go-cvss - Common Vulnerability Scoring System (CVSS)
Importing CVSS vector and scoring.
- Supports CVSS v2, v3.0 and v3.1
- Exporting CVSS information with template string
Migrated repository to github.com/goark/go-cvss
Sample Code
Base Metrics
package main
import (
"fmt"
"os"
"github.com/goark/go-cvss/v3/metric"
)
func main() {
bm, err := metric.NewBase().Decode("CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H") //CVE-2020-1472: ZeroLogon
if err != nil {
fmt.Fprintln(os.Stderr, err)
return
}
fmt.Printf("Severity: %v (%v)\n", bm.Severity(), bm.Score())
// Output:
// Severity: Critical (10)
}
Temporal Metrics
package main
import (
"fmt"
"os"
"github.com/goark/go-cvss/v3/metric"
)
func main() {
tm, err := metric.NewTemporal().Decode("CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:F/RL:W/RC:R") //CVE-2020-1472: ZeroLogon
if err != nil {
fmt.Fprintln(os.Stderr, err)
return
}
fmt.Printf("Base Severity: %v (%v)\n", tm.BaseMetrics().Severity(), tm.BaseMetrics().Score())
fmt.Printf("Temporal Severity: %v (%v)\n", tm.Severity(), tm.Score())
// Output:
// Base Severity: Critical (10)
// Temporal Severity: Critical (9.1)
}
Environmental Metrics
package main
import (
"fmt"
"github.com/goark/go-cvss/v3/metric"
"os"
)
func main() {
em, err := metric.NewEnvironmental().Decode("CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:U/RC:C/CR:M/IR:H/AR:M/MAV:L/MAC:H/MPR:L/MUI:R/MS:U/MC:L/MI:H/MA:L") //Random CVSS Vector
if err != nil {
fmt.Fprintln(os.Stderr, err)
return
}
fmt.Printf("Base Severity: %v (%v)\n", em.BaseMetrics().Severity(), em.BaseMetrics().Score())
fmt.Printf("Temporal Severity: %v (%v)\n", em.TemporalMetrics().Severity(), em.TemporalMetrics().Score())
fmt.Printf("Environmental Severity: %v (%v)\n", em.Severity(), em.Score())
// Output:
// Base Severity: Critical (6.1)
// Temporal Severity: Critical (6)
// Environmental Severity: Critical (6.5)
}
CVSSv2 Base Metrics
package main
import (
"fmt"
"os"
"github.com/goark/go-cvss/v2/metric"
)
func main() {
bm, err := metric.NewBase().Decode("AV:N/AC:L/Au:N/C:N/I:N/A:C") //CVE-2002-0392
if err != nil {
fmt.Fprintln(os.Stderr, err)
return
}
fmt.Printf("Severity: %v (%v)\n", bm.Severity(), bm.Score())
// Output:
// Severity: Severity: High (7.8)
}
CVSSv2 Temporal Metrics
package main
import (
"fmt"
"os"
"github.com/goark/go-cvss/v2/metric"
)
func main() {
tm, err := metric.NewTemporal().Decode("AV:N/AC:L/Au:N/C:N/I:N/A:C/E:F/RL:OF/RC:C") //CVE-2002-0392
if err != nil {
fmt.Fprintln(os.Stderr, err)
return
}
fmt.Printf("Severity (Base): %v (%v)\n", tm.Base.Severity(), tm.Base.Score())
fmt.Printf("Severity (Temporal): %v (%v)\n", tm.Severity(), tm.Score())
// Output:
// Severity (Base): High (7.8)
// Severity (Temporal): Medium (6.4)
}
CVSSv2 Environmental Metrics
package main
import (
"fmt"
"os"
"github.com/goark/go-cvss/v2/metric"
)
func main() {
tm, err := metric.NewEnvironmental().Decode("AV:N/AC:L/Au:N/C:N/I:N/A:C/E:F/RL:OF/RC:C/CDP:H/TD:H/CR:M/IR:M/AR:H") //CVE-2002-0392
if err != nil {
fmt.Fprintln(os.Stderr, err)
return
}
fmt.Printf("Severity (Base): %v (%v)\n", tm.Base.Severity(), tm.Base.Score())
fmt.Printf("Severity (Temporal): %v (%v)\n", tm.Temporal.Severity(), tm.Temporal.Score())
fmt.Printf("Severity (Environmental): %v (%v)\n", tm.Severity(), tm.Score())
// Output:
// Severity (Base): High (7.8)
// Severity (Temporal): Medium (6.4)
// Severity (Environmental): High (9.2)
}
Reporting with template (CVSSv3 only)
ref: sample.go
Reference