go-cvss - Common Vulnerability Scoring System (CVSS)
Importing CVSS vector and scoring.
- Supoort CVSS v2, v3.0 and v3.1
- Exporting CVSS information with template string
Migrated repository to github.com/goark/go-cvss
Sample Code
Base Metrics
package main
import (
"fmt"
"os"
"github.com/goark/go-cvss/v3/metric"
)
func main() {
bm, err := metric.NewBase().Decode("CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H") //CVE-2020-1472: ZeroLogon
if err != nil {
fmt.Fprintln(os.Stderr, err)
return
}
fmt.Printf("Severity: %v (%v)\n", bm.Severity(), bm.Score())
// Output:
// Severity: Critical (10)
}
Temporal Metrics
package main
import (
"fmt"
"os"
"github.com/goark/go-cvss/v3/metric"
)
func main() {
tm, err := metric.NewTemporal().Decode("CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:F/RL:W/RC:R") //CVE-2020-1472: ZeroLogon
if err != nil {
fmt.Fprintln(os.Stderr, err)
return
}
fmt.Printf("Base Severity: %v (%v)\n", tm.BaseMetrics().Severity(), tm.BaseMetrics().Score())
fmt.Printf("Temporal Severity: %v (%v)\n", tm.Severity(), tm.Score())
// Output:
// Base Severity: Critical (10)
// Temporal Severity: Critical (9.1)
}
Environmental Metrics
package main
import (
"fmt"
"github.com/goark/go-cvss/v3/metric"
"os"
)
func main() {
em, err := metric.NewEnvironmental().Decode("CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:U/RC:C/CR:M/IR:H/AR:M/MAV:L/MAC:H/MPR:L/MUI:R/MS:U/MC:L/MI:H/MA:L") //Random CVSS Vector
if err != nil {
fmt.Fprintln(os.Stderr, err)
return
}
fmt.Printf("Base Severity: %v (%v)\n", em.BaseMetrics().Severity(), em.BaseMetrics().Score())
fmt.Printf("Temporal Severity: %v (%v)\n", em.TemporalMetrics().Severity(), em.TemporalMetrics().Score())
fmt.Printf("Environmental Severity: %v (%v)\n", em.Severity(), em.Score())
// Output:
// Base Severity: Critical (6.1)
// Temporal Severity: Critical (6)
// Environmental Severity: Critical (6.5)
}
Reporting with template
ref: sample.go
Reference