public override int GetHashCode()
{
int hash = 1;
if (BaseScore != 0F)
{
hash ^= pbc::ProtobufEqualityComparers.BitwiseSingleEqualityComparer.GetHashCode(BaseScore);
}
if (ExploitabilityScore != 0F)
{
hash ^= pbc::ProtobufEqualityComparers.BitwiseSingleEqualityComparer.GetHashCode(ExploitabilityScore);
}
if (ImpactScore != 0F)
{
hash ^= pbc::ProtobufEqualityComparers.BitwiseSingleEqualityComparer.GetHashCode(ImpactScore);
}
if (AttackVector != global::Grafeas.V1.CVSSv3.Types.AttackVector.Unspecified)
{
hash ^= AttackVector.GetHashCode();
}
if (AttackComplexity != global::Grafeas.V1.CVSSv3.Types.AttackComplexity.Unspecified)
{
hash ^= AttackComplexity.GetHashCode();
}
if (PrivilegesRequired != global::Grafeas.V1.CVSSv3.Types.PrivilegesRequired.Unspecified)
{
hash ^= PrivilegesRequired.GetHashCode();
}
if (UserInteraction != global::Grafeas.V1.CVSSv3.Types.UserInteraction.Unspecified)
{
hash ^= UserInteraction.GetHashCode();
}
if (Scope != global::Grafeas.V1.CVSSv3.Types.Scope.Unspecified)
{
hash ^= Scope.GetHashCode();
}
if (ConfidentialityImpact != global::Grafeas.V1.CVSSv3.Types.Impact.Unspecified)
{
hash ^= ConfidentialityImpact.GetHashCode();
}
if (IntegrityImpact != global::Grafeas.V1.CVSSv3.Types.Impact.Unspecified)
{
hash ^= IntegrityImpact.GetHashCode();
}
if (AvailabilityImpact != global::Grafeas.V1.CVSSv3.Types.Impact.Unspecified)
{
hash ^= AvailabilityImpact.GetHashCode();
}
if (_unknownFields != null)
{
hash ^= _unknownFields.GetHashCode();
}
return(hash);
}
private string BuildNormalizedVector(bool addEmptyValues)
{
var param = new List <string>
{
$"AV:{AttackVector.StringValue()}",
$"AC:{AttackComplexity.StringValue()}",
$"PR:{PrivilegesRequired.StringValue()}",
$"UI:{UserInteraction.StringValue()}",
$"S:{Scope.StringValue()}",
$"C:{ConfidentialityImpact.StringValue()}",
$"I:{IntegrityImpact.StringValue()}",
$"A:{AvailabilityImpact.StringValue()}"
};
void AddConditional(string key, string value)
{
if (!string.IsNullOrEmpty(value))
{
param.Add($"{key}:{value}");
}
else if (addEmptyValues)
{
param.Add($"{key}:X");
}
}
AddConditional("E", ExploitCodeMaturity?.StringValue());
AddConditional("RL", RemediationLevel?.StringValue());
AddConditional("RC", ReportConfidence?.StringValue());
AddConditional("CR", ConfidentialityRequirement?.StringValue());
AddConditional("IR", IntegrityRequirement?.StringValue());
AddConditional("AR", AvailabilityRequirement?.StringValue());
AddConditional("MAV", ModifiedAttackVector?.StringValue());
AddConditional("MAC", ModifiedAttackComplexity?.StringValue());
AddConditional("MPR", ModifiedPrivilegesRequired?.StringValue());
AddConditional("MUI", ModifiedUserInteraction?.StringValue());
AddConditional("MS", ModifiedScope?.StringValue());
AddConditional("MC", ModifiedConfidentialityImpact?.StringValue());
AddConditional("MI", ModifiedIntegrityImpact?.StringValue());
AddConditional("MA", ModifiedAvailabilityImpact?.StringValue());
StringBuilder sb = new StringBuilder();
sb.Append(VectorPrefix);
foreach (var current in param)
{
sb.Append('/');
sb.Append(current);
}
return(sb.ToString());
}
public static string StringValue(this PrivilegesRequired privilegesRequired)
{
switch (privilegesRequired)
{
case PrivilegesRequired.None: return("N");
case PrivilegesRequired.Low: return("L");
case PrivilegesRequired.High: return("H");
default:
throw new ArgumentOutOfRangeException(nameof(privilegesRequired), privilegesRequired, null);
}
}
public static double NumericValue(this PrivilegesRequired privilegesRequired, Scope scope)
{
switch (privilegesRequired)
{
case PrivilegesRequired.None: return(0.85);
case PrivilegesRequired.Low:
return((scope == Scope.Changed)
? 0.68
: 0.62);
case PrivilegesRequired.High:
return((scope == Scope.Changed)
? 0.50
: 0.27);
default:
throw new ArgumentOutOfRangeException(nameof(privilegesRequired), privilegesRequired, null);
}
}
public CvssV3(AttackVector attackVector, AttackComplexity attackComplexity, PrivilegesRequired privilegesRequired,
UserInteraction userInteraction, Scope scope, Impact confidentialityImpact, Impact integrityImpact,
Impact availabilityImpact, ExploitCodeMaturity?exploitCodeMaturity = default(ExploitCodeMaturity?),
RemediationLevel?remediationLevel = default(RemediationLevel?), ReportConfidence?reportConfidence = default(ReportConfidence?),
SecurityRequirement?confidentialityRequirement = default(SecurityRequirement?),
SecurityRequirement?integrityRequirement = default(SecurityRequirement?),
SecurityRequirement?availabilityRequirement = default(SecurityRequirement?),
AttackVector?modifiedAttackVector = default(AttackVector?), AttackComplexity?modifiedAttackComplexity = default(AttackComplexity?),
PrivilegesRequired?modifiedPrivilegesRequired = default(PrivilegesRequired?),
UserInteraction?modifiedUserInteraction = default(UserInteraction?), Scope?modifiedScope = default(Scope?),
Impact?modifiedConfidentialityImpact = default(Impact?), Impact?modifiedIntegrityImpact = default(Impact?),
Impact?modifiedAvailabilityImpact = default(Impact?))
