int app_cvss_score(const struct oscap_action *action)
{
assert(action->cvss_vector);
bool ok = false;
struct cvss_impact *impact = cvss_impact_new_from_vector(action->cvss_vector);
if (impact == NULL) goto err;
ok |= print_score("base", cvss_impact_base_score(impact));
ok |= print_score("temporal", cvss_impact_temporal_score(impact));
ok |= print_score("environmental", cvss_impact_environmental_score(impact));
if (!ok) goto err;
cvss_impact_free(impact);
return OSCAP_OK;
err:
cvss_impact_free(impact);
fprintf(stderr, "Invalid input CVSS vector\n");
return OSCAP_ERROR;
}
static int app_cvss_describe(const struct oscap_action *action)
{
assert(action->cvss_vector);
struct cvss_impact *impact = cvss_impact_new_from_vector(action->cvss_vector);
if (impact) {
cvss_impact_describe(impact, stdout);
cvss_impact_free(impact);
return OSCAP_OK;
}
else {
fprintf(stderr, "Invalid input CVSS vector\n");
return OSCAP_ERROR;
}
}
struct cvss_impact *cvss_impact_new_from_vector(const char *cvss_vector)
{
struct cvss_impact *impact = cvss_impact_new();
char *vector_dup = oscap_strdup(cvss_vector);
char *vector_start = vector_dup;
char **components = NULL;
size_t i;
const struct cvss_valtab_entry *entry;
struct cvss_metrics **mptr;
if (cvss_vector == NULL) goto syntax_error;
// vector in parenthesis
if (vector_dup[0] == '(') {
char *vector_end = vector_dup + strlen(vector_dup) - 1;
if (*vector_end != ')') goto syntax_error;
++vector_start;
*vector_end = '\0';
}
oscap_strtoupper(vector_start);
// split vector to components
components = oscap_split(vector_start, "/");
for (i = 0; components[i] != NULL; ++i) {
entry = cvss_valtab(0, 0, components[i], NULL);
if (entry->key == CVSS_KEY_NONE) goto syntax_error;
mptr = cvss_impact_metricsptr(impact, CVSS_CATEGORY(entry->key));
if (*mptr == NULL) *mptr = cvss_metrics_new(CVSS_CATEGORY(entry->key));
(*mptr)->metrics.ANY[CVSS_KEY_IDX(entry->key)] = entry->value;
}
cleanup:
free(vector_dup);
free(components);
return impact;
syntax_error:
cvss_impact_free(impact);
impact = NULL;
goto cleanup;
}
static void oscap_action_release(struct oscap_action *action)
{
assert(action != NULL);
free(action->f_ovals);
cvss_impact_free(action->cvss_impact);
}
