RoundUp(1));
case Scope.Changed:
return(Math.Min(1.08 * (impactSub + exploitSub), 10).RoundUp(1));
default:
throw new ArgumentOutOfRangeException(nameof(Scope), Scope, "Invalid scope");
}
}
double TempScore(double baseScore)
{
return((baseScore * ExploitCodeMaturity.NumericValue() * RemediationLevel.NumericValue() *
ReportConfidence.NumericValue()).RoundUp(1));
}
var impactSubScoreBase = 1 - (1 - ConfidentialityImpact.NumericValue()) * (1 - IntegrityImpact.NumericValue()) *
(1 - AvailabilityImpact.NumericValue());
var impactSubScore = ImpactSubScore(Scope, impactSubScoreBase);
var exploitabilitySubScore = 8.22 * AttackVector.NumericValue() * AttackComplexity.NumericValue() *
PrivilegesRequired.NumericValue(Scope) * UserInteraction.NumericValue();
BaseScore = Score(Scope, impactSubScore, exploitabilitySubScore);
//Temporal
TemporalScore = TempScore(BaseScore);
//Environmental
var impactSubScoreModified = Math.Min(0.915,
1 - (1 - ModifiedConfidentialityImpact.Modified(ConfidentialityImpact, EnumExtensions.NumericValue) *
ConfidentialityRequirement.NumericValue()) * (1 - ModifiedIntegrityImpact.Modified(IntegrityImpact,
EnumExtensions
.NumericValue) *
IntegrityRequirement.NumericValue()) *
(1 - ModifiedAvailabilityImpact.Modified(AvailabilityImpact, EnumExtensions.NumericValue) *
AvailabilityRequirement.NumericValue()));
var modifiedImpactSubScore = ImpactSubScore(ModifiedScope ?? Scope, impactSubScoreModified);
var modifiedExploitabilitySubScore =
8.22 * ModifiedAttackVector.Modified(AttackVector, EnumExtensions.NumericValue) *
ModifiedAttackComplexity.Modified(AttackComplexity, EnumExtensions.NumericValue) *
ModifiedPrivilegesRequired.Modified(PrivilegesRequired, required => required.NumericValue(ModifiedScope ?? Scope)) *
ModifiedUserInteraction.Modified(UserInteraction, EnumExtensions.NumericValue);
EnvironmentalScore = TempScore(
Score(ModifiedScope ?? Scope, modifiedImpactSubScore, modifiedExploitabilitySubScore));
}
/// <summary>
/// Converts the Attack Vector from the native type to XML
/// </summary>
/// <param name="xInput">The XML node to start deserialization</param>
/// <param name="AnonProxies">Any anonymous proxies being used</param>
public void DeserializeAttackVector(ref XmlNode xInput, Queue AnonProxies)
{
string FullUrl;
if (!_UseSSL) FullUrl = "http://" + _TargetURL;
else FullUrl = "https://" + _TargetURL;
XmlNode n = xInput.SelectSingleNode("attackvector");
if (n == null) return;
InjectionOptions opts;
if (_IsBlind)
{
opts = new BlindInjectionOptions();
((BlindInjectionOptions) opts).Delimiter = _FilterDelimiter;
((BlindInjectionOptions) opts).Tolerance = _Tolerance;
((BlindInjectionOptions) opts).Throttle = _ThrottleValue;
}
else
opts = new ErrorInjectionOptions();
opts.TerminateQuery = _TerminateQuery;
opts.WebProxies = AnonProxies;
AttackVectorFactory avf = new AttackVectorFactory(FullUrl, "", "", _ParamList, _ConnectionMethod, opts);
_TargetAttackVector = avf.BuildFromXml(n, opts, _Plugins.GetPluginByName(_LoadedPluginName));
_TargetAttackVector.UserStatus += new UserEvents.UserStatusEventHandler(BubbleUserStatus);
}