{
AttackVector = attackVector;
AttackComplexity = attackComplexity;
PrivilegesRequired = privilegesRequired;
UserInteraction = userInteraction;
Scope = scope;
ConfidentialityImpact = confidentialityImpact;
IntegrityImpact = integrityImpact;
AvailabilityImpact = availabilityImpact;
ExploitCodeMaturity = exploitCodeMaturity;
RemediationLevel = remediationLevel;
ReportConfidence = reportConfidence;
ConfidentialityRequirement = confidentialityRequirement;
IntegrityRequirement = integrityRequirement;
AvailabilityRequirement = availabilityRequirement;
ModifiedAttackVector = modifiedAttackVector;
ModifiedAttackComplexity = modifiedAttackComplexity;
ModifiedPrivilegesRequired = modifiedPrivilegesRequired;
ModifiedUserInteraction = modifiedUserInteraction;
ModifiedScope = modifiedScope;
ModifiedConfidentialityImpact = modifiedConfidentialityImpact;
ModifiedIntegrityImpact = modifiedIntegrityImpact;
ModifiedAvailabilityImpact = modifiedAvailabilityImpact;
CalculateScores();
}
public CvssV3Builder PrivilegesRequired(PrivilegesRequired param)
{
UsedMetrics.Add("PR"); Cvss.PrivilegesRequired = param; return(this);
}
internal void CalculateScores()
{
double ImpactSubScore(Scope scope, double subScore)
{
switch (scope)
{
case Scope.Unchanged:
return(6.42 * subScore);
case Scope.Changed:
return(7.52 * (subScore - 0.029) - 3.25 * Math.Pow(subScore - 0.02, 15));
default:
throw new ArgumentOutOfRangeException(nameof(Scope), Scope, "Invalid scope");
}
}
double Score(Scope scope, double impactSub, double exploitSub)
{
if (impactSub <= 0)
{
return(0);
}
switch (scope)
{
case Scope.Unchanged:
return(Math.Min(impactSub + exploitSub, 10).RoundUp(1));
case Scope.Changed:
return(Math.Min(1.08 * (impactSub + exploitSub), 10).RoundUp(1));
default:
throw new ArgumentOutOfRangeException(nameof(Scope), Scope, "Invalid scope");
}
}
double TempScore(double baseScore)
{
return((baseScore * ExploitCodeMaturity.NumericValue() * RemediationLevel.NumericValue() *
ReportConfidence.NumericValue()).RoundUp(1));
}
var impactSubScoreBase = 1 - (1 - ConfidentialityImpact.NumericValue()) * (1 - IntegrityImpact.NumericValue()) *
(1 - AvailabilityImpact.NumericValue());
var impactSubScore = ImpactSubScore(Scope, impactSubScoreBase);
var exploitabilitySubScore = 8.22 * AttackVector.NumericValue() * AttackComplexity.NumericValue() *
PrivilegesRequired.NumericValue(Scope) * UserInteraction.NumericValue();
BaseScore = Score(Scope, impactSubScore, exploitabilitySubScore);
//Temporal
TemporalScore = TempScore(BaseScore);
//Environmental
var impactSubScoreModified = Math.Min(0.915,
1 - (1 - ModifiedConfidentialityImpact.Modified(ConfidentialityImpact, EnumExtensions.NumericValue) *
ConfidentialityRequirement.NumericValue()) * (1 - ModifiedIntegrityImpact.Modified(IntegrityImpact,
EnumExtensions
.NumericValue) *
IntegrityRequirement.NumericValue()) *
(1 - ModifiedAvailabilityImpact.Modified(AvailabilityImpact, EnumExtensions.NumericValue) *
AvailabilityRequirement.NumericValue()));
var modifiedImpactSubScore = ImpactSubScore(ModifiedScope ?? Scope, impactSubScoreModified);
var modifiedExploitabilitySubScore =
8.22 * ModifiedAttackVector.Modified(AttackVector, EnumExtensions.NumericValue) *
ModifiedAttackComplexity.Modified(AttackComplexity, EnumExtensions.NumericValue) *
ModifiedPrivilegesRequired.Modified(PrivilegesRequired, required => required.NumericValue(ModifiedScope ?? Scope)) *
ModifiedUserInteraction.Modified(UserInteraction, EnumExtensions.NumericValue);
EnvironmentalScore = TempScore(
Score(ModifiedScope ?? Scope, modifiedImpactSubScore, modifiedExploitabilitySubScore));
}