void cvss_impact_describe(const struct cvss_impact *impact, FILE *f)
{
assert(f != NULL);
if (impact == NULL) return;
char *vec = cvss_impact_to_vector(impact);
if (vec) {
fprintf(f, "CVSS vector: %s\n\n", vec);
free(vec);
}
if (impact->base_metrics) {
fprintf(f, "------------------------ Base Metrics ----------------------\n");
cvss_metrics_describe(impact->base_metrics, f);
fprintf(f, "Exploitability subscore: %4.1f\n", cvss_impact_base_exploitability_subscore(impact));
fprintf(f, "Impact subscore: %4.1f\n", cvss_impact_base_impact_subscore(impact));
fprintf(f, "Base score: %4.1f\n\n", cvss_impact_base_score(impact));
}
if (impact->temporal_metrics) {
fprintf(f, "---------------------- Temporal Metrics --------------------\n");
cvss_metrics_describe(impact->temporal_metrics, f);
fprintf(f, "Temporal multiplier: %4.1f\n", cvss_impact_temporal_multiplier(impact));
fprintf(f, "Temporal score: %4.1f\n\n", cvss_impact_temporal_score(impact));
}
if (impact->environmental_metrics) {
fprintf(f, "------------------- Environmental Metrics ------------------\n");
cvss_metrics_describe(impact->environmental_metrics, f);
fprintf(f, "Adjusted impact base subscore: %4.1f\n", cvss_impact_base_adjusted_impact_subscore(impact));
fprintf(f, "Adjusted base score: %4.1f\n", cvss_impact_adjusted_base_score(impact));
fprintf(f, "Adjusted temporal score: %4.1f\n", cvss_impact_adjusted_temporal_score(impact));
fprintf(f, "Environmental score: %4.1f\n\n", cvss_impact_environmental_score(impact));
}
}
int app_cvss_score(const struct oscap_action *action)
{
assert(action->cvss_vector);
bool ok = false;
struct cvss_impact *impact = cvss_impact_new_from_vector(action->cvss_vector);
if (impact == NULL) goto err;
ok |= print_score("base", cvss_impact_base_score(impact));
ok |= print_score("temporal", cvss_impact_temporal_score(impact));
ok |= print_score("environmental", cvss_impact_environmental_score(impact));
if (!ok) goto err;
cvss_impact_free(impact);
return OSCAP_OK;
err:
cvss_impact_free(impact);
fprintf(stderr, "Invalid input CVSS vector\n");
return OSCAP_ERROR;
}
float cvss_impact_temporal_score(const struct cvss_impact* impact)
{
assert(impact);
if (!cvss_metrics_is_valid(impact->temporal_metrics)) return NAN;
return cvss_round(cvss_impact_base_score(impact) * cvss_impact_temporal_multiplier(impact));
}
