void cvss_impact_describe(const struct cvss_impact *impact, FILE *f) { assert(f != NULL); if (impact == NULL) return; char *vec = cvss_impact_to_vector(impact); if (vec) { fprintf(f, "CVSS vector: %s\n\n", vec); free(vec); } if (impact->base_metrics) { fprintf(f, "------------------------ Base Metrics ----------------------\n"); cvss_metrics_describe(impact->base_metrics, f); fprintf(f, "Exploitability subscore: %4.1f\n", cvss_impact_base_exploitability_subscore(impact)); fprintf(f, "Impact subscore: %4.1f\n", cvss_impact_base_impact_subscore(impact)); fprintf(f, "Base score: %4.1f\n\n", cvss_impact_base_score(impact)); } if (impact->temporal_metrics) { fprintf(f, "---------------------- Temporal Metrics --------------------\n"); cvss_metrics_describe(impact->temporal_metrics, f); fprintf(f, "Temporal multiplier: %4.1f\n", cvss_impact_temporal_multiplier(impact)); fprintf(f, "Temporal score: %4.1f\n\n", cvss_impact_temporal_score(impact)); } if (impact->environmental_metrics) { fprintf(f, "------------------- Environmental Metrics ------------------\n"); cvss_metrics_describe(impact->environmental_metrics, f); fprintf(f, "Adjusted impact base subscore: %4.1f\n", cvss_impact_base_adjusted_impact_subscore(impact)); fprintf(f, "Adjusted base score: %4.1f\n", cvss_impact_adjusted_base_score(impact)); fprintf(f, "Adjusted temporal score: %4.1f\n", cvss_impact_adjusted_temporal_score(impact)); fprintf(f, "Environmental score: %4.1f\n\n", cvss_impact_environmental_score(impact)); } }
int app_cvss_score(const struct oscap_action *action) { assert(action->cvss_vector); bool ok = false; struct cvss_impact *impact = cvss_impact_new_from_vector(action->cvss_vector); if (impact == NULL) goto err; ok |= print_score("base", cvss_impact_base_score(impact)); ok |= print_score("temporal", cvss_impact_temporal_score(impact)); ok |= print_score("environmental", cvss_impact_environmental_score(impact)); if (!ok) goto err; cvss_impact_free(impact); return OSCAP_OK; err: cvss_impact_free(impact); fprintf(stderr, "Invalid input CVSS vector\n"); return OSCAP_ERROR; }
float cvss_impact_temporal_score(const struct cvss_impact* impact) { assert(impact); if (!cvss_metrics_is_valid(impact->temporal_metrics)) return NAN; return cvss_round(cvss_impact_base_score(impact) * cvss_impact_temporal_multiplier(impact)); }