/* * Copyright 2010 Red Hat Inc., Durham, North Carolina. * All Rights Reserved. * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA * * Authors: * Maros Barabas */ #ifdef HAVE_CONFIG_H #include #endif /* Standard header files */ #include #include #include #ifdef HAVE_GETOPT_H #include #endif #include #include #include #include #include "oscap-tool.h" static bool getopt_cvss(int argc, char **argv, struct oscap_action *action); static int app_cvss_score(const struct oscap_action *action); static int app_cvss_describe(const struct oscap_action *action); #define CVSS_SUBMODULES_NUM 3 /* See actual CVSS_SUBMODULES array initialization below. */ static struct oscap_module* CVSS_SUBMODULES[CVSS_SUBMODULES_NUM]; struct oscap_module OSCAP_CVSS_MODULE = { .name = "cvss", .parent = &OSCAP_ROOT_MODULE, .summary = "Common Vulnerability Scoring System", .submodules = CVSS_SUBMODULES }; static struct oscap_module CVSS_SCORE_MODULE = { .name = "score", .parent = &OSCAP_CVSS_MODULE, .summary = "CVSS score from a CVSS vector", .usage = "vector", .help = "Calculates CVSS score\n" "(base / temporal / environmental, depends on supplied metrics).", .opt_parser = getopt_cvss, .func = app_cvss_score }; static struct oscap_module CVSS_DESCRIBE_MODULE = { .name = "describe", .parent = &OSCAP_CVSS_MODULE, .summary = "Describe a CVSS vector", .usage = "vector", .help = "Describes individual components of a CVSS vector\n", .opt_parser = getopt_cvss, .func = app_cvss_describe }; static struct oscap_module* CVSS_SUBMODULES[CVSS_SUBMODULES_NUM] = { &CVSS_SCORE_MODULE, &CVSS_DESCRIBE_MODULE, NULL }; static inline bool print_score(const char *type, float score) { if (score >= 0.0 && score <= 10.0) { printf("%15s %4.1f\n", type, score); return true; } else return false; } int app_cvss_score(const struct oscap_action *action) { assert(action->cvss_vector); bool ok = false; struct cvss_impact *impact = cvss_impact_new_from_vector(action->cvss_vector); if (impact == NULL) goto err; ok |= print_score("base", cvss_impact_base_score(impact)); ok |= print_score("temporal", cvss_impact_temporal_score(impact)); ok |= print_score("environmental", cvss_impact_environmental_score(impact)); if (!ok) goto err; cvss_impact_free(impact); return OSCAP_OK; err: cvss_impact_free(impact); fprintf(stderr, "Invalid input CVSS vector\n"); return OSCAP_ERROR; } static int app_cvss_describe(const struct oscap_action *action) { assert(action->cvss_vector); struct cvss_impact *impact = cvss_impact_new_from_vector(action->cvss_vector); if (impact) { cvss_impact_describe(impact, stdout); cvss_impact_free(impact); return OSCAP_OK; } else { fprintf(stderr, "Invalid input CVSS vector\n"); return OSCAP_ERROR; } } bool getopt_cvss(int argc, char **argv, struct oscap_action *action) { if (optind < argc) action->cvss_vector = argv[optind]; if ((action->module == &CVSS_SCORE_MODULE) && action->cvss_vector == NULL) return oscap_module_usage(action->module, stderr, "CVSS vector not supplied"); return true; }