/*
* Copyright 2010 Red Hat Inc., Durham, North Carolina.
* All Rights Reserved.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*
* Authors:
* Maros Barabas <mbarabas@redhat.com>
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
/* Standard header files */
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#ifdef HAVE_GETOPT_H
#include <getopt.h>
#endif
#include <assert.h>
#include <math.h>
#include <cvss_score.h>
#include <xccdf_session.h>
#include "oscap-tool.h"
static bool getopt_cvss(int argc, char **argv, struct oscap_action *action);
static int app_cvss_score(const struct oscap_action *action);
static int app_cvss_describe(const struct oscap_action *action);
#define CVSS_SUBMODULES_NUM 3 /* See actual CVSS_SUBMODULES array
initialization below. */
static struct oscap_module* CVSS_SUBMODULES[CVSS_SUBMODULES_NUM];
struct oscap_module OSCAP_CVSS_MODULE = {
.name = "cvss",
.parent = &OSCAP_ROOT_MODULE,
.summary = "Common Vulnerability Scoring System",
.submodules = CVSS_SUBMODULES
};
static struct oscap_module CVSS_SCORE_MODULE = {
.name = "score",
.parent = &OSCAP_CVSS_MODULE,
.summary = "CVSS score from a CVSS vector",
.usage = "vector",
.help = "Calculates CVSS score\n"
"(base / temporal / environmental, depends on supplied metrics).",
.opt_parser = getopt_cvss,
.func = app_cvss_score
};
static struct oscap_module CVSS_DESCRIBE_MODULE = {
.name = "describe",
.parent = &OSCAP_CVSS_MODULE,
.summary = "Describe a CVSS vector",
.usage = "vector",
.help = "Describes individual components of a CVSS vector\n",
.opt_parser = getopt_cvss,
.func = app_cvss_describe
};
static struct oscap_module* CVSS_SUBMODULES[CVSS_SUBMODULES_NUM] = {
&CVSS_SCORE_MODULE,
&CVSS_DESCRIBE_MODULE,
NULL
};
static inline bool print_score(const char *type, float score)
{
if (score >= 0.0 && score <= 10.0) {
printf("%15s %4.1f\n", type, score);
return true;
}
else return false;
}
int app_cvss_score(const struct oscap_action *action)
{
assert(action->cvss_vector);
bool ok = false;
struct cvss_impact *impact = cvss_impact_new_from_vector(action->cvss_vector);
if (impact == NULL) goto err;
ok |= print_score("base", cvss_impact_base_score(impact));
ok |= print_score("temporal", cvss_impact_temporal_score(impact));
ok |= print_score("environmental", cvss_impact_environmental_score(impact));
if (!ok) goto err;
cvss_impact_free(impact);
return OSCAP_OK;
err:
cvss_impact_free(impact);
fprintf(stderr, "Invalid input CVSS vector\n");
return OSCAP_ERROR;
}
static int app_cvss_describe(const struct oscap_action *action)
{
assert(action->cvss_vector);
struct cvss_impact *impact = cvss_impact_new_from_vector(action->cvss_vector);
if (impact) {
cvss_impact_describe(impact, stdout);
cvss_impact_free(impact);
return OSCAP_OK;
}
else {
fprintf(stderr, "Invalid input CVSS vector\n");
return OSCAP_ERROR;
}
}
bool getopt_cvss(int argc, char **argv, struct oscap_action *action)
{
if (optind < argc) action->cvss_vector = argv[optind];
if ((action->module == &CVSS_SCORE_MODULE) && action->cvss_vector == NULL)
return oscap_module_usage(action->module, stderr, "CVSS vector not supplied");
return true;
}